search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
aagh
[specialops2.git] / post.php
blobd87764dcfc7143a75e93a43b9ce229dc61b31164
1 <?php
2 // $Id$
3
4 $prefetch = array('`points`');
5 require 'con.php';
6 $page->title = _('Post Message');
7
8 define('MSG_MIN_LENGTH', 3);
9 define('MSG_MAX_LENGTH', 10000);
10 define('TOPIC_MIN_LENGTH', 3);
11 define('TOPIC_MAX_LENGTH', 60);
12
13 if ( isset($_GET['message']) ) {
14 $messageid = intval($_GET['message']);
15 $q = $DB->query('SELECT `topicid` FROM `messages` WHERE `messageid` = '.$messageid)->fetch_row();
16
17 if ( !is_array($q) )
18 $page->errorfooter('messageid');
19
20 $topicid = $q[0];
21 $topic = $DB->query('SELECT `topic_title`, `boardid` FROM `topics` WHERE `topicid` = '.$topicid)->fetch_row();
22
23 if ( !is_array($topic) )
24 $page->errorfooter('topicid');
25
26 $boardid = $topic[1];
27 } elseif ( isset($_GET['topic']) ) {
28 $topicid = intval($_GET['topic']);
29 $topic = $DB->query('SELECT `topic_title`, `boardid` FROM `topics` WHERE `topicid` = '.$topicid)->fetch_row();
30
31 if ( !is_array($topic) )
32 $page->errorfooter('topicid');
33
34 $boardid = $topic[1];
35 } else
36 $boardid = intval($_GET['board']);
37
38 $board = $DB->query('SELECT `board_name`, `topic_level`, `post_level` FROM `boards` WHERE `boardid` = '.$boardid)->fetch_row();
39
40 // Nonexistent board id
41 if ( !is_array($board) ) {
42 $page->errorfooter('boardid');
43 }
44
45 // Access control
46 if ( $board[2] > $user->level ) {
47 $page->errorfooter('level', $board[2]);
48 }
49
50 // If this is a real board and they're allowed in add the links
51 $page->nav[_('Topic List').': '.$board[0]] = 'topiclist?board='.$boardid;
52 if ( isset($topicid) )
53 $page->nav[_('Message List').': '.$topic[0]] = 'messagelist?topic='.$topicid;
54
55 $user->userheader();
56
57 // Topic post level
58 if ( isset($_GET['board']) && $board[1] > $user->level )
59 $page->errorfooter('level', $board[1]);
60
61 // Waste their time even more
62 if ( ! ($user instanceof authuser) )
63 $page->errorfooter('login');
64
65 /* Form submit handler */
66 if ( isset($_POST['post']) || isset($_POST['preview']) ) {
67
68 if ( 'none' === $_POST['html'] )
69 $html_type = message::M_HTML_NONE;
70 elseif ( LVL_ADMIN <= $user->level && 'all' === $_POST['html'] )
71 $html_type = message::M_HTML_ALL;
72 else
73 $html_type = message::M_HTML_FILTERED;
74 if ( isset($_POST['nobr']) )
75 $html_type |= message::M_NO_NEWLINES;
76
77 try {
78 $message = new message($_POST['message_text'], $html_type);
79 if ( !isset($topic) )
80 $topic_title = trim(htmlspecialchars($_POST['topic_title']));
81
82 if ( ($m = strlen(trim(strip_tags($message->output)))) < MSG_MIN_LENGTH )
83 throw new LengthException(ngettext('Your message is %d character too short.',
84 'Your message is %d characters too short.', MSG_MIN_LENGTH - $m), MSG_MIN_LENGTH - $m);
85 if ( ($m = strlen($message->output)) > MSG_MAX_LENGTH )
86 throw new LengthException(ngettext('Your message is %d character too long.',
87 'Your message is %d characters too long.', $m - MSG_MAX_LENGTH), $m - MSG_MAX_LENGTH);
88
89 if ( !isset($topic) ) {
90 $t = strlen($topic_title);
91 if ( $t < TOPIC_MIN_LENGTH )
92 throw new LengthException(ngettext('Your topic title is %d character too short.',
93 'Your topic title is %d characters too short.', TOPIC_MIN_LENGTH - $t), TOPIC_MIN_LENGTH - $t);
94 if ( $t > TOPIC_MAX_LENGTH )
95 throw new LengthException(ngettext('Your topic title is %d character too long.',
96 'Your topic title is %d characters too long.', $t - TOPIC_MAX_LENGTH), $t - TOPIC_MAX_LENGTH);
97 if ( $DB->query('SELECT COUNT(*) AS `c` FROM `topics`
98 WHERE `topic_title` = \''.$DB->escape_string($topic_title).'\' AND `boardid` = '.$boardid)->fetch_object()->c )
99 throw new InvalidInputException(_('A topic with that name already exists.'));
100 }
101
102 if ( isset($_POST['post']) ) {
103 $DB->query('START TRANSACTION');
104
105 if ( !isset($topic) ) {
106 $DB->query('INSERT INTO `topics` (`topic_title`, `boardid`, `userid`) VALUES (
107 \''.$DB->escape_string($topic_title).'\', '.$boardid.', '.$user->userid.')');
108 $topicid = $DB->insert_id;
109 $user->points += 2;
110 }
111 else
112 $user->points++;
113
114 if ( !isset($messageid) )
115 $messageid = 'NULL';
116
117 $DB->query('INSERT INTO `messages` (`topicid`, `userid`, `mtime`, `replyto`, `origin_ip`) VALUES
118 ('.$topicid.', '.$user->userid.', UNIX_TIMESTAMP(), '.$messageid.', INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\'))');
119 $DB->query('UPDATE `topics` SET `lastpost` = LAST_INSERT_ID() WHERE `topicid` = '.$topicid);
120 $DB->query('INSERT INTO `message-data` (`messageid`, `mtext`) VALUES (LAST_INSERT_ID(), \''.$DB->escape_string($message->output).'\')');
121 $DB->commit();
122
123 $r = 'topiclist?board='.$boardid;
124 if ( isset($topicid) )
125 $r = 'messagelist?topic='.$topicid;
126
127 $page->footer('<div class="notice">'._(sprintf('Message Posted. Return to from which you <a href="%s">came</a>.', $r)).'</div>');
128
129 } elseif ( isset($_POST['preview']) ) {
130 echo
131 '<fieldset><legend>',_('Message Preview'),"</legend>\n",
132 ( isset($topic_title) ? '<h2>'.$topic_title."</h2>\n" : '' ),
133 '<div class="info">',_('From: '),$user->alias,_(' at '),$user->fdate(time()),"</div>\n",
134 '<div class="content">',$message->output,"</div>\n",
135 '</fieldset>',"\n";
136 }
137 } catch ( InvalidInputException $e ) {
138 echo '<div class="error">',$e->getMessage(),"</div>\n";
139 } catch ( LengthException $e ) {
140 echo '<div class="error">',sprintf($e->getMessage(), $e->getCode()),"</div>\n";
141 } catch ( InvalidMessageException $e ) {
142 echo
143 '<div class="error">',_('Your message contains formatting errors (only the first error is shown):'),"</div>\n",
144 '<div class="error">',$e->getMessage(),_(' at line '),$e->getXMLLine(),"</div>\n";
145 }
146 } //Form submit
147
148 $message = '';
149 if ( !empty($_POST['message_text']) )
150 $message = htmlspecialchars($_POST['message_text']);
151 elseif ( $user->sig )
152 $message = "\n".htmlspecialchars($user->sig);
153
154 if ( isset($messageid) )
155 echo '<form action="post?message=',$messageid,'" method="post">';
156 elseif ( isset($topic) )
157 echo '<form action="post?topic=',$topicid,'" method="post">';
158 else
159 echo
160 '<form action="post?board=',$boardid,'" method="post">
161 <fieldset class="content"><legend>',_('Topic'),'</legend>
162 <input type="text" name="topic_title" id="topicbox" maxlength="',TOPIC_MAX_LENGTH,'" size="80"',
163 ( !empty($topic_title) ? ' value="'.$topic_title.'"' : '' ),"/>\n",
164 "</fieldset>\n";
165
166 if ( empty($_POST['html']) )
167 $_POST['html'] = '';
168
169 $html = new form_select('html', 3, $_POST['html']);
170 if ( $user->level >= LVL_ADMIN )
171 $html->add_item('all', _('All HTML'));
172 $html->add_item('normal', _('Safe HTML'));
173 $html->add_item('none', _('Plaintext'));
174 ?>
175 <fieldset class="content"><legend><?php echo _('Message'); ?></legend>
176 <textarea rows="15" cols="80" name="message_text" id="messagebox"><?php echo $message ?></textarea>
177 <button type="submit" name="post" value="post" accesskey="p"><?php echo _('Post'); ?> (P)</button>
178 <button type="submit" name="preview" value="preview" accesskey="r"><?php echo _('Preview'); ?> (R)</button>
179 <fieldset>
180 <legend><?php echo _('Options'); ?></legend>
181 <label for="html"><?php echo _('HTML'); ?></label>
182 <?php echo $html->display(); ?><br/>
183 <label for="nobr"><?php echo _('Disable automatic linebreaks'); ?></label>
184 <input type="checkbox" name="nobr" id="nobr"<?php if ( isset($_POST['nobr']) ) echo ' checked="checked"' ?>/>
185 </fieldset>
186 </fieldset>
187 </form>
188
189 <div class="info"><?php
190 $tags = implode(', ', message::$allowed_html);
191 echo _('Default HTML tags allowed'),': ',$tags; //Strip off trailing comma
192 ?></div>
193
194 <?php
195 $page->pagefooter();
196 ?>
Special Ops source code from the bad old days, 2nd generation