1<?php 2/** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11define("IN_MYBB", 1); 12define('THIS_SCRIPT', 'editpost.php'); 13 14$templatelist = "editpost,previewpost,changeuserbox,codebuttons,post_attachments_attachment_postinsert,post_attachments_attachment_mod_unapprove,postbit_attachments_thumbnails,postbit_profilefield_multiselect_value"; 15$templatelist .= ",editpost_delete,forumdisplay_password_wrongpass,forumdisplay_password,editpost_reason,post_attachments_attachment_remove,post_attachments_update,post_subscription_method,postbit_profilefield_multiselect"; 16$templatelist .= ",postbit_avatar,postbit_find,postbit_pm,postbit_rep_button,postbit_www,postbit_email,postbit_reputation,postbit_warn,postbit_warninglevel,postbit_author_user,posticons"; 17$templatelist .= ",postbit_signature,postbit_classic,postbit,postbit_attachments_thumbnails_thumbnail,postbit_attachments_images_image,postbit_attachments_attachment,postbit_attachments_attachment_unapproved"; 18$templatelist .= ",posticons_icon,post_prefixselect_prefix,post_prefixselect_single,newthread_postpoll,editpost_disablesmilies,post_attachments_attachment_mod_approve,post_attachments_attachment_unapproved"; 19$templatelist .= ",postbit_warninglevel_formatted,postbit_reputation_formatted_link,editpost_signature,attachment_icon,post_attachments_attachment,post_attachments_add,post_attachments,editpost_postoptions,post_attachments_viewlink"; 20$templatelist .= ",postbit_attachments_images,global_moderation_notice,post_attachments_new,postbit_attachments,postbit_online,postbit_away,postbit_offline,postbit_gotopost,postbit_userstar,postbit_icon"; 21 22require_once "./global.php"; 23require_once MYBB_ROOT."inc/functions_post.php"; 24require_once MYBB_ROOT."inc/functions_upload.php"; 25require_once MYBB_ROOT."inc/class_parser.php"; 26$parser = new postParser; 27 28// Load global language phrases 29$lang->load("editpost"); 30 31$plugins->run_hooks("editpost_start"); 32 33// No permission for guests 34if(!$mybb->user['uid']) 35{ 36 error_no_permission(); 37} 38 39// Get post info 40$pid = $mybb->get_input('pid', MyBB::INPUT_INT); 41 42// if we already have the post information... 43if(isset($style) && $style['pid'] == $pid && $style['type'] != 'f') 44{ 45 $post = &$style; 46} 47else 48{ 49 $post = get_post($pid); 50} 51 52if(!$post || ($post['visible'] == -1 && $mybb->input['action'] != "restorepost")) 53{ 54 error($lang->error_invalidpost); 55} 56 57// Get thread info 58$tid = $post['tid']; 59$thread = get_thread($tid); 60 61if(!$thread) 62{ 63 error($lang->error_invalidthread); 64} 65 66$thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); 67 68// Get forum info 69$fid = $post['fid']; 70$forum = get_forum($fid); 71 72if($thread['visible'] == 0 && !is_moderator($fid, "canviewunapprove") || $thread['visible'] == -1 && !is_moderator($fid, "canviewdeleted") || ($thread['visible'] < -1 && $thread['uid'] != $mybb->user['uid'])) 73{ 74 if($thread['visible'] == 0 && !($mybb->settings['showownunapproved'] && $thread['uid'] == $mybb->user['uid'])) 75 { 76 error($lang->error_invalidthread); 77 } 78} 79if(!$forum || $forum['type'] != "f") 80{ 81 error($lang->error_closedinvalidforum); 82} 83if(($forum['open'] == 0 && !is_moderator($fid, "caneditposts")) || $mybb->user['suspendposting'] == 1) 84{ 85 error_no_permission(); 86} 87 88// Add prefix to breadcrumb 89$breadcrumbprefix = ''; 90if($thread['prefix']) 91{ 92 $threadprefixes = build_prefixes(); 93 if(!empty($threadprefixes[$thread['prefix']])) 94 { 95 $breadcrumbprefix = $threadprefixes[$thread['prefix']]['displaystyle'].' '; 96 } 97} 98 99// Make navigation 100build_forum_breadcrumb($fid); 101add_breadcrumb($breadcrumbprefix.$thread['subject'], get_thread_link($thread['tid'])); 102add_breadcrumb($lang->nav_editpost); 103 104$forumpermissions = forum_permissions($fid); 105 106if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 107{ 108 $codebuttons = build_mycode_inserter("message", $mybb->settings['smilieinserter']); 109} 110if($mybb->settings['smilieinserter'] != 0) 111{ 112 $smilieinserter = build_clickable_smilies(); 113} 114 115$mybb->input['action'] = $mybb->get_input('action'); 116if(!$mybb->input['action'] || isset($mybb->input['previewpost'])) 117{ 118 $mybb->input['action'] = "editpost"; 119} 120 121if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post") 122{ 123 if(!is_moderator($fid, "candeleteposts") && !is_moderator($fid, "cansoftdeleteposts") && $pid != $thread['firstpost'] || !is_moderator($fid, "candeletethreads") && !is_moderator($fid, "cansoftdeletethreads") && $pid == $thread['firstpost']) 124 { 125 if($thread['closed'] == 1) 126 { 127 error($lang->redirect_threadclosed); 128 } 129 if($forumpermissions['candeleteposts'] == 0 && $pid != $thread['firstpost'] || $forumpermissions['candeletethreads'] == 0 && $pid == $thread['firstpost']) 130 { 131 error_no_permission(); 132 } 133 if($mybb->user['uid'] != $post['uid']) 134 { 135 error_no_permission(); 136 } 137 // User can't delete unapproved post unless allowed for own 138 if($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid'])) 139 { 140 error_no_permission(); 141 } 142 } 143 if($post['visible'] == -1 && $mybb->settings['soft_delete'] == 1) 144 { 145 error($lang->error_already_deleted); 146 } 147} 148elseif($mybb->input['action'] == "restorepost" && $mybb->request_method == "post") 149{ 150 if(!is_moderator($fid, "canrestoreposts") && $pid != $thread['firstpost'] || !is_moderator($fid, "canrestorethreads") && $pid == $thread['firstpost'] || $post['visible'] != -1) 151 { 152 error_no_permission(); 153 } 154} 155else 156{ 157 if(!is_moderator($fid, "caneditposts")) 158 { 159 if($thread['closed'] == 1) 160 { 161 error($lang->redirect_threadclosed); 162 } 163 if($forumpermissions['caneditposts'] == 0) 164 { 165 error_no_permission(); 166 } 167 if($mybb->user['uid'] != $post['uid']) 168 { 169 error_no_permission(); 170 } 171 // Edit time limit 172 $time = TIME_NOW; 173 if($mybb->usergroup['edittimelimit'] != 0 && $post['dateline'] < ($time-($mybb->usergroup['edittimelimit']*60))) 174 { 175 $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->usergroup['edittimelimit']); 176 error($lang->edit_time_limit); 177 } 178 // User can't edit unapproved post 179 if(($post['visible'] == 0 && !($mybb->settings['showownunapproved'] && $post['uid'] == $mybb->user['uid'])) || $post['visible'] == -1) 180 { 181 error_no_permission(); 182 } 183 } 184} 185 186// Check if this forum is password protected and we have a valid password 187check_forum_password($forum['fid']); 188 189if((empty($_POST) && empty($_FILES)) && $mybb->get_input('processed', MyBB::INPUT_INT) == '1') 190{ 191 error($lang->error_empty_post_input); 192} 193 194$attacherror = ''; 195if($mybb->settings['enableattachments'] == 1 && ($mybb->get_input('newattachment') || $mybb->get_input('updateattachment') || ((($mybb->input['action'] == "do_editpost" && isset($mybb->input['submitbutton'])) || ($mybb->input['action'] == "editpost" && isset($mybb->input['previewpost']))) && $_FILES['attachments']))) 196{ 197 // Verify incoming POST request 198 verify_post_check($mybb->get_input('my_post_key')); 199 200 if($pid) 201 { 202 $attachwhere = "pid='{$pid}'"; 203 } 204 else 205 { 206 $attachwhere = "posthash='".$db->escape_string($mybb->get_input('posthash'))."'"; 207 } 208 209 $ret = add_attachments($pid, $forumpermissions, $attachwhere, "editpost"); 210 211 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 212 { 213 if(isset($ret['success'])) 214 { 215 $attachment = array('aid'=>'{1}', 'icon'=>'{2}', 'filename'=>'{3}', 'size'=>'{4}'); 216 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 217 { 218 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 219 } 220 // Moderating options 221 $attach_mod_options = ''; 222 if(is_moderator($fid)) 223 { 224 eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_unapprove")."\";"); 225 } 226 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 227 eval("\$attemplate = \"".$templates->get("post_attachments_attachment")."\";"); 228 $ret['template'] = $attemplate; 229 230 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 231 $usage = $db->fetch_array($query); 232 $ret['usage'] = get_friendly_size($usage['ausage']); 233 } 234 235 header("Content-type: application/json; charset={$lang->settings['charset']}"); 236 echo json_encode($ret); 237 exit(); 238 } 239 240 if(!empty($ret['errors'])) 241 { 242 $errors = $ret['errors']; 243 } 244 245 // Do we have attachment errors? 246 if(!empty($errors)) 247 { 248 $attacherror = inline_error($errors); 249 } 250 251 // If we were dealing with an attachment but didn't click 'Update Post', force the post edit page again. 252 if(!isset($mybb->input['submitbutton'])) 253 { 254 $mybb->input['action'] = "editpost"; 255 } 256} 257 258detect_attachmentact(); 259 260if($mybb->settings['enableattachments'] == 1 && $mybb->get_input('attachmentaid', MyBB::INPUT_INT) && isset($mybb->input['attachmentact']) && $mybb->input['action'] == "do_editpost" && $mybb->request_method == "post") // Lets remove/approve/unapprove the attachment 261{ 262 // Verify incoming POST request 263 verify_post_check($mybb->get_input('my_post_key')); 264 265 $mybb->input['attachmentaid'] = $mybb->get_input('attachmentaid', MyBB::INPUT_INT); 266 if($mybb->input['attachmentact'] == "remove") 267 { 268 remove_attachment($pid, "", $mybb->input['attachmentaid']); 269 } 270 elseif($mybb->get_input('attachmentact') == "approve" && is_moderator($fid, 'canapproveunapproveattachs')) 271 { 272 $update_sql = array("visible" => 1); 273 $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'"); 274 update_thread_counters($post['tid'], array('attachmentcount' => "+1")); 275 } 276 elseif($mybb->get_input('attachmentact') == "unapprove" && is_moderator($fid, 'canapproveunapproveattachs')) 277 { 278 $update_sql = array("visible" => 0); 279 $db->update_query("attachments", $update_sql, "aid='{$mybb->input['attachmentaid']}'"); 280 update_thread_counters($post['tid'], array('attachmentcount' => "-1")); 281 } 282 283 if($mybb->get_input('ajax', MyBB::INPUT_INT) == 1) 284 { 285 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 286 $usage = $db->fetch_array($query); 287 288 header("Content-type: application/json; charset={$lang->settings['charset']}"); 289 echo json_encode(array("success" => true, "usage" => get_friendly_size($usage['ausage']))); 290 exit(); 291 } 292 293 if(!isset($mybb->input['submitbutton'])) 294 { 295 $mybb->input['action'] = "editpost"; 296 } 297} 298 299if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post") 300{ 301 // Verify incoming POST request 302 verify_post_check($mybb->get_input('my_post_key')); 303 304 $plugins->run_hooks("editpost_deletepost"); 305 306 if($mybb->get_input('delete', MyBB::INPUT_INT) == 1) 307 { 308 $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline, pid")); 309 $firstcheck = $db->fetch_array($query); 310 if($firstcheck['pid'] == $pid) 311 { 312 $firstpost = 1; 313 } 314 else 315 { 316 $firstpost = 0; 317 } 318 319 $modlogdata['fid'] = $fid; 320 $modlogdata['tid'] = $tid; 321 if($firstpost) 322 { 323 if($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads") || is_moderator($fid, "cansoftdeletethreads")) 324 { 325 require_once MYBB_ROOT."inc/class_moderation.php"; 326 $moderation = new Moderation; 327 328 if($mybb->settings['soft_delete'] == 1 || is_moderator($fid, "cansoftdeletethreads")) 329 { 330 $modlogdata['pid'] = $pid; 331 332 $moderation->soft_delete_threads(array($tid)); 333 log_moderator_action($modlogdata, $lang->thread_soft_deleted); 334 } 335 else 336 { 337 $moderation->delete_thread($tid); 338 mark_reports($tid, "thread"); 339 log_moderator_action($modlogdata, $lang->thread_deleted); 340 } 341 342 if($mybb->input['ajax'] == 1) 343 { 344 header("Content-type: application/json; charset={$lang->settings['charset']}"); 345 if(is_moderator($fid, "canviewdeleted")) 346 { 347 echo json_encode(array("data" => '1', "first" => '1')); 348 } 349 else 350 { 351 echo json_encode(array("data" => '3', "url" => get_forum_link($fid))); 352 } 353 } 354 else 355 { 356 redirect(get_forum_link($fid), $lang->redirect_threaddeleted); 357 } 358 } 359 else 360 { 361 error_no_permission(); 362 } 363 } 364 else 365 { 366 if($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts") || is_moderator($fid, "cansoftdeleteposts")) 367 { 368 // Select the first post before this 369 require_once MYBB_ROOT."inc/class_moderation.php"; 370 $moderation = new Moderation; 371 372 if($mybb->settings['soft_delete'] == 1 || is_moderator($fid, "cansoftdeleteposts")) 373 { 374 $modlogdata['pid'] = $pid; 375 376 $moderation->soft_delete_posts(array($pid)); 377 log_moderator_action($modlogdata, $lang->post_soft_deleted); 378 } 379 else 380 { 381 $moderation->delete_post($pid); 382 mark_reports($pid, "post"); 383 log_moderator_action($modlogdata, $lang->post_deleted); 384 } 385 386 $query = $db->simple_select("posts", "pid", "tid='{$tid}' AND dateline <= '{$post['dateline']}'", array("limit" => 1, "order_by" => "dateline DESC, pid DESC")); 387 $next_post = $db->fetch_array($query); 388 if($next_post['pid']) 389 { 390 $redirect = get_post_link($next_post['pid'], $tid)."#pid{$next_post['pid']}"; 391 } 392 else 393 { 394 $redirect = get_thread_link($tid); 395 } 396 397 if($mybb->input['ajax'] == 1) 398 { 399 header("Content-type: application/json; charset={$lang->settings['charset']}"); 400 if(is_moderator($fid, "canviewdeleted")) 401 { 402 echo json_encode(array("data" => '1', "first" => '0')); 403 } 404 else 405 { 406 echo json_encode(array("data" => '2')); 407 } 408 } 409 else 410 { 411 redirect($redirect, $lang->redirect_postdeleted); 412 } 413 } 414 else 415 { 416 error_no_permission(); 417 } 418 } 419 } 420 else 421 { 422 error($lang->redirect_nodelete); 423 } 424} 425 426if($mybb->input['action'] == "restorepost" && $mybb->request_method == "post") 427{ 428 // Verify incoming POST request 429 verify_post_check($mybb->get_input('my_post_key')); 430 431 $plugins->run_hooks("editpost_restorepost"); 432 433 if($mybb->get_input('restore', MyBB::INPUT_INT) == 1) 434 { 435 $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline, pid")); 436 $firstcheck = $db->fetch_array($query); 437 if($firstcheck['pid'] == $pid) 438 { 439 $firstpost = 1; 440 } 441 else 442 { 443 $firstpost = 0; 444 } 445 446 $modlogdata['fid'] = $fid; 447 $modlogdata['tid'] = $tid; 448 $modlogdata['pid'] = $pid; 449 if($firstpost) 450 { 451 if(is_moderator($fid, "canrestorethreads")) 452 { 453 require_once MYBB_ROOT."inc/class_moderation.php"; 454 $moderation = new Moderation; 455 $moderation->restore_threads(array($tid)); 456 log_moderator_action($modlogdata, $lang->thread_restored); 457 if($mybb->input['ajax'] == 1) 458 { 459 header("Content-type: application/json; charset={$lang->settings['charset']}"); 460 echo json_encode(array("data" => '1', "first" => '1')); 461 } 462 else 463 { 464 redirect(get_forum_link($fid), $lang->redirect_threadrestored); 465 } 466 } 467 else 468 { 469 error_no_permission(); 470 } 471 } 472 else 473 { 474 if(is_moderator($fid, "canrestoreposts")) 475 { 476 // Select the first post before this 477 require_once MYBB_ROOT."inc/class_moderation.php"; 478 $moderation = new Moderation; 479 $moderation->restore_posts(array($pid)); 480 log_moderator_action($modlogdata, $lang->post_restored); 481 $redirect = get_post_link($pid, $tid)."#pid{$pid}"; 482 483 if($mybb->input['ajax'] == 1) 484 { 485 header("Content-type: application/json; charset={$lang->settings['charset']}"); 486 echo json_encode(array("data" => '1', "first" => '0')); 487 } 488 else 489 { 490 redirect($redirect, $lang->redirect_postrestored); 491 } 492 } 493 else 494 { 495 error_no_permission(); 496 } 497 } 498 } 499 else 500 { 501 error($lang->redirect_norestore); 502 } 503} 504 505$postoptions = array(); 506 507if($mybb->input['action'] == "do_editpost" && $mybb->request_method == "post") 508{ 509 // Verify incoming POST request 510 verify_post_check($mybb->get_input('my_post_key')); 511 512 $plugins->run_hooks("editpost_do_editpost_start"); 513 514 // Set up posthandler. 515 require_once MYBB_ROOT."inc/datahandlers/post.php"; 516 $posthandler = new PostDataHandler("update"); 517 $posthandler->action = "post"; 518 519 // Set the post data that came from the input to the $post array. 520 $post = array( 521 "pid" => $mybb->input['pid'], 522 "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT), 523 "subject" => $mybb->get_input('subject'), 524 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 525 "uid" => $post['uid'], 526 "username" => $post['username'], 527 "edit_uid" => $mybb->user['uid'], 528 "message" => $mybb->get_input('message'), 529 "editreason" => $mybb->get_input('editreason'), 530 ); 531 532 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 533 if(!isset($postoptions['signature'])) 534 { 535 $postoptions['signature'] = 0; 536 } 537 if(!isset($postoptions['subscriptionmethod'])) 538 { 539 $postoptions['subscriptionmethod'] = 0; 540 } 541 if(!isset($postoptions['disablesmilies'])) 542 { 543 $postoptions['disablesmilies'] = 0; 544 } 545 546 // Set up the post options from the input. 547 $post['options'] = array( 548 "signature" => $postoptions['signature'], 549 "subscriptionmethod" => $postoptions['subscriptionmethod'], 550 "disablesmilies" => $postoptions['disablesmilies'] 551 ); 552 553 $posthandler->set_data($post); 554 555 // Now let the post handler do all the hard work. 556 if(!$posthandler->validate_post()) 557 { 558 $post_errors = $posthandler->get_friendly_errors(); 559 $post_errors = inline_error($post_errors); 560 $mybb->input['action'] = "editpost"; 561 } 562 // No errors were found, we can call the update method. 563 else 564 { 565 $postinfo = $posthandler->update_post(); 566 $visible = $postinfo['visible']; 567 $first_post = $postinfo['first_post']; 568 569 // Help keep our attachments table clean. 570 $db->delete_query("attachments", "filename='' OR filesize<1"); 571 572 // Did the user choose to post a poll? Redirect them to the poll posting page. 573 if($mybb->get_input('postpoll', MyBB::INPUT_INT) && $forumpermissions['canpostpolls']) 574 { 575 $url = "polls.php?action=newpoll&tid=$tid&polloptions=".$mybb->get_input('numpolloptions', MyBB::INPUT_INT); 576 $lang->redirect_postedited = $lang->redirect_postedited_poll; 577 } 578 else if($visible == 0 && $first_post && !is_moderator($fid, "canviewunapprove", $mybb->user['uid'])) 579 { 580 // Moderated post 581 $lang->redirect_postedited .= $lang->redirect_thread_moderation; 582 $url = get_forum_link($fid); 583 } 584 else if($visible == 0 && !is_moderator($fid, "canviewunapprove", $mybb->user['uid'])) 585 { 586 $lang->redirect_postedited .= $lang->redirect_post_moderation; 587 $url = get_thread_link($tid); 588 } 589 // Otherwise, send them back to their post 590 else 591 { 592 $lang->redirect_postedited .= $lang->redirect_postedited_redirect; 593 $url = get_post_link($pid, $tid)."#pid{$pid}"; 594 } 595 $plugins->run_hooks("editpost_do_editpost_end"); 596 597 redirect($url, $lang->redirect_postedited); 598 } 599} 600 601if(!$mybb->input['action'] || $mybb->input['action'] == "editpost") 602{ 603 $plugins->run_hooks("editpost_action_start"); 604 605 if(!isset($mybb->input['previewpost'])) 606 { 607 $icon = $post['icon']; 608 } 609 610 if($forum['allowpicons'] != 0) 611 { 612 $posticons = get_post_icons(); 613 } 614 615 $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']); 616 eval("\$loginbox = \"".$templates->get("changeuserbox")."\";"); 617 618 $deletebox = ''; 619 if($post['visible'] != -1 && (($thread['firstpost'] == $pid && (is_moderator($fid, "candeletethreads") || $forumpermissions['candeletethreads'] == 1 && $mybb->user['uid'] == $post['uid'])) || ($thread['firstpost'] != $pid && (is_moderator($fid, "candeleteposts") || $forumpermissions['candeleteposts'] == 1 && $mybb->user['uid'] == $post['uid'])))) 620 { 621 eval("\$deletebox = \"".$templates->get("editpost_delete")."\";"); 622 } 623 624 $bgcolor = "trow1"; 625 if($mybb->settings['enableattachments'] != 0 && $forumpermissions['canpostattachments'] != 0) 626 { // Get a listing of the current attachments, if there are any 627 $attachcount = 0; 628 $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); 629 $attachments = ''; 630 while($attachment = $db->fetch_array($query)) 631 { 632 $attachment['size'] = get_friendly_size($attachment['filesize']); 633 $attachment['icon'] = get_attachment_icon(get_extension($attachment['filename'])); 634 $attachment['filename'] = htmlspecialchars_uni($attachment['filename']); 635 636 if($mybb->settings['bbcodeinserter'] != 0 && $forum['allowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0) 637 { 638 eval("\$postinsert = \"".$templates->get("post_attachments_attachment_postinsert")."\";"); 639 } 640 // Moderating options 641 $attach_mod_options = ''; 642 if(is_moderator($fid)) 643 { 644 if($attachment['visible'] == 1) 645 { 646 eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_unapprove")."\";"); 647 } 648 else 649 { 650 eval("\$attach_mod_options = \"".$templates->get("post_attachments_attachment_mod_approve")."\";"); 651 } 652 } 653 654 // Remove Attachment 655 eval("\$attach_rem_options = \"".$templates->get("post_attachments_attachment_remove")."\";"); 656 657 if($attachment['visible'] != 1) 658 { 659 eval("\$attachments .= \"".$templates->get("post_attachments_attachment_unapproved")."\";"); 660 } 661 else 662 { 663 eval("\$attachments .= \"".$templates->get("post_attachments_attachment")."\";"); 664 } 665 $attachcount++; 666 } 667 $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='".$mybb->user['uid']."'"); 668 $usage = $db->fetch_array($query); 669 if($usage['ausage'] > ($mybb->usergroup['attachquota']*1024) && $mybb->usergroup['attachquota'] != 0) 670 { 671 $noshowattach = 1; 672 } 673 else 674 { 675 $noshowattach = 0; 676 } 677 if($mybb->usergroup['attachquota'] == 0) 678 { 679 $friendlyquota = $lang->unlimited; 680 } 681 else 682 { 683 $friendlyquota = get_friendly_size($mybb->usergroup['attachquota']*1024); 684 } 685 686 $lang->attach_quota = $lang->sprintf($lang->attach_quota, $friendlyquota); 687 688 $link_viewattachments = ''; 689 690 if($usage['ausage'] !== NULL) 691 { 692 $friendlyusage = get_friendly_size($usage['ausage']); 693 $lang->attach_usage = $lang->sprintf($lang->attach_usage, $friendlyusage); 694 eval("\$link_viewattachments = \"".$templates->get("post_attachments_viewlink")."\";"); 695 } 696 else 697 { 698 $lang->attach_usage = ""; 699 } 700 701 $attach_update_options = ''; 702 703 if($mybb->settings['maxattachments'] == 0 || ($mybb->settings['maxattachments'] != 0 && $attachcount < $mybb->settings['maxattachments']) && !$noshowattach) 704 { 705 eval("\$attach_add_options = \"".$templates->get("post_attachments_add")."\";"); 706 } 707 708 if(($mybb->usergroup['caneditattachments'] || $forumpermissions['caneditattachments']) && $attachcount > 0) 709 { 710 eval("\$attach_update_options = \"".$templates->get("post_attachments_update")."\";"); 711 } 712 713 if($attach_add_options || $attach_update_options) 714 { 715 eval("\$newattach = \"".$templates->get("post_attachments_new")."\";"); 716 } 717 eval("\$attachbox = \"".$templates->get("post_attachments")."\";"); 718 } 719 else 720 { 721 $attachbox = ''; 722 } 723 if(!$mybb->get_input('attachmentaid', MyBB::INPUT_INT) && !$mybb->get_input('newattachment') && !$mybb->get_input('updateattachment') && !isset($mybb->input['previewpost'])) 724 { 725 $message = $post['message']; 726 $subject = $post['subject']; 727 $reason = htmlspecialchars_uni($post['editreason']); 728 } 729 else 730 { 731 $message = $mybb->get_input('message'); 732 $subject = $mybb->get_input('subject'); 733 $reason = htmlspecialchars_uni($mybb->get_input('editreason')); 734 } 735 736 $previewmessage = $message; 737 $previewsubject = $subject; 738 $message = htmlspecialchars_uni($message); 739 $subject = htmlspecialchars_uni($subject); 740 741 if(!isset($post_errors)) 742 { 743 $post_errors = ''; 744 } 745 746 $subscribe = $nonesubscribe = $emailsubscribe = $pmsubscribe = ''; 747 $postoptionschecked = array('signature' => '', 'disablesmilies' => ''); 748 749 if(!empty($mybb->input['previewpost']) || $post_errors) 750 { 751 // Set up posthandler. 752 require_once MYBB_ROOT."inc/datahandlers/post.php"; 753 $posthandler = new PostDataHandler("update"); 754 $posthandler->action = "post"; 755 756 // Set the post data that came from the input to the $post array. 757 $post = array( 758 "pid" => $mybb->input['pid'], 759 "prefix" => $mybb->get_input('threadprefix', MyBB::INPUT_INT), 760 "subject" => $mybb->get_input('subject'), 761 "icon" => $mybb->get_input('icon', MyBB::INPUT_INT), 762 "uid" => $post['uid'], 763 "username" => $post['username'], 764 "edit_uid" => $mybb->user['uid'], 765 "message" => $mybb->get_input('message'), 766 ); 767 768 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 769 if(!isset($postoptions['signature'])) 770 { 771 $postoptions['signature'] = 0; 772 } 773 if(!isset($postoptions['emailnotify'])) 774 { 775 $postoptions['emailnotify'] = 0; 776 } 777 if(!isset($postoptions['disablesmilies'])) 778 { 779 $postoptions['disablesmilies'] = 0; 780 } 781 782 // Set up the post options from the input. 783 $post['options'] = array( 784 "signature" => $postoptions['signature'], 785 "emailnotify" => $postoptions['emailnotify'], 786 "disablesmilies" => $postoptions['disablesmilies'] 787 ); 788 789 $posthandler->set_data($post); 790 791 // Now let the post handler do all the hard work. 792 if(!$posthandler->validate_post()) 793 { 794 $post_errors = $posthandler->get_friendly_errors(); 795 $post_errors = inline_error($post_errors); 796 $mybb->input['action'] = "editpost"; 797 $mybb->input['previewpost'] = 0; 798 } 799 else 800 { 801 802 $postoptions = $mybb->get_input('postoptions', MyBB::INPUT_ARRAY); 803 804 if(isset($postoptions['signature']) && $postoptions['signature'] == 1) 805 { 806 $postoptionschecked['signature'] = " checked=\"checked\""; 807 } 808 809 if(isset($postoptions['disablesmilies']) && $postoptions['disablesmilies'] == 1) 810 { 811 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 812 } 813 814 $subscription_method = get_subscription_method($tid, $postoptions); 815 ${$subscription_method.'subscribe'} = "checked=\"checked\" "; 816 } 817 } 818 819 if(!empty($mybb->input['previewpost'])) 820 { 821 if(!$post['uid']) 822 { 823 $query = $db->simple_select('posts', 'username, dateline', "pid='{$pid}'"); 824 $postinfo = $db->fetch_array($query); 825 } 826 else 827 { 828 // Figure out the poster's other information. 829 $query = $db->query(" 830 SELECT u.*, f.*, p.dateline 831 FROM ".TABLE_PREFIX."users u 832 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 833 LEFT JOIN ".TABLE_PREFIX."posts p ON (p.uid=u.uid) 834 WHERE u.uid='{$post['uid']}' AND p.pid='{$pid}' 835 LIMIT 1 836 "); 837 $postinfo = $db->fetch_array($query); 838 $postinfo['userusername'] = $postinfo['username']; 839 } 840 841 $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); 842 while($attachment = $db->fetch_array($query)) 843 { 844 $attachcache[0][$attachment['aid']] = $attachment; 845 } 846 847 if(!isset($postoptions['disablesmilies'])) 848 { 849 $postoptions['disablesmilies'] = 0; 850 } 851 852 // Set the values of the post info array. 853 $postinfo['message'] = $previewmessage; 854 $postinfo['subject'] = $previewsubject; 855 $postinfo['icon'] = $icon; 856 $postinfo['smilieoff'] = $postoptions['disablesmilies']; 857 858 $postbit = build_postbit($postinfo, 1); 859 eval("\$preview = \"".$templates->get("previewpost")."\";"); 860 } 861 else if(!$post_errors) 862 { 863 $preview = ''; 864 865 if($post['includesig'] != 0) 866 { 867 $postoptionschecked['signature'] = " checked=\"checked\""; 868 } 869 870 if($post['smilieoff'] == 1) 871 { 872 $postoptionschecked['disablesmilies'] = " checked=\"checked\""; 873 } 874 875 $subscription_method = get_subscription_method($tid, $postoptions); 876 ${$subscription_method.'subscribe'} = "checked=\"checked\" "; 877 } 878 879 // Generate thread prefix selector if this is the first post of the thread 880 if($thread['firstpost'] == $pid) 881 { 882 if(!$mybb->get_input('threadprefix', MyBB::INPUT_INT)) 883 { 884 $mybb->input['threadprefix'] = $thread['prefix']; 885 } 886 887 $prefixselect = build_prefix_select($forum['fid'], $mybb->get_input('threadprefix', MyBB::INPUT_INT), 0, $thread['prefix']); 888 } 889 else 890 { 891 $prefixselect = ""; 892 } 893 894 $editreason = ''; 895 if($mybb->settings['alloweditreason'] == 1) 896 { 897 eval("\$editreason = \"".$templates->get("editpost_reason")."\";"); 898 $bgcolor = "trow2"; 899 $bgcolor2 = "trow1"; 900 } 901 else 902 { 903 $bgcolor = "trow1"; 904 $bgcolor2 = "trow2"; 905 } 906 907 // Fetch subscription select box 908 eval("\$subscriptionmethod = \"".$templates->get("post_subscription_method")."\";"); 909 910 $query = $db->simple_select("posts", "*", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline, pid")); 911 $firstcheck = $db->fetch_array($query); 912 913 $time = TIME_NOW; 914 if($firstcheck['pid'] == $pid && $forumpermissions['canpostpolls'] != 0 && $thread['poll'] < 1 && (is_moderator($fid, "canmanagepolls") || $thread['dateline'] > ($time-($mybb->settings['polltimelimit']*60*60)) || $mybb->settings['polltimelimit'] == 0)) 915 { 916 $lang->max_options = $lang->sprintf($lang->max_options, $mybb->settings['maxpolloptions']); 917 $numpolloptions = $mybb->get_input('numpolloptions', MyBB::INPUT_INT); 918 $postpollchecked = ''; 919 920 if($numpolloptions < 1) 921 { 922 $numpolloptions = 2; 923 } 924 925 if($mybb->get_input('postpoll', MyBB::INPUT_INT) == 1) 926 { 927 $postpollchecked = 'checked="checked"'; 928 } 929 930 eval("\$pollbox = \"".$templates->get("newthread_postpoll")."\";"); 931 } 932 else 933 { 934 $pollbox = ''; 935 } 936 937 // Hide signature option if no permission 938 $signature = ''; 939 if($mybb->usergroup['canusesig'] == 1 && !$mybb->user['suspendsignature']) 940 { 941 eval("\$signature = \"".$templates->get('editpost_signature')."\";"); 942 } 943 944 // Can we disable smilies or are they disabled already? 945 $disablesmilies = ''; 946 if($forum['allowsmilies'] != 0) 947 { 948 eval("\$disablesmilies = \"".$templates->get("editpost_disablesmilies")."\";"); 949 } 950 951 $postoptions = ''; 952 if(!empty($signature) || !empty($disablesmilies)) 953 { 954 eval("\$postoptions = \"".$templates->get("editpost_postoptions")."\";"); 955 } 956 957 $moderation_notice = ''; 958 if(!is_moderator($forum['fid'], "canapproveunapproveattachs")) 959 { 960 if($forumpermissions['modattachments'] == 1 && $forumpermissions['canpostattachments'] != 0) 961 { 962 $moderation_text = $lang->moderation_forum_attachments; 963 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 964 } 965 } 966 967 if(!is_moderator($forum['fid'], "canapproveunapproveposts")) 968 { 969 if($forumpermissions['mod_edit_posts'] == 1) 970 { 971 $moderation_text = $lang->moderation_forum_edits; 972 eval('$moderation_notice = "'.$templates->get('global_moderation_notice').'";'); 973 } 974 } 975 976 $php_max_upload_size = get_php_upload_limit(); 977 $php_max_file_uploads = (int)ini_get('max_file_uploads'); 978 eval("\$post_javascript = \"".$templates->get("post_javascript")."\";"); 979 980 $plugins->run_hooks("editpost_end"); 981 982 $forum['name'] = strip_tags($forum['name']); 983 984 eval("\$editpost = \"".$templates->get("editpost")."\";"); 985 output_page($editpost); 986} 987