| [ Index ] |
PHP Cross Reference of MyBB |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id$ 10 */ 11 12 define("IN_MYBB", 1); 13 define('THIS_SCRIPT', 'editpost.php'); 14 15 $templatelist = "editpost,previewpost,loginbox,posticons,changeuserbox,codebuttons,smilieinsert,smilieinsert_getmore,post_attachments_attachment_postinsert,post_attachments_attachment_mod_approve,post_attachments_attachment_unapproved,post_attachments_attachment_mod_unapprove,post_attachments_attachment,post_attachments_new,post_attachments,newthread_postpoll,editpost_disablesmilies,post_subscription_method,post_attachments_attachment_remove,post_attachments_update,postbit_author_guest,error_attacherror,forumdisplay_password_wrongpass,forumdisplay_password"; 16 17 require_once "./global.php"; 18 require_once MYBB_ROOT."inc/functions_post.php"; 19 require_once MYBB_ROOT."inc/functions_upload.php"; 20 21 // Load global language phrases 22 $lang->load("editpost"); 23 24 $plugins->run_hooks("editpost_start"); 25 26 // No permission for guests 27 if(!$mybb->user['uid']) 28 { 29 error_no_permission(); 30 } 31 32 // Get post info 33 $pid = intval($mybb->input['pid']); 34 35 // if we already have the post information... 36 if(isset($style) && $style['pid'] == $pid && $style['type'] != 'f') 37 { 38 $post = &$style; 39 } 40 else 41 { 42 $query = $db->simple_select("posts", "*", "pid='$pid'"); 43 $post = $db->fetch_array($query); 44 } 45 46 if(!$post['pid']) 47 { 48 error($lang->error_invalidpost); 49 } 50 51 // Get thread info 52 $tid = $post['tid']; 53 $thread = get_thread($tid); 54 55 if(!$thread['tid']) 56 { 57 error($lang->error_invalidthread); 58 } 59 60 $thread['subject'] = htmlspecialchars_uni($thread['subject']); 61 62 // Get forum info 63 $fid = $post['fid']; 64 $forum = get_forum($fid); 65 66 if(($thread['visible'] == 0 && !is_moderator($fid)) || ($thread['visible'] < 0 && $thread['uid'] != $mybb->user['uid'])) 67 { 68 error($lang->error_invalidthread); 69 } 70 if(!$forum || $forum['type'] != "f") 71 { 72 error($lang->error_closedinvalidforum); 73 } 74 if(($forum['open'] == 0 && !is_moderator($fid, "caneditposts")) || $mybb->user['suspendposting'] == 1) 75 { 76 error_no_permission(); 77 } 78 79 // Add prefix to breadcrumb 80 $query = $db->simple_select('threadprefixes', 'displaystyle', "pid='{$thread['prefix']}'"); 81 $breadcrumbprefix = $db->fetch_field($query, 'displaystyle'); 82 83 if($breadcrumbprefix) 84 { 85 $breadcrumbprefix .= ' '; 86 } 87 88 // Make navigation 89 build_forum_breadcrumb($fid); 90 add_breadcrumb($breadcrumbprefix.$thread['subject'], get_thread_link($thread['tid'])); 91 add_breadcrumb($lang->nav_editpost); 92 93 $forumpermissions = forum_permissions($fid); 94 95 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 96 { 97 $codebuttons = build_mycode_inserter(); 98 } 99 if($mybb->settings['smilieinserter'] != 0) 100 { 101 $smilieinserter = build_clickable_smilies(); 102 } 103 104 if(!$mybb->input['action'] || $mybb->input['previewpost']) 105 { 106 $mybb->input['action'] = "editpost"; 107 } 108 109 if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post") 110 { 111 if(!is_moderator($fid, "candeleteposts")) 112 { 113 if($thread['closed'] == 1) 114 { 115 error($lang->redirect_threadclosed); 116 } 117 if($forumpermissions['candeleteposts'] == 0) 118 { 119 error_no_permission(); 120 } 121 if($mybb->user['uid'] != $post['uid']) 122 { 123 error_no_permission(); 124 } 125 // User can't delete unapproved post 126 if($post['visible'] == 0) 127 { 128 error_no_permission(); 129 } 130 } 131 } 132 else 133 { 134 if(!is_moderator($fid, "caneditposts")) 135 { 136 if($thread['closed'] == 1) 137 { 138 error($lang->redirect_threadclosed); 139 } 140 if($forumpermissions['caneditposts'] == 0) 141 { 142 error_no_permission(); 143 } 144 if($mybb->user['uid'] != $post['uid']) 145 { 146 error_no_permission(); 147 } 148 // Edit time limit 149 $time = TIME_NOW; 150 if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < ($time-($mybb->settings['edittimelimit']*60))) 151 { 152 $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); 153 error($lang->edit_time_limit); 154 } 155 // User can't edit unapproved post 156 if($post['visible'] == 0) 157 { 158 error_no_permission(); 159 } 160 } 161 } 162 163 // Check if this forum is password protected and we have a valid password 164 check_forum_password($forum['fid']); 165 166 if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1') 167 { 168 error($lang->error_cannot_upload_php_post); 169 } 170 171 if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || $mybb->input['updateattachment'] || ($mybb->input['action'] == "do_editpost" && $mybb->input['submit'] && $_FILES['attachment']))) 172 { 173 // Verify incoming POST request 174 verify_post_check($mybb->input['my_post_key']); 175 176 $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", "pid='{$pid}'"); 177 $attachcount = $db->fetch_field($query, "numattachs"); 178 179 // If there's an attachment, check it and upload it 180 if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) 181 { 182 $update_attachment = false; 183 if($mybb->input['updateattachment'] && ($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments'])) 184 { 185 $update_attachment = true; 186 } 187 $attachedfile = upload_attachment($_FILES['attachment'], $update_attachment); 188 } 189 if($attachedfile['error']) 190 { 191 eval("\$attacherror = \"".$templates->get("error_attacherror")."\";"); 192 $mybb->input['action'] = "editpost"; 193 } 194 if(!$mybb->input['submit']) 195 { 196 $mybb->input['action'] = "editpost"; 197 } 198 } 199 200 if($mybb->input['attachmentaid'] && isset($mybb->input['attachmentact']) && $mybb->input['action'] == "do_editpost" && $mybb->request_method == "post") // Lets remove/approve/unapprove the attachment 201 { 202 // Verify incoming POST request 203 verify_post_check($mybb->input['my_post_key']); 204 205 $mybb->input['attachmentaid'] = intval($mybb->input['attachmentaid']); 206 if($mybb->input['attachmentact'] == "remove") 207 { 208 remove_attachment($pid, "", $mybb->input['attachmentaid']); 209 } 210 elseif($mybb->input['attachmentact'] == "approve" && is_moderator($fid, 'caneditposts')) 211 { 212 $update_sql = array("visible" => 1); 213 $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'"); 214 update_thread_counters($post['tid'], array('attachmentcount' => "+1")); 215 } 216 elseif($mybb->input['attachmentact'] == "unapprove" && is_moderator($fid, 'caneditposts')) 217 { 218 $update_sql = array("visible" => 0); 219 $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'"); 220 update_thread_counters($post['tid'], array('attachmentcount' => "-1")); 221 } 222 if(!$mybb->input['submit']) 223 { 224 $mybb->input['action'] = "editpost"; 225 } 226 } 227 228 if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post") 229 { 230 // Verify incoming POST request 231 verify_post_check($mybb->input['my_post_key']); 232 233 $plugins->run_hooks("editpost_deletepost"); 234 235 if($mybb->input['delete'] == 1) 236 { 237 $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc")); 238 $firstcheck = $db->fetch_array($query); 239 if($firstcheck['pid'] == $pid) 240 { 241 $firstpost = 1; 242 } 243 else 244 { 245 $firstpost = 0; 246 } 247 248 $modlogdata['fid'] = $fid; 249 $modlogdata['tid'] = $tid; 250 if($firstpost) 251 { 252 if($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads")) 253 { 254 delete_thread($tid); 255 mark_reports($tid, "thread"); 256 log_moderator_action($modlogdata, $lang->thread_deleted); 257 redirect(get_forum_link($fid), $lang->redirect_threaddeleted); 258 } 259 else 260 { 261 error_no_permission(); 262 } 263 } 264 else 265 { 266 if($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts")) 267 { 268 // Select the first post before this 269 delete_post($pid, $tid); 270 mark_reports($pid, "post"); 271 log_moderator_action($modlogdata, $lang->post_deleted); 272 $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND dateline <= '{$post['dateline']}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "desc")); 273 $next_post = $db->fetch_array($query); 274 if($next_post['pid']) 275 { 276 $redirect = get_post_link($next_post['pid'], $tid)."#pid{$next_post['pid']}"; 277 } 278 else 279 { 280 $redirect = get_thread_link($tid); 281 } 282 redirect($redirect, $lang->redirect_postdeleted); 283 } 284 else 285 { 286 error_no_permission(); 287 } 288 } 289 } 290 else 291 { 292 error($lang->redirect_nodelete); 293 } 294 } 295 296 if($mybb->input['action'] == "do_editpost" && $mybb->request_method == "post") 297 { 298 // Verify incoming POST request 299 verify_post_check($mybb->input['my_post_key']); 300 301 $plugins->run_hooks("editpost_do_editpost_start"); 302 303 // Set up posthandler. 304 require_once MYBB_ROOT."inc/datahandlers/post.php"; 305 $posthandler = new PostDataHandler("update"); 306 $posthandler->action = "post"; 307 308 // Set the post data that came from the input to the $post array. 309 $post = array( 310 "pid" => $mybb->input['pid'], 311 "prefix" => $mybb->input['threadprefix'], 312 "subject" => $mybb->input['subject'], 313 "icon" => $mybb->input['icon'], 314 "uid" => $mybb->user['uid'], 315 "username" => $mybb->user['username'], 316 "edit_uid" => $mybb->user['uid'], 317 "message" => $mybb->input['message'], 318 ); 319 320 // Set up the post options from the input. 321 $post['options'] = array( 322 "signature" => $mybb->input['postoptions']['signature'], 323 "subscriptionmethod" => $mybb->input['postoptions']['subscriptionmethod'], 324 "disablesmilies" => $mybb->input['postoptions']['disablesmilies'] 325 ); 326 327 $posthandler->set_data($post); 328 329 // Now let the post handler do all the hard work. 330 if(!$posthandler->validate_post()) 331 { 332 $post_errors = $posthandler->get_friendly_errors(); 333 $post_errors = inline_error($post_errors); 334 $mybb->input['action'] = "editpost"; 335 } 336 // No errors were found, we can call the update method. 337 else 338 { 339 $postinfo = $posthandler->update_post(); 340 $visible = $postinfo['visible']; 341 $first_post = $postinfo['first_post']; 342 343 // Help keep our attachments table clean. 344 $db->delete_query("attachments", "filename='' OR filesize<1"); 345 346 // Did the user choose to post a poll? Redirect them to the poll posting page. 347 if($mybb->input['postpoll'] && $forumpermissions['canpostpolls']) 348 { 349 $url = "polls.php?action=newpoll&tid=$tid&polloptions=".intval($mybb->input['numpolloptions']); 350 $lang->redirect_postedited = $lang->redirect_postedited_poll; 351 } 352 else if($visible == 0 && $first_post && !is_moderator($fid, "", $mybb->user['uid'])) 353 { 354 // Moderated post 355 $lang->redirect_postedited .= $lang->redirect_thread_moderation; 356 $url = get_forum_link($fid); 357 } 358 else if($visible == 0 && !is_moderator($fid, "", $mybb->user['uid'])) 359 { 360 $lang->redirect_postedited .= $lang->redirect_post_moderation; 361 $url = get_thread_link($tid); 362 } 363 // Otherwise, send them back to their post 364 else 365 { 366 $lang->redirect_postedited .= $lang->redirect_postedited_redirect; 367 $url = get_post_link($pid, $tid)."#pid{$pid}"; 368 } 369 $plugins->run_hooks("editpost_do_editpost_end"); 370 371 redirect($url, $lang->redirect_postedited); 372 } 373 } 374 375 if(!$mybb->input['action'] || $mybb->input['action'] == "editpost") 376 { 377 $plugins->run_hooks("editpost_action_start"); 378 379 if(!$mybb->input['previewpost']) 380 { 381 $icon = $post['icon']; 382 } 383 384 if($forum['allowpicons'] != 0) 385 { 386 $posticons = get_post_icons(); 387 } 388 389 if($mybb->user['uid'] != 0) 390 { 391 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 392 } 393 else 394 { 395 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 396 } 397 398 $bgcolor = "trow1"; 399 if($forumpermissions['canpostattachments'] != 0) 400 { // Get a listing of the current attachments, if there are any 401 $attachcount = 0; 402 $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); 403 $attachments = ''; 404 while($attachment = $db->fetch_array($query)) 405 { 406 $attachment['size'] = get_friendly_size($attachment['filesize']); 407 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 408 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 409 410 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 411 { 412 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 413 } 414 // Moderating options 415 $attach_mod_options = ''; 416 if(is_moderator($fid)) 417 { 418 if($attachment['visible'] == 1) 419 { 420 eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_unapprove")."\";"); 421 } 422 else 423 { 424 eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_approve")."\";"); 425 } 426 } 427 428 // Remove Attachment 429 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 430 431 if($attachment['visible'] != 1) 432 { 433 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 434 } 435 else 436 { 437 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 438 } 439 $attachcount++; 440 } 441 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 442 $usage = $db->fetch_array($query); 443 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 444 { 445 $noshowattach = 1; 446 } 447 if($mybb->usergroup['attachquota'] == 0) 448 { 449 $friendlyquota = $lang->unlimited; 450 } 451 else 452 { 453 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 454 } 455 $friendlyusage = get_friendly_size($usage['ausage']); 456 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyusage, $friendlyquota); 457 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 458 { 459 if($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) 460 { 461 eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";"); 462 } 463 464 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 465 } 466 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 467 } 468 if(!$mybb->input['attachmentaid'] && !$mybb->input['newattachment'] && !$mybb->input['updateattachment'] && !$mybb->input['previewpost'] && !$maximageserror) 469 { 470 $message = $post['message']; 471 $subject = $post['subject']; 472 } 473 else 474 { 475 $message = $mybb->input['message']; 476 $subject = $mybb->input['subject']; 477 } 478 479 if($mybb->input['previewpost'] || $post_errors) 480 { 481 // Set up posthandler. 482 require_once MYBB_ROOT."inc/datahandlers/post.php"; 483 $posthandler = new PostDataHandler("update"); 484 $posthandler->action = "post"; 485 486 // Set the post data that came from the input to the $post array. 487 $post = array( 488 "pid" => $mybb->input['pid'], 489 "prefix" => $mybb->input['threadprefix'], 490 "subject" => $mybb->input['subject'], 491 "icon" => $mybb->input['icon'], 492 "uid" => $post['uid'], 493 "edit_uid" => $mybb->user['uid'], 494 "message" => $mybb->input['message'], 495 ); 496 497 if(!$mybb->input['previewpost']) 498 { 499 $post['uid'] = $mybb->user['uid']; 500 $post['username'] = $mybb->user['username']; 501 } 502 503 // Set up the post options from the input. 504 $post['options'] = array( 505 "signature" => $mybb->input['postoptions']['signature'], 506 "emailnotify" => $mybb->input['postoptions']['emailnotify'], 507 "disablesmilies" => $mybb->input['postoptions']['disablesmilies'] 508 ); 509 510 $posthandler->set_data($post); 511 512 // Now let the post handler do all the hard work. 513 if(!$posthandler->validate_post()) 514 { 515 $post_errors = $posthandler->get_friendly_errors(); 516 $post_errors = inline_error($post_errors); 517 $mybb->input['action'] = "editpost"; 518 $mybb->input['previewpost'] = 0; 519 } 520 else 521 { 522 $previewmessage = $message; 523 $previewsubject = $subject; 524 $message = htmlspecialchars_uni($message); 525 $subject = htmlspecialchars_uni($subject); 526 527 $postoptions = $mybb->input['postoptions']; 528 529 if($postoptions['signature'] == 1) 530 { 531 $postoptionschecked['signature'] = " checked=\"checked\""; 532 } 533 534 if($postoptions['subscriptionmethod'] == "none") 535 { 536 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 537 } 538 else if($postoptions['subscriptionmethod'] == "instant") 539 { 540 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 541 } 542 else 543 { 544 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 545 } 546 547 if($postoptions['disablesmilies'] == 1) 548 { 549 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 550 } 551 } 552 } 553 554 if($mybb->input['previewpost']) 555 { 556 // Figure out the poster's other information. 557 $query = $db->query(" 558 SELECT u.*, f.*, p.dateline 559 FROM ".TABLE_PREFIX."users u 560 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 561 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.uid=u.uid) 562 WHERE u.uid='{$post['uid']}' AND p.pid='{$pid}' 563 LIMIT 1 564 "); 565 $postinfo = $db->fetch_array($query); 566 567 $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); 568 while($attachment = $db->fetch_array($query)) 569 { 570 $attachcache[0][$attachment['aid']] = $attachment; 571 } 572 573 // Set the values of the post info array. 574 $postinfo['userusername'] = $postinfo['username']; 575 $postinfo['message'] = $previewmessage; 576 $postinfo['subject'] = $previewsubject; 577 $postinfo['icon'] = $icon; 578 $postinfo['smilieoff'] = $postoptions['disablesmilies']; 579 580 $postbit = build_postbit($postinfo, 1); 581 eval("\$preview = \"".$templates->get("previewpost")."\";"); 582 } 583 else if(!$post_errors) 584 { 585 $message = htmlspecialchars_uni($message); 586 $subject = htmlspecialchars_uni($subject); 587 588 if($post['includesig'] != 0) 589 { 590 $postoptionschecked['signature'] = " checked=\"checked\""; 591 } 592 593 if($post['smilieoff'] == 1) 594 { 595 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 596 } 597 598 $query = $db->simple_select("threadsubscriptions", "notification", "tid='{$tid}' AND uid='{$mybb->user['uid']}'"); 599 if($db->num_rows($query) > 0) 600 { 601 $notification = $db->fetch_field($query, 'notification'); 602 603 if($notification == 0) 604 { 605 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 606 } 607 else if($notification == 1) 608 { 609 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 610 } 611 else 612 { 613 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 614 } 615 } 616 } 617 618 // Generate thread prefix selector if this is the first post of the thread 619 if($thread['firstpost'] == $pid) 620 { 621 if(!intval($mybb->input['threadprefix'])) 622 { 623 $mybb->input['threadprefix'] = $thread['prefix']; 624 } 625 626 $prefixselect = build_prefix_select($forum['fid'], $mybb->input['threadprefix']); 627 } 628 else 629 { 630 $prefixselect = ""; 631 } 632 633 // Fetch subscription select box 634 $bgcolor = "trow1"; 635 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 636 637 $bgcolor2 = "trow2"; 638 $query = $db->simple_select("posts", "*", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc")); 639 $firstcheck = $db->fetch_array($query); 640 if($firstcheck['pid'] == $pid && $forumpermissions['canpostpolls'] != 0 && $thread['poll'] < 1) 641 { 642 $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']); 643 $numpolloptions = "2"; 644 eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";"); 645 } 646 647 // Can we disable smilies or are they disabled already? 648 if($forum['allowsmilies'] != 0) 649 { 650 eval("\$disablesmilies = \"".$templates->get("editpost_disablesmilies")."\";"); 651 } 652 else 653 { 654 $disablesmilies = "<input type=\"hidden\" name=\"postoptions[disablesmilies]\" value=\"no\" />"; 655 } 656 657 $plugins->run_hooks("editpost_end"); 658 659 $forum['name'] = strip_tags($forum['name']); 660 661 eval("\$editpost = \"".$templates->get("editpost")."\";"); 662 output_page($editpost); 663 } 664 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Oct 8 19:19:50 2013 | Cross-referenced by PHPXref 0.7.1 |