function loggedin($db)
{
do {
echo "\n***************************************************\n";
echo "\n Enter 1 to post a question\n";
echo "\n Enter 2 to Answer a question\n";
echo " \n Enter 3 to vote Posts\n";
echo "\n Enter 0 to quit\n";
echo "\n***************************************************\n";
fscanf(STDIN, "%d\n", $val);
switch ($val) {
case 1:
createPost();
break;
case 2:
answerPost();
break;
case 3:
castVote();
break;
default:
echo "You entered other number\n";
break;
}
} while ($val != 0);
}
function recursiveParseArray($array)
{
static $recurseLevel = 0;
$recurseLevel++;
if ($recurseLevel > 90) {
print var_dump($array);
die(wfBacktrace());
}
global $subject, $rootPost;
if (is_array($array) && isset($array['title'])) {
$subject = $array['title'];
recursiveParseArray($array['content']);
$rootPost = null;
} elseif (is_array($array) && isset($array['user'])) {
// We have a post.
$t = createPost($array, $subject, $rootPost);
if (!$rootPost) {
$rootPost = $t;
}
} elseif (is_array($array)) {
foreach ($array as $info) {
recursiveParseArray($info);
}
$rootPost = null;
}
$recurseLevel--;
}
/**
* Prepare some test data, to use in these tests.
* setUp() is run automatically by the testing framework before each test method.
*/
function setUp()
{
// make sure a topic exists
require_once SUBSDIR . '/Post.subs.php';
// post variables
$msgOptions = array('id' => 0, 'subject' => 'Test poll topic', 'smileys_enabled' => true, 'body' => 'This is a test poll.', 'attachments' => array(), 'approved' => 1);
$topicOptions = array('id' => 0, 'board' => 1, 'mark_as_read' => false);
$posterOptions = array('id' => 1, 'name' => 'test', 'email' => '*****@*****.**', 'update_post_count' => false, 'ip' => '');
// Attempt to make the new topic.
createPost($msgOptions, $topicOptions, $posterOptions);
// Keep id of the new topic.
$this->id_topic = $topicOptions['id'];
}
/**
* Post a message at the end of the original topic
*
* @param string $reason the text that will become the message body
* @param string $subject the text that will become the message subject
* @param mixed[] $board_info some board informations (at least id, name, if posts are counted)
* @param string $new_topic used to buld the url for moving to a new topic
*/
function postSplitRedirect($reason, $subject, $board_info, $new_topic)
{
global $scripturl, $user_info, $language, $txt, $topic, $board;
// Should be in the boardwide language.
if ($user_info['language'] != $language) {
loadLanguage('index', $language);
}
preparsecode($reason);
// Add a URL onto the message.
$reason = strtr($reason, array($txt['movetopic_auto_board'] => '[url=' . $scripturl . '?board=' . $board_info['id'] . '.0]' . $board_info['name'] . '[/url]', $txt['movetopic_auto_topic'] => '[iurl]' . $scripturl . '?topic=' . $new_topic . '.0[/iurl]'));
$msgOptions = array('subject' => $txt['split'] . ': ' . strtr(Util::htmltrim(Util::htmlspecialchars($subject)), array("\r" => '', "\n" => '', "\t" => '')), 'body' => $reason, 'icon' => 'moved', 'smileys_enabled' => 1);
$topicOptions = array('id' => $topic, 'board' => $board, 'mark_as_read' => true);
$posterOptions = array('id' => $user_info['id'], 'update_post_count' => empty($board_info['count_posts']));
createPost($msgOptions, $topicOptions, $posterOptions);
}
<?php
require MODELES . 'membres/checkAdmin.php';
if (checkAdmin()) {
require MODELES . '/faq/getPosts.php';
if (isset($_GET['id']) && $_GET['id'] == 'new') {
// si on a posté le formulaire :
if (!empty($_POST)) {
require MODELES . 'backoffice/createPost.php';
if ($postId = createPost($_POST['question'], $_POST['reponse'])) {
$message = 'Nouvelle entrée créée avec succès !';
} else {
$message = 'Oups ! Une erreur s\'est produite...';
}
$post = ['id' => $postId, 'question' => $_POST['question'], 'reponse' => $_POST['reponse']];
} else {
$post = ['id' => 'new', 'question' => '', 'reponse' => ''];
}
} else {
if (isset($_GET['id']) && ($post = getPosts($_GET['id']))) {
// si on a posté le formulaire :
if (!empty($_POST)) {
require MODELES . 'backoffice/setPost.php';
if (setPost($_GET['id'], $_POST['question'], $_POST['reponse'])) {
$message = 'La modification a été effectuée !';
} else {
$message = 'Oups ! Une erreur s\'est produite...';
}
}
$post = getPosts($_GET['id']);
} else {
function DoWelcomePost($memberName = '', $memberID = 0)
{
global $smcFunc, $modSettings, $sourcedir;
if (empty($memberName)) {
$result = $smcFunc['db_query']('', "\n\t\tSELECT \n\t\t\treal_name \n\t\tFROM {db_prefix}members \n\t\tWHERE ID_MEMBER = {$memberID} LIMIT 1");
$memRow = $smcFunc['db_fetch_assoc']($result);
$smcFunc['db_free_result']($result);
$memberName = $memRow['real_name'];
}
require_once $sourcedir . '/Subs-Post.php';
if ($modSettings['welcome_boardid'] != 0) {
$result = $smcFunc['db_query']('', "\n\t\tSELECT \n\t\t\twelcomesubject, welcomebody \n\t\tFROM {db_prefix}welcome \n\t\t ORDER BY RAND() LIMIT 1");
if ($smcFunc['db_num_rows']($result) != 0) {
$row2 = $smcFunc['db_fetch_assoc']($result);
$msgOptions = array('id' => 0, 'subject' => str_replace("[username]", $memberName, $row2['welcomesubject']), 'body' => str_replace("[username]", $memberName, $row2['welcomebody']), 'icon' => 'xx', 'smileys_enabled' => 1, 'attachments' => array());
$topicOptions = array('id' => 0, 'board' => $modSettings['welcome_boardid'], 'poll' => null, 'lock_mode' => null, 'sticky_mode' => null, 'mark_as_read' => false);
$posterOptions = array('id' => $modSettings['welcome_memberid'], 'name' => $modSettings['welcome_membername'], 'email' => '', 'update_post_count' => $modSettings['welcome_memberid'] == 0 ? 0 : 1);
createPost($msgOptions, $topicOptions, $posterOptions);
}
$smcFunc['db_free_result']($result);
}
}
/**
* Create a new topic by email
*
* What it does:
* - Called by pbe_topic to create a new topic or by pbe_main to create a new topic via a subject change
* - checks posting permissions, but requires all email validation checks are complete
* - Calls pbe_load_text to prepare text for the post
* - Uses createPost to do the actual "posting"
* - Calls sendNotifications to announce the new post
* - Calls query_update_member_stats to show they did something
* - Requires the pbe, email_message and board_info arrays to be populated.
*
* @package Maillist
* @param mixed[] $pbe array of pbe 'user_info' values
* @param Email_Parse $email_message
* @param mixed[] $board_info
*/
function pbe_create_topic($pbe, $email_message, $board_info)
{
global $txt, $modSettings;
// It does not work like that
if (empty($pbe) || empty($email_message)) {
return false;
}
// We have the board info, and their permissions - do they have a right to start a new topic?
$becomesApproved = true;
if (!$pbe['user_info']['is_admin']) {
if (!in_array('postby_email', $pbe['user_info']['permissions'])) {
return pbe_emailError('error_permission', $email_message);
} elseif ($modSettings['postmod_active'] && in_array('post_unapproved_topics', $pbe['user_info']['permissions']) && !in_array('post_new', $pbe['user_info']['permissions'])) {
$becomesApproved = false;
} elseif (!in_array('post_new', $pbe['user_info']['permissions'])) {
return pbe_emailError('error_cant_start', $email_message);
}
}
// Approving all new topics by email anyway, smart admin this one is ;)
if (!empty($modSettings['maillist_newtopic_needsapproval'])) {
$becomesApproved = false;
}
// First on the agenda the subject
$subject = pbe_clean_email_subject($email_message->subject);
$subject = strtr(Util::htmlspecialchars($subject), array("\r" => '', "\n" => '', "\t" => ''));
// Not to long not to short
if (Util::strlen($subject) > 100) {
$subject = Util::substr($subject, 0, 100);
} elseif ($subject == '') {
return pbe_emailError('error_no_subject', $email_message);
}
// The message itself will need a bit of work
$html = $email_message->html_found;
$text = pbe_load_text($html, $email_message, $pbe);
if (empty($text)) {
return pbe_emailError('error_no_message', $email_message);
}
// Build the attachment array if needed
if (!empty($email_message->attachments) && !empty($modSettings['maillist_allow_attachments']) && !empty($modSettings['attachmentEnable']) && $modSettings['attachmentEnable'] == 1) {
if ($modSettings['postmod_active'] && in_array('post_unapproved_attachments', $pbe['user_info']['permissions']) || in_array('post_attachment', $pbe['user_info']['permissions'])) {
$attachIDs = pbe_email_attachments($pbe, $email_message);
} else {
$text .= "\n\n" . $txt['error_no_attach'] . "\n";
}
}
// If we get to this point ... then its time to play, lets start a topic !
require_once SUBSDIR . '/Post.subs.php';
// Setup the topic variables.
$msgOptions = array('id' => 0, 'subject' => $subject, 'smileys_enabled' => true, 'body' => $text, 'attachments' => empty($attachIDs) ? array() : $attachIDs, 'approved' => $becomesApproved);
$topicOptions = array('id' => 0, 'board' => $board_info['id_board'], 'mark_as_read' => false);
$posterOptions = array('id' => $pbe['profile']['id_member'], 'name' => $pbe['profile']['real_name'], 'email' => $pbe['profile']['email_address'], 'update_post_count' => empty($board_info['count_posts']), 'ip' => isset($email_message->ip) ? $email_message->ip : $pbe['profile']['member_ip']);
// Attempt to make the new topic.
createPost($msgOptions, $topicOptions, $posterOptions);
// The auto_notify setting
$theme_settings = query_get_theme($pbe['profile']['id_member'], $pbe['profile']['id_theme'], $board_info);
$auto_notify = isset($theme_settings['auto_notify']) ? $theme_settings['auto_notify'] : 0;
// Notifications on or off
query_notifications($pbe['profile']['id_member'], $board_info['id_board'], $topicOptions['id'], $auto_notify, $pbe['user_info']['permissions']);
// Notify members who have notification turned on for this, (if it's approved)
if ($becomesApproved) {
require_once SUBSDIR . '/Notification.subs.php';
sendNotifications($topicOptions['id'], 'reply', array(), array(), $pbe);
}
// Update this users info so the log shows them as active
query_update_member_stats($pbe, $email_message, $topicOptions);
return true;
}
$_POST['editor1'] = trim($_POST['editor1']);
//validation
if ($_POST['title'] == '') {
$error['title'] = 'Title is blank, please add one';
$form_valid = false;
} elseif (strlen($_POST['title']) > 25) {
$error['title'] = 'Title too long, keep it simple!';
$form_valid = false;
}
if ($_POST['editor1'] == '') {
$error['editor1'] = 'You have not entered any content! Try again yeh...?';
$form_valid = false;
}
// action taken if form filled in correctly...
if ($form_valid == true) {
createPost($_SESSION['userId'], $_POST['title'], $_POST['editor1'], $_POST['category']);
// variables set to createPost function for insertion into db...
header('Location: ?page=cmsUpdated&goto=cmsPostsTable');
}
}
include VIEWS . 'contentCMSCreate.php';
break;
case 'update':
if (!empty($_POST)) {
$form_valid = true;
// sanitization...
$_POST['title'] = trim($_POST['title']);
$_POST['editor1'] = trim($_POST['editor1']);
//validation
if ($_POST['title'] == '') {
$error['title'] = 'Title is blank, please add one';
<?php require './post.php'; $wall = $_POST['wall']; $title = $_POST['title']; $content = $_POST['content']; createPost($wall, $title, $content);
$title = qa_post_text('title');
$content = qa_post_text('content');
$city = qa_post_text('city');
//城市分类
$postid = @$_POST['postid'];
//帖子id,如果创建帖子则为空
$istop = qa_post_text('istop');
//是否置顶。。
$isbase = @$_POST['isbase'];
//isbase为1:基础知识,2:相关技巧
$ishot = @$_POST['ishot'];
$citysub = @$_POST['citysub'];
//citysub为城市子类
$class = @$_POST['class'];
if (!$postid) {
$insert = createPost($title, $content, $city, $citysub, $class, $istop, $isbase, $ishot);
} else {
if (@$_POST['from'] == 'console') {
// $update = updatePost($postid,$title,$content,$city,$district,$security,$istop,$isbase,$ishot);
updatePost($postid, null, null, $city, $citysub, $class, $isbase, $istop, $ishot);
echo '1';
} else {
$update = updatePost($postid, $title, $content, $city, $citysub, $class, $isbase, $istop, $ishot);
}
}
qa_redirect_raw('console_page.php');
}
if (qa_post_text('doask')) {
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
$errors = array();
$doask = qa_post_text('doask');
function Post2()
{
global $board, $topic, $txt, $modSettings, $sourcedir, $context;
global $user_info, $board_info, $options, $smcFunc;
// Sneaking off, are we?
if (empty($_POST) && empty($topic)) {
redirectexit('action=post;board=' . $board . '.0');
} elseif (empty($_POST) && !empty($topic)) {
redirectexit('action=post;topic=' . $topic . '.0');
}
// No need!
$context['robot_no_index'] = true;
// If we came from WYSIWYG then turn it back into BBC regardless.
if (!empty($_REQUEST['message_mode']) && isset($_REQUEST['message'])) {
require_once $sourcedir . '/Subs-Editor.php';
$_REQUEST['message'] = html_to_bbc($_REQUEST['message']);
// We need to unhtml it now as it gets done shortly.
$_REQUEST['message'] = un_htmlspecialchars($_REQUEST['message']);
// We need this for everything else.
$_POST['message'] = $_REQUEST['message'];
}
// Previewing? Go back to start.
if (isset($_REQUEST['preview'])) {
return Post();
}
// Prevent double submission of this form.
checkSubmitOnce('check');
// No errors as yet.
$post_errors = array();
// If the session has timed out, let the user re-submit their form.
if (checkSession('post', '', false) != '') {
$post_errors[] = 'session_timeout';
}
// Wrong verification code?
if (!$user_info['is_admin'] && !$user_info['is_mod'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || $user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1)) {
require_once $sourcedir . '/Subs-Editor.php';
$verificationOptions = array('id' => 'post');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
$post_errors = array_merge($post_errors, $context['require_verification']);
}
}
require_once $sourcedir . '/Subs-Post.php';
loadLanguage('Post');
// If this isn't a new topic load the topic info that we need.
if (!empty($topic)) {
$request = $smcFunc['db_query']('', '
SELECT locked, is_sticky, id_poll, approved, id_first_msg, id_last_msg, id_member_started, id_board
FROM {db_prefix}topics
WHERE id_topic = {int:current_topic}
LIMIT 1', array('current_topic' => $topic));
$topic_info = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Though the topic should be there, it might have vanished.
if (!is_array($topic_info)) {
fatal_lang_error('topic_doesnt_exist');
}
// Did this topic suddenly move? Just checking...
if ($topic_info['id_board'] != $board) {
fatal_lang_error('not_a_topic');
}
}
// Replying to a topic?
if (!empty($topic) && !isset($_REQUEST['msg'])) {
// Don't allow a post if it's locked.
if ($topic_info['locked'] != 0 && !allowedTo('moderate_board')) {
fatal_lang_error('topic_locked', false);
}
// Sorry, multiple polls aren't allowed... yet. You should stop giving me ideas :P.
if (isset($_REQUEST['poll']) && $topic_info['id_poll'] > 0) {
unset($_REQUEST['poll']);
}
// Do the permissions and approval stuff...
$becomesApproved = true;
if ($topic_info['id_member_started'] != $user_info['id']) {
if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_any') && !allowedTo('post_reply_any')) {
$becomesApproved = false;
} else {
isAllowedTo('post_reply_any');
}
} elseif (!allowedTo('post_reply_any')) {
if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_own') && !allowedTo('post_reply_own')) {
$becomesApproved = false;
} else {
isAllowedTo('post_reply_own');
}
}
if (isset($_POST['lock'])) {
// Nothing is changed to the lock.
if (empty($topic_info['locked']) && empty($_POST['lock']) || !empty($_POST['lock']) && !empty($topic_info['locked'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
// You cannot override a moderator lock.
if ($topic_info['locked'] == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
// So you wanna (un)sticky this...let's see.
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || $_POST['sticky'] == $topic_info['is_sticky'] || !allowedTo('make_sticky'))) {
unset($_POST['sticky']);
}
// If the number of replies has changed, if the setting is enabled, go back to Post() - which handles the error.
if (empty($options['no_new_reply_warning']) && isset($_POST['last_msg']) && $topic_info['id_last_msg'] > $_POST['last_msg']) {
$_REQUEST['preview'] = true;
return Post();
}
$posterIsGuest = $user_info['is_guest'];
} elseif (empty($topic)) {
// Now don't be silly, new topics will get their own id_msg soon enough.
unset($_REQUEST['msg'], $_POST['msg'], $_GET['msg']);
// Do like, the permissions, for safety and stuff...
$becomesApproved = true;
if ($modSettings['postmod_active'] && !allowedTo('post_new') && allowedTo('post_unapproved_topics')) {
$becomesApproved = false;
} else {
isAllowedTo('post_new');
}
if (isset($_POST['lock'])) {
// New topics are by default not locked.
if (empty($_POST['lock'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own'))) {
unset($_POST['lock']);
} else {
$_POST['lock'] = allowedTo('lock_any') ? 1 : 2;
}
}
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || empty($_POST['sticky']) || !allowedTo('make_sticky'))) {
unset($_POST['sticky']);
}
$posterIsGuest = $user_info['is_guest'];
} elseif (isset($_REQUEST['msg']) && !empty($topic)) {
$_REQUEST['msg'] = (int) $_REQUEST['msg'];
$request = $smcFunc['db_query']('', '
SELECT id_member, poster_name, poster_email, poster_time, approved
FROM {db_prefix}messages
WHERE id_msg = {int:id_msg}
LIMIT 1', array('id_msg' => $_REQUEST['msg']));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('cant_find_messages', false);
}
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
if (!empty($topic_info['locked']) && !allowedTo('moderate_board')) {
fatal_lang_error('topic_locked', false);
}
if (isset($_POST['lock'])) {
// Nothing changes to the lock status.
if (empty($_POST['lock']) && empty($topic_info['locked']) || !empty($_POST['lock']) && !empty($topic_info['locked'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
// You're not allowed to break a moderator's lock.
if ($topic_info['locked'] == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
// Change the sticky status of this topic?
if (isset($_POST['sticky']) && (!allowedTo('make_sticky') || $_POST['sticky'] == $topic_info['is_sticky'])) {
unset($_POST['sticky']);
}
if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) {
if ((!$modSettings['postmod_active'] || $row['approved']) && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) {
fatal_lang_error('modify_post_time_passed', false);
} elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_own')) {
isAllowedTo('modify_replies');
} else {
isAllowedTo('modify_own');
}
} elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_any')) {
isAllowedTo('modify_replies');
// If you're modifying a reply, I say it better be logged...
$moderationAction = true;
} else {
isAllowedTo('modify_any');
// Log it, assuming you're not modifying your own post.
if ($row['id_member'] != $user_info['id']) {
$moderationAction = true;
}
}
$posterIsGuest = empty($row['id_member']);
// Can they approve it?
$can_approve = allowedTo('approve_posts');
$becomesApproved = $modSettings['postmod_active'] ? $can_approve && !$row['approved'] ? !empty($_REQUEST['approve']) ? 1 : 0 : $row['approved'] : 1;
$approve_has_changed = $row['approved'] != $becomesApproved;
if (!allowedTo('moderate_forum') || !$posterIsGuest) {
$_POST['guestname'] = $row['poster_name'];
$_POST['email'] = $row['poster_email'];
}
}
// If the poster is a guest evaluate the legality of name and email.
if ($posterIsGuest) {
$_POST['guestname'] = !isset($_POST['guestname']) ? '' : trim($_POST['guestname']);
$_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']);
if ($_POST['guestname'] == '' || $_POST['guestname'] == '_') {
$post_errors[] = 'no_name';
}
if ($smcFunc['strlen']($_POST['guestname']) > 25) {
$post_errors[] = 'long_name';
}
if (empty($modSettings['guest_post_no_email'])) {
// Only check if they changed it!
if (!isset($row) || $row['poster_email'] != $_POST['email']) {
if (!allowedTo('moderate_forum') && (!isset($_POST['email']) || $_POST['email'] == '')) {
$post_errors[] = 'no_email';
}
if (!allowedTo('moderate_forum') && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['email']) == 0) {
$post_errors[] = 'bad_email';
}
}
// Now make sure this email address is not banned from posting.
isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
}
// In case they are making multiple posts this visit, help them along by storing their name.
if (empty($post_errors)) {
$_SESSION['guest_name'] = $_POST['guestname'];
$_SESSION['guest_email'] = $_POST['email'];
}
}
// Check the subject and message.
if (!isset($_POST['subject']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['subject'])) === '') {
$post_errors[] = 'no_subject';
}
if (!isset($_POST['message']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['message']), ENT_QUOTES) === '') {
$post_errors[] = 'no_message';
} elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_POST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
} else {
// Prepare the message a bit for some additional testing.
$_POST['message'] = $smcFunc['htmlspecialchars']($_POST['message'], ENT_QUOTES);
// Preparse code. (Zef)
if ($user_info['is_guest']) {
$user_info['name'] = $_POST['guestname'];
}
preparsecode($_POST['message']);
// Let's see if there's still some content left without the tags.
if ($smcFunc['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($_POST['message'], '[html]') === false)) {
$post_errors[] = 'no_message';
}
}
if (isset($_POST['calendar']) && !isset($_REQUEST['deleteevent']) && $smcFunc['htmltrim']($_POST['evtitle']) === '') {
$post_errors[] = 'no_event';
}
// You are not!
if (isset($_POST['message']) && strtolower($_POST['message']) == 'i am the administrator.' && !$user_info['is_admin']) {
fatal_error('Knave! Masquerader! Charlatan!', false);
}
// Validate the poll...
if (isset($_REQUEST['poll']) && $modSettings['pollMode'] == '1') {
if (!empty($topic) && !isset($_REQUEST['msg'])) {
fatal_lang_error('no_access', false);
}
// This is a new topic... so it's a new poll.
if (empty($topic)) {
isAllowedTo('poll_post');
} elseif ($user_info['id'] == $topic_info['id_member_started'] && !allowedTo('poll_add_any')) {
isAllowedTo('poll_add_own');
} else {
isAllowedTo('poll_add_any');
}
if (!isset($_POST['question']) || trim($_POST['question']) == '') {
$post_errors[] = 'no_question';
}
$_POST['options'] = empty($_POST['options']) ? array() : htmltrim__recursive($_POST['options']);
// Get rid of empty ones.
foreach ($_POST['options'] as $k => $option) {
if ($option == '') {
unset($_POST['options'][$k], $_POST['options'][$k]);
}
}
// What are you going to vote between with one choice?!?
if (count($_POST['options']) < 2) {
$post_errors[] = 'poll_few';
}
}
if ($posterIsGuest) {
// If user is a guest, make sure the chosen name isn't taken.
require_once $sourcedir . '/Subs-Members.php';
if (isReservedName($_POST['guestname'], 0, true, false) && (!isset($row['poster_name']) || $_POST['guestname'] != $row['poster_name'])) {
$post_errors[] = 'bad_name';
}
} elseif (!isset($_REQUEST['msg'])) {
$_POST['guestname'] = $user_info['username'];
$_POST['email'] = $user_info['email'];
}
// Any mistakes?
if (!empty($post_errors)) {
loadLanguage('Errors');
// Previewing.
$_REQUEST['preview'] = true;
$context['post_error'] = array('messages' => array());
foreach ($post_errors as $post_error) {
$context['post_error'][$post_error] = true;
if ($post_error == 'long_message') {
$txt['error_' . $post_error] = sprintf($txt['error_' . $post_error], $modSettings['max_messageLength']);
}
$context['post_error']['messages'][] = $txt['error_' . $post_error];
}
return Post();
}
// Make sure the user isn't spamming the board.
if (!isset($_REQUEST['msg'])) {
spamProtection('post');
}
// At about this point, we're posting and that's that.
ignore_user_abort(true);
@set_time_limit(300);
// Add special html entities to the subject, name, and email.
$_POST['subject'] = strtr($smcFunc['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
$_POST['guestname'] = htmlspecialchars($_POST['guestname']);
$_POST['email'] = htmlspecialchars($_POST['email']);
// At this point, we want to make sure the subject isn't too long.
if ($smcFunc['strlen']($_POST['subject']) > 100) {
$_POST['subject'] = $smcFunc['substr']($_POST['subject'], 0, 100);
}
// Make the poll...
if (isset($_REQUEST['poll'])) {
// Make sure that the user has not entered a ridiculous number of options..
if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) {
$_POST['poll_max_votes'] = 1;
} elseif ($_POST['poll_max_votes'] > count($_POST['options'])) {
$_POST['poll_max_votes'] = count($_POST['options']);
} else {
$_POST['poll_max_votes'] = (int) $_POST['poll_max_votes'];
}
$_POST['poll_expire'] = (int) $_POST['poll_expire'];
$_POST['poll_expire'] = $_POST['poll_expire'] > 9999 ? 9999 : ($_POST['poll_expire'] < 0 ? 0 : $_POST['poll_expire']);
// Just set it to zero if it's not there..
if (!isset($_POST['poll_hide'])) {
$_POST['poll_hide'] = 0;
} else {
$_POST['poll_hide'] = (int) $_POST['poll_hide'];
}
$_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0;
$_POST['poll_guest_vote'] = isset($_POST['poll_guest_vote']) ? 1 : 0;
// Make sure guests are actually allowed to vote generally.
if ($_POST['poll_guest_vote']) {
require_once $sourcedir . '/Subs-Members.php';
$allowedVoteGroups = groupsAllowedTo('poll_vote', $board);
if (!in_array(-1, $allowedVoteGroups['allowed'])) {
$_POST['poll_guest_vote'] = 0;
}
}
// If the user tries to set the poll too far in advance, don't let them.
if (!empty($_POST['poll_expire']) && $_POST['poll_expire'] < 1) {
fatal_lang_error('poll_range_error', false);
} elseif (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) {
$_POST['poll_hide'] = 1;
}
// Clean up the question and answers.
$_POST['question'] = htmlspecialchars($_POST['question']);
$_POST['question'] = $smcFunc['truncate']($_POST['question'], 255);
$_POST['question'] = preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', $_POST['question']);
$_POST['options'] = htmlspecialchars__recursive($_POST['options']);
}
// Check if they are trying to delete any current attachments....
if (isset($_REQUEST['msg'], $_POST['attach_del']) && (allowedTo('post_attachment') || $modSettings['postmod_active'] && allowedTo('post_unapproved_attachments'))) {
$del_temp = array();
foreach ($_POST['attach_del'] as $i => $dummy) {
$del_temp[$i] = (int) $dummy;
}
require_once $sourcedir . '/ManageAttachments.php';
$attachmentQuery = array('attachment_type' => 0, 'id_msg' => (int) $_REQUEST['msg'], 'not_id_attach' => $del_temp);
removeAttachments($attachmentQuery);
}
// ...or attach a new file...
if (isset($_FILES['attachment']['name']) || !empty($_SESSION['temp_attachments']) && empty($_POST['from_qr'])) {
// Verify they can post them!
if (!$modSettings['postmod_active'] || !allowedTo('post_unapproved_attachments')) {
isAllowedTo('post_attachment');
}
// Make sure we're uploading to the right place.
if (!empty($modSettings['currentAttachmentUploadDir'])) {
if (!is_array($modSettings['attachmentUploadDir'])) {
$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
}
// The current directory, of course!
$current_attach_dir = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
} else {
$current_attach_dir = $modSettings['attachmentUploadDir'];
}
// If this isn't a new post, check the current attachments.
if (isset($_REQUEST['msg'])) {
$request = $smcFunc['db_query']('', '
SELECT COUNT(*), SUM(size)
FROM {db_prefix}attachments
WHERE id_msg = {int:id_msg}
AND attachment_type = {int:attachment_type}', array('id_msg' => (int) $_REQUEST['msg'], 'attachment_type' => 0));
list($quantity, $total_size) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
} else {
$quantity = 0;
$total_size = 0;
}
if (!empty($_SESSION['temp_attachments'])) {
foreach ($_SESSION['temp_attachments'] as $attachID => $name) {
if (preg_match('~^post_tmp_' . $user_info['id'] . '_\\d+$~', $attachID) == 0) {
continue;
}
if (!empty($_POST['attach_del']) && !in_array($attachID, $_POST['attach_del'])) {
unset($_SESSION['temp_attachments'][$attachID]);
@unlink($current_attach_dir . '/' . $attachID);
continue;
}
$_FILES['attachment']['tmp_name'][] = $attachID;
$_FILES['attachment']['name'][] = $name;
$_FILES['attachment']['size'][] = filesize($current_attach_dir . '/' . $attachID);
list($_FILES['attachment']['width'][], $_FILES['attachment']['height'][]) = @getimagesize($current_attach_dir . '/' . $attachID);
unset($_SESSION['temp_attachments'][$attachID]);
}
}
if (!isset($_FILES['attachment']['name'])) {
$_FILES['attachment']['tmp_name'] = array();
}
$attachIDs = array();
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
if ($_FILES['attachment']['name'][$n] == '') {
continue;
}
// Have we reached the maximum number of files we are allowed?
$quantity++;
if (!empty($modSettings['attachmentNumPerPostLimit']) && $quantity > $modSettings['attachmentNumPerPostLimit']) {
checkSubmitOnce('free');
fatal_lang_error('attachments_limit_per_post', false, array($modSettings['attachmentNumPerPostLimit']));
}
// Check the total upload size for this post...
$total_size += $_FILES['attachment']['size'][$n];
if (!empty($modSettings['attachmentPostLimit']) && $total_size > $modSettings['attachmentPostLimit'] * 1024) {
checkSubmitOnce('free');
fatal_lang_error('file_too_big', false, array($modSettings['attachmentPostLimit']));
}
$attachmentOptions = array('post' => isset($_REQUEST['msg']) ? $_REQUEST['msg'] : 0, 'poster' => $user_info['id'], 'name' => $_FILES['attachment']['name'][$n], 'tmp_name' => $_FILES['attachment']['tmp_name'][$n], 'size' => $_FILES['attachment']['size'][$n], 'approved' => !$modSettings['postmod_active'] || allowedTo('post_attachment'));
if (createAttachment($attachmentOptions)) {
$attachIDs[] = $attachmentOptions['id'];
if (!empty($attachmentOptions['thumb'])) {
$attachIDs[] = $attachmentOptions['thumb'];
}
} else {
if (in_array('could_not_upload', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_lang_error('attach_timeout', 'critical');
}
if (in_array('too_large', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_lang_error('file_too_big', false, array($modSettings['attachmentSizeLimit']));
}
if (in_array('bad_extension', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_error($attachmentOptions['name'] . '.<br />' . $txt['cant_upload_type'] . ' ' . $modSettings['attachmentExtensions'] . '.', false);
}
if (in_array('directory_full', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_lang_error('ran_out_of_space', 'critical');
}
if (in_array('bad_filename', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_error(basename($attachmentOptions['name']) . '.<br />' . $txt['restricted_filename'] . '.', 'critical');
}
if (in_array('taken_filename', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_lang_error('filename_exists');
}
if (in_array('bad_attachment', $attachmentOptions['errors'])) {
checkSubmitOnce('free');
fatal_lang_error('bad_attachment');
}
}
}
}
// Make the poll...
if (isset($_REQUEST['poll'])) {
// Create the poll.
$smcFunc['db_insert']('', '{db_prefix}polls', array('question' => 'string-255', 'hide_results' => 'int', 'max_votes' => 'int', 'expire_time' => 'int', 'id_member' => 'int', 'poster_name' => 'string-255', 'change_vote' => 'int', 'guest_vote' => 'int'), array($_POST['question'], $_POST['poll_hide'], $_POST['poll_max_votes'], empty($_POST['poll_expire']) ? 0 : time() + $_POST['poll_expire'] * 3600 * 24, $user_info['id'], $_POST['guestname'], $_POST['poll_change_vote'], $_POST['poll_guest_vote']), array('id_poll'));
$id_poll = $smcFunc['db_insert_id']('{db_prefix}polls', 'id_poll');
// Create each answer choice.
$i = 0;
$pollOptions = array();
foreach ($_POST['options'] as $option) {
$pollOptions[] = array($id_poll, $i, $option);
$i++;
}
$smcFunc['db_insert']('insert', '{db_prefix}poll_choices', array('id_poll' => 'int', 'id_choice' => 'int', 'label' => 'string-255'), $pollOptions, array('id_poll', 'id_choice'));
} else {
$id_poll = 0;
}
// Creating a new topic?
$newTopic = empty($_REQUEST['msg']) && empty($topic);
$_POST['icon'] = !empty($attachIDs) && $_POST['icon'] == 'xx' ? 'clip' : $_POST['icon'];
// Collect all parameters for the creation or modification of a post.
$msgOptions = array('id' => empty($_REQUEST['msg']) ? 0 : (int) $_REQUEST['msg'], 'subject' => $_POST['subject'], 'body' => $_POST['message'], 'icon' => preg_replace('~[\\./\\\\*:"\'<>]~', '', $_POST['icon']), 'smileys_enabled' => !isset($_POST['ns']), 'attachments' => empty($attachIDs) ? array() : $attachIDs, 'approved' => $becomesApproved);
$topicOptions = array('id' => empty($topic) ? 0 : $topic, 'board' => $board, 'poll' => isset($_REQUEST['poll']) ? $id_poll : null, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true, 'is_approved' => !$modSettings['postmod_active'] || empty($topic) || !empty($board_info['cur_topic_approved']));
$posterOptions = array('id' => $user_info['id'], 'name' => $_POST['guestname'], 'email' => $_POST['email'], 'update_post_count' => !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count']);
// This is an already existing message. Edit it.
if (!empty($_REQUEST['msg'])) {
// Have admins allowed people to hide their screwups?
if (time() - $row['poster_time'] > $modSettings['edit_wait_time'] || $user_info['id'] != $row['id_member']) {
$msgOptions['modify_time'] = time();
$msgOptions['modify_name'] = $user_info['name'];
}
// This will save some time...
if (empty($approve_has_changed)) {
unset($msgOptions['approved']);
}
modifyPost($msgOptions, $topicOptions, $posterOptions);
} else {
createPost($msgOptions, $topicOptions, $posterOptions);
if (isset($topicOptions['id'])) {
$topic = $topicOptions['id'];
}
}
// Editing or posting an event?
if (isset($_POST['calendar']) && (!isset($_REQUEST['eventid']) || $_REQUEST['eventid'] == -1)) {
require_once $sourcedir . '/Subs-Calendar.php';
// Make sure they can link an event to this post.
canLinkEvent();
// Insert the event.
$eventOptions = array('board' => $board, 'topic' => $topic, 'title' => $_POST['evtitle'], 'member' => $user_info['id'], 'start_date' => sprintf('%04d-%02d-%02d', $_POST['year'], $_POST['month'], $_POST['day']), 'span' => isset($_POST['span']) && $_POST['span'] > 0 ? min((int) $modSettings['cal_maxspan'], (int) $_POST['span'] - 1) : 0);
insertEvent($eventOptions);
} elseif (isset($_POST['calendar'])) {
$_REQUEST['eventid'] = (int) $_REQUEST['eventid'];
// Validate the post...
require_once $sourcedir . '/Subs-Calendar.php';
validateEventPost();
// If you're not allowed to edit any events, you have to be the poster.
if (!allowedTo('calendar_edit_any')) {
// Get the event's poster.
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}calendar
WHERE id_event = {int:id_event}', array('id_event' => $_REQUEST['eventid']));
$row2 = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Silly hacker, Trix are for kids. ...probably trademarked somewhere, this is FAIR USE! (parody...)
isAllowedTo('calendar_edit_' . ($row2['id_member'] == $user_info['id'] ? 'own' : 'any'));
}
// Delete it?
if (isset($_REQUEST['deleteevent'])) {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}calendar
WHERE id_event = {int:id_event}', array('id_event' => $_REQUEST['eventid']));
} else {
$span = !empty($modSettings['cal_allowspan']) && !empty($_REQUEST['span']) ? min((int) $modSettings['cal_maxspan'], (int) $_REQUEST['span'] - 1) : 0;
$start_time = mktime(0, 0, 0, (int) $_REQUEST['month'], (int) $_REQUEST['day'], (int) $_REQUEST['year']);
$smcFunc['db_query']('', '
UPDATE {db_prefix}calendar
SET end_date = {date:end_date},
start_date = {date:start_date},
title = {string:title}
WHERE id_event = {int:id_event}', array('end_date' => strftime('%Y-%m-%d', $start_time + $span * 86400), 'start_date' => strftime('%Y-%m-%d', $start_time), 'id_event' => $_REQUEST['eventid'], 'title' => $smcFunc['htmlspecialchars']($_REQUEST['evtitle'], ENT_QUOTES)));
}
updateSettings(array('calendar_updated' => time()));
}
// Marking read should be done even for editing messages....
// Mark all the parents read. (since you just posted and they will be unread.)
if (!$user_info['is_guest'] && !empty($board_info['parent_boards'])) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_boards
SET id_msg = {int:id_msg}
WHERE id_member = {int:current_member}
AND id_board IN ({array_int:board_list})', array('current_member' => $user_info['id'], 'board_list' => array_keys($board_info['parent_boards']), 'id_msg' => $modSettings['maxMsgID']));
}
// Turn notification on or off. (note this just blows smoke if it's already on or off.)
if (!empty($_POST['notify']) && allowedTo('mark_any_notify')) {
$smcFunc['db_insert']('ignore', '{db_prefix}log_notify', array('id_member' => 'int', 'id_topic' => 'int', 'id_board' => 'int'), array($user_info['id'], $topic, 0), array('id_member', 'id_topic', 'id_board'));
} elseif (!$newTopic) {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}log_notify
WHERE id_member = {int:current_member}
AND id_topic = {int:current_topic}', array('current_member' => $user_info['id'], 'current_topic' => $topic));
}
// Log an act of moderation - modifying.
if (!empty($moderationAction)) {
logAction('modify', array('topic' => $topic, 'message' => (int) $_REQUEST['msg'], 'member' => $row['id_member'], 'board' => $board));
}
if (isset($_POST['lock']) && $_POST['lock'] != 2) {
logAction('lock', array('topic' => $topicOptions['id'], 'board' => $topicOptions['board']));
}
if (isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics'])) {
logAction('sticky', array('topic' => $topicOptions['id'], 'board' => $topicOptions['board']));
}
// Notify any members who have notification turned on for this topic - only do this if it's going to be approved(!)
if ($becomesApproved) {
if ($newTopic) {
$notifyData = array('body' => $_POST['message'], 'subject' => $_POST['subject'], 'name' => $user_info['name'], 'poster' => $user_info['id'], 'msg' => $msgOptions['id'], 'board' => $board, 'topic' => $topic);
notifyMembersBoard($notifyData);
} elseif (empty($_REQUEST['msg'])) {
// Only send it to everyone if the topic is approved, otherwise just to the topic starter if they want it.
if ($topic_info['approved']) {
sendNotifications($topic, 'reply');
} else {
sendNotifications($topic, 'reply', array(), $topic_info['id_member_started']);
}
}
}
// Returning to the topic?
if (!empty($_REQUEST['goback'])) {
// Mark the board as read.... because it might get confusing otherwise.
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_boards
SET id_msg = {int:maxMsgID}
WHERE id_member = {int:current_member}
AND id_board = {int:current_board}', array('current_board' => $board, 'current_member' => $user_info['id'], 'maxMsgID' => $modSettings['maxMsgID']));
}
if ($board_info['num_topics'] == 0) {
cache_put_data('board-' . $board, null, 120);
}
if (!empty($_POST['announce_topic'])) {
redirectexit('action=announce;sa=selectgroup;topic=' . $topic . (!empty($_POST['move']) && allowedTo('move_any') ? ';move' : '') . (empty($_REQUEST['goback']) ? '' : ';goback'));
}
if (!empty($_POST['move']) && allowedTo('move_any')) {
redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback'));
}
// Return to post if the mod is on.
if (isset($_REQUEST['msg']) && !empty($_REQUEST['goback'])) {
redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg'] . '#msg' . $_REQUEST['msg'], $context['browser']['is_ie']);
} elseif (!empty($_REQUEST['goback'])) {
redirectexit('topic=' . $topic . '.new#new', $context['browser']['is_ie']);
} else {
redirectexit('board=' . $board . '.0');
}
}
<?php
include_once '../../config/init.php';
include_once $BASE_DIR . 'database/users.php';
include_once $BASE_DIR . 'database/posts.php';
if ($_POST['status'] && !$_FILES['picturepost']) {
createPost(getUserId($_SESSION['username']), $_POST['status']);
if ($_POST['circle']) {
createPostCircle($_POST['circle'], $_POST['status']);
}
} else {
if ($_POST['status'] && $_FILES['picturepost']) {
createPost(getUserId($_SESSION['username']), $_POST['status']);
$idpost = getPostIdByText($_POST['status']);
print_r($idpost);
if ($_POST['circle']) {
createPostCircle($_POST['circle'], $_POST['status']);
}
$fileName = $_FILES["picturepost"]["name"];
$fileTmpPath = $_FILES["picturepost"]["tmp_name"];
$fileType = $_FILES["picturepost"]["type"];
$fileSize = $_FILES["picturepost"]["size"];
$extension = end(explode(".", $_FILES["picturepost"]["name"]));
$fileFolder = $BASE_DIR . "images/posts/";
$filePath = $fileFolder . $idpost['idpost'] . "." . $extension;
insertPicPost($idpost['idpost'], $filePath);
move_uploaded_file($fileTmpPath, $filePath);
chmod($filePath, 0644);
unlink($fileTmpPath);
}
}
/**
* Receives the form for moving tickets to topics, and actually handles the move.
*
* After checking permissions, and so on, begin to actually move posts.
*
* This is done by invoking SMF's createPost function to make the new thread and repost all the ticket's posts as new thread posts
* using defaults for some settings.
*
* Operations:
* - check the user can see the board they are linking to
* - move the ticket's text as the opening post
* - update the ticket row if the post was modified before
* - get the rest of the replies
* - step through and post, updating for modified details
* - send the notification PM if we're doing that
* - update the attachments table
* - update the action log
* - remove the ticket from the DB
*
* @see shd_tickettotopic()
* @since 1.0
*/
function shd_tickettotopic2()
{
global $smcFunc, $context, $txt, $modSettings, $scripturl, $sourcedir;
checkSession();
checkSubmitOnce('check');
if (empty($context['ticket_id'])) {
fatal_lang_error('shd_no_ticket');
}
if (isset($_POST['send_pm']) && (!isset($_POST['pm_content']) || trim($_POST['pm_content']) == '')) {
checkSubmitOnce('free');
fatal_lang_error('shd_move_no_pm', false);
}
// Just in case, are they cancelling?
if (isset($_REQUEST['cancel'])) {
redirectexit('action=helpdesk;sa=ticket;ticket=' . $context['ticket_id']);
}
require_once $sourcedir . '/Subs-Post.php';
// The destination board must be numeric.
$_POST['toboard'] = (int) $_POST['toboard'];
$msg_assoc = array();
// This is complex, very complex. Hopefully 5 minutes will be enough...
@set_time_limit(300);
// Make sure they can see the board they are trying to move to (and get whether posts count in the target board).
$request = shd_db_query('', '
SELECT b.count_posts, b.name, hdt.subject, hdt.id_member_started, hdtr.body, hdt.id_first_msg, hdtr.smileys_enabled,
hdtr.modified_time, hdtr.modified_name, hdtr.poster_time, hdtr.id_msg, hdt.deleted_replies, hdt.id_dept
FROM {db_prefix}boards AS b
INNER JOIN {db_prefix}helpdesk_tickets AS hdt ON (hdt.id_ticket = {int:ticket})
INNER JOIN {db_prefix}helpdesk_ticket_replies AS hdtr ON (hdtr.id_msg = hdt.id_first_msg)
WHERE {query_see_board}
AND {query_see_ticket}
AND b.id_board = {int:to_board}
AND b.redirect = {string:blank_redirect}
LIMIT 1', array('ticket' => $context['ticket_id'], 'to_board' => $_POST['toboard'], 'blank_redirect' => ''));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('no_board');
} else {
list($pcounter, $board_name, $subject, $owner, $body, $firstmsg, $smileys_enabled, $modified_time, $modified_name, $time, $shd_id_msg, $deleted_replies, $dept) = $smcFunc['db_fetch_row']($request);
}
$smcFunc['db_free_result']($request);
if (!shd_allowed_to('shd_ticket_to_topic', $dept) || !empty($modSettings['shd_helpdesk_only']) || !empty($modSettings['shd_disable_tickettotopic'])) {
fatal_lang_error('shd_cannot_move_ticket', false);
}
// Are we changing the subject?
$old_subject = $subject;
$subject = !empty($_POST['change_subject']) && !empty($_POST['subject']) ? $_POST['subject'] : $subject;
$context['deleted_prompt'] = false;
// Hang on... are there any deleted replies?
if ($deleted_replies > 0) {
if (shd_allowed_to('shd_access_recyclebin')) {
$dr_opts = array('abort', 'delete', 'undelete');
$context['deleted_prompt'] = isset($_REQUEST['deleted_replies']) && in_array($_REQUEST['deleted_replies'], $dr_opts) ? $_REQUEST['deleted_replies'] : 'abort';
} else {
fatal_lang_error('shd_cannot_move_ticket_with_deleted');
}
}
if (!empty($context['deleted_prompt']) && $context['deleted_prompt'] == 'abort') {
redirectexit('action=helpdesk;sa=ticket;ticket=' . $context['ticket_id'] . ';recycle');
}
// Now the madness that is custom fields. First, load the custom fields we might/will be using.
$query = $smcFunc['db_query']('', '
SELECT hdcf.id_field, hdcf.field_name, hdcf.field_order, hdcf.field_type, hdcf.can_see, hdcf.field_options, hdcf.bbc, hdcf.placement
FROM {db_prefix}helpdesk_custom_fields_depts AS hdd
INNER JOIN {db_prefix}helpdesk_custom_fields AS hdcf ON (hdd.id_field = hdcf.id_field)
WHERE hdd.id_dept = {int:dept}
AND hdcf.active = {int:active}
ORDER BY hdcf.field_order', array('dept' => $dept, 'active' => 1));
$context['custom_fields'] = array();
$is_staff = shd_allowed_to('shd_staff', $dept);
$is_admin = shd_allowed_to('admin_helpdesk', $dept);
while ($row = $smcFunc['db_fetch_assoc']($query)) {
list($user_see, $staff_see) = explode(',', $row['can_see']);
$context['custom_fields'][$row['id_field']] = array('id_field' => $row['id_field'], 'name' => $row['field_name'], 'type' => $row['field_type'], 'bbc' => !empty($row['bbc']), 'options' => !empty($row['field_options']) ? unserialize($row['field_options']) : array(), 'placement' => $row['placement'], 'visible' => array('user' => $user_see, 'staff' => $staff_see, 'admin' => true), 'values' => array());
}
$smcFunc['db_free_result']($query);
// Having got all the possible fields for this ticket, let's fetch the values for it. That way if we don't have any values for a field, we don't have to care about showing the user.
// But first, we need all the message ids.
$context['ticket_messages'] = array();
$query = $smcFunc['db_query']('', '
SELECT id_msg
FROM {db_prefix}helpdesk_ticket_replies AS hdtr
WHERE id_ticket = {int:ticket}', array('ticket' => $context['ticket_id']));
while ($row = $smcFunc['db_fetch_row']($query)) {
$context['ticket_messages'][] = $row[0];
}
$smcFunc['db_free_result']($query);
// Now get a reference for the field values.
$query = $smcFunc['db_query']('', '
SELECT cfv.id_post, cfv.id_field, cfv.post_type, cfv.value
FROM {db_prefix}helpdesk_custom_fields_values AS cfv
WHERE (cfv.id_post = {int:ticket} AND cfv.post_type = 1)' . (!empty($context['ticket_messages']) ? '
OR (cfv.id_post IN ({array_int:msgs}) AND cfv.post_type = 2)' : ''), array('ticket' => $context['ticket_id'], 'msgs' => $context['ticket_messages']));
while ($row = $smcFunc['db_fetch_assoc']($query)) {
if (isset($context['custom_fields'][$row['id_field']])) {
$context['custom_fields'][$row['id_field']]['values'][$row['post_type']][$row['id_post']] = $row['value'];
}
}
$smcFunc['db_free_result']($query);
// Having now established what fields we do actually have values for, let's proceed to deal with them.
foreach ($context['custom_fields'] as $field_id => $field) {
// Didn't we have any values? If not, prune it, not interested.
if (empty($field['values'])) {
unset($context['custom_fields'][$field_id]);
}
// If the user is an administrator, they can always see the fields.
if ($is_admin) {
// But users might not be able to, in which case we need to validate that actually, they did need to authorise this one.
if (!$field['visible']['user'] || !$field['visible']['staff']) {
$context['custom_fields_warning'] = true;
}
} elseif ($is_staff) {
// So they're staff. But the field might not be visible to them; they can't deal with it whatever.
if (!$field['visible']['staff']) {
fatal_lang_error('cannot_shd_move_ticket_topic_hidden_cfs', false);
} elseif (!$field['visible']['user']) {
$context['custom_fields_warning'] = true;
}
} else {
// Non staff aren't special. They should not be able to make this decision. If someone can't see it, they don't get to make the choice.
if (!$field['visible']['user'] || !$field['visible']['staff']) {
fatal_lang_error('cannot_shd_move_ticket_topic_hidden_cfs', false);
}
}
// Are we ignoring this field? If so, we can now safely get rid of it at this very point.
if (isset($_POST['field' . $field_id]) && $_POST['field' . $field_id] == 'lose') {
unset($context['custom_fields'][$field_id]);
}
}
// Were there any special fields? We need to check - and check that they ticked the right box!
if (!empty($context['custom_fields_warning']) && empty($_POST['accept_move'])) {
checkSubmitOnce('free');
fatal_lang_error('shd_ticket_move_reqd_nonselected', false);
}
// Just before we do this, make sure we call any hooks. $context has lots of interesting things, as does $_POST.
call_integration_hook('shd_hook_tickettotopic');
// OK, so we have some fields, and we're doing something with them. First we need to attach the fields from the ticket to the opening post.
shd_append_custom_fields($body, $context['ticket_id'], CFIELD_TICKET);
// All okay, it seems. Let's go create the topic.
$msgOptions = array('subject' => $subject, 'body' => $body, 'icon' => 'xx', 'smileys_enabled' => !empty($smileys_enabled) ? 1 : 0);
$topicOptions = array('board' => $_POST['toboard'], 'lock_mode' => 0, 'mark_as_read' => false);
$posterOptions = array('id' => $owner, 'update_post_count' => empty($pcounter));
createPost($msgOptions, $topicOptions, $posterOptions);
// Keep track of SHD msg id to SMF msg id
$msg_assoc[$shd_id_msg] = $msgOptions['id'];
// createPost() doesn't handle modified time and name, so we'll fix that here, along with the poster time.
if (!empty($modified_time)) {
shd_db_query('', '
UPDATE {db_prefix}messages
SET
modified_time = {int:modified_time},
modified_name = {string:modified_name},
poster_time = {int:poster_time}
WHERE id_msg = {int:id_msg}', array('id_msg' => $firstmsg, 'modified_time' => $modified_time, 'modified_name' => $modified_name, 'poster_time' => $time));
}
// Topic created, let's dig out the replies and post them in the topic, if there are any.
if (isset($topicOptions['id'])) {
$request = shd_db_query('', '
SELECT body, id_member, poster_time, poster_name, poster_email, poster_ip, smileys_enabled,
modified_time, modified_member, modified_name, poster_time, id_msg, message_status
FROM {db_prefix}helpdesk_ticket_replies AS hdtr
WHERE id_ticket = {int:ticket}
AND id_msg > {int:ticket_msg}
ORDER BY id_msg', array('ticket' => $context['ticket_id'], 'ticket_msg' => $firstmsg));
// The ID of the topic we created
$topic = $topicOptions['id'];
if ($smcFunc['db_num_rows']($request) != 0) {
// Now loop through each reply and post it. Hopefully there aren't too many. *looks at clock*
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if ($row['message_status'] == MSG_STATUS_DELETED && !empty($context['deleted_prompt']) && $context['deleted_prompt'] == 'delete') {
// we don't want these replies!
continue;
}
shd_append_custom_fields($row['body'], $row['id_msg'], CFIELD_REPLY);
$msgOptions = array('subject' => $txt['response_prefix'] . $subject, 'body' => $row['body'], 'icon' => 'xx', 'smileys_enabled' => !empty($row['smileys_enabled']) ? 1 : 0);
$topicOptions = array('id' => $topic, 'board' => $_POST['toboard'], 'lock_mode' => 0, 'mark_as_read' => false);
$posterOptions = array('id' => $row['id_member'], 'name' => !empty($row['poster_name']) ? $row['poster_name'] : '', 'email' => !empty($row['poster_email']) ? $row['poster_email'] : '', 'ip' => !empty($row['poster_ip']) ? $row['poster_ip'] : '', 'update_post_count' => empty($pcounter));
createPost($msgOptions, $topicOptions, $posterOptions);
// Don't forget to note what id
$msg_assoc[$row['id_msg']] = $msgOptions['id'];
// Meh, createPost() doesn't have any hooks for modified time and user. Let's fix that now.
if (!empty($row['modified_time'])) {
shd_db_query('', '
UPDATE {db_prefix}messages
SET
modified_time = {int:modified_time},
modified_name = {string:modified_name},
poster_time = {int:poster_time}
WHERE id_msg = {int:id_msg}', array('id_msg' => $msgOptions['id'], 'modified_time' => $row['modified_time'], 'modified_name' => $row['modified_name'], 'poster_time' => $row['poster_time']));
}
}
}
// Topic: check; Replies: check; Notfiy the ticket starter, if desired.
if (isset($_POST['send_pm'])) {
$request = shd_db_query('pm_find_username', '
SELECT id_member, real_name
FROM {db_prefix}members
WHERE id_member = {int:user}
LIMIT 1', array('user' => $owner));
list($userid, $username) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Fix the content
$replacements = array('{user}' => $username, '{subject}' => $old_subject, '{board}' => '[url=' . $scripturl . '?board=' . $_POST['toboard'] . '.0]' . $board_name . '[/url]', '{link}' => $scripturl . '?topic=' . $topic . '.0');
$message = str_replace(array_keys($replacements), array_values($replacements), $_POST['pm_content']);
$recipients = array('to' => array($owner), 'bcc' => array());
sendpm($recipients, $txt['shd_ticket_moved_subject'], un_htmlspecialchars($message));
}
// Right, time to do all the attachment fussing too
if (!empty($msg_assoc)) {
$attachIDs = array();
$query = shd_db_query('', '
SELECT id_attach, id_msg
FROM {db_prefix}helpdesk_attachments
WHERE id_msg IN ({array_int:msgs})', array('msgs' => array_keys($msg_assoc)));
while ($row = $smcFunc['db_fetch_assoc']($query)) {
$attachIDs[] = $row;
}
$smcFunc['db_free_result']($query);
if (!empty($attachIDs)) {
// 1. Update all the attachments in the master table; this is the bit that hurts since it can't be done without
// a query per row :(
foreach ($attachIDs as $attach) {
shd_db_query('', '
UPDATE {db_prefix}attachments
SET id_msg = {int:new_msg}
WHERE id_attach = {int:attach}', array('attach' => $attach['id_attach'], 'new_msg' => $msg_assoc[$attach['id_msg']]));
}
// 2. Remove the entries from the SD table since we don't need them no more
shd_db_query('', '
DELETE FROM {db_prefix}helpdesk_attachments
WHERE id_msg IN ({array_int:msgs})', array('msgs' => array_keys($msg_assoc)));
}
}
// Well, it's possible there are some phantom attachments on deleted replies that need to disappear
if (!empty($context['deleted_replies']) && $context['deleted_replies'] == 'delete') {
$query = shd_db_query('', '
SELECT id_msg
FROM {db_prefix}helpdesk_attachments AS hda
INNER JOIN {db_prefix}helpdesk_ticket_replies AS hdtr ON (hda.id_msg = hdtr.id_msg)
WHERE id_ticket = {int:ticket}
AND hdtr.message_status = {int:deleted}', array('ticket' => $context['ticket_id'], 'deleted' => MSG_STATUS_DELETED));
if ($smcFunc['db_num_rows']($query) > 0) {
$msgs = array();
while ($row = $smcFunc['db_fetch_row']($query)) {
$msgs[] = $row[0];
}
if (!empty($msgs)) {
// Get rid of the parents
require_once $sourcedir . '/ManageAttachments.php';
$attachmentQuery = array('attachment_type' => 0, 'id_msg' => 0, 'id_attach' => $msgs);
removeAttachments($attachmentQuery);
// Get rid of the remainder in hda table
shd_db_query('', '
DELETE FROM {db_prefix}helpdesk_attachments
WHERE id_ticket = {int:ticket}', array('ticket' => $context['ticket_id']));
}
}
$smcFunc['db_free_result']($query);
}
// Now we'll add this to the log.
$log_params = array('subject' => $subject, 'board_id' => $_POST['toboard'], 'board_name' => $board_name, 'ticket' => $topic);
shd_log_action('tickettotopic', $log_params);
// Lastly, delete the ticket from the database.
shd_db_query('', '
DELETE FROM {db_prefix}helpdesk_tickets
WHERE id_ticket = {int:ticket}
LIMIT 1', array('ticket' => $context['ticket_id']));
// And the replies, too.
shd_db_query('', '
DELETE FROM {db_prefix}helpdesk_ticket_replies
WHERE id_ticket = {int:ticket}', array('ticket' => $context['ticket_id']));
// And custom fields.
shd_db_query('', '
DELETE FROM {db_prefix}helpdesk_custom_fields_values
WHERE (id_post = {int:ticket} AND post_type = 1)' . (!empty($context['ticket_messages']) ? '
OR (id_post IN ({array_int:msgs}) AND post_type = 2)' : ''), array('ticket' => $context['ticket_id'], 'msgs' => $context['ticket_messages']));
} else {
fatal_lang_error('shd_move_topic_not_created', false);
}
// Clear our cache
shd_clear_active_tickets($dept);
// Send them to the topic.
redirectexit('topic=' . $topic . '.0');
}
/**
* Execute the move of a topic.
* It is called on the submit of action_movetopic.
* This function logs that topics have been moved in the moderation log.
* If the member is the topic starter requires the move_own permission,
* otherwise requires the move_any permission.
* Upon successful completion redirects to message index.
* Accessed via ?action=movetopic2.
*
* @uses subs/Post.subs.php.
*/
public function action_movetopic2()
{
global $txt, $board, $topic, $scripturl, $context, $language, $user_info;
if (empty($topic)) {
fatal_lang_error('no_access', false);
}
// You can't choose to have a redirection topic and use an empty reason.
if (isset($_POST['postRedirect']) && (!isset($_POST['reason']) || trim($_POST['reason']) == '')) {
fatal_lang_error('movetopic_no_reason', false);
}
// You have to tell us were you are moving to
if (!isset($_POST['toboard'])) {
fatal_lang_error('movetopic_no_board', false);
}
// We will need this
require_once SUBSDIR . '/Topic.subs.php';
moveTopicConcurrence();
// Make sure this form hasn't been submitted before.
checkSubmitOnce('check');
// Get the basic details on this topic
$topic_info = getTopicInfo($topic);
$context['is_approved'] = $topic_info['approved'];
// Can they see it?
if (!$context['is_approved']) {
isAllowedTo('approve_posts');
}
// Can they move topics on this board?
if (!allowedTo('move_any')) {
if ($topic_info['id_member_started'] == $user_info['id']) {
isAllowedTo('move_own');
} else {
isAllowedTo('move_any');
}
}
checkSession();
require_once SUBSDIR . '/Post.subs.php';
require_once SUBSDIR . '/Boards.subs.php';
// The destination board must be numeric.
$toboard = (int) $_POST['toboard'];
// Make sure they can see the board they are trying to move to (and get whether posts count in the target board).
$board_info = boardInfo($toboard, $topic);
if (empty($board_info)) {
fatal_lang_error('no_board');
}
// Remember this for later.
$_SESSION['move_to_topic'] = array('move_to' => $toboard);
// Rename the topic...
if (isset($_POST['reset_subject'], $_POST['custom_subject']) && $_POST['custom_subject'] != '') {
$custom_subject = strtr(Util::htmltrim(Util::htmlspecialchars($_POST['custom_subject'])), array("\r" => '', "\n" => '', "\t" => ''));
// Keep checking the length.
if (Util::strlen($custom_subject) > 100) {
$custom_subject = Util::substr($custom_subject, 0, 100);
}
// If it's still valid move onwards and upwards.
if ($custom_subject != '') {
$all_messages = isset($_POST['enforce_subject']);
if ($all_messages) {
// Get a response prefix, but in the forum's default language.
$context['response_prefix'] = response_prefix();
topicSubject($topic_info, $custom_subject, $context['response_prefix'], $all_messages);
} else {
topicSubject($topic_info, $custom_subject);
}
// Fix the subject cache.
updateStats('subject', $topic, $custom_subject);
}
}
// Create a link to this in the old board.
// @todo Does this make sense if the topic was unapproved before? I'd just about say so.
if (isset($_POST['postRedirect'])) {
// Should be in the boardwide language.
if ($user_info['language'] != $language) {
loadLanguage('index', $language);
}
$reason = Util::htmlspecialchars($_POST['reason'], ENT_QUOTES);
preparsecode($reason);
// Add a URL onto the message.
$reason = strtr($reason, array($txt['movetopic_auto_board'] => '[url=' . $scripturl . '?board=' . $toboard . '.0]' . $board_info['name'] . '[/url]', $txt['movetopic_auto_topic'] => '[iurl]' . $scripturl . '?topic=' . $topic . '.0[/iurl]'));
// Auto remove this MOVED redirection topic in the future?
$redirect_expires = !empty($_POST['redirect_expires']) ? (int) $_POST['redirect_expires'] : 0;
// Redirect to the MOVED topic from topic list?
$redirect_topic = isset($_POST['redirect_topic']) ? $topic : 0;
// And remember the last expiry period too.
$_SESSION['move_to_topic']['redirect_topic'] = $redirect_topic;
$_SESSION['move_to_topic']['redirect_expires'] = $redirect_expires;
$msgOptions = array('subject' => $txt['moved'] . ': ' . $board_info['subject'], 'body' => $reason, 'icon' => 'moved', 'smileys_enabled' => 1);
$topicOptions = array('board' => $board, 'lock_mode' => 1, 'mark_as_read' => true, 'redirect_expires' => empty($redirect_expires) ? 0 : $redirect_expires * 60 + time(), 'redirect_topic' => $redirect_topic);
$posterOptions = array('id' => $user_info['id'], 'update_post_count' => empty($board_info['count_posts']));
createPost($msgOptions, $topicOptions, $posterOptions);
}
$board_from = boardInfo($board);
if ($board_from['count_posts'] != $board_info['count_posts']) {
$posters = postersCount($topic);
foreach ($posters as $id_member => $posts) {
// The board we're moving from counted posts, but not to.
if (empty($board_from['count_posts'])) {
updateMemberData($id_member, array('posts' => 'posts - ' . $posts));
} else {
updateMemberData($id_member, array('posts' => 'posts + ' . $posts));
}
}
}
// Do the move (includes statistics update needed for the redirect topic).
moveTopics($topic, $toboard);
// Log that they moved this topic.
if (!allowedTo('move_own') || $topic_info['id_member_started'] != $user_info['id']) {
logAction('move', array('topic' => $topic, 'board_from' => $board, 'board_to' => $toboard));
}
// Notify people that this topic has been moved?
require_once SUBSDIR . '/Notification.subs.php';
sendNotifications($topic, 'move');
// Why not go back to the original board in case they want to keep moving?
if (!isset($_REQUEST['goback'])) {
redirectexit('board=' . $board . '.0');
} else {
redirectexit('topic=' . $topic . '.0');
}
}
function MoveTopic2()
{
global $txt, $board, $topic, $scripturl, $sourcedir, $modSettings, $context;
global $db_prefix, $ID_MEMBER, $board, $language, $user_info, $func;
// Make sure this form hasn't been submitted before.
checkSubmitOnce('check');
$request = db_query("\n\t\tSELECT ID_MEMBER_STARTED, ID_FIRST_MSG\n\t\tFROM {$db_prefix}topics\n\t\tWHERE ID_TOPIC = {$topic}\n\t\tLIMIT 1", __FILE__, __LINE__);
list($ID_MEMBER_STARTED, $ID_FIRST_MSG) = mysql_fetch_row($request);
mysql_free_result($request);
// Can they move topics on this board?
if (!allowedTo('move_any')) {
if ($ID_MEMBER_STARTED == $ID_MEMBER) {
isAllowedTo('move_own');
$boards = array_merge(boardsAllowedTo('move_own'), boardsAllowedTo('move_any'));
} else {
isAllowedTo('move_any');
}
} else {
$boards = boardsAllowedTo('move_any');
}
checkSession();
require_once $sourcedir . '/Subs-Post.php';
// The destination board must be numeric.
$_POST['toboard'] = (int) $_POST['toboard'];
// !!!
/*if (!in_array($_POST['toboard'], $boards) && !in_array(0, $boards))
fatal_lang_error('smf232');*/
// Make sure they can see the board they are trying to move to (and get whether posts count in the target board).
$request = db_query("\n\t\tSELECT b.countPosts, b.name, m.subject\n\t\tFROM ({$db_prefix}boards AS b, {$db_prefix}topics AS t, {$db_prefix}messages AS m)\n\t\tWHERE {$user_info['query_see_board']}\n\t\t\tAND b.ID_BOARD = {$_POST['toboard']}\n\t\t\tAND t.ID_TOPIC = {$topic}\n\t\t\tAND m.ID_MSG = t.ID_FIRST_MSG\n\t\tLIMIT 1", __FILE__, __LINE__);
if (mysql_num_rows($request) == 0) {
fatal_lang_error('smf232');
}
list($pcounter, $board_name, $subject) = mysql_fetch_row($request);
mysql_free_result($request);
// Remember this for later.
$_SESSION['move_to_topic'] = $_POST['toboard'];
// Rename the topic...
if (isset($_POST['reset_subject'], $_POST['custom_subject']) && $_POST['custom_subject'] != '') {
$_POST['custom_subject'] = $func['htmlspecialchars']($_POST['custom_subject']);
if (isset($_POST['enforce_subject'])) {
// Get a response prefix, but in the forum's default language.
if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) {
if ($language === $user_info['language']) {
$context['response_prefix'] = $txt['response_prefix'];
} else {
loadLanguage('index', $language, false);
$context['response_prefix'] = $txt['response_prefix'];
loadLanguage('index');
}
cache_put_data('response_prefix', $context['response_prefix'], 600);
}
db_query("\n\t\t\t\tUPDATE {$db_prefix}messages\n\t\t\t\tSET subject = '{$context['response_prefix']}{$_POST['custom_subject']}'\n\t\t\t\tWHERE ID_TOPIC = {$topic}", __FILE__, __LINE__);
}
db_query("\n\t\t\tUPDATE {$db_prefix}messages\n\t\t\tSET subject = '{$_POST['custom_subject']}'\n\t\t\tWHERE ID_MSG = {$ID_FIRST_MSG}\n\t\t\tLIMIT 1", __FILE__, __LINE__);
// Fix the subject cache.
updateStats('subject', $topic, $_POST['custom_subject']);
}
// Create a link to this in the old board.
if (isset($_POST['postRedirect'])) {
// Should be in the boardwide language.
if ($user_info['language'] != $language) {
loadLanguage('index', $language);
}
$_POST['reason'] = $func['htmlspecialchars']($_POST['reason'], ENT_QUOTES);
preparsecode($_POST['reason']);
// Add a URL onto the message.
$_POST['reason'] = strtr($_POST['reason'], array($txt['movetopic_auto_board'] => '[url=' . $scripturl . '?board=' . $_POST['toboard'] . ']' . addslashes($board_name) . '[/url]', $txt['movetopic_auto_topic'] => '[iurl]' . $scripturl . '?topic=' . $topic . '.0[/iurl]'));
$msgOptions = array('subject' => addslashes($txt['smf56'] . ': ' . $subject), 'body' => $_POST['reason'], 'icon' => 'moved', 'smileys_enabled' => 1);
$topicOptions = array('board' => $board, 'lock_mode' => 1, 'mark_as_read' => true);
$posterOptions = array('id' => $ID_MEMBER, 'update_post_count' => !empty($pcounter));
createPost($msgOptions, $topicOptions, $posterOptions);
}
$request = db_query("\n\t\tSELECT countPosts\n\t\tFROM {$db_prefix}boards\n\t\tWHERE ID_BOARD = {$board}\n\t\tLIMIT 1", __FILE__, __LINE__);
list($pcounter_from) = mysql_fetch_row($request);
mysql_free_result($request);
if ($pcounter_from != $pcounter) {
$request = db_query("\n\t\t\tSELECT ID_MEMBER\n\t\t\tFROM {$db_prefix}messages\n\t\t\tWHERE ID_TOPIC = {$topic}", __FILE__, __LINE__);
$posters = array();
while ($row = mysql_fetch_assoc($request)) {
$posters[] = $row['ID_MEMBER'];
}
mysql_free_result($request);
// The board we're moving from counted posts, but not to.
if (empty($pcounter_from)) {
updateMemberData($posters, array('posts' => '-'));
} else {
updateMemberData($posters, array('posts' => '+'));
}
}
// Do the move (includes statistics update needed for the redirect topic).
moveTopics($topic, $_POST['toboard']);
// Log that they moved this topic.
if (!allowedTo('move_own') || $ID_MEMBER_STARTED != $ID_MEMBER) {
logAction('move', array('topic' => $topic, 'board_from' => $board, 'board_to' => $_POST['toboard']));
}
// Notify people that this topic has been moved?
sendNotifications($topic, 'move');
// Update the cache?
if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] == 3) {
cache_put_data('topic_board-' . $topic, null, 120);
}
// Why not go back to the original board in case they want to keep moving?
if (!isset($_REQUEST['goback'])) {
redirectexit('board=' . $board . '.0');
} else {
redirectexit('topic=' . $topic . '.0');
}
}
<?php
# INCLUDES
include "php/_globals.php";
# CHECK FOR POST
if (empty($_POST["name"]) && empty($_POST["content"])) {
die("Data missing! What have you done !!");
} else {
createPost($_POST["name"], $_POST["content"]);
header("location: /");
}
function createPost($user, $content)
{
# VARIABLES
$time = time();
$ident = hash("crc32", $_SERVER["REMOTE_ADDR"]);
$content = trim(htmlspecialchars($content));
# DICE ROLLING
$pattern = "/^@roll (.*?)( .*)?\$/m";
preg_match_all($pattern, $content, $matches);
$i = 0;
while ($i < count($matches)) {
$input = $matches[0][$i];
$result = rollDice($matches[1][$i]);
$content = str_replace($input, $result, $content);
$i++;
}
# FULL POSTING
$string = "{ ident: {$ident}, name: {$user}, created: {$time}, edited: 0 }\n{$content}";
$file = fopen(location . "{$time}.{$ident}.txt", "w");
fwrite($file, $string);
function UpdateJSONFeedBots()
{
global $smcFunc, $txt, $context, $sourcedir, $tag_attrs, $feedcount, $smcFunc, $maxitemcount, $insideitem, $tag, $modSettings;
// Load the language files
if (loadlanguage('FeedPoster') == false) {
loadLanguage('FeedPoster', 'english');
}
// First get all the enabled bots
$context['feeds'] = array();
$request = $smcFunc['db_query']('', "\n\t\t\tSELECT\n\t\t\t\tID_FEED, ID_BOARD, feedurl, title, postername, updatetime, enabled, html,\n\t\t\t\tID_MEMBER, locked, articlelink, topicprefix, numbertoimport, importevery,\n\t\t\t\tmsgicon, footer, id_topic \n\t\t\tFROM {db_prefix}feedbot\n\t\t\tWHERE enabled = 1 AND json = 1");
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$request2 = $smcFunc['db_query']('', "\n\t\t\tSELECT\n\t\t\t\tcount_posts\n\t\t\tFROM {db_prefix}boards \n\t\t\tWHERE ID_BOARD = " . $row['ID_BOARD']);
$row2 = $smcFunc['db_fetch_assoc']($request2);
$row['count_posts'] = $row2['count_posts'];
$context['feeds'][] = $row;
}
$smcFunc['db_free_result']($request);
// For the createPost function
require_once $sourcedir . '/Subs-Post.php';
require_once $sourcedir . '/Subs-Editor.php';
// Check if a field expired
foreach ($context['feeds'] as $key => $feed) {
$current_time = time();
// If the feedbot time to next import has expired
if ($current_time > $feed['updatetime']) {
$feeddata = disguise_curl($feed['feedurl']);
$json_feed_object = json_decode($feeddata);
$feedcount = 0;
$context['feeditems'] = array();
if (!empty($json_feed_object->entries)) {
foreach ($json_feed_object->entries as $entry) {
// echo "<h2>{$entry->title}</h2>";
// $published = date("g:i A F j, Y", strtotime($entry->published));
// echo "<small>{$published}</small>";
//echo "<p>{$entry->content}</p>";
$context['feeditems'][$feedcount]['title'] = (string) $entry->title;
$context['feeditems'][$feedcount]['description'] = (string) $entry->content;
$context['feeditems'][$feedcount]['description'] = html_to_bbc($context['feeditems'][$feedcount]['description']);
$context['feeditems'][$feedcount]['link'] = (string) $entry->alternate;
$feedcount++;
}
}
if (!empty($feeddata)) {
// Process the XML
$maxitemcount = $feed['numbertoimport'];
$context['feeditems'] = array_reverse($context['feeditems']);
// Loop though all the items
$myfeedcount = 0;
for ($i = 0; $i < $feedcount; $i++) {
if ($myfeedcount >= $maxitemcount) {
continue;
}
// Check feed Log
// Generate the hash for the log
if (!isset($context['feeditems'][$i]['title']) || !isset($context['feeditems'][$i]['description'])) {
continue;
}
if (empty($context['feeditems'][$i]['title']) && empty($context['feeditems'][$i]['description'])) {
continue;
}
$itemhash = md5($context['feeditems'][$i]['title'] . $context['feeditems'][$i]['description']);
$request = $smcFunc['db_query']('', "\n\t\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t\tfeedtime\n\t\t\t\t\t\t\tFROM {db_prefix}feedbot_log\n\t\t\t\t\t\t\tWHERE feedhash = '{$itemhash}'");
$smcFunc['db_free_result']($request);
// If no has has found that means no duplicate entry
if ($smcFunc['db_affected_rows']() == 0) {
// Create the Post
$msg_title = $smcFunc['htmlspecialchars']($feed['html'] ? $context['feeditems'][$i]['title'] : strip_tags($context['feeditems'][$i]['title']), ENT_QUOTES);
$msg_title = trim($msg_title);
$msg_body = '';
if ($feed['html']) {
$msg_body = $smcFunc['htmlspecialchars']($context['feeditems'][$i]['description'], ENT_QUOTES);
$msg_body = trim($msg_body);
preparsecode($msg_body);
$msg_body = '[html]' . $msg_body . '[/html]';
$msg_body .= $smcFunc['htmlspecialchars']("\n\n" . $txt['feedposter_source'] . "[url=" . $context['feeditems'][$i]['link'] . "]" . $msg_title . "[/url]", ENT_QUOTES);
if (!empty($feed['footer'])) {
$msg_body .= $smcFunc['htmlspecialchars']("\n\n" . $feed['footer'], ENT_QUOTES);
}
} else {
$msg_body = $smcFunc['htmlspecialchars'](strip_tags($context['feeditems'][$i]['description']), ENT_QUOTES);
$msg_body = trim($msg_body);
$msg_body .= $smcFunc['htmlspecialchars']("\n\n" . $txt['feedposter_source'] . "[url=" . $context['feeditems'][$i]['link'] . "]" . $msg_title . "[/url]", ENT_QUOTES);
if (!empty($feed['footer'])) {
$msg_body .= $smcFunc['htmlspecialchars']("\n\n" . $feed['footer'], ENT_QUOTES);
}
}
$msg_title = htmlspecialchars_decode($msg_title);
$msg_body = htmlspecialchars_decode($msg_body);
$updatePostCount = $feed['ID_MEMBER'] == 0 ? 0 : 1;
if ($feed['count_posts'] == 0) {
$updatePostCount = 0;
}
$msgOptions = array('id' => 0, 'subject' => $feed['topicprefix'] . $msg_title, 'body' => '[b]' . $msg_title . "[/b]\n\n" . $msg_body, 'icon' => $feed['msgicon'], 'smileys_enabled' => 1, 'attachments' => array());
$topicOptions = array('id' => $row['id_topic'], 'board' => $feed['ID_BOARD'], 'poll' => null, 'lock_mode' => $feed['locked'], 'sticky_mode' => null, 'mark_as_read' => false);
$posterOptions = array('id' => $feed['ID_MEMBER'], 'name' => $feed['postername'], 'email' => '', 'ip' => '127.0.0.1', 'update_post_count' => $updatePostCount);
createPost($msgOptions, $topicOptions, $posterOptions);
$topicID = 0;
if (isset($topicOptions['id'])) {
$topicID = $topicOptions['id'];
}
$msgID = 0;
if (isset($msgOptions['id'])) {
$msgID = $msgOptions['id'];
}
// Add Feed Log
$fid = $feed['ID_FEED'];
$ftime = time();
$smcFunc['db_query']('', "\n\t\t\t\t\t\t\t\tINSERT INTO {db_prefix}feedbot_log\n\t\t\t\t\t\t\t\t\t(ID_FEED, feedhash, feedtime, ID_TOPIC,ID_MSG)\n\t\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t\t({$fid},'{$itemhash}',{$ftime},{$topicID},{$msgID})");
$smcFunc['db_query']('', "\n\t\t\t\t\t\t\t\tUPDATE {db_prefix}feedbot\n\t\t\t\t\t\t\t\tSET total_posts = total_posts + 1 \n\t\t\t\t\t\t\t\tWHERE ID_FEED = {$fid}\n\t\t\t\t\t\t\t\t");
$myfeedcount++;
}
}
}
// End get feed data
// Set the RSS Feed Update time
$updatetime = time() + 60 * $feed['importevery'];
$smcFunc['db_query']('', "\n\t\t\tUPDATE {db_prefix}feedbot \n\t\t\tSET \n\t\t\t\tupdatetime = '{$updatetime}'\n\t\t\n\t\t\tWHERE ID_FEED = " . $feed['ID_FEED']);
}
// End expire check
}
// End for each feed
}
function arcade_post_comment($topicName, $gameid, $topicid, $comment)
{
global $sourcedir, $user_info, $arcSettings;
require_once $sourcedir . '/Subs-Post.php';
$gamename = addslashes($topicName);
$topicTalk = addslashes($comment);
$msgOptions = array('id' => 0, 'subject' => $gamename, 'body' => $topicTalk, 'icon' => "xx", 'smileys_enabled' => true, 'attachments' => array());
$topicOptions = array('id' => $topicid, 'board' => $arcSettings['arcadePostTopic'], 'poll' => null, 'lock_mode' => null, 'sticky_mode' => null, 'mark_as_read' => true);
$posterOptions = array('id' => $user_info['id'], 'name' => "arcade", 'email' => "arcade@here");
createPost($msgOptions, $topicOptions, $posterOptions);
if (isset($topicOptions['id'])) {
$topicid = $topicOptions['id'];
}
return $topicid;
}
function Post2()
{
global $board, $topic, $txt, $db_prefix, $modSettings, $sourcedir, $context;
global $ID_MEMBER, $user_info, $board_info, $options, $func;
// Previewing? Go back to start.
if (isset($_REQUEST['preview'])) {
return Post();
}
// Prevent double submission of this form.
checkSubmitOnce('check');
// No errors as yet.
$post_errors = array();
// If the session has timed out, let the user re-submit their form.
if (checkSession('post', '', false) != '') {
$post_errors[] = 'session_timeout';
}
require_once $sourcedir . '/Subs-Post.php';
loadLanguage('Post');
// Replying to a topic?
if (!empty($topic) && !isset($_REQUEST['msg'])) {
$request = db_query("\n\t\t\tSELECT t.locked, t.isSticky, t.ID_POLL, t.numReplies, m.ID_MEMBER\n\t\t\tFROM ({$db_prefix}topics AS t, {$db_prefix}messages AS m)\n\t\t\tWHERE t.ID_TOPIC = {$topic}\n\t\t\t\tAND m.ID_MSG = t.ID_FIRST_MSG\n\t\t\tLIMIT 1", __FILE__, __LINE__);
list($tmplocked, $tmpstickied, $pollID, $numReplies, $ID_MEMBER_POSTER) = mysql_fetch_row($request);
mysql_free_result($request);
// Don't allow a post if it's locked.
if ($tmplocked != 0 && !allowedTo('moderate_board')) {
fatal_lang_error(90, false);
}
// Sorry, multiple polls aren't allowed... yet. You should stop giving me ideas :P.
if (isset($_REQUEST['poll']) && $pollID > 0) {
unset($_REQUEST['poll']);
}
if ($ID_MEMBER_POSTER != $ID_MEMBER) {
isAllowedTo('post_reply_any');
} elseif (!allowedTo('post_reply_any')) {
isAllowedTo('post_reply_own');
}
if (isset($_POST['lock'])) {
// Nothing is changed to the lock.
if (empty($tmplocked) && empty($_POST['lock']) || !empty($_POST['lock']) && !empty($tmplocked)) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $ID_MEMBER != $ID_MEMBER_POSTER) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
// You cannot override a moderator lock.
if ($tmplocked == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
// So you wanna (un)sticky this...let's see.
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || $_POST['sticky'] == $tmpstickied || !allowedTo('make_sticky'))) {
unset($_POST['sticky']);
}
// If the number of replies has changed, if the setting is enabled, go back to Post() - which handles the error.
$newReplies = isset($_POST['num_replies']) && $numReplies > $_POST['num_replies'] ? $numReplies - $_POST['num_replies'] : 0;
if (empty($options['no_new_reply_warning']) && !empty($newReplies)) {
$_REQUEST['preview'] = true;
return Post();
}
$posterIsGuest = $user_info['is_guest'];
} elseif (empty($topic)) {
if (!isset($_REQUEST['poll']) || $modSettings['pollMode'] != '1') {
isAllowedTo('post_new');
}
if (isset($_POST['lock'])) {
// New topics are by default not locked.
if (empty($_POST['lock'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own'))) {
unset($_POST['lock']);
} else {
$_POST['lock'] = allowedTo('lock_any') ? 1 : 2;
}
}
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || empty($_POST['sticky']) || !allowedTo('make_sticky'))) {
unset($_POST['sticky']);
}
$posterIsGuest = $user_info['is_guest'];
} elseif (isset($_REQUEST['msg']) && !empty($topic)) {
$_REQUEST['msg'] = (int) $_REQUEST['msg'];
$request = db_query("\n\t\t\tSELECT\n\t\t\t\tm.ID_MEMBER, m.posterName, m.posterEmail, m.posterTime, \n\t\t\t\tt.ID_FIRST_MSG, t.locked, t.isSticky, t.ID_MEMBER_STARTED AS ID_MEMBER_POSTER\n\t\t\tFROM ({$db_prefix}messages AS m, {$db_prefix}topics AS t)\n\t\t\tWHERE m.ID_MSG = {$_REQUEST['msg']}\n\t\t\t\tAND t.ID_TOPIC = {$topic}\n\t\t\tLIMIT 1", __FILE__, __LINE__);
if (mysql_num_rows($request) == 0) {
fatal_lang_error('smf272', false);
}
$row = mysql_fetch_assoc($request);
mysql_free_result($request);
if (!empty($row['locked']) && !allowedTo('moderate_board')) {
fatal_lang_error(90, false);
}
if (isset($_POST['lock'])) {
// Nothing changes to the lock status.
if (empty($_POST['lock']) && empty($row['locked']) || !empty($_POST['lock']) && !empty($row['locked'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $ID_MEMBER != $row['ID_MEMBER_POSTER']) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
// You're not allowed to break a moderator's lock.
if ($row['locked'] == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
// Change the sticky status of this topic?
if (isset($_POST['sticky']) && (!allowedTo('make_sticky') || $_POST['sticky'] == $row['isSticky'])) {
unset($_POST['sticky']);
}
if ($row['ID_MEMBER'] == $ID_MEMBER && !allowedTo('modify_any')) {
if (!empty($modSettings['edit_disable_time']) && $row['posterTime'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) {
fatal_lang_error('modify_post_time_passed', false);
} elseif ($row['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_own')) {
isAllowedTo('modify_replies');
} else {
isAllowedTo('modify_own');
}
} elseif ($row['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_any')) {
isAllowedTo('modify_replies');
// If you're modifying a reply, I say it better be logged...
$moderationAction = true;
} else {
isAllowedTo('modify_any');
// Log it, assuming you're not modifying your own post.
if ($row['ID_MEMBER'] != $ID_MEMBER) {
$moderationAction = true;
}
}
$posterIsGuest = empty($row['ID_MEMBER']);
if (!allowedTo('moderate_forum') || !$posterIsGuest) {
$_POST['guestname'] = addslashes($row['posterName']);
$_POST['email'] = addslashes($row['posterEmail']);
}
}
// If the poster is a guest evaluate the legality of name and email.
if ($posterIsGuest) {
$_POST['guestname'] = !isset($_POST['guestname']) ? '' : trim($_POST['guestname']);
$_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']);
if ($_POST['guestname'] == '' || $_POST['guestname'] == '_') {
$post_errors[] = 'no_name';
}
if ($func['strlen']($_POST['guestname']) > 25) {
$post_errors[] = 'long_name';
}
if (empty($modSettings['guest_post_no_email'])) {
// Only check if they changed it!
if (!isset($row) || $row['posterEmail'] != $_POST['email']) {
if (!allowedTo('moderate_forum') && (!isset($_POST['email']) || $_POST['email'] == '')) {
$post_errors[] = 'no_email';
}
if (!allowedTo('moderate_forum') && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', stripslashes($_POST['email'])) == 0) {
$post_errors[] = 'bad_email';
}
}
// Now make sure this email address is not banned from posting.
isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt[28]));
}
}
// Check the subject and message.
if (!isset($_POST['subject']) || $func['htmltrim']($_POST['subject']) === '') {
$post_errors[] = 'no_subject';
}
if (!isset($_POST['message']) || $func['htmltrim']($_POST['message']) === '') {
$post_errors[] = 'no_message';
} elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_POST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
} else {
// Prepare the message a bit for some additional testing.
$_POST['message'] = $func['htmlspecialchars']($_POST['message'], ENT_QUOTES);
// Preparse code. (Zef)
if ($user_info['is_guest']) {
$user_info['name'] = $_POST['guestname'];
}
preparsecode($_POST['message']);
// Let's see if there's still some content left without the tags.
if ($func['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '') {
$post_errors[] = 'no_message';
}
}
if (isset($_POST['calendar']) && !isset($_REQUEST['deleteevent']) && $func['htmltrim']($_POST['evtitle']) === '') {
$post_errors[] = 'no_event';
}
// You are not!
if (isset($_POST['message']) && strtolower($_POST['message']) == 'i am the administrator.' && !$user_info['is_admin']) {
fatal_error('Knave! Masquerader! Charlatan!', false);
}
// Validate the poll...
if (isset($_REQUEST['poll']) && $modSettings['pollMode'] == '1') {
if (!empty($topic) && !isset($_REQUEST['msg'])) {
fatal_lang_error(1, false);
}
// This is a new topic... so it's a new poll.
if (empty($topic)) {
isAllowedTo('poll_post');
} elseif ($ID_MEMBER == $row['ID_MEMBER_POSTER'] && !allowedTo('poll_add_any')) {
isAllowedTo('poll_add_own');
} else {
isAllowedTo('poll_add_any');
}
if (!isset($_POST['question']) || trim($_POST['question']) == '') {
$post_errors[] = 'no_question';
}
$_POST['options'] = empty($_POST['options']) ? array() : htmltrim__recursive($_POST['options']);
// Get rid of empty ones.
foreach ($_POST['options'] as $k => $option) {
if ($option == '') {
unset($_POST['options'][$k], $_POST['options'][$k]);
}
}
// What are you going to vote between with one choice?!?
if (count($_POST['options']) < 2) {
$post_errors[] = 'poll_few';
}
}
if ($posterIsGuest) {
// If user is a guest, make sure the chosen name isn't taken.
require_once $sourcedir . '/Subs-Members.php';
if (isReservedName($_POST['guestname'], 0, true, false) && (!isset($row['posterName']) || $_POST['guestname'] != $row['posterName'])) {
$post_errors[] = 'bad_name';
}
} elseif (!isset($_REQUEST['msg'])) {
$_POST['guestname'] = addslashes($user_info['username']);
$_POST['email'] = addslashes($user_info['email']);
}
// Any mistakes?
if (!empty($post_errors)) {
loadLanguage('Errors');
// Previewing.
$_REQUEST['preview'] = true;
$context['post_error'] = array('messages' => array());
foreach ($post_errors as $post_error) {
$context['post_error'][$post_error] = true;
$context['post_error']['messages'][] = $txt['error_' . $post_error];
}
return Post();
}
// Make sure the user isn't spamming the board.
if (!isset($_REQUEST['msg'])) {
spamProtection('spam');
}
// At about this point, we're posting and that's that.
ignore_user_abort(true);
@set_time_limit(300);
// Add special html entities to the subject, name, and email.
$_POST['subject'] = strtr($func['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
$_POST['guestname'] = htmlspecialchars($_POST['guestname']);
$_POST['email'] = htmlspecialchars($_POST['email']);
// At this point, we want to make sure the subject isn't too long.
if ($func['strlen']($_POST['subject']) > 100) {
$_POST['subject'] = addslashes($func['substr'](stripslashes($_POST['subject']), 0, 100));
}
// Make the poll...
if (isset($_REQUEST['poll'])) {
// Make sure that the user has not entered a ridiculous number of options..
if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) {
$_POST['poll_max_votes'] = 1;
} elseif ($_POST['poll_max_votes'] > count($_POST['options'])) {
$_POST['poll_max_votes'] = count($_POST['options']);
} else {
$_POST['poll_max_votes'] = (int) $_POST['poll_max_votes'];
}
// Just set it to zero if it's not there..
if (!isset($_POST['poll_hide'])) {
$_POST['poll_hide'] = 0;
} else {
$_POST['poll_hide'] = (int) $_POST['poll_hide'];
}
$_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0;
// If the user tries to set the poll too far in advance, don't let them.
if (!empty($_POST['poll_expire']) && $_POST['poll_expire'] < 1) {
fatal_lang_error('poll_range_error', false);
} elseif (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) {
$_POST['poll_hide'] = 1;
}
// Clean up the question and answers.
$_POST['question'] = $func['htmlspecialchars']($_POST['question']);
$_POST['options'] = htmlspecialchars__recursive($_POST['options']);
}
// Check if they are trying to delete any current attachments....
if (isset($_REQUEST['msg'], $_POST['attach_del']) && allowedTo('post_attachment')) {
$del_temp = array();
foreach ($_POST['attach_del'] as $i => $dummy) {
$del_temp[$i] = (int) $dummy;
}
require_once $sourcedir . '/ManageAttachments.php';
removeAttachments('a.attachmentType = 0 AND a.ID_MSG = ' . (int) $_REQUEST['msg'] . ' AND a.ID_ATTACH NOT IN (' . implode(', ', $del_temp) . ')');
}
// ...or attach a new file...
if (isset($_FILES['attachment']['name']) || !empty($_SESSION['temp_attachments'])) {
isAllowedTo('post_attachment');
// If this isn't a new post, check the current attachments.
if (isset($_REQUEST['msg'])) {
$request = db_query("\n\t\t\t\tSELECT COUNT(*), SUM(size)\n\t\t\t\tFROM {$db_prefix}attachments\n\t\t\t\tWHERE ID_MSG = " . (int) $_REQUEST['msg'] . "\n\t\t\t\t\tAND attachmentType = 0", __FILE__, __LINE__);
list($quantity, $total_size) = mysql_fetch_row($request);
mysql_free_result($request);
} else {
$quantity = 0;
$total_size = 0;
}
if (!empty($_SESSION['temp_attachments'])) {
foreach ($_SESSION['temp_attachments'] as $attachID => $name) {
if (preg_match('~^post_tmp_' . $ID_MEMBER . '_\\d+$~', $attachID) == 0) {
continue;
}
if (!empty($_POST['attach_del']) && !in_array($attachID, $_POST['attach_del'])) {
unset($_SESSION['temp_attachments'][$attachID]);
@unlink($modSettings['attachmentUploadDir'] . '/' . $attachID);
continue;
}
$_FILES['attachment']['tmp_name'][] = $attachID;
$_FILES['attachment']['name'][] = addslashes($name);
$_FILES['attachment']['size'][] = filesize($modSettings['attachmentUploadDir'] . '/' . $attachID);
list($_FILES['attachment']['width'][], $_FILES['attachment']['height'][]) = @getimagesize($modSettings['attachmentUploadDir'] . '/' . $attachID);
unset($_SESSION['temp_attachments'][$attachID]);
}
}
if (!isset($_FILES['attachment']['name'])) {
$_FILES['attachment']['tmp_name'] = array();
}
$attachIDs = array();
foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy) {
if ($_FILES['attachment']['name'][$n] == '') {
continue;
}
// Have we reached the maximum number of files we are allowed?
$quantity++;
if (!empty($modSettings['attachmentNumPerPostLimit']) && $quantity > $modSettings['attachmentNumPerPostLimit']) {
fatal_lang_error('attachments_limit_per_post', false, array($modSettings['attachmentNumPerPostLimit']));
}
// Check the total upload size for this post...
$total_size += $_FILES['attachment']['size'][$n];
if (!empty($modSettings['attachmentPostLimit']) && $total_size > $modSettings['attachmentPostLimit'] * 1024) {
fatal_lang_error('smf122', false, array($modSettings['attachmentPostLimit']));
}
$attachmentOptions = array('post' => isset($_REQUEST['msg']) ? $_REQUEST['msg'] : 0, 'poster' => $ID_MEMBER, 'name' => $_FILES['attachment']['name'][$n], 'tmp_name' => $_FILES['attachment']['tmp_name'][$n], 'size' => $_FILES['attachment']['size'][$n]);
if (createAttachment($attachmentOptions)) {
$attachIDs[] = $attachmentOptions['id'];
if (!empty($attachmentOptions['thumb'])) {
$attachIDs[] = $attachmentOptions['thumb'];
}
} else {
if (in_array('could_not_upload', $attachmentOptions['errors'])) {
fatal_lang_error('smf124');
}
if (in_array('too_large', $attachmentOptions['errors'])) {
fatal_lang_error('smf122', false, array($modSettings['attachmentSizeLimit']));
}
if (in_array('bad_extension', $attachmentOptions['errors'])) {
fatal_error($attachmentOptions['name'] . '.<br />' . $txt['smf123'] . ' ' . $modSettings['attachmentExtensions'] . '.', false);
}
if (in_array('directory_full', $attachmentOptions['errors'])) {
fatal_lang_error('smf126');
}
if (in_array('bad_filename', $attachmentOptions['errors'])) {
fatal_error(basename($attachmentOptions['name']) . '.<br />' . $txt['smf130b'] . '.');
}
if (in_array('taken_filename', $attachmentOptions['errors'])) {
fatal_lang_error('smf125');
}
}
}
}
// Make the poll...
if (isset($_REQUEST['poll'])) {
// Create the poll.
db_query("\n\t\t\tINSERT INTO {$db_prefix}polls\n\t\t\t\t(question, hideResults, maxVotes, expireTime, ID_MEMBER, posterName, changeVote)\n\t\t\tVALUES (SUBSTRING('{$_POST['question']}', 1, 255), {$_POST['poll_hide']}, {$_POST['poll_max_votes']},\n\t\t\t\t" . (empty($_POST['poll_expire']) ? '0' : time() + $_POST['poll_expire'] * 3600 * 24) . ", {$ID_MEMBER}, SUBSTRING('{$_POST['guestname']}', 1, 255), {$_POST['poll_change_vote']})", __FILE__, __LINE__);
$ID_POLL = db_insert_id();
// Create each answer choice.
$i = 0;
$setString = '';
foreach ($_POST['options'] as $option) {
$setString .= "\n\t\t\t\t\t({$ID_POLL}, {$i}, SUBSTRING('{$option}', 1, 255)),";
$i++;
}
db_query("\n\t\t\tINSERT INTO {$db_prefix}poll_choices\n\t\t\t\t(ID_POLL, ID_CHOICE, label)\n\t\t\tVALUES" . substr($setString, 0, -1), __FILE__, __LINE__);
} else {
$ID_POLL = 0;
}
// Creating a new topic?
$newTopic = empty($_REQUEST['msg']) && empty($topic);
// Collect all parameters for the creation or modification of a post.
$msgOptions = array('id' => empty($_REQUEST['msg']) ? 0 : (int) $_REQUEST['msg'], 'subject' => $_POST['subject'], 'body' => $_POST['message'], 'icon' => preg_replace('~[\\./\\\\*\':"<>]~', '', $_POST['icon']), 'smileys_enabled' => !isset($_POST['ns']), 'attachments' => empty($attachIDs) ? array() : $attachIDs);
$topicOptions = array('id' => empty($topic) ? 0 : $topic, 'board' => $board, 'poll' => isset($_REQUEST['poll']) ? $ID_POLL : null, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true);
$posterOptions = array('id' => $ID_MEMBER, 'name' => $_POST['guestname'], 'email' => $_POST['email'], 'update_post_count' => !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count']);
// This is an already existing message. Edit it.
if (!empty($_REQUEST['msg'])) {
// Have admins allowed people to hide their screwups?
if (time() - $row['posterTime'] > $modSettings['edit_wait_time'] || $ID_MEMBER != $row['ID_MEMBER']) {
$msgOptions['modify_time'] = time();
$msgOptions['modify_name'] = addslashes($user_info['name']);
}
modifyPost($msgOptions, $topicOptions, $posterOptions);
} else {
createPost($msgOptions, $topicOptions, $posterOptions);
if (isset($topicOptions['id'])) {
$topic = $topicOptions['id'];
}
}
// Editing or posting an event?
if (isset($_POST['calendar']) && (!isset($_REQUEST['eventid']) || $_REQUEST['eventid'] == -1)) {
require_once $sourcedir . '/Calendar.php';
calendarCanLink();
calendarInsertEvent($board, $topic, $_POST['evtitle'], $ID_MEMBER, $_POST['month'], $_POST['day'], $_POST['year'], isset($_POST['span']) ? $_POST['span'] : null);
} elseif (isset($_POST['calendar'])) {
$_REQUEST['eventid'] = (int) $_REQUEST['eventid'];
// Validate the post...
require_once $sourcedir . '/Subs-Post.php';
calendarValidatePost();
// If you're not allowed to edit any events, you have to be the poster.
if (!allowedTo('calendar_edit_any')) {
// Get the event's poster.
$request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}calendar\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}", __FILE__, __LINE__);
$row2 = mysql_fetch_assoc($request);
mysql_free_result($request);
// Silly hacker, Trix are for kids. ...probably trademarked somewhere, this is FAIR USE! (parody...)
isAllowedTo('calendar_edit_' . ($row2['ID_MEMBER'] == $ID_MEMBER ? 'own' : 'any'));
}
// Delete it?
if (isset($_REQUEST['deleteevent'])) {
db_query("\n\t\t\t\tDELETE FROM {$db_prefix}calendar\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
} else {
$span = !empty($modSettings['cal_allowspan']) && !empty($_REQUEST['span']) ? min((int) $modSettings['cal_maxspan'], (int) $_REQUEST['span'] - 1) : 0;
$start_time = mktime(0, 0, 0, (int) $_REQUEST['month'], (int) $_REQUEST['day'], (int) $_REQUEST['year']);
db_query("\n\t\t\t\tUPDATE {$db_prefix}calendar\n\t\t\t\tSET endDate = '" . strftime('%Y-%m-%d', $start_time + $span * 86400) . "',\n\t\t\t\t\tstartDate = '" . strftime('%Y-%m-%d', $start_time) . "',\n\t\t\t\t\ttitle = '" . $func['htmlspecialchars']($_REQUEST['evtitle'], ENT_QUOTES) . "'\n\t\t\t\tWHERE ID_EVENT = {$_REQUEST['eventid']}\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
}
updateStats('calendar');
}
// Marking read should be done even for editing messages....
if (!$user_info['is_guest']) {
// Mark all the parents read. (since you just posted and they will be unread.)
if (!empty($board_info['parent_boards'])) {
db_query("\n\t\t\t\tUPDATE {$db_prefix}log_boards\n\t\t\t\tSET ID_MSG = {$modSettings['maxMsgID']}\n\t\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}\n\t\t\t\t\tAND ID_BOARD IN (" . implode(',', array_keys($board_info['parent_boards'])) . ")", __FILE__, __LINE__);
}
}
// Turn notification on or off. (note this just blows smoke if it's already on or off.)
if (!empty($_POST['notify'])) {
if (allowedTo('mark_any_notify')) {
db_query("\n\t\t\t\tINSERT IGNORE INTO {$db_prefix}log_notify\n\t\t\t\t\t(ID_MEMBER, ID_TOPIC, ID_BOARD)\n\t\t\t\tVALUES ({$ID_MEMBER}, {$topic}, 0)", __FILE__, __LINE__);
}
} elseif (!$newTopic) {
db_query("\n\t\t\tDELETE FROM {$db_prefix}log_notify\n\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}\n\t\t\t\tAND ID_TOPIC = {$topic}\n\t\t\tLIMIT 1", __FILE__, __LINE__);
}
// Log an act of moderation - modifying.
if (!empty($moderationAction)) {
logAction('modify', array('topic' => $topic, 'message' => (int) $_REQUEST['msg'], 'member' => $row['ID_MEMBER']));
}
if (isset($_POST['lock']) && $_POST['lock'] != 2) {
logAction('lock', array('topic' => $topicOptions['id']));
}
if (isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics'])) {
logAction('sticky', array('topic' => $topicOptions['id']));
}
// Notify any members who have notification turned on for this topic.
if ($newTopic) {
notifyMembersBoard();
} elseif (empty($_REQUEST['msg'])) {
sendNotifications($topic, 'reply');
}
// Returning to the topic?
if (!empty($_REQUEST['goback'])) {
// Mark the board as read.... because it might get confusing otherwise.
db_query("\n\t\t\tUPDATE {$db_prefix}log_boards\n\t\t\tSET ID_MSG = {$modSettings['maxMsgID']}\n\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}\n\t\t\t\tAND ID_BOARD = {$board}", __FILE__, __LINE__);
}
if (!empty($_POST['announce_topic'])) {
redirectexit('action=announce;sa=selectgroup;topic=' . $topic . (!empty($_POST['move']) && allowedTo('move_any') ? ';move' : '') . (empty($_REQUEST['goback']) ? '' : ';goback'));
}
if (!empty($_POST['move']) && allowedTo('move_any')) {
redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback'));
}
// Return to post if the mod is on.
if (isset($_REQUEST['msg']) && !empty($_REQUEST['goback'])) {
redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg'] . '#msg' . $_REQUEST['msg'], $context['browser']['is_ie']);
} elseif (!empty($_REQUEST['goback'])) {
redirectexit('topic=' . $topic . '.new#new', $context['browser']['is_ie']);
} else {
redirectexit('board=' . $board . '.0');
}
}
<?php
require_once "check_login_status.php";
require_once "/views/header.php";
# connect to the database and insert the
# new post data.
require_once __DIR__ . '/dbmodel/dbmodel.php';
$connection = dbconnect();
$html = createPost();
header('location:ADMIN_home.php');
exit;
?>
<!-- <div class="wrap"> -->
<!-- <div class="container"> -->
<!-- <a href="ADMIN_create_form.php" class="btn btn-primary" role="button">Create new Post</a> -->
<!-- </div> -->
<!-- <div class="container"> -->
<!-- <div class="col-md-12 col-xs-12"> -->
<!-- <?php
#print $html;
?>
-->
<!-- </div> -->
<!-- </div> -->
<!-- Footer -->
<!-- <?php
# require_once("views/footer.php");
?>
-->
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
print '<div class="post_it"><h3>';
if (isset($_POST['litter'])) {
print createPost();
}
if (isset($_POST['postComment'])) {
print postComment();
}
if (isset($_POST['reply'])) {
print replyComment();
}
if (isset($_POST['profile_pic'])) {
print changeProfilePic();
}
if (isset($_POST['changeInfo'])) {
print changeInfo();
}
if (isset($_POST['del_user'])) {
deleteUser();
}
if (isset($_POST['del_post'])) {
print deletePost();
}
if (isset($_POST['del_comment'])) {
print deleteComment();
}
if (isset($_POST['recycle'])) {
print recycle();
}
function TP_createtopic($title, $text, $icon, $board, $sticky = 0, $submitter)
{
global $user_info, $board_info, $sourcedir;
require_once $sourcedir . '/Subs-Post.php';
$body = str_replace(array("<", ">", "\n", "\t"), array("<", ">", "<br>", " "), $text);
preparsecode($body);
// Collect all parameters for the creation or modification of a post.
$msgOptions = array('id' => empty($_REQUEST['msg']) ? 0 : (int) $_REQUEST['msg'], 'subject' => $title, 'body' => $body, 'icon' => $icon, 'smileys_enabled' => '1', 'attachments' => array());
$topicOptions = array('id' => empty($topic) ? 0 : $topic, 'board' => $board, 'poll' => null, 'lock_mode' => null, 'sticky_mode' => $sticky, 'mark_as_read' => true);
$posterOptions = array('id' => $submitter, 'name' => '', 'email' => '', 'update_post_count' => !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count']);
if (createPost($msgOptions, $topicOptions, $posterOptions)) {
$topi = $topicOptions['id'];
} else {
$topi = 0;
}
return $topi;
}
<?php
session_start();
if (isset($_GET["action"])) {
switch ($_GET["action"]) {
case "getposts":
getPosts();
break;
case "modpost":
modPost();
break;
case "createpost":
createPost();
break;
case "savepage":
savePage();
break;
}
}
function getPosts()
{
require_once "dbconnect.php";
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$result = $mysqli->query("SELECT * FROM posts");
$encode = array();
while ($row = mysqli_fetch_assoc($result)) {
$encode[] = $row;
}
echo json_encode($encode);
}
function createPost()
$result = createThread($db, $_SESSION['id'], $_POST['forumid'], $_POST['newthreadtitle'], $_SESSION['token']);
//$_SESSION['token'] = $result[SP::TOKEN];
switch ($result[SP::ERROR]) {
case ERR::OK:
$postToThread = $result[THREAD::ID];
break;
case ERR::TOKEN_EXPIRED:
case ERR::TOKEN_FAIL:
case ERR::USER_NO_TOKEN:
header("Location: logout.php?error=" . $result[SP::ERROR]);
break;
}
}
if ($postToThread != null) {
// We're making a new post
$result = createPost($db, $_SESSION['id'], $postToThread, $_POST['content'], $_SESSION['token']);
//$_SESSION['token'] = $result[SP::TOKEN];
switch ($result[SP::ERROR]) {
// If the page number's too high, you'll just go to the final page.
case ERR::OK:
echo "Post made successfully! <a href='threadview.php?threadid=" . $postToThread . "&page=999999'>Back to thread</a>.";
break;
case ERR::THREAD_NOT_EXIST:
echo "The specified thread does not, or no longer, exists.";
break;
case ERR::THREAD_LOCKED:
echo "The specified thread is locked.";
break;
case ERR::PERMIS_FAIL:
echo "You must <a href='login.php'>log in</a> to do this.";
break;
// Carga el jwt_helper
// if (file_exists('../../../jwt_helper.php')) {
// require_once '../../../jwt_helper.php';
// } else {
// require_once 'jwt_helper.php';
// }
// Las funciones en el if no necesitan usuario logged
if ($decoded == null && ($_GET["function"] != null && ($_GET["function"] == 'getPosts' || $_GET["function"] == 'getTemas'))) {
$token = '';
} else {
checkSecurity();
}
}
if ($decoded != null) {
if ($decoded->function == 'createPost') {
createPost($decoded->post);
} else {
if ($decoded->function == 'createTema') {
createTema($decoded->tema);
} else {
if ($decoded->function == 'updatePost') {
updatePost($decoded->post);
} else {
if ($decoded->function == 'updateTema') {
updateTema($decoded->tema);
} else {
if ($decoded->function == 'removePost') {
removePost($decoded->post_id);
} else {
if ($decoded->function == 'removeTema') {
removeTema($decoded->tema_id);
if (empty($_POST["post_title"])) {
//jah oli tühi
$post_title_error = "Title is needed";
} else {
$post_title = test_input($_POST["post_title"]);
}
//kas on tühi
if (empty($_POST["post"])) {
//jah oli tühi
$post_error = "Text is needed";
} else {
$post = test_input($_POST["post"]);
}
//kui errorit ei ole
if ($post_title_error == "" && $post_error == "") {
$msg = createPost($post_title, $post);
if ($msg != "") {
//salvestamine õnnestus, teen väljad tühjaks
$post_title = "";
$post = "";
echo $msg;
}
}
}
function test_input($data)
{
$data = trim($data);
// võtab tühikud, tabid ja enterid ära
$data = stripslashes($data);
// võtab \\ ära
$data = htmlspecialchars($data);
function CheckPostScheduler()
{
global $sourcedir, $smcFunc;
// For the createPost function
require_once $sourcedir . '/Subs-Post.php';
$t = time();
$result = $smcFunc['db_query']('', "\n\tSELECT \n\t\tID_POST, subject, ID_MEMBER, postername, post_time,\n\t\tmsgicon, body, locked, ID_TOPIC, ID_BOARD \n\tFROM {db_prefix}postscheduler \n\tWHERE hasposted = 0 AND post_time <= {$t}");
while ($row = $smcFunc['db_fetch_assoc']($result)) {
$updatePostCount = $row['ID_MEMBER'] == 0 ? 0 : 1;
$msgOptions = array('id' => 0, 'subject' => $row['subject'], 'body' => $row['body'], 'icon' => $row['msgicon'], 'smileys_enabled' => 1, 'attachments' => array());
$topicOptions = array('id' => $row['ID_TOPIC'], 'board' => $row['ID_BOARD'], 'poll' => null, 'lock_mode' => $row['locked'], 'sticky_mode' => null, 'mark_as_read' => false);
$posterOptions = array('id' => $row['ID_MEMBER'], 'name' => $row['postername'], 'email' => '', 'ip' => '127.0.0.1', 'update_post_count' => $updatePostCount);
createPost($msgOptions, $topicOptions, $posterOptions);
$smcFunc['db_query']('', "UPDATE {db_prefix}postscheduler\n\t\tSET hasposted = 1 \n\tWHERE ID_POST = " . $row['ID_POST']);
}
updateSettings(array('post_lastcron' => time() + +(1 * 60)));
}
private function _makeMessages()
{
require_once SUBSDIR . '/Post.subs.php';
while ($this->counters['messages']['current'] < $this->counters['messages']['max'] && $this->blockSize--) {
$msgOptions = array('subject' => trim($this->loremIpsum->getContent(mt_rand(1, 6), 'txt')), 'body' => trim($this->loremIpsum->getContent(mt_rand(5, 60), 'txt')), 'approved' => TRUE);
$topicOptions = array('id' => $this->counters['topics']['current'] < $this->counters['topics']['max'] && mt_rand() < (int) (mt_getrandmax() * ($this->counters['topics']['max'] / $this->counters['messages']['max'])) ? 0 : ($this->counters['topics']['current'] < $this->counters['topics']['max'] ? mt_rand(1, ++$this->counters['topics']['current']) : mt_rand(1, $this->counters['topics']['current'])), 'board' => mt_rand(1, $this->counters['boards']['max']), 'mark_as_read' => TRUE);
$member = mt_rand(1, $this->counters['members']['max']);
$posterOptions = array('id' => $member, 'name' => 'Member ' . $member, 'email' => 'member_' . $member . '@' . $_SERVER['SERVER_NAME'] . '.com', 'update_post_count' => TRUE);
createPost($msgOptions, $topicOptions, $posterOptions);
}
$this->_pause();
}
function MoveTopic2()
{
global $txt, $board, $topic, $scripturl, $sourcedir, $modSettings, $context;
global $board, $language, $user_info, $smcFunc;
if (empty($topic)) {
fatal_lang_error('no_access', false);
}
// You can't choose to have a redirection topic and use an empty reason.
if (isset($_POST['postRedirect']) && (!isset($_POST['reason']) || trim($_POST['reason']) == '')) {
fatal_lang_error('movetopic_no_reason', false);
}
// Make sure this form hasn't been submitted before.
checkSubmitOnce('check');
$request = $smcFunc['db_query']('', '
SELECT id_member_started, id_first_msg, approved
FROM {db_prefix}topics
WHERE id_topic = {int:current_topic}
LIMIT 1', array('current_topic' => $topic));
list($id_member_started, $id_first_msg, $context['is_approved']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Can they see it?
if (!$context['is_approved']) {
isAllowedTo('approve_posts');
}
// Can they move topics on this board?
if (!allowedTo('move_any')) {
if ($id_member_started == $user_info['id']) {
isAllowedTo('move_own');
$boards = array_merge(boardsAllowedTo('move_own'), boardsAllowedTo('move_any'));
} else {
isAllowedTo('move_any');
}
} else {
$boards = boardsAllowedTo('move_any');
}
// If this topic isn't approved don't let them move it if they can't approve it!
if ($modSettings['postmod_active'] && !$context['is_approved'] && !allowedTo('approve_posts')) {
// Only allow them to move it to other boards they can't approve it in.
$can_approve = boardsAllowedTo('approve_posts');
$boards = array_intersect($boards, $can_approve);
}
checkSession();
require_once $sourcedir . '/Subs-Post.php';
// The destination board must be numeric.
$_POST['toboard'] = (int) $_POST['toboard'];
// Make sure they can see the board they are trying to move to (and get whether posts count in the target board).
$request = $smcFunc['db_query']('', '
SELECT b.count_posts, b.name, m.subject
FROM {db_prefix}boards AS b
INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
INNER JOIN {db_prefix}messages AS m ON (m.id_msg = t.id_first_msg)
WHERE {query_see_board}
AND b.id_board = {int:to_board}
AND b.redirect = {string:blank_redirect}
LIMIT 1', array('current_topic' => $topic, 'to_board' => $_POST['toboard'], 'blank_redirect' => ''));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('no_board');
}
list($pcounter, $board_name, $subject) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Remember this for later.
$_SESSION['move_to_topic'] = $_POST['toboard'];
// Rename the topic...
if (isset($_POST['reset_subject'], $_POST['custom_subject']) && $_POST['custom_subject'] != '') {
$_POST['custom_subject'] = strtr($smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['custom_subject'])), array("\r" => '', "\n" => '', "\t" => ''));
// Keep checking the length.
if ($smcFunc['strlen']($_POST['custom_subject']) > 100) {
$_POST['custom_subject'] = $smcFunc['substr']($_POST['custom_subject'], 0, 100);
}
// If it's still valid move onwards and upwards.
if ($_POST['custom_subject'] != '') {
if (isset($_POST['enforce_subject'])) {
// Get a response prefix, but in the forum's default language.
if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) {
if ($language === $user_info['language']) {
$context['response_prefix'] = $txt['response_prefix'];
} else {
loadLanguage('index', $language, false);
$context['response_prefix'] = $txt['response_prefix'];
loadLanguage('index');
}
cache_put_data('response_prefix', $context['response_prefix'], 600);
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}messages
SET subject = {string:subject}
WHERE id_topic = {int:current_topic}', array('current_topic' => $topic, 'subject' => $context['response_prefix'] . $_POST['custom_subject']));
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}messages
SET subject = {string:custom_subject}
WHERE id_msg = {int:id_first_msg}', array('id_first_msg' => $id_first_msg, 'custom_subject' => $_POST['custom_subject']));
// Fix the subject cache.
updateStats('subject', $topic, $_POST['custom_subject']);
}
}
// Create a link to this in the old board.
//!!! Does this make sense if the topic was unapproved before? I'd just about say so.
if (isset($_POST['postRedirect'])) {
// Should be in the boardwide language.
if ($user_info['language'] != $language) {
loadLanguage('index', $language);
}
$_POST['reason'] = $smcFunc['htmlspecialchars']($_POST['reason'], ENT_QUOTES);
preparsecode($_POST['reason']);
// Add a URL onto the message.
$_POST['reason'] = strtr($_POST['reason'], array($txt['movetopic_auto_board'] => '[url=' . $scripturl . '?board=' . $_POST['toboard'] . '.0]' . $board_name . '[/url]', $txt['movetopic_auto_topic'] => '[iurl]' . $scripturl . '?topic=' . $topic . '.0[/iurl]'));
$msgOptions = array('subject' => $txt['moved'] . ': ' . $subject, 'body' => $_POST['reason'], 'icon' => 'moved', 'smileys_enabled' => 1);
$topicOptions = array('board' => $board, 'lock_mode' => 1, 'mark_as_read' => true);
$posterOptions = array('id' => $user_info['id'], 'update_post_count' => empty($pcounter));
createPost($msgOptions, $topicOptions, $posterOptions);
}
$request = $smcFunc['db_query']('', '
SELECT count_posts
FROM {db_prefix}boards
WHERE id_board = {int:current_board}
LIMIT 1', array('current_board' => $board));
list($pcounter_from) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
if ($pcounter_from != $pcounter) {
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}messages
WHERE id_topic = {int:current_topic}
AND approved = {int:is_approved}', array('current_topic' => $topic, 'is_approved' => 1));
$posters = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (!isset($posters[$row['id_member']])) {
$posters[$row['id_member']] = 0;
}
$posters[$row['id_member']]++;
}
$smcFunc['db_free_result']($request);
foreach ($posters as $id_member => $posts) {
// The board we're moving from counted posts, but not to.
if (empty($pcounter_from)) {
updateMemberData($id_member, array('posts' => 'posts - ' . $posts));
} else {
updateMemberData($id_member, array('posts' => 'posts + ' . $posts));
}
}
}
// Do the move (includes statistics update needed for the redirect topic).
moveTopics($topic, $_POST['toboard']);
// Log that they moved this topic.
if (!allowedTo('move_own') || $id_member_started != $user_info['id']) {
logAction('move', array('topic' => $topic, 'board_from' => $board, 'board_to' => $_POST['toboard']));
}
// Notify people that this topic has been moved?
sendNotifications($topic, 'move');
// Why not go back to the original board in case they want to keep moving?
if (!isset($_REQUEST['goback'])) {
redirectexit('board=' . $board . '.0');
} else {
redirectexit('topic=' . $topic . '.0');
}
}
/**
* Puts a topic into the SMF topics table
* @param integer board_id The id of the board to put the topic into
* @param string subject The subject of the topic
* @param string message The content of the first post in the topic
* @param integer user_id The id of the first poster (defaults to the current user)
* @param array options A mixed set of options, currently:
* @param mixed icon I have no idea what this does
* @param bool locked The locked status of the topic
* @param bool sticky Whether the topic should be stickied or not
* @param bool update_post_count Whether to increase the poster's post count
* @return integer The id of the newly created topic
*/
function putTopic($board_id, $subject, $message, $user_id = 0, $options = array())
{
global $db_prefix, $ID_MEMBER, $modSettings, $user_info;
require_once $this->config['Path']['Auth_Local'] . 'Sources/Subs-Post.php';
// Clean the strings
$subject = $this->formatPutTopic($subject);
$message = $this->formatPutTopic($message);
$msgOptions = array('icon' => $options['icon'], 'smileys_enabled' => true, 'subject' => $subject, 'body' => $message);
$topicOptions = array('board' => $board_id, 'lock_mode' => $options['locked'], 'sticky_mode' => $options['sticky'], 'mark_as_read' => true);
$posterOptions = array('id' => $user_id ? $user_id : $ID_MEMBER, 'update_post_count' => $options['update_post_count']);
$topic_id = createPost($msgOptions, $topicOptions, $posterOptions);
return $topic_id;
}
