[ Index ]

PHP Cross Reference of MyBB 1.8.28

title

Body

[close]

/ -> newthread.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newthread.php');
  13  
  14  $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,postbit,post_attachments_attachment_unapproved,newreply_modoptions_close,newreply_modoptions_stick";
  15  $templatelist .= ",newthread_disablesmilies,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove,postbit_warninglevel_formatted,postbit_icon";
  16  $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_signature,post_prefixselect_prefix,post_prefixselect_single,posticons_icon";
  17  $templatelist .= ",post_captcha_hidden,post_captcha_recaptcha_invisible,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_gotopost,newthread_postoptions,post_attachments_add,post_attachments_viewlink";
  18  $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest,post_captcha";
  19  $templatelist .= ",postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_reputation_formatted_link,post_attachments_update,postbit_offline,newreply_modoptions,newthread_multiquote_external";
  21  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,newthread_draftinput,global_moderation_notice,postbit_online,postbit_away,attachment_icon,postbit_userstar,postbit_groupimage";
  22  
  23  require_once  "./global.php";
  24  require_once  MYBB_ROOT."inc/functions_post.php";
  25  require_once  MYBB_ROOT."inc/functions_user.php";
  26  require_once  MYBB_ROOT."inc/functions_upload.php";
  27  
  28  // Load global language phrases
  29  $lang->load("newthread");
  30  
  31  $tid = $pid = 0;
  32  $mybb->input['action'] = $mybb->get_input('action');
  33  $mybb->input['tid'] = $mybb->get_input('tid', MyBB::INPUT_INT);
  34  $mybb->input['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
  35  if($mybb->input['action'] == "editdraft" || ($mybb->get_input('savedraft') && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid']))
  36  {
  37      $thread = get_thread($mybb->input['tid']);
  38  
  39      $query = $db->simple_select("posts", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."' AND visible='-2'", array('order_by' => 'dateline, pid', 'limit' => 1));
  40      $post = $db->fetch_array($query);
  41  
  42      if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])
  43      {
  44          error($lang->invalidthread);
  45      }
  46  
  47      $pid = $post['pid'];
  48      $fid = $thread['fid'];
  49      $tid = $thread['tid'];
  50      eval("\$editdraftpid = \"".$templates->get("newthread_draftinput")."\";");
  51  }
  52  else
  53  {
  54      $fid = $mybb->get_input('fid', MyBB::INPUT_INT);
  55      $editdraftpid = '';
  56  }
  57  
  58  // Fetch forum information.
  59  $forum = get_forum($fid);
  60  if(!$forum)
  61  {
  62      error($lang->error_invalidforum);
  63  }
  64  
  65  // Draw the navigation
  66  build_forum_breadcrumb($fid);
  67  add_breadcrumb($lang->nav_newthread);
  68  
  69  $forumpermissions = forum_permissions($fid);
  70  
  71  if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "")
  72  {
  73      error($lang->error_closedinvalidforum);
  74  }
  75  
  76  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0)
  77  {
  78      error_no_permission();
  79  }
  80  
  81  if($mybb->user['suspendposting'] == 1)
  82  {
  83      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
  84      if($mybb->user['suspensiontime'])
  85      {
  86          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
  87      }
  88  
  89      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
  90  
  91      error($lang->error_suspendedposting);
  92  }
  93  
  94  // Check if this forum is password protected and we have a valid password
  95  check_forum_password($forum['fid']);
  96  
  97  // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter.
  98  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
  99  {
 100      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 101      if($forum['allowsmilies'] != 0)
 102      {
 103          $smilieinserter = build_clickable_smilies();
 104      }
 105  }
 106  
 107  // Does this forum allow post icons? If so, fetch the post icons.
 108  if($forum['allowpicons'] != 0)
 109  {
 110      $posticons = get_post_icons();
 111  }
 112  
 113  // If we have a currently logged in user then fetch the change user box.
 114  if($mybb->user['uid'] != 0)
 115  {
 116      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 117      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 118  }
 119  
 120  // Otherwise we have a guest, determine the "username" and get the login box.
