| [ Index ] |
PHP Cross Reference of MyBB 1.8.40 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'newthread.php'); 13 14 $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,postbit,post_attachments_attachment_unapproved,newreply_modoptions_close,newreply_modoptions_stick"; 15 $templatelist .= ",newthread_disablesmilies,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove,postbit_warninglevel_formatted,postbit_icon"; 16 $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_signature,post_prefixselect_prefix,post_prefixselect_single,posticons_icon"; 17 $templatelist .= ",post_captcha_hidden,post_captcha_recaptcha_invisible,post_captcha_nocaptcha,post_captcha_cfturnstile,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_gotopost,newthread_postoptions,post_attachments_add,post_attachments_viewlink"; 18 $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest,post_captcha"; 19 $templatelist .= ",postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved"; 20 $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_reputation_formatted_link,post_attachments_update,postbit_offline,newreply_modoptions,newthread_multiquote_external"; 21 $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,newthread_draftinput,global_moderation_notice,postbit_online,postbit_away,attachment_icon,postbit_userstar,postbit_groupimage"; 22 23 require_once "./global.php"; 24 require_once MYBB_ROOT."inc/functions_post.php"; 25 require_once MYBB_ROOT."inc/functions_user.php"; 26 require_once MYBB_ROOT."inc/functions_upload.php"; 27 28 // Load global language phrases 29 $lang->load("newthread"); 30 31 $tid = $pid = 0; 32 $mybb->input['action'] = $mybb->get_input('action'); 33 $mybb->input['tid'] = $mybb->get_input('tid', MyBB::INPUT_INT); 34 $mybb->input['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT); 35 if($mybb->input['action'] == "editdraft" || ($mybb->get_input('savedraft') && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid'])) 36 { 37 $thread = get_thread($mybb->input['tid']); 38 39 $query = $db->simple_select("posts", "*", "tid='".$mybb->input['tid']."' AND visible='-2'", array('order_by' => 'dateline, pid', 'limit' => 1)); 40 $post = $db->fetch_array($query); 41 42 if(!$thread || !$post || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) 43 { 44 error($lang->invalidthread); 45 } 46 47 $pid = $post['pid']; 48 $fid = $thread['fid']; 49 $tid = $thread['tid']; 50 eval("\$editdraftpid = \"".$templates->get("newthread_draftinput")."\";"); 51 } 52 else 53 { 54 $fid = $mybb->get_input('fid', MyBB::INPUT_INT); 55 $editdraftpid = ''; 56 } 57 58 // Fetch forum information. 59 $forum = get_forum($fid); 60 if(!$forum) 61 { 62 error($lang->error_invalidforum); 63 } 64 65 // Draw the navigation 66 build_forum_breadcrumb($fid); 67 add_breadcrumb($lang->nav_newthread); 68 69 $forumpermissions = forum_permissions($fid); 70 71 if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "") 72 { 73 error($lang->error_closedinvalidforum); 74 } 75 76 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0) 77 { 78 error_no_permission(); 79 } 80 81 if($mybb->user['suspendposting'] == 1) 82 { 83 $suspendedpostingtype = $lang->error_suspendedposting_permanent; 84 if($mybb->user['suspensiontime']) 85 { 86 $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime'])); 87 } 88 89 $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime'])); 90 91 error($lang->error_suspendedposting); 92 } 93 94 // Check if this forum is password protected and we have a valid password 95 check_forum_password($forum['fid']); 96 97 // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter. 98 $codebuttons = ''; 99 $smilieinserter = ''; 100 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 101 { 102 $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']); 103 if($forum['allowsmilies'] != 0) 104 { 105 $smilieinserter = build_clickable_smilies(); 106 } 107 } 108 109 $posticons = ''; 110 111 // Does this forum allow post icons? If so, fetch the post icons. 112 if($mybb->settings['allowposticons'] == 1 && $forum['allowpicons'] != 0) 113 { 114 $posticons = get_post_icons(); 115 } 116 117 // If we have a currently logged in user then fetch the change user box. 118 if($mybb->user['uid'] != 0) 119 { 120 $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']); 121 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 122 } 123 124 // Otherwise we have a guest, determine the "username" and get the login box. 125 else 126 { 127 if(!isset($mybb->input['previewpost']) && $mybb->input['action'] != "do_newthread") 128 { 129 $username = ''; 130 } 131 else 132 { 133 $username = htmlspecialchars_uni($mybb->get_input('username')); 134 } 135 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 136 } 137 138 // If we're not performing a new thread insert and not editing a draft then we're posting a new thread. 139 if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft") 140 { 141 $mybb->input['action'] = "newthread"; 142 } 143 144 // Previewing a post, overwrite the action to the new thread action. 145 if(!empty($mybb->input['previewpost'])) 146 { 147 $mybb->input['action'] = "newthread"; 148 } 149 150 // Setup a unique posthash for attachment management 151 if(!$mybb->get_input('posthash') && !$pid) 152 { 153 $mybb->input['posthash'] = md5($mybb->user['uid'].random_str()); 154 } 155 156 if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1) 157 { 158 error($lang->error_empty_post_input); 159 } 160 161 $errors = array(); 162 $maximageserror = $attacherror = ''; 163 164 // Handle attachments if we've got any. 165 if($mybb->settings['enableattachments'] == 1 && 166 ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || 167 ((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || 168 ($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || 169 isset($mybb->input['savedraft'])) && isset($_FILES['attachments'])))) 170 { 171 // Verify incoming POST request 172 verify_post_check($mybb->get_input('my_post_key')); 173 174 if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) 175 { 176 $attachwhere = "pid='{$pid}'"; 177 } 178 else 179 { 180 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 181 } 182 183 $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newthread"); 184 185 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 186 { 187 if(isset($ret['success'])) 188 { 189 $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}'); 190 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 191 { 192 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 193 } 194 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 195 $attach_mod_options = ''; 196 eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";"); 197 $ret['template'] = $attemplate; 198 199 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 200 $usage = $db->fetch_array($query); 201 $ret['usage'] = get_friendly_size($usage['ausage']); 202 } 203 204 header("Content-type: application/json; charset={$lang->settings['charset']}"); 205 echo json_encode($ret); 206 exit(); 207 } 208 209 if(!empty($ret['errors'])) 210 { 211 $errors = $ret['errors']; 212 } 213 214 // If we were dealing with an attachment but didn't click 'Post Thread' or 'Save as Draft', force the new thread page again. 215 if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft')) 216 { 217 $mybb->input['action'] = "newthread"; 218 } 219 } 220 221 detect_attachmentact(); 222 223 // Are we removing an attachment from the thread? 224 if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove") 225 { 226 // Verify incoming POST request 227 verify_post_check($mybb->get_input('my_post_key')); 228 229 remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT)); 230 231 if(!$mybb->get_input('submit')) 232 { 233 $mybb->input['action'] = "newthread"; 234 } 235 236 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 237 { 238 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 239 $usage = $db->fetch_array($query); 240 241 header("Content-type: application/json; charset={$lang->settings['charset']}"); 242 echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage']))); 243 exit(); 244 } 245 } 246 247 $thread_errors = ""; 248 $hide_captcha = false; 249 250 // Check the maximum posts per day for this user 251 if($mybb->usergroup['maxposts'] > 0) 252 { 253 $daycut = TIME_NOW-60*60*24; 254 $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}"); 255 $post_count = $db->fetch_field($query, "posts_today"); 256 if($post_count >= $mybb->usergroup['maxposts']) 257 { 258 $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']); 259 error($lang->error_maxposts); 260 } 261 } 262 263 // Performing the posting of a new thread. 264 if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post") 265 { 266 // Verify incoming POST request 267 verify_post_check($mybb->get_input('my_post_key')); 268 269 $plugins->run_hooks("newthread_do_newthread_start"); 270 271 // If this isn't a logged in user, then we need to do some special validation. 272 if($mybb->user['uid'] == 0) 273 { 274 // If they didn't specify a username leave blank so $lang->guest can be used on output 275 if(!$mybb->get_input('username')) 276 { 277 $username = ''; 278 } 279 // Otherwise use the name they specified. 280 else 281 { 282 $username = $mybb->get_input('username'); 283 } 284 $uid = 0; 285 286 if(!$mybb->user['uid'] && $mybb->settings['stopforumspam_on_newthread']) 287 { 288 require_once MYBB_ROOT . '/inc/class_stopforumspamchecker.php'; 289 290 $stop_forum_spam_checker = new StopForumSpamChecker( 291 $plugins, 292 $mybb->settings['stopforumspam_min_weighting_before_spam'], 293 $mybb->settings['stopforumspam_check_usernames'], 294 $mybb->settings['stopforumspam_check_emails'], 295 $mybb->settings['stopforumspam_check_ips'], 296 $mybb->settings['stopforumspam_log_blocks'] 297 ); 298 299 try { 300 if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip())) 301 { 302 $errors[] = $lang->sprintf($lang->error_stop_forum_spam_spammer, 303 $stop_forum_spam_checker->getErrorText(array( 304 'stopforumspam_check_usernames', 305 'stopforumspam_check_ips' 306 ))); 307 } 308 } 309 catch (Exception $e) 310 { 311 if($mybb->settings['stopforumspam_block_on_error']) 312 { 313 $errors[] = $lang->error_stop_forum_spam_fetching; 314 } 315 } 316 } 317 } 318 // This user is logged in. 319 else 320 { 321 $username = $mybb->user['username']; 322 $uid = $mybb->user['uid']; 323 } 324 325 // Attempt to see if this post is a duplicate or not 326 if($uid > 0) 327 { 328 $user_check = "p.uid='{$uid}'"; 329 } 330 else 331 { 332 $user_check = "p.ipaddress=".$db->escape_binary($session->packedip); 333 } 334 if(!$mybb->get_input('savedraft') && !$pid) 335 { 336 $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.dateline>".(TIME_NOW-600)); 337 if($db->num_rows($query) > 0) 338 { 339 error($lang->error_post_already_submitted); 340 } 341 } 342 343 // Set up posthandler. 344 require_once MYBB_ROOT."inc/datahandlers/post.php"; 345 $posthandler = new PostDataHandler("insert"); 346 $posthandler->action = "thread"; 347 348 // Set the thread data that came from the input to the $thread array. 349 $new_thread = array( 350 "fid" => $forum['fid'], 351 "subject" => $mybb->get_input('subject'), 352 "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT), 353 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 354 "uid" => $uid, 355 "username" => $username, 356 "message" => $mybb->get_input('message'), 357 "ipaddress" => $session->packedip, 358 "posthash" => $mybb->get_input('posthash') 359 ); 360 361 if($pid != '') 362 { 363 $new_thread['pid'] = $pid; 364 } 365 366 // Are we saving a draft thread? 367 if($mybb->get_input('savedraft') && $mybb->user['uid']) 368 { 369 $new_thread['savedraft'] = 1; 370 } 371 else 372 { 373 $new_thread['savedraft'] = 0; 374 } 375 376 // Is this thread already a draft and we're updating it? 377 if(isset($thread['tid']) && $thread['visible'] == -2) 378 { 379 $new_thread['tid'] = $thread['tid']; 380 } 381 382 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 383 if(!isset($postoptions['signature'])) 384 { 385 $postoptions['signature'] = 0; 386 } 387 if(!isset($postoptions['subscriptionmethod'])) 388 { 389 $postoptions['subscriptionmethod'] = 0; 390 } 391 if(!isset($postoptions['disablesmilies'])) 392 { 393 $postoptions['disablesmilies'] = 0; 394 } 395 396 // Set up the thread options from the input. 397 $new_thread['options'] = array( 398 "signature" => $postoptions['signature'], 399 "subscriptionmethod" => $postoptions['subscriptionmethod'], 400 "disablesmilies" => $postoptions['disablesmilies'] 401 ); 402 403 // Apply moderation options if we have them 404 $new_thread['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 405 406 $posthandler->set_data($new_thread); 407 408 // Now let the post handler do all the hard work. 409 $valid_thread = $posthandler->validate_thread(); 410 411 $post_errors = array(); 412 // Fetch friendly error messages if this is an invalid thread 413 if(!$valid_thread) 414 { 415 $post_errors = $posthandler->get_friendly_errors(); 416 } 417 418 // Check captcha image 419 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 420 { 421 require_once MYBB_ROOT.'inc/class_captcha.php'; 422 $post_captcha = new captcha; 423 424 if($post_captcha->validate_captcha() == false) 425 { 426 // CAPTCHA validation failed 427 foreach($post_captcha->get_errors() as $error) 428 { 429 $post_errors[] = $error; 430 } 431 } 432 else 433 { 434 $hide_captcha = true; 435 } 436 } 437 438 // One or more errors returned, fetch error list and throw to newthread page 439 if(count($post_errors) > 0) 440 { 441 $thread_errors = inline_error($post_errors); 442 $mybb->input['action'] = "newthread"; 443 } 444 // No errors were found, it is safe to insert the thread. 445 else 446 { 447 $thread_info = $posthandler->insert_thread(); 448 $tid = $thread_info['tid']; 449 $visible = $thread_info['visible']; 450 451 // Invalidate solved captcha 452 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 453 { 454 $post_captcha->invalidate_captcha(); 455 } 456 457 $force_redirect = false; 458 459 // Mark thread as read 460 require_once MYBB_ROOT."inc/functions_indicators.php"; 461 mark_thread_read($tid, $fid); 462 463 // We were updating a draft thread, send them back to the draft listing. 464 if($new_thread['savedraft'] == 1) 465 { 466 $lang->redirect_newthread = $lang->draft_saved; 467 $url = "usercp.php?action=drafts"; 468 } 469 470 // A poll was being posted with this thread, throw them to poll posting page. 471 else if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls']) 472 { 473 $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT); 474 $lang->redirect_newthread .= $lang->redirect_newthread_poll; 475 } 476 477 // This thread is stuck in the moderation queue, send them back to the forum. 478 else if(!$visible) 479 { 480 // Moderated thread 481 $lang->redirect_newthread .= $lang->redirect_newthread_moderation; 482 $url = get_forum_link($fid); 483 484 // User must see moderation notice, regardless of redirect settings 485 $force_redirect = true; 486 } 487 488 // The thread is being made in a forum the user cannot see threads in, send them back to the forum. 489 else if($visible == 1 && $forumpermissions['canviewthreads'] != 1) 490 { 491 $lang->redirect_newthread .= $lang->redirect_newthread_unviewable; 492 $url = get_forum_link($fid); 493 494 // User must see permission notice, regardless of redirect settings 495 $force_redirect = true; 496 } 497 498 // This is just a normal thread - send them to it. 499 else 500 { 501 // Visible thread 502 $lang->redirect_newthread .= $lang->redirect_newthread_thread; 503 $url = get_thread_link($tid); 504 } 505 506 // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected 507 if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 508 { 509 // We quoted all posts - remove the entire cookie 510 if($mybb->get_input('quoted_ids') == "all") 511 { 512 my_unsetcookie("multiquote"); 513 } 514 } 515 516 $plugins->run_hooks("newthread_do_newthread_end"); 517 518 // Hop to it! Send them to the next page. 519 if(!$mybb->get_input('postpoll', MyBB::INPUT_INT)) 520 { 521 $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); 522 } 523 redirect($url, $lang->redirect_newthread, "", $force_redirect); 524 } 525 } 526 527 if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft") 528 { 529 $plugins->run_hooks("newthread_start"); 530 531 // Do we have attachment errors? 532 if(count($errors) > 0) 533 { 534 $thread_errors = inline_error($errors); 535 } 536 537 $multiquote_external = $quoted_ids = ''; 538 539 $subject = $message = ''; 540 // If this isn't a preview and we're not editing a draft, then handle quoted posts 541 if(empty($mybb->input['previewpost']) && !$thread_errors && $mybb->input['action'] != "editdraft") 542 { 543 $quoted_posts = array(); 544 // Handle multiquote 545 if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 546 { 547 $multiquoted = explode("|", $mybb->cookies['multiquote']); 548 foreach($multiquoted as $post) 549 { 550 $quoted_posts[$post] = (int)$post; 551 } 552 } 553 554 // Quoting more than one post - fetch them 555 if(count($quoted_posts) > 0) 556 { 557 $external_quotes = 0; 558 $quoted_posts = implode(",", $quoted_posts); 559 $unviewable_forums = get_unviewable_forums(); 560 $inactiveforums = get_inactive_forums(); 561 if($unviewable_forums) 562 { 563 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 564 } 565 if($inactiveforums) 566 { 567 $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})"; 568 } 569 570 if(is_moderator($fid)) 571 { 572 $visible_where = "AND p.visible != 2"; 573 } 574 else 575 { 576 $visible_where = "AND p.visible > 0"; 577 } 578 579 // Check group permissions if we can't view threads not started by us 580 $group_permissions = forum_permissions(); 581 $onlyusfids = array(); 582 $onlyusforums = ''; 583 foreach($group_permissions as $gpfid => $forum_permissions) 584 { 585 if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1) 586 { 587 $onlyusfids[] = $gpfid; 588 } 589 } 590 if(!empty($onlyusfids)) 591 { 592 $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))"; 593 } 594 595 if($mybb->get_input('load_all_quotes', MyBB::INPUT_INT) == 1) 596 { 597 $query = $db->query(" 598 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername 599 FROM ".TABLE_PREFIX."posts p 600 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 601 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 602 WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where} 603 ORDER BY p.dateline, p.pid 604 "); 605 while($quoted_post = $db->fetch_array($query)) 606 { 607 if($quoted_post['userusername']) 608 { 609 $quoted_post['username'] = $quoted_post['userusername']; 610 } 611 $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']); 612 $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']); 613 $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']); 614 $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n"; 615 } 616 617 $quoted_ids = "all"; 618 } 619 else 620 { 621 $query = $db->query(" 622 SELECT COUNT(*) AS quotes 623 FROM ".TABLE_PREFIX."posts p 624 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 625 WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where} 626 "); 627 $external_quotes = $db->fetch_field($query, 'quotes'); 628 629 if($external_quotes > 0) 630 { 631 if($external_quotes == 1) 632 { 633 $multiquote_text = $lang->multiquote_external_one; 634 $multiquote_deselect = $lang->multiquote_external_one_deselect; 635 $multiquote_quote = $lang->multiquote_external_one_quote; 636 } 637 else 638 { 639 $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes); 640 $multiquote_deselect = $lang->multiquote_external_deselect; 641 $multiquote_quote = $lang->multiquote_external_quote; 642 } 643 eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";"); 644 } 645 } 646 } 647 } 648 649 if(isset($mybb->input['quoted_ids'])) 650 { 651 $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids')); 652 } 653 654 $postoptionschecked = array('signature' => '', 'disablesmilies' => ''); 655 $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = ''; 656 $postpollchecked = ''; 657 658 // Check the various post options if we're 659 // a -> previewing a post 660 // b -> removing an attachment 661 // c -> adding a new attachment 662 // d -> have errors from posting 663 664 if(!empty($mybb->input['previewpost']) || $mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors) 665 { 666 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 667 if(isset($postoptions['signature']) && $postoptions['signature'] == 1) 668 { 669 $postoptionschecked['signature'] = " checked=\"checked\""; 670 } 671 if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1) 672 { 673 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 674 } 675 if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1) 676 { 677 $postpollchecked = "checked=\"checked\""; 678 } 679 $subscription_method = get_subscription_method($tid, $postoptions); 680 $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT); 681 } 682 683 // Editing a draft thread 684 else if($mybb->input['action'] == "editdraft" && $mybb->user['uid']) 685 { 686 $mybb->input['threadprefix'] = $thread['prefix']; 687 $message = htmlspecialchars_uni($post['message']); 688 $subject = htmlspecialchars_uni($post['subject']); 689 if($post['includesig'] != 0) 690 { 691 $postoptionschecked['signature'] = " checked=\"checked\""; 692 } 693 if($post['smilieoff'] == 1) 694 { 695 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 696 } 697 $icon = $post['icon']; 698 699 $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts 700 $numpolloptions = "2"; 701 } 702 703 // Otherwise, this is our initial visit to this page. 704 else 705 { 706 if($mybb->user['signature'] != '') 707 { 708 $postoptionschecked['signature'] = " checked=\"checked\""; 709 } 710 $subscription_method = get_subscription_method($tid); // Fresh thread, let the function set the appropriate method 711 $numpolloptions = "2"; 712 } 713 714 ${$subscription_method.'subscribe'} = "checked=\"checked\" "; 715 $preview = ''; 716 717 // If we're previewing a post then generate the preview. 718 if(!empty($mybb->input['previewpost'])) 719 { 720 // If this isn't a logged in user, then we need to do some special validation. 721 if($mybb->user['uid'] == 0) 722 { 723 // If they didn't specify a username leave blank so $lang->guest can be used on output 724 if(!$mybb->get_input('username')) 725 { 726 $username = ''; 727 } 728 // Otherwise use the name they specified. 729 else 730 { 731 $username = $mybb->get_input('username'); 732 } 733 $uid = 0; 734 } 735 // This user is logged in. 736 else 737 { 738 $username = $mybb->user['username']; 739 $uid = $mybb->user['uid']; 740 } 741 742 // Set up posthandler. 743 require_once MYBB_ROOT."inc/datahandlers/post.php"; 744 $posthandler = new PostDataHandler("insert"); 745 $posthandler->action = "thread"; 746 747 // Set the thread data that came from the input to the $thread array. 748 $new_thread = array( 749 "fid" => $forum['fid'], 750 "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT), 751 "subject" => $mybb->get_input('subject'), 752 "icon" => $mybb->get_input('icon'), 753 "uid" => $uid, 754 "username" => $username, 755 "message" => $mybb->get_input('message'), 756 "ipaddress" => $session->packedip, 757 "posthash" => $mybb->get_input('posthash') 758 ); 759 760 if($pid != '') 761 { 762 $new_thread['pid'] = $pid; 763 } 764 765 $posthandler->set_data($new_thread); 766 767 // Now let the post handler do all the hard work. 768 $valid_thread = $posthandler->verify_message(); 769 $valid_subject = $posthandler->verify_subject(); 770 771 // guest post --> verify author 772 if($new_thread['uid'] == 0) 773 { 774 $valid_username = $posthandler->verify_author(); 775 } 776 else 777 { 778 $valid_username = true; 779 } 780 781 $post_errors = array(); 782 // Fetch friendly error messages if this is an invalid post 783 if(!$valid_thread || !$valid_subject || !$valid_username) 784 { 785 $post_errors = $posthandler->get_friendly_errors(); 786 } 787 788 // One or more errors returned, fetch error list and throw to newreply page 789 if(count($post_errors) > 0) 790 { 791 $thread_errors = inline_error($post_errors); 792 } 793 else 794 { 795 $query = $db->query(" 796 SELECT u.*, f.* 797 FROM ".TABLE_PREFIX."users u 798 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 799 WHERE u.uid='".$mybb->user['uid']."' 800 "); 801 $post = $db->fetch_array($query); 802 $post['username'] = $username; 803 if($mybb->user['uid']) 804 { 805 $post['userusername'] = $mybb->user['username']; 806 } 807 $previewmessage = $mybb->get_input('message'); 808 $post['message'] = $previewmessage; 809 $post['subject'] = $mybb->get_input('subject'); 810 $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 811 $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 812 if(isset($mybb->input['postoptions']['disablesmilies'])) 813 { 814 $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies']; 815 } 816 $post['dateline'] = TIME_NOW; 817 if(isset($mybb->input['postoptions']['signature'])) 818 { 819 $post['includesig'] = $mybb->input['postoptions']['signature']; 820 } 821 if(!isset($post['includesig']) || $post['includesig'] != 1) 822 { 823 $post['includesig'] = 0; 824 } 825 826 // Fetch attachments assigned to this post 827 if($mybb->get_input('pid', MyBB::INPUT_INT)) 828 { 829 $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'"; 830 } 831 else 832 { 833 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 834 } 835 836 $query = $db->simple_select("attachments", "*", $attachwhere); 837 while($attachment = $db->fetch_array($query)) 838 { 839 $attachcache[0][$attachment['aid']] = $attachment; 840 } 841 842 $postbit = build_postbit($post, 1); 843 eval("\$preview = \"".$templates->get("previewpost")."\";"); 844 } 845 $message = htmlspecialchars_uni($mybb->get_input('message')); 846 $subject = htmlspecialchars_uni($mybb->get_input('subject')); 847 } 848 849 // Removing an attachment or adding a new one, or showing thread errors. 850 else if($mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors) 851 { 852 $message = htmlspecialchars_uni($mybb->get_input('message')); 853 $subject = htmlspecialchars_uni($mybb->get_input('subject')); 854 } 855 856 // Generate thread prefix selector 857 if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT)) 858 { 859 $mybb->input['threadprefix'] = 0; 860 } 861 862 $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT)); 863 864 $posthash = htmlspecialchars_uni($mybb->get_input('posthash')); 865 866 // Hide signature option if no permission 867 $signature = ''; 868 if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature']) 869 { 870 eval("\$signature = \"".$templates->get('newthread_signature')."\";"); 871 } 872 873 // Can we disable smilies or are they disabled already? 874 $disablesmilies = ''; 875 if($forum['allowsmilies'] != 0) 876 { 877 eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";"); 878 } 879 880 $postoptions = ''; 881 if(!empty($signature) || !empty($disablesmilies)) 882 { 883 eval("\$postoptions = \"".$templates->get("newthread_postoptions")."\";"); 884 $bgcolor = "trow2"; 885 $bgcolor2 = "trow1"; 886 } 887 else 888 { 889 $bgcolor = "trow1"; 890 $bgcolor2 = "trow2"; 891 } 892 893 $modoptions = ''; 894 // Show the moderator options 895 if(is_moderator($fid)) 896 { 897 $modoptions = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 898 if(isset($modoptions['closethread']) && $modoptions['closethread'] == 1) 899 { 900 $closecheck = "checked=\"checked\""; 901 } 902 else 903 { 904 $closecheck = ''; 905 } 906 if(isset($modoptions['stickthread']) && $modoptions['stickthread'] == 1) 907 { 908 $stickycheck = "checked=\"checked\""; 909 } 910 else 911 { 912 $stickycheck = ''; 913 } 914 915 $closeoption = ''; 916 if(is_moderator($fid, "canopenclosethreads")) 917 { 918 eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";"); 919 } 920 921 $stickoption = ''; 922 if(is_moderator($fid, "canstickunstickthreads")) 923 { 924 eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";"); 925 } 926 927 if(!empty($closeoption) || !empty($stickoption)) 928 { 929 eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";"); 930 $bgcolor = "trow1"; 931 $bgcolor2 = "trow2"; 932 } 933 else 934 { 935 $bgcolor = "trow2"; 936 $bgcolor2 = "trow1"; 937 } 938 } 939 else 940 { 941 $bgcolor = "trow2"; 942 $bgcolor2 = "trow1"; 943 } 944 945 // Fetch subscription select box 946 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 947 948 if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0) 949 { // Get a listing of the current attachments, if there are any 950 $attachcount = 0; 951 if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) 952 { 953 $attachwhere = "pid='$pid'"; 954 } 955 else 956 { 957 $attachwhere = "posthash='".$db->escape_string($posthash)."'"; 958 } 959 $query = $db->simple_select("attachments", "*", $attachwhere); 960 $attachments = ''; 961 while($attachment = $db->fetch_array($query)) 962 { 963 $attachment['size'] = get_friendly_size($attachment['filesize']); 964 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 965 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 966 967 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 968 { 969 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 970 } 971 972 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 973 974 $attach_mod_options = ''; 975 if($attachment['visible'] != 1) 976 { 977 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 978 } 979 else 980 { 981 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 982 } 983 $attachcount++; 984 } 985 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 986 $usage = $db->fetch_array($query); 987 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 988 { 989 $noshowattach = 1; 990 } 991 if($mybb->usergroup['attachquota'] == 0) 992 { 993 $friendlyquota = $lang->unlimited; 994 } 995 else 996 { 997 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 998 } 999 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota); 1000 1001 $link_viewattachments = ''; 1002 if($usage['ausage'] !== NULL) 1003 { 1004 $friendlyusage = get_friendly_size($usage['ausage']); 1005 $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage); 1006 eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";"); 1007 } 1008 else 1009 { 1010 $lang->attach_usage = ""; 1011 } 1012 1013 $attach_add_options = ''; 1014 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !isset($noshowattach)) 1015 { 1016 eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";"); 1017 } 1018 1019 $attach_update_options = ''; 1020 if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0) 1021 { 1022 eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";"); 1023 } 1024 1025 if($attach_add_options || $attach_update_options) 1026 { 1027 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 1028 } 1029 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 1030 1031 $bgcolor = alt_trow(); 1032 } 1033 else 1034 { 1035 $attachbox = ''; 1036 } 1037 1038 $savedraftbutton = ''; 1039 if($mybb->user['uid']) 1040 { 1041 eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";"); 1042 } 1043 1044 $captcha = ''; 1045 1046 // Show captcha image for guests if enabled 1047 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 1048 { 1049 $correct = false; 1050 require_once MYBB_ROOT.'inc/class_captcha.php'; 1051 $post_captcha = new captcha(false, "post_captcha"); 1052 1053 if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1) 1054 { 1055 // If previewing a post - check their current captcha input - if correct, hide the captcha input area 1056 // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits 1057 if($post_captcha->validate_captcha() == true) 1058 { 1059 $correct = true; 1060 1061 // Generate a hidden list of items for our captcha 1062 $captcha = $post_captcha->build_hidden_captcha(); 1063 } 1064 } 1065 1066 if(!$correct) 1067 { 1068 if($post_captcha->type == captcha::DEFAULT_CAPTCHA) 1069 { 1070 $post_captcha->build_captcha(); 1071 } 1072 elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))) 1073 { 1074 $post_captcha->build_recaptcha(); 1075 } 1076 elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))) 1077 { 1078 $post_captcha->build_hcaptcha(); 1079 } 1080 elseif($post_captcha->type == captcha::CFTURNSTILE) 1081 { 1082 $post_captcha->build_cfturnstile(); 1083 } 1084 } 1085 else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))) 1086 { 1087 $post_captcha->build_recaptcha(); 1088 } 1089 else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))) 1090 { 1091 $post_captcha->build_hcaptcha(); 1092 } 1093 else if($correct && ($post_captcha->type == captcha::CFTURNSTILE)) 1094 { 1095 $post_captcha->build_cfturnstile(); 1096 } 1097 1098 if($post_captcha->html) 1099 { 1100 $captcha = $post_captcha->html; 1101 } 1102 } 1103 1104 $pollbox = ''; 1105 1106 if($forumpermissions['canpostpolls'] != 0) 1107 { 1108 $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']); 1109 eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";"); 1110 } 1111 1112 // Do we have any forum rules to show for this forum? 1113 $forumrules = ''; 1114 if($forum['rulestype'] >= 2 && $forum['rules']) 1115 { 1116 if(!$forum['rulestitle']) 1117 { 1118 $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']); 1119 } 1120 1121 if(empty($parser)) 1122 { 1123 require_once MYBB_ROOT.'inc/class_parser.php'; 1124 $parser = new postParser; 1125 } 1126 1127 $rules_parser = array( 1128 "allow_html" => 1, 1129 "allow_mycode" => 1, 1130 "allow_smilies" => 1, 1131 "allow_imgcode" => 1 1132 ); 1133 1134 $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser); 1135 $foruminfo = $forum; 1136 1137 if($forum['rulestype'] == 3) 1138 { 1139 eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";"); 1140 } 1141 else if($forum['rulestype'] == 2) 1142 { 1143 eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";"); 1144 } 1145 } 1146 1147 $moderation_notice = ''; 1148 if(!is_moderator($forum['fid'], "canapproveunapproveattachs")) 1149 { 1150 if($forumpermissions['modattachments'] == 1 && $forumpermissions['canpostattachments'] != 0) 1151 { 1152 $moderation_text = $lang->moderation_forum_attachments; 1153 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1154 } 1155 } 1156 1157 if(!is_moderator($forum['fid'], "canapproveunapprovethreads")) 1158 { 1159 if($forumpermissions['modthreads'] == 1) 1160 { 1161 $moderation_text = $lang->moderation_forum_thread; 1162 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1163 } 1164 } 1165 1166 if(!is_moderator($forum['fid'], "canapproveunapproveposts")) 1167 { 1168 if($mybb->user['moderateposts'] == 1) 1169 { 1170 $moderation_text = $lang->moderation_user_posts; 1171 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1172 } 1173 } 1174 1175 $php_max_upload_size = get_php_upload_limit(); 1176 $php_max_file_uploads = (int)ini_get('max_file_uploads'); 1177 eval("\$post_javascript = \"".$templates->get("post_javascript")."\";"); 1178 1179 $plugins->run_hooks("newthread_end"); 1180 1181 $forum['name'] = strip_tags($forum['name']); 1182 $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']); 1183 1184 eval("\$newthread = \"".$templates->get("newthread")."\";"); 1185 output_page($newthread); 1186 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |