public function create() { //hacking attempt if ($_POST['end_of_line'] != "") { exit; } if (isset($_POST['title']) && isset($_POST['cat']) && isset($_POST['imesg']) && isset($_POST['omesg'])) { $catid = (int) $_POST['cat']; $category = new \CODOF\Forum\Category($this->db); if (!$category->exists($catid) || !$category->canCreateTopicIn($catid)) { exit(_t("No such category exists!")); } $post = new \CODOF\Forum\Post($this->db); $topic = new \CODOF\Forum\Topic($this->db); $notifier = new \CODOF\Forum\Notification\Notifier(); $subscriber = new \CODOF\Forum\Notification\Subscriber(); $title = \CODOF\Format::title($_POST['title']); $filter = new \CODOF\SpamFilter(); $needsModeration = false; $sticky = $_POST['sticky'] === "true" ? 'yes' : 'no'; $frontpage = $_POST['frontpage'] === "true" ? 'yes' : 'no'; if ($filter->isSpam($_POST['imesg'])) { $needsModeration = true; } $user = \CODOF\User\User::get(); if ($sticky == 'yes' && $user->can('make sticky')) { if ($frontpage == 'yes') { $tid = $topic->ins_topic($catid, $title, $needsModeration, \CODOF\Forum\Forum::STICKY); } else { $tid = $topic->ins_topic($catid, $title, $needsModeration, \CODOF\Forum\Forum::STICKY_ONLY_CATEGORY); } } else { $tid = $topic->ins_topic($catid, $title, $needsModeration, \CODOF\Forum\Forum::APPROVED); } $pid = $post->ins_post($catid, $tid, $_POST['imesg'], $_POST['omesg']); $topic->link_topic_post($pid, $tid); //get any @mentions from the topic post $mentions = $subscriber->getMentions($_POST['imesg']); //get userids from mentions that actually exists in the database $ids = $subscriber->getIdsThatExisits($mentions); //subscribe self to topic as a Subscriber::NOTIFIED $subscriber->toTopic($catid, $tid, \CODOF\Forum\Notification\Subscriber::$NOTIFIED); //if post was inserted successfully if ($pid) { $topicData = array("label" => 'New topic', "cid" => $catid, "tid" => $tid, "tuid" => $user->id, "pid" => $pid, "mentions" => $ids, "message" => \CODOF\Util::start_cut(\CODOF\Format::imessage($_POST['imesg']), 120), "notification" => "%actor% created <b>%title%</b>", "bindings" => array("title" => \CODOF\Util::start_cut($title, 100))); $notifier->queueNotify('new_topic', $topicData); //$notifier->dequeueNotify(); \CODOF\Hook::call('after_topic_insert', $topicData); } //insert tags if any present in the topic if (isset($_POST['tags']) && $user->can('add tags')) { //the method does the filtering $topic->insertTags($tid, $_POST['tags']); } echo json_encode(array('tid' => $tid)); } }
public function ins_topics($topic_info, $pid, $use_passed_pid) { $cats = array(); $i = 0; $defs = array("last_post_id" => 0, "topic_updated" => 0); foreach ($topic_info as $cat) { $cats[$i] = $this->set_value($cat, $defs); $cats[$i] += $cat; //$cats[$i]['topic_id'] = $tid; if ($use_passed_pid) { $cats[$i]['post_id'] = ++$pid; } $cats[$i]['title'] = Format::title($cat['title']); //does all last post details exist ? if (\CODOF\Util::is_set($cat, array('last_post_id', 'last_post_uid', 'last_post_name', 'last_post_time'))) { //correct last post time if ($cat['last_post_time'] == null || $cat['last_post_time'] == 0) { $cats[$i]['last_post_time'] = $cat['topic_created']; } } else { $cats[$i]['last_post_id'] = 0; $cats[$i]['last_post_uid'] = NULL; $cats[$i]['last_post_name'] = NULL; $cats[$i]['last_post_time'] = $cat['topic_created']; } if (isset($cat['no_views'])) { $cats[$i]['no_views'] = $cat['no_views']; } else { $cats[$i]['no_views'] = 0; } $i++; } // var_dump($cats); $attrs = array("topic_id", "title", "cat_id", "post_id", "uid", "last_post_id", "last_post_uid", "last_post_name", "topic_created", "topic_updated", "last_post_time", "no_views"); $qry = $this->prepare_ins_qry($cats, $attrs, "codo_topics"); $this->query .= $qry; return $pid; }
/** * * Edits current topic */ public function edit_topic($cid, $tid, $pid, $title, $imessage, $omessage, $topic_status = Forum::APPROVED) { $tid = (int) $tid; $pid = (int) $pid; $title = \CODOF\Format::title($title); $qry = 'UPDATE ' . PREFIX . 'codo_topics SET cat_id=:cat_id, title=:title, topic_updated=:time, topic_status=:topic_status ' . 'WHERE topic_id=:tid'; $t_stmt = $this->db->prepare($qry); $t_stmt->execute(array(":cat_id" => $cid, ":title" => $title, ":time" => time(), ":tid" => $tid, ":topic_status" => $topic_status)); $qry = 'UPDATE ' . PREFIX . 'codo_posts SET cat_id=:cat_id,imessage=:imesg, omessage=:omesg,' . 'post_modified=:time WHERE post_id=:pid'; $p_stmt = $this->db->prepare($qry); $p_stmt->execute(array(":cat_id" => $cid, ":imesg" => \CODOF\Format::imessage($imessage), ":omesg" => \CODOF\Format::omessage($omessage), ":time" => time(), ":pid" => $pid)); }