Beispiel #1
0
function post_create($fid, $tid, $reply_pid, $fuid, $tuid, $content, $hide_ipaddress = false)
{
    if (!($db = db::get())) {
        return -1;
    }
    $post_content = $db->escape($content);
    $ipaddress = $hide_ipaddress == false ? get_ip_address() : '';
    if (!is_numeric($tid)) {
        return -1;
    }
    if (!is_numeric($reply_pid)) {
        return -1;
    }
    if (!is_numeric($fuid)) {
        return -1;
    }
    if (!is_numeric($tuid)) {
        return -1;
    }
    $current_datetime = date(MYSQL_DATETIME, time());
    if (!($table_prefix = get_table_prefix())) {
        return -1;
    }
    // Check that the post needs approval. If the user is a moderator their posts are self-approved.
    if (perm_check_folder_permissions($fid, USER_PERM_POST_APPROVAL, $fuid) && !perm_is_moderator($fuid, $fid)) {
        $sql = "INSERT INTO `{$table_prefix}POST` (TID, REPLY_TO_PID, FROM_UID, ";
        $sql .= "TO_UID, CREATED, APPROVED, IPADDRESS) VALUES ({$tid}, {$reply_pid}, {$fuid}, ";
        $sql .= "{$tuid}, CAST('{$current_datetime}' AS DATETIME), NULL, '{$ipaddress}')";
    } else {
        $sql = "INSERT INTO `{$table_prefix}POST` (TID, REPLY_TO_PID, FROM_UID, ";
        $sql .= "TO_UID, CREATED, APPROVED, APPROVED_BY, IPADDRESS) VALUES ({$tid}, {$reply_pid}, ";
        $sql .= "{$fuid}, {$tuid}, CAST('{$current_datetime}' AS DATETIME), ";
        $sql .= "CAST('{$current_datetime}' AS DATETIME), {$fuid}, '{$ipaddress}')";
    }
    if (!$db->query($sql)) {
        return -1;
    }
    $new_pid = $db->insert_id;
    $sql = "INSERT INTO `{$table_prefix}POST_CONTENT` (TID, PID, CONTENT) ";
    $sql .= "VALUES ('{$tid}', '{$new_pid}', '{$post_content}')";
    if (!$db->query($sql)) {
        return -1;
    }
    $sql = "INSERT INTO `{$table_prefix}POST_SEARCH_ID` (TID, PID) ";
    $sql .= "VALUES('{$tid}', '{$new_pid}')";
    if (!$db->query($sql)) {
        return -1;
    }
    post_update_thread_length($tid, $new_pid);
    user_increment_post_count($fuid);
    if (perm_check_folder_permissions($fid, USER_PERM_POST_APPROVAL, $fuid) && !perm_is_moderator($fuid, $fid)) {
        admin_send_post_approval_notification($fid);
    }
    return $new_pid;
}
Beispiel #2
0
     $max_post_attachment_space = forum_get_setting('attachments_max_post_space', 'is_numeric', 1048576);
     $error_msg_array[] = gettext(sprintf("You have too many files attached to this post. Maximum attachment space per post is %s", format_file_size($max_post_attachment_space)));
     $valid = false;
 }
 if ((forum_get_setting('allow_post_editing', 'N') || $_SESSION['UID'] != $edit_message['FROM_UID'] && !(perm_get_user_permissions($edit_message['FROM_UID']) & USER_PERM_PILLORIED) || session::check_perm(USER_PERM_PILLORIED, 0) || $post_edit_time > 0 && time() - $edit_message['CREATED'] >= $post_edit_time * HOUR_IN_SECONDS) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $fid)) {
     light_html_draw_error(gettext("You are not permitted to edit this message."), 'lmessages.php', 'get', array('back' => gettext("Back")), array('msg' => $return_msg));
 }
 if ($valid) {
     $content_new = $content;
     if ($allow_sig == true && isset($sig)) {
         $content_new .= "<div class=\"sig\">{$sig}</div>";
     }
     if (post_update($fid, $tid, $pid, $content_new)) {
         post_add_edit_text($tid, $pid);
         post_remove_attachments($tid, $pid);
         if (perm_check_folder_permissions($fid, USER_PERM_POST_APPROVAL, $edit_message['FROM_UID']) && !perm_is_moderator($edit_message['FROM_UID'], $fid)) {
             admin_send_post_approval_notification($fid);
         }
         if (sizeof($attachments) > 0 && ($attachments_array = attachments_get($edit_message['FROM_UID'], $attachments))) {
             foreach ($attachments_array as $attachment) {
                 post_add_attachment($tid, $pid, $attachment['aid']);
             }
         }
         if (session::check_perm(USER_PERM_FOLDER_MODERATE, $fid) && $edit_message['FROM_UID'] != $_SESSION['UID']) {
             admin_add_log_entry(EDIT_POST, array($fid, $tid, $pid));
         }
         header_redirect("lmessages.php?webtag={$webtag}&msg={$return_msg}&edit_success={$msg}");
         exit;
     } else {
         $error_msg_array[] = gettext("Error updating post");
     }
Beispiel #3
0
         if (isset($thread_data['CLOSED']) && $thread_data['CLOSED'] > 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $fid)) {
             light_html_draw_error(gettext("This thread is closed, you cannot post in it!"));
         }
     }
     if (isset($tid) && is_numeric($tid)) {
         if ($allow_sig == true && strlen(trim($sig)) > 0) {
             $content .= "<div class=\"sig\">{$sig}</div>";
         }
         if (($new_pid = post_create($fid, $tid, $reply_to_pid, $_SESSION['UID'], $to_logon_array, $content)) !== false) {
             if ($high_interest == "Y") {
                 thread_set_high_interest($tid);
             }
             email_send_notification($tid, $new_pid);
             email_send_thread_subscription($tid, $new_pid);
             email_send_folder_subscription($fid, $tid);
             if (perm_check_folder_permissions($fid, USER_PERM_POST_APPROVAL, $_SESSION['UID']) && !perm_is_moderator($_SESSION['UID'], $fid)) {
                 admin_send_post_approval_notification($fid);
             }
             if (sizeof($attachments) > 0 && ($attachments_array = attachments_get($_SESSION['UID'], $attachments)) !== false) {
                 foreach ($attachments_array as $attachment) {
                     post_add_attachment($tid, $new_pid, $attachment['aid']);
                 }
             }
         }
     }
 }
 if ($new_thread && isset($tid) && is_numeric($tid)) {
     $uri = "lmessages.php?webtag={$webtag}&msg={$tid}.1";
 } else {
     if (isset($return_msg)) {
         $uri = "lmessages.php?webtag={$webtag}&msg={$return_msg}";
Beispiel #4
0
function post_create_thread($fid, $uid, $title, $poll = 'N', $sticky = 'N', $closed = false, $deleted = false)
{
    if (!is_numeric($fid)) {
        return false;
    }
    if (!is_numeric($uid)) {
        return false;
    }
    if (!($db = db::get())) {
        return false;
    }
    if (!($table_prefix = get_table_prefix())) {
        return false;
    }
    $title = $db->escape($title);
    $poll = $poll == 'Y' ? 'Y' : 'N';
    $sticky = $sticky == 'Y' ? 'Y' : 'N';
    $closed = $closed === true ? sprintf("'%s'", date(MYSQL_DATETIME, time())) : 'NULL';
    $deleted = $deleted === true ? 'Y' : 'N';
    $current_datetime = date(MYSQL_DATETIME, time());
    $approved_by = 'NULL';
    $approved_datetime = 'NULL';
    if (!perm_check_folder_permissions($fid, USER_PERM_POST_APPROVAL, $uid) || perm_is_moderator($uid, $fid)) {
        $approved_by = $uid;
        $approved_datetime = sprintf("CAST('%s' AS DATETIME)", date(MYSQL_DATETIME, time()));
    }
    $sql = "INSERT INTO `{$table_prefix}THREAD` (FID, BY_UID, TITLE, LENGTH, POLL_FLAG, ";
    $sql .= "APPROVED, APPROVED_BY, STICKY, CREATED, MODIFIED, CLOSED, DELETED) ";
    $sql .= "VALUES ('{$fid}', '{$uid}', '{$title}', 0, '{$poll}', {$approved_datetime}, ";
    $sql .= "{$approved_by}, '{$sticky}', CAST('{$current_datetime}' AS DATETIME), ";
    $sql .= "CAST('{$current_datetime}' AS DATETIME), {$closed}, '{$deleted}')";
    if (!$db->query($sql)) {
        return false;
    }
    return $db->insert_id;
}