} elseif ($toforum = phorum_check_moved_message($thread)) {
// is it a moved thread?
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["MovedMessage"];
$PHORUM['DATA']["URL"]["REDIRECT"] = phorum_get_url(PHORUM_FOREIGN_READ_URL, $toforum, $thread);
$PHORUM['DATA']["BACKMSG"] = $PHORUM["DATA"]["LANG"]["MovedMessageTo"];
$PHORUM["DATA"]["HTML_TITLE"] = htmlspecialchars($PHORUM["DATA"]["HTML_TITLE"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
// have to include the header here for the Redirect
phorum_output("message");
} else {
// message not found
$PHORUM["DATA"]["ERROR"] = $PHORUM["DATA"]["LANG"]["MessageNotFound"];
$PHORUM['DATA']["URL"]["REDIRECT"] = $PHORUM["DATA"]["URL"]["LIST"];
$PHORUM['DATA']["BACKMSG"] = $PHORUM["DATA"]["LANG"]["BackToList"];
$PHORUM["DATA"]["HTML_TITLE"] = htmlspecialchars($PHORUM["DATA"]["HTML_TITLE"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
// have to include the header here for the Redirect
phorum_output("message");
}
// find out if the given thread has been moved to another forum
function phorum_check_moved_message($thread)
{
$forum_id = $GLOBALS['PHORUM']['forum_id'];
$message = phorum_db_get_message($thread, 'message_id', true);
if (!empty($message) && $message['forum_id'] != $forum_id) {
$ret = $message['forum_id'];
} else {
$ret = false;
}
return $ret;
}
//timing_mark("end");
//timing_print();
phorum_email_user($mail_users, $mail_data);
$PHORUM["DATA"]["URL"]["REDIRECT"] = phorum_get_url(PHORUM_FOREIGN_READ_URL, $message["forum_id"], $message["thread"]);
$PHORUM["DATA"]["BACKMSG"] = $PHORUM["DATA"]["LANG"]["BackToThread"];
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["ReportPostSuccess"];
$template = "message";
$report = true;
}
} else {
$PHORUM["DATA"]["ReportPostMessage"] = $PHORUM["DATA"]["LANG"]['ReportPostNotAllowed'];
}
}
// format message
list($message) = phorum_format_messages(array($message));
$PHORUM["DATA"]["PostSubject"] = $message["subject"];
$PHORUM["DATA"]["PostAuthor"] = $message["author"];
$PHORUM["DATA"]["PostBody"] = $message["body"];
$PHORUM["DATA"]["raw_PostDate"] = $message["datestamp"];
$PHORUM["DATA"]["PostDate"] = phorum_date($PHORUM["short_date_time"], $message["datestamp"]);
$PHORUM["DATA"]["ReportURL"] = phorum_get_url(PHORUM_REPORT_URL, $message_id);
// if the report was not successfully sent, keep whatever explanation they gave already
if (isset($_POST["explanation"]) && !$report) {
$PHORUM["DATA"]["explanation"] = $_POST["explanation"];
} else {
$PHORUM["DATA"]["explanation"] = "";
}
} else {
$PHORUM["DATA"]["ERROR"] = $PHORUM['DATA']['LANG']['MessageNotFound'];
$template = 'message';
}
phorum_output($template);
$redir_url = $not_viewable ? phorum_get_url(PHORUM_LIST_URL) : phorum_get_url(PHORUM_READ_URL, $message["thread"]);
}
} else {
$redir_url = phorum_get_url(PHORUM_LIST_URL);
}
if ($message["status"] > 0) {
phorum_redirect_by_url($redir_url);
} else {
// give a message about this being a moderated forum before redirecting
$PHORUM['DATA']['OKMSG'] = $PHORUM['DATA']['LANG']['ModeratedForum'];
$PHORUM['DATA']["URL"]["REDIRECT"] = $redir_url;
// BACKMSG is depending on the place we are returning to
if ($PHORUM["redirect_after_post"] == "read") {
$PHORUM['DATA']['BACKMSG'] = $PHORUM['DATA']['LANG']['BackToThread'];
} else {
$PHORUM['DATA']['BACKMSG'] = $PHORUM['DATA']['LANG']['BackToList'];
}
// make it a little bit more visible
$PHORUM['DATA']["URL"]["REDIRECT_TIME"] = 10;
phorum_output('message');
exit(0);
}
return;
}
// If we get here, the posting was not successful. The return value from
// the post function is 0 in case of duplicate posting and FALSE in case
// a database problem occured.
// Restore the original message.
$message = $message_copy;
// Setup the data for displaying an error to the user.
$PHORUM["DATA"]["ERROR"] = $success === 0 ? $PHORUM["DATA"]["LANG"]['PostErrorDuplicate'] : $PHORUM["DATA"]["LANG"]['PostErrorOccured'];
} elseif ($PHORUM["show_new_on_index"] == 2) {
$forum["new_message_check"] = $new_checks[$forum["forum_id"]];
}
}
}
$forums_shown = true;
if ($forum["folder_flag"]) {
$PHORUM["DATA"]["FOLDERS"][] = $forum;
} else {
$PHORUM["DATA"]["FORUMS"][] = $forum;
}
}
if (!$forums_shown) {
// we did not show any forums here, show an error-message
// set all our URL's
phorum_build_common_urls();
unset($PHORUM["DATA"]["URL"]["TOP"]);
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["NoForums"];
phorum_output("message");
} else {
if (isset($PHORUM["hooks"]["index"])) {
$PHORUM["DATA"]["FORUMS"] = phorum_hook("index", $PHORUM["DATA"]["FORUMS"]);
}
// set all our URL's
phorum_build_common_urls();
// should we show the top-link?
if ($PHORUM['forum_id'] == 0 || $PHORUM['vroot'] == $PHORUM['forum_id']) {
unset($PHORUM["DATA"]["URL"]["INDEX"]);
}
phorum_output("index_classic");
}
$PHORUM["DATA"]["URL"]["BUDDIES"] = phorum_get_url(PHORUM_PM_URL, "page=buddies");
$PHORUM["DATA"]["PM_FOLDERS"] = $pm_folders;
$PHORUM["DATA"]["PM_USERFOLDERS"] = count($pm_userfolders) ? $pm_userfolders : 0;
// Set some default template data.
$PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url(PHORUM_PM_ACTION_URL);
$PHORUM["DATA"]["FOLDER_ID"] = $folder_id;
$PHORUM["DATA"]["FOLDER_IS_INCOMING"] = $folder_id == PHORUM_PM_OUTBOX ? 0 : 1;
$PHORUM["DATA"]["PM_PAGE"] = $page;
$PHORUM["DATA"]["PM_TEMPLATE"] = $template;
$PHORUM["DATA"]["HIDE_USERSELECT"] = $hide_userselect;
if ($error_msg) {
$PHORUM["DATA"]["ERROR"] = $error_msg;
unset($PHORUM["DATA"]["MESSAGE"]);
phorum_output("message");
} else {
phorum_output("pm");
}
// ------------------------------------------------------------------------
// Utility functions
// ------------------------------------------------------------------------
// Apply the default forum message formatting to a private message.
function phorum_pm_format($messages)
{
$PHORUM = $GLOBALS["PHORUM"];
include_once "./include/format_functions.php";
// Reformat message so it looks like a forum message (so we can run it
// through phorum_format_messages) and do some PM specific formatting.
foreach ($messages as $id => $message) {
// The formatting code expects a message id.
$messages[$id]["message_id"] = $id;
// Read URLs need a folder id, so we only create that URL if
* [input]
* An array containing all the forums and folders that will be shown
* on the index page.
*
* [output]
* The same array as the one that was used for the hook call
* argument, possibly with some updated fields in it.
*
* [example]
* <hookcode>
* function phorum_mod_foo_index($data)
* {
* global $PHORUM;
*
* foreach ($data as $id => $item)
* {
* if (!$item['folder_flag'])
* {
* $data[$id]['description'] .= '<br/>Blah foo bar baz';
* }
* }
*
* return $data;
* }
* </hookcode>
*/
if (isset($PHORUM["hooks"]["index"])) {
$PHORUM["DATA"]["FORUMS"] = phorum_hook("index", $PHORUM["DATA"]["FORUMS"]);
}
phorum_output("index_new");
/**
* Outputs a confirmation form. To maintain backwards compatibility with
* the templates, we generate a form in code and output it using stdblock
*
* The function exits the script after displaying the form
*
* @param string $message Message to display to users
* @param string $action The URI to post the form to
* @param array $args The hidden form values to be used in the form
* @return void
*
*/
function phorum_show_confirmation_form($title, $message, $action, $args)
{
global $PHORUM;
ob_start();
?>
<form action="<?php
echo htmlspecialchars($action, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
" method="post">
<?php
echo htmlspecialchars($message, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
<input type="hidden" name="forum_id" value="<?php
echo $PHORUM["forum_id"];
?>
" />
<?php
foreach ($args as $name => $value) {
?>
<input type="hidden" name="<?php
echo htmlspecialchars($name, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
"
value="<?php
echo htmlspecialchars($value, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
" />
<?php
}
?>
<?php
echo $PHORUM["DATA"]["POST_VARS"];
?>
<input class="button button-small" type="submit" name="confirmation" value="<?php
echo $PHORUM["DATA"]["LANG"]["Yes"];
?>
" />
<input class="button button-small" type="submit" name="confirmation" value="<?php
echo $PHORUM["DATA"]["LANG"]["No"];
?>
" />
</form>
<?php
$PHORUM["DATA"]["BLOCK_TITLE"] = $title;
$PHORUM["DATA"]["BLOCK_CONTENT"] = ob_get_clean();
phorum_output("stdblock");
}
$this_version["colored_subject"] = $message["subject"];
}*/
// only happens in first loop
if ($prev_subject == -1) {
$prev_subject = $message["subject"];
}
// subject diffs
if (isset($diff_info['diff_subject']) && !empty($diff_info['diff_subject'])) {
$colored_subject = phorum_unpatch_color($prev_subject, $diff_info['diff_subject']);
$prev_subject = phorum_unpatch($prev_subject, $diff_info['diff_subject']);
$colored_subject = htmlspecialchars($colored_subject, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
$colored_subject = str_replace(array("[phorum addition]", "[phorum removal]", "[/phorum addition]", "[/phorum removal]"), array("<span class=\"addition\">", "<span class=\"removal\">", "</span>", "</span>"), $colored_subject);
$colored_subject = nl2br($colored_subject);
$this_version["colored_subject"] = $colored_subject;
} elseif (!isset($diff_info['diff_subject'])) {
$this_version['colored_subject'] = nl2br($prev_subject);
} else {
$this_version["colored_subject"] = nl2br($prev_subject);
}
// no nl2br for subject
//$this_version["colored_subject"] = nl2br($this_version["colored_subject"]);
$message_hist[] = $this_version;
}
$PHORUM["DATA"]["HEADING"] = $PHORUM["DATA"]["LANG"]["ChangeHistory"];
// unset default description
$PHORUM["DATA"]["DESCRIPTION"] = "";
$PHORUM["DATA"]["MESSAGE"]["subject"] = htmlspecialchars($message["subject"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
$PHORUM["DATA"]["MESSAGE"]["URL"]["READ"] = phorum_get_url(PHORUM_READ_URL, $message["thread"], $message_id);
$PHORUM["DATA"]["CHANGES"] = $message_hist;
phorum_output("changes");
$PHORUM["post_fields"]["email"][pf_READONLY] = false;
}
}
if (isset($PHORUM["DATA"]["SHOW_SPECIALOPTIONS"]) && $PHORUM["DATA"]["SHOW_SPECIALOPTIONS"]) {
$PHORUM["post_fields"]["special"][pf_READONLY] = false;
}
if (isset($PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"]) && $PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"]) {
$PHORUM["post_fields"]["allow_reply"][pf_READONLY] = false;
}
// Check permissions and apply read-only data.
// Only do this on entering and on finishing up.
// No checking is needed on intermediate requests.
if ($initial || $finish) {
include './include/posting/check_permissions.php';
if ($PHORUM["posting_template"] == 'message' && empty($PHORUM["postingargs"]["as_include"])) {
return phorum_output('message');
}
}
// Do permission checks for attachment management.
if ($do_attach || $do_detach) {
if (!$PHORUM["DATA"]["ATTACHMENTS"]) {
$PHORUM["DATA"]["ERROR"] = $PHORUM["DATA"]["LANG"]["AttachNotAllowed"];
}
}
// ----------------------------------------------------------------------
// Perform actions
// ----------------------------------------------------------------------
/*
* [hook]
* posting_custom_action
*
// No data posted, so this is the first request. Initialize form data.
} else {
// Initialize fixed fields.
$PHORUM["DATA"]["REGISTER"]["username"] = "";
$PHORUM["DATA"]["REGISTER"]["email"] = "";
$PHORUM["DATA"]["ERROR"] = "";
// Initialize custom profile fields.
foreach ($PHORUM["PROFILE_FIELDS"] as $id => $field) {
if ($id === 'num_fields' || !empty($field['deleted'])) {
continue;
}
$PHORUM["DATA"]["REGISTER"][$field["name"]] = "";
}
}
// fill the breadcrumbs-info.
$PHORUM['DATA']['BREADCRUMBS'][] = array('URL' => '', 'TEXT' => $PHORUM['DATA']['LANG']['Register'], 'TYPE' => 'register');
// fill the page heading info.
$PHORUM['DATA']['HEADING'] = $PHORUM['DATA']['LANG']['Register'];
$PHORUM['DATA']['HTML_DESCRIPTION'] = '';
$PHORUM['DATA']['DESCRIPTION'] = '';
# Setup static template data.
$PHORUM["DATA"]["REGISTERFORM"] = 1;
$PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url(PHORUM_REGISTER_ACTION_URL);
$PHORUM["DATA"]["REGISTER"]["forum_id"] = $PHORUM["forum_id"];
$PHORUM["DATA"]["REGISTER"]["block_title"] = $PHORUM["DATA"]["LANG"]["Register"];
// Set the field to set the focus to after loading.
// $PHORUM["DATA"]["FOCUS_TO_ID"] = empty($_POST["username"]) ? "username" : "password";
$PHORUM["DATA"]["FOCUS_TO_ID"] = "username";
// Display the registration page.
phorum_output("register");
/**
* Setup and check posting tokens for form POST requests.
*
* For protecting forms against CSRF attacks, a signed posting token
* is utilized. This posting token must be included in the POST request.
* Without the token, Phorum will not accept the POST data.
*
* This function will check whether we are handling a POST request.
* If yes, then check if an anti-CSRF token is provided in the POST data.
* If no token is available or if the token does not match the expected
* token, then the POST request is rejected.
*
* As a side effect, the required token is added to the {POST_VARS}
* template variable. This facilitates protecting scripts. As
* long as the template variable is added to the <form> for the
* script, it will be automatically protected.
*
* @param string $target_page
* The page for which to check a posting token. When no target
* page is provided, then the constant "phorum_page" is used instead.
*
* @return string
* The expected posting token.
*/
function phorum_check_posting_token($target_page = NULL)
{
global $PHORUM;
if ($target_page === NULL) {
$target_page = phorum_page;
}
// Generate the posting token.
$posting_token = md5(($target_page !== NULL ? $target_page : phorum_page) . '/' . ($PHORUM['user']['user_id'] ? $PHORUM['user']['password'] . '/' . $PHORUM['user']['sessid_lt'] : (isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'unknown')) . '/' . $PHORUM['private_key']);
// Add the posting token to the {POST_VARS}.
$PHORUM['DATA']['POST_VARS'] .= "<input type=\"hidden\" name=\"posting_token:{$target_page}\" " . "value=\"{$posting_token}\"/>\n";
// Check the posting token if a form post is done.
if (!empty($_POST)) {
if (!isset($_POST["posting_token:{$target_page}"]) || $_POST["posting_token:{$target_page}"] != $posting_token) {
$PHORUM['DATA']['ERROR'] = 'Possible hack attempt detected. ' . 'The posted form data was rejected.';
phorum_build_common_urls();
phorum_output("message");
exit;
}
}
return $posting_token;
}
/**
* Outputs a confirmation form. To maintain backwards compatibility with
* the templates, we generate a form in code and output it using stdblock
*
* The function exits the script after displaying the form
*
* @param string $message Message to display to users
* @param string $action The URI to post the form to
* @param array $args The hidden form values to be used in the form
* @return void
*
*/
function phorum_show_confirmation_form($message, $action, $args)
{
global $PHORUM;
ob_start();
?>
<div style="text-align: center;">
<strong><?php
echo htmlspecialchars($message, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
</strong>
<br />
<br />
<form
action="<?php
echo htmlspecialchars($action, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
"
method="post">
<input type="hidden"
name="forum_id" value="<?php
echo $PHORUM["forum_id"];
?>
" />
<?php
foreach ($args as $name => $value) {
?>
<input type="hidden"
name="<?php
echo htmlspecialchars($name, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
"
value="<?php
echo htmlspecialchars($value, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
?>
" />
<?php
}
?>
<?php
echo $PHORUM["DATA"]["POST_VARS"];
?>
<input type="submit"
name="confirmation"
value="<?php
echo $PHORUM["DATA"]["LANG"]["Yes"];
?>
" />
<input type="submit"
name="confirmation"
value="<?php
echo $PHORUM["DATA"]["LANG"]["No"];
?>
" />
</form>
<br />
</div>
<?php
$PHORUM["DATA"]["BLOCK_CONTENT"] = ob_get_clean();
phorum_output("stdblock");
}
// Set the field to focus. Only set the focus if we have
// no message to display to the user and if we're not in a preview.
// In those cases, it's better to stay at the top of the
// page, so the user can see it.
if (phorum_page == "post" && !isset($PHORUM["DATA"]["OKMSG"]) && !isset($PHORUM["DATA"]["ERROR"]) && !$preview) {
$focus = "subject";
if (!empty($message["subject"])) {
$focus = "body";
}
$PHORUM["DATA"]["FOCUS_TO_ID"] = $focus;
}
}
if (isset($PHORUM["postingargs"]["as_include"]) && isset($templates)) {
$templates[] = $PHORUM["posting_template"];
} else {
phorum_output($PHORUM["posting_template"]);
}
// ----------------------------------------------------------------------
// Functions
// ----------------------------------------------------------------------
// Merge data from a database message record into the form fields
// that we use. If $apply_readonly is set to a true value, then
// only the fields which are flagged as read-only will be copied.
function phorum_posting_merge_db2form($form, $db, $apply_readonly = false)
{
$PHORUM = $GLOBALS['PHORUM'];
// If we have a user linked to the current message, then get the
// user data from the database, if it has to be applied as
// read-only data. We fetch the data here, so later on we
// can apply it to the message.
if (($PHORUM["post_fields"]["email"][pf_READONLY] || $PHORUM["post_fields"]["author"][pf_READONLY]) && !empty($db["user_id"])) {
/**
* A common function for checking the read-permissions for a forum-page
* returns false if access is not allowed and an error page-was output
*/
function phorum_check_read_common()
{
$PHORUM = $GLOBALS['PHORUM'];
$retval = true;
if ($PHORUM["forum_id"] > 0 && !$PHORUM["folder_flag"] && !phorum_api_user_check_access(PHORUM_USER_ALLOW_READ)) {
if ($PHORUM["DATA"]["LOGGEDIN"]) {
// if they are logged in and not allowed, they don't have rights
$GLOBALS['PHORUM']["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["NoRead"];
} else {
// check if they could read if logged in.
// if so, let them know to log in.
if (empty($PHORUM["DATA"]["POST"]["parentid"]) && $PHORUM["reg_perms"] & PHORUM_USER_ALLOW_READ) {
$GLOBALS['PHORUM']["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["PleaseLoginRead"];
} else {
$GLOBALS['PHORUM']["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["NoRead"];
}
}
phorum_build_common_urls();
phorum_output("message");
$retval = false;
}
return $retval;
}
