58 $parms2 = unserialize($parms2); |
58 $parms2 = unserialize($parms2); |
59 $mode = 'already_taken_care_of'; |
59 $mode = 'already_taken_care_of'; |
60 } |
60 } |
61 else if ( isset($_POST['do']['post']) ) |
61 else if ( isset($_POST['do']['post']) ) |
62 { |
62 { |
|
63 $errors = Array(); |
|
64 |
63 // Decrypt authorization array |
65 // Decrypt authorization array |
64 $parms = $aes->decrypt($_POST['authorization'], $session->private_key, ENC_HEX); |
66 $parms = $aes->decrypt($_POST['authorization'], $session->private_key, ENC_HEX); |
|
67 if ( !$parms ) |
|
68 $errors[] = 'Could not decrypt authorization key.'; |
65 $parms = unserialize($parms); |
69 $parms = unserialize($parms); |
66 |
70 |
67 // Perform a little input validation |
71 // Perform a little input validation |
68 $errors = Array(); |
|
69 if ( empty($_POST['post_text']) ) |
72 if ( empty($_POST['post_text']) ) |
70 $errors[] = 'Please enter a post.'; |
73 $errors[] = 'Please enter a post.'; |
71 if ( empty($_POST['subject']) && $parms['mode'] == 'topic' ) |
74 if ( empty($_POST['subject']) && $parms['mode'] == 'topic' ) |
72 $errors[] = 'Please enter a topic title.'; |
75 $errors[] = 'Please enter a topic title.'; |
73 // It's OK to trust this! The auth key is encrypted with the site's private key. |
76 // It's OK to trust this! The auth key is encrypted with the site's private key. |
74 if ( !$parms['authorized'] ) |
77 if ( !$parms['authorized'] ) |
75 $errors[] = 'Invalid authorization key'; |
78 $errors[] = 'Invalid authorization key'; |
76 |
79 |
77 if ( sizeof($errors) > 0 ) |
80 if ( sizeof($errors) < 1 ) |
78 { |
81 { |
79 // Collect other options |
82 // Collect other options |
80 |
83 |
81 // Submit post |
84 // Submit post |
82 decir_submit_post(); |
85 if ( $parms['mode'] == 'reply' || $parms['mode'] == 'quote' ) |
|
86 { |
|
87 $result = decir_submit_post($parms['topic_in'], $_POST['subject'], $_POST['post_text'], $post_id); |
|
88 if ( $result ) |
|
89 { |
|
90 // update forum stats |
|
91 $user = $db->escape($session->username); |
|
92 $q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, last_post_id = $post_id, last_post_topic = {$parms['topic_in']}, last_post_user = $session->user_id WHERE forum_id={$parms['forum_in']};"); |
|
93 if ( !$q ) |
|
94 { |
|
95 $db->_die('Decir posting.php under Submit post [reply]'); |
|
96 } |
|
97 $url = makeUrlNS('Special', 'Forum/Topic/' . $parms['topic_in'], false, true); |
|
98 redirect($url, 'Post submitted', 'Your post has been submitted successfully.', 4); |
|
99 } |
|
100 } |
|
101 else if ( $parms['mode'] == 'topic' ) |
|
102 { |
|
103 $result = decir_submit_topic($parms['forum_id'], $_POST['subject'], $_POST['post_text'], $topic_id, $post_id); |
|
104 if ( $result ) |
|
105 { |
|
106 // update forum stats |
|
107 $q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, num_topics = num_topics+1, last_post_id = $post_id, last_post_topic = $topic_id, last_post_user = $session->user_id WHERE forum_id={$parms['forum_id']};"); |
|
108 if ( !$q ) |
|
109 { |
|
110 $db->_die('Decir posting.php under Submit post [topic]'); |
|
111 } |
|
112 $url = makeUrlNS('Special', 'Forum/Topic/' . $topic_id, false, true); |
|
113 redirect($url, 'Post submitted', 'Your post has been submitted successfully.', 4); |
|
114 } |
|
115 } |
83 return; |
116 return; |
84 } |
117 } |
|
118 $mode = 'already_taken_care_of'; |
|
119 $parms2 = $parms; |
|
120 $parms = htmlspecialchars($_POST['authorization']); |
85 } |
121 } |
86 } |
122 } |
87 |
123 |
88 if ( $mode == 'reply' || $mode == 'quote' ) |
124 if ( $mode == 'reply' || $mode == 'quote' ) |
89 { |
125 { |
90 if ( $mode == 'reply' ) |
126 if ( $mode == 'reply' ) |
91 { |
127 { |
92 $message = ''; |
128 $message = ''; |
|
129 $subject = ''; |
93 // Validate topic ID |
130 // Validate topic ID |
94 $topic_id = intval($paths->getParam(2)); |
131 $topic_id = intval($paths->getParam(2)); |
95 if ( empty($topic_id) ) |
132 if ( empty($topic_id) ) |
96 die_friendly('Error', '<p>Invalid topic ID</p>'); |
133 die_friendly('Error', '<p>Invalid topic ID</p>'); |
97 $title = 'Reply to topic'; |
134 $title = 'Reply to topic'; |
106 $post_id = intval($paths->getParam(2)); |
143 $post_id = intval($paths->getParam(2)); |
107 if ( empty($post_id) ) |
144 if ( empty($post_id) ) |
108 die_friendly('Error', '<p>Invalid post ID</p>'); |
145 die_friendly('Error', '<p>Invalid post ID</p>'); |
109 |
146 |
110 // Get post text and topic ID |
147 // Get post text and topic ID |
111 $q = $db->sql_query('SELECT p.topic_id,t.post_text,t.bbcode_uid,p.poster_name FROM '.table_prefix.'decir_posts AS p |
148 $q = $db->sql_query('SELECT p.topic_id,t.post_text,t.bbcode_uid,p.poster_name,p.post_subject FROM '.table_prefix.'decir_posts AS p |
112 LEFT JOIN '.table_prefix.'decir_posts_text AS t |
149 LEFT JOIN '.table_prefix.'decir_posts_text AS t |
113 ON ( p.post_id = t.post_id ) |
150 ON ( p.post_id = t.post_id ) |
114 WHERE p.post_id=' . $post_id . ';'); |
151 WHERE p.post_id=' . $post_id . ';'); |
115 |
152 |
116 if ( !$q ) |
153 if ( !$q ) |
164 |
202 |
165 } |
203 } |
166 else if ( $mode == 'topic' ) |
204 else if ( $mode == 'topic' ) |
167 { |
205 { |
168 $message = ''; |
206 $message = ''; |
|
207 $subject = ''; |
169 // Validate topic ID |
208 // Validate topic ID |
170 $forum_id = intval($paths->getParam(2)); |
209 $forum_id = intval($paths->getParam(2)); |
171 if ( empty($forum_id) ) |
210 if ( empty($forum_id) ) |
172 die_friendly('Error', '<p>Invalid forum ID</p>'); |
211 die_friendly('Error', '<p>Invalid forum ID</p>'); |
173 $title = 'Post new topic'; |
212 $title = 'Post new topic'; |
174 |
213 |
175 // Topic ID is good, verify topic status |
214 // Topic ID is good, verify topic status |
176 $q = $db->sql_query('SELECT forum_id FROM '.table_prefix.'decir_forums WHERE forum_id=' . $forum_id . ';'); |
215 $q = $db->sql_query('SELECT forum_id, forum_name FROM '.table_prefix.'decir_forums WHERE forum_id=' . $forum_id . ';'); |
177 |
216 |
178 if ( !$q ) |
217 if ( !$q ) |
179 $db->_die(); |
218 $db->_die(); |
180 |
219 |
181 if ( $db->numrows() < 1 ) |
220 if ( $db->numrows() < 1 ) |
182 die_friendly('Error', '<p>The forum you requested does not exist.</p>'); |
221 die_friendly('Error', '<p>The forum you requested does not exist.</p>'); |
183 |
222 |
184 $row = $db->fetchrow(); |
223 $row = $db->fetchrow(); |
185 $db->free_result(); |
224 $db->free_result(); |
186 |
225 |
187 $forum_perms = $session->fetch_page_acl('DecirForum', $row['forum_id']); |
226 $forum_perms = $session->fetch_page_acl($row['forum_id'], 'DecirForum'); |
188 |
227 |
189 if ( !$forum_perms->get_permissions('decir_see_forum') ) |
228 if ( !$forum_perms->get_permissions('decir_see_forum') ) |
190 die_friendly('Error', '<p>The forum you requested does not exist.</p>'); |
229 die_friendly('Error', '<p>The forum you requested does not exist.</p>'); |
191 |
230 |
192 $parms = Array( |
231 $parms = Array( |
193 'mode' => $mode, |
232 'mode' => $mode, |
194 'forum_in' => $forum_in, |
233 'forum_id' => $forum_id, |
195 'timestamp' => time(), |
234 'timestamp' => time(), |
196 'authorized' => true |
235 'authorized' => true |
197 ); |
236 ); |
198 |
237 |
199 $parms = serialize($parms); |
238 $parms = serialize($parms); |
219 <link rel="stylesheet" type="text/css" href="' . scriptPath . '/decir/js/colorpick/farbtastic.css" /> |
258 <link rel="stylesheet" type="text/css" href="' . scriptPath . '/decir/js/colorpick/farbtastic.css" /> |
220 <!-- DECIR END -->'); |
259 <!-- DECIR END -->'); |
221 |
260 |
222 $template->header(); |
261 $template->header(); |
223 |
262 |
|
263 if ( isset($errors) ) |
|
264 { |
|
265 echo '<div class="error-box" style="margin: 10px 0;"> |
|
266 <b>Your post could not be submitted.</b> |
|
267 <ul> |
|
268 <li>' . implode("</li>\n <li>", $errors) . '</li> |
|
269 </ul> |
|
270 </div>'; |
|
271 } |
|
272 |
224 if ( $do_preview ) |
273 if ( $do_preview ) |
225 { |
274 { |
226 echo 'Doing preview'; |
275 $message = $_POST['post_text']; |
|
276 $subject = htmlspecialchars($_POST['subject']); |
|
277 $message_render = render_bbcode($message); |
|
278 $message_render = RenderMan::smilieyize($message_render); |
|
279 echo '<div style="border: 1px solid #222222; background-color: #F0F0F0; padding: 10px; max-height: 300px; clip: rect(0px,auto,auto,0px); overflow: auto; margin: 10px 0;"> |
|
280 <h2>Post preview</h2> |
|
281 <p>' . $message_render . '</p> |
|
282 </div>'; |
227 } |
283 } |
228 |
284 |
229 $url = makeUrlNS('Special', 'Forum/New', 'act=post', true); |
285 $url = makeUrlNS('Special', 'Forum/New', 'act=post', true); |
230 echo '<br /> |
286 echo '<br /> |
231 <form action="' . $url . '" method="post" enctype="multipart/form-data">'; |
287 <form action="' . $url . '" method="post" enctype="multipart/form-data">'; |
|
288 echo '<div class="tblholder"> |
|
289 <table border="0" cellspacing="1" cellpadding="4">'; |
|
290 echo '<tr><td class="row2">Post subject:</td><td class="row1"><input name="subject" type="text" size="50" style="width: 100%;" value="' . $subject . '" /></td>'; |
|
291 echo '<tr><td class="row3" colspan="2">'; |
232 echo '<textarea name="post_text" class="bbcode" rows="20" cols="80">' . $message . '</textarea>'; |
292 echo '<textarea name="post_text" class="bbcode" rows="20" cols="80">' . $message . '</textarea>'; |
233 echo '<input type="hidden" name="authorization" value="' . $parms . '" />'; |
293 echo '</td></tr>'; |
234 echo '<div style="text-align: center; margin-top: 10px;"><input type="submit" name="do[post]" value="Submit post" style="font-weight: bold;" /> <input type="submit" name="do[preview]" value="Show preview" /></div>'; |
294 echo ' |
|
295 <!-- This authorization code is encrypted with '.AES_BITS.'-bit AES. --> |
|
296 '; |
|
297 echo '<tr><th colspan="2" class="subhead"><input type="hidden" name="authorization" value="' . $parms . '" />'; |
|
298 echo '<input type="submit" name="do[post]" value="Submit post" style="font-weight: bold;" /> <input type="submit" name="do[preview]" value="Show preview" /></th></tr>'; |
|
299 echo '</table></div>'; |
235 echo '</form>'; |
300 echo '</form>'; |
236 |
301 |
237 $template->footer(); |
302 $template->footer(); |
238 |
303 |
239 ?> |
304 ?> |