}
COM_updateSpeedlimit('forum');
// Insert a new log record for all logged in users that posted so it does not appear as new
if ($uid != '1') {
DB_query("INSERT INTO {$_TABLES['gf_log']} (uid,forum,topic,time) VALUES ('{$_USER['uid']}','{$forum}','{$lastid}','{$date}')");
}
forum_statusMessage($LANG_GF02['msg19'], $_CONF['site_url'] . "/forum/viewtopic.php?showtopic={$lastid}", $LANG_GF02['msg19']);
}
} else {
alertMessage($LANG_GF02['msg18']);
}
}
// END OF A NEW TOPIC...
} elseif ($method == 'postreply') {
if (function_exists('plugin_itemPreSave_captcha')) {
$msg = plugin_itemPreSave_captcha('forum', $_POST['captcha']);
if ($msg != '') {
$preview = 'Preview';
$subject = COM_stripslashes($_POST['subject']);
$retval .= COM_startBlock($LANG03[17], '', COM_getBlockTemplate('_msg_block', 'header')) . $msg . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
echo $retval;
}
}
if ($msg == '') {
//Add Reply
if ($_POST['aname'] != '') {
$name = gf_preparefordb($_POST['aname'], 'text');
} else {
$name = gf_preparefordb($_POST['name'], 'text');
}
$name = urldecode($name);
function FF_saveTopic($forumData, $postData, $action)
{
global $_CONF, $_TABLES, $_FF_CONF, $_USER, $LANG03, $LANG_GF01, $LANG_GF02;
$retval = '';
$uploadErrors = '';
$msg = '';
$errorMessages = '';
$email = '';
$forumfiles = array();
$okToSave = true;
$dt = new Date('now', $_USER['tzid']);
$date = $dt->toUnix();
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
// verify postmode is allowed
if (strtolower($postData['postmode']) == 'html') {
if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
$postData['postmode'] = 'html';
} else {
$postData['postmode'] = 'text';
}
}
// is forum readonly?
if ($forumData['is_readonly'] == 1) {
// Check if this user has moderation rights now to allow a post to a locked topic
if (!forum_modPermission($forumData['forum'], $uid, 'mod_edit')) {
_ff_accessError();
}
}
if ($action == 'saveedit') {
// does the forum match the forum id of the posted data?
if ($forumData['forum'] != 0 && $forumData['forum'] != $postData['forum']) {
_ff_accessError();
}
$editid = COM_applyFilter($postData['editid'], true);
$forum = COM_applyFilter($postData['forum'], true);
$editAllowed = false;
if (forum_modPermission($forumData['forum'], $_USER['uid'], 'mod_edit')) {
$editAllowed = true;
} else {
if ($_FF_CONF['allowed_editwindow'] > 0) {
$t1 = DB_getItem($_TABLES['ff_topic'], 'date', "id=" . (int) $postData['id']);
$t2 = $_FF_CONF['allowed_editwindow'];
$time = time();
if (time() - $t2 < $t1) {
$editAllowed = true;
}
} else {
$editAllowed = true;
}
}
if ($postData['editpid'] < 1 && trim($postData['subject']) == '') {
$retval .= FF_BlockMessage('', $LANG_GF02['msg18'], false);
$okToSave = false;
} elseif (!$editAllowed) {
$link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . (int) $postData['$id'];
$retval .= _ff_alertMessage('', $LANG_GF02['msg189'], sprintf($LANG_GF02['msg187'], $link));
$okToSave = false;
}
} else {
if (!COM_isAnonUser() && $_FF_CONF['use_sfs']) {
$email = isset($_USER['email']) ? $_USER['email'] : '';
}
}
if (isset($postData['name']) && $postData['name'] != '') {
$name = _ff_preparefordb(@htmlspecialchars(strip_tags(trim(COM_checkWords(USER_sanitizeName($postData['name'])))), ENT_QUOTES, COM_getEncodingt()), 'text');
$name = urldecode($name);
} else {
$okToSave = false;
$errorMessages .= $LANG_GF02['invalid_name'] . '<br />';
}
// speed limit check
if (!SEC_hasRights('forum.edit')) {
COM_clearSpeedlimit($_FF_CONF['post_speedlimit'], 'forum');
$last = COM_checkSpeedlimit('forum');
if ($last > 0) {
$errorMessages .= sprintf($LANG_GF01['SPEEDLIMIT'], $last, $_FF_CONF['post_speedlimit']) . '<br/>';
$okToSave = false;
}
}
// standard edit checks
if (strlen(trim($postData['name'])) < $_FF_CONF['min_username_length'] || strlen(trim($postData['subject'])) < $_FF_CONF['min_subject_length'] || strlen(trim($postData['comment'])) < $_FF_CONF['min_comment_length']) {
$errorMessages .= $LANG_GF02['msg18'] . '<br/>';
$okToSave = false;
}
// CAPTCHA check
if (function_exists('plugin_itemPreSave_captcha') && $okToSave == true) {
if (!isset($postData['captcha'])) {
$postData['captcha'] = '';
}
$msg = plugin_itemPreSave_captcha('forum', $postData['captcha']);
if ($msg != '') {
$errorMessages .= $msg . '<br/>';
$okToSave = false;
}
}
// spamx check
if ($_FF_CONF['use_spamx_filter'] == 1 && $okToSave == true) {
// Check for SPAM
$spamcheck = '<h1>' . $postData['subject'] . '</h1><p>' . $postData['comment'] . '</p>';
$result = PLG_checkforSpam($spamcheck, $_CONF['spamx']);
// Now check the result and redirect to index.php if spam action was taken
if ($result > 0) {
// then tell them to get lost ...
$errorMessages .= $LANG_GF02['spam_detected'];
$okToSave = false;
}
}
if ($_FF_CONF['use_sfs'] == 1 && COM_isAnonUser() && function_exists('plugin_itemPreSave_spamx')) {
$spamCheckData = array('username' => $postData['name'], 'email' => $email, 'ip' => $REMOTE_ADDR);
$msg = plugin_itemPreSave_spamx('forum', $spamCheckData);
if ($msg) {
$errorMessages .= $msg;
$okToSave = false;
}
}
if ($okToSave == false) {
$retval .= _ff_alertMessage($errorMessages, $LANG_GF01['ERROR'], ' ');
return array(false, $retval);
}
if ($okToSave == true) {
if (!isset($postData['postmode_switch'])) {
$postData['postmode_switch'] = 0;
}
$postmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']);
// validate postmode
if ($postmode == 'html' || $postmode == 'HTML') {
if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
$postmode = 'html';
} else {
$postmode = 'text';
}
}
$subject = _ff_preparefordb(strip_tags($postData['subject']), 'text');
$comment = _ff_preparefordb($postData['comment'], $postmode);
$mood = isset($postData['mood']) ? COM_applyFilter($postData['mood']) : '';
$id = COM_applyFilter($postData['id'], true);
$forum = COM_applyFilter($postData['forum'], true);
$notify = isset($postData['notify']) ? COM_applyFilter($postData['notify']) : '';
$status = 0;
if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) {
$status += DISABLE_BBCODE;
}
if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) {
$status += DISABLE_SMILIES;
}
if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) {
$status += DISABLE_URLPARSE;
}
// If user has moderator edit rights only
$locked = 0;
$sticky = 0;
if (isset($postData['modedit']) && $postData['modedit'] == 1) {
if (isset($postData['locked_switch']) && $postData['locked_switch'] == 1) {
$locked = 1;
}
if (isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) {
$sticky = 1;
}
}
if ($action == 'savetopic') {
$fields = "forum,name,email,date,lastupdated,subject,comment,postmode,ip,mood,uid,pid,sticky,locked,status";
$sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
$sql .= "VALUES (" . (int) $forum . "," . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'" . DB_escapeString($date) . "'," . "'" . $subject . "'," . "'" . $comment . "'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . "0," . (int) $sticky . "," . (int) $locked . "," . (int) $status . ")";
DB_query($sql);
// Find the id of the last inserted topic
list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
$savedPostID = $lastid;
$topicPID = $lastid;
/* Check for any uploaded files - during add of new topic */
$uploadErrors = _ff_check4files($lastid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid . " ";
if ($imagerecs != '') {
$sql .= "AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
// Update forums record
DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, topic_count=topic_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $lastid);
}
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
} else {
if ($action == 'savereply') {
$fields = "name,email,date,subject,comment,postmode,ip,mood,uid,pid,forum,status";
$sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
$sql .= "VALUES (" . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'{$subject}'," . "'{$comment}'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . (int) $id . "," . (int) $forum . "," . (int) $status . ")";
DB_query($sql);
// Find the id of the last inserted topic
list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
$savedPostID = $lastid;
$topicPID = $id;
/* Check for any uploaded files - during adding reply post */
$uploadErrors = _ff_check4files($lastid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid;
if ($imagerecs != '') {
$sql .= " AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
DB_query("UPDATE {$_TABLES['ff_topic']} SET replies=replies+1, lastupdated='" . DB_escapeString($date) . "',last_reply_rec=" . (int) $lastid . " WHERE id=" . (int) $id);
DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $id);
}
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
} elseif ($action == 'saveedit') {
$sql = "UPDATE {$_TABLES['ff_topic']} SET " . "subject='{$subject}'," . "comment='{$comment}'," . "postmode='" . DB_escapeString($postmode) . "'," . "mood='" . DB_escapeString($mood) . "'," . "sticky=" . (int) $sticky . "," . "locked=" . (int) $locked . "," . "status=" . (int) $status . " " . "WHERE (id=" . (int) $editid . ")";
DB_query($sql);
/* Check for any uploaded files - during save of edit */
$uploadErrors = _ff_check4files($editid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $editid . " ";
if ($imagerecs != '') {
$sql .= "AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
$topicPID = DB_getITEM($_TABLES['ff_topic'], "pid", "id=" . (int) $editid);
if ($topicPID == 0) {
$topicPID = $editid;
}
$savedPostID = $editid;
if ($postData['silentedit'] != 1) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET lastupdated='" . DB_escapeString($date) . "' WHERE id=" . (int) $topicPID);
//Remove any lastviewed records in the log so that the new updated topic indicator will appear
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
}
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $editid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $topicPID);
}
$topicparent = $topicPID;
}
}
COM_updateSpeedLimit('forum');
PLG_itemSaved($savedPostID, 'forum');
CACHE_remove_instance('forumcb');
if (!COM_isAnonUser()) {
//NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic
$nid = -$topicPID;
$currentForumNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id=0 AND uid=" . (int) $uid);
$currentTopicNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($topicPID) . "' AND uid=" . (int) $uid);
$currentTopicUnNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($nid) . "' AND uid=" . (int) $uid);
$forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum);
$topic_name = $subject;
if ($notify == 'on' and ($currentForumNotifyRecID < 1 and $currentTopicNotifyRecID < 1)) {
$sql = "INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) ";
$sql .= "VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($topicPID) . "','" . $subject . "'," . (int) $uid . ",now() )";
DB_query($sql);
} elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) {
// Had un-subcribed to topic and now wants to subscribe
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $currentTopicUnNotifyRecID);
} elseif ($notify == '' and $currentTopicNotifyRecID > 1) {
// Subscribed to topic - but does not want to be notified anymore
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
} elseif ($notify == '' and $currentForumNotifyRecID > 1) {
// Subscribed to forum - but does not want to be notified about this topic
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($nid) . "'");
DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($nid) . "','" . $subject . "'," . (int) $uid . ",now() )");
}
}
if ($action != 'saveedit') {
_ff_chknotifications($forum, $savedPostID, $uid);
}
$link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topicPID . '&topic=' . $savedPostID . '#' . $savedPostID;
if ($uploadErrors != '') {
$autorefresh = false;
} else {
$autorefresh = true;
}
$retval .= FF_statusMessage($uploadErrors . $LANG_GF02['msg19'], $link, $LANG_GF02['msg19'], false, '', $autorefresh);
} else {
$retval .= _ff_alertMessage($LANG_GF02['msg18']);
}
return array(true, $retval);
}