if ((session::get_value('UID') != $preview_message['FROM_UID'] || session::check_perm(USER_PERM_PILLORIED, 0)) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_top(sprintf("title=%s", gettext("Error")));
post_edit_refuse($tid, $pid);
html_draw_bottom();
exit;
}
if (forum_get_setting('require_post_approval', 'Y') && isset($preview_message['APPROVED']) && $preview_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_top(sprintf("title=%s", gettext("Error")));
post_edit_refuse($tid, $pid);
html_draw_bottom();
exit;
}
}
if (isset($_POST['endpoll'])) {
if (poll_close($tid)) {
post_add_edit_text($tid, 1);
if (session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid) && $preview_message['FROM_UID'] != session::get_value('UID')) {
admin_add_log_entry(EDIT_POST, array($t_fid, $tid, $pid));
}
}
if ($thread_data['LENGTH'] > 1) {
header_redirect("discussion.php?webtag={$webtag}&msg={$msg}&edit_success={$msg}");
exit;
} else {
header_redirect("discussion.php?webtag={$webtag}&edit_success={$msg}");
exit;
}
}
html_draw_top(sprintf("title=%s", gettext("Close Poll")), "post.js", "resize_width=720", "basetarget=_blank", 'class=window_title');
echo "<h1>", gettext("Close Poll"), " {$tid}.{$pid}</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
$error_msg_array[] = gettext("You cannot post attachments in this folder. Remove attachments to continue.");
$valid = false;
}
if ((forum_get_setting('allow_post_editing', 'N') || $uid != $edit_message['FROM_UID'] && !(perm_get_user_permissions($edit_message['FROM_UID']) & USER_PERM_PILLORIED) || session::check_perm(USER_PERM_PILLORIED, 0) || $post_edit_time > 0 && time() - $edit_message['CREATED'] >= $post_edit_time * HOUR_IN_SECONDS) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg));
}
if (forum_get_setting('require_post_approval', 'Y') && isset($edit_message['APPROVED']) && $edit_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg));
}
if ($valid) {
$t_content_new = $t_content;
if ($allow_sig == true && isset($t_sig)) {
$t_content_new .= "<div class=\"sig\">{$t_sig}</div>";
}
if (post_update($t_fid, $tid, $pid, $t_content_new)) {
post_add_edit_text($tid, $pid);
post_save_attachment_id($tid, $pid, $aid);
if (session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid) && $edit_message['FROM_UID'] != $uid) {
admin_add_log_entry(EDIT_POST, array($t_fid, $tid, $pid));
}
header_redirect("discussion.php?webtag={$webtag}&msg={$msg}&edit_success={$msg}");
exit;
} else {
$error_msg_array[] = gettext("Error updating post");
}
}
} else {
if (isset($_POST['emots_toggle']) || isset($_POST['sig_toggle'])) {
if (isset($_POST['emots_toggle'])) {
$page_prefs = (double) $page_prefs ^ POST_EMOTICONS_DISPLAY;
} else {
function attachments_delete_thumbnail($hash)
{
if (!is_md5($hash)) {
return false;
}
if (!($db = db::get())) {
return false;
}
if (($uid = session::get_value('UID')) === false) {
return false;
}
if (!($attachment_dir = forum_get_setting('attachment_dir'))) {
return false;
}
// Fetch the attachment to make sure the user
// is able to delete it, i.e. it belongs to them.
if ($table_prefix = get_table_prefix()) {
$sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, ";
$sql .= "PAI.PID, THREAD.FID FROM POST_ATTACHMENT_FILES PAF ";
$sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) ";
$sql .= "LEFT JOIN `{$table_prefix}THREAD` THREAD ON (THREAD.TID = PAI.TID) ";
$sql .= "WHERE PAF.HASH = '{$hash}'";
} else {
$sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, ";
$sql .= "PAI.PID FROM POST_ATTACHMENT_FILES PAF ";
$sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) ";
$sql .= "WHERE PAF.HASH = '{$hash}'";
}
if (!($result = $db->query($sql))) {
return false;
}
if ($result->num_rows == 0) {
return false;
}
$attachment_data = $result->fetch_assoc();
if (!isset($attachment_data['FID'])) {
$attachment_data['FID'] = 0;
}
if (!($attachment_data['UID'] == $uid || session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']))) {
return false;
}
if (isset($attachment_data['TID']) && isset($attachment_data['PID'])) {
post_add_edit_text($attachment_data['TID'], $attachment_data['PID']);
if (session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']) && $attachment_data['UID'] != $uid) {
$log_data = array($attachment_data['TID'], $attachment_data['PID'], $attachment_data['FILENAME']);
admin_add_log_entry(ATTACHMENTS_DELETE, $log_data);
}
}
@unlink("{$attachment_dir}/{$hash}.thumb");
return true;
}
function attachments_delete_thumbnail($hash)
{
if (!is_md5($hash)) {
return false;
}
if (!($db = db::get())) {
return false;
}
if (!isset($_SESSION['UID']) || !is_numeric($_SESSION['UID'])) {
return false;
}
if (!($attachment_dir = attachments_check_dir())) {
return false;
}
$sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, ";
$sql .= "PAI.PID FROM POST_ATTACHMENT_FILES PAF ";
$sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) ";
$sql .= "WHERE PAF.HASH = '{$hash}'";
if (!($result = $db->query($sql))) {
return false;
}
if ($result->num_rows == 0) {
return false;
}
$attachment_data = $result->fetch_assoc();
if (!isset($attachment_data['FID'])) {
$attachment_data['FID'] = 0;
}
if (!($attachment_data['UID'] == $_SESSION['UID'] || session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']))) {
return false;
}
if (isset($attachment_data['TID']) && isset($attachment_data['PID'])) {
post_add_edit_text($attachment_data['TID'], $attachment_data['PID']);
if (session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']) && $attachment_data['UID'] != $_SESSION['UID']) {
$log_data = array($attachment_data['TID'], $attachment_data['PID'], $attachment_data['FILENAME']);
admin_add_log_entry(ATTACHMENTS_DELETE, $log_data);
}
}
@unlink("{$attachment_dir}/{$hash}.thumb");
return true;
}
$process_valid = false;
}
if ($process_valid && !session::check_perm(USER_PERM_FOLDER_MODERATE, $delete_fid)) {
$process_valid = false;
}
if ($process_valid && !($thread_data = thread_get($delete_tid, false, false, true))) {
$process_valid = false;
}
if ($process_valid && !($preview_message = messages_get($delete_tid, $delete_pid, 1))) {
$process_valid = false;
}
if ($process_valid && isset($preview_message['APPROVED'])) {
$process_valid = false;
}
if ($process_valid && post_delete($delete_tid, $delete_pid)) {
post_add_edit_text($delete_tid, $delete_pid);
if (session::check_perm(USER_PERM_FOLDER_MODERATE, $delete_fid) && (!isset($preview_message['FROM_UID']) || $preview_message['FROM_UID'] != $_SESSION['UID'])) {
admin_add_log_entry(DELETE_POST, array($delete_fid, $delete_tid, $delete_pid));
}
} else {
$valid = false;
}
}
if ($valid) {
header_redirect("admin_post_approve.php?webtag={$webtag}&page={$page}&delete_success=true");
exit;
} else {
$error_msg_array[] = gettext("Failed to delete some messages");
}
} else {
html_draw_top(array('title' => gettext('Delete Message'), 'class' => 'window_title'));
