public function create() { //hacking attempt if ($_POST['end_of_line'] != "") { exit; } if (isset($_POST['title']) && isset($_POST['cat']) && isset($_POST['imesg']) && isset($_POST['omesg'])) { $catid = (int) $_POST['cat']; $category = new \CODOF\Forum\Category($this->db); if (!$category->exists($catid) || !$category->canCreateTopicIn($catid)) { exit(_t("No such category exists!")); } $post = new \CODOF\Forum\Post($this->db); $topic = new \CODOF\Forum\Topic($this->db); $notifier = new \CODOF\Forum\Notification\Notifier(); $subscriber = new \CODOF\Forum\Notification\Subscriber(); $title = \CODOF\Format::title($_POST['title']); $filter = new \CODOF\SpamFilter(); $needsModeration = false; $sticky = $_POST['sticky'] === "true" ? 'yes' : 'no'; $frontpage = $_POST['frontpage'] === "true" ? 'yes' : 'no'; if ($filter->isSpam($_POST['imesg'])) { $needsModeration = true; } $user = \CODOF\User\User::get(); if ($sticky == 'yes' && $user->can('make sticky')) { if ($frontpage == 'yes') { $tid = $topic->ins_topic($catid, $title, $needsModeration, \CODOF\Forum\Forum::STICKY); } else { $tid = $topic->ins_topic($catid, $title, $needsModeration, \CODOF\Forum\Forum::STICKY_ONLY_CATEGORY); } } else { $tid = $topic->ins_topic($catid, $title, $needsModeration, \CODOF\Forum\Forum::APPROVED); } $pid = $post->ins_post($catid, $tid, $_POST['imesg'], $_POST['omesg']); $topic->link_topic_post($pid, $tid); //get any @mentions from the topic post $mentions = $subscriber->getMentions($_POST['imesg']); //get userids from mentions that actually exists in the database $ids = $subscriber->getIdsThatExisits($mentions); //subscribe self to topic as a Subscriber::NOTIFIED $subscriber->toTopic($catid, $tid, \CODOF\Forum\Notification\Subscriber::$NOTIFIED); //if post was inserted successfully if ($pid) { $topicData = array("label" => 'New topic', "cid" => $catid, "tid" => $tid, "tuid" => $user->id, "pid" => $pid, "mentions" => $ids, "message" => \CODOF\Util::start_cut(\CODOF\Format::imessage($_POST['imesg']), 120), "notification" => "%actor% created <b>%title%</b>", "bindings" => array("title" => \CODOF\Util::start_cut($title, 100))); $notifier->queueNotify('new_topic', $topicData); //$notifier->dequeueNotify(); \CODOF\Hook::call('after_topic_insert', $topicData); } //insert tags if any present in the topic if (isset($_POST['tags']) && $user->can('add tags')) { //the method does the filtering $topic->insertTags($tid, $_POST['tags']); } echo json_encode(array('tid' => $tid)); } }