[ Index ]

PHP Cross Reference of MyBB 1.8.19

title

Body

[close]

/ -> newreply.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newreply.php');
  13  
  14  $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method";
  15  $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update";
  16  $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick";
  17  $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,post_attachments_viewlink,postbit_attachments_attachment,newreply_signature";
  18  $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_nocaptcha,post_javascript,postbit_groupimage,postbit_attachments,newreply_postoptions";
  19  $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link";
  21  $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored";
  22  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn";
  23  
  24  require_once  "./global.php";
  25  require_once  MYBB_ROOT."inc/functions_post.php";
  26  require_once  MYBB_ROOT."inc/functions_user.php";
  27  require_once  MYBB_ROOT."inc/class_parser.php";
  28  $parser = new postParser;
  29  
  30  // Load global language phrases
  31  $lang->load("newreply");
  32  
  33  // Get the pid and tid and replyto from the input.
  34  $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
  35  $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT);
  36  
  37  // AJAX quick reply?
  38  if(!empty($mybb->input['ajax']))
  39  {
  40      unset($mybb->input['previewpost']);
  41  }
  42  
  43  // Edit a draft post.
  44  $pid = 0;
  45  $editdraftpid = '';
  46  $mybb->input['action'] = $mybb->get_input('action');
  47  if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT))
  48  {
  49      $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  50      $post = get_post($pid);
  51      if(!$post)
  52      {
  53          error($lang->error_invalidpost);
  54      }
  55      else if($mybb->user['uid'] != $post['uid'])
  56      {
  57          error($lang->error_post_noperms);
  58      }
  59      $pid = (int)$post['pid'];
  60      $tid = (int)$post['tid'];
  61      eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
  62  }
  63  
  64  // Set up $thread and $forum for later use.
  65  $thread = get_thread($tid);
  66  if(!$thread)
  67  {
  68      error($lang->error_invalidthread);
  69  }
  70  $fid = (int)$thread['fid'];
  71  
  72  // Get forum info
  73  $forum = get_forum($fid);
  74  if(!$forum)
  75  {
  76      error($lang->error_invalidforum);
  77  }
  78  
  79  // Make navigation
  80  build_forum_breadcrumb($fid);
  81  $thread_subject = $thread['subject'];
  82  $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
  83  add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
  84  add_breadcrumb($lang->nav_newreply);
  85  
  86  $forumpermissions = forum_permissions($fid);
  87  
  88  // See if everything is valid up to here.
  89  if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid'])))
  90  {
  91      error($lang->error_invalidpost);
  92  }
  93  if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0)
  94  {
  95      error($lang->error_invalidthread);
  96  }
  97  if($forum['open'] == 0 || $forum['type'] != "f")
  98  {
  99      error($lang->error_closedinvalidforum);
 100  }
 101  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0)
 102  {
 103      error_no_permission();
 104  }
 105  
 106  if($mybb->user['suspendposting'] == 1)
 107  {
 108      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
 109      if($mybb->user['suspensiontime'])
 110      {
 111          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
 112      }
 113  
 114      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
 115  
 116      error($lang->error_suspendedposting);
 117  }
 118  
 119  if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 120  {
 121      error_no_permission();
 122  }
 123  
 124  if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 125  {
 126      error_no_permission();
 127  }
 128  
 129  // Coming from quick reply and not a preview call? Set subscription method
 130  if($mybb->get_input('method') == "quickreply" && !isset($mybb->input['previewpost']))
 131  {
 132      $mybb->input['postoptions']['subscriptionmethod'] = get_subscription_method($mybb->get_input('tid', MyBB::INPUT_INT));
 133  }
 134  
 135  // Check if this forum is password protected and we have a valid password
 136  check_forum_password($forum['fid']);
 137  
 138  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 139  {
 140      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 141      if($forum['allowsmilies'] != 0)
 142      {
 143          $smilieinserter = build_clickable_smilies();
 144      }
 145  }
 146  
 147  // Display a login box or change user box?
 148  if($mybb->user['uid'] != 0)
 149  {
 150      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 151      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 152  }
 153  else
 154  {
 155      if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply")
 156      {
 157          $username = '';
 158      }
 159      else
 160      {
 161          $username = htmlspecialchars_uni($mybb->get_input('username'));
 162      }
 163      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 164  }
 165  
 166  // Check to see if the thread is closed, and if the user is a mod.
 167  if(!is_moderator($fid, "canpostclosedthreads"))
 168  {
 169      if($thread['closed'] == 1)
 170      {
 171          error($lang->redirect_threadclosed);
 172      }
 173  }
 174  
 175  // No weird actions allowed, show new reply form if no regular action.
 176  if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")
 177  {
 178      $mybb->input['action'] = "newreply";
 179  }
 180  
 181  // Even if we are previewing, still show the new reply form.
 182  if(!empty($mybb->input['previewpost']))
 183  {
 184      $mybb->input['action'] = "newreply";
 185  }
 186  
 187  // Setup a unique posthash for attachment management
 188  if(!$mybb->get_input('posthash') && !$pid)
 189  {
 190      $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());
 191  }
 192  
 193  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 194  {
 195      error($lang->error_empty_post_input);
 196  }
 197  
 198  $errors = array();
 199  $maximageserror = $attacherror = '';
 200  if($mybb->settings['enableattachments'] == 1 && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit') && $_FILES['attachment'])))
 201  {
 202      // Verify incoming POST request
 203      verify_post_check($mybb->get_input('my_post_key'));
 204  
 205      if($pid)
 206      {
 207          $attachwhere = "pid='{$pid}'";
 208      }
 209      else
 210      {
 211          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 212      }
 213  
 214      require_once  MYBB_ROOT."inc/functions_upload.php";
 215  
 216      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newreply");
 217  
 218      if(!empty($ret['errors']))
 219      {
 220          $errors = $ret['errors'];
 221      }
 222  
 223      // If we were dealing with an attachment but didn't click 'Post Reply', force the new reply page again.
 224      if(!$mybb->get_input('submit'))
 225      {
 226          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 227          $mybb->input['action'] = "newreply";
 228      }
 229  }
 230  
 231  // Remove an attachment.
 232  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 233  {
 234      // Verify incoming POST request
 235      verify_post_check($mybb->get_input('my_post_key'));
 236  
 237      require_once  MYBB_ROOT."inc/functions_upload.php";
 238      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 239      if(!$mybb->get_input('submit'))
 240      {
 241          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 242          $mybb->input['action'] = "newreply";
 243      }
 244  }
 245  
 246  $reply_errors = '';
 247  $quoted_ids = array();
 248  $hide_captcha = false;
 249  
 250  // Check the maximum posts per day for this user
 251  if($mybb->usergroup['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1)
 252  {
 253      $daycut = TIME_NOW-60*60*24;
 254      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}");
 255      $post_count = $db->fetch_field($query, "posts_today");
 256      if($post_count >= $mybb->usergroup['maxposts'])
 257      {
 258          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 259          error($lang->error_maxposts);
 260      }
 261  }
 262  
 263  if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post")
 264  {
 265      // Verify incoming POST request
 266      verify_post_check($mybb->get_input('my_post_key'));
 267  
 268      $plugins->run_hooks("newreply_do_newreply_start");
 269  
 270      // If this isn't a logged in user, then we need to do some special validation.
 271      if($mybb->user['uid'] == 0)
 272      {
 273          // If they didn't specify a username leave blank so $lang->guest can be used on output
 274          if(!$mybb->get_input('username'))
 275          {
 276              $username = '';
 277          }
 278          // Otherwise use the name they specified.
 279          else
 280          {
 281              $username = $mybb->get_input('username');
 282          }
 283          $uid = 0;
 284  
 285  
 286          if($mybb->settings['stopforumspam_on_newreply'])
 287          {
 288              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 289  
 290              $stop_forum_spam_checker = new StopForumSpamChecker(
 291                  $plugins,
 292                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 293                  $mybb->settings['stopforumspam_check_usernames'],
 294                  $mybb->settings['stopforumspam_check_emails'],
 295                  $mybb->settings['stopforumspam_check_ips'],
 296                  $mybb->settings['stopforumspam_log_blocks']
 297              );
 298  
 299              try {
 300                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 301                  {
 302                      error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 303                          $stop_forum_spam_checker->getErrorText(array(
 304                              'stopforumspam_check_usernames',
 305                              'stopforumspam_check_ips'
 306                              ))));
 307                  }
 308              }
 309              catch (Exception $e)
 310              {
 311                  if($mybb->settings['stopforumspam_block_on_error'])
 312                  {
 313                      error($lang->error_stop_forum_spam_fetching);
 314                  }
 315              }
 316          }
 317      }
 318      // This user is logged in.
 319      else
 320      {
 321          $username = $mybb->user['username'];
 322          $uid = $mybb->user['uid'];
 323      }
 324  
 325      // Attempt to see if this post is a duplicate or not
 326      if($uid > 0)
 327      {
 328          $user_check = "p.uid='{$uid}'";
 329      }
 330      else
 331      {
 332          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 333      }
 334      if(!$mybb->get_input('savedraft'))
 335      {
 336          $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible > -1 AND p.dateline>".(TIME_NOW-600));
 337          $duplicate_check = $db->fetch_field($query, "pid");
 338          if($duplicate_check)
 339          {
 340              error($lang->error_post_already_submitted);
 341          }
 342      }
 343  
 344      // Set up posthandler.
 345      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 346      $posthandler = new PostDataHandler("insert");
 347  
 348      // Set the post data that came from the input to the $post array.
 349      $post = array(
 350          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 351          "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 352          "fid" => $thread['fid'],
 353          "subject" => $mybb->get_input('subject'),
 354          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 355          "uid" => $uid,
 356          "username" => $username,
 357          "message" => $mybb->get_input('message'),
 358          "ipaddress" => $session->packedip,
 359          "posthash" => $mybb->get_input('posthash')
 360      );
 361  
 362      if(isset($mybb->input['pid']))
 363      {
 364          $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 365      }
 366  
 367      // Are we saving a draft post?
 368      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 369      {
 370          $post['savedraft'] = 1;
 371      }
 372      else
 373      {
 374          $post['savedraft'] = 0;
 375      }
 376  
 377      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 378      if(!isset($postoptions['signature']))
 379      {
 380          $postoptions['signature'] = 0;
 381      }
 382      if(!isset($postoptions['subscriptionmethod']))
 383      {
 384          $postoptions['subscriptionmethod'] = 0;
 385      }
 386      if(!isset($postoptions['disablesmilies']))
 387      {
 388          $postoptions['disablesmilies'] = 0;
 389      }
 390  
 391      // Set up the post options from the input.
 392      $post['options'] = array(
 393          "signature" => $postoptions['signature'],
 394          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 395          "disablesmilies" => $postoptions['disablesmilies']
 396      );
 397  
 398      // Apply moderation options if we have them
 399      $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 400  
 401      $posthandler->set_data($post);
 402  
 403      // Now let the post handler do all the hard work.
 404      $valid_post = $posthandler->validate_post();
 405  
 406      $post_errors = array();
 407      // Fetch friendly error messages if this is an invalid post
 408      if(!$valid_post)
 409      {
 410          $post_errors = $posthandler->get_friendly_errors();
 411      }
 412  
 413      // Mark thread as read
 414      require_once  MYBB_ROOT."inc/functions_indicators.php";
 415      mark_thread_read($tid, $fid);
 416  
 417      // Check captcha image
 418      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 419      {
 420          require_once  MYBB_ROOT.'inc/class_captcha.php';
 421          $post_captcha = new captcha(false, "post_captcha");
 422  
 423          if($post_captcha->validate_captcha() == false)
 424          {
 425              // CAPTCHA validation failed
 426              foreach($post_captcha->get_errors() as $error)
 427              {
 428                  $post_errors[] = $error;
 429              }
 430          }
 431          else
 432          {
 433              $hide_captcha = true;
 434          }
 435  
 436          if($mybb->get_input('ajax', MyBB::INPUT_INT) && $post_captcha->type == 1)
 437          {
 438              $randomstr = random_str(5);
 439              $imagehash = md5(random_str(12));
 440  
 441              $imagearray = array(
 442                  "imagehash" => $imagehash,
 443                  "imagestring" => $randomstr,
 444                  "dateline" => TIME_NOW
 445              );
 446  
 447              $db->insert_query("captcha", $imagearray);
 448  
 449              //header("Content-type: text/html; charset={$lang->settings['charset']}");
 450              $data = '';
 451              $data .= "<captcha>$imagehash";
 452  
 453              if($hide_captcha)
 454              {
 455                  $data .= "|$randomstr";
 456              }
 457  
 458              $data .= "</captcha>";
 459  
 460              //header("Content-type: application/json; charset={$lang->settings['charset']}");
 461              $json_data = array("data" => $data);
 462          }
 463      }
 464  
 465      // One or more errors returned, fetch error list and throw to newreply page
 466      if(count($post_errors) > 0)
 467      {
 468          $reply_errors = inline_error($post_errors, '', $json_data);
 469          $mybb->input['action'] = "newreply";
 470      }
 471      else
 472      {
 473          $postinfo = $posthandler->insert_post();
 474          $pid = $postinfo['pid'];
 475          $visible = $postinfo['visible'];
 476          $closed = $postinfo['closed'];
 477  
 478          // Invalidate solved captcha
 479          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 480          {
 481              $post_captcha->invalidate_captcha();
 482          }
 483  
 484          $force_redirect = false;
 485  
 486          // Deciding the fate
 487          if($visible == -2)
 488          {
 489              // Draft post
 490              $lang->redirect_newreply = $lang->draft_saved;
 491              $url = "usercp.php?action=drafts";
 492          }
 493          elseif($visible == 1)
 494          {
 495              // Visible post
 496              $lang->redirect_newreply .= $lang->redirect_newreply_post;
 497              $url = get_post_link($pid, $tid)."#pid{$pid}";
 498          }
 499          else
 500          {
 501              // Moderated post
 502              $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;
 503              $url = get_thread_link($tid);
 504  
 505              // User must see moderation notice, regardless of redirect settings
 506              $force_redirect = true;
 507          }
 508  
 509          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 510          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 511          {
 512              // We quoted all posts - remove the entire cookie
 513              if($mybb->get_input('quoted_ids') == "all")
 514              {
 515                  my_unsetcookie("multiquote");
 516              }
 517              // Only quoted a few - attempt to remove them from the cookie
 518              else
 519              {
 520                  $quoted_ids = explode("|", $mybb->get_input('quoted_ids'));
 521                  $multiquote = explode("|", $mybb->cookies['multiquote']);
 522                  if(is_array($multiquote) && is_array($quoted_ids))
 523                  {
 524                      foreach($multiquote as $key => $quoteid)
 525                      {
 526                          // If this ID was quoted, remove it from the multiquote list
 527                          if(in_array($quoteid, $quoted_ids))
 528                          {
 529                              unset($multiquote[$key]);
 530                          }
 531                      }
 532                      // Still have an array - set the new cookie
 533                      if(is_array($multiquote))
 534                      {
 535                          $new_multiquote = implode(",", $multiquote);
 536                          my_setcookie("multiquote", $new_multiquote);
 537                      }
 538                      // Otherwise, unset it
 539                      else
 540                      {
 541                          my_unsetcookie("multiquote");
 542                      }
 543                  }
 544              }
 545          }
 546  
 547          $plugins->run_hooks("newreply_do_newreply_end");
 548  
 549          // This was a post made via the ajax quick reply - we need to do some special things here
 550          if($mybb->get_input('ajax', MyBB::INPUT_INT))
 551          {
 552              // Visible post
 553              if($visible == 1)
 554              {
 555                  // Set post counter
 556                  $postcounter = $thread['replies'] + 1;
 557  
 558                  if(is_moderator($fid, "canviewunapprove"))
 559                  {
 560                      $postcounter += $thread['unapprovedposts'];
 561                  }
 562                  if(is_moderator($fid, "canviewdeleted"))
 563                  {
 564                      $postcounter += $thread['deletedposts'];
 565                  }
 566  
 567                  // Was there a new post since we hit the quick reply button?
 568                  if($mybb->get_input('lastpid', MyBB::INPUT_INT))
 569                  {
 570                      $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc"));
 571                      $new_post = $db->fetch_array($query);
 572                      if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT))
 573                      {
 574                          redirect(get_thread_link($tid, 0, "lastpost"));
 575                      }
 576                  }
 577  
 578                  if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 579                  {
 580                      $mybb->settings['postsperpage'] = 20;
 581                  }
 582  
 583                  // Lets see if this post is on the same page as the one we're viewing or not
 584                  // if it isn't, redirect us
 585                  if($perpage > 0 && (($postcounter) % $perpage) == 0)
 586                  {
 587                      $post_page = ($postcounter) / $mybb->settings['postsperpage'];
 588                  }
 589                  else
 590                  {
 591                      $post_page = (int)($postcounter / $mybb->settings['postsperpage']) + 1;
 592                  }
 593  
 594                  if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT))
 595                  {
 596                      redirect(get_thread_link($tid, 0, "lastpost"));
 597                      exit;
 598                  }
 599  
 600                  // Return the post HTML and display it inline
 601                  $query = $db->query("
 602                      SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername
 603                      FROM ".TABLE_PREFIX."posts p
 604                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 605                      LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 606                      LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid)
 607                      WHERE p.pid='{$pid}'
 608                  ");
 609                  $post = $db->fetch_array($query);
 610  
 611                  // Now lets fetch all of the attachments for this post
 612                  $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
 613                  while($attachment = $db->fetch_array($query))
 614                  {
 615                      $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
 616                  }
 617  
 618                  // Establish altbg - may seem like this is backwards, but build_postbit reverses it
 619                  if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0)
 620                  {
 621                      $altbg = "trow1";
 622                  }
 623                  else
 624                  {
 625                      $altbg = "trow2";
 626                  }
 627  
 628                  $charset = "UTF-8";
 629                  if($lang->settings['charset'])
 630                  {
 631                      $charset = $lang->settings['charset'];
 632                  }
 633  
 634                  require_once  MYBB_ROOT."inc/functions_post.php";
 635                  $pid = $post['pid'];
 636                  $post = build_postbit($post);
 637  
 638                  $data = '';
 639                  $data .= $post;
 640  
 641                  // Build a new posthash incase the user wishes to quick reply again
 642                  $new_posthash = md5($mybb->user['uid'].random_str());
 643                  $data .= "<script type=\"text/javascript\">\n";
 644                  $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
 645                  $data .= "if(typeof(inlineModeration) != 'undefined') {
 646                      $('#inlinemod_{$pid}').bind(\"click\", function(e) {
 647                          inlineModeration.checkItem();
 648                      });
 649                  }\n";
 650  
 651                  if($closed == 1)
 652                  {
 653                      $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n";
 654                  }
 655                  else
 656                  {
 657                      $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n";
 658                  }
 659  
 660                  $data .= "</script>\n";
 661  
 662                  header("Content-type: application/json; charset={$lang->settings['charset']}");
 663                  echo json_encode(array("data" => $data));
 664  
 665                  exit;
 666              }
 667              // Post is in the moderation queue
 668              else
 669              {
 670                  redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true);
 671                  exit;
 672              }
 673          }
 674          else
 675          {
 676              $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 677              redirect($url, $lang->redirect_newreply, "", $force_redirect);
 678              exit;
 679          }
 680      }
 681  }
 682  
 683  // Show the newreply form.
 684  if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft")
 685  {
 686      $plugins->run_hooks("newreply_start");
 687  
 688      $quote_ids = $multiquote_external = '';
 689      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 690      if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment') && !$mybb->get_input('rem'))
 691      {
 692          $message = '';
 693          $quoted_posts = array();
 694          // Handle multiquote
 695          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 696          {
 697              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 698              foreach($multiquoted as $post)
 699              {
 700                  $quoted_posts[$post] = (int)$post;
 701              }
 702          }
 703          // Handle incoming 'quote' button
 704          if($replyto)
 705          {
 706              $quoted_posts[$replyto] = $replyto;
 707          }
 708  
 709          // Quoting more than one post - fetch them
 710          if(count($quoted_posts) > 0)
 711          {
 712              $external_quotes = 0;
 713              $quoted_posts = implode(",", $quoted_posts);
 714              $unviewable_forums = get_unviewable_forums();
 715              $inactiveforums = get_inactive_forums();
 716              if($unviewable_forums)
 717              {
 718                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 719              }
 720              if($inactiveforums)
 721              {
 722                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 723              }
 724  
 725              // Check group permissions if we can't view threads not started by us
 726              $group_permissions = forum_permissions();
 727              $onlyusfids = array();
 728              $onlyusforums = '';
 729              foreach($group_permissions as $gpfid => $forum_permissions)
 730              {
 731                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 732                  {
 733                      $onlyusfids[] = $gpfid;
 734                  }
 735              }
 736              if(!empty($onlyusfids))
 737              {
 738                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 739              }
 740  
 741              if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 742              {
 743                  $visible_where = "AND p.visible IN (-1,0,1)";
 744              }
 745              elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted'))
 746              {
 747                  $visible_where = "AND p.visible IN (0,1)";
 748              }
 749              elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 750              {
 751                  $visible_where = "AND p.visible IN (-1,1)";
 752              }
 753              else
 754              {
 755                  $visible_where = "AND p.visible=1";
 756              }
 757  
 758              require_once  MYBB_ROOT."inc/functions_posting.php";
 759              $query = $db->query("
 760                  SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 761                  FROM ".TABLE_PREFIX."posts p
 762                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 763                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 764                  WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 765              ");
 766              $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT);
 767              while($quoted_post = $db->fetch_array($query))
 768              {
 769                  // Only show messages for the current thread
 770                  if($quoted_post['tid'] == $tid || $load_all == 1)
 771                  {
 772                      // If this post was the post for which a quote button was clicked, set the subject
 773                      if($replyto == $quoted_post['pid'])
 774                      {
 775                          $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']);
 776                          // Subject too long? Shorten it to avoid error message
 777                          if(my_strlen($subject) > 85)
 778                          {
 779                              $subject = my_substr($subject, 0, 82).'...';
 780                          }
 781                          $subject = "RE: ".$subject;
 782                      }
 783                      $message .= parse_quoted_message($quoted_post);
 784                      $quoted_ids[] = $quoted_post['pid'];
 785                  }
 786                  // Count the rest
 787                  else
 788                  {
 789                      ++$external_quotes;
 790                  }
 791              }
 792              if($mybb->settings['maxquotedepth'] != '0')
 793              {
 794                  $message = remove_message_quotes($message);
 795              }
 796              if($external_quotes > 0)
 797              {
 798                  if($external_quotes == 1)
 799                  {
 800                      $multiquote_text = $lang->multiquote_external_one;
 801                      $multiquote_deselect = $lang->multiquote_external_one_deselect;
 802                      $multiquote_quote = $lang->multiquote_external_one_quote;
 803                  }
 804                  else
 805                  {
 806                      $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 807                      $multiquote_deselect = $lang->multiquote_external_deselect;
 808                      $multiquote_quote = $lang->multiquote_external_quote;
 809                  }
 810                  eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";");
 811              }
 812              if(is_array($quoted_ids) && count($quoted_ids) > 0)
 813              {
 814                  $quoted_ids = implode("|", $quoted_ids);
 815              }
 816          }
 817      }
 818  
 819      if(isset($mybb->input['quoted_ids']))
 820      {
 821          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids', MyBB::INPUT_INT));
 822      }
 823  
 824      if(isset($mybb->input['previewpost']))
 825      {
 826          $previewmessage = $mybb->get_input('message');
 827      }
 828      if(empty($message))
 829      {
 830          $message = $mybb->get_input('message');
 831      }
 832      $message = htmlspecialchars_uni($message);
 833  
 834      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 835      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 836  
 837      // Set up the post options.
 838      if(!empty($mybb->input['previewpost']) || $reply_errors != '')
 839      {
 840          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 841  
 842          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 843          {
 844              $postoptionschecked['signature'] = " checked=\"checked\"";
 845          }
 846          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 847          {
 848              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 849          }
 850          $subscription_method = get_subscription_method($tid, $postoptions);
 851          $subject = $mybb->input['subject'];
 852      }
 853      elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 854      {
 855          $message = htmlspecialchars_uni($post['message']);
 856          $subject = $post['subject'];
 857          if($post['includesig'] != 0)
 858          {
 859              $postoptionschecked['signature'] = " checked=\"checked\"";
 860          }
 861          if($post['smilieoff'] == 1)
 862          {
 863              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 864          }
 865          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 866          $mybb->input['icon'] = $post['icon'];
 867      }
 868      else
 869      {
 870          if($mybb->user['signature'] != '')
 871          {
 872              $postoptionschecked['signature'] = " checked=\"checked\"";
 873          }
 874          $subscription_method = get_subscription_method($tid);
 875      }
 876      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 877  
 878      if($forum['allowpicons'] != 0)
 879      {
 880          $posticons = get_post_icons();
 881      }
 882  
 883      // No subject?
 884      if(!isset($subject))
 885      {
 886          if(!empty($mybb->input['subject']))
 887          {
 888              $subject = $mybb->get_input('subject');
 889          }
 890          else
 891          {
 892              $subject = $thread_subject;
 893              // Subject too long? Shorten it to avoid error message
 894              if(my_strlen($subject) > 85)
 895              {
 896                  $subject = my_substr($subject, 0, 82).'...';
 897              }
 898              $subject = "RE: ".$subject;
 899          }
 900      }
 901  
 902      // Preview a post that was written.
 903      $preview = '';
 904      if(!empty($mybb->input['previewpost']))
 905      {
 906          // If this isn't a logged in user, then we need to do some special validation.
 907          if($mybb->user['uid'] == 0)
 908          {
 909              // If they didn't specify a username leave blank so $lang->guest can be used on output
 910              if(!$mybb->get_input('username'))
 911              {
 912                  $username = '';
 913              }
 914              // Otherwise use the name they specified.
 915              else
 916              {
 917                  $username = $mybb->get_input('username');
 918              }
 919              $uid = 0;
 920          }
 921          // This user is logged in.
 922          else
 923          {
 924              $username = $mybb->user['username'];
 925              $uid = $mybb->user['uid'];
 926          }
 927  
 928          // Set up posthandler.
 929          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 930          $posthandler = new PostDataHandler("insert");
 931          $posthandler->action = "post";
 932  
 933          // Set the post data that came from the input to the $post array.
 934          $post = array(
 935              "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 936              "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 937              "fid" => $thread['fid'],
 938              "subject" => $mybb->get_input('subject'),
 939              "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 940              "uid" => $uid,
 941              "username" => $username,
 942              "message" => $mybb->get_input('message'),
 943              "ipaddress" => $session->packedip,
 944              "posthash" => $mybb->get_input('posthash')
 945          );
 946  
 947          if(isset($mybb->input['pid']))
 948          {
 949              $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 950          }
 951  
 952          $posthandler->set_data($post);
 953  
 954          // Now let the post handler do all the hard work.
 955          $valid_post = $posthandler->verify_message();
 956          $valid_subject = $posthandler->verify_subject();
 957  
 958          // guest post --> verify author
 959          if($post['uid'] == 0)
 960          {
 961              $valid_username = $posthandler->verify_author();
 962          }
 963          else
 964          {
 965              $valid_username = true;
 966          }
 967  
 968          $post_errors = array();
 969          // Fetch friendly error messages if this is an invalid post
 970          if(!$valid_post || !$valid_subject || !$valid_username)
 971          {
 972              $post_errors = $posthandler->get_friendly_errors();
 973          }
 974  
 975          // One or more errors returned, fetch error list and throw to newreply page
 976          if(count($post_errors) > 0)
 977          {
 978              $reply_errors = inline_error($post_errors);
 979          }
 980          else
 981          {
 982              $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids'));
 983              $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 984              $query = $db->query("
 985                  SELECT u.*, f.*
 986                  FROM ".TABLE_PREFIX."users u
 987                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 988                  WHERE u.uid='".$mybb->user['uid']."'
 989              ");
 990              $post = $db->fetch_array($query);
 991              $post['username'] = $username;
 992              if($mybb->user['uid'])
 993              {
 994                  $post['userusername'] = $mybb->user['username'];
 995              }
 996              $post['message'] = $previewmessage;
 997              $post['subject'] = $subject;
 998              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 999              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
1000              if(isset($mybb->input['postoptions']['disablesmilies']))
1001              {
1002                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
1003              }
1004              $post['dateline'] = TIME_NOW;
1005              if(isset($mybb->input['postoptions']['signature']))
1006              {
1007                  $post['includesig'] = $mybb->input['postoptions']['signature'];
1008              }
1009              if(!isset($post['includesig']) || $post['includesig'] != 1)
1010              {
1011                  $post['includesig'] = 0;
1012              }
1013  
1014              // Fetch attachments assigned to this post.
1015              if($mybb->get_input('pid', MyBB::INPUT_INT))
1016              {
1017                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
1018              }
1019              else
1020              {
1021                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
1022              }
1023  
1024              $query = $db->simple_select("attachments", "*", $attachwhere);
1025              while($attachment = $db->fetch_array($query))
1026              {
1027                  $attachcache[0][$attachment['aid']] = $attachment;
1028              }
1029  
1030              $postbit = build_postbit($post, 1);
1031              eval("\$preview = \"".$templates->get("previewpost")."\";");
1032          }
1033      }
1034  
1035      $subject = htmlspecialchars_uni($parser->parse_badwords($subject));
1036  
1037      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
1038  
1039      // Do we have attachment errors?
1040      if(count($errors) > 0)
1041      {
1042          $reply_errors = inline_error($errors);
1043      }
1044  
1045      // Get a listing of the current attachments.
1046      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
1047      {
1048          $attachcount = 0;
1049          if($pid)
1050          {
1051              $attachwhere = "pid='$pid'";
1052          }
1053          else
1054          {
1055              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
1056          }
1057          $attachments = '';
1058          $query = $db->simple_select("attachments", "*", $attachwhere);
1059          while($attachment = $db->fetch_array($query))
1060          {
1061              $attachment['size'] = get_friendly_size($attachment['filesize']);
1062              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
1063              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
1064  
1065              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
1066              {
1067                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
1068              }
1069  
1070              $attach_mod_options = '';
1071              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
1072  
1073              if($attachment['visible'] != 1)
1074              {
1075                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
1076              }
1077              else
1078              {
1079                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
1080              }
1081              $attachcount++;
1082          }
1083  
1084          $noshowattach = '';
1085          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
1086          $usage = $db->fetch_array($query);
1087  
1088          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
1089          {
1090              $noshowattach = 1;
1091          }
1092  
1093          if($mybb->usergroup['attachquota'] == 0)
1094          {
1095              $friendlyquota = $lang->unlimited;
1096          }
1097          else
1098          {
1099              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
1100          }
1101  
1102          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
1103          if($usage['ausage'] !== NULL)
1104          {
1105              $friendlyusage = get_friendly_size($usage['ausage']);
1106              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
1107              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
1108          }
1109          else
1110          {
1111              $lang->attach_usage = "";
1112          }
1113          
1114          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
1115          {
1116              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1117          }
1118  
1119          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1120          {
1121              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1122          }
1123  
1124          if($attach_add_options || $attach_update_options)
1125          {
1126              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1127          }
1128  
1129          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1130      }
1131  
1132      // If the user is logged in, provide a save draft button.
1133      if($mybb->user['uid'])
1134      {
1135          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1136      }
1137  
1138      // Show captcha image for guests if enabled
1139      $captcha = '';
1140      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1141      {
1142          $correct = false;
1143          require_once  MYBB_ROOT.'inc/class_captcha.php';
1144          $post_captcha = new captcha(false, "post_captcha");
1145  
1146          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1147          {
1148              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1149              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1150              if($post_captcha->validate_captcha() == true)
1151              {
1152                  $correct = true;
1153  
1154                  // Generate a hidden list of items for our captcha
1155                  $captcha = $post_captcha->build_hidden_captcha();
1156              }
1157          }
1158  
1159          if(!$correct)
1160          {
1161              if($post_captcha->type == 1)
1162              {
1163                  $post_captcha->build_captcha();
1164              }
1165              elseif(in_array($post_captcha->type, array(4, 5)))
1166              {
1167                  $post_captcha->build_recaptcha();
1168              }
1169          }
1170          else if($correct && (in_array($post_captcha->type, array(4, 5))))
1171          {
1172              $post_captcha->build_recaptcha();
1173          }
1174  
1175          if($post_captcha->html)
1176          {
1177              $captcha = $post_captcha->html;
1178          }
1179      }
1180  
1181      $reviewmore = '';
1182      if($mybb->settings['threadreview'] != 0)
1183      {
1184          if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1185          {
1186              $mybb->settings['postsperpage'] = 20;
1187          }
1188  
1189          if(is_moderator($fid, "canviewunapprove"))
1190          {
1191              $visibility = "(visible='1' OR visible='0')";
1192          }
1193          else
1194          {
1195              $visibility = "visible='1'";
1196          }
1197          $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}");
1198          $numposts = $db->fetch_field($query, "post_count");
1199  
1200          if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1201          {
1202              $mybb->settings['postsperpage'] = 20;
1203          }
1204  
1205          if($numposts > $mybb->settings['postsperpage'])
1206          {
1207              $numposts = $mybb->settings['postsperpage'];
1208              $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid));
1209              eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";");
1210          }
1211  
1212          $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline", "order_dir" => "desc", "limit" => $mybb->settings['postsperpage']));
1213          while($post = $db->fetch_array($query))
1214          {
1215              $pidin[] = $post['pid'];
1216          }
1217  
1218          $pidin = implode(",", $pidin);
1219  
1220          // Fetch attachments
1221          $query = $db->simple_select("attachments", "*", "pid IN ($pidin)");
1222          while($attachment = $db->fetch_array($query))
1223          {
1224              $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
1225          }
1226          $query = $db->query("
1227              SELECT p.*, u.username AS userusername
1228              FROM ".TABLE_PREFIX."posts p
1229              LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
1230              WHERE pid IN ($pidin)
1231              ORDER BY dateline DESC
1232          ");
1233          $postsdone = 0;
1234          $altbg = "trow1";
1235          $reviewbits = '';
1236          while($post = $db->fetch_array($query))
1237          {
1238              if($post['userusername'])
1239              {
1240                  $post['username'] = $post['userusername'];
1241              }
1242              $reviewpostdate = my_date('relative', $post['dateline']);
1243              $parser_options = array(
1244                  "allow_html" => $forum['allowhtml'],
1245                  "allow_mycode" => $forum['allowmycode'],
1246                  "allow_smilies" => $forum['allowsmilies'],
1247                  "allow_imgcode" => $forum['allowimgcode'],
1248                  "allow_videocode" => $forum['allowvideocode'],
1249                  "me_username" => $post['username'],
1250                  "filter_badwords" => 1
1251              );
1252              if($post['smilieoff'] == 1)
1253              {
1254                  $parser_options['allow_smilies'] = 0;
1255              }
1256  
1257              if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
1258              {
1259                  $parser_options['allow_imgcode'] = 0;
1260              }
1261  
1262              if($mybb->user['showvideos'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0)
1263              {
1264                  $parser_options['allow_videocode'] = 0;
1265              }
1266  
1267              $post['username'] = htmlspecialchars_uni($post['username']);
1268  
1269              if($post['visible'] != 1)
1270              {
1271                  $altbg = "trow_shaded";
1272              }
1273  
1274              $post['message'] = $parser->parse_message($post['message'], $parser_options);
1275              get_post_attachments($post['pid'], $post);
1276              $reviewmessage = $post['message'];
1277              eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";");
1278              if($altbg == "trow1")
1279              {
1280                  $altbg = "trow2";
1281              }
1282              else
1283              {
1284                  $altbg = "trow1";
1285              }
1286          }
1287          eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";");
1288      }
1289  
1290      // Hide signature option if no permission
1291      $signature = '';
1292      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
1293      {
1294          eval("\$signature = \"".$templates->get('newreply_signature')."\";");
1295      }
1296  
1297      // Can we disable smilies or are they disabled already?
1298      $disablesmilies = '';
1299      if($forum['allowsmilies'] != 0)
1300      {
1301          eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";");
1302      }
1303  
1304      $postoptions = '';
1305      if(!empty($signature) || !empty($disablesmilies))
1306      {
1307          eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";");
1308          $bgcolor = "trow2";
1309      }
1310      else
1311      {
1312          $bgcolor = "trow1";
1313      }
1314  
1315      $modoptions = '';
1316      // Show the moderator options.
1317      if(is_moderator($fid))
1318      {
1319          if($mybb->get_input('processed', MyBB::INPUT_INT))
1320          {
1321              $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
1322              if(!isset($mybb->input['modoptions']['closethread']))
1323              {
1324                  $mybb->input['modoptions']['closethread'] = 0;
1325              }
1326              $closed = (int)$mybb->input['modoptions']['closethread'];
1327              if(!isset($mybb->input['modoptions']['stickthread']))
1328              {
1329                  $mybb->input['modoptions']['stickthread'] = 0;
1330              }
1331              $stuck = (int)$mybb->input['modoptions']['stickthread'];
1332          }
1333          else
1334          {
1335              $closed = $thread['closed'];
1336              $stuck = $thread['sticky'];
1337          }
1338  
1339          if($closed)
1340          {
1341              $closecheck = ' checked="checked"';
1342          }
1343          else
1344          {
1345              $closecheck = '';
1346          }
1347  
1348          if($stuck)
1349          {
1350              $stickycheck = ' checked="checked"';
1351          }
1352          else
1353          {
1354              $stickycheck = '';
1355          }
1356  
1357          $closeoption = '';
1358          if(is_moderator($thread['fid'], "canopenclosethreads"))
1359          {
1360              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
1361          }
1362  
1363          $stickoption = '';
1364          if(is_moderator($thread['fid'], "canstickunstickthreads"))
1365          {
1366              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
1367          }
1368  
1369          if(!empty($closeoption) || !empty($stickoption))
1370          {
1371              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
1372              $bgcolor = "trow1";
1373          }
1374          else
1375          {
1376              $bgcolor = "trow2";
1377          }
1378      }
1379      else
1380      {
1381          $bgcolor = "trow2";
1382      }
1383  
1384      // Fetch subscription select box
1385      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
1386  
1387      $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']);
1388      $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']);
1389  
1390      // Do we have any forum rules to show for this forum?
1391      $forumrules = '';
1392      if($forum['rulestype'] >= 2 && $forum['rules'])
1393      {
1394          if(!$forum['rulestitle'])
1395          {
1396              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1397          }
1398  
1399          if(!$parser)
1400          {
1401              require_once  MYBB_ROOT.'inc/class_parser.php';
1402              $parser = new postParser;
1403          }
1404  
1405          $rules_parser = array(
1406              "allow_html" => 1,
1407              "allow_mycode" => 1,
1408              "allow_smilies" => 1,
1409              "allow_imgcode" => 1
1410          );
1411  
1412          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1413          $foruminfo = $forum;
1414  
1415          if($forum['rulestype'] == 3)
1416          {
1417              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1418          }
1419          else if($forum['rulestype'] == 2)
1420          {
1421              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1422          }
1423      }
1424  
1425      $moderation_notice = '';
1426      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1427      {
1428          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1429          {
1430              $moderation_text = $lang->moderation_forum_attachments;
1431              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1432          }
1433      }
1434      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1435      {
1436          if($forumpermissions['modposts'] == 1)
1437          {
1438              $moderation_text = $lang->moderation_forum_posts;
1439              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1440          }
1441  
1442          if($mybb->user['moderateposts'] == 1)
1443          {
1444              $moderation_text = $lang->moderation_user_posts;
1445              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1446          }
1447      }
1448  
1449      $php_max_upload_filesize = return_bytes(ini_get('max_upload_filesize'));
1450      $php_post_max_size = return_bytes(ini_get('post_max_size'));
1451  
1452      if ($php_max_upload_filesize != 0 && $php_post_max_size != 0)
1453      {
1454          $php_max_upload_size = min($php_max_upload_filesize, $php_post_max_size);
1455      }
1456      else
1457      {
1458          $php_max_upload_size = max($php_max_upload_filesize, $php_post_max_size);
1459      }
1460  
1461      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1462      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1463  
1464      $plugins->run_hooks("newreply_end");
1465  
1466      $forum['name'] = strip_tags($forum['name']);
1467  
1468      eval("\$newreply = \"".$templates->get("newreply")."\";");
1469      output_page($newreply);
1470  }


2005 - 2018 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1