| [ Index ] |
PHP Cross Reference of Nuke-Evolution v2.0.5 |
[Summary view] [Print] [Text view]
1 <?php 2 /*======================================================================= 3 Nuke-Evolution Basic: Enhanced PHP-Nuke Web Portal System 4 =======================================================================*/ 5 6 /*************************************************************************** 7 * functions_post.php 8 * ------------------- 9 * begin : Saturday, Feb 13, 2001 10 * copyright : (C) 2001 The phpBB Group 11 * email : support@phpbb.com 12 * 13 * Id: functions_post.php,v 1.9.2.37 2004/11/18 17:49:44 acydburn Exp 14 * 15 ***************************************************************************/ 16 17 /*************************************************************************** 18 * 19 * This program is free software; you can redistribute it and/or modify 20 * it under the terms of the GNU General Public License as published by 21 * the Free Software Foundation; either version 2 of the License, or 22 * (at your option) any later version. 23 * 24 ***************************************************************************/ 25 26 /*****[CHANGES]********************************************************** 27 -=[Base]=- 28 Caching System v1.0.0 10/30/2005 29 -=[Mod]=- 30 Allow multiple spaces in posts v1.0.0 06/24/2005 31 adminHtml v1.0.3 06/26/2005 32 Topic Text Reply Email v1.0.0 07/11/2005 33 Limit smilies per post v1.0.2 07/24/2005 34 Must first vote to see results v1.0.0 08/03/2005 35 Log Moderator Actions v1.1.6 08/06/2005 36 No Flood Control For Mods And Admins v1.0.0 10/02/2005 37 Auto Group v1.2.2 11/06/2006 38 ************************************************************************/ 39 40 if (!defined('IN_PHPBB')) 41 { 42 die('Hacking attempt'); 43 } 44 45 $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#'); 46 $html_entities_replace = array('&', '<', '>', '"'); 47 48 $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); 49 $unhtml_specialchars_replace = array('>', '<', '"', '&'); 50 51 // 52 // This function will prepare a posted message for 53 // entry into the database. 54 // 55 function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) 56 { 57 /*****[BEGIN]****************************************** 58 [ Mod: adminHtml v1.0.3 ] 59 ******************************************************/ 60 global $board_config, $html_entities_match, $html_entities_replace, $userdata; 61 /*****[END]******************************************** 62 [ Mod: adminHtml v1.0.3 ] 63 ******************************************************/ 64 65 // 66 // Clean up the message 67 // 68 $message = trim($message); 69 70 if ($html_on) 71 { 72 // If HTML is on, we try to make it safe 73 // This approach is quite agressive and anything that does not look like a valid tag 74 // is going to get converted to HTML entities 75 $message = stripslashes($message); 76 $html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#'; 77 $matches = array(); 78 79 $message_split = preg_split($html_match, $message); 80 preg_match_all($html_match, $message, $matches); 81 82 $message = ''; 83 84 foreach ($message_split as $part) 85 { 86 $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2])); 87 $message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag); 88 } 89 90 $message = addslashes($message); 91 $message = str_replace('"', '\"', $message); 92 } 93 else 94 { 95 /*****[BEGIN]****************************************** 96 [ Mod: adminHtml v1.0.3 ] 97 ******************************************************/ 98 if($userdata['user_level'] == ADMIN) 99 { 100 //do nothing 101 } 102 else 103 { 104 /*****[END]******************************************** 105 [ Mod: adminHtml v1.0.3 ] 106 ******************************************************/ 107 $message = preg_replace($html_entities_match, $html_entities_replace, $message); 108 /*****[BEGIN]****************************************** 109 [ Mod: adminHtml v1.0.3 ] 110 ******************************************************/ 111 } 112 /*****[END]******************************************** 113 [ Mod: adminHtml v1.0.3 ] 114 ******************************************************/ 115 } 116 117 if($bbcode_on && $bbcode_uid != '') 118 { 119 $message = bbencode_first_pass($message, $bbcode_uid); 120 } 121 /*****[BEGIN]****************************************** 122 [ Mod: Allow multiple spaces in posts v1.0.0 ] 123 ******************************************************/ 124 $message = replace_double_spaces($message); 125 /*****[END]******************************************** 126 [ Mod: Allow multiple spaces in posts v1.0.0 ] 127 ******************************************************/ 128 129 return $message; 130 } 131 132 function unprepare_message($message) 133 { 134 global $unhtml_specialchars_match, $unhtml_specialchars_replace; 135 136 return preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, $message); 137 } 138 139 // 140 // Prepare a message for posting 141 // 142 /*****[BEGIN]****************************************** 143 [ Mod: Must first vote to see results v1.0.0 ] 144 ******************************************************/ 145 function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length, &$poll_view_toggle) 146 /*****[END]******************************************** 147 [ Mod: Must first vote to see results v1.0.0 ] 148 ******************************************************/ 149 { 150 global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; 151 152 // Check username 153 if (!empty($username)) 154 { 155 $username = phpbb_clean_username($username); 156 157 if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username'])) 158 { 159 include ("includes/functions_validate.php"); 160 161 $result = validate_username($username); 162 if ($result['error']) 163 { 164 $error_msg .= (!empty($error_msg)) ? '<br />' . $result['error_msg'] : $result['error_msg']; 165 } 166 } 167 else 168 { 169 $username = ''; 170 } 171 } 172 173 // Check subject 174 /*****[BEGIN]****************************************** 175 [ Mod: Limit smilies per post v1.0.2 ] 176 ******************************************************/ 177 if (substr_count(smilies_pass($message), '<img src="'. $board_config['smilies_path']) > $board_config['max_smilies'] ) 178 { 179 $to_much_smilies = substr_count(smilies_pass($message), '<img src="'. $board_config['smilies_path']) - $board_config['max_smilies']; 180 $to_many_smilies = sprintf($lang['Max_smilies_per_post'], $board_config['max_smilies'], $to_much_smilies); 181 $error_msg .= ( !empty($error_msg) ) ? '<br />' . $to_many_smilies : $to_many_smilies; 182 } 183 /*****[END]******************************************** 184 [ Mod: Limit smilies per post v1.0.2 ] 185 ******************************************************/ 186 if (!empty($subject)) 187 { 188 $subject = htmlspecialchars(trim($subject)); 189 } 190 else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) 191 { 192 $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject']; 193 } 194 195 // Check message 196 if (!empty($message)) 197 { 198 $bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : ''; 199 $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); 200 } 201 else if ($mode != 'delete' && $mode != 'poll_delete') 202 { 203 $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message']; 204 } 205 206 // 207 // Handle poll stuff 208 // 209 if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) 210 { 211 $poll_length = (isset($poll_length)) ? max(0, intval($poll_length)) : 0; 212 213 if (!empty($poll_title)) 214 { 215 $poll_title = htmlspecialchars(trim($poll_title)); 216 } 217 218 if(!empty($poll_options)) 219 { 220 $temp_option_text = array(); 221 while(list($option_id, $option_text) = @each($poll_options)) 222 { 223 $option_text = trim($option_text); 224 if (!empty($option_text)) 225 { 226 $temp_option_text[intval($option_id)] = htmlspecialchars($option_text); 227 } 228 } 229 $option_text = $temp_option_text; 230 231 if (count($poll_options) < 2) 232 { 233 $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; 234 } 235 else if (count($poll_options) > $board_config['max_poll_options']) 236 { 237 $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; 238 } 239 else if ($poll_title == '') 240 { 241 $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; 242 } 243 } 244 } 245 246 return; 247 } 248 249 // 250 // Post a new topic/reply/poll or edit existing post/poll 251 // 252 /*****[BEGIN]****************************************** 253 [ Mod: Must first vote to see results v1.0.0 ] 254 ******************************************************/ 255 function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, &$poll_options, &$poll_length, &$poll_view_toggle) 256 /*****[END]******************************************** 257 [ Mod: Must first vote to see results v1.0.0 ] 258 ******************************************************/ 259 { 260 /*****[BEGIN]****************************************** 261 [ Base: Caching System v3.0.0 ] 262 ******************************************************/ 263 global $cache; 264 $cache->delete('TopicData', 'home'); 265 $cache->delete('AnnounceData', 'home'); 266 /*****[END]******************************************** 267 [ Base: Caching System v3.0.0 ] 268 ******************************************************/ 269 global $board_config, $lang, $db, $phpbb_root_path, $phpEx, $userdata, $user_ip; 270 271 /*--FNA--*/ 272 273 include ("includes/functions_search.php"); 274 275 $current_time = time(); 276 277 /*****[BEGIN]****************************************** 278 [ Mod: No Flood Control For Mods And Admins v1.0.0 ] 279 ******************************************************/ 280 // 281 // Retreive authentication info to determine if this user has moderator status 282 // 283 $is_auth = auth(AUTH_ALL, $forum_id, $userdata); 284 $is_mod = $is_auth['auth_mod']; 285 286 if (($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') && !$is_mod) 287 /*****[END]******************************************** 288 [ Mod: No Flood Control For Mods And Admins v1.0.0 ] 289 ******************************************************/ 290 { 291 // 292 // Flood control 293 // 294 $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; 295 $sql = "SELECT MAX(post_time) AS last_post_time 296 FROM " . POSTS_TABLE . " 297 WHERE $where_sql"; 298 if ($result = $db->sql_query($sql)) 299 { 300 if ($row = $db->sql_fetchrow($result)) 301 { 302 if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval'])) 303 { 304 message_die(GENERAL_MESSAGE, $lang['Flood_Error']); 305 } 306 } 307 } 308 } 309 310 if ($mode == 'editpost') 311 { 312 remove_search_post($post_id); 313 } 314 315 if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) 316 { 317 $topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0; 318 319 $sql = ($mode != "editpost") ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", '$current_time', '$forum_id', " . TOPIC_UNLOCKED . ", '$topic_type', '$topic_vote')" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type " . (($post_data['edit_vote'] || !empty($poll_title)) ? ", topic_vote = " . $topic_vote : "") . " WHERE topic_id = '$topic_id'"; 320 if (!$db->sql_query($sql)) 321 { 322 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 323 } 324 325 if ($mode == 'newtopic') 326 { 327 $topic_id = $db->sql_nextid(); 328 } 329 } 330 331 /*****[BEGIN]****************************************** 332 [ Mod: Log Moderator Actions v1.1.6 ] 333 ******************************************************/ 334 if ($mode == 'newtopic') 335 if ( $topic_type == POST_GLOBAL_ANNOUNCE ) 336 log_action('Global Announcement', '', $topic_id, $userdata['user_id'], '', ''); 337 if ( $topic_type == POST_ANNOUNCE ) 338 log_action('Announcement', '', $topic_id, $userdata['user_id'], '', ''); 339 else if ( $topic_type == POST_STICKY ) 340 log_action('Sticky', '', $topic_id, $userdata['user_id'], '', ''); 341 /*****[END]******************************************** 342 [ Mod: Log Moderator Actions v1.1.6 ] 343 ******************************************************/ 344 345 $edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; 346 $sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ('$topic_id', '$forum_id', " . $userdata['user_id'] . ", '$post_username', '$current_time', '$user_ip', '$bbcode_on', '$html_on', '$smilies_on', '$attach_sig')" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = '$bbcode_on', enable_html = '$html_on', enable_smilies = '$smilies_on', enable_sig = '$attach_sig'" . $edited_sql . " WHERE post_id = '$post_id'"; 347 if (!$db->sql_query($sql)) 348 { 349 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 350 } 351 352 if ($mode != 'editpost') 353 { 354 $post_id = $db->sql_nextid(); 355 } 356 357 $sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ('$post_id', '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = '$post_id'"; 358 if (!$db->sql_query($sql)) 359 { 360 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 361 } 362 363 add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject)); 364 365 // 366 // Add poll 367 // 368 if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2) 369 { 370 /*****[BEGIN]****************************************** 371 [ Mod: Must first vote to see results v1.0.0 ] 372 ******************************************************/ 373 $sql = (!$post_data['has_poll']) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length, poll_view_toggle) VALUES ('$topic_id', '$poll_title', '$current_time', " . ($poll_length * 86400) . ", '$poll_view_toggle')" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ($poll_length * 86400) . ", poll_view_toggle = '$poll_view_toggle' WHERE topic_id = '$topic_id'"; 374 /*****[END]******************************************** 375 [ Mod: Must first vote to see results v1.0.0 ] 376 ******************************************************/ 377 if (!$db->sql_query($sql)) 378 { 379 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 380 } 381 382 $delete_option_sql = ''; 383 $old_poll_result = array(); 384 if ($mode == 'editpost' && $post_data['has_poll']) 385 { 386 $sql = "SELECT vote_option_id, vote_result 387 FROM " . VOTE_RESULTS_TABLE . " 388 WHERE vote_id = '$poll_id' 389 ORDER BY vote_option_id ASC"; 390 if (!($result = $db->sql_query($sql))) 391 { 392 message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); 393 } 394 395 while ($row = $db->sql_fetchrow($result)) 396 { 397 $old_poll_result[$row['vote_option_id']] = $row['vote_result']; 398 399 if (!isset($poll_options[$row['vote_option_id']])) 400 { 401 $delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; 402 } 403 } 404 } 405 else 406 { 407 $poll_id = $db->sql_nextid(); 408 } 409 410 @reset($poll_options); 411 412 $poll_option_id = 1; 413 while (list($option_id, $option_text) = each($poll_options)) 414 { 415 if (!empty($option_text)) 416 { 417 $option_text = str_replace("\'", "''", htmlspecialchars($option_text)); 418 $poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0; 419 420 $sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ('$poll_id', '$poll_option_id', '$option_text', '$poll_result')" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = '$poll_result' WHERE vote_option_id = '$option_id' AND vote_id = '$poll_id'"; 421 if (!$db->sql_query($sql)) 422 { 423 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 424 } 425 $poll_option_id++; 426 } 427 } 428 429 if ($delete_option_sql != '') 430 { 431 $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " 432 WHERE vote_option_id IN ($delete_option_sql) 433 AND vote_id = '$poll_id'"; 434 if (!$db->sql_query($sql)) 435 { 436 message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql); 437 } 438 } 439 } 440 441 $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">'; 442 $message = $lang['Stored'] . '<br /><br />' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.