4 $prefetch = array('`points`');
6 $page->title
= 'Post Message';
8 define('MSG_MIN_LENGTH', 3);
9 define('MSG_MAX_LENGTH', 10000);
10 define('TOPIC_MIN_LENGTH', 3);
11 define('TOPIC_MAX_LENGTH', 60);
13 if ( isset($_GET['message']) ) {
14 $messageid = intval($_GET['message']);
15 $q = $DB->query('SELECT `topicid` FROM `messages` WHERE `messageid` = '.$messageid)->fetch_row();
18 $page->errorfooter('messageid');
21 $topic = $DB->query('SELECT `topic_title`, `boardid` FROM `topics` WHERE `topicid` = '.$topicid)->fetch_row();
23 if ( !is_array($topic) )
24 $page->errorfooter('topicid');
27 } elseif ( isset($_GET['topic']) ) {
28 $topicid = intval($_GET['topic']);
29 $topic = $DB->query('SELECT `topic_title`, `boardid` FROM `topics` WHERE `topicid` = '.$topicid)->fetch_row();
31 if ( !is_array($topic) )
32 $page->errorfooter('topicid');
36 $boardid = intval($_GET['board']);
38 $board = $DB->query('SELECT `board_name`, `topic_level`, `post_level` FROM `boards` WHERE `boardid` = '.$boardid)->fetch_row();
40 // Nonexistent board id
41 if ( !is_array($board) ) {
42 $page->errorfooter('boardid');
46 if ( $board[2] > $user->level
) {
47 $page->errorfooter('level', $board[2]);
50 // If this is a real board and they're allowed in add the links
51 $page->nav
['Topic List: '.$board[0]] = 'topiclist?board='.$boardid;
52 if ( isset($topicid) )
53 $page->nav
['Message List: '.$topic[0]] = 'messagelist?topic='.$topicid;
58 if ( isset($_GET['board']) && $board[1] > $user->level
)
59 $page->errorfooter('level', $board[1]);
61 // Waste their time even more
62 if ( ! ($user instanceof authuser
) )
63 $page->errorfooter('login');
65 /* Form submit handler */
66 if ( isset($_POST['post']) ||
isset($_POST['preview']) ) {
68 if ( 'none' === $_POST['html'] )
69 $html_type = message
::M_HTML_NONE
;
70 elseif ( LVL_ADMIN
<= $user->level
&& 'all' === $_POST['html'] )
71 $html_type = message
::M_HTML_ALL
;
73 $html_type = message
::M_HTML_FILTERED
;
74 if ( isset($_POST['nobr']) )
75 $html_type |
= message
::M_NO_NEWLINES
;
78 $message = new message($_POST['message_text'], $html_type);
80 $topic_title = trim(htmlspecialchars($_POST['topic_title']));
82 if ( ($m = strlen(trim(strip_tags($message->output
)))) < MSG_MIN_LENGTH
)
83 throw new LengthException('Your message is %d characters too short.', MSG_MIN_LENGTH
- $m);
84 if ( ($m = strlen($message->output
)) > MSG_MAX_LENGTH
)
85 throw new LengthException('Your message is %d characters too long.', $m - MSG_MAX_LENGTH
);
87 if ( !isset($topic) ) {
88 $t = strlen($topic_title);
89 if ( $t < TOPIC_MIN_LENGTH
)
90 throw new LengthException('Your topic title is %d characters too short.', TOPIC_MIN_LENGTH
- $t);
91 if ( $t > TOPIC_MAX_LENGTH
)
92 throw new LengthException('Your topic title is %d characters too long.', $t - TOPIC_MAX_LENGTH
);
93 if ( $DB->query('SELECT COUNT(*) AS `c` FROM `topics`
94 WHERE `topic_title` = \''.$DB->escape_string($topic_title).'\'
95 AND `boardid` = '.$boardid)->fetch_object()->c
)
96 throw new InvalidInputException('A topic with that name already exists.');
99 if ( isset($_POST['post']) ) {
100 $DB->query('START TRANSACTION');
102 if ( !isset($topic) ) {
103 $DB->query('INSERT INTO `topics` (`topic_title`, `boardid`, `userid`) VALUES (
104 \''.$DB->escape_string($topic_title).'\', '.$boardid.', @userid)');
105 $topicid = $DB->insert_id
;
111 if ( !isset($messageid) )
114 $DB->query('INSERT INTO `messages` (`topicid`, `userid`, `mtime`, `replyto`, `origin_ip`) VALUES (
119 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\')
121 $DB->query('UPDATE `topics` SET `lastpost` = LAST_INSERT_ID() WHERE `topicid` = '.$topicid);
122 $DB->query('INSERT INTO `message-data` (`messageid`, `mtext`) VALUES (
124 \''.$DB->escape_string($message->output
).'\'
128 $r = 'topiclist?board='.$boardid;
129 if ( isset($topicid) )
130 $r = 'messagelist?topic='.$topicid;
132 $page->footer('<p class="notice">Message Posted. Return to from which you <a href="'.$r.'">came</a>.</p>');
134 } elseif ( isset($_POST['preview']) ) {
136 '<fieldset><legend>Message Preview</legend>',"\n",
137 ( isset($topic_title) ?
'<h2>'.$topic_title."</h2>\n" : '' ),
138 '<div class="info">From: ',$user->alias
,' at ',$user->fdate(time()),"</div>\n",
139 '<div class="content">',$message->output
,"</div>\n",
142 } catch ( InvalidInputException
$e ) {
143 echo '<div class="error">',$e->getMessage(),"</div>\n";
144 } catch ( LengthException
$e ) {
145 echo '<div class="error">',sprintf($e->getMessage(), $e->getCode()),"</div>\n";
146 } catch ( InvalidMessageException
$e ) {
148 '<div class="error">Your message contains formatting errors (only the first error is shown):</div>',"\n",
149 '<div class="error">',$e->getMessage(),' at line ',$e->getXMLLine(),"</div>\n";
154 if ( !empty($_POST['message_text']) )
155 $message = htmlspecialchars($_POST['message_text']);
156 elseif ( $user->sig
)
157 $message = "\n".htmlspecialchars($user->sig
);
159 if ( isset($messageid) )
160 echo '<form action="post?message=',$messageid,'" method="post">';
161 elseif ( isset($topic) )
162 echo '<form action="post?topic=',$topicid,'" method="post">';
165 '<form action="post?board=',$boardid,'" method="post">
166 <fieldset class="content"><legend>Topic</legend>
167 <input type="text" name="topic_title" id="topicbox" maxlength="',TOPIC_MAX_LENGTH
,'" size="80"',
168 ( !empty($topic_title) ?
' value="'.$topic_title.'"' : '' ),"/>\n",
171 if ( empty($_POST['html']) )
174 $html = new form_select('html', 3, $_POST['html']);
175 if ( $user->level
>= LVL_ADMIN
)
176 $html->add_item('all', 'All HTML');
177 $html->add_item('normal', 'Safe HTML');
178 $html->add_item('none', 'Plaintext');
180 <fieldset
class="content"><legend
><?php
echo _('Message'); ?
></legend
>
181 <textarea rows
="15" cols
="80" name
="message_text" id
="messagebox"><?php
echo $message ?
></textarea
>
182 <button type
="submit" name
="post" value
="post" accesskey
="p"><?php
echo _('Post'); ?
> (P
)</button
>
183 <button type
="submit" name
="preview" value
="preview" accesskey
="r"><?php
echo _('Preview'); ?
> (R
)</button
>
185 <legend
>Options
</legend
>
186 <label
for="html">HTML
</label
>
187 <?php
echo $html->display(); ?
><br
/>
188 <label
for="nobr">Disable automatic linebreaks
</label
>
189 <input type
="checkbox" name
="nobr" id
="nobr"<?php
if ( isset($_POST['nobr']) ) echo ' checked="checked"' ?
>/>
194 <div
class="info">Default HTML tags allowed
: <?php
echo implode(', ', message
::$allowed_html); ?
></div
>