function JavaScriptModify()
{
global $sourcedir, $modSettings, $board, $topic, $txt;
global $user_info, $context, $smcFunc, $language;
// We have to have a topic!
if (empty($topic)) {
obExit(false);
}
checkSession('get');
require_once $sourcedir . '/Subs-Post.php';
// Assume the first message if no message ID was given.
$request = $smcFunc['db_query']('', '
SELECT
t.locked, t.num_replies, t.id_member_started, t.id_first_msg,
m.id_msg, m.id_member, m.poster_time, m.subject, m.smileys_enabled, m.body, m.icon,
m.modified_time, m.modified_name, m.approved
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
WHERE m.id_msg = {raw:id_msg}
AND m.id_topic = {int:current_topic}' . (allowedTo('approve_posts') ? '' : (!$modSettings['postmod_active'] ? '
AND (m.id_member != {int:guest_id} AND m.id_member = {int:current_member})' : '
AND (m.approved = {int:is_approved} OR (m.id_member != {int:guest_id} AND m.id_member = {int:current_member}))')), array('current_member' => $user_info['id'], 'current_topic' => $topic, 'id_msg' => empty($_REQUEST['msg']) ? 't.id_first_msg' : (int) $_REQUEST['msg'], 'is_approved' => 1, 'guest_id' => 0));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('no_board', false);
}
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Change either body or subject requires permissions to modify messages.
if (isset($_POST['message']) || isset($_POST['subject']) || isset($_REQUEST['icon'])) {
if (!empty($row['locked'])) {
isAllowedTo('moderate_board');
}
if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) {
if ((!$modSettings['postmod_active'] || $row['approved']) && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) {
fatal_lang_error('modify_post_time_passed', false);
} elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_own')) {
isAllowedTo('modify_replies');
} else {
isAllowedTo('modify_own');
}
} elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_any')) {
isAllowedTo('modify_replies');
} else {
isAllowedTo('modify_any');
}
// Only log this action if it wasn't your message.
$moderationAction = $row['id_member'] != $user_info['id'];
}
$post_errors = array();
if (isset($_POST['subject']) && $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['subject'])) !== '') {
$_POST['subject'] = strtr($smcFunc['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
// Maximum number of characters.
if ($smcFunc['strlen']($_POST['subject']) > 100) {
$_POST['subject'] = $smcFunc['substr']($_POST['subject'], 0, 100);
}
} elseif (isset($_POST['subject'])) {
$post_errors[] = 'no_subject';
unset($_POST['subject']);
}
if (isset($_POST['message'])) {
if ($smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['message'])) === '') {
$post_errors[] = 'no_message';
unset($_POST['message']);
} elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_POST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
unset($_POST['message']);
} else {
$_POST['message'] = $smcFunc['htmlspecialchars']($_POST['message'], ENT_QUOTES);
preparsecode($_POST['message']);
if ($smcFunc['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '') {
$post_errors[] = 'no_message';
unset($_POST['message']);
}
}
}
if (isset($_POST['lock'])) {
if (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $row['id_member']) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
if ($row['locked'] == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} elseif (!empty($row['locked']) && !empty($_POST['lock']) || $_POST['lock'] == $row['locked']) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
if (isset($_POST['sticky']) && !allowedTo('make_sticky')) {
unset($_POST['sticky']);
}
if (empty($post_errors)) {
$msgOptions = array('id' => $row['id_msg'], 'subject' => isset($_POST['subject']) ? $_POST['subject'] : null, 'body' => isset($_POST['message']) ? $_POST['message'] : null, 'icon' => isset($_REQUEST['icon']) ? preg_replace('~[\\./\\\\*\':"<>]~', '', $_REQUEST['icon']) : null);
$topicOptions = array('id' => $topic, 'board' => $board, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true);
$posterOptions = array();
// Only consider marking as editing if they have edited the subject, message or icon.
if (isset($_POST['subject']) && $_POST['subject'] != $row['subject'] || isset($_POST['message']) && $_POST['message'] != $row['body'] || isset($_REQUEST['icon']) && $_REQUEST['icon'] != $row['icon']) {
// And even then only if the time has passed...
if (time() - $row['poster_time'] > $modSettings['edit_wait_time'] || $user_info['id'] != $row['id_member']) {
$msgOptions['modify_time'] = time();
$msgOptions['modify_name'] = $user_info['name'];
}
} else {
$moderationAction = false;
}
modifyPost($msgOptions, $topicOptions, $posterOptions);
// If we didn't change anything this time but had before put back the old info.
if (!isset($msgOptions['modify_time']) && !empty($row['modified_time'])) {
$msgOptions['modify_time'] = $row['modified_time'];
$msgOptions['modify_name'] = $row['modified_name'];
}
// Changing the first subject updates other subjects to 'Re: new_subject'.
if (isset($_POST['subject']) && isset($_REQUEST['change_all_subjects']) && $row['id_first_msg'] == $row['id_msg'] && !empty($row['num_replies']) && (allowedTo('modify_any') || $row['id_member_started'] == $user_info['id'] && allowedTo('modify_replies'))) {
// Get the proper (default language) response prefix first.
if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) {
if ($language === $user_info['language']) {
$context['response_prefix'] = $txt['response_prefix'];
} else {
loadLanguage('index', $language, false);
$context['response_prefix'] = $txt['response_prefix'];
loadLanguage('index');
}
cache_put_data('response_prefix', $context['response_prefix'], 600);
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}messages
SET subject = {string:subject}
WHERE id_topic = {int:current_topic}
AND id_msg != {int:id_first_msg}', array('current_topic' => $topic, 'id_first_msg' => $row['id_first_msg'], 'subject' => $context['response_prefix'] . $_POST['subject']));
}
if (!empty($moderationAction)) {
logAction('modify', array('topic' => $topic, 'message' => $row['id_msg'], 'member' => $row['id_member'], 'board' => $board));
}
}
if (isset($_REQUEST['xml'])) {
$context['sub_template'] = 'modifydone';
if (empty($post_errors) && isset($msgOptions['subject']) && isset($msgOptions['body'])) {
$context['message'] = array('id' => $row['id_msg'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? timeformat($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? $msgOptions['modify_name'] : ''), 'subject' => $msgOptions['subject'], 'first_in_topic' => $row['id_msg'] == $row['id_first_msg'], 'body' => strtr($msgOptions['body'], array(']]>' => ']]]]><![CDATA[>')));
censorText($context['message']['subject']);
censorText($context['message']['body']);
$context['message']['body'] = parse_bbc($context['message']['body'], $row['smileys_enabled'], $row['id_msg']);
} elseif (empty($post_errors)) {
$context['sub_template'] = 'modifytopicdone';
$context['message'] = array('id' => $row['id_msg'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? timeformat($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? $msgOptions['modify_name'] : ''), 'subject' => isset($msgOptions['subject']) ? $msgOptions['subject'] : '');
censorText($context['message']['subject']);
} else {
$context['message'] = array('id' => $row['id_msg'], 'errors' => array(), 'error_in_subject' => in_array('no_subject', $post_errors), 'error_in_body' => in_array('no_message', $post_errors) || in_array('long_message', $post_errors));
loadLanguage('Errors');
foreach ($post_errors as $post_error) {
if ($post_error == 'long_message') {
$context['message']['errors'][] = sprintf($txt['error_' . $post_error], $modSettings['max_messageLength']);
} else {
$context['message']['errors'][] = $txt['error_' . $post_error];
}
}
}
} else {
obExit(false);
}
}
if (isset($_SESSION['adminMessage'])) {
print "<div id='main_form'><p>" . $_SESSION['adminMessage'] . "</p></div>";
unset($_SESSION['adminMessage']);
}
require_once '../includes/config.php';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$result = $mysqli->query("SELECT * FROM item");
if ($result && !isset($_POST['modify'])) {
print "<form id='album_photos' action='modify_post.php' method='post'>\n\t\t\t<p>Choose a Post to Modify</p>\n\t <select name='option'>";
while ($row = $result->fetch_row()) {
print "<option value={$row['0']}>{$row['1']}</option>";
}
print "</select>\t\n\t\t\t<input type='submit' name= 'modify' value='Click to submit'>\n\t\t</form>";
}
if (isset($_POST['modify'])) {
modifyPost();
$_SESSION['item_ID'] = $_POST["option"];
}
function modifyPost()
{
?>
<form id='main_form' action="modify_post.php" method="post" enctype="multipart/form-data">
<input type="text" name="url" minlength='1' maxlength= '50'> Enter the modified URL <p></p>
<input type="text" name="Header" minlength='1' maxlength= '50'> Enter the modified header <p></p>
<textarea type="text" name="Description" minlength='1' maxlength= '500' rows="4" cols="50"></textarea> Enter the modified description for the item <p></p>
<select name="sub_category">
<?php
//We don't need to choose category, because whenever the sub_category is choosen, category is set based on the relations
//in the table 'category_belongs'
//we can print the option list dynamiclly
function JavaScriptModify()
{
global $db_prefix, $sourcedir, $modSettings, $board, $topic, $txt;
global $user_info, $ID_MEMBER, $context, $func, $language;
// We have to have a topic!
if (empty($topic)) {
obExit(false);
}
checkSession('get');
require_once $sourcedir . '/Subs-Post.php';
// Assume the first message if no message ID was given.
$request = db_query("\n\t\t\tSELECT \n\t\t\t\tt.locked, t.numReplies, t.ID_MEMBER_STARTED, t.ID_FIRST_MSG,\n\t\t\t\tm.ID_MSG, m.ID_MEMBER, m.posterTime, m.subject, m.smileysEnabled, m.body,\n\t\t\t\tm.modifiedTime, m.modifiedName\n\t\t\tFROM ({$db_prefix}messages AS m, {$db_prefix}topics AS t)\n\t\t\tWHERE m.ID_MSG = " . (empty($_REQUEST['msg']) ? 't.ID_FIRST_MSG' : (int) $_REQUEST['msg']) . "\n\t\t\t\tAND m.ID_TOPIC = {$topic}\n\t\t\t\tAND t.ID_TOPIC = {$topic}", __FILE__, __LINE__);
if (mysql_num_rows($request) == 0) {
fatal_lang_error('smf232', false);
}
$row = mysql_fetch_assoc($request);
mysql_free_result($request);
// Change either body or subject requires permissions to modify messages.
if (isset($_POST['message']) || isset($_POST['subject']) || isset($_POST['icon'])) {
if (!empty($row['locked'])) {
isAllowedTo('moderate_board');
}
if ($row['ID_MEMBER'] == $ID_MEMBER && !allowedTo('modify_any')) {
if (!empty($modSettings['edit_disable_time']) && $row['posterTime'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) {
fatal_lang_error('modify_post_time_passed', false);
} elseif ($row['ID_MEMBER_STARTED'] == $ID_MEMBER && !allowedTo('modify_own')) {
isAllowedTo('modify_replies');
} else {
isAllowedTo('modify_own');
}
} elseif ($row['ID_MEMBER_STARTED'] == $ID_MEMBER && !allowedTo('modify_any')) {
isAllowedTo('modify_replies');
} else {
isAllowedTo('modify_any');
}
// Only log this action if it wasn't your message.
$moderationAction = $row['ID_MEMBER'] != $ID_MEMBER;
}
$post_errors = array();
if (isset($_POST['subject']) && $func['htmltrim']($_POST['subject']) !== '') {
$_POST['subject'] = strtr($func['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
// Maximum number of characters.
if ($func['strlen']($_POST['subject']) > 100) {
$_POST['subject'] = addslashes($func['substr'](stripslashes($_POST['subject']), 0, 100));
}
} else {
$post_errors[] = 'no_subject';
unset($_POST['subject']);
}
if (isset($_POST['message'])) {
if ($func['htmltrim']($_POST['message']) === '') {
$post_errors[] = 'no_message';
unset($_POST['message']);
} elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_POST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
unset($_POST['message']);
} else {
$_POST['message'] = $func['htmlspecialchars']($_POST['message'], ENT_QUOTES);
preparsecode($_POST['message']);
if ($func['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '') {
$post_errors[] = 'no_message';
unset($_POST['message']);
}
}
}
if (isset($_POST['lock'])) {
if (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $ID_MEMBER != $row['ID_MEMBER']) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
if ($row['locked'] == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} elseif (!empty($row['locked']) && !empty($_POST['lock']) || $_POST['lock'] == $row['locked']) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
if (isset($_POST['sticky']) && !allowedTo('make_sticky')) {
unset($_POST['sticky']);
}
if (empty($post_errors)) {
$msgOptions = array('id' => $row['ID_MSG'], 'subject' => isset($_POST['subject']) ? $_POST['subject'] : null, 'body' => isset($_POST['message']) ? $_POST['message'] : null, 'icon' => isset($_POST['icon']) ? preg_replace('~[\\./\\\\*\':"<>]~', '', $_POST['icon']) : null);
$topicOptions = array('id' => $topic, 'board' => $board, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true);
$posterOptions = array();
// Only consider marking as editing if they have edited the subject, message or icon.
if (isset($_POST['subject']) && $_POST['subject'] != $row['subject'] || isset($_POST['message']) && $_POST['message'] != $row['body'] || isset($_POST['icon']) && $_POST['icon'] != $row['icon']) {
// And even then only if the time has passed...
if (time() - $row['posterTime'] > $modSettings['edit_wait_time'] || $ID_MEMBER != $row['ID_MEMBER']) {
$msgOptions['modify_time'] = time();
$msgOptions['modify_name'] = addslashes($user_info['name']);
}
}
modifyPost($msgOptions, $topicOptions, $posterOptions);
// If we didn't change anything this time but had before put back the old info.
if (!isset($msgOptions['modify_time']) && !empty($row['modifiedTime'])) {
$msgOptions['modify_time'] = $row['modifiedTime'];
$msgOptions['modify_name'] = $row['modifiedName'];
}
// Changing the first subject updates other subjects to 'Re: new_subject'.
if (isset($_POST['subject']) && isset($_REQUEST['change_all_subjects']) && $row['ID_FIRST_MSG'] == $row['ID_MSG'] && !empty($row['numReplies']) && (allowedTo('modify_any') || $row['ID_MEMBER_STARTED'] == $ID_MEMBER && allowedTo('modify_replies'))) {
// Get the proper (default language) response prefix first.
if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) {
if ($language === $user_info['language']) {
$context['response_prefix'] = $txt['response_prefix'];
} else {
loadLanguage('index', $language, false);
$context['response_prefix'] = $txt['response_prefix'];
loadLanguage('index');
}
cache_put_data('response_prefix', $context['response_prefix'], 600);
}
db_query("\n\t\t\t\tUPDATE {$db_prefix}messages\n\t\t\t\tSET subject = '{$context['response_prefix']}{$_POST['subject']}'\n\t\t\t\tWHERE ID_TOPIC = {$topic}\n\t\t\t\t\tAND ID_MSG != {$row['ID_FIRST_MSG']}\n\t\t\t\tLIMIT {$row['numReplies']}", __FILE__, __LINE__);
}
if ($moderationAction) {
logAction('modify', array('topic' => $topic, 'message' => $row['ID_MSG'], 'member' => $row['ID_MEMBER_STARTED']));
}
}
if (isset($_REQUEST['xml'])) {
$context['sub_template'] = 'modifydone';
if (empty($post_errors) && isset($msgOptions['subject']) && isset($msgOptions['body'])) {
$context['message'] = array('id' => $row['ID_MSG'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? timeformat($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? stripslashes($msgOptions['modify_name']) : ''), 'subject' => stripslashes($msgOptions['subject']), 'first_in_topic' => $row['ID_MSG'] == $row['ID_FIRST_MSG'], 'body' => strtr(stripslashes($msgOptions['body']), array(']]>' => ']]]]><![CDATA[>')));
censorText($context['message']['subject']);
censorText($context['message']['body']);
$context['message']['body'] = parse_bbc($context['message']['body'], $row['smileysEnabled'], $row['ID_MSG']);
} elseif (empty($post_errors) && isset($msgOptions['subject'])) {
$context['sub_template'] = 'modifytopicdone';
$context['message'] = array('id' => $row['ID_MSG'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? timeformat($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? stripslashes($msgOptions['modify_name']) : ''), 'subject' => stripslashes($msgOptions['subject']));
censorText($context['message']['subject']);
} else {
$context['message'] = array('id' => $row['ID_MSG'], 'errors' => array(), 'error_in_subject' => in_array('no_subject', $post_errors), 'error_in_body' => in_array('no_message', $post_errors) || in_array('long_message', $post_errors));
loadLanguage('Errors');
foreach ($post_errors as $post_error) {
$context['message']['errors'][] = $txt['error_' . $post_error];
}
}
} else {
obExit(false);
}
}
function method_save_raw_post()
{
global $mobdb, $mobsettings, $user_info, $context, $sourcedir, $func, $smcFunc;
if ($user_info['is_guest']) {
createErrorResponse(8);
}
require_once $sourcedir . '/Subs-Post.php';
// What is this post?
$id_msg = (int) $context['mob_request']['params'][0][0];
if (empty($id_msg)) {
createErrorResponse(6);
}
$subject = utf8ToAscii(trim(base64_decode($context['mob_request']['params'][1][0])));
$body = utf8ToAscii(trim(base64_decode($context['mob_request']['params'][2][0])));
######## Added by Sean##############
$subject = addslashes__recursive($subject);
$body = addslashes__recursive($body);
// Set up the inputs for the form.
$body = $func['htmlspecialchars']($body, ENT_QUOTES);
preparsecode($body);
$subject = strtr($func['htmlspecialchars']($subject), array("\r" => '', "\n" => '', "\t" => ''));
##################################################################
if (empty($body)) {
createErrorResponse('incorrect_params', '', 'xmlrpc');
}
// Get the board and body
$mobdb->query('
SELECT b.ID_BOARD AS id_board, m.ID_MEMBER AS id_member, t.isSticky, t.locked, t.ID_TOPIC, m.posterTime AS poster_time, t.ID_MEMBER_STARTED
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC)
INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = t.ID_BOARD)
WHERE m.ID_MSG = {int:msg}', array('msg' => $id_msg));
if ($mobdb->num_rows() == 0) {
createErrorResponse(6);
}
list($id_board, $id_member_posted, $sticky, $locked, $id_topic, $post_time, $id_member_start) = $mobdb->fetch_row();
$mobdb->free_result();
$is_started = $user_info['id'] == $id_member_start && !$user_info['is_guest'];
$can_edit = (!$locked || allowedTo('moderate_board', $id_board)) && (allowedTo('modify_any', $id_board) || allowedTo('modify_replies', $id_board) && $is_started || allowedTo('modify_own', $id_board) && $id_member_posted == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $post_time + $modSettings['edit_disable_time'] * 60 > time()));
if (!$can_edit) {
createErrorResponse(6);
}
//$subject = strtr(htmlspecialchars($subject), array("\r" => '', "\n" => '', "\t" => ''));
//$body = htmlspecialchars($body);
$body = un_preparsecode($body);
censorText($subject);
censorText($body);
// Save it!
$msgOptions = array('body' => $body, 'id' => $id_msg);
if ($subject) {
$msgOptions['subject'] = $subject;
}
$topicOptions = array('id' => $id_topic, 'sticky_mode' => $sticky, 'locked_mode' => $locked);
$posterOptions = array();
modifyPost($msgOptions, $topicOptions, $posterOptions);
outputRPCResult(true);
}