[ Index ]

PHP Cross Reference of MyBB 1.8.26

title

Body

[close]

/ -> newreply.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newreply.php');
  13  
  14  $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method";
  15  $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update";
  16  $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick";
  17  $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,post_attachments_viewlink,postbit_attachments_attachment,newreply_signature";
  18  $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_groupimage,postbit_attachments,newreply_postoptions";
  19  $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link";
  21  $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored";
  22  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn";
  23  
  24  require_once  "./global.php";
  25  require_once  MYBB_ROOT."inc/functions_post.php";
  26  require_once  MYBB_ROOT."inc/functions_user.php";
  27  require_once  MYBB_ROOT."inc/class_parser.php";
  28  $parser = new postParser;
  29  
  30  // Load global language phrases
  31  $lang->load("newreply");
  32  
  33  // Get the pid and tid and replyto from the input.
  34  $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
  35  $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT);
  36  
  37  // AJAX quick reply?
  38  if(!empty($mybb->input['ajax']))
  39  {
  40      unset($mybb->input['previewpost']);
  41  }
  42  
  43  // Edit a draft post.
  44  $pid = 0;
  45  $editdraftpid = '';
  46  $mybb->input['action'] = $mybb->get_input('action');
  47  if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT))
  48  {
  49      $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  50      $post = get_post($pid);
  51      if(!$post)
  52      {
  53          error($lang->error_invalidpost);
  54      }
  55      else if($mybb->user['uid'] != $post['uid'])
  56      {
  57          error($lang->error_post_noperms);
  58      }
  59      $pid = (int)$post['pid'];
  60      $tid = (int)$post['tid'];
  61      eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
  62  }
  63  
  64  // Set up $thread and $forum for later use.
  65  $thread = get_thread($tid);
  66  if(!$thread)
  67  {
  68      error($lang->error_invalidthread);
  69  }
  70  $fid = (int)$thread['fid'];
  71  
  72  // Get forum info
  73  $forum = get_forum($fid);
  74  if(!$forum)
  75  {
  76      error($lang->error_invalidforum);
  77  }
  78  
  79  // Make navigation
  80  build_forum_breadcrumb($fid);
  81  $thread_subject = $thread['subject'];
  82  $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
  83  add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
  84  add_breadcrumb($lang->nav_newreply);
  85  
  86  $forumpermissions = forum_permissions($fid);
  87  
  88  // See if everything is valid up to here.
  89  if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid'])))
  90  {
  91      if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid']))
  92      {
  93          error($lang->error_invalidpost);
  94      }
  95  }
  96  if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0)
  97  {
  98      if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid']))
  99      {
 100          error($lang->error_invalidthread);
 101      }
 102  }
 103  if($forum['open'] == 0 || $forum['type'] != "f")
 104  {
 105      error($lang->error_closedinvalidforum);
 106  }
 107  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0)
 108  {
 109      error_no_permission();
 110  }
 111  
 112  if($mybb->user['suspendposting'] == 1)
 113  {
 114      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
 115      if($mybb->user['suspensiontime'])
 116      {
 117          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
 118      }
 119  
 120      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
 121  
 122      error($lang->error_suspendedposting);
 123  }
 124  
 125  if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 126  {
 127      error_no_permission();
 128  }
 129  
 130  if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 131  {
 132      error_no_permission();
 133  }
 134  
 135  // Coming from quick reply and not a preview call? Set subscription method
 136  if($mybb->get_input('method') == "quickreply" && !isset($mybb->input['previewpost']))
 137  {
 138      $mybb->input['postoptions']['subscriptionmethod'] = get_subscription_method($mybb->get_input('tid', MyBB::INPUT_INT));
 139  }
 140  
 141  // Check if this forum is password protected and we have a valid password
 142  check_forum_password($forum['fid']);
 143  
 144  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 145  {
 146      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 147      if($forum['allowsmilies'] != 0)
 148      {
 149          $smilieinserter = build_clickable_smilies();
 150      }
 151  }
 152  
 153  // Display a login box or change user box?
 154  if($mybb->user['uid'] != 0)
 155  {
 156      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 157      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 158  }
 159  else
 160  {
 161      if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply")
 162      {
 163          $username = '';
 164      }
 165      else
 166      {
 167          $username = htmlspecialchars_uni($mybb->get_input('username'));
 168      }
 169      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 170  }
 171  
 172  // Check to see if the thread is closed, and if the user is a mod.
 173  if(!is_moderator($fid, "canpostclosedthreads"))
 174  {
 175      if($thread['closed'] == 1)
 176      {
 177          error($lang->redirect_threadclosed);
 178      }
 179  }
 180  
 181  // No weird actions allowed, show new reply form if no regular action.
 182  if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")
 183  {
 184      $mybb->input['action'] = "newreply";
 185  }
 186  
 187  // Even if we are previewing, still show the new reply form.
