Vergleich newreply.php - 1.4.3 - 1.4.14

Zeile 6	Zeile 6
* Website: http://www.mybboard.net * License: http://www.mybboard.net/about/license *	* Website: http://www.mybboard.net * License: http://www.mybboard.net/about/license *
* $Id: newreply.php 4188 2008-09-14 05:05:26Z Tikitiki $	* $Id: newreply.php 5087 2010-07-11 11:46:40Z Huji $
*/ define("IN_MYBB", 1);	*/ define("IN_MYBB", 1);
Zeile 132	Zeile 132
{ if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newreply") {	{ if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newreply") {
$username = $lang->guest;	$username = '';
} elseif($mybb->input['previewpost']) {	} elseif($mybb->input['previewpost']) {
Zeile 169	Zeile 169
if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] \|\| ($mybb->input['action'] == "do_newreply" && $mybb->input['submit'] && $_FILES['attachment']))) {	if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] \|\| ($mybb->input['action'] == "do_newreply" && $mybb->input['submit'] && $_FILES['attachment']))) {
	// Verify incoming POST request verify_post_check($mybb->input['my_post_key']);
if($mybb->input['action'] == "editdraft" \|\| ($mybb->input['tid'] && $mybb->input['pid'])) { $attachwhere = "pid='{$pid}'";	if($mybb->input['action'] == "editdraft" \|\| ($mybb->input['tid'] && $mybb->input['pid'])) { $attachwhere = "pid='{$pid}'";
Zeile 190	Zeile 193
if($attachedfile['error']) { eval("\$attacherror = \"".$templates->get("error_attacherror")."\";");	if($attachedfile['error']) { eval("\$attacherror = \"".$templates->get("error_attacherror")."\";");
$mybb->input['action'] = "newreply"; }	$mybb->input['action'] = "newreply"; }
if(!$mybb->input['submit']) { $mybb->input['action'] = "newreply";	if(!$mybb->input['submit']) { $mybb->input['action'] = "newreply";
	$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />";
} } // Remove an attachment. if($mybb->input['attachmentaid'] && $mybb->input['posthash']) {	} } // Remove an attachment. if($mybb->input['attachmentaid'] && $mybb->input['posthash']) {
	// Verify incoming POST request verify_post_check($mybb->input['my_post_key']);
require_once MYBB_ROOT."inc/functions_upload.php"; remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']); if(!$mybb->input['submit']) { $mybb->input['action'] = "newreply";	require_once MYBB_ROOT."inc/functions_upload.php"; remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']); if(!$mybb->input['submit']) { $mybb->input['action'] = "newreply";
	$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />";
} } // Setup our posthash for managing attachments. if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft")	} } // Setup our posthash for managing attachments. if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft")
{ mt_srand ((double) microtime() * 1000000); $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].mt_rand()); }	{ $mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str()); }
$reply_errors = ""; $hide_captcha = false;	$reply_errors = ""; $hide_captcha = false;
Zeile 227	Zeile 234
$query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}"); $post_count = $db->fetch_field($query, "posts_today"); if($post_count >= $mybb->settings['maxposts'])	$query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}"); $post_count = $db->fetch_field($query, "posts_today"); if($post_count >= $mybb->settings['maxposts'])
{	{
$lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']); error($lang->error_maxposts); } }	$lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']); error($lang->error_maxposts); } }

if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post") { // Verify incoming POST request verify_post_check($mybb->input['my_post_key']); $plugins->run_hooks("newreply_do_newreply_start");	if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post") { // Verify incoming POST request verify_post_check($mybb->input['my_post_key']); $plugins->run_hooks("newreply_do_newreply_start");

// If this isn't a logged in user, then we need to do some special validation. if($mybb->user['uid'] == 0) {	// If this isn't a logged in user, then we need to do some special validation. if($mybb->user['uid'] == 0) {
Zeile 261	Zeile 268
// If the user specified a password but it is wrong, throw back invalid password. $mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); if(!$mybb->user['uid'])	// If the user specified a password but it is wrong, throw back invalid password. $mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); if(!$mybb->user['uid'])
{	{
my_setcookie('loginattempts', $logins + 1);	my_setcookie('loginattempts', $logins + 1);
$db->write_query("UPDATE ".TABLE_PREFIX."sessions SET loginattempts=loginattempts+1 WHERE sid = '{$session->sid}'");	$db->write_query("UPDATE ".TABLE_PREFIX."users SET loginattempts=loginattempts+1 WHERE username = '".$db->escape_string($mybb->input['username'])."'");
if($mybb->settings['failedlogintext'] == 1) { $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);	if($mybb->settings['failedlogintext'] == 1) { $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);
}	}
error($lang->error_invalidpassword.$login_text); } // Otherwise they've logged in successfully.	error($lang->error_invalidpassword.$login_text); } // Otherwise they've logged in successfully.
Zeile 279	Zeile 286
// Update the session to contain their user ID $updated_session = array( "uid" => $mybb->user['uid'],	// Update the session to contain their user ID $updated_session = array( "uid" => $mybb->user['uid'],
"loginattempts" => 0
); $db->update_query("sessions", $updated_session, "sid='{$session->sid}'");	); $db->update_query("sessions", $updated_session, "sid='{$session->sid}'");
	$db->update_query("users", array("loginattempts" => 1), "uid='{$mybb->user['uid']}'");
// Set uid and username $uid = $mybb->user['uid'];	// Set uid and username $uid = $mybb->user['uid'];
Zeile 329	Zeile 337
} if(!$mybb->input['savedraft']) {	} if(!$mybb->input['savedraft']) {
$query = $db->simple_select("posts p", "p.pid", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.posthash='".$db->escape_string($mybb->input['posthash'])."'");	$query = $db->simple_select("posts p", "p.pid", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.posthash='".$db->escape_string($mybb->input['posthash'])."' AND p.visible != '-2'");
$duplicate_check = $db->fetch_field($query, "pid"); if($duplicate_check) {	$duplicate_check = $db->fetch_field($query, "pid"); if($duplicate_check) {
Zeile 391	Zeile 399
{ $post_errors = $posthandler->get_friendly_errors(); }	{ $post_errors = $posthandler->get_friendly_errors(); }
	// Mark thread as read require_once MYBB_ROOT."inc/functions_indicators.php"; mark_thread_read($tid, $fid);
// Check captcha image if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$mybb->user['uid'])	// Check captcha image if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$mybb->user['uid'])
Zeile 458	Zeile 471
else { // Moderated post	else { // Moderated post
$lang->redirect_newreply .= $lang->redirect_newreply_moderation;	$lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;
$url = get_thread_link($tid); }	$url = get_thread_link($tid); }
Zeile 499	Zeile 512
} } }	} } }
// Mark thread as read require_once MYBB_ROOT."inc/functions_indicators.php"; mark_thread_read($tid, $fid);
$plugins->run_hooks("newreply_do_newreply_end"); // This was a post made via the ajax quick reply - we need to do some special things here	$plugins->run_hooks("newreply_do_newreply_end"); // This was a post made via the ajax quick reply - we need to do some special things here
Zeile 587	Zeile 596
echo $post; // Build a new posthash incase the user wishes to quick reply again	echo $post; // Build a new posthash incase the user wishes to quick reply again
mt_srand((double) microtime() * 1000000); $new_posthash = md5($mybb->user['uid'].mt_rand());	$new_posthash = md5($mybb->user['uid'].random_str());
echo "<script type=\"text/javascript\">\n"; echo "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n"; echo "if(typeof(inlineModeration) != 'undefined') { Event.observe($('inlinemod_{$pid}'), 'click', inlineModeration.checkItem); }\n";	echo "<script type=\"text/javascript\">\n"; echo "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n"; echo "if(typeof(inlineModeration) != 'undefined') { Event.observe($('inlinemod_{$pid}'), 'click', inlineModeration.checkItem); }\n";
Zeile 618	Zeile 626
$quote_ids = ''; // If this isn't a preview and we're not editing a draft, then handle quoted posts	$quote_ids = ''; // If this isn't a preview and we're not editing a draft, then handle quoted posts
if(!$mybb->input['previewpost'] && !$reply_errors && $mybb->input['action'] != "editdraft")	if(!$mybb->input['previewpost'] && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->input['attachmentaid'] && !$mybb->input['newattachment'] && !$mybb->input['updateattachment'] && !$mybb->input['rem'])
{ $message = ''; $quoted_posts = array();	{ $message = ''; $quoted_posts = array();
Zeile 632	Zeile 640
} } // Handle incoming 'quote' button	} } // Handle incoming 'quote' button
if($mybb->input['pid']) {	if($mybb->input['pid']) {
$quoted_posts[$mybb->input['pid']] = $mybb->input['pid']; }	$quoted_posts[$mybb->input['pid']] = $mybb->input['pid']; }
Zeile 689	Zeile 697
else { ++$external_quotes;	else { ++$external_quotes;
} }	} }
if($external_quotes > 0) { if($external_quotes == 1)	if($external_quotes > 0) { if($external_quotes == 1)
Zeile 712	Zeile 720
$quoted_ids = implode("\|", $quoted_ids); } }	$quoted_ids = implode("\|", $quoted_ids); } }
}	}
if($mybb->input['quoted_ids'])	if($mybb->input['quoted_ids'])
{	{
$quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']); }	$quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']); }
Zeile 724	Zeile 732
$previewmessage = $mybb->input['message']; } if(!$message)	$previewmessage = $mybb->input['message']; } if(!$message)
{	{
$message = $mybb->input['message']; } $message = htmlspecialchars_uni($message);	$message = $mybb->input['message']; } $message = htmlspecialchars_uni($message);
Zeile 734	Zeile 742
{ $postoptions = $mybb->input['postoptions']; if($postoptions['signature'] == 1)	{ $postoptions = $mybb->input['postoptions']; if($postoptions['signature'] == 1)
{ $postoptionschecked['signature'] = " checked=\"checked\""; }	{ $postoptionschecked['signature'] = " checked=\"checked\""; }
if($postoptions['subscriptionmethod'] == "none")	if($postoptions['subscriptionmethod'] == "none")
{	{
$postoptions_subscriptionmethod_none = "checked=\"checked\"";	$postoptions_subscriptionmethod_none = "checked=\"checked\"";
}	}
else if($postoptions['subscriptionmethod'] == "instant")	else if($postoptions['subscriptionmethod'] == "instant")
{ $postoptions_subscriptionmethod_instant = "checked=\"checked\""; } else { $postoptions_subscriptionmethod_dont = "checked=\"checked\"";	{ $postoptions_subscriptionmethod_instant = "checked=\"checked\""; } else { $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
} if($postoptions['disablesmilies'] == 1) {	} if($postoptions['disablesmilies'] == 1) {
Zeile 792	Zeile 800
if($forum['allowpicons'] != 0) { $posticons = get_post_icons();	if($forum['allowpicons'] != 0) { $posticons = get_post_icons();
	} // No subject, but post info? if(!$subject && $mybb->input['subject']) { $subject = $mybb->input['subject'];
} // Preview a post that was written.	} // Preview a post that was written.
Zeile 814	Zeile 828
"ipaddress" => get_ip(), "posthash" => $mybb->input['posthash'] );	"ipaddress" => get_ip(), "posthash" => $mybb->input['posthash'] );

if($mybb->input['pid']) { $post['pid'] = $mybb->input['pid'];	if($mybb->input['pid']) { $post['pid'] = $mybb->input['pid'];
Zeile 837	Zeile 851
if(count($post_errors) > 0) { $reply_errors = inline_error($post_errors);	if(count($post_errors) > 0) { $reply_errors = inline_error($post_errors);
}	}
else { $quote_ids = htmlspecialchars_uni($mybb->input['quote_ids']); if(!$mybb->input['username'])	else { $quote_ids = htmlspecialchars_uni($mybb->input['quote_ids']); if(!$mybb->input['username'])
{	{
$mybb->input['username'] = $lang->guest; } if($mybb->input['username'] && !$mybb->user['uid']) { $mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);	$mybb->input['username'] = $lang->guest; } if($mybb->input['username'] && !$mybb->user['uid']) { $mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
}	}
$mybb->input['icon'] = intval($mybb->input['icon']); $query = $db->query(" SELECT u., f.	$mybb->input['icon'] = intval($mybb->input['icon']); $query = $db->query(" SELECT u., f.
Zeile 903	Zeile 917
{ $subject = "RE: " . $thread['subject']; }	{ $subject = "RE: " . $thread['subject']; }

// Setup a unique posthash for attachment management if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft") {	// Setup a unique posthash for attachment management if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft") {
mt_srand ((double) microtime() * 1000000); $posthash = md5($mybb->user['uid'].mt_rand());	$posthash = md5($mybb->user['uid'].random_str()); } elseif($mybb->input['action'] == "editdraft") { // Drafts have posthashes, too... $posthash = $post['posthash'];
} else {	} else {