[ Index ]

PHP Cross Reference of MyBB 1.8.33

title

Body

[close]

/ -> newthread.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newthread.php');
  13  
  14  $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,postbit,post_attachments_attachment_unapproved,newreply_modoptions_close,newreply_modoptions_stick";
  15  $templatelist .= ",newthread_disablesmilies,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove,postbit_warninglevel_formatted,postbit_icon";
  16  $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_signature,post_prefixselect_prefix,post_prefixselect_single,posticons_icon";
  17  $templatelist .= ",post_captcha_hidden,post_captcha_recaptcha_invisible,post_captcha_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_javascript,postbit_gotopost,newthread_postoptions,post_attachments_add,post_attachments_viewlink";
  18  $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest,post_captcha";
  19  $templatelist .= ",postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_reputation_formatted_link,post_attachments_update,postbit_offline,newreply_modoptions,newthread_multiquote_external";
  21  $templatelist .= ",postbit_profilefield_multiselect_value,postbit_profilefield_multiselect,newthread_draftinput,global_moderation_notice,postbit_online,postbit_away,attachment_icon,postbit_userstar,postbit_groupimage";
  22  
  23  require_once  "./global.php";
  24  require_once  MYBB_ROOT."inc/functions_post.php";
  25  require_once  MYBB_ROOT."inc/functions_user.php";
  26  require_once  MYBB_ROOT."inc/functions_upload.php";
  27  
  28  // Load global language phrases
  29  $lang->load("newthread");
  30  
  31  $tid = $pid = 0;
  32  $mybb->input['action'] = $mybb->get_input('action');
  33  $mybb->input['tid'] = $mybb->get_input('tid', MyBB::INPUT_INT);
  34  $mybb->input['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
  35  if($mybb->input['action'] == "editdraft" || ($mybb->get_input('savedraft') && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid']))
  36  {
  37      $thread = get_thread($mybb->input['tid']);
  38  
  39      $query = $db->simple_select("posts", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."' AND visible='-2'", array('order_by' => 'dateline, pid', 'limit' => 1));
  40      $post = $db->fetch_array($query);
  41  
  42      if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])
  43      {
  44          error($lang->invalidthread);
  45      }
  46  
  47      $pid = $post['pid'];
  48      $fid = $thread['fid'];
  49      $tid = $thread['tid'];
  50      eval("\$editdraftpid = \"".$templates->get("newthread_draftinput")."\";");
  51  }
  52  else
  53  {
  54      $fid = $mybb->get_input('fid', MyBB::INPUT_INT);
  55      $editdraftpid = '';
  56  }
  57  
  58  // Fetch forum information.
  59  $forum = get_forum($fid);
  60  if(!$forum)
  61  {
  62      error($lang->error_invalidforum);
  63  }
  64  
  65  // Draw the navigation
  66  build_forum_breadcrumb($fid);
  67  add_breadcrumb($lang->nav_newthread);
  68  
  69  $forumpermissions = forum_permissions($fid);
  70  
  71  if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "")
  72  {
  73      error($lang->error_closedinvalidforum);
  74  }
  75  
  76  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0)
  77  {
  78      error_no_permission();
  79  }
  80  
  81  if($mybb->user['suspendposting'] == 1)
  82  {
  83      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
  84      if($mybb->user['suspensiontime'])
  85      {
  86          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
  87      }
  88  
  89      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
  90  
  91      error($lang->error_suspendedposting);
  92  }
  93  
  94  // Check if this forum is password protected and we have a valid password
  95  check_forum_password($forum['fid']);
  96  
  97  // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter.
  98  $codebuttons = '';
  99  $smilieinserter = '';
 100  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 101  {
 102      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 103      if($forum['allowsmilies'] != 0)
 104      {
 105          $smilieinserter = build_clickable_smilies();
 106      }
 107  }
 108  
 109  // Does this forum allow post icons? If so, fetch the post icons.
 110  if($forum['allowpicons'] != 0)
 111  {
 112      $posticons = get_post_icons();
 113  }
 114  
 115  // If we have a currently logged in user then fetch the change user box.
 116  if($mybb->user['uid'] != 0)
 117  {
 118      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 119      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 120  }
 121  
 122  // Otherwise we have a guest, determine the "username" and get the login box.
 123  else
 124  {
 125      if(!isset($mybb->input['previewpost']) && $mybb->input['action'] != "do_newthread")
 126      {
 127          $username = '';
 128      }
 129      else
 130      {
 131          $username = htmlspecialchars_uni($mybb->get_input('username'));
 132      }
 133      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 134  }
 135  
 136  // If we're not performing a new thread insert and not editing a draft then we're posting a new thread.
 137  if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft")
 138  {
 139      $mybb->input['action'] = "newthread";
 140  }
 141  
 142  // Previewing a post, overwrite the action to the new thread action.
 143  if(!empty($mybb->input['previewpost']))
 144  {
 145      $mybb->input['action'] = "newthread";
 146  }
 147  
 148  // Setup a unique posthash for attachment management
 149  if(!$mybb->get_input('posthash') && !$pid)
 150  {
 151      $mybb->input['posthash'] = md5($mybb->user['uid'].random_str());
 152  }
 153  
 154  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 155  {
 156      error($lang->error_empty_post_input);
 157  }
 158  
 159  $errors = array();
 160  $maximageserror = $attacherror = '';
 161  
 162  // Handle attachments if we've got any.
 163  if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit')) || ($mybb->input['action'] == "newthread" && isset($mybb->input['previewpost'])) || isset($mybb->input['savedraft'])) && $_FILES['attachments'])))
 164  {
 165      // Verify incoming POST request
 166      verify_post_check($mybb->get_input('my_post_key'));
 167  
 168      if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 169      {
 170          $attachwhere = "pid='{$pid}'";
 171      }
 172      else
 173      {
 174          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 175      }
 176  
 177      $ret = add_attachments($pid, $forumpermissions, $attachwhere, "newthread");
 178  
 179      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 180      {
 181          if(isset($ret['success']))
 182          {
 183              $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}');
 184              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 185              {
 186                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 187              }
 188              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 189              eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";");
 190              $ret['template'] = $attemplate;
 191  
 192              $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 193              $usage = $db->fetch_array($query);
 194              $ret['usage'] = get_friendly_size($usage['ausage']);
 195          }
 196          
 197          header("Content-type: application/json; charset={$lang->settings['charset']}");
 198          echo json_encode($ret);
 199          exit();
 200      }
 201  
 202      if(!empty($ret['errors']))
 203      {
 204          $errors = $ret['errors'];
 205      }
 206  
 207      // If we were dealing with an attachment but didn't click 'Post Thread' or 'Save as Draft', force the new thread page again.
 208      if(!$mybb->get_input('submit') && !$mybb->get_input('savedraft'))
 209      {
 210          $mybb->input['action'] = "newthread";
 211      }
 212  }
 213  
 214  detect_attachmentact();
 215  
 216  // Are we removing an attachment from the thread?
 217  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 218  {
 219      // Verify incoming POST request
 220      verify_post_check($mybb->get_input('my_post_key'));
 221  
 222      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 223  
 224      if(!$mybb->get_input('submit'))
 225      {
 226          $mybb->input['action'] = "newthread";
 227      }
 228  
 229      if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
 230      {
 231          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 232          $usage = $db->fetch_array($query);
 233  
 234          header("Content-type: application/json; charset={$lang->settings['charset']}");
 235          echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage'])));
 236          exit();
 237      }
 238  }
 239  
 240  $thread_errors = "";
 241  $hide_captcha = false;
 242  
 243  // Check the maximum posts per day for this user
 244  if($mybb->usergroup['maxposts'] > 0)
 245  {
 246      $daycut = TIME_NOW-60*60*24;
 247      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible !='-1' AND dateline>{$daycut}");
 248      $post_count = $db->fetch_field($query, "posts_today");
 249      if($post_count >= $mybb->usergroup['maxposts'])
 250      {
 251          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 252          error($lang->error_maxposts);
 253      }
 254  }
 255  
 256  // Performing the posting of a new thread.
 257  if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post")
 258  {
 259      // Verify incoming POST request
 260      verify_post_check($mybb->get_input('my_post_key'));
 261  
 262      $plugins->run_hooks("newthread_do_newthread_start");
 263  
 264      // If this isn't a logged in user, then we need to do some special validation.
 265      if($mybb->user['uid'] == 0)
 266      {
 267          // If they didn't specify a username leave blank so $lang->guest can be used on output
 268          if(!$mybb->get_input('username'))
 269          {
 270              $username = '';
 271          }
 272          // Otherwise use the name they specified.
