Verzeichnisstruktur phpBB-3.1.0
- Veröffentlicht
- 27.10.2014
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
posting.php
0001 <?php
0002 /**
0003 *
0004 * This file is part of the phpBB Forum Software package.
0005 *
0006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
0007 * @license GNU General Public License, version 2 (GPL-2.0)
0008 *
0009 * For full copyright and license information, please see
0010 * the docs/CREDITS.txt file.
0011 *
0012 */
0013
0014 /**
0015 * @ignore
0016 */
0017 define('IN_PHPBB', true);
0018 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
0019 $phpEx = substr(strrchr(__FILE__, '.'), 1);
0020 include($phpbb_root_path . 'common.' . $phpEx);
0021 include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
0022 include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
0023 include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
0024
0025
0026 // Start session management
0027 $user->session_begin();
0028 $auth->acl($user->data);
0029
0030
0031 // Grab only parameters needed here
0032 $post_id = request_var('p', 0);
0033 $topic_id = request_var('t', 0);
0034 $forum_id = request_var('f', 0);
0035 $draft_id = request_var('d', 0);
0036 $lastclick = request_var('lastclick', 0);
0037
0038 $submit = (isset($_POST['post'])) ? true : false;
0039 $preview = (isset($_POST['preview'])) ? true : false;
0040 $save = (isset($_POST['save'])) ? true : false;
0041 $load = (isset($_POST['load'])) ? true : false;
0042 $confirm = $request->is_set_post('confirm');
0043 $cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
0044
0045 $refresh = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['cancel_unglobalise']) || $save || $load || $preview);
0046 $mode = request_var('mode', '');
0047
0048 // If the user is not allowed to delete the post, we try to soft delete it, so we overwrite the mode here.
0049 if ($mode == 'delete' && (($confirm && !$request->is_set_post('delete_permanent')) || !$auth->acl_gets('f_delete', 'm_delete', $forum_id)))
0050 {
0051 $mode = 'soft_delete';
0052 }
0053
0054 $error = $post_data = array();
0055 $current_time = time();
0056
0057 /**
0058 * This event allows you to alter the above parameters, such as submit and mode
0059 *
0060 * Note: $refresh must be true to retain previously submitted form data.
0061 *
0062 * Note: The template class will not work properly until $user->setup() is
0063 * called, and it has not been called yet. Extensions requiring template
0064 * assignments should use an event that comes later in this file.
0065 *
0066 * @event core.modify_posting_parameters
0067 * @var int post_id ID of the post
0068 * @var int topic_id ID of the topic
0069 * @var int forum_id ID of the forum
0070 * @var int draft_id ID of the draft
0071 * @var int lastclick Timestamp of when the form was last loaded
0072 * @var bool submit Whether or not the form has been submitted
0073 * @var bool preview Whether or not the post is being previewed
0074 * @var bool save Whether or not a draft is being saved
0075 * @var bool load Whether or not a draft is being loaded
0076 * @var bool delete Whether or not the post is being deleted
0077 * @var bool cancel Whether or not to cancel the form (returns to
0078 * viewtopic or viewforum depending on if the user
0079 * is posting a new topic or editing a post)
0080 * @var bool refresh Whether or not to retain previously submitted data
0081 * @var string mode What action to take if the form has been submitted
0082 * post|reply|quote|edit|delete|bump|smilies|popup
0083 * @var array error Any error strings; a non-empty array aborts
0084 * form submission.
0085 * NOTE: Should be actual language strings, NOT
0086 * language keys.
0087 * @since 3.1.0-a1
0088 */
0089 $vars = array(
0090 'post_id',
0091 'topic_id',
0092 'forum_id',
0093 'draft_id',
0094 'lastclick',
0095 'submit',
0096 'preview',
0097 'save',
0098 'load',
0099 'delete',
0100 'cancel',
0101 'refresh',
0102 'mode',
0103 'error',
0104 );
0105 extract($phpbb_dispatcher->trigger_event('core.modify_posting_parameters', compact($vars)));
0106
0107 // Was cancel pressed? If so then redirect to the appropriate page
0108 if ($cancel || ($current_time - $lastclick < 2 && $submit))
0109 {
0110 $f = ($forum_id) ? 'f=' . $forum_id . '&' : '';
0111 $redirect = ($post_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 'p=' . $post_id) . '#p' . $post_id : (($topic_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $f . 't=' . $topic_id) : (($forum_id) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}index.$phpEx")));
0112 redirect($redirect);
0113 }
0114
0115 if (in_array($mode, array('post', 'reply', 'quote', 'edit', 'delete')) && !$forum_id)
0116 {
0117 trigger_error('NO_FORUM');
0118 }
0119
0120 $phpbb_content_visibility = $phpbb_container->get('content.visibility');
0121
0122 // We need to know some basic information in all cases before we do anything.
0123 switch ($mode)
0124 {
0125 case 'post':
0126 $sql = 'SELECT *
0127 FROM ' . FORUMS_TABLE . "
0128 WHERE forum_id = $forum_id";
0129 break;
0130
0131 case 'bump':
0132 case 'reply':
0133 if (!$topic_id)
0134 {
0135 trigger_error('NO_TOPIC');
0136 }
0137
0138 // Force forum id
0139 $sql = 'SELECT forum_id
0140 FROM ' . TOPICS_TABLE . '
0141 WHERE topic_id = ' . $topic_id;
0142 $result = $db->sql_query($sql);
0143 $f_id = (int) $db->sql_fetchfield('forum_id');
0144 $db->sql_freeresult($result);
0145
0146 $forum_id = (!$f_id) ? $forum_id : $f_id;
0147
0148 $sql = 'SELECT f.*, t.*
0149 FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
0150 WHERE t.topic_id = $topic_id
0151 AND f.forum_id = t.forum_id
0152 AND " . $phpbb_content_visibility->get_visibility_sql('topic', $forum_id, 't.');
0153 break;
0154
0155 case 'quote':
0156 case 'edit':
0157 case 'delete':
0158 case 'soft_delete':
0159 if (!$post_id)
0160 {
0161 $user->setup('posting');
0162 trigger_error('NO_POST');
0163 }
0164
0165 // Force forum id
0166 $sql = 'SELECT forum_id
0167 FROM ' . POSTS_TABLE . '
0168 WHERE post_id = ' . $post_id;
0169 $result = $db->sql_query($sql);
0170 $f_id = (int) $db->sql_fetchfield('forum_id');
0171 $db->sql_freeresult($result);
0172
0173 $forum_id = (!$f_id) ? $forum_id : $f_id;
0174
0175 $sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
0176 FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u
0177 WHERE p.post_id = $post_id
0178 AND t.topic_id = p.topic_id
0179 AND u.user_id = p.poster_id
0180 AND f.forum_id = t.forum_id
0181 AND " . $phpbb_content_visibility->get_visibility_sql('post', $forum_id, 'p.');
0182 break;
0183
0184 case 'smilies':
0185 $sql = '';
0186 generate_smilies('window', $forum_id);
0187 break;
0188
0189 case 'popup':
0190 if ($forum_id)
0191 {
0192 $sql = 'SELECT forum_style
0193 FROM ' . FORUMS_TABLE . '
0194 WHERE forum_id = ' . $forum_id;
0195 }
0196 else
0197 {
0198 phpbb_upload_popup();
0199 return;
0200 }
0201 break;
0202
0203 default:
0204 $sql = '';
0205 break;
0206 }
0207
0208 if (!$sql)
0209 {
0210 $user->setup('posting');
0211 trigger_error('NO_POST_MODE');
0212 }
0213
0214 $result = $db->sql_query($sql);
0215 $post_data = $db->sql_fetchrow($result);
0216 $db->sql_freeresult($result);
0217
0218 if (!$post_data)
0219 {
0220 if (!($mode == 'post' || $mode == 'bump' || $mode == 'reply'))
0221 {
0222 $user->setup('posting');
0223 }
0224 trigger_error(($mode == 'post' || $mode == 'bump' || $mode == 'reply') ? 'NO_TOPIC' : 'NO_POST');
0225 }
0226
0227 // Not able to reply to unapproved posts/topics
0228 // TODO: add more descriptive language key
0229 if ($auth->acl_get('m_approve', $forum_id) && ((($mode == 'reply' || $mode == 'bump') && $post_data['topic_visibility'] != ITEM_APPROVED) || ($mode == 'quote' && $post_data['post_visibility'] != ITEM_APPROVED)))
0230 {
0231 trigger_error(($mode == 'reply' || $mode == 'bump') ? 'TOPIC_UNAPPROVED' : 'POST_UNAPPROVED');
0232 }
0233
0234 if ($mode == 'popup')
0235 {
0236 phpbb_upload_popup($post_data['forum_style']);
0237 return;
0238 }
0239
0240 $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
0241
0242 if ($config['enable_post_confirm'] && !$user->data['is_registered'])
0243 {
0244 $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
0245 $captcha->init(CONFIRM_POST);
0246 }
0247
0248 // Use post_row values in favor of submitted ones...
0249 $forum_id = (!empty($post_data['forum_id'])) ? (int) $post_data['forum_id'] : (int) $forum_id;
0250 $topic_id = (!empty($post_data['topic_id'])) ? (int) $post_data['topic_id'] : (int) $topic_id;
0251 $post_id = (!empty($post_data['post_id'])) ? (int) $post_data['post_id'] : (int) $post_id;
0252
0253 // Need to login to passworded forum first?
0254 if ($post_data['forum_password'])
0255 {
0256 login_forum_box(array(
0257 'forum_id' => $forum_id,
0258 'forum_name' => $post_data['forum_name'],
0259 'forum_password' => $post_data['forum_password'])
0260 );
0261 }
0262
0263 // Check permissions
0264 if ($user->data['is_bot'])
0265 {
0266 redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
0267 }
0268
0269 // Is the user able to read within this forum?
0270 if (!$auth->acl_get('f_read', $forum_id))
0271 {
0272 if ($user->data['user_id'] != ANONYMOUS)
0273 {
0274 trigger_error('USER_CANNOT_READ');
0275 }
0276 $message = $user->lang['LOGIN_EXPLAIN_POST'];
0277
0278 if ($request->is_ajax())
0279 {
0280 $json = new phpbb\json_response();
0281 $json->send(array(
0282 'title' => $user->lang['INFORMATION'],
0283 'message' => $message,
0284 ));
0285 }
0286
0287 login_box('', $message);
0288 }
0289
0290 // Permission to do the action asked?
0291 $is_authed = false;
0292
0293 switch ($mode)
0294 {
0295 case 'post':
0296 if ($auth->acl_get('f_post', $forum_id))
0297 {
0298 $is_authed = true;
0299 }
0300 break;
0301
0302 case 'bump':
0303 if ($auth->acl_get('f_bump', $forum_id))
0304 {
0305 $is_authed = true;
0306 }
0307 break;
0308
0309 case 'quote':
0310
0311 $post_data['post_edit_locked'] = 0;
0312
0313 // no break;
0314
0315 case 'reply':
0316 if ($auth->acl_get('f_reply', $forum_id))
0317 {
0318 $is_authed = true;
0319 }
0320 break;
0321
0322 case 'edit':
0323 if ($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))
0324 {
0325 $is_authed = true;
0326 }
0327 break;
0328
0329 case 'delete':
0330 if ($user->data['is_registered'] && ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id))))
0331 {
0332 $is_authed = true;
0333 }
0334 break;
0335
0336 case 'soft_delete':
0337 if ($user->data['is_registered'] && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $post_data['post_edit_locked']))
0338 {
0339 $is_authed = true;
0340 }
0341 else
0342 {
0343 // Display the same error message for softdelete we use for delete
0344 $mode = 'delete';
0345 }
0346 break;
0347 }
0348
0349 if (!$is_authed)
0350 {
0351 $check_auth = ($mode == 'quote') ? 'reply' : $mode;
0352
0353 if ($user->data['is_registered'])
0354 {
0355 trigger_error('USER_CANNOT_' . strtoupper($check_auth));
0356 }
0357 $message = $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)];
0358
0359 if ($request->is_ajax())
0360 {
0361 $json = new phpbb\json_response();
0362 $json->send(array(
0363 'title' => $user->lang['INFORMATION'],
0364 'message' => $message,
0365 ));
0366 }
0367
0368 login_box('', $message);
0369 }
0370
0371 // Is the user able to post within this forum?
0372 if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply')))
0373 {
0374 trigger_error('USER_CANNOT_FORUM_POST');
0375 }
0376
0377 // Forum/Topic locked?
0378 if (($post_data['forum_status'] == ITEM_LOCKED || (isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED)) && !$auth->acl_get('m_edit', $forum_id))
0379 {
0380 trigger_error(($post_data['forum_status'] == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
0381 }
0382
0383 // Can we edit this post ... if we're a moderator with rights then always yes
0384 // else it depends on editing times, lock status and if we're the correct user
0385 if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id))
0386 {
0387 $force_edit_allowed = false;
0388
0389 $s_cannot_edit = $user->data['user_id'] != $post_data['poster_id'];
0390 $s_cannot_edit_time = $config['edit_time'] && $post_data['post_time'] <= time() - ($config['edit_time'] * 60);
0391 $s_cannot_edit_locked = $post_data['post_edit_locked'];
0392
0393 /**
0394 * This event allows you to modify the conditions for the "cannot edit post" checks
0395 *
0396 * @event core.posting_modify_cannot_edit_conditions
0397 * @var array post_data Array with post data
0398 * @var bool force_edit_allowed Allow the user to edit the post (all permissions and conditions are ignored)
0399 * @var bool s_cannot_edit User can not edit the post because it's not his
0400 * @var bool s_cannot_edit_locked User can not edit the post because it's locked
0401 * @var bool s_cannot_edit_time User can not edit the post because edit_time has passed
0402 * @since 3.1.0-b4
0403 */
0404 $vars = array(
0405 'post_data',
0406 'force_edit_allowed',
0407 's_cannot_edit',
0408 's_cannot_edit_locked',
0409 's_cannot_edit_time',
0410 );
0411 extract($phpbb_dispatcher->trigger_event('core.posting_modify_cannot_edit_conditions', compact($vars)));
0412
0413 if (!$force_edit_allowed)
0414 {
0415 if ($s_cannot_edit)
0416 {
0417 trigger_error('USER_CANNOT_EDIT');
0418 }
0419 else if ($s_cannot_edit_time)
0420 {
0421 trigger_error('CANNOT_EDIT_TIME');
0422 }
0423 else if ($s_cannot_edit_locked)
0424 {
0425 trigger_error('CANNOT_EDIT_POST_LOCKED');
0426 }
0427 }
0428 }
0429
0430 // Handle delete mode...
0431 if ($mode == 'delete' || $mode == 'soft_delete')
0432 {
0433 if ($mode == 'soft_delete' && $post_data['post_visibility'] == ITEM_DELETED)
0434 {
0435 $user->setup('posting');
0436 trigger_error('NO_POST');
0437 }
0438
0439 $delete_reason = $request->variable('delete_reason', '', true);
0440 phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, ($mode == 'soft_delete'), $delete_reason);
0441 return;
0442 }
0443
0444 // Handle bump mode...
0445 if ($mode == 'bump')
0446 {
0447 if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id'])
0448 && check_link_hash(request_var('hash', ''), "topic_{$post_data['topic_id']}"))
0449 {
0450 $meta_url = phpbb_bump_topic($forum_id, $topic_id, $post_data, $current_time);
0451 meta_refresh(3, $meta_url);
0452 $message = $user->lang['TOPIC_BUMPED'];
0453
0454 if (!$request->is_ajax())
0455 {
0456 $message .= '<br /><br />' . $user->lang('VIEW_MESSAGE', '<a href="' . $meta_url . '">', '</a>');
0457 $message .= '<br /><br />' . $user->lang('RETURN_FORUM', '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
0458 }
0459
0460 trigger_error($message);
0461 }
0462
0463 trigger_error('BUMP_ERROR');
0464 }
0465
0466 // Subject length limiting to 60 characters if first post...
0467 if ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_data['post_id']))
0468 {
0469 $template->assign_var('S_NEW_MESSAGE', true);
0470 }
0471
0472 // Determine some vars
0473 if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS)
0474 {
0475 $post_data['quote_username'] = (!empty($post_data['post_username'])) ? $post_data['post_username'] : $user->lang['GUEST'];
0476 }
0477 else
0478 {
0479 $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : '';
0480 }
0481
0482 $post_data['post_edit_locked'] = (isset($post_data['post_edit_locked'])) ? (int) $post_data['post_edit_locked'] : 0;
0483 $post_data['post_subject_md5'] = (isset($post_data['post_subject']) && $mode == 'edit') ? md5($post_data['post_subject']) : '';
0484 $post_data['post_subject'] = (in_array($mode, array('quote', 'edit'))) ? $post_data['post_subject'] : ((isset($post_data['topic_title'])) ? $post_data['topic_title'] : '');
0485 $post_data['topic_time_limit'] = (isset($post_data['topic_time_limit'])) ? (($post_data['topic_time_limit']) ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit']) : 0;
0486 $post_data['poll_length'] = (!empty($post_data['poll_length'])) ? (int) $post_data['poll_length'] / 86400 : 0;
0487 $post_data['poll_start'] = (!empty($post_data['poll_start'])) ? (int) $post_data['poll_start'] : 0;
0488 $post_data['icon_id'] = (!isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply'))) ? 0 : (int) $post_data['icon_id'];
0489 $post_data['poll_options'] = array();
0490
0491 // Get Poll Data
0492 if ($post_data['poll_start'])
0493 {
0494 $sql = 'SELECT poll_option_text
0495 FROM ' . POLL_OPTIONS_TABLE . "
0496 WHERE topic_id = $topic_id
0497 ORDER BY poll_option_id";
0498 $result = $db->sql_query($sql);
0499
0500 while ($row = $db->sql_fetchrow($result))
0501 {
0502 $post_data['poll_options'][] = trim($row['poll_option_text']);
0503 }
0504 $db->sql_freeresult($result);
0505 }
0506
0507 if ($mode == 'edit')
0508 {
0509 $original_poll_data = array(
0510 'poll_title' => $post_data['poll_title'],
0511 'poll_length' => $post_data['poll_length'],
0512 'poll_max_options' => $post_data['poll_max_options'],
0513 'poll_option_text' => implode("\n", $post_data['poll_options']),
0514 'poll_start' => $post_data['poll_start'],
0515 'poll_last_vote' => $post_data['poll_last_vote'],
0516 'poll_vote_change' => $post_data['poll_vote_change'],
0517 );
0518 }
0519
0520 $orig_poll_options_size = sizeof($post_data['poll_options']);
0521
0522 $message_parser = new parse_message();
0523 $plupload = $phpbb_container->get('plupload');
0524 $mimetype_guesser = $phpbb_container->get('mimetype.guesser');
0525 $message_parser->set_plupload($plupload);
0526 $message_parser->set_mimetype_guesser($mimetype_guesser);
0527
0528 if (isset($post_data['post_text']))
0529 {
0530 $message_parser->message = &$post_data['post_text'];
0531 unset($post_data['post_text']);
0532 }
0533
0534 // Set some default variables
0535 $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
0536
0537 foreach ($uninit as $var_name => $default_value)
0538 {
0539 if (!isset($post_data[$var_name]))
0540 {
0541 $post_data[$var_name] = $default_value;
0542 }
0543 }
0544 unset($uninit);
0545
0546 // Always check if the submitted attachment data is valid and belongs to the user.
0547 // Further down (especially in submit_post()) we do not check this again.
0548 $message_parser->get_submitted_attachment_data($post_data['poster_id']);
0549
0550 if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode == 'edit')
0551 {
0552 // Do not change to SELECT *
0553 $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename, filesize
0554 FROM ' . ATTACHMENTS_TABLE . "
0555 WHERE post_msg_id = $post_id
0556 AND in_message = 0
0557 AND is_orphan = 0
0558 ORDER BY filetime DESC";
0559 $result = $db->sql_query($sql);
0560 $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
0561 $db->sql_freeresult($result);
0562 }
0563
0564 if ($post_data['poster_id'] == ANONYMOUS)
0565 {
0566 $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['post_username']) : '';
0567 }
0568 else
0569 {
0570 $post_data['username'] = ($mode == 'quote' || $mode == 'edit') ? trim($post_data['username']) : '';
0571 }
0572
0573 $post_data['enable_urls'] = $post_data['enable_magic_url'];
0574
0575 if ($mode != 'edit')
0576 {
0577 $post_data['enable_sig'] = ($config['allow_sig'] && $user->optionget('attachsig')) ? true: false;
0578 $post_data['enable_smilies'] = ($config['allow_smilies'] && $user->optionget('smilies')) ? true : false;
0579 $post_data['enable_bbcode'] = ($config['allow_bbcode'] && $user->optionget('bbcode')) ? true : false;
0580 $post_data['enable_urls'] = true;
0581 }
0582
0583 $post_data['enable_magic_url'] = $post_data['drafts'] = false;
0584
0585 // User own some drafts?
0586 if ($user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
0587 {
0588 $sql = 'SELECT draft_id
0589 FROM ' . DRAFTS_TABLE . '
0590 WHERE user_id = ' . $user->data['user_id'] .
0591 (($forum_id) ? ' AND forum_id = ' . (int) $forum_id : '') .
0592 (($topic_id) ? ' AND topic_id = ' . (int) $topic_id : '') .
0593 (($draft_id) ? " AND draft_id <> $draft_id" : '');
0594 $result = $db->sql_query_limit($sql, 1);
0595
0596 if ($db->sql_fetchrow($result))
0597 {
0598 $post_data['drafts'] = true;
0599 }
0600 $db->sql_freeresult($result);
0601 }
0602
0603 $check_value = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
0604
0605 // Check if user is watching this topic
0606 if ($mode != 'post' && $config['allow_topic_notify'] && $user->data['is_registered'])
0607 {
0608 $sql = 'SELECT topic_id
0609 FROM ' . TOPICS_WATCH_TABLE . '
0610 WHERE topic_id = ' . $topic_id . '
0611 AND user_id = ' . $user->data['user_id'];
0612 $result = $db->sql_query($sql);
0613 $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id');
0614 $db->sql_freeresult($result);
0615 }
0616
0617 // Do we want to edit our post ?
0618 if ($mode == 'edit' && $post_data['bbcode_uid'])
0619 {
0620 $message_parser->bbcode_uid = $post_data['bbcode_uid'];
0621 }
0622
0623 // HTML, BBCode, Smilies, Images and Flash status
0624 $bbcode_status = ($config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id)) ? true : false;
0625 $smilies_status = ($config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id)) ? true : false;
0626 $img_status = ($bbcode_status && $auth->acl_get('f_img', $forum_id)) ? true : false;
0627 $url_status = ($config['allow_post_links']) ? true : false;
0628 $flash_status = ($bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash']) ? true : false;
0629 $quote_status = true;
0630
0631 // Save Draft
0632 if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
0633 {
0634 $subject = utf8_normalize_nfc(request_var('subject', '', true));
0635 $subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject;
0636 $message = utf8_normalize_nfc(request_var('message', '', true));
0637
0638 if ($subject && $message)
0639 {
0640 if (confirm_box(true))
0641 {
0642 $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
0643 'user_id' => (int) $user->data['user_id'],
0644 'topic_id' => (int) $topic_id,
0645 'forum_id' => (int) $forum_id,
0646 'save_time' => (int) $current_time,
0647 'draft_subject' => (string) $subject,
0648 'draft_message' => (string) $message)
0649 );
0650 $db->sql_query($sql);
0651
0652 $meta_info = ($mode == 'post') ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id");
0653
0654 meta_refresh(3, $meta_info);
0655
0656 $message = $user->lang['DRAFT_SAVED'] . '<br /><br />';
0657 $message .= ($mode != 'post') ? sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $meta_info . '">', '</a>') . '<br /><br />' : '';
0658 $message .= sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>');
0659
0660 trigger_error($message);
0661 }
0662 else
0663 {
0664 $s_hidden_fields = build_hidden_fields(array(
0665 'mode' => $mode,
0666 'save' => true,
0667 'f' => $forum_id,
0668 't' => $topic_id,
0669 'subject' => $subject,
0670 'message' => $message,
0671 'attachment_data' => $message_parser->attachment_data,
0672 )
0673 );
0674
0675 $hidden_fields = array(
0676 'icon_id' => 0,
0677
0678 'disable_bbcode' => false,
0679 'disable_smilies' => false,
0680 'disable_magic_url' => false,
0681 'attach_sig' => true,
0682 'lock_topic' => false,
0683
0684 'topic_type' => POST_NORMAL,
0685 'topic_time_limit' => 0,
0686
0687 'poll_title' => '',
0688 'poll_option_text' => '',
0689 'poll_max_options' => 1,
0690 'poll_length' => 0,
0691 'poll_vote_change' => false,
0692 );
0693
0694 foreach ($hidden_fields as $name => $default)
0695 {
0696 if (!isset($_POST[$name]))
0697 {
0698 // Don't include it, if its not available
0699 unset($hidden_fields[$name]);
0700 continue;
0701 }
0702
0703 if (is_bool($default))
0704 {
0705 // Use the string representation
0706 $hidden_fields[$name] = request_var($name, '');
0707 }
0708 else
0709 {
0710 $hidden_fields[$name] = request_var($name, $default);
0711 }
0712 }
0713
0714 $s_hidden_fields .= build_hidden_fields($hidden_fields);
0715
0716 confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
0717 }
0718 }
0719 else
0720 {
0721 if (utf8_clean_string($subject) === '')
0722 {
0723 $error[] = $user->lang['EMPTY_SUBJECT'];
0724 }
0725
0726 if (utf8_clean_string($message) === '')
0727 {
0728 $error[] = $user->lang['TOO_FEW_CHARS'];
0729 }
0730 }
0731 unset($subject, $message);
0732 }
0733
0734 // Load requested Draft
0735 if ($draft_id && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $user->data['is_registered'] && $auth->acl_get('u_savedrafts'))
0736 {
0737 $sql = 'SELECT draft_subject, draft_message
0738 FROM ' . DRAFTS_TABLE . "
0739 WHERE draft_id = $draft_id
0740 AND user_id = " . $user->data['user_id'];
0741 $result = $db->sql_query_limit($sql, 1);
0742 $row = $db->sql_fetchrow($result);
0743 $db->sql_freeresult($result);
0744
0745 if ($row)
0746 {
0747 $post_data['post_subject'] = $row['draft_subject'];
0748 $message_parser->message = $row['draft_message'];
0749
0750 $template->assign_var('S_DRAFT_LOADED', true);
0751 }
0752 else
0753 {
0754 $draft_id = 0;
0755 }
0756 }
0757
0758 // Load draft overview
0759 if ($load && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_data['drafts'])
0760 {
0761 load_drafts($topic_id, $forum_id);
0762 }
0763
0764
0765 if ($submit || $preview || $refresh)
0766 {
0767 $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0);
0768 $post_data['post_subject'] = utf8_normalize_nfc(request_var('subject', '', true));
0769 $message_parser->message = utf8_normalize_nfc(request_var('message', '', true));
0770
0771 $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true));
0772 $post_data['post_edit_reason'] = ($request->variable('edit_reason', false, false, \phpbb\request\request_interface::POST) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? utf8_normalize_nfc(request_var('edit_reason', '', true)) : '';
0773
0774 $post_data['orig_topic_type'] = $post_data['topic_type'];
0775 $post_data['topic_type'] = request_var('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL));
0776 $post_data['topic_time_limit'] = request_var('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0));
0777
0778 if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
0779 {
0780 $post_data['icon_id'] = request_var('icon', (int) $post_data['icon_id']);
0781 }
0782
0783 $post_data['enable_bbcode'] = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true;
0784 $post_data['enable_smilies'] = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true;
0785 $post_data['enable_urls'] = (isset($_POST['disable_magic_url'])) ? 0 : 1;
0786 $post_data['enable_sig'] = (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false);
0787
0788 if ($config['allow_topic_notify'] && $user->data['is_registered'])
0789 {
0790 $notify = (isset($_POST['notify'])) ? true : false;
0791 }
0792 else
0793 {
0794 $notify = false;
0795 }
0796
0797 $topic_lock = (isset($_POST['lock_topic'])) ? true : false;
0798 $post_lock = (isset($_POST['lock_post'])) ? true : false;
0799 $poll_delete = (isset($_POST['poll_delete'])) ? true : false;
0800
0801 if ($submit)
0802 {
0803 $status_switch = (($post_data['enable_bbcode']+1) << 8) + (($post_data['enable_smilies']+1) << 4) + (($post_data['enable_urls']+1) << 2) + (($post_data['enable_sig']+1) << 1);
0804 $status_switch = ($status_switch != $check_value);
0805 }
0806 else
0807 {
0808 $status_switch = 1;
0809 }
0810
0811 // Delete Poll
0812 if ($poll_delete && $mode == 'edit' && sizeof($post_data['poll_options']) &&
0813 ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id)))
0814 {
0815 if ($submit && check_form_key('posting'))
0816 {
0817 $sql = 'DELETE FROM ' . POLL_OPTIONS_TABLE . "
0818 WHERE topic_id = $topic_id";
0819 $db->sql_query($sql);
0820
0821 $sql = 'DELETE FROM ' . POLL_VOTES_TABLE . "
0822 WHERE topic_id = $topic_id";
0823 $db->sql_query($sql);
0824
0825 $topic_sql = array(
0826 'poll_title' => '',
0827 'poll_start' => 0,
0828 'poll_length' => 0,
0829 'poll_last_vote' => 0,
0830 'poll_max_options' => 0,
0831 'poll_vote_change' => 0
0832 );
0833
0834 $sql = 'UPDATE ' . TOPICS_TABLE . '
0835 SET ' . $db->sql_build_array('UPDATE', $topic_sql) . "
0836 WHERE topic_id = $topic_id";
0837 $db->sql_query($sql);
0838 }
0839
0840 $post_data['poll_title'] = $post_data['poll_option_text'] = '';
0841 $post_data['poll_vote_change'] = $post_data['poll_max_options'] = $post_data['poll_length'] = 0;
0842 }
0843 else
0844 {
0845 $post_data['poll_title'] = utf8_normalize_nfc(request_var('poll_title', '', true));
0846 $post_data['poll_length'] = request_var('poll_length', 0);
0847 $post_data['poll_option_text'] = utf8_normalize_nfc(request_var('poll_option_text', '', true));
0848 $post_data['poll_max_options'] = request_var('poll_max_options', 1);
0849 $post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0;
0850 }
0851
0852 // If replying/quoting and last post id has changed
0853 // give user option to continue submit or return to post
0854 // notify and show user the post made between his request and the final submit
0855 if (($mode == 'reply' || $mode == 'quote') && $post_data['topic_cur_post_id'] && $post_data['topic_cur_post_id'] != $post_data['topic_last_post_id'])
0856 {
0857 // Only do so if it is allowed forum-wide
0858 if ($post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
0859 {
0860 if (topic_review($topic_id, $forum_id, 'post_review', $post_data['topic_cur_post_id']))
0861 {
0862 $template->assign_var('S_POST_REVIEW', true);
0863 }
0864
0865 $submit = false;
0866 $refresh = true;
0867 }
0868 }
0869
0870 // Parse Attachments - before checksum is calculated
0871 $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
0872
0873 // Grab md5 'checksum' of new message
0874 $message_md5 = md5($message_parser->message);
0875
0876 // If editing and checksum has changed we know the post was edited while we're editing
0877 // Notify and show user the changed post
0878 if ($mode == 'edit' && $post_data['forum_flags'] & FORUM_FLAG_POST_REVIEW)
0879 {
0880 $edit_post_message_checksum = request_var('edit_post_message_checksum', '');
0881 $edit_post_subject_checksum = request_var('edit_post_subject_checksum', '');
0882
0883 // $post_data['post_checksum'] is the checksum of the post submitted in the meantime
0884 // $message_md5 is the checksum of the post we're about to submit
0885 // $edit_post_message_checksum is the checksum of the post we're editing
0886 // ...
0887
0888 // We make sure nobody else made exactly the same change
0889 // we're about to submit by also checking $message_md5 != $post_data['post_checksum']
0890 if ($edit_post_message_checksum !== '' &&
0891 $edit_post_message_checksum != $post_data['post_checksum'] &&
0892 $message_md5 != $post_data['post_checksum']
0893 ||
0894 $edit_post_subject_checksum !== '' &&
0895 $edit_post_subject_checksum != $post_data['post_subject_md5'] &&
0896 md5($post_data['post_subject']) != $post_data['post_subject_md5'])
0897 {
0898 if (topic_review($topic_id, $forum_id, 'post_review_edit', $post_id))
0899 {
0900 $template->assign_vars(array(
0901 'S_POST_REVIEW' => true,
0902
0903 'L_POST_REVIEW' => $user->lang['POST_REVIEW_EDIT'],
0904 'L_POST_REVIEW_EXPLAIN' => $user->lang['POST_REVIEW_EDIT_EXPLAIN'],
0905 ));
0906 }
0907
0908 $submit = false;
0909 $refresh = true;
0910 }
0911 }
0912
0913 // Check checksum ... don't re-parse message if the same
0914 $update_message = ($mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN) ? true : false;
0915
0916 // Also check if subject got updated...
0917 $update_subject = $mode != 'edit' || ($post_data['post_subject_md5'] && $post_data['post_subject_md5'] != md5($post_data['post_subject']));
0918
0919 // Parse message
0920 if ($update_message)
0921 {
0922 if (sizeof($message_parser->warn_msg))
0923 {
0924 $error[] = implode('<br />', $message_parser->warn_msg);
0925 $message_parser->warn_msg = array();
0926 }
0927
0928 if (!$preview || !empty($message_parser->message))
0929 {
0930 $message_parser->parse($post_data['enable_bbcode'], ($config['allow_post_links']) ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
0931 }
0932
0933 // On a refresh we do not care about message parsing errors
0934 if (sizeof($message_parser->warn_msg) && $refresh && !$preview)
0935 {
0936 $message_parser->warn_msg = array();
0937 }
0938 }
0939 else
0940 {
0941 $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield'];
0942 }
0943
0944 if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('f_ignoreflood', $forum_id))
0945 {
0946 // Flood check
0947 $last_post_time = 0;
0948
0949 if ($user->data['is_registered'])
0950 {
0951 $last_post_time = $user->data['user_lastpost_time'];
0952 }
0953 else
0954 {
0955 $sql = 'SELECT post_time AS last_post_time
0956 FROM ' . POSTS_TABLE . "
0957 WHERE poster_ip = '" . $user->ip . "'
0958 AND post_time > " . ($current_time - $config['flood_interval']);
0959 $result = $db->sql_query_limit($sql, 1);
0960 if ($row = $db->sql_fetchrow($result))
0961 {
0962 $last_post_time = $row['last_post_time'];
0963 }
0964 $db->sql_freeresult($result);
0965 }
0966
0967 if ($last_post_time && ($current_time - $last_post_time) < intval($config['flood_interval']))
0968 {
0969 $error[] = $user->lang['FLOOD_ERROR'];
0970 }
0971 }
0972
0973 // Validate username
0974 if (($post_data['username'] && !$user->data['is_registered']) || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']))
0975 {
0976 include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
0977
0978 $user->add_lang('ucp');
0979
0980 if (($result = validate_username($post_data['username'], (!empty($post_data['post_username'])) ? $post_data['post_username'] : '')) !== false)
0981 {
0982 $error[] = $user->lang[$result . '_USERNAME'];
0983 }
0984
0985 if (($result = validate_string($post_data['username'], false, $config['min_name_chars'], $config['max_name_chars'])) !== false)
0986 {
0987 $min_max_amount = ($result == 'TOO_SHORT') ? $config['min_name_chars'] : $config['max_name_chars'];
0988 $error[] = $user->lang('FIELD_' . $result, $min_max_amount, $user->lang['USERNAME']);
0989 }
0990 }
0991
0992 if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply')))
0993 {
0994 $captcha_data = array(
0995 'message' => utf8_normalize_nfc(request_var('message', '', true)),
0996 'subject' => utf8_normalize_nfc(request_var('subject', '', true)),
0997 'username' => utf8_normalize_nfc(request_var('username', '', true)),
0998 );
0999 $vc_response = $captcha->validate($captcha_data);
1000 if ($vc_response)
1001 {
1002 $error[] = $vc_response;
1003 }
1004 }
1005
1006 // check form
1007 if (($submit || $preview) && !check_form_key('posting'))
1008 {
1009 $error[] = $user->lang['FORM_INVALID'];
1010 }
1011
1012 if ($submit && $mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED && !isset($_POST['soft_delete']) && $auth->acl_get('m_approve', $forum_id))
1013 {
1014 $is_first_post = ($post_id == $post_data['topic_first_post_id'] || !$post_data['topic_posts_approved']);
1015 $is_last_post = ($post_id == $post_data['topic_last_post_id'] || !$post_data['topic_posts_approved']);
1016 $updated_post_data = $phpbb_content_visibility->set_post_visibility(ITEM_APPROVED, $post_id, $post_data['topic_id'], $post_data['forum_id'], $user->data['user_id'], time(), '', $is_first_post, $is_last_post);
1017
1018 if (!empty($updated_post_data))
1019 {
1020 // Update the post_data, so we don't need to refetch it.
1021 $post_data = array_merge($post_data, $updated_post_data);
1022 }
1023 }
1024
1025 // Parse subject
1026 if (!$preview && !$refresh && utf8_clean_string($post_data['post_subject']) === '' && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
1027 {
1028 $error[] = $user->lang['EMPTY_SUBJECT'];
1029 }
1030
1031 // Check for out-of-bounds characters that are currently
1032 // not supported by utf8_bin in MySQL
1033 if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches))
1034 {
1035 $character_list = implode('<br />', $matches[0]);
1036 $error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list);
1037 }
1038
1039 $post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0;
1040
1041 if ($post_data['poll_option_text'] &&
1042 ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1043 && $auth->acl_get('f_poll', $forum_id))
1044 {
1045 $poll = array(
1046 'poll_title' => $post_data['poll_title'],
1047 'poll_length' => $post_data['poll_length'],
1048 'poll_max_options' => $post_data['poll_max_options'],
1049 'poll_option_text' => $post_data['poll_option_text'],
1050 'poll_start' => $post_data['poll_start'],
1051 'poll_last_vote' => $post_data['poll_last_vote'],
1052 'poll_vote_change' => $post_data['poll_vote_change'],
1053 'enable_bbcode' => $post_data['enable_bbcode'],
1054 'enable_urls' => $post_data['enable_urls'],
1055 'enable_smilies' => $post_data['enable_smilies'],
1056 'img_status' => $img_status
1057 );
1058
1059 $message_parser->parse_poll($poll);
1060
1061 $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
1062 $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
1063
1064 /* We reset votes, therefore also allow removing options
1065 if ($post_data['poll_last_vote'] && ($poll['poll_options_size'] < $orig_poll_options_size))
1066 {
1067 $message_parser->warn_msg[] = $user->lang['NO_DELETE_POLL_OPTIONS'];
1068 }*/
1069 }
1070 else if ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && $auth->acl_get('f_poll', $forum_id))
1071 {
1072 // The user removed all poll options, this is equal to deleting the poll.
1073 $poll = array(
1074 'poll_title' => '',
1075 'poll_length' => 0,
1076 'poll_max_options' => 0,
1077 'poll_option_text' => '',
1078 'poll_start' => 0,
1079 'poll_last_vote' => 0,
1080 'poll_vote_change' => 0,
1081 'poll_options' => array(),
1082 );
1083
1084 $post_data['poll_options'] = array();
1085 $post_data['poll_title'] = '';
1086 $post_data['poll_start'] = $post_data['poll_length'] = $post_data['poll_max_options'] = $post_data['poll_last_vote'] = $post_data['poll_vote_change'] = 0;
1087 }
1088 else if (!$auth->acl_get('f_poll', $forum_id) && ($mode == 'edit') && ($post_id == $post_data['topic_first_post_id']) && ($original_poll_data['poll_title'] != ''))
1089 {
1090 // We have a poll but the editing user is not permitted to create/edit it.
1091 // So we just keep the original poll-data.
1092 $poll = array_merge($original_poll_data, array(
1093 'enable_bbcode' => $post_data['enable_bbcode'],
1094 'enable_urls' => $post_data['enable_urls'],
1095 'enable_smilies' => $post_data['enable_smilies'],
1096 'img_status' => $img_status,
1097 ));
1098
1099 $message_parser->parse_poll($poll);
1100
1101 $post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : array();
1102 $post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
1103 }
1104 else
1105 {
1106 $poll = array();
1107 }
1108
1109 // Check topic type
1110 if ($post_data['topic_type'] != POST_NORMAL && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
1111 {
1112 switch ($post_data['topic_type'])
1113 {
1114 case POST_GLOBAL:
1115 case POST_ANNOUNCE:
1116 $auth_option = 'f_announce';
1117 break;
1118
1119 case POST_STICKY:
1120 $auth_option = 'f_sticky';
1121 break;
1122
1123 default:
1124 $auth_option = '';
1125 break;
1126 }
1127
1128 if (!$auth->acl_get($auth_option, $forum_id))
1129 {
1130 // There is a special case where a user edits his post whereby the topic type got changed by an admin/mod.
1131 // Another case would be a mod not having sticky permissions for example but edit permissions.
1132 if ($mode == 'edit')
1133 {
1134 // To prevent non-authed users messing around with the topic type we reset it to the original one.
1135 $post_data['topic_type'] = $post_data['orig_topic_type'];
1136 }
1137 else
1138 {
1139 $error[] = $user->lang['CANNOT_POST_' . str_replace('F_', '', strtoupper($auth_option))];
1140 }
1141 }
1142 }
1143
1144 if (sizeof($message_parser->warn_msg))
1145 {
1146 $error[] = implode('<br />', $message_parser->warn_msg);
1147 }
1148
1149 // DNSBL check
1150 if ($config['check_dnsbl'] && !$refresh)
1151 {
1152 if (($dnsbl = $user->check_dnsbl('post')) !== false)
1153 {
1154 $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
1155 }
1156 }
1157
1158 /**
1159 * This event allows you to define errors before the post action is performed
1160 *
1161 * @event core.posting_modify_submission_errors
1162 * @var array post_data Array with post data
1163 * @var string mode What action to take if the form is submitted
1164 * post|reply|quote|edit|delete|bump|smilies|popup
1165 * @var string page_title Title of the mode page
1166 * @var int post_id ID of the post
1167 * @var int topic_id ID of the topic
1168 * @var int forum_id ID of the forum
1169 * @var bool submit Whether or not the form has been submitted
1170 * @var array error Any error strings; a non-empty array aborts form submission.
1171 * NOTE: Should be actual language strings, NOT language keys.
1172 * @since 3.1.0-RC5
1173 */
1174 $vars = array(
1175 'post_data',
1176 'mode',
1177 'page_title',
1178 'post_id',
1179 'topic_id',
1180 'forum_id',
1181 'submit',
1182 'error',
1183 );
1184 extract($phpbb_dispatcher->trigger_event('core.posting_modify_submission_errors', compact($vars)));
1185
1186 // Store message, sync counters
1187 if (!sizeof($error) && $submit)
1188 {
1189 if ($submit)
1190 {
1191 // Lock/Unlock Topic
1192 $change_topic_status = $post_data['topic_status'];
1193 $perm_lock_unlock = ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED)) ? true : false;
1194
1195 if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock)
1196 {
1197 $change_topic_status = ITEM_UNLOCKED;
1198 }
1199 else if ($post_data['topic_status'] == ITEM_UNLOCKED && $topic_lock && $perm_lock_unlock)
1200 {
1201 $change_topic_status = ITEM_LOCKED;
1202 }
1203
1204 if ($change_topic_status != $post_data['topic_status'])
1205 {
1206 $sql = 'UPDATE ' . TOPICS_TABLE . "
1207 SET topic_status = $change_topic_status
1208 WHERE topic_id = $topic_id
1209 AND topic_moved_id = 0";
1210 $db->sql_query($sql);
1211
1212 $user_lock = ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $post_data['topic_poster']) ? 'USER_' : '';
1213
1214 add_log('mod', $forum_id, $topic_id, 'LOG_' . $user_lock . (($change_topic_status == ITEM_LOCKED) ? 'LOCK' : 'UNLOCK'), $post_data['topic_title']);
1215 }
1216
1217 // Lock/Unlock Post Edit
1218 if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_LOCKED && !$post_lock && $auth->acl_get('m_edit', $forum_id))
1219 {
1220 $post_data['post_edit_locked'] = ITEM_UNLOCKED;
1221 }
1222 else if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_UNLOCKED && $post_lock && $auth->acl_get('m_edit', $forum_id))
1223 {
1224 $post_data['post_edit_locked'] = ITEM_LOCKED;
1225 }
1226
1227 $data = array(
1228 'topic_title' => (empty($post_data['topic_title'])) ? $post_data['post_subject'] : $post_data['topic_title'],
1229 'topic_first_post_id' => (isset($post_data['topic_first_post_id'])) ? (int) $post_data['topic_first_post_id'] : 0,
1230 'topic_last_post_id' => (isset($post_data['topic_last_post_id'])) ? (int) $post_data['topic_last_post_id'] : 0,
1231 'topic_time_limit' => (int) $post_data['topic_time_limit'],
1232 'topic_attachment' => (isset($post_data['topic_attachment'])) ? (int) $post_data['topic_attachment'] : 0,
1233 'post_id' => (int) $post_id,
1234 'topic_id' => (int) $topic_id,
1235 'forum_id' => (int) $forum_id,
1236 'icon_id' => (int) $post_data['icon_id'],
1237 'poster_id' => (int) $post_data['poster_id'],
1238 'enable_sig' => (bool) $post_data['enable_sig'],
1239 'enable_bbcode' => (bool) $post_data['enable_bbcode'],
1240 'enable_smilies' => (bool) $post_data['enable_smilies'],
1241 'enable_urls' => (bool) $post_data['enable_urls'],
1242 'enable_indexing' => (bool) $post_data['enable_indexing'],
1243 'message_md5' => (string) $message_md5,
1244 'post_time' => (isset($post_data['post_time'])) ? (int) $post_data['post_time'] : $current_time,
1245 'post_checksum' => (isset($post_data['post_checksum'])) ? (string) $post_data['post_checksum'] : '',
1246 'post_edit_reason' => $post_data['post_edit_reason'],
1247 'post_edit_user' => ($mode == 'edit') ? $user->data['user_id'] : ((isset($post_data['post_edit_user'])) ? (int) $post_data['post_edit_user'] : 0),
1248 'forum_parents' => $post_data['forum_parents'],
1249 'forum_name' => $post_data['forum_name'],
1250 'notify' => $notify,
1251 'notify_set' => $post_data['notify_set'],
1252 'poster_ip' => (isset($post_data['poster_ip'])) ? $post_data['poster_ip'] : $user->ip,
1253 'post_edit_locked' => (int) $post_data['post_edit_locked'],
1254 'bbcode_bitfield' => $message_parser->bbcode_bitfield,
1255 'bbcode_uid' => $message_parser->bbcode_uid,
1256 'message' => $message_parser->message,
1257 'attachment_data' => $message_parser->attachment_data,
1258 'filename_data' => $message_parser->filename_data,
1259
1260 'topic_visibility' => (isset($post_data['topic_visibility'])) ? $post_data['topic_visibility'] : false,
1261 'post_visibility' => (isset($post_data['post_visibility'])) ? $post_data['post_visibility'] : false,
1262 );
1263
1264 if ($mode == 'edit')
1265 {
1266 $data['topic_posts_approved'] = $post_data['topic_posts_approved'];
1267 $data['topic_posts_unapproved'] = $post_data['topic_posts_unapproved'];
1268 $data['topic_posts_softdeleted'] = $post_data['topic_posts_softdeleted'];
1269 }
1270
1271 // Only return the username when it is either a guest posting or we are editing a post and
1272 // the username was supplied; otherwise post_data might hold the data of the post that is
1273 // being quoted (which could result in the username being returned being that of the quoted
1274 // post's poster, not the poster of the current post). See: PHPBB3-11769 for more information.
1275 $post_author_name = ((!$user->data['is_registered'] || $mode == 'edit') && $post_data['username'] !== '') ? $post_data['username'] : '';
1276
1277 /**
1278 * This event allows you to define errors before the post action is performed
1279 *
1280 * @event core.posting_modify_submit_post_before
1281 * @var array post_data Array with post data
1282 * @var array poll Array with poll data
1283 * @var array data Array with post data going to be stored in the database
1284 * @var string mode What action to take if the form is submitted
1285 * post|reply|quote|edit|delete
1286 * @var string page_title Title of the mode page
1287 * @var int post_id ID of the post
1288 * @var int topic_id ID of the topic
1289 * @var int forum_id ID of the forum
1290 * @var string post_author_name Author name for guest posts
1291 * @var bool update_message Boolean if the post message was changed
1292 * @var bool update_subject Boolean if the post subject was changed
1293 * @var bool submit Whether or not the form has been submitted
1294 * @var array error Any error strings; a non-empty array aborts form submission.
1295 * NOTE: Should be actual language strings, NOT language keys.
1296 * @since 3.1.0-RC5
1297 */
1298 $vars = array(
1299 'post_data',
1300 'poll',
1301 'data',
1302 'mode',
1303 'page_title',
1304 'post_id',
1305 'topic_id',
1306 'forum_id',
1307 'post_author_name',
1308 'update_message',
1309 'update_subject',
1310 'submit',
1311 'error',
1312 );
1313 extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_before', compact($vars)));
1314
1315 // The last parameter tells submit_post if search indexer has to be run
1316 $redirect_url = submit_post($mode, $post_data['post_subject'], $post_author_name, $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false);
1317
1318 /**
1319 * This event allows you to define errors after the post action is performed
1320 *
1321 * @event core.posting_modify_submit_post_after
1322 * @var array post_data Array with post data
1323 * @var array poll Array with poll data
1324 * @var array data Array with post data going to be stored in the database
1325 * @var string mode What action to take if the form is submitted
1326 * post|reply|quote|edit|delete
1327 * @var string page_title Title of the mode page
1328 * @var int post_id ID of the post
1329 * @var int topic_id ID of the topic
1330 * @var int forum_id ID of the forum
1331 * @var string post_author_name Author name for guest posts
1332 * @var bool update_message Boolean if the post message was changed
1333 * @var bool update_subject Boolean if the post subject was changed
1334 * @var string redirect_url URL the user is going to be redirected to
1335 * @var bool submit Whether or not the form has been submitted
1336 * @var array error Any error strings; a non-empty array aborts form submission.
1337 * NOTE: Should be actual language strings, NOT language keys.
1338 * @since 3.1.0-RC5
1339 */
1340 $vars = array(
1341 'post_data',
1342 'poll',
1343 'data',
1344 'mode',
1345 'page_title',
1346 'post_id',
1347 'topic_id',
1348 'forum_id',
1349 'post_author_name',
1350 'update_message',
1351 'update_subject',
1352 'redirect_url',
1353 'submit',
1354 'error',
1355 );
1356 extract($phpbb_dispatcher->trigger_event('core.posting_modify_submit_post_after', compact($vars)));
1357
1358 if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
1359 {
1360 $captcha->reset();
1361 }
1362
1363 // Handle delete mode...
1364 if ($request->is_set_post('delete') || $request->is_set_post('delete_permanent'))
1365 {
1366 $delete_reason = $request->variable('delete_reason', '', true);
1367 phpbb_handle_post_delete($forum_id, $topic_id, $post_id, $post_data, !$request->is_set_post('delete_permanent'), $delete_reason);
1368 return;
1369 }
1370
1371 // Check the permissions for post approval.
1372 // Moderators must go through post approval like ordinary users.
1373 if ((!$auth->acl_get('f_noapprove', $data['forum_id']) && empty($data['force_approved_state'])) || (isset($data['force_approved_state']) && !$data['force_approved_state']))
1374 {
1375 meta_refresh(10, $redirect_url);
1376 $message = ($mode == 'edit') ? $user->lang['POST_EDITED_MOD'] : $user->lang['POST_STORED_MOD'];
1377 $message .= (($user->data['user_id'] == ANONYMOUS) ? '' : ' '. $user->lang['POST_APPROVAL_NOTIFY']);
1378 $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $data['forum_id']) . '">', '</a>');
1379 trigger_error($message);
1380 }
1381
1382 redirect($redirect_url);
1383 }
1384 }
1385 }
1386
1387 // Preview
1388 if (!sizeof($error) && $preview)
1389 {
1390 $post_data['post_time'] = ($mode == 'edit') ? $post_data['post_time'] : $current_time;
1391
1392 $preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false);
1393
1394 $preview_signature = ($mode == 'edit') ? $post_data['user_sig'] : $user->data['user_sig'];
1395 $preview_signature_uid = ($mode == 'edit') ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid'];
1396 $preview_signature_bitfield = ($mode == 'edit') ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield'];
1397
1398 // Signature
1399 if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('f_sigs', $forum_id))
1400 {
1401 $parse_sig = new parse_message($preview_signature);
1402 $parse_sig->bbcode_uid = $preview_signature_uid;
1403 $parse_sig->bbcode_bitfield = $preview_signature_bitfield;
1404
1405 // Not sure about parameters for bbcode/smilies/urls... in signatures
1406 $parse_sig->format_display($config['allow_sig_bbcode'], $config['allow_sig_links'], $config['allow_sig_smilies']);
1407 $preview_signature = $parse_sig->message;
1408 unset($parse_sig);
1409 }
1410 else
1411 {
1412 $preview_signature = '';
1413 }
1414
1415 $preview_subject = censor_text($post_data['post_subject']);
1416
1417 // Poll Preview
1418 if (!$poll_delete && ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1419 && $auth->acl_get('f_poll', $forum_id))
1420 {
1421 $parse_poll = new parse_message($post_data['poll_title']);
1422 $parse_poll->bbcode_uid = $message_parser->bbcode_uid;
1423 $parse_poll->bbcode_bitfield = $message_parser->bbcode_bitfield;
1424
1425 $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1426
1427 if ($post_data['poll_length'])
1428 {
1429 $poll_end = ($post_data['poll_length'] * 86400) + (($post_data['poll_start']) ? $post_data['poll_start'] : time());
1430 }
1431
1432 $template->assign_vars(array(
1433 'S_HAS_POLL_OPTIONS' => (sizeof($post_data['poll_options'])),
1434 'S_IS_MULTI_CHOICE' => ($post_data['poll_max_options'] > 1) ? true : false,
1435
1436 'POLL_QUESTION' => $parse_poll->message,
1437
1438 'L_POLL_LENGTH' => ($post_data['poll_length']) ? sprintf($user->lang['POLL_RUN_TILL'], $user->format_date($poll_end)) : '',
1439 'L_MAX_VOTES' => $user->lang('MAX_OPTIONS_SELECT', (int) $post_data['poll_max_options']),
1440 ));
1441
1442 $parse_poll->message = implode("\n", $post_data['poll_options']);
1443 $parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
1444 $preview_poll_options = explode('<br />', $parse_poll->message);
1445 unset($parse_poll);
1446
1447 foreach ($preview_poll_options as $key => $option)
1448 {
1449 $template->assign_block_vars('poll_option', array(
1450 'POLL_OPTION_CAPTION' => $option,
1451 'POLL_OPTION_ID' => $key + 1)
1452 );
1453 }
1454 unset($preview_poll_options);
1455 }
1456
1457 // Attachment Preview
1458 if (sizeof($message_parser->attachment_data))
1459 {
1460 $template->assign_var('S_HAS_ATTACHMENTS', true);
1461
1462 $update_count = array();
1463 $attachment_data = $message_parser->attachment_data;
1464
1465 parse_attachments($forum_id, $preview_message, $attachment_data, $update_count, true);
1466
1467 foreach ($attachment_data as $i => $attachment)
1468 {
1469 $template->assign_block_vars('attachment', array(
1470 'DISPLAY_ATTACHMENT' => $attachment)
1471 );
1472 }
1473 unset($attachment_data);
1474 }
1475
1476 if (!sizeof($error))
1477 {
1478 $template->assign_vars(array(
1479 'PREVIEW_SUBJECT' => $preview_subject,
1480 'PREVIEW_MESSAGE' => $preview_message,
1481 'PREVIEW_SIGNATURE' => $preview_signature,
1482
1483 'S_DISPLAY_PREVIEW' => !empty($preview_message),
1484 ));
1485 }
1486 }
1487
1488 // Decode text for message display
1489 $post_data['bbcode_uid'] = ($mode == 'quote' && !$preview && !$refresh && !sizeof($error)) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid;
1490 $message_parser->decode_message($post_data['bbcode_uid']);
1491
1492 if ($mode == 'quote' && !$submit && !$preview && !$refresh)
1493 {
1494 if ($config['allow_bbcode'])
1495 {
1496 $message_parser->message = '[quote="' . $post_data['quote_username'] . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
1497 }
1498 else
1499 {
1500 $offset = 0;
1501 $quote_string = "> ";
1502 $message = censor_text(trim($message_parser->message));
1503 // see if we are nesting. It's easily tricked but should work for one level of nesting
1504 if (strpos($message, ">") !== false)
1505 {
1506 $offset = 10;
1507 }
1508 $message = utf8_wordwrap($message, 75 + $offset, "\n");
1509
1510 $message = $quote_string . $message;
1511 $message = str_replace("\n", "\n" . $quote_string, $message);
1512 $message_parser->message = $post_data['quote_username'] . " " . $user->lang['WROTE'] . ":\n" . $message . "\n";
1513 }
1514 }
1515
1516 if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh)
1517 {
1518 $post_data['post_subject'] = ((strpos($post_data['post_subject'], 'Re: ') !== 0) ? 'Re: ' : '') . censor_text($post_data['post_subject']);
1519 }
1520
1521 $attachment_data = $message_parser->attachment_data;
1522 $filename_data = $message_parser->filename_data;
1523 $post_data['post_text'] = $message_parser->message;
1524
1525 if (sizeof($post_data['poll_options']) || !empty($post_data['poll_title']))
1526 {
1527 $message_parser->message = $post_data['poll_title'];
1528 $message_parser->bbcode_uid = $post_data['bbcode_uid'];
1529
1530 $message_parser->decode_message();
1531 $post_data['poll_title'] = $message_parser->message;
1532
1533 $message_parser->message = implode("\n", $post_data['poll_options']);
1534 $message_parser->decode_message();
1535 $post_data['poll_options'] = explode("\n", $message_parser->message);
1536 }
1537
1538 // MAIN POSTING PAGE BEGINS HERE
1539
1540 // Forum moderators?
1541 $moderators = array();
1542 if ($config['load_moderators'])
1543 {
1544 get_moderators($moderators, $forum_id);
1545 }
1546
1547 // Generate smiley listing
1548 generate_smilies('inline', $forum_id);
1549
1550 // Generate inline attachment select box
1551 posting_gen_inline_attachments($attachment_data);
1552
1553 // Do show topic type selection only in first post.
1554 $topic_type_toggle = false;
1555
1556 if ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']))
1557 {
1558 $topic_type_toggle = posting_gen_topic_types($forum_id, $post_data['topic_type']);
1559 }
1560
1561 $s_topic_icons = false;
1562 if ($post_data['enable_icons'] && $auth->acl_get('f_icons', $forum_id))
1563 {
1564 $s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']);
1565 }
1566
1567 $bbcode_checked = (isset($post_data['enable_bbcode'])) ? !$post_data['enable_bbcode'] : (($config['allow_bbcode']) ? !$user->optionget('bbcode') : 1);
1568 $smilies_checked = (isset($post_data['enable_smilies'])) ? !$post_data['enable_smilies'] : (($config['allow_smilies']) ? !$user->optionget('smilies') : 1);
1569 $urls_checked = (isset($post_data['enable_urls'])) ? !$post_data['enable_urls'] : 0;
1570 $sig_checked = $post_data['enable_sig'];
1571 $lock_topic_checked = (isset($topic_lock) && $topic_lock) ? $topic_lock : (($post_data['topic_status'] == ITEM_LOCKED) ? 1 : 0);
1572 $lock_post_checked = (isset($post_lock)) ? $post_lock : $post_data['post_edit_locked'];
1573
1574 // If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting
1575 $notify_set = ($mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set']) ? $user->data['user_notify'] : $post_data['notify_set'];
1576 $notify_checked = (isset($notify)) ? $notify : (($mode == 'post') ? $user->data['user_notify'] : $notify_set);
1577
1578 // Page title & action URL
1579 $s_action = append_sid("{$phpbb_root_path}posting.$phpEx", "mode=$mode&f=$forum_id");
1580 $s_action .= ($topic_id) ? "&t=$topic_id" : '';
1581 $s_action .= ($post_id) ? "&p=$post_id" : '';
1582
1583 switch ($mode)
1584 {
1585 case 'post':
1586 $page_title = $user->lang['POST_TOPIC'];
1587 break;
1588
1589 case 'quote':
1590 case 'reply':
1591 $page_title = $user->lang['POST_REPLY'];
1592 break;
1593
1594 case 'delete':
1595 case 'edit':
1596 $page_title = $user->lang['EDIT_POST'];
1597 break;
1598 }
1599
1600 // Build Navigation Links
1601 generate_forum_nav($post_data);
1602
1603 // Build Forum Rules
1604 generate_forum_rules($post_data);
1605
1606 // Posting uses is_solved for legacy reasons. Plugins have to use is_solved to force themselves to be displayed.
1607 if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
1608 {
1609
1610 $template->assign_vars(array(
1611 'S_CONFIRM_CODE' => true,
1612 'CAPTCHA_TEMPLATE' => $captcha->get_template(),
1613 ));
1614 }
1615
1616 $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : '';
1617 $s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
1618 $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', $draft_id) . '" />' : '';
1619
1620 if ($mode == 'edit')
1621 {
1622 $s_hidden_fields .= build_hidden_fields(array(
1623 'edit_post_message_checksum' => $post_data['post_checksum'],
1624 'edit_post_subject_checksum' => $post_data['post_subject_md5'],
1625 ));
1626 }
1627
1628 // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview
1629 if (isset($captcha) && $captcha->is_solved() !== false)
1630 {
1631 $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
1632 }
1633
1634 $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_attachments'] || !$auth->acl_get('u_attach') || !$auth->acl_get('f_attach', $forum_id)) ? '' : ' enctype="multipart/form-data"';
1635 add_form_key('posting');
1636
1637
1638 // Build array of variables for main posting page
1639 $page_data = array(
1640 'L_POST_A' => $page_title,
1641 'L_ICON' => ($mode == 'reply' || $mode == 'quote' || ($mode == 'edit' && $post_id != $post_data['topic_first_post_id'])) ? $user->lang['POST_ICON'] : $user->lang['TOPIC_ICON'],
1642 'L_MESSAGE_BODY_EXPLAIN' => $user->lang('MESSAGE_BODY_EXPLAIN', (int) $config['max_post_chars']),
1643
1644 'FORUM_NAME' => $post_data['forum_name'],
1645 'FORUM_DESC' => ($post_data['forum_desc']) ? generate_text_for_display($post_data['forum_desc'], $post_data['forum_desc_uid'], $post_data['forum_desc_bitfield'], $post_data['forum_desc_options']) : '',
1646 'TOPIC_TITLE' => censor_text($post_data['topic_title']),
1647 'MODERATORS' => (sizeof($moderators)) ? implode($user->lang['COMMA_SEPARATOR'], $moderators[$forum_id]) : '',
1648 'USERNAME' => ((!$preview && $mode != 'quote') || $preview) ? $post_data['username'] : '',
1649 'SUBJECT' => $post_data['post_subject'],
1650 'MESSAGE' => $post_data['post_text'],
1651 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'),
1652 'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
1653 'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
1654 'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
1655 'URL_STATUS' => ($bbcode_status && $url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
1656 'MAX_FONT_SIZE' => (int) $config['max_post_font_size'],
1657 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']),
1658 'POST_DATE' => ($post_data['post_time']) ? $user->format_date($post_data['post_time']) : '',
1659 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
1660 'TOPIC_TIME_LIMIT' => (int) $post_data['topic_time_limit'],
1661 'EDIT_REASON' => $request->variable('edit_reason', ''),
1662 'SHOW_PANEL' => $request->variable('show_panel', ''),
1663 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id"),
1664 'U_VIEW_TOPIC' => ($mode != 'post') ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id") : '',
1665 'U_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&mode=popup"),
1666 'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&mode=popup")),
1667
1668 'S_PRIVMSGS' => false,
1669 'S_CLOSE_PROGRESS_WINDOW' => (isset($_POST['add_file'])) ? true : false,
1670 'S_EDIT_POST' => ($mode == 'edit') ? true : false,
1671 'S_EDIT_REASON' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1672 'S_DISPLAY_USERNAME' => (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false,
1673 'S_SHOW_TOPIC_ICONS' => $s_topic_icons,
1674 'S_DELETE_ALLOWED' => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id) && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['delete_time'] * 60) || !$config['delete_time'])) || $auth->acl_get('m_delete', $forum_id))) ? true : false,
1675 'S_BBCODE_ALLOWED' => ($bbcode_status) ? 1 : 0,
1676 'S_BBCODE_CHECKED' => ($bbcode_checked) ? ' checked="checked"' : '',
1677 'S_SMILIES_ALLOWED' => $smilies_status,
1678 'S_SMILIES_CHECKED' => ($smilies_checked) ? ' checked="checked"' : '',
1679 'S_SIG_ALLOWED' => ($auth->acl_get('f_sigs', $forum_id) && $config['allow_sig'] && $user->data['is_registered']) ? true : false,
1680 'S_SIGNATURE_CHECKED' => ($sig_checked) ? ' checked="checked"' : '',
1681 'S_NOTIFY_ALLOWED' => (!$user->data['is_registered'] || ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) || !$config['allow_topic_notify'] || !$config['email_enable']) ? false : true,
1682 'S_NOTIFY_CHECKED' => ($notify_checked) ? ' checked="checked"' : '',
1683 'S_LOCK_TOPIC_ALLOWED' => (($mode == 'edit' || $mode == 'reply' || $mode == 'quote') && ($auth->acl_get('m_lock', $forum_id) || ($auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED))) ? true : false,
1684 'S_LOCK_TOPIC_CHECKED' => ($lock_topic_checked) ? ' checked="checked"' : '',
1685 'S_LOCK_POST_ALLOWED' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
1686 'S_LOCK_POST_CHECKED' => ($lock_post_checked) ? ' checked="checked"' : '',
1687 'S_SOFTDELETE_CHECKED' => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? ' checked="checked"' : '',
1688 'S_SOFTDELETE_ALLOWED' => ($mode == 'edit' && $phpbb_content_visibility->can_soft_delete($forum_id, $post_data['poster_id'], $lock_post_checked)) ? true : false,
1689 'S_RESTORE_ALLOWED' => $auth->acl_get('m_approve', $forum_id),
1690 'S_IS_DELETED' => ($mode == 'edit' && $post_data['post_visibility'] == ITEM_DELETED) ? true : false,
1691 'S_LINKS_ALLOWED' => $url_status,
1692 'S_MAGIC_URL_CHECKED' => ($urls_checked) ? ' checked="checked"' : '',
1693 'S_TYPE_TOGGLE' => $topic_type_toggle,
1694 'S_SAVE_ALLOWED' => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $mode != 'edit') ? true : false,
1695 'S_HAS_DRAFTS' => ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $post_data['drafts']) ? true : false,
1696 'S_FORM_ENCTYPE' => $form_enctype,
1697
1698 'S_BBCODE_IMG' => $img_status,
1699 'S_BBCODE_URL' => $url_status,
1700 'S_BBCODE_FLASH' => $flash_status,
1701 'S_BBCODE_QUOTE' => $quote_status,
1702
1703 'S_POST_ACTION' => $s_action,
1704 'S_HIDDEN_FIELDS' => $s_hidden_fields,
1705 'S_ATTACH_DATA' => json_encode($message_parser->attachment_data),
1706 'S_IN_POSTING' => true,
1707 );
1708
1709 /**
1710 * This event allows you to modify template variables for the posting screen
1711 *
1712 * @event core.posting_modify_template_vars
1713 * @var array post_data Array with post data
1714 * @var array moderators Array with forum moderators
1715 * @var string mode What action to take if the form is submitted
1716 * post|reply|quote|edit|delete|bump|smilies|popup
1717 * @var string page_title Title of the mode page
1718 * @var bool s_topic_icons Whether or not to show the topic icons
1719 * @var string form_enctype If attachments are allowed for this form
1720 * "multipart/form-data" or empty string
1721 * @var string s_action The URL to submit the POST data to
1722 * @var string s_hidden_fields Concatenated hidden input tags of posting form
1723 * @var int post_id ID of the post
1724 * @var int topic_id ID of the topic
1725 * @var int forum_id ID of the forum
1726 * @var bool submit Whether or not the form has been submitted
1727 * @var bool preview Whether or not the post is being previewed
1728 * @var bool save Whether or not a draft is being saved
1729 * @var bool load Whether or not a draft is being loaded
1730 * @var bool delete Whether or not the post is being deleted
1731 * @var bool cancel Whether or not to cancel the form (returns to
1732 * viewtopic or viewforum depending on if the user
1733 * is posting a new topic or editing a post)
1734 * @var array error Any error strings; a non-empty array aborts
1735 * form submission.
1736 * NOTE: Should be actual language strings, NOT
1737 * language keys.
1738 * @var bool refresh Whether or not to retain previously submitted data
1739 * @var array page_data Posting page data that should be passed to the
1740 * posting page via $template->assign_vars()
1741 * @var object message_parser The message parser object
1742 * @since 3.1.0-a1
1743 * @change 3.1.0-b3 Added vars post_data, moderators, mode, page_title,
1744 * s_topic_icons, form_enctype, s_action, s_hidden_fields,
1745 * post_id, topic_id, forum_id, submit, preview, save, load,
1746 * delete, cancel, refresh, error, page_data, message_parser
1747 */
1748 $vars = array(
1749 'post_data',
1750 'moderators',
1751 'mode',
1752 'page_title',
1753 's_topic_icons',
1754 'form_enctype',
1755 's_action',
1756 's_hidden_fields',
1757 'post_id',
1758 'topic_id',
1759 'forum_id',
1760 'submit',
1761 'preview',
1762 'save',
1763 'load',
1764 'delete',
1765 'cancel',
1766 'refresh',
1767 'error',
1768 'page_data',
1769 'message_parser',
1770 );
1771 extract($phpbb_dispatcher->trigger_event('core.posting_modify_template_vars', compact($vars)));
1772
1773 // Start assigning vars for main posting page ...
1774 $template->assign_vars($page_data);
1775
1776 // Build custom bbcodes array
1777 display_custom_bbcodes();
1778
1779 // Poll entry
1780 if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id']/* && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))*/))
1781 && $auth->acl_get('f_poll', $forum_id))
1782 {
1783 $template->assign_vars(array(
1784 'S_SHOW_POLL_BOX' => true,
1785 'S_POLL_VOTE_CHANGE' => ($auth->acl_get('f_votechg', $forum_id) && $auth->acl_get('f_vote', $forum_id)),
1786 'S_POLL_DELETE' => ($mode == 'edit' && sizeof($post_data['poll_options']) && ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))),
1787 'S_POLL_DELETE_CHECKED' => (!empty($poll_delete)) ? true : false,
1788
1789 'L_POLL_OPTIONS_EXPLAIN' => $user->lang('POLL_OPTIONS_' . (($mode == 'edit') ? 'EDIT_' : '') . 'EXPLAIN', (int) $config['max_poll_options']),
1790
1791 'VOTE_CHANGE_CHECKED' => (!empty($post_data['poll_vote_change'])) ? ' checked="checked"' : '',
1792 'POLL_TITLE' => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '',
1793 'POLL_OPTIONS' => (!empty($post_data['poll_options'])) ? implode("\n", $post_data['poll_options']) : '',
1794 'POLL_MAX_OPTIONS' => (isset($post_data['poll_max_options'])) ? (int) $post_data['poll_max_options'] : 1,
1795 'POLL_LENGTH' => $post_data['poll_length'])
1796 );
1797 }
1798
1799 // Show attachment box for adding attachments if true
1800 $allowed = ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && $config['allow_attachments'] && $form_enctype);
1801
1802 if ($allowed)
1803 {
1804 $max_files = ($auth->acl_get('a_') || $auth->acl_get('m_', $forum_id)) ? 0 : (int) $config['max_attachments'];
1805 $plupload->configure($cache, $template, $s_action, $forum_id, $max_files);
1806 }
1807
1808 // Attachment entry
1809 posting_gen_attachment_entry($attachment_data, $filename_data, $allowed);
1810
1811 // Output page ...
1812 page_header($page_title);
1813
1814 $template->set_filenames(array(
1815 'body' => 'posting_body.html')
1816 );
1817
1818 make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
1819
1820 // Topic review
1821 if ($mode == 'reply' || $mode == 'quote')
1822 {
1823 if (topic_review($topic_id, $forum_id))
1824 {
1825 $template->assign_var('S_DISPLAY_REVIEW', true);
1826 }
1827 }
1828
1829 page_footer();
1830