| [ Index ] |
PHP Cross Reference of phpBB 3.0 Beta 3 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * @package phpBB3 5 * @version $Id: posting.php,v 1.430 2006/11/12 14:29:31 naderman Exp $ 6 * @copyright (c) 2005 phpBB Group 7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 8 * 9 */ 10 11 /** 12 * @ignore 13 */ 14 define('IN_PHPBB', true); 15 $phpbb_root_path = './'; 16 $phpEx = substr(strrchr(__FILE__, '.'), 1); 17 include($phpbb_root_path . 'common.' . $phpEx); 18 include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); 19 include($phpbb_root_path . 'includes/functions_display.' . $phpEx); 20 include($phpbb_root_path . 'includes/message_parser.' . $phpEx); 21 22 23 // Start session management 24 $user->session_begin(); 25 $auth->acl($user->data); 26 27 28 // Grab only parameters needed here 29 $post_id = request_var('p', 0); 30 $topic_id = request_var('t', 0); 31 $forum_id = request_var('f', 0); 32 $draft_id = request_var('d', 0); 33 $lastclick = request_var('lastclick', 0); 34 35 $submit = (isset($_POST['post'])) ? true : false; 36 $preview = (isset($_POST['preview'])) ? true : false; 37 $save = (isset($_POST['save'])) ? true : false; 38 $load = (isset($_POST['load'])) ? true : false; 39 $delete = (isset($_POST['delete'])) ? true : false; 40 $cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false; 41 42 $refresh = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['edit_comment']) || isset($_POST['cancel_unglobalise']) || $save || $load) ? true : false; 43 $mode = ($delete && !$preview && !$refresh && $submit) ? 'delete' : request_var('mode', ''); 44 45 $error = $post_data = array(); 46 $current_time = time(); 47 48 // Was cancel pressed? If so then redirect to the appropriate page 49 if ($cancel || ($current_time - $lastclick < 2 && $submit)) 50 { 51 $redirect = ($post_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $post_id) . '#p' . $post_id : (($topic_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_id) : (($forum_id) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}index.$phpEx"))); 52 redirect($redirect); 53 } 54 55 if (in_array($mode, array('post', 'reply', 'quote', 'edit', 'delete')) && !$forum_id) 56 { 57 trigger_error('NO_FORUM'); 58 } 59 60 // We need to know some basic information in all cases before we do anything. 61 switch ($mode) 62 { 63 case 'post': 64 $sql = 'SELECT * 65 FROM ' . FORUMS_TABLE . " 66 WHERE forum_id = $forum_id"; 67 break; 68 69 case 'bump': 70 case 'reply': 71 if (!$topic_id) 72 { 73 trigger_error('NO_TOPIC'); 74 } 75 76 $sql = 'SELECT f.*, t.* 77 FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f 78 WHERE t.topic_id = $topic_id 79 AND (f.forum_id = t.forum_id 80 OR f.forum_id = $forum_id)"; 81 break; 82 83 case 'quote': 84 case 'edit': 85 case 'delete': 86 if (!$post_id) 87 { 88 trigger_error('NO_POST'); 89 } 90 91 $sql = 'SELECT f.*, t.*, p.*, u.username, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield 92 FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u 93 WHERE p.post_id = $post_id 94 AND t.topic_id = p.topic_id 95 AND u.user_id = p.poster_id 96 AND (f.forum_id = t.forum_id 97 OR f.forum_id = $forum_id)"; 98 break; 99 100 case 'smilies': 101 $sql = ''; 102 generate_smilies('window', $forum_id); 103 break; 104 105 case 'popup': 106 if ($forum_id) 107 { 108 $sql = 'SELECT forum_style 109 FROM ' . FORUMS_TABLE . ' 110 WHERE forum_id = ' . $forum_id; 111 } 112 else 113 { 114 upload_popup(); 115 exit; 116 } 117 break; 118 119 default: 120 $sql = ''; 121 break; 122 } 123 124 if (!$sql) 125 { 126 $user->setup(array('posting', 'mcp', 'viewtopic')); 127 trigger_error('NO_POST_MODE'); 128 } 129 130 $result = $db->sql_query($sql); 131 $post_data = $db->sql_fetchrow($result); 132 $db->sql_freeresult($result); 133 134 if (!$post_data) 135 { 136 trigger_error(($mode == 'post' || $mode == 'bump' || $mode == 'reply') ? 'NO_TOPIC' : 'NO_POST'); 137 } 138 139 if ($mode == 'popup') 140 { 141 upload_popup($post_data['forum_style']); 142 exit; 143 } 144 145 $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']); 146 147 // Use post_row values in favor of submitted ones... 148 $forum_id = (!empty($post_data['forum_id'])) ? (int) $post_data['forum_id'] : (int) $forum_id; 149 $topic_id = (!empty($post_data['topic_id'])) ? (int) $post_data['topic_id'] : (int) $topic_id; 150 $post_id = (!empty($post_data['post_id'])) ? (int) $post_data['post_id'] : (int) $post_id; 151 152 // Need to login to passworded forum first? 153 if ($post_data['forum_password']) 154 { 155 login_forum_box(array( 156 'forum_id' => $forum_id, 157 'forum_password' => $post_data['forum_password']) 158 ); 159 } 160 161 // Check permissions 162 163 // Is the user able to read within this forum? 164 if (!$auth->acl_get('f_read', $forum_id)) 165 { 166 if ($user->data['is_registered']) 167 { 168 trigger_error('USER_CANNOT_READ'); 169 } 170 171 login_box('', $user->lang['LOGIN_EXPLAIN_POST']); 172 } 173 174 // Permission to do the action asked? 175 $is_authed = false; 176 177 switch ($mode) 178 { 179 case 'post': 180 if ($auth->acl_get('f_post', $forum_id)) 181 { 182 $is_authed = true; 183 } 184 break; 185 186 case 'bump': 187 if ($auth->acl_get('f_bump', $forum_id)) 188 { 189 $is_authed = true; 190 } 191 break; 192 193 case 'quote': 194 case 'reply': 195 if ($auth->acl_get('f_reply', $forum_id)) 196 { 197 $is_authed = true; 198 } 199 break; 200 201 case 'edit': 202 if ($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id)) 203 { 204 $is_authed = true; 205 } 206 break; 207 208 case 'delete': 209 if ($user->data['is_registered'] && $auth->acl_gets('f_delete', 'm_delete', $forum_id)) 210 { 211 $is_authed = true; 212 } 213 break; 214 } 215 216 if (!$is_authed) 217 { 218 $check_auth = ($mode == 'quote') ? 'reply' : $mode; 219 220 if ($user->data['is_registered']) 221 { 222 trigger_error('USER_CANNOT_' . strtoupper($check_auth)); 223 } 224 225 login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]); 226 } 227 228 // Is the user able to post within this forum? 229 if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply'))) 230 { 231 trigger_error('USER_CANNOT_FORUM_POST'); 232 } 233 234 // Forum/Topic locked? 235 if (($post_data['forum_status'] == ITEM_LOCKED || (isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED)) && !$auth->acl_get('m_edit', $forum_id)) 236 { 237 trigger_error(($post_data['forum_status'] == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED'); 238 } 239 240 // Can we edit this post ... if we're a moderator with rights then always yes 241 // else it depends on editing times, lock status and if we're the correct user 242 if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id)) 243 { 244 if ($user->data['user_id'] != $post_data['poster_id']) 245 { 246 trigger_error('USER_CANNOT_EDIT'); 247 } 248 249 if (!($post_data['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) 250 { 251 trigger_error('CANNOT_EDIT_TIME'); 252 } 253 254 if ($post_data['post_edit_locked']) 255 { 256 trigger_error('CANNOT_EDIT_POST_LOCKED'); 257 } 258 } 259 260 // Handle delete mode... 261 if ($mode == 'delete') 262 { 263 handle_post_delete($forum_id, $topic_id, $post_id, $post_data); 264 exit; 265 } 266 267 // Handle bump mode... 268 if ($mode == 'bump') 269 { 270 if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id'])) 271 { 272 $db->sql_transaction('begin'); 273 274 $sql = 'UPDATE ' . POSTS_TABLE . " 275 SET post_time = $current_time 276 WHERE post_id = {$post_data['topic_last_post_id']} 277 AND topic_id = $topic_id"; 278 $db->sql_query($sql); 279 280 $sql = 'UPDATE ' . TOPICS_TABLE . " 281 SET topic_last_post_time = $current_time, 282 topic_bumped = 1, 283 topic_bumper = " . $user->data['user_id'] . " 284 WHERE topic_id = $topic_id"; 285 $db->sql_query($sql); 286 287 update_post_information('forum', $forum_id); 288 289 $sql = 'UPDATE ' . USERS_TABLE . " 290 SET user_lastpost_time = $current_time 291 WHERE user_id = " . $user->data['user_id']; 292 $db->sql_query($sql); 293 294 $db->sql_transaction('commit'); 295 296 markread('post', $forum_id, $topic_id, $current_time); 297 298 add_log('mod', $forum_id, $topic_id, 'LOG_BUMP_TOPIC', $post_data['topic_title']); 299 300 $meta_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}"; 301 meta_refresh(3, $meta_url); 302 303 $message = $user->lang['TOPIC_BUMPED'] . '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $meta_url . '">', '</a>'); 304 $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>'); 305 306 trigger_error($message); 307 } 308 309 trigger_error('BUMP_ERROR'); 310 } 311 312 313 // Determine some vars 314 $post_data['quote_username'] = (!empty($post_data['username'])) ? $post_data['username'] : ((!empty($post_data['post_username'])) ? $post_data['post_username'] : ''); 315 $post_data['post_edit_locked'] = (isset($post_data['post_edit_locked'])) ? (int) $post_data['post_edit_locked'] : 0; 316 $post_data['post_subject'] = (in_array($mode, array('quote', 'edit'))) ? $post_data['post_subject'] : ((isset($post_data['topic_title'])) ? $post_data['topic_title'] : ''); 317 $post_data['topic_time_limit'] = (isset($post_data['topic_time_limit'])) ? (($post_data['topic_time_limit']) ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit']) : 0; 318 $post_data['poll_length'] = (!empty($post_data['poll_length'])) ? (int) $post_data['poll_length'] / 86400 : 0; 319 $post_data['poll_start'] = (!empty($post_data['poll_start'])) ? (int) $post_data['poll_start'] : 0; 320 $post_data['icon_id'] = (!isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply'))) ? 0 : (int) $post_data['icon_id']; 321 $post_data['poll_options'] = array(); 322 323 // Get Poll Data 324 if ($post_data['poll_start']) 325 { 326 $sql = 'SELECT poll_option_text 327 FROM ' . POLL_OPTIONS_TABLE . " 328 WHERE topic_id = $topic_id 329 ORDER BY poll_option_id"; 330 $result = $db->sql_query($sql); 331 332 while ($row = $db->sql_fetchrow($result)) 333 { 334 $post_data['poll_options'][] = trim($row['poll_option_text']); 335 } 336 $db->sql_freeresult($result); 337 } 338 339 $orig_poll_options_size = sizeof($post_data['poll_options']); 340 341 $message_parser = new parse_message(); 342 343 if (isset($post_data['post_text'])) 344 { 345 $message_parser->message = &$post_data['post_text']; 346 unset($post_data['post_text']); 347 } 348 349 // Set some default variables 350 $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0); 351 352 foreach ($uninit as $var_name => $default_value) 353 { 354 if (!isset($post_data[$var_name])) 355 { 356 $post_data[$var_name] = $default_value; 357 } 358 } 359 unset($uninit); 360 361 // Always check if the submitted attachment data is valid and belongs to the user. 362 // Further down (especially in submit_post()) we do not check this again. 363 $message_parser->get_submitted_attachment_data($post_data['poster_id']); 364 365 if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode == 'edit') 366 { 367 // Do not change to SELECT * 368 $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename 369 FROM ' . ATTACHMENTS_TABLE . " 370 WHERE post_msg_id = $post_id 371 AND in_message = 0 372 AND is_orphan = 0 373 ORDER BY filetime " . ((!$config['display_order']) ? 'DESC' : 'ASC'); 374 $result = $db->sql_query($sql); 375 $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result)); 376 $db->sql_freeresult($result); 377 } 378 379 if ($post_data['poster_id'] == ANONYMOUS) 380 { 381 $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['post_username']) : ''; 382 } 383 else 384 { 385 $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['username']) : ''; 386 } 387 388 $post_data['enable_urls'] = $post_data['enable_magic_url']; 389 390 if ($mode != 'edit') 391 { 392 $post_data['enable_sig'] = ($config['allow_sig'] && $user->optionget('attachsig')) ? true: false; 393 $post_data['enable_smilies'] = ($config['allow_smilies'] && $user->optionget('smilies')) ? true : false; 394 $post_data['enable_bbcode'] = ($config['allow_bbcode'] && $user->optionget('bbcode')) ? true : false; 395 $post_data['enable_urls'] = true; 396 } 397 398 $post_data['enable_magic_url'] = $post_data['drafts'] = false; 399 400 // User own some drafts? 401 if ($user->data['is_registered'] && $auth->acl_get('u_savedrafts')) 402 { 403 $sql = 'SELECT draft_id 404 FROM ' . DRAFTS_TABLE . ' 405 WHERE (forum_id IN (' . $forum_id . ', 0)' . (($topic_id) ? " OR topic_id = $topic_id" : '') . ') 406 AND user_id = ' . $user->data['user_id'] . 407 (($draft_id) ? " AND draft_id <> $draft_id" : ''); 408 $result = $db->sql_query_limit($sql, 1); 409 410 if ($db->sql_fetchrow($result)) 411 { 412 $post_data['drafts'] = true; 413 } 414 $db->sql_freeresult($result); 415 } 416 417 $check_value = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1); 418 419 // Check if user is watching this topic 420 if ($mode != 'post' && $config['allow_topic_notify'] && $user->data['is_registered']) 421 { 422 $sql = 'SELECT topic_id 423 FROM ' . TOPICS_WATCH_TABLE . ' 424 WHERE topic_id = ' . $topic_id . ' 425 AND user_id = ' . $user->data['user_id']; 426 $result = $db->sql_query($sql); 427 $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id'); 428 $db->sql_freeresult($result); 429 } 430 431 // Do we want to edit our post ? 432 if ($mode == 'edit' && $post_data['bbcode_uid']) 433 { 434 $message_parser->bbcode_uid = $post_data['bbcode_uid']; 435 } 436 437 // HTML, BBCode, Smilies, Images and Flash status 438 $bbcode_status = ($config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id)) ? true : false; 439 $smilies_status = ($config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id)) ? true : false; 440 $img_status = ($auth->acl_get('f_img', $forum_id)) ? true : false; 441 $url_status = ($config['allow_post_links']) ? true : false; 442 $flash_status = ($auth->acl_get('f_flash', $forum_id)) ? true : false; 443 $quote_status = ($auth->acl_get('f_reply', $forum_id)) ? true : false; 444 445 // Save Draft 446 if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts')) 447 { 448 $subject = request_var('subject', '', true); 449 $subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject; 450 $message = request_var('message', '', true); 451 452 utf8_normalize_nfc(array(&$subject, &$message)); 453 454 if ($subject && $message) 455 { 456 if (confirm_box(true)) 457 { 458 $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array( 459 'user_id' => $user->data['user_id'], 460 'topic_id' => $topic_id, 461 'forum_id' => $forum_id, 462 'save_time' => $current_time, 463 'draft_subject' => $subject, 464 'draft_message' => $message) 465 ); 466 $db->sql_query($sql); 467 468 $meta_info = ($mode == 'post') ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id"); 469 470 meta_refresh(3, $meta_info); 471 472 $message = $user->lang['DRAFT_SAVED'] . '<br /><br />'; 473 $message .= ($mode != 'post') ? sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $meta_info . '">', '</a>') . '<br /><br />' : ''; 474 $message .= sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>'); 475 476 trigger_error($message); 477 } 478 else 479 { 480 $s_hidden_fields = build_hidden_fields(array( 481 'mode' => $mode, 482 'save' => true, 483 'f' => $forum_id, 484 't' => $topic_id, 485 'subject' => $subject, 486 'message' => $message, 487 ) 488 ); 489 490 confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields); 491 } 492 } 493 494 unset($subject, $message); 495 } 496 497 // Load requested Draft 498 if ($draft_id && $user->data['is_registered'] && $auth->acl_get('u_savedrafts')) 499 { 500 $sql = 'SELECT draft_subject, draft_message 501 FROM ' . DRAFTS_TABLE . " 502 WHERE draft_id = $draft_id 503 AND user_id = " . $user->data['user_id']; 504 $result = $db->sql_query_limit($sql, 1); 505 $row = $db->sql_fetchrow($result); 506 $db->sql_freeresult($result); 507 508 if ($row) 509 { 510 $post_data['post_subject'] = $row['draft_subject']; 511 $message_parser->message = $row['draft_message']; 512 513 $template->assign_var('S_DRAFT_LOADED', true); 514 } 515 else 516 { 517 $draft_id = 0; 518 } 519 } 520 521 // Load draft overview 522 if ($load && $post_data['drafts']) 523 { 524 load_drafts($topic_id, $forum_id); 525 } 526 527 $solved_captcha = false; 528 529 if ($submit || $preview || $refresh) 530 { 531 $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0); 532 $post_data['post_subject'] = request_var('subject', '', true); 533 $message_parser->message = request_var('message', '', true); 534 535 $post_data['username'] = request_var('username', $post_data['username'], true); 536 $post_data['post_edit_reason'] = (!empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? request_var('edit_reason', '', true) : ''; 537 538 utf8_normalize_nfc(array(&$post_data['post_subject'], &$message_parser->message, &$post_data['username'], &$post_data['post_edit_reason'])); 539 540 $post_data['topic_type'] = request_var('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL)); 541 $post_data['topic_time_limit'] = request_var('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0)); 542 $post_data['icon_id'] = request_var('icon', 0); 543 544 $post_data['enable_bbcode'] = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true; 545 $post_data['enable_smilies'] = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true; 546 $post_data['enable_urls'] = (isset($_POST['disable_magic_url'])) ? 0 : 1; 547 $post_data['enable_sig'] = (!$config['allow_sig']) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false); 548 549 if ($config['allow_topic_notify'] && $user->data['is_registered']) 550 { 551 $notify = (isset($_POST['notify'])) ? true : false; 552 } 553 else 554 { 555 $notify = false; 556 } 557 558 $topic_lock = (isset($_POST['lock_topic'])) ? true : false; 559 $post_lock = (isset($_POST['lock_post'])) ? true : false; 560 $poll_delete = (isset($_POST['poll_delete'])) ? true : false; 561 562 if ($submit) 563 { 564 $status_switch = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1); 565 $status_switch = ($status_switch != $check_value); 566 } 567 else 568 { 569 $status_switch = 1; 570 } 571 572 // Delete Poll 573 if ($poll_delete && $mode == 'edit' && sizeof($post_data['poll_options']) && 574 ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))) 575 { 576 if ($submit) 577 { 578 $sql = 'DELETE FROM ' . POLL_OPTIONS_TABLE . " 579 WHERE topic_id = $topic_id"; 580 $db->sql_query($sql); 581 582 $sql = 'DELETE FROM ' . POLL_VOTES_TABLE . " 583 WHERE topic_id = $topic_id"; 584 $db->sql_query($sql); 585 586 $topic_sql = array( 587 'poll_title' => '', 588 'poll_start' => 0, 589 'poll_length' => 0, 590 'poll_last_vote' => 0, 591 'poll_max_options' => 0, 592 'poll_vote_change' => 0 593 ); 594 595 $sql = 'UPDATE ' . TOPICS_TABLE . ' 596 SET ' . $db->sql_build_array('UPDATE', $topic_sql) . " 597 WHERE topic_id = $topic_id"; 598 $db->sql_query($sql); 599 } 600 601 $post_data['poll_title'] = $post_data['poll_option_text'] = ''; 602 $post_data['poll_vote_change'] = $post_data['poll_max_options'] = $post_data['poll_length'] = 0; 603 } 604 else 605 { 606 $post_data['poll_title'] = request_var('poll_title', '', true); 607 $post_data['poll_length'] = request_var('poll_length', 0); 608 $post_data['poll_option_text'] = request_var('poll_option_text', '', true); 609 $post_data['poll_max_options'] = request_var('poll_max_options', 1); 610 $post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0; 611 612 utf8_normalize_nfc(array(&$post_data['poll_title'], &$post_data['poll_option_text'])); 613 } 614 615 // If replying/quoting and last post id has changed 616 // give user option to continue submit or return to post 617 // notify and show user the post made between his request and the final submit 618 if (($mode == 'reply' || $mode == 'quote') && $post_data['topic_cur_post_id'] && $post_data['topic_cur_post_id'] != $post_data['topic_last_post_id']) 619 { 620 // Only do so if it is allowed forum-wide 621 if ($post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW) 622 { 623 if (topic_review($topic_id, $forum_id, 'post_review', $post_data['topic_cur_post_id'])) 624 { 625 $template->assign_var('S_POST_REVIEW', true); 626 } 627 628 $submit = false; 629 $refresh = true; 630 } 631 } 632 633 // Parse Attachments - before checksum is calculated 634 $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); 635 636 // Grab md5 'checksum' of new message 637 $message_md5 = md5($message_parser->message); 638 639 // Check checksum ... don't re-parse message if the same 640 $update_message = ($mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch) ? true : false; 641 642 // Parse message 643 if ($update_message) 644 { 645 if (sizeof($message_parser->warn_msg)) 646 { 647 $error[] = implode('<br />', $message_parser->warn_msg); 648 $message_parser->warn_msg = array(); 649 } 650 651 $message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']); 652 653 // On a refresh we do not care about message parsing errors 654 if (sizeof($message_parser->warn_msg) && $refresh) 655 { 656 $message_parser->warn_msg = array(); 657 } 658 } 659 else 660 { 661 $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield']; 662 } 663 664 if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('f_ignoreflood', $forum_id)) 665 { 666 // Flood check 667 $last_post_time = 0; 668 669 if ($user->data['is_registered']) 670 { 671 $last_post_time = $user->data['user_lastpost_time']; 672 } 673 else 674 { 675 $sql = 'SELECT post_time AS last_post_time 676 FROM ' . POSTS_TABLE . " 677 WHERE poster_ip = '" . $user->ip . "' 678 AND post_time > " . ($current_time - $config['flood_interval']); 679 $result = $db->sql_query_limit($sql, 1); 680 if ($row = $db->sql_fetchrow($result)) 681 { 682 $last_post_time = $row['last_post_time']; 683 } 684 $db->sql_freeresult($result); 685 } 686 687 if ($last_post_time && ($current_time - $last_post_time) < intval($config['flood_interval'])) 688 { 689 $error[] = $user->lang['FLOOD_ERROR']; 690 } 691 } 692 693 // Validate username 694 if (($post_data['username'] && !$user->data['is_registered']) || ($mode == 'edit' && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username'])) 695 { 696 include($phpbb_root_path . 'includes/functions_user.' . $phpEx); 697 698 if (($result = validate_username($post_data['username'])) !== false) 699 { 700 $user->add_lang('ucp'); 701 $error[] = $user->lang[$result . '_USERNAME']; 702 } 703 } 704 705 if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply'))) 706 { 707 $confirm_id = request_var('confirm_id', ''); 708 $confirm_code = request_var('confirm_code', ''); 709 710 $sql = 'SELECT code 711 FROM ' . CONFIRM_TABLE . " 712 WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' 713 AND session_id = '" . $db->sql_escape($user->session_id) . "' 714 AND confirm_type = " . CONFIRM_POST; 715 $result = $db->sql_query($sql); 716 $confirm_row = $db->sql_fetchrow($result); 717 $db->sql_freeresult($result); 718 719 if (empty($confirm_row['code']) || strcasecmp($confirm_row['code'], $confirm_code) !== 0) 720 { 721 $error[] = $user->lang['CONFIRM_CODE_WRONG']; 722 } 723 else 724 { 725 $solved_captcha = true; 726 } 727 } 728 729 // Parse subject 730 if (!$refresh && !$post_data['post_subject'] && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id))) 731 { 732 $error[] = $user->lang['EMPTY_SUBJECT']; 733 } 734 735 $post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0; 736 737 if ($post_data['poll_option_text'] && 738 ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id)))) 739 && $auth->acl_get('f_poll', $forum_id)) 740 { 741 $poll = array( 742 'poll_title' => $post_data['poll_title'], 743 'poll_length' => $post_data['poll_length'], 744 'poll_max_options' => $post_data['poll_max_options'], 745 'poll_option_text' => $post_data['poll_option_text'], 746 'poll_start' => $post_data['poll_start'], 747 'poll_last_vote' => $post_data['poll_last_vote'], 748 'poll_vote_change' => $post_data['poll_vote_change'], 749 'enable_bbcode' => $post_data['enable_bbcode'], 750 'enable_urls' => $post_data['enable_urls'], 751 'enable_smilies' => $post_data['enable_smilies'], 752 'img_status' => $img_status 753 ); 754 755 $message_parser->parse_poll($poll); 756 757 $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : ''; 758 $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : ''; 759 760 if ($post_data['poll_last_vote'] && ($poll['poll_options_size'] < $orig_poll_options_size)) 761 { 762 $message_parser->warn_msg[] = $user->lang['NO_DELETE_POLL_OPTIONS']; 763 } 764 } 765 else 766 { 767 $poll = array(); 768 } 769 770 // Check topic type 771 if ($post_data['topic_type'] != POST_NORMAL && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id))) 772 { 773 switch ($post_data['topic_type']) 774 { 775 case POST_GLOBAL: 776 case POST_ANNOUNCE: 777 $auth_option = 'f_announce'; 778 break; 779 780 case POST_STICKY: 781 $auth_option = 'f_sticky'; 782 break; 783 784 default: 785 $auth_option = ''; 786 break; 787 } 788 789 if (!$auth->acl_get($auth_option, $forum_id)) 790 { 791 $error[] = $user->lang['CANNOT_POST_' . str_replace('F_', '', strtoupper($auth_option))]; 792 } 793 } 794 795 if (sizeof($message_parser->warn_msg)) 796 { 797 $error[] = implode('<br />', $message_parser->warn_msg); 798 } 799 800 // DNSBL check 801 if ($config['check_dnsbl'] && !$refresh) 802 { 803 if (($dnsbl = $user->check_dnsbl()) !== false) 804 { 805 $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]); 806 } 807 } 808 809 // Store message, sync counters 810 if (!sizeof($error) && $submit) 811 { 812 // Check if we want to de-globalize the topic... and ask for new forum 813 if ($post_data['topic_type'] != POST_GLOBAL) 814 { 815 $sql = 'SELECT topic_type, forum_id 816 FROM ' . TOPICS_TABLE . " 817 WHERE topic_id = $topic_id"; 818 $result = $db->sql_query_limit($sql, 1); 819 $row = $db->sql_fetchrow($result); 820 $db->sql_freeresult($result); 821 822 if ($row && !$row['forum_id'] && $row['topic_type'] == POST_GLOBAL) 823 { 824 $to_forum_id = request_var('to_forum_id', 0); 825 826 if (!$to_forum_id) 827 { 828 include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); 829 830 $template->assign_vars(array( 831 'S_FORUM_SELECT' => make_forum_select(false, false, false, true, true), 832 'S_UNGLOBALISE' => true) 833 ); 834 835 $submit = false; 836 $refresh = true; 837 } 838 else 839 { 840 $forum_id = $to_forum_id; 841 } 842 } 843 } 844 845 if ($submit) 846 { 847 // Lock/Unlock Topic 848 $change_topic_status = $post_data['topic_status']; 849 $perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED)) ? true : false; 850 851 if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock) 852 { 853 $change_topic_status = ITEM_UNLOCKED; 854 } 855 else if ($post_data['topic_status'] == ITEM_UNLOCKED && $topic_lock && $perm_lock_unlock) 856 { 857 $change_topic_status = ITEM_LOCKED; 858 } 859 860 if ($change_topic_status != $post_data['topic_status']) 861 { 862 $sql = 'UPDATE ' . TOPICS_TABLE . " 863 SET topic_status = $change_topic_status 864 WHERE topic_id = $topic_id 865 AND topic_moved_id = 0"; 866 $db->sql_query($sql); 867 868 $user_lock = ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $post_data['topic_poster']) ? 'USER_' : ''; 869 870 add_log('mod', $forum_id, $topic_id, 'LOG_' . $user_lock . (($change_topic_status == ITEM_LOCKED) ? 'LOCK' : 'UNLOCK'), $post_data['topic_title']); 871 } 872 873 // Lock/Unlock Post Edit 874 if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_LOCKED && !$post_lock && $auth->acl_get('m_edit', $forum_id)) 875 { 876 $post_data['post_edit_locked'] = ITEM_UNLOCKED; 877 } 878 else if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_UNLOCKED && $post_lock && $auth->acl_get('m_edit', $forum_id)) 879 { 880 $post_data['post_edit_locked'] = ITEM_LOCKED; 881 } 882 883 $data = array( 884 'topic_title' => (empty($post_data['topic_title'])) ? $post_data['post_subject'] : $post_data['topic_title'], 885 'topic_first_post_id' => (isset($post_data['topic_first_post_id'])) ? (int) $post_data['topic_first_post_id'] : 0, 886 'topic_last_post_id' => (isset($post_data['topic_last_post_id'])) ? (int) $post_data['topic_last_post_id'] : 0, 887 'topic_time_limit' => (int) $post_data['topic_time_limit'], 888 'post_id' => (int) $post_id, 889 'topic_id' => (int) $topic_id, 890 'forum_id' => (int) $forum_id, 891 'icon_id' => (int) $post_data['icon_id'], 892 'poster_id' => (int) $post_data['poster_id'], 893 'enable_sig' => (bool) $post_data['enable_sig'], 894 'enable_bbcode' => (bool) $post_data['enable_bbcode'], 895 'enable_smilies' => (bool) $post_data['enable_smilies'], 896 'enable_urls' => (bool) $post_data['enable_urls'], 897 'enable_indexing' => (bool) $post_data['enable_indexing'], 898 'message_md5' => (string) $message_md5, 899 'post_time' => (isset($post_data['post_time'])) ? (int) $post_data['post_time'] : $current_time, 900 'post_checksum' => (isset($post_data['post_checksum'])) ? (string) $post_data['post_checksum'] : '', 901 'post_edit_reason' => $post_data['post_edit_reason'], 902 'post_edit_user' => ($mode == 'edit') ? $user->data['user_id'] : ((isset($post_data['post_edit_user'])) ? (int) $post_data['post_edit_user'] : 0), 903 'forum_parents' => $post_data['forum_parents'], 904 'forum_name' => $post_data['forum_name'], 905 'notify' => $notify, 906 'notify_set' => $post_data['notify_set'], 907 'poster_ip' => (isset($post_data['poster_ip'])) ? $post_data['poster_ip'] : $user->ip, 908 'post_edit_locked' => (int) $post_data['post_edit_locked'], 909 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 910 'bbcode_uid' => $message_parser->bbcode_uid, 911 'message' => $message_parser->message, 912 'attachment_data' => $message_parser->attachment_data, 913 'filename_data' => $message_parser->filename_data 914 ); 915 unset($message_parser); 916 917 $redirect_url = submit_post($mode, $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message); 918 919 meta_refresh(3, $redirect_url); 920 921 $message = (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? (($mode == 'edit') ? 'POST_EDITED_MOD' : 'POST_STORED_MOD') : (($mode == 'edit') ? 'POST_EDITED' : 'POST_STORED'); 922 $message = $user->lang[$message] . (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $redirect_url . '">', '</a>') : ''); 923 $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $data['forum_id']) . '">', '</a>'); 924 trigger_error($message); 925 } 926 } 927 } 928 929 // Preview 930 if (!sizeof($error) && $preview) 931 { 932 $post_data['post_time'] = ($mode == 'edit') ? $post_data['post_time'] : $current_time; 933 934 $preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false); 935 936 $preview_signature = ($mode == 'edit') ? $post_data['user_sig'] : $user->data['user_sig']; 937 $preview_signature_uid = ($mode == 'edit') ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid']; 938 $preview_signature_bitfield = ($mode == 'edit') ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield']; 939 940 // Signature 941 if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('f_sigs', $forum_id)) 942 { 943 $parse_sig = new parse_message($preview_signature); 944 $parse_sig->bbcode_uid = $preview_signature_uid; 945 $parse_sig->bbcode_bitfield = $preview_signature_bitfield; 946 947 // Not sure about parameters for bbcode/smilies/urls... in signatures 948 $parse_sig->format_display($config['allow_sig_bbcode'], true, $config['allow_sig_smilies']); 949 $preview_signature = $parse_sig->message; 950 unset($parse_sig); 951 } 952 else 953 { 954 $preview_signature = ''; 955 } 956 957 $preview_subject = censor_text($post_data['post_subject']); 958 959 // Poll Preview 960 if (!$poll_delete && ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id)))) 961 && $auth->acl_get('f_poll', $forum_id)) 962 { 963 $parse_poll = new parse_message($post_data['poll_title']); 964 $parse_poll->bbcode_uid = $message_parser->bbcode_uid; 965 $parse_poll->bbcode_bitfield = $message_parser->bbcode_bitfield; 966 967 $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']); 968 969 $template->assign_vars(array( 970 'S_HAS_POLL_OPTIONS' => (sizeof($post_data['poll_options'])), 971 'S_IS_MULTI_CHOICE' => ($post_data['poll_max_options'] > 1) ? true : false, 972 973 'POLL_QUESTION' => $parse_poll->message, 974 975 'L_POLL_LENGTH' => ($post_data['poll_length']) ? sprintf($user->lang['POLL_RUN_TILL'], $user->format_date($post_data['poll_length'] + $post_data['poll_start'])) : '', 976 'L_MAX_VOTES' => ($post_data['poll_max_options'] == 1) ? $user->lang['MAX_OPTION_SELECT'] : sprintf($user->lang['MAX_OPTIONS_SELECT'], $post_data['poll_max_options'])) 977 ); 978 979 $parse_poll->message = implode("\n", $post_data['poll_options']); 980 $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']); 981 $preview_poll_options = explode('<br />', $parse_poll->message); 982 unset($parse_poll); 983 984 foreach ($preview_poll_options as $option) 985 { 986 $template->assign_block_vars('poll_option', array( 987 'POLL_OPTION_CAPTION' => $option) 988 ); 989 } 990 unset($preview_poll_options); 991 } 992 993 // Attachment Preview 994 if (sizeof($message_parser->attachment_data)) 995 { 996 $extensions = $update_count = array(); 997 998 $template->assign_var('S_HAS_ATTACHMENTS', true); 999 1000 $attachment_data = $message_parser->attachment_data; 1001 $unset_attachments = parse_inline_attachments($preview_message, $attachment_data, $update_count, $forum_id, true); 1002 1003 foreach ($unset_attachments as $index) 1004 { 1005 unset($attachment_data[$index]); 1006 } 1007 1008 foreach ($attachment_data as $i => $attachment) 1009 { 1010 $template->assign_block_vars('attachment', array( 1011 'DISPLAY_ATTACHMENT' => $attachment) 1012 ); 1013 } 1014 unset($attachment_data, $attachment); 1015 } 1016 1017 if (!sizeof($error)) 1018 { 1019 $template->assign_vars(array( 1020 'PREVIEW_SUBJECT' => $preview_subject, 1021 'PREVIEW_MESSAGE' => $preview_message, 1022 'PREVIEW_SIGNATURE' => $preview_signature, 1023 1024 'S_DISPLAY_PREVIEW' => true) 1025 ); 1026 } 1027 } 1028 1029 // Decode text for message display 1030 $post_data['bbcode_uid'] = ($mode == 'quote' && !$preview && !$refresh && !sizeof($error)) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid; 1031 $message_parser->decode_message($post_data['bbcode_uid']); 1032 1033 if ($mode == 'quote' && !$submit && !$preview && !$refresh) 1034 { 1035 $message_parser->message = '[quote="' . $post_data['quote_username'] . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n"; 1036 } 1037 1038 if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh) 1039 { 1040 $post_data['post_subject'] = ((strpos($post_data['post_subject'], 'Re: ') !== 0) ? 'Re: ' : '') . censor_text($post_data['post_subject']); 1041 } 1042 1043 $attachment_data = $message_parser->attachment_data; 1044 $filename_data = $message_parser->filename_data; 1045 $post_data['post_text'] = $message_parser->message; 1046 1047 if (sizeof($post_data['poll_options']) && $post_data['poll_title']) 1048 { 1049 $message_parser->message = $post_data['poll_title']; 1050 $message_parser->bbcode_uid = $post_data['bbcode_uid']; 1051 1052 $message_parser->decode_message(); 1053 $post_data['poll_title'] = $message_parser->message; 1054 1055 $message_parser->message = implode("\n", $post_data['poll_options']); 1056 $message_parser->decode_message(); 1057 $post_data['poll_options'] = explode("\n", $message_parser->message); 1058 } 1059 unset($message_parser); 1060 1061 // MAIN POSTING PAGE BEGINS HERE 1062 1063 // Forum moderators? 1064 $moderators = array(); 1065 get_moderators($moderators, $forum_id); 1066 1067 // Generate smiley listing 1068 generate_smilies('inline', $forum_id); 1069 1070 // Generate inline attachment select box 1071 posting_gen_inline_attachments($attachment_data); 1072 1073 // Do show topic type selection only in first post. 1074 $topic_type_toggle = false; 1075 1076 if ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'])) 1077 { 1078 $topic_type_toggle = posting_gen_topic_types($forum_id, $post_data['topic_type']); 1079 } 1080 1081 $s_topic_icons = false; 1082 if ($post_data['enable_icons']) 1083 { 1084 $s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']); 1085 } 1086 1087 $bbcode_checked = (isset($post_data['enable_bbcode'])) ? !$post_data['enable_bbcode'] : (($config['allow_bbcode']) ? !$user->optionget('bbcode') : 1); 1088 $smilies_checked = (isset($post_data['enable_smilies'])) ? !$post_data['enable_smilies'] : (($config['allow_smilies']) ? !$user->optionget('smilies') : 1); 1089 $urls_checked = (isset($post_data['enable_urls'])) ? !$post_data['enable_urls'] : 0; 1090 $sig_checked = $post_data['enable_sig']; 1091 $lock_topic_checked = (isset($topic_lock)) ? $topic_lock : (($post_data['topic_status'] == ITEM_LOCKED) ? 1 : 0); 1092 $lock_post_checked = (isset($post_lock)) ? $post_lock : $post_data['post_edit_locked']; 1093 1094 // If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting 1095 $notify_set = ($mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set']) ? $user->data['user_notify'] : $post_data['notify_set']; 1096 $notify_checked = (isset($notify)) ? $notify : (($mode == 'post') ? $user->data['user_notify'] : $notify_set); 1097 1098 // Page title & action URL, include session_id for security purpose 1099 $s_action = append_sid("{$phpbb_root_path}posting.$phpEx", "mode=$mode&f=$forum_id", true, $user->session_id); 1100 $s_action .= ($topic_id) ? "&t=$topic_id" : ''; 1101 $s_action .= ($post_id) ? "&p=$post_id" : ''; 1102 1103 switch ($mode) 1104 { 1105 case 'post': 1106 $page_title = $user->lang['POST_TOPIC']; 1107 break; 1108 1109 case 'quote': 1110 case 'reply': 1111 $page_title = $user->lang['POST_REPLY']; 1112 break; 1113 1114 case 'delete': 1115 case 'edit': 1116 $page_title = $user->lang['EDIT_POST']; 1117 break; 1118 } 1119 1120 // Build Navigation Links 1121 generate_forum_nav($post_data); 1122 1123 // Build Forum Rules 1124 generate_forum_rules($post_data); 1125 1126 if ($config['enable_post_confirm'] && !$user->data['is_registered'] && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) 1127 { 1128 // Show confirm image 1129 $sql = 'DELETE FROM ' . CONFIRM_TABLE . " 1130 WHERE session_id = '" . $db->sql_escape($user->session_id) . "' 1131 AND confirm_type = " . CONFIRM_POST; 1132 $db->sql_query($sql); 1133 1134 // Generate code 1135 if ($solved_captcha === false) 1136 { 1137 $code = gen_rand_string(mt_rand(5, 8)); 1138 $confirm_id = md5(unique_id($user->ip)); 1139 1140 $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array( 1141 'confirm_id' => (string) $confirm_id, 1142 'session_id' => (string) $user->session_id, 1143 'confirm_type' => (int) CONFIRM_POST, 1144 'code' => (string) $code) 1145 ); 1146 $db->sql_query($sql); 1147 1148 $template->assign_vars(array( 1149 'S_CONFIRM_CODE' => true, 1150 'CONFIRM_ID' => $confirm_id, 1151 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_POST) . '" alt="" title="" />', 1152 'L_POST_CONFIRM_EXPLAIN' => sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'), 1153 )); 1154 } 1155 } 1156 1157 $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : ''; 1158 $s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . $current_time . '" />'; 1159 $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', $draft_id) . '" />' : ''; 1160 1161 $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || @ini_get('file_uploads') == '0' || !$config['allow_attachments'] || !$auth->acl_get('u_attach') || !$auth->acl_get('f_attach', $forum_id)) ? '' : ' enctype="multipart/form-data"'; 1162 1163 // Start assigning vars for main posting page ... 1164 $template->assign_vars(array( 1165 'L_POST_A' => $page_title, 1166 'L_ICON' => ($mode == 'reply' || $mode == 'quote' || ($mode == 'edit' && $post_id != $post_data['topic_first_post_id'])) ? $user->lang['POST_ICON'] : $user->lang['TOPIC_ICON'], 1167 'L_MESSAGE_BODY_EXPLAIN' => (intval($config['max_post_chars'])) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 1168 1169 'FORUM_NAME' => $post_data['forum_name'], 1170 'FORUM_DESC' => ($post_data['forum_desc']) ? generate_text_for_display($post_data['forum_desc'], $post_data['forum_desc_uid'], $post_data['forum_desc_bitfield'], $post_data['forum_desc_options']) : '', 1171 'TOPIC_TITLE' => censor_text($post_data['topic_title']), 1172 'MODERATORS' => (sizeof($moderators)) ? implode(', ', $moderators[$forum_id]) : '', 1173 'USERNAME' => ((!$preview && $mode != 'quote') || $preview) ? $post_data['username'] : '', 1174 'SUBJECT' => $post_data['post_subject'], 1175 'MESSAGE' => $post_data['post_text'], 1176 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), 1177 'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 1178 'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 1179 'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 1180 'URL_STATUS' => ($url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 1181 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']), 1182 'POST_DATE' => ($post_data['post_time']) ? $user->format_date($post_data['post_time']) : '', 1183 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', 1184 'TOPIC_TIME_LIMIT' => (int) $post_data['topic_time_limit'], 1185 'EDIT_REASON' => $post_data['post_edit_reason'], 1186 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id"), 1187 'U_VIEWTOPIC' => ($mode != 'post') ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id") : '', 1188 'U_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&mode=popup"), 1189 'UA_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&mode=popup", false), 1190 1191 'S_PRIVMSGS' => false, 1192 'S_CLOSE_PROGRESS_WINDOW' => (isset($_POST['add_file'])) ? true : false, 1193 'S_EDIT_POST' => ($mode == 'edit') ? true : false, 1194 'S_EDIT_REASON' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false, 1195 'S_DISPLAY_USERNAME' => (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['post_username'])) ? true : false, 1196 'S_SHOW_TOPIC_ICONS' => $s_topic_icons, 1197 'S_DELETE_ALLOWED' => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))) ? true : false, 1198 'S_BBCODE_ALLOWED' => $bbcode_status, 1199 'S_BBCODE_CHECKED' => ($bbcode_checked) ? ' checked="checked"' : '', 1200 'S_SMILIES_ALLOWED' => $smilies_status, 1201 'S_SMILIES_CHECKED' => ($smilies_checked) ? ' checked="checked"' : '', 1202 'S_SIG_ALLOWED' => ($auth->acl_get('f_sigs', $forum_id) && $config['allow_sig'] && $user->data['is_registered']) ? true : false, 1203 'S_SIGNATURE_CHECKED' => ($sig_checked) ? ' checked="checked"' : '', 1204 'S_NOTIFY_ALLOWED' => (!$user->data['is_registered'] || ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) || !$config['allow_topic_notify']) ? false : true, 1205 'S_NOTIFY_CHECKED' => ($notify_checked) ? ' checked="checked"' : '', 1206 'S_LOCK_TOPIC_ALLOWED' => (($mode == 'edit' || $mode == 'reply' || $mode == 'quote') && ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED))) ? true : false, 1207 'S_LOCK_TOPIC_CHECKED' => ($lock_topic_checked) ? ' checked="checked"' : '', 1208 'S_LOCK_POST_ALLOWED' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false, 1209 'S_LOCK_POST_CHECKED' => ($lock_post_checked) ? ' checked="checked"' : '', 1210 'S_LINKS_ALLOWED' => $url_status, 1211 'S_MAGIC_URL_CHECKED' => ($urls_checked) ? ' checked="checked"' : '', 1212 'S_TYPE_TOGGLE' => $topic_type_toggle, 1213 'S_SAVE_ALLOWED' => ($auth->acl_get('u_savedrafts') && $user->data['is_registered']) ? true : false, 1214 'S_HAS_DRAFTS' => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $post_data['drafts']) ? true : false, 1215 'S_FORM_ENCTYPE' => $form_enctype, 1216 1217 'S_BBCODE_IMG' => $img_status, 1218 'S_BBCODE_URL' => $url_status, 1219 'S_BBCODE_FLASH' => $flash_status, 1220 'S_BBCODE_QUOTE' => $quote_status, 1221 1222 'S_POST_ACTION' => $s_action, 1223 'S_HIDDEN_FIELDS' => $s_hidden_fields) 1224 ); 1225 1226 // Build custom bbcodes array 1227 display_custom_bbcodes(); 1228 1229 // Poll entry 1230 if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id)))) 1231 && $auth->acl_get('f_poll', $forum_id)) 1232 { 1233 $template->assign_vars(array( 1234 'S_SHOW_POLL_BOX' => true, 1235 'S_POLL_VOTE_CHANGE' => ($auth->acl_get('f_votechg', $forum_id)), 1236 'S_POLL_DELETE' => ($mode == 'edit' && sizeof($post_data['poll_options']) && ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))), 1237 'S_POLL_DELETE_CHECKED' => (!empty($poll_delete)) ? true : false, 1238 1239 'L_POLL_OPTIONS_EXPLAIN' => sprintf($user->lang['POLL_OPTIONS_EXPLAIN'], $config['max_poll_options']), 1240 1241 'VOTE_CHANGE_CHECKED' => (!empty($post_data['poll_vote_change'])) ? ' checked="checked"' : '', 1242 'POLL_TITLE' => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '', 1243 'POLL_OPTIONS' => (!empty($post_data['poll_options'])) ? implode("\n", $post_data['poll_options']) : '', 1244 'POLL_MAX_OPTIONS' => (isset($post_data['poll_max_options'])) ? (int) $post_data['poll_max_options'] : 1, 1245 'POLL_LENGTH' => $post_data['poll_length']) 1246 ); 1247 } 1248 1249 // Attachment entry 1250 // Not using acl_gets here, because it is using OR logic 1251 if ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && $config['allow_attachments'] && $form_enctype) 1252 { 1253 posting_gen_attachment_entry($attachment_data, $filename_data); 1254 } 1255 1256 // Output page ... 1257 page_header($page_title); 1258 1259 $template->set_filenames(array( 1260 'body' => 'posting_body.html') 1261 ); 1262 1263 make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx")); 1264 1265 // Topic review 1266 if ($mode == 'reply' || $mode == 'quote') 1267 { 1268 if (topic_review($topic_id, $forum_id)) 1269 { 1270 $template->assign_var('S_DISPLAY_REVIEW', true); 1271 } 1272 } 1273 1274 page_footer(); 1275 1276 /** 1277 * Show upload popup (progress bar) 1278 */ 1279 function upload_popup($forum_style = 0) 1280 { 1281 global $template, $user; 1282 1283 ($forum_style) ? $user->setup('posting', $forum_style) : $user->setup('posting'); 1284 1285 page_header($user->lang['PROGRESS_BAR']); 1286 1287 $template->set_filenames(array( 1288 'popup' => 'posting_progress_bar.html') 1289 ); 1290 1291 $template->assign_vars(array( 1292 'PROGRESS_BAR' => $user->img('upload_bar', $user->lang['UPLOAD_IN_PROGRESS'])) 1293 ); 1294 1295 $template->display('popup'); 1296 } 1297 1298 /** 1299 * Do the various checks required for removing posts as well as removing it 1300 */ 1301 function handle_post_delete($forum_id, $topic_id, $post_id, &$post_data) 1302 { 1303 global $user, $db, $auth; 1304 global $phpbb_root_path, $phpEx; 1305 1306 // If moderator removing post or user itself removing post, present a confirmation screen 1307 if ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_delete', $forum_id) && $post_id == $post_data['topic_last_post_id'])) 1308 { 1309 $s_hidden_fields = build_hidden_fields(array( 1310 'p' => $post_id, 1311 'f' => $forum_id, 1312 'mode' => 'delete') 1313 ); 1314 1315 if (confirm_box(true)) 1316 { 1317 $data = array( 1318 'topic_first_post_id' => $post_data['topic_first_post_id'], 1319 'topic_last_post_id' => $post_data['topic_last_post_id'], 1320 'topic_approved' => $post_data['topic_approved'], 1321 'topic_type' => $post_data['topic_type'], 1322 'post_approved' => $post_data['post_approved'], 1323 'post_reported' => $post_data['post_reported'], 1324 'post_time' => $post_data['post_time'], 1325 'poster_id' => $post_data['poster_id'], 1326 'post_postcount' => $post_data['post_postcount'] 1327 ); 1328 1329 $next_post_id = delete_post($forum_id, $topic_id, $post_id, $data); 1330 1331 if ($post_data['topic_first_post_id'] == $post_data['topic_last_post_id']) 1332 { 1333 add_log('mod', $forum_id, $topic_id, 'LOG_DELETE_TOPIC', $post_data['topic_title']); 1334 1335 $meta_info = append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id"); 1336 $message = $user->lang['POST_DELETED']; 1337 } 1338 else 1339 { 1340 add_log('mod', $forum_id, $topic_id, 'LOG_DELETE_POST', $post_data['post_subject']); 1341 1342 $meta_info = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&p=$next_post_id") . "#p$next_post_id"; 1343 $message = $user->lang['POST_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $meta_info . '">', '</a>'); 1344 } 1345 1346 meta_refresh(3, $meta_info); 1347 $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>'); 1348 trigger_error($message); 1349 } 1350 else 1351 { 1352 confirm_box(false, 'DELETE_MESSAGE', $s_hidden_fields); 1353 } 1354 } 1355 1356 // If we are here the user is not able to delete - present the correct error message 1357 if ($post_data['poster_id'] != $user->data['user_id'] && !$auth->acl_get('f_delete', $forum_id)) 1358 { 1359 trigger_error('DELETE_OWN_POSTS'); 1360 } 1361 1362 if ($post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id) && $post_id != $post_data['topic_last_post_id']) 1363 { 1364 trigger_error('CANNOT_DELETE_REPLIED'); 1365 } 1366 1367 trigger_error('USER_CANNOT_DELETE'); 1368 } 1369 1370 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Nov 22 00:35:05 2006 | Cross-referenced by PHPXref 0.6 |