function xthreads_upload_attachments_global() { //if($mybb->request_method == 'post' && ($current_page == 'newthread.php' || ($current_page == 'editpost.php' && $mybb->input['action'] != 'deletepost')) // the above line is always checked and true global $mybb, $current_page, $thread; if ($current_page == 'editpost.php') { // check if first post $pid = (int) $mybb->input['pid']; if (!$thread) { $post = get_post($pid); if (!empty($post)) { $thread = get_thread($post['tid']); } if (empty($thread)) { return; } $pid = $post['pid']; } if ($thread['firstpost'] != $pid) { return; } } elseif ($mybb->input['tid']) { /* ($mybb->input['action'] == 'editdraft' || $mybb->input['action'] == 'savedraft') && */ $thread = get_thread((int) $mybb->input['tid']); if ($thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) { // ensure that this is, indeed, a draft unset($GLOBALS['thread']); } } // permissions check - ideally, should get MyBB to do this, but I see no easy way to implement it unfortunately if ($mybb->user['suspendposting'] == 1) { return; } if ($thread['fid']) { $fid = $thread['fid']; } else { $fid = (int) $mybb->input['fid']; } $forum = get_forum($fid); if (!$forum['fid'] || $forum['open'] == 0 || $forum['type'] != 'f') { return; } $forumpermissions = forum_permissions($fid); if ($forumpermissions['canview'] == 0) { return; } if ($current_page == 'newthread.php' && $forumpermissions['canpostthreads'] == 0) { return; } elseif ($current_page == 'editpost.php') { if (!is_moderator($fid, 'caneditposts')) { if ($thread['closed'] == 1 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $thread['uid']) { return; } if ($mybb->settings['edittimelimit'] != 0 && $thread['dateline'] < TIME_NOW - $mybb->settings['edittimelimit'] * 60) { return; } } } if (!verify_post_check($mybb->input['my_post_key'], true)) { return; } check_forum_password($forum['fid']); xthreads_upload_attachments(); }
function get_announcement_func($xmlrpc_params) { global $db, $lang, $mybb, $position, $plugins, $pids, $groupscache; $input = Tapatalk_Input::filterXmlInput(array('topic_id' => Tapatalk_Input::STRING, 'start_num' => Tapatalk_Input::INT, 'last_num' => Tapatalk_Input::INT, 'return_html' => Tapatalk_Input::INT), $xmlrpc_params); $parser = new Tapatalk_Parser(); // Load global language phrases $lang->load("announcements"); $aid = intval($_GET['aid']); // Get announcement fid $query = $db->simple_select("announcements", "fid", "aid='{$aid}'"); $announcement = $db->fetch_array($query); $plugins->run_hooks("announcements_start"); if (!$announcement) { error($lang->error_invalidannouncement); } // Get forum info $fid = $announcement['fid']; if ($fid > 0) { $forum = get_forum($fid); if (!$forum) { error($lang->error_invalidforum); } // Make navigation build_forum_breadcrumb($forum['fid']); // Permissions $forumpermissions = forum_permissions($forum['fid']); if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) { error_no_permission(); } // Check if this forum is password protected and we have a valid password check_forum_password($forum['fid']); } add_breadcrumb($lang->nav_announcements); $archive_url = build_archive_link("announcement", $aid); // Get announcement info $time = TIME_NOW; $query = $db->query("\n\t\tSELECT u.*, u.username AS userusername, a.*, f.*\n\t\tFROM " . TABLE_PREFIX . "announcements a\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=a.uid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfields f ON (f.ufid=u.uid)\n\t\tWHERE a.startdate<='{$time}' AND (a.enddate>='{$time}' OR a.enddate='0') AND a.aid='{$aid}'\n\t"); $announcementarray = $db->fetch_array($query); if (!$announcementarray) { error($lang->error_invalidannouncement); } // Gather usergroup data from the cache // Field => Array Key $data_key = array('title' => 'grouptitle', 'usertitle' => 'groupusertitle', 'stars' => 'groupstars', 'starimage' => 'groupstarimage', 'image' => 'groupimage', 'namestyle' => 'namestyle', 'usereputationsystem' => 'usereputationsystem'); foreach ($data_key as $field => $key) { $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field]; } $announcementarray['dateline'] = $announcementarray['startdate']; $announcementarray['userusername'] = $announcementarray['username']; $announcement = build_postbit($announcementarray, 3); $announcementarray['subject'] = $parser->parse_badwords($announcementarray['subject']); $lang->forum_announcement = $lang->sprintf($lang->forum_announcement, htmlspecialchars_uni($announcementarray['subject'])); if ($announcementarray['startdate'] > $mybb->user['lastvisit']) { $setcookie = true; if (isset($mybb->cookies['mybb']['announcements']) && is_scalar($mybb->cookies['mybb']['announcements'])) { $cookie = my_unserialize(stripslashes($mybb->cookies['mybb']['announcements'])); if (isset($cookie[$announcementarray['aid']])) { $setcookie = false; } } if ($setcookie) { my_set_array_cookie('announcements', $announcementarray['aid'], $announcementarray['startdate'], -1); } } $user_info = get_user($announcementarray['aid']); $icon_url = absolute_url($user_info['avatar']); // prepare xmlrpc return $xmlrpc_post = new xmlrpcval(array('topic_id' => new xmlrpcval('ann_' . $announcementarray['aid']), 'post_title' => new xmlrpcval(basic_clean($announcementarray['subject']), 'base64'), 'post_content' => new xmlrpcval(process_post($announcementarray['message'], $input['return_html']), 'base64'), 'post_author_id' => new xmlrpcval($announcementarray['uid']), 'post_author_name' => new xmlrpcval(basic_clean($announcementarray['username']), 'base64'), 'user_type' => new xmlrpcval(check_return_user_type($announcementarray['username']), 'base64'), 'icon_url' => new xmlrpcval(absolute_url($icon_url)), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($announcementarray['dateline']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($announcementarray['dateline'], 'string')), 'struct'); $result = array('total_post_num' => new xmlrpcval(1, 'int'), 'can_reply' => new xmlrpcval(false, 'boolean'), 'can_subscribe' => new xmlrpcval(false, 'boolean'), 'posts' => new xmlrpcval(array($xmlrpc_post), 'array')); return new xmlrpcresp(new xmlrpcval($result, 'struct')); }
// Fetch the post from the database. $post = get_post($mybb->get_input('pid', MyBB::INPUT_INT)); // No result, die. if (!$post) { xmlhttp_error($lang->post_doesnt_exist); } // Fetch the thread associated with this post. $thread = get_thread($post['tid']); // Fetch the specific forum this thread/post is in. $forum = get_forum($thread['fid']); // Missing thread, invalid forum? Error. if (!$thread || !$forum || $forum['type'] != "f") { xmlhttp_error($lang->thread_doesnt_exist); } // Check if this forum is password protected and we have a valid password if (check_forum_password($forum['fid'], 0, true)) { xmlhttp_error($lang->wrong_forum_password); } // Fetch forum permissions. $forumpermissions = forum_permissions($forum['fid']); $plugins->run_hooks("xmlhttp_edit_post_start"); // If this user is not a moderator with "caneditposts" permissions. if (!is_moderator($forum['fid'], "caneditposts")) { // Thread is closed - no editing allowed. if ($thread['closed'] == 1) { xmlhttp_error($lang->thread_closed_edit_message); } else { if ($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1) { xmlhttp_error($lang->no_permission_edit_post); } else { if ($mybb->usergroup['edittimelimit'] != 0 && $post['dateline'] < TIME_NOW - $mybb->usergroup['edittimelimit'] * 60) {
function m_delete_post_func($xmlrpc_params) { global $input, $post, $thread, $forum, $pid, $tid, $fid, $modlogdata, $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $moderation, $parser; $input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::INT, 'mode' => Tapatalk_Input::INT, 'reason_text' => Tapatalk_Input::STRING), $xmlrpc_params); // Load global language phrases $lang->load("editpost"); $plugins->run_hooks("editpost_start"); // No permission for guests if (!$mybb->user['uid']) { error_no_permission(); } // Get post info $pid = intval($input['post_id']); $query = $db->simple_select("posts", "*", "pid='{$pid}'"); $post = $db->fetch_array($query); if (!$post['pid']) { error($lang->error_invalidpost); } // Get thread info $tid = $post['tid']; $thread = get_thread($tid); if (!$thread['tid']) { error($lang->error_invalidthread); } // Get forum info $fid = $post['fid']; $forum = get_forum($fid); if (!$forum || $forum['type'] != "f") { error($lang->error_closedinvalidforum); } if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) { error_no_permission(); } $forumpermissions = forum_permissions($fid); if (!is_moderator($fid, "candeleteposts")) { if ($thread['closed'] == 1) { error($lang->redirect_threadclosed); } if ($forumpermissions['candeleteposts'] == 0) { error_no_permission(); } if ($mybb->user['uid'] != $post['uid']) { error_no_permission(); } } // Check if this forum is password protected and we have a valid password check_forum_password($forum['fid']); $plugins->run_hooks("editpost_deletepost"); $modlogdata['fid'] = $fid; $modlogdata['tid'] = $tid; $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc")); $firstcheck = $db->fetch_array($query); if ($firstcheck['pid'] == $pid) { if ($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads")) { delete_thread($tid); mark_reports($tid, "thread"); log_moderator_action($modlogdata, $lang->thread_deleted); } else { error_no_permission(); } } else { if ($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts")) { // Select the first post before this delete_post($pid, $tid); mark_reports($pid, "post"); log_moderator_action($modlogdata, $lang->post_deleted); } else { error_no_permission(); } } $response = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'is_login_mod' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval("", 'base64')), 'struct'); return new xmlrpcresp($response); }
function subscribe_forum_func($xmlrpc_params) { global $db, $user, $config, $auth; $user->setup('viewforum'); $params = php_xmlrpc_decode($xmlrpc_params); $forum_id = intval($params[0]); if (!$forum_id) { trigger_error('NO_FORUM'); } $user_id = $user->data['user_id']; $sql_from = FORUMS_TABLE . ' f'; $lastread_select = ''; // Grab appropriate forum data if ($config['load_db_lastread'] && $user->data['is_registered']) { $sql_from .= ' LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id)'; $lastread_select .= ', ft.mark_time'; } if ($user->data['is_registered']) { $sql_from .= ' LEFT JOIN ' . FORUMS_WATCH_TABLE . ' fw ON (fw.forum_id = f.forum_id AND fw.user_id = ' . $user->data['user_id'] . ')'; $lastread_select .= ', fw.notify_status'; } $sql = "SELECT f.* {$lastread_select}\n FROM {$sql_from}\n WHERE f.forum_id = {$forum_id}"; $result = $db->sql_query($sql); $forum_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$forum_data) { trigger_error('NO_FORUM'); } // Permissions check if (!$auth->acl_gets('f_list', 'f_read', $forum_id) || $forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link'] && !$auth->acl_get('f_read', $forum_id)) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('SORRY_AUTH_READ'); } trigger_error('LOGIN_VIEWFORUM'); } // Forum is passworded ... check whether access has been granted to this // user this session, if not show login box if ($forum_data['forum_password'] && !check_forum_password($forum_id)) { trigger_error('LOGIN_FORUM'); } // Is this forum a link? ... User got here either because the // number of clicks is being tracked or they guessed the id if ($forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link']) { trigger_error('NO_FORUM'); } // Not postable forum or showing active topics? if (!($forum_data['forum_type'] == FORUM_POST || $forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS && $forum_data['forum_type'] == FORUM_CAT)) { trigger_error('NO_FORUM'); } // Ok, if someone has only list-access, we only display the forum list. // We also make this circumstance available to the template in case we want to display a notice. ;) if (!$auth->acl_get('f_read', $forum_id)) { trigger_error('SORRY_AUTH_READ'); } if (($config['email_enable'] || $config['jab_enable']) && $config['allow_forum_notify'] && $forum_data['forum_type'] == FORUM_POST && $auth->acl_get('f_subscribe', $forum_id)) { $notify_status = isset($forum_data['notify_status']) ? $forum_data['notify_status'] : 'unset'; $table_sql = FORUMS_WATCH_TABLE; $where_sql = 'forum_id'; $match_id = $forum_id; // Is user watching this thread? if ($user_id != ANONYMOUS) { if ($notify_status == 'unset') { $sql = "SELECT notify_status\n FROM {$table_sql}\n WHERE {$where_sql} = {$match_id}\n AND user_id = {$user_id}"; $result = $db->sql_query($sql); $notify_status = ($row = $db->sql_fetchrow($result)) ? $row['notify_status'] : NULL; $db->sql_freeresult($result); } if (!is_null($notify_status) && $notify_status !== '') { if ($notify_status) { $sql = 'UPDATE ' . $table_sql . "\n SET notify_status = 0\n WHERE {$where_sql} = {$match_id}\n AND user_id = {$user_id}"; $db->sql_query($sql); } } else { $sql = 'INSERT INTO ' . $table_sql . " (user_id, {$where_sql}, notify_status)\n VALUES ({$user_id}, {$match_id}, 0)"; $db->sql_query($sql); } $s_result = true; } else { trigger_error('LOGIN_VIEWFORUM'); } } else { $s_result = false; } $response = new xmlrpcval(array('result' => new xmlrpcval($s_result, 'boolean'), 'result_text' => new xmlrpcval($s_result ? '' : 'Subscribe failed', 'base64')), 'struct'); return new xmlrpcresp($response); }
