[ Index ]

PHP Cross Reference of MyBB 1.8.37

title

Body

[close]

/ -> newthread.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newthread.php');
  13  
  14  $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,postbit,post_attachments_attachment_unapproved,newreply_modoptions_close,newreply_modoptions_stick";
  15  $templatelist .= ",newthread_disablesmilies,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove,postbit_warninglevel_formatted,postbit_icon";
  16  $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_signature,post_prefixselect_prefix,post_prefixselect_single,posticons_icon";
  17  $templatelist .= ",post_captcha_hidden,post_captcha_recaptcha_invisible,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_gotopost,newthread_postoptions,post_attachments_add,post_attachments_viewlink";
  18  $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest,post_captcha";
  19  $templatelist .= ",postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_reputation_formatted_link,post_attachments_update,postbit_offline,newreply_modoptions,newthread_multiquote_external";
  21  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,newthread_draftinput,global_moderation_notice,postbit_online,postbit_away,attachment_icon,postbit_userstar,postbit_groupimage";
  22  
  23  require_once  "./global.php";
  24  require_once  MYBB_ROOT."inc/functions_post.php";
  25  require_once  MYBB_ROOT."inc/functions_user.php";
  26  require_once  MYBB_ROOT."inc/functions_upload.php";
  27  
  28  // Load global language phrases
  29  $lang->load("newthread");
  30  
  31  $tid = $pid = 0;
  32  $mybb->input['action'] = $mybb->get_input('action');
  33  $mybb->input['tid'] = $mybb->get_input('tid', MyBB::INPUT_INT);
  34  $mybb->input['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
  35  if($mybb->input['action'] == "editdraft" || ($mybb->get_input('savedraft') && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid']))
  36  {
  37      $thread = get_thread($mybb->input['tid']);
  38  
  39      $query = $db->simple_select("posts", "*", "tid='".$mybb->input['tid']."' AND visible='-2'", array('order_by' => 'dateline, pid', 'limit' => 1));
  40      $post = $db->fetch_array($query);
  41  
  42      if(!$thread || !$post || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])
  43      {
  44          error($lang->invalidthread);
  45      }
  46  
  47      $pid = $post['pid'];
  48      $fid = $thread['fid'];
  49      $tid = $thread['tid'];
  50      eval("\$editdraftpid = \"".$templates->get("newthread_draftinput")."\";");
  51  }
  52  else
  53  {
  54      $fid = $mybb->get_input('fid', MyBB::INPUT_INT);
  55      $editdraftpid = '';
  56  }
  57  
  58  // Fetch forum information.
  59  $forum = get_forum($fid);
  60  if(!$forum)
  61  {
  62      error($lang->error_invalidforum);
  63  }
  64  
  65  // Draw the navigation
  66  build_forum_breadcrumb($fid);
  67  add_breadcrumb($lang->nav_newthread);
  68  
  69  $forumpermissions = forum_permissions($fid);
  70  
  71  if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "")
  72  {
  73      error($lang->error_closedinvalidforum);
  74  }
  75  
  76  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0)
  77  {
  78      error_no_permission();
  79  }
  80  
  81  if($mybb->user['suspendposting'] == 1)
  82  {
  83      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
  84      if($mybb->user['suspensiontime'])
  85      {
  86          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
  87      }
  88  
  89      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
  90  
  91      error($lang->error_suspendedposting);
  92  }
  93  
  94  // Check if this forum is password protected and we have a valid password
  95  check_forum_password($forum['fid']);
  96  
  97  // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter.
  98  $codebuttons = '';
  99  $smilieinserter = '';
 100  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 101  {
 102      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 103      if($forum['allowsmilies'] != 0)
 104      {
 105          $smilieinserter = build_clickable_smilies();
 106      }
 107  }
 108  
 109  // Does this forum allow post icons? If so, fetch the post icons.
 110  if($forum['allowpicons'] != 0)
 111  {
 112      $posticons = get_post_icons();
 113  }
 114  
 115  // If we have a currently logged in user then fetch the change user box.
 116  if($mybb->user['uid'] != 0)
 117  {
 118      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 119      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 120  }
 121  
 122  // Otherwise we have a guest, determine the "username" and get the login box.
 123  else
 124  {
 125      if(!isset($mybb->input['previewpost']) && $mybb->input['action'] != "do_newthread")
 126      {
 127          $username = '';
 128      }
 129      else
 130      {
 131          $username = htmlspecialchars_uni($mybb->get_input('username'));
 132      }
 133      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 134  }
 135  
 136  // If we're not performing a new thread insert and not editing a draft then we're posting a new thread.
 137  if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft")
 138  {
 139      $mybb->input['action'] = "newthread";
 140  }
 141  
 142  // Previewing a post, overwrite the action to the new thread action.
 143  if(!empty($mybb->input['previewpost']))
 144  {
 145      $mybb->input['action'] = "newthread";
 146  }
 147  
 148  // Setup a unique posthash for attachment management
 149  if(!$mybb->get_input('posthash') && !$pid)
 150  {
 151      $mybb->input['posthash'] = md5($mybb->user['uid'].random_str());
 152  }
 153  
 154  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 155  {
 156      error($lang->error_empty_post_input);
 157  }
 158  
 159  $errors = array();
 160  $maximageserror = $attacherror = '';
 161  
 162  // Handle attachments if we've got any.
 163  if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && $_FILES['attachments'])))
 164  {
 165      // Verify incoming POST request
 166      verify_post_check($mybb->get_input('my_post_key'));
 167  
 168      if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 169      {
 170          $attachwhere = "pid='{$pid}'";
 171      }
 172      else
 173      {
 174          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 175      }
 176  
 177      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newthread");
 178  
 179      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 180      {
 181          if(isset($ret['success']))
 182          {
 183              $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}');
 184              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 185              {
 186                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 187              }
 188              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 189              $attach_mod_options = '';
 190              eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";");
 191              $ret['template'] = $attemplate;
 192  
 193              $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 194              $usage = $db->fetch_array($query);
 195              $ret['usage'] = get_friendly_size($usage['ausage']);
 196          }
 197          
 198          header("Content-type: application/json; charset={$lang->settings['charset']}");
 199          echo json_encode($ret);
 200          exit();
 201      }
 202  
 203      if(!empty($ret['errors']))
 204      {
 205          $errors = $ret['errors'];
 206      }
 207  
 208      // If we were dealing with an attachment but didn't click 'Post Thread' or 'Save as Draft', force the new thread page again.
 209      if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft'))
 210      {
 211          $mybb->input['action'] = "newthread";
 212      }
 213  }
 214  
 215  detect_attachmentact();
 216  
 217  // Are we removing an attachment from the thread?
 218  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 219  {
 220      // Verify incoming POST request
 221      verify_post_check($mybb->get_input('my_post_key'));
 222  
 223      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 224  
 225      if(!$mybb->get_input('submit'))
 226      {
 227          $mybb->input['action'] = "newthread";
 228      }
 229  
 230      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 231      {
 232          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 233          $usage = $db->fetch_array($query);
 234  
 235          header("Content-type: application/json; charset={$lang->settings['charset']}");
 236          echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage'])));
 237          exit();
 238      }
 239  }
 240  
 241  $thread_errors = "";
 242  $hide_captcha = false;
 243  
 244  // Check the maximum posts per day for this user
 245  if($mybb->usergroup['maxposts'] > 0)
 246  {
 247      $daycut = TIME_NOW-60*60*24;
 248      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}");
 249      $post_count = $db->fetch_field($query, "posts_today");
 250      if($post_count >= $mybb->usergroup['maxposts'])
 251      {
 252          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 253          error($lang->error_maxposts);
 254      }
 255  }
 256  
 257  // Performing the posting of a new thread.
 258  if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post")
 259  {
 260      // Verify incoming POST request
 261      verify_post_check($mybb->get_input('my_post_key'));
 262  
 263      $plugins->run_hooks("newthread_do_newthread_start");
 264  
 265      // If this isn't a logged in user, then we need to do some special validation.
 266      if($mybb->user['uid'] == 0)
 267      {
 268          // If they didn't specify a username leave blank so $lang->guest can be used on output
 269          if(!$mybb->get_input('username'))
 270          {
 271              $username = '';
 272          }
 273          // Otherwise use the name they specified.
 274          else
 275          {
 276              $username = $mybb->get_input('username');
 277          }
 278          $uid = 0;
 279  
 280          if(!$mybb->user['uid'] && $mybb->settings['stopforumspam_on_newthread'])
 281          {
 282              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 283  
 284              $stop_forum_spam_checker = new StopForumSpamChecker(
 285                  $plugins,
 286                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 287                  $mybb->settings['stopforumspam_check_usernames'],
 288                  $mybb->settings['stopforumspam_check_emails'],
 289                  $mybb->settings['stopforumspam_check_ips'],
 290                  $mybb->settings['stopforumspam_log_blocks']
 291              );
 292  
 293              try {
 294                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 295                  {
 296                      $errors[] = $lang->sprintf($lang->error_stop_forum_spam_spammer,
 297                          $stop_forum_spam_checker->getErrorText(array(
 298                              'stopforumspam_check_usernames',
 299                              'stopforumspam_check_ips'
 300                              )));
 301                  }
 302              }
 303              catch (Exception $e)
 304              {
 305                  if($mybb->settings['stopforumspam_block_on_error'])
 306                  {
 307                      $errors[] = $lang->error_stop_forum_spam_fetching;
 308                  }
 309              }
 310          }
 311      }
 312      // This user is logged in.
 313      else
 314      {
 315          $username = $mybb->user['username'];
 316          $uid = $mybb->user['uid'];
 317      }
 318  
 319      // Attempt to see if this post is a duplicate or not
 320      if($uid > 0)
 321      {
 322          $user_check = "p.uid='{$uid}'";
 323      }
 324      else
 325      {
 326          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 327      }
 328      if(!$mybb->get_input('savedraft') && !$pid)
 329      {
 330          $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.dateline>".(TIME_NOW-600));
 331          if($db->num_rows($query) > 0)
 332          {
 333              error($lang->error_post_already_submitted);
 334          }
 335      }
 336  
 337      // Set up posthandler.
 338      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 339      $posthandler = new PostDataHandler("insert");
 340      $posthandler->action = "thread";
 341  
 342      // Set the thread data that came from the input to the $thread array.
 343      $new_thread = array(
 344          "fid" => $forum['fid'],
 345          "subject" => $mybb->get_input('subject'),
 346          "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 347          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 348          "uid" => $uid,
 349          "username" => $username,
 350          "message" => $mybb->get_input('message'),
 351          "ipaddress" => $session->packedip,
 352          "posthash" => $mybb->get_input('posthash')
 353      );
 354  
 355      if($pid != '')
 356      {
 357          $new_thread['pid'] = $pid;
 358      }
 359  
 360      // Are we saving a draft thread?
 361      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 362      {
 363          $new_thread['savedraft'] = 1;
 364      }
 365      else
 366      {
 367          $new_thread['savedraft'] = 0;
 368      }
 369  
 370      // Is this thread already a draft and we're updating it?
 371      if(isset($thread['tid']) && $thread['visible'] == -2)
 372      {
 373          $new_thread['tid'] = $thread['tid'];
 374      }
 375  
 376      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 377      if(!isset($postoptions['signature']))
 378      {
 379          $postoptions['signature'] = 0;
 380      }
 381      if(!isset($postoptions['subscriptionmethod']))
 382      {
 383          $postoptions['subscriptionmethod'] = 0;
 384      }
 385      if(!isset($postoptions['disablesmilies']))
 386      {
 387          $postoptions['disablesmilies'] = 0;
 388      }
 389  
 390      // Set up the thread options from the input.
 391      $new_thread['options'] = array(
 392          "signature" => $postoptions['signature'],
 393          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 394          "disablesmilies" => $postoptions['disablesmilies']
 395      );
 396  
 397      // Apply moderation options if we have them
 398      $new_thread['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 399  
 400      $posthandler->set_data($new_thread);
 401  
 402      // Now let the post handler do all the hard work.
 403      $valid_thread = $posthandler->validate_thread();
 404  
 405      $post_errors = array();
 406      // Fetch friendly error messages if this is an invalid thread
 407      if(!$valid_thread)
 408      {
 409          $post_errors = $posthandler->get_friendly_errors();
 410      }
 411  
 412      // Check captcha image
 413      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 414      {
 415          require_once  MYBB_ROOT.'inc/class_captcha.php';
 416          $post_captcha = new captcha;
 417  
 418          if($post_captcha->validate_captcha() == false)
 419          {
 420              // CAPTCHA validation failed
 421              foreach($post_captcha->get_errors() as $error)
 422              {
 423                  $post_errors[] = $error;
 424              }
 425          }
 426          else
 427          {
 428              $hide_captcha = true;
 429          }
 430      }
 431  
 432      // One or more errors returned, fetch error list and throw to newthread page
 433      if(count($post_errors) > 0)
 434      {
 435          $thread_errors = inline_error($post_errors);
 436          $mybb->input['action'] = "newthread";
 437      }
 438      // No errors were found, it is safe to insert the thread.
 439      else
 440      {
 441          $thread_info = $posthandler->insert_thread();
 442          $tid = $thread_info['tid'];
 443          $visible = $thread_info['visible'];
 444  
 445          // Invalidate solved captcha
 446          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 447          {
 448              $post_captcha->invalidate_captcha();
 449          }
 450  
 451          $force_redirect = false;
 452  
 453          // Mark thread as read
 454          require_once  MYBB_ROOT."inc/functions_indicators.php";
 455          mark_thread_read($tid, $fid);
 456  
 457          // We were updating a draft thread, send them back to the draft listing.
 458          if($new_thread['savedraft'] == 1)
 459          {
 460              $lang->redirect_newthread = $lang->draft_saved;
 461              $url = "usercp.php?action=drafts";
 462          }
 463  
 464          // A poll was being posted with this thread, throw them to poll posting page.
 465          else if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls'])
 466          {
 467              $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 468              $lang->redirect_newthread .= $lang->redirect_newthread_poll;
 469          }
 470  
 471          // This thread is stuck in the moderation queue, send them back to the forum.
 472          else if(!$visible)
 473          {
 474              // Moderated thread
 475              $lang->redirect_newthread .= $lang->redirect_newthread_moderation;
 476              $url = get_forum_link($fid);
 477  
 478              // User must see moderation notice, regardless of redirect settings
 479              $force_redirect = true;
 480          }
 481  
 482          // The thread is being made in a forum the user cannot see threads in, send them back to the forum.
 483          else if($visible == 1 && $forumpermissions['canviewthreads'] != 1)
 484          {
 485              $lang->redirect_newthread .= $lang->redirect_newthread_unviewable;
 486              $url = get_forum_link($fid);
 487  
 488              // User must see permission notice, regardless of redirect settings
 489              $force_redirect = true;
 490          }
 491  
 492          // This is just a normal thread - send them to it.
 493          else
 494          {
 495              // Visible thread
 496              $lang->redirect_newthread .= $lang->redirect_newthread_thread;
 497              $url = get_thread_link($tid);
 498          }
 499  
 500          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 501          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 502          {
 503              // We quoted all posts - remove the entire cookie
 504              if($mybb->get_input('quoted_ids') == "all")
 505              {
 506                  my_unsetcookie("multiquote");
 507              }
 508          }
 509  
 510          $plugins->run_hooks("newthread_do_newthread_end");
 511  
 512          // Hop to it! Send them to the next page.
 513          if(!$mybb->get_input('postpoll', MyBB::INPUT_INT))
 514          {
 515              $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 516          }
 517          redirect($url, $lang->redirect_newthread, "", $force_redirect);
 518      }
 519  }
 520  
 521  if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft")
 522  {
 523      $plugins->run_hooks("newthread_start");
 524  
 525      // Do we have attachment errors?
 526      if(count($errors) > 0)
 527      {
 528          $thread_errors = inline_error($errors);
 529      }
 530  
 531      $multiquote_external = $quoted_ids = '';
 532  
 533      $subject = $message = '';
 534      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 535      if(empty($mybb->input['previewpost']) && !$thread_errors && $mybb->input['action'] != "editdraft")
 536      {
 537          $quoted_posts = array();
 538          // Handle multiquote
 539          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 540          {
 541              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 542              foreach($multiquoted as $post)
 543              {
 544                  $quoted_posts[$post] = (int)$post;
 545              }
 546          }
 547  
 548          // Quoting more than one post - fetch them
 549          if(count($quoted_posts) > 0)
 550          {
 551              $external_quotes = 0;
 552              $quoted_posts = implode(",", $quoted_posts);
 553              $unviewable_forums = get_unviewable_forums();
 554              $inactiveforums = get_inactive_forums();
 555              if($unviewable_forums)
 556              {
 557                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 558              }
 559              if($inactiveforums)
 560              {
 561                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 562              }
 563  
 564              if(is_moderator($fid))
 565              {
 566                  $visible_where = "AND p.visible != 2";
 567              }
 568              else
 569              {
 570                  $visible_where = "AND p.visible > 0";
 571              }
 572  
 573              // Check group permissions if we can't view threads not started by us
 574              $group_permissions = forum_permissions();
 575              $onlyusfids = array();
 576              $onlyusforums = '';
 577              foreach($group_permissions as $gpfid => $forum_permissions)
 578              {
 579                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 580                  {
 581                      $onlyusfids[] = $gpfid;
 582                  }
 583              }
 584              if(!empty($onlyusfids))
 585              {
 586                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 587              }
 588  
 589              if($mybb->get_input('load_all_quotes', MyBB::INPUT_INT) == 1)
 590              {
 591                  $query = $db->query("
 592                      SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 593                      FROM ".TABLE_PREFIX."posts p
 594                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 595                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 596                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 597                      ORDER BY p.dateline, p.pid
 598                  ");
 599                  while($quoted_post = $db->fetch_array($query))
 600                  {
 601                      if($quoted_post['userusername'])
 602                      {
 603                          $quoted_post['username'] = $quoted_post['userusername'];
 604                      }
 605                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
 606                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
 607                      $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
 608                      $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n";
 609                  }
 610  
 611                  $quoted_ids = "all";
 612              }
 613              else
 614              {
 615                  $query = $db->query("
 616                      SELECT COUNT(*) AS quotes
 617                      FROM ".TABLE_PREFIX."posts p
 618                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 619                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 620                  ");
 621                  $external_quotes = $db->fetch_field($query, 'quotes');
 622  
 623                  if($external_quotes > 0)
 624                  {
 625                      if($external_quotes == 1)
 626                      {
 627                          $multiquote_text = $lang->multiquote_external_one;
 628                          $multiquote_deselect = $lang->multiquote_external_one_deselect;
 629                          $multiquote_quote = $lang->multiquote_external_one_quote;
 630                      }
 631                      else
 632                      {
 633                          $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 634                          $multiquote_deselect = $lang->multiquote_external_deselect;
 635                          $multiquote_quote = $lang->multiquote_external_quote;
 636                      }
 637                      eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";");
 638                  }
 639              }
 640          }
 641      }
 642  
 643      if(isset($mybb->input['quoted_ids']))
 644      {
 645          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids'));
 646      }
 647  
 648      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 649      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 650      $postpollchecked = '';
 651  
 652      // Check the various post options if we're
 653      // a -> previewing a post
 654      // b -> removing an attachment
 655      // c -> adding a new attachment
 656      // d -> have errors from posting
 657  
 658      if(!empty($mybb->input['previewpost']) || $mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 659      {
 660          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 661          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 662          {
 663              $postoptionschecked['signature'] = " checked=\"checked\"";
 664          }
 665          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 666          {
 667              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 668          }
 669          if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1)
 670          {
 671              $postpollchecked = "checked=\"checked\"";
 672          }
 673          $subscription_method = get_subscription_method($tid, $postoptions);
 674          $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 675      }
 676  
 677      // Editing a draft thread
 678      else if($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 679      {
 680          $mybb->input['threadprefix'] = $thread['prefix'];
 681          $message = htmlspecialchars_uni($post['message']);
 682          $subject = htmlspecialchars_uni($post['subject']);
 683          if($post['includesig'] != 0)
 684          {
 685              $postoptionschecked['signature'] = " checked=\"checked\"";
 686          }
 687          if($post['smilieoff'] == 1)
 688          {
 689              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 690          }
 691          $icon = $post['icon'];
 692          if($forum['allowpicons'] != 0)
 693          {
 694              $posticons = get_post_icons();
 695          }
 696          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 697          $numpolloptions = "2";
 698      }
 699  
 700      // Otherwise, this is our initial visit to this page.
 701      else
 702      {
 703          if($mybb->user['signature'] != '')
 704          {
 705              $postoptionschecked['signature'] = " checked=\"checked\"";
 706          }
 707          $subscription_method = get_subscription_method($tid); // Fresh thread, let the function set the appropriate method
 708          $numpolloptions = "2";
 709      }
 710  
 711      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 712      $preview = '';
 713  
 714      // If we're previewing a post then generate the preview.
 715      if(!empty($mybb->input['previewpost']))
 716      {
 717          // If this isn't a logged in user, then we need to do some special validation.
 718          if($mybb->user['uid'] == 0)
 719          {
 720              // If they didn't specify a username leave blank so $lang->guest can be used on output
 721              if(!$mybb->get_input('username'))
 722              {
 723                  $username = '';
 724              }
 725              // Otherwise use the name they specified.
 726              else
 727              {
 728                  $username = $mybb->get_input('username');
 729              }
 730              $uid = 0;
 731          }
 732          // This user is logged in.
 733          else
 734          {
 735              $username = $mybb->user['username'];
 736              $uid = $mybb->user['uid'];
 737          }
 738  
 739          // Set up posthandler.
 740          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 741          $posthandler = new PostDataHandler("insert");
 742          $posthandler->action = "thread";
 743  
 744          // Set the thread data that came from the input to the $thread array.
 745          $new_thread = array(
 746              "fid" => $forum['fid'],
 747              "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 748              "subject" => $mybb->get_input('subject'),
 749              "icon" => $mybb->get_input('icon'),
 750              "uid" => $uid,
 751              "username" => $username,
 752              "message" => $mybb->get_input('message'),
 753              "ipaddress" => $session->packedip,
 754              "posthash" => $mybb->get_input('posthash')
 755          );
 756  
 757          if($pid != '')
 758          {
 759              $new_thread['pid'] = $pid;
 760          }
 761  
 762          $posthandler->set_data($new_thread);
 763  
 764          // Now let the post handler do all the hard work.
 765          $valid_thread = $posthandler->verify_message();
 766          $valid_subject = $posthandler->verify_subject();
 767  
 768          // guest post --> verify author
 769          if($new_thread['uid'] == 0)
 770          {
 771              $valid_username = $posthandler->verify_author();
 772          }
 773          else
 774          {
 775              $valid_username = true;
 776          }
 777  
 778          $post_errors = array();
 779          // Fetch friendly error messages if this is an invalid post
 780          if(!$valid_thread || !$valid_subject || !$valid_username)
 781          {
 782              $post_errors = $posthandler->get_friendly_errors();
 783          }
 784  
 785          // One or more errors returned, fetch error list and throw to newreply page
 786          if(count($post_errors) > 0)
 787          {
 788              $thread_errors = inline_error($post_errors);
 789          }
 790          else
 791          {
 792              $query = $db->query("
 793                  SELECT u.*, f.*
 794                  FROM ".TABLE_PREFIX."users u
 795                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 796                  WHERE u.uid='".$mybb->user['uid']."'
 797              ");
 798              $post = $db->fetch_array($query);
 799              $post['username'] = $username;
 800              if($mybb->user['uid'])
 801              {
 802                  $post['userusername'] = $mybb->user['username'];
 803              }
 804              $previewmessage = $mybb->get_input('message');
 805              $post['message'] = $previewmessage;
 806              $post['subject'] = $mybb->get_input('subject');
 807              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 808              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 809              if(isset($mybb->input['postoptions']['disablesmilies']))
 810              {
 811                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
 812              }
 813              $post['dateline'] = TIME_NOW;
 814              if(isset($mybb->input['postoptions']['signature']))
 815              {
 816                  $post['includesig'] = $mybb->input['postoptions']['signature'];
 817              }
 818              if(!isset($post['includesig']) || $post['includesig'] != 1)
 819              {
 820                  $post['includesig'] = 0;
 821              }
 822  
 823              // Fetch attachments assigned to this post
 824              if($mybb->get_input('pid', MyBB::INPUT_INT))
 825              {
 826                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
 827              }
 828              else
 829              {
 830                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 831              }
 832  
 833              $query = $db->simple_select("attachments", "*", $attachwhere);
 834              while($attachment = $db->fetch_array($query))
 835              {
 836                  $attachcache[0][$attachment['aid']] = $attachment;
 837              }
 838  
 839              $postbit = build_postbit($post, 1);
 840              eval("\$preview = \"".$templates->get("previewpost")."\";");
 841          }
 842          $message = htmlspecialchars_uni($mybb->get_input('message'));
 843          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 844      }
 845  
 846      // Removing an attachment or adding a new one, or showing thread errors.
 847      else if($mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 848      {
 849          $message = htmlspecialchars_uni($mybb->get_input('message'));
 850          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 851      }
 852  
 853      // Generate thread prefix selector
 854      if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT))
 855      {
 856          $mybb->input['threadprefix'] = 0;
 857      }
 858  
 859      $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT));
 860  
 861      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
 862  
 863      // Hide signature option if no permission
 864      $signature = '';
 865      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
 866      {
 867          eval("\$signature = \"".$templates->get('newthread_signature')."\";");
 868      }
 869  
 870      // Can we disable smilies or are they disabled already?
 871      $disablesmilies = '';
 872      if($forum['allowsmilies'] != 0)
 873      {
 874          eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";");
 875      }
 876  
 877      $postoptions = '';
 878      if(!empty($signature) || !empty($disablesmilies))
 879      {
 880          eval("\$postoptions = \"".$templates->get("newthread_postoptions")."\";");
 881          $bgcolor = "trow2";
 882          $bgcolor2 = "trow1";
 883      }
 884      else
 885      {
 886          $bgcolor = "trow1";
 887          $bgcolor2 = "trow2";
 888      }
 889  
 890      $modoptions = '';
 891      // Show the moderator options
 892      if(is_moderator($fid))
 893      {
 894          $modoptions = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 895          if(isset($modoptions['closethread']) && $modoptions['closethread'] == 1)
 896          {
 897              $closecheck = "checked=\"checked\"";
 898          }
 899          else
 900          {
 901              $closecheck = '';
 902          }
 903          if(isset($modoptions['stickthread']) && $modoptions['stickthread'] == 1)
 904          {
 905              $stickycheck = "checked=\"checked\"";
 906          }
 907          else
 908          {
 909              $stickycheck = '';
 910          }
 911  
 912          $closeoption = '';
 913          if(is_moderator($fid, "canopenclosethreads"))
 914          {
 915              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
 916          }
 917  
 918          $stickoption = '';
 919          if(is_moderator($fid, "canstickunstickthreads"))
 920          {
 921              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
 922          }
 923  
 924          if(!empty($closeoption) || !empty($stickoption))
 925          {
 926              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
 927              $bgcolor = "trow1";
 928              $bgcolor2 = "trow2";
 929          }
 930          else
 931          {
 932              $bgcolor = "trow2";
 933              $bgcolor2 = "trow1";
 934          }
 935      }
 936      else
 937      {
 938          $bgcolor = "trow2";
 939          $bgcolor2 = "trow1";
 940      }
 941  
 942      // Fetch subscription select box
 943      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
 944  
 945      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
 946      { // Get a listing of the current attachments, if there are any
 947          $attachcount = 0;
 948          if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 949          {
 950              $attachwhere = "pid='$pid'";
 951          }
 952          else
 953          {
 954              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
 955          }
 956          $query = $db->simple_select("attachments", "*", $attachwhere);
 957          $attachments = '';
 958          while($attachment = $db->fetch_array($query))
 959          {
 960              $attachment['size'] = get_friendly_size($attachment['filesize']);
 961              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
 962              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
 963  
 964              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 965              {
 966                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 967              }
 968  
 969              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 970  
 971              $attach_mod_options = '';
 972              if($attachment['visible'] != 1)
 973              {
 974                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
 975              }
 976              else
 977              {
 978                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
 979              }
 980              $attachcount++;
 981          }
 982          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 983          $usage = $db->fetch_array($query);
 984          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
 985          {
 986              $noshowattach = 1;
 987          }
 988          if($mybb->usergroup['attachquota'] == 0)
 989          {
 990              $friendlyquota = $lang->unlimited;
 991          }
 992          else
 993          {
 994              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
 995          }
 996          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
 997  
 998          $link_viewattachments = '';
 999          if($usage['ausage'] !== NULL)
1000          {
1001              $friendlyusage = get_friendly_size($usage['ausage']);
1002              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
1003              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
1004          }
1005          else
1006          {
1007              $lang->attach_usage = "";
1008          }
1009  
1010          $attach_add_options = '';
1011          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !isset($noshowattach))
1012          {
1013              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1014          }
1015  
1016          $attach_update_options = '';
1017          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1018          {
1019              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1020          }
1021  
1022          if($attach_add_options || $attach_update_options)
1023          {
1024              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1025          }
1026          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1027  
1028          $bgcolor = alt_trow();
1029      }
1030      else
1031      {
1032          $attachbox = '';
1033      }
1034  
1035      if($mybb->user['uid'])
1036      {
1037          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1038      }
1039  
1040      $captcha = '';
1041  
1042      // Show captcha image for guests if enabled
1043      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1044      {
1045          $correct = false;
1046          require_once  MYBB_ROOT.'inc/class_captcha.php';
1047          $post_captcha = new captcha(false, "post_captcha");
1048  
1049          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1050          {
1051              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1052              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1053              if($post_captcha->validate_captcha() == true)
1054              {
1055                  $correct = true;
1056  
1057                  // Generate a hidden list of items for our captcha
1058                  $captcha = $post_captcha->build_hidden_captcha();
1059              }
1060          }
1061  
1062          if(!$correct)
1063          {
1064               if($post_captcha->type == captcha::DEFAULT_CAPTCHA)
1065              {
1066                  $post_captcha->build_captcha();
1067              }
1068              elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))
1069              {
1070                  $post_captcha->build_recaptcha();
1071              }
1072              elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))
1073              {
1074                  $post_captcha->build_hcaptcha();
1075              }
1076          }
1077          else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))))
1078          {
1079              $post_captcha->build_recaptcha();
1080          }
1081          else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))))
1082          {
1083              $post_captcha->build_hcaptcha();
1084          }
1085  
1086          if($post_captcha->html)
1087          {
1088              $captcha = $post_captcha->html;
1089          }
1090      }
1091  
1092      if($forumpermissions['canpostpolls'] != 0)
1093      {
1094          $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
1095          eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
1096      }
1097  
1098      // Do we have any forum rules to show for this forum?
1099      $forumrules = '';
1100      if($forum['rulestype'] >= 2 && $forum['rules'])
1101      {
1102          if(!$forum['rulestitle'])
1103          {
1104              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1105          }
1106  
1107          if(empty($parser))
1108          {
1109              require_once  MYBB_ROOT.'inc/class_parser.php';
1110              $parser = new postParser;
1111          }
1112  
1113          $rules_parser = array(
1114              "allow_html" => 1,
1115              "allow_mycode" => 1,
1116              "allow_smilies" => 1,
1117              "allow_imgcode" => 1
1118          );
1119  
1120          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1121          $foruminfo = $forum;
1122  
1123          if($forum['rulestype'] == 3)
1124          {
1125              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1126          }
1127          else if($forum['rulestype'] == 2)
1128          {
1129              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1130          }
1131      }
1132  
1133      $moderation_notice = '';
1134      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1135      {
1136          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1137          {
1138              $moderation_text = $lang->moderation_forum_attachments;
1139              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1140          }
1141      }
1142  
1143      if(!is_moderator($forum['fid'], "canapproveunapprovethreads"))
1144      {
1145          if($forumpermissions['modthreads'] == 1)
1146          {
1147              $moderation_text = $lang->moderation_forum_thread;
1148              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1149          }
1150      }
1151  
1152      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1153      {
1154          if($mybb->user['moderateposts'] == 1)
1155          {
1156              $moderation_text = $lang->moderation_user_posts;
1157              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1158          }
1159      }
1160  
1161      $php_max_upload_size = get_php_upload_limit();
1162      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1163      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1164  
1165      $plugins->run_hooks("newthread_end");
1166  
1167      $forum['name'] = strip_tags($forum['name']);
1168      $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']);
1169  
1170      eval("\$newthread = \"".$templates->get("newthread")."\";");
1171      output_page($newthread);
1172  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref