function post_message($thread_id, $is_followup_to, $subject, $body, $group_forum_id)
{
global $feedback, $Language;
if (user_isloggedin()) {
$request =& HTTPRequest::instance();
if (!$group_forum_id) {
exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'post_without_id'));
}
if (!$body || !$subject) {
exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'include_body_and_subject'));
}
//see if that message has been posted already for people that double-post
$res3 = db_query("SELECT * FROM forum " . "WHERE is_followup_to=" . db_ei($is_followup_to) . " " . "AND subject='" . db_es(htmlspecialchars($subject)) . "' " . "AND group_forum_id=" . db_ei($group_forum_id) . " " . "AND body='" . db_es($body) . "' " . "AND posted_by='" . user_getid() . "'");
if (db_numrows($res3) > 0) {
//already posted this message
exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'do_not_double_post'));
} else {
echo db_error();
}
if (!$thread_id) {
$thread_id = get_next_thread_id();
$is_followup_to = 0;
} else {
if ($is_followup_to) {
//increment the parent's followup count if necessary
$res2 = db_query("SELECT * FROM forum WHERE msg_id=" . db_ei($is_followup_to) . " AND thread_id=" . db_ei($thread_id) . " AND group_forum_id=" . db_ei($group_forum_id));
if (db_numrows($res2) > 0) {
if (db_result($res2, 0, 'has_followups') > 0) {
//parent already is marked with followups
} else {
//mark the parent with followups as an optimization later
db_query("UPDATE forum SET has_followups='1' WHERE msg_id=" . db_ei($is_followup_to) . " AND thread_id=" . db_ei($thread_id) . " AND group_forum_id=" . db_ei($group_forum_id));
}
} else {
exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'msg_not_exist'));
}
} else {
//should never happen except with shoddy browsers or mucking with the HTML form
exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'no_folowup_id'));
}
}
$sql = "INSERT INTO forum (group_forum_id,posted_by,subject,body,date,is_followup_to,thread_id) " . "VALUES (" . db_ei($group_forum_id) . ", '" . user_getid() . "', '" . db_es(htmlspecialchars($subject)) . "', '" . db_es(htmlspecialchars($body)) . "', '" . time() . "'," . db_ei($is_followup_to) . "," . db_ei($thread_id) . ")";
$result = db_query($sql);
if (!$result) {
echo $Language->getText('forum_forum_utils', 'insert_fail');
echo db_error();
$feedback .= ' ' . $Language->getText('forum_forum_utils', 'post_failed') . ' ';
} else {
$feedback .= ' ' . $Language->getText('forum_forum_utils', 'msg_posted') . ' ';
}
$msg_id = db_insertid($result);
// extract cross reference in the message
$reference_manager =& ReferenceManager::instance();
$g_id = get_forum_group_id($group_forum_id);
$GLOBALS['group_id'] = $g_id;
// don't know why group_id is not set in forum (needed for references)
$reference_manager->extractCrossRef($subject, $msg_id, ReferenceManager::REFERENCE_NATURE_FORUMMESSAGE, $g_id);
$reference_manager->extractCrossRef($body, $msg_id, ReferenceManager::REFERENCE_NATURE_FORUMMESSAGE, $g_id);
if ($request->isPost() && $request->existAndNonEmpty('enable_monitoring')) {
forum_thread_add_monitor($group_forum_id, $thread_id, user_getid());
} else {
forum_thread_delete_monitor_by_user($group_forum_id, $msg_id, user_getid());
}
handle_monitoring($group_forum_id, $thread_id, $msg_id);
} else {
echo '
<H3>' . $Language->getText('forum_forum_utils', 'could_post_if_logged') . '</H3>';
}
}
/**
* assumes $allow_anonymous var is setup correctly
* added checks and tests to allow anonymous posting
*/
function post_message($thread_id, $is_followup_to, $subject, $body, $group_forum_id)
{
global $feedback, $allow_anonymous;
if (user_isloggedin() || $allow_anonymous) {
if (!$group_forum_id) {
$feedback = 'Trying to post without a forum ID';
return false;
}
if (!$body || !$subject) {
$feedback = 'Must include a message body and subject';
return false;
}
if (!user_isloggedin()) {
$user_id = 100;
} else {
$user_id = user_getid();
}
//see if that message has been posted already for all the idiots that double-post
$res3 = db_query("SELECT * FROM forum " . "WHERE is_followup_to='{$is_followup_to}' " . "AND subject='" . htmlspecialchars($subject) . "' " . "AND group_forum_id='{$group_forum_id}' " . "AND posted_by='{$user_id}'");
if (db_numrows($res3) > 0) {
//already posted this message
$feedback = 'You appear to be double-posting this message, since it has the same subject and followup information as a prior post.';
return false;
} else {
echo db_error();
}
db_begin();
if (!$thread_id) {
$thread_id = get_next_thread_id();
$is_followup_to = 0;
if (!$thread_id) {
$feedback .= ' Getting next thread_id failed ';
db_rollback();
return false;
}
} else {
if ($is_followup_to) {
//
// increment the parent's followup count if necessary
//
$res2 = db_query("SELECT * FROM forum WHERE msg_id='{$is_followup_to}' AND group_forum_id='{$group_forum_id}'");
if (db_numrows($res2) > 0) {
//
// get thread_id from the parent's row,
// which is more trustworthy than the HTML form
//
$thread_id = db_result($res2, 0, 'thread_id');
//
// now we need to update the first message in
// this thread with the current time
//
$res4 = db_query("UPDATE forum SET most_recent_date='" . time() . "' " . "WHERE thread_id='{$thread_id}' AND is_followup_to='0'");
if (!$res4 || db_affected_rows($res4) < 1) {
$feedback = 'Couldn\'t Update Master Thread parent with current time';
db_rollback();
return false;
} else {
//
// mark the parent with followups as an optimization later
//
$res3 = db_query("UPDATE forum SET has_followups='1',most_recent_date='" . time() . "' " . "WHERE msg_id='{$is_followup_to}'");
if (!$res3) {
$feedback = 'Could Not Update Parent';
db_rollback();
return false;
}
}
} else {
$feedback = 'Trying to followup to a message that doesn\'t exist.';
db_rollback();
return false;
}
} else {
//should never happen except with shoddy
//browsers or mucking with the HTML form
$feedback = 'No followup ID present when trying to post to an existing thread.';
db_rollback();
return false;
}
}
$sql = "INSERT INTO forum (group_forum_id,posted_by,subject,body,date,is_followup_to,thread_id,most_recent_date) " . "VALUES ('{$group_forum_id}', '{$user_id}', '" . htmlspecialchars($subject) . "', '" . htmlspecialchars($body) . "', '" . time() . "','{$is_followup_to}','{$thread_id}','" . time() . "')";
$result = db_query($sql);
if (!$result) {
$feedback .= ' Posting Failed ' . db_error();
db_rollback();
return false;
} else {
$msg_id = db_insertid($result, 'forum', 'msg_id');
if (!$msg_id) {
db_rollback();
$feedback .= "Failed to get insertid()";
return false;
} else {
handle_monitoring($group_forum_id, $msg_id);
db_commit();
$feedback .= ' Message Posted ';
return true;
}
}
} else {
$feedback .= '
<H3>You could post if you were logged in</H3>';
return false;
}
}
