require_once DIR . '/includes/class_humanverify.php'; $verification =& vB_HumanVerify::fetch_library($vbulletin); $human_verify = $verification->output_token(); } else { $human_verify = ''; } $url =& $vbulletin->url; eval('print_output("' . fetch_template('lostpw') . '");'); } // ############################### start email password ############################### if ($_POST['do'] == 'emailpassword') { $vbulletin->input->clean_array_gpc('p', array('email' => TYPE_STR, 'userid' => TYPE_UINT, 'humanverify' => TYPE_ARRAY)); if ($vbulletin->GPC['email'] == '') { eval(standard_error(fetch_error('invalidemail', $vbulletin->options['contactuslink']))); } if (fetch_require_hvcheck('lostpw')) { require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library($vbulletin); if (!$verify->verify_token($vbulletin->GPC['humanverify'])) { standard_error(fetch_error($verify->fetch_error())); } } require_once DIR . '/includes/functions_user.php'; $users = $db->query_read_slave("\n\t\tSELECT userid, username, email, languageid\n\t\tFROM " . TABLE_PREFIX . "user\n\t\tWHERE email = '" . $db->escape_string($vbulletin->GPC['email']) . "'\n\t"); if ($db->num_rows($users)) { while ($user = $db->fetch_array($users)) { if ($vbulletin->GPC['userid'] and $vbulletin->GPC['userid'] != $user['userid']) { continue; } $user['username'] = unhtmlspecialchars($user['username']); $user['activationid'] = build_user_activation_id($user['userid'], 2, 1);
function do_get_thread() { global $vbulletin, $db, $foruminfo, $threadinfo, $postid, $vault, $vbphrase; $vbulletin->input->clean_array_gpc('r', array('pagenumber' => TYPE_UINT, 'perpage' => TYPE_UINT, 'password' => TYPE_STR, 'signature' => TYPE_BOOL)); if (empty($threadinfo['threadid'])) { json_error(ERR_INVALID_THREAD); } $threadedmode = 0; $threadid = $vbulletin->GPC['threadid']; // Goto first unread post? if ($vbulletin->GPC['pagenumber'] == FR_LAST_POST) { $threadinfo = verify_id('thread', $threadid, 1, 1); if ($vbulletin->options['threadmarking'] and $vbulletin->userinfo['userid']) { $vbulletin->userinfo['lastvisit'] = max($threadinfo['threadread'], $threadinfo['forumread'], TIMENOW - $vbulletin->options['markinglimit'] * 86400); } else { if (($tview = intval(fetch_bbarray_cookie('thread_lastview', $threadid))) > $vbulletin->userinfo['lastvisit']) { $vbulletin->userinfo['lastvisit'] = $tview; } } $coventry = fetch_coventry('string'); $posts = $db->query_first("\n\t SELECT MIN(postid) AS postid\n\t FROM " . TABLE_PREFIX . "post\n\t WHERE threadid = {$threadinfo['threadid']}\n\t AND visible = 1\n\t AND dateline > " . intval($vbulletin->userinfo['lastvisit']) . "\n\t " . ($coventry ? "AND userid NOT IN ({$coventry})" : "") . "\n\t LIMIT 1\n\t"); if ($posts['postid']) { $postid = $posts['postid']; } else { $postid = $threadinfo['lastpostid']; } } // ********************************************************************************* // workaround for header redirect issue from forms with enctype in IE // (use a scrollIntoView javascript call in the <body> onload event) $onload = ''; // ********************************************************************************* // set $perpage $perpage = max(FR_MIN_PERPAGE, min($vbulletin->GPC['perpage'], FR_MAX_PERPAGE)); // FRNR //$perpage = sanitize_maxposts($vbulletin->GPC['perpage']); // ********************************************************************************* // set post order if ($vbulletin->userinfo['postorder'] == 0) { $postorder = ''; } else { $postorder = 'DESC'; } // ********************************************************************************* // get thread info $thread = verify_id('thread', $threadid, 1, 1); $threadinfo =& $thread; ($hook = vBulletinHook::fetch_hook('showthread_getinfo')) ? eval($hook) : false; // ********************************************************************************* // check for visible / deleted thread if (!$thread['visible'] and !can_moderate($thread['forumid'], 'canmoderateposts') or $thread['isdeleted'] and !can_moderate($thread['forumid'])) { json_error(ERR_INVALID_THREAD); } // ********************************************************************************* // Tachy goes to coventry if (in_coventry($thread['postuserid']) and !can_moderate($thread['forumid'])) { json_error(ERR_INVALID_THREAD); } // FRNR Start // Check the forum password (set necessary cookies) if ($vbulletin->GPC['password'] && $foruminfo['password'] == $vbulletin->GPC['password']) { // set a temp cookie for guests if (!$vbulletin->userinfo['userid']) { set_bbarray_cookie('forumpwd', $foruminfo['forumid'], md5($vbulletin->userinfo['userid'] . $vbulletin->GPC['password'])); } else { set_bbarray_cookie('forumpwd', $foruminfo['forumid'], md5($vbulletin->userinfo['userid'] . $vbulletin->GPC['password']), 1); } } // FRNR End // ********************************************************************************* // do word wrapping for the thread title if ($vbulletin->options['wordwrap'] != 0) { $thread['title'] = fetch_word_wrapped_string($thread['title']); } $thread['title'] = fetch_censored_text($thread['title']); $thread['meta_description'] = strip_bbcode(strip_quotes($thread['description']), false, true); $thread['meta_description'] = htmlspecialchars_uni(fetch_censored_text(fetch_trimmed_title($thread['meta_description'], 500, false))); // ********************************************************************************* // words to highlight from the search engine if (!empty($vbulletin->GPC['highlight'])) { $highlight = preg_replace('#\\*+#s', '*', $vbulletin->GPC['highlight']); if ($highlight != '*') { $regexfind = array('\\*', '\\<', '\\>'); $regexreplace = array('[\\w.:@*/?=]*?', '<', '>'); $highlight = preg_quote(strtolower($highlight), '#'); $highlight = explode(' ', $highlight); $highlight = str_replace($regexfind, $regexreplace, $highlight); foreach ($highlight as $val) { if ($val = trim($val)) { $replacewords[] = htmlspecialchars_uni($val); } } } } // ********************************************************************************* // make the forum jump in order to fill the forum caches $navpopup = array('id' => 'showthread_navpopup', 'title' => $foruminfo['title_clean'], 'link' => fetch_seo_url('thread', $threadinfo)); construct_quick_nav($navpopup); // ********************************************************************************* // get forum info $forum = fetch_foruminfo($thread['forumid']); $foruminfo =& $forum; // ********************************************************************************* // check forum permissions $forumperms = fetch_permissions($thread['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) { json_error(ERR_NO_PERMISSION); } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($thread['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) { json_error(ERR_NO_PERMISSION); } // ********************************************************************************* // check if there is a forum password and if so, ensure the user has it set if (!verify_forum_password($foruminfo['forumid'], $foruminfo['password'])) { // FRNR json_error(ERR_NEED_PASSWORD, RV_NEED_FORUM_PASSWORD); } // verify that we are at the canonical SEO url // and redirect to this if not //verify_seo_url('thread|js', $threadinfo, array('pagenumber' => $_REQUEST['pagenumber'])); // ********************************************************************************* // jump page if thread is actually a redirect if ($thread['open'] == 10) { $destthreadinfo = fetch_threadinfo($threadinfo['pollid']); exec_header_redirect(fetch_seo_url('thread|js', $destthreadinfo, $pageinfo)); } // ********************************************************************************* // get ignored users $ignore = array(); if (trim($vbulletin->userinfo['ignorelist'])) { $ignorelist = preg_split('/( )+/', trim($vbulletin->userinfo['ignorelist']), -1, PREG_SPLIT_NO_EMPTY); foreach ($ignorelist as $ignoreuserid) { $ignore["{$ignoreuserid}"] = 1; } } DEVDEBUG('ignored users: ' . implode(', ', array_keys($ignore))); // ********************************************************************************* // filter out deletion notices if can't be seen if ($forumperms & $vbulletin->bf_ugp_forumpermissions['canseedelnotice'] or can_moderate($threadinfo['forumid'])) { $deljoin = "LEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON(post.postid = deletionlog.primaryid AND deletionlog.type = 'post')"; } else { $deljoin = ''; } $show['viewpost'] = can_moderate($threadinfo['forumid']) ? true : false; $show['managepost'] = iif(can_moderate($threadinfo['forumid'], 'candeleteposts') or can_moderate($threadinfo['forumid'], 'canremoveposts'), true, false); $show['approvepost'] = can_moderate($threadinfo['forumid'], 'canmoderateposts') ? true : false; $show['managethread'] = can_moderate($threadinfo['forumid'], 'canmanagethreads') ? true : false; $show['approveattachment'] = can_moderate($threadinfo['forumid'], 'canmoderateattachments') ? true : false; $show['inlinemod'] = (!$show['threadedmode'] and ($show['managethread'] or $show['managepost'] or $show['approvepost'])) ? true : false; $show['spamctrls'] = ($show['inlinemod'] and $show['managepost']); $url = $show['inlinemod'] ? SCRIPTPATH : ''; // build inline moderation popup if ($show['popups'] and $show['inlinemod']) { $threadadmin_imod_menu_post = vB_Template::create('threadadmin_imod_menu_post')->render(); } else { $threadadmin_imod_menu_post = ''; } // ********************************************************************************* // find the page that we should be on to display this post if (!empty($postid) and $threadedmode == 0) { $postinfo = verify_id('post', $postid, 1, 1); $threadid = $postinfo['threadid']; $getpagenum = $db->query_first("\n \t\tSELECT COUNT(*) AS posts\n \t\tFROM " . TABLE_PREFIX . "post AS post\n \t\tWHERE threadid = {$threadid} AND visible = 1\n \t\tAND dateline " . iif(!$postorder, '<=', '>=') . " {$postinfo['dateline']}\n \t"); $vbulletin->GPC['pagenumber'] = ceil($getpagenum['posts'] / $perpage); } // ********************************************************************************* // update views counter if ($vbulletin->options['threadviewslive']) { // doing it as they happen; for optimization purposes, this cannot use a DM! $db->shutdown_query("\n \t\tUPDATE " . TABLE_PREFIX . "thread\n \t\tSET views = views + 1\n \t\tWHERE threadid = " . intval($threadinfo['threadid'])); } else { // or doing it once an hour $db->shutdown_query("\n \t\tINSERT INTO " . TABLE_PREFIX . "threadviews (threadid)\n \t\tVALUES (" . intval($threadinfo['threadid']) . ')'); } // ********************************************************************************* // display ratings if enabled $show['rating'] = false; if ($forum['allowratings'] == 1) { if ($thread['votenum'] > 0) { $thread['voteavg'] = vb_number_format($thread['votetotal'] / $thread['votenum'], 2); $thread['rating'] = intval(round($thread['votetotal'] / $thread['votenum'])); if ($thread['votenum'] >= $vbulletin->options['showvotes']) { $show['rating'] = true; } } devdebug("threadinfo[vote] = {$threadinfo['vote']}"); if ($threadinfo['vote']) { $voteselected["{$threadinfo['vote']}"] = 'selected="selected"'; $votechecked["{$threadinfo['vote']}"] = 'checked="checked"'; } else { $voteselected[0] = 'selected="selected"'; $votechecked[0] = 'checked="checked"'; } } // ********************************************************************************* // set page number if ($vbulletin->GPC['pagenumber'] < 1) { $vbulletin->GPC['pagenumber'] = 1; } else { if ($vbulletin->GPC['pagenumber'] > ceil(($thread['replycount'] + 1) / $perpage)) { $vbulletin->GPC['pagenumber'] = ceil(($thread['replycount'] + 1) / $perpage); } } // ********************************************************************************* // initialise some stuff... $limitlower = ($vbulletin->GPC['pagenumber'] - 1) * $perpage; $limitupper = $vbulletin->GPC['pagenumber'] * $perpage; $counter = 0; if ($vbulletin->options['threadmarking'] and $vbulletin->userinfo['userid']) { $threadview = max($threadinfo['threadread'], $threadinfo['forumread'], TIMENOW - $vbulletin->options['markinglimit'] * 86400); } else { $threadview = intval(fetch_bbarray_cookie('thread_lastview', $thread['threadid'])); if (!$threadview) { $threadview = $vbulletin->userinfo['lastvisit']; } } $threadinfo['threadview'] = intval($threadview); $displayed_dateline = 0; ################################################################################ ############################### SHOW POLL ###################################### ################################################################################ $poll = ''; if ($thread['pollid']) { $pollbits = ''; $counter = 1; $pollid = $thread['pollid']; $show['editpoll'] = iif(can_moderate($threadinfo['forumid'], 'caneditpoll'), true, false); // get poll info $pollinfo = $db->query_first_slave("\n \t\tSELECT *\n \t\tFROM " . TABLE_PREFIX . "poll\n \t\tWHERE pollid = {$pollid}\n \t"); require_once DIR . '/includes/class_bbcode.php'; $bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); $pollinfo['question'] = $bbcode_parser->parse(unhtmlspecialchars($pollinfo['question']), $forum['forumid'], true); $splitoptions = explode('|||', $pollinfo['options']); $splitoptions = array_map('rtrim', $splitoptions); $splitvotes = explode('|||', $pollinfo['votes']); $showresults = 0; $uservoted = 0; if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canvote'])) { $nopermission = 1; } if (!$pollinfo['active'] or !$thread['open'] or $pollinfo['dateline'] + $pollinfo['timeout'] * 86400 < TIMENOW and $pollinfo['timeout'] != 0 or $nopermission) { //thread/poll is closed, ie show results no matter what $showresults = 1; } else { //get userid, check if user already voted $voted = intval(fetch_bbarray_cookie('poll_voted', $pollid)); if ($voted) { $uservoted = 1; } } ($hook = vBulletinHook::fetch_hook('showthread_poll_start')) ? eval($hook) : false; if ($pollinfo['timeout'] and !$showresults) { $pollendtime = vbdate($vbulletin->options['timeformat'], $pollinfo['dateline'] + $pollinfo['timeout'] * 86400); $pollenddate = vbdate($vbulletin->options['dateformat'], $pollinfo['dateline'] + $pollinfo['timeout'] * 86400); $show['pollenddate'] = true; } else { $show['pollenddate'] = false; } foreach ($splitvotes as $index => $value) { $pollinfo['numbervotes'] += $value; } if ($vbulletin->userinfo['userid'] > 0) { $pollvotes = $db->query_read_slave("\n \t\t\tSELECT voteoption\n \t\t\tFROM " . TABLE_PREFIX . "pollvote\n \t\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . " AND pollid = {$pollid}\n \t\t"); if ($db->num_rows($pollvotes) > 0) { $uservoted = 1; } } if ($showresults or $uservoted) { if ($uservoted) { $uservote = array(); while ($pollvote = $db->fetch_array($pollvotes)) { $uservote["{$pollvote['voteoption']}"] = 1; } } } $left = vB_Template_Runtime::fetchStyleVar('left'); $right = vB_Template_Runtime::fetchStyleVar('right'); $option['open'] = $left[0]; $option['close'] = $right[0]; foreach ($splitvotes as $index => $value) { $arrayindex = $index + 1; $option['uservote'] = iif($uservote["{$arrayindex}"], true, false); $option['question'] = $bbcode_parser->parse($splitoptions["{$index}"], $forum['forumid'], true); // public link if ($pollinfo['public'] and $value) { $option['votes'] = '<a href="poll.php?' . $vbulletin->session->vars['sessionurl'] . 'do=showresults&pollid=' . $pollinfo['pollid'] . '">' . vb_number_format($value) . '</a>'; } else { $option['votes'] = vb_number_format($value); //get the vote count for the option } $option['number'] = $counter; //number of the option //Now we check if the user has voted or not if ($showresults or $uservoted) { // user did vote or poll is closed if ($value <= 0) { $option['percentraw'] = 0; } else { if ($pollinfo['multiple']) { $option['percentraw'] = $value < $pollinfo['voters'] ? $value / $pollinfo['voters'] * 100 : 100; } else { $option['percentraw'] = $value < $pollinfo['numbervotes'] ? $value / $pollinfo['numbervotes'] * 100 : 100; } } $option['percent'] = vb_number_format($option['percentraw'], 2); $option['graphicnumber'] = $option['number'] % 6 + 1; $option['barnumber'] = round($option['percent']) * 2; $option['remainder'] = 201 - $option['barnumber']; // Phrase parts below if ($nopermission) { $pollstatus = $vbphrase['you_may_not_vote_on_this_poll']; } else { if ($showresults) { $pollstatus = $vbphrase['this_poll_is_closed']; } else { if ($uservoted) { $pollstatus = $vbphrase['you_have_already_voted_on_this_poll']; } } } ($hook = vBulletinHook::fetch_hook('showthread_polloption')) ? eval($hook) : false; $templater = vB_Template::create('pollresult'); $templater->register('names', $names); $templater->register('option', $option); $pollbits .= $templater->render(); } else { ($hook = vBulletinHook::fetch_hook('showthread_polloption')) ? eval($hook) : false; if ($pollinfo['multiple']) { $templater = vB_Template::create('polloption_multiple'); $templater->register('option', $option); $pollbits .= $templater->render(); } else { $templater = vB_Template::create('polloption'); $templater->register('option', $option); $pollbits .= $templater->render(); } } $counter++; } if ($pollinfo['multiple']) { $pollinfo['numbervotes'] = $pollinfo['voters']; $show['multiple'] = true; } if ($pollinfo['public']) { $show['publicwarning'] = true; } else { $show['publicwarning'] = false; } $displayed_dateline = $threadinfo['lastpost']; ($hook = vBulletinHook::fetch_hook('showthread_poll_complete')) ? eval($hook) : false; if ($showresults or $uservoted) { $templater = vB_Template::create('pollresults_table'); $templater->register('pollbits', $pollbits); $templater->register('pollenddate', $pollenddate); $templater->register('pollendtime', $pollendtime); $templater->register('pollinfo', $pollinfo); $templater->register('pollstatus', $pollstatus); $poll = $templater->render(); } else { $templater = vB_Template::create('polloptions_table'); $templater->register('pollbits', $pollbits); $templater->register('pollenddate', $pollenddate); $templater->register('pollendtime', $pollendtime); $templater->register('pollinfo', $pollinfo); $poll = $templater->render(); } } // work out if quickreply should be shown or not if ($vbulletin->options['quickreply'] and !$thread['isdeleted'] and !is_browser('netscape') and $vbulletin->userinfo['userid'] and ($vbulletin->userinfo['userid'] == $threadinfo['postuserid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyown'] or $vbulletin->userinfo['userid'] != $threadinfo['postuserid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyothers']) and ($thread['open'] or can_moderate($threadinfo['forumid'], 'canopenclose')) and !fetch_require_hvcheck('post')) { $show['quickreply'] = true; } else { $show['quickreply'] = false; $show['wysiwyg'] = 0; $quickreply = ''; } $show['largereplybutton'] = (!$thread['isdeleted'] and !$show['threadedmode'] and $forum['allowposting'] and !$show['search_engine']); if (!$forum['allowposting']) { $show['quickreply'] = false; } $show['multiquote_global'] = ($vbulletin->options['multiquote'] and $vbulletin->userinfo['userid']); if ($show['multiquote_global']) { $vbulletin->input->clean_array_gpc('c', array('vbulletin_multiquote' => TYPE_STR)); $vbulletin->GPC['vbulletin_multiquote'] = explode(',', $vbulletin->GPC['vbulletin_multiquote']); } // post is cachable if option is enabled, last post is newer than max age, and this user // isn't showing a sessionhash $post_cachable = ($vbulletin->options['cachemaxage'] > 0 and TIMENOW - $vbulletin->options['cachemaxage'] * 60 * 60 * 24 <= $thread['lastpost'] and $vbulletin->session->vars['sessionurl'] == ''); $saveparsed = ''; $save_parsed_sigs = ''; ($hook = vBulletinHook::fetch_hook('showthread_post_start')) ? eval($hook) : false; ################################################################################ ####################### SHOW THREAD IN LINEAR MODE ############################# ################################################################################ if ($threadedmode == 0) { // allow deleted posts to not be counted in number of posts displayed on the page; // prevents issue with page count on forum display being incorrect $ids = array(); $lastpostid = 0; $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook('showthread_query_postids')) ? eval($hook) : false; if (empty($deljoin) and !$show['approvepost']) { $totalposts = $threadinfo['replycount'] + 1; if (can_moderate($thread['forumid'])) { $coventry = ''; } else { $coventry = fetch_coventry('string'); } $getpostids = $db->query_read("\n \t\t\tSELECT post.postid\n \t\t\tFROM " . TABLE_PREFIX . "post AS post\n \t\t\t{$hook_query_joins}\n \t\t\tWHERE post.threadid = {$threadid}\n \t\t\t\tAND post.visible = 1\n \t\t\t\t" . ($coventry ? "AND post.userid NOT IN ({$coventry})" : '') . "\n \t\t\t\t{$hook_query_where}\n \t\t\tORDER BY post.dateline {$postorder}\n \t\t\tLIMIT {$limitlower}, {$perpage}\n \t\t"); while ($post = $db->fetch_array($getpostids)) { if (!isset($qrfirstpostid)) { $qrfirstpostid = $post['postid']; } $qrlastpostid = $post['postid']; $ids[] = $post['postid']; } $db->free_result($getpostids); $lastpostid = $qrlastpostid; } else { $getpostids = $db->query_read("\n \t\t\tSELECT post.postid, post.visible, post.userid\n \t\t\tFROM " . TABLE_PREFIX . "post AS post\n \t\t\t{$hook_query_joins}\n \t\t\tWHERE post.threadid = {$threadid}\n \t\t\t\tAND post.visible IN (1\n \t\t\t\t" . (!empty($deljoin) ? ",2" : "") . "\n \t\t\t\t" . ($show['approvepost'] ? ",0" : "") . "\n \t\t\t\t)\n \t\t\t\t{$hook_query_where}\n \t\t\tORDER BY post.dateline {$postorder}\n \t\t"); $totalposts = 0; if ($limitlower != 0) { $limitlower++; } while ($post = $db->fetch_array($getpostids)) { if (!isset($qrfirstpostid)) { $qrfirstpostid = $post['postid']; } $qrlastpostid = $post['postid']; if ($post['visible'] == 1 and !in_coventry($post['userid']) and !$ignore[$post['userid']]) { $totalposts++; } if ($totalposts < $limitlower or $totalposts > $limitupper) { continue; } // remember, these are only added if they're going to be displayed $ids[] = $post['postid']; $lastpostid = $post['postid']; } $db->free_result($getpostids); } // '0' inside parenthesis in unlikely case we have no ids for this page // (this could happen if the replycount is wrong in the db) $postids = "post.postid IN (0" . implode(',', $ids) . ")"; // load attachments if ($thread['attach']) { require_once DIR . '/packages/vbattach/attach.php'; $attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post'); $postattach = $attach->fetch_postattach(0, $ids); } $hook_query_fields = $hook_query_joins = ''; ($hook = vBulletinHook::fetch_hook('showthread_query')) ? eval($hook) : false; $posts = $db->query_read("\n \t\tSELECT\n \t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n \t\t\tuser.*, userfield.*, usertextfield.*,\n \t\t\t" . iif($forum['allowicons'], 'icon.title as icontitle, icon.iconpath,') . "\n \t\t\t" . iif($vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight,') . "\n \t\t\t" . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . "\n \t\t\t" . iif($deljoin, 'deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason,') . "\n \t\t\teditlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline,\n \t\t\teditlog.reason AS edit_reason, editlog.hashistory,\n \t\t\tpostparsed.pagetext_html, postparsed.hasimages,\n \t\t\tsigparsed.signatureparsed, sigparsed.hasimages AS sighasimages,\n \t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight,\n \t\t\tIF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid\n \t\t\t" . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), $vbulletin->profilefield['hidden']) . "\n \t\t\t{$hook_query_fields}\n \t\tFROM " . TABLE_PREFIX . "post AS post\n \t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n \t\t" . iif($forum['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . "\n \t\t" . iif($vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . "\n \t\t" . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . "\n \t\t\t{$deljoin}\n \t\tLEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ")\n \t\tLEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ")\n \t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid)\n \t\t\t{$hook_query_joins}\n \t\tWHERE {$postids}\n \t\tORDER BY post.dateline {$postorder}\n \t"); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canseethumbnails']) and !($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment'])) { $vbulletin->options['attachthumbs'] = 0; } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment'])) { $vbulletin->options['viewattachedimages'] = 0; } $postcount = ($vbulletin->GPC['pagenumber'] - 1) * $perpage; if ($postorder) { // Newest first $postcount = $totalposts - $postcount + 1; } $counter = 0; $postbits = ''; $postbit_factory = new vB_Postbit_Factory(); $postbit_factory->registry =& $vbulletin; $postbit_factory->forum =& $foruminfo; $postbit_factory->thread =& $thread; $postbit_factory->cache = array(); $postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); while ($post = $db->fetch_array($posts)) { if ($tachyuser = in_coventry($post['userid']) and !can_moderate($thread['forumid'])) { continue; } if ($post['visible'] == 1 and !$tachyuser) { ++$counter; if ($postorder) { $post['postcount'] = --$postcount; } else { $post['postcount'] = ++$postcount; } } if ($tachyuser) { $fetchtype = 'post_global_ignore'; } else { if ($ignore["{$post['userid']}"]) { $fetchtype = 'post_ignore'; } else { if ($post['visible'] == 2) { $fetchtype = 'post_deleted'; } else { $fetchtype = 'post'; } } } if ($vbulletin->GPC['viewfull'] and $post['postid'] == $postinfo['postid'] and $fetchtype != 'post' and (can_moderate($threadinfo['forumid']) or !$post['isdeleted'])) { $fetchtype = 'post'; } if ($fetchtype != 'post' && $fetchtype != 'post_deleted') { continue; } ($hook = vBulletinHook::fetch_hook('showthread_postbit_create')) ? eval($hook) : false; $postbit_obj =& $postbit_factory->fetch_postbit($fetchtype); if ($fetchtype == 'post') { $postbit_obj->highlight =& $replacewords; } $postbit_obj->cachable = $post_cachable; $post['islastshown'] = $post['postid'] == $lastpostid; $post['isfirstshown'] = ($counter == 1 and $fetchtype == 'post' and $post['visible'] == 1); $post['islastshown'] = $post['postid'] == $lastpostid; $post['attachments'] = $postattach["{$post['postid']}"]; $parsed_postcache = array('text' => '', 'images' => 1, 'skip' => false); $postbits .= $postbit_obj->construct_postbit($post); // Only show after the first post, counter isn't incremented for deleted/moderated posts if ($post['isfirstshown']) { $postbits .= vB_Template::create('ad_showthread_firstpost')->render(); } if ($post_cachable and $post['pagetext_html'] == '') { if (!empty($saveparsed)) { $saveparsed .= ','; } $saveparsed .= "({$post['postid']}, " . intval($thread['lastpost']) . ', ' . intval($postbit_obj->post_cache['has_images']) . ", '" . $db->escape_string($postbit_obj->post_cache['text']) . "', " . intval(STYLEID) . ", " . intval(LANGUAGEID) . ")"; } if (!empty($postbit_obj->sig_cache) and $post['userid']) { if (!empty($save_parsed_sigs)) { $save_parsed_sigs .= ','; } $save_parsed_sigs .= "({$post['userid']}, " . intval(STYLEID) . ", " . intval(LANGUAGEID) . ", '" . $db->escape_string($postbit_obj->sig_cache['text']) . "', " . intval($postbit_obj->sig_cache['has_images']) . ")"; } // get first and last post ids for this page (for big reply buttons) if (!isset($FIRSTPOSTID)) { $FIRSTPOSTID = $post['postid']; } $LASTPOSTID = $post['postid']; if ($post['dateline'] > $displayed_dateline) { $displayed_dateline = $post['dateline']; if ($displayed_dateline <= $threadview) { $updatethreadcookie = true; } } // FRNR Start // find out if first post $getpost = $db->query_first("\n SELECT firstpostid\n FROM " . TABLE_PREFIX . "thread\n WHERE threadid = {$threadinfo['threadid']}\n "); $isfirstpost = $getpost['firstpostid'] == $post['postid']; $candelete = false; if ($isfirstpost and can_moderate($threadinfo['forumid'], 'canmanagethreads')) { $candelete = true; } else { if (!$isfirstpost and can_moderate($threadinfo['forumid'], 'candeleteposts')) { $candelete = true; } else { if (($forumperms & $vbulletin->bf_ugp_forumpermissions['candeletepost'] and !$isfirstpost or $forumperms & $vbulletin->bf_ugp_forumpermissions['candeletethread'] and $isfirstpost) and $vbulletin->userinfo['userid'] == $post['userid']) { $candelete = true; } } } // Get post date/time $postdate = vbdate($vbulletin->options['dateformat'], $post['dateline'], 1); $posttime = vbdate($vbulletin->options['timeformat'], $post['dateline']); $fr_images = array(); $docattach = array(); // Attachments (images). if (is_array($post['attachments']) && count($post['attachments']) > 0) { foreach ($post['attachments'] as $attachment) { $lfilename = strtolower($attachment['filename']); if (strpos($lfilename, '.jpe') !== false || strpos($lfilename, '.png') !== false || strpos($lfilename, '.gif') !== false || strpos($lfilename, '.jpg') !== false || strpos($lfilename, '.jpeg') !== false) { $tmp = array('img' => $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid']); if ($vbulletin->options['attachthumbs']) { $tmp['tmb'] = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'] . '&stc=1&thumb=1'; } $fr_images[] = $tmp; } if (strpos($lfilename, '.pdf') !== false) { $docattach[] = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid']; } } } // Parse the post for quotes and inline images list($text, $nuked_quotes, $images) = parse_post($post['pagetext'], $post['allowsmilie'] && $usesmilies); if (count($fr_images) > 0) { $text .= "<br/>"; foreach ($fr_images as $attachment) { $text .= "<img src=\"{$attachment['img']}\"/>"; } } foreach ($images as $image) { $fr_images[] = array('img' => $image); } $avatarurl = ''; // Avatar work if ($post['avatarurl']) { $avatarurl = process_avatarurl($post['avatarurl']); } $tmp = array('post_id' => $post['postid'], 'thread_id' => $post['threadid'], 'forum_id' => $foruminfo['forumid'], 'forum_title' => prepare_utf8_string($foruminfo['title_clean']), 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string($post['joindate']), 'usertitle' => prepare_utf8_string(strip_tags($post['usertitle'])), 'numposts' => $post['posts'] ? (string) $post['posts'] : '0', 'userid' => $post['userid'], 'title' => prepare_utf8_string($post['title']), 'online' => fetch_online_status(fetch_userinfo($post['userid']), false), 'post_timestamp' => prepare_utf8_string(date_trunc($postdate) . ' ' . $posttime), 'fr_images' => $fr_images); if ($candelete) { $tmp['candelete'] = true; } // Soft Deleted if ($post['visible'] == 2) { $tmp['deleted'] = true; $tmp['del_username'] = prepare_utf8_string($post['del_username']); if ($post['del_reason']) { $tmp['del_reason'] = prepare_utf8_string($post['del_reason']); } } else { $tmp['text'] = $text; $tmp['quotable'] = $nuked_quotes; if ($post['editlink']) { $tmp['canedit'] = true; $tmp['edittext'] = prepare_utf8_string($post['pagetext']); } } if ($avatarurl != '') { $tmp['avatarurl'] = $avatarurl; } if (count($docattach) > 0) { $tmp['docattach'] = $docattach; } if ($vbulletin->GPC['signature']) { $sig = trim(remove_bbcode(strip_tags($post['signatureparsed']), true, true), '<a>'); $sig = str_replace(array("\t", "\r"), array('', ''), $sig); $sig = str_replace("\n\n", "\n", $sig); $tmp['sig'] = prepare_utf8_string($sig); } // Begin Support for Post Thanks Hack - http://www.vbulletin.org/forum/showthread.php?t=122944 if ($vbulletin->userinfo['userid'] && function_exists('post_thanks_off') && function_exists('can_thank_this_post') && function_exists('thanked_already') && function_exists('fetch_thanks')) { if (!post_thanks_off($thread['forumid'], $post, $thread['firstpostid'], THIS_SCRIPT)) { global $ids; if (can_thank_this_post($post, $thread['isdeleted'])) { $tmp['canlike'] = true; } if (thanked_already($post, 0, true)) { $tmp['likes'] = true; if (!$vbulletin->options['post_thanks_delete_own']) { $tmp['canlike'] = $tmp['likes'] = false; } } $thanks = fetch_thanks($post['postid']); $thank_users = array(); if (is_array($thanks)) { foreach ($thanks as $thank) { $thank_users[] = $thank['username']; } } if (count($thank_users)) { $tmp['likestext'] = prepare_utf8_string($vbphrase['fr_thanked_by'] . ': ' . join(', ', $thank_users)); $tmp['likesusers'] = join(', ', $thank_users); } } } // End Support for Post Thanks Hack $posts_out[] = $tmp; // FRNR End } $db->free_result($posts); unset($post); if ($postbits == '' and $vbulletin->GPC['pagenumber'] > 1) { $pageinfo = array('page' => $vbulletin->GPC['pagenumber'] - 1); if (!empty($vbulletin->GPC['perpage'])) { $pageinfo['pp'] = $perpage; } if (!empty($vbulletin->GPC['highlight'])) { $pageinfo['highlight'] = urlencode($vbulletin->GPC['highlight']); } exec_header_redirect(fetch_seo_url('thread|js', $threadinfo, $pageinfo)); } DEVDEBUG("First Post: {$FIRSTPOSTID}; Last Post: {$LASTPOSTID}"); $pageinfo = array(); if ($vbulletin->GPC['highlight']) { $pageinfo['highlight'] = urlencode($vbulletin->GPC['highlight']); } if (!empty($vbulletin->GPC['perpage'])) { $pageinfo['pp'] = $perpage; } $pagenav = construct_page_nav($vbulletin->GPC['pagenumber'], $perpage, $totalposts, 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}", '', '', 'thread', $threadinfo, $pageinfo); if ($thread['lastpost'] > $threadview) { if ($firstnew) { $firstunread = fetch_seo_url('thread', $threadinfo, array('page' => $vbulletin->GPC['pagenumber'])) . '#post' . $firstnew; $show['firstunreadlink'] = true; } else { $firstunread = fetch_seo_url('thread', $threadinfo, array('goto' => 'newpost')); $show['firstunreadlink'] = true; } } else { $firstunread = ''; $show['firstunreadlink'] = false; } if ($vbulletin->userinfo['postorder']) { // disable ajax qr when displaying linear newest first $show['allow_ajax_qr'] = 0; } else { // only allow ajax on the last page of a thread when viewing oldest first $show['allow_ajax_qr'] = $vbulletin->GPC['pagenumber'] == ceil($totalposts / $perpage) ? 1 : 0; } ################################################################################ ################ SHOW THREAD IN THREADED OR HYBRID MODE ######################## ################################################################################ } else { // ajax qr doesn't work with threaded controls $show['allow_ajax_qr'] = 0; require_once DIR . '/includes/functions_threadedmode.php'; // save data $ipostarray = array(); $postarray = array(); $userarray = array(); $postparent = array(); $postorder = array(); $hybridposts = array(); $deletedparents = array(); $totalposts = 0; $links = ''; $cache_postids = ''; $hook_query_fields = $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook('showthread_query_postids_threaded')) ? eval($hook) : false; // get all posts $listposts = $db->query_read("\n \t\tSELECT\n \t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n \t\t\tuser.*, userfield.*\n \t\t\t" . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), $vbulletin->profilefield['hidden']) . "\n \t\t\t{$hook_query_fields}\n \t\tFROM " . TABLE_PREFIX . "post AS post\n \t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n \t\t{$hook_query_joins}\n \t\tWHERE threadid = {$threadid}\n \t\t\t{$hook_query_where}\n \t\tORDER BY postid\n \t"); // $toppostid is the first post in the thread // $curpostid is the postid passed from the URL, or if not specified, the first post in the thread $ids = array(); while ($post = $db->fetch_array($listposts)) { if ($post['visible'] == 2 and !$deljoin or $post['visible'] == 0 and !$show['approvepost'] or in_coventry($post['userid']) and !can_moderate($thread['forumid'])) { $deletedparents["{$post['postid']}"] = iif(isset($deletedparents["{$post['parentid']}"]), $deletedparents["{$post['parentid']}"], $post['parentid']); continue; } if (empty($toppostid)) { $toppostid = $post['postid']; } if (empty($postid)) { if (empty($curpostid)) { $curpostid = $post['postid']; if ($threadedmode == 2 and empty($vbulletin->GPC['postid'])) { $vbulletin->GPC['postid'] = $curpostid; } $curpostparent = $post['parentid']; } } else { if ($post['postid'] == $postid) { $curpostid = $post['postid']; $curpostparent = $post['parentid']; } } $postparent["{$post['postid']}"] = $post['parentid']; $ipostarray["{$post['parentid']}"][] = $post['postid']; $postarray["{$post['postid']}"] = $post; $userarray["{$post['userid']}"] = $db->escape_string($post['username']); $totalposts++; $ids[] = $post['postid']; } $db->free_result($listposts); // hooks child posts up to new parent if actual parent has been deleted or hidden if (count($deletedparents) > 0) { foreach ($deletedparents as $dpostid => $dparentid) { if (is_array($ipostarray[$dpostid])) { foreach ($ipostarray[$dpostid] as $temppostid) { $postparent[$temppostid] = $dparentid; $ipostarray[$dparentid][] = $temppostid; $postarray[$temppostid]['parentid'] = $dparentid; } unset($ipostarray[$dpostid]); } if ($curpostparent == $dpostid) { $curpostparent = $dparentid; } } } unset($post, $listposts, $deletedparents); if ($thread['attach']) { require_once DIR . '/packages/vbattach/attach.php'; $attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post'); $postattach = $attach->fetch_postattach(0, $ids); } // get list of usernames from post list $userjs = ''; foreach ($userarray as $userid => $username) { if ($userid) { $userjs .= "pu[{$userid}] = \"" . addslashes_js($username) . "\";\n"; } } unset($userarray, $userid, $username); $parent_postids = fetch_post_parentlist($curpostid); if (!$parent_postids) { $currentdepth = 0; } else { $currentdepth = sizeof(explode(',', $parent_postids)); } sort_threaded_posts(); if (empty($curpostid)) { eval(standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink']))); } if ($threadedmode == 2) { $numhybrids = sizeof($hybridposts); if ($vbulletin->GPC['pagenumber'] < 1) { $vbulletin->GPC['pagenumber'] = 1; } $startat = ($vbulletin->GPC['pagenumber'] - 1) * $perpage; if ($startat > $numhybrids) { $vbulletin->GPC['pagenumber'] = 1; $startat = 0; } $endat = $startat + $perpage; for ($i = $startat; $i < $endat; $i++) { if (isset($hybridposts["{$i}"])) { if (!isset($FIRSTPOSTID)) { $FIRSTPOSTID = $hybridposts["{$i}"]; } $cache_postids .= ",{$hybridposts[$i]}"; $LASTPOSTID = $hybridposts["{$i}"]; } } $pageinfo = array('p' => $vbulletin->GPC['postid']); if ($vbulletin->GPC['highlight']) { $pageinfo['highlight'] = urlencode($vbulletin->GPC['highlight']); } if (!empty($vbulletin->GPC['perpage'])) { $pageinfo['pp'] = $perpage; } $pagenav = construct_page_nav($vbulletin->GPC['pagenumber'], $perpage, $numhybrids, 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}", '', '', 'thread', $threadinfo, $pageinfo); } else { $FIRSTPOSTID = $curpostid; $LASTPOSTID = $curpostid; // sort out which posts to cache: if (!$vbulletin->options['threaded_maxcache']) { $vbulletin->options['threaded_maxcache'] = 999999; } // cache $vbulletin->options['threaded_maxcache'] posts // take 0.25 from above $curpostid // and take 0.75 below if (sizeof($postorder) <= $vbulletin->options['threaded_maxcache']) { $startat = 0; } else { if ($curpostidkey + $vbulletin->options['threaded_maxcache'] * 0.75 > sizeof($postorder)) { $startat = sizeof($postorder) - $vbulletin->options['threaded_maxcache']; } else { if ($curpostidkey - $vbulletin->options['threaded_maxcache'] * 0.25 < 0) { $startat = 0; } else { $startat = intval($curpostidkey - $vbulletin->options['threaded_maxcache'] * 0.25); } } } unset($curpostidkey); foreach ($postorder as $postkey => $pid) { if ($postkey > $startat + $vbulletin->options['threaded_maxcache']) { break; } if ($postkey >= $startat and empty($morereplies["{$pid}"])) { $cache_postids .= ',' . $pid; } } // get next/previous posts for each post in the list // key: NAVJS[postid][0] = prev post, [1] = next post $NAVJS = array(); $prevpostid = 0; foreach ($postorder as $pid) { $NAVJS["{$pid}"][0] = $prevpostid; $NAVJS["{$prevpostid}"][1] = $pid; $prevpostid = $pid; } $NAVJS["{$toppostid}"][0] = $pid; //prev button for first post $NAVJS["{$pid}"][1] = $toppostid; //next button for last post $navjs = ''; foreach ($NAVJS as $pid => $info) { $navjs .= "pn[{$pid}] = \"{$info['0']},{$info['1']}\";\n"; } } unset($ipostarray, $postparent, $postorder, $NAVJS, $postid, $info, $prevpostid, $postkey); $cache_postids = substr($cache_postids, 1); if (empty($cache_postids)) { // umm... something weird happened. Just prevent an error. eval(standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink']))); } $hook_query_fields = $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook('showthread_query')) ? eval($hook) : false; $cacheposts = $db->query_read("\n \t\tSELECT\n \t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n \t\t\tuser.*, userfield.*, usertextfield.*,\n \t\t\t" . iif($forum['allowicons'], 'icon.title as icontitle, icon.iconpath,') . "\n \t\t\t" . iif($vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,') . "\n \t\t\t" . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . "\n \t\t\t" . iif($deljoin, "deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason,") . "\n \t\t\teditlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline,\n \t\t\teditlog.reason AS edit_reason, editlog.hashistory,\n \t\t\tpostparsed.pagetext_html, postparsed.hasimages,\n \t\t\tsigparsed.signatureparsed, sigparsed.hasimages AS sighasimages,\n \t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight,\n \t\t\tIF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid\n \t\t\t" . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), $vbulletin->profilefield['hidden']) . "\n \t\t\t{$hook_query_fields}\n \t\tFROM " . TABLE_PREFIX . "post AS post\n \t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n \t\t" . iif($forum['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . "\n \t\t" . iif($vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . "\n \t\t" . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . "\n \t\t\t{$deljoin}\n \t\tLEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ")\n \t\tLEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ")\n \t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid)\n \t\t\t{$hook_query_joins}\n \t\tWHERE post.postid IN (" . $cache_postids . ") {$hook_query_where}\n \t"); // re-initialise the $postarray variable $postarray = array(); while ($post = $db->fetch_array($cacheposts)) { $postarray["{$post['postid']}"] = $post; } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment'])) { $vbulletin->options['viewattachedimages'] = 0; $vbulletin->options['attachthumbs'] = 0; } // init $postcount = 0; $postbits = ''; $saveparsed = ''; $jspostbits = ''; $postbit_factory = new vB_Postbit_Factory(); $postbit_factory->registry =& $vbulletin; $postbit_factory->forum =& $foruminfo; $postbit_factory->thread =& $thread; $postbit_factory->cache = array(); $postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); foreach (explode(',', $cache_postids) as $id) { // get the post from the post array if (!isset($postarray["{$id}"])) { continue; } $post = $postarray["{$id}"]; if ($tachyuser = in_coventry($post['userid']) and !can_moderate($thread['forumid'])) { continue; } if ($tachyuser) { $fetchtype = 'post_global_ignore'; } else { if ($ignore["{$post['userid']}"]) { $fetchtype = 'post_ignore'; } else { if ($post['visible'] == 2) { $fetchtype = 'post_deleted'; } else { $fetchtype = 'post'; } } } if ($vbulletin->GPC['viewfull'] and $post['postid'] == $postinfo['postid'] and $fetchtype != 'post' and (can_moderate($threadinfo['forumid']) or !$post['isdeleted'])) { $fetchtype = 'post'; } ($hook = vBulletinHook::fetch_hook('showthread_postbit_create')) ? eval($hook) : false; $postbit_obj =& $postbit_factory->fetch_postbit($fetchtype); if ($fetchtype == 'post') { $postbit_obj->highlight =& $replacewords; } $postbit_obj->cachable = $post_cachable; $post['postcount'] = ++$postcount; $post['attachments'] =& $postattach["{$post['postid']}"]; $parsed_postcache = array('text' => '', 'images' => 1); $bgclass = 'alt2'; if ($threadedmode == 2) { $postbits .= $postbit_obj->construct_postbit($post); } else { $postbit = $postbit_obj->construct_postbit($post); if ($curpostid == $post['postid']) { $curpostdateline = $post['dateline']; $curpostbit = $postbit; } $postbit = preg_replace('#</script>#i', "<\\/scr' + 'ipt>", addslashes_js($postbit)); $jspostbits .= "pd[{$post['postid']}] = '{$postbit}';\n"; } // end threaded mode if ($post_cachable and $post['pagetext_html'] == '') { if (!empty($saveparsed)) { $saveparsed .= ','; } $saveparsed .= "({$post['postid']}, " . intval($thread['lastpost']) . ', ' . intval($postbit_obj->post_cache['has_images']) . ", '" . $db->escape_string($postbit_obj->post_cache['text']) . "'," . intval(STYLEID) . ", " . intval(LANGUAGEID) . ")"; } if (!empty($postbit_obj->sig_cache) and $post['userid']) { if (!empty($save_parsed_sigs)) { $save_parsed_sigs .= ','; } $save_parsed_sigs .= "({$post['userid']}, " . intval(STYLEID) . ", " . intval(LANGUAGEID) . ", '" . $db->escape_string($postbit_obj->sig_cache['text']) . "', " . intval($postbit_obj->sig_cache['has_images']) . ")"; } if ($post['dateline'] > $displayed_dateline) { $displayed_dateline = $post['dateline']; if ($displayed_dateline <= $threadview) { $updatethreadcookie = true; } } } // end while ($post) $db->free_result($cacheposts); if ($threadedmode == 1) { $postbits = $curpostbit; } $templater = vB_Template::create('showthread_list'); $templater->register('curpostid', $curpostid); $templater->register('highlightwords', $highlightwords); $templater->register('jspostbits', $jspostbits); $templater->register('links', $links); $templater->register('navjs', $navjs); $templater->register('threadedmode', $threadedmode); $templater->register('userjs', $userjs); $threadlist = $templater->render(); unset($curpostbit, $post, $cacheposts, $parsed_postcache, $postbit); } ################################################################################ ########################## END LINEAR / THREADED ############################### ################################################################################ $effective_lastpost = max($displayed_dateline, $thread['lastpost']); // ********************************************************************************* //set thread last view if ($thread['pollid'] and $vbulletin->options['updatelastpost'] and ($displayed_dateline == $thread['lastpost'] or $threadview == $thread['lastpost']) and $pollinfo['lastvote'] > $thread['lastpost']) { $displayed_dateline = $pollinfo['lastvote']; } if ((!$vbulletin->GPC['posted'] or $updatethreadcookie) and $displayed_dateline and $displayed_dateline > $threadview) { mark_thread_read($threadinfo, $foruminfo, $vbulletin->userinfo['userid'], $displayed_dateline); } // FRNR Below fr_update_subsent($threadinfo['threadid'], $displayed_dateline); if (!is_array($posts_out)) { $posts_out = array(); } // Figure out if we can post $canpost = true; if ($threadinfo['isdeleted'] or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) { $canpost = false; } if (!$foruminfo['allowposting'] or $foruminfo['link'] or !$foruminfo['cancontainthreads']) { $canpost = false; } if (!$threadinfo['open']) { if (!can_moderate($threadinfo['forumid'], 'canopenclose')) { $canpost = false; } } if (($vbulletin->userinfo['userid'] != $threadinfo['postuserid'] or !$vbulletin->userinfo['userid']) and (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyothers']))) { $canpost = false; } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyown']) and $vbulletin->userinfo['userid'] == $threadinfo['postuserid']) { $canpost = false; } $mod = 0; if (can_moderate($threadinfo['forumid'], 'candeleteposts') or can_moderate($threadinfo['forumid'], 'canremoveposts')) { $mod |= MOD_DELETEPOST; } if (can_moderate($threadinfo['forumid'], 'canmanagethreads')) { if ($threadinfo['sticky']) { $mod |= MOD_UNSTICK; } else { $mod |= MOD_STICK; } } if ($threadinfo['visible'] != 2 and can_moderate($threadinfo['forumid'], 'candeleteposts') or can_moderate($threadinfo['forumid'], 'canremoveposts') or $forumperms & $vbulletin->bf_ugp_forumpermissions['candeletepost'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['candeletethread'] and $vbulletin->userinfo['userid'] == $threadinfo['postuserid'] and ($vbulletin->options['edittimelimit'] == 0 or $threadinfo['dateline'] > TIMENOW - $vbulletin->options['edittimelimit'] * 60)) { $mod |= MOD_DELETETHREAD; } if (can_moderate($threadinfo['forumid'], 'canopenclose') or $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] and $threadinfo['postuserid'] == $vbulletin->userinfo['userid']) { if ($threadinfo['open']) { $mod |= MOD_CLOSE; } else { $mod |= MOD_OPEN; } } if (can_moderate($threadinfo['forumid'], 'canmanagethreads') or $forumperms & $vbulletin->bf_ugp_forumpermissions['canmove'] and $threadinfo['postuserid'] == $vbulletin->userinfo['userid']) { $mod |= MOD_MOVETHREAD; } if ($show['spamctrls']) { $mod |= MOD_SPAM_CONTROLS; } $out = array('posts' => $posts_out, 'total_posts' => $totalposts, 'page' => $vbulletin->GPC['pagenumber'], 'canpost' => $canpost ? 1 : 0, 'mod' => $mod, 'pollid' => $thread['pollid'], 'subscribed' => $threadinfo['issubscribed'] ? 1 : 0, 'title' => prepare_utf8_string($thread['title']), 'canattach' => $forumperms & $vbulletin->bf_ugp_forumpermissions['canpostattachment'] and $vbulletin->userinfo['userid']); if ($postid) { $out['gotopostid'] = $postid; } return $out; }
// if search conditions are specified in the URI, use them foreach (array_keys($search_fields + $optional_fields) AS $varname) { if ($vbulletin->GPC_exists["$varname"] AND !is_array($vbulletin->GPC["$varname"])) { $$varname = htmlspecialchars_uni($vbulletin->GPC["$varname"]); $checkedvar = $varname . 'checked'; $selectedvar = $varname . 'selected'; $$checkedvar = array($vbulletin->GPC["$varname"] => 'checked="checked"'); $$selectedvar = array($vbulletin->GPC["$varname"] => 'selected="selected"'); } } // image verification $human_verify = ''; if (fetch_require_hvcheck('search')) { require_once(DIR . '/includes/class_humanverify.php'); $verification =& vB_HumanVerify::fetch_library($vbulletin); $human_verify = $verification->output_token(); } $tag_cloud = ''; if ($vbulletin->options['vbblog_tagging'] AND $vbulletin->options['vbblog_tagcloud_searchcloud']) { $show['searchcloud'] = true; if ($tag_cloud = fetch_blog_tagcloud('search')) { $show['tagcloud_css'] = true; } }
/** * Creates a new post * * @param string 'thread' for the first post in a new thread, 'reply' otherwise * @param array Forum Information * @param array Thread Information * @param array Post Information for the "Parent" post * @param array Post Information for the post being created * @param array (return) Array of errors * */ function build_new_post($type = 'thread', $foruminfo, $threadinfo, $postinfo, &$post, &$errors) { //NOTE: permissions are not checked in this function // $post is passed by reference, so that any changes (wordwrap, censor, etc) here are reflected on the copy outside the function // $post[] includes: // title, iconid, message, parseurl, email, signature, preview, disablesmilies, rating // $errors will become any error messages that come from the checks before preview kicks in global $vbulletin, $vbphrase, $forumperms; // ### PREPARE OPTIONS AND CHECK VALID INPUT ### $post['disablesmilies'] = intval($post['disablesmilies']); $post['enablesmilies'] = $post['disablesmilies'] ? 0 : 1; $post['folderid'] = intval($post['folderid']); $post['emailupdate'] = intval($post['emailupdate']); $post['rating'] = intval($post['rating']); $post['podcastsize'] = intval($post['podcastsize']); // Make sure the posthash is valid if (md5($post['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $post['posthash']) { $post['posthash'] = 'invalid posthash'; // don't phrase me } // OTHER SANITY CHECKS $threadinfo['threadid'] = intval($threadinfo['threadid']); // Doublepost // $dp_flag = false; // create data manager if ($type == 'thread') { $dataman =& datamanager_init('Thread_FirstPost', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $dataman->set('prefixid', $post['prefixid']); } else { $dataman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $dupehash = md5($foruminfo['forumid'] . $post['title'] . $post['message'] . $vbulletin->userinfo['userid'] . $type); // Doublepost Check // if ($vbulletin->options['dp_timespan'] and VB_API !== true and $cutoff = TIMENOW - $vbulletin->options['dp_timespan'] * 60 and $threadinfo['lastpost'] > $cutoff and !$post['preview'] and $threadinfo['lastposter'] == $vbulletin->userinfo['username'] and !($foruminfo['options'] & $vbulletin->bf_misc_forumoptions['bypassdp']) and !($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['bypassdoublepost']) and $doublepost = $vbulletin->db->query_first("\n\t\t\t\tSELECT post.*, posthash.userid AS dupe_userid\n\t\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "posthash AS posthash ON (\n\t\t\t\t\tposthash.threadid = {$threadinfo['threadid']}\n\t\t\t\t\t\tAND\n\t\t\t\t\tposthash.dupehash = '" . $vbulletin->db->escape_string($dupehash) . "'\n\t\t\t\t\t\tAND\n\t\t\t\t\tposthash.userid = {$vbulletin->userinfo['userid']}\n\t\t\t\t\t\tAND\n\t\t\t\t\tposthash.dateline > " . (TIMENOW - 300) . "\n\t\t\t\t)\n\t\t\t\tWHERE\n\t\t\t\t\tpost.visible = 1\n\t\t\t\t\t\tAND\n\t\t\t\t\tpost.postid = " . $threadinfo['lastpostid'] . "\n\t\t\t\t\t\tAND\n\t\t\t\t\tpost.threadid = " . $threadinfo['threadid'] . "\n\t\t\t\tLIMIT 1\t") and $attach = $vbulletin->db->query_first("\n\t\t\t\tSELECT count(attachmentid) AS attach\n\t\t\t\tFROM " . TABLE_PREFIX . "attachment\n\t\t\t\tWHERE state = 'visible'\n\t\t\t\tAND posthash = '" . $post['posthash'] . "'") and ($vbulletin->options['attachlimit'] == 0 or $attach['attach'] + $doublepost['attach'] <= $vbulletin->options['attachlimit'])) { $cstate = $vbulletin->options['dp_color'] ? 1 : 0; $minchar = intval($vbulletin->options['postminchars']) <= 0 ? 1 : intval($vbulletin->options['postminchars']); if (vbstrlen(strip_bbcode($post['message'], $vbulletin->options['ignorequotechars'])) < $minchar) { require_once DIR . '/includes/functions_misc.php'; $errors[] = construct_phrase(fetch_phrase('tooshort', 'error'), $minchar); return false; } if ($doublepost['dupe_userid']) { require_once DIR . '/includes/functions_misc.php'; $errors[] = fetch_phrase('duplicate_post', 'error'); return false; } switch ($vbulletin->options['dp_spacer']) { case 1: // None $cstate = 2; break; case 2: // Custom $spacer = $vbulletin->options['dp_text']; break; default: $spacer = $vbphrase['dp_spacer_default']; break; } switch ($cstate) { case 1: // Coloured spacer $spacer = "\n\n" . '[COLOR="' . $vbulletin->options['dp_color'] . '"]' . $spacer . '[/COLOR]' . "\n\n"; break; case 2: // No spacer. $spacer = "\n\n"; break; default: $spacer = "\n\n" . $spacer . "\n\n"; break; } $dp_flag = true; $id = $doublepost['postid']; // Need to set valid values for later // $doublepost['signature'] = $doublepost['showsignature']; $doublepost['disablesmilies'] = intval($doublepost['disablesmilies']); $doublepost['enablesmilies'] = $doublepost['disablesmilies'] ? 0 : 1; $doublepost['folderid'] = intval($doublepost['folderid']); $doublepost['emailupdate'] = intval($doublepost['emailupdate']); $doublepost['rating'] = intval($doublepost['rating']); $doublepost['podcastsize'] = intval($doublepost['podcastsize']); $doublepost['doublepost'] = $dp_flag; $doublepost['posthash'] = $post['posthash']; $doublepost['oldmessage'] = $post['message']; $doublepost['message'] = $doublepost['pagetext'] . $spacer . $post['message']; $post = $doublepost; unset($doublepost); $dataman->set_existing($post); if ($vbulletin->options['dp_bump']) { $post['dateline'] = TIMENOW; $dataman->set('dateline', $post['dateline']); } } else { $dp_flag = false; } } // set info $dataman->set_info('dpflag', $dp_flag); $dataman->set_info('preview', $post['preview']); $dataman->set_info('parseurl', $post['parseurl']); $dataman->set_info('posthash', $post['posthash']); $dataman->set_info('forum', $foruminfo); $dataman->set_info('thread', $threadinfo); if (!$vbulletin->GPC['fromquickreply']) { $dataman->set_info('show_title_error', true); } if ($foruminfo['podcast'] and (!empty($post['podcasturl']) or !empty($post['podcastexplicit']) or !empty($post['podcastauthor']) or !empty($post['podcastsubtitle']) or !empty($post['podcastkeywords']))) { $dataman->set_info('podcastexplicit', $post['podcastexplicit']); $dataman->set_info('podcastauthor', $post['podcastauthor']); $dataman->set_info('podcastkeywords', $post['podcastkeywords']); $dataman->set_info('podcastsubtitle', $post['podcastsubtitle']); $dataman->set_info('podcasturl', $post['podcasturl']); if ($post['podcastsize']) { $dataman->set_info('podcastsize', $post['podcastsize']); } } // set options $dataman->setr('showsignature', $post['signature']); $dataman->setr('allowsmilie', $post['enablesmilies']); $dataman->setr('htmlstate', $post['htmlstate']); // set data $dataman->setr('userid', $vbulletin->userinfo['userid']); if ($vbulletin->userinfo['userid'] == 0) { $dataman->setr('username', $post['username']); } $dataman->setr('title', $post['title']); $dataman->setr('pagetext', $post['message']); $dataman->setr('iconid', $post['iconid']); // see if post has to be moderated or if poster in a mod if (($foruminfo['moderatenewthread'] and $type == 'thread' or $foruminfo['moderatenewpost'] and $type == 'reply' or !($forumperms & $vbulletin->bf_ugp_forumpermissions['followforummoderation'])) and !can_moderate($foruminfo['forumid']) or $type == 'reply' and ($postinfo['postid'] and !$postinfo['visible'] and !empty($postinfo['specifiedpost']) or !$threadinfo['visible'])) { // note: specified post comes from a variable passed into newreply.php $dataman->set('visible', 0); $post['visible'] = 0; } else { $dataman->set('visible', 1); $post['visible'] = 1; } if ($type != 'thread') { if ($dp_flag) { $parentid = $post['parentid']; } else { if ($postinfo['postid']) { // get parentid of the new post // we're not posting a new thread, so make this post a child of the first post in the thread if (!empty($threadinfo['firstpostid'])) { //we have the postid in the thread table (firstpostid) $parentid = $threadinfo['firstpostid']; } else { //for some reason it might not be available in the $threadinfo array, need to fetch it $getfirstpost = $vbulletin->db->query_first("SELECT postid FROM " . TABLE_PREFIX . "post WHERE threadid={$threadinfo['threadid']} ORDER BY dateline LIMIT 1"); $parentid = $getfirstpost['postid']; } } else { $parentid = $postinfo['postid']; } } $dataman->setr('parentid', $parentid); $dataman->setr('threadid', $threadinfo['threadid']); } else { $dataman->setr('forumid', $foruminfo['forumid']); } $errors = array(); // done! ($hook = vBulletinHook::fetch_hook('newpost_process')) ? eval($hook) : false; if ($vbulletin->GPC['fromquickreply'] and $post['preview']) { $errors = array(); return; } if (fetch_require_hvcheck('post') and !$post['preview']) { require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library($vbulletin); if (!$verify->verify_token($post['humanverify'])) { $dataman->error($verify->fetch_error()); } } if ($dataman->info['podcastsize']) { $post['podcastsize'] = $dataman->info['podcastsize']; } // check if this forum requires a prefix if ($type == 'thread' and !$dataman->fetch_field('prefixid') and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) { // only require a prefix if we actually have options for this forum require_once DIR . '/includes/functions_prefix.php'; if (fetch_prefix_array($foruminfo['forumid'])) { $dataman->error('thread_prefix_required'); } } if ($type == 'thread' and $post['taglist']) { $threadinfo['postuserid'] = $vbulletin->userinfo['userid']; require_once DIR . '/includes/class_taggablecontent.php'; $content = vB_Taggable_Content_Item::create($vbulletin, "vBForum_Thread", $dataman->thread['threadid'], $threadinfo); $limits = $content->fetch_tag_limits(); $content->filter_tag_list_content_limits($post['taglist'], $limits, $tag_errors, true, false); if ($tag_errors) { foreach ($tag_errors as $error) { $dataman->error($error); } } $dataman->setr('taglist', $post['taglist']); } if ($type == 'reply' and $vbulletin->GPC['return_node']) { $dataman->set_info('nodeid', $vbulletin->GPC['return_node']); } $dataman->pre_save(); $errors = array_merge($errors, $dataman->errors); if ($post['preview']) { return; } // ### DUPE CHECK ### $dupehash = md5($foruminfo['forumid'] . $post['title'] . $post['message'] . $vbulletin->userinfo['userid'] . $type); $prevpostfound = false; $prevpostthreadid = 0; if ($prevpost = $vbulletin->db->query_first("\n\t\tSELECT posthash.threadid, thread.title\n\t\tFROM " . TABLE_PREFIX . "posthash AS posthash\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (thread.threadid = posthash.threadid)\n\t\tWHERE posthash.userid = " . $vbulletin->userinfo['userid'] . " AND\n\t\t\tposthash.dupehash = '" . $vbulletin->db->escape_string($dupehash) . "' AND\n\t\t\tposthash.dateline > " . (TIMENOW - 300) . "\n\t")) { if ($type == 'thread' and $prevpost['threadid'] == 0 or $type == 'reply' and $prevpost['threadid'] == $threadinfo['threadid']) { $prevpostfound = true; $prevpostthreadid = $prevpost['threadid']; } } // Redirect user to forumdisplay since this is a duplicate post if ($prevpostfound) { if ($type == 'thread') { $vbulletin->url = fetch_seo_url('forum', $foruminfo); print_standard_redirect('redirect_duplicatethread', true, true); } else { // with ajax quick reply we need to use the error system if ($vbulletin->GPC['ajax']) { $dataman->error('duplicate_post'); $errors = $dataman->errors; return; } else { $vbulletin->url = fetch_seo_url('thread', $prevpost, array('goto' => 'newpost')); if ($post['ajaxqrfailed']) { // ajax qr failed. While this is a dupe, most likely the user didn't // see the initial post, so act like it went through. print_standard_redirect('redirect_postthanks'); } else { print_standard_redirect('redirect_duplicatepost', true, true); } } } } if (sizeof($errors) > 0) { return; } if ($post['doublepost']) { $dataman->save(); } else { $id = $dataman->save(); } if ($type == 'thread') { $post['threadid'] = $id; $threadinfo =& $dataman->thread; $post['postid'] = $dataman->fetch_field('firstpostid'); clear_autosave_text('vBForum_Thread', 0, 0, $vbulletin->userinfo['userid']); } else { $post['postid'] = $id; if ($vbulletin->GPC_exists['return_node'] and intval($vbulletin->GPC['return_node'])) { clear_autosave_text('vBCms_ArticleComment', 0, $vbulletin->GPC['return_node'], $vbulletin->userinfo['userid']); } else { clear_autosave_text('vBForum_Post', 0, $threadinfo['threadid'], $vbulletin->userinfo['userid']); } } post_vb_api_details('vBForum_Post', $post['postid']); $post['visible'] = $dataman->fetch_field('visible'); $set_open_status = false; $set_sticky_status = false; if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) { $set_open_status = true; } if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) { $set_sticky_status = true; } if ($set_open_status or $set_sticky_status) { $thread =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost'); if ($type == 'thread') { $thread->set_existing($dataman->thread); if ($set_open_status) { $post['postpoll'] = false; } } else { $thread->set_existing($threadinfo); } if ($set_open_status) { $thread->set('open', $thread->fetch_field('open') == 1 ? 0 : 1); } if ($set_sticky_status) { $thread->set('sticky', $thread->fetch_field('sticky') == 1 ? 0 : 1); } $thread->save(); } if ($type == 'thread') { require_once DIR . '/includes/class_taggablecontent.php'; $content = vB_Taggable_Content_Item::create($vbulletin, "vBForum_Thread", $dataman->thread['threadid'], $threadinfo); $limits = $content->fetch_tag_limits(); $content->add_tags_to_content($post['taglist'], $limits); } // ### DO THREAD RATING ### build_thread_rating($post['rating'], $foruminfo, $threadinfo); // ### DO EMAIL NOTIFICATION ### if ($post['visible'] and $type != 'thread' and !in_coventry($vbulletin->userinfo['userid'], true)) { exec_send_notification($threadinfo['threadid'], $vbulletin->userinfo['userid'], $post['postid']); } // ### DO THREAD SUBSCRIPTION ### if ($vbulletin->userinfo['userid'] != 0) { require_once DIR . '/includes/functions_misc.php'; $post['emailupdate'] = verify_subscription_choice($post['emailupdate'], $vbulletin->userinfo, 9999); ($hook = vBulletinHook::fetch_hook('newpost_subscribe')) ? eval($hook) : false; if (!$threadinfo['issubscribed'] and $post['emailupdate'] != 9999) { // user is not subscribed to this thread so insert it /*insert query*/ $vbulletin->db->query_write("INSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } else { // User is subscribed, see if they changed the settings for this thread if ($post['emailupdate'] == 9999) { // Remove this subscription, user chose 'No Subscription' $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "subscribethread WHERE threadid = {$threadinfo['threadid']} AND userid = " . $vbulletin->userinfo['userid']); } else { if ($threadinfo['emailupdate'] != $post['emailupdate'] or $threadinfo['folderid'] != $post['folderid']) { // User changed the settings so update the current record /*insert query*/ $vbulletin->db->query_write("REPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } } } } ($hook = vBulletinHook::fetch_hook('newpost_complete')) ? eval($hook) : false; }
$templater->register('birthdate', $birthdate); $templater->register('dayselected', $dayselected); $templater->register('monthselected', $monthselected); $templater->register('sbselected', $sbselected); $templater->register('year', $year); $birthdayfields = $templater->render(); } else { $show['birthday'] = false; $birthdayfields = ''; } $htmlonoff = $vbulletin->options['allowhtml'] ? $vbphrase['on'] : $vbphrase['off']; $bbcodeonoff = $vbulletin->options['allowbbcode'] ? $vbphrase['on'] : $vbphrase['off']; $imgcodeonoff = $vbulletin->options['allowbbimagecode'] ? $vbphrase['on'] : $vbphrase['off']; $smiliesonoff = $vbulletin->options['allowsmilies'] ? $vbphrase['on'] : $vbphrase['off']; // human verification, which we can bypass if user has been verified on facebook if (fetch_require_hvcheck('register') and (!is_facebookenabled() or is_facebookenabled() and !vB_Facebook::instance()->userIsLoggedIn())) { require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library($vbulletin); $human_verify = $verify->output_token(); } // Referrer if ($vbulletin->options['usereferrer'] and !$vbulletin->userinfo['userid']) { exec_switch_bg(); if ($errorlist) { $referrername = $vbulletin->GPC['referrername']; } else { if ($vbulletin->GPC[COOKIE_PREFIX . 'referrerid']) { if ($referrername = $db->query_first_slave("SELECT username FROM " . TABLE_PREFIX . "user WHERE userid = " . $vbulletin->GPC[COOKIE_PREFIX . 'referrerid'])) { $referrername = $referrername['username']; } }
} // ############################################################################# // do cron stuff - goes into footer if ($vbulletin->cron <= TIMENOW) { $cronimage = '<img src="' . create_full_url('cron.php?' . $vbulletin->session->vars['sessionurl'] . 'rand=' . TIMENOW) . '" alt="" width="1" height="1" border="0" />'; } else { $cronimage = ''; } $show['rtl'] = $stylevar['textdirection'] == 'rtl'; $show['admincplink'] = iif($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'], true, false); // This generates an extra query for non-admins/supermods on many pages so we have chosen to only display it to supermods & admins // $show['modcplink'] = iif(can_moderate(), true, false); $show['modcplink'] = ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']); $show['registerbutton'] = (!$show['search_engine'] and $vbulletin->options['allowregistration'] and (!$vbulletin->userinfo['userid'] or $vbulletin->options['allowmultiregs'])); $show['searchbuttons'] = (!$show['search_engine'] and $vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['cansearch'] and $vbulletin->options['enablesearches']); $show['quicksearch'] = !fetch_require_hvcheck('search'); $show['memberslist'] = ($vbulletin->options['enablememberlist'] and $permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canviewmembers']); $loggedout = false; if (THIS_SCRIPT == 'login' and $_REQUEST['do'] == 'logout' and $vbulletin->userinfo['userid'] != 0) { $vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR); if (verify_security_token($vbulletin->GPC['logouthash'], $vbulletin->userinfo['securitytoken_raw'])) { $loggedout = true; } } if (!$vbulletin->userinfo['userid'] or $loggedout) { $show['guest'] = true; $show['member'] = false; } else { $show['guest'] = false; $show['member'] = true; }
} if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment'])) { $vbulletin->options['viewattachedimages'] = ($vbulletin->options['viewattachedimages'] and $vbulletin->options['attachthumbs']) ? 1 : 0; } // needed for deleted post management $show['managepost'] = (can_moderate($threadinfo['forumid'], 'candeleteposts') or can_moderate($threadinfo['forumid'], 'canremoveposts')) ? true : false; $show['approvepost'] = can_moderate($threadinfo['forumid'], 'canmoderateposts') ? true : false; $show['managethread'] = can_moderate($threadinfo['forumid'], 'canmanagethreads') ? true : false; $show['inlinemod'] = ($show['managethread'] or $show['managepost'] or $show['approvepost']) ? true : false; $show['multiquote_global'] = ($vbulletin->options['multiquote'] and $vbulletin->userinfo['userid']); if ($show['multiquote_global']) { $vbulletin->input->clean_array_gpc('c', array('vbulletin_multiquote' => TYPE_STR)); $vbulletin->GPC['vbulletin_multiquote'] = explode(',', $vbulletin->GPC['vbulletin_multiquote']); } // work out if quickreply should be shown or not if ($vbulletin->options['quickreply'] and !$threadinfo['isdeleted'] and !is_browser('netscape') and $vbulletin->userinfo['userid'] and ($vbulletin->userinfo['userid'] == $threadinfo['postuserid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyown'] or $vbulletin->userinfo['userid'] != $threadinfo['postuserid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyothers']) and ($threadinfo['open'] or can_moderate($threadinfo['forumid'], 'canopenclose')) and !fetch_require_hvcheck('post')) { $show['quickreply'] = true; } else { $show['quickreply'] = false; } $show['lightbox'] = ($vbulletin->options['lightboxenabled'] and $vbulletin->options['usepopups']); $show['spacer'] = false; $saveparsed = ''; // inialise $post['postcount'] =& $vbulletin->GPC['postcount']; $postbit_factory = new vB_Postbit_Factory(); $postbit_factory->registry =& $vbulletin; $postbit_factory->forum =& $foruminfo; $postbit_factory->thread =& $threadinfo; $postbit_factory->cache = array(); $postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
/** * Creates a new post * * @param string 'thread' for the first post in a new thread, 'reply' otherwise * @param array Forum Information * @param array Thread Information * @param array Post Information for the "Parent" post * @param array Post Information for the post being created * @param array (return) Array of errors * */ function build_new_post($type = 'thread', $foruminfo, $threadinfo, $postinfo, &$post, &$errors) { //NOTE: permissions are not checked in this function // $post is passed by reference, so that any changes (wordwrap, censor, etc) here are reflected on the copy outside the function // $post[] includes: // title, iconid, message, parseurl, email, signature, preview, disablesmilies, rating // $errors will become any error messages that come from the checks before preview kicks in global $vbulletin, $vbphrase, $forumperms; // ### PREPARE OPTIONS AND CHECK VALID INPUT ### $post['disablesmilies'] = intval($post['disablesmilies']); $post['enablesmilies'] = $post['disablesmilies'] ? 0 : 1; $post['folderid'] = intval($post['folderid']); $post['emailupdate'] = intval($post['emailupdate']); $post['rating'] = intval($post['rating']); $post['podcastsize'] = intval($post['podcastsize']); /*$post['parseurl'] = intval($post['parseurl']); $post['email'] = intval($post['email']); $post['signature'] = intval($post['signature']); $post['preview'] = iif($post['preview'], 1, 0); $post['iconid'] = intval($post['iconid']); $post['message'] = trim($post['message']); $post['title'] = trim(preg_replace('/�*32;/', ' ', $post['title'])); $post['username'] = trim($post['username']); $post['posthash'] = trim($post['posthash']); $post['poststarttime'] = trim($post['poststarttime']);*/ // Make sure the posthash is valid if (md5($post['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $post['posthash']) { $post['posthash'] = 'invalid posthash'; // don't phrase me } // OTHER SANITY CHECKS $threadinfo['threadid'] = intval($threadinfo['threadid']); // create data manager if ($type == 'thread') { $dataman =& datamanager_init('Thread_FirstPost', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $dataman->set('prefixid', $post['prefixid']); } else { $dataman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); } // set info $dataman->set_info('preview', $post['preview']); $dataman->set_info('parseurl', $post['parseurl']); $dataman->set_info('posthash', $post['posthash']); $dataman->set_info('forum', $foruminfo); $dataman->set_info('thread', $threadinfo); if (!$vbulletin->GPC['fromquickreply']) { $dataman->set_info('show_title_error', true); } if ($foruminfo['podcast'] and (!empty($post['podcasturl']) or !empty($post['podcastexplicit']) or !empty($post['podcastauthor']) or !empty($post['podcastsubtitle']) or !empty($post['podcastkeywords']))) { $dataman->set_info('podcastexplicit', $post['podcastexplicit']); $dataman->set_info('podcastauthor', $post['podcastauthor']); $dataman->set_info('podcastkeywords', $post['podcastkeywords']); $dataman->set_info('podcastsubtitle', $post['podcastsubtitle']); $dataman->set_info('podcasturl', $post['podcasturl']); if ($post['podcastsize']) { $dataman->set_info('podcastsize', $post['podcastsize']); } } // set options $dataman->setr('showsignature', $post['signature']); $dataman->setr('allowsmilie', $post['enablesmilies']); // set data $dataman->setr('userid', $vbulletin->userinfo['userid']); if ($vbulletin->userinfo['userid'] == 0) { $dataman->setr('username', $post['username']); } $dataman->setr('title', $post['title']); $dataman->setr('pagetext', $post['message']); $dataman->setr('iconid', $post['iconid']); // see if post has to be moderated or if poster in a mod if (($foruminfo['moderatenewthread'] and $type == 'thread' or $foruminfo['moderatenewpost'] and $type == 'reply' or !($forumperms & $vbulletin->bf_ugp_forumpermissions['followforummoderation'])) and !can_moderate($foruminfo['forumid']) or $type == 'reply' and ($postinfo['postid'] and !$postinfo['visible'] and !empty($postinfo['specifiedpost']) or !$threadinfo['visible'])) { // note: specified post comes from a variable passed into newreply.php $dataman->set('visible', 0); $post['visible'] = 0; } else { $dataman->set('visible', 1); $post['visible'] = 1; } if ($type != 'thread') { if ($postinfo['postid'] == 0) { // get parentid of the new post // we're not posting a new thread, so make this post a child of the first post in the thread $getfirstpost = $vbulletin->db->query_first("SELECT postid FROM " . TABLE_PREFIX . "post WHERE threadid={$threadinfo['threadid']} ORDER BY dateline LIMIT 1"); $parentid = $getfirstpost['postid']; } else { $parentid = $postinfo['postid']; } $dataman->setr('parentid', $parentid); $dataman->setr('threadid', $threadinfo['threadid']); } else { $dataman->setr('forumid', $foruminfo['forumid']); } $errors = array(); // done! ($hook = vBulletinHook::fetch_hook('newpost_process')) ? eval($hook) : false; if ($vbulletin->GPC['fromquickreply'] and $post['preview']) { $errors = array(); return; } if (fetch_require_hvcheck('post') and !$post['preview']) { require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library($vbulletin); if (!$verify->verify_token($post['humanverify'])) { $dataman->error($verify->fetch_error()); } } if ($dataman->info['podcastsize']) { $post['podcastsize'] = $dataman->info['podcastsize']; } // check if this forum requires a prefix if ($type == 'thread' and !$dataman->fetch_field('prefixid') and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) { // only require a prefix if we actually have options for this forum require_once DIR . '/includes/functions_prefix.php'; if (fetch_prefix_array($foruminfo['forumid'])) { $dataman->error('thread_prefix_required'); } } if ($type == 'thread' and $post['taglist']) { fetch_valid_tags($dataman->thread, $post['taglist'], $tag_errors, true, false); if ($tag_errors) { foreach ($tag_errors as $error) { $dataman->error($error); } } } $dataman->pre_save(); $errors = array_merge($errors, $dataman->errors); if ($post['preview']) { return; } // ### DUPE CHECK ### $dupehash = md5($foruminfo['forumid'] . $post['title'] . $post['message'] . $vbulletin->userinfo['userid'] . $type); $prevpostfound = false; $prevpostthreadid = 0; if ($prevpost = $vbulletin->db->query_first("\n\t\tSELECT posthash.threadid\n\t\tFROM " . TABLE_PREFIX . "posthash AS posthash\n\t\tWHERE posthash.userid = " . $vbulletin->userinfo['userid'] . " AND\n\t\t\tposthash.dupehash = '" . $vbulletin->db->escape_string($dupehash) . "' AND\n\t\t\tposthash.dateline > " . (TIMENOW - 300) . "\n\t")) { if ($type == 'thread' and $prevpost['threadid'] == 0 or $type == 'reply' and $prevpost['threadid'] == $threadinfo['threadid']) { $prevpostfound = true; $prevpostthreadid = $prevpost['threadid']; } } // Redirect user to forumdisplay since this is a duplicate post if ($prevpostfound) { if ($type == 'thread') { $vbulletin->url = 'forumdisplay.php?' . $vbulletin->session->vars['sessionurl'] . "f={$foruminfo['forumid']}"; eval(print_standard_redirect('redirect_duplicatethread', true, true)); } else { // with ajax quick reply we need to use the error system if ($vbulletin->GPC['ajax']) { $dataman->error('duplicate_post'); $errors = $dataman->errors; return; } else { $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$prevpostthreadid}&goto=newpost"; if ($post['ajaxqrfailed']) { // ajax qr failed. While this is a dupe, most likely the user didn't // see the initial post, so act like it went through. eval(print_standard_redirect('redirect_postthanks')); } else { eval(print_standard_redirect('redirect_duplicatepost', true, true)); } } } } if (sizeof($errors) > 0) { return; } $id = $dataman->save(); if ($type == 'thread') { $post['threadid'] = $id; $threadinfo =& $dataman->thread; $post['postid'] = $dataman->fetch_field('firstpostid'); } else { $post['postid'] = $id; } $post['visible'] = $dataman->fetch_field('visible'); $set_open_status = false; $set_sticky_status = false; if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) { $set_open_status = true; } if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) { $set_sticky_status = true; } if ($set_open_status or $set_sticky_status) { $thread =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost'); if ($type == 'thread') { $thread->set_existing($dataman->thread); if ($set_open_status) { $post['postpoll'] = false; } } else { $thread->set_existing($threadinfo); } if ($set_open_status) { $thread->set('open', $thread->fetch_field('open') == 1 ? 0 : 1); } if ($set_sticky_status) { $thread->set('sticky', $thread->fetch_field('sticky') == 1 ? 0 : 1); } $thread->save(); } if ($type == 'thread') { add_tags_to_thread($threadinfo, $post['taglist']); } // ### DO THREAD RATING ### build_thread_rating($post['rating'], $foruminfo, $threadinfo); // ### DO EMAIL NOTIFICATION ### if ($post['visible'] and $type != 'thread' and !in_coventry($vbulletin->userinfo['userid'], true)) { exec_send_notification($threadinfo['threadid'], $vbulletin->userinfo['userid'], $post['postid']); } // ### DO THREAD SUBSCRIPTION ### if ($vbulletin->userinfo['userid'] != 0) { require_once DIR . '/includes/functions_misc.php'; $post['emailupdate'] = verify_subscription_choice($post['emailupdate'], $vbulletin->userinfo, 9999); ($hook = vBulletinHook::fetch_hook('newpost_subscribe')) ? eval($hook) : false; if (!$threadinfo['issubscribed'] and $post['emailupdate'] != 9999) { // user is not subscribed to this thread so insert it /*insert query*/ $vbulletin->db->query_write("INSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } else { // User is subscribed, see if they changed the settings for this thread if ($post['emailupdate'] == 9999) { // Remove this subscription, user chose 'No Subscription' $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "subscribethread WHERE threadid = {$threadinfo['threadid']} AND userid = " . $vbulletin->userinfo['userid']); } else { if ($threadinfo['emailupdate'] != $post['emailupdate'] or $threadinfo['folderid'] != $post['folderid']) { // User changed the settings so update the current record /*insert query*/ $vbulletin->db->query_write("REPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } } } } ($hook = vBulletinHook::fetch_hook('newpost_complete')) ? eval($hook) : false; }
if (can_moderate($foruminfo['forumid'], 'canmanagethreads')) { $threadinfo['sticky'] = 0; $show['stickunstick'] = true; $show['unstickthread'] = false; } else { $show['stickunstick'] = false; } if ($show['openclose'] or $show['stickunstick']) { ($hook = vBulletinHook::fetch_hook('newthread_form_threadmanage')) ? eval($hook) : false; $templater = vB_Template::create('newpost_threadmanage'); $templater->register('checked', $checked); $threadmanagement = $templater->render(); } else { $threadmanagement = ''; } if (fetch_require_hvcheck('post')) { require_once DIR . '/includes/class_humanverify.php'; $verification =& vB_HumanVerify::fetch_library($vbulletin); $human_verify = $verification->output_token(); } else { $human_verify = ''; } if ($show['tag_option']) { $tags_remain = null; if ($vbulletin->options['tagmaxthread']) { $tags_remain = $vbulletin->options['tagmaxthread']; } if ($vbulletin->options['tagmaxstarter'] and !can_moderate($threadinfo['forumid'], 'caneditthreads')) { $tags_remain = $tags_remain === null ? $vbulletin->options['tagmaxstarter'] : min($tags_remain, $vbulletin->options['tagmaxstarter']); } $show['tags_remain'] = $tags_remain !== null;
} // Default Birthday Privacy option to show all if (empty($errorlist)) { $sbselected = array(2 => 'selected="selected"'); } eval('$birthdayfields = "' . fetch_template('modifyprofile_birthday') . '";'); } else { $show['birthday'] = false; $birthdayfields = ''; } $htmlonoff = $vbulletin->options['allowhtml'] ? $vbphrase['on'] : $vbphrase['off']; $bbcodeonoff = $vbulletin->options['allowbbcode'] ? $vbphrase['on'] : $vbphrase['off']; $imgcodeonoff = $vbulletin->options['allowbbimagecode'] ? $vbphrase['on'] : $vbphrase['off']; $smiliesonoff = $vbulletin->options['allowsmilies'] ? $vbphrase['on'] : $vbphrase['off']; // human verification if (fetch_require_hvcheck('register')) { require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library($vbulletin); $human_verify = $verify->output_token(); } // Referrer if ($vbulletin->options['usereferrer'] and !$vbulletin->userinfo['userid']) { exec_switch_bg(); if ($errorlist) { $referrername = $vbulletin->GPC['referrername']; } else { if ($vbulletin->GPC[COOKIE_PREFIX . 'referrerid']) { if ($referrername = $db->query_first_slave("SELECT username FROM " . TABLE_PREFIX . "user WHERE userid = " . $vbulletin->GPC[COOKIE_PREFIX . 'referrerid'])) { $referrername = $referrername['username']; } }
'vbulletin_multiquote' => TYPE_STR )); $vbulletin->GPC['vbulletin_multiquote'] = explode(',', $vbulletin->GPC['vbulletin_multiquote']); } // work out if quickreply should be shown or not if ( $vbulletin->options['quickreply'] AND !$threadinfo['isdeleted'] AND !is_browser('netscape') AND $vbulletin->userinfo['userid'] AND ( ($vbulletin->userinfo['userid'] == $threadinfo['postuserid'] AND $forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyown']) OR ($vbulletin->userinfo['userid'] != $threadinfo['postuserid'] AND $forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyothers']) ) AND ($threadinfo['open'] OR can_moderate($threadinfo['forumid'], 'canopenclose')) AND (!fetch_require_hvcheck('post')) ) { $show['quickreply'] = true; } else { $show['quickreply'] = false; } $show['lightbox'] = ($vbulletin->options['lightboxenabled'] AND $vbulletin->options['usepopups']); $show['spacer'] = false; $saveparsed = ''; // inialise $post['postcount'] =& $vbulletin->GPC['postcount'];
/** * Returns whether or not the user requires a human verification test to complete the specified action * * @param string $action The name of the action to check. Possible values: register, post, search, contactus, lostpw * @return boolean Whether a hv check is required */ public function fetchRequireHvcheck($action) { static $results = array(); if (!empty($results[$action])) { return $results[$action]; } $results[$action] = fetch_require_hvcheck($action); return $results[$action]; }
/** * Loads assorted show variables. Ideally, these would be used in templates, * but sometimes they're used within code. */ public function load_show_variables() { global $show, $vbulletin, $vbphrase; $show['old_explorer'] = (is_browser('ie') AND !is_browser('ie', 6)); $show['rtl'] = (!($vbulletin->userinfo['lang_options'] & $vbulletin->bf_misc_languageoptions['direction'])); $show['admincplink'] = ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] ? true : false); // This generates an extra query for non-admins/supermods on many pages so we have chosen to only display it to supermods & admins // $show['modcplink'] = iif(can_moderate(), true, false); $show['modcplink'] = ( $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] OR $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator'] ); $show['registerbutton'] = ( !$show['search_engine'] AND $vbulletin->options['allowregistration'] AND (!$vbulletin->userinfo['userid'] OR $vbulletin->options['allowmultiregs']) ); $show['searchbuttons'] = ( !$show['search_engine'] AND $vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['cansearch'] AND $vbulletin->options['enablesearches'] ); $show['quicksearch'] = (!fetch_require_hvcheck('search')); $show['memberslist'] = ( $vbulletin->options['enablememberlist'] AND $vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canviewmembers'] ); $loggedout = false; if (THIS_SCRIPT == 'login' AND $_REQUEST['do'] == 'logout' AND $vbulletin->userinfo['userid'] != 0) { $vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR); if (verify_security_token($vbulletin->GPC['logouthash'], $vbulletin->userinfo['securitytoken_raw'])) { $loggedout = true; } } if (!$vbulletin->userinfo['userid'] OR $loggedout) { $show['guest'] = true; $show['member'] = false; } else { $show['guest'] = false; $show['member'] = true; } $show['detailedtime'] = ($vbulletin->options['yestoday'] == 2); $show['popups'] = (!$show['search_engine'] AND $vbulletin->options['usepopups'] AND !$vbulletin->GPC['nojs']); if ($show['popups']) { // this isn't what $show is for, but it's a variable that's available in many places $show['nojs_link'] = $vbulletin->scriptpath . (strpos($vbulletin->scriptpath, '?') ? '&' : '?') . 'nojs=1'; } else { $show['nojs_link'] = ''; } if ($vbulletin->options['enablepms'] AND $vbulletin->userinfo['userid'] AND ($vbulletin->userinfo['pmunread'] OR ($vbulletin->userinfo['receivepm'] AND $vbulletin->userinfo['permissions']['pmquota']))) { if ($vbulletin->userinfo['pmtotal'] < $vbulletin->userinfo['permissions']['pmquota']) { if (($vbphrase['pmpercent_nav_compiled'] = number_format(floor($vbulletin->userinfo['pmtotal'] / $vbulletin->userinfo['permissions']['pmquota'] * 100), 0)) >= 90) { $show['pmwarning'] = true; } else { $show['pmwarning'] = false; } } else if ($vbulletin->userinfo['permissions']['pmquota']) { $show['pmwarning'] = true; $vbphrase['pmpercent_nav_compiled'] = '100'; } else { $show['pmwarning'] = false; } $show['pmstats'] = true; } else { $show['pmstats'] = false; $show['pmwarning'] = false; } $show['pmmainlink'] = ( $vbulletin->options['enablepms'] AND $vbulletin->userinfo['userid'] AND ($vbulletin->userinfo['permissions']['pmquota'] OR $vbulletin->userinfo['pmtotal']) ); $show['pmtracklink'] = ($vbulletin->userinfo['permissions']['pmpermissions'] & $vbulletin->bf_ugp_pmpermissions['cantrackpm']); $show['pmsendlink'] = ($vbulletin->userinfo['permissions']['pmquota']); $show['siglink'] = ($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canusesignature']); $show['avatarlink'] = ($vbulletin->options['avatarenabled']); $show['profilepiclink'] = ( $vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canprofilepic'] AND $vbulletin->options['profilepicenabled'] ); $show['wollink'] = ($vbulletin->userinfo['permissions']['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonline']); $show['spacer'] = true; // used in postbit template $show['dst_correction'] = ( THIS_SCRIPT != 'register' AND ($vbulletin->session->vars['loggedin'] == 1 OR $vbulletin->session->created OR THIS_SCRIPT == 'usercp') AND $vbulletin->userinfo['dstauto'] == 1 AND $vbulletin->userinfo['userid'] ); $show['contactus'] = ( $vbulletin->options['contactuslink'] AND ((!$vbulletin->userinfo['userid'] AND $vbulletin->options['contactustype']) OR $vbulletin->userinfo['userid']) ); // you may define this if you don't want the password in the login box to be zapped onsubmit; good for integration $show['nopasswordempty'] = defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; // this nees to be an int for the templates // Determine display of certain navbar Quick Links $show['quick_links_groups'] = ( $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_groups'] AND $vbulletin->userinfo['permissions']['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canviewgroups'] ); $show['quick_links_albums'] = ( $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums'] AND $vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canviewmembers'] AND $vbulletin->userinfo['permissions']['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['canviewalbum'] ); $show['friends_and_contacts'] = ( $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends'] AND $vbulletin->userinfo['permissions']['genericpermissions2'] & $vbulletin->bf_ugp_genericpermissions2['canusefriends'] ); $show['communitylink'] = ($show['quick_links_groups'] OR $show['quick_links_albums'] OR $vbulletin->userinfo['userid'] OR $show['memberslist']); // We don't want the number of columns to be more than the total number of smilies to display #36621 $vbulletin->options['smcolumns'] = $vbulletin->options['smcolumns'] > $vbulletin->options['smtotal'] ? $vbulletin->options['smtotal'] : $vbulletin->options['smcolumns']; }
/** * vB_Search_Searchtools::searchIntroRegisterHumanVerify() * Handle registration of the human verify components * If necesary, display the human verify form. * * @param mixed $template * @return nothing */ public static function searchIntroRegisterHumanVerify($template) { global $vbulletin; // image verification $human_verify = ''; if (fetch_require_hvcheck('search')) { require_once(DIR . '/includes/class_humanverify.php'); $verification =& vB_HumanVerify::fetch_library($vbulletin); $human_verify = $verification->output_token(); } $template->register('human_verify', $human_verify); }
{ eval(standard_error(fetch_error('requiredfields'))); } if ($perform_floodcheck) { require_once(DIR . '/includes/class_floodcheck.php'); $floodcheck = new vB_FloodCheck($vbulletin, 'user', 'emailstamp'); $floodcheck->commit_key($vbulletin->userinfo['userid'], TIMENOW, TIMENOW - $vbulletin->options['emailfloodtime']); if ($floodcheck->is_flooding()) { eval(standard_error(fetch_error('emailfloodcheck', $vbulletin->options['emailfloodtime'], $floodcheck->flood_wait()))); } } if (fetch_require_hvcheck('contactus')) { require_once(DIR . '/includes/class_humanverify.php'); $verify =& vB_HumanVerify::fetch_library($vbulletin); if (!$verify->verify_token($vbulletin->GPC['humanverify'])) { standard_error(fetch_error($verify->fetch_error())); } } ($hook = vBulletinHook::fetch_hook('sendmessage_dosendtofriend_start')) ? eval($hook) : false; if ($vbulletin->GPC['username'] != '') { if ($userinfo = $db->query_first_slave(" SELECT user.*, userfield.*
/** * Fetches the standard page view . * @param integer $nodeid - node for which we are displaying comments * * @return vBCms_View - The resolved view, or array of views */ public function getPageView($nodeid, $target_url) { global $vbphrase; require_once DIR . '/includes/functions_editor.php'; vB::$vbulletin->input->clean_array_gpc('r', array( 'nodeid' => vB_Input::TYPE_INT, 'page' => vB_Input::TYPE_INT, 'direction' => vB_Input::TYPE_STR, 'postid' => vB_Input::TYPE_UINT )); if (! $row = vB::$vbulletin->db->query_first("SELECT node.comments_enabled, node.setpublish, node.publishdate, nodeinfo.associatedthreadid, thread.forumid FROM " . TABLE_PREFIX . "cms_node AS node LEFT JOIN " . TABLE_PREFIX . "cms_nodeinfo AS nodeinfo ON node.nodeid = nodeinfo.nodeid LEFT JOIN " . TABLE_PREFIX . "thread AS thread on thread.threadID = nodeinfo.associatedthreadid WHERE nodeinfo.nodeid = $nodeid LIMIT 1;" )) { return false; } if (! $row['comments_enabled'] OR !$row['setpublish'] OR ($row['publishdate'] > TIMENOW)) { return false; } if (! intval($row['forumid'])) { $this->repairComments($row['associatedthreadid']); } if (!intval($row['associatedthreadid'])) { return false; } $associatedthreadid = $row['associatedthreadid']; $base_url = empty($target_url) ? vB_Router::getCurrentURL() : $target_url; // Create view $view = new vB_View('vbcms_comments_page'); $view->nodeid = $nodeid; $view->threadid = $row['associatedthreadid']; $view->this_url = str_replace('&', '&', $base_url); // display publish to Facebook checkbox in quick editor? if (is_facebookenabled()) { $view->fbpublishcheckbox = construct_fbpublishcheckbox(); } $this_user = new vB_Legacy_CurrentUser(); $pageno = vB::$vbulletin->GPC_exists['page'] ? vB::$vbulletin->GPC['page'] : 1; $view->pageno = $pageno; $view->node_comments = self::showComments($view->nodeid, $this_user, $pageno, 20, $target_url, $associatedthreadid); // make sure user has permission to post comment before displaying comment editor if (self::canPostComment($view->threadid, $this_user)) { // prepare the wyswiwig editor for comments $view->show_comment_editor = true; global $messagearea; $editor_name = construct_edit_toolbar(''); $view->messagearea = $messagearea;// $view->editor_name = $editor_name; // include captcha validation and guest username field if (fetch_require_hvcheck('post')) { require_once(DIR . '/includes/class_humanverify.php'); $reg = vB::$vbulletin; $verification =& vB_HumanVerify::fetch_library($reg); $human_verify = $verification->output_token(); } else { $human_verify = ''; } $view->human_verify = $human_verify; $view->usernamecode = new vB_View('newpost_usernamecode'); } else { $view->show_comment_editor = false; } return $view; }
// ############################################################################# // draw navbar $navbits = array(); $navbits[fetch_seo_url('forumhome', array())] = $vbphrase['forum']; $parentlist = array_reverse(explode(',', substr($forum['parentlist'], 0, -3))); foreach ($parentlist as $forumID) { $forumTitle = $vbulletin->forumcache["{$forumID}"]['title']; $navbits[fetch_seo_url('forum', array('forumid' => $forumID, 'title' => $forumTitle))] = $forumTitle; } $navbits[''] = $thread['prefix_rich'] . ' ' . $thread['title']; $navbits = construct_navbits($navbits); $navbar = render_navbar_template($navbits); // ############################################################################# // setup $show variables $show['lightbox'] = ($vbulletin->options['lightboxenabled'] and $vbulletin->options['usepopups'] and !empty($postattach) and $forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment']); $show['search'] = (!$show['search_engine'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['cansearch'] and $vbulletin->options['enablesearches'] and !fetch_require_hvcheck('search')); $show['subscribed'] = iif($threadinfo['issubscribed'], true, false); $show['threadrating'] = iif($forum['allowratings'] and ($threadinfo['open'] or can_moderate($threadinfo['forumid'], 'canopenclose')) and $forumperms & $vbulletin->bf_ugp_forumpermissions['canthreadrate'], true, false); $show['ratethread'] = iif($show['threadrating'] and (!$threadinfo['vote'] or $vbulletin->options['votechange']), true, false); $show['closethread'] = iif($threadinfo['open'], true, false); $show['approvethread'] = $threadinfo['visible'] == 0 ? true : false; $show['unstick'] = iif($threadinfo['sticky'], true, false); $show['reputation'] = ($vbulletin->options['reputationenable'] and $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']); $show['sendtofriend'] = $forumperms & $vbulletin->bf_ugp_forumpermissions['canemail']; // next/prev links don't work for search engines or non-lastpost sort orders // Anyone remember why we hide these links from search engines? $show['next_prev_links'] = (!$show['search_engine'] and ($foruminfo['defaultsortfield'] == 'lastpost' or !$foruminfo['defaultsortfield'])); if ($show['next_prev_links'] and $vbulletin->options['nextprevlinks']) { $nextthreadinfo = goto_nextthread($thread['threadid'], false); $prevthreadinfo = goto_prevthread($thread['threadid'], false); }
$birthdayfields = $templater->render(); } else { $show['birthday'] = false; $birthdayfields = ''; } $htmlonoff = ($vbulletin->options['allowhtml'] ? $vbphrase['on'] : $vbphrase['off']); $bbcodeonoff = ($vbulletin->options['allowbbcode'] ? $vbphrase['on'] : $vbphrase['off']); $imgcodeonoff = ($vbulletin->options['allowbbimagecode'] ? $vbphrase['on'] : $vbphrase['off']); $smiliesonoff = ($vbulletin->options['allowsmilies'] ? $vbphrase['on'] : $vbphrase['off']); // human verification, which we can bypass if user has been verified on facebook if (fetch_require_hvcheck('register') AND (!is_facebookenabled() OR (is_facebookenabled() AND !vB_Facebook::instance()->userIsLoggedIn()))) { require_once(DIR . '/includes/class_humanverify.php'); $verify =& vB_HumanVerify::fetch_library($vbulletin); $human_verify = $verify->output_token(); } // Referrer if ($vbulletin->options['usereferrer'] AND !$vbulletin->userinfo['userid']) { exec_switch_bg(); if ($errorlist) { $referrername = $vbulletin->GPC['referrername']; } else if ($vbulletin->GPC[COOKIE_PREFIX . 'referrerid'])