if (empty($bbcodeoff) && !$allowhidecode && preg_match("/\\[hide=?\\d*\\].+?\\[\\/hide\\]/is", preg_replace("/(\\[code\\].*\\[\\/code\\])/is", '', $message))) {
wapmsg('post_hide_nopermission');
}
if (!$adminid && $newbiespan && (!$lastpost || $timestamp - $lastpost < $newbiespan * 3600)) {
$regdate = $db->result_first("SELECT regdate FROM {$tablepre}members WHERE uid='{$discuz_uid}'");
if ($timestamp - $regdate < $newbiespan * 3600) {
showmessage('post_newbie_span');
}
}
$postcredits = $forum['postcredits'] ? $forum['postcredits'] : $creditspolicy['post'];
$replycredits = $forum['replycredits'] ? $forum['replycredits'] : $creditspolicy['reply'];
$modnewthreads = (!$allowdirectpost || $allowdirectpost == 1) && ($forum['modnewposts'] || !empty($censormod)) ? 1 : 0;
$modnewreplies = (!$allowdirectpost || $allowdirectpost == 2) && ($forum['modnewposts'] == 2 || !empty($censormod)) ? 1 : 0;
$subject = wapconvert($subject);
$subject = $subject != '' ? dhtmlspecialchars(censor(trim($subject))) : '';
$message = wapconvert($message);
$message = $message != '' ? censor(trim($message)) : '';
if ($do == 'newthread') {
$discuz_action = 195;
if (empty($forum['allowpost']) && (!$forum['postperm'] && !$allowpost || $forum['postperm'] && !forumperm($forum['postperm']))) {
wapmsg('post_newthread_nopermission');
}
if (empty($subject) || empty($message)) {
$typeselect = isset($forum['threadtypes']['required']) ? typeselect() : '';
echo "<p>" . ($typeselect ? "{$lang['type']}{$typeselect}<br />\n" : '') . "{$lang['subject']}<input type=\"text\" name=\"subject\" value=\"\" maxlength=\"80\" format=\"M*m\" /><br />\n" . "{$lang['message']}<input type=\"text\" name=\"message\" value=\"\" format=\"M*m\" /><br />\n" . "<anchor title=\"{$lang['submit']}\">{$lang['submit']}" . "<go method=\"post\" href=\"index.php?action=post&do=newthread&fid={$fid}&sid={$sid}\">\n" . "<postfield name=\"subject\" value=\"\$(subject)\" />\n" . "<postfield name=\"message\" value=\"\$(message)\" />\n" . "<postfield name=\"formhash\" value=\"" . formhash() . "\" />\n" . ($typeselect ? "<postfield name=\"typeid\" value=\"\$(typeid)\" />\n" : '') . "</go></anchor>\n<br /><br />" . "<a href=\"index.php?action=forum&fid={$fid}\">{$lang['return_forum']}</a></p>\n";
} else {
if ($post_invalid = checkpost()) {
wapmsg($post_invalid);
}
if ($formhash != formhash()) {
wapmsg('wap_submit_invalid');
function wapconvert($str)
{
static $chs;
if ($str != '' && !is_numeric($str) && $GLOBALS['charset'] != 'utf-8') {
$chs = empty($chs) ? new Chinese('UTF-8', $GLOBALS['charset']) : $chs;
if (is_array($str)) {
foreach ($str as $key => $val) {
$str[$key] = wapconvert($val);
}
} else {
$str = addslashes($chs->Convert(stripslashes($str)));
}
}
return $str;
}
"<postfield name=\"questionid\" value=\"$(questionid)\" />\n".
"<postfield name=\"answer\" value=\"$(answer)\" />\n".
"<postfield name=\"username\" value=\"$(username)\" />\n".
"<postfield name=\"password\" value=\"$(password)\" />\n".
"<postfield name=\"loginfield\" value=\"$(loginfield)\" />\n".
"</go></anchor></p>\n";
} else {
$loginperm = logincheck();
if(!$loginperm) {
wapmsg('login_strike');
}
$answer = wapconvert($answer);
$username = wapconvert($username);
require_once DISCUZ_ROOT.'./uc_client/client.php';
$ucresult = uc_user_login($username, $password, $loginfield, 1, $questionid, $answer);
list($tmp['uid'], $tmp['username'], $tmp['password'], $tmp['email']) = daddslashes($ucresult, 1);
$ucresult = $tmp;
if($ucresult['uid'] > 0) {
$member = $db->fetch_first("SELECT uid AS discuz_uid, username AS discuz_user, password AS discuz_pw, secques AS discuz_secques, groupid, invisible
FROM {$tablepre}members WHERE uid='$ucresult[uid]'");
if(!$member) {
if(!$wapregister) {
wapmsg('activation_disable');
}
$groupinfo = $db->fetch_first("SELECT groupid FROM {$tablepre}usergroups WHERE ".($regverify ? "groupid='8'" : "creditshigher<=".intval($initcredits)." AND ".intval($initcredits)."<creditslower LIMIT 1"));
exit('Access Denied');
}
if ($discuz_uid) {
wapmsg('login_succeed');
}
if (!$wapregister) {
wapmsg('register_disable');
}
$groupinfo = $db->fetch_first("SELECT groupid FROM {$tablepre}usergroups WHERE " . ($regverify ? "groupid='8'" : "creditshigher<=" . intval($initcredits) . " AND " . intval($initcredits) . "<creditslower LIMIT 1"));
if (empty($username)) {
echo "<p>{$lang['register_username']}:<input type=\"text\" name=\"username\" value=\"\" maxlength=\"15\" /><br />\n" . "{$lang['password']}: <input type=\"password\" name=\"password\" value=\"\" /><br />\n" . "{$lang['email']}: <input type=\"text\" name=\"email\" value=\"\" /><br />\n" . ($regverify == 2 ? "{$lang['register_reason']}: <input type=\"text\" name=\"regmessage\" value=\"\" />\n" : '') . "<anchor title=\"{$lang['submit']}\">{$lang['submit']}" . "<go method=\"post\" href=\"index.php?action=register&sid={$sid}\">\n" . "<postfield name=\"username\" value=\"\$(username)\" />\n" . "<postfield name=\"password\" value=\"\$(password)\" />\n" . "<postfield name=\"email\" value=\"\$(email)\" />\n" . "</go></anchor></p>\n";
} else {
require_once DISCUZ_ROOT . './uc_client/client.php';
$email = trim(wapconvert($email));
$username = trim(wapconvert($username));
$regmessage = dhtmlspecialchars(wapconvert($regmessage));
if (uc_get_user($username) && !$db->result_first("SELECT uid FROM {$tablepre}members WHERE username='******'")) {
wapmsg('register_activation_message');
}
if ($regstatus == 2) {
wapmsg('register_invite');
}
if ($ipregctrl) {
foreach (explode("\n", $ipregctrl) as $ctrlip) {
if (preg_match("/^(" . preg_quote($ctrlip = trim($ctrlip), '/') . ")/", $onlineip)) {
$ctrlip = $ctrlip . '%';
$regctrl = 72;
break;
}
}
} else {
$index['searchtype'] = preg_replace("/^([a-z]+)\\|.*/", "\\1", $index['searchstring']);
$searchnum = $db->result_first("SELECT COUNT(*) FROM {$tablepre}threads WHERE tid IN ({$index['tids']}) AND displayorder>='0'");
if ($searchnum) {
echo "<p>{$lang['search_result']}<br />";
$query = $db->query("SELECT * FROM {$tablepre}threads WHERE tid IN ({$index['tids']}) AND displayorder>='0' ORDER BY dateline DESC LIMIT {$start_limit}, {$waptpp}");
while ($thread = $db->fetch_array($query)) {
echo "<a href=\"index.php?action=thread&tid={$thread['tid']}\">#" . ++$number . " " . cutstr($thread['subject'], 24) . "</a>({$thread['views']}/{$thread['replies']})<br />\n";
}
echo wapmulti($searchnum, $waptpp, $page, "index.php?action=search&searchid={$searchid}&do=submit&sid={$sid}");
echo '</p>';
} else {
wapmsg('search_invalid');
}
} else {
$srchtxt = trim(wapconvert($srchtxt));
$srchuname = trim(wapconvert($srchuname));
$srchuid = intval($srchuid);
$searchstring = 'title|' . addslashes($srchtxt) . '|' . $srchuid . '|' . $srchuname;
$searchindex = array('id' => 0, 'dateline' => '0');
$query = $db->query("SELECT searchid, dateline,\r\n\t\t\t('{$searchctrl}'<>'0' AND " . (empty($discuz_uid) ? "useip='{$onlineip}'" : "uid='{$discuz_uid}'") . " AND {$timestamp}-dateline<{$searchctrl}) AS flood,\r\n\t\t\t(searchstring='{$searchstring}' AND expiration>'{$timestamp}') AS indexvalid\r\n\t\t\tFROM {$tablepre}searchindex\r\n\t\t\tWHERE ('{$searchctrl}'<>'0' AND " . (empty($discuz_uid) ? "useip='{$onlineip}'" : "uid='{$discuz_uid}'") . " AND {$timestamp}-dateline<{$searchctrl}) OR (searchstring='{$searchstring}' AND expiration>'{$timestamp}')\r\n\t\t\tORDER BY flood");
while ($index = $db->fetch_array($query)) {
if ($index['indexvalid'] && $index['dateline'] > $searchindex['dateline']) {
$searchindex = array('id' => $index['searchid'], 'dateline' => $index['dateline']);
break;
} elseif ($index['flood']) {
wapmsg('search_ctrl');
}
}
if ($searchindex['id']) {
$searchid = $searchindex['id'];
} else {
