[ Index ]

PHP Cross Reference of MyBB 1.8.12

title

Body

[close]

/ -> newthread.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define('THIS_SCRIPT', 'newthread.php');
  13  
  14  $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,postbit,post_attachments_attachment_unapproved,newreply_modoptions_close,newreply_modoptions_stick";
  15  $templatelist .= ",newthread_disablesmilies,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove,postbit_warninglevel_formatted,postbit_icon";
  16  $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_signature,post_prefixselect_prefix,post_prefixselect_single";
  17  $templatelist .= ",member_register_regimage,member_register_regimage_recaptcha,post_captcha_hidden,post_captcha,post_captcha_recaptcha,post_captcha_nocaptcha,postbit_gotopost,newthread_postoptions";
  18  $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest";
  19  $templatelist .= ",postbit_signature,postbit_classic,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved";
  20  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_reputation_formatted_link,post_attachments_update,postbit_offline,newreply_modoptions,posticons_icon";
  21  $templatelist .= ",newthread_draftinput,global_moderation_notice,postbit_online,postbit_away,attachment_icon,postbit_userstar,newthread_multiquote_external,postbit_groupimage,post_attachments_add";
  22  
  23  require_once  "./global.php";
  24  require_once  MYBB_ROOT."inc/functions_post.php";
  25  require_once  MYBB_ROOT."inc/functions_user.php";
  26  
  27  // Load global language phrases
  28  $lang->load("newthread");
  29  
  30  $tid = $pid = 0;
  31  $mybb->input['action'] = $mybb->get_input('action');
  32  $mybb->input['tid'] = $mybb->get_input('tid', MyBB::INPUT_INT);
  33  $mybb->input['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
  34  if($mybb->input['action'] == "editdraft" || ($mybb->get_input('savedraft') && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid']))
  35  {
  36      $thread = get_thread($mybb->input['tid']);
  37  
  38      $query = $db->simple_select("posts", "*", "tid='".$mybb->get_input('tid', MyBB::INPUT_INT)."' AND visible='-2'", array('order_by' => 'dateline', 'limit' => 1));
  39      $post = $db->fetch_array($query);
  40  
  41      if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])
  42      {
  43          error($lang->invalidthread);
  44      }
  45  
  46      $pid = $post['pid'];
  47      $fid = $thread['fid'];
  48      $tid = $thread['tid'];
  49      eval("\$editdraftpid = \"".$templates->get("newthread_draftinput")."\";");
  50  }
  51  else
  52  {
  53      $fid = $mybb->get_input('fid', MyBB::INPUT_INT);
  54      $editdraftpid = '';
  55  }
  56  
  57  // Fetch forum information.
  58  $forum = get_forum($fid);
  59  if(!$forum)
  60  {
  61      error($lang->error_invalidforum);
  62  }
  63  
  64  // Draw the navigation
  65  build_forum_breadcrumb($fid);
  66  add_breadcrumb($lang->nav_newthread);
  67  
  68  $forumpermissions = forum_permissions($fid);
  69  
  70  if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "")
  71  {
  72      error($lang->error_closedinvalidforum);
  73  }
  74  
  75  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0)
  76  {
  77      error_no_permission();
  78  }
  79  
  80  if($mybb->user['suspendposting'] == 1)
  81  {
  82      $suspendedpostingtype = $lang->error_suspendedposting_permanent;
  83      if($mybb->user['suspensiontime'])
  84      {
  85          $suspendedpostingtype = $lang->sprintf($lang->error_suspendedposting_temporal, my_date($mybb->settings['dateformat'], $mybb->user['suspensiontime']));
  86      }
  87  
  88      $lang->error_suspendedposting = $lang->sprintf($lang->error_suspendedposting, $suspendedpostingtype, my_date($mybb->settings['timeformat'], $mybb->user['suspensiontime']));
  89  
  90      error($lang->error_suspendedposting);
  91  }
  92  
  93  // Check if this forum is password protected and we have a valid password
  94  check_forum_password($forum['fid']);
  95  
  96  // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter.
  97  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
  98  {
  99      $codebuttons = build_mycode_inserter("message", $forum['allowsmilies']);
 100      if($forum['allowsmilies'] != 0)
 101      {
 102          $smilieinserter = build_clickable_smilies();
 103      }
 104  }
 105  
 106  // Does this forum allow post icons? If so, fetch the post icons.
 107  if($forum['allowpicons'] != 0)
 108  {
 109      $posticons = get_post_icons();
 110  }
 111  
 112  // If we have a currently logged in user then fetch the change user box.
 113  if($mybb->user['uid'] != 0)
 114  {
 115      $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
 116      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
 117  }
 118  
 119  // Otherwise we have a guest, determine the "username" and get the login box.
