| [ Index ] |
PHP Cross Reference of MyBB 1.8.38 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 define("IN_MYBB", 1); 12 define('THIS_SCRIPT', 'newthread.php'); 13 14 $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,postbit,post_attachments_attachment_unapproved,newreply_modoptions_close,newreply_modoptions_stick"; 15 $templatelist .= ",newthread_disablesmilies,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove,postbit_warninglevel_formatted,postbit_icon"; 16 $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_signature,post_prefixselect_prefix,post_prefixselect_single,posticons_icon"; 17 $templatelist .= ",post_captcha_hidden,post_captcha_recaptcha_invisible,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_gotopost,newthread_postoptions,post_attachments_add,post_attachments_viewlink"; 18 $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest,post_captcha"; 19 $templatelist .= ",postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved"; 20 $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_reputation_formatted_link,post_attachments_update,postbit_offline,newreply_modoptions,newthread_multiquote_external"; 21 $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,newthread_draftinput,global_moderation_notice,postbit_online,postbit_away,attachment_icon,postbit_userstar,postbit_groupimage"; 22 23 require_once "./global.php"; 24 require_once MYBB_ROOT."inc/functions_post.php"; 25 require_once MYBB_ROOT."inc/functions_user.php"; 26 require_once MYBB_ROOT."inc/functions_upload.php"; 27 28 // Load global language phrases 29 $lang->load("newthread"); 30 31 $tid = $pid = 0; 32 $mybb->input['action'] = $mybb->get_input('action'); 33 $mybb->input['tid'] = $mybb->get_input('tid', MyBB::INPUT_INT); 34 $mybb->input['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT); 35 if($mybb->input['action'] == "editdraft" || ($mybb->get_input('savedraft') && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid'])) 36 { 37 $thread = get_thread($mybb->input['tid']); 38 39 $query = $db->simple_select("posts", "*", "tid='".$mybb->input['tid']."' AND visible='-2'", array('order_by' => 'dateline, pid', 'limit' => 1)); 40 $post = $db->fetch_array($query); 41 42 if(!$thread || !$post || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) 43 { 44 error($lang->invalidthread); 45 } 46 47 $pid = $post['pid']; 48 $fid = $thread['fid']; 49 $tid = $thread['tid']; 50 eval("\$editdraftpid = \"".$templates->get("newthread_draftinput")."\";"); 51 } 52 else 53 { 54 $fid = $mybb->get_input('fid', MyBB::INPUT_INT); 55 $editdraftpid = ''; 56 } 57 58 // Fetch forum information. 59 $forum = get_forum($fid); 60 if(!$forum) 61 { 62 error($lang->error_invalidforum); 63 } 64 65 // Draw the navigation 66 build_forum_breadcrumb($fid); 67 add_breadcrumb($lang->nav_newthread); 68 69 $forumpermissions = forum_permissions($fid); 70 71 if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "") 72 { 73 error($lang->error_closedinvalidforum); 74 } 75 76 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0) 77 { 78 error_no_permission(); 79 } 80 81 if($mybb->user['suspendposting'] == 1) 82 { 83 $suspendedpostingtype = $lang->error_suspendedposting_permanent; 84 if($mybb->user['suspensiontime']) 85 { 86 $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime'])); 87 } 88 89 $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime'])); 90 91 error($lang->error_suspendedposting); 92 } 93 94 // Check if this forum is password protected and we have a valid password 95 check_forum_password($forum['fid']); 96 97 // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter. 98 $codebuttons = ''; 99 $smilieinserter = ''; 100 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 101 { 102 $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']); 103 if($forum['allowsmilies'] != 0) 104 { 105 $smilieinserter = build_clickable_smilies(); 106 } 107 } 108 109 // Does this forum allow post icons? If so, fetch the post icons. 