Advertisement
Guest User

Untitled

a guest
May 20th, 2012
323
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 100.90 KB | None | 0 0
  1. <?php
  2. if (!defined('SMF'))
  3. die('Hacking attempt...');
  4.  
  5. function Post()
  6. {
  7. global $txt, $scripturl, $topic, $db_prefix, $modSettings, $board, $ID_MEMBER;
  8. global $user_info, $sc, $board_info, $context, $settings, $sourcedir;
  9. global $options, $func, $language;
  10. loadLanguage('Post');
  11.  
  12. $request = db_query("
  13. SELECT b.ID_BOARD, b.name, b.childLevel, c.name AS catName
  14. FROM {$db_prefix}boards AS b
  15. LEFT JOIN {$db_prefix}categories AS c ON (c.ID_CAT = b.ID_CAT)
  16. ", __FILE__, __LINE__);
  17. $context['boards'] = array();
  18. while ($row = mysql_fetch_assoc($request))
  19. $context['boards'][] = array(
  20. 'id' => $row['ID_BOARD'],
  21. 'name' => $row['name'],
  22. 'category' => $row['catName'],
  23. 'child_level' => $row['childLevel'],
  24. );
  25. mysql_free_result($request);
  26. $categorias = $_POST['categorias'];
  27.  
  28. require_once($sourcedir . '/Subs-Post.php');
  29. $context['can_hide_post'] = 0;
  30. $context['hidden_option'] = 0;
  31. $context['hidden_value'] = 0;
  32. if (!empty($topic))
  33. {
  34. $request = db_query("
  35. SELECT
  36. t.locked, IFNULL(ln.ID_TOPIC, 0) AS notify, t.isSticky, t.ID_POLL, t.numReplies, mf.ID_MEMBER,
  37. t.ID_FIRST_MSG, mf.subject, GREATEST(ml.posterTime, ml.modifiedTime) AS lastPostTime
  38. FROM {$db_prefix}topics AS t
  39. LEFT JOIN {$db_prefix}log_notify AS ln ON (ln.ID_TOPIC = t.ID_TOPIC AND ln.ID_MEMBER = $ID_MEMBER)
  40. LEFT JOIN {$db_prefix}messages AS mf ON (mf.ID_MSG = t.ID_FIRST_MSG)
  41. LEFT JOIN {$db_prefix}messages AS ml ON (ml.ID_MSG = t.ID_LAST_MSG)
  42. WHERE t.ID_TOPIC = $topic
  43. LIMIT 1", __FILE__, __LINE__);
  44. list ($locked, $context['notify'], $sticky, $pollID, $context['num_replies'], $ID_MEMBER_POSTER, $ID_FIRST_MSG, $first_subject, $lastPostTime) = mysql_fetch_row($request);
  45. mysql_free_result($request);
  46.  
  47. // If this topic already has a poll, they sure can't add another.
  48. if (isset($_REQUEST['poll']) && $pollID > 0)
  49. unset($_REQUEST['poll']);
  50.  
  51. if (empty($_REQUEST['msg']))
  52. {
  53. if ($user_info['is_guest'] && !allowedTo('post_reply_any'))
  54. is_not_guest();
  55.  
  56. if ($ID_MEMBER_POSTER != $ID_MEMBER)
  57. isAllowedTo('post_reply_any');
  58. elseif (!allowedTo('post_reply_any'))
  59. isAllowedTo('post_reply_own');
  60. }
  61.  
  62. $context['can_hide_post'] = (allowedTo('hide_post_any') || ($ID_MEMBER == $ID_MEMBER_POSTER && allowedTo('hide_post_own'))) && !empty($modSettings['allow_hiddenPost']);
  63. $context['can_lock'] = allowedTo('lock_any') || ($ID_MEMBER == $ID_MEMBER_POSTER && allowedTo('lock_own'));
  64. $context['can_sticky'] = allowedTo('make_sticky') && !empty($modSettings['enableStickyTopics']);
  65.  
  66. $context['notify'] = !empty($context['notify']);
  67. $context['sticky'] = isset($_REQUEST['sticky']) ? !empty($_REQUEST['sticky']) : $sticky;
  68. }
  69. else
  70. {
  71. if ((!$context['make_event'] || !empty($board)) && (!isset($_REQUEST['poll']) || $modSettings['pollMode'] != '1'))
  72. isAllowedTo('post_new');
  73.  
  74. $locked = 0;
  75. // !!! These won't work if you're making an event.
  76. $context['can_hide_post'] = allowedTo(array('hide_post_any', 'hide_post_own')) && !empty($modSettings['allow_hiddenPost']);
  77. $context['can_lock'] = allowedTo(array('lock_any', 'lock_own'));
  78. $context['can_sticky'] = allowedTo('make_sticky') && !empty($modSettings['enableStickyTopics']);
  79.  
  80. $context['notify'] = !empty($context['notify']);
  81. $context['sticky'] = !empty($_REQUEST['sticky']);
  82. }
  83.  
  84. // !!! These won't work if you're posting an event!
  85. $context['max_hidden_value'] = sprintf($txt['hide_value'], $modSettings['max_hiddenValue']);
  86. $context['can_notify'] = allowedTo('mark_any_notify');
  87. $context['can_move'] = allowedTo('move_any');
  88. $context['can_announce'] = allowedTo('announce_topic');
  89. $context['locked'] = !empty($locked) || !empty($_REQUEST['lock']);
  90.  
  91. // An array to hold all the attachments for this topic.
  92. $context['current_attachments'] = array();
  93.  
  94. // Don't allow a post if it's locked and you aren't all powerful.
  95. if ($locked && !allowedTo('moderate_board'))
  96. fatal_lang_error(90, false);
  97.  
  98. // Check the users permissions - is the user allowed to add or post a poll?
  99. if (isset($_REQUEST['poll']) && $modSettings['pollMode'] == '1')
  100. {
  101. // New topic, new poll.
  102. if (empty($topic))
  103. isAllowedTo('poll_post');
  104. // This is an old topic - but it is yours! Can you add to it?
  105. elseif ($ID_MEMBER == $ID_MEMBER_POSTER && !allowedTo('poll_add_any'))
  106. isAllowedTo('poll_add_own');
  107. // If you're not the owner, can you add to any poll?
  108. else
  109. isAllowedTo('poll_add_any');
  110.  
  111. // Set up the poll options.
  112. $context['poll_options'] = array(
  113. 'max_votes' => empty($_POST['poll_max_votes']) ? '1' : max(1, $_POST['poll_max_votes']),
  114. 'hide' => empty($_POST['poll_hide']) ? 0 : $_POST['poll_hide'],
  115. 'expire' => !isset($_POST['poll_expire']) ? '' : $_POST['poll_expire'],
  116. 'change_vote' => isset($_POST['poll_change_vote'])
  117. );
  118.  
  119. // Make all five poll choices empty.
  120. $context['choices'] = array(
  121. array('id' => 0, 'number' => 1, 'label' => '', 'is_last' => false),
  122. array('id' => 1, 'number' => 2, 'label' => '', 'is_last' => false),
  123. array('id' => 2, 'number' => 3, 'label' => '', 'is_last' => false),
  124. array('id' => 3, 'number' => 4, 'label' => '', 'is_last' => false),
  125. array('id' => 4, 'number' => 5, 'label' => '', 'is_last' => true)
  126. );
  127. }
  128.  
  129. if ($context['make_event'])
  130. {
  131. // They might want to pick a board.
  132. if (!isset($context['current_board']))
  133. $context['current_board'] = 0;
  134.  
  135. // Start loading up the event info.
  136. $context['event'] = array();
  137. $context['event']['title'] = isset($_REQUEST['evtitle']) ? htmlspecialchars(stripslashes($_REQUEST['evtitle'])) : '';
  138.  
  139. $context['event']['id'] = isset($_REQUEST['eventid']) ? (int) $_REQUEST['eventid'] : -1;
  140. $context['event']['new'] = $context['event']['id'] == -1;
  141.  
  142. // Permissions check!
  143. isAllowedTo('calendar_post');
  144.  
  145. // Editing an event? (but NOT previewing!?)
  146. if (!$context['event']['new'] && !isset($_REQUEST['subject']))
  147. {
  148. // If the user doesn't have permission to edit the post in this topic, redirect them.
  149. if ($ID_MEMBER_POSTER != $ID_MEMBER || !allowedTo('modify_own') && !allowedTo('modify_any'))
  150. {
  151. require_once($sourcedir . '/Calendar.php');
  152. return CalendarPost();
  153. }
  154. // Bloquear postear nuevos users en 2 dias
  155. if(($fechaderegistro+$undia)>time())
  156. {fatal_error("Debes esperar al menos un dia para publicar.",false);}
  157.  
  158. $dias = 2;
  159. $espera = (60 * 60 * 24 * $dias);
  160.  
  161. $is_posteable = $espera > $mem_register_time;
  162.  
  163. if(!$is_posteable){
  164.  
  165. $context['post']['errors'] = 'days_for_posting';
  166. return post();
  167.  
  168. }
  169.  
  170. // Get the current event information.
  171. $request = db_query("
  172. SELECT
  173. ID_MEMBER, title, MONTH(startDate) AS month, DAYOFMONTH(startDate) AS day,
  174. YEAR(startDate) AS year, (TO_DAYS(endDate) - TO_DAYS(startDate)) AS span
  175. FROM {$db_prefix}calendar
  176. WHERE ID_EVENT = " . $context['event']['id'] . "
  177. LIMIT 1", __FILE__, __LINE__);
  178. $row = mysql_fetch_assoc($request);
  179. mysql_free_result($request);
  180.  
  181. // Make sure the user is allowed to edit this event.
  182. if ($row['ID_MEMBER'] != $ID_MEMBER)
  183. isAllowedTo('calendar_edit_any');
  184. elseif (!allowedTo('calendar_edit_any'))
  185. isAllowedTo('calendar_edit_own');
  186.  
  187. $context['event']['month'] = $row['month'];
  188. $context['event']['day'] = $row['day'];
  189. $context['event']['year'] = $row['year'];
  190. $context['event']['title'] = $row['title'];
  191. $context['event']['span'] = $row['span'] + 1;
  192. }
  193. else
  194. {
  195. $today = getdate();
  196.  
  197. // You must have a month and year specified!
  198. if (!isset($_REQUEST['month']))
  199. $_REQUEST['month'] = $today['mon'];
  200. if (!isset($_REQUEST['year']))
  201. $_REQUEST['year'] = $today['year'];
  202.  
  203. $context['event']['month'] = (int) $_REQUEST['month'];
  204. $context['event']['year'] = (int) $_REQUEST['year'];
  205. $context['event']['day'] = isset($_REQUEST['day']) ? $_REQUEST['day'] : ($_REQUEST['month'] == $today['mon'] ? $today['mday'] : 0);
  206. $context['event']['span'] = isset($_REQUEST['span']) ? $_REQUEST['span'] : 1;
  207.  
  208.  
  209. $request = db_query("
  210. SELECT c.name AS catName, c.ID_CAT, b.ID_BOARD, b.name AS boardName, b.childLevel
  211. FROM {$db_prefix}boards AS b
  212. LEFT JOIN {$db_prefix}categories AS c ON (c.ID_CAT = b.ID_CAT)
  213. WHERE $user_info[query_see_board]" . (in_array(0, $boards) ? '' : "
  214. AND b.ID_BOARD IN (" . implode(', ', $boards) . ")"), __FILE__, __LINE__);
  215. $context['event']['boards'] = array();
  216. while ($row = mysql_fetch_assoc($request))
  217. $context['event']['boards'][] = array(
  218. 'id' => $row['ID_BOARD'],
  219. 'name' => $row['boardName'],
  220. 'childLevel' => $row['childLevel'],
  221. 'prefix' => str_repeat('&nbsp;', $row['childLevel'] * 3),
  222. 'cat' => array(
  223. 'id' => $row['ID_CAT'],
  224. 'name' => $row['catName']
  225. )
  226. );
  227. mysql_free_result($request);
  228. }
  229.  
  230. // Find the last day of the month.
  231. $context['event']['last_day'] = (int) strftime('%d', mktime(0, 0, 0, $context['event']['month'] == 12 ? 1 : $context['event']['month'] + 1, 0, $context['event']['month'] == 12 ? $context['event']['year'] + 1 : $context['event']['year']));
  232.  
  233. $context['event']['board'] = !empty($board) ? $board : $modSettings['cal_defaultboard'];
  234. }
  235.  
  236. if (empty($context['post_errors']))
  237. $context['post_errors'] = array();
  238.  
  239. // See if any new replies have come along.
  240. if (empty($_REQUEST['msg']) && !empty($topic))
  241. {
  242. if (empty($options['no_new_reply_warning']) && isset($_REQUEST['num_replies']))
  243. {
  244. $newReplies = $context['num_replies'] > $_REQUEST['num_replies'] ? $context['num_replies'] - $_REQUEST['num_replies'] : 0;
  245.  
  246. if (!empty($newReplies))
  247. {
  248. if ($newReplies == 1)
  249. $txt['error_new_reply'] = isset($_GET['num_replies']) ? $txt['error_new_reply_reading'] : $txt['error_new_reply'];
  250. else
  251. $txt['error_new_replies'] = sprintf(isset($_GET['num_replies']) ? $txt['error_new_replies_reading'] : $txt['error_new_replies'], $newReplies);
  252.  
  253. // If they've come from the display page then we treat the error differently....
  254. if (isset($_GET['num_replies']))
  255. $newRepliesError = $newReplies;
  256. else
  257. $context['post_error'][$newReplies == 1 ? 'new_reply' : 'new_replies'] = true;
  258.  
  259. $modSettings['topicSummaryPosts'] = $newReplies > $modSettings['topicSummaryPosts'] ? max($modSettings['topicSummaryPosts'], 5) : $modSettings['topicSummaryPosts'];
  260. }
  261. }
  262. // Check whether this is a really old post being bumped...
  263. if (!empty($modSettings['oldTopicDays']) && $lastPostTime + $modSettings['oldTopicDays'] * 86400 < time() && empty($sticky) && !isset($_REQUEST['subject']))
  264. $oldTopicError = true;
  265. }
  266.  
  267. // Get a response prefix (like 'Re:') in the default forum language.
  268. if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix')))
  269. {
  270. if ($language === $user_info['language'])
  271. $context['response_prefix'] = $txt['response_prefix'];
  272. else
  273. {
  274. loadLanguage('index', $language, false);
  275. $context['response_prefix'] = $txt['response_prefix'];
  276. loadLanguage('index');
  277. }
  278. cache_put_data('response_prefix', $context['response_prefix'], 600);
  279. }
  280.  
  281. // Previewing, modifying, or posting?
  282. if (isset($_REQUEST['message']) || !empty($context['post_error']))
  283. {
  284. checkSession('get');
  285.  
  286. $request = db_query("
  287. SELECT
  288. m.ID_MEMBER, m.posterName, t.ID_MEMBER_STARTED
  289. FROM {$db_prefix}messages AS m, {$db_prefix}topics AS t
  290. WHERE m.ID_MSG = " . (int) $_REQUEST['msg'] . "", __FILE__, __LINE__);
  291. if (mysql_num_rows($request) == 0)
  292. fatal_lang_error('noresponder', false);
  293. $row = mysql_fetch_assoc($request);
  294.  
  295. if ($row['ID_MEMBER'] != $ID_MEMBER && (!allowedTo('modify_any')))
  296. fatal_lang_error('noresponder', false);
  297.  
  298. // Validate inputs.
  299. if (empty($context['post_error']))
  300. {
  301. if ($func['htmltrim']($_REQUEST['subject']) == '')
  302. $context['post_error']['no_subject'] = true;
  303. if ($func['htmltrim']($_REQUEST['message']) == '')
  304. $context['post_error']['no_message'] = true;
  305. if (!empty($modSettings['max_messageLength']) && $func['strlen']($_REQUEST['message']) > $modSettings['max_messageLength'])
  306. $context['post_error']['long_message'] = true;
  307.  
  308. // Are you... a guest?
  309. if ($user_info['is_guest'])
  310. {
  311. $_REQUEST['guestname'] = !isset($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']);
  312. $_REQUEST['email'] = !isset($_REQUEST['email']) ? '' : trim($_REQUEST['email']);
  313.  
  314. // Validate the name and email.
  315. if (!isset($_REQUEST['guestname']) || trim(strtr($_REQUEST['guestname'], '_', ' ')) == '')
  316. $context['post_error']['no_name'] = true;
  317. elseif ($func['strlen']($_REQUEST['guestname']) > 25)
  318. $context['post_error']['long_name'] = true;
  319. else
  320. {
  321. require_once($sourcedir . '/Subs-Members.php');
  322. if (isReservedName(htmlspecialchars($_REQUEST['guestname']), 0, true, false))
  323. {
  324.  
  325. $context['post_error']['bad_name'] = true;
  326. }
  327. }
  328.  
  329. if (empty($modSettings['guest_post_no_email']))
  330. {
  331. if (!isset($_REQUEST['email']) || $_REQUEST['email'] == '')
  332. $context['post_error']['no_email'] = true;
  333. elseif (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', stripslashes($_REQUEST['email'])) == 0)
  334. $context['post_error']['bad_email'] = true;
  335. }
  336. }
  337.  
  338. // This is self explanatory - got any questions?
  339. if (isset($_REQUEST['question']) && trim($_REQUEST['question']) == '')
  340. $context['post_error']['no_question'] = true;
  341.  
  342. // This means they didn't click Post and get an error.
  343. $really_previewing = true;
  344. }
  345. else
  346. {
  347. if (!isset($_REQUEST['subject']))
  348. $_REQUEST['subject'] = '';
  349. if (!isset($_REQUEST['message']))
  350. $_REQUEST['message'] = '';
  351. if (!isset($_REQUEST['icon']))
  352. $_REQUEST['icon'] = 'xx';
  353.  
  354. $really_previewing = false;
  355. }
  356.  
  357. // Set up the inputs for the form.
  358. $form_subject = strtr($func['htmlspecialchars'](stripslashes($_REQUEST['subject'])), array("\r" => '', "\n" => '', "\t" => ''));
  359. $form_message = $func['htmlspecialchars'](stripslashes($_REQUEST['message']), ENT_QUOTES);
  360.  
  361. // Make sure the subject isn't too long - taking into account special characters.
  362. if ($func['strlen']($form_subject) > 100)
  363. $form_subject = $func['substr']($form_subject, 0, 100);
  364.  
  365. // Have we inadvertently trimmed off the subject of useful information?
  366. if ($func['htmltrim']($form_subject) === '')
  367. $context['post_error']['no_subject'] = true;
  368.  
  369. // Any errors occurred?
  370. if (!empty($context['post_error']))
  371. {
  372. loadLanguage('Errors');
  373.  
  374. $context['error_type'] = 'minor';
  375.  
  376. $context['post_error']['messages'] = array();
  377. foreach ($context['post_error'] as $post_error => $dummy)
  378. {
  379. if ($post_error == 'messages')
  380. continue;
  381.  
  382. $context['post_error']['messages'][] = $txt['error_' . $post_error];
  383.  
  384. // If it's not a minor error flag it as such.
  385. if (!in_array($post_error, array('new_reply', 'new_replies', 'old_topic')))
  386. $context['error_type'] = 'serious';
  387. }
  388. }
  389.  
  390. if (isset($_REQUEST['poll']))
  391. {
  392. $context['question'] = isset($_REQUEST['question']) ? $func['htmlspecialchars'](stripslashes(trim($_REQUEST['question']))) : '';
  393.  
  394. $context['choices'] = array();
  395. $choice_id = 0;
  396.  
  397. $_POST['options'] = empty($_POST['options']) ? array() : htmlspecialchars__recursive(stripslashes__recursive($_POST['options']));
  398. foreach ($_POST['options'] as $option)
  399. {
  400. if (trim($option) == '')
  401. continue;
  402.  
  403. $context['choices'][] = array(
  404. 'id' => $choice_id++,
  405. 'number' => $choice_id,
  406. 'label' => $option,
  407. 'is_last' => false
  408. );
  409. }
  410.  
  411. if (count($context['choices']) < 2)
  412. {
  413. $context['choices'][] = array(
  414. 'id' => $choice_id++,
  415. 'number' => $choice_id,
  416. 'label' => '',
  417. 'is_last' => false
  418. );
  419. $context['choices'][] = array(
  420. 'id' => $choice_id++,
  421. 'number' => $choice_id,
  422. 'label' => '',
  423. 'is_last' => false
  424. );
  425. }
  426. $context['choices'][count($context['choices']) - 1]['is_last'] = true;
  427. }
  428.  
  429. // Are you... a guest?
  430. if ($user_info['is_guest'])
  431. {
  432. $_REQUEST['guestname'] = !isset($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']);
  433. $_REQUEST['email'] = !isset($_REQUEST['email']) ? '' : trim($_REQUEST['email']);
  434.  
  435. $_REQUEST['guestname'] = htmlspecialchars($_REQUEST['guestname']);
  436. $context['name'] = $_REQUEST['guestname'];
  437. $_REQUEST['email'] = htmlspecialchars($_REQUEST['email']);
  438. $context['email'] = $_REQUEST['email'];
  439.  
  440. $user_info['name'] = $_REQUEST['guestname'];
  441. }
  442.  
  443. // Only show the preview stuff if they hit Preview.
  444. if ($really_previewing == true || isset($_REQUEST['xml']))
  445. {
  446. // Set up the preview message and subject and censor them...
  447. $context['preview_message'] = $form_message;
  448. preparsecode($form_message, true);
  449. preparsecode($context['preview_message']);
  450.  
  451. // Do all bulletin board code tags, with or without smileys.
  452. $context['preview_message'] = parse_bbc($context['preview_message'], isset($_REQUEST['ns']) ? 0 : 1);
  453.  
  454. if ($form_subject != '')
  455. {
  456. $context['preview_subject'] = $form_subject;
  457.  
  458. censorText($context['preview_subject']);
  459. censorText($context['preview_message']);
  460. }
  461. else
  462. $context['preview_subject'] = '<i>' . $txt[24] . '</i>';
  463.  
  464. // Protect any CDATA blocks.
  465. if (isset($_REQUEST['xml']))
  466. $context['preview_message'] = strtr($context['preview_message'], array(']]>' => ']]]]><![CDATA[>'));
  467. }
  468.  
  469. // Set up the checkboxes.
  470. $context['notify'] = !empty($_REQUEST['notify']);
  471. $context['use_smileys'] = !isset($_REQUEST['ns']);
  472.  
  473. $context['icon'] = isset($_REQUEST['icon']) ? preg_replace('~[\./\\\\*\':"<>]~', '', $_REQUEST['icon']) : 'xx';
  474.  
  475. // Set the destination action for submission.
  476. $context['destination'] = 'post2;start=' . $_REQUEST['start'] . (isset($_REQUEST['msg']) ? ';msg=' . $_REQUEST['msg'] . ';sesc=' . $sc : '') . (isset($_REQUEST['poll']) ? ';poll' : '');
  477. $context['submit_label'] = isset($_REQUEST['msg']) ? $txt[10] : $txt[105];
  478.  
  479. // Previewing an edit?
  480. if (isset($_REQUEST['msg']))
  481. {
  482. if (!empty($modSettings['attachmentEnable']))
  483. {
  484. $request = db_query("
  485. SELECT IFNULL(size, -1) AS filesize, filename, ID_ATTACH
  486. FROM {$db_prefix}attachments
  487. WHERE ID_MSG = " . (int) $_REQUEST['msg'] . "
  488. AND attachmentType = 0", __FILE__, __LINE__);
  489. while ($row = mysql_fetch_assoc($request))
  490. {
  491. if ($row['filesize'] <= 0)
  492. continue;
  493. $context['current_attachments'][] = array(
  494. 'name' => htmlspecialchars($row['filename']),
  495. 'id' => $row['ID_ATTACH']
  496. );
  497. }
  498. mysql_free_result($request);
  499. }
  500.  
  501. // Allow moderators to change names....
  502. if (allowedTo('moderate_forum') && !empty($topic))
  503. {
  504. $request = db_query("
  505. SELECT ID_MEMBER, posterName, posterEmail
  506. FROM {$db_prefix}messages
  507. WHERE ID_MSG = " . (int) $_REQUEST['msg'] . "
  508. AND ID_TOPIC = $topic
  509. LIMIT 1", __FILE__, __LINE__);
  510. $row = mysql_fetch_assoc($request);
  511. mysql_free_result($request);
  512.  
  513. if (empty($row['ID_MEMBER']))
  514. {
  515. $context['name'] = htmlspecialchars($row['posterName']);
  516. $context['email'] = htmlspecialchars($row['posterEmail']);
  517. }
  518. }
  519. }
  520.  
  521. // No check is needed, since nothing is really posted.
  522. checkSubmitOnce('free');
  523. }
  524. // Editing a message...
  525. elseif (isset($_REQUEST['msg']))
  526. {
  527. checkSession('get');
  528.  
  529. // Get the existing message.
  530. $request = db_query("
  531. SELECT
  532. m.ID_MEMBER, m.modifiedTime, m.smileysEnabled, m.body,
  533. m.posterName, m.posterEmail, m.subject, m.icon,
  534. m.hiddenOption, m.hiddenValue,
  535. IFNULL(a.size, -1) AS filesize, a.filename, a.ID_ATTACH,
  536. t.ID_MEMBER_STARTED AS ID_MEMBER_POSTER, m.posterTime
  537. FROM ({$db_prefix}messages AS m, {$db_prefix}topics AS t)
  538. LEFT JOIN {$db_prefix}attachments AS a ON (a.ID_MSG = m.ID_MSG AND a.attachmentType = 0)
  539. WHERE m.ID_MSG = " . (int) $_REQUEST['msg'] . "
  540. AND m.ID_TOPIC = $topic
  541. AND t.ID_TOPIC = $topic", __FILE__, __LINE__);
  542. // The message they were trying to edit was most likely deleted.
  543. // !!! Change this error message?
  544. if (mysql_num_rows($request) == 0)
  545. fatal_lang_error('smf232', false);
  546. $row = mysql_fetch_assoc($request);
  547.  
  548. $attachment_stuff = array($row);
  549. while ($row2 = mysql_fetch_assoc($request))
  550. $attachment_stuff[] = $row2;
  551. mysql_free_result($request);
  552.  
  553. if ($row['ID_MEMBER'] == $ID_MEMBER && !allowedTo('modify_any'))
  554. {
  555. // Give an extra five minutes over the disable time threshold, so they can type.
  556. if (!empty($modSettings['edit_disable_time']) && $row['posterTime'] + ($modSettings['edit_disable_time'] + 5) * 60 < time())
  557. fatal_lang_error('modify_post_time_passed', false);
  558. elseif ($row['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_own'))
  559. isAllowedTo('modify_replies');
  560. else
  561. isAllowedTo('modify_own');
  562. }
  563. elseif ($row['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_any'))
  564. isAllowedTo('modify_replies');
  565. else
  566. isAllowedTo('modify_any');
  567.  
  568. // When was it last modified?
  569. if (!empty($row['modifiedTime']))
  570. $context['last_modified'] = timeformat($row['modifiedTime']);
  571.  
  572. // Get the stuff ready for the form.
  573. $form_subject = $row['subject'];
  574. $form_message = un_preparsecode($row['body']);
  575. censorText($form_message);
  576. censorText($form_subject);
  577.  
  578. // Check the boxes that should be checked.
  579. $context['hidden_option'] = $row['hiddenOption'];
  580. $context['hidden_value'] = $row['hiddenValue'];
  581.  
  582. $context['use_smileys'] = !empty($row['smileysEnabled']);
  583. $context['icon'] = $row['icon'];
  584.  
  585. // Load up 'em attachments!
  586. foreach ($attachment_stuff as $attachment)
  587. {
  588. if ($attachment['filesize'] >= 0 && !empty($modSettings['attachmentEnable']))
  589. $context['current_attachments'][] = array(
  590. 'name' => htmlspecialchars($attachment['filename']),
  591. 'id' => $attachment['ID_ATTACH']
  592. );
  593. }
  594.  
  595. // Allow moderators to change names....
  596. if (allowedTo('moderate_forum') && empty($row['ID_MEMBER']))
  597. {
  598. $context['name'] = htmlspecialchars($row['posterName']);
  599. $context['email'] = htmlspecialchars($row['posterEmail']);
  600. }
  601.  
  602. // Set the destinaton.
  603. $context['destination'] = 'post2;start=' . $_REQUEST['start'] . ';msg=' . $_REQUEST['msg'] . ';sesc=' . $sc . (isset($_REQUEST['poll']) ? ';poll' : '');
  604. $context['submit_label'] = $txt[10];
  605. }
  606. // Posting...
  607. else
  608. {
  609. // By default....
  610. $context['use_smileys'] = true;
  611. $context['icon'] = 'xx';
  612. $context['hidden_option'] = 0;
  613. $context['hidden_value'] = 0;
  614.  
  615.  
  616. if ($user_info['is_guest'])
  617. {
  618. $context['name'] = '';
  619. $context['email'] = '';
  620. }
  621. $context['destination'] = 'post2;start=' . $_REQUEST['start'] . (isset($_REQUEST['poll']) ? ';poll' : '');
  622.  
  623. $context['submit_label'] = $txt[105];
  624.  
  625. // Posting a quoted reply?
  626. if (!empty($topic) && !empty($_REQUEST['quote']))
  627. {
  628. checkSession('get');
  629.  
  630. // Make sure they _can_ quote this post, and if so get it.
  631. $request = db_query("
  632. SELECT m.subject, IFNULL(mem.realName, m.posterName) AS posterName, m.posterTime, m.body
  633. FROM ({$db_prefix}messages AS m, {$db_prefix}boards AS b)
  634. LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER = m.ID_MEMBER)
  635. WHERE m.ID_MSG = " . (int) $_REQUEST['quote'] . "
  636. AND b.ID_BOARD = m.ID_BOARD
  637. AND $user_info[query_see_board]
  638. LIMIT 1", __FILE__, __LINE__);
  639. if (mysql_num_rows($request) == 0)
  640. fatal_lang_error('quoted_post_deleted', false);
  641. list ($form_subject, $mname, $mdate, $form_message) = mysql_fetch_row($request);
  642. mysql_free_result($request);
  643.  
  644. // Add 'Re: ' to the front of the quoted subject.
  645. if (trim($context['response_prefix']) != '' && $func['strpos']($form_subject, trim($context['response_prefix'])) !== 0)
  646. $form_subject = $context['response_prefix'] . $form_subject;
  647.  
  648. // Censor the message and subject.
  649. censorText($form_message);
  650. censorText($form_subject);
  651.  
  652. //Remove Hidden content... i don't need a information for this...
  653. $form_message = preg_replace("~\[hide\](.+?)\[\/hide\]~i", "&nbsp;", $form_message);
  654. $form_message = preg_replace(array('~\n?\[hide.*?\].+?\[/hide\]\n?~is', '~^\n~', '~\[/hide\]~'), "&nbsp;", $form_message);
  655. $form_message = preg_replace('~<br(?: /)?' . '>~i', "\n", $form_message);
  656.  
  657. // Remove any nested quotes, if necessary.
  658. if (!empty($modSettings['removeNestedQuotes']))
  659. $form_message = preg_replace(array('~\n?\[quote.*?\].+?\[/quote\]\n?~is', '~^\n~', '~\[/quote\]~'), '', $form_message);
  660.  
  661. // Add a quote string on the front and end.
  662. $form_message = '[quote author=' . $mname . ' link=topic=' . $topic . '.msg' . (int) $_REQUEST['quote'] . '#msg' . (int) $_REQUEST['quote'] . ' date=' . $mdate . ']' . "\n" . $form_message . "\n" . '[/quote]';
  663. }
  664. // Posting a reply without a quote?
  665. elseif (!empty($topic) && empty($_REQUEST['quote']))
  666. {
  667. fatal_lang_error('noresponder', false);
  668.  
  669. // Get the first message's subject.
  670. $form_subject = $first_subject;
  671.  
  672. // Add 'Re: ' to the front of the subject.
  673. if (trim($context['response_prefix']) != '' && $form_subject != '' && $func['strpos']($form_subject, trim($context['response_prefix'])) !== 0)
  674. $form_subject = $context['response_prefix'] . $form_subject;
  675.  
  676. // Censor the subject.
  677. censorText($form_subject);
  678.  
  679. $form_message = '';
  680. }
  681. else
  682. {
  683. $form_subject = isset($_GET['subject']) ? $_GET['subject'] : '';
  684. $form_message = '';
  685. }
  686. }
  687.  
  688. // !!! This won't work if you're posting an event.
  689. if (allowedTo('post_attachment'))
  690. {
  691. if (empty($_SESSION['temp_attachments']))
  692. $_SESSION['temp_attachments'] = array();
  693.  
  694. // If this isn't a new post, check the current attachments.
  695. if (isset($_REQUEST['msg']))
  696. {
  697. $request = db_query("
  698. SELECT COUNT(*), SUM(size)
  699. FROM {$db_prefix}attachments
  700. WHERE ID_MSG = " . (int) $_REQUEST['msg'] . "
  701. AND attachmentType = 0", __FILE__, __LINE__);
  702. list ($quantity, $total_size) = mysql_fetch_row($request);
  703. mysql_free_result($request);
  704. }
  705. else
  706. {
  707. $quantity = 0;
  708. $total_size = 0;
  709. }
  710.  
  711. $temp_start = 0;
  712.  
  713. if (!empty($_SESSION['temp_attachments']))
  714. foreach ($_SESSION['temp_attachments'] as $attachID => $name)
  715. {
  716. $temp_start++;
  717.  
  718. if (preg_match('~^post_tmp_' . $ID_MEMBER . '_\d+$~', $attachID) == 0)
  719. {
  720. unset($_SESSION['temp_attachments'][$attachID]);
  721. continue;
  722. }
  723.  
  724. if (!empty($_POST['attach_del']) && !in_array($attachID, $_POST['attach_del']))
  725. {
  726. $deleted_attachments = true;
  727. unset($_SESSION['temp_attachments'][$attachID]);
  728. @unlink($modSettings['attachmentUploadDir'] . '/' . $attachID);
  729. continue;
  730. }
  731.  
  732. $quantity++;
  733. $total_size += filesize($modSettings['attachmentUploadDir'] . '/' . $attachID);
  734.  
  735. $context['current_attachments'][] = array(
  736. 'name' => $name,
  737. 'id' => $attachID
  738. );
  739. }
  740.  
  741. if (!empty($_POST['attach_del']))
  742. {
  743. $del_temp = array();
  744. foreach ($_POST['attach_del'] as $i => $dummy)
  745. $del_temp[$i] = (int) $dummy;
  746.  
  747. foreach ($context['current_attachments'] as $k => $dummy)
  748. if (!in_array($dummy['id'], $del_temp))
  749. {
  750. $context['current_attachments'][$k]['unchecked'] = true;
  751. $deleted_attachments = !isset($deleted_attachments) || is_bool($deleted_attachments) ? 1 : $deleted_attachments + 1;
  752. $quantity--;
  753. }
  754. }
  755.  
  756. if (!empty($_FILES['attachment']))
  757. foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy)
  758. {
  759. if ($_FILES['attachment']['name'][$n] == '')
  760. continue;
  761.  
  762. if (!is_uploaded_file($_FILES['attachment']['tmp_name'][$n]) || (@ini_get('open_basedir') == '' && !file_exists($_FILES['attachment']['tmp_name'][$n])))
  763. fatal_lang_error('smf124');
  764.  
  765. if (!empty($modSettings['attachmentSizeLimit']) && $_FILES['attachment']['size'][$n] > $modSettings['attachmentSizeLimit'] * 1024)
  766. fatal_lang_error('smf122', false, array($modSettings['attachmentSizeLimit']));
  767.  
  768. $quantity++;
  769. if (!empty($modSettings['attachmentNumPerPostLimit']) && $quantity > $modSettings['attachmentNumPerPostLimit'])
  770. fatal_lang_error('attachments_limit_per_post', false, array($modSettings['attachmentNumPerPostLimit']));
  771.  
  772. $total_size += $_FILES['attachment']['size'][$n];
  773. if (!empty($modSettings['attachmentPostLimit']) && $total_size > $modSettings['attachmentPostLimit'] * 1024)
  774. fatal_lang_error('smf122', false, array($modSettings['attachmentPostLimit']));
  775.  
  776. if (!empty($modSettings['attachmentCheckExtensions']))
  777. {
  778. if (!in_array(strtolower(substr(strrchr($_FILES['attachment']['name'][$n], '.'), 1)), explode(',', strtolower($modSettings['attachmentExtensions']))))
  779. fatal_error($_FILES['attachment']['name'][$n] . '.<br />' . $txt['smf123'] . ' ' . $modSettings['attachmentExtensions'] . '.', false);
  780. }
  781.  
  782. if (!empty($modSettings['attachmentDirSizeLimit']))
  783. {
  784. // Make sure the directory isn't full.
  785. $dirSize = 0;
  786. $dir = @opendir($modSettings['attachmentUploadDir']) or fatal_lang_error('smf115b');
  787. while ($file = readdir($dir))
  788. {
  789. if (substr($file, 0, -1) == '.')
  790. continue;
  791.  
  792. if (preg_match('~^post_tmp_\d+_\d+$~', $file) != 0)
  793. {
  794. // Temp file is more than 5 hours old!
  795. if (filemtime($modSettings['attachmentUploadDir'] . '/' . $file) < time() - 18000)
  796. @unlink($modSettings['attachmentUploadDir'] . '/' . $file);
  797. continue;
  798. }
  799.  
  800. $dirSize += filesize($modSettings['attachmentUploadDir'] . '/' . $file);
  801. }
  802. closedir($dir);
  803.  
  804. // Too big! Maybe you could zip it or something...
  805. if ($_FILES['attachment']['size'][$n] + $dirSize > $modSettings['attachmentDirSizeLimit'] * 1024)
  806. fatal_lang_error('smf126');
  807. }
  808.  
  809. if (!is_writable($modSettings['attachmentUploadDir']))
  810. fatal_lang_error('attachments_no_write');
  811.  
  812. $attachID = 'post_tmp_' . $ID_MEMBER . '_' . $temp_start++;
  813. $_SESSION['temp_attachments'][$attachID] = stripslashes(basename($_FILES['attachment']['name'][$n]));
  814. $context['current_attachments'][] = array(
  815. 'name' => basename(stripslashes($_FILES['attachment']['name'][$n])),
  816. 'id' => $attachID
  817. );
  818.  
  819. $destName = $modSettings['attachmentUploadDir'] . '/' . $attachID;
  820.  
  821. if (!move_uploaded_file($_FILES['attachment']['tmp_name'][$n], $destName))
  822. fatal_lang_error('smf124');
  823. @chmod($destName, 0644);
  824. }
  825. }
  826.  
  827. // If we are coming here to make a reply, and someone has already replied... make a special warning message.
  828. if (isset($newRepliesError))
  829. {
  830. $context['post_error']['messages'][] = $newRepliesError == 1 ? $txt['error_new_reply'] : $txt['error_new_replies'];
  831. $context['error_type'] = 'minor';
  832. }
  833.  
  834. if (isset($oldTopicError))
  835. {
  836. $context['post_error']['messages'][] = $txt['error_old_topic'];
  837. $context['error_type'] = 'minor';
  838. }
  839.  
  840. if (isset($_REQUEST['poll']))
  841. $context['page_title'] = 'Creando un nuevo Post';
  842. elseif ($context['make_event'])
  843. $context['page_title'] = 'Creando un nuevo Post';
  844. elseif (isset($_REQUEST['msg']))
  845. $context['page_title'] = 'Editar Post';
  846. elseif (isset($_REQUEST['subject'], $context['preview_subject']))
  847. $context['page_title'] = 'Creando un nuevo Post';
  848. elseif (empty($topic))
  849. $context['page_title'] = 'Creando un nuevo Post';
  850. else
  851. $context['page_title'] = 'Creando un nuevo Post';
  852.  
  853.  
  854. $context['num_allowed_attachments'] = min($modSettings['attachmentNumPerPostLimit'] - count($context['current_attachments']) + (isset($deleted_attachments) ? $deleted_attachments : 0), $modSettings['attachmentNumPerPostLimit']);
  855. $context['can_post_attachment'] = !empty($modSettings['attachmentEnable']) && $modSettings['attachmentEnable'] == 1 && allowedTo('post_attachment') && $context['num_allowed_attachments'] > 0;
  856.  
  857. $context['subject'] = addcslashes($form_subject, '"');
  858. $context['message'] = str_replace(array('"', '<', '>', ' '), array('&quot;', '&lt;', '&gt;', ' &nbsp;'), $form_message);
  859. $context['attached'] = '';
  860. $context['allowed_extensions'] = strtr($modSettings['attachmentExtensions'], array(',' => ', '));
  861. $context['make_poll'] = isset($_REQUEST['poll']);
  862.  
  863. //borradores
  864.  
  865.  
  866.  
  867. if (!$user_info['is_guest'])
  868. $user_info['id'] = $context['user']['id'];
  869.  
  870. if (isset($_REQUEST['draft']) && !isset($_REQUEST['msg'])) {
  871.  
  872. $draftID = (int) $_REQUEST['draft'];
  873. $draft_info = db_query("
  874. SELECT d.body, d.subject, d.boardID, d.topicID, d.isSticky, d.locked, d.smileysEnabled, d.icon, d.categoryID, d.blogTags, d.topicDescription" . (isset($modSettings['blogMode']) ? ", bc.name AS categoryName" : '') . "
  875. FROM {$db_prefix}drafts AS d " . (isset($modSettings['blogMode']) ? "
  876. LEFT JOIN {$db_prefix}blog_categories AS bc ON (bc.categoryID = d.categoryID) " : '') . "
  877. WHERE d.memberID = $user_info[id]
  878. AND d.draftID = $draftID
  879. LIMIT 1", __FILE__, __LINE__);
  880.  
  881. if (mysql_num_rows($draft_info) > 0)
  882. $draft_info = mysql_fetch_assoc($draft_info);
  883.  
  884. //Does this draft exist?
  885. $request=db_query("
  886. SELECT memberID FROM {$db_prefix}drafts
  887. WHERE draftID = $draftID
  888. LIMIT 1", __FILE__, __LINE__);
  889. $req=mysql_fetch_assoc($request);
  890.  
  891. if (!mysql_num_rows($request))
  892. {fatal_error($txt['draft_not_exist']);}
  893. // Check if it is the same user
  894. if ($req['memberID']!=$ID_MEMBER)
  895. {fatal_error($txt['no_access_draft']);}
  896.  
  897. mysql_free_result($request);
  898.  
  899.  
  900. //Fill the information to show
  901. $context['sticky'] = !empty($draft_info['isSticky']) ? '1' : '0';
  902. $context['locked'] = !empty($draft_info['locked']) ? '1' : '0';
  903. $context['description'] = !empty($draft_info['topicDescription']) ? $draft_info['topicDescription'] : '';
  904. $context['Tags'] = !empty($draft_info['blogTags']) ? $draft_info['blogTags'] : '';
  905. $context['categorias'] = !empty($draft_info['categoryID'])? $draft_info['categoryID'] : '';//!empty($draft_info['categoryID']) && !empty($draft_info['categoryName']) ? array('id' => $draft_info['categoryID'], 'name' => $draft_info['categoryName']) : '';
  906. $context['use_smileys'] = !empty($draft_info['smileysEnabled']) ? true : false;
  907. $context['icon'] = !empty($draft_info['icon']) ? $draft_info['icon'] : '';
  908.  
  909. if (!empty($modSettings['blogMode'])) {
  910. if (!empty($draft_info['categoryID'])) {
  911. $request = db_query("
  912. SELECT name
  913. FROM {$db_prefix}blog_categories
  914. WHERE categoryID = '$draft_info[categoryID]'
  915. LIMIT 1", __FILE__, __LINE__);
  916. $category_info = mysql_fetch_assoc($request);
  917. $context['current_blog_cat'] = array(
  918. 'id' => $draft_info['categoryID'],
  919. 'name' => $category_info['name'],
  920. );
  921. }
  922. }
  923. $context['message'] = !empty($draft_info['body']) ? un_preparsecode($draft_info['body']) : '';
  924. $context['subject'] = !empty($draft_info['subject']) ? un_preparsecode(stripslashes($draft_info['subject'])) : '';
  925. $board = !empty($draft_info['boardID']) ? $draft_info['boardID'] : '';
  926. $context['draft_id'] = $draftID;
  927.  
  928. }
  929.  
  930. if (!isset($_REQUEST['msg'])) {
  931.  
  932. // now load the list of drafts this user has
  933. $request = db_query("
  934. SELECT boardID, topicID, subject, draftID, timestamp
  935. FROM {$db_prefix}drafts
  936. WHERE memberID = $user_info[id]
  937. ORDER BY timestamp DESC", __FILE__, __LINE__);
  938.  
  939. if (mysql_num_rows($request) > 0) {
  940.  
  941. $context['drafts'] = array();
  942. // build the drafts array
  943. while ($row = mysql_fetch_assoc($request)) {
  944.  
  945. $row['subject'] = stripslashes($row['subject']);
  946.  
  947. $length = 30;
  948. if (strlen($row['subject']) > $length) {
  949. $row['subject'] = substr($row['subject'],0,$length);
  950. $row['subject'] = $row['subject'] . ' ';
  951. $row['subject'] = substr($row['subject'],0,strrpos($row['subject'],' '));
  952. $row['subject'] = $row['subject'] . '...';
  953. }
  954.  
  955. $topicString = !empty($row['topicID']) ? 'topic='. $row['topicID'] .'.0;' : '';
  956.  
  957. $context['drafts'][] = array(
  958. 'draftID' => $row['draftID'],
  959. 'boardID' => $row['boardID'],
  960. 'topicID' => !empty($row['topicID']) ? $row['topicID'] : '',
  961. 'subject' => $row['subject'],
  962. 'last_saved' => timeformat($row['timestamp']),
  963. 'link' => '<a href="/?action=post;board='. $row['boardID'] .';'. $topicString .'draft='. $row['draftID']. '">'. $row['subject'] .'</a>',
  964. 'delete_link' => '/?action=post;board='. $row['boardID'].';sesc='. $context['session_id'] .';deleteDraft='. $row['draftID'],
  965. );
  966.  
  967. }
  968. }
  969. }
  970. // are we deleting a draft?
  971. if (isset($_REQUEST['deleteDraft'])) {
  972.  
  973. // gotta check the session ID
  974. checkSession('get');
  975.  
  976. // sanitize the draft ID
  977. $draftID = (int) $_REQUEST['deleteDraft'];
  978.  
  979. //Does this draft exist?
  980. $request=db_query("
  981. SELECT memberID FROM {$db_prefix}drafts
  982. WHERE draftID = $draftID
  983. LIMIT 1", __FILE__, __LINE__);
  984. $req=mysql_fetch_assoc($request);
  985.  
  986. if (!mysql_num_rows($request))
  987. {fatal_error($txt['draft_not_exist']);}
  988.  
  989. // Check if it is the same user
  990. if ($req['memberID']!=$ID_MEMBER)
  991. {fatal_error($txt['no_drafts']);}
  992.  
  993. mysql_free_result($request);
  994.  
  995. // delete the draft from the draft table
  996. db_query("
  997. DELETE FROM {$db_prefix}drafts
  998. WHERE draftID = $draftID
  999. LIMIT 1", __FILE__, __LINE__);
  1000. // redirect to the index
  1001. fatal_error($txt['draft_deleted']);
  1002. }
  1003.  
  1004.  
  1005.  
  1006.  
  1007.  
  1008. // fin borradores
  1009.  
  1010.  
  1011.  
  1012.  
  1013.  
  1014.  
  1015. // Message icons - customized icons are off?
  1016. if (empty($modSettings['messageIcons_enable']))
  1017. {
  1018. $context['icons'] = array(
  1019. array('value' => 'xx', 'name' => $txt[281]),
  1020. array('value' => 'thumbup', 'name' => $txt[282]),
  1021. array('value' => 'thumbdown', 'name' => $txt[283]),
  1022. array('value' => 'exclamation', 'name' => $txt[284]),
  1023. array('value' => 'question', 'name' => $txt[285]),
  1024. array('value' => 'lamp', 'name' => $txt[286]),
  1025. array('value' => 'smiley', 'name' => $txt[287]),
  1026. array('value' => 'angry', 'name' => $txt[288]),
  1027. array('value' => 'cheesy', 'name' => $txt[289]),
  1028. array('value' => 'grin', 'name' => $txt[293]),
  1029. array('value' => 'sad', 'name' => $txt[291]),
  1030. array('value' => 'wink', 'name' => $txt[292])
  1031. );
  1032.  
  1033. foreach ($context['icons'] as $k => $dummy)
  1034. {
  1035. $context['icons'][$k]['url'] = $settings['images_url'] . '/post/' . $dummy['value'] . '.gif';
  1036. $context['icons'][$k]['is_last'] = false;
  1037. }
  1038.  
  1039. $context['icon_url'] = $settings['images_url'] . '/post/' . $context['icon'] . '.gif';
  1040. }
  1041. // Otherwise load the icons, and check we give the right image too...
  1042. else
  1043. {
  1044. // Regardless of what *should* exist, let's do this properly.
  1045. $stable_icons = array('xx', 'thumbup', 'thumbdown', 'exclamation', 'question', 'lamp', 'smiley', 'angry', 'cheesy', 'grin', 'sad', 'wink', 'moved', 'recycled', 'wireless');
  1046. $context['icon_sources'] = array();
  1047. foreach ($stable_icons as $icon)
  1048. $context['icon_sources'][$icon] = 'images_url';
  1049.  
  1050. // Array for all icons that need to revert to the default theme!
  1051. $context['javascript_icons'] = array();
  1052.  
  1053. if (($temp = cache_get_data('posting_icons-' . $board, 480)) == null)
  1054. {
  1055. $request = db_query("
  1056. SELECT title, filename
  1057. FROM {$db_prefix}message_icons
  1058. WHERE ID_BOARD IN (0, $board)", __FILE__, __LINE__);
  1059. $icon_data = array();
  1060. while ($row = mysql_fetch_assoc($request))
  1061. $icon_data[] = $row;
  1062. mysql_free_result($request);
  1063.  
  1064. cache_put_data('posting_icons-' . $board, $icon_data, 480);
  1065. }
  1066. else
  1067. $icon_data = $temp;
  1068.  
  1069. $context['icons'] = array();
  1070. foreach ($icon_data as $icon)
  1071. {
  1072. if (!isset($context['icon_sources'][$icon['filename']]))
  1073. $context['icon_sources'][$icon['filename']] = file_exists($settings['theme_dir'] . '/images/post/' . $icon['filename'] . '.gif') ? 'images_url' : 'default_images_url';
  1074.  
  1075. // If the icon exists only in the default theme, ensure the javascript popup respects this.
  1076. if ($context['icon_sources'][$icon['filename']] == 'default_images_url')
  1077. $context['javascript_icons'][] = $icon['filename'];
  1078.  
  1079. $context['icons'][] = array(
  1080. 'value' => $icon['filename'],
  1081. 'name' => $icon['title'],
  1082. 'url' => $settings[$context['icon_sources'][$icon['filename']]] . '/post/' . $icon['filename'] . '.gif',
  1083. 'is_last' => false,
  1084. );
  1085. }
  1086.  
  1087. $context['icon_url'] = $settings[isset($context['icon_sources'][$context['icon']]) ? $context['icon_sources'][$context['icon']] : 'images_url'] . '/post/' . $context['icon'] . '.gif';
  1088. }
  1089.  
  1090. if (!empty($context['icons']))
  1091. $context['icons'][count($context['icons']) - 1]['is_last'] = true;
  1092.  
  1093. $found = false;
  1094. for ($i = 0, $n = count($context['icons']); $i < $n; $i++)
  1095. {
  1096. $context['icons'][$i]['selected'] = $context['icon'] == $context['icons'][$i]['value'];
  1097. if ($context['icons'][$i]['selected'])
  1098. $found = true;
  1099. }
  1100. if (!$found)
  1101. array_unshift($context['icons'], array(
  1102. 'value' => $context['icon'],
  1103. 'name' => $txt['current_icon'],
  1104. 'url' => $context['icon_url'],
  1105. 'is_last' => empty($context['icons']),
  1106. 'selected' => true,
  1107. ));
  1108.  
  1109.  
  1110. $context['hidden_options'] = array(
  1111. array('value' => 0, 'name' => $txt['hide_select']),
  1112. array('value' => 1, 'name' => $txt['hide_login']),
  1113. );
  1114.  
  1115. $found = false;
  1116. for ($i = 0, $n = count($context['hidden_options']); $i < $n; $i++)
  1117. {
  1118. $context['hidden_options'][$i]['selected'] = $context['hidden_option'] == $context['hidden_options'][$i]['value'];
  1119. if ($context['icons'][$i]['selected'])
  1120. $found = true;
  1121. }
  1122. if (!empty($topic))
  1123. getTopic();
  1124.  
  1125. $context['back_to_topic'] = isset($_REQUEST['goback']) || (isset($_REQUEST['msg']) && !isset($_REQUEST['subject']));
  1126. $context['show_additional_options'] = !empty($_POST['additional_options']) || !empty($_SESSION['temp_attachments']) || !empty($deleted_attachments);
  1127.  
  1128. $context['is_new_topic'] = empty($topic);
  1129. $context['is_new_post'] = !isset($_REQUEST['msg']);
  1130. $context['is_first_post'] = $context['is_new_topic'] || (isset($_REQUEST['msg']) && $_REQUEST['msg'] == $ID_FIRST_MSG);
  1131.  
  1132. checkSubmitOnce('register');
  1133.  
  1134. if (WIRELESS)
  1135. $context['sub_template'] = WIRELESS_PROTOCOL . '_post';
  1136. elseif (!isset($_REQUEST['xml']))
  1137. loadTemplate('Post');
  1138. }
  1139.  
  1140. function Post2()
  1141. {
  1142. global $board, $topic, $txt, $db_prefix, $modSettings, $sourcedir, $context, $scripturl;
  1143. global $ID_MEMBER, $user_info, $board_info, $options, $func;
  1144.  
  1145. if (isset($_REQUEST['preview']))
  1146. return Post();
  1147.  
  1148. $request = db_query("
  1149. SELECT dateRegistered
  1150. FROM {$db_prefix}members AS m
  1151. WHERE m.ID_MEMBER = $ID_MEMBER ", __FILE__, __LINE__);
  1152.  
  1153. while ($row = mysql_fetch_assoc($request))
  1154. {
  1155. $context['datereg'] = $row['dateRegistered'];
  1156. }
  1157.  
  1158. $time=time();
  1159. $min_time_publica=60*60*6;
  1160. $fecharegistro=date('d/m/Y \a \l\a\s h:i ',$context['datereg']);
  1161.  
  1162. if($time-$context['datereg']<$min_time_publica)
  1163. { fatal_error('Para publicar un post debes esperar 6 horas desde la hora de registro. Te has registrado el '.$fecharegistro.' GMT +0'); }
  1164.  
  1165.  
  1166.  
  1167. checkSubmitOnce('check');
  1168.  
  1169. // No errors as yet.
  1170. $post_errors = array();
  1171.  
  1172. // If the session has timed out, let the user re-submit their form.
  1173. //if (checkSession('post', '', false) != '')
  1174. // $post_errors[] = 'session_timeout';
  1175.  
  1176. require_once($sourcedir . '/Subs-Post.php');
  1177. loadLanguage('Post');
  1178.  
  1179. // Replying to a topic?
  1180. if (!empty($topic) && !isset($_REQUEST['msg']))
  1181. {
  1182. $request = db_query("
  1183. SELECT t.locked, t.isSticky, t.ID_POLL, t.numReplies, m.ID_MEMBER
  1184. FROM ({$db_prefix}topics AS t, {$db_prefix}messages AS m)
  1185. WHERE t.ID_TOPIC = $topic
  1186. AND m.ID_MSG = t.ID_FIRST_MSG
  1187. LIMIT 1", __FILE__, __LINE__);
  1188. list ($tmplocked, $tmpstickied, $pollID, $numReplies, $ID_MEMBER_POSTER) = mysql_fetch_row($request);
  1189. mysql_free_result($request);
  1190.  
  1191. // Don't allow a post if it's locked.
  1192. if ($tmplocked != 0 && !allowedTo('moderate_board'))
  1193. fatal_lang_error(90, false);
  1194.  
  1195. // Sorry, multiple polls aren't allowed... yet. You should stop giving me ideas :P.
  1196. if (isset($_REQUEST['poll']) && $pollID > 0)
  1197. unset($_REQUEST['poll']);
  1198.  
  1199. if ($ID_MEMBER_POSTER != $ID_MEMBER)
  1200. isAllowedTo('post_reply_any');
  1201. elseif (!allowedTo('post_reply_any'))
  1202. isAllowedTo('post_reply_own');
  1203.  
  1204. if (isset($_POST['lock']))
  1205. {
  1206. // Nothing is changed to the lock.
  1207. if ((empty($tmplocked) && empty($_POST['lock'])) || (!empty($_POST['lock']) && !empty($tmplocked)))
  1208. unset($_POST['lock']);
  1209. // You're have no permission to lock this topic.
  1210. elseif (!allowedTo(array('lock_any', 'lock_own')) || (!allowedTo('lock_any') && $ID_MEMBER != $ID_MEMBER_POSTER))
  1211. unset($_POST['lock']);
  1212. // You are allowed to (un)lock your own topic only.
  1213. elseif (!allowedTo('lock_any'))
  1214. {
  1215. // You cannot override a moderator lock.
  1216. if ($tmplocked == 1)
  1217. unset($_POST['lock']);
  1218. else
  1219. $_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
  1220. }
  1221. // Hail mighty moderator, (un)lock this topic immediately.
  1222. else
  1223. $_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
  1224. }
  1225.  
  1226. // So you wanna (un)sticky this...let's see.
  1227. if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || $_POST['sticky'] == $tmpstickied || !allowedTo('make_sticky')))
  1228. unset($_POST['sticky']);
  1229.  
  1230. if (isset($_POST['hiddenOption']) && !((allowedTo('hide_post_any') || ($ID_MEMBER == $ID_MEMBER_POSTER && allowedTo('hide_post_own'))) && !empty($modSettings['allow_hiddenPost'])))
  1231. unset($_POST['hiddenOption']);
  1232. // If the number of replies has changed, if the setting is enabled, go back to Post() - which handles the error.
  1233. $newReplies = isset($_POST['num_replies']) && $numReplies > $_POST['num_replies'] ? $numReplies - $_POST['num_replies'] : 0;
  1234. if (empty($options['no_new_reply_warning']) && !empty($newReplies))
  1235. {
  1236. $_REQUEST['preview'] = true;
  1237. return Post();
  1238. }
  1239.  
  1240. $posterIsGuest = $user_info['is_guest'];
  1241. }
  1242.  
  1243. // Posting a new topic.
  1244. elseif (empty($topic))
  1245. {
  1246. if (!isset($_REQUEST['poll']) || $modSettings['pollMode'] != '1')
  1247. isAllowedTo('post_new');
  1248.  
  1249. if (isset($_POST['lock']))
  1250. {
  1251. // New topics are by default not locked.
  1252. if (empty($_POST['lock']))
  1253. unset($_POST['lock']);
  1254. // Besides, you need permission.
  1255. elseif (!allowedTo(array('lock_any', 'lock_own')))
  1256. unset($_POST['lock']);
  1257. // A moderator-lock (1) can override a user-lock (2).
  1258. else
  1259. $_POST['lock'] = allowedTo('lock_any') ? 1 : 2;
  1260. }
  1261.  
  1262. if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || empty($_POST['sticky']) || !allowedTo('make_sticky')))
  1263. unset($_POST['sticky']);
  1264.  
  1265. $posterIsGuest = $user_info['is_guest'];
  1266. }
  1267.  
  1268. // Modifying an existing message?
  1269. elseif (isset($_REQUEST['msg']) && !empty($topic))
  1270. {
  1271. $_REQUEST['msg'] = (int) $_REQUEST['msg'];
  1272. /*Denuncias*/
  1273. if(allowedTo('moderate_forum')){
  1274. $request = db_query("
  1275. SELECT d.id_denuncia, d.id_post, d.tipo, m.ID_TOPIC, m.reciclaje, m.denuncias
  1276. FROM {$db_prefix}denuncias AS d
  1277. LEFT JOIN {$db_prefix}messages AS m ON (m.ID_TOPIC = d.id_post)
  1278. WHERE d.id_post = $topic AND d.tipo = 1
  1279. LIMIT 1", __FILE__, __LINE__);
  1280. $posts = mysql_fetch_array($request);
  1281. $id_denuncia = $posts['id_denuncia'];
  1282. $denuncias = $posts['denuncias'];
  1283. mysql_free_result($request);
  1284.  
  1285. if($id_denuncia){
  1286.  
  1287. $fecha = time();
  1288. $nombre = $context['user']['name'];
  1289. $id_member = $context['user']['id'];
  1290. $comentario = "Edito el Post";
  1291.  
  1292. db_query("
  1293. UPDATE {$db_prefix}denuncias
  1294. SET estado = '3', observacion = observacion + 1
  1295. WHERE id_denuncia = $id_denuncia
  1296. LIMIT 1", __FILE__, __LINE__);
  1297.  
  1298. db_query("INSERT INTO {$db_prefix}denuncias_observaciones
  1299. (id_den, id_mod, fecha, nombre, observacion)
  1300. VALUES
  1301. ('$id_denuncia', '$id_member', '$fecha', '$nombre', '$comentario')", __FILE__, __LINE__);
  1302. }
  1303. }
  1304. $request = db_query("
  1305. SELECT
  1306. m.ID_MEMBER, m.posterName, m.posterEmail, m.posterTime,
  1307. t.ID_FIRST_MSG, t.locked, t.isSticky, t.ID_MEMBER_STARTED AS ID_MEMBER_POSTER
  1308. FROM ({$db_prefix}messages AS m, {$db_prefix}topics AS t)
  1309. WHERE m.ID_MSG = $_REQUEST[msg]
  1310. AND t.ID_TOPIC = $topic
  1311. LIMIT 1", __FILE__, __LINE__);
  1312. if (mysql_num_rows($request) == 0)
  1313. fatal_lang_error('smf272', false);
  1314. $row = mysql_fetch_assoc($request);
  1315. mysql_free_result($request);
  1316.  
  1317. if (!empty($row['locked']) && !allowedTo('moderate_board'))
  1318. fatal_lang_error(90, false);
  1319.  
  1320. if (isset($_POST['lock']))
  1321. {
  1322. // Nothing changes to the lock status.
  1323. if ((empty($_POST['lock']) && empty($row['locked'])) || (!empty($_POST['lock']) && !empty($row['locked'])))
  1324. unset($_POST['lock']);
  1325. // You're simply not allowed to (un)lock this.
  1326. elseif (!allowedTo(array('lock_any', 'lock_own')) || (!allowedTo('lock_any') && $ID_MEMBER != $row['ID_MEMBER_POSTER']))
  1327. unset($_POST['lock']);
  1328. // You're only allowed to lock your own topics.
  1329. elseif (!allowedTo('lock_any'))
  1330. {
  1331. // You're not allowed to break a moderator's lock.
  1332. if ($row['locked'] == 1)
  1333. unset($_POST['lock']);
  1334. // Lock it with a soft lock or unlock it.
  1335. else
  1336. $_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
  1337. }
  1338. // You must be the moderator.
  1339. else
  1340. $_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
  1341. }
  1342.  
  1343. // Change the sticky status of this topic?
  1344. if (isset($_POST['sticky']) && (!allowedTo('make_sticky') || $_POST['sticky'] == $row['isSticky']))
  1345. unset($_POST['sticky']);
  1346.  
  1347. if ($row['ID_MEMBER'] == $ID_MEMBER && !allowedTo('modify_any'))
  1348. {
  1349. if (!empty($modSettings['edit_disable_time']) && $row['posterTime'] + ($modSettings['edit_disable_time'] + 5) * 60 < time())
  1350. fatal_lang_error('modify_post_time_passed', false);
  1351. elseif ($row['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_own'))
  1352. isAllowedTo('modify_replies');
  1353. else
  1354. isAllowedTo('modify_own');
  1355. }
  1356. elseif ($row['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_any'))
  1357. {
  1358. isAllowedTo('modify_replies');
  1359.  
  1360. // If you're modifying a reply, I say it better be logged...
  1361. $moderationAction = true;
  1362. }
  1363. else
  1364. {
  1365. isAllowedTo('modify_any');
  1366.  
  1367. // Log it, assuming you're not modifying your own post.
  1368. if ($row['ID_MEMBER'] != $ID_MEMBER)
  1369. $moderationAction = true;
  1370. }
  1371.  
  1372. $posterIsGuest = empty($row['ID_MEMBER']);
  1373.  
  1374. if (!allowedTo('moderate_forum') || !$posterIsGuest)
  1375. {
  1376. $_POST['guestname'] = addslashes($row['posterName']);
  1377. $_POST['email'] = addslashes($row['posterEmail']);
  1378. }
  1379. }
  1380.  
  1381. // If the poster is a guest evaluate the legality of name and email.
  1382. if ($posterIsGuest)
  1383. {
  1384. $_POST['guestname'] = !isset($_POST['guestname']) ? '' : trim($_POST['guestname']);
  1385. $_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']);
  1386.  
  1387. if ($_POST['guestname'] == '' || $_POST['guestname'] == '_')
  1388. $post_errors[] = 'no_name';
  1389. if ($func['strlen']($_POST['guestname']) > 25)
  1390. $post_errors[] = 'long_name';
  1391.  
  1392. if (empty($modSettings['guest_post_no_email']))
  1393. {
  1394. // Only check if they changed it!
  1395. if (!isset($row) || $row['posterEmail'] != $_POST['email'])
  1396. {
  1397. if (!allowedTo('moderate_forum') && (!isset($_POST['email']) || $_POST['email'] == ''))
  1398. $post_errors[] = 'no_email';
  1399. if (!allowedTo('moderate_forum') && preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', stripslashes($_POST['email'])) == 0)
  1400. $post_errors[] = 'bad_email';
  1401. }
  1402.  
  1403. // Now make sure this email address is not banned from posting.
  1404. isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt[28]));
  1405. }
  1406. }
  1407. // Check the subject and message.
  1408. if (!empty($modSettings['minWordLen']) && ((int)$modSettings['minWordLen'] != 0))
  1409. {
  1410. $Temp = trim(preg_replace('~[^a-z0-9 ]~si', '', $_POST['message']));
  1411. $Temp = preg_replace('~(( )+)~si', ' ', $Temp);
  1412. $WordArr = explode(' ', $Temp);
  1413. if (count($WordArr) < (int)$modSettings['minWordLen'])
  1414. $post_errors[] = 'minWordLen';
  1415. }
  1416.  
  1417. if (!empty($modSettings['minChar']) && ((int)$modSettings['minChar'] != 0))
  1418. {
  1419. if (strlen($_POST['message']) < (int)$modSettings['minChar'])
  1420. $post_errors[] = 'minChar';
  1421. }
  1422. if (!isset($_POST['subject']) || $func['htmltrim']($_POST['subject']) === '')
  1423. $post_errors[] = 'no_subject';
  1424. if (!isset($_POST['message']) || $func['htmltrim']($_POST['message']) === '')
  1425. $post_errors[] = 'no_message';
  1426. elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_POST['message']) > $modSettings['max_messageLength'])
  1427. $post_errors[] = 'long_message';
  1428. else
  1429. {
  1430. // Prepare the message a bit for some additional testing.
  1431. $_POST['message'] = $func['htmlspecialchars']($_POST['message'], ENT_QUOTES);
  1432.  
  1433. // Preparse code. (Zef)
  1434. if ($user_info['is_guest'])
  1435. $user_info['name'] = $_POST['guestname'];
  1436. preparsecode($_POST['message']);
  1437.  
  1438. // Let's see if there's still some content left without the tags.
  1439. if ($func['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '')
  1440. $post_errors[] = 'no_message';
  1441. }
  1442.  
  1443. if (isset($_POST['calendar']) && !isset($_REQUEST['deleteevent']) && $func['htmltrim']($_POST['evtitle']) === '')
  1444. $post_errors[] = 'no_event';
  1445. // You are not!
  1446. if (isset($_POST['message']) && strtolower($_POST['message']) == 'i am the administrator.' && !$user_info['is_admin'])
  1447. fatal_error('Knave! Masquerader! Charlatan!', false);
  1448.  
  1449. // Validate the poll...
  1450. if (isset($_REQUEST['poll']) && $modSettings['pollMode'] == '1')
  1451. {
  1452. if (!empty($topic) && !isset($_REQUEST['msg']))
  1453. fatal_lang_error(1, false);
  1454.  
  1455. // This is a new topic... so it's a new poll.
  1456. if (empty($topic))
  1457. isAllowedTo('poll_post');
  1458. // Can you add to your own topics?
  1459. elseif ($ID_MEMBER == $row['ID_MEMBER_POSTER'] && !allowedTo('poll_add_any'))
  1460. isAllowedTo('poll_add_own');
  1461. // Can you add polls to any topic, then?
  1462. else
  1463. isAllowedTo('poll_add_any');
  1464.  
  1465. if (!isset($_POST['question']) || trim($_POST['question']) == '')
  1466. $post_errors[] = 'no_question';
  1467.  
  1468. $_POST['options'] = empty($_POST['options']) ? array() : htmltrim__recursive($_POST['options']);
  1469.  
  1470. // Get rid of empty ones.
  1471. foreach ($_POST['options'] as $k => $option)
  1472. if ($option == '')
  1473. unset($_POST['options'][$k], $_POST['options'][$k]);
  1474.  
  1475. // What are you going to vote between with one choice?!?
  1476. if (count($_POST['options']) < 2)
  1477. $post_errors[] = 'poll_few';
  1478. }
  1479.  
  1480. if ($posterIsGuest)
  1481. {
  1482. // If user is a guest, make sure the chosen name isn't taken.
  1483. require_once($sourcedir . '/Subs-Members.php');
  1484. if (isReservedName($_POST['guestname'], 0, true, false) && (!isset($row['posterName']) || $_POST['guestname'] != $row['posterName']))
  1485. $post_errors[] = 'bad_name';
  1486. }
  1487. // If the user isn't a guest, get his or her name and email.
  1488. elseif (!isset($_REQUEST['msg']))
  1489. {
  1490. $_POST['guestname'] = addslashes($user_info['username']);
  1491. $_POST['email'] = addslashes($user_info['email']);
  1492. }
  1493.  
  1494. // Any mistakes?
  1495. if (!empty($post_errors))
  1496. {
  1497. loadLanguage('Errors');
  1498. // Previewing.
  1499. $_REQUEST['preview'] = true;
  1500.  
  1501. $context['post_error'] = array('messages' => array());
  1502. foreach ($post_errors as $post_error)
  1503. {
  1504. $context['post_error'][$post_error] = true;
  1505. $context['post_error']['messages'][] = $txt['error_' . $post_error];
  1506. }
  1507.  
  1508. return Post();
  1509. }
  1510.  
  1511. // Make sure the user isn't spamming the board.
  1512. if (!isset($_REQUEST['msg']))
  1513. spamProtection('spam');
  1514.  
  1515. // At about this point, we're posting and that's that.
  1516. ignore_user_abort(true);
  1517. @set_time_limit(300);
  1518.  
  1519. // Add special html entities to the subject, name, and email.
  1520. $_POST['subject'] = strtr($func['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
  1521. $_POST['guestname'] = htmlspecialchars($_POST['guestname']);
  1522. $_POST['email'] = htmlspecialchars($_POST['email']);
  1523.  
  1524. // At this point, we want to make sure the subject isn't too long.
  1525. if ($func['strlen']($_POST['subject']) > 100)
  1526. $_POST['subject'] = addslashes($func['substr'](stripslashes($_POST['subject']), 0, 100));
  1527.  
  1528. // Make the poll...
  1529. if (isset($_REQUEST['poll']))
  1530. {
  1531. // Make sure that the user has not entered a ridiculous number of options..
  1532. if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0)
  1533. $_POST['poll_max_votes'] = 1;
  1534. elseif ($_POST['poll_max_votes'] > count($_POST['options']))
  1535. $_POST['poll_max_votes'] = count($_POST['options']);
  1536. else
  1537. $_POST['poll_max_votes'] = (int) $_POST['poll_max_votes'];
  1538.  
  1539. // Just set it to zero if it's not there..
  1540. if (!isset($_POST['poll_hide']))
  1541. $_POST['poll_hide'] = 0;
  1542. else
  1543. $_POST['poll_hide'] = (int) $_POST['poll_hide'];
  1544. $_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0;
  1545.  
  1546. // If the user tries to set the poll too far in advance, don't let them.
  1547. if (!empty($_POST['poll_expire']) && $_POST['poll_expire'] < 1)
  1548. fatal_lang_error('poll_range_error', false);
  1549. // Don't allow them to select option 2 for hidden results if it's not time limited.
  1550. elseif (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2)
  1551. $_POST['poll_hide'] = 1;
  1552.  
  1553. // Clean up the question and answers.
  1554. $_POST['question'] = $func['htmlspecialchars']($_POST['question']);
  1555. $_POST['options'] = htmlspecialchars__recursive($_POST['options']);
  1556. }
  1557.  
  1558. // Check if they are trying to delete any current attachments....
  1559. if (isset($_REQUEST['msg'], $_POST['attach_del']) && allowedTo('post_attachment'))
  1560. {
  1561. $del_temp = array();
  1562. foreach ($_POST['attach_del'] as $i => $dummy)
  1563. $del_temp[$i] = (int) $dummy;
  1564.  
  1565. require_once($sourcedir . '/ManageAttachments.php');
  1566. removeAttachments('a.attachmentType = 0 AND a.ID_MSG = ' . (int) $_REQUEST['msg'] . ' AND a.ID_ATTACH NOT IN (' . implode(', ', $del_temp) . ')');
  1567. }
  1568.  
  1569. // ...or attach a new file...
  1570. if (isset($_FILES['attachment']['name']) || !empty($_SESSION['temp_attachments']))
  1571. {
  1572. isAllowedTo('post_attachment');
  1573.  
  1574. // If this isn't a new post, check the current attachments.
  1575. if (isset($_REQUEST['msg']))
  1576. {
  1577. $request = db_query("
  1578. SELECT COUNT(*), SUM(size)
  1579. FROM {$db_prefix}attachments
  1580. WHERE ID_MSG = " . (int) $_REQUEST['msg'] . "
  1581. AND attachmentType = 0", __FILE__, __LINE__);
  1582. list ($quantity, $total_size) = mysql_fetch_row($request);
  1583. mysql_free_result($request);
  1584. }
  1585. else
  1586. {
  1587. $quantity = 0;
  1588. $total_size = 0;
  1589. }
  1590.  
  1591. if (!empty($_SESSION['temp_attachments']))
  1592. foreach ($_SESSION['temp_attachments'] as $attachID => $name)
  1593. {
  1594. if (preg_match('~^post_tmp_' . $ID_MEMBER . '_\d+$~', $attachID) == 0)
  1595. continue;
  1596.  
  1597. if (!empty($_POST['attach_del']) && !in_array($attachID, $_POST['attach_del']))
  1598. {
  1599. unset($_SESSION['temp_attachments'][$attachID]);
  1600. @unlink($modSettings['attachmentUploadDir'] . '/' . $attachID);
  1601. continue;
  1602. }
  1603.  
  1604. $_FILES['attachment']['tmp_name'][] = $attachID;
  1605. $_FILES['attachment']['name'][] = addslashes($name);
  1606. $_FILES['attachment']['size'][] = filesize($modSettings['attachmentUploadDir'] . '/' . $attachID);
  1607. list ($_FILES['attachment']['width'][], $_FILES['attachment']['height'][]) = @getimagesize($modSettings['attachmentUploadDir'] . '/' . $attachID);
  1608.  
  1609. unset($_SESSION['temp_attachments'][$attachID]);
  1610. }
  1611.  
  1612. if (!isset($_FILES['attachment']['name']))
  1613. $_FILES['attachment']['tmp_name'] = array();
  1614.  
  1615. $attachIDs = array();
  1616. foreach ($_FILES['attachment']['tmp_name'] as $n => $dummy)
  1617. {
  1618. if ($_FILES['attachment']['name'][$n] == '')
  1619. continue;
  1620.  
  1621. // Have we reached the maximum number of files we are allowed?
  1622. $quantity++;
  1623. if (!empty($modSettings['attachmentNumPerPostLimit']) && $quantity > $modSettings['attachmentNumPerPostLimit'])
  1624. fatal_lang_error('attachments_limit_per_post', false, array($modSettings['attachmentNumPerPostLimit']));
  1625.  
  1626. // Check the total upload size for this post...
  1627. $total_size += $_FILES['attachment']['size'][$n];
  1628. if (!empty($modSettings['attachmentPostLimit']) && $total_size > $modSettings['attachmentPostLimit'] * 1024)
  1629. fatal_lang_error('smf122', false, array($modSettings['attachmentPostLimit']));
  1630.  
  1631. $attachmentOptions = array(
  1632. 'post' => isset($_REQUEST['msg']) ? $_REQUEST['msg'] : 0,
  1633. 'poster' => $ID_MEMBER,
  1634. 'name' => $_FILES['attachment']['name'][$n],
  1635. 'tmp_name' => $_FILES['attachment']['tmp_name'][$n],
  1636. 'size' => $_FILES['attachment']['size'][$n],
  1637. );
  1638.  
  1639. if (createAttachment($attachmentOptions))
  1640. {
  1641. $attachIDs[] = $attachmentOptions['id'];
  1642. if (!empty($attachmentOptions['thumb']))
  1643. $attachIDs[] = $attachmentOptions['thumb'];
  1644. }
  1645. else
  1646. {
  1647. if (in_array('could_not_upload', $attachmentOptions['errors']))
  1648. fatal_lang_error('smf124');
  1649. if (in_array('too_large', $attachmentOptions['errors']))
  1650. fatal_lang_error('smf122', false, array($modSettings['attachmentSizeLimit']));
  1651. if (in_array('bad_extension', $attachmentOptions['errors']))
  1652. fatal_error($attachmentOptions['name'] . '.<br />' . $txt['smf123'] . ' ' . $modSettings['attachmentExtensions'] . '.', false);
  1653. if (in_array('directory_full', $attachmentOptions['errors']))
  1654. fatal_lang_error('smf126');
  1655. if (in_array('bad_filename', $attachmentOptions['errors']))
  1656. fatal_error(basename($attachmentOptions['name']) . '.<br />' . $txt['smf130b'] . '.');
  1657. if (in_array('taken_filename', $attachmentOptions['errors']))
  1658. fatal_lang_error('smf125');
  1659. }
  1660. }
  1661. }
  1662.  
  1663. // Make the poll...
  1664. if (isset($_REQUEST['poll']))
  1665. {
  1666. // Create the poll.
  1667. db_query("
  1668. INSERT INTO {$db_prefix}polls
  1669. (question, hideResults, maxVotes, expireTime, ID_MEMBER, posterName, changeVote)
  1670. VALUES (SUBSTRING('$_POST[question]', 1, 255), $_POST[poll_hide], $_POST[poll_max_votes],
  1671. " . (empty($_POST['poll_expire']) ? '0' : time() + $_POST['poll_expire'] * 3600 * 24) . ", $ID_MEMBER, SUBSTRING('$_POST[guestname]', 1, 255), $_POST[poll_change_vote])", __FILE__, __LINE__);
  1672. $ID_POLL = db_insert_id();
  1673.  
  1674. // Create each answer choice.
  1675. $i = 0;
  1676. $setString = '';
  1677. foreach ($_POST['options'] as $option)
  1678. {
  1679. $setString .= "
  1680. ($ID_POLL, $i, SUBSTRING('$option', 1, 255)),";
  1681. $i++;
  1682. }
  1683.  
  1684. db_query("
  1685. INSERT INTO {$db_prefix}poll_choices
  1686. (ID_POLL, ID_CHOICE, label)
  1687. VALUES" . substr($setString, 0, -1), __FILE__, __LINE__);
  1688. }
  1689. else
  1690. $ID_POLL = 0;
  1691.  
  1692. // Creating a new topic?
  1693. $newTopic = empty($_REQUEST['msg']) && empty($topic);
  1694.  
  1695. function centrar_post($msg)
  1696. {
  1697. $msg = str_replace ('[center]','',$msg);
  1698. $msg = str_replace ('[/center]','',$msg);
  1699. $msg = str_replace ('[/CENTER]','',$msg);
  1700. $msg = str_replace ('[CENTER]','',$msg);
  1701. $msg = str_replace ('[LEFT]','',$msg);
  1702. $msg = str_replace ('[/LEFT]','',$msg);
  1703. $msg = str_replace ('[left]','',$msg);
  1704. $msg = str_replace ('[left]','',$msg);
  1705. $msg = str_replace ('[RIGHT]','',$msg);
  1706. $msg = str_replace ('[/RIGHT]','',$msg);
  1707. $msg = str_replace ('[right]','',$msg);
  1708. $msg = str_replace ('[right]','',$msg);
  1709. $msg = '[CENTER]'.$msg.'[/CENTER]';
  1710.  
  1711. return $msg;
  1712. }
  1713.  
  1714.  
  1715. // Collect all parameters for the creation or modification of a post.
  1716. $msgOptions = array(
  1717. 'id' => empty($_REQUEST['msg']) ? 0 : (int) $_REQUEST['msg'],
  1718. 'subject' => $_POST['subject'],
  1719. 'body' => $_POST['centrar_post']==1? centrar_post($_POST['message']):$_POST['message'],
  1720. 'icon' => preg_replace('~[\./\\\\*\':"<>]~', '', $_POST['icon']),
  1721. 'smileys_enabled' => !isset($_POST['ns']),
  1722. 'attachments' => empty($attachIDs) ? array() : $attachIDs,
  1723. // 'hiddenOption' => (empty($_POST['hiddenOption']) ? 0 : $_POST['hiddenOption']),
  1724. 'hiddenOption' => isset($_POST['hiddenOption']) ? (int) $_POST['hiddenOption'] : null,
  1725. 'hiddenValue' => isset($_POST['hiddenValue']) ? (int) $_POST['hiddenValue'] : null ,
  1726. );
  1727. $topicOptions = array(
  1728. 'id' => empty($topic) ? 0 : $topic,
  1729. 'board' => $board,
  1730. 'poll' => isset($_REQUEST['poll']) ? $ID_POLL : null,
  1731. 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null,
  1732. 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null,
  1733. 'mark_as_read' => true,
  1734. );
  1735. $posterOptions = array(
  1736. 'id' => $ID_MEMBER,
  1737. 'name' => $_POST['guestname'],
  1738. 'email' => $_POST['email'],
  1739. 'update_post_count' => !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count'],
  1740. );
  1741.  
  1742. //mas codigo borradores
  1743.  
  1744. //I*Draft
  1745. // let's see if this user is the draft's author
  1746. if (isset($_POST['draftID']) && !isset($_REQUEST['msg'])) {
  1747.  
  1748. // sanitize the post variable
  1749. $draftID = (int) $_POST['draftID'];
  1750.  
  1751. $request = db_query("
  1752. SELECT draftID
  1753. FROM {$db_prefix}drafts
  1754. WHERE memberID = $ID_MEMBER
  1755. AND draftID = $draftID
  1756. LIMIT 1", __FILE__, __LINE__);
  1757.  
  1758. $context['is_draft_author'] = (mysql_num_rows($request) > 0) ? true : false;
  1759.  
  1760. mysql_free_result($request);
  1761. }
  1762.  
  1763. // maybe we are trying to save this as a draft?
  1764. if (!empty($_POST['isdraft']) && !isset($_REQUEST['msg'])) {
  1765.  
  1766. // sanitize and prepare for entry into the database
  1767.  
  1768. $bodyText = $msgOptions['body'];
  1769. $subject = $msgOptions['subject'];
  1770. $topicDescription = !empty($msgOptions['description']) ? addslashes($func['htmlspecialchars']($msgOptions['description'], ENT_QUOTES)) : '';
  1771. $topicID = !empty($_REQUEST['topic']) ? (int) $_REQUEST['topic'] : '';
  1772. $categoryID = !empty($_POST['categorias']) ? (int) $_POST['categorias'] : ''; //Renombrado 'category' por 'categoria'
  1773. if (!empty($_POST['tags'])) {
  1774. // removes characters that aren't letters, numbers, commas, or spaces
  1775. $new_blogTags = ereg_replace("[^A-Za-z0-9, ]", "", $_POST['tags']);
  1776. // now we want to trim white space from around all the tags individually
  1777. // this gets rid of blank tags as well (even excess commas are handled)
  1778. $exploded_blogTags = explode(',', $new_blogTags);
  1779. $trimmed = array();
  1780. if (!empty($exploded_blogTags))
  1781. foreach ($exploded_blogTags as $untrimmed)
  1782. if (trim($untrimmed) != '')
  1783. $trimmed[] = trim($untrimmed);
  1784. // implode again
  1785. $blogTags = implode(',', $trimmed);
  1786. } else
  1787. $blogTags = '';
  1788. $smileysEnabled = !empty($msgOptions['smileys_enabled']) ? 1 : 0;
  1789.  
  1790. // are we modifying a draft? weird huh?
  1791. if (isset($_POST['draftID'])) {
  1792.  
  1793. if ($context['is_draft_author']) {
  1794. db_query("
  1795. UPDATE {$db_prefix}drafts
  1796. SET boardID = $topicOptions[board],
  1797. topicID = '$topicID',
  1798. smileysEnabled = '$smileysEnabled',
  1799. categoryID = '$categoryID',
  1800. icon = '$msgOptions[icon]',
  1801. body = '$bodyText',
  1802. subject = '$subject',
  1803. blogTags = '$blogTags',
  1804. topicDescription = '$topicDescription',
  1805. timestamp = '". time() ."'
  1806. WHERE draftID = $draftID
  1807. AND memberID = $ID_MEMBER
  1808. LIMIT 1", __FILE__, __LINE__);
  1809.  
  1810. $context['draft_saved'] = true;
  1811.  
  1812. } else
  1813. $context['post_error']['messages'][] = $txt['error_draft_not_saved'];
  1814.  
  1815. $context['draft_id'] = $draftID;
  1816.  
  1817. } else {
  1818.  
  1819. // we're creating a new draft then?
  1820. db_query("
  1821. INSERT INTO {$db_prefix}drafts
  1822. (memberID, boardID, topicID, body, subject, timestamp, categoryID, blogTags, smileysEnabled, icon, topicDescription)
  1823. VALUES ($ID_MEMBER, $topicOptions[board], '$topicID', '$bodyText', '$subject', '". time() ."', '$categoryID', '$blogTags', '$msgOptions[smileys_enabled]', '$msgOptions[icon]', '$topicDescription')", __FILE__, __LINE__);
  1824. $draftID = db_insert_id();
  1825.  
  1826. // Something went wrong creating the draft...
  1827. if (empty($draftID))
  1828. $context['post_error']['messages'][] = $txt['error_draft_not_saved'];
  1829. else {
  1830. $context['draft_saved'] = true;
  1831. $context['draft_id'] = $draftID;
  1832. }
  1833.  
  1834. }
  1835.  
  1836. $context['description'] = $topicDescription;
  1837. $context['current_blogs'] = $blogTags;
  1838. $context['current_blog_cat'] = array('id' => $categoryID);
  1839.  
  1840. if (isset($modSettings['blogMode']) && !empty($categoryID)) {
  1841. $request = db_query("
  1842. SELECT name
  1843. FROM {$db_prefix}blog_categories
  1844. WHERE categoryID = $categoryID
  1845. LIMIT 1", __FILE__, __LINE__);
  1846. if (mysql_num_rows($request) > 0)
  1847. $row = mysql_fetch_assoc($request);
  1848. $context['current_blog_cat']['name'] = !empty($row['name']) ? $row['name'] : '';
  1849. mysql_free_result($request);
  1850. }
  1851. fatal_error($txt['draft_saved']);
  1852. }
  1853.  
  1854. // if we got this far we don't need this draft anymore... so delete it
  1855. if (!empty($context['is_draft_author']) && !empty($draftID)) {
  1856.  
  1857. if ($context['is_draft_author'])
  1858. db_query("
  1859. DELETE FROM {$db_prefix}drafts
  1860. WHERE draftID = $draftID
  1861. AND memberID = $ID_MEMBER
  1862. LIMIT 1", __FILE__, __LINE__);
  1863.  
  1864. }
  1865. //Fin mas codigo borradores
  1866.  
  1867. // This is an already existing message. Edit it.
  1868. if (!empty($_REQUEST['msg']))
  1869. {
  1870. // Have admins allowed people to hide their screwups?
  1871. if (time() - $row['posterTime'] > $modSettings['edit_wait_time'] || $ID_MEMBER != $row['ID_MEMBER'])
  1872. {
  1873. $msgOptions['modify_time'] = time();
  1874. $msgOptions['modify_name'] = addslashes($user_info['name']);
  1875. }
  1876. $msgOptions['edit_reason'] = addslashes(strtr(htmlspecialchars(isset($_POST['edit_reason']) ? $_POST['edit_reason'] : ''), array("\r" => '', "\n" => '', "\t" => '')));
  1877.  
  1878. modifyPost($msgOptions, $topicOptions, $posterOptions);
  1879. }
  1880. // This is a new topic or an already existing one. Save it.
  1881. else
  1882. {
  1883. createPost($msgOptions, $topicOptions, $posterOptions);
  1884.  
  1885. $result_shop = db_query("
  1886. SELECT countMoney
  1887. FROM {$db_prefix}boards
  1888. WHERE ID_BOARD = $board
  1889. LIMIT 1", __FILE__, __LINE__);
  1890. $row_shop = mysql_fetch_array($result_shop, MYSQL_ASSOC);
  1891.  
  1892. if (isset($row_shop['countMoney']) && $row_shop['countMoney'] == "1") {
  1893. if ($newTopic)
  1894. $points = $modSettings['shopPointsPerTopic'];
  1895. else
  1896. $points = $modSettings['shopPointsPerPost'];
  1897.  
  1898. $plaintext = preg_replace('[\[(.*?)\]]', ' ', $_POST['message']);
  1899. $plaintext = str_replace(array('<br />', "\r", "\n"), ' ', $plaintext);
  1900. $plaintext = preg_replace('/\s+/', ' ', $plaintext);
  1901.  
  1902. $points += ($modSettings['shopPointsPerWord'] * str_word_count($plaintext));
  1903. $points += ($modSettings['shopPointsPerChar'] * strlen($plaintext));
  1904.  
  1905. if (isset($modSettings['shopPointsLimit']) && $modSettings['shopPointsLimit'] != 0 && $points > $modSettings['shopPointsLimit'])
  1906. $points = $modSettings['shopPointsLimit'];
  1907.  
  1908. $result_shop = db_query("
  1909. UPDATE {$db_prefix}members
  1910. SET money = money + {$points}, moneyBank = money + {$points}
  1911. WHERE ID_MEMBER = {$ID_MEMBER}
  1912. LIMIT 1", __FILE__, __LINE__);
  1913. }
  1914. if (isset($topicOptions['id']))
  1915. $topic = $topicOptions['id'];
  1916. }
  1917.  
  1918. if(isset($_REQUEST['tags']) && !isset($_REQUEST['num_replies']))
  1919. {
  1920. //Get how many tags there have been for the topic
  1921. $dbresult = db_query("SELECT COUNT(*) as total FROM {$db_prefix}tags_log WHERE ID_TOPIC = " . $topic, __FILE__, __LINE__);
  1922. $row = mysql_fetch_assoc($dbresult);
  1923. $totaltags = $row['total'];
  1924. mysql_free_result($dbresult);
  1925.  
  1926. //Check Tag restrictions
  1927. $tags = explode(',',htmlspecialchars($_REQUEST['tags'],ENT_QUOTES));
  1928.  
  1929. if($totaltags < $modSettings['smftags_set_maxtags'])
  1930. {
  1931. $tagcount = 0;
  1932. foreach($tags as $tag)
  1933. {
  1934. if($tagcount >= $modSettings['smftags_set_maxtags'])
  1935. continue;
  1936.  
  1937.  
  1938. if(empty($tag))
  1939. continue;
  1940.  
  1941. //Check min tag length
  1942. if(strlen($tag) < $modSettings['smftags_set_mintaglength'])
  1943. continue;
  1944. //Check max tag length
  1945. if(strlen($tag) > $modSettings['smftags_set_maxtaglength'])
  1946. continue;
  1947.  
  1948. //Insert The tag
  1949. $dbresult = db_query("SELECT ID_TAG FROM {$db_prefix}tags WHERE tag = '$tag'", __FILE__, __LINE__);
  1950. if(db_affected_rows() == 0)
  1951. {
  1952. //Insert into Tags table
  1953. db_query("INSERT INTO {$db_prefix}tags
  1954. (tag, approved)
  1955. VALUES ('$tag',1)", __FILE__, __LINE__);
  1956. $ID_TAG = db_insert_id();
  1957. //Insert into Tags log
  1958. db_query("INSERT INTO {$db_prefix}tags_log
  1959. (ID_TAG,ID_TOPIC, ID_MEMBER)
  1960. VALUES ($ID_TAG,$topic,$ID_MEMBER)", __FILE__, __LINE__);
  1961.  
  1962. $tagcount++;
  1963. }
  1964. else
  1965. {
  1966. $row = mysql_fetch_assoc($dbresult);
  1967. $ID_TAG = $row['ID_TAG'];
  1968. $dbresult2= db_query("SELECT ID FROM {$db_prefix}tags_log WHERE ID_TAG = $ID_TAG AND ID_TOPIC = $topic", __FILE__, __LINE__);
  1969. if(db_affected_rows() != 0)
  1970. {
  1971. continue;
  1972.  
  1973. }
  1974. mysql_free_result($dbresult2);
  1975. //Insert into Tags log
  1976.  
  1977. db_query("INSERT INTO {$db_prefix}tags_log
  1978. (ID_TAG,ID_TOPIC, ID_MEMBER)
  1979. VALUES ($ID_TAG,$topic,$ID_MEMBER)", __FILE__, __LINE__);
  1980. $tagcount++;
  1981.  
  1982. }
  1983. mysql_free_result($dbresult);
  1984. }
  1985. }
  1986. }
  1987.  
  1988.  
  1989. if(isset($_REQUEST['tags']) && !isset($_REQUEST['num_replies']))
  1990. {
  1991. //Get how many tags there have been for the topic
  1992. $dbresult = db_query("SELECT COUNT(*) as total FROM {$db_prefix}tags_log WHERE ID_TOPIC = " . $topic, __FILE__, __LINE__);
  1993. $row = mysql_fetch_assoc($dbresult);
  1994. $totaltags = $row['total'];
  1995. mysql_free_result($dbresult);
  1996.  
  1997. //Check Tag restrictions
  1998. $tags = explode(',',htmlspecialchars($_REQUEST['tags'],ENT_QUOTES));
  1999.  
  2000. if($totaltags < $modSettings['smftags_set_maxtags'])
  2001. {
  2002. $tagcount = 0;
  2003. foreach($tags as $tag)
  2004. {
  2005. if($tagcount >= $modSettings['smftags_set_maxtags'])
  2006. continue;
  2007.  
  2008.  
  2009. if(empty($tag))
  2010. continue;
  2011.  
  2012. if(strlen($tag) < $modSettings['smftags_set_mintaglength'])
  2013. continue;
  2014. if(strlen($tag) > $modSettings['smftags_set_maxtaglength'])
  2015. continue;
  2016.  
  2017. $dbresult = db_query("SELECT ID_TAG FROM {$db_prefix}tags WHERE tag = '$tag'", __FILE__, __LINE__);
  2018. if(db_affected_rows() == 0)
  2019. {
  2020. db_query("INSERT INTO {$db_prefix}tags
  2021. (tag, approved)
  2022. VALUES ('$tag',1)", __FILE__, __LINE__);
  2023. $ID_TAG = db_insert_id();
  2024. //Insert into Tags log
  2025. db_query("INSERT INTO {$db_prefix}tags_log
  2026. (ID_TAG,ID_TOPIC, ID_MEMBER)
  2027. VALUES ($ID_TAG,$topic,$ID_MEMBER)", __FILE__, __LINE__);
  2028.  
  2029. $tagcount++;
  2030. }
  2031. else
  2032. {
  2033. $row = mysql_fetch_assoc($dbresult);
  2034. $ID_TAG = $row['ID_TAG'];
  2035. $dbresult2= db_query("SELECT ID FROM {$db_prefix}tags_log WHERE ID_TAG = $ID_TAG AND ID_TOPIC = $topic", __FILE__, __LINE__);
  2036. if(db_affected_rows() != 0)
  2037. {
  2038. continue;
  2039.  
  2040. }
  2041. mysql_free_result($dbresult2);
  2042. db_query("INSERT INTO {$db_prefix}tags_log
  2043. (ID_TAG,ID_TOPIC, ID_MEMBER)
  2044. VALUES ($ID_TAG,$topic,$ID_MEMBER)", __FILE__, __LINE__);
  2045. $tagcount++;
  2046.  
  2047. }
  2048. mysql_free_result($dbresult);
  2049. }
  2050. }
  2051. }
  2052.  
  2053.  
  2054. if (!$user_info['is_guest'])
  2055. {
  2056. if (!empty($board_info['parent_boards']))
  2057. {
  2058. db_query("
  2059. UPDATE {$db_prefix}log_boards
  2060. SET ID_MSG = $modSettings[maxMsgID]
  2061. WHERE ID_MEMBER = $ID_MEMBER
  2062. AND ID_BOARD IN (" . implode(',', array_keys($board_info['parent_boards'])) . ")", __FILE__, __LINE__);
  2063. }
  2064. }
  2065.  
  2066. if (!empty($_POST['notify']))
  2067. {
  2068. if (allowedTo('mark_any_notify'))
  2069. db_query("
  2070. INSERT IGNORE INTO {$db_prefix}log_notify
  2071. (ID_MEMBER, ID_TOPIC, ID_BOARD)
  2072. VALUES ($ID_MEMBER, $topic, 0)", __FILE__, __LINE__);
  2073. }
  2074. elseif (!$newTopic)
  2075. db_query("
  2076. DELETE FROM {$db_prefix}log_notify
  2077. WHERE ID_MEMBER = $ID_MEMBER
  2078. AND ID_TOPIC = $topic
  2079. LIMIT 1", __FILE__, __LINE__);
  2080.  
  2081. // Log an act of moderation - modifying.
  2082. if (!empty($moderationAction))
  2083. logAction('modify', array('topic' => $topic, 'message' => (int) $_REQUEST['msg'], 'member' => $row['ID_MEMBER']));
  2084.  
  2085. if (isset($_POST['lock']) && $_POST['lock'] != 2)
  2086. logAction('lock', array('topic' => $topicOptions['id']));
  2087.  
  2088. if (isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']))
  2089. logAction('sticky', array('topic' => $topicOptions['id']));
  2090.  
  2091.  
  2092. // Notify any members who have notification turned on for this topic.
  2093. if ($newTopic)
  2094. notifyMembersBoard();
  2095. elseif (empty($_REQUEST['msg']))
  2096. sendNotifications($topic, 'reply');
  2097.  
  2098. // Returning to the topic?
  2099. if (!empty($_REQUEST['goback']))
  2100. {
  2101. db_query("
  2102. UPDATE {$db_prefix}log_boards
  2103. SET ID_MSG = $modSettings[maxMsgID]
  2104. WHERE ID_MEMBER = $ID_MEMBER
  2105. AND ID_BOARD = $board", __FILE__, __LINE__);
  2106. }
  2107.  
  2108. if (isset($_REQUEST['xml'])) {
  2109. require_once($sourcedir . '/Display.php');
  2110. $_REQUEST['msg'] = $msgOptions['id'];
  2111.  
  2112. call_user_func('Display');
  2113. }
  2114. else {
  2115. if(isset($_REQUEST['msg']))
  2116. redirectexit($scripturl .'?action=rz;m=post-editado;idpost=' . $topic);
  2117.  
  2118. if (!empty($_POST['move']) && allowedTo('move_any'))
  2119. redirectexit(''. $scripturl .'');
  2120.  
  2121. if (isset($_REQUEST['msg']) && !empty($_REQUEST['goback']))
  2122. redirectexit($scripturl);
  2123. elseif (!empty($_REQUEST['goback']))
  2124. redirectexit(''. $scripturl .'?action=rz;m=post-agregado;idpost=' . $topic);
  2125. else
  2126. redirectexit(''. $scripturl .'?action=rz;m=post-agregado;idpost=' . $topic);
  2127.  
  2128. }
  2129. }
  2130. function AnnounceTopic()
  2131. {
  2132. global $context, $txt;
  2133.  
  2134. isAllowedTo('announce_topic');
  2135.  
  2136. validateSession();
  2137.  
  2138. loadLanguage('Post');
  2139. loadTemplate('Post');
  2140.  
  2141. $subActions = array(
  2142. 'selectgroup' => 'AnnouncementSelectMembergroup',
  2143. 'send' => 'AnnouncementSend',
  2144. );
  2145.  
  2146. $context['page_title'] = $txt['announce_topic'];
  2147.  
  2148. $subActions[isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : 'selectgroup']();
  2149. }
  2150.  
  2151. function AnnouncementSelectMembergroup()
  2152. {
  2153. global $db_prefix, $txt, $context, $topic, $board, $board_info;
  2154.  
  2155. $groups = array_merge($board_info['groups'], array(1));
  2156. foreach ($groups as $id => $group)
  2157. $groups[$id] = (int) $group;
  2158.  
  2159. $context['groups'] = array();
  2160. if (in_array(0, $groups))
  2161. {
  2162. $context['groups'][0] = array(
  2163. 'id' => 0,
  2164. 'name' => $txt['announce_regular_members'],
  2165. 'member_count' => 'n/a',
  2166. );
  2167. }
  2168.  
  2169. // Get all membergroups that have access to the board the announcement was made on.
  2170. $request = db_query("
  2171. SELECT mg.ID_GROUP, mg.groupName, COUNT(mem.ID_MEMBER) AS num_members
  2172. FROM {$db_prefix}membergroups AS mg
  2173. LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_GROUP = mg.ID_GROUP OR FIND_IN_SET(mg.ID_GROUP, mem.additionalGroups) OR mg.ID_GROUP = mem.ID_POST_GROUP)
  2174. WHERE mg.ID_GROUP IN (" . implode(', ', $groups) . ")
  2175. GROUP BY mg.ID_GROUP
  2176. ORDER BY mg.minPosts, IF(mg.ID_GROUP < 4, mg.ID_GROUP, 4), mg.groupName", __FILE__, __LINE__);
  2177. while ($row = mysql_fetch_assoc($request))
  2178. {
  2179. $context['groups'][$row['ID_GROUP']] = array(
  2180. 'id' => $row['ID_GROUP'],
  2181. 'name' => $row['groupName'],
  2182. 'member_count' => $row['num_members'],
  2183. );
  2184. }
  2185. mysql_free_result($request);
  2186.  
  2187. // Get the subject of the topic we're about to announce.
  2188. $request = db_query("
  2189. SELECT m.subject
  2190. FROM ({$db_prefix}messages AS m, {$db_prefix}topics AS t)
  2191. WHERE t.ID_TOPIC = $topic
  2192. AND m.ID_MSG = t.ID_FIRST_MSG", __FILE__, __LINE__);
  2193. list ($context['topic_subject']) = mysql_fetch_row($request);
  2194. mysql_free_result($request);
  2195.  
  2196. censorText($context['announce_topic']['subject']);
  2197.  
  2198. $context['move'] = isset($_REQUEST['move']) ? 1 : 0;
  2199. $context['go_back'] = isset($_REQUEST['goback']) ? 1 : 0;
  2200.  
  2201. $context['sub_template'] = 'announce';
  2202. }
  2203.  
  2204. // Send the announcement in chunks.
  2205. function AnnouncementSend()
  2206. {
  2207. global $db_prefix, $topic, $board, $board_info, $context, $modSettings;
  2208. global $language, $scripturl, $txt, $ID_MEMBER, $sourcedir;
  2209.  
  2210. checkSession();
  2211.  
  2212. // !!! Might need an interface?
  2213. $chunkSize = 50;
  2214. $context['start'] = empty($_REQUEST['start']) ? 0 : (int) $_REQUEST['start'];
  2215. $groups = array_merge($board_info['groups'], array(1));
  2216.  
  2217. if (!empty($_POST['membergroups']))
  2218. $_POST['who'] = explode(',', $_POST['membergroups']);
  2219.  
  2220. // Check whether at least one membergroup was selected.
  2221. if (empty($_POST['who']))
  2222. fatal_lang_error('no_membergroup_selected');
  2223.  
  2224. // Make sure all membergroups are integers and can access the board of the announcement.
  2225. foreach ($_POST['who'] as $id => $mg)
  2226. $_POST['who'][$id] = in_array((int) $mg, $groups) ? (int) $mg : 0;
  2227.  
  2228. // Get the topic subject and censor it.
  2229. $request = db_query("
  2230. SELECT m.ID_MSG, m.subject, m.body
  2231. FROM ({$db_prefix}messages AS m, {$db_prefix}topics AS t)
  2232. WHERE t.ID_TOPIC = $topic
  2233. AND m.ID_MSG = t.ID_FIRST_MSG", __FILE__, __LINE__);
  2234. list ($ID_MSG, $context['topic_subject'], $message) = mysql_fetch_row($request);
  2235. mysql_free_result($request);
  2236.  
  2237. censorText($context['topic_subject']);
  2238. censorText($message);
  2239.  
  2240. $message = trim(un_htmlspecialchars(strip_tags(strtr(parse_bbc($message, false, $ID_MSG), array('<br />' => "\n", '</div>' => "\n", '</li>' => "\n", '&#91;' => '[', '&#93;' => ']')))));
  2241.  
  2242. // We need this in order to be able send emails.
  2243. require_once($sourcedir . '/Subs-Post.php');
  2244.  
  2245. // Select the email addresses for this batch.
  2246. $request = db_query("
  2247. SELECT mem.ID_MEMBER, mem.emailAddress, mem.lngfile
  2248. FROM {$db_prefix}members AS mem
  2249. WHERE mem.ID_MEMBER != $ID_MEMBER" . (!empty($modSettings['allow_disableAnnounce']) ? '
  2250. AND mem.notifyAnnouncements = 1' : '') . "
  2251. AND mem.is_activated = 1
  2252. AND (mem.ID_GROUP IN (" . implode(', ', $_POST['who']) . ") OR mem.ID_POST_GROUP IN (" . implode(', ', $_POST['who']) . ") OR FIND_IN_SET(" . implode(", mem.additionalGroups) OR FIND_IN_SET(", $_POST['who']) . ", mem.additionalGroups))
  2253. AND mem.ID_MEMBER > $context[start]
  2254. ORDER BY mem.ID_MEMBER
  2255. LIMIT $chunkSize", __FILE__, __LINE__);
  2256.  
  2257. // All members have received a mail. Go to the next screen.
  2258. if (mysql_num_rows($request) == 0)
  2259. {
  2260. if (!empty($_REQUEST['move']) && allowedTo('move_any'))
  2261. redirectexit('?action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback'));
  2262. elseif (!empty($_REQUEST['goback']))
  2263. redirectexit(''. $scripturl .'');
  2264. else
  2265. redirectexit(''. $scripturl .'');
  2266. }
  2267.  
  2268. // Loop through all members that'll receive an announcement in this batch.
  2269. while ($row = mysql_fetch_assoc($request))
  2270. {
  2271. $cur_language = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'];
  2272.  
  2273. // If the language wasn't defined yet, load it and compose a notification message.
  2274. if (!isset($announcements[$cur_language]))
  2275. {
  2276. loadLanguage('Post', $cur_language, false);
  2277.  
  2278. $announcements[$cur_language] = array(
  2279. 'subject' => $txt['notifyXAnn2'] . ': ' . $context['topic_subject'],
  2280. 'body' => $message . "\n\n" . $txt['notifyXAnn3'] . "\n\n" . $scripturl . '?topic=' . $topic . ".0\n\n" . $txt[130],
  2281. 'recipients' => array(),
  2282. );
  2283. }
  2284.  
  2285. $announcements[$cur_language]['recipients'][$row['ID_MEMBER']] = $row['emailAddress'];
  2286. $context['start'] = $row['ID_MEMBER'];
  2287. }
  2288. mysql_free_result($request);
  2289.  
  2290. // For each language send a different mail.
  2291. foreach ($announcements as $lang => $mail)
  2292. sendmail($mail['recipients'], $mail['subject'], $mail['body']);
  2293.  
  2294. $context['percentage_done'] = round(100 * $context['start'] / $modSettings['latestMember'], 1);
  2295.  
  2296. $context['move'] = empty($_REQUEST['move']) ? 0 : 1;
  2297. $context['go_back'] = empty($_REQUEST['goback']) ? 0 : 1;
  2298. $context['membergroups'] = implode(',', $_POST['who']);
  2299. $context['sub_template'] = 'announcement_send';
  2300.  
  2301. // Go back to the correct language for the user ;).
  2302. if (!empty($modSettings['userLanguage']))
  2303. loadLanguage('Post');
  2304. }
  2305.  
  2306. // Notify members of a new post.
  2307. function notifyMembersBoard()
  2308. {
  2309. global $board, $topic, $txt, $scripturl, $db_prefix, $language, $user_info;
  2310. global $ID_MEMBER, $modSettings, $sourcedir;
  2311.  
  2312. // Can't do it if there's no board. (won't happen but let's check for safety and not sending a zillion email's sake.)
  2313. if (empty($board))
  2314. trigger_error('notifyMembersBoard(): Can\'t send a notification without a board id!', E_USER_NOTICE);
  2315.  
  2316. require_once($sourcedir . '/Subs-Post.php');
  2317.  
  2318. $message = stripslashes($_POST['message']);
  2319.  
  2320. // Censor the subject and body...
  2321. censorText($_POST['subject']);
  2322. censorText($message);
  2323.  
  2324. $_POST['subject'] = un_htmlspecialchars($_POST['subject']);
  2325. $message = trim(un_htmlspecialchars(strip_tags(strtr(parse_bbc($message, false), array('<br />' => "\n", '</div>' => "\n", '</li>' => "\n", '&#91;' => '[', '&#93;' => ']')))));
  2326.  
  2327. // Find the members with notification on for this board.
  2328. $members = db_query("
  2329. SELECT
  2330. mem.ID_MEMBER, mem.emailAddress, mem.notifyOnce, mem.notifySendBody, mem.lngfile,
  2331. ln.sent, mem.ID_GROUP, mem.additionalGroups, b.memberGroups, mem.ID_POST_GROUP
  2332. FROM ({$db_prefix}log_notify AS ln, {$db_prefix}members AS mem, {$db_prefix}boards AS b)
  2333. WHERE ln.ID_BOARD = $board
  2334. AND b.ID_BOARD = $board
  2335. AND mem.ID_MEMBER != $ID_MEMBER
  2336. AND mem.is_activated = 1
  2337. AND mem.notifyTypes != 4
  2338. AND ln.ID_MEMBER = mem.ID_MEMBER
  2339. GROUP BY mem.ID_MEMBER
  2340. ORDER BY mem.lngfile", __FILE__, __LINE__);
  2341. while ($rowmember = mysql_fetch_assoc($members))
  2342. {
  2343. if ($rowmember['ID_GROUP'] != 1)
  2344. {
  2345. $allowed = explode(',', $rowmember['memberGroups']);
  2346. $rowmember['additionalGroups'] = explode(',', $rowmember['additionalGroups']);
  2347. $rowmember['additionalGroups'][] = $rowmember['ID_GROUP'];
  2348. $rowmember['additionalGroups'][] = $rowmember['ID_POST_GROUP'];
  2349.  
  2350. if (count(array_intersect($allowed, $rowmember['additionalGroups'])) == 0)
  2351. continue;
  2352. }
  2353.  
  2354. loadLanguage('Post', empty($rowmember['lngfile']) || empty($modSettings['userLanguage']) ? $language : $rowmember['lngfile'], false);
  2355.  
  2356. // Setup the string for adding the body to the message, if a user wants it.
  2357. $body_text = empty($modSettings['disallow_sendBody']) ? $txt['notification_new_topic_body'] . "\n\n" . $message . "\n\n" : '';
  2358.  
  2359. $send_subject = sprintf($txt['notify_boards_subject'], $_POST['subject']);
  2360.  
  2361. // Send only if once is off or it's on and it hasn't been sent.
  2362. if (!empty($rowmember['notifyOnce']) && empty($rowmember['sent']))
  2363. sendmail($rowmember['emailAddress'], $send_subject,
  2364. sprintf($txt['notify_boards'], $_POST['subject'], $scripturl . '?topic=' . $topic . '.new#new', un_htmlspecialchars($user_info['name'])) .
  2365. $txt['notify_boards_once'] . "\n\n" .
  2366. (!empty($rowmember['notifySendBody']) ? $body_text : '') .
  2367. $txt['notify_boardsUnsubscribe'] . ': ' . $scripturl . '?action=notifyboard;board=' . $board . ".0\n\n" .
  2368. $txt[130], null, 't' . $topic);
  2369. elseif (empty($rowmember['notifyOnce']))
  2370. sendmail($rowmember['emailAddress'], $send_subject,
  2371. sprintf($txt['notify_boards'], $_POST['subject'], $scripturl . '?topic=' . $topic . '.new#new', un_htmlspecialchars($user_info['name'])) .
  2372. (!empty($rowmember['notifySendBody']) ? $body_text : '') .
  2373. $txt['notify_boardsUnsubscribe'] . ': ' . $scripturl . '?action=notifyboard;board=' . $board . ".0\n\n" .
  2374. $txt[130], null, 't' . $topic);
  2375. }
  2376. mysql_free_result($members);
  2377.  
  2378. // Sent!
  2379. db_query("
  2380. UPDATE {$db_prefix}log_notify
  2381. SET sent = 1
  2382. WHERE ID_BOARD = $board
  2383. AND ID_MEMBER != $ID_MEMBER", __FILE__, __LINE__);
  2384. }
  2385.  
  2386. // Get the topic for display purposes.
  2387. function getTopic()
  2388. {
  2389. global $topic, $db_prefix, $modSettings, $context;
  2390.  
  2391. // Calculate the amount of new replies.
  2392. $newReplies = empty($_REQUEST['num_replies']) || $context['num_replies'] <= $_REQUEST['num_replies'] ? 0 : $context['num_replies'] - $_REQUEST['num_replies'];
  2393.  
  2394. if (isset($_REQUEST['xml']))
  2395. $limit = "
  2396. LIMIT " . (empty($newReplies) ? '0' : $newReplies);
  2397. else
  2398. $limit = empty($modSettings['topicSummaryPosts']) ? '' : '
  2399. LIMIT ' . (int) $modSettings['topicSummaryPosts'];
  2400.  
  2401. // If you're modifying, get only those posts before the current one. (otherwise get all.)
  2402. $request = db_query("
  2403. SELECT IFNULL(mem.realName, m.posterName) AS posterName, m.posterTime, m.body, m.smileysEnabled, m.ID_MSG
  2404. ,m.hiddenOption, m.hiddenValue, m.ID_MEMBER, m.ID_BOARD
  2405. FROM {$db_prefix}messages AS m
  2406. LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER = m.ID_MEMBER)
  2407. WHERE m.ID_TOPIC = $topic" . (isset($_REQUEST['msg']) ? "
  2408. AND m.ID_MSG < " . (int) $_REQUEST['msg'] : '') . "
  2409. ORDER BY m.ID_MSG DESC$limit", __FILE__, __LINE__);
  2410. $context['previous_posts'] = array();
  2411. while ($row = mysql_fetch_assoc($request))
  2412. {
  2413. // Hide the post in preview or not? --- XD
  2414. $row['can_view_post'] = 1;
  2415. if (!empty($modSettings['allow_hiddenPost']) && $row['hiddenOption'] > 0)
  2416. {
  2417. global $sourcedir;
  2418. require_once($sourcedir . '/HidePost.php');
  2419. $row['ID_TOPIC'] = $topic;
  2420. $context['current_message'] = $row;
  2421. $row['body'] = getHiddenMessage();
  2422. $row['can_view_post'] = $context['can_view_post'];
  2423. }
  2424. // Censor, BBC, ...
  2425. censorText($row['body']);
  2426. $row['body'] = parse_bbc($row['body'], $row['smileysEnabled'], $row['ID_MSG']);
  2427.  
  2428. // ...and store.
  2429. $context['previous_posts'][] = array(
  2430. 'can_view_post' => $row['can_view_post'],
  2431. 'poster' => $row['posterName'],
  2432. 'message' => $row['body'],
  2433. 'time' => timeformat($row['posterTime']),
  2434. 'timestamp' => forum_time(true, $row['posterTime']),
  2435. 'id' => $row['ID_MSG'],
  2436. 'is_new' => !empty($newReplies),
  2437. );
  2438.  
  2439. if (!empty($newReplies))
  2440. $newReplies--;
  2441. }
  2442. mysql_free_result($request);
  2443. }
  2444.  
  2445. function QuoteFast()
  2446. {
  2447. global $db_prefix, $modSettings, $user_info, $txt, $settings, $context;
  2448. global $sourcedir, $func;
  2449.  
  2450. loadLanguage('Post');
  2451. if (!isset($_REQUEST['xml']))
  2452. loadTemplate('Post');
  2453.  
  2454. checkSession('get');
  2455.  
  2456. include_once($sourcedir . '/Subs-Post.php');
  2457.  
  2458. $moderate_boards = boardsAllowedTo('moderate_board');
  2459.  
  2460. $request = db_query("
  2461. SELECT IFNULL(mem.realName, m.posterName) AS posterName, m.posterTime, m.body, m.ID_TOPIC, m.subject, t.locked
  2462. , m.ID_MEMBER AS ID_MEMBER_CHECK, b.ID_BOARD as ID_BOARD_CHECK
  2463. FROM ({$db_prefix}messages AS m, {$db_prefix}boards AS b, {$db_prefix}topics AS t)
  2464. LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER = m.ID_MEMBER)
  2465. WHERE m.ID_MSG = " . (int) $_REQUEST['quote'] . "
  2466. AND b.ID_BOARD = m.ID_BOARD
  2467. AND t.ID_TOPIC = m.ID_TOPIC
  2468. AND $user_info[query_see_board]" . (!isset($_REQUEST['modify']) || (!empty($moderate_boards) && $moderate_boards[0] == 0) ? '' : '
  2469. AND (t.locked = 0' . (empty($moderate_boards) ? '' : ' OR b.ID_BOARD IN (' . implode(', ', $moderate_boards) . ')') . ')') . "
  2470. LIMIT 1", __FILE__, __LINE__);
  2471. $context['close_window'] = mysql_num_rows($request) == 0;
  2472.  
  2473. $context['sub_template'] = 'quotefast';
  2474. if (mysql_num_rows($request) != 0)
  2475. {
  2476. $row = mysql_fetch_assoc($request);
  2477. mysql_free_result($request);
  2478.  
  2479. // Remove special formatting we don't want anymore.
  2480. $row['body'] = un_preparsecode($row['body']);
  2481.  
  2482. // Censor the message!
  2483. censorText($row['body']);
  2484.  
  2485. $row['body'] = preg_replace('~<br(?: /)?' . '>~i', "\n", $row['body']);
  2486.  
  2487. // Want to modify a single message by double clicking it?
  2488. if (isset($_REQUEST['modify']))
  2489. {
  2490. censorText($row['subject']);
  2491.  
  2492. //This is a check that SMF not do... i will check if he allowed to edit or edit any
  2493. global $ID_MEMBER;
  2494.  
  2495. if(!allowedTo('modify_any', $row['ID_BOARD_CHECK']) && $ID_MEMBER != $row['ID_MEMBER_CHECK']) {
  2496. //Remove the Hidden Content because it's only for the master post *g*
  2497. $row['body'] = preg_replace("/\[hide\](.+?)\[\/hide\]/i", "&nbsp;", $row['body']);
  2498. $row['body'] = preg_replace(array('~\n?\[hide.*?\].+?\[/hide\]\n?~is', '~^\n~', '~\[/hide\]~'), "&nbsp;", $row['body']);
  2499. }
  2500.  
  2501. $context['sub_template'] = 'modifyfast';
  2502. $context['message'] = array(
  2503. 'id' => $_REQUEST['quote'],
  2504. 'body' => $row['body'],
  2505. 'subject' => addcslashes($row['subject'], '"'),
  2506. );
  2507.  
  2508. return;
  2509. }
  2510.  
  2511. //Remove the Hidden Content because it's only for the master post *g*
  2512. $row['body'] = preg_replace("/\[hide\](.+?)\[\/hide\]/i", "&nbsp;", $row['body']);
  2513. $row['body'] = preg_replace(array('~\n?\[hide.*?\].+?\[/hide\]\n?~is', '~^\n~', '~\[/hide\]~'), "&nbsp;", $row['body']);
  2514.  
  2515. // Remove any nested quotes.
  2516. if (!empty($modSettings['removeNestedQuotes']))
  2517. $row['body'] = preg_replace(array('~\n?\[quote.*?\].+?\[/quote\]\n?~is', '~^\n~', '~\[/quote\]~'), '', $row['body']);
  2518.  
  2519. // Add a quote string on the front and end.
  2520. $context['quote']['xml'] = '[quote author=' . $row['posterName'] . ' link=topic=' . $row['ID_TOPIC'] . '.msg' . (int) $_REQUEST['quote'] . '#msg' . (int) $_REQUEST['quote'] . ' date=' . $row['posterTime'] . ']' . "\n" . $row['body'] . "\n" . '[/quote]';
  2521. $context['quote']['text'] = strtr(un_htmlspecialchars($context['quote']['xml']), array('\'' => '\\\'', '\\' => '\\\\', "\n" => '\\n', '</script>' => '</\' + \'script>'));
  2522. $context['quote']['xml'] = strtr($context['quote']['xml'], array('&nbsp;' => '&#160;', '<' => '&lt;', '>' => '&gt;'));
  2523.  
  2524. $context['quote']['mozilla'] = strtr($func['htmlspecialchars']($context['quote']['text']), array('&quot;' => '"'));
  2525. }
  2526. // !!! Needs a nicer interface.
  2527. // In case our message has been removed in the meantime.
  2528. elseif (isset($_REQUEST['modify']))
  2529. {
  2530. $context['sub_template'] = 'modifyfast';
  2531. $context['message'] = array(
  2532. 'id' => 0,
  2533. 'body' => '',
  2534. 'subject' => '',
  2535. );
  2536. }
  2537. else
  2538. $context['quote'] = array(
  2539. 'xml' => '',
  2540. 'mozilla' => '',
  2541. 'text' => '',
  2542. );
  2543. }
  2544.  
  2545. function JavaScriptModify()
  2546. {
  2547. global $db_prefix, $sourcedir, $modSettings, $board, $topic, $txt;
  2548. global $user_info, $ID_MEMBER, $context, $func, $language;
  2549.  
  2550. // We have to have a topic!
  2551. if (empty($topic))
  2552. obExit(false);
  2553.  
  2554. checkSession('get');
  2555. require_once($sourcedir . '/Subs-Post.php');
  2556.  
  2557. // Assume the first message if no message ID was given.
  2558. $request = db_query("
  2559. SELECT
  2560. t.locked, t.numReplies, t.ID_MEMBER_STARTED, t.ID_FIRST_MSG,
  2561. m.ID_MSG, m.ID_MEMBER, m.posterTime, m.subject, m.smileysEnabled, m.body,
  2562. m.modifiedTime, m.modifiedName
  2563. FROM ({$db_prefix}messages AS m, {$db_prefix}topics AS t)
  2564. WHERE m.ID_MSG = " . (empty($_REQUEST['msg']) ? 't.ID_FIRST_MSG' : (int) $_REQUEST['msg']) . "
  2565. AND m.ID_TOPIC = $topic
  2566. AND t.ID_TOPIC = $topic", __FILE__, __LINE__);
  2567. if (mysql_num_rows($request) == 0)
  2568. fatal_lang_error('smf232', false);
  2569. $row = mysql_fetch_assoc($request);
  2570. mysql_free_result($request);
  2571.  
  2572. // Change either body or subject requires permissions to modify messages.
  2573. if (isset($_POST['message']) || isset($_POST['subject']) || isset($_POST['icon']))
  2574. {
  2575. if (!empty($row['locked']))
  2576. isAllowedTo('moderate_board');
  2577.  
  2578. if ($row['ID_MEMBER'] == $ID_MEMBER && !allowedTo('modify_any'))
  2579. {
  2580. if (!empty($modSettings['edit_disable_time']) && $row['posterTime'] + ($modSettings['edit_disable_time'] + 5) * 60 < time())
  2581. fatal_lang_error('modify_post_time_passed', false);
  2582. elseif ($row['ID_MEMBER_STARTED'] == $ID_MEMBER && !allowedTo('modify_own'))
  2583. isAllowedTo('modify_replies');
  2584. else
  2585. isAllowedTo('modify_own');
  2586. }
  2587. // Otherwise, they're locked out; someone who can modify the replies is needed.
  2588. elseif ($row['ID_MEMBER_STARTED'] == $ID_MEMBER && !allowedTo('modify_any'))
  2589. isAllowedTo('modify_replies');
  2590. else
  2591. isAllowedTo('modify_any');
  2592.  
  2593. // Only log this action if it wasn't your message.
  2594. $moderationAction = $row['ID_MEMBER'] != $ID_MEMBER;
  2595. }
  2596.  
  2597. $post_errors = array();
  2598. if (isset($_POST['subject']) && $func['htmltrim']($_POST['subject']) !== '')
  2599. {
  2600. $_POST['subject'] = strtr($func['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
  2601.  
  2602. // Maximum number of characters.
  2603. if ($func['strlen']($_POST['subject']) > 100)
  2604. $_POST['subject'] = addslashes($func['substr'](stripslashes($_POST['subject']), 0, 100));
  2605. }
  2606. else
  2607. {
  2608. $post_errors[] = 'no_subject';
  2609. unset($_POST['subject']);
  2610. }
  2611.  
  2612.  
  2613. if (isset($_POST['message']))
  2614. {
  2615. if ($func['htmltrim']($_POST['message']) === '')
  2616. {
  2617. $post_errors[] = 'no_message';
  2618. unset($_POST['message']);
  2619. }
  2620. elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_POST['message']) > $modSettings['max_messageLength'])
  2621. {
  2622. $post_errors[] = 'long_message';
  2623. unset($_POST['message']);
  2624. }
  2625. else
  2626. {
  2627. $_POST['message'] = $func['htmlspecialchars']($_POST['message'], ENT_QUOTES);
  2628.  
  2629. preparsecode($_POST['message']);
  2630.  
  2631. if ($func['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '')
  2632. {
  2633. $post_errors[] = 'no_message';
  2634. unset($_POST['message']);
  2635. }
  2636. }
  2637. }
  2638.  
  2639. if (isset($_POST['lock']))
  2640. {
  2641. if (!allowedTo(array('lock_any', 'lock_own')) || (!allowedTo('lock_any') && $ID_MEMBER != $row['ID_MEMBER']))
  2642. unset($_POST['lock']);
  2643. elseif (!allowedTo('lock_any'))
  2644. {
  2645. if ($row['locked'] == 1)
  2646. unset($_POST['lock']);
  2647. else
  2648. $_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
  2649. }
  2650. elseif (!empty($row['locked']) && !empty($_POST['lock']) || $_POST['lock'] == $row['locked'])
  2651. unset($_POST['lock']);
  2652. else
  2653. $_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
  2654. }
  2655.  
  2656. if (isset($_POST['sticky']) && !allowedTo('make_sticky'))
  2657. unset($_POST['sticky']);
  2658.  
  2659.  
  2660. if (empty($post_errors))
  2661. {
  2662. $msgOptions = array(
  2663. 'id' => $row['ID_MSG'],
  2664. 'subject' => isset($_POST['subject']) ? $_POST['subject'] : null,
  2665. 'subject2' => isset($_POST['subject2']) ? $_POST['subject2'] : null,
  2666. 'body' => isset($_POST['message']) ? $_POST['message'] : null,
  2667. 'icon' => isset($_POST['icon']) ? preg_replace('~[\./\\\\*\':"<>]~', '', $_POST['icon']) : null,
  2668. );
  2669. $topicOptions = array(
  2670. 'id' => $topic,
  2671. 'board' => $board,
  2672. 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null,
  2673. 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null,
  2674. 'mark_as_read' => true,
  2675. );
  2676. $posterOptions = array();
  2677.  
  2678. // Only consider marking as editing if they have edited the subject, message or icon.
  2679. if ((isset($_POST['subject']) && $_POST['subject'] != $row['subject']) || (isset($_POST['message']) && $_POST['message'] != $row['body']) || (isset($_POST['icon']) && $_POST['icon'] != $row['icon']))
  2680. {
  2681. // And even then only if the time has passed...
  2682. if (time() - $row['posterTime'] > $modSettings['edit_wait_time'] || $ID_MEMBER != $row['ID_MEMBER'])
  2683. {
  2684. $msgOptions['modify_time'] = time();
  2685. $msgOptions['modify_name'] = addslashes($user_info['name']);
  2686. }
  2687. }
  2688.  
  2689. modifyPost($msgOptions, $topicOptions, $posterOptions);
  2690.  
  2691. // If we didn't change anything this time but had before put back the old info.
  2692. if (!isset($msgOptions['modify_time']) && !empty($row['modifiedTime']))
  2693. {
  2694. $msgOptions['modify_time'] = $row['modifiedTime'];
  2695. $msgOptions['modify_name'] = $row['modifiedName'];
  2696. }
  2697.  
  2698. // Changing the first subject updates other subjects to 'Re: new_subject'.
  2699. if (isset($_POST['subject']) && isset($_REQUEST['change_all_subjects']) && $row['ID_FIRST_MSG'] == $row['ID_MSG'] && !empty($row['numReplies']) && (allowedTo('modify_any') || ($row['ID_MEMBER_STARTED'] == $ID_MEMBER && allowedTo('modify_replies'))))
  2700. {
  2701. // Get the proper (default language) response prefix first.
  2702. if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix')))
  2703. {
  2704. if ($language === $user_info['language'])
  2705. $context['response_prefix'] = $txt['response_prefix'];
  2706. else
  2707. {
  2708. loadLanguage('index', $language, false);
  2709. $context['response_prefix'] = $txt['response_prefix'];
  2710. loadLanguage('index');
  2711. }
  2712. cache_put_data('response_prefix', $context['response_prefix'], 600);
  2713. }
  2714.  
  2715. db_query("
  2716. UPDATE {$db_prefix}messages
  2717. SET subject = '$context[response_prefix]$_POST[subject]',
  2718. WHERE ID_TOPIC = $topic
  2719. AND ID_MSG != $row[ID_FIRST_MSG]
  2720. LIMIT $row[numReplies]", __FILE__, __LINE__);
  2721.  
  2722.  
  2723. }
  2724.  
  2725. if ($moderationAction)
  2726. logAction('modify', array('topic' => $topic, 'message' => $row['ID_MSG'], 'member' => $row['ID_MEMBER_STARTED']));
  2727. }
  2728.  
  2729.  
  2730.  
  2731.  
  2732.  
  2733.  
  2734. if (isset($_REQUEST['xml']))
  2735. {
  2736. $context['sub_template'] = 'modifydone';
  2737. if (empty($post_errors) && isset($msgOptions['subject']) && isset($msgOptions['body']))
  2738. {
  2739. $context['message'] = array(
  2740. 'id' => $row['ID_MSG'],
  2741. 'modified' => array(
  2742. 'time' => isset($msgOptions['modify_time']) ? timeformat($msgOptions['modify_time']) : '',
  2743. 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0,
  2744. 'name' => isset($msgOptions['modify_time']) ? stripslashes($msgOptions['modify_name']) : '',
  2745. ),
  2746. 'subject' => stripslashes($msgOptions['subject']),
  2747. 'first_in_topic' => $row['ID_MSG'] == $row['ID_FIRST_MSG'],
  2748. 'body' => strtr(stripslashes($msgOptions['body']), array(']]>' => ']]]]><![CDATA[>')),
  2749. );
  2750.  
  2751. censorText($context['message']['subject']);
  2752. censorText($context['message']['body']);
  2753.  
  2754. $context['message']['body'] = parse_bbc($context['message']['body'], $row['smileysEnabled'], $row['ID_MSG']);
  2755. }
  2756. // Topic?
  2757. elseif (empty($post_errors) && isset($msgOptions['subject']))
  2758. {
  2759. $context['sub_template'] = 'modifytopicdone';
  2760. $context['message'] = array(
  2761. 'id' => $row['ID_MSG'],
  2762. 'modified' => array(
  2763. 'time' => isset($msgOptions['modify_time']) ? timeformat($msgOptions['modify_time']) : '',
  2764. 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0,
  2765. 'name' => isset($msgOptions['modify_time']) ? stripslashes($msgOptions['modify_name']) : '',
  2766. ),
  2767. 'subject' => stripslashes($msgOptions['subject']),
  2768. );
  2769.  
  2770. censorText($context['message']['subject']);
  2771. }
  2772. else
  2773. {
  2774. $context['message'] = array(
  2775. 'id' => $row['ID_MSG'],
  2776. 'errors' => array(),
  2777. 'error_in_subject' => in_array('no_subject', $post_errors),
  2778. 'error_in_body' => in_array('no_message', $post_errors) || in_array('long_message', $post_errors),
  2779. );
  2780.  
  2781. loadLanguage('Errors');
  2782. foreach ($post_errors as $post_error)
  2783. $context['message']['errors'][] = $txt['error_' . $post_error];
  2784. }
  2785. }
  2786. else
  2787. obExit(false);
  2788. }
  2789.  
  2790. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement