function execute(&$action, &$request) { if ($request['event'] == 'register_user') { /* Create the ancestors bar (if we run into any trouble */ k4_bread_crumbs($request['template'], $request['dba'], 'L_REGISTER'); if (intval($request['template']->getVar('allowregistration')) == 0) { if (!USE_XMLHTTP) { no_perms_error($request); return TRUE; } else { xmlhttp_message('L_YOUNEEDPERMS'); } } if (!$request['user']->isMember()) { global $_PROFILEFIELDS, $_SETTINGS, $_URL, $_DATASTORE; /* If we are not allowed to register */ if (isset($_SETTINGS['allowregistration']) && $_SETTINGS['allowregistration'] == 0) { $action = new K4InformationAction(new K4LanguageElement('L_CANTREGISTERADMIN'), 'content', FALSE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_CANTREGISTERADMIN'); } /* Collect the custom profile fields to display */ $query_fields = ''; $query_params = ''; foreach ($_PROFILEFIELDS as $field) { if ($field['display_register'] == 1) { /* This insures that we only put in what we need to */ if (isset($_REQUEST[$field['name']])) { switch ($field['inputtype']) { default: case 'text': case 'textarea': case 'select': if ($_REQUEST[$field['name']] != '') { $query_fields .= ', ' . $field['name']; $query_params .= ", '" . $request['dba']->quote(k4_htmlentities($_REQUEST[$field['name']], ENT_QUOTES)) . "'"; } break; case 'multiselect': case 'radio': case 'check': if (is_array($_REQUEST[$field['name']]) && !empty($_REQUEST[$field['name']])) { $query_fields .= ', ' . $field['name']; $query_params .= ", '" . $request['dba']->quote(serialize($_REQUEST[$field['name']])) . "'"; } break; } } } } /** * Error checking */ /* Username checks */ if (!$this->runPostFilter('username', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_BADUSERNAME'); } if (!$this->runPostFilter('username', new FARegexFilter('~^[a-zA-Z]([a-zA-Z0-9]*[-_ ]?)*[a-zA-Z0-9]*$~'))) { $action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_BADUSERNAME'); } if (!$this->runPostFilter('username', new FALengthFilter(intval($_SETTINGS['maxuserlength'])))) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOLONG', intval($_SETTINGS['maxuserlength'])), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMETOOSHORT'); } if (!$this->runPostFilter('username', new FALengthFilter(intval($_SETTINGS['maxuserlength']), intval($_SETTINGS['minuserlength'])))) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOSHORT', intval($_SETTINGS['minuserlength']), intval($_SETTINGS['maxuserlength'])), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message(new K4LanguageElement('L_USERNAMETOOSHORT', intval($_SETTINGS['minuserlength']), intval($_SETTINGS['maxuserlength']))); } if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE name = '" . $request['dba']->quote($_REQUEST['username']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETAKEN'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMETAKEN'); } if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4BADUSERNAMES . " WHERE name = '" . $request['dba']->quote($_REQUEST['username']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMENOTGOOD'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMENOTGOOD'); } /* Check the appropriatness of the username */ $name = $_REQUEST['username']; replace_censors($name); if ($name != $_REQUEST['username']) { $action = new K4InformationAction(new K4LanguageElement('L_INNAPROPRIATEUNAME'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_INNAPROPRIATEUNAME'); } /* Password checks */ if (!$this->runPostFilter('password', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYPASSWORD'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYPASSWORD'); } if (!$this->runPostFilter('password2', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYPASSCHECK'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYPASSCHECK'); } if (!$this->runPostFilter('password', new FACompareFilter('password2'))) { $action = new K4InformationAction(new K4LanguageElement('L_PASSESDONTMATCH'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_PASSESDONTMATCH'); } /* Email checks */ if (!$this->runPostFilter('email', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAIL'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYEMAIL'); } if (!$this->runPostFilter('email2', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAILCHECK'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYEMAILCHECK'); } if (!$this->runPostFilter('email', new FACompareFilter('email2'))) { $action = new K4InformationAction(new K4LanguageElement('L_EMAILSDONTMATCH'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_EMAILSDONTMATCH'); } if (!$this->runPostFilter('email', new FARegexFilter('~^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$~'))) { $action = new K4InformationAction(new K4LanguageElement('L_NEEDVALIDEMAIL'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_NEEDVALIDEMAIL'); } if ($_SETTINGS['requireuniqueemail'] == 1) { if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE email = '" . $request['dba']->quote($_REQUEST['email']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_EMAILTAKEN'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_EMAILTAKEN'); } } /* Exit right here to send no content to the browser if ajax is enabled */ if (USE_XMLHTTP) { exit; } /** * Do the database inserting */ $name = k4_htmlentities(strip_tags($_REQUEST['username']), ENT_QUOTES); $reg_key = md5(uniqid(rand(), TRUE)); $insert_a = $request['dba']->prepareStatement("INSERT INTO " . K4USERS . " (name,email,pass,perms,reg_key,usergroups,created) VALUES (?,?,?,?,?,?,?)"); $insert_a->setString(1, $name); $insert_a->setString(2, $_REQUEST['email']); $insert_a->setString(3, md5($_REQUEST['password'])); $insert_a->setInt(4, PENDING_MEMBER); $insert_a->setString(5, $reg_key); $insert_a->setString(6, '|1|'); $insert_a->setInt(7, time()); $insert_a->executeUpdate(); $user_id = intval($request['dba']->getInsertId(K4USERS, 'id')); $insert_b = $request['dba']->prepareStatement("INSERT INTO " . K4USERINFO . " (user_id,timezone" . $query_fields . ") VALUES (?,?" . $query_params . ")"); $insert_b->setInt(1, $user_id); $insert_b->setInt(2, intval(@$_REQUEST['timezone'])); $request['dba']->executeUpdate("INSERT INTO " . K4USERSETTINGS . " (user_id) VALUES (" . $user_id . ")"); $insert_b->executeUpdate(); $datastore_update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data=? WHERE varname=?"); /* Set the datastore values */ $datastore = $_DATASTORE['forumstats']; $datastore['num_members'] = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS); $datastore['newest_user_id'] = $user_id; $datastore['newest_user_name'] = $name; $datastore_update->setString(1, serialize($datastore)); $datastore_update->setString(2, 'forumstats'); $datastore_update->executeUpdate(); reset_cache('datastore'); /* Do we need to validate their email by having them follow a url? */ if (intval($_SETTINGS['verifyemail']) == 1) { $verify_url = $_URL; $verify_url->args = array('act' => 'activate_accnt', 'key' => $reg_key); $verify_url->file = 'member.php'; $url = str_replace('&', '&', $verify_url->__toString()); $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET usergroups = '1' WHERE id = " . intval($user_id)); $email = sprintf($request['template']->getVar('L_REGISTEREMAILRMSG'), $name, $_SETTINGS['bbtitle'], $url, $_SETTINGS['bbtitle']); $action = new K4InformationAction(new K4LanguageElement('L_SUCCESSREGISTEREMAIL', $_SETTINGS['bbtitle'], $_REQUEST['email']), 'content', FALSE, 'index.php', 5); //return $action->execute($request); } else { $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET perms = " . MEMBER . ", priv_key = '', reg_key = '' WHERE id = " . intval($user_id)); $action = new K4InformationAction(new K4LanguageElement('L_SUCCESSREGISTER', $_SETTINGS['bbtitle']), 'content', FALSE, 'index.php', 5); //return $action->execute($request); $email = sprintf($request['template']->getVar('L_REGISTEREMAILMSG'), $name, $_SETTINGS['bbtitle'], $_SETTINGS['bbtitle']); } /* Finally, mail our user */ email_user($_REQUEST['email'], sprintf($request['template']->getVar('L_REGISTEREMAILTITLE'), $_SETTINGS['bbtitle']), $email); return TRUE; } else { $action = new K4InformationAction(new K4LanguageElement('L_CANTREGISTERLOGGEDIN'), 'content', FALSE, 'index.php', 3); return TRUE; } return FALSE; } }
function execute(&$request) { global $_QUERYPARAMS, $_DATASTORE, $_SETTINGS; $this->dba = $request['dba']; /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); /* Check the request ID */ if (!isset($_REQUEST['forum_id']) || !$_REQUEST['forum_id'] || intval($_REQUEST['forum_id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST'); } /* Check the request ID */ if (!isset($_REQUEST['forum_id']) || !$_REQUEST['forum_id'] || intval($_REQUEST['forum_id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST'); } $forum = $request['dba']->getRow("SELECT * FROM " . K4FORUMS . " WHERE forum_id = " . intval($_REQUEST['forum_id'])); /* Check the forum data given */ if (!$forum || !is_array($forum) || empty($forum)) { $action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST'); } /* Make sure the we are trying to post into a forum */ if (!($forum['row_type'] & FORUM) || $forum['forum_id'] == GARBAGE_BIN) { $action = new K4InformationAction(new K4LanguageElement('L_CANTPOSTTONONFORUM'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_CANTPOSTTONONFORUM'); } /* Do we have permission to post to this forum? */ if ($request['user']->get('perms') < get_map('topics', 'can_add', array('forum_id' => $forum['forum_id']))) { $action = new K4InformationAction(new K4LanguageElement('L_PERMCANTPOST'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_PERMCANTPOST'); } /* General error checking */ if (!isset($_REQUEST['name']) || $_REQUEST['name'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INSERTTOPICNAME'), 'content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTTOPICNAME'); } if (!$this->runPostFilter('name', new FALengthFilter(intval($_SETTINGS['topicmaxchars'])))) { $action = new K4InformationAction(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars']))); } if (!$this->runPostFilter('name', new FALengthFilter(intval($_SETTINGS['topicmaxchars']), intval($_SETTINGS['topicminchars'])))) { $action = new K4InformationAction(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars']))); } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INSERTTOPICMESSAGE'), 'content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTTOPICMESSAGE'); } /* Get our topic */ $draft = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id = " . intval($_REQUEST['post_id']) . " AND is_draft = 1 AND poster_id = " . intval($request['user']->get('id'))); if (!$draft || !is_array($draft) || empty($draft)) { $action = new K4InformationAction(new K4LanguageElement('L_DRAFTDOESNTEXIST'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_DRAFTDOESNTEXIST'); } /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_POSTTOPIC', $forum); $created = time(); /* Initialize the bbcode parser with the topic message */ $_REQUEST['message'] = substr($_REQUEST['message'], 0, $_SETTINGS['postmaxchars']); /* Parse the bbcode */ $body_text = $_REQUEST['message']; $submit_type = isset($_REQUEST['submit_type']) ? $_REQUEST['submit_type'] : 'post'; if (!isset($_REQUEST['disable_bbcode']) || !$_REQUEST['disable_bbcode']) { $parser =& new BBParser(); Globals::setGlobal('forum_id', $forum['forum_id']); Globals::setGlobal('maxpolloptions', $request['template']->getVar('maxpolloptions') > $forum['maxpolloptions'] ? $forum['maxpolloptions'] : $request['template']->getVar('maxpolloptions')); Globals::setGlobal('maxpollquestions', $request['template']->getVar('maxpollquestions') > $forum['maxpollquestions'] ? $forum['maxpollquestions'] : $request['template']->getVar('maxpollquestions')); if ($submit_type == 'post' || $submit_type == 'draft' || isset($_REQUEST['post'])) { $parser->register('BBPollNode'); } $body_text = $parser->parse($body_text); $is_poll = Globals::getGlobal('is_poll'); } // permissions are taken into account inside the poller //$poller = &new K4BBPolls($body_text, $draft['body_text'], $forum, $draft['post_id']); /** * Figure out what type of topic type this is */ $post_type = isset($_REQUEST['post_type']) && intval($_REQUEST['post_type']) != 0 ? $_REQUEST['post_type'] : TOPIC_NORMAL; if ($post_type == TOPIC_STICKY && $request['user']->get('perms') < get_map('sticky', 'can_add', array('forum_id' => $forum['forum_id']))) { $post_type = TOPIC_NORMAL; } else { if ($post_type == TOPIC_ANNOUNCE && $request['user']->get('perms') < get_map('announce', 'can_add', array('forum_id' => $forum['forum_id']))) { $post_type = TOPIC_NORMAL; } } $is_feature = isset($_REQUEST['is_feature']) && $_REQUEST['is_feature'] == 'yes' ? 1 : 0; if ($is_feature == 1 && $request['user']->get('perms') < get_map('feature', 'can_add', array('forum_id' => $forum['forum_id']))) { $is_feature = 0; } /* If we are submitting or saving a draft */ if ($submit_type == 'post' || $submit_type == 'draft' || (isset($_REQUEST['post']) || isset($_REQUEST['draft']))) { /** * Build the queries to add the draft */ $poster_name = $request['user']->get('id') <= 0 ? k4_htmlentities(isset($_REQUEST['poster_name']) ? $_REQUEST['poster_name'] : '', ENT_QUOTES) : $request['user']->get('name'); $update_a = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET name=?,body_text=?,posticon=?,disable_html=?,disable_bbcode=?,disable_emoticons=?,disable_sig=?,disable_areply=?,disable_aurls=?,is_draft=?,post_type=?,is_feature=?,is_poll=?,created=? WHERE post_id=?"); /* Set the informtion */ $update_a->setInt(1, $created); $update_a->setInt(2, $draft['post_id']); /* Set the topic information */ $update_a->setString(1, k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES)); $update_a->setString(2, $body_text); $update_a->setString(3, $request['user']->get('perms') >= get_map('posticons', 'can_add', array('forum_id' => $forum['forum_id'])) ? isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif' : 'clear.gif'); $update_a->setInt(4, isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'] ? 1 : 0); $update_a->setInt(5, isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'] ? 1 : 0); $update_a->setInt(6, isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'] ? 1 : 0); $update_a->setInt(7, isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'] ? 0 : 1); $update_a->setInt(8, isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'] ? 1 : 0); $update_a->setInt(9, isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'] ? 1 : 0); $update_a->setInt(10, 0); $update_a->setInt(11, $post_type); $update_a->setInt(12, $is_feature); $update_a->setInt(13, $is_poll); $update_a->setInt(14, $created); $update_a->setInt(15, $draft['post_id']); /** * Do the queries */ $update_a->executeUpdate(); $forum_update = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET topics=topics+1,posts=posts+1,post_created=?,post_name=?,post_uname=?,post_id=?,post_uid=?,post_posticon=? WHERE forum_id=?"); $datastore_update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data=? WHERE varname=?"); if (isset($_REQUEST['submit_type']) && $_REQUEST['submit_type'] == 'post' || isset($_REQUEST['post'])) { $request['dba']->executeUpdate("UPDATE " . K4USERINFO . " SET num_posts=num_posts+1,total_posts=total_posts+1 WHERE user_id=" . intval($request['user']->get('id'))); } /* Set the forum values */ $forum_update->setInt(1, $created); $forum_update->setString(2, k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES)); $forum_update->setString(3, $poster_name); $forum_update->setInt(4, $draft['post_id']); $forum_update->setInt(5, $request['user']->get('id')); $forum_update->setString(6, iif($request['user']->get('perms') >= get_map('posticons', 'can_add', array('forum_id' => $forum['forum_id'])), isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'clear.gif')); $forum_update->setInt(7, $forum['forum_id']); /* Set the datastore values */ $datastore = $_DATASTORE['forumstats']; $datastore['num_topics'] = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4POSTS . " WHERE is_draft=0"); $datastore_update->setString(1, serialize($datastore)); $datastore_update->setString(2, 'forumstats'); /** * Update the forums table and datastore table */ $forum_update->executeUpdate(); $datastore_update->executeUpdate(); reset_cache('datastore'); /** * Subscribe this user to the topic */ if (isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply']) { $subscribe = $request['dba']->prepareStatement("INSERT INTO " . K4SUBSCRIPTIONS . " (user_id,post_id,forum_id,email) VALUES (?,?,?,?)"); $subscribe->setInt(1, $request['user']->get('id')); $subscribe->setInt(2, $draft['id']); $subscribe->setInt(3, $forum['forum_id']); $subscribe->setString(4, $request['user']->get('email')); $subscribe->executeUpdate(); } // deal with attachments if ($request['template']->getVar('nojs') == 0) { attach_files($request, $forum, $draft['post_id']); } // set up the topic queue set_send_topic_mail($forum['forum_id'], $poster_name == '' ? $request['template']->getVar('L_GUEST') : $poster_name); /* Redirect the user */ $action = new K4InformationAction(new K4LanguageElement('L_ADDEDTOPIC', k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES), $forum['name']), 'content', FALSE, 'viewtopic.php?id=' . $draft['post_id'], 3); return $action->execute($request); /* If we are previewing */ } else { /** * Post Previewing */ if (!USE_XMLHTTP) { $request['template']->setVar('L_TITLETOOSHORT', sprintf($request['template']->getVar('L_TITLETOOSHORT'), $request['template']->getVar('topicminchars'), $request['template']->getVar('topicmaxchars'))); /* Get and set the emoticons and post icons to the template */ $emoticons = $request['dba']->executeQuery("SELECT * FROM " . K4EMOTICONS . " WHERE clickable=1"); $posticons = $request['dba']->executeQuery("SELECT * FROM " . K4POSTICONS); /* Add the emoticons and posticons */ $request['template']->setList('emoticons', $emoticons); $request['template']->setList('posticons', $posticons); /* Set some emoticon information */ $request['template']->setVar('emoticons_per_row', $request['template']->getVar('smcolumns')); $request['template']->setVar('emoticons_per_row_remainder', $request['template']->getVar('smcolumns') - 1); $request['template']->setVar('newtopic_action', 'newtopic.php?act=postdraft'); $request['template']->setVisibility('post_topic', TRUE); post_attachment_options($request, $forum, $draft); topic_post_options($request['template'], $request['user'], $forum); /* Create our editor */ create_editor($request, $_REQUEST['message'], 'post', $forum); } /* Set topic iterator array elements to be passed to the template */ $topic_preview = array('post_id' => @$draft['post_id'], 'name' => k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES), 'posticon' => isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'body_text' => $body_text, 'poster_name' => html_entity_decode($draft['poster_name'], ENT_QUOTES), 'poster_id' => $request['user']->get('id'), 'is_poll' => $draft['is_poll'], 'row_left' => 0, 'row_right' => 0, 'post_type' => $post_type, 'is_feature' => $is_feature, 'posticon' => $request['user']->get('perms') >= get_map('posticons', 'can_add', array('forum_id' => $forum['forum_id'])) ? isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif' : 'clear.gif', 'disable_html' => isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'] ? 1 : 0, 'disable_sig' => isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'] ? 0 : 1, 'disable_bbcode' => isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'] ? 1 : 0, 'disable_emoticons' => isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'] ? 1 : 0, 'disable_areply' => isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'] ? 1 : 0, 'disable_aurls' => isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'] ? 1 : 0); /* Add the topic information to the template */ $topic_iterator = new TopicIterator($request['dba'], $request['user'], $topic_preview, FALSE); $request['template']->setList('topic', $topic_iterator); /* Assign the topic preview values to the template */ $topic_preview['body_text'] = $_REQUEST['message']; foreach ($topic_preview as $key => $val) { $request['template']->setVar('topic_' . $key, $val); } /* Assign the forum information to the template */ foreach ($forum as $key => $val) { $request['template']->setVar('forum_' . $key, $val); } $request['template']->setVar('is_topic', 1); if (!USE_XMLHTTP) { /* Set the the button display options */ $request['template']->setVisibility('save_draft', FALSE); $request['template']->setVisibility('load_button', FALSE); $request['template']->setVisibility('edit_topic', TRUE); $request['template']->setVisibility('post_id', TRUE); /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_POSTTOPIC', $forum); /* Set the post topic form */ $request['template']->setVar('forum_forum_id', $forum['forum_id']); $request['template']->setFile('preview', 'post_preview.html'); $request['template']->setFile('content', 'newtopic.html'); } else { $templateset = $request['user']->isMember() ? $request['user']->get('templateset') : $forum['defaultstyle']; $html = $request['template']->run(BB_BASE_DIR . '/templates/' . $templateset . '/post_preview.html'); xmlhttp_header(); echo $html; xmlhttp_footer(); } } return TRUE; }
function execute(&$request) { global $_QUERYPARAMS, $_DATASTORE, $_SETTINGS; /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); /* Check the request ID */ if (!isset($_REQUEST['id']) || !$_REQUEST['id'] || intval($_REQUEST['id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_TOPICDOESNTEXIST'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_TOPICDOESNTEXIST'); } /* Get our topic */ $topic = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id = " . intval($_REQUEST['id'])); if (!$topic || !is_array($topic) || empty($topic)) { $action = new K4InformationAction(new K4LanguageElement('L_TOPICDOESNTEXIST'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_TOPICDOESNTEXIST'); } $forum = $request['dba']->getRow("SELECT * FROM " . K4FORUMS . " WHERE forum_id = " . intval($topic['forum_id'])); if (!$forum || !is_array($forum) || empty($forum)) { $action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST'); } if (!isset($_REQUEST['name']) || $_REQUEST['name'] == '') { $name = $topic['name']; } else { $name = strip_tags($_REQUEST['name']); } $name = $name == '' ? $topic['name'] : $name; if (strlen($name) < intval($_SETTINGS['topicminchars']) || strlen($name) > intval($_SETTINGS['topicmaxchars'])) { $action = new K4InformationAction(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(sprintf('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars']))); } if ($name != $topic['name']) { $name = k4_htmlentities($name, ENT_QUOTES); if (!is_moderator($request['user']->getInfoArray(), $forum)) { no_perms_error($request); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_NEEDPERMS'); } if ($topic['poster_id'] == $request['user']->get('id')) { if ($request['user']->get('perms') < get_map('topics', 'can_edit', array('forum_id' => $topic['forum_id']))) { no_perms_error($request); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_NEEDPERMS'); } } else { if ($request['user']->get('perms') < get_map('other_topics', 'can_edit', array('forum_id' => $topic['forum_id']))) { no_perms_error($request); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_NEEDPERMS'); } } /* If this topic is a redirect/ connects to one, update the original */ if ($topic['moved_new_post_id'] > 0 || $topic['moved_old_post_id'] > 0) { $redirect = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET name=?,edited_time=?,edited_username=?,edited_userid=? WHERE post_id=?"); $redirect->setString(1, $name); $redirect->setInt(2, time()); $redirect->setString(3, $request['user']->get('name')); $redirect->setInt(4, $request['user']->get('id')); $redirect->setInt(5, $topic['moved_new_post_id'] > 0 ? $topic['moved_new_post_id'] : $topic['moved_old_post_id']); $redirect->executeUpdate(); } $update_a = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET name=?,edited_time=?,edited_username=?,edited_userid=? WHERE post_id=?"); $update_a->setString(1, $name); $update_a->setInt(2, time()); $update_a->setString(3, $request['user']->get('name')); $update_a->setInt(4, $request['user']->get('id')); $update_a->setInt(5, $topic['post_id']); $update_a->executeUpdate(); if ($forum['post_id'] == $topic['post_id']) { $update_c = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET post_name=? WHERE forum_id=?"); $update_c->setString(1, $name); $update_c->setInt(2, $forum['forum_id']); $update_c->executeUpdate(); } // id this is the last post in a forum if ($forum['post_id'] == $topic['post_id'] && $forum['post_created'] == $topic['created']) { $update_d = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET post_name=? WHERE forum_id=?"); $update_d->setString(1, $name); $update_d->setInt(2, $forum['forum_id']); $update_d->executeUpdate(); } } if (!USE_XMLHTTP) { k4_bread_crumbs($request['template'], $request['dba'], 'L_EDITTOPIC', $forum); $action = new K4InformationAction(new K4LanguageElement('L_UPDATEDTOPIC', $topic['name']), 'content', FALSE, referer(), 3); return $action->execute($request); } else { xmlhttp_header(); echo '<a href="viewtopic.php?id=' . $topic['post_id'] . '" title="' . $name . '" style="font-size: 13px;">' . (strlen($name) > 40 ? substr($name, 0, 40) . '...' : $name) . '</a>'; xmlhttp_footer(); } }
function execute(&$request) { if (USE_XMLHTTP) { if (!isset($_REQUEST['post_id']) || intval($_REQUEST['post_id']) == 0) { return xmlhttp_message('L_YOUNEEDPERMS'); } // get the post $post = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id = " . intval($_REQUEST['post_id'])); if (!is_array($post) || empty($post)) { return xmlhttp_message('L_POSTDOESNTEXIST'); } if ($post['row_type'] & TOPIC) { if ($request['user']->get('id') == $post['poster_id'] && $request['user']->get('perms') < get_map($user, 'topics', 'can_edit', array('forum_id' => $post['forum_id']))) { return xmlhttp_message('L_YOUNEEDPERMS'); } if ($request['user']->get('id') != $post['poster_id'] && $request['user']->get('perms') < get_map($user, 'other_topics', 'can_edit', array('forum_id' => $post['forum_id']))) { return xmlhttp_message('L_YOUNEEDPERMS'); } } else { if ($post['row_type'] & REPLY) { if ($request['user']->get('id') == $post['poster_id'] && $request['user']->get('perms') < get_map($user, 'replies', 'can_edit', array('forum_id' => $post['forum_id']))) { return xmlhttp_message('L_YOUNEEDPERMS'); } if ($request['user']->get('id') != $post['poster_id'] && $request['user']->get('perms') < get_map($user, 'other_replies', 'can_edit', array('forum_id' => $post['forum_id']))) { return xmlhttp_message('L_YOUNEEDPERMS'); } } else { return xmlhttp_message('L_YOUNEEDPERMS'); } } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { return xmlhttp_message('L_INSERTPOSTMESSAGE'); } global $_ALLFORUMS; Globals::setGlobal('forum_id', $post['forum_id']); Globals::setGlobal('maxpolloptions', $request['template']->getVar('maxpolloptions') > $_ALLFORUMS[$post['forum_id']]['maxpolloptions'] ? $_ALLFORUMS[$post['forum_id']]['maxpolloptions'] : $request['template']->getVar('maxpolloptions')); Globals::setGlobal('maxpollquestions', $request['template']->getVar('maxpollquestions') > $_ALLFORUMS[$post['forum_id']]['maxpollquestions'] ? $_ALLFORUMS[$post['forum_id']]['maxpollquestions'] : $request['template']->getVar('maxpollquestions')); $parser =& new BBParser(); $parser->register('BBPollNode'); $body_text = $parser->parse($_REQUEST['message']); $body_text = $parser->comparePolls($post['post_id'], $body_text, $post['body_text'], $request['dba']); $is_poll = Globals::getGlobal('is_poll'); /* If this topic is a redirect/ connects to one, update the original */ if ($post['row_type'] & TOPIC && ($post['moved_new_post_id'] > 0 || $post['moved_old_post_id'] > 0)) { $update = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET body_text=?,edited_time=?,edited_username=?,edited_userid=?,is_poll=? WHERE post_id=?"); $update->setString(1, $body_text); $update->setInt(2, time()); $update->setString(3, $request['user']->get('name')); $update->setInt(4, $request['user']->get('id')); $update->setInt(5, $is_poll); $update->setInt(6, $post['moved_new_post_id'] > 0 ? $post['moved_new_post_id'] : $post['moved_old_post_id']); $update->executeUpdate(); } /* Update the original */ $update = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET body_text=?,edited_time=?,edited_username=?,edited_userid=?,is_poll=? WHERE post_id=?"); $update->setString(1, $body_text); $update->setInt(2, time()); $update->setString(3, $request['user']->get('name')); $update->setInt(4, $request['user']->get('id')); $update->setInt(5, $is_poll); $update->setInt(6, $post['post_id']); $update->executeUpdate(); xmlhttp_header(); echo $body_text; xmlhttp_footer(); } return TRUE; }
/** * Standard no permissions error page.. used often (implemented late, so might not be widespread */ function no_perms_error(&$request, $section = 'content') { if (!USE_XMLHTTP) { k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); $request['template_file'] = BB_BASE_DIR . "/templates/" . $request['user']->get('templateset') . "/information_base.html"; $request['template']->setFile($section, 'login_form.html'); $request['template']->setVisibility('no_perms', TRUE); } else { return xmlhttp_message('L_YOUNEEDPERMS'); } }
function execute(&$request) { global $_QUERYPARAMS, $_DATASTORE, $_SETTINGS; /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); /* Check the request ID */ if (!isset($_REQUEST['forum_id']) || !$_REQUEST['forum_id'] || intval($_REQUEST['forum_id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST'); } $forum = $request['dba']->getRow("SELECT * FROM " . K4FORUMS . " WHERE forum_id=" . intval($_REQUEST['forum_id'])); /* Check the forum data given */ if (!$forum || !is_array($forum) || empty($forum)) { $action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST'); } /* Make sure the we are trying to edit in a forum */ if (!($forum['row_type'] & FORUM) || $forum['forum_id'] == GARBAGE_BIN) { $action = new K4InformationAction(new K4LanguageElement('L_CANTEDITTONONFORUM'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_CANTEDITTONONFORUM'); } /* General error checking */ if ($this->row_type & TOPIC) { if (!isset($_REQUEST['name']) || $_REQUEST['name'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INSERTTOPICNAME'), 'content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTTOPICNAME'); } $len = strlen($_REQUEST['name']); if ($len < intval($_SETTINGS['topicminchars']) || $len > intval($_SETTINGS['topicmaxchars'])) { $action = new K4InformationAction(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars']))); } } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INSERTTOPICMESSAGE'), 'content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTTOPICMESSAGE'); } /* Get our post */ $post = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id = " . intval($_REQUEST['post_id'])); if (!is_array($post) || empty($post)) { $action = new K4InformationAction(new K4LanguageElement('L_POSTDOESNTEXIST'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_POSTDOESNTEXIST'); } $type = $this->row_type & TOPIC ? 'topics' : 'replies'; /* Does this person have permission to edit this topic? */ if ($post['poster_id'] == $request['user']->get('id')) { if (get_map($type, 'can_edit', array('forum_id' => $forum['forum_id'])) > $request['user']->get('perms')) { $action = new K4InformationAction(new K4LanguageElement('L_YOUNEEDPERMS'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_YOUNEEDPERMS'); } } else { if (get_map('other_' . $type, 'can_edit', array('forum_id' => $forum['forum_id'])) > $request['user']->get('perms')) { $action = new K4InformationAction(new K4LanguageElement('L_YOUNEEDPERMS'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_YOUNEEDPERMS'); } } if ($post['is_poll'] == 1) { // TODO: something here. } /* Does this user have permission to edit this topic if it is locked? */ if ($post['post_locked'] == 1 && get_map('closed', 'can_edit', array('forum_id' => $forum['forum_id'])) > $request['user']->get('perms')) { $action = new K4InformationAction(new K4LanguageElement('L_YOUNEEDPERMS'), 'content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_YOUNEEDPERMS'); } /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], $this->row_type & TOPIC ? 'L_EDITTOPIC' : 'L_EDITREPLY', $post, $forum); /* Initialize the bbcode parser with the topic message */ $_REQUEST['message'] = substr($_REQUEST['message'], 0, $_SETTINGS['postmaxchars']); /* Parse the bbcode */ $body_text = $_REQUEST['message']; $submit_type = isset($_REQUEST['submit_type']) ? $_REQUEST['submit_type'] : 'post'; if (!isset($_REQUEST['disable_bbcode']) || !$_REQUEST['disable_bbcode']) { $parser =& new BBParser(); Globals::setGlobal('forum_id', $forum['forum_id']); Globals::setGlobal('maxpolloptions', $request['template']->getVar('maxpolloptions') > $forum['maxpolloptions'] ? $forum['maxpolloptions'] : $request['template']->getVar('maxpolloptions')); Globals::setGlobal('maxpollquestions', $request['template']->getVar('maxpollquestions') > $forum['maxpollquestions'] ? $forum['maxpollquestions'] : $request['template']->getVar('maxpollquestions')); if ($submit_type == 'post' || isset($_REQUEST['post'])) { $parser->register('BBPollNode'); } $body_text = $parser->parse($body_text); if ($submit_type == 'post' || isset($_REQUEST['post'])) { $body_text = $parser->comparePolls($post['post_id'], $body_text, $post['body_text'], $request['dba']); } $is_poll = Globals::getGlobal('is_poll'); } // permissions are taken into account inside the poller //$poller = &new K4BBPolls($body_text, $topic['body_text'], $forum, $topic['post_id']); $request['template']->setVar('newtopic_action', 'newtopic.php?act=updatetopic'); if ($this->row_type & TOPIC) { /* Get the topic type */ $post_type = isset($_REQUEST['post_type']) && intval($_REQUEST['post_type']) != 0 ? $_REQUEST['post_type'] : TOPIC_NORMAL; /* Check the topic type and check if this user has permission to post that type of topic */ if ($post_type == TOPIC_STICKY && $request['user']->get('perms') < get_map('sticky', 'can_add', array('forum_id' => $forum['forum_id']))) { $post_type = TOPIC_NORMAL; } else { if ($post_type == TOPIC_ANNOUNCE && $request['user']->get('perms') < get_map('announce', 'can_add', array('forum_id' => $forum['forum_id']))) { $post_type = TOPIC_NORMAL; } } /* Is this a featured topic? */ $is_feature = isset($_REQUEST['is_feature']) && $_REQUEST['is_feature'] == 'yes' ? 1 : 0; if ($is_feature == 1 && $request['user']->get('perms') < get_map('feature', 'can_add', array('forum_id' => $forum['forum_id']))) { $is_feature = 0; } } else { $post_type = TOPIC_NORMAL; $is_feature = 0; } /* If we are saving this topic */ if ($submit_type == 'post' || isset($_REQUEST['post'])) { $posticon = iif($request['user']->get('perms') >= get_map('posticons', 'can_add', array('forum_id' => $forum['forum_id'])), isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'clear.gif'); $time = time(); $name = k4_htmlentities($_REQUEST['name'], ENT_QUOTES); /** * Build the queries to update the topic */ $update_a = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET name=?,body_text=?,posticon=?,disable_html=?,disable_bbcode=?,disable_emoticons=?,disable_sig=?,disable_areply=?,disable_aurls=?,is_draft=?,edited_time=?,edited_username=?,edited_userid=?,is_feature=?,post_type=?,post_expire=?,is_poll=? WHERE post_id=?"); $update_a->setString(1, $name); $update_a->setString(2, $body_text); $update_a->setString(3, $posticon); $update_a->setInt(4, isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'] ? 1 : 0); $update_a->setInt(5, isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'] ? 1 : 0); $update_a->setInt(6, isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'] ? 1 : 0); $update_a->setInt(7, isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'] ? 0 : 1); $update_a->setInt(8, isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'] ? 1 : 0); $update_a->setInt(9, isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'] ? 1 : 0); $update_a->setInt(10, 0); $update_a->setInt(11, $time); $update_a->setString(12, $request['user']->get('id') <= 0 ? k4_htmlentities(isset($_REQUEST['poster_name']) ? $_REQUEST['poster_name'] : '', ENT_QUOTES) : $request['user']->get('name')); $update_a->setInt(13, $request['user']->get('id')); $update_a->setInt(14, $is_feature); $update_a->setInt(15, $post_type); $update_a->setInt(16, $post_type > TOPIC_NORMAL ? intval(isset($_REQUEST['post_expire']) ? $_REQUEST['post_expire'] : 0) : 0); $update_a->setInt(17, $is_poll); $update_a->setInt(18, $post['post_id']); $update_a->executeUpdate(); /* If this topic is a redirect/ connects to one, update the original */ if ($this->row_type & TOPIC && ($post['moved_new_post_id'] > 0 || $post['moved_old_post_id'] > 0)) { $redirect = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET name=?,edited_time=?,edited_username=?,edited_userid=? WHERE post_id=?"); $redirect->setString(1, $name); $redirect->setInt(2, time()); $redirect->setString(3, $request['user']->get('name')); $redirect->setInt(4, $request['user']->get('id')); $redirect->setInt(5, $post['moved_new_post_id'] > 0 ? $post['moved_new_post_id'] : $post['moved_old_post_id']); $redirect->executeUpdate(); /** * Subscribe/Unsubscribe this user to the topic */ $is_subscribed = $request['dba']->getRow("SELECT * FROM " . K4SUBSCRIPTIONS . " WHERE user_id = " . intval($request['user']->get('id')) . " AND post_id = " . intval($post['post_id'])); if (isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply']) { if (!is_array($is_subscribed) || empty($is_subscribed)) { $subscribe = $request['dba']->prepareStatement("INSERT INTO " . K4SUBSCRIPTIONS . " (user_id,post_id,forum_id,email) VALUES (?,?,?,?)"); $subscribe->setInt(1, $request['user']->get('id')); $subscribe->setInt(2, $topic['post_id']); $subscribe->setInt(3, $forum['forum_id']); $subscribe->setString(4, $request['user']->get('email')); $subscribe->executeUpdate(); } } else { if (!isset($_REQUEST['disable_areply']) || !$_REQUEST['disable_areply']) { if (is_array($is_subscribed) && !empty($is_subscribed)) { $subscribe = $request['dba']->prepareStatement("DELETE FROM " . K4SUBSCRIPTIONS . " WHERE user_id=? AND post_id=?"); $subscribe->setInt(1, $request['user']->get('id')); $subscribe->setInt(2, $topic['post_id']); $subscribe->executeUpdate(); } } } } // deal with attachments if ($request['template']->getVar('nojs') == 0) { attach_files($request, $forum, $post); } /* Should we update the forum's last post info? */ if ($forum['lastpost_id'] == $post['post_id']) { // if this topic is the forums last post if ($forum['lastpost_id'] == $post['post_id'] && $forum['lastpost_created'] == $post['created']) { $forum_topic_update = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET lastpost_name=?,lastpost_posticon=? WHERE forum_id=?"); $forum_topic_update->setString(1, $name); $forum_topic_update->setString(2, $posticon); $forum_topic_update->setInt(3, $forum['forum_id']); $forum_topic_update->executeUpdate(); } } /* Redirect the user */ $action = new K4InformationAction(new K4LanguageElement($this->row_type & TOPIC ? 'L_UPDATEDTOPIC' : 'L_UPDATEDREPLY', $name), 'content', FALSE, 'findpost.php?id=' . $post['post_id'], 3); return $action->execute($request); } else { /** * Post Previewing */ if (!USE_XMLHTTP) { $request['template']->setVar('L_TITLETOOSHORT', sprintf($request['template']->getVar('L_TITLETOOSHORT'), $request['template']->getVar('topicminchars'), $request['template']->getVar('topicmaxchars'))); /* Get and set the emoticons and post icons to the template */ $emoticons = $request['dba']->executeQuery("SELECT * FROM " . K4EMOTICONS . " WHERE clickable = 1"); $posticons = $request['dba']->executeQuery("SELECT * FROM " . K4POSTICONS); $request['template']->setList('emoticons', $emoticons); $request['template']->setList('posticons', $posticons); $request['template']->setVar('emoticons_per_row', $request['template']->getVar('smcolumns')); $request['template']->setVar('emoticons_per_row_remainder', $request['template']->getVar('smcolumns') - 1); post_attachment_options($request, $forum, $post); topic_post_options($request['template'], $request['user'], $forum); /* Create our editor */ create_editor($request, $_REQUEST['message'], 'post', $forum); } $topic_preview = array('post_id' => @$post['post_id'], 'name' => $name, 'posticon' => isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'body_text' => $body_text, 'poster_name' => html_entity_decode($topic['poster_name'], ENT_QUOTES), 'poster_id' => $request['user']->get('id'), 'is_poll' => $topic['is_poll'], 'row_left' => 0, 'row_right' => 0, 'post_type' => $post_type, 'is_feature' => $is_feature, 'disable_html' => isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'] ? 1 : 0, 'disable_sig' => isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'] ? 1 : 0, 'disable_bbcode' => isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'] ? 1 : 0, 'disable_emoticons' => isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'] ? 1 : 0, 'disable_areply' => isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'] ? 1 : 0, 'disable_aurls' => isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'] ? 1 : 0); /* Add the topic information to the template */ $topic_iterator =& new TopicIterator($request['dba'], $request['user'], $topic_preview, FALSE); $request['template']->setList('topic', $topic_iterator); /* Assign the topic preview values to the template */ $topic_preview['body_text'] = $_REQUEST['message']; foreach ($topic_preview as $key => $val) { $request['template']->setVar('topic_' . $key, $val); } /* Assign the forum information to the template */ foreach ($forum as $key => $val) { $request['template']->setVar('forum_' . $key, $val); } if (!USE_XMLHTTP) { /* Set the the button display options */ $request['template']->setVisibility('save_draft', FALSE); $request['template']->setVisibility('load_button', FALSE); $request['template']->setVisibility('edit_topic', TRUE); $request['template']->setVisibility('post_id', TRUE); $request['template']->setVisibility('post_topic', FALSE); $request['template']->setVisibility('edit_post', TRUE); /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_POSTTOPIC', $forum); /* Set the post topic form */ $request['template']->setVar('forum_forum_id', $forum['forum_id']); $request['template']->setFile('preview', 'post_preview.html'); $request['template']->setFile('content', 'newtopic.html'); } else { $templateset = $request['user']->isMember() ? $request['user']->get('templateset') : $forum['defaultstyle']; xmlhttp_header(); echo $request['template']->run(BB_BASE_DIR . '/templates/' . $templateset . '/post_preview.html'); xmlhttp_footer(); } } return TRUE; }
function execute(&$request) { global $_QUERYPARAMS, $_ALLFORUMS, $_URL; k4_bread_crumbs($request['template'], $request['dba'], 'L_SEARCHRESULTS'); if (get_map('advsearch', 'can_add', array()) > $request['user']->get('perms')) { // something here? } /* Do we force it to rewrite the session? */ if (isset($_REQUEST['rewrite_session']) && intval($_REQUEST['rewrite_session']) == 1 && isset($_SESSION['search']['search_queries'])) { unset($_SESSION['search']['search_queries']); } /** * Sort out author information */ $user_ids = ''; if (isset($_REQUEST['author']) && $_REQUEST['author'] != '') { $author = k4_htmlentities(trim($_REQUEST['author']), ENT_QUOTES); if (!isset($_REQUEST['exact']) || !$_REQUEST['exact']) { $author = str_replace('%', '*', $author); $author = intval($request['template']->getVar('allowwildcards')) == 1 ? str_replace('*', '%', $author) : str_replace('*', ' ', $author); // wildcard/partial match $user_search = "LOWER(name) LIKE LOWER('%" . $request['dba']->quote($author) . "%')"; } else { // exact match $user_search = "name = '" . $request['dba']->quote($author) . "'"; } if (strlen($author) < $request['template']->getVar('minsearchlength') || strlen($author) > $request['template']->getVar('maxsearchlength')) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDSEARCHKEYWORDS', $request['template']->getVar('minsearchlength'), $request['template']->getVar('maxsearchlength')), 'content', TRUE, 'search.php', 5); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(sprintf($request['template']->getVar('L_INVALIDSEARCHKEYWORDS'), $request['template']->getVar('minsearchlength'), $request['template']->getVar('maxsearchlength'))); } $users = $request['dba']->executeQuery("SELECT * FROM " . K4USERS . " WHERE {$user_search}"); if ($users->numrows() > 0) { $user_ids = ' AND ('; while ($users->next()) { $user = $users->current(); $user_ids .= $users->key() == 0 ? ' poster_id = ' . intval($user['id']) : ' OR poster_id = ' . intval($user['id']); } $user_ids .= ') '; } else { $action = new K4InformationAction(new K4LanguageElement('L_NOAUTHORSBYNAME'), 'content', FALSE, 'search.php', 5); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_NOAUTHORSBYNAME'); } } /** * Sort out forum information */ $forum_ids = ''; $category_ids = ''; $searchable_forums = ''; /* This will handle different types of forum data */ if (isset($_REQUEST['forums']) && is_array($_REQUEST['forums']) && !empty($_REQUEST['forums'])) { $forums = $_REQUEST['forums']; } elseif (isset($_REQUEST['forums']) && count(explode("|", $_REQUEST['forums'])) > 0) { $forums = explode("|", $_REQUEST['forums']); } else { $forums = array(); } /* Now start looking thouroughly at the data */ if (is_array($forums) && !empty($forums)) { $subforums = isset($_REQUEST['searchsubforums']) && intval($_REQUEST['searchsubforums']) == 1 ? TRUE : FALSE; $allforums = intval(@$forums[0]) == -1 ? TRUE : FALSE; $searchable_forums = $allforums ? '-1' : ''; // do not include the first option for ($i = 1; $i < count($forums); $i++) { $id = intval($forums[$i]); // forums if (isset($_ALLFORUMS[$id])) { if (get_map('', 'can_view', array('forum_id' => $id)) <= $request['user']->get('perms')) { $forum_ids .= !$subforums && $_ALLFORUMS[$id]['row_level'] > 2 ? '' : ' OR forum_id = ' . intval($id); $searchable_forums .= '|' . $id; } } } $category_ids = $category_ids != '' ? ' AND (' . substr($category_ids, 4) . ') ' : ''; $forum_ids = $forum_ids != '' ? ' AND (' . substr($forum_ids, 4) . ') ' : ''; // if(($allforums && !$subforums) || (!$allforums && !$subforums) ) { // $forum_ids = $forum_ids != '' ? ' AND ('. substr($forum_ids, 4) .') ' : ''; // } else { // $category_ids = ''; // $forum_ids = ''; // $searchable_forums = '-1'; // } } /* Set which forums we're looking through to the display options field */ $request['template']->setVar('search_forums', trim($searchable_forums, '|')); /** * Sort out keywords */ $keyword_query = ''; if (isset($_REQUEST['keywords']) && $_REQUEST['keywords'] != '' && !isset($_REQUEST['newposts'])) { // deal with wildcrds $keywords = str_replace('%', '*', $_REQUEST['keywords']); $keywords = intval($request['template']->getVar('allowwildcards')) == 1 ? str_replace('*', '%', $keywords) : str_replace('*', ' ', $keywords); // are the keywords too short or too long? if (strlen($keywords) < $request['template']->getVar('minsearchlength') || strlen($keywords) > $request['template']->getVar('maxsearchlength')) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDSEARCHKEYWORDS', $request['template']->getVar('minsearchlength'), $request['template']->getVar('maxsearchlength')), 'content', TRUE, 'search.php', 5); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(sprintf($request['template']->getVar('L_INVALIDSEARCHKEYWORDS'), $request['template']->getVar('minsearchlength'), $request['template']->getVar('maxsearchlength'))); } // has the person specified where to search? if (isset($_REQUEST['searchwhere']) && $_REQUEST['searchwhere'] != '' && $_REQUEST['searchwhere'] != 'subjectmessage') { if ($_REQUEST['searchwhere'] == 'subject') { $keyword_query = " AND LOWER(name) LIKE LOWER('%" . $request['dba']->quote($keywords) . "%')"; } else { if ($_REQUEST['searchwhere'] == 'message') { $keyword_query = " AND LOWER(body_text) LIKE LOWER('%" . $request['dba']->quote($keywords) . "%')"; } } } else { $keyword_query = " AND (LOWER(name) LIKE LOWER('%" . $request['dba']->quote($keywords) . "%') OR LOWER(body_text) LIKE LOWER('%" . $request['dba']->quote($keywords) . "%')) "; } } // set where we are searching to the template $request['template']->setVar('search_where', !isset($_REQUEST['searchwhere']) ? 'subjectmessage' : $_REQUEST['searchwhere']); // are there no keywords, user ids, etc? if ($keyword_query == '' && $user_ids == '' && !isset($_SESSION['search']['search_queries']) && !isset($_REQUEST['newposts'])) { $action = new K4InformationAction(new K4LanguageElement('L_SEARCHINVALID'), 'content', TRUE, 'search.php', 3); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_SEARCHINVALID'); } /** * Viewing preferences */ $sort_orders = array('created', 'poster_name', 'name', 'forum_id'); $viewas = isset($_SESSION['search']['search_queries']['viewas']) && $_SESSION['search']['search_queries']['viewas'] == 'topics' ? 'topics' : (isset($_REQUEST['viewas']) && $_REQUEST['viewas'] == 'topics' ? 'topics' : 'posts'); $resultsperpage = $viewas == 'topics' ? intval($request['template']->getVar('searchtopicsperpage')) : intval($request['template']->getVar('searchpostsperpage')); $resultsperpage = isset($_REQUEST['limit']) && ctype_digit($_REQUEST['limit']) && intval($_REQUEST['limit']) > 0 ? intval($_REQUEST['limit']) : $resultsperpage; $page = isset($_REQUEST['page']) && ctype_digit($_REQUEST['page']) && intval($_REQUEST['page']) > 0 ? intval($_REQUEST['page']) : 1; $daysprune = isset($_REQUEST['daysprune']) && ctype_digit($_REQUEST['daysprune']) ? $_REQUEST['daysprune'] == -1 ? 0 : intval($_REQUEST['daysprune']) : 0; $daysprune = $daysprune > 0 ? time() - @($daysprune * 86400) : 0; $sortorder = isset($_SESSION['search']['search_queries']['order']) && $_SESSION['search']['search_queries']['order'] == 'ASC' ? 'ASC' : (isset($_REQUEST['order']) && $_REQUEST['order'] == 'ASC' ? 'ASC' : 'DESC'); $sortedby = isset($_SESSION['search']['search_queries']['sort']) && $_SESSION['search']['search_queries']['sort'] != 'DESC' ? $_SESSION['search']['search_queries']['sort'] : (isset($_REQUEST['sort']) && $_REQUEST['sort'] != '' ? $_REQUEST['sort'] : 'created'); $start = ceil(@($page - 1) * $resultsperpage); /** * Execute the search */ /* Create an array of the queries that we will use to weed out posts and pass through the session */ $select = "num_replies, forum_id, post_id, post_id, body_text, name, posticon, is_poll, poster_name, poster_id, views, lastpost_uname, lastpost_uid, created, row_type"; $general_condition = "is_draft=0 AND queue=0 AND display=1 AND moved_new_post_id=0 AND post_id>0"; //$selectr = "num_replies, forum_id, post_id, post_id, body_text, name, posticon, is_poll, poster_name, poster_id, poster_ip as views, poster_ip, category_id, created, row_type"; $queries = array('posts' => "SELECT **SELECT** FROM " . K4POSTS . " WHERE {$general_condition} {$user_ids} {$forum_ids} {$category_ids} {$keyword_query} AND created >= {$daysprune} ORDER BY {$sortedby} {$sortorder}", 'topics_only' => "SELECT **SELECT** FROM " . K4POSTS . " WHERE row_type=" . TOPIC . " AND {$general_condition} {$user_ids} {$forum_ids} {$keyword_query} ORDER BY {$sortedby} {$sortorder}", 'viewas' => $viewas, 'limit' => $resultsperpage, 'sort' => $sortedby, 'order' => $sortorder, 'author' => @$_REQUEST['author'], 'keywords' => @$_REQUEST['keywords'], 'subforums' => intval(@$_REQUEST['searchsubforums'])); //print_r($queries); // set these queries to the session if (isset($_SESSION['search']['search_queries']) && is_array($_SESSION['search']['search_queries']) && !empty($_SESSION['search']['search_queries'])) { $queries = $_SESSION['search']['search_queries']; } else { $_SESSION['search']['search_queries'] = $queries; } /* Get topics and replies */ if ($queries['viewas'] == 'posts') { if (!isset($queries['num_results'])) { $num_results = $request['dba']->getValue(str_replace('**SELECT**', 'COUNT(post_id)', $queries['posts'])); $_SESSION['search']['search_queries']['num_results'] = $num_results; } else { $num_results = $queries['num_results']; } /* Set the iterator */ $result = $request['dba']->executeQuery(str_replace('**SELECT**', $select, $queries['posts']) . " LIMIT {$start}," . intval($queries['limit'])); $it =& new SearchResultsIterator($request['dba'], $result); /* Get topics only */ } else { if (!isset($queries['num_results'])) { $num_results = $request['dba']->getValue(str_replace('**SELECT**', 'COUNT(post_id)', $queries['topics_only'])); $_SESSION['search']['search_queries']['num_results'] = $num_results; } else { $num_results = $queries['num_results']; } /* get the topics */ $topics = $request['dba']->executeQuery(str_replace('**SELECT**', '*', $queries['topics_only']) . " LIMIT {$start}," . $queries['limit']); /* Apply the topics iterator */ $it =& new TopicsIterator($request['dba'], $request['user'], $topics, $request['template']->getVar('IMG_DIR'), array('postsperpage' => $queries['limit'])); } /** * Pagination */ /* Create the Pagination */ $url = new FAUrl($_URL->__toString()); $url->args['limit'] = $queries['limit']; $url->args['viewas'] = $queries['viewas']; $url->args['sort'] = $queries['sort']; $url->args['order'] = $queries['order']; $url->args['page'] = FALSE; $url->anchor = FALSE; $num_pages = ceil(@($num_results / $queries['limit'])); $pager =& new FAPaginator($url, $num_results, $page, $queries['limit']); $base_url = new FAUrl($_URL->__toString()); if ($num_results > $resultsperpage) { $request['template']->setPager('searchresults_pager', $pager); /* Create a friendly url for our pager jump */ $request['template']->setVar('pagejumper_url', preg_replace('~&~i', '&', $base_url->__toString())); } /* Outside valid page range, redirect */ if (!$pager->hasPage($page) && $num_pages > 0) { $base_url->args['page'] = $num_pages; $action = new K4InformationAction(new K4LanguageElement('L_PASTPAGELIMIT'), 'content', FALSE, $base_url->__toString(), 3); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_PASTPAGELIMIT'); } // finish stuff off $request['template']->setVar('mod_panel', 0); $request['template']->setVar('search_panel', 1); $request['template']->setList('search_results', $it); /* Search data gathered */ $request['template']->setVar('search_viewas', $queries['viewas']); $request['template']->setVar('search_viewas_int', $queries['viewas'] == 'posts' ? 1 : 2); // for the if statements $request['template']->setVar('search_num_results', $num_results); $request['template']->setVar('search_author', $queries['author']); $request['template']->setVar('search_keywords', $queries['keywords']); $request['template']->setVar('search_sort', $queries['sort']); $request['template']->setVar('search_limit', $queries['limit']); $request['template']->setVar('search_order', $queries['order']); $request['template']->setVar('search_subforums', $queries['subforums']); $request['template']->setVar('search_daysprune', isset($_REQUEST['daysprune']) ? intval($_REQUEST['daysprune']) : 0); $request['template']->setVar('post_length', isset($_REQUEST['post_length']) && intval($_REQUEST['post_length']) > 0 ? intval($_REQUEST['post_length']) : intval($request['template']->getVar('searchpostlength'))); $request['template']->setFile('content', 'search_results.html'); //$request['template']->setFile('content_extra', 'search_sort_menu.html'); $request['template']->setVisibility('forum_midsection', FALSE); /* Memory Saving */ unset($result); if (USE_XMLHTTP) { $html = $request['template']->run(BB_BASE_DIR . '/templates/' . $request['user']->get('templateset') . '/search_results_simple.html'); xmlhttp_header(); echo $html; xmlhttp_footer(); } return TRUE; }
function execute(&$request) { /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_USERCONTROLPANEL'); global $_SETTINGS; $check = new K4PMCheckPerms(); $check->execute($request); if (get_map('pm_message', 'can_add', array()) > $request['user']->get('perms')) { no_perms_error($request); return TRUE; } $num_pms = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4PRIVMESSAGES . " WHERE poster_id = " . intval($request['user']->get('id'))); $max_pms = intval($request['template']->getVar('pmquota')); if ($num_pms >= $max_pms) { $action = new K4InformationAction(new K4LanguageElement('L_TOOMANYPMS', $num_pms, $max_pms), 'usercp_content', FALSE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_TOOMANYPMS', $num_pms, $max_pms)); } k4_bread_crumbs($request['template'], $request['dba'], 'L_USERCONTROLPANEL'); $request['template']->setFile('content', 'usercp.html'); /** * Get who the message is going to */ if (!$this->runPostFilter('to', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_NEEDSENDPMTOSOMEONE'), 'usercp_content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_NEEDSENDPMTOSOMEONE'); } $users = isset($_REQUEST['to']) && $_REQUEST['to'] != '' ? explode(",", $_REQUEST['to']) : array($_REQUEST['to']); $users = isset($_REQUEST['cc']) && $_REQUEST['cc'] != '' ? array_merge($users, explode(",", $_REQUEST['to'])) : $users; $valid_users = array(); $draft_users = array(); foreach ($users as $username) { $username = trim($username); if (!in_array($username, $draft_users) && $username != $request['user']->get('name') && $username != '') { $user = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE name = '" . $request['dba']->quote(k4_htmlentities($username, ENT_QUOTES)) . "'"); if (is_array($user) && !empty($user)) { if (get_map('pm_message', 'can_view', array()) <= $user['perms']) { $valid_users[] = $user; $draft_users[] = $user['name']; } } } } if (!is_array($valid_users) || empty($valid_users)) { $action = new K4InformationAction(new K4LanguageElement('L_PMNOVALIDRECIEVERS'), 'usercp_content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_PMNOVALIDRECIEVERS'); } /** * Check over posting inputs */ /* General error checking */ if (!$this->runPostFilter('name', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_INSERTTOPICNAME'), 'usercp_content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTPMSUBJECT'); } if (!$this->runPostFilter('name', new FALengthFilter(intval($_SETTINGS['topicmaxchars'])))) { $action = new K4InformationAction(new K4LanguageElement('L_PMSUBJECTTOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'usercp_content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_PMSUBJECTTOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars']))); } if (!$this->runPostFilter('name', new FALengthFilter(intval($_SETTINGS['topicmaxchars']), intval($_SETTINGS['topicminchars'])))) { $action = new K4InformationAction(new K4LanguageElement('L_PMSUBJECTTOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'usercp_content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_PMSUBJECTTOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars']))); } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INSERTPMMESSAGE'), 'usercp_content', TRUE); return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTPMMESSAGE'); } /* Set the message created time */ $created = time(); $_REQUEST['message'] = substr($_REQUEST['message'], 0, $_SETTINGS['pmmaxchars']); /* Initialize the bbcode parser with the topic message */ /*$bbcode = &new BBCodex($request['dba'], $request['user']->getInfoArray(), $_REQUEST['message'], 0, iif((isset($_REQUEST['disable_html']) && $_REQUEST['disable_html']), FALSE, TRUE), iif((isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode']), FALSE, TRUE), iif((isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons']), FALSE, TRUE), iif((isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls']), FALSE, TRUE));*/ /* Parse the bbcode */ $body_text = $_REQUEST['message']; if (!isset($_REQUEST['disable_bbcode']) || !$_REQUEST['disable_bbcode']) { $parser =& new BBParser(); Globals::setGlobal('forum_id', 0); Globals::setGlobal('maxpolloptions', 0); $body_text = $parser->parse($body_text); } $parent_id = 0; $message_id = 0; /** * Was this message originally a draft? */ $draft_loaded = FALSE; if (isset($_REQUEST['draft']) && intval($_REQUEST['draft']) > 0) { $draft = $request['dba']->getRow("SELECT * FROM " . K4PRIVMESSAGES . " WHERE pm_id = " . intval($_REQUEST['draft']) . " AND is_draft = 1"); if (is_array($draft) && !empty($draft)) { $draft_loaded = TRUE; } } if (isset($_REQUEST['reply']) && intval($_REQUEST['reply']) > 0 || $draft_loaded && $draft['message_id'] > 0) { $post_id = isset($_REQUEST['reply']) ? $_REQUEST['reply'] : $draft['message_id']; $message = $request['dba']->getRow("SELECT * FROM " . K4PRIVMESSAGES . " WHERE pm_id = " . intval($post_id)); if (is_array($message) && !empty($message)) { $parent_id = intval($message['pm_id']); $message_id = intval($message['message_id']) == 0 ? intval($message['pm_id']) : intval($message['message_id']); } } if (isset($_REQUEST['submit_type']) && ($_REQUEST['submit_type'] == 'post' || $_REQUEST['submit_type'] == 'draft') || (isset($_REQUEST['post']) || isset($_REQUEST['draft']))) { $is_draft = 0; $folder = PM_INBOX; /** * Does this person have permission to post a draft? */ if (!$draft_loaded && ($_REQUEST['submit_type'] == 'draft' || isset($_REQUEST['draft']))) { if ($request['user']->get('perms') < get_map('pm_message_save', 'can_add', array())) { $action = new K4InformationAction(new K4LanguageElement('L_YOUNEEDPERMS'), 'content', FALSE); return $action->execute($request); } $is_draft = 1; $folder = PM_SAVEDITEMS; $valid_users = array($request['user']->getInfoArray()); } /** * Should we save this message too? */ $do_save = isset($_REQUEST['save_message']) && $_REQUEST['save_message'] ? TRUE : FALSE; if (!$draft_loaded && $do_save && $is_draft == 0) { $valid_users[] = $request['user']->getInfoArray(); } /** * Can / Do we track this message? */ $track = FALSE; if (isset($_REQUEST['track_message'])) { $track = FALSE; // TODO: Message Tracking } /** * Build the queries */ $request['dba']->beginTransaction(); $sending_id = md5(uniqid(rand(), true)); $tracker_id = md5(uniqid(rand(), true)); /** * Loop through the users and send the private message to them */ $i = 0; foreach ($valid_users as $user) { /* Make sure to add a limit to how many messages can be sent if there is one */ if ($i < $request['template']->getVar('maxsendtopms') && $request['template']->getVar('maxsendtopms') > 0) { /* Prepare the inserting statement */ $insert_a = $request['dba']->prepareStatement("INSERT INTO " . K4PRIVMESSAGES . " (name,folder_id,poster_name,poster_id,body_text,posticon,disable_html,disable_bbcode,disable_emoticons,disable_sig,disable_areply,disable_aurls,is_draft,created,member_id,member_name,member_has_read,tracker_id,sending_id,parent_id,message_id) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"); $insert_a->setString(1, k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES)); $insert_a->setInt(2, $user['id'] != $request['user']->get('id') || $is_draft == 1 ? $folder : PM_SENTITEMS); $insert_a->setString(3, $request['user']->get('name')); $insert_a->setInt(4, $request['user']->get('id')); $insert_a->setString(5, $body_text); $insert_a->setString(6, iif($request['user']->get('perms') >= get_map('pm_posticons', 'can_add', array()), isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'clear.gif')); $insert_a->setInt(7, iif(isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'], 1, 0)); $insert_a->setInt(8, iif(isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'], 1, 0)); $insert_a->setInt(9, iif(isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'], 1, 0)); $insert_a->setInt(10, iif(isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'], 0, 1)); $insert_a->setInt(11, iif(isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'], 1, 0)); $insert_a->setInt(12, iif(isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'], 1, 0)); $insert_a->setInt(13, $is_draft); $insert_a->setInt(14, $created); $insert_a->setInt(15, $user['id']); $insert_a->setString(16, $user['name']); $insert_a->setInt(17, $user['id'] == $request['user']->get('id') ? 1 : 0); $insert_a->setString(18, $tracker_id); $insert_a->setString(19, $sending_id); $insert_a->setString(20, $parent_id); $insert_a->setString(21, $message_id); $insert_a->executeUpdate(); $pm_id = $request['dba']->getInsertId(K4PRIVMESSAGES, 'pm_id'); // update the number of new pm's for that user if ($user['id'] != $request['user']->get('id')) { $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET new_pms=new_pms+1 WHERE id = " . intval($user['id'])); } } else { break; } $i++; } /** * If this PM was a draft, it was sent back to us, now we need to create * a record of who to send it to for if we choose to send it again */ if (!$draft_loaded && (isset($_REQUEST['submit_type']) && $_REQUEST['submit_type'] == 'draft') || isset($_REQUEST['draft'])) { /* Split who this message is to into 'to' and 'carbon copy' */ $count = count($draft_users); $to = array_slice($draft_users, 0, ceil($count / 2)); $cc = $count > 1 ? array_slice($draft_users, ceil($count / 2), $count) : array(); $insert = $request['dba']->prepareStatement("INSERT INTO " . K4PRIVMSGDRAFTS . " (pm_id,pm_to,pm_cc) VALUES (?,?,?)"); $insert->setInt(1, $pm_id); $insert->setString(2, implode(',', $to)); $insert->setString(3, implode(',', $cc)); /* Add the draft information */ $insert->executeUpdate(); } /** * If we loaded a draft, deal with it */ if ($draft_loaded) { $request['dba']->executeUpdate("DELETE FROM " . K4PRIVMESSAGES . " WHERE pm_id = " . intval($draft['pm_id'])); $request['dba']->executeUpdate("DELETE FROM " . K4PRIVMSGDRAFTS . " WHERE pm_id = " . intval($draft['pm_id'])); } /** * If this was a reply, update its parent and top-message */ if ($message_id > 0) { $request['dba']->executeUpdate("UPDATE " . K4PRIVMESSAGES . " SET num_replies=num_replies+1 WHERE pm_id = " . intval($message_id)); if ($message_id != $parent_id) { $request['dba']->executeUpdate("UPDATE " . K4PRIVMESSAGES . " SET num_replies=num_replies+1 WHERE pm_id = " . intval($parent_id)); } } /* Finish everything off by commiting the SQL transaction */ $request['dba']->commitTransaction(); /** * Now we're done! */ if ($is_draft == 0) { $action = new K4InformationAction(new K4LanguageElement('L_SENTPRIVATEMSG', k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES)), 'usercp_content', FALSE, 'member.php?act=usercp', 3); return $action->execute($request); } else { $action = new K4InformationAction(new K4LanguageElement('L_SAVEDPRIVATEMSG', k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES)), 'usercp_content', FALSE, 'member.php?act=usercp', 3); return $action->execute($request); } } else { /** * Message Previewing */ if (!USE_XMLHTTP) { $request['template']->setVar('L_PMSUBJECTTOOSHORT', sprintf($request['template']->getVar('L_TITLETOOSHORT'), $request['template']->getVar('topicminchars'), $request['template']->getVar('topicmaxchars'))); /* Create the bbcode/wysiwyg editor */ create_editor($request, '', 'pm'); $request['template']->setFile('usercp_content', 'pm_newmessage.html'); $request['template']->setVisibility('post_pm', TRUE); $request['template']->setVar('newpm_action', 'member.php?act=pm_savemessage'); /* Get and set the emoticons and post icons to the template */ $emoticons = $request['dba']->executeQuery("SELECT * FROM " . K4EMOTICONS . " WHERE clickable = 1"); $posticons = $request['dba']->executeQuery("SELECT * FROM " . K4POSTICONS); /* Add the emoticons and the post icons to the template */ $request['template']->setList('emoticons', $emoticons); $request['template']->setList('posticons', $posticons); /* Set some emoticon information */ $request['template']->setVar('emoticons_per_row', $request['template']->getVar('smcolumns')); $request['template']->setVar('emoticons_per_row_remainder', $request['template']->getVar('smcolumns') - 1); } $msg_preview = array('pm_id' => 0, 'name' => k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES), 'posticon' => isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'body_text' => $body_text, 'poster_name' => $request['user']->get('name'), 'poster_id' => $request['user']->get('id'), 'disable_html' => iif(isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'], 1, 0), 'disable_sig' => iif(isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'], 0, 1), 'disable_bbcode' => iif(isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'], 1, 0), 'disable_emoticons' => iif(isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'], 1, 0), 'disable_areply' => iif(isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'], 1, 0), 'disable_aurls' => iif(isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'], 1, 0)); /* Add the message information to the template */ $pm_iterator =& new K4PrivMsgIterator($request['dba'], $request['user'], $msg_preview, FALSE); $request['template']->setList('message', $pm_iterator); /* Assign the message preview values to the template */ $msg_preview['body_text'] = $_REQUEST['message']; foreach ($msg_preview as $key => $val) { $request['template']->setVar('pm_' . $key, $val); } if (!USE_XMLHTTP) { /* Set the the button display options */ $request['template']->setVisibility('save_draft', FALSE); $request['template']->setVisibility('load_button', FALSE); $request['template']->setVisibility('edit_topic', TRUE); $request['template']->setVisibility('post_id', TRUE); $request['template']->setVisibility('post_topic', FALSE); $request['template']->setVisibility('edit_post', TRUE); $request['template']->setVisibility('post_pm', TRUE); /* Create the bbcode/wysiwyg editor */ create_editor($request, $body_text, 'pm'); $request['template']->setVar('L_PMSUBJECTTOOSHORT', sprintf($request['template']->getVar('L_TITLETOOSHORT'), $request['template']->getVar('topicminchars'), $request['template']->getVar('topicmaxchars'))); $request['template']->setVar('newpm_action', 'member.php?act=pm_savemessage'); if ($draft_loaded) { $request['template']->setVar('edit_type', 'draft'); $request['template']->setVisibility('edit_message', TRUE); $request['template']->setVisibility('save_draft', FALSE); } if ($parent_id > 0) { $request['template']->setVar('edit_type', 'reply'); } /* Set the post topic form */ $request['template']->setFile('preview', 'pm_preview.html'); $request['template']->setFile('content', 'usercp.html'); $request['template']->setFile('usercp_content', 'pm_newmessage.html'); } else { xmlhttp_header(); echo $request['template']->run(BB_BASE_DIR . '/templates/' . $request['user']->get('templateset') . '/pm_preview.html'); xmlhttp_footer(); } } }