function approvePosts($msgs, $approve = true) { global $sourcedir; if (!is_array($msgs)) { $msgs = array($msgs); } if (empty($msgs)) { return false; } // May as well start at the beginning, working out *what* we need to change. $request = smf_db_query(' SELECT m.id_msg, m.approved, m.id_topic, m.id_board, t.id_first_msg, t.id_last_msg, m.body, m.subject, IFNULL(mem.real_name, m.poster_name) AS poster_name, m.id_member, t.approved AS topic_approved, b.count_posts FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic) INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board) LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member) WHERE m.id_msg IN ({array_int:message_list}) AND m.approved = {int:approved_state}', array('message_list' => $msgs, 'approved_state' => $approve ? 0 : 1)); $msgs = array(); $topics = array(); $topic_changes = array(); $board_changes = array(); $notification_topics = array(); $notification_posts = array(); $member_post_changes = array(); while ($row = mysql_fetch_assoc($request)) { // Easy... $msgs[] = $row['id_msg']; $topics[] = $row['id_topic']; // Ensure our change array exists already. if (!isset($topic_changes[$row['id_topic']])) { $topic_changes[$row['id_topic']] = array('id_last_msg' => $row['id_last_msg'], 'approved' => $row['topic_approved'], 'replies' => 0, 'unapproved_posts' => 0); } if (!isset($board_changes[$row['id_board']])) { $board_changes[$row['id_board']] = array('posts' => 0, 'topics' => 0, 'unapproved_posts' => 0, 'unapproved_topics' => 0); } // If it's the first message then the topic state changes! if ($row['id_msg'] == $row['id_first_msg']) { $topic_changes[$row['id_topic']]['approved'] = $approve ? 1 : 0; $board_changes[$row['id_board']]['unapproved_topics'] += $approve ? -1 : 1; $board_changes[$row['id_board']]['topics'] += $approve ? 1 : -1; // Note we need to ensure we announce this topic! $notification_topics[] = array('body' => $row['body'], 'subject' => $row['subject'], 'name' => $row['poster_name'], 'board' => $row['id_board'], 'topic' => $row['id_topic'], 'msg' => $row['id_first_msg'], 'poster' => $row['id_member']); } else { $topic_changes[$row['id_topic']]['replies'] += $approve ? 1 : -1; // This will be a post... but don't notify unless it's not followed by approved ones. if ($row['id_msg'] > $row['id_last_msg']) { $notification_posts[$row['id_topic']][] = array('id' => $row['id_msg'], 'body' => $row['body'], 'subject' => $row['subject'], 'name' => $row['poster_name'], 'topic' => $row['id_topic']); } } // If this is being approved and id_msg is higher than the current id_last_msg then it changes. if ($approve && $row['id_msg'] > $topic_changes[$row['id_topic']]['id_last_msg']) { $topic_changes[$row['id_topic']]['id_last_msg'] = $row['id_msg']; } elseif (!$approve) { // Default to the first message and then we'll override in a bit ;) $topic_changes[$row['id_topic']]['id_last_msg'] = $row['id_first_msg']; } $topic_changes[$row['id_topic']]['unapproved_posts'] += $approve ? -1 : 1; $board_changes[$row['id_board']]['unapproved_posts'] += $approve ? -1 : 1; $board_changes[$row['id_board']]['posts'] += $approve ? 1 : -1; // Post count for the user? if ($row['id_member'] && empty($row['count_posts'])) { $member_post_changes[$row['id_member']] = isset($member_post_changes[$row['id_member']]) ? $member_post_changes[$row['id_member']] + 1 : 1; } } mysql_free_result($request); if (empty($msgs)) { return; } // Now we have the differences make the changes, first the easy one. smf_db_query(' UPDATE {db_prefix}messages SET approved = {int:approved_state} WHERE id_msg IN ({array_int:message_list})', array('message_list' => $msgs, 'approved_state' => $approve ? 1 : 0)); // If we were unapproving find the last msg in the topics... if (!$approve) { $request = smf_db_query(' SELECT id_topic, MAX(id_msg) AS id_last_msg FROM {db_prefix}messages WHERE id_topic IN ({array_int:topic_list}) AND approved = {int:approved} GROUP BY id_topic', array('topic_list' => $topics, 'approved' => 1)); while ($row = mysql_fetch_assoc($request)) { $topic_changes[$row['id_topic']]['id_last_msg'] = $row['id_last_msg']; } mysql_free_result($request); } // ... next the topics... foreach ($topic_changes as $id => $changes) { smf_db_query(' UPDATE {db_prefix}topics SET approved = {int:approved}, unapproved_posts = unapproved_posts + {int:unapproved_posts}, num_replies = num_replies + {int:num_replies}, id_last_msg = {int:id_last_msg} WHERE id_topic = {int:id_topic}', array('approved' => $changes['approved'], 'unapproved_posts' => $changes['unapproved_posts'], 'num_replies' => $changes['replies'], 'id_last_msg' => $changes['id_last_msg'], 'id_topic' => $id)); } // ... finally the boards... foreach ($board_changes as $id => $changes) { smf_db_query(' UPDATE {db_prefix}boards SET num_posts = num_posts + {int:num_posts}, unapproved_posts = unapproved_posts + {int:unapproved_posts}, num_topics = num_topics + {int:num_topics}, unapproved_topics = unapproved_topics + {int:unapproved_topics} WHERE id_board = {int:id_board}', array('num_posts' => $changes['posts'], 'unapproved_posts' => $changes['unapproved_posts'], 'num_topics' => $changes['topics'], 'unapproved_topics' => $changes['unapproved_topics'], 'id_board' => $id)); } // Finally, least importantly, notifications! if ($approve) { if (!empty($notification_topics)) { require_once $sourcedir . '/Post.php'; notifyMembersBoard($notification_topics); } if (!empty($notification_posts)) { sendApprovalNotifications($notification_posts); } smf_db_query(' DELETE FROM {db_prefix}approval_queue WHERE id_msg IN ({array_int:message_list}) AND id_attach = {int:id_attach}', array('message_list' => $msgs, 'id_attach' => 0)); } else { $msgInserts = array(); foreach ($msgs as $msg) { $msgInserts[] = array($msg); } smf_db_insert('ignore', '{db_prefix}approval_queue', array('id_msg' => 'int'), $msgInserts, array('id_msg')); } // Update the last messages on the boards... updateLastMessages(array_keys($board_changes)); // Post count for the members? if (!empty($member_post_changes)) { foreach ($member_post_changes as $id_member => $count_change) { updateMemberData($id_member, array('posts' => 'posts ' . ($approve ? '+' : '-') . ' ' . $count_change)); } } return true; }
function Post2() { global $board, $topic, $txt, $db_prefix, $modSettings, $sourcedir, $context; global $ID_MEMBER, $user_info, $board_info, $options, $func; // Previewing? Go back to start. if (isset($_REQUEST['preview'])) { return Post(); } // Prevent double submission of this form. checkSubmitOnce('check'); // No errors as yet. $post_errors = array(); // If the session has timed out, let the user re-submit their form. if (checkSession('post', '', false) != '') { $post_errors[] = 'session_timeout'; } require_once $sourcedir . '/Subs-Post.php'; loadLanguage('Post'); // Replying to a topic? if (!empty($topic) && !isset($_REQUEST['msg'])) { $request = db_query("\n\t\t\tSELECT t.locked, t.isSticky, t.ID_POLL, t.numReplies, m.ID_MEMBER\n\t\t\tFROM ({$db_prefix}topics AS t, {$db_prefix}messages AS m)\n\t\t\tWHERE t.ID_TOPIC = {$topic}\n\t\t\t\tAND m.ID_MSG = t.ID_FIRST_MSG\n\t\t\tLIMIT 1", __FILE__, __LINE__); list($tmplocked, $tmpstickied, $pollID, $numReplies, $ID_MEMBER_POSTER) = mysql_fetch_row($request); mysql_free_result($request); // Don't allow a post if it's locked. if ($tmplocked != 0 && !allowedTo('moderate_board')) { fatal_lang_error(90, false); } // Sorry, multiple polls aren't allowed... yet. You should stop giving me ideas :P. if (isset($_REQUEST['poll']) && $pollID > 0) { unset($_REQUEST['poll']); } if ($ID_MEMBER_POSTER != $ID_MEMBER) { isAllowedTo('post_reply_any'); } elseif (!allowedTo('post_reply_any')) { isAllowedTo('post_reply_own'); } if (isset($_POST['lock'])) { // Nothing is changed to the lock. if (empty($tmplocked) && empty($_POST['lock']) || !empty($_POST['lock']) && !empty($tmplocked)) { unset($_POST['lock']); } elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $ID_MEMBER != $ID_MEMBER_POSTER) { unset($_POST['lock']); } elseif (!allowedTo('lock_any')) { // You cannot override a moderator lock. if ($tmplocked == 1) { unset($_POST['lock']); } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 2; } } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 1; } } // So you wanna (un)sticky this...let's see. if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || $_POST['sticky'] == $tmpstickied || !allowedTo('make_sticky'))) { unset($_POST['sticky']); } // If the number of replies has changed, if the setting is enabled, go back to Post() - which handles the error. $newReplies = isset($_POST['num_replies']) && $numReplies > $_POST['num_replies'] ? $numReplies - $_POST['num_replies'] : 0; if (empty($options['no_new_reply_warning']) && !empty($newReplies)) { $_REQUEST['preview'] = true; return Post(); } $posterIsGuest = $user_info['is_guest']; } elseif (empty($topic)) { if (!isset($_REQUEST['poll']) || $modSettings['pollMode'] != '1') { isAllowedTo('post_new'); } if (isset($_POST['lock'])) { // New topics are by default not locked. if (empty($_POST['lock'])) { unset($_POST['lock']); } elseif (!allowedTo(array('lock_any', 'lock_own'))) { unset($_POST['lock']); } else { $_POST['lock'] = allowedTo('lock_any') ? 