 273          else
 274          {
 275              $username = $mybb->get_input('username');
 276          }
 277          $uid = 0;
 278  
 279          if(!$mybb->user['uid'] && $mybb->settings['stopforumspam_on_newthread'])
 280          {
 281              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 282  
 283              $stop_forum_spam_checker = new StopForumSpamChecker(
 284                  $plugins,
 285                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 286                  $mybb->settings['stopforumspam_check_usernames'],
 287                  $mybb->settings['stopforumspam_check_emails'],
 288                  $mybb->settings['stopforumspam_check_ips'],
 289                  $mybb->settings['stopforumspam_log_blocks']
 290              );
 291  
 292              try {
 293                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 294                  {
 295                      $errors[] = $lang->sprintf($lang->error_stop_forum_spam_spammer,
 296                          $stop_forum_spam_checker->getErrorText(array(
 297                              'stopforumspam_check_usernames',
 298                              'stopforumspam_check_ips'
 299                              )));
 300                  }
 301              }
 302              catch (Exception $e)
 303              {
 304                  if($mybb->settings['stopforumspam_block_on_error'])
 305                  {
 306                      $errors[] = $lang->error_stop_forum_spam_fetching;
 307                  }
 308              }
 309          }
 310      }
 311      // This user is logged in.
 312      else
 313      {
 314          $username = $mybb->user['username'];
 315          $uid = $mybb->user['uid'];
 316      }
 317  
 318      // Attempt to see if this post is a duplicate or not
 319      if($uid > 0)
 320      {
 321          $user_check = "p.uid='{$uid}'";
 322      }
 323      else
 324      {
 325          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 326      }
 327      if(!$mybb->get_input('savedraft') && !$pid)
 328      {
 329          $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.dateline>".(TIME_NOW-600));
 330          if($db->num_rows($query) > 0)
 331          {
 332              error($lang->error_post_already_submitted);
 333          }
 334      }
 335  
 336      // Set up posthandler.
 337      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 338      $posthandler = new PostDataHandler("insert");
 339      $posthandler->action = "thread";
 340  
 341      // Set the thread data that came from the input to the $thread array.
 342      $new_thread = array(
 343          "fid" => $forum['fid'],
 344          "subject" => $mybb->get_input('subject'),
 345          "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 346          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 347          "uid" => $uid,
 348          "username" => $username,
 349          "message" => $mybb->get_input('message'),
 350          "ipaddress" => $session->packedip,
 351          "posthash" => $mybb->get_input('posthash')
 352      );
 353  
 354      if($pid != '')
 355      {
 356          $new_thread['pid'] = $pid;
 357      }
 358  
 359      // Are we saving a draft thread?
 360      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 361      {
 362          $new_thread['savedraft'] = 1;
 363      }
 364      else
 365      {
 366          $new_thread['savedraft'] = 0;
 367      }
 368  
 369      // Is this thread already a draft and we're updating it?
 370      if(isset($thread['tid']) && $thread['visible'] == -2)
 371      {
 372          $new_thread['tid'] = $thread['tid'];
 373      }
 374  
 375      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 376      if(!isset($postoptions['signature']))
 377      {
 378          $postoptions['signature'] = 0;
 379      }
 380      if(!isset($postoptions['subscriptionmethod']))
 381      {
 382          $postoptions['subscriptionmethod'] = 0;
 383      }
 384      if(!isset($postoptions['disablesmilies']))
 385      {
 386          $postoptions['disablesmilies'] = 0;
 387      }
 388  
 389      // Set up the thread options from the input.
 390      $new_thread['options'] = array(
 391          "signature" => $postoptions['signature'],
 392          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 393          "disablesmilies" => $postoptions['disablesmilies']
 394      );
 395  
 396      // Apply moderation options if we have them
 397      $new_thread['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 398  
 399      $posthandler->set_data($new_thread);
 400  
 401      // Now let the post handler do all the hard work.
 402      $valid_thread = $posthandler->validate_thread();
 403  
 404      $post_errors = array();
 405      // Fetch friendly error messages if this is an invalid thread
 406      if(!$valid_thread)
 407      {
 408          $post_errors = $posthandler->get_friendly_errors();
 409      }
 410  
 411      // Check captcha image
 412      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 413      {
 414          require_once  MYBB_ROOT.'inc/class_captcha.php';
 415          $post_captcha = new captcha;
 416  
 417          if($post_captcha->validate_captcha() == false)
 418          {
 419              // CAPTCHA validation failed
 420              foreach($post_captcha->get_errors() as $error)
 421              {
 422                  $post_errors[] = $error;
 423              }
 424          }
 425          else
 426          {
 427              $hide_captcha = true;
 428          }
 429      }
 430  
 431      // One or more errors returned, fetch error list and throw to newthread page
 432      if(count($post_errors) > 0)
 433      {
 434          $thread_errors = inline_error($post_errors);
 435          $mybb->input['action'] = "newthread";
 436      }
 437      // No errors were found, it is safe to insert the thread.
 438      else
 439      {
 440          $thread_info = $posthandler->insert_thread();
 441          $tid = $thread_info['tid'];
 442          $visible = $thread_info['visible'];
 443  
 444          // Invalidate solved captcha
 445          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 446          {
 447              $post_captcha->invalidate_captcha();
 448          }
 449  
 450          $force_redirect = false;
 451  
 452          // Mark thread as read
 453          require_once  MYBB_ROOT."inc/functions_indicators.php";
 454          mark_thread_read($tid, $fid);
 455  
 456          // We were updating a draft thread, send them back to the draft listing.
 457          if($new_thread['savedraft'] == 1)
 458          {
 459              $lang->redirect_newthread = $lang->draft_saved;
 460              $url = "usercp.php?action=drafts";
 461          }
 462  
 463          // A poll was being posted with this thread, throw them to poll posting page.
 464          else if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls'])
 465          {
 466              $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 467              $lang->redirect_newthread .= $lang->redirect_newthread_poll;
 468          }
 469  
 470          // This thread is stuck in the moderation queue, send them back to the forum.
 471          else if(!$visible)
 472          {
 473              // Moderated thread
 474              $lang->redirect_newthread .= $lang->redirect_newthread_moderation;
 475              $url = get_forum_link($fid);
 476  
 477              // User must see moderation notice, regardless of redirect settings
 478              $force_redirect = true;
 479          }
 480  
 481          // The thread is being made in a forum the user cannot see threads in, send them back to the forum.
 482          else if($visible == 1 && $forumpermissions['canviewthreads'] != 1)
 483          {
 484              $lang->redirect_newthread .= $lang->redirect_newthread_unviewable;
 485              $url = get_forum_link($fid);
 486  
 487              // User must see permission notice, regardless of redirect settings
 488              $force_redirect = true;
 489          }
 490  
 491          // This is just a normal thread - send them to it.
 492          else
 493          {
 494              // Visible thread
 495              $lang->redirect_newthread .= $lang->redirect_newthread_thread;
 496              $url = get_thread_link($tid);
 497          }
 498  
 499          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 500          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 501          {
 502              // We quoted all posts - remove the entire cookie
 503              if($mybb->get_input('quoted_ids') == "all")
 504              {
 505                  my_unsetcookie("multiquote");
 506              }
 507          }
 508  
 509          $plugins->run_hooks("newthread_do_newthread_end");
 510  
 511          // Hop to it! Send them to the next page.
 512          if(!$mybb->get_input('postpoll', MyBB::INPUT_INT))
 513          {
 514              $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 515          }
 516          redirect($url, $lang->redirect_newthread, "", $force_redirect);
 517      }
 518  }
 519  
 520  if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft")
 521  {
 522      $plugins->run_hooks("newthread_start");
 523  
 524      // Do we have attachment errors?
 525      if(count($errors) > 0)
 526      {
 527          $thread_errors = inline_error($errors);
 528      }
 529  
 530      $multiquote_external = $quoted_ids = '';
 531  
 532      $subject = $message = '';
 533      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 534      if(empty($mybb->input['previewpost']) && !$thread_errors && $mybb->input['action'] != "editdraft")
 535      {
 536          $quoted_posts = array();
 537          // Handle multiquote
 538          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 539          {
 540              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 541              foreach($multiquoted as $post)
 542              {
 543                  $quoted_posts[$post] = (int)$post;
 544              }
 545          }
 546  
 547          // Quoting more than one post - fetch them
 548          if(count($quoted_posts) > 0)
 549          {
 550              $external_quotes = 0;
 551              $quoted_posts = implode(",", $quoted_posts);
 552              $unviewable_forums = get_unviewable_forums();
 553              $inactiveforums = get_inactive_forums();
 554              if($unviewable_forums)
 555              {
 556                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 557              }
 558              if($inactiveforums)
 559              {
 560                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 561              }
 562  
 563              if(is_moderator($fid))
 564              {
 565                  $visible_where = "AND p.visible != 2";
 566              }
 567              else
 568              {
 569                  $visible_where = "AND p.visible > 0";
 570              }
 571  
 572              // Check group permissions if we can't view threads not started by us
 573              $group_permissions = forum_permissions();
 574              $onlyusfids = array();
 575              $onlyusforums = '';
 576              foreach($group_permissions as $gpfid => $forum_permissions)
 577              {
 578                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 579                  {
 580                      $onlyusfids[] = $gpfid;
 581                  }
 582              }
 583              if(!empty($onlyusfids))
 584              {
 585                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 586              }
 587  
 588              if($mybb->get_input('load_all_quotes', MyBB::INPUT_INT) == 1)
 589              {
 590                  $query = $db->query("
 591                      SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 592                      FROM ".TABLE_PREFIX."posts p
 593                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 594                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 595                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 596                      ORDER BY p.dateline, p.pid
 597                  ");
 598                  while($quoted_post = $db->fetch_array($query))
 599                  {
 600                      if($quoted_post['userusername'])
 601                      {
 602                          $quoted_post['username'] = $quoted_post['userusername'];
 603                      }
 604                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
 605                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
 606                      $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
 607                      $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n";
 608                  }
 609  
 610                  $quoted_ids = "all";
 611              }
 612              else
 613              {
 614                  $query = $db->query("
 615                      SELECT COUNT(*) AS quotes
 616                      FROM ".TABLE_PREFIX."posts p
 617                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 618                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 619                  ");
 620                  $external_quotes = $db->fetch_field($query, 'quotes');
 621  
 622                  if($external_quotes > 0)
 623                  {
 624                      if($external_quotes == 1)
 625                      {
 626                          $multiquote_text = $lang->multiquote_external_one;
 627                          $multiquote_deselect = $lang->multiquote_external_one_deselect;
 628                          $multiquote_quote = $lang->multiquote_external_one_quote;
 629                      }
 630                      else
 631                      {
 632                          $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 633                          $multiquote_deselect = $lang->multiquote_external_deselect;
 634                          $multiquote_quote = $lang->multiquote_external_quote;
 635                      }
 636                      eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";");
 637                  }
 638              }
 639          }
 640      }
 641  
 642      if(isset($mybb->input['quoted_ids']))
 643      {
 644          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids'));
 645      }
 646  
 647      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 648      $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = '';
 649      $postpollchecked = '';
 650  
 651      // Check the various post options if we're
 652      // a -> previewing a post
 653      // b -> removing an attachment
 654      // c -> adding a new attachment
 655      // d -> have errors from posting
 656  
 657      if(!empty($mybb->input['previewpost']) || $mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 658      {
 659          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 660          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 661          {
 662              $postoptionschecked['signature'] = " checked=\"checked\"";
 663          }
 664          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 665          {
 666              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 667          }
 668          if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1)
 669          {
 670              $postpollchecked = "checked=\"checked\"";
 671          }
 672          $subscription_method = get_subscription_method($tid, $postoptions);
 673          $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 674      }
 675  
 676      // Editing a draft thread
 677      else if($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 678      {
 679          $mybb->input['threadprefix'] = $thread['prefix'];
 680          $message = htmlspecialchars_uni($post['message']);
 681          $subject = htmlspecialchars_uni($post['subject']);
 682          if($post['includesig'] != 0)
 683          {
 684              $postoptionschecked['signature'] = " checked=\"checked\"";
 685          }
 686          if($post['smilieoff'] == 1)
 687          {
 688              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 689          }
 690          $icon = $post['icon'];
 691          if($forum['allowpicons'] != 0)
 692          {
 693              $posticons = get_post_icons();
 694          }
 695          $subscription_method = get_subscription_method($tid); // Subscription method doesn't get saved in drafts
 696      }
 697  
 698      // Otherwise, this is our initial visit to this page.
