/** * Creates a new post * * @param string 'thread' for the first post in a new thread, 'reply' otherwise * @param array Forum Information * @param array Thread Information * @param array Post Information for the "Parent" post * @param array Post Information for the post being created * @param array (return) Array of errors * */ function build_new_post($type = 'thread', $foruminfo, $threadinfo, $postinfo, &$post, &$errors) { //NOTE: permissions are not checked in this function // $post is passed by reference, so that any changes (wordwrap, censor, etc) here are reflected on the copy outside the function // $post[] includes: // title, iconid, message, parseurl, email, signature, preview, disablesmilies, rating // $errors will become any error messages that come from the checks before preview kicks in global $vbulletin, $vbphrase, $forumperms; // ### PREPARE OPTIONS AND CHECK VALID INPUT ### $post['disablesmilies'] = intval($post['disablesmilies']); $post['enablesmilies'] = $post['disablesmilies'] ? 0 : 1; $post['folderid'] = intval($post['folderid']); $post['emailupdate'] = intval($post['emailupdate']); $post['rating'] = intval($post['rating']); $post['podcastsize'] = intval($post['podcastsize']); /*$post['parseurl'] = intval($post['parseurl']); $post['email'] = intval($post['email']); $post['signature'] = intval($post['signature']); $post['preview'] = iif($post['preview'], 1, 0); $post['iconid'] = intval($post['iconid']); $post['message'] = trim($post['message']); $post['title'] = trim(preg_replace('/�*32;/', ' ', $post['title'])); $post['username'] = trim($post['username']); $post['posthash'] = trim($post['posthash']); $post['poststarttime'] = trim($post['poststarttime']);*/ // Make sure the posthash is valid if (md5($post['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $post['posthash']) { $post['posthash'] = 'invalid posthash'; // don't phrase me } // OTHER SANITY CHECKS $threadinfo['threadid'] = intval($threadinfo['threadid']); // create data manager if ($type == 'thread') { $dataman =& datamanager_init('Thread_FirstPost', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $dataman->set('prefixid', $post['prefixid']); } else { $dataman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); } // set info $dataman->set_info('preview', $post['preview']); $dataman->set_info('parseurl', $post['parseurl']); $dataman->set_info('posthash', $post['posthash']); $dataman->set_info('forum', $foruminfo); $dataman->set_info('thread', $threadinfo); if (!$vbulletin->GPC['fromquickreply']) { $dataman->set_info('show_title_error', true); } if ($foruminfo['podcast'] and (!empty($post['podcasturl']) or !empty($post['podcastexplicit']) or !empty($post['podcastauthor']) or !empty($post['podcastsubtitle']) or !empty($post['podcastkeywords']))) { $dataman->set_info('podcastexplicit', $post['podcastexplicit']); $dataman->set_info('podcastauthor', $post['podcastauthor']); $dataman->set_info('podcastkeywords', $post['podcastkeywords']); $dataman->set_info('podcastsubtitle', $post['podcastsubtitle']); $dataman->set_info('podcasturl', $post['podcasturl']); if ($post['podcastsize']) { $dataman->set_info('podcastsize', $post['podcastsize']); } } // set options $dataman->setr('showsignature', $post['signature']); $dataman->setr('allowsmilie', $post['enablesmilies']); // set data $dataman->setr('userid', $vbulletin->userinfo['userid']); if ($vbulletin->userinfo['userid'] == 0) { $dataman->setr('username', $post['username']); } $dataman->setr('title', $post['title']); $dataman->setr('pagetext', $post['message']); $dataman->setr('iconid', $post['iconid']); // see if post has to be moderated or if poster in a mod if (($foruminfo['moderatenewthread'] and $type == 'thread' or $foruminfo['moderatenewpost'] and $type == 'reply' or !($forumperms & $vbulletin->bf_ugp_forumpermissions['followforummoderation'])) and !can_moderate($foruminfo['forumid']) or $type == 'reply' and ($postinfo['postid'] and !$postinfo['visible'] and !empty($postinfo['specifiedpost']) or !$threadinfo['visible'])) { // note: specified post comes from a variable passed into newreply.php $dataman->set('visible', 0); $post['visible'] = 0; } else { $dataman->set('visible', 1); $post['visible'] = 1; } if ($type != 'thread') { if ($postinfo['postid'] == 0) { // get parentid of the new post // we're not posting a new thread, so make this post a child of the first post in the thread $getfirstpost = $vbulletin->db->query_first("SELECT postid FROM " . TABLE_PREFIX . "post WHERE threadid={$threadinfo['threadid']} ORDER BY dateline LIMIT 1"); $parentid = $getfirstpost['postid']; } else { $parentid = $postinfo['postid']; } $dataman->setr('parentid', $parentid); $dataman->setr('threadid', $threadinfo['threadid']); } else { $dataman->setr('forumid', $foruminfo['forumid']); } $errors = array(); // done! ($hook = vBulletinHook::fetch_hook('newpost_process')) ? eval($hook) : false; if ($vbulletin->GPC['fromquickreply'] and $post['preview']) { $errors = array(); return; } if ($vbulletin->options['hvcheck_post'] and !$post['preview'] and !$vbulletin->userinfo['userid']) { require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library($vbulletin); if (!$verify->verify_token($post['humanverify'])) { $dataman->error($verify->fetch_error()); } } if ($dataman->info['podcastsize']) { $post['podcastsize'] = $dataman->info['podcastsize']; } // check if this forum requires a prefix if ($type == 'thread' and !$dataman->fetch_field('prefixid') and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) { // only require a prefix if we actually have options for this forum require_once DIR . '/includes/functions_prefix.php'; if (fetch_prefix_array($foruminfo['forumid'])) { $dataman->error('thread_prefix_required'); } } if ($type == 'thread' and $post['taglist']) { fetch_valid_tags($dataman->thread, $post['taglist'], $tag_errors, true, false); if ($tag_errors) { foreach ($tag_errors as $error) { $dataman->error($error); } } } $dataman->pre_save(); $errors = array_merge($errors, $dataman->errors); if ($post['preview']) { return; } // ### DUPE CHECK ### $dupehash = md5($foruminfo['forumid'] . $post['title'] . $post['message'] . $vbulletin->userinfo['userid'] . $type); $prevpostfound = false; $prevpostthreadid = 0; if ($prevpost = $vbulletin->db->query_first("\n\t\tSELECT posthash.threadid\n\t\tFROM " . TABLE_PREFIX . "posthash AS posthash\n\t\tWHERE posthash.userid = " . $vbulletin->userinfo['userid'] . " AND\n\t\t\tposthash.dupehash = '" . $vbulletin->db->escape_string($dupehash) . "' AND\n\t\t\tposthash.dateline > " . (TIMENOW - 300) . "\n\t")) { if ($type == 'thread' and $prevpost['threadid'] == 0 or $type == 'reply' and $prevpost['threadid'] == $threadinfo['threadid']) { $prevpostfound = true; $prevpostthreadid = $prevpost['threadid']; } } // Redirect user to forumdisplay since this is a duplicate post if ($prevpostfound) { if ($type == 'thread') { $vbulletin->url = 'forumdisplay.php?' . $vbulletin->session->vars['sessionurl'] . "f={$foruminfo['forumid']}"; eval(print_standard_redirect('redirect_duplicatethread', true, true)); } else { // with ajax quick reply we need to use the error system if ($vbulletin->GPC['ajax']) { $dataman->error('duplicate_post'); $errors = $dataman->errors; return; } else { $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$prevpostthreadid}&goto=newpost"; if ($post['ajaxqrfailed']) { // ajax qr failed. While this is a dupe, most likely the user didn't // see the initial post, so act like it went through. eval(print_standard_redirect('redirect_postthanks', true, true)); } else { eval(print_standard_redirect('redirect_duplicatepost', true, true)); } } } } if (sizeof($errors) > 0) { return; } $id = $dataman->save(); if ($type == 'thread') { $post['threadid'] = $id; $threadinfo =& $dataman->thread; $post['postid'] = $dataman->fetch_field('firstpostid'); } else { $post['postid'] = $id; } $post['visible'] = $dataman->fetch_field('visible'); $set_open_status = false; $set_sticky_status = false; if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) { $set_open_status = true; } if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) { $set_sticky_status = true; } if ($set_open_status or $set_sticky_status) { $thread =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost'); if ($type == 'thread') { $thread->set_existing($dataman->thread); if ($set_open_status) { $post['postpoll'] = false; } } else { $thread->set_existing($threadinfo); } if ($set_open_status) { $thread->set('open', $thread->fetch_field('open') == 1 ? 0 : 1); } if ($set_sticky_status) { $thread->set('sticky', $thread->fetch_field('sticky') == 1 ? 0 : 1); } $thread->save(); } if ($type == 'thread') { add_tags_to_thread($threadinfo, $post['taglist']); } // ### DO THREAD RATING ### build_thread_rating($post['rating'], $foruminfo, $threadinfo); // ### DO EMAIL NOTIFICATION ### if ($post['visible'] and $type != 'thread' and !in_coventry($vbulletin->userinfo['userid'], true)) { exec_send_notification($threadinfo['threadid'], $vbulletin->userinfo['userid'], $post['postid']); } // ### DO THREAD SUBSCRIPTION ### if ($vbulletin->userinfo['userid'] != 0) { require_once DIR . '/includes/functions_misc.php'; $post['emailupdate'] = verify_subscription_choice($post['emailupdate'], $vbulletin->userinfo, 9999); ($hook = vBulletinHook::fetch_hook('newpost_subscribe')) ? eval($hook) : false; if (!$threadinfo['issubscribed'] and $post['emailupdate'] != 9999) { // user is not subscribed to this thread so insert it /*insert query*/ $vbulletin->db->query_write("INSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } else { // User is subscribed, see if they changed the settings for this thread if ($post['emailupdate'] == 9999) { // Remove this subscription, user chose 'No Subscription' $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "subscribethread WHERE threadid = {$threadinfo['threadid']} AND userid = " . $vbulletin->userinfo['userid']); } else { if ($threadinfo['emailupdate'] != $post['emailupdate'] or $threadinfo['folderid'] != $post['folderid']) { // User changed the settings so update the current record /*insert query*/ $vbulletin->db->query_write("REPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } } } } ($hook = vBulletinHook::fetch_hook('newpost_complete')) ? eval($hook) : false; }
/** * Creates a new post * * @param string 'thread' for the first post in a new thread, 'reply' otherwise * @param array Forum Information * @param array Thread Information * @param array Post Information for the "Parent" post * @param array Post Information for the post being created * @param array (return) Array of errors * */ function build_new_post($type = 'thread', $foruminfo, $threadinfo, $postinfo, &$post, &$errors) { //NOTE: permissions are not checked in this function // $post is passed by reference, so that any changes (wordwrap, censor, etc) here are reflected on the copy outside the function // $post[] includes: // title, iconid, message, parseurl, email, signature, preview, disablesmilies, rating // $errors will become any error messages that come from the checks before preview kicks in global $vbulletin, $vbphrase, $forumperms; // ### PREPARE OPTIONS AND CHECK VALID INPUT ### $post['disablesmilies'] = intval($post['disablesmilies']); $post['enablesmilies'] = $post['disablesmilies'] ? 0 : 1; $post['folderid'] = intval($post['folderid']); $post['emailupdate'] = intval($post['emailupdate']); $post['rating'] = intval($post['rating']); $post['podcastsize'] = intval($post['podcastsize']); // Make sure the posthash is valid if (md5($post['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $post['posthash']) { $post['posthash'] = 'invalid posthash'; // don't phrase me } // OTHER SANITY CHECKS $threadinfo['threadid'] = intval($threadinfo['threadid']); // Doublepost // $dp_flag = false; // create data manager if ($type == 'thread') { $dataman =& datamanager_init('Thread_FirstPost', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $dataman->set('prefixid', $post['prefixid']); } else { $dataman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $dupehash = md5($foruminfo['forumid'] . $post['title'] . $post['message'] . $vbulletin->userinfo['userid'] . $type); // Doublepost Check // if ($vbulletin->options['dp_timespan'] and VB_API !== true and $cutoff = TIMENOW - $vbulletin->options['dp_timespan'] * 60 and $threadinfo['lastpost'] > $cutoff and !$post['preview'] and $threadinfo['lastposter'] == $vbulletin->userinfo['username'] and !($foruminfo['options'] & $vbulletin->bf_misc_forumoptions['bypassdp']) and !($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['bypassdoublepost']) and $doublepost = $vbulletin->db->query_first("\n\t\t\t\tSELECT post.*, posthash.userid AS dupe_userid\n\t\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "posthash AS posthash ON (\n\t\t\t\t\tposthash.threadid = {$threadinfo['threadid']}\n\t\t\t\t\t\tAND\n\t\t\t\t\tposthash.dupehash = '" . $vbulletin->db->escape_string($dupehash) . "'\n\t\t\t\t\t\tAND\n\t\t\t\t\tposthash.userid = {$vbulletin->userinfo['userid']}\n\t\t\t\t\t\tAND\n\t\t\t\t\tposthash.dateline > " . (TIMENOW - 300) . "\n\t\t\t\t)\n\t\t\t\tWHERE\n\t\t\t\t\tpost.visible = 1\n\t\t\t\t\t\tAND\n\t\t\t\t\tpost.postid = " . $threadinfo['lastpostid'] . "\n\t\t\t\t\t\tAND\n\t\t\t\t\tpost.threadid = " . $threadinfo['threadid'] . "\n\t\t\t\tLIMIT 1\t") and $attach = $vbulletin->db->query_first("\n\t\t\t\tSELECT count(attachmentid) AS attach\n\t\t\t\tFROM " . TABLE_PREFIX . "attachment\n\t\t\t\tWHERE state = 'visible'\n\t\t\t\tAND posthash = '" . $post['posthash'] . "'") and ($vbulletin->options['attachlimit'] == 0 or $attach['attach'] + $doublepost['attach'] <= $vbulletin->options['attachlimit'])) { $cstate = $vbulletin->options['dp_color'] ? 1 : 0; $minchar = intval($vbulletin->options['postminchars']) <= 0 ? 1 : intval($vbulletin->options['postminchars']); if (vbstrlen(strip_bbcode($post['message'], $vbulletin->options['ignorequotechars'])) < $minchar) { require_once DIR . '/includes/functions_misc.php'; $errors[] = construct_phrase(fetch_phrase('tooshort', 'error'), $minchar); return false; } if ($doublepost['dupe_userid']) { require_once DIR . '/includes/functions_misc.php'; $errors[] = fetch_phrase('duplicate_post', 'error'); return false; } switch ($vbulletin->options['dp_spacer']) { case 1: // None $cstate = 2; break; case 2: // Custom $spacer = $vbulletin->options['dp_text']; break; default: $spacer = $vbphrase['dp_spacer_default']; break; } switch ($cstate) { case 1: // Coloured spacer $spacer = "\n\n" . '[COLOR="' . $vbulletin->options['dp_color'] . '"]' . $spacer . '[/COLOR]' . "\n\n"; break; case 2: // No spacer. $spacer = "\n\n"; break; default: $spacer = "\n\n" . $spacer . "\n\n"; break; } $dp_flag = true; $id = $doublepost['postid']; // Need to set valid values for later // $doublepost['signature'] = $doublepost['showsignature']; $doublepost['disablesmilies'] = intval($doublepost['disablesmilies']); $doublepost['enablesmilies'] = $doublepost['disablesmilies'] ? 0 : 1; $doublepost['folderid'] = intval($doublepost['folderid']); $doublepost['emailupdate'] = intval($doublepost['emailupdate']); $doublepost['rating'] = intval($doublepost['rating']); $doublepost['podcastsize'] = intval($doublepost['podcastsize']); $doublepost['doublepost'] = $dp_flag; $doublepost['posthash'] = $post['posthash']; $doublepost['oldmessage'] = $post['message']; $doublepost['message'] = $doublepost['pagetext'] . $spacer . $post['message']; $post = $doublepost; unset($doublepost); $dataman->set_existing($post); if ($vbulletin->options['dp_bump']) { $post['dateline'] = TIMENOW; $dataman->set('dateline', $post['dateline']); } } else { $dp_flag = false; } } // set info $dataman->set_info('dpflag', $dp_flag); $dataman->set_info('preview', $post['preview']); $dataman->set_info('parseurl', $post['parseurl']); $dataman->set_info('posthash', $post['posthash']); $dataman->set_info('forum', $foruminfo); $dataman->set_info('thread', $threadinfo); if (!$vbulletin->GPC['fromquickreply']) { $dataman->set_info('show_title_error', true); } if ($foruminfo['podcast'] and (!empty($post['podcasturl']) or !empty($post['podcastexplicit']) or !empty($post['podcastauthor']) or !empty($post['podcastsubtitle']) or !empty($post['podcastkeywords']))) { $dataman->set_info('podcastexplicit', $post['podcastexplicit']); $dataman->set_info('podcastauthor', $post['podcastauthor']); $dataman->set_info('podcastkeywords', $post['podcastkeywords']); $dataman->set_info('podcastsubtitle', $post['podcastsubtitle']); $dataman->set_info('podcasturl', $post['podcasturl']); if ($post['podcastsize']) { $dataman->set_info('podcastsize', $post['podcastsize']); } } // set options $dataman->setr('showsignature', $post['signature']); $dataman->setr('allowsmilie', $post['enablesmilies']); $dataman->setr('htmlstate', $post['htmlstate']); // set data $dataman->setr('userid', $vbulletin->userinfo['userid']); if ($vbulletin->userinfo['userid'] == 0) { $dataman->setr('username', $post['username']); } $dataman->setr('title', $post['title']); $dataman->setr('pagetext', $post['message']); $dataman->setr('iconid', $post['iconid']); // see if post has to be moderated or if poster in a mod if (($foruminfo['moderatenewthread'] and $type == 'thread' or $foruminfo['moderatenewpost'] and $type == 'reply' or !($forumperms & $vbulletin->bf_ugp_forumpermissions['followforummoderation'])) and !can_moderate($foruminfo['forumid']) or $type == 'reply' and ($postinfo['postid'] and !$postinfo['visible'] and !empty($postinfo['specifiedpost']) or !$threadinfo['visible'])) { // note: specified post comes from a variable passed into newreply.php $dataman->set('visible', 0); $post['visible'] = 0; } else { $dataman->set('visible', 1); $post['visible'] = 1; } if ($type != 'thread') { if ($dp_flag) { $parentid = $post['parentid']; } else { if ($postinfo['postid']) { // get parentid of the new post // we're not posting a new thread, so make this post a child of the first post in the thread if (!empty($threadinfo['firstpostid'])) { //we have the postid in the thread table (firstpostid) $parentid = $threadinfo['firstpostid']; } else { //for some reason it might not be available in the $threadinfo array, need to fetch it $getfirstpost = $vbulletin->db->query_first("SELECT postid FROM " . TABLE_PREFIX . "post WHERE threadid={$threadinfo['threadid']} ORDER BY dateline LIMIT 1"); $parentid = $getfirstpost['postid']; } } else { $parentid = $postinfo['postid']; } } $dataman->setr('parentid', $parentid); $dataman->setr('threadid', $threadinfo['threadid']); } else { $dataman->setr('forumid', $foruminfo['forumid']); } $errors = array(); // done! ($hook = vBulletinHook::fetch_hook('newpost_process')) ? eval($hook) : false; if ($vbulletin->GPC['fromquickreply'] and $post['preview']) { $errors = array(); return; } if (fetch_require_hvcheck('post') and !$post['preview']) { require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library($vbulletin); if (!$verify->verify_token($post['humanverify'])) { $dataman->error($verify->fetch_error()); } } if ($dataman->info['podcastsize']) { $post['podcastsize'] = $dataman->info['podcastsize']; } // check if this forum requires a prefix if ($type == 'thread' and !$dataman->fetch_field('prefixid') and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) { // only require a prefix if we actually have options for this forum require_once DIR . '/includes/functions_prefix.php'; if (fetch_prefix_array($foruminfo['forumid'])) { $dataman->error('thread_prefix_required'); } } if ($type == 'thread' and $post['taglist']) { $threadinfo['postuserid'] = $vbulletin->userinfo['userid']; require_once DIR . '/includes/class_taggablecontent.php'; $content = vB_Taggable_Content_Item::create($vbulletin, "vBForum_Thread", $dataman->thread['threadid'], $threadinfo); $limits = $content->fetch_tag_limits(); $content->filter_tag_list_content_limits($post['taglist'], $limits, $tag_errors, true, false); if ($tag_errors) { foreach ($tag_errors as $error) { $dataman->error($error); } } $dataman->setr('taglist', $post['taglist']); } if ($type == 'reply' and $vbulletin->GPC['return_node']) { $dataman->set_info('nodeid', $vbulletin->GPC['return_node']); } $dataman->pre_save(); $errors = array_merge($errors, $dataman->errors); if ($post['preview']) { return; } // ### DUPE CHECK ### $dupehash = md5($foruminfo['forumid'] . $post['title'] . $post['message'] . $vbulletin->userinfo['userid'] . $type); $prevpostfound = false; $prevpostthreadid = 0; if ($prevpost = $vbulletin->db->query_first("\n\t\tSELECT posthash.threadid, thread.title\n\t\tFROM " . TABLE_PREFIX . "posthash AS posthash\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (thread.threadid = posthash.threadid)\n\t\tWHERE posthash.userid = " . $vbulletin->userinfo['userid'] . " AND\n\t\t\tposthash.dupehash = '" . $vbulletin->db->escape_string($dupehash) . "' AND\n\t\t\tposthash.dateline > " . (TIMENOW - 300) . "\n\t")) { if ($type == 'thread' and $prevpost['threadid'] == 0 or $type == 'reply' and $prevpost['threadid'] == $threadinfo['threadid']) { $prevpostfound = true; $prevpostthreadid = $prevpost['threadid']; } } // Redirect user to forumdisplay since this is a duplicate post if ($prevpostfound) { if ($type == 'thread') { $vbulletin->url = fetch_seo_url('forum', $foruminfo); print_standard_redirect('redirect_duplicatethread', true, true); } else { // with ajax quick reply we need to use the error system if ($vbulletin->GPC['ajax']) { $dataman->error('duplicate_post'); $errors = $dataman->errors; return; } else { $vbulletin->url = fetch_seo_url('thread', $prevpost, array('goto' => 'newpost')); if ($post['ajaxqrfailed']) { // ajax qr failed. While this is a dupe, most likely the user didn't // see the initial post, so act like it went through. print_standard_redirect('redirect_postthanks'); } else { print_standard_redirect('redirect_duplicatepost', true, true); } } } } if (sizeof($errors) > 0) { return; } if ($post['doublepost']) { $dataman->save(); } else { $id = $dataman->save(); } if ($type == 'thread') { $post['threadid'] = $id; $threadinfo =& $dataman->thread; $post['postid'] = $dataman->fetch_field('firstpostid'); clear_autosave_text('vBForum_Thread', 0, 0, $vbulletin->userinfo['userid']); } else { $post['postid'] = $id; if ($vbulletin->GPC_exists['return_node'] and intval($vbulletin->GPC['return_node'])) { clear_autosave_text('vBCms_ArticleComment', 0, $vbulletin->GPC['return_node'], $vbulletin->userinfo['userid']); } else { clear_autosave_text('vBForum_Post', 0, $threadinfo['threadid'], $vbulletin->userinfo['userid']); } } post_vb_api_details('vBForum_Post', $post['postid']); $post['visible'] = $dataman->fetch_field('visible'); $set_open_status = false; $set_sticky_status = false; if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) { $set_open_status = true; } if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) { $set_sticky_status = true; } if ($set_open_status or $set_sticky_status) { $thread =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost'); if ($type == 'thread') { $thread->set_existing($dataman->thread); if ($set_open_status) { $post['postpoll'] = false; } } else { $thread->set_existing($threadinfo); } if ($set_open_status) { $thread->set('open', $thread->fetch_field('open') == 1 ? 0 : 1); } if ($set_sticky_status) { $thread->set('sticky', $thread->fetch_field('sticky') == 1 ? 0 : 1); } $thread->save(); } if ($type == 'thread') { require_once DIR . '/includes/class_taggablecontent.php'; $content = vB_Taggable_Content_Item::create($vbulletin, "vBForum_Thread", $dataman->thread['threadid'], $threadinfo); $limits = $content->fetch_tag_limits(); $content->add_tags_to_content($post['taglist'], $limits); } // ### DO THREAD RATING ### build_thread_rating($post['rating'], $foruminfo, $threadinfo); // ### DO EMAIL NOTIFICATION ### if ($post['visible'] and $type != 'thread' and !in_coventry($vbulletin->userinfo['userid'], true)) { exec_send_notification($threadinfo['threadid'], $vbulletin->userinfo['userid'], $post['postid']); } // ### DO THREAD SUBSCRIPTION ### if ($vbulletin->userinfo['userid'] != 0) { require_once DIR . '/includes/functions_misc.php'; $post['emailupdate'] = verify_subscription_choice($post['emailupdate'], $vbulletin->userinfo, 9999); ($hook = vBulletinHook::fetch_hook('newpost_subscribe')) ? eval($hook) : false; if (!$threadinfo['issubscribed'] and $post['emailupdate'] != 9999) { // user is not subscribed to this thread so insert it /*insert query*/ $vbulletin->db->query_write("INSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } else { // User is subscribed, see if they changed the settings for this thread if ($post['emailupdate'] == 9999) { // Remove this subscription, user chose 'No Subscription' $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "subscribethread WHERE threadid = {$threadinfo['threadid']} AND userid = " . $vbulletin->userinfo['userid']); } else { if ($threadinfo['emailupdate'] != $post['emailupdate'] or $threadinfo['folderid'] != $post['folderid']) { // User changed the settings so update the current record /*insert query*/ $vbulletin->db->query_write("REPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } } } } ($hook = vBulletinHook::fetch_hook('newpost_complete')) ? eval($hook) : false; }
eval('$optgroup_options .= "' . fetch_template('option') . '";'); } // if there's only 1 prefix set available, we don't want to show the optgroup if (sizeof($prefixsets) > 1) { $optgroup_label = htmlspecialchars_uni($vbphrase["prefixset_{$prefixsetid}_title"]); eval('$prefix_options .= "' . fetch_template('optgroup') . '";'); } else { $prefix_options = $optgroup_options; } } $prefix_selected = array('any' => (in_array('', $vbulletin->GPC['prefixchoice']) or empty($vbulletin->GPC['prefixchoice'])) ? ' selected="selected"' : '', 'none' => in_array('-1', $vbulletin->GPC['prefixchoice']) ? ' selected="selected"' : ''); $show['tag_option'] = $vbulletin->options['threadtagging']; // image verification if (!$vbulletin->userinfo['userid'] and $vbulletin->options['hvcheck_search']) { require_once DIR . '/includes/class_humanverify.php'; $verification =& vB_HumanVerify::fetch_library($vbulletin); $human_verify = $verification->output_token(); } else { $human_verify = ''; } if ($vbulletin->debug) { $show['nocache'] = true; } // tag cloud display if ($vbulletin->options['threadtagging'] == 1 and $vbulletin->options['tagcloud_searchcloud'] == 1) { $tag_cloud = fetch_tagcloud('search'); if ($tag_cloud) { eval('$tag_cloud_headinclude .= "' . fetch_template('tag_cloud_headinclude') . '";'); } } else { $tag_cloud = '';
/** * Fetches the standard page view . * @param integer $nodeid - node for which we are displaying comments * * @return vBCms_View - The resolved view, or array of views */ public function getPageView($nodeid, $target_url) { global $vbphrase; require_once DIR . '/includes/functions_editor.php'; vB::$vbulletin->input->clean_array_gpc('r', array( 'nodeid' => vB_Input::TYPE_INT, 'page' => vB_Input::TYPE_INT, 'direction' => vB_Input::TYPE_STR, 'postid' => vB_Input::TYPE_UINT )); if (! $row = vB::$vbulletin->db->query_first("SELECT node.comments_enabled, node.setpublish, node.publishdate, nodeinfo.associatedthreadid, thread.forumid FROM " . TABLE_PREFIX . "cms_node AS node LEFT JOIN " . TABLE_PREFIX . "cms_nodeinfo AS nodeinfo ON node.nodeid = nodeinfo.nodeid LEFT JOIN " . TABLE_PREFIX . "thread AS thread on thread.threadID = nodeinfo.associatedthreadid WHERE nodeinfo.nodeid = $nodeid LIMIT 1;" )) { return false; } if (! $row['comments_enabled'] OR !$row['setpublish'] OR ($row['publishdate'] > TIMENOW)) { return false; } if (! intval($row['forumid'])) { $this->repairComments($row['associatedthreadid']); } if (!intval($row['associatedthreadid'])) { return false; } $associatedthreadid = $row['associatedthreadid']; $base_url = empty($target_url) ? vB_Router::getCurrentURL() : $target_url; // Create view $view = new vB_View('vbcms_comments_page'); $view->nodeid = $nodeid; $view->threadid = $row['associatedthreadid']; $view->this_url = str_replace('&', '&', $base_url); // display publish to Facebook checkbox in quick editor? if (is_facebookenabled()) { $view->fbpublishcheckbox = construct_fbpublishcheckbox(); } $this_user = new vB_Legacy_CurrentUser(); $pageno = vB::$vbulletin->GPC_exists['page'] ? vB::$vbulletin->GPC['page'] : 1; $view->pageno = $pageno; $view->node_comments = self::showComments($view->nodeid, $this_user, $pageno, 20, $target_url, $associatedthreadid); // make sure user has permission to post comment before displaying comment editor if (self::canPostComment($view->threadid, $this_user)) { // prepare the wyswiwig editor for comments $view->show_comment_editor = true; global $messagearea; $editor_name = construct_edit_toolbar(''); $view->messagearea = $messagearea;// $view->editor_name = $editor_name; // include captcha validation and guest username field if (fetch_require_hvcheck('post')) { require_once(DIR . '/includes/class_humanverify.php'); $reg = vB::$vbulletin; $verification =& vB_HumanVerify::fetch_library($reg); $human_verify = $verification->output_token(); } else { $human_verify = ''; } $view->human_verify = $human_verify; $view->usernamecode = new vB_View('newpost_usernamecode'); } else { $view->show_comment_editor = false; } return $view; }
function getHVToken() { require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library(vB::get_registry()); $token = $verify->generate_token(); $ret = array('input' => $token['answer'], 'hash' => $token['hash']); return $ret; }
function fr_get_hvtoken() { // XXX: This is a hack, we basically turn off hv with this require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library(vB::get_registry()); $token = $verify->generate_token(); $ret = array('input' => $token['answer'], 'hash' => $token['hash']); return $ret; }
/** * Verify a HV token and its answer * * @param string $input HV answer user input ('input') and other data (for example, 'hash') * @param string $action The name of the action to check. register, lostpw etc. * @param bool $return Whether to return a bool value instead of throwing an Exception. * * @throws vB_Exception_Api * @return bool Whether the input answer/hash is correct */ public function verifyToken($input, $action, $return = false) { if (!$this->fetchRequireHvcheck($action)) { return true; } //If we are running in phpunit test mode we just return //TODO- We need a better solution. This works for now but is homely if (defined('VB_UNITTEST')) { //we have to find out if we are running hvtest.php $stacktrace = debug_backtrace(); $inHVTest = false; foreach ($stacktrace as $caller) { if (isset($caller['file']) and basename($caller['file']) == 'hvTest.php') { $inHVTest = true; break; } } if (!$inHVTest) { //We are not testing hVTest. So just take the human verify test as passed. return true; } } require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library(vB::get_registry()); $data = $verify->verify_token($input); if ($data) { return true; } else { if ($return) { return false; } else { throw new vB_Exception_Api($verify->fetch_error()); } } }
/** * vB_Search_Searchtools::searchIntroRegisterHumanVerify() * Handle registration of the human verify components * If necesary, display the human verify form. * * @param mixed $template * @return nothing */ public static function searchIntroRegisterHumanVerify($template) { global $vbulletin; // image verification $human_verify = ''; if (fetch_require_hvcheck('search')) { require_once(DIR . '/includes/class_humanverify.php'); $verification =& vB_HumanVerify::fetch_library($vbulletin); $human_verify = $verification->output_token(); } $template->register('human_verify', $human_verify); }