function post_create($fid, $tid, $reply_pid, $fuid, $tuid, $content, $hide_ipaddress = false)
{
if (!($db = db::get())) {
return -1;
}
$post_content = $db->escape($content);
$ipaddress = $hide_ipaddress == false ? get_ip_address() : '';
if (!is_numeric($tid)) {
return -1;
}
if (!is_numeric($reply_pid)) {
return -1;
}
if (!is_numeric($fuid)) {
return -1;
}
if (!is_numeric($tuid)) {
return -1;
}
$current_datetime = date(MYSQL_DATETIME, time());
if (!($table_prefix = get_table_prefix())) {
return -1;
}
// Check that the post needs approval. If the user is a moderator their posts are self-approved.
if (perm_check_folder_permissions($fid, USER_PERM_POST_APPROVAL, $fuid) && !perm_is_moderator($fuid, $fid)) {
$sql = "INSERT INTO `{$table_prefix}POST` (TID, REPLY_TO_PID, FROM_UID, ";
$sql .= "TO_UID, CREATED, APPROVED, IPADDRESS) VALUES ({$tid}, {$reply_pid}, {$fuid}, ";
$sql .= "{$tuid}, CAST('{$current_datetime}' AS DATETIME), NULL, '{$ipaddress}')";
} else {
$sql = "INSERT INTO `{$table_prefix}POST` (TID, REPLY_TO_PID, FROM_UID, ";
$sql .= "TO_UID, CREATED, APPROVED, APPROVED_BY, IPADDRESS) VALUES ({$tid}, {$reply_pid}, ";
$sql .= "{$fuid}, {$tuid}, CAST('{$current_datetime}' AS DATETIME), ";
$sql .= "CAST('{$current_datetime}' AS DATETIME), {$fuid}, '{$ipaddress}')";
}
if (!$db->query($sql)) {
return -1;
}
$new_pid = $db->insert_id;
$sql = "INSERT INTO `{$table_prefix}POST_CONTENT` (TID, PID, CONTENT) ";
$sql .= "VALUES ('{$tid}', '{$new_pid}', '{$post_content}')";
if (!$db->query($sql)) {
return -1;
}
$sql = "INSERT INTO `{$table_prefix}POST_SEARCH_ID` (TID, PID) ";
$sql .= "VALUES('{$tid}', '{$new_pid}')";
if (!$db->query($sql)) {
return -1;
}
post_update_thread_length($tid, $new_pid);
user_increment_post_count($fuid);
if (perm_check_folder_permissions($fid, USER_PERM_POST_APPROVAL, $fuid) && !perm_is_moderator($fuid, $fid)) {
admin_send_post_approval_notification($fid);
}
return $new_pid;
}
$max_post_attachment_space = forum_get_setting('attachments_max_post_space', 'is_numeric', 1048576);
$error_msg_array[] = gettext(sprintf("You have too many files attached to this post. Maximum attachment space per post is %s", format_file_size($max_post_attachment_space)));
$valid = false;
}
if ((forum_get_setting('allow_post_editing', 'N') || $_SESSION['UID'] != $edit_message['FROM_UID'] && !(perm_get_user_permissions($edit_message['FROM_UID']) & USER_PERM_PILLORIED) || session::check_perm(USER_PERM_PILLORIED, 0) || $post_edit_time > 0 && time() - $edit_message['CREATED'] >= $post_edit_time * HOUR_IN_SECONDS) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $fid)) {
light_html_draw_error(gettext("You are not permitted to edit this message."), 'lmessages.php', 'get', array('back' => gettext("Back")), array('msg' => $return_msg));
}
if ($valid) {
$content_new = $content;
if ($allow_sig == true && isset($sig)) {
$content_new .= "<div class=\"sig\">{$sig}</div>";
}
if (post_update($fid, $tid, $pid, $content_new)) {
post_add_edit_text($tid, $pid);
post_remove_attachments($tid, $pid);
if (perm_check_folder_permissions($fid, USER_PERM_POST_APPROVAL, $edit_message['FROM_UID']) && !perm_is_moderator($edit_message['FROM_UID'], $fid)) {
admin_send_post_approval_notification($fid);
}
if (sizeof($attachments) > 0 && ($attachments_array = attachments_get($edit_message['FROM_UID'], $attachments))) {
foreach ($attachments_array as $attachment) {
post_add_attachment($tid, $pid, $attachment['aid']);
}
}
if (session::check_perm(USER_PERM_FOLDER_MODERATE, $fid) && $edit_message['FROM_UID'] != $_SESSION['UID']) {
admin_add_log_entry(EDIT_POST, array($fid, $tid, $pid));
}
header_redirect("lmessages.php?webtag={$webtag}&msg={$return_msg}&edit_success={$msg}");
exit;
} else {
$error_msg_array[] = gettext("Error updating post");
}
if (isset($thread_data['CLOSED']) && $thread_data['CLOSED'] > 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $fid)) {
light_html_draw_error(gettext("This thread is closed, you cannot post in it!"));
}
}
if (isset($tid) && is_numeric($tid)) {
if ($allow_sig == true && strlen(trim($sig)) > 0) {
$content .= "<div class=\"sig\">{$sig}</div>";
}
if (($new_pid = post_create($fid, $tid, $reply_to_pid, $_SESSION['UID'], $to_logon_array, $content)) !== false) {
if ($high_interest == "Y") {
thread_set_high_interest($tid);
}
email_send_notification($tid, $new_pid);
email_send_thread_subscription($tid, $new_pid);
email_send_folder_subscription($fid, $tid);
if (perm_check_folder_permissions($fid, USER_PERM_POST_APPROVAL, $_SESSION['UID']) && !perm_is_moderator($_SESSION['UID'], $fid)) {
admin_send_post_approval_notification($fid);
}
if (sizeof($attachments) > 0 && ($attachments_array = attachments_get($_SESSION['UID'], $attachments)) !== false) {
foreach ($attachments_array as $attachment) {
post_add_attachment($tid, $new_pid, $attachment['aid']);
}
}
}
}
}
if ($new_thread && isset($tid) && is_numeric($tid)) {
$uri = "lmessages.php?webtag={$webtag}&msg={$tid}.1";
} else {
if (isset($return_msg)) {
$uri = "lmessages.php?webtag={$webtag}&msg={$return_msg}";
function post_create_thread($fid, $uid, $title, $poll = 'N', $sticky = 'N', $closed = false, $deleted = false)
{
if (!is_numeric($fid)) {
return false;
}
if (!is_numeric($uid)) {
return false;
}
if (!($db = db::get())) {
return false;
}
if (!($table_prefix = get_table_prefix())) {
return false;
}
$title = $db->escape($title);
$poll = $poll == 'Y' ? 'Y' : 'N';
$sticky = $sticky == 'Y' ? 'Y' : 'N';
$closed = $closed === true ? sprintf("'%s'", date(MYSQL_DATETIME, time())) : 'NULL';
$deleted = $deleted === true ? 'Y' : 'N';
$current_datetime = date(MYSQL_DATETIME, time());
$approved_by = 'NULL';
$approved_datetime = 'NULL';
if (!perm_check_folder_permissions($fid, USER_PERM_POST_APPROVAL, $uid) || perm_is_moderator($uid, $fid)) {
$approved_by = $uid;
$approved_datetime = sprintf("CAST('%s' AS DATETIME)", date(MYSQL_DATETIME, time()));
}
$sql = "INSERT INTO `{$table_prefix}THREAD` (FID, BY_UID, TITLE, LENGTH, POLL_FLAG, ";
$sql .= "APPROVED, APPROVED_BY, STICKY, CREATED, MODIFIED, CLOSED, DELETED) ";
$sql .= "VALUES ('{$fid}', '{$uid}', '{$title}', 0, '{$poll}', {$approved_datetime}, ";
$sql .= "{$approved_by}, '{$sticky}', CAST('{$current_datetime}' AS DATETIME), ";
$sql .= "CAST('{$current_datetime}' AS DATETIME), {$closed}, '{$deleted}')";
if (!$db->query($sql)) {
return false;
}
return $db->insert_id;
}