 188  if(!empty($mybb->input['previewpost']))
 189  {
 190      $mybb->input['action'] = "newreply";
 191  }
 192  
 193  // Setup a unique posthash for attachment management
 194  if(!$mybb->get_input('posthash') && !$pid)
 195  {
 196      $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());
 197  }
 198  
 199  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 200  {
 201      error($lang->error_empty_post_input);
 202  }
 203  
 204  $errors = array();
 205  $maximageserror = $attacherror = '';
 206  if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newreply" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && $_FILES['attachments'])))
 207  {
 208      // Verify incoming POST request
 209      verify_post_check($mybb->get_input('my_post_key'));
 210  
 211      if($pid)
 212      {
 213          $attachwhere = "pid='{$pid}'";
 214      }
 215      else
 216      {
 217          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 218      }
 219  
 220      require_once  MYBB_ROOT."inc/functions_upload.php";
 221  
 222      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newreply");
 223  
 224      if(!empty($ret['errors']))
 225      {
 226          $errors = $ret['errors'];
 227      }
 228  
 229      // If we were dealing with an attachment but didn't click 'Post Reply' or 'Save as Draft', force the new reply page again.
 230      if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft'))
 231      {
 232          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 233          $mybb->input['action'] = "newreply";
 234      }
 235  }
 236  
 237  detect_attachmentact();
 238  
 239  // Remove an attachment.
 240  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 241  {
 242      // Verify incoming POST request
 243      verify_post_check($mybb->get_input('my_post_key'));
 244  
 245      require_once  MYBB_ROOT."inc/functions_upload.php";
 246      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 247      if(!$mybb->get_input('submit'))
 248      {
 249          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 250          $mybb->input['action'] = "newreply";
 251      }
 252  
 253      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 254      {
 255          header("Content-type: application/json; charset={$lang->settings['charset']}");
 256          echo json_encode(array("success" => true));
 257          exit();
 258      }
 259  }
 260  
 261  $reply_errors = '';
 262  $quoted_ids = array();
 263  $hide_captcha = false;
 264  
 265  // Check the maximum posts per day for this user
 266  if($mybb->usergroup['maxposts'] > 0)
 267  {
 268      $daycut = TIME_NOW-60*60*24;
 269      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}");
 270      $post_count = $db->fetch_field($query, "posts_today");
 271      if($post_count >= $mybb->usergroup['maxposts'])
 272      {
 273          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 274          error($lang->error_maxposts);
 275      }
 276  }
 277  
 278  if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post")
 279  {
 280      // Verify incoming POST request
 281      verify_post_check($mybb->get_input('my_post_key'));
 282  
 283      $plugins->run_hooks("newreply_do_newreply_start");
 284  
 285      // If this isn't a logged in user, then we need to do some special validation.
 286      if($mybb->user['uid'] == 0)
 287      {
 288          // If they didn't specify a username leave blank so $lang->guest can be used on output
 289          if(!$mybb->get_input('username'))
 290          {
 291              $username = '';
 292          }
 293          // Otherwise use the name they specified.
 294          else
 295          {
 296              $username = $mybb->get_input('username');
 297          }
 298          $uid = 0;
 299  
 300  
 301          if($mybb->settings['stopforumspam_on_newreply'])
 302          {
 303              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 304  
 305              $stop_forum_spam_checker = new StopForumSpamChecker(
 306                  $plugins,
 307                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 308                  $mybb->settings['stopforumspam_check_usernames'],
 309                  $mybb->settings['stopforumspam_check_emails'],
 310                  $mybb->settings['stopforumspam_check_ips'],
 311                  $mybb->settings['stopforumspam_log_blocks']
 312              );
 313  
 314              try {
 315                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 316                  {
 317                      error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 318                          $stop_forum_spam_checker->getErrorText(array(
 319                              'stopforumspam_check_usernames',
 320                              'stopforumspam_check_ips'
 321                              ))));
 322                  }
 323              }
 324              catch (Exception $e)
 325              {
 326                  if($mybb->settings['stopforumspam_block_on_error'])
 327                  {
 328                      error($lang->error_stop_forum_spam_fetching);
 329                  }
 330              }
 331          }
 332      }
 333      // This user is logged in.
 334      else
 335      {
 336          $username = $mybb->user['username'];
 337          $uid = $mybb->user['uid'];
 338      }
 339  
 340      // Attempt to see if this post is a duplicate or not
 341      if($uid > 0)
 342      {
 343          $user_check = "p.uid='{$uid}'";
 344      }
 345      else
 346      {
 347          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 348      }
 349      if(!$mybb->get_input('savedraft'))
 350      {
 351          $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible > -1 AND p.dateline>".(TIME_NOW-600));
 352          $duplicate_check = $db->fetch_field($query, "pid");
 353          if($duplicate_check)
 354          {
 355              error($lang->error_post_already_submitted);
 356          }
 357      }
 358  
 359      // Set up posthandler.
 360      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 361      $posthandler = new PostDataHandler("insert");
 362  
 363      // Set the post data that came from the input to the $post array.
 364      $post = array(
 365          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 366          "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 367          "fid" => $thread['fid'],
 368          "subject" => $mybb->get_input('subject'),
 369          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 370          "uid" => $uid,
 371          "username" => $username,
 372          "message" => $mybb->get_input('message'),
 373          "ipaddress" => $session->packedip,
 374          "posthash" => $mybb->get_input('posthash')
 375      );
 376  
 377      if(isset($mybb->input['pid']))
 378      {
 379          $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 380      }
 381  
 382      // Are we saving a draft post?