110 if($forum['allowpicons'] != 0) 111 { 112 $posticons = get_post_icons(); 113 } 114 115 // If we have a currently logged in user then fetch the change user box. 116 if($mybb->user['uid'] != 0) 117 { 118 $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']); 119 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 120 } 121 122 // Otherwise we have a guest, determine the "username" and get the login box. 123 else 124 { 125 if(!isset($mybb->input['previewpost']) && $mybb->input['action'] != "do_newthread") 126 { 127 $username = ''; 128 } 129 else 130 { 131 $username = htmlspecialchars_uni($mybb->get_input('username')); 132 } 133 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 134 } 135 136 // If we're not performing a new thread insert and not editing a draft then we're posting a new thread. 137 if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft") 138 { 139 $mybb->input['action'] = "newthread"; 140 } 141 142 // Previewing a post, overwrite the action to the new thread action. 143 if(!empty($mybb->input['previewpost'])) 144 { 145 $mybb->input['action'] = "newthread"; 146 } 147 148 // Setup a unique posthash for attachment management 149 if(!$mybb->get_input('posthash') && !$pid) 150 { 151 $mybb->input['posthash'] = md5($mybb->user['uid'].random_str()); 152 } 153 154 if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1) 155 { 156 error($lang->error_empty_post_input); 157 } 158 159 $errors = array(); 160 $maximageserror = $attacherror = ''; 161 162 // Handle attachments if we've got any. 163 if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && $_FILES['attachments']))) 164 { 165 // Verify incoming POST request 166 verify_post_check($mybb->get_input('my_post_key')); 167 168 if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) 169 { 170 $attachwhere = "pid='{$pid}'"; 171 } 172 else 173 { 174 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 175 } 176 177 $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newthread"); 178 179 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 180 { 181 if(isset($ret['success'])) 182 { 183 $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}'); 184 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 185 { 186 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 187 } 188 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 189 $attach_mod_options = ''; 190 eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";"); 191 $ret['template'] = $attemplate; 192 193 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 194 $usage = $db->fetch_array($query); 195 $ret['usage'] = get_friendly_size($usage['ausage']); 196 } 197 198 header("Content-type: application/json; charset={$lang->settings['charset']}"); 199 echo json_encode($ret); 200 exit(); 201 } 202 203 if(!empty($ret['errors'])) 204 { 205 $errors = $ret['errors']; 206 } 207 208 // If we were dealing with an attachment but didn't click 'Post Thread' or 'Save as Draft', force the new thread page again. 209 if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft')) 210 { 211 $mybb->input['action'] = "newthread"; 212 } 213 } 214 215 detect_attachmentact(); 216 217 // Are we removing an attachment from the thread? 218 if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove") 219 { 220 // Verify incoming POST request 221 verify_post_check($mybb->get_input('my_post_key')); 222 223 remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT)); 224 225 if(!$mybb->get_input('submit')) 226 { 227 $mybb->input['action'] = "newthread"; 228 } 229 230 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 231 { 232 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 233 $usage = $db->fetch_array($query); 234 235 header("Content-type: application/json; charset={$lang->settings['charset']}"); 236 echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage']))); 237 exit(); 238 } 239 } 240 241 $thread_errors = ""; 242 $hide_captcha = false; 243 244 // Check the maximum posts per day for this user 245 if($mybb->usergroup['maxposts'] > 0) 246 { 247 $daycut = TIME_NOW-60*60*24; 248 $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}"); 249 $post_count = $db->fetch_field($query, "posts_today"); 250 if($post_count >= $mybb->usergroup['maxposts']) 251 { 252 $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']); 253 error($lang->error_maxposts); 254 } 255 } 256 257 // Performing the posting of a new thread. 258 if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post") 259 { 260 // Verify incoming POST request 261 verify_post_check($mybb->get_input('my_post_key')); 262 263 $plugins->run_hooks("newthread_do_newthread_start"); 264 265 // If this isn't a logged in user, then we need to do some special validation. 266 if($mybb->user['uid'] == 0) 267 { 268 // If they didn't specify a username leave blank so $lang->guest can be used on output 269 if(!$mybb->get_input('username')) 270 { 271 $username = ''; 272 } 273 // Otherwise use the name they specified. 274 else 275 { 276 $username = $mybb->get_input('username'); 277 } 278 $uid = 0; 279 280 if(!$mybb->user['uid'] && $mybb->settings['stopforumspam_on_newthread']) 281 { 282 require_once MYBB_ROOT . '/inc/class_stopforumspamchecker.php'; 283 284 $stop_forum_spam_checker = new StopForumSpamChecker( 285 $plugins, 286 $mybb->settings['stopforumspam_min_weighting_before_spam'], 287 $mybb->settings['stopforumspam_check_usernames'], 288 $mybb->settings['stopforumspam_check_emails'], 289 $mybb->settings['stopforumspam_check_ips'], 290 $mybb->settings['stopforumspam_log_blocks'] 291 ); 292 293 try { 294 if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip())) 295 { 296 $errors[] = $lang->sprintf($lang->error_stop_forum_spam_spammer, 297 $stop_forum_spam_checker->getErrorText(array( 298 'stopforumspam_check_usernames', 299 'stopforumspam_check_ips' 300 ))); 301 } 302 } 303 catch (Exception $e) 304 { 305 if($mybb->settings['stopforumspam_block_on_error']) 306 { 307 $errors[] = $lang->error_stop_forum_spam_fetching; 308 } 309 } 310 } 311 } 312 // This user is logged in. 313 else 314 { 315 $username = $mybb->user['username']; 316 $uid = $mybb->user['uid']; 317 } 318 319 // Attempt to see if this post is a duplicate or not 320 if($uid > 0) 321 { 322 $user_check = "p.uid='{$uid}'"; 323 } 324 else 325 { 326 $user_check = "p.ipaddress=".$db->escape_binary($session->packedip); 327 } 328 if(!$mybb->get_input('savedraft') && !$pid) 329 { 330 $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.dateline>".(TIME_NOW-600)); 331 if($db->num_rows($query) > 0) 332 { 333 error($lang->error_post_already_submitted); 334 } 335 } 336 337 // Set up posthandler. 338 require_once MYBB_ROOT."inc/datahandlers/post.php"; 339 $posthandler = new PostDataHandler("insert"); 340 $posthandler->action = "thread"; 341 342 // Set the thread data that came from the input to the $thread array. 343 $new_thread = array( 344 "fid" => $forum['fid'], 345 "subject" => $mybb->get_input('subject'), 346 "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT), 347 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 348 "uid" => $uid, 349 "username" => $username, 350 "message" => $mybb->get_input('message'), 351 "ipaddress" => $session->packedip, 352 "posthash" => $mybb->get_input('posthash') 353 ); 354 355 if($pid != '') 356 { 357 $new_thread['pid'] = $pid; 358 } 359 360 // Are we saving a draft thread? 361 if($mybb->get_input('savedraft') && $mybb->user['uid']) 362 { 363 $new_thread['savedraft'] = 1; 364 } 365 else 366 { 367 $new_thread['savedraft'] = 0; 368 } 369 370 // Is this thread already a draft and we're updating it? 371 if(isset($thread['tid']) && $thread['visible'] == -2) 372 { 373 $new_thread['tid'] = $thread['tid']; 374 } 375 376 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 377 if(!isset($postoptions['signature'])) 378 { 379 $postoptions['signature'] = 0; 380 } 381 if(!isset($postoptions['subscriptionmethod'])) 382 { 383 $postoptions['subscriptionmethod'] = 0; 384 } 385 if(!isset($postoptions['disablesmilies'])) 386 { 387 $postoptions['disablesmilies'] = 0; 388 } 389 390 // Set up the thread options from the input. 391 $new_thread['options'] = array( 392 "signature" => $postoptions['signature'], 393 "subscriptionmethod" => $postoptions['subscriptionmethod'], 394 "disablesmilies" => $postoptions['disablesmilies'] 395 ); 396 397 // Apply moderation options if we have them 398 $new_thread['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 399 400 $posthandler->set_data($new_thread); 401 402 // Now let the post handler do all the hard work. 403 $valid_thread = $posthandler->validate_thread(); 404 405 $post_errors = array(); 406 // Fetch friendly error messages if this is an invalid thread 407 if(!$valid_thread) 408 { 409 $post_errors = $posthandler->get_friendly_errors(); 410 } 411 412 // Check captcha image 413 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 414 { 415 require_once MYBB_ROOT.'inc/class_captcha.php'; 416 $post_captcha = new captcha; 417 418 if($post_captcha->validate_captcha() == false) 419 { 420 // CAPTCHA validation failed 421 foreach($post_captcha->get_errors() as $error) 422 { 423 $post_errors[] = $error; 424 } 425 } 426 else 427 { 428 $hide_captcha = true; 429 } 430 } 431 432 // One or more errors returned, fetch error list and throw to newthread page 433 if(count($post_errors) > 0) 434 { 435 $thread_errors = inline_error($post_errors); 436 $mybb->input['action'] = "newthread"; 437 } 438 // No errors were found, it is safe to insert the thread. 