}
$post['sticky'] = $post['op'] && isset($_POST['sticky']);
$post['locked'] = $post['op'] && isset($_POST['lock']);
$post['raw'] = isset($_POST['raw']);
if ($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri'])) {
error($config['error']['noaccess']);
}
if ($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri'])) {
error($config['error']['noaccess']);
}
if ($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri'])) {
error($config['error']['noaccess']);
}
}
if (!$post['mod']) {
$post['antispam_hash'] = checkSpam(array($board['uri'], isset($post['thread']) ? $post['thread'] : ($config['try_smarter'] && isset($_POST['page']) ? 0 - (int) $_POST['page'] : null)));
if ($post['antispam_hash'] === true && $config['enable_antibot']) {
error($config['error']['spam']);
}
}
if ($config['robot_enable'] && $config['robot_mute']) {
checkMute();
}
//Check if thread exists
if (!$post['op']) {
$query = prepare(sprintf("SELECT `sticky`,`locked`,`cycle`,`sage` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query->bindValue(':id', $post['thread'], PDO::PARAM_INT);
$query->execute() or error(db_error());
if (!($thread = $query->fetch(PDO::FETCH_ASSOC))) {
// Non-existant
error($config['error']['nonexistant']);
echo '<form name="f1" action="' . $PHP_SELF . '" method="post" style="margin:0px">';
echo "<b>Table {$tbl_name} doesn't exist. Create it now?</b><br><br>";
echo '<input type="radio" name="create" value="yes" onClick="document.f1.submit()">yes ';
echo '<input type="radio" name="create" value="no" onClick="document.f1.submit()">no';
echo '</form></div>';
}
}
} else {
if ($admin && $admin != $_SESSION['sb_admin']) {
$error = $msg['wrongPass'];
} else {
if (is_admin() && $delete) {
$error = delete_entry($delete);
} else {
if ($sbText) {
if (checkSpam($sbID, -1, $sbName, $sbEMail, '', $sbText, '', $sbSpr)) {
$error = $msg['noSpam'];
} else {
$error = new_entry($sbName, $sbEMail, $sbText);
}
}
}
}
if ($error) {
echo '<div class="cssShoutError">' . $error . '</div>';
}
$User = $_SESSION['Name'];
$Level = $_SESSION['Level'];
read_entries($User, $Level);
}
?>
// Send formatted post to client
$postData = posts2send($newPostResult);
// var_dump($postData);
returnJSON('post', $postData);
} else {
if ($_POST['action'] == 'editPost') {
$clientIp = $_SERVER['REMOTE_ADDR'] == '::1' ? '00000000' : encode_ip($_SERVER['REMOTE_ADDR']);
$forumId = mysqli_real_escape_string($db, $_POST['forumId']);
$postId = mysqli_real_escape_string($db, $_POST['postId']);
$usersForumId = mysqli_real_escape_string($db, $_COOKIE['usersForumId']);
$forumUser = mysqli_real_escape_string($db, $_POST['forumUser']);
$forumMessage = mysqli_real_escape_string($db, htmlentities($_POST['forumMessage']));
$forumMessage = $emojione->toShort($forumMessage);
$postTime = time();
// Check for spam
checkSpam($clientIp, $forumUser, $forumMessage);
// Copy previous post to deleted forum
$backupSQL = "INSERT INTO `forum_posts`(`parent_id`, `forum`, `users_forum_id`, `sender`, `post_time`, `message`, `ipaddress`, `length1`, `length2`)\n SELECT `parent_id`, 0, `users_forum_id`, `sender`, `post_time`, `message`, `ipaddress`, `length1`, `length2` FROM `forum_posts` WHERE `id` = {$postId}";
$updateSQL = "UPDATE `forum_posts` SET `message` = '{$forumMessage}', `ipaddress` = '{$clientIp}' WHERE `id` = {$postId}";
if (!mysqli_query($db, $backupSQL) || !mysqli_query($db, $updateSQL)) {
$errorData = mysqli_error($db);
returnJSON('error', $errorData);
}
header("Location: forum/" . $forumId . "#" . $postId);
} else {
if ($_POST['action'] == 'updateLikeCount') {
$postId = mysqli_real_escape_string($db, $_POST['postId']);
$usersForumId = mysqli_real_escape_string($db, $_COOKIE['usersForumId']);
mysqli_query($db, "INSERT INTO forum_plusone (`message`,`cookie`) VALUES ({$postId},'{$usersForumId}')");
} else {
if ($_POST['action'] == 'sendNotifications') {
error($config['error']['noboard']);
}
// Check if banned
checkBan($board['uri']);
// Check for CAPTCHA right after opening the board so the "return" link is in there
if ($config['recaptcha']) {
if (!isset($_POST['recaptcha_challenge_field']) || !isset($_POST['recaptcha_response_field'])) {
error($config['error']['bot']);
}
// Check what reCAPTCHA has to say...
$resp = recaptcha_check_answer($config['recaptcha_private'], $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
if (!$resp->is_valid) {
error($config['error']['captcha']);
}
}
if (checkSpam(array($board['uri'], isset($post['thread']) ? $post['thread'] : null))) {
error($config['error']['spam']);
}
if ($config['robot_enable'] && $config['robot_mute']) {
checkMute();
}
//Check if thread exists
if (!$OP) {
$query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query->bindValue(':id', $post['thread'], PDO::PARAM_INT);
$query->execute() or error(db_error());
if (!($thread = $query->fetch())) {
// Non-existant
error($config['error']['nonexistant']);
}
}
error($config['error']['notamod']);
}
$post['sticky'] = $post['op'] && isset($_POST['sticky']);
$post['locked'] = $post['op'] && isset($_POST['lock']);
$post['raw'] = isset($_POST['raw']);
if ($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri'])) {
error($config['error']['noaccess']);
}
if ($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri'])) {
error($config['error']['noaccess']);
}
if ($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri'])) {
error($config['error']['noaccess']);
}
}
if (!$post['mod'] && checkSpam(array($board['uri'], isset($post['thread']) && !($config['quick_reply'] && isset($_POST['quick-reply'])) ? $post['thread'] : null))) {
error($config['error']['spam']);
}
if ($config['robot_enable'] && $config['robot_mute']) {
checkMute();
}
//Check if thread exists
if (!$post['op']) {
$query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query->bindValue(':id', $post['thread'], PDO::PARAM_INT);
$query->execute() or error(db_error());
if (!($thread = $query->fetch())) {
// Non-existant
error($config['error']['nonexistant']);
}
}
}
$post['sticky'] = $post['op'] && isset($_POST['sticky']);
$post['locked'] = $post['op'] && isset($_POST['lock']);
$post['raw'] = isset($_POST['raw']);
if ($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri'])) {
error($config['error']['noaccess']);
}
if ($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri'])) {
error($config['error']['noaccess']);
}
if ($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri'])) {
error($config['error']['noaccess']);
}
}
if (!$post['mod']) {
$post['antispam_hash'] = checkSpam(array($board['uri'], isset($post['thread']) && !($config['quick_reply'] && isset($_POST['quick-reply'])) ? $post['thread'] : null));
if ($post['antispam_hash'] === true) {
error($config['error']['spam']);
}
}
if ($config['robot_enable'] && $config['robot_mute']) {
checkMute();
}
//Check if thread exists
if (!$post['op']) {
$query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri']));
$query->bindValue(':id', $post['thread'], PDO::PARAM_INT);
$query->execute() or error(db_error());
if (!($thread = $query->fetch())) {
// Non-existant
error($config['error']['nonexistant']);
