[ Index ]

PHP Cross Reference of MyBB 1.8.19

title

Body

[close]

/ -> newthread.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newthread.php');
  13  
  14  $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,postbit,post_attachments_attachment_unapproved,newreply_modoptions_close,newreply_modoptions_stick";
  15  $templatelist .= ",newthread_disablesmilies,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove,postbit_warninglevel_formatted,postbit_icon";
  16  $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_signature,post_prefixselect_prefix,post_prefixselect_single,posticons_icon";
  17  $templatelist .= ",post_captcha_hidden,post_captcha_recaptcha_invisible,post_captcha_nocaptcha,post_javascript,postbit_gotopost,newthread_postoptions,post_attachments_add,post_attachments_viewlink";
  18  $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest,post_captcha";
  19  $templatelist .= ",postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_reputation_formatted_link,post_attachments_update,postbit_offline,newreply_modoptions,newthread_multiquote_external";
  21  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,newthread_draftinput,global_moderation_notice,postbit_online,postbit_away,attachment_icon,postbit_userstar,postbit_groupimage";
  22  
  23  require_once  "./global.php";
  24  require_once  MYBB_ROOT."inc/functions_post.php";
  25  require_once  MYBB_ROOT."inc/functions_user.php";
  26  
  27  // Load global language phrases
  28  $lang->load("newthread");
  29  
  30  $tid = $pid = 0;
  31  $mybb->input['action'] = $mybb->get_input('action');
  32  $mybb->input['tid'] = $mybb->get_input('tid', MyBB::INPUT_INT);
  33  $mybb->input['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
  34  if($mybb->input['action'] == "editdraft" || ($mybb->get_input('savedraft') && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid']))
  35  {
  36      $thread = get_thread($mybb->input['tid']);
  37  
  38      $query = $db->simple_select("posts", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."' AND visible='-2'", array('order_by' => 'dateline', 'limit' => 1));
  39      $post = $db->fetch_array($query);
  40  
  41      if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])
  42      {
  43          error($lang->invalidthread);
  44      }
  45  
  46      $pid = $post['pid'];
  47      $fid = $thread['fid'];
  48      $tid = $thread['tid'];
  49      eval("\$editdraftpid = \"".$templates->get("newthread_draftinput")."\";");
  50  }
  51  else
  52  {
  53      $fid = $mybb->get_input('fid', MyBB::INPUT_INT);
  54      $editdraftpid = '';
  55  }
  56  
  57  // Fetch forum information.
  58  $forum = get_forum($fid);
  59  if(!$forum)
  60  {
  61      error($lang->error_invalidforum);
  62  }
  63  
  64  // Draw the navigation
  65  build_forum_breadcrumb($fid);
  66  add_breadcrumb($lang->nav_newthread);
  67  
  68  $forumpermissions = forum_permissions($fid);
  69  
  70  if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "")
  71  {
  72      error($lang->error_closedinvalidforum);
  73  }
  74  
  75  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0)
  76  {
  77      error_no_permission();
  78  }
  79  
  80  if($mybb->user['suspendposting'] == 1)
  81  {
  82      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
  83      if($mybb->user['suspensiontime'])
  84      {
  85          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
  86      }
  87  
  88      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
  89  
  90      error($lang->error_suspendedposting);
  91  }
  92  
  93  // Check if this forum is password protected and we have a valid password
  94  check_forum_password($forum['fid']);
  95  
  96  // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter.
  97  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
  98  {
  99      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 100      if($forum['allowsmilies'] != 0)
 101      {
 102          $smilieinserter = build_clickable_smilies();
 103      }
 104  }
 105  
 106  // Does this forum allow post icons? If so, fetch the post icons.
 107  if($forum['allowpicons'] != 0)
 108  {
 109      $posticons = get_post_icons();
 110  }
 111  
 112  // If we have a currently logged in user then fetch the change user box.
 113  if($mybb->user['uid'] != 0)
 114  {
 115      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 116      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 117  }
 118  
 119  // Otherwise we have a guest, determine the "username" and get the login box.
