| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id: editpost.php 5568 2011-09-08 10:13:10Z Tomm $ 10 */ 11 12 define("IN_MYBB", 1); 13 define('THIS_SCRIPT', 'editpost.php'); 14 15 $templatelist = "editpost,previewpost,redirect_postedited,loginbox,posticons,changeuserbox,attachment,posticons,codebuttons,smilieinsert,post_attachments_attachment_postinsert,post_attachments_attachment_mod_approve,post_attachments_attachment_unapproved,post_attachments_attachment_mod_unapprove,post_attachments_attachment,post_attachments_new,post_attachments,newthread_postpoll,editpost_disablesmilies,post_subscription_method,post_attachments_attachment_remove"; 16 17 require_once "./global.php"; 18 require_once MYBB_ROOT."inc/functions_post.php"; 19 require_once MYBB_ROOT."inc/functions_upload.php"; 20 21 // Load global language phrases 22 $lang->load("editpost"); 23 24 $plugins->run_hooks("editpost_start"); 25 26 // No permission for guests 27 if(!$mybb->user['uid']) 28 { 29 error_no_permission(); 30 } 31 32 // Get post info 33 $pid = intval($mybb->input['pid']); 34 35 // if we already have the post information... 36 if(isset($style) && $style['pid'] == $pid && $style['type'] != 'f') 37 { 38 $post = &$style; 39 } 40 else 41 { 42 $query = $db->simple_select("posts", "*", "pid='$pid'"); 43 $post = $db->fetch_array($query); 44 } 45 46 if(!$post['pid']) 47 { 48 error($lang->error_invalidpost); 49 } 50 51 // Get thread info 52 $tid = $post['tid']; 53 $thread = get_thread($tid); 54 55 if(!$thread['tid']) 56 { 57 error($lang->error_invalidthread); 58 } 59 60 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 61 62 // Get forum info 63 $fid = $post['fid']; 64 $forum = get_forum($fid); 65 if(!$forum || $forum['type'] != "f") 66 { 67 error($lang->error_closedinvalidforum); 68 } 69 if($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) 70 { 71 error_no_permission(); 72 } 73 74 // Add prefix to breadcrumb 75 $query = $db->simple_select('threadprefixes', 'displaystyle', "pid='{$thread['prefix']}'"); 76 $breadcrumbprefix = $db->fetch_field($query, 'displaystyle'); 77 78 if($breadcrumbprefix) 79 { 80 $breadcrumbprefix .= ' '; 81 } 82 83 // Make navigation 84 build_forum_breadcrumb($fid); 85 add_breadcrumb($breadcrumbprefix.$thread['subject'], get_thread_link($thread['tid'])); 86 add_breadcrumb($lang->nav_editpost); 87 88 $forumpermissions = forum_permissions($fid); 89 90 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 91 { 92 $codebuttons = build_mycode_inserter(); 93 } 94 if($mybb->settings['smilieinserter'] != 0) 95 { 96 $smilieinserter = build_clickable_smilies(); 97 } 98 99 if(!$mybb->input['action'] || $mybb->input['previewpost']) 100 { 101 $mybb->input['action'] = "editpost"; 102 } 103 104 if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post") 105 { 106 if(!is_moderator($fid, "candeleteposts")) 107 { 108 if($thread['closed'] == 1) 109 { 110 error($lang->redirect_threadclosed); 111 } 112 if($forumpermissions['candeleteposts'] == 0) 113 { 114 error_no_permission(); 115 } 116 if($mybb->user['uid'] != $post['uid']) 117 { 118 error_no_permission(); 119 } 120 } 121 } 122 else 123 { 124 if(!is_moderator($fid, "caneditposts")) 125 { 126 if($thread['closed'] == 1) 127 { 128 error($lang->redirect_threadclosed); 129 } 130 if($forumpermissions['caneditposts'] == 0) 131 { 132 error_no_permission(); 133 } 134 if($mybb->user['uid'] != $post['uid']) 135 { 136 error_no_permission(); 137 } 138 // Edit time limit 139 $time = TIME_NOW; 140 if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < ($time-($mybb->settings['edittimelimit']*60))) 141 { 142 $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); 143 error($lang->edit_time_limit); 144 } 145 } 146 } 147 148 // Check if this forum is password protected and we have a valid password 149 check_forum_password($forum['fid']); 150 151 if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1') 152 { 153 error($lang->error_cannot_upload_php_post); 154 } 155 156 if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || $mybb->input['updateattachment'] || ($mybb->input['action'] == "do_editpost" && $mybb->input['submit'] && $_FILES['attachment']))) 157 { 158 // Verify incoming POST request 159 verify_post_check($mybb->input['my_post_key']); 160 161 if($mybb->input['posthash']) 162 { 163 $posthash_query = "posthash='".$db->escape_string($mybb->input['posthash'])."' OR "; 164 } 165 else 166 { 167 $posthash_query = ""; 168 } 169 $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", "{$posthash_query}pid='{$pid}'"); 170 $attachcount = $db->fetch_field($query, "numattachs"); 171 172 // If there's an attachment, check it and upload it 173 if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) 174 { 175 $update_attachment = false; 176 if($mybb->input['updateattachment'] && ($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments'])) 177 { 178 $update_attachment = true; 179 } 180 $attachedfile = upload_attachment($_FILES['attachment'], $update_attachment); 181 } 182 if($attachedfile['error']) 183 { 184 eval("\$attacherror = \"".$templates->get("error_attacherror")."\";"); 185 $mybb->input['action'] = "editpost"; 186 } 187 if(!$mybb->input['submit']) 188 { 189 $mybb->input['action'] = "editpost"; 190 } 191 } 192 193 if($mybb->input['attachmentaid'] && isset($mybb->input['attachmentact']) && $mybb->input['action'] == "do_editpost" && $mybb->request_method == "post") // Lets remove/approve/unapprove the attachment 194 { 195 // Verify incoming POST request 196 verify_post_check($mybb->input['my_post_key']); 197 198 $mybb->input['attachmentaid'] = intval($mybb->input['attachmentaid']); 199 if($mybb->input['attachmentact'] == "remove") 200 { 201 remove_attachment($pid, "", $mybb->input['attachmentaid']); 202 } 203 elseif($mybb->input['attachmentact'] == "approve" && is_moderator($fid, 'caneditposts')) 204 { 205 $update_sql = array("visible" => 1); 206 $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'"); 207 } 208 elseif($mybb->input['attachmentact'] == "unapprove" && is_moderator($fid, 'caneditposts')) 209 { 210 $update_sql = array("visible" => 0); 211 $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'"); 212 } 213 if(!$mybb->input['submit']) 214 { 215 $mybb->input['action'] = "editpost"; 216 } 217 } 218 219 if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post") 220 { 221 // Verify incoming POST request 222 verify_post_check($mybb->input['my_post_key']); 223 224 $plugins->run_hooks("editpost_deletepost"); 225 226 if($mybb->input['delete'] == 1) 227 { 228 $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc")); 229 $firstcheck = $db->fetch_array($query); 230 if($firstcheck['pid'] == $pid) 231 { 232 $firstpost = 1; 233 } 234 else 235 { 236 $firstpost = 0; 237 } 238 239 $modlogdata['fid'] = $fid; 240 $modlogdata['tid'] = $tid; 241 if($firstpost) 242 { 243 if($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads")) 244 { 245 delete_thread($tid); 246 mark_reports($tid, "thread"); 247 log_moderator_action($modlogdata, $lang->thread_deleted); 248 redirect(get_forum_link($fid), $lang->redirect_threaddeleted); 249 } 250 else 251 { 252 error_no_permission(); 253 } 254 } 255 else 256 { 257 if($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts")) 258 { 259 // Select the first post before this 260 delete_post($pid, $tid); 261 mark_reports($pid, "post"); 262 log_moderator_action($modlogdata, $lang->post_deleted); 263 $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND dateline <= '{$post['dateline']}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "desc")); 264 $next_post = $db->fetch_array($query); 265 if($next_post['pid']) 266 { 267 $redirect = get_post_link($next_post['pid'], $tid)."#pid{$next_post['pid']}"; 268 } 269 else 270 { 271 $redirect = get_thread_link($tid); 272 } 273 redirect($redirect, $lang->redirect_postdeleted); 274 } 275 else 276 { 277 error_no_permission(); 278 } 279 } 280 } 281 else 282 { 283 error($lang->redirect_nodelete); 284 } 285 } 286 287 if($mybb->input['action'] == "do_editpost" && $mybb->request_method == "post") 288 { 289 // Verify incoming POST request 290 verify_post_check($mybb->input['my_post_key']); 291 292 $plugins->run_hooks("editpost_do_editpost_start"); 293 294 // Set up posthandler. 295 require_once MYBB_ROOT."inc/datahandlers/post.php"; 296 $posthandler = new PostDataHandler("update"); 297 $posthandler->action = "post"; 298 299 // Set the post data that came from the input to the $post array. 300 $post = array( 301 "pid" => $mybb->input['pid'], 302 "prefix" => $mybb->input['threadprefix'], 303 "subject" => $mybb->input['subject'], 304 "icon" => $mybb->input['icon'], 305 "uid" => $mybb->user['uid'], 306 "username" => $mybb->user['username'], 307 "edit_uid" => $mybb->user['uid'], 308 "message" => $mybb->input['message'], 309 ); 310 311 // Set up the post options from the input. 312 $post['options'] = array( 313 "signature" => $mybb->input['postoptions']['signature'], 314 "subscriptionmethod" => $mybb->input['postoptions']['subscriptionmethod'], 315 "disablesmilies" => $mybb->input['postoptions']['disablesmilies'] 316 ); 317 318 $posthandler->set_data($post); 319 320 // Now let the post handler do all the hard work. 321 if(!$posthandler->validate_post()) 322 { 323 $post_errors = $posthandler->get_friendly_errors(); 324 $post_errors = inline_error($post_errors); 325 $mybb->input['action'] = "editpost"; 326 } 327 // No errors were found, we can call the update method. 328 else 329 { 330 $postinfo = $posthandler->update_post(); 331 $visible = $postinfo['visible']; 332 $first_post = $postinfo['first_post']; 333 334 // Help keep our attachments table clean. 335 $db->delete_query("attachments", "filename='' OR filesize<1"); 336 337 // Did the user choose to post a poll? Redirect them to the poll posting page. 338 if($mybb->input['postpoll'] && $forumpermissions['canpostpolls']) 339 { 340 $url = "polls.php?action=newpoll&tid=$tid&polloptions=".intval($mybb->input['numpolloptions']); 341 $lang->redirect_postedited = $lang->redirect_postedited_poll; 342 } 343 else if($visible == 0 && $first_post && !is_moderator($fid, "", $mybb->user['uid'])) 344 { 345 // Moderated post 346 $lang->redirect_postedited .= $lang->redirect_thread_moderation; 347 $url = get_forum_link($fid); 348 } 349 else if($visible == 0 && !is_moderator($fid, "", $mybb->user['uid'])) 350 { 351 $lang->redirect_postedited .= $lang->redirect_post_moderation; 352 $url = get_thread_link($tid); 353 } 354 // Otherwise, send them back to their post 355 else 356 { 357 $lang->redirect_postedited .= $lang->redirect_postedited_redirect; 358 $url = get_post_link($pid, $tid)."#pid{$pid}"; 359 } 360 $plugins->run_hooks("editpost_do_editpost_end"); 361 362 redirect($url, $lang->redirect_postedited); 363 } 364 } 365 366 if(!$mybb->input['action'] || $mybb->input['action'] == "editpost") 367 { 368 $plugins->run_hooks("editpost_action_start"); 369 370 if(!$mybb->input['previewpost']) 371 { 372 $icon = $post['icon']; 373 } 374 375 if($forum['allowpicons'] != 0) 376 { 377 $posticons = get_post_icons(); 378 } 379 380 if($mybb->user['uid'] != 0) 381 { 382 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 383 } 384 else 385 { 386 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 387 } 388 389 // Setup a unique posthash for attachment management 390 $posthash = htmlspecialchars_uni($post['posthash']); 391 392 $bgcolor = "trow1"; 393 if($forumpermissions['canpostattachments'] != 0) 394 { // Get a listing of the current attachments, if there are any 395 $attachcount = 0; 396 if($posthash) 397 { 398 $posthash_query = "posthash='{$posthash}' OR "; 399 } 400 else 401 { 402 $posthash_query = ""; 403 } 404 $query = $db->simple_select("attachments", "*", "{$posthash_query}pid='{$pid}'"); 405 $attachments = ''; 406 while($attachment = $db->fetch_array($query)) 407 { 408 $attachment['size'] = get_friendly_size($attachment['filesize']); 409 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 410 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 411 { 412 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 413 } 414 // Moderating options 415 $attach_mod_options = ''; 416 if(is_moderator($fid)) 417 { 418 if($attachment['visible'] == 1) 419 { 420 eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_unapprove")."\";"); 421 } 422 else 423 { 424 eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_approve")."\";"); 425 } 426 } 427 428 // Remove Attachment 429 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 430 431 if($attachment['visible'] != 1) 432 { 433 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 434 } 435 else 436 { 437 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 438 } 439 $attachcount++; 440 } 441 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 442 $usage = $db->fetch_array($query); 443 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 444 { 445 $noshowattach = 1; 446 } 447 if($mybb->usergroup['attachquota'] == 0) 448 { 449 $friendlyquota = $lang->unlimited; 450 } 451 else 452 { 453 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 454 } 455 $friendlyusage = get_friendly_size($usage['ausage']); 456 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyusage, $friendlyquota); 457 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 458 { 459 if($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) 460 { 461 eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";"); 462 } 463 464 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 465 } 466 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 467 } 468 if(!$mybb->input['attachmentaid'] && !$mybb->input['newattachment'] && !$mybb->input['updateattachment'] && !$mybb->input['previewpost'] && !$maximageserror) 469 { 470 $message = $post['message']; 471 $subject = $post['subject']; 472 } 473 else 474 { 475 $message = $mybb->input['message']; 476 $subject = $mybb->input['subject']; 477 } 478 479 if($mybb->input['previewpost'] || $post_errors) 480 { 481 // Set up posthandler. 482 require_once MYBB_ROOT."inc/datahandlers/post.php"; 483 $posthandler = new PostDataHandler("update"); 484 $posthandler->action = "post"; 485 486 // Set the post data that came from the input to the $post array. 487 $post = array( 488 "pid" => $mybb->input['pid'], 489 "prefix" => $mybb->input['threadprefix'], 490 "subject" => $mybb->input['subject'], 491 "icon" => $mybb->input['icon'], 492 "uid" => $post['uid'], 493 "edit_uid" => $mybb->user['uid'], 494 "message" => $mybb->input['message'], 495 ); 496 497 if(!$mybb->input['previewpost']) 498 { 499 $post['uid'] = $mybb->user['uid']; 500 $post['username'] = $mybb->user['username']; 501 } 502 503 // Set up the post options from the input. 504 $post['options'] = array( 505 "signature" => $mybb->input['postoptions']['signature'], 506 "emailnotify" => $mybb->input['postoptions']['emailnotify'], 507 "disablesmilies" => $mybb->input['postoptions']['disablesmilies'] 508 ); 509 510 $posthandler->set_data($post); 511 512 // Now let the post handler do all the hard work. 513 if(!$posthandler->validate_post()) 514 { 515 $post_errors = $posthandler->get_friendly_errors(); 516 $post_errors = inline_error($post_errors); 517 $mybb->input['action'] = "editpost"; 518 $mybb->input['previewpost'] = 0; 519 } 520 else 521 { 522 $previewmessage = $message; 523 $previewsubject = $subject; 524 $message = htmlspecialchars_uni($message); 525 $subject = htmlspecialchars_uni($subject); 526 527 $postoptions = $mybb->input['postoptions']; 528 529 if($postoptions['signature'] == 1) 530 { 531 $postoptionschecked['signature'] = " checked=\"checked\""; 532 } 533 534 if($postoptions['subscriptionmethod'] == "none") 535 { 536 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 537 } 538 else if($postoptions['subscriptionmethod'] == "instant") 539 { 540 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 541 } 542 else 543 { 544 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 545 } 546 547 if($postoptions['disablesmilies'] == 1) 548 { 549 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 550 } 551 } 552 } 553 554 if($mybb->input['previewpost']) 555 { 556 // Figure out the poster's other information. 557 $query = $db->query(" 558 SELECT u.*, f.*, p.dateline 559 FROM ".TABLE_PREFIX."users u 560 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 561 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.uid=u.uid) 562 WHERE u.uid='{$post['uid']}' AND p.pid='{$pid}' 563 LIMIT 1 564 "); 565 $postinfo = $db->fetch_array($query); 566 567 $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); 568 while($attachment = $db->fetch_array($query)) 569 { 570 $attachcache[0][$attachment['aid']] = $attachment; 571 } 572 573 // Set the values of the post info array. 574 $postinfo['userusername'] = $postinfo['username']; 575 $postinfo['message'] = $previewmessage; 576 $postinfo['subject'] = $previewsubject; 577 $postinfo['icon'] = $icon; 578 $postinfo['smilieoff'] = $postoptions['disablesmilies']; 579 580 $postbit = build_postbit($postinfo, 1); 581 eval("\$preview = \"".$templates->get("previewpost")."\";"); 582 } 583 else if(!$post_errors) 584 { 585 $message = htmlspecialchars_uni($message); 586 $subject = htmlspecialchars_uni($subject); 587 588 if($post['includesig'] != 0) 589 { 590 $postoptionschecked['signature'] = " checked=\"checked\""; 591 } 592 593 if($post['smilieoff'] == 1) 594 { 595 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 596 } 597 598 $query = $db->simple_select("threadsubscriptions", "notification", "tid='{$tid}' AND uid='{$mybb->user['uid']}'"); 599 if($db->num_rows($query) > 0) 600 { 601 $notification = $db->fetch_field($query, 'notification'); 602 603 if($notification == 0) 604 { 605 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 606 } 607 else if($notification == 1) 608 { 609 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 610 } 611 else 612 { 613 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 614 } 615 } 616 } 617 618 // Generate thread prefix selector if this is the first post of the thread 619 if($thread['firstpost'] == $pid) 620 { 621 if(!intval($mybb->input['threadprefix'])) 622 { 623 $mybb->input['threadprefix'] = $thread['prefix']; 624 } 625 626 $prefixselect = build_prefix_select($forum['fid'], $mybb->input['threadprefix']); 627 } 628 else 629 { 630 $prefixselect = ""; 631 } 632 633 // Fetch subscription select box 634 $bgcolor = "trow1"; 635 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 636 637 $bgcolor2 = "trow2"; 638 $query = $db->simple_select("posts", "*", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc")); 639 $firstcheck = $db->fetch_array($query); 640 if($firstcheck['pid'] == $pid && $forumpermissions['canpostpolls'] != 0 && $thread['poll'] < 1) 641 { 642 $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']); 643 $numpolloptions = "2"; 644 eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";"); 645 } 646 647 // Can we disable smilies or are they disabled already? 648 if($forum['allowsmilies'] != 0) 649 { 650 eval("\$disablesmilies = \"".$templates->get("editpost_disablesmilies")."\";"); 651 } 652 else 653 { 654 $disablesmilies = "<input type=\"hidden\" name=\"postoptions[disablesmilies]\" value=\"no\" />"; 655 } 656 657 $plugins->run_hooks("editpost_end"); 658 659 $forum['name'] = strip_tags($forum['name']); 660 661 eval("\$editpost = \"".$templates->get("editpost")."\";"); 662 output_page($editpost); 663 } 664 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Jan 1 10:49:49 2012 | Cross-referenced by PHPXref 0.7.1 |