 121  else
 122  {
 123      if(!isset($mybb->input['previewpost']) && $mybb->input['action'] != "do_newthread")
 124      {
 125          $username = '';
 126      }
 127      else
 128      {
 129          $username = htmlspecialchars_uni($mybb->get_input('username'));
 130      }
 131      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 132  }
 133  
 134  // If we're not performing a new thread insert and not editing a draft then we're posting a new thread.
 135  if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft")
 136  {
 137      $mybb->input['action'] = "newthread";
 138  }
 139  
 140  // Previewing a post, overwrite the action to the new thread action.
 141  if(!empty($mybb->input['previewpost']))
 142  {
 143      $mybb->input['action'] = "newthread";
 144  }
 145  
 146  // Setup a unique posthash for attachment management
 147  if(!$mybb->get_input('posthash') && !$pid)
 148  {
 149      $mybb->input['posthash'] = md5($mybb->user['uid'].random_str());
 150  }
 151  
 152  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 153  {
 154      error($lang->error_empty_post_input);
 155  }
 156  
 157  $errors = array();
 158  $maximageserror = $attacherror = '';
 159  
 160  // Handle attachments if we've got any.
 161  if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && $_FILES['attachments'])))
 162  {
 163      // Verify incoming POST request
 164      verify_post_check($mybb->get_input('my_post_key'));
 165  
 166      if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 167      {
 168          $attachwhere = "pid='{$pid}'";
 169      }
 170      else
 171      {
 172          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 173      }
 174  
 175      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newthread");
 176  
 177      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 178      {
 179          if(isset($ret['success']))
 180          {
 181              $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}');
 182              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 183              {
 184                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 185              }
 186              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 187              eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";");
 188              $ret['template'] = $attemplate;
 189  
 190              $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 191              $usage = $db->fetch_array($query);
 192              $ret['usage'] = get_friendly_size($usage['ausage']);
 193          }
 194          
 195          header("Content-type: application/json; charset={$lang->settings['charset']}");
 196          echo json_encode($ret);
 197          exit();
 198      }
 199  
 200      if(!empty($ret['errors']))
 201      {
 202          $errors = $ret['errors'];
 203      }
 204  
 205      // If we were dealing with an attachment but didn't click 'Post Thread' or 'Save as Draft', force the new thread page again.
 206      if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft'))
 207      {
 208          $mybb->input['action'] = "newthread";
 209      }
 210  }
 211  
 212  detect_attachmentact();
 213  
 214  // Are we removing an attachment from the thread?
 215  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 216  {
 217      // Verify incoming POST request
 218      verify_post_check($mybb->get_input('my_post_key'));
 219  
 220      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 221  
 222      if(!$mybb->get_input('submit'))
 223      {
 224          $mybb->input['action'] = "newthread";
 225      }
 226  
 227      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 228      {
 229          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 230          $usage = $db->fetch_array($query);
 231  
 232          header("Content-type: application/json; charset={$lang->settings['charset']}");
 233          echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage'])));
 234          exit();
 235      }
 236  }
 237  
 238  $thread_errors = "";
 239  $hide_captcha = false;
 240  
 241  // Check the maximum posts per day for this user
 242  if($mybb->usergroup['maxposts'] > 0)
 243  {
 244      $daycut = TIME_NOW-60*60*24;
 245      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}");
 246      $post_count = $db->fetch_field($query, "posts_today");
 247      if($post_count >= $mybb->usergroup['maxposts'])
 248      {
 249          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 250          error($lang->error_maxposts);
 251      }
 252  }
 253  
 254  // Performing the posting of a new thread.
 255  if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post")
 256  {
 257      // Verify incoming POST request
 258      verify_post_check($mybb->get_input('my_post_key'));
 259  
 260      $plugins->run_hooks("newthread_do_newthread_start");
 261  
 262      // If this isn't a logged in user, then we need to do some special validation.
 263      if($mybb->user['uid'] == 0)
 264      {
 265          // If they didn't specify a username leave blank so $lang->guest can be used on output
 266          if(!$mybb->get_input('username'))
 267          {
 268              $username = '';
 269          }
 270          // Otherwise use the name they specified.
