if ($_POST['nosm']) { $previewPost['options'] |= 2; } if ($_POST['nobr']) { $previewPost['options'] |= 4; } MakePost($previewPost, 0, $fid); } else { Alert(__("Enter a message and try again."), __("Your post is empty.")); } } if (!$_POST['text']) { $_POST['text'] = $post['text']; } if ($_POST['text']) { $prefill = htmlval(deSlashMagic($_POST['text'])); } if ($_GET['link']) { $prefill = ">>" . (int) $_GET['link'] . "\r\n\r\n"; } else { if ($_GET['quote']) { $qQuote = "\tselect \n\t\t\t\t\tp.id, p.deleted, pt.text,\n\t\t\t\t\tf.minpower,\n\t\t\t\t\tu.name poster\n\t\t\t\tfrom posts p\n\t\t\t\t\tleft join posts_text pt on pt.pid = p.id and pt.revision = p.currentrevision \n\t\t\t\t\tleft join threads t on t.id=p.thread\n\t\t\t\t\tleft join forums f on f.id=t.forum\n\t\t\t\t\tleft join users u on u.id=p.user\n\t\t\t\twhere p.id=" . (int) $_GET['quote']; $rQuote = Query($qQuote); if (NumRows($rQuote)) { $quote = Fetch($rQuote); //SPY CHECK! //Do we need to translate this line? It's not even displayed in its true form ._. if ($quote['minpower'] > $postingAsUser['powerlevel']) { $quote['text'] = str_rot13("Pools closed due to not enough power. Prosecutors will be violated."); } if ($quote['deleted']) {
$post = htmlentities2(deSlashMagic($pm['text'])); $post = preg_replace("'/me '", "[b]* " . $loguser['name'] . "[/b] ", $post); //to prevent identity confusion $post = str_replace("\n", "##TSURUPETTANYOUJO##", $post); TidyPost($post); $post = str_replace("##TSURUPETTANYOUJO##", "\n", $post); $post = "<!-- ###MULTIREP:" . $_POST['to'] . " ### -->" . $post; $post = mysql_real_escape_string($post); $qPMT = "update pmsgs_text set title = '" . justEscape($_POST['title']) . "', text = '" . $post . "' where pid = " . $pmid; $rPMT = Query($qPMT); $qPM = "update pmsgs set userto = " . $firstTo . " where id = " . $pmid; $rPM = Query($qPM); Redirect(__("PM draft updated!"), "private.php?show=2", __("your PM box")); exit; } else { $post = htmlentities2(deSlashMagic($pm['text'])); $post = preg_replace("'/me '", "[b]* " . $loguser['name'] . "[/b] ", $post); //to prevent identity confusion $post = str_replace("\n", "##TSURUPETTANYOUJO##", $post); TidyPost($post); $post = mysql_real_escape_string($post); $qPMT = "update pmsgs_text set title = '" . justEscape($_POST['title']) . "', text = '" . $post . "' where pid = " . $pmid; $rPMT = Query($qPMT); $qPM = "update pmsgs set drafting = 0 where id = " . $pmid; $rPM = Query($qPM); foreach ($recipIDs as $recipient) { if ($recipient == $firstTo) { continue; } $qPM = "insert into pmsgs (userto, userfrom, date, ip, msgread) values (" . $recipient . ", " . $loguserid . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', 0)"; $rPM = Query($qPM);
function prepare($text) { $s = str_replace("\\'", "'", addslashes(deSlashMagic($text))); return $s; }
$pid = mysql_insert_id(); $qPMT = "insert into pmsgs_text (pid,title,text) values (" . $pid . ", '" . justEscape($_POST['title']) . "', '" . $post . "')"; $rPMT = Query($qPMT); } Redirect(__("PM sent!"), "private.php?show=1", __("your PM outbox")); } exit; } else { Alert(__("Enter a message and try again."), __("Your PM is empty.")); } } else { Alert(__("Enter a title and try again."), __("Your PM is untitled.")); } } $_POST['title'] = htmlentities2(deSlashMagic($_POST['title'])); $_POST['text'] = htmlentities2(deSlashMagic($_POST['text'])); if ($_POST['action'] == "Preview") { if ($_POST['text']) { $_POST['realtitle'] = $_POST['title']; //store the real PM title in another field... $_POST['num'] = "---"; $_POST['posts'] = "---"; $_POST['id'] = "???"; $_POST['uid'] = $loguserid; $copies = explode(",", "title,name,displayname,picture,sex,powerlevel,avatar,postheader,signature,signsep,regdate,lastactivity,lastposttime"); foreach ($copies as $toCopy) { $_POST[$toCopy] = $loguser[$toCopy]; } $realtext = $_POST['text']; $_POST['text'] = preg_replace("'/me '", "[b]* " . $loguser['name'] . "[/b] ", $_POST['text']); //to prevent identity confusion
$_POST['iconid'] = 0; } $qFora = "select title, id from forums order by catid, id"; $rFora = Query($qFora); while ($forum = Fetch($rFora)) { $moveToTargets .= "<option value=\"" . $forum['id'] . "\">" . $forum['title'] . "</option>"; } if ($canMod) { $icons = ""; $i = 1; while (is_file("img/icons/icon" . $i . ".png")) { $check = ""; if ($_POST['iconid'] == $i) { $check = "checked=\"checked\" "; } $icons .= format("\n\t\t\t\t<label>\n\t\t\t\t\t<input type=\"radio\" {0} name=\"iconid\" value=\"{1}\" />\n\t\t\t\t\t<img src=\"img/icons/icon{1}.png\" alt=\"Icon {1}\" />\n\t\t\t\t</label>\n", $check, $i); $i++; } $check[0] = ""; $check[1] = ""; if ($_POST['iconid'] == 0) { $check[0] = "checked=\"checked\" "; } if ($_POST['iconid'] == 255) { $check[1] = "checked=\"checked\" "; $iconurl = htmlval(deSlashMagic($_POST['iconurl'])); } write("\n\t<form action=\"editthread.php\" method=\"post\">\n\t\t<table class=\"outline margin\" style=\"width: 100%;\">\n\t\t\t<tr class=\"header1\">\n\t\t\t\t<th colspan=\"2\">\n\t\t\t\t\t" . __("Edit Thread") . "\n\t\t\t\t</th>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell0\">\n\t\t\t\t<td>\n\t\t\t\t\t<label for=\"tit\">" . __("Title") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"text\" id=\"tit\" name=\"title\" style=\"width: 98%;\" maxlength=\"60\" value=\"{0}\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell1\">\n\t\t\t\t<td>\n\t\t\t\t\t" . __("Icon") . "\n\t\t\t\t</td>\n\t\t\t\t<td class=\"threadIcons\">\n\t\t\t\t\t<label>\n\t\t\t\t\t\t<input type=\"radio\" {2} id=\"noicon\" name=\"iconid\" value=\"0\">\n\t\t\t\t\t\t" . __("None") . "\n\t\t\t\t\t</label>\n\t\t\t\t\t{1}\n\t\t\t\t\t<br/>\n\t\t\t\t\t<label>\n\t\t\t\t\t\t<input type=\"radio\" {3} name=\"iconid\" value=\"255\" />\n\t\t\t\t\t\t<span>" . __("Custom") . "</span>\n\t\t\t\t\t</label>\n\t\t\t\t\t<input type=\"text\" name=\"iconurl\" style=\"width: 50%;\" maxlength=\"100\" value=\"{4}\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell2\">\n\t\t\t\t<td>\n\t\t\t\t\t" . __("Extras") . "\n\t\t\t\t</td>\n\t\t\t\t<td>\n\t\t\t\t\t<label>\n\t\t\t\t\t\t<input type=\"checkbox\" name=\"isClosed\" {5} />\n\t\t\t\t\t\t" . __("Closed") . "\n\t\t\t\t\t</label>\n\t\t\t\t\t<label>\n\t\t\t\t\t\t<input type=\"checkbox\" name=\"isSticky\" {6} />\n\t\t\t\t\t\t" . __("Sticky") . "\n\t\t\t\t\t</label>\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell2\">\n\t\t\t\t<td></td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Edit") . "\"></input>\n\t\t\t\t\t<button onclick=\"window.navigate('editthread.php?id={7}&action=delete');\">" . __("Delete") . "</button>\n\n\t\t\t\t\t<select name=\"moveTo\" size=\"1\">{8}</select>\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Move") . "\" />\n\t\t\t\t\t<input type=\"hidden\" name=\"id\" value=\"{7}\" />\n\t\t\t\t\t<input type=\"hidden\" name=\"key\" value=\"{9}\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t</form>\n", htmlval(deSlashMagic($_POST['title'])), $icons, $check[0], $check[1], $iconurl, $thread['closed'] ? " checked=\"checked\"" : "", $thread['sticky'] ? " checked=\"checked\"" : "", $tid, $moveToTargets, $key); } else { write("\n\t<form action=\"editthread.php\" method=\"post\">\n\t\t<table class=\"outline margin width50\">\n\t\t\t<tr class=\"cell0\">\n\t\t\t\t<td>\n\t\t\t\t\t<label for=\"tit\">" . __("Title") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"text\" id=\"tit\" name=\"title\" style=\"width: 98%;\" maxlength=\"60\" value=\"{0}\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell2\">\n\t\t\t\t<td></td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Edit") . "\" />\n\t\t\t\t\t<input type=\"hidden\" name=\"id\" value=\"{1}\" />\n\t\t\t\t\t<input type=\"hidden\" name=\"key\" value=\"{2}\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t</form>\n", htmlval(deSlashMagic($_POST['title'])), $tid, $key); }
} if ($_POST['nobr']) { $previewPost['options'] |= 4; } $previewPost['mood'] = (int) $_POST['mood']; MakePost($previewPost, 0, $fid); } else { Alert(__("Enter a message and try again."), __("Your post is empty.")); } } //if(!$_POST['text']) $_POST['text'] = $post['text']; //if($_POST['text']) $prefill = htmlval(deSlashMagic($_POST['text'])); if (!$_POST['text']) { $prefill = $post['text']; } else { $prefill = deSlashMagic($_POST['text']); } if ($_POST['nopl']) { $nopl = "checked=\"checked\""; } if ($_POST['nosm']) { $nosm = "checked=\"checked\""; } if ($_POST['nobr']) { $nobr = "checked=\"checked\""; } if (!isset($_POST['mood'])) { $_POST['mood'] = $post['mood']; } if ($_POST['mood']) { $moodSelects[(int) $_POST['mood']] = "selected=\"selected\" ";
while (is_file("img/icons/icon" . $i . ".png")) { $checked = $_POST['iconid'] == $i ? "checked=\"checked\" " : ""; $icons .= format("\n\t\t\t\t\t\t\t<label>\n\t\t\t\t\t\t\t\t<input type=\"radio\" {0} name=\"iconid\" value=\"{1}\" />\n\t\t\t\t\t\t\t\t<img src=\"img/icons/icon{1}.png\" alt=\"Icon {1}\" onclick=\"javascript:void()\" />\n\t\t\t\t\t\t\t</label>\n", $checked, $i); $i++; } write("\n\t<table style=\"width: 100%;\">\n\t\t<tr>\n\t\t\t<td style=\"vertical-align: top; border: none;\">\n\t\t\t\t<form action=\"newthread.php\" method=\"post\">\n\t\t\t\t\t<table class=\"outline margin width100\">\n\t\t\t\t\t\t<tr class=\"header1\">\n\t\t\t\t\t\t\t<th colspan=\"2\">\n\t\t\t\t\t\t\t\t{0}\n\t\t\t\t\t\t\t</th>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr class=\"cell0\">\n\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<label for=\"tit\">\n\t\t\t\t\t\t\t\t\t" . __("Title") . "\n\t\t\t\t\t\t\t\t</label>\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<input type=\"text\" id=\"tit\" name=\"title\" style=\"width: 98%;\" maxlength=\"60\" value=\"{1}\" />\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr class=\"cell1\">\n\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t" . __("Icon") . "\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t<td class=\"threadIcons\">\n\t\t\t\t\t\t\t\t<label>\n\t\t\t\t\t\t\t\t\t<input type=\"radio\" {2} name=\"iconid\" value=\"0\" /> \n\t\t\t\t\t\t\t\t\t<span>" . __("None") . "</span>\n\t\t\t\t\t\t\t\t</label> \n\t\t\t\t\t\t\t\t{3}\n\t\t\t\t\t\t\t\t<br />\n\t\t\t\t\t\t\t\t<label>\n\t\t\t\t\t\t\t\t\t<input type=\"radio\" {4} name=\"iconid\" value=\"255\" /> \n\t\t\t\t\t\t\t\t\t<span>" . __("Custom") . "</span>\n\t\t\t\t\t\t\t\t</label> \n\t\t\t\t\t\t\t\t<input type=\"text\" id=\"iconurl\" name=\"iconurl\" style=\"width: 50%;\" maxlength=\"100\" value=\"{5}\" />\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n", $_POST['poll'] ? __("New poll") : __("New thread"), $trefill, $iconNoneChecked, $icons, $iconCustomChecked, htmlval(deSlashMagic($_POST['iconurl']))); if ($_POST['poll']) { $first = true; $pollOptions = ""; for ($pops = 0; $pops < $_POST['pollOptions']; $pops++) { $cellClass = ($cellClass + 1) % 2; $fixed = htmlval(deSlashMagic($_POST['pollOption' . $pops])); $pollOptions .= format("\n\t\t\t\t\t\t<tr class=\"cell{0}\">\n\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<label for=\"p{1}\">" . __("Option {2}") . "</label>\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<input type=\"text\" id=\"p{1}\" name=\"pollOption{1}\" value=\"{3}\" style=\"width: 50%;\" maxlength=\"40\" > \n\t\t\t\t\t\t\t\t<label>\n\t\t\t\t\t\t\t\t\t" . __("Color", 1) . " \n\t\t\t\t\t\t\t\t\t<input type=\"text\" name=\"pollColor{1}\" value=\"{4}\" size=\"10\" maxlength=\"7\" class=\"color {hash:true,required:false,pickerFaceColor:'black',pickerFace:3,pickerBorder:0,pickerInsetColor:'black',pickerPosition:'left',pickerMode:'HVS'}\" />\n\t\t\t\t\t\t\t\t</label>\n\t\t\t\t\t\t\t\t{5}\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n", $cellClass, $pops, $pops + 1, $fixed, filterPollColors($_POST['pollColor' . $pops]), $first ? " (#rrggbb)" : ""); $first = false; } write("\n\t\t\t\t\t\t<tr class=\"cell0\">\n\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<label for=\"pq\">\n\t\t\t\t\t\t\t\t\t" . __("Poll question") . "\n\t\t\t\t\t\t\t\t</label>\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<input type=\"text\" id=\"pq\" name=\"pollQuestion\" value=\"{0}\" style=\"width: 98%;\" maxlength=\"100\" />\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr class=\"cell1\">\n\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<label for=\"pn\">\n\t\t\t\t\t\t\t\t\t" . __("Number of options") . "\n\t\t\t\t\t\t\t\t</label>\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<input type=\"text\" id=\"pn\" name=\"pollOptions\" value=\"{1}\" size=\"2\" maxlength=\"2\" />\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t{2}\n", htmlval(deSlashMagic($_POST['pollQuestion'])), $_POST['pollOptions'], $pollOptions); } if ($_POST['mood']) { $moodSelects[(int) $_POST['mood']] = "selected=\"selected\" "; } $moodOptions = "<option " . $moodSelects[0] . "value=\"0\">" . __("[Default avatar]") . "</option>\n"; $rMoods = Query("select mid, name from moodavatars where uid=" . $loguserid . " order by mid asc"); while ($mood = Fetch($rMoods)) { $moodOptions .= format("\n\t<option {0} value=\"{1}\">{2}</option>\n", $moodSelects[$mood['mid']], $mood['mid'], htmlval($mood['name'])); } if (CanMod($loguserid, $forum['id'])) { $mod = "\n\n<!-- Mod options -->\n"; $mod .= "<label><input type=\"checkbox\" name=\"lock\"> " . __("Close thread", 1) . "</label>\n"; $mod .= "<label><input type=\"checkbox\" name=\"stick\"> " . __("Sticky", 1) . "</label>\n"; $mod .= "<!-- More could follow -->\n\n"; }