search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
merge revisions i missed... hopefully not breaking things - did not check every change.
[phpbb.git] / phpBB / posting.php
blob226cb31dfc70307b4207b3d11752f4419c1d1c8c
1 <?php
2 /**
3 *
4 * @package phpBB3
5 * @version $Id$
6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 *
9 */
10
11 /**
12 * @ignore
13 */
14 define('IN_PHPBB', true);
15 if (!defined('PHPBB_ROOT_PATH')) define('PHPBB_ROOT_PATH', './');
16 if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
17 include(PHPBB_ROOT_PATH . 'common.' . PHP_EXT);
18 include(PHPBB_ROOT_PATH . 'includes/functions_posting.' . PHP_EXT);
19 include(PHPBB_ROOT_PATH . 'includes/functions_display.' . PHP_EXT);
20 include(PHPBB_ROOT_PATH . 'includes/message_parser.' . PHP_EXT);
21
22
23 // Start session management
24 $user->session_begin();
25 $auth->acl($user->data);
26
27
28 // Grab only parameters needed here
29 $post_id = request_var('p', 0);
30 $topic_id = request_var('t', 0);
31 $forum_id = request_var('f', 0);
32 $draft_id = request_var('d', 0);
33 $lastclick = request_var('lastclick', 0);
34
35 $submit = (isset($_POST['post'])) ? true : false;
36 $preview = (isset($_POST['preview'])) ? true : false;
37 $save = (isset($_POST['save'])) ? true : false;
38 $load = (isset($_POST['load'])) ? true : false;
39 $delete = (isset($_POST['delete'])) ? true : false;
40 $cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
41
42 $refresh = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['cancel_unglobalise']) || $save || $load) ? true : false;
43 $mode = ($delete && !$preview && !$refresh && $submit) ? 'delete' : request_var('mode', '');
44
45 $error = $post_data = array();
46 $current_time = time();
47
48 if ($config['enable_post_confirm'] && !$user->data['is_registered'])
49 {
50 include(PHPBB_ROOT_PATH . 'includes/captcha/captcha_factory.' . PHP_EXT);
51 $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
52 $captcha->init(CONFIRM_POST);
53 }
54
55 // Was cancel pressed? If so then redirect to the appropriate page
56 if ($cancel || ($current_time - $lastclick < 2 && $submit))
57 {
58 $redirect = ($post_id) ? append_sid('viewtopic', 'p=' . $post_id) . '#p' . $post_id : (($topic_id) ? append_sid('viewtopic', 't=' . $topic_id) : (($forum_id) ? append_sid('viewforum', 'f=' . $forum_id) : append_sid('index')));
59 redirect($redirect);
60 }
61
62 if (in_array($mode, array('post', 'reply', 'quote', 'edit', 'delete')) && !$forum_id)
63 {
64 trigger_error('NO_FORUM');
65 }
66
67 // We need to know some basic information in all cases before we do anything.
68 switch ($mode)
69 {
70 case 'post':
71 $sql = 'SELECT *
72 FROM ' . FORUMS_TABLE . "
73 WHERE forum_id = $forum_id";
74 break;
75
76 case 'bump':
77 case 'reply':
78 if (!$topic_id)
79 {
80 trigger_error('NO_TOPIC');
81 }
82
83 $sql = 'SELECT f.*, t.*
84 FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
85 WHERE t.topic_id = $topic_id
86 AND (f.forum_id = t.forum_id
87 OR f.forum_id = $forum_id)";
88 break;
89
90 case 'quote':
91 case 'edit':
92 case 'delete':
93 if (!$post_id)
94 {
95 $user->setup('posting');
96 trigger_error('NO_POST');
97 }
98
99 $sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
100 FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u
101 WHERE p.post_id = $post_id
102 AND t.topic_id = p.topic_id
103 AND u.user_id = p.poster_id
104 AND (f.forum_id = t.forum_id
105 OR f.forum_id = $forum_id)";
106 break;
107
108 case 'smilies':
109 $sql = '';
110 generate_smilies('window', $forum_id);
111 break;
112
113 case 'popup':
114 if ($forum_id)
115 {
116 $sql = 'SELECT forum_style
117 FROM ' . FORUMS_TABLE . '
118 WHERE forum_id = ' . $forum_id;
119 }
120 else
121 {
122 upload_popup();
123 return;
124 }
125 break;
126
127 default:
128 $sql = '';
129 break;
130 }
131
132 if (!$sql)
133 {
134 $user->setup('posting');
135 trigger_error('NO_POST_MODE');
136 }
137
138 $result = $db->sql_query($sql);
139 $post_data = $db->sql_fetchrow($result);
140 $db->sql_freeresult($result);
141
142 if (!$post_data)
143 {
144 if (!($mode == 'post' || $mode == 'bump' || $mode == 'reply'))
145 {
146 $user->setup('posting');
147 }
148 trigger_error(($mode == 'post' || $mode == 'bump' || $mode == 'reply') ? 'NO_TOPIC' : 'NO_POST');
149 }
150
151 if ($mode == 'popup')
152 {
153 upload_popup($post_data['forum_style']);
154 return;
155 }
156
157 $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
158
159 // Use post_row values in favor of submitted ones...
160 $forum_id = (!empty($post_data['forum_id'])) ? (int) $post_data['forum_id'] : (int) $forum_id;
161 $topic_id = (!empty($post_data['topic_id'])) ? (int) $post_data['topic_id'] : (int) $topic_id;
162 $post_id = (!empty($post_data['post_id'])) ? (int) $post_data['post_id'] : (int) $post_id;
163
164 // Need to login to passworded forum first?
165 if ($post_data['forum_password'])
166 {
167 login_forum_box(array(
168 'forum_id' => $forum_id,
169 'forum_password' => $post_data['forum_password'])
170 );
171 }
172
173 // Check permissions
174 if ($user->data['is_bot'])
175 {
176 redirect(append_sid('index'));
177 }
178
179 // Is the user able to read within this forum?
180 if (!$auth->acl_get('f_read', $forum_id))
181 {
182 if ($user->data['user_id'] != ANONYMOUS)
183 {
184 trigger_error('USER_CANNOT_READ');
185 }
186
187 login_box('', $user->lang['LOGIN_EXPLAIN_POST']);
188 }
189
190 // Permission to do the action asked?
191 $is_authed = false;
192
193 switch ($mode)
194 {
195 case 'post':
196 if ($auth->acl_get('f_post', $forum_id))
197 {
198 $is_authed = true;
199 }
200 break;
201
202 case 'bump':
203 if ($auth->acl_get('f_bump', $forum_id))
204 {
205 $is_authed = true;
206 }
207 break;
208
209 case 'quote':
210
211 $post_data['post_edit_locked'] = 0;
212
213 // no break;
214
215 case 'reply':
216 if ($auth->acl_get('f_reply', $forum_id))
217 {
218 $is_authed = true;
219 }
220 break;
221
222 case 'edit':
223 if ($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))
224 {
225 $is_authed = true;
226 }
227 break;
228
229 case 'delete':
230 if ($user->data['is_registered'] && $auth->acl_gets('f_delete', 'm_delete', $forum_id))
231 {
232 $is_authed = true;
233 }
234 break;
235 }
236
237 if (!$is_authed)
238 {
239 $check_auth = ($mode == 'quote') ? 'reply' : $mode;
240
241 if ($user->data['is_registered'])
242 {
243 trigger_error('USER_CANNOT_' . strtoupper($check_auth));
244 }
245
246 login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
247 }
248
249 // Is the user able to post within this forum?
250 if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply')))
251 {
252 trigger_error('USER_CANNOT_FORUM_POST');
253 }
254
255 // Forum/Topic locked?
256 if (($post_data['forum_status'] == ITEM_LOCKED || (isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED)) && !$auth->acl_get('m_edit', $forum_id))
257 {
258 trigger_error(($post_data['forum_status'] == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
259 }
260
261 // Can we edit this post ... if we're a moderator with rights then always yes
262 // else it depends on editing times, lock status and if we're the correct user
263 if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id))
264 {
265 if ($user->data['user_id'] != $post_data['poster_id'])
266 {
267 trigger_error('USER_CANNOT_EDIT');
268 }
269
270 if (!($post_data['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time']))
271 {
272 trigger_error('CANNOT_EDIT_TIME');
273 }
274
275 if ($post_data['post_edit_locked'])
276 {
277 trigger_error('CANNOT_EDIT_POST_LOCKED');
278 }
279 }
280
281 // Handle delete mode...
282 if ($mode == 'delete')
283 {
284 handle_post_delete($forum_id, $topic_id, $post_id, $post_data);
285 return;
286 }
287
288 // Handle bump mode...
289 if ($mode == 'bump')
290 {
291 if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id'])
292 && check_link_hash(request_var('hash', ''), "topic_{$post_data['topic_id']}"))
293 {
294 $db->sql_transaction('begin');
295
296 $sql = 'UPDATE ' . POSTS_TABLE . "
297 SET post_time = $current_time
298 WHERE post_id = {$post_data['topic_last_post_id']}
299 AND topic_id = $topic_id";
300 $db->sql_query($sql);
301
302 $sql = 'UPDATE ' . TOPICS_TABLE . "
303 SET topic_last_post_time = $current_time,
304 topic_bumped = 1,
305 topic_bumper = " . $user->data['user_id'] . "
306 WHERE topic_id = $topic_id";
307 $db->sql_query($sql);
308
309 update_post_information('forum', $forum_id);
310
311 $sql = 'UPDATE ' . USERS_TABLE . "
312 SET user_lastpost_time = $current_time
313 WHERE user_id = " . $user->data['user_id'];
314 $db->sql_query($sql);
315
316 $db->sql_transaction('commit');
317
318 markread('post', $forum_id, $topic_id, $current_time);
319
320 add_log('mod', $forum_id, $topic_id, 'LOG_BUMP_TOPIC', $post_data['topic_title']);
321
322 $meta_url = append_sid('viewtopic', "f=$forum_id&amp;t=$topic_id&amp;p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}";
323 meta_refresh(3, $meta_url);
324
325 $message = $user->lang['TOPIC_BUMPED'] . '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $meta_url . '">', '</a>');
326 $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid('viewforum', 'f=' . $forum_id) . '">', '</a>');
327
328 trigger_error($message);
329 }
330
331 trigger_error('BUMP_ERROR');
332 }
333
334 // Subject length limiting to 60 characters if first post...
335 if ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_data['post_id']))
336 {
337 $template->assign_var('S_NEW_MESSAGE', true);
338 }
339
340 // Determine some vars
341 if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS)
342 {
343 $post_data['quote_username'] = (!empty($post_data['post_username'])) ? $post_data['post_username'] : $user->lang['GUEST'];
344 }
345 else
346 {
347 $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : '';
348 }
349
350 $post_data['post_edit_locked'] = (isset($post_data['post_edit_locked'])) ? (int) $post_data['post_edit_locked'] : 0;
351 $post_data['post_subject'] = (in_array($mode, array('quote', 'edit'))) ? $post_data['post_subject'] : ((isset($post_data['topic_title'])) ? $post_data['topic_title'] : '');
352 $post_data['topic_time_limit'] = (isset($post_data['topic_time_limit'])) ? (($post_data['topic_time_limit']) ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit']) : 0;
353 $post_data['poll_length'] = (!empty($post_data['poll_length'])) ? (int) $post_data['poll_length'] / 86400 : 0;
354 $post_data['poll_start'] = (!empty($post_data['poll_start'])) ? (int) $post_data['poll_start'] : 0;
355 $post_data['icon_id'] = (!isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply'))) ? 0 : (int) $post_data['icon_id'];
356 $post_data['poll_options'] = array();
357
358 // Get Poll Data
359 if ($post_data['poll_start'])
360 {
361 $sql = 'SELECT poll_option_text
362 FROM ' . POLL_OPTIONS_TABLE . "
363 WHERE topic_id = $topic_id
364 ORDER BY poll_option_id";
365 $result = $db->sql_query($sql);
366
367 while ($row = $db->sql_fetchrow($result))
368 {
369 $post_data['poll_options'][] = trim($row['poll_option_text']);
370 }
371 $db->sql_freeresult($result);
372 }
373
374 $orig_poll_options_size = sizeof($post_data['poll_options']);
375
376 $message_parser = new parse_message();
377
378 if (isset($post_data['post_text']))
379 {
380 $message_parser->message = &$post_data['post_text'];
381 unset($post_data['post_text']);
382 }
383
384 // Set some default variables
385 $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
386
387 foreach ($uninit as $var_name => $default_value)
388 {
389 if (!isset($post_data[$var_name]))
390 {
391 $post_data[$var_name] = $default_value;
392 }
393 }
394 unset($uninit);
395
396 // Always check if the submitted attachment data is valid and belongs to the user.
397 // Further down (especially in submit_post()) we do not check this again.
398 $message_parser->get_submitted_attachment_data($post_data['poster_id']);
399
400 if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode == 'edit')
401 {
402 // Do not change to SELECT *
403 $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename
404 FROM ' . ATTACHMENTS_TABLE . "
405 WHERE post_msg_id = $post_id
406 AND in_message = 0
407 AND is_orphan = 0
408 ORDER BY filetime DESC";
409 $result = $db->sql_query($sql);
410 $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
411 $db->sql_freeresult($result);
412 }
413
414 if ($post_data['poster_id'] == ANONYMOUS)
415 {
416 $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['post_username']) : '';
417 }
418 else
419 {
420 $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['username']) : '';
421 }
422
423 $post_data['enable_urls'] = $post_data['enable_magic_url'];
424
425 if ($mode != 'edit')
426 {
427 $post_data['enable_sig'] = ($config['allow_sig'] && $user->optionget('attachsig')) ? true: false;
428 $post_data['enable_smilies'] = ($config['allow_smilies'] && $user->optionget('smilies')) ? true : false;
429 $post_data['enable_bbcode'] = ($config['allow_bbcode'] && $user->optionget('bbcode')) ? true : false;
430 $post_data['enable_urls'] = true;
431 }
432
433 $post_data['enable_magic_url'] = $post_data['drafts'] = false;
434
435 // User own some drafts?
436 if ($user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
437 {
438 $sql = 'SELECT draft_id
439 FROM ' . DRAFTS_TABLE . '
440 WHERE user_id = ' . $user->data['user_id'] .
441 (($forum_id) ? ' AND forum_id = ' . (int) $forum_id : '') .
442 (($topic_id) ? ' AND topic_id = ' . (int) $topic_id : '') .
443 (($draft_id) ? " AND draft_id <> $draft_id" : '');
444 $result = $db->sql_query_limit($sql, 1);
445
446 if ($db->sql_fetchrow($result))
447 {
448 $post_data['drafts'] = true;
449 }
450 $db->sql_freeresult($result);
451 }
452
453 $check_value = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
454
455 // Check if user is watching this topic
456 if ($mode != 'post' && $config['allow_topic_notify'] && $user->data['is_registered'])
457 {
458 $sql = 'SELECT topic_id
459 FROM ' . TOPICS_WATCH_TABLE . '
460 WHERE topic_id = ' . $topic_id . '
461 AND user_id = ' . $user->data['user_id'];
462 $result = $db->sql_query($sql);
463 $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id');
464 $db->sql_freeresult($result);
465 }
466
467 // Do we want to edit our post ?
468 if ($mode == 'edit' && $post_data['bbcode_uid'])
469 {
470 $message_parser->bbcode_uid = $post_data['bbcode_uid'];
471 }
472
473 // HTML, BBCode, Smilies, Images and Flash status
474 $bbcode_status = ($config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id)) ? true : false;
475 $smilies_status = ($bbcode_status && $config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id)) ? true : false;
476 $img_status = ($bbcode_status && $auth->acl_get('f_img', $forum_id)) ? true : false;
477 $url_status = ($config['allow_post_links']) ? true : false;
478 $flash_status = ($bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash']) ? true : false;
479 $quote_status = ($auth->acl_get('f_reply', $forum_id)) ? true : false;
480
481 // Save Draft
482 if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
483 {
484 $subject = utf8_normalize_nfc(request_var('subject', '', true));
485 $subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject;
486 $message = utf8_normalize_nfc(request_var('message', '', true));
487
488 if ($subject && $message)
489 {
490 if (confirm_box(true))
491 {
492 $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
493 'user_id' => (int) $user->data['user_id'],
494 'topic_id' => (int) $topic_id,
495 'forum_id' => (int) $forum_id,
496 'save_time' => (int) $current_time,
497 'draft_subject' => (string) $subject,
498 'draft_message' => (string) $message)
499 );
500 $db->sql_query($sql);
501
502 $meta_info = ($mode == 'post') ? append_sid('viewforum', 'f=' . $forum_id) : append_sid('viewtopic', "f=$forum_id&amp;t=$topic_id");
503
504 meta_refresh(3, $meta_info);
505
506 $message = $user->lang['DRAFT_SAVED'] . '<br /><br />';
507 $message .= ($mode != 'post') ? sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $meta_info . '">', '</a>') . '<br /><br />' : '';
508 $message .= sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid('viewforum', 'f=' . $forum_id) . '">', '</a>');
509
510 trigger_error($message);
511 }
512 else
513 {
514 $s_hidden_fields = build_hidden_fields(array(
515 'mode' => $mode,
516 'save' => true,
517 'f' => $forum_id,
518 't' => $topic_id,
519 'subject' => $subject,
520 'message' => $message,
521 'attachment_data' => $message_parser->attachment_data,
522 )
523 );
524
525 confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
526 }
527 }
528 else
529 {
530 if (utf8_clean_string($subject) === '')
531 {
532 $error[] = $user->lang['EMPTY_SUBJECT'];
533 }
534
535 if (utf8_clean_string($message) === '')
536 {
537 $error[] = $user->lang['TOO_FEW_CHARS'];
538 }
539 }
540 unset($subject, $message);
541 }
542
543 // Load requested Draft
544 if ($draft_id && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $user->data['is_registered'] && $auth->acl_get('u_savedrafts'))
545 {
546 $sql = 'SELECT draft_subject, draft_message
547 FROM ' . DRAFTS_TABLE . "
548 WHERE draft_id = $draft_id
549 AND user_id = " . $user->data['user_id'];
550 $result = $db->sql_query_limit($sql, 1);
551 $row = $db->sql_fetchrow($result);
552 $db->sql_freeresult($result);
553
554 if ($row)
555 {
556 $post_data['post_subject'] = $row['draft_subject'];
557 $message_parser->message = $row['draft_message'];
558
559 $template->assign_var('S_DRAFT_LOADED', true);
560 }
561 else
562 {
563 $draft_id = 0;
564 }
565 }
566
567 // Load draft overview
568 if ($load && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_data['drafts'])
569 {
570 load_drafts($topic_id, $forum_id);
571 }
572
573 $solved_captcha = false;
574
575 if ($submit || $preview || $refresh)
576 {
577 $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0);
578 $post_data['post_subject'] = utf8_normalize_nfc(request_var('subject', '', true));
579 $message_parser->message = utf8_normalize_nfc(request_var('message', '', true));
580
581 $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true));
582 $post_data['post_edit_reason'] = (!empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? utf8_normalize_nfc(request_var('edit_reason', '', true)) : '';
583
584 $post_data['orig_topic_type'] = $post_data['topic_type'];
585 $post_data['topic_type'] = request_var('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL));
586 $post_data['topic_time_limit'] = request_var('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0));
587 $post_data['icon_id'] = request_var('icon', 0);
588
589 $post_data['enable_bbcode'] = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true;
590 $post_data['enable_smilies'] = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true;
591 $post_data['enable_urls'] = (isset($_POST['disable_magic_url'])) ? 0 : 1;
592 $post_data['enable_sig'] = (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false);
593
594 if ($config['allow_topic_notify'] && $user->data['is_registered'])
595 {
596 $notify = (isset($_POST['notify'])) ? true : false;
597 }
598 else
599 {
600 $notify = false;
601 }
602
603 $topic_lock = (isset($_POST['lock_topic'])) ? true : false;
604 $post_lock = (isset($_POST['lock_post'])) ? true : false;
605 $poll_delete = (isset($_POST['poll_delete'])) ? true : false;
606
607 if ($submit)
608 {
609 $status_switch = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
610 $status_switch = ($status_switch != $check_value);
611 }
612 else
613 {
614 $status_switch = 1;
615 }
616
617 // Delete Poll
618 if ($poll_delete && $mode == 'edit' && sizeof($post_data['poll_options']) &&
619 ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id)))
620 {
621 if ($submit && check_form_key('posting'))
622 {
623 $sql = 'DELETE FROM ' . POLL_OPTIONS_TABLE . "
624 WHERE topic_id = $topic_id";
625 $db->sql_query($sql);
626
627 $sql = 'DELETE FROM ' . POLL_VOTES_TABLE . "
628 WHERE topic_id = $topic_id";
629 $db->sql_query($sql);
630
631 $topic_sql = array(
632 'poll_title' => '',
633 'poll_start' => 0,
634 'poll_length' => 0,
635 'poll_last_vote' => 0,
636 'poll_max_options' => 0,
637 'poll_vote_change' => 0
638 );
639
640 $sql = 'UPDATE ' . TOPICS_TABLE . '
641 SET ' . $db->sql_build_array('UPDATE', $topic_sql) . "
642 WHERE topic_id = $topic_id";
643 $db->sql_query($sql);
644 }
645
646 $post_data['poll_title'] = $post_data['poll_option_text'] = '';
647 $post_data['poll_vote_change'] = $post_data['poll_max_options'] = $post_data['poll_length'] = 0;
648 }
649 else
650 {
651 $post_data['poll_title'] = utf8_normalize_nfc(request_var('poll_title', '', true));
652 $post_data['poll_length'] = request_var('poll_length', 0);
653 $post_data['poll_option_text'] = utf8_normalize_nfc(request_var('poll_option_text', '', true));
654 $post_data['poll_max_options'] = request_var('poll_max_options', 1);
655 $post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0;
656 }
657
658 // If replying/quoting and last post id has changed
659 // give user option to continue submit or return to post
660 // notify and show user the post made between his request and the final submit
661 if (($mode == 'reply' || $mode == 'quote') && $post_data['topic_cur_post_id'] && $post_data['topic_cur_post_id'] != $post_data['topic_last_post_id'])
662 {
663 // Only do so if it is allowed forum-wide
664 if ($post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
665 {
666 if (topic_review($topic_id, $forum_id, 'post_review', $post_data['topic_cur_post_id']))
667 {
668 $template->assign_var('S_POST_REVIEW', true);
669 }
670
671 $submit = false;
672 $refresh = true;
673 }
674 }
675
676 // Parse Attachments - before checksum is calculated
677 $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
678
679 // Grab md5 'checksum' of new message
680 $message_md5 = md5($message_parser->message);
681
682 // Check checksum ... don't re-parse message if the same
683 $update_message = ($mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN) ? true : false;
684
685 // Parse message
686 if ($update_message)
687 {
688 if (sizeof($message_parser->warn_msg))
689 {
690 $error[] = implode('<br />', $message_parser->warn_msg);
691 $message_parser->warn_msg = array();
692 }
693
694 $message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
695
696 // On a refresh we do not care about message parsing errors
697 if (sizeof($message_parser->warn_msg) && $refresh)
698 {
699 $message_parser->warn_msg = array();
700 }
701 }
702 else
703 {
704 $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield'];
705 }
706
707 if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('f_ignoreflood', $forum_id))
708 {
709 // Flood check
710 $last_post_time = 0;
711
712 if ($user->data['is_registered'])
713 {
714 $last_post_time = $user->data['user_lastpost_time'];
715 }
716 else
717 {
718 $sql = 'SELECT post_time AS last_post_time
719 FROM ' . POSTS_TABLE . "
720 WHERE poster_ip = '" . $user->ip . "'
721 AND post_time > " . ($current_time - $config['flood_interval']);
722 $result = $db->sql_query_limit($sql, 1);
723 if ($row = $db->sql_fetchrow($result))
724 {
725 $last_post_time = $row['last_post_time'];
726 }
727 $db->sql_freeresult($result);
728 }
729
730 if ($last_post_time && ($current_time - $last_post_time) < intval($config['flood_interval']))
731 {
732 $error[] = $user->lang['FLOOD_ERROR'];
733 }
734 }
735
736 // Validate username
737 if (($post_data['username'] && !$user->data['is_registered']) || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']))
738 {
739 include(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT);
740
741 if (($result = validate_username($post_data['username'], (!empty($post_data['post_username'])) ? $post_data['post_username'] : '')) !== false)
742 {
743 $user->add_lang('ucp');
744 $error[] = $user->lang[$result . '_USERNAME'];
745 }
746 }
747
748 if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply')))
749 {
750 $vc_response = $captcha->validate();
751 if ($vc_response)
752 {
753 $error[] = $vc_response;
754 }
755 else
756 {
757 $solved_captcha = true;
758 }
759 }
760
761 // check form
762 if (($submit || $preview) && !check_form_key('posting'))
763 {
764 $error[] = $user->lang['FORM_INVALID'];
765 }
766
767 // Parse subject
768 if (!$preview && !$refresh && utf8_clean_string($post_data['post_subject']) === '' && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
769 {
770 $error[] = $user->lang['EMPTY_SUBJECT'];
771 }
772
773 $post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0;
774
775 if ($post_data['poll_option_text'] &&
776 ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
777 && $auth->acl_get('f_poll', $forum_id))
778 {
779 $poll = array(
780 'poll_title' => $post_data['poll_title'],
781 'poll_length' => $post_data['poll_length'],
782 'poll_max_options' => $post_data['poll_max_options'],
783 'poll_option_text' => $post_data['poll_option_text'],
784 'poll_start' => $post_data['poll_start'],
785 'poll_last_vote' => $post_data['poll_last_vote'],
786 'poll_vote_change' => $post_data['poll_vote_change'],
787 'enable_bbcode' => $post_data['enable_bbcode'],
788 'enable_urls' => $post_data['enable_urls'],
789 'enable_smilies' => $post_data['enable_smilies'],
790 'img_status' => $img_status
791 );
792
793 $message_parser->parse_poll($poll);
794
795 $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : '';
796 $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
797
798 /* We reset votes, therefore also allow removing options
799 if ($post_data['poll_last_vote'] && ($poll['poll_options_size'] < $orig_poll_options_size))
800 {
801 $message_parser->warn_msg[] = $user->lang['NO_DELETE_POLL_OPTIONS'];
802 }*/
803 }
804 else
805 {
806 $poll = array();
807 }
808
809 // Check topic type
810 if ($post_data['topic_type'] != POST_NORMAL && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
811 {
812 switch ($post_data['topic_type'])
813 {
814 case POST_GLOBAL:
815 case POST_ANNOUNCE:
816 $auth_option = 'f_announce';
817 break;
818
819 case POST_STICKY:
820 $auth_option = 'f_sticky';
821 break;
822
823 default:
824 $auth_option = '';
825 break;
826 }
827
828 if (!$auth->acl_get($auth_option, $forum_id))
829 {
830 // There is a special case where a user edits his post whereby the topic type got changed by an admin/mod.
831 // Another case would be a mod not having sticky permissions for example but edit permissions.
832 if ($mode == 'edit')
833 {
834 // To prevent non-authed users messing around with the topic type we reset it to the original one.
835 $post_data['topic_type'] = $post_data['orig_topic_type'];
836 }
837 else
838 {
839 $error[] = $user->lang['CANNOT_POST_' . str_replace('F_', '', strtoupper($auth_option))];
840 }
841 }
842 }
843
844 if (sizeof($message_parser->warn_msg))
845 {
846 $error[] = implode('<br />', $message_parser->warn_msg);
847 }
848
849 // DNSBL check
850 if ($config['check_dnsbl'] && !$refresh)
851 {
852 if (($dnsbl = $user->check_dnsbl('post')) !== false)
853 {
854 $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
855 }
856 }
857
858 // Store message, sync counters
859 if (!sizeof($error) && $submit)
860 {
861 // Check if we want to de-globalize the topic... and ask for new forum
862 if ($post_data['topic_type'] != POST_GLOBAL)
863 {
864 $sql = 'SELECT topic_type, forum_id
865 FROM ' . TOPICS_TABLE . "
866 WHERE topic_id = $topic_id";
867 $result = $db->sql_query($sql);
868 $row = $db->sql_fetchrow($result);
869 $db->sql_freeresult($result);
870
871 if ($row && !$row['forum_id'] && $row['topic_type'] == POST_GLOBAL)
872 {
873 $to_forum_id = request_var('to_forum_id', 0);
874
875 if ($to_forum_id)
876 {
877 $sql = 'SELECT forum_type
878 FROM ' . FORUMS_TABLE . '
879 WHERE forum_id = ' . $to_forum_id;
880 $result = $db->sql_query($sql);
881 $forum_type = (int) $db->sql_fetchfield('forum_type');
882 $db->sql_freeresult($result);
883
884 if ($forum_type != FORUM_POST || !$auth->acl_get('f_post', $to_forum_id))
885 {
886 $to_forum_id = 0;
887 }
888 }
889
890 if (!$to_forum_id)
891 {
892 include_once(PHPBB_ROOT_PATH . 'includes/functions_admin.' . PHP_EXT);
893
894 $template->assign_vars(array(
895 'S_FORUM_SELECT' => make_forum_select(false, false, false, true, true, true),
896 'S_UNGLOBALISE' => true)
897 );
898
899 $submit = false;
900 $refresh = true;
901 }
902 else
903 {
904 if (!$auth->acl_get('f_post', $to_forum_id))
905 {
906 // This will only be triggered if the user tried to trick the forum.
907 trigger_error('NOT_AUTHORISED');
908 }
909
910 $forum_id = $to_forum_id;
911 }
912 }
913 }
914
915 if ($submit)
916 {
917 // Lock/Unlock Topic
918 $change_topic_status = $post_data['topic_status'];
919 $perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED)) ? true : false;
920
921 if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock)
922 {
923 $change_topic_status = ITEM_UNLOCKED;
924 }
925 else if ($post_data['topic_status'] == ITEM_UNLOCKED && $topic_lock && $perm_lock_unlock)
926 {
927 $change_topic_status = ITEM_LOCKED;
928 }
929
930 if ($change_topic_status != $post_data['topic_status'])
931 {
932 $sql = 'UPDATE ' . TOPICS_TABLE . "
933 SET topic_status = $change_topic_status
934 WHERE topic_id = $topic_id
935 AND topic_moved_id = 0";
936 $db->sql_query($sql);
937
938 $user_lock = ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $post_data['topic_poster']) ? 'USER_' : '';
939
940 add_log('mod', $forum_id, $topic_id, 'LOG_' . $user_lock . (($change_topic_status == ITEM_LOCKED) ? 'LOCK' : 'UNLOCK'), $post_data['topic_title']);
941 }
942
943 // Lock/Unlock Post Edit
944 if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_LOCKED && !$post_lock && $auth->acl_get('m_edit', $forum_id))
945 {
946 $post_data['post_edit_locked'] = ITEM_UNLOCKED;
947 }
948 else if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_UNLOCKED && $post_lock && $auth->acl_get('m_edit', $forum_id))
949 {
950 $post_data['post_edit_locked'] = ITEM_LOCKED;
951 }
952
953 $data = array(
954 'topic_title' => (empty($post_data['topic_title'])) ? $post_data['post_subject'] : $post_data['topic_title'],
955 'topic_first_post_id' => (isset($post_data['topic_first_post_id'])) ? (int) $post_data['topic_first_post_id'] : 0,
956 'topic_last_post_id' => (isset($post_data['topic_last_post_id'])) ? (int) $post_data['topic_last_post_id'] : 0,
957 'topic_time_limit' => (int) $post_data['topic_time_limit'],
958 'topic_attachment' => (isset($post_data['topic_attachment'])) ? (int) $post_data['topic_attachment'] : 0,
959 'post_id' => (int) $post_id,
960 'topic_id' => (int) $topic_id,
961 'forum_id' => (int) $forum_id,
962 'icon_id' => (int) $post_data['icon_id'],
963 'poster_id' => (int) $post_data['poster_id'],
964 'enable_sig' => (bool) $post_data['enable_sig'],
965 'enable_bbcode' => (bool) $post_data['enable_bbcode'],
966 'enable_smilies' => (bool) $post_data['enable_smilies'],
967 'enable_urls' => (bool) $post_data['enable_urls'],
968 'enable_indexing' => (bool) $post_data['enable_indexing'],
969 'message_md5' => (string) $message_md5,
970 'post_time' => (isset($post_data['post_time'])) ? (int) $post_data['post_time'] : $current_time,
971 'post_checksum' => (isset($post_data['post_checksum'])) ? (string) $post_data['post_checksum'] : '',
972 'post_edit_reason' => $post_data['post_edit_reason'],
973 'post_edit_user' => ($mode == 'edit') ? $user->data['user_id'] : ((isset($post_data['post_edit_user'])) ? (int) $post_data['post_edit_user'] : 0),
974 'forum_parents' => $post_data['forum_parents'],
975 'forum_name' => $post_data['forum_name'],
976 'notify' => $notify,
977 'notify_set' => $post_data['notify_set'],
978 'poster_ip' => (isset($post_data['poster_ip'])) ? $post_data['poster_ip'] : $user->ip,
979 'post_edit_locked' => (int) $post_data['post_edit_locked'],
980 'bbcode_bitfield' => $message_parser->bbcode_bitfield,
981 'bbcode_uid' => $message_parser->bbcode_uid,
982 'message' => $message_parser->message,
983 'attachment_data' => $message_parser->attachment_data,
984 'filename_data' => $message_parser->filename_data,
985
986 'topic_approved' => (isset($post_data['topic_approved'])) ? $post_data['topic_approved'] : false,
987 'post_approved' => (isset($post_data['post_approved'])) ? $post_data['post_approved'] : false,
988 );
989
990 if ($mode == 'edit')
991 {
992 $data['topic_replies_real'] = (int) $post_data['topic_replies_real'];
993 $data['topic_replies'] = (int) $post_data['topic_replies'];
994 }
995
996 $redirect_url = submit_post($mode, $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message);
997 if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply')))
998 {
999 $captcha->reset();
1000 }
1001 // Check the permissions for post approval, as well as the queue trigger where users are put on approval with a post count lower than specified. Moderators are not affected.
1002 if ((($config['enable_queue_trigger'] && $user->data['user_posts'] < $config['queue_trigger_posts']) || !$auth->acl_get('f_noapprove', $data['forum_id'])) && !$auth->acl_get('m_approve', $data['forum_id']))
1003 {
1004 meta_refresh(10, $redirect_url);
1005 $message = ($mode == 'edit') ? $user->lang['POST_EDITED_MOD'] : $user->lang['POST_STORED_MOD'];
1006 $message .= (($user->data['user_id'] == ANONYMOUS) ? '' : ' '. $user->lang['POST_APPROVAL_NOTIFY']);
1007 }
1008 else
1009 {
1010 meta_refresh(3, $redirect_url);
1011
1012 $message = ($mode == 'edit') ? 'POST_EDITED' : 'POST_STORED';
1013 $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $redirect_url . '">', '</a>');
1014 }
1015
1016 $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid('viewforum', 'f=' . $data['forum_id']) . '">', '</a>');
1017 trigger_error($message);
1018 }
1019 }
1020 }
1021
1022 // Preview
1023 if (!sizeof($error) && $preview)
1024 {
1025 $post_data['post_time'] = ($mode == 'edit') ? $post_data['post_time'] : $current_time;
1026
1027 $preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false);
1028
1029 $preview_signature = ($mode == 'edit') ? $post_data['user_sig'] : $user->data['user_sig'];
1030 $preview_signature_uid = ($mode == 'edit') ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid'];
1031 $preview_signature_bitfield = ($mode == 'edit') ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield'];
1032
1033 // Signature
1034 if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('f_sigs', $forum_id))
1035 {
1036 $parse_sig = new parse_message($preview_signature);
1037 $parse_sig->bbcode_uid = $preview_signature_uid;
1038 $parse_sig->bbcode_bitfield = $preview_signature_bitfield;
1039
1040 // Not sure about parameters for bbcode/smilies/urls... in signatures
1041 $parse_sig->format_display($config['allow_sig_bbcode'], true, $config['allow_sig_smilies']);
1042 $preview_signature = $parse_sig->message;
1043 unset($parse_sig);
1044 }
1045 else
1046 {
1047 $preview_signature = '';
1048 }
1049
1050 $preview_subject = censor_text($post_data['post_subject']);
1051
1052 // Poll Preview
1053 if (!$poll_delete && ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1054 && $auth->acl_get('f_poll', $forum_id))
1055 {
1056 $parse_poll = new parse_message($post_data['poll_title']);
1057 $parse_poll->bbcode_uid = $message_parser->bbcode_uid;
1058 $parse_poll->bbcode_bitfield = $message_parser->bbcode_bitfield;
1059
1060 $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1061
1062 if ($post_data['poll_length'])
1063 {
1064 $poll_end = ($post_data['poll_length'] * 86400) + (($post_data['poll_start']) ? $post_data['poll_start'] : time());
1065 }
1066
1067 $template->assign_vars(array(
1068 'S_HAS_POLL_OPTIONS' => (sizeof($post_data['poll_options'])),
1069 'S_IS_MULTI_CHOICE' => ($post_data['poll_max_options'] > 1) ? true : false,
1070
1071 'POLL_QUESTION' => $parse_poll->message,
1072
1073 'L_POLL_LENGTH' => ($post_data['poll_length']) ? sprintf($user->lang['POLL_RUN_TILL'], $user->format_date($poll_end)) : '',
1074 'L_MAX_VOTES' => ($post_data['poll_max_options'] == 1) ? $user->lang['MAX_OPTION_SELECT'] : sprintf($user->lang['MAX_OPTIONS_SELECT'], $post_data['poll_max_options']))
1075 );
1076
1077 $parse_poll->message = implode("\n", $post_data['poll_options']);
1078 $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1079 $preview_poll_options = explode('<br />', $parse_poll->message);
1080 unset($parse_poll);
1081
1082 foreach ($preview_poll_options as $key => $option)
1083 {
1084 $template->assign_block_vars('poll_option', array(
1085 'POLL_OPTION_CAPTION' => $option,
1086 'POLL_OPTION_ID' => $key + 1)
1087 );
1088 }
1089 unset($preview_poll_options);
1090 }
1091
1092 // Attachment Preview
1093 if (sizeof($message_parser->attachment_data))
1094 {
1095 $template->assign_var('S_HAS_ATTACHMENTS', true);
1096
1097 $update_count = array();
1098 $attachment_data = $message_parser->attachment_data;
1099
1100 parse_attachments($forum_id, $preview_message, $attachment_data, $update_count, true);
1101
1102 foreach ($attachment_data as $i => $attachment)
1103 {
1104 $template->assign_block_vars('attachment', array(
1105 'DISPLAY_ATTACHMENT' => $attachment)
1106 );
1107 }
1108 unset($attachment_data);
1109 }
1110
1111 if (!sizeof($error))
1112 {
1113 $template->assign_vars(array(
1114 'PREVIEW_SUBJECT' => $preview_subject,
1115 'PREVIEW_MESSAGE' => $preview_message,
1116 'PREVIEW_SIGNATURE' => $preview_signature,
1117
1118 'S_DISPLAY_PREVIEW' => true)
1119 );
1120 }
1121 }
1122
1123 // Decode text for message display
1124 $post_data['bbcode_uid'] = ($mode == 'quote' && !$preview && !$refresh && !sizeof($error)) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid;
1125 $message_parser->decode_message($post_data['bbcode_uid']);
1126
1127 if ($mode == 'quote' && !$submit && !$preview && !$refresh)
1128 {
1129 $message_parser->message = '[quote=&quot;' . $post_data['quote_username'] . '&quot;]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
1130 }
1131
1132 if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh)
1133 {
1134 $post_data['post_subject'] = ((strpos($post_data['post_subject'], 'Re: ') !== 0) ? 'Re: ' : '') . censor_text($post_data['post_subject']);
1135 }
1136
1137 $attachment_data = $message_parser->attachment_data;
1138 $filename_data = $message_parser->filename_data;
1139 $post_data['post_text'] = $message_parser->message;
1140
1141 if (sizeof($post_data['poll_options']) && $post_data['poll_title'])
1142 {
1143 $message_parser->message = $post_data['poll_title'];
1144 $message_parser->bbcode_uid = $post_data['bbcode_uid'];
1145
1146 $message_parser->decode_message();
1147 $post_data['poll_title'] = $message_parser->message;
1148
1149 $message_parser->message = implode("\n", $post_data['poll_options']);
1150 $message_parser->decode_message();
1151 $post_data['poll_options'] = explode("\n", $message_parser->message);
1152 }
1153
1154 // MAIN POSTING PAGE BEGINS HERE
1155
1156 // Forum moderators?
1157 $moderators = array();
1158 get_moderators($moderators, $forum_id);
1159
1160 // Generate smiley listing
1161 generate_smilies('inline', $forum_id);
1162
1163 // Generate inline attachment select box
1164 posting_gen_inline_attachments($attachment_data);
1165
1166 // Do show topic type selection only in first post.
1167 $topic_type_toggle = false;
1168
1169 if ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']))
1170 {
1171 $topic_type_toggle = posting_gen_topic_types($forum_id, $post_data['topic_type']);
1172 }
1173
1174 $s_topic_icons = false;
1175 if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
1176 {
1177 $s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']);
1178 }
1179
1180 $bbcode_checked = (isset($post_data['enable_bbcode'])) ? !$post_data['enable_bbcode'] : (($config['allow_bbcode']) ? !$user->optionget('bbcode') : 1);
1181 $smilies_checked = (isset($post_data['enable_smilies'])) ? !$post_data['enable_smilies'] : (($config['allow_smilies']) ? !$user->optionget('smilies') : 1);
1182 $urls_checked = (isset($post_data['enable_urls'])) ? !$post_data['enable_urls'] : 0;
1183 $sig_checked = $post_data['enable_sig'];
1184 $lock_topic_checked = (isset($topic_lock) && $topic_lock) ? $topic_lock : (($post_data['topic_status'] == ITEM_LOCKED) ? 1 : 0);
1185 $lock_post_checked = (isset($post_lock)) ? $post_lock : $post_data['post_edit_locked'];
1186
1187 // If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting
1188 $notify_set = ($mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set']) ? $user->data['user_notify'] : $post_data['notify_set'];
1189 $notify_checked = (isset($notify)) ? $notify : (($mode == 'post') ? $user->data['user_notify'] : $notify_set);
1190
1191 // Page title & action URL, include session_id for security purpose
1192 $s_action = append_sid('posting', "mode=$mode&amp;f=$forum_id", true, $user->session_id);
1193 $s_action .= ($topic_id) ? "&amp;t=$topic_id" : '';
1194 $s_action .= ($post_id) ? "&amp;p=$post_id" : '';
1195
1196 switch ($mode)
1197 {
1198 case 'post':
1199 $page_title = $user->lang['POST_TOPIC'];
1200 break;
1201
1202 case 'quote':
1203 case 'reply':
1204 $page_title = $user->lang['POST_REPLY'];
1205 break;
1206
1207 case 'delete':
1208 case 'edit':
1209 $page_title = $user->lang['EDIT_POST'];
1210 break;
1211 }
1212
1213 // Build Navigation Links
1214 generate_forum_nav($post_data);
1215
1216 // Build Forum Rules
1217 generate_forum_rules($post_data);
1218
1219 if ($config['enable_post_confirm'] && !$user->data['is_registered'] && $solved_captcha === false && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
1220 {
1221 $captcha->reset();
1222
1223 $template->assign_vars(array(
1224 'S_CONFIRM_CODE' => true,
1225 'CONFIRM' => $captcha->get_template(),
1226 ));
1227 }
1228
1229 $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : '';
1230 $s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
1231 $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', $draft_id) . '" />' : '';
1232
1233 // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview
1234 if ($solved_captcha !== false)
1235 {
1236 $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
1237 }
1238
1239 $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_attachments'] || !$auth->acl_get('u_attach') || !$auth->acl_get('f_attach', $forum_id)) ? '' : ' enctype="multipart/form-data"';
1240 add_form_key('posting');
1241
1242
1243 // Start assigning vars for main posting page ...
1244 $template->assign_vars(array(
1245 'L_POST_A' => $page_title,
1246 'L_ICON' => ($mode == 'reply' || $mode == 'quote' || ($mode == 'edit' && $post_id != $post_data['topic_first_post_id'])) ? $user->lang['POST_ICON'] : $user->lang['TOPIC_ICON'],
1247 'L_MESSAGE_BODY_EXPLAIN' => (intval($config['max_post_chars'])) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '',
1248
1249 'FORUM_NAME' => $post_data['forum_name'],
1250 'FORUM_DESC' => ($post_data['forum_desc']) ? generate_text_for_display($post_data['forum_desc'], $post_data['forum_desc_uid'], $post_data['forum_desc_bitfield'], $post_data['forum_desc_options']) : '',
1251 'TOPIC_TITLE' => censor_text($post_data['topic_title']),
1252 'MODERATORS' => (sizeof($moderators)) ? implode(', ', $moderators[$forum_id]) : '',
1253 'USERNAME' => ((!$preview && $mode != 'quote') || $preview) ? $post_data['username'] : '',
1254 'SUBJECT' => $post_data['post_subject'],
1255 'MESSAGE' => $post_data['post_text'],
1256 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid('faq', 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid('faq', 'mode=bbcode') . '">', '</a>'),
1257 'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
1258 'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
1259 'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
1260 'URL_STATUS' => ($bbcode_status && $url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
1261 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']),
1262 'POST_DATE' => ($post_data['post_time']) ? $user->format_date($post_data['post_time']) : '',
1263 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
1264 'TOPIC_TIME_LIMIT' => (int) $post_data['topic_time_limit'],
1265 'EDIT_REASON' => $post_data['post_edit_reason'],
1266 'U_VIEW_FORUM' => append_sid('viewforum', "f=$forum_id"),
1267 'U_VIEW_TOPIC' => ($mode != 'post') ? append_sid('viewtopic', "f=$forum_id&amp;t=$topic_id") : '',
1268 'U_PROGRESS_BAR' => append_sid('posting', "f=$forum_id&amp;mode=popup"),
1269 'UA_PROGRESS_BAR' => addslashes(append_sid('posting', "f=$forum_id&amp;mode=popup")),
1270
1271 'S_PRIVMSGS' => false,
1272 'S_CLOSE_PROGRESS_WINDOW' => (isset($_POST['add_file'])) ? true : false,
1273 'S_EDIT_POST' => ($mode == 'edit') ? true : false,
1274 'S_EDIT_REASON' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1275 'S_DISPLAY_USERNAME' => (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false,
1276 'S_SHOW_TOPIC_ICONS' => $s_topic_icons,
1277 'S_DELETE_ALLOWED' => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id) && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) || $auth->acl_get('m_delete', $forum_id))) ? true : false,
1278 'S_BBCODE_ALLOWED' => $bbcode_status,
1279 'S_BBCODE_CHECKED' => ($bbcode_checked) ? ' checked="checked"' : '',
1280 'S_SMILIES_ALLOWED' => $smilies_status,
1281 'S_SMILIES_CHECKED' => ($smilies_checked) ? ' checked="checked"' : '',
1282 'S_SIG_ALLOWED' => ($auth->acl_get('f_sigs', $forum_id) && $config['allow_sig'] && $user->data['is_registered']) ? true : false,
1283 'S_SIGNATURE_CHECKED' => ($sig_checked) ? ' checked="checked"' : '',
1284 'S_NOTIFY_ALLOWED' => (!$user->data['is_registered'] || ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) || !$config['allow_topic_notify'] || !$config['email_enable']) ? false : true,
1285 'S_NOTIFY_CHECKED' => ($notify_checked) ? ' checked="checked"' : '',
1286 'S_LOCK_TOPIC_ALLOWED' => (($mode == 'edit' || $mode == 'reply' || $mode == 'quote') && ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED))) ? true : false,
1287 'S_LOCK_TOPIC_CHECKED' => ($lock_topic_checked) ? ' checked="checked"' : '',
1288 'S_LOCK_POST_ALLOWED' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1289 'S_LOCK_POST_CHECKED' => ($lock_post_checked) ? ' checked="checked"' : '',
1290 'S_LINKS_ALLOWED' => $url_status,
1291 'S_MAGIC_URL_CHECKED' => ($urls_checked) ? ' checked="checked"' : '',
1292 'S_TYPE_TOGGLE' => $topic_type_toggle,
1293 'S_SAVE_ALLOWED' => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $mode != 'edit') ? true : false,
1294 'S_HAS_DRAFTS' => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $post_data['drafts']) ? true : false,
1295 'S_FORM_ENCTYPE' => $form_enctype,
1296
1297 'S_BBCODE_IMG' => $img_status,
1298 'S_BBCODE_URL' => $url_status,
1299 'S_BBCODE_FLASH' => $flash_status,
1300 'S_BBCODE_QUOTE' => $quote_status,
1301
1302 'S_POST_ACTION' => $s_action,
1303 'S_HIDDEN_FIELDS' => $s_hidden_fields)
1304 );
1305
1306 // Build custom bbcodes array
1307 display_custom_bbcodes();
1308
1309 // Poll entry
1310 if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1311 && $auth->acl_get('f_poll', $forum_id))
1312 {
1313 $template->assign_vars(array(
1314 'S_SHOW_POLL_BOX' => true,
1315 'S_POLL_VOTE_CHANGE' => ($auth->acl_get('f_votechg', $forum_id)),
1316 'S_POLL_DELETE' => ($mode == 'edit' && sizeof($post_data['poll_options']) && ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))),
1317 'S_POLL_DELETE_CHECKED' => (!empty($poll_delete)) ? true : false,
1318
1319 'L_POLL_OPTIONS_EXPLAIN' => sprintf($user->lang['POLL_OPTIONS_' . (($mode == 'edit') ? 'EDIT_' : '') . 'EXPLAIN'], $config['max_poll_options']),
1320
1321 'VOTE_CHANGE_CHECKED' => (!empty($post_data['poll_vote_change'])) ? ' checked="checked"' : '',
1322 'POLL_TITLE' => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '',
1323 'POLL_OPTIONS' => (!empty($post_data['poll_options'])) ? implode("\n", $post_data['poll_options']) : '',
1324 'POLL_MAX_OPTIONS' => (isset($post_data['poll_max_options'])) ? (int) $post_data['poll_max_options'] : 1,
1325 'POLL_LENGTH' => $post_data['poll_length'])
1326 );
1327 }
1328
1329 // Show attachment box for adding attachments if true
1330 $allowed = ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && $config['allow_attachments'] && $form_enctype);
1331
1332 // Attachment entry
1333 posting_gen_attachment_entry($attachment_data, $filename_data, $allowed);
1334
1335 // Output page ...
1336 page_header($page_title);
1337
1338 $template->set_filenames(array(
1339 'body' => 'posting_body.html')
1340 );
1341
1342 make_jumpbox(append_sid('viewforum'));
1343
1344 // Topic review
1345 if ($mode == 'reply' || $mode == 'quote')
1346 {
1347 if (topic_review($topic_id, $forum_id))
1348 {
1349 $template->assign_var('S_DISPLAY_REVIEW', true);
1350 }
1351 }
1352
1353 page_footer();
1354
1355 /**
1356 * Show upload popup (progress bar)
1357 */
1358 function upload_popup($forum_style = 0)
1359 {
1360 global $template, $user;
1361
1362 ($forum_style) ? $user->setup('posting', $forum_style) : $user->setup('posting');
1363
1364 page_header($user->lang['PROGRESS_BAR']);
1365
1366 $template->set_filenames(array(
1367 'popup' => 'posting_progress_bar.html')
1368 );
1369
1370 $template->assign_vars(array(
1371 'PROGRESS_BAR' => $user->img('upload_bar', $user->lang['UPLOAD_IN_PROGRESS']))
1372 );
1373
1374 $template->display('popup');
1375
1376 garbage_collection();
1377 exit_handler();
1378 }
1379
1380 /**
1381 * Do the various checks required for removing posts as well as removing it
1382 */
1383 function handle_post_delete($forum_id, $topic_id, $post_id, &$post_data)
1384 {
1385 global $user, $db, $auth, $config;
1386
1387 // If moderator removing post or user itself removing post, present a confirmation screen
1388 if ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_delete', $forum_id) && $post_id == $post_data['topic_last_post_id'] && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])))
1389 {
1390 $s_hidden_fields = build_hidden_fields(array(
1391 'p' => $post_id,
1392 'f' => $forum_id,
1393 'mode' => 'delete')
1394 );
1395
1396 if (confirm_box(true))
1397 {
1398 $data = array(
1399 'topic_first_post_id' => $post_data['topic_first_post_id'],
1400 'topic_last_post_id' => $post_data['topic_last_post_id'],
1401 'topic_replies_real' => $post_data['topic_replies_real'],
1402 'topic_approved' => $post_data['topic_approved'],
1403 'topic_type' => $post_data['topic_type'],
1404 'post_approved' => $post_data['post_approved'],
1405 'post_reported' => $post_data['post_reported'],
1406 'post_time' => $post_data['post_time'],
1407 'poster_id' => $post_data['poster_id'],
1408 'post_postcount' => $post_data['post_postcount']
1409 );
1410
1411 $next_post_id = delete_post($forum_id, $topic_id, $post_id, $data);
1412
1413 if ($next_post_id === false)
1414 {
1415 add_log('mod', $forum_id, $topic_id, 'LOG_DELETE_TOPIC', $post_data['topic_title']);
1416
1417 $meta_info = append_sid('viewforum', "f=$forum_id");
1418 $message = $user->lang['POST_DELETED'];
1419 }
1420 else
1421 {
1422 add_log('mod', $forum_id, $topic_id, 'LOG_DELETE_POST', $post_data['post_subject']);
1423
1424 $meta_info = append_sid('viewtopic', "f=$forum_id&amp;t=$topic_id&amp;p=$next_post_id") . "#p$next_post_id";
1425 $message = $user->lang['POST_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $meta_info . '">', '</a>');
1426 }
1427
1428 meta_refresh(3, $meta_info);
1429 $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid('viewforum', 'f=' . $forum_id) . '">', '</a>');
1430 trigger_error($message);
1431 }
1432 else
1433 {
1434 confirm_box(false, 'DELETE_POST', $s_hidden_fields);
1435 }
1436 }
1437
1438 // If we are here the user is not able to delete - present the correct error message
1439 if ($post_data['poster_id'] != $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id))
1440 {
1441 trigger_error('DELETE_OWN_POSTS');
1442 }
1443
1444 if ($post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id) && $post_id != $post_data['topic_last_post_id'])
1445 {
1446 trigger_error('CANNOT_DELETE_REPLIED');
1447 }
1448
1449 trigger_error('USER_CANNOT_DELETE');
1450 }
1451
1452 ?>
phpbb is a php-based BBS (buletin board system)