sql_query($sql)) { $check_row = $db->sql_fetchrow($result); $forum_id = $check_row['forum_id']; $topic_status = $check_row['topic_status']; $forum_status = $check_row['forum_status']; if( $mode == "editpost" ) { $is_first_post = ($check_row['post_id'] == $post_id) ? TRUE : 0; $is_last_post = ($check_row['topic_last_post_id'] == $post_id) ? TRUE : 0; $is_last_post_forum = ($check_row['forum_last_post_id'] == $post_id) ? TRUE : 0; } else { if($mode == "quote") { $topic_id = $check_row['topic_id']; } $is_first_post = 0; $is_last_post = 0; } } else { message_die(GENERAL_MESSAGE, $lang['No_such_post']); } } else { $sql = "SELECT forum_status FROM " . FORUMS_TABLE . " f WHERE forum_id = $forum_id"; if($result = $db->sql_query($sql)) { $check_row = $db->sql_fetchrow($result); $is_first_post = TRUE; $is_last_post = 0; $topic_status = TOPIC_UNLOCKED; $forum_status = $check_row['forum_status']; } else { message_die(GENERAL_MESSAGE, $lang['Forum_not_exist']); } } // // Is topic or forum locked? // if($forum_status == FORUM_LOCKED) { message_die(GENERAL_MESSAGE, $lang['Forum_locked']); } else if($topic_status == TOPIC_LOCKED) { message_die(GENERAL_MESSAGE, $lang['Topic_locked']); } // // Auth checks // switch($mode) { case 'newtopic': if($topic_type == POST_ANNOUNCE) { $auth_type = AUTH_ANNOUNCE; $is_auth_type = "auth_announce"; $auth_string = $lang['can_post_announcements']; } else if($topic_type == POST_STICKY) { $auth_type = AUTH_STICKY; $is_auth_type = "auth_sticky"; $auth_string = $lang['can_post_sticky_topics']; } else { $auth_type = AUTH_ALL; $is_auth_type = "auth_post"; $auth_string = $lang['can_post_new_topics']; } break; case 'reply': $auth_type = AUTH_ALL; $is_auth_type = "auth_reply"; $auth_string = $lang['can_reply_to_topics']; break; case 'quote': $auth_type = AUTH_ALL; $is_auth_type = "auth_reply"; $auth_string = $lang['can_reply_to_topics']; break; case 'editpost': $auth_type = AUTH_ALL; $is_auth_type = "auth_edit"; $auth_string = $lang['can_edit_topics']; break; case 'delete': $auth_type = AUTH_DELETE; $is_auth_type = "auth_delete"; $auth_string = $lang['can_delete_topics']; break; default: $auth_type = AUTH_ALL; $is_auth_type = "auth_all"; $auth_string = $lang['can_post_new_topics']; break; } $is_auth = auth($auth_type, $forum_id, $userdata); if(!$is_auth[$is_auth_type]) { // // The user is not authed // if(!$userdata['session_logged_in']) { if($mode == "newtopic") { $redirect = "mode=newtopic&" . POST_FORUM_URL . "=$forum_id"; } else if($mode == "reply") { $redirect = "mode=reply&" . POST_TOPIC_URL . "=$topic_id"; } else if($mode == "quote") { $redirect = "mode=quote&" . POST_POST_URL ."=$post_id"; } else if($mode == "editpost") { $redirect = "mode=editpost&" . POST_POST_URL ."=$post_id&" . POST_TOPIC_URL . "=$topic_id"; } header("Location: login.$phpEx?forward_page=posting.$phpEx&" . $redirect); } else { $msg = $lang['Sorry_auth'] . $is_auth[$is_auth_type . "_type"] . $auth_string . $lang['this_forum']; } message_die(GENERAL_MESSAGE, $msg); } // // End Auth // // // Clear error check // $error = 0; $error_msg = ""; // // Prepare our message and subject on a 'submit' (inc. preview) // if( ( isset($HTTP_POST_VARS['submit']) || $preview ) && $topic_status == TOPIC_UNLOCKED ) { // // Flood control // if($mode != 'editpost' && !$preview) { $sql = "SELECT MAX(post_time) AS last_post_time FROM " . POSTS_TABLE . " WHERE poster_ip = '$user_ip'"; if($result = $db->sql_query($sql)) { $db_row = $db->sql_fetchrow($result); $last_post_time = $db_row['last_post_time']; $current_time = get_gmt_ts(); if(($current_time - $last_post_time) < $board_config['flood_interval']) { $error = TRUE; $error_msg = $lang['Flood_Error']; } } } // // End Flood control // // // Handle anon posting with usernames // if(isset($HTTP_POST_VARS['username'])) { $username = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))); if(!validate_username(stripslashes($username))) { $error = TRUE; if(!empty($error_msg)) { $error_msg .= "
"; } $error_msg .= $lang['Bad_username']; } } else { $username = ""; } $subject = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['subject']))); if($mode == 'newtopic' && empty($subject)) { $error = TRUE; if(!empty($error_msg)) { $error_msg .= "
"; } $error_msg .= $lang['Empty_subject']; } if(!empty($HTTP_POST_VARS['message'])) { if(!$error && !$preview) { if($bbcode_on) { $bbcode_uid = make_bbcode_uid(); } // // prepare_message returns a bbcode parsed html parsed and slashed result // ... note that we send NOT'ed version of the disable vars to the function // $message = prepare_message(stripslashes($HTTP_POST_VARS['message']), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); if( $attach_sig ) { $message .= (ereg(" $", $message)) ? "[addsig]" : " [addsig]"; } } else { $message = stripslashes(trim($HTTP_POST_VARS['message'])); } } else { $error = TRUE; if(!empty($error_msg)) { $error_msg .= "
"; } $error_msg .= $lang['Empty_message']; } } // // If submitted then update tables // according to the mode // if( ($mode == "newtopic" || $mode == "reply") && $topic_status == TOPIC_UNLOCKED) { $page_title = ($mode == "newtopic") ? " " . $lang['Post_new_topic'] : " " . $lang['Post_reply']; $section_title = ($mode == "newtopic") ? $lang['Post_new_topic_in'] : " " . $Lang['Post_reply_to']; if(isset($HTTP_POST_VARS['submit']) && !$error && !$preview) { $topic_time = get_gmt_ts(); if($mode == "reply") { $new_topic_id = $topic_id; } else if($mode == "newtopic") { $topic_notify = ($HTTP_POST_VARS['notify']) ? 1 : 0; $sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_notify, topic_status, topic_type) VALUES ('$subject', " . $userdata['user_id'] . ", " . $topic_time . ", $forum_id, $topic_notify, " . TOPIC_UNLOCKED . ", $topic_type)"; if($result = $db->sql_query($sql, BEGIN_TRANSACTION)) { $new_topic_id = $db->sql_nextid(); } else { message_die(GENERAL_ERROR, "Error inserting data into topics table", "", __LINE__, __FILE__, $sql); } } if($mode == "reply" || ( $mode == "newtopic" && $result ) ) { $sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, bbcode_uid, enable_bbcode, enable_html, enable_smilies) VALUES ($new_topic_id, $forum_id, " . $userdata['user_id'] . ", '$username', $topic_time, '$user_ip', '$bbcode_uid', $bbcode_on, $html_on, $smilies_on)"; if($mode == "reply") { $result = $db->sql_query($sql, BEGIN_TRANSACTION); } else { $result = $db->sql_query($sql); } if($result) { $new_post_id = $db->sql_nextid(); $sql = "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, post_text) VALUES ($new_post_id, '$subject', '$message')"; if($db->sql_query($sql)) { $sql = "UPDATE " . TOPICS_TABLE . " SET topic_last_post_id = $new_post_id"; if($mode == "reply") { $sql .= ", topic_replies = topic_replies + 1 "; } $sql .= " WHERE topic_id = $new_topic_id"; if($db->sql_query($sql)) { $sql = "UPDATE " . FORUMS_TABLE . " SET forum_last_post_id = $new_post_id, forum_posts = forum_posts + 1"; if($mode == "newtopic") { $sql .= ", forum_topics = forum_topics + 1"; } $sql .= " WHERE forum_id = $forum_id"; if($db->sql_query($sql)) { $sql = "UPDATE " . USERS_TABLE . " SET user_posts = user_posts + 1 WHERE user_id = " . $userdata['user_id']; if($db->sql_query($sql, END_TRANSACTION)) { setcookie('phpbb2_' . $forum_id . '_' . $new_topic_id, '', time() - 1, $cookiepath, $cookiedomain, $cookiesecure); // // Email users who are watching this topic // if($mode == "reply") { $sql = "SELECT u.user_id, u.username, u.user_email, t.topic_title FROM " . TOPICS_WATCH_TABLE . " tw, " . TOPICS_TABLE . " t, " . USERS_TABLE . " u WHERE tw.topic_id = $new_topic_id AND tw.user_id <> " . $userdata['user_id'] . " AND tw.user_id <> " . ANONYMOUS . " AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " AND t.topic_id = tw.topic_id AND u.user_id = tw.user_id"; if( $result = $db->sql_query($sql) ) { $email_set = $db->sql_fetchrowset($result); $update_watched_sql = ""; for($i = 0; $i < count($email_set); $i++) { if($email_set[$i]['user_email'] != "") { $email_headers = "From: " . $board_config['board_email_from'] . "\r\n"; $emailer->use_template("topic_notify"); $emailer->email_address($email_set[$i]['user_email']); $emailer->set_subject($lang['Topic_reply_notification']); $emailer->extra_headers($email_headers); $emailer->assign_vars(array( "USERNAME" => $email_set[$i]['username'], "SITENAME" => $board_config['sitename'], "TOPIC_TITLE" => $email_set[$i]['topic_title'], "TOPIC_URL" => "http://" . $SERVER_NAME . "/viewtopic.$phpEx?" . POST_TOPIC_URL . "=$new_topic_id", "EMAIL_SIG" => $board_config['board_email']) ); $emailer->send(); $emailer->reset(); if($update_watched_sql != "") { $update_watched_sql .= " OR "; } $update_watched_sql .= "user_id = " . $email_set[$i]['user_id']; } } if($update_watched_sql != "") { $sql = "UPDATE " . TOPICS_WATCH_TABLE . " SET notify_status = " . TOPIC_WATCH_NOTIFIED . " WHERE topic_id = $new_topic_id AND $update_watched_sql"; $db->sql_query($sql); } } } // // Handle notification request ... not complete // only fully functional for new posts // if( !empty($notify) ) { if($mode == "reply") { $sql = "SELECT notify_status FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $new_topic_id AND user_id = " . $userdata['user_id']; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain topic watch information", "", __LINE__, __FILE__, $sql); } if( $db->sql_numrows($result)) { if( !$notify ) { } } else if( $notify ) { } } else if( $notify ) { $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) VALUES (" . $userdata['user_id'] . ", $new_topic_id, 0)"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert topic watch information", "", __LINE__, __FILE__, $sql); } } } // // If we get here the post has been inserted successfully. // $msg = $lang['Stored'] . "

" . $lang['Click'] . " " . $lang['Here'] . " " . $lang['to_view_message'] . "

" . $lang['Click'] . " " . $lang['Here'] . " ". $lang['to_return_forum']; message_die(GENERAL_MESSAGE, $msg); } else { if(SQL_LAYER == "mysql") { } message_die(GENERAL_ERROR, "Error updating users table", "", __LINE__, __FILE__, $sql); } } else { if(SQL_LAYER == "mysql") { } // Rollback ? message_die(GENERAL_ERROR, "Error updating forums table", "", __LINE__, __FILE__, $sql); } } else { if(SQL_LAYER == "mysql") { } // Rollback ? message_die(GENERAL_ERROR, "Error updating topics table", "", __LINE__, __FILE__, $sql); } } else { if(SQL_LAYER == "mysql") { $sql = "DELETE FROM " . POSTS_TABLE . " WHERE post_id = $new_post_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Error inserting data into posts text table and could not rollback", "", __LINE__, __FILE__, $sql); } } // Rollback ? message_die(GENERAL_ERROR, "Error inserting data into posts text table", "", __LINE__, __FILE__, $sql); } } else { // Rollback ? message_die(GENERAL_ERROR, "Error inserting data into posts table", "", __LINE__, __FILE__, $sql); } } } } else if($mode == "quote" && !$preview && $topic_status == TOPIC_UNLOCKED) { $page_title = " " . $lang['Post_reply']; $section_title = " " . $Lang['Post_reply_to']; if( isset($post_id) ) { $sql = "SELECT p.*, pt.post_text, pt.post_subject, u.username, u.user_id, u.user_sig, t.topic_title, t.topic_notify, t.topic_type FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u, " . TOPICS_TABLE . " t, " . POSTS_TEXT_TABLE . " pt WHERE p.post_id = $post_id AND pt.post_id = p.post_id AND p.topic_id = t.topic_id AND p.poster_id = u.user_id"; if($result = $db->sql_query($sql)) { $postrow = $db->sql_fetchrow($result); $poster = stripslashes(trim($postrow['username'])); $subject = stripslashes(trim($postrow['post_subject'])); $message = stripslashes(trim($postrow['post_text'])); if(eregi("\[addsig]$", $message)) { $attach_sig = TRUE; } $message = eregi_replace("\[addsig]$", "", $message); // Removes UID from BBCode entries $message = preg_replace("/\:[0-9a-z\:]*?\]/si", "]", $message); $message = str_replace("
", "\n", $message); $message = undo_htmlspecialchars($message); // Special handling for tags in the message, which can break the editing form.. $message = preg_replace('##si', '</TEXTAREA>', $message); $msg_date = create_date($board_config['default_dateformat'], $postrow['post_time'], $board_config['default_timezone']); $message = "On " . $msg_date . " " . $poster . " wrote:\n\n[quote]\n" . $message . "\n[/quote]"; } else { message_die(GENERAL_ERROR, "Couldn't obtain post and post text", "", __LINE__, __FILE__, $sql); } } else { message_die(GENERAL_MESSAGE, $lang['No_such_post']); } } else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED ) { $page_title = " " . $lang['Edit_post']; $section_title = $lang['Edit_post_in']; if( ( isset($HTTP_POST_VARS['submit']) || isset($HTTP_GET_VARS['confirm']) || isset($HTTP_POST_VARS['confirm']) ) && !$error && !$preview ) { $sql = "SELECT poster_id FROM " . POSTS_TABLE . " WHERE post_id = $post_id"; if($result = $db->sql_query($sql)) { list($check_user_id) = $db->sql_fetchrow($result); if($userdata['user_id'] != $check_user_id && !$is_auth['auth_mod']) { $msg = ( isset($HTTP_POST_VARS['delete']) || isset($HTTP_GET_VARS['delete']) ) ? $lang['Sorry_delete_own_posts'] : $lang['Sorry_edit_own_posts']; message_die(GENERAL_MESSAGE, $msg); } } if( ( isset($HTTP_POST_VARS['delete']) || isset($HTTP_GET_VARS['delete']) ) && ( $is_last_post || $is_auth['auth_mod'] ) ) { // // Output a confirmation message, unless we've over-ridden it on the posting_body form ( // override_confirm set ), this is so people can implement JavaScript checkers if they wish // if( isset($HTTP_POST_VARS['delete']) && !isset($HTTP_POST_VARS['override_confirm']) && !isset($HTTP_GET_VARS['confirm']) && !isset($HTTP_POST_VARS['confirm'])) { $s_hidden_fields = ''; // // Output confirmation page // include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( "confirm_body" => "confirm_body.tpl") ); $template->assign_vars(array( "MESSAGE_TITLE" => $lang['Information'], "MESSAGE_TEXT" => $lang['Confirm_delete'], "L_YES" => $lang['Yes'], "L_NO" => $lang['No'], "S_CONFIRM_ACTION" => append_sid("posting.$phpEx"), "S_HIDDEN_FIELDS" => $s_hidden_fields) ); $template->pparse("confirm_body"); include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } else if( isset($HTTP_GET_VARS['confirm']) || isset($HTTP_POST_VARS['confirm']) || isset($HTTP_POST_VARS['override_confirm']) ) { $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " WHERE post_id = $post_id"; if($db->sql_query($sql, BEGIN_TRANSACTION)) { $sql = "DELETE FROM " . POSTS_TABLE . " WHERE post_id = $post_id"; if($is_last_post && $is_first_post) { // // Delete the topic completely, updating the forum_last_post_id // if necessary // if($db->sql_query($sql)) { $sql = "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $topic_id"; $sql_forum_upd = "forum_posts = forum_posts - 1, forum_topics = forum_topics - 1"; $if_die_msg = "Couldn't delete from topics table"; } else { if(SQL_LAYER == "mysql") { } // Rollback ? message_die(GENERAL_ERROR, "Error deleting from post table", "", __LINE__, __FILE__, $sql); } } else if($is_last_post) { // // Delete the post and update the _last_post_id's of both // the topic and forum if necessary // if($db->sql_query($sql)) { $sql = "SELECT MAX(post_id) AS new_last_post_id FROM " . POSTS_TABLE . " WHERE topic_id = $topic_id"; if($result = $db->sql_query($sql)) { list($new_last_post_id) = $db->sql_fetchrow($result); $sql = "UPDATE " . TOPICS_TABLE . " SET topic_replies = topic_replies - 1, topic_last_post_id = $new_last_post_id WHERE topic_id = $topic_id"; $sql_forum_upd = "forum_posts = forum_posts - 1"; $if_die_msg = "Error updating topics table"; } else { if(SQL_LAYER == "mysql") { } // Rollback ? message_die(GENERAL_ERROR, "Error obtaining new last topic id", "", __LINE__, __FILE__, $sql); } } else { if(SQL_LAYER == "mysql") { } // Rollback ? message_die(GENERAL_ERROR, "Error deleting from post table", "", __LINE__, __FILE__, $sql); } } else if($is_auth['auth_mod']) { // // It's not last and it's not both first and last so it's somewhere in // the middle(!) Only moderators can delete these posts, all we need do // is update the forums table data as necessary // $sql_forum_upd = "forum_posts = forum_posts - 1"; $if_die_msg = "Couldn't delete from posts table"; } // // Updating the forum is common to all three possibilities, // _remember_ we're still in a transaction here! // if($db->sql_query($sql)) { if($is_last_post_forum) { $sql = "SELECT MAX(post_id) AS new_last_post_id FROM " . POSTS_TABLE . " WHERE forum_id = $forum_id"; if($result = $db->sql_query($sql)) { list($new_last_post_id) = $db->sql_fetchrow($result); } else { message_die(GENERAL_ERROR, "Couldn't obtain new last post id for the forum", "", __LINE__, __FILE__, $sql); } $new_last_sql = ", forum_last_post_id = $new_last_post_id"; } else { $new_last_sql = ""; } $sql = "UPDATE " . FORUMS_TABLE . " SET " . $sql_forum_upd . $new_last_sql . " WHERE forum_id = $forum_id"; if($db->sql_query($sql, END_TRANSACTION)) { // // If we get here the post has been deleted successfully. // $msg = $lang['Deleted']; if(!$is_last_post || !$is_first_post) { $msg .= "

" . $lang['Click'] . " " . $lang['Here'] . " " . $lang['to_return_topic']; } $msg .= "

" . $lang['Click'] . " " . $lang['Here'] . " ". $lang['to_return_forum']; message_die(GENERAL_MESSAGE, $msg); } else { if(SQL_LAYER == "mysql") { } // Rollback ? message_die(GENERAL_ERROR, "Error updating forums table", "", __LINE__, __FILE__, $sql); } } else { // // This error is produced by the last SQL query carried out // before we jumped into this common block // if(SQL_LAYER == "mysql") { } // Rollback ? message_die(GENERAL_ERROR, $if_die_msg, "", __LINE__, __FILE__, $sql); } } else { if(SQL_LAYER == "mysql") { } // Rollback ? message_die(GENERAL_ERROR, "Error deleting from posts text table", "", __LINE__, __FILE__, $sql); } } else { // // No action matched so return to viewtopic, should be fine for URL based // confirmations // header("Location: viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id"); } } else { if( !$is_last_post && ( !$is_auth['auth_mod'] || $check_user_id == $userdata['user_id'] ) ) { $edited_sql = ", post_edit_time = " . time() . ", post_edit_count = post_edit_count + 1 "; } else { $edited_sql = ""; } $sql = "UPDATE " . POSTS_TABLE . " SET bbcode_uid = '$bbcode_uid', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on" . $edited_sql . " WHERE post_id = $post_id"; if($db->sql_query($sql, BEGIN_TRANSACTION)) { $sql = "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$message', post_subject = '$subject' WHERE post_id = $post_id"; if($is_first_post) { if($db->sql_query($sql)) { // // Update topics table here, set notification level and such // $sql = "UPDATE " . TOPICS_TABLE . " SET topic_title = '$subject', topic_notify = '$notify', topic_type = '".$topic_type."' WHERE topic_id = $topic_id"; if($db->sql_query($sql, END_TRANSACTION)) { // // If we get here the post has been inserted successfully. // $msg = $lang['Stored'] . "

" . $lang['Click'] . " " . $lang['Here'] . " " . $lang['to_view_message'] . "

" . $lang['Click'] . " " . $lang['Here'] . " ". $lang['to_return_forum']; message_die(GENERAL_MESSAGE, $msg); } else { if(SQL_LAYER == "mysql") { } message_die(GENERAL_ERROR, "Updating topics table", "", __LINE__, __FILE__, $sql); } } else { if(SQL_LAYER == "mysql") { } } } else { if($db->sql_query($sql, END_TRANSACTION)) { // // If we get here the post has been inserted successfully. // $msg = $lang['Stored'] . "

" . $lang['Click'] . " " . $lang['Here'] . " " . $lang['to_view_message'] . "

" . $lang['Click'] . " " . $lang['Here'] . " ". $lang['to_return_forum']; message_die(GENERAL_MESSAGE, $msg); } else { if(SQL_LAYER == "mysql") { } message_die(GENERAL_ERROR, "Error updating posts text table", "", __LINE__, __FILE__, $sql); } } } else { if(SQL_LAYER == "mysql") { } message_die(GENERAL_ERROR, "Error updating posts text table", "", __LINE__, __FILE__, $sql); } } } else if( isset($HTTP_GET_VARS['not_confirm']) || isset($HTTP_POST_VARS['not_confirm']) ) { // // Cancelled a confirmation, just to viewtopic // header("Location: viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id"); } else { if( !empty($post_id) ) { $sql = "SELECT p.*, pt.post_text, pt.post_subject, u.username, u.user_id, u.user_sig, t.topic_title, t.topic_notify, t.topic_type FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u, " . TOPICS_TABLE . " t, " . POSTS_TEXT_TABLE . " pt WHERE p.post_id = $post_id AND pt.post_id = p.post_id AND p.topic_id = t.topic_id AND p.poster_id = u.user_id"; if($result = $db->sql_query($sql)) { $postrow = $db->sql_fetchrow($result); if($userdata['user_id'] != $postrow['user_id'] && !$is_auth['auth_mod']) { message_die(GENERAL_MESSAGE, $lang['Sorry_edit_own_posts']); } if(!$preview) { $subject = stripslashes(trim($postrow['post_subject'])); $message = stripslashes(trim($postrow['post_text'])); if(eregi("\[addsig]$", $message)) { $message = eregi_replace("\[addsig]$", "", $message); $user_sig = ($postrow['user_sig'] != "") ? $postrow['user_sig'] : ""; $attach_sig = ($postrow['user_sig'] != "") ? TRUE : 0; } else { $attach_sig = 0; } // Removes UID from BBCode entries $message = preg_replace("/\:[0-9a-z\:]+\]/si", "]", $message); $message = str_replace("
", "\n", $message); $message = undo_htmlspecialchars($message); // Special handling for tags in the message, which can break the editing form.. $message = preg_replace('##si', '</TEXTAREA>', $message); if($is_first_post) { $notify_show = TRUE; if($postrow['topic_notify']) { $notify = TRUE; } $subject = stripslashes($postrow['topic_title']); switch($postrow['topic_type']) { case POST_ANNOUNCE: $is_announce = TRUE; break; case POST_STICKY: $is_sticky = TRUE; break; } } } } } else { message_die(GENERAL_MESSAGE, $lang['No_such_post']); } } }// end if ... mode // // Output page // if($mode == "newtopic") { $post_a = $lang['Post_a_new_topic']; } else if($mode == "reply") { $post_a = $lang['Post_a_reply']; } else if($mode == "editpost") { $post_a = $lang['Edit_Post']; } $page_title = $post_a; include($phpbb_root_path . 'includes/page_header.'.$phpEx); // // Start Error handling // if($error) { $template->set_filenames(array( "reg_header" => "error_body.tpl") ); $template->assign_vars(array( "ERROR_MESSAGE" => $error_msg) ); $template->pparse("reg_header"); } // // End error handling // if(empty($username)) { $username = stripslashes($userdata['username']); } // // Define a signature, this is in practice only used for // preview but doing this here allows us to use it as a // check for attach_sig later // if( $mode == "editpost" ) { $user_sig = ($postrow['user_sig'] != "") ? $postrow['user_sig'] : ""; } else { $user_sig = ($userdata['user_sig'] != "") ? $userdata['user_sig'] : ""; } // // Start: Preview Post // if($preview && !$error) { switch($topic_type) { case POST_ANNOUNCE: $is_announce = TRUE; break; case POST_STICKY: $is_sticky = TRUE; break; } if($bbcode_on) { $bbcode_uid = make_bbcode_uid(); } $preview_message = stripslashes(prepare_message($message, $html_on, $bbcode_on, $smilies_on, $bbcode_uid)); // // Finalise processing as per viewtopic // if( !$html_on ) { if($user_sig != "") { $user_sig = htmlspecialchars($user_sig); } $preview_message = htmlspecialchars($preview_message); } if($user_sig != "") { $sig_uid = make_bbcode_uid(); $user_sig = bbencode_first_pass($user_sig, $sig_uid); $user_sig = bbencode_second_pass($user_sig, $sig_uid); } if($bbcode_on) { $preview_message = bbencode_second_pass($preview_message, $bbcode_uid); // // This compensates for bbcode's rather agressive (but I guess necessary) // HTML handling // if( !$html_on ) { $preview_message = preg_replace("'&'", "&", $preview_message); } } else { // Removes UID from BBCode entries $preview_message = preg_replace("/\:[0-9a-z\:]+\]/si", "]", $preview_message); } if($smilies_on) { $preview_message = smilies_pass($preview_message); } if($attach_sig && $user_sig != "") { $preview_message = $preview_message . "

_________________
" . $user_sig; } $preview_message = make_clickable($preview_message); $preview_message = str_replace("\n", "
", $preview_message); $template->set_filenames(array( "preview" => "posting_preview.tpl") ); $template->assign_vars(array( "TOPIC_TITLE" => stripslashes($subject), "POST_SUBJECT" => stripslashes($subject), "POSTER_NAME" => stripslashes($username), "POST_DATE" => create_date($board_config['default_dateformat'], time(), $board_config['default_timezone']), "MESSAGE" => $preview_message, "L_PREVIEW" => $lang['Preview'], "L_POSTED" => $lang['Posted']) ); $template->pparse("preview"); } // // End Preview Post // // // Show the same form for each mode. // if( empty($forum_id) ) { message_die(GENERAL_ERROR, $lang['Forum_not_exist']); } $sql = "SELECT forum_name FROM " . FORUMS_TABLE . " WHERE forum_id = $forum_id"; if(!$result = $db->sql_query($sql)) { message_die(GENERAL_ERROR, "Could not obtain forum information.", "", __LINE__, __FILE__, $sql); } $forum_info = $db->sql_fetchrow($result); $forum_name = stripslashes($forum_info['forum_name']); $template->set_filenames(array( "body" => "posting_body.tpl", "jumpbox" => "jumpbox.tpl") ); $jumpbox = make_jumpbox(); $template->assign_vars(array( "L_GO" => $lang['Go'], "L_JUMP_TO" => $lang['Jump_to'], "L_SELECT_FORUM" => $lang['Select_forum'], "JUMPBOX_LIST" => $jumpbox, "SELECT_NAME" => POST_FORUM_URL) ); $template->assign_var_from_handle("JUMPBOX", "jumpbox"); $template->assign_vars(array( "FORUM_ID" => $forum_id, "FORUM_NAME" => $forum_name, "L_POSTNEWIN" => $section_title, "U_VIEW_FORUM" => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id")) ); // // Generate form data // $display_username = ($userdata['session_logged_in']) ? stripslashes($userdata["username"]) : ""; $display_subject = ($subject != "") ? stripslashes($subject) : ""; // // HTML toggle selection // if($board_config['allow_html']) { $html_status = $lang['ON']; $template->assign_block_vars("html_checkbox", array()); } else { $html_status = $lang['OFF']; } // // BBCode toggle selection // if($board_config['allow_bbcode']) { $bbcode_status = $lang['ON']; $template->assign_block_vars("bbcode_checkbox", array()); } else { $bbcode_status = $lang['OFF']; } // // Smilies toggle selection // if($board_config['allow_smilies']) { $smilies_status = $lang['ON']; $template->assign_block_vars("smilies_checkbox", array()); } else { $smilies_status = $lang['OFF']; } // // Signature toggle selection - only show if // the user has a signature // if( $user_sig != "" ) { $template->assign_block_vars("signature_checkbox", array()); } // // Notify selection // if($mode == "newtopic" || $preview || ( $mode == "editpost" && $notify_show ) ) { $template->assign_block_vars("notify_checkbox", array()); } // // Delete selection // if($mode == 'editpost' && !$preview && ( $is_last_post || $is_auth['auth_mod'] ) ) { $template->assign_block_vars("delete_checkbox", array()); } // // Topic type selection // $topic_type_radio = ''; if($mode == 'newtopic' || ( $mode == 'editpost' && $is_first_post ) ) { $template->assign_block_vars("type_toggle", array()); if($is_auth['auth_announce']) { $announce_toggle = '"; } else if($mode == "reply" || $mode == "quote") { // // Reset mode to reply if quote is in effect // to allow proper handling by submit/preview // $mode = "reply"; $hidden_form_fields .= ""; } else if($mode == "editpost") { $hidden_form_fields .= ""; } $hidden_form_fields .= ""; // // User not logged in so offer up a username // field box // if( !$userdata['session_logged_in'] ) { $template->assign_block_vars("anon_user", array()); } // // Here we check (if we're editing or replying) // whether the post has html/bbcode/smilies disabled // if it does then we modify the status vars appropriately // if( !$preview && $mode == "editpost" ) { if($postrow['enable_html'] && $board_config['allow_html']) { $html_on = TRUE; } else { $html_on = 0; } if($postrow['enable_bbcode'] && $board_config['allow_bbcode']) { $bbcode_on = TRUE; } else { $bbcode_on = 0; } if($postrow['enable_smilies'] && $board_config['allow_smilies']) { $smilies_on = TRUE; } else { $smilies_on = 0; } } // // Output the data to the template // $template->assign_vars(array( "USERNAME" => $display_username, "SUBJECT" => $display_subject, "MESSAGE" => $message, "HTML_STATUS" => $html_status, "BBCODE_STATUS" => $bbcode_status, "SMILIES_STATUS" => $smilies_status, "L_SUBJECT" => $lang['Subject'], "L_MESSAGE_BODY" => $lang['Message_body'], "L_OPTIONS" => $lang['Options'], "L_PREVIEW" => $lang['Preview'], "L_SUBMIT" => $lang['Submit_post'], "L_CANCEL" => $lang['Cancel_post'], "L_CONFIRM_DELETE" => $lang['Confirm_delete'], "L_POST_A" => $post_a, "L_HTML_IS" => $lang['HTML'] . " " . $lang['is'], "L_BBCODE_IS" => $lang['BBCode'] . " " . $lang['is'], "L_SMILIES_ARE" => $lang['Smilies'] . " " . $lang['are'], "L_DISABLE_HTML" => $lang['Disable'] . $lang['HTML'] . $lang['in_this_post'], "L_DISABLE_BBCODE" => $lang['Disable'] . $lang['BBCode'] . $lang['in_this_post'], "L_DISABLE_SMILIES" => $lang['Disable'] . $lang['Smilies'] . $lang['in_this_post'], "L_ATTACH_SIGNATURE" => $lang['Attach_signature'], "L_NOTIFY_ON_REPLY" => $lang['Notify'], "L_DELETE_POST" => $lang['Delete_post'], "S_HTML_CHECKED" => (!$html_on) ? "checked=\"checked\"" : "", "S_BBCODE_CHECKED" => (!$bbcode_on) ? "checked=\"checked\"" : "", "S_SMILIES_CHECKED" => (!$smilies_on) ? "checked=\"checked\"" : "", "S_SIGNATURE_CHECKED" => ($attach_sig) ? "checked=\"checked\"" : "", "S_NOTIFY_CHECKED" => ($notify) ? "checked=\"checked\"" : "", "S_TYPE_TOGGLE" => $topic_type_toggle, "S_TOPIC_ID" => $topic_id, "S_POST_ACTION" => append_sid("posting.$phpEx"), "S_HIDDEN_FORM_FIELDS" => $hidden_form_fields) ); $template->pparse("body"); include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ?>