search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Cleaned up the user classes and page class a bit
[specialops2.git] / post.php
blob88e3f8faf95f493b611b6cccbb8db4baa9a3b8fe
1 <?php
2 // $Id$
3
4 $prefetch = array('`points`', '`sig`');
5 require 'con.php';
6 $page->title = 'Post Message';
7
8 define('MSG_MIN_LENGTH', 3);
9 define('MSG_MAX_LENGTH', 10000);
10 define('TOPIC_MIN_LENGTH', 3);
11 define('TOPIC_MAX_LENGTH', 60);
12
13 if ( isset($_GET['message']) ) {
14 $messageid = intval($_GET['message']);
15 $q = $DB->query('SELECT `topicid` FROM `messages` WHERE `messageid` = '.$messageid)->fetch_row();
16
17 if ( !is_array($q) )
18 $page->errorfooter('messageid');
19
20 $topicid = $q[0];
21 $topic = $DB->query('SELECT `topic_title`, `boardid` FROM `topics` WHERE `topicid` = '.$topicid)->fetch_row();
22
23 if ( !is_array($topic) )
24 $page->errorfooter('topicid');
25
26 $boardid = $topic[1];
27 } elseif ( isset($_GET['topic']) ) {
28 $topicid = intval($_GET['topic']);
29 $topic = $DB->query('SELECT `topic_title`, `boardid` FROM `topics` WHERE `topicid` = '.$topicid)->fetch_row();
30
31 if ( !is_array($topic) )
32 $page->errorfooter('topicid');
33
34 $boardid = $topic[1];
35 } else
36 $boardid = intval($_GET['board']);
37
38 $board = $DB->query('SELECT `board_name`, `topic_level`, `post_level` FROM `boards`
39 WHERE `boardid` = '.$boardid)->fetch_row();
40
41 // Nonexistent board id
42 if ( !is_array($board) )
43 $page->errorfooter('boardid');
44
45 // Access control
46 if ( $board[2] > $user->level )
47 $page->errorfooter('level', $board[2]);
48
49 // If this is a real board and they're allowed in add the links
50 $page->nav['Topic List: '.$board[0]] = 'topiclist?'.$boardid;
51 if ( isset($topicid) )
52 $page->nav['Message List: '.$topic[0]] = 'messagelist?'.$topicid;
53
54 $user->userheader();
55
56 // Topic post level
57 if ( isset($_GET['board']) && $board[1] > $user->level )
58 $page->errorfooter('level', $board[1]);
59
60 // Waste their time even more
61 if ( ! ($user instanceof authuser) )
62 $page->errorfooter('login');
63
64 /* Form submit code */
65 if ( isset($_POST['post']) || isset($_POST['preview']) ) {
66
67 if ( 'none' === $_POST['html'] )
68 $html_type = message::M_HTML_NONE;
69 elseif ( LVL_ADMIN <= $user->level && 'all' === $_POST['html'] )
70 $html_type = message::M_HTML_ALL;
71 else
72 $html_type = message::M_HTML_FILTERED;
73
74 if ( isset($_POST['nobr']) )
75 $html_type |= message::M_NO_NEWLINES;
76
77 try {
78 $message = new message($_POST['message_text'], $html_type);
79 if ( !isset($topic) )
80 $topic_title = trim(htmlspecialchars($_POST['topic_title']));
81
82 if ( ($m = strlen(trim(strip_tags($message->output)))) < MSG_MIN_LENGTH )
83 throw new LengthException('Your message is %d characters too short.', MSG_MIN_LENGTH - $m);
84 if ( ($m = strlen($message->output)) > MSG_MAX_LENGTH )
85 throw new LengthException('Your message is %d characters too long.', $m - MSG_MAX_LENGTH);
86
87 if ( !isset($topic) ) {
88 $t = strlen($topic_title);
89 if ( $t < TOPIC_MIN_LENGTH )
90 throw new LengthException('Your topic title is %d characters too short.', TOPIC_MIN_LENGTH - $t);
91 if ( $t > TOPIC_MAX_LENGTH )
92 throw new LengthException('Your topic title is %d characters too long.', $t - TOPIC_MAX_LENGTH);
93 if ( $DB->query('SELECT COUNT(*) AS `c` FROM `topics`
94 WHERE `topic_title` = \''.$DB->escape_string($topic_title).'\'
95 AND `boardid` = '.$boardid)->fetch_object()->c )
96 throw new InvalidInputException('A topic with that name already exists.');
97 }
98
99 if ( isset($_POST['post']) ) {
100 $DB->query('START TRANSACTION');
101
102 if ( !isset($topic) ) {
103 $DB->query('INSERT INTO `topics` (`topic_title`, `boardid`, `userid`)
104 VALUES (
105 \''.$DB->escape_string($topic_title).'\',
106 '.$boardid.',
107 @userid
108 )');
109 $topicid = $DB->insert_id;
110 $user->points += 2;
111 }
112 else
113 $user->points++;
114
115 if ( !isset($messageid) )
116 $messageid = 'NULL';
117
118 $DB->query('INSERT INTO `messages` (`topicid`, `userid`, `mtime`, `replyto`, `origin_ip`)
119 VALUES (
120 '.$topicid.',
121 @userid,
122 UNIX_TIMESTAMP(),
123 '.$messageid.',
124 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
125 )');
126 $DB->query('UPDATE `topics` SET `lastpost` = LAST_INSERT_ID() WHERE `topicid` = '.$topicid);
127 $DB->query('INSERT INTO `message-data` (`messageid`, `mtext`)
128 VALUES (
129 LAST_INSERT_ID(),
130 \''.$DB->escape_string($message->output).'\'
131 )');
132 $DB->commit();
133
134 $r = 'topiclist?'.$boardid;
135 if ( isset($topicid) )
136 $r = 'messagelist?'.$topicid;
137
138 echo '<p class="notice">Message Posted. Return to from which you <a href="'.$r.'">came</a>.</p>';
139 $page->pagefooter();
140
141 } elseif ( isset($_POST['preview']) ) {
142 echo '<fieldset><legend>Message Preview</legend>',"\n",
143 ( isset($topic_title) ? '<h2>'.$topic_title."</h2>\n" : '' ),
144 ' <div class="info">From: ',$user->alias,' at ',$user->fdate(time()),"</div>\n",
145 ' <div class="content">',$message->output,"</div>\n",
146 '</fieldset>',"\n";
147 }
148 } catch ( InvalidInputException $e ) {
149 echo '<p class="error">',$e->getMessage(),"</p>\n";
150 } catch ( LengthException $e ) {
151 echo '<p class="error">',sprintf($e->getMessage(), $e->getCode()),"</p>\n";
152 } catch ( InvalidMessageException $e ) {
153 echo '<p class="error">Your message contains formatting errors (only the first error is shown):</p>',"\n",
154 '<p class="error">',$e->getMessage(),' at line ',$e->getXMLLine(),"</p>\n";
155 }
156 } // Form submit
157
158 $message = '';
159 if ( !empty($_POST['message_text']) )
160 $message = htmlspecialchars($_POST['message_text']);
161 elseif ( $user->sig )
162 $message = "\n".htmlspecialchars($user->sig);
163
164 if ( isset($messageid) )
165 echo '<form action="post?message=',$messageid,'" method="post">';
166 elseif ( isset($topic) )
167 echo '<form action="post?topic=',$topicid,'" method="post">';
168 else
169 echo '<form action="post?board=',$boardid,'" method="post">',"\n",
170 ' <fieldset class="content"><legend>Topic</legend>',"\n",
171 ' <input type="text" name="topic_title" maxlength="',TOPIC_MAX_LENGTH,'" size="80"',
172 ( !empty($topic_title) ? ' value="'.$topic_title.'"' : '' ),"/>\n",
173 " </fieldset>\n";
174
175 if ( empty($_POST['html']) )
176 $_POST['html'] = '';
177
178 $html = new form_select('html', 3, $_POST['html']);
179 if ( $user->level >= LVL_ADMIN )
180 $html->add_item('all', 'All');
181 $html->add_item('normal', 'Normal');
182 $html->add_item('none', 'Plaintext');
183 ?>
184 <fieldset class="content"><legend>Message</legend>
185 <textarea rows="15" cols="80" name="message_text" id="messagebox"><?php echo $message ?></textarea>
186 <button type="submit" name="post" value="post" accesskey="p">Post (P)</button>
187 <button type="submit" name="preview" value="preview" accesskey="r">Preview (R)</button>
188 <fieldset><legend>Options</legend>
189 <label for="html">HTML</label>
190 <?php echo $html->display(); ?><br/>
191 <label for="nobr">Disable automatic linebreaks</label>
192 <input type="checkbox" name="nobr" id="nobr"<?php if ( isset($_POST['nobr']) ) echo ' checked="checked"' ?>/>
193 </fieldset>
194 </fieldset>
195 </form>
196
197 <dl>
198 <dt>Default HTML allowed (no attributes):</dt>
199 <dd><?php echo implode(', ', message::$allowed_html); ?></dd>
200 </dl>
201
202 <?php
203 $page->pagefooter();
204 ?>
Special Ops source code from the bad old days, 2nd generation