 383      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 384      {
 385          $post['savedraft'] = 1;
 386      }
 387      else
 388      {
 389          $post['savedraft'] = 0;
 390      }
 391  
 392      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 393      if(!isset($postoptions['signature']))
 394      {
 395          $postoptions['signature'] = 0;
 396      }
 397      if(!isset($postoptions['subscriptionmethod']))
 398      {
 399          $postoptions['subscriptionmethod'] = 0;
 400      }
 401      if(!isset($postoptions['disablesmilies']))
 402      {
 403          $postoptions['disablesmilies'] = 0;
 404      }
 405  
 406      // Set up the post options from the input.
 407      $post['options'] = array(
 408          "signature" => $postoptions['signature'],
 409          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 410          "disablesmilies" => $postoptions['disablesmilies']
 411      );
 412  
 413      // Apply moderation options if we have them
 414      $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 415  
 416      $posthandler->set_data($post);
 417  
 418      // Now let the post handler do all the hard work.
 419      $valid_post = $posthandler->validate_post();
 420  
 421      $post_errors = array();
 422      // Fetch friendly error messages if this is an invalid post
 423      if(!$valid_post)
 424      {
 425          $post_errors = $posthandler->get_friendly_errors();
 426      }
 427  
 428      // Mark thread as read
 429      require_once  MYBB_ROOT."inc/functions_indicators.php";
 430      mark_thread_read($tid, $fid);
 431  
 432      // Check captcha image
 433      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 434      {
 435          require_once  MYBB_ROOT.'inc/class_captcha.php';
 436          $post_captcha = new captcha(false, "post_captcha");
 437  
 438          if($post_captcha->validate_captcha() == false)
 439          {
 440              // CAPTCHA validation failed
 441              foreach($post_captcha->get_errors() as $error)
 442              {
 443                  $post_errors[] = $error;
 444              }
 445          }
 446          else
 447          {
 448              $hide_captcha = true;
 449          }
 450  
 451          if($mybb->get_input('ajax', MyBB::INPUT_INT) && $post_captcha->type == 1)
 452          {
 453              $randomstr = random_str(5);
 454              $imagehash = md5(random_str(12));
 455  
 456              $imagearray = array(
 457                  "imagehash" => $imagehash,
 458                  "imagestring" => $randomstr,
 459                  "dateline" => TIME_NOW
 460              );
 461  
 462              $db->insert_query("captcha", $imagearray);
 463  
 464              //header("Content-type: text/html; charset={$lang->settings['charset']}");
 465              $data = '';
 466              $data .= "<captcha>$imagehash";
 467  
 468              if($hide_captcha)
 469              {
 470                  $data .= "|$randomstr";
 471              }
 472  
 473              $data .= "</captcha>";
 474  
 475              //header("Content-type: application/json; charset={$lang->settings['charset']}");
 476              $json_data = array("data" => $data);
 477          }
 478      }
 479  
 480      // One or more errors returned, fetch error list and throw to newreply page
 481      if(count($post_errors) > 0)
 482      {
 483          $reply_errors = inline_error($post_errors, '', $json_data);
 484          $mybb->input['action'] = "newreply";
 485      }
 486      else
 487      {
 488          $postinfo = $posthandler->insert_post();
 489          $pid = $postinfo['pid'];
 490          $visible = $postinfo['visible'];
 491          $closed = $postinfo['closed'];
 492  
 493          // Invalidate solved captcha
 494          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 495          {
 496              $post_captcha->invalidate_captcha();
 497          }
 498  
 499          $force_redirect = false;
 500  
 501          // Deciding the fate
 502          if($visible == -2)
 503          {
 504              // Draft post
 505              $lang->redirect_newreply = $lang->draft_saved;
 506              $url = "usercp.php?action=drafts";
 507          }
 508          elseif($visible == 1)
 509          {
 510              // Visible post
 511              $lang->redirect_newreply .= $lang->redirect_newreply_post;
 512              $url = get_post_link($pid, $tid)."#pid{$pid}";
 513          }
 514          else
 515          {
 516              // Moderated post
 517              $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;
 518              $url = get_thread_link($tid);
 519  
 520              // User must see moderation notice, regardless of redirect settings
 521              $force_redirect = true;
 522          }
 523  
 524          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 525          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 526          {
 527              // We quoted all posts - remove the entire cookie
 528              if($mybb->get_input('quoted_ids') == "all")
 529              {
 530                  my_unsetcookie("multiquote");
 531              }
 532              // Only quoted a few - attempt to remove them from the cookie
 533              else
 534              {
 535                  $quoted_ids = explode("|", $mybb->get_input('quoted_ids'));
 536                  $multiquote = explode("|", $mybb->cookies['multiquote']);
 537                  if(is_array($multiquote) && is_array($quoted_ids))
 538                  {
 539                      foreach($multiquote as $key => $quoteid)
 540                      {
 541                          // If this ID was quoted, remove it from the multiquote list
 542                          if(in_array($quoteid, $quoted_ids))
 543                          {
 544                              unset($multiquote[$key]);
 545                          }
 546                      }
 547                      // Still have an array - set the new cookie
 548                      if(is_array($multiquote))
 549                      {
 550                          $new_multiquote = implode(",", $multiquote);
 551                          my_setcookie("multiquote", $new_multiquote);
 552                      }
 553                      // Otherwise, unset it
 554                      else
 555                      {
 556                          my_unsetcookie("multiquote");
 557                      }
 558                  }
 559              }
 560          }
 561  
 562          $plugins->run_hooks("newreply_do_newreply_end");
 563  
 564          // This was a post made via the ajax quick reply - we need to do some special things here
 565          if($mybb->get_input('ajax', MyBB::INPUT_INT))
 566          {
 567              // Visible post
 568              if($visible == 1)
 569              {
 570                  // Set post counter
 571                  $postcounter = $thread['replies'] + 1;
 572  
 573                  if(is_moderator($fid, "canviewunapprove"))
 574                  {
 575                      $postcounter += $thread['unapprovedposts'];
 576                  }
 577                  if(is_moderator($fid, "canviewdeleted"))
 578                  {
 579                      $postcounter += $thread['deletedposts'];
 580                  }
 581  
 582                  // Was there a new post since we hit the quick reply button?
 583                  if($mybb->get_input('lastpid', MyBB::INPUT_INT))
 584                  {
 585                      $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc"));
 586                      $new_post = $db->fetch_array($query);
 587                      if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT))
 588                      {
 589                          redirect(get_thread_link($tid, 0, "lastpost"));
 590                      }
 591                  }
 592  
 593                  if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 594                  {
 595                      $mybb->settings['postsperpage'] = 20;
 596                  }
 597  
 598                  // Lets see if this post is on the same page as the one we're viewing or not
 599                  // if it isn't, redirect us
 600                  if($perpage > 0 && (($postcounter) % $perpage) == 0)
 601                  {
 602                      $post_page = ($postcounter) / $mybb->settings['postsperpage'];
 603                  }
 604                  else
 605                  {
 606                      $post_page = (int)($postcounter / $mybb->settings['postsperpage']) + 1;
 607                  }
 608  
 609                  if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT))
 610                  {
 611                      redirect(get_thread_link($tid, 0, "lastpost"));
 612                      exit;
 613                  }
 614  
 615                  // Return the post HTML and display it inline
 616                  $query = $db->query("
 617                      SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername
 618                      FROM ".TABLE_PREFIX."posts p
 619                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 620                      LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 621                      LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid)
 622                      WHERE p.pid='{$pid}'
 623                  ");
 624                  $post = $db->fetch_array($query);
 625  
 626                  // Now lets fetch all of the attachments for this post
 627                  $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
 628                  while($attachment = $db->fetch_array($query))
 629                  {
 630                      $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
 631                  }
 632  
 633                  // Establish altbg - may seem like this is backwards, but build_postbit reverses it
 634                  if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0)
 635                  {
 636                      $altbg = "trow1";
 637                  }
 638                  else
 639                  {
 640                      $altbg = "trow2";
 641                  }
 642  
 643                  $charset = "UTF-8";
 644                  if($lang->settings['charset'])
 645                  {
 646                      $charset = $lang->settings['charset'];
 647                  }
 648  
 649                  require_once  MYBB_ROOT."inc/functions_post.php";
 650                  $pid = $post['pid'];
 651                  $post = build_postbit($post);
 652  
 653                  $data = '';
 654                  $data .= $post;
 655  
 656                  // Build a new posthash incase the user wishes to quick reply again
 657                  $new_posthash = md5($mybb->user['uid'].random_str());
 658                  $data .= "<script type=\"text/javascript\">\n";
 659                  $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
 660                  $data .= "if(typeof(inlineModeration) != 'undefined') {
 661                      $('#inlinemod_{$pid}').on(\"click\", function(e) {
 662                          inlineModeration.checkItem();
 663                      });
 664                  }\n";
 665  
 666                  if($closed == 1)
 667                  {
 668                      $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n";
 669                  }
 670                  else
 671                  {
 672                      $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n";
 673                  }
 674  
 675                  $data .= "</script>\n";
 676  
 677                  header("Content-type: application/json; charset={$lang->settings['charset']}");
 678                  echo json_encode(array("data" => $data));
 679  
 680                  exit;
 681              }
 682              // Post is in the moderation queue
 683              else
 684              {
 685                  redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true);
 686                  exit;
 687              }
 688          }
 689          else
 690          {
 691              $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 692              redirect($url, $lang->redirect_newreply, "", $force_redirect);
 693              exit;
 694          }
 695      }
 696  }
 697  
 698  // Show the newreply form.