439 else 440 { 441 $thread_info = $posthandler->insert_thread(); 442 $tid = $thread_info['tid']; 443 $visible = $thread_info['visible']; 444 445 // Invalidate solved captcha 446 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 447 { 448 $post_captcha->invalidate_captcha(); 449 } 450 451 $force_redirect = false; 452 453 // Mark thread as read 454 require_once MYBB_ROOT."inc/functions_indicators.php"; 455 mark_thread_read($tid, $fid); 456 457 // We were updating a draft thread, send them back to the draft listing. 458 if($new_thread['savedraft'] == 1) 459 { 460 $lang->redirect_newthread = $lang->draft_saved; 461 $url = "usercp.php?action=drafts"; 462 } 463 464 // A poll was being posted with this thread, throw them to poll posting page. 465 else if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls']) 466 { 467 $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT); 468 $lang->redirect_newthread .= $lang->redirect_newthread_poll; 469 } 470 471 // This thread is stuck in the moderation queue, send them back to the forum. 472 else if(!$visible) 473 { 474 // Moderated thread 475 $lang->redirect_newthread .= $lang->redirect_newthread_moderation; 476 $url = get_forum_link($fid); 477 478 // User must see moderation notice, regardless of redirect settings 479 $force_redirect = true; 480 } 481 482 // The thread is being made in a forum the user cannot see threads in, send them back to the forum. 483 else if($visible == 1 && $forumpermissions['canviewthreads'] != 1) 484 { 485 $lang->redirect_newthread .= $lang->redirect_newthread_unviewable; 486 $url = get_forum_link($fid); 487 488 // User must see permission notice, regardless of redirect settings 489 $force_redirect = true; 490 } 491 492 // This is just a normal thread - send them to it. 493 else 494 { 495 // Visible thread 496 $lang->redirect_newthread .= $lang->redirect_newthread_thread; 497 $url = get_thread_link($tid); 498 } 499 500 // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected 501 if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 502 { 503 // We quoted all posts - remove the entire cookie 504 if($mybb->get_input('quoted_ids') == "all") 505 { 506 my_unsetcookie("multiquote"); 507 } 508 } 509 510 $plugins->run_hooks("newthread_do_newthread_end"); 511 512 // Hop to it! Send them to the next page. 513 if(!$mybb->get_input('postpoll', MyBB::INPUT_INT)) 514 { 515 $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); 516 } 517 redirect($url, $lang->redirect_newthread, "", $force_redirect); 518 } 519 } 520 521 if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft") 522 { 523 $plugins->run_hooks("newthread_start"); 524 525 // Do we have attachment errors? 526 if(count($errors) > 0) 527 { 528 $thread_errors = inline_error($errors); 529 } 530 531 $multiquote_external = $quoted_ids = ''; 532 533 $subject = $message = ''; 534 // If this isn't a preview and we're not editing a draft, then handle quoted posts 535 if(empty($mybb->input['previewpost']) && !$thread_errors && $mybb->input['action'] != "editdraft") 536 { 537 $quoted_posts = array(); 538 // Handle multiquote 539 if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0) 540 { 541 $multiquoted = explode("|", $mybb->cookies['multiquote']); 542 foreach($multiquoted as $post) 543 { 544 $quoted_posts[$post] = (int)$post; 545 } 546 } 547 548 // Quoting more than one post - fetch them 549 if(count($quoted_posts) > 0) 550 { 551 $external_quotes = 0; 552 $quoted_posts = implode(",", $quoted_posts); 553 $unviewable_forums = get_unviewable_forums(); 554 $inactiveforums = get_inactive_forums(); 555 if($unviewable_forums) 556 { 557 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 558 } 559 if($inactiveforums) 560 { 561 $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})"; 562 } 563 564 if(is_moderator($fid)) 565 { 566 $visible_where = "AND p.visible != 2"; 567 } 568 else 569 { 570 $visible_where = "AND p.visible > 0"; 571 } 572 573 // Check group permissions if we can't view threads not started by us 574 $group_permissions = forum_permissions(); 575 $onlyusfids = array(); 576 $onlyusforums = ''; 577 foreach($group_permissions as $gpfid => $forum_permissions) 578 { 579 if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1) 580 { 581 $onlyusfids[] = $gpfid; 582 } 583 } 584 if(!empty($onlyusfids)) 585 { 586 $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))"; 587 } 588 589 if($mybb->get_input('load_all_quotes', MyBB::INPUT_INT) == 1) 590 { 591 $query = $db->query(" 592 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername 593 FROM ".TABLE_PREFIX."posts p 594 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 595 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 596 WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where} 597 ORDER BY p.dateline, p.pid 598 "); 599 while($quoted_post = $db->fetch_array($query)) 600 { 601 if($quoted_post['userusername']) 602 { 603 $quoted_post['username'] = $quoted_post['userusername']; 604 } 605 $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']); 606 $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']); 607 $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']); 608 $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n"; 609 } 610 611 $quoted_ids = "all"; 612 } 613 else 614 { 615 $query = $db->query(" 616 SELECT COUNT(*) AS quotes 617 FROM ".TABLE_PREFIX."posts p 618 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 619 WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where} 620 "); 621 $external_quotes = $db->fetch_field($query, 'quotes'); 622 623 if($external_quotes > 0) 624 { 625 if($external_quotes == 1) 626 { 627 $multiquote_text = $lang->multiquote_external_one; 628 $multiquote_deselect = $lang->multiquote_external_one_deselect; 629 $multiquote_quote = $lang->multiquote_external_one_quote; 630 } 631 else 632 { 633 $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes); 634 $multiquote_deselect = $lang->multiquote_external_deselect; 635 $multiquote_quote = $lang->multiquote_external_quote; 636 } 637 eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";"); 638 } 639 } 640 } 641 } 642 643 if(isset($mybb->input['quoted_ids'])) 644 { 645 $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids')); 646 } 647 648 $postoptionschecked = array('signature' => '', 'disablesmilies' => ''); 649 $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = ''; 650 $postpollchecked = ''; 651 652 // Check the various post options if we're 653 // a -> previewing a post 654 // b -> removing an attachment 655 // c -> adding a new attachment 656 // d -> have errors from posting 657 658 if(!empty($mybb->input['previewpost']) || $mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors) 659 { 660 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 661 if(isset($postoptions['signature']) && $postoptions['signature'] == 1) 662 { 663 $postoptionschecked['signature'] = " checked=\"checked\""; 664 } 665 if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1) 666 { 667 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 668 } 669 if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1) 670 { 671 $postpollchecked = "checked=\"checked\""; 672 } 673 $subscription_method = get_subscription_method($tid, $postoptions); 674 $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT); 675 } 676 677 // Editing a draft thread 678 else if($mybb->input['action'] == "editdraft" && $mybb->user['uid']) 679 { 680 $mybb->input['threadprefix'] = $thread['prefix']; 681 $message = htmlspecialchars_uni($post['message']); 682 $subject = htmlspecialchars_uni($post['subject']); 683 if($post['includesig'] != 0) 684 { 685 $postoptionschecked['signature'] = " checked=\"checked\""; 686 } 687 if($post['smilieoff'] == 1) 688 { 689 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 690 } 691 $icon = $post['icon']; 692 if($forum['allowpicons'] != 0) 693 { 694 $posticons = get_post_icons(); 695 } 696 $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts 697 $numpolloptions = "2"; 698 } 699 700 // Otherwise, this is our initial visit to this page. 701 else 702 { 703 if($mybb->user['signature'] != '') 704 { 705 $postoptionschecked['signature'] = " checked=\"checked\""; 706 } 707 $subscription_method = get_subscription_method($tid); // Fresh thread, let the function set the appropriate method 708 $numpolloptions = "2"; 709 } 710 711 ${$subscription_method.'subscribe'} = "checked=\"checked\" "; 712 $preview = ''; 713 714 // If we're previewing a post then generate the preview. 715 if(!empty($mybb->input['previewpost'])) 716 { 717 // If this isn't a logged in user, then we need to do some special validation. 718 if($mybb->user['uid'] == 0) 719 { 720 // If they didn't specify a username leave blank so $lang->guest can be used on output 721 if(!$mybb->get_input('username')) 722 { 723 $username = ''; 724 } 725 // Otherwise use the name they specified. 726 else 727 { 728 $username = $mybb->get_input('username'); 729 } 730 $uid = 0; 731 } 732 // This user is logged in. 733 else 734 { 735 $username = $mybb->user['username']; 736 $uid = $mybb->user['uid']; 737 } 738 739 // Set up posthandler. 740 require_once MYBB_ROOT."inc/datahandlers/post.php"; 741 $posthandler = new PostDataHandler("insert"); 742 $posthandler->action = "thread"; 743 744 // Set the thread data that came from the input to the $thread array. 745 $new_thread = array( 746 "fid" => $forum['fid'], 747 "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT), 748 "subject" => $mybb->get_input('subject'), 749 "icon" => $mybb->get_input('icon'), 750 "uid" => $uid, 751 "username" => $username, 752 "message" => $mybb->get_input('message'), 753 "ipaddress" => $session->packedip, 754 "posthash" => $mybb->get_input('posthash') 755 ); 756 757 if($pid != '') 758 { 759 $new_thread['pid'] = $pid; 760 } 761 762 $posthandler->set_data($new_thread); 763 764 // Now let the post handler do all the hard work. 765 $valid_thread = $posthandler->verify_message(); 766 $valid_subject = $posthandler->verify_subject(); 767 768 // guest post --> verify author 769 if($new_thread['uid'] == 0) 770 { 771 $valid_username = $posthandler->verify_author(); 772 } 773 else 774 { 775 $valid_username = true; 776 } 777 778 $post_errors = array(); 779 // Fetch friendly error messages if this is an invalid post 780 if(!$valid_thread || !$valid_subject || !$valid_username) 781 { 782 $post_errors = $posthandler->get_friendly_errors(); 783 } 784 785 // One or more errors returned, fetch error list and throw to newreply page 786 if(count($post_errors) > 0) 787 { 788 $thread_errors = inline_error($post_errors); 789 } 790 else 791 { 792 $query = $db->query(" 793 SELECT u.*, f.* 794 FROM ".TABLE_PREFIX."users u 795 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 796 WHERE u.uid='".$mybb->user['uid']."' 797 "); 798 $post = $db->fetch_array($query); 799 $post['username'] = $username; 800 if($mybb->user['uid']) 801 { 802 $post['userusername'] = $mybb->user['username']; 803 } 804 $previewmessage = $mybb->get_input('message'); 805 $post['message'] = $previewmessage; 806 $post['subject'] = $mybb->get_input('subject'); 807 $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT); 808 $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 809 if(isset($mybb->input['postoptions']['disablesmilies'])) 810 { 811 $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies']; 812 } 813 $post['dateline'] = TIME_NOW; 814 if(isset($mybb->input['postoptions']['signature'])) 815 { 816 $post['includesig'] = $mybb->input['postoptions']['signature']; 817 } 818 if(!isset($post['includesig']) || $post['includesig'] != 1) 819 { 820 $post['includesig'] = 0; 821 } 822 823 // Fetch attachments assigned to this post 824 if($mybb->get_input('pid', MyBB::INPUT_INT)) 825 { 826 $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'"; 827 } 828 else 829 { 830 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 831 } 832 833 $query = $db->simple_select("attachments", "*", $attachwhere); 834 while($attachment = $db->fetch_array($query)) 835 { 836 $attachcache[0][$attachment['aid']] = $attachment; 837 } 838 839 $postbit = build_postbit($post, 1); 840 eval("\$preview = \"".$templates->get("previewpost")."\";"); 841 } 842 $message = htmlspecialchars_uni($mybb->get_input('message')); 843 $subject = htmlspecialchars_uni($mybb->get_input('subject')); 844 } 845 846 // Removing an attachment or adding a new one, or showing thread errors. 847 else if($mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors) 848 { 849 $message = htmlspecialchars_uni($mybb->get_input('message')); 850 $subject = htmlspecialchars_uni($mybb->get_input('subject')); 851 } 852 853 // Generate thread prefix selector 854 if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT)) 855 { 856 $mybb->input['threadprefix'] = 0; 857 } 858 859 $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT)); 860 861 $posthash = htmlspecialchars_uni($mybb->get_input('posthash')); 862 863 // Hide signature option if no permission 864 $signature = ''; 865 if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature']) 866 { 867 eval("\$signature = \"".$templates->get('newthread_signature')."\";"); 868 } 869 870 // Can we disable smilies or are they disabled already? 871 $disablesmilies = ''; 872 if($forum['allowsmilies'] != 0) 873 { 874 eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";"); 875 } 876 877 $postoptions = ''; 878 if(!empty($signature) || !empty($disablesmilies)) 879 { 880 eval("\$postoptions = \"".$templates->get("newthread_postoptions")."\";"); 881 $bgcolor = "trow2"; 882 $bgcolor2 = "trow1"; 883 } 884 else 885 { 886 $bgcolor = "trow1"; 887 $bgcolor2 = "trow2"; 888 } 889 890 $modoptions = ''; 891 // Show the moderator options 892 if(is_moderator($fid)) 893 { 894 $modoptions = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY); 895 if(isset($modoptions['closethread']) && $modoptions['closethread'] == 1) 896 { 897 $closecheck = "checked=\"checked\""; 898 } 899 else 900 { 901 $closecheck = ''; 902 } 903 if(isset($modoptions['stickthread']) && $modoptions['stickthread'] == 1) 904 { 905 $stickycheck = "checked=\"checked\""; 906 } 907 else 908 { 909 $stickycheck = ''; 910 } 911 912 $closeoption = ''; 913 if(is_moderator($fid, "canopenclosethreads")) 914 { 915 eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";"); 916 } 917 918 $stickoption = ''; 919 if(is_moderator($fid, "canstickunstickthreads")) 920 { 921 eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";"); 922 } 923 924 if(!empty($closeoption) || !empty($stickoption)) 925 { 926 eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";"); 927 $bgcolor = "trow1"; 928 $bgcolor2 = "trow2"; 929 } 930 else 931 { 932 $bgcolor = "trow2"; 933 $bgcolor2 = "trow1"; 934 } 935 } 936 else 937 { 938 $bgcolor = "trow2"; 939 $bgcolor2 = "trow1"; 940 } 941 942 // Fetch subscription select box 943 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 944 945 if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0) 946 { // Get a listing of the current attachments, if there are any 947 $attachcount = 0; 948 if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) 949 { 950 $attachwhere = "pid='$pid'"; 951 } 952 else 953 { 954 $attachwhere = "posthash='".$db->escape_string($posthash)."'"; 955 } 956 $query = $db->simple_select("attachments", "*", $attachwhere); 957 $attachments = ''; 958 while($attachment = $db->fetch_array($query)) 959 { 960 $attachment['size'] = get_friendly_size($attachment['filesize']); 961 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 962 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 963 964 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 965 { 966 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 967 } 968 969 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 970 971 $attach_mod_options = ''; 972 if($attachment['visible'] != 1) 973 { 974 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 975 } 976 else 977 { 978 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 979 } 980 $attachcount++; 981 } 982 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 983 $usage = $db->fetch_array($query); 984 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 985 { 986 $noshowattach = 1; 987 } 988 if($mybb->usergroup['attachquota'] == 0) 989 { 990 $friendlyquota = $lang->unlimited; 991 } 992 else 993 { 994 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 995 } 996 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota); 997 998 $link_viewattachments = ''; 999 if($usage['ausage'] !