<?php
/***************************************************************************
* posting.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
// TODO for 2.2:
//
// * topic review additions -> quoting from previous posts ?
// * check for reply since started posting upon submission and display of 'between-posts' to allow re-defining of post
// * hidden form element containing sid to prevent remote posting - Edwin van Vliet
// * Attachments
// * bbcode parsing -> see functions_posting.php
// * lock topic option within posting
// * multichoice polls
// * permission defined ability for user to add poll options
// * Spellcheck? aspell? or some such?
// * Posting approval
// Temp Function - strtolower (will have a look at iconv later) - borrowed from php.net
function phpbb_strtolower($string)
{
$new_string = '';
for ($i = 0; $i < strlen($string); $i++)
{
// Not sure about the offset, where is my ASCII Table ???
if (ord(substr($string, $i, 1)) > 0xa0)
{
$new_string .= strtolower(substr($string, $i, 2));
$i++;
}
else
{
$new_string .= strtolower(substr($string, $i, 1));
}
}
return $new_string;
}
define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'includes/functions_posting.'.$phpEx);
include($phpbb_root_path . 'includes/message_parser.'.$phpEx);
// Start session management
$user->start();
$user->setup();
$auth->acl($user->data);
// Grab only parameters needed here
$mode = (!empty($_REQUEST['mode'])) ? strval($_REQUEST['mode']) : '';
$post_id = (!empty($_REQUEST['p'])) ? intval($_REQUEST['p']) : false;
$topic_id = (!empty($_REQUEST['t'])) ? intval($_REQUEST['t']) : false;
$forum_id = (!empty($_REQUEST['f'])) ? intval($_REQUEST['f']) : false;
$lastclick = (isset($_POST['lastclick'])) ? intval($_POST['lastclick']) : 0;
$submit = (isset($_POST['post'])) ? true : false;
$preview = (isset($_POST['preview'])) ? true : false;
$save = (isset($_POST['save'])) ? true : false;
$cancel = (isset($_POST['cancel'])) ? true : false;
$confirm = (isset($_POST['confirm'])) ? true : false;
$delete = (isset($_POST['delete'])) ? true : false;
$refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['edit_comment']);
if (($delete) && (!$preview) && (!$refresh) && ($submit))
{
$mode = 'delete';
}
// Was cancel pressed? If so then redirect to the appropriate page
if ( ($cancel) || ((time() - $lastclick) < 2) )
{
$redirect = ($post_id) ? "viewtopic.$phpEx$SID&p=" . $post_id . "#" . $post_id : (($topic_id) ? "viewtopic.$phpEx$SID&t=" . $topic_id : (($forum_id) ? "viewforum.$phpEx$SID&f=" . $forum_id : "index.$phpEx$SID"));
redirect($redirect);
}
// What is all this following SQL for? Well, we need to know
// some basic information in all cases before we do anything.
$forum_validate = false;
$topic_validate = false;
$post_validate = false;
// Easier validation
$forum_fields = array('forum_name' => 's', 'parent_id' => 'i', 'forum_parents' => 's', 'forum_status' => 'i', 'forum_postable' => 'i', 'enable_icons' => 'i', 'enable_post_count' => 'i', 'enable_moderate' => 'i');
$topic_fields = array('topic_status' => 'i', 'topic_first_post_id' => 'i', 'topic_last_post_id' => 'i', 'topic_type' => 'i', 'topic_title' => 's', 'poll_last_vote' => 'i', 'poll_start' => 'i', 'poll_title' => 's', 'poll_length' => 'i');
$post_fields = array('post_time' => 'i', 'poster_id' => 'i', 'post_username' => 's', 'post_text' => 's', 'post_subject' => 's', 'post_checksum' => 's', 'post_attachment' => 'i', 'bbcode_uid' => 's', 'enable_magic_url' => 'i', 'enable_sig' => 'i', 'enable_smilies' => 'i', 'enable_bbcode' => 'i', 'post_edit_locked' => 'i');
$sql = '';
switch ($mode)
{
case 'post':
if (!$forum_id)
{
trigger_error($user->lang['NO_FORUM']);
}
$sql = "SELECT *
FROM " . FORUMS_TABLE . "
WHERE forum_id = " . $forum_id;
$forum_validate = true;
break;
case 'reply':
if (!$topic_id)
{
trigger_error($user->lang['NO_TOPIC']);
}
$sql = "SELECT t.*, f.*
FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f
WHERE t.topic_id = " . $topic_id . "
AND f.forum_id = t.forum_id";
$forum_validate = true;
$topic_validate = true;
break;
case 'quote':
case 'edit':
case 'delete':
if (!$post_id)
{
trigger_error($user->lang['NO_POST']);
}
$sql = "SELECT p.*, t.*, f.*, u.username
FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f, " . USERS_TABLE . " u
WHERE p.post_id = " . $post_id . "
AND t.topic_id = p.topic_id
AND u.user_id = p.poster_id
AND f.forum_id = t.forum_id";
$forum_validate = true;
$topic_validate = true;
$post_validate = true;
break;
case 'topicreview':
if (!$topic_id)
{
trigger_error($user->lang['NO_TOPIC']);
}
topic_review($topic_id, false);
break;
case 'smilies':
generate_smilies('window');
break;
default:
trigger_error($user->lang['NO_MODE']);
}
if ($sql != '')
{
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$forum_id = intval($row['forum_id']);
$topic_id = intval($row['topic_id']);
$post_id = intval($row['post_id']);
foreach ($forum_fields as $var => $type)
{
switch ($type)
{
case 'i':
$$var = ($forum_validate) ? intval($row[$var]) : false;
break;
case 's':
$$var = ($forum_validate) ? trim($row[$var]) : '';
break;
default:
$$var = '';
}
}
foreach ($topic_fields as $var => $type)
{
switch ($type)
{
case 'i':
$$var = ($topic_validate) ? intval($row[$var]) : false;
break;
case 's':
$$var = ($topic_validate) ? trim($row[$var]) : '';
break;
default:
$$var = '';
}
}
foreach ($post_fields as $var => $type)
{
switch ($type)
{
case 'i':
$$var = ($post_validate) ? intval($row[$var]) : false;
break;
case 's':
$$var = ($post_validate) ? trim($row[$var]) : '';
break;
default:
$$var = '';
}
}
$post_subject = ($post_validate) ? $post_subject : $topic_title;
$poll_length = ($poll_length) ? $poll_length/3600 : $poll_length;
$poll_options = array();
// Get Poll Data
if ($poll_start)
{
$sql = "SELECT poll_option_text
FROM " . POLL_OPTIONS_TABLE . "
WHERE topic_id = " . $topic_id . "
ORDER BY poll_option_id";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$poll_options[] = trim($row['poll_option_text']);
}
$db->sql_freeresult($result);
}
$attachment_data = array();
$attachment_data['filecomment'] = ( isset($_POST['filecomment']) ) ? trim( strip_tags($_POST['filecomment'])) : '';
$attachment_data['filename'] = ( $_FILES['fileupload']['name'] != 'none' ) ? trim($_FILES['fileupload']['name']) : '';
// Get Attachment Data
$attachment_data['physical_filename'] = ( isset($_POST['attachment_list']) ) ? $_POST['attachment_list'] : array();
$attachment_data['comment'] = ( isset($_POST['comment_list']) ) ? $_POST['comment_list'] : array();
$attachment_data['real_filename'] = ( isset($_POST['filename_list']) ) ? $_POST['filename_list'] : array();
$attachment_data['extension'] = ( isset($_POST['extension_list']) ) ? $_POST['extension_list'] : array();
$attachment_data['mimetype'] = ( isset($_POST['mimetype_list']) ) ? $_POST['mimetype_list'] : array();
$attachment_data['filesize'] = ( isset($_POST['filesize_list']) ) ? $_POST['filesize_list'] : array();
$attachment_data['filetime'] = ( isset($_POST['filetime_list']) ) ? $_POST['filetime_list'] : array();
$attachment_data['attach_id'] = ( isset($_POST['attach_id_list']) ) ? $_POST['attach_id_list'] : array();
$attachment_data['thumbnail'] = ( isset($_POST['attach_thumbnail_list']) ) ? $_POST['attach_thumbnail_list'] : array();
if (($post_attachment) && (!$submit) && (!$refresh) && (!$preview) && ($mode == 'edit'))
{
$sql = "SELECT d.*
FROM " . ATTACHMENTS_TABLE . " a, " . ATTACHMENTS_DESC_TABLE . " d
WHERE a.post_id = " . $post_id . "
AND a.attach_id = d.attach_id
ORDER BY d.filetime DESC";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$attachment_data['attach_id'][] = intval($row['attach_id']);
$attachment_data['physical_filename'][] = trim($row['physical_filename']);
$attachment_data['comment'][] = trim($row['comment']);
$attachment_data['real_filename'][] = trim($row['real_filename']);
$attachment_data['extension'][] = trim($row['extension']);
$attachment_data['mimetype'][] = trim($row['mimetype']);
$attachment_data['filesize'][] = intval($row['filesize']);
$attachment_data['filetime'][] = intval($row['filetime']);
$attachment_data['thumbnail'][] = intval($row['thumbnail']);
}
$db->sql_freeresult($result);
}
if (($poster_id == ANONYMOUS) || (!$poster_id))
{
$username = ($post_validate) ? trim($post_username) : '';
}
else
{
$username = ($post_validate) ? trim($username) : '';
}
$enable_urls = $enable_magic_url;
if (!$post_validate)
{
$enable_sig = (intval($config['allow_sig']) && $user->data['user_attachsig']) ? true : false;
$enable_smilies = (intval($config['allow_smilies']) && $user->data['user_allowsmile']) ? true : false;
$enable_bbcode = (intval($config['allow_bbcode']) && $user->data['user_allowbbcode']) ? true : false;
$enable_urls = true;
}
$enable_magic_url = false;
}
// Notify user checkbox
if ($mode != 'post' && $user->data['user_id'] != ANONYMOUS)
{
$sql = "SELECT topic_id
FROM " . TOPICS_WATCH_TABLE . "
WHERE topic_id = " . $topic_id . "
AND user_id = " . $user->data['user_id'];
$result = $db->sql_query($sql);
$notify_set = ($db->sql_fetchrow($result)) ? true : false;
$db->sql_freeresult($result);
}
// Collect general Permissions to be used within the complete page
$perm = array(
'm_lock' => $auth->acl_get('m_lock', $forum_id),
'm_edit' => $auth->acl_get('m_edit', $forum_id),
'm_delete' => $auth->acl_get('m_delete', $forum_id),
'u_delete' => $auth->acl_get('f_delete', $forum_id),
'f_attach' => $auth->acl_get('f_attach', $forum_id),
'f_news' => $auth->acl_get('f_news', $forum_id),
'f_announce' => $auth->acl_get('f_announce', $forum_id),
'f_sticky' => $auth->acl_get('f_sticky', $forum_id),
'f_ignoreflood' => $auth->acl_get('f_ignoreflood', $forum_id),
'f_sigs' => $auth->acl_get('f_sigs', $forum_id),
'f_save' => $auth->acl_get('f_save', $forum_id)
);
if ( (!$auth->acl_get('f_' . $mode, $forum_id)) && ($forum_postable) )
{
trigger_error($user->lang['USER_CANNOT_' . strtoupper($mode)]);
}
// Forum/Topic locked?
if ( ($forum_status == ITEM_LOCKED || $topic_status == ITEM_LOCKED) && !$perm['m_edit'])
{
$message = ($forum_status == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED';
trigger_error($user->lang[$message]);
}
// Can we edit this post?
if ( ($mode == 'edit' || $mode == 'delete') && !empty($config['edit_time']) && $post_time < time() - intval($config['edit_time']) && !$perm['m_edit'])
{
trigger_error($user->lang['CANNOT_EDIT_TIME']);
}
// Do we want to edit our post ?
if ( ($mode == 'edit') && (!$perm['m_edit']) && ($user->data['user_id'] != $poster_id))
{
trigger_error($user->lang['USER_CANNOT_EDIT']);
}
// Is edit posting locked ?
if ( ($mode == 'edit') && ($post_edit_locked) && (!$auth->acl_gets('m_', 'a_', $forum_id)) )
{
trigger_error($user->lang['CANNOT_EDIT_POST_LOCKED']);
}
$message_parser = new parse_message(0); // <- TODO: add constant (MSG_POST/MSG_PM)
if ($mode == 'edit')
{
$message_parser->bbcode_uid = $row['bbcode_uid'];
}
// Delete triggered ?
if ( ($mode == 'delete') && ((($poster_id == $user->data['user_id']) && ($user->data['user_id'] != ANONYMOUS) && ($perm['u_delete']) && ($post_id == $topic_last_post_id)) || ($perm['m_delete'])) )
{
// Do we need to confirm ?
if ($confirm)
{
$post_data = array(
'topic_first_post_id' => $topic_first_post_id,
'topic_last_post_id' => $topic_last_post_id,
'enable_post_count' => $enable_post_count,
'user_id' => $poster_id
);
$msg = delete_post($mode, $post_id, $topic_id, $forum_id, $post_data);
// We have a problem...
trigger_error($msg);
}
else
{
$s_hidden_fields = '<input type="hidden" name="p" value="' . $post_id . '" /><input type="hidden" name="mode" value="delete" />';
$page_title = $user->lang['DELETE_MESSAGE'];
include($phpbb_root_path . 'includes/page_header.' . $phpEx);
$template->set_filenames(array(
'body' => 'confirm_body.html')
);
$template->assign_vars(array(
'MESSAGE_TITLE' => $user->lang['DELETE_MESSAGE'],
'MESSAGE_TEXT' => $user->lang['CONFIRM_DELETE'],
'L_YES' => $user->lang['YES'],
'L_NO' => $user->lang['NO'],
'S_CONFIRM_ACTION' => $phpbb_root_path . 'posting.' . $phpEx . $SID,
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
}
if ( ($mode == 'delete') && ( ($poster_id != $user->data['user_id']) && (!$perm['u_delete'])) )
{
trigger_error($user->lang['DELETE_OWN_POSTS']);
}
if ( ($mode == 'delete') && ( ($poster_id == $user->data['user_id']) && ($perm['u_delete'])) && ($post_id != $topic_last_post_id))
{
trigger_error($user->lang['CANNOT_DELETE_REPLIED']);
}
if ($mode == 'delete')
{
trigger_error('USER_CANNOT_DELETE');
}
if (($submit) || ($preview) || ($refresh))
{
$topic_cur_post_id = (isset($_POST['topic_cur_post_id'])) ? intval($_POST['topic_cur_post_id']) : false;
$subject = (!empty($_POST['subject'])) ? trim(htmlspecialchars(strip_tags($_POST['subject']))) : '';
if ((strcmp($subject, strtoupper($subject)) == 0) && ($subject != ''))
{
$subject = phpbb_strtolower($subject);
}
$message_parser->message = (!empty($_POST['message'])) ? trim(stripslashes($_POST['message'])) : '';
$username = (!empty($_POST['username'])) ? trim($_POST['username']) : '';
$topic_type = (!empty($_POST['topic_type'])) ? intval($_POST['topic_type']) : POST_NORMAL;
$icon_id = (!empty($_POST['icon'])) ? intval($_POST['icon']) : 0;
$enable_html = (!intval($config['allow_html'])) ? 0 : ((!empty($_POST['disable_html'])) ? 0 : 1);
$enable_bbcode = (!intval($config['allow_bbcode'])) ? 0 : ((!empty($_POST['disable_bbcode'])) ? 0 : 1);
$enable_smilies = (!intval($config['allow_smilies'])) ? 0 : ((!empty($_POST['disable_smilies'])) ? 0 : 1);
$enable_urls = (isset($_POST['disable_magic_url'])) ? 0 : 1;
$enable_sig = (!intval($config['allow_sig'])) ? false : ((!empty($_POST['attach_sig'])) ? true : false);
$notify = (!empty($_POST['notify'])) ? true : false;
$topic_lock = (isset($_POST['lock_topic'])) ? true : false;
$post_lock = (isset($_POST['lock_post'])) ? true : false;
$poll_delete = (isset($_POST['poll_delete'])) ? true : false;
if ( ($poll_delete) && ($mode == 'edit' && !empty($poll_options) && ((empty($poll_last_vote) && $poster_id == $user->data['user_id'] && $perm['u_delete']) || $perm['m_delete'])) )
{
delete_poll($topic_id);
$poll_title = '';
$poll_length = '';
$poll_option_text = '';
}
else
{
$poll_title = (!empty($_POST['poll_title'])) ? trim($_POST['poll_title']) : '';
$poll_length = (!empty($_POST['poll_length'])) ? $_POST['poll_length'] : '';
$poll_option_text = (!empty($_POST['poll_option_text'])) ? $_POST['poll_option_text'] : '';
}
$err_msg = '';
$current_time = time();
// If replying/quoting and last post id has changed
// give user option of continuing submit or return to post
// notify and show user the post made between his request and the final submit
if ( ($mode == 'reply' || $mode == 'quote') && ($topic_cur_post_id != $topic_last_post_id) )
{
}
// Grab md5 'checksum' of new message
$message_md5 = md5($message_parser->message);
// Check checksum ... don't re-parse message if the same
if ($mode != 'edit' || $message_md5 != $post_checksum)
{
// Parse message
if (($result = $message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies)) != '')
{
$err_msg .= ((!empty($err_msg)) ? '<br />' : '') . $result;
}
}
if (($result = $message_parser->parse_attachments($mode, $post_id, $submit, $preview, $refresh, $attachment_data)) != '')
{
$err_msg .= ((!empty($err_msg)) ? '<br />' : '') . $result;
}
if (($mode != 'edit') && (!$preview) && (!$refresh) && (!$perm['f_ignoreflood']))
{
// Flood check
$where_sql = ($user->data['user_id'] == ANONYMOUS) ? "poster_ip = '$user->ip'" : 'poster_id = ' . $user->data['user_id'];
$sql = "SELECT MAX(post_time) AS last_post_time
FROM " . POSTS_TABLE . "
WHERE " . $where_sql;
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
if (intval($row['last_post_time']) && ($current_time - intval($row['last_post_time'])) < intval($config['flood_interval']))
{
$err_msg .= ((!empty($err_msg)) ? '<br />' : '') . $user->lang['FLOOD_ERROR'];
}
}
}
// Validate username
if (($username != '' && $user->data['user_id'] == ANONYMOUS) || ($mode == 'edit' && $post_username != ''))
{
$userdata = new userdata();
$username = strip_tags(htmlspecialchars($username));
if (($result = $userdata->validate_username($username)) != false)
{
$err_msg .= ((!empty($err_msg)) ? '<br />' : '') . $result;
}
}
// Parse subject
if ( ($subject == '') && ($mode == 'post' || ($mode == 'edit' && $topic_first_post_id == $post_id)))
{
$err_msg .= ((!empty($err_msg)) ? '<br />' : '') . $user->lang['EMPTY_SUBJECT'];
}
$poll_data = array(
'poll_title' => $poll_title,
'poll_length' => $poll_length,
'poll_option_text' => $poll_option_text,
'poll_start' => $poll_start,
'poll_last_vote' => $poll_last_vote,
'enable_html' => $enable_html,
'enable_bbcode' => $enable_bbcode,
'bbcode_uid' => $message_parser->bbcode_uid,
'enable_urls' => $enable_urls,
'enable_smilies' => $enable_smilies
);
$poll = array();
if (($result = $message_parser->parse_poll($poll, $poll_data)) != '')
{
$err_msg .= ((!empty($err_msg)) ? '<br />' : '') . $result;
}
$poll_options = $poll['poll_options'];
$poll_title = $poll['poll_title'];
// Check topic type
if ($topic_type != POST_NORMAL)
{
$auth_option = '';
switch ($topic_type)
{
case POST_NEWS:
$auth_option = 'news';
break;
case POST_ANNOUNCE:
$auth_option = 'announce';
break;
case POST_STICKY:
$auth_option = 'sticky';
break;
}
if (!$perm['f_' . $auth_option])
{
$err_msg .= ((!empty($err_msg)) ? '<br />' : '') . $user->lang['CANNOT_POST_' . strtoupper($auth_option)];
}
}
// Store message, sync counters
if (($err_msg == '') && ($submit))
{
// Lock/Unlock Topic
$change_topic_status = $topic_status;
if ($topic_status == ITEM_LOCKED && !$topic_lock && $perm['m_lock'])
{
$change_topic_status = ITEM_UNLOCKED;
}
else if ($topic_status == ITEM_UNLOCKED && $topic_lock && $perm['m_lock'])
{
$change_topic_status = ITEM_LOCKED;
}
if ($change_topic_status != $topic_status)
{
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_status = ' . $change_topic_status . '
WHERE topic_id = ' . $topic_id . '
AND topic_moved_id = 0';
$db->sql_query($sql);
add_log('mod', $forum_id, $topic_id, 'logm_' . (($change_topic_status == ITEM_LOCKED) ? 'lock' : 'unlock'));
}
// Lock/Unlock Post Edit
if ($mode == 'edit' && $post_edit_locked == ITEM_LOCKED && !$post_lock && $perm['m_edit'])
{
$post_edit_locked = ITEM_UNLOCKED;
}
else if ($mode == 'edit' && $post_edit_locked == ITEM_UNLOCKED && $post_lock && $perm['m_edit'])
{
$post_edit_locked = ITEM_LOCKED;
}
$post_data = array(
'topic_first_post_id' => $topic_first_post_id,
'post_id' => $post_id,
'topic_id' => $topic_id,
'forum_id' => $forum_id,
'enable_moderate' => $enable_moderate,
'icon_id' => $icon_id,
'poster_id' => $poster_id,
'enable_sig' => $enable_sig,
'enable_bbcode' => $enable_bbcode,
'enable_html' => $enable_html,
'enable_smilies' => $enable_smilies,
'enable_urls' => $enable_urls,
'enable_post_count' => $enable_post_count,
'message_md5' => $message_md5,
'post_checksum' => $post_checksum,
'forum_parents' => $forum_parents,
'notify' => $notify,
'notify_set' => $notify_set,
'post_edit_locked' => $post_edit_locked,
'bbcode_bitfield' => $message_parser->bbcode_bitfield
);
submit_post($mode, $message_parser->message, $subject, $username, $topic_type, $message_parser->bbcode_uid, $poll, $attachment_data, $post_data);
}
$post_text = $message_parser->message;
$post_subject = $topic_title = stripslashes($subject);
}
if ($err_msg)
{
$preview = false;
}
if ($preview)
{
if (empty($censors))
{
$censors = array();
obtain_word_list($censors);
}
$post_time = $current_time;
include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
$bbcode = new bbcode($message_parser->bbcode_bitfield);
$preview_message = format_display($message_parser->message, $enable_html, $enable_bbcode, $message_parser->bbcode_uid, $enable_urls, $enable_smilies, $enable_sig);
$preview_subject = (sizeof($censors)) ? preg_replace($censors['match'], $censors['replace'], $subject) : $subject;
// Poll Preview
if ( ( ($mode == 'post') || ( ($mode == 'edit') && ($post_id == $topic_first_post_id) && (empty($poll_last_vote)) )) && ( ($auth->acl_get('f_poll', $forum_id)) || ($auth->acl_get('m_edit', $forum_id)) ))
{
decode_text($poll_title, $message_parser->bbcode_uid);
$preview_poll_title = format_display(stripslashes($poll_title), $enable_html, $enable_bbcode, $message_parser->bbcode_uid, $enable_urls, $enable_smilies, false, false);
$template->assign_vars(array(
'S_HAS_POLL_OPTIONS' => (sizeof($poll_options)) ? true : false,
'POLL_QUESTION' => $preview_poll_title)
);
foreach ($poll_options as $option)
{
$template->assign_block_vars('poll_option', array(
'POLL_OPTION_CAPTION' => format_display(stripslashes($option), $enable_html, $enable_bbcode, $message_parser->bbcode_uid, $enable_urls, $enable_smilies, false, false))
);
}
}
}
// Decode text for message display
decode_text($post_text, $message_parser->bbcode_uid);
if ($subject)
{
decode_text($subject, $message_parser->bbcode_uid);
}
// Save us some processing time. ;)
if (count($poll_options_tmp))
{
$poll_options_tmp = implode("\n", $poll_options);
decode_text($poll_options_tmp);
$poll_options = explode("\n", $poll_options_tmp);
}
if (($mode == 'quote') && (!$preview) && (!$refresh))
{
$post_text = ' [quote' . ( (empty($username)) ? ']' : '="' . addslashes(trim($username)) . '"]') . trim($post_text) . '[/quote] ';
}
if ( (($mode == 'reply') || ($mode == 'quote')) && (!$preview) && (!$refresh))
{
$post_subject = ( ( !preg_match('/^Re:/', $post_subject) ) ? 'Re: ' : '' ) . $post_subject;
}
// MAIN POSTING PAGE BEGINS HERE
// Forum moderators?
get_moderators($moderators, $forum_id);
// Generate smilies and topic icon listings
generate_smilies('inline');
// Generate Topic icons
$s_topic_icons = generate_topic_icons($mode, $enable_icons);
// Topic type selection ... only for first post in topic.
$topic_type_toggle = '';
if ( ($mode == 'post') || (($mode == 'edit') && ($post_id == $topic_first_post_id)) )
{
$topic_types = array(
'sticky' => array('const' => POST_STICKY, 'lang' => 'POST_STICKY'),
'announce' => array('const' => POST_ANNOUNCE, 'lang' => 'POST_ANNOUNCEMENT')
// 'global_announce' => array('const' => POST_GLOBAL_ANNOUNCE, 'lang' => 'POST_GLOBAL_ANNOUNCE')
);
foreach ($topic_types as $auth_key => $topic_value)
{
if ($perm['f_' . $auth_key])
{
$topic_type_toggle .= '<input type="radio" name="topic_type" value="' . $topic_value['const'] . '"';
if ($topic_type == $topic_value['const'])
{
$topic_type_toggle .= ' checked="checked"';
}
$topic_type_toggle .= ' /> ' . $user->lang[$topic_value['lang']] . ' ';
}
}
if ($topic_type_toggle != '')
{
$topic_type_toggle = (($mode == 'edit') ? $user->lang['CHANGE_TOPIC_TO'] : $user->lang['POST_TOPIC_AS']) . ': <input type="radio" name="topic_type" value="' . POST_NORMAL . '"' . (($topic_type == POST_NORMAL) ? ' checked="checked"' : '') . ' /> ' . $user->lang['POST_NORMAL'] . ' ' . $topic_type_toggle;
}
}
// HTML, BBCode, Smilies, Images and Flash status
$html_status = (intval($config['allow_html']) && $auth->acl_get('f_html', $forum_id)) ? true : false;
$bbcode_status = (intval($config['allow_bbcode']) && $auth->acl_get('f_bbcode', $forum_id)) ? true : false;
$smilies_status = (intval($config['allow_smilies']) && $auth->acl_get('f_smilies', $forum_id)) ? true : false;
$img_status = (intval($config['allow_img']) && $auth->acl_get('f_img', $forum_id)) ? true : false;
$flash_status = (intval($config['allow_flash']) && $auth->acl_get('f_flash', $forum_id)) ? true : false;
$html_checked = (isset($enable_html)) ? !$enable_html : ((intval($config['allow_html'])) ? !$user->data['user_allowhtml'] : 1);
$bbcode_checked = (isset($enable_bbcode)) ? !$enable_bbcode : ((intval($config['allow_bbcode'])) ? !$user->data['user_allowbbcode'] : 1);
$smilies_checked = (isset($enable_smilies)) ? !$enable_smilies : ((intval($config['allow_smilies'])) ? !$user->data['user_allowsmile'] : 1);
$urls_checked = (isset($enable_urls)) ? !$enable_urls : 0;
$sig_checked = $enable_sig;
$notify_checked = (isset($notify_set)) ? $notify_set : (($user->data['user_id'] != ANONYMOUS) ? $user->data['user_notify'] : 0);
$lock_topic_checked = (isset($topic_lock)) ? $topic_lock : (($topic_status == ITEM_LOCKED) ? 1 : 0);
$lock_post_checked = (isset($post_lock)) ? $post_lock : $post_edit_locked;
// Page title & action URL, include session_id for security purpose
$s_action = "posting.$phpEx?sid=" . $user->session_id . "&mode=$mode&f=" . $forum_id;
$s_action .= ($topic_id) ? '&t=' . $topic_id : '';
$s_action .= ($post_id) ? '&p=' . $post_id : '';
switch ($mode)
{
case 'post':
$page_title = $user->lang['POST_TOPIC'];
break;
case 'quote':
case 'reply':
$page_title = $user->lang['POST_REPLY'];
break;
case 'delete':
case 'edit':
$page_title = $user->lang['EDIT_POST'];
}
// Build navigation links
$forum_data = array(
'parent_id' => $parent_id,
'forum_parents' => $forum_parents,
'forum_name' => $forum_name,
'forum_id' => $forum_id,
'forum_desc' => ''
);
generate_forum_nav($forum_data);
$s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $topic_last_post_id . '" />' : '';
$s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . time() . '" />';
$form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || @ini_get('file_uploads') == '0' || !$config['allow_attachments']) ? '' : 'enctype="multipart/form-data"';
// Start assigning vars for main posting page ...
$template->assign_vars(array(
'L_POST_A' => $page_title,
'L_ICON' => ($mode == 'reply' || $mode == 'quote') ? $user->lang['POST_ICON'] : $user->lang['TOPIC_ICON'],
'L_MESSAGE_BODY_EXPLAIN'=> (intval($config['max_post_chars'])) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '',
'FORUM_NAME' => $forum_name,
'FORUM_DESC' => (!empty($forum_desc)) ? strip_tags($forum_desc) : '',
'TOPIC_TITLE' => $topic_title,
'MODERATORS' => (sizeof($moderators)) ? implode(', ', $moderators[$forum_id]) : '',
'USERNAME' => (((!$preview) && ($mode != 'quote')) || ($preview)) ? stripslashes($username) : '',
'SUBJECT' => $post_subject,
'PREVIEW_SUBJECT' => ($preview) ? $preview_subject : '',
'MESSAGE' => trim($post_text),
'PREVIEW_MESSAGE' => ($preview) ? $preview_message : '',
'HTML_STATUS' => ($html_status) ? $user->lang['HTML_IS_ON'] : $user->lang['HTML_IS_OFF'],
'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . "faq.$phpEx$SID&mode=bbcode" . '" target="_phpbbcode">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . "faq.$phpEx$SID&mode=bbcode" . '" target="_phpbbcode">', '</a>'),
'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
'MINI_POST_IMG' => $user->img('icon_post', $user->lang['POST']),
'POST_DATE' => ($post_time) ? $user->format_date($post_time) : '',
'ERROR_MESSAGE' => $err_msg,
'U_VIEW_FORUM' => "viewforum.$phpEx$SID&f=" . $forum_id,
'U_VIEWTOPIC' => ($mode != 'post') ? "viewtopic.$phpEx$SID&" . $forum_id . "&t=" . $topic_id : '',
'U_REVIEW_TOPIC' => ($mode != 'post') ? "posting.$phpEx$SID&mode=topicreview&f=" . $forum_id . "&t=" . $topic_id : '',
'S_DISPLAY_PREVIEW' => ($preview),
'S_DISPLAY_REVIEW' => ($mode == 'reply' || $mode == 'quote') ? true : false,
'S_DISPLAY_USERNAME' => ($user->data['user_id'] == ANONYMOUS || ($mode == 'edit' && $post_username)) ? true : false,
'S_SHOW_TOPIC_ICONS' => $s_topic_icons,
'S_DELETE_ALLOWED' => ($mode == 'edit' && ( ($post_id == $topic_last_post_id && $poster_id == $user->data['user_id'] && $perm['u_delete']) || ($perm['m_delete']))) ? true : false,
'S_HTML_ALLOWED' => $html_status,
'S_HTML_CHECKED' => ($html_checked) ? 'checked="checked"' : '',
'S_BBCODE_ALLOWED' => $bbcode_status,
'S_BBCODE_CHECKED' => ($bbcode_checked) ? 'checked="checked"' : '',
'S_SMILIES_ALLOWED' => $smilies_status,
'S_SMILIES_CHECKED' => ($smilies_checked) ? 'checked="checked"' : '',
'S_SIG_ALLOWED' => ( ($perm['f_sigs']) && ($config['allow_sig']) ) ? true : false,
'S_SIGNATURE_CHECKED' => ($sig_checked) ? 'checked="checked"' : '',
'S_NOTIFY_ALLOWED' => ($user->data['user_id'] != ANONYMOUS) ? true : false,
'S_NOTIFY_CHECKED' => ($notify_checked) ? 'checked="checked"' : '',
'S_LOCK_TOPIC_ALLOWED' => ( ($mode == 'edit' || $mode == 'reply' || $mode == 'quote') && ($perm['m_lock']) ) ? true : false,
'S_LOCK_TOPIC_CHECKED' => ($lock_topic_checked) ? 'checked="checked"' : '',
'S_LOCK_POST_ALLOWED' => (($mode == 'edit') && ($perm['m_edit'])) ? true : false,
'S_LOCK_POST_CHECKED' => ($lock_post_checked) ? 'checked="checked"' : '',
'S_MAGIC_URL_CHECKED' => ($urls_checked) ? 'checked="checked"' : '',
'S_TYPE_TOGGLE' => $topic_type_toggle,
'S_SAVE_ALLOWED' => ($perm['f_save']) ? true : false,
'S_FORM_ENCTYPE' => $form_enctype,
'S_POST_ACTION' => $s_action,
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
// Poll entry
if ( ( ($mode == 'post') || ( ($mode == 'edit') && ($post_id == $topic_first_post_id) && (empty($poll_last_vote)) )) && ( ($auth->acl_get('f_poll', $forum_id)) || ($perm['m_edit']) ))
{
$template->assign_vars(array(
'S_SHOW_POLL_BOX' => true,
'S_POLL_DELETE' => ($mode == 'edit' && !empty($poll_options) && ((empty($poll_last_vote) && $poster_id == $user->data['user_id'] && $perm['u_delete']) || $perm['m_delete'])) ? true : false,
'L_POLL_OPTIONS_EXPLAIN'=> sprintf($user->lang['POLL_OPTIONS_EXPLAIN'], $config['max_poll_options']),
'POLL_TITLE' => $poll_title,
'POLL_OPTIONS' => (!empty($poll_options)) ? implode("\n", $poll_options) : '',
'POLL_LENGTH' => $poll_length)
);
}
// Attachment entry
if (($perm['f_attach']) || ($perm['m_edit']))
{
$template->assign_vars(array(
'S_SHOW_ATTACH_BOX' => true)
);
if (count($attachment_data['physical_filename']) > 0)
{
$template->assign_vars(array(
'S_HAS_ATTACHMENTS' => true)
);
for ($i = 0; $i < count($attachment_data['physical_filename']); $i++)
{
$attachment_data['real_filename'][$i] = stripslashes($attachment_data['real_filename'][$i]);
$hidden = '<input type="hidden" name="attachment_list[]" value="' . $attachment_data['physical_filename'][$i] . '" />';
$hidden .= '<input type="hidden" name="filename_list[]" value="' . $attachment_data['real_filename'][$i] . '" />';
$hidden .= '<input type="hidden" name="extension_list[]" value="' . $attachment_data['extension'][$i] . '" />';
$hidden .= '<input type="hidden" name="mimetype_list[]" value="' . $attachment_data['mimetype'][$i] . '" />';
$hidden .= '<input type="hidden" name="filesize_list[]" value="' . $attachment_data['filesize'][$i] . '" />';
$hidden .= '<input type="hidden" name="filetime_list[]" value="' . $attachment_data['filetime'][$i] . '" />';
$hidden .= '<input type="hidden" name="attach_id_list[]" value="' . $attachment_data['attach_id'][$i] . '" />';
$hidden .= '<input type="hidden" name="attach_thumbnail_list[]" value="' . $attachment_data['thumbnail'][$i] . '" />';
if ( $attachment_data['attach_id'][$i] == '-1' )
{
$download_link = $config['upload_dir'] . '/' . $attachment_data['physical_filename'][$i];
}
else
{
$download_link = $phpbb_root_path . "download." . $phpEx . "$SID?id=" . $attachment_data['attach_id'][$i];
}
$template->assign_block_vars('attach_row', array(
'FILENAME' => $attachment_data['real_filename'][$i],
'ATTACH_FILENAME' => $attachment_data['physical_filename'][$i],
'FILE_COMMENT' => stripslashes(htmlspecialchars($attachment_data['comment'][$i])),
'ATTACH_ID' => $attachment_data['attach_id'][$i],
'U_VIEW_ATTACHMENT' => $download_link,
'S_HIDDEN' => $hidden)
);
}
}
$template->assign_vars(array(
'FILE_COMMENT' => stripslashes(htmlspecialchars($attachment_data['filecomment'])),
'FILESIZE' => $config['max_filesize'],
'FILENAME' => $attachment_data['filename'])
);
}
// Output page ...
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'posting_body.html')
);
make_jumpbox('viewforum.'.$phpEx);
// Topic review
if ($mode == 'reply' || $mode == 'quote')
{
topic_review($topic_id, true);
}
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
?>