 699      else
 700      {
 701          if($mybb->user['signature'] != '')
 702          {
 703              $postoptionschecked['signature'] = " checked=\"checked\"";
 704          }
 705          $subscription_method = get_subscription_method($tid); // Fresh thread, let the function set the appropriate method
 706          $numpolloptions = "2";
 707      }
 708  
 709      ${$subscription_method.'subscribe'} = "checked=\"checked\" ";
 710      $preview = '';
 711  
 712      // If we're previewing a post then generate the preview.
 713      if(!empty($mybb->input['previewpost']))
 714      {
 715          // If this isn't a logged in user, then we need to do some special validation.
 716          if($mybb->user['uid'] == 0)
 717          {
 718              // If they didn't specify a username leave blank so $lang->guest can be used on output
 719              if(!$mybb->get_input('username'))
 720              {
 721                  $username = '';
 722              }
 723              // Otherwise use the name they specified.
 724              else
 725              {
 726                  $username = $mybb->get_input('username');
 727              }
 728              $uid = 0;
 729          }
 730          // This user is logged in.
 731          else
 732          {
 733              $username = $mybb->user['username'];
 734              $uid = $mybb->user['uid'];
 735          }
 736  
 737          // Set up posthandler.
 738          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 739          $posthandler = new PostDataHandler("insert");
 740          $posthandler->action = "thread";
 741  
 742          // Set the thread data that came from the input to the $thread array.
 743          $new_thread = array(
 744              "fid" => $forum['fid'],
 745              "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 746              "subject" => $mybb->get_input('subject'),
 747              "icon" => $mybb->get_input('icon'),
 748              "uid" => $uid,
 749              "username" => $username,
 750              "message" => $mybb->get_input('message'),
 751              "ipaddress" => $session->packedip,
 752              "posthash" => $mybb->get_input('posthash')
 753          );
 754  
 755          if($pid != '')
 756          {
 757              $new_thread['pid'] = $pid;
 758          }
 759  
 760          $posthandler->set_data($new_thread);
 761  
 762          // Now let the post handler do all the hard work.
 763          $valid_thread = $posthandler->verify_message();
 764          $valid_subject = $posthandler->verify_subject();
 765  
 766          // guest post --> verify author
 767          if($new_thread['uid'] == 0)
 768          {
 769              $valid_username = $posthandler->verify_author();
 770          }
 771          else
 772          {
 773              $valid_username = true;
 774          }
 775  
 776          $post_errors = array();
 777          // Fetch friendly error messages if this is an invalid post
 778          if(!$valid_thread || !$valid_subject || !$valid_username)
 779          {
 780              $post_errors = $posthandler->get_friendly_errors();
 781          }
 782  
 783          // One or more errors returned, fetch error list and throw to newreply page
 784          if(count($post_errors) > 0)
 785          {
 786              $thread_errors = inline_error($post_errors);
 787          }
 788          else
 789          {
 790              $query = $db->query("
 791                  SELECT u.*, f.*
 792                  FROM ".TABLE_PREFIX."users u
 793                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 794                  WHERE u.uid='".$mybb->user['uid']."'
 795              ");
 796              $post = $db->fetch_array($query);
 797              $post['username'] = $username;
 798              if($mybb->user['uid'])
 799              {
 800                  $post['userusername'] = $mybb->user['username'];
 801              }
 802              $previewmessage = $mybb->get_input('message');
 803              $post['message'] = $previewmessage;
 804              $post['subject'] = $mybb->get_input('subject');
 805              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 806              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 807              if(isset($mybb->input['postoptions']['disablesmilies']))
 808              {
 809                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
 810              }
 811              $post['dateline'] = TIME_NOW;
 812              if(isset($mybb->input['postoptions']['signature']))
 813              {
 814                  $post['includesig'] = $mybb->input['postoptions']['signature'];
 815              }
 816              if(!isset($post['includesig']) || $post['includesig'] != 1)
 817              {
 818                  $post['includesig'] = 0;
 819              }
 820  
 821              // Fetch attachments assigned to this post
 822              if($mybb->get_input('pid', MyBB::INPUT_INT))
 823              {
 824                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
 825              }
 826              else
 827              {
 828                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 829              }
 830  
 831              $query = $db->simple_select("attachments", "*", $attachwhere);
 832              while($attachment = $db->fetch_array($query))
 833              {
 834                  $attachcache[0][$attachment['aid']] = $attachment;
 835              }
 836  
 837              $postbit = build_postbit($post, 1);
 838              eval("\$preview = \"".$templates->get("previewpost")."\";");
 839          }
 840          $message = htmlspecialchars_uni($mybb->get_input('message'));
 841          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 842      }
 843  
 844      // Removing an attachment or adding a new one, or showing thread errors.
 845      else if($mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 846      {
 847          $message = htmlspecialchars_uni($mybb->get_input('message'));
 848          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 849      }
 850  
 851      // Generate thread prefix selector
 852      if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT))
 853      {
 854          $mybb->input['threadprefix'] = 0;
 855      }
 856  
 857      $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT));
 858  
 859      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
 860  
 861      // Hide signature option if no permission
 862      $signature = '';
 863      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
 864      {
 865          eval("\$signature = \"".$templates->get('newthread_signature')."\";");
 866      }
 867  
 868      // Can we disable smilies or are they disabled already?
 869      $disablesmilies = '';
 870      if($forum['allowsmilies'] != 0)
 871      {
 872          eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";");
 873      }
 874  
 875      $postoptions = '';
 876      if(!empty($signature) || !empty($disablesmilies))
 877      {
 878          eval("\$postoptions = \"".$templates->get("newthread_postoptions")."\";");
 879          $bgcolor = "trow2";
 880          $bgcolor2 = "trow1";
 881      }
 882      else
 883      {
 884          $bgcolor = "trow1";
 885          $bgcolor2 = "trow2";
 886      }
 887  
 888      $modoptions = '';
 889      // Show the moderator options
 890      if(is_moderator($fid))
 891      {
 892          $modoptions = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 893          if(isset($modoptions['closethread']) && $modoptions['closethread'] == 1)
 894          {
 895              $closecheck = "checked=\"checked\"";
 896          }
 897          else
 898          {
 899              $closecheck = '';
 900          }
 901          if(isset($modoptions['stickthread']) && $modoptions['stickthread'] == 1)
 902          {
 903              $stickycheck = "checked=\"checked\"";
 904          }
 905          else
 906          {
 907              $stickycheck = '';
 908          }
 909  
 910          $closeoption = '';
 911          if(is_moderator($fid, "canopenclosethreads"))
 912          {
 913              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
 914          }
 915  
 916          $stickoption = '';
 917          if(is_moderator($fid, "canstickunstickthreads"))
 918          {
 919              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
 920          }
 921  
 922          if(!empty($closeoption) || !empty($stickoption))
 923          {
 924              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
 925              $bgcolor = "trow1";
 926              $bgcolor2 = "trow2";
 927          }
 928          else
 929          {
 930              $bgcolor = "trow2";
 931              $bgcolor2 = "trow1";
 932          }
 933      }
 934      else
 935      {
 936          $bgcolor = "trow2";
 937          $bgcolor2 = "trow1";
 938      }
 939  
 940      // Fetch subscription select box
 941      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
 942  
 943      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
 944      { // Get a listing of the current attachments, if there are any
 945          $attachcount = 0;
 946          if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 947          {
 948              $attachwhere = "pid='$pid'";
 949          }
 950          else
 951          {
 952              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
 953          }
 954          $query = $db->simple_select("attachments", "*", $attachwhere);
 955          $attachments = '';
 956          while($attachment = $db->fetch_array($query))
 957          {
 958              $attachment['size'] = get_friendly_size($attachment['filesize']);
 959              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
 960              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
 961  
 962              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 963              {
 964                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 965              }
 966  
 967              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 968  
 969              $attach_mod_options = '';
 970              if($attachment['visible'] != 1)
 971              {
 972                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
 973              }
 974              else
 975              {
 976                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
 977              }
 978              $attachcount++;
 979          }
 980          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 981          $usage = $db->fetch_array($query);
 982          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
 983          {
 984              $noshowattach = 1;
 985          }
 986          if($mybb->usergroup['attachquota'] == 0)
 987          {
 988              $friendlyquota = $lang->unlimited;
 989          }
 990          else
 991          {
 992              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
 993          }
 994          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota);
 995  
 996          $link_viewattachments = '';
 997          if($usage['ausage'] !== NULL)
 998          {
 999              $friendlyusage = get_friendly_size($usage['ausage']);
1000              $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage);
1001              eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";");
1002          }
1003          else
1004          {
1005              $lang->attach_usage = "";
1006          }
1007  
1008          $attach_add_options = '';
1009          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !isset($noshowattach))
1010          {
1011              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1012          }
1013  
1014          $attach_update_options = '';
1015          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1016          {
1017              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1018          }
1019  
1020          if($attach_add_options || $attach_update_options)
1021          {
1022              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1023          }
1024          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1025  
1026          $bgcolor = alt_trow();
1027      }
1028      else
1029      {
1030          $attachbox = '';
1031      }
1032  
1033      if($mybb->user['uid'])
1034      {
1035          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1036      }
1037  
1038      $captcha = '';
1039  
1040      // Show captcha image for guests if enabled
1041      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1042      {
1043          $correct = false;
1044          require_once  MYBB_ROOT.'inc/class_captcha.php';
1045          $post_captcha = new captcha(false, "post_captcha");
1046  
1047          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1048          {
1049              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1050              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1051              if($post_captcha->validate_captcha() == true)
1052              {
1053                  $correct = true;
1054  
1055                  // Generate a hidden list of items for our captcha
1056                  $captcha = $post_captcha->build_hidden_captcha();
1057              }
1058          }
1059  
1060          if(!$correct)
1061          {
1062               if($post_captcha->type == captcha::DEFAULT_CAPTCHA)
1063              {
1064                  $post_captcha->build_captcha();
1065              }
1066              elseif(in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))
1067              {
1068                  $post_captcha->build_recaptcha();
1069              }
1070              elseif(in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))
1071              {
1072                  $post_captcha->build_hcaptcha();
1073              }
1074          }
1075          else if($correct && (in_array($post_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3))))
1076          {
1077              $post_captcha->build_recaptcha();
1078          }
1079          else if($correct && (in_array($post_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE))))
1080          {
1081              $post_captcha->build_hcaptcha();
1082          }
1083  
1084          if($post_captcha->html)
1085          {
1086              $captcha = $post_captcha->html;
1087          }
1088      }
1089  
1090      if($forumpermissions['canpostpolls'] != 0)
1091      {
1092          $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
1093          eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
1094      }
1095  
1096      // Do we have any forum rules to show for this forum?
1097      $forumrules = '';
1098      if($forum['rulestype'] >= 2 && $forum['rules'])
1099      {
1100          if(!$forum['rulestitle'])
1101          {
1102              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1103          }
1104  
1105          if(!$parser)
1106          {
1107              require_once  MYBB_ROOT.'inc/class_parser.php';
1108              $parser = new postParser;
1109          }
1110  
1111          $rules_parser = array(
1112              "allow_html" => 1,
1113              "allow_mycode" => 1,
1114              "allow_smilies" => 1,
1115              "allow_imgcode" => 1
1116          );
1117  
1118          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1119          $foruminfo = $forum;
1120  
1121          if($forum['rulestype'] == 3)
1122          {
1123              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1124          }
1125          else if($forum['rulestype'] == 2)
1126          {
1127              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1128          }
1129      }
1130  
1131      $moderation_notice = '';
1132      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1133      {
1134          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1135          {
1136              $moderation_text = $lang->moderation_forum_attachments;
1137              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1138          }
1139      }
1140  
1141      if(!is_moderator($forum['fid'], "canapproveunapprovethreads"))
1142      {
1143          if($forumpermissions['modthreads'] == 1)
1144          {
1145              $moderation_text = $lang->moderation_forum_thread;
1146              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1147          }
1148      }
1149  
1150      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1151      {
1152          if($mybb->user['moderateposts'] == 1)
1153          {
1154              $moderation_text = $lang->moderation_user_posts;
1155              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1156          }
1157      }
1158  
1159      $php_max_upload_size = get_php_upload_limit();
1160      $php_max_file_uploads = (int)ini_get('max_file_uploads');
1161      eval("\$post_javascript = \"".$templates->get("post_javascript")."\";");
1162  
1163      $plugins->run_hooks("newthread_end");
1164  
1165      $forum['name'] = strip_tags($forum['name']);
1166      $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']);
1167  
1168      eval("\$newthread = \"".$templates->get("newthread")."\";");
1169      output_page($newthread);
1170  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref