function post($subj, $body, $re = 0, $msg_id = 0, $ticket = "", $nsfw = false, $to)
{
global $err_login, $logged_in, $ban, $ip, $agent, $user_id, $content_nsfw;
$err = validate($subj, $body, $to);
if (strlen($err) != 0) {
return $err;
} else {
if (!$logged_in || $ban) {
// just in case
return "User not logged in or banned from forum";
}
}
$chars = 0;
$content_flags = 0;
if (!is_null($body) && strlen($body) != 0) {
$chars = strlen(utf8_decode($body));
$length = strlen($body);
if (stristr(render_for_display($body), "<img style")) {
$content_flags |= 2;
}
$new_body = render_for_db($body);
$has_video = false;
before_bbcode($body, $has_video);
if ($has_video || preg_match('/id="[a-z]*-video"/', $new_body)) {
$content_flags |= 4;
}
$ibody = '\'' . mysql_escape_string($new_body) . '\'';
} else {
$ibody = "''";
}
if (isset($nsfw) && $nsfw !== false) {
$content_flags |= $content_nsfw;
}
if (isset($to)) {
$query = 'SELECT id from confa_users where username=\'' . mysql_escape_string($to) . '\' and status != 2';
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
$row = mysql_fetch_assoc($result);
$to_id = $row['id'];
if (is_null($to_id)) {
return "No such recipient";
}
}
if (strlen($ticket) > 0) {
$query = 'INSERT into confa_tickets(ticket) values(\'' . $ticket . '\')';
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'This is duplicated post (ticket ' . $ticket . ')';
}
}
if (isset($to_id)) {
// send pmail
$query = 'INSERT INTO confa_pm(sender, receiver, subject, body, chars) values(' . $user_id . ', ' . $to_id . ', \'' . mysql_escape_string($subj) . '\', ' . $ibody . ', ' . $chars . ')';
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
$id = mysql_insert_id();
update_new_pm_count($to_id);
return array("id" => $id);
} else {
if (isset($msg_id) && $msg_id > 0) {
// update existing post
$query = 'SELECT p.subject, p.body, p.status, p.author, p.created, p.thread_id, p.level, p.closed as post_closed, p.id, t.closed as thread_closed, ( select max(page) from confa_threads) - t.page + 1 as page from confa_posts p, confa_threads t where t.id=p.thread_id and p.id=' . $msg_id;
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
if (mysql_num_rows($result) == 0) {
return "Message not found";
}
$row = mysql_fetch_assoc($result);
$thread_id = $row['thread_id'];
$old_subject = $row['subject'];
$old_body = $row['body'];
$closed = !is_null($row['post_closed']) && $row['post_closed'] > 0 || !is_null($row['thread_closed']) && $row['thread_closed'] > 0;
if ($closed || $row['status'] != 1 || !can_edit_post($row['author'], $row['created'], $user_id, $msg_id)) {
return 'Modifications to this post are not allowed.';
}
if (strcmp($old_subject, $subj) != 0 || strcmp($old_body, $new_body) != 0) {
// create a new version
$query = 'INSERT INTO confa_versions (parent, subject, body, created, chars, IP, user_agent, views, content_flags) ' . ' SELECT id, subject, body, IF(ISNULL(modified), created, modified), chars, IP, user_agent, views, content_flags FROM confa_posts WHERE id=' . $msg_id;
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
}
// update post
$query = 'UPDATE confa_posts SET subject=\'' . mysql_escape_string($subj) . '\',body=' . $ibody . ',modified=now(),ip=' . $ip . ',user_agent=' . $agent . ',content_flags=' . $content_flags . ', chars=' . $chars . ',views=0 WHERE id=' . $msg_id;
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
return array("id" => $msg_id);
} else {
if ($re == 0) {
// create new thread
$query = 'select sum(counter) as cnt, page from confa_threads group by page desc limit 1';
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
$row = mysql_fetch_assoc($result);
$last_page = $row['page'];
if ($row['cnt'] > 200) {
$last_page++;
}
if (is_null($last_page)) {
$last_page = 1;
}
$query = 'INSERT INTO confa_threads(author, page) values(' . $user_id . ', ' . $last_page . ')';
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
$thread_id = mysql_insert_id();
$query = 'INSERT INTO confa_posts(status, parent, author, subject, body, created, thread_id, chars, auth, ip, user_agent, content_flags) values(1, 0, ' . $user_id . ',\'' . mysql_escape_string($subj) . '\', ' . $ibody . ', now(), ' . $thread_id . ', ' . $chars . ', 1, ' . $ip . ', ' . $agent . ', ' . $content_flags . ')';
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
$id = mysql_insert_id();
$query = "UPDATE confa_users set status = 1 where id=" . $user_id;
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
return array("id" => $id, "thread_id" => $thread_id);
} else {
// respond to an existing post
$query = 'SELECT p.thread_id, p.level, p.closed as post_closed, p.id, t.closed as thread_closed, ( select max(page) from confa_threads) - t.page + 1 as page from confa_posts p, confa_threads t where t.id=p.thread_id and p.id=' . $re;
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
if (mysql_num_rows($result) != 0) {
$row = mysql_fetch_assoc($result);
if (!is_null($row['post_closed']) && $row['post_closed'] > 0 || !is_null($row['thread_closed']) && $row['thread_closed'] > 0) {
return 'Replies to this post are disabled.';
}
$msg_page = $row['page'];
if (is_null($msg_page)) {
$msg_page = 1;
}
$thread_id = $row['thread_id'];
$level = $row['level'];
$level++;
$query = 'UPDATE confa_threads set counter=counter+1 where id=' . $thread_id;
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
} else {
return 'Cannot find parent for msg=' . $re;
}
$query = 'INSERT INTO confa_posts(status, parent, level, author, subject, body, created, thread_id, chars, auth, ip, user_agent, content_flags) values( 1, ' . $re . ', ' . $level . ', ' . $user_id . ',\'' . mysql_escape_string($subj) . '\', ' . $ibody . ', now(), ' . $thread_id . ', ' . $chars . ', 1, ' . $ip . ', ' . $agent . ', ' . $content_flags . ')';
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
$id = mysql_insert_id();
// wtf is this for?
$query = "UPDATE confa_users set status = 1 where id=" . $user_id;
$result = mysql_query($query);
if (!$result) {
mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
return 'Query failed';
}
return array("id" => $id);
}
}
}
return "";
}
print " | ";
if ($reply_closed) {
print '<a target="bottom" href="' . $root_dir . $page_msg . '?id=' . $msg_id . '&action=openthread">Open Thread</a>';
} else {
print '<a target="bottom" href="' . $root_dir . $page_msg . '?id=' . $msg_id . '&action=closethread">Close Thread</a>';
}
}
if (intval($revisions) > 0) {
print " | ";
print '<a href="javascript:revisions_on();">Revisions</a>';
}
if ($user_id != $auth_id) {
print " | ";
print '<a target="bottom" href="javascript:report_on();">Report</a><span id="report" style="display:none;"> as <a target="bottom" href="' . $root_dir . $page_msg . '?id=' . $msg_id . '&action=report&mode=nsfw">NSFW</a> or <a target="bottom" href="' . $root_dir . $page_msg . '?id=' . $msg_id . '&action=report&mode=boyan">Repetitive</a></span>';
}
if (!$reply_closed && can_edit_post($auth_id, $created_ts, $user_id, $msg_id)) {
print " | ";
if (!is_null($parent) && $parent != 0) {
print '<a target="bottom" href="' . $root_dir . $page_new . '?id=' . $msg_id . '?&re=' . $parent . '">Edit</a>';
} else {
print '<a target="bottom" href="' . $root_dir . $page_new . '?id=' . $msg_id . '">Edit</a>';
}
}
}
// !is_null($user)
if (!is_null($moder) && $moder > 0) {
print ' <a target="bottom" href="javascript:toggleDiv(\'moderate\');"><font color="green">>></font></a> <SPAN STYLE="background-color: #FFE0E0; display:none;" id="moderate">[ ';
if ($msg_status == 3) {
print '<a href="' . $root_dir . 'modcensor.php' . '?action=uncensor&id=' . $msg_id . '"><font color="green">Uncensor message</font></A> |';
} else {
print '<a href="' . $root_dir . 'modcensor.php' . '?action=censor&id=' . $msg_id . '"><font color="green">Censor message</font></A> |';
$post_closed = true;
}
if (!is_null($row['thread_closed']) && $row['thread_closed'] > 0) {
$thread_closed = true;
}
if ($thread_closed || $post_closed) {
$reply_closed = true;
}
if ($content_flags & $content_nsfw) {
$nsfw = true;
}
$title = 'Edit message';
$body = $row['body'];
$subj = $row['subject'];
mysql_free_result($result);
if ($msg_status != 1 || !can_edit_post($auth_id, $created, $user_id, $msg_id)) {
header('Location: ' . $root_dir . $page_msg . '?id=' . $msg_id, TRUE, 302);
die('Failed to edit the message. Message is not yours, has been answered or deleted/censored. Better luck next time!');
}
} else {
die('No such message');
}
}
?>
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.6/styles/default.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.6/highlight.min.js"></script>
<script type="text/javascript" src="http://mod.postimage.org/website-english-hotlink-family.js" charset="utf-8"></script>
<base target="bottom">
</head>
<body onload="javascript:var subj = document.getElementById('subj'); addEvent(subj,'focus',function(){ this.selectionStart = this.selectionEnd = this.value.length;}); subj.focus();">
<?php