[ Index ]

PHP Cross Reference of MyBB 1.8.39

title

Body

[close]

/ -> newreply.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newreply.php');
  13  
  14  $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method";
  15  $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update";
  16  $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick";
  17  $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,post_attachments_viewlink,postbit_attachments_attachment,newreply_signature";
  18  $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_groupimage,postbit_attachments,newreply_postoptions";
  19  $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link";
  21  $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored";
  22  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn";
  23  
  24  require_once  "./global.php";
  25  require_once  MYBB_ROOT."inc/functions_post.php";
  26  require_once  MYBB_ROOT."inc/functions_user.php";
  27  require_once  MYBB_ROOT."inc/functions_upload.php";
  28  require_once  MYBB_ROOT."inc/class_parser.php";
  29  $parser = new postParser;
  30  
  31  // Load global language phrases
  32  $lang->load("newreply");
  33  
  34  // Get the pid and tid and replyto from the input.
  35  $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
  36  $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT);
  37  
  38  // AJAX quick reply?
  39  if(!empty($mybb->input['ajax']))
  40  {
  41      unset($mybb->input['previewpost']);
  42  }
  43  
  44  // Edit a draft post.
  45  $pid = 0;
  46  $editdraftpid = '';
  47  $mybb->input['action'] = $mybb->get_input('action');
  48  if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT))
  49  {
  50      $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  51      $post = get_post($pid);
  52      if(!$post)
  53      {
  54          error($lang->error_invalidpost);
  55      }
  56      else if($mybb->user['uid'] != $post['uid'])
  57      {
  58          error($lang->error_post_noperms);
  59      }
  60      $pid = (int)$post['pid'];
  61      $tid = (int)$post['tid'];
  62      eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
  63  }
  64  
  65  // Set up $thread and $forum for later use.
  66  $thread = get_thread($tid);
  67  if(!$thread)
  68  {
  69      error($lang->error_invalidthread);
  70  }
  71  $fid = (int)$thread['fid'];
  72  
  73  // Get forum info
  74  $forum = get_forum($fid);
  75  if(!$forum)
  76  {
  77      error($lang->error_invalidforum);
  78  }
  79  
  80  // Make navigation
  81  build_forum_breadcrumb($fid);
  82  $thread_subject = $thread['subject'];
  83  $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
  84  add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
  85  add_breadcrumb($lang->nav_newreply);
  86  
  87  $forumpermissions = forum_permissions($fid);
  88  
  89  // See if everything is valid up to here.
  90  if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid'])))
  91  {
  92      if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid']))
  93      {
  94          error($lang->error_invalidpost);
  95      }
  96  }
  97  if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0)
  98  {
  99      if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid']))
 100      {
 101          error($lang->error_invalidthread);
 102      }
 103  }
 104  if($forum['open'] == 0 || $forum['type'] != "f")
 105  {
 106      error($lang->error_closedinvalidforum);
 107  }
 108  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0)
 109  {
 110      error_no_permission();
 111  }
 112  
 113  if($mybb->user['suspendposting'] == 1)
 114  {
 115      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
 116      if($mybb->user['suspensiontime'])
 117      {
 118          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
 119      }
 120  
 121      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
 122  
 123      error($lang->error_suspendedposting);
 124  }
 125  
 126  if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 127  {
 128      error_no_permission();
 129  }
 130  
 131  if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 132  {
 133      error_no_permission();
 134  }
 135  
 136  // Coming from quick reply and not a preview call? Set subscription method
 137  if($mybb->get_input('method') == "quickreply" && !isset($mybb->input['previewpost']))
 138  {
 139      $mybb->input['postoptions']['subscriptionmethod'] = get_subscription_method($mybb->get_input('tid', MyBB::INPUT_INT));
 140  }
 141  
 142  // Check if this forum is password protected and we have a valid password
 143  check_forum_password($forum['fid']);
 144  
 145  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 146  {
 147      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 148      if($forum['allowsmilies'] != 0)
 149      {
 150          $smilieinserter = build_clickable_smilies();
 151      }
 152  }
 153  
 154  // Display a login box or change user box?
 155  if($mybb->user['uid'] != 0)
 156  {
 157      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 158      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 159  }
 160  else
 161  {
 162      if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply")
 163      {
 164          $username = '';
 165      }
 166      else
 167      {
 168          $username = htmlspecialchars_uni($mybb->get_input('username'));
 169      }
 170      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 171  }
 172  
 173  // Check to see if the thread is closed, and if the user is a mod.
 174  if(!is_moderator($fid, "canpostclosedthreads"))
 175  {
 176      if($thread['closed'] == 1)
 177      {
 178          error($lang->redirect_threadclosed);
 179      }
 180  }
 181  
 182  // No weird actions allowed, show new reply form if no regular action.
 183  if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")
 184  {
 185      $mybb->input['action'] = "newreply";
 186  }
 187  
 188  // Even if we are previewing, still show the new reply form.
