[ Index ]

PHP Cross Reference of MyBB 1.8.39

title

Body

[close]

/ -> newthread.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newthread.php');
  13  
  14  $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,postbit,post_attachments_attachment_unapproved,newreply_modoptions_close,newreply_modoptions_stick";
  15  $templatelist .= ",newthread_disablesmilies,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove,postbit_warninglevel_formatted,postbit_icon";
  16  $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_signature,post_prefixselect_prefix,post_prefixselect_single,posticons_icon";
  17  $templatelist .= ",post_captcha_hidden,post_captcha_recaptcha_invisible,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_gotopost,newthread_postoptions,post_attachments_add,post_attachments_viewlink";
  18  $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest,post_captcha";
  19  $templatelist .= ",postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_reputation_formatted_link,post_attachments_update,postbit_offline,newreply_modoptions,newthread_multiquote_external";
  21  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,newthread_draftinput,global_moderation_notice,postbit_online,postbit_away,attachment_icon,postbit_userstar,postbit_groupimage";
  22  
  23  require_once  "./global.php";
  24  require_once  MYBB_ROOT."inc/functions_post.php";
  25  require_once  MYBB_ROOT."inc/functions_user.php";
  26  require_once  MYBB_ROOT."inc/functions_upload.php";
  27  
  28  // Load global language phrases
  29  $lang->load("newthread");
  30  
  31  $tid = $pid = 0;
  32  $mybb->input['action'] = $mybb->get_input('action');
  33  $mybb->input['tid'] = $mybb->get_input('tid', MyBB::INPUT_INT);
  34  $mybb->input['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
  35  if($mybb->input['action'] == "editdraft" || ($mybb->get_input('savedraft') && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid']))
  36  {
  37      $thread = get_thread($mybb->input['tid']);
  38  
  39      $query = $db->simple_select("posts", "*", "tid='".$mybb->input['tid']."' AND visible='-2'", array('order_by' => 'dateline, pid', 'limit' => 1));
  40      $post = $db->fetch_array($query);
  41  
  42      if(!$thread || !$post || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])
  43      {
  44          error($lang->invalidthread);
  45      }
  46  
  47      $pid = $post['pid'];
  48      $fid = $thread['fid'];
  49      $tid = $thread['tid'];
  50      eval("\$editdraftpid = \"".$templates->get("newthread_draftinput")."\";");
  51  }
  52  else
  53  {
  54      $fid = $mybb->get_input('fid', MyBB::INPUT_INT);
  55      $editdraftpid = '';
  56  }
  57  
  58  // Fetch forum information.
  59  $forum = get_forum($fid);
  60  if(!$forum)
  61  {
  62      error($lang->error_invalidforum);
  63  }
  64  
  65  // Draw the navigation
  66  build_forum_breadcrumb($fid);
  67  add_breadcrumb($lang->nav_newthread);
  68  
  69  $forumpermissions = forum_permissions($fid);
  70  
  71  if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "")
  72  {
  73      error($lang->error_closedinvalidforum);
  74  }
  75  
  76  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0)
  77  {
  78      error_no_permission();
  79  }
  80  
  81  if($mybb->user['suspendposting'] == 1)
  82  {
  83      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
  84      if($mybb->user['suspensiontime'])
  85      {
  86          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
  87      }
  88  
  89      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
  90  
  91      error($lang->error_suspendedposting);
  92  }
  93  
  94  // Check if this forum is password protected and we have a valid password
  95  check_forum_password($forum['fid']);
  96  
  97  // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter.
  98  $codebuttons = '';
  99  $smilieinserter = '';
 100  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 101  {
 102      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 103      if($forum['allowsmilies'] != 0)
 104      {
 105          $smilieinserter = build_clickable_smilies();
 106      }
 107  }
 108  
 109  $posticons = '';
 110  
 111  // Does this forum allow post icons? If so, fetch the post icons.
 112  if($forum['allowpicons'] != 0)
 113  {
 114      $posticons = get_post_icons();
 115  }
 116  
 117  // If we have a currently logged in user then fetch the change user box.
 118  if($mybb->user['uid'] != 0)
 119  {
 120      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 121      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 122  }
 123  
 124  // Otherwise we have a guest, determine the "username" and get the login box.