== NULL) 1000 { 1001 $friendlyusage = get_friendly_size($usage['ausage']); 1002 $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage); 1003 eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";"); 1004 } 1005 else 1006 { 1007 $lang->attach_usage = ""; 1008 } 1009 1010 $attach_add_options = ''; 1011 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !isset($noshowattach)) 1012 { 1013 eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";"); 1014 } 1015 1016 $attach_update_options = ''; 1017 if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0) 1018 { 1019 eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";"); 1020 } 1021 1022 if($attach_add_options || $attach_update_options) 1023 { 1024 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 1025 } 1026 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 1027 1028 $bgcolor = alt_trow(); 1029 } 1030 else 1031 { 1032 $attachbox = ''; 1033 } 1034 1035 $savedraftbutton = ''; 1036 if($mybb->user['uid']) 1037 { 1038 eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";"); 1039 } 1040 1041 $captcha = ''; 1042 1043 // Show captcha image for guests if enabled 1044 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 1045 { 1046 $correct = false; 1047 require_once MYBB_ROOT.'inc/class_captcha.php'; 1048 $post_captcha = new captcha(false, "post_captcha"); 1049 1050 if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1) 1051 { 1052 // If previewing a post - check their current captcha input - if correct, hide the captcha input area 1053 // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits 1054 if($post_captcha->validate_captcha() == true) 1055 { 1056 $correct = true; 1057 1058 // Generate a hidden list of items for our captcha 1059 $captcha = $post_captcha->build_hidden_captcha(); 1060 } 1061 } 1062 1063 if(!$correct) 1064 { 1065 if($post_captcha->type == captcha::DEFAULT_CAPTCHA) 1066 { 1067 $post_captcha->build_captcha(); 1068 } 1069 elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))) 1070 { 1071 $post_captcha->build_recaptcha(); 1072 } 1073 elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))) 1074 { 1075 $post_captcha->build_hcaptcha(); 1076 } 1077 } 1078 else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))) 1079 { 1080 $post_captcha->build_recaptcha(); 1081 } 1082 else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))) 1083 { 1084 $post_captcha->build_hcaptcha(); 1085 } 1086 1087 if($post_captcha->html) 1088 { 1089 $captcha = $post_captcha->html; 1090 } 1091 } 1092 1093 if($forumpermissions['canpostpolls'] != 0) 1094 { 1095 $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']); 1096 eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";"); 1097 } 1098 1099 // Do we have any forum rules to show for this forum? 1100 $forumrules = ''; 1101 if($forum['rulestype'] >= 2 && $forum['rules']) 1102 { 1103 if(!$forum['rulestitle']) 1104 { 1105 $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']); 1106 } 1107 1108 if(empty($parser)) 1109 { 1110 require_once MYBB_ROOT.'inc/class_parser.php'; 1111 $parser = new postParser; 1112 } 1113 1114 $rules_parser = array( 1115 "allow_html" => 1, 1116 "allow_mycode" => 1, 1117 "allow_smilies" => 1, 1118 "allow_imgcode" => 1 1119 ); 1120 1121 $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser); 1122 $foruminfo = $forum; 1123 1124 if($forum['rulestype'] == 3) 1125 { 1126 eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";"); 1127 } 1128 else if($forum['rulestype'] == 2) 1129 { 1130 eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";"); 1131 } 1132 } 1133 1134 $moderation_notice = ''; 1135 if(!is_moderator($forum['fid'], "canapproveunapproveattachs")) 1136 { 1137 if($forumpermissions['modattachments'] == 1 && $forumpermissions['canpostattachments'] != 0) 1138 { 1139 $moderation_text = $lang->moderation_forum_attachments; 1140 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1141 } 1142 } 1143 1144 if(!is_moderator($forum['fid'], "canapproveunapprovethreads")) 1145 { 1146 if($forumpermissions['modthreads'] == 1) 1147 { 1148 $moderation_text = $lang->moderation_forum_thread; 1149 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1150 } 1151 } 1152 1153 if(!is_moderator($forum['fid'], "canapproveunapproveposts")) 1154 { 1155 if($mybb->user['moderateposts'] == 1) 1156 { 1157 $moderation_text = $lang->moderation_user_posts; 1158 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 1159 } 1160 } 1161 1162 $php_max_upload_size = get_php_upload_limit(); 1163 $php_max_file_uploads = (int)ini_get('max_file_uploads'); 1164 eval("\$post_javascript = \"".$templates->get("post_javascript")."\";"); 1165 1166 $plugins->run_hooks("newthread_end"); 1167 1168 $forum['name'] = strip_tags($forum['name']); 1169 $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']); 1170 1171 eval("\$newthread = \"".$templates->get("newthread")."\";"); 1172 output_page($newthread); 1173 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |