// Check if the request is to make a post if (isset($_POST['message']) || isset($_POST['file'])) { if (TINYIB_DBMIGRATE) { fancyDie('Posting is currently disabled.<br>Please try again in a few moments.'); } list($loggedin, $isadmin) = manageCheckLogIn(); $rawpost = isRawPost(); if (!$loggedin) { checkCAPTCHA(); checkBanned(); checkMessageSize(); checkFlood(); } $post = newPost(setParent()); $post['ip'] = $_SERVER['REMOTE_ADDR']; list($post['name'], $post['tripcode']) = nameAndTripcode($_POST['name']); $post['name'] = cleanString(substr($post['name'], 0, 75)); $post['email'] = cleanString(str_replace('"', '"', substr($_POST['email'], 0, 75))); $post['subject'] = cleanString(substr($_POST['subject'], 0, 75)); if ($rawpost) { $rawposttext = $isadmin ? ' <span style="color: red;">## Admin</span>' : ' <span style="color: purple;">## Mod</span>'; $post['message'] = $_POST['message']; // Treat message as raw HTML } else { $rawposttext = ''; $post['message'] = str_replace("\n", '<br>', makeLinksClickable(colorQuote(postLink(cleanString(rtrim($_POST['message'])))))); } $post['password'] = $_POST['password'] != '' ? md5(md5($_POST['password'])) : ''; $post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $rawposttext); if (isset($_POST['embed']) && trim($_POST['embed']) != '') { list($service, $embed) = getEmbed(trim($_POST['embed']));
$parent = $_POST["parent"]; } } $lastpost = lastPostByIP(); if ($lastpost) { if (time() - $lastpost['timestamp'] < 30) { fancyDie("Please wait a moment before posting again. You will be able to make another post in " . (30 - (time() - $lastpost['timestamp'])) . " seconds."); } } if (strlen($_POST["message"]) > 8000) { fancyDie("Please shorten your message, or post it in multiple parts. Your message is " . strlen($_POST["message"]) . " characters long, and the maximum allowed is 8000."); } $post = newPost(); $post['parent'] = $parent; $post['ip'] = $_SERVER['REMOTE_ADDR']; $nt = nameAndTripcode($_POST["name"]); $post['name'] = $nt[0]; $post['tripcode'] = $nt[1]; $post['name'] = cleanString(substr($post['name'], 0, 75)); $post['email'] = cleanString(str_replace('"', '"', substr($_POST["email"], 0, 75))); $post['subject'] = cleanString(substr($_POST["subject"], 0, 75)); $post['message'] = str_replace("\n", "<br>", colorQuote(cleanString(rtrim($_POST["message"])))); if ($_POST['password'] != '') { $post['password'] = md5(md5($_POST['password'])); } else { $post['password'] = ''; } $post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time()); if (isset($_FILES['file'])) { if ($_FILES['file']['name'] != "") { switch ($_FILES['file']['error']) {