[ Index ]

PHP Cross Reference of MyBB 1.8.26

title

Body

[close]

/ -> newthread.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newthread.php');
  13  
  14  $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,postbit,post_attachments_attachment_unapproved,newreply_modoptions_close,newreply_modoptions_stick";
  15  $templatelist .= ",newthread_disablesmilies,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove,postbit_warninglevel_formatted,postbit_icon";
  16  $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_signature,post_prefixselect_prefix,post_prefixselect_single,posticons_icon";
  17  $templatelist .= ",post_captcha_hidden,post_captcha_recaptcha_invisible,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_gotopost,newthread_postoptions,post_attachments_add,post_attachments_viewlink";
  18  $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest,post_captcha";
  19  $templatelist .= ",postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_reputation_formatted_link,post_attachments_update,postbit_offline,newreply_modoptions,newthread_multiquote_external";
  21  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,newthread_draftinput,global_moderation_notice,postbit_online,postbit_away,attachment_icon,postbit_userstar,postbit_groupimage";
  22  
  23  require_once  "./global.php";
  24  require_once  MYBB_ROOT."inc/functions_post.php";
  25  require_once  MYBB_ROOT."inc/functions_user.php";
  26  
  27  // Load global language phrases
  28  $lang->load("newthread");
  29  
  30  $tid = $pid = 0;
  31  $mybb->input['action'] = $mybb->get_input('action');
  32  $mybb->input['tid'] = $mybb->get_input('tid', MyBB::INPUT_INT);
  33  $mybb->input['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
  34  if($mybb->input['action'] == "editdraft" || ($mybb->get_input('savedraft') && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid']))
  35  {
  36      $thread = get_thread($mybb->input['tid']);
  37  
  38      $query = $db->simple_select("posts", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."' AND visible='-2'", array('order_by' => 'dateline', 'limit' => 1));
  39      $post = $db->fetch_array($query);
  40  
  41      if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])
  42      {
  43          error($lang->invalidthread);
  44      }
  45  
  46      $pid = $post['pid'];
  47      $fid = $thread['fid'];
  48      $tid = $thread['tid'];
  49      eval("\$editdraftpid = \"".$templates->get("newthread_draftinput")."\";");
  50  }
  51  else
  52  {
  53      $fid = $mybb->get_input('fid', MyBB::INPUT_INT);
  54      $editdraftpid = '';
  55  }
  56  
  57  // Fetch forum information.
  58  $forum = get_forum($fid);
  59  if(!$forum)
  60  {
  61      error($lang->error_invalidforum);
  62  }
  63  
  64  // Draw the navigation
  65  build_forum_breadcrumb($fid);
  66  add_breadcrumb($lang->nav_newthread);
  67  
  68  $forumpermissions = forum_permissions($fid);
  69  
  70  if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "")
  71  {
  72      error($lang->error_closedinvalidforum);
  73  }
  74  
  75  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0)
  76  {
  77      error_no_permission();
  78  }
  79  
  80  if($mybb->user['suspendposting'] == 1)
  81  {
  82      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
  83      if($mybb->user['suspensiontime'])
  84      {
  85          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
  86      }
  87  
  88      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
  89  
  90      error($lang->error_suspendedposting);
  91  }
  92  
  93  // Check if this forum is password protected and we have a valid password
  94  check_forum_password($forum['fid']);
  95  
  96  // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter.
  97  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
  98  {
  99      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 100      if($forum['allowsmilies'] != 0)
 101      {
 102          $smilieinserter = build_clickable_smilies();
 103      }
 104  }
 105  
 106  // Does this forum allow post icons? If so, fetch the post icons.
 107  if($forum['allowpicons'] != 0)
 108  {
 109      $posticons = get_post_icons();
 110  }
 111  
 112  // If we have a currently logged in user then fetch the change user box.
 113  if($mybb->user['uid'] != 0)
 114  {
 115      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 116      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 117  }
 118  
 119  // Otherwise we have a guest, determine the "username" and get the login box.
 120  else
 121  {
 122      if(!isset($mybb->input['previewpost']) && $mybb->input['action'] != "do_newthread")
 123      {
 124          $username = '';
 125      }
 126      else
 127      {
 128          $username = htmlspecialchars_uni($mybb->get_input('username'));
 129      }
 130      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 131  }
 132  
 133  // If we're not performing a new thread insert and not editing a draft then we're posting a new thread.
 134  if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft")
 135  {
 136      $mybb->input['action'] = "newthread";
 137  }
 138  
 139  // Previewing a post, overwrite the action to the new thread action.
 140  if(!empty($mybb->input['previewpost']))
 141  {
 142      $mybb->input['action'] = "newthread";
 143  }
 144  
 145  // Setup a unique posthash for attachment management
 146  if(!$mybb->get_input('posthash') && !$pid)
 147  {
 148      $mybb->input['posthash'] = md5($mybb->user['uid'].random_str());
 149  }
 150  
 151  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 152  {
 153      error($lang->error_empty_post_input);
 154  }
 155  
 156  $errors = array();
 157  $maximageserror = $attacherror = '';
 158  
 159  // Handle attachments if we've got any.
 160  if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && $_FILES['attachments'])))
 161  {
 162      // Verify incoming POST request
 163      verify_post_check($mybb->get_input('my_post_key'));
 164  
 165      if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 166      {
 167          $attachwhere = "pid='{$pid}'";
 168      }
 169      else
 170      {
 171          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 172      }
 173  
 174      require_once  MYBB_ROOT."inc/functions_upload.php";
 175  
 176      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newthread");
 177  
 178      if(!empty($ret['errors']))
 179      {
 180          $errors = $ret['errors'];
 181      }
 182  
 183      // If we were dealing with an attachment but didn't click 'Post Thread' or 'Save as Draft', force the new thread page again.
 184      if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft'))
 185      {
 186          $mybb->input['action'] = "newthread";
 187      }
 188  }
 189  
 190  detect_attachmentact();
 191  
 192  // Are we removing an attachment from the thread?
 193  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 194  {
 195      // Verify incoming POST request
 196      verify_post_check($mybb->get_input('my_post_key'));
 197  
 198      require_once  MYBB_ROOT."inc/functions_upload.php";
 199      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 200      if(!$mybb->get_input('submit'))
 201      {
 202          $mybb->input['action'] = "newthread";
 203      }
 204  
 205      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 206      {
 207          header("Content-type: application/json; charset={$lang->settings['charset']}");
 208          echo json_encode(array("success" => true));
 209          exit();
 210      }
 211  }
 212  
 213  $thread_errors = "";
 214  $hide_captcha = false;
 215  
 216  // Check the maximum posts per day for this user
 217  if($mybb->usergroup['maxposts'] > 0)
 218  {
 219      $daycut = TIME_NOW-60*60*24;
 220      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}");
 221      $post_count = $db->fetch_field($query, "posts_today");
 222      if($post_count >= $mybb->usergroup['maxposts'])
 223      {
 224          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 225          error($lang->error_maxposts);
 226      }
 227  }
 228  
 229  // Performing the posting of a new thread.
 230  if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post")
 231  {
 232      // Verify incoming POST request
 233      verify_post_check($mybb->get_input('my_post_key'));
 234  
 235      $plugins->run_hooks("newthread_do_newthread_start");
 236  
 237      // If this isn't a logged in user, then we need to do some special validation.
 238      if($mybb->user['uid'] == 0)
 239      {
 240          // If they didn't specify a username leave blank so $lang->guest can be used on output
 241          if(!$mybb->get_input('username'))
 242          {
 243              $username = '';
 244          }
 245          // Otherwise use the name they specified.
 246          else
 247          {
 248              $username = $mybb->get_input('username');
 249          }
 250          $uid = 0;
 251  
 252          if(!$mybb->user['uid'] && $mybb->settings['stopforumspam_on_newthread'])
 253          {
 254              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 255  
 256              $stop_forum_spam_checker = new StopForumSpamChecker(
 257                  $plugins,
 258                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 259                  $mybb->settings['stopforumspam_check_usernames'],
 260                  $mybb->settings['stopforumspam_check_emails'],
 261                  $mybb->settings['stopforumspam_check_ips'],
 262                  $mybb->settings['stopforumspam_log_blocks']
 263              );
 264  
 265              try {
 266                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 267                  {
 268                      $errors[] = $lang->sprintf($lang->error_stop_forum_spam_spammer,
 269                          $stop_forum_spam_checker->getErrorText(array(
 270                              'stopforumspam_check_usernames',
 271                              'stopforumspam_check_ips'
 272                              )));
 273                  }
 274              }
 275              catch (Exception $e)
 276              {
 277                  if($mybb->settings['stopforumspam_block_on_error'])
 278                  {
 279                      $errors[] = $lang->error_stop_forum_spam_fetching;
 280                  }
 281              }
 282          }
 283      }
 284      // This user is logged in.
