search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
SO 1-final
[specialops1.git] / post.php
blobffc938152cdaba8f0b0038063d11607fb2a4c0ba
1 <?php
2 require 'config.php';
3 require 'include/class.message.php';
4 $require_login = true;
5 $page_name = isset($_GET['t']) ? 'Post Message' : 'Create Topic';
6
7 $boardinfo = mysql_fetch_row(mysql_query('SELECT `post_level`, `topic_level`, `board` FROM `boards`
8 WHERE `board` = '.intval($_GET['b'])));
9
10 $level_restriction = isset ($_GET['t']) ? $boardinfo[0] : $boardinfo[1];
11 $topic_level = $boardinfo[1];
12 require 'top.inc.php';
13
14 // Board/topic checking
15 if ( empty($boardinfo[2]) || !is_numeric($_GET['b']) || (isset($_GET['t']) && !is_numeric($_GET['t'])) )
16 stop('Invalid link.');
17
18 elseif ( isset($_GET['t']) &&
19 !mysql_result(mysql_query('SELECT COUNT(*) FROM `topics` WHERE `topic` = '.intval($_GET['t']).' AND `board` = '.intval($_GET['b'])), 0) )
20 stop('Invalid topic link.');
21
22 elseif ( isset($_GET['t']) &&
23 mysql_result(mysql_query('SELECT `visible` FROM `topics` WHERE `topic` = '.intval($_GET['t'])), 0) < 0 )
24 stop('<div class="alert">This topic has been closed or deleted. You cannot post in it.</div>');
25
26 // Rate limits
27 $msglimit = 180 / $userinfo['level'];
28 $tpclimit = 90 - $userinfo['level'];
29
30 if ( isset($_POST['submit']) ) {
31 // Strip crap from topic title
32 $topic_title = trim($_POST['topictitle']);
33 if ( $userinfo['level'] >= ADMIN && $_POST['tophtm'] )
34 $html_title = $topic_title;
35 elseif ( $userinfo['level'] >= REG_USER && $_POST['tophtm'] )
36 $html_title = '<em>'.htmlspecialchars($topic_title).'</em>';
37 else
38 $html_title = htmlspecialchars($topic_title);
39
40 $user_message = new Message($_POST['msgtext']);
41 if ( $user_message->output !== false )
42 $html_message = $user_message->output;
43
44 // Error checks
45 if ( empty($_GET['t']) && $topic_title === '' )
46 echo '<div class="alert">Topic titles can\'t be blank.</div>';
47 elseif ( trim(preg_replace('#<[a-z]+.*>#Usi', '', $html_message)) === '' )
48 echo '<div class="alert">You can\'t post blank messages.</div>';
49 elseif ( $user_message->output === false )
50 echo '<div class="alert">You have an HTML error in your post somewhere.</div>';
51
52 // Shows preview if there are no errors
53 elseif ( $_POST['submit'] === 'Preview' ) {
54 echo '<div class="alert">Preview Message</div>',"\n",
55 ( !empty($html_title) ? '<div class="c2">Topic: '.$html_title."</div>\n" : '' ).
56 '<div class="c1">',$html_message,"</div>\n";
57 }
58
59 // The post bit
60 elseif ( $_POST['submit'] ) {
61 if ( empty($_GET['t']) ) {
62 if ( mysql_result(mysql_query('SELECT COUNT(*) FROM `topics`
63 WHERE `title` = \''.mysql_real_escape_string(strip_tags($html_title)).'\'
64 AND `board` = '.intval($_GET['b'])), 0) >= 1)
65 stop('<div class="alert">A topic with this title has already been posted on this board.</div>');
66 mysql_query('INSERT INTO `topics` (`title`, `board`, `user`) VALUES (
67 \''.mysql_real_escape_string($html_title).'\',
68 '.intval($_GET['b']).',
69 '.$userinfo['user'].')');
70 $topicid = mysql_insert_id();
71 $thingy = 'board';
72 } else {
73 $topicid = intval($_GET['t']);
74 $thingy = 'topic';
75 }
76 mysql_query('INSERT INTO `message-data` (`content`) VALUES (\''.mysql_real_escape_string ($html_message).'\')');
77 mysql_query('INSERT INTO `messages` (`message`, `topic`, `user`, `ip`, `time`) VALUES (
78 LAST_INSERT_ID(),
79 '.$topicid.',
80 '.$userinfo['user'].',
81 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\'),
82 NOW()
83 )');
84
85 if ( $userinfo['points'] <= 74 )
86 mysql_query('UPDATE `users` SET `points` = (`points` + 1) WHERE `user` = '.$userinfo['user']);
87 else
88 mysql_query('UPDATE `users` SET `points` = 0, `cookies` = (`cookies` + 1) WHERE `user` = '.$userinfo['user']);
89
90 header('HTTP/1.1 303 See Other');
91 header('Location: view'.$thingy.'.php'.URL_STRING);
92
93 stop('Return to from which you <a href="'.$thingy.'.php'.URL_STRING.'">came</a>.');
94 }
95 }
96
97 $msgtext = isset($_POST['msgtext']) ? htmlspecialchars($_POST['msgtext']) : '';
98
99 if ( !$msgtext && $userinfo['sig'] )
100 $msgtext = '
101 ---
102 '.$userinfo['sig'];
103
104 echo '<div class="c3">Post Message</div>';
105
106 if ( empty($_GET['t']) ) {
107 echo '<form method="post" action="',$_SERVER['PHP_SELF'],URL_STRING,"\">\n",
108 "<fieldset>\n",
109 "<legend>Topic</legend>\n";
110
111 echo 'Topic Title';
112 if ( $userinfo['level'] >= ADMIN )
113 echo '<small>(<label for="title_html">Enable HTML <input type="checkbox" name="tophtm"',
114 ( !empty($_POST['tophtm']) ? ' checked="checked"' : '' ),' accesskey="e"/></label>)</small>',"\n";
115 echo '<br/>
116 <input type="text" maxlength="80" style="width: 100%; display: block"'.( isset($topic_title) ? ' value="'.htmlentities ($topic_title).'"' : '' ).' name="topictitle"/>
117 </fieldset>';
118 } else {
119 list($topicname) = mysql_fetch_row(mysql_query('SELECT `title` FROM `topics` WHERE `topic` = '.intval($_GET['t'])));
120 echo '<form method="post" action="',$_SERVER['PHP_SELF'],URL_STRING,"\">\n",
121 '<div class="c2">Topic: <a href="topic.php',URL_STRING,'">',$topicname,"</a></div>\n";
122 }
123
124 echo '<fieldset>
125 <legend>Message <small>(X)</small></legend>
126 <textarea style="width: 100%" rows="20" cols="80" name="msgtext" accesskey="x">',$msgtext,'</textarea>
127
128 <div>
129 <button type="submit" name="submit" value="post" accesskey="p"><u>P</u>ost</button>
130 <button type="submit" name="submit" value="Preview" accesskey="r">P<u>r</u>eview</button>
131 </div>
132 </fieldset>
133 </form>';
134
135 require 'foot.php';
136 ?>
Special Ops source code from the bad old days