[ Index ]

PHP Cross Reference of MyBB 1.8.20

title

Body

[close]

/ -> newreply.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newreply.php');
  13  
  14  $templatelist = "newreply,previewpost,loginbox,changeuserbox,posticons,newreply_threadreview,newreply_threadreview_post,forumdisplay_rules_link,newreply_multiquote_external,post_attachments_add,post_subscription_method";
  15  $templatelist .= ",codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,postbit_online,postbit_pm,newreply_disablesmilies_hidden,post_attachments_update";
  16  $templatelist .= ",postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,newreply_modoptions_close,newreply_modoptions_stick";
  17  $templatelist .= ",post_attachments_attachment_postinsert,post_attachments_attachment_remove,post_attachments_attachment_unapproved,post_attachments_attachment,post_attachments_viewlink,postbit_attachments_attachment,newreply_signature";
  18  $templatelist .= ",post_captcha_recaptcha_invisible,post_captcha_hidden,post_captcha,post_captcha_nocaptcha,post_javascript,postbit_groupimage,postbit_attachments,newreply_postoptions";
  19  $templatelist .= ",postbit_rep_button,postbit_author_guest,postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnailpostbit_attachments_images_image,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_gotopost,forumdisplay_password_wrongpass,forumdisplay_password,posticons_icon,attachment_icon,postbit_reputation_formatted_link";
  21  $templatelist .= ",global_moderation_notice,newreply_disablesmilies,postbit_userstar,newreply_draftinput,postbit_avatar,forumdisplay_rules,postbit_offline,postbit_find,postbit_warninglevel_formatted,postbit_ignored";
  22  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,postbit_reputation,postbit_www,postbit_away,postbit_icon,postbit_email,postbit_report,postbit,postbit_warn";
  23  
  24  require_once  "./global.php";
  25  require_once  MYBB_ROOT."inc/functions_post.php";
  26  require_once  MYBB_ROOT."inc/functions_user.php";
  27  require_once  MYBB_ROOT."inc/class_parser.php";
  28  $parser = new postParser;
  29  
  30  // Load global language phrases
  31  $lang->load("newreply");
  32  
  33  // Get the pid and tid and replyto from the input.
  34  $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
  35  $replyto = $mybb->get_input('replyto', MyBB::INPUT_INT);
  36  
  37  // AJAX quick reply?
  38  if(!empty($mybb->input['ajax']))
  39  {
  40      unset($mybb->input['previewpost']);
  41  }
  42  
  43  // Edit a draft post.
  44  $pid = 0;
  45  $editdraftpid = '';
  46  $mybb->input['action'] = $mybb->get_input('action');
  47  if(($mybb->input['action'] == "editdraft" || $mybb->input['action'] == "do_newreply") && $mybb->get_input('pid', MyBB::INPUT_INT))
  48  {
  49      $pid = $mybb->get_input('pid', MyBB::INPUT_INT);
  50      $post = get_post($pid);
  51      if(!$post)
  52      {
  53          error($lang->error_invalidpost);
  54      }
  55      else if($mybb->user['uid'] != $post['uid'])
  56      {
  57          error($lang->error_post_noperms);
  58      }
  59      $pid = (int)$post['pid'];
  60      $tid = (int)$post['tid'];
  61      eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
  62  }
  63  
  64  // Set up $thread and $forum for later use.
  65  $thread = get_thread($tid);
  66  if(!$thread)
  67  {
  68      error($lang->error_invalidthread);
  69  }
  70  $fid = (int)$thread['fid'];
  71  
  72  // Get forum info
  73  $forum = get_forum($fid);
  74  if(!$forum)
  75  {
  76      error($lang->error_invalidforum);
  77  }
  78  
  79  // Make navigation
  80  build_forum_breadcrumb($fid);
  81  $thread_subject = $thread['subject'];
  82  $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
  83  add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
  84  add_breadcrumb($lang->nav_newreply);
  85  
  86  $forumpermissions = forum_permissions($fid);
  87  
  88  // See if everything is valid up to here.
  89  if(isset($post) && (($post['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || ($post['visible'] < 0 && $post['uid'] != $mybb->user['uid'])))
  90  {
  91      if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid']))
  92      {
  93          error($lang->error_invalidpost);
  94      }
  95  }
  96  if(($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove")) || $thread['visible'] < 0)
  97  {
  98      if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid']))
  99      {
 100          error($lang->error_invalidthread);
 101      }
 102  }
 103  if($forum['open'] == 0 || $forum['type'] != "f")
 104  {
 105      error($lang->error_closedinvalidforum);
 106  }
 107  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0)
 108  {
 109      error_no_permission();
 110  }
 111  
 112  if($mybb->user['suspendposting'] == 1)
 113  {
 114      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
 115      if($mybb->user['suspensiontime'])
 116      {
 117          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
 118      }
 119  
 120      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
 121  
 122      error($lang->error_suspendedposting);
 123  }
 124  
 125  if(isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 126  {
 127      error_no_permission();
 128  }
 129  
 130  if(isset($forumpermissions['canonlyreplyownthreads']) && $forumpermissions['canonlyreplyownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'])
 131  {
 132      error_no_permission();
 133  }
 134  
 135  // Coming from quick reply and not a preview call? Set subscription method
 136  if($mybb->get_input('method') == "quickreply" && !isset($mybb->input['previewpost']))
 137  {
 138      $mybb->input['postoptions']['subscriptionmethod'] = get_subscription_method($mybb->get_input('tid', MyBB::INPUT_INT));
 139  }
 140  
 141  // Check if this forum is password protected and we have a valid password
 142  check_forum_password($forum['fid']);
 143  
 144  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 145  {
 146      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 147      if($forum['allowsmilies'] != 0)
 148      {
 149          $smilieinserter = build_clickable_smilies();
 150      }
 151  }
 152  
 153  // Display a login box or change user box?
 154  if($mybb->user['uid'] != 0)
 155  {
 156      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 157      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 158  }
 159  else
 160  {
 161      if(empty($mybb->input['previewpost']) && $mybb->input['action'] != "do_newreply")
 162      {
 163          $username = '';
 164      }
 165      else
 166      {
 167          $username = htmlspecialchars_uni($mybb->get_input('username'));
 168      }
 169      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 170  }
 171  
 172  // Check to see if the thread is closed, and if the user is a mod.
 173  if(!is_moderator($fid, "canpostclosedthreads"))
 174  {
 175      if($thread['closed'] == 1)
 176      {
 177          error($lang->redirect_threadclosed);
 178      }
 179  }
 180  
 181  // No weird actions allowed, show new reply form if no regular action.
 182  if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")
 183  {
 184      $mybb->input['action'] = "newreply";
 185  }
 186  
 187  // Even if we are previewing, still show the new reply form.
 188  if(!empty($mybb->input['previewpost']))
 189  {
 190      $mybb->input['action'] = "newreply";
 191  }
 192  
 193  // Setup a unique posthash for attachment management
 194  if(!$mybb->get_input('posthash') && !$pid)
 195  {
 196      $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());
 197  }
 198  
 199  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 200  {
 201      error($lang->error_empty_post_input);
 202  }
 203  
 204  $errors = array();
 205  $maximageserror = $attacherror = '';
 206  if($mybb->settings['enableattachments'] == 1 && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ($mybb->input['action'] == "do_newreply" && $mybb->get_input('submit') && $_FILES['attachment'])))
 207  {
 208      // Verify incoming POST request
 209      verify_post_check($mybb->get_input('my_post_key'));
 210  
 211      if($pid)
 212      {
 213          $attachwhere = "pid='{$pid}'";
 214      }
 215      else
 216      {
 217          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 218      }
 219  
 220      require_once  MYBB_ROOT."inc/functions_upload.php";
 221  
 222      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newreply");
 223  
 224      if(!empty($ret['errors']))
 225      {
 226          $errors = $ret['errors'];
 227      }
 228  
 229      // If we were dealing with an attachment but didn't click 'Post Reply', force the new reply page again.
 230      if(!$mybb->get_input('submit'))
 231      {
 232          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 233          $mybb->input['action'] = "newreply";
 234      }
 235  }
 236  
 237  // Remove an attachment.
 238  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 239  {
 240      // Verify incoming POST request
 241      verify_post_check($mybb->get_input('my_post_key'));
 242  
 243      require_once  MYBB_ROOT."inc/functions_upload.php";
 244      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 245      if(!$mybb->get_input('submit'))
 246      {
 247          eval("\$editdraftpid = \"".$templates->get("newreply_draftinput")."\";");
 248          $mybb->input['action'] = "newreply";
 249      }
 250  
 251      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 252      {
 253          header("Content-type: application/json; charset={$lang->settings['charset']}");
 254          echo json_encode(array("success" => true));
 255          exit();
 256      }
 257  }
 258  
 259  $reply_errors = '';
 260  $quoted_ids = array();
 261  $hide_captcha = false;
 262  
 263  // Check the maximum posts per day for this user
 264  if($mybb->usergroup['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1)
 265  {
 266      $daycut = TIME_NOW-60*60*24;
 267      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}");
 268      $post_count = $db->fetch_field($query, "posts_today");
 269      if($post_count >= $mybb->usergroup['maxposts'])
 270      {
 271          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 272          error($lang->error_maxposts);
 273      }
 274  }
 275  
 276  if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post")
 277  {
 278      // Verify incoming POST request
 279      verify_post_check($mybb->get_input('my_post_key'));
 280  
 281      $plugins->run_hooks("newreply_do_newreply_start");
 282  
 283      // If this isn't a logged in user, then we need to do some special validation.
 284      if($mybb->user['uid'] == 0)
 285      {
 286          // If they didn't specify a username leave blank so $lang->guest can be used on output
 287          if(!$mybb->get_input('username'))
 288          {
 289              $username = '';
 290          }
 291          // Otherwise use the name they specified.
 292          else
 293          {
 294              $username = $mybb->get_input('username');
 295          }
 296          $uid = 0;
 297  
 298  
 299          if($mybb->settings['stopforumspam_on_newreply'])
 300          {
 301              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 302  
 303              $stop_forum_spam_checker = new StopForumSpamChecker(
 304                  $plugins,
 305                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 306                  $mybb->settings['stopforumspam_check_usernames'],
 307                  $mybb->settings['stopforumspam_check_emails'],
 308                  $mybb->settings['stopforumspam_check_ips'],
 309                  $mybb->settings['stopforumspam_log_blocks']
 310              );
 311  
 312              try {
 313                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 314                  {
 315                      error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 316                          $stop_forum_spam_checker->getErrorText(array(
 317                              'stopforumspam_check_usernames',
 318                              'stopforumspam_check_ips'
 319                              ))));
 320                  }
 321              }
 322              catch (Exception $e)
 323              {
 324                  if($mybb->settings['stopforumspam_block_on_error'])
 325                  {
 326                      error($lang->error_stop_forum_spam_fetching);
 327                  }
 328              }
 329          }
 330      }
 331      // This user is logged in.
 332      else
 333      {
 334          $username = $mybb->user['username'];
 335          $uid = $mybb->user['uid'];
 336      }
 337  
 338      // Attempt to see if this post is a duplicate or not
 339      if($uid > 0)
 340      {
 341          $user_check = "p.uid='{$uid}'";
 342      }
 343      else
 344      {
 345          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 346      }
 347      if(!$mybb->get_input('savedraft'))
 348      {
 349          $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.visible > -1 AND p.dateline>".(TIME_NOW-600));
 350          $duplicate_check = $db->fetch_field($query, "pid");
 351          if($duplicate_check)
 352          {
 353              error($lang->error_post_already_submitted);
 354          }
 355      }
 356  
 357      // Set up posthandler.
 358      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 359      $posthandler = new PostDataHandler("insert");
 360  
 361      // Set the post data that came from the input to the $post array.
 362      $post = array(
 363          "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 364          "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 365          "fid" => $thread['fid'],
 366          "subject" => $mybb->get_input('subject'),
 367          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 368          "uid" => $uid,
 369          "username" => $username,
 370          "message" => $mybb->get_input('message'),
 371          "ipaddress" => $session->packedip,
 372          "posthash" => $mybb->get_input('posthash')
 373      );
 374  
 375      if(isset($mybb->input['pid']))
 376      {
 377          $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 378      }
 379  
 380      // Are we saving a draft post?
 381      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 382      {
 383          $post['savedraft'] = 1;
 384      }
 385      else
 386      {
 387          $post['savedraft'] = 0;
 388      }
 389  
 390      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 391      if(!isset($postoptions['signature']))
 392      {
 393          $postoptions['signature'] = 0;
 394      }
 395      if(!isset($postoptions['subscriptionmethod']))
 396      {
 397          $postoptions['subscriptionmethod'] = 0;
 398      }
 399      if(!isset($postoptions['disablesmilies']))
 400      {
 401          $postoptions['disablesmilies'] = 0;
 402      }
 403  
 404      // Set up the post options from the input.
 405      $post['options'] = array(
 406          "signature" => $postoptions['signature'],
 407          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 408          "disablesmilies" => $postoptions['disablesmilies']
 409      );
 410  
 411      // Apply moderation options if we have them
 412      $post['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 413  
 414      $posthandler->set_data($post);
 415  
 416      // Now let the post handler do all the hard work.
 417      $valid_post = $posthandler->validate_post();
 418  
 419      $post_errors = array();
 420      // Fetch friendly error messages if this is an invalid post
 421      if(!$valid_post)
 422      {
 423          $post_errors = $posthandler->get_friendly_errors();
 424      }
 425  
 426      // Mark thread as read
 427      require_once  MYBB_ROOT."inc/functions_indicators.php";
 428      mark_thread_read($tid, $fid);
 429  
 430      // Check captcha image
 431      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 432      {
 433          require_once  MYBB_ROOT.'inc/class_captcha.php';
 434          $post_captcha = new captcha(false, "post_captcha");
 435  
 436          if($post_captcha->validate_captcha() == false)
 437          {
 438              // CAPTCHA validation failed
 439              foreach($post_captcha->get_errors() as $error)
 440              {
 441                  $post_errors[] = $error;
 442              }
 443          }
 444          else
 445          {
 446              $hide_captcha = true;
 447          }
 448  
 449          if($mybb->get_input('ajax', MyBB::INPUT_INT) && $post_captcha->type == 1)
 450          {
 451              $randomstr = random_str(5);
 452              $imagehash = md5(random_str(12));
 453  
 454              $imagearray = array(
 455                  "imagehash" => $imagehash,
 456                  "imagestring" => $randomstr,
 457                  "dateline" => TIME_NOW
 458              );
 459  
 460              $db->insert_query("captcha", $imagearray);
 461  
 462              //header("Content-type: text/html; charset={$lang->settings['charset']}");
 463              $data = '';
 464              $data .= "<captcha>$imagehash";
 465  
 466              if($hide_captcha)
 467              {
 468                  $data .= "|$randomstr";
 469              }
 470  
 471              $data .= "</captcha>";
 472  
 473              //header("Content-type: application/json; charset={$lang->settings['charset']}");
 474              $json_data = array("data" => $data);
 475          }
 476      }
 477  
 478      // One or more errors returned, fetch error list and throw to newreply page
 479      if(count($post_errors) > 0)
 480      {
 481          $reply_errors = inline_error($post_errors, '', $json_data);
 482          $mybb->input['action'] = "newreply";
 483      }
 484      else
 485      {
 486          $postinfo = $posthandler->insert_post();
 487          $pid = $postinfo['pid'];
 488          $visible = $postinfo['visible'];
 489          $closed = $postinfo['closed'];
 490  
 491          // Invalidate solved captcha
 492          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 493          {
 494              $post_captcha->invalidate_captcha();
 495          }
 496  
 497          $force_redirect = false;
 498  
 499          // Deciding the fate
 500          if($visible == -2)
 501          {
 502              // Draft post
 503              $lang->redirect_newreply = $lang->draft_saved;
 504              $url = "usercp.php?action=drafts";
 505          }
 506          elseif($visible == 1)
 507          {
 508              // Visible post
 509              $lang->redirect_newreply .= $lang->redirect_newreply_post;
 510              $url = get_post_link($pid, $tid)."#pid{$pid}";
 511          }
 512          else
 513          {
 514              // Moderated post
 515              $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;
 516              $url = get_thread_link($tid);
 517  
 518              // User must see moderation notice, regardless of redirect settings
 519              $force_redirect = true;
 520          }
 521  
 522          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 523          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 524          {
 525              // We quoted all posts - remove the entire cookie
 526              if($mybb->get_input('quoted_ids') == "all")
 527              {
 528                  my_unsetcookie("multiquote");
 529              }
 530              // Only quoted a few - attempt to remove them from the cookie
 531              else
 532              {
 533                  $quoted_ids = explode("|", $mybb->get_input('quoted_ids'));
 534                  $multiquote = explode("|", $mybb->cookies['multiquote']);
 535                  if(is_array($multiquote) && is_array($quoted_ids))
 536                  {
 537                      foreach($multiquote as $key => $quoteid)
 538                      {
 539                          // If this ID was quoted, remove it from the multiquote list
 540                          if(in_array($quoteid, $quoted_ids))
 541                          {
 542                              unset($multiquote[$key]);
 543                          }
 544                      }
 545                      // Still have an array - set the new cookie
 546                      if(is_array($multiquote))
 547                      {
 548                          $new_multiquote = implode(",", $multiquote);
 549                          my_setcookie("multiquote", $new_multiquote);
 550                      }
 551                      // Otherwise, unset it
 552                      else
 553                      {
 554                          my_unsetcookie("multiquote");
 555                      }
 556                  }
 557              }
 558          }
 559  
 560          $plugins->run_hooks("newreply_do_newreply_end");
 561  
 562          // This was a post made via the ajax quick reply - we need to do some special things here
 563          if($mybb->get_input('ajax', MyBB::INPUT_INT))
 564          {
 565              // Visible post
 566              if($visible == 1)
 567              {
 568                  // Set post counter
 569                  $postcounter = $thread['replies'] + 1;
 570  
 571                  if(is_moderator($fid, "canviewunapprove"))
 572                  {
 573                      $postcounter += $thread['unapprovedposts'];
 574                  }
 575                  if(is_moderator($fid, "canviewdeleted"))
 576                  {
 577                      $postcounter += $thread['deletedposts'];
 578                  }
 579  
 580                  // Was there a new post since we hit the quick reply button?
 581                  if($mybb->get_input('lastpid', MyBB::INPUT_INT))
 582                  {
 583                      $query = $db->simple_select("posts", "pid", "tid = '{$tid}' AND pid != '{$pid}'", array("order_by" => "pid", "order_dir" => "desc"));
 584                      $new_post = $db->fetch_array($query);
 585                      if($new_post['pid'] != $mybb->get_input('lastpid', MyBB::INPUT_INT))
 586                      {
 587                          redirect(get_thread_link($tid, 0, "lastpost"));
 588                      }
 589                  }
 590  
 591                  if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
 592                  {
 593                      $mybb->settings['postsperpage'] = 20;
 594                  }
 595  
 596                  // Lets see if this post is on the same page as the one we're viewing or not
 597                  // if it isn't, redirect us
 598                  if($perpage > 0 && (($postcounter) % $perpage) == 0)
 599                  {
 600                      $post_page = ($postcounter) / $mybb->settings['postsperpage'];
 601                  }
 602                  else
 603                  {
 604                      $post_page = (int)($postcounter / $mybb->settings['postsperpage']) + 1;
 605                  }
 606  
 607                  if($post_page > $mybb->get_input('from_page', MyBB::INPUT_INT))
 608                  {
 609                      redirect(get_thread_link($tid, 0, "lastpost"));
 610                      exit;
 611                  }
 612  
 613                  // Return the post HTML and display it inline
 614                  $query = $db->query("
 615                      SELECT u.*, u.username AS userusername, p.*, f.*, eu.username AS editusername
 616                      FROM ".TABLE_PREFIX."posts p
 617                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 618                      LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 619                      LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid)
 620                      WHERE p.pid='{$pid}'
 621                  ");
 622                  $post = $db->fetch_array($query);
 623  
 624                  // Now lets fetch all of the attachments for this post
 625                  $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
 626                  while($attachment = $db->fetch_array($query))
 627                  {
 628                      $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
 629                  }
 630  
 631                  // Establish altbg - may seem like this is backwards, but build_postbit reverses it
 632                  if(($postcounter - $mybb->settings['postsperpage']) % 2 != 0)
 633                  {
 634                      $altbg = "trow1";
 635                  }
 636                  else
 637                  {
 638                      $altbg = "trow2";
 639                  }
 640  
 641                  $charset = "UTF-8";
 642                  if($lang->settings['charset'])
 643                  {
 644                      $charset = $lang->settings['charset'];
 645                  }
 646  
 647                  require_once  MYBB_ROOT."inc/functions_post.php";
 648                  $pid = $post['pid'];
 649                  $post = build_postbit($post);
 650  
 651                  $data = '';
 652                  $data .= $post;
 653  
 654                  // Build a new posthash incase the user wishes to quick reply again
 655                  $new_posthash = md5($mybb->user['uid'].random_str());
 656                  $data .= "<script type=\"text/javascript\">\n";
 657                  $data .= "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
 658                  $data .= "if(typeof(inlineModeration) != 'undefined') {
 659                      $('#inlinemod_{$pid}').bind(\"click\", function(e) {
 660                          inlineModeration.checkItem();
 661                      });
 662                  }\n";
 663  
 664                  if($closed == 1)
 665                  {
 666                      $data .= "$('#quick_reply_form .trow1').removeClass('trow1 trow2').addClass('trow_shaded');\n";
 667                  }
 668                  else
 669                  {
 670                      $data .= "$('#quick_reply_form .trow_shaded').removeClass('trow_shaded').addClass('trow1');\n";
 671                  }
 672  
 673                  $data .= "</script>\n";
 674  
 675                  header("Content-type: application/json; charset={$lang->settings['charset']}");
 676                  echo json_encode(array("data" => $data));
 677  
 678                  exit;
 679              }
 680              // Post is in the moderation queue
 681              else
 682              {
 683                  redirect(get_thread_link($tid, 0, "lastpost"), $lang->redirect_newreply_moderation, "", true);
 684                  exit;
 685              }
 686          }
 687          else
 688          {
 689              $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 690              redirect($url, $lang->redirect_newreply, "", $force_redirect);
 691              exit;
 692          }
 693      }
 694  }
 695  
 696  // Show the newreply form.
 697  if($mybb->input['action'] == "newreply" || $mybb->input['action'] == "editdraft")
 698  {
 699      $plugins->run_hooks("newreply_start");
 700  
 701      $quote_ids = $multiquote_external = '';
 702      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 703      if(empty($mybb->input['previewpost']) && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment') && !$mybb->get_input('rem'))
 704      {
 705          $message = '';
 706          $quoted_posts = array();
 707          // Handle multiquote
 708          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 709          {
 710              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 711              foreach($multiquoted as $post)
 712              {
 713                  $quoted_posts[$post] = (int)$post;
 714              }
 715          }
 716          // Handle incoming 'quote' button
 717          if($replyto)
 718          {
 719              $quoted_posts[$replyto] = $replyto;
 720          }
 721  
 722          // Quoting more than one post - fetch them
 723          if(count($quoted_posts) > 0)
 724          {
 725              $external_quotes = 0;
 726              $quoted_posts = implode(",", $quoted_posts);
 727              $unviewable_forums = get_unviewable_forums();
 728              $inactiveforums = get_inactive_forums();
 729              if($unviewable_forums)
 730              {
 731                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 732              }
 733              if($inactiveforums)
 734              {
 735                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 736              }
 737  
 738              // Check group permissions if we can't view threads not started by us
 739              $group_permissions = forum_permissions();
 740              $onlyusfids = array();
 741              $onlyusforums = '';
 742              foreach($group_permissions as $gpfid => $forum_permissions)
 743              {
 744                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 745                  {
 746                      $onlyusfids[] = $gpfid;
 747                  }
 748              }
 749              if(!empty($onlyusfids))
 750              {
 751                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 752              }
 753  
 754              if(is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 755              {
 756                  $visible_where = "AND p.visible IN (-1,0,1)";
 757              }
 758              elseif(is_moderator($fid, 'canviewunapprove') && !is_moderator($fid, 'canviewdeleted'))
 759              {
 760                  $visible_where = "AND p.visible IN (0,1)";
 761              }
 762              elseif(!is_moderator($fid, 'canviewunapprove') && is_moderator($fid, 'canviewdeleted'))
 763              {
 764                  $visible_where = "AND p.visible IN (-1,1)";
 765              }
 766              else
 767              {
 768                  $visible_where = "AND p.visible=1";
 769              }
 770  
 771              require_once  MYBB_ROOT."inc/functions_posting.php";
 772              $query = $db->query("
 773                  SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 774                  FROM ".TABLE_PREFIX."posts p
 775                  LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 776                  LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 777                  WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 778              ");
 779              $load_all = $mybb->get_input('load_all_quotes', MyBB::INPUT_INT);
 780              while($quoted_post = $db->fetch_array($query))
 781              {
 782                  // Only show messages for the current thread
 783                  if($quoted_post['tid'] == $tid || $load_all == 1)
 784                  {
 785                      // If this post was the post for which a quote button was clicked, set the subject
 786                      if($replyto == $quoted_post['pid'])
 787                      {
 788                          $subject = preg_replace('#^RE:\s?#i', '', $quoted_post['subject']);
 789                          // Subject too long? Shorten it to avoid error message
 790                          if(my_strlen($subject) > 85)
 791                          {
 792                              $subject = my_substr($subject, 0, 82).'...';
 793                          }
 794                          $subject = "RE: ".$subject;
 795                      }
 796                      $message .= parse_quoted_message($quoted_post);
 797                      $quoted_ids[] = $quoted_post['pid'];
 798                  }
 799                  // Count the rest
 800                  else
 801                  {
 802                      ++$external_quotes;
 803                  }
 804              }
 805              if($mybb->settings['maxquotedepth'] != '0')
 806              {
 807                  $message = remove_message_quotes($message);
 808              }
 809              if($external_quotes > 0)
 810              {
 811                  if($external_quotes == 1)
 812                  {
 813                      $multiquote_text = $lang->multiquote_external_one;
 814                      $multiquote_deselect = $lang->multiquote_external_one_deselect;
 815                      $multiquote_quote = $lang->multiquote_external_one_quote;
 816                  }
 817                  else
 818                  {
 819                      $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 820                      $multiquote_deselect = $lang->multiquote_external_deselect;
 821                      $multiquote_quote = $lang->multiquote_external_quote;
 822                  }
 823                  eval("\$multiquote_external = \"".$templates->get("newreply_multiquote_external")."\";");
 824              }
 825              if(is_array($quoted_ids) && count($quoted_ids) > 0)
 826              {
 827                  $quoted_ids = implode("|", $quoted_ids);
 828              }
 829          }
 830      }
 831  
 832      if(isset($mybb->input['quoted_ids']))
 833      {
 834          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids', MyBB::INPUT_INT));
 835      }
 836  
 837      if(isset($mybb->input['previewpost']))
 838      {
 839          $previewmessage = $mybb->get_input('message');
 840      }
 841      if(empty($message))
 842      {
 843          $message = $mybb->get_input('message');
 844      }
 845      $message = htmlspecialchars_uni($message);
 846  
 847      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 848      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 849  
 850      // Set up the post options.
 851      if(!empty($mybb->input['previewpost']) || $reply_errors != '')
 852      {
 853          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 854  
 855          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 856          {
 857              $postoptionschecked['signature'] = " checked=\"checked\"";
 858          }
 859          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 860          {
 861              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 862          }
 863          $subscription_method = get_subscription_method($tid, $postoptions);
 864          $subject = $mybb->input['subject'];
 865      }
 866      elseif($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 867      {
 868          $message = htmlspecialchars_uni($post['message']);
 869          $subject = $post['subject'];
 870          if($post['includesig'] != 0)
 871          {
 872              $postoptionschecked['signature'] = " checked=\"checked\"";
 873          }
 874          if($post['smilieoff'] == 1)
 875          {
 876              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 877          }
 878          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 879          $mybb->input['icon'] = $post['icon'];
 880      }
 881      else
 882      {
 883          if($mybb->user['signature'] != '')
 884          {
 885              $postoptionschecked['signature'] = " checked=\"checked\"";
 886          }
 887          $subscription_method = get_subscription_method($tid);
 888      }
 889      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 890  
 891      if($forum['allowpicons'] != 0)
 892      {
 893          $posticons = get_post_icons();
 894      }
 895  
 896      // No subject?
 897      if(!isset($subject))
 898      {
 899          if(!empty($mybb->input['subject']))
 900          {
 901              $subject = $mybb->get_input('subject');
 902          }
 903          else
 904          {
 905              $subject = $thread_subject;
 906              // Subject too long? Shorten it to avoid error message
 907              if(my_strlen($subject) > 85)
 908              {
 909                  $subject = my_substr($subject, 0, 82).'...';
 910              }
 911              $subject = "RE: ".$subject;
 912          }
 913      }
 914  
 915      // Preview a post that was written.
 916      $preview = '';
 917      if(!empty($mybb->input['previewpost']))
 918      {
 919          // If this isn't a logged in user, then we need to do some special validation.
 920          if($mybb->user['uid'] == 0)
 921          {
 922              // If they didn't specify a username leave blank so $lang->guest can be used on output
 923              if(!$mybb->get_input('username'))
 924              {
 925                  $username = '';
 926              }
 927              // Otherwise use the name they specified.
 928              else
 929              {
 930                  $username = $mybb->get_input('username');
 931              }
 932              $uid = 0;
 933          }
 934          // This user is logged in.
 935          else
 936          {
 937              $username = $mybb->user['username'];
 938              $uid = $mybb->user['uid'];
 939          }
 940  
 941          // Set up posthandler.
 942          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 943          $posthandler = new PostDataHandler("insert");
 944          $posthandler->action = "post";
 945  
 946          // Set the post data that came from the input to the $post array.
 947          $post = array(
 948              "tid" => $mybb->get_input('tid', MyBB::INPUT_INT),
 949              "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT),
 950              "fid" => $thread['fid'],
 951              "subject" => $mybb->get_input('subject'),
 952              "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 953              "uid" => $uid,
 954              "username" => $username,
 955              "message" => $mybb->get_input('message'),
 956              "ipaddress" => $session->packedip,
 957              "posthash" => $mybb->get_input('posthash')
 958          );
 959  
 960          if(isset($mybb->input['pid']))
 961          {
 962              $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 963          }
 964  
 965          $posthandler->set_data($post);
 966  
 967          // Now let the post handler do all the hard work.
 968          $valid_post = $posthandler->verify_message();
 969          $valid_subject = $posthandler->verify_subject();
 970  
 971          // guest post --> verify author
 972          if($post['uid'] == 0)
 973          {
 974              $valid_username = $posthandler->verify_author();
 975          }
 976          else
 977          {
 978              $valid_username = true;
 979          }
 980  
 981          $post_errors = array();
 982          // Fetch friendly error messages if this is an invalid post
 983          if(!$valid_post || !$valid_subject || !$valid_username)
 984          {
 985              $post_errors = $posthandler->get_friendly_errors();
 986          }
 987  
 988          // One or more errors returned, fetch error list and throw to newreply page
 989          if(count($post_errors) > 0)
 990          {
 991              $reply_errors = inline_error($post_errors);
 992          }
 993          else
 994          {
 995              $quote_ids = htmlspecialchars_uni($mybb->get_input('quote_ids'));
 996              $mybb->input['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 997              $query = $db->query("
 998                  SELECT u.*, f.*
 999                  FROM ".TABLE_PREFIX."users u
1000                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
1001                  WHERE u.uid='".$mybb->user['uid']."'
1002              ");
1003              $post = $db->fetch_array($query);
1004              $post['username'] = $username;
1005              if($mybb->user['uid'])
1006              {
1007                  $post['userusername'] = $mybb->user['username'];
1008              }
1009              $post['message'] = $previewmessage;
1010              $post['subject'] = $subject;
1011              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
1012              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
1013              if(isset($mybb->input['postoptions']['disablesmilies']))
1014              {
1015                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
1016              }
1017              $post['dateline'] = TIME_NOW;
1018              if(isset($mybb->input['postoptions']['signature']))
1019              {
1020                  $post['includesig'] = $mybb->input['postoptions']['signature'];
1021              }
1022              if(!isset($post['includesig']) || $post['includesig'] != 1)
1023              {
1024                  $post['includesig'] = 0;
1025              }
1026  
1027              // Fetch attachments assigned to this post.
1028              if($mybb->get_input('pid', MyBB::INPUT_INT))
1029              {
1030                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
1031              }
1032              else
1033              {
1034                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
1035              }
1036  
1037              $query = $db->simple_select("attachments", "*", $attachwhere);
1038              while($attachment = $db->fetch_array($query))
1039              {
1040                  $attachcache[0][$attachment['aid']] = $attachment;
1041              }
1042  
1043              $postbit = build_postbit($post, 1);
1044              eval("\$preview = \"".$templates->get("previewpost")."\";");
1045          }
1046      }
1047  
1048      $subject = htmlspecialchars_uni($parser->parse_badwords($subject));
1049  
1050      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
1051  
1052      // Do we have attachment errors?
1053      if(count($errors) > 0)
1054      {
1055          $reply_errors = inline_error($errors);
1056      }
1057  
1058      // Get a listing of the current attachments.
1059      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
1060      {
1061          $attachcount = 0;
1062          if($pid)
1063          {
1064              $attachwhere = "pid='$pid'";
1065          }
1066          else
1067          {
1068              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
1069          }
1070          $attachments = '';
1071          $query = $db->simple_select("attachments", "*", $attachwhere);
1072          while($attachment = $db->fetch_array($query))
1073          {
1074              $attachment['size'] = get_friendly_size($attachment['filesize']);
1075              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
1076              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
1077  
1078              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
1079              {
1080                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
1081              }
1082  
1083              $attach_mod_options = '';
1084              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
1085  
1086              if($attachment['visible'] != 1)
1087              {
1088                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
1089              }
1090              else
1091              {
1092                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
1093              }
1094              $attachcount++;
1095          }
1096  
1097          $noshowattach = '';
1098          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
1099          $usage = $db->fetch_array($query);
1100  
1101          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
1102          {
1103              $noshowattach = 1;
1104          }
1105  
1106          if($mybb->usergroup['attachquota'] == 0)
1107          {
1108              $friendlyquota = $lang->unlimited;
1109          }
1110          else
1111          {
1112              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
1113          }
1114  
1115          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
1116          if($usage['ausage'] !== NULL)
1117          {
1118              $friendlyusage = get_friendly_size($usage['ausage']);
1119              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
1120              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
1121          }
1122          else
1123          {
1124              $lang->attach_usage = "";
1125          }
1126          
1127          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
1128          {
1129              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1130          }
1131  
1132          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1133          {
1134              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1135          }
1136  
1137          if($attach_add_options || $attach_update_options)
1138          {
1139              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1140          }
1141  
1142          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1143      }
1144  
1145      // If the user is logged in, provide a save draft button.
1146      if($mybb->user['uid'])
1147      {
1148          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1149      }
1150  
1151      // Show captcha image for guests if enabled
1152      $captcha = '';
1153      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1154      {
1155          $correct = false;
1156          require_once  MYBB_ROOT.'inc/class_captcha.php';
1157          $post_captcha = new captcha(false, "post_captcha");
1158  
1159          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1160          {
1161              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1162              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1163              if($post_captcha->validate_captcha() == true)
1164              {
1165                  $correct = true;
1166  
1167                  // Generate a hidden list of items for our captcha
1168                  $captcha = $post_captcha->build_hidden_captcha();
1169              }
1170          }
1171  
1172          if(!$correct)
1173          {
1174              if($post_captcha->type == 1)
1175              {
1176                  $post_captcha->build_captcha();
1177              }
1178              elseif(in_array($post_captcha->type, array(4, 5)))
1179              {
1180                  $post_captcha->build_recaptcha();
1181              }
1182          }
1183          else if($correct && (in_array($post_captcha->type, array(4, 5))))
1184          {
1185              $post_captcha->build_recaptcha();
1186          }
1187  
1188          if($post_captcha->html)
1189          {
1190              $captcha = $post_captcha->html;
1191          }
1192      }
1193  
1194      $reviewmore = '';
1195      if($mybb->settings['threadreview'] != 0)
1196      {
1197          if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1198          {
1199              $mybb->settings['postsperpage'] = 20;
1200          }
1201  
1202          if(is_moderator($fid, "canviewunapprove") || $mybb->settings['showownunapproved'])
1203          {
1204              $visibility = "(visible='1' OR visible='0')";
1205          }
1206          else
1207          {
1208              $visibility = "visible='1'";
1209          }
1210          $query = $db->simple_select("posts", "COUNT(pid) AS post_count", "tid='{$tid}' AND {$visibility}");
1211          $numposts = $db->fetch_field($query, "post_count");
1212  
1213          if(!$mybb->settings['postsperpage'] || (int)$mybb->settings['postsperpage'] < 1)
1214          {
1215              $mybb->settings['postsperpage'] = 20;
1216          }
1217  
1218          if($numposts > $mybb->settings['postsperpage'])
1219          {
1220              $numposts = $mybb->settings['postsperpage'];
1221              $lang->thread_review_more = $lang->sprintf($lang->thread_review_more, $mybb->settings['postsperpage'], get_thread_link($tid));
1222              eval("\$reviewmore = \"".$templates->get("newreply_threadreview_more")."\";");
1223          }
1224  
1225          $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND {$visibility}", array("order_by" => "dateline", "order_dir" => "desc", "limit" => $mybb->settings['postsperpage']));
1226          while($post = $db->fetch_array($query))
1227          {
1228              $pidin[] = $post['pid'];
1229          }
1230  
1231          $pidin = implode(",", $pidin);
1232  
1233          // Fetch attachments
1234          $query = $db->simple_select("attachments", "*", "pid IN ($pidin)");
1235          while($attachment = $db->fetch_array($query))
1236          {
1237              $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
1238          }
1239          $query = $db->query("
1240              SELECT p.*, u.username AS userusername
1241              FROM ".TABLE_PREFIX."posts p
1242              LEFT JOIN ".TABLE_PREFIX."users u ON (p.uid=u.uid)
1243              WHERE pid IN ($pidin)
1244              ORDER BY dateline DESC
1245          ");
1246          $postsdone = 0;
1247          $altbg = "trow1";
1248          $reviewbits = '';
1249          while($post = $db->fetch_array($query))
1250          {
1251              if($post['userusername'])
1252              {
1253                  $post['username'] = $post['userusername'];
1254              }
1255              $reviewpostdate = my_date('relative', $post['dateline']);
1256              $parser_options = array(
1257                  "allow_html" => $forum['allowhtml'],
1258                  "allow_mycode" => $forum['allowmycode'],
1259                  "allow_smilies" => $forum['allowsmilies'],
1260                  "allow_imgcode" => $forum['allowimgcode'],
1261                  "allow_videocode" => $forum['allowvideocode'],
1262                  "me_username" => $post['username'],
1263                  "filter_badwords" => 1
1264              );
1265              if($post['smilieoff'] == 1)
1266              {
1267                  $parser_options['allow_smilies'] = 0;
1268              }
1269  
1270              if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
1271              {
1272                  $parser_options['allow_imgcode'] = 0;
1273              }
1274  
1275              if($mybb->user['showvideos'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestvideos'] != 1 && $mybb->user['uid'] == 0)
1276              {
1277                  $parser_options['allow_videocode'] = 0;
1278              }
1279  
1280              $post['username'] = htmlspecialchars_uni($post['username']);
1281  
1282              if($post['visible'] != 1)
1283              {
1284                  $altbg = "trow_shaded";
1285              }
1286  
1287              $post['message'] = $parser->parse_message($post['message'], $parser_options);
1288              get_post_attachments($post['pid'], $post);
1289              $reviewmessage = $post['message'];
1290              eval("\$reviewbits .= \"".$templates->get("newreply_threadreview_post")."\";");
1291              if($altbg == "trow1")
1292              {
1293                  $altbg = "trow2";
1294              }
1295              else
1296              {
1297                  $altbg = "trow1";
1298              }
1299          }
1300          eval("\$threadreview = \"".$templates->get("newreply_threadreview")."\";");
1301      }
1302  
1303      // Hide signature option if no permission
1304      $signature = '';
1305      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
1306      {
1307          eval("\$signature = \"".$templates->get('newreply_signature')."\";");
1308      }
1309  
1310      // Can we disable smilies or are they disabled already?
1311      $disablesmilies = '';
1312      if($forum['allowsmilies'] != 0)
1313      {
1314          eval("\$disablesmilies = \"".$templates->get("newreply_disablesmilies")."\";");
1315      }
1316  
1317      $postoptions = '';
1318      if(!empty($signature) || !empty($disablesmilies))
1319      {
1320          eval("\$postoptions = \"".$templates->get("newreply_postoptions")."\";");
1321          $bgcolor = "trow2";
1322      }
1323      else
1324      {
1325          $bgcolor = "trow1";
1326      }
1327  
1328      $modoptions = '';
1329      // Show the moderator options.
1330      if(is_moderator($fid))
1331      {
1332          if($mybb->get_input('processed', MyBB::INPUT_INT))
1333          {
1334              $mybb->input['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
1335              if(!isset($mybb->input['modoptions']['closethread']))
1336              {
1337                  $mybb->input['modoptions']['closethread'] = 0;
1338              }
1339              $closed = (int)$mybb->input['modoptions']['closethread'];
1340              if(!isset($mybb->input['modoptions']['stickthread']))
1341              {
1342                  $mybb->input['modoptions']['stickthread'] = 0;
1343              }
1344              $stuck = (int)$mybb->input['modoptions']['stickthread'];
1345          }
1346          else
1347          {
1348              $closed = $thread['closed'];
1349              $stuck = $thread['sticky'];
1350          }
1351  
1352          if($closed)
1353          {
1354              $closecheck = ' checked="checked"';
1355          }
1356          else
1357          {
1358              $closecheck = '';
1359          }
1360  
1361          if($stuck)
1362          {
1363              $stickycheck = ' checked="checked"';
1364          }
1365          else
1366          {
1367              $stickycheck = '';
1368          }
1369  
1370          $closeoption = '';
1371          if(is_moderator($thread['fid'], "canopenclosethreads"))
1372          {
1373              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
1374          }
1375  
1376          $stickoption = '';
1377          if(is_moderator($thread['fid'], "canstickunstickthreads"))
1378          {
1379              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
1380          }
1381  
1382          if(!empty($closeoption) || !empty($stickoption))
1383          {
1384              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
1385              $bgcolor = "trow1";
1386          }
1387          else
1388          {
1389              $bgcolor = "trow2";
1390          }
1391      }
1392      else
1393      {
1394          $bgcolor = "trow2";
1395      }
1396  
1397      // Fetch subscription select box
1398      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
1399  
1400      $lang->post_reply_to = $lang->sprintf($lang->post_reply_to, $thread['subject']);
1401      $lang->reply_to = $lang->sprintf($lang->reply_to, $thread['subject']);
1402  
1403      // Do we have any forum rules to show for this forum?
1404      $forumrules = '';
1405      if($forum['rulestype'] >= 2 && $forum['rules'])
1406      {
1407          if(!$forum['rulestitle'])
1408          {
1409              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1410          }
1411  
1412          if(!$parser)
1413          {
1414              require_once  MYBB_ROOT.'inc/class_parser.php';
1415              $parser = new postParser;
1416          }
1417  
1418          $rules_parser = array(
1419              "allow_html" => 1,
1420              "allow_mycode" => 1,
1421              "allow_smilies" => 1,
1422              "allow_imgcode" => 1
1423          );
1424  
1425          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1426          $foruminfo = $forum;
1427  
1428          if($forum['rulestype'] == 3)
1429          {
1430              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1431          }
1432          else if($forum['rulestype'] == 2)
1433          {
1434              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1435          }
1436      }
1437  
1438      $moderation_notice = '';
1439      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1440      {
1441          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1442          {
1443              $moderation_text = $lang->moderation_forum_attachments;
1444              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1445          }
1446      }
1447      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1448      {
1449          if($forumpermissions['modposts'] == 1)
1450          {
1451              $moderation_text = $lang->moderation_forum_posts;
1452              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1453          }
1454  
1455          if($mybb->user['moderateposts'] == 1)
1456          {
1457              $moderation_text = $lang->moderation_user_posts;
1458              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1459          }
1460      }
1461  
1462      $php_max_upload_filesize = return_bytes(ini_get('max_upload_filesize'));
1463      $php_post_max_size = return_bytes(ini_get('post_max_size'));
1464  
1465      if ($php_max_upload_filesize != 0 && $php_post_max_size != 0)
1466      {
1467          $php_max_upload_size = min($php_max_upload_filesize, $php_post_max_size);
1468      }
1469      else
1470      {
1471          $php_max_upload_size = max($php_max_upload_filesize, $php_post_max_size);
1472      }
1473  
1474      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1475      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1476  
1477      $plugins->run_hooks("newreply_end");
1478  
1479      $forum['name'] = strip_tags($forum['name']);
1480  
1481      eval("\$newreply = \"".$templates->get("newreply")."\";");
1482      output_page($newreply);
1483  }


2005 - 2019 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1