Zeile 6 | Zeile 6 |
---|
* Website: http://www.mybboard.net * License: http://www.mybboard.net/about/license *
|
* Website: http://www.mybboard.net * License: http://www.mybboard.net/about/license *
|
* $Id: newreply.php 3992 2008-07-06 17:27:56Z Tikitiki $
| * $Id: newreply.php 5087 2010-07-11 11:46:40Z Huji $
|
*/
define("IN_MYBB", 1);
|
*/
define("IN_MYBB", 1);
|
| define('THIS_SCRIPT', 'newreply.php');
|
$templatelist = "newreply,previewpost,error_invalidforum,error_invalidthread,redirect_threadposted,loginbox,changeuserbox,posticons,newreply_threadreview,forumrules,attachments,newreply_threadreview_post"; $templatelist .= ",smilieinsert,codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,newreply_disablesmilies,postbit_online,postbit_find,postbit_pm,postbit_www,postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,postbit_report,postbit_seperator,postbit,post_subscription_method";
| $templatelist = "newreply,previewpost,error_invalidforum,error_invalidthread,redirect_threadposted,loginbox,changeuserbox,posticons,newreply_threadreview,forumrules,attachments,newreply_threadreview_post"; $templatelist .= ",smilieinsert,codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,newreply_disablesmilies,postbit_online,postbit_find,postbit_pm,postbit_www,postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,postbit_report,postbit_seperator,postbit,post_subscription_method";
|
Zeile 131 | Zeile 132 |
---|
{ if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newreply") {
|
{ if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newreply") {
|
$username = $lang->guest;
| $username = '';
|
} elseif($mybb->input['previewpost']) {
|
} elseif($mybb->input['previewpost']) {
|
$username = $mybb->input['username'];
| $username = htmlspecialchars_uni($mybb->input['username']);
|
} eval("\$loginbox = \"".$templates->get("loginbox")."\";"); }
// Check to see if the thread is closed, and if the user is a mod. if(!is_moderator($fid, "caneditposts"))
|
} eval("\$loginbox = \"".$templates->get("loginbox")."\";"); }
// Check to see if the thread is closed, and if the user is a mod. if(!is_moderator($fid, "caneditposts"))
|
{
| {
|
if($thread['closed'] == 1) { error($lang->redirect_threadclosed);
|
if($thread['closed'] == 1) { error($lang->redirect_threadclosed);
|
} }
| } }
|
// No weird actions allowed, show new reply form if no regular action. if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")
|
// No weird actions allowed, show new reply form if no regular action. if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")
|
{ $mybb->input['action'] = "newreply"; }
| { $mybb->input['action'] = "newreply"; }
|
// Even if we are previewing, still show the new reply form. if($mybb->input['previewpost']) { $mybb->input['action'] = "newreply";
|
// Even if we are previewing, still show the new reply form. if($mybb->input['previewpost']) { $mybb->input['action'] = "newreply";
|
}
| }
|
if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1') { error($lang->error_cannot_upload_php_post); }
if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || ($mybb->input['action'] == "do_newreply" && $mybb->input['submit'] && $_FILES['attachment'])))
|
if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1') { error($lang->error_cannot_upload_php_post); }
if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || ($mybb->input['action'] == "do_newreply" && $mybb->input['submit'] && $_FILES['attachment'])))
|
{ // If there's an attachment, check it and upload it. if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0)
| { // Verify incoming POST request verify_post_check($mybb->input['my_post_key']); if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid'])) { $attachwhere = "pid='{$pid}'"; } else { $attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'"; } $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere); $attachcount = $db->fetch_field($query, "numattachs"); // If there's an attachment, check it and upload it if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments']))
|
{ require_once MYBB_ROOT."inc/functions_upload.php"; $attachedfile = upload_attachment($_FILES['attachment']); }
|
{ require_once MYBB_ROOT."inc/functions_upload.php"; $attachedfile = upload_attachment($_FILES['attachment']); }
|
|
|
if($attachedfile['error'])
|
if($attachedfile['error'])
|
{
| {
|
eval("\$attacherror = \"".$templates->get("error_attacherror")."\";"); $mybb->input['action'] = "newreply"; }
|
eval("\$attacherror = \"".$templates->get("error_attacherror")."\";"); $mybb->input['action'] = "newreply"; }
|
|
|
if(!$mybb->input['submit']) { $mybb->input['action'] = "newreply";
|
if(!$mybb->input['submit']) { $mybb->input['action'] = "newreply";
|
| $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />";
|
} }
// Remove an attachment. if($mybb->input['attachmentaid'] && $mybb->input['posthash']) {
|
} }
// Remove an attachment. if($mybb->input['attachmentaid'] && $mybb->input['posthash']) {
|
| // Verify incoming POST request verify_post_check($mybb->input['my_post_key']);
|
require_once MYBB_ROOT."inc/functions_upload.php"; remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']); if(!$mybb->input['submit']) { $mybb->input['action'] = "newreply";
|
require_once MYBB_ROOT."inc/functions_upload.php"; remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']); if(!$mybb->input['submit']) { $mybb->input['action'] = "newreply";
|
| $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />";
|
} }
// Setup our posthash for managing attachments. if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft") {
|
} }
// Setup our posthash for managing attachments. if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft") {
|
mt_srand ((double) microtime() * 1000000); $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].mt_rand());
| $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());
|
}
$reply_errors = "";
| }
$reply_errors = "";
|
Zeile 249 | Zeile 270 |
---|
if(!$mybb->user['uid']) { my_setcookie('loginattempts', $logins + 1);
|
if(!$mybb->user['uid']) { my_setcookie('loginattempts', $logins + 1);
|
$db->write_query("UPDATE ".TABLE_PREFIX."sessions SET loginattempts=loginattempts+1 WHERE sid = '{$session->sid}'");
| $db->write_query("UPDATE ".TABLE_PREFIX."users SET loginattempts=loginattempts+1 WHERE username = '".$db->escape_string($mybb->input['username'])."'");
|
if($mybb->settings['failedlogintext'] == 1) { $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
|
if($mybb->settings['failedlogintext'] == 1) { $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
|
}
| }
|
error($lang->error_invalidpassword.$login_text); } // Otherwise they've logged in successfully.
| error($lang->error_invalidpassword.$login_text); } // Otherwise they've logged in successfully.
|
Zeile 265 | Zeile 286 |
---|
// Update the session to contain their user ID $updated_session = array( "uid" => $mybb->user['uid'],
|
// Update the session to contain their user ID $updated_session = array( "uid" => $mybb->user['uid'],
|
"loginattempts" => 0
| |
); $db->update_query("sessions", $updated_session, "sid='{$session->sid}'");
|
); $db->update_query("sessions", $updated_session, "sid='{$session->sid}'");
|
| $db->update_query("users", array("loginattempts" => 1), "uid='{$mybb->user['uid']}'");
|
// Set uid and username $uid = $mybb->user['uid'];
| // Set uid and username $uid = $mybb->user['uid'];
|
Zeile 315 | Zeile 337 |
---|
} if(!$mybb->input['savedraft']) {
|
} if(!$mybb->input['savedraft']) {
|
$query = $db->simple_select("posts p", "p.pid", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.posthash='".$db->escape_string($mybb->input['posthash'])."'");
| $query = $db->simple_select("posts p", "p.pid", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.posthash='".$db->escape_string($mybb->input['posthash'])."' AND p.visible != '-2'");
|
$duplicate_check = $db->fetch_field($query, "pid"); if($duplicate_check) {
| $duplicate_check = $db->fetch_field($query, "pid"); if($duplicate_check) {
|
Zeile 377 | Zeile 399 |
---|
{ $post_errors = $posthandler->get_friendly_errors(); }
|
{ $post_errors = $posthandler->get_friendly_errors(); }
|
| // Mark thread as read require_once MYBB_ROOT."inc/functions_indicators.php"; mark_thread_read($tid, $fid);
|
// Check captcha image if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$mybb->user['uid'])
| // Check captcha image if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$mybb->user['uid'])
|
Zeile 388 | Zeile 415 |
---|
if(my_strtolower($imgcheck['imagestring']) != my_strtolower($imagestring) || !$imgcheck['imagehash']) { $post_errors[] = $lang->invalid_captcha;
|
if(my_strtolower($imgcheck['imagestring']) != my_strtolower($imagestring) || !$imgcheck['imagehash']) { $post_errors[] = $lang->invalid_captcha;
|
}
| }
|
else { $db->delete_query("captcha", "imagehash='$imagehash'"); $hide_captcha = true;
|
else { $db->delete_query("captcha", "imagehash='$imagehash'"); $hide_captcha = true;
|
}
| }
|
// if we're using AJAX, and we have a captcha, regenerate a new one if($mybb->input['ajax'])
| // if we're using AJAX, and we have a captcha, regenerate a new one if($mybb->input['ajax'])
|
Zeile 421 | Zeile 448 |
---|
{ $reply_errors = inline_error($post_errors); $mybb->input['action'] = "newreply";
|
{ $reply_errors = inline_error($post_errors); $mybb->input['action'] = "newreply";
|
}
| }
|
else { $postinfo = $posthandler->insert_post();
| else { $postinfo = $posthandler->insert_post();
|
Zeile 444 | Zeile 471 |
---|
else { // Moderated post
|
else { // Moderated post
|
$lang->redirect_newreply .= $lang->redirect_newreply_moderation;
| $lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;
|
$url = get_thread_link($tid); }
| $url = get_thread_link($tid); }
|
Zeile 485 | Zeile 512 |
---|
} } }
|
} } }
|
// Mark thread as read require_once MYBB_ROOT."inc/functions_indicators.php"; mark_thread_read($tid, $fid);
|
|
$plugins->run_hooks("newreply_do_newreply_end"); // This was a post made via the ajax quick reply - we need to do some special things here
| $plugins->run_hooks("newreply_do_newreply_end"); // This was a post made via the ajax quick reply - we need to do some special things here
|
Zeile 517 | Zeile 540 |
---|
if($perpage > 0 && (($postcounter) % $perpage) == 0) { $post_page = ($postcounter) / $mybb->settings['postsperpage'];
|
if($perpage > 0 && (($postcounter) % $perpage) == 0) { $post_page = ($postcounter) / $mybb->settings['postsperpage'];
|
}
| }
|
else { $post_page = intval(($postcounter) / $mybb->settings['postsperpage']) + 1;
| else { $post_page = intval(($postcounter) / $mybb->settings['postsperpage']) + 1;
|
Zeile 551 | Zeile 574 |
---|
if(is_moderator($fid)) { $ismod = true;
|
if(is_moderator($fid)) { $ismod = true;
|
} else
| } else
|
{ $ismod = false; }
| { $ismod = false; }
|
Zeile 573 | Zeile 596 |
---|
echo $post;
// Build a new posthash incase the user wishes to quick reply again
|
echo $post;
// Build a new posthash incase the user wishes to quick reply again
|
mt_srand((double) microtime() * 1000000); $new_posthash = md5($mybb->user['uid'].mt_rand());
| $new_posthash = md5($mybb->user['uid'].random_str());
|
echo "<script type=\"text/javascript\">\n"; echo "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n"; echo "if(typeof(inlineModeration) != 'undefined') { Event.observe($('inlinemod_{$pid}'), 'click', inlineModeration.checkItem); }\n";
| echo "<script type=\"text/javascript\">\n"; echo "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n"; echo "if(typeof(inlineModeration) != 'undefined') { Event.observe($('inlinemod_{$pid}'), 'click', inlineModeration.checkItem); }\n";
|
Zeile 589 | Zeile 611 |
---|
} } else
|
} } else
|
{
| {
|
$lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); redirect($url, $lang->redirect_newreply); exit;
| $lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); redirect($url, $lang->redirect_newreply); exit;
|
Zeile 604 | Zeile 626 |
---|
$quote_ids = ''; // If this isn't a preview and we're not editing a draft, then handle quoted posts
|
$quote_ids = ''; // If this isn't a preview and we're not editing a draft, then handle quoted posts
|
if(!$mybb->input['previewpost'] && !$reply_errors && $mybb->input['action'] != "editdraft")
| if(!$mybb->input['previewpost'] && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->input['attachmentaid'] && !$mybb->input['newattachment'] && !$mybb->input['updateattachment'] && !$mybb->input['rem'])
|
{ $message = ''; $quoted_posts = array();
| { $message = ''; $quoted_posts = array();
|
Zeile 613 | Zeile 635 |
---|
{ $multiquoted = explode("|", $mybb->cookies['multiquote']); foreach($multiquoted as $post)
|
{ $multiquoted = explode("|", $mybb->cookies['multiquote']); foreach($multiquoted as $post)
|
{
| {
|
$quoted_posts[$post] = intval($post); } }
| $quoted_posts[$post] = intval($post); } }
|
Zeile 680 | Zeile 702 |
---|
if($external_quotes > 0) { if($external_quotes == 1)
|
if($external_quotes > 0) { if($external_quotes == 1)
|
{
| {
|
$multiquote_text = $lang->multiquote_external_one; $multiquote_deselect = $lang->multiquote_external_one_deselect; $multiquote_quote = $lang->multiquote_external_one_quote;
| $multiquote_text = $lang->multiquote_external_one; $multiquote_deselect = $lang->multiquote_external_one_deselect; $multiquote_quote = $lang->multiquote_external_one_quote;
|
Zeile 703 | Zeile 725 |
---|
if($mybb->input['quoted_ids']) { $quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']);
|
if($mybb->input['quoted_ids']) { $quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']);
|
}
if($mybb->input['previewpost'])
| }
if($mybb->input['previewpost'])
|
{ $previewmessage = $mybb->input['message'];
|
{ $previewmessage = $mybb->input['message'];
|
}
| }
|
if(!$message) { $message = $mybb->input['message']; } $message = htmlspecialchars_uni($message);
|
if(!$message) { $message = $mybb->input['message']; } $message = htmlspecialchars_uni($message);
|
|
|
// Set up the post options. if($mybb->input['previewpost'] || $maximageserror || $reply_errors != '') {
| // Set up the post options. if($mybb->input['previewpost'] || $maximageserror || $reply_errors != '') {
|
Zeile 728 | Zeile 750 |
---|
$postoptions_subscriptionmethod_none = "checked=\"checked\""; } else if($postoptions['subscriptionmethod'] == "instant")
|
$postoptions_subscriptionmethod_none = "checked=\"checked\""; } else if($postoptions['subscriptionmethod'] == "instant")
|
{ $postoptions_subscriptionmethod_instant = "checked=\"checked\""; } else {
| { $postoptions_subscriptionmethod_instant = "checked=\"checked\""; } else {
|
$postoptions_subscriptionmethod_dont = "checked=\"checked\""; } if($postoptions['disablesmilies'] == 1)
| $postoptions_subscriptionmethod_dont = "checked=\"checked\""; } if($postoptions['disablesmilies'] == 1)
|
Zeile 750 | Zeile 772 |
---|
$postoptionschecked['signature'] = " checked=\"checked\""; } if($post['smilieoff'] == 1)
|
$postoptionschecked['signature'] = " checked=\"checked\""; } if($post['smilieoff'] == 1)
|
{
| {
|
$postoptionschecked['disablesmilies'] = " checked=\"checked\""; } $mybb->input['icon'] = $post['icon'];
| $postoptionschecked['disablesmilies'] = " checked=\"checked\""; } $mybb->input['icon'] = $post['icon'];
|
Zeile 768 | Zeile 790 |
---|
else if($mybb->user['subscriptionmethod'] == 2) { $postoptions_subscriptionmethod_instant = "checked=\"checked\"";
|
else if($mybb->user['subscriptionmethod'] == 2) { $postoptions_subscriptionmethod_instant = "checked=\"checked\"";
|
}
| }
|
else { $postoptions_subscriptionmethod_dont = "checked=\"checked\""; }
|
else { $postoptions_subscriptionmethod_dont = "checked=\"checked\""; }
|
}
| }
|
if($forum['allowpicons'] != 0)
|
if($forum['allowpicons'] != 0)
|
{
| {
|
$posticons = get_post_icons();
|
$posticons = get_post_icons();
|
| } // No subject, but post info? if(!$subject && $mybb->input['subject']) { $subject = $mybb->input['subject'];
|
}
// Preview a post that was written.
| }
// Preview a post that was written.
|
Zeile 889 | Zeile 917 |
---|
{ $subject = "RE: " . $thread['subject']; }
|
{ $subject = "RE: " . $thread['subject']; }
|
|
|
// Setup a unique posthash for attachment management if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft") {
|
// Setup a unique posthash for attachment management if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft") {
|
mt_srand ((double) microtime() * 1000000); $posthash = md5($mybb->user['uid'].mt_rand());
| $posthash = md5($mybb->user['uid'].random_str()); } elseif($mybb->input['action'] == "editdraft") { // Drafts have posthashes, too... $posthash = $post['posthash'];
|
} else {
| } else {
|