[ Index ]

PHP Cross Reference of MyBB 1.8.21

title

Body

[close]

/ -> newthread.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newthread.php');
  13  
  14  $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,postbit,post_attachments_attachment_unapproved,newreply_modoptions_close,newreply_modoptions_stick";
  15  $templatelist .= ",newthread_disablesmilies,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove,postbit_warninglevel_formatted,postbit_icon";
  16  $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_signature,post_prefixselect_prefix,post_prefixselect_single,posticons_icon";
  17  $templatelist .= ",post_captcha_hidden,post_captcha_recaptcha_invisible,post_captcha_nocaptcha,post_javascript,postbit_gotopost,newthread_postoptions,post_attachments_add,post_attachments_viewlink";
  18  $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest,post_captcha";
  19  $templatelist .= ",postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_reputation_formatted_link,post_attachments_update,postbit_offline,newreply_modoptions,newthread_multiquote_external";
  21  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,newthread_draftinput,global_moderation_notice,postbit_online,postbit_away,attachment_icon,postbit_userstar,postbit_groupimage";
  22  
  23  require_once  "./global.php";
  24  require_once  MYBB_ROOT."inc/functions_post.php";
  25  require_once  MYBB_ROOT."inc/functions_user.php";
  26  
  27  // Load global language phrases
  28  $lang->load("newthread");
  29  
  30  $tid = $pid = 0;
  31  $mybb->input['action'] = $mybb->get_input('action');
  32  $mybb->input['tid'] = $mybb->get_input('tid', MyBB::INPUT_INT);
  33  $mybb->input['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
  34  if($mybb->input['action'] == "editdraft" || ($mybb->get_input('savedraft') && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid']))
  35  {
  36      $thread = get_thread($mybb->input['tid']);
  37  
  38      $query = $db->simple_select("posts", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."' AND visible='-2'", array('order_by' => 'dateline', 'limit' => 1));
  39      $post = $db->fetch_array($query);
  40  
  41      if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])
  42      {
  43          error($lang->invalidthread);
  44      }
  45  
  46      $pid = $post['pid'];
  47      $fid = $thread['fid'];
  48      $tid = $thread['tid'];
  49      eval("\$editdraftpid = \"".$templates->get("newthread_draftinput")."\";");
  50  }
  51  else
  52  {
  53      $fid = $mybb->get_input('fid', MyBB::INPUT_INT);
  54      $editdraftpid = '';
  55  }
  56  
  57  // Fetch forum information.
  58  $forum = get_forum($fid);
  59  if(!$forum)
  60  {
  61      error($lang->error_invalidforum);
  62  }
  63  
  64  // Draw the navigation
  65  build_forum_breadcrumb($fid);
  66  add_breadcrumb($lang->nav_newthread);
  67  
  68  $forumpermissions = forum_permissions($fid);
  69  
  70  if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "")
  71  {
  72      error($lang->error_closedinvalidforum);
  73  }
  74  
  75  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0)
  76  {
  77      error_no_permission();
  78  }
  79  
  80  if($mybb->user['suspendposting'] == 1)
  81  {
  82      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
  83      if($mybb->user['suspensiontime'])
  84      {
  85          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
  86      }
  87  
  88      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
  89  
  90      error($lang->error_suspendedposting);
  91  }
  92  
  93  // Check if this forum is password protected and we have a valid password
  94  check_forum_password($forum['fid']);
  95  
  96  // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter.
  97  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
  98  {
  99      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 100      if($forum['allowsmilies'] != 0)
 101      {
 102          $smilieinserter = build_clickable_smilies();
 103      }
 104  }
 105  
 106  // Does this forum allow post icons? If so, fetch the post icons.
 107  if($forum['allowpicons'] != 0)
 108  {
 109      $posticons = get_post_icons();
 110  }
 111  
 112  // If we have a currently logged in user then fetch the change user box.
 113  if($mybb->user['uid'] != 0)
 114  {
 115      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 116      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 117  }
 118  
 119  // Otherwise we have a guest, determine the "username" and get the login box.
 120  else
 121  {
 122      if(!isset($mybb->input['previewpost']) && $mybb->input['action'] != "do_newthread")
 123      {
 124          $username = '';
 125      }
 126      else
 127      {
 128          $username = htmlspecialchars_uni($mybb->get_input('username'));
 129      }
 130      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 131  }
 132  
 133  // If we're not performing a new thread insert and not editing a draft then we're posting a new thread.
 134  if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft")
 135  {
 136      $mybb->input['action'] = "newthread";
 137  }
 138  
 139  // Previewing a post, overwrite the action to the new thread action.
 140  if(!empty($mybb->input['previewpost']))
 141  {
 142      $mybb->input['action'] = "newthread";
 143  }
 144  
 145  // Setup a unique posthash for attachment management
 146  if(!$mybb->get_input('posthash') && !$pid)
 147  {
 148      $mybb->input['posthash'] = md5($mybb->user['uid'].random_str());
 149  }
 150  
 151  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 152  {
 153      error($lang->error_empty_post_input);
 154  }
 155  
 156  $errors = array();
 157  $maximageserror = $attacherror = '';
 158  
 159  // Handle attachments if we've got any.
 160  if($mybb->settings['enableattachments'] == 1 && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit') && $_FILES['attachment'])))
 161  {
 162      // Verify incoming POST request
 163      verify_post_check($mybb->get_input('my_post_key'));
 164  
 165      if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 166      {
 167          $attachwhere = "pid='{$pid}'";
 168      }
 169      else
 170      {
 171          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 172      }
 173  
 174      require_once  MYBB_ROOT."inc/functions_upload.php";
 175  
 176      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newthread");
 177  
 178      if(!empty($ret['errors']))
 179      {
 180          $errors = $ret['errors'];
 181      }
 182  
 183      // If we were dealing with an attachment but didn't click 'Post Thread', force the new thread page again.
 184      if(!$mybb->get_input('submit'))
 185      {
 186          $mybb->input['action'] = "newthread";
 187      }
 188  }
 189  
 190  // Are we removing an attachment from the thread?
 191  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 192  {
 193      // Verify incoming POST request
 194      verify_post_check($mybb->get_input('my_post_key'));
 195  
 196      require_once  MYBB_ROOT."inc/functions_upload.php";
 197      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 198      if(!$mybb->get_input('submit'))
 199      {
 200          $mybb->input['action'] = "newthread";
 201      }
 202  
 203      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 204      {
 205          header("Content-type: application/json; charset={$lang->settings['charset']}");
 206          echo json_encode(array("success" => true));
 207          exit();
 208      }
 209  }
 210  
 211  $thread_errors = "";
 212  $hide_captcha = false;
 213  
 214  // Check the maximum posts per day for this user
 215  if($mybb->usergroup['maxposts'] > 0)
 216  {
 217      $daycut = TIME_NOW-60*60*24;
 218      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}");
 219      $post_count = $db->fetch_field($query, "posts_today");
 220      if($post_count >= $mybb->usergroup['maxposts'])
 221      {
 222          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 223          error($lang->error_maxposts);
 224      }
 225  }
 226  
 227  // Performing the posting of a new thread.
 228  if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post")
 229  {
 230      // Verify incoming POST request
 231      verify_post_check($mybb->get_input('my_post_key'));
 232  
 233      $plugins->run_hooks("newthread_do_newthread_start");
 234  
 235      // If this isn't a logged in user, then we need to do some special validation.
 236      if($mybb->user['uid'] == 0)
 237      {
 238          // If they didn't specify a username leave blank so $lang->guest can be used on output
 239          if(!$mybb->get_input('username'))
 240          {
 241              $username = '';
 242          }
 243          // Otherwise use the name they specified.
 244          else
 245          {
 246              $username = $mybb->get_input('username');
 247          }
 248          $uid = 0;
 249  
 250          if(!$mybb->user['uid'] && $mybb->settings['stopforumspam_on_newthread'])
 251          {
 252              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 253  
 254              $stop_forum_spam_checker = new StopForumSpamChecker(
 255                  $plugins,
 256                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 257                  $mybb->settings['stopforumspam_check_usernames'],
 258                  $mybb->settings['stopforumspam_check_emails'],
 259                  $mybb->settings['stopforumspam_check_ips'],
 260                  $mybb->settings['stopforumspam_log_blocks']
 261              );
 262  
 263              try {
 264                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 265                  {
 266                      $errors[] = $lang->sprintf($lang->error_stop_forum_spam_spammer,
 267                          $stop_forum_spam_checker->getErrorText(array(
 268                              'stopforumspam_check_usernames',
 269                              'stopforumspam_check_ips'
 270                              )));
 271                  }
 272              }
 273              catch (Exception $e)
 274              {
 275                  if($mybb->settings['stopforumspam_block_on_error'])
 276                  {
 277                      $errors[] = $lang->error_stop_forum_spam_fetching;
 278                  }
 279              }
 280          }
 281      }
 282      // This user is logged in.
 283      else
 284      {
 285          $username = $mybb->user['username'];
 286          $uid = $mybb->user['uid'];
 287      }
 288  
 289      // Attempt to see if this post is a duplicate or not
 290      if($uid > 0)
 291      {
 292          $user_check = "p.uid='{$uid}'";
 293      }
 294      else
 295      {
 296          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 297      }
 298      if(!$mybb->get_input('savedraft') && !$pid)
 299      {
 300          $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.dateline>".(TIME_NOW-600));
 301          $duplicate_check = $db->fetch_field($query, "pid");
 302          if($duplicate_check)
 303          {
 304              error($lang->error_post_already_submitted);
 305          }
 306      }
 307  
 308      // Set up posthandler.
 309      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 310      $posthandler = new PostDataHandler("insert");
 311      $posthandler->action = "thread";
 312  
 313      // Set the thread data that came from the input to the $thread array.
 314      $new_thread = array(
 315          "fid" => $forum['fid'],
 316          "subject" => $mybb->get_input('subject'),
 317          "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 318          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 319          "uid" => $uid,
 320          "username" => $username,
 321          "message" => $mybb->get_input('message'),
 322          "ipaddress" => $session->packedip,
 323          "posthash" => $mybb->get_input('posthash')
 324      );
 325  
 326      if($pid != '')
 327      {
 328          $new_thread['pid'] = $pid;
 329      }
 330  
 331      // Are we saving a draft thread?
 332      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 333      {
 334          $new_thread['savedraft'] = 1;
 335      }
 336      else
 337      {
 338          $new_thread['savedraft'] = 0;
 339      }
 340  
 341      // Is this thread already a draft and we're updating it?
 342      if(isset($thread['tid']) && $thread['visible'] == -2)
 343      {
 344          $new_thread['tid'] = $thread['tid'];
 345      }
 346  
 347      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 348      if(!isset($postoptions['signature']))
 349      {
 350          $postoptions['signature'] = 0;
 351      }
 352      if(!isset($postoptions['subscriptionmethod']))
 353      {
 354          $postoptions['subscriptionmethod'] = 0;
 355      }
 356      if(!isset($postoptions['disablesmilies']))
 357      {
 358          $postoptions['disablesmilies'] = 0;
 359      }
 360  
 361      // Set up the thread options from the input.
 362      $new_thread['options'] = array(
 363          "signature" => $postoptions['signature'],
 364          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 365          "disablesmilies" => $postoptions['disablesmilies']
 366      );
 367  
 368      // Apply moderation options if we have them
 369      $new_thread['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 370  
 371      $posthandler->set_data($new_thread);
 372  
 373      // Now let the post handler do all the hard work.
 374      $valid_thread = $posthandler->validate_thread();
 375  
 376      $post_errors = array();
 377      // Fetch friendly error messages if this is an invalid thread
 378      if(!$valid_thread)
 379      {
 380          $post_errors = $posthandler->get_friendly_errors();
 381      }
 382  
 383      // Check captcha image
 384      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 385      {
 386          require_once  MYBB_ROOT.'inc/class_captcha.php';
 387          $post_captcha = new captcha;
 388  
 389          if($post_captcha->validate_captcha() == false)
 390          {
 391              // CAPTCHA validation failed
 392              foreach($post_captcha->get_errors() as $error)
 393              {
 394                  $post_errors[] = $error;
 395              }
 396          }
 397          else
 398          {
 399              $hide_captcha = true;
 400          }
 401      }
 402  
 403      // One or more errors returned, fetch error list and throw to newthread page
 404      if(count($post_errors) > 0)
 405      {
 406          $thread_errors = inline_error($post_errors);
 407          $mybb->input['action'] = "newthread";
 408      }
 409      // No errors were found, it is safe to insert the thread.
 410      else
 411      {
 412          $thread_info = $posthandler->insert_thread();
 413          $tid = $thread_info['tid'];
 414          $visible = $thread_info['visible'];
 415  
 416          // Invalidate solved captcha
 417          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 418          {
 419              $post_captcha->invalidate_captcha();
 420          }
 421  
 422          $force_redirect = false;
 423  
 424          // Mark thread as read
 425          require_once  MYBB_ROOT."inc/functions_indicators.php";
 426          mark_thread_read($tid, $fid);
 427  
 428          // We were updating a draft thread, send them back to the draft listing.
 429          if($new_thread['savedraft'] == 1)
 430          {
 431              $lang->redirect_newthread = $lang->draft_saved;
 432              $url = "usercp.php?action=drafts";
 433          }
 434  
 435          // A poll was being posted with this thread, throw them to poll posting page.
 436          else if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls'])
 437          {
 438              $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 439              $lang->redirect_newthread .= $lang->redirect_newthread_poll;
 440          }
 441  
 442          // This thread is stuck in the moderation queue, send them back to the forum.
 443          else if(!$visible)
 444          {
 445              // Moderated thread
 446              $lang->redirect_newthread .= $lang->redirect_newthread_moderation;
 447              $url = get_forum_link($fid);
 448  
 449              // User must see moderation notice, regardless of redirect settings
 450              $force_redirect = true;
 451          }
 452  
 453          // The thread is being made in a forum the user cannot see threads in, send them back to the forum.
 454          else if($visible == 1 && $forumpermissions['canviewthreads'] != 1)
 455          {
 456              $lang->redirect_newthread .= $lang->redirect_newthread_unviewable;
 457              $url = get_forum_link($fid);
 458  
 459              // User must see permission notice, regardless of redirect settings
 460              $force_redirect = true;
 461          }
 462  
 463          // This is just a normal thread - send them to it.
 464          else
 465          {
 466              // Visible thread
 467              $lang->redirect_newthread .= $lang->redirect_newthread_thread;
 468              $url = get_thread_link($tid);
 469          }
 470  
 471          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 472          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 473          {
 474              // We quoted all posts - remove the entire cookie
 475              if($mybb->get_input('quoted_ids') == "all")
 476              {
 477                  my_unsetcookie("multiquote");
 478              }
 479          }
 480  
 481          $plugins->run_hooks("newthread_do_newthread_end");
 482  
 483          // Hop to it! Send them to the next page.
 484          if(!$mybb->get_input('postpoll', MyBB::INPUT_INT))
 485          {
 486              $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 487          }
 488          redirect($url, $lang->redirect_newthread, "", $force_redirect);
 489      }
 490  }
 491  
 492  if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft")
 493  {
 494      $plugins->run_hooks("newthread_start");
 495  
 496      // Do we have attachment errors?
 497      if(count($errors) > 0)
 498      {
 499          $thread_errors = inline_error($errors);
 500      }
 501  
 502      $multiquote_external = $quoted_ids = '';
 503  
 504      $subject = $message = '';
 505      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 506      if(empty($mybb->input['previewpost']) && !$thread_errors && $mybb->input['action'] != "editdraft")
 507      {
 508          $quoted_posts = array();
 509          // Handle multiquote
 510          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 511          {
 512              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 513              foreach($multiquoted as $post)
 514              {
 515                  $quoted_posts[$post] = (int)$post;
 516              }
 517          }
 518  
 519          // Quoting more than one post - fetch them
 520          if(count($quoted_posts) > 0)
 521          {
 522              $external_quotes = 0;
 523              $quoted_posts = implode(",", $quoted_posts);
 524              $unviewable_forums = get_unviewable_forums();
 525              $inactiveforums = get_inactive_forums();
 526              if($unviewable_forums)
 527              {
 528                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 529              }
 530              if($inactiveforums)
 531              {
 532                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 533              }
 534  
 535              if(is_moderator($fid))
 536              {
 537                  $visible_where = "AND p.visible != 2";
 538              }
 539              else
 540              {
 541                  $visible_where = "AND p.visible > 0";
 542              }
 543  
 544              // Check group permissions if we can't view threads not started by us
 545              $group_permissions = forum_permissions();
 546              $onlyusfids = array();
 547              $onlyusforums = '';
 548              foreach($group_permissions as $gpfid => $forum_permissions)
 549              {
 550                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 551                  {
 552                      $onlyusfids[] = $gpfid;
 553                  }
 554              }
 555              if(!empty($onlyusfids))
 556              {
 557                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 558              }
 559  
 560              if($mybb->get_input('load_all_quotes', MyBB::INPUT_INT) == 1)
 561              {
 562                  $query = $db->query("
 563                      SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 564                      FROM ".TABLE_PREFIX."posts p
 565                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 566                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 567                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 568                      ORDER BY p.dateline
 569                  ");
 570                  while($quoted_post = $db->fetch_array($query))
 571                  {
 572                      if($quoted_post['userusername'])
 573                      {
 574                          $quoted_post['username'] = $quoted_post['userusername'];
 575                      }
 576                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
 577                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
 578                      $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
 579                      $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n";
 580                  }
 581  
 582                  $quoted_ids = "all";
 583              }
 584              else
 585              {
 586                  $query = $db->query("
 587                      SELECT COUNT(*) AS quotes
 588                      FROM ".TABLE_PREFIX."posts p
 589                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 590                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 591                  ");
 592                  $external_quotes = $db->fetch_field($query, 'quotes');
 593  
 594                  if($external_quotes > 0)
 595                  {
 596                      if($external_quotes == 1)
 597                      {
 598                          $multiquote_text = $lang->multiquote_external_one;
 599                          $multiquote_deselect = $lang->multiquote_external_one_deselect;
 600                          $multiquote_quote = $lang->multiquote_external_one_quote;
 601                      }
 602                      else
 603                      {
 604                          $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 605                          $multiquote_deselect = $lang->multiquote_external_deselect;
 606                          $multiquote_quote = $lang->multiquote_external_quote;
 607                      }
 608                      eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";");
 609                  }
 610              }
 611          }
 612      }
 613  
 614      if(isset($mybb->input['quoted_ids']))
 615      {
 616          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids'));
 617      }
 618  
 619      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 620      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 621      $postpollchecked = '';
 622  
 623      // Check the various post options if we're
 624      // a -> previewing a post
 625      // b -> removing an attachment
 626      // c -> adding a new attachment
 627      // d -> have errors from posting
 628  
 629      if(!empty($mybb->input['previewpost']) || $mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 630      {
 631          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 632          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 633          {
 634              $postoptionschecked['signature'] = " checked=\"checked\"";
 635          }
 636          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 637          {
 638              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 639          }
 640          if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1)
 641          {
 642              $postpollchecked = "checked=\"checked\"";
 643          }
 644          $subscription_method = get_subscription_method($tid, $postoptions);
 645          $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 646      }
 647  
 648      // Editing a draft thread
 649      else if($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 650      {
 651          $mybb->input['threadprefix'] = $thread['prefix'];
 652          $message = htmlspecialchars_uni($post['message']);
 653          $subject = htmlspecialchars_uni($post['subject']);
 654          if($post['includesig'] != 0)
 655          {
 656              $postoptionschecked['signature'] = " checked=\"checked\"";
 657          }
 658          if($post['smilieoff'] == 1)
 659          {
 660              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 661          }
 662          $icon = $post['icon'];
 663          if($forum['allowpicons'] != 0)
 664          {
 665              $posticons = get_post_icons();
 666          }
 667          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 668      }
 669  
 670      // Otherwise, this is our initial visit to this page.
 671      else
 672      {
 673          if($mybb->user['signature'] != '')
 674          {
 675              $postoptionschecked['signature'] = " checked=\"checked\"";
 676          }
 677          $subscription_method = get_subscription_method($tid); // Fresh thread, let the function set the appropriate method
 678          $numpolloptions = "2";
 679      }
 680  
 681      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 682      $preview = '';
 683  
 684      // If we're previewing a post then generate the preview.
 685      if(!empty($mybb->input['previewpost']))
 686      {
 687          // If this isn't a logged in user, then we need to do some special validation.
 688          if($mybb->user['uid'] == 0)
 689          {
 690              // If they didn't specify a username leave blank so $lang->guest can be used on output
 691              if(!$mybb->get_input('username'))
 692              {
 693                  $username = '';
 694              }
 695              // Otherwise use the name they specified.
 696              else
 697              {
 698                  $username = $mybb->get_input('username');
 699              }
 700              $uid = 0;
 701          }
 702          // This user is logged in.
 703          else
 704          {
 705              $username = $mybb->user['username'];
 706              $uid = $mybb->user['uid'];
 707          }
 708  
 709          // Set up posthandler.
 710          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 711          $posthandler = new PostDataHandler("insert");
 712          $posthandler->action = "thread";
 713  
 714          // Set the thread data that came from the input to the $thread array.
 715          $new_thread = array(
 716              "fid" => $forum['fid'],
 717              "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 718              "subject" => $mybb->get_input('subject'),
 719              "icon" => $mybb->get_input('icon'),
 720              "uid" => $uid,
 721              "username" => $username,
 722              "message" => $mybb->get_input('message'),
 723              "ipaddress" => $session->packedip,
 724              "posthash" => $mybb->get_input('posthash')
 725          );
 726  
 727          if($pid != '')
 728          {
 729              $new_thread['pid'] = $pid;
 730          }
 731  
 732          $posthandler->set_data($new_thread);
 733  
 734          // Now let the post handler do all the hard work.
 735          $valid_thread = $posthandler->verify_message();
 736          $valid_subject = $posthandler->verify_subject();
 737  
 738          // guest post --> verify author
 739          if($new_thread['uid'] == 0)
 740          {
 741              $valid_username = $posthandler->verify_author();
 742          }
 743          else
 744          {
 745              $valid_username = true;
 746          }
 747  
 748          $post_errors = array();
 749          // Fetch friendly error messages if this is an invalid post
 750          if(!$valid_thread || !$valid_subject || !$valid_username)
 751          {
 752              $post_errors = $posthandler->get_friendly_errors();
 753          }
 754  
 755          // One or more errors returned, fetch error list and throw to newreply page
 756          if(count($post_errors) > 0)
 757          {
 758              $thread_errors = inline_error($post_errors);
 759          }
 760          else
 761          {
 762              $query = $db->query("
 763                  SELECT u.*, f.*
 764                  FROM ".TABLE_PREFIX."users u
 765                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 766                  WHERE u.uid='".$mybb->user['uid']."'
 767              ");
 768              $post = $db->fetch_array($query);
 769              $post['username'] = $username;
 770              if($mybb->user['uid'])
 771              {
 772                  $post['userusername'] = $mybb->user['username'];
 773              }
 774              $previewmessage = $mybb->get_input('message');
 775              $post['message'] = $previewmessage;
 776              $post['subject'] = $mybb->get_input('subject');
 777              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 778              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 779              if(isset($mybb->input['postoptions']['disablesmilies']))
 780              {
 781                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
 782              }
 783              $post['dateline'] = TIME_NOW;
 784              if(isset($mybb->input['postoptions']['signature']))
 785              {
 786                  $post['includesig'] = $mybb->input['postoptions']['signature'];
 787              }
 788              if(!isset($post['includesig']) || $post['includesig'] != 1)
 789              {
 790                  $post['includesig'] = 0;
 791              }
 792  
 793              // Fetch attachments assigned to this post
 794              if($mybb->get_input('pid', MyBB::INPUT_INT))
 795              {
 796                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
 797              }
 798              else
 799              {
 800                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 801              }
 802  
 803              $query = $db->simple_select("attachments", "*", $attachwhere);
 804              while($attachment = $db->fetch_array($query))
 805              {
 806                  $attachcache[0][$attachment['aid']] = $attachment;
 807              }
 808  
 809              $postbit = build_postbit($post, 1);
 810              eval("\$preview = \"".$templates->get("previewpost")."\";");
 811          }
 812          $message = htmlspecialchars_uni($mybb->get_input('message'));
 813          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 814      }
 815  
 816      // Removing an attachment or adding a new one, or showing thread errors.
 817      else if($mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 818      {
 819          $message = htmlspecialchars_uni($mybb->get_input('message'));
 820          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 821      }
 822  
 823      // Generate thread prefix selector
 824      if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT))
 825      {
 826          $mybb->input['threadprefix'] = 0;
 827      }
 828  
 829      $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT));
 830  
 831      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
 832  
 833      // Hide signature option if no permission
 834      $signature = '';
 835      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
 836      {
 837          eval("\$signature = \"".$templates->get('newthread_signature')."\";");
 838      }
 839  
 840      // Can we disable smilies or are they disabled already?
 841      $disablesmilies = '';
 842      if($forum['allowsmilies'] != 0)
 843      {
 844          eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";");
 845      }
 846  
 847      $postoptions = '';
 848      if(!empty($signature) || !empty($disablesmilies))
 849      {
 850          eval("\$postoptions = \"".$templates->get("newthread_postoptions")."\";");
 851          $bgcolor = "trow2";
 852          $bgcolor2 = "trow1";
 853      }
 854      else
 855      {
 856          $bgcolor = "trow1";
 857          $bgcolor2 = "trow2";
 858      }
 859  
 860      $modoptions = '';
 861      // Show the moderator options
 862      if(is_moderator($fid))
 863      {
 864          $modoptions = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 865          if(isset($modoptions['closethread']) && $modoptions['closethread'] == 1)
 866          {
 867              $closecheck = "checked=\"checked\"";
 868          }
 869          else
 870          {
 871              $closecheck = '';
 872          }
 873          if(isset($modoptions['stickthread']) && $modoptions['stickthread'] == 1)
 874          {
 875              $stickycheck = "checked=\"checked\"";
 876          }
 877          else
 878          {
 879              $stickycheck = '';
 880          }
 881  
 882          $closeoption = '';
 883          if(is_moderator($thread['fid'], "canopenclosethreads"))
 884          {
 885              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
 886          }
 887  
 888          $stickoption = '';
 889          if(is_moderator($thread['fid'], "canstickunstickthreads"))
 890          {
 891              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
 892          }
 893  
 894          if(!empty($closeoption) || !empty($stickoption))
 895          {
 896              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
 897              $bgcolor = "trow1";
 898              $bgcolor2 = "trow2";
 899          }
 900          else
 901          {
 902              $bgcolor = "trow2";
 903              $bgcolor2 = "trow1";
 904          }
 905      }
 906      else
 907      {
 908          $bgcolor = "trow2";
 909          $bgcolor2 = "trow1";
 910      }
 911  
 912      // Fetch subscription select box
 913      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
 914  
 915      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
 916      { // Get a listing of the current attachments, if there are any
 917          $attachcount = 0;
 918          if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 919          {
 920              $attachwhere = "pid='$pid'";
 921          }
 922          else
 923          {
 924              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
 925          }
 926          $query = $db->simple_select("attachments", "*", $attachwhere);
 927          $attachments = '';
 928          while($attachment = $db->fetch_array($query))
 929          {
 930              $attachment['size'] = get_friendly_size($attachment['filesize']);
 931              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
 932              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
 933  
 934              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 935              {
 936                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 937              }
 938  
 939              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 940  
 941              $attach_mod_options = '';
 942              if($attachment['visible'] != 1)
 943              {
 944                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
 945              }
 946              else
 947              {
 948                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
 949              }
 950              $attachcount++;
 951          }
 952          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 953          $usage = $db->fetch_array($query);
 954          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
 955          {
 956              $noshowattach = 1;
 957          }
 958          if($mybb->usergroup['attachquota'] == 0)
 959          {
 960              $friendlyquota = $lang->unlimited;
 961          }
 962          else
 963          {
 964              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
 965          }
 966          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
 967          
 968          if($usage['ausage'] !== NULL)
 969          {
 970              $friendlyusage = get_friendly_size($usage['ausage']);
 971              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
 972              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
 973          }
 974          else
 975          {
 976              $lang->attach_usage = "";
 977          }
 978          
 979          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !isset($noshowattach))
 980          {
 981              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
 982          }
 983  
 984          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
 985          {
 986              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
 987          }
 988  
 989          if($attach_add_options || $attach_update_options)
 990          {
 991              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
 992          }
 993          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
 994  
 995          $bgcolor = alt_trow();
 996      }
 997  
 998      if($mybb->user['uid'])
 999      {
1000          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1001      }
1002  
1003      $captcha = '';
1004  
1005      // Show captcha image for guests if enabled
1006      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1007      {
1008          $correct = false;
1009          require_once  MYBB_ROOT.'inc/class_captcha.php';
1010          $post_captcha = new captcha(false, "post_captcha");
1011  
1012          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1013          {
1014              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1015              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1016              if($post_captcha->validate_captcha() == true)
1017              {
1018                  $correct = true;
1019  
1020                  // Generate a hidden list of items for our captcha
1021                  $captcha = $post_captcha->build_hidden_captcha();
1022              }
1023          }
1024  
1025          if(!$correct)
1026          {
1027               if($post_captcha->type == 1)
1028              {
1029                  $post_captcha->build_captcha();
1030              }
1031              elseif(in_array($post_captcha->type, array(4, 5)))
1032              {
1033                  $post_captcha->build_recaptcha();
1034              }
1035          }
1036          else if($correct && (in_array($post_captcha->type, array(4, 5))))
1037          {
1038              $post_captcha->build_recaptcha();
1039          }
1040  
1041          if($post_captcha->html)
1042          {
1043              $captcha = $post_captcha->html;
1044          }
1045      }
1046  
1047      if($forumpermissions['canpostpolls'] != 0)
1048      {
1049          $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
1050          eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
1051      }
1052  
1053      // Do we have any forum rules to show for this forum?
1054      $forumrules = '';
1055      if($forum['rulestype'] >= 2 && $forum['rules'])
1056      {
1057          if(!$forum['rulestitle'])
1058          {
1059              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1060          }
1061  
1062          if(!$parser)
1063          {
1064              require_once  MYBB_ROOT.'inc/class_parser.php';
1065              $parser = new postParser;
1066          }
1067  
1068          $rules_parser = array(
1069              "allow_html" => 1,
1070              "allow_mycode" => 1,
1071              "allow_smilies" => 1,
1072              "allow_imgcode" => 1
1073          );
1074  
1075          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1076          $foruminfo = $forum;
1077  
1078          if($forum['rulestype'] == 3)
1079          {
1080              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1081          }
1082          else if($forum['rulestype'] == 2)
1083          {
1084              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1085          }
1086      }
1087  
1088      $moderation_notice = '';
1089      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1090      {
1091          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1092          {
1093              $moderation_text = $lang->moderation_forum_attachments;
1094              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1095          }
1096      }
1097  
1098      if(!is_moderator($forum['fid'], "canapproveunapprovethreads"))
1099      {
1100          if($forumpermissions['modthreads'] == 1)
1101          {
1102              $moderation_text = $lang->moderation_forum_thread;
1103              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1104          }
1105      }
1106  
1107      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1108      {
1109          if($mybb->user['moderateposts'] == 1)
1110          {
1111              $moderation_text = $lang->moderation_user_posts;
1112              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1113          }
1114      }
1115  
1116      $php_max_upload_filesize = return_bytes(ini_get('max_upload_filesize'));
1117      $php_post_max_size = return_bytes(ini_get('post_max_size'));
1118  
1119      if ($php_max_upload_filesize != 0 && $php_post_max_size != 0)
1120      {
1121          $php_max_upload_size = min($php_max_upload_filesize, $php_post_max_size);
1122      }
1123      else
1124      {
1125          $php_max_upload_size = max($php_max_upload_filesize, $php_post_max_size);
1126      }
1127  
1128      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1129      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1130  
1131      $plugins->run_hooks("newthread_end");
1132  
1133      $forum['name'] = strip_tags($forum['name']);
1134      $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']);
1135  
1136      eval("\$newthread = \"".$templates->get("newthread")."\";");
1137      output_page($newthread);
1138  }


2005 - 2019 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1