| [ Index ] |
PHP Cross Reference of MyBB 1.8.36 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'newreply.php'); 13 14 $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method"; 15 $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update"; 16 $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick"; 17 $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,post_attachments_viewlink,postbit_attachments_attachment,newreply_signature"; 18 $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_groupimage,postbit_attachments,newreply_postoptions"; 19 $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved"; 20 $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link"; 21 $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored"; 22 $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn"; 23 24 require_once "./global.php"; 25 require_once MYBB_ROOT."inc/functions_post.php"; 26 require_once MYBB_ROOT."inc/functions_user.php"; 27 require_once MYBB_ROOT."inc/functions_upload.php"; 28 require_once MYBB_ROOT."inc/class_parser.php"; 29 $parser = new postParser; 30 31 // Load global language phrases 32 $lang->load("newreply"); 33 34 // Get the pid and tid and replyto from the input. 35 $tid = $mybb->get_input('tid', MyBB::INPUT_INT); 36 $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT); 37 38 // AJAX quick reply? 39 if(!empty($mybb->input['ajax'])) 40 { 41 unset($mybb->input['previewpost']); 42 } 43 44 // Edit a draft post. 45 $pid = 0; 46 $editdraftpid = ''; 47 $mybb->input['action'] = $mybb->get_input('action'); 48 if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT)) 49 { 50 $pid = $mybb->get_input('pid', MyBB::INPUT_INT); 51 $post = get_post($pid); 52 if(!$post) 53 { 54 error($lang->error_invalidpost); 55 } 56 else if($mybb->user['uid'] != $post['uid']) 57 { 58 error($lang->error_post_noperms); 59 } 60 $pid = (int)$post['pid']; 61 $tid = (int)$post['tid']; 62 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 63 } 64 65 // Set up $thread and $forum for later use. 66 $thread = get_thread($tid); 67 if(!$thread) 68 { 69 error($lang->error_invalidthread); 70 } 71 $fid = (int)$thread['fid']; 72 73 // Get forum info 74 $forum = get_forum($fid); 75 if(!$forum) 76 { 77 error($lang->error_invalidforum); 78 } 79 80 // Make navigation 81 build_forum_breadcrumb($fid); 82 $thread_subject = $thread['subject']; 83 $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); 84 add_breadcrumb($thread['subject'], get_thread_link($thread['tid'])); 85 add_breadcrumb($lang->nav_newreply); 86 87 $forumpermissions = forum_permissions($fid); 88 89 // See if everything is valid up to here. 90 if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid']))) 91 { 92 if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid'])) 93 { 94 error($lang->error_invalidpost); 95 } 96 } 97 if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0) 98 { 99 if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid'])) 100 { 101 error($lang->error_invalidthread); 102 } 103 } 104 if($forum['open'] == 0 || $forum['type'] != "f") 105 { 106 error($lang->error_closedinvalidforum); 107 } 108 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0) 109 { 110 error_no_permission(); 111 } 112 113 if($mybb->user['suspendposting'] == 1) 114 { 115 $suspendedpostingtype = $lang->error_suspendedposting_permanent; 116 if($mybb->user['suspensiontime']) 117 { 118 $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime'])); 119 } 120 121 $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime'])); 122 123 error($lang->error_suspendedposting); 124 } 125 126 if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) 127 { 128 error_no_permission(); 129 } 130 131 if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) 132 { 133 error_no_permission(); 134 } 135 136 // Coming from quick reply and not a preview call? Set subscription method 137 if($mybb->get_input('method') == "quickreply" && !isset($mybb->input['previewpost'])) 138 { 139 $mybb->input['postoptions']['subscriptionmethod'] = get_subscription_method($mybb->get_input('tid', MyBB::INPUT_INT)); 140 } 141 142 // Check if this forum is password protected and we have a valid password 143 check_forum_password($forum['fid']); 144 145 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 146 { 147 $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']); 148 if($forum['allowsmilies'] != 0) 149 { 150 $smilieinserter = build_clickable_smilies(); 151 } 152 } 153 154 // Display a login box or change user box? 155 if($mybb->user['uid'] != 0) 156 { 157 $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']); 158 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 159 } 160 else 161 { 162 if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply") 163 { 164 $username = ''; 165 } 166 else 167 { 168 $username = htmlspecialchars_uni($mybb->get_input('username')); 169 } 170 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 171 } 172 173 // Check to see if the thread is closed, and if the user is a mod. 174 if(!is_moderator($fid, "canpostclosedthreads")) 175 { 176 if($thread['closed'] == 1) 177 { 178 error($lang->redirect_threadclosed); 179 } 180 } 181 182 // No weird actions allowed, show new reply form if no regular action. 