 271          else
 272          {
 273              $username = $mybb->get_input('username');
 274          }
 275          $uid = 0;
 276  
 277          if(!$mybb->user['uid'] && $mybb->settings['stopforumspam_on_newthread'])
 278          {
 279              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 280  
 281              $stop_forum_spam_checker = new StopForumSpamChecker(
 282                  $plugins,
 283                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 284                  $mybb->settings['stopforumspam_check_usernames'],
 285                  $mybb->settings['stopforumspam_check_emails'],
 286                  $mybb->settings['stopforumspam_check_ips'],
 287                  $mybb->settings['stopforumspam_log_blocks']
 288              );
 289  
 290              try {
 291                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 292                  {
 293                      $errors[] = $lang->sprintf($lang->error_stop_forum_spam_spammer,
 294                          $stop_forum_spam_checker->getErrorText(array(
 295                              'stopforumspam_check_usernames',
 296                              'stopforumspam_check_ips'
 297                              )));
 298                  }
 299              }
 300              catch (Exception $e)
 301              {
 302                  if($mybb->settings['stopforumspam_block_on_error'])
 303                  {
 304                      $errors[] = $lang->error_stop_forum_spam_fetching;
 305                  }
 306              }
 307          }
 308      }
 309      // This user is logged in.
 310      else
 311      {
 312          $username = $mybb->user['username'];
 313          $uid = $mybb->user['uid'];
 314      }
 315  
 316      // Attempt to see if this post is a duplicate or not
 317      if($uid > 0)
 318      {
 319          $user_check = "p.uid='{$uid}'";
 320      }
 321      else
 322      {
 323          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 324      }
 325      if(!$mybb->get_input('savedraft') && !$pid)
 326      {
 327          $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.dateline>".(TIME_NOW-600));
 328          if($db->num_rows($query) > 0)
 329          {
 330              error($lang->error_post_already_submitted);
 331          }
 332      }
 333  
 334      // Set up posthandler.
 335      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 336      $posthandler = new PostDataHandler("insert");
 337      $posthandler->action = "thread";
 338  
 339      // Set the thread data that came from the input to the $thread array.
 340      $new_thread = array(
 341          "fid" => $forum['fid'],
 342          "subject" => $mybb->get_input('subject'),
 343          "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 344          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 345          "uid" => $uid,
 346          "username" => $username,
 347          "message" => $mybb->get_input('message'),
 348          "ipaddress" => $session->packedip,
 349          "posthash" => $mybb->get_input('posthash')
 350      );
 351  
 352      if($pid != '')
 353      {
 354          $new_thread['pid'] = $pid;
 355      }
 356  
 357      // Are we saving a draft thread?
 358      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 359      {
 360          $new_thread['savedraft'] = 1;
 361      }
 362      else
 363      {
 364          $new_thread['savedraft'] = 0;
 365      }
 366  
 367      // Is this thread already a draft and we're updating it?
 368      if(isset($thread['tid']) && $thread['visible'] == -2)
 369      {
 370          $new_thread['tid'] = $thread['tid'];
 371      }
 372  
 373      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 374      if(!isset($postoptions['signature']))
 375      {
 376          $postoptions['signature'] = 0;
 377      }
 378      if(!isset($postoptions['subscriptionmethod']))
 379      {
 380          $postoptions['subscriptionmethod'] = 0;
 381      }
 382      if(!isset($postoptions['disablesmilies']))
 383      {
 384          $postoptions['disablesmilies'] = 0;
 385      }
 386  
 387      // Set up the thread options from the input.
 388      $new_thread['options'] = array(
 389          "signature" => $postoptions['signature'],
 390          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 391          "disablesmilies" => $postoptions['disablesmilies']
 392      );
 393  
 394      // Apply moderation options if we have them
 395      $new_thread['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 396  
 397      $posthandler->set_data($new_thread);
 398  
 399      // Now let the post handler do all the hard work.
 400      $valid_thread = $posthandler->validate_thread();
 401  
 402      $post_errors = array();
 403      // Fetch friendly error messages if this is an invalid thread
 404      if(!$valid_thread)
 405      {
 406          $post_errors = $posthandler->get_friendly_errors();
 407      }
 408  
 409      // Check captcha image
 410      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 411      {
 412          require_once  MYBB_ROOT.'inc/class_captcha.php';
 413          $post_captcha = new captcha;
 414  
 415          if($post_captcha->validate_captcha() == false)
 416          {
 417              // CAPTCHA validation failed
 418              foreach($post_captcha->get_errors() as $error)
 419              {
 420                  $post_errors[] = $error;
 421              }
 422          }
 423          else
 424          {
 425              $hide_captcha = true;
 426          }
 427      }
 428  
 429      // One or more errors returned, fetch error list and throw to newthread page
 430      if(count($post_errors) > 0)
 431      {
 432          $thread_errors = inline_error($post_errors);
 433          $mybb->input['action'] = "newthread";
 434      }
 435      // No errors were found, it is safe to insert the thread.
 436      else
 437      {
 438          $thread_info = $posthandler->insert_thread();
 439          $tid = $thread_info['tid'];
 440          $visible = $thread_info['visible'];
 441  
 442          // Invalidate solved captcha
 443          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 444          {
 445              $post_captcha->invalidate_captcha();
 446          }
 447  
 448          $force_redirect = false;
 449  
 450          // Mark thread as read
 451          require_once  MYBB_ROOT."inc/functions_indicators.php";
 452          mark_thread_read($tid, $fid);
 453  
 454          // We were updating a draft thread, send them back to the draft listing.
 455          if($new_thread['savedraft'] == 1)
 456          {
 457              $lang->redirect_newthread = $lang->draft_saved;
 458              $url = "usercp.php?action=drafts";
 459          }
 460  
 461          // A poll was being posted with this thread, throw them to poll posting page.
 462          else if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls'])
 463          {
 464              $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 465              $lang->redirect_newthread .= $lang->redirect_newthread_poll;
 466          }
 467  
 468          // This thread is stuck in the moderation queue, send them back to the forum.
 469          else if(!$visible)
 470          {
 471              // Moderated thread
 472              $lang->redirect_newthread .= $lang->redirect_newthread_moderation;
 473              $url = get_forum_link($fid);
 474  
 475              // User must see moderation notice, regardless of redirect settings
 476              $force_redirect = true;
 477          }
 478  
 479          // The thread is being made in a forum the user cannot see threads in, send them back to the forum.
 480          else if($visible == 1 && $forumpermissions['canviewthreads'] != 1)
 481          {
 482              $lang->redirect_newthread .= $lang->redirect_newthread_unviewable;
 483              $url = get_forum_link($fid);
 484  
 485              // User must see permission notice, regardless of redirect settings
 486              $force_redirect = true;
 487          }
 488  
 489          // This is just a normal thread - send them to it.
 490          else
 491          {
 492              // Visible thread
 493              $lang->redirect_newthread .= $lang->redirect_newthread_thread;
 494              $url = get_thread_link($tid);
 495          }
 496  
 497          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 498          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 499          {
 500              // We quoted all posts - remove the entire cookie
 501              if($mybb->get_input('quoted_ids') == "all")
 502              {
 503                  my_unsetcookie("multiquote");
 504              }
 505          }
 506  
 507          $plugins->run_hooks("newthread_do_newthread_end");
 508  
 509          // Hop to it! Send them to the next page.
 510          if(!$mybb->get_input('postpoll', MyBB::INPUT_INT))
 511          {
 512              $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 513          }
 514          redirect($url, $lang->redirect_newthread, "", $force_redirect);
 515      }
 516  }
 517  
 518  if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft")
 519  {
 520      $plugins->run_hooks("newthread_start");
 521  
 522      // Do we have attachment errors?
 523      if(count($errors) > 0)
 524      {
 525          $thread_errors = inline_error($errors);
 526      }
 527  
 528      $multiquote_external = $quoted_ids = '';
 529  
 530      $subject = $message = '';
 531      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 532      if(empty($mybb->input['previewpost']) && !$thread_errors && $mybb->input['action'] != "editdraft")
 533      {
 534          $quoted_posts = array();
 535          // Handle multiquote
 536          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 537          {
 538              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 539              foreach($multiquoted as $post)
 540              {
 541                  $quoted_posts[$post] = (int)$post;
 542              }
 543          }
 544  
 545          // Quoting more than one post - fetch them
 546          if(count($quoted_posts) > 0)
 547          {
 548              $external_quotes = 0;
 549              $quoted_posts = implode(",", $quoted_posts);
 550              $unviewable_forums = get_unviewable_forums();
 551              $inactiveforums = get_inactive_forums();
 552              if($unviewable_forums)
 553              {
 554                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 555              }
 556              if($inactiveforums)
 557              {
 558                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 559              }
 560  
 561              if(is_moderator($fid))
 562              {
 563                  $visible_where = "AND p.visible != 2";
 564              }
 565              else
 566              {
 567                  $visible_where = "AND p.visible > 0";
 568              }
 569  
 570              // Check group permissions if we can't view threads not started by us
 571              $group_permissions = forum_permissions();
 572              $onlyusfids = array();
 573              $onlyusforums = '';
 574              foreach($group_permissions as $gpfid => $forum_permissions)
 575              {
 576                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 577                  {
 578                      $onlyusfids[] = $gpfid;
 579                  }
 580              }
 581              if(!empty($onlyusfids))
 582              {
 583                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 584              }
 585  
 586              if($mybb->get_input('load_all_quotes', MyBB::INPUT_INT) == 1)
 587              {
 588                  $query = $db->query("
 589                      SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 590                      FROM ".TABLE_PREFIX."posts p
 591                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 592                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 593                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 594                      ORDER BY p.dateline, p.pid
 595                  ");
 596                  while($quoted_post = $db->fetch_array($query))
 597                  {
 598                      if($quoted_post['userusername'])
 599                      {
 600                          $quoted_post['username'] = $quoted_post['userusername'];
 601                      }
 602                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
 603                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
 604                      $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
 605                      $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n";
 606                  }
 607  
 608                  $quoted_ids = "all";
 609              }
 610              else
 611              {
 612                  $query = $db->query("
 613                      SELECT COUNT(*) AS quotes
 614                      FROM ".TABLE_PREFIX."posts p
 615                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 616                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 617                  ");
 618                  $external_quotes = $db->fetch_field($query, 'quotes');
 619  
 620                  if($external_quotes > 0)
 621                  {
 622                      if($external_quotes == 1)
 623                      {
 624                          $multiquote_text = $lang->multiquote_external_one;
 625                          $multiquote_deselect = $lang->multiquote_external_one_deselect;
 626                          $multiquote_quote = $lang->multiquote_external_one_quote;
 627                      }
 628                      else
 629                      {
 630                          $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 631                          $multiquote_deselect = $lang->multiquote_external_deselect;
 632                          $multiquote_quote = $lang->multiquote_external_quote;
 633                      }
 634                      eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";");
 635                  }
 636              }
 637          }
 638      }
 639  
 640      if(isset($mybb->input['quoted_ids']))
 641      {
 642          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids'));
 643      }
 644  
 645      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 646      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 647      $postpollchecked = '';
 648  
 649      // Check the various post options if we're
 650      // a -> previewing a post
 651      // b -> removing an attachment
 652      // c -> adding a new attachment
 653      // d -> have errors from posting
 654  
 655      if(!empty($mybb->input['previewpost']) || $mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 656      {
 657          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 658          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 659          {
 660              $postoptionschecked['signature'] = " checked=\"checked\"";
 661          }
 662          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 663          {
 664              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 665          }
 666          if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1)
 667          {
 668              $postpollchecked = "checked=\"checked\"";
 669          }
 670          $subscription_method = get_subscription_method($tid, $postoptions);
 671          $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 672      }
 673  
 674      // Editing a draft thread
 675      else if($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 676      {
 677          $mybb->input['threadprefix'] = $thread['prefix'];
 678          $message = htmlspecialchars_uni($post['message']);
 679          $subject = htmlspecialchars_uni($post['subject']);
 680          if($post['includesig'] != 0)
 681          {
 682              $postoptionschecked['signature'] = " checked=\"checked\"";
 683          }
 684          if($post['smilieoff'] == 1)
 685          {
 686              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 687          }
 688          $icon = $post['icon'];
 689          if($forum['allowpicons'] != 0)
 690          {
 691              $posticons = get_post_icons();
 692          }
 693          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 694      }
 695  
 696      // Otherwise, this is our initial visit to this page.
 697      else
 698      {
 699          if($mybb->user['signature'] != '')
 700          {
 701              $postoptionschecked['signature'] = " checked=\"checked\"";
 702          }
 703          $subscription_method = get_subscription_method($tid); // Fresh thread, let the function set the appropriate method
 704          $numpolloptions = "2";
 705      }
 706  
 707      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 708      $preview = '';
 709  
 710      // If we're previewing a post then generate the preview.
 711      if(!empty($mybb->input['previewpost']))
 712      {
 713          // If this isn't a logged in user, then we need to do some special validation.
 714          if($mybb->user['uid'] == 0)
 715          {
 716              // If they didn't specify a username leave blank so $lang->guest can be used on output
 717              if(!$mybb->get_input('username'))
 718              {
 719                  $username = '';
 720              }
 721              // Otherwise use the name they specified.
 722              else
 723              {
 724                  $username = $mybb->get_input('username');
 725              }
 726              $uid = 0;
 727          }
 728          // This user is logged in.
 729          else
 730          {
 731              $username = $mybb->user['username'];
 732              $uid = $mybb->user['uid'];
 733          }
 734  
 735          // Set up posthandler.
 736          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 737          $posthandler = new PostDataHandler("insert");
 738          $posthandler->action = "thread";
 739  
 740          // Set the thread data that came from the input to the $thread array.
 741          $new_thread = array(
 742              "fid" => $forum['fid'],
 743              "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 744              "subject" => $mybb->get_input('subject'),
 745              "icon" => $mybb->get_input('icon'),
 746              "uid" => $uid,
 747              "username" => $username,
 748              "message" => $mybb->get_input('message'),
 749              "ipaddress" => $session->packedip,
 750              "posthash" => $mybb->get_input('posthash')
 751          );
 752  
 753          if($pid != '')
 754          {
 755              $new_thread['pid'] = $pid;
 756          }
 757  
 758          $posthandler->set_data($new_thread);
 759  
 760          // Now let the post handler do all the hard work.
 761          $valid_thread = $posthandler->verify_message();
 762          $valid_subject = $posthandler->verify_subject();
 763  
 764          // guest post --> verify author
 765          if($new_thread['uid'] == 0)
 766          {
 767              $valid_username = $posthandler->verify_author();
 768          }
 769          else
 770          {
 771              $valid_username = true;
 772          }
 773  
 774          $post_errors = array();
 775          // Fetch friendly error messages if this is an invalid post
 776          if(!$valid_thread || !$valid_subject || !$valid_username)
 777          {
 778              $post_errors = $posthandler->get_friendly_errors();
 779          }
 780  
 781          // One or more errors returned, fetch error list and throw to newreply page
 782          if(count($post_errors) > 0)
 783          {
 784              $thread_errors = inline_error($post_errors);
 785          }
 786          else
 787          {
 788              $query = $db->query("
 789                  SELECT u.*, f.*
 790                  FROM ".TABLE_PREFIX."users u
 791                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 792                  WHERE u.uid='".$mybb->user['uid']."'
 793              ");
 794              $post = $db->fetch_array($query);
 795              $post['username'] = $username;
 796              if($mybb->user['uid'])
 797              {
 798                  $post['userusername'] = $mybb->user['username'];
 799              }
 800              $previewmessage = $mybb->get_input('message');
 801              $post['message'] = $previewmessage;
 802              $post['subject'] = $mybb->get_input('subject');
 803              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 804              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 805              if(isset($mybb->input['postoptions']['disablesmilies']))
 806              {
 807                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
 808              }
 809              $post['dateline'] = TIME_NOW;
 810              if(isset($mybb->input['postoptions']['signature']))
 811              {
 812                  $post['includesig'] = $mybb->input['postoptions']['signature'];
 813              }
 814              if(!isset($post['includesig']) || $post['includesig'] != 1)
 815              {
 816                  $post['includesig'] = 0;
 817              }
 818  
 819              // Fetch attachments assigned to this post
 820              if($mybb->get_input('pid', MyBB::INPUT_INT))
 821              {
 822                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
 823              }
 824              else
 825              {
 826                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 827              }
 828  
 829              $query = $db->simple_select("attachments", "*", $attachwhere);
 830              while($attachment = $db->fetch_array($query))
 831              {
 832                  $attachcache[0][$attachment['aid']] = $attachment;
 833              }
 834  
 835              $postbit = build_postbit($post, 1);
 836              eval("\$preview = \"".$templates->get("previewpost")."\";");
 837          }
 838          $message = htmlspecialchars_uni($mybb->get_input('message'));
 839          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 840      }
 841  
 842      // Removing an attachment or adding a new one, or showing thread errors.