 189  if(!empty($mybb->input['previewpost']))
 190  {
 191      $mybb->input['action'] = "newreply";
 192  }
 193  
 194  // Setup a unique posthash for attachment management
 195  if(!$mybb->get_input('posthash') && !$pid)
 196  {
 197      $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());
 198  }
 199  
 200  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 201  {
 202      error($lang->error_empty_post_input);
 203  }
 204  
 205  $errors = array();
 206  $maximageserror = $attacherror = '';
 207  if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newreply" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && !empty($_FILES['attachments']))))
 208  {
 209      // Verify incoming POST request
 210      verify_post_check($mybb->get_input('my_post_key'));
 211  
 212      if($pid)
 213      {
 214          $attachwhere = "pid='{$pid}'";
 215      }
 216      else
 217      {
 218          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 219      }
 220  
 221      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newreply");
 222  
 223      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 224      {
 225          if(isset($ret['success']))
 226          {
 227              $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}');
 228              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 229              {
 230                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 231              }
 232              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 233              $attach_mod_options = '';
 234              eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";");
 235              $ret['template'] = $attemplate;
 236  
 237              $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 238              $usage = $db->fetch_array($query);
 239              $ret['usage'] = get_friendly_size($usage['ausage']);
 240          }
 241          
 242          header("Content-type: application/json; charset={$lang->settings['charset']}");
 243          echo json_encode($ret);
 244          exit();
 245      }
 246  
 247      if(!empty($ret['errors']))
 248      {
 249          $errors = $ret['errors'];
 250      }
 251  
 252      // If we were dealing with an attachment but didn't click 'Post Reply' or 'Save as Draft', force the new reply page again.
 253      if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft'))
 254      {
 255          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 256          $mybb->input['action'] = "newreply";
 257      }
 258  }
 259  
 260  detect_attachmentact();
 261  
 262  // Remove an attachment.
 263  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 264  {
 265      // Verify incoming POST request
 266      verify_post_check($mybb->get_input('my_post_key'));
 267  
 268      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 269  
 270      if(!$mybb->get_input('submit'))
 271      {
 272          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 273          $mybb->input['action'] = "newreply";
 274      }
 275  
 276      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 277      {
 278          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 279          $usage = $db->fetch_array($query);
 280  
 281          header("Content-type: application/json; charset={$lang->settings['charset']}");
 282          echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage'])));
 283          exit();
 284      }
 285  }
 286  
 287  $reply_errors = $quoted_ids = '';
 288  $hide_captcha = false;
 289  
 290  // Check the maximum posts per day for this user
 291  if($mybb->usergroup['maxposts'] > 0)
 292  {
 293      $daycut = TIME_NOW-60*60*24;
 294      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}");
 295      $post_count = $db->fetch_field($query, "posts_today");
 296      if($post_count >= $mybb->usergroup['maxposts'])
 297      {
 298          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 299          error($lang->error_maxposts);
 300      }
 301  }
 302  
 303  if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 304  {
 305      $mybb->settings['postsperpage'] = 20;
 306  }
 307  
 308  if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post")
 309  {
 310      // Verify incoming POST request
 311      verify_post_check($mybb->get_input('my_post_key'));
 312  
 313      $plugins->run_hooks("newreply_do_newreply_start");
 314  
 315      // If this isn't a logged in user, then we need to do some special validation.
 316      if($mybb->user['uid'] == 0)
 317      {
 318          // If they didn't specify a username leave blank so $lang->guest can be used on output
 319          if(!$mybb->get_input('username'))
 320          {
 321              $username = '';
 322          }
 323          // Otherwise use the name they specified.
 324          else
 325          {
 326              $username = $mybb->get_input('username');
 327          }
 328          $uid = 0;
 329  
 330  
 331          if($mybb->settings['stopforumspam_on_newreply'])
 332          {
 333              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 334  
 335              $stop_forum_spam_checker = new StopForumSpamChecker(
 336                  $plugins,
 337                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 338                  $mybb->settings['stopforumspam_check_usernames'],
 339                  $mybb->settings['stopforumspam_check_emails'],
 340                  $mybb->settings['stopforumspam_check_ips'],
 341                  $mybb->settings['stopforumspam_log_blocks']
 342              );
 343  
 344              try {
 345                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 346                  {
 347                      error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 348                          $stop_forum_spam_checker->getErrorText(array(
 349                              'stopforumspam_check_usernames',
 350                              'stopforumspam_check_ips'
 351                              ))));
 352                  }
 353              }
 354              catch (Exception $e)
 355              {
 356                  if($mybb->settings['stopforumspam_block_on_error'])
 357                  {
 358                      error($lang->error_stop_forum_spam_fetching);
 359                  }
 360              }
 361          }
 362      }
 363      // This user is logged in.
 364      else
 365      {
 366          $username = $mybb->user['username'];
 367          $uid = $mybb->user['uid'];
 368      }
 369  
 370      // Attempt to see if this post is a duplicate or not
 371      if($uid > 0)
 372      {
 373          $user_check = "p.uid='{$uid}'";
 374      }
 375      else
 376      {
 377          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 378      }
 379      if(!$mybb->get_input('savedraft'))
 380      {
 381          $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible > -1 AND p.dateline>".(TIME_NOW-600));
 382          if($db->num_rows($query) > 0)
 383          {
 384              error($lang->error_post_already_submitted);
 385          }
 386      }
 387  
 388      // Set up posthandler.
 389      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 390      $posthandler = new PostDataHandler("insert");
 391  
 392      // Set the post data that came from the input to the $post array.
 393      $post = array(
 394          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 395          "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 396          "fid" => $thread['fid'],
 397          "subject" => $mybb->get_input('subject'),
 398          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 399          "uid" => $uid,
 400          "username" => $username,
 401          "message" => $mybb->get_input('message'),
 402          "ipaddress" => $session->packedip,
 403          "posthash" => $mybb->get_input('posthash')
 404      );
 405  
 406      if(isset($mybb->input['pid']))
 407      {
 408          $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 409      }
 410  
 411      // Are we saving a draft post?
 412      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 413      {
 414          $post['savedraft'] = 1;
 415      }
 416      else
 417      {
 418          $post['savedraft'] = 0;
 419      }
 420  
 421      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 422      if(!isset($postoptions['signature']))
 423      {
 424          $postoptions['signature'] = 0;
 425      }
 426      if(!isset($postoptions['subscriptionmethod']))
 427      {
 428          $postoptions['subscriptionmethod'] = 0;
 429      }
 430      if(!isset($postoptions['disablesmilies']))
 431      {
 432          $postoptions['disablesmilies'] = 0;
 433      }
 434  
 435      // Set up the post options from the input.
 436      $post['options'] = array(
 437          "signature" => $postoptions['signature'],
 438          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 439          "disablesmilies" => $postoptions['disablesmilies']
 440      );
 441  
 442      // Apply moderation options if we have them
 443      $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 444  
 445      $posthandler->set_data($post);
 446  
 447      // Now let the post handler do all the hard work.
 448      $valid_post = $posthandler->validate_post();
 449  
 450      $post_errors = array();
 451      // Fetch friendly error messages if this is an invalid post
 452      if(!$valid_post)
 453      {
 454          $post_errors = $posthandler->get_friendly_errors();
 455      }
 456  
 457      // Mark thread as read
 458      require_once  MYBB_ROOT."inc/functions_indicators.php";
 459      mark_thread_read($tid, $fid);
 460  
 461      $json_data = '';
 462  
 463      // Check captcha image
 464      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 465      {
 466          require_once  MYBB_ROOT.'inc/class_captcha.php';
 467          $post_captcha = new captcha(false, "post_captcha");
 468  
 469          if($post_captcha->validate_captcha() == false)
 470          {
 471              // CAPTCHA validation failed
 472              foreach($post_captcha->get_errors() as $error)
 473              {
 474                  $post_errors[] = $error;
 475              }
 476          }
 477          else
 478          {
 479              $hide_captcha = true;
 480          }
 481  
 482          if($mybb->get_input('ajax', MyBB::INPUT_INT) && $post_captcha->type == 1)
 483          {
 484              $randomstr = random_str(5);
 485              $imagehash = md5(random_str(12));
 486  
 487              $imagearray = array(
 488                  "imagehash" => $imagehash,
 489                  "imagestring" => $randomstr,
 490                  "dateline" => TIME_NOW
 491              );
 492  
 493              $db->insert_query("captcha", $imagearray);
 494  
 495              //header("Content-type: text/html; charset={$lang->settings['charset']}");
 496              $data = '';
 497              $data .= "<captcha>$imagehash";
 498  
 499              if($hide_captcha)
 500              {
 501                  $data .= "|$randomstr";
 502              }
 503  
 504              $data .= "</captcha>";
 505  
 506              //header("Content-type: application/json; charset={$lang->settings['charset']}");
 507              $json_data = array("data" => $data);
 508          }
 509      }
 510  
 511      // One or more errors returned, fetch error list and throw to newreply page
 512      if(count($post_errors) > 0)
 513      {
 514          $reply_errors = inline_error($post_errors, '', $json_data);
 515          $mybb->input['action'] = "newreply";
 516      }
 517      else
 518      {
 519          $postinfo = $posthandler->insert_post();
 520          $pid = $postinfo['pid'];
 521          $visible = $postinfo['visible'];
 522  
 523          if(isset($postinfo['closed']))
 524          {
 525              $closed = $postinfo['closed'];
 526          }
 527          else
 528          {
 529              $closed = '';
 530          }
 531  
 532          // Invalidate solved captcha
 533          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 534          {
 535              $post_captcha->invalidate_captcha();
 536          }
 537  
 538          $force_redirect = false;
 539  
 540          // Deciding the fate
 541          if($visible == -2)
 542          {
 543              // Draft post
 544              $lang->redirect_newreply = $lang->draft_saved;
 545              $url = "usercp.php?action=drafts";
 546          }
 547          elseif($visible == 1)
 548          {
 549              // Visible post
 550              $lang->redirect_newreply .= $lang->redirect_newreply_post;
 551              $url = get_post_link($pid, $tid)."#pid{$pid}";
 552          }
 553          else
 554          {
 555              // Moderated post
 556              $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;
 557              $url = get_thread_link($tid);
 558  
 559              // User must see moderation notice, regardless of redirect settings
 560              $force_redirect = true;
 561          }
 562  
 563          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 564          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 565          {
 566              // We quoted all posts - remove the entire cookie
 567              if($mybb->get_input('quoted_ids') == "all")
 568              {
 569                  my_unsetcookie("multiquote");
 570              }
 571              // Only quoted a few - attempt to remove them from the cookie
 572              else
 573              {
 574                  $quoted_ids = explode("|", $mybb->get_input('quoted_ids'));
 575                  $multiquote = explode("|", $mybb->cookies['multiquote']);
 576                  if(!empty($multiquote) && !empty($quoted_ids))
 577                  {
 578                      foreach($multiquote as $key => $quoteid)
 579                      {
 580                          // If this ID was quoted, remove it from the multiquote list
 581                          if(in_array($quoteid, $quoted_ids))
 582                          {
 583                              unset($multiquote[$key]);
 584                          }
 585                      }
 586                      // Still have an array - set the new cookie
 587                      if(!empty($multiquote))
 588                      {
 589                          $new_multiquote = implode(",", $multiquote);
 590                          my_setcookie("multiquote", $new_multiquote);
 591                      }
 592                      // Otherwise, unset it
 593                      else
 594                      {
 595                          my_unsetcookie("multiquote");
 596                      }
 597                  }
 598              }
 599          }
 600  
 601          $plugins->run_hooks("newreply_do_newreply_end");
 602  
 603          // This was a post made via the ajax quick reply - we need to do some special things here
 604          if($mybb->get_input('ajax', MyBB::INPUT_INT))
 605          {
 606              // Visible post
 607              if($visible == 1)
 608              {
 609                  // Set post counter
 610                  $postcounter = $thread['replies'] + 1;
 611  
 612                  if(is_moderator($fid, "canviewunapprove"))
 613                  {
 614                      $postcounter += $thread['unapprovedposts'];
 615                  }
 616                  if(is_moderator($fid, "canviewdeleted"))
 617                  {
 618                      $postcounter += $thread['deletedposts'];
 619                  }
 620  
 621                  // Was there a new post since we hit the quick reply button?
 622                  if($mybb->get_input('lastpid', MyBB::INPUT_INT))
 623                  {
 624                      $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc"));
 625                      $new_post = $db->fetch_array($query);
 626                      if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT))
 627                      {
 628                          redirect(get_thread_link($tid, 0, "lastpost"));
 629                      }
 630                  }
 631  
 632                  // Lets see if this post is on the same page as the one we're viewing or not
 633                  // if it isn't, redirect us
 634                  if($mybb->settings['postsperpage'] > 0)
 635                  {
 636                      $post_page = ceil(($postcounter + 1) / $mybb->settings['postsperpage']);
 637                  }
 638                  else
 639                  {
 640                      $post_page = 1;
 641                  }
 642  
 643                  if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT))
 644                  {
 645                      redirect(get_thread_link($tid, 0, "lastpost"));
 646                      exit;
 647                  }
 648  
 649                  // Return the post HTML and display it inline
 650                  $query = $db->query("
 651                      SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername
 652                      FROM ".TABLE_PREFIX."posts p
 653                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 654                      LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 655                      LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid)
 656                      WHERE p.pid='{$pid}'
 657                  ");
 658                  $post = $db->fetch_array($query);
 659  
 660                  // Now lets fetch all of the attachments for this post
 661                  $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
 662                  while($attachment = $db->fetch_array($query))
 663                  {
 664                      $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
 665                  }
 666  
 667                  // Establish altbg - may seem like this is backwards, but build_postbit reverses it
 668                  if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0)
 669                  {
 670                      $altbg = "trow1";
 671                  }
 672                  else
 673                  {
 674                      $altbg = "trow2";
 675                  }
 676  
 677                  $charset = "UTF-8";
 678                  if($lang->settings['charset'])
 679                  {
 680                      $charset = $lang->settings['charset'];
 681                  }
 682  
 683                  require_once  MYBB_ROOT."inc/functions_post.php";
 684                  $pid = $post['pid'];
 685                  $post = build_postbit($post);
 686  
 687                  $data = '';
 688                  $data .= $post;
 689  
 690                  // Build a new posthash incase the user wishes to quick reply again
 691                  $new_posthash = md5($mybb->user['uid'].random_str());
 692                  $data .= "<script type=\"text/javascript\">\n";
 693                  $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
 694                  $data .= "if(typeof(inlineModeration) != 'undefined') {
 695                      $('#inlinemod_{$pid}').on(\"click\", function(e) {
 696                          inlineModeration.checkItem();
 697                      });
 698                  }\n";
 699  
 700                  if($closed == 1)
 701                  {
 702                      $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n";
 703                  }
 704                  else
 705                  {
 706                      $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n";
 707                  }
 708  
 709                  $data .= "</script>\n";
 710  
 711                  header("Content-type: application/json; charset={$lang->settings['charset']}");
 712                  echo json_encode(array("data" => $data));
 713  
 714                  exit;
 715              }
 716              // Post is in the moderation queue
 717              else
 718              {
 719                  redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true);
 720                  exit;
 721              }
 722          }
 723          else
 724          {
 725              $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 726              redirect($url, $lang->redirect_newreply, "", $force_redirect);
 727              exit;
 728          }
 729      }
 730  }
 731  
 732  // Show the newreply form.