 285      else
 286      {
 287          $username = $mybb->user['username'];
 288          $uid = $mybb->user['uid'];
 289      }
 290  
 291      // Attempt to see if this post is a duplicate or not
 292      if($uid > 0)
 293      {
 294          $user_check = "p.uid='{$uid}'";
 295      }
 296      else
 297      {
 298          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 299      }
 300      if(!$mybb->get_input('savedraft') && !$pid)
 301      {
 302          $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.dateline>".(TIME_NOW-600));
 303          $duplicate_check = $db->fetch_field($query, "pid");
 304          if($duplicate_check)
 305          {
 306              error($lang->error_post_already_submitted);
 307          }
 308      }
 309  
 310      // Set up posthandler.
 311      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 312      $posthandler = new PostDataHandler("insert");
 313      $posthandler->action = "thread";
 314  
 315      // Set the thread data that came from the input to the $thread array.
 316      $new_thread = array(
 317          "fid" => $forum['fid'],
 318          "subject" => $mybb->get_input('subject'),
 319          "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 320          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 321          "uid" => $uid,
 322          "username" => $username,
 323          "message" => $mybb->get_input('message'),
 324          "ipaddress" => $session->packedip,
 325          "posthash" => $mybb->get_input('posthash')
 326      );
 327  
 328      if($pid != '')
 329      {
 330          $new_thread['pid'] = $pid;
 331      }
 332  
 333      // Are we saving a draft thread?
 334      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 335      {
 336          $new_thread['savedraft'] = 1;
 337      }
 338      else
 339      {
 340          $new_thread['savedraft'] = 0;
 341      }
 342  
 343      // Is this thread already a draft and we're updating it?
 344      if(isset($thread['tid']) && $thread['visible'] == -2)
 345      {
 346          $new_thread['tid'] = $thread['tid'];
 347      }
 348  
 349      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 350      if(!isset($postoptions['signature']))
 351      {
 352          $postoptions['signature'] = 0;
 353      }
 354      if(!isset($postoptions['subscriptionmethod']))
 355      {
 356          $postoptions['subscriptionmethod'] = 0;
 357      }
 358      if(!isset($postoptions['disablesmilies']))
 359      {
 360          $postoptions['disablesmilies'] = 0;
 361      }
 362  
 363      // Set up the thread options from the input.
 364      $new_thread['options'] = array(
 365          "signature" => $postoptions['signature'],
 366          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 367          "disablesmilies" => $postoptions['disablesmilies']
 368      );
 369  
 370      // Apply moderation options if we have them
 371      $new_thread['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 372  
 373      $posthandler->set_data($new_thread);
 374  
 375      // Now let the post handler do all the hard work.
 376      $valid_thread = $posthandler->validate_thread();
 377  
 378      $post_errors = array();
 379      // Fetch friendly error messages if this is an invalid thread
 380      if(!$valid_thread)
 381      {
 382          $post_errors = $posthandler->get_friendly_errors();
 383      }
 384  
 385      // Check captcha image
 386      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 387      {
 388          require_once  MYBB_ROOT.'inc/class_captcha.php';
 389          $post_captcha = new captcha;
 390  
 391          if($post_captcha->validate_captcha() == false)
 392          {
 393              // CAPTCHA validation failed
 394              foreach($post_captcha->get_errors() as $error)
 395              {
 396                  $post_errors[] = $error;
 397              }
 398          }
 399          else
 400          {
 401              $hide_captcha = true;
 402          }
 403      }
 404  
 405      // One or more errors returned, fetch error list and throw to newthread page
 406      if(count($post_errors) > 0)
 407      {
 408          $thread_errors = inline_error($post_errors);
 409          $mybb->input['action'] = "newthread";
 410      }
 411      // No errors were found, it is safe to insert the thread.
 412      else
 413      {
 414          $thread_info = $posthandler->insert_thread();
 415          $tid = $thread_info['tid'];
 416          $visible = $thread_info['visible'];
 417  
 418          // Invalidate solved captcha
 419          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 420          {
 421              $post_captcha->invalidate_captcha();
 422          }
 423  
 424          $force_redirect = false;
 425  
 426          // Mark thread as read
 427          require_once  MYBB_ROOT."inc/functions_indicators.php";
 428          mark_thread_read($tid, $fid);
 429  
 430          // We were updating a draft thread, send them back to the draft listing.
 431          if($new_thread['savedraft'] == 1)
 432          {
 433              $lang->redirect_newthread = $lang->draft_saved;
 434              $url = "usercp.php?action=drafts";
 435          }
 436  
 437          // A poll was being posted with this thread, throw them to poll posting page.
 438          else if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls'])
 439          {
 440              $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 441              $lang->redirect_newthread .= $lang->redirect_newthread_poll;
 442          }
 443  
 444          // This thread is stuck in the moderation queue, send them back to the forum.
 445          else if(!$visible)
 446          {
 447              // Moderated thread
 448              $lang->redirect_newthread .= $lang->redirect_newthread_moderation;
 449              $url = get_forum_link($fid);
 450  
 451              // User must see moderation notice, regardless of redirect settings
 452              $force_redirect = true;
 453          }
 454  
 455          // The thread is being made in a forum the user cannot see threads in, send them back to the forum.
 456          else if($visible == 1 && $forumpermissions['canviewthreads'] != 1)
 457          {
 458              $lang->redirect_newthread .= $lang->redirect_newthread_unviewable;
 459              $url = get_forum_link($fid);
 460  
 461              // User must see permission notice, regardless of redirect settings
 462              $force_redirect = true;
 463          }
 464  
 465          // This is just a normal thread - send them to it.
 466          else
 467          {
 468              // Visible thread
 469              $lang->redirect_newthread .= $lang->redirect_newthread_thread;
 470              $url = get_thread_link($tid);
 471          }
 472  
 473          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 474          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 475          {
 476              // We quoted all posts - remove the entire cookie
 477              if($mybb->get_input('quoted_ids') == "all")
 478              {
 479                  my_unsetcookie("multiquote");
 480              }
 481          }
 482  
 483          $plugins->run_hooks("newthread_do_newthread_end");
 484  
 485          // Hop to it! Send them to the next page.
 486          if(!$mybb->get_input('postpoll', MyBB::INPUT_INT))
 487          {
 488              $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 489          }
 490          redirect($url, $lang->redirect_newthread, "", $force_redirect);
 491      }
 492  }
 493  
 494  if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft")
 495  {
 496      $plugins->run_hooks("newthread_start");
 497  
 498      // Do we have attachment errors?
 499      if(count($errors) > 0)
 500      {
 501          $thread_errors = inline_error($errors);
 502      }
 503  
 504      $multiquote_external = $quoted_ids = '';
 505  
 506      $subject = $message = '';
 507      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 508      if(empty($mybb->input['previewpost']) && !$thread_errors && $mybb->input['action'] != "editdraft")
 509      {
 510          $quoted_posts = array();
 511          // Handle multiquote
 512          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 513          {
 514              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 515              foreach($multiquoted as $post)
 516              {
 517                  $quoted_posts[$post] = (int)$post;
 518              }
 519          }
 520  
 521          // Quoting more than one post - fetch them
 522          if(count($quoted_posts) > 0)
 523          {
 524              $external_quotes = 0;
 525              $quoted_posts = implode(",", $quoted_posts);
 526              $unviewable_forums = get_unviewable_forums();
 527              $inactiveforums = get_inactive_forums();
 528              if($unviewable_forums)
 529              {
 530                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 531              }
 532              if($inactiveforums)
 533              {
 534                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 535              }
 536  
 537              if(is_moderator($fid))
 538              {
 539                  $visible_where = "AND p.visible != 2";
 540              }
 541              else
 542              {
 543                  $visible_where = "AND p.visible > 0";
 544              }
 545  
 546              // Check group permissions if we can't view threads not started by us
 547              $group_permissions = forum_permissions();
 548              $onlyusfids = array();
 549              $onlyusforums = '';
 550              foreach($group_permissions as $gpfid => $forum_permissions)
 551              {
 552                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 553                  {
 554                      $onlyusfids[] = $gpfid;
 555                  }
 556              }
 557              if(!empty($onlyusfids))
 558              {
 559                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 560              }
 561  
 562              if($mybb->get_input('load_all_quotes', MyBB::INPUT_INT) == 1)
 563              {
 564                  $query = $db->query("
 565                      SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 566                      FROM ".TABLE_PREFIX."posts p
 567                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 568                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 569                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 570                      ORDER BY p.dateline
 571                  ");
 572                  while($quoted_post = $db->fetch_array($query))
 573                  {
 574                      if($quoted_post['userusername'])
 575                      {
 576                          $quoted_post['username'] = $quoted_post['userusername'];
 577                      }
 578                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
 579                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
 580                      $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
 581                      $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n";
 582                  }
 583  
 584                  $quoted_ids = "all";
 585              }
 586              else
 587              {
 588                  $query = $db->query("
 589                      SELECT COUNT(*) AS quotes
 590                      FROM ".TABLE_PREFIX."posts p
 591                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 592                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 593                  ");
 594                  $external_quotes = $db->fetch_field($query, 'quotes');
 595  
 596                  if($external_quotes > 0)
 597                  {
 598                      if($external_quotes == 1)
 599                      {
 600                          $multiquote_text = $lang->multiquote_external_one;
 601                          $multiquote_deselect = $lang->multiquote_external_one_deselect;
 602                          $multiquote_quote = $lang->multiquote_external_one_quote;
 603                      }
 604                      else
 605                      {
 606                          $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 607                          $multiquote_deselect = $lang->multiquote_external_deselect;
 608                          $multiquote_quote = $lang->multiquote_external_quote;
 609                      }
 610                      eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";");
 611                  }
 612              }
 613          }
 614      }
 615  
 616      if(isset($mybb->input['quoted_ids']))
 617      {
 618          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids'));
 619      }
 620  
 621      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 622      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 623      $postpollchecked = '';
 624  
 625      // Check the various post options if we're
 626      // a -> previewing a post
 627      // b -> removing an attachment
 628      // c -> adding a new attachment
 629      // d -> have errors from posting
 630  
 631      if(!empty($mybb->input['previewpost']) || $mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 632      {
 633          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 634          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 635          {
 636              $postoptionschecked['signature'] = " checked=\"checked\"";
 637          }
 638          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 639          {
 640              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 641          }
 642          if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1)
 643          {
 644              $postpollchecked = "checked=\"checked\"";
 645          }
 646          $subscription_method = get_subscription_method($tid, $postoptions);
 647          $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 648      }
 649  
 650      // Editing a draft thread
 651      else if($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 652      {
 653          $mybb->input['threadprefix'] = $thread['prefix'];
 654          $message = htmlspecialchars_uni($post['message']);
 655          $subject = htmlspecialchars_uni($post['subject']);
 656          if($post['includesig'] != 0)
 657          {
 658              $postoptionschecked['signature'] = " checked=\"checked\"";
 659          }
 660          if($post['smilieoff'] == 1)
 661          {
 662              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 663          }
 664          $icon = $post['icon'];
 665          if($forum['allowpicons'] != 0)
 666          {
 667              $posticons = get_post_icons();
 668          }
 669          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 670      }
 671  
 672      // Otherwise, this is our initial visit to this page.
 673      else
 674      {
 675          if($mybb->user['signature'] != '')
 676          {
 677              $postoptionschecked['signature'] = " checked=\"checked\"";
 678          }
 679          $subscription_method = get_subscription_method($tid); // Fresh thread, let the function set the appropriate method
 680          $numpolloptions = "2";
 681      }
 682  
 683      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 684      $preview = '';
 685  
 686      // If we're previewing a post then generate the preview.
 687      if(!empty($mybb->input['previewpost']))
 688      {
 689          // If this isn't a logged in user, then we need to do some special validation.
 690          if($mybb->user['uid'] == 0)
 691          {
 692              // If they didn't specify a username leave blank so $lang->guest can be used on output
 693              if(!$mybb->get_input('username'))
 694              {
 695                  $username = '';
 696              }
 697              // Otherwise use the name they specified.
 698              else
 699              {
 700                  $username = $mybb->get_input('username');
 701              }
 702              $uid = 0;
 703          }
 704          // This user is logged in.
 705          else
 706          {
 707              $username = $mybb->user['username'];
 708              $uid = $mybb->user['uid'];
 709          }
 710  
 711          // Set up posthandler.
 712          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 713          $posthandler = new PostDataHandler("insert");
 714          $posthandler->action = "thread";
 715  
 716          // Set the thread data that came from the input to the $thread array.
 717          $new_thread = array(
 718              "fid" => $forum['fid'],
 719              "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 720              "subject" => $mybb->get_input('subject'),
 721              "icon" => $mybb->get_input('icon'),
 722              "uid" => $uid,
 723              "username" => $username,
 724              "message" => $mybb->get_input('message'),
 725              "ipaddress" => $session->packedip,
 726              "posthash" => $mybb->get_input('posthash')
 727          );
 728  
 729          if($pid != '')
 730          {
 731              $new_thread['pid'] = $pid;
 732          }
 733  
 734          $posthandler->set_data($new_thread);
 735  
 736          // Now let the post handler do all the hard work.
 737          $valid_thread = $posthandler->verify_message();
 738          $valid_subject = $posthandler->verify_subject();
 739  
 740          // guest post --> verify author
 741          if($new_thread['uid'] == 0)
 742          {
 743              $valid_username = $posthandler->verify_author();
 744          }
 745          else
 746          {
 747              $valid_username = true;
 748          }
 749  
 750          $post_errors = array();
 751          // Fetch friendly error messages if this is an invalid post
 752          if(!$valid_thread || !$valid_subject || !$valid_username)
 753          {
 754              $post_errors = $posthandler->get_friendly_errors();
 755          }
 756  
 757          // One or more errors returned, fetch error list and throw to newreply page
 758          if(count($post_errors) > 0)
 759          {
 760              $thread_errors = inline_error($post_errors);
 761          }
 762          else
 763          {
 764              $query = $db->query("
 765                  SELECT u.*, f.*
 766                  FROM ".TABLE_PREFIX."users u
 767                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 768                  WHERE u.uid='".$mybb->user['uid']."'
 769              ");
 770              $post = $db->fetch_array($query);
 771              $post['username'] = $username;
 772              if($mybb->user['uid'])
 773              {
 774                  $post['userusername'] = $mybb->user['username'];
 775              }
 776              $previewmessage = $mybb->get_input('message');
 777              $post['message'] = $previewmessage;
 778              $post['subject'] = $mybb->get_input('subject');
 779              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 780              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 781              if(isset($mybb->input['postoptions']['disablesmilies']))
 782              {
 783                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
 784              }
 785              $post['dateline'] = TIME_NOW;
 786              if(isset($mybb->input['postoptions']['signature']))
 787              {
 788                  $post['includesig'] = $mybb->input['postoptions']['signature'];
 789              }
 790              if(!isset($post['includesig']) || $post['includesig'] != 1)
 791              {
 792                  $post['includesig'] = 0;
 793              }
 794  
 795              // Fetch attachments assigned to this post
 796              if($mybb->get_input('pid', MyBB::INPUT_INT))
 797              {
 798                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
 799              }
 800              else
 801              {
 802                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 803              }
 804  
 805              $query = $db->simple_select("attachments", "*", $attachwhere);
 806              while($attachment = $db->fetch_array($query))
 807              {
 808                  $attachcache[0][$attachment['aid']] = $attachment;
 809              }
 810  
 811              $postbit = build_postbit($post, 1);
 812              eval("\$preview = \"".$templates->get("previewpost")."\";");
 813          }
 814          $message = htmlspecialchars_uni($mybb->get_input('message'));
 815          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 816      }
 817  
 818      // Removing an attachment or adding a new one, or showing thread errors.
 819      else if($mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 820      {
 821          $message = htmlspecialchars_uni($mybb->get_input('message'));
 822          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 823      }
 824  
 825      // Generate thread prefix selector
 826      if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT))
 827      {
 828          $mybb->input['threadprefix'] = 0;
 829      }
 830  
 831      $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT));
 832  
 833      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
 834  
 835      // Hide signature option if no permission
 836      $signature = '';
 837      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
 838      {
 839          eval("\$signature = \"".$templates->get('newthread_signature')."\";");
 840      }
 841  
 842      // Can we disable smilies or are they disabled already?
 843      $disablesmilies = '';
 844      if($forum['allowsmilies'] != 0)
 845      {
 846          eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";");
 847      }
 848  
 849      $postoptions = '';
 850      if(!empty($signature) || !empty($disablesmilies))
 851      {
 852          eval("\$postoptions = \"".$templates->get("newthread_postoptions")."\";");
 853          $bgcolor = "trow2";
 854          $bgcolor2 = "trow1";
 855      }
 856      else
 857      {
 858          $bgcolor = "trow1";
 859          $bgcolor2 = "trow2";
 860      }
 861  
 862      $modoptions = '';
 863      // Show the moderator options
 864      if(is_moderator($fid))
 865      {
 866          $modoptions = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 867          if(isset($modoptions['closethread']) && $modoptions['closethread'] == 1)
 868          {
 869              $closecheck = "checked=\"checked\"";
 870          }
 871          else
 872          {
 873              $closecheck = '';
 874          }
 875          if(isset($modoptions['stickthread']) && $modoptions['stickthread'] == 1)
 876          {
 877              $stickycheck = "checked=\"checked\"";
 878          }
 879          else
 880          {
 881              $stickycheck = '';
 882          }
 883  
 884          $closeoption = '';
 885          if(is_moderator($thread['fid'], "canopenclosethreads"))
 886          {
 887              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
 888          }
 889  
 890          $stickoption = '';
 891          if(is_moderator($thread['fid'], "canstickunstickthreads"))
 892          {
 893              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
 894          }
 895  
 896          if(!empty($closeoption) || !empty($stickoption))
 897          {
 898              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
 899              $bgcolor = "trow1";
 900              $bgcolor2 = "trow2";
 901          }
 902          else
 903          {
 904              $bgcolor = "trow2";
 905              $bgcolor2 = "trow1";
 906          }
 907      }
 908      else
 909      {
 910          $bgcolor = "trow2";
 911          $bgcolor2 = "trow1";
 912      }
 913  
 914      // Fetch subscription select box
 915      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
 916  
 917      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
 918      { // Get a listing of the current attachments, if there are any
 919          $attachcount = 0;
 920          if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 921          {
 922              $attachwhere = "pid='$pid'";
 923          }
 924          else
 925          {
 926              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
 927          }
 928          $query = $db->simple_select("attachments", "*", $attachwhere);
 929          $attachments = '';
 930          while($attachment = $db->fetch_array($query))
 931          {
 932              $attachment['size'] = get_friendly_size($attachment['filesize']);
 933              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
 934              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
 935  
 936              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 937              {
 938                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 939              }
 940  
 941              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 942  
 943              $attach_mod_options = '';
 944              if($attachment['visible'] != 1)
 945              {
 946                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
 947              }
 948              else
 949              {
 950                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
 951              }
 952              $attachcount++;
 953          }
 954          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 955          $usage = $db->fetch_array($query);
 956          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
 957          {
 958              $noshowattach = 1;
 959          }
 960          if($mybb->usergroup['attachquota'] == 0)
 961          {
 962              $friendlyquota = $lang->unlimited;
 963          }
 964          else
 965          {
 966              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
 967          }
 968          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
 969          
 970          if($usage['ausage'] !== NULL)
 971          {
 972              $friendlyusage = get_friendly_size($usage['ausage']);
 973              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
 974              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
 975          }
 976          else
 977          {
 978              $lang->attach_usage = "";
 979          }
 980          
 981          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !isset($noshowattach))
 982          {
 983              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
 984          }
 985  
 986          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
 987          {
 988              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
 989          }
 990  
 991          if($attach_add_options || $attach_update_options)
 992          {
 993              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
 994          }
 995          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
 996  
 997          $bgcolor = alt_trow();
 998      }
 999  
1000      if($mybb->user['uid'])
1001      {
1002          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1003      }
1004  
1005      $captcha = '';
1006  
1007      // Show captcha image for guests if enabled
1008      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1009      {
1010          $correct = false;
1011          require_once  MYBB_ROOT.'inc/class_captcha.php';
1012          $post_captcha = new captcha(false, "post_captcha");
1013  
1014          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1015          {
1016              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1017              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1018              if($post_captcha->validate_captcha() == true)
1019              {
1020                  $correct = true;
1021  
1022                  // Generate a hidden list of items for our captcha
1023                  $captcha = $post_captcha->build_hidden_captcha();
1024              }
1025          }
1026  
1027          if(!$correct)
1028          {
1029               if($post_captcha->type == 1)
1030              {
1031                  $post_captcha->build_captcha();
1032              }
1033              elseif(in_array($post_captcha->type, array(4, 5, 8)))
1034              {
1035                  $post_captcha->build_recaptcha();
1036              }
1037              elseif(in_array($post_captcha->type, array(6, 7)))
1038              {
1039                  $post_captcha->build_hcaptcha();
1040              }
1041          }
1042          else if($correct && (in_array($post_captcha->type, array(4, 5, 8))))
1043          {
1044              $post_captcha->build_recaptcha();
1045          }
1046          else if($correct && (in_array($post_captcha->type, array(6, 7))))
1047          {
1048              $post_captcha->build_hcaptcha();
1049          }
1050  
1051          if($post_captcha->html)
1052          {
1053              $captcha = $post_captcha->html;
1054          }
1055      }
1056  
1057      if($forumpermissions['canpostpolls'] != 0)
1058      {
1059          $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
1060          eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
1061      }
1062  
1063      // Do we have any forum rules to show for this forum?
1064      $forumrules = '';
1065      if($forum['rulestype'] >= 2 && $forum['rules'])
1066      {
1067          if(!$forum['rulestitle'])
1068          {
1069              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1070          }
1071  
1072          if(!$parser)
1073          {
1074              require_once  MYBB_ROOT.'inc/class_parser.php';
1075              $parser = new postParser;
1076          }
1077  
1078          $rules_parser = array(
1079              "allow_html" => 1,
1080              "allow_mycode" => 1,
1081              "allow_smilies" => 1,
1082              "allow_imgcode" => 1
1083          );
1084  
1085          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1086          $foruminfo = $forum;
1087  
1088          if($forum['rulestype'] == 3)
1089          {
1090              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1091          }
1092          else if($forum['rulestype'] == 2)
1093          {
1094              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1095          }
1096      }
1097  
1098      $moderation_notice = '';
1099      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1100      {
1101          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1102          {
1103              $moderation_text = $lang->moderation_forum_attachments;
1104              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1105          }
1106      }
1107  
1108      if(!is_moderator($forum['fid'], "canapproveunapprovethreads"))
1109      {
1110          if($forumpermissions['modthreads'] == 1)
1111          {
1112              $moderation_text = $lang->moderation_forum_thread;
1113              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1114          }
1115      }
1116  
1117      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1118      {
1119          if($mybb->user['moderateposts'] == 1)
1120          {
1121              $moderation_text = $lang->moderation_user_posts;
1122              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1123          }
1124      }
1125  
1126      $php_max_upload_filesize = return_bytes(ini_get('max_upload_filesize'));
1127      $php_post_max_size = return_bytes(ini_get('post_max_size'));
1128  
1129      if ($php_max_upload_filesize != 0 && $php_post_max_size != 0)
1130      {
1131          $php_max_upload_size = min($php_max_upload_filesize, $php_post_max_size);
1132      }
1133      else
1134      {
1135          $php_max_upload_size = max($php_max_upload_filesize, $php_post_max_size);
1136      }
1137  
1138      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1139      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1140  
1141      $plugins->run_hooks("newthread_end");
1142  
1143      $forum['name'] = strip_tags($forum['name']);
1144      $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']);
1145  
1146      eval("\$newthread = \"".$templates->get("newthread")."\";");
1147      output_page($newthread);
1148  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref