Vergleich newreply.php - 1.4.0 - 1.4.14

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*

 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*

 * $Id: newreply.php 3992 2008-07-06 17:27:56Z Tikitiki $

 * $Id: newreply.php 5087 2010-07-11 11:46:40Z Huji $

 */

define("IN_MYBB", 1);

 */

define("IN_MYBB", 1);

 
define('THIS_SCRIPT', 'newreply.php');


$templatelist = "newreply,previewpost,error_invalidforum,error_invalidthread,redirect_threadposted,loginbox,changeuserbox,posticons,newreply_threadreview,forumrules,attachments,newreply_threadreview_post";
$templatelist .= ",smilieinsert,codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,newreply_disablesmilies,postbit_online,postbit_find,postbit_pm,postbit_www,postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,postbit_report,postbit_seperator,postbit,post_subscription_method";


$templatelist = "newreply,previewpost,error_invalidforum,error_invalidthread,redirect_threadposted,loginbox,changeuserbox,posticons,newreply_threadreview,forumrules,attachments,newreply_threadreview_post";
$templatelist .= ",smilieinsert,codebuttons,post_attachments_new,post_attachments,post_savedraftbutton,newreply_modoptions,newreply_threadreview_more,newreply_disablesmilies,postbit_online,postbit_find,postbit_pm,postbit_www,postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_edit,postbit_quickdelete,postbit_inlinecheck,postbit_posturl,postbit_quote,postbit_multiquote,postbit_report,postbit_seperator,postbit,post_subscription_method";

Zeile 131Zeile 132
{
if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newreply")
{

{
if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newreply")
{

		$username = $lang->guest;

		$username = '';

	}
elseif($mybb->input['previewpost'])
{

	}
elseif($mybb->input['previewpost'])
{

		$username = $mybb->input['username'];

		$username = htmlspecialchars_uni($mybb->input['username']);

	}
eval("\$loginbox = \"".$templates->get("loginbox")."\";");
}

// Check to see if the thread is closed, and if the user is a mod.
if(!is_moderator($fid, "caneditposts"))

	}
eval("\$loginbox = \"".$templates->get("loginbox")."\";");
}

// Check to see if the thread is closed, and if the user is a mod.
if(!is_moderator($fid, "caneditposts"))

{

{

	if($thread['closed'] == 1)
{
error($lang->redirect_threadclosed);

	if($thread['closed'] == 1)
{
error($lang->redirect_threadclosed);

	}
}


	}
}


// No weird actions allowed, show new reply form if no regular action.
if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")

// No weird actions allowed, show new reply form if no regular action.
if($mybb->input['action'] != "do_newreply" && $mybb->input['action'] != "editdraft")

{
$mybb->input['action'] = "newreply";
}


{
$mybb->input['action'] = "newreply";
}


// Even if we are previewing, still show the new reply form.
if($mybb->input['previewpost'])
{
$mybb->input['action'] = "newreply";

// Even if we are previewing, still show the new reply form.
if($mybb->input['previewpost'])
{
$mybb->input['action'] = "newreply";

}


}


if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1')
{
error($lang->error_cannot_upload_php_post);
}

if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || ($mybb->input['action'] == "do_newreply" && $mybb->input['submit'] && $_FILES['attachment'])))

if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1')
{
error($lang->error_cannot_upload_php_post);
}

if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || ($mybb->input['action'] == "do_newreply" && $mybb->input['submit'] && $_FILES['attachment'])))

{
// If there's an attachment, check it and upload it.
if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0)















{
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);

if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
{
$attachwhere = "pid='{$pid}'";
}
else
{
$attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'";
}
$query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere);
$attachcount = $db->fetch_field($query, "numattachs");

// If there's an attachment, check it and upload it
if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments']))

	{
require_once MYBB_ROOT."inc/functions_upload.php";
$attachedfile = upload_attachment($_FILES['attachment']);
}

	{
require_once MYBB_ROOT."inc/functions_upload.php";
$attachedfile = upload_attachment($_FILES['attachment']);
}

 
	

	if($attachedfile['error'])

	if($attachedfile['error'])

	{

	{

		eval("\$attacherror = \"".$templates->get("error_attacherror")."\";");
$mybb->input['action'] = "newreply";
}

		eval("\$attacherror = \"".$templates->get("error_attacherror")."\";");
$mybb->input['action'] = "newreply";
}

 
	

	if(!$mybb->input['submit'])
{
$mybb->input['action'] = "newreply";

	if(!$mybb->input['submit'])
{
$mybb->input['action'] = "newreply";

 
		$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />";

	}
}

// Remove an attachment.
if($mybb->input['attachmentaid'] && $mybb->input['posthash'])
{

	}
}

// Remove an attachment.
if($mybb->input['attachmentaid'] && $mybb->input['posthash'])
{

 
	// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);


	require_once MYBB_ROOT."inc/functions_upload.php";
remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']);
if(!$mybb->input['submit'])
{
$mybb->input['action'] = "newreply";

	require_once MYBB_ROOT."inc/functions_upload.php";
remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']);
if(!$mybb->input['submit'])
{
$mybb->input['action'] = "newreply";

 
		$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />";

	}
}

// Setup our posthash for managing attachments.
if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft")
{

	}
}

// Setup our posthash for managing attachments.
if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft")
{

	mt_srand ((double) microtime() * 1000000);
$mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].mt_rand());

	$mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());


}

$reply_errors = "";

}

$reply_errors = "";

Zeile 249Zeile 270
			if(!$mybb->user['uid'])
{
my_setcookie('loginattempts', $logins + 1);

			if(!$mybb->user['uid'])
{
my_setcookie('loginattempts', $logins + 1);

				$db->write_query("UPDATE ".TABLE_PREFIX."sessions SET loginattempts=loginattempts+1 WHERE sid = '{$session->sid}'");

				$db->write_query("UPDATE ".TABLE_PREFIX."users SET loginattempts=loginattempts+1 WHERE username = '".$db->escape_string($mybb->input['username'])."'");

				if($mybb->settings['failedlogintext'] == 1)
{
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);

				if($mybb->settings['failedlogintext'] == 1)
{
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);

				}				

				}		

				error($lang->error_invalidpassword.$login_text);
}
// Otherwise they've logged in successfully.

				error($lang->error_invalidpassword.$login_text);
}
// Otherwise they've logged in successfully.

Zeile 265Zeile 286
			// Update the session to contain their user ID
$updated_session = array(
"uid" => $mybb->user['uid'],

			// Update the session to contain their user ID
$updated_session = array(
"uid" => $mybb->user['uid'],

				"loginattempts" => 0

 
			);
$db->update_query("sessions", $updated_session, "sid='{$session->sid}'");

			);
$db->update_query("sessions", $updated_session, "sid='{$session->sid}'");

 

$db->update_query("users", array("loginattempts" => 1), "uid='{$mybb->user['uid']}'");


// Set uid and username
$uid = $mybb->user['uid'];


// Set uid and username
$uid = $mybb->user['uid'];

Zeile 315Zeile 337
	}
if(!$mybb->input['savedraft'])
{

	}
if(!$mybb->input['savedraft'])
{

		$query = $db->simple_select("posts p", "p.pid", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.posthash='".$db->escape_string($mybb->input['posthash'])."'");

		$query = $db->simple_select("posts p", "p.pid", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.posthash='".$db->escape_string($mybb->input['posthash'])."' AND p.visible != '-2'");

		$duplicate_check = $db->fetch_field($query, "pid");
if($duplicate_check)
{

		$duplicate_check = $db->fetch_field($query, "pid");
if($duplicate_check)
{

Zeile 377Zeile 399
	{
$post_errors = $posthandler->get_friendly_errors();
}

	{
$post_errors = $posthandler->get_friendly_errors();
}

 
	
// Mark thread as read
require_once MYBB_ROOT."inc/functions_indicators.php";
mark_thread_read($tid, $fid);



// Check captcha image
if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$mybb->user['uid'])


// Check captcha image
if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$mybb->user['uid'])

Zeile 388Zeile 415
		if(my_strtolower($imgcheck['imagestring']) != my_strtolower($imagestring) || !$imgcheck['imagehash'])
{
$post_errors[] = $lang->invalid_captcha;

		if(my_strtolower($imgcheck['imagestring']) != my_strtolower($imagestring) || !$imgcheck['imagehash'])
{
$post_errors[] = $lang->invalid_captcha;

		}

		}

		else
{
$db->delete_query("captcha", "imagehash='$imagehash'");
$hide_captcha = true;

		else
{
$db->delete_query("captcha", "imagehash='$imagehash'");
$hide_captcha = true;

		}

		}

		
// if we're using AJAX, and we have a captcha, regenerate a new one
if($mybb->input['ajax'])

		
// if we're using AJAX, and we have a captcha, regenerate a new one
if($mybb->input['ajax'])

Zeile 421Zeile 448
	{
$reply_errors = inline_error($post_errors);
$mybb->input['action'] = "newreply";

	{
$reply_errors = inline_error($post_errors);
$mybb->input['action'] = "newreply";

	}

	}

	else
{
$postinfo = $posthandler->insert_post();

	else
{
$postinfo = $posthandler->insert_post();

Zeile 444Zeile 471
		else
{
// Moderated post

		else
{
// Moderated post

			$lang->redirect_newreply .= $lang->redirect_newreply_moderation;

			$lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;

			$url = get_thread_link($tid);
}


			$url = get_thread_link($tid);
}


Zeile 485Zeile 512
				}
}
}

				}
}
}


// Mark thread as read
require_once MYBB_ROOT."inc/functions_indicators.php";
mark_thread_read($tid, $fid);


		





		$plugins->run_hooks("newreply_do_newreply_end");

// This was a post made via the ajax quick reply - we need to do some special things here

		$plugins->run_hooks("newreply_do_newreply_end");

// This was a post made via the ajax quick reply - we need to do some special things here

Zeile 517Zeile 540
				if($perpage > 0 && (($postcounter) % $perpage) == 0)
{
$post_page = ($postcounter) / $mybb->settings['postsperpage'];

				if($perpage > 0 && (($postcounter) % $perpage) == 0)
{
$post_page = ($postcounter) / $mybb->settings['postsperpage'];

				}

				}

				else
{
$post_page = intval(($postcounter) / $mybb->settings['postsperpage']) + 1;

				else
{
$post_page = intval(($postcounter) / $mybb->settings['postsperpage']) + 1;

Zeile 551Zeile 574
				if(is_moderator($fid))
{
$ismod = true;

				if(is_moderator($fid))
{
$ismod = true;

				}
else

				}
else

				{
$ismod = false;
}

				{
$ismod = false;
}

Zeile 573Zeile 596
				echo $post;

// Build a new posthash incase the user wishes to quick reply again

				echo $post;

// Build a new posthash incase the user wishes to quick reply again

				mt_srand((double) microtime() * 1000000);
$new_posthash = md5($mybb->user['uid'].mt_rand());

			    $new_posthash = md5($mybb->user['uid'].random_str());


				echo "<script type=\"text/javascript\">\n"; 
echo "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
echo "if(typeof(inlineModeration) != 'undefined') { Event.observe($('inlinemod_{$pid}'), 'click', inlineModeration.checkItem); }\n";

				echo "<script type=\"text/javascript\">\n"; 
echo "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
echo "if(typeof(inlineModeration) != 'undefined') { Event.observe($('inlinemod_{$pid}'), 'click', inlineModeration.checkItem); }\n";

Zeile 589Zeile 611
			}
}
else

			}
}
else

		{

		{

			$lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); 
redirect($url, $lang->redirect_newreply);
exit;

			$lang->redirect_newreply .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid)); 
redirect($url, $lang->redirect_newreply);
exit;

Zeile 604Zeile 626

$quote_ids = '';
// If this isn't a preview and we're not editing a draft, then handle quoted posts


$quote_ids = '';
// If this isn't a preview and we're not editing a draft, then handle quoted posts

	if(!$mybb->input['previewpost'] && !$reply_errors && $mybb->input['action'] != "editdraft")

	if(!$mybb->input['previewpost'] && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->input['attachmentaid'] && !$mybb->input['newattachment'] && !$mybb->input['updateattachment'] && !$mybb->input['rem'])

	{
$message = '';
$quoted_posts = array();

	{
$message = '';
$quoted_posts = array();

Zeile 613Zeile 635
		{
$multiquoted = explode("|", $mybb->cookies['multiquote']);
foreach($multiquoted as $post)

		{
$multiquoted = explode("|", $mybb->cookies['multiquote']);
foreach($multiquoted as $post)

			{

			{

				$quoted_posts[$post] = intval($post);
}
}

				$quoted_posts[$post] = intval($post);
}
}

Zeile 680Zeile 702
			if($external_quotes > 0)
{
if($external_quotes == 1)

			if($external_quotes > 0)
{
if($external_quotes == 1)

				{

				{

					$multiquote_text = $lang->multiquote_external_one;
$multiquote_deselect = $lang->multiquote_external_one_deselect;
$multiquote_quote = $lang->multiquote_external_one_quote;

					$multiquote_text = $lang->multiquote_external_one;
$multiquote_deselect = $lang->multiquote_external_one_deselect;
$multiquote_quote = $lang->multiquote_external_one_quote;

Zeile 703Zeile 725
	if($mybb->input['quoted_ids'])
{
$quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']);

	if($mybb->input['quoted_ids'])
{
$quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']);

	}

if($mybb->input['previewpost'])

	}

if($mybb->input['previewpost'])

	{
$previewmessage = $mybb->input['message'];

	{
$previewmessage = $mybb->input['message'];

	}

	}

	if(!$message)
{
$message = $mybb->input['message'];
}
$message = htmlspecialchars_uni($message);

	if(!$message)
{
$message = $mybb->input['message'];
}
$message = htmlspecialchars_uni($message);





	// Set up the post options.
if($mybb->input['previewpost'] || $maximageserror || $reply_errors != '')
{

	// Set up the post options.
if($mybb->input['previewpost'] || $maximageserror || $reply_errors != '')
{

Zeile 728Zeile 750
			$postoptions_subscriptionmethod_none = "checked=\"checked\"";
}
else if($postoptions['subscriptionmethod'] == "instant")

			$postoptions_subscriptionmethod_none = "checked=\"checked\"";
}
else if($postoptions['subscriptionmethod'] == "instant")

		{
$postoptions_subscriptionmethod_instant = "checked=\"checked\"";
}
else
{

		{
$postoptions_subscriptionmethod_instant = "checked=\"checked\"";
}
else
{

			$postoptions_subscriptionmethod_dont = "checked=\"checked\"";
}
if($postoptions['disablesmilies'] == 1)

			$postoptions_subscriptionmethod_dont = "checked=\"checked\"";
}
if($postoptions['disablesmilies'] == 1)

Zeile 750Zeile 772
			$postoptionschecked['signature'] = " checked=\"checked\"";
}
if($post['smilieoff'] == 1)

			$postoptionschecked['signature'] = " checked=\"checked\"";
}
if($post['smilieoff'] == 1)

		{

		{

			$postoptionschecked['disablesmilies'] = " checked=\"checked\"";
}
$mybb->input['icon'] = $post['icon'];

			$postoptionschecked['disablesmilies'] = " checked=\"checked\"";
}
$mybb->input['icon'] = $post['icon'];

Zeile 768Zeile 790
		else if($mybb->user['subscriptionmethod'] == 2)
{
$postoptions_subscriptionmethod_instant = "checked=\"checked\"";

		else if($mybb->user['subscriptionmethod'] == 2)
{
$postoptions_subscriptionmethod_instant = "checked=\"checked\"";

		}

		}

		else
{
$postoptions_subscriptionmethod_dont = "checked=\"checked\"";
}

		else
{
$postoptions_subscriptionmethod_dont = "checked=\"checked\"";
}

	}

	}


if($forum['allowpicons'] != 0)


if($forum['allowpicons'] != 0)

	{

	{

		$posticons = get_post_icons();

		$posticons = get_post_icons();

 
	}

// No subject, but post info?
if(!$subject && $mybb->input['subject'])
{
$subject = $mybb->input['subject'];

	}

// Preview a post that was written.

	}

// Preview a post that was written.

Zeile 889Zeile 917
	{
$subject = "RE: " . $thread['subject'];
}

	{
$subject = "RE: " . $thread['subject'];
}

 


	// Setup a unique posthash for attachment management
if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft")
{

	// Setup a unique posthash for attachment management
if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft")
{

	    mt_srand ((double) microtime() * 1000000);
$posthash = md5($mybb->user['uid'].mt_rand());





	    $posthash = md5($mybb->user['uid'].random_str());
}
elseif($mybb->input['action'] == "editdraft")
{
// Drafts have posthashes, too...
$posthash = $post['posthash'];

	}
else
{

	}
else
{