 843      else if($mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 844      {
 845          $message = htmlspecialchars_uni($mybb->get_input('message'));
 846          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 847      }
 848  
 849      // Generate thread prefix selector
 850      if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT))
 851      {
 852          $mybb->input['threadprefix'] = 0;
 853      }
 854  
 855      $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT));
 856  
 857      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
 858  
 859      // Hide signature option if no permission
 860      $signature = '';
 861      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
 862      {
 863          eval("\$signature = \"".$templates->get('newthread_signature')."\";");
 864      }
 865  
 866      // Can we disable smilies or are they disabled already?
 867      $disablesmilies = '';
 868      if($forum['allowsmilies'] != 0)
 869      {
 870          eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";");
 871      }
 872  
 873      $postoptions = '';
 874      if(!empty($signature) || !empty($disablesmilies))
 875      {
 876          eval("\$postoptions = \"".$templates->get("newthread_postoptions")."\";");
 877          $bgcolor = "trow2";
 878          $bgcolor2 = "trow1";
 879      }
 880      else
 881      {
 882          $bgcolor = "trow1";
 883          $bgcolor2 = "trow2";
 884      }
 885  
 886      $modoptions = '';
 887      // Show the moderator options
 888      if(is_moderator($fid))
 889      {
 890          $modoptions = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 891          if(isset($modoptions['closethread']) && $modoptions['closethread'] == 1)
 892          {
 893              $closecheck = "checked=\"checked\"";
 894          }
 895          else
 896          {
 897              $closecheck = '';
 898          }
 899          if(isset($modoptions['stickthread']) && $modoptions['stickthread'] == 1)
 900          {
 901              $stickycheck = "checked=\"checked\"";
 902          }
 903          else
 904          {
 905              $stickycheck = '';
 906          }
 907  
 908          $closeoption = '';
 909          if(is_moderator($fid, "canopenclosethreads"))
 910          {
 911              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
 912          }
 913  
 914          $stickoption = '';
 915          if(is_moderator($fid, "canstickunstickthreads"))
 916          {
 917              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
 918          }
 919  
 920          if(!empty($closeoption) || !empty($stickoption))
 921          {
 922              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
 923              $bgcolor = "trow1";
 924              $bgcolor2 = "trow2";
 925          }
 926          else
 927          {
 928              $bgcolor = "trow2";
 929              $bgcolor2 = "trow1";
 930          }
 931      }
 932      else
 933      {
 934          $bgcolor = "trow2";
 935          $bgcolor2 = "trow1";
 936      }
 937  
 938      // Fetch subscription select box
 939      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
 940  
 941      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
 942      { // Get a listing of the current attachments, if there are any
 943          $attachcount = 0;
 944          if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 945          {
 946              $attachwhere = "pid='$pid'";
 947          }
 948          else
 949          {
 950              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
 951          }
 952          $query = $db->simple_select("attachments", "*", $attachwhere);
 953          $attachments = '';
 954          while($attachment = $db->fetch_array($query))
 955          {
 956              $attachment['size'] = get_friendly_size($attachment['filesize']);
 957              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
 958              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
 959  
 960              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 961              {
 962                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 963              }
 964  
 965              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 966  
 967              $attach_mod_options = '';
 968              if($attachment['visible'] != 1)
 969              {
 970                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
 971              }
 972              else
 973              {
 974                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
 975              }
 976              $attachcount++;
 977          }
 978          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 979          $usage = $db->fetch_array($query);
 980          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
 981          {
 982              $noshowattach = 1;
 983          }
 984          if($mybb->usergroup['attachquota'] == 0)
 985          {
 986              $friendlyquota = $lang->unlimited;
 987          }
 988          else
 989          {
 990              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
 991          }
 992          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
 993  
 994          $link_viewattachments = '';
 995          if($usage['ausage'] !== NULL)
 996          {
 997              $friendlyusage = get_friendly_size($usage['ausage']);
 998              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
 999              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
1000          }
1001          else
1002          {
1003              $lang->attach_usage = "";
1004          }
1005  
1006          $attach_add_options = '';
1007          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !isset($noshowattach))
1008          {
1009              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1010          }
1011  
1012          $attach_update_options = '';
1013          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1014          {
1015              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1016          }
1017  
1018          if($attach_add_options || $attach_update_options)
1019          {
1020              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1021          }
1022          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1023  
1024          $bgcolor = alt_trow();
1025      }
1026      else
1027      {
1028          $attachbox = '';
1029      }
1030  
1031      if($mybb->user['uid'])
1032      {
1033          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1034      }
1035  
1036      $captcha = '';
1037  
1038      // Show captcha image for guests if enabled
1039      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1040      {
1041          $correct = false;
1042          require_once  MYBB_ROOT.'inc/class_captcha.php';
1043          $post_captcha = new captcha(false, "post_captcha");
1044  
1045          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1046          {
1047              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1048              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1049              if($post_captcha->validate_captcha() == true)
1050              {
1051                  $correct = true;
1052  
1053                  // Generate a hidden list of items for our captcha
1054                  $captcha = $post_captcha->build_hidden_captcha();
1055              }
1056          }
1057  
1058          if(!$correct)
1059          {
1060               if($post_captcha->type == captcha::DEFAULT_CAPTCHA)
1061              {
1062                  $post_captcha->build_captcha();
1063              }
1064              elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))
1065              {
1066                  $post_captcha->build_recaptcha();
1067              }
1068              elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))
1069              {
1070                  $post_captcha->build_hcaptcha();
1071              }
1072          }
1073          else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))))
1074          {
1075              $post_captcha->build_recaptcha();
1076          }
1077          else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))))
1078          {
1079              $post_captcha->build_hcaptcha();
1080          }
1081  
1082          if($post_captcha->html)
1083          {
1084              $captcha = $post_captcha->html;
1085          }
1086      }
1087  
1088      if($forumpermissions['canpostpolls'] != 0)
1089      {
1090          $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
1091          eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
1092      }
1093  
1094      // Do we have any forum rules to show for this forum?
1095      $forumrules = '';
1096      if($forum['rulestype'] >= 2 && $forum['rules'])
1097      {
1098          if(!$forum['rulestitle'])
1099          {
1100              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1101          }
1102  
1103          if(!$parser)
1104          {
1105              require_once  MYBB_ROOT.'inc/class_parser.php';
1106              $parser = new postParser;
1107          }
1108  
1109          $rules_parser = array(
1110              "allow_html" => 1,
1111              "allow_mycode" => 1,
1112              "allow_smilies" => 1,
1113              "allow_imgcode" => 1
1114          );
1115  
1116          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1117          $foruminfo = $forum;
1118  
1119          if($forum['rulestype'] == 3)
1120          {
1121              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1122          }
1123          else if($forum['rulestype'] == 2)
1124          {
1125              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1126          }
1127      }
1128  
1129      $moderation_notice = '';
1130      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1131      {
1132          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1133          {
1134              $moderation_text = $lang->moderation_forum_attachments;
1135              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1136          }
1137      }
1138  
1139      if(!is_moderator($forum['fid'], "canapproveunapprovethreads"))
1140      {
1141          if($forumpermissions['modthreads'] == 1)
1142          {
1143              $moderation_text = $lang->moderation_forum_thread;
1144              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1145          }
1146      }
1147  
1148      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1149      {
1150          if($mybb->user['moderateposts'] == 1)
1151          {
1152              $moderation_text = $lang->moderation_user_posts;
1153              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1154          }
1155      }
1156  
1157      $php_max_upload_size = get_php_upload_limit();
1158      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1159      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1160  
1161      $plugins->run_hooks("newthread_end");
1162  
1163      $forum['name'] = strip_tags($forum['name']);
1164      $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']);
1165  
1166      eval("\$newthread = \"".$templates->get("newthread")."\";");
1167      output_page($newthread);
1168  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref