PageRenderTime 58ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 1ms

/phpBB/posting.php

https://github.com/erikfrerejean/phpbb3
PHP | 1633 lines | 1247 code | 258 blank | 128 comment | 587 complexity | bccb8fba2c0eebfe22c3649a70eb47b0 MD5 | raw file
Possible License(s): AGPL-1.0

Large files files are truncated, but you can click here to view the full file

  1. <?php
  2. /**
  3. *
  4. * @package phpBB3
  5. * @version $Id$
  6. * @copyright (c) 2005 phpBB Group
  7. * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  8. *
  9. */
  10. /**
  11. * @ignore
  12. */
  13. define('IN_PHPBB', true);
  14. $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
  15. $phpEx = substr(strrchr(__FILE__, '.'), 1);
  16. include($phpbb_root_path . 'common.' . $phpEx);
  17. include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
  18. include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
  19. include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
  20. // Start session management
  21. $user->session_begin();
  22. $auth->acl($user->data);
  23. // Grab only parameters needed here
  24. $post_id = request_var('p', 0);
  25. $topic_id = request_var('t', 0);
  26. $forum_id = request_var('f', 0);
  27. $draft_id = request_var('d', 0);
  28. $lastclick = request_var('lastclick', 0);
  29. $submit = (isset($_POST['post'])) ? true : false;
  30. $preview = (isset($_POST['preview'])) ? true : false;
  31. $save = (isset($_POST['save'])) ? true : false;
  32. $load = (isset($_POST['load'])) ? true : false;
  33. $delete = (isset($_POST['delete'])) ? true : false;
  34. $cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
  35. $refresh = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['full_editor']) || isset($_POST['cancel_unglobalise']) || $save || $load) ? true : false;
  36. $mode = ($delete && !$preview && !$refresh && $submit) ? 'delete' : request_var('mode', '');
  37. $error = $post_data = array();
  38. $current_time = time();
  39. // Was cancel pressed? If so then redirect to the appropriate page
  40. if ($cancel || ($current_time - $lastclick < 2 && $submit))
  41. {
  42. $f = ($forum_id) ? 'f=' . $forum_id . '&amp;' : '';
  43. $redirect = ($post_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 'p=' . $post_id) . '#p' . $post_id : (($topic_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 't=' . $topic_id) : (($forum_id) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}index.$phpEx")));
  44. redirect($redirect);
  45. }
  46. if (in_array($mode, array('post', 'reply', 'quote', 'edit', 'delete')) && !$forum_id)
  47. {
  48. trigger_error('NO_FORUM');
  49. }
  50. // We need to know some basic information in all cases before we do anything.
  51. switch ($mode)
  52. {
  53. case 'post':
  54. $sql = 'SELECT *
  55. FROM ' . FORUMS_TABLE . "
  56. WHERE forum_id = $forum_id";
  57. break;
  58. case 'bump':
  59. case 'reply':
  60. if (!$topic_id)
  61. {
  62. trigger_error('NO_TOPIC');
  63. }
  64. // Force forum id
  65. $sql = 'SELECT forum_id
  66. FROM ' . TOPICS_TABLE . '
  67. WHERE topic_id = ' . $topic_id;
  68. $result = $db->sql_query($sql);
  69. $f_id = (int) $db->sql_fetchfield('forum_id');
  70. $db->sql_freeresult($result);
  71. $forum_id = (!$f_id) ? $forum_id : $f_id;
  72. $sql = 'SELECT f.*, t.*
  73. FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
  74. WHERE t.topic_id = $topic_id
  75. AND (f.forum_id = t.forum_id
  76. OR f.forum_id = $forum_id)" .
  77. (($auth->acl_get('m_approve', $forum_id)) ? '' : 'AND t.topic_approved = 1');
  78. break;
  79. case 'quote':
  80. case 'edit':
  81. case 'delete':
  82. if (!$post_id)
  83. {
  84. $user->setup('posting');
  85. trigger_error('NO_POST');
  86. }
  87. // Force forum id
  88. $sql = 'SELECT forum_id
  89. FROM ' . POSTS_TABLE . '
  90. WHERE post_id = ' . $post_id;
  91. $result = $db->sql_query($sql);
  92. $f_id = (int) $db->sql_fetchfield('forum_id');
  93. $db->sql_freeresult($result);
  94. $forum_id = (!$f_id) ? $forum_id : $f_id;
  95. $sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
  96. FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u
  97. WHERE p.post_id = $post_id
  98. AND t.topic_id = p.topic_id
  99. AND u.user_id = p.poster_id
  100. AND (f.forum_id = t.forum_id
  101. OR f.forum_id = $forum_id)" .
  102. (($auth->acl_get('m_approve', $forum_id)) ? '' : 'AND p.post_approved = 1');
  103. break;
  104. case 'smilies':
  105. $sql = '';
  106. generate_smilies('window', $forum_id);
  107. break;
  108. case 'popup':
  109. if ($forum_id)
  110. {
  111. $sql = 'SELECT forum_style
  112. FROM ' . FORUMS_TABLE . '
  113. WHERE forum_id = ' . $forum_id;
  114. }
  115. else
  116. {
  117. upload_popup();
  118. return;
  119. }
  120. break;
  121. default:
  122. $sql = '';
  123. break;
  124. }
  125. if (!$sql)
  126. {
  127. $user->setup('posting');
  128. trigger_error('NO_POST_MODE');
  129. }
  130. $result = $db->sql_query($sql);
  131. $post_data = $db->sql_fetchrow($result);
  132. $db->sql_freeresult($result);
  133. if (!$post_data)
  134. {
  135. if (!($mode == 'post' || $mode == 'bump' || $mode == 'reply'))
  136. {
  137. $user->setup('posting');
  138. }
  139. trigger_error(($mode == 'post' || $mode == 'bump' || $mode == 'reply') ? 'NO_TOPIC' : 'NO_POST');
  140. }
  141. // Not able to reply to unapproved posts/topics
  142. // TODO: add more descriptive language key
  143. if ($auth->acl_get('m_approve', $forum_id) && ((($mode == 'reply' || $mode == 'bump') && !$post_data['topic_approved']) || ($mode == 'quote' && !$post_data['post_approved'])))
  144. {
  145. trigger_error(($mode == 'reply' || $mode == 'bump') ? 'TOPIC_UNAPPROVED' : 'POST_UNAPPROVED');
  146. }
  147. if ($mode == 'popup')
  148. {
  149. upload_popup($post_data['forum_style']);
  150. return;
  151. }
  152. $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
  153. if ($config['enable_post_confirm'] && !$user->data['is_registered'])
  154. {
  155. include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
  156. $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
  157. $captcha->init(CONFIRM_POST);
  158. }
  159. // Use post_row values in favor of submitted ones...
  160. $forum_id = (!empty($post_data['forum_id'])) ? (int) $post_data['forum_id'] : (int) $forum_id;
  161. $topic_id = (!empty($post_data['topic_id'])) ? (int) $post_data['topic_id'] : (int) $topic_id;
  162. $post_id = (!empty($post_data['post_id'])) ? (int) $post_data['post_id'] : (int) $post_id;
  163. // Need to login to passworded forum first?
  164. if ($post_data['forum_password'])
  165. {
  166. login_forum_box(array(
  167. 'forum_id' => $forum_id,
  168. 'forum_name' => $post_data['forum_name'],
  169. 'forum_password' => $post_data['forum_password'])
  170. );
  171. }
  172. // Check permissions
  173. if ($user->data['is_bot'])
  174. {
  175. redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
  176. }
  177. // Is the user able to read within this forum?
  178. if (!$auth->acl_get('f_read', $forum_id))
  179. {
  180. if ($user->data['user_id'] != ANONYMOUS)
  181. {
  182. trigger_error('USER_CANNOT_READ');
  183. }
  184. login_box('', $user->lang['LOGIN_EXPLAIN_POST']);
  185. }
  186. // Permission to do the action asked?
  187. $is_authed = false;
  188. switch ($mode)
  189. {
  190. case 'post':
  191. if ($auth->acl_get('f_post', $forum_id))
  192. {
  193. $is_authed = true;
  194. }
  195. break;
  196. case 'bump':
  197. if ($auth->acl_get('f_bump', $forum_id))
  198. {
  199. $is_authed = true;
  200. }
  201. break;
  202. case 'quote':
  203. $post_data['post_edit_locked'] = 0;
  204. // no break;
  205. case 'reply':
  206. if ($auth->acl_get('f_reply', $forum_id))
  207. {
  208. $is_authed = true;
  209. }
  210. break;
  211. case 'edit':
  212. if ($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))
  213. {
  214. $is_authed = true;
  215. }
  216. break;
  217. case 'delete':
  218. if ($user->data['is_registered'] && $auth->acl_gets('f_delete', 'm_delete', $forum_id))
  219. {
  220. $is_authed = true;
  221. }
  222. break;
  223. }
  224. if (!$is_authed)
  225. {
  226. $check_auth = ($mode == 'quote') ? 'reply' : $mode;
  227. if ($user->data['is_registered'])
  228. {
  229. trigger_error('USER_CANNOT_' . strtoupper($check_auth));
  230. }
  231. login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
  232. }
  233. // Is the user able to post within this forum?
  234. if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply')))
  235. {
  236. trigger_error('USER_CANNOT_FORUM_POST');
  237. }
  238. // Forum/Topic locked?
  239. if (($post_data['forum_status'] == ITEM_LOCKED || (isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED)) && !$auth->acl_get('m_edit', $forum_id))
  240. {
  241. trigger_error(($post_data['forum_status'] == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
  242. }
  243. // Can we edit this post ... if we're a moderator with rights then always yes
  244. // else it depends on editing times, lock status and if we're the correct user
  245. if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id))
  246. {
  247. if ($user->data['user_id'] != $post_data['poster_id'])
  248. {
  249. trigger_error('USER_CANNOT_EDIT');
  250. }
  251. if (!($post_data['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time']))
  252. {
  253. trigger_error('CANNOT_EDIT_TIME');
  254. }
  255. if ($post_data['post_edit_locked'])
  256. {
  257. trigger_error('CANNOT_EDIT_POST_LOCKED');
  258. }
  259. }
  260. // Handle delete mode...
  261. if ($mode == 'delete')
  262. {
  263. handle_post_delete($forum_id, $topic_id, $post_id, $post_data);
  264. return;
  265. }
  266. // Handle bump mode...
  267. if ($mode == 'bump')
  268. {
  269. if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id'])
  270. && check_link_hash(request_var('hash', ''), "topic_{$post_data['topic_id']}"))
  271. {
  272. $meta_url = phpbb_bump_topic($forum_id, $topic_id, $post_data, $current_time);
  273. meta_refresh(3, $meta_url);
  274. $message = $user->lang['TOPIC_BUMPED'] . '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $meta_url . '">', '</a>');
  275. $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
  276. trigger_error($message);
  277. }
  278. trigger_error('BUMP_ERROR');
  279. }
  280. // Subject length limiting to 60 characters if first post...
  281. if ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_data['post_id']))
  282. {
  283. $template->assign_var('S_NEW_MESSAGE', true);
  284. }
  285. // Determine some vars
  286. if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS)
  287. {
  288. $post_data['quote_username'] = (!empty($post_data['post_username'])) ? $post_data['post_username'] : $user->lang['GUEST'];
  289. }
  290. else
  291. {
  292. $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : '';
  293. }
  294. $post_data['post_edit_locked'] = (isset($post_data['post_edit_locked'])) ? (int) $post_data['post_edit_locked'] : 0;
  295. $post_data['post_subject_md5'] = (isset($post_data['post_subject']) && $mode == 'edit') ? md5($post_data['post_subject']) : '';
  296. $post_data['post_subject'] = (in_array($mode, array('quote', 'edit'))) ? $post_data['post_subject'] : ((isset($post_data['topic_title'])) ? $post_data['topic_title'] : '');
  297. $post_data['topic_time_limit'] = (isset($post_data['topic_time_limit'])) ? (($post_data['topic_time_limit']) ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit']) : 0;
  298. $post_data['poll_length'] = (!empty($post_data['poll_length'])) ? (int) $post_data['poll_length'] / 86400 : 0;
  299. $post_data['poll_start'] = (!empty($post_data['poll_start'])) ? (int) $post_data['poll_start'] : 0;
  300. $post_data['icon_id'] = (!isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply'))) ? 0 : (int) $post_data['icon_id'];
  301. $post_data['poll_options'] = array();
  302. // Get Poll Data
  303. if ($post_data['poll_start'])
  304. {
  305. $sql = 'SELECT poll_option_text
  306. FROM ' . POLL_OPTIONS_TABLE . "
  307. WHERE topic_id = $topic_id
  308. ORDER BY poll_option_id";
  309. $result = $db->sql_query($sql);
  310. while ($row = $db->sql_fetchrow($result))
  311. {
  312. $post_data['poll_options'][] = trim($row['poll_option_text']);
  313. }
  314. $db->sql_freeresult($result);
  315. }
  316. if ($mode == 'edit')
  317. {
  318. $original_poll_data = array(
  319. 'poll_title' => $post_data['poll_title'],
  320. 'poll_length' => $post_data['poll_length'],
  321. 'poll_max_options' => $post_data['poll_max_options'],
  322. 'poll_option_text' => implode("\n", $post_data['poll_options']),
  323. 'poll_start' => $post_data['poll_start'],
  324. 'poll_last_vote' => $post_data['poll_last_vote'],
  325. 'poll_vote_change' => $post_data['poll_vote_change'],
  326. );
  327. }
  328. $orig_poll_options_size = sizeof($post_data['poll_options']);
  329. $message_parser = new parse_message();
  330. if (isset($post_data['post_text']))
  331. {
  332. $message_parser->message = &$post_data['post_text'];
  333. unset($post_data['post_text']);
  334. }
  335. // Set some default variables
  336. $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
  337. foreach ($uninit as $var_name => $default_value)
  338. {
  339. if (!isset($post_data[$var_name]))
  340. {
  341. $post_data[$var_name] = $default_value;
  342. }
  343. }
  344. unset($uninit);
  345. // Always check if the submitted attachment data is valid and belongs to the user.
  346. // Further down (especially in submit_post()) we do not check this again.
  347. $message_parser->get_submitted_attachment_data($post_data['poster_id']);
  348. if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode == 'edit')
  349. {
  350. // Do not change to SELECT *
  351. $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename
  352. FROM ' . ATTACHMENTS_TABLE . "
  353. WHERE post_msg_id = $post_id
  354. AND in_message = 0
  355. AND is_orphan = 0
  356. ORDER BY filetime DESC";
  357. $result = $db->sql_query($sql);
  358. $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
  359. $db->sql_freeresult($result);
  360. }
  361. if ($post_data['poster_id'] == ANONYMOUS)
  362. {
  363. $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['post_username']) : '';
  364. }
  365. else
  366. {
  367. $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['username']) : '';
  368. }
  369. $post_data['enable_urls'] = $post_data['enable_magic_url'];
  370. if ($mode != 'edit')
  371. {
  372. $post_data['enable_sig'] = ($config['allow_sig'] && $user->optionget('attachsig')) ? true: false;
  373. $post_data['enable_smilies'] = ($config['allow_smilies'] && $user->optionget('smilies')) ? true : false;
  374. $post_data['enable_bbcode'] = ($config['allow_bbcode'] && $user->optionget('bbcode')) ? true : false;
  375. $post_data['enable_urls'] = true;
  376. }
  377. $post_data['enable_magic_url'] = $post_data['drafts'] = false;
  378. // User own some drafts?
  379. if ($user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
  380. {
  381. $sql = 'SELECT draft_id
  382. FROM ' . DRAFTS_TABLE . '
  383. WHERE user_id = ' . $user->data['user_id'] .
  384. (($forum_id) ? ' AND forum_id = ' . (int) $forum_id : '') .
  385. (($topic_id) ? ' AND topic_id = ' . (int) $topic_id : '') .
  386. (($draft_id) ? " AND draft_id <> $draft_id" : '');
  387. $result = $db->sql_query_limit($sql, 1);
  388. if ($db->sql_fetchrow($result))
  389. {
  390. $post_data['drafts'] = true;
  391. }
  392. $db->sql_freeresult($result);
  393. }
  394. $check_value = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
  395. // Check if user is watching this topic
  396. if ($mode != 'post' && $config['allow_topic_notify'] && $user->data['is_registered'])
  397. {
  398. $sql = 'SELECT topic_id
  399. FROM ' . TOPICS_WATCH_TABLE . '
  400. WHERE topic_id = ' . $topic_id . '
  401. AND user_id = ' . $user->data['user_id'];
  402. $result = $db->sql_query($sql);
  403. $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id');
  404. $db->sql_freeresult($result);
  405. }
  406. // Do we want to edit our post ?
  407. if ($mode == 'edit' && $post_data['bbcode_uid'])
  408. {
  409. $message_parser->bbcode_uid = $post_data['bbcode_uid'];
  410. }
  411. // HTML, BBCode, Smilies, Images and Flash status
  412. $bbcode_status = ($config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id)) ? true : false;
  413. $smilies_status = ($config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id)) ? true : false;
  414. $img_status = ($bbcode_status && $auth->acl_get('f_img', $forum_id)) ? true : false;
  415. $url_status = ($config['allow_post_links']) ? true : false;
  416. $flash_status = ($bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash']) ? true : false;
  417. $quote_status = true;
  418. // Save Draft
  419. if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
  420. {
  421. $subject = utf8_normalize_nfc(request_var('subject', '', true));
  422. $subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject;
  423. $message = utf8_normalize_nfc(request_var('message', '', true));
  424. if ($subject && $message)
  425. {
  426. if (confirm_box(true))
  427. {
  428. $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
  429. 'user_id' => (int) $user->data['user_id'],
  430. 'topic_id' => (int) $topic_id,
  431. 'forum_id' => (int) $forum_id,
  432. 'save_time' => (int) $current_time,
  433. 'draft_subject' => (string) $subject,
  434. 'draft_message' => (string) $message)
  435. );
  436. $db->sql_query($sql);
  437. $meta_info = ($mode == 'post') ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id");
  438. meta_refresh(3, $meta_info);
  439. $message = $user->lang['DRAFT_SAVED'] . '<br /><br />';
  440. $message .= ($mode != 'post') ? sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $meta_info . '">', '</a>') . '<br /><br />' : '';
  441. $message .= sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
  442. trigger_error($message);
  443. }
  444. else
  445. {
  446. $s_hidden_fields = build_hidden_fields(array(
  447. 'mode' => $mode,
  448. 'save' => true,
  449. 'f' => $forum_id,
  450. 't' => $topic_id,
  451. 'subject' => $subject,
  452. 'message' => $message,
  453. 'attachment_data' => $message_parser->attachment_data,
  454. )
  455. );
  456. $hidden_fields = array(
  457. 'icon_id' => 0,
  458. 'disable_bbcode' => false,
  459. 'disable_smilies' => false,
  460. 'disable_magic_url' => false,
  461. 'attach_sig' => true,
  462. 'lock_topic' => false,
  463. 'topic_type' => POST_NORMAL,
  464. 'topic_time_limit' => 0,
  465. 'poll_title' => '',
  466. 'poll_option_text' => '',
  467. 'poll_max_options' => 1,
  468. 'poll_length' => 0,
  469. 'poll_vote_change' => false,
  470. );
  471. foreach ($hidden_fields as $name => $default)
  472. {
  473. if (!isset($_POST[$name]))
  474. {
  475. // Don't include it, if its not available
  476. unset($hidden_fields[$name]);
  477. continue;
  478. }
  479. if (is_bool($default))
  480. {
  481. // Use the string representation
  482. $hidden_fields[$name] = request_var($name, '');
  483. }
  484. else
  485. {
  486. $hidden_fields[$name] = request_var($name, $default);
  487. }
  488. }
  489. $s_hidden_fields .= build_hidden_fields($hidden_fields);
  490. confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
  491. }
  492. }
  493. else
  494. {
  495. if (utf8_clean_string($subject) === '')
  496. {
  497. $error[] = $user->lang['EMPTY_SUBJECT'];
  498. }
  499. if (utf8_clean_string($message) === '')
  500. {
  501. $error[] = $user->lang['TOO_FEW_CHARS'];
  502. }
  503. }
  504. unset($subject, $message);
  505. }
  506. // Load requested Draft
  507. if ($draft_id && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $user->data['is_registered'] && $auth->acl_get('u_savedrafts'))
  508. {
  509. $sql = 'SELECT draft_subject, draft_message
  510. FROM ' . DRAFTS_TABLE . "
  511. WHERE draft_id = $draft_id
  512. AND user_id = " . $user->data['user_id'];
  513. $result = $db->sql_query_limit($sql, 1);
  514. $row = $db->sql_fetchrow($result);
  515. $db->sql_freeresult($result);
  516. if ($row)
  517. {
  518. $post_data['post_subject'] = $row['draft_subject'];
  519. $message_parser->message = $row['draft_message'];
  520. $template->assign_var('S_DRAFT_LOADED', true);
  521. }
  522. else
  523. {
  524. $draft_id = 0;
  525. }
  526. }
  527. // Load draft overview
  528. if ($load && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_data['drafts'])
  529. {
  530. load_drafts($topic_id, $forum_id);
  531. }
  532. if ($submit || $preview || $refresh)
  533. {
  534. $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0);
  535. $post_data['post_subject'] = utf8_normalize_nfc(request_var('subject', '', true));
  536. $message_parser->message = utf8_normalize_nfc(request_var('message', '', true));
  537. $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true));
  538. $post_data['post_edit_reason'] = (!empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? utf8_normalize_nfc(request_var('edit_reason', '', true)) : '';
  539. $post_data['orig_topic_type'] = $post_data['topic_type'];
  540. $post_data['topic_type'] = request_var('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL));
  541. $post_data['topic_time_limit'] = request_var('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0));
  542. if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
  543. {
  544. $post_data['icon_id'] = request_var('icon', (int) $post_data['icon_id']);
  545. }
  546. $post_data['enable_bbcode'] = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true;
  547. $post_data['enable_smilies'] = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true;
  548. $post_data['enable_urls'] = (isset($_POST['disable_magic_url'])) ? 0 : 1;
  549. $post_data['enable_sig'] = (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false);
  550. if ($config['allow_topic_notify'] && $user->data['is_registered'])
  551. {
  552. $notify = (isset($_POST['notify'])) ? true : false;
  553. }
  554. else
  555. {
  556. $notify = false;
  557. }
  558. $topic_lock = (isset($_POST['lock_topic'])) ? true : false;
  559. $post_lock = (isset($_POST['lock_post'])) ? true : false;
  560. $poll_delete = (isset($_POST['poll_delete'])) ? true : false;
  561. if ($submit)
  562. {
  563. $status_switch = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
  564. $status_switch = ($status_switch != $check_value);
  565. }
  566. else
  567. {
  568. $status_switch = 1;
  569. }
  570. // Delete Poll
  571. if ($poll_delete && $mode == 'edit' && sizeof($post_data['poll_options']) &&
  572. ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id)))
  573. {
  574. if ($submit && check_form_key('posting'))
  575. {
  576. $sql = 'DELETE FROM ' . POLL_OPTIONS_TABLE . "
  577. WHERE topic_id = $topic_id";
  578. $db->sql_query($sql);
  579. $sql = 'DELETE FROM ' . POLL_VOTES_TABLE . "
  580. WHERE topic_id = $topic_id";
  581. $db->sql_query($sql);
  582. $topic_sql = array(
  583. 'poll_title' => '',
  584. 'poll_start' => 0,
  585. 'poll_length' => 0,
  586. 'poll_last_vote' => 0,
  587. 'poll_max_options' => 0,
  588. 'poll_vote_change' => 0
  589. );
  590. $sql = 'UPDATE ' . TOPICS_TABLE . '
  591. SET ' . $db->sql_build_array('UPDATE', $topic_sql) . "
  592. WHERE topic_id = $topic_id";
  593. $db->sql_query($sql);
  594. }
  595. $post_data['poll_title'] = $post_data['poll_option_text'] = '';
  596. $post_data['poll_vote_change'] = $post_data['poll_max_options'] = $post_data['poll_length'] = 0;
  597. }
  598. else
  599. {
  600. $post_data['poll_title'] = utf8_normalize_nfc(request_var('poll_title', '', true));
  601. $post_data['poll_length'] = request_var('poll_length', 0);
  602. $post_data['poll_option_text'] = utf8_normalize_nfc(request_var('poll_option_text', '', true));
  603. $post_data['poll_max_options'] = request_var('poll_max_options', 1);
  604. $post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0;
  605. }
  606. // If replying/quoting and last post id has changed
  607. // give user option to continue submit or return to post
  608. // notify and show user the post made between his request and the final submit
  609. if (($mode == 'reply' || $mode == 'quote') && $post_data['topic_cur_post_id'] && $post_data['topic_cur_post_id'] != $post_data['topic_last_post_id'])
  610. {
  611. // Only do so if it is allowed forum-wide
  612. if ($post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
  613. {
  614. if (topic_review($topic_id, $forum_id, 'post_review', $post_data['topic_cur_post_id']))
  615. {
  616. $template->assign_var('S_POST_REVIEW', true);
  617. }
  618. $submit = false;
  619. $refresh = true;
  620. }
  621. }
  622. // Parse Attachments - before checksum is calculated
  623. $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
  624. // Grab md5 'checksum' of new message
  625. $message_md5 = md5($message_parser->message);
  626. // If editing and checksum has changed we know the post was edited while we're editing
  627. // Notify and show user the changed post
  628. if ($mode == 'edit' && $post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
  629. {
  630. $edit_post_message_checksum = request_var('edit_post_message_checksum', '');
  631. $edit_post_subject_checksum = request_var('edit_post_subject_checksum', '');
  632. // $post_data['post_checksum'] is the checksum of the post submitted in the meantime
  633. // $message_md5 is the checksum of the post we're about to submit
  634. // $edit_post_message_checksum is the checksum of the post we're editing
  635. // ...
  636. // We make sure nobody else made exactly the same change
  637. // we're about to submit by also checking $message_md5 != $post_data['post_checksum']
  638. if (($edit_post_message_checksum !== '' && $edit_post_message_checksum != $post_data['post_checksum'] && $message_md5 != $post_data['post_checksum'])
  639. || ($edit_post_subject_checksum !== '' && $edit_post_subject_checksum != $post_data['post_subject_md5'] && md5($post_data['post_subject']) != $post_data['post_subject_md5']))
  640. {
  641. if (topic_review($topic_id, $forum_id, 'post_review_edit', $post_id))
  642. {
  643. $template->assign_vars(array(
  644. 'S_POST_REVIEW' => true,
  645. 'L_POST_REVIEW' => $user->lang['POST_REVIEW_EDIT'],
  646. 'L_POST_REVIEW_EXPLAIN' => $user->lang['POST_REVIEW_EDIT_EXPLAIN'],
  647. ));
  648. }
  649. $submit = false;
  650. $refresh = true;
  651. }
  652. }
  653. // Check checksum ... don't re-parse message if the same
  654. $update_message = ($mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN) ? true : false;
  655. // Also check if subject got updated...
  656. $update_subject = $mode != 'edit' || ($post_data['post_subject_md5'] && $post_data['post_subject_md5'] != md5($post_data['post_subject']));
  657. // Parse message
  658. if ($update_message)
  659. {
  660. if (sizeof($message_parser->warn_msg))
  661. {
  662. $error[] = implode('<br />', $message_parser->warn_msg);
  663. $message_parser->warn_msg = array();
  664. }
  665. $message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
  666. // On a refresh we do not care about message parsing errors
  667. if (sizeof($message_parser->warn_msg) && $refresh)
  668. {
  669. $message_parser->warn_msg = array();
  670. }
  671. }
  672. else
  673. {
  674. $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield'];
  675. }
  676. if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('f_ignoreflood', $forum_id))
  677. {
  678. // Flood check
  679. $last_post_time = 0;
  680. if ($user->data['is_registered'])
  681. {
  682. $last_post_time = $user->data['user_lastpost_time'];
  683. }
  684. else
  685. {
  686. $sql = 'SELECT post_time AS last_post_time
  687. FROM ' . POSTS_TABLE . "
  688. WHERE poster_ip = '" . $user->ip . "'
  689. AND post_time > " . ($current_time - $config['flood_interval']);
  690. $result = $db->sql_query_limit($sql, 1);
  691. if ($row = $db->sql_fetchrow($result))
  692. {
  693. $last_post_time = $row['last_post_time'];
  694. }
  695. $db->sql_freeresult($result);
  696. }
  697. if ($last_post_time && ($current_time - $last_post_time) < intval($config['flood_interval']))
  698. {
  699. $error[] = $user->lang['FLOOD_ERROR'];
  700. }
  701. }
  702. // Validate username
  703. if (($post_data['username'] && !$user->data['is_registered']) || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']))
  704. {
  705. include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
  706. $user->add_lang('ucp');
  707. if (($result = validate_username($post_data['username'], (!empty($post_data['post_username'])) ? $post_data['post_username'] : '')) !== false)
  708. {
  709. $error[] = $user->lang[$result . '_USERNAME'];
  710. }
  711. if (($result = validate_string($post_data['username'], false, $config['min_name_chars'], $config['max_name_chars'])) !== false)
  712. {
  713. $min_max_amount = ($result == 'TOO_SHORT') ? $config['min_name_chars'] : $config['max_name_chars'];
  714. $error[] = sprintf($user->lang['FIELD_' . $result], $user->lang['USERNAME'], $min_max_amount);
  715. }
  716. }
  717. if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply')))
  718. {
  719. $captcha_data = array(
  720. 'message' => utf8_normalize_nfc(request_var('message', '', true)),
  721. 'subject' => utf8_normalize_nfc(request_var('subject', '', true)),
  722. 'username' => utf8_normalize_nfc(request_var('username', '', true)),
  723. );
  724. $vc_response = $captcha->validate($captcha_data);
  725. if ($vc_response)
  726. {
  727. $error[] = $vc_response;
  728. }
  729. }
  730. // check form
  731. if (($submit || $preview) && !check_form_key('posting'))
  732. {
  733. $error[] = $user->lang['FORM_INVALID'];
  734. }
  735. // Parse subject
  736. if (!$preview && !$refresh && utf8_clean_string($post_data['post_subject']) === '' && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
  737. {
  738. $error[] = $user->lang['EMPTY_SUBJECT'];
  739. }
  740. $post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0;
  741. if ($post_data['poll_option_text'] &&
  742. ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
  743. && $auth->acl_get('f_poll', $forum_id))
  744. {
  745. $poll = array(
  746. 'poll_title' => $post_data['poll_title'],
  747. 'poll_length' => $post_data['poll_length'],
  748. 'poll_max_options' => $post_data['poll_max_options'],
  749. 'poll_option_text' => $post_data['poll_option_text'],
  750. 'poll_start' => $post_data['poll_start'],
  751. 'poll_last_vote' => $post_data['poll_last_vote'],
  752. 'poll_vote_change' => $post_data['poll_vote_change'],
  753. 'enable_bbcode' => $post_data['enable_bbcode'],
  754. 'enable_urls' => $post_data['enable_urls'],
  755. 'enable_smilies' => $post_data['enable_smilies'],
  756. 'img_status' => $img_status
  757. );
  758. $message_parser->parse_poll($poll);
  759. $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
  760. $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
  761. /* We reset votes, therefore also allow removing options
  762. if ($post_data['poll_last_vote'] && ($poll['poll_options_size'] < $orig_poll_options_size))
  763. {
  764. $message_parser->warn_msg[] = $user->lang['NO_DELETE_POLL_OPTIONS'];
  765. }*/
  766. }
  767. else if ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && $auth->acl_get('f_poll', $forum_id))
  768. {
  769. // The user removed all poll options, this is equal to deleting the poll.
  770. $poll = array(
  771. 'poll_title' => '',
  772. 'poll_length' => 0,
  773. 'poll_max_options' => 0,
  774. 'poll_option_text' => '',
  775. 'poll_start' => 0,
  776. 'poll_last_vote' => 0,
  777. 'poll_vote_change' => 0,
  778. 'poll_options' => array(),
  779. );
  780. $post_data['poll_options'] = array();
  781. $post_data['poll_title'] = '';
  782. $post_data['poll_start'] = $post_data['poll_length'] = $post_data['poll_max_options'] = $post_data['poll_last_vote'] = $post_data['poll_vote_change'] = 0;
  783. }
  784. else if (!$auth->acl_get('f_poll', $forum_id) && ($mode == 'edit') && ($post_id == $post_data['topic_first_post_id']) && ($original_poll_data['poll_title'] != ''))
  785. {
  786. // We have a poll but the editing user is not permitted to create/edit it.
  787. // So we just keep the original poll-data.
  788. $poll = array_merge($original_poll_data, array(
  789. 'enable_bbcode' => $post_data['enable_bbcode'],
  790. 'enable_urls' => $post_data['enable_urls'],
  791. 'enable_smilies' => $post_data['enable_smilies'],
  792. 'img_status' => $img_status,
  793. ));
  794. $message_parser->parse_poll($poll);
  795. $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
  796. $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
  797. }
  798. else
  799. {
  800. $poll = array();
  801. }
  802. // Check topic type
  803. if ($post_data['topic_type'] != POST_NORMAL && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
  804. {
  805. switch ($post_data['topic_type'])
  806. {
  807. case POST_GLOBAL:
  808. case POST_ANNOUNCE:
  809. $auth_option = 'f_announce';
  810. break;
  811. case POST_STICKY:
  812. $auth_option = 'f_sticky';
  813. break;
  814. default:
  815. $auth_option = '';
  816. break;
  817. }
  818. if (!$auth->acl_get($auth_option, $forum_id))
  819. {
  820. // There is a special case where a user edits his post whereby the topic type got changed by an admin/mod.
  821. // Another case would be a mod not having sticky permissions for example but edit permissions.
  822. if ($mode == 'edit')
  823. {
  824. // To prevent non-authed users messing around with the topic type we reset it to the original one.
  825. $post_data['topic_type'] = $post_data['orig_topic_type'];
  826. }
  827. else
  828. {
  829. $error[] = $user->lang['CANNOT_POST_' . str_replace('F_', '', strtoupper($auth_option))];
  830. }
  831. }
  832. }
  833. if (sizeof($message_parser->warn_msg))
  834. {
  835. $error[] = implode('<br />', $message_parser->warn_msg);
  836. }
  837. // DNSBL check
  838. if ($config['check_dnsbl'] && !$refresh)
  839. {
  840. if (($dnsbl = $user->check_dnsbl('post')) !== false)
  841. {
  842. $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
  843. }
  844. }
  845. // Store message, sync counters
  846. if (!sizeof($error) && $submit)
  847. {
  848. // Check if we want to de-globalize the topic... and ask for new forum
  849. if ($post_data['topic_type'] != POST_GLOBAL)
  850. {
  851. $sql = 'SELECT topic_type, forum_id
  852. FROM ' . TOPICS_TABLE . "
  853. WHERE topic_id = $topic_id";
  854. $result = $db->sql_query($sql);
  855. $row = $db->sql_fetchrow($result);
  856. $db->sql_freeresult($result);
  857. if ($row && !$row['forum_id'] && $row['topic_type'] == POST_GLOBAL)
  858. {
  859. $to_forum_id = request_var('to_forum_id', 0);
  860. if ($to_forum_id)
  861. {
  862. $sql = 'SELECT forum_type
  863. FROM ' . FORUMS_TABLE . '
  864. WHERE forum_id = ' . $to_forum_id;
  865. $result = $db->sql_query($sql);
  866. $forum_type = (int) $db->sql_fetchfield('forum_type');
  867. $db->sql_freeresult($result);
  868. if ($forum_type != FORUM_POST || !$auth->acl_get('f_post', $to_forum_id) || !$auth->acl_get('f_noapprove', $to_forum_id))
  869. {
  870. $to_forum_id = 0;
  871. }
  872. }
  873. if (!$to_forum_id)
  874. {
  875. include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
  876. $template->assign_vars(array(
  877. 'S_FORUM_SELECT' => make_forum_select(false, false, false, true, true, true),
  878. 'S_UNGLOBALISE' => true)
  879. );
  880. $submit = false;
  881. $refresh = true;
  882. }
  883. else
  884. {
  885. if (!$auth->acl_get('f_post', $to_forum_id))
  886. {
  887. // This will only be triggered if the user tried to trick the forum.
  888. trigger_error('NOT_AUTHORISED');
  889. }
  890. $forum_id = $to_forum_id;
  891. }
  892. }
  893. }
  894. if ($submit)
  895. {
  896. // Lock/Unlock Topic
  897. $change_topic_status = $post_data['topic_status'];
  898. $perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED)) ? true : false;
  899. if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock)
  900. {
  901. $change_topic_status = ITEM_UNLOCKED;
  902. }
  903. else if ($post_data['topic_status'] == ITEM_UNLOCKED && $topic_lock && $perm_lock_unlock)
  904. {
  905. $change_topic_status = ITEM_LOCKED;
  906. }
  907. if ($change_topic_status != $post_data['topic_status'])
  908. {
  909. $sql = 'UPDATE ' . TOPICS_TABLE . "
  910. SET topic_status = $change_topic_status
  911. WHERE topic_id = $topic_id
  912. AND topic_moved_id = 0";
  913. $db->sql_query($sql);
  914. $user_lock = ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $post_data['topic_poster']) ? 'USER_' : '';
  915. add_log('mod', $forum_id, $topic_id, 'LOG_' . $user_lock . (($change_topic_status == ITEM_LOCKED) ? 'LOCK' : 'UNLOCK'), $post_data['topic_title']);
  916. }
  917. // Lock/Unlock Post Edit
  918. if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_LOCKED && !$post_lock && $auth->acl_get('m_edit', $forum_id))
  919. {
  920. $post_data['post_edit_locked'] = ITEM_UNLOCKED;
  921. }
  922. else if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_UNLOCKED && $post_lock && $auth->acl_get('m_edit', $forum_id))
  923. {
  924. $post_data['post_edit_locked'] = ITEM_LOCKED;
  925. }
  926. $data = array(
  927. 'topic_title' => (empty($post_data['topic_title'])) ? $post_data['post_subject'] : $post_data['topic_title'],
  928. 'topic_first_post_id' => (isset($post_data['topic_first_post_id'])) ? (int) $post_data['topic_first_post_id'] : 0,
  929. 'topic_last_post_id' => (isset($post_data['topic_last_post_id'])) ? (int) $post_data['topic_last_post_id'] : 0,
  930. 'topic_time_limit' => (int) $post_data['topic_time_limit'],
  931. 'topic_attachment' => (isset($post_data['topic_attachment'])) ? (int) $post_data['topic_attachment'] : 0,
  932. 'post_id' => (int) $post_id,
  933. 'topic_id' => (int) $topic_id,
  934. 'forum_id' => (int) $forum_id,
  935. 'icon_id' => (int) $post_data['icon_id'],
  936. 'poster_id' => (int) $post_data['poster_id'],
  937. 'enable_sig' => (bool) $post_data['enable_sig'],
  938. 'enable_bbcode' => (bool) $post_data['enable_bbcode'],
  939. 'enable_smilies' => (bool) $post_data['enable_smilies'],
  940. 'enable_urls' => (bool) $post_data['enable_urls'],
  941. 'enable_indexing' => (bool) $post_data['enable_indexing'],
  942. 'message_md5' => (string) $message_md5,
  943. 'post_time' => (isset($post_data['post_time'])) ? (int) $post_data['post_time'] : $current_time,
  944. 'post_checksum' => (isset($post_data['post_checksum'])) ? (string) $post_data['post_checksum'] : '',
  945. 'post_edit_reason' => $post_data['post_edit_reason'],
  946. 'post_edit_user' => ($mode == 'edit') ? $user->data['user_id'] : ((isset($post_data['post_edit_user'])) ? (int) $post_data['post_edit_user'] : 0),
  947. 'forum_parents' => $post_data['forum_parents'],
  948. 'forum_name' => $post_data['forum_name'],
  949. 'notify' => $notify,
  950. 'notify_set' => $post_data['notify_set'],
  951. 'poster_ip' => (isset($post_data['poster_ip'])) ? $post_data['poster_ip'] : $user->ip,
  952. 'post_edit_locked' => (int) $post_data['post_edit_locked'],
  953. 'bbcode_bitfield' => $message_parser->bbcode_bitfield,
  954. 'bbcode_uid' => $message_parser->bbcode_uid,
  955. 'message' => $message_parser->message,
  956. 'attachment_data' => $message_parser->attachment_data,
  957. 'filename_data' => $message_parser->filename_data,
  958. 'topic_approved' => (isset($post_data['topic_approved'])) ? $post_data['topic_approved'] : false,
  959. 'post_approved' => (isset($post_data['post_approved'])) ? $post_data['post_approved'] : false,
  960. );
  961. if ($mode == 'edit')
  962. {
  963. $data['topic_replies_real'] = $post_data['topic_replies_real'];
  964. $data['topic_replies'] = $post_data['topic_replies'];
  965. }
  966. // Only return the username when it is either a guest posting or we are editing a post and
  967. // the username was supplied; otherwise post_data might hold the data of the post that is
  968. // being quoted (which could result in the username being returned being that of the quoted
  969. // post's poster, not the poster of the current post). See: PHPBB3-11769 for more information.
  970. $post_author_name = ((!$user->data['is_registered'] || $mode == 'edit') && $post_data['username'] !== '') ? $post_data['username'] : '';
  971. // The last parameter tells submit_post if search indexer has to be run
  972. $redirect_url = submit_post($mode, $post_data['post_subject'], $post_author_name, $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false);
  973. if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
  974. {
  975. $captcha->reset();
  976. }
  977. // Check the permissions for post approval.
  978. // Moderators must go through post approval like ordinary users.
  979. if ((!$auth->acl_get('f_noapprove', $data['forum_id']) && empty($data['force_approved_state'])) || (isset($data['force_approved_state']) && !$data['force_approved_state']))
  980. {
  981. meta_refresh(10, $redirect_url);
  982. $message = ($mode == 'edit') ? $user->lang['POST_EDITED_MOD'] : $user->lang['POST_STORED_MOD'];
  983. $message .= (($user->data['user_id'] == ANONYMOUS) ? '' : ' '. $user->lang['POST_APPROVAL_NOTIFY']);
  984. }
  985. else
  986. {
  987. meta_refresh(3, $redirect_url);
  988. $message = ($mode == 'edit') ? 'POST_EDITED' : 'POST_STORED';
  989. $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $redirect_url . '">', '</a>');
  990. }
  991. $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $data['forum_id']) . '">', '</a>');
  992. trigger_error($message);
  993. }
  994. }
  995. }
  996. // Preview
  997. if (!sizeof($error) && $preview)
  998. {
  999. $post_data['post_time'] = ($mode == 'edit') ? $post_data['post_time'] : $current_time;
  1000. $preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false);
  1001. $preview_signature = ($mode == 'edit') ? $post_data['user_sig'] : $user->data['user_sig'];
  1002. $preview_signature_uid = ($mode == 'edit') ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid'];
  1003. $preview_signature_bitfield = ($mode == 'edit') ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield'];
  1004. // Signature
  1005. if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('f_sigs', $forum_id))
  1006. {
  1007. $parse_sig = new parse_message($preview_signature);
  1008. $parse_sig->bbcode_uid = $preview_signature_uid;
  1009. $parse_sig->bbcode_bitfield = $preview_signature_bitfield;
  1010. // Not sure about parameters for bbcode/smilies/urls... in signatures
  1011. $parse_sig->format_display($config['allow_sig_bbcode'], $config['allow_sig_links'], $config['allow_sig_smilies']);
  1012. $preview_signature = $parse_sig->message;
  1013. unset($parse_sig);
  1014. }
  1015. else
  1016. {
  1017. $preview_signature = '';
  1018. }
  1019. $preview_subject = censor_text($post_data['post_subject']);
  1020. // Poll Preview
  1021. if (!$poll_delete && ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
  1022. && $auth->acl_get('f_poll', $forum_id))
  1023. {
  1024. $parse_poll = new parse_message($post_data['poll_title']);
  1025. $parse_poll->bbcode_uid = $message_parser->bbcode_uid;
  1026. $parse_poll->bbcode_bitfield = $message_parser->bbcode_bitfield;
  1027. $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
  1028. if ($post_data['poll_length'])
  1029. {
  1030. $poll_end = ($post_data['poll_length'] * 86400) + (($post_data['poll_start']) ? $post_data['poll_start'] : time());
  1031. }
  1032. $template->assign_vars(array(
  1033. 'S_HAS_POLL_OPTIONS' => (sizeof($post_data['poll_options'])),
  1034. 'S_IS_MULTI_CHOICE' => ($post_data['poll_max_options'] > 1) ? true : false,
  1035. 'POLL_QUESTION' => $parse_poll->message,
  1036. 'L_POLL_LENGTH' => ($post_data['poll_length']) ? sprintf($user->lang['POLL_RUN_TILL'], $user->format_date($poll_end)) : '',
  1037. 'L_MAX_VOTES' => ($post_data['poll_max_options'] == 1) ? $user->lang['MAX_OPTION_SELECT'] : sprintf($user->lang['MAX_OPTIONS_SELECT'], $post_data['poll_max_options']))
  1038. );
  1039. $parse_poll->message = implode("\n", $post_data['poll_options']);
  1040. $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
  1041. $preview_poll_options = explode('<br />', $parse_poll->message);
  1042. unset($parse_poll);
  1043. foreach ($preview_poll_options as $key => $option)
  1044. {
  1045. $template->assign_block_vars('poll_option', array(
  1046. 'POLL_OPTION_CAPTION' => $option,
  1047. 'POLL_OPTION_ID' => $key + 1)
  1048. );
  1049. }
  1050. unset($preview_poll_options);
  1051. }
  1052. // Attachment Preview
  1053. if (sizeof($message_parser->attachment_data))
  1054. {
  1055. $template->assign_var('S_HAS_ATTACHMENTS', true);
  1056. $update_count = array();
  1057. $attachment_data = $message_parser->attachment_data;
  1058. parse_attachments($forum_id, $preview_message, $attachment_data, $update_count, true);
  1059. foreach ($attachment_data as $i => $attachment)
  1060. {
  1061. $template->assign_block_vars('attachment', array(
  1062. 'DISPLAY_ATTACHMENT' => $attachment)
  1063. );
  1064. }
  1065. unset($attachment_data);
  1066. }
  1067. if (!sizeof($error))
  1068. {
  1069. $template->assign_vars(array(
  1070. 'PREVIEW_SUBJECT' => $preview_subject,
  1071. 'PREVIEW_MESSAGE' => $preview_message,
  1072. 'PREVIEW_SIGNATURE' => $preview_signature,
  1073. 'S_DISPLAY_PREVIEW' => true)
  1074. );
  1075. }
  1076. }
  1077. // Decode text for message display
  1078. $post_data['bbcode_uid'] = ($mode == 'quote' && !$preview && !$refresh && !sizeof($error)) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid;
  1079. $message_parser->decode_message($post_data['bbcode_uid']);
  1080. if ($mode == 'quote' && !$submit && !$preview && !$refresh)
  1081. {
  1082. if ($config['allow_bbcode'])
  1083. {
  1084. $message_parser->message = '[quote=&quot;' . $post_data['quote_username'] . '&quot;]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
  1085. }
  1086. else
  1087. {
  1088. $offset = 0;
  1089. $quote_string = "&gt; ";
  1090. $message = censor_text(trim($message_parser->message));
  1091. // see if we are nesting. It's easily tricked but should work for one level of nesting
  1092. if (strpos($message, "&gt;") !== false)
  1093. {
  1094. $offset = 10;
  1095. }
  1096. $message = utf8_wordwrap($message, 75 + $offset, "\n");
  1097. $message = $quote_string . $message;
  1098. $message = str_replace("\n", "\n" . $quote_string, $message);
  1099. $message_parser->message = $post_data['quote_username'] . " " . $user->lang['WROTE'] . ":\n" . $message . "\n";
  1100. }
  1101. }
  1102. if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh)
  1103. {
  1104. $post_data['post_subject'] = ((strpos($post_data['post_subject'], 'Re: ') !== 0) ? 'Re: ' : '') . censor_text($post_data['post_subject']);
  1105. }
  1106. $attachment_data = $message_parser->attachment_data;
  1107. $filename_data = $message_parser->filename_data;
  1108. $post_data['post_text'] = $message_parser->message;
  1109. if (sizeof($post_data['poll_options']) || !empty($post_data['poll_title']))
  1110. {
  1111. $message_parser->message = $post_data['poll_title'];
  1112. $message_parser->bbcode_uid = $post_data['bbcode_uid'];
  1113. $message_parser->decode_message();
  1114. $post_data['poll_title'] = $message_parser->message;
  1115. $message_parser->message = implode("\n", $post_data['poll_options']);
  1116. $message_parser->decode_message();
  1117. $post_data['poll_options'] = explode("\n", $message_parser->message);
  1118. }
  1119. // MAIN POSTING PAGE BEGINS HERE
  1120. // Forum moderators?
  1121. $moderators = array();
  1122. if ($config['load_moderators'])
  1123. {
  1124. get_moderators($moderators, $forum_id);
  1125. }
  1126. // Generate smiley listing
  1127. generate_smilies('inline', $forum_id);
  1128. // Generate inline attachment select box
  1129. posting_gen_inline_attachments($attachment_data);
  1130. // Do show topic type selection only in first post.
  1131. $topic_type_toggle = false;
  1132. if ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']))
  1133. {
  1134. $topic_type_toggle = posting_gen_topic_types($forum_id, $post_data['topic_type']);
  1135. }
  1136. $s_topic_icons = false;
  1137. if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
  1138. {
  1139. $s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']);
  1140. }
  1141. $bbcode_checked = (isset($post_data['enable_bbcode'])) ? !$post_data['enable_bbcode'] : (($config['allow_bbcode']) ? !$user->optionget('bbcode') : 1);
  1142. $smilies_checked = (isset($post_data['enable_smilies'])) ? !$post_data['enable_smilies'] : (($config['allow_smilies']) ? !$user->optionget('smilies') : 1);
  1143. $urls_checked = (isset($post_data['enable_urls'])) ? !$post_data['enable_urls'] : 0;
  1144. $sig_checked = $post_data['enable_sig'];
  1145. $lock_topic_checked = (isset($topic_lock) && $topic_lock) ? $topic_lock : (($post_data['topic_status'] == ITEM_LOCKED) ? 1 : 0);
  1146. $lock_post_checked = (isset($post_lock)) ? $post_lock : $post_data['post_edit_locked'];
  1147. // If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting
  1148. $notify_set = ($mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set']) ? $user->data['user_notify'] : $post_data['notify_set'];
  1149. $notify_checked = (isset($notify)) ? $notify : (($mode == 'post') ? $user->data['user_notify'] : $notify_set);
  1150. // Page title & action URL
  1151. $s_action = append_sid("{$phpbb_root_path}posting.$phpEx", "mode=$mode&amp;f=$forum_id");
  1152. $s_action .= ($topic_id) ? "&amp;t=$topic_id" : '';
  1153. $s_action .= ($post_id) ? "&amp;p=$post_id" : '';
  1154. switch ($mode)
  1155. {
  1156. case 'post':
  1157. $page_title = $user->lang['POST_TOPIC'];
  1158. break;
  1159. case 'quote':
  1160. case 'reply':
  1161. $page_title = $user->lang['POST_REPLY'];
  1162. break;
  1163. case 'delete':
  1164. case 'edit':
  1165. $page_title = $user->lang['EDIT_POST'];
  1166. break;
  1167. }
  1168. // Build Navigation Links
  1169. generate_forum_nav($post_data);
  1170. // Build Forum Rules
  1171. generate_forum_rules($post_data);
  1172. // Posting uses is_solved for legacy reasons. Plugins have to use is_solved to force themselves to be displayed.
  1173. if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
  1174. {
  1175. $template->assign_vars(array(
  1176. 'S_CONFIRM_CODE' => true,
  1177. 'CAPTCHA_TEMPLATE' => $captcha->get_template(),
  1178. ));
  1179. }
  1180. $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : '';
  1181. $s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
  1182. $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', $draft_id) . '" />' : '';
  1183. if ($mode == 'edit')
  1184. {
  1185. $s_hidden_fields .= build_hidden_fields(array(
  1186. 'edit_post_message_checksum' => $post_data['post_checksum'],
  1187. 'edit_post_subject_checksum' => $post_data['post_subject_md5'],
  1188. ));
  1189. }
  1190. // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview
  1191. if (isset($captcha) && $captcha->is_

Large files files are truncated, but you can click here to view the full file