| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id: newthread.php 5605 2011-09-19 11:17:26Z Tomm $ 10 */ 11 12 define("IN_MYBB", 1); 13 define('THIS_SCRIPT', 'newthread.php'); 14 15 $templatelist = "newthread,previewpost,error_invalidforum,redirect_newthread,loginbox,changeuserbox,newthread_postpoll,posticons,attachment,newthread_postpoll,codebuttons,smilieinsert,error_nosubject"; 16 $templatelist .= "posticons,newthread_disablesmilies,newreply_modoptions,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove"; 17 18 require_once "./global.php"; 19 require_once MYBB_ROOT."inc/functions_post.php"; 20 require_once MYBB_ROOT."inc/functions_user.php"; 21 22 // Load global language phrases 23 $lang->load("newthread"); 24 25 $tid = $pid = ""; 26 if($mybb->input['action'] == "editdraft" || ($mybb->input['savedraft'] && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid'])) 27 { 28 $thread = get_thread($mybb->input['tid']); 29 30 $query = $db->simple_select("posts", "*", "tid='".intval($mybb->input['tid'])."' AND visible='-2'", array('order_by' => 'dateline', 'limit' => 1)); 31 $post = $db->fetch_array($query); 32 33 if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) 34 { 35 error($lang->invalidthread); 36 } 37 38 $pid = $post['pid']; 39 $fid = $thread['fid']; 40 $tid = $thread['tid']; 41 $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />"; 42 } 43 else 44 { 45 $fid = intval($mybb->input['fid']); 46 } 47 48 // Fetch forum information. 49 $forum = get_forum($fid); 50 if(!$forum) 51 { 52 error($lang->error_invalidforum); 53 } 54 55 // Draw the navigation 56 build_forum_breadcrumb($fid); 57 add_breadcrumb($lang->nav_newthread); 58 59 $forumpermissions = forum_permissions($fid); 60 61 if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "") 62 { 63 error($lang->error_closedinvalidforum); 64 } 65 66 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) 67 { 68 error_no_permission(); 69 } 70 71 // Check if this forum is password protected and we have a valid password 72 check_forum_password($forum['fid']); 73 74 // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter. 75 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 76 { 77 $codebuttons = build_mycode_inserter(); 78 if($forum['allowsmilies'] != 0) 79 { 80 $smilieinserter = build_clickable_smilies(); 81 } 82 } 83 84 // Does this forum allow post icons? If so, fetch the post icons. 85 if($forum['allowpicons'] != 0) 86 { 87 $posticons = get_post_icons(); 88 } 89 90 // If we have a currently logged in user then fetch the change user box. 91 if($mybb->user['uid'] != 0) 92 { 93 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 94 } 95 96 // Otherwise we have a guest, determine the "username" and get the login box. 97 else 98 { 99 if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newthread") 100 { 101 $username = ''; 102 } 103 else 104 { 105 $username = htmlspecialchars($mybb->input['username']); 106 } 107 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 108 } 109 110 // If we're not performing a new thread insert and not editing a draft then we're posting a new thread. 111 if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft") 112 { 113 $mybb->input['action'] = "newthread"; 114 } 115 116 // Previewing a post, overwrite the action to the new thread action. 117 if($mybb->input['previewpost']) 118 { 119 $mybb->input['action'] = "newthread"; 120 } 121 122 if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1') 123 { 124 error($lang->error_cannot_upload_php_post); 125 } 126 127 // Handle attachments if we've got any. 128 if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || $mybb->input['updateattachment'] || ($mybb->input['action'] == "do_newthread" && $mybb->input['submit'] && $_FILES['attachment']))) 129 { 130 // Verify incoming POST request 131 verify_post_check($mybb->input['my_post_key']); 132 133 if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) 134 { 135 $attachwhere = "pid='{$pid}'"; 136 } 137 else 138 { 139 $attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'"; 140 } 141 $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere); 142 $attachcount = $db->fetch_field($query, "numattachs"); 143 144 // If there's an attachment, check it and upload it 145 if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) 146 { 147 require_once MYBB_ROOT."inc/functions_upload.php"; 148 149 $update_attachment = false; 150 if($mybb->input['updateattachment']) 151 { 152 $update_attachment = true; 153 } 154 $attachedfile = upload_attachment($_FILES['attachment'], $update_attachment); 155 } 156 157 // Error with attachments - should use new inline errors? 158 if($attachedfile['error']) 159 { 160 $errors[] = $attachedfile['error']; 161 $mybb->input['action'] = "newthread"; 162 } 163 164 // If we were dealing with an attachment but didn't click 'Post Thread', force the new thread page again. 165 if(!$mybb->input['submit']) 166 { 167 //$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />"; 168 $mybb->input['action'] = "newthread"; 169 } 170 } 171 172 // Are we removing an attachment from the thread? 173 if($mybb->input['attachmentaid'] && $mybb->input['attachmentact'] == "remove" && $mybb->input['posthash']) 174 { 175 // Verify incoming POST request 176 verify_post_check($mybb->input['my_post_key']); 177 178 require_once MYBB_ROOT."inc/functions_upload.php"; 179 remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']); 180 if(!$mybb->input['submit']) 181 { 182 $mybb->input['action'] = "newthread"; 183 } 184 } 185 186 $thread_errors = ""; 187 $hide_captcha = false; 188 189 // Check the maximum posts per day for this user 190 if($mybb->settings['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1) 191 { 192 $daycut = TIME_NOW-60*60*24; 193 $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}"); 194 $post_count = $db->fetch_field($query, "posts_today"); 195 if($post_count >= $mybb->settings['maxposts']) 196 { 197 $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']); 198 error($lang->error_maxposts); 199 } 200 } 201 202 // Performing the posting of a new thread. 203 if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post") 204 { 205 // Verify incoming POST request 206 verify_post_check($mybb->input['my_post_key']); 207 208 $plugins->run_hooks("newthread_do_newthread_start"); 209 210 // If this isn't a logged in user, then we need to do some special validation. 211 if($mybb->user['uid'] == 0) 212 { 213 $username = htmlspecialchars_uni($mybb->input['username']); 214 215 // Check if username exists. 216 if(username_exists($mybb->input['username'])) 217 { 218 // If it does and no password is given throw back "username is taken" 219 if(!$mybb->input['password']) 220 { 221 error($lang->error_usernametaken); 222 } 223 224 // Checks to make sure the user can login; they haven't had too many tries at logging in. 225 // Is a fatal call if user has had too many tries 226 $logins = login_attempt_check(); 227 228 // If the user specified a password but it is wrong, throw back invalid password. 229 $mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); 230 if(!$mybb->user['uid']) 231 { 232 my_setcookie('loginattempts', $logins + 1); 233 $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '".$db->escape_string(my_strtolower($mybb->input['username']))."'", 1, true); 234 if($mybb->settings['failedlogintext'] == 1) 235 { 236 $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); 237 } 238 error($lang->error_invalidpassword.$login_text); 239 } 240 // Otherwise they've logged in successfully. 241 242 $mybb->input['username'] = $username = $mybb->user['username']; 243 my_setcookie("mybbuser", $mybb->user['uid']."_".$mybb->user['loginkey'], null, true); 244 my_setcookie('loginattempts', 1); 245 246 // Update the session to contain their user ID 247 $updated_session = array( 248 "uid" => $mybb->user['uid'], 249 ); 250 $db->update_query("sessions", $updated_session, "sid='{$session->sid}'"); 251 252 $db->update_query("users", array("loginattempts" => 1), "uid='{$mybb->user['uid']}'"); 253 254 // Set uid and username 255 $uid = $mybb->user['uid']; 256 $username = $mybb->user['username']; 257 258 // Check if this user is allowed to post here 259 $mybb->usergroup = &$groupscache[$mybb->user['usergroup']]; 260 $forumpermissions = forum_permissions($fid); 261 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) 262 { 263 error_no_permission(); 264 } 265 } 266 // This username does not exist. 267 else 268 { 269 // If they didn't specify a username then give them "Guest" 270 if(!$mybb->input['username']) 271 { 272 $username = $lang->guest; 273 } 274 // Otherwise use the name they specified. 275 else 276 { 277 $username = htmlspecialchars($mybb->input['username']); 278 } 279 $uid = 0; 280 } 281 } 282 // This user is logged in. 283 else 284 { 285 $username = $mybb->user['username']; 286 $uid = $mybb->user['uid']; 287 } 288 289 // Attempt to see if this post is a duplicate or not 290 if($uid > 0) 291 { 292 $user_check = "p.uid='{$uid}'"; 293 } 294 else 295 { 296 $user_check = "p.ipaddress='".$db->escape_string($session->ipaddress)."'"; 297 } 298 if(!$mybb->input['savedraft'] && !$pid) 299 { 300 $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.posthash='".$db->escape_string($mybb->input['posthash'])."'"); 301 $duplicate_check = $db->fetch_field($query, "pid"); 302 if($duplicate_check) 303 { 304 error($lang->error_post_already_submitted); 305 } 306 } 307 308 // Set up posthandler. 309 require_once MYBB_ROOT."inc/datahandlers/post.php"; 310 $posthandler = new PostDataHandler("insert"); 311 $posthandler->action = "thread"; 312 313 // Set the thread data that came from the input to the $thread array. 314 $new_thread = array( 315 "fid" => $forum['fid'], 316 "subject" => $mybb->input['subject'], 317 "prefix" => $mybb->input['threadprefix'], 318 "icon" => $mybb->input['icon'], 319 "uid" => $uid, 320 "username" => $username, 321 "message" => $mybb->input['message'], 322 "ipaddress" => get_ip(), 323 "posthash" => $mybb->input['posthash'] 324 ); 325 326 if($pid != '') 327 { 328 $new_thread['pid'] = $pid; 329 } 330 331 // Are we saving a draft thread? 332 if($mybb->input['savedraft'] && $mybb->user['uid']) 333 { 334 $new_thread['savedraft'] = 1; 335 } 336 else 337 { 338 $new_thread['savedraft'] = 0; 339 } 340 341 // Is this thread already a draft and we're updating it? 342 if(isset($thread['tid']) && $thread['visible'] == -2) 343 { 344 $new_thread['tid'] = $thread['tid']; 345 } 346 347 // Set up the thread options from the input. 348 $new_thread['options'] = array( 349 "signature" => $mybb->input['postoptions']['signature'], 350 "subscriptionmethod" => $mybb->input['postoptions']['subscriptionmethod'], 351 "disablesmilies" => $mybb->input['postoptions']['disablesmilies'] 352 ); 353 354 // Apply moderation options if we have them 355 $new_thread['modoptions'] = $mybb->input['modoptions']; 356 357 $posthandler->set_data($new_thread); 358 359 // Now let the post handler do all the hard work. 360 $valid_thread = $posthandler->validate_thread(); 361 362 $post_errors = array(); 363 // Fetch friendly error messages if this is an invalid thread 364 if(!$valid_thread) 365 { 366 $post_errors = $posthandler->get_friendly_errors(); 367 } 368 369 // Check captcha image 370 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 371 { 372 require_once MYBB_ROOT.'inc/class_captcha.php'; 373 $post_captcha = new captcha; 374 375 if($post_captcha->validate_captcha() == false) 376 { 377 // CAPTCHA validation failed 378 foreach($post_captcha->get_errors() as $error) 379 { 380 $post_errors[] = $error; 381 } 382 } 383 else 384 { 385 $hide_captcha = true; 386 } 387 } 388 389 // One or more errors returned, fetch error list and throw to newthread page 390 if(count($post_errors) > 0) 391 { 392 $thread_errors = inline_error($post_errors); 393 $mybb->input['action'] = "newthread"; 394 } 395 // No errors were found, it is safe to insert the thread. 396 else 397 { 398 $thread_info = $posthandler->insert_thread(); 399 $tid = $thread_info['tid']; 400 $visible = $thread_info['visible']; 401 402 // Mark thread as read 403 require_once MYBB_ROOT."inc/functions_indicators.php"; 404 mark_thread_read($tid, $fid); 405 406 // We were updating a draft thread, send them back to the draft listing. 407 if($new_thread['savedraft'] == 1) 408 { 409 $lang->redirect_newthread = $lang->draft_saved; 410 $url = "usercp.php?action=drafts"; 411 } 412 413 // A poll was being posted with this thread, throw them to poll posting page. 414 else if($mybb->input['postpoll'] && $forumpermissions['canpostpolls']) 415 { 416 $url = "polls.php?action=newpoll&tid=$tid&polloptions=".intval($mybb->input['numpolloptions']); 417 $lang->redirect_newthread .= $lang->redirect_newthread_poll; 418 } 419 420 // This thread is stuck in the moderation queue, send them back to the forum. 421 else if(!$visible) 422 { 423 // Moderated thread 424 $lang->redirect_newthread .= $lang->redirect_newthread_moderation; 425 $url = get_forum_link($fid); 426 } 427 428 // This is just a normal thread - send them to it. 429 else 430 { 431 // Visible thread 432 $lang->redirect_newthread .= $lang->redirect_newthread_thread; 433 $url = get_thread_link($tid); 434 } 435 436 // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected 437 if($mybb->input['quoted_ids'] && $mybb->cookies['multiquote'] && $mybb->settings['multiquote'] != 0) 438 { 439 // We quoted all posts - remove the entire cookie 440 if($mybb->input['quoted_ids'] == "all") 441 { 442 my_unsetcookie("multiquote"); 443 } 444 } 445 446 $plugins->run_hooks("newthread_do_newthread_end"); 447 448 // Hop to it! Send them to the next page. 449 if(!$mybb->input['postpoll']) 450 { 451 $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); 452 } 453 redirect($url, $lang->redirect_newthread); 454 } 455 } 456 457 if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft") 458 { 459 460 $plugins->run_hooks("newthread_start"); 461 462 $quote_ids = ''; 463 // If this isn't a preview and we're not editing a draft, then handle quoted posts 464 if(!$mybb->input['previewpost'] && !$thread_errors && $mybb->input['action'] != "editdraft") 465 { 466 $message = ''; 467 $quoted_posts = array(); 468 // Handle multiquote 469 if($mybb->cookies['multiquote'] && $mybb->settings['multiquote'] != 0) 470 { 471 $multiquoted = explode("|", $mybb->cookies['multiquote']); 472 foreach($multiquoted as $post) 473 { 474 $quoted_posts[$post] = intval($post); 475 } 476 } 477 478 // Quoting more than one post - fetch them 479 if(count($quoted_posts) > 0) 480 { 481 $external_quotes = 0; 482 $quoted_posts = implode(",", $quoted_posts); 483 $unviewable_forums = get_unviewable_forums(); 484 if($unviewable_forums) 485 { 486 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 487 } 488 489 if(is_moderator($fid)) 490 { 491 $visible_where = "AND p.visible != 2"; 492 } 493 else 494 { 495 $visible_where = "AND p.visible > 0"; 496 } 497 498 if(intval($mybb->input['load_all_quotes']) == 1) 499 { 500 $query = $db->query(" 501 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername 502 FROM ".TABLE_PREFIX."posts p 503 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 504 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 505 WHERE p.pid IN ($quoted_posts) {$unviewable_forums} {$visible_where} 506 "); 507 while($quoted_post = $db->fetch_array($query)) 508 { 509 if($quoted_post['userusername']) 510 { 511 $quoted_post['username'] = $quoted_post['userusername']; 512 } 513 $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']); 514 $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']); 515 $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']); 516 $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n"; 517 } 518 519 $quoted_ids = "all"; 520 } 521 else 522 { 523 $query = $db->query(" 524 SELECT COUNT(*) AS quotes 525 FROM ".TABLE_PREFIX."posts p 526 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 527 WHERE p.pid IN ($quoted_posts) {$unviewable_forums} {$visible_where} 528 "); 529 $external_quotes = $db->fetch_field($query, 'quotes'); 530 531 if($external_quotes > 0) 532 { 533 if($external_quotes == 1) 534 { 535 $multiquote_text = $lang->multiquote_external_one; 536 $multiquote_deselect = $lang->multiquote_external_one_deselect; 537 $multiquote_quote = $lang->multiquote_external_one_quote; 538 } 539 else 540 { 541 $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes); 542 $multiquote_deselect = $lang->multiquote_external_deselect; 543 $multiquote_quote = $lang->multiquote_external_quote; 544 } 545 eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";"); 546 } 547 } 548 } 549 } 550 551 if($mybb->input['quoted_ids']) 552 { 553 $quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']); 554 } 555 556 // Check the various post options if we're 557 // a -> previewing a post 558 // b -> removing an attachment 559 // c -> adding a new attachment 560 // d -> have errors from posting 561 562 if($mybb->input['previewpost'] || $mybb->input['attachmentaid'] || $mybb->input['newattachment'] || $mybb->input['updateattachment'] || $thread_errors) 563 { 564 $postoptions = $mybb->input['postoptions']; 565 if($postoptions['signature'] == 1) 566 { 567 $postoptionschecked['signature'] = " checked=\"checked\""; 568 } 569 if($postoptions['subscriptionmethod'] == "none") 570 { 571 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 572 } 573 else if($postoptions['subscriptionmethod'] == "instant") 574 { 575 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 576 } 577 else 578 { 579 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 580 } 581 if($postoptions['disablesmilies'] == 1) 582 { 583 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 584 } 585 if($mybb->input['postpoll'] == 1) 586 { 587 $postpollchecked = "checked=\"checked\""; 588 } 589 $numpolloptions = intval($mybb->input['numpolloptions']); 590 } 591 592 // Editing a draft thread 593 else if($mybb->input['action'] == "editdraft" && $mybb->user['uid']) 594 { 595 $message = htmlspecialchars_uni($post['message']); 596 $subject = htmlspecialchars_uni($post['subject']); 597 if($post['includesig'] != 0) 598 { 599 $postoptionschecked['signature'] = " checked=\"checked\""; 600 } 601 if($post['smilieoff'] == 1) 602 { 603 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 604 } 605 $icon = $post['icon']; 606 if($forum['allowpicons'] != 0) 607 { 608 $posticons = get_post_icons(); 609 } 610 } 611 612 // Otherwise, this is our initial visit to this page. 613 else 614 { 615 if($mybb->user['signature'] != '') 616 { 617 $postoptionschecked['signature'] = " checked=\"checked\""; 618 } 619 if($mybb->user['subscriptionmethod'] == 1) 620 { 621 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 622 } 623 else if($mybb->user['subscriptionmethod'] == 2) 624 { 625 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 626 } 627 else 628 { 629 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 630 } 631 $numpolloptions = "2"; 632 } 633 634 // If we're preving a post then generate the preview. 635 if($mybb->input['previewpost']) 636 { 637 // Set up posthandler. 638 require_once MYBB_ROOT."inc/datahandlers/post.php"; 639 $posthandler = new PostDataHandler("insert"); 640 $posthandler->action = "thread"; 641 642 // Set the thread data that came from the input to the $thread array. 643 $new_thread = array( 644 "fid" => $forum['fid'], 645 "prefix" => $mybb->input['threadprefix'], 646 "subject" => $mybb->input['subject'], 647 "icon" => $mybb->input['icon'], 648 "uid" => $uid, 649 "username" => $username, 650 "message" => $mybb->input['message'], 651 "ipaddress" => get_ip(), 652 "posthash" => $mybb->input['posthash'] 653 ); 654 655 if($pid != '') 656 { 657 $new_thread['pid'] = $pid; 658 } 659 660 $posthandler->set_data($new_thread); 661 662 // Now let the post handler do all the hard work. 663 $valid_thread = $posthandler->verify_message(); 664 $valid_subject = $posthandler->verify_subject(); 665 666 $post_errors = array(); 667 // Fetch friendly error messages if this is an invalid post 668 if(!$valid_thread || !$valid_subject) 669 { 670 $post_errors = $posthandler->get_friendly_errors(); 671 } 672 673 // One or more errors returned, fetch error list and throw to newreply page 674 if(count($post_errors) > 0) 675 { 676 $thread_errors = inline_error($post_errors); 677 } 678 else 679 { 680 if(!$mybb->input['username']) 681 { 682 $mybb->input['username'] = $lang->guest; 683 } 684 if($mybb->input['username'] && !$mybb->user['uid']) 685 { 686 $mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); 687 } 688 $query = $db->query(" 689 SELECT u.*, f.* 690 FROM ".TABLE_PREFIX."users u 691 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 692 WHERE u.uid='".$mybb->user['uid']."' 693 "); 694 $post = $db->fetch_array($query); 695 if(!$mybb->user['uid'] || !$post['username']) 696 { 697 $post['username'] = htmlspecialchars_uni($mybb->input['username']); 698 } 699 else 700 { 701 $post['userusername'] = $mybb->user['username']; 702 $post['username'] = $mybb->user['username']; 703 } 704 $previewmessage = $mybb->input['message']; 705 $post['message'] = $previewmessage; 706 $post['subject'] = $mybb->input['subject']; 707 $post['icon'] = $mybb->input['icon']; 708 $post['smilieoff'] = $postoptions['disablesmilies']; 709 $post['dateline'] = TIME_NOW; 710 $post['includesig'] = $mybb->input['postoptions']['signature']; 711 if($post['includesig'] != 1) 712 { 713 $post['includesig'] = 0; 714 } 715 716 // Fetch attachments assigned to this post 717 if($mybb->input['pid']) 718 { 719 $attachwhere = "pid='".intval($mybb->input['pid'])."'"; 720 } 721 else 722 { 723 $attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'"; 724 } 725 726 $query = $db->simple_select("attachments", "*", $attachwhere); 727 while($attachment = $db->fetch_array($query)) 728 { 729 $attachcache[0][$attachment['aid']] = $attachment; 730 } 731 732 $postbit = build_postbit($post, 1); 733 eval("\$preview = \"".$templates->get("previewpost")."\";"); 734 } 735 $message = htmlspecialchars_uni($mybb->input['message']); 736 $subject = htmlspecialchars_uni($mybb->input['subject']); 737 } 738 739 // Removing an attachment or adding a new one, or showting thread errors. 740 else if($mybb->input['attachmentaid'] || $mybb->input['newattachment'] || $mybb->input['updateattachment'] || $thread_errors) 741 { 742 $message = htmlspecialchars_uni($mybb->input['message']); 743 $subject = htmlspecialchars_uni($mybb->input['subject']); 744 } 745 746 // Do we have attachment errors? 747 if(count($errors) > 0) 748 { 749 $thread_errors = inline_error($errors); 750 } 751 752 // Generate thread prefix selector 753 if(!intval($mybb->input['threadprefix'])) 754 { 755 $mybb->input['threadprefix'] = 0; 756 } 757 758 $prefixselect = build_prefix_select($forum['fid'], $mybb->input['threadprefix']); 759 760 // Setup a unique posthash for attachment management 761 if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft") 762 { 763 $posthash = md5($mybb->user['uid'].random_str()); 764 } 765 elseif($mybb->input['action'] == "editdraft") 766 { 767 // Drafts have posthashes, too... 768 $posthash = $post['posthash']; 769 } 770 else 771 { 772 $posthash = htmlspecialchars_uni($mybb->input['posthash']); 773 } 774 775 // Can we disable smilies or are they disabled already? 776 if($forum['allowsmilies'] != 0) 777 { 778 eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";"); 779 } 780 else 781 { 782 $disablesmilies = "<input type=\"hidden\" name=\"postoptions[disablesmilies]\" value=\"no\" />"; 783 } 784 785 // Show the moderator options 786 if(is_moderator($fid)) 787 { 788 $modoptions = $mybb->input['modoptions']; 789 if($modoptions['closethread'] == 1) 790 { 791 $closecheck = "checked=\"checked\""; 792 } 793 else 794 { 795 $closecheck = ''; 796 } 797 if($modoptions['stickthread'] == 1) 798 { 799 $stickycheck = "checked=\"checked\""; 800 } 801 else 802 { 803 $stickycheck = ''; 804 } 805 unset($modoptions); 806 eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";"); 807 $bgcolor = "trow1"; 808 $bgcolor2 = "trow2"; 809 } 810 else 811 { 812 $bgcolor = "trow2"; 813 $bgcolor2 = "trow1"; 814 } 815 816 // Fetch subscription select box 817 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 818 819 if($forumpermissions['canpostattachments'] != 0) 820 { // Get a listing of the current attachments, if there are any 821 $attachcount = 0; 822 if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) 823 { 824 $attachwhere = "pid='$pid'"; 825 } 826 else 827 { 828 $attachwhere = "posthash='".$db->escape_string($posthash)."'"; 829 } 830 $query = $db->simple_select("attachments", "*", $attachwhere); 831 $attachments = ''; 832 while($attachment = $db->fetch_array($query)) 833 { 834 $attachment['size'] = get_friendly_size($attachment['filesize']); 835 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 836 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 837 { 838 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 839 } 840 841 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 842 843 $attach_mod_options = ''; 844 if($attachment['visible'] != 1) 845 { 846 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 847 } 848 else 849 { 850 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 851 } 852 $attachcount++; 853 } 854 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 855 $usage = $db->fetch_array($query); 856 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 857 { 858 $noshowattach = 1; 859 } 860 if($mybb->usergroup['attachquota'] == 0) 861 { 862 $friendlyquota = $lang->unlimited; 863 } 864 else 865 { 866 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 867 } 868 $friendlyusage = get_friendly_size($usage['ausage']); 869 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyusage, $friendlyquota); 870 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 871 { 872 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 873 } 874 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 875 876 $bgcolor = alt_trow(); 877 } 878 879 if($mybb->user['uid']) 880 { 881 eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";"); 882 } 883 884 // Show captcha image for guests if enabled 885 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 886 { 887 $correct = false; 888 require_once MYBB_ROOT.'inc/class_captcha.php'; 889 $post_captcha = new captcha(false, "post_captcha"); 890 891 if($mybb->input['previewpost'] || $hide_captcha == true && $post_captcha->type == 1) 892 { 893 // If previewing a post - check their current captcha input - if correct, hide the captcha input area 894 // ... but only if it's a default one, reCAPTCHAs must be filled in every time due to draconian limits 895 if($post_captcha->validate_captcha() == true) 896 { 897 $correct = true; 898 899 // Generate a hidden list of items for our captcha 900 $captcha = $post_captcha->build_hidden_captcha(); 901 } 902 } 903 904 if(!$correct) 905 { 906 if($post_captcha->type == 1) 907 { 908 $post_captcha->build_captcha(); 909 } 910 else if($post_captcha->type == 2) 911 { 912 $post_captcha->build_recaptcha(); 913 } 914 915 if($post_captcha->html) 916 { 917 $captcha = $post_captcha->html; 918 } 919 } 920 } 921 922 if($forumpermissions['canpostpolls'] != 0) 923 { 924 $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']); 925 eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";"); 926 } 927 928 $plugins->run_hooks("newthread_end"); 929 930 $forum['name'] = strip_tags($forum['name']); 931 $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']); 932 933 eval("\$newthread = \"".$templates->get("newthread")."\";"); 934 output_page($newthread); 935 936 } 937 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Jan 1 10:49:49 2012 | Cross-referenced by PHPXref 0.7.1 |