1 : 2; } } if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || empty($_POST['sticky']) || !allowedTo('make_sticky'))) { unset($_POST['sticky']); } $posterIsGuest = $user_info['is_guest']; } elseif (isset($_REQUEST['msg']) && !empty($topic)) { $_REQUEST['msg'] = (int) $_REQUEST['msg']; $request = db_query("\n\t\t\tSELECT\n\t\t\t\tm.ID_MEMBER, m.posterName, m.posterEmail, m.posterTime, \n\t\t\t\tt.ID_FIRST_MSG, t.locked, t.isSticky, t.ID_MEMBER_STARTED AS ID_MEMBER_POSTER\n\t\t\tFROM ({$db_prefix}messages AS m, {$db_prefix}topics AS t)\n\t\t\tWHERE m.ID_MSG = {$_REQUEST['msg']}\n\t\t\t\tAND t.ID_TOPIC = {$topic}\n\t\t\tLIMIT 1", __FILE__, __LINE__); if (mysql_num_rows($request) == 0) { fatal_lang_error('smf272', false); } $row = mysql_fetch_assoc($request); mysql_free_result($request); if (!empty($row['locked']) && !allowedTo('moderate_board')) { fatal_lang_error(90, false); } if (isset($_POST['lock'])) { // Nothing changes to the lock status. if (empty($_POST['lock']) && empty($row['locked']) || !empty($_POST['lock']) && !empty($row['locked'])) { unset($_POST['lock']); } elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $ID_MEMBER != $row['ID_MEMBER_POSTER']) { unset($_POST['lock']); } elseif (!allowedTo('lock_any')) { // You're not allowed to break a moderator's lock. if ($row['locked'] == 1) { unset($_POST['lock']); } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 2; } } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 1; } } // Change the sticky status of this topic? if (isset($_POST['sticky']) && (!allowedTo('make_sticky') || $_POST['sticky'] == $row['isSticky'])) { unset($_POST['sticky']); } if ($row['ID_MEMBER'] == $ID_MEMBER && !allowedTo('modify_any')) { if (!empty($modSettings['edit_disable_time']) && $row['posterTime'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } elseif ($row['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_own')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_own'); } } elseif ($row['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_any')) { isAllowedTo('modify_replies'); // If you're modifying a reply, I say it better be logged... $moderationAction = true; } else { isAllowedTo('modify_any'); // Log it, assuming you're not modifying your own post. if ($row['ID_MEMBER'] != $ID_MEMBER) { $moderationAction = true; } } $posterIsGuest = empty($row['ID_MEMBER']); if (!allowedTo('moderate_forum') || !$posterIsGuest) { $_POST['guestname'] = addslashes($row['posterName']); $_POST['email'] = addslashes($row['posterEmail']); } } // If the poster is a guest evaluate the legality of name and email. if ($posterIsGuest) { $_POST['guestname'] = !isset($_POST['guestname']) ? '' : trim($_POST['guestname']); $_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']); if ($_POST['guestname'] == '' || $_POST['guestname'] == '_') { $post_errors[] = 'no_name'; } if ($func['strlen']($_POST['guestname']) > 25) { $post_errors[] = 'long_name'; } if (empty($modSettings['guest_post_no_email'])) { // Only check if they changed it! if (!isset($row) || $row['posterEmail'] != $_POST['email']) { if (!allowedTo('moderate_forum') && (!isset($_POST['email']) || $_POST['email'] == '')) { $post_errors[] = 'no_email'; } if (!allowedTo('moderate_forum') && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', stripslashes($_POST['email'])) == 0) { $post_errors[] = 'bad_email'; } } // Now make sure this email address is not banned from posting. isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt[28])); } } // Check the subject and message. if (!isset($_POST['subject']) || $func['htmltrim']($_POST['subject']) === '') { $post_errors[] = 'no_subject'; } if (!isset($_POST['message']) || $func['htmltrim']($_POST['message']) === '') { $post_errors[] = 'no_message'; } elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_POST['message']) > $modSettings['max_messageLength']) { $post_errors[] = 'long_message'; } else { // Prepare the message a bit for some additional testing. $_POST['message'] = $func['htmlspecialchars']($_POST['message'], ENT_QUOTES); // Preparse code. (Zef) if ($user_info['is_guest']) { $user_info['name'] = $_POST['guestname']; } preparsecode($_POST['message']); // Let's see if there's still some content left without the tags. if ($func['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '') { $post_errors[] = 'no_message'; } } if (isset($_POST['calendar']) && !isset($_REQUEST['deleteevent']) && $func['htmltrim']($_POST['evtitle']) === '') { $post_errors[] = 'no_event'; } // You are not! if (isset($_POST['message']) && strtolower($_POST['message']) == 'i am the administrator.' && !$user_info['is_admin']) { fatal_error('Knave! Masquerader! Charlatan!', false); } // Validate the poll... if (isset($_REQUEST['poll']) && $modSettings['pollMode'] == '1') { if (!empty($topic) && !isset($_REQUEST['msg'])) { fatal_lang_error(1, false); } // This is a new topic... so it's a new poll. if (empty($topic)) { isAllowedTo('poll_post'); } elseif ($ID_MEMBER == $row['ID_MEMBER_POSTER'] && !allowedTo('poll_add_any')) { isAllowedTo('poll_add_own'); } else { isAllowedTo('poll_add_any'); } if (!isset($_POST['question']) || trim($_POST['question']) == '') { $post_errors[] = 'no_question'; } $_POST['options'] = empty($_POST['options']) ? array() : htmltrim__recursive($_POST['options']); // Get rid of empty ones. foreach ($_POST['options'] as $k => $option) { if ($option == '') { unset($_POST['options'][$k], $_POST['options'][$k]); } } // What are you going to vote between with one choice?!? if (count($_POST['options']) < 2) { $post_errors[] = 'poll_few'; } } if ($posterIsGuest) { // If user is a guest, make sure the chosen name isn't taken. require_once $sourcedir . '/Subs-Members.php'; if (isReservedName($_POST['guestname'], 0, true, false) && (!isset($row['posterName']) || $_POST['guestname'] != $row['posterName'])) { $post_errors[] = 'bad_name'; } } elseif (!isset($_REQUEST['msg'])) { $_POST['guestname'] = addslashes($user_info['username']); $_POST['email'] = addslashes($user_info['email']); } // Any mistakes? if (!empty($post_errors)) { loadLanguage('Errors'); // Previewing. $_REQUEST['preview'] = true; $context['post_error'] = array('messages' => array()); foreach ($post_errors as $post_error) { $context['post_error'][$post_error] = true; $context['post_error']['messages'][] = $txt['error_' . $post_error]; } return Post(); } // Make sure the user isn't spamming the board. if (!isset($_REQUEST['msg'])) { spamProtection('spam'); } // At about this point, we're posting and that's that. ignore_user_abort(true); @set_time_limit(300); // Add special html entities to the subject, name, and email. $_POST['subject'] = strtr($func['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')); $_POST['guestname'] = htmlspecialchars($_POST['guestname']); $_POST['email'] = htmlspecialchars($_POST['email']); // At this point, we want to make sure the subject isn't too long. if ($func['strlen']($_POST['subject']) > 100) { $_POST['subject'] = addslashes($func['substr'](stripslashes($_POST['subject']), 0, 100)); } // Make the poll... if (isset($_REQUEST['poll'])) { // Make sure that the user has not entered a ridiculous number of options.. if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) { $_POST['poll_max_votes'] = 1; } elseif ($_POST['poll_max_votes'] > count($_POST['options'])) { $_POST['poll_max_votes'] = count($_POST['options']); } else { $_POST['poll_max_votes'] = (int) $_POST['poll_max_votes']; } // Just set it to zero if it's not there.. if (!isset($_POST['poll_hide'])) { $_POST['poll_hide'] = 0; } else { $_POST['poll_hide'] = (int) $_POST['poll_hide']; } $_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0; // If the user tries to set the poll too far in advance, don't let them. if (!empty($_POST['poll_expire']) && $_POST['poll_expire'] < 1) { fatal_lang_error('poll_range_error', false); } elseif (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) { $_POST['poll_hide'] = 1; } // Clean up the question and answers. $_POST['question'] = $func['htmlspecialchars']($_POST['question']); $_POST['options'] = htmlspecialchars__recursive($_POST['options']); } // Check if they are trying to delete any current attachments.... if (isset($_REQUEST['msg'], $_POST['attach_del']) && allowedTo('post_attachment')) { $del_temp = array(); foreach ($_POST['attach_del'] as $i => $dummy) { $del_temp[$i] = (int) $dummy; } require_once $sourcedir . '/ManageAttachments.php'; removeAttachments('a.attachmentType = 0 AND a.ID_MSG = ' . (int) $_REQUEST['msg'] . ' AND a.ID_ATTACH NOT IN (' . implode(', ', $del_temp) . ')'); } // ...or attach a new file... if (isset($_FILES['attachment']['name']) || !empty($_SESSION['temp_attachments'])) { isAllowedTo('post_attachment'); // If this isn't a new post, check the current attachments. if (isset($_REQUEST['msg'])) { $request = db_query("\n\t\t\t\tSELECT COUNT(*), SUM(size)\n\t\t\t\tFROM {$db_prefix}attachments\n\t\t\t\tWHERE ID_MSG = " . (int) $_REQUEST['msg'] . "\n\t\t\t\t\tAND attachmentType = 0", __FILE__, __LINE__); list($quantity, $total_size) = mysql_fetch_row($request); mysql_free_result($request); } else { $quantity = 0; $total_size = 0; } if (!empty($_SESSION['temp_attachments'])) { foreach ($_SESSION['temp_attachments'] as $attachID => $name) { if (preg_match('~^post_tmp_' . $ID_MEMBER . '_\\d+$~', $attachID) == 0) { continue; } if (!empty($_POST['attach_del']) && !in_array($attachID, $_POST['attach_del'])) { unset($_SESSION['temp_attachments'][$attachID]); @unlink($modSettings['attachmentUploadDir'] . '/' . $attachID); continue; } $_FILES['attachment']['tmp_name'][] = $attachID; $_FILES['attachment']['name'][] = addslashes($name); $_FILES['attachment']['size'][] = filesize($modSettings['attachmentUploadDir'] . '/' . $attachID); list($_FILES['attachment']['width'][], $_FILES['attachment']['height'][]) = @getimagesize($modSettings['attachmentUploadDir'] . '/' . $attachID); unset($_SESSION['temp_attachments'][$attachID]); } } if (!isset($_FILES['attachment']['name'])) { $_FILES['attachment']['tmp_name'] = array(); } $attachIDs = array(); foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) { if ($_FILES['attachment']['name'][$n] == '') { continue; } // Have we reached the maximum number of files we are allowed? $quantity++; if (!empty($modSettings['attachmentNumPerPostLimit']) && $quantity > $modSettings['attachmentNumPerPostLimit']) { fatal_lang_error('attachments_limit_per_post', false, array($modSettings['attachmentNumPerPostLimit'])); } // Check the total upload size for this post... $total_size += $_FILES['attachment']['size'][$n]; if (!empty($modSettings['attachmentPostLimit']) && $total_size > $modSettings['attachmentPostLimit'] * 1024) { fatal_lang_error('smf122', false, array($modSettings['attachmentPostLimit'])); } $attachmentOptions = array('post' => isset($_REQUEST['msg']) ? $_REQUEST['msg'] : 0, 'poster' => $ID_MEMBER, 'name' => $_FILES['attachment']['name'][$n], 'tmp_name' => $_FILES['attachment']['tmp_name'][$n], 'size' => $_FILES['attachment']['size'][$n]); if (createAttachment($attachmentOptions)) { $attachIDs[] = $attachmentOptions['id']; if (!empty($attachmentOptions['thumb'])) { $attachIDs[] = $attachmentOptions['thumb']; } } else { if (in_array('could_not_upload', $attachmentOptions['errors'])) { fatal_lang_error('smf124'); } if (in_array('too_large', $attachmentOptions['errors'])) { fatal_lang_error('smf122', false, array($modSettings['attachmentSizeLimit'])); } if (in_array('bad_extension', $attachmentOptions['errors'])) { fatal_error($attachmentOptions['name'] . '.<br />' . $txt['smf123'] . ' ' . $modSettings['attachmentExtensions'] . '.', false); } if (in_array('directory_full', $attachmentOptions['errors'])) { fatal_lang_error('smf126'); } if (in_array('bad_filename', $attachmentOptions['errors'])) { fatal_error(basename($attachmentOptions['name']) . '.<br />' . $txt['smf130b'] . '.'); } if (in_array('taken_filename', $attachmentOptions['errors'])) { fatal_lang_error('smf125'); } } } } // Make the poll... if (isset($_REQUEST['poll'])) { // Create the poll. db_query("\n\t\t\tINSERT INTO {$db_prefix}polls\n\t\t\t\t(question, hideResults, maxVotes, expireTime, ID_MEMBER, posterName, changeVote)\n\t\t\tVALUES (SUBSTRING('{$_POST['question']}', 1, 255), {$_POST['poll_hide']}, {$_POST['poll_max_votes']},\n\t\t\t\t" . (empty($_POST['poll_expire']) ? '0' : time() + $_POST['poll_expire'] * 3600 * 24) . ", {$ID_MEMBER}, SUBSTRING('{$_POST['guestname']}', 1, 255), {$_POST['poll_change_vote']})", __FILE__, __LINE__); $ID_POLL = db_insert_id(); // Create each answer choice. $i = 0; $setString = ''; foreach ($_POST['options'] as $option) { $setString .= "\n\t\t\t\t\t({$ID_POLL}, {$i}, SUBSTRING('{$option}', 1, 255)),"; $i++; } db_query("\n\t\t\tINSERT INTO {$db_prefix}poll_choices\n\t\t\t\t(ID_POLL, ID_CHOICE, label)\n\t\t\tVALUES" . substr($setString, 0, -1), __FILE__, __LINE__); } else { $ID_POLL = 0; } // Creating a new topic? $newTopic = empty($_REQUEST['msg']) && empty($topic); // Collect all parameters for the creation or modification of a post. $msgOptions = array('id' => empty($_REQUEST['msg']) ? 0 : (int) $_REQUEST['msg'], 'subject' => $_POST['subject'], 'body' => $_POST['message'], 'icon' => preg_replace('~[\\./\\\\*\':"<>]~', '', $_POST['icon']), 'smileys_enabled' => !isset($_POST['ns']), 'attachments' => empty($attachIDs) ? array() : $attachIDs); $topicOptions = array('id' => empty($topic) ? 0 : $topic, 'board' => $board, 'poll' => isset($_REQUEST['poll']) ? $ID_POLL : null, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true); $posterOptions = array('id' => $ID_MEMBER, 'name' => $_POST['guestname'], 'email' => $_POST['email'], 'update_post_count' => !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count']); // This is an already existing message. Edit it. if (!empty($_REQUEST['msg'])) { // Have admins allowed people to hide their screwups? if (time() - $row['posterTime'] > $modSettings['edit_wait_time'] || $ID_MEMBER != $row['ID_MEMBER']) { $msgOptions['modify_time'] = time(); $msgOptions['modify_name'] = addslashes($user_info['name']); } modifyPost($msgOptions, $topicOptions, $posterOptions); } else { createPost($msgOptions, $topicOptions, $posterOptions); if (isset($topicOptions['id'])) { $topic = $topicOptions['id']; } } // Editing or posting an event? if (isset($_POST['calendar']) && (!isset($_REQUEST['eventid']) || $_REQUEST['eventid'] == -1)) { require_once $sourcedir . '/Calendar.php'; calendarCanLink(); calendarInsertEvent($board, $topic, $_POST['evtitle'], $ID_MEMBER, $_POST['month'], $_POST['day'], $_POST['year'], isset($_POST['span']) ? $_POST['span'] : null); } elseif (isset($_POST['calendar'])) { $_REQUEST['eventid'] = (int) $_REQUEST['eventid']; // Validate the post... require_once $sourcedir . '/Subs-Post.php'; calendarValidatePost(); // If you're not allowed to edit any events, you have to be the poster. if (!allowedTo('calendar_edit_any')) { // Get the event's poster. $request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}calendar\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}", __FILE__, __LINE__); $row2 = mysql_fetch_assoc($request); mysql_free_result($request); // Silly hacker, Trix are for kids. ...probably trademarked somewhere, this is FAIR USE! (parody...) isAllowedTo('calendar_edit_' . ($row2['ID_MEMBER'] == $ID_MEMBER ? 'own' : 'any')); } // Delete it? if (isset($_REQUEST['deleteevent'])) { db_query("\n\t\t\t\tDELETE FROM {$db_prefix}calendar\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}\n\t\t\t\tLIMIT 1", __FILE__, __LINE__); } else { $span = !empty($modSettings['cal_allowspan']) && !empty($_REQUEST['span']) ? min((int) $modSettings['cal_maxspan'], (int) $_REQUEST['span'] - 1) : 0; $start_time = mktime(0, 0, 0, (int) $_REQUEST['month'], (int) $_REQUEST['day'], (int) $_REQUEST['year']); db_query("\n\t\t\t\tUPDATE {$db_prefix}calendar\n\t\t\t\tSET endDate = '" . strftime('%Y-%m-%d', $start_time + $span * 86400) . "',\n\t\t\t\t\tstartDate = '" . strftime('%Y-%m-%d', $start_time) . "',\n\t\t\t\t\ttitle = '" . $func['htmlspecialchars']($_REQUEST['evtitle'], ENT_QUOTES) . "'\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}\n\t\t\t\tLIMIT 1", __FILE__, __LINE__); } updateStats('calendar'); } // Marking read should be done even for editing messages.... if (!$user_info['is_guest']) { // Mark all the parents read. (since you just posted and they will be unread.) if (!empty($board_info['parent_boards'])) { db_query("\n\t\t\t\tUPDATE {$db_prefix}log_boards\n\t\t\t\tSET ID_MSG = {$modSettings['maxMsgID']}\n\t\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}\n\t\t\t\t\tAND ID_BOARD IN (" . implode(',', array_keys($board_info['parent_boards'])) . ")", __FILE__, __LINE__); } } // Turn notification on or off. (note this just blows smoke if it's already on or off.) if (!empty($_POST['notify'])) { if (allowedTo('mark_any_notify')) { db_query("\n\t\t\t\tINSERT IGNORE INTO {$db_prefix}log_notify\n\t\t\t\t\t(ID_MEMBER, ID_TOPIC, ID_BOARD)\n\t\t\t\tVALUES ({$ID_MEMBER}, {$topic}, 0)", __FILE__, __LINE__); } } elseif (!$newTopic) { db_query("\n\t\t\tDELETE FROM {$db_prefix}log_notify\n\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}\n\t\t\t\tAND ID_TOPIC = {$topic}\n\t\t\tLIMIT 1", __FILE__, __LINE__); } // Log an act of moderation - modifying. if (!empty($moderationAction)) { logAction('modify', array('topic' => $topic, 'message' => (int) $_REQUEST['msg'], 'member' => $row['ID_MEMBER'])); } if (isset($_POST['lock']) && $_POST['lock'] != 2) { logAction('lock', array('topic' => $topicOptions['id'])); } if (isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics'])) { logAction('sticky', array('topic' => $topicOptions['id'])); } // Notify any members who have notification turned on for this topic. if ($newTopic) { notifyMembersBoard(); } elseif (empty($_REQUEST['msg'])) { sendNotifications($topic, 'reply'); } // Returning to the topic? if (!empty($_REQUEST['goback'])) { // Mark the board as read.... because it might get confusing otherwise. db_query("\n\t\t\tUPDATE {$db_prefix}log_boards\n\t\t\tSET ID_MSG = {$modSettings['maxMsgID']}\n\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}\n\t\t\t\tAND ID_BOARD = {$board}", __FILE__, __LINE__); } if (!empty($_POST['announce_topic'])) { redirectexit('action=announce;sa=selectgroup;topic=' . $topic . (!empty($_POST['move']) && allowedTo('move_any') ? ';move' : '') . (empty($_REQUEST['goback']) ? '' : ';goback')); } if (!empty($_POST['move']) && allowedTo('move_any')) { redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback')); } // Return to post if the mod is on. if (isset($_REQUEST['msg']) && !empty($_REQUEST['goback'])) { redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg'] . '#msg' . $_REQUEST['msg'], $context['browser']['is_ie']); } elseif (!empty($_REQUEST['goback'])) { redirectexit('topic=' . $topic . '.new#new', $context['browser']['is_ie']); } else { redirectexit('board=' . $board . '.0'); } }
function Post2() { global $board, $topic, $txt, $modSettings, $sourcedir, $context; global $user_info, $board_info, $options, $smcFunc; // Sneaking off, are we? if (empty($_POST) && empty($topic)) { redirectexit('action=post;board=' . $board . '.0'); } elseif (empty($_POST) && !empty($topic)) { redirectexit('action=post;topic=' . $topic . '.0'); } // No need! $context['robot_no_index'] = true; // If we came from WYSIWYG then turn it back into BBC regardless. if (!empty($_REQUEST['message_mode']) && isset($_REQUEST['message'])) { require_once $sourcedir . '/Subs-Editor.php'; $_REQUEST['message'] = html_to_bbc($_REQUEST['message']); // We need to unhtml it now as it gets done shortly. $_REQUEST['message'] = un_htmlspecialchars($_REQUEST['message']); // We need this for everything else. $_POST['message'] = $_REQUEST['message']; } // Previewing? Go back to start. if (isset($_REQUEST['preview'])) { return Post(); } // Prevent double submission of this form. checkSubmitOnce('check'); // No errors as yet. $post_errors = array(); // If the session has timed out, let the user re-submit their form. if (checkSession('post', '', false) != '') { $post_errors[] = 'session_timeout'; } // Wrong verification code? if (!$user_info['is_admin'] && !$user_info['is_mod'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || $user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1)) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'post'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { $post_errors = array_merge($post_errors, $context['require_verification']); } } require_once $sourcedir . '/Subs-Post.php'; loadLanguage('Post'); // If this isn't a new topic load the topic info that we need. if (!empty($topic)) { $request = $smcFunc['db_query']('', ' SELECT locked, is_sticky, id_poll, approved, id_first_msg, id_last_msg, id_member_started, id_board FROM {db_prefix}topics WHERE id_topic = {int:current_topic} LIMIT 1', array('current_topic' => $topic)); $topic_info = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // Though the topic should be there, it might have vanished. if (!is_array($topic_info)) { fatal_lang_error('topic_doesnt_exist'); } // Did this topic suddenly move? Just checking... if ($topic_info['id_board'] != $board) { fatal_lang_error('not_a_topic'); } } // Replying to a topic? if (!empty($topic) && !isset($_REQUEST['msg'])) { // Don't allow a post if it's locked. if ($topic_info['locked'] != 0 && !allowedTo('moderate_board')) { fatal_lang_error('topic_locked', false); } // Sorry, multiple polls aren't allowed... yet. You should stop giving me ideas :P. if (isset($_REQUEST['poll']) && $topic_info['id_poll'] > 0) { unset($_REQUEST['poll']); } // Do the permissions and approval stuff... $becomesApproved = true; if ($topic_info['id_member_started'] != $user_info['id']) { if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_any') && !allowedTo('post_reply_any')) { $becomesApproved = false; } else { isAllowedTo('post_reply_any'); } } elseif (!allowedTo('post_reply_any')) { if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_own') && !allowedTo('post_reply_own')) { $becomesApproved = false; } else { isAllowedTo('post_reply_own'); } } if (isset($_POST['lock'])) { // Nothing is changed to the lock. if (empty($topic_info['locked']) && empty($_POST['lock']) || !empty($_POST['lock']) && !empty($topic_info['locked'])) { unset($_POST['lock']); } elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']) { unset($_POST['lock']); } elseif (!allowedTo('lock_any')) { // You cannot override a moderator lock. if ($topic_info['locked'] == 1) { unset($_POST['lock']); } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 2; } } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 1; } } // So you wanna (un)sticky this...let's see. if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || $_POST['sticky'] == $topic_info['is_sticky'] || !allowedTo('make_sticky'))) { unset($_POST['sticky']); } // If the number of replies has changed, if the setting is enabled, go back to Post() - which handles the error. if (empty($options['no_new_reply_warning']) && isset($_POST['last_msg']) && $topic_info['id_last_msg'] > $_POST['last_msg']) { $_REQUEST['preview'] = true; return Post(); } $posterIsGuest = $user_info['is_guest']; } elseif (empty($topic)) { // Now don't be silly, new topics will get their own id_msg soon enough. unset($_REQUEST['msg'], $_POST['msg'], $_GET['msg']); // Do like, the permissions, for safety and stuff... $becomesApproved = true; if ($modSettings['postmod_active'] && !allowedTo('post_new') && allowedTo('post_unapproved_topics')) { $becomesApproved = false; } else { isAllowedTo('post_new'); } if (isset($_POST['lock'])) { // New topics are by default not locked. if (empty($_POST['lock'])) { unset($_POST['lock']); } elseif (!allowedTo(array('lock_any', 'lock_own'))) { unset($_POST['lock']); } else { $_POST['lock'] = allowedTo('lock_any') ? 1 : 2; } } if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || empty($_POST['sticky']) || !allowedTo('make_sticky'))) { unset($_POST['sticky']); } $posterIsGuest = $user_info['is_guest']; } elseif (isset($_REQUEST['msg']) && !empty($topic)) { $_REQUEST['msg'] = (int) $_REQUEST['msg']; $request = $smcFunc['db_query']('', ' SELECT id_member, poster_name, poster_email, poster_time, approved FROM {db_prefix}messages WHERE id_msg = {int:id_msg} LIMIT 1', array('id_msg' => $_REQUEST['msg'])); if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('cant_find_messages', false); } $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); if (!empty($topic_info['locked']) && !allowedTo('moderate_board')) { fatal_lang_error('topic_locked', false); } if (isset($_POST['lock'])) { // Nothing changes to the lock status. if (empty($_POST['lock']) && empty($topic_info['locked']) || !empty($_POST['lock']) && !empty($topic_info['locked'])) { unset($_POST['lock']); } elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']) { unset($_POST['lock']); } elseif (!allowedTo('lock_any')) { // You're not allowed to break a moderator's lock. if ($topic_info['locked'] == 1) { unset($_POST['lock']); } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 2; } } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 1; } } // Change the sticky status of this topic? if (isset($_POST['sticky']) && (!allowedTo('make_sticky') || $_POST['sticky'] == $topic_info['is_sticky'])) { unset($_POST['sticky']); } if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) { if ((!$modSettings['postmod_active'] || $row['approved']) && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_own')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_own'); } } elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_any')) { isAllowedTo('modify_replies'); // If you're modifying a reply, I say it better be logged... $moderationAction = true; } else { isAllowedTo('modify_any'); // Log it, assuming you're not modifying your own post. if ($row['id_member'] != $user_info['id']) { $moderationAction = true; } } $posterIsGuest = empty($row['id_member']); // Can they approve it? $can_approve = allowedTo('approve_posts'); $becomesApproved = $modSettings['postmod_active'] ? $can_approve && !$row['approved'] ? !empty($_REQUEST['approve']) ? 1 : 0 : $row['approved'] : 1; $approve_has_changed = $row['approved'] != $becomesApproved; if (!allowedTo('moderate_forum') || !$posterIsGuest) { $_POST['guestname'] = $row['poster_name']; $_POST['email'] = $row['poster_email']; } } // If the poster is a guest evaluate the legality of name and email. if ($posterIsGuest) { $_POST['guestname'] = !isset($_POST['guestname']) ? '' : trim($_POST['guestname']); $_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']); if ($_POST['guestname'] == '' || $_POST['guestname'] == '_') { $post_errors[] = 'no_name'; } if ($smcFunc['strlen']($_POST['guestname']) > 25) { $post_errors[] = 'long_name'; } if (empty($modSettings['guest_post_no_email'])) { // Only check if they changed it! if (!isset($row) || $row['poster_email'] != $_POST['email']) { if (!allowedTo('moderate_forum') && (!isset($_POST['email']) || $_POST['email'] == '')) { $post_errors[] = 'no_email'; } if (!allowedTo('moderate_forum') && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['email']) == 0) { $post_errors[] = 'bad_email'; } } // Now make sure this email address is not banned from posting. isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title'])); } // In case they are making multiple posts this visit, help them along by storing their name. if (empty($post_errors)) { $_SESSION['guest_name'] = $_POST['guestname']; $_SESSION['guest_email'] = $_POST['email']; } } // Check the subject and message. if (!isset($_POST['subject']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['subject'])) === '') { $post_errors[] = 'no_subject'; } if (!isset($_POST['message']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['message']), ENT_QUOTES) === '') { $post_errors[] = 'no_message'; } elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_POST['message']) > $modSettings['max_messageLength']) { $post_errors[] = 'long_message'; } else { // Prepare the message a bit for some additional testing. $_POST['message'] = $smcFunc['htmlspecialchars']($_POST['message'], ENT_QUOTES); // Preparse code. (Zef) if ($user_info['is_guest']) { $user_info['name'] = $_POST['guestname']; } preparsecode($_POST['message']); // Let's see if there's still some content left without the tags. if ($smcFunc['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($_POST['message'], '[html]') === false)) { $post_errors[] = 'no_message'; } } if (isset($_POST['calendar']) && !isset($_REQUEST['deleteevent']) && $smcFunc['htmltrim']($_POST['evtitle']) === '') { $post_errors[] = 'no_event'; } // You are not! if (isset($_POST['message']) && strtolower($_POST['message']) == 'i am the administrator.' && !$user_info['is_admin']) { fatal_error('Knave! Masquerader! Charlatan!', false); } // Validate the poll... if (isset($_REQUEST['poll']) && $modSettings['pollMode'] == '1') { if (!empty($topic) && !isset($_REQUEST['msg'])) { fatal_lang_error('no_access', false); } // This is a new topic... so it's a new poll. if (empty($topic)) { isAllowedTo('poll_post'); } elseif ($user_info['id'] == $topic_info['id_member_started'] && !allowedTo('poll_add_any')) { isAllowedTo('poll_add_own'); } else { isAllowedTo('poll_add_any'); } if (!isset($_POST['question']) || trim($_POST['question']) == '') { $post_errors[] = 'no_question'; } $_POST['options'] = empty($_POST['options']) ? array() : htmltrim__recursive($_POST['options']); // Get rid of empty ones. foreach ($_POST['options'] as $k => $option) { if ($option == '') { unset($_POST['options'][$k], $_POST['options'][$k]); } } // What are you going to vote between with one choice?!? if (count($_POST['options']) < 2) { $post_errors[] = 'poll_few'; } } if ($posterIsGuest) { // If user is a guest, make sure the chosen name isn't taken. require_once $sourcedir . '/Subs-Members.php'; if (isReservedName($_POST['guestname'], 0, true, false) && (!isset($row['poster_name']) || $_POST['guestname'] != $row['poster_name'])) { $post_errors[] = 'bad_name'; } } elseif (!isset($_REQUEST['msg'])) { $_POST['guestname'] = $user_info['username']; $_POST['email'] = $user_info['email']; } // Any mistakes? if (!empty($post_errors)) { loadLanguage('Errors'); // Previewing. $_REQUEST['preview'] = true; $context['post_error'] = array('messages' => array()); foreach ($post_errors as $post_error) { $context['post_error'][$post_error] = true; if ($post_error == 'long_message') { $txt['error_' . $post_error] = sprintf($txt['error_' . $post_error], $modSettings['max_messageLength']); } $context['post_error']['messages'][] = $txt['error_' . $post_error]; } return Post(); } // Make sure the user isn't spamming the board. if (!isset($_REQUEST['msg'])) { spamProtection('post'); } // At about this point, we're posting and that's that. ignore_user_abort(true); @set_time_limit(300); // Add special html entities to the subject, name, and email. $_POST['subject'] = strtr($smcFunc['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')); $_POST['guestname'] = htmlspecialchars($_POST['guestname']); $_POST['email'] = htmlspecialchars($_POST['email']); // At this point, we want to make sure the subject isn't too long. if ($smcFunc['strlen']($_POST['subject']) > 100) { $_POST['subject'] = $smcFunc['substr']($_POST['subject'], 0, 100); } // Make the poll... if (isset($_REQUEST['poll'])) { // Make sure that the user has not entered a ridiculous number of options.. if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) { $_POST['poll_max_votes'] = 1; } elseif ($_POST['poll_max_votes'] > count($_POST['options'])) { $_POST['poll_max_votes'] = count($_POST['options']); } else { $_POST['poll_max_votes'] = (int) $_POST['poll_max_votes']; } $_POST['poll_expire'] = (int) $_POST['poll_expire']; $_POST['poll_expire'] = $_POST['poll_expire'] > 9999 ? 9999 : ($_POST['poll_expire'] < 0 ? 0 : $_POST['poll_expire']); // Just set it to zero if it's not there.. if (!isset($_POST['poll_hide'])) { $_POST['poll_hide'] = 0; } else { $_POST['poll_hide'] = (int) $_POST['poll_hide']; } $_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0; $_POST['poll_guest_vote'] = isset($_POST['poll_guest_vote']) ? 1 : 0; // Make sure guests are actually allowed to vote generally. if ($_POST['poll_guest_vote']) { require_once $sourcedir . '/Subs-Members.php'; $allowedVoteGroups = groupsAllowedTo('poll_vote', $board); if (!in_array(-1, $allowedVoteGroups['allowed'])) { $_POST['poll_guest_vote'] = 0; } } // If the user tries to set the poll too far in advance, don't let them. if (!empty($_POST['poll_expire']) && $_POST['poll_expire'] < 1) { fatal_lang_error('poll_range_error', false); } elseif (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) { $_POST['poll_hide'] = 1; } // Clean up the question and answers. $_POST['question'] = htmlspecialchars($_POST['question']); $_POST['question'] = $smcFunc['truncate']($_POST['question'], 255); $_POST['question'] = preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', $_POST['question']); $_POST['options'] = htmlspecialchars__recursive($_POST['options']); } // Check if they are trying to delete any current attachments.... if (isset($_REQUEST['msg'], $_POST['attach_del']) && (allowedTo('post_attachment') || $modSettings['postmod_active'] && allowedTo('post_unapproved_attachments'))) { $del_temp = array(); foreach ($_POST['attach_del'] as $i => $dummy) { $del_temp[$i] = (int) $dummy; } require_once $sourcedir . '/ManageAttachments.php'; $attachmentQuery = array('attachment_type' => 0, 'id_msg' => (int) $_REQUEST['msg'], 'not_id_attach' => $del_temp); removeAttachments($attachmentQuery); } // ...or attach a new file... if (isset($_FILES['attachment']['name']) || !empty($_SESSION['temp_attachments']) && empty($_POST['from_qr'])) { // Verify they can post them! if (!$modSettings['postmod_active'] || !allowedTo('post_unapproved_attachments')) { isAllowedTo('post_attachment'); } // Make sure we're uploading to the right place. if (!empty($modSettings['currentAttachmentUploadDir'])) { if (!is_array($modSettings['attachmentUploadDir'])) { $modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']); } // The current directory, of course! $current_attach_dir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']]; } else { $current_attach_dir = $modSettings['attachmentUploadDir']; } // If this isn't a new post, check the current attachments. if (isset($_REQUEST['msg'])) { $request = $smcFunc['db_query']('', ' SELECT COUNT(*), SUM(size) FROM {db_prefix}attachments WHERE id_msg = {int:id_msg} AND attachment_type = {int:attachment_type}', array('id_msg' => (int) $_REQUEST['msg'], 'attachment_type' => 0)); list($quantity, $total_size) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); } else { $quantity = 0; $total_size = 0; } if (!empty($_SESSION['temp_attachments'])) { foreach ($_SESSION['temp_attachments'] as $attachID => $name) { if (preg_match('~^post_tmp_' . $user_info['id'] . '_\\d+$~', $attachID) == 0) { continue; } if (!empty($_POST['attach_del']) && !in_array($attachID, $_POST['attach_del'])) { unset($_SESSION['temp_attachments'][$attachID]); @unlink($current_attach_dir . '/' . $attachID); continue; } $_FILES['attachment']['tmp_name'][] = $attachID; $_FILES['attachment']['name'][] = $name; $_FILES['attachment']['size'][] = filesize($current_attach_dir . '/' . $attachID); list($_FILES['attachment']['width'][], $_FILES['attachment']['height'][]) = @getimagesize($current_attach_dir . '/' . $attachID); unset($_SESSION['temp_attachments'][$attachID]); } } if (!isset($_FILES['attachment']['name'])) { $_FILES['attachment']['tmp_name'] = array(); } $attachIDs = array(); foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) { if ($_FILES['attachment']['name'][$n] == '') { continue; } // Have we reached the maximum number of files we are allowed? $quantity++; if (!empty($modSettings['attachmentNumPerPostLimit']) && $quantity > $modSettings['attachmentNumPerPostLimit']) { checkSubmitOnce('free'); fatal_lang_error('attachments_limit_per_post', false, array($modSettings['attachmentNumPerPostLimit'])); } // Check the total upload size for this post... $total_size += $_FILES['attachment']['size'][$n]; if (!empty($modSettings['attachmentPostLimit']) && $total_size > $modSettings['attachmentPostLimit'] * 1024) { checkSubmitOnce('free'); fatal_lang_error('file_too_big', false, array($modSettings['attachmentPostLimit'])); } $attachmentOptions = array('post' => isset($_REQUEST['msg']) ? $_REQUEST['msg'] : 0, 'poster' => $user_info['id'], 'name' => $_FILES['attachment']['name'][$n], 'tmp_name' => $_FILES['attachment']['tmp_name'][$n], 'size' => $_FILES['attachment']['size'][$n], 'approved' => !$modSettings['postmod_active'] || allowedTo('post_attachment')); if (createAttachment($attachmentOptions)) { $attachIDs[] = $attachmentOptions['id']; if (!empty($attachmentOptions['thumb'])) { $attachIDs[] = $attachmentOptions['thumb']; } } else { if (in_array('could_not_upload', $attachmentOptions['errors'])) { checkSubmitOnce('free'); fatal_lang_error('attach_timeout', 'critical'); } if (in_array('too_large', $attachmentOptions['errors'])) { checkSubmitOnce('free'); fatal_lang_error('file_too_big', false, array($modSettings['attachmentSizeLimit'])); } if (in_array('bad_extension', $attachmentOptions['errors'])) { checkSubmitOnce('free'); fatal_error($attachmentOptions['name'] . '.<br />' . $txt['cant_upload_type'] . ' ' . $modSettings['attachmentExtensions'] . '.', false); } if (in_array('directory_full', $attachmentOptions['errors'])) { checkSubmitOnce('free'); fatal_lang_error('ran_out_of_space', 'critical'); } if (in_array('bad_filename', $attachmentOptions['errors'])) { checkSubmitOnce('free'); fatal_error(basename($attachmentOptions['name']) . '.<br />' . $txt['restricted_filename'] . '.', 'critical'); } if (in_array('taken_filename', $attachmentOptions['errors'])) { checkSubmitOnce('free'); fatal_lang_error('filename_exists'); } if (in_array('bad_attachment', $attachmentOptions['errors'])) { checkSubmitOnce('free'); fatal_lang_error('bad_attachment'); } } } } // Make the poll... if (isset($_REQUEST['poll'])) { // Create the poll. $smcFunc['db_insert']('', '{db_prefix}polls', array('question' => 'string-255', 'hide_results' => 'int', 'max_votes' => 'int', 'expire_time' => 'int', 'id_member' => 'int', 'poster_name' => 'string-255', 'change_vote' => 'int', 'guest_vote' => 'int'), array($_POST['question'], $_POST['poll_hide'], $_POST['poll_max_votes'], empty($_POST['poll_expire']) ? 0 : time() + $_POST['poll_expire'] * 3600 * 24, $user_info['id'], $_POST['guestname'], $_POST['poll_change_vote'], $_POST['poll_guest_vote']), array('id_poll')); $id_poll = $smcFunc['db_insert_id']('{db_prefix}polls', 'id_poll'); // Create each answer choice. $i = 0; $pollOptions = array(); foreach ($_POST['options'] as $option) { $pollOptions[] = array($id_poll, $i, $option); $i++; } $smcFunc['db_insert']('insert', '{db_prefix}poll_choices', array('id_poll' => 'int', 'id_choice' => 'int', 'label' => 'string-255'), $pollOptions, array('id_poll', 'id_choice')); } else { $id_poll = 0; } // Creating a new topic? $newTopic = empty($_REQUEST['msg']) && empty($topic); $_POST['icon'] = !empty($attachIDs) && $_POST['icon'] == 'xx' ? 'clip' : $_POST['icon']; // Collect all parameters for the creation or modification of a post. $msgOptions = array('id' => empty($_REQUEST['msg']) ? 0 : (int) $_REQUEST['msg'], 'subject' => $_POST['subject'], 'body' => $_POST['message'], 'icon' => preg_replace('~[\\./\\\\*:"\'<>]~', '', $_POST['icon']), 'smileys_enabled' => !isset($_POST['ns']), 'attachments' => empty($attachIDs) ? array() : $attachIDs, 'approved' => $becomesApproved); $topicOptions = array('id' => empty($topic) ? 0 : $topic, 'board' => $board, 'poll' => isset($_REQUEST['poll']) ? $id_poll : null, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true, 'is_approved' => !$modSettings['postmod_active'] || empty($topic) || !empty($board_info['cur_topic_approved'])); $posterOptions = array('id' => $user_info['id'], 'name' => $_POST['guestname'], 'email' => $_POST['email'], 'update_post_count' => !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count']); // This is an already existing message. Edit it. if (!empty($_REQUEST['msg'])) { // Have admins allowed people to hide their screwups? if (time() - $row['poster_time'] > $modSettings['edit_wait_time'] || $user_info['id'] != $row['id_member']) { $msgOptions['modify_time'] = time(); $msgOptions['modify_name'] = $user_info['name']; } // This will save some time... if (empty($approve_has_changed)) { unset($msgOptions['approved']); } modifyPost($msgOptions, $topicOptions, $posterOptions); } else { createPost($msgOptions, $topicOptions, $posterOptions); if (isset($topicOptions['id'])) { $topic = $topicOptions['id']; } } // Editing or posting an event? if (isset($_POST['calendar']) && (!isset($_REQUEST['eventid']) || $_REQUEST['eventid'] == -1)) { require_once $sourcedir . '/Subs-Calendar.php'; // Make sure they can link an event to this post. canLinkEvent(); // Insert the event. $eventOptions = array('board' => $board, 'topic' => $topic, 'title' => $_POST['evtitle'], 'member' => $user_info['id'], 'start_date' => sprintf('%04d-%02d-%02d', $_POST['year'], $_POST['month'], $_POST['day']), 'span' => isset($_POST['span']) && $_POST['span'] > 0 ? min((int) $modSettings['cal_maxspan'], (int) $_POST['span'] - 1) : 0); insertEvent($eventOptions); } elseif (isset($_POST['calendar'])) { $_REQUEST['eventid'] = (int) $_REQUEST['eventid']; // Validate the post... require_once $sourcedir . '/Subs-Calendar.php'; validateEventPost(); // If you're not allowed to edit any events, you have to be the poster. if (!allowedTo('calendar_edit_any')) { // Get the event's poster. $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}calendar WHERE id_event = {int:id_event}', array('id_event' => $_REQUEST['eventid'])); $row2 = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // Silly hacker, Trix are for kids. ...probably trademarked somewhere, this is FAIR USE! (parody...) isAllowedTo('calendar_edit_' . ($row2['id_member'] == $user_info['id'] ? 'own' : 'any')); } // Delete it? if (isset($_REQUEST['deleteevent'])) { $smcFunc['db_query']('', ' DELETE FROM {db_prefix}calendar WHERE id_event = {int:id_event}', array('id_event' => $_REQUEST['eventid'])); } else { $span = !empty($modSettings['cal_allowspan']) && !empty($_REQUEST['span']) ? min((int) $modSettings['cal_maxspan'], (int) $_REQUEST['span'] - 1) : 0; $start_time = mktime(0, 0, 0, (int) $_REQUEST['month'], (int) $_REQUEST['day'], (int) $_REQUEST['year']); $smcFunc['db_query']('', ' UPDATE {db_prefix}calendar SET end_date = {date:end_date}, start_date = {date:start_date}, title = {string:title} WHERE id_event = {int:id_event}', array('end_date' => strftime('%Y-%m-%d', $start_time + $span * 86400), 'start_date' => strftime('%Y-%m-%d', $start_time), 'id_event' => $_REQUEST['eventid'], 'title' => $smcFunc['htmlspecialchars']($_REQUEST['evtitle'], ENT_QUOTES))); } updateSettings(array('calendar_updated' => time())); } // Marking read should be done even for editing messages.... // Mark all the parents read. (since you just posted and they will be unread.) if (!$user_info['is_guest'] && !empty($board_info['parent_boards'])) { $smcFunc['db_query']('', ' UPDATE {db_prefix}log_boards SET id_msg = {int:id_msg} WHERE id_member = {int:current_member} AND id_board IN ({array_int:board_list})', array('current_member' => $user_info['id'], 'board_list' => array_keys($board_info['parent_boards']), 'id_msg' => $modSettings['maxMsgID'])); } // Turn notification on or off. (note this just blows smoke if it's already on or off.) if (!empty($_POST['notify']) && allowedTo('mark_any_notify')) { $smcFunc['db_insert']('ignore', '{db_prefix}log_notify', array('id_member' => 'int', 'id_topic' => 'int', 'id_board' => 'int'), array($user_info['id'], $topic, 0), array('id_member', 'id_topic', 'id_board')); } elseif (!$newTopic) { $smcFunc['db_query']('', ' DELETE FROM {db_prefix}log_notify WHERE id_member = {int:current_member} AND id_topic = {int:current_topic}', array('current_member' => $user_info['id'], 'current_topic' => $topic)); } // Log an act of moderation - modifying. if (!empty($moderationAction)) { logAction('modify', array('topic' => $topic, 'message' => (int) $_REQUEST['msg'], 'member' => $row['id_member'], 'board' => $board)); } if (isset($_POST['lock']) && $_POST['lock'] != 2) { logAction('lock', array('topic' => $topicOptions['id'], 'board' => $topicOptions['board'])); } if (isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics'])) { logAction('sticky', array('topic' => $topicOptions['id'], 'board' => $topicOptions['board'])); } // Notify any members who have notification turned on for this topic - only do this if it's going to be approved(!) if ($becomesApproved) { if ($newTopic) { $notifyData = array('body' => $_POST['message'], 'subject' => $_POST['subject'], 'name' => $user_info['name'], 'poster' => $user_info['id'], 'msg' => $msgOptions['id'], 'board' => $board, 'topic' => $topic); notifyMembersBoard($notifyData); } elseif (empty($_REQUEST['msg'])) { // Only send it to everyone if the topic is approved, otherwise just to the topic starter if they want it. if ($topic_info['approved']) { sendNotifications($topic, 'reply'); } else { sendNotifications($topic, 'reply', array(), $topic_info['id_member_started']); } } } // Returning to the topic? if (!empty($_REQUEST['goback'])) { // Mark the board as read.... because it might get confusing otherwise. $smcFunc['db_query']('', ' UPDATE {db_prefix}log_boards SET id_msg = {int:maxMsgID} WHERE id_member = {int:current_member} AND id_board = {int:current_board}', array('current_board' => $board, 'current_member' => $user_info['id'], 'maxMsgID' => $modSettings['maxMsgID'])); } if ($board_info['num_topics'] == 0) { cache_put_data('board-' . $board, null, 120); } if (!empty($_POST['announce_topic'])) { redirectexit('action=announce;sa=selectgroup;topic=' . $topic . (!empty($_POST['move']) && allowedTo('move_any') ? ';move' : '') . (empty($_REQUEST['goback']) ? '' : ';goback')); } if (!empty($_POST['move']) && allowedTo('move_any')) { redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback')); } // Return to post if the mod is on. if (isset($_REQUEST['msg']) && !empty($_REQUEST['goback'])) { redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg'] . '#msg' . $_REQUEST['msg'], $context['browser']['is_ie']); } elseif (!empty($_REQUEST['goback'])) { redirectexit('topic=' . $topic . '.new#new', $context['browser']['is_ie']); } else { redirectexit('board=' . $board . '.0'); } }
function method_create_topic($is_post = false, $new_api = false) { global $mobdb, $mobsettings, $modSettings, $context, $scripturl, $sourcedir, $user_info, $board, $topic, $func, $language, $txt, $sc; // We need these for creating topics require_once $sourcedir . '/Subs-Post.php'; require_once $sourcedir . '/Post.php'; // Guest? No entry if ($user_info['is_guest']) { createErrorResponse(21); } // Figure out the parameters if ($is_post) { if ($new_api) { $_POST['board'] = intval($context['mob_request']['params'][0][0]); $_POST['topic'] = intval($context['mob_request']['params'][1][0]); $_POST['icon'] = 'xx'; $_POST['topic'] = intval($context['mob_request']['params'][1][0]); $_POST['subject'] = utf8ToAscii(base64_decode($context['mob_request']['params'][2][0])); $_POST['message'] = utf8ToAscii(base64_decode($context['mob_request']['params'][3][0])); $_POST['sc'] = $sc = ''; //$_POST['attachments'] = isset($request_params[4]) ? explode('.', implode('.', $request_params[4])) : array(); tt_clean_request(); loadBoard(); loadPermissions(); // Get a response prefix (like 'Re:') in the default forum language. if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) { if ($language === $user_info['language']) { $context['response_prefix'] = $txt['response_prefix']; } else { loadLanguage('index', $language, false); $context['response_prefix'] = $txt['response_prefix']; loadLanguage('index'); } cache_put_data('response_prefix', $context['response_prefix'], 600); } $_POST['subject'] = $context['response_prefix'] . $_POST['subject']; $post_id = Post2(); outputRPCNewTopic($post_id, 1, true); } else { $id_topic = (int) $context['mob_request']['params'][0][0]; $body = base64_decode($context['mob_request']['params'][2][0]); $subject = base64_decode($context['mob_request']['params'][3][0]); if (isset($context['mob_request']['params'][4]) && $context['mob_request']['params'][4][0]) { $id_attach = (int) $context['mob_request']['params'][4][0]; } } } else { if ($new_api) { $_POST['board'] = intval($context['mob_request']['params'][0][0]); $_POST['icon'] = 'xx'; $_POST['subject'] = utf8ToAscii(base64_decode($context['mob_request']['params'][1][0])); $_POST['message'] = utf8ToAscii(base64_decode($context['mob_request']['params'][2][0])); $_POST['sc'] = $sc = ''; //$_POST['attachments'] = isset($request_params[4]) ? explode('.', implode('.', $request_params[4])) : array(); tt_clean_request(); loadBoard(); loadPermissions(); Post2(); outputRPCNewTopic($topic, 1, false); } else { $id_board = (int) $context['mob_request']['params'][0][0]; $subject = base64_decode($context['mob_request']['params'][1][0]); $body = base64_decode($context['mob_request']['params'][3][0]); if (isset($context['mob_request']['params'][4]) && $context['mob_request']['params'][4][0]) { $id_attach = (int) $context['mob_request']['params'][4][0]; } } } $subject = utf8ToAscii($subject); $body = utf8ToAscii($body); $_POST['subject'] = $subject; $_POST['message'] = $body; // Get a response prefix (like 'Re:') in the default forum language. if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) { if ($language === $user_info['language']) { $context['response_prefix'] = $txt['response_prefix']; } else { loadLanguage('index', $language, false); $context['response_prefix'] = $txt['response_prefix']; loadLanguage('index'); } cache_put_data('response_prefix', $context['response_prefix'], 600); } if ($is_post) { $subject = $context['response_prefix'] . $subject; } // Trim out the whitespace $subject = trim($subject); $body = trim($body); // Missing? Oh man if ($is_post) { if (!$is_post && empty($id_board) || empty($body) || isset($id_attach) && empty($id_attach) || isset($id_topic) && empty($id_topic)) { createErrorResponse(8); } } else { if (!$is_post && empty($id_board) || empty($body) || empty($subject) || isset($id_attach) && empty($id_attach) || isset($id_topic) && empty($id_topic)) { createErrorResponse(8); } } // Does this board exist? $mobdb->query(' SELECT b.ID_BOARD FROM ' . (!empty($id_topic) ? '{db_prefix}topics AS t INNER JOIN {db_prefix}boards AS b ON (t.ID_BOARD = b.ID_BOARD)' : '{db_prefix}boards AS b') . ' WHERE {query_see_board} AND ' . (!empty($id_topic) ? 't.ID_TOPIC' : 'b.ID_BOARD') . ' = {int:value}', array('value' => empty($id_topic) ? $id_board : $id_topic)); if ($mobdb->num_rows() == 0) { createErrorResponse(4); } list($id_board) = $mobdb->fetch_row(); $mobdb->free_result(); // Can we actually post? if (!isset($id_topic)) { if (allowedTo('post_new', $id_board)) { $can_post = 1; } elseif ($modSettings['postmod_active'] && !allowedTo('post_new', $id_board) && allowedTo('post_unapproved_topics', $id_board)) { $can_post = 2; } else { createErrorResponse(25); } } else { $mobdb->query(' SELECT locked, isSticky AS is_sticky, 1 AS approved, numReplies AS num_replies, ID_FIRST_MSG AS id_first_msg, ID_MEMBER_STARTED AS id_member_started, ID_BOARD AS id_board, ID_POLL AS id_poll FROM {db_prefix}topics WHERE id_topic = {int:current_topic} LIMIT 1', array('current_topic' => $id_topic)); $topic_info = $mobdb->fetch_assoc(); $mobdb->free_result(); if ($topic_info['id_board'] != $id_board) { createErrorResponse(25); } // Locked? if ($topic_info['locked'] && !allowedTo('moderate_board', $id_board)) { createErrorResponse(25); } // Is this this guy's topic? if ($topic_info['id_member_started'] == $user_info['id']) { if (allowedTo('post_reply_own', $id_board)) { $can_post = 1; } elseif ($modSettings['postmod_active'] && !allowedTo('post_reply_own', $id_board) && allowedTo('post_unapproved_replies_own', $id_board)) { $can_post = 2; } else { createErrorResponse(25); } } else { if (allowedTo('post_reply_any', $id_board)) { $can_post = 1; } elseif ($modSettings['postmod_active'] && !allowedTo('post_reply_any', $id_board) && allowedTo('post_unapproved_replies_any', $id_board)) { $can_post = 2; } else { createErrorResponse(2); } } } // Alright, we passed the security tests, lets check the inputs //$subject = strtr(htmlspecialchars($subject), array("\r" => '', "\n" => '', "\t" => '')); //$body = htmlspecialchars($body); ######## Added by Sean to fix the issue can not post############## $subject = addslashes__recursive($subject); $body = addslashes__recursive($body); // Set up the inputs for the form. $body = $func['htmlspecialchars']($body, ENT_QUOTES); preparsecode($body); $subject = strtr($func['htmlspecialchars']($subject), array("\r" => '', "\n" => '', "\t" => '')); ################################################################## if (strlen($subject) > 100) { $subject = substr($subject, 0, 100); } // Are the attachments valid? if (isset($id_attach)) { // Does it even exist? $mobdb->query(' SELECT a.ID_ATTACH, a.ID_THUMB FROM {db_prefix}attachments AS a WHERE a.ID_ATTACH = {int:attach}', array('attach' => $id_attach)); // Not found? if ($mobdb->num_rows() == 0) { unset($id_attach); } list($id_attach, $id_thumb) = $mobdb->fetch_row(); $mobdb->free_result(); } // Get the parameters ready $msgOptions = array('id' => 0, 'subject' => $subject, 'body' => $body, 'icon' => isset($id_attach) ? 'clip' : 'xx', 'smileys_enabled' => true, 'attachments' => isset($id_attach) ? array($id_attach, $id_thumb) : null, 'approved' => $can_post == 2 ? false : true); $topicOptions = array('id' => isset($id_topic) ? $id_topic : 0, 'board' => $id_board, 'poll' => isset($topic_info) ? $topic_info['id_poll'] : null, 'lock_mode' => isset($topic_info) ? $topic_info['locked'] : null, 'sticky_mode' => isset($topic_info) ? $topic_info['is_sticky'] : null, 'mark_as_read' => true, 'is_approved' => $can_post == 2 ? false : true); $posterOptions = array('id' => $user_info['id'], 'name' => $user_info['name'], 'email' => $user_info['email'], 'update_post_count' => true); // Actually create the topic... createPost($msgOptions, $topicOptions, $posterOptions); if (empty($topicOptions['id'])) { createErrorResponse(8); } $id_topic = $topicOptions['id']; trackStats(); // Notifications anyone? $notifyData = array('body' => $body, 'subject' => $subject, 'name' => $user_info['name'], 'poster' => $user_info['id'], 'msg' => $msgOptions['id'], 'board' => $id_board, 'topic' => $id_topic); //!!! Stupid fix for SMF 1.1 $board = $id_board; $topic = $id_topic; if (!$is_post) { notifyMembersBoard($notifyData); } // Send out the response outputRPCNewTopic($is_post ? $msgOptions['id'] : $topicOptions['id'], $can_post, $is_post); }