search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Improved the CSS id/class stuff.
[specialops2.git] / post.php
blobe458cf67a48d9bb03cb0995821fcda924ed0d98d
1 <?php
2 // $Id$
3
4 $prefetch = array('`points`', '`sig`');
5 require 'con.php';
6 $page->title = 'Post Message';
7
8 define('MSG_MIN_LENGTH', 1);
9 define('MSG_MAX_LENGTH', 10000);
10 define('TOPIC_MIN_LENGTH', 3);
11 define('TOPIC_MAX_LENGTH', 60);
12
13 if ( isset($_GET['message']) ) {
14 $messageid = intval($_GET['message']);
15 $q = $DB->query('SELECT `topicid` FROM `messages` WHERE `messageid` = '.$messageid)->fetch_row();
16
17 if ( !is_array($q) ) {
18 $page->errorfooter('messageid');
19 }
20
21 $topicid = $q[0];
22 $topic = $DB->query('SELECT `topic_title`, `boardid` FROM `topics` WHERE `topicid` = '.$topicid)->fetch_row();
23
24 if ( !is_array($topic) ) {
25 $page->errorfooter('topicid');
26 }
27
28 $boardid = $topic[1];
29 } elseif ( isset($_GET['topic']) ) {
30 $topicid = intval($_GET['topic']);
31 $topic = $DB->query('SELECT `topic_title`, `boardid` FROM `topics` WHERE `topicid` = '.$topicid)->fetch_row();
32
33 if ( !is_array($topic) ) {
34 $page->errorfooter('topicid');
35 }
36
37 $boardid = $topic[1];
38 } else {
39 $boardid = intval($_GET['board']);
40 }
41
42 $board = $DB->query('SELECT `board_name`, `view_restrict`, `post_restrict` FROM `boards` WHERE `boardid` = '.$boardid)->fetch_row();
43
44 if ( !is_array($board) ) { // This board doesn't exist
45 $page->errorfooter('boardid');
46 }
47 if ( ! $user->has_priv('viewboard', $board[1]) ) { // Not allowed to view board
48 $page->errorfooter('level', $board[2]);
49 }
50
51
52 $page->nav['Topic List: '.$board[0]] = 'topiclist?'.$boardid;
53 if ( isset($topicid) ) {
54 $page->nav['Message List: '.$topic[0]] = 'messagelist?'.$topicid;
55 }
56
57
58 if ( ( $user instanceof authuser ) && ! $user->has_priv('postmessage', $board[2]) ) { // Not authorized to post
59 $page->errorfooter('level', $board[1]);
60 }
61 if ( isset($_GET['board']) && ! $user->has_priv('posttopic', $board[2]) ) { // Not allowed to post topics here
62 $page->errorfooter('level', $board[1]);
63 }
64
65
66 /* Form submit code */
67 if ( isset($_POST['post']) || isset($_POST['preview']) ) {
68
69 if ( 'none' === $_POST['html'] ) {
70 $html_type = message::M_HTML_NONE;
71 } elseif ( $user->has_priv('html') && 'all' === $_POST['html'] ) {
72 $html_type = message::M_HTML_ALL;
73 } else {
74 $html_type = message::M_HTML_FILTERED;
75 }
76
77 if ( isset($_POST['nobr']) ) {
78 $html_type |= message::M_NO_NEWLINES;
79 }
80
81 try {
82 if ( !isset($topic) ) {
83 $topic_title = trim(htmlspecialchars($_POST['topic_title']));
84 }
85 $message = new message($_POST['message_text'], $html_type);
86
87 if ( ($m = strlen(trim(strip_tags($message->output)))) < MSG_MIN_LENGTH ) {
88 throw new LengthException('Your message is %d character(s) too short.', MSG_MIN_LENGTH - $m);
89 }
90 if ( ($m = strlen($message->output)) > MSG_MAX_LENGTH ) {
91 throw new LengthException('Your message is %d character(s) too long.', $m - MSG_MAX_LENGTH);
92 }
93
94 if ( !isset($topic) ) {
95 $t = strlen($topic_title);
96 if ( $t < TOPIC_MIN_LENGTH ) {
97 throw new LengthException('Your topic title is %d character(s) too short.', TOPIC_MIN_LENGTH - $t);
98 }
99 if ( $t > TOPIC_MAX_LENGTH ) {
100 throw new LengthException('Your topic title is %d character(s) too long.', $t - TOPIC_MAX_LENGTH);
101 }
102 if ( $DB->query('SELECT COUNT(*) AS `c` FROM `topics`
103 WHERE `topic_title` = '.$DB->string($topic_title).'
104 AND `boardid` = '.$boardid)->fetch_object()->c ) {
105 throw new InvalidInputException('A topic with that name already exists.');
106 }
107 }
108
109 if ( isset($_POST['post']) ) {
110 if ( ! ($user instanceof authuser) ) {
111 throw new Exception('¬_¬');
112 }
113
114 $DB->autocommit(false);
115
116 if ( !isset($topic) ) {
117 $DB->query('INSERT INTO `topics` (`topic_title`, `boardid`, `userid`)
118 VALUES ('.$DB->string($topic_title).', '.$boardid.', @userid )');
119 $topicid = $DB->insert_id;
120 $user->points += 2;
121 } else {
122 $user->points++;
123 }
124
125 if ( !isset($messageid) ) {
126 $messageid = 'NULL';
127 }
128
129 $DB->query('INSERT INTO `messages` (`topicid`, `replyto`, `userid`, `mtime`, `origin_ip`)
130 VALUES ('.$topicid.', '.$messageid.',
131 @userid, UNIX_TIMESTAMP(), INET_ATON("'.$_SERVER['REMOTE_ADDR'].'") )');
132
133 $DB->query('UPDATE `topics` SET `lastpost` = LAST_INSERT_ID() WHERE `topicid` = '.$topicid);
134 $DB->query('INSERT INTO `message-data` (`messageid`, `mtext`)
135 VALUES(LAST_INSERT_ID(), '.$DB->string($message->output).')');
136
137 $DB->commit();
138
139 $r = 'topiclist?'.$boardid;
140 if ( isset($topicid) ) {
141 $r = 'messagelist?'.$topicid;
142 }
143
144 header('Location: http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['REQUEST_URI']).'/'.$r);
145 exit;
146
147 } elseif ( isset($_POST['preview']) ) {
148 $user->userheader();
149 echo
150 '<fieldset><legend>Message Preview</legend>',"\n",
151 ( isset($topic_title) ? '<h2>'.$topic_title."</h2>\n" : '' ),
152 ' <div class="info">From: ',$user->alias,' at ',$user->fdate(time()),"</div>\n",
153 ' <div class="content">',$message->output,"</div>\n",
154 '</fieldset>',"\n";
155 }
156 } catch ( LengthException $e ) {
157 $user->userheader();
158 echo '<p class="error">',sprintf($e->getMessage(), $e->getCode()),"</p>\n";
159 } catch ( InvalidMessageException $e ) {
160 $user->userheader();
161 echo '<p class="error">Your message contains one or more formatting errors (the first error is shown):</p>',"\n",
162 '<p class="error">',$e->getMessage(),' at line ',$e->getXMLLine(),"</p>\n";
163 } catch ( Exception $e ) {
164 $user->userheader();
165 echo '<p class="error">',$e->getMessage(),"</p>\n";
166 }
167 } else {
168 $user->userheader();
169 }
170
171
172 $message = '';
173 if ( !empty($_POST['message_text']) ) {
174 $message = htmlspecialchars($_POST['message_text']);
175 } elseif ( $user->sig ) {
176 $message = "\n".htmlspecialchars($user->sig);
177 }
178
179 if ( isset($messageid) ) {
180 echo '<form action="post?message=',$messageid,'" method="post">';
181 } elseif ( isset($topic) ) {
182 echo '<form action="post?topic=',$topicid,'" method="post">';
183 } else {
184 echo '<form action="post?board=',$boardid,'" method="post">',"\n",
185 ' <fieldset><legend>Topic <small>(Max. ',TOPIC_MAX_LENGTH,' chars)</small></legend>',"\n",
186 ' <input type="text" name="topic_title" maxlength="',TOPIC_MAX_LENGTH,'" size="80"',
187 ( !empty($topic_title) ? ' value="'.$topic_title.'"' : '' ),"/>\n",
188 " </fieldset>\n";
189 }
190
191 if ( empty($_POST['html']) ) {
192 $_POST['html'] = '';
193 }
194
195 $html = new form_select('html', 3, $_POST['html']);
196 if ( $user->has_priv('html') ) {
197 $html->add_item('all', 'All');
198 }
199 $html->add_item('normal', 'Normal');
200 $html->add_item('none', 'Plaintext');
201 ?>
202 <fieldset><legend>Message <small>(Max. <?php echo MSG_MAX_LENGTH ?> chars)</small></legend>
203 <textarea rows="15" cols="80" name="message_text" id="messagebox"><?php echo $message; ?></textarea>
204 <fieldset class="content">
205 <button type="submit" name="post" accesskey="p">Post (P)</button>
206 <button type="submit" name="preview" accesskey="r">Preview (R)</button>
207 </fieldset>
208 <fieldset class="content"><legend>Options</legend>
209 <p><label>HTML
210 <?php echo $html->display(); ?></label></p>
211 <p><label>Disable automatic linebreaks
212 <input type="checkbox" name="nobr" id="nobr"<?php if (isset($_POST['nobr'])) echo ' checked="checked"'; ?>/></label></p>
213 </fieldset>
214 <?php if ( ! ($user instanceof authuser) ) { ?>
215 <fieldset class="content"><legend>Login</legend>
216 <p class="notice">You need to be logged in to post.</p>
217 <p><label>Username: <input type="text" name="u"/></label></p>
218 <p><label>Password: <input type="password" name="p"/></label></p>
219 <input type="hidden" name="login" value="post"/>
220 </fieldset>
221 <?php } ?>
222 </fieldset>
223 </form>
224
225 <dl>
226 <dt>Allowed HTML tags <?php if (defined('message::NO_ATTRIBS_YET_SRY')) echo ' <small>(Attributes not supported)</small>'; ?></dt>
227 <dd><?php echo implode(', ', message::$allowed_html); ?></dd>
228 </dl>
229
230 <?php
231 $page->pagefooter();
232 ?>
Special Ops source code from the bad old days, 2nd generation