 699  if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft")
 700  {
 701      $plugins->run_hooks("newreply_start");
 702  
 703      $quote_ids = $multiquote_external = '';
 704      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 705      if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment'))
 706      {
 707          $message = '';
 708          $quoted_posts = array();
 709          // Handle multiquote
 710          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 711          {
 712              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 713              foreach($multiquoted as $post)
 714              {
 715                  $quoted_posts[$post] = (int)$post;
 716              }
 717          }
 718          // Handle incoming 'quote' button
 719          if($replyto)
 720          {
 721              $quoted_posts[$replyto] = $replyto;
 722          }
 723  
 724          // Quoting more than one post - fetch them
 725          if(count($quoted_posts) > 0)
 726          {
 727              $external_quotes = 0;
 728              $quoted_posts = implode(",", $quoted_posts);
 729              $unviewable_forums = get_unviewable_forums();
 730              $inactiveforums = get_inactive_forums();
 731              if($unviewable_forums)
 732              {
 733                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 734              }
 735              if($inactiveforums)
 736              {
 737                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 738              }
 739  
 740              // Check group permissions if we can't view threads not started by us
 741              $group_permissions = forum_permissions();
 742              $onlyusfids = array();
 743              $onlyusforums = '';
 744              foreach($group_permissions as $gpfid => $forum_permissions)
 745              {
 746                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 747                  {
 748                      $onlyusfids[] = $gpfid;
 749                  }
 750              }
 751              if(!empty($onlyusfids))
 752              {
 753                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 754              }
 755  
 756              if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 757              {
 758                  $visible_where = "AND p.visible IN (-1,0,1)";
 759              }
 760              elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted'))
 761              {
 762                  $visible_where = "AND p.visible IN (0,1)";
 763              }
 764              elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 765              {
 766                  $visible_where = "AND p.visible IN (-1,1)";
 767              }
 768              else
 769              {
 770                  $visible_where = "AND p.visible=1";
 771              }
 772  
 773              require_once  MYBB_ROOT."inc/functions_posting.php";
 774              $query = $db->query("
 775                  SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 776                  FROM ".TABLE_PREFIX."posts p
 777                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 778                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 779                  WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 780              ");
 781              $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT);
 782              while($quoted_post = $db->fetch_array($query))
 783              {
 784                  // Only show messages for the current thread
 785                  if($quoted_post['tid'] == $tid || $load_all == 1)
 786                  {
 787                      // If this post was the post for which a quote button was clicked, set the subject
 788                      if($replyto == $quoted_post['pid'])
 789                      {
 790                          $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']);
 791                          // Subject too long? Shorten it to avoid error message
 792                          if(my_strlen($subject) > 85)
 793                          {
 794                              $subject = my_substr($subject, 0, 82).'...';
 795                          }
 796                          $subject = "RE: ".$subject;
 797                      }
 798                      $message .= parse_quoted_message($quoted_post);
 799                      $quoted_ids[] = $quoted_post['pid'];
 800                  }
 801                  // Count the rest
 802                  else
 803                  {
 804                      ++$external_quotes;
 805                  }
 806              }
 807              if($mybb->settings['maxquotedepth'] != '0')
 808              {
 809                  $message = remove_message_quotes($message);
 810              }
 811              if($external_quotes > 0)
 812              {
 813                  if($external_quotes == 1)
 814                  {
 815                      $multiquote_text = $lang->multiquote_external_one;
 816                      $multiquote_deselect = $lang->multiquote_external_one_deselect;
 817                      $multiquote_quote = $lang->multiquote_external_one_quote;
 818                  }
 819                  else
 820                  {
 821                      $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 822                      $multiquote_deselect = $lang->multiquote_external_deselect;
 823                      $multiquote_quote = $lang->multiquote_external_quote;
 824                  }
 825                  eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";");
 826              }
 827              if(is_array($quoted_ids) && count($quoted_ids) > 0)
 828              {
 829                  $quoted_ids = implode("|", $quoted_ids);
 830              }
 831          }
 832      }
 833  
 834      if(isset($mybb->input['quoted_ids']))
 835      {
 836          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids', MyBB::INPUT_INT));
 837      }
 838  
 839      if(isset($mybb->input['previewpost']))
 840      {
 841          $previewmessage = $mybb->get_input('message');
 842      }
 843      if(empty($message))
 844      {
 845          $message = $mybb->get_input('message');
 846      }
 847      $message = htmlspecialchars_uni($message);
 848  
 849      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 850      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 851  
 852      // Set up the post options.
 853      if(!empty($mybb->input['previewpost']) || $reply_errors != '')
 854      {
 855          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 856  
 857          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 858          {
 859              $postoptionschecked['signature'] = " checked=\"checked\"";
 860          }
 861          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 862          {
 863              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 864          }
 865          $subscription_method = get_subscription_method($tid, $postoptions);
 866          $subject = $mybb->input['subject'];
 867      }
 868      elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 869      {
 870          $message = htmlspecialchars_uni($post['message']);
 871          $subject = $post['subject'];
 872          if($post['includesig'] != 0)
 873          {
 874              $postoptionschecked['signature'] = " checked=\"checked\"";
 875          }
 876          if($post['smilieoff'] == 1)
 877          {
 878              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 879          }
 880          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 881          $mybb->input['icon'] = $post['icon'];
 882      }
 883      else
 884      {
 885          if($mybb->user['signature'] != '')
 886          {
 887              $postoptionschecked['signature'] = " checked=\"checked\"";
 888          }
 889          $subscription_method = get_subscription_method($tid);
 890      }
 891      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 892  
 893      if($forum['allowpicons'] != 0)
 894      {
 895          $posticons = get_post_icons();
 896      }
 897  
 898      // No subject?
 899      if(!isset($subject))
 900      {
 901          if(!empty($mybb->input['subject']))
 902          {
 903              $subject = $mybb->get_input('subject');
 904          }
 905          else
 906          {
 907              $subject = $thread_subject;
 908              // Subject too long? Shorten it to avoid error message
 909              if(my_strlen($subject) > 85)
 910              {
 911                  $subject = my_substr($subject, 0, 82).'...';
 912              }
 913              $subject = "RE: ".$subject;
 914          }
 915      }
 916  
 917      // Preview a post that was written.
