/** * Completely remove an entire topic. * Redirects to the board when completed. * Accessed by ?action=removetopic2 */ public function action_removetopic2() { global $user_info, $topic, $board, $modSettings; // Make sure they aren't being lead around by someone. (:@) checkSession('get'); // This file needs to be included for sendNotifications(). require_once SUBSDIR . '/Notification.subs.php'; // This needs to be included for all the topic db functions require_once SUBSDIR . '/Topic.subs.php'; // Trying to fool us around, are we? if (empty($topic)) { redirectexit(); } $this->removeDeleteConcurrence(); $topic_info = getTopicInfo($topic, 'message'); if ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('remove_any')) { isAllowedTo('remove_own'); } else { isAllowedTo('remove_any'); } // Can they see the topic? if ($modSettings['postmod_active'] && !$topic_info['approved'] && $topic_info['id_member_started'] != $user_info['id']) { isAllowedTo('approve_posts'); } // Notify people that this topic has been removed. sendNotifications($topic, 'remove'); removeTopics($topic); // Note, only log topic ID in native form if it's not gone forever. if (allowedTo('remove_any') || allowedTo('remove_own') && $topic_info['id_member_started'] == $user_info['id']) { logAction('remove', array(empty($modSettings['recycle_enable']) || $modSettings['recycle_board'] != $board ? 'topic' : 'old_topic_id' => $topic, 'subject' => $topic_info['subject'], 'member' => $topic_info['id_member_started'], 'board' => $board)); } redirectexit('board=' . $board . '.0'); }
/** * In-topic quick moderation. * Accessed by ?action=quickmod2 */ public function action_quickmod2() { global $topic, $board, $user_info, $context; // Check the session = get or post. checkSession('request'); require_once SUBSDIR . '/Messages.subs.php'; if (empty($_REQUEST['msgs'])) { redirectexit('topic=' . $topic . '.' . $_REQUEST['start']); } $messages = array(); foreach ($_REQUEST['msgs'] as $dummy) { $messages[] = (int) $dummy; } // We are restoring messages. We handle this in another place. if (isset($_REQUEST['restore_selected'])) { redirectexit('action=restoretopic;msgs=' . implode(',', $messages) . ';' . $context['session_var'] . '=' . $context['session_id']); } if (isset($_REQUEST['split_selection'])) { $mgsOptions = basicMessageInfo(min($messages), true); $_SESSION['split_selection'][$topic] = $messages; redirectexit('action=splittopics;sa=selectTopics;topic=' . $topic . '.0;subname_enc=' . urlencode($mgsOptions['subject']) . ';' . $context['session_var'] . '=' . $context['session_id']); } require_once SUBSDIR . '/Topic.subs.php'; $topic_info = getTopicInfo($topic); // Allowed to delete any message? if (allowedTo('delete_any')) { $allowed_all = true; } elseif (allowedTo('delete_replies')) { $allowed_all = $topic_info['id_member_started'] == $user_info['id']; } else { $allowed_all = false; } // Make sure they're allowed to delete their own messages, if not any. if (!$allowed_all) { isAllowedTo('delete_own'); } // Allowed to remove which messages? $messages = determineRemovableMessages($topic, $messages, $allowed_all); // Get the first message in the topic - because you can't delete that! $first_message = $topic_info['id_first_msg']; $last_message = $topic_info['id_last_msg']; // Delete all the messages we know they can delete. ($messages) foreach ($messages as $message => $info) { // Just skip the first message - if it's not the last. if ($message == $first_message && $message != $last_message) { continue; } elseif ($message == $first_message) { $topicGone = true; } removeMessage($message); // Log this moderation action ;). if (allowedTo('delete_any') && (!allowedTo('delete_own') || $info[1] != $user_info['id'])) { logAction('delete', array('topic' => $topic, 'subject' => $info[0], 'member' => $info[1], 'board' => $board)); } } redirectexit(!empty($topicGone) ? 'board=' . $board : 'topic=' . $topic . '.' . $_REQUEST['start']); }
/** * Show a poll. * It is possible to use this function in combination with the template * template_display_poll_above from Display.template.php, the only part missing * is the definition of the poll moderation button array (see Display.controller.php * for details). * * @param int|null $topicID = null * @param string $output_method = 'echo' */ function ssi_showPoll($topicID = null, $output_method = 'echo') { global $txt, $user_info, $context, $scripturl; global $board; static $last_board = null; require_once SUBSDIR . '/Poll.subs.php'; require_once SUBSDIR . '/Topic.subs.php'; if ($topicID === null && isset($_REQUEST['ssi_topic'])) { $topicID = (int) $_REQUEST['ssi_topic']; } else { $topicID = (int) $topicID; } if (empty($topicID)) { return array(); } // Get the topic starter information. $topicinfo = getTopicInfo($topicID, 'starter'); $boards_can_poll = boardsAllowedTo('poll_view'); // If: // - is not allowed to see poll in any board, // - or: // - is not allowed in the specific board, and // - is not an admin // fail if (empty($boards_can_poll) || !in_array($topicinfo['id_board'], $boards_can_poll) && !in_array(0, $boards_can_poll)) { return array(); } $context['user']['started'] = $user_info['id'] == $topicinfo['id_member'] && !$user_info['is_guest']; $poll_id = associatedPoll($topicID); loadPollContext($poll_id); if (empty($context['poll'])) { return array(); } // For "compatibility" sake // @deprecated since 1.0 $context['poll']['allow_vote'] = $context['allow_vote']; $context['poll']['allow_view_results'] = $context['allow_poll_view']; $context['poll']['topic'] = $topicID; if ($output_method != 'echo') { return $context['poll']; } echo ' <div class="content" id="poll_options"> <h4 id="pollquestion"> ', $context['poll']['question'], ' </h4>'; if ($context['poll']['allow_vote']) { echo ' <form action="', $scripturl, '?action=poll;sa=vote;topic=', $context['current_topic'], '.', $context['start'], ';poll=', $context['poll']['id'], '" method="post" accept-charset="UTF-8">'; // Show a warning if they are allowed more than one option. if ($context['poll']['allowed_warning']) { echo ' <p>', $context['poll']['allowed_warning'], '</p>'; } echo ' <ul class="options">'; // Show each option with its button - a radio likely. foreach ($context['poll']['options'] as $option) { echo ' <li>', $option['vote_button'], ' <label for="', $option['id'], '">', $option['option'], '</label></li>'; } echo ' </ul> <div class="submitbutton"> <input type="submit" value="', $txt['poll_vote'], '" class="button_submit" /> <input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" /> </div> </form>'; // Is the clock ticking? if (!empty($context['poll']['expire_time'])) { echo ' <p><strong>', $context['poll']['is_expired'] ? $txt['poll_expired_on'] : $txt['poll_expires_on'], ':</strong> ', $context['poll']['expire_time'], '</p>'; } } elseif ($context['poll']['allow_view_results']) { echo ' <ul class="options">'; // Show each option with its corresponding percentage bar. foreach ($context['poll']['options'] as $option) { echo ' <li', $option['voted_this'] ? ' class="voted"' : '', '>', $option['option'], ' <div class="results">'; if ($context['allow_poll_view']) { echo ' <div class="statsbar"> ', $option['bar_ndt'], '</div> <span class="percentage">', $option['votes'], ' (', $option['percent'], '%)</span>'; } echo ' </div> </li>'; } echo ' </ul>'; if ($context['allow_poll_view']) { echo ' <p><strong>', $txt['poll_total_voters'], ':</strong> ', $context['poll']['total_votes'], '</p>'; } // Is the clock ticking? if (!empty($context['poll']['expire_time'])) { echo ' <p><strong>', $context['poll']['is_expired'] ? $txt['poll_expired_on'] : $txt['poll_expires_on'], ':</strong> ', $context['poll']['expire_time'], '</p>'; } } else { echo $txt['poll_cannot_see']; } echo ' </div>'; }
/** * If we are also moving the topic somewhere else, let's try do to it * Includes checks for permissions move_own/any, etc. * * @param mixed[] $boards an array containing basic info of the origin and destination boards (from splitDestinationBoard) * @param int $totopic id of the destination topic */ function splitAttemptMove($boards, $totopic) { global $board, $user_info; $db = database(); // If the starting and final boards are different we have to check some permissions and stuff if ($boards['destination']['id'] != $board) { $doMove = false; if (allowedTo('move_any')) { $doMove = true; } else { $new_topic = getTopicInfo($totopic); if ($new_topic['id_member_started'] == $user_info['id'] && allowedTo('move_own')) { $doMove = true; } } if ($doMove) { // Update member statistics if needed // @todo this should probably go into a function... if ($boards['destination']['count_posts'] != $boards['current']['count_posts']) { $request = $db->query('', ' SELECT id_member FROM {db_prefix}messages WHERE id_topic = {int:current_topic} AND approved = {int:is_approved}', array('current_topic' => $totopic, 'is_approved' => 1)); $posters = array(); while ($row = $db->fetch_assoc($request)) { if (!isset($posters[$row['id_member']])) { $posters[$row['id_member']] = 0; } $posters[$row['id_member']]++; } $db->free_result($request); foreach ($posters as $id_member => $posts) { // The board we're moving from counted posts, but not to. if (empty($boards['current']['count_posts'])) { updateMemberData($id_member, array('posts' => 'posts - ' . $posts)); } else { updateMemberData($id_member, array('posts' => 'posts + ' . $posts)); } } } // And finally move it! moveTopics($totopic, $boards['destination']['id']); } else { $boards['destination'] = $boards['current']; } } }
/** * Like action_sendtopic, but done via ajax from an API request * @uses Xml Template generic_xml_buttons sub template */ public function action_sendtopic_api() { global $topic, $modSettings, $txt, $context, $scripturl; loadTemplate('Xml'); Template_Layers::getInstance()->removeAll(); $context['sub_template'] = 'generic_xml_buttons'; if (empty($_POST['send'])) { die; } // We need at least a topic... go away if you don't have one. // Guests can't mark things. if (empty($topic)) { loadLanguage('Errors'); $context['xml_data'] = array('error' => 1, 'text' => $txt['not_a_topic']); return; } // Is the session valid? if (checkSession('post', '', false)) { loadLanguage('Errors'); $context['xml_data'] = array('error' => 1, 'url' => $scripturl . '?action=emailuser;sa=sendtopic;topic=' . $topic . '.0'); return; } require_once SUBSDIR . '/Topic.subs.php'; $row = getTopicInfo($topic, 'message'); if (empty($row)) { loadLanguage('Errors'); $context['xml_data'] = array('error' => 1, 'text' => $txt['not_a_topic']); return; } // Can't send topic if its unapproved and using post moderation. if ($modSettings['postmod_active'] && !$row['approved']) { loadLanguage('Errors'); $context['xml_data'] = array('error' => 1, 'text' => $txt['not_approved_topic']); return; } $is_spam = spamProtection('sendtopic', false); if ($is_spam !== false) { loadLanguage('Errors'); $context['xml_data'] = array('error' => 1, 'text' => sprintf($txt['sendtopic_WaitTime_broken'], $is_spam)); return; } // Censor the subject.... censorText($row['subject']); $result = $this->_sendTopic($row); if ($result !== true) { loadLanguage('Errors'); $context['xml_data'] = $result; return; } $context['xml_data'] = array('text' => $txt['topic_sent']); }
/** * Mark a single topic as unread. * Accessed by action=markasread;sa=topic */ public function action_marktopic() { global $board, $topic, $user_info; require_once SUBSDIR . '/Topic.subs.php'; require_once SUBSDIR . '/Messages.subs.php'; // Mark a topic unread. // First, let's figure out what the latest message is. $topicinfo = getTopicInfo($topic, 'all'); $topic_msg_id = (int) $_GET['t']; if (!empty($topic_msg_id)) { // If they read the whole topic, go back to the beginning. if ($topic_msg_id >= $topicinfo['id_last_msg']) { $earlyMsg = 0; } elseif ($topic_msg_id <= $topicinfo['id_first_msg']) { $earlyMsg = 0; } else { $earlyMsg = previousMessage($topic_msg_id, $topic); } } elseif ($_REQUEST['start'] == 0) { $earlyMsg = 0; } else { list($earlyMsg) = messageAt((int) $_REQUEST['start'], $topic); $earlyMsg--; } // Blam, unread! markTopicsRead(array($user_info['id'], $topic, $earlyMsg, $topicinfo['unwatched']), true); return 'board=' . $board . '.0'; }
/** * Format a topic to be printer friendly. * Must be called with a topic specified. * Accessed via ?action=topic;sa=printpage. * * @uses Printpage template, main sub-template. * @uses print_above/print_below later without the main layer. */ public function action_printpage() { global $topic, $scripturl, $context, $user_info, $board_info, $modSettings; // Redirect to the boardindex if no valid topic id is provided. if (empty($topic)) { redirectexit(); } $template_layers = Template_Layers::getInstance(); $template_layers->removeAll(); if (!empty($modSettings['disable_print_topic'])) { unset($_REQUEST['action']); $context['theme_loaded'] = false; fatal_lang_error('feature_disabled', false); } require_once SUBSDIR . '/Topic.subs.php'; // Get the topic starter information. $topicinfo = getTopicInfo($topic, 'starter'); $context['user']['started'] = $user_info['id'] == $topicinfo['id_member'] && !$user_info['is_guest']; // Whatever happens don't index this. $context['robot_no_index'] = true; // Redirect to the boardindex if no valid topic id is provided. if (empty($topicinfo)) { redirectexit(); } // @todo this code is almost the same as the one in Display.controller.php if ($topicinfo['id_poll'] > 0 && !empty($modSettings['pollMode']) && allowedTo('poll_view')) { loadLanguage('Post'); require_once SUBSDIR . '/Poll.subs.php'; loadPollContext($topicinfo['id_poll']); $template_layers->addAfter('print_poll', 'print'); } // Lets "output" all that info. loadTemplate('Printpage'); $template_layers->add('print'); $context['sub_template'] = 'print_page'; $context['board_name'] = $board_info['name']; $context['category_name'] = $board_info['cat']['name']; $context['poster_name'] = $topicinfo['poster_name']; $context['post_time'] = standardTime($topicinfo['poster_time'], false); $context['parent_boards'] = array(); foreach ($board_info['parent_boards'] as $parent) { $context['parent_boards'][] = $parent['name']; } // Split the topics up so we can print them. $context['posts'] = topicMessages($topic); $posts_id = array_keys($context['posts']); if (!isset($context['topic_subject'])) { $context['topic_subject'] = $context['posts'][min($posts_id)]['subject']; } // Fetch attachments so we can print them if asked, enabled and allowed if (isset($_REQUEST['images']) && !empty($modSettings['attachmentEnable']) && allowedTo('view_attachments')) { require_once SUBSDIR . '/Topic.subs.php'; $context['printattach'] = messagesAttachments(array_keys($context['posts'])); $context['viewing_attach'] = true; } // Set a canonical URL for this page. $context['canonical_url'] = $scripturl . '?topic=' . $topic . '.0'; $context['view_attach_mode'] = array('text' => $scripturl . '?action=topic;sa=printpage;topic=' . $topic . '.0', 'images' => $scripturl . '?action=topic;sa=printpage;topic=' . $topic . '.0;images'); }
/** * Send the announcement in chunks. * * splits the members to be sent a topic announcement into chunks. * composes notification messages in all languages needed. * does the actual sending of the topic announcements in chunks. * calculates a rough estimate of the percentage items sent. * Accessed by action=announce;sa=send * @uses announcement template announcement_send sub template */ public function action_send() { global $topic, $board, $board_info, $context, $modSettings, $language, $scripturl; checkSession(); $context['start'] = empty($_REQUEST['start']) ? 0 : (int) $_REQUEST['start']; $groups = array_merge($board_info['groups'], array(1)); $who = array(); // Load any supplied membergroups (from announcement_send template pause loop) if (isset($_POST['membergroups'])) { $_POST['who'] = explode(',', $_POST['membergroups']); } // Check that at least one membergroup was selected (set from announce sub template) if (empty($_POST['who'])) { fatal_lang_error('no_membergroup_selected'); } // Make sure all membergroups are integers and can access the board of the announcement. foreach ($_POST['who'] as $id => $mg) { $who[$id] = in_array((int) $mg, $groups) ? (int) $mg : 0; } // Get the topic details that we are going to send require_once SUBSDIR . '/Topic.subs.php'; $topic_info = getTopicInfo($topic, 'message'); // Prepare a plain text (markdown) body for email use, does the censoring as well require_once SUBSDIR . '/Emailpost.subs.php'; pbe_prepare_text($topic_info['body'], $topic_info['subject']); // We need this in order to be able send emails. require_once SUBSDIR . '/Mail.subs.php'; require_once SUBSDIR . '/Members.subs.php'; // Select the email addresses for this batch. $conditions = array('activated_status' => 1, 'member_greater' => $context['start'], 'group_list' => $who, 'order_by' => 'id_member', 'limit' => empty($modSettings['mail_queue']) ? 25 : 500); // Have we allowed members to opt out of announcements? if (!empty($modSettings['allow_disableAnnounce'])) { $conditions['notify_announcements'] = 1; } $data = retrieveMemberData($conditions); // All members have received a mail. Go to the next screen. if (empty($data) || $data['member_count'] === 0) { logAction('announce_topic', array('topic' => $topic), 'user'); if (!empty($_REQUEST['move']) && allowedTo('move_any')) { redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback')); } elseif (!empty($_REQUEST['goback'])) { redirectexit('topic=' . $topic . '.new;boardseen#new', isBrowser('ie')); } else { redirectexit('board=' . $board . '.0'); } } // Loop through all members that'll receive an announcement in this batch. $announcements = array(); foreach ($data['member_info'] as $row) { $cur_language = empty($row['language']) || empty($modSettings['userLanguage']) ? $language : $row['language']; // If the language wasn't defined yet, load it and compose a notification message. if (!isset($announcements[$cur_language])) { $replacements = array('TOPICSUBJECT' => $topic_info['subject'], 'MESSAGE' => $topic_info['body'], 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.0'); $emaildata = loadEmailTemplate('new_announcement', $replacements, $cur_language); $announcements[$cur_language] = array('subject' => $emaildata['subject'], 'body' => $emaildata['body'], 'recipients' => array()); } $announcements[$cur_language]['recipients'][$row['id']] = $row['email']; $context['start'] = $row['id']; } // For each language send a different mail - low priority... foreach ($announcements as $lang => $mail) { sendmail($mail['recipients'], $mail['subject'], $mail['body'], null, null, false, 5); } // Provide an overall indication of progress, this is not strictly correct if ($data['member_count'] < $conditions['limit']) { $context['percentage_done'] = 100; } else { $context['percentage_done'] = round(100 * $context['start'] / $modSettings['latestMember'], 1); } // Prepare for the template $context['move'] = empty($_REQUEST['move']) ? 0 : 1; $context['go_back'] = empty($_REQUEST['goback']) ? 0 : 1; $context['membergroups'] = implode(',', $who); $context['topic_subject'] = $topic_info['subject']; $context['sub_template'] = 'announcement_send'; // Go back to the correct language for the user ;) if (!empty($modSettings['userLanguage'])) { loadLanguage('Post'); } }
/** * Execute the move of a topic. * It is called on the submit of action_movetopic. * This function logs that topics have been moved in the moderation log. * If the member is the topic starter requires the move_own permission, * otherwise requires the move_any permission. * Upon successful completion redirects to message index. * Accessed via ?action=movetopic2. * * @uses subs/Post.subs.php. */ public function action_movetopic2() { global $txt, $board, $topic, $scripturl, $context, $language, $user_info; if (empty($topic)) { fatal_lang_error('no_access', false); } // You can't choose to have a redirection topic and use an empty reason. if (isset($_POST['postRedirect']) && (!isset($_POST['reason']) || trim($_POST['reason']) == '')) { fatal_lang_error('movetopic_no_reason', false); } // You have to tell us were you are moving to if (!isset($_POST['toboard'])) { fatal_lang_error('movetopic_no_board', false); } // We will need this require_once SUBSDIR . '/Topic.subs.php'; moveTopicConcurrence(); // Make sure this form hasn't been submitted before. checkSubmitOnce('check'); // Get the basic details on this topic $topic_info = getTopicInfo($topic); $context['is_approved'] = $topic_info['approved']; // Can they see it? if (!$context['is_approved']) { isAllowedTo('approve_posts'); } // Can they move topics on this board? if (!allowedTo('move_any')) { if ($topic_info['id_member_started'] == $user_info['id']) { isAllowedTo('move_own'); } else { isAllowedTo('move_any'); } } checkSession(); require_once SUBSDIR . '/Post.subs.php'; require_once SUBSDIR . '/Boards.subs.php'; // The destination board must be numeric. $toboard = (int) $_POST['toboard']; // Make sure they can see the board they are trying to move to (and get whether posts count in the target board). $board_info = boardInfo($toboard, $topic); if (empty($board_info)) { fatal_lang_error('no_board'); } // Remember this for later. $_SESSION['move_to_topic'] = array('move_to' => $toboard); // Rename the topic... if (isset($_POST['reset_subject'], $_POST['custom_subject']) && $_POST['custom_subject'] != '') { $custom_subject = strtr(Util::htmltrim(Util::htmlspecialchars($_POST['custom_subject'])), array("\r" => '', "\n" => '', "\t" => '')); // Keep checking the length. if (Util::strlen($custom_subject) > 100) { $custom_subject = Util::substr($custom_subject, 0, 100); } // If it's still valid move onwards and upwards. if ($custom_subject != '') { $all_messages = isset($_POST['enforce_subject']); if ($all_messages) { // Get a response prefix, but in the forum's default language. $context['response_prefix'] = response_prefix(); topicSubject($topic_info, $custom_subject, $context['response_prefix'], $all_messages); } else { topicSubject($topic_info, $custom_subject); } // Fix the subject cache. updateStats('subject', $topic, $custom_subject); } } // Create a link to this in the old board. // @todo Does this make sense if the topic was unapproved before? I'd just about say so. if (isset($_POST['postRedirect'])) { // Should be in the boardwide language. if ($user_info['language'] != $language) { loadLanguage('index', $language); } $reason = Util::htmlspecialchars($_POST['reason'], ENT_QUOTES); preparsecode($reason); // Add a URL onto the message. $reason = strtr($reason, array($txt['movetopic_auto_board'] => '[url=' . $scripturl . '?board=' . $toboard . '.0]' . $board_info['name'] . '[/url]', $txt['movetopic_auto_topic'] => '[iurl]' . $scripturl . '?topic=' . $topic . '.0[/iurl]')); // Auto remove this MOVED redirection topic in the future? $redirect_expires = !empty($_POST['redirect_expires']) ? (int) $_POST['redirect_expires'] : 0; // Redirect to the MOVED topic from topic list? $redirect_topic = isset($_POST['redirect_topic']) ? $topic : 0; // And remember the last expiry period too. $_SESSION['move_to_topic']['redirect_topic'] = $redirect_topic; $_SESSION['move_to_topic']['redirect_expires'] = $redirect_expires; $msgOptions = array('subject' => $txt['moved'] . ': ' . $board_info['subject'], 'body' => $reason, 'icon' => 'moved', 'smileys_enabled' => 1); $topicOptions = array('board' => $board, 'lock_mode' => 1, 'mark_as_read' => true, 'redirect_expires' => empty($redirect_expires) ? 0 : $redirect_expires * 60 + time(), 'redirect_topic' => $redirect_topic); $posterOptions = array('id' => $user_info['id'], 'update_post_count' => empty($board_info['count_posts'])); createPost($msgOptions, $topicOptions, $posterOptions); } $board_from = boardInfo($board); if ($board_from['count_posts'] != $board_info['count_posts']) { $posters = postersCount($topic); foreach ($posters as $id_member => $posts) { // The board we're moving from counted posts, but not to. if (empty($board_from['count_posts'])) { updateMemberData($id_member, array('posts' => 'posts - ' . $posts)); } else { updateMemberData($id_member, array('posts' => 'posts + ' . $posts)); } } } // Do the move (includes statistics update needed for the redirect topic). moveTopics($topic, $toboard); // Log that they moved this topic. if (!allowedTo('move_own') || $topic_info['id_member_started'] != $user_info['id']) { logAction('move', array('topic' => $topic, 'board_from' => $board, 'board_to' => $toboard)); } // Notify people that this topic has been moved? require_once SUBSDIR . '/Notification.subs.php'; sendNotifications($topic, 'move'); // Why not go back to the original board in case they want to keep moving? if (!isset($_REQUEST['goback'])) { redirectexit('board=' . $board . '.0'); } else { redirectexit('topic=' . $topic . '.0'); } }
/** * Posts or saves the message composed with Post(). * * requires various permissions depending on the action. * handles attachment, post, and calendar saving. * sends off notifications, and allows for announcements and moderation. * accessed from ?action=post2. */ public function action_post2() { global $board, $topic, $txt, $modSettings, $context, $user_settings; global $user_info, $board_info, $options, $ignore_temp; // Sneaking off, are we? if (empty($_POST) && empty($topic)) { if (empty($_SERVER['CONTENT_LENGTH'])) { redirectexit('action=post;board=' . $board . '.0'); } else { fatal_lang_error('post_upload_error', false); } } elseif (empty($_POST) && !empty($topic)) { redirectexit('action=post;topic=' . $topic . '.0'); } // No need! $context['robot_no_index'] = true; // We are now in post2 action $context['current_action'] = 'post2'; require_once SOURCEDIR . '/AttachmentErrorContext.class.php'; // No errors as yet. $post_errors = Error_Context::context('post', 1); $attach_errors = Attachment_Error_Context::context(); // If the session has timed out, let the user re-submit their form. if (checkSession('post', '', false) != '') { $post_errors->addError('session_timeout'); // Disable the preview so that any potentially malicious code is not executed $_REQUEST['preview'] = false; return $this->action_post(); } // Wrong verification code? if (!$user_info['is_admin'] && !$user_info['is_mod'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || $user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1)) { require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'post'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { foreach ($context['require_verification'] as $verification_error) { $post_errors->addError($verification_error); } } } require_once SUBSDIR . '/Boards.subs.php'; require_once SUBSDIR . '/Post.subs.php'; loadLanguage('Post'); // Drafts enabled and needed? if (!empty($modSettings['drafts_enabled']) && (isset($_POST['save_draft']) || isset($_POST['id_draft']))) { require_once SUBSDIR . '/Drafts.subs.php'; } // First check to see if they are trying to delete any current attachments. if (isset($_POST['attach_del'])) { $keep_temp = array(); $keep_ids = array(); foreach ($_POST['attach_del'] as $dummy) { if (strpos($dummy, 'post_tmp_' . $user_info['id']) !== false) { $keep_temp[] = $dummy; } else { $keep_ids[] = (int) $dummy; } } if (isset($_SESSION['temp_attachments'])) { foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if (isset($_SESSION['temp_attachments']['post']['files'], $attachment['name']) && in_array($attachment['name'], $_SESSION['temp_attachments']['post']['files']) || in_array($attachID, $keep_temp) || strpos($attachID, 'post_tmp_' . $user_info['id']) === false) { continue; } unset($_SESSION['temp_attachments'][$attachID]); @unlink($attachment['tmp_name']); } } if (!empty($_REQUEST['msg'])) { require_once SUBSDIR . '/ManageAttachments.subs.php'; $attachmentQuery = array('attachment_type' => 0, 'id_msg' => (int) $_REQUEST['msg'], 'not_id_attach' => $keep_ids); removeAttachments($attachmentQuery); } } // Then try to upload any attachments. $context['attachments']['can']['post'] = !empty($modSettings['attachmentEnable']) && $modSettings['attachmentEnable'] == 1 && (allowedTo('post_attachment') || $modSettings['postmod_active'] && allowedTo('post_unapproved_attachments')); if ($context['attachments']['can']['post'] && empty($_POST['from_qr'])) { require_once SUBSDIR . '/Attachments.subs.php'; if (isset($_REQUEST['msg'])) { processAttachments((int) $_REQUEST['msg']); } else { processAttachments(); } } // Previewing? Go back to start. if (isset($_REQUEST['preview'])) { return $this->action_post(); } // Prevent double submission of this form. checkSubmitOnce('check'); // If this isn't a new topic load the topic info that we need. if (!empty($topic)) { require_once SUBSDIR . '/Topic.subs.php'; $topic_info = getTopicInfo($topic); // Though the topic should be there, it might have vanished. if (empty($topic_info)) { fatal_lang_error('topic_doesnt_exist'); } // Did this topic suddenly move? Just checking... if ($topic_info['id_board'] != $board) { fatal_lang_error('not_a_topic'); } } // Replying to a topic? if (!empty($topic) && !isset($_REQUEST['msg'])) { // Don't allow a post if it's locked. if ($topic_info['locked'] != 0 && !allowedTo('moderate_board')) { fatal_lang_error('topic_locked', false); } // Sorry, multiple polls aren't allowed... yet. You should stop giving me ideas :P. if (isset($_REQUEST['poll']) && $topic_info['id_poll'] > 0) { unset($_REQUEST['poll']); } // Do the permissions and approval stuff... $becomesApproved = true; if ($topic_info['id_member_started'] != $user_info['id']) { if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_any') && !allowedTo('post_reply_any')) { $becomesApproved = false; } else { isAllowedTo('post_reply_any'); } } elseif (!allowedTo('post_reply_any')) { if ($modSettings['postmod_active']) { if (allowedTo('post_unapproved_replies_own') && !allowedTo('post_reply_own')) { $becomesApproved = false; } elseif ($user_info['is_guest'] && allowedTo('post_unapproved_replies_any')) { $becomesApproved = false; } else { isAllowedTo('post_reply_own'); } } } if (isset($_POST['lock'])) { // Nothing is changed to the lock. if (empty($topic_info['locked']) && empty($_POST['lock']) || !empty($_POST['lock']) && !empty($topic_info['locked'])) { unset($_POST['lock']); } elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']) { unset($_POST['lock']); } elseif (!allowedTo('lock_any')) { // You cannot override a moderator lock. if ($topic_info['locked'] == 1) { unset($_POST['lock']); } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 2; } } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 1; } } // So you wanna (un)sticky this...let's see. if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || $_POST['sticky'] == $topic_info['is_sticky'] || !allowedTo('make_sticky'))) { unset($_POST['sticky']); } // If drafts are enabled, then pass this off if (!empty($modSettings['drafts_enabled']) && isset($_POST['save_draft'])) { saveDraft(); return $this->action_post(); } // If the number of replies has changed, if the setting is enabled, go back to action_post() - which handles the error. if (empty($options['no_new_reply_warning']) && isset($_POST['last_msg']) && $topic_info['id_last_msg'] > $_POST['last_msg']) { addInlineJavascript(' $(document).ready(function () { $("html,body").scrollTop($(\'.category_header:visible:first\').offset().top); });'); return $this->action_post(); } $posterIsGuest = $user_info['is_guest']; } elseif (empty($topic)) { // Now don't be silly, new topics will get their own id_msg soon enough. unset($_REQUEST['msg'], $_POST['msg'], $_GET['msg']); // Do like, the permissions, for safety and stuff... $becomesApproved = true; if ($modSettings['postmod_active'] && !allowedTo('post_new') && allowedTo('post_unapproved_topics')) { $becomesApproved = false; } else { isAllowedTo('post_new'); } if (isset($_POST['lock'])) { // New topics are by default not locked. if (empty($_POST['lock'])) { unset($_POST['lock']); } elseif (!allowedTo(array('lock_any', 'lock_own'))) { unset($_POST['lock']); } else { $_POST['lock'] = allowedTo('lock_any') ? 1 : 2; } } if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || empty($_POST['sticky']) || !allowedTo('make_sticky'))) { unset($_POST['sticky']); } // Saving your new topic as a draft first? if (!empty($modSettings['drafts_enabled']) && isset($_POST['save_draft'])) { saveDraft(); return $this->action_post(); } $posterIsGuest = $user_info['is_guest']; } elseif (isset($_REQUEST['msg']) && !empty($topic)) { $_REQUEST['msg'] = (int) $_REQUEST['msg']; require_once SUBSDIR . '/Messages.subs.php'; $msgInfo = basicMessageInfo($_REQUEST['msg'], true); if (empty($msgInfo)) { fatal_lang_error('cant_find_messages', false); } if (!empty($topic_info['locked']) && !allowedTo('moderate_board')) { fatal_lang_error('topic_locked', false); } if (isset($_POST['lock'])) { // Nothing changes to the lock status. if (empty($_POST['lock']) && empty($topic_info['locked']) || !empty($_POST['lock']) && !empty($topic_info['locked'])) { unset($_POST['lock']); } elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']) { unset($_POST['lock']); } elseif (!allowedTo('lock_any')) { // You're not allowed to break a moderator's lock. if ($topic_info['locked'] == 1) { unset($_POST['lock']); } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 2; } } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 1; } } // Change the sticky status of this topic? if (isset($_POST['sticky']) && (!allowedTo('make_sticky') || $_POST['sticky'] == $topic_info['is_sticky'])) { unset($_POST['sticky']); } if ($msgInfo['id_member'] == $user_info['id'] && !allowedTo('modify_any')) { if ((!$modSettings['postmod_active'] || $msgInfo['approved']) && !empty($modSettings['edit_disable_time']) && $msgInfo['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_own')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_own'); } } elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_any')) { isAllowedTo('modify_replies'); // If you're modifying a reply, I say it better be logged... $moderationAction = true; } else { isAllowedTo('modify_any'); // Log it, assuming you're not modifying your own post. if ($msgInfo['id_member'] != $user_info['id']) { $moderationAction = true; } } // If drafts are enabled, then lets send this off to save if (!empty($modSettings['drafts_enabled']) && isset($_POST['save_draft'])) { saveDraft(); return $this->action_post(); } $posterIsGuest = empty($msgInfo['id_member']); // Can they approve it? $can_approve = allowedTo('approve_posts'); $becomesApproved = $modSettings['postmod_active'] ? $can_approve && !$msgInfo['approved'] ? !empty($_REQUEST['approve']) ? 1 : 0 : $msgInfo['approved'] : 1; $approve_has_changed = $msgInfo['approved'] != $becomesApproved; if (!allowedTo('moderate_forum') || !$posterIsGuest) { $_POST['guestname'] = $msgInfo['poster_name']; $_POST['email'] = $msgInfo['poster_email']; } } // In case we want to override if (allowedTo('approve_posts')) { $becomesApproved = !isset($_REQUEST['approve']) || !empty($_REQUEST['approve']) ? 1 : 0; $approve_has_changed = isset($msgInfo['approved']) ? $msgInfo['approved'] != $becomesApproved : false; } // If the poster is a guest evaluate the legality of name and email. if ($posterIsGuest) { $_POST['guestname'] = !isset($_POST['guestname']) ? '' : Util::htmlspecialchars(trim($_POST['guestname'])); $_POST['email'] = !isset($_POST['email']) ? '' : Util::htmlspecialchars(trim($_POST['email'])); if ($_POST['guestname'] == '' || $_POST['guestname'] == '_') { $post_errors->addError('no_name'); } if (Util::strlen($_POST['guestname']) > 25) { $post_errors->addError('long_name'); } if (empty($modSettings['guest_post_no_email'])) { // Only check if they changed it! if (!isset($msgInfo) || $msgInfo['poster_email'] != $_POST['email']) { require_once SUBSDIR . '/DataValidator.class.php'; if (!allowedTo('moderate_forum') && !Data_Validator::is_valid($_POST, array('email' => 'valid_email|required'), array('email' => 'trim'))) { empty($_POST['email']) ? $post_errors->addError('no_email') : $post_errors->addError('bad_email'); } } // Now make sure this email address is not banned from posting. isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title'])); } // In case they are making multiple posts this visit, help them along by storing their name. if (!$post_errors->hasErrors()) { $_SESSION['guest_name'] = $_POST['guestname']; $_SESSION['guest_email'] = $_POST['email']; } } // Check the subject and message. if (!isset($_POST['subject']) || Util::htmltrim(Util::htmlspecialchars($_POST['subject'])) === '') { $post_errors->addError('no_subject'); } if (!isset($_POST['message']) || Util::htmltrim(Util::htmlspecialchars($_POST['message'], ENT_QUOTES)) === '') { $post_errors->addError('no_message'); } elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_POST['message']) > $modSettings['max_messageLength']) { $post_errors->addError(array('long_message', array($modSettings['max_messageLength']))); } else { // Prepare the message a bit for some additional testing. $_POST['message'] = Util::htmlspecialchars($_POST['message'], ENT_QUOTES); // Preparse code. (Zef) if ($user_info['is_guest']) { $user_info['name'] = $_POST['guestname']; } preparsecode($_POST['message']); // Let's see if there's still some content left without the tags. if (Util::htmltrim(strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($_POST['message'], '[html]') === false)) { $post_errors->addError('no_message'); } } if (isset($_POST['calendar']) && !isset($_REQUEST['deleteevent']) && Util::htmltrim($_POST['evtitle']) === '') { $post_errors->addError('no_event'); } // Validate the poll... if (isset($_REQUEST['poll']) && !empty($modSettings['pollMode'])) { if (!empty($topic) && !isset($_REQUEST['msg'])) { fatal_lang_error('no_access', false); } // This is a new topic... so it's a new poll. if (empty($topic)) { isAllowedTo('poll_post'); } elseif ($user_info['id'] == $topic_info['id_member_started'] && !allowedTo('poll_add_any')) { isAllowedTo('poll_add_own'); } else { isAllowedTo('poll_add_any'); } if (!isset($_POST['question']) || trim($_POST['question']) == '') { $post_errors->addError('no_question'); } $_POST['options'] = empty($_POST['options']) ? array() : htmltrim__recursive($_POST['options']); // Get rid of empty ones. foreach ($_POST['options'] as $k => $option) { if ($option == '') { unset($_POST['options'][$k], $_POST['options'][$k]); } } // What are you going to vote between with one choice?!? if (count($_POST['options']) < 2) { $post_errors->addError('poll_few'); } elseif (count($_POST['options']) > 256) { $post_errors->addError('poll_many'); } } if ($posterIsGuest) { // If user is a guest, make sure the chosen name isn't taken. require_once SUBSDIR . '/Members.subs.php'; if (isReservedName($_POST['guestname'], 0, true, false) && (!isset($msgInfo['poster_name']) || $_POST['guestname'] != $msgInfo['poster_name'])) { $post_errors->addError('bad_name'); } } elseif (!isset($_REQUEST['msg'])) { $_POST['guestname'] = $user_info['username']; $_POST['email'] = $user_info['email']; } // Posting somewhere else? Are we sure you can? if (!empty($_REQUEST['post_in_board'])) { $new_board = (int) $_REQUEST['post_in_board']; if (!allowedTo('post_new', $new_board)) { $post_in_board = boardInfo($new_board); if (!empty($post_in_board)) { $post_errors->addError(array('post_new_board', array($post_in_board['name']))); } else { $post_errors->addError('post_new'); } } } // Any mistakes? if ($post_errors->hasErrors() || $attach_errors->hasErrors()) { addInlineJavascript(' $(document).ready(function () { $("html,body").scrollTop($(\'.category_header:visible:first\').offset().top); });'); return $this->action_post(); } // Make sure the user isn't spamming the board. if (!isset($_REQUEST['msg'])) { spamProtection('post'); } // At about this point, we're posting and that's that. ignore_user_abort(true); @set_time_limit(300); // Add special html entities to the subject, name, and email. $_POST['subject'] = strtr(Util::htmlspecialchars($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')); $_POST['guestname'] = htmlspecialchars($_POST['guestname'], ENT_COMPAT, 'UTF-8'); $_POST['email'] = htmlspecialchars($_POST['email'], ENT_COMPAT, 'UTF-8'); // At this point, we want to make sure the subject isn't too long. if (Util::strlen($_POST['subject']) > 100) { $_POST['subject'] = Util::substr($_POST['subject'], 0, 100); } if (!empty($modSettings['mentions_enabled']) && !empty($_REQUEST['uid'])) { $query_params = array(); $query_params['member_ids'] = array_unique(array_map('intval', $_REQUEST['uid'])); require_once SUBSDIR . '/Members.subs.php'; $mentioned_members = membersBy('member_ids', $query_params, true); $replacements = 0; $actually_mentioned = array(); foreach ($mentioned_members as $member) { $_POST['message'] = str_replace('@' . $member['real_name'], '[member=' . $member['id_member'] . ']' . $member['real_name'] . '[/member]', $_POST['message'], $replacements); if ($replacements > 0) { $actually_mentioned[] = $member['id_member']; } } } // Make the poll... if (isset($_REQUEST['poll'])) { // Make sure that the user has not entered a ridiculous number of options.. if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) { $_POST['poll_max_votes'] = 1; } elseif ($_POST['poll_max_votes'] > count($_POST['options'])) { $_POST['poll_max_votes'] = count($_POST['options']); } else { $_POST['poll_max_votes'] = (int) $_POST['poll_max_votes']; } $_POST['poll_expire'] = (int) $_POST['poll_expire']; $_POST['poll_expire'] = $_POST['poll_expire'] > 9999 ? 9999 : ($_POST['poll_expire'] < 0 ? 0 : $_POST['poll_expire']); // Just set it to zero if it's not there.. if (!isset($_POST['poll_hide'])) { $_POST['poll_hide'] = 0; } else { $_POST['poll_hide'] = (int) $_POST['poll_hide']; } $_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0; $_POST['poll_guest_vote'] = isset($_POST['poll_guest_vote']) ? 1 : 0; // Make sure guests are actually allowed to vote generally. if ($_POST['poll_guest_vote']) { require_once SUBSDIR . '/Members.subs.php'; $allowedVoteGroups = groupsAllowedTo('poll_vote', $board); if (!in_array(-1, $allowedVoteGroups['allowed'])) { $_POST['poll_guest_vote'] = 0; } } // If the user tries to set the poll too far in advance, don't let them. if (!empty($_POST['poll_expire']) && $_POST['poll_expire'] < 1) { fatal_lang_error('poll_range_error', false); } elseif (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) { $_POST['poll_hide'] = 1; } // Clean up the question and answers. $_POST['question'] = htmlspecialchars($_POST['question'], ENT_COMPAT, 'UTF-8'); $_POST['question'] = Util::substr($_POST['question'], 0, 255); $_POST['question'] = preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', $_POST['question']); $_POST['options'] = htmlspecialchars__recursive($_POST['options']); // Finally, make the poll. require_once SUBSDIR . '/Poll.subs.php'; $id_poll = createPoll($_POST['question'], $user_info['id'], $_POST['guestname'], $_POST['poll_max_votes'], $_POST['poll_hide'], $_POST['poll_expire'], $_POST['poll_change_vote'], $_POST['poll_guest_vote'], $_POST['options']); } else { $id_poll = 0; } // ...or attach a new file... if (empty($ignore_temp) && $context['attachments']['can']['post'] && !empty($_SESSION['temp_attachments']) && empty($_POST['from_qr'])) { $attachIDs = array(); foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) { if ($attachID != 'initial_error' && strpos($attachID, 'post_tmp_' . $user_info['id']) === false) { continue; } // If there was an initial error just show that message. if ($attachID == 'initial_error') { unset($_SESSION['temp_attachments']); break; } // No errors, then try to create the attachment if (empty($attachment['errors'])) { // Load the attachmentOptions array with the data needed to create an attachment $attachmentOptions = array('post' => isset($_REQUEST['msg']) ? $_REQUEST['msg'] : 0, 'poster' => $user_info['id'], 'name' => $attachment['name'], 'tmp_name' => $attachment['tmp_name'], 'size' => isset($attachment['size']) ? $attachment['size'] : 0, 'mime_type' => isset($attachment['type']) ? $attachment['type'] : '', 'id_folder' => isset($attachment['id_folder']) ? $attachment['id_folder'] : 0, 'approved' => !$modSettings['postmod_active'] || allowedTo('post_attachment'), 'errors' => array()); if (createAttachment($attachmentOptions)) { $attachIDs[] = $attachmentOptions['id']; if (!empty($attachmentOptions['thumb'])) { $attachIDs[] = $attachmentOptions['thumb']; } } } else { @unlink($attachment['tmp_name']); } } unset($_SESSION['temp_attachments']); } // Creating a new topic? $newTopic = empty($_REQUEST['msg']) && empty($topic); $_POST['icon'] = !empty($attachIDs) && $_POST['icon'] == 'xx' ? 'clip' : $_POST['icon']; // Collect all parameters for the creation or modification of a post. $msgOptions = array('id' => empty($_REQUEST['msg']) ? 0 : (int) $_REQUEST['msg'], 'subject' => $_POST['subject'], 'body' => $_POST['message'], 'icon' => preg_replace('~[\\./\\\\*:"\'<>]~', '', $_POST['icon']), 'smileys_enabled' => !isset($_POST['ns']), 'attachments' => empty($attachIDs) ? array() : $attachIDs, 'approved' => $becomesApproved); $topicOptions = array('id' => empty($topic) ? 0 : $topic, 'board' => $board, 'poll' => isset($_REQUEST['poll']) ? $id_poll : null, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true, 'is_approved' => !$modSettings['postmod_active'] || empty($topic) || !empty($board_info['cur_topic_approved'])); $posterOptions = array('id' => $user_info['id'], 'name' => $_POST['guestname'], 'email' => $_POST['email'], 'update_post_count' => !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count']); // This is an already existing message. Edit it. if (!empty($_REQUEST['msg'])) { // Have admins allowed people to hide their screwups? if (time() - $msgInfo['poster_time'] > $modSettings['edit_wait_time'] || $user_info['id'] != $msgInfo['id_member']) { $msgOptions['modify_time'] = time(); $msgOptions['modify_name'] = $user_info['name']; } // This will save some time... if (empty($approve_has_changed)) { unset($msgOptions['approved']); } modifyPost($msgOptions, $topicOptions, $posterOptions); } else { if (!empty($modSettings['enableFollowup']) && !empty($_REQUEST['followup'])) { $original_post = (int) $_REQUEST['followup']; } // We also have to fake the board: // if it's valid and it's not the current, let's forget about the "current" and load the new one if (!empty($new_board) && $board !== $new_board) { $board = $new_board; loadBoard(); // Some details changed $topicOptions['board'] = $board; $topicOptions['is_approved'] = !$modSettings['postmod_active'] || empty($topic) || !empty($board_info['cur_topic_approved']); $posterOptions['update_post_count'] = !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count']; } createPost($msgOptions, $topicOptions, $posterOptions); if (isset($topicOptions['id'])) { $topic = $topicOptions['id']; } if (!empty($modSettings['enableFollowup'])) { require_once SUBSDIR . '/FollowUps.subs.php'; require_once SUBSDIR . '/Messages.subs.php'; // Time to update the original message with a pointer to the new one if (!empty($original_post) && canAccessMessage($original_post)) { linkMessages($original_post, $topic); } } } // If we had a draft for this, its time to remove it since it was just posted if (!empty($modSettings['drafts_enabled']) && !empty($_POST['id_draft'])) { deleteDrafts($_POST['id_draft'], $user_info['id']); } // Editing or posting an event? if (isset($_POST['calendar']) && (!isset($_REQUEST['eventid']) || $_REQUEST['eventid'] == -1)) { require_once SUBSDIR . '/Calendar.subs.php'; // Make sure they can link an event to this post. canLinkEvent(); // Insert the event. $eventOptions = array('id_board' => $board, 'id_topic' => $topic, 'title' => $_POST['evtitle'], 'member' => $user_info['id'], 'start_date' => sprintf('%04d-%02d-%02d', $_POST['year'], $_POST['month'], $_POST['day']), 'span' => isset($_POST['span']) && $_POST['span'] > 0 ? min((int) $modSettings['cal_maxspan'], (int) $_POST['span'] - 1) : 0); insertEvent($eventOptions); } elseif (isset($_POST['calendar'])) { $_REQUEST['eventid'] = (int) $_REQUEST['eventid']; // Validate the post... require_once SUBSDIR . '/Calendar.subs.php'; validateEventPost(); // If you're not allowed to edit any events, you have to be the poster. if (!allowedTo('calendar_edit_any')) { $event_poster = getEventPoster($_REQUEST['eventid']); // Silly hacker, Trix are for kids. ...probably trademarked somewhere, this is FAIR USE! (parody...) isAllowedTo('calendar_edit_' . ($event_poster == $user_info['id'] ? 'own' : 'any')); } // Delete it? if (isset($_REQUEST['deleteevent'])) { removeEvent($_REQUEST['eventid']); } else { $span = !empty($modSettings['cal_allowspan']) && !empty($_REQUEST['span']) ? min((int) $modSettings['cal_maxspan'], (int) $_REQUEST['span'] - 1) : 0; $start_time = mktime(0, 0, 0, (int) $_REQUEST['month'], (int) $_REQUEST['day'], (int) $_REQUEST['year']); $eventOptions = array('start_date' => strftime('%Y-%m-%d', $start_time), 'end_date' => strftime('%Y-%m-%d', $start_time + $span * 86400), 'title' => $_REQUEST['evtitle']); modifyEvent($_REQUEST['eventid'], $eventOptions); } } // Marking boards as read. // (You just posted and they will be unread.) if (!$user_info['is_guest']) { $board_list = !empty($board_info['parent_boards']) ? array_keys($board_info['parent_boards']) : array(); // Returning to the topic? if (!empty($_REQUEST['goback'])) { $board_list[] = $board; } if (!empty($board_list)) { markBoardsRead($board_list, false, false); } } // Turn notification on or off. if (!empty($_POST['notify']) && allowedTo('mark_any_notify')) { setTopicNotification($user_info['id'], $topic, true); } elseif (!$newTopic) { setTopicNotification($user_info['id'], $topic, false); } // Log an act of moderation - modifying. if (!empty($moderationAction)) { logAction('modify', array('topic' => $topic, 'message' => (int) $_REQUEST['msg'], 'member' => $msgInfo['id_member'], 'board' => $board)); } if (isset($_POST['lock']) && $_POST['lock'] != 2) { logAction(empty($_POST['lock']) ? 'unlock' : 'lock', array('topic' => $topicOptions['id'], 'board' => $topicOptions['board'])); } if (isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics'])) { logAction(empty($_POST['sticky']) ? 'unsticky' : 'sticky', array('topic' => $topicOptions['id'], 'board' => $topicOptions['board'])); } // Notify any members who have notification turned on for this topic/board - only do this if it's going to be approved(!) if ($becomesApproved) { require_once SUBSDIR . '/Notification.subs.php'; if ($newTopic) { $notifyData = array('body' => $_POST['message'], 'subject' => $_POST['subject'], 'name' => $user_info['name'], 'poster' => $user_info['id'], 'msg' => $msgOptions['id'], 'board' => $board, 'topic' => $topic, 'signature' => isset($user_settings['signature']) ? $user_settings['signature'] : ''); sendBoardNotifications($notifyData); } elseif (empty($_REQUEST['msg'])) { // Only send it to everyone if the topic is approved, otherwise just to the topic starter if they want it. if ($topic_info['approved']) { sendNotifications($topic, 'reply'); } else { sendNotifications($topic, 'reply', array(), $topic_info['id_member_started']); } } } if (!empty($modSettings['mentions_enabled']) && !empty($actually_mentioned)) { require_once CONTROLLERDIR . '/Mentions.controller.php'; $mentions = new Mentions_Controller(); $mentions->setData(array('id_member' => $actually_mentioned, 'type' => 'men', 'id_msg' => $msgOptions['id'], 'status' => $becomesApproved ? 'new' : 'unapproved')); $mentions->action_add(); } if ($board_info['num_topics'] == 0) { cache_put_data('board-' . $board, null, 120); } if (!empty($_POST['announce_topic'])) { redirectexit('action=announce;sa=selectgroup;topic=' . $topic . (!empty($_POST['move']) && allowedTo('move_any') ? ';move' : '') . (empty($_REQUEST['goback']) ? '' : ';goback')); } if (!empty($_POST['move']) && allowedTo('move_any')) { redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback')); } // Return to post if the mod is on. if (isset($_REQUEST['msg']) && !empty($_REQUEST['goback'])) { redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg'] . '#msg' . $_REQUEST['msg'], isBrowser('ie')); } elseif (!empty($_REQUEST['goback'])) { redirectexit('topic=' . $topic . '.new#new', isBrowser('ie')); } else { redirectexit('board=' . $board . '.0'); } }
/** * Set merge options and do the actual merge of two or more topics. * * the merge options screen: * * shows topics to be merged and allows to set some merge options. * * is accessed by ?action=mergetopics;sa=options.and can also internally be called by action_quickmod(). * * uses 'merge_extra_options' sub template of the MergeTopics template. * * the actual merge: * * is accessed with ?action=mergetopics;sa=execute. * * updates the statistics to reflect the merge. * * logs the action in the moderation log. * * sends a notification is sent to all users monitoring this topic. * * redirects to ?action=mergetopics;sa=done. * * @param int[] $topics = array() of topic ids */ public function action_mergeExecute($topics = array()) { global $user_info, $txt, $context, $scripturl, $modSettings; $db = database(); // Check the session. checkSession('request'); require_once SUBSDIR . '/Topic.subs.php'; require_once SUBSDIR . '/Post.subs.php'; // Handle URLs from action_mergeIndex. if (!empty($_GET['from']) && !empty($_GET['to'])) { $topics = array((int) $_GET['from'], (int) $_GET['to']); } // If we came from a form, the topic IDs came by post. if (!empty($_POST['topics']) && is_array($_POST['topics'])) { $topics = $_POST['topics']; } // There's nothing to merge with just one topic... if (empty($topics) || !is_array($topics) || count($topics) == 1) { fatal_lang_error('merge_need_more_topics'); } // Make sure every topic is numeric, or some nasty things could be done with the DB. foreach ($topics as $id => $topic) { $topics[$id] = (int) $topic; } // Joy of all joys, make sure they're not pi**ing about with unapproved topics they can't see :P if ($modSettings['postmod_active']) { $can_approve_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts'); } // Get info about the topics and polls that will be merged. $request = $db->query('', ' SELECT t.id_topic, t.id_board, t.id_poll, t.num_views, t.is_sticky, t.approved, t.num_replies, t.unapproved_posts, m1.subject, m1.poster_time AS time_started, IFNULL(mem1.id_member, 0) AS id_member_started, IFNULL(mem1.real_name, m1.poster_name) AS name_started, m2.poster_time AS time_updated, IFNULL(mem2.id_member, 0) AS id_member_updated, IFNULL(mem2.real_name, m2.poster_name) AS name_updated FROM {db_prefix}topics AS t INNER JOIN {db_prefix}messages AS m1 ON (m1.id_msg = t.id_first_msg) INNER JOIN {db_prefix}messages AS m2 ON (m2.id_msg = t.id_last_msg) LEFT JOIN {db_prefix}members AS mem1 ON (mem1.id_member = m1.id_member) LEFT JOIN {db_prefix}members AS mem2 ON (mem2.id_member = m2.id_member) WHERE t.id_topic IN ({array_int:topic_list}) ORDER BY t.id_first_msg LIMIT ' . count($topics), array('topic_list' => $topics)); if ($db->num_rows($request) < 2) { fatal_lang_error('no_topic_id'); } $num_views = 0; $is_sticky = 0; $boardTotals = array(); $topic_data = array(); $boards = array(); $polls = array(); $firstTopic = 0; while ($row = $db->fetch_assoc($request)) { // Make a note for the board counts... if (!isset($boardTotals[$row['id_board']])) { $boardTotals[$row['id_board']] = array('num_posts' => 0, 'num_topics' => 0, 'unapproved_posts' => 0, 'unapproved_topics' => 0); } // We can't see unapproved topics here? if ($modSettings['postmod_active'] && !$row['approved'] && $can_approve_boards != array(0) && in_array($row['id_board'], $can_approve_boards)) { continue; } elseif (!$row['approved']) { $boardTotals[$row['id_board']]['unapproved_topics']++; } else { $boardTotals[$row['id_board']]['num_topics']++; } $boardTotals[$row['id_board']]['unapproved_posts'] += $row['unapproved_posts']; $boardTotals[$row['id_board']]['num_posts'] += $row['num_replies'] + ($row['approved'] ? 1 : 0); $topic_data[$row['id_topic']] = array('id' => $row['id_topic'], 'board' => $row['id_board'], 'poll' => $row['id_poll'], 'num_views' => $row['num_views'], 'subject' => $row['subject'], 'started' => array('time' => standardTime($row['time_started']), 'html_time' => htmlTime($row['time_started']), 'timestamp' => forum_time(true, $row['time_started']), 'href' => empty($row['id_member_started']) ? '' : $scripturl . '?action=profile;u=' . $row['id_member_started'], 'link' => empty($row['id_member_started']) ? $row['name_started'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member_started'] . '">' . $row['name_started'] . '</a>'), 'updated' => array('time' => standardTime($row['time_updated']), 'html_time' => htmlTime($row['time_updated']), 'timestamp' => forum_time(true, $row['time_updated']), 'href' => empty($row['id_member_updated']) ? '' : $scripturl . '?action=profile;u=' . $row['id_member_updated'], 'link' => empty($row['id_member_updated']) ? $row['name_updated'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member_updated'] . '">' . $row['name_updated'] . '</a>')); $num_views += $row['num_views']; $boards[] = $row['id_board']; // If there's no poll, id_poll == 0... if ($row['id_poll'] > 0) { $polls[] = $row['id_poll']; } // Store the id_topic with the lowest id_first_msg. if (empty($firstTopic)) { $firstTopic = $row['id_topic']; } $is_sticky = max($is_sticky, $row['is_sticky']); } $db->free_result($request); // If we didn't get any topics then they've been messing with unapproved stuff. if (empty($topic_data)) { fatal_lang_error('no_topic_id'); } $boards = array_values(array_unique($boards)); // The parameters of action_mergeExecute were set, so this must've been an internal call. if (!empty($topics)) { isAllowedTo('merge_any', $boards); loadTemplate('MergeTopics'); } // Get the boards a user is allowed to merge in. $merge_boards = boardsAllowedTo('merge_any'); if (empty($merge_boards)) { fatal_lang_error('cannot_merge_any', 'user'); } require_once SUBSDIR . '/Boards.subs.php'; // Make sure they can see all boards.... $query_boards = array('boards' => $boards); if (!in_array(0, $merge_boards)) { $query_boards['boards'] = array_merge($query_boards['boards'], $merge_boards); } // Saved in a variable to (potentially) save a query later $boards_info = fetchBoardsInfo($query_boards); // This happens when a member is moderator of a board he cannot see foreach ($boards as $board) { if (!isset($boards_info[$board])) { fatal_lang_error('no_board'); } } if (empty($_REQUEST['sa']) || $_REQUEST['sa'] == 'options') { if (count($polls) > 1) { $request = $db->query('', ' SELECT t.id_topic, t.id_poll, m.subject, p.question FROM {db_prefix}polls AS p INNER JOIN {db_prefix}topics AS t ON (t.id_poll = p.id_poll) INNER JOIN {db_prefix}messages AS m ON (m.id_msg = t.id_first_msg) WHERE p.id_poll IN ({array_int:polls}) LIMIT ' . count($polls), array('polls' => $polls)); while ($row = $db->fetch_assoc($request)) { $context['polls'][] = array('id' => $row['id_poll'], 'topic' => array('id' => $row['id_topic'], 'subject' => $row['subject']), 'question' => $row['question'], 'selected' => $row['id_topic'] == $firstTopic); } $db->free_result($request); } if (count($boards) > 1) { foreach ($boards_info as $row) { $context['boards'][] = array('id' => $row['id_board'], 'name' => $row['name'], 'selected' => $row['id_board'] == $topic_data[$firstTopic]['board']); } } $context['topics'] = $topic_data; foreach ($topic_data as $id => $topic) { $context['topics'][$id]['selected'] = $topic['id'] == $firstTopic; } $context['page_title'] = $txt['merge']; $context['sub_template'] = 'merge_extra_options'; return; } // Determine target board. $target_board = count($boards) > 1 ? (int) $_REQUEST['board'] : $boards[0]; if (!in_array($target_board, $boards)) { fatal_lang_error('no_board'); } // Determine which poll will survive and which polls won't. $target_poll = count($polls) > 1 ? (int) $_POST['poll'] : (count($polls) == 1 ? $polls[0] : 0); if ($target_poll > 0 && !in_array($target_poll, $polls)) { fatal_lang_error('no_access', false); } $deleted_polls = empty($target_poll) ? $polls : array_diff($polls, array($target_poll)); // Determine the subject of the newly merged topic - was a custom subject specified? if (empty($_POST['subject']) && isset($_POST['custom_subject']) && $_POST['custom_subject'] != '') { $target_subject = strtr(Util::htmltrim(Util::htmlspecialchars($_POST['custom_subject'])), array("\r" => '', "\n" => '', "\t" => '')); // Keep checking the length. if (Util::strlen($target_subject) > 100) { $target_subject = Util::substr($target_subject, 0, 100); } // Nothing left - odd but pick the first topics subject. if ($target_subject == '') { $target_subject = $topic_data[$firstTopic]['subject']; } } elseif (!empty($topic_data[(int) $_POST['subject']]['subject'])) { $target_subject = $topic_data[(int) $_POST['subject']]['subject']; } else { $target_subject = $topic_data[$firstTopic]['subject']; } // Get the first and last message and the number of messages.... $request = $db->query('', ' SELECT approved, MIN(id_msg) AS first_msg, MAX(id_msg) AS last_msg, COUNT(*) AS message_count FROM {db_prefix}messages WHERE id_topic IN ({array_int:topics}) GROUP BY approved ORDER BY approved DESC', array('topics' => $topics)); $topic_approved = 1; $first_msg = 0; while ($row = $db->fetch_assoc($request)) { // If this is approved, or is fully unapproved. if ($row['approved'] || !isset($first_msg)) { $first_msg = $row['first_msg']; $last_msg = $row['last_msg']; if ($row['approved']) { $num_replies = $row['message_count'] - 1; $num_unapproved = 0; } else { $topic_approved = 0; $num_replies = 0; $num_unapproved = $row['message_count']; } } else { // If this has a lower first_msg then the first post is not approved and hence the number of replies was wrong! if ($first_msg > $row['first_msg']) { $first_msg = $row['first_msg']; $num_replies++; $topic_approved = 0; } $num_unapproved = $row['message_count']; } } $db->free_result($request); // Ensure we have a board stat for the target board. if (!isset($boardTotals[$target_board])) { $boardTotals[$target_board] = array('num_posts' => 0, 'num_topics' => 0, 'unapproved_posts' => 0, 'unapproved_topics' => 0); } // Fix the topic count stuff depending on what the new one counts as. if ($topic_approved) { $boardTotals[$target_board]['num_topics']--; } else { $boardTotals[$target_board]['unapproved_topics']--; } $boardTotals[$target_board]['unapproved_posts'] -= $num_unapproved; $boardTotals[$target_board]['num_posts'] -= $topic_approved ? $num_replies + 1 : $num_replies; // Get the member ID of the first and last message. $request = $db->query('', ' SELECT id_member FROM {db_prefix}messages WHERE id_msg IN ({int:first_msg}, {int:last_msg}) ORDER BY id_msg LIMIT 2', array('first_msg' => $first_msg, 'last_msg' => $last_msg)); list($member_started) = $db->fetch_row($request); list($member_updated) = $db->fetch_row($request); // First and last message are the same, so only row was returned. if ($member_updated === null) { $member_updated = $member_started; } $db->free_result($request); // Obtain all the message ids we are going to affect. $affected_msgs = messagesInTopics($topics); // Assign the first topic ID to be the merged topic. $id_topic = min($topics); // Grab the response prefix (like 'Re: ') in the default forum language. $context['response_prefix'] = response_prefix(); $enforce_subject = isset($_POST['enforce_subject']) ? Util::htmlspecialchars(trim($_POST['enforce_subject'])) : ''; // Merge topic notifications. $notifications = isset($_POST['notifications']) && is_array($_POST['notifications']) ? array_intersect($topics, $_POST['notifications']) : array(); fixMergedTopics($first_msg, $topics, $id_topic, $target_board, $target_subject, $enforce_subject, $notifications); // Asssign the properties of the newly merged topic. $db->query('', ' UPDATE {db_prefix}topics SET id_board = {int:id_board}, id_member_started = {int:id_member_started}, id_member_updated = {int:id_member_updated}, id_first_msg = {int:id_first_msg}, id_last_msg = {int:id_last_msg}, id_poll = {int:id_poll}, num_replies = {int:num_replies}, unapproved_posts = {int:unapproved_posts}, num_views = {int:num_views}, is_sticky = {int:is_sticky}, approved = {int:approved} WHERE id_topic = {int:id_topic}', array('id_board' => $target_board, 'is_sticky' => $is_sticky, 'approved' => $topic_approved, 'id_topic' => $id_topic, 'id_member_started' => $member_started, 'id_member_updated' => $member_updated, 'id_first_msg' => $first_msg, 'id_last_msg' => $last_msg, 'id_poll' => $target_poll, 'num_replies' => $num_replies, 'unapproved_posts' => $num_unapproved, 'num_views' => $num_views)); // Get rid of the redundant polls. if (!empty($deleted_polls)) { require_once SUBSDIR . '/Poll.subs.php'; removePoll($deleted_polls); } // Cycle through each board... foreach ($boardTotals as $id_board => $stats) { decrementBoard($id_board, $stats); } // Determine the board the final topic resides in $topic_info = getTopicInfo($id_topic); $id_board = $topic_info['id_board']; // Update all the statistics. updateStats('topic'); updateStats('subject', $id_topic, $target_subject); updateLastMessages($boards); logAction('merge', array('topic' => $id_topic, 'board' => $id_board)); // Notify people that these topics have been merged? require_once SUBSDIR . '/Notification.subs.php'; sendNotifications($id_topic, 'merge'); // If there's a search index that needs updating, update it... require_once SUBSDIR . '/Search.subs.php'; $searchAPI = findSearchAPI(); if (is_callable(array($searchAPI, 'topicMerge'))) { $searchAPI->topicMerge($id_topic, $topics, $affected_msgs, empty($enforce_subject) ? null : array($context['response_prefix'], $target_subject)); } // Send them to the all done page. redirectexit('action=mergetopics;sa=done;to=' . $id_topic . ';targetboard=' . $target_board); }