Exemplo n.º 1
0
function post($subj, $body, $re = 0, $msg_id = 0, $ticket = "", $nsfw = false, $to)
{
    global $err_login, $logged_in, $ban, $ip, $agent, $user_id, $content_nsfw;
    $err = validate($subj, $body, $to);
    if (strlen($err) != 0) {
        return $err;
    } else {
        if (!$logged_in || $ban) {
            // just in case
            return "User not logged in or banned from forum";
        }
    }
    $chars = 0;
    $content_flags = 0;
    if (!is_null($body) && strlen($body) != 0) {
        $chars = strlen(utf8_decode($body));
        $length = strlen($body);
        if (stristr(render_for_display($body), "<img style")) {
            $content_flags |= 2;
        }
        $new_body = render_for_db($body);
        $has_video = false;
        before_bbcode($body, $has_video);
        if ($has_video || preg_match('/id="[a-z]*-video"/', $new_body)) {
            $content_flags |= 4;
        }
        $ibody = '\'' . mysql_escape_string($new_body) . '\'';
    } else {
        $ibody = "''";
    }
    if (isset($nsfw) && $nsfw !== false) {
        $content_flags |= $content_nsfw;
    }
    if (isset($to)) {
        $query = 'SELECT id from confa_users where username=\'' . mysql_escape_string($to) . '\' and status != 2';
        $result = mysql_query($query);
        if (!$result) {
            mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
            return 'Query failed';
        }
        $row = mysql_fetch_assoc($result);
        $to_id = $row['id'];
        if (is_null($to_id)) {
            return "No such recipient";
        }
    }
    if (strlen($ticket) > 0) {
        $query = 'INSERT into confa_tickets(ticket) values(\'' . $ticket . '\')';
        $result = mysql_query($query);
        if (!$result) {
            mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
            return 'This is duplicated post (ticket ' . $ticket . ')';
        }
    }
    if (isset($to_id)) {
        // send pmail
        $query = 'INSERT INTO confa_pm(sender, receiver, subject, body, chars) values(' . $user_id . ', ' . $to_id . ', \'' . mysql_escape_string($subj) . '\', ' . $ibody . ', ' . $chars . ')';
        $result = mysql_query($query);
        if (!$result) {
            mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
            return 'Query failed';
        }
        $id = mysql_insert_id();
        update_new_pm_count($to_id);
        return array("id" => $id);
    } else {
        if (isset($msg_id) && $msg_id > 0) {
            // update existing post
            $query = 'SELECT p.subject, p.body, p.status, p.author, p.created, p.thread_id, p.level, p.closed as post_closed, p.id, t.closed as thread_closed, ( select max(page) from confa_threads) - t.page + 1 as page from confa_posts p, confa_threads t where t.id=p.thread_id and p.id=' . $msg_id;
            $result = mysql_query($query);
            if (!$result) {
                mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                return 'Query failed';
            }
            if (mysql_num_rows($result) == 0) {
                return "Message not found";
            }
            $row = mysql_fetch_assoc($result);
            $thread_id = $row['thread_id'];
            $old_subject = $row['subject'];
            $old_body = $row['body'];
            $closed = !is_null($row['post_closed']) && $row['post_closed'] > 0 || !is_null($row['thread_closed']) && $row['thread_closed'] > 0;
            if ($closed || $row['status'] != 1 || !can_edit_post($row['author'], $row['created'], $user_id, $msg_id)) {
                return 'Modifications to this post are not allowed.';
            }
            if (strcmp($old_subject, $subj) != 0 || strcmp($old_body, $new_body) != 0) {
                // create a new version
                $query = 'INSERT INTO confa_versions (parent, subject, body, created, chars, IP, user_agent, views, content_flags) ' . ' SELECT id, subject, body, IF(ISNULL(modified), created, modified), chars, IP, user_agent, views, content_flags FROM confa_posts WHERE id=' . $msg_id;
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
            }
            // update post
            $query = 'UPDATE confa_posts SET subject=\'' . mysql_escape_string($subj) . '\',body=' . $ibody . ',modified=now(),ip=' . $ip . ',user_agent=' . $agent . ',content_flags=' . $content_flags . ', chars=' . $chars . ',views=0 WHERE id=' . $msg_id;
            $result = mysql_query($query);
            if (!$result) {
                mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                return 'Query failed';
            }
            return array("id" => $msg_id);
        } else {
            if ($re == 0) {
                // create new thread
                $query = 'select sum(counter) as cnt, page from confa_threads group by page desc limit 1';
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                $row = mysql_fetch_assoc($result);
                $last_page = $row['page'];
                if ($row['cnt'] > 200) {
                    $last_page++;
                }
                if (is_null($last_page)) {
                    $last_page = 1;
                }
                $query = 'INSERT INTO confa_threads(author, page) values(' . $user_id . ', ' . $last_page . ')';
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                $thread_id = mysql_insert_id();
                $query = 'INSERT INTO confa_posts(status, parent, author, subject, body, created, thread_id, chars, auth, ip, user_agent, content_flags) values(1, 0, ' . $user_id . ',\'' . mysql_escape_string($subj) . '\', ' . $ibody . ', now(), ' . $thread_id . ', ' . $chars . ', 1, ' . $ip . ', ' . $agent . ', ' . $content_flags . ')';
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                $id = mysql_insert_id();
                $query = "UPDATE confa_users set status = 1 where id=" . $user_id;
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                return array("id" => $id, "thread_id" => $thread_id);
            } else {
                // respond to an existing post
                $query = 'SELECT p.thread_id, p.level, p.closed as post_closed, p.id, t.closed as thread_closed, ( select max(page) from confa_threads) - t.page + 1 as page from confa_posts p, confa_threads t where t.id=p.thread_id and p.id=' . $re;
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                if (mysql_num_rows($result) != 0) {
                    $row = mysql_fetch_assoc($result);
                    if (!is_null($row['post_closed']) && $row['post_closed'] > 0 || !is_null($row['thread_closed']) && $row['thread_closed'] > 0) {
                        return 'Replies to this post are disabled.';
                    }
                    $msg_page = $row['page'];
                    if (is_null($msg_page)) {
                        $msg_page = 1;
                    }
                    $thread_id = $row['thread_id'];
                    $level = $row['level'];
                    $level++;
                    $query = 'UPDATE confa_threads set counter=counter+1 where id=' . $thread_id;
                    $result = mysql_query($query);
                    if (!$result) {
                        mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                        return 'Query failed';
                    }
                } else {
                    return 'Cannot find parent for msg=' . $re;
                }
                $query = 'INSERT INTO confa_posts(status, parent, level, author, subject, body, created, thread_id, chars, auth, ip, user_agent, content_flags) values( 1, ' . $re . ', ' . $level . ', ' . $user_id . ',\'' . mysql_escape_string($subj) . '\', ' . $ibody . ', now(), ' . $thread_id . ', ' . $chars . ', 1, ' . $ip . ', ' . $agent . ', ' . $content_flags . ')';
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                $id = mysql_insert_id();
                // wtf is this for?
                $query = "UPDATE confa_users set status = 1 where id=" . $user_id;
                $result = mysql_query($query);
                if (!$result) {
                    mysql_log(__FILE__, 'query failed ' . mysql_error() . ' QUERY: ' . $query);
                    return 'Query failed';
                }
                return array("id" => $id);
            }
        }
    }
    return "";
}
Exemplo n.º 2
0
        print " | ";
        if ($reply_closed) {
            print '<a target="bottom" href="' . $root_dir . $page_msg . '?id=' . $msg_id . '&action=openthread">Open&nbsp;Thread</a>';
        } else {
            print '<a target="bottom" href="' . $root_dir . $page_msg . '?id=' . $msg_id . '&action=closethread">Close&nbsp;Thread</a>';
        }
    }
    if (intval($revisions) > 0) {
        print " | ";
        print '<a href="javascript:revisions_on();">Revisions</a>';
    }
    if ($user_id != $auth_id) {
        print " | ";
        print '<a target="bottom" href="javascript:report_on();">Report</a><span id="report" style="display:none;"> as <a target="bottom" href="' . $root_dir . $page_msg . '?id=' . $msg_id . '&action=report&mode=nsfw">NSFW</a> or <a target="bottom" href="' . $root_dir . $page_msg . '?id=' . $msg_id . '&action=report&mode=boyan">Repetitive</a></span>';
    }
    if (!$reply_closed && can_edit_post($auth_id, $created_ts, $user_id, $msg_id)) {
        print " | ";
        if (!is_null($parent) && $parent != 0) {
            print '<a target="bottom" href="' . $root_dir . $page_new . '?id=' . $msg_id . '?&re=' . $parent . '">Edit</a>';
        } else {
            print '<a target="bottom" href="' . $root_dir . $page_new . '?id=' . $msg_id . '">Edit</a>';
        }
    }
}
// !is_null($user)
if (!is_null($moder) && $moder > 0) {
    print '&nbsp;&nbsp;<a target="bottom" href="javascript:toggleDiv(\'moderate\');"><font color="green">&gt;&gt;</font></a>&nbsp;<SPAN STYLE="background-color: #FFE0E0; display:none;" id="moderate">[ ';
    if ($msg_status == 3) {
        print '<a href="' . $root_dir . 'modcensor.php' . '?action=uncensor&id=' . $msg_id . '"><font color="green">Uncensor&nbsp;message</font></A> |';
    } else {
        print '<a href="' . $root_dir . 'modcensor.php' . '?action=censor&id=' . $msg_id . '"><font color="green">Censor&nbsp;message</font></A> |';
Exemplo n.º 3
0
            $post_closed = true;
        }
        if (!is_null($row['thread_closed']) && $row['thread_closed'] > 0) {
            $thread_closed = true;
        }
        if ($thread_closed || $post_closed) {
            $reply_closed = true;
        }
        if ($content_flags & $content_nsfw) {
            $nsfw = true;
        }
        $title = 'Edit message';
        $body = $row['body'];
        $subj = $row['subject'];
        mysql_free_result($result);
        if ($msg_status != 1 || !can_edit_post($auth_id, $created, $user_id, $msg_id)) {
            header('Location: ' . $root_dir . $page_msg . '?id=' . $msg_id, TRUE, 302);
            die('Failed to edit the message. Message is not yours, has been answered or deleted/censored. Better luck next time!');
        }
    } else {
        die('No such message');
    }
}
?>
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.6/styles/default.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.6/highlight.min.js"></script>
<script type="text/javascript" src="http://mod.postimage.org/website-english-hotlink-family.js" charset="utf-8"></script>
<base target="bottom">
</head>
<body onload="javascript:var subj = document.getElementById('subj'); addEvent(subj,'focus',function(){ this.selectionStart = this.selectionEnd = this.value.length;}); subj.focus();">
<?php