function EditEventNow($iEventID, $aEventInfo) { global $CFG, $dbConn; // Title if ($aEventInfo['title'] == '') { // They either put in only whitespace or nothing at all. $aError[] = 'You must specify the event title.'; } else { if (strlen($aEventInfo['title']) > $CFG['maxlen']['subject']) { // The title they specified is too long. $aError[] = "The title you specified is longer than {$CFG['maxlen']['subject']} characters."; } } $strTitle = $dbConn->sanitize($aEventInfo['title']); // Event Information if ($aEventInfo['body'] == '') { // They either put in only whitespace or nothing at all. $aError[] = 'You must specify the event information.'; } else { if (strlen($aEventInfo['body']) > $CFG['maxlen']['messagebody']) { // The event information they specified is too long. $aError[] = "The event information you specified is longer than {$CFG['maxlen']['messagebody']} characters."; } } if ($aEventInfo['parseemails']) { $strEventInfo = $dbConn->sanitize(ParseEMails($aEventInfo['body'])); } else { $strEventInfo = $dbConn->sanitize($aEventInfo['body']); } // Date if (!checkdate($aEventInfo['month'], $aEventInfo['day'], $aEventInfo['year'])) { // They specified an invalid Gregorian date. $aError[] = 'The date you specified is invalid. The month, day, and year are all required.'; } $strDate = sprintf('%04d-%02d-%02d', $aEventInfo['year'], $aEventInfo['month'], $aEventInfo['day']); // If there was an error, let's return it. if ($aError) { return $aError; } $bIsPrivate = $aEventInfo['private'] ? 1 : 0; // Add the event into the event table. $dbConn->query("UPDATE event SET startdate='{$strDate}', title='{$strTitle}', body='{$strEventInfo}', dsmilies={$aEventInfo['dsmilies']}, ipaddress={$_SESSION['userip']} WHERE id={$iEventID}"); // Let the user know it was a success. Msg("<b>The event was successfully saved.</b><br /><br /><span class=\"smaller\">You should be redirected momentarily. Click <a href=\"calendar.php?action=viewevent&eventid={$iEventID}\">here</a> if you do not want to wait any longer or if you are not redirected.</span>", "calendar.php?action=viewevent&eventid={$iEventID}"); }
function SendMessage() { global $CFG, $dbConn; // Get the values from the user. $strRecipient = $dbConn->sanitize($_REQUEST['recipient']); $strSubject = $_REQUEST['subject']; $iPostIcon = (int) $_REQUEST['icon']; $strMessage = $_REQUEST['message']; $bDisableSmilies = (int) (bool) $_REQUEST['dsmilies']; $bTracking = (int) (bool) $_REQUEST['track']; // Recipient $dbConn->query("SELECT id, enablepms, rejectpms, ignorelist FROM citizen WHERE username='******'"); list($iRecipientID, $bEnablePMs, $bRejectPMs, $aIgnoreList) = $dbConn->getresult(); $aIgnoreList = (array) explode(',', $aIgnoreList); // Does the user exist? if ($iRecipientID === NULL) { $aError[] = 'The user you specified does not exist.'; } else { if ($iRecipientID == $_SESSION['userid']) { $aError[] = 'You cannot send private messages to yourself.'; } else { if (!$bEnablePMs) { $aError[] = htmlsanitize("The message cannot be sent because {$strRecipient} has private messages disabled."); } else { if ($bRejectPMs && in_array($_SESSION['userid'], $aIgnoreList)) { $aError[] = 'The user you specified does not accept private messages from members on their Ignore list.'; } } } } // Subject if (trim($strSubject) == '') { // They either put in only whitespace or nothing at all. $aError[] = 'You must specify a subject.'; } else { if (strlen($strSubject) > $CFG['maxlen']['subject']) { // The subject they specified is too long. $aError[] = "The subject you specified is longer than {$CFG['maxlen']['subject']} characters."; } } $strSubject = $dbConn->sanitize($strSubject); // Icon if ($iPostIcon < 0 || $iPostIcon > 14) { // They don't know what icon they want. We'll give them none. $iPostIcon = 0; } // Message if (trim($strMessage) == '') { // They either put in only whitespace or nothing at all. $aError[] = 'You must specify a message.'; } else { if (strlen($strMessage) > $CFG['maxlen']['messagebody']) { // The message they specified is too long. $aError[] = "The message you specified is longer than {$CFG['maxlen']['messagebody']} characters."; } } if ($_REQUEST['parseemails']) { $strMessage = ParseEMails($strMessage); } $strMessage = $dbConn->sanitize($strMessage); // If there was an error, let's return it. if (is_array($aError)) { return $aError; } // Add the message to the database. $dbConn->query("INSERT INTO pm(ownerid, datetime, author, recipient, subject, body, parent, ipaddress, icon, dsmilies, beenread, tracking) VALUES({$iRecipientID}, {$CFG['globaltime']}, {$_SESSION['userid']}, {$iRecipientID}, '{$strSubject}', '{$strMessage}', 0, {$_SESSION['userip']}, {$iPostIcon}, {$bDisableSmilies}, 0, {$bTracking})"); // Did they want to save a copy? if ($_REQUEST['savecopy']) { // Yes, so do so. $dbConn->query("INSERT INTO pm(ownerid, datetime, author, recipient, subject, body, parent, ipaddress, icon, dsmilies, beenread) VALUES({$_SESSION['userid']}, {$CFG['globaltime']}, {$_SESSION['userid']}, {$iRecipientID}, '{$strSubject}', '{$strMessage}', 1, {$_SESSION['userip']}, {$iPostIcon}, {$bDisableSmilies}, 0)"); } // Was this message a reply to another one? if ($_REQUEST['action'] == 'reply') { // Yes, mark the original message as been replied. $iMessageID = (int) $_REQUEST['id']; $dbConn->query("UPDATE pm SET replied=1 WHERE id={$iMessageID} AND ownerid={$_SESSION['userid']}"); } // Render the page. Msg("<b>Your message has been successfully sent.</b><br /><br /><span class=\"smaller\">You should be redirected momentarily. Click <a href=\"private.php\">here</a> if you do not want to wait any longer or if you are not redirected.</span>", 'private.php'); }
Event</b></td> </tr> </table> <?php // Display any errors. if (is_array($aError)) { DisplayErrors($aError); } else { if ($_REQUEST['submit'] == 'Preview Event') { // Make a copy of the event information, so we can parse // it for the preview, yet still have the original. $strParsedInfo = $aEventInfo['body']; // Put [email] tags around suspected e-mail addresses if they want us to. if ($aEventInfo['parseemails']) { $strParsedInfo = ParseEMails($strParsedInfo); } // Parse any BB code in the message. $strParsedInfo = ParseMessage($strParsedInfo, $aEventInfo['dsmilies']); ?> <br /> <table bgcolor="<?php echo $CFG['style']['table']['bgcolor']; ?> " cellspacing="1" cellpadding="4" border="0" align="center"> <tr class="heading"> <td colspan="2" align="center" class="medium"><?php echo htmlsanitize($aEventInfo['title']); ?>
$bParseURLs = (bool) $_REQUEST['parseurls']; $bParseEMails = (bool) $_REQUEST['parseemails']; $bDisableSmilies = (bool) $_REQUEST['dsmilies']; $bSaveCopy = (bool) $_REQUEST['savecopy']; $bTrack = (bool) $_REQUEST['track']; // Did we preview or submit? if (is_array($aError)) { // We submitted and got an error, so display that. DisplayErrors($aError); } else { // Make a copy of the message, so we can parse it for the // preview, yet still have the original. $strParsedMessage = $strMessage; // Put [email] tags around suspected e-mail addresses if they want us to. if ($bParseEMails) { $strParsedMessage = ParseEMails($strParsedMessage); } // Parse any BB code in the message. $strParsedMessage = ParseMessage($strParsedMessage, $bDisableSmilies); ?> <br /><table width="100%" cellpadding="4" cellspacing="1" border="0" bgcolor="<?php echo $CFG['style']['table']['bgcolor']; ?> " align="center"> <tr class="heading"><td align="left" class="smaller">Message Preview</td></tr> <tr><td bgcolor="<?php echo $CFG['style']['table']['cella']; ?> " class="medium"><?php echo $strParsedMessage;
function SubmitPost() { global $CFG, $dbConn, $aPostIcons, $iThreadID, $iForumID; // Get the values from the user. $strSubject = $_REQUEST['subject']; $iPostIcon = (int) $_REQUEST['icon']; $strMessage = $_REQUEST['message']; $bParseEMails = (int) (bool) $_REQUEST['parseemails']; $bDisableSmilies = (int) (bool) $_REQUEST['dsmilies']; // Floodcheck if (!$_SESSION['permissions']['cbypassflood'] && $_SESSION['lastpost'] + $CFG['floodcheck'] > $CFG['globaltime']) { Msg("Sorry! The administrator has specified that users can only post one message every {$CFG['floodcheck']} seconds.", '', 'justify'); } // Subject if (strlen($strSubject) > $CFG['maxlen']['subject']) { // The subject they specified is too long. $aError[] = "The subject you specified is longer than {$CFG['maxlen']['subject']} characters."; } $strCleanSubject = $dbConn->sanitize($strSubject); // Icon if ($iPostIcon < 0 || $iPostIcon > count($aPostIcons) - 1) { // They don't know what icon they want. We'll give them none. $iPostIcon = 0; } // Message if (trim($strMessage) == '') { // They either put in only whitespace or nothing at all. $aError[] = 'You must specify a message.'; } else { if (strlen($strMessage) > $CFG['maxlen']['messagebody']) { // The message they specified is too long. $aError[] = "The message you specified is longer than {$CFG['maxlen']['messagebody']} characters."; } } if ($bParseEMails) { $strMessage = ParseEMails($strMessage); } $strCleanMessage = $dbConn->sanitize($strMessage); // Attachment if (isset($_FILES['attachment']) && $_FILES['attachment']['error'] != UPLOAD_ERR_NO_FILE) { // What is the problem? switch ($_FILES['attachment']['error']) { // Upload was successful? case UPLOAD_ERR_OK: // Is it bigger than 100KB? if ($_FILES['attachment']['size'] > $CFG['uploads']['maxsize']) { $aError[] = "The attachment you uploaded is too large. The maximum allowable filesize is {$CFG['uploads']['maxsize']} bytes."; } // Is it an invalid filetype? if (!isset($CFG['uploads']['oktypes'][strtolower(substr(strrchr($_FILES['attachment']['name'], '.'), 1))])) { $aError[] = 'The file you uploaded is an invalid type of attachment. Valid types are: ' . htmlsanitize(implode(', ', array_keys($CFG['uploads']['oktypes']))) . '.'; } // If there are no errors, grab the data from the temporary file. if (!is_array($aError)) { $strAttachmentName = $dbConn->sanitize($_FILES['attachment']['name']); if ($fileUploaded = fopen($_FILES['attachment']['tmp_name'], 'rb')) { $blobAttachment = $dbConn->sanitize(fread($fileUploaded, 65536), TRUE); } else { $aError[] = 'There was a problem while reading the attachment. If this problem persists, please contact the Webmaster.'; } } break; // File is too big? // File is too big? case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $aError[] = "The attachment you uploaded is too large. The maximum allowable filesize is {$CFG['uploads']['maxsize']} bytes."; break; // File was partially uploaded? // File was partially uploaded? case UPLOAD_ERR_PARTIAL: $aError[] = 'The attachment was only partially uploaded.'; break; // WTF happened? // WTF happened? default: $aError[] = 'There was an error while uploading the attachment.'; break; } } // If there was an error, let's return it. if (is_array($aError)) { return $aError; } // First we obviously need the post in the post table. $dbConn->query("INSERT INTO post(author, datetime_posted, title, body, parent, ipaddress, icon, dsmilies) VALUES({$_SESSION['userid']}, {$CFG['globaltime']}, '{$strCleanSubject}', '{$strCleanMessage}', {$iThreadID}, {$_SESSION['userip']}, {$iPostIcon}, {$bDisableSmilies})"); // Before we continue, get the ID of the post we just created. $iPostID = $dbConn->getinsertid('post'); // Second, we need to update record of the thread we are posting to. $dbConn->query("UPDATE thread SET lpost={$CFG['globaltime']}, lposter={$_SESSION['userid']}, postcount=postcount+1 WHERE id={$iThreadID}"); // Get the post count of the thread we replied to, so we can figure the last page. $dbConn->query("SELECT postcount FROM thread WHERE id={$iThreadID}"); list($iPostCount) = $dbConn->getresult(); // Third, we need to update the record of the forum that contains the thread we are posting to. $dbConn->query("UPDATE board SET postcount=postcount+1, lpost={$CFG['globaltime']}, lposter={$_SESSION['userid']}, lthread={$iThreadID}, lthreadpcount={$iPostCount} WHERE id={$iForumID}"); // Fourth, we need to update the poster's postcount. $dbConn->query("UPDATE citizen SET postcount=postcount+1 WHERE id={$_SESSION['userid']}"); // And finally, we need to store the attachment, if there is one. if ($fileUploaded) { // Insert the first chunk of the file. $dbConn->query("INSERT INTO attachment(filename, filedata, viewcount, parent) VALUES('{$strAttachmentName}', '{$blobAttachment}', 0, {$iPostID})"); // Get the ID of the attachment we just created. $iAttachmentID = $dbConn->getinsertid('attachment'); // Insert the rest of the file, if any, into the database. while (!feof($fileUploaded)) { $blobAttachment = $dbConn->sanitize(fread($fileUploaded, 65536), TRUE); $dbConn->squery(CONCAT_ATTACHMENT, $blobAttachment, $iAttachmentID); } // Close the temporary file. fclose($fileUploaded); // Update the attachment count for the thread. $dbConn->query("UPDATE thread SET attachcount=attachcount+1 WHERE id={$iThreadID}"); } // Now let's add the message into the search engine index. AddSearchIndex($iPostID, $strSubject, $strMessage); // Update the forum stats. $dbConn->query("UPDATE stats SET content=content+1 WHERE name='postcount'"); // Set user's last post time. $_SESSION['lastpost'] = $CFG['globaltime']; // What page is this new post on (so we can redirect them)? $iPage = ceil($iPostCount / $_SESSION['postsperpage']); // Render the page. Msg("<b>Thank you for posting.</b><br /><br /><span class=\"smaller\">You should be redirected to your post momentarily. Click <a href=\"thread.php?threadid={$iThreadID}&page={$iPage}#post{$iPostID}\">here</a> if you do not want to wait any longer or if you are not redirected.</span>", "thread.php?threadid={$iThreadID}&page={$iPage}#post{$iPostID}"); }