function get_topic_func($xmlrpc_params) { global $db, $auth, $user, $config; $user->setup('viewforum'); $params = php_xmlrpc_decode($xmlrpc_params); list($start, $limit) = process_page($params[1], $params[2]); // get forum id from parameters $forum_id = intval($params[0]); if (!$forum_id) { trigger_error('NO_FORUM'); } // check if need sticky/announce topic only $topic_type = ''; if (isset($params[3])) { // check if need sticky topic only if ($params[3] == 'TOP') { $topic_type = POST_STICKY; $start = 0; $limit = 20; } else { if ($params[3] == 'ANN') { $topic_type = POST_ANNOUNCE . ', ' . POST_GLOBAL; $start = 0; $limit = 20; } } } // $default_sort_days = (!empty($user->data['user_topic_show_days'])) ? $user->data['user_topic_show_days'] : 0; // $default_sort_key = (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'; // $default_sort_dir = (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'; // // $sort_days = request_var('st', $default_sort_days); // default to get all topic // $sort_key = request_var('sk', $default_sort_key); // default sort by last post time // $sort_dir = request_var('sd', $default_sort_dir); // default sort as DESC $sort_days = 0; $sort_key = 't'; $sort_dir = 'd'; //------- Grab appropriate forum data -------- $sql = "SELECT f.* FROM " . FORUMS_TABLE . " f WHERE f.forum_id = {$forum_id}"; $result = $db->sql_query($sql); $forum_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); // Forum does not exist if (!$forum_data) { trigger_error('NO_FORUM'); } // Can not get topics from link forum if ($forum_data['forum_type'] == FORUM_LINK) { trigger_error('NO_FORUM'); } // Permissions check if (!$auth->acl_gets('f_list', 'f_read', $forum_id) || $forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link'] && !$auth->acl_get('f_read', $forum_id)) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('SORRY_AUTH_READ'); } trigger_error('LOGIN_VIEWFORUM'); } // Forum is passworded if ($forum_data['forum_password'] && !check_forum_password($forum_id)) { trigger_error('LOGIN_FORUM'); } if (!$auth->acl_get('f_read', $forum_id)) { trigger_error('NO_READ_ACCESS'); } // Topic ordering options $sort_by_sql = array('a' => 't.topic_first_poster_name', 't' => 't.topic_last_post_time', 'r' => 't.topic_replies', 's' => 't.topic_title', 'v' => 't.topic_views'); // Limit topics to certain time frame, obtain correct topic count // global announcements must not be counted, normal announcements have to // be counted, as forum_topics(_real) includes them $sql_approved = $auth->acl_get('m_approve', $forum_id) ? '' : ' AND t.topic_approved = 1 '; // Get all shadow topics in this forum $sql = 'SELECT t.topic_moved_id, t.topic_id FROM ' . TOPICS_TABLE . ' t WHERE t.forum_id = ' . $forum_id . ' AND t.topic_type IN (' . POST_NORMAL . ', ' . POST_STICKY . ', ' . POST_ANNOUNCE . ', ' . POST_GLOBAL . ') AND t.topic_status = ' . ITEM_MOVED . ' ' . $sql_approved; $result = $db->sql_query($sql); $shadow_topic_list = array(); while ($row = $db->sql_fetchrow($result)) { $shadow_topic_list[$row['topic_moved_id']] = $row['topic_id']; } $db->sql_freeresult($result); // Pick out those shadow topics that the user has no permission to access if (!empty($shadow_topic_list)) { $sql = 'SELECT t.topic_id, t.forum_id FROM ' . TOPICS_TABLE . ' t WHERE ' . $db->sql_in_set('t.topic_id', array_keys($shadow_topic_list)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if ($auth->acl_get('f_read', $row['forum_id'])) { unset($shadow_topic_list[$row['topic_id']]); } } $db->sql_freeresult($result); } // Grab all topic data $topic_list = array(); $sql_limit = $limit; // num of topics needs to be return, default is 20, at most 50 $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); $sql_shadow_out = empty($shadow_topic_list) ? '' : 'AND ' . $db->sql_in_set('t.topic_moved_id', $shadow_topic_list, true); // If the user is trying to reach late pages, start searching from the end $store_reverse = false; $unread_sticky_num = $unread_announce_count = 0; //get subscribe users $user_watch_row = array(); $sql = 'SELECT * FROM ' . TOPICS_WATCH_TABLE . ' WHERE user_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $user_watch_row[$row['topic_id']] = $row['notify_status']; } $db->sql_freeresult($result); if (!empty($topic_type)) { $sql = 'SELECT t.*, u.user_avatar, u.user_avatar_type,bm.topic_id as bookmarked FROM ' . TOPICS_TABLE . ' t LEFT JOIN ' . USERS_TABLE . ' u ON (t.topic_poster = u.user_id) LEFT JOIN ' . BOOKMARKS_TABLE . ' bm ON (bm.user_id = ' . $user->data['user_id'] . ' AND t.topic_id = bm.topic_id) WHERE t.forum_id IN (' . $forum_id . ', 0) AND t.topic_type IN (' . $topic_type . ') ' . $sql_shadow_out . ' ' . $sql_approved . ' ORDER BY ' . $sql_sort_order; $result = $db->sql_query_limit($sql, $sql_limit, $start); } else { if ($user->data['user_id'] != ANONYMOUS) { // get total number of unread sticky topics number $sql = 'SELECT t.topic_id, t.topic_last_post_time FROM ' . TOPICS_TABLE . ' t WHERE t.forum_id = ' . $forum_id . ' AND t.topic_type = ' . POST_STICKY . ' ' . $sql_shadow_out . ' ' . $sql_approved; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (empty($forum_id) || empty($row['topic_id'])) { continue; } $topic_tracking = get_complete_topic_tracking($forum_id, $row['topic_id']); if (isset($topic_tracking[$row['topic_id']]) && $topic_tracking[$row['topic_id']] < $row['topic_last_post_time']) { $unread_sticky_num++; } } $db->sql_freeresult($result); // get total number of unread announce topics number $sql = 'SELECT t.topic_id, t.topic_last_post_time FROM ' . TOPICS_TABLE . ' t WHERE t.forum_id IN (' . $forum_id . ', 0) AND t.topic_type IN (' . POST_ANNOUNCE . ', ' . POST_GLOBAL . ') ' . $sql_shadow_out . ' ' . $sql_approved; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (empty($forum_id) || empty($row['topic_id'])) { continue; } $topic_tracking = get_complete_topic_tracking($forum_id, $row['topic_id']); if (isset($topic_tracking[$row['topic_id']]) && $topic_tracking[$row['topic_id']] < $row['topic_last_post_time']) { $unread_announce_count++; } } $db->sql_freeresult($result); } // get total number of normal topics $sql = 'SELECT count(t.topic_id) AS num_topics FROM ' . TOPICS_TABLE . ' t WHERE t.forum_id = ' . $forum_id . ' AND t.topic_type = ' . POST_NORMAL . ' ' . $sql_shadow_out . ' ' . $sql_approved; $result = $db->sql_query($sql); $topics_count = (int) $db->sql_fetchfield('num_topics'); $db->sql_freeresult($result); if ($start > $topics_count / 2) { $store_reverse = true; if ($start + $sql_limit > $topics_count) { $sql_limit = min($sql_limit, max(1, $topics_count - $start)); } // Select the sort order $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'ASC' : 'DESC'); $start = max(0, $topics_count - $sql_limit - $start); } $sql = 'SELECT t.*, u.user_avatar, u.user_avatar_type,bm.topic_id as bookmarked FROM ' . TOPICS_TABLE . ' t LEFT JOIN ' . USERS_TABLE . ' u ON (t.topic_poster = u.user_id) LEFT JOIN ' . BOOKMARKS_TABLE . ' bm ON (bm.user_id = ' . $user->data['user_id'] . ' AND t.topic_id = bm.topic_id) WHERE t.forum_id = ' . $forum_id . ' AND t.topic_type = ' . POST_NORMAL . ' ' . $sql_shadow_out . ' ' . $sql_approved . ' ORDER BY ' . $sql_sort_order; $result = $db->sql_query_limit($sql, $sql_limit, $start); } $tids = array(); $rowset = array(); while ($row = $db->sql_fetchrow($result)) { $rowset[] = $row; $tids[] = $row['topic_moved_id'] ? $row['topic_moved_id'] : $row['topic_id']; } $db->sql_freeresult($result); // get participated users of each topic // get_participated_user_avatars($tids); // global $topic_users, $user_avatar; $topic_list = array(); foreach ($rowset as $row) { $replies = $auth->acl_get('m_approve', $forum_id) ? $row['topic_replies_real'] : $row['topic_replies']; $short_content = get_short_content($row['topic_first_post_id']); $user_avatar_url = get_user_avatar_url($row['user_avatar'], $row['user_avatar_type']); $new_post = false; if ($user->data['user_id'] != ANONYMOUS) { if (empty($forum_id) || empty($row['topic_id'])) { continue; } $topic_tracking = get_complete_topic_tracking($forum_id, $row['topic_id']); $new_post = $topic_tracking[$row['topic_id']] < $row['topic_last_post_time'] ? true : false; } $allow_change_type = $auth->acl_get('m_', $forum_id) || $user->data['is_registered'] && $user->data['user_id'] == $row['topic_poster'] ? true : false; $topic_id = $row['topic_moved_id'] ? $row['topic_moved_id'] : $row['topic_id']; // $icon_urls = array(); // foreach($topic_users[$topic_id] as $posterid){ // $icon_urls[] = new xmlrpcval($user_avatar[$posterid], 'string'); // } $can_rename = $user->data['is_registered'] && ($auth->acl_get('m_edit', $forum_id) || $user->data['user_id'] == $row['topic_poster'] && $auth->acl_get('f_edit', $forum_id) && ($row['topic_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time'])); $xmlrpc_topic = new xmlrpcval(array('forum_id' => new xmlrpcval($forum_id), 'topic_id' => new xmlrpcval($row['topic_moved_id'] ? $row['topic_moved_id'] : $row['topic_id']), 'topic_title' => new xmlrpcval(html_entity_decode(strip_tags(censor_text($row['topic_title'])), ENT_QUOTES, 'UTF-8'), 'base64'), 'topic_author_id' => new xmlrpcval($row['topic_first_post_id'], 'string'), 'topic_author_name' => new xmlrpcval(html_entity_decode($row['topic_first_poster_name']), 'base64'), 'last_reply_time' => new xmlrpcval(mobiquo_iso8601_encode($row['topic_last_post_time']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($row['topic_last_post_time'], 'string'), 'reply_number' => new xmlrpcval($replies, 'int'), 'view_number' => new xmlrpcval($row['topic_views'], 'int'), 'short_content' => new xmlrpcval($short_content, 'base64'), 'new_post' => new xmlrpcval($new_post, 'boolean'), 'icon_url' => new xmlrpcval($user_avatar_url), 'attachment' => new xmlrpcval($auth->acl_get('u_download') && $auth->acl_get('f_download', $forum_id) && $row['topic_attachment'] ? 1 : 0, 'string'), 'can_delete' => new xmlrpcval($auth->acl_get('m_delete', $forum_id), 'boolean'), 'can_move' => new xmlrpcval($auth->acl_get('m_move', $forum_id), 'boolean'), 'can_subscribe' => new xmlrpcval(($config['email_enable'] || $config['jab_enable']) && $config['allow_topic_notify'] && $user->data['is_registered'], 'boolean'), 'is_subscribed' => new xmlrpcval(isset($user_watch_row[$topic_id]) ? true : false, 'boolean'), 'can_close' => new xmlrpcval($auth->acl_get('m_lock', $forum_id) || $auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $row['topic_poster'], 'boolean'), 'is_closed' => new xmlrpcval($row['topic_status'] == ITEM_LOCKED, 'boolean'), 'can_stick' => new xmlrpcval($allow_change_type && $auth->acl_get('f_sticky', $forum_id), 'boolean'), 'is_sticky' => new xmlrpcval($row['topic_type'] == POST_STICKY, 'boolean'), 'can_approve' => new xmlrpcval($auth->acl_get('m_approve', $forum_id) && !$row['topic_approved'], 'boolean'), 'is_approved' => new xmlrpcval($row['topic_approved'] ? true : false, 'boolean'), 'can_rename' => new xmlrpcval($can_rename, 'boolean')), 'struct'); $topic_list[] = $xmlrpc_topic; unset($xmlrpc_topic); } if ($store_reverse) { $topic_list = array_reverse($topic_list); } if (!empty($topic_type)) { $topic_num = count($topic_list); } else { $topic_num = $topics_count; } $allowed = $config['max_attachments'] && $auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && $config['allow_attachments'] && @ini_get('file_uploads') != '0' && strtolower(@ini_get('file_uploads')) != 'off'; $max_attachment = $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id) ? 99 : ($allowed ? $config['max_attachments'] : 0); $max_png_size = $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id) ? 10485760 : ($allowed ? $config['max_filesize'] === '0' ? 10485760 : $config['max_filesize'] : 0); $max_jpg_size = $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id) ? 10485760 : ($allowed ? $config['max_filesize'] === '0' ? 10485760 : $config['max_filesize'] : 0); $read_only_forums = explode(",", $config['tapatalk_forum_read_only']); $can_post = true; if (empty($read_only_forums) || !is_array($read_only_forums)) { $read_only_forums = array(); } if (!$auth->acl_get('f_post', $forum_id) || in_array($forum_id, $read_only_forums)) { $can_post = false; } $response = new xmlrpcval(array('total_topic_num' => new xmlrpcval($topic_num, 'int'), 'unread_sticky_count' => new xmlrpcval($unread_sticky_num, 'int'), 'unread_announce_count' => new xmlrpcval($unread_announce_count, 'int'), 'forum_id' => new xmlrpcval($forum_id, 'string'), 'forum_name' => new xmlrpcval(html_entity_decode($forum_data['forum_name']), 'base64'), 'can_post' => new xmlrpcval($can_post, 'boolean'), 'can_upload' => new xmlrpcval($allowed, 'boolean'), 'max_attachment' => new xmlrpcval($max_attachment, 'int'), 'max_png_size' => new xmlrpcval($max_png_size, 'int'), 'max_jpg_size' => new xmlrpcval($max_jpg_size, 'int'), 'topics' => new xmlrpcval($topic_list, 'array')), 'struct'); return new xmlrpcresp($response); }
/** * Check the password given on a certain forum for validity * * @param int The forum ID * @param boolean The Parent ID */ function check_forum_password($fid, $pid = 0) { global $mybb, $header, $footer, $headerinclude, $theme, $templates, $lang, $forum_cache; $showform = true; if (!is_array($forum_cache)) { $forum_cache = cache_forums(); if (!$forum_cache) { return false; } } // Loop through each of parent forums to ensure we have a password for them too $parents = explode(',', $forum_cache[$fid]['parentlist']); rsort($parents); if (!empty($parents)) { foreach ($parents as $parent_id) { if ($parent_id == $fid || $parent_id == $pid) { continue; } if ($forum_cache[$parent_id]['password'] != "") { check_forum_password($parent_id, $fid); } } } $password = $forum_cache[$fid]['password']; if ($password) { if ($mybb->input['pwverify'] && $pid == 0) { if ($password == $mybb->input['pwverify']) { my_setcookie("forumpass[{$fid}]", md5($mybb->user['uid'] . $mybb->input['pwverify']), null, true); $showform = false; } else { eval("\$pwnote = \"" . $templates->get("forumdisplay_password_wrongpass") . "\";"); $showform = true; } } else { if (!$mybb->cookies['forumpass'][$fid] || $mybb->cookies['forumpass'][$fid] && md5($mybb->user['uid'] . $password) != $mybb->cookies['forumpass'][$fid]) { $showform = true; } else { $showform = false; } } } else { $showform = false; } if ($showform) { if ($pid) { header("Location: " . $mybb->settings['bburl'] . "/" . get_forum_link($fid)); } else { $_SERVER['REQUEST_URI'] = htmlspecialchars_uni($_SERVER['REQUEST_URI']); eval("\$pwform = \"" . $templates->get("forumdisplay_password") . "\";"); output_page($pwform); } exit; } }
} $threadinfo = thread_info($_REQUEST['id']); if (!$threadinfo['threadid'] || $threadinfo['del']) { message($apx->lang->get('MSG_THREADNOTEXIST')); } $foruminfo = forum_info($threadinfo['forumid']); if (!$foruminfo['forumid']) { message($apx->lang->get('MSG_FORUMNOTEXIST')); } if (!forum_access_read($foruminfo)) { tmessage('noright', array(), false, false); } if (!forum_access_post($foruminfo, $threadinfo)) { tmessage('noright', array(), false, false); } check_forum_password($foruminfo); ////////////////////////////////////////////////////////////////////////////////////////// POST ERSTELLEN //Vorschau generieren if ($_POST['preview']) { $preview = $_POST['text']; if ($_POST['transform_links']) { $preview = transform_urls($preview); } $preview = forum_replace($preview, $_POST['allowcodes'], $_POST['allowsmilies']); $apx->tmpl->assign('PREVIEW', $preview); } elseif ($_POST['send']) { //Captcha prüfen if ($set['forum']['captcha'] && !$user->info['userid']) { require BASEDIR . 'lib/class.captcha.php'; $captcha = new captcha(); $captchafailed = $captcha->check();
// Setup look and feel $user->setup('viewtopic', $topic_data['forum_style']); if (!$topic_data['topic_approved'] && !$auth->acl_get('m_approve', $forum_id)) { trigger_error('NO_TOPIC'); } // Start auth check (tapatalk add: avoid permission check for global announcement topic) if (!$auth->acl_get('f_read', $forum_id) && $topic_data['topic_type'] != POST_GLOBAL) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('SORRY_AUTH_READ'); } trigger_error('LOGIN_VIEWFORUM'); //login_box('', $user->lang['LOGIN_VIEWFORUM']); } // Forum is passworded ... check whether access has been granted to this // user this session, if not show login box if ($topic_data['forum_password'] && !check_forum_password($forum_id)) { trigger_error('LOGIN_FORUM'); //login_forum_box($topic_data); } /* // Redirect to login or to the correct post upon emailed notification links if (isset($_GET['e'])) { $jump_to = request_var('e', 0); $redirect_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id"); if ($user->data['user_id'] == ANONYMOUS) { trigger_error('LOGIN_NOTIFY_TOPIC'); //login_box($redirect_url . "&p=$post_id&e=$jump_to", $user->lang['LOGIN_NOTIFY_TOPIC']);
$bgcolor = "trow1"; if ($mybb->settings['subforumsindex'] != 0) { $showdepth = 3; } else { $showdepth = 2; } $subforums = ''; $child_forums = build_forumbits($fid, 2); $forums = $child_forums['forum_list']; if ($forums) { $lang->sub_forums_in = $lang->sprintf($lang->sub_forums_in, $foruminfo['name']); eval("\$subforums = \"" . $templates->get("forumdisplay_subforums") . "\";"); } $excols = "forumdisplay"; // Password protected forums check_forum_password($foruminfo['fid']); if ($foruminfo['linkto']) { header("Location: {$foruminfo['linkto']}"); exit; } // Make forum jump... if ($mybb->settings['enableforumjump'] != 0) { $forumjump = build_forum_jump("", $fid, 1); } if ($foruminfo['type'] == "f" && $foruminfo['open'] != 0 && $fpermissions['canpostthreads'] != 0 && $mybb->user['suspendposting'] == 0) { eval("\$newthread = \"" . $templates->get("forumdisplay_newthread") . "\";"); } if ($fpermissions['cansearch'] != 0 && $foruminfo['type'] == "f") { eval("\$searchforum = \"" . $templates->get("forumdisplay_searchforum") . "\";"); } // Gather forum stats
function remove_attachment_func($xmlrpc_params) { global $db, $auth, $user, $config, $phpbb_root_path, $phpEx; $user->setup('posting'); if (!$user->data['is_registered']) { trigger_error('LOGIN_EXPLAIN_POST'); } $params = php_xmlrpc_decode($xmlrpc_params); include $phpbb_root_path . 'includes/functions_posting.' . $phpEx; include $phpbb_root_path . 'includes/message_parser.' . $phpEx; // get parameters $attachment_id = isset($params[0]) ? intval($params[0]) : trigger_error('Attachment not exists'); $forum_id = isset($params[1]) ? intval($params[1]) : trigger_error('NO_FORUM'); $group_id = isset($params[2]) ? $params[2] : ''; $post_id = isset($params[3]) ? intval($params[3]) : ''; $_POST['attachment_data'] = $group_id ? unserialize(base64_decode($group_id)) : array(); // Forum does not exist if (!$forum_id) { trigger_error('NO_FORUM'); } $sql = "SELECT f.* FROM " . FORUMS_TABLE . " f WHERE f.forum_id = {$forum_id}"; $result = $db->sql_query($sql); $forum_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$forum_data) { trigger_error('NO_FORUM'); } if ($forum_data['forum_password'] && !check_forum_password($forum_id)) { trigger_error('LOGIN_FORUM'); } if (!$auth->acl_gets('f_read', $forum_id)) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('USER_CANNOT_READ'); } trigger_error('LOGIN_EXPLAIN_POST'); } // Is the user able to post within this forum? if ($forum_data['forum_type'] != FORUM_POST) { trigger_error('USER_CANNOT_FORUM_POST'); } // Check permissions if ($user->data['is_bot'] || !$auth->acl_get('f_attach', $forum_id) || !$auth->acl_get('u_attach') || !$config['allow_attachments'] || @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off') { trigger_error('NOT_AUTHORISED'); } if (!$auth->acl_get('f_post', $forum_id) && !$auth->acl_gets('f_edit', 'm_edit', $forum_id) && !$auth->acl_get('f_reply', $forum_id)) { trigger_error('USER_CANNOT_POST'); } global $warn_msg; $position = ''; foreach ($_POST['attachment_data'] as $pos => $data) { if ($data['attach_id'] == $attachment_id) { $position = $pos; break; } } if ($position === '') { $warn_msg = 'Attachment not exists'; } else { $_POST['delete_file'][$position] = 'Delete file'; $_REQUEST['delete_file'][$position] = 'Delete file'; $message_parser = new parse_message(); $message_parser->get_submitted_attachment_data(); $message_parser->parse_attachments('fileupload', 'post', $forum_id, false, false, true); $group_id = base64_encode(serialize($message_parser->attachment_data)); $warn_msg = join("\n", $message_parser->warn_msg); } $xmlrpc_result = new xmlrpcval(array('result' => new xmlrpcval($warn_msg ? false : true, 'boolean'), 'result_text' => new xmlrpcval(strip_tags($warn_msg), 'base64'), 'group_id' => new xmlrpcval($group_id)), 'struct'); return new xmlrpcresp($xmlrpc_result); }
function m_rename_topic_func($xmlrpc_params) { global $db, $auth, $user, $config, $template, $cache, $phpEx, $phpbb_root_path, $phpbb_home; $user->setup('posting'); include $phpbb_root_path . 'includes/message_parser.' . $phpEx; $params = php_xmlrpc_decode($xmlrpc_params); $submit = true; $preview = false; $refresh = false; $mode = 'edit'; // get topic information from parameters $topic_id = intval($params[0]); $post_title = $db->sql_escape(trim($params[1])); //$post_content = $params[2]; $GLOBALS['return_html'] = isset($params[3]) ? $params[3] : false; $sql = 'SELECT * FROM ' . POSTS_TABLE . ' WHERE topic_id = ' . $topic_id . ' ORDER BY post_time ASC'; $result = $db->sql_query_limit($sql, 1); $first_post_data = $db->sql_fetchrow($result); $post_id = $first_post_data['post_id']; if (empty($post_id)) { trigger_error('NO_POST'); } $post_data = array(); $sql = 'SELECT p.*, t.*, f.*, u.username FROM ' . POSTS_TABLE . ' p LEFT JOIN ' . TOPICS_TABLE . ' t ON (p.topic_id = t.topic_id) LEFT JOIN ' . FORUMS_TABLE . ' f ON (t.forum_id = f.forum_id OR (t.topic_type = ' . POST_GLOBAL . ' AND f.forum_type = ' . FORUM_POST . ')) LEFT JOIN ' . USERS_TABLE . ' u ON (p.poster_id = u.user_id)' . "\r\r\n WHERE p.post_id = {$post_id}"; $result = $db->sql_query_limit($sql, 1); $post_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$post_data) { trigger_error('NO_POST'); } // Use post_row values in favor of submitted ones... $forum_id = (int) $post_data['forum_id']; $topic_id = (int) $post_data['topic_id']; $post_id = (int) $post_id; // Need to login to passworded forum first? if ($post_data['forum_password'] && !check_forum_password($forum_id)) { trigger_error('LOGIN_FORUM'); } // Is the user able to read within this forum? if (!$auth->acl_get('f_read', $forum_id)) { trigger_error('USER_CANNOT_READ'); } // Permission to do the action asked? if (!($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))) { trigger_error('USER_CANNOT_EDIT'); } // Forum/Topic locked? if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) { trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED'); } // Can we edit this post ... if we're a moderator with rights then always yes // else it depends on editing times, lock status and if we're the correct user if (!$auth->acl_get('m_edit', $forum_id)) { if ($user->data['user_id'] != $post_data['poster_id']) { trigger_error('USER_CANNOT_EDIT'); } if (!($post_data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time'])) { trigger_error('CANNOT_EDIT_TIME'); } if ($post_data['post_edit_locked']) { trigger_error('CANNOT_EDIT_POST_LOCKED'); } } if (empty($post_title)) { trigger_error('EMPTY_SUBJECT'); } $sql = "UPDATE " . TOPICS_TABLE . " SET topic_title = '{$post_title}' WHERE topic_id = '{$topic_id}' "; $db->sql_query($sql); $sql = "UPDATE " . POSTS_TABLE . " SET post_subject = '{$post_title}' WHERE post_id = '{$post_id}'"; $db->sql_query($sql); $xmlrpc_reply_topic = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'is_login_mod' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval("", 'base64')), 'struct'); return new xmlrpcresp($xmlrpc_reply_topic); }
} $sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u\r\r\n WHERE p.post_id = {$post_id}\r\r\n AND t.topic_id = p.topic_id\r\r\n AND u.user_id = p.poster_id\r\r\n AND (f.forum_id = t.forum_id\r\r\n OR f.forum_id = {$forum_id})" . ($auth->acl_get('m_approve', $forum_id) ? '' : 'AND p.post_approved = 1'); $result = $db->sql_query($sql); $post_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$post_data) { $user->setup('posting'); trigger_error('NO_POST'); } $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']); // Use post_row values in favor of submitted ones... $forum_id = !empty($post_data['forum_id']) ? (int) $post_data['forum_id'] : (int) $forum_id; $topic_id = !empty($post_data['topic_id']) ? (int) $post_data['topic_id'] : (int) $topic_id; $post_id = !empty($post_data['post_id']) ? (int) $post_data['post_id'] : (int) $post_id; if ($post_data['forum_password'] && !check_forum_password($forum_id)) { trigger_error('LOGIN_FORUM'); } // Check permissions if ($user->data['is_bot'] || $user->data['user_id'] == ANONYMOUS) { trigger_error('USER_CANNOT_DELETE'); } // Is the user able to read within this forum? if (!$auth->acl_get('f_read', $forum_id)) { trigger_error('USER_CANNOT_READ'); } if (!$user->data['is_registered'] || !$auth->acl_gets('f_delete', 'm_delete', $forum_id)) { trigger_error('USER_CANNOT_DELETE'); } // Forum/Topic locked? if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) {
function save_raw_post_func($xmlrpc_params) { global $db, $auth, $user, $config, $template, $cache, $phpEx, $phpbb_root_path, $phpbb_home; $user->setup('posting'); include $phpbb_root_path . 'includes/message_parser.' . $phpEx; $params = php_xmlrpc_decode($xmlrpc_params); $submit = true; $preview = false; $refresh = false; $mode = 'edit'; // get post information from parameters $post_id = intval($params[0]); $post_title = $params[1]; $post_content = $params[2]; $GLOBALS['return_html'] = isset($params[3]) ? $params[3] : false; $post_data = array(); $sql = 'SELECT p.*, t.*, f.*, u.username FROM ' . POSTS_TABLE . ' p LEFT JOIN ' . TOPICS_TABLE . ' t ON (p.topic_id = t.topic_id) LEFT JOIN ' . FORUMS_TABLE . ' f ON (t.forum_id = f.forum_id OR (t.topic_type = ' . POST_GLOBAL . ' AND f.forum_type = ' . FORUM_POST . ')) LEFT JOIN ' . USERS_TABLE . ' u ON (p.poster_id = u.user_id)' . "\r\r\n WHERE p.post_id = {$post_id}"; $result = $db->sql_query_limit($sql, 1); $post_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$post_data) { trigger_error('NO_POST'); } // Use post_row values in favor of submitted ones... $forum_id = (int) $post_data['forum_id']; $topic_id = (int) $post_data['topic_id']; $post_id = (int) $post_id; // Need to login to passworded forum first? if ($post_data['forum_password'] && !check_forum_password($forum_id)) { trigger_error('LOGIN_FORUM'); } // Is the user able to read within this forum? if (!$auth->acl_get('f_read', $forum_id)) { trigger_error('USER_CANNOT_READ'); } // Permission to do the action asked? if (!($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))) { trigger_error('USER_CANNOT_EDIT'); } // Forum/Topic locked? if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) { trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED'); } // Can we edit this post ... if we're a moderator with rights then always yes // else it depends on editing times, lock status and if we're the correct user if (!$auth->acl_get('m_edit', $forum_id)) { if ($user->data['user_id'] != $post_data['poster_id']) { trigger_error('USER_CANNOT_EDIT'); } if (!($post_data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time'])) { trigger_error('CANNOT_EDIT_TIME'); } if ($post_data['post_edit_locked']) { trigger_error('CANNOT_EDIT_POST_LOCKED'); } } // Determine some vars if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS) { $post_data['quote_username'] = !empty($post_data['post_username']) ? $post_data['post_username'] : $user->lang['GUEST']; } else { $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : ''; } $post_data['post_edit_locked'] = isset($post_data['post_edit_locked']) ? (int) $post_data['post_edit_locked'] : 0; $post_data['post_subject'] = in_array($mode, array('quote', 'edit')) ? $post_data['post_subject'] : (isset($post_data['topic_title']) ? $post_data['topic_title'] : ''); $post_data['topic_time_limit'] = isset($post_data['topic_time_limit']) ? $post_data['topic_time_limit'] ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit'] : 0; $post_data['poll_length'] = !empty($post_data['poll_length']) ? (int) $post_data['poll_length'] / 86400 : 0; $post_data['poll_start'] = !empty($post_data['poll_start']) ? (int) $post_data['poll_start'] : 0; $post_data['icon_id'] = !isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply')) ? 0 : (int) $post_data['icon_id']; $post_data['poll_options'] = array(); // Get Poll Data if ($post_data['poll_start']) { $sql = 'SELECT poll_option_text FROM ' . POLL_OPTIONS_TABLE . "\r\r\n WHERE topic_id = {$topic_id}\r\r\n ORDER BY poll_option_id"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $post_data['poll_options'][] = trim($row['poll_option_text']); } $db->sql_freeresult($result); } $orig_poll_options_size = sizeof($post_data['poll_options']); $message_parser = new parse_message(); if (isset($post_data['post_text'])) { $message_parser->message =& $post_data['post_text']; unset($post_data['post_text']); } // Set some default variables $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0); foreach ($uninit as $var_name => $default_value) { if (!isset($post_data[$var_name])) { $post_data[$var_name] = $default_value; } } unset($uninit); // Always check if the submitted attachment data is valid and belongs to the user. // Further down (especially in submit_post()) we do not check this again. $message_parser->get_submitted_attachment_data($post_data['poster_id']); if ($post_data['post_attachment'] && !$refresh && !$preview && $mode == 'edit') { // Do not change to SELECT * $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename FROM ' . ATTACHMENTS_TABLE . "\r\r\n WHERE post_msg_id = {$post_id}\r\r\n AND in_message = 0\r\r\n AND is_orphan = 0\r\r\n ORDER BY filetime DESC"; $result = $db->sql_query($sql); $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result)); $db->sql_freeresult($result); } if ($post_data['poster_id'] == ANONYMOUS) { $post_data['username'] = $mode == 'quote' || $mode == 'edit' ? trim($post_data['post_username']) : ''; } else { $post_data['username'] = $mode == 'quote' || $mode == 'edit' ? trim($post_data['username']) : ''; } $post_data['enable_urls'] = $post_data['enable_magic_url']; $post_data['enable_magic_url'] = $post_data['drafts'] = false; $check_value = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1); // Check if user is watching this topic /*if ($mode != 'post' && $config['allow_topic_notify'] && $user->data['is_registered']) { $sql = 'SELECT topic_id FROM ' . TOPICS_WATCH_TABLE . ' WHERE topic_id = ' . $topic_id . ' AND user_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id'); $db->sql_freeresult($result); }*/ // Do we want to edit our post ? if ($post_data['bbcode_uid']) { $message_parser->bbcode_uid = $post_data['bbcode_uid']; } // HTML, BBCode, Smilies, Images and Flash status $bbcode_status = $config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id) ? true : false; $smilies_status = $bbcode_status && $config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id) ? true : false; $img_status = $bbcode_status && $auth->acl_get('f_img', $forum_id) ? true : false; $url_status = $config['allow_post_links'] ? true : false; $flash_status = $bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash'] ? true : false; $quote_status = $auth->acl_get('f_reply', $forum_id) ? true : false; $solved_captcha = false; $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0); $post_data['post_subject'] = utf8_normalize_nfc($post_title); $message_parser->message = utf8_normalize_nfc(htmlspecialchars($post_content)); $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true)); $post_data['post_edit_reason'] = !empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id) ? utf8_normalize_nfc(request_var('edit_reason', '', true)) : ''; $post_data['orig_topic_type'] = $post_data['topic_type']; $post_data['topic_type'] = request_var('topic_type', $mode != 'post' ? (int) $post_data['topic_type'] : POST_NORMAL); $post_data['topic_time_limit'] = request_var('topic_time_limit', $mode != 'post' ? (int) $post_data['topic_time_limit'] : 0); $post_data['icon_id'] = request_var('icon', 0); $post_data['enable_bbcode'] = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true; $post_data['enable_smilies'] = !$smilies_status || isset($_POST['disable_smilies']) ? false : true; $post_data['enable_urls'] = isset($_POST['disable_magic_url']) ? 0 : 1; $post_data['enable_sig'] = !$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig') ? false : ($user->data['is_registered'] ? true : false); if ($config['allow_topic_notify'] && $user->data['is_registered']) { $notify = isset($_POST['notify']) ? true : false; } else { $notify = false; } $topic_lock = isset($_POST['lock_topic']) ? true : $post_data['topic_status']; $post_lock = isset($_POST['lock_post']) ? true : $post_data['post_edit_locked']; $poll_delete = isset($_POST['poll_delete']) ? true : false; $status_switch = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1); $status_switch = $status_switch != $check_value; //$post_data['poll_title'] = utf8_normalize_nfc(request_var('poll_title', '', true)); //$post_data['poll_length'] = request_var('poll_length', 0); //$post_data['poll_option_text'] = utf8_normalize_nfc(request_var('poll_option_text', '', true)); $post_data['poll_option_text'] = implode("\n", $post_data['poll_options']); //$post_data['poll_max_options'] = request_var('poll_max_options', 1); //$post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0; // Parse Attachments - before checksum is calculated $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); // Grab md5 'checksum' of new message $message_md5 = md5($message_parser->message); // Check checksum ... don't re-parse message if the same $update_message = $mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN ? true : false; // Parse message if ($update_message) { if (sizeof($message_parser->warn_msg)) { trigger_error(join("\n", $message_parser->warn_msg)); } $message_parser->parse($post_data['enable_bbcode'], $config['allow_post_links'] ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']); } else { $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield']; } // Validate username if ($post_data['username'] && !$user->data['is_registered'] || $mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; if (($result = validate_username($post_data['username'], !empty($post_data['post_username']) ? $post_data['post_username'] : '')) !== false) { $user->add_lang('ucp'); trigger_error($result . '_USERNAME'); } } // Parse subject if (utf8_clean_string($post_data['post_subject']) === '' && $post_data['topic_first_post_id'] == $post_id) { trigger_error('EMPTY_SUBJECT'); } $post_data['poll_last_vote'] = isset($post_data['poll_last_vote']) ? $post_data['poll_last_vote'] : 0; if ($post_data['poll_option_text'] && $post_id == $post_data['topic_first_post_id'] && $auth->acl_get('f_poll', $forum_id)) { $poll = array('poll_title' => $post_data['poll_title'], 'poll_length' => $post_data['poll_length'], 'poll_max_options' => $post_data['poll_max_options'], 'poll_option_text' => $post_data['poll_option_text'], 'poll_start' => $post_data['poll_start'], 'poll_last_vote' => $post_data['poll_last_vote'], 'poll_vote_change' => $post_data['poll_vote_change'], 'enable_bbcode' => $post_data['enable_bbcode'], 'enable_urls' => $post_data['enable_urls'], 'enable_smilies' => $post_data['enable_smilies'], 'img_status' => $img_status); $message_parser->parse_poll($poll); $post_data['poll_options'] = isset($poll['poll_options']) ? $poll['poll_options'] : ''; $post_data['poll_title'] = isset($poll['poll_title']) ? $poll['poll_title'] : ''; } else { $poll = array(); } // Check topic type if ($post_data['topic_type'] != POST_NORMAL && $post_data['topic_first_post_id'] == $post_id) { switch ($post_data['topic_type']) { case POST_GLOBAL: case POST_ANNOUNCE: $auth_option = 'f_announce'; break; case POST_STICKY: $auth_option = 'f_sticky'; break; default: $auth_option = ''; break; } if (!$auth->acl_get($auth_option, $forum_id)) { // There is a special case where a user edits his post whereby the topic type got changed by an admin/mod. // Another case would be a mod not having sticky permissions for example but edit permissions. // To prevent non-authed users messing around with the topic type we reset it to the original one. $post_data['topic_type'] = $post_data['orig_topic_type']; } } // DNSBL check if ($config['check_dnsbl']) { if (($dnsbl = $user->check_dnsbl('post')) !== false) { trigger_error(sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1])); } } // Check if we want to de-globalize the topic... and ask for new forum if ($post_data['topic_type'] != POST_GLOBAL) { $sql = 'SELECT topic_type, forum_id FROM ' . TOPICS_TABLE . "\r\r\n WHERE topic_id = {$topic_id}"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row && !$row['forum_id'] && $row['topic_type'] == POST_GLOBAL) { $to_forum_id = request_var('to_forum_id', 0); if ($to_forum_id) { $sql = 'SELECT forum_type FROM ' . FORUMS_TABLE . ' WHERE forum_id = ' . $to_forum_id; $result = $db->sql_query($sql); $forum_type = (int) $db->sql_fetchfield('forum_type'); $db->sql_freeresult($result); if ($forum_type != FORUM_POST || !$auth->acl_get('f_post', $to_forum_id)) { $to_forum_id = 0; } } if (!$to_forum_id) { include_once $phpbb_root_path . 'includes/functions_admin.' . $phpEx; $template->assign_vars(array('S_FORUM_SELECT' => make_forum_select(false, false, false, true, true, true), 'S_UNGLOBALISE' => true)); $submit = false; $refresh = true; } else { if (!$auth->acl_get('f_post', $to_forum_id)) { // This will only be triggered if the user tried to trick the forum. trigger_error('NOT_AUTHORISED'); } $forum_id = $to_forum_id; } } } // Lock/Unlock Topic $change_topic_status = $post_data['topic_status']; $perm_lock_unlock = $auth->acl_get('m_lock', $forum_id) || $auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED ? true : false; if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock) { $change_topic_status = ITEM_UNLOCKED; } else { if ($post_data['topic_status'] == ITEM_UNLOCKED && $topic_lock && $perm_lock_unlock) { $change_topic_status = ITEM_LOCKED; } } if ($change_topic_status != $post_data['topic_status']) { $sql = 'UPDATE ' . TOPICS_TABLE . "\r\r\n SET topic_status = {$change_topic_status}\r\r\n WHERE topic_id = {$topic_id}\r\r\n AND topic_moved_id = 0"; $db->sql_query($sql); $user_lock = $auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $post_data['topic_poster'] ? 'USER_' : ''; add_log('mod', $forum_id, $topic_id, 'LOG_' . $user_lock . ($change_topic_status == ITEM_LOCKED ? 'LOCK' : 'UNLOCK'), $post_data['topic_title']); } // Lock/Unlock Post Edit if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_LOCKED && !$post_lock && $auth->acl_get('m_edit', $forum_id)) { $post_data['post_edit_locked'] = ITEM_UNLOCKED; } else { if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_UNLOCKED && $post_lock && $auth->acl_get('m_edit', $forum_id)) { $post_data['post_edit_locked'] = ITEM_LOCKED; } } $data = array('topic_title' => empty($post_data['topic_title']) ? $post_data['post_subject'] : $post_data['topic_title'], 'topic_first_post_id' => isset($post_data['topic_first_post_id']) ? (int) $post_data['topic_first_post_id'] : 0, 'topic_last_post_id' => isset($post_data['topic_last_post_id']) ? (int) $post_data['topic_last_post_id'] : 0, 'topic_time_limit' => (int) $post_data['topic_time_limit'], 'topic_attachment' => isset($post_data['topic_attachment']) ? (int) $post_data['topic_attachment'] : 0, 'post_id' => (int) $post_id, 'topic_id' => (int) $topic_id, 'forum_id' => (int) $forum_id, 'icon_id' => (int) $post_data['icon_id'], 'poster_id' => (int) $post_data['poster_id'], 'enable_sig' => (bool) $post_data['enable_sig'], 'enable_bbcode' => (bool) $post_data['enable_bbcode'], 'enable_smilies' => (bool) $post_data['enable_smilies'], 'enable_urls' => (bool) $post_data['enable_urls'], 'enable_indexing' => (bool) $post_data['enable_indexing'], 'message_md5' => (string) $message_md5, 'post_time' => isset($post_data['post_time']) ? (int) $post_data['post_time'] : time(), 'post_checksum' => isset($post_data['post_checksum']) ? (string) $post_data['post_checksum'] : '', 'post_edit_reason' => $post_data['post_edit_reason'], 'post_edit_user' => $mode == 'edit' ? $user->data['user_id'] : (isset($post_data['post_edit_user']) ? (int) $post_data['post_edit_user'] : 0), 'forum_parents' => $post_data['forum_parents'], 'forum_name' => $post_data['forum_name'], 'notify' => $notify, 'poster_ip' => isset($post_data['poster_ip']) ? $post_data['poster_ip'] : $user->ip, 'post_edit_locked' => (int) $post_data['post_edit_locked'], 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'attachment_data' => $message_parser->attachment_data, 'filename_data' => $message_parser->filename_data, 'topic_approved' => isset($post_data['topic_approved']) ? $post_data['topic_approved'] : false, 'post_approved' => isset($post_data['post_approved']) ? $post_data['post_approved'] : false); $data['topic_replies_real'] = $post_data['topic_replies_real']; $data['topic_replies'] = $post_data['topic_replies']; include $phpbb_root_path . 'includes/functions_posting.' . $phpEx; $cwd = getcwd(); chdir('../'); $redirect_url = submit_post($mode, $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message); chdir($cwd); // Check the permissions for post approval, as well as the queue trigger where users are put on approval with a post count lower than specified. Moderators are not affected. $approved = true; if (($config['enable_queue_trigger'] && $user->data['user_posts'] < $config['queue_trigger_posts'] || !$auth->acl_get('f_noapprove', $data['forum_id'])) && !$auth->acl_get('m_approve', $data['forum_id'])) { $approved = false; } $reply_success = false; $post_id = ''; if ($redirect_url) { preg_match('/&p=(\\d+)/', $redirect_url, $matches); $post_id = $matches[1]; $reply_success = true; // get new post_content $message = censor_text($data['message']); $quote_wrote_string = $user->lang['WROTE']; $message = str_replace('[/quote:' . $data['bbcode_uid'] . ']', '[/quote]', $message); $message = preg_replace('/\\[quote(?:="(.*?)")?:' . $data['bbcode_uid'] . '\\]/ise', "'[quote]' . ('\$1' ? '\$1' . ' {$quote_wrote_string}:\n' : '\n')", $message); $blocks = preg_split('/(\\[\\/?quote\\])/i', $message, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE); $quote_level = 0; $message = ''; foreach ($blocks as $block) { if ($block == '[quote]') { if ($quote_level == 0) { $message .= $block; } $quote_level++; } else { if ($block == '[/quote]') { if ($quote_level <= 1) { $message .= $block; } if ($quote_level >= 1) { $quote_level--; } } else { if ($quote_level <= 1) { $message .= $block; } } } } $message = preg_replace('/\\[(youtube|video|googlevideo|gvideo):' . $data['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $data['bbcode_uid'] . '\\]/sie', "video_bbcode_format('\$1', '\$2')", $message); $message = preg_replace('/\\[(BBvideo)[\\d, ]+:' . $row['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $row['bbcode_uid'] . '\\]/si', "[url=\$2]YouTube Video[/url]", $message); $message = preg_replace('/\\[(spoil|spoiler):' . $row['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $row['bbcode_uid'] . '\\]/si', "[spoiler]\$2[/spoiler]", $message); $message = preg_replace('/\\[b:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/b:' . $data['bbcode_uid'] . '\\]/si', '[b]$1[/b]', $message); $message = preg_replace('/\\[i:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/i:' . $data['bbcode_uid'] . '\\]/si', '[i]$1[/i]', $message); $message = preg_replace('/\\[u:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/u:' . $data['bbcode_uid'] . '\\]/si', '[u]$1[/u]', $message); $message = preg_replace('/\\[color=#(\\w{6}):' . $data['bbcode_uid'] . '\\](.*?)\\[\\/color:' . $data['bbcode_uid'] . '\\]/si', '[color=#$1]$2[/color]', $message); // Second parse bbcode here if ($data['bbcode_bitfield']) { $bbcode = new bbcode(base64_encode($data['bbcode_bitfield'])); $bbcode->bbcode_second_pass($message, $data['bbcode_uid'], $data['bbcode_bitfield']); } $message = bbcode_nl2br($message); $message = smiley_text($message); if (!empty($data['attachment_data'])) { parse_attachments($forum_id, $message, $data['attachment_data'], $update_count); } $updated_post_title = html_entity_decode(strip_tags(censor_text($data['topic_title'])), ENT_QUOTES, 'UTF-8'); } $xmlrpc_reply_topic = new xmlrpcval(array('result' => new xmlrpcval($reply_success, 'boolean'), 'state' => new xmlrpcval($approved ? 0 : 1, 'int'), 'post_title' => new xmlrpcval($updated_post_title, 'base64'), 'post_content' => new xmlrpcval(post_html_clean($message), 'base64')), 'struct'); return new xmlrpcresp($xmlrpc_reply_topic); }
function replyban_run() { global $db, $mybb, $lang, $templates, $theme, $headerinclude, $header, $footer, $replyban, $moderation; $lang->load("replyban"); if ($mybb->input['action'] != "replyban" && $mybb->input['action'] != "do_replyban" && $mybb->input['action'] != "liftreplyban") { return; } if ($mybb->input['action'] == "replyban") { $tid = $mybb->get_input('tid', MyBB::INPUT_INT); $thread = get_thread($tid); if (!is_moderator($thread['fid'], "canmanagethreads")) { error_no_permission(); } if (!$thread['tid']) { error($lang->error_invalidthread); } $thread['subject'] = htmlspecialchars_uni($thread['subject']); $lang->reply_bans_for = $lang->sprintf($lang->reply_bans_for, $thread['subject']); check_forum_password($thread['fid']); build_forum_breadcrumb($thread['fid']); add_breadcrumb($thread['subject'], get_thread_link($thread['tid'])); add_breadcrumb($lang->reply_bans); $query = $db->query("\r\n\t\t\tSELECT r.*, u.username\r\n\t\t\tFROM " . TABLE_PREFIX . "replybans r\r\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (r.uid=u.uid)\r\n\t\t\tWHERE r.tid='{$thread['tid']}'\r\n\t\t\tORDER BY r.dateline DESC\r\n\t\t"); while ($ban = $db->fetch_array($query)) { $ban['reason'] = htmlspecialchars_uni($ban['reason']); $ban['username'] = build_profile_link($ban['username'], $ban['uid']); if ($ban['lifted'] == 0) { $ban['lifted'] = $lang->permanent; } else { $ban['lifted'] = my_date('relative', $ban['lifted'], '', 2); } $alt_bg = alt_trow(); eval("\$ban_bit .= \"" . $templates->get("moderation_replyban_bit") . "\";"); } if (!$ban_bit) { eval("\$ban_bit = \"" . $templates->get("moderation_replyban_no_bans") . "\";"); } // Generate the banned times dropdown $liftlist = ''; $bantimes = fetch_ban_times(); foreach ($bantimes as $time => $title) { $selected = ''; if (isset($banned['bantime']) && $banned['bantime'] == $time) { $selected = " selected=\"selected\""; } $thattime = ''; if ($time != '---') { $dateline = TIME_NOW; if (isset($banned['dateline'])) { $dateline = $banned['dateline']; } $thatime = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time, $dateline)); $thattime = " ({$thatime})"; } eval("\$liftlist .= \"" . $templates->get("moderation_replyban_liftlist") . "\";"); } eval("\$replyban = \"" . $templates->get("moderation_replyban") . "\";"); output_page($replyban); } if ($mybb->input['action'] == "do_replyban" && $mybb->request_method == "post") { // Verify incoming POST request verify_post_check($mybb->get_input('my_post_key')); $tid = $mybb->get_input('tid', MyBB::INPUT_INT); $thread = get_thread($tid); if (!is_moderator($thread['fid'], "canmanagethreads")) { error_no_permission(); } if (!$thread['tid']) { error($lang->error_invalidthread); } $user = get_user_by_username($mybb->input['username'], array('fields' => array('username'))); if (!$user['uid']) { error($lang->error_invaliduser); } $mybb->input['reason'] = $mybb->get_input('reason'); if (!trim($mybb->input['reason'])) { error($lang->error_missing_reason); } $query = $db->simple_select('replybans', 'rid', "uid='{$user['uid']}' AND tid='{$thread['tid']}'"); $existingban = $db->fetch_field($query, 'rid'); if ($existingban > 0) { error($lang->error_alreadybanned); } if ($mybb->get_input('liftban') == '---') { $lifted = 0; } else { $lifted = ban_date2timestamp($mybb->get_input('liftban'), 0); } $reason = my_substr($mybb->input['reason'], 0, 240); $insert_array = array('uid' => $user['uid'], 'tid' => $thread['tid'], 'dateline' => TIME_NOW, 'reason' => $db->escape_string($reason), 'lifted' => $db->escape_string($lifted)); $db->insert_query('replybans', $insert_array); log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned); moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_user_banned_replying); } if ($mybb->input['action'] == "liftreplyban") { // Verify incoming POST request verify_post_check($mybb->get_input('my_post_key')); $rid = $mybb->get_input('rid', MyBB::INPUT_INT); $query = $db->simple_select("replybans", "*", "rid='{$rid}'"); $ban = $db->fetch_array($query); if (!$ban['rid']) { error($lang->error_invalidreplyban); } $thread = get_thread($ban['tid']); $user = get_user($ban['uid']); if (!$thread['tid']) { error($lang->error_invalidthread); } if (!is_moderator($thread['fid'], "canmanagethreads")) { error_no_permission(); } $db->delete_query("replybans", "rid='{$ban['rid']}'"); log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned_lifted); moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_reply_ban_lifted); } exit; }
function new_topic_func($xmlrpc_params) { global $db, $auth, $user, $config, $phpbb_root_path, $phpEx, $mobiquo_config; $user->setup('posting'); if (!$user->data['is_registered']) { trigger_error('LOGIN_EXPLAIN_POST'); } $params = php_xmlrpc_decode($xmlrpc_params); // get parameters $forum_id = isset($params[0]) ? intval($params[0]) : ''; $subject = isset($params[1]) ? $params[1] : ''; $text_body = isset($params[2]) ? $params[2] : ''; require_once 'include/emoji.php'; $text_body = emoji_unified_to_names($text_body); $_POST['attachment_data'] = isset($params[5]) && $params[5] ? unserialize(base64_decode($params[5])) : array(); if (!$forum_id) { trigger_error('NO_FORUM'); } if (utf8_clean_string($subject) === '') { trigger_error('EMPTY_SUBJECT'); } if (utf8_clean_string($text_body) === '') { trigger_error('TOO_FEW_CHARS'); } $post_data = array(); $current_time = time(); $sql = 'SELECT * FROM ' . FORUMS_TABLE . " WHERE forum_id = {$forum_id}"; $result = $db->sql_query($sql); $post_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$post_data) { trigger_error('NO_FORUM'); } // Need to login to passworded forum first? if ($post_data['forum_password'] && !check_forum_password($forum_id)) { trigger_error('LOGIN_FORUM'); } // Check permissions if ($user->data['is_bot']) { trigger_error('NOT_AUTHORISED'); } // Is the user able to read and post within this forum? if (!$auth->acl_get('f_read', $forum_id)) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('USER_CANNOT_READ'); } trigger_error('LOGIN_EXPLAIN_POST'); } if (!$auth->acl_get('f_post', $forum_id)) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('USER_CANNOT_POST'); } trigger_error('LOGIN_EXPLAIN_POST'); } // Is the user able to post within this forum? if ($post_data['forum_type'] != FORUM_POST) { trigger_error('USER_CANNOT_FORUM_POST'); } // Forum/Topic locked? if ($post_data['forum_status'] == ITEM_LOCKED && !$auth->acl_get('m_edit', $forum_id)) { trigger_error('FORUM_LOCKED'); } $post_data['quote_username'] = ''; $post_data['post_edit_locked'] = 0; $post_data['post_subject'] = ''; $post_data['topic_time_limit'] = 0; $post_data['poll_length'] = 0; $post_data['poll_start'] = 0; $post_data['icon_id'] = 0; $post_data['poll_options'] = array(); include $phpbb_root_path . 'includes/message_parser.' . $phpEx; $message_parser = new parse_message(); // Set some default variables $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0); foreach ($uninit as $var_name => $default_value) { if (!isset($post_data[$var_name])) { $post_data[$var_name] = $default_value; } } unset($uninit); if ($config['allow_topic_notify'] && $user->data['is_registered']) { $notify = $user->data['user_notify'] ? true : false; } else { $notify = false; } // Always check if the submitted attachment data is valid and belongs to the user. // Further down (especially in submit_post()) we do not check this again. $message_parser->get_submitted_attachment_data($post_data['poster_id']); $post_data['username'] = ''; $post_data['enable_urls'] = $post_data['enable_magic_url']; $post_data['enable_sig'] = $config['allow_sig'] && $user->optionget('attachsig') ? true : false; $post_data['enable_smilies'] = $config['allow_smilies'] && $user->optionget('smilies') ? true : false; $post_data['enable_bbcode'] = $config['allow_bbcode'] && $user->optionget('bbcode') ? true : false; $post_data['enable_urls'] = true; $post_data['enable_magic_url'] = $post_data['drafts'] = false; $check_value = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1); // HTML, BBCode, Smilies, Images and Flash status $bbcode_status = $config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id) ? true : false; $smilies_status = $bbcode_status && $config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id) ? true : false; $img_status = $bbcode_status && $auth->acl_get('f_img', $forum_id) ? true : false; $url_status = $config['allow_post_links'] ? true : false; $flash_status = $bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash'] ? true : false; $quote_status = $auth->acl_get('f_reply', $forum_id) ? true : false; $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0); $post_data['post_subject'] = utf8_normalize_nfc($subject); $message_parser->message = utf8_normalize_nfc(htmlspecialchars($text_body)); $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true)); $post_data['post_edit_reason'] = ''; $post_data['orig_topic_type'] = $post_data['topic_type']; $post_data['topic_type'] = request_var('topic_type', POST_NORMAL); $post_data['topic_time_limit'] = request_var('topic_time_limit', 0); $post_data['icon_id'] = request_var('icon', 0); $post_data['enable_bbcode'] = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true; $post_data['enable_smilies'] = !$smilies_status || isset($_POST['disable_smilies']) ? false : true; $post_data['enable_urls'] = isset($_POST['disable_magic_url']) ? 0 : 1; $post_data['enable_sig'] = !$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig') ? false : ($user->data['is_registered'] ? true : false); $topic_lock = isset($_POST['lock_topic']) ? true : false; $post_lock = isset($_POST['lock_post']) ? true : false; $poll_delete = isset($_POST['poll_delete']) ? true : false; $status_switch = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1); $status_switch = $status_switch != $check_value; $post_data['poll_title'] = utf8_normalize_nfc(request_var('poll_title', '', true)); $post_data['poll_length'] = request_var('poll_length', 0); $post_data['poll_option_text'] = utf8_normalize_nfc(request_var('poll_option_text', '', true)); $post_data['poll_max_options'] = request_var('poll_max_options', 1); $post_data['poll_vote_change'] = $auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change']) ? 1 : 0; // Parse Attachments - before checksum is calculated $message_parser->parse_attachments('fileupload', 'post', $forum_id, true, false, false); // Grab md5 'checksum' of new message $message_md5 = md5($message_parser->message); if (sizeof($message_parser->warn_msg)) { trigger_error(join("\n", $message_parser->warn_msg)); } $message_parser->parse($post_data['enable_bbcode'], $config['allow_post_links'] ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']); if ($config['flood_interval'] && !$auth->acl_get('f_ignoreflood', $forum_id)) { // Flood check $last_post_time = 0; if ($user->data['is_registered']) { $last_post_time = $user->data['user_lastpost_time']; } else { $sql = 'SELECT post_time AS last_post_time FROM ' . POSTS_TABLE . "\r\r\n WHERE poster_ip = '" . $user->ip . "'\r\r\n AND post_time > " . ($current_time - $config['flood_interval']); $result = $db->sql_query_limit($sql, 1); if ($row = $db->sql_fetchrow($result)) { $last_post_time = $row['last_post_time']; } $db->sql_freeresult($result); } if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) { trigger_error('FLOOD_ERROR'); } } // Validate username if ($post_data['username'] && !$user->data['is_registered']) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; if (($result = validate_username($post_data['username'], !empty($post_data['post_username']) ? $post_data['post_username'] : '')) !== false) { $user->add_lang('ucp'); trigger_error($result . '_USERNAME'); } } if (sizeof($message_parser->warn_msg)) { trigger_error(join("\n", $message_parser->warn_msg)); } // DNSBL check if ($config['check_dnsbl'] && $mobiquo_config['check_dnsbl']) { if (($dnsbl = $user->check_dnsbl('post')) !== false) { trigger_error(sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1])); } } // Store message, sync counters $data = array('topic_title' => empty($post_data['topic_title']) ? $post_data['post_subject'] : $post_data['topic_title'], 'topic_first_post_id' => isset($post_data['topic_first_post_id']) ? (int) $post_data['topic_first_post_id'] : 0, 'topic_last_post_id' => isset($post_data['topic_last_post_id']) ? (int) $post_data['topic_last_post_id'] : 0, 'topic_time_limit' => (int) $post_data['topic_time_limit'], 'topic_attachment' => isset($post_data['topic_attachment']) ? (int) $post_data['topic_attachment'] : 0, 'post_id' => 0, 'topic_id' => 0, 'forum_id' => (int) $forum_id, 'icon_id' => (int) $post_data['icon_id'], 'poster_id' => (int) $post_data['poster_id'], 'enable_sig' => (bool) $post_data['enable_sig'], 'enable_bbcode' => (bool) $post_data['enable_bbcode'], 'enable_smilies' => (bool) $post_data['enable_smilies'], 'enable_urls' => (bool) $post_data['enable_urls'], 'enable_indexing' => (bool) $post_data['enable_indexing'], 'message_md5' => (string) $message_md5, 'post_time' => isset($post_data['post_time']) ? (int) $post_data['post_time'] : $current_time, 'post_checksum' => isset($post_data['post_checksum']) ? (string) $post_data['post_checksum'] : '', 'post_edit_reason' => $post_data['post_edit_reason'], 'post_edit_user' => isset($post_data['post_edit_user']) ? (int) $post_data['post_edit_user'] : 0, 'forum_parents' => $post_data['forum_parents'], 'forum_name' => $post_data['forum_name'], 'notify' => $notify, 'notify_set' => $post_data['notify_set'], 'poster_ip' => isset($post_data['poster_ip']) ? $post_data['poster_ip'] : $user->ip, 'post_edit_locked' => (int) $post_data['post_edit_locked'], 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'attachment_data' => $message_parser->attachment_data, 'filename_data' => $message_parser->filename_data, 'topic_approved' => isset($post_data['topic_approved']) ? $post_data['topic_approved'] : false, 'post_approved' => isset($post_data['post_approved']) ? $post_data['post_approved'] : false, 'post_expire_time' => -1, 'topic_status' => 0); $poll = array(); include $phpbb_root_path . 'includes/functions_posting.' . $phpEx; $update_message = true; $cwd = getcwd(); chdir('../'); $phpbb_root_path_tmp = $phpbb_root_path; $phpbb_root_path = './'; $redirect_url = submit_post('post', $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message); chdir($cwd); $phpbb_root_path = $phpbb_root_path_tmp; // Check the permissions for post approval, as well as the queue trigger where users are put on approval with a post count lower than specified. Moderators are not affected. $approved = true; if (($config['enable_queue_trigger'] && $user->data['user_posts'] < $config['queue_trigger_posts'] || !$auth->acl_get('f_noapprove', $data['forum_id'])) && !$auth->acl_get('m_approve', $data['forum_id'])) { $approved = false; } $posted_success = false; $topic_id = ''; if ($redirect_url) { preg_match('/&t=(\\d+)/', $redirect_url, $matches); $topic_id = $matches[1]; $posted_success = true; } $xmlrpc_create_topic = new xmlrpcval(array('result' => new xmlrpcval($posted_success, 'boolean'), 'topic_id' => new xmlrpcval($topic_id), 'state' => new xmlrpcval($approved ? 0 : 1, 'int')), 'struct'); return new xmlrpcresp($xmlrpc_create_topic); }
function get_raw_post_func($xmlrpc_params) { global $db, $auth, $user, $config, $template, $cache, $phpEx, $phpbb_root_path, $phpbb_home; $user->setup('posting'); include $phpbb_root_path . 'includes/message_parser.' . $phpEx; $params = php_xmlrpc_decode($xmlrpc_params); // get post id from parameters $post_id = intval($params[0]); $post_data = array(); $sql = 'SELECT p.*, t.*, f.* FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f\n WHERE p.post_id = {$post_id}\n AND t.topic_id = p.topic_id\n AND (f.forum_id = t.forum_id OR (t.topic_type = " . POST_GLOBAL . ' AND f.forum_type = ' . FORUM_POST . '))'; $result = $db->sql_query_limit($sql, 1); $post_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$post_data) { trigger_error('NO_POST'); } // Use post_row values in favor of submitted ones... $forum_id = (int) $post_data['forum_id']; $topic_id = (int) $post_data['topic_id']; $post_id = (int) $post_id; // Need to login to passworded forum first? if ($post_data['forum_password'] && !check_forum_password($forum_id)) { trigger_error('LOGIN_FORUM'); } // Is the user able to read within this forum? if (!$auth->acl_get('f_read', $forum_id)) { trigger_error('USER_CANNOT_READ'); } // Permission to do the action asked? if (!($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))) { trigger_error('USER_CANNOT_EDIT'); } // Forum/Topic locked? if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) { trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED'); } // Can we edit this post ... if we're a moderator with rights then always yes // else it depends on editing times, lock status and if we're the correct user if (!$auth->acl_get('m_edit', $forum_id)) { if ($user->data['user_id'] != $post_data['poster_id']) { trigger_error('USER_CANNOT_EDIT'); } if (!($post_data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time'])) { trigger_error('CANNOT_EDIT_TIME'); } if ($post_data['post_edit_locked']) { trigger_error('CANNOT_EDIT_POST_LOCKED'); } } $message_parser = new parse_message(); if (isset($post_data['post_text'])) { $message_parser->message =& $post_data['post_text']; unset($post_data['post_text']); } // Do we want to edit our post ? if ($post_data['bbcode_uid']) { $message_parser->bbcode_uid = $post_data['bbcode_uid']; } // Decode text for message display $message_parser->decode_message($post_data['bbcode_uid']); $post_data['post_text'] = $message_parser->message; return new xmlrpcresp(new xmlrpcval(array('post_id' => new xmlrpcval($post_id), 'post_title' => new xmlrpcval(html_entity_decode(strip_tags($post_data['post_subject'])), 'base64'), 'post_content' => new xmlrpcval(html_entity_decode($post_data['post_text']), 'base64')), 'struct')); }
function reply_post_func($xmlrpc_params) { global $db, $auth, $user, $config, $phpbb_root_path, $phpEx, $mobiquo_config, $phpbb_home; require_once 'include/emoji.php'; $user->setup('posting'); if (!$user->data['is_registered']) { trigger_error('LOGIN_EXPLAIN_POST'); } $params = php_xmlrpc_decode($xmlrpc_params); // get parameters $forum_id = isset($params[0]) ? intval($params[0]) : ''; $topic_id = isset($params[1]) ? intval($params[1]) : ''; $subject = isset($params[2]) ? $params[2] : ''; $text_body = isset($params[3]) ? $params[3] : ''; $text_body = emoji_unified_to_names($text_body); $attach_list = isset($params[4]) ? $params[4] : array(); $_POST['attachment_data'] = isset($params[5]) && $params[5] ? unserialize(base64_decode($params[5])) : array(); $GLOBALS['return_html'] = isset($params[6]) ? $params[6] : false; if (!$topic_id) { trigger_error('NO_TOPIC'); } if (utf8_clean_string($text_body) === '') { trigger_error('TOO_FEW_CHARS'); } $post_data = array(); $current_time = time(); // get topic data $sql = 'SELECT * FROM ' . TOPICS_TABLE . ' WHERE topic_id = ' . $topic_id; $result = $db->sql_query($sql); $post_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); // get forum data $sql = 'SELECT * FROM ' . FORUMS_TABLE . "\n WHERE forum_type = " . FORUM_POST . ($post_data['forum_id'] ? "\n AND forum_id = '{$post_data['forum_id']}' " : ''); $result = $db->sql_query_limit($sql, 1); $forum_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); $post_data = array_merge($post_data, $forum_data); if (!$post_data) { trigger_error('NO_TOPIC'); } // Use post_row values in favor of submitted ones... $forum_id = !empty($post_data['forum_id']) ? (int) $post_data['forum_id'] : (int) $forum_id; $topic_id = !empty($post_data['topic_id']) ? (int) $post_data['topic_id'] : (int) $topic_id; // Need to login to passworded forum first? if ($post_data['forum_password'] && !check_forum_password($forum_id)) { trigger_error('LOGIN_FORUM'); } // Check permissions if ($user->data['is_bot']) { trigger_error('NOT_AUTHORISED'); } // Is the user able to read within this forum? if (!$auth->acl_get('f_read', $forum_id)) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('USER_CANNOT_READ'); } trigger_error('LOGIN_EXPLAIN_POST'); } // Permission to do the reply if (!$auth->acl_get('f_reply', $forum_id)) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('USER_CANNOT_REPLY'); } trigger_error('LOGIN_EXPLAIN_POST'); } // Is the user able to post within this forum? if ($post_data['forum_type'] != FORUM_POST) { trigger_error('USER_CANNOT_FORUM_POST'); } // Forum/Topic locked? if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) { trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED'); } $subject = (strpos($subject, 'Re: ') !== 0 ? 'Re: ' : '') . ($subject ? $subject : censor_text($post_data['topic_title'])); $post_data['post_edit_locked'] = isset($post_data['post_edit_locked']) ? (int) $post_data['post_edit_locked'] : 0; $post_data['post_subject'] = isset($post_data['topic_title']) ? $post_data['topic_title'] : ''; $post_data['topic_time_limit'] = isset($post_data['topic_time_limit']) ? $post_data['topic_time_limit'] ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit'] : 0; $post_data['poll_length'] = !empty($post_data['poll_length']) ? (int) $post_data['poll_length'] / 86400 : 0; $post_data['poll_start'] = !empty($post_data['poll_start']) ? (int) $post_data['poll_start'] : 0; $post_data['icon_id'] = 0; $post_data['poll_options'] = array(); // Get Poll Data if ($post_data['poll_start']) { $sql = 'SELECT poll_option_text FROM ' . POLL_OPTIONS_TABLE . "\n WHERE topic_id = {$topic_id}\n ORDER BY poll_option_id"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $post_data['poll_options'][] = trim($row['poll_option_text']); } $db->sql_freeresult($result); } $orig_poll_options_size = sizeof($post_data['poll_options']); include $phpbb_root_path . 'includes/message_parser.' . $phpEx; $message_parser = new parse_message(); // Set some default variables $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0); foreach ($uninit as $var_name => $default_value) { if (!isset($post_data[$var_name])) { $post_data[$var_name] = $default_value; } } unset($uninit); // Always check if the submitted attachment data is valid and belongs to the user. // Further down (especially in submit_post()) we do not check this again. $message_parser->get_submitted_attachment_data($post_data['poster_id']); $post_data['username'] = ''; $post_data['enable_urls'] = $post_data['enable_magic_url']; $post_data['enable_sig'] = $config['allow_sig'] && $user->optionget('attachsig') ? true : false; $post_data['enable_smilies'] = $config['allow_smilies'] && $user->optionget('smilies') ? true : false; $post_data['enable_bbcode'] = $config['allow_bbcode'] && $user->optionget('bbcode') ? true : false; $post_data['enable_urls'] = true; $post_data['enable_magic_url'] = $post_data['drafts'] = false; $check_value = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1); // Check if user is watching this topic if ($config['allow_topic_notify'] && $user->data['is_registered']) { $sql = 'SELECT topic_id FROM ' . TOPICS_WATCH_TABLE . ' WHERE topic_id = ' . $topic_id . ' AND user_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id'); $db->sql_freeresult($result); } // HTML, BBCode, Smilies, Images and Flash status $bbcode_status = $config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id) ? true : false; $smilies_status = $bbcode_status && $config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id) ? true : false; $img_status = $bbcode_status && $auth->acl_get('f_img', $forum_id) ? true : false; $url_status = $config['allow_post_links'] ? true : false; $flash_status = $bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash'] ? true : false; $quote_status = $auth->acl_get('f_reply', $forum_id) ? true : false; $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0); $post_data['post_subject'] = utf8_normalize_nfc($subject); $message_parser->message = utf8_normalize_nfc(htmlspecialchars($text_body)); $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true)); $post_data['post_edit_reason'] = ''; $post_data['orig_topic_type'] = $post_data['topic_type']; $post_data['topic_type'] = request_var('topic_type', (int) $post_data['topic_type']); $post_data['topic_time_limit'] = request_var('topic_time_limit', (int) $post_data['topic_time_limit']); $post_data['icon_id'] = request_var('icon', 0); $post_data['enable_bbcode'] = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true; $post_data['enable_smilies'] = !$smilies_status || isset($_POST['disable_smilies']) ? false : true; $post_data['enable_urls'] = isset($_POST['disable_magic_url']) ? 0 : 1; $post_data['enable_sig'] = !$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig') ? false : ($user->data['is_registered'] ? true : false); if ($config['allow_topic_notify'] && $user->data['is_registered']) { $notify = !$post_data['notify_set'] ? $user->data['user_notify'] : $post_data['notify_set'] ? true : false; } else { $notify = false; } $post_data['poll_title'] = utf8_normalize_nfc(request_var('poll_title', '', true)); $post_data['poll_length'] = request_var('poll_length', 0); $post_data['poll_option_text'] = utf8_normalize_nfc(request_var('poll_option_text', '', true)); $post_data['poll_max_options'] = request_var('poll_max_options', 1); $post_data['poll_vote_change'] = $auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change']) ? 1 : 0; // Parse Attachments - before checksum is calculated $message_parser->parse_attachments('fileupload', 'reply', $forum_id, true, false, false); // Grab md5 'checksum' of new message $message_md5 = md5($message_parser->message); // Check checksum ... don't re-parse message if the same if (sizeof($message_parser->warn_msg)) { trigger_error(join("\n", $message_parser->warn_msg)); } $message_parser->parse($post_data['enable_bbcode'], $config['allow_post_links'] ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']); if ($config['flood_interval'] && !$auth->acl_get('f_ignoreflood', $forum_id)) { // Flood check $last_post_time = 0; if ($user->data['is_registered']) { $last_post_time = $user->data['user_lastpost_time']; } else { $sql = 'SELECT post_time AS last_post_time FROM ' . POSTS_TABLE . "\n WHERE poster_ip = '" . $user->ip . "'\n AND post_time > " . ($current_time - $config['flood_interval']); $result = $db->sql_query_limit($sql, 1); if ($row = $db->sql_fetchrow($result)) { $last_post_time = $row['last_post_time']; } $db->sql_freeresult($result); } if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) { trigger_error('FLOOD_ERROR'); } } // Validate username if ($post_data['username'] && !$user->data['is_registered']) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; if (($result = validate_username($post_data['username'], !empty($post_data['post_username']) ? $post_data['post_username'] : '')) !== false) { $user->add_lang('ucp'); trigger_error($result . '_USERNAME'); } } $post_data['poll_last_vote'] = isset($post_data['poll_last_vote']) ? $post_data['poll_last_vote'] : 0; $poll = array(); // if (sizeof($message_parser->warn_msg)) // { // return get_error(); // } // DNSBL check if ($config['check_dnsbl'] && $mobiquo_config['check_dnsbl']) { if (($dnsbl = $user->check_dnsbl('post')) !== false) { trigger_error(sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1])); } } // Store message, sync counters $data = array('topic_title' => empty($post_data['topic_title']) ? $post_data['post_subject'] : $post_data['topic_title'], 'topic_first_post_id' => isset($post_data['topic_first_post_id']) ? (int) $post_data['topic_first_post_id'] : 0, 'topic_last_post_id' => isset($post_data['topic_last_post_id']) ? (int) $post_data['topic_last_post_id'] : 0, 'topic_time_limit' => (int) $post_data['topic_time_limit'], 'topic_attachment' => isset($post_data['topic_attachment']) ? (int) $post_data['topic_attachment'] : 0, 'post_id' => 0, 'topic_id' => (int) $topic_id, 'forum_id' => (int) $forum_id, 'icon_id' => (int) $post_data['icon_id'], 'poster_id' => (int) $post_data['poster_id'], 'enable_sig' => (bool) $post_data['enable_sig'], 'enable_bbcode' => (bool) $post_data['enable_bbcode'], 'enable_smilies' => (bool) $post_data['enable_smilies'], 'enable_urls' => (bool) $post_data['enable_urls'], 'enable_indexing' => (bool) $post_data['enable_indexing'], 'message_md5' => (string) $message_md5, 'post_time' => isset($post_data['post_time']) ? (int) $post_data['post_time'] : $current_time, 'post_checksum' => isset($post_data['post_checksum']) ? (string) $post_data['post_checksum'] : '', 'post_edit_reason' => $post_data['post_edit_reason'], 'post_edit_user' => isset($post_data['post_edit_user']) ? (int) $post_data['post_edit_user'] : 0, 'forum_parents' => $post_data['forum_parents'], 'forum_name' => $post_data['forum_name'], 'notify' => $notify, 'notify_set' => $post_data['notify_set'], 'poster_ip' => isset($post_data['poster_ip']) ? $post_data['poster_ip'] : $user->ip, 'post_edit_locked' => (int) $post_data['post_edit_locked'], 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'attachment_data' => $message_parser->attachment_data, 'filename_data' => $message_parser->filename_data, 'topic_approved' => isset($post_data['topic_approved']) ? $post_data['topic_approved'] : false, 'post_approved' => isset($post_data['post_approved']) ? $post_data['post_approved'] : false, 'post_expire_time' => -1); include $phpbb_root_path . 'includes/functions_posting.' . $phpEx; $update_message = true; $cwd = getcwd(); chdir('../'); $phpbb_root_path_tmp = $phpbb_root_path; $phpbb_root_path = './'; $redirect_url = submit_post('reply', $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message); chdir($cwd); $phpbb_root_path = $phpbb_root_path_tmp; // Check the permissions for post approval, as well as the queue trigger where users are put on approval with a post count lower than specified. Moderators are not affected. $approved = true; if (($config['enable_queue_trigger'] && $user->data['user_posts'] < $config['queue_trigger_posts'] || !$auth->acl_get('f_noapprove', $data['forum_id'])) && !$auth->acl_get('m_approve', $data['forum_id'])) { $approved = false; } $reply_success = false; $post_id = ''; if ($redirect_url) { preg_match('/&p=(\\d+)/', $redirect_url, $matches); $post_id = $matches[1]; $reply_success = true; // get new post_content $message = censor_text($data['message']); $quote_wrote_string = $user->lang['WROTE']; $message = str_replace('[/quote:' . $data['bbcode_uid'] . ']', '[/quote]', $message); $message = preg_replace('/\\[quote(?:="(.*?)")?:' . $data['bbcode_uid'] . '\\]/ise', "'[quote]' . ('\$1' ? '\$1' . ' {$quote_wrote_string}:\n' : '\n')", $message); $blocks = preg_split('/(\\[\\/?quote\\])/i', $message, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE); $quote_level = 0; $message = ''; foreach ($blocks as $block) { if ($block == '[quote]') { if ($quote_level == 0) { $message .= $block; } $quote_level++; } else { if ($block == '[/quote]') { if ($quote_level <= 1) { $message .= $block; } if ($quote_level >= 1) { $quote_level--; } } else { if ($quote_level <= 1) { $message .= $block; } } } } $message = preg_replace('/\\[(youtube|video|googlevideo|gvideo):' . $data['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $data['bbcode_uid'] . '\\]/sie', "video_bbcode_format('\$1', '\$2')", $message); $message = preg_replace('/\\[(BBvideo)[\\d, ]+:' . $row['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $row['bbcode_uid'] . '\\]/si', "[url=\$2]YouTube Video[/url]", $message); $message = preg_replace('/\\[(spoil|spoiler):' . $row['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $row['bbcode_uid'] . '\\]/si', "[spoiler]\$2[/spoiler]", $message); $message = preg_replace('/\\[b:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/b:' . $data['bbcode_uid'] . '\\]/si', '[b]$1[/b]', $message); $message = preg_replace('/\\[i:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/i:' . $data['bbcode_uid'] . '\\]/si', '[i]$1[/i]', $message); $message = preg_replace('/\\[u:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/u:' . $data['bbcode_uid'] . '\\]/si', '[u]$1[/u]', $message); $message = preg_replace('/\\[color=#(\\w{6}):' . $data['bbcode_uid'] . '\\](.*?)\\[\\/color:' . $data['bbcode_uid'] . '\\]/si', '[color=#$1]$2[/color]', $message); // Second parse bbcode here if ($data['bbcode_bitfield']) { $bbcode = new bbcode(base64_encode($data['bbcode_bitfield'])); $bbcode->bbcode_second_pass($message, $data['bbcode_uid'], $data['bbcode_bitfield']); } $message = bbcode_nl2br($message); $message = smiley_text($message); if (!empty($data['attachment_data'])) { parse_attachments($forum_id, $message, $data['attachment_data'], $update_count); } $updated_post_title = html_entity_decode(strip_tags(censor_text($data['topic_title'])), ENT_QUOTES, 'UTF-8'); $edit_allowed = $auth->acl_get('m_edit', $forum_id) || $auth->acl_get('f_edit', $forum_id) && !$data['post_edit_locked'] && ($data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time']); $delete_allowed = $auth->acl_get('m_delete', $forum_id) || $auth->acl_get('f_delete', $forum_id) && ($data['post_time'] > time() - $config['delete_time'] * 60 || !$config['delete_time']) && !$data['post_edit_locked']; $attachments = array(); if (sizeof($attach_list) && sizeof($data['attachment_data'])) { $sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $db->sql_in_set('attach_id', $attach_list) . ' AND in_message = 0 ORDER BY filetime DESC'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $attachment_by_id[$row['attach_id']] = $row; } $db->sql_freeresult($result); foreach ($data['attachment_data'] as $attachment) { if (preg_match('/<img src=\\".*?(\\/download\\/file.php\\?id=(\\d+).*?)\\"/is', $attachment, $matches)) { $file_url = html_entity_decode($phpbb_home . $matches[1]); $attach_id = $matches[2]; unset($matches); $xmlrpc_attachment = new xmlrpcval(array('filename' => new xmlrpcval($attachment_by_id[$attach_id]['real_filename'], 'base64'), 'filesize' => new xmlrpcval($attachment_by_id[$attach_id]['filesize'], 'int'), 'content_type' => new xmlrpcval('image'), 'thumbnail_url' => new xmlrpcval(''), 'url' => new xmlrpcval($file_url)), 'struct'); $attachments[] = $xmlrpc_attachment; } } } } $xmlrpc_reply_topic = new xmlrpcval(array('result' => new xmlrpcval($reply_success, 'boolean'), 'post_id' => new xmlrpcval($post_id, 'string'), 'state' => new xmlrpcval($approved ? 0 : 1, 'int'), 'post_title' => new xmlrpcval($updated_post_title, 'base64'), 'post_content' => new xmlrpcval(post_html_clean($message), 'base64'), 'post_author_name' => new xmlrpcval(html_entity_decode($user->data['username']), 'base64'), 'is_online' => new xmlrpcval(true, 'boolean'), 'can_edit' => new xmlrpcval($edit_allowed, 'boolean'), 'icon_url' => new xmlrpcval($user->optionget('viewavatars') ? get_user_avatar_url($user->data['user_avatar'], $user->data['user_avatar_type']) : ''), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($current_time), 'dateTime.iso8601'), 'can_delete' => new xmlrpcval($delete_allowed, 'boolean'), 'allow_smilies' => new xmlrpcval($data['enable_smilies'] ? true : false, 'boolean'), 'attachments' => new xmlrpcval($attachments, 'array')), 'struct'); return new xmlrpcresp($xmlrpc_reply_topic); }
$post = get_post($mybb->input['pid']); if (!$post['pid']) { $error = $lang->error_invalidpost; eval("\$report_error = \"" . $templates->get("report_error") . "\";"); output_page($report_error); exit; } $forum = get_forum($post['fid']); if (!$forum) { $error = $lang->error_invalidforum; eval("\$report_error = \"" . $templates->get("report_error") . "\";"); output_page($report_error); exit; } // Password protected forums ......... yhummmmy! check_forum_password($forum['parentlist']); $thread = get_thread($post['tid']); if ($mybb->input['action'] == "report") { $plugins->run_hooks("report_start"); $pid = $mybb->input['pid']; eval("\$report = \"" . $templates->get("report") . "\";"); $plugins->run_hooks("report_end"); output_page($report); } elseif ($mybb->input['action'] == "do_report" && $mybb->request_method == "post") { // Verify incoming POST request verify_post_check($mybb->input['my_post_key']); $plugins->run_hooks("report_do_report_start"); if (!trim($mybb->input['reason'])) { eval("\$report = \"" . $templates->get("report_noreason") . "\";"); output_page($report); exit;
$forumpermissions = forum_permissions($thread['fid']); // Does the user have permission to view this thread? if ($forumpermissions['canview'] != 1 || $forumpermissions['canviewthreads'] != 1) { error_no_permission(); } if (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) { error_no_permission(); } $archive_url = build_archive_link("thread", $tid); // Does the thread belong to a valid forum? $forum = get_forum($fid); if (!$forum || $forum['type'] != "f") { error($lang->error_invalidforum); } // Check if this forum is password protected and we have a valid password check_forum_password($forum['fid']); // If there is no specific action, we must be looking at the thread. if (empty($mybb->input['action'])) { $mybb->input['action'] = "thread"; } // Jump to the unread posts. if ($mybb->input['action'] == "newpost") { // First, figure out what time the thread or forum were last read $query = $db->simple_select("threadsread", "dateline", "uid='{$mybb->user['uid']}' AND tid='{$thread['tid']}'"); $thread_read = $db->fetch_field($query, "dateline"); if ($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid']) { $query = $db->simple_select("forumsread", "dateline", "fid='{$fid}' AND uid='{$mybb->user['uid']}'"); $forum_read = $db->fetch_field($query, "dateline"); $read_cutoff = TIME_NOW - $mybb->settings['threadreadcut'] * 60 * 60 * 24; if ($forum_read == 0 || $forum_read < $read_cutoff) { $forum_read = $read_cutoff;
function get_quote_post_func($xmlrpc_params) { global $db, $auth, $user, $phpEx, $phpbb_root_path; $user->setup('posting'); include $phpbb_root_path . 'includes/message_parser.' . $phpEx; $params = php_xmlrpc_decode($xmlrpc_params); $post_ids = explode('-', $params[0]); $quote_messages = array(); foreach ($post_ids as $post_id) { // get post id from parameters $post_id = intval($post_id); $post_data = array(); // We need to know some basic information in all cases before we do anything. if (!$post_id) { trigger_error('NO_POST'); } $sql = 'SELECT t.*, p.*, f.*, u.username FROM ' . POSTS_TABLE . ' p LEFT JOIN ' . TOPICS_TABLE . ' t ON (p.topic_id = t.topic_id) LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id OR (t.topic_type = ' . POST_GLOBAL . ' AND f.forum_type = ' . FORUM_POST . ')) LEFT JOIN ' . USERS_TABLE . ' u ON (p.poster_id = u.user_id)' . "\r\r\n WHERE p.post_id = {$post_id}"; $result = $db->sql_query_limit($sql, 1); $post_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$post_data) { trigger_error('NO_POST'); } // Use post_row values in favor of submitted ones... $forum_id = (int) $post_data['forum_id']; $topic_id = (int) $post_data['topic_id']; $post_id = (int) $post_data['post_id']; // Need to login to passworded forum first? if ($post_data['forum_password'] && !check_forum_password($forum_id)) { trigger_error('LOGIN_FORUM'); } // Is the user able to read within this forum? if (!$auth->acl_get('f_read', $forum_id)) { trigger_error('USER_CANNOT_READ'); } if (!$auth->acl_get('f_reply', $forum_id)) { trigger_error('USER_CANNOT_REPLY'); } // Is the user able to post within this forum? if ($post_data['forum_type'] != FORUM_POST) { trigger_error('USER_CANNOT_FORUM_POST'); } // Forum/Topic locked? if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) { trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED'); } // Determine some vars if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS) { $post_data['quote_username'] = !empty($post_data['post_username']) ? $post_data['post_username'] : $user->lang['GUEST']; } else { $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : ''; } $message_parser = new parse_message(); if (isset($post_data['post_text'])) { $message_parser->message = $post_data['post_text']; $message_parser->decode_message($post_data['bbcode_uid']); $message_parser->message = '[quote="' . $post_data['quote_username'] . '"]' . censor_text(trim($message_parser->message)) . "[/quote]"; //$post_data['post_subject'] = ((strpos($post_data['post_subject'], 'Re: ') !== 0) ? 'Re: ' : '') . censor_text($post_data['post_subject']); $quote_messages[] = $message_parser->message; } } return new xmlrpcresp(new xmlrpcval(array('post_id' => new xmlrpcval($params[0]), 'post_title' => new xmlrpcval('', 'base64'), 'post_content' => new xmlrpcval(html_entity_decode(implode("\n", $quote_messages)), 'base64')), 'struct')); }