function EditEventNow($iEventID, $aEventInfo)
{
global $CFG, $dbConn;
// Title
if ($aEventInfo['title'] == '') {
// They either put in only whitespace or nothing at all.
$aError[] = 'You must specify the event title.';
} else {
if (strlen($aEventInfo['title']) > $CFG['maxlen']['subject']) {
// The title they specified is too long.
$aError[] = "The title you specified is longer than {$CFG['maxlen']['subject']} characters.";
}
}
$strTitle = $dbConn->sanitize($aEventInfo['title']);
// Event Information
if ($aEventInfo['body'] == '') {
// They either put in only whitespace or nothing at all.
$aError[] = 'You must specify the event information.';
} else {
if (strlen($aEventInfo['body']) > $CFG['maxlen']['messagebody']) {
// The event information they specified is too long.
$aError[] = "The event information you specified is longer than {$CFG['maxlen']['messagebody']} characters.";
}
}
if ($aEventInfo['parseemails']) {
$strEventInfo = $dbConn->sanitize(ParseEMails($aEventInfo['body']));
} else {
$strEventInfo = $dbConn->sanitize($aEventInfo['body']);
}
// Date
if (!checkdate($aEventInfo['month'], $aEventInfo['day'], $aEventInfo['year'])) {
// They specified an invalid Gregorian date.
$aError[] = 'The date you specified is invalid. The month, day, and year are all required.';
}
$strDate = sprintf('%04d-%02d-%02d', $aEventInfo['year'], $aEventInfo['month'], $aEventInfo['day']);
// If there was an error, let's return it.
if ($aError) {
return $aError;
}
$bIsPrivate = $aEventInfo['private'] ? 1 : 0;
// Add the event into the event table.
$dbConn->query("UPDATE event SET startdate='{$strDate}', title='{$strTitle}', body='{$strEventInfo}', dsmilies={$aEventInfo['dsmilies']}, ipaddress={$_SESSION['userip']} WHERE id={$iEventID}");
// Let the user know it was a success.
Msg("<b>The event was successfully saved.</b><br /><br /><span class=\"smaller\">You should be redirected momentarily. Click <a href=\"calendar.php?action=viewevent&eventid={$iEventID}\">here</a> if you do not want to wait any longer or if you are not redirected.</span>", "calendar.php?action=viewevent&eventid={$iEventID}");
}
function SendMessage()
{
global $CFG, $dbConn;
// Get the values from the user.
$strRecipient = $dbConn->sanitize($_REQUEST['recipient']);
$strSubject = $_REQUEST['subject'];
$iPostIcon = (int) $_REQUEST['icon'];
$strMessage = $_REQUEST['message'];
$bDisableSmilies = (int) (bool) $_REQUEST['dsmilies'];
$bTracking = (int) (bool) $_REQUEST['track'];
// Recipient
$dbConn->query("SELECT id, enablepms, rejectpms, ignorelist FROM citizen WHERE username='******'");
list($iRecipientID, $bEnablePMs, $bRejectPMs, $aIgnoreList) = $dbConn->getresult();
$aIgnoreList = (array) explode(',', $aIgnoreList);
// Does the user exist?
if ($iRecipientID === NULL) {
$aError[] = 'The user you specified does not exist.';
} else {
if ($iRecipientID == $_SESSION['userid']) {
$aError[] = 'You cannot send private messages to yourself.';
} else {
if (!$bEnablePMs) {
$aError[] = htmlsanitize("The message cannot be sent because {$strRecipient} has private messages disabled.");
} else {
if ($bRejectPMs && in_array($_SESSION['userid'], $aIgnoreList)) {
$aError[] = 'The user you specified does not accept private messages from members on their Ignore list.';
}
}
}
}
// Subject
if (trim($strSubject) == '') {
// They either put in only whitespace or nothing at all.
$aError[] = 'You must specify a subject.';
} else {
if (strlen($strSubject) > $CFG['maxlen']['subject']) {
// The subject they specified is too long.
$aError[] = "The subject you specified is longer than {$CFG['maxlen']['subject']} characters.";
}
}
$strSubject = $dbConn->sanitize($strSubject);
// Icon
if ($iPostIcon < 0 || $iPostIcon > 14) {
// They don't know what icon they want. We'll give them none.
$iPostIcon = 0;
}
// Message
if (trim($strMessage) == '') {
// They either put in only whitespace or nothing at all.
$aError[] = 'You must specify a message.';
} else {
if (strlen($strMessage) > $CFG['maxlen']['messagebody']) {
// The message they specified is too long.
$aError[] = "The message you specified is longer than {$CFG['maxlen']['messagebody']} characters.";
}
}
if ($_REQUEST['parseemails']) {
$strMessage = ParseEMails($strMessage);
}
$strMessage = $dbConn->sanitize($strMessage);
// If there was an error, let's return it.
if (is_array($aError)) {
return $aError;
}
// Add the message to the database.
$dbConn->query("INSERT INTO pm(ownerid, datetime, author, recipient, subject, body, parent, ipaddress, icon, dsmilies, beenread, tracking) VALUES({$iRecipientID}, {$CFG['globaltime']}, {$_SESSION['userid']}, {$iRecipientID}, '{$strSubject}', '{$strMessage}', 0, {$_SESSION['userip']}, {$iPostIcon}, {$bDisableSmilies}, 0, {$bTracking})");
// Did they want to save a copy?
if ($_REQUEST['savecopy']) {
// Yes, so do so.
$dbConn->query("INSERT INTO pm(ownerid, datetime, author, recipient, subject, body, parent, ipaddress, icon, dsmilies, beenread) VALUES({$_SESSION['userid']}, {$CFG['globaltime']}, {$_SESSION['userid']}, {$iRecipientID}, '{$strSubject}', '{$strMessage}', 1, {$_SESSION['userip']}, {$iPostIcon}, {$bDisableSmilies}, 0)");
}
// Was this message a reply to another one?
if ($_REQUEST['action'] == 'reply') {
// Yes, mark the original message as been replied.
$iMessageID = (int) $_REQUEST['id'];
$dbConn->query("UPDATE pm SET replied=1 WHERE id={$iMessageID} AND ownerid={$_SESSION['userid']}");
}
// Render the page.
Msg("<b>Your message has been successfully sent.</b><br /><br /><span class=\"smaller\">You should be redirected momentarily. Click <a href=\"private.php\">here</a> if you do not want to wait any longer or if you are not redirected.</span>", 'private.php');
}
Event</b></td>
</tr>
</table>
<?php
// Display any errors.
if (is_array($aError)) {
DisplayErrors($aError);
} else {
if ($_REQUEST['submit'] == 'Preview Event') {
// Make a copy of the event information, so we can parse
// it for the preview, yet still have the original.
$strParsedInfo = $aEventInfo['body'];
// Put [email] tags around suspected e-mail addresses if they want us to.
if ($aEventInfo['parseemails']) {
$strParsedInfo = ParseEMails($strParsedInfo);
}
// Parse any BB code in the message.
$strParsedInfo = ParseMessage($strParsedInfo, $aEventInfo['dsmilies']);
?>
<br />
<table bgcolor="<?php
echo $CFG['style']['table']['bgcolor'];
?>
" cellspacing="1" cellpadding="4" border="0" align="center">
<tr class="heading">
<td colspan="2" align="center" class="medium"><?php
echo htmlsanitize($aEventInfo['title']);
?>
$bParseURLs = (bool) $_REQUEST['parseurls'];
$bParseEMails = (bool) $_REQUEST['parseemails'];
$bDisableSmilies = (bool) $_REQUEST['dsmilies'];
$bSaveCopy = (bool) $_REQUEST['savecopy'];
$bTrack = (bool) $_REQUEST['track'];
// Did we preview or submit?
if (is_array($aError)) {
// We submitted and got an error, so display that.
DisplayErrors($aError);
} else {
// Make a copy of the message, so we can parse it for the
// preview, yet still have the original.
$strParsedMessage = $strMessage;
// Put [email] tags around suspected e-mail addresses if they want us to.
if ($bParseEMails) {
$strParsedMessage = ParseEMails($strParsedMessage);
}
// Parse any BB code in the message.
$strParsedMessage = ParseMessage($strParsedMessage, $bDisableSmilies);
?>
<br /><table width="100%" cellpadding="4" cellspacing="1" border="0" bgcolor="<?php
echo $CFG['style']['table']['bgcolor'];
?>
" align="center">
<tr class="heading"><td align="left" class="smaller">Message Preview</td></tr>
<tr><td bgcolor="<?php
echo $CFG['style']['table']['cella'];
?>
" class="medium"><?php
echo $strParsedMessage;
function SubmitPost()
{
global $CFG, $dbConn, $aPostIcons, $iThreadID, $iForumID;
// Get the values from the user.
$strSubject = $_REQUEST['subject'];
$iPostIcon = (int) $_REQUEST['icon'];
$strMessage = $_REQUEST['message'];
$bParseEMails = (int) (bool) $_REQUEST['parseemails'];
$bDisableSmilies = (int) (bool) $_REQUEST['dsmilies'];
// Floodcheck
if (!$_SESSION['permissions']['cbypassflood'] && $_SESSION['lastpost'] + $CFG['floodcheck'] > $CFG['globaltime']) {
Msg("Sorry! The administrator has specified that users can only post one message every {$CFG['floodcheck']} seconds.", '', 'justify');
}
// Subject
if (strlen($strSubject) > $CFG['maxlen']['subject']) {
// The subject they specified is too long.
$aError[] = "The subject you specified is longer than {$CFG['maxlen']['subject']} characters.";
}
$strCleanSubject = $dbConn->sanitize($strSubject);
// Icon
if ($iPostIcon < 0 || $iPostIcon > count($aPostIcons) - 1) {
// They don't know what icon they want. We'll give them none.
$iPostIcon = 0;
}
// Message
if (trim($strMessage) == '') {
// They either put in only whitespace or nothing at all.
$aError[] = 'You must specify a message.';
} else {
if (strlen($strMessage) > $CFG['maxlen']['messagebody']) {
// The message they specified is too long.
$aError[] = "The message you specified is longer than {$CFG['maxlen']['messagebody']} characters.";
}
}
if ($bParseEMails) {
$strMessage = ParseEMails($strMessage);
}
$strCleanMessage = $dbConn->sanitize($strMessage);
// Attachment
if (isset($_FILES['attachment']) && $_FILES['attachment']['error'] != UPLOAD_ERR_NO_FILE) {
// What is the problem?
switch ($_FILES['attachment']['error']) {
// Upload was successful?
case UPLOAD_ERR_OK:
// Is it bigger than 100KB?
if ($_FILES['attachment']['size'] > $CFG['uploads']['maxsize']) {
$aError[] = "The attachment you uploaded is too large. The maximum allowable filesize is {$CFG['uploads']['maxsize']} bytes.";
}
// Is it an invalid filetype?
if (!isset($CFG['uploads']['oktypes'][strtolower(substr(strrchr($_FILES['attachment']['name'], '.'), 1))])) {
$aError[] = 'The file you uploaded is an invalid type of attachment. Valid types are: ' . htmlsanitize(implode(', ', array_keys($CFG['uploads']['oktypes']))) . '.';
}
// If there are no errors, grab the data from the temporary file.
if (!is_array($aError)) {
$strAttachmentName = $dbConn->sanitize($_FILES['attachment']['name']);
if ($fileUploaded = fopen($_FILES['attachment']['tmp_name'], 'rb')) {
$blobAttachment = $dbConn->sanitize(fread($fileUploaded, 65536), TRUE);
} else {
$aError[] = 'There was a problem while reading the attachment. If this problem persists, please contact the Webmaster.';
}
}
break;
// File is too big?
// File is too big?
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$aError[] = "The attachment you uploaded is too large. The maximum allowable filesize is {$CFG['uploads']['maxsize']} bytes.";
break;
// File was partially uploaded?
// File was partially uploaded?
case UPLOAD_ERR_PARTIAL:
$aError[] = 'The attachment was only partially uploaded.';
break;
// WTF happened?
// WTF happened?
default:
$aError[] = 'There was an error while uploading the attachment.';
break;
}
}
// If there was an error, let's return it.
if (is_array($aError)) {
return $aError;
}
// First we obviously need the post in the post table.
$dbConn->query("INSERT INTO post(author, datetime_posted, title, body, parent, ipaddress, icon, dsmilies) VALUES({$_SESSION['userid']}, {$CFG['globaltime']}, '{$strCleanSubject}', '{$strCleanMessage}', {$iThreadID}, {$_SESSION['userip']}, {$iPostIcon}, {$bDisableSmilies})");
// Before we continue, get the ID of the post we just created.
$iPostID = $dbConn->getinsertid('post');
// Second, we need to update record of the thread we are posting to.
$dbConn->query("UPDATE thread SET lpost={$CFG['globaltime']}, lposter={$_SESSION['userid']}, postcount=postcount+1 WHERE id={$iThreadID}");
// Get the post count of the thread we replied to, so we can figure the last page.
$dbConn->query("SELECT postcount FROM thread WHERE id={$iThreadID}");
list($iPostCount) = $dbConn->getresult();
// Third, we need to update the record of the forum that contains the thread we are posting to.
$dbConn->query("UPDATE board SET postcount=postcount+1, lpost={$CFG['globaltime']}, lposter={$_SESSION['userid']}, lthread={$iThreadID}, lthreadpcount={$iPostCount} WHERE id={$iForumID}");
// Fourth, we need to update the poster's postcount.
$dbConn->query("UPDATE citizen SET postcount=postcount+1 WHERE id={$_SESSION['userid']}");
// And finally, we need to store the attachment, if there is one.
if ($fileUploaded) {
// Insert the first chunk of the file.
$dbConn->query("INSERT INTO attachment(filename, filedata, viewcount, parent) VALUES('{$strAttachmentName}', '{$blobAttachment}', 0, {$iPostID})");
// Get the ID of the attachment we just created.
$iAttachmentID = $dbConn->getinsertid('attachment');
// Insert the rest of the file, if any, into the database.
while (!feof($fileUploaded)) {
$blobAttachment = $dbConn->sanitize(fread($fileUploaded, 65536), TRUE);
$dbConn->squery(CONCAT_ATTACHMENT, $blobAttachment, $iAttachmentID);
}
// Close the temporary file.
fclose($fileUploaded);
// Update the attachment count for the thread.
$dbConn->query("UPDATE thread SET attachcount=attachcount+1 WHERE id={$iThreadID}");
}
// Now let's add the message into the search engine index.
AddSearchIndex($iPostID, $strSubject, $strMessage);
// Update the forum stats.
$dbConn->query("UPDATE stats SET content=content+1 WHERE name='postcount'");
// Set user's last post time.
$_SESSION['lastpost'] = $CFG['globaltime'];
// What page is this new post on (so we can redirect them)?
$iPage = ceil($iPostCount / $_SESSION['postsperpage']);
// Render the page.
Msg("<b>Thank you for posting.</b><br /><br /><span class=\"smaller\">You should be redirected to your post momentarily. Click <a href=\"thread.php?threadid={$iThreadID}&page={$iPage}#post{$iPostID}\">here</a> if you do not want to wait any longer or if you are not redirected.</span>", "thread.php?threadid={$iThreadID}&page={$iPage}#post{$iPostID}");
}
