public function render_reply_form() { global $locale, $userdata, $forum_settings, $defender; $thread_data = $this->thread_info['thread']; if ((!iMOD or !iSUPERADMIN) && $thread_data['thread_locked']) { redirect(INFUSIONS . 'forum/index.php'); } if ($this->getThreadPermission("can_reply")) { add_to_title($locale['global_201'] . $locale['forum_0503']); add_breadcrumb(array('link' => '', 'title' => $locale['forum_0503'])); // field data $post_data = array('post_id' => 0, 'forum_id' => $this->thread_info['thread']['forum_id'], 'thread_id' => $this->thread_info['thread']['thread_id'], 'post_message' => isset($_POST['post_message']) ? form_sanitizer($_POST['post_message'], '', 'post_message') : '', 'post_showsig' => isset($_POST['post_showsig']) ? 1 : 0, 'post_smileys' => isset($_POST['post_smileys']) || isset($_POST['post_message']) && preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $_POST['post_message']) ? 1 : 0, 'post_author' => $userdata['user_id'], 'post_datestamp' => time(), 'post_ip' => USER_IP, 'post_ip_type' => USER_IP_TYPE, 'post_edituser' => 0, 'post_edittime' => 0, 'post_editreason' => '', 'post_hidden' => 0, 'notify_me' => 0, 'post_locked' => $forum_settings['forum_edit_lock'] || isset($_POST['post_locked']) ? 1 : 0); // execute form post actions if (isset($_POST['post_reply'])) { require_once INCLUDES . "flood_include.php"; // all data is sanitized here. if (!flood_control("post_datestamp", DB_FORUM_POSTS, "post_author='" . $userdata['user_id'] . "'")) { // have notice $update_forum_lastpost = FALSE; if ($defender->safe()) { // Prepare forum merging action $last_post_author = dbarray(dbquery("SELECT post_author FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $thread_data['thread_id'] . "' ORDER BY post_id DESC LIMIT 1")); if ($last_post_author['post_author'] == $post_data['post_author'] && $thread_data['forum_merge']) { $last_message = dbarray(dbquery("SELECT post_id, post_message FROM " . DB_FORUM_POSTS . " WHERE thread_id='" . $thread_data['thread_id'] . "' ORDER BY post_id DESC")); $post_data['post_id'] = $last_message['post_id']; $post_data['post_message'] = $last_message['post_message'] . "\n\n" . $locale['forum_0640'] . " " . showdate("longdate", time()) . ":\n" . $post_data['post_message']; dbquery_insert(DB_FORUM_POSTS, $post_data, 'update', array('primary_key' => 'post_id', 'keep_session' => TRUE)); } else { $update_forum_lastpost = TRUE; dbquery_insert(DB_FORUM_POSTS, $post_data, 'save', array('primary_key' => 'post_id', 'keep_session' => TRUE)); $post_data['post_id'] = dblastid(); if (!defined("FUSION_NULL")) { dbquery("UPDATE " . DB_USERS . " SET user_posts=user_posts+1 WHERE user_id='" . $post_data['post_author'] . "'"); } } // Attach files if permitted if (!empty($_FILES) && is_uploaded_file($_FILES['file_attachments']['tmp_name'][0]) && $this->getThreadPermission("can_upload_attach")) { $upload = form_sanitizer($_FILES['file_attachments'], '', 'file_attachments'); if ($upload['error'] == 0) { foreach ($upload['target_file'] as $arr => $file_name) { $adata = array('thread_id' => $thread_data['thread_id'], 'post_id' => $post_data['post_id'], 'attach_name' => $file_name, 'attach_mime' => $upload['type'][$arr], 'attach_size' => $upload['source_size'][$arr], 'attach_count' => 0); dbquery_insert(DB_FORUM_ATTACHMENTS, $adata, "save", array('keep_session' => TRUE)); } } } // Update stats in forum and threads if ($update_forum_lastpost == TRUE) { // find all parents and update them $list_of_forums = get_all_parent(dbquery_tree(DB_FORUMS, 'forum_id', 'forum_cat'), $thread_data['forum_id']); foreach ($list_of_forums as $fid) { dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='******'post_author'] . "' WHERE forum_id='" . $fid . "'"); } // update current forum dbquery("UPDATE " . DB_FORUMS . " SET forum_lastpost='" . time() . "', forum_postcount=forum_postcount+1, forum_lastpostid='" . $post_data['post_id'] . "', forum_lastuser='******'post_author'] . "' WHERE forum_id='" . $thread_data['forum_id'] . "'"); // update current thread dbquery("UPDATE " . DB_FORUM_THREADS . " SET thread_lastpost='" . time() . "', thread_lastpostid='" . $post_data['post_id'] . "', thread_postcount=thread_postcount+1, thread_lastuser='******'post_author'] . "' WHERE thread_id='" . $thread_data['thread_id'] . "'"); } if ($forum_settings['thread_notify'] && isset($_POST['notify_me'])) { if (!dbcount("(thread_id)", DB_FORUM_THREAD_NOTIFY, "thread_id='" . $thread_data['thread_id'] . "' AND notify_user='******'post_author'] . "'")) { dbquery("INSERT INTO " . DB_FORUM_THREAD_NOTIFY . " (thread_id, notify_datestamp, notify_user, notify_status) VALUES('" . $thread_data['thread_id'] . "', '" . time() . "', '" . $post_data['post_author'] . "', '1')"); } } if ($defender->safe()) { redirect(INFUSIONS . "forum/postify.php?post=reply&error=0&forum_id=" . intval($post_data['forum_id']) . "&thread_id=" . intval($post_data['thread_id']) . "&post_id=" . intval($post_data['post_id'])); } } } } // template data $form_action = INFUSIONS . "forum/viewthread.php?action=reply&forum_id=" . $thread_data['forum_id'] . "&thread_id=" . $thread_data['thread_id']; // Quote Get if (isset($_GET['quote']) && isnum($_GET['quote'])) { $quote_result = dbquery("SELECT a.post_message, b.user_name\n\t\t\t\t\t\t\t\t\t\tFROM " . DB_FORUM_POSTS . " a\n\t\t\t\t\t\t\t\t\t\tINNER JOIN " . DB_USERS . " b ON a.post_author=b.user_id\n\t\t\t\t\t\t\t\t\t\tWHERE thread_id='" . $thread_data['thread_id'] . "' and post_id='" . $_GET['quote'] . "'"); if (dbrows($quote_result) > 0) { $quote_data = dbarray($quote_result); // do not do this. to silently inject. $post_data['post_message'] = "[quote name=" . $quote_data['user_name'] . " post=" . $_GET['quote'] . "]@" . $quote_data['user_name'] . " - " . strip_bbcodes($quote_data['post_message']) . "[/quote]" . $post_data['post_message']; $form_action .= "&post_id=" . $_GET['post_id'] . "&quote=" . $_GET['quote']; } else { redirect(INFUSIONS . "forum/index.php"); } } $info = array('title' => $locale['forum_0503'], 'description' => $locale['forum_2000'] . $thread_data['thread_subject'], 'openform' => openform('input_form', 'post', $form_action, array('enctype' => $this->getThreadPermission("can_upload_attach") ? TRUE : FALSE, 'max_tokens' => 1)), 'closeform' => closeform(), 'forum_id_field' => form_hidden('forum_id', "", $post_data['forum_id']), 'thread_id_field' => form_hidden('thread_id', "", $post_data['thread_id']), "forum_field" => "", 'subject_field' => form_hidden('thread_subject', "", $thread_data['thread_subject']), 'message_field' => form_textarea('post_message', $locale['forum_0601'], $post_data['post_message'], array('required' => TRUE, 'error_text' => '', 'autosize' => TRUE, 'no_resize' => TRUE, 'preview' => TRUE, 'form_name' => 'input_form', 'bbcode' => TRUE)), 'delete_field' => '', 'edit_reason_field' => '', 'attachment_field' => $this->getThreadPermission("can_upload_attach") ? form_fileinput('file_attachments[]', $locale['forum_0557'], "", array('input_id' => 'file_attachments', 'upload_path' => INFUSIONS . 'forum/attachments/', 'type' => 'object', 'preview_off' => TRUE, "multiple" => TRUE, "inline" => false, 'max_count' => $forum_settings['forum_attachmax_count'], 'valid_ext' => $forum_settings['forum_attachtypes'], "class" => "m-b-0")) . "\n\t\t\t\t\t\t\t\t <div class='m-b-20'>\n<small>" . sprintf($locale['forum_0559'], parsebytesize($forum_settings['forum_attachmax']), str_replace('|', ', ', $forum_settings['forum_attachtypes']), $forum_settings['forum_attachmax_count']) . "</small>\n</div>\n" : "", "poll_form" => "", 'smileys_field' => form_checkbox('post_smileys', $locale['forum_0622'], $post_data['post_smileys'], array('class' => 'm-b-0')), 'signature_field' => array_key_exists("user_sig", $userdata) && $userdata['user_sig'] ? form_checkbox('post_showsig', $locale['forum_0623'], $post_data['post_showsig'], array('class' => 'm-b-0')) : '', 'sticky_field' => '', 'lock_field' => '', 'hide_edit_field' => '', 'post_locked_field' => '', 'notify_field' => $forum_settings['thread_notify'] ? form_checkbox('notify_me', $locale['forum_0626'], $post_data['notify_me'], array('class' => 'm-b-0')) : '', 'post_buttons' => form_button('post_reply', $locale['forum_0504'], $locale['forum_0504'], array('class' => 'btn-primary')) . form_button('cancel', $locale['cancel'], $locale['cancel'], array('class' => 'btn-default m-l-10')), 'last_posts_reply' => ''); // only in reply if ($forum_settings['forum_last_posts_reply']) { $result = dbquery("\n\t\t\t\tSELECT\n\t\t\t\tp.thread_id, p.post_message, p.post_smileys, p.post_author, p.post_datestamp, p.post_hidden,\n\t\t\t\t\t\t\tu.user_id, u.user_name, u.user_status, u.user_avatar\n\t\t\t\t\t\t\tFROM " . DB_FORUM_POSTS . " p\n\t\t\t\t\t\t\tLEFT JOIN " . DB_USERS . " u ON p.post_author = u.user_id\n\t\t\t\t\t\t\tWHERE p.thread_id='" . $thread_data['thread_id'] . "' AND p.post_hidden='0'\n\t\t\t\t\t\t\tGROUP BY p.post_id\n\t\t\t\t\t\t\tORDER BY p.post_datestamp DESC LIMIT 0," . $forum_settings['posts_per_page']); if (dbrows($result)) { $title = sprintf($locale['forum_0526'], $forum_settings['forum_last_posts_reply']); if ($forum_settings['forum_last_posts_reply'] == "1") { $title = $locale['forum_0525']; } ob_start(); echo "<p><strong>" . $title . "</strong>\n</p>\n"; echo "<table class='table table-responsive'>\n"; $i = $forum_settings['posts_per_page']; while ($data = dbarray($result)) { $message = $data['post_message']; if ($data['post_smileys']) { $message = parsesmileys($message); } $message = parseubb($message); echo "<tr>\n<td class='tbl2 forum_thread_user_name' style='width:10%'><!--forum_thread_user_name-->" . profile_link($data['user_id'], $data['user_name'], $data['user_status']) . "</td>\n"; echo "<td class='tbl2 forum_thread_post_date'>\n"; echo "<div style='float:right' class='small'>\n"; echo $i . ($i == $forum_settings['forum_last_posts_reply'] ? " (" . $locale['forum_0525'] . ")" : ""); echo "</div>\n"; echo "<div class='small'>" . $locale['forum_0524'] . showdate("forumdate", $data['post_datestamp']) . "</div>\n"; echo "</td>\n"; echo "</tr>\n<tr>\n<td valign='top' class='tbl2 forum_thread_user_info' style='width:10%'>\n"; echo display_avatar($data, '50px'); echo "</td>\n<td valign='top' class='tbl1 forum_thread_user_post'>\n"; echo nl2br($message); echo "</td>\n</tr>\n"; $i--; } echo "</table>\n"; $info['last_posts_reply'] = ob_get_contents(); ob_end_clean(); } } postform($info); } else { redirect(INFUSIONS . 'forum/index.php'); } }
$message = ""; $disable_smileys_check = ""; $sig_checked = " checked='checked'"; if ($settings['thread_notify']) { if (dbcount("(thread_id)", DB_THREAD_NOTIFY, "thread_id='" . $_GET['thread_id'] . "' AND notify_user='******'user_id'] . "'")) { $notify_checked = " checked='checked'"; } else { $notify_checked = ""; } } } if (isset($_GET['quote']) && isnum($_GET['quote'])) { $result = dbquery("SELECT post_message, user_name FROM " . DB_POSTS . "\r\n\t\t\tINNER JOIN " . DB_USERS . " ON " . DB_POSTS . ".post_author=" . DB_USERS . ".user_id\r\n\t\t\tWHERE thread_id='" . $_GET['thread_id'] . "' and post_id='" . $_GET['quote'] . "'"); if (dbrows($result)) { $data = dbarray($result); $message = "[quote name=" . $data['user_name'] . " post=" . $_GET['quote'] . "]" . strip_bbcodes($data['post_message']) . "[/quote]"; } } add_to_title($locale['global_201'] . $locale['403']); echo "<!--pre_postreply-->"; opentable($locale['403']); if (!isset($_POST['previewreply'])) { echo "<div class='tbl2 forum_breadcrumbs' style='margin-bottom:5px'><a href='index.php'>" . $settings['sitename'] . "</a> » " . $caption . "</div>\n"; } echo "<form name='inputform' method='post' action='" . FUSION_SELF . "?action=reply&forum_id=" . $_GET['forum_id'] . "&thread_id=" . $_GET['thread_id'] . "' enctype='multipart/form-data'>\n"; echo "<table cellpadding='0' cellspacing='1' width='100%' class='tbl-border'>\n<tr>\n"; echo "<td valign='top' width='145' class='tbl2'>" . $locale['461'] . "</td>\n"; echo "<td class='tbl1'><textarea name='message' cols='60' rows='15' class='textbox' style='width:98%'>{$message}</textarea></td>\n"; echo "</tr>\n<tr>\n"; echo "<td width='145' class='tbl2'> </td>\n"; echo "<td class='tbl1'>" . display_bbcodes("99%", "message") . "</td>\n";
if (!isset($_POST['previewreply'])) { $message = ""; $disable_smileys_check = ""; if ($settings['thread_notify']) { if (dbcount("(thread_id)", DB_THREAD_NOTIFY, "thread_id='" . $_GET['thread_id'] . "' AND notify_user='******'user_id'] . "'")) { $notify_checked = " checked='checked'"; } else { $notify_checked = ""; } } } if (isset($_GET['quote']) && isnum($_GET['quote'])) { $result = dbquery("SELECT post_message, post_replynum FROM " . DB_POSTS . "\n\t\t\tWHERE thread_id='" . $_GET['thread_id'] . "' and post_id='" . $_GET['quote'] . "'"); if (dbrows($result)) { $data = dbarray($result); $message = "[quote][url=" . $settings['siteurl'] . "forum/viewthread.php?thread_id=" . $_GET['thread_id'] . "&pid=" . $_GET['quote'] . "#post_" . $_GET['quote'] . "][b]#" . $data['post_replynum'] . $locale['429'] . "[/b][/url]\n\n" . strip_bbcodes($data['post_message']) . "[/quote]"; } } add_to_title($locale['global_201'] . $locale['403']); echo "<!--pre_postreply-->"; opentable($locale['403']); if (!isset($_POST['previewreply'])) { echo "<div class='tbl2 forum_breadcrumbs' style='margin-bottom:5px'><a href='index.php'>" . $settings['sitename'] . "</a> » " . $caption . "</div>\n"; } echo "<form name='inputform' method='post' action='" . FUSION_SELF . "?action=reply&forum_id=" . $_GET['forum_id'] . "&thread_id=" . $_GET['thread_id'] . "' enctype='multipart/form-data'>\n"; echo "<table cellpadding='0' cellspacing='1' width='100%' class='tbl-border'>\n<tr>\n"; echo "<td valign='top' width='145' class='tbl2'>" . $locale['461'] . "</td>\n"; echo "<td class='tbl1'><textarea name='message' cols='60' rows='15' class='textbox' style='width:98%'>{$message}</textarea></td>\n"; echo "</tr>\n<tr>\n"; echo "<td width='145' class='tbl2'> </td>\n"; echo "<td class='tbl1'>" . display_bbcodes("99%", "message") . "</td>\n";
$message = ""; $disable_smileys_check = ""; $sig_checked = " checked='checked'"; if ($settings['thread_notify']) { if (dbcount("(thread_id)", DB_THREAD_NOTIFY, "thread_id='" . $_GET['thread_id'] . "' AND notify_user='******'user_id'] . "'")) { $notify_checked = " checked='checked'"; } else { $notify_checked = ""; } } } if (isset($_GET['quote']) && isnum($_GET['quote'])) { $result = dbquery("SELECT * FROM " . DB_POSTS . "\r\n\t\t\tINNER JOIN " . DB_USERS . " ON " . DB_POSTS . ".post_author=" . DB_USERS . ".user_id\r\n\t\t\tWHERE thread_id='" . $_GET['thread_id'] . "' and post_id='" . $_GET['quote'] . "'"); if (dbrows($result)) { $data = dbarray($result); $message = "[quote][b]" . $data['user_name'] . $locale['429'] . "[/b]\n" . strip_bbcodes($data['post_message']) . "[/quote]"; } } add_to_title($locale['global_201'] . $locale['403']); echo "<!--pre_postreply-->"; opentable($locale['403']); if (!isset($_POST['previewreply'])) { echo "<div class='tbl2' style='margin-bottom:5px'><span class='small'><a href='index.php'>" . $settings['sitename'] . "</a> :: " . $caption . "</span></div>\n"; } echo "<form name='inputform' method='post' action='" . FUSION_SELF . "?action=reply&forum_id=" . $_GET['forum_id'] . "&thread_id=" . $_GET['thread_id'] . "' enctype='multipart/form-data'>\n"; echo "<table cellpadding='0' cellspacing='1' width='100%' class='tbl-border'>\n<tr>\n"; echo "<td valign='top' width='145' class='tbl2'>" . $locale['461'] . "</td>\n"; echo "<td class='tbl1'><textarea name='message' cols='60' rows='15' class='textbox' style='width:98%'>{$message}</textarea></td>\n"; echo "</tr>\n<tr>\n"; echo "<td width='145' class='tbl2'> </td>\n"; echo "<td class='tbl1'>" . display_bbcodes("99%", "message") . "</td>\n";