$lang->load("editpost");$plugins->run_hooks("editpost_start");// No perm

1. $lang->load("editpost");
2.  
3. $plugins->run_hooks("editpost_start");
4.  
5. // No permission for guests
6. if(!$mybb->user['uid'])
7. {
8.     error_no_permission();
9. }
10.  
11. // Get post info
12. $pid = intval($mybb->input['pid']);
13.  
14. // if we already have the post information...
15. if(isset($style) && $style['pid'] == $pid && $style['type'] != 'f')
16. {
17.     $post = &$style;
18. }
19. else
20. {
21.     $query = $db->simple_select("posts", "*", "pid='$pid'");
22.     $post = $db->fetch_array($query);
23. }
24.  
25. if(!$post['pid'])
26. {
27.     error($lang->error_invalidpost);
28. }
29.  
30. // Get thread info
31. $tid = $post['tid'];
32. $thread = get_thread($tid);
33.  
34. if(!$thread['tid'])
35. {
36.     error($lang->error_invalidthread);
37. }
38.  
39. $thread['subject'] = htmlspecialchars_uni($thread['subject']);
40.  
41. // Get forum info
42. $fid = $post['fid'];
43. $forum = get_forum($fid);
44. if(!$forum || $forum['type'] != "f")
45. {
46.     error($lang->error_closedinvalidforum);
47. }
48. if($forum['open'] == 0 || $mybb->user['suspendposting'] == 1)
49. {
50.     error_no_permission();
51. }
52.  
53. // Add prefix to breadcrumb
54. $query = $db->simple_select('threadprefixes', 'displaystyle', "pid='{$thread['prefix']}'");
55. $breadcrumbprefix = $db->fetch_field($query, 'displaystyle');
56.  
57. if($breadcrumbprefix)
58. {
59.     $breadcrumbprefix .= ' ';
60. }
61.  
62. // Make navigation
63. build_forum_breadcrumb($fid);
64. add_breadcrumb($breadcrumbprefix.$thread['subject'], get_thread_link($thread['tid']));
65. add_breadcrumb($lang->nav_editpost);
66.  
67. $forumpermissions = forum_permissions($fid);
68.  
69. if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
70. {
71.     $codebuttons = build_mycode_inserter();
72. }
73. if($mybb->settings['smilieinserter'] != 0)
74. {
75.     $smilieinserter = build_clickable_smilies();
76. }
77.  
78. if(!$mybb->input['action'] || $mybb->input['previewpost'])
79. {
80.     $mybb->input['action'] = "editpost";
81. }
82.  
83. if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post")
84. {
85.     if(!is_moderator($fid, "candeleteposts"))
86.     {
87.         if($thread['closed'] == 1)
88.         {
89.             error($lang->redirect_threadclosed);
90.         }
91.         if($forumpermissions['candeleteposts'] == 0)
92.         {
93.             error_no_permission();
94.         }
95.         if($mybb->user['uid'] != $post['uid'])
96.         {
97.             error_no_permission();
98.         }
99.     }
100. }
101. else
102. {
103.     if(!is_moderator($fid, "caneditposts"))
104.     {
105.         if($thread['closed'] == 1)
106.         {
107.             error($lang->redirect_threadclosed);
108.         }
109.         if($forumpermissions['caneditposts'] == 0)
110.         {
111.             error_no_permission();
112.         }
113.         if($mybb->user['uid'] != $post['uid'])
114.         {
115.             error_no_permission();
116.         }
117.         // Edit time limit
118.         $time = TIME_NOW;
119.         if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < ($time-($mybb->settings['edittimelimit']*60)))
120.         {
121.             $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']);
122.             error($lang->edit_time_limit);
123.         }
124.     }
125. }
126.  
127. // Check if this forum is password protected and we have a valid password
128. check_forum_password($forum['fid']);
129.  
130. if((empty($_POST) && empty($_FILES)) && $mybb->input['processed'] == '1')
131. {
132.     error($lang->error_cannot_upload_php_post);
133. }
134.  
135. if(!$mybb->input['attachmentaid'] && ($mybb->input['newattachment'] || $mybb->input['updateattachment'] || ($mybb->input['action'] == "do_editpost" && $mybb->input['submit'] && $_FILES['attachment'])))
136. {
137.     // Verify incoming POST request
138.     verify_post_check($mybb->input['my_post_key']);
139.    
140.     if($mybb->input['posthash'])
141.     {
142.         $posthash_query = "posthash='".$db->escape_string($mybb->input['posthash'])."' OR ";
143.     }
144.     else
145.     {
146.         $posthash_query = "";
147.     }
148.     $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", "{$posthash_query}pid='{$pid}'");
149.     $attachcount = $db->fetch_field($query, "numattachs");
150.    
151.     // If there's an attachment, check it and upload it
152.     if($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments']))
153.     {
154.         $update_attachment = false;
155.         if($mybb->input['updateattachment'] && ($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']))
156.         {
157.             $update_attachment = true;
158.         }
159.         $attachedfile = upload_attachment($_FILES['attachment'], $update_attachment);
160.     }
161.     if($attachedfile['error'])
162.     {
163.         eval("\$attacherror = \"".$templates->get("error_attacherror")."\";");
164.         $mybb->input['action'] = "editpost";
165.     }
166.     if(!$mybb->input['submit'])
167.     {
168.         $mybb->input['action'] = "editpost";
169.     }
170. }
171.  
172. if($mybb->input['attachmentaid'] && isset($mybb->input['attachmentact']) && $mybb->input['action'] == "do_editpost" && $mybb->request_method == "post") // Lets remove/approve/unapprove the attachment
173. {
174.     // Verify incoming POST request
175.     verify_post_check($mybb->input['my_post_key']);
176.    
177.     $mybb->input['attachmentaid'] = intval($mybb->input['attachmentaid']);
178.     if($mybb->input['attachmentact'] == "remove")
179.     {
180.         remove_attachment($pid, "", $mybb->input['attachmentaid']);
181.     }
182.     elseif($mybb->input['attachmentact'] == "approve" && is_moderator($fid, 'caneditposts'))
183.     {
184.         $update_sql = array("visible" => 1);
185.         $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'");
186.     }
187.     elseif($mybb->input['attachmentact'] == "unapprove" && is_moderator($fid, 'caneditposts'))
188.     {
189.         $update_sql = array("visible" => 0);
190.         $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'");
191.     }
192.     if(!$mybb->input['submit'])
193.     {
194.         $mybb->input['action'] = "editpost";
195.     }
196. }
197.  
198. if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post")
199. {
200.     // Verify incoming POST request
201.     verify_post_check($mybb->input['my_post_key']);
202.  
203.     $plugins->run_hooks("editpost_deletepost");
204.  
205.     if($mybb->input['delete'] == 1)
206.     {
207.         $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc"));
208.         $firstcheck = $db->fetch_array($query);
209.         if($firstcheck['pid'] == $pid)
210.         {
211.             $firstpost = 1;
212.         }
213.         else
214.         {
215.             $firstpost = 0;
216.         }
217.        
218.         $modlogdata['fid'] = $fid;
219.         $modlogdata['tid'] = $tid;
220.         if($firstpost)
221.         {
222.             if($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads"))
223.             {
224.                 delete_thread($tid);
225.                 mark_reports($tid, "thread");
226.                 log_moderator_action($modlogdata, $lang->thread_deleted);
227.                 redirect(get_forum_link($fid), $lang->redirect_threaddeleted);
228.             }
229.             else
230.             {
231.                 error_no_permission();
232.             }
233.         }
234.         else
235.         {
236.             if($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts"))
237.             {
238.                 // Select the first post before this
239.                 delete_post($pid, $tid);
240.                 mark_reports($pid, "post");
241.                 log_moderator_action($modlogdata, $lang->post_deleted);
242.                 $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND dateline <= '{$post['dateline']}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "desc"));
243.                 $next_post = $db->fetch_array($query);
244.                 if($next_post['pid'])
245.                 {
246.                     $redirect = get_post_link($next_post['pid'], $tid)."#pid{$next_post['pid']}";
247.                 }
248.                 else
249.                 {
250.                     $redirect = get_thread_link($tid);
251.                 }
252.                 redirect($redirect, $lang->redirect_postdeleted);
253.             }
254.             else
255.             {
256.                 error_no_permission();
257.             }
258.         }
259.     }
260.     else
261.     {
262.         error($lang->redirect_nodelete);
263.     }
264. }
265.  
266. if($mybb->input['action'] == "do_editpost" && $mybb->request_method == "post")
267. {
268.     // Verify incoming POST request
269.     verify_post_check($mybb->input['my_post_key']);
270.  
271.     $plugins->run_hooks("editpost_do_editpost_start");
272.  
273.     // Set up posthandler.
274.     require_once MYBB_ROOT."inc/datahandlers/post.php";
275.     $posthandler = new PostDataHandler("update");
276.     $posthandler->action = "post";
277.  
278.     // Set the post data that came from the input to the $post array.
279.     $post = array(
280.         "pid" => $mybb->input['pid'],
281.         "prefix" => $mybb->input['threadprefix'],
282.         "subject" => $mybb->input['subject'],
283.         "icon" => $mybb->input['icon'],
284.         "uid" => $mybb->user['uid'],
285.         "username" => $mybb->user['username'],
286.         "edit_uid" => $mybb->user['uid'],
287.         "message" => $mybb->input['message'],
288.     );
289.  
290.     // Set up the post options from the input.
291.     $post['options'] = array(
292.         "signature" => $mybb->input['postoptions']['signature'],
293.         "subscriptionmethod" => $mybb->input['postoptions']['subscriptionmethod'],
294.         "disablesmilies" => $mybb->input['postoptions']['disablesmilies']
295.     );
296.  
297.     $posthandler->set_data($post);
298.  
299.     // Now let the post handler do all the hard work.
300.     if(!$posthandler->validate_post())
301.     {
302.         $post_errors = $posthandler->get_friendly_errors();
303.         $post_errors = inline_error($post_errors);
304.         $mybb->input['action'] = "editpost";
305.     }
306.     // No errors were found, we can call the update method.
307.     else
308.     {
309.         $postinfo = $posthandler->update_post();
310.         $visible = $postinfo['visible'];
311.         $first_post = $postinfo['first_post'];
312.  
313.         // Help keep our attachments table clean.
314.         $db->delete_query("attachments", "filename='' OR filesize<1");
315.  
316.         // Did the user choose to post a poll? Redirect them to the poll posting page.
317.         if($mybb->input['postpoll'] && $forumpermissions['canpostpolls'])
318.         {
319.             $url = "polls.php?action=newpoll&tid=$tid&polloptions=".intval($mybb->input['numpolloptions']);
320.             $lang->redirect_postedited = $lang->redirect_postedited_poll;
321.         }
322.         else if($visible == 0 && $first_post && !is_moderator($fid, "", $mybb->user['uid']))
323.         {
324.             // Moderated post
325.             $lang->redirect_postedited .= $lang->redirect_thread_moderation;
326.             $url = get_forum_link($fid);
327.         }
328.         else if($visible == 0 && !is_moderator($fid, "", $mybb->user['uid']))
329.         {
330.             $lang->redirect_postedited .= $lang->redirect_post_moderation;
331.             $url = get_thread_link($tid);
332.         }
333.         // Otherwise, send them back to their post
334.         else
335.         {
336.             $lang->redirect_postedited .= $lang->redirect_postedited_redirect;
337.             $url = get_post_link($pid, $tid)."#pid{$pid}";
338.         }
339.         $plugins->run_hooks("editpost_do_editpost_end");
340.  
341.         redirect($url, $lang->redirect_postedited);
342.     }
343. }
344.  
345. if(!$mybb->input['action'] || $mybb->input['action'] == "editpost")
346. {
347.     $plugins->run_hooks("editpost_action_start");
348.  
349.     if(!$mybb->input['previewpost'])
350.     {
351.         $icon = $post['icon'];
352.     }
353.  
354.     if($forum['allowpicons'] != 0)
355.     {
356.         $posticons = get_post_icons();
357.     }
358.  
359.     if($mybb->user['uid'] != 0)
360.     {
361.         eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
362.     }
363.     else
364.     {
365.         eval("\$loginbox = \"".$templates->get("loginbox")."\";");
366.     }
367.  
368.     // Setup a unique posthash for attachment management
369.     $posthash = htmlspecialchars_uni($post['posthash']);
370.  
371.     $bgcolor = "trow1";
372.     if($forumpermissions['canpostattachments'] != 0)
373.     { // Get a listing of the current attachments, if there are any
374.         $attachcount = 0;
375.         if($posthash)
376.         {
377.             $posthash_query = "posthash='{$posthash}' OR ";
378.         }
379.         else
380.         {
381.             $posthash_query = "";
382.         }
383.         $query = $db->simple_select("attachments", "*", "{$posthash_query}pid='{$pid}'");
384.         $attachments = '';
385.         while($attachment = $db->fetch_array($query))
386.         {
387.             $attachment['size'] = get_friendly_size($attachment['filesize']);
388.             $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename']));
389.             $attachment['filename'] = htmlspecialchars_uni($attachment['filename']);
390.  
391.             if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && (!$mybb->user['uid'] || $mybb->user['showcodebuttons'] != 0))
392.             {
393.                 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";");
394.             }
395.             // Moderating options
396.             $attach_mod_options = '';
397.             if(is_moderator($fid))
398.             {
399.                 if($attachment['visible'] == 1)
400.                 {
401.                     eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_unapprove")."\";");
402.                 }
403.                 else
404.                 {
405.                     eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_approve")."\";");
406.                 }
407.             }
408.  
409.             // Remove Attachment
410.             eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";");
411.  
412.             if($attachment['visible'] != 1)
413.             {
414.                 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";");
415.             }
416.             else
417.             {
418.                 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";");
419.             }
420.             $attachcount++;
421.         }
422.         $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'");
423.         $usage = $db->fetch_array($query);
424.         if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0)
425.         {
426.             $noshowattach = 1;
427.         }
428.         if($mybb->usergroup['attachquota'] == 0)
429.         {
430.             $friendlyquota = $lang->unlimited;
431.         }
432.         else
433.         {
434.             $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024);
435.         }
436.         $friendlyusage = get_friendly_size($usage['ausage']);
437.         $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyusage, $friendlyquota);
438.         if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach)
439.         {
440.             if($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments'])
441.             {
442.                 eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";");
443.             }
444.  
445.             eval("\$newattach = \"".$templates->get("post_attachments_new")."\";");
446.         }
447.         eval("\$attachbox = \"".$templates->get("post_attachments")."\";");
448.     }
449.     if(!$mybb->input['attachmentaid'] && !$mybb->input['newattachment'] && !$mybb->input['updateattachment'] && !$mybb->input['previewpost'] && !$maximageserror)
450.     {
451.         $message = $post['message'];
452.         $subject = $post['subject'];
453.     }
454.     else
455.     {
456.         $message = $mybb->input['message'];
457.         $subject = $mybb->input['subject'];
458.     }
459.  
460.     if($mybb->input['previewpost'] || $post_errors)
461.     {
462.         // Set up posthandler.
463.         require_once MYBB_ROOT."inc/datahandlers/post.php";
464.         $posthandler = new PostDataHandler("update");
465.         $posthandler->action = "post";
466.    
467.         // Set the post data that came from the input to the $post array.
468.         $post = array(
469.             "pid" => $mybb->input['pid'],
470.             "prefix" => $mybb->input['threadprefix'],
471.             "subject" => $mybb->input['subject'],
472.             "icon" => $mybb->input['icon'],
473.             "uid" => $post['uid'],
474.             "edit_uid" => $mybb->user['uid'],
475.             "message" => $mybb->input['message'],
476.         );
477.  
478.         if(!$mybb->input['previewpost'])
479.         {
480.             $post['uid'] = $mybb->user['uid'];
481.             $post['username'] = $mybb->user['username'];
482.         }
483.    
484.         // Set up the post options from the input.
485.         $post['options'] = array(
486.             "signature" => $mybb->input['postoptions']['signature'],
487.             "emailnotify" => $mybb->input['postoptions']['emailnotify'],
488.             "disablesmilies" => $mybb->input['postoptions']['disablesmilies']
489.         );
490.    
491.         $posthandler->set_data($post);
492.    
493.         // Now let the post handler do all the hard work.
494.         if(!$posthandler->validate_post())
495.         {
496.             $post_errors = $posthandler->get_friendly_errors();
497.             $post_errors = inline_error($post_errors);
498.             $mybb->input['action'] = "editpost";
499.             $mybb->input['previewpost'] = 0;
500.         }
501.         else
502.         {
503.             $previewmessage = $message;
504.             $previewsubject = $subject;
505.             $message = htmlspecialchars_uni($message);
506.             $subject = htmlspecialchars_uni($subject);
507.  
508.             $postoptions = $mybb->input['postoptions'];
509.  
510.             if($postoptions['signature'] == 1)
511.             {
512.                 $postoptionschecked['signature'] = " checked=\"checked\"";
513.             }
514.  
515.             if($postoptions['subscriptionmethod'] == "none")
516.             {
517.                 $postoptions_subscriptionmethod_none = "checked=\"checked\"";
518.             }
519.             else if($postoptions['subscriptionmethod'] == "instant")
520.             {
521.                 $postoptions_subscriptionmethod_instant = "checked=\"checked\"";
522.             }
523.             else
524.             {
525.                 $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
526.             }
527.  
528.             if($postoptions['disablesmilies'] == 1)
529.             {
530.                 $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
531.             }
532.         }
533.     }
534.  
535.     if($mybb->input['previewpost'])
536.     {
537.         // Figure out the poster's other information.
538.         $query = $db->query("
539.             SELECT u.*, f.*, p.dateline
540.             FROM ".TABLE_PREFIX."users u
541.             LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
542.             LEFT JOIN ".TABLE_PREFIX."posts p ON (p.uid=u.uid)
543.             WHERE u.uid='{$post['uid']}' AND p.pid='{$pid}'
544.             LIMIT 1
545.         ");
546.         $postinfo = $db->fetch_array($query);
547.  
548.         $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
549.         while($attachment = $db->fetch_array($query))
550.         {
551.             $attachcache[0][$attachment['aid']] = $attachment;
552.         }
553.  
554.         // Set the values of the post info array.
555.         $postinfo['userusername'] = $postinfo['username'];
556.         $postinfo['message'] = $previewmessage;
557.         $postinfo['subject'] = $previewsubject;
558.         $postinfo['icon'] = $icon;
559.         $postinfo['smilieoff'] = $postoptions['disablesmilies'];
560.  
561.         $postbit = build_postbit($postinfo, 1);
562.         eval("\$preview = \"".$templates->get("previewpost")."\";");
563.     }
564.     else if(!$post_errors)
565.     {
566.         $message = htmlspecialchars_uni($message);
567.         $subject = htmlspecialchars_uni($subject);
568.  
569.         if($post['includesig'] != 0)
570.         {
571.             $postoptionschecked['signature'] = " checked=\"checked\"";
572.         }
573.  
574.         if($post['smilieoff'] == 1)
575.         {
576.             $postoptionschecked['disablesmilies'] = " checked=\"checked\"";
577.         }
578.  
579.         $query = $db->simple_select("threadsubscriptions", "notification", "tid='{$tid}' AND uid='{$mybb->user['uid']}'");
580.         if($db->num_rows($query) > 0)
581.         {
582.             $notification = $db->fetch_field($query, 'notification');
583.  
584.             if($notification ==  0)
585.             {
586.                 $postoptions_subscriptionmethod_none = "checked=\"checked\"";
587.             }
588.             else if($notification == 1)
589.             {
590.                 $postoptions_subscriptionmethod_instant = "checked=\"checked\"";
591.             }
592.             else
593.             {
594.                 $postoptions_subscriptionmethod_dont = "checked=\"checked\"";
595.             }
596.         }
597.     }
598.    
599.     // Generate thread prefix selector if this is the first post of the thread
600.     if($thread['firstpost'] == $pid)
601.     {
602.         if(!intval($mybb->input['threadprefix']))
603.         {
604.             $mybb->input['threadprefix'] = $thread['prefix'];
605.         }
606.        
607.         $prefixselect = build_prefix_select($forum['fid'], $mybb->input['threadprefix']);
608.     }
609.     else
610.     {
611.         $prefixselect = "";
612.     }
613.    
614.     // Fetch subscription select box
615.     $bgcolor = "trow1";
616.     eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";");
617.  
618.     $bgcolor2 = "trow2";
619.     $query = $db->simple_select("posts", "*", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc"));
620.     $firstcheck = $db->fetch_array($query);
621.     if($firstcheck['pid'] == $pid && $forumpermissions['canpostpolls'] != 0 && $thread['poll'] < 1)
622.     {
623.         $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']);
624.         $numpolloptions = "2";
625.         eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";");
626.     }
627.    
628.     // Can we disable smilies or are they disabled already?
629.     if($forum['allowsmilies'] != 0)
630.     {
631.         eval("\$disablesmilies = \"".$templates->get("editpost_disablesmilies")."\";");
632.     }
633.     else
634.     {
635.         $disablesmilies = "<input type=\"hidden\" name=\"postoptions[disablesmilies]\" value=\"no\" />";
636.     }
637.  
638.     $plugins->run_hooks("editpost_end");
639.    
640.     $forum['name'] = strip_tags($forum['name']);
641.  
642.     eval("\$editpost = \"".$templates->get("editpost")."\";");
643.     output_page($editpost);
644. }
645. ?>