 120  else
 121  {
 122      if(!isset($mybb->input['previewpost']) && $mybb->input['action'] != "do_newthread")
 123      {
 124          $username = '';
 125      }
 126      else
 127      {
 128          $username = htmlspecialchars_uni($mybb->get_input('username'));
 129      }
 130      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 131  }
 132  
 133  // If we're not performing a new thread insert and not editing a draft then we're posting a new thread.
 134  if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft")
 135  {
 136      $mybb->input['action'] = "newthread";
 137  }
 138  
 139  // Previewing a post, overwrite the action to the new thread action.
 140  if(!empty($mybb->input['previewpost']))
 141  {
 142      $mybb->input['action'] = "newthread";
 143  }
 144  
 145  // Setup a unique posthash for attachment management
 146  if(!$mybb->get_input('posthash') && !$pid)
 147  {
 148      $mybb->input['posthash'] = md5($mybb->user['uid'].random_str());
 149  }
 150  
 151  if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == 1)
 152  {
 153      error($lang->error_cannot_upload_php_post);
 154  }
 155  
 156  $errors = array();
 157  $maximageserror = $attacherror = '';
 158  
 159  // Handle attachments if we've got any.
 160  if($mybb->settings['enableattachments'] == 1 && !$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ($mybb->input['action'] == "do_newthread" && $mybb->get_input('submit') && $_FILES['attachment'])))
 161  {
 162      // Verify incoming POST request
 163      verify_post_check($mybb->get_input('my_post_key'));
 164  
 165      if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 166      {
 167          $attachwhere = "pid='{$pid}'";
 168      }
 169      else
 170      {
 171          $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 172      }
 173  
 174      // If there's an attachment, check it and upload it
 175      if($forumpermissions['canpostattachments'] != 0)
 176      {
 177          if(!empty($_FILES['attachment']['name']) && !empty($_FILES['attachment']['type']))
 178          {
 179              if($_FILES['attachment']['size'] > 0)
 180              {
 181                  $query = $db->simple_select("attachments", "aid", "filename='".$db->escape_string($_FILES['attachment']['name'])."' AND {$attachwhere}");
 182                  $updateattach = $db->fetch_field($query, "aid");
 183  
 184                  require_once  MYBB_ROOT."inc/functions_upload.php";
 185  
 186                  $update_attachment = false;
 187                  if($updateattach > 0 && $mybb->get_input('updateattachment'))
 188                  {
 189                      $update_attachment = true;
 190                  }
 191                  $attachedfile = upload_attachment($_FILES['attachment'], $update_attachment);
 192              }
 193              else
 194              {
 195                  $errors[] = $lang->error_uploadempty;
 196                  $mybb->input['action'] = "newthread";
 197              }
 198          }
 199      }
 200  
 201      // Error with attachments - should use new inline errors?
 202      if(!empty($attachedfile['error']))
 203      {
 204          $errors[] = $attachedfile['error'];
 205          $mybb->input['action'] = "newthread";
 206      }
 207  
 208      // If we were dealing with an attachment but didn't click 'Post Thread', force the new thread page again.
 209      if(!$mybb->get_input('submit'))
 210      {
 211          //$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />";
 212          $mybb->input['action'] = "newthread";
 213      }
 214  }
 215  
 216  // Are we removing an attachment from the thread?
 217  if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && $mybb->get_input('attachmentact') == "remove")
 218  {
 219      // Verify incoming POST request
 220      verify_post_check($mybb->get_input('my_post_key'));
 221  
 222      require_once  MYBB_ROOT."inc/functions_upload.php";
 223      remove_attachment($pid, $mybb->get_input('posthash'), $mybb->get_input('attachmentaid', MyBB::INPUT_INT));
 224      if(!$mybb->get_input('submit'))
 225      {
 226          $mybb->input['action'] = "newthread";
 227      }
 228  }
 229  
 230  $thread_errors = "";
 231  $hide_captcha = false;
 232  
 233  // Check the maximum posts per day for this user
 234  if($mybb->usergroup['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1)
 235  {
 236      $daycut = TIME_NOW-60*60*24;
 237      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}");
 238      $post_count = $db->fetch_field($query, "posts_today");
 239      if($post_count >= $mybb->usergroup['maxposts'])
 240      {
 241          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->usergroup['maxposts']);
 242          error($lang->error_maxposts);
 243      }
 244  }
 245  
 246  // Performing the posting of a new thread.
 247  if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post")
 248  {
 249      // Verify incoming POST request
 250      verify_post_check($mybb->get_input('my_post_key'));
 251  
 252      $plugins->run_hooks("newthread_do_newthread_start");
 253  
 254      // If this isn't a logged in user, then we need to do some special validation.
 255      if($mybb->user['uid'] == 0)
 256      {
 257          // If they didn't specify a username then give them "Guest"
 258          if(!$mybb->get_input('username'))
 259          {
 260              $username = $lang->guest;
 261          }
 262          // Otherwise use the name they specified.
 263          else
 264          {
 265              $username = $mybb->get_input('username');
 266          }
 267          $uid = 0;
 268  
 269          if(!$mybb->user['uid'] && $mybb->settings['stopforumspam_on_newthread'])
 270          {
 271              require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 272  
 273              $stop_forum_spam_checker = new StopForumSpamChecker(
 274                  $plugins,
 275                  $mybb->settings['stopforumspam_min_weighting_before_spam'],
 276                  $mybb->settings['stopforumspam_check_usernames'],
 277                  $mybb->settings['stopforumspam_check_emails'],
 278                  $mybb->settings['stopforumspam_check_ips'],
 279                  $mybb->settings['stopforumspam_log_blocks']
 280              );
 281  
 282              try {
 283                  if($stop_forum_spam_checker->is_user_a_spammer($mybb->get_input('username'), '', get_ip()))
 284                  {
 285                      $errors[] = $lang->sprintf($lang->error_stop_forum_spam_spammer,
 286                          $stop_forum_spam_checker->getErrorText(array(
 287                              'stopforumspam_check_usernames',
 288                              'stopforumspam_check_ips'
 289                              )));
 290                  }
 291              }
 292              catch (Exception $e)
 293              {
 294                  if($mybb->settings['stopforumspam_block_on_error'])
 295                  {
 296                      $errors[] = $lang->error_stop_forum_spam_fetching;
 297                  }
 298              }
 299          }
 300      }
 301      // This user is logged in.
 302      else
 303      {
 304          $username = $mybb->user['username'];
 305          $uid = $mybb->user['uid'];
 306      }
 307  
 308      // Attempt to see if this post is a duplicate or not
 309      if($uid > 0)
 310      {
 311          $user_check = "p.uid='{$uid}'";
 312      }
 313      else
 314      {
 315          $user_check = "p.ipaddress=".$db->escape_binary($session->packedip);
 316      }
 317      if(!$mybb->get_input('savedraft') && !$pid)
 318      {
 319          $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->get_input('subject'))."' AND p.message='".$db->escape_string($mybb->get_input('message'))."' AND p.dateline>".(TIME_NOW-600));
 320          $duplicate_check = $db->fetch_field($query, "pid");
 321          if($duplicate_check)
 322          {
 323              error($lang->error_post_already_submitted);
 324          }
 325      }
 326  
 327      // Set up posthandler.
 328      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 329      $posthandler = new PostDataHandler("insert");
 330      $posthandler->action = "thread";
 331  
 332      // Set the thread data that came from the input to the $thread array.
 333      $new_thread = array(
 334          "fid" => $forum['fid'],
 335          "subject" => $mybb->get_input('subject'),
 336          "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 337          "icon" => $mybb->get_input('icon', MyBB::INPUT_INT),
 338          "uid" => $uid,
 339          "username" => $username,
 340          "message" => $mybb->get_input('message'),
 341          "ipaddress" => $session->packedip,
 342          "posthash" => $mybb->get_input('posthash')
 343      );
 344  
 345      if($pid != '')
 346      {
 347          $new_thread['pid'] = $pid;
 348      }
 349  
 350      // Are we saving a draft thread?
 351      if($mybb->get_input('savedraft') && $mybb->user['uid'])
 352      {
 353          $new_thread['savedraft'] = 1;
 354      }
 355      else
 356      {
 357          $new_thread['savedraft'] = 0;
 358      }
 359  
 360      // Is this thread already a draft and we're updating it?
 361      if(isset($thread['tid']) && $thread['visible'] == -2)
 362      {
 363          $new_thread['tid'] = $thread['tid'];
 364      }
 365  
 366      $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 367      if(!isset($postoptions['signature']))
 368      {
 369          $postoptions['signature'] = 0;
 370      }
 371      if(!isset($postoptions['subscriptionmethod']))
 372      {
 373          $postoptions['subscriptionmethod'] = 0;
 374      }
 375      if(!isset($postoptions['disablesmilies']))
 376      {
 377          $postoptions['disablesmilies'] = 0;
 378      }
 379  
 380      // Set up the thread options from the input.
 381      $new_thread['options'] = array(
 382          "signature" => $postoptions['signature'],
 383          "subscriptionmethod" => $postoptions['subscriptionmethod'],
 384          "disablesmilies" => $postoptions['disablesmilies']
 385      );
 386  
 387      // Apply moderation options if we have them
 388      $new_thread['modoptions'] = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 389  
 390      $posthandler->set_data($new_thread);
 391  
 392      // Now let the post handler do all the hard work.
