Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 754 lines (614 sloc) 34.57 kb
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
1 <?php
2
3 /**
8637b8a Jamie Furness Updating the copyright notices to 2011.
reines authored
4 * Copyright (C) 2008-2011 FluxBB
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
5 * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
6 * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
7 */
8
f5ee836 Jamie Furness Changing PUN_ROOT to use absolute paths, this solves some issues with AP...
reines authored
9 define('PUN_ROOT', dirname(__FILE__).'/');
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
10 require PUN_ROOT.'include/common.php';
11
12
13 if ($pun_user['g_read_board'] == '0')
14 message($lang_common['No view']);
15
16
17 $tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
18 $fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
19 if ($tid < 1 && $fid < 1 || $tid > 0 && $fid > 0)
20 message($lang_common['Bad request']);
21
22 // Fetch some info about the topic and/or the forum
23 if ($tid)
24 $result = $db->query('SELECT f.id, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, t.subject, t.closed, s.user_id AS is_subscribed FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') LEFT JOIN '.$db->prefix.'topic_subscriptions AS s ON (t.id=s.topic_id AND s.user_id='.$pun_user['id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$tid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
25 else
26 $result = $db->query('SELECT f.id, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
27
28 if (!$db->num_rows($result))
29 message($lang_common['Bad request']);
30
31 $cur_posting = $db->fetch_assoc($result);
32 $is_subscribed = $tid && $cur_posting['is_subscribed'];
33
34 // Is someone trying to post into a redirect forum?
35 if ($cur_posting['redirect_url'] != '')
36 message($lang_common['Bad request']);
37
38 // Sort out who the moderators are and if we are currently a moderator (or an admin)
39 $mods_array = ($cur_posting['moderators'] != '') ? unserialize($cur_posting['moderators']) : array();
40 $is_admmod = ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_moderator'] == '1' && array_key_exists($pun_user['username'], $mods_array))) ? true : false;
41
42 if ($tid && $pun_config['o_censoring'] == '1')
43 $cur_posting['subject'] = censor_words($cur_posting['subject']);
44
45 // Do we have permission to post?
46 if ((($tid && (($cur_posting['post_replies'] == '' && $pun_user['g_post_replies'] == '0') || $cur_posting['post_replies'] == '0')) ||
47 ($fid && (($cur_posting['post_topics'] == '' && $pun_user['g_post_topics'] == '0') || $cur_posting['post_topics'] == '0')) ||
48 (isset($cur_posting['closed']) && $cur_posting['closed'] == '1')) &&
49 !$is_admmod)
50 message($lang_common['No permission']);
51
52 // Load the post.php language file
53 require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php';
54
55 // Start with a clean slate
56 $errors = array();
57
58
59 // Did someone just hit "Submit" or "Preview"?
60 if (isset($_POST['form_sent']))
61 {
62 // Flood protection
63 if (!isset($_POST['preview']) && $pun_user['last_post'] != '' && (time() - $pun_user['last_post']) < $pun_user['g_post_flood'])
64 $errors[] = $lang_post['Flood start'].' '.$pun_user['g_post_flood'].' '.$lang_post['flood end'];
65
66 // If it's a new topic
67 if ($fid)
68 {
69 $subject = pun_trim($_POST['req_subject']);
4291ae6 Jamie Furness We should only check the censored_subject if we have censoring enabled.
reines authored
70
7562628 Franz Liedke #257 and #266: Apply censoring before validating new posts and topics. A...
franzliedke authored
71 if ($pun_config['o_censoring'] == '1')
72 $censored_subject = pun_trim(censor_words($subject));
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
73
74 if ($subject == '')
75 $errors[] = $lang_post['No subject'];
4291ae6 Jamie Furness We should only check the censored_subject if we have censoring enabled.
reines authored
76 else if ($pun_config['o_censoring'] == '1' && $censored_subject == '')
7562628 Franz Liedke #257 and #266: Apply censoring before validating new posts and topics. A...
franzliedke authored
77 $errors[] = $lang_post['No subject after censoring'];
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
78 else if (pun_strlen($subject) > 70)
79 $errors[] = $lang_post['Too long subject'];
80 else if ($pun_config['p_subject_all_caps'] == '0' && is_all_uppercase($subject) && !$pun_user['is_admmod'])
81 $errors[] = $lang_post['All caps subject'];
82 }
83
84 // If the user is logged in we get the username and email from $pun_user
85 if (!$pun_user['is_guest'])
86 {
87 $username = $pun_user['username'];
88 $email = $pun_user['email'];
89 }
90 // Otherwise it should be in $_POST
91 else
92 {
93 $username = pun_trim($_POST['req_username']);
94 $email = strtolower(trim(($pun_config['p_force_guest_email'] == '1') ? $_POST['req_email'] : $_POST['email']));
926f3dc Quy Fixed undefined variable for guest posting when email address is not req...
Quy authored
95 $banned_email = false;
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
96
e602128 minor edit (Ticket #439)
root authored
97 // Load the register.php/prof_reg.php language files
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
98 require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';
99 require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
100
101 // It's a guest, so we have to validate the username
102 check_username($username);
103
104 if ($pun_config['p_force_guest_email'] == '1' || $email != '')
105 {
106 require PUN_ROOT.'include/email.php';
107 if (!is_valid_email($email))
108 $errors[] = $lang_common['Invalid email'];
109
110 // Check if it's a banned email address
111 // we should only check guests because members addresses are already verified
112 if ($pun_user['is_guest'] && is_banned_email($email))
113 {
114 if ($pun_config['p_allow_banned_email'] == '0')
115 $errors[] = $lang_prof_reg['Banned email'];
116
117 $banned_email = true; // Used later when we send an alert email
118 }
119 }
120 }
121
122 // Clean up message from POST
123 $orig_message = $message = pun_linebreaks(pun_trim($_POST['req_message']));
124
125 // Here we use strlen() not pun_strlen() as we want to limit the post to PUN_MAX_POSTSIZE bytes, not characters
126 if (strlen($message) > PUN_MAX_POSTSIZE)
127 $errors[] = sprintf($lang_post['Too long message'], forum_number_format(PUN_MAX_POSTSIZE));
128 else if ($pun_config['p_message_all_caps'] == '0' && is_all_uppercase($message) && !$pun_user['is_admmod'])
129 $errors[] = $lang_post['All caps message'];
130
131 // Validate BBCode syntax
132 if ($pun_config['p_message_bbcode'] == '1')
133 {
134 require PUN_ROOT.'include/parser.php';
135 $message = preparse_bbcode($message, $errors);
136 }
137
7562628 Franz Liedke #257 and #266: Apply censoring before validating new posts and topics. A...
franzliedke authored
138 if (empty($errors))
139 {
140 if ($message == '')
141 $errors[] = $lang_post['No message'];
142 else if ($pun_config['o_censoring'] == '1')
143 {
144 // Censor message to see if that causes problems
145 $censored_message = pun_trim(censor_words($message));
1ec137d Jeff Roberson Removed trailing whitespace from all files.
ridgerunner authored
146
7562628 Franz Liedke #257 and #266: Apply censoring before validating new posts and topics. A...
franzliedke authored
147 if ($censored_message == '')
148 $errors[] = $lang_post['No message after censoring'];
149 }
150 }
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
151
152 $hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0';
153 $subscribe = isset($_POST['subscribe']) ? '1' : '0';
154 $stick_topic = isset($_POST['stick_topic']) && $is_admmod ? '1' : '0';
155
156 $now = time();
157
158 // Did everything go according to plan?
159 if (empty($errors) && !isset($_POST['preview']))
160 {
161 require PUN_ROOT.'include/search_idx.php';
162
163 // If it's a reply
164 if ($tid)
165 {
166 if (!$pun_user['is_guest'])
167 {
168 $new_tid = $tid;
169
170 // Insert the new post
171 $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', '.$pun_user['id'].', \''.get_remote_address().'\', \''.$db->escape($message).'\', '.$hide_smilies.', '.$now.', '.$tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
172 $new_pid = $db->insert_id();
173
174 // To subscribe or not to subscribe, that ...
1016a03 Franz Liedke Ticket #142: Add option for switching forum subscriptions on/off.
franzliedke authored
175 if ($pun_config['o_topic_subscriptions'] == '1')
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
176 {
177 if ($subscribe && !$is_subscribed)
178 $db->query('INSERT INTO '.$db->prefix.'topic_subscriptions (user_id, topic_id) VALUES('.$pun_user['id'].' ,'.$tid.')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());
179 else if (!$subscribe && $is_subscribed)
180 $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$tid) or error('Unable to remove subscription', __FILE__, __LINE__, $db->error());
181 }
182 }
183 else
184 {
185 // It's a guest. Insert the new post
de0def8 Quy Escaping guest's email in post.php.
Quy authored
186 $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$db->escape($email).'\'' : 'NULL';
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
187 $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', \''.get_remote_address().'\', '.$email_sql.', \''.$db->escape($message).'\', '.$hide_smilies.', '.$now.', '.$tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
188 $new_pid = $db->insert_id();
189 }
190
191 // Count number of replies in the topic
192 $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'posts WHERE topic_id='.$tid) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $db->error());
193 $num_replies = $db->result($result, 0) - 1;
194
195 // Update topic
196 $db->query('UPDATE '.$db->prefix.'topics SET num_replies='.$num_replies.', last_post='.$now.', last_post_id='.$new_pid.', last_poster=\''.$db->escape($username).'\' WHERE id='.$tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
197
198 update_search_index('post', $new_pid, $message);
199
200 update_forum($cur_posting['id']);
201
202 // Should we send out notifications?
1016a03 Franz Liedke Ticket #142: Add option for switching forum subscriptions on/off.
franzliedke authored
203 if ($pun_config['o_topic_subscriptions'] == '1')
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
204 {
205 // Get the post time for the previous post in this topic
206 $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
207 $previous_post_time = $db->result($result);
208
209 // Get any subscribed users that should be notified (banned users are excluded)
210 $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'topic_subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.$pun_user['id']) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
211 if ($db->num_rows($result))
212 {
213 require_once PUN_ROOT.'include/email.php';
214
215 $notification_emails = array();
216
63fcaac Frank Smit Subscription emails are now partially filtered. Images, URLs and lists
FSX authored
217 if ($pun_config['o_censoring'] == '1')
218 $cleaned_message = bbcode2email($censored_message, -1);
219 else
220 $cleaned_message = bbcode2email($message, -1);
221
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
222 // Loop through subscribed users and send emails
223 while ($cur_subscriber = $db->fetch_assoc($result))
224 {
225 // Is the subscription email for $cur_subscriber['language'] cached or not?
226 if (!isset($notification_emails[$cur_subscriber['language']]))
227 {
228 if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'))
229 {
230 // Load the "new reply" template
231 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'));
232
233 // Load the "new reply full" template (with post included)
234 $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl'));
235
236 // The first row contains the subject (it also starts with "Subject:")
237 $first_crlf = strpos($mail_tpl, "\n");
238 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
239 $mail_message = trim(substr($mail_tpl, $first_crlf));
240
241 $first_crlf = strpos($mail_tpl_full, "\n");
242 $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8));
243 $mail_message_full = trim(substr($mail_tpl_full, $first_crlf));
244
245 $mail_subject = str_replace('<topic_subject>', $cur_posting['subject'], $mail_subject);
246 $mail_message = str_replace('<topic_subject>', $cur_posting['subject'], $mail_message);
247 $mail_message = str_replace('<replier>', $username, $mail_message);
248 $mail_message = str_replace('<post_url>', get_base_url().'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message);
249 $mail_message = str_replace('<unsubscribe_url>', get_base_url().'/misc.php?action=unsubscribe&tid='.$tid, $mail_message);
250 $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
251
252 $mail_subject_full = str_replace('<topic_subject>', $cur_posting['subject'], $mail_subject_full);
253 $mail_message_full = str_replace('<topic_subject>', $cur_posting['subject'], $mail_message_full);
254 $mail_message_full = str_replace('<replier>', $username, $mail_message_full);
63fcaac Frank Smit Subscription emails are now partially filtered. Images, URLs and lists
FSX authored
255 $mail_message_full = str_replace('<message>', $cleaned_message, $mail_message_full);
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
256 $mail_message_full = str_replace('<post_url>', get_base_url().'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full);
257 $mail_message_full = str_replace('<unsubscribe_url>', get_base_url().'/misc.php?action=unsubscribe&tid='.$tid, $mail_message_full);
258 $mail_message_full = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full);
259
260 $notification_emails[$cur_subscriber['language']][0] = $mail_subject;
261 $notification_emails[$cur_subscriber['language']][1] = $mail_message;
262 $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full;
263 $notification_emails[$cur_subscriber['language']][3] = $mail_message_full;
264
265 $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null;
266 }
267 }
268
269 // We have to double check here because the templates could be missing
270 if (isset($notification_emails[$cur_subscriber['language']]))
271 {
272 if ($cur_subscriber['notify_with_post'] == '0')
273 pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]);
274 else
275 pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);
276 }
277 }
63fcaac Frank Smit Subscription emails are now partially filtered. Images, URLs and lists
FSX authored
278
279 unset($cleaned_message);
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
280 }
281 }
282 }
283 // If it's a new topic
284 else if ($fid)
285 {
286 // Create the topic
287 $db->query('INSERT INTO '.$db->prefix.'topics (poster, subject, posted, last_post, last_poster, sticky, forum_id) VALUES(\''.$db->escape($username).'\', \''.$db->escape($subject).'\', '.$now.', '.$now.', \''.$db->escape($username).'\', '.$stick_topic.', '.$fid.')') or error('Unable to create topic', __FILE__, __LINE__, $db->error());
288 $new_tid = $db->insert_id();
289
290 if (!$pun_user['is_guest'])
291 {
292 // To subscribe or not to subscribe, that ...
1016a03 Franz Liedke Ticket #142: Add option for switching forum subscriptions on/off.
franzliedke authored
293 if ($pun_config['o_topic_subscriptions'] == '1' && $subscribe)
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
294 $db->query('INSERT INTO '.$db->prefix.'topic_subscriptions (user_id, topic_id) VALUES('.$pun_user['id'].' ,'.$new_tid.')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());
295
296 // Create the post ("topic post")
297 $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', '.$pun_user['id'].', \''.get_remote_address().'\', \''.$db->escape($message).'\', '.$hide_smilies.', '.$now.', '.$new_tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
298 }
299 else
300 {
301 // Create the post ("topic post")
de0def8 Quy Escaping guest's email in post.php.
Quy authored
302 $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$db->escape($email).'\'' : 'NULL';
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
303 $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', \''.get_remote_address().'\', '.$email_sql.', \''.$db->escape($message).'\', '.$hide_smilies.', '.$now.', '.$new_tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
304 }
305 $new_pid = $db->insert_id();
306
307 // Update the topic with last_post_id
308 $db->query('UPDATE '.$db->prefix.'topics SET last_post_id='.$new_pid.', first_post_id='.$new_pid.' WHERE id='.$new_tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
309
310 update_search_index('post', $new_pid, $message, $subject);
311
312 update_forum($fid);
313
314 // Should we send out notifications?
1016a03 Franz Liedke Ticket #142: Add option for switching forum subscriptions on/off.
franzliedke authored
315 if ($pun_config['o_forum_subscriptions'] == '1')
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
316 {
317 // Get any subscribed users that should be notified (banned users are excluded)
318 $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'forum_subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.forum_id='.$cur_posting['id'].' AND u.id!='.$pun_user['id']) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
319 if ($db->num_rows($result))
320 {
321 require_once PUN_ROOT.'include/email.php';
322
323 $notification_emails = array();
324
63fcaac Frank Smit Subscription emails are now partially filtered. Images, URLs and lists
FSX authored
325 if ($pun_config['o_censoring'] == '1')
326 $cleaned_message = bbcode2email($censored_message, -1);
327 else
328 $cleaned_message = bbcode2email($message, -1);
329
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
330 // Loop through subscribed users and send emails
331 while ($cur_subscriber = $db->fetch_assoc($result))
332 {
333 // Is the subscription email for $cur_subscriber['language'] cached or not?
334 if (!isset($notification_emails[$cur_subscriber['language']]))
335 {
336 if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_topic.tpl'))
337 {
338 // Load the "new topic" template
339 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_topic.tpl'));
340
341 // Load the "new topic full" template (with post included)
342 $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_topic_full.tpl'));
343
344 // The first row contains the subject (it also starts with "Subject:")
345 $first_crlf = strpos($mail_tpl, "\n");
346 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
347 $mail_message = trim(substr($mail_tpl, $first_crlf));
348
349 $first_crlf = strpos($mail_tpl_full, "\n");
350 $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8));
351 $mail_message_full = trim(substr($mail_tpl_full, $first_crlf));
352
353 $mail_subject = str_replace('<forum_name>', $cur_posting['forum_name'], $mail_subject);
7562628 Franz Liedke #257 and #266: Apply censoring before validating new posts and topics. A...
franzliedke authored
354 $mail_message = str_replace('<topic_subject>', $pun_config['o_censoring'] == '1' ? $censored_subject : $subject, $mail_message);
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
355 $mail_message = str_replace('<forum_name>', $cur_posting['forum_name'], $mail_message);
356 $mail_message = str_replace('<poster>', $username, $mail_message);
357 $mail_message = str_replace('<topic_url>', get_base_url().'/viewtopic.php?id='.$new_tid, $mail_message);
358 $mail_message = str_replace('<unsubscribe_url>', get_base_url().'/misc.php?action=unsubscribe&fid='.$cur_posting['id'], $mail_message);
359 $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
360
361 $mail_subject_full = str_replace('<forum_name>', $cur_posting['forum_name'], $mail_subject_full);
7562628 Franz Liedke #257 and #266: Apply censoring before validating new posts and topics. A...
franzliedke authored
362 $mail_message_full = str_replace('<topic_subject>', $pun_config['o_censoring'] == '1' ? $censored_subject : $subject, $mail_message_full);
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
363 $mail_message_full = str_replace('<forum_name>', $cur_posting['forum_name'], $mail_message_full);
364 $mail_message_full = str_replace('<poster>', $username, $mail_message_full);
63fcaac Frank Smit Subscription emails are now partially filtered. Images, URLs and lists
FSX authored
365 $mail_message_full = str_replace('<message>', $cleaned_message, $mail_message_full);
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
366 $mail_message_full = str_replace('<topic_url>', get_base_url().'/viewtopic.php?id='.$new_tid, $mail_message_full);
367 $mail_message_full = str_replace('<unsubscribe_url>', get_base_url().'/misc.php?action=unsubscribe&fid='.$cur_posting['id'], $mail_message_full);
368 $mail_message_full = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full);
369
370 $notification_emails[$cur_subscriber['language']][0] = $mail_subject;
371 $notification_emails[$cur_subscriber['language']][1] = $mail_message;
372 $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full;
373 $notification_emails[$cur_subscriber['language']][3] = $mail_message_full;
374
375 $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null;
376 }
377 }
378
379 // We have to double check here because the templates could be missing
380 if (isset($notification_emails[$cur_subscriber['language']]))
381 {
382 if ($cur_subscriber['notify_with_post'] == '0')
383 pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]);
384 else
385 pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);
386 }
387 }
63fcaac Frank Smit Subscription emails are now partially filtered. Images, URLs and lists
FSX authored
388
389 unset($cleaned_message);
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
390 }
391 }
392 }
393
394 // If we previously found out that the email was banned
395 if ($pun_user['is_guest'] && $banned_email && $pun_config['o_mailing_list'] != '')
396 {
c247d6c Franz Liedke #422: Use templates for all emails. Thanks to Daris for the patch!
franzliedke authored
397 // Load the "banned email post" template
398 $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/banned_email_post.tpl'));
399
400 // The first row contains the subject
401 $first_crlf = strpos($mail_tpl, "\n");
402 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
403 $mail_message = trim(substr($mail_tpl, $first_crlf));
404
405 $mail_message = str_replace('<username>', $username, $mail_message);
406 $mail_message = str_replace('<email>', $email, $mail_message);
407 $mail_message = str_replace('<post_url>', get_base_url().'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message);
408 $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
409
410 pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
411 }
412
413 // If the posting user is logged in, increment his/her post count
414 if (!$pun_user['is_guest'])
415 {
416 $db->query('UPDATE '.$db->prefix.'users SET num_posts=num_posts+1, last_post='.$now.' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
417
418 $tracked_topics = get_tracked_topics();
419 $tracked_topics['topics'][$new_tid] = time();
420 set_tracked_topics($tracked_topics);
421 }
422 else
423 {
424 $db->query('UPDATE '.$db->prefix.'online SET last_post='.$now.' WHERE ident=\''.$db->escape(get_remote_address()).'\'' ) or error('Unable to update user', __FILE__, __LINE__, $db->error());
425 }
426
427 redirect('viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $lang_post['Post redirect']);
428 }
429 }
430
431
432 // If a topic ID was specified in the url (it's a reply)
433 if ($tid)
434 {
435 $action = $lang_post['Post a reply'];
436 $form = '<form id="post" method="post" action="post.php?action=post&amp;tid='.$tid.'" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">';
437
438 // If a quote ID was specified in the url
439 if (isset($_GET['qid']))
440 {
441 $qid = intval($_GET['qid']);
442 if ($qid < 1)
443 message($lang_common['Bad request']);
444
445 $result = $db->query('SELECT poster, message FROM '.$db->prefix.'posts WHERE id='.$qid.' AND topic_id='.$tid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());
446 if (!$db->num_rows($result))
447 message($lang_common['Bad request']);
448
449 list($q_poster, $q_message) = $db->fetch_row($result);
450
451 // If the message contains a code tag we have to split it up (text within [code][/code] shouldn't be touched)
452 if (strpos($q_message, '[code]') !== false && strpos($q_message, '[/code]') !== false)
453 {
454 $errors = array();
455 list($inside, $outside) = split_text($q_message, '[code]', '[/code]', $errors);
456 if (!empty($errors)) // Technically this shouldn't happen, since $q_message is an existing post it should only exist if it previously passed validation
457 message($errors[0]);
458
459 $q_message = implode("\1", $outside);
460 }
461
462 // Remove [img] tags from quoted message
463 $q_message = preg_replace('%\[img(?:=(?:[^\[]*?))?\]((ht|f)tps?://)([^\s<"]*?)\[/img\]%U', '\1\3', $q_message);
464
465 // If we split up the message before we have to concatenate it together again (code tags)
466 if (isset($inside))
467 {
468 $outside = explode("\1", $q_message);
469 $q_message = '';
470
471 $num_tokens = count($outside);
472 for ($i = 0; $i < $num_tokens; ++$i)
473 {
474 $q_message .= $outside[$i];
475 if (isset($inside[$i]))
476 $q_message .= '[code]'.$inside[$i].'[/code]';
477 }
478
479 unset($inside);
480 }
481
482 if ($pun_config['o_censoring'] == '1')
483 $q_message = censor_words($q_message);
484
485 $q_message = pun_htmlspecialchars($q_message);
486
487 if ($pun_config['p_message_bbcode'] == '1')
488 {
489 // If username contains a square bracket, we add "" or '' around it (so we know when it starts and ends)
490 if (strpos($q_poster, '[') !== false || strpos($q_poster, ']') !== false)
491 {
492 if (strpos($q_poster, '\'') !== false)
493 $q_poster = '"'.$q_poster.'"';
494 else
495 $q_poster = '\''.$q_poster.'\'';
496 }
497 else
498 {
499 // Get the characters at the start and end of $q_poster
500 $ends = substr($q_poster, 0, 1).substr($q_poster, -1, 1);
501
502 // Deal with quoting "Username" or 'Username' (becomes '"Username"' or "'Username'")
503 if ($ends == '\'\'')
504 $q_poster = '"'.$q_poster.'"';
505 else if ($ends == '""')
506 $q_poster = '\''.$q_poster.'\'';
507 }
508
509 $quote = '[quote='.$q_poster.']'.$q_message.'[/quote]'."\n";
510 }
511 else
512 $quote = '> '.$q_poster.' '.$lang_common['wrote']."\n\n".'> '.$q_message."\n";
513 }
514 }
515 // If a forum ID was specified in the url (new topic)
516 else if ($fid)
517 {
518 $action = $lang_post['Post new topic'];
519 $form = '<form id="post" method="post" action="post.php?action=post&amp;fid='.$fid.'" onsubmit="return process_form(this)">';
520 }
521 else
522 message($lang_common['Bad request']);
523
524
525 $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $action);
526 $required_fields = array('req_email' => $lang_common['Email'], 'req_subject' => $lang_common['Subject'], 'req_message' => $lang_common['Message']);
527 $focus_element = array('post');
528
529 if (!$pun_user['is_guest'])
530 $focus_element[] = ($fid) ? 'req_subject' : 'req_message';
531 else
532 {
533 $required_fields['req_username'] = $lang_post['Guest name'];
534 $focus_element[] = 'req_username';
535 }
536
537 define('PUN_ACTIVE_PAGE', 'index');
538 require PUN_ROOT.'header.php';
539
540 ?>
541 <div class="linkst">
542 <div class="inbox">
543 <ul class="crumbs">
544 <li><a href="index.php"><?php echo $lang_common['Index'] ?></a></li>
545 <li><span&#160;</span><a href="viewforum.php?id=<?php echo $cur_posting['id'] ?>"><?php echo pun_htmlspecialchars($cur_posting['forum_name']) ?></a></li>
546 <?php if (isset($cur_posting['subject'])): ?> <li><span&#160;</span><a href="viewtopic.php?id=<?php echo $tid ?>"><?php echo pun_htmlspecialchars($cur_posting['subject']) ?></a></li>
547 <?php endif; ?> <li><span&#160;</span><strong><?php echo $action ?></strong></li>
548 </ul>
549 </div>
550 </div>
551
552 <?php
553
554 // If there are errors, we display them
555 if (!empty($errors))
556 {
557
558 ?>
559 <div id="posterror" class="block">
560 <h2><span><?php echo $lang_post['Post errors'] ?></span></h2>
561 <div class="box">
562 <div class="inbox error-info">
563 <p><?php echo $lang_post['Post errors info'] ?></p>
564 <ul class="error-list">
565 <?php
566
567 foreach ($errors as $cur_error)
568 echo "\t\t\t\t".'<li><strong>'.$cur_error.'</strong></li>'."\n";
569 ?>
570 </ul>
571 </div>
572 </div>
573 </div>
574
575 <?php
576
577 }
578 else if (isset($_POST['preview']))
579 {
580 require_once PUN_ROOT.'include/parser.php';
581 $preview_message = parse_message($message, $hide_smilies);
582
583 ?>
584 <div id="postpreview" class="blockpost">
585 <h2><span><?php echo $lang_post['Post preview'] ?></span></h2>
586 <div class="box">
587 <div class="inbox">
588 <div class="postbody">
589 <div class="postright">
590 <div class="postmsg">
591 <?php echo $preview_message."\n" ?>
592 </div>
593 </div>
594 </div>
595 </div>
596 </div>
597 </div>
598
599 <?php
600
601 }
602
603
604 $cur_index = 1;
605
606 ?>
607 <div id="postform" class="blockform">
608 <h2><span><?php echo $action ?></span></h2>
609 <div class="box">
610 <?php echo $form."\n" ?>
611 <div class="inform">
612 <fieldset>
613 <legend><?php echo $lang_common['Write message legend'] ?></legend>
614 <div class="infldset txtarea">
615 <input type="hidden" name="form_sent" value="1" />
616 <?php
617
618 if ($pun_user['is_guest'])
619 {
620 $email_label = ($pun_config['p_force_guest_email'] == '1') ? '<strong>'.$lang_common['Email'].' <span>'.$lang_common['Required'].'</span></strong>' : $lang_common['Email'];
621 $email_form_name = ($pun_config['p_force_guest_email'] == '1') ? 'req_email' : 'email';
622
623 ?>
624 <label class="conl required"><strong><?php echo $lang_post['Guest name'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_username" value="<?php if (isset($_POST['req_username'])) echo pun_htmlspecialchars($username); ?>" size="25" maxlength="25" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
625 <label class="conl<?php echo ($pun_config['p_force_guest_email'] == '1') ? ' required' : '' ?>"><?php echo $email_label ?><br /><input type="text" name="<?php echo $email_form_name ?>" value="<?php if (isset($_POST[$email_form_name])) echo pun_htmlspecialchars($email); ?>" size="50" maxlength="80" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
626 <div class="clearer"></div>
627 <?php
628
629 }
630
631 if ($fid): ?>
632 <label class="required"><strong><?php echo $lang_common['Subject'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input class="longinput" type="text" name="req_subject" value="<?php if (isset($_POST['req_subject'])) echo pun_htmlspecialchars($subject); ?>" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
633 <?php endif; ?> <label class="required"><strong><?php echo $lang_common['Message'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
634 <textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars($orig_message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
635 <ul class="bblinks">
636 <li><span><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
26e6a32 Quy Fixed some image options/status that did not check for BBCode status.
Quy authored
637 <li><span><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1' && $pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
638 <li><span><a href="help.php#smilies" onclick="window.open(this.href); return false;"><?php echo $lang_common['Smilies'] ?></a> <?php echo ($pun_config['o_smilies'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
639 </ul>
640 </div>
641 </fieldset>
642 <?php
643
644 $checkboxes = array();
645 if ($is_admmod)
646 $checkboxes[] = '<label><input type="checkbox" name="stick_topic" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['stick_topic']) ? ' checked="checked"' : '').' />'.$lang_common['Stick topic'].'<br /></label>';
647
648 if (!$pun_user['is_guest'])
649 {
650 if ($pun_config['o_smilies'] == '1')
651 $checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
652
1016a03 Franz Liedke Ticket #142: Add option for switching forum subscriptions on/off.
franzliedke authored
653 if ($pun_config['o_topic_subscriptions'] == '1')
72dcf03 Franz Liedke Fix copy/paste mistakes in comments and remove unnecessary template subs...
franzliedke authored
654 {
655 $subscr_checked = false;
656
657 // If it's a preview
658 if (isset($_POST['preview']))
659 $subscr_checked = isset($_POST['subscribe']) ? true : false;
660 // If auto subscribed
661 else if ($pun_user['auto_notify'])
662 $subscr_checked = true;
663 // If already subscribed to the topic
664 else if ($is_subscribed)
665 $subscr_checked = true;
666
667 $checkboxes[] = '<label><input type="checkbox" name="subscribe" value="1" tabindex="'.($cur_index++).'"'.($subscr_checked ? ' checked="checked"' : '').' />'.($is_subscribed ? $lang_post['Stay subscribed'] : $lang_post['Subscribe']).'<br /></label>';
668 }
669 }
670 else if ($pun_config['o_smilies'] == '1')
671 $checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
672
673 if (!empty($checkboxes))
674 {
675
676 ?>
677 </div>
678 <div class="inform">
679 <fieldset>
680 <legend><?php echo $lang_common['Options'] ?></legend>
681 <div class="infldset">
682 <div class="rbox">
683 <?php echo implode("\n\t\t\t\t\t\t\t", $checkboxes)."\n" ?>
684 </div>
685 </div>
686 </fieldset>
687 <?php
688
689 }
690
691 ?>
692 </div>
693 <p class="buttons"><input type="submit" name="submit" value="<?php echo $lang_common['Submit'] ?>" tabindex="<?php echo $cur_index++ ?>" accesskey="s" /> <input type="submit" name="preview" value="<?php echo $lang_post['Preview'] ?>" tabindex="<?php echo $cur_index++ ?>" accesskey="p" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
694 </form>
695 </div>
696 </div>
697
698 <?php
699
700 // Check to see if the topic review is to be displayed
701 if ($tid && $pun_config['o_topic_review'] != '0')
702 {
703 require_once PUN_ROOT.'include/parser.php';
704
705 $result = $db->query('SELECT poster, message, hide_smilies, posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT '.$pun_config['o_topic_review']) or error('Unable to fetch topic review', __FILE__, __LINE__, $db->error());
706
707 ?>
708
709 <div id="postreview">
710 <h2><span><?php echo $lang_post['Topic review'] ?></span></h2>
711 <?php
712
713 // Set background switching on
714 $post_count = 0;
715
716 while ($cur_post = $db->fetch_assoc($result))
717 {
718 $post_count++;
719
720 $cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']);
721
722 ?>
723 <div class="blockpost">
724 <div class="box<?php echo ($post_count % 2 == 0) ? ' roweven' : ' rowodd' ?>">
725 <div class="inbox">
726 <div class="postbody">
727 <div class="postleft">
728 <dl>
729 <dt><strong><?php echo pun_htmlspecialchars($cur_post['poster']) ?></strong></dt>
730 <dd><span><?php echo format_time($cur_post['posted']) ?></span></dd>
731 </dl>
732 </div>
733 <div class="postright">
734 <div class="postmsg">
735 <?php echo $cur_post['message']."\n" ?>
736 </div>
737 </div>
738 </div>
739 <div class="clearer"></div>
740 </div>
741 </div>
742 </div>
743 <?php
744
745 }
746
747 ?>
748 </div>
749 <?php
750
751 }
752
753 require PUN_ROOT.'footer.php';
Something went wrong with that request. Please try again.