 918      $preview = '';
 919      if(!empty($mybb->input['previewpost']))
 920      {
 921          // If this isn't a logged in user, then we need to do some special validation.
 922          if($mybb->user['uid'] == 0)
 923          {
 924              // If they didn't specify a username leave blank so $lang->guest can be used on output
 925              if(!$mybb->get_input('username'))
 926              {
 927                  $username = '';
 928              }
 929              // Otherwise use the name they specified.
 930              else
 931              {
 932                  $username = $mybb->get_input('username');
 933              }
 934              $uid = 0;
 935          }
 936          // This user is logged in.
 937          else
 938          {
 939              $username = $mybb->user['username'];
 940              $uid = $mybb->user['uid'];
 941          }
 942  
 943          // Set up posthandler.
 944          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 945          $posthandler = new PostDataHandler("insert");
 946          $posthandler->action = "post";
 947  
 948          // Set the post data that came from the input to the $post array.
 949          $post = array(
 950              "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 951              "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 952              "fid" => $thread['fid'],
 953              "subject" => $mybb->get_input('subject'),
 954              "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 955              "uid" => $uid,
 956              "username" => $username,
 957              "message" => $mybb->get_input('message'),
 958              "ipaddress" => $session->packedip,
 959              "posthash" => $mybb->get_input('posthash')
 960          );
 961  
 962          if(isset($mybb->input['pid']))
 963          {
 964              $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 965          }
 966  
 967          $posthandler->set_data($post);
 968  
 969          // Now let the post handler do all the hard work.
 970          $valid_post = $posthandler->verify_message();
 971          $valid_subject = $posthandler->verify_subject();
 972  
 973          // guest post --> verify author
 974          if($post['uid'] == 0)
 975          {
 976              $valid_username = $posthandler->verify_author();
 977          }
 978          else
 979          {
 980              $valid_username = true;
 981          }
 982  
 983          $post_errors = array();
 984          // Fetch friendly error messages if this is an invalid post
 985          if(!$valid_post || !$valid_subject || !$valid_username)
 986          {
 987              $post_errors = $posthandler->get_friendly_errors();
 988          }
 989  
 990          // One or more errors returned, fetch error list and throw to newreply page
 991          if(count($post_errors) > 0)
 992          {
 993              $reply_errors = inline_error($post_errors);
 994          }
 995          else
 996          {
 997              $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids'));
 998              $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 999              $query = $db->query("
1000                  SELECT u.*, f.*
1001                  FROM ".TABLE_PREFIX."users u
1002                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
1003                  WHERE u.uid='".$mybb->user['uid']."'
1004              ");
1005              $post = $db->fetch_array($query);
1006              $post['username'] = $username;
1007              if($mybb->user['uid'])
1008              {
1009                  $post['userusername'] = $mybb->user['username'];
1010              }
1011              $post['message'] = $previewmessage;
1012              $post['subject'] = $subject;
1013              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1014              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
1015              if(isset($mybb->input['postoptions']['disablesmilies']))
1016              {
1017                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
1018              }
1019              $post['dateline'] = TIME_NOW;
1020              if(isset($mybb->input['postoptions']['signature']))
1021              {
1022                  $post['includesig'] = $mybb->input['postoptions']['signature'];
1023              }
1024              if(!isset($post['includesig']) || $post['includesig'] != 1)
1025              {
1026                  $post['includesig'] = 0;
1027              }
1028  
1029              // Fetch attachments assigned to this post.
1030              if($mybb->get_input('pid', MyBB::INPUT_INT))
1031              {
1032                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
1033              }
1034              else
1035              {
1036                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
1037              }
1038  
1039              $query = $db->simple_select("attachments", "*", $attachwhere);
1040              while($attachment = $db->fetch_array($query))
1041              {
1042                  $attachcache[0][$attachment['aid']] = $attachment;
1043              }
1044  
1045              $postbit = build_postbit($post, 1);
1046              eval("\$preview = \"".$templates->get("previewpost")."\";");
1047          }
1048      }
1049  
1050      $subject = htmlspecialchars_uni($parser->parse_badwords($subject));
1051  
1052      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
1053  
1054      // Do we have attachment errors?
1055      if(count($errors) > 0)
1056      {
1057          $reply_errors = inline_error($errors);
1058      }
1059  
1060      // Get a listing of the current attachments.
1061      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
1062      {
1063          $attachcount = 0;
1064          if($pid)
1065          {
1066              $attachwhere = "pid='$pid'";
1067          }
1068          else
1069          {
1070              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
1071          }
1072          $attachments = '';
1073          $query = $db->simple_select("attachments", "*", $attachwhere);
1074          while($attachment = $db->fetch_array($query))
1075          {
1076              $attachment['size'] = get_friendly_size($attachment['filesize']);
1077              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
1078              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
1079  
1080              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
1081              {
1082                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
1083              }
1084  
1085              $attach_mod_options = '';
1086              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
1087  
1088              if($attachment['visible'] != 1)
1089              {
1090                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
1091              }
1092              else
1093              {
1094                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
1095              }
1096              $attachcount++;
1097          }
1098  
1099          $noshowattach = '';
1100          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
1101          $usage = $db->fetch_array($query);
1102  
1103          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
1104          {
1105              $noshowattach = 1;
1106          }
1107  
1108          if($mybb->usergroup['attachquota'] == 0)
1109          {
1110              $friendlyquota = $lang->unlimited;
1111          }
1112          else
1113          {
1114              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
1115          }
1116  
1117          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
1118          if($usage['ausage'] !== NULL)
1119          {
1120              $friendlyusage = get_friendly_size($usage['ausage']);
1121              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
1122              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
1123          }
1124          else
1125          {
1126              $lang->attach_usage = "";
1127          }
1128          
1129          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
1130          {
1131              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1132          }
1133  
1134          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1135          {
1136              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1137          }
1138  
1139          if($attach_add_options || $attach_update_options)
1140          {
1141              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1142          }
1143  
1144          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1145      }
1146  
1147      // If the user is logged in, provide a save draft button.
1148      if($mybb->user['uid'])
1149      {
1150          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1151      }
1152  
1153      // Show captcha image for guests if enabled
1154      $captcha = '';
1155      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1156      {
1157          $correct = false;
1158          require_once  MYBB_ROOT.'inc/class_captcha.php';
1159          $post_captcha = new captcha(false, "post_captcha");
1160  
1161          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1162          {
1163              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1164              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1165              if($post_captcha->validate_captcha() == true)
1166              {
1167                  $correct = true;
1168  
1169                  // Generate a hidden list of items for our captcha
1170                  $captcha = $post_captcha->build_hidden_captcha();
1171              }
1172          }
1173  
1174          if(!$correct)
1175          {
1176              if($post_captcha->type == 1)
1177              {
1178                  $post_captcha->build_captcha();
1179              }
1180              elseif(in_array($post_captcha->type, array(4, 5, 8)))
1181              {
1182                  $post_captcha->build_recaptcha();
1183              }
1184              elseif(in_array($post_captcha->type, array(6, 7)))
1185              {
1186                  $post_captcha->build_hcaptcha();
1187              }
1188          }
1189          else if($correct && (in_array($post_captcha->type, array(4, 5, 8))))
1190          {
1191              $post_captcha->build_recaptcha();
1192          }
1193          else if($correct && (in_array($post_captcha->type, array(6, 7))))
1194          {
1195              $post_captcha->build_hcaptcha();
1196          }
1197  
1198          if($post_captcha->html)
1199          {
1200              $captcha = $post_captcha->html;
1201          }
1202      }
1203  
1204      $reviewmore = '';
1205      if($mybb->settings['threadreview'] != 0)
1206      {
1207          if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1208          {
1209              $mybb->settings['postsperpage'] = 20;
1210          }
1211  
1212          if(is_moderator($fid, "canviewunapprove") || $mybb->settings['showownunapproved'])
1213          {
1214              $visibility = "(visible='1' OR visible='0')";
1215          }
1216          else
1217          {
1218              $visibility = "visible='1'";
1219          }
1220          $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}");
1221          $numposts = $db->fetch_field($query, "post_count");
1222  
1223          if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1224          {
1225              $mybb->settings['postsperpage'] = 20;
1226          }
1227  
1228          if($numposts > $mybb->settings['postsperpage'])
1229          {
1230              $numposts = $mybb->settings['postsperpage'];
1231              $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid));
1232              eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";");
1233          }
1234  
1235          $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline", "order_dir" => "desc", "limit" => $mybb->settings['postsperpage']));
1236          while($post = $db->fetch_array($query))
1237          {
1238              $pidin[] = $post['pid'];
1239          }
1240  
1241          $pidin = implode(",", $pidin);
1242  
1243          // Fetch attachments
1244          $query = $db->simple_select("attachments", "*", "pid IN ($pidin)");
1245          while($attachment = $db->fetch_array($query))
1246          {
1247              $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
1248          }
1249          $query = $db->query("
1250              SELECT p.*, u.username AS userusername
1251              FROM ".TABLE_PREFIX."posts p
1252              LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
1253              WHERE pid IN ($pidin)
1254              ORDER BY dateline DESC
1255          ");
1256          $postsdone = 0;
1257          $altbg = "trow1";
1258          $reviewbits = '';
1259          while($post = $db->fetch_array($query))
1260          {
1261              if($post['userusername'])
1262              {
1263                  $post['username'] = $post['userusername'];
1264              }
1265              $reviewpostdate = my_date('relative', $post['dateline']);
1266              $parser_options = array(
1267                  "allow_html" => $forum['allowhtml'],
1268                  "allow_mycode" => $forum['allowmycode'],
1269                  "allow_smilies" => $forum['allowsmilies'],
1270                  "allow_imgcode" => $forum['allowimgcode'],
1271                  "allow_videocode" => $forum['allowvideocode'],
1272                  "me_username" => $post['username'],
1273                  "filter_badwords" => 1
1274              );
1275              if($post['smilieoff'] == 1)
1276              {
1277                  $parser_options['allow_smilies'] = 0;
1278              }
1279  
1280              if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
1281              {
1282                  $parser_options['allow_imgcode'] = 0;
1283              }
1284  
1285              if($mybb->user['showvideos'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0)
1286              {
1287                  $parser_options['allow_videocode'] = 0;
1288              }
1289  
1290              $post['username'] = htmlspecialchars_uni($post['username']);
1291  
1292              if($post['visible'] != 1)
1293              {
1294                  $altbg = "trow_shaded";
1295              }
1296  
1297              $plugins->run_hooks("newreply_threadreview_post");
1298  
1299              $post['message'] = $parser->parse_message($post['message'], $parser_options);
1300              get_post_attachments($post['pid'], $post);
1301              $reviewmessage = $post['message'];
1302              eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";");
1303              if($altbg == "trow1")
1304              {
1305                  $altbg = "trow2";
1306              }
1307              else
1308              {
1309                  $altbg = "trow1";
1310              }
1311          }
1312          eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";");
1313      }
1314  
1315      // Hide signature option if no permission
1316      $signature = '';
1317      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
1318      {
1319          eval("\$signature = \"".$templates->get('newreply_signature')."\";");
1320      }
1321  
1322      // Can we disable smilies or are they disabled already?
1323      $disablesmilies = '';
1324      if($forum['allowsmilies'] != 0)
1325      {
1326          eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";");
1327      }
1328  
1329      $postoptions = '';
1330      if(!empty($signature) || !empty($disablesmilies))
1331      {
1332          eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";");
1333          $bgcolor = "trow2";
1334      }
1335      else
1336      {
1337          $bgcolor = "trow1";
1338      }
1339  
1340      $modoptions = '';
1341      // Show the moderator options.
1342      if(is_moderator($fid))
1343      {
1344          if($mybb->get_input('processed', MyBB::INPUT_INT))
1345          {
1346              $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
1347              if(!isset($mybb->input['modoptions']['closethread']))
1348              {
1349                  $mybb->input['modoptions']['closethread'] = 0;
1350              }
1351              $closed = (int)$mybb->input['modoptions']['closethread'];
1352              if(!isset($mybb->input['modoptions']['stickthread']))
1353              {
1354                  $mybb->input['modoptions']['stickthread'] = 0;
1355              }
1356              $stuck = (int)$mybb->input['modoptions']['stickthread'];
1357          }
1358          else
1359          {
1360              $closed = $thread['closed'];
1361              $stuck = $thread['sticky'];
1362          }
1363  
1364          if($closed)
1365          {
1366              $closecheck = ' checked="checked"';
1367          }
1368          else
1369          {
1370              $closecheck = '';
1371          }
1372  
1373          if($stuck)
1374          {
1375              $stickycheck = ' checked="checked"';
1376          }
1377          else
1378          {
1379              $stickycheck = '';
1380          }
1381  
1382          $closeoption = '';
1383          if(is_moderator($thread['fid'], "canopenclosethreads"))
1384          {
1385              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
1386          }
1387  
1388          $stickoption = '';
1389          if(is_moderator($thread['fid'], "canstickunstickthreads"))
1390          {
1391              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
1392          }
1393  
1394          if(!empty($closeoption) || !empty($stickoption))
1395          {
1396              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
1397              $bgcolor = "trow1";
1398          }
1399          else
1400          {
1401              $bgcolor = "trow2";
1402          }
1403      }
1404      else
1405      {
1406          $bgcolor = "trow2";
1407      }
1408  
1409      // Fetch subscription select box
1410      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
1411  
1412      $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']);
1413      $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']);
1414  
1415      // Do we have any forum rules to show for this forum?
1416      $forumrules = '';
1417      if($forum['rulestype'] >= 2 && $forum['rules'])
1418      {
1419          if(!$forum['rulestitle'])
1420          {
1421              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1422          }
1423  
1424          if(!$parser)
1425          {
1426              require_once  MYBB_ROOT.'inc/class_parser.php';
1427              $parser = new postParser;
1428          }
1429  
1430          $rules_parser = array(
1431              "allow_html" => 1,
1432              "allow_mycode" => 1,
1433              "allow_smilies" => 1,
1434              "allow_imgcode" => 1
1435          );
1436  
1437          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1438          $foruminfo = $forum;
1439  
1440          if($forum['rulestype'] == 3)
1441          {
1442              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1443          }
1444          else if($forum['rulestype'] == 2)
1445          {
1446              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1447          }
1448      }
1449  
1450      $moderation_notice = '';
1451      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1452      {
1453          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1454          {
1455              $moderation_text = $lang->moderation_forum_attachments;
1456              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1457          }
1458      }
1459      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1460      {
1461          if($forumpermissions['modposts'] == 1)
1462          {
1463              $moderation_text = $lang->moderation_forum_posts;
1464              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1465          }
1466  
1467          if($mybb->user['moderateposts'] == 1)
1468          {
1469              $moderation_text = $lang->moderation_user_posts;
1470              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1471          }
1472      }
1473  
1474      $php_max_upload_filesize = return_bytes(ini_get('max_upload_filesize'));
1475      $php_post_max_size = return_bytes(ini_get('post_max_size'));
1476  
1477      if ($php_max_upload_filesize != 0 && $php_post_max_size != 0)
1478      {
1479          $php_max_upload_size = min($php_max_upload_filesize, $php_post_max_size);
1480      }
1481      else
1482      {
1483          $php_max_upload_size = max($php_max_upload_filesize, $php_post_max_size);
1484      }
1485  
1486      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1487      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1488  
1489      $plugins->run_hooks("newreply_end");
1490  
1491      $forum['name'] = strip_tags($forum['name']);
1492  
1493      eval("\$newreply = \"".$templates->get("newreply")."\";");
1494      output_page($newreply);
1495  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref