if (!forum_utils_news_access($forum_id)) { exit_error($Language->getText('global', 'error'), $Language->getText('news_admin_index', 'permission_denied')); } $vPostMsg = new Valid_WhiteList('post_message', array('y')); $vPostMsg->required(); if ($request->isPost() && $request->valid($vPostMsg)) { // // MV: add management on "on post monitoring" $vMonitor = new Valid_WhiteList('enable_monitoring', array('1')); $vMonitor->required(); $vThreadId = new Valid_UInt('thread_id'); $vThreadId->required(); if ($request->valid($vMonitor) && $request->valid($vThreadId)) { if (user_isloggedin()) { if (!user_monitor_forum($forum_id, user_getid())) { if (!forum_thread_add_monitor($forum_id, $request->get('thread_id'), user_getid())) { $feedback .= $Language->getText('forum_forum_utils', 'insert_err'); } } } } // Note: there is a 'msg_id' send but not used here. $vFollowUp = new Valid_UInt('is_followup_to'); $vFollowUp->required(); $vSubject = new Valid_String('subject'); $vSubject->required(); $vSubject->setErrorMessage($GLOBALS['Language']->getText('forum_forum_utils', 'include_body_and_subject')); $vBody = new Valid_Text('body'); $vBody->required(); $vBody->setErrorMessage($GLOBALS['Language']->getText('forum_forum_utils', 'include_body_and_subject')); if ($request->valid($vThreadId) && $request->valid($vFollowUp) && $request->valid($vSubject) && $request->valid($vBody)) {
function post_message($thread_id, $is_followup_to, $subject, $body, $group_forum_id) { global $feedback, $Language; if (user_isloggedin()) { $request =& HTTPRequest::instance(); if (!$group_forum_id) { exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'post_without_id')); } if (!$body || !$subject) { exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'include_body_and_subject')); } //see if that message has been posted already for people that double-post $res3 = db_query("SELECT * FROM forum " . "WHERE is_followup_to=" . db_ei($is_followup_to) . " " . "AND subject='" . db_es(htmlspecialchars($subject)) . "' " . "AND group_forum_id=" . db_ei($group_forum_id) . " " . "AND body='" . db_es($body) . "' " . "AND posted_by='" . user_getid() . "'"); if (db_numrows($res3) > 0) { //already posted this message exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'do_not_double_post')); } else { echo db_error(); } if (!$thread_id) { $thread_id = get_next_thread_id(); $is_followup_to = 0; } else { if ($is_followup_to) { //increment the parent's followup count if necessary $res2 = db_query("SELECT * FROM forum WHERE msg_id=" . db_ei($is_followup_to) . " AND thread_id=" . db_ei($thread_id) . " AND group_forum_id=" . db_ei($group_forum_id)); if (db_numrows($res2) > 0) { if (db_result($res2, 0, 'has_followups') > 0) { //parent already is marked with followups } else { //mark the parent with followups as an optimization later db_query("UPDATE forum SET has_followups='1' WHERE msg_id=" . db_ei($is_followup_to) . " AND thread_id=" . db_ei($thread_id) . " AND group_forum_id=" . db_ei($group_forum_id)); } } else { exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'msg_not_exist')); } } else { //should never happen except with shoddy browsers or mucking with the HTML form exit_error($Language->getText('global', 'error'), $Language->getText('forum_forum_utils', 'no_folowup_id')); } } $sql = "INSERT INTO forum (group_forum_id,posted_by,subject,body,date,is_followup_to,thread_id) " . "VALUES (" . db_ei($group_forum_id) . ", '" . user_getid() . "', '" . db_es(htmlspecialchars($subject)) . "', '" . db_es(htmlspecialchars($body)) . "', '" . time() . "'," . db_ei($is_followup_to) . "," . db_ei($thread_id) . ")"; $result = db_query($sql); if (!$result) { echo $Language->getText('forum_forum_utils', 'insert_fail'); echo db_error(); $feedback .= ' ' . $Language->getText('forum_forum_utils', 'post_failed') . ' '; } else { $feedback .= ' ' . $Language->getText('forum_forum_utils', 'msg_posted') . ' '; } $msg_id = db_insertid($result); // extract cross reference in the message $reference_manager =& ReferenceManager::instance(); $g_id = get_forum_group_id($group_forum_id); $GLOBALS['group_id'] = $g_id; // don't know why group_id is not set in forum (needed for references) $reference_manager->extractCrossRef($subject, $msg_id, ReferenceManager::REFERENCE_NATURE_FORUMMESSAGE, $g_id); $reference_manager->extractCrossRef($body, $msg_id, ReferenceManager::REFERENCE_NATURE_FORUMMESSAGE, $g_id); if ($request->isPost() && $request->existAndNonEmpty('enable_monitoring')) { forum_thread_add_monitor($group_forum_id, $thread_id, user_getid()); } else { forum_thread_delete_monitor_by_user($group_forum_id, $msg_id, user_getid()); } handle_monitoring($group_forum_id, $thread_id, $msg_id); } else { echo ' <H3>' . $Language->getText('forum_forum_utils', 'could_post_if_logged') . '</H3>'; } }