 393      $valid_thread = $posthandler->validate_thread();
 394  
 395      $post_errors = array();
 396      // Fetch friendly error messages if this is an invalid thread
 397      if(!$valid_thread)
 398      {
 399          $post_errors = $posthandler->get_friendly_errors();
 400      }
 401  
 402      // Check captcha image
 403      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 404      {
 405          require_once  MYBB_ROOT.'inc/class_captcha.php';
 406          $post_captcha = new captcha;
 407  
 408          if($post_captcha->validate_captcha() == false)
 409          {
 410              // CAPTCHA validation failed
 411              foreach($post_captcha->get_errors() as $error)
 412              {
 413                  $post_errors[] = $error;
 414              }
 415          }
 416          else
 417          {
 418              $hide_captcha = true;
 419          }
 420      }
 421  
 422      // One or more errors returned, fetch error list and throw to newthread page
 423      if(count($post_errors) > 0)
 424      {
 425          $thread_errors = inline_error($post_errors);
 426          $mybb->input['action'] = "newthread";
 427      }
 428      // No errors were found, it is safe to insert the thread.
 429      else
 430      {
 431          $thread_info = $posthandler->insert_thread();
 432          $tid = $thread_info['tid'];
 433          $visible = $thread_info['visible'];
 434  
 435          // Invalidate solved captcha
 436          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 437          {
 438              $post_captcha->invalidate_captcha();
 439          }
 440  
 441          $force_redirect = false;
 442  
 443          // Mark thread as read
 444          require_once  MYBB_ROOT."inc/functions_indicators.php";
 445          mark_thread_read($tid, $fid);
 446  
 447          // We were updating a draft thread, send them back to the draft listing.
 448          if($new_thread['savedraft'] == 1)
 449          {
 450              $lang->redirect_newthread = $lang->draft_saved;
 451              $url = "usercp.php?action=drafts";
 452          }
 453  
 454          // A poll was being posted with this thread, throw them to poll posting page.
 455          else if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls'])
 456          {
 457              $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 458              $lang->redirect_newthread .= $lang->redirect_newthread_poll;
 459          }
 460  
 461          // This thread is stuck in the moderation queue, send them back to the forum.
 462          else if(!$visible)
 463          {
 464              // Moderated thread
 465              $lang->redirect_newthread .= $lang->redirect_newthread_moderation;
 466              $url = get_forum_link($fid);
 467  
 468              // User must see moderation notice, regardless of redirect settings
 469              $force_redirect = true;
 470          }
 471  
 472          // The thread is being made in a forum the user cannot see threads in, send them back to the forum.
 473          else if($visible == 1 && $forumpermissions['canviewthreads'] != 1)
 474          {
 475              $lang->redirect_newthread .= $lang->redirect_newthread_unviewable;
 476              $url = get_forum_link($fid);
 477  
 478              // User must see permission notice, regardless of redirect settings
 479              $force_redirect = true;
 480          }
 481  
 482          // This is just a normal thread - send them to it.
 483          else
 484          {
 485              // Visible thread
 486              $lang->redirect_newthread .= $lang->redirect_newthread_thread;
 487              $url = get_thread_link($tid);
 488          }
 489  
 490          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 491          if(isset($mybb->input['quoted_ids']) && isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 492          {
 493              // We quoted all posts - remove the entire cookie
 494              if($mybb->get_input('quoted_ids') == "all")
 495              {
 496                  my_unsetcookie("multiquote");
 497              }
 498          }
 499  
 500          $plugins->run_hooks("newthread_do_newthread_end");
 501  
 502          // Hop to it! Send them to the next page.
 503          if(!$mybb->get_input('postpoll', MyBB::INPUT_INT))
 504          {
 505              $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 506          }
 507          redirect($url, $lang->redirect_newthread, "", $force_redirect);
 508      }
 509  }
 510  
 511  if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft")
 512  {
 513      $plugins->run_hooks("newthread_start");
 514  
 515      // Do we have attachment errors?
 516      if(count($errors) > 0)
 517      {
 518          $thread_errors = inline_error($errors);
 519      }
 520  
 521      $multiquote_external = $quoted_ids = '';
 522  
 523      $subject = $message = '';
 524      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 525      if(empty($mybb->input['previewpost']) && !$thread_errors && $mybb->input['action'] != "editdraft")
 526      {
 527          $quoted_posts = array();
 528          // Handle multiquote
 529          if(isset($mybb->cookies['multiquote']) && $mybb->settings['multiquote'] != 0)
 530          {
 531              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 532              foreach($multiquoted as $post)
 533              {
 534                  $quoted_posts[$post] = (int)$post;
 535              }
 536          }
 537  
 538          // Quoting more than one post - fetch them
 539          if(count($quoted_posts) > 0)
 540          {
 541              $external_quotes = 0;
 542              $quoted_posts = implode(",", $quoted_posts);
 543              $unviewable_forums = get_unviewable_forums();
 544              $inactiveforums = get_inactive_forums();
 545              if($unviewable_forums)
 546              {
 547                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 548              }
 549              if($inactiveforums)
 550              {
 551                  $inactiveforums = "AND t.fid NOT IN ({$inactiveforums})";
 552              }
 553  
 554              if(is_moderator($fid))
 555              {
 556                  $visible_where = "AND p.visible != 2";
 557              }
 558              else
 559              {
 560                  $visible_where = "AND p.visible > 0";
 561              }
 562  
 563              // Check group permissions if we can't view threads not started by us
 564              $group_permissions = forum_permissions();
 565              $onlyusfids = array();
 566              $onlyusforums = '';
 567              foreach($group_permissions as $gpfid => $forum_permissions)
 568              {
 569                  if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
 570                  {
 571                      $onlyusfids[] = $gpfid;
 572                  }
 573              }
 574              if(!empty($onlyusfids))
 575              {
 576                  $onlyusforums = "AND ((t.fid IN(".implode(',', $onlyusfids).") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(".implode(',', $onlyusfids)."))";
 577              }
 578  
 579              if($mybb->get_input('load_all_quotes', MyBB::INPUT_INT) == 1)
 580              {
 581                  $query = $db->query("
 582                      SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 583                      FROM ".TABLE_PREFIX."posts p
 584                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 585                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 586                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 587                      ORDER BY p.dateline
 588                  ");
 589                  while($quoted_post = $db->fetch_array($query))
 590                  {
 591                      if($quoted_post['userusername'])
 592                      {
 593                          $quoted_post['username'] = $quoted_post['userusername'];
 594                      }
 595                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
 596                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
 597                      $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
 598                      $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n";
 599                  }
 600  
 601                  $quoted_ids = "all";
 602              }
 603              else
 604              {
 605                  $query = $db->query("
 606                      SELECT COUNT(*) AS quotes
 607                      FROM ".TABLE_PREFIX."posts p
 608                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 609                      WHERE p.pid IN ({$quoted_posts}) {$unviewable_forums} {$inactiveforums} {$onlyusforums} {$visible_where}
 610                  ");
 611                  $external_quotes = $db->fetch_field($query, 'quotes');
 612  
 613                  if($external_quotes > 0)
 614                  {
 615                      if($external_quotes == 1)
 616                      {
 617                          $multiquote_text = $lang->multiquote_external_one;
 618                          $multiquote_deselect = $lang->multiquote_external_one_deselect;
 619                          $multiquote_quote = $lang->multiquote_external_one_quote;
 620                      }
 621                      else
 622                      {
 623                          $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 624                          $multiquote_deselect = $lang->multiquote_external_deselect;
 625                          $multiquote_quote = $lang->multiquote_external_quote;
 626                      }
 627                      eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";");
 628                  }
 629              }
 630          }
 631      }
 632  
 633      if(isset($mybb->input['quoted_ids']))
 634      {
 635          $quoted_ids = htmlspecialchars_uni($mybb->get_input('quoted_ids'));
 636      }
 637  
 638      $postoptionschecked = array('signature' => '', 'disablesmilies' => '');
 639      $postoptions_subscriptionmethod_dont = $postoptions_subscriptionmethod_none = $postoptions_subscriptionmethod_email = $postoptions_subscriptionmethod_pm = '';
 640      $postpollchecked = '';
 641  
 642      // Check the various post options if we're
 643      // a -> previewing a post
 644      // b -> removing an attachment
 645      // c -> adding a new attachment
 646      // d -> have errors from posting
 647  
 648      if(!empty($mybb->input['previewpost']) || $mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 649      {
 650          $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 651          if(isset($postoptions['signature']) && $postoptions['signature'] == 1)
 652          {
 653              $postoptionschecked['signature'] = " checked=\"checked\"";
 654          }
 655          if(isset($postoptions['subscriptionmethod']) && $postoptions['subscriptionmethod'] == "none")
 656          {
 657              $postoptions_subscriptionmethod_none = "checked=\"checked\"";
 658          }
 659          else if(isset($postoptions['subscriptionmethod']) && $postoptions['subscriptionmethod'] == "email")
 660          {
 661              $postoptions_subscriptionmethod_email = "checked=\"checked\"";
 662          }
 663          else if(isset($postoptions['subscriptionmethod']) && $postoptions['subscriptionmethod'] == "pm")
 664          {
 665              $postoptions_subscriptionmethod_pm = "checked=\"checked\"";
 666          }
 667          else
 668          {
 669              $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
 670          }
 671          if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1)
 672          {
 673              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 674          }
 675          if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1)
 676          {
 677              $postpollchecked = "checked=\"checked\"";
 678          }
 679          $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT);
 680      }
 681  
 682      // Editing a draft thread
 683      else if($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 684      {
 685          $mybb->input['threadprefix'] = $thread['prefix'];
 686          $message = htmlspecialchars_uni($post['message']);
 687          $subject = htmlspecialchars_uni($post['subject']);
 688          if($post['includesig'] != 0)
 689          {
 690              $postoptionschecked['signature'] = " checked=\"checked\"";
 691          }
 692          if($post['smilieoff'] == 1)
 693          {
 694              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 695          }
 696          $icon = $post['icon'];
 697          if($forum['allowpicons'] != 0)
 698          {
 699              $posticons = get_post_icons();
 700          }
 701          if($postoptions['subscriptionmethod'] == "none")
 702          {
 703              $postoptions_subscriptionmethod_none = "checked=\"checked\"";
 704          }
 705          else if($postoptions['subscriptionmethod'] == "email")
 706          {
 707              $postoptions_subscriptionmethod_email = "checked=\"checked\"";
 708          }
 709          else if($postoptions['subscriptionmethod'] == "pm")
 710          {
 711              $postoptions_subscriptionmethod_pm = "checked=\"checked\"";
 712          }
 713          else
 714          {
 715              $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
 716          }
 717      }
 718  
 719      // Otherwise, this is our initial visit to this page.
 720      else
 721      {
 722          if($mybb->user['signature'] != '')
 723          {
 724              $postoptionschecked['signature'] = " checked=\"checked\"";
 725          }
 726          if($mybb->user['subscriptionmethod'] ==  1)
 727          {
 728              $postoptions_subscriptionmethod_none = "checked=\"checked\"";
 729          }
 730          else if($mybb->user['subscriptionmethod'] == 2)
 731          {
 732              $postoptions_subscriptionmethod_email = "checked=\"checked\"";
 733          }
 734          else if($mybb->user['subscriptionmethod'] == 3)
 735          {
 736              $postoptions_subscriptionmethod_pm = "checked=\"checked\"";
 737          }
 738          else
 739          {
 740              $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
 741          }
 742          $numpolloptions = "2";
 743      }
 744  
 745      $preview = '';
 746  
 747      // If we're preving a post then generate the preview.
 748      if(!empty($mybb->input['previewpost']))
 749      {
 750          // If this isn't a logged in user, then we need to do some special validation.
 751          if($mybb->user['uid'] == 0)
 752          {
 753              // If they didn't specify a username then give them "Guest"
 754              if(!$mybb->get_input('username'))
 755              {
 756                  $username = $lang->guest;
 757              }
 758              // Otherwise use the name they specified.
 759              else
 760              {
 761                  $username = $mybb->get_input('username');
 762              }
 763              $uid = 0;
 764          }
 765          // This user is logged in.
 766          else
 767          {
 768              $username = $mybb->user['username'];
 769              $uid = $mybb->user['uid'];
 770          }
 771  
 772          // Set up posthandler.
 773          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 774          $posthandler = new PostDataHandler("insert");
 775          $posthandler->action = "thread";
 776  
 777          // Set the thread data that came from the input to the $thread array.
 778          $new_thread = array(
 779              "fid" => $forum['fid'],
 780              "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT),
 781              "subject" => $mybb->get_input('subject'),
 782              "icon" => $mybb->get_input('icon'),
 783              "uid" => $uid,
 784              "username" => $username,
 785              "message" => $mybb->get_input('message'),
 786              "ipaddress" => $session->packedip,
 787              "posthash" => $mybb->get_input('posthash')
 788          );
 789  
 790          if($pid != '')
 791          {
 792              $new_thread['pid'] = $pid;
 793          }
 794  
 795          $posthandler->set_data($new_thread);
 796  
 797          // Now let the post handler do all the hard work.
 798          $valid_thread = $posthandler->verify_message();
 799          $valid_subject = $posthandler->verify_subject();
 800  
 801          // guest post --> verify author
 802          if($new_thread['uid'] == 0)
 803          {
 804              $valid_username = $posthandler->verify_author();
 805          }
 806          else
 807          {
 808              $valid_username = true;
 809          }
 810          
 811          $post_errors = array();
 812          // Fetch friendly error messages if this is an invalid post
 813          if(!$valid_thread || !$valid_subject || !$valid_username)
 814          {
 815              $post_errors = $posthandler->get_friendly_errors();
 816          }
 817  
 818          // One or more errors returned, fetch error list and throw to newreply page
 819          if(count($post_errors) > 0)
 820          {
 821              $thread_errors = inline_error($post_errors);
 822          }
 823          else
 824          {
 825              if(empty($mybb->input['username']))
 826              {
 827                  $mybb->input['username'] = $lang->guest;
 828              }
 829              $query = $db->query("
 830                  SELECT u.*, f.*
 831                  FROM ".TABLE_PREFIX."users u
 832                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 833                  WHERE u.uid='".$mybb->user['uid']."'
 834              ");
 835              $post = $db->fetch_array($query);
 836              if(!$mybb->user['uid'] || !$post['username'])
 837              {
 838                  $post['username'] = htmlspecialchars_uni($mybb->get_input('username'));
 839              }
 840              else
 841              {
 842                  $post['userusername'] = $mybb->user['username'];
 843                  $post['username'] = $mybb->user['username'];
 844              }
 845              $previewmessage = $mybb->get_input('message');
 846              $post['message'] = $previewmessage;
 847              $post['subject'] = $mybb->get_input('subject');
 848              $post['icon'] = $mybb->get_input('icon', MyBB::INPUT_INT);
 849              $mybb->input['postoptions'] = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY);
 850              if(isset($mybb->input['postoptions']['disablesmilies']))
 851              {
 852                  $post['smilieoff'] = $mybb->input['postoptions']['disablesmilies'];
 853              }
 854              $post['dateline'] = TIME_NOW;
 855              if(isset($mybb->input['postoptions']['signature']))
 856              {
 857                  $post['includesig'] = $mybb->input['postoptions']['signature'];
 858              }
 859              if(!isset($post['includesig']) || $post['includesig'] != 1)
 860              {
 861                  $post['includesig'] = 0;
 862              }
 863  
 864              // Fetch attachments assigned to this post
 865              if($mybb->get_input('pid', MyBB::INPUT_INT))
 866              {
 867                  $attachwhere = "pid='".$mybb->get_input('pid', MyBB::INPUT_INT)."'";
 868              }
 869              else
 870              {
 871                  $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'";
 872              }
 873  
 874              $query = $db->simple_select("attachments", "*", $attachwhere);
 875              while($attachment = $db->fetch_array($query))
 876              {
 877                  $attachcache[0][$attachment['aid']] = $attachment;
 878              }
 879  
 880              $postbit = build_postbit($post, 1);
 881              eval("\$preview = \"".$templates->get("previewpost")."\";");
 882          }
 883          $message = htmlspecialchars_uni($mybb->get_input('message'));
 884          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 885      }
 886  
 887      // Removing an attachment or adding a new one, or showing thread errors.
 888      else if($mybb->get_input('attachmentaid', MyBB::INPUT_INT) || $mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || $thread_errors)
 889      {
 890          $message = htmlspecialchars_uni($mybb->get_input('message'));
 891          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
 892      }
 893  
 894      // Generate thread prefix selector
 895      if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT))
 896      {
 897          $mybb->input['threadprefix'] = 0;
 898      }
 899  
 900      $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT));
 901  
 902      $posthash = htmlspecialchars_uni($mybb->get_input('posthash'));
 903  
 904      // Hide signature option if no permission
 905      $signature = '';
 906      if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature'])
 907      {
 908          eval("\$signature = \"".$templates->get('newthread_signature')."\";");
 909      }
 910  
 911      // Can we disable smilies or are they disabled already?
 912      $disablesmilies = '';
 913      if($forum['allowsmilies'] != 0)
 914      {
 915          eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";");
 916      }
 917  
 918      $postoptions = '';
 919      if(!empty($signature) || !empty($disablesmilies))
 920      {
 921          eval("\$postoptions = \"".$templates->get("newthread_postoptions")."\";");
 922          $bgcolor = "trow2";
 923          $bgcolor2 = "trow1";
 924      }
 925      else
 926      {
 927          $bgcolor = "trow1";
 928          $bgcolor2 = "trow2";
 929      }
 930  
 931      $modoptions = '';
 932      // Show the moderator options
 933      if(is_moderator($fid))
 934      {
 935          $modoptions = $mybb->get_input('modoptions', MyBB::INPUT_ARRAY);
 936          if(isset($modoptions['closethread']) && $modoptions['closethread'] == 1)
 937          {
 938              $closecheck = "checked=\"checked\"";
 939          }
 940          else
 941          {
 942              $closecheck = '';
 943          }
 944          if(isset($modoptions['stickthread']) && $modoptions['stickthread'] == 1)
 945          {
 946              $stickycheck = "checked=\"checked\"";
 947          }
 948          else
 949          {
 950              $stickycheck = '';
 951          }
 952  
 953          $closeoption = '';
 954          if(is_moderator($thread['fid'], "canopenclosethreads"))
 955          {
 956              eval("\$closeoption = \"".$templates->get("newreply_modoptions_close")."\";");
 957          }
 958  
 959          $stickoption = '';
 960          if(is_moderator($thread['fid'], "canstickunstickthreads"))
 961          {
 962              eval("\$stickoption = \"".$templates->get("newreply_modoptions_stick")."\";");
 963          }
 964  
 965          if(!empty($closeoption) || !empty($stickoption))
 966          {
 967              eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
 968              $bgcolor = "trow1";
 969              $bgcolor2 = "trow2";
 970          }
 971          else
 972          {
 973              $bgcolor = "trow2";
 974              $bgcolor2 = "trow1";
 975          }
 976      }
 977      else
 978      {
 979          $bgcolor = "trow2";
 980          $bgcolor2 = "trow1";
 981      }
 982  
 983      // Fetch subscription select box
 984      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
 985  
 986      if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0)
 987      { // Get a listing of the current attachments, if there are any
 988          $attachcount = 0;
 989          if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 990          {
 991              $attachwhere = "pid='$pid'";
 992          }
 993          else
 994          {
 995              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
 996          }
 997          $query = $db->simple_select("attachments", "*", $attachwhere);
 998          $attachments = '';
 999          while($attachment = $db->fetch_array($query))
1000          {
1001              $attachment['size'] = get_friendly_size($attachment['filesize']);
1002              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
1003              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
1004  
1005              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
1006              {
1007                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
1008              }
1009  
1010              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
1011  
1012              $attach_mod_options = '';
1013              if($attachment['visible'] != 1)
1014              {
1015                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
1016              }
1017              else
1018              {
1019                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
1020              }
1021              $attachcount++;
1022          }
1023          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
1024          $usage = $db->fetch_array($query);
1025          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
1026          {
1027              $noshowattach = 1;
1028          }
1029          if($mybb->usergroup['attachquota'] == 0)
1030          {
1031              $friendlyquota = $lang->unlimited;
1032          }
1033          else
1034          {
1035              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
1036          }
1037          $friendlyusage = get_friendly_size($usage['ausage']);
1038          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyusage, $friendlyquota);
1039          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !isset($noshowattach))
1040          {
1041              eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";");
1042          }
1043  
1044          if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0)
1045          {
1046              eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
1047          }
1048  
1049          if($attach_add_options || $attach_update_options)
1050          {
1051              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
1052          }
1053          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
1054  
1055          $bgcolor = alt_trow();
1056      }
1057  
1058      if($mybb->user['uid'])
1059      {
1060          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
1061      }
1062  
1063      $captcha = '';
1064  
1065      // Show captcha image for guests if enabled
1066      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
1067      {
1068          $correct = false;
1069          require_once  MYBB_ROOT.'inc/class_captcha.php';
1070          $post_captcha = new captcha(false, "post_captcha");
1071  
1072          if((!empty($mybb->input['previewpost']) || $hide_captcha == true) && $post_captcha->type == 1)
1073          {
1074              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
1075              // ... but only if it's a default one, reCAPTCHA and Are You a Human must be filled in every time due to draconian limits
1076              if($post_captcha->validate_captcha() == true)
1077              {
1078                  $correct = true;
1079  
1080                  // Generate a hidden list of items for our captcha
1081                  $captcha = $post_captcha->build_hidden_captcha();
1082              }
1083          }
1084  
1085          if(!$correct)
1086          {
1087               if($post_captcha->type == 1)
1088              {
1089                  $post_captcha->build_captcha();
1090              }
1091              elseif($post_captcha->type == 2 || $post_captcha->type == 4)
1092              {
1093                  $post_captcha->build_recaptcha();
1094              }
1095  
1096              if($post_captcha->html)
1097              {
1098                  $captcha = $post_captcha->html;
1099              }
1100          }
1101          else if($correct && ($post_captcha->type == 2 || $post_captcha->type == 4))
1102          {
1103              $post_captcha->build_recaptcha();
1104  
1105              if($post_captcha->html)
1106              {
1107                  $captcha = $post_captcha->html;
1108              }
1109          }
1110      }
1111  
1112      if($forumpermissions['canpostpolls'] != 0)
1113      {
1114          $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
1115          eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
1116      }
1117  
1118      // Do we have any forum rules to show for this forum?
1119      $forumrules = '';
1120      if($forum['rulestype'] >= 2 && $forum['rules'])
1121      {
1122          if(!$forum['rulestitle'])
1123          {
1124              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
1125          }
1126  
1127          if(!$parser)
1128          {
1129              require_once  MYBB_ROOT.'inc/class_parser.php';
1130              $parser = new postParser;
1131          }
1132  
1133          $rules_parser = array(
1134              "allow_html" => 1,
1135              "allow_mycode" => 1,
1136              "allow_smilies" => 1,
1137              "allow_imgcode" => 1
1138          );
1139  
1140          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
1141          $foruminfo = $forum;
1142  
1143          if($forum['rulestype'] == 3)
1144          {
1145              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
1146          }
1147          else if($forum['rulestype'] == 2)
1148          {
1149              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
1150          }
1151      }
1152  
1153      $moderation_notice = '';
1154      if(!is_moderator($forum['fid'], "canapproveunapproveattachs"))
1155      {
1156          if($forumpermissions['modattachments'] == 1  && $forumpermissions['canpostattachments'] != 0)
1157          {
1158              $moderation_text = $lang->moderation_forum_attachments;
1159              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1160          }
1161      }
1162  
1163      if(!is_moderator($forum['fid'], "canapproveunapprovethreads"))
1164      {
1165          if($forumpermissions['modthreads'] == 1)
1166          {
1167              $moderation_text = $lang->moderation_forum_thread;
1168              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1169          }
1170      }
1171  
1172      if(!is_moderator($forum['fid'], "canapproveunapproveposts"))
1173      {
1174          if($mybb->user['moderateposts'] == 1)
1175          {
1176              $moderation_text = $lang->moderation_user_posts;
1177              eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";');
1178          }
1179      }
1180  
1181      $plugins->run_hooks("newthread_end");
1182  
1183      $forum['name'] = strip_tags($forum['name']);
1184      $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']);
1185  
1186      eval("\$newthread = \"".$templates->get("newthread")."\";");
1187      output_page($newthread);
1188  }
1189  


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1