function kbPreview($sub) { global $context, $smcFunc, $sourcedir; require_once $sourcedir . '/Subs-Editor.php'; $context['title'] = isset($_REQUEST['title']) ? $smcFunc['htmlspecialchars']($_REQUEST['title']) : ''; $context['body'] = isset($_REQUEST['description']) ? str_replace(array(' '), array(' '), $smcFunc['htmlspecialchars']($_REQUEST['description'])) : ''; $editorOptions = array('id' => 'description', 'value' => !empty($context['body']) ? $context['body'] : '', 'width' => '90%'); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; $context['sub_template'] = $sub; }
function ShowAnnouncements() { global $context, $txt, $sourcedir, $ultimateportalSettings; if (!isset($_POST['save'])) { checkSession('get'); } if (isset($_POST['save'])) { checkSession('post'); $configUltimatePortalVar['up_news_global_announcement'] = censorText($_POST['up_news_global_announcement']); updateUltimatePortalSettings($configUltimatePortalVar, 'config_up_news'); } // Needed for the editor and message icons. require_once $sourcedir . '/Subs-Editor.php'; // Now create the editor. $editorOptions = array('id' => 'up_news_global_announcement', 'value' => $ultimateportalSettings['up_news_global_announcement'], 'form' => 'newsform'); create_control_richedit($editorOptions); // Store the ID. $context['post_box_name'] = $editorOptions['id']; $context['sub_template'] = 'announcement'; $context['page_title'] = $txt['ultport_admin_news_title'] . ' - ' . $txt['ultport_admin_announcements_title'] . ' - ' . $txt['ultport_admin_module_title2']; }
/** * Shows a form to edit a forum mailing and its recipients. * Called by ?action=admin;area=news;sa=mailingcompose. * Requires the send_mail permission. * Form is submitted to ?action=admin;area=news;sa=mailingsend. * * @uses ManageNews template, email_members_compose sub-template. */ function ComposeMailing() { global $txt, $sourcedir, $context, $smcFunc, $scripturl, $modSettings; // Setup the template! $context['page_title'] = $txt['admin_newsletters']; $context['sub_template'] = 'email_members_compose'; $context['subject'] = !empty($_POST['subject']) ? $_POST['subject'] : htmlspecialchars($context['forum_name'] . ': ' . $txt['subject']); $context['message'] = !empty($_POST['message']) ? $_POST['message'] : htmlspecialchars($txt['message'] . "\n\n" . $txt['regards_team'] . "\n\n" . '{$board_url}'); // Needed for the WYSIWYG editor. require_once $sourcedir . '/Subs-Editor.php'; // Now create the editor. $editorOptions = array('id' => 'message', 'value' => $context['message'], 'height' => '175px', 'width' => '100%', 'labels' => array('post_button' => $txt['sendtopic_send']), 'preview_type' => 2); create_control_richedit($editorOptions); // Store the ID for old compatibility. $context['post_box_name'] = $editorOptions['id']; if (isset($context['preview'])) { require_once $sourcedir . '/Subs-Post.php'; $context['recipients']['members'] = !empty($_POST['members']) ? explode(',', $_POST['members']) : array(); $context['recipients']['exclude_members'] = !empty($_POST['exclude_members']) ? explode(',', $_POST['exclude_members']) : array(); $context['recipients']['groups'] = !empty($_POST['groups']) ? explode(',', $_POST['groups']) : array(); $context['recipients']['exclude_groups'] = !empty($_POST['exclude_groups']) ? explode(',', $_POST['exclude_groups']) : array(); $context['recipients']['emails'] = !empty($_POST['emails']) ? explode(';', $_POST['emails']) : array(); $context['email_force'] = !empty($_POST['email_force']) ? 1 : 0; $context['total_emails'] = !empty($_POST['total_emails']) ? (int) $_POST['total_emails'] : 0; $context['max_id_member'] = !empty($_POST['max_id_member']) ? (int) $_POST['max_id_member'] : 0; $context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0; $context['send_html'] = !empty($_POST['send_html']) ? '1' : '0'; return prepareMailingForPreview(); } // Start by finding any members! $toClean = array(); if (!empty($_POST['members'])) { $toClean[] = 'members'; } if (!empty($_POST['exclude_members'])) { $toClean[] = 'exclude_members'; } if (!empty($toClean)) { require_once $sourcedir . '/Subs-Auth.php'; foreach ($toClean as $type) { // Remove the quotes. $_POST[$type] = strtr($_POST[$type], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $_POST[$type], $matches); $_POST[$type] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST[$type])))); foreach ($_POST[$type] as $index => $member) { if (strlen(trim($member)) > 0) { $_POST[$type][$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($member))); } else { unset($_POST[$type][$index]); } } // Find the members $_POST[$type] = implode(',', array_keys(findMembers($_POST[$type]))); } } if (isset($_POST['member_list']) && is_array($_POST['member_list'])) { $members = array(); foreach ($_POST['member_list'] as $member_id) { $members[] = (int) $member_id; } $_POST['members'] = implode(',', $members); } if (isset($_POST['exclude_member_list']) && is_array($_POST['exclude_member_list'])) { $members = array(); foreach ($_POST['exclude_member_list'] as $member_id) { $members[] = (int) $member_id; } $_POST['exclude_members'] = implode(',', $members); } // Clean the other vars. SendMailing(true); // We need a couple strings from the email template file loadLanguage('EmailTemplates'); // Get a list of all full banned users. Use their Username and email to find them. Only get the ones that can't login to turn off notification. $request = $smcFunc['db_query']('', ' SELECT DISTINCT mem.id_member FROM {db_prefix}ban_groups AS bg INNER JOIN {db_prefix}ban_items AS bi ON (bg.id_ban_group = bi.id_ban_group) INNER JOIN {db_prefix}members AS mem ON (bi.id_member = mem.id_member) WHERE (bg.cannot_access = {int:cannot_access} OR bg.cannot_login = {int:cannot_login}) AND (bg.expire_time IS NULL OR bg.expire_time > {int:current_time})', array('cannot_access' => 1, 'cannot_login' => 1, 'current_time' => time())); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['recipients']['exclude_members'][] = $row['id_member']; } $smcFunc['db_free_result']($request); $request = $smcFunc['db_query']('', ' SELECT DISTINCT bi.email_address FROM {db_prefix}ban_items AS bi INNER JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group) WHERE (bg.cannot_access = {int:cannot_access} OR bg.cannot_login = {int:cannot_login}) AND (COALESCE(bg.expire_time, 1=1) OR bg.expire_time > {int:current_time}) AND bi.email_address != {string:blank_string}', array('cannot_access' => 1, 'cannot_login' => 1, 'current_time' => time(), 'blank_string' => '')); $condition_array = array(); $condition_array_params = array(); $count = 0; while ($row = $smcFunc['db_fetch_assoc']($request)) { $condition_array[] = '{string:email_' . $count . '}'; $condition_array_params['email_' . $count++] = $row['email_address']; } $smcFunc['db_free_result']($request); if (!empty($condition_array)) { $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}members WHERE email_address IN(' . implode(', ', $condition_array) . ')', $condition_array_params); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['recipients']['exclude_members'][] = $row['id_member']; } $smcFunc['db_free_result']($request); } // Did they select moderators - if so add them as specific members... if (!empty($context['recipients']['groups']) && in_array(3, $context['recipients']['groups']) || !empty($context['recipients']['exclude_groups']) && in_array(3, $context['recipients']['exclude_groups'])) { $request = $smcFunc['db_query']('', ' SELECT DISTINCT mem.id_member AS identifier FROM {db_prefix}members AS mem INNER JOIN {db_prefix}moderators AS mods ON (mods.id_member = mem.id_member) WHERE mem.is_activated = {int:is_activated}', array('is_activated' => 1)); while ($row = $smcFunc['db_fetch_assoc']($request)) { if (in_array(3, $context['recipients'])) { $context['recipients']['exclude_members'][] = $row['identifier']; } else { $context['recipients']['members'][] = $row['identifier']; } } $smcFunc['db_free_result']($request); } // For progress bar! $context['total_emails'] = count($context['recipients']['emails']); $request = $smcFunc['db_query']('', ' SELECT MAX(id_member) FROM {db_prefix}members', array()); list($context['max_id_member']) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Clean up the arrays. $context['recipients']['members'] = array_unique($context['recipients']['members']); $context['recipients']['exclude_members'] = array_unique($context['recipients']['exclude_members']); }
/** * An error in the message... * * @param $error_types * @param $named_recipients * @param $recipient_ids */ function messagePostError($error_types, $named_recipients, $recipient_ids = array()) { global $txt, $context, $scripturl, $modSettings; global $smcFunc, $user_info, $sourcedir; if (!isset($_REQUEST['xml'])) { $context['menu_data_' . $context['pm_menu_id']]['current_area'] = 'send'; } if (!WIRELESS && !isset($_REQUEST['xml'])) { $context['sub_template'] = 'send'; } elseif (isset($_REQUEST['xml'])) { $context['sub_template'] = 'pm'; } $context['page_title'] = $txt['send_message']; // Got some known members? $context['recipients'] = array('to' => array(), 'bcc' => array()); if (!empty($recipient_ids['to']) || !empty($recipient_ids['bcc'])) { $allRecipients = array_merge($recipient_ids['to'], $recipient_ids['bcc']); $request = $smcFunc['db_query']('', ' SELECT id_member, real_name FROM {db_prefix}members WHERE id_member IN ({array_int:member_list})', array('member_list' => $allRecipients)); while ($row = $smcFunc['db_fetch_assoc']($request)) { $recipientType = in_array($row['id_member'], $recipient_ids['bcc']) ? 'bcc' : 'to'; $context['recipients'][$recipientType][] = array('id' => $row['id_member'], 'name' => $row['real_name']); } $smcFunc['db_free_result']($request); } // Set everything up like before.... $context['subject'] = isset($_REQUEST['subject']) ? $smcFunc['htmlspecialchars']($_REQUEST['subject']) : ''; $context['message'] = isset($_REQUEST['message']) ? str_replace(array(' '), array(' '), $smcFunc['htmlspecialchars']($_REQUEST['message'])) : ''; $context['copy_to_outbox'] = !empty($_REQUEST['outbox']); $context['reply'] = !empty($_REQUEST['replied_to']); if ($context['reply']) { $_REQUEST['replied_to'] = (int) $_REQUEST['replied_to']; $request = $smcFunc['db_query']('', ' SELECT pm.id_pm, CASE WHEN pm.id_pm_head = {int:no_id_pm_head} THEN pm.id_pm ELSE pm.id_pm_head END AS pm_head, pm.body, pm.subject, pm.msgtime, mem.member_name, IFNULL(mem.id_member, 0) AS id_member, IFNULL(mem.real_name, pm.from_name) AS real_name FROM {db_prefix}personal_messages AS pm' . ($context['folder'] == 'sent' ? '' : ' INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = {int:replied_to})') . ' LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = pm.id_member_from) WHERE pm.id_pm = {int:replied_to}' . ($context['folder'] == 'sent' ? ' AND pm.id_member_from = {int:current_member}' : ' AND pmr.id_member = {int:current_member}') . ' LIMIT 1', array('current_member' => $user_info['id'], 'no_id_pm_head' => 0, 'replied_to' => $_REQUEST['replied_to'])); if ($smcFunc['db_num_rows']($request) == 0) { if (!isset($_REQUEST['xml'])) { fatal_lang_error('pm_not_yours', false); } else { $error_types[] = 'pm_not_yours'; } } $row_quoted = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); censorText($row_quoted['subject']); censorText($row_quoted['body']); $context['quoted_message'] = array('id' => $row_quoted['id_pm'], 'pm_head' => $row_quoted['pm_head'], 'member' => array('name' => $row_quoted['real_name'], 'username' => $row_quoted['member_name'], 'id' => $row_quoted['id_member'], 'href' => !empty($row_quoted['id_member']) ? $scripturl . '?action=profile;u=' . $row_quoted['id_member'] : '', 'link' => !empty($row_quoted['id_member']) ? '<a href="' . $scripturl . '?action=profile;u=' . $row_quoted['id_member'] . '">' . $row_quoted['real_name'] . '</a>' : $row_quoted['real_name']), 'subject' => $row_quoted['subject'], 'time' => timeformat($row_quoted['msgtime']), 'timestamp' => forum_time(true, $row_quoted['msgtime']), 'body' => parse_bbc($row_quoted['body'], true, 'pm' . $row_quoted['id_pm'])); } // Build the link tree.... $context['linktree'][] = array('url' => $scripturl . '?action=pm;sa=send', 'name' => $txt['new_message']); // Set each of the errors for the template. loadLanguage('Errors'); $context['error_type'] = 'minor'; $context['post_error'] = array('messages' => array(), 'error_type' => ''); foreach ($error_types as $error_type) { $context['post_error'][$error_type] = true; if (isset($txt['error_' . $error_type])) { if ($error_type == 'long_message') { $txt['error_' . $error_type] = sprintf($txt['error_' . $error_type], $modSettings['max_messageLength']); } $context['post_error']['messages'][] = $txt['error_' . $error_type]; } // If it's not a minor error flag it as such. if (!in_array($error_type, array('new_reply', 'not_approved', 'new_replies', 'old_topic', 'need_qr_verification', 'no_subject'))) { $context['error_type'] = 'serious'; } } // Need to reset draft capability once again $context['drafts_pm_save'] = !empty($modSettings['drafts_pm_enabled']) && allowedTo('pm_draft'); $context['drafts_autosave'] = !empty($context['drafts_pm_save']) && !empty($modSettings['drafts_autosave_enabled']) && allowedTo('pm_autosave_draft'); // We need to load the editor once more. require_once $sourcedir . '/Subs-Editor.php'; // Create it... $editorOptions = array('id' => 'message', 'value' => $context['message'], 'width' => '90%', 'labels' => array('post_button' => $txt['send_message']), 'preview_type' => 2); create_control_richedit($editorOptions); // ... and store the ID again... $context['post_box_name'] = $editorOptions['id']; // Check whether we need to show the code again. $context['require_verification'] = !$user_info['is_admin'] && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']; if ($context['require_verification'] && !isset($_REQUEST['xml'])) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'pm'); $context['require_verification'] = create_control_verification($verificationOptions); $context['visual_verification_id'] = $verificationOptions['id']; } $context['to_value'] = empty($named_recipients['to']) ? '' : '"' . implode('", "', $named_recipients['to']) . '"'; $context['bcc_value'] = empty($named_recipients['bcc']) ? '' : '"' . implode('", "', $named_recipients['bcc']) . '"'; // No check for the previous submission is needed. checkSubmitOnce('free'); // Acquire a new form sequence number. checkSubmitOnce('register'); }
function TP_prebbcbox($id, $body = '') { global $sourcedir; require_once $sourcedir . '/Subs-Editor.php'; $editorOptions = array('id' => $id, 'value' => $body, 'preview_type' => 2, 'height' => '300px', 'width' => '100%'); create_control_richedit($editorOptions); }
function getEditor($description = '') { global $sourcedir, $context; // Needed for the WYSIWYG editor. require_once $sourcedir . '/Subs-Editor.php'; // Now create the editor. $editorOptions = array('id' => 'descript', 'value' => $description, 'width' => '97%', 'form' => 'picform', 'labels' => array('post_button' => '')); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; }
/** * load the article editor by article type. * field: name of a input element. * content: the content in the editor or empty. */ function PortaMx_EditArticle($type, $field, $content) { global $context, $sourcedir, $boardurl, $modSettings, $user_info, $options, $smcFunc, $txt; // for html blocks if ($type == 'html') { loadJavascriptFile($boardurl . '/ckeditor/ckeditor.js', array('external' => true)); $context['pmx']['htmledit'] = array('id' => 'content', 'content' => $content); } else { if ($type == 'script') { addInlineCss(' textarea{min-height:100px;resize:vertical;}'); $context['pmx']['script'] = array('id' => 'content', 'value' => !empty($content) ? $content : '', 'width' => '100%', 'height' => '150px'); } elseif ($type == 'php') { addInlineCss(' textarea{min-height:100px;}'); if (preg_match('~\\[\\?pmx_initphp(.*)pmx_initphp\\?\\]~is', $content, $match)) { $cont = trim($match[1]); } else { $cont = ''; } $context['pmx']['phpInit'] = array('id' => 'content_init', 'value' => $smcFunc['htmlspecialchars']($cont, ENT_NOQUOTES), 'width' => '100%', 'height' => '150px', 'havecont' => !empty($cont)); if (preg_match('~\\[\\?pmx_showphp(.*)pmx_showphp\\?\\]~is', $content, $match)) { $cont = trim($match[1]); } else { $cont = $content; } $context['pmx']['phpShow'] = array('id' => 'content', 'value' => $smcFunc['htmlspecialchars']($cont, ENT_NOQUOTES), 'width' => '100%', 'height' => '150px', 'havecont' => !empty($cont)); } else { // Let's load the SMF editor. require_once $sourcedir . '/Subs-Editor.php'; $user_info['smiley_set'] = 'PortaMx'; $modSettings['smiley_enable'] = true; $options['wysiwyg_default'] = true; $editorOptions = array('id' => 'content', 'value' => !empty($content) ? $content : '', 'width' => '100%', 'height' => '200px', 'labels' => array(), 'preview_type' => 0, 'bbc_level' => 'full', 'disable_smiley_box' => 0, 'locale' => !empty($txt['lang_locale']) && substr($txt['lang_locale'], 0, 5) != 'en_US' ? $txt['lang_locale'] : '', 'form' => 'pxmedit'); create_control_richedit($editorOptions); $context['pmx']['editorID'] = $editorOptions['id']; } } }
function char_template_edit() { global $context, $txt, $sourcedir, $smcFunc; require_once $sourcedir . '/Subs-Post.php'; require_once $sourcedir . '/Subs-Editor.php'; $template_id = isset($_GET['template_id']) ? (int) $_GET['template_id'] : 0; $request = $smcFunc['db_query']('', ' SELECT id_template, template_name, template FROM {db_prefix}character_sheet_templates WHERE id_template = {int:template}', ['template' => $template_id]); $row = $smcFunc['db_fetch_assoc']($request); if (empty($row)) { redirectexit('action=admin;area=templates'); } $context['template_id'] = $template_id; $context['template_name'] = $row['template_name']; // Now create the editor. $editorOptions = ['id' => 'message', 'value' => un_preparsecode($row['template']), 'labels' => ['post_button' => $txt['save']], 'height' => '500px', 'width' => '100%', 'preview_type' => 0, 'required' => true]; create_control_richedit($editorOptions); $context['page_title'] = $txt['char_templates_edit']; $context['sub_template'] = 'char_template_edit'; loadTemplate('Admin-Chars'); }
/** * Handles showing the post screen, loading the post to be modified, and loading any post quoted. * * - additionally handles previews of posts. * - requires different permissions depending on the actions, but most notably post_new, post_reply_own, and post_reply_any. * - shows options for the editing and posting of calendar events and attachments, as well as the posting of polls. * - accessed from ?action=post. * * @uses the Post template and language file, main sub template. */ public function action_post() { global $txt, $scripturl, $topic, $modSettings, $board, $user_info, $context, $options; loadLanguage('Post'); loadLanguage('Errors'); require_once SOURCEDIR . '/AttachmentErrorContext.class.php'; // You can't reply with a poll... hacker. if (isset($_REQUEST['poll']) && !empty($topic) && !isset($_REQUEST['msg'])) { unset($_REQUEST['poll']); } $post_errors = Error_Context::context('post', 1); $attach_errors = Attachment_Error_Context::context(); $attach_errors->activate(); $first_subject = ''; // Posting an event? $context['make_event'] = isset($_REQUEST['calendar']); $context['robot_no_index'] = true; $template_layers = Template_Layers::getInstance(); $template_layers->add('postarea'); // You must be posting to *some* board. if (empty($board) && !$context['make_event']) { fatal_lang_error('no_board', false); } if ($context['make_event']) { $template_layers->add('make_event'); } // All those wonderful modifiers and attachments $template_layers->add('additional_options', 200); require_once SUBSDIR . '/Post.subs.php'; require_once SUBSDIR . '/Messages.subs.php'; require_once SUBSDIR . '/Topic.subs.php'; if (isset($_REQUEST['xml'])) { $context['sub_template'] = 'post'; // Just in case of an earlier error... $context['preview_message'] = ''; $context['preview_subject'] = ''; } if (!empty($modSettings['mentions_enabled']) && !empty($_REQUEST['uid'])) { $context['member_ids'] = array_unique(array_map('intval', $_REQUEST['uid'])); } // No message is complete without a topic. if (empty($topic) && !empty($_REQUEST['msg'])) { $topic = associatedTopic((int) $_REQUEST['msg']); if (empty($topic)) { unset($_REQUEST['msg'], $_POST['msg'], $_GET['msg']); } } // Check if it's locked. It isn't locked if no topic is specified. if (!empty($topic)) { list($locked, $context['notify'], $sticky, $pollID, $context['topic_last_message'], $id_member_poster, $id_first_msg, $first_subject, $lastPostTime) = array_values(topicUserAttributes($topic, $user_info['id'])); // If this topic already has a poll, they sure can't add another. if (isset($_REQUEST['poll']) && $pollID > 0) { unset($_REQUEST['poll']); } if (empty($_REQUEST['msg'])) { if ($user_info['is_guest'] && !allowedTo('post_reply_any') && (!$modSettings['postmod_active'] || !allowedTo('post_unapproved_replies_any'))) { is_not_guest(); } // By default the reply will be approved... $context['becomes_approved'] = true; if ($id_member_poster != $user_info['id']) { if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_any') && !allowedTo('post_reply_any')) { $context['becomes_approved'] = false; } else { isAllowedTo('post_reply_any'); } } elseif (!allowedTo('post_reply_any')) { if ($modSettings['postmod_active']) { if (allowedTo('post_unapproved_replies_own') && !allowedTo('post_reply_own')) { $context['becomes_approved'] = false; } elseif ($user_info['is_guest'] && allowedTo('post_unapproved_replies_any')) { $context['becomes_approved'] = false; } else { isAllowedTo('post_reply_own'); } } else { isAllowedTo('post_reply_own'); } } } else { $context['becomes_approved'] = true; } $context['can_lock'] = allowedTo('lock_any') || $user_info['id'] == $id_member_poster && allowedTo('lock_own'); $context['can_sticky'] = allowedTo('make_sticky') && !empty($modSettings['enableStickyTopics']); $context['notify'] = !empty($context['notify']); $context['sticky'] = isset($_REQUEST['sticky']) ? !empty($_REQUEST['sticky']) : $sticky; // It's a new reply if (empty($_REQUEST['msg'])) { $context['can_add_poll'] = false; } else { $context['can_add_poll'] = (allowedTo('poll_add_any') || !empty($_REQUEST['msg']) && $id_first_msg == $_REQUEST['msg'] && allowedTo('poll_add_own')) && !empty($modSettings['pollMode']) && $pollID <= 0; } } else { $context['becomes_approved'] = true; if (!$context['make_event'] || !empty($board)) { if ($modSettings['postmod_active'] && !allowedTo('post_new') && allowedTo('post_unapproved_topics')) { $context['becomes_approved'] = false; } else { isAllowedTo('post_new'); } } $locked = 0; // @todo These won't work if you're making an event. $context['can_lock'] = allowedTo(array('lock_any', 'lock_own')); $context['can_sticky'] = allowedTo('make_sticky') && !empty($modSettings['enableStickyTopics']); $context['notify'] = !empty($context['notify']); $context['sticky'] = !empty($_REQUEST['sticky']); $context['can_add_poll'] = (allowedTo('poll_add_any') || allowedTo('poll_add_own')) && !empty($modSettings['pollMode']); } // @todo These won't work if you're posting an event! $context['can_notify'] = allowedTo('mark_any_notify'); $context['can_move'] = allowedTo('move_any'); $context['move'] = !empty($_REQUEST['move']); $context['announce'] = !empty($_REQUEST['announce']); if ($context['can_add_poll']) { addJavascriptVar(array('poll_remove' => $txt['poll_remove'], 'poll_add' => $txt['add_poll']), true); } // You can only announce topics that will get approved... $context['can_announce'] = allowedTo('announce_topic') && $context['becomes_approved']; $context['locked'] = !empty($locked) || !empty($_REQUEST['lock']); $context['can_quote'] = empty($modSettings['disabledBBC']) || !in_array('quote', explode(',', $modSettings['disabledBBC'])); // Generally don't show the approval box... (Assume we want things approved) $context['show_approval'] = allowedTo('approve_posts') && $context['becomes_approved'] ? 2 : (allowedTo('approve_posts') ? 1 : 0); // An array to hold all the attachments for this topic. $context['attachments']['current'] = array(); // Don't allow a post if it's locked and you aren't all powerful. if ($locked && !allowedTo('moderate_board')) { fatal_lang_error('topic_locked', false); } // Check the users permissions - is the user allowed to add or post a poll? if (isset($_REQUEST['poll']) && !empty($modSettings['pollMode'])) { // New topic, new poll. if (empty($topic)) { isAllowedTo('poll_post'); } elseif ($user_info['id'] == $id_member_poster && !allowedTo('poll_add_any')) { isAllowedTo('poll_add_own'); } else { isAllowedTo('poll_add_any'); } $context['can_moderate_poll'] = true; require_once SUBSDIR . '/Members.subs.php'; $allowedVoteGroups = groupsAllowedTo('poll_vote', $board); // Set up the poll options. $context['poll'] = array('max_votes' => empty($_POST['poll_max_votes']) ? '1' : max(1, $_POST['poll_max_votes']), 'hide_results' => empty($_POST['poll_hide']) ? 0 : $_POST['poll_hide'], 'expiration' => !isset($_POST['poll_expire']) ? '' : $_POST['poll_expire'], 'change_vote' => isset($_POST['poll_change_vote']), 'guest_vote' => isset($_POST['poll_guest_vote']), 'guest_vote_allowed' => in_array(-1, $allowedVoteGroups['allowed'])); // Make all five poll choices empty. $context['choices'] = array(array('id' => 0, 'number' => 1, 'label' => '', 'is_last' => false), array('id' => 1, 'number' => 2, 'label' => '', 'is_last' => false), array('id' => 2, 'number' => 3, 'label' => '', 'is_last' => false), array('id' => 3, 'number' => 4, 'label' => '', 'is_last' => false), array('id' => 4, 'number' => 5, 'label' => '', 'is_last' => true)); $context['last_choice_id'] = 4; } if ($context['make_event']) { // They might want to pick a board. if (!isset($context['current_board'])) { $context['current_board'] = 0; } // Start loading up the event info. $context['event'] = array(); $context['event']['title'] = isset($_REQUEST['evtitle']) ? htmlspecialchars(stripslashes($_REQUEST['evtitle']), ENT_COMPAT, 'UTF-8') : ''; $context['event']['id'] = isset($_REQUEST['eventid']) ? (int) $_REQUEST['eventid'] : -1; $context['event']['new'] = $context['event']['id'] == -1; // Permissions check! isAllowedTo('calendar_post'); // Editing an event? (but NOT previewing!?) if (empty($context['event']['new']) && !isset($_REQUEST['subject'])) { // If the user doesn't have permission to edit the post in this topic, redirect them. if ((empty($id_member_poster) || $id_member_poster != $user_info['id'] || !allowedTo('modify_own')) && !allowedTo('modify_any')) { require_once CONTROLLERDIR . '/Calendar.controller.php'; $controller = new Calendar_Controller(); return $controller->action_post(); } // Get the current event information. require_once SUBSDIR . '/Calendar.subs.php'; $event_info = getEventProperties($context['event']['id']); // Make sure the user is allowed to edit this event. if ($event_info['member'] != $user_info['id']) { isAllowedTo('calendar_edit_any'); } elseif (!allowedTo('calendar_edit_any')) { isAllowedTo('calendar_edit_own'); } $context['event']['month'] = $event_info['month']; $context['event']['day'] = $event_info['day']; $context['event']['year'] = $event_info['year']; $context['event']['title'] = $event_info['title']; $context['event']['span'] = $event_info['span']; } else { // Posting a new event? (or preview...) $today = getdate(); // You must have a month and year specified! if (!isset($_REQUEST['month'])) { $_REQUEST['month'] = $today['mon']; } if (!isset($_REQUEST['year'])) { $_REQUEST['year'] = $today['year']; } $context['event']['month'] = (int) $_REQUEST['month']; $context['event']['year'] = (int) $_REQUEST['year']; $context['event']['day'] = isset($_REQUEST['day']) ? $_REQUEST['day'] : ($_REQUEST['month'] == $today['mon'] ? $today['mday'] : 0); $context['event']['span'] = isset($_REQUEST['span']) ? $_REQUEST['span'] : 1; // Make sure the year and month are in the valid range. if ($context['event']['month'] < 1 || $context['event']['month'] > 12) { fatal_lang_error('invalid_month', false); } if ($context['event']['year'] < $modSettings['cal_minyear'] || $context['event']['year'] > $modSettings['cal_maxyear']) { fatal_lang_error('invalid_year', false); } // Get a list of boards they can post in. require_once SUBSDIR . '/Boards.subs.php'; $boards = boardsAllowedTo('post_new'); if (empty($boards)) { fatal_lang_error('cannot_post_new', 'user'); } // Load a list of boards for this event in the context. $boardListOptions = array('included_boards' => in_array(0, $boards) ? null : $boards, 'not_redirection' => true, 'selected_board' => empty($context['current_board']) ? $modSettings['cal_defaultboard'] : $context['current_board']); $context += getBoardList($boardListOptions); } // Find the last day of the month. $context['event']['last_day'] = (int) strftime('%d', mktime(0, 0, 0, $context['event']['month'] == 12 ? 1 : $context['event']['month'] + 1, 0, $context['event']['month'] == 12 ? $context['event']['year'] + 1 : $context['event']['year'])); $context['event']['board'] = !empty($board) ? $board : $modSettings['cal_defaultboard']; } // See if any new replies have come along. if (empty($_REQUEST['msg']) && !empty($topic)) { if (empty($options['no_new_reply_warning']) && isset($_REQUEST['last_msg']) && $context['topic_last_message'] > $_REQUEST['last_msg']) { $context['new_replies'] = countMessagesSince($topic, (int) $_REQUEST['last_msg'], false, $modSettings['postmod_active'] && !allowedTo('approve_posts')); if (!empty($context['new_replies'])) { if ($context['new_replies'] == 1) { $txt['error_new_replies'] = isset($_GET['last_msg']) ? $txt['error_new_reply_reading'] : $txt['error_new_reply']; } else { $txt['error_new_replies'] = sprintf(isset($_GET['last_msg']) ? $txt['error_new_replies_reading'] : $txt['error_new_replies'], $context['new_replies']); } $post_errors->addError('new_replies', 0); $modSettings['topicSummaryPosts'] = $context['new_replies'] > $modSettings['topicSummaryPosts'] ? max($modSettings['topicSummaryPosts'], 5) : $modSettings['topicSummaryPosts']; } } } // Get a response prefix (like 'Re:') in the default forum language. $context['response_prefix'] = response_prefix(); // Previewing, modifying, or posting? // Do we have a body, but an error happened. if (isset($_REQUEST['message']) || $post_errors->hasErrors() || $attach_errors->hasErrors()) { // Validate inputs. if (!$post_errors->hasErrors() && !$attach_errors->hasErrors()) { // This means they didn't click Post and get an error. $really_previewing = true; } else { if (!isset($_REQUEST['subject'])) { $_REQUEST['subject'] = ''; } if (!isset($_REQUEST['message'])) { $_REQUEST['message'] = ''; } if (!isset($_REQUEST['icon'])) { $_REQUEST['icon'] = 'xx'; } // They are previewing if they asked to preview (i.e. came from quick reply). $really_previewing = !empty($_REQUEST['preview']); } // In order to keep the approval status flowing through, we have to pass it through the form... $context['becomes_approved'] = empty($_REQUEST['not_approved']); $context['show_approval'] = isset($_REQUEST['approve']) ? $_REQUEST['approve'] ? 2 : 1 : 0; $context['can_announce'] &= $context['becomes_approved']; // Set up the inputs for the form. $form_subject = strtr(Util::htmlspecialchars($_REQUEST['subject']), array("\r" => '', "\n" => '', "\t" => '')); $form_message = Util::htmlspecialchars($_REQUEST['message'], ENT_QUOTES); // Make sure the subject isn't too long - taking into account special characters. if (Util::strlen($form_subject) > 100) { $form_subject = Util::substr($form_subject, 0, 100); } if (isset($_REQUEST['poll'])) { $context['poll']['question'] = isset($_REQUEST['question']) ? Util::htmlspecialchars(trim($_REQUEST['question'])) : ''; $context['choices'] = array(); $choice_id = 0; $_POST['options'] = empty($_POST['options']) ? array() : htmlspecialchars__recursive($_POST['options']); foreach ($_POST['options'] as $option) { if (trim($option) == '') { continue; } $context['choices'][] = array('id' => $choice_id++, 'number' => $choice_id, 'label' => $option, 'is_last' => false); } // One empty option for those with js disabled...I know are few... :P $context['choices'][] = array('id' => $choice_id++, 'number' => $choice_id, 'label' => '', 'is_last' => false); if (count($context['choices']) < 2) { $context['choices'][] = array('id' => $choice_id++, 'number' => $choice_id, 'label' => '', 'is_last' => false); } $context['last_choice_id'] = $choice_id; $context['choices'][count($context['choices']) - 1]['is_last'] = true; } // Are you... a guest? if ($user_info['is_guest']) { $context['name'] = !isset($_REQUEST['guestname']) ? '' : Util::htmlspecialchars(trim($_REQUEST['guestname'])); $context['email'] = !isset($_REQUEST['email']) ? '' : Util::htmlspecialchars(trim($_REQUEST['email'])); $user_info['name'] = $context['name']; } // Only show the preview stuff if they hit Preview. if (($really_previewing === true || isset($_REQUEST['xml'])) && !isset($_REQUEST['save_draft'])) { // Set up the preview message and subject $context['preview_message'] = $form_message; preparsecode($form_message, true); // Do all bulletin board code thing on the message preparsecode($context['preview_message']); $context['preview_message'] = parse_bbc($context['preview_message'], isset($_REQUEST['ns']) ? 0 : 1); censorText($context['preview_message']); // Don't forget the subject $context['preview_subject'] = $form_subject; censorText($context['preview_subject']); // Any errors we should tell them about? if ($form_subject === '') { $post_errors->addError('no_subject'); $context['preview_subject'] = '<em>' . $txt['no_subject'] . '</em>'; } if ($context['preview_message'] === '') { $post_errors->addError('no_message'); } elseif (!empty($modSettings['max_messageLength']) && Util::strlen($form_message) > $modSettings['max_messageLength']) { $post_errors->addError(array('long_message', array($modSettings['max_messageLength']))); } // Protect any CDATA blocks. if (isset($_REQUEST['xml'])) { $context['preview_message'] = strtr($context['preview_message'], array(']]>' => ']]]]><![CDATA[>')); } } // Set up the checkboxes. $context['notify'] = !empty($_REQUEST['notify']); $context['use_smileys'] = !isset($_REQUEST['ns']); $context['icon'] = isset($_REQUEST['icon']) ? preg_replace('~[\\./\\\\*\':"<>]~', '', $_REQUEST['icon']) : 'xx'; // Set the destination action for submission. $context['destination'] = 'post2;start=' . $_REQUEST['start'] . (isset($_REQUEST['msg']) ? ';msg=' . $_REQUEST['msg'] . ';' . $context['session_var'] . '=' . $context['session_id'] : '') . (isset($_REQUEST['poll']) ? ';poll' : ''); $context['submit_label'] = isset($_REQUEST['msg']) ? $txt['save'] : $txt['post']; // Previewing an edit? if (isset($_REQUEST['msg']) && !empty($topic)) { require_once SUBSDIR . '/Messages.subs.php'; // Get the existing message. $message = messageDetails((int) $_REQUEST['msg'], $topic); // The message they were trying to edit was most likely deleted. // @todo Change this error message? if ($message === false) { fatal_lang_error('no_board', false); } $errors = checkMessagePermissions($message['message']); if (!empty($errors)) { foreach ($errors as $error) { $post_errors->addError($error); } } prepareMessageContext($message); } elseif (isset($_REQUEST['last_msg'])) { list($form_subject, ) = getFormMsgSubject(false, $topic, $first_subject); } // No check is needed, since nothing is really posted. checkSubmitOnce('free'); } elseif (isset($_REQUEST['msg']) && !empty($topic)) { $_REQUEST['msg'] = (int) $_REQUEST['msg']; $message = getFormMsgSubject(true, $topic); if (!empty($message['errors'])) { foreach ($errors as $error) { $post_errors->addError($error); } } // Get the stuff ready for the form. $form_subject = $message['message']['subject']; $form_message = un_preparsecode($message['message']['body']); censorText($form_message); censorText($form_subject); // Check the boxes that should be checked. $context['use_smileys'] = !empty($message['message']['smileys_enabled']); $context['icon'] = $message['message']['icon']; // Set the destination. $context['destination'] = 'post2;start=' . $_REQUEST['start'] . ';msg=' . $_REQUEST['msg'] . ';' . $context['session_var'] . '=' . $context['session_id'] . (isset($_REQUEST['poll']) ? ';poll' : ''); $context['submit_label'] = $txt['save']; } else { // By default.... $context['use_smileys'] = true; $context['icon'] = 'xx'; if ($user_info['is_guest']) { $context['name'] = isset($_SESSION['guest_name']) ? $_SESSION['guest_name'] : ''; $context['email'] = isset($_SESSION['guest_email']) ? $_SESSION['guest_email'] : ''; } $context['destination'] = 'post2;start=' . $_REQUEST['start'] . (isset($_REQUEST['poll']) ? ';poll' : ''); $context['submit_label'] = $txt['post']; list($form_subject, $form_message) = getFormMsgSubject(false, $topic, $first_subject); } // Check whether this is a really old post being bumped... if (!empty($topic) && !empty($modSettings['oldTopicDays']) && $lastPostTime + $modSettings['oldTopicDays'] * 86400 < time() && empty($sticky) && !isset($_REQUEST['subject'])) { $post_errors->addError(array('old_topic', array($modSettings['oldTopicDays'])), 0); } // Are we moving a discussion to its own topic? if (!empty($modSettings['enableFollowup']) && !empty($_REQUEST['followup'])) { $context['original_post'] = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : (int) $_REQUEST['followup']; $context['show_boards_dropdown'] = true; require_once SUBSDIR . '/Boards.subs.php'; $context += getBoardList(array('not_redirection' => true, 'allowed_to' => 'post_new')); $context['boards_current_disabled'] = false; if (!empty($board)) { foreach ($context['categories'] as $id => $values) { if (isset($values['boards'][$board])) { $context['categories'][$id]['boards'][$board]['selected'] = true; break; } } } } $context['attachments']['can']['post'] = !empty($modSettings['attachmentEnable']) && $modSettings['attachmentEnable'] == 1 && (allowedTo('post_attachment') || $modSettings['postmod_active'] && allowedTo('post_unapproved_attachments')); if ($context['attachments']['can']['post']) { // If there are attachments, calculate the total size and how many. $attachments = array(); $attachments['total_size'] = 0; $attachments['quantity'] = 0; // If this isn't a new post, check the current attachments. if (isset($_REQUEST['msg'])) { $attachments['quantity'] = count($context['attachments']['current']); foreach ($context['attachments']['current'] as $attachment) { $attachments['total_size'] += $attachment['size']; } } // A bit of house keeping first. if (!empty($_SESSION['temp_attachments']) && count($_SESSION['temp_attachments']) == 1) { unset($_SESSION['temp_attachments']); } if (!empty($_SESSION['temp_attachments'])) { // Is this a request to delete them? if (isset($_GET['delete_temp'])) { foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false) { @unlink($attachment['tmp_name']); } } $attach_errors->addError('temp_attachments_gone'); $_SESSION['temp_attachments'] = array(); } elseif ($context['current_action'] != 'post2' || !empty($_POST['from_qr'])) { // Let's be nice and see if they belong here first. if (empty($_REQUEST['msg']) && empty($_SESSION['temp_attachments']['post']['msg']) && $_SESSION['temp_attachments']['post']['board'] == $board || !empty($_REQUEST['msg']) && $_SESSION['temp_attachments']['post']['msg'] == $_REQUEST['msg']) { // See if any files still exist before showing the warning message and the files attached. foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if (strpos($attachID, 'post_tmp_' . $user_info['id']) === false) { continue; } if (file_exists($attachment['tmp_name'])) { $attach_errors->addError('temp_attachments_new'); $context['files_in_session_warning'] = $txt['attached_files_in_session']; unset($_SESSION['temp_attachments']['post']['files']); break; } } } else { // Since, they don't belong here. Let's inform the user that they exist.. if (!empty($topic)) { $delete_url = $scripturl . '?action=post' . (!empty($_REQUEST['msg']) ? ';msg=' . $_REQUEST['msg'] : '') . (!empty($_REQUEST['last_msg']) ? ';last_msg=' . $_REQUEST['last_msg'] : '') . ';topic=' . $topic . ';delete_temp'; } else { $delete_url = $scripturl . '?action=post;board=' . $board . ';delete_temp'; } // Compile a list of the files to show the user. $file_list = array(); foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false) { $file_list[] = $attachment['name']; } } $_SESSION['temp_attachments']['post']['files'] = $file_list; $file_list = '<div class="attachments">' . implode('<br />', $file_list) . '</div>'; if (!empty($_SESSION['temp_attachments']['post']['msg'])) { // We have a message id, so we can link back to the old topic they were trying to edit.. $goback_link = '<a href="' . $scripturl . '?action=post' . (!empty($_SESSION['temp_attachments']['post']['msg']) ? ';msg=' . $_SESSION['temp_attachments']['post']['msg'] : '') . (!empty($_SESSION['temp_attachments']['post']['last_msg']) ? ';last_msg=' . $_SESSION['temp_attachments']['post']['last_msg'] : '') . ';topic=' . $_SESSION['temp_attachments']['post']['topic'] . ';additionalOptions">' . $txt['here'] . '</a>'; $attach_errors->addError(array('temp_attachments_found', array($delete_url, $goback_link, $file_list))); $context['ignore_temp_attachments'] = true; } else { $attach_errors->addError(array('temp_attachments_lost', array($delete_url, $file_list))); $context['ignore_temp_attachments'] = true; } } } foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { // Skipping over these if (isset($context['ignore_temp_attachments']) || isset($_SESSION['temp_attachments']['post']['files'])) { break; } // Initial errors (such as missing directory), we can recover if ($attachID != 'initial_error' && strpos($attachID, 'post_tmp_' . $user_info['id']) === false) { continue; } if ($attachID == 'initial_error') { if ($context['current_action'] != 'post2') { $txt['error_attach_initial_error'] = $txt['attach_no_upload'] . '<div class="attachmenterrors">' . (is_array($attachment) ? vsprintf($txt[$attachment[0]], $attachment[1]) : $txt[$attachment]) . '</div>'; $attach_errors->addError('attach_initial_error'); } unset($_SESSION['temp_attachments']); break; } // Show any errors which might have occurred. if (!empty($attachment['errors'])) { if ($context['current_action'] != 'post2') { $txt['error_attach_errors'] = empty($txt['error_attach_errors']) ? '<br />' : ''; $txt['error_attach_errors'] .= vsprintf($txt['attach_warning'], $attachment['name']) . '<div class="attachmenterrors">'; foreach ($attachment['errors'] as $error) { $txt['error_attach_errors'] .= (is_array($error) ? vsprintf($txt[$error[0]], $error[1]) : $txt[$error]) . '<br />'; } $txt['error_attach_errors'] .= '</div>'; $attach_errors->addError('attach_errors'); } // Take out the trash. unset($_SESSION['temp_attachments'][$attachID]); @unlink($attachment['tmp_name']); continue; } // More house keeping. if (!file_exists($attachment['tmp_name'])) { unset($_SESSION['temp_attachments'][$attachID]); continue; } $attachments['quantity']++; $attachments['total_size'] += $attachment['size']; if (!isset($context['files_in_session_warning'])) { $context['files_in_session_warning'] = $txt['attached_files_in_session']; } $context['attachments']['current'][] = array('name' => '<u>' . htmlspecialchars($attachment['name'], ENT_COMPAT, 'UTF-8') . '</u>', 'size' => $attachment['size'], 'id' => $attachID, 'unchecked' => false, 'approved' => 1); } } } // Do we need to show the visual verification image? $context['require_verification'] = !$user_info['is_mod'] && !$user_info['is_admin'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || $user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1); if ($context['require_verification']) { require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'post'); $context['require_verification'] = create_control_verification($verificationOptions); $context['visual_verification_id'] = $verificationOptions['id']; } // If they came from quick reply, and have to enter verification details, give them some notice. if (!empty($_REQUEST['from_qr']) && !empty($context['require_verification'])) { $post_errors->addError('need_qr_verification'); } // Any errors occurred? $context['post_error'] = array('errors' => $post_errors->prepareErrors(), 'type' => $post_errors->getErrorType() == 0 ? 'minor' : 'serious', 'title' => $post_errors->getErrorType() == 0 ? $txt['warning_while_submitting'] : $txt['error_while_submitting']); // If there are attachment errors. Let's show a list to the user. if ($attach_errors->hasErrors()) { loadTemplate('Errors'); $errors = $attach_errors->prepareErrors(); foreach ($errors as $key => $error) { $context['attachment_error_keys'][] = $key . '_error'; $context[$key . '_error'] = $error; } } // What are you doing? Posting a poll, modifying, previewing, new post, or reply... if (isset($_REQUEST['poll'])) { $context['page_title'] = $txt['new_poll']; } elseif ($context['make_event']) { $context['page_title'] = $context['event']['id'] == -1 ? $txt['calendar_post_event'] : $txt['calendar_edit']; } elseif (isset($_REQUEST['msg'])) { $context['page_title'] = $txt['modify_msg']; } elseif (isset($_REQUEST['subject'], $context['preview_subject'])) { $context['page_title'] = $txt['post_reply']; } elseif (empty($topic)) { $context['page_title'] = $txt['start_new_topic']; } else { $context['page_title'] = $txt['post_reply']; } // Update the topic summary, needed to show new posts in a preview if (!empty($topic) && !empty($modSettings['topicSummaryPosts'])) { $only_approved = $modSettings['postmod_active'] && !allowedTo('approve_posts'); if (isset($_REQUEST['xml'])) { $limit = empty($context['new_replies']) ? 0 : (int) $context['new_replies']; } else { $limit = $modSettings['topicSummaryPosts']; } $before = isset($_REQUEST['msg']) ? array('before' => (int) $_REQUEST['msg']) : array(); $counter = 0; $context['previous_posts'] = empty($limit) ? array() : selectMessages($topic, 0, $limit, $before, $only_approved); foreach ($context['previous_posts'] as &$post) { $post['is_new'] = !empty($context['new_replies']); $post['counter'] = $counter++; $post['is_ignored'] = !empty($modSettings['enable_buddylist']) && in_array($post['id_poster'], $user_info['ignoreusers']); if (!empty($context['new_replies'])) { $context['new_replies']--; } } } // Just ajax previewing then lets stop now if (isset($_REQUEST['xml'])) { obExit(); } // Build the link tree. if (empty($topic)) { $context['linktree'][] = array('name' => '<em>' . $txt['start_new_topic'] . '</em>'); } else { $context['linktree'][] = array('url' => $scripturl . '?topic=' . $topic . '.' . $_REQUEST['start'], 'name' => $form_subject, 'extra_before' => '<span><strong class="nav">' . $context['page_title'] . ' ( </strong></span>', 'extra_after' => '<span><strong class="nav"> )</strong></span>'); } $context['subject'] = addcslashes($form_subject, '"'); $context['message'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), $form_message); // Are post drafts enabled? $context['drafts_save'] = !empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_post_enabled']) && allowedTo('post_draft'); $context['drafts_autosave'] = !empty($context['drafts_save']) && !empty($modSettings['drafts_autosave_enabled']) && allowedTo('post_autosave_draft'); if (!empty($modSettings['mentions_enabled'])) { $context['mentions_enabled'] = true; loadCSSFile('jquery.atwho.css'); addInlineJavascript(' $(document).ready(function () { for (var i = 0, count = all_elk_mentions.length; i < count; i++) all_elk_mentions[i].oMention = new elk_mentions(all_elk_mentions[i].oOptions); });'); } // Build a list of drafts that they can load into the editor if (!empty($context['drafts_save'])) { $this->_prepareDraftsContext($user_info['id'], $topic); if (!empty($context['drafts'])) { $template_layers->add('load_drafts', 100); } } // Needed for the editor and message icons. require_once SUBSDIR . '/Editor.subs.php'; // Now create the editor. $editorOptions = array('id' => 'message', 'value' => $context['message'], 'labels' => array('post_button' => $context['submit_label']), 'height' => '275px', 'width' => '100%', 'preview_type' => 2); create_control_richedit($editorOptions); $context['attached'] = ''; $context['make_poll'] = isset($_REQUEST['poll']); if ($context['make_poll']) { loadTemplate('Poll'); $template_layers->add('poll_edit'); } // Message icons - customized or not, retrieve them... $context['icons'] = getMessageIcons($board); $context['icon_url'] = ''; if (!empty($context['icons'])) { $context['icons'][count($context['icons']) - 1]['is_last'] = true; $context['icons'][0]['selected'] = true; // $context['icon'] is set when editing a message if (!isset($context['icon'])) { $context['icon'] = $context['icons'][0]['value']; } $found = false; foreach ($context['icons'] as $icon) { if ($icon['value'] === $context['icon']) { $found = true; $context['icon_url'] = $icon['url']; break; } } // Failsafe if (!$found) { $context['icon'] = $context['icons'][0]['value']; $context['icon_url'] = $context['icons'][0]['url']; } } // Are we starting a poll? if set the poll icon as selected if its available if (isset($_REQUEST['poll'])) { for ($i = 0, $n = count($context['icons']); $i < $n; $i++) { if ($context['icons'][$i]['value'] == 'poll') { $context['icons'][$i]['selected'] = true; $context['icon'] = 'poll'; $context['icon_url'] = $context['icons'][$i]['url']; break; } } } // If the user can post attachments prepare the warning labels. if ($context['attachments']['can']['post']) { // If they've unchecked an attachment, they may still want to attach that many more files, but don't allow more than num_allowed_attachments. $context['attachments']['num_allowed'] = empty($modSettings['attachmentNumPerPostLimit']) ? 50 : min($modSettings['attachmentNumPerPostLimit'] - count($context['attachments']['current']), $modSettings['attachmentNumPerPostLimit']); $context['attachments']['can']['post_unapproved'] = allowedTo('post_attachment'); $context['attachments']['restrictions'] = array(); if (!empty($modSettings['attachmentCheckExtensions'])) { $context['attachments']['allowed_extensions'] = strtr(strtolower($modSettings['attachmentExtensions']), array(',' => ', ')); } else { $context['attachments']['allowed_extensions'] = ''; } $context['attachments']['templates'] = array('add_new' => 'template_add_new_attachments', 'existing' => 'template_show_existing_attachments'); $attachmentRestrictionTypes = array('attachmentNumPerPostLimit', 'attachmentPostLimit', 'attachmentSizeLimit'); foreach ($attachmentRestrictionTypes as $type) { if (!empty($modSettings[$type])) { $context['attachments']['restrictions'][] = sprintf($txt['attach_restrict_' . $type], comma_format($modSettings[$type], 0)); // Show some numbers. If they exist. if ($type == 'attachmentNumPerPostLimit' && $attachments['quantity'] > 0) { $context['attachments']['restrictions'][] = sprintf($txt['attach_remaining'], $modSettings['attachmentNumPerPostLimit'] - $attachments['quantity']); } elseif ($type == 'attachmentPostLimit' && $attachments['total_size'] > 0) { $context['attachments']['restrictions'][] = sprintf($txt['attach_available'], comma_format(round(max($modSettings['attachmentPostLimit'] - $attachments['total_size'] / 1028, 0)), 0)); } } } // Load up the drag and drop attachment magic addInlineJavascript(' var dropAttach = dragDropAttachment.prototype.init({ board: ' . $board . ', allowedExtensions: ' . JavaScriptEscape($context['attachments']['allowed_extensions']) . ', totalSizeAllowed: ' . JavaScriptEscape(empty($modSettings['attachmentPostLimit']) ? '' : $modSettings['attachmentPostLimit']) . ', individualSizeAllowed: ' . JavaScriptEscape(empty($modSettings['attachmentSizeLimit']) ? '' : $modSettings['attachmentSizeLimit']) . ', numOfAttachmentAllowed: ' . $context['attachments']['num_allowed'] . ', totalAttachSizeUploaded: ' . (isset($context['attachments']['total_size']) && !empty($context['attachments']['total_size']) ? $context['attachments']['total_size'] : 0) . ', numAttachUploaded: ' . (isset($context['attachments']['quantity']) && !empty($context['attachments']['quantity']) ? $context['attachments']['quantity'] : 0) . ', oTxt: ({ allowedExtensions : ' . JavaScriptEscape(sprintf($txt['cant_upload_type'], $context['attachments']['allowed_extensions'])) . ', totalSizeAllowed : ' . JavaScriptEscape($txt['attach_max_total_file_size']) . ', individualSizeAllowed : ' . JavaScriptEscape(sprintf($txt['file_too_big'], comma_format($modSettings['attachmentSizeLimit'], 0))) . ', numOfAttachmentAllowed : ' . JavaScriptEscape(sprintf($txt['attachments_limit_per_post'], $modSettings['attachmentNumPerPostLimit'])) . ', postUploadError : ' . JavaScriptEscape($txt['post_upload_error']) . ', }), });', true); } $context['back_to_topic'] = isset($_REQUEST['goback']) || isset($_REQUEST['msg']) && !isset($_REQUEST['subject']); $context['show_additional_options'] = !empty($_POST['additional_options']) || isset($_SESSION['temp_attachments']['post']) || isset($_GET['additionalOptions']); $context['is_new_topic'] = empty($topic); $context['is_new_post'] = !isset($_REQUEST['msg']); $context['is_first_post'] = $context['is_new_topic'] || isset($_REQUEST['msg']) && $_REQUEST['msg'] == $id_first_msg; $context['current_action'] = 'post'; // Register this form in the session variables. checkSubmitOnce('register'); // Finally, load the template. if (!isset($_REQUEST['xml'])) { loadTemplate('Post'); $context['sub_template'] = 'post_page'; } }
function BlogViewPost() { global $boarddir, $context, $smcFunc, $modSettings, $scripturl, $sourcedir, $txt; // No ID? Redirect back to the main blog page. if (empty($_GET['id'])) { redirectexit('action=blog'); } // Make sure it's numeric. $_GET['id'] = (int) $_GET['id']; // We need the postbox functions. require_once $sourcedir . '/Subs-Post.php'; require_once $sourcedir . '/Subs-Editor.php'; // Now create the editor. $editorOptions = array('id' => 'message', 'value' => '', 'width' => '90%', 'form' => 'postmodify', 'labels' => array('post_button' => '')); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; // Register the comment form in the session variables. checkSubmitOnce('register'); // Make sure we have a posts per page value. If not, use a default. if (empty($modSettings['blog_comments_perpage'])) { $modSettings['blog_comments_perpage'] = 10; } // Grab the post and its replies. $context['blog_post'] = BlogTopic($_GET['id'], $modSettings['blog_comments_perpage'], null, 'array'); // Construct a page index // !!! ssi_topic() should be fixed! :P $context['blog_post']['pageindex'] = constructPageIndex($scripturl . '?action=blog;sa=view_post;id=' . $_GET['id'] . (!empty($modSettings['blog_enable_rewrite']) ? ';blog_name=' . $_GET['blog_name'] : '') . ';start=%d#comments', $_REQUEST['start'], $context['blog_post']['reply_count'], $modSettings['blog_comments_perpage'], true); // If the blog name is passed... if (!empty($_GET['blog_name'])) { $context['blog_name'] = $_GET['blog_name']; } // Use the "view_post" template. $context['sub_template'] = 'view_post'; }
/** * Send a new personal message? */ public function action_send() { global $txt, $scripturl, $modSettings, $context, $user_info; // Load in some text and template dependencies loadLanguage('PersonalMessage'); loadTemplate('PersonalMessage'); // Set the template we will use $context['sub_template'] = 'send'; // Extract out the spam settings - cause it's neat. list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']); // Set up some items for the template $context['page_title'] = $txt['send_message']; $context['reply'] = isset($_REQUEST['pmsg']) || isset($_REQUEST['quote']); // Check whether we've gone over the limit of messages we can send per hour. if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') { // How many messages have they sent this last hour? $pmCount = pmCount($user_info['id'], 3600); if (!empty($pmCount) && $pmCount >= $modSettings['pm_posts_per_hour']) { fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour'])); } } // Quoting / Replying to a message? if (!empty($_REQUEST['pmsg'])) { $pmsg = (int) $_REQUEST['pmsg']; // Make sure this is accessible (not deleted) if (!isAccessiblePM($pmsg)) { fatal_lang_error('no_access', false); } // Validate that this is one has been received? $isReceived = checkPMReceived($pmsg); // Get the quoted message (and make sure you're allowed to see this quote!). $row_quoted = loadPMQuote($pmsg, $isReceived); if ($row_quoted === false) { fatal_lang_error('pm_not_yours', false); } // Censor the message. censorText($row_quoted['subject']); censorText($row_quoted['body']); // Lets make sure we mark this one as read markMessages($pmsg); // Figure out which flavor or 'Re: ' to use $context['response_prefix'] = response_prefix(); $form_subject = $row_quoted['subject']; // Add 'Re: ' to it.... if ($context['reply'] && trim($context['response_prefix']) != '' && Util::strpos($form_subject, trim($context['response_prefix'])) !== 0) { $form_subject = $context['response_prefix'] . $form_subject; } // If quoting, lets clean up some things and set the quote header for the pm body if (isset($_REQUEST['quote'])) { // Remove any nested quotes and <br />... $form_message = preg_replace('~<br ?/?' . '>~i', "\n", $row_quoted['body']); if (!empty($modSettings['removeNestedQuotes'])) { $form_message = preg_replace(array('~\\n?\\[quote.*?\\].+?\\[/quote\\]\\n?~is', '~^\\n~', '~\\[/quote\\]~'), '', $form_message); } if (empty($row_quoted['id_member'])) { $form_message = '[quote author="' . $row_quoted['real_name'] . '"]' . "\n" . $form_message . "\n" . '[/quote]'; } else { $form_message = '[quote author=' . $row_quoted['real_name'] . ' link=action=profile;u=' . $row_quoted['id_member'] . ' date=' . $row_quoted['msgtime'] . ']' . "\n" . $form_message . "\n" . '[/quote]'; } } else { $form_message = ''; } // Do the BBC thang on the message. $row_quoted['body'] = parse_bbc($row_quoted['body'], true, 'pm' . $row_quoted['id_pm']); // Set up the quoted message array. $context['quoted_message'] = array('id' => $row_quoted['id_pm'], 'pm_head' => $row_quoted['pm_head'], 'member' => array('name' => $row_quoted['real_name'], 'username' => $row_quoted['member_name'], 'id' => $row_quoted['id_member'], 'href' => !empty($row_quoted['id_member']) ? $scripturl . '?action=profile;u=' . $row_quoted['id_member'] : '', 'link' => !empty($row_quoted['id_member']) ? '<a href="' . $scripturl . '?action=profile;u=' . $row_quoted['id_member'] . '">' . $row_quoted['real_name'] . '</a>' : $row_quoted['real_name']), 'subject' => $row_quoted['subject'], 'time' => standardTime($row_quoted['msgtime']), 'html_time' => htmlTime($row_quoted['msgtime']), 'timestamp' => forum_time(true, $row_quoted['msgtime']), 'body' => $row_quoted['body']); } else { $context['quoted_message'] = false; $form_subject = ''; $form_message = ''; } // Start of like we don't know where this is going $context['recipients'] = array('to' => array(), 'bcc' => array()); // Sending by ID? Replying to all? Fetch the real_name(s). if (isset($_REQUEST['u'])) { // If the user is replying to all, get all the other members this was sent to.. if ($_REQUEST['u'] == 'all' && isset($row_quoted)) { // Firstly, to reply to all we clearly already have $row_quoted - so have the original member from. if ($row_quoted['id_member'] != $user_info['id']) { $context['recipients']['to'][] = array('id' => $row_quoted['id_member'], 'name' => htmlspecialchars($row_quoted['real_name'], ENT_COMPAT, 'UTF-8')); } // Now to get all the others. $context['recipients']['to'] = array_merge($context['recipients']['to'], isset($pmsg) ? loadPMRecipientsAll($pmsg) : array()); } else { $users = array_map('intval', explode(',', $_REQUEST['u'])); $users = array_unique($users); // For all the member's this is going to, get their display name. require_once SUBSDIR . '/Members.subs.php'; $result = getBasicMemberData($users); foreach ($result as $row) { $context['recipients']['to'][] = array('id' => $row['id_member'], 'name' => $row['real_name']); } } // Get a literal name list in case the user has JavaScript disabled. $names = array(); foreach ($context['recipients']['to'] as $to) { $names[] = $to['name']; } $context['to_value'] = empty($names) ? '' : '"' . implode('", "', $names) . '"'; } else { $context['to_value'] = ''; } // Set the defaults... $context['subject'] = $form_subject; $context['message'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), $form_message); // And build the link tree. $context['linktree'][] = array('url' => $scripturl . '?action=pm;sa=send', 'name' => $txt['new_message']); // If drafts are enabled, lets generate a list of drafts that they can load in to the editor if (!empty($context['drafts_pm_save'])) { $pm_seed = isset($_REQUEST['pmsg']) ? $_REQUEST['pmsg'] : (isset($_REQUEST['quote']) ? $_REQUEST['quote'] : 0); prepareDraftsContext($user_info['id'], $pm_seed); } // Needed for the editor. require_once SUBSDIR . '/Editor.subs.php'; // Now create the editor. $editorOptions = array('id' => 'message', 'value' => $context['message'], 'height' => '250px', 'width' => '100%', 'labels' => array('post_button' => $txt['send_message']), 'preview_type' => 2); create_control_richedit($editorOptions); // No one is bcc'ed just yet $context['bcc_value'] = ''; // Verification control needed for this PM? $context['require_verification'] = !$user_info['is_admin'] && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']; if ($context['require_verification']) { require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'pm'); $context['require_verification'] = create_control_verification($verificationOptions); $context['visual_verification_id'] = $verificationOptions['id']; } // Register this form and get a sequence number in $context. checkSubmitOnce('register'); }
function shd_frontpage_options($return_config) { global $context, $modSettings, $txt, $sourcedir, $smcFunc; // Since this is potentially dangerous, real admins only, thanks. isAllowedTo('admin_forum'); $config_vars = array(array('select', 'shdp_frontpage_appear', array('always' => $txt['shdp_frontpage_appear_always'], 'firstload' => $txt['shdp_frontpage_appear_firstload'], 'firstdefault' => $txt['shdp_frontpage_appear_firstdefault'])), '', array('select', 'shdp_frontpage_type', array('php' => $txt['shdp_frontpage_type_php'], 'bbcode' => $txt['shdp_frontpage_type_bbcode'])), array('large_text', 'shdp_frontpage_content', 'size' => 30)); $context['settings_title'] = $txt['shdp_frontpage']; $context['settings_icon'] = 'frontpage.png'; // Are we actually going to display this, or bouncing it back just for admin search? if (!$return_config) { require_once $sourcedir . '/Subs-Post.php'; require_once $sourcedir . '/Subs-Editor.php'; loadTemplate('sd_plugins_template/SDPluginFrontPage'); $context['sub_template'] = 'shd_frontpage_admin'; $context['shdp_frontpage_content'] = !empty($modSettings['shdp_frontpage_content']) ? un_preparsecode($modSettings['shdp_frontpage_content']) : ''; if (isset($_GET['save'])) { $_POST['shdp_frontpage_content'] = isset($_POST['shdp_frontpage_content']) ? $_POST['shdp_frontpage_content'] : ''; if (!empty($_POST['shdp_frontpage_type']) && $_POST['shdp_frontpage_type'] == 'php') { $context['shdp_frontpage_content'] = $smcFunc['htmlspecialchars']($_POST['shdp_frontpage_content'], ENT_QUOTES); } else { $_POST['shdp_frontpage_content'] = $smcFunc['htmlspecialchars']($_POST['shdp_frontpage_content'], ENT_QUOTES); preparsecode($_POST['shdp_frontpage_content']); $context['shdp_frontpage_content'] = un_preparsecode($_POST['shdp_frontpage_content']); // So it's a known safe version. } } $modSettings['disable_wysiwyg'] = true; $editorOptions = array('id' => 'shdp_frontpage_content', 'value' => $context['shdp_frontpage_content'], 'labels' => array('post_button' => $txt['save']), 'preview_type' => 0, 'width' => '70%', 'disable_smiley_box' => false); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; } return $config_vars; }
/** * Adding or editing a block. */ public function action_sportal_admin_block_edit() { global $txt, $context, $modSettings, $boards; // Just in case, the admin could be doing something silly like editing a SP block while SP is disabled. ;) require_once SUBSDIR . '/PortalBlocks.subs.php'; $context['SPortal']['is_new'] = empty($_REQUEST['block_id']); // BBC Fix move the parameter to the correct position. if (!empty($_POST['bbc_name'])) { $_POST['parameters'][$_POST['bbc_name']] = !empty($_POST[$_POST['bbc_parameter']]) ? $_POST[$_POST['bbc_parameter']] : ''; // If we came from WYSIWYG then turn it back into BBC regardless. if (!empty($_REQUEST['bbc_' . $_POST['bbc_name'] . '_mode']) && isset($_POST['parameters'][$_POST['bbc_name']])) { require_once SUBSDIR . 'Html2BBC.class.php'; $bbc_converter = new Convert_BBC($_POST['parameters'][$_POST['bbc_name']]); $_POST['parameters'][$_POST['bbc_name']] = $bbc_converter->get_bbc(); // We need to unhtml it now as it gets done shortly. $_POST['parameters'][$_POST['bbc_name']] = un_htmlspecialchars($_POST['parameters'][$_POST['bbc_name']]); } } // Passing the selected type via $_GET instead of $_POST? $start_parameters = array(); if (!empty($_GET['selected_type']) && empty($_POST['selected_type'])) { $_POST['selected_type'] = array($_GET['selected_type']); if (!empty($_GET['parameters'])) { foreach ($_GET['parameters'] as $param) { if (isset($_GET[$param])) { $start_parameters[$param] = $_GET[$param]; } } } } // Want use a block on the portal? if ($context['SPortal']['is_new'] && empty($_POST['selected_type']) && empty($_POST['add_block'])) { // Gather the blocks we have available $context['SPortal']['block_types'] = getFunctionInfo(); // Create a list of the blocks in use $in_use = getBlockInfo(); foreach ($in_use as $block) { $context['SPortal']['block_inuse'][$block['type']] = array('state' => $block['state'], 'column' => $block['column']); } $context['location'] = array(1 => $txt['sp-positionLeft'], $txt['sp-positionTop'], $txt['sp-positionBottom'], $txt['sp-positionRight'], $txt['sp-positionHeader'], $txt['sp-positionFooter']); if (!empty($_REQUEST['col'])) { $context['SPortal']['block']['column'] = $_REQUEST['col']; } $context['sub_template'] = 'block_select_type'; $context['page_title'] = $txt['sp-blocksAdd']; } elseif ($context['SPortal']['is_new'] && !empty($_POST['selected_type'])) { $context['SPortal']['block'] = array('id' => 0, 'label' => $txt['sp-blocksDefaultLabel'], 'type' => $_POST['selected_type'][0], 'type_text' => !empty($txt['sp_function_' . $_POST['selected_type'][0] . '_label']) ? $txt['sp_function_' . $_POST['selected_type'][0] . '_label'] : $txt['sp_function_unknown_label'], 'column' => !empty($_POST['block_column']) ? $_POST['block_column'] : 0, 'row' => 0, 'permissions' => 3, 'state' => 1, 'force_view' => 0, 'mobile_view' => 0, 'display' => '', 'display_custom' => '', 'style' => '', 'parameters' => !empty($start_parameters) ? $start_parameters : array(), 'options' => $_POST['selected_type'][0](array(), false, true), 'list_blocks' => !empty($_POST['block_column']) ? getBlockInfo($_POST['block_column']) : array()); } elseif (!$context['SPortal']['is_new'] && empty($_POST['add_block'])) { $_REQUEST['block_id'] = (int) $_REQUEST['block_id']; $context['SPortal']['block'] = current(getBlockInfo(null, $_REQUEST['block_id'])); $context['SPortal']['block'] += array('options' => $context['SPortal']['block']['type'](array(), false, true), 'list_blocks' => getBlockInfo($context['SPortal']['block']['column'])); } // Want to take a look at how this block will appear, well we try our best if (!empty($_POST['preview_block']) || isset($_SESSION['sp_error'])) { // An error was generated on save, lets set things up like a preview and return to the preview if (isset($_SESSION['sp_error'])) { $context['SPortal']['error'] = $_SESSION['sp_error']; $_POST = $_SESSION['sp_error_post']; $_POST['preview_block'] = true; // Clean up unset($_SESSION['sp_error'], $_SESSION['sp_error_post'], $_POST['add_block']); } // Just in case, the admin could be doing something silly like editing a SP block while SP is disabled. ;) require_once BOARDDIR . '/SSI.php'; sportal_init_headers(); loadTemplate('Portal'); $type_parameters = $_POST['block_type'](array(), 0, true); if (!empty($_POST['parameters']) && is_array($_POST['parameters']) && !empty($type_parameters)) { foreach ($type_parameters as $name => $type) { if (isset($_POST['parameters'][$name])) { $this->_prepare_parameters($type, $name); } } } else { $_POST['parameters'] = array(); } // Simple is clean if (empty($_POST['display_advanced'])) { if (!empty($_POST['display_simple']) && in_array($_POST['display_simple'], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages'))) { $display = $_POST['display_simple']; } else { $display = ''; } $custom = ''; } else { $display = array(); $custom = array(); if (!empty($_POST['display_actions'])) { foreach ($_POST['display_actions'] as $action) { $display[] = Util::htmlspecialchars($action, ENT_QUOTES); } } if (!empty($_POST['display_boards'])) { foreach ($_POST['display_boards'] as $board) { $display[] = 'b' . (int) substr($board, 1); } } if (!empty($_POST['display_pages'])) { foreach ($_POST['display_pages'] as $page) { $display[] = 'p' . (int) substr($page, 1); } } if (!empty($_POST['display_custom'])) { $temp = explode(',', $_POST['display_custom']); foreach ($temp as $action) { $custom[] = Util::htmlspecialchars(Util::htmltrim($action), ENT_QUOTES); } } $display = empty($display) ? '' : implode(',', $display); $custom = empty($custom) ? '' : implode(',', $custom); } // Create all the information we know about this block $context['SPortal']['block'] = array('id' => $_POST['block_id'], 'label' => Util::htmlspecialchars($_POST['block_name'], ENT_QUOTES), 'type' => $_POST['block_type'], 'type_text' => !empty($txt['sp_function_' . $_POST['block_type'] . '_label']) ? $txt['sp_function_' . $_POST['block_type'] . '_label'] : $txt['sp_function_unknown_label'], 'column' => $_POST['block_column'], 'row' => !empty($_POST['block_row']) ? $_POST['block_row'] : 0, 'placement' => !empty($_POST['placement']) && in_array($_POST['placement'], array('before', 'after')) ? $_POST['placement'] : '', 'permissions' => $_POST['permissions'], 'state' => !empty($_POST['block_active']), 'force_view' => !empty($_POST['block_force']), 'mobile_view' => !empty($_POST['block_mobile']), 'display' => $display, 'display_custom' => $custom, 'style' => sportal_parse_style('implode'), 'parameters' => !empty($_POST['parameters']) ? $_POST['parameters'] : array(), 'options' => $_POST['block_type'](array(), false, true), 'list_blocks' => getBlockInfo($_POST['block_column']), 'collapsed' => false); if (strpos($modSettings['leftwidth'], '%') !== false || strpos($modSettings['leftwidth'], 'px') !== false) { $context['widths'][1] = $modSettings['leftwidth']; } else { $context['widths'][1] = $modSettings['leftwidth'] . 'px'; } if (strpos($modSettings['rightwidth'], '%') !== false || strpos($modSettings['rightwidth'], 'px') !== false) { $context['widths'][4] = $modSettings['rightwidth']; } else { $context['widths'][4] = $modSettings['rightwidth'] . 'px'; } if (strpos($context['widths'][1], '%') !== false) { $context['widths'][2] = $context['widths'][3] = 100 - ($context['widths'][1] + $context['widths'][4]) . '%'; $context['widths'][5] = $context['widths'][6] = '100%'; } elseif (strpos($context['widths'][1], 'px') !== false) { $context['widths'][2] = $context['widths'][3] = 960 - ($context['widths'][1] + $context['widths'][4]) . 'px'; $context['widths'][5] = $context['widths'][6] = '960px'; } $context['SPortal']['preview'] = true; } if (!empty($_POST['selected_type']) || !empty($_POST['preview_block']) || !$context['SPortal']['is_new'] && empty($_POST['add_block'])) { // Only the admin can use PHP blocks if ($context['SPortal']['block']['type'] == 'sp_php' && !allowedTo('admin_forum')) { fatal_lang_error('cannot_admin_forum', false); } loadLanguage('SPortalHelp', sp_languageSelect('SPortalHelp')); // Load up the permissions $context['SPortal']['block']['permission_profiles'] = sportal_get_profiles(null, 1, 'name'); if (empty($context['SPortal']['block']['permission_profiles'])) { fatal_lang_error('error_sp_no_permission_profiles', false); } $context['simple_actions'] = array('sportal' => $txt['sp-portal'], 'sforum' => $txt['sp-forum'], 'allaction' => $txt['sp-blocksOptionAllActions'], 'allboard' => $txt['sp-blocksOptionAllBoards'], 'allpages' => $txt['sp-blocksOptionAllPages'], 'all' => $txt['sp-blocksOptionEverywhere']); $context['display_actions'] = array('portal' => $txt['sp-portal'], 'forum' => $txt['sp-forum'], 'recent' => $txt['recent_posts'], 'unread' => $txt['unread_topics_visit'], 'unreadreplies' => $txt['unread_replies'], 'profile' => $txt['profile'], 'pm' => $txt['pm_short'], 'calendar' => $txt['calendar'], 'admin' => $txt['admin'], 'login' => $txt['login'], 'register' => $txt['register'], 'post' => $txt['post'], 'stats' => $txt['forum_stats'], 'search' => $txt['search'], 'mlist' => $txt['members_list'], 'moderate' => $txt['moderate'], 'help' => $txt['help'], 'who' => $txt['who_title']); // Load up boards and pages for selection in the template sp_block_template_helpers(); if (empty($context['SPortal']['block']['display'])) { $context['SPortal']['block']['display'] = array('0'); } else { $context['SPortal']['block']['display'] = explode(',', $context['SPortal']['block']['display']); } if (in_array($context['SPortal']['block']['display'][0], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages')) || $context['SPortal']['is_new'] || empty($context['SPortal']['block']['display'][0]) && empty($context['SPortal']['block']['display_custom'])) { $context['SPortal']['block']['display_type'] = 0; } else { $context['SPortal']['block']['display_type'] = 1; } $context['SPortal']['block']['style'] = sportal_parse_style('explode', $context['SPortal']['block']['style'], !empty($context['SPortal']['preview'])); // Prepare the Textcontent for BBC, only the first bbc will be detected correctly! $firstBBCFound = false; foreach ($context['SPortal']['block']['options'] as $name => $type) { // Selectable Boards :D if ($type == 'board_select' || $type == 'boards') { if (empty($boards)) { require_once SUBSDIR . '/Boards.subs.php'; getBoardTree(); } // Merge the array ;) if (!isset($context['SPortal']['block']['parameters'][$name])) { $context['SPortal']['block']['parameters'][$name] = array(); } elseif (!empty($context['SPortal']['block']['parameters'][$name]) && is_array($context['SPortal']['block']['parameters'][$name])) { $context['SPortal']['block']['parameters'][$name] = implode('|', $context['SPortal']['block']['parameters'][$name]); } $context['SPortal']['block']['board_options'][$name] = array(); $config_variable = !empty($context['SPortal']['block']['parameters'][$name]) ? $context['SPortal']['block']['parameters'][$name] : array(); $config_variable = !is_array($config_variable) ? explode('|', $config_variable) : $config_variable; $context['SPortal']['block']['board_options'][$name] = array(); // Create the list for this Item foreach ($boards as $board) { // Ignore the redirected boards :) if (!empty($board['redirect'])) { continue; } $context['SPortal']['block']['board_options'][$name][$board['id']] = array('value' => $board['id'], 'text' => $board['name'], 'selected' => in_array($board['id'], $config_variable)); } } elseif ($type === 'bbc') { // ELK support only one bbc correct, multiple bbc do not work at the moment if (!$firstBBCFound) { $firstBBCFound = true; // Start Elk BBC System :) require_once SUBSDIR . '/Editor.subs.php'; // Prepare the output :D $form_message = !empty($context['SPortal']['block']['parameters'][$name]) ? $context['SPortal']['block']['parameters'][$name] : ''; // But if it's in HTML world, turn them into htmlspecialchar's so they can be edited! if (strpos($form_message, '[html]') !== false) { $parts = preg_split('~(\\[/code\\]|\\[code(?:=[^\\]]+)?\\])~i', $form_message, -1, PREG_SPLIT_DELIM_CAPTURE); for ($i = 0, $n = count($parts); $i < $n; $i++) { // It goes 0 = outside, 1 = begin tag, 2 = inside, 3 = close tag, repeat. if ($i % 4 == 0) { $parts[$i] = preg_replace_callback('~\\[html\\](.+?)\\[/html\\]~is', create_function('$m', 'return "[html]" . preg_replace(\'~<br\\s?/?>~i\', \'<br /><br />\', "$m[1]") . "[/html]";'), $parts[$i]); } } $form_message = implode('', $parts); } $form_message = preg_replace('~<br(?: /)?' . '>~i', "\n", $form_message); // Prepare the data before i want them inside the textarea $form_message = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), $form_message); $context['SPortal']['bbc'] = 'bbc_' . $name; $message_data = array('id' => $context['SPortal']['bbc'], 'width' => '95%', 'height' => '200px', 'value' => $form_message, 'form' => 'sp_block'); // Run the ELK bbc editor routine create_control_richedit($message_data); // Store the updated data on the parameters $context['SPortal']['block']['parameters'][$name] = $form_message; } else { $context['SPortal']['block']['options'][$name] = 'textarea'; } } } loadJavascriptFile('portal.js?sp24'); $context['sub_template'] = 'block_edit'; $context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp-blocksAdd'] : $txt['sp-blocksEdit']; } // Want to add / edit a block oo the portal if (!empty($_POST['add_block'])) { checkSession(); // Only the admin can do php here if ($_POST['block_type'] == 'sp_php' && !allowedTo('admin_forum')) { fatal_lang_error('cannot_admin_forum', false); } // Make sure the block name is something safe if (!isset($_POST['block_name']) || Util::htmltrim(Util::htmlspecialchars($_POST['block_name']), ENT_QUOTES) === '') { fatal_lang_error('error_sp_name_empty', false); } if ($_POST['block_type'] == 'sp_php' && !empty($_POST['parameters']['content']) && empty($modSettings['sp_disable_php_validation'])) { require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); $validator->validation_rules(array('content' => 'php_syntax')); $validator->validate(array('content' => $_POST['parameters']['content'])); $error = $validator->validation_errors(); if ($error) { $_SESSION['sp_error'] = $error[0]; $_SESSION['sp_error_post'] = $_POST; redirectexit('action=admin;area=portalblocks;sa=' . $_REQUEST['sa'] . (!empty($_REQUEST['block_id']) ? ';block_id=' . $_REQUEST['block_id'] : '')); } } // If we have a block ID passed, we must be editing, so the the blocks current data if (!empty($_REQUEST['block_id'])) { $current_data = current(getBlockInfo(null, $_REQUEST['block_id'])); } // Where are we going to place this new block, before, after, no change if (!empty($_POST['placement']) && ($_POST['placement'] === 'before' || $_POST['placement'] === 'after')) { if (!empty($current_data)) { $current_row = $current_data['row']; } else { $current_row = null; } // Before or after the chosen block if ($_POST['placement'] === 'before') { $row = (int) $_POST['block_row']; } else { $row = (int) $_POST['block_row'] + 1; } if (!empty($current_row) && $row > $current_row) { sp_update_block_row($current_row, $row - 1, $_POST['block_column'], true); } else { sp_update_block_row($current_row, $row, $_POST['block_column'], false); } } elseif (!empty($_POST['placement']) && $_POST['placement'] == 'nochange') { $row = 0; } else { $block_id = !empty($_REQUEST['block_id']) ? (int) $_REQUEST['block_id'] : 0; $row = sp_block_nextrow($_POST['block_column'], $block_id); } $type_parameters = $_POST['block_type'](array(), 0, true); if (!empty($_POST['parameters']) && is_array($_POST['parameters']) && !empty($type_parameters)) { foreach ($type_parameters as $name => $type) { // Prepare BBC Content for ELK if (isset($_POST['parameters'][$name])) { $this->_prepare_parameters($type, $name); } } } else { $_POST['parameters'] = array(); } // Standard options if (empty($_POST['display_advanced'])) { if (!empty($_POST['display_simple']) && in_array($_POST['display_simple'], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages'))) { $display = $_POST['display_simple']; } else { $display = ''; } $custom = ''; } else { $display = array(); if (!empty($_POST['display_actions'])) { foreach ($_POST['display_actions'] as $action) { $display[] = Util::htmlspecialchars($action, ENT_QUOTES); } } if (!empty($_POST['display_boards'])) { foreach ($_POST['display_boards'] as $board) { $display[] = 'b' . (int) substr($board, 1); } } if (!empty($_POST['display_pages'])) { foreach ($_POST['display_pages'] as $page) { $display[] = 'p' . (int) substr($page, 1); } } if (!empty($_POST['display_custom'])) { $custom = array(); $temp = explode(',', $_POST['display_custom']); foreach ($temp as $action) { $custom[] = Util::htmlspecialchars(Util::htmltrim($action), ENT_QUOTES); } } $display = empty($display) ? '' : implode(',', $display); if (!allowedTo('admin_forum') && isset($current_data['display_custom']) && substr($current_data['display_custom'], 0, 4) === '$php') { $custom = $current_data['display_custom']; } elseif (!empty($_POST['display_custom'])) { if (allowedTo('admin_forum') && substr($_POST['display_custom'], 0, 4) === '$php') { $custom = Util::htmlspecialchars($_POST['display_custom'], ENT_QUOTES); } else { $custom = array(); $temp = explode(',', $_POST['display_custom']); foreach ($temp as $action) { $custom[] = Util::htmlspecialchars($action, ENT_QUOTES); } $custom = empty($custom) ? '' : implode(',', $custom); } } else { $custom = ''; } } $blockInfo = array('id' => (int) $_POST['block_id'], 'label' => Util::htmlspecialchars($_POST['block_name'], ENT_QUOTES), 'type' => $_POST['block_type'], 'col' => $_POST['block_column'], 'row' => $row, 'permissions' => (int) $_POST['permissions'], 'state' => !empty($_POST['block_active']) ? 1 : 0, 'force_view' => !empty($_POST['block_force']) ? 1 : 0, 'mobile_view' => !empty($_POST['block_mobile']) ? 1 : 0, 'display' => $display, 'display_custom' => $custom, 'style' => sportal_parse_style('implode')); // Insert a new block in to the portal if ($context['SPortal']['is_new']) { unset($blockInfo['id']); $blockInfo['id'] = sp_block_insert($blockInfo); } else { sp_block_update($blockInfo); } // Save any parameters for the block if (!empty($_POST['parameters'])) { sp_block_insert_parameters($_POST['parameters'], $blockInfo['id']); } redirectexit('action=admin;area=portalblocks'); } }
function shd_admin_canned_editreply() { global $context, $smcFunc, $txt, $sourcedir, $scripturl; require_once $sourcedir . '/Subs-Editor.php'; require_once $sourcedir . '/Subs-Post.php'; $context['page_title'] = $txt['shd_admin_cannedreplies_editreply']; $context['sub_template'] = 'shd_edit_canned_reply'; $_REQUEST['reply'] = isset($_REQUEST['reply']) ? (int) $_REQUEST['reply'] : 0; $query = $smcFunc['db_query']('', ' SELECT hdcr.title, hdcr.body, hdcr.vis_user, hdcr.vis_staff, hdcr.active, hdcr.id_cat FROM {db_prefix}helpdesk_cannedreplies AS hdcr WHERE id_reply = {int:reply}', array('reply' => $_REQUEST['reply'])); if ($smcFunc['db_num_rows']($query) == 0) { $smcFunc['db_free_result']($query); fatal_lang_error('shd_admin_cannedreplies_thereplyisalie', false); } $row = $smcFunc['db_fetch_assoc']($query); $smcFunc['db_free_result']($query); $context['canned_reply'] = array('id' => $_REQUEST['reply'], 'title' => $row['title'], 'body' => un_preparsecode($row['body']), 'active' => !empty($row['active']), 'vis_user' => !empty($row['vis_user']), 'vis_staff' => !empty($row['vis_staff']), 'cat' => $row['id_cat'], 'depts_selected' => array(), 'depts_available' => array()); // Now we need to get the possible departments. $query = $smcFunc['db_query']('', ' SELECT id_dept, dept_name FROM {db_prefix}helpdesk_depts ORDER BY dept_order'); while ($row = $smcFunc['db_fetch_assoc']($query)) { $context['canned_reply']['depts_available'][$row['id_dept']] = $row['dept_name']; } $smcFunc['db_free_result']($query); // Now any departments this reply is attached to. $query = $smcFunc['db_query']('', ' SELECT hdcrd.id_dept FROM {db_prefix}helpdesk_cannedreplies_depts AS hdcrd WHERE hdcrd.id_reply = {int:reply}', array('reply' => $_REQUEST['reply'])); while ($row = $smcFunc['db_fetch_assoc']($query)) { $context['canned_reply']['depts_selected'][] = $row['id_dept']; } $smcFunc['db_free_result']($query); checkSubmitOnce('register'); $editorOptions = array('id' => 'shd_canned_reply', 'value' => $context['canned_reply']['body'], 'labels' => array('post_button' => $txt['shd_admin_cannedreplies_editreply']), 'preview_type' => 0, 'width' => '70%', 'disable_smiley_box' => false); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; }
/** * Interface for adding/editing a page */ public function action_sportal_admin_page_edit() { global $txt, $context, $options; $context['SPortal']['is_new'] = empty($_REQUEST['page_id']); $pages_errors = Error_Context::context('pages', 0); // Some help will be needed require_once SUBSDIR . '/Editor.subs.php'; require_once SUBSDIR . '/Post.subs.php'; // Convert this to BBC? if (!empty($_REQUEST['content_mode']) && $_POST['type'] === 'bbc') { require_once SUBSDIR . 'Html2BBC.class.php'; $bbc_converter = new Convert_BBC($_REQUEST['content']); $_REQUEST['content'] = $bbc_converter->get_bbc(); $_REQUEST['content'] = un_htmlspecialchars($_REQUEST['content']); $_POST['content'] = $_REQUEST['content']; } // Load in the blocks that can be used on a page $this->blocks = getBlockInfo(); $context['page_blocks'] = $this->_sportal_admin_page_load_blocks(); // Saving the work? if (!empty($_POST['submit']) && !$pages_errors->hasErrors()) { checkSession(); $this->_sportal_admin_page_edit_save(); } // Doing a quick look before you save or you messed up? if (!empty($_POST['preview']) || $pages_errors->hasErrors()) { $context['SPortal']['page'] = array('id' => $_POST['page_id'], 'page_id' => $_POST['namespace'], 'title' => Util::htmlspecialchars($_POST['title'], ENT_QUOTES), 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permissions' => $_POST['permissions'], 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status'])); // Fix up bbc errors before we go to the preview if ($context['SPortal']['page']['type'] == 'bbc') { preparsecode($context['SPortal']['page']['body']); } loadTemplate('PortalPages'); // Showing errors or a preview? if ($pages_errors->hasErrors()) { $context['pages_errors'] = array('errors' => $pages_errors->prepareErrors(), 'type' => $pages_errors->getErrorType() == 0 ? 'minor' : 'serious', 'title' => $txt['sp_form_errors_detected']); } else { $context['SPortal']['preview'] = true; } } elseif ($context['SPortal']['is_new']) { $context['SPortal']['page'] = array('id' => 0, 'page_id' => 'page' . mt_rand(1, 5000), 'title' => $txt['sp_pages_default_title'], 'body' => '', 'type' => 'bbc', 'permissions' => 3, 'style' => '', 'status' => 1); } else { $_REQUEST['page_id'] = (int) $_REQUEST['page_id']; $context['SPortal']['page'] = sportal_get_pages($_REQUEST['page_id']); } if ($context['SPortal']['page']['type'] === 'bbc') { $context['SPortal']['page']['body'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), un_preparsecode($context['SPortal']['page']['body'])); } // Set up the editor, values, initial state, etc if ($context['SPortal']['page']['type'] !== 'bbc') { // No wizzy mode if they don't need it $temp_editor = !empty($options['wysiwyg_default']); $options['wysiwyg_default'] = false; } $editorOptions = array('id' => 'content', 'value' => $context['SPortal']['page']['body'], 'width' => '100%', 'height' => '225px', 'preview_type' => 2); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; if (isset($temp_editor)) { $options['wysiwyg_default'] = $temp_editor; } // Set the editor box as needed (editor or textbox, etc) addInlineJavascript(' $(window).load(function() { diewithfire = window.setTimeout(function() {sp_update_editor("' . $context['SPortal']['page']['type'] . '", "");}, 200); }); '); // Permissions $context['SPortal']['page']['permission_profiles'] = sportal_get_profiles(null, 1, 'name'); if (empty($context['SPortal']['page']['permission_profiles'])) { fatal_lang_error('error_sp_no_permission_profiles', false); } // And for the template $context['SPortal']['page']['style'] = sportal_parse_style('explode', $context['SPortal']['page']['style'], !empty($context['SPortal']['preview'])); $context['SPortal']['page']['body'] = sportal_parse_content($context['SPortal']['page']['body'], $context['SPortal']['page']['type'], 'return'); $context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp_admin_pages_add'] : $txt['sp_admin_pages_edit']; $context['sub_template'] = 'pages_edit'; }
function char_sheet_edit() { global $context, $txt, $smcFunc, $scripturl, $sourcedir; // First, get rid of people shouldn't have a sheet at all - the OOC characters if ($context['character']['is_main']) { redirectexit('action=profile;u=' . $context['id_member'] . ';area=characters;char=' . $context['character']['id_character']); } // Then if we're looking at a character who doesn't have an approved one // and the user couldn't see it... you are the weakest link, goodbye. if (empty($context['character']['char_sheet']) && empty($context['user']['is_owner']) && !allowedTo('admin_forum')) { redirectexit('action=profile;u=' . $context['id_member'] . ';area=characters;char=' . $context['character']['id_character']); } $request = $smcFunc['db_query']('', ' SELECT id_version, sheet_text, created_time, id_approver, approved_time, approval_state FROM {db_prefix}character_sheet_versions WHERE id_character = {int:character} ORDER BY id_version DESC LIMIT 1', array('character' => $context['character']['id_character'])); if ($smcFunc['db_num_rows']($request) > 0) { $context['character']['sheet_details'] = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); } // Make an editor box require_once $sourcedir . '/Subs-Post.php'; require_once $sourcedir . '/Subs-Editor.php'; if (isset($_POST['message'])) { // Are we saving? Let's see if session's legit first. checkSession(); // Then try to get some content. $message = $smcFunc['htmlspecialchars']($_POST['message'], ENT_QUOTES); preparsecode($message); if (!empty($message)) { // So we have a character sheet. Let's do a comparison against // the last character sheet saved just in case the user did something // a little bit weird/silly. if (empty($context['character']['sheet_details']['sheet_text']) || $message != $context['character']['sheet_details']['sheet_text']) { // It's different, good. So insert it, making it await approval. $smcFunc['db_insert']('insert', '{db_prefix}character_sheet_versions', array('sheet_text' => 'string', 'id_character' => 'int', 'id_member' => 'int', 'created_time' => 'int', 'id_approver' => 'int', 'approved_time' => 'int', 'approval_state' => 'int'), array($message, $context['character']['id_character'], $context['user']['id'], time(), 0, 0, 0), array('id_version')); // Mark previous versions of the character sheet as not awaited approval. mark_char_sheets_unapproved($context['character']['id_character']); } } redirectexit('action=profile;u=' . $context['id_member'] . ';area=characters;char=' . $context['character']['id_character'] . ';sa=sheet'); } // Now create the editor. $editorOptions = array('id' => 'message', 'value' => !empty($context['character']['sheet_details']['sheet_text']) ? un_preparsecode($context['character']['sheet_details']['sheet_text']) : '', 'labels' => array('post_button' => $txt['save']), 'height' => '500px', 'width' => '100%', 'preview_type' => 0, 'required' => true); create_control_richedit($editorOptions); load_char_sheet_templates(); // Now fetch the comments $context['sheet_comments'] = []; if (!empty($context['character']['sheet_details']['created_time']) && empty($context['character']['sheet_details']['id_approver'])) { $request = $smcFunc['db_query']('', ' SELECT id_comment, id_author, mem.real_name, time_posted, sheet_comment FROM {db_prefix}character_sheet_comments AS csc LEFT JOIN {db_prefix}members AS mem ON (csc.id_author = mem.id_member) WHERE id_character = {int:character} AND time_posted > {int:last_approved_time} ORDER BY NULL', array('character' => $context['character']['id_character'], 'last_approved_time' => $context['character']['sheet_details']['created_time'])); while ($row = $smcFunc['db_fetch_assoc']($request)) { if (empty($row['real_name'])) { $row['real_name'] = $txt['char_unknown']; } $context['sheet_comments'][$row['id_comment']] = $row; } $smcFunc['db_free_result']($request); krsort($context['sheet_comments']); } $context['page_title'] = $txt['char_sheet'] . ' - ' . $context['character']['character_name']; $context['sub_template'] = 'char_sheet_edit'; }
function EditTopic() { global $txt, $context, $smcFunc, $mbname, $sourcedir, $modSettings; // Load the edit topic template $context['sub_template'] = 'edittopic'; // Set the page title $context['page_title'] = $mbname . ' - ' . $txt['welcome_edittopic']; // Get the Topic ID $id = (int) $_REQUEST['id']; $request = $smcFunc['db_query']('', "\n\tSELECT \n\t\tID, welcomesubject, welcomebody\n\tFROM {db_prefix}welcome\n\tWHERE ID = {$id} LIMIT 1"); $row = $smcFunc['db_fetch_assoc']($request); $context['welcome_topic'] = array('ID' => $row['ID'], 'SUBJECT' => $row['welcomesubject'], 'BODY' => $row['welcomebody']); $smcFunc['db_free_result']($request); // Check if spellchecking is both enabled and actually working. $context['show_spellchecking'] = !empty($modSettings['enableSpellChecking']) && function_exists('pspell_new'); // Needed for the WYSIWYG editor. require_once $sourcedir . '/Subs-Editor.php'; // Now create the editor. $editorOptions = array('id' => 'topicbody', 'value' => $context['welcome_topic']['BODY'], 'width' => '90%', 'form' => 'cprofile', 'labels' => array('addtopic' => '')); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; }
function shd_postbox($id, $message, $buttons, $width = '70%') { global $context, $txt, $modSettings; $editorOptions = array('id' => $id, 'value' => $message, 'labels' => $buttons, 'preview_type' => 0, 'width' => $width, 'disable_smiley_box' => empty($modSettings['shd_allow_ticket_bbc']) || $context['ticket_form']['disable_smileys']); if (empty($modSettings['shd_allow_ticket_bbc'])) { $modSettings['disable_wysiwyg'] = 1; } // Hide any disabled tags. if (!empty($modSettings['shd_enabled_bbc'])) { $enabled_tags = explode(',', $modSettings['shd_enabled_bbc']); $disabled_tags = array(); // Loop through all the tags there are in this forum, and and each disabled tag to our 'hide-list'. foreach (parse_bbc(false) as $tag) { if (!in_array($tag['tag'], $enabled_tags) || $modSettings['shd_enabled_bbc'] == 'shd_all_tags_disabled') { $disabled_tags[] = $tag['tag']; } } // Add them to the editors hide var. $modSettings['disabledBBC'] = implode(',', $disabled_tags); } create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; // Are there any restrictions on uploading attachments? $context['allowed_extensions'] = strtr($modSettings['attachmentExtensions'], array(',' => ', ')); $context['attachment_restrictions'] = array(); if (!empty($modSettings['attachmentNumPerPostLimit']) && $modSettings['shd_attachments_mode'] != 'ticket') { $context['attachment_restrictions'][] = sprintf($txt['attach_restrict_attachmentNumPerPostLimit'], $modSettings['attachmentNumPerPostLimit']); } if (!empty($modSettings['attachmentPostLimit']) && $modSettings['shd_attachments_mode'] != 'ticket') { $context['attachment_restrictions'][] = sprintf($txt['attach_restrict_attachmentPostLimit'], $modSettings['attachmentPostLimit']); } if (!empty($modSettings['attachmentSizeLimit'])) { $context['attachment_restrictions'][] = sprintf($txt['attach_restrict_attachmentSizeLimit'], $modSettings['attachmentSizeLimit']); } }
function sportal_admin_block_edit() { global $txt, $context, $modSettings, $smcFunc, $sourcedir, $boarddir, $boards; // Just in case, the admin could be doing something silly like editing a SP block while SP it disabled. ;) require_once $sourcedir . '/PortalBlocks.php'; $context['SPortal']['is_new'] = empty($_REQUEST['block_id']); // BBC Fix move the parameter to the correct position. if (!empty($_POST['bbc_name'])) { $_POST['parameters'][$_POST['bbc_name']] = !empty($_POST[$_POST['bbc_parameter']]) ? $_POST[$_POST['bbc_parameter']] : ''; // If we came from WYSIWYG then turn it back into BBC regardless. if (!empty($_REQUEST['bbc_' . $_POST['bbc_name'] . '_mode']) && isset($_POST['parameters'][$_POST['bbc_name']])) { require_once $sourcedir . '/Subs-Editor.php'; $_POST['parameters'][$_POST['bbc_name']] = html_to_bbc($_POST['parameters'][$_POST['bbc_name']]); // We need to unhtml it now as it gets done shortly. $_POST['parameters'][$_POST['bbc_name']] = un_htmlspecialchars($_POST['parameters'][$_POST['bbc_name']]); // We need this for everything else. $_POST['parameters'][$_POST['bbc_name']] = $_POST['parameters'][$_POST['bbc_name']]; } } // Passing the selected type via $_GET instead of $_POST? $start_parameters = array(); if (!empty($_GET['selected_type']) && empty($_POST['selected_type'])) { $_POST['selected_type'] = array($_GET['selected_type']); if (!empty($_GET['parameters'])) { foreach ($_GET['parameters'] as $param) { if (isset($_GET[$param])) { $start_parameters[$param] = $_GET[$param]; } } } } if ($context['SPortal']['is_new'] && empty($_POST['selected_type']) && empty($_POST['add_block'])) { $context['SPortal']['block_types'] = getFunctionInfo(); if (!empty($_REQUEST['col'])) { $context['SPortal']['block']['column'] = $_REQUEST['col']; } $context['sub_template'] = 'block_select_type'; $context['page_title'] = $txt['sp-blocksAdd']; } elseif ($context['SPortal']['is_new'] && !empty($_POST['selected_type'])) { $context['SPortal']['block'] = array('id' => 0, 'label' => $txt['sp-blocksDefaultLabel'], 'type' => $_POST['selected_type'][0], 'type_text' => !empty($txt['sp_function_' . $_POST['selected_type'][0] . '_label']) ? $txt['sp_function_' . $_POST['selected_type'][0] . '_label'] : $txt['sp_function_unknown_label'], 'column' => !empty($_POST['block_column']) ? $_POST['block_column'] : 0, 'row' => 0, 'permission_set' => 3, 'groups_allowed' => array(), 'groups_denied' => array(), 'state' => 1, 'force_view' => 0, 'display' => '', 'display_custom' => '', 'style' => '', 'parameters' => !empty($start_parameters) ? $start_parameters : array(), 'options' => $_POST['selected_type'][0](array(), false, true), 'list_blocks' => !empty($_POST['block_column']) ? getBlockInfo($_POST['block_column']) : array()); } elseif (!$context['SPortal']['is_new'] && empty($_POST['add_block'])) { $_REQUEST['block_id'] = (int) $_REQUEST['block_id']; $context['SPortal']['block'] = current(getBlockInfo(null, $_REQUEST['block_id'])); $context['SPortal']['block'] += array('options' => $context['SPortal']['block']['type'](array(), false, true), 'list_blocks' => getBlockInfo($context['SPortal']['block']['column'])); } if (!empty($_POST['preview_block'])) { // Just in case, the admin could be doing something silly like editing a SP block while SP it disabled. ;) require_once $boarddir . '/SSI.php'; sportal_init_headers(); loadTemplate('Portal'); $type_parameters = $_POST['block_type'](array(), 0, true); if (!empty($_POST['parameters']) && is_array($_POST['parameters']) && !empty($type_parameters)) { foreach ($type_parameters as $name => $type) { if (isset($_POST['parameters'][$name])) { if ($type == 'bbc') { $parameter['value'] = $_POST['parameters'][$name]; require_once $sourcedir . '/Subs-Post.php'; $parameter['value'] = $smcFunc['htmlspecialchars']($parameter['value'], ENT_QUOTES); preparsecode($parameter['value']); $_POST['parameters'][$name] = $parameter['value']; } elseif ($type == 'boards' || $type == 'board_select') { $_POST['parameters'][$name] = is_array($_POST['parameters'][$name]) ? implode('|', $_POST['parameters'][$name]) : $_POST['parameters'][$name]; } elseif ($type == 'int' || $type == 'select') { $_POST['parameters'][$name] = (int) $_POST['parameters'][$name]; } elseif ($type == 'text' || $type == 'textarea' || is_array($type)) { $_POST['parameters'][$name] = $smcFunc['htmlspecialchars']($_POST['parameters'][$name], ENT_QUOTES); } elseif ($type == 'check') { $_POST['parameters'][$name] = !empty($_POST['parameters'][$name]) ? 1 : 0; } } } } else { $_POST['parameters'] = array(); } if (empty($_POST['display_advanced'])) { if (!empty($_POST['display_simple']) && in_array($_POST['display_simple'], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages'))) { $display = $_POST['display_simple']; } else { $display = ''; } $custom = ''; } else { $display = array(); $custom = array(); if (!empty($_POST['display_actions'])) { foreach ($_POST['display_actions'] as $action) { $display[] = $smcFunc['htmlspecialchars']($action, ENT_QUOTES); } } if (!empty($_POST['display_boards'])) { foreach ($_POST['display_boards'] as $board) { $display[] = 'b' . (int) substr($board, 1); } } if (!empty($_POST['display_pages'])) { foreach ($_POST['display_pages'] as $page) { $display[] = 'p' . (int) substr($page, 1); } } if (!empty($_POST['display_custom'])) { $temp = explode(',', $_POST['display_custom']); foreach ($temp as $action) { $custom[] = $smcFunc['htmlspecialchars']($smcFunc['htmltrim']($action), ENT_QUOTES); } } $display = empty($display) ? '' : implode(',', $display); $custom = empty($custom) ? '' : implode(',', $custom); } $permission_set = 0; $groups_allowed = $groups_denied = array(); if (!empty($_POST['permission_set'])) { $permission_set = (int) $_POST['permission_set']; } elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) { foreach ($_POST['membergroups'] as $id => $value) { if ($value == 1) { $groups_allowed[] = (int) $id; } elseif ($value == -1) { $groups_denied[] = (int) $id; } } } $context['SPortal']['block'] = array('id' => $_POST['block_id'], 'label' => $smcFunc['htmlspecialchars']($_POST['block_name'], ENT_QUOTES), 'type' => $_POST['block_type'], 'type_text' => !empty($txt['sp_function_' . $_POST['block_type'] . '_label']) ? $txt['sp_function_' . $_POST['block_type'] . '_label'] : $txt['sp_function_unknown_label'], 'column' => $_POST['block_column'], 'row' => !empty($_POST['block_row']) ? $_POST['block_row'] : 0, 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'state' => !empty($_POST['block_active']), 'force_view' => !empty($_POST['block_force']), 'display' => $display, 'display_custom' => $custom, 'style' => sportal_parse_style('implode'), 'parameters' => !empty($_POST['parameters']) ? $_POST['parameters'] : array(), 'options' => $_POST['block_type'](array(), false, true), 'list_blocks' => getBlockInfo($_POST['block_column']), 'collapsed' => false); if (strpos($modSettings['leftwidth'], '%') !== false || strpos($modSettings['leftwidth'], 'px') !== false) { $context['widths'][1] = $modSettings['leftwidth']; } else { $context['widths'][1] = $modSettings['leftwidth'] . 'px'; } if (strpos($modSettings['rightwidth'], '%') !== false || strpos($modSettings['rightwidth'], 'px') !== false) { $context['widths'][4] = $modSettings['rightwidth']; } else { $context['widths'][4] = $modSettings['rightwidth'] . 'px'; } if (strpos($context['widths'][1], '%') !== false) { $context['widths'][2] = $context['widths'][3] = 100 - ($context['widths'][1] + $context['widths'][4]) . '%'; } elseif (strpos($context['widths'][1], 'px') !== false) { $context['widths'][2] = $context['widths'][3] = 960 - ($context['widths'][1] + $context['widths'][4]) . 'px'; } if (strpos($context['widths'][1], '%') !== false) { $context['widths'][2] = $context['widths'][3] = 100 - ($context['widths'][1] + $context['widths'][4]) . '%'; $context['widths'][5] = $context['widths'][6] = '100%'; } elseif (strpos($context['widths'][1], 'px') !== false) { $context['widths'][2] = $context['widths'][3] = 960 - ($context['widths'][1] + $context['widths'][4]) . 'px'; $context['widths'][5] = $context['widths'][6] = '960px'; } $context['SPortal']['preview'] = true; } if (!empty($_POST['selected_type']) || !empty($_POST['preview_block']) || !$context['SPortal']['is_new'] && empty($_POST['add_block'])) { if ($context['SPortal']['block']['type'] == 'sp_php' && !allowedTo('admin_forum')) { fatal_lang_error('cannot_admin_forum', false); } $context['html_headers'] .= ' <script language="JavaScript" type="text/javascript"><!-- // --><![CDATA[ function sp_collapseObject(id) { mode = document.getElementById("sp_object_" + id).style.display == "" ? 0 : 1; document.getElementById("sp_collapse_" + id).src = smf_images_url + (mode ? "/collapse.gif" : "/expand.gif"); document.getElementById("sp_object_" + id).style.display = mode ? "" : "none"; } // ]]></script>'; loadLanguage('SPortalHelp', sp_languageSelect('SPortalHelp')); $context['SPortal']['block']['groups'] = sp_load_membergroups(); $context['simple_actions'] = array('sportal' => $txt['sp-portal'], 'sforum' => $txt['sp-forum'], 'allaction' => $txt['sp-blocksOptionAllActions'], 'allboard' => $txt['sp-blocksOptionAllBoards'], 'allpages' => $txt['sp-blocksOptionAllPages'], 'all' => $txt['sp-blocksOptionEverywhere']); $context['display_actions'] = array('portal' => $txt['sp-portal'], 'forum' => $txt['sp-forum'], 'recent' => $txt['recent_posts'], 'unread' => $txt['unread_topics_visit'], 'unreadreplies' => $txt['unread_replies'], 'profile' => $txt['profile'], 'pm' => $txt['pm_short'], 'calendar' => $txt['calendar'], 'admin' => $txt['admin'], 'login' => $txt['login'], 'register' => $txt['register'], 'post' => $txt['post'], 'stats' => $txt['forum_stats'], 'search' => $txt['search'], 'mlist' => $txt['members_list'], 'moderate' => $txt['moderate'], 'help' => $txt['help'], 'who' => $txt['who_title']); $request = $smcFunc['db_query']('', ' SELECT id_board, name FROM {db_prefix}boards ORDER BY name DESC'); $context['display_boards'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['display_boards']['b' . $row['id_board']] = $row['name']; } $smcFunc['db_free_result']($request); $request = $smcFunc['db_query']('', ' SELECT id_page, title FROM {db_prefix}sp_pages ORDER BY title DESC'); $context['display_pages'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['display_pages']['p' . $row['id_page']] = $row['title']; } $smcFunc['db_free_result']($request); if (empty($context['SPortal']['block']['display'])) { $context['SPortal']['block']['display'] = array('0'); } else { $context['SPortal']['block']['display'] = explode(',', $context['SPortal']['block']['display']); } if (in_array($context['SPortal']['block']['display'][0], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages')) || $context['SPortal']['is_new'] || empty($context['SPortal']['block']['display'][0]) && empty($context['SPortal']['block']['display_custom'])) { $context['SPortal']['block']['display_type'] = 0; } else { $context['SPortal']['block']['display_type'] = 1; } $context['SPortal']['block']['style'] = sportal_parse_style('explode', $context['SPortal']['block']['style'], !empty($context['SPortal']['preview'])); // Prepare the Textcontent for BBC, only the first bbc will be correct detected! (SMF Support only 1 per page with the standard function) $firstBBCFound = false; foreach ($context['SPortal']['block']['options'] as $name => $type) { // Selectable Boards :D if ($type == 'board_select' || $type == 'boards') { if (empty($boards)) { require_once $sourcedir . '/Subs-Boards.php'; getBoardTree(); } // Merge the array ;). (Only in 2.0 needed) if (!isset($context['SPortal']['block']['parameters'][$name])) { $context['SPortal']['block']['parameters'][$name] = array(); } elseif (!empty($context['SPortal']['block']['parameters'][$name]) && is_array($context['SPortal']['block']['parameters'][$name])) { $context['SPortal']['block']['parameters'][$name] = implode('|', $context['SPortal']['block']['parameters'][$name]); } $context['SPortal']['block']['board_options'][$name] = array(); $config_variable = !empty($context['SPortal']['block']['parameters'][$name]) ? $context['SPortal']['block']['parameters'][$name] : array(); $config_variable = !is_array($config_variable) ? explode('|', $config_variable) : $config_variable; $context['SPortal']['block']['board_options'][$name] = array(); // Create the list for this Item foreach ($boards as $board) { if (!empty($board['redirect'])) { // Ignore the redirected boards :) continue; } $context['SPortal']['block']['board_options'][$name][$board['id']] = array('value' => $board['id'], 'text' => $board['name'], 'selected' => in_array($board['id'], $config_variable)); } } elseif ($type == 'bbc') { // SMF support only one bbc correct, multiple bbc do not work at the moment if (!$firstBBCFound) { $firstBBCFound = true; // Start SMF BBC Sytem :) require_once $sourcedir . '/Subs-Editor.php'; // Prepare the output :D $form_message = !empty($context['SPortal']['block']['parameters'][$name]) ? $context['SPortal']['block']['parameters'][$name] : ''; // But if it's in HTML world, turn them into htmlspecialchar's so they can be edited! if (strpos($form_message, '[html]') !== false) { $parts = preg_split('~(\\[/code\\]|\\[code(?:=[^\\]]+)?\\])~i', $form_message, -1, PREG_SPLIT_DELIM_CAPTURE); for ($i = 0, $n = count($parts); $i < $n; $i++) { // It goes 0 = outside, 1 = begin tag, 2 = inside, 3 = close tag, repeat. if ($i % 4 == 0) { $parts[$i] = preg_replace('~\\[html\\](.+?)\\[/html\\]~ise', '\'[html]\' . preg_replace(\'~<br\\s?/?>~i\', \'<br /><br />\', \'$1\') . \'[/html]\'', $parts[$i]); } } $form_message = implode('', $parts); } $form_message = preg_replace('~<br(?: /)?' . '>~i', "\n", $form_message); // Prepare the data before i want them inside the textarea $form_message = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), $form_message); $context['SPortal']['bbc'] = 'bbc_' . $name; $message_data = array('id' => $context['SPortal']['bbc'], 'width' => '95%', 'height' => '200px', 'value' => $form_message, 'form' => 'sp_block'); // Run the SMF bbc editor rutine create_control_richedit($message_data); // Store the updated data on the parameters $context['SPortal']['block']['parameters'][$name] = $form_message; } else { $context['SPortal']['block']['options'][$name] = 'textarea'; } } } $context['sub_template'] = 'block_edit'; $context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp-blocksAdd'] : $txt['sp-blocksEdit']; } if (!empty($_POST['add_block'])) { if ($_POST['block_type'] == 'sp_php' && !allowedTo('admin_forum')) { fatal_lang_error('cannot_admin_forum', false); } if (!isset($_POST['block_name']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['block_name']), ENT_QUOTES) === '') { fatal_lang_error('error_sp_name_empty', false); } if ($_POST['block_type'] == 'sp_php' && !empty($_POST['parameters']['content']) && empty($modSettings['sp_disable_php_validation'])) { $error = sp_validate_php($_POST['parameters']['content']); if ($error) { fatal_lang_error('error_sp_php_' . $error, false); } } if (!empty($_REQUEST['block_id'])) { $current_data = current(getBlockInfo(null, $_REQUEST['block_id'])); } if (!empty($_POST['placement']) && ($_POST['placement'] == 'before' || $_POST['placement'] == 'after')) { if (!empty($current_data)) { $current_row = $current_data['row']; } else { $current_row = null; } if ($_POST['placement'] == 'before') { $row = (int) $_POST['block_row']; } else { $row = (int) $_POST['block_row'] + 1; } if (!empty($current_row) && $row > $current_row) { $row = $row - 1; $smcFunc['db_query']('', ' UPDATE {db_prefix}sp_blocks SET row = row - 1 WHERE col = {int:col} AND row > {int:start} AND row <= {int:end}', array('col' => (int) $_POST['block_column'], 'start' => $current_row, 'end' => $row)); } else { $smcFunc['db_query']('', ' UPDATE {db_prefix}sp_blocks SET row = row + 1 WHERE col = {int:col} AND row >= {int:start}' . (!empty($current_row) ? ' AND row < {int:end}' : ''), array('col' => (int) $_POST['block_column'], 'start' => $row, 'end' => !empty($current_row) ? $current_row : 0)); } } elseif (!empty($_POST['placement']) && $_POST['placement'] == 'nochange') { $row = 0; } else { $request = $smcFunc['db_query']('', ' SELECT row FROM {db_prefix}sp_blocks WHERE col = {int:col}' . (!empty($_REQUEST['block_id']) ? ' AND id_block != {int:current_id}' : '') . ' ORDER BY row DESC LIMIT 1', array('col' => $_POST['block_column'], 'current_id' => $_REQUEST['block_id'])); list($row) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); $row = $row + 1; } $type_parameters = $_POST['block_type'](array(), 0, true); if (!empty($_POST['parameters']) && is_array($_POST['parameters']) && !empty($type_parameters)) { foreach ($type_parameters as $name => $type) { if (isset($_POST['parameters'][$name])) { // Prepare BBC Content for SMF 2 special case =D if ($type == 'bbc') { $parameter['value'] = $_POST['parameters'][$name]; require_once $sourcedir . '/Subs-Post.php'; // Prepare the message a bit for some additional testing. $parameter['value'] = $smcFunc['htmlspecialchars']($parameter['value'], ENT_QUOTES); preparsecode($parameter['value']); //Store now the correct and fixed value ;) $_POST['parameters'][$name] = $parameter['value']; } elseif ($type == 'boards' || $type == 'board_select') { $_POST['parameters'][$name] = is_array($_POST['parameters'][$name]) ? implode('|', $_POST['parameters'][$name]) : $_POST['parameters'][$name]; } elseif ($type == 'int' || $type == 'select') { $_POST['parameters'][$name] = (int) $_POST['parameters'][$name]; } elseif ($type == 'text' || $type == 'textarea' || is_array($type)) { $_POST['parameters'][$name] = $smcFunc['htmlspecialchars']($_POST['parameters'][$name], ENT_QUOTES); } elseif ($type == 'check') { $_POST['parameters'][$name] = !empty($_POST['parameters'][$name]) ? 1 : 0; } } } } else { $_POST['parameters'] = array(); } $permission_set = 0; $groups_allowed = $groups_denied = ''; if (!empty($_POST['permission_set'])) { $permission_set = (int) $_POST['permission_set']; } elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) { $groups_allowed = $groups_denied = array(); foreach ($_POST['membergroups'] as $id => $value) { if ($value == 1) { $groups_allowed[] = (int) $id; } elseif ($value == -1) { $groups_denied[] = (int) $id; } } $groups_allowed = implode(',', $groups_allowed); $groups_denied = implode(',', $groups_denied); } if (empty($_POST['display_advanced'])) { if (!empty($_POST['display_simple']) && in_array($_POST['display_simple'], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages'))) { $display = $_POST['display_simple']; } else { $display = ''; } $custom = ''; } else { $display = array(); if (!empty($_POST['display_actions'])) { foreach ($_POST['display_actions'] as $action) { $display[] = $smcFunc['htmlspecialchars']($action, ENT_QUOTES); } } if (!empty($_POST['display_boards'])) { foreach ($_POST['display_boards'] as $board) { $display[] = 'b' . (int) substr($board, 1); } } if (!empty($_POST['display_pages'])) { foreach ($_POST['display_pages'] as $page) { $display[] = 'p' . (int) substr($page, 1); } } if (!empty($_POST['display_custom'])) { $temp = explode(',', $_POST['display_custom']); foreach ($temp as $action) { $custom[] = $smcFunc['htmlspecialchars']($smcFunc['htmltrim']($action), ENT_QUOTES); } } $display = empty($display) ? '' : implode(',', $display); if (!allowedTo('admin_forum') && isset($current_data['display_custom']) && substr($current_data['display_custom'], 0, 4) === '$php') { $custom = $current_data['display_custom']; } elseif (!empty($_POST['display_custom'])) { if (allowedTo('admin_forum') && substr($_POST['display_custom'], 0, 4) === '$php') { $custom = $smcFunc['htmlspecialchars']($_POST['display_custom'], ENT_QUOTES); } else { $custom = array(); $temp = explode(',', $_POST['display_custom']); foreach ($temp as $action) { $custom[] = $smcFunc['htmlspecialchars']($action, ENT_QUOTES); } $custom = empty($custom) ? '' : implode(',', $custom); } } else { $custom = ''; } } $blockInfo = array('id' => (int) $_POST['block_id'], 'label' => $smcFunc['htmlspecialchars']($_POST['block_name'], ENT_QUOTES), 'type' => $_POST['block_type'], 'col' => $_POST['block_column'], 'row' => $row, 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'state' => !empty($_POST['block_active']) ? 1 : 0, 'force_view' => !empty($_POST['block_force']) ? 1 : 0, 'display' => $display, 'display_custom' => $custom, 'style' => sportal_parse_style('implode')); if ($context['SPortal']['is_new']) { unset($blockInfo['id']); $smcFunc['db_insert']('', '{db_prefix}sp_blocks', array('label' => 'string', 'type' => 'string', 'col' => 'int', 'row' => 'int', 'permission_set' => 'int', 'groups_allowed' => 'string', 'groups_denied' => 'string', 'state' => 'int', 'force_view' => 'int', 'display' => 'string', 'display_custom' => 'string', 'style' => 'string'), $blockInfo, array('id_block')); $blockInfo['id'] = $smcFunc['db_insert_id']('{db_prefix}sp_blocks', 'id_block'); } else { $block_fields = array("label = {string:label}", "permission_set = {int:permission_set}", "groups_allowed = {string:groups_allowed}", "groups_denied = {string:groups_denied}", "state = {int:state}", "force_view = {int:force_view}", "display = {string:display}", "display_custom = {string:display_custom}", "style = {string:style}"); if (!empty($blockInfo['row'])) { $block_fields[] = "row = {int:row}"; } else { unset($blockInfo['row']); } $smcFunc['db_query']('', ' UPDATE {db_prefix}sp_blocks SET ' . implode(', ', $block_fields) . ' WHERE id_block = {int:id}', $blockInfo); $smcFunc['db_query']('', ' DELETE FROM {db_prefix}sp_parameters WHERE id_block = {int:id}', array('id' => $blockInfo['id'])); } if (!empty($_POST['parameters'])) { $parameters = array(); foreach ($_POST['parameters'] as $variable => $value) { $parameters[] = array('id_block' => $blockInfo['id'], 'variable' => $variable, 'value' => $value); } $smcFunc['db_insert']('', '{db_prefix}sp_parameters', array('id_block' => 'int', 'variable' => 'string', 'value' => 'string'), $parameters, array()); } redirectexit('action=admin;area=portalblocks'); } }
/** * The central part of the board - topic display. * * What it does: * - This function loads the posts in a topic up so they can be displayed. * - It uses the main sub template of the Display template. * - It requires a topic, and can go to the previous or next topic from it. * - It jumps to the correct post depending on a number/time/IS_MSG passed. * - It depends on the messages_per_page, defaultMaxMessages and enableAllMessages settings. * - It is accessed by ?topic=id_topic.START. */ public function action_display() { global $scripturl, $txt, $modSettings, $context, $settings; global $options, $user_info, $board_info, $topic, $board; global $attachments, $messages_request; // What are you gonna display if these are empty?! if (empty($topic)) { fatal_lang_error('no_board', false); } // Load the template loadTemplate('Display'); $context['sub_template'] = 'messages'; // And the topic functions require_once SUBSDIR . '/Topic.subs.php'; require_once SUBSDIR . '/Messages.subs.php'; // Not only does a prefetch make things slower for the server, but it makes it impossible to know if they read it. if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch') { @ob_end_clean(); header('HTTP/1.1 403 Prefetch Forbidden'); die; } // How much are we sticking on each page? $context['messages_per_page'] = empty($modSettings['disableCustomPerPage']) && !empty($options['messages_per_page']) ? $options['messages_per_page'] : $modSettings['defaultMaxMessages']; $template_layers = Template_Layers::getInstance(); $template_layers->addEnd('messages_informations'); $includeUnapproved = !$modSettings['postmod_active'] || allowedTo('approve_posts'); // Let's do some work on what to search index. if (count($_GET) > 2) { foreach ($_GET as $k => $v) { if (!in_array($k, array('topic', 'board', 'start', session_name()))) { $context['robot_no_index'] = true; } } } if (!empty($_REQUEST['start']) && (!is_numeric($_REQUEST['start']) || $_REQUEST['start'] % $context['messages_per_page'] != 0)) { $context['robot_no_index'] = true; } // Find the previous or next topic. Make a fuss if there are no more. if (isset($_REQUEST['prev_next']) && ($_REQUEST['prev_next'] == 'prev' || $_REQUEST['prev_next'] == 'next')) { // No use in calculating the next topic if there's only one. if ($board_info['num_topics'] > 1) { $includeStickies = !empty($modSettings['enableStickyTopics']); $topic = $_REQUEST['prev_next'] === 'prev' ? previousTopic($topic, $board, $user_info['id'], $includeUnapproved, $includeStickies) : nextTopic($topic, $board, $user_info['id'], $includeUnapproved, $includeStickies); $context['current_topic'] = $topic; } // Go to the newest message on this topic. $_REQUEST['start'] = 'new'; } // Add 1 to the number of views of this topic (except for robots). if (!$user_info['possibly_robot'] && (empty($_SESSION['last_read_topic']) || $_SESSION['last_read_topic'] != $topic)) { increaseViewCounter($topic); $_SESSION['last_read_topic'] = $topic; } $topic_selects = array(); $topic_tables = array(); $topic_parameters = array('topic' => $topic, 'member' => $user_info['id'], 'board' => (int) $board); // Allow addons to add additional details to the topic query call_integration_hook('integrate_topic_query', array(&$topic_selects, &$topic_tables, &$topic_parameters)); // Load the topic details $topicinfo = getTopicInfo($topic_parameters, 'all', $topic_selects, $topic_tables); if (empty($topicinfo)) { fatal_lang_error('not_a_topic', false); } // Is this a moved topic that we are redirecting to? if (!empty($topicinfo['id_redirect_topic']) && !isset($_GET['noredir'])) { markTopicsRead(array($user_info['id'], $topic, $topicinfo['id_last_msg'], 0), $topicinfo['new_from'] !== 0); redirectexit('topic=' . $topicinfo['id_redirect_topic'] . '.0;redirfrom=' . $topicinfo['id_topic']); } $context['real_num_replies'] = $context['num_replies'] = $topicinfo['num_replies']; $context['topic_first_message'] = $topicinfo['id_first_msg']; $context['topic_last_message'] = $topicinfo['id_last_msg']; $context['topic_unwatched'] = isset($topicinfo['unwatched']) ? $topicinfo['unwatched'] : 0; if (isset($_GET['redirfrom'])) { $redir_topics = topicsList(array((int) $_GET['redirfrom'])); if (!empty($redir_topics[(int) $_GET['redirfrom']])) { $context['topic_redirected_from'] = $redir_topics[(int) $_GET['redirfrom']]; $context['topic_redirected_from']['redir_href'] = $scripturl . '?topic=' . $context['topic_redirected_from']['id_topic'] . '.0;noredir'; } } // Add up unapproved replies to get real number of replies... if ($modSettings['postmod_active'] && allowedTo('approve_posts')) { $context['real_num_replies'] += $topicinfo['unapproved_posts'] - ($topicinfo['approved'] ? 0 : 1); } // If this topic was derived from another, set the followup details if (!empty($topicinfo['derived_from'])) { require_once SUBSDIR . '/FollowUps.subs.php'; $context['topic_derived_from'] = topicStartedHere($topic, $includeUnapproved); } // If this topic has unapproved posts, we need to work out how many posts the user can see, for page indexing. if (!$includeUnapproved && $topicinfo['unapproved_posts'] && !$user_info['is_guest']) { $myUnapprovedPosts = unapprovedPosts($topic, $user_info['id']); $context['total_visible_posts'] = $context['num_replies'] + $myUnapprovedPosts + ($topicinfo['approved'] ? 1 : 0); } elseif ($user_info['is_guest']) { $context['total_visible_posts'] = $context['num_replies'] + ($topicinfo['approved'] ? 1 : 0); } else { $context['total_visible_posts'] = $context['num_replies'] + $topicinfo['unapproved_posts'] + ($topicinfo['approved'] ? 1 : 0); } // When was the last time this topic was replied to? Should we warn them about it? if (!empty($modSettings['oldTopicDays'])) { $mgsOptions = basicMessageInfo($topicinfo['id_last_msg'], true); $context['oldTopicError'] = $mgsOptions['poster_time'] + $modSettings['oldTopicDays'] * 86400 < time() && empty($topicinfo['is_sticky']); } else { $context['oldTopicError'] = false; } // The start isn't a number; it's information about what to do, where to go. if (!is_numeric($_REQUEST['start'])) { // Redirect to the page and post with new messages, originally by Omar Bazavilvazo. if ($_REQUEST['start'] == 'new') { // Guests automatically go to the last post. if ($user_info['is_guest']) { $context['start_from'] = $context['total_visible_posts'] - 1; $_REQUEST['start'] = $context['start_from']; } else { // Fall through to the next if statement. $_REQUEST['start'] = 'msg' . $topicinfo['new_from']; } } // Start from a certain time index, not a message. if (substr($_REQUEST['start'], 0, 4) == 'from') { $timestamp = (int) substr($_REQUEST['start'], 4); if ($timestamp === 0) { $_REQUEST['start'] = 0; } else { // Find the number of messages posted before said time... $context['start_from'] = countNewPosts($topic, $topicinfo, $timestamp); $_REQUEST['start'] = $context['start_from']; } } elseif (substr($_REQUEST['start'], 0, 3) == 'msg') { $virtual_msg = (int) substr($_REQUEST['start'], 3); if (!$topicinfo['unapproved_posts'] && $virtual_msg >= $topicinfo['id_last_msg']) { $context['start_from'] = $context['total_visible_posts'] - 1; } elseif (!$topicinfo['unapproved_posts'] && $virtual_msg <= $topicinfo['id_first_msg']) { $context['start_from'] = 0; } else { $only_approved = $modSettings['postmod_active'] && $topicinfo['unapproved_posts'] && !allowedTo('approve_posts'); $context['start_from'] = countMessagesBefore($topic, $virtual_msg, false, $only_approved, !$user_info['is_guest']); } // We need to reverse the start as well in this case. $_REQUEST['start'] = $context['start_from']; } } // Mark the mention as read if requested if (isset($_REQUEST['mentionread']) && !empty($virtual_msg)) { require_once CONTROLLERDIR . '/Mentions.controller.php'; $mentions = new Mentions_Controller(); $mentions->setData(array('id_mention' => $_REQUEST['item'], 'mark' => $_REQUEST['mark'])); $mentions->action_markread(); } // Create a previous next string if the selected theme has it as a selected option. if ($modSettings['enablePreviousNext']) { $context['links'] += array('go_prev' => $scripturl . '?topic=' . $topic . '.0;prev_next=prev#new', 'go_next' => $scripturl . '?topic=' . $topic . '.0;prev_next=next#new'); } // Derived from, set the link back if (!empty($context['topic_derived_from'])) { $context['links']['derived_from'] = $scripturl . '?msg=' . $context['topic_derived_from']['derived_from']; } // Check if spellchecking is both enabled and actually working. (for quick reply.) $context['show_spellchecking'] = !empty($modSettings['enableSpellChecking']) && function_exists('pspell_new'); if ($context['show_spellchecking']) { loadJavascriptFile('spellcheck.js', array('defer' => true)); } // Do we need to show the visual verification image? $context['require_verification'] = !$user_info['is_mod'] && !$user_info['is_admin'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || $user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1); if ($context['require_verification']) { require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'post'); $context['require_verification'] = create_control_verification($verificationOptions); $context['visual_verification_id'] = $verificationOptions['id']; } // Are we showing signatures - or disabled fields? $context['signature_enabled'] = substr($modSettings['signature_settings'], 0, 1) == 1; $context['disabled_fields'] = isset($modSettings['disabled_profile_fields']) ? array_flip(explode(',', $modSettings['disabled_profile_fields'])) : array(); // Censor the title... censorText($topicinfo['subject']); $context['page_title'] = $topicinfo['subject']; // Is this topic sticky, or can it even be? $topicinfo['is_sticky'] = empty($modSettings['enableStickyTopics']) ? '0' : $topicinfo['is_sticky']; // Allow addons access to the topicinfo array call_integration_hook('integrate_display_topic', array($topicinfo)); // Default this topic to not marked for notifications... of course... $context['is_marked_notify'] = false; // Did we report a post to a moderator just now? $context['report_sent'] = isset($_GET['reportsent']); if ($context['report_sent']) { $template_layers->add('report_sent'); } // Let's get nosey, who is viewing this topic? if (!empty($settings['display_who_viewing'])) { require_once SUBSDIR . '/Who.subs.php'; formatViewers($topic, 'topic'); } // If all is set, but not allowed... just unset it. $can_show_all = !empty($modSettings['enableAllMessages']) && $context['total_visible_posts'] > $context['messages_per_page'] && $context['total_visible_posts'] < $modSettings['enableAllMessages']; if (isset($_REQUEST['all']) && !$can_show_all) { unset($_REQUEST['all']); } elseif (isset($_REQUEST['all'])) { $_REQUEST['start'] = -1; } // Construct the page index, allowing for the .START method... $context['page_index'] = constructPageIndex($scripturl . '?topic=' . $topic . '.%1$d', $_REQUEST['start'], $context['total_visible_posts'], $context['messages_per_page'], true, array('all' => $can_show_all, 'all_selected' => isset($_REQUEST['all']))); $context['start'] = $_REQUEST['start']; // This is information about which page is current, and which page we're on - in case you don't like the constructed page index. (again, wireles..) $context['page_info'] = array('current_page' => $_REQUEST['start'] / $context['messages_per_page'] + 1, 'num_pages' => floor(($context['total_visible_posts'] - 1) / $context['messages_per_page']) + 1); // Figure out all the link to the next/prev $context['links'] += array('prev' => $_REQUEST['start'] >= $context['messages_per_page'] ? $scripturl . '?topic=' . $topic . '.' . ($_REQUEST['start'] - $context['messages_per_page']) : '', 'next' => $_REQUEST['start'] + $context['messages_per_page'] < $context['total_visible_posts'] ? $scripturl . '?topic=' . $topic . '.' . ($_REQUEST['start'] + $context['messages_per_page']) : ''); // If they are viewing all the posts, show all the posts, otherwise limit the number. if ($can_show_all && isset($_REQUEST['all'])) { // No limit! (actually, there is a limit, but...) $context['messages_per_page'] = -1; // Set start back to 0... $_REQUEST['start'] = 0; } // Build the link tree. $context['linktree'][] = array('url' => $scripturl . '?topic=' . $topic . '.0', 'name' => $topicinfo['subject']); // Build a list of this board's moderators. $context['moderators'] =& $board_info['moderators']; $context['link_moderators'] = array(); // Information about the current topic... $context['is_locked'] = $topicinfo['locked']; $context['is_sticky'] = $topicinfo['is_sticky']; $context['is_very_hot'] = $topicinfo['num_replies'] >= $modSettings['hotTopicVeryPosts']; $context['is_hot'] = $topicinfo['num_replies'] >= $modSettings['hotTopicPosts']; $context['is_approved'] = $topicinfo['approved']; $context['is_poll'] = $topicinfo['id_poll'] > 0 && !empty($modSettings['pollMode']) && allowedTo('poll_view'); determineTopicClass($context); // Did this user start the topic or not? $context['user']['started'] = $user_info['id'] == $topicinfo['id_member_started'] && !$user_info['is_guest']; $context['topic_starter_id'] = $topicinfo['id_member_started']; // Set the topic's information for the template. $context['subject'] = $topicinfo['subject']; $context['num_views'] = $topicinfo['num_views']; $context['num_views_text'] = $context['num_views'] == 1 ? $txt['read_one_time'] : sprintf($txt['read_many_times'], $context['num_views']); $context['mark_unread_time'] = !empty($virtual_msg) ? $virtual_msg : $topicinfo['new_from']; // Set a canonical URL for this page. $context['canonical_url'] = $scripturl . '?topic=' . $topic . '.' . $context['start']; // For quick reply we need a response prefix in the default forum language. $context['response_prefix'] = response_prefix(); // If we want to show event information in the topic, prepare the data. if (allowedTo('calendar_view') && !empty($modSettings['cal_showInTopic']) && !empty($modSettings['cal_enabled'])) { // We need events details and all that jazz require_once SUBSDIR . '/Calendar.subs.php'; // First, try create a better time format, ignoring the "time" elements. if (preg_match('~%[AaBbCcDdeGghjmuYy](?:[^%]*%[AaBbCcDdeGghjmuYy])*~', $user_info['time_format'], $matches) == 0 || empty($matches[0])) { $date_string = $user_info['time_format']; } else { $date_string = $matches[0]; } // Get event information for this topic. $events = eventInfoForTopic($topic); $context['linked_calendar_events'] = array(); foreach ($events as $event) { // Prepare the dates for being formatted. $start_date = sscanf($event['start_date'], '%04d-%02d-%02d'); $start_date = mktime(12, 0, 0, $start_date[1], $start_date[2], $start_date[0]); $end_date = sscanf($event['end_date'], '%04d-%02d-%02d'); $end_date = mktime(12, 0, 0, $end_date[1], $end_date[2], $end_date[0]); $context['linked_calendar_events'][] = array('id' => $event['id_event'], 'title' => $event['title'], 'can_edit' => allowedTo('calendar_edit_any') || $event['id_member'] == $user_info['id'] && allowedTo('calendar_edit_own'), 'modify_href' => $scripturl . '?action=post;msg=' . $topicinfo['id_first_msg'] . ';topic=' . $topic . '.0;calendar;eventid=' . $event['id_event'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'can_export' => allowedTo('calendar_edit_any') || $event['id_member'] == $user_info['id'] && allowedTo('calendar_edit_own'), 'export_href' => $scripturl . '?action=calendar;sa=ical;eventid=' . $event['id_event'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'start_date' => standardTime($start_date, $date_string, 'none'), 'start_timestamp' => $start_date, 'end_date' => standardTime($end_date, $date_string, 'none'), 'end_timestamp' => $end_date, 'is_last' => false); } if (!empty($context['linked_calendar_events'])) { $context['linked_calendar_events'][count($context['linked_calendar_events']) - 1]['is_last'] = true; $template_layers->add('display_calendar'); } } // Create the poll info if it exists. if ($context['is_poll']) { $template_layers->add('display_poll'); require_once SUBSDIR . '/Poll.subs.php'; loadPollContext($topicinfo['id_poll']); // Build the poll moderation button array. $context['poll_buttons'] = array('vote' => array('test' => 'allow_return_vote', 'text' => 'poll_return_vote', 'image' => 'poll_options.png', 'lang' => true, 'url' => $scripturl . '?topic=' . $context['current_topic'] . '.' . $context['start']), 'results' => array('test' => 'allow_poll_view', 'text' => 'poll_results', 'image' => 'poll_results.png', 'lang' => true, 'url' => $scripturl . '?topic=' . $context['current_topic'] . '.' . $context['start'] . ';viewresults'), 'change_vote' => array('test' => 'allow_change_vote', 'text' => 'poll_change_vote', 'image' => 'poll_change_vote.png', 'lang' => true, 'url' => $scripturl . '?action=poll;sa=vote;topic=' . $context['current_topic'] . '.' . $context['start'] . ';poll=' . $context['poll']['id'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'lock' => array('test' => 'allow_lock_poll', 'text' => !$context['poll']['is_locked'] ? 'poll_lock' : 'poll_unlock', 'image' => 'poll_lock.png', 'lang' => true, 'url' => $scripturl . '?action=lockvoting;topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'edit' => array('test' => 'allow_edit_poll', 'text' => 'poll_edit', 'image' => 'poll_edit.png', 'lang' => true, 'url' => $scripturl . '?action=editpoll;topic=' . $context['current_topic'] . '.' . $context['start']), 'remove_poll' => array('test' => 'can_remove_poll', 'text' => 'poll_remove', 'image' => 'admin_remove_poll.png', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . $txt['poll_remove_warn'] . '\');"', 'url' => $scripturl . '?action=poll;sa=remove;topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id'])); // Allow mods to add additional buttons here call_integration_hook('integrate_poll_buttons'); } // Calculate the fastest way to get the messages! $ascending = true; $start = $_REQUEST['start']; $limit = $context['messages_per_page']; $firstIndex = 0; if ($start >= $context['total_visible_posts'] / 2 && $context['messages_per_page'] != -1) { $ascending = !$ascending; $limit = $context['total_visible_posts'] <= $start + $limit ? $context['total_visible_posts'] - $start : $limit; $start = $context['total_visible_posts'] <= $start + $limit ? 0 : $context['total_visible_posts'] - $start - $limit; $firstIndex = $limit - 1; } // Taking care of member specific settings $limit_settings = array('messages_per_page' => $context['messages_per_page'], 'start' => $start, 'offset' => $limit); // Get each post and poster in this topic. $topic_details = getTopicsPostsAndPoster($topic, $limit_settings, $ascending); $messages = $topic_details['messages']; $posters = array_unique($topic_details['all_posters']); $all_posters = $topic_details['all_posters']; unset($topic_details); call_integration_hook('integrate_display_message_list', array(&$messages, &$posters)); // Guests can't mark topics read or for notifications, just can't sorry. if (!$user_info['is_guest'] && !empty($messages)) { $mark_at_msg = max($messages); if ($mark_at_msg >= $topicinfo['id_last_msg']) { $mark_at_msg = $modSettings['maxMsgID']; } if ($mark_at_msg >= $topicinfo['new_from']) { markTopicsRead(array($user_info['id'], $topic, $mark_at_msg, $topicinfo['unwatched']), $topicinfo['new_from'] !== 0); } updateReadNotificationsFor($topic, $board); // Have we recently cached the number of new topics in this board, and it's still a lot? if (isset($_REQUEST['topicseen']) && isset($_SESSION['topicseen_cache'][$board]) && $_SESSION['topicseen_cache'][$board] > 5) { $_SESSION['topicseen_cache'][$board]--; } elseif (isset($_REQUEST['topicseen'])) { // Use the mark read tables... and the last visit to figure out if this should be read or not. $numNewTopics = getUnreadCountSince($board, empty($_SESSION['id_msg_last_visit']) ? 0 : $_SESSION['id_msg_last_visit']); // If there're no real new topics in this board, mark the board as seen. if (empty($numNewTopics)) { $_REQUEST['boardseen'] = true; } else { $_SESSION['topicseen_cache'][$board] = $numNewTopics; } } elseif (isset($_SESSION['topicseen_cache'][$board])) { $_SESSION['topicseen_cache'][$board]--; } // Mark board as seen if we came using last post link from BoardIndex. (or other places...) if (isset($_REQUEST['boardseen'])) { require_once SUBSDIR . '/Boards.subs.php'; markBoardsRead($board, false, false); } } $attachments = array(); // If there _are_ messages here... (probably an error otherwise :!) if (!empty($messages)) { require_once SUBSDIR . '/Attachments.subs.php'; // Fetch attachments. $includeUnapproved = !$modSettings['postmod_active'] || allowedTo('approve_posts'); if (!empty($modSettings['attachmentEnable']) && allowedTo('view_attachments')) { $attachments = getAttachments($messages, $includeUnapproved, 'filter_accessible_attachment', $all_posters); } $msg_parameters = array('message_list' => $messages, 'new_from' => $topicinfo['new_from']); $msg_selects = array(); $msg_tables = array(); call_integration_hook('integrate_message_query', array(&$msg_selects, &$msg_tables, &$msg_parameters)); // What? It's not like it *couldn't* be only guests in this topic... if (!empty($posters)) { loadMemberData($posters); } // Load in the likes for this group of messages if (!empty($modSettings['likes_enabled'])) { require_once SUBSDIR . '/Likes.subs.php'; $context['likes'] = loadLikes($messages, true); // ajax controller for likes loadJavascriptFile('like_posts.js', array('defer' => true)); loadLanguage('Errors'); // Initiate likes and the tooltips for likes addInlineJavascript(' $(document).ready(function () { var likePostInstance = likePosts.prototype.init({ oTxt: ({ btnText : ' . JavaScriptEscape($txt['ok_uppercase']) . ', likeHeadingError : ' . JavaScriptEscape($txt['like_heading_error']) . ', error_occurred : ' . JavaScriptEscape($txt['error_occurred']) . ' }), }); $(".like_button, .unlike_button").SiteTooltip({ hoverIntent: { sensitivity: 10, interval: 150, timeout: 50 } }); });', true); } $messages_request = loadMessageRequest($msg_selects, $msg_tables, $msg_parameters); if (!empty($modSettings['enableFollowup'])) { require_once SUBSDIR . '/FollowUps.subs.php'; $context['follow_ups'] = followupTopics($messages, $includeUnapproved); } // Go to the last message if the given time is beyond the time of the last message. if (isset($context['start_from']) && $context['start_from'] >= $topicinfo['num_replies']) { $context['start_from'] = $topicinfo['num_replies']; } // Since the anchor information is needed on the top of the page we load these variables beforehand. $context['first_message'] = isset($messages[$firstIndex]) ? $messages[$firstIndex] : $messages[0]; $context['first_new_message'] = isset($context['start_from']) && $_REQUEST['start'] == $context['start_from']; } else { $messages_request = false; $context['first_message'] = 0; $context['first_new_message'] = false; } $context['jump_to'] = array('label' => addslashes(un_htmlspecialchars($txt['jump_to'])), 'board_name' => htmlspecialchars(strtr(strip_tags($board_info['name']), array('&' => '&')), ENT_COMPAT, 'UTF-8'), 'child_level' => $board_info['child_level']); // Set the callback. (do you REALIZE how much memory all the messages would take?!?) // This will be called from the template. $context['get_message'] = array($this, 'prepareDisplayContext_callback'); // Now set all the wonderful, wonderful permissions... like moderation ones... $common_permissions = array('can_approve' => 'approve_posts', 'can_ban' => 'manage_bans', 'can_sticky' => 'make_sticky', 'can_merge' => 'merge_any', 'can_split' => 'split_any', 'calendar_post' => 'calendar_post', 'can_mark_notify' => 'mark_any_notify', 'can_send_topic' => 'send_topic', 'can_send_pm' => 'pm_send', 'can_send_email' => 'send_email_to_members', 'can_report_moderator' => 'report_any', 'can_moderate_forum' => 'moderate_forum', 'can_issue_warning' => 'issue_warning', 'can_restore_topic' => 'move_any', 'can_restore_msg' => 'move_any'); foreach ($common_permissions as $contextual => $perm) { $context[$contextual] = allowedTo($perm); } // Permissions with _any/_own versions. $context[YYY] => ZZZ_any/_own. $anyown_permissions = array('can_move' => 'move', 'can_lock' => 'lock', 'can_delete' => 'remove', 'can_add_poll' => 'poll_add', 'can_remove_poll' => 'poll_remove', 'can_reply' => 'post_reply', 'can_reply_unapproved' => 'post_unapproved_replies'); foreach ($anyown_permissions as $contextual => $perm) { $context[$contextual] = allowedTo($perm . '_any') || $context['user']['started'] && allowedTo($perm . '_own'); } // Cleanup all the permissions with extra stuff... $context['can_mark_notify'] &= !$context['user']['is_guest']; $context['can_sticky'] &= !empty($modSettings['enableStickyTopics']); $context['calendar_post'] &= !empty($modSettings['cal_enabled']) && (allowedTo('modify_any') || $context['user']['started'] && allowedTo('modify_own')); $context['can_add_poll'] &= !empty($modSettings['pollMode']) && $topicinfo['id_poll'] <= 0; $context['can_remove_poll'] &= !empty($modSettings['pollMode']) && $topicinfo['id_poll'] > 0; $context['can_reply'] &= empty($topicinfo['locked']) || allowedTo('moderate_board'); $context['can_reply_unapproved'] &= $modSettings['postmod_active'] && (empty($topicinfo['locked']) || allowedTo('moderate_board')); $context['can_issue_warning'] &= in_array('w', $context['admin_features']) && !empty($modSettings['warning_enable']); // Handle approval flags... $context['can_reply_approved'] = $context['can_reply']; $context['can_reply'] |= $context['can_reply_unapproved']; $context['can_quote'] = $context['can_reply'] && (empty($modSettings['disabledBBC']) || !in_array('quote', explode(',', $modSettings['disabledBBC']))); $context['can_mark_unread'] = !$user_info['is_guest'] && $settings['show_mark_read']; $context['can_unwatch'] = !$user_info['is_guest'] && $modSettings['enable_unwatch']; $context['can_send_topic'] = (!$modSettings['postmod_active'] || $topicinfo['approved']) && allowedTo('send_topic'); $context['can_print'] = empty($modSettings['disable_print_topic']); // Start this off for quick moderation - it will be or'd for each post. $context['can_remove_post'] = allowedTo('delete_any') || allowedTo('delete_replies') && $context['user']['started']; // Can restore topic? That's if the topic is in the recycle board and has a previous restore state. $context['can_restore_topic'] &= !empty($modSettings['recycle_enable']) && $modSettings['recycle_board'] == $board && !empty($topicinfo['id_previous_board']); $context['can_restore_msg'] &= !empty($modSettings['recycle_enable']) && $modSettings['recycle_board'] == $board && !empty($topicinfo['id_previous_topic']); $context['can_follow_up'] = !empty($modSettings['enableFollowup']) && boardsallowedto('post_new') !== array(); // Check if the draft functions are enabled and that they have permission to use them (for quick reply.) $context['drafts_save'] = !empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_post_enabled']) && allowedTo('post_draft') && $context['can_reply']; $context['drafts_autosave'] = !empty($context['drafts_save']) && !empty($modSettings['drafts_autosave_enabled']) && allowedTo('post_autosave_draft'); if (!empty($context['drafts_save'])) { loadLanguage('Drafts'); } if (!empty($context['drafts_autosave']) && empty($options['use_editor_quick_reply'])) { loadJavascriptFile('drafts.js'); } if (!empty($modSettings['mentions_enabled'])) { $context['mentions_enabled'] = true; // Just using the plain text quick reply and not the editor if (empty($options['use_editor_quick_reply'])) { loadJavascriptFile(array('jquery.atwho.js', 'jquery.caret.min.js', 'mentioning.js')); } loadCSSFile('jquery.atwho.css'); addInlineJavascript(' $(document).ready(function () { for (var i = 0, count = all_elk_mentions.length; i < count; i++) all_elk_mentions[i].oMention = new elk_mentions(all_elk_mentions[i].oOptions); });'); } // Load up the Quick ModifyTopic and Quick Reply scripts loadJavascriptFile('topic.js'); // Auto video embeding enabled? if (!empty($modSettings['enableVideoEmbeding'])) { addInlineJavascript(' $(document).ready(function() { $().linkifyvideo(oEmbedtext); });'); } // Load up the "double post" sequencing magic. if (!empty($options['display_quick_reply'])) { checkSubmitOnce('register'); $context['name'] = isset($_SESSION['guest_name']) ? $_SESSION['guest_name'] : ''; $context['email'] = isset($_SESSION['guest_email']) ? $_SESSION['guest_email'] : ''; if (!empty($options['use_editor_quick_reply']) && $context['can_reply']) { // Needed for the editor and message icons. require_once SUBSDIR . '/Editor.subs.php'; // Now create the editor. $editorOptions = array('id' => 'message', 'value' => '', 'labels' => array('post_button' => $txt['post']), 'height' => '250px', 'width' => '100%', 'preview_type' => 0); create_control_richedit($editorOptions); $context['attached'] = ''; $context['make_poll'] = isset($_REQUEST['poll']); // Message icons - customized icons are off? $context['icons'] = getMessageIcons($board); if (!empty($context['icons'])) { $context['icons'][count($context['icons']) - 1]['is_last'] = true; } } } addJavascriptVar(array('notification_topic_notice' => $context['is_marked_notify'] ? $txt['notification_disable_topic'] : $txt['notification_enable_topic']), true); if ($context['can_send_topic']) { addJavascriptVar(array('sendtopic_cancel' => $txt['modify_cancel'], 'sendtopic_back' => $txt['back'], 'sendtopic_close' => $txt['find_close'], 'sendtopic_error' => $txt['send_error_occurred'], 'required_field' => $txt['require_field']), true); } // Build the normal button array. $context['normal_buttons'] = array('reply' => array('test' => 'can_reply', 'text' => 'reply', 'image' => 'reply.png', 'lang' => true, 'url' => $scripturl . '?action=post;topic=' . $context['current_topic'] . '.' . $context['start'] . ';last_msg=' . $context['topic_last_message'], 'active' => true), 'notify' => array('test' => 'can_mark_notify', 'text' => $context['is_marked_notify'] ? 'unnotify' : 'notify', 'image' => ($context['is_marked_notify'] ? 'un' : '') . 'notify.png', 'lang' => true, 'custom' => 'onclick="return notifyButton(this);"', 'url' => $scripturl . '?action=notify;sa=' . ($context['is_marked_notify'] ? 'off' : 'on') . ';topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'mark_unread' => array('test' => 'can_mark_unread', 'text' => 'mark_unread', 'image' => 'markunread.png', 'lang' => true, 'url' => $scripturl . '?action=markasread;sa=topic;t=' . $context['mark_unread_time'] . ';topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'unwatch' => array('test' => 'can_unwatch', 'text' => ($context['topic_unwatched'] ? '' : 'un') . 'watch', 'image' => ($context['topic_unwatched'] ? '' : 'un') . 'watched.png', 'lang' => true, 'custom' => 'onclick="return unwatchButton(this);"', 'url' => $scripturl . '?action=unwatchtopic;topic=' . $context['current_topic'] . '.' . $context['start'] . ';sa=' . ($context['topic_unwatched'] ? 'off' : 'on') . ';' . $context['session_var'] . '=' . $context['session_id']), 'send' => array('test' => 'can_send_topic', 'text' => 'send_topic', 'image' => 'sendtopic.png', 'lang' => true, 'url' => $scripturl . '?action=emailuser;sa=sendtopic;topic=' . $context['current_topic'] . '.0', 'custom' => 'onclick="return sendtopicOverlayDiv(this.href, \'' . $txt['send_topic'] . '\');"'), 'print' => array('test' => 'can_print', 'text' => 'print', 'image' => 'print.png', 'lang' => true, 'custom' => 'rel="nofollow"', 'class' => 'new_win', 'url' => $scripturl . '?action=topic;sa=printpage;topic=' . $context['current_topic'] . '.0')); // Build the mod button array $context['mod_buttons'] = array('move' => array('test' => 'can_move', 'text' => 'move_topic', 'image' => 'admin_move.png', 'lang' => true, 'url' => $scripturl . '?action=movetopic;current_board=' . $context['current_board'] . ';topic=' . $context['current_topic'] . '.0'), 'delete' => array('test' => 'can_delete', 'text' => 'remove_topic', 'image' => 'admin_rem.png', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . $txt['are_sure_remove_topic'] . '\');"', 'url' => $scripturl . '?action=removetopic2;topic=' . $context['current_topic'] . '.0;' . $context['session_var'] . '=' . $context['session_id']), 'lock' => array('test' => 'can_lock', 'text' => empty($context['is_locked']) ? 'set_lock' : 'set_unlock', 'image' => 'admin_lock.png', 'lang' => true, 'url' => $scripturl . '?action=topic;sa=lock;topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'sticky' => array('test' => 'can_sticky', 'text' => empty($context['is_sticky']) ? 'set_sticky' : 'set_nonsticky', 'image' => 'admin_sticky.png', 'lang' => true, 'url' => $scripturl . '?action=topic;sa=sticky;topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'merge' => array('test' => 'can_merge', 'text' => 'merge', 'image' => 'merge.png', 'lang' => true, 'url' => $scripturl . '?action=mergetopics;board=' . $context['current_board'] . '.0;from=' . $context['current_topic']), 'calendar' => array('test' => 'calendar_post', 'text' => 'calendar_link', 'image' => 'linktocal.png', 'lang' => true, 'url' => $scripturl . '?action=post;calendar;msg=' . $context['topic_first_message'] . ';topic=' . $context['current_topic'] . '.0')); // Restore topic. eh? No monkey business. if ($context['can_restore_topic']) { $context['mod_buttons'][] = array('text' => 'restore_topic', 'image' => '', 'lang' => true, 'url' => $scripturl . '?action=restoretopic;topics=' . $context['current_topic'] . ';' . $context['session_var'] . '=' . $context['session_id']); } if ($context['can_reply'] && !empty($options['display_quick_reply'])) { $template_layers->add('quickreply'); } $template_layers->add('pages_and_buttons'); // Allow adding new buttons easily. call_integration_hook('integrate_display_buttons'); call_integration_hook('integrate_mod_buttons'); }
/** * Edits an existing or adds a new article to the system * Handles the previewing of an article */ public function action_sportal_admin_article_edit() { global $context, $options, $txt; $this->_is_new = empty($_REQUEST['article_id']); $article_errors = Error_Context::context('article', 0); // Going to use editor and post functions require_once SUBSDIR . '/Post.subs.php'; require_once SUBSDIR . '/Editor.subs.php'; // Convert this to BBC? if (!empty($_REQUEST['content_mode']) && $_POST['type'] == 'bbc') { $convert = $_REQUEST['content']; require_once SUBSDIR . '/Html2BBC.class.php'; $bbc_converter = new Convert_BBC($convert); $convert = $bbc_converter->get_bbc(); $convert = un_htmlspecialchars($convert); $_POST['content'] = $convert; } // Saving the work? if (!empty($_POST['submit']) && !$article_errors->hasErrors()) { checkSession(); $this->_sportal_admin_article_edit_save(); } // Just taking a look before you save? if (!empty($_POST['preview']) || $article_errors->hasErrors()) { $context['article'] = $this->_sportal_admin_article_preview(); // Fix any bbc errors they have created if ($context['article']['type'] == 'bbc') { preparsecode($context['article']['body']); } loadTemplate('PortalArticles'); // Showing errors or a preview? if ($article_errors->hasErrors()) { $context['article_errors'] = array('errors' => $article_errors->prepareErrors(), 'type' => $article_errors->getErrorType() == 0 ? 'minor' : 'serious', 'title' => $txt['sp_form_errors_detected']); } else { $context['preview'] = true; } } elseif ($this->_is_new) { $context['article'] = array('id' => 0, 'article_id' => 'article' . mt_rand(1, 5000), 'category' => array('id' => 0), 'title' => $txt['sp_articles_default_title'], 'body' => '', 'type' => 'bbc', 'permissions' => 3, 'status' => 1); } else { $_REQUEST['article_id'] = (int) $_REQUEST['article_id']; $context['article'] = sportal_get_articles($_REQUEST['article_id']); } if ($context['article']['type'] === 'bbc') { $context['article']['body'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), un_preparsecode($context['article']['body'])); } // On to the editor if ($context['article']['type'] !== 'bbc') { // Override user prefs for wizzy mode if they don't need it $temp_editor = !empty($options['wysiwyg_default']); $options['wysiwyg_default'] = false; } // Fire up the editor with the values $editor_options = array('id' => 'content', 'value' => $context['article']['body'], 'width' => '100%', 'height' => '225px', 'preview_type' => 2); create_control_richedit($editor_options); $context['post_box_name'] = $editor_options['id']; // Restore their settings if (isset($temp_editor)) { $options['wysiwyg_default'] = $temp_editor; } // Set the editor box to the right mode based on type (bbc, html, php) addInlineJavascript(' $(window).load(function() { diewithfire = window.setTimeout(function() {sp_update_editor("' . $context['article']['type'] . '", "");}, 200); }); '); // Final bits for the template, category's and permission settings $context['article']['permission_profiles'] = sportal_get_profiles(null, 1, 'name'); if (empty($context['article']['permission_profiles'])) { fatal_lang_error('error_sp_no_permission_profiles', false); } $context['article']['categories'] = sportal_get_categories(); if (empty($context['article']['categories'])) { fatal_lang_error('error_sp_no_category', false); } // Page out values $context['is_new'] = $this->_is_new; $context['article']['body'] = sportal_parse_content($context['article']['body'], $context['article']['type'], 'return'); $context['page_title'] = $this->_is_new ? $txt['sp_admin_articles_add'] : $txt['sp_admin_articles_edit']; $context['sub_template'] = 'articles_edit'; }
function Post() { global $txt, $scripturl, $topic, $modSettings, $board; global $user_info, $sc, $board_info, $context, $settings; global $sourcedir, $options, $smcFunc, $language; loadLanguage('Post'); // You can't reply with a poll... hacker. if (isset($_REQUEST['poll']) && !empty($topic) && !isset($_REQUEST['msg'])) { unset($_REQUEST['poll']); } // Posting an event? $context['make_event'] = isset($_REQUEST['calendar']); $context['robot_no_index'] = true; // You must be posting to *some* board. if (empty($board) && !$context['make_event']) { fatal_lang_error('no_board', false); } require_once $sourcedir . '/Subs-Post.php'; if (isset($_REQUEST['xml'])) { $context['sub_template'] = 'post'; // Just in case of an earlier error... $context['preview_message'] = ''; $context['preview_subject'] = ''; } // No message is complete without a topic. if (empty($topic) && !empty($_REQUEST['msg'])) { $request = $smcFunc['db_query']('', ' SELECT id_topic FROM {db_prefix}messages WHERE id_msg = {int:msg}', array('msg' => (int) $_REQUEST['msg'])); if ($smcFunc['db_num_rows']($request) != 1) { unset($_REQUEST['msg'], $_POST['msg'], $_GET['msg']); } else { list($topic) = $smcFunc['db_fetch_row']($request); } $smcFunc['db_free_result']($request); } // Check if it's locked. It isn't locked if no topic is specified. if (!empty($topic)) { $request = $smcFunc['db_query']('', ' SELECT t.locked, IFNULL(ln.id_topic, 0) AS notify, t.is_sticky, t.id_poll, t.id_last_msg, mf.id_member, t.id_first_msg, mf.subject, CASE WHEN ml.poster_time > ml.modified_time THEN ml.poster_time ELSE ml.modified_time END AS last_post_time FROM {db_prefix}topics AS t LEFT JOIN {db_prefix}log_notify AS ln ON (ln.id_topic = t.id_topic AND ln.id_member = {int:current_member}) LEFT JOIN {db_prefix}messages AS mf ON (mf.id_msg = t.id_first_msg) LEFT JOIN {db_prefix}messages AS ml ON (ml.id_msg = t.id_last_msg) WHERE t.id_topic = {int:current_topic} LIMIT 1', array('current_member' => $user_info['id'], 'current_topic' => $topic)); list($locked, $context['notify'], $sticky, $pollID, $context['topic_last_message'], $id_member_poster, $id_first_msg, $first_subject, $lastPostTime) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // If this topic already has a poll, they sure can't add another. if (isset($_REQUEST['poll']) && $pollID > 0) { unset($_REQUEST['poll']); } if (empty($_REQUEST['msg'])) { if ($user_info['is_guest'] && !allowedTo('post_reply_any') && (!$modSettings['postmod_active'] || !allowedTo('post_unapproved_replies_any'))) { is_not_guest(); } // By default the reply will be approved... $context['becomes_approved'] = true; if ($id_member_poster != $user_info['id']) { if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_any') && !allowedTo('post_reply_any')) { $context['becomes_approved'] = false; } else { isAllowedTo('post_reply_any'); } } elseif (!allowedTo('post_reply_any')) { if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_own') && !allowedTo('post_reply_own')) { $context['becomes_approved'] = false; } else { isAllowedTo('post_reply_own'); } } } else { $context['becomes_approved'] = true; } $context['can_lock'] = allowedTo('lock_any') || $user_info['id'] == $id_member_poster && allowedTo('lock_own'); $context['can_sticky'] = allowedTo('make_sticky') && !empty($modSettings['enableStickyTopics']); $context['notify'] = !empty($context['notify']); $context['sticky'] = isset($_REQUEST['sticky']) ? !empty($_REQUEST['sticky']) : $sticky; } else { $context['becomes_approved'] = true; if (!$context['make_event'] || !empty($board)) { if ($modSettings['postmod_active'] && !allowedTo('post_new') && allowedTo('post_unapproved_topics')) { $context['becomes_approved'] = false; } else { isAllowedTo('post_new'); } } $locked = 0; // !!! These won't work if you're making an event. $context['can_lock'] = allowedTo(array('lock_any', 'lock_own')); $context['can_sticky'] = allowedTo('make_sticky') && !empty($modSettings['enableStickyTopics']); $context['notify'] = !empty($context['notify']); $context['sticky'] = !empty($_REQUEST['sticky']); } // !!! These won't work if you're posting an event! $context['can_notify'] = allowedTo('mark_any_notify'); $context['can_move'] = allowedTo('move_any'); $context['move'] = !empty($_REQUEST['move']); $context['announce'] = !empty($_REQUEST['announce']); // You can only announce topics that will get approved... $context['can_announce'] = allowedTo('announce_topic') && $context['becomes_approved']; $context['locked'] = !empty($locked) || !empty($_REQUEST['lock']); $context['can_quote'] = empty($modSettings['disabledBBC']) || !in_array('quote', explode(',', $modSettings['disabledBBC'])); // Generally don't show the approval box... (Assume we want things approved) $context['show_approval'] = false; // An array to hold all the attachments for this topic. $context['current_attachments'] = array(); // Don't allow a post if it's locked and you aren't all powerful. if ($locked && !allowedTo('moderate_board')) { fatal_lang_error('topic_locked', false); } // Check the users permissions - is the user allowed to add or post a poll? if (isset($_REQUEST['poll']) && $modSettings['pollMode'] == '1') { // New topic, new poll. if (empty($topic)) { isAllowedTo('poll_post'); } elseif ($user_info['id'] == $id_member_poster && !allowedTo('poll_add_any')) { isAllowedTo('poll_add_own'); } else { isAllowedTo('poll_add_any'); } require_once $sourcedir . '/Subs-Members.php'; $allowedVoteGroups = groupsAllowedTo('poll_vote', $board); // Set up the poll options. $context['poll_options'] = array('max_votes' => empty($_POST['poll_max_votes']) ? '1' : max(1, $_POST['poll_max_votes']), 'hide' => empty($_POST['poll_hide']) ? 0 : $_POST['poll_hide'], 'expire' => !isset($_POST['poll_expire']) ? '' : $_POST['poll_expire'], 'change_vote' => isset($_POST['poll_change_vote']), 'guest_vote' => isset($_POST['poll_guest_vote']), 'guest_vote_enabled' => in_array(-1, $allowedVoteGroups['allowed'])); // Make all five poll choices empty. $context['choices'] = array(array('id' => 0, 'number' => 1, 'label' => '', 'is_last' => false), array('id' => 1, 'number' => 2, 'label' => '', 'is_last' => false), array('id' => 2, 'number' => 3, 'label' => '', 'is_last' => false), array('id' => 3, 'number' => 4, 'label' => '', 'is_last' => false), array('id' => 4, 'number' => 5, 'label' => '', 'is_last' => true)); } if ($context['make_event']) { // They might want to pick a board. if (!isset($context['current_board'])) { $context['current_board'] = 0; } // Start loading up the event info. $context['event'] = array(); $context['event']['title'] = isset($_REQUEST['evtitle']) ? htmlspecialchars(stripslashes($_REQUEST['evtitle'])) : ''; $context['event']['id'] = isset($_REQUEST['eventid']) ? (int) $_REQUEST['eventid'] : -1; $context['event']['new'] = $context['event']['id'] == -1; // Permissions check! isAllowedTo('calendar_post'); // Editing an event? (but NOT previewing!?) if (!$context['event']['new'] && !isset($_REQUEST['subject'])) { // If the user doesn't have permission to edit the post in this topic, redirect them. if ((empty($id_member_poster) || $id_member_poster != $user_info['id'] || !allowedTo('modify_own')) && !allowedTo('modify_any')) { require_once $sourcedir . '/Calendar.php'; return CalendarPost(); } // Get the current event information. $request = $smcFunc['db_query']('', ' SELECT id_member, title, MONTH(start_date) AS month, DAYOFMONTH(start_date) AS day, YEAR(start_date) AS year, (TO_DAYS(end_date) - TO_DAYS(start_date)) AS span FROM {db_prefix}calendar WHERE id_event = {int:id_event} LIMIT 1', array('id_event' => $context['event']['id'])); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // Make sure the user is allowed to edit this event. if ($row['id_member'] != $user_info['id']) { isAllowedTo('calendar_edit_any'); } elseif (!allowedTo('calendar_edit_any')) { isAllowedTo('calendar_edit_own'); } $context['event']['month'] = $row['month']; $context['event']['day'] = $row['day']; $context['event']['year'] = $row['year']; $context['event']['title'] = $row['title']; $context['event']['span'] = $row['span'] + 1; } else { $today = getdate(); // You must have a month and year specified! if (!isset($_REQUEST['month'])) { $_REQUEST['month'] = $today['mon']; } if (!isset($_REQUEST['year'])) { $_REQUEST['year'] = $today['year']; } $context['event']['month'] = (int) $_REQUEST['month']; $context['event']['year'] = (int) $_REQUEST['year']; $context['event']['day'] = isset($_REQUEST['day']) ? $_REQUEST['day'] : ($_REQUEST['month'] == $today['mon'] ? $today['mday'] : 0); $context['event']['span'] = isset($_REQUEST['span']) ? $_REQUEST['span'] : 1; // Make sure the year and month are in the valid range. if ($context['event']['month'] < 1 || $context['event']['month'] > 12) { fatal_lang_error('invalid_month', false); } if ($context['event']['year'] < $modSettings['cal_minyear'] || $context['event']['year'] > $modSettings['cal_maxyear']) { fatal_lang_error('invalid_year', false); } // Get a list of boards they can post in. $boards = boardsAllowedTo('post_new'); if (empty($boards)) { fatal_lang_error('cannot_post_new', 'user'); } // Load a list of boards for this event in the context. require_once $sourcedir . '/Subs-MessageIndex.php'; $boardListOptions = array('included_boards' => in_array(0, $boards) ? null : $boards, 'not_redirection' => true, 'use_permissions' => true, 'selected_board' => empty($context['current_board']) ? $modSettings['cal_defaultboard'] : $context['current_board']); $context['event']['categories'] = getBoardList($boardListOptions); } // Find the last day of the month. $context['event']['last_day'] = (int) strftime('%d', mktime(0, 0, 0, $context['event']['month'] == 12 ? 1 : $context['event']['month'] + 1, 0, $context['event']['month'] == 12 ? $context['event']['year'] + 1 : $context['event']['year'])); $context['event']['board'] = !empty($board) ? $board : $modSettings['cal_defaultboard']; } if (empty($context['post_errors'])) { $context['post_errors'] = array(); } // See if any new replies have come along. if (empty($_REQUEST['msg']) && !empty($topic)) { if (empty($options['no_new_reply_warning']) && isset($_REQUEST['last_msg']) && $context['topic_last_message'] > $_REQUEST['last_msg']) { $request = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}messages WHERE id_topic = {int:current_topic} AND id_msg > {int:last_msg}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : ' AND approved = {int:approved}') . ' LIMIT 1', array('current_topic' => $topic, 'last_msg' => (int) $_REQUEST['last_msg'], 'approved' => 1)); list($context['new_replies']) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if (!empty($context['new_replies'])) { if ($context['new_replies'] == 1) { $txt['error_new_reply'] = isset($_GET['last_msg']) ? $txt['error_new_reply_reading'] : $txt['error_new_reply']; } else { $txt['error_new_replies'] = sprintf(isset($_GET['last_msg']) ? $txt['error_new_replies_reading'] : $txt['error_new_replies'], $context['new_replies']); } // If they've come from the display page then we treat the error differently.... if (isset($_GET['last_msg'])) { $newRepliesError = $context['new_replies']; } else { $context['post_error'][$context['new_replies'] == 1 ? 'new_reply' : 'new_replies'] = true; } $modSettings['topicSummaryPosts'] = $context['new_replies'] > $modSettings['topicSummaryPosts'] ? max($modSettings['topicSummaryPosts'], 5) : $modSettings['topicSummaryPosts']; } } // Check whether this is a really old post being bumped... if (!empty($modSettings['oldTopicDays']) && $lastPostTime + $modSettings['oldTopicDays'] * 86400 < time() && empty($sticky) && !isset($_REQUEST['subject'])) { $oldTopicError = true; } } // Get a response prefix (like 'Re:') in the default forum language. if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) { if ($language === $user_info['language']) { $context['response_prefix'] = $txt['response_prefix']; } else { loadLanguage('index', $language, false); $context['response_prefix'] = $txt['response_prefix']; loadLanguage('index'); } cache_put_data('response_prefix', $context['response_prefix'], 600); } // Previewing, modifying, or posting? if (isset($_REQUEST['message']) || !empty($context['post_error'])) { // Validate inputs. if (empty($context['post_error'])) { if (htmltrim__recursive(htmlspecialchars__recursive($_REQUEST['subject'])) == '') { $context['post_error']['no_subject'] = true; } if (htmltrim__recursive(htmlspecialchars__recursive($_REQUEST['message'])) == '') { $context['post_error']['no_message'] = true; } if (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) { $context['post_error']['long_message'] = true; } // Are you... a guest? if ($user_info['is_guest']) { $_REQUEST['guestname'] = !isset($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']); $_REQUEST['email'] = !isset($_REQUEST['email']) ? '' : trim($_REQUEST['email']); // Validate the name and email. if (!isset($_REQUEST['guestname']) || trim(strtr($_REQUEST['guestname'], '_', ' ')) == '') { $context['post_error']['no_name'] = true; } elseif ($smcFunc['strlen']($_REQUEST['guestname']) > 25) { $context['post_error']['long_name'] = true; } else { require_once $sourcedir . '/Subs-Members.php'; if (isReservedName(htmlspecialchars($_REQUEST['guestname']), 0, true, false)) { $context['post_error']['bad_name'] = true; } } if (empty($modSettings['guest_post_no_email'])) { if (!isset($_REQUEST['email']) || $_REQUEST['email'] == '') { $context['post_error']['no_email'] = true; } elseif (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_REQUEST['email']) == 0) { $context['post_error']['bad_email'] = true; } } } // This is self explanatory - got any questions? if (isset($_REQUEST['question']) && trim($_REQUEST['question']) == '') { $context['post_error']['no_question'] = true; } // This means they didn't click Post and get an error. $really_previewing = true; } else { if (!isset($_REQUEST['subject'])) { $_REQUEST['subject'] = ''; } if (!isset($_REQUEST['message'])) { $_REQUEST['message'] = ''; } if (!isset($_REQUEST['icon'])) { $_REQUEST['icon'] = 'xx'; } // They are previewing if they asked to preview (i.e. came from quick reply). $really_previewing = !empty($_POST['preview']); } // In order to keep the approval status flowing through, we have to pass it through the form... $context['becomes_approved'] = empty($_REQUEST['not_approved']); $context['show_approval'] = isset($_REQUEST['approve']) ? $_REQUEST['approve'] ? 2 : 1 : 0; $context['can_announce'] &= $context['becomes_approved']; // Set up the inputs for the form. $form_subject = strtr($smcFunc['htmlspecialchars']($_REQUEST['subject']), array("\r" => '', "\n" => '', "\t" => '')); $form_message = $smcFunc['htmlspecialchars']($_REQUEST['message'], ENT_QUOTES); // Make sure the subject isn't too long - taking into account special characters. if ($smcFunc['strlen']($form_subject) > 100) { $form_subject = $smcFunc['substr']($form_subject, 0, 100); } // Have we inadvertently trimmed off the subject of useful information? if ($smcFunc['htmltrim']($form_subject) === '') { $context['post_error']['no_subject'] = true; } // Any errors occurred? if (!empty($context['post_error'])) { loadLanguage('Errors'); $context['error_type'] = 'minor'; $context['post_error']['messages'] = array(); foreach ($context['post_error'] as $post_error => $dummy) { if ($post_error == 'messages') { continue; } if ($post_error == 'long_message') { $txt['error_' . $post_error] = sprintf($txt['error_' . $post_error], $modSettings['max_messageLength']); } $context['post_error']['messages'][] = $txt['error_' . $post_error]; // If it's not a minor error flag it as such. if (!in_array($post_error, array('new_reply', 'not_approved', 'new_replies', 'old_topic', 'need_qr_verification'))) { $context['error_type'] = 'serious'; } } } if (isset($_REQUEST['poll'])) { $context['question'] = isset($_REQUEST['question']) ? $smcFunc['htmlspecialchars'](trim($_REQUEST['question'])) : ''; $context['choices'] = array(); $choice_id = 0; $_POST['options'] = empty($_POST['options']) ? array() : htmlspecialchars__recursive($_POST['options']); foreach ($_POST['options'] as $option) { if (trim($option) == '') { continue; } $context['choices'][] = array('id' => $choice_id++, 'number' => $choice_id, 'label' => $option, 'is_last' => false); } if (count($context['choices']) < 2) { $context['choices'][] = array('id' => $choice_id++, 'number' => $choice_id, 'label' => '', 'is_last' => false); $context['choices'][] = array('id' => $choice_id++, 'number' => $choice_id, 'label' => '', 'is_last' => false); } $context['choices'][count($context['choices']) - 1]['is_last'] = true; } // Are you... a guest? if ($user_info['is_guest']) { $_REQUEST['guestname'] = !isset($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']); $_REQUEST['email'] = !isset($_REQUEST['email']) ? '' : trim($_REQUEST['email']); $_REQUEST['guestname'] = htmlspecialchars($_REQUEST['guestname']); $context['name'] = $_REQUEST['guestname']; $_REQUEST['email'] = htmlspecialchars($_REQUEST['email']); $context['email'] = $_REQUEST['email']; $user_info['name'] = $_REQUEST['guestname']; } // Only show the preview stuff if they hit Preview. if ($really_previewing == true || isset($_REQUEST['xml'])) { // Set up the preview message and subject and censor them... $context['preview_message'] = $form_message; preparsecode($form_message, true); preparsecode($context['preview_message']); // Do all bulletin board code tags, with or without smileys. $context['preview_message'] = parse_bbc($context['preview_message'], isset($_REQUEST['ns']) ? 0 : 1); if ($form_subject != '') { $context['preview_subject'] = $form_subject; censorText($context['preview_subject']); censorText($context['preview_message']); } else { $context['preview_subject'] = '<em>' . $txt['no_subject'] . '</em>'; } // Protect any CDATA blocks. if (isset($_REQUEST['xml'])) { $context['preview_message'] = strtr($context['preview_message'], array(']]>' => ']]]]><![CDATA[>')); } } // Set up the checkboxes. $context['notify'] = !empty($_REQUEST['notify']); $context['use_smileys'] = !isset($_REQUEST['ns']); $context['icon'] = isset($_REQUEST['icon']) ? preg_replace('~[\\./\\\\*\':"<>]~', '', $_REQUEST['icon']) : 'xx'; // Set the destination action for submission. $context['destination'] = 'post2;start=' . $_REQUEST['start'] . (isset($_REQUEST['msg']) ? ';msg=' . $_REQUEST['msg'] . ';' . $context['session_var'] . '=' . $context['session_id'] : '') . (isset($_REQUEST['poll']) ? ';poll' : ''); $context['submit_label'] = isset($_REQUEST['msg']) ? $txt['save'] : $txt['post']; // Previewing an edit? if (isset($_REQUEST['msg']) && !empty($topic)) { // Get the existing message. $request = $smcFunc['db_query']('', ' SELECT m.id_member, m.modified_time, m.smileys_enabled, m.body, m.poster_name, m.poster_email, m.subject, m.icon, m.approved, IFNULL(a.size, -1) AS filesize, a.filename, a.id_attach, a.approved AS attachment_approved, t.id_member_started AS id_member_poster, m.poster_time FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic}) LEFT JOIN {db_prefix}attachments AS a ON (a.id_msg = m.id_msg AND a.attachment_type = {int:attachment_type}) WHERE m.id_msg = {int:id_msg} AND m.id_topic = {int:current_topic}', array('current_topic' => $topic, 'attachment_type' => 0, 'id_msg' => $_REQUEST['msg'])); // The message they were trying to edit was most likely deleted. // !!! Change this error message? if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_board', false); } $row = $smcFunc['db_fetch_assoc']($request); $attachment_stuff = array($row); while ($row2 = $smcFunc['db_fetch_assoc']($request)) { $attachment_stuff[] = $row2; } $smcFunc['db_free_result']($request); if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) { // Give an extra five minutes over the disable time threshold, so they can type - assuming the post is public. if ($row['approved'] && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } elseif ($row['id_member_poster'] == $user_info['id'] && !allowedTo('modify_own')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_own'); } } elseif ($row['id_member_poster'] == $user_info['id'] && !allowedTo('modify_any')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_any'); } if (!empty($modSettings['attachmentEnable'])) { $request = $smcFunc['db_query']('', ' SELECT IFNULL(size, -1) AS filesize, filename, id_attach, approved FROM {db_prefix}attachments WHERE id_msg = {int:id_msg} AND attachment_type = {int:attachment_type}', array('id_msg' => (int) $_REQUEST['msg'], 'attachment_type' => 0)); while ($row = $smcFunc['db_fetch_assoc']($request)) { if ($row['filesize'] <= 0) { continue; } $context['current_attachments'][] = array('name' => htmlspecialchars($row['filename']), 'id' => $row['id_attach'], 'approved' => $row['approved']); } $smcFunc['db_free_result']($request); } // Allow moderators to change names.... if (allowedTo('moderate_forum') && !empty($topic)) { $request = $smcFunc['db_query']('', ' SELECT id_member, poster_name, poster_email FROM {db_prefix}messages WHERE id_msg = {int:id_msg} AND id_topic = {int:current_topic} LIMIT 1', array('current_topic' => $topic, 'id_msg' => (int) $_REQUEST['msg'])); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); if (empty($row['id_member'])) { $context['name'] = htmlspecialchars($row['poster_name']); $context['email'] = htmlspecialchars($row['poster_email']); } } } // No check is needed, since nothing is really posted. checkSubmitOnce('free'); } elseif (isset($_REQUEST['msg']) && !empty($topic)) { $_REQUEST['msg'] = (int) $_REQUEST['msg']; // Get the existing message. $request = $smcFunc['db_query']('', ' SELECT m.id_member, m.modified_time, m.smileys_enabled, m.body, m.poster_name, m.poster_email, m.subject, m.icon, m.approved, IFNULL(a.size, -1) AS filesize, a.filename, a.id_attach, a.approved AS attachment_approved, t.id_member_started AS id_member_poster, m.poster_time FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic}) LEFT JOIN {db_prefix}attachments AS a ON (a.id_msg = m.id_msg AND a.attachment_type = {int:attachment_type}) WHERE m.id_msg = {int:id_msg} AND m.id_topic = {int:current_topic}', array('current_topic' => $topic, 'attachment_type' => 0, 'id_msg' => $_REQUEST['msg'])); // The message they were trying to edit was most likely deleted. // !!! Change this error message? if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_board', false); } $row = $smcFunc['db_fetch_assoc']($request); $attachment_stuff = array($row); while ($row2 = $smcFunc['db_fetch_assoc']($request)) { $attachment_stuff[] = $row2; } $smcFunc['db_free_result']($request); if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) { // Give an extra five minutes over the disable time threshold, so they can type - assuming the post is public. if ($row['approved'] && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } elseif ($row['id_member_poster'] == $user_info['id'] && !allowedTo('modify_own')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_own'); } } elseif ($row['id_member_poster'] == $user_info['id'] && !allowedTo('modify_any')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_any'); } // When was it last modified? if (!empty($row['modified_time'])) { $context['last_modified'] = timeformat($row['modified_time']); } // Get the stuff ready for the form. $form_subject = $row['subject']; $form_message = un_preparsecode($row['body']); censorText($form_message); censorText($form_subject); // Check the boxes that should be checked. $context['use_smileys'] = !empty($row['smileys_enabled']); $context['icon'] = $row['icon']; // Show an "approve" box if the user can approve it, and the message isn't approved. if (!$row['approved'] && !$context['show_approval']) { $context['show_approval'] = allowedTo('approve_posts'); } // Load up 'em attachments! foreach ($attachment_stuff as $attachment) { if ($attachment['filesize'] >= 0 && !empty($modSettings['attachmentEnable'])) { $context['current_attachments'][] = array('name' => htmlspecialchars($attachment['filename']), 'id' => $attachment['id_attach'], 'approved' => $attachment['attachment_approved']); } } // Allow moderators to change names.... if (allowedTo('moderate_forum') && empty($row['id_member'])) { $context['name'] = htmlspecialchars($row['poster_name']); $context['email'] = htmlspecialchars($row['poster_email']); } // Set the destinaton. $context['destination'] = 'post2;start=' . $_REQUEST['start'] . ';msg=' . $_REQUEST['msg'] . ';' . $context['session_var'] . '=' . $context['session_id'] . (isset($_REQUEST['poll']) ? ';poll' : ''); $context['submit_label'] = $txt['save']; } else { // By default.... $context['use_smileys'] = true; $context['icon'] = 'xx'; if ($user_info['is_guest']) { $context['name'] = isset($_SESSION['guest_name']) ? $_SESSION['guest_name'] : ''; $context['email'] = isset($_SESSION['guest_email']) ? $_SESSION['guest_email'] : ''; } $context['destination'] = 'post2;start=' . $_REQUEST['start'] . (isset($_REQUEST['poll']) ? ';poll' : ''); $context['submit_label'] = $txt['post']; // Posting a quoted reply? if (!empty($topic) && !empty($_REQUEST['quote'])) { // Make sure they _can_ quote this post, and if so get it. $request = $smcFunc['db_query']('', ' SELECT m.subject, IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.body FROM {db_prefix}messages AS m INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board}) LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member) WHERE m.id_msg = {int:id_msg}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : ' AND m.approved = {int:is_approved}') . ' LIMIT 1', array('id_msg' => (int) $_REQUEST['quote'], 'is_approved' => 1)); if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('quoted_post_deleted', false); } list($form_subject, $mname, $mdate, $form_message) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Add 'Re: ' to the front of the quoted subject. if (trim($context['response_prefix']) != '' && $smcFunc['strpos']($form_subject, trim($context['response_prefix'])) !== 0) { $form_subject = $context['response_prefix'] . $form_subject; } // Censor the message and subject. censorText($form_message); censorText($form_subject); // But if it's in HTML world, turn them into htmlspecialchar's so they can be edited! if (strpos($form_message, '[html]') !== false) { $parts = preg_split('~(\\[/code\\]|\\[code(?:=[^\\]]+)?\\])~i', $form_message, -1, PREG_SPLIT_DELIM_CAPTURE); for ($i = 0, $n = count($parts); $i < $n; $i++) { // It goes 0 = outside, 1 = begin tag, 2 = inside, 3 = close tag, repeat. if ($i % 4 == 0) { $parts[$i] = preg_replace('~\\[html\\](.+?)\\[/html\\]~ise', '\'[html]\' . preg_replace(\'~<br\\s?/?' . '>~i\', \'<br /><br />\', \'$1\') . \'[/html]\'', $parts[$i]); } } $form_message = implode('', $parts); } $form_message = preg_replace('~<br ?/?' . '>~i', "\n", $form_message); // Remove any nested quotes, if necessary. if (!empty($modSettings['removeNestedQuotes'])) { $form_message = preg_replace(array('~\\n?\\[quote.*?\\].+?\\[/quote\\]\\n?~is', '~^\\n~', '~\\[/quote\\]~'), '', $form_message); } // Add a quote string on the front and end. $form_message = '[quote author=' . $mname . ' link=topic=' . $topic . '.msg' . (int) $_REQUEST['quote'] . '#msg' . (int) $_REQUEST['quote'] . ' date=' . $mdate . ']' . "\n" . rtrim($form_message) . "\n" . '[/quote]'; } elseif (!empty($topic) && empty($_REQUEST['quote'])) { // Get the first message's subject. $form_subject = $first_subject; // Add 'Re: ' to the front of the subject. if (trim($context['response_prefix']) != '' && $form_subject != '' && $smcFunc['strpos']($form_subject, trim($context['response_prefix'])) !== 0) { $form_subject = $context['response_prefix'] . $form_subject; } // Censor the subject. censorText($form_subject); $form_message = ''; } else { $form_subject = isset($_GET['subject']) ? $_GET['subject'] : ''; $form_message = ''; } } // !!! This won't work if you're posting an event. if (allowedTo('post_attachment') || allowedTo('post_unapproved_attachments')) { if (empty($_SESSION['temp_attachments'])) { $_SESSION['temp_attachments'] = array(); } if (!empty($modSettings['currentAttachmentUploadDir'])) { if (!is_array($modSettings['attachmentUploadDir'])) { $modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']); } // Just use the current path for temp files. $current_attach_dir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']]; } else { $current_attach_dir = $modSettings['attachmentUploadDir']; } // If this isn't a new post, check the current attachments. if (isset($_REQUEST['msg'])) { $request = $smcFunc['db_query']('', ' SELECT COUNT(*), SUM(size) FROM {db_prefix}attachments WHERE id_msg = {int:id_msg} AND attachment_type = {int:attachment_type}', array('id_msg' => (int) $_REQUEST['msg'], 'attachment_type' => 0)); list($quantity, $total_size) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); } else { $quantity = 0; $total_size = 0; } $temp_start = 0; if (!empty($_SESSION['temp_attachments'])) { if ($context['current_action'] != 'post2' || !empty($_POST['from_qr'])) { $context['post_error']['messages'][] = $txt['error_temp_attachments']; $context['error_type'] = 'minor'; } foreach ($_SESSION['temp_attachments'] as $attachID => $name) { $temp_start++; if (preg_match('~^post_tmp_' . $user_info['id'] . '_\\d+$~', $attachID) == 0) { unset($_SESSION['temp_attachments'][$attachID]); continue; } if (!empty($_POST['attach_del']) && !in_array($attachID, $_POST['attach_del'])) { $deleted_attachments = true; unset($_SESSION['temp_attachments'][$attachID]); @unlink($current_attach_dir . '/' . $attachID); continue; } $quantity++; $total_size += filesize($current_attach_dir . '/' . $attachID); $context['current_attachments'][] = array('name' => htmlspecialchars($name), 'id' => $attachID, 'approved' => 1); } } if (!empty($_POST['attach_del'])) { $del_temp = array(); foreach ($_POST['attach_del'] as $i => $dummy) { $del_temp[$i] = (int) $dummy; } foreach ($context['current_attachments'] as $k => $dummy) { if (!in_array($dummy['id'], $del_temp)) { $context['current_attachments'][$k]['unchecked'] = true; $deleted_attachments = !isset($deleted_attachments) || is_bool($deleted_attachments) ? 1 : $deleted_attachments + 1; $quantity--; } } } if (!empty($_FILES['attachment'])) { foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) { if ($_FILES['attachment']['name'][$n] == '') { continue; } if (!is_uploaded_file($_FILES['attachment']['tmp_name'][$n]) || @ini_get('open_basedir') == '' && !file_exists($_FILES['attachment']['tmp_name'][$n])) { fatal_lang_error('attach_timeout', 'critical'); } if (!empty($modSettings['attachmentSizeLimit']) && $_FILES['attachment']['size'][$n] > $modSettings['attachmentSizeLimit'] * 1024) { fatal_lang_error('file_too_big', false, array($modSettings['attachmentSizeLimit'])); } $quantity++; if (!empty($modSettings['attachmentNumPerPostLimit']) && $quantity > $modSettings['attachmentNumPerPostLimit']) { fatal_lang_error('attachments_limit_per_post', false, array($modSettings['attachmentNumPerPostLimit'])); } $total_size += $_FILES['attachment']['size'][$n]; if (!empty($modSettings['attachmentPostLimit']) && $total_size > $modSettings['attachmentPostLimit'] * 1024) { fatal_lang_error('file_too_big', false, array($modSettings['attachmentPostLimit'])); } if (!empty($modSettings['attachmentCheckExtensions'])) { if (!in_array(strtolower(substr(strrchr($_FILES['attachment']['name'][$n], '.'), 1)), explode(',', strtolower($modSettings['attachmentExtensions'])))) { fatal_error($_FILES['attachment']['name'][$n] . '.<br />' . $txt['cant_upload_type'] . ' ' . $modSettings['attachmentExtensions'] . '.', false); } } if (!empty($modSettings['attachmentDirSizeLimit'])) { // Make sure the directory isn't full. $dirSize = 0; $dir = @opendir($current_attach_dir) or fatal_lang_error('cant_access_upload_path', 'critical'); while ($file = readdir($dir)) { if ($file == '.' || $file == '..') { continue; } if (preg_match('~^post_tmp_\\d+_\\d+$~', $file) != 0) { // Temp file is more than 5 hours old! if (filemtime($current_attach_dir . '/' . $file) < time() - 18000) { @unlink($current_attach_dir . '/' . $file); } continue; } $dirSize += filesize($current_attach_dir . '/' . $file); } closedir($dir); // Too big! Maybe you could zip it or something... if ($_FILES['attachment']['size'][$n] + $dirSize > $modSettings['attachmentDirSizeLimit'] * 1024) { fatal_lang_error('ran_out_of_space'); } } if (!is_writable($current_attach_dir)) { fatal_lang_error('attachments_no_write', 'critical'); } $attachID = 'post_tmp_' . $user_info['id'] . '_' . $temp_start++; $_SESSION['temp_attachments'][$attachID] = basename($_FILES['attachment']['name'][$n]); $context['current_attachments'][] = array('name' => htmlspecialchars(basename($_FILES['attachment']['name'][$n])), 'id' => $attachID, 'approved' => 1); $destName = $current_attach_dir . '/' . $attachID; if (!move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName)) { fatal_lang_error('attach_timeout', 'critical'); } @chmod($destName, 0644); } } } // If we are coming here to make a reply, and someone has already replied... make a special warning message. if (isset($newRepliesError)) { $context['post_error']['messages'][] = $newRepliesError == 1 ? $txt['error_new_reply'] : $txt['error_new_replies']; $context['error_type'] = 'minor'; } if (isset($oldTopicError)) { $context['post_error']['messages'][] = sprintf($txt['error_old_topic'], $modSettings['oldTopicDays']); $context['error_type'] = 'minor'; } // What are you doing? Posting a poll, modifying, previewing, new post, or reply... if (isset($_REQUEST['poll'])) { $context['page_title'] = $txt['new_poll']; } elseif ($context['make_event']) { $context['page_title'] = $context['event']['id'] == -1 ? $txt['calendar_post_event'] : $txt['calendar_edit']; } elseif (isset($_REQUEST['msg'])) { $context['page_title'] = $txt['modify_msg']; } elseif (isset($_REQUEST['subject'], $context['preview_subject'])) { $context['page_title'] = $txt['preview'] . ' - ' . strip_tags($context['preview_subject']); } elseif (empty($topic)) { $context['page_title'] = $txt['start_new_topic']; } else { $context['page_title'] = $txt['post_reply']; } // Build the link tree. if (empty($topic)) { $context['linktree'][] = array('name' => '<em>' . $txt['start_new_topic'] . '</em>'); } else { $context['linktree'][] = array('url' => $scripturl . '?topic=' . $topic . '.' . $_REQUEST['start'], 'name' => $form_subject, 'extra_before' => '<span' . ($settings['linktree_inline'] ? ' class="smalltext"' : '') . '><strong class="nav">' . $context['page_title'] . ' ( </strong></span>', 'extra_after' => '<span' . ($settings['linktree_inline'] ? ' class="smalltext"' : '') . '><strong class="nav"> )</strong></span>'); } // Give wireless a linktree url to the post screen, so that they can switch to full version. if (WIRELESS) { $context['linktree'][count($context['linktree']) - 1]['url'] = $scripturl . '?action=post;' . (!empty($topic) ? 'topic=' . $topic : 'board=' . $board) . '.' . $_REQUEST['start'] . (isset($_REQUEST['msg']) ? ';msg=' . (int) $_REQUEST['msg'] . ';' . $context['session_var'] . '=' . $context['session_id'] : ''); } // If they've unchecked an attachment, they may still want to attach that many more files, but don't allow more than num_allowed_attachments. // !!! This won't work if you're posting an event. $context['num_allowed_attachments'] = empty($modSettings['attachmentNumPerPostLimit']) ? 50 : min($modSettings['attachmentNumPerPostLimit'] - count($context['current_attachments']) + (isset($deleted_attachments) ? $deleted_attachments : 0), $modSettings['attachmentNumPerPostLimit']); $context['can_post_attachment'] = !empty($modSettings['attachmentEnable']) && $modSettings['attachmentEnable'] == 1 && (allowedTo('post_attachment') || $modSettings['postmod_active'] && allowedTo('post_unapproved_attachments')) && $context['num_allowed_attachments'] > 0; $context['can_post_attachment_unapproved'] = allowedTo('post_attachment'); $context['subject'] = addcslashes($form_subject, '"'); $context['message'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), $form_message); // Needed for the editor and message icons. require_once $sourcedir . '/Subs-Editor.php'; // Now create the editor. $editorOptions = array('id' => 'message', 'value' => $context['message'], 'labels' => array('post_button' => $context['submit_label']), 'height' => '175px', 'width' => '100%', 'preview_type' => 2); create_control_richedit($editorOptions); // Store the ID. $context['post_box_name'] = $editorOptions['id']; $context['attached'] = ''; $context['make_poll'] = isset($_REQUEST['poll']); // Message icons - customized icons are off? $context['icons'] = getMessageIcons($board); if (!empty($context['icons'])) { $context['icons'][count($context['icons']) - 1]['is_last'] = true; } $context['icon_url'] = ''; for ($i = 0, $n = count($context['icons']); $i < $n; $i++) { $context['icons'][$i]['selected'] = $context['icon'] == $context['icons'][$i]['value']; if ($context['icons'][$i]['selected']) { $context['icon_url'] = $context['icons'][$i]['url']; } } if (empty($context['icon_url'])) { $context['icon_url'] = $settings[file_exists($settings['theme_dir'] . '/images/post/' . $context['icon'] . '.gif') ? 'images_url' : 'default_images_url'] . '/post/' . $context['icon'] . '.gif'; array_unshift($context['icons'], array('value' => $context['icon'], 'name' => $txt['current_icon'], 'url' => $context['icon_url'], 'is_last' => empty($context['icons']), 'selected' => true)); } if (!empty($topic) && !empty($modSettings['topicSummaryPosts'])) { getTopic(); } // If the user can post attachments prepare the warning labels. if ($context['can_post_attachment']) { $context['allowed_extensions'] = strtr($modSettings['attachmentExtensions'], array(',' => ', ')); $context['attachment_restrictions'] = array(); $attachmentRestrictionTypes = array('attachmentNumPerPostLimit', 'attachmentPostLimit', 'attachmentSizeLimit'); foreach ($attachmentRestrictionTypes as $type) { if (!empty($modSettings[$type])) { $context['attachment_restrictions'][] = sprintf($txt['attach_restrict_' . $type], $modSettings[$type]); } } } $context['back_to_topic'] = isset($_REQUEST['goback']) || isset($_REQUEST['msg']) && !isset($_REQUEST['subject']); $context['show_additional_options'] = !empty($_POST['additional_options']) || !empty($_SESSION['temp_attachments']) || !empty($deleted_attachments); $context['is_new_topic'] = empty($topic); $context['is_new_post'] = !isset($_REQUEST['msg']); $context['is_first_post'] = $context['is_new_topic'] || isset($_REQUEST['msg']) && $_REQUEST['msg'] == $id_first_msg; // Do we need to show the visual verification image? $context['require_verification'] = !$user_info['is_mod'] && !$user_info['is_admin'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || $user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1); if ($context['require_verification']) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'post'); $context['require_verification'] = create_control_verification($verificationOptions); $context['visual_verification_id'] = $verificationOptions['id']; } // If they came from quick reply, and have to enter verification details, give them some notice. if (!empty($_REQUEST['from_qr']) && !empty($context['require_verification'])) { $context['post_error']['messages'][] = $txt['enter_verification_details']; $context['error_type'] = 'minor'; } // WYSIWYG only works if BBC is enabled $modSettings['disable_wysiwyg'] = !empty($modSettings['disable_wysiwyg']) || empty($modSettings['enableBBC']); // Register this form in the session variables. checkSubmitOnce('register'); // Finally, load the template. if (WIRELESS && WIRELESS_PROTOCOL != 'wap') { $context['sub_template'] = WIRELESS_PROTOCOL . '_post'; } elseif (!isset($_REQUEST['xml'])) { loadTemplate('Post'); } }
/** * Handles showing the post screen, loading the post to be modified, and loading any post quoted. * * - additionally handles previews of posts. * - @uses the Post template and language file, main sub template. * - allows wireless access using the protocol_post sub template. * - requires different permissions depending on the actions, but most notably post_new, post_reply_own, and post_reply_any. * - shows options for the editing and posting of calendar events and attachments, as well as the posting of polls. * - accessed from ?action=post. */ function Post($post_errors = array()) { global $txt, $scripturl, $topic, $modSettings, $board; global $user_info, $sc, $board_info, $context, $settings; global $sourcedir, $options, $smcFunc, $language; loadLanguage('Post'); // You can't reply with a poll... hacker. if (isset($_REQUEST['poll']) && !empty($topic) && !isset($_REQUEST['msg'])) { unset($_REQUEST['poll']); } // Posting an event? $context['make_event'] = isset($_REQUEST['calendar']); $context['robot_no_index'] = true; // You must be posting to *some* board. if (empty($board) && !$context['make_event']) { fatal_lang_error('no_board', false); } require_once $sourcedir . '/Subs-Post.php'; if (isset($_REQUEST['xml'])) { $context['sub_template'] = 'post'; // Just in case of an earlier error... $context['preview_message'] = ''; $context['preview_subject'] = ''; } // No message is complete without a topic. if (empty($topic) && !empty($_REQUEST['msg'])) { $request = $smcFunc['db_query']('', ' SELECT id_topic FROM {db_prefix}messages WHERE id_msg = {int:msg}', array('msg' => (int) $_REQUEST['msg'])); if ($smcFunc['db_num_rows']($request) != 1) { unset($_REQUEST['msg'], $_POST['msg'], $_GET['msg']); } else { list($topic) = $smcFunc['db_fetch_row']($request); } $smcFunc['db_free_result']($request); } // Check if it's locked. It isn't locked if no topic is specified. if (!empty($topic)) { $request = $smcFunc['db_query']('', ' SELECT t.locked, IFNULL(ln.id_topic, 0) AS notify, t.is_sticky, t.id_poll, t.id_last_msg, mf.id_member, t.id_first_msg, mf.subject, CASE WHEN ml.poster_time > ml.modified_time THEN ml.poster_time ELSE ml.modified_time END AS last_post_time FROM {db_prefix}topics AS t LEFT JOIN {db_prefix}log_notify AS ln ON (ln.id_topic = t.id_topic AND ln.id_member = {int:current_member}) LEFT JOIN {db_prefix}messages AS mf ON (mf.id_msg = t.id_first_msg) LEFT JOIN {db_prefix}messages AS ml ON (ml.id_msg = t.id_last_msg) WHERE t.id_topic = {int:current_topic} LIMIT 1', array('current_member' => $user_info['id'], 'current_topic' => $topic)); list($locked, $context['notify'], $sticky, $pollID, $context['topic_last_message'], $id_member_poster, $id_first_msg, $first_subject, $lastPostTime) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // If this topic already has a poll, they sure can't add another. if (isset($_REQUEST['poll']) && $pollID > 0) { unset($_REQUEST['poll']); } if (empty($_REQUEST['msg'])) { if ($user_info['is_guest'] && !allowedTo('post_reply_any') && (!$modSettings['postmod_active'] || !allowedTo('post_unapproved_replies_any'))) { is_not_guest(); } // By default the reply will be approved... $context['becomes_approved'] = true; if ($id_member_poster != $user_info['id']) { if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_any') && !allowedTo('post_reply_any')) { $context['becomes_approved'] = false; } else { isAllowedTo('post_reply_any'); } } elseif (!allowedTo('post_reply_any')) { if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_own') && !allowedTo('post_reply_own')) { $context['becomes_approved'] = false; } else { isAllowedTo('post_reply_own'); } } } else { $context['becomes_approved'] = true; } $context['can_lock'] = allowedTo('lock_any') || $user_info['id'] == $id_member_poster && allowedTo('lock_own'); $context['can_sticky'] = allowedTo('make_sticky') && !empty($modSettings['enableStickyTopics']); $context['notify'] = !empty($context['notify']); $context['sticky'] = isset($_REQUEST['sticky']) ? !empty($_REQUEST['sticky']) : $sticky; // Check whether this is a really old post being bumped... if (!empty($modSettings['oldTopicDays']) && $lastPostTime + $modSettings['oldTopicDays'] * 86400 < time() && empty($sticky) && !isset($_REQUEST['subject'])) { $post_errors[] = array('old_topic', array($modSettings['oldTopicDays'])); } } else { $context['becomes_approved'] = true; if (!$context['make_event'] || !empty($board)) { if ($modSettings['postmod_active'] && !allowedTo('post_new') && allowedTo('post_unapproved_topics')) { $context['becomes_approved'] = false; } else { isAllowedTo('post_new'); } } $locked = 0; // @todo These won't work if you're making an event. $context['can_lock'] = allowedTo(array('lock_any', 'lock_own')); $context['can_sticky'] = allowedTo('make_sticky') && !empty($modSettings['enableStickyTopics']); $context['notify'] = !empty($context['notify']); $context['sticky'] = !empty($_REQUEST['sticky']); } // @todo These won't work if you're posting an event! $context['can_notify'] = allowedTo('mark_any_notify'); $context['can_move'] = allowedTo('move_any'); $context['move'] = !empty($_REQUEST['move']); $context['announce'] = !empty($_REQUEST['announce']); // You can only announce topics that will get approved... $context['can_announce'] = allowedTo('announce_topic') && $context['becomes_approved']; $context['locked'] = !empty($locked) || !empty($_REQUEST['lock']); $context['can_quote'] = empty($modSettings['disabledBBC']) || !in_array('quote', explode(',', $modSettings['disabledBBC'])); // Generally don't show the approval box... (Assume we want things approved) $context['show_approval'] = allowedTo('approve_posts') && $context['becomes_approved'] ? 2 : (allowedTo('approve_posts') ? 1 : 0); // An array to hold all the attachments for this topic. $context['current_attachments'] = array(); // Don't allow a post if it's locked and you aren't all powerful. if ($locked && !allowedTo('moderate_board')) { fatal_lang_error('topic_locked', false); } // Check the users permissions - is the user allowed to add or post a poll? if (isset($_REQUEST['poll']) && $modSettings['pollMode'] == '1') { // New topic, new poll. if (empty($topic)) { isAllowedTo('poll_post'); } elseif ($user_info['id'] == $id_member_poster && !allowedTo('poll_add_any')) { isAllowedTo('poll_add_own'); } else { isAllowedTo('poll_add_any'); } require_once $sourcedir . '/Subs-Members.php'; $allowedVoteGroups = groupsAllowedTo('poll_vote', $board); // Set up the poll options. $context['poll_options'] = array('max_votes' => empty($_POST['poll_max_votes']) ? '1' : max(1, $_POST['poll_max_votes']), 'hide' => empty($_POST['poll_hide']) ? 0 : $_POST['poll_hide'], 'expire' => !isset($_POST['poll_expire']) ? '' : $_POST['poll_expire'], 'change_vote' => isset($_POST['poll_change_vote']), 'guest_vote' => isset($_POST['poll_guest_vote']), 'guest_vote_enabled' => in_array(-1, $allowedVoteGroups['allowed'])); // Make all five poll choices empty. $context['choices'] = array(array('id' => 0, 'number' => 1, 'label' => '', 'is_last' => false), array('id' => 1, 'number' => 2, 'label' => '', 'is_last' => false), array('id' => 2, 'number' => 3, 'label' => '', 'is_last' => false), array('id' => 3, 'number' => 4, 'label' => '', 'is_last' => false), array('id' => 4, 'number' => 5, 'label' => '', 'is_last' => true)); $context['last_choice_id'] = 4; } if ($context['make_event']) { // They might want to pick a board. if (!isset($context['current_board'])) { $context['current_board'] = 0; } // Start loading up the event info. $context['event'] = array(); $context['event']['title'] = isset($_REQUEST['evtitle']) ? htmlspecialchars(stripslashes($_REQUEST['evtitle'])) : ''; $context['event']['id'] = isset($_REQUEST['eventid']) ? (int) $_REQUEST['eventid'] : -1; $context['event']['new'] = $context['event']['id'] == -1; // Permissions check! isAllowedTo('calendar_post'); // Editing an event? (but NOT previewing!?) if (empty($context['event']['new']) && !isset($_REQUEST['subject'])) { // If the user doesn't have permission to edit the post in this topic, redirect them. if ((empty($id_member_poster) || $id_member_poster != $user_info['id'] || !allowedTo('modify_own')) && !allowedTo('modify_any')) { require_once $sourcedir . '/Calendar.php'; return CalendarPost(); } // Get the current event information. $request = $smcFunc['db_query']('', ' SELECT id_member, title, MONTH(start_date) AS month, DAYOFMONTH(start_date) AS day, YEAR(start_date) AS year, (TO_DAYS(end_date) - TO_DAYS(start_date)) AS span FROM {db_prefix}calendar WHERE id_event = {int:id_event} LIMIT 1', array('id_event' => $context['event']['id'])); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // Make sure the user is allowed to edit this event. if ($row['id_member'] != $user_info['id']) { isAllowedTo('calendar_edit_any'); } elseif (!allowedTo('calendar_edit_any')) { isAllowedTo('calendar_edit_own'); } $context['event']['month'] = $row['month']; $context['event']['day'] = $row['day']; $context['event']['year'] = $row['year']; $context['event']['title'] = $row['title']; $context['event']['span'] = $row['span'] + 1; } else { $today = getdate(); // You must have a month and year specified! if (!isset($_REQUEST['month'])) { $_REQUEST['month'] = $today['mon']; } if (!isset($_REQUEST['year'])) { $_REQUEST['year'] = $today['year']; } $context['event']['month'] = (int) $_REQUEST['month']; $context['event']['year'] = (int) $_REQUEST['year']; $context['event']['day'] = isset($_REQUEST['day']) ? $_REQUEST['day'] : ($_REQUEST['month'] == $today['mon'] ? $today['mday'] : 0); $context['event']['span'] = isset($_REQUEST['span']) ? $_REQUEST['span'] : 1; // Make sure the year and month are in the valid range. if ($context['event']['month'] < 1 || $context['event']['month'] > 12) { fatal_lang_error('invalid_month', false); } if ($context['event']['year'] < $modSettings['cal_minyear'] || $context['event']['year'] > $modSettings['cal_maxyear']) { fatal_lang_error('invalid_year', false); } // Get a list of boards they can post in. $boards = boardsAllowedTo('post_new'); if (empty($boards)) { fatal_lang_error('cannot_post_new', 'user'); } // Load a list of boards for this event in the context. require_once $sourcedir . '/Subs-MessageIndex.php'; $boardListOptions = array('included_boards' => in_array(0, $boards) ? null : $boards, 'not_redirection' => true, 'use_permissions' => true, 'selected_board' => empty($context['current_board']) ? $modSettings['cal_defaultboard'] : $context['current_board']); $context['event']['categories'] = getBoardList($boardListOptions); } // Find the last day of the month. $context['event']['last_day'] = (int) strftime('%d', mktime(0, 0, 0, $context['event']['month'] == 12 ? 1 : $context['event']['month'] + 1, 0, $context['event']['month'] == 12 ? $context['event']['year'] + 1 : $context['event']['year'])); $context['event']['board'] = !empty($board) ? $board : $modSettings['cal_defaultboard']; } // See if any new replies have come along. // Huh, $_REQUEST['msg'] is set upon submit, so this doesn't get executed at submit // only at preview if (empty($_REQUEST['msg']) && !empty($topic)) { if (empty($options['no_new_reply_warning']) && isset($_REQUEST['last_msg']) && $context['topic_last_message'] > $_REQUEST['last_msg']) { $request = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}messages WHERE id_topic = {int:current_topic} AND id_msg > {int:last_msg}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : ' AND approved = {int:approved}') . ' LIMIT 1', array('current_topic' => $topic, 'last_msg' => (int) $_REQUEST['last_msg'], 'approved' => 1)); list($context['new_replies']) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if (!empty($context['new_replies'])) { if ($context['new_replies'] == 1) { $txt['error_new_replies'] = isset($_GET['last_msg']) ? $txt['error_new_reply_reading'] : $txt['error_new_reply']; } else { $txt['error_new_replies'] = sprintf(isset($_GET['last_msg']) ? $txt['error_new_replies_reading'] : $txt['error_new_replies'], $context['new_replies']); } $post_errors[] = 'new_replies'; $modSettings['topicSummaryPosts'] = $context['new_replies'] > $modSettings['topicSummaryPosts'] ? max($modSettings['topicSummaryPosts'], 5) : $modSettings['topicSummaryPosts']; } } } // Get a response prefix (like 'Re:') in the default forum language. if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) { if ($language === $user_info['language']) { $context['response_prefix'] = $txt['response_prefix']; } else { loadLanguage('index', $language, false); $context['response_prefix'] = $txt['response_prefix']; loadLanguage('index'); } cache_put_data('response_prefix', $context['response_prefix'], 600); } // Previewing, modifying, or posting? // Do we have a body, but an error happened. if (isset($_REQUEST['message']) || !empty($context['post_error'])) { // Validate inputs. if (empty($context['post_error'])) { // This means they didn't click Post and get an error. $really_previewing = true; } else { if (!isset($_REQUEST['subject'])) { $_REQUEST['subject'] = ''; } if (!isset($_REQUEST['message'])) { $_REQUEST['message'] = ''; } if (!isset($_REQUEST['icon'])) { $_REQUEST['icon'] = 'xx'; } // They are previewing if they asked to preview (i.e. came from quick reply). $really_previewing = !empty($_POST['preview']); } // In order to keep the approval status flowing through, we have to pass it through the form... $context['becomes_approved'] = empty($_REQUEST['not_approved']); $context['show_approval'] = isset($_REQUEST['approve']) ? $_REQUEST['approve'] ? 2 : 1 : 0; $context['can_announce'] &= $context['becomes_approved']; // Set up the inputs for the form. $form_subject = strtr($smcFunc['htmlspecialchars']($_REQUEST['subject']), array("\r" => '', "\n" => '', "\t" => '')); $form_message = $smcFunc['htmlspecialchars']($_REQUEST['message'], ENT_QUOTES); // Make sure the subject isn't too long - taking into account special characters. if ($smcFunc['strlen']($form_subject) > 100) { $form_subject = $smcFunc['substr']($form_subject, 0, 100); } if (isset($_REQUEST['poll'])) { $context['question'] = isset($_REQUEST['question']) ? $smcFunc['htmlspecialchars'](trim($_REQUEST['question'])) : ''; $context['choices'] = array(); $choice_id = 0; $_POST['options'] = empty($_POST['options']) ? array() : htmlspecialchars__recursive($_POST['options']); foreach ($_POST['options'] as $option) { if (trim($option) == '') { continue; } $context['choices'][] = array('id' => $choice_id++, 'number' => $choice_id, 'label' => $option, 'is_last' => false); } // One empty option for those with js disabled...I know are few... :P $context['choices'][] = array('id' => $choice_id++, 'number' => $choice_id, 'label' => '', 'is_last' => false); if (count($context['choices']) < 2) { $context['choices'][] = array('id' => $choice_id++, 'number' => $choice_id, 'label' => '', 'is_last' => false); } $context['last_choice_id'] = $choice_id; $context['choices'][count($context['choices']) - 1]['is_last'] = true; } // Are you... a guest? if ($user_info['is_guest']) { $_REQUEST['guestname'] = !isset($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']); $_REQUEST['email'] = !isset($_REQUEST['email']) ? '' : trim($_REQUEST['email']); $_REQUEST['guestname'] = htmlspecialchars($_REQUEST['guestname']); $context['name'] = $_REQUEST['guestname']; $_REQUEST['email'] = htmlspecialchars($_REQUEST['email']); $context['email'] = $_REQUEST['email']; $user_info['name'] = $_REQUEST['guestname']; } // Only show the preview stuff if they hit Preview. if (($really_previewing == true || isset($_REQUEST['xml'])) && !isset($_POST['id_draft'])) { // Set up the preview message and subject and censor them... $context['preview_message'] = $form_message; preparsecode($form_message, true); preparsecode($context['preview_message']); // Do all bulletin board code tags, with or without smileys. $context['preview_message'] = parse_bbc($context['preview_message'], isset($_REQUEST['ns']) ? 0 : 1); censorText($context['preview_message']); if ($form_subject != '') { $context['preview_subject'] = $form_subject; censorText($context['preview_subject']); } else { $context['preview_subject'] = '<em>' . $txt['no_subject'] . '</em>'; } // Protect any CDATA blocks. if (isset($_REQUEST['xml'])) { $context['preview_message'] = strtr($context['preview_message'], array(']]>' => ']]]]><![CDATA[>')); } } // Set up the checkboxes. $context['notify'] = !empty($_REQUEST['notify']); $context['use_smileys'] = !isset($_REQUEST['ns']); $context['icon'] = isset($_REQUEST['icon']) ? preg_replace('~[\\./\\\\*\':"<>]~', '', $_REQUEST['icon']) : 'xx'; // Set the destination action for submission. $context['destination'] = 'post2;start=' . $_REQUEST['start'] . (isset($_REQUEST['msg']) ? ';msg=' . $_REQUEST['msg'] . ';' . $context['session_var'] . '=' . $context['session_id'] : '') . (isset($_REQUEST['poll']) ? ';poll' : ''); $context['submit_label'] = isset($_REQUEST['msg']) ? $txt['save'] : $txt['post']; // Previewing an edit? if (isset($_REQUEST['msg']) && !empty($topic)) { // Get the existing message. $request = $smcFunc['db_query']('', ' SELECT m.id_member, m.modified_time, m.smileys_enabled, m.body, m.poster_name, m.poster_email, m.subject, m.icon, m.approved, IFNULL(a.size, -1) AS filesize, a.filename, a.id_attach, a.approved AS attachment_approved, t.id_member_started AS id_member_poster, m.poster_time, log.id_action FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic}) LEFT JOIN {db_prefix}attachments AS a ON (a.id_msg = m.id_msg AND a.attachment_type = {int:attachment_type}) LEFT JOIN {db_prefix}log_actions AS log ON (m.id_topic = log.id_topic AND log.action = {string:announce_action}) WHERE m.id_msg = {int:id_msg} AND m.id_topic = {int:current_topic}', array('current_topic' => $topic, 'attachment_type' => 0, 'id_msg' => $_REQUEST['msg'], 'announce_action' => 'announce_topic')); // The message they were trying to edit was most likely deleted. // @todo Change this error message? if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_board', false); } $row = $smcFunc['db_fetch_assoc']($request); $attachment_stuff = array($row); while ($row2 = $smcFunc['db_fetch_assoc']($request)) { $attachment_stuff[] = $row2; } $smcFunc['db_free_result']($request); if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) { // Give an extra five minutes over the disable time threshold, so they can type - assuming the post is public. if ($row['approved'] && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } elseif ($row['id_member_poster'] == $user_info['id'] && !allowedTo('modify_own')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_own'); } } elseif ($row['id_member_poster'] == $user_info['id'] && !allowedTo('modify_any')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_any'); } if (!empty($modSettings['attachmentEnable'])) { $request = $smcFunc['db_query']('', ' SELECT IFNULL(size, -1) AS filesize, filename, id_attach, approved FROM {db_prefix}attachments WHERE id_msg = {int:id_msg} AND attachment_type = {int:attachment_type} ORDER BY id_attach', array('id_msg' => (int) $_REQUEST['msg'], 'attachment_type' => 0)); while ($row = $smcFunc['db_fetch_assoc']($request)) { if ($row['filesize'] <= 0) { continue; } $context['current_attachments'][] = array('name' => htmlspecialchars($row['filename']), 'size' => $row['filesize'], 'id' => $row['id_attach'], 'approved' => $row['approved']); } $smcFunc['db_free_result']($request); } if ($context['can_announce'] && !empty($row['id_action'])) { loadLanguage('Errors'); $context['post_error']['messages'][] = $txt['error_topic_already_announced']; } // Allow moderators to change names.... if (allowedTo('moderate_forum') && !empty($topic)) { $request = $smcFunc['db_query']('', ' SELECT id_member, poster_name, poster_email FROM {db_prefix}messages WHERE id_msg = {int:id_msg} AND id_topic = {int:current_topic} LIMIT 1', array('current_topic' => $topic, 'id_msg' => (int) $_REQUEST['msg'])); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); if (empty($row['id_member'])) { $context['name'] = htmlspecialchars($row['poster_name']); $context['email'] = htmlspecialchars($row['poster_email']); } } } // No check is needed, since nothing is really posted. checkSubmitOnce('free'); } elseif (isset($_REQUEST['msg']) && !empty($topic)) { $_REQUEST['msg'] = (int) $_REQUEST['msg']; // Get the existing message. $request = $smcFunc['db_query']('', ' SELECT m.id_member, m.modified_time, m.smileys_enabled, m.body, m.poster_name, m.poster_email, m.subject, m.icon, m.approved, IFNULL(a.size, -1) AS filesize, a.filename, a.id_attach, a.approved AS attachment_approved, t.id_member_started AS id_member_poster, m.poster_time, log.id_action FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic}) LEFT JOIN {db_prefix}attachments AS a ON (a.id_msg = m.id_msg AND a.attachment_type = {int:attachment_type}) LEFT JOIN {db_prefix}log_actions AS log ON (m.id_topic = log.id_topic AND log.action = {string:announce_action}) WHERE m.id_msg = {int:id_msg} AND m.id_topic = {int:current_topic}', array('current_topic' => $topic, 'attachment_type' => 0, 'id_msg' => $_REQUEST['msg'], 'announce_action' => 'announce_topic')); // The message they were trying to edit was most likely deleted. if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_message', false); } $row = $smcFunc['db_fetch_assoc']($request); $attachment_stuff = array($row); while ($row2 = $smcFunc['db_fetch_assoc']($request)) { $attachment_stuff[] = $row2; } $smcFunc['db_free_result']($request); if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) { // Give an extra five minutes over the disable time threshold, so they can type - assuming the post is public. if ($row['approved'] && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } elseif ($row['id_member_poster'] == $user_info['id'] && !allowedTo('modify_own')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_own'); } } elseif ($row['id_member_poster'] == $user_info['id'] && !allowedTo('modify_any')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_any'); } if ($context['can_announce'] && !empty($row['id_action'])) { loadLanguage('Errors'); $context['post_error']['messages'][] = $txt['error_topic_already_announced']; } // When was it last modified? if (!empty($row['modified_time'])) { $context['last_modified'] = timeformat($row['modified_time']); } // Get the stuff ready for the form. $form_subject = $row['subject']; $form_message = un_preparsecode($row['body']); censorText($form_message); censorText($form_subject); // Check the boxes that should be checked. $context['use_smileys'] = !empty($row['smileys_enabled']); $context['icon'] = $row['icon']; // Show an "approve" box if the user can approve it, and the message isn't approved. if (!$row['approved'] && !$context['show_approval']) { $context['show_approval'] = allowedTo('approve_posts'); } // Sort the attachments so they are in the order saved $temp = array(); foreach ($attachment_stuff as $attachment) { if ($attachment['filesize'] >= 0 && !empty($modSettings['attachmentEnable'])) { $temp[$attachment['id_attach']] = $attachment; } } ksort($temp); // Load up 'em attachments! foreach ($temp as $attachment) { $context['current_attachments'][] = array('name' => htmlspecialchars($attachment['filename']), 'size' => $attachment['filesize'], 'id' => $attachment['id_attach'], 'approved' => $attachment['attachment_approved']); } // Allow moderators to change names.... if (allowedTo('moderate_forum') && empty($row['id_member'])) { $context['name'] = htmlspecialchars($row['poster_name']); $context['email'] = htmlspecialchars($row['poster_email']); } // Set the destinaton. $context['destination'] = 'post2;start=' . $_REQUEST['start'] . ';msg=' . $_REQUEST['msg'] . ';' . $context['session_var'] . '=' . $context['session_id'] . (isset($_REQUEST['poll']) ? ';poll' : ''); $context['submit_label'] = $txt['save']; } else { // By default.... $context['use_smileys'] = true; $context['icon'] = 'xx'; if ($user_info['is_guest']) { $context['name'] = isset($_SESSION['guest_name']) ? $_SESSION['guest_name'] : ''; $context['email'] = isset($_SESSION['guest_email']) ? $_SESSION['guest_email'] : ''; } $context['destination'] = 'post2;start=' . $_REQUEST['start'] . (isset($_REQUEST['poll']) ? ';poll' : ''); $context['submit_label'] = $txt['post']; // Posting a quoted reply? if (!empty($topic) && !empty($_REQUEST['quote'])) { // Make sure they _can_ quote this post, and if so get it. $request = $smcFunc['db_query']('', ' SELECT m.subject, IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.body FROM {db_prefix}messages AS m INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board}) LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member) WHERE m.id_msg = {int:id_msg}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : ' AND m.approved = {int:is_approved}') . ' LIMIT 1', array('id_msg' => (int) $_REQUEST['quote'], 'is_approved' => 1)); if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('quoted_post_deleted', false); } list($form_subject, $mname, $mdate, $form_message) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Add 'Re: ' to the front of the quoted subject. if (trim($context['response_prefix']) != '' && $smcFunc['strpos']($form_subject, trim($context['response_prefix'])) !== 0) { $form_subject = $context['response_prefix'] . $form_subject; } // Censor the message and subject. censorText($form_message); censorText($form_subject); // But if it's in HTML world, turn them into htmlspecialchar's so they can be edited! if (strpos($form_message, '[html]') !== false) { $parts = preg_split('~(\\[/code\\]|\\[code(?:=[^\\]]+)?\\])~i', $form_message, -1, PREG_SPLIT_DELIM_CAPTURE); for ($i = 0, $n = count($parts); $i < $n; $i++) { // It goes 0 = outside, 1 = begin tag, 2 = inside, 3 = close tag, repeat. if ($i % 4 == 0) { $parts[$i] = preg_replace('~\\[html\\](.+?)\\[/html\\]~ise', '\'[html]\' . preg_replace(\'~<br\\s?/?' . '>~i\', \'<br /><br />\', \'$1\') . \'[/html]\'', $parts[$i]); } } $form_message = implode('', $parts); } $form_message = preg_replace('~<br ?/?' . '>~i', "\n", $form_message); // Remove any nested quotes, if necessary. if (!empty($modSettings['removeNestedQuotes'])) { $form_message = preg_replace(array('~\\n?\\[quote.*?\\].+?\\[/quote\\]\\n?~is', '~^\\n~', '~\\[/quote\\]~'), '', $form_message); } // Add a quote string on the front and end. $form_message = '[quote author=' . $mname . ' link=topic=' . $topic . '.msg' . (int) $_REQUEST['quote'] . '#msg' . (int) $_REQUEST['quote'] . ' date=' . $mdate . ']' . "\n" . rtrim($form_message) . "\n" . '[/quote]'; } elseif (!empty($topic) && empty($_REQUEST['quote'])) { // Get the first message's subject. $form_subject = $first_subject; // Add 'Re: ' to the front of the subject. if (trim($context['response_prefix']) != '' && $form_subject != '' && $smcFunc['strpos']($form_subject, trim($context['response_prefix'])) !== 0) { $form_subject = $context['response_prefix'] . $form_subject; } // Censor the subject. censorText($form_subject); $form_message = ''; } else { $form_subject = isset($_GET['subject']) ? $_GET['subject'] : ''; $form_message = ''; } } $context['can_post_attachment'] = !empty($modSettings['attachmentEnable']) && $modSettings['attachmentEnable'] == 1 && (allowedTo('post_attachment') || $modSettings['postmod_active'] && allowedTo('post_unapproved_attachments')); if ($context['can_post_attachment']) { // If there are attachments, calculate the total size and how many. $context['attachments']['total_size'] = 0; $context['attachments']['quantity'] = 0; // If this isn't a new post, check the current attachments. if (isset($_REQUEST['msg'])) { $context['attachments']['quantity'] = count($context['current_attachments']); foreach ($context['current_attachments'] as $attachment) { $context['attachments']['total_size'] += $attachment['size']; } } // A bit of house keeping first. if (!empty($_SESSION['temp_attachments']) && count($_SESSION['temp_attachments']) == 1) { unset($_SESSION['temp_attachments']); } if (!empty($_SESSION['temp_attachments'])) { // Is this a request to delete them? if (isset($_GET['delete_temp'])) { foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false) { if (file_exists($attachment['tmp_name'])) { unlink($attachment['tmp_name']); } } } $post_errors[] = 'temp_attachments_gone'; $_SESSION['temp_attachments'] = array(); } elseif ($context['current_action'] != 'post2' || !empty($_POST['from_qr'])) { // Let's be nice and see if they belong here first. if (empty($_REQUEST['msg']) && empty($_SESSION['temp_attachments']['post']['msg']) && $_SESSION['temp_attachments']['post']['board'] == $board || !empty($_REQUEST['msg']) && $_SESSION['temp_attachments']['post']['msg'] == $_REQUEST['msg']) { // See if any files still exist before showing the warning message and the files attached. foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if (strpos($attachID, 'post_tmp_' . $user_info['id']) === false) { continue; } if (file_exists($attachment['tmp_name'])) { $post_errors[] = 'temp_attachments_new'; $context['files_in_session_warning'] = $txt['attached_files_in_session']; unset($_SESSION['temp_attachments']['post']['files']); break; } } } else { // Since, they don't belong here. Let's inform the user that they exist.. if (!empty($topic)) { $delete_link = '<a href="' . $scripturl . '?action=post' . (!empty($_REQUEST['msg']) ? ';msg=' . $_REQUEST['msg'] : '') . (!empty($_REQUEST['last_msg']) ? ';last_msg=' . $_REQUEST['last_msg'] : '') . ';topic=' . $topic . ';delete_temp">' . $txt['here'] . '</a>'; } else { $delete_link = '<a href="' . $scripturl . '?action=post;board=' . $board . ';delete_temp">' . $txt['here'] . '</a>'; } // Compile a list of the files to show the user. $file_list = array(); foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if (strpos($attachID, 'post_tmp_' . $user_info['id']) !== false) { $file_list[] = $attachment['name']; } } $_SESSION['temp_attachments']['post']['files'] = $file_list; $file_list = '<div class="attachments">' . implode('<br />', $file_list) . '</div>'; if (!empty($_SESSION['temp_attachments']['post']['msg'])) { // We have a message id, so we can link back to the old topic they were trying to edit.. $goback_link = '<a href="' . $scripturl . '?action=post' . (!empty($_SESSION['temp_attachments']['post']['msg']) ? ';msg=' . $_SESSION['temp_attachments']['post']['msg'] : '') . (!empty($_SESSION['temp_attachments']['post']['last_msg']) ? ';last_msg=' . $_SESSION['temp_attachments']['post']['last_msg'] : '') . ';topic=' . $_SESSION['temp_attachments']['post']['topic'] . ';additionalOptions">' . $txt['here'] . '</a>'; $post_errors[] = array('temp_attachments_found', array($delete_link, $goback_link, $file_list)); $context['ignore_temp_attachments'] = true; } else { $post_errors[] = array('temp_attachments_lost', array($delete_link, $file_list)); $context['ignore_temp_attachments'] = true; } } } if (!empty($context['we_are_history'])) { $post_errors[] = $context['we_are_history']; } foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if (isset($context['ignore_temp_attachments']) || isset($_SESSION['temp_attachments']['post']['files'])) { break; } if ($attachID != 'initial_error' && strpos($attachID, 'post_tmp_' . $user_info['id']) === false) { continue; } if ($attachID == 'initial_error') { $txt['error_attach_initial_error'] = $txt['attach_no_upload'] . '<div style="padding: 0 1em;">' . (is_array($attachment) ? vsprintf($txt[$attachment[0]], $attachment[1]) : $txt[$attachment]) . '</div>'; $post_errors[] = 'attach_initial_error'; unset($_SESSION['temp_attachments']); break; } // Show any errors which might of occured. if (!empty($attachment['errors'])) { $txt['error_attach_errors'] = empty($txt['error_attach_errors']) ? '<br />' : ''; $txt['error_attach_errors'] .= vsprintf($txt['attach_warning'], $attachment['name']) . '<div style="padding: 0 1em;">'; foreach ($attachment['errors'] as $error) { $txt['error_attach_errors'] .= (is_array($error) ? vsprintf($txt[$error[0]], $error[1]) : $txt[$error]) . '<br />'; } $txt['error_attach_errors'] .= '</div>'; $post_errors[] = 'attach_errors'; // Take out the trash. unset($_SESSION['temp_attachments'][$attachID]); if (file_exists($attachment['tmp_name'])) { unlink($attachment['tmp_name']); } continue; } // More house keeping. if (!file_exists($attachment['tmp_name'])) { unset($_SESSION['temp_attachments'][$attachID]); continue; } $context['attachments']['quantity']++; $context['attachments']['total_size'] += $attachment['size']; if (!isset($context['files_in_session_warning'])) { $context['files_in_session_warning'] = $txt['attached_files_in_session']; } $context['current_attachments'][] = array('name' => '<u>' . htmlspecialchars($attachment['name']) . '</u>', 'size' => $attachment['size'], 'id' => $attachID, 'unchecked' => false, 'approved' => 1); } } } // Do we need to show the visual verification image? $context['require_verification'] = !$user_info['is_mod'] && !$user_info['is_admin'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || $user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1); if ($context['require_verification']) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'post'); $context['require_verification'] = create_control_verification($verificationOptions); $context['visual_verification_id'] = $verificationOptions['id']; } // If they came from quick reply, and have to enter verification details, give them some notice. if (!empty($_REQUEST['from_qr']) && !empty($context['require_verification'])) { $post_errors[] = 'need_qr_verification'; } /* * There are two error types: serious and miinor. Serious errors * actually tell the user that a real error has occurred, while minor * errors are like warnings that let them know that something with * their post isn't right. */ $minor_errors = array('not_approved', 'new_replies', 'old_topic', 'need_qr_verification', 'no_subject'); call_integration_hook('integrate_post_errors', array($post_errors, $minor_errors)); // Any errors occurred? if (!empty($post_errors)) { loadLanguage('Errors'); $context['error_type'] = 'minor'; foreach ($post_errors as $post_error) { if (is_array($post_error)) { $post_error_id = $post_error[0]; $context['post_error'][$post_error_id] = vsprintf($txt['error_' . $post_error_id], $post_error[1]); // If it's not a minor error flag it as such. if (!in_array($post_error_id, $minor_errors)) { $context['error_type'] = 'serious'; } } else { $context['post_error'][$post_error] = $txt['error_' . $post_error]; // If it's not a minor error flag it as such. if (!in_array($post_error, $minor_errors)) { $context['error_type'] = 'serious'; } } } } // What are you doing? Posting a poll, modifying, previewing, new post, or reply... if (isset($_REQUEST['poll'])) { $context['page_title'] = $txt['new_poll']; } elseif ($context['make_event']) { $context['page_title'] = $context['event']['id'] == -1 ? $txt['calendar_post_event'] : $txt['calendar_edit']; } elseif (isset($_REQUEST['msg'])) { $context['page_title'] = $txt['modify_msg']; } elseif (isset($_REQUEST['subject'], $context['preview_subject'])) { $context['page_title'] = $txt['preview'] . ' - ' . strip_tags($context['preview_subject']); } elseif (empty($topic)) { $context['page_title'] = $txt['start_new_topic']; } else { $context['page_title'] = $txt['post_reply']; } // Build the link tree. if (empty($topic)) { $context['linktree'][] = array('name' => '<em>' . $txt['start_new_topic'] . '</em>'); } else { $context['linktree'][] = array('url' => $scripturl . '?topic=' . $topic . '.' . $_REQUEST['start'], 'name' => $form_subject, 'extra_before' => '<span><strong class="nav">' . $context['page_title'] . ' ( </strong></span>', 'extra_after' => '<span><strong class="nav"> )</strong></span>'); } // Give wireless a linktree url to the post screen, so that they can switch to full version. if (WIRELESS) { $context['linktree'][count($context['linktree']) - 1]['url'] = $scripturl . '?action=post;' . (!empty($topic) ? 'topic=' . $topic : 'board=' . $board) . '.' . $_REQUEST['start'] . (isset($_REQUEST['msg']) ? ';msg=' . (int) $_REQUEST['msg'] . ';' . $context['session_var'] . '=' . $context['session_id'] : ''); } $context['subject'] = addcslashes($form_subject, '"'); $context['message'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), $form_message); // Are post drafts enabled? $context['drafts_save'] = !empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_post_enabled']) && allowedTo('post_draft'); $context['drafts_autosave'] = !empty($context['drafts_save']) && !empty($modSettings['drafts_autosave_enabled']) && allowedTo('post_autosave_draft'); // Build a list of drafts that they can load in to the editor if (!empty($context['drafts_save'])) { require_once $sourcedir . '/Drafts.php'; ShowDrafts($user_info['id'], $topic); } // Needed for the editor and message icons. require_once $sourcedir . '/Subs-Editor.php'; // Now create the editor. $editorOptions = array('id' => 'message', 'value' => $context['message'], 'labels' => array('post_button' => $context['submit_label']), 'height' => '275px', 'width' => '100%', 'preview_type' => 2); create_control_richedit($editorOptions); // Store the ID. $context['post_box_name'] = $editorOptions['id']; $context['attached'] = ''; $context['make_poll'] = isset($_REQUEST['poll']); // Message icons - customized icons are off? $context['icons'] = getMessageIcons($board); if (!empty($context['icons'])) { $context['icons'][count($context['icons']) - 1]['is_last'] = true; } // Are we starting a poll? if set the poll icon as selected if its available if (isset($_REQUEST['poll'])) { foreach ($context['icons'] as $icons) { if (isset($icons['value']) && $icons['value'] == 'poll') { // if found we are done $context['icon'] = 'poll'; break; } } } $context['icon_url'] = ''; for ($i = 0, $n = count($context['icons']); $i < $n; $i++) { $context['icons'][$i]['selected'] = $context['icon'] == $context['icons'][$i]['value']; if ($context['icons'][$i]['selected']) { $context['icon_url'] = $context['icons'][$i]['url']; } } if (empty($context['icon_url'])) { $context['icon_url'] = $settings[file_exists($settings['theme_dir'] . '/images/post/' . $context['icon'] . '.png') ? 'images_url' : 'default_images_url'] . '/post/' . $context['icon'] . '.png'; array_unshift($context['icons'], array('value' => $context['icon'], 'name' => $txt['current_icon'], 'url' => $context['icon_url'], 'is_last' => empty($context['icons']), 'selected' => true)); } if (!empty($topic) && !empty($modSettings['topicSummaryPosts'])) { getTopic(); } // If the user can post attachments prepare the warning labels. if ($context['can_post_attachment']) { // If they've unchecked an attachment, they may still want to attach that many more files, but don't allow more than num_allowed_attachments. $context['num_allowed_attachments'] = empty($modSettings['attachmentNumPerPostLimit']) ? 50 : min($modSettings['attachmentNumPerPostLimit'] - count($context['current_attachments']), $modSettings['attachmentNumPerPostLimit']); $context['can_post_attachment_unapproved'] = allowedTo('post_attachment'); $context['attachment_restrictions'] = array(); $context['allowed_extensions'] = strtr(strtolower($modSettings['attachmentExtensions']), array(',' => ', ')); $attachmentRestrictionTypes = array('attachmentNumPerPostLimit', 'attachmentPostLimit', 'attachmentSizeLimit'); foreach ($attachmentRestrictionTypes as $type) { if (!empty($modSettings[$type])) { $context['attachment_restrictions'][] = sprintf($txt['attach_restrict_' . $type], comma_format($modSettings[$type], 0)); // Show some numbers. If they exist. if ($type == 'attachmentNumPerPostLimit' && $context['attachments']['quantity'] > 0) { $context['attachment_restrictions'][] = sprintf($txt['attach_remaining'], $modSettings['attachmentNumPerPostLimit'] - $context['attachments']['quantity']); } elseif ($type == 'attachmentPostLimit' && $context['attachments']['total_size'] > 0) { $context['attachment_restrictions'][] = sprintf($txt['attach_available'], comma_format(round(max($modSettings['attachmentPostLimit'] - $context['attachments']['total_size'] / 1028, 0)), 0)); } } } } $context['back_to_topic'] = isset($_REQUEST['goback']) || isset($_REQUEST['msg']) && !isset($_REQUEST['subject']); $context['show_additional_options'] = !empty($_POST['additional_options']) || isset($_SESSION['temp_attachments']['post']) || isset($_GET['additionalOptions']); $context['is_new_topic'] = empty($topic); $context['is_new_post'] = !isset($_REQUEST['msg']); $context['is_first_post'] = $context['is_new_topic'] || isset($_REQUEST['msg']) && $_REQUEST['msg'] == $id_first_msg; // WYSIWYG only works if BBC is enabled $modSettings['disable_wysiwyg'] = !empty($modSettings['disable_wysiwyg']) || empty($modSettings['enableBBC']); // Register this form in the session variables. checkSubmitOnce('register'); // Finally, load the template. if (WIRELESS && WIRELESS_PROTOCOL != 'wap') { $context['sub_template'] = WIRELESS_PROTOCOL . '_post'; } elseif (!isset($_REQUEST['xml'])) { loadTemplate('Post'); } }
function EditPost() { global $txt, $mbname, $context, $smcFunc, $sourcedir, $modSettings; // Get the ID $id = (int) $_REQUEST['id']; if (empty($id)) { fatal_error($txt['postscheduler_nopostselected'], false); } require_once $sourcedir . '/Subs-Post.php'; // Show the boards $context['schedule_boards'] = array(''); $request = $smcFunc['db_query']('', "\n\tSELECT \n\t\tb.ID_BOARD, b.name AS bName, c.name AS cName \n\tFROM {db_prefix}boards AS b, {db_prefix}categories AS c \n\tWHERE b.ID_CAT = c.ID_CAT ORDER BY c.cat_order, b.board_order"); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['schedule_boards'][$row['ID_BOARD']] = $row['cName'] . ' - ' . $row['bName']; } $smcFunc['db_free_result']($request); // Get the Data $context['schedulepost'] = array(); $request = $smcFunc['db_query']('', "\n\tSELECT \n\t\tID_POST, subject, ID_MEMBER, postername, post_time,\n\t\tmsgicon, body, locked, ID_TOPIC, ID_BOARD \n\tFROM {db_prefix}postscheduler \n\tWHERE ID_POST = {$id} LIMIT 1"); $row = $smcFunc['db_fetch_assoc']($request); $context['schedulepost'] = $row; $smcFunc['db_free_result']($request); // Load Message Icons $context['msg_icons'] = array(); $result = $smcFunc['db_query']('', "SELECT title, filename\n\t\t\t\tFROM {db_prefix}message_icons\n\t\t\t\t"); while ($row = $smcFunc['db_fetch_assoc']($result)) { $context['msg_icons'][] = $row; } // Set the page title $context['page_title'] = $mbname . ' - ' . $txt['postscheduler_editpost']; $context['sub_template'] = 'editpost'; // Check if spellchecking is both enabled and actually working. $context['show_spellchecking'] = !empty($modSettings['enableSpellChecking']) && function_exists('pspell_new'); $context['post_box_name'] = 'message'; $context['post_form'] = 'frmfeed'; // Needed for the WYSIWYG editor. require_once $sourcedir . '/Subs-Editor.php'; // Now create the editor. $editorOptions = array('id' => 'message', 'value' => $context['schedulepost']['body'], 'width' => '90%', 'form' => 'frmfeed', 'labels' => array('editpost' => $txt['postscheduler_editpost'])); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; }
function EditLink() { global $context, $mbname, $txt, $smcFunc, $modSettings, $sourcedir, $user_info; is_not_guest(); $context['sub_template'] = 'editlink'; //Set the page title $context['page_title'] = $mbname . $txt['smflinks_title'] . ' - ' . $txt['smflinks_editlink']; // Lookup the link and see if they can edit it. if (!empty($_REQUEST['id'])) { $id = (int) $_REQUEST['id']; } if (empty($id)) { fatal_error($txt['smflinks_nolinkselected']); } $context['link_id'] = $id; $dbresult = $smcFunc['db_query']('', ' SELECT ID_LINK, title, ID_CAT, description, url, ID_MEMBER FROM {db_prefix}links WHERE ID_LINK = {int:this_id} LIMIT 1', array('this_id' => $id)); $row = $smcFunc['db_fetch_assoc']($dbresult); $smcFunc['db_free_result']($dbresult); $context['links_link'] = $row; if (!allowedTo('edit_links_any') && (!allowedTo('edit_links_own') || $row['ID_MEMBER'] != $user_info['id'])) { fatal_error($txt['smflinks_perm_link_no_edit']); } GetCatPermission($row['ID_CAT'], 'editlink'); $dbresult = $smcFunc['db_query']('', ' SELECT ID_CAT, title, roworder FROM {db_prefix}links_cat ORDER BY roworder ASC'); // Get category count $cat_count = $smcFunc['db_affected_rows'](); if ($cat_count == 0) { fatal_error($txt['smflinks_nofirstcat'], false); } $context['links_cats'] = array(); while ($row = $smcFunc['db_fetch_assoc']($dbresult)) { $context['links_cats'][] = $row; } $smcFunc['db_free_result']($dbresult); // Check if spellchecking is both enabled and actually working. $context['show_spellchecking'] = !empty($modSettings['enableSpellChecking']) && function_exists('pspell_new'); // Needed for the WYSIWYG editor. require_once $sourcedir . '/Subs-Editor.php'; // Now create the editor. $editorOptions = array('id' => 'descript', 'value' => $context['links_link']['description'], 'width' => '90%', 'form' => 'links', 'labels' => array('addlink' => '')); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; }
/** * Shows a form to edit a forum mailing and its recipients. * * What it does: * - Called by ?action=admin;area=news;sa=mailingcompose. * - Requires the send_mail permission. * - Form is submitted to ?action=admin;area=news;sa=mailingsend. * * @uses ManageNews template, email_members_compose sub-template. */ public function action_mailingcompose() { global $txt, $context; // Setup the template! $context['page_title'] = $txt['admin_newsletters']; $context['sub_template'] = 'email_members_compose'; $context['subject'] = !empty($_POST['subject']) ? $_POST['subject'] : $context['forum_name'] . ': ' . htmlspecialchars($txt['subject'], ENT_COMPAT, 'UTF-8'); $context['message'] = !empty($_POST['message']) ? $_POST['message'] : htmlspecialchars($txt['message'] . "\n\n" . replaceBasicActionUrl($txt['regards_team']) . "\n\n" . '{$board_url}', ENT_COMPAT, 'UTF-8'); // Needed for the WYSIWYG editor. require_once SUBSDIR . '/Editor.subs.php'; // Now create the editor. $editorOptions = array('id' => 'message', 'value' => $context['message'], 'height' => '250px', 'width' => '100%', 'labels' => array('post_button' => $txt['sendtopic_send']), 'preview_type' => 2); create_control_richedit($editorOptions); if (isset($context['preview'])) { require_once SUBSDIR . '/Mail.subs.php'; $context['recipients']['members'] = !empty($_POST['members']) ? explode(',', $_POST['members']) : array(); $context['recipients']['exclude_members'] = !empty($_POST['exclude_members']) ? explode(',', $_POST['exclude_members']) : array(); $context['recipients']['groups'] = !empty($_POST['groups']) ? explode(',', $_POST['groups']) : array(); $context['recipients']['exclude_groups'] = !empty($_POST['exclude_groups']) ? explode(',', $_POST['exclude_groups']) : array(); $context['recipients']['emails'] = !empty($_POST['emails']) ? explode(';', $_POST['emails']) : array(); $context['email_force'] = !empty($_POST['email_force']) ? 1 : 0; $context['total_emails'] = !empty($_POST['total_emails']) ? (int) $_POST['total_emails'] : 0; $context['max_id_member'] = !empty($_POST['max_id_member']) ? (int) $_POST['max_id_member'] : 0; $context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0; $context['send_html'] = !empty($_POST['send_html']) ? '1' : '0'; return prepareMailingForPreview(); } // Start by finding any members! $toClean = array(); if (!empty($_POST['members'])) { $toClean[] = 'members'; } if (!empty($_POST['exclude_members'])) { $toClean[] = 'exclude_members'; } if (!empty($toClean)) { require_once SUBSDIR . '/Auth.subs.php'; foreach ($toClean as $type) { // Remove the quotes. $_POST[$type] = strtr((string) $_POST[$type], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $_POST[$type], $matches); $_POST[$type] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST[$type])))); foreach ($_POST[$type] as $index => $member) { if (strlen(trim($member)) > 0) { $_POST[$type][$index] = Util::htmlspecialchars(Util::strtolower(trim($member))); } else { unset($_POST[$type][$index]); } } // Find the members $_POST[$type] = implode(',', array_keys(findMembers($_POST[$type]))); } } if (isset($_POST['member_list']) && is_array($_POST['member_list'])) { $members = array(); foreach ($_POST['member_list'] as $member_id) { $members[] = (int) $member_id; } $_POST['members'] = implode(',', $members); } if (isset($_POST['exclude_member_list']) && is_array($_POST['exclude_member_list'])) { $members = array(); foreach ($_POST['exclude_member_list'] as $member_id) { $members[] = (int) $member_id; } $_POST['exclude_members'] = implode(',', $members); } // Clean the other vars. $this->action_mailingsend(true); // We need a couple strings from the email template file loadLanguage('EmailTemplates'); require_once SUBSDIR . '/News.subs.php'; // Get a list of all full banned users. Use their Username and email to find them. // Only get the ones that can't login to turn off notification. $context['recipients']['exclude_members'] = excludeBannedMembers(); // Did they select moderators - if so add them as specific members... if (!empty($context['recipients']['groups']) && in_array(3, $context['recipients']['groups']) || !empty($context['recipients']['exclude_groups']) && in_array(3, $context['recipients']['exclude_groups'])) { $mods = getModerators(); foreach ($mods as $row) { if (in_array(3, $context['recipients'])) { $context['recipients']['exclude_members'][] = $row; } else { $context['recipients']['members'][] = $row; } } } require_once SUBSDIR . '/Members.subs.php'; // For progress bar! $context['total_emails'] = count($context['recipients']['emails']); $context['max_id_member'] = maxMemberID(); // Clean up the arrays. $context['recipients']['members'] = array_unique($context['recipients']['members']); $context['recipients']['exclude_members'] = array_unique($context['recipients']['exclude_members']); }
/** * The central part of the board - topic display. * This function loads the posts in a topic up so they can be displayed. * It supports wireless, using wap/wap2/imode and the Wireless templates. * It uses the main sub template of the Display template. * It requires a topic, and can go to the previous or next topic from it. * It jumps to the correct post depending on a number/time/IS_MSG passed. * It depends on the messages_per_page, defaultMaxMessages and enableAllMessages settings. * It is accessed by ?topic=id_topic.START. */ function Display() { global $scripturl, $txt, $modSettings, $context, $settings; global $options, $sourcedir, $user_info, $board_info, $topic, $board; global $attachments, $messages_request, $topicinfo, $language, $smcFunc; // What are you gonna display if these are empty?! if (empty($topic)) { fatal_lang_error('no_board', false); } // Load the proper template and/or sub template. if (WIRELESS) { $context['sub_template'] = WIRELESS_PROTOCOL . '_display'; } else { loadTemplate('Display'); } // Not only does a prefetch make things slower for the server, but it makes it impossible to know if they read it. if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch') { ob_end_clean(); header('HTTP/1.1 403 Prefetch Forbidden'); die; } // How much are we sticking on each page? $context['messages_per_page'] = empty($modSettings['disableCustomPerPage']) && !empty($options['messages_per_page']) && !WIRELESS ? $options['messages_per_page'] : $modSettings['defaultMaxMessages']; // Let's do some work on what to search index. if (count($_GET) > 2) { foreach ($_GET as $k => $v) { if (!in_array($k, array('topic', 'board', 'start', session_name()))) { $context['robot_no_index'] = true; } } } if (!empty($_REQUEST['start']) && (!is_numeric($_REQUEST['start']) || $_REQUEST['start'] % $context['messages_per_page'] != 0)) { $context['robot_no_index'] = true; } // Find the previous or next topic. Make a fuss if there are no more. if (isset($_REQUEST['prev_next']) && ($_REQUEST['prev_next'] == 'prev' || $_REQUEST['prev_next'] == 'next')) { // No use in calculating the next topic if there's only one. if ($board_info['num_topics'] > 1) { // Just prepare some variables that are used in the query. $gt_lt = $_REQUEST['prev_next'] == 'prev' ? '>' : '<'; $order = $_REQUEST['prev_next'] == 'prev' ? '' : ' DESC'; $request = $smcFunc['db_query']('', ' SELECT t2.id_topic FROM {db_prefix}topics AS t INNER JOIN {db_prefix}topics AS t2 ON (' . (empty($modSettings['enableStickyTopics']) ? ' t2.id_last_msg ' . $gt_lt . ' t.id_last_msg' : ' (t2.id_last_msg ' . $gt_lt . ' t.id_last_msg AND t2.is_sticky ' . $gt_lt . '= t.is_sticky) OR t2.is_sticky ' . $gt_lt . ' t.is_sticky') . ') WHERE t.id_topic = {int:current_topic} AND t2.id_board = {int:current_board}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : ' AND (t2.approved = {int:is_approved} OR (t2.id_member_started != {int:id_member_started} AND t2.id_member_started = {int:current_member}))') . ' ORDER BY' . (empty($modSettings['enableStickyTopics']) ? '' : ' t2.is_sticky' . $order . ',') . ' t2.id_last_msg' . $order . ' LIMIT 1', array('current_board' => $board, 'current_member' => $user_info['id'], 'current_topic' => $topic, 'is_approved' => 1, 'id_member_started' => 0)); // No more left. if ($smcFunc['db_num_rows']($request) == 0) { $smcFunc['db_free_result']($request); // Roll over - if we're going prev, get the last - otherwise the first. $request = $smcFunc['db_query']('', ' SELECT id_topic FROM {db_prefix}topics WHERE id_board = {int:current_board}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : ' AND (approved = {int:is_approved} OR (id_member_started != {int:id_member_started} AND id_member_started = {int:current_member}))') . ' ORDER BY' . (empty($modSettings['enableStickyTopics']) ? '' : ' is_sticky' . $order . ',') . ' id_last_msg' . $order . ' LIMIT 1', array('current_board' => $board, 'current_member' => $user_info['id'], 'is_approved' => 1, 'id_member_started' => 0)); } // Now you can be sure $topic is the id_topic to view. list($topic) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); $context['current_topic'] = $topic; } // Go to the newest message on this topic. $_REQUEST['start'] = 'new'; } // Add 1 to the number of views of this topic (except for robots). if (!$user_info['possibly_robot'] && (empty($_SESSION['last_read_topic']) || $_SESSION['last_read_topic'] != $topic)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}topics SET num_views = num_views + 1 WHERE id_topic = {int:current_topic}', array('current_topic' => $topic)); $_SESSION['last_read_topic'] = $topic; } $topic_parameters = array('current_member' => $user_info['id'], 'current_topic' => $topic, 'current_board' => $board); $topic_selects = array(); $topic_tables = array(); call_integration_hook('integrate_display_topic', array(&$topic_selects, &$topic_tables, &$topic_parameters)); // @todo Why isn't this cached? // @todo if we get id_board in this query and cache it, we can save a query on posting // Get all the important topic info. $request = $smcFunc['db_query']('', ' SELECT t.num_replies, t.num_views, t.locked, ms.subject, t.is_sticky, t.id_poll, t.id_member_started, t.id_first_msg, t.id_last_msg, t.approved, t.unapproved_posts, t.id_redirect_topic, ' . ($user_info['is_guest'] ? 't.id_last_msg + 1' : 'IFNULL(lt.id_msg, IFNULL(lmr.id_msg, -1)) + 1') . ' AS new_from ' . (!empty($modSettings['recycle_board']) && $modSettings['recycle_board'] == $board ? ', id_previous_board, id_previous_topic' : '') . ' ' . (!empty($topic_selects) ? implode(',', $topic_selects) : '') . ' FROM {db_prefix}topics AS t INNER JOIN {db_prefix}messages AS ms ON (ms.id_msg = t.id_first_msg)' . ($user_info['is_guest'] ? '' : ' LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = {int:current_topic} AND lt.id_member = {int:current_member}) LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.id_board = {int:current_board} AND lmr.id_member = {int:current_member})') . ' ' . (!empty($topic_tables) ? implode("\n\t", $topic_tables) : '') . ' WHERE t.id_topic = {int:current_topic} LIMIT 1', $topic_parameters); if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('not_a_topic', false); } $topicinfo = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // Is this a moved topic that we are redirecting to? if (!empty($topicinfo['id_redirect_topic'])) { redirectexit('topic=' . $topicinfo['id_redirect_topic'] . '.0'); } $context['real_num_replies'] = $context['num_replies'] = $topicinfo['num_replies']; $context['topic_first_message'] = $topicinfo['id_first_msg']; $context['topic_last_message'] = $topicinfo['id_last_msg']; // Add up unapproved replies to get real number of replies... if ($modSettings['postmod_active'] && allowedTo('approve_posts')) { $context['real_num_replies'] += $topicinfo['unapproved_posts'] - ($topicinfo['approved'] ? 0 : 1); } // If this topic has unapproved posts, we need to work out how many posts the user can see, for page indexing. if ($modSettings['postmod_active'] && $topicinfo['unapproved_posts'] && !$user_info['is_guest'] && !allowedTo('approve_posts')) { $request = $smcFunc['db_query']('', ' SELECT COUNT(id_member) AS my_unapproved_posts FROM {db_prefix}messages WHERE id_topic = {int:current_topic} AND id_member = {int:current_member} AND approved = 0', array('current_topic' => $topic, 'current_member' => $user_info['id'])); list($myUnapprovedPosts) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); $context['total_visible_posts'] = $context['num_replies'] + $myUnapprovedPosts + ($topicinfo['approved'] ? 1 : 0); } elseif ($user_info['is_guest']) { $context['total_visible_posts'] = $context['num_replies'] + ($topicinfo['approved'] ? 1 : 0); } else { $context['total_visible_posts'] = $context['num_replies'] + $topicinfo['unapproved_posts'] + ($topicinfo['approved'] ? 1 : 0); } // When was the last time this topic was replied to? Should we warn them about it? $request = $smcFunc['db_query']('', ' SELECT poster_time FROM {db_prefix}messages WHERE id_msg = {int:id_last_msg} LIMIT 1', array('id_last_msg' => $topicinfo['id_last_msg'])); list($lastPostTime) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); $context['oldTopicError'] = !empty($modSettings['oldTopicDays']) && $lastPostTime + $modSettings['oldTopicDays'] * 86400 < time() && empty($topicinfo['is_sticky']); // The start isn't a number; it's information about what to do, where to go. if (!is_numeric($_REQUEST['start'])) { // Redirect to the page and post with new messages, originally by Omar Bazavilvazo. if ($_REQUEST['start'] == 'new') { // Guests automatically go to the last post. if ($user_info['is_guest']) { $context['start_from'] = $context['total_visible_posts'] - 1; $_REQUEST['start'] = empty($options['view_newest_first']) ? $context['start_from'] : 0; } else { // Find the earliest unread message in the topic. (the use of topics here is just for both tables.) $request = $smcFunc['db_query']('', ' SELECT IFNULL(lt.id_msg, IFNULL(lmr.id_msg, -1)) + 1 AS new_from FROM {db_prefix}topics AS t LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = {int:current_topic} AND lt.id_member = {int:current_member}) LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.id_board = {int:current_board} AND lmr.id_member = {int:current_member}) WHERE t.id_topic = {int:current_topic} LIMIT 1', array('current_board' => $board, 'current_member' => $user_info['id'], 'current_topic' => $topic)); list($new_from) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Fall through to the next if statement. $_REQUEST['start'] = 'msg' . $new_from; } } // Start from a certain time index, not a message. if (substr($_REQUEST['start'], 0, 4) == 'from') { $timestamp = (int) substr($_REQUEST['start'], 4); if ($timestamp === 0) { $_REQUEST['start'] = 0; } else { // Find the number of messages posted before said time... $request = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}messages WHERE poster_time < {int:timestamp} AND id_topic = {int:current_topic}' . ($modSettings['postmod_active'] && $topicinfo['unapproved_posts'] && !allowedTo('approve_posts') ? ' AND (approved = {int:is_approved}' . ($user_info['is_guest'] ? '' : ' OR id_member = {int:current_member}') . ')' : ''), array('current_topic' => $topic, 'current_member' => $user_info['id'], 'is_approved' => 1, 'timestamp' => $timestamp)); list($context['start_from']) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Handle view_newest_first options, and get the correct start value. $_REQUEST['start'] = empty($options['view_newest_first']) ? $context['start_from'] : $context['total_visible_posts'] - $context['start_from'] - 1; } } elseif (substr($_REQUEST['start'], 0, 3) == 'msg') { $virtual_msg = (int) substr($_REQUEST['start'], 3); if (!$topicinfo['unapproved_posts'] && $virtual_msg >= $topicinfo['id_last_msg']) { $context['start_from'] = $context['total_visible_posts'] - 1; } elseif (!$topicinfo['unapproved_posts'] && $virtual_msg <= $topicinfo['id_first_msg']) { $context['start_from'] = 0; } else { // Find the start value for that message...... $request = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}messages WHERE id_msg < {int:virtual_msg} AND id_topic = {int:current_topic}' . ($modSettings['postmod_active'] && $topicinfo['unapproved_posts'] && !allowedTo('approve_posts') ? ' AND (approved = {int:is_approved}' . ($user_info['is_guest'] ? '' : ' OR id_member = {int:current_member}') . ')' : ''), array('current_member' => $user_info['id'], 'current_topic' => $topic, 'virtual_msg' => $virtual_msg, 'is_approved' => 1, 'no_member' => 0)); list($context['start_from']) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); } // We need to reverse the start as well in this case. $_REQUEST['start'] = empty($options['view_newest_first']) ? $context['start_from'] : $context['total_visible_posts'] - $context['start_from'] - 1; } } // Create a previous next string if the selected theme has it as a selected option. $context['previous_next'] = $modSettings['enablePreviousNext'] ? '<a href="' . $scripturl . '?topic=' . $topic . '.0;prev_next=prev#new">' . $txt['previous_next_back'] . '</a> - <a href="' . $scripturl . '?topic=' . $topic . '.0;prev_next=next#new">' . $txt['previous_next_forward'] . '</a>' : ''; // Check if spellchecking is both enabled and actually working. (for quick reply.) $context['show_spellchecking'] = !empty($modSettings['enableSpellChecking']) && function_exists('pspell_new'); // Do we need to show the visual verification image? $context['require_verification'] = !$user_info['is_mod'] && !$user_info['is_admin'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || $user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1); if ($context['require_verification']) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'post'); $context['require_verification'] = create_control_verification($verificationOptions); $context['visual_verification_id'] = $verificationOptions['id']; } // Are we showing signatures - or disabled fields? $context['signature_enabled'] = substr($modSettings['signature_settings'], 0, 1) == 1; $context['disabled_fields'] = isset($modSettings['disabled_profile_fields']) ? array_flip(explode(',', $modSettings['disabled_profile_fields'])) : array(); // Censor the title... censorText($topicinfo['subject']); $context['page_title'] = $topicinfo['subject']; // Is this topic sticky, or can it even be? $topicinfo['is_sticky'] = empty($modSettings['enableStickyTopics']) ? '0' : $topicinfo['is_sticky']; // Default this topic to not marked for notifications... of course... $context['is_marked_notify'] = false; // Did we report a post to a moderator just now? $context['report_sent'] = isset($_GET['reportsent']); // Let's get nosey, who is viewing this topic? if (!empty($settings['display_who_viewing'])) { // Start out with no one at all viewing it. $context['view_members'] = array(); $context['view_members_list'] = array(); $context['view_num_hidden'] = 0; // Search for members who have this topic set in their GET data. $request = $smcFunc['db_query']('', ' SELECT lo.id_member, lo.log_time, mem.real_name, mem.member_name, mem.show_online, mg.online_color, mg.id_group, mg.group_name FROM {db_prefix}log_online AS lo LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = lo.id_member) LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = CASE WHEN mem.id_group = {int:reg_id_group} THEN mem.id_post_group ELSE mem.id_group END) WHERE INSTR(lo.url, {string:in_url_string}) > 0 OR lo.session = {string:session}', array('reg_id_group' => 0, 'in_url_string' => 's:5:"topic";i:' . $topic . ';', 'session' => $user_info['is_guest'] ? 'ip' . $user_info['ip'] : session_id())); while ($row = $smcFunc['db_fetch_assoc']($request)) { if (empty($row['id_member'])) { continue; } if (!empty($row['online_color'])) { $link = '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '" style="color: ' . $row['online_color'] . ';">' . $row['real_name'] . '</a>'; } else { $link = '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>'; } $is_buddy = in_array($row['id_member'], $user_info['buddies']); if ($is_buddy) { $link = '<strong>' . $link . '</strong>'; } // Add them both to the list and to the more detailed list. if (!empty($row['show_online']) || allowedTo('moderate_forum')) { $context['view_members_list'][$row['log_time'] . $row['member_name']] = empty($row['show_online']) ? '<em>' . $link . '</em>' : $link; } $context['view_members'][$row['log_time'] . $row['member_name']] = array('id' => $row['id_member'], 'username' => $row['member_name'], 'name' => $row['real_name'], 'group' => $row['id_group'], 'href' => $scripturl . '?action=profile;u=' . $row['id_member'], 'link' => $link, 'is_buddy' => $is_buddy, 'hidden' => empty($row['show_online'])); if (empty($row['show_online'])) { $context['view_num_hidden']++; } } // The number of guests is equal to the rows minus the ones we actually used ;). $context['view_num_guests'] = $smcFunc['db_num_rows']($request) - count($context['view_members']); $smcFunc['db_free_result']($request); // Sort the list. krsort($context['view_members']); krsort($context['view_members_list']); } // If all is set, but not allowed... just unset it. $can_show_all = !empty($modSettings['enableAllMessages']) && $context['total_visible_posts'] > $context['messages_per_page'] && $context['total_visible_posts'] < $modSettings['enableAllMessages']; if (isset($_REQUEST['all']) && !$can_show_all) { unset($_REQUEST['all']); } elseif (isset($_REQUEST['all'])) { $_REQUEST['start'] = -1; } // Construct the page index, allowing for the .START method... $context['page_index'] = constructPageIndex($scripturl . '?topic=' . $topic . '.%1$d', $_REQUEST['start'], $context['total_visible_posts'], $context['messages_per_page'], true); $context['start'] = $_REQUEST['start']; // This is information about which page is current, and which page we're on - in case you don't like the constructed page index. (again, wireles..) $context['page_info'] = array('current_page' => $_REQUEST['start'] / $context['messages_per_page'] + 1, 'num_pages' => floor(($context['total_visible_posts'] - 1) / $context['messages_per_page']) + 1); // Figure out all the link to the next/prev/first/last/etc. for wireless mainly. $context['links'] = array('first' => $_REQUEST['start'] >= $context['messages_per_page'] ? $scripturl . '?topic=' . $topic . '.0' : '', 'prev' => $_REQUEST['start'] >= $context['messages_per_page'] ? $scripturl . '?topic=' . $topic . '.' . ($_REQUEST['start'] - $context['messages_per_page']) : '', 'next' => $_REQUEST['start'] + $context['messages_per_page'] < $context['total_visible_posts'] ? $scripturl . '?topic=' . $topic . '.' . ($_REQUEST['start'] + $context['messages_per_page']) : '', 'last' => $_REQUEST['start'] + $context['messages_per_page'] < $context['total_visible_posts'] ? $scripturl . '?topic=' . $topic . '.' . floor($context['total_visible_posts'] / $context['messages_per_page']) * $context['messages_per_page'] : '', 'up' => $scripturl . '?board=' . $board . '.0'); // If they are viewing all the posts, show all the posts, otherwise limit the number. if ($can_show_all) { if (isset($_REQUEST['all'])) { // No limit! (actually, there is a limit, but...) $context['messages_per_page'] = -1; $context['page_index'] .= empty($modSettings['compactTopicPagesEnable']) ? '<strong>' . $txt['all'] . '</strong> ' : '[<strong>' . $txt['all'] . '</strong>] '; // Set start back to 0... $_REQUEST['start'] = 0; } else { $context['page_index'] .= ' <a href="' . $scripturl . '?topic=' . $topic . '.0;all">' . $txt['all'] . '</a> '; } } // Build the link tree. $context['linktree'][] = array('url' => $scripturl . '?topic=' . $topic . '.0', 'name' => $topicinfo['subject']); // Build a list of this board's moderators. $context['moderators'] =& $board_info['moderators']; $context['link_moderators'] = array(); if (!empty($board_info['moderators'])) { // Add a link for each moderator... foreach ($board_info['moderators'] as $mod) { $context['link_moderators'][] = '<a href="' . $scripturl . '?action=profile;u=' . $mod['id'] . '" title="' . $txt['board_moderator'] . '">' . $mod['name'] . '</a>'; } // And show it after the board's name. $context['linktree'][count($context['linktree']) - 2]['extra_after'] = '<span class="board_moderators"> (' . (count($context['link_moderators']) == 1 ? $txt['moderator'] : $txt['moderators']) . ': ' . implode(', ', $context['link_moderators']) . ')</span>'; } // Information about the current topic... $context['is_locked'] = $topicinfo['locked']; $context['is_sticky'] = $topicinfo['is_sticky']; $context['is_very_hot'] = $topicinfo['num_replies'] >= $modSettings['hotTopicVeryPosts']; $context['is_hot'] = $topicinfo['num_replies'] >= $modSettings['hotTopicPosts']; $context['is_approved'] = $topicinfo['approved']; // @todo Tricks? We don't want to show the poll icon in the topic class here, so pretend it's not one. $context['is_poll'] = false; determineTopicClass($context); $context['is_poll'] = $topicinfo['id_poll'] > 0 && $modSettings['pollMode'] == '1' && allowedTo('poll_view'); // Did this user start the topic or not? $context['user']['started'] = $user_info['id'] == $topicinfo['id_member_started'] && !$user_info['is_guest']; $context['topic_starter_id'] = $topicinfo['id_member_started']; // Set the topic's information for the template. $context['subject'] = $topicinfo['subject']; $context['num_views'] = $topicinfo['num_views']; $context['mark_unread_time'] = !empty($virtual_msg) ? $virtual_msg : $topicinfo['new_from']; // Set a canonical URL for this page. $context['canonical_url'] = $scripturl . '?topic=' . $topic . '.' . $context['start']; // For quick reply we need a response prefix in the default forum language. if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix', 600))) { if ($language === $user_info['language']) { $context['response_prefix'] = $txt['response_prefix']; } else { loadLanguage('index', $language, false); $context['response_prefix'] = $txt['response_prefix']; loadLanguage('index'); } cache_put_data('response_prefix', $context['response_prefix'], 600); } // If we want to show event information in the topic, prepare the data. if (allowedTo('calendar_view') && !empty($modSettings['cal_showInTopic']) && !empty($modSettings['cal_enabled'])) { // First, try create a better time format, ignoring the "time" elements. if (preg_match('~%[AaBbCcDdeGghjmuYy](?:[^%]*%[AaBbCcDdeGghjmuYy])*~', $user_info['time_format'], $matches) == 0 || empty($matches[0])) { $date_string = $user_info['time_format']; } else { $date_string = $matches[0]; } // Any calendar information for this topic? $request = $smcFunc['db_query']('', ' SELECT cal.id_event, cal.start_date, cal.end_date, cal.title, cal.id_member, mem.real_name FROM {db_prefix}calendar AS cal LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = cal.id_member) WHERE cal.id_topic = {int:current_topic} ORDER BY start_date', array('current_topic' => $topic)); $context['linked_calendar_events'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { // Prepare the dates for being formatted. $start_date = sscanf($row['start_date'], '%04d-%02d-%02d'); $start_date = mktime(12, 0, 0, $start_date[1], $start_date[2], $start_date[0]); $end_date = sscanf($row['end_date'], '%04d-%02d-%02d'); $end_date = mktime(12, 0, 0, $end_date[1], $end_date[2], $end_date[0]); $context['linked_calendar_events'][] = array('id' => $row['id_event'], 'title' => $row['title'], 'can_edit' => allowedTo('calendar_edit_any') || $row['id_member'] == $user_info['id'] && allowedTo('calendar_edit_own'), 'modify_href' => $scripturl . '?action=post;msg=' . $topicinfo['id_first_msg'] . ';topic=' . $topic . '.0;calendar;eventid=' . $row['id_event'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'can_export' => allowedTo('calendar_edit_any') || $row['id_member'] == $user_info['id'] && allowedTo('calendar_edit_own'), 'export_href' => $scripturl . '?action=calendar;sa=ical;eventid=' . $row['id_event'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'start_date' => timeformat($start_date, $date_string, 'none'), 'start_timestamp' => $start_date, 'end_date' => timeformat($end_date, $date_string, 'none'), 'end_timestamp' => $end_date, 'is_last' => false); } $smcFunc['db_free_result']($request); if (!empty($context['linked_calendar_events'])) { $context['linked_calendar_events'][count($context['linked_calendar_events']) - 1]['is_last'] = true; } } // Create the poll info if it exists. if ($context['is_poll']) { // Get the question and if it's locked. $request = $smcFunc['db_query']('', ' SELECT p.question, p.voting_locked, p.hide_results, p.expire_time, p.max_votes, p.change_vote, p.guest_vote, p.id_member, IFNULL(mem.real_name, p.poster_name) AS poster_name, p.num_guest_voters, p.reset_poll FROM {db_prefix}polls AS p LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = p.id_member) WHERE p.id_poll = {int:id_poll} LIMIT 1', array('id_poll' => $topicinfo['id_poll'])); $pollinfo = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $request = $smcFunc['db_query']('', ' SELECT COUNT(DISTINCT id_member) AS total FROM {db_prefix}log_polls WHERE id_poll = {int:id_poll} AND id_member != {int:not_guest}', array('id_poll' => $topicinfo['id_poll'], 'not_guest' => 0)); list($pollinfo['total']) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Total voters needs to include guest voters $pollinfo['total'] += $pollinfo['num_guest_voters']; // Get all the options, and calculate the total votes. $request = $smcFunc['db_query']('', ' SELECT pc.id_choice, pc.label, pc.votes, IFNULL(lp.id_choice, -1) AS voted_this FROM {db_prefix}poll_choices AS pc LEFT JOIN {db_prefix}log_polls AS lp ON (lp.id_choice = pc.id_choice AND lp.id_poll = {int:id_poll} AND lp.id_member = {int:current_member} AND lp.id_member != {int:not_guest}) WHERE pc.id_poll = {int:id_poll}', array('current_member' => $user_info['id'], 'id_poll' => $topicinfo['id_poll'], 'not_guest' => 0)); $pollOptions = array(); $realtotal = 0; $pollinfo['has_voted'] = false; while ($row = $smcFunc['db_fetch_assoc']($request)) { censorText($row['label']); $pollOptions[$row['id_choice']] = $row; $realtotal += $row['votes']; $pollinfo['has_voted'] |= $row['voted_this'] != -1; } $smcFunc['db_free_result']($request); // If this is a guest we need to do our best to work out if they have voted, and what they voted for. if ($user_info['is_guest'] && $pollinfo['guest_vote'] && allowedTo('poll_vote')) { if (!empty($_COOKIE['guest_poll_vote']) && preg_match('~^[0-9,;]+$~', $_COOKIE['guest_poll_vote']) && strpos($_COOKIE['guest_poll_vote'], ';' . $topicinfo['id_poll'] . ',') !== false) { // ;id,timestamp,[vote,vote...]; etc $guestinfo = explode(';', $_COOKIE['guest_poll_vote']); // Find the poll we're after. foreach ($guestinfo as $i => $guestvoted) { $guestvoted = explode(',', $guestvoted); if ($guestvoted[0] == $topicinfo['id_poll']) { break; } } // Has the poll been reset since guest voted? if ($pollinfo['reset_poll'] > $guestvoted[1]) { // Remove the poll info from the cookie to allow guest to vote again unset($guestinfo[$i]); if (!empty($guestinfo)) { $_COOKIE['guest_poll_vote'] = ';' . implode(';', $guestinfo); } else { unset($_COOKIE['guest_poll_vote']); } } else { // What did they vote for? unset($guestvoted[0], $guestvoted[1]); foreach ($pollOptions as $choice => $details) { $pollOptions[$choice]['voted_this'] = in_array($choice, $guestvoted) ? 1 : -1; $pollinfo['has_voted'] |= $pollOptions[$choice]['voted_this'] != -1; } unset($choice, $details, $guestvoted); } unset($guestinfo, $guestvoted, $i); } } // Set up the basic poll information. $context['poll'] = array('id' => $topicinfo['id_poll'], 'image' => 'normal_' . (empty($pollinfo['voting_locked']) ? 'poll' : 'locked_poll'), 'question' => parse_bbc($pollinfo['question']), 'total_votes' => $pollinfo['total'], 'change_vote' => !empty($pollinfo['change_vote']), 'is_locked' => !empty($pollinfo['voting_locked']), 'options' => array(), 'lock' => allowedTo('poll_lock_any') || $context['user']['started'] && allowedTo('poll_lock_own'), 'edit' => allowedTo('poll_edit_any') || $context['user']['started'] && allowedTo('poll_edit_own'), 'allowed_warning' => $pollinfo['max_votes'] > 1 ? sprintf($txt['poll_options6'], min(count($pollOptions), $pollinfo['max_votes'])) : '', 'is_expired' => !empty($pollinfo['expire_time']) && $pollinfo['expire_time'] < time(), 'expire_time' => !empty($pollinfo['expire_time']) ? timeformat($pollinfo['expire_time']) : 0, 'has_voted' => !empty($pollinfo['has_voted']), 'starter' => array('id' => $pollinfo['id_member'], 'name' => $row['poster_name'], 'href' => $pollinfo['id_member'] == 0 ? '' : $scripturl . '?action=profile;u=' . $pollinfo['id_member'], 'link' => $pollinfo['id_member'] == 0 ? $row['poster_name'] : '<a href="' . $scripturl . '?action=profile;u=' . $pollinfo['id_member'] . '">' . $row['poster_name'] . '</a>')); // Make the lock and edit permissions defined above more directly accessible. $context['allow_lock_poll'] = $context['poll']['lock']; $context['allow_edit_poll'] = $context['poll']['edit']; // You're allowed to vote if: // 1. the poll did not expire, and // 2. you're either not a guest OR guest voting is enabled... and // 3. you're not trying to view the results, and // 4. the poll is not locked, and // 5. you have the proper permissions, and // 6. you haven't already voted before. $context['allow_vote'] = !$context['poll']['is_expired'] && (!$user_info['is_guest'] || $pollinfo['guest_vote'] && allowedTo('poll_vote')) && empty($pollinfo['voting_locked']) && allowedTo('poll_vote') && !$context['poll']['has_voted']; // You're allowed to view the results if: // 1. you're just a super-nice-guy, or // 2. anyone can see them (hide_results == 0), or // 3. you can see them after you voted (hide_results == 1), or // 4. you've waited long enough for the poll to expire. (whether hide_results is 1 or 2.) $context['allow_poll_view'] = allowedTo('moderate_board') || $pollinfo['hide_results'] == 0 || $pollinfo['hide_results'] == 1 && $context['poll']['has_voted'] || $context['poll']['is_expired']; $context['poll']['show_results'] = $context['allow_poll_view'] && (isset($_REQUEST['viewresults']) || isset($_REQUEST['viewResults'])); $context['show_view_results_button'] = $context['allow_vote'] && (!$context['allow_poll_view'] || !$context['poll']['show_results'] || !$context['poll']['has_voted']); // You're allowed to change your vote if: // 1. the poll did not expire, and // 2. you're not a guest... and // 3. the poll is not locked, and // 4. you have the proper permissions, and // 5. you have already voted, and // 6. the poll creator has said you can! $context['allow_change_vote'] = !$context['poll']['is_expired'] && !$user_info['is_guest'] && empty($pollinfo['voting_locked']) && allowedTo('poll_vote') && $context['poll']['has_voted'] && $context['poll']['change_vote']; // You're allowed to return to voting options if: // 1. you are (still) allowed to vote. // 2. you are currently seeing the results. $context['allow_return_vote'] = $context['allow_vote'] && $context['poll']['show_results']; // Calculate the percentages and bar lengths... $divisor = $realtotal == 0 ? 1 : $realtotal; // Determine if a decimal point is needed in order for the options to add to 100%. $precision = $realtotal == 100 ? 0 : 1; // Now look through each option, and... foreach ($pollOptions as $i => $option) { // First calculate the percentage, and then the width of the bar... $bar = round($option['votes'] * 100 / $divisor, $precision); $barWide = $bar == 0 ? 1 : floor($bar * 8 / 3); // Now add it to the poll's contextual theme data. $context['poll']['options'][$i] = array('id' => 'options-' . $i, 'percent' => $bar, 'votes' => $option['votes'], 'voted_this' => $option['voted_this'] != -1, 'bar' => '<span style="white-space: nowrap;"><img src="' . $settings['images_url'] . '/poll_' . ($context['right_to_left'] ? 'right' : 'left') . '.png" alt="" /><img src="' . $settings['images_url'] . '/poll_middle.png" width="' . $barWide . '" height="12" alt="-" /><img src="' . $settings['images_url'] . '/poll_' . ($context['right_to_left'] ? 'left' : 'right') . '.png" alt="" /></span>', 'bar_ndt' => $bar > 0 ? '<div class="bar" style="width: ' . ($bar * 3.5 + 4) . 'px;"><div style="width: ' . $bar * 3.5 . 'px;"></div></div>' : '', 'bar_width' => $barWide, 'option' => parse_bbc($option['label']), 'vote_button' => '<input type="' . ($pollinfo['max_votes'] > 1 ? 'checkbox' : 'radio') . '" name="options[]" id="options-' . $i . '" value="' . $i . '" class="input_' . ($pollinfo['max_votes'] > 1 ? 'check' : 'radio') . '" />'); } // Build the poll moderation button array. $context['poll_buttons'] = array('vote' => array('test' => 'allow_return_vote', 'text' => 'poll_return_vote', 'image' => 'poll_options.png', 'lang' => true, 'url' => $scripturl . '?topic=' . $context['current_topic'] . '.' . $context['start']), 'results' => array('test' => 'show_view_results_button', 'text' => 'poll_results', 'image' => 'poll_results.png', 'lang' => true, 'url' => $scripturl . '?topic=' . $context['current_topic'] . '.' . $context['start'] . ';viewresults'), 'change_vote' => array('test' => 'allow_change_vote', 'text' => 'poll_change_vote', 'image' => 'poll_change_vote.png', 'lang' => true, 'url' => $scripturl . '?action=vote;topic=' . $context['current_topic'] . '.' . $context['start'] . ';poll=' . $context['poll']['id'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'lock' => array('test' => 'allow_lock_poll', 'text' => !$context['poll']['is_locked'] ? 'poll_lock' : 'poll_unlock', 'image' => 'poll_lock.png', 'lang' => true, 'url' => $scripturl . '?action=lockvoting;topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'edit' => array('test' => 'allow_edit_poll', 'text' => 'poll_edit', 'image' => 'poll_edit.png', 'lang' => true, 'url' => $scripturl . '?action=editpoll;topic=' . $context['current_topic'] . '.' . $context['start']), 'remove_poll' => array('test' => 'can_remove_poll', 'text' => 'poll_remove', 'image' => 'admin_remove_poll.png', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . $txt['poll_remove_warn'] . '\');"', 'url' => $scripturl . '?action=removepoll;topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id'])); // Allow mods to add additional buttons here call_integration_hook('integrate_poll_buttons'); } // Calculate the fastest way to get the messages! $ascending = empty($options['view_newest_first']); $start = $_REQUEST['start']; $limit = $context['messages_per_page']; $firstIndex = 0; if ($start >= $context['total_visible_posts'] / 2 && $context['messages_per_page'] != -1) { $ascending = !$ascending; $limit = $context['total_visible_posts'] <= $start + $limit ? $context['total_visible_posts'] - $start : $limit; $start = $context['total_visible_posts'] <= $start + $limit ? 0 : $context['total_visible_posts'] - $start - $limit; $firstIndex = $limit - 1; } // Get each post and poster in this topic. $request = $smcFunc['db_query']('display_get_post_poster', ' SELECT id_msg, id_member, approved FROM {db_prefix}messages WHERE id_topic = {int:current_topic}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : (!empty($modSettings['db_mysql_group_by_fix']) ? '' : ' GROUP BY id_msg') . ' HAVING (approved = {int:is_approved}' . ($user_info['is_guest'] ? '' : ' OR id_member = {int:current_member}') . ')') . ' ORDER BY id_msg ' . ($ascending ? '' : 'DESC') . ($context['messages_per_page'] == -1 ? '' : ' LIMIT ' . $start . ', ' . $limit), array('current_member' => $user_info['id'], 'current_topic' => $topic, 'is_approved' => 1, 'blank_id_member' => 0)); $messages = array(); $all_posters = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { if (!empty($row['id_member'])) { $all_posters[$row['id_msg']] = $row['id_member']; } $messages[] = $row['id_msg']; } $smcFunc['db_free_result']($request); $posters = array_unique($all_posters); call_integration_hook('integrate_display_message_list', array($messages, $posters)); // Guests can't mark topics read or for notifications, just can't sorry. if (!$user_info['is_guest'] && !empty($messages)) { $mark_at_msg = max($messages); if ($mark_at_msg >= $topicinfo['id_last_msg']) { $mark_at_msg = $modSettings['maxMsgID']; } if ($mark_at_msg >= $topicinfo['new_from']) { $smcFunc['db_insert']($topicinfo['new_from'] == 0 ? 'ignore' : 'replace', '{db_prefix}log_topics', array('id_member' => 'int', 'id_topic' => 'int', 'id_msg' => 'int'), array($user_info['id'], $topic, $mark_at_msg), array('id_member', 'id_topic')); } // Check for notifications on this topic OR board. $request = $smcFunc['db_query']('', ' SELECT sent, id_topic FROM {db_prefix}log_notify WHERE (id_topic = {int:current_topic} OR id_board = {int:current_board}) AND id_member = {int:current_member} LIMIT 2', array('current_board' => $board, 'current_member' => $user_info['id'], 'current_topic' => $topic)); $do_once = true; while ($row = $smcFunc['db_fetch_assoc']($request)) { // Find if this topic is marked for notification... if (!empty($row['id_topic'])) { $context['is_marked_notify'] = true; } // Only do this once, but mark the notifications as "not sent yet" for next time. if (!empty($row['sent']) && $do_once) { $smcFunc['db_query']('', ' UPDATE {db_prefix}log_notify SET sent = {int:is_not_sent} WHERE (id_topic = {int:current_topic} OR id_board = {int:current_board}) AND id_member = {int:current_member}', array('current_board' => $board, 'current_member' => $user_info['id'], 'current_topic' => $topic, 'is_not_sent' => 0)); $do_once = false; } } // Have we recently cached the number of new topics in this board, and it's still a lot? if (isset($_REQUEST['topicseen']) && isset($_SESSION['topicseen_cache'][$board]) && $_SESSION['topicseen_cache'][$board] > 5) { $_SESSION['topicseen_cache'][$board]--; } elseif (isset($_REQUEST['topicseen'])) { // Use the mark read tables... and the last visit to figure out if this should be read or not. $request = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}topics AS t LEFT JOIN {db_prefix}log_boards AS lb ON (lb.id_board = {int:current_board} AND lb.id_member = {int:current_member}) LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = t.id_topic AND lt.id_member = {int:current_member}) WHERE t.id_board = {int:current_board} AND t.id_last_msg > IFNULL(lb.id_msg, 0) AND t.id_last_msg > IFNULL(lt.id_msg, 0)' . (empty($_SESSION['id_msg_last_visit']) ? '' : ' AND t.id_last_msg > {int:id_msg_last_visit}'), array('current_board' => $board, 'current_member' => $user_info['id'], 'id_msg_last_visit' => (int) $_SESSION['id_msg_last_visit'])); list($numNewTopics) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // If there're no real new topics in this board, mark the board as seen. if (empty($numNewTopics)) { $_REQUEST['boardseen'] = true; } else { $_SESSION['topicseen_cache'][$board] = $numNewTopics; } } elseif (isset($_SESSION['topicseen_cache'][$board])) { $_SESSION['topicseen_cache'][$board]--; } // Mark board as seen if we came using last post link from BoardIndex. (or other places...) if (isset($_REQUEST['boardseen'])) { $smcFunc['db_insert']('replace', '{db_prefix}log_boards', array('id_msg' => 'int', 'id_member' => 'int', 'id_board' => 'int'), array($modSettings['maxMsgID'], $user_info['id'], $board), array('id_member', 'id_board')); } } $attachments = array(); // If there _are_ messages here... (probably an error otherwise :!) if (!empty($messages)) { // Fetch attachments. if (!empty($modSettings['attachmentEnable']) && allowedTo('view_attachments')) { $request = $smcFunc['db_query']('', ' SELECT a.id_attach, a.id_folder, a.id_msg, a.filename, a.file_hash, IFNULL(a.size, 0) AS filesize, a.downloads, a.approved, a.width, a.height' . (empty($modSettings['attachmentShowImages']) || empty($modSettings['attachmentThumbnails']) ? '' : ', IFNULL(thumb.id_attach, 0) AS id_thumb, thumb.width AS thumb_width, thumb.height AS thumb_height') . ' FROM {db_prefix}attachments AS a' . (empty($modSettings['attachmentShowImages']) || empty($modSettings['attachmentThumbnails']) ? '' : ' LEFT JOIN {db_prefix}attachments AS thumb ON (thumb.id_attach = a.id_thumb)') . ' WHERE a.id_msg IN ({array_int:message_list}) AND a.attachment_type = {int:attachment_type}', array('message_list' => $messages, 'attachment_type' => 0, 'is_approved' => 1)); $temp = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { if (!$row['approved'] && $modSettings['postmod_active'] && !allowedTo('approve_posts') && (!isset($all_posters[$row['id_msg']]) || $all_posters[$row['id_msg']] != $user_info['id'])) { continue; } $temp[$row['id_attach']] = $row; if (!isset($attachments[$row['id_msg']])) { $attachments[$row['id_msg']] = array(); } } $smcFunc['db_free_result']($request); // This is better than sorting it with the query... ksort($temp); foreach ($temp as $row) { $attachments[$row['id_msg']][] = $row; } } $msg_parameters = array('message_list' => $messages, 'new_from' => $topicinfo['new_from']); $msg_selects = array(); $msg_tables = array(); call_integration_hook('integrate_query_message', array(&$msg_selects, &$msg_tables, &$msg_parameters)); // What? It's not like it *couldn't* be only guests in this topic... if (!empty($posters)) { loadMemberData($posters); } $messages_request = $smcFunc['db_query']('', ' SELECT id_msg, icon, subject, poster_time, poster_ip, id_member, modified_time, modified_name, body, smileys_enabled, poster_name, poster_email, approved, id_msg_modified < {int:new_from} AS is_read ' . (!empty($msg_selects) ? implode(',', $msg_selects) : '') . ' FROM {db_prefix}messages ' . (!empty($msg_tables) ? implode("\n\t", $msg_tables) : '') . ' WHERE id_msg IN ({array_int:message_list}) ORDER BY id_msg' . (empty($options['view_newest_first']) ? '' : ' DESC'), $msg_parameters); // Go to the last message if the given time is beyond the time of the last message. if (isset($context['start_from']) && $context['start_from'] >= $topicinfo['num_replies']) { $context['start_from'] = $topicinfo['num_replies']; } // Since the anchor information is needed on the top of the page we load these variables beforehand. $context['first_message'] = isset($messages[$firstIndex]) ? $messages[$firstIndex] : $messages[0]; if (empty($options['view_newest_first'])) { $context['first_new_message'] = isset($context['start_from']) && $_REQUEST['start'] == $context['start_from']; } else { $context['first_new_message'] = isset($context['start_from']) && $_REQUEST['start'] == $topicinfo['num_replies'] - $context['start_from']; } } else { $messages_request = false; $context['first_message'] = 0; $context['first_new_message'] = false; } $context['jump_to'] = array('label' => addslashes(un_htmlspecialchars($txt['jump_to'])), 'board_name' => htmlspecialchars(strtr(strip_tags($board_info['name']), array('&' => '&'))), 'child_level' => $board_info['child_level']); // Set the callback. (do you REALIZE how much memory all the messages would take?!?) // This will be called from the template. $context['get_message'] = 'prepareDisplayContext'; // Now set all the wonderful, wonderful permissions... like moderation ones... $common_permissions = array('can_approve' => 'approve_posts', 'can_ban' => 'manage_bans', 'can_sticky' => 'make_sticky', 'can_merge' => 'merge_any', 'can_split' => 'split_any', 'calendar_post' => 'calendar_post', 'can_mark_notify' => 'mark_any_notify', 'can_send_topic' => 'send_topic', 'can_send_pm' => 'pm_send', 'can_send_email' => 'send_email_to_members', 'can_report_moderator' => 'report_any', 'can_moderate_forum' => 'moderate_forum', 'can_issue_warning' => 'issue_warning', 'can_restore_topic' => 'move_any', 'can_restore_msg' => 'move_any'); foreach ($common_permissions as $contextual => $perm) { $context[$contextual] = allowedTo($perm); } // Permissions with _any/_own versions. $context[YYY] => ZZZ_any/_own. $anyown_permissions = array('can_move' => 'move', 'can_lock' => 'lock', 'can_delete' => 'remove', 'can_add_poll' => 'poll_add', 'can_remove_poll' => 'poll_remove', 'can_reply' => 'post_reply', 'can_reply_unapproved' => 'post_unapproved_replies'); foreach ($anyown_permissions as $contextual => $perm) { $context[$contextual] = allowedTo($perm . '_any') || $context['user']['started'] && allowedTo($perm . '_own'); } // Cleanup all the permissions with extra stuff... $context['can_mark_notify'] &= !$context['user']['is_guest']; $context['can_sticky'] &= !empty($modSettings['enableStickyTopics']); $context['calendar_post'] &= !empty($modSettings['cal_enabled']); $context['can_add_poll'] &= $modSettings['pollMode'] == '1' && $topicinfo['id_poll'] <= 0; $context['can_remove_poll'] &= $modSettings['pollMode'] == '1' && $topicinfo['id_poll'] > 0; $context['can_reply'] &= empty($topicinfo['locked']) || allowedTo('moderate_board'); $context['can_reply_unapproved'] &= $modSettings['postmod_active'] && (empty($topicinfo['locked']) || allowedTo('moderate_board')); $context['can_issue_warning'] &= in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1; // Handle approval flags... $context['can_reply_approved'] = $context['can_reply']; $context['can_reply'] |= $context['can_reply_unapproved']; $context['can_quote'] = $context['can_reply'] && (empty($modSettings['disabledBBC']) || !in_array('quote', explode(',', $modSettings['disabledBBC']))); $context['can_mark_unread'] = !$user_info['is_guest'] && $settings['show_mark_read']; $context['can_send_topic'] = (!$modSettings['postmod_active'] || $topicinfo['approved']) && allowedTo('send_topic'); $context['can_print'] = empty($modSettings['disable_print_topic']); // Start this off for quick moderation - it will be or'd for each post. $context['can_remove_post'] = allowedTo('delete_any') || allowedTo('delete_replies') && $context['user']['started']; // Can restore topic? That's if the topic is in the recycle board and has a previous restore state. $context['can_restore_topic'] &= !empty($modSettings['recycle_enable']) && $modSettings['recycle_board'] == $board && !empty($topicinfo['id_previous_board']); $context['can_restore_msg'] &= !empty($modSettings['recycle_enable']) && $modSettings['recycle_board'] == $board && !empty($topicinfo['id_previous_topic']); // Check if the draft functions are enabled and that they have permission to use them (for quick reply.) $context['drafts_save'] = !empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_post_enabled']) && allowedTo('post_draft') && $context['can_reply']; $context['drafts_autosave'] = !empty($context['drafts_save']) && !empty($modSettings['drafts_autosave_enabled']) && allowedTo('post_autosave_draft'); if (!empty($context['drafts_save'])) { loadLanguage('Drafts'); } // Wireless shows a "more" if you can do anything special. if (WIRELESS && WIRELESS_PROTOCOL != 'wap') { $context['wireless_more'] = $context['can_sticky'] || $context['can_lock'] || allowedTo('modify_any'); $context['wireless_moderate'] = isset($_GET['moderate']) ? ';moderate' : ''; } // Load up the "double post" sequencing magic. if (!empty($options['display_quick_reply'])) { checkSubmitOnce('register'); $context['name'] = isset($_SESSION['guest_name']) ? $_SESSION['guest_name'] : ''; $context['email'] = isset($_SESSION['guest_email']) ? $_SESSION['guest_email'] : ''; if ($options['display_quick_reply'] == 3 && $context['can_reply']) { // Needed for the editor and message icons. require_once $sourcedir . '/Subs-Editor.php'; // Now create the editor. $editorOptions = array('id' => 'message', 'value' => '', 'labels' => array('post_button' => $txt['post']), 'height' => '175px', 'width' => '100%', 'preview_type' => 0); create_control_richedit($editorOptions); // Store the ID. $context['post_box_name'] = $editorOptions['id']; $context['attached'] = ''; $context['make_poll'] = isset($_REQUEST['poll']); // Message icons - customized icons are off? $context['icons'] = getMessageIcons($board); if (!empty($context['icons'])) { $context['icons'][count($context['icons']) - 1]['is_last'] = true; } } } // Build the normal button array. $context['normal_buttons'] = array('reply' => array('test' => 'can_reply', 'text' => 'reply', 'image' => 'reply.png', 'lang' => true, 'url' => $scripturl . '?action=post;topic=' . $context['current_topic'] . '.' . $context['start'] . ';last_msg=' . $context['topic_last_message'], 'active' => true), 'add_poll' => array('test' => 'can_add_poll', 'text' => 'add_poll', 'image' => 'add_poll.png', 'lang' => true, 'url' => $scripturl . '?action=editpoll;add;topic=' . $context['current_topic'] . '.' . $context['start']), 'notify' => array('test' => 'can_mark_notify', 'text' => $context['is_marked_notify'] ? 'unnotify' : 'notify', 'image' => ($context['is_marked_notify'] ? 'un' : '') . 'notify.png', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . ($context['is_marked_notify'] ? $txt['notification_disable_topic'] : $txt['notification_enable_topic']) . '\');"', 'url' => $scripturl . '?action=notify;sa=' . ($context['is_marked_notify'] ? 'off' : 'on') . ';topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'mark_unread' => array('test' => 'can_mark_unread', 'text' => 'mark_unread', 'image' => 'markunread.png', 'lang' => true, 'url' => $scripturl . '?action=markasread;sa=topic;t=' . $context['mark_unread_time'] . ';topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'send' => array('test' => 'can_send_topic', 'text' => 'send_topic', 'image' => 'sendtopic.png', 'lang' => true, 'url' => $scripturl . '?action=emailuser;sa=sendtopic;topic=' . $context['current_topic'] . '.0'), 'print' => array('test' => 'can_print', 'text' => 'print', 'image' => 'print.png', 'lang' => true, 'custom' => 'rel="new_win nofollow"', 'url' => $scripturl . '?action=printpage;topic=' . $context['current_topic'] . '.0')); // Build the mod button array $context['mod_buttons'] = array('move' => array('test' => 'can_move', 'text' => 'move_topic', 'image' => 'admin_move.png', 'lang' => true, 'url' => $scripturl . '?action=movetopic;current_board=' . $context['current_board'] . ';topic=' . $context['current_topic'] . '.0'), 'delete' => array('test' => 'can_delete', 'text' => 'remove_topic', 'image' => 'admin_rem.png', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . $txt['are_sure_remove_topic'] . '\');"', 'url' => $scripturl . '?action=removetopic2;topic=' . $context['current_topic'] . '.0;' . $context['session_var'] . '=' . $context['session_id']), 'lock' => array('test' => 'can_lock', 'text' => empty($context['is_locked']) ? 'set_lock' : 'set_unlock', 'image' => 'admin_lock.png', 'lang' => true, 'url' => $scripturl . '?action=lock;topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'sticky' => array('test' => 'can_sticky', 'text' => empty($context['is_sticky']) ? 'set_sticky' : 'set_nonsticky', 'image' => 'admin_sticky.png', 'lang' => true, 'url' => $scripturl . '?action=sticky;topic=' . $context['current_topic'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'merge' => array('test' => 'can_merge', 'text' => 'merge', 'image' => 'merge.png', 'lang' => true, 'url' => $scripturl . '?action=mergetopics;board=' . $context['current_board'] . '.0;from=' . $context['current_topic']), 'calendar' => array('test' => 'calendar_post', 'text' => 'calendar_link', 'image' => 'linktocal.png', 'lang' => true, 'url' => $scripturl . '?action=post;calendar;msg=' . $context['topic_first_message'] . ';topic=' . $context['current_topic'] . '.0')); // Restore topic. eh? No monkey business. if ($context['can_restore_topic']) { $context['mod_buttons'][] = array('text' => 'restore_topic', 'image' => '', 'lang' => true, 'url' => $scripturl . '?action=restoretopic;topics=' . $context['current_topic'] . ';' . $context['session_var'] . '=' . $context['session_id']); } // Allow adding new mod buttons easily. call_integration_hook('integrate_display_buttons'); }
function sportal_admin_page_edit() { global $txt, $context, $modSettings, $smcFunc, $sourcedir, $options; require_once $sourcedir . '/Subs-Editor.php'; require_once $sourcedir . '/Subs-Post.php'; $context['SPortal']['is_new'] = empty($_REQUEST['page_id']); if (!empty($_REQUEST['content_mode']) && $_POST['type'] == 'bbc') { $_REQUEST['content'] = html_to_bbc($_REQUEST['content']); $_REQUEST['content'] = un_htmlspecialchars($_REQUEST['content']); $_POST['content'] = $_REQUEST['content']; } $context['sides'] = array(5 => $txt['sp-positionHeader'], 1 => $txt['sp-positionLeft'], 2 => $txt['sp-positionTop'], 3 => $txt['sp-positionBottom'], 4 => $txt['sp-positionRight'], 6 => $txt['sp-positionFooter']); $blocks = getBlockInfo(); $context['page_blocks'] = array(); foreach ($blocks as $block) { $shown = false; $tests = array('all', 'allpages', 'sforum'); if (!$context['SPortal']['is_new']) { $tests[] = 'p' . (int) $_REQUEST['page_id']; } foreach (array('display', 'display_custom') as $field) { if (substr($block[$field], 0, 4) === '$php') { continue 2; } $block[$field] = explode(',', $block[$field]); if (!$context['SPortal']['is_new'] && in_array('-p' . (int) $_REQUEST['page_id'], $block[$field])) { continue; } foreach ($tests as $test) { if (in_array($test, $block[$field])) { $shown = true; break; } } } $context['page_blocks'][$block['column']][] = array('id' => $block['id'], 'label' => $block['label'], 'shown' => $shown); } if (!empty($_POST['submit'])) { checkSession(); if (!isset($_POST['title']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES)) === '') { fatal_lang_error('sp_error_page_name_empty', false); } if (!isset($_POST['namespace']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES)) === '') { fatal_lang_error('sp_error_page_namespace_empty', false); } $result = $smcFunc['db_query']('', ' SELECT id_page FROM {db_prefix}sp_pages WHERE namespace = {string:namespace} AND id_page != {int:current} LIMIT 1', array('limit' => 1, 'namespace' => $smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES), 'current' => (int) $_POST['page_id'])); list($has_duplicate) = $smcFunc['db_fetch_row']($result); $smcFunc['db_free_result']($result); if (!empty($has_duplicate)) { fatal_lang_error('sp_error_page_namespace_duplicate', false); } if (preg_match('~[^A-Za-z0-9_]+~', $_POST['namespace']) != 0) { fatal_lang_error('sp_error_page_namespace_invalid_chars', false); } if (preg_replace('~[0-9]+~', '', $_POST['namespace']) === '') { fatal_lang_error('sp_error_page_namespace_numeric', false); } if ($_POST['type'] == 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) { $error = sp_validate_php($_POST['content']); if ($error) { fatal_lang_error('error_sp_php_' . $error, false); } } $permission_set = 0; $groups_allowed = $groups_denied = ''; if (!empty($_POST['permission_set'])) { $permission_set = (int) $_POST['permission_set']; } elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) { $groups_allowed = $groups_denied = array(); foreach ($_POST['membergroups'] as $id => $value) { if ($value == 1) { $groups_allowed[] = (int) $id; } elseif ($value == -1) { $groups_denied[] = (int) $id; } } $groups_allowed = implode(',', $groups_allowed); $groups_denied = implode(',', $groups_denied); } if (!empty($_POST['blocks']) && is_array($_POST['blocks'])) { foreach ($_POST['blocks'] as $id => $block) { $_POST['blocks'][$id] = (int) $block; } } else { $_POST['blocks'] = array(); } $fields = array('namespace' => 'string', 'title' => 'string', 'body' => 'string', 'type' => 'string', 'permission_set' => 'int', 'groups_allowed' => 'string', 'groups_denied' => 'string', 'style' => 'string', 'status' => 'int'); $page_info = array('id' => (int) $_POST['page_id'], 'namespace' => $smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES), 'title' => $smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES), 'body' => $smcFunc['htmlspecialchars']($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']) ? 1 : 0); if ($page_info['type'] == 'bbc') { preparsecode($page_info['body']); } if ($context['SPortal']['is_new']) { unset($page_info['id']); $smcFunc['db_insert']('', '{db_prefix}sp_pages', $fields, $page_info, array('id_page')); $page_info['id'] = $smcFunc['db_insert_id']('{db_prefix}sp_pages', 'id_page'); } else { $update_fields = array(); foreach ($fields as $name => $type) { $update_fields[] = $name . ' = {' . $type . ':' . $name . '}'; } $smcFunc['db_query']('', ' UPDATE {db_prefix}sp_pages SET ' . implode(', ', $update_fields) . ' WHERE id_page = {int:id}', $page_info); } $to_show = array(); $not_to_show = array(); $changes = array(); foreach ($context['page_blocks'] as $page_blocks) { foreach ($page_blocks as $block) { if ($block['shown'] && !in_array($block['id'], $_POST['blocks'])) { $not_to_show[] = $block['id']; } elseif (!$block['shown'] && in_array($block['id'], $_POST['blocks'])) { $to_show[] = $block['id']; } } } foreach ($to_show as $id) { if (empty($blocks[$id]['display']) && empty($blocks[$id]['display_custom']) || $blocks[$id]['display'] == 'sportal') { $changes[$id] = array('display' => 'portal,p' . $page_info['id'], 'display_custom' => ''); } elseif (in_array($blocks[$id]['display'], array('allaction', 'allboard'))) { $changes[$id] = array('display' => '', 'display_custom' => $blocks[$id]['display'] . ',p' . $page_info['id']); } elseif (in_array('-p' . $page_info['id'], explode(',', $blocks[$id]['display_custom']))) { $changes[$id] = array('display' => $blocks[$id]['display'], 'display_custom' => implode(',', array_diff(explode(',', $blocks[$id]['display_custom']), array('-p' . $page_info['id'])))); } elseif (empty($blocks[$id]['display_custom'])) { $changes[$id] = array('display' => implode(',', array_merge(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => ''); } else { $changes[$id] = array('display' => $blocks[$id]['display'], 'display_custom' => implode(',', array_merge(explode(',', $blocks[$id]['display_custom']), array('p' . $page_info['id'])))); } } foreach ($not_to_show as $id) { if (count(array_intersect(array($blocks[$id]['display'], $blocks[$id]['display_custom']), array('sforum', 'allpages', 'all'))) > 0) { $changes[$id] = array('display' => '', 'display_custom' => $blocks[$id]['display'] . $blocks[$id]['display_custom'] . ',-p' . $page_info['id']); } elseif (empty($blocks[$id]['display_custom'])) { $changes[$id] = array('display' => implode(',', array_diff(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => ''); } else { $changes[$id] = array('display' => implode(',', array_diff(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => implode(',', array_diff(explode(',', $blocks[$id]['display_custom']), array('p' . $page_info['id'])))); } } foreach ($changes as $id => $data) { $smcFunc['db_query']('', ' UPDATE {db_prefix}sp_blocks SET display = {string:display}, display_custom = {string:display_custom} WHERE id_block = {int:id}', array('id' => $id, 'display' => $data['display'], 'display_custom' => $data['display_custom'])); } redirectexit('action=admin;area=portalpages'); } if (!empty($_POST['preview'])) { $permission_set = 0; $groups_allowed = $groups_denied = array(); if (!empty($_POST['permission_set'])) { $permission_set = (int) $_POST['permission_set']; } elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) { foreach ($_POST['membergroups'] as $id => $value) { if ($value == 1) { $groups_allowed[] = (int) $id; } elseif ($value == -1) { $groups_denied[] = (int) $id; } } } $context['SPortal']['page'] = array('id' => $_POST['page_id'], 'page_id' => $_POST['namespace'], 'title' => $smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES), 'body' => $smcFunc['htmlspecialchars']($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status'])); if ($context['SPortal']['page']['type'] == 'bbc') { preparsecode($context['SPortal']['page']['body']); } loadTemplate('PortalPages'); $context['SPortal']['preview'] = true; } elseif ($context['SPortal']['is_new']) { $context['SPortal']['page'] = array('id' => 0, 'page_id' => 'page' . mt_rand(1, 5000), 'title' => $txt['sp_pages_default_title'], 'body' => '', 'type' => 'bbc', 'permission_set' => 3, 'groups_allowed' => array(), 'groups_denied' => array(), 'style' => '', 'status' => 1); } else { $_REQUEST['page_id'] = (int) $_REQUEST['page_id']; $context['SPortal']['page'] = sportal_get_pages($_REQUEST['page_id']); } if ($context['SPortal']['page']['type'] == 'bbc') { $context['SPortal']['page']['body'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), un_preparsecode($context['SPortal']['page']['body'])); } if ($context['SPortal']['page']['type'] != 'bbc') { $temp_editor = !empty($options['wysiwyg_default']); $options['wysiwyg_default'] = false; } $editorOptions = array('id' => 'content', 'value' => $context['SPortal']['page']['body'], 'width' => '95%', 'height' => '200px', 'preview_type' => 0); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; if (isset($temp_editor)) { $options['wysiwyg_default'] = $temp_editor; } $context['SPortal']['page']['groups'] = sp_load_membergroups(); $context['SPortal']['page']['style'] = sportal_parse_style('explode', $context['SPortal']['page']['style'], !empty($context['SPortal']['preview'])); $context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp_admin_pages_add'] : $txt['sp_admin_pages_edit']; $context['sub_template'] = 'pages_edit'; }
function ProfileComments_Edit() { global $context, $mbname, $user_info, $modSettings, $sourcedir, $txt, $smcFunc; // Guests can't do this stuff is_not_guest(); $id = (int) $_REQUEST['id']; if (empty($id)) { fatal_error($txt['pcomments_err_nocom']); } $dbresult = $smcFunc['db_query']('', "\n\tSELECT \n\t\tp.ID_COMMENT, p.ID_MEMBER, p.comment, p.subject, p.date, p.COMMENT_MEMBER_ID \n\tFROM {db_prefix}profile_comments as p \n\tWHERE p.ID_COMMENT = {$id} LIMIT 1"); $row = $smcFunc['db_fetch_assoc']($dbresult); $context['profilerow'] = $row; $smcFunc['db_free_result']($dbresult); $context['sub_template'] = 'commentsedit'; //Set the page title $context['page_title'] = $mbname . $txt['pcomments_edit1']; // Check if spellchecking is both enabled and actually working. $context['show_spellchecking'] = !empty($modSettings['enableSpellChecking']) && function_exists('pspell_new'); // Used for the editor require_once $sourcedir . '/Subs-Editor.php'; // Now create the editor. $editorOptions = array('id' => 'comment', 'value' => $row['comment'], 'width' => '90%', 'form' => 'cprofile', 'labels' => array('post_button' => '')); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; }