 120  else
 121  {
 122      if(!isset($mybb->input['previewpost']) && $mybb->input['action'] != "do_newthread")
 123      {
 124          $username = '';
 125      }
 126      else
 127      {
 128          $username = htmlspecialchars_uni($mybb->get_input('username'));
 129      }
 130      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 131  }
 132  
 133  // If we're not performing a new thread insert and not editing a draft then we're posting a new thread.
 134  if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft")
 135  {
 136      $mybb->input['action'] = "newthread";
 137  }
 138  
 139  // Previewing a post, overwrite the action to the new thread action.
 140  if(!empty($mybb->input['previewpost']))
 141  {
 142      $mybb->input['action'] = "newthread";
 143  }
 144  
 145  // Setup a unique posthash for attachment management
 146  if(!$mybb->get_input('posthash') && !$pid)
 147  {
 148      $mybb->input['posthash'] = md5($mybb->user['uid'].random_str());
 149  }
 150  
 151  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 152  {
 153      error($lang->error_empty_post_input);
 154  }
 155  
 156  $errors = array();
 157  $maximageserror = $attacherror = '';
 158  
 159  // Handle attachments if we've got any.
 160  if($mybb->settings['enableattachments'] == 1 && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit') && $_FILES['attachment'])))
 161  {
 162      // Verify incoming POST request
 163      verify_post_check($mybb->get_input('my_post_key'));
 164  
 165      if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 166      {
 167          $attachwhere = "pid='{$pid}'";
 168      }
 169      else
 170      {
 171          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 172      }
 173  
 174      require_once  MYBB_ROOT."inc/functions_upload.php";
 175  
 176      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newthread");
 177  
 178      if(!empty($ret['errors']))
 179      {
 180          $errors = $ret['errors'];
 181      }
 182  
 183      // If we were dealing with an attachment but didn't click 'Post Thread', force the new thread page again.
 184      if(!$mybb->get_input('submit'))
 185      {
 186          $mybb->input['action'] = "newthread";
 187      }
 188  }
 189  
 190  // Are we removing an attachment from the thread?
 191  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 192  {
 193      // Verify incoming POST request
 194      verify_post_check($mybb->get_input('my_post_key'));
 195  
 196      require_once  MYBB_ROOT."inc/functions_upload.php";
 197      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 198      if(!$mybb->get_input('submit'))
 199      {
 200          $mybb->input['action'] = "newthread";
 201      }
 202  }
 203  
 204  $thread_errors = "";
 205  $hide_captcha = false;
 206  
 207  // Check the maximum posts per day for this user
 208  if($mybb->usergroup['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1)
 209  {
 210      $daycut = TIME_NOW-60*60*24;
 211      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}");
 212      $post_count = $db->fetch_field($query, "posts_today");
 213      if($post_count >= $mybb->usergroup['maxposts'])
 214      {
 215          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 216          error($lang->error_maxposts);
 217      }
 218  }
 219  
 220  // Performing the posting of a new thread.
 221  if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post")
 222  {
 223      // Verify incoming POST request
 224      verify_post_check($mybb->get_input('my_post_key'));
 225  
 226      $plugins->run_hooks("newthread_do_newthread_start");
 227  
 228      // If this isn't a logged in user, then we need to do some special validation.
 229      if($mybb->user['uid'] == 0)
 230      {
 231          // If they didn't specify a username leave blank so $lang->guest can be used on output
 232          if(!$mybb->get_input('username'))
 233          {
 234              $username = '';
 235          }
 236          // Otherwise use the name they specified.
 237          else
 238          {
 239              $username = $mybb->get_input('username');
 240          }
 241          $uid = 0;
 242  
 243          if(!$mybb->user['uid'] && $mybb->settings['stopforumspam_on_newthread'])
 244          {
 245              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 246  
 247              $stop_forum_spam_checker = new StopForumSpamChecker(
 248                  $plugins,
 249                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 250                  $mybb->settings['stopforumspam_check_usernames'],
 251                  $mybb->settings['stopforumspam_check_emails'],
 252                  $mybb->settings['stopforumspam_check_ips'],
 253                  $mybb->settings['stopforumspam_log_blocks']
 254              );
 255  
 256              try {
 257                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 258                  {
 259                      $errors[] = $lang->sprintf($lang->error_stop_forum_spam_spammer,
 260                          $stop_forum_spam_checker->getErrorText(array(
 261                              'stopforumspam_check_usernames',
 262                              'stopforumspam_check_ips'
 263                              )));
 264                  }
 265              }
 266              catch (Exception $e)
 267              {
 268                  if($mybb->settings['stopforumspam_block_on_error'])
 269                  {
 270                      $errors[] = $lang->error_stop_forum_spam_fetching;
 271                  }
 272              }
 273          }
 274      }
 275      // This user is logged in.
 276      else
 277      {
 278          $username = $mybb->user['username'];
 279          $uid = $mybb->user['uid'];
 280      }
 281  
 282      // Attempt to see if this post is a duplicate or not
 283      if($uid > 0)
 284      {
 285          $user_check = "p.uid='{$uid}'";
 286      }
 287      else
 288      {
 289          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 290      }
 291      if(!$mybb->get_input('savedraft') && !$pid)
 292      {
 293          $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.dateline>".(TIME_NOW-600));
 294          $duplicate_check = $db->fetch_field($query, "pid");
 295          if($duplicate_check)
 296          {
 297              error($lang->error_post_already_submitted);
 298          }
 299      }
 300  
 301      // Set up posthandler.
 302      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 303      $posthandler = new PostDataHandler("insert");
 304      $posthandler->action = "thread";
 305  
 306      // Set the thread data that came from the input to the $thread array.
 307      $new_thread = array(
 308          "fid" => $forum['fid'],
 309          "subject" => $mybb->get_input('subject'),
 310          "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 311          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 312          "uid" => $uid,
 313          "username" => $username,
 314          "message" => $mybb->get_input('message'),
 315          "ipaddress" => $session->packedip,
 316          "posthash" => $mybb->get_input('posthash')
 317      );
 318  
 319      if($pid != '')
 320      {
 321          $new_thread['pid'] = $pid;
 322      }
 323  
 324      // Are we saving a draft thread?
 325      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 326      {
 327          $new_thread['savedraft'] = 1;
 328      }
 329      else
 330      {
 331          $new_thread['savedraft'] = 0;
 332      }
 333  
 334      // Is this thread already a draft and we're updating it?
 335      if(isset($thread['tid']) && $thread['visible'] == -2)
 336      {
 337          $new_thread['tid'] = $thread['tid'];
 338      }
 339  
 340      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 341      if(!isset($postoptions['signature']))
 342      {
 343          $postoptions['signature'] = 0;
 344      }
 345      if(!isset($postoptions['subscriptionmethod']))
 346      {
 347          $postoptions['subscriptionmethod'] = 0;
 348      }
 349      if(!isset($postoptions['disablesmilies']))
 350      {
 351          $postoptions['disablesmilies'] = 0;
 352      }
 353  
 354      // Set up the thread options from the input.
 355      $new_thread['options'] = array(
 356          "signature" => $postoptions['signature'],
 357          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 358          "disablesmilies" => $postoptions['disablesmilies']
 359      );
 360  
 361      // Apply moderation options if we have them
 362      $new_thread['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 363  
 364      $posthandler->set_data($new_thread);
 365  
 366      // Now let the post handler do all the hard work.
 367      $valid_thread = $posthandler->validate_thread();
 368  
 369      $post_errors = array();
 370      // Fetch friendly error messages if this is an invalid thread
 371      if(!$valid_thread)
 372      {
 373          $post_errors = $posthandler->get_friendly_errors();
 374      }
 375  
 376      // Check captcha image
 377      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 378      {
 379          require_once  MYBB_ROOT.'inc/class_captcha.php';
 380          $post_captcha = new captcha;
 381  
 382          if($post_captcha->validate_captcha() == false)
 383          {
 384              // CAPTCHA validation failed
 385              foreach($post_captcha->get_errors() as $error)
 386              {
 387                  $post_errors[] = $error;
 388              }
 389          }
 390          else
 391          {
 392              $hide_captcha = true;
 393          }
 394      }
 395  
 396      // One or more errors returned, fetch error list and throw to newthread page
 397      if(count($post_errors) > 0)
 398      {
 399          $thread_errors = inline_error($post_errors);
 400          $mybb->input['action'] = "newthread";
 401      }
 402      // No errors were found, it is safe to insert the thread.
 403      else
 404      {
 405          $thread_info = $posthandler->insert_thread();
 406          $tid = $thread_info['tid'];
 407          $visible = $thread_info['visible'];
 408  
 409          // Invalidate solved captcha
 410          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 411          {
 412              $post_captcha->invalidate_captcha();
 413          }
 414  
 415          $force_redirect = false;
 416  
 417          // Mark thread as read
 418          require_once  MYBB_ROOT."inc/functions_indicators.php";
 419          mark_thread_read($tid, $fid);
 420  
 421          // We were updating a draft thread, send them back to the draft listing.
 422          if($new_thread['savedraft'] == 1)
 423          {
 424              $lang->redirect_newthread = $lang->draft_saved;
 425              $url = "usercp.php?action=drafts";
 426          }
 427  
 428          // A poll was being posted with this thread, throw them to poll posting page.
 429          else if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls'])
 430          {
 431              $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 432              $lang->redirect_newthread .= $lang->redirect_newthread_poll;
 433          }
 434  
 435          // This thread is stuck in the moderation queue, send them back to the forum.
 436          else if(!$visible)
 437          {
 438              // Moderated thread
 439              $lang->redirect_newthread .= $lang->redirect_newthread_moderation;
 440              $url = get_forum_link($fid);
 441  
 442              // User must see moderation notice, regardless of redirect settings
 443              $force_redirect = true;
 444          }
 445  
 446          // The thread is being made in a forum the user cannot see threads in, send them back to the forum.
 447          else if($visible == 1 && $forumpermissions['canviewthreads'] != 1)
 448          {
 449              $lang->redirect_newthread .= $lang->redirect_newthread_unviewable;
 450              $url = get_forum_link($fid);
 451  
 452              // User must see permission notice, regardless of redirect settings
 453              $force_redirect = true;
 454          }
 455  
 456          // This is just a normal thread - send them to it.
 457          else
 458          {
 459              // Visible thread
 460              $lang->redirect_newthread .= $lang->redirect_newthread_thread;
 461              $url = get_thread_link($tid);
 462          }
 463  
 464          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 465          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 466          {
 467              // We quoted all posts - remove the entire cookie
 468              if($mybb->get_input('quoted_ids') == "all")
 469              {
 470                  my_unsetcookie("multiquote");
 471              }
 472          }
 473  
 474          $plugins->run_hooks("newthread_do_newthread_end");
 475  
 476          // Hop to it! Send them to the next page.
 477          if(!$mybb->get_input('postpoll', MyBB::INPUT_INT))
 478          {
 479              $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 480          }
 481          redirect($url, $lang->redirect_newthread, "", $force_redirect);
 482      }
 483  }
 484  
 485  if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft")
 486  {
 487      $plugins->run_hooks("newthread_start");
 488  
 489      // Do we have attachment errors?
 490      if(count($errors) > 0)
 491      {
 492          $thread_errors = inline_error($errors);
 493      }
 494  
 495      $multiquote_external = $quoted_ids = '';
 496  
 497      $subject = $message = '';
 498      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 499      if(empty($mybb->input['previewpost']) && !$thread_errors && $mybb->input['action'] != "editdraft")
 500      {
 501          $quoted_posts = array();
 502          // Handle multiquote
 503          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 504          {
 505              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 506              foreach($multiquoted as $post)
 507              {
 508                  $quoted_posts[$post] = (int)$post;
 509              }
 510          }
 511  
 512          // Quoting more than one post - fetch them
 513          if(count($quoted_posts) > 0)
 514          {
 515              $external_quotes = 0;
 516              $quoted_posts = implode(",", $quoted_posts);
 517              $unviewable_forums = get_unviewable_forums();
 518              $inactiveforums = get_inactive_forums();
 519              if($unviewable_forums)
 520              {
 521                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 522              }
 523              if($inactiveforums)
 524              {
 525                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 526              }
 527  
 528              if(is_moderator($fid))
 529              {
 530                  $visible_where = "AND p.visible != 2";
 531              }
 532              else
 533              {
 534                  $visible_where = "AND p.visible > 0";
 535              }
 536  
 537              // Check group permissions if we can't view threads not started by us
 538              $group_permissions = forum_permissions();
 539              $onlyusfids = array();
 540              $onlyusforums = '';
 541              foreach($group_permissions as $gpfid => $forum_permissions)
 542              {
 543                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 544                  {
 545                      $onlyusfids[] = $gpfid;
 546                  }
 547              }
 548              if(!empty($onlyusfids))
 549              {
 550                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 551              }
 552  
 553              if($mybb->get_input('load_all_quotes', MyBB::INPUT_INT) == 1)
 554              {
 555                  $query = $db->query("
 556                      SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 557                      FROM ".TABLE_PREFIX."posts p
 558                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 559                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 560                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 561                      ORDER BY p.dateline
 562                  ");
 563                  while($quoted_post = $db->fetch_array($query))
 564                  {
 565                      if($quoted_post['userusername'])
 566                      {
 567                          $quoted_post['username'] = $quoted_post['userusername'];
 568                      }
 569                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
 570                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
 571                      $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
 572                      $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n";
 573                  }
 574  
 575                  $quoted_ids = "all";
 576              }
 577              else
 578              {
 579                  $query = $db->query("
 580                      SELECT COUNT(*) AS quotes
 581                      FROM ".TABLE_PREFIX."posts p
 582                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 583                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 584                  ");
 585                  $external_quotes = $db->fetch_field($query, 'quotes');
 586  
 587                  if($external_quotes > 0)
 588                  {
 589                      if($external_quotes == 1)
 590                      {
 591                          $multiquote_text = $lang->multiquote_external_one;
 592                          $multiquote_deselect = $lang->multiquote_external_one_deselect;
 593                          $multiquote_quote = $lang->multiquote_external_one_quote;
 594                      }
 595                      else
 596                      {
 597                          $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 598                          $multiquote_deselect = $lang->multiquote_external_deselect;
 599                          $multiquote_quote = $lang->multiquote_external_quote;
 600                      }
 601                      eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";");
 602                  }
 603              }
 604          }
 605      }
 606  
 607      if(isset($mybb->input['quoted_ids']))
 608      {
 609          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids'));
 610      }
 611  
 612      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 613      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 614      $postpollchecked = '';
 615  
 616      // Check the various post options if we're
 617      // a -> previewing a post
 618      // b -> removing an attachment
 619      // c -> adding a new attachment
 620      // d -> have errors from posting
 621  
 622      if(!empty($mybb->input['previewpost']) || $mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 623      {
 624          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 625          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 626          {
 627              $postoptionschecked['signature'] = " checked=\"checked\"";
 628          }
 629          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 630          {
 631              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 632          }
 633          if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1)
 634          {
 635              $postpollchecked = "checked=\"checked\"";
 636          }
 637          $subscription_method = get_subscription_method($tid, $postoptions);
 638          $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 639      }
 640  
 641      // Editing a draft thread
 642      else if($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 643      {
 644          $mybb->input['threadprefix'] = $thread['prefix'];
 645          $message = htmlspecialchars_uni($post['message']);
 646          $subject = htmlspecialchars_uni($post['subject']);
 647          if($post['includesig'] != 0)
 648          {
 649              $postoptionschecked['signature'] = " checked=\"checked\"";
 650          }
 651          if($post['smilieoff'] == 1)
 652          {
 653              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 654          }
 655          $icon = $post['icon'];
 656          if($forum['allowpicons'] != 0)
 657          {
 658              $posticons = get_post_icons();
 659          }
 660          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 661      }
 662  
 663      // Otherwise, this is our initial visit to this page.
 664      else
 665      {
 666          if($mybb->user['signature'] != '')
 667          {
 668              $postoptionschecked['signature'] = " checked=\"checked\"";
 669          }
 670          $subscription_method = get_subscription_method($tid); // Fresh thread, let the function set the appropriate method
 671          $numpolloptions = "2";
 672      }
 673  
 674      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 675      $preview = '';
 676  
 677      // If we're previewing a post then generate the preview.
 678      if(!empty($mybb->input['previewpost']))
 679      {
 680          // If this isn't a logged in user, then we need to do some special validation.
 681          if($mybb->user['uid'] == 0)
 682          {
 683              // If they didn't specify a username leave blank so $lang->guest can be used on output
 684              if(!$mybb->get_input('username'))
 685              {
 686                  $username = '';
 687              }
 688              // Otherwise use the name they specified.
 689              else
 690              {
 691                  $username = $mybb->get_input('username');
 692              }
 693              $uid = 0;
 694          }
 695          // This user is logged in.
 696          else
 697          {
 698              $username = $mybb->user['username'];
 699              $uid = $mybb->user['uid'];
 700          }
 701  
 702          // Set up posthandler.
 703          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 704          $posthandler = new PostDataHandler("insert");
 705          $posthandler->action = "thread";
 706  
 707          // Set the thread data that came from the input to the $thread array.
 708          $new_thread = array(
 709              "fid" => $forum['fid'],
 710              "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 711              "subject" => $mybb->get_input('subject'),
 712              "icon" => $mybb->get_input('icon'),
 713              "uid" => $uid,
 714              "username" => $username,
 715              "message" => $mybb->get_input('message'),
 716              "ipaddress" => $session->packedip,
 717              "posthash" => $mybb->get_input('posthash')
 718          );
 719  
 720          if($pid != '')
 721          {
 722              $new_thread['pid'] = $pid;
 723          }
 724  
 725          $posthandler->set_data($new_thread);
 726  
 727          // Now let the post handler do all the hard work.
 728          $valid_thread = $posthandler->verify_message();
 729          $valid_subject = $posthandler->verify_subject();
 730  
 731          // guest post --> verify author
 732          if($new_thread['uid'] == 0)
 733          {
 734              $valid_username = $posthandler->verify_author();
 735          }
 736          else
 737          {
 738              $valid_username = true;
 739          }
 740  
 741          $post_errors = array();
 742          // Fetch friendly error messages if this is an invalid post
 743          if(!$valid_thread || !$valid_subject || !$valid_username)
 744          {
 745              $post_errors = $posthandler->get_friendly_errors();
 746          }
 747  
 748          // One or more errors returned, fetch error list and throw to newreply page
 749          if(count($post_errors) > 0)
 750          {
 751              $thread_errors = inline_error($post_errors);
 752          }
 753          else
 754          {
 755              $query = $db->query("
 756                  SELECT u.*, f.*
 757                  FROM ".TABLE_PREFIX."users u
 758                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 759                  WHERE u.uid='".$mybb->user['uid']."'
 760              ");
 761              $post = $db->fetch_array($query);
 762              $post['username'] = $username;
 763              if($mybb->user['uid'])
 764              {
 765                  $post['userusername'] = $mybb->user['username'];
 766              }
 767              $previewmessage = $mybb->get_input('message');
 768              $post['message'] = $previewmessage;
 769              $post['subject'] = $mybb->get_input('subject');
 770              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 771              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 772              if(isset($mybb->input['postoptions']['disablesmilies']))
 773              {
 774                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
 775              }
 776              $post['dateline'] = TIME_NOW;
 777              if(isset($mybb->input['postoptions']['signature']))
 778              {
 779                  $post['includesig'] = $mybb->input['postoptions']['signature'];
 780              }
 781              if(!isset($post['includesig']) || $post['includesig'] != 1)
 782              {
 783                  $post['includesig'] = 0;
 784              }
 785  
 786              // Fetch attachments assigned to this post
 787              if($mybb->get_input('pid', MyBB::INPUT_INT))
 788              {
 789                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
 790              }
 791              else
 792              {
 793                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 794              }
 795  
 796              $query = $db->simple_select("attachments", "*", $attachwhere);
 797              while($attachment = $db->fetch_array($query))
 798              {
 799                  $attachcache[0][$attachment['aid']] = $attachment;
 800              }
 801  
 802              $postbit = build_postbit($post, 1);
 803              eval("\$preview = \"".$templates->get("previewpost")."\";");
 804          }
 805          $message = htmlspecialchars_uni($mybb->get_input('message'));
 806          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 807      }
 808  
 809      // Removing an attachment or adding a new one, or showing thread errors.
 810      else if($mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 811      {
 812          $message = htmlspecialchars_uni($mybb->get_input('message'));
 813          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 814      }
 815  
 816      // Generate thread prefix selector
 817      if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT))
 818      {
 819          $mybb->input['threadprefix'] = 0;
 820      }
 821  
 822      $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT));
 823  
 824      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
 825  
 826      // Hide signature option if no permission
 827      $signature = '';
 828      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
 829      {
 830          eval("\$signature = \"".$templates->get('newthread_signature')."\";");
 831      }
 832  
 833      // Can we disable smilies or are they disabled already?
 834      $disablesmilies = '';
 835      if($forum['allowsmilies'] != 0)
 836      {
 837          eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";");
 838      }
 839  
 840      $postoptions = '';
 841      if(!empty($signature) || !empty($disablesmilies))
 842      {
 843          eval("\$postoptions = \"".$templates->get("newthread_postoptions")."\";");
 844          $bgcolor = "trow2";
 845          $bgcolor2 = "trow1";
 846      }
 847      else
 848      {
 849          $bgcolor = "trow1";
 850          $bgcolor2 = "trow2";
 851      }
 852  
 853      $modoptions = '';
 854      // Show the moderator options
 855      if(is_moderator($fid))
 856      {
 857          $modoptions = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 858          if(isset($modoptions['closethread']) && $modoptions['closethread'] == 1)
 859          {
 860              $closecheck = "checked=\"checked\"";
 861          }
 862          else
 863          {
 864              $closecheck = '';
 865          }
 866          if(isset($modoptions['stickthread']) && $modoptions['stickthread'] == 1)
 867          {
 868              $stickycheck = "checked=\"checked\"";
 869          }
 870          else
 871          {
 872              $stickycheck = '';
 873          }
 874  
 875          $closeoption = '';
 876          if(is_moderator($thread['fid'], "canopenclosethreads"))
 877          {
 878              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
 879          }
 880  
 881          $stickoption = '';
 882          if(is_moderator($thread['fid'], "canstickunstickthreads"))
 883          {
 884              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
 885          }
 886  
 887          if(!empty($closeoption) || !empty($stickoption))
 888          {
 889              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
 890              $bgcolor = "trow1";
 891              $bgcolor2 = "trow2";
 892          }
 893          else
 894          {
 895              $bgcolor = "trow2";
 896              $bgcolor2 = "trow1";
 897          }
 898      }
 899      else
 900      {
 901          $bgcolor = "trow2";
 902          $bgcolor2 = "trow1";
 903      }
 904  
 905      // Fetch subscription select box
 906      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
 907  
 908      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
 909      { // Get a listing of the current attachments, if there are any
 910          $attachcount = 0;
 911          if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 912          {
 913              $attachwhere = "pid='$pid'";
 914          }
 915          else
 916          {
 917              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
 918          }
 919          $query = $db->simple_select("attachments", "*", $attachwhere);
 920          $attachments = '';
 921          while($attachment = $db->fetch_array($query))
 922          {
 923              $attachment['size'] = get_friendly_size($attachment['filesize']);
 924              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
 925              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
 926  
 927              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 928              {
 929                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 930              }
 931  
 932              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 933  
 934              $attach_mod_options = '';
 935              if($attachment['visible'] != 1)
 936              {
 937                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
 938              }
 939              else
 940              {
 941                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
 942              }
 943              $attachcount++;
 944          }
 945          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 946          $usage = $db->fetch_array($query);
 947          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
 948          {
 949              $noshowattach = 1;
 950          }
 951          if($mybb->usergroup['attachquota'] == 0)
 952          {
 953              $friendlyquota = $lang->unlimited;
 954          }
 955          else
 956          {
 957              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
 958          }
 959          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
 960          
 961          if($usage['ausage'] !== NULL)
 962          {
 963              $friendlyusage = get_friendly_size($usage['ausage']);
 964              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
 965              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
 966          }
 967          else
 968          {
 969              $lang->attach_usage = "";
 970          }
 971          
 972          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !isset($noshowattach))
 973          {
 974              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
 975          }
 976  
 977          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
 978          {
 979              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
 980          }
 981  
 982          if($attach_add_options || $attach_update_options)
 983          {
 984              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
 985          }
 986          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
 987  
 988          $bgcolor = alt_trow();
 989      }
 990  
 991      if($mybb->user['uid'])
 992      {
 993          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
 994      }
 995  
 996      $captcha = '';
 997  
 998      // Show captcha image for guests if enabled
 999      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1000      {
1001          $correct = false;
1002          require_once  MYBB_ROOT.'inc/class_captcha.php';
1003          $post_captcha = new captcha(false, "post_captcha");
1004  
1005          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1006          {
1007              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1008              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1009              if($post_captcha->validate_captcha() == true)
1010              {
1011                  $correct = true;
1012  
1013                  // Generate a hidden list of items for our captcha
1014                  $captcha = $post_captcha->build_hidden_captcha();
1015              }
1016          }
1017  
1018          if(!$correct)
1019          {
1020               if($post_captcha->type == 1)
1021              {
1022                  $post_captcha->build_captcha();
1023              }
1024              elseif(in_array($post_captcha->type, array(4, 5)))
1025              {
1026                  $post_captcha->build_recaptcha();
1027              }
1028          }
1029          else if($correct && (in_array($post_captcha->type, array(4, 5))))
1030          {
1031              $post_captcha->build_recaptcha();
1032          }
1033  
1034          if($post_captcha->html)
1035          {
1036              $captcha = $post_captcha->html;
1037          }
1038      }
1039  
1040      if($forumpermissions['canpostpolls'] != 0)
1041      {
1042          $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
1043          eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
1044      }
1045  
1046      // Do we have any forum rules to show for this forum?
1047      $forumrules = '';
1048      if($forum['rulestype'] >= 2 && $forum['rules'])
1049      {
1050          if(!$forum['rulestitle'])
1051          {
1052              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1053          }
1054  
1055          if(!$parser)
1056          {
1057              require_once  MYBB_ROOT.'inc/class_parser.php';
1058              $parser = new postParser;
1059          }
1060  
1061          $rules_parser = array(
1062              "allow_html" => 1,
1063              "allow_mycode" => 1,
1064              "allow_smilies" => 1,
1065              "allow_imgcode" => 1
1066          );
1067  
1068          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1069          $foruminfo = $forum;
1070  
1071          if($forum['rulestype'] == 3)
1072          {
1073              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1074          }
1075          else if($forum['rulestype'] == 2)
1076          {
1077              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1078          }
1079      }
1080  
1081      $moderation_notice = '';
1082      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1083      {
1084          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1085          {
1086              $moderation_text = $lang->moderation_forum_attachments;
1087              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1088          }
1089      }
1090  
1091      if(!is_moderator($forum['fid'], "canapproveunapprovethreads"))
1092      {
1093          if($forumpermissions['modthreads'] == 1)
1094          {
1095              $moderation_text = $lang->moderation_forum_thread;
1096              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1097          }
1098      }
1099  
1100      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1101      {
1102          if($mybb->user['moderateposts'] == 1)
1103          {
1104              $moderation_text = $lang->moderation_user_posts;
1105              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1106          }
1107      }
1108  
1109      $php_max_upload_filesize = return_bytes(ini_get('max_upload_filesize'));
1110      $php_post_max_size = return_bytes(ini_get('post_max_size'));
1111  
1112      if ($php_max_upload_filesize != 0 && $php_post_max_size != 0)
1113      {
1114          $php_max_upload_size = min($php_max_upload_filesize, $php_post_max_size);
1115      }
1116      else
1117      {
1118          $php_max_upload_size = max($php_max_upload_filesize, $php_post_max_size);
1119      }
1120  
1121      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1122      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1123  
1124      $plugins->run_hooks("newthread_end");
1125  
1126      $forum['name'] = strip_tags($forum['name']);
1127      $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']);
1128  
1129      eval("\$newthread = \"".$templates->get("newthread")."\";");
1130      output_page($newthread);
1131  }


2005 - 2018 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1