예제 #1
0
                 }
                 COM_updateSpeedlimit('forum');
                 // Insert a new log record for all logged in users that posted so it does not appear as new
                 if ($uid != '1') {
                     DB_query("INSERT INTO {$_TABLES['gf_log']} (uid,forum,topic,time) VALUES ('{$_USER['uid']}','{$forum}','{$lastid}','{$date}')");
                 }
                 forum_statusMessage($LANG_GF02['msg19'], $_CONF['site_url'] . "/forum/viewtopic.php?showtopic={$lastid}", $LANG_GF02['msg19']);
             }
         } else {
             alertMessage($LANG_GF02['msg18']);
         }
     }
     // END OF A NEW TOPIC...
 } elseif ($method == 'postreply') {
     if (function_exists('plugin_itemPreSave_captcha')) {
         $msg = plugin_itemPreSave_captcha('forum', $_POST['captcha']);
         if ($msg != '') {
             $preview = 'Preview';
             $subject = COM_stripslashes($_POST['subject']);
             $retval .= COM_startBlock($LANG03[17], '', COM_getBlockTemplate('_msg_block', 'header')) . $msg . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
             echo $retval;
         }
     }
     if ($msg == '') {
         //Add Reply
         if ($_POST['aname'] != '') {
             $name = gf_preparefordb($_POST['aname'], 'text');
         } else {
             $name = gf_preparefordb($_POST['name'], 'text');
         }
         $name = urldecode($name);
예제 #2
0
function FF_saveTopic($forumData, $postData, $action)
{
    global $_CONF, $_TABLES, $_FF_CONF, $_USER, $LANG03, $LANG_GF01, $LANG_GF02;
    $retval = '';
    $uploadErrors = '';
    $msg = '';
    $errorMessages = '';
    $email = '';
    $forumfiles = array();
    $okToSave = true;
    $dt = new Date('now', $_USER['tzid']);
    $date = $dt->toUnix();
    $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
    if (COM_isAnonUser()) {
        $uid = 1;
    } else {
        $uid = $_USER['uid'];
    }
    // verify postmode is allowed
    if (strtolower($postData['postmode']) == 'html') {
        if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
            $postData['postmode'] = 'html';
        } else {
            $postData['postmode'] = 'text';
        }
    }
    // is forum readonly?
    if ($forumData['is_readonly'] == 1) {
        // Check if this user has moderation rights now to allow a post to a locked topic
        if (!forum_modPermission($forumData['forum'], $uid, 'mod_edit')) {
            _ff_accessError();
        }
    }
    if ($action == 'saveedit') {
        // does the forum match the forum id of the posted data?
        if ($forumData['forum'] != 0 && $forumData['forum'] != $postData['forum']) {
            _ff_accessError();
        }
        $editid = COM_applyFilter($postData['editid'], true);
        $forum = COM_applyFilter($postData['forum'], true);
        $editAllowed = false;
        if (forum_modPermission($forumData['forum'], $_USER['uid'], 'mod_edit')) {
            $editAllowed = true;
        } else {
            if ($_FF_CONF['allowed_editwindow'] > 0) {
                $t1 = DB_getItem($_TABLES['ff_topic'], 'date', "id=" . (int) $postData['id']);
                $t2 = $_FF_CONF['allowed_editwindow'];
                $time = time();
                if (time() - $t2 < $t1) {
                    $editAllowed = true;
                }
            } else {
                $editAllowed = true;
            }
        }
        if ($postData['editpid'] < 1 && trim($postData['subject']) == '') {
            $retval .= FF_BlockMessage('', $LANG_GF02['msg18'], false);
            $okToSave = false;
        } elseif (!$editAllowed) {
            $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . (int) $postData['$id'];
            $retval .= _ff_alertMessage('', $LANG_GF02['msg189'], sprintf($LANG_GF02['msg187'], $link));
            $okToSave = false;
        }
    } else {
        if (!COM_isAnonUser() && $_FF_CONF['use_sfs']) {
            $email = isset($_USER['email']) ? $_USER['email'] : '';
        }
    }
    if (isset($postData['name']) && $postData['name'] != '') {
        $name = _ff_preparefordb(@htmlspecialchars(strip_tags(trim(COM_checkWords(USER_sanitizeName($postData['name'])))), ENT_QUOTES, COM_getEncodingt()), 'text');
        $name = urldecode($name);
    } else {
        $okToSave = false;
        $errorMessages .= $LANG_GF02['invalid_name'] . '<br />';
    }
    // speed limit check
    if (!SEC_hasRights('forum.edit')) {
        COM_clearSpeedlimit($_FF_CONF['post_speedlimit'], 'forum');
        $last = COM_checkSpeedlimit('forum');
        if ($last > 0) {
            $errorMessages .= sprintf($LANG_GF01['SPEEDLIMIT'], $last, $_FF_CONF['post_speedlimit']) . '<br/>';
            $okToSave = false;
        }
    }
    // standard edit checks
    if (strlen(trim($postData['name'])) < $_FF_CONF['min_username_length'] || strlen(trim($postData['subject'])) < $_FF_CONF['min_subject_length'] || strlen(trim($postData['comment'])) < $_FF_CONF['min_comment_length']) {
        $errorMessages .= $LANG_GF02['msg18'] . '<br/>';
        $okToSave = false;
    }
    // CAPTCHA check
    if (function_exists('plugin_itemPreSave_captcha') && $okToSave == true) {
        if (!isset($postData['captcha'])) {
            $postData['captcha'] = '';
        }
        $msg = plugin_itemPreSave_captcha('forum', $postData['captcha']);
        if ($msg != '') {
            $errorMessages .= $msg . '<br/>';
            $okToSave = false;
        }
    }
    // spamx check
    if ($_FF_CONF['use_spamx_filter'] == 1 && $okToSave == true) {
        // Check for SPAM
        $spamcheck = '<h1>' . $postData['subject'] . '</h1><p>' . $postData['comment'] . '</p>';
        $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']);
        // Now check the result and redirect to index.php if spam action was taken
        if ($result > 0) {
            // then tell them to get lost ...
            $errorMessages .= $LANG_GF02['spam_detected'];
            $okToSave = false;
        }
    }
    if ($_FF_CONF['use_sfs'] == 1 && COM_isAnonUser() && function_exists('plugin_itemPreSave_spamx')) {
        $spamCheckData = array('username' => $postData['name'], 'email' => $email, 'ip' => $REMOTE_ADDR);
        $msg = plugin_itemPreSave_spamx('forum', $spamCheckData);
        if ($msg) {
            $errorMessages .= $msg;
            $okToSave = false;
        }
    }
    if ($okToSave == false) {
        $retval .= _ff_alertMessage($errorMessages, $LANG_GF01['ERROR'], '&nbsp;');
        return array(false, $retval);
    }
    if ($okToSave == true) {
        if (!isset($postData['postmode_switch'])) {
            $postData['postmode_switch'] = 0;
        }
        $postmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']);
        // validate postmode
        if ($postmode == 'html' || $postmode == 'HTML') {
            if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
                $postmode = 'html';
            } else {
                $postmode = 'text';
            }
        }
        $subject = _ff_preparefordb(strip_tags($postData['subject']), 'text');
        $comment = _ff_preparefordb($postData['comment'], $postmode);
        $mood = isset($postData['mood']) ? COM_applyFilter($postData['mood']) : '';
        $id = COM_applyFilter($postData['id'], true);
        $forum = COM_applyFilter($postData['forum'], true);
        $notify = isset($postData['notify']) ? COM_applyFilter($postData['notify']) : '';
        $status = 0;
        if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) {
            $status += DISABLE_BBCODE;
        }
        if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) {
            $status += DISABLE_SMILIES;
        }
        if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) {
            $status += DISABLE_URLPARSE;
        }
        // If user has moderator edit rights only
        $locked = 0;
        $sticky = 0;
        if (isset($postData['modedit']) && $postData['modedit'] == 1) {
            if (isset($postData['locked_switch']) && $postData['locked_switch'] == 1) {
                $locked = 1;
            }
            if (isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) {
                $sticky = 1;
            }
        }
        if ($action == 'savetopic') {
            $fields = "forum,name,email,date,lastupdated,subject,comment,postmode,ip,mood,uid,pid,sticky,locked,status";
            $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
            $sql .= "VALUES (" . (int) $forum . "," . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'" . DB_escapeString($date) . "'," . "'" . $subject . "'," . "'" . $comment . "'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . "0," . (int) $sticky . "," . (int) $locked . "," . (int) $status . ")";
            DB_query($sql);
            // Find the id of the last inserted topic
            list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
            $savedPostID = $lastid;
            $topicPID = $lastid;
            /* Check for any uploaded files - during add of new topic */
            $uploadErrors = _ff_check4files($lastid);
            // Check and see if there are no [file] bbcode tags in content and reset the show_inline value
            // This is needed in case user had used the file bbcode tag and then removed it
            $imagerecs = '';
            $imagerecs = implode(',', $forumfiles);
            $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid . " ";
            if ($imagerecs != '') {
                $sql .= "AND id NOT IN ({$imagerecs})";
            }
            DB_query($sql);
            // Update forums record
            DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, topic_count=topic_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
            if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
                DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $lastid);
            }
            DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
        } else {
            if ($action == 'savereply') {
                $fields = "name,email,date,subject,comment,postmode,ip,mood,uid,pid,forum,status";
                $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
                $sql .= "VALUES  (" . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'{$subject}'," . "'{$comment}'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . (int) $id . "," . (int) $forum . "," . (int) $status . ")";
                DB_query($sql);
                // Find the id of the last inserted topic
                list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
                $savedPostID = $lastid;
                $topicPID = $id;
                /* Check for any uploaded files  - during adding reply post */
                $uploadErrors = _ff_check4files($lastid);
                // Check and see if there are no [file] bbcode tags in content and reset the show_inline value
                // This is needed in case user had used the file bbcode tag and then removed it
                $imagerecs = '';
                $imagerecs = implode(',', $forumfiles);
                $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid;
                if ($imagerecs != '') {
                    $sql .= " AND id NOT IN ({$imagerecs})";
                }
                DB_query($sql);
                DB_query("UPDATE {$_TABLES['ff_topic']} SET replies=replies+1, lastupdated='" . DB_escapeString($date) . "',last_reply_rec=" . (int) $lastid . " WHERE id=" . (int) $id);
                DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
                if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
                    DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $id);
                }
                DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
            } elseif ($action == 'saveedit') {
                $sql = "UPDATE {$_TABLES['ff_topic']} SET " . "subject='{$subject}'," . "comment='{$comment}'," . "postmode='" . DB_escapeString($postmode) . "'," . "mood='" . DB_escapeString($mood) . "'," . "sticky=" . (int) $sticky . "," . "locked=" . (int) $locked . "," . "status=" . (int) $status . " " . "WHERE (id=" . (int) $editid . ")";
                DB_query($sql);
                /* Check for any uploaded files  - during save of edit */
                $uploadErrors = _ff_check4files($editid);
                // Check and see if there are no [file] bbcode tags in content and reset the show_inline value
                // This is needed in case user had used the file bbcode tag and then removed it
                $imagerecs = '';
                $imagerecs = implode(',', $forumfiles);
                $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $editid . " ";
                if ($imagerecs != '') {
                    $sql .= "AND id NOT IN ({$imagerecs})";
                }
                DB_query($sql);
                $topicPID = DB_getITEM($_TABLES['ff_topic'], "pid", "id=" . (int) $editid);
                if ($topicPID == 0) {
                    $topicPID = $editid;
                }
                $savedPostID = $editid;
                if ($postData['silentedit'] != 1) {
                    DB_query("UPDATE {$_TABLES['ff_topic']} SET lastupdated='" . DB_escapeString($date) . "' WHERE id=" . (int) $topicPID);
                    //Remove any lastviewed records in the log so that the new updated topic indicator will appear
                    DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
                }
                if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $editid)) {
                    DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $topicPID);
                }
                $topicparent = $topicPID;
            }
        }
        COM_updateSpeedLimit('forum');
        PLG_itemSaved($savedPostID, 'forum');
        CACHE_remove_instance('forumcb');
        if (!COM_isAnonUser()) {
            //NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic
            $nid = -$topicPID;
            $currentForumNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id=0 AND uid=" . (int) $uid);
            $currentTopicNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($topicPID) . "' AND uid=" . (int) $uid);
            $currentTopicUnNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($nid) . "' AND uid=" . (int) $uid);
            $forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum);
            $topic_name = $subject;
            if ($notify == 'on' and ($currentForumNotifyRecID < 1 and $currentTopicNotifyRecID < 1)) {
                $sql = "INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) ";
                $sql .= "VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($topicPID) . "','" . $subject . "'," . (int) $uid . ",now() )";
                DB_query($sql);
            } elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) {
                // Had un-subcribed to topic and now wants to subscribe
                DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $currentTopicUnNotifyRecID);
            } elseif ($notify == '' and $currentTopicNotifyRecID > 1) {
                // Subscribed to topic - but does not want to be notified anymore
                DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
            } elseif ($notify == '' and $currentForumNotifyRecID > 1) {
                // Subscribed to forum - but does not want to be notified about this topic
                DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
                DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($nid) . "'");
                DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($nid) . "','" . $subject . "'," . (int) $uid . ",now() )");
            }
        }
        if ($action != 'saveedit') {
            _ff_chknotifications($forum, $savedPostID, $uid);
        }
        $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topicPID . '&topic=' . $savedPostID . '#' . $savedPostID;
        if ($uploadErrors != '') {
            $autorefresh = false;
        } else {
            $autorefresh = true;
        }
        $retval .= FF_statusMessage($uploadErrors . $LANG_GF02['msg19'], $link, $LANG_GF02['msg19'], false, '', $autorefresh);
    } else {
        $retval .= _ff_alertMessage($LANG_GF02['msg18']);
    }
    return array(true, $retval);
}