decir/posting.php
changeset 1 6f8b7c6fac02
parent 0 0417a5a0c7be
child 3 88b85b9b9272
equal deleted inserted replaced
0:0417a5a0c7be 1:6f8b7c6fac02
    58     $parms2 = unserialize($parms2);
    58     $parms2 = unserialize($parms2);
    59     $mode = 'already_taken_care_of';
    59     $mode = 'already_taken_care_of';
    60   }
    60   }
    61   else if ( isset($_POST['do']['post']) )
    61   else if ( isset($_POST['do']['post']) )
    62   {
    62   {
       
    63     $errors = Array();
       
    64     
    63     // Decrypt authorization array
    65     // Decrypt authorization array
    64     $parms = $aes->decrypt($_POST['authorization'], $session->private_key, ENC_HEX);
    66     $parms = $aes->decrypt($_POST['authorization'], $session->private_key, ENC_HEX);
       
    67     if ( !$parms )
       
    68       $errors[] = 'Could not decrypt authorization key.';
    65     $parms = unserialize($parms);
    69     $parms = unserialize($parms);
    66     
    70     
    67     // Perform a little input validation
    71     // Perform a little input validation
    68     $errors = Array();
       
    69     if ( empty($_POST['post_text']) )
    72     if ( empty($_POST['post_text']) )
    70       $errors[] = 'Please enter a post.';
    73       $errors[] = 'Please enter a post.';
    71     if ( empty($_POST['subject']) && $parms['mode'] == 'topic' )
    74     if ( empty($_POST['subject']) && $parms['mode'] == 'topic' )
    72       $errors[] = 'Please enter a topic title.';
    75       $errors[] = 'Please enter a topic title.';
    73     // It's OK to trust this! The auth key is encrypted with the site's private key.
    76     // It's OK to trust this! The auth key is encrypted with the site's private key.
    74     if ( !$parms['authorized'] )
    77     if ( !$parms['authorized'] )
    75       $errors[] = 'Invalid authorization key';
    78       $errors[] = 'Invalid authorization key';
    76     
    79     
    77     if ( sizeof($errors) > 0 )
    80     if ( sizeof($errors) < 1 )
    78     {
    81     {
    79       // Collect other options
    82       // Collect other options
    80       
    83       
    81       // Submit post
    84       // Submit post
    82       decir_submit_post();
    85       if ( $parms['mode'] == 'reply' || $parms['mode'] == 'quote' )
       
    86       {
       
    87         $result = decir_submit_post($parms['topic_in'], $_POST['subject'], $_POST['post_text'], $post_id);
       
    88         if ( $result )
       
    89         {
       
    90           // update forum stats
       
    91           $user = $db->escape($session->username);
       
    92           $q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, last_post_id = $post_id, last_post_topic = {$parms['topic_in']}, last_post_user = $session->user_id WHERE forum_id={$parms['forum_in']};");
       
    93           if ( !$q )
       
    94           {
       
    95             $db->_die('Decir posting.php under Submit post [reply]');
       
    96           }
       
    97           $url = makeUrlNS('Special', 'Forum/Topic/' . $parms['topic_in'], false, true);
       
    98           redirect($url, 'Post submitted', 'Your post has been submitted successfully.', 4);
       
    99         }
       
   100       }
       
   101       else if ( $parms['mode'] == 'topic' )
       
   102       {
       
   103         $result = decir_submit_topic($parms['forum_id'], $_POST['subject'], $_POST['post_text'], $topic_id, $post_id);
       
   104         if ( $result )
       
   105         {
       
   106           // update forum stats
       
   107           $q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, num_topics = num_topics+1, last_post_id = $post_id, last_post_topic = $topic_id, last_post_user = $session->user_id WHERE forum_id={$parms['forum_id']};");
       
   108           if ( !$q )
       
   109           {
       
   110             $db->_die('Decir posting.php under Submit post [topic]');
       
   111           }
       
   112           $url = makeUrlNS('Special', 'Forum/Topic/' . $topic_id, false, true);
       
   113           redirect($url, 'Post submitted', 'Your post has been submitted successfully.', 4);
       
   114         }
       
   115       }
    83       return;
   116       return;
    84     }
   117     }
       
   118     $mode = 'already_taken_care_of';
       
   119     $parms2 = $parms;
       
   120     $parms = htmlspecialchars($_POST['authorization']);
    85   }
   121   }
    86 }
   122 }
    87 
   123 
    88 if ( $mode == 'reply' || $mode == 'quote' )
   124 if ( $mode == 'reply' || $mode == 'quote' )
    89 {
   125 {
    90   if ( $mode == 'reply' )
   126   if ( $mode == 'reply' )
    91   {
   127   {
    92     $message = '';
   128     $message = '';
       
   129     $subject = '';
    93     // Validate topic ID
   130     // Validate topic ID
    94     $topic_id = intval($paths->getParam(2));
   131     $topic_id = intval($paths->getParam(2));
    95     if ( empty($topic_id) )
   132     if ( empty($topic_id) )
    96       die_friendly('Error', '<p>Invalid topic ID</p>');
   133       die_friendly('Error', '<p>Invalid topic ID</p>');
    97     $title = 'Reply to topic';
   134     $title = 'Reply to topic';
   106     $post_id = intval($paths->getParam(2));
   143     $post_id = intval($paths->getParam(2));
   107     if ( empty($post_id) )
   144     if ( empty($post_id) )
   108       die_friendly('Error', '<p>Invalid post ID</p>');
   145       die_friendly('Error', '<p>Invalid post ID</p>');
   109     
   146     
   110     // Get post text and topic ID
   147     // Get post text and topic ID
   111     $q = $db->sql_query('SELECT p.topic_id,t.post_text,t.bbcode_uid,p.poster_name FROM '.table_prefix.'decir_posts AS p
   148     $q = $db->sql_query('SELECT p.topic_id,t.post_text,t.bbcode_uid,p.poster_name,p.post_subject FROM '.table_prefix.'decir_posts AS p
   112                            LEFT JOIN '.table_prefix.'decir_posts_text AS t
   149                            LEFT JOIN '.table_prefix.'decir_posts_text AS t
   113                              ON ( p.post_id = t.post_id )
   150                              ON ( p.post_id = t.post_id )
   114                            WHERE p.post_id=' . $post_id . ';');
   151                            WHERE p.post_id=' . $post_id . ';');
   115     
   152     
   116     if ( !$q )
   153     if ( !$q )
   121     
   158     
   122     $row = $db->fetchrow();
   159     $row = $db->fetchrow();
   123     $db->free_result();
   160     $db->free_result();
   124     
   161     
   125     $message = '[quote="' . $row['poster_name'] . '"]' . bbcode_strip_uid( $row['post_text'], $row['bbcode_uid'] ) . '[/quote]';
   162     $message = '[quote="' . $row['poster_name'] . '"]' . bbcode_strip_uid( $row['post_text'], $row['bbcode_uid'] ) . '[/quote]';
       
   163     $subject = 'Re: ' . htmlspecialchars($row['post_subject']);
   126     $quote_poster = $row['poster_name'];
   164     $quote_poster = $row['poster_name'];
   127     $topic_id = intval($row['topic_id']);
   165     $topic_id = intval($row['topic_id']);
   128     
   166     
   129     $title = 'Reply to topic with quote';
   167     $title = 'Reply to topic with quote';
   130     
   168     
   137     $db->_die();
   175     $db->_die();
   138   
   176   
   139   $row = $db->fetchrow();
   177   $row = $db->fetchrow();
   140   $db->free_result();
   178   $db->free_result();
   141   
   179   
   142   $forum_perms = $session->fetch_page_acl('DecirForum', $row['forum_id']);
   180   $forum_perms = $session->fetch_page_acl($row['forum_id'], 'DecirForum');
   143   $topic_perms = $session->fetch_page_acl('DecirTopic', $row['topic_id']);
   181   $topic_perms = $session->fetch_page_acl($row['topic_id'], 'DecirTopic');
   144   
   182   
   145   if ( !$forum_perms->get_permissions('decir_see_forum') )
   183   if ( !$forum_perms->get_permissions('decir_see_forum') )
   146     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
   184     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
   147   
   185   
   148   if ( !$topic_perms->get_permissions('decir_reply') )
   186   if ( !$topic_perms->get_permissions('decir_reply') )
   164   
   202   
   165 }
   203 }
   166 else if ( $mode == 'topic' )
   204 else if ( $mode == 'topic' )
   167 {
   205 {
   168   $message = '';
   206   $message = '';
       
   207   $subject = '';
   169   // Validate topic ID
   208   // Validate topic ID
   170   $forum_id = intval($paths->getParam(2));
   209   $forum_id = intval($paths->getParam(2));
   171   if ( empty($forum_id) )
   210   if ( empty($forum_id) )
   172     die_friendly('Error', '<p>Invalid forum ID</p>');
   211     die_friendly('Error', '<p>Invalid forum ID</p>');
   173   $title = 'Post new topic';
   212   $title = 'Post new topic';
   174   
   213   
   175   // Topic ID is good, verify topic status
   214   // Topic ID is good, verify topic status
   176   $q = $db->sql_query('SELECT forum_id FROM '.table_prefix.'decir_forums WHERE forum_id=' . $forum_id . ';');
   215   $q = $db->sql_query('SELECT forum_id, forum_name FROM '.table_prefix.'decir_forums WHERE forum_id=' . $forum_id . ';');
   177   
   216   
   178   if ( !$q )
   217   if ( !$q )
   179     $db->_die();
   218     $db->_die();
   180   
   219   
   181   if ( $db->numrows() < 1 )
   220   if ( $db->numrows() < 1 )
   182     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
   221     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
   183   
   222   
   184   $row = $db->fetchrow();
   223   $row = $db->fetchrow();
   185   $db->free_result();
   224   $db->free_result();
   186   
   225   
   187   $forum_perms = $session->fetch_page_acl('DecirForum', $row['forum_id']);
   226   $forum_perms = $session->fetch_page_acl($row['forum_id'], 'DecirForum');
   188   
   227   
   189   if ( !$forum_perms->get_permissions('decir_see_forum') )
   228   if ( !$forum_perms->get_permissions('decir_see_forum') )
   190     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
   229     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
   191   
   230   
   192   $parms = Array(
   231   $parms = Array(
   193       'mode' => $mode,
   232       'mode' => $mode,
   194       'forum_in' => $forum_in,
   233       'forum_id' => $forum_id,
   195       'timestamp' => time(),
   234       'timestamp' => time(),
   196       'authorized' => true
   235       'authorized' => true
   197     );
   236     );
   198   
   237   
   199   $parms = serialize($parms);
   238   $parms = serialize($parms);
   201   
   240   
   202 }
   241 }
   203 else if ( $mode == 'already_taken_care_of' )
   242 else if ( $mode == 'already_taken_care_of' )
   204 {
   243 {
   205   $mode = $parms2['mode'];
   244   $mode = $parms2['mode'];
   206   $title = ( $mode == 'topic' ) ? 'Post new topic' : ( $mode == 'reply' ) ? 'Reply to topic' : ( $mode  == 'quote' ) ? 'Reply to topic with quote' : 'Duh...';
   245   $title = ( $mode == 'topic' ) ? 'Post new topic' : ( ( $mode == 'reply' ) ? 'Reply to topic' : ( $mode  == 'quote' ) ? 'Reply to topic with quote' : 'Duh...' );
   207 }
   246 }
   208 else
   247 else
   209 {
   248 {
   210   die_friendly('Invalid request', '<p>Invalid action defined</p>');
   249   die_friendly('Invalid request', '<p>Invalid action defined</p>');
   211 }
   250 }
   219     <link rel="stylesheet" type="text/css" href="' . scriptPath . '/decir/js/colorpick/farbtastic.css" />
   258     <link rel="stylesheet" type="text/css" href="' . scriptPath . '/decir/js/colorpick/farbtastic.css" />
   220     <!-- DECIR END -->');
   259     <!-- DECIR END -->');
   221 
   260 
   222 $template->header();
   261 $template->header();
   223 
   262 
       
   263 if ( isset($errors) )
       
   264 {
       
   265   echo '<div class="error-box" style="margin: 10px 0;">
       
   266           <b>Your post could not be submitted.</b>
       
   267           <ul>
       
   268             <li>' . implode("</li>\n            <li>", $errors) . '</li>
       
   269           </ul>
       
   270         </div>';
       
   271 }
       
   272 
   224 if ( $do_preview )
   273 if ( $do_preview )
   225 {
   274 {
   226   echo 'Doing preview';
   275   $message = $_POST['post_text'];
       
   276   $subject = htmlspecialchars($_POST['subject']);
       
   277   $message_render = render_bbcode($message);
       
   278   $message_render = RenderMan::smilieyize($message_render);
       
   279   echo '<div style="border: 1px solid #222222; background-color: #F0F0F0; padding: 10px; max-height: 300px; clip: rect(0px,auto,auto,0px); overflow: auto; margin: 10px 0;">
       
   280           <h2>Post preview</h2>
       
   281           <p>' . $message_render . '</p>
       
   282         </div>';
   227 }
   283 }
   228 
   284 
   229 $url = makeUrlNS('Special', 'Forum/New', 'act=post', true);
   285 $url = makeUrlNS('Special', 'Forum/New', 'act=post', true);
   230 echo '<br />
   286 echo '<br />
   231       <form action="' . $url . '" method="post" enctype="multipart/form-data">';
   287       <form action="' . $url . '" method="post" enctype="multipart/form-data">';
       
   288 echo '<div class="tblholder">
       
   289         <table border="0" cellspacing="1" cellpadding="4">';
       
   290 echo '<tr><td class="row2">Post subject:</td><td class="row1"><input name="subject" type="text" size="50" style="width: 100%;" value="' . $subject . '" /></td>';
       
   291 echo '<tr><td class="row3" colspan="2">';
   232 echo '<textarea name="post_text" class="bbcode" rows="20" cols="80">' . $message . '</textarea>';
   292 echo '<textarea name="post_text" class="bbcode" rows="20" cols="80">' . $message . '</textarea>';
   233 echo '<input type="hidden" name="authorization" value="' . $parms . '" />';
   293 echo '</td></tr>';
   234 echo '<div style="text-align: center; margin-top: 10px;"><input type="submit" name="do[post]" value="Submit post" style="font-weight: bold;" />&nbsp;<input type="submit" name="do[preview]" value="Show preview" /></div>';
   294 echo '
       
   295       <!-- This authorization code is encrypted with '.AES_BITS.'-bit AES. -->
       
   296       ';
       
   297 echo '<tr><th colspan="2" class="subhead"><input type="hidden" name="authorization" value="' . $parms . '" />';
       
   298 echo '<input type="submit" name="do[post]" value="Submit post" style="font-weight: bold;" />&nbsp;<input type="submit" name="do[preview]" value="Show preview" /></th></tr>';
       
   299 echo '</table></div>';
   235 echo '</form>';
   300 echo '</form>';
   236 
   301 
   237 $template->footer();
   302 $template->footer();
   238 
   303 
   239 ?>
   304 ?>