This repository has been archived by the owner on Jan 26, 2020. It is now read-only.
/
reply.php
179 lines (141 loc) · 5.53 KB
/
reply.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
<?php
/*
ThWboard - PHP/MySQL Bulletin Board System
==============================================
(c) 2000-2004 by ThWboard Development Group
download the latest version:
http://www.thwboard.de
This program is free software; you can
redistribute it and/or modify it under the
terms of the GNU General Public License as
published by the Free Software Foundation;
either version 2 of the License, or (at
your option) any later version.
==============================================
*/
include "./inc/header.inc.php";
// http://www.securiteam.com/securitynews/5FP0C204KE.html
$post['posttext'] = ((isset($HTTP_POST_VARS['post']['posttext'])) ? $HTTP_POST_VARS['post']['posttext'] : '');
$post['posttext'] = strip_session($post['posttext']);
if(!isset($post['postcode']))
{
$post['postcode'] = 0;
}
if(!isset($post['postsmilies']))
{
$post['postsmilies'] = 0;
}
if(!isset($post['postemailnotify']))
{
$post['postemailnotify'] = 0;
}
if( $g_user['userid'] == 0 && !$P->has_permission( P_REPLY ) )
{
$navpath .= "Neue Antwort";
message('Fehler', 'Sie müssen registriert sein, um Beiträge erstellen zu können');
}
requires_permission( P_REPLY );
$msg = '';
if( (time() - $config['postdelay'] < ((!empty($g_user['userlastpost'])) ? $g_user['userlastpost'] : 0)) && !$P->has_permission( P_NOFLOODPROT ) )
{
$navpath .= "Neue Antwort";
message("Fehler", "Sie können nur alle $config[postdelay] Sekunden einen neuen Post erstellen.");
}
// ANTI Guest Spamm
if ( $g_user['userid'] == 0 && $P->has_permission( P_REPLY ) )
{
prevent_guestspam();
}
$testlen = strlen(preg_replace("/(\s+|( )+)/", '', strip_tags(parse_code(preparse_code($post['posttext']), 1, ($config['imageslevel'] ? 0 : 1), $post['postcode'], $post['postsmilies']))));
if( $testlen < $config['message_minlength'] )
{
$msg .= "Der Text ist zu kurz<br>";
}
if( $testlen > $config['message_maxlength'] )
{
$msg .= "Der Text ist zu lang<br>";
}
// andere error messages löschen, nur diese
if( $thread['threadclosed'] == 1 )
{
$msg = "Dieser Thread ist leider geschlossen, es können keine weiteren Antworten erstellt werden.";
}
if( isset($msg) && strlen($msg) > 0 )
{
$navpath .= "Neue Antwort";
message("Fehler", "Es sind leider folgende Fehler aufgetreten:<br><br><font color='$style[color_err]'>$msg</font>");
}
$ctime = time();
if( $g_user['userid'] == 0 && $P->has_permission( P_REPLY ) )
{
// check username
check_username($post['postguestname']);
// override notify
$post['postemailnotify'] = 0;
$g_user['username'] = $config['guestprefix'] . $post['postguestname'];
$post['postguestname'] = $config['guestprefix'] . addslashes($post['postguestname']);
}
else
{
$post['postguestname'] = '';
}
if( $config["usebwordprot"] >= BWORD_POST )
{
$post["posttext"] = check_banned($post["posttext"]);
}
if ( isset($config['auto_close']) && $config['auto_close'] > 0 )
{
thwb_query("UPDATE " . $pref . "thread SET threadclosed = '1' WHERE threadtime < '" . ( time() - ( ( $config['auto_close']+1 ) * 86400 ) ) . "'");
}
if ( isset($config['auto_delete']) && $config['auto_delete'] > 0 )
{
thwb_query("DELETE FROM " . $pref . "thread WHERE threadtime < " . ( time() - ( $config['auto_delete'] * 86400 ) ) . "");
}
// neue nachricht posten
thwb_query("INSERT INTO ".$pref."post (posttime, posttext, userid, threadid, postemailnotify, postsmilies, postcode, postip, postguestname)
VALUES('$ctime',
'" . addslashes(preparse_code($post['posttext'])) . "',
'$g_user[userid]',
'$thread[threadid]',
'" . ($post['postemailnotify'] ? 1 : 0) . "',
'" . ($post['postsmilies'] ? 1 : 0) . "',
'" . ($post['postcode'] ? 1 : 0) . "',
'".addslashes($REMOTE_ADDR)."',
'" . $post['postguestname'] . "')");
// Replys um 1 erhöhen in der board datenbank
thwb_query("UPDATE ".$pref."board SET
boardlastpost='$ctime',
boardposts=boardposts+1,
boardlastpostby='" . addslashes($g_user['username']) . "',
boardthreadtopic='" . addslashes($thread['threadtopic']) . "',
boardthreadid=$thread[threadid] WHERE boardid='$board[boardid]'");
if( $g_user['userid'] )
{
// Den postings wert des postenden users erhöhen
thwb_query("UPDATE ".$pref."user SET userlastpost=$ctime, userposts=userposts+1 WHERE userid='$g_user[userid]'");
}
// Replys um 1 erhöhen in der topic datenbank + time aktualisieren
thwb_query("UPDATE ".$pref."thread SET threadtime='$ctime', threadreplies=threadreplies+1,
threadlastreplyby='" . addslashes($g_user['username']) . "' WHERE threadid='$thread[threadid]'");
// email zeug
if( $config['use_email'] )
{
$TRegmail = new Template("./templates/mail/newreply.mail");
$r_email = thwb_query("SELECT DISTINCT
user.useremail as useremail, thread.threadtopic as threadtopic
FROM
".$pref."post as post, ".$pref."user as user, ".$pref."thread as thread
WHERE
thread.threadid=$thread[threadid] AND
post.threadid=$thread[threadid] AND
post.userid=user.userid AND
post.postemailnotify=1 AND
user.userid<>$g_user[userid]");
while( $email = mysql_fetch_array($r_email) )
{
$text = '';
eval($TRegmail->GetTemplate("text"));
@mail($email['useremail'], $config['board_name'] . " - Neue Antwort", $text, "From: $config[board_admin]");
}
}
header("Location: ".build_link("showtopic.php?threadid=$thread[threadid]&time=$time&pagenum=lastpage#bottom", true));