Vergleich newreply.php - 1.4.3 - 1.4.16

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*

 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*

 * $Id: newreply.php 4188 2008-09-14 05:05:26Z Tikitiki $

 * $Id: newreply.php 5379 2011-02-21 11:06:42Z Tomm $

 */

define("IN_MYBB", 1);

 */

define("IN_MYBB", 1);

Zeile 132Zeile 132
{
if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newreply")
{

{
if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newreply")
{

		$username = $lang->guest;

		$username = '';

	}
elseif($mybb->input['previewpost'])
{

	}
elseif($mybb->input['previewpost'])
{

Zeile 169Zeile 169

if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || ($mybb->input['action'] == "do_newreply" && $mybb->input['submit'] && $_FILES['attachment'])))
{


if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || ($mybb->input['action'] == "do_newreply" && $mybb->input['submit'] && $_FILES['attachment'])))
{

 
	// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);


	if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
{
$attachwhere = "pid='{$pid}'";

	if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
{
$attachwhere = "pid='{$pid}'";

Zeile 190Zeile 193
	if($attachedfile['error'])
{
eval("\$attacherror = \"".$templates->get("error_attacherror")."\";");

	if($attachedfile['error'])
{
eval("\$attacherror = \"".$templates->get("error_attacherror")."\";");

		$mybb->input['action'] = "newreply";
}

		$mybb->input['action'] = "newreply";
}

	
if(!$mybb->input['submit'])
{
$mybb->input['action'] = "newreply";

	
if(!$mybb->input['submit'])
{
$mybb->input['action'] = "newreply";

 
		$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />";

	}
}

// Remove an attachment.
if($mybb->input['attachmentaid'] && $mybb->input['posthash'])
{

	}
}

// Remove an attachment.
if($mybb->input['attachmentaid'] && $mybb->input['posthash'])
{

 
	// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);


	require_once MYBB_ROOT."inc/functions_upload.php";
remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']);
if(!$mybb->input['submit'])
{
$mybb->input['action'] = "newreply";

	require_once MYBB_ROOT."inc/functions_upload.php";
remove_attachment(0, $mybb->input['posthash'], $mybb->input['attachmentaid']);
if(!$mybb->input['submit'])
{
$mybb->input['action'] = "newreply";

 
		$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />";

	}
}

// Setup our posthash for managing attachments.
if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft")

	}
}

// Setup our posthash for managing attachments.
if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft")

{
mt_srand ((double) microtime() * 1000000);
$mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].mt_rand());
}


{
$mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());
}



$reply_errors = "";
$hide_captcha = false;


$reply_errors = "";
$hide_captcha = false;


Zeile 227Zeile 234
	$query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}");
$post_count = $db->fetch_field($query, "posts_today");
if($post_count >= $mybb->settings['maxposts'])

	$query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}");
$post_count = $db->fetch_field($query, "posts_today");
if($post_count >= $mybb->settings['maxposts'])

	{

	{

		$lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']);
error($lang->error_maxposts);
}
}

		$lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']);
error($lang->error_maxposts);
}
}





if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post")
{
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);

$plugins->run_hooks("newreply_do_newreply_start");

if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post")
{
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);

$plugins->run_hooks("newreply_do_newreply_start");





	// If this isn't a logged in user, then we need to do some special validation.
if($mybb->user['uid'] == 0)
{

	// If this isn't a logged in user, then we need to do some special validation.
if($mybb->user['uid'] == 0)
{

Zeile 261Zeile 268
			// If the user specified a password but it is wrong, throw back invalid password.
$mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
if(!$mybb->user['uid'])

			// If the user specified a password but it is wrong, throw back invalid password.
$mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);
if(!$mybb->user['uid'])

			{

			{

				my_setcookie('loginattempts', $logins + 1);

				my_setcookie('loginattempts', $logins + 1);

				$db->write_query("UPDATE ".TABLE_PREFIX."sessions SET loginattempts=loginattempts+1 WHERE sid = '{$session->sid}'");

				$db->write_query("UPDATE ".TABLE_PREFIX."users SET loginattempts=loginattempts+1 WHERE username = '".$db->escape_string($mybb->input['username'])."'");

				if($mybb->settings['failedlogintext'] == 1)
{
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);

				if($mybb->settings['failedlogintext'] == 1)
{
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);

				}				

				}		

				error($lang->error_invalidpassword.$login_text);
}
// Otherwise they've logged in successfully.

				error($lang->error_invalidpassword.$login_text);
}
// Otherwise they've logged in successfully.

Zeile 279Zeile 286
			// Update the session to contain their user ID
$updated_session = array(
"uid" => $mybb->user['uid'],

			// Update the session to contain their user ID
$updated_session = array(
"uid" => $mybb->user['uid'],

				"loginattempts" => 0

 
			);
$db->update_query("sessions", $updated_session, "sid='{$session->sid}'");

			);
$db->update_query("sessions", $updated_session, "sid='{$session->sid}'");

 

$db->update_query("users", array("loginattempts" => 1), "uid='{$mybb->user['uid']}'");


// Set uid and username
$uid = $mybb->user['uid'];


// Set uid and username
$uid = $mybb->user['uid'];

Zeile 329Zeile 337
	}
if(!$mybb->input['savedraft'])
{

	}
if(!$mybb->input['savedraft'])
{

		$query = $db->simple_select("posts p", "p.pid", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.posthash='".$db->escape_string($mybb->input['posthash'])."'");

		$query = $db->simple_select("posts p", "p.pid", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.posthash='".$db->escape_string($mybb->input['posthash'])."' AND p.visible != '-2'");

		$duplicate_check = $db->fetch_field($query, "pid");
if($duplicate_check)
{

		$duplicate_check = $db->fetch_field($query, "pid");
if($duplicate_check)
{

Zeile 391Zeile 399
	{
$post_errors = $posthandler->get_friendly_errors();
}

	{
$post_errors = $posthandler->get_friendly_errors();
}

 
	
// Mark thread as read
require_once MYBB_ROOT."inc/functions_indicators.php";
mark_thread_read($tid, $fid);



// Check captcha image
if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$mybb->user['uid'])


// Check captcha image
if($mybb->settings['captchaimage'] == 1 && function_exists("imagepng") && !$mybb->user['uid'])

Zeile 458Zeile 471
		else
{
// Moderated post

		else
{
// Moderated post

			$lang->redirect_newreply .= $lang->redirect_newreply_moderation;

			$lang->redirect_newreply .= '<br />'.$lang->redirect_newreply_moderation;

			$url = get_thread_link($tid);
}


			$url = get_thread_link($tid);
}


Zeile 499Zeile 512
				}
}
}

				}
}
}


// Mark thread as read
require_once MYBB_ROOT."inc/functions_indicators.php";
mark_thread_read($tid, $fid);


		





		$plugins->run_hooks("newreply_do_newreply_end");

// This was a post made via the ajax quick reply - we need to do some special things here

		$plugins->run_hooks("newreply_do_newreply_end");

// This was a post made via the ajax quick reply - we need to do some special things here

Zeile 587Zeile 596
				echo $post;

// Build a new posthash incase the user wishes to quick reply again

				echo $post;

// Build a new posthash incase the user wishes to quick reply again

				mt_srand((double) microtime() * 1000000);
$new_posthash = md5($mybb->user['uid'].mt_rand());

			    $new_posthash = md5($mybb->user['uid'].random_str());


				echo "<script type=\"text/javascript\">\n"; 
echo "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
echo "if(typeof(inlineModeration) != 'undefined') { Event.observe($('inlinemod_{$pid}'), 'click', inlineModeration.checkItem); }\n";

				echo "<script type=\"text/javascript\">\n"; 
echo "var hash = document.getElementById('posthash'); if(hash) { hash.value = '{$new_posthash}'; }\n";
echo "if(typeof(inlineModeration) != 'undefined') { Event.observe($('inlinemod_{$pid}'), 'click', inlineModeration.checkItem); }\n";

Zeile 618Zeile 626

$quote_ids = '';
// If this isn't a preview and we're not editing a draft, then handle quoted posts


$quote_ids = '';
// If this isn't a preview and we're not editing a draft, then handle quoted posts

	if(!$mybb->input['previewpost'] && !$reply_errors && $mybb->input['action'] != "editdraft")

	if(!$mybb->input['previewpost'] && !$reply_errors && $mybb->input['action'] != "editdraft" && !$mybb->input['attachmentaid'] && !$mybb->input['newattachment'] && !$mybb->input['updateattachment'] && !$mybb->input['rem'])

	{
$message = '';
$quoted_posts = array();

	{
$message = '';
$quoted_posts = array();

Zeile 632Zeile 640
			}
}
// Handle incoming 'quote' button

			}
}
// Handle incoming 'quote' button

		if($mybb->input['pid'])
{

		if($mybb->input['pid'])
{

			$quoted_posts[$mybb->input['pid']] = $mybb->input['pid'];
}


			$quoted_posts[$mybb->input['pid']] = $mybb->input['pid'];
}


Zeile 689Zeile 697
				else
{
++$external_quotes;

				else
{
++$external_quotes;

				}
}

				}
}

			if($external_quotes > 0)
{
if($external_quotes == 1)

			if($external_quotes > 0)
{
if($external_quotes == 1)

Zeile 712Zeile 720
				$quoted_ids = implode("|", $quoted_ids);
}
}

				$quoted_ids = implode("|", $quoted_ids);
}
}

	}


	}


	if($mybb->input['quoted_ids'])

	if($mybb->input['quoted_ids'])

	{

	{

		$quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']);
}


		$quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']);
}


Zeile 724Zeile 732
		$previewmessage = $mybb->input['message'];
}
if(!$message)

		$previewmessage = $mybb->input['message'];
}
if(!$message)

	{

	{

		$message = $mybb->input['message'];
}
$message = htmlspecialchars_uni($message);

		$message = $mybb->input['message'];
}
$message = htmlspecialchars_uni($message);

Zeile 734Zeile 742
	{
$postoptions = $mybb->input['postoptions'];
if($postoptions['signature'] == 1)

	{
$postoptions = $mybb->input['postoptions'];
if($postoptions['signature'] == 1)

		{
$postoptionschecked['signature'] = " checked=\"checked\"";
}

		{
$postoptionschecked['signature'] = " checked=\"checked\"";
}

		if($postoptions['subscriptionmethod'] == "none")

		if($postoptions['subscriptionmethod'] == "none")

		{

		{

			$postoptions_subscriptionmethod_none = "checked=\"checked\"";

			$postoptions_subscriptionmethod_none = "checked=\"checked\"";

		}

		}

		else if($postoptions['subscriptionmethod'] == "instant")

		else if($postoptions['subscriptionmethod'] == "instant")

		{
$postoptions_subscriptionmethod_instant = "checked=\"checked\"";
}
else
{
$postoptions_subscriptionmethod_dont = "checked=\"checked\"";

		{
$postoptions_subscriptionmethod_instant = "checked=\"checked\"";
}
else
{
$postoptions_subscriptionmethod_dont = "checked=\"checked\"";

		}
if($postoptions['disablesmilies'] == 1)
{

		}
if($postoptions['disablesmilies'] == 1)
{

Zeile 792Zeile 800
	if($forum['allowpicons'] != 0)
{
$posticons = get_post_icons();

	if($forum['allowpicons'] != 0)
{
$posticons = get_post_icons();

 
	}

// No subject, but post info?
if(!$subject && $mybb->input['subject'])
{
$subject = $mybb->input['subject'];

	}

// Preview a post that was written.

	}

// Preview a post that was written.

Zeile 814Zeile 828
			"ipaddress" => get_ip(),
"posthash" => $mybb->input['posthash']
);

			"ipaddress" => get_ip(),
"posthash" => $mybb->input['posthash']
);

	

	

		if($mybb->input['pid'])
{
$post['pid'] = $mybb->input['pid'];

		if($mybb->input['pid'])
{
$post['pid'] = $mybb->input['pid'];

Zeile 837Zeile 851
		if(count($post_errors) > 0)
{
$reply_errors = inline_error($post_errors);

		if(count($post_errors) > 0)
{
$reply_errors = inline_error($post_errors);

		}

		}

		else
{
$quote_ids = htmlspecialchars_uni($mybb->input['quote_ids']);
if(!$mybb->input['username'])

		else
{
$quote_ids = htmlspecialchars_uni($mybb->input['quote_ids']);
if(!$mybb->input['username'])

			{

			{

				$mybb->input['username'] = $lang->guest;
}
if($mybb->input['username'] && !$mybb->user['uid'])
{
$mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);

				$mybb->input['username'] = $lang->guest;
}
if($mybb->input['username'] && !$mybb->user['uid'])
{
$mybb->user = validate_password_from_username($mybb->input['username'], $mybb->input['password']);

			}

			}

			$mybb->input['icon'] = intval($mybb->input['icon']);
$query = $db->query("
SELECT u.*, f.*

			$mybb->input['icon'] = intval($mybb->input['icon']);
$query = $db->query("
SELECT u.*, f.*

Zeile 903Zeile 917
	{
$subject = "RE: " . $thread['subject'];
}

	{
$subject = "RE: " . $thread['subject'];
}

 


	// Setup a unique posthash for attachment management
if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft")
{

	// Setup a unique posthash for attachment management
if(!$mybb->input['posthash'] && $mybb->input['action'] != "editdraft")
{

	    mt_srand ((double) microtime() * 1000000);
$posthash = md5($mybb->user['uid'].mt_rand());





	    $posthash = md5($mybb->user['uid'].random_str());
}
elseif($mybb->input['action'] == "editdraft")
{
// Drafts have posthashes, too...
$posthash = htmlspecialchars_uni($post['posthash']);

	}
else
{

	}
else
{

		$posthash = $mybb->input['posthash'];

		$posthash = htmlspecialchars_uni($mybb->input['posthash']);

	}

// Get a listing of the current attachments.

	}

// Get a listing of the current attachments.