search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Did something with the DTD thing
[specialops2.git] / post.php
blob99a20d15cfa77957aaa1be5e18f074dc6e7f9d19
1 <?php
2 /**
3 * Message/Topic posting page
4 *
5 * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
6 * @license file://COPYING
7 * @version $Id$
8 */
9
10 $prefetch = array('`points`', '`sig`');
11 require 'con.php';
12
13 $page->title = 'Post Message';
14
15 define('MSG_MIN_LENGTH', 2);
16 define('TOPIC_MIN_LENGTH', 3);
17 define('TOPIC_MAX_LENGTH', 60);
18
19 if ( isset($_GET['message']) ) {
20 $messageid = intval($_GET['message']);
21 $q = $DB->query('SELECT `topicid` FROM `messages` WHERE `messageid` = '.$messageid)->fetch_row();
22
23 if ( !is_array($q) ) {
24 $page->errorfooter('messageid');
25 }
26
27 $topicid = $q[0];
28 $topic = $DB->query('SELECT `topic_title`, `boardid` FROM `topics` WHERE `topicid` = '.$topicid)->fetch_row();
29
30 if ( !is_array($topic) ) {
31 $page->errorfooter('topicid');
32 }
33
34 $boardid = $topic[1];
35 } else {
36 $boardid = intval($_GET['board']);
37 }
38
39 $board = $DB->query('SELECT `board_name`, `view_restrict`, `post_restrict` FROM `boards` WHERE `boardid` = '.$boardid)->fetch_row();
40
41 if ( !is_array($board) ) { // This board doesn't exist
42 $page->errorfooter('boardid');
43 }
44 if ( ! $user->has_priv('viewboard', $board[1]) ) { // Not allowed to view board
45 $page->errorfooter('level', $board[2]);
46 }
47
48 // Can view board, so link to it
49 $page->nav['Topic List: '.$board[0]] = 'topiclist?'.$boardid;
50 if ( isset($topicid) ) {
51 $page->nav['Message List: '.$topic[0]] = 'messagelist?'.$topicid;
52 }
53
54 if ( isset($_GET['board']) && ! $user->has_priv('posttopic', $board[2]) ) { // Not allowed to post topics here
55 $page->errorfooter('level', $board[1]);
56 }
57 if ( ! $user->has_priv('postmessage', $board[2]) ) { // Not allowed to reply either
58 $page->errorfooter('level', $board[1]);
59 }
60
61
62 /**
63 * Selectbox for HTML formatting
64 */
65 $html_options = new HTML_Select('html', 3);
66 $html_options->add_item('Message_PCRE', 'Default');
67 $html_options->add_item('Message_Plaintext', 'Plaintext');
68 if ( $user->has_priv('html') ) {
69 $html_options->add_item('Message_XML', 'Full XHTML');
70 }
71 $html_options->set_default('Message_PCRE');
72
73 switch ( $user->msglist_style ) {
74 case Messagestyle_Frozenoven::ID:
75 $mo = new Messagestyle_Frozenoven; break;
76 case Messagestyle_IRC::ID:
77 $mo = new Messagestyle_IRC; break;
78 case Messagestyle_Plain::ID:
79 default:
80 $mo = new Messagestyle_Plain;
81 }
82 define('HERE', $_SERVER['REQUEST_URI']);
83
84 /* Form submit code */
85 if ( isset($_POST['post']) || isset($_POST['preview']) ) {
86
87 if ( isset($_POST['html']) ) {
88 $html_options->check_value($_POST['html']);
89 $html_options->set_default($_POST['html']);
90 }
91
92 try {
93 if ( !isset($topic) ) {
94 $topic_title = trim(htmlspecialchars($_POST['topic_title']));
95 }
96
97 $message = new $html_options->default(trim($_POST['message_text']));
98 $message->validate();
99
100 if ( strlen($message->getOutput()) < MSG_MIN_LENGTH ) {
101 throw new LengthException('Your message is %d character(s) too short.', MSG_MIN_LENGTH - strlen($message->getOutput()));
102 }
103
104 if ( !isset($topic) ) {
105 $t = strlen($topic_title);
106 if ( $t < TOPIC_MIN_LENGTH ) {
107 throw new LengthException('Your topic title is %d character(s) too short.', TOPIC_MIN_LENGTH - $t);
108 }
109 if ( $t > TOPIC_MAX_LENGTH ) {
110 throw new LengthException('Your topic title is %d character(s) too long.', $t - TOPIC_MAX_LENGTH);
111 }
112 if ( $DB->query('SELECT COUNT(*) AS `c` FROM `topics`
113 WHERE `topic_title` = '.$DB->string($topic_title).'
114 AND `boardid` = '.$boardid)->fetch_object()->c ) {
115 throw new RateLimitException('A topic with that name already exists.');
116 }
117 }
118
119 if ( isset($_POST['post']) ) {
120 if ( ! ($user instanceof User_Authenticated) ) {
121 throw new Exception('¬_¬');
122 }
123
124 $DB->autocommit(false);
125
126 if ( !isset($topic) ) {
127 $DB->query('INSERT INTO `topics` (`topic_title`, `boardid`, `userid`)
128 VALUES ('.$DB->string($topic_title).', '.$boardid.', @userid )');
129 $topicid = $DB->insert_id;
130 $user->points += 2;
131 } else {
132 $user->points++;
133 }
134
135 if ( !isset($messageid) ) {
136 $messageid = 'NULL';
137 }
138
139 $DB->query('INSERT INTO `messages` (`topicid`, `replyto`, `userid`, `mtime`, `origin_ip`)
140 VALUES ('.$topicid.', '.$messageid.',
141 @userid, UNIX_TIMESTAMP(), INET_ATON("'.$_SERVER['REMOTE_ADDR'].'") )');
142 $newmsg = $DB->insert_id;
143
144 $DB->query('UPDATE `topics` SET `lastpost` = LAST_INSERT_ID() WHERE `topicid` = '.$topicid);
145 $DB->query('INSERT INTO `message-data` (`messageid`, `mtext`)
146 VALUES(LAST_INSERT_ID(), '.$DB->string($message->getOutput()).')');
147
148 $DB->commit();
149
150 $r = 'topiclist?'.$boardid;
151 if ( isset($topicid) ) {
152 $r = 'messagelist?'.$topicid.'#m'.$newmsg;
153 }
154
155 header('HTTP/1.1 303 See Other');
156 header('Location: http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['REQUEST_URI']).'/'.$r);
157 $page->pageheader();
158 echo "<p class='notice'>Message posted.</p>\n";
159 $page->pagefooter();
160
161 } elseif ( isset($_POST['preview']) ) {
162 $user->userheader();
163 echo '<fieldset class="',get_class($mo),'"><legend>Message Preview</legend>',"\n",
164 ( isset($topic_title) ? '<h2>'.$topic_title."</h2>\n" : '' );
165 $mo->display(array(
166 'userid' => $user->userid,
167 'alias' => $user->alias,
168 'mtime' => time(),
169 'mtext' => $message->getOutput(),
170 'replyto' => null,
171 'score' => 0,
172 'marks' => 0,
173 'messageid' => null,
174 'ip' => $_SERVER['REMOTE_ADDR']
175 ));
176 echo "</fieldset>\n";
177 }
178 } catch ( LengthException $e ) {
179 $user->userheader();
180 echo '<p class="error">',sprintf($e->getMessage(), $e->getCode()),"</p>\n";
181 } catch ( InvalidInputException $e ) {
182 $user->userheader();
183 echo '<p class="error">Your message contains one or more formatting errors (the first error is shown):</p>',"\n",
184 '<p class="error">',$e->getMessage(),' at line ',$e->getCode(),"</p>\n";
185 } catch ( Exception $e ) {
186 $user->userheader();
187 echo '<p class="error">',$e->getMessage(),"</p>\n";
188 }
189 } else {
190 $user->userheader();
191 }
192
193 // I have no idea what's going on here
194 $message = strpos($_SERVER['HTTP_USER_AGENT'], 'KHTML') ? "\n" : '';
195 if ( !empty($_POST['message_text']) ) {
196 $message = htmlspecialchars($_POST['message_text']);
197 } elseif ( $user->sig ) {
198 $message .= "\n".htmlspecialchars($user->sig);
199 }
200
201 if ( isset($messageid) ) {
202 echo '<fieldset class="',get_class($mo),'"><legend>Replying to:</legend>',"\n";
203 $mo->display($DB->query('SELECT `messages`.`userid`, `alias`, `mtime`, `mtext`, `replyto`,
204 `score`, `marks`, `messages`.`messageid`, INET_NTOA(`origin_ip`) AS `ip`
205 FROM `message-data`
206 NATURAL LEFT JOIN `messages`
207 NATURAL LEFT JOIN `users`
208 WHERE `messageid` = '.$messageid)->fetch_assoc());
209 echo "</fieldset>\n",
210 '<form action="post?message=',$messageid,'" method="post">';
211 } else {
212 echo '<form action="post?board=',$boardid,'" method="post">',"\n",
213 ' <fieldset><legend>Topic <small>(Max. ',TOPIC_MAX_LENGTH," chars)</small></legend>\n",
214 ' <input type="text" name="topic_title" maxlength="',TOPIC_MAX_LENGTH,'" size="80"',
215 ( !empty($topic_title) ? ' value="'.$topic_title.'"' : '' ),' tabindex="1"/>',"\n",
216 " </fieldset>\n";
217 }
218 ?>
219 <fieldset><legend>Message</legend>
220 <textarea rows="15" cols="60" name="message_text" id="messagebox" tabindex="2"><?php echo $message; ?></textarea>
221 <fieldset class="content">
222 <?php if ( ! ($user instanceof User_Authenticated) ) { ?>
223 <p class="notice">You need to be logged in to post.</p>
224 <p><label>Username: <input name="u" tabindex="3" type="text"/></label></p>
225 <p><label>Password: <input name="p" tabindex="4" type="password"/></label></p>
226 <input type="hidden" name="login" value="post"/>
227 <?php } ?>
228 <button type="submit" accesskey="p" tabindex="5" name="post">Post (P)</button>
229 <button type="submit" accesskey="r" tabindex="6" name="preview">Preview (R)</button>
230 <p><label>HTML Formatting: <?php echo $html_options->display(); ?></label></p>
231 </fieldset>
232 </fieldset>
233 </form>
234
235 <?php
236 $page->pagefooter();
237 ?>
Special Ops source code from the bad old days, 2nd generation