} $post['sticky'] = $post['op'] && isset($_POST['sticky']); $post['locked'] = $post['op'] && isset($_POST['lock']); $post['raw'] = isset($_POST['raw']); if ($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri'])) { error($config['error']['noaccess']); } if ($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri'])) { error($config['error']['noaccess']); } if ($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri'])) { error($config['error']['noaccess']); } } if (!$post['mod']) { $post['antispam_hash'] = checkSpam(array($board['uri'], isset($post['thread']) ? $post['thread'] : ($config['try_smarter'] && isset($_POST['page']) ? 0 - (int) $_POST['page'] : null))); if ($post['antispam_hash'] === true && $config['enable_antibot']) { error($config['error']['spam']); } } if ($config['robot_enable'] && $config['robot_mute']) { checkMute(); } //Check if thread exists if (!$post['op']) { $query = prepare(sprintf("SELECT `sticky`,`locked`,`cycle`,`sage` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $post['thread'], PDO::PARAM_INT); $query->execute() or error(db_error()); if (!($thread = $query->fetch(PDO::FETCH_ASSOC))) { // Non-existant error($config['error']['nonexistant']);
echo '<form name="f1" action="' . $PHP_SELF . '" method="post" style="margin:0px">'; echo "<b>Table {$tbl_name} doesn't exist. Create it now?</b><br><br>"; echo '<input type="radio" name="create" value="yes" onClick="document.f1.submit()">yes '; echo '<input type="radio" name="create" value="no" onClick="document.f1.submit()">no'; echo '</form></div>'; } } } else { if ($admin && $admin != $_SESSION['sb_admin']) { $error = $msg['wrongPass']; } else { if (is_admin() && $delete) { $error = delete_entry($delete); } else { if ($sbText) { if (checkSpam($sbID, -1, $sbName, $sbEMail, '', $sbText, '', $sbSpr)) { $error = $msg['noSpam']; } else { $error = new_entry($sbName, $sbEMail, $sbText); } } } } if ($error) { echo '<div class="cssShoutError">' . $error . '</div>'; } $User = $_SESSION['Name']; $Level = $_SESSION['Level']; read_entries($User, $Level); } ?>
// Send formatted post to client $postData = posts2send($newPostResult); // var_dump($postData); returnJSON('post', $postData); } else { if ($_POST['action'] == 'editPost') { $clientIp = $_SERVER['REMOTE_ADDR'] == '::1' ? '00000000' : encode_ip($_SERVER['REMOTE_ADDR']); $forumId = mysqli_real_escape_string($db, $_POST['forumId']); $postId = mysqli_real_escape_string($db, $_POST['postId']); $usersForumId = mysqli_real_escape_string($db, $_COOKIE['usersForumId']); $forumUser = mysqli_real_escape_string($db, $_POST['forumUser']); $forumMessage = mysqli_real_escape_string($db, htmlentities($_POST['forumMessage'])); $forumMessage = $emojione->toShort($forumMessage); $postTime = time(); // Check for spam checkSpam($clientIp, $forumUser, $forumMessage); // Copy previous post to deleted forum $backupSQL = "INSERT INTO `forum_posts`(`parent_id`, `forum`, `users_forum_id`, `sender`, `post_time`, `message`, `ipaddress`, `length1`, `length2`)\n SELECT `parent_id`, 0, `users_forum_id`, `sender`, `post_time`, `message`, `ipaddress`, `length1`, `length2` FROM `forum_posts` WHERE `id` = {$postId}"; $updateSQL = "UPDATE `forum_posts` SET `message` = '{$forumMessage}', `ipaddress` = '{$clientIp}' WHERE `id` = {$postId}"; if (!mysqli_query($db, $backupSQL) || !mysqli_query($db, $updateSQL)) { $errorData = mysqli_error($db); returnJSON('error', $errorData); } header("Location: forum/" . $forumId . "#" . $postId); } else { if ($_POST['action'] == 'updateLikeCount') { $postId = mysqli_real_escape_string($db, $_POST['postId']); $usersForumId = mysqli_real_escape_string($db, $_COOKIE['usersForumId']); mysqli_query($db, "INSERT INTO forum_plusone (`message`,`cookie`) VALUES ({$postId},'{$usersForumId}')"); } else { if ($_POST['action'] == 'sendNotifications') {
error($config['error']['noboard']); } // Check if banned checkBan($board['uri']); // Check for CAPTCHA right after opening the board so the "return" link is in there if ($config['recaptcha']) { if (!isset($_POST['recaptcha_challenge_field']) || !isset($_POST['recaptcha_response_field'])) { error($config['error']['bot']); } // Check what reCAPTCHA has to say... $resp = recaptcha_check_answer($config['recaptcha_private'], $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); if (!$resp->is_valid) { error($config['error']['captcha']); } } if (checkSpam(array($board['uri'], isset($post['thread']) ? $post['thread'] : null))) { error($config['error']['spam']); } if ($config['robot_enable'] && $config['robot_mute']) { checkMute(); } //Check if thread exists if (!$OP) { $query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $post['thread'], PDO::PARAM_INT); $query->execute() or error(db_error()); if (!($thread = $query->fetch())) { // Non-existant error($config['error']['nonexistant']); } }
error($config['error']['notamod']); } $post['sticky'] = $post['op'] && isset($_POST['sticky']); $post['locked'] = $post['op'] && isset($_POST['lock']); $post['raw'] = isset($_POST['raw']); if ($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri'])) { error($config['error']['noaccess']); } if ($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri'])) { error($config['error']['noaccess']); } if ($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri'])) { error($config['error']['noaccess']); } } if (!$post['mod'] && checkSpam(array($board['uri'], isset($post['thread']) && !($config['quick_reply'] && isset($_POST['quick-reply'])) ? $post['thread'] : null))) { error($config['error']['spam']); } if ($config['robot_enable'] && $config['robot_mute']) { checkMute(); } //Check if thread exists if (!$post['op']) { $query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $post['thread'], PDO::PARAM_INT); $query->execute() or error(db_error()); if (!($thread = $query->fetch())) { // Non-existant error($config['error']['nonexistant']); } }
} $post['sticky'] = $post['op'] && isset($_POST['sticky']); $post['locked'] = $post['op'] && isset($_POST['lock']); $post['raw'] = isset($_POST['raw']); if ($post['sticky'] && !hasPermission($config['mod']['sticky'], $board['uri'])) { error($config['error']['noaccess']); } if ($post['locked'] && !hasPermission($config['mod']['lock'], $board['uri'])) { error($config['error']['noaccess']); } if ($post['raw'] && !hasPermission($config['mod']['rawhtml'], $board['uri'])) { error($config['error']['noaccess']); } } if (!$post['mod']) { $post['antispam_hash'] = checkSpam(array($board['uri'], isset($post['thread']) && !($config['quick_reply'] && isset($_POST['quick-reply'])) ? $post['thread'] : null)); if ($post['antispam_hash'] === true) { error($config['error']['spam']); } } if ($config['robot_enable'] && $config['robot_mute']) { checkMute(); } //Check if thread exists if (!$post['op']) { $query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $post['thread'], PDO::PARAM_INT); $query->execute() or error(db_error()); if (!($thread = $query->fetch())) { // Non-existant error($config['error']['nonexistant']);