 733  if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft")
 734  {
 735      $plugins->run_hooks("newreply_start");
 736  
 737      $quote_ids = $multiquote_external = '';
 738      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 739      if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment'))
 740      {
 741          $message = '';
 742          $quoted_posts = array();
 743          // Handle multiquote
 744          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 745          {
 746              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 747              foreach($multiquoted as $post)
 748              {
 749                  $quoted_posts[$post] = (int)$post;
 750              }
 751          }
 752          // Handle incoming 'quote' button
 753          if($replyto)
 754          {
 755              $quoted_posts[$replyto] = $replyto;
 756          }
 757  
 758          // Quoting more than one post - fetch them
 759          if(count($quoted_posts) > 0)
 760          {
 761              $external_quotes = 0;
 762              $quoted_posts = implode(",", $quoted_posts);
 763              $quoted_ids = array();
 764              $unviewable_forums = get_unviewable_forums();
 765              $inactiveforums = get_inactive_forums();
 766              if($unviewable_forums)
 767              {
 768                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 769              }
 770              if($inactiveforums)
 771              {
 772                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 773              }
 774  
 775              // Check group permissions if we can't view threads not started by us
 776              $group_permissions = forum_permissions();
 777              $onlyusfids = array();
 778              $onlyusforums = '';
 779              foreach($group_permissions as $gpfid => $forum_permissions)
 780              {
 781                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 782                  {
 783                      $onlyusfids[] = $gpfid;
 784                  }
 785              }
 786              if(!empty($onlyusfids))
 787              {
 788                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 789              }
 790  
 791              if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 792              {
 793                  $visible_where = "AND p.visible IN (-1,0,1)";
 794              }
 795              elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted'))
 796              {
 797                  $visible_where = "AND p.visible IN (0,1)";
 798              }
 799              elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 800              {
 801                  $visible_where = "AND p.visible IN (-1,1)";
 802              }
 803              else
 804              {
 805                  $visible_where = "AND p.visible=1";
 806              }
 807  
 808              require_once  MYBB_ROOT."inc/functions_posting.php";
 809              $query = $db->query("
 810                  SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 811                  FROM ".TABLE_PREFIX."posts p
 812                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 813                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 814                  WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 815              ");
 816              $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT);
 817              while($quoted_post = $db->fetch_array($query))
 818              {
 819                  // Only show messages for the current thread
 820                  if($quoted_post['tid'] == $tid || $load_all == 1)
 821                  {
 822                      // If this post was the post for which a quote button was clicked, set the subject
 823                      if($replyto == $quoted_post['pid'])
 824                      {
 825                          $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']);
 826                          // Subject too long? Shorten it to avoid error message
 827                          if(my_strlen($subject) > 85)
 828                          {
 829                              $subject = my_substr($subject, 0, 82).'...';
 830                          }
 831                          $subject = "RE: ".$subject;
 832                      }
 833                      $message .= parse_quoted_message($quoted_post);
 834                      $quoted_ids[] = $quoted_post['pid'];
 835                  }
 836                  // Count the rest
 837                  else
 838                  {
 839                      ++$external_quotes;
 840                  }
 841              }
 842              if($mybb->settings['maxquotedepth'] != '0')
 843              {
 844                  $message = remove_message_quotes($message);
 845              }
 846              if($external_quotes > 0)
 847              {
 848                  if($external_quotes == 1)
 849                  {
 850                      $multiquote_text = $lang->multiquote_external_one;
 851                      $multiquote_deselect = $lang->multiquote_external_one_deselect;
 852                      $multiquote_quote = $lang->multiquote_external_one_quote;
 853                  }
 854                  else
 855                  {
 856                      $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 857                      $multiquote_deselect = $lang->multiquote_external_deselect;
 858                      $multiquote_quote = $lang->multiquote_external_quote;
 859                  }
 860                  eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";");
 861              }
 862              $quoted_ids = implode("|", $quoted_ids);
 863          }
 864      }
 865  
 866      if(isset($mybb->input['quoted_ids']))
 867      {
 868          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids'));
 869      }
 870  
 871      if(isset($mybb->input['previewpost']))
 872      {
 873          $previewmessage = $mybb->get_input('message');
 874      }
 875      if(empty($message))
 876      {
 877          $message = $mybb->get_input('message');
 878      }
 879      $message = htmlspecialchars_uni($message);
 880  
 881      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 882      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 883  
 884      // Set up the post options.
 885      if(!empty($mybb->input['previewpost']) || $reply_errors != '')
 886      {
 887          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 888  
 889          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 890          {
 891              $postoptionschecked['signature'] = " checked=\"checked\"";
 892          }
 893          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 894          {
 895              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 896          }
 897          $subscription_method = get_subscription_method($tid, $postoptions);
 898          $subject = $mybb->input['subject'];
 899      }
 900      elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 901      {
 902          $message = htmlspecialchars_uni($post['message']);
 903          $subject = $post['subject'];
 904          if($post['includesig'] != 0)
 905          {
 906              $postoptionschecked['signature'] = " checked=\"checked\"";
 907          }
 908          if($post['smilieoff'] == 1)
 909          {
 910              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 911          }
 912          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 913          $mybb->input['icon'] = $post['icon'];
 914      }
 915      else
 916      {
 917          if($mybb->user['signature'] != '')
 918          {
 919              $postoptionschecked['signature'] = " checked=\"checked\"";
 920          }
 921          $subscription_method = get_subscription_method($tid);
 922      }
 923      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 924  
 925      $posticons = '';
 926      if($forum['allowpicons'] != 0)
 927      {
 928          $posticons = get_post_icons();
 929      }
 930  
 931      // No subject?
 932      if(!isset($subject))
 933      {
 934          if(!empty($mybb->input['subject']))
 935          {
 936              $subject = $mybb->get_input('subject');
 937          }
 938          else
 939          {
 940              $subject = $thread_subject;
 941              // Subject too long? Shorten it to avoid error message
 942              if(my_strlen($subject) > 85)
 943              {
 944                  $subject = my_substr($subject, 0, 82).'...';
 945              }
 946              $subject = "RE: ".$subject;
 947          }
 948      }
 949  
 950      // Preview a post that was written.
 951      $preview = '';
 952      if(!empty($mybb->input['previewpost']))
 953      {
 954          // If this isn't a logged in user, then we need to do some special validation.
 955          if($mybb->user['uid'] == 0)
 956          {
 957              // If they didn't specify a username leave blank so $lang->guest can be used on output
 958              if(!$mybb->get_input('username'))
 959              {
 960                  $username = '';
 961              }
 962              // Otherwise use the name they specified.
 963              else
 964              {
 965                  $username = $mybb->get_input('username');
 966              }
 967              $uid = 0;
 968          }
 969          // This user is logged in.
 970          else
 971          {
 972              $username = $mybb->user['username'];
 973              $uid = $mybb->user['uid'];
 974          }
 975  
 976          // Set up posthandler.
 977          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 978          $posthandler = new PostDataHandler("insert");
 979          $posthandler->action = "post";
 980  
 981          // Set the post data that came from the input to the $post array.
 982          $post = array(
 983              "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 984              "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 985              "fid" => $thread['fid'],
 986              "subject" => $mybb->get_input('subject'),
 987              "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 988              "uid" => $uid,
 989              "username" => $username,
 990              "message" => $mybb->get_input('message'),
 991              "ipaddress" => $session->packedip,
 992              "posthash" => $mybb->get_input('posthash')
 993          );
 994  
 995          if(isset($mybb->input['pid']))
 996          {
 997              $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 998          }
 999  
1000          $posthandler->set_data($post);
1001  
1002          // Now let the post handler do all the hard work.
1003          $valid_post = $posthandler->verify_message();
1004          $valid_subject = $posthandler->verify_subject();
1005  
1006          // guest post --> verify author
1007          if($post['uid'] == 0)
1008          {
1009              $valid_username = $posthandler->verify_author();
1010          }
1011          else
1012          {
1013              $valid_username = true;
1014          }
1015  
1016          $post_errors = array();
1017          // Fetch friendly error messages if this is an invalid post
1018          if(!$valid_post || !$valid_subject || !$valid_username)
1019          {
1020              $post_errors = $posthandler->get_friendly_errors();
1021          }
1022  
1023          // One or more errors returned, fetch error list and throw to newreply page
1024          if(count($post_errors) > 0)
1025          {
1026              $reply_errors = inline_error($post_errors);
1027          }
1028          else
1029          {
1030              $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids'));
1031              $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1032              $query = $db->query("
1033                  SELECT u.*, f.*
1034                  FROM ".TABLE_PREFIX."users u
1035                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
1036                  WHERE u.uid='".$mybb->user['uid']."'
1037              ");
1038              $post = $db->fetch_array($query);
1039              $post['username'] = $username;
1040              if($mybb->user['uid'])
1041              {
1042                  $post['userusername'] = $mybb->user['username'];
1043              }
1044              $post['message'] = $previewmessage;
1045              $post['subject'] = $subject;
1046              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1047              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
1048              if(isset($mybb->input['postoptions']['disablesmilies']))
1049              {
1050                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
1051              }
1052              $post['dateline'] = TIME_NOW;
1053              if(isset($mybb->input['postoptions']['signature']))
1054              {
1055                  $post['includesig'] = $mybb->input['postoptions']['signature'];
1056              }
1057              if(!isset($post['includesig']) || $post['includesig'] != 1)
1058              {
1059                  $post['includesig'] = 0;
1060              }
1061  
1062              // Fetch attachments assigned to this post.
1063              if($mybb->get_input('pid', MyBB::INPUT_INT))
1064              {
1065                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
1066              }
1067              else
1068              {
1069                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
1070              }
1071  
1072              $query = $db->simple_select("attachments", "*", $attachwhere);
1073              while($attachment = $db->fetch_array($query))
1074              {
1075                  $attachcache[0][$attachment['aid']] = $attachment;
1076              }
1077  
1078              $postbit = build_postbit($post, 1);
1079              eval("\$preview = \"".$templates->get("previewpost")."\";");
1080          }
1081      }
1082  
1083      $subject = htmlspecialchars_uni($parser->parse_badwords($subject));
1084  
1085      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
1086  
1087      // Do we have attachment errors?
1088      if(count($errors) > 0)
1089      {
1090          $reply_errors = inline_error($errors);
1091      }
1092  
1093      // Get a listing of the current attachments.
1094      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
1095      {
1096          $attachcount = 0;
1097          if($pid)
1098          {
1099              $attachwhere = "pid='$pid'";
1100          }
1101          else
1102          {
1103              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
1104          }
1105          $attachments = '';
1106          $query = $db->simple_select("attachments", "*", $attachwhere);
1107          while($attachment = $db->fetch_array($query))
1108          {
1109              $attachment['size'] = get_friendly_size($attachment['filesize']);
1110              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
1111              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
1112  
1113              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
1114              {
1115                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
1116              }
1117  
1118              $attach_mod_options = '';
1119              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
1120  
1121              if($attachment['visible'] != 1)
1122              {
1123                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
1124              }
1125              else
1126              {
1127                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
1128              }
1129              $attachcount++;
1130          }
1131  
1132          $noshowattach = '';
1133          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
1134          $usage = $db->fetch_array($query);
1135  
1136          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
1137          {
1138              $noshowattach = 1;
1139          }
1140  
1141          if($mybb->usergroup['attachquota'] == 0)
1142          {
1143              $friendlyquota = $lang->unlimited;
1144          }
1145          else
1146          {
1147              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
1148          }
1149          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
1150  
1151          $link_viewattachments = '';
1152          if($usage['ausage'] !== NULL)
1153          {
1154              $friendlyusage = get_friendly_size($usage['ausage']);
1155              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
1156              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
1157          }
1158          else
1159          {
1160              $lang->attach_usage = "";
1161          }
1162  
1163          $attach_add_options = '';
1164          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
1165          {
1166              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1167          }
1168  
1169          $attach_update_options = '';
1170          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1171          {
1172              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1173          }
1174  
1175          if($attach_add_options || $attach_update_options)
1176          {
1177              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1178          }
1179  
1180          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1181      }
1182      else
1183      {
1184          $attachbox = '';
1185      }
1186  
1187      // If the user is logged in, provide a save draft button.
1188      $savedraftbutton = '';
1189      if($mybb->user['uid'])
1190      {
1191          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1192      }
1193  
1194      // Show captcha image for guests if enabled
1195      $captcha = '';
1196      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1197      {
1198          $correct = false;
1199          require_once  MYBB_ROOT.'inc/class_captcha.php';
1200          $post_captcha = new captcha(false, "post_captcha");
1201  
1202          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1203          {
1204              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1205              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1206              if($post_captcha->validate_captcha() == true)
1207              {
1208                  $correct = true;
1209  
1210                  // Generate a hidden list of items for our captcha
1211                  $captcha = $post_captcha->build_hidden_captcha();
1212              }
1213          }
1214  
1215          if(!$correct)
1216          {
1217              if($post_captcha->type == captcha::DEFAULT_CAPTCHA)
1218              {
1219                  $post_captcha->build_captcha();
1220              }
1221              elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))
1222              {
1223                  $post_captcha->build_recaptcha();
1224              }
1225              elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))
1226              {
1227                  $post_captcha->build_hcaptcha();
1228              }
1229          }
1230          else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))))
1231          {
1232              $post_captcha->build_recaptcha();
1233          }
1234          else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))))
1235          {
1236              $post_captcha->build_hcaptcha();
1237          }
1238  
1239          if($post_captcha->html)
1240          {
1241              $captcha = $post_captcha->html;
1242          }
1243      }
1244  
1245      $reviewmore = '';
1246      $threadreview = '';
1247      if($mybb->settings['threadreview'] != 0)
1248      {
1249          if(is_moderator($fid, "canviewunapprove") || $mybb->settings['showownunapproved'])
1250          {
1251              $visibility = "(visible='1' OR visible='0')";
1252          }
1253          else
1254          {
1255              $visibility = "visible='1'";
1256          }
1257          $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}");
1258          $numposts = $db->fetch_field($query, "post_count");
1259  
1260          if($numposts > $mybb->settings['postsperpage'])
1261          {
1262              $numposts = $mybb->settings['postsperpage'];
1263              $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid));
1264              eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";");
1265          }
1266  
1267          $pidin = array();
1268          $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline DESC, pid DESC", "limit" => $mybb->settings['postsperpage']));
1269          while($post = $db->fetch_array($query))
1270          {
1271              $pidin[] = $post['pid'];
1272          }
1273  
1274          if(!empty($pidin))
1275          {
1276              $pidin = implode(",", $pidin);
1277  
1278              // Fetch attachments
1279              $query = $db->simple_select("attachments", "*", "pid IN ($pidin)");
1280              while($attachment = $db->fetch_array($query))
1281              {
1282                  $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
1283              }
1284              $query = $db->query("
1285                  SELECT p.*, u.username AS userusername
1286                  FROM ".TABLE_PREFIX."posts p
1287                  LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
1288                  WHERE pid IN ($pidin)
1289                  ORDER BY dateline DESC, pid DESC
1290              ");
1291              $postsdone = 0;
1292              $altbg = "trow1";
1293              $reviewbits = '';
1294              while($post = $db->fetch_array($query))
1295              {
1296                  if($post['userusername'])
1297                  {
1298                      $post['username'] = $post['userusername'];
1299                  }
1300                  $reviewpostdate = my_date('relative', $post['dateline']);
1301                  $parser_options = array(
1302                      "allow_html" => $forum['allowhtml'],
1303                      "allow_mycode" => $forum['allowmycode'],
1304                      "allow_smilies" => $forum['allowsmilies'],
1305                      "allow_imgcode" => $forum['allowimgcode'],
1306                      "allow_videocode" => $forum['allowvideocode'],
1307                      "me_username" => $post['username'],
1308                      "filter_badwords" => 1
1309                  );
1310                  if($post['smilieoff'] == 1)
1311                  {
1312                      $parser_options['allow_smilies'] = 0;
1313                  }
1314  
1315                  if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
1316                  {
1317                      $parser_options['allow_imgcode'] = 0;
1318                  }
1319  
1320                  if($mybb->user['uid'] != 0 && $mybb->user['showvideos'] != 1 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0)
1321                  {
1322                      $parser_options['allow_videocode'] = 0;
1323                  }
1324  
1325                  $post['username'] = htmlspecialchars_uni($post['username']);
1326  
1327                  if($post['visible'] != 1)
1328                  {
1329                      $altbg = "trow_shaded";
1330                  }
1331  
1332                  $plugins->run_hooks("newreply_threadreview_post");
1333  
1334                  $post['message'] = $parser->parse_message($post['message'], $parser_options);
1335                  get_post_attachments($post['pid'], $post);
1336                  $reviewmessage = $post['message'];
1337                  eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";");
1338                  if($altbg == "trow1")
1339                  {
1340                      $altbg = "trow2";
1341                  }
1342                  else
1343                  {
1344                      $altbg = "trow1";
1345                  }
1346              }
1347              eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";");
1348          }
1349      }
1350  
1351      // Hide signature option if no permission
1352      $signature = '';
1353      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
1354      {
1355          eval("\$signature = \"".$templates->get('newreply_signature')."\";");
1356      }
1357  
1358      // Can we disable smilies or are they disabled already?
1359      $disablesmilies = '';
1360      if($forum['allowsmilies'] != 0)
1361      {
1362          eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";");
1363      }
1364  
1365      $postoptions = '';
1366      if(!empty($signature) || !empty($disablesmilies))
1367      {
1368          eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";");
1369          $bgcolor = "trow2";
1370      }
1371      else
1372      {
1373          $bgcolor = "trow1";
1374      }
1375  
1376      $modoptions = '';
1377      // Show the moderator options.
1378      if(is_moderator($fid))
1379      {
1380          if($mybb->get_input('processed', MyBB::INPUT_INT))
1381          {
1382              $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
1383              if(!isset($mybb->input['modoptions']['closethread']))
1384              {
1385                  $mybb->input['modoptions']['closethread'] = 0;
1386              }
1387              $closed = (int)$mybb->input['modoptions']['closethread'];
1388              if(!isset($mybb->input['modoptions']['stickthread']))
1389              {
1390                  $mybb->input['modoptions']['stickthread'] = 0;
1391              }
1392              $stuck = (int)$mybb->input['modoptions']['stickthread'];
1393          }
1394          else
1395          {
1396              $closed = $thread['closed'];
1397              $stuck = $thread['sticky'];
1398          }
1399  
1400          if($closed)
1401          {
1402              $closecheck = ' checked="checked"';
1403          }
1404          else
1405          {
1406              $closecheck = '';
1407          }
1408  
1409          if($stuck)
1410          {
1411              $stickycheck = ' checked="checked"';
1412          }
1413          else
1414          {
1415              $stickycheck = '';
1416          }
1417  
1418          $closeoption = '';
1419          if(is_moderator($thread['fid'], "canopenclosethreads"))
1420          {
1421              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
1422          }
1423  
1424          $stickoption = '';
1425          if(is_moderator($thread['fid'], "canstickunstickthreads"))
1426          {
1427              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
1428          }
1429  
1430          if(!empty($closeoption) || !empty($stickoption))
1431          {
1432              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
1433              $bgcolor = "trow1";
1434          }
1435          else
1436          {
1437              $bgcolor = "trow2";
1438          }
1439      }
1440      else
1441      {
1442          $bgcolor = "trow2";
1443      }
1444  
1445      // Fetch subscription select box
1446      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
1447  
1448      $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']);
1449      $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']);
1450  
1451      // Do we have any forum rules to show for this forum?
1452      $forumrules = '';
1453      if($forum['rulestype'] >= 2 && $forum['rules'])
1454      {
1455          if(!$forum['rulestitle'])
1456          {
1457              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1458          }
1459  
1460          if(!$parser)
1461          {
1462              require_once  MYBB_ROOT.'inc/class_parser.php';
1463              $parser = new postParser;
1464          }
1465  
1466          $rules_parser = array(
1467              "allow_html" => 1,
1468              "allow_mycode" => 1,
1469              "allow_smilies" => 1,
1470              "allow_imgcode" => 1
1471          );
1472  
1473          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1474          $foruminfo = $forum;
1475  
1476          if($forum['rulestype'] == 3)
1477          {
1478              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1479          }
1480          else if($forum['rulestype'] == 2)
1481          {
1482              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1483          }
1484      }
1485  
1486      $moderation_notice = '';
1487      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1488      {
1489          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1490          {
1491              $moderation_text = $lang->moderation_forum_attachments;
1492              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1493          }
1494      }
1495      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1496      {
1497          if($forumpermissions['modposts'] == 1)
1498          {
1499              $moderation_text = $lang->moderation_forum_posts;
1500              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1501          }
1502  
1503          if($mybb->user['moderateposts'] == 1)
1504          {
1505              $moderation_text = $lang->moderation_user_posts;
1506              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1507          }
1508      }
1509  
1510      $php_max_upload_size = get_php_upload_limit();
1511      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1512      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1513  
1514      $plugins->run_hooks("newreply_end");
1515  
1516      $forum['name'] = strip_tags($forum['name']);
1517  
1518      eval("\$newreply = \"".$templates->get("newreply")."\";");
1519      output_page($newreply);
1520  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref