function post_message($thread_id, $is_followup_to, $subject, $body, $group_forum_id) { global $feedback, $Language; if (user_isloggedin()) { $request =& HTTPRequest::instance(); if (!$group_forum_id) { exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'post_without_id')); } if (!$body || !$subject) { exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'include_body_and_subject')); } //see if that message has been posted already for people that double-post $res3 = db_query("SELECT * FROM forum " . "WHERE is_followup_to=" . db_ei($is_followup_to) . " " . "AND subject='" . db_es(htmlspecialchars($subject)) . "' " . "AND group_forum_id=" . db_ei($group_forum_id) . " " . "AND body='" . db_es($body) . "' " . "AND posted_by='" . user_getid() . "'"); if (db_numrows($res3) > 0) { //already posted this message exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'do_not_double_post')); } else { echo db_error(); } if (!$thread_id) { $thread_id = get_next_thread_id(); $is_followup_to = 0; } else { if ($is_followup_to) { //increment the parent's followup count if necessary $res2 = db_query("SELECT * FROM forum WHERE msg_id=" . db_ei($is_followup_to) . " AND thread_id=" . db_ei($thread_id) . " AND group_forum_id=" . db_ei($group_forum_id)); if (db_numrows($res2) > 0) { if (db_result($res2, 0, 'has_followups') > 0) { //parent already is marked with followups } else { //mark the parent with followups as an optimization later db_query("UPDATE forum SET has_followups='1' WHERE msg_id=" . db_ei($is_followup_to) . " AND thread_id=" . db_ei($thread_id) . " AND group_forum_id=" . db_ei($group_forum_id)); } } else { exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'msg_not_exist')); } } else { //should never happen except with shoddy browsers or mucking with the HTML form exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'no_folowup_id')); } } $sql = "INSERT INTO forum (group_forum_id,posted_by,subject,body,date,is_followup_to,thread_id) " . "VALUES (" . db_ei($group_forum_id) . ", '" . user_getid() . "', '" . db_es(htmlspecialchars($subject)) . "', '" . db_es(htmlspecialchars($body)) . "', '" . time() . "'," . db_ei($is_followup_to) . "," . db_ei($thread_id) . ")"; $result = db_query($sql); if (!$result) { echo $Language->getText('forum_forum_utils', 'insert_fail'); echo db_error(); $feedback .= ' ' . $Language->getText('forum_forum_utils', 'post_failed') . ' '; } else { $feedback .= ' ' . $Language->getText('forum_forum_utils', 'msg_posted') . ' '; } $msg_id = db_insertid($result); // extract cross reference in the message $reference_manager =& ReferenceManager::instance(); $g_id = get_forum_group_id($group_forum_id); $GLOBALS['group_id'] = $g_id; // don't know why group_id is not set in forum (needed for references) $reference_manager->extractCrossRef($subject, $msg_id, ReferenceManager::REFERENCE_NATURE_FORUMMESSAGE, $g_id); $reference_manager->extractCrossRef($body, $msg_id, ReferenceManager::REFERENCE_NATURE_FORUMMESSAGE, $g_id); if ($request->isPost() && $request->existAndNonEmpty('enable_monitoring')) { forum_thread_add_monitor($group_forum_id, $thread_id, user_getid()); } else { forum_thread_delete_monitor_by_user($group_forum_id, $msg_id, user_getid()); } handle_monitoring($group_forum_id, $thread_id, $msg_id); } else { echo ' <H3>' . $Language->getText('forum_forum_utils', 'could_post_if_logged') . '</H3>'; } }
/** * assumes $allow_anonymous var is setup correctly * added checks and tests to allow anonymous posting */ function post_message($thread_id, $is_followup_to, $subject, $body, $group_forum_id) { global $feedback, $allow_anonymous; if (user_isloggedin() || $allow_anonymous) { if (!$group_forum_id) { $feedback = 'Trying to post without a forum ID'; return false; } if (!$body || !$subject) { $feedback = 'Must include a message body and subject'; return false; } if (!user_isloggedin()) { $user_id = 100; } else { $user_id = user_getid(); } //see if that message has been posted already for all the idiots that double-post $res3 = db_query("SELECT * FROM forum " . "WHERE is_followup_to='{$is_followup_to}' " . "AND subject='" . htmlspecialchars($subject) . "' " . "AND group_forum_id='{$group_forum_id}' " . "AND posted_by='{$user_id}'"); if (db_numrows($res3) > 0) { //already posted this message $feedback = 'You appear to be double-posting this message, since it has the same subject and followup information as a prior post.'; return false; } else { echo db_error(); } db_begin(); if (!$thread_id) { $thread_id = get_next_thread_id(); $is_followup_to = 0; if (!$thread_id) { $feedback .= ' Getting next thread_id failed '; db_rollback(); return false; } } else { if ($is_followup_to) { // // increment the parent's followup count if necessary // $res2 = db_query("SELECT * FROM forum WHERE msg_id='{$is_followup_to}' AND group_forum_id='{$group_forum_id}'"); if (db_numrows($res2) > 0) { // // get thread_id from the parent's row, // which is more trustworthy than the HTML form // $thread_id = db_result($res2, 0, 'thread_id'); // // now we need to update the first message in // this thread with the current time // $res4 = db_query("UPDATE forum SET most_recent_date='" . time() . "' " . "WHERE thread_id='{$thread_id}' AND is_followup_to='0'"); if (!$res4 || db_affected_rows($res4) < 1) { $feedback = 'Couldn\'t Update Master Thread parent with current time'; db_rollback(); return false; } else { // // mark the parent with followups as an optimization later // $res3 = db_query("UPDATE forum SET has_followups='1',most_recent_date='" . time() . "' " . "WHERE msg_id='{$is_followup_to}'"); if (!$res3) { $feedback = 'Could Not Update Parent'; db_rollback(); return false; } } } else { $feedback = 'Trying to followup to a message that doesn\'t exist.'; db_rollback(); return false; } } else { //should never happen except with shoddy //browsers or mucking with the HTML form $feedback = 'No followup ID present when trying to post to an existing thread.'; db_rollback(); return false; } } $sql = "INSERT INTO forum (group_forum_id,posted_by,subject,body,date,is_followup_to,thread_id,most_recent_date) " . "VALUES ('{$group_forum_id}', '{$user_id}', '" . htmlspecialchars($subject) . "', '" . htmlspecialchars($body) . "', '" . time() . "','{$is_followup_to}','{$thread_id}','" . time() . "')"; $result = db_query($sql); if (!$result) { $feedback .= ' Posting Failed ' . db_error(); db_rollback(); return false; } else { $msg_id = db_insertid($result, 'forum', 'msg_id'); if (!$msg_id) { db_rollback(); $feedback .= "Failed to get insertid()"; return false; } else { handle_monitoring($group_forum_id, $msg_id); db_commit(); $feedback .= ' Message Posted '; return true; } } } else { $feedback .= ' <H3>You could post if you were logged in</H3>'; return false; } }