183 if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft") 184 { 185 $mybb->input['action'] = "newreply"; 186 } 187 188 // Even if we are previewing, still show the new reply form. 189 if(!empty($mybb->input['previewpost'])) 190 { 191 $mybb->input['action'] = "newreply"; 192 } 193 194 // Setup a unique posthash for attachment management 195 if(!$mybb->get_input('posthash') && !$pid) 196 { 197 $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str()); 198 } 199 200 if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1) 201 { 202 error($lang->error_empty_post_input); 203 } 204 205 $errors = array(); 206 $maximageserror = $attacherror = ''; 207 if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newreply" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && !empty($_FILES['attachments'])))) 208 { 209 // Verify incoming POST request 210 verify_post_check($mybb->get_input('my_post_key')); 211 212 if($pid) 213 { 214 $attachwhere = "pid='{$pid}'"; 215 } 216 else 217 { 218 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 219 } 220 221 $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newreply"); 222 223 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 224 { 225 if(isset($ret['success'])) 226 { 227 $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}'); 228 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 229 { 230 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 231 } 232 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 233 $attach_mod_options = ''; 234 eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";"); 235 $ret['template'] = $attemplate; 236 237 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 238 $usage = $db->fetch_array($query); 239 $ret['usage'] = get_friendly_size($usage['ausage']); 240 } 241 242 header("Content-type: application/json; charset={$lang->settings['charset']}"); 243 echo json_encode($ret); 244 exit(); 245 } 246 247 if(!empty($ret['errors'])) 248 { 249 $errors = $ret['errors']; 250 } 251 252 // If we were dealing with an attachment but didn't click 'Post Reply' or 'Save as Draft', force the new reply page again. 253 if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft')) 254 { 255 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 256 $mybb->input['action'] = "newreply"; 257 } 258 } 259 260 detect_attachmentact(); 261 262 // Remove an attachment. 263 if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove") 264 { 265 // Verify incoming POST request 266 verify_post_check($mybb->get_input('my_post_key')); 267 268 remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT)); 269 270 if(!$mybb->get_input('submit')) 271 { 272 eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";"); 273 $mybb->input['action'] = "newreply"; 274 } 275 276 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 277 { 278 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 279 $usage = $db->fetch_array($query); 280 281 header("Content-type: application/json; charset={$lang->settings['charset']}"); 282 echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage']))); 283 exit(); 284 } 285 } 286 287 $reply_errors = $quoted_ids = ''; 288 $hide_captcha = false; 289 290 // Check the maximum posts per day for this user 291 if($mybb->usergroup['maxposts'] > 0) 292 { 293 $daycut = TIME_NOW-60*60*24; 294 $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}"); 295 $post_count = $db->fetch_field($query, "posts_today"); 296 if($post_count >= $mybb->usergroup['maxposts']) 297 { 298 $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']); 299 error($lang->error_maxposts); 300 } 301 } 302 303 if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1) 304 { 305 $mybb->settings['postsperpage'] = 20; 306 } 307 308 if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post") 309 { 310 // Verify incoming POST request 311 verify_post_check($mybb->get_input('my_post_key')); 312 313 $plugins->run_hooks("newreply_do_newreply_start"); 314 315 // If this isn't a logged in user, then we need to do some special validation. 316 if($mybb->user['uid'] == 0) 317 { 318 // If they didn't specify a username leave blank so $lang->guest can be used on output 319 if(!$mybb->get_input('username')) 320 { 321 $username = ''; 322 } 323 // Otherwise use the name they specified. 324 else 325 { 326 $username = $mybb->get_input('username'); 327 } 328 $uid = 0; 329 330 331 if($mybb->settings['stopforumspam_on_newreply']) 332 { 333 require_once MYBB_ROOT . '/inc/class_stopforumspamchecker.php'; 334 335 $stop_forum_spam_checker = new StopForumSpamChecker( 336 $plugins, 337 $mybb->settings['stopforumspam_min_weighting_before_spam'], 338 $mybb->settings['stopforumspam_check_usernames'], 339 $mybb->settings['stopforumspam_check_emails'], 340 $mybb->settings['stopforumspam_check_ips'], 341 $mybb->settings['stopforumspam_log_blocks'] 342 ); 343 344 try { 345 if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip())) 346 { 347 error($lang->sprintf($lang->error_stop_forum_spam_spammer, 348 $stop_forum_spam_checker->getErrorText(array( 349 'stopforumspam_check_usernames', 350 'stopforumspam_check_ips' 351 )))); 352 } 353 } 354 catch (Exception $e) 355 { 356 if($mybb->settings['stopforumspam_block_on_error']) 357 { 358 error($lang->error_stop_forum_spam_fetching); 359 } 360 } 361 } 362 } 363 // This user is logged in. 364 else 365 { 366 $username = $mybb->user['username']; 367 $uid = $mybb->user['uid']; 368 } 369 370 // Attempt to see if this post is a duplicate or not 371 if($uid > 0) 372 { 373 $user_check = "p.uid='{$uid}'"; 374 } 375 else 376 { 377 $user_check = "p.ipaddress=".$db->escape_binary($session->packedip); 378 } 379 if(!$mybb->get_input('savedraft')) 380 { 381 $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible > -1 AND p.dateline>".(TIME_NOW-600)); 382 if($db->num_rows($query) > 0) 383 { 384 error($lang->error_post_already_submitted); 385 } 386 } 387 388 // Set up posthandler. 389 require_once MYBB_ROOT."inc/datahandlers/post.php"; 390 $posthandler = new PostDataHandler("insert"); 391 392 // Set the post data that came from the input to the $post array. 393 $post = array( 394 "tid" => $mybb->get_input('tid', MyBB::INPUT_INT), 395 "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT), 396 "fid" => $thread['fid'], 397 "subject" => $mybb->get_input('subject'), 398 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 399 "uid" => $uid, 400 "username" => $username, 401 "message" => $mybb->get_input('message'), 402 "ipaddress" => $session->packedip, 403 "posthash" => $mybb->get_input('posthash') 404 ); 405 406 if(isset($mybb->input['pid'])) 407 { 408 $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT); 409 } 410 411 // Are we saving a draft post? 412 if($mybb->get_input('savedraft') && $mybb->user['uid']) 413 { 414 $post['savedraft'] = 1; 415 } 416 else 417 { 418 $post['savedraft'] = 0; 419 } 420 421 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 422 if(!isset($postoptions['signature'])) 423 { 424 $postoptions['signature'] = 0; 425 } 426 if(!isset($postoptions['subscriptionmethod'])) 427 { 428 $postoptions['subscriptionmethod'] = 0; 429 } 430 if(!isset($postoptions['disablesmilies'])) 431 { 432 $postoptions['disablesmilies'] = 0; 433 } 434 435 // Set up the post options from the input. 436 $post['options'] = array( 437 "signature" => $postoptions['signature'], 438 "subscriptionmethod" => $postoptions['subscriptionmethod'], 439 "disablesmilies" => $postoptions['disablesmilies'] 440 ); 441 442 // Apply moderation options if we have them 443 $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 444 445 $posthandler->set_data($post); 446 447 // Now let the post handler do all the hard work. 448 $valid_post = $posthandler->validate_post(); 449 450 $post_errors = array(); 451 // Fetch friendly error messages if this is an invalid post 452 if(!$valid_post) 453 { 454 $post_errors = $posthandler->get_friendly_errors(); 455 } 456 457 // Mark thread as read 458 require_once MYBB_ROOT."inc/functions_indicators.php"; 459 mark_thread_read($tid, $fid); 460 461 $json_data = ''; 462 463 // Check captcha image 464 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 465 { 466 require_once MYBB_ROOT.'inc/class_captcha.php'; 467 $post_captcha = new captcha(false, "post_captcha"); 468 469 if($post_captcha->validate_captcha() == false) 470 { 471 // CAPTCHA validation failed 472 foreach($post_captcha->get_errors() as $error) 473 { 474 $post_errors[] = $error; 475 } 476 } 477 else 478 { 479 $hide_captcha = true; 480 } 481 482 if($mybb->get_input('ajax', MyBB::INPUT_INT) && $post_captcha->type == 1) 483 { 484 $randomstr = random_str(5); 485 $imagehash = md5(random_str(12)); 486 487 $imagearray = array( 488 "imagehash" => $imagehash, 489 "imagestring" => $randomstr, 490 "dateline" => TIME_NOW 491 ); 492 493 $db->insert_query("captcha", $imagearray); 494 495 //header("Content-type: text/html; charset={$lang->settings['charset']}"); 496 $data = ''; 497 $data .= "<captcha>$imagehash"; 498 499 if($hide_captcha) 500 { 501 $data .= "|$randomstr"; 502 } 503 504 $data .= "</captcha>"; 505 506 //header("Content-type: application/json; charset={$lang->settings['charset']}"); 507 $json_data = array("data" => $data); 508 } 509 } 510 511 // One or more errors returned, fetch error list and throw to newreply page 512 if(count($post_errors) > 0) 513 { 514 $reply_errors = inline_error($post_errors, '', $json_data); 515 $mybb->input['action'] = "newreply"; 516 } 517 else 518 { 519 $postinfo = $posthandler->insert_post(); 520 $pid = $postinfo['pid']; 521 $visible = $postinfo['visible']; 522 523 if(isset($postinfo['closed'])) 524 { 525 $closed = $postinfo['closed']; 526 } 527 else 528 { 529 $closed = ''; 530 } 531 532 // Invalidate solved captcha 533 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 534 { 535 $post_captcha->invalidate_captcha(); 536 } 537 538 $force_redirect = false; 539 540 // Deciding the fate 541 if($visible == -2) 542 { 543 // Draft post 544 $lang->redirect_newreply = $lang->draft_saved; 545 $url = "usercp.php?action=drafts"; 546 } 547 elseif($visible == 1) 548 { 549 // Visible post 550 $lang->redirect_newreply .= $lang->redirect_newreply_post; 551 $url = get_post_link($pid, $tid)."#pid{$pid}"; 552 } 553 else 554 { 555 // Moderated post 556 $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation; 557 $url = get_thread_link($tid); 558 559 // User must see moderation notice, regardless of redirect settings 560 $force_redirect = true; 561 } 562 563 // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected 564 if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 565 { 566 // We quoted all posts - remove the entire cookie 567 if($mybb->get_input('quoted_ids') == "all") 568 { 569 my_unsetcookie("multiquote"); 570 } 571 // Only quoted a few - attempt to remove them from the cookie 572 else 573 { 574 $quoted_ids = explode("|", $mybb->get_input('quoted_ids')); 575 $multiquote = explode("|", $mybb->cookies['multiquote']); 576 if(is_array($multiquote) && is_array($quoted_ids)) 577 { 578 foreach($multiquote as $key => $quoteid) 579 { 580 // If this ID was quoted, remove it from the multiquote list 581 if(in_array($quoteid, $quoted_ids)) 582 { 583 unset($multiquote[$key]); 584 } 585 } 586 // Still have an array - set the new cookie 587 if(is_array($multiquote)) 588 { 589 $new_multiquote = implode(",", $multiquote); 590 my_setcookie("multiquote", $new_multiquote); 591 } 592 // Otherwise, unset it 593 else 594 { 595 my_unsetcookie("multiquote"); 596 } 597 } 598 } 599 } 600 601 $plugins->run_hooks("newreply_do_newreply_end"); 602 603 // This was a post made via the ajax quick reply - we need to do some special things here 604 if($mybb->get_input('ajax', MyBB::INPUT_INT)) 605 { 606 // Visible post 607 if($visible == 1) 608 { 609 // Set post counter 610 $postcounter = $thread['replies'] + 1; 611 612 if(is_moderator($fid, "canviewunapprove")) 613 { 614 $postcounter += $thread['unapprovedposts']; 615 } 616 if(is_moderator($fid, "canviewdeleted")) 617 { 618 $postcounter += $thread['deletedposts']; 619 } 620 621 // Was there a new post since we hit the quick reply button? 622 if($mybb->get_input('lastpid', MyBB::INPUT_INT)) 623 { 624 $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc")); 625 $new_post = $db->fetch_array($query); 626 if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT)) 627 { 628 redirect(get_thread_link($tid, 0, "lastpost")); 629 } 630 } 631 632 // Lets see if this post is on the same page as the one we're viewing or not 633 // if it isn't, redirect us 634 if($mybb->settings['postsperpage'] > 0) 635 { 636 $post_page = ceil(($postcounter + 1) / $mybb->settings['postsperpage']); 637 } 638 else 639 { 640 $post_page = 1; 641 } 642 643 if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT)) 644 { 645 redirect(get_thread_link($tid, 0, "lastpost")); 646 exit; 647 } 648 649 // Return the post HTML and display it inline 650 $query = $db->query(" 651 SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername 652 FROM ".TABLE_PREFIX."posts p 653 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 654 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 655 LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid) 656 WHERE p.pid='{$pid}' 657 "); 658 $post = $db->fetch_array($query); 659 660 // Now lets fetch all of the attachments for this post 661 $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); 662 while($attachment = $db->fetch_array($query)) 663 { 664 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 665 } 666 667 // Establish altbg - may seem like this is backwards, but build_postbit reverses it 668 if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0) 669 { 670 $altbg = "trow1"; 671 } 672 else 673 { 674 $altbg = "trow2"; 675 } 676 677 $charset = "UTF-8"; 678 if($lang->settings['charset']) 679 { 680 $charset = $lang->settings['charset']; 681 } 682 683 require_once MYBB_ROOT."inc/functions_post.php"; 684 $pid = $post['pid']; 685 $post = build_postbit($post); 686 687 $data = ''; 688 $data .= $post; 689 690 // Build a new posthash incase the user wishes to quick reply again 691 $new_posthash = md5($mybb->user['uid'].random_str()); 692 $data .= "<script type=\"text/javascript\">\n"; 693 $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n"; 694 $data .= "if(typeof(inlineModeration) != 'undefined') { 695 $('#inlinemod_{$pid}').on(\"click\", function(e) { 696 inlineModeration.checkItem(); 697 }); 698 }\n"; 699 700 if($closed == 1) 701 { 702 $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n"; 703 } 704 else 705 { 706 $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n"; 707 } 708 709 $data .= "</script>\n"; 710 711 header("Content-type: application/json; charset={$lang->settings['charset']}"); 712 echo json_encode(array("data" => $data)); 713 714 exit; 715 } 716 // Post is in the moderation queue 717 else 718 { 719 redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true); 720 exit; 721 } 722 } 723 else 724 { 725 $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); 726 redirect($url, $lang->redirect_newreply, "", $force_redirect); 727 exit; 728 } 729 } 730 } 731 732 // Show the newreply form. 733 if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft") 734 { 735 $plugins->run_hooks("newreply_start"); 736 737 $quote_ids = $multiquote_external = ''; 738 // If this isn't a preview and we're not editing a draft, then handle quoted posts 739 if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment')) 740 { 741 $message = ''; 742 $quoted_posts = array(); 743 // Handle multiquote 744 if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 745 { 746 $multiquoted = explode("|", $mybb->cookies['multiquote']); 747 foreach($multiquoted as $post) 748 { 749 $quoted_posts[$post] = (int)$post; 750 } 751 } 752 // Handle incoming 'quote' button 753 if($replyto) 754 { 755 $quoted_posts[$replyto] = $replyto; 756 } 757 758 // Quoting more than one post - fetch them 759 if(count($quoted_posts) > 0) 760 { 761 $external_quotes = 0; 762 $quoted_posts = implode(",", $quoted_posts); 763 $quoted_ids = array(); 764 $unviewable_forums = get_unviewable_forums(); 765 $inactiveforums = get_inactive_forums(); 766 if($unviewable_forums) 767 { 768 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 769 } 770 if($inactiveforums) 771 { 772 $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})"; 773 } 774 775 // Check group permissions if we can't view threads not started by us 776 $group_permissions = forum_permissions(); 777 $onlyusfids = array(); 778 $onlyusforums = ''; 779 foreach($group_permissions as $gpfid => $forum_permissions) 780 { 781 if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1) 782 { 783 $onlyusfids[] = $gpfid; 784 } 785 } 786 if(!empty($onlyusfids)) 787 { 788 $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))"; 789 } 790 791 if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted')) 792 { 793 $visible_where = "AND p.visible IN (-1,0,1)"; 794 } 795 elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted')) 796 { 797 $visible_where = "AND p.visible IN (0,1)"; 798 } 799 elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted')) 800 { 801 $visible_where = "AND p.visible IN (-1,1)"; 802 } 803 else 804 { 805 $visible_where = "AND p.visible=1"; 806 } 807 808 require_once MYBB_ROOT."inc/functions_posting.php"; 809 $query = $db->query(" 810 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername 811 FROM ".TABLE_PREFIX."posts p 812 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 813 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 814 WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where} 815 "); 816 $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT); 817 while($quoted_post = $db->fetch_array($query)) 818 { 819 // Only show messages for the current thread 820 if($quoted_post['tid'] == $tid || $load_all == 1) 821 { 822 // If this post was the post for which a quote button was clicked, set the subject 823 if($replyto == $quoted_post['pid']) 824 { 825 $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']); 826 // Subject too long? Shorten it to avoid error message 827 if(my_strlen($subject) > 85) 828 { 829 $subject = my_substr($subject, 0, 82).'...'; 830 } 831 $subject = "RE: ".$subject; 832 } 833 $message .= parse_quoted_message($quoted_post); 834 $quoted_ids[] = $quoted_post['pid']; 835 } 836 // Count the rest 837 else 838 { 839 ++$external_quotes; 840 } 841 } 842 if($mybb->settings['maxquotedepth'] != '0') 843 { 844 $message = remove_message_quotes($message); 845 } 846 if($external_quotes > 0) 847 { 848 if($external_quotes == 1) 849 { 850 $multiquote_text = $lang->multiquote_external_one; 851 $multiquote_deselect = $lang->multiquote_external_one_deselect; 852 $multiquote_quote = $lang->multiquote_external_one_quote; 853 } 854 else 855 { 856 $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes); 857 $multiquote_deselect = $lang->multiquote_external_deselect; 858 $multiquote_quote = $lang->multiquote_external_quote; 859 } 860 eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";"); 861 } 862 if(is_array($quoted_ids) && count($quoted_ids) > 0) 863 { 864 $quoted_ids = implode("|", $quoted_ids); 865 } 866 } 867 } 868 869 if(isset($mybb->input['quoted_ids'])) 870 { 871 $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids', MyBB::INPUT_INT)); 872 } 873 874 if(isset($mybb->input['previewpost'])) 875 { 876 $previewmessage = $mybb->get_input('message'); 877 } 878 if(empty($message)) 879 { 880 $message = $mybb->get_input('message'); 881 } 882 $message = htmlspecialchars_uni($message); 883 884 $postoptionschecked = array('signature' => '', 'disablesmilies' => ''); 885 $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = ''; 886 887 // Set up the post options. 888 if(!empty($mybb->input['previewpost']) || $reply_errors != '') 889 { 890 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 891 892 if(isset($postoptions['signature']) && $postoptions['signature'] == 1) 893 { 894 $postoptionschecked['signature'] = " checked=\"checked\""; 895 } 896 if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1) 897 { 898 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 899 } 900 $subscription_method = get_subscription_method($tid, $postoptions); 901 $subject = $mybb->input['subject']; 902 } 903 elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid']) 904 { 905 $message = htmlspecialchars_uni($post['message']); 906 $subject = $post['subject']; 907 if($post['includesig'] != 0) 908 { 909 $postoptionschecked['signature'] = " checked=\"checked\""; 910 } 911 if($post['smilieoff'] == 1) 912 { 913 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 914 } 915 $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts 916 $mybb->input['icon'] = $post['icon']; 917 } 918 else 919 { 920 if($mybb->user['signature'] != '') 921 { 922 $postoptionschecked['signature'] = " checked=\"checked\""; 923 } 924 $subscription_method = get_subscription_method($tid); 925 } 926 ${$subscription_method.'subscribe'} = "checked=\"checked\" "; 927 928 if($forum['allowpicons'] != 0) 929 { 930 $posticons = get_post_icons(); 931 } 932 933 // No subject? 934 if(!isset($subject)) 935 { 936 if(!empty($mybb->input['subject'])) 937 { 938 $subject = $mybb->get_input('subject'); 939 } 940 else 941 { 942 $subject = $thread_subject; 943 // Subject too long? Shorten it to avoid error message 944 if(my_strlen($subject) > 85) 945 { 946 $subject = my_substr($subject, 0, 82).'...'; 947 } 948 $subject = "RE: ".$subject; 949 } 950 } 951 952 // Preview a post that was written. 953 $preview = ''; 954 if(!empty($mybb->input['previewpost'])) 955 { 956 // If this isn't a logged in user, then we need to do some special validation. 957 if($mybb->user['uid'] == 0) 958 { 959 // If they didn't specify a username leave blank so $lang->guest can be used on output 960 if(!$mybb->get_input('username')) 961 { 962 $username = ''; 963 } 964 // Otherwise use the name they specified. 965 else 966 { 967 $username = $mybb->get_input('username'); 968 } 969 $uid = 0; 970 } 971 // This user is logged in. 972 else 973 { 974 $username = $mybb->user['username']; 975 $uid = $mybb->user['uid']; 976 } 977 978 // Set up posthandler. 979 require_once MYBB_ROOT."inc/datahandlers/post.php"; 980 $posthandler = new PostDataHandler("insert"); 981 $posthandler->action = "post"; 982 983 // Set the post data that came from the input to the $post array. 984 $post = array( 985 "tid" => $mybb->get_input('tid', MyBB::INPUT_INT), 986 "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT), 987 "fid" => $thread['fid'], 988 "subject" => $mybb->get_input('subject'), 989 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 990 "uid" => $uid, 991 "username" => $username, 992 "message" => $mybb->get_input('message'), 993 "ipaddress" => $session->packedip, 994 "posthash" => $mybb->get_input('posthash') 995 ); 996 997 if(isset($mybb->input['pid'])) 998 { 999 $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT); 1000 } 1001 1002 $posthandler->set_data($post); 1003 1004 // Now let the post handler do all the hard work. 1005 $valid_post = $posthandler->verify_message(); 1006 $valid_subject = $posthandler->verify_subject(); 1007 1008 // guest post --> verify author 1009 if($post['uid'] == 0) 1010 { 1011 $valid_username = $posthandler->verify_author(); 1012 } 1013 else 1014 { 1015 $valid_username = true; 1016 } 1017 1018 $post_errors = array(); 1019 // Fetch friendly error messages if this is an invalid post 1020 if(!$valid_post || !$valid_subject || !$valid_username) 1021 { 1022 $post_errors = $posthandler->get_friendly_errors(); 1023 } 1024 1025 // One or more errors returned, fetch error list and throw to newreply page 1026 if(count($post_errors) > 0) 1027 { 1028 $reply_errors = inline_error($post_errors); 1029 } 1030 else 1031 { 1032 $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids')); 1033 $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 1034 $query = $db->query(" 1035 SELECT u.*, f.* 1036 FROM ".TABLE_PREFIX."users u 1037 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 1038 WHERE u.uid='".$mybb->user['uid']."' 1039 "); 1040 $post = $db->fetch_array($query); 1041 $post['username'] = $username; 1042 if($mybb->user['uid']) 1043 { 1044 $post['userusername'] = $mybb->user['username']; 1045 } 1046 $post['message'] = $previewmessage; 1047 $post['subject'] = $subject; 1048 $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 1049 $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 1050 if(isset($mybb->input['postoptions']['disablesmilies'])) 1051 { 1052 $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies']; 1053 } 1054 $post['dateline'] = TIME_NOW; 1055 if(isset($mybb->input['postoptions']['signature'])) 1056 { 1057 $post['includesig'] = $mybb->input['postoptions']['signature']; 1058 } 1059 if(!isset($post['includesig']) || $post['includesig'] != 1) 1060 { 1061 $post['includesig'] = 0; 1062 } 1063 1064 // Fetch attachments assigned to this post. 1065 if($mybb->get_input('pid', MyBB::INPUT_INT)) 1066 { 1067 $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'"; 1068 } 1069 else 1070 { 1071 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 1072 } 1073 1074 $query = $db->simple_select("attachments", "*", $attachwhere); 1075 while($attachment = $db->fetch_array($query)) 1076 { 1077 $attachcache[0][$attachment['aid']] = $attachment; 1078 } 1079 1080 $postbit = build_postbit($post, 1); 1081 eval("\$preview = \"".$templates->get("previewpost")."\";"); 1082 } 1083 } 1084 1085 $subject = htmlspecialchars_uni($parser->parse_badwords($subject)); 1086 1087 $posthash = htmlspecialchars_uni($mybb->get_input('posthash')); 1088 1089 // Do we have attachment errors? 1090 if(count($errors) > 0) 1091 { 1092 $reply_errors = inline_error($errors); 1093 } 1094 1095 // Get a listing of the current attachments. 1096 if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0) 1097 { 1098 $attachcount = 0; 1099 if($pid) 1100 { 1101 $attachwhere = "pid='$pid'"; 1102 } 1103 else 1104 { 1105 $attachwhere = "posthash='".$db->escape_string($posthash)."'"; 1106 } 1107 $attachments = ''; 1108 $query = $db->simple_select("attachments", "*", $attachwhere); 1109 while($attachment = $db->fetch_array($query)) 1110 { 1111 $attachment['size'] = get_friendly_size($attachment['filesize']); 1112 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 1113 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 1114 1115 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 1116 { 1117 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 1118 } 1119 1120 $attach_mod_options = ''; 1121 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 1122 1123 if($attachment['visible'] != 1) 1124 { 1125 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 1126 } 1127 else 1128 { 1129 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 1130 } 1131 $attachcount++; 1132 } 1133 1134 $noshowattach = ''; 1135 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 1136 $usage = $db->fetch_array($query); 1137 1138 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 1139 { 1140 $noshowattach = 1; 1141 } 1142 1143 if($mybb->usergroup['attachquota'] == 0) 1144 { 1145 $friendlyquota = $lang->unlimited; 1146 } 1147 else 1148 { 1149 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 1150 } 1151 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota); 1152 1153 $link_viewattachments = ''; 1154 if($usage['ausage'] !== NULL) 1155 { 1156 $friendlyusage = get_friendly_size($usage['ausage']); 1157 $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage); 1158 eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";"); 1159 } 1160 else 1161 { 1162 $lang->attach_usage = ""; 1163 } 1164 1165 $attach_add_options = ''; 1166 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 1167 { 1168 eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";"); 1169 } 1170 1171 $attach_update_options = ''; 1172 if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0) 1173 { 1174 eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";"); 1175 } 1176 1177 if($attach_add_options || $attach_update_options) 1178 { 1179 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 1180 } 1181 1182 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 1183 } 1184 else 1185 { 1186 $attachbox = ''; 1187 } 1188 1189 // If the user is logged in, provide a save draft button. 1190 if($mybb->user['uid']) 1191 { 1192 eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";"); 1193 } 1194 1195 // Show captcha image for guests if enabled 1196 $captcha = ''; 1197 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 1198 { 1199 $correct = false; 1200 require_once MYBB_ROOT.'inc/class_captcha.php'; 1201 $post_captcha = new captcha(false, "post_captcha"); 1202 1203 if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1) 1204 { 1205 // If previewing a post - check their current captcha input - if correct, hide the captcha input area 1206 // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits 1207 if($post_captcha->validate_captcha() == true) 1208 { 1209 $correct = true; 1210 1211 // Generate a hidden list of items for our captcha 1212 $captcha = $post_captcha->build_hidden_captcha(); 1213 } 1214 } 1215 1216 if(!$correct) 1217 { 1218 if($post_captcha->type == captcha::DEFAULT_CAPTCHA) 1219 { 1220 $post_captcha->build_captcha(); 1221 } 1222 elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))) 1223 { 1224 $post_captcha->build_recaptcha(); 1225 } 1226 elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))) 1227 { 1228 $post_captcha->build_hcaptcha(); 1229 } 1230 } 1231 else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))) 1232 { 1233 $post_captcha->build_recaptcha(); 1234 } 1235 else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))) 1236 { 1237 $post_captcha->build_hcaptcha(); 1238 } 1239 1240 if($post_captcha->html) 1241 { 1242 $captcha = $post_captcha->html; 1243 } 1244 } 1245 1246 $reviewmore = ''; 1247 $threadreview = ''; 1248 if($mybb->settings['threadreview'] != 0) 1249 { 1250 if(is_moderator($fid, "canviewunapprove") || $mybb->settings['showownunapproved']) 1251 { 1252 $visibility = "(visible='1' OR visible='0')"; 1253 } 1254 else 1255 { 1256 $visibility = "visible='1'"; 1257 } 1258 $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}"); 1259 $numposts = $db->fetch_field($query, "post_count"); 1260 1261 if($numposts > $mybb->settings['postsperpage']) 1262 { 1263 $numposts = $mybb->settings['postsperpage']; 1264 $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid)); 1265 eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";"); 1266 } 1267 1268 $pidin = array(); 1269 $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline DESC, pid DESC", "limit" => $mybb->settings['postsperpage'])); 1270 while($post = $db->fetch_array($query)) 1271 { 1272 $pidin[] = $post['pid']; 1273 } 1274 1275 if(!empty($pidin)) 1276 { 1277 $pidin = implode(",", $pidin); 1278 1279 // Fetch attachments 1280 $query = $db->simple_select("attachments", "*", "pid IN ($pidin)"); 1281 while($attachment = $db->fetch_array($query)) 1282 { 1283 $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; 1284 } 1285 $query = $db->query(" 1286 SELECT p.*, u.username AS userusername 1287 FROM ".TABLE_PREFIX."posts p 1288 LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid) 1289 WHERE pid IN ($pidin) 1290 ORDER BY dateline DESC, pid DESC 1291 "); 1292 $postsdone = 0; 1293 $altbg = "trow1"; 1294 $reviewbits = ''; 1295 while($post = $db->fetch_array($query)) 1296 { 1297 if($post['userusername']) 1298 { 1299 $post['username'] = $post['userusername']; 1300 } 1301 $reviewpostdate = my_date('relative', $post['dateline']); 1302 $parser_options = array( 1303 "allow_html" => $forum['allowhtml'], 1304 "allow_mycode" => $forum['allowmycode'], 1305 "allow_smilies" => $forum['allowsmilies'], 1306 "allow_imgcode" => $forum['allowimgcode'], 1307 "allow_videocode" => $forum['allowvideocode'], 1308 "me_username" => $post['username'], 1309 "filter_badwords" => 1 1310 ); 1311 if($post['smilieoff'] == 1) 1312 { 1313 $parser_options['allow_smilies'] = 0; 1314 } 1315 1316 if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0) 1317 { 1318 $parser_options['allow_imgcode'] = 0; 1319 } 1320 1321 if($mybb->user['uid'] != 0 && $mybb->user['showvideos'] != 1 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0) 1322 { 1323 $parser_options['allow_videocode'] = 0; 1324 } 1325 1326 $post['username'] = htmlspecialchars_uni($post['username']); 1327 1328 if($post['visible'] != 1) 1329 { 1330 $altbg = "trow_shaded"; 1331 } 1332 1333 $plugins->run_hooks("newreply_threadreview_post"); 1334 1335 $post['message'] = $parser->parse_message($post['message'], $parser_options); 1336 get_post_attachments($post['pid'], $post); 1337 $reviewmessage = $post['message']; 1338 eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";"); 1339 if($altbg == "trow1") 1340 { 1341 $altbg = "trow2"; 1342 } 1343 else 1344 { 1345 $altbg = "trow1"; 1346 } 1347 } 1348 eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";"); 1349 } 1350 } 1351 1352 // Hide signature option if no permission 1353 $signature = ''; 1354 if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature']) 1355 { 1356 eval("\$signature = \"".$templates->get('newreply_signature')."\";"); 1357 } 1358 1359 // Can we disable smilies or are they disabled already? 1360 $disablesmilies = ''; 1361 if($forum['allowsmilies'] != 0) 1362 { 1363 eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";"); 1364 } 1365 1366 $postoptions = ''; 1367 if(!empty($signature) || !empty($disablesmilies)) 1368 { 1369 eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";"); 1370 $bgcolor = "trow2"; 1371 } 1372 else 1373 { 1374 $bgcolor = "trow1"; 1375 } 1376 1377 $modoptions = ''; 1378 // Show the moderator options. 1379 if(is_moderator($fid)) 1380 { 1381 if($mybb->get_input('processed', MyBB::INPUT_INT)) 1382 { 1383 $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 1384 if(!isset($mybb->input['modoptions']['closethread'])) 1385 { 1386 $mybb->input['modoptions']['closethread'] = 0; 1387 } 1388 $closed = (int)$mybb->input['modoptions']['closethread']; 1389 if(!isset($mybb->input['modoptions']['stickthread'])) 1390 { 1391 $mybb->input['modoptions']['stickthread'] = 0; 1392 } 1393 $stuck = (int)$mybb->input['modoptions']['stickthread']; 1394 } 1395 else 1396 { 1397 $closed = $thread['closed']; 1398 $stuck = $thread['sticky']; 1399 } 1400 1401 if($closed) 1402 { 1403 $closecheck = ' checked="checked"'; 1404 } 1405 else 1406 { 1407 $closecheck = ''; 1408 } 1409 1410 if($stuck) 1411 { 1412 $stickycheck = ' checked="checked"'; 1413 } 1414 else 1415 { 1416 $stickycheck = ''; 1417 } 1418 1419 $closeoption = ''; 1420 if(is_moderator($thread['fid'], "canopenclosethreads")) 1421 { 1422 eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";"); 1423 } 1424 1425 $stickoption = ''; 1426 if(is_moderator($thread['fid'], "canstickunstickthreads")) 1427 { 1428 eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";"); 1429 } 1430 1431 if(!empty($closeoption) || !empty($stickoption)) 1432 { 1433 eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";"); 1434 $bgcolor = "trow1"; 1435 } 1436 else 1437 { 1438 $bgcolor = "trow2"; 1439 } 1440 } 1441 else 1442 { 1443 $bgcolor = "trow2"; 1444 } 1445 1446 // Fetch subscription select box 1447 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 1448 1449 $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']); 1450 $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']); 1451 1452 // Do we have any forum rules to show for this forum? 1453 $forumrules = ''; 1454 if($forum['rulestype'] >= 2 && $forum['rules']) 1455 { 1456 if(!$forum['rulestitle']) 1457 { 1458 $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']); 1459 } 1460 1461 if(!$parser) 1462 { 1463 require_once MYBB_ROOT.'inc/class_parser.php'; 1464 $parser = new postParser; 1465 } 1466 1467 $rules_parser = array( 1468 "allow_html" => 1, 1469 "allow_mycode" => 1, 1470 "allow_smilies" => 1, 1471 "allow_imgcode" => 1 1472 ); 1473 1474 $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser); 1475 $foruminfo = $forum; 1476 1477 if($forum['rulestype'] == 3) 1478 { 1479 eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";"); 1480 } 1481 else if($forum['rulestype'] == 2) 1482 { 1483 eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";"); 1484 } 1485 } 1486 1487 $moderation_notice = ''; 1488 if(!is_moderator($forum['fid'], "canapproveunapproveattachs")) 1489 { 1490 if($forumpermissions['modattachments'] == 1 && $forumpermissions['canpostattachments'] != 0) 1491 { 1492 $moderation_text = $lang->moderation_forum_attachments; 1493 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1494 } 1495 } 1496 if(!is_moderator($forum['fid'], "canapproveunapproveposts")) 1497 { 1498 if($forumpermissions['modposts'] == 1) 1499 { 1500 $moderation_text = $lang->moderation_forum_posts; 1501 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1502 } 1503 1504 if($mybb->user['moderateposts'] == 1) 1505 { 1506 $moderation_text = $lang->moderation_user_posts; 1507 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1508 } 1509 } 1510 1511 $php_max_upload_size = get_php_upload_limit(); 1512 $php_max_file_uploads = (int)ini_get('max_file_uploads'); 1513 eval("\$post_javascript = \"".$templates->get("post_javascript")."\";"); 1514 1515 $plugins->run_hooks("newreply_end"); 1516 1517 $forum['name'] = strip_tags($forum['name']); 1518 1519 eval("\$newreply = \"".$templates->get("newreply")."\";"); 1520 output_page($newreply); 1521 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |