MyBB PHP Cross Reference Discussion Forums

Source: /newthread.php - 965 lines - 29048 bytes - Summary - Text - Print

Description: MyBB 1.6 Copyright 2010 MyBB Group, All Rights Reserved

   1  <?php
   2  /**
   3   * MyBB 1.6
   4   * Copyright 2010 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://mybb.com
   7   * License: http://mybb.com/about/license
   8   *
   9   * $Id$
  10   */
  11  
  12  define("IN_MYBB", 1);
  13  define('THIS_SCRIPT', 'newthread.php');
  14  
  15  $templatelist = "newthread,previewpost,loginbox,changeuserbox,newthread_postpoll,posticons,codebuttons,smilieinsert,newthread_multiquote_external,post_attachments_attachment_unapproved";
  16  $templatelist .= ",newthread_disablesmilies,newreply_modoptions,post_attachments_new,post_attachments,post_savedraftbutton,post_subscription_method,post_attachments_attachment_remove";
  17  $templatelist .= ",forumdisplay_rules,forumdisplay_rules_link,post_attachments_attachment_postinsert,post_attachments_attachment,newthread_options_signature";
  18  $templatelist .= ",member_register_regimage,member_register_regimage_recaptcha,post_captcha_hidden,post_captcha,post_captcha_recaptcha,postbit_groupimage,postbit_online,postbit_away,postbit_offline";
  19  $templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,postbit_author_guest";
  20  $templatelist .= ",postbit_signature,postbit_classic,postbit,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved";
  21  $templatelist .= ",postbit_attachments_thumbnails,postbit_attachments_images,postbit_attachments,postbit_gotopost,smilieinsert_getmore";
  22  
  23  require_once  "./global.php";
  24  require_once  MYBB_ROOT."inc/functions_post.php";
  25  require_once  MYBB_ROOT."inc/functions_user.php";
  26  
  27  // Load global language phrases
  28  $lang->load("newthread");
  29  
  30  $tid = $pid = "";
  31  if($mybb->input['action'] == "editdraft" || ($mybb->input['savedraft'] && $mybb->input['tid']) || ($mybb->input['tid'] && $mybb->input['pid']))
  32  {
  33      $thread = get_thread($mybb->input['tid']);
  34  
  35      $query = $db->simple_select("posts", "*", "tid='".intval($mybb->input['tid'])."' AND visible='-2'", array('order_by' => 'dateline', 'limit' => 1));
  36      $post = $db->fetch_array($query);
  37  
  38      if(!$thread['tid'] || !$post['pid'] || $thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid'])
  39      {
  40          error($lang->invalidthread);
  41      }
  42  
  43      $pid = $post['pid'];
  44      $fid = $thread['fid'];
  45      $tid = $thread['tid'];
  46      $editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />";
  47  }
  48  else
  49  {
  50      $fid = intval($mybb->input['fid']);
  51  }
  52  
  53  // Fetch forum information.
  54  $forum = get_forum($fid);
  55  if(!$forum)
  56  {
  57      error($lang->error_invalidforum);
  58  }
  59  
  60  // Draw the navigation
  61  build_forum_breadcrumb($fid);
  62  add_breadcrumb($lang->nav_newthread);
  63  
  64  $forumpermissions = forum_permissions($fid);
  65  
  66  if($forum['open'] == 0 || $forum['type'] != "f" || $forum['linkto'] != "")
  67  {
  68      error($lang->error_closedinvalidforum);
  69  }
  70  
  71  if($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1)
  72  {
  73      error_no_permission();
  74  }
  75  
  76  // Check if this forum is password protected and we have a valid password
  77  check_forum_password($forum['fid']);
  78  
  79  // If MyCode is on for this forum and the MyCode editor is enabled in the Admin CP, draw the code buttons and smilie inserter.
  80  if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
  81  {
  82      $codebuttons = build_mycode_inserter();
  83      if($forum['allowsmilies'] != 0)
  84      {
  85          $smilieinserter = build_clickable_smilies();
  86      }
  87  }
  88  
  89  // Does this forum allow post icons? If so, fetch the post icons.
  90  if($forum['allowpicons'] != 0)
  91  {
  92      $posticons = get_post_icons();
  93  }
  94  
  95  // If we have a currently logged in user then fetch the change user box.
  96  if($mybb->user['uid'] != 0)
  97  {
  98      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
  99  }
 100  
 101  // Otherwise we have a guest, determine the "username" and get the login box.
 102  else
 103  {
 104      if(!$mybb->input['previewpost'] && $mybb->input['action'] != "do_newthread")
 105      {
 106          $username = '';
 107      }
 108      else
 109      {
 110          $username = htmlspecialchars_uni($mybb->input['username']);
 111      }
 112      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
 113  }
 114  
 115  // If we're not performing a new thread insert and not editing a draft then we're posting a new thread.
 116  if($mybb->input['action'] != "do_newthread" && $mybb->input['action'] != "editdraft")
 117  {
 118      $mybb->input['action'] = "newthread";
 119  }
 120  
 121  // Previewing a post, overwrite the action to the new thread action.
 122  if($mybb->input['previewpost'])
 123  {
 124      $mybb->input['action'] = "newthread";
 125  }
 126  
 127  // Setup a unique posthash for attachment management
 128  if(!$mybb->input['posthash'] && !$pid)
 129  {
 130      $mybb->input['posthash'] = md5($mybb->user['uid'].random_str());
 131  }
 132  
 133  if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1')
 134  {
 135      error($lang->error_cannot_upload_php_post);
 136  }
 137  
 138  // Handle attachments if we've got any.
 139  if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || $mybb->input['updateattachment'] || ($mybb->input['action'] == "do_newthread" && $mybb->input['submit'] && $_FILES['attachment'])))
 140  {
 141      // Verify incoming POST request
 142      verify_post_check($mybb->input['my_post_key']);
 143  
 144      if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 145      {
 146          $attachwhere = "pid='{$pid}'";
 147      }
 148      else
 149      {
 150          $attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'";
 151      }
 152      $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere);
 153      $attachcount = $db->fetch_field($query, "numattachs");
 154  
 155      // If there's an attachment, check it and upload it
 156      if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 ||  $attachcount < $mybb->settings['maxattachments']))
 157      {
 158          require_once  MYBB_ROOT."inc/functions_upload.php";
 159  
 160          $update_attachment = false;
 161          if($mybb->input['updateattachment'])
 162          {
 163              $update_attachment = true;
 164          }
 165          $attachedfile = upload_attachment($_FILES['attachment'], $update_attachment);
 166      }
 167  
 168      // Error with attachments - should use new inline errors?
 169      if($attachedfile['error'])
 170      {
 171          $errors[] = $attachedfile['error'];
 172          $mybb->input['action'] = "newthread";
 173      }
 174  
 175      // If we were dealing with an attachment but didn't click 'Post Thread', force the new thread page again.
 176      if(!$mybb->input['submit'])
 177      {
 178          //$editdraftpid = "<input type=\"hidden\" name=\"pid\" value=\"$pid\" />";
 179          $mybb->input['action'] = "newthread";
 180      }
 181  }
 182  
 183  // Are we removing an attachment from the thread?
 184  if($mybb->input['attachmentaid'] && $mybb->input['attachmentact'] == "remove")
 185  {
 186      // Verify incoming POST request
 187      verify_post_check($mybb->input['my_post_key']);
 188  
 189      require_once  MYBB_ROOT."inc/functions_upload.php";
 190      remove_attachment($pid, $mybb->input['posthash'], $mybb->input['attachmentaid']);
 191      if(!$mybb->input['submit'])
 192      {
 193          $mybb->input['action'] = "newthread";
 194      }
 195  }
 196  
 197  $thread_errors = "";
 198  $hide_captcha = false;
 199  
 200  // Check the maximum posts per day for this user
 201  if($mybb->settings['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1)
 202  {
 203      $daycut = TIME_NOW-60*60*24;
 204      $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}");
 205      $post_count = $db->fetch_field($query, "posts_today");
 206      if($post_count >= $mybb->settings['maxposts'])
 207      {
 208          $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']);
 209          error($lang->error_maxposts);
 210      }
 211  }
 212  
 213  // Performing the posting of a new thread.
 214  if($mybb->input['action'] == "do_newthread" && $mybb->request_method == "post")
 215  {
 216      // Verify incoming POST request
 217      verify_post_check($mybb->input['my_post_key']);
 218  
 219      $plugins->run_hooks("newthread_do_newthread_start");
 220  
 221      // If this isn't a logged in user, then we need to do some special validation.
 222      if($mybb->user['uid'] == 0)
 223      {
 224          $username = htmlspecialchars_uni($mybb->input['username']);
 225  
 226          // Check if username exists.
 227          if(username_exists($mybb->input['username']))
 228          {
 229              // If it does throw back "username is taken"
 230              error($lang->error_usernametaken);
 231          }
 232          // This username does not exist.
 233          else
 234          {
 235              // If they didn't specify a username then give them "Guest"
 236              if(!$mybb->input['username'])
 237              {
 238                  $username = $lang->guest;
 239              }
 240              // Otherwise use the name they specified.
 241              else
 242              {
 243                  $username = htmlspecialchars_uni($mybb->input['username']);
 244              }
 245              $uid = 0;
 246          }
 247      }
 248      // This user is logged in.
 249      else
 250      {
 251          $username = $mybb->user['username'];
 252          $uid = $mybb->user['uid'];
 253      }
 254  
 255      // Attempt to see if this post is a duplicate or not
 256      if($uid > 0)
 257      {
 258          $user_check = "p.uid='{$uid}'";
 259      }
 260      else
 261      {
 262          $user_check = "p.ipaddress='".$db->escape_string($session->ipaddress)."'";
 263      }
 264      if(!$mybb->input['savedraft'] && !$pid)
 265      {
 266          $query = $db->simple_select("posts p", "p.pid", "$user_check AND p.fid='{$forum['fid']}' AND p.subject='".$db->escape_string($mybb->input['subject'])."' AND p.message='".$db->escape_string($mybb->input['message'])."' AND p.dateline>".(TIME_NOW-600));
 267          $duplicate_check = $db->fetch_field($query, "pid");
 268          if($duplicate_check)
 269          {
 270              error($lang->error_post_already_submitted);
 271          }
 272      }
 273  
 274      // Set up posthandler.
 275      require_once  MYBB_ROOT."inc/datahandlers/post.php";
 276      $posthandler = new PostDataHandler("insert");
 277      $posthandler->action = "thread";
 278  
 279      // Set the thread data that came from the input to the $thread array.
 280      $new_thread = array(
 281          "fid" => $forum['fid'],
 282          "subject" => $mybb->input['subject'],
 283          "prefix" => $mybb->input['threadprefix'],
 284          "icon" => $mybb->input['icon'],
 285          "uid" => $uid,
 286          "username" => $username,
 287          "message" => $mybb->input['message'],
 288          "ipaddress" => get_ip(),
 289          "posthash" => $mybb->input['posthash']
 290      );
 291  
 292      if($pid != '')
 293      {
 294          $new_thread['pid'] = $pid;
 295      }
 296  
 297      // Are we saving a draft thread?
 298      if($mybb->input['savedraft'] && $mybb->user['uid'])
 299      {
 300          $new_thread['savedraft'] = 1;
 301      }
 302      else
 303      {
 304          $new_thread['savedraft'] = 0;
 305      }
 306  
 307      // Is this thread already a draft and we're updating it?
 308      if(isset($thread['tid']) && $thread['visible'] == -2)
 309      {
 310          $new_thread['tid'] = $thread['tid'];
 311      }
 312  
 313      // Set up the thread options from the input.
 314      $new_thread['options'] = array(
 315          "signature" => $mybb->input['postoptions']['signature'],
 316          "subscriptionmethod" => $mybb->input['postoptions']['subscriptionmethod'],
 317          "disablesmilies" => $mybb->input['postoptions']['disablesmilies']
 318      );
 319  
 320      // Apply moderation options if we have them
 321      $new_thread['modoptions'] = $mybb->input['modoptions'];
 322  
 323      $posthandler->set_data($new_thread);
 324  
 325      // Now let the post handler do all the hard work.
 326      $valid_thread = $posthandler->validate_thread();
 327  
 328      $post_errors = array();
 329      // Fetch friendly error messages if this is an invalid thread
 330      if(!$valid_thread)
 331      {
 332          $post_errors = $posthandler->get_friendly_errors();
 333      }
 334  
 335      // Check captcha image
 336      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 337      {
 338          require_once  MYBB_ROOT.'inc/class_captcha.php';
 339          $post_captcha = new captcha;
 340  
 341          if($post_captcha->validate_captcha() == false)
 342          {
 343              // CAPTCHA validation failed
 344              foreach($post_captcha->get_errors() as $error)
 345              {
 346                  $post_errors[] = $error;
 347              }
 348          }
 349          else
 350          {
 351              $hide_captcha = true;
 352          }
 353      }
 354  
 355      // One or more errors returned, fetch error list and throw to newthread page
 356      if(count($post_errors) > 0)
 357      {
 358          $thread_errors = inline_error($post_errors);
 359          $mybb->input['action'] = "newthread";
 360      }
 361      // No errors were found, it is safe to insert the thread.
 362      else
 363      {
 364          $thread_info = $posthandler->insert_thread();
 365          $tid = $thread_info['tid'];
 366          $visible = $thread_info['visible'];
 367  
 368          // Invalidate solved captcha
 369          if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 370          {
 371              $post_captcha->invalidate_captcha();
 372          }
 373  
 374          // Mark thread as read
 375          require_once  MYBB_ROOT."inc/functions_indicators.php";
 376          mark_thread_read($tid, $fid);
 377  
 378          // We were updating a draft thread, send them back to the draft listing.
 379          if($new_thread['savedraft'] == 1)
 380          {
 381              $lang->redirect_newthread = $lang->draft_saved;
 382              $url = "usercp.php?action=drafts";
 383          }
 384  
 385          // A poll was being posted with this thread, throw them to poll posting page.
 386          else if($mybb->input['postpoll'] && $forumpermissions['canpostpolls'])
 387          {
 388              $url = "polls.php?action=newpoll&tid=$tid&polloptions=".intval($mybb->input['numpolloptions']);
 389              $lang->redirect_newthread .= $lang->redirect_newthread_poll;
 390          }
 391  
 392          // This thread is stuck in the moderation queue, send them back to the forum.
 393          else if(!$visible)
 394          {
 395              // Moderated thread
 396              if($mybb->user['showredirect'] != 1)
 397              {
 398                  // User must see moderation notice, regardless of redirect settings
 399                  $mybb->user['showredirect'] = 1;
 400              }
 401  
 402              $lang->redirect_newthread .= $lang->redirect_newthread_moderation;
 403              $url = get_forum_link($fid);
 404          }
 405  
 406          // This is just a normal thread - send them to it.
 407          else
 408          {
 409              // Visible thread
 410              $lang->redirect_newthread .= $lang->redirect_newthread_thread;
 411              $url = get_thread_link($tid);
 412          }
 413  
 414          // Mark any quoted posts so they're no longer selected - attempts to maintain those which weren't selected
 415          if($mybb->input['quoted_ids'] && $mybb->cookies['multiquote'] && $mybb->settings['multiquote'] != 0)
 416          {
 417              // We quoted all posts - remove the entire cookie
 418              if($mybb->input['quoted_ids'] == "all")
 419              {
 420                  my_unsetcookie("multiquote");
 421              }
 422          }
 423  
 424          $plugins->run_hooks("newthread_do_newthread_end");
 425  
 426          // Hop to it! Send them to the next page.
 427          if(!$mybb->input['postpoll'])
 428          {
 429              $lang->redirect_newthread .= $lang->sprintf($lang->redirect_return_forum, get_forum_link($fid));
 430          }
 431          redirect($url, $lang->redirect_newthread);
 432      }
 433  }
 434  
 435  if($mybb->input['action'] == "newthread" || $mybb->input['action'] == "editdraft")
 436  {
 437      $plugins->run_hooks("newthread_start");
 438  
 439      // Do we have attachment errors?
 440      if(count($errors) > 0)
 441      {
 442          $thread_errors = inline_error($errors);
 443      }
 444  
 445      // If this isn't a preview and we're not editing a draft, then handle quoted posts
 446      if(!$mybb->input['previewpost'] && !$thread_errors && $mybb->input['action'] != "editdraft")
 447      {
 448          $message = '';
 449          $quoted_posts = array();
 450          // Handle multiquote
 451          if($mybb->cookies['multiquote'] && $mybb->settings['multiquote'] != 0)
 452          {
 453              $multiquoted = explode("|", $mybb->cookies['multiquote']);
 454              foreach($multiquoted as $post)
 455              {
 456                  $quoted_posts[$post] = intval($post);
 457              }
 458          }
 459  
 460          // Quoting more than one post - fetch them
 461          if(count($quoted_posts) > 0)
 462          {
 463              $external_quotes = 0;
 464              $quoted_posts = implode(",", $quoted_posts);
 465              $unviewable_forums = get_unviewable_forums();
 466              if($unviewable_forums)
 467              {
 468                  $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
 469              }
 470  
 471              if(is_moderator($fid))
 472              {
 473                  $visible_where = "AND p.visible != 2";
 474              }
 475              else
 476              {
 477                  $visible_where = "AND p.visible > 0";
 478              }
 479  
 480              if(intval($mybb->input['load_all_quotes']) == 1)
 481              {
 482                  $query = $db->query("
 483                      SELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername
 484                      FROM ".TABLE_PREFIX."posts p
 485                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 486                      LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
 487                      WHERE p.pid IN ($quoted_posts) {$unviewable_forums} {$visible_where}
 488                      ORDER BY p.dateline
 489                  ");
 490                  while($quoted_post = $db->fetch_array($query))
 491                  {
 492                      if($quoted_post['userusername'])
 493                      {
 494                          $quoted_post['username'] = $quoted_post['userusername'];
 495                      }
 496                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
 497                      $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
 498                      $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
 499                      $message .= "[quote='{$quoted_post['username']}' pid='{$quoted_post['pid']}' dateline='{$quoted_post['dateline']}']\n{$quoted_post['message']}\n[/quote]\n\n";
 500                  }
 501  
 502                  $quoted_ids = "all";
 503              }
 504              else
 505              {
 506                  $query = $db->query("
 507                      SELECT COUNT(*) AS quotes
 508                      FROM ".TABLE_PREFIX."posts p
 509                      LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
 510                      WHERE p.pid IN ($quoted_posts) {$unviewable_forums} {$visible_where}
 511                  ");
 512                  $external_quotes = $db->fetch_field($query, 'quotes');
 513  
 514                  if($external_quotes > 0)
 515                  {
 516                      if($external_quotes == 1)
 517                      {
 518                          $multiquote_text = $lang->multiquote_external_one;
 519                          $multiquote_deselect = $lang->multiquote_external_one_deselect;
 520                          $multiquote_quote = $lang->multiquote_external_one_quote;
 521                      }
 522                      else
 523                      {
 524                          $multiquote_text = $lang->sprintf($lang->multiquote_external, $external_quotes);
 525                          $multiquote_deselect = $lang->multiquote_external_deselect;
 526                          $multiquote_quote = $lang->multiquote_external_quote;
 527                      }
 528                      eval("\$multiquote_external = \"".$templates->get("newthread_multiquote_external")."\";");
 529                  }
 530              }
 531          }
 532      }
 533  
 534      if($mybb->input['quoted_ids'])
 535      {
 536          $quoted_ids = htmlspecialchars_uni($mybb->input['quoted_ids']);
 537      }
 538  
 539      // Check the various post options if we're
 540      // a -> previewing a post
 541      // b -> removing an attachment
 542      // c -> adding a new attachment
 543      // d -> have errors from posting
 544  
 545      if($mybb->input['previewpost'] || $mybb->input['attachmentaid'] || $mybb->input['newattachment'] || $mybb->input['updateattachment'] || $thread_errors)
 546      {
 547          $postoptions = $mybb->input['postoptions'];
 548          if($postoptions['signature'] == 1)
 549          {
 550              $postoptionschecked['signature'] = " checked=\"checked\"";
 551          }
 552          if($postoptions['subscriptionmethod'] == "none")
 553          {
 554              $postoptions_subscriptionmethod_none = "checked=\"checked\"";
 555          }
 556          else if($postoptions['subscriptionmethod'] == "instant")
 557          {
 558              $postoptions_subscriptionmethod_instant = "checked=\"checked\"";
 559          }
 560          else
 561          {
 562              $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
 563          }
 564          if($postoptions['disablesmilies'] == 1)
 565          {
 566              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 567          }
 568          if($mybb->input['postpoll'] == 1)
 569          {
 570              $postpollchecked = "checked=\"checked\"";
 571          }
 572          $numpolloptions = intval($mybb->input['numpolloptions']);
 573      }
 574  
 575      // Editing a draft thread
 576      else if($mybb->input['action'] == "editdraft" && $mybb->user['uid'])
 577      {
 578          $mybb->input['threadprefix'] = $thread['prefix'];
 579          $message = htmlspecialchars_uni($post['message']);
 580          $subject = htmlspecialchars_uni($post['subject']);
 581          if($post['includesig'] != 0)
 582          {
 583              $postoptionschecked['signature'] = " checked=\"checked\"";
 584          }
 585          if($post['smilieoff'] == 1)
 586          {
 587              $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
 588          }
 589          $icon = $post['icon'];
 590          if($forum['allowpicons'] != 0)
 591          {
 592              $posticons = get_post_icons();
 593          }
 594          if($postoptions['subscriptionmethod'] == "none")
 595          {
 596              $postoptions_subscriptionmethod_none = "checked=\"checked\"";
 597          }
 598          else if($postoptions['subscriptionmethod'] == "instant")
 599          {
 600              $postoptions_subscriptionmethod_instant = "checked=\"checked\"";
 601          }
 602          else
 603          {
 604              $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
 605          }
 606      }
 607  
 608      // Otherwise, this is our initial visit to this page.
 609      else
 610      {
 611          if($mybb->user['signature'] != '')
 612          {
 613              $postoptionschecked['signature'] = " checked=\"checked\"";
 614          }
 615          if($mybb->user['subscriptionmethod'] ==  1)
 616          {
 617              $postoptions_subscriptionmethod_none = "checked=\"checked\"";
 618          }
 619          else if($mybb->user['subscriptionmethod'] == 2)
 620          {
 621              $postoptions_subscriptionmethod_instant = "checked=\"checked\"";
 622          }
 623          else
 624          {
 625              $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
 626          }
 627          $numpolloptions = "2";
 628      }
 629  
 630      // If we're preving a post then generate the preview.
 631      if($mybb->input['previewpost'])
 632      {
 633          // Set up posthandler.
 634          require_once  MYBB_ROOT."inc/datahandlers/post.php";
 635          $posthandler = new PostDataHandler("insert");
 636          $posthandler->action = "thread";
 637  
 638          // Set the thread data that came from the input to the $thread array.
 639          $new_thread = array(
 640              "fid" => $forum['fid'],
 641              "prefix" => $mybb->input['threadprefix'],
 642              "subject" => $mybb->input['subject'],
 643              "icon" => $mybb->input['icon'],
 644              "uid" => $uid,
 645              "username" => $username,
 646              "message" => $mybb->input['message'],
 647              "ipaddress" => get_ip(),
 648              "posthash" => $mybb->input['posthash']
 649          );
 650  
 651          if($pid != '')
 652          {
 653              $new_thread['pid'] = $pid;
 654          }
 655  
 656          $posthandler->set_data($new_thread);
 657  
 658          // Now let the post handler do all the hard work.
 659          $valid_thread = $posthandler->verify_message();
 660          $valid_subject = $posthandler->verify_subject();
 661  
 662          $post_errors = array();
 663          // Fetch friendly error messages if this is an invalid post
 664          if(!$valid_thread || !$valid_subject)
 665          {
 666              $post_errors = $posthandler->get_friendly_errors();
 667          }
 668  
 669          // One or more errors returned, fetch error list and throw to newreply page
 670          if(count($post_errors) > 0)
 671          {
 672              $thread_errors = inline_error($post_errors);
 673          }
 674          else
 675          {
 676              if(!$mybb->input['username'])
 677              {
 678                  $mybb->input['username'] = $lang->guest;
 679              }
 680              $query = $db->query("
 681                  SELECT u.*, f.*
 682                  FROM ".TABLE_PREFIX."users u
 683                  LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 684                  WHERE u.uid='".$mybb->user['uid']."'
 685              ");
 686              $post = $db->fetch_array($query);
 687              if(!$mybb->user['uid'] || !$post['username'])
 688              {
 689                  $post['username'] = htmlspecialchars_uni($mybb->input['username']);
 690              }
 691              else
 692              {
 693                  $post['userusername'] = $mybb->user['username'];
 694                  $post['username'] = $mybb->user['username'];
 695              }
 696              $previewmessage = $mybb->input['message'];
 697              $post['message'] = $previewmessage;
 698              $post['subject'] = $mybb->input['subject'];
 699              $post['icon'] = $mybb->input['icon'];
 700              $post['smilieoff'] = $postoptions['disablesmilies'];
 701              $post['dateline'] = TIME_NOW;
 702              $post['includesig'] = $mybb->input['postoptions']['signature'];
 703              if($post['includesig'] != 1)
 704              {
 705                  $post['includesig'] = 0;
 706              }
 707  
 708              // Fetch attachments assigned to this post
 709              if($mybb->input['pid'])
 710              {
 711                  $attachwhere = "pid='".intval($mybb->input['pid'])."'";
 712              }
 713              else
 714              {
 715                  $attachwhere = "posthash='".$db->escape_string($mybb->input['posthash'])."'";
 716              }
 717  
 718              $query = $db->simple_select("attachments", "*", $attachwhere);
 719              while($attachment = $db->fetch_array($query))
 720              {
 721                  $attachcache[0][$attachment['aid']] = $attachment;
 722              }
 723  
 724              $postbit = build_postbit($post, 1);
 725              eval("\$preview = \"".$templates->get("previewpost")."\";");
 726          }
 727          $message = htmlspecialchars_uni($mybb->input['message']);
 728          $subject = htmlspecialchars_uni($mybb->input['subject']);
 729      }
 730  
 731      // Removing an attachment or adding a new one, or showting thread errors.
 732      else if($mybb->input['attachmentaid'] || $mybb->input['newattachment'] || $mybb->input['updateattachment'] || $thread_errors)
 733      {
 734          $message = htmlspecialchars_uni($mybb->input['message']);
 735          $subject = htmlspecialchars_uni($mybb->input['subject']);
 736      }
 737  
 738      // Generate thread prefix selector
 739      if(!intval($mybb->input['threadprefix']))
 740      {
 741          $mybb->input['threadprefix'] = 0;
 742      }
 743  
 744      $prefixselect = build_prefix_select($forum['fid'], $mybb->input['threadprefix']);
 745  
 746      $posthash = htmlspecialchars_uni($mybb->input['posthash']);
 747  
 748      // Can we disable smilies or are they disabled already?
 749      if($forum['allowsmilies'] != 0)
 750      {
 751          eval("\$disablesmilies = \"".$templates->get("newthread_disablesmilies")."\";");
 752      }
 753      else
 754      {
 755          $disablesmilies = "<input type=\"hidden\" name=\"postoptions[disablesmilies]\" value=\"no\" />";
 756      }
 757  
 758      // Show the moderator options
 759      if(is_moderator($fid))
 760      {
 761          $modoptions = $mybb->input['modoptions'];
 762          if($modoptions['closethread'] == 1)
 763          {
 764              $closecheck = "checked=\"checked\"";
 765          }
 766          else
 767          {
 768              $closecheck = '';
 769          }
 770          if($modoptions['stickthread'] == 1)
 771          {
 772              $stickycheck = "checked=\"checked\"";
 773          }
 774          else
 775          {
 776              $stickycheck = '';
 777          }
 778          unset($modoptions);
 779          eval("\$modoptions = \"".$templates->get("newreply_modoptions")."\";");
 780          $bgcolor = "trow1";
 781          $bgcolor2 = "trow2";
 782      }
 783      else
 784      {
 785          $bgcolor = "trow2";
 786          $bgcolor2 = "trow1";
 787      }
 788  
 789      // Fetch subscription select box
 790      eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
 791  
 792      if($forumpermissions['canpostattachments'] != 0)
 793      { // Get a listing of the current attachments, if there are any
 794          $attachcount = 0;
 795          if($mybb->input['action'] == "editdraft" || ($mybb->input['tid'] && $mybb->input['pid']))
 796          {
 797              $attachwhere = "pid='$pid'";
 798          }
 799          else
 800          {
 801              $attachwhere = "posthash='".$db->escape_string($posthash)."'";
 802          }
 803          $query = $db->simple_select("attachments", "*", $attachwhere);
 804          $attachments = '';
 805          while($attachment = $db->fetch_array($query))
 806          {
 807              $attachment['size'] = get_friendly_size($attachment['filesize']);
 808              $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
 809              $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
 810  
 811              if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
 812              {
 813                  eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
 814              }
 815  
 816              eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
 817  
 818              $attach_mod_options = '';
 819              if($attachment['visible'] != 1)
 820              {
 821                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
 822              }
 823              else
 824              {
 825                  eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
 826              }
 827              $attachcount++;
 828          }
 829          $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
 830          $usage = $db->fetch_array($query);
 831          if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
 832          {
 833              $noshowattach = 1;
 834          }
 835          if($mybb->usergroup['attachquota'] == 0)
 836          {
 837              $friendlyquota = $lang->unlimited;
 838          }
 839          else
 840          {
 841              $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
 842          }
 843          $friendlyusage = get_friendly_size($usage['ausage']);
 844          $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyusage, $friendlyquota);
 845          if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
 846          {
 847              eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
 848          }
 849          eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
 850  
 851          $bgcolor = alt_trow();
 852      }
 853  
 854      if($mybb->user['uid'])
 855      {
 856          eval("\$savedraftbutton = \"".$templates->get("post_savedraftbutton", 1, 0)."\";");
 857      }
 858  
 859      // Show captcha image for guests if enabled
 860      if($mybb->settings['captchaimage'] && !$mybb->user['uid'])
 861      {
 862          $correct = false;
 863          require_once  MYBB_ROOT.'inc/class_captcha.php';
 864          $post_captcha = new captcha(false, "post_captcha");
 865  
 866          if($mybb->input['previewpost'] || $hide_captcha == true && $post_captcha->type == 1)
 867          {
 868              // If previewing a post - check their current captcha input - if correct, hide the captcha input area
 869              // ... but only if it's a default one, reCAPTCHAs must be filled in every time due to draconian limits
 870              if($post_captcha->validate_captcha() == true)
 871              {
 872                  $correct = true;
 873  
 874                  // Generate a hidden list of items for our captcha
 875                  $captcha = $post_captcha->build_hidden_captcha();
 876              }
 877          }
 878  
 879          if(!$correct)
 880          {
 881               if($post_captcha->type == 1)
 882              {
 883                  $post_captcha->build_captcha();
 884              }
 885              elseif($post_captcha->type == 2)
 886              {
 887                  $post_captcha->build_recaptcha();
 888              }
 889  
 890              if($post_captcha->html)
 891              {
 892                  $captcha = $post_captcha->html;
 893              }
 894          }
 895          else if($correct && $post_captcha->type == 2)
 896          {
 897              $post_captcha->build_recaptcha();
 898  
 899              if($post_captcha->html)
 900              {
 901                  $captcha = $post_captcha->html;
 902              }
 903          }
 904      }
 905  
 906      if($forumpermissions['canpostpolls'] != 0)
 907      {
 908          $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
 909          eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
 910      }
 911  
 912      // Do we have any forum rules to show for this forum?
 913      $forumrules = '';
 914      if($forum['rulestype'] >= 2 && $forum['rules'])
 915      {
 916          if(!$forum['rulestitle'])
 917          {
 918              $forum['rulestitle'] = $lang->sprintf($lang->forum_rules, $forum['name']);
 919          }
 920  
 921          if(!$parser)
 922          {
 923              require_once  MYBB_ROOT.'inc/class_parser.php';
 924              $parser = new postParser;
 925          }
 926  
 927          $rules_parser = array(
 928              "allow_html" => 1,
 929              "allow_mycode" => 1,
 930              "allow_smilies" => 1,
 931              "allow_imgcode" => 1
 932          );
 933  
 934          $forum['rules'] = $parser->parse_message($forum['rules'], $rules_parser);
 935          $foruminfo = $forum;
 936  
 937          if($forum['rulestype'] == 3)
 938          {
 939              eval("\$forumrules = \"".$templates->get("forumdisplay_rules")."\";");
 940          }
 941          else if($forum['rulestype'] == 2)
 942          {
 943              eval("\$forumrules = \"".$templates->get("forumdisplay_rules_link")."\";");
 944          }
 945      }
 946  
 947      $plugins->run_hooks("newthread_end");
 948  
 949      $forum['name'] = strip_tags($forum['name']);
 950      $lang->newthread_in = $lang->sprintf($lang->newthread_in, $forum['name']);
 951  
 952      $newthread_template = $templates->get("newthread");
 953  
 954      // Hide signature option if no permission
 955      $option_signature = '';
 956      if($mybb->usergroup['canusesig'] && !$mybb->user['suspendsignature'])
 957      {
 958          $option_signature = $templates->get('newthread_options_signature');
 959      }
 960      eval("\$option_signature = \"".$option_signature."\";");
 961  
 962      eval("\$newthread = \"".$newthread_template."\";");
 963      output_page($newthread);
 964  }
 965  ?>

title

Description

title

Description

title

Description

title

title

Body