| [ Index ] |
PHP Cross Reference of MyBB |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id$ 10 */ 11 12 define("IN_MYBB", 1); 13 define('THIS_SCRIPT', 'newthread.php'); 14 15 $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,smilieinsert,newthread_multiquote_external,post_attachments_attachment_unapproved"; 16 $templatelist .= ",newthread_disablesmilies,newreply_modoptions,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove"; 17 $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_options_signature"; 18 $templatelist .= ",member_register_regimage,member_register_regimage_recaptcha,post_captcha_hidden,post_captcha,post_captcha_recaptcha,postbit_groupimage,postbit_online,postbit_away,postbit_offline"; 19 $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest"; 20 $templatelist .= ",postbit_signature,postbit_classic,postbit,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved"; 21 $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_gotopost,smilieinsert_getmore"; 22 23 require_once "./global.php"; 24 require_once MYBB_ROOT."inc/functions_post.php"; 25 require_once MYBB_ROOT."inc/functions_user.php"; 26 27 // Load global language phrases 28 $lang->load("newthread"); 29 30 $tid = $pid = ""; 31 if($mybb->input['action'] == "editdraft" || ($mybb->input['savedraft'] && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid'])) 32 { 33 $thread = get_thread($mybb->input['tid']); 34 35 $query = $db->simple_select("posts", "*", "tid='".intval($mybb->input['tid'])."' AND visible='-2'", array('order_by' => 'dateline', 'limit' => 1)); 36 $post = $db->fetch_array($query); 37 38 if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) 39 { 40 error($lang->invalidthread); 41 } 42 43 $pid = $post['pid']; 44 $fid = $thread['fid']; 45 $tid = $thread['tid']; 46 $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />"; 47 } 48 else 49 { 50 $fid = intval($mybb->input['fid']); 51 } 52 53 // Fetch forum information. 54 $forum = get_forum($fid); 55 if(!$forum) 56 { 57 error($lang->error_invalidforum); 58 } 59 60 // Draw the navigation 61 build_forum_breadcrumb($fid); 62 add_breadcrumb($lang->nav_newthread); 63 64 $forumpermissions = forum_permissions($fid); 65 66 if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "") 67 { 68 error($lang->error_closedinvalidforum); 69 } 70 71 if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) 72 { 73 error_no_permission(); 74 } 75 76 // Check if this forum is password protected and we have a valid password 77 check_forum_password($forum['fid']); 78 79 // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter. 80 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 81 { 82 $codebuttons = build_mycode_inserter(); 83 if($forum['allowsmilies'] != 0) 84 { 85 $smilieinserter = build_clickable_smilies(); 86 } 87 } 88 89 // Does this forum allow post icons? If so, fetch the post icons. 90 if($forum['allowpicons'] != 0) 91 { 92 $posticons = get_post_icons(); 93 } 94 95 // If we have a currently logged in user then fetch the change user box. 96 if($mybb->user['uid'] != 0) 97 { 98 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 99 } 100 101 // Otherwise we have a guest, determine the "username" and get the login box. 102 else 103 { 104 if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newthread") 105 { 106 $username = ''; 107 } 108 else 109 { 110 $username = htmlspecialchars_uni($mybb->input['username']); 111 } 112 eval("\$loginbox = \"".$templates->get("loginbox")."\";"); 113 } 114 115 // If we're not performing a new thread insert and not editing a draft then we're posting a new thread. 116 if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft") 117 { 118 $mybb->input['action'] = "newthread"; 119 } 120 121 // Previewing a post, overwrite the action to the new thread action. 122 if($mybb->input['previewpost']) 123 { 124 $mybb->input['action'] = "newthread"; 125 } 126 127 // Setup a unique posthash for attachment management 128 if(!$mybb->input['posthash'] && !$pid) 129 { 130 $mybb->input['posthash'] = md5($mybb->user['uid'].random_str()); 131 } 132 133 if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1') 134 { 135 error($lang->error_cannot_upload_php_post); 136 } 137 138 // Handle attachments if we've got any. 139 if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || $mybb->input['updateattachment'] || ($mybb->input['action'] == "do_newthread" && $mybb->input['submit'] && $_FILES['attachment']))) 140 { 141 // Verify incoming POST request 142 verify_post_check($mybb->input['my_post_key']); 143 144 if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) 145 { 146 $attachwhere = "pid='{$pid}'"; 147 } 148 else 149 { 150 $attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'"; 151 } 152 $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere); 153 $attachcount = $db->fetch_field($query, "numattachs"); 154 155 // If there's an attachment, check it and upload it 156 if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) 157 { 158 require_once MYBB_ROOT."inc/functions_upload.php"; 159 160 $update_attachment = false; 161 if($mybb->input['updateattachment']) 162 { 163 $update_attachment = true; 164 } 165 $attachedfile = upload_attachment($_FILES['attachment'], $update_attachment); 166 } 167 168 // Error with attachments - should use new inline errors? 169 if($attachedfile['error']) 170 { 171 $errors[] = $attachedfile['error']; 172 $mybb->input['action'] = "newthread"; 173 } 174 175 // If we were dealing with an attachment but didn't click 'Post Thread', force the new thread page again. 176 if(!$mybb->input['submit']) 177 { 178 //$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />"; 179 $mybb->input['action'] = "newthread"; 180 } 181 } 182 183 // Are we removing an attachment from the thread? 184 if($mybb->input['attachmentaid'] && $mybb->input['attachmentact'] == "remove") 185 { 186 // Verify incoming POST request 187 verify_post_check($mybb->input['my_post_key']); 188 189 require_once MYBB_ROOT."inc/functions_upload.php"; 190 remove_attachment($pid, $mybb->input['posthash'], $mybb->input['attachmentaid']); 191 if(!$mybb->input['submit']) 192 { 193 $mybb->input['action'] = "newthread"; 194 } 195 } 196 197 $thread_errors = ""; 198 $hide_captcha = false; 199 200 // Check the maximum posts per day for this user 201 if($mybb->settings['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1) 202 { 203 $daycut = TIME_NOW-60*60*24; 204 $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}"); 205 $post_count = $db->fetch_field($query, "posts_today"); 206 if($post_count >= $mybb->settings['maxposts']) 207 { 208 $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']); 209 error($lang->error_maxposts); 210 } 211 } 212 213 // Performing the posting of a new thread. 214 if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post") 215 { 216 // Verify incoming POST request 217 verify_post_check($mybb->input['my_post_key']); 218 219 $plugins->run_hooks("newthread_do_newthread_start"); 220 221 // If this isn't a logged in user, then we need to do some special validation. 222 if($mybb->user['uid'] == 0) 223 { 224 $username = htmlspecialchars_uni($mybb->input['username']); 225 226 // Check if username exists. 227 if(username_exists($mybb->input['username'])) 228 { 229 // If it does throw back "username is taken" 230 error($lang->error_usernametaken); 231 } 232 // This username does not exist. 233 else 234 { 235 // If they didn't specify a username then give them "Guest" 236 if(!$mybb->input['username']) 237 { 238 $username = $lang->guest; 239 } 240 // Otherwise use the name they specified. 241 else 242 { 243 $username = htmlspecialchars_uni($mybb->input['username']); 244 } 245 $uid = 0; 246 } 247 } 248 // This user is logged in. 249 else 250 { 251 $username = $mybb->user['username']; 252 $uid = $mybb->user['uid']; 253 } 254 255 // Attempt to see if this post is a duplicate or not 256 if($uid > 0) 257 { 258 $user_check = "p.uid='{$uid}'"; 259 } 260 else 261 { 262 $user_check = "p.ipaddress='".$db->escape_string($session->ipaddress)."'"; 263 } 264 if(!$mybb->input['savedraft'] && !$pid) 265 { 266 $check_subject = utf8_handle_4byte_string($mybb->input['subject']); 267 $check_message = utf8_handle_4byte_string($mybb->input['message']); 268 $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($check_subject)."' AND p.message='".$db->escape_string($check_message)."' AND p.dateline>".(TIME_NOW-600)); 269 $duplicate_check = $db->fetch_field($query, "pid"); 270 if($duplicate_check) 271 { 272 error($lang->error_post_already_submitted); 273 } 274 } 275 276 // Set up posthandler. 277 require_once MYBB_ROOT."inc/datahandlers/post.php"; 278 $posthandler = new PostDataHandler("insert"); 279 $posthandler->action = "thread"; 280 281 // Set the thread data that came from the input to the $thread array. 282 $new_thread = array( 283 "fid" => $forum['fid'], 284 "subject" => $mybb->input['subject'], 285 "prefix" => $mybb->input['threadprefix'], 286 "icon" => $mybb->input['icon'], 287 "uid" => $uid, 288 "username" => $username, 289 "message" => $mybb->input['message'], 290 "ipaddress" => get_ip(), 291 "posthash" => $mybb->input['posthash'] 292 ); 293 294 if($pid != '') 295 { 296 $new_thread['pid'] = $pid; 297 } 298 299 // Are we saving a draft thread? 300 if($mybb->input['savedraft'] && $mybb->user['uid']) 301 { 302 $new_thread['savedraft'] = 1; 303 } 304 else 305 { 306 $new_thread['savedraft'] = 0; 307 } 308 309 // Is this thread already a draft and we're updating it? 310 if(isset($thread['tid']) && $thread['visible'] == -2) 311 { 312 $new_thread['tid'] = $thread['tid']; 313 } 314 315 // Set up the thread options from the input. 316 $new_thread['options'] = array( 317 "signature" => $mybb->input['postoptions']['signature'], 318 "subscriptionmethod" => $mybb->input['postoptions']['subscriptionmethod'], 319 "disablesmilies" => $mybb->input['postoptions']['disablesmilies'] 320 ); 321 322 // Apply moderation options if we have them 323 $new_thread['modoptions'] = $mybb->input['modoptions']; 324 325 $posthandler->set_data($new_thread); 326 327 // Now let the post handler do all the hard work. 328 $valid_thread = $posthandler->validate_thread(); 329 330 $post_errors = array(); 331 // Fetch friendly error messages if this is an invalid thread 332 if(!$valid_thread) 333 { 334 $post_errors = $posthandler->get_friendly_errors(); 335 } 336 337 // Check captcha image 338 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 339 { 340 require_once MYBB_ROOT.'inc/class_captcha.php'; 341 $post_captcha = new captcha; 342 343 if($post_captcha->validate_captcha() == false) 344 { 345 // CAPTCHA validation failed 346 foreach($post_captcha->get_errors() as $error) 347 { 348 $post_errors[] = $error; 349 } 350 } 351 else 352 { 353 $hide_captcha = true; 354 } 355 } 356 357 // One or more errors returned, fetch error list and throw to newthread page 358 if(count($post_errors) > 0) 359 { 360 $thread_errors = inline_error($post_errors); 361 $mybb->input['action'] = "newthread"; 362 } 363 // No errors were found, it is safe to insert the thread. 364 else 365 { 366 $thread_info = $posthandler->insert_thread(); 367 $tid = $thread_info['tid']; 368 $visible = $thread_info['visible']; 369 370 // Invalidate solved captcha 371 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 372 { 373 $post_captcha->invalidate_captcha(); 374 } 375 376 // Mark thread as read 377 require_once MYBB_ROOT."inc/functions_indicators.php"; 378 mark_thread_read($tid, $fid); 379 380 // We were updating a draft thread, send them back to the draft listing. 381 if($new_thread['savedraft'] == 1) 382 { 383 $lang->redirect_newthread = $lang->draft_saved; 384 $url = "usercp.php?action=drafts"; 385 } 386 387 // A poll was being posted with this thread, throw them to poll posting page. 388 else if($mybb->input['postpoll'] && $forumpermissions['canpostpolls']) 389 { 390 $url = "polls.php?action=newpoll&tid=$tid&polloptions=".intval($mybb->input['numpolloptions']); 391 $lang->redirect_newthread .= $lang->redirect_newthread_poll; 392 } 393 394 // This thread is stuck in the moderation queue, send them back to the forum. 395 else if(!$visible) 396 { 397 // Moderated thread 398 if($mybb->user['showredirect'] != 1) 399 { 400 // User must see moderation notice, regardless of redirect settings 401 $mybb->user['showredirect'] = 1; 402 } 403 404 $lang->redirect_newthread .= $lang->redirect_newthread_moderation; 405 $url = get_forum_link($fid); 406 } 407 408 // This is just a normal thread - send them to it. 409 else 410 { 411 // Visible thread 412 $lang->redirect_newthread .= $lang->redirect_newthread_thread; 413 $url = get_thread_link($tid); 414 } 415 416 // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected 417 if($mybb->input['quoted_ids'] && $mybb->cookies['multiquote'] && $mybb->settings['multiquote'] != 0) 418 { 419 // We quoted all posts - remove the entire cookie 420 if($mybb->input['quoted_ids'] == "all") 421 { 422 my_unsetcookie("multiquote"); 423 } 424 } 425 426 $plugins->run_hooks("newthread_do_newthread_end"); 427 428 // Hop to it! Send them to the next page. 429 if(!$mybb->input['postpoll']) 430 { 431 $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); 432 } 433 redirect($url, $lang->redirect_newthread); 434 } 435 } 436 437 if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft") 438 { 439 440 $plugins->run_hooks("newthread_start"); 441 442 // If this isn't a preview and we're not editing a draft, then handle quoted posts 443 if(!$mybb->input['previewpost'] && !$thread_errors && $mybb->input['action'] != "editdraft") 444 { 445 $message = ''; 446 $quoted_posts = array(); 447 // Handle multiquote 448 if($mybb->cookies['multiquote'] && $mybb->settings['multiquote'] != 0) 449 { 450 $multiquoted = explode("|", $mybb->cookies['multiquote']); 451 foreach($multiquoted as $post) 452 { 453 $quoted_posts[$post] = intval($post); 454 } 455 } 456 457 // Quoting more than one post - fetch them 458 if(count($quoted_posts) > 0) 459 { 460 $external_quotes = 0; 461 $quoted_posts = implode(",", $quoted_posts); 462 $unviewable_forums = get_unviewable_forums(); 463 if($unviewable_forums) 464 { 465 $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; 466 } 467 468 if(is_moderator($fid)) 469 { 470 $visible_where = "AND p.visible != 2"; 471 } 472 else 473 { 474 $visible_where = "AND p.visible > 0"; 475 } 476 477 if(intval($mybb->input['load_all_quotes']) == 1) 478 { 479 $query = $db->query(" 480 SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername 481 FROM ".TABLE_PREFIX."posts p 482 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 483 LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) 484 WHERE p.pid IN ($quoted_posts) {$unviewable_forums} {$visible_where} 485 ORDER BY p.dateline 486 "); 487 while($quoted_post = $db->fetch_array($query)) 488 { 489 if($quoted_post['userusername']) 490 { 491 $quoted_post['username'] = $quoted_post['userusername']; 492 } 493 $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']); 494 $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']); 495 $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']); 496 $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n"; 497 } 498 499 $quoted_ids = "all"; 500 } 501 else 502 { 503 $query = $db->query(" 504 SELECT COUNT(*) AS quotes 505 FROM ".TABLE_PREFIX."posts p 506 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) 507 WHERE p.pid IN ($quoted_posts) {$unviewable_forums} {$visible_where} 508 "); 509 $external_quotes = $db->fetch_field($query, 'quotes'); 510 511 if($external_quotes > 0) 512 { 513 if($external_quotes == 1) 514 { 515 $multiquote_text = $lang->multiquote_external_one; 516 $multiquote_deselect = $lang->multiquote_external_one_deselect; 517 $multiquote_quote = $lang->multiquote_external_one_quote; 518 } 519 else 520 { 521 $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes); 522 $multiquote_deselect = $lang->multiquote_external_deselect; 523 $multiquote_quote = $lang->multiquote_external_quote; 524 } 525 eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";"); 526 } 527 } 528 } 529 } 530 531 if($mybb->input['quoted_ids']) 532 { 533 $quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']); 534 } 535 536 // Check the various post options if we're 537 // a -> previewing a post 538 // b -> removing an attachment 539 // c -> adding a new attachment 540 // d -> have errors from posting 541 542 if($mybb->input['previewpost'] || $mybb->input['attachmentaid'] || $mybb->input['newattachment'] || $mybb->input['updateattachment'] || $thread_errors) 543 { 544 $postoptions = $mybb->input['postoptions']; 545 if($postoptions['signature'] == 1) 546 { 547 $postoptionschecked['signature'] = " checked=\"checked\""; 548 } 549 if($postoptions['subscriptionmethod'] == "none") 550 { 551 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 552 } 553 else if($postoptions['subscriptionmethod'] == "instant") 554 { 555 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 556 } 557 else 558 { 559 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 560 } 561 if($postoptions['disablesmilies'] == 1) 562 { 563 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 564 } 565 if($mybb->input['postpoll'] == 1) 566 { 567 $postpollchecked = "checked=\"checked\""; 568 } 569 $numpolloptions = intval($mybb->input['numpolloptions']); 570 } 571 572 // Editing a draft thread 573 else if($mybb->input['action'] == "editdraft" && $mybb->user['uid']) 574 { 575 $mybb->input['threadprefix'] = $thread['prefix']; 576 $message = htmlspecialchars_uni($post['message']); 577 $subject = htmlspecialchars_uni($post['subject']); 578 if($post['includesig'] != 0) 579 { 580 $postoptionschecked['signature'] = " checked=\"checked\""; 581 } 582 if($post['smilieoff'] == 1) 583 { 584 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 585 } 586 $icon = $post['icon']; 587 if($forum['allowpicons'] != 0) 588 { 589 $posticons = get_post_icons(); 590 } 591 if($postoptions['subscriptionmethod'] == "none") 592 { 593 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 594 } 595 else if($postoptions['subscriptionmethod'] == "instant") 596 { 597 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 598 } 599 else 600 { 601 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 602 } 603 } 604 605 // Otherwise, this is our initial visit to this page. 606 else 607 { 608 if($mybb->user['signature'] != '') 609 { 610 $postoptionschecked['signature'] = " checked=\"checked\""; 611 } 612 if($mybb->user['subscriptionmethod'] == 1) 613 { 614 $postoptions_subscriptionmethod_none = "checked=\"checked\""; 615 } 616 else if($mybb->user['subscriptionmethod'] == 2) 617 { 618 $postoptions_subscriptionmethod_instant = "checked=\"checked\""; 619 } 620 else 621 { 622 $postoptions_subscriptionmethod_dont = "checked=\"checked\""; 623 } 624 $numpolloptions = "2"; 625 } 626 627 // If we're preving a post then generate the preview. 628 if($mybb->input['previewpost']) 629 { 630 // Set up posthandler. 631 require_once MYBB_ROOT."inc/datahandlers/post.php"; 632 $posthandler = new PostDataHandler("insert"); 633 $posthandler->action = "thread"; 634 635 // Set the thread data that came from the input to the $thread array. 636 $new_thread = array( 637 "fid" => $forum['fid'], 638 "prefix" => $mybb->input['threadprefix'], 639 "subject" => $mybb->input['subject'], 640 "icon" => $mybb->input['icon'], 641 "uid" => $uid, 642 "username" => $username, 643 "message" => $mybb->input['message'], 644 "ipaddress" => get_ip(), 645 "posthash" => $mybb->input['posthash'] 646 ); 647 648 if($pid != '') 649 { 650 $new_thread['pid'] = $pid; 651 } 652 653 $posthandler->set_data($new_thread); 654 655 // Now let the post handler do all the hard work. 656 $valid_thread = $posthandler->verify_message(); 657 $valid_subject = $posthandler->verify_subject(); 658 659 $post_errors = array(); 660 // Fetch friendly error messages if this is an invalid post 661 if(!$valid_thread || !$valid_subject) 662 { 663 $post_errors = $posthandler->get_friendly_errors(); 664 } 665 666 // One or more errors returned, fetch error list and throw to newreply page 667 if(count($post_errors) > 0) 668 { 669 $thread_errors = inline_error($post_errors); 670 } 671 else 672 { 673 if(!$mybb->input['username']) 674 { 675 $mybb->input['username'] = $lang->guest; 676 } 677 $query = $db->query(" 678 SELECT u.*, f.* 679 FROM ".TABLE_PREFIX."users u 680 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 681 WHERE u.uid='".$mybb->user['uid']."' 682 "); 683 $post = $db->fetch_array($query); 684 if(!$mybb->user['uid'] || !$post['username']) 685 { 686 $post['username'] = htmlspecialchars_uni($mybb->input['username']); 687 } 688 else 689 { 690 $post['userusername'] = $mybb->user['username']; 691 $post['username'] = $mybb->user['username']; 692 } 693 $previewmessage = $mybb->input['message']; 694 $post['message'] = $previewmessage; 695 $post['subject'] = $mybb->input['subject']; 696 $post['icon'] = $mybb->input['icon']; 697 $post['smilieoff'] = $postoptions['disablesmilies']; 698 $post['dateline'] = TIME_NOW; 699 $post['includesig'] = $mybb->input['postoptions']['signature']; 700 if($post['includesig'] != 1) 701 { 702 $post['includesig'] = 0; 703 } 704 705 // Fetch attachments assigned to this post 706 if($mybb->input['pid']) 707 { 708 $attachwhere = "pid='".intval($mybb->input['pid'])."'"; 709 } 710 else 711 { 712 $attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'"; 713 } 714 715 $query = $db->simple_select("attachments", "*", $attachwhere); 716 while($attachment = $db->fetch_array($query)) 717 { 718 $attachcache[0][$attachment['aid']] = $attachment; 719 } 720 721 $postbit = build_postbit($post, 1); 722 eval("\$preview = \"".$templates->get("previewpost")."\";"); 723 } 724 $message = htmlspecialchars_uni($mybb->input['message']); 725 $subject = htmlspecialchars_uni($mybb->input['subject']); 726 } 727 728 // Removing an attachment or adding a new one, or showting thread errors. 729 else if($mybb->input['attachmentaid'] || $mybb->input['newattachment'] || $mybb->input['updateattachment'] || $thread_errors) 730 { 731 $message = htmlspecialchars_uni($mybb->input['message']); 732 $subject = htmlspecialchars_uni($mybb->input['subject']); 733 } 734 735 // Do we have attachment errors? 736 if(count($errors) > 0) 737 { 738 $thread_errors = inline_error($errors); 739 } 740 741 // Generate thread prefix selector 742 if(!intval($mybb->input['threadprefix'])) 743 { 744 $mybb->input['threadprefix'] = 0; 745 } 746 747 $prefixselect = build_prefix_select($forum['fid'], $mybb->input['threadprefix']); 748 749 $posthash = htmlspecialchars_uni($mybb->input['posthash']); 750 751 // Can we disable smilies or are they disabled already? 752 if($forum['allowsmilies'] != 0) 753 { 754 eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";"); 755 } 756 else 757 { 758 $disablesmilies = "<input type=\"hidden\" name=\"postoptions[disablesmilies]\" value=\"no\" />"; 759 } 760 761 // Show the moderator options 762 if(is_moderator($fid)) 763 { 764 $modoptions = $mybb->input['modoptions']; 765 if($modoptions['closethread'] == 1) 766 { 767 $closecheck = "checked=\"checked\""; 768 } 769 else 770 { 771 $closecheck = ''; 772 } 773 if($modoptions['stickthread'] == 1) 774 { 775 $stickycheck = "checked=\"checked\""; 776 } 777 else 778 { 779 $stickycheck = ''; 780 } 781 unset($modoptions); 782 eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";"); 783 $bgcolor = "trow1"; 784 $bgcolor2 = "trow2"; 785 } 786 else 787 { 788 $bgcolor = "trow2"; 789 $bgcolor2 = "trow1"; 790 } 791 792 // Fetch subscription select box 793 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 794 795 if($forumpermissions['canpostattachments'] != 0) 796 { // Get a listing of the current attachments, if there are any 797 $attachcount = 0; 798 if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) 799 { 800 $attachwhere = "pid='$pid'"; 801 } 802 else 803 { 804 $attachwhere = "posthash='".$db->escape_string($posthash)."'"; 805 } 806 $query = $db->simple_select("attachments", "*", $attachwhere); 807 $attachments = ''; 808 while($attachment = $db->fetch_array($query)) 809 { 810 $attachment['size'] = get_friendly_size($attachment['filesize']); 811 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 812 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 813 814 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0)) 815 { 816 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 817 } 818 819 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 820 821 $attach_mod_options = ''; 822 if($attachment['visible'] != 1) 823 { 824 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 825 } 826 else 827 { 828 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 829 } 830 $attachcount++; 831 } 832 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 833 $usage = $db->fetch_array($query); 834 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 835 { 836 $noshowattach = 1; 837 } 838 if($mybb->usergroup['attachquota'] == 0) 839 { 840 $friendlyquota = $lang->unlimited; 841 } 842 else 843 { 844 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 845 } 846 $friendlyusage = get_friendly_size($usage['ausage']); 847 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyusage, $friendlyquota); 848 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 849 { 850 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 851 } 852 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 853 854 $bgcolor = alt_trow(); 855 } 856 857 if($mybb->user['uid']) 858 { 859 eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";"); 860 } 861 862 // Show captcha image for guests if enabled 863 if($mybb->settings['captchaimage'] && !$mybb->user['uid']) 864 { 865 $correct = false; 866 require_once MYBB_ROOT.'inc/class_captcha.php'; 867 $post_captcha = new captcha(false, "post_captcha"); 868 869 if($mybb->input['previewpost'] || $hide_captcha == true && $post_captcha->type == 1) 870 { 871 // If previewing a post - check their current captcha input - if correct, hide the captcha input area 872 // ... but only if it's a default one, reCAPTCHAs must be filled in every time due to draconian limits 873 if($post_captcha->validate_captcha() == true) 874 { 875 $correct = true; 876 877 // Generate a hidden list of items for our captcha 878 $captcha = $post_captcha->build_hidden_captcha(); 879 } 880 } 881 882 if(!$correct) 883 { 884 if($post_captcha->type == 1) 885 { 886 $post_captcha->build_captcha(); 887 } 888 elseif($post_captcha->type == 2) 889 { 890 $post_captcha->build_recaptcha(); 891 } 892 893 if($post_captcha->html) 894 { 895 $captcha = $post_captcha->html; 896 } 897 } 898 else if($correct && $post_captcha->type == 2) 899 { 900 $post_captcha->build_recaptcha(); 901 902 if($post_captcha->html) 903 { 904 $captcha = $post_captcha->html; 905 } 906 } 907 } 908 909 if($forumpermissions['canpostpolls'] != 0) 910 { 911 $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']); 912 eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";"); 913 } 914 915 // Do we have any forum rules to show for this forum? 916 $forumrules = ''; 917 if($forum['rulestype'] >= 2 && $forum['rules']) 918 { 919 if(!$forum['rulestitle']) 920 { 921 $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']); 922 } 923 924 if(!$parser) 925 { 926 require_once MYBB_ROOT.'inc/class_parser.php'; 927 $parser = new postParser; 928 } 929 930 $rules_parser = array( 931 "allow_html" => 1, 932 "allow_mycode" => 1, 933 "allow_smilies" => 1, 934 "allow_imgcode" => 1 935 ); 936 937 $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser); 938 $foruminfo = $forum; 939 940 if($forum['rulestype'] == 3) 941 { 942 eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";"); 943 } 944 else if($forum['rulestype'] == 2) 945 { 946 eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";"); 947 } 948 } 949 950 $plugins->run_hooks("newthread_end"); 951 952 $forum['name'] = strip_tags($forum['name']); 953 $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']); 954 955 $newthread_template = $templates->get("newthread"); 956 957 // Hide signature option if no permission 958 $option_signature = ''; 959 if($mybb->usergroup['canusesig'] && !$mybb->user['suspendsignature']) 960 { 961 $option_signature = $templates->get('newthread_options_signature'); 962 } 963 eval("\$option_signature = \"".$option_signature."\";"); 964 965 eval("\$newthread = \"".$newthread_template."\";"); 966 output_page($newthread); 967 } 968 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Oct 8 19:19:50 2013 | Cross-referenced by PHPXref 0.7.1 |