 125  else
 126  {
 127      if(!isset($mybb->input['previewpost']) && $mybb->input['action'] != "do_newthread")
 128      {
 129          $username = '';
 130      }
 131      else
 132      {
 133          $username = htmlspecialchars_uni($mybb->get_input('username'));
 134      }
 135      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 136  }
 137  
 138  // If we're not performing a new thread insert and not editing a draft then we're posting a new thread.
 139  if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft")
 140  {
 141      $mybb->input['action'] = "newthread";
 142  }
 143  
 144  // Previewing a post, overwrite the action to the new thread action.
 145  if(!empty($mybb->input['previewpost']))
 146  {
 147      $mybb->input['action'] = "newthread";
 148  }
 149  
 150  // Setup a unique posthash for attachment management
 151  if(!$mybb->get_input('posthash') && !$pid)
 152  {
 153      $mybb->input['posthash'] = md5($mybb->user['uid'].random_str());
 154  }
 155  
 156  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 157  {
 158      error($lang->error_empty_post_input);
 159  }
 160  
 161  $errors = array();
 162  $maximageserror = $attacherror = '';
 163  
 164  // Handle attachments if we've got any.
 165  if($mybb->settings['enableattachments'] == 1 && 
 166      ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || 
 167      ((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || 
 168      ($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || 
 169      isset($mybb->input['savedraft'])) && isset($_FILES['attachments']))))
 170  {
 171      // Verify incoming POST request
 172      verify_post_check($mybb->get_input('my_post_key'));
 173  
 174      if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 175      {
 176          $attachwhere = "pid='{$pid}'";
 177      }
 178      else
 179      {
 180          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 181      }
 182  
 183      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newthread");
 184  
 185      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 186      {
 187          if(isset($ret['success']))
 188          {
 189              $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}');
 190              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 191              {
 192                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 193              }
 194              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 195              $attach_mod_options = '';
 196              eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";");
 197              $ret['template'] = $attemplate;
 198  
 199              $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 200              $usage = $db->fetch_array($query);
 201              $ret['usage'] = get_friendly_size($usage['ausage']);
 202          }
 203          
 204          header("Content-type: application/json; charset={$lang->settings['charset']}");
 205          echo json_encode($ret);
 206          exit();
 207      }
 208  
 209      if(!empty($ret['errors']))
 210      {
 211          $errors = $ret['errors'];
 212      }
 213  
 214      // If we were dealing with an attachment but didn't click 'Post Thread' or 'Save as Draft', force the new thread page again.
 215      if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft'))
 216      {
 217          $mybb->input['action'] = "newthread";
 218      }
 219  }
 220  
 221  detect_attachmentact();
 222  
 223  // Are we removing an attachment from the thread?
 224  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 225  {
 226      // Verify incoming POST request
 227      verify_post_check($mybb->get_input('my_post_key'));
 228  
 229      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 230  
 231      if(!$mybb->get_input('submit'))
 232      {
 233          $mybb->input['action'] = "newthread";
 234      }
 235  
 236      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 237      {
 238          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 239          $usage = $db->fetch_array($query);
 240  
 241          header("Content-type: application/json; charset={$lang->settings['charset']}");
 242          echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage'])));
 243          exit();
 244      }
 245  }
 246  
 247  $thread_errors = "";
 248  $hide_captcha = false;
 249  
 250  // Check the maximum posts per day for this user
 251  if($mybb->usergroup['maxposts'] > 0)
 252  {
 253      $daycut = TIME_NOW-60*60*24;
 254      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}");
 255      $post_count = $db->fetch_field($query, "posts_today");
 256      if($post_count >= $mybb->usergroup['maxposts'])
 257      {
 258          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 259          error($lang->error_maxposts);
 260      }
 261  }
 262  
 263  // Performing the posting of a new thread.
 264  if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post")
 265  {
 266      // Verify incoming POST request
 267      verify_post_check($mybb->get_input('my_post_key'));
 268  
 269      $plugins->run_hooks("newthread_do_newthread_start");
 270  
 271      // If this isn't a logged in user, then we need to do some special validation.
 272      if($mybb->user['uid'] == 0)
 273      {
 274          // If they didn't specify a username leave blank so $lang->guest can be used on output
 275          if(!$mybb->get_input('username'))
 276          {
 277              $username = '';
 278          }
 279          // Otherwise use the name they specified.
 280          else
 281          {
 282              $username = $mybb->get_input('username');
 283          }
 284          $uid = 0;
 285  
 286          if(!$mybb->user['uid'] && $mybb->settings['stopforumspam_on_newthread'])
 287          {
 288              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 289  
 290              $stop_forum_spam_checker = new StopForumSpamChecker(
 291                  $plugins,
 292                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 293                  $mybb->settings['stopforumspam_check_usernames'],
 294                  $mybb->settings['stopforumspam_check_emails'],
 295                  $mybb->settings['stopforumspam_check_ips'],
 296                  $mybb->settings['stopforumspam_log_blocks']
 297              );
 298  
 299              try {
 300                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 301                  {
 302                      $errors[] = $lang->sprintf($lang->error_stop_forum_spam_spammer,
 303                          $stop_forum_spam_checker->getErrorText(array(
 304                              'stopforumspam_check_usernames',
 305                              'stopforumspam_check_ips'
 306                              )));
 307                  }
 308              }
 309              catch (Exception $e)
 310              {
 311                  if($mybb->settings['stopforumspam_block_on_error'])
 312                  {
 313                      $errors[] = $lang->error_stop_forum_spam_fetching;
 314                  }
 315              }
 316          }
 317      }
 318      // This user is logged in.
 319      else
 320      {
 321          $username = $mybb->user['username'];
 322          $uid = $mybb->user['uid'];
 323      }
 324  
 325      // Attempt to see if this post is a duplicate or not
 326      if($uid > 0)
 327      {
 328          $user_check = "p.uid='{$uid}'";
 329      }
 330      else
 331      {
 332          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 333      }
 334      if(!$mybb->get_input('savedraft') && !$pid)
 335      {
 336          $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.dateline>".(TIME_NOW-600));
 337          if($db->num_rows($query) > 0)
 338          {
 339              error($lang->error_post_already_submitted);
 340          }
 341      }
 342  
 343      // Set up posthandler.
 344      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 345      $posthandler = new PostDataHandler("insert");
 346      $posthandler->action = "thread";
 347  
 348      // Set the thread data that came from the input to the $thread array.
 349      $new_thread = array(
 350          "fid" => $forum['fid'],
 351          "subject" => $mybb->get_input('subject'),
 352          "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 353          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 354          "uid" => $uid,
 355          "username" => $username,
 356          "message" => $mybb->get_input('message'),
 357          "ipaddress" => $session->packedip,
 358          "posthash" => $mybb->get_input('posthash')
 359      );
 360  
 361      if($pid != '')
 362      {
 363          $new_thread['pid'] = $pid;
 364      }
 365  
 366      // Are we saving a draft thread?
 367      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 368      {
 369          $new_thread['savedraft'] = 1;
 370      }
 371      else
 372      {
 373          $new_thread['savedraft'] = 0;
 374      }
 375  
 376      // Is this thread already a draft and we're updating it?
 377      if(isset($thread['tid']) && $thread['visible'] == -2)
 378      {
 379          $new_thread['tid'] = $thread['tid'];
 380      }
 381  
 382      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 383      if(!isset($postoptions['signature']))
 384      {
 385          $postoptions['signature'] = 0;
 386      }
 387      if(!isset($postoptions['subscriptionmethod']))
 388      {
 389          $postoptions['subscriptionmethod'] = 0;
 390      }
 391      if(!isset($postoptions['disablesmilies']))
 392      {
 393          $postoptions['disablesmilies'] = 0;
 394      }
 395  
 396      // Set up the thread options from the input.
 397      $new_thread['options'] = array(
 398          "signature" => $postoptions['signature'],
 399          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 400          "disablesmilies" => $postoptions['disablesmilies']
 401      );
 402  
 403      // Apply moderation options if we have them
 404      $new_thread['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 405  
 406      $posthandler->set_data($new_thread);
 407  
 408      // Now let the post handler do all the hard work.
 409      $valid_thread = $posthandler->validate_thread();
 410  
 411      $post_errors = array();
 412      // Fetch friendly error messages if this is an invalid thread
 413      if(!$valid_thread)
 414      {
 415          $post_errors = $posthandler->get_friendly_errors();
 416      }
 417  
 418      // Check captcha image
 419      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 420      {
 421          require_once  MYBB_ROOT.'inc/class_captcha.php';
 422          $post_captcha = new captcha;
 423  
 424          if($post_captcha->validate_captcha() == false)
 425          {
 426              // CAPTCHA validation failed
 427              foreach($post_captcha->get_errors() as $error)
 428              {
 429                  $post_errors[] = $error;
 430              }
 431          }
 432          else
 433          {
 434              $hide_captcha = true;
 435          }
 436      }
 437  
 438      // One or more errors returned, fetch error list and throw to newthread page
 439      if(count($post_errors) > 0)
 440      {
 441          $thread_errors = inline_error($post_errors);
 442          $mybb->input['action'] = "newthread";
 443      }
 444      // No errors were found, it is safe to insert the thread.
 445      else
 446      {
 447          $thread_info = $posthandler->insert_thread();
 448          $tid = $thread_info['tid'];
 449          $visible = $thread_info['visible'];
 450  
 451          // Invalidate solved captcha
 452          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 453          {
 454              $post_captcha->invalidate_captcha();
 455          }
 456  
 457          $force_redirect = false;
 458  
 459          // Mark thread as read
 460          require_once  MYBB_ROOT."inc/functions_indicators.php";
 461          mark_thread_read($tid, $fid);
 462  
 463          // We were updating a draft thread, send them back to the draft listing.
 464          if($new_thread['savedraft'] == 1)
 465          {
 466              $lang->redirect_newthread = $lang->draft_saved;
 467              $url = "usercp.php?action=drafts";
 468          }
 469  
 470          // A poll was being posted with this thread, throw them to poll posting page.
 471          else if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls'])
 472          {
 473              $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 474              $lang->redirect_newthread .= $lang->redirect_newthread_poll;
 475          }
 476  
 477          // This thread is stuck in the moderation queue, send them back to the forum.
 478          else if(!$visible)
 479          {
 480              // Moderated thread
 481              $lang->redirect_newthread .= $lang->redirect_newthread_moderation;
 482              $url = get_forum_link($fid);
 483  
 484              // User must see moderation notice, regardless of redirect settings
 485              $force_redirect = true;
 486          }
 487  
 488          // The thread is being made in a forum the user cannot see threads in, send them back to the forum.
 489          else if($visible == 1 && $forumpermissions['canviewthreads'] != 1)
 490          {
 491              $lang->redirect_newthread .= $lang->redirect_newthread_unviewable;
 492              $url = get_forum_link($fid);
 493  
 494              // User must see permission notice, regardless of redirect settings
 495              $force_redirect = true;
 496          }
 497  
 498          // This is just a normal thread - send them to it.
 499          else
 500          {
 501              // Visible thread
 502              $lang->redirect_newthread .= $lang->redirect_newthread_thread;
 503              $url = get_thread_link($tid);
 504          }
 505  
 506          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 507          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 508          {
 509              // We quoted all posts - remove the entire cookie
 510              if($mybb->get_input('quoted_ids') == "all")
 511              {
 512                  my_unsetcookie("multiquote");
 513              }
 514          }
 515  
 516          $plugins->run_hooks("newthread_do_newthread_end");
 517  
 518          // Hop to it! Send them to the next page.
 519          if(!$mybb->get_input('postpoll', MyBB::INPUT_INT))
 520          {
 521              $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 522          }
 523          redirect($url, $lang->redirect_newthread, "", $force_redirect);
 524      }
 525  }
 526  
 527  if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft")
 528  {
 529      $plugins->run_hooks("newthread_start");
 530  
 531      // Do we have attachment errors?
 532      if(count($errors) > 0)
 533      {
 534          $thread_errors = inline_error($errors);
 535      }
 536  
 537      $multiquote_external = $quoted_ids = '';
 538  
 539      $subject = $message = '';
 540      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 541      if(empty($mybb->input['previewpost']) && !$thread_errors && $mybb->input['action'] != "editdraft")
 542      {
 543          $quoted_posts = array();
 544          // Handle multiquote
 545          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 546          {
 547              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 548              foreach($multiquoted as $post)
 549              {
 550                  $quoted_posts[$post] = (int)$post;
 551              }
 552          }
 553  
 554          // Quoting more than one post - fetch them
 555          if(count($quoted_posts) > 0)
 556          {
 557              $external_quotes = 0;
 558              $quoted_posts = implode(",", $quoted_posts);
 559              $unviewable_forums = get_unviewable_forums();
 560              $inactiveforums = get_inactive_forums();
 561              if($unviewable_forums)
 562              {
 563                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 564              }
 565              if($inactiveforums)
 566              {
 567                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 568              }
 569  
 570              if(is_moderator($fid))
 571              {
 572                  $visible_where = "AND p.visible != 2";
 573              }
 574              else
 575              {
 576                  $visible_where = "AND p.visible > 0";
 577              }
 578  
 579              // Check group permissions if we can't view threads not started by us
 580              $group_permissions = forum_permissions();
 581              $onlyusfids = array();
 582              $onlyusforums = '';
 583              foreach($group_permissions as $gpfid => $forum_permissions)
 584              {
 585                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 586                  {
 587                      $onlyusfids[] = $gpfid;
 588                  }
 589              }
 590              if(!empty($onlyusfids))
 591              {
 592                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 593              }
 594  
 595              if($mybb->get_input('load_all_quotes', MyBB::INPUT_INT) == 1)
 596              {
 597                  $query = $db->query("
 598                      SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 599                      FROM ".TABLE_PREFIX."posts p
 600                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 601                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 602                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 603                      ORDER BY p.dateline, p.pid
 604                  ");
 605                  while($quoted_post = $db->fetch_array($query))
 606                  {
 607                      if($quoted_post['userusername'])
 608                      {
 609                          $quoted_post['username'] = $quoted_post['userusername'];
 610                      }
 611                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
 612                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
 613                      $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
 614                      $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n";
 615                  }
 616  
 617                  $quoted_ids = "all";
 618              }
 619              else
 620              {
 621                  $query = $db->query("
 622                      SELECT COUNT(*) AS quotes
 623                      FROM ".TABLE_PREFIX."posts p
 624                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 625                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 626                  ");
 627                  $external_quotes = $db->fetch_field($query, 'quotes');
 628  
 629                  if($external_quotes > 0)
 630                  {
 631                      if($external_quotes == 1)
 632                      {
 633                          $multiquote_text = $lang->multiquote_external_one;
 634                          $multiquote_deselect = $lang->multiquote_external_one_deselect;
 635                          $multiquote_quote = $lang->multiquote_external_one_quote;
 636                      }
 637                      else
 638                      {
 639                          $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 640                          $multiquote_deselect = $lang->multiquote_external_deselect;
 641                          $multiquote_quote = $lang->multiquote_external_quote;
 642                      }
 643                      eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";");
 644                  }
 645              }
 646          }
 647      }
 648  
 649      if(isset($mybb->input['quoted_ids']))
 650      {
 651          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids'));
 652      }
 653  
 654      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 655      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 656      $postpollchecked = '';
 657  
 658      // Check the various post options if we're
 659      // a -> previewing a post
 660      // b -> removing an attachment
 661      // c -> adding a new attachment
 662      // d -> have errors from posting
 663  
 664      if(!empty($mybb->input['previewpost']) || $mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 665      {
 666          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 667          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 668          {
 669              $postoptionschecked['signature'] = " checked=\"checked\"";
 670          }
 671          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 672          {
 673              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 674          }
 675          if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1)
 676          {
 677              $postpollchecked = "checked=\"checked\"";
 678          }
 679          $subscription_method = get_subscription_method($tid, $postoptions);
 680          $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 681      }
 682  
 683      // Editing a draft thread
 684      else if($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 685      {
 686          $mybb->input['threadprefix'] = $thread['prefix'];
 687          $message = htmlspecialchars_uni($post['message']);
 688          $subject = htmlspecialchars_uni($post['subject']);
 689          if($post['includesig'] != 0)
 690          {
 691              $postoptionschecked['signature'] = " checked=\"checked\"";
 692          }
 693          if($post['smilieoff'] == 1)
 694          {
 695              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 696          }
 697          $icon = $post['icon'];
 698          if($forum['allowpicons'] != 0)
 699          {
 700              $posticons = get_post_icons();
 701          }
 702          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 703          $numpolloptions = "2";
 704      }
 705  
 706      // Otherwise, this is our initial visit to this page.
 707      else
 708      {
 709          if($mybb->user['signature'] != '')
 710          {
 711              $postoptionschecked['signature'] = " checked=\"checked\"";
 712          }
 713          $subscription_method = get_subscription_method($tid); // Fresh thread, let the function set the appropriate method
 714          $numpolloptions = "2";
 715      }
 716  
 717      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 718      $preview = '';
 719  
 720      // If we're previewing a post then generate the preview.
 721      if(!empty($mybb->input['previewpost']))
 722      {
 723          // If this isn't a logged in user, then we need to do some special validation.
 724          if($mybb->user['uid'] == 0)
 725          {
 726              // If they didn't specify a username leave blank so $lang->guest can be used on output
 727              if(!$mybb->get_input('username'))
 728              {
 729                  $username = '';
 730              }
 731              // Otherwise use the name they specified.
 732              else
 733              {
 734                  $username = $mybb->get_input('username');
 735              }
 736              $uid = 0;
 737          }
 738          // This user is logged in.
 739          else
 740          {
 741              $username = $mybb->user['username'];
 742              $uid = $mybb->user['uid'];
 743          }
 744  
 745          // Set up posthandler.
 746          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 747          $posthandler = new PostDataHandler("insert");
 748          $posthandler->action = "thread";
 749  
 750          // Set the thread data that came from the input to the $thread array.
 751          $new_thread = array(
 752              "fid" => $forum['fid'],
 753              "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 754              "subject" => $mybb->get_input('subject'),
 755              "icon" => $mybb->get_input('icon'),
 756              "uid" => $uid,
 757              "username" => $username,
 758              "message" => $mybb->get_input('message'),
 759              "ipaddress" => $session->packedip,
 760              "posthash" => $mybb->get_input('posthash')
 761          );
 762  
 763          if($pid != '')
 764          {
 765              $new_thread['pid'] = $pid;
 766          }
 767  
 768          $posthandler->set_data($new_thread);
 769  
 770          // Now let the post handler do all the hard work.
 771          $valid_thread = $posthandler->verify_message();
 772          $valid_subject = $posthandler->verify_subject();
 773  
 774          // guest post --> verify author
 775          if($new_thread['uid'] == 0)
 776          {
 777              $valid_username = $posthandler->verify_author();
 778          }
 779          else
 780          {
 781              $valid_username = true;
 782          }
 783  
 784          $post_errors = array();
 785          // Fetch friendly error messages if this is an invalid post
 786          if(!$valid_thread || !$valid_subject || !$valid_username)
 787          {
 788              $post_errors = $posthandler->get_friendly_errors();
 789          }
 790  
 791          // One or more errors returned, fetch error list and throw to newreply page
 792          if(count($post_errors) > 0)
 793          {
 794              $thread_errors = inline_error($post_errors);
 795          }
 796          else
 797          {
 798              $query = $db->query("
 799                  SELECT u.*, f.*
 800                  FROM ".TABLE_PREFIX."users u
 801                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 802                  WHERE u.uid='".$mybb->user['uid']."'
 803              ");
 804              $post = $db->fetch_array($query);
 805              $post['username'] = $username;
 806              if($mybb->user['uid'])
 807              {
 808                  $post['userusername'] = $mybb->user['username'];
 809              }
 810              $previewmessage = $mybb->get_input('message');
 811              $post['message'] = $previewmessage;
 812              $post['subject'] = $mybb->get_input('subject');
 813              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 814              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 815              if(isset($mybb->input['postoptions']['disablesmilies']))
 816              {
 817                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
 818              }
 819              $post['dateline'] = TIME_NOW;
 820              if(isset($mybb->input['postoptions']['signature']))
 821              {
 822                  $post['includesig'] = $mybb->input['postoptions']['signature'];
 823              }
 824              if(!isset($post['includesig']) || $post['includesig'] != 1)
 825              {
 826                  $post['includesig'] = 0;
 827              }
 828  
 829              // Fetch attachments assigned to this post
 830              if($mybb->get_input('pid', MyBB::INPUT_INT))
 831              {
 832                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
 833              }
 834              else
 835              {
 836                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 837              }
 838  
 839              $query = $db->simple_select("attachments", "*", $attachwhere);
 840              while($attachment = $db->fetch_array($query))
 841              {
 842                  $attachcache[0][$attachment['aid']] = $attachment;
 843              }
 844  
 845              $postbit = build_postbit($post, 1);
 846              eval("\$preview = \"".$templates->get("previewpost")."\";");
 847          }
 848          $message = htmlspecialchars_uni($mybb->get_input('message'));
 849          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 850      }
 851  
 852      // Removing an attachment or adding a new one, or showing thread errors.
 853      else if($mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 854      {
 855          $message = htmlspecialchars_uni($mybb->get_input('message'));
 856          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 857      }
 858  
 859      // Generate thread prefix selector
 860      if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT))
 861      {
 862          $mybb->input['threadprefix'] = 0;
 863      }
 864  
 865      $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT));
 866  
 867      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
 868  
 869      // Hide signature option if no permission
 870      $signature = '';
 871      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
 872      {
 873          eval("\$signature = \"".$templates->get('newthread_signature')."\";");
 874      }
 875  
 876      // Can we disable smilies or are they disabled already?
 877      $disablesmilies = '';
 878      if($forum['allowsmilies'] != 0)
 879      {
 880          eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";");
 881      }
 882  
 883      $postoptions = '';
 884      if(!empty($signature) || !empty($disablesmilies))
 885      {
 886          eval("\$postoptions = \"".$templates->get("newthread_postoptions")."\";");
 887          $bgcolor = "trow2";
 888          $bgcolor2 = "trow1";
 889      }
 890      else
 891      {
 892          $bgcolor = "trow1";
 893          $bgcolor2 = "trow2";
 894      }
 895  
 896      $modoptions = '';
 897      // Show the moderator options
 898      if(is_moderator($fid))
 899      {
 900          $modoptions = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 901          if(isset($modoptions['closethread']) && $modoptions['closethread'] == 1)
 902          {
 903              $closecheck = "checked=\"checked\"";
 904          }
 905          else
 906          {
 907              $closecheck = '';
 908          }
 909          if(isset($modoptions['stickthread']) && $modoptions['stickthread'] == 1)
 910          {
 911              $stickycheck = "checked=\"checked\"";
 912          }
 913          else
 914          {
 915              $stickycheck = '';
 916          }
 917  
 918          $closeoption = '';
 919          if(is_moderator($fid, "canopenclosethreads"))
 920          {
 921              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
 922          }
 923  
 924          $stickoption = '';
 925          if(is_moderator($fid, "canstickunstickthreads"))
 926          {
 927              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
 928          }
 929  
 930          if(!empty($closeoption) || !empty($stickoption))
 931          {
 932              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
 933              $bgcolor = "trow1";
 934              $bgcolor2 = "trow2";
 935          }
 936          else
 937          {
 938              $bgcolor = "trow2";
 939              $bgcolor2 = "trow1";
 940          }
 941      }
 942      else
 943      {
 944          $bgcolor = "trow2";
 945          $bgcolor2 = "trow1";
 946      }
 947  
 948      // Fetch subscription select box
 949      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
 950  
 951      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
 952      { // Get a listing of the current attachments, if there are any
 953          $attachcount = 0;
 954          if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 955          {
 956              $attachwhere = "pid='$pid'";
 957          }
 958          else
 959          {
 960              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
 961          }
 962          $query = $db->simple_select("attachments", "*", $attachwhere);
 963          $attachments = '';
 964          while($attachment = $db->fetch_array($query))
 965          {
 966              $attachment['size'] = get_friendly_size($attachment['filesize']);
 967              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
 968              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
 969  
 970              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 971              {
 972                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 973              }
 974  
 975              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 976  
 977              $attach_mod_options = '';
 978              if($attachment['visible'] != 1)
 979              {
 980                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
 981              }
 982              else
 983              {
 984                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
 985              }
 986              $attachcount++;
 987          }
 988          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 989          $usage = $db->fetch_array($query);
 990          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
 991          {
 992              $noshowattach = 1;
 993          }
 994          if($mybb->usergroup['attachquota'] == 0)
 995          {
 996              $friendlyquota = $lang->unlimited;
 997          }
 998          else
 999          {
1000              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
1001          }
1002          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
1003  
1004          $link_viewattachments = '';
1005          if($usage['ausage'] !== NULL)
1006          {
1007              $friendlyusage = get_friendly_size($usage['ausage']);
1008              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
1009              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
1010          }
1011          else
1012          {
1013              $lang->attach_usage = "";
1014          }
1015  
1016          $attach_add_options = '';
1017          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !isset($noshowattach))
1018          {
1019              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1020          }
1021  
1022          $attach_update_options = '';
1023          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1024          {
1025              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1026          }
1027  
1028          if($attach_add_options || $attach_update_options)
1029          {
1030              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1031          }
1032          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1033  
1034          $bgcolor = alt_trow();
1035      }
1036      else
1037      {
1038          $attachbox = '';
1039      }
1040  
1041      $savedraftbutton = '';
1042      if($mybb->user['uid'])
1043      {
1044          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1045      }
1046  
1047      $captcha = '';
1048  
1049      // Show captcha image for guests if enabled
1050      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1051      {
1052          $correct = false;
1053          require_once  MYBB_ROOT.'inc/class_captcha.php';
1054          $post_captcha = new captcha(false, "post_captcha");
1055  
1056          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1057          {
1058              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1059              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1060              if($post_captcha->validate_captcha() == true)
1061              {
1062                  $correct = true;
1063  
1064                  // Generate a hidden list of items for our captcha
1065                  $captcha = $post_captcha->build_hidden_captcha();
1066              }
1067          }
1068  
1069          if(!$correct)
1070          {
1071               if($post_captcha->type == captcha::DEFAULT_CAPTCHA)
1072              {
1073                  $post_captcha->build_captcha();
1074              }
1075              elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))
1076              {
1077                  $post_captcha->build_recaptcha();
1078              }
1079              elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))
1080              {
1081                  $post_captcha->build_hcaptcha();
1082              }
1083          }
1084          else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))))
1085          {
1086              $post_captcha->build_recaptcha();
1087          }
1088          else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))))
1089          {
1090              $post_captcha->build_hcaptcha();
1091          }
1092  
1093          if($post_captcha->html)
1094          {
1095              $captcha = $post_captcha->html;
1096          }
1097      }
1098  
1099      $pollbox = '';
1100  
1101      if($forumpermissions['canpostpolls'] != 0)
1102      {
1103          $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
1104          eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
1105      }
1106  
1107      // Do we have any forum rules to show for this forum?
1108      $forumrules = '';
1109      if($forum['rulestype'] >= 2 && $forum['rules'])
1110      {
1111          if(!$forum['rulestitle'])
1112          {
1113              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1114          }
1115  
1116          if(empty($parser))
1117          {
1118              require_once  MYBB_ROOT.'inc/class_parser.php';
1119              $parser = new postParser;
1120          }
1121  
1122          $rules_parser = array(
1123              "allow_html" => 1,
1124              "allow_mycode" => 1,
1125              "allow_smilies" => 1,
1126              "allow_imgcode" => 1
1127          );
1128  
1129          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1130          $foruminfo = $forum;
1131  
1132          if($forum['rulestype'] == 3)
1133          {
1134              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1135          }
1136          else if($forum['rulestype'] == 2)
1137          {
1138              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1139          }
1140      }
1141  
1142      $moderation_notice = '';
1143      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1144      {
1145          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1146          {
1147              $moderation_text = $lang->moderation_forum_attachments;
1148              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1149          }
1150      }
1151  
1152      if(!is_moderator($forum['fid'], "canapproveunapprovethreads"))
1153      {
1154          if($forumpermissions['modthreads'] == 1)
1155          {
1156              $moderation_text = $lang->moderation_forum_thread;
1157              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1158          }
1159      }
1160  
1161      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1162      {
1163          if($mybb->user['moderateposts'] == 1)
1164          {
1165              $moderation_text = $lang->moderation_user_posts;
1166              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1167          }
1168      }
1169  
1170      $php_max_upload_size = get_php_upload_limit();
1171      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1172      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1173  
1174      $plugins->run_hooks("newthread_end");
1175  
1176      $forum['name'] = strip_tags($forum['name']);
1177      $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']);
1178  
1179      eval("\$newthread = \"".$templates->get("newthread")."\";");
1180      output_page($newthread);
1181  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref