 This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass.
 public function action()
     global $mybb;
     require_once MYBB_ROOT . 'inc/functions_post.php';
     require_once MYBB_ROOT . '/inc/datahandlers/post.php';
     if (isset($mybb->input["subject"]) && is_string($mybb->input["subject"]) && isset($mybb->input["forumid"]) && is_numeric($mybb->input["forumid"]) && isset($mybb->input["message"]) && is_string($mybb->input["message"]) && isset($mybb->input["ipaddress"]) && is_string($mybb->input["ipaddress"])) {
         $subject = $mybb->input["subject"];
         $forumid = (int) $mybb->input["forumid"];
         $message = $mybb->input["message"];
         $ipaddress = $mybb->input["ipaddress"];
         $prefix = isset($mybb->input["prefix"]) && is_string($mybb->input["prefix"]) ? $mybb->input["prefix"] : null;
         $icon = isset($mybb->input["icon"]) && is_string($mybb->input["icon"]) ? $mybb->input["icon"] : null;
         $savedraft = isset($mybb->input["savedraft"]) && in_array($mybb->input["savedraft"], array("1", "0")) ? (int) $mybb->input["savedraft"] : 0;
         $subscriptionmethod = isset($mybb->input["subscriptionmethod"]) && in_array($mybb->input["subscriptionmethod"], array("", "none", "instant")) ? $mybb->input["subscriptionmethod"] : "";
         $signature = isset($mybb->input["signature"]) && in_array($mybb->input["signature"], array("1", "0")) ? (int) $mybb->input["signature"] : 0;
         $disablesmilies = isset($mybb->input["disablesmilies"]) && in_array($mybb->input["disablesmilies"], array("1", "0")) ? (int) $mybb->input["disablesmilies"] : 0;
         $modclosethread = isset($mybb->input["modclosethread"]) && in_array($mybb->input["modclosethread"], array("1", "0")) ? (int) $mybb->input["modclosethread"] : 0;
         $modstickthread = isset($mybb->input["modstickthread"]) && in_array($mybb->input["modstickthread"], array("1", "0")) ? (int) $mybb->input["modstickthread"] : 0;
         // let's start
         $posthandler = new PostDataHandler('insert');
         $posthandler->action = 'thread';
         $data = array("uid" => $this->get_user()->uid, "username" => $this->get_user()->username, "subject" => $subject, "fid" => $forumid, "prefix" => $prefix, "message" => $message, "ipaddress" => $ipaddress, "icon" => $icon, "savedraft" => $savedraft, "options" => array("subscriptionmethod" => $subscriptionmethod, "signature" => $signature, "disablesmilies" => $disablesmilies));
         if (isset($this->get_user()->is_moderator) && $this->get_user()->is_moderator) {
             $data[] = array("closethread" => $modclosethread, "stickthread" => $modstickthread);
         if (!$posthandler->validate_thread()) {
             throw new BadRequestException((object) $posthandler->get_friendly_errors());
         return (object) $posthandler->insert_thread();
function postcopy_main($data)
    global $mybb, $db;
    require_once MYBB_ROOT . "inc/datahandlers/post.php";
    $forumID = "1";
    //Forum ID to monitor for new posts
    $destForum = "1";
    //Forum ID to copy posts to
    $prefixIDNew = "1";
    // Thread prefix to apply to copied thread
    $posterUID = "1";
    //UserID of the user you want to "post" the new thread, or you can edit the data below to use the original posters ID.
    if ($data->data['fid'] === $forumID) {
        $query = $db->query("SELECT example, example2, example3 FROM " . TABLE_PREFIX . "threadfields_data WHERE tid = " . $data->tid);
        //Select Xthreads data
        $tfields = $db->fetch_array($query);
        $thIns = array('fid' => $destForum, 'prefix' => $prefixIDNew, 'subject' => $data->data['subject'], 'icon' => $data->data['icon'], 'uid' => $posterUID, 'username' => $data->data['username'], 'dateline' => TIME_NOW, 'message' => "<b>Username:</b> " . $data->data['username'] . "<br /><b>Example: </b> " . $tfields['example'] . "<br /><b>Example2: </b> " . $tfields['example2'] . " <br /><b>Example3: </b> " . $tfields['example3'] . "<br /><b>Body:</b> " . $data->data['message'], 'ipaddress' => $data->data['ipaddress']);
        $new_thread['options'] = array("signature" => $data->data['options']['signature'], "subscriptionmethod" => $data->data['options']['subscriptionmethod'], "disablesmilies" => $data->data['options']['disablesmilies']);
        $posthandler = new PostDataHandler("insert");
        $posthandler->action = "thread";
        $valid_thread = $posthandler->validate_post();
        $post_errors = array();
        if (!$valid_thread) {
            $post_errors = $posthandler->get_friendly_errors();
        if (count($post_errors) > 0) {
            $thread_errors = inline_error($post_errors);
            $mybb->input['action'] = "newthread";
        } else {
Example #3
 * Create the thread
function createthread()
    global $mybb, $event, $db;
    if ($event['private'] != 1) {
        require_once MYBB_ROOT . "inc/datahandlers/post.php";
        $posthandler = new PostDataHandler("insert");
        $posthandler->action = "thread";
        $posthandler->admin_override = true;
        $uid = $mybb->user['uid'];
        $username = $mybb->user['username'];
        $message = $mybb->input['description'];
        $subject = "[" . $event['start_date']['day'] . '.' . $event['start_date']['month'] . '.' . $event['start_date']['year'] . '] - ' . $db->escape_string($event['name']);
        $new_thread = array("fid" => $mybb->settings['eventcal_id'], "subject" => $subject, "uid" => $uid, "username" => $username, "message" => $message, "ipaddress" => get_ip());
        $validate = $posthandler->validate_thread();
        if ($validate) {
            $tinfo = $posthandler->insert_thread();
        header("Location: showthread.php?tid=" . $tinfo['tid']);
Example #4
         $editreason = iconv($charset, "UTF-8//IGNORE", $editreason);
     } else {
         if (function_exists("mb_convert_encoding")) {
             $message = @mb_convert_encoding($message, $charset, "UTF-8");
             $editreason = @mb_convert_encoding($editreason, $charset, "UTF-8");
         } else {
             if (my_strtolower($charset) == "iso-8859-1") {
                 $message = utf8_decode($message);
                 $editreason = utf8_decode($editreason);
 // Set up posthandler.
 require_once MYBB_ROOT . "inc/datahandlers/post.php";
 $posthandler = new PostDataHandler("update");
 $posthandler->action = "post";
 // Set the post data that came from the input to the $post array.
 $updatepost = array("pid" => $post['pid'], "message" => $message, "editreason" => $editreason, "edit_uid" => $mybb->user['uid']);
 // Now let the post handler do all the hard work.
 if (!$posthandler->validate_post()) {
     $post_errors = $posthandler->get_friendly_errors();
 } else {
     $postinfo = $posthandler->update_post();
     $visible = $postinfo['visible'];
     if ($visible == 0 && !is_moderator($post['fid'], "canviewunapprove")) {
         // Is it the first post?
         if ($thread['firstpost'] == $post['pid']) {
             echo json_encode(array("moderation_thread" => $lang->thread_moderation, 'url' => $mybb->settings['bburl'] . '/' . get_forum_link($thread['fid']), "message" => $post['message']));
Example #5
  * Execute Normal and Inline Thread Moderation
  * @param array Moderation information
  * @param mixed Thread IDs
  * @return boolean true
 function execute_thread_moderation($thread_options, $tids)
     global $db, $mybb;
     $tid = intval($tids[0]);
     // Take the first thread to get thread data from
     $query = $db->simple_select("threads", 'fid', "tid='{$tid}'");
     $thread = $db->fetch_array($query);
     // If deleting threads, only do that
     if ($thread_options['deletethread'] == 1) {
         foreach ($tids as $tid) {
     } else {
         if ($thread_options['mergethreads'] == 1 && count($tids) > 1) {
             $tid_list = implode(',', $tids);
             $options = array('order_by' => 'dateline', 'order_dir' => 'DESC');
             $query = $db->simple_select("threads", 'tid, subject', "tid IN ({$tid_list})", $options);
             // Select threads from newest to oldest
             $last_tid = 0;
             while ($tid = $db->fetch_array($query)) {
                 if ($last_tid != 0) {
                     $this->merge_threads($last_tid, $tid['tid'], $tid['subject']);
                     // And keep merging them until we get down to one thread.
                 $last_tid = $tid['tid'];
         if ($thread_options['deletepoll'] == 1) {
             foreach ($tids as $tid) {
         if ($thread_options['removeredirects'] == 1) {
             foreach ($tids as $tid) {
         if ($thread_options['approvethread'] == 'approve') {
             $this->approve_threads($tids, $thread['fid']);
         } elseif ($thread_options['approvethread'] == 'unapprove') {
             $this->unapprove_threads($tids, $thread['fid']);
         } elseif ($thread_options['approvethread'] == 'toggle') {
             $this->toggle_thread_visibility($tids, $thread['fid']);
         if ($thread_options['openthread'] == 'open') {
         } elseif ($thread_options['openthread'] == 'close') {
         } elseif ($thread_options['openthread'] == 'toggle') {
         if ($thread_options['threadprefix'] != '-1') {
             $this->apply_thread_prefix($tids, $thread_options['threadprefix']);
             // Update thread prefix
         if (my_strtolower(trim($thread_options['newsubject'])) != '{subject}') {
             $this->change_thread_subject($tids, $thread_options['newsubject']);
         if (!empty($thread_options['addreply'])) {
             $tid_list = implode(',', $tids);
             $query = $db->simple_select("threads", 'fid, subject, tid, firstpost, closed', "tid IN ({$tid_list}) AND closed NOT LIKE 'moved|%'");
             require_once MYBB_ROOT . "inc/datahandlers/post.php";
             // Loop threads adding a reply to each one
             while ($thread = $db->fetch_array($query)) {
                 $posthandler = new PostDataHandler("insert");
                 if (empty($thread_options['replysubject'])) {
                     $new_subject = 'RE: ' . $thread['subject'];
                 } else {
                     $new_subject = str_ireplace('{username}', $mybb->user['username'], $thread_options['replysubject']);
                     $new_subject = str_ireplace('{subject}', $thread['subject'], $new_subject);
                 // Set the post data that came from the input to the $post array.
                 $post = array("tid" => $thread['tid'], "replyto" => $thread['firstpost'], "fid" => $thread['fid'], "subject" => $new_subject, "uid" => $mybb->user['uid'], "username" => $mybb->user['username'], "message" => $thread_options['addreply'], "ipaddress" => $db->escape_string(get_ip()));
                 // Set up the post options from the input.
                 $post['options'] = array("signature" => 1, "emailnotify" => 0, "disablesmilies" => 0);
                 if ($thread['closed'] == 1) {
                     // Keep this thread closed
                     $post['modoptions']['closethread'] = 1;
                 if ($posthandler->validate_post($post)) {
         if ($thread_options['movethread'] > 0 && $thread_options['movethread'] != $thread['fid']) {
             if ($thread_options['movethreadredirect'] == 1) {
                 $time = TIME_NOW + $thread_options['movethreadredirectexpire'] * 86400;
                 foreach ($tids as $tid) {
                     $this->move_thread($tid, $thread_options['movethread'], 'redirect', $time);
             } else {
                 $this->move_threads($tids, $thread_options['movethread']);
         if ($thread_options['copythread'] > 0 || $thread_options['copythread'] == -2) {
             if ($thread_options['copythread'] == -2) {
                 $thread_options['copythread'] = $thread['fid'];
             foreach ($tids as $tid) {
                 $new_tid = $this->move_thread($tid, $thread_options['copythread'], 'copy');
     return true;
Example #6
 // If this isn't a logged in user, then we need to do some special validation.
 if ($mybb->user['uid'] == 0) {
     // If they didn't specify a username then give them "Guest"
     if (!$mybb->get_input('username')) {
         $username = $lang->guest;
     } else {
         $username = $mybb->get_input('username');
     $uid = 0;
 } else {
     $username = $mybb->user['username'];
     $uid = $mybb->user['uid'];
 // Set up posthandler.
 require_once MYBB_ROOT . "inc/datahandlers/post.php";
 $posthandler = new PostDataHandler("insert");
 $posthandler->action = "post";
 // Set the post data that came from the input to the $post array.
 $post = array("tid" => $mybb->get_input('tid', MyBB::INPUT_INT), "replyto" => $mybb->get_input('replyto', MyBB::INPUT_INT), "fid" => $thread['fid'], "subject" => $mybb->get_input('subject'), "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), "uid" => $uid, "username" => $username, "message" => $mybb->get_input('message'), "ipaddress" => $session->packedip, "posthash" => $mybb->get_input('posthash'));
 if (isset($mybb->input['pid'])) {
     $post['pid'] = $mybb->get_input('pid', MyBB::INPUT_INT);
 // Now let the post handler do all the hard work.
 $valid_post = $posthandler->verify_message();
 $valid_subject = $posthandler->verify_subject();
 // guest post --> verify author
 if ($post['uid'] == 0) {
     $valid_username = $posthandler->verify_author();
 } else {
     $valid_username = true;
Example #7
function save_raw_post_func($xmlrpc_params)
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
    $input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::INT, 'post_title' => Tapatalk_Input::STRING, 'post_content' => Tapatalk_Input::STRING, 'return_html' => Tapatalk_Input::INT, 'attachment_id_array' => Tapatalk_Input::RAW, 'group_id' => Tapatalk_Input::STRING, 'editreason' => Tapatalk_Input::STRING), $xmlrpc_params);
    $parser = new postParser();
    // No permission for guests
    if (!$mybb->user['uid']) {
        return tt_no_permission();
    // Get post info
    $pid = $input['post_id'];
    $query = $db->simple_select("posts", "*", "pid='{$pid}'");
    $post = $db->fetch_array($query);
    if (empty($input['post_title'])) {
        $input['post_title'] = $post['subject'];
    if (!$post['pid']) {
        return xmlrespfalse($lang->error_invalidpost);
    // Get thread info
    $tid = $post['tid'];
    $thread = get_thread($tid);
    if (!$thread['tid']) {
        return xmlrespfalse($lang->error_invalidthread);
    $thread['subject'] = htmlspecialchars_uni($thread['subject']);
    // Get forum info
    $fid = $post['fid'];
    $forum = get_forum($fid);
    if (!$forum || $forum['type'] != "f") {
        return xmlrespfalse($lang->error_closedinvalidforum);
    if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) {
        return tt_no_permission();
    $forumpermissions = forum_permissions($fid);
    if (!is_moderator($fid, "caneditposts")) {
        if ($thread['closed'] == 1) {
            return xmlrespfalse($lang->redirect_threadclosed);
        if ($forumpermissions['caneditposts'] == 0) {
            return tt_no_permission();
        if ($mybb->user['uid'] != $post['uid']) {
            return tt_no_permission();
        // Edit time limit
        $time = TIME_NOW;
        if ($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < $time - $mybb->settings['edittimelimit'] * 60) {
            $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']);
            return xmlrespfalse($lang->edit_time_limit);
    // Check if this forum is password protected and we have a valid password
    // Set up posthandler.
    require_once MYBB_ROOT . "inc/datahandlers/post.php";
    $posthandler = new PostDataHandler("update");
    $posthandler->action = "post";
    // Set the post data that came from the input to the $post array.
    $post = array("pid" => $pid, "subject" => $input['post_title'], "uid" => $mybb->user['uid'], "username" => $mybb->user['username'], "edit_uid" => $mybb->user['uid'], "message" => $input['post_content']);
    if (version_compare($mybb->version, '1.8.0', '>=') && !empty($input['editreason'])) {
        $post["editreason"] = $input['editreason'];
    // get subscription status
    $query = $db->simple_select("threadsubscriptions", 'notification', "uid='" . intval($mybb->user['uid']) . "' AND tid='" . intval($tid) . "'");
    $substatus = $db->fetch_array($query);
    // Set up the post options from the input.
    $post['options'] = array("signature" => 1, "subscriptionmethod" => isset($substatus['notification']) ? $substatus['notification'] == 1 ? 'instant' : 'none' : '', "disablesmilies" => 0);
    // Now let the post handler do all the hard work.
    if (!$posthandler->validate_post()) {
        $post_errors = $posthandler->get_friendly_errors();
        return xmlrespfalse(implode(" :: ", $post_errors));
    } else {
        $postinfo = $posthandler->update_post();
        $visible = $postinfo['visible'];
        $first_post = $postinfo['first_post'];
        // Help keep our attachments table clean.
        $db->delete_query("attachments", "filename='' OR filesize<1");
        if ($visible == 0 && $first_post && !is_moderator($fid, "", $mybb->user['uid'])) {
            $state = 1;
        } else {
            if ($visible == 0 && !is_moderator($fid, "", $mybb->user['uid'])) {
                $state = 1;
            } else {
                $state = 0;
    $pid = intval($pid);
    if (!empty($input['group_id_esc'])) {
        $db->update_query("attachments", array("pid" => $pid), "posthash='{$input['group_id_esc']}'");
    // update thread attachment account
    if (count($input['attachment_id_array']) > 0) {
        update_thread_counters($tid, array("attachmentcount" => "+" . count($input['attachment_id_array'])));
    $post = get_post($pid);
    $parser_options = array();
    $parser_options['allow_html'] = false;
    $parser_options['allow_mycode'] = true;
    $parser_options['allow_smilies'] = false;
    $parser_options['allow_imgcode'] = true;
    $parser_options['allow_videocode'] = true;
    $parser_options['nl2br'] = (bool) $input['return_html'];
    $parser_options['filter_badwords'] = 1;
    if (!$post['username']) {
        $post['username'] = $lang->guest;
    if ($post['userusername']) {
        $parser_options['me_username'] = $post['userusername'];
    } else {
        $parser_options['me_username'] = $post['username'];
    $post['message'] = $parser->parse_message($post['message'], $parser_options);
    $post['subject'] = $parser->parse_badwords($post['subject']);
    $result = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'state' => new xmlrpcval($state, 'int'), 'post_title' => new xmlrpcval($post['subject'], 'base64'), 'post_content' => new xmlrpcval(process_post($post['message'], $input['return_html']), 'base64')), 'struct');
    return new xmlrpcresp($result);
Example #8
function m_rename_topic_func($xmlrpc_params)
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $modlogdata;
    $input = Tapatalk_Input::filterXmlInput(array('topic_id' => Tapatalk_Input::INT, 'title' => Tapatalk_Input::STRING, 'prefix' => Tapatalk_Input::INT), $xmlrpc_params);
    $parser = new postParser();
    // Get post info
    $thread = get_thread($input['topic_id']);
    if (!$thread['tid']) {
        return xmlrespfalse($lang->error_invalidthread);
    $forumpermissions = forum_permissions($thread['fid']);
    // No permission for guests
    if ($mybb->user['uid'] == 0) {
        return tt_no_permission();
    // Get forum info
    $fid = $thread['fid'];
    $forum = get_forum($fid);
    if (!$forum || $forum['type'] != "f") {
        return xmlrespfalse($lang->error_closedinvalidforum);
    if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) {
        return tt_no_permission();
    if (!is_moderator($fid, "caneditposts")) {
        if ($thread['closed'] == 1) {
            return xmlrespfalse($lang->redirect_threadclosed);
        if ($forumpermissions['caneditposts'] == 0) {
            return tt_no_permission();
        if ($mybb->user['uid'] != $thread['uid']) {
            return tt_no_permission();
        // Edit time limit
        $time = TIME_NOW;
        if ($mybb->settings['edittimelimit'] != 0 && $thread['dateline'] < $time - $mybb->settings['edittimelimit'] * 60) {
            $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']);
            return xmlrespfalse($lang->edit_time_limit);
    // Check if this forum is password protected and we have a valid password
    // Set up posthandler.
    require_once MYBB_ROOT . "inc/datahandlers/post.php";
    $posthandler = new PostDataHandler("update");
    $posthandler->action = "post";
    // Set the post data that came from the input to the $post array.
    $post = array("pid" => $thread['firstpost'], "subject" => $input['title'], "prefix" => $input['prefix']);
    // Now let the post handler do all the hard work.
    if (!$posthandler->validate_post()) {
        $post_errors = $posthandler->get_friendly_errors();
        return xmlrespfalse(implode(" :: ", $post_errors));
    } else {
        $postinfo = $posthandler->update_post();
        $response = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'is_login_mod' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval("", 'base64')), 'struct');
        return new xmlrpcresp($response);
Example #9
  * Updates a thread in the database
  * @param array $data Thread data
  * @param boolean $inline_errors Defines if we want a formatted error string or an array
  * @return array|string 
  * @return array|string When true it will return an array with threadID, postID and status of being visible - false = error array or inline string 
 function updateThread($data, $inline_errors = true)
     if (!isset($data['tid'])) {
         $this->_errorAndDie('Function <i>updateThread</i>: Must pass thread id in array parameter - Required array key is <i>tid</i>');
     // Posthandler is used for a post, so let's fetch the thread-post
     $thread = $this->getThread($data['tid']);
     $data['pid'] = $thread['firstpost'];
     require_once MYBB_ROOT . 'inc/functions_post.php';
     require_once MYBB_ROOT . '/inc/datahandlers/post.php';
     $posthandler = new PostDataHandler('update');
     $posthandler->action = 'post';
     if (!$posthandler->validate_post()) {
         $errors = $posthandler->get_friendly_errors();
         return $inline_errors === true ? inline_error($errors) : $errors;
     return $posthandler->update_post();
             $postoptions_subscriptionmethod_none = "checked=\"checked\"";
         } else {
             if ($mybb->user['subscriptionmethod'] == 2) {
                 $postoptions_subscriptionmethod_instant = "checked=\"checked\"";
             } else {
                 $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
         $numpolloptions = "2";
 // If we're preving a post then generate the preview.
 if ($mybb->input['previewpost']) {
     // Set up posthandler.
     require_once MYBB_ROOT . "inc/datahandlers/post.php";
     $posthandler = new PostDataHandler("insert");
     $posthandler->action = "thread";
     // Set the thread data that came from the input to the $thread array.
     $new_thread = array("fid" => $forum['fid'], "prefix" => $mybb->input['threadprefix'], "subject" => $mybb->input['subject'], "icon" => $mybb->input['icon'], "uid" => $uid, "username" => $username, "message" => $mybb->input['message'], "ipaddress" => get_ip(), "posthash" => $mybb->input['posthash']);
     if ($pid != '') {
         $new_thread['pid'] = $pid;
     // Now let the post handler do all the hard work.
     $valid_thread = $posthandler->verify_message();
     $valid_subject = $posthandler->verify_subject();
     $post_errors = array();
     // Fetch friendly error messages if this is an invalid post
     if (!$valid_thread || !$valid_subject) {
         $post_errors = $posthandler->get_friendly_errors();
Example #11
  * Inserts a thread into the database
  * @param array $data Thread data
  * @param boolean $inline_errors Defines if we want a formatted error string or an array
  * @return array|string 
  * @return array|string When true it will return an array with threadID, postID and status of being visible - false = error array or inline string 
 function createThread($data, $inline_errors = true)
     require_once MYBB_ROOT . 'inc/functions_post.php';
     require_once MYBB_ROOT . '/inc/datahandlers/post.php';
     $posthandler = new PostDataHandler('insert');
     $posthandler->action = 'thread';
     if (!$posthandler->validate_thread()) {
         $errors = $posthandler->get_friendly_errors();
         return $inline_errors === true ? inline_error($errors) : $errors;
     return $posthandler->insert_thread();
Example #12
     require_once 'inc/include_mybb.php';
     $tid = $_POST['tid'];
     $subject = $_POST['subject'];
     $message = $_POST['message'];
     $fid = $_POST['fid'];
     $uid = $_POST['uid'];
     $ip = $_POST['ip'];
     $user = $MyBBI->getUser($uid);
     $username = $user['username'];
     // get id of the first post in the thread
     $query = $MyBBI->db->simple_select("posts", "pid", "tid={$tid} AND replyto=0");
     $pid = $MyBBI->db->fetch_field($query, "pid");
     require_once MYBB_ROOT . "inc/datahandlers/post.php";
     $posthandler = new PostDataHandler("update");
     $posthandler->action = "post";
     $post = array("pid" => $pid, "subject" => $subject, "icon" => -1, "uid" => $uid, "username" => $username, "edit_uid" => '', "message" => $message);
     $post['options'] = array("signature" => $sig ? "yes" : "no", "emailnotify" => "no", "disablesmilies" => "no");
     if (!$posthandler->validate_post()) {
 case 'delete_thread':
     $nonce = $_POST['_wordbbnonce'];
     if (!wordbb_verify_nonce($nonce, 'delete_thread')) {
     $mybb_root = $_POST['wordbb_mybb_abs'];
Example #13
function new_topic_func($xmlrpc_params)
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $thread_info, $pid, $tid, $visible, $fid, $new_thread;
    $input = Tapatalk_Input::filterXmlInput(array('forum_id' => Tapatalk_Input::INT, 'subject' => Tapatalk_Input::STRING, 'message' => Tapatalk_Input::STRING, 'prefix_id' => Tapatalk_Input::STRING, 'attachment_id_array' => Tapatalk_Input::RAW, 'group_id' => Tapatalk_Input::STRING), $xmlrpc_params);
    $fid = $input['forum_id'];
    // Fetch forum information.
    $forum = get_forum($fid);
    if (!$forum) {
        return xmlrespfalse($lang->error_invalidforum);
    $forumpermissions = forum_permissions($fid);
    if ($forum['open'] == 0 || $forum['type'] != "f") {
        return xmlrespfalse($lang->error_closedinvalidforum);
    if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) {
        return tt_no_permission();
    // Check if this forum is password protected and we have a valid password
    // Check the maximum posts per day for this user
    if ($mybb->settings['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1) {
        $daycut = TIME_NOW - 60 * 60 * 24;
        $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}");
        $post_count = $db->fetch_field($query, "posts_today");
        if ($post_count >= $mybb->settings['maxposts']) {
            $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']);
            return xmlrespfalse($lang->error_maxposts);
    $username = $mybb->user['username'];
    $uid = $mybb->user['uid'];
    // Attempt to see if this post is a duplicate or not
    if ($uid > 0) {
        $user_check = "p.uid='{$uid}'";
    } else {
        $user_check = "p.ipaddress='" . $db->escape_string($session->ipaddress) . "'";
    if (!$mybb->input['savedraft'] && !$pid) {
        $query = $db->simple_select("posts p", "p.pid", "{$user_check} AND p.fid='{$forum['fid']}' AND p.subject='{$input['subject_esc']}' AND p.message='{$input['message_esc']}'");
        $duplicate_check = $db->fetch_field($query, "pid");
        if ($duplicate_check) {
            return xmlrespfalse($lang->error_post_already_submitted);
    // Set up posthandler.
    require_once MYBB_ROOT . "inc/datahandlers/post.php";
    $posthandler = new PostDataHandler("insert");
    $posthandler->action = "thread";
    // Set the thread data that came from the input to the $thread array.
    $new_thread = array("fid" => $forum['fid'], "subject" => $input['subject'], "prefix" => $input['prefix_id'], "icon" => 0, "uid" => $uid, "username" => $username, "message" => $input['message'], "ipaddress" => get_ip(), "posthash" => $input['group_id_esc']);
    $new_thread['savedraft'] = 0;
    // Set up the thread options from the input.
    $new_thread['options'] = array("signature" => 1, "subscriptionmethod" => $mybb->user['subscriptionmethod'] == 0 ? '' : $mybb->user['subscriptionmethod'], "disablesmilies" => 0);
    // Now let the post handler do all the hard work.
    $valid_thread = $posthandler->validate_thread();
    $post_errors = array();
    // Fetch friendly error messages if this is an invalid thread
    if (!$valid_thread) {
        $post_errors = $posthandler->get_friendly_errors();
        return xmlrespfalse(implode(" :: ", $post_errors));
    $thread_info = $posthandler->insert_thread();
    $tid = $thread_info['tid'];
    $pid = $thread_info['pid'];
    $visible = $thread_info['visible'];
    if ($pid != '') {
        if (!empty($input['group_id_esc'])) {
            $db->update_query("attachments", array("pid" => intval($pid)), "posthash='{$input['group_id_esc']}'");
    // Mark thread as read
    require_once MYBB_ROOT . "inc/functions_indicators.php";
    mark_thread_read($tid, $fid);
    $result = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'topic_id' => new xmlrpcval($tid, 'string'), 'state' => new xmlrpcval($visible ? 0 : 1, 'int')), 'struct');
    return new xmlrpcresp($result);
Example #14
function reply_post_func($xmlrpc_params)
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $tid, $pid, $visible, $thread, $post;
    $input = Tapatalk_Input::filterXmlInput(array('forum_id' => Tapatalk_Input::INT, 'topic_id' => Tapatalk_Input::INT, 'subject' => Tapatalk_Input::STRING, 'text_body' => Tapatalk_Input::STRING, 'attachment_id_array' => Tapatalk_Input::RAW, 'group_id' => Tapatalk_Input::STRING, 'return_html' => Tapatalk_Input::INT), $xmlrpc_params);
    $parser = new Tapatalk_Parser();
    $tid = $input['topic_id'];
    $options = array("limit" => 1);
    $query = $db->simple_select("threads", "*", "tid='" . $tid . "'");
    if ($db->num_rows($query) == 0) {
        return xmlrespfalse($lang->error_invalidthread);
    $thread = $db->fetch_array($query);
    $fid = $thread['fid'];
    // Get forum info
    $forum = get_forum($fid);
    if (!$forum) {
        return xmlrespfalse($lang->error_invalidforum);
    $forumpermissions = forum_permissions($fid);
    if ($thread['visible'] == 0 && !is_moderator($fid) || $thread['visible'] < 0) {
        return xmlrespfalse($lang->error_invalidthread);
    if ($forum['open'] == 0 || $forum['type'] != "f") {
        return xmlrespfalse($lang->error_closedinvalidforum);
    if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0 || $mybb->user['suspendposting'] == 1) {
        return tt_no_permission();
    if ($forumpermissions['canonlyviewthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) {
        return tt_no_permission();
    // Check to see if the thread is closed, and if the user is a mod.
    if (!is_moderator($fid, "caneditposts")) {
        if ($thread['closed'] == 1) {
            return xmlrespfalse($lang->redirect_threadclosed);
    // Is the currently logged in user a moderator of this forum?
    if (is_moderator($fid)) {
        $ismod = true;
    } else {
        $ismod = false;
    if (!empty($input['group_id'])) {
        $posthash = $input['group_id'];
    } else {
        $posthash = md5($thread['tid'] . $mybb->user['uid'] . random_str());
    if ($mybb->settings['maxposts'] > 0 && $mybb->usergroup['cancp'] != 1) {
        $daycut = TIME_NOW - 60 * 60 * 24;
        $query = $db->simple_select("posts", "COUNT(*) AS posts_today", "uid='{$mybb->user['uid']}' AND visible='1' AND dateline>{$daycut}");
        $post_count = $db->fetch_field($query, "posts_today");
        if ($post_count >= $mybb->settings['maxposts']) {
            $lang->error_maxposts = $lang->sprintf($lang->error_maxposts, $mybb->settings['maxposts']);
            return xmlrespfalse($lang->error_maxposts);
    $username = $mybb->user['username'];
    $uid = $mybb->user['uid'];
    $user_check = "p.uid='{$uid}'";
    if (version_compare($mybb->version, '1.8.0', '<')) {
        $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='" . $db->escape_string($mybb->input['subject']) . "' AND p.message='" . $db->escape_string($mybb->input['message']) . "' AND p.posthash='" . $db->escape_string($mybb->input['posthash']) . "' AND p.visible != '-2'");
    } else {
        $query = $db->simple_select("posts p", "p.pid, p.visible", "{$user_check} AND p.tid='{$thread['tid']}' AND p.subject='" . $db->escape_string($mybb->get_input('subject')) . "' AND p.message='" . $db->escape_string($mybb->get_input('message')) . "' AND p.visible != '-2' AND p.dateline>" . (TIME_NOW - 600));
    $duplicate_check = $db->fetch_field($query, "pid");
    if ($duplicate_check) {
        return xmlrespfalse($lang->error_post_already_submitted);
    require_once MYBB_ROOT . "inc/datahandlers/post.php";
    $posthandler = new PostDataHandler("insert");
    $post = array("tid" => $input['topic_id'], "replyto" => 0, "fid" => $thread['fid'], "subject" => $input['subject'], "icon" => 0, "uid" => $uid, "username" => $username, "message" => $input['text_body'], "ipaddress" => get_ip(), "posthash" => $posthash);
    if ($mybb->input['pid']) {
        $post['pid'] = $mybb->input['pid'];
    $post['savedraft'] = 0;
    // Set up the post options from the input.
    $post['options'] = array("signature" => 1, "subscriptionmethod" => $mybb->user['subscriptionmethod'] == 0 ? '' : $mybb->user['subscriptionmethod'], "disablesmilies" => 0);
    $post['modoptions']['stickthread'] = $thread['sticky'];
    $post['modoptions']['closethread'] = $thread['closed'];
    // Now let the post handler do all the hard work.
    $valid_post = $posthandler->validate_post();
    $post_errors = array();
    // Fetch friendly error messages if this is an invalid post
    if (!$valid_post) {
        $post_errors = $posthandler->get_friendly_errors();
    // Mark thread as read
    require_once MYBB_ROOT . "inc/functions_indicators.php";
    mark_thread_read($tid, $fid);
    // One or more errors returned, fetch error list and throw to newreply page
    if (count($post_errors) > 0) {
        return xmlrespfalse(implode(" :: ", $post_errors));
    } else {
        $postinfo = $posthandler->insert_post();
        $pid = $postinfo['pid'];
        $visible = $postinfo['visible'];
        // Deciding the fate
        if ($visible == -2) {
            $state = 1;
        } elseif ($visible == 1) {
            $state = 0;
        } else {
            $state = 1;
    $pid = intval($pid);
    if (!empty($input['group_id_esc'])) {
        $db->update_query("attachments", array("pid" => $pid), "posthash='{$input['group_id_esc']}'");
    // update thread attachment account
    if (count($input['attachment_id_array']) > 0) {
        update_thread_counters($tid, array("attachmentcount" => "+" . count($input['attachment_id_array'])));
    $post = get_post($pid);
    $parser_options = array();
    $parser_options['allow_html'] = false;
    $parser_options['allow_mycode'] = true;
    $parser_options['allow_smilies'] = false;
    $parser_options['allow_imgcode'] = true;
    $parser_options['allow_videocode'] = true;
    $parser_options['nl2br'] = (bool) $input['return_html'];
    $parser_options['filter_badwords'] = 1;
    if (!$post['username']) {
        $post['username'] = $lang->guest;
    if ($post['userusername']) {
        $parser_options['me_username'] = $post['userusername'];
    } else {
        $parser_options['me_username'] = $post['username'];
    $post['message'] = post_bbcode_clean($post['message']);
    $post['message'] = $parser->parse_message($post['message'], $parser_options);
    global $attachcache;
    $attachcache = array();
    if ($thread['attachmentcount'] > 0) {
        // Now lets fetch all of the attachments for these posts.
        $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
        while ($attachment = $db->fetch_array($query)) {
            $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
    $attachment_list = process_post_attachments($post['pid'], $post);
    $can_delete = 0;
    if ($mybb->user['uid'] == $post['uid']) {
        if ($forumpermissions['candeletethreads'] == 1 && $postcounter == 1) {
            $can_delete = 1;
        } else {
            if ($forumpermissions['candeleteposts'] == 1 && $postcounter != 1) {
                $can_delete = 1;
    $can_delete = (is_moderator($fid, "candeleteposts") || $can_delete == 1) && $mybb->user['uid'] != 0;
    $result = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'post_id' => new xmlrpcval($postinfo['pid'], 'string'), 'state' => new xmlrpcval($state, 'int'), 'post_author_id' => new xmlrpcval($mybb->user['uid'], 'string'), 'post_author_name' => new xmlrpcval(basic_clean($mybb->user['username']), 'base64'), 'icon_url' => new xmlrpcval(absolute_url($mybb->user['avatar']), 'string'), 'post_content' => new xmlrpcval(process_post($post['message'], $input['return_html']), 'base64'), 'can_edit' => new xmlrpcval(is_moderator($fid, "caneditposts") || $thread['closed'] == 0 && $forumpermissions['caneditposts'] == 1, 'boolean'), 'can_delete' => new xmlrpcval($can_delete, 'boolean'), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode(TIME_NOW), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval(TIME_NOW, 'string'), 'attachments' => new xmlrpcval($attachment_list, 'array')), 'struct');
    return new xmlrpcresp($result);
Example #15
function reportthread_dopost()
    require_once MYBB_ROOT . "inc/datahandlers/post.php";
    global $db, $mybb;
    if (intval($mybb->settings['rtt_enabled']) == 1 || preg_replace("/[^a-z]/i", "", $mybb->settings['rtt_enabled']) == "yes") {
        if ($mybb->input['type'] == 'post') {
            $title = "Reported Post By ";
            $post = get_post($mybb->input['pid']);
            $thread = get_thread($post['tid']);
            $forum = get_forum($thread['fid']);
            $tlink = get_thread_link($thread['tid']);
            $flink = get_forum_link($thread['fid']);
            $reason = $mybb->input['reason'];
            if ($reason === 'other') {
                $reason = $mybb->input['comment'];
            $post_data = $mybb->user['username'] . " has reported a post.\r\n\r\nOriginal Thread: [url=" . $mybb->settings['bburl'] . "/{$tlink}]" . $thread['subject'] . "[/url]\r\nForum: [url=" . $mybb->settings['bburl'] . "/{$flink}]" . $forum['name'] . "[/url]\r\n\r\nReason Given:\r\n[quote=\"" . $mybb->user['username'] . "\" dateline=\"" . time() . "\"]" . $reason . "[/quote]\r\n\r\nPost Content:\r\n[quote=\"" . $post['username'] . "\" pid=\"" . $post['pid'] . "\" dateline=\"" . $post['dateline'] . "\"]" . $post['message'] . "[/quote]";
        } else {
            if ($mybb->input['type'] == 'reputation') {
                $title = "Reported Reputation By ";
                $rep = get_reputation_point($mybb->input['pid']);
                $giver = get_user($rep['adduid']);
                $reason = $mybb->input['reason'];
                if ($reason === 'other') {
                    $reason = $mybb->input['comment'];
                $post_data = $mybb->user['username'] . " has reported a reputation point.\r\n\r\nReason Given:\r\n[quote=\"" . $mybb->user['username'] . "\" dateline=\"" . time() . "\"]" . $reason . "[/quote]\r\n\r\nReputation comment:\r\n[quote=\"" . $giver['username'] . "\" dateline=\"" . $rep['dateline'] . "\"]" . $rep['comments'] . "[/quote]";
        $new_thread = array("fid" => $mybb->settings['rtt_fid'], "prefix" => 0, "subject" => $title . $mybb->user['username'], "icon" => 0, "uid" => $mybb->user['uid'], "username" => $mybb->user['username'], "message" => $post_data, "ipaddress" => get_ip(), "posthash" => md5($mybb->user['uid'] . random_str()));
        $posthandler = new PostDataHandler("insert");
        $posthandler->action = "thread";
        if ($posthandler->validate_thread()) {
            $thread_info = $posthandler->insert_thread();