// Anti Flood Code
if (!($CURUSER['post_count'] < $CURUSER['post_max'])) {
stderr('Notice', 'You have reached your Post limit. Please wait 15 minutes before retrying.');
}
$newtopic = is_valid_id($forumid);
$subject = isset($_POST["subject"]) ? $_POST["subject"] : '';
if ($newtopic) {
$subject = trim($subject);
if (empty($subject)) {
stderr("Error", "You must enter a subject.");
}
if (strlen($subject) > $maxsubjectlength) {
stderr("Error", "Subject is limited to " . $maxsubjectlength . " characters.");
}
} else {
$forumid = get_topic_forum($topicid) or die("Bad topic ID");
}
if ($CURUSER["forumpost"] == 'no') {
stderr("Sorry", "Your are not allowed to post.)");
}
// ------ Make sure sure user has write access in forum
$arr = get_forum_access_levels($forumid) or die("Bad forum ID");
if ($CURUSER['class'] < $arr["write"] || $newtopic && $CURUSER['class'] < $arr["create"] && !isMod($forumid)) {
stderr("Error", "Permission denied.");
}
$body = trim($_POST["body"]);
if (empty($body)) {
stderr("Error", "No body text.");
}
$userid = (int) $CURUSER["id"];
if ($use_flood_mod && $CURUSER['class'] < UC_MODERATOR && !isMod($forumid)) {
$topicid = $_POST["topicid"];
if (!is_valid_id($forumid) && !is_valid_id($topicid)) {
showerror(T_("FORUM_ERROR"), "w00t");
}
$newtopic = $forumid > 0;
$subject = $_POST["subject"];
if ($newtopic) {
if (!$subject) {
showerror(T_("ERROR"), "You must enter a subject.");
}
$subject = trim($subject);
//if (!$subject)
//showerror(T_("ERROR"), "You must enter a subject.");
//showerror(T_("ERROR"), "Subject is limited to $maxsubjectlength characters.");
} else {
$forumid = get_topic_forum($topicid) or showerror(T_("FORUM_ERROR"), "Bad topic ID");
}
////// Make sure sure user has write access in forum
$arr = get_forum_access_levels($forumid) or showerror(T_("FORUM_ERROR"), "Bad forum ID");
if (get_user_class() < $arr["write"]) {
showerror(T_("FORUM_ERROR"), T_("FORUMS_NOT_PERMIT"));
}
$body = trim($_POST["body"]);
if (!$body) {
showerror(T_("ERROR"), "No body text.");
}
$userid = $CURUSER["id"];
if ($newtopic) {
//Create topic
$subject = sqlesc($subject);
SQL_Query_exec("INSERT INTO forum_topics (userid, forumid, subject) VALUES({$userid}, {$forumid}, {$subject})");
$topicid = isset($_POST["topicid"]) ? intval($_POST["topicid"]) : false;
if (!is_valid_id($forumid) && !is_valid_id($topicid)) {
stderr(ERROR, ERR_FORUM_TOPIC);
}
$newtopic = $forumid > 0;
$subject = isset($_POST["subject"]) ? $_POST["subject"] : false;
if ($newtopic) {
$subject = trim($subject);
if (!$subject) {
stderr(ERROR, ERR_SUBJECT);
}
if (strlen($subject) > $maxsubjectlength) {
stderr(ERROR, SUBJECT_MAX_CHAR . " " . $maxsubjectlength . " " . CHARACTERS);
}
} else {
$forumid = get_topic_forum($topicid) or die(ERR_TOPIC_ID);
}
//------ Make sure sure user has write access in forum
$arr = get_forum_access_levels($forumid) or die(BAD_FORUM_ID);
if (user::$current["id_level"] < $arr["write"] || $newtopic && user::$current["id_level"] < $arr["create"]) {
stderr(ERROR, ERR_PERM_DENIED);
}
$body = trim($_POST["body"]);
if ($body == "") {
stderr(ERROR, ERR_NO_BODY);
}
$userid = user::$current["uid"];
if ($newtopic) {
//---- Create topic
$subject = sqlesc(security::html_safe($subject));
$db->query("UPDATE forums SET topiccount = topiccount + 1 WHERE id = " . $forumid);
$forumid = isset($_POST["forumid"]) ? (int) $_POST["forumid"] : 0;
$topicid = isset($_POST["topicid"]) ? (int) $_POST["topicid"] : 0;
if (!is_valid_id($forumid) && !is_valid_id($topicid)) {
stderr("{$lang['forum_post_error']}", "{$lang['forum_post_bad_id']}");
}
$newtopic = $forumid > 0;
if ($newtopic) {
$subject = trim(strip_tags($_POST["subject"]));
if (!$subject) {
stderr("{$lang['forum_post_error']}", "{$lang['forum_post_subject']}");
}
if (strlen($subject) > $maxsubjectlength) {
stderr("{$lang['forum_post_error']}", "{$lang['forum_post_subject_limit']}");
}
} else {
$forumid = get_topic_forum($topicid) or die("{$lang['forum_post_bad_topic']}");
}
//------ Make sure sure user has write access in forum
$arr = get_forum_access_levels($forumid) or die("{$lang['forum_post_bad_forum']}");
if (get_user_class() < $arr["write"] || $newtopic && get_user_class() < $arr["create"]) {
stderr("{$lang['forum_post_error']}", "{$lang['forum_post_denied']}");
}
$body = trim($_POST["body"]);
if ($body == "") {
stderr("{$lang['forum_post_error']}", "{$lang['forum_post_body']}");
}
$userid = $CURUSER["id"];
if ($newtopic) {
//---- Create topic
$subject = sqlesc($subject);
@mysql_query("INSERT INTO topics (userid, forumid, subject) VALUES({$userid}, {$forumid}, {$subject})") or sqlerr(__FILE__, __LINE__);
$newtopic = $forumid > 0;
$subject = $_POST["subject"];
if ($newtopic)
{
$subject = trim($subject);
if (!$subject)
stderr("Villa", "Þú verður að hafa efni.");
if (strlen($subject) > $maxsubjectlength)
stderr("Villa", "Efni má vera mest $maxsubjectlength stafir.");
}
else
$forumid = get_topic_forum($topicid) or die("Slæmt ID");
//------ Make sure sure user has write access in forum
$arr = get_forum_access_levels($forumid) or die("Slæmt ID");
if (get_user_class() < $arr["write"] || ($newtopic && get_user_class() < $arr["create"])) {
if($CURUSER['donor'] === 'no' || $forumid === '1' || $forumid === '8' || $forumid === '12')
stderr("Villa", "Aðgangi hafnað.");
}
$body = trim($_POST["body"]);
if ($body == "")
stderr("Villa", "Ekkert meginatriði.");
