author | Dan |
Tue, 13 Nov 2007 19:39:50 -0500 | |
changeset 6 | 3f66ec435f08 |
parent 3 | 88b85b9b9272 |
child 11 | 5585ac341820 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
/* |
|
3 |
* Decir |
|
4 |
* Version 0.1 |
|
5 |
* Copyright (C) 2007 Dan Fuhry |
|
6 |
* posting.php - post topics and replies |
|
7 |
* |
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 |
* |
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 |
*/ |
|
14 |
||
15 |
require('common.php'); |
|
16 |
require('bbcode.php'); |
|
17 |
||
18 |
// |
|
19 |
// Set mode and parameters |
|
20 |
// |
|
21 |
||
22 |
$mode = 'topic'; |
|
23 |
||
24 |
if ( $paths->getParam(1) ) |
|
25 |
{ |
|
26 |
$n = strtolower($paths->getParam(1)); |
|
27 |
if ( $n == 'reply' || $n == 'post' ) |
|
28 |
{ |
|
29 |
$mode = 'reply'; |
|
30 |
} |
|
31 |
elseif ( $n == 'quote' ) |
|
32 |
{ |
|
33 |
$mode = 'quote'; |
|
34 |
} |
|
35 |
} |
|
36 |
||
37 |
// Set the parameters for posting, then encrypt it so we don't have to do authorization checks again |
|
38 |
// Why? Because it's better than going through some session system for postings where the data is stored on the server |
|
39 |
// We already have AES encryption - might as well use it ;-) |
|
40 |
$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); |
|
41 |
||
42 |
$do_preview = false; |
|
43 |
||
44 |
if ( isset($_GET['act']) && $_GET['act'] == 'post' ) |
|
45 |
{ |
|
46 |
if ( !is_array($_POST['do']) ) |
|
47 |
die('Hacking attempt'); |
|
48 |
||
49 |
if ( isset($_POST['do']['preview']) ) |
|
50 |
{ |
|
51 |
$do_preview = true; |
|
52 |
$parms = $_POST['authorization']; |
|
53 |
$parms2 = $aes->decrypt($parms, $session->private_key, ENC_HEX); |
|
54 |
if ( !$parms2 || substr($parms2, 0, 1) != 'a' ) |
|
55 |
{ |
|
56 |
die('Hacking attempt: ' . $parms2); |
|
57 |
} |
|
58 |
$parms2 = unserialize($parms2); |
|
59 |
$mode = 'already_taken_care_of'; |
|
60 |
} |
|
61 |
else if ( isset($_POST['do']['post']) ) |
|
62 |
{ |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
63 |
$errors = Array(); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
64 |
|
0 | 65 |
// Decrypt authorization array |
66 |
$parms = $aes->decrypt($_POST['authorization'], $session->private_key, ENC_HEX); |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
67 |
if ( !$parms ) |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
68 |
$errors[] = 'Could not decrypt authorization key.'; |
0 | 69 |
$parms = unserialize($parms); |
70 |
||
71 |
// Perform a little input validation |
|
72 |
if ( empty($_POST['post_text']) ) |
|
73 |
$errors[] = 'Please enter a post.'; |
|
74 |
if ( empty($_POST['subject']) && $parms['mode'] == 'topic' ) |
|
75 |
$errors[] = 'Please enter a topic title.'; |
|
76 |
// It's OK to trust this! The auth key is encrypted with the site's private key. |
|
77 |
if ( !$parms['authorized'] ) |
|
78 |
$errors[] = 'Invalid authorization key'; |
|
79 |
||
3
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
80 |
// If the user isn't logged in, check the CAPTCHA code |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
81 |
if ( !$session->user_logged_in ) |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
82 |
{ |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
83 |
$captcha_hash = $_POST['captcha_hash']; |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
84 |
$captcha_code = $_POST['captcha_code']; |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
85 |
$real_code = $session->get_captcha($captcha_hash); |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
86 |
if ( $real_code != $captcha_code ) |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
87 |
$errors[] = 'The confirmation code you entered was incorrect.'; |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
88 |
} |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
89 |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
90 |
if ( sizeof($errors) < 1 ) |
0 | 91 |
{ |
92 |
// Collect other options |
|
93 |
||
94 |
// Submit post |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
95 |
if ( $parms['mode'] == 'reply' || $parms['mode'] == 'quote' ) |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
96 |
{ |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
97 |
$result = decir_submit_post($parms['topic_in'], $_POST['subject'], $_POST['post_text'], $post_id); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
98 |
if ( $result ) |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
99 |
{ |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
100 |
// update forum stats |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
101 |
$user = $db->escape($session->username); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
102 |
$q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, last_post_id = $post_id, last_post_topic = {$parms['topic_in']}, last_post_user = $session->user_id WHERE forum_id={$parms['forum_in']};"); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
103 |
if ( !$q ) |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
104 |
{ |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
105 |
$db->_die('Decir posting.php under Submit post [reply]'); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
106 |
} |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
107 |
$url = makeUrlNS('Special', 'Forum/Topic/' . $parms['topic_in'], false, true); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
108 |
redirect($url, 'Post submitted', 'Your post has been submitted successfully.', 4); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
109 |
} |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
110 |
} |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
111 |
else if ( $parms['mode'] == 'topic' ) |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
112 |
{ |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
113 |
$result = decir_submit_topic($parms['forum_id'], $_POST['subject'], $_POST['post_text'], $topic_id, $post_id); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
114 |
if ( $result ) |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
115 |
{ |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
116 |
// update forum stats |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
117 |
$q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, num_topics = num_topics+1, last_post_id = $post_id, last_post_topic = $topic_id, last_post_user = $session->user_id WHERE forum_id={$parms['forum_id']};"); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
118 |
if ( !$q ) |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
119 |
{ |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
120 |
$db->_die('Decir posting.php under Submit post [topic]'); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
121 |
} |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
122 |
$url = makeUrlNS('Special', 'Forum/Topic/' . $topic_id, false, true); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
123 |
redirect($url, 'Post submitted', 'Your post has been submitted successfully.', 4); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
124 |
} |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
125 |
} |
0 | 126 |
return; |
127 |
} |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
128 |
$mode = 'already_taken_care_of'; |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
129 |
$parms2 = $parms; |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
130 |
$parms = htmlspecialchars($_POST['authorization']); |
0 | 131 |
} |
132 |
} |
|
133 |
||
134 |
if ( $mode == 'reply' || $mode == 'quote' ) |
|
135 |
{ |
|
136 |
if ( $mode == 'reply' ) |
|
137 |
{ |
|
138 |
$message = ''; |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
139 |
$subject = ''; |
0 | 140 |
// Validate topic ID |
141 |
$topic_id = intval($paths->getParam(2)); |
|
142 |
if ( empty($topic_id) ) |
|
143 |
die_friendly('Error', '<p>Invalid topic ID</p>'); |
|
144 |
$title = 'Reply to topic'; |
|
145 |
} |
|
146 |
else if ( $mode == 'quote' ) |
|
147 |
{ |
|
148 |
||
149 |
/** |
|
3
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
150 |
* @FIXME: validate read permissions |
0 | 151 |
*/ |
152 |
||
153 |
$post_id = intval($paths->getParam(2)); |
|
154 |
if ( empty($post_id) ) |
|
155 |
die_friendly('Error', '<p>Invalid post ID</p>'); |
|
156 |
||
157 |
// Get post text and topic ID |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
158 |
$q = $db->sql_query('SELECT p.topic_id,t.post_text,t.bbcode_uid,p.poster_name,p.post_subject FROM '.table_prefix.'decir_posts AS p |
0 | 159 |
LEFT JOIN '.table_prefix.'decir_posts_text AS t |
160 |
ON ( p.post_id = t.post_id ) |
|
161 |
WHERE p.post_id=' . $post_id . ';'); |
|
162 |
||
163 |
if ( !$q ) |
|
164 |
$db->_die(); |
|
165 |
||
166 |
if ( $db->numrows() < 1 ) |
|
167 |
die_friendly('Error', '<p>The post you requested does not exist.</p>'); |
|
168 |
||
169 |
$row = $db->fetchrow(); |
|
170 |
$db->free_result(); |
|
171 |
||
172 |
$message = '[quote="' . $row['poster_name'] . '"]' . bbcode_strip_uid( $row['post_text'], $row['bbcode_uid'] ) . '[/quote]'; |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
173 |
$subject = 'Re: ' . htmlspecialchars($row['post_subject']); |
0 | 174 |
$quote_poster = $row['poster_name']; |
175 |
$topic_id = intval($row['topic_id']); |
|
176 |
||
177 |
$title = 'Reply to topic with quote'; |
|
178 |
||
179 |
} |
|
180 |
||
181 |
// Topic ID is good, verify topic status |
|
182 |
$q = $db->sql_query('SELECT topic_id,forum_id,topic_type,topic_locked,topic_moved FROM '.table_prefix.'decir_topics WHERE topic_id=' . $topic_id . ';'); |
|
183 |
||
184 |
if ( !$q ) |
|
185 |
$db->_die(); |
|
186 |
||
187 |
$row = $db->fetchrow(); |
|
188 |
$db->free_result(); |
|
189 |
||
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
190 |
$forum_perms = $session->fetch_page_acl($row['forum_id'], 'DecirForum'); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
191 |
$topic_perms = $session->fetch_page_acl($row['topic_id'], 'DecirTopic'); |
0 | 192 |
|
193 |
if ( !$forum_perms->get_permissions('decir_see_forum') ) |
|
194 |
die_friendly('Error', '<p>The forum you requested does not exist.</p>'); |
|
195 |
||
196 |
if ( !$topic_perms->get_permissions('decir_reply') ) |
|
197 |
die_friendly('Access denied', '<p>You are not allowed to post replies in this topic.</p>'); |
|
198 |
||
199 |
$forum_in = intval($row['forum_id']); |
|
200 |
$topic_in = intval($row['topic_id']); |
|
201 |
||
202 |
$parms = Array( |
|
203 |
'mode' => $mode, |
|
204 |
'forum_in' => $forum_in, |
|
205 |
'topic_in' => $topic_in, |
|
206 |
'timestamp' => time(), |
|
207 |
'authorized' => true |
|
208 |
); |
|
209 |
||
210 |
$parms = serialize($parms); |
|
211 |
$parms = $aes->encrypt($parms, $session->private_key, ENC_HEX); |
|
212 |
||
213 |
} |
|
214 |
else if ( $mode == 'topic' ) |
|
215 |
{ |
|
216 |
$message = ''; |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
217 |
$subject = ''; |
0 | 218 |
// Validate topic ID |
219 |
$forum_id = intval($paths->getParam(2)); |
|
220 |
if ( empty($forum_id) ) |
|
221 |
die_friendly('Error', '<p>Invalid forum ID</p>'); |
|
222 |
$title = 'Post new topic'; |
|
223 |
||
224 |
// Topic ID is good, verify topic status |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
225 |
$q = $db->sql_query('SELECT forum_id, forum_name FROM '.table_prefix.'decir_forums WHERE forum_id=' . $forum_id . ';'); |
0 | 226 |
|
227 |
if ( !$q ) |
|
228 |
$db->_die(); |
|
229 |
||
230 |
if ( $db->numrows() < 1 ) |
|
231 |
die_friendly('Error', '<p>The forum you requested does not exist.</p>'); |
|
232 |
||
233 |
$row = $db->fetchrow(); |
|
234 |
$db->free_result(); |
|
235 |
||
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
236 |
$forum_perms = $session->fetch_page_acl($row['forum_id'], 'DecirForum'); |
0 | 237 |
|
238 |
if ( !$forum_perms->get_permissions('decir_see_forum') ) |
|
239 |
die_friendly('Error', '<p>The forum you requested does not exist.</p>'); |
|
240 |
||
241 |
$parms = Array( |
|
242 |
'mode' => $mode, |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
243 |
'forum_id' => $forum_id, |
0 | 244 |
'timestamp' => time(), |
245 |
'authorized' => true |
|
246 |
); |
|
247 |
||
248 |
$parms = serialize($parms); |
|
249 |
$parms = $aes->encrypt($parms, $session->private_key, ENC_HEX); |
|
250 |
||
251 |
} |
|
252 |
else if ( $mode == 'already_taken_care_of' ) |
|
253 |
{ |
|
254 |
$mode = $parms2['mode']; |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
255 |
$title = ( $mode == 'topic' ) ? 'Post new topic' : ( ( $mode == 'reply' ) ? 'Reply to topic' : ( $mode == 'quote' ) ? 'Reply to topic with quote' : 'Duh...' ); |
0 | 256 |
} |
257 |
else |
|
258 |
{ |
|
259 |
die_friendly('Invalid request', '<p>Invalid action defined</p>'); |
|
260 |
} |
|
261 |
||
262 |
$template->tpl_strings['PAGE_NAME'] = $title; |
|
263 |
$template->add_header('<!-- DECIR BEGIN --> |
|
264 |
<script type="text/javascript" src="' . scriptPath . '/decir/js/bbcedit.js"></script> |
|
265 |
<script type="text/javascript" src="' . scriptPath . '/decir/js/colorpick/jquery.js"></script> |
|
266 |
<script type="text/javascript" src="' . scriptPath . '/decir/js/colorpick/farbtastic.js"></script> |
|
267 |
<link rel="stylesheet" type="text/css" href="' . scriptPath . '/decir/js/bbcedit.css" /> |
|
268 |
<link rel="stylesheet" type="text/css" href="' . scriptPath . '/decir/js/colorpick/farbtastic.css" /> |
|
269 |
<!-- DECIR END -->'); |
|
270 |
||
271 |
$template->header(); |
|
272 |
||
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
273 |
if ( isset($errors) ) |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
274 |
{ |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
275 |
echo '<div class="error-box" style="margin: 10px 0;"> |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
276 |
<b>Your post could not be submitted.</b> |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
277 |
<ul> |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
278 |
<li>' . implode("</li>\n <li>", $errors) . '</li> |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
279 |
</ul> |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
280 |
</div>'; |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
281 |
} |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
282 |
|
0 | 283 |
if ( $do_preview ) |
284 |
{ |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
285 |
$message = $_POST['post_text']; |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
286 |
$subject = htmlspecialchars($_POST['subject']); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
287 |
$message_render = render_bbcode($message); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
288 |
$message_render = RenderMan::smilieyize($message_render); |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
289 |
echo '<div style="border: 1px solid #222222; background-color: #F0F0F0; padding: 10px; max-height: 300px; clip: rect(0px,auto,auto,0px); overflow: auto; margin: 10px 0;"> |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
290 |
<h2>Post preview</h2> |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
291 |
<p>' . $message_render . '</p> |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
292 |
</div>'; |
0 | 293 |
} |
294 |
||
295 |
$url = makeUrlNS('Special', 'Forum/New', 'act=post', true); |
|
296 |
echo '<br /> |
|
297 |
<form action="' . $url . '" method="post" enctype="multipart/form-data">'; |
|
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
298 |
echo '<div class="tblholder"> |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
299 |
<table border="0" cellspacing="1" cellpadding="4">'; |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
300 |
echo '<tr><td class="row2">Post subject:</td><td class="row1"><input name="subject" type="text" size="50" style="width: 100%;" value="' . $subject . '" /></td>'; |
3
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
301 |
if ( !$session->user_logged_in ) |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
302 |
{ |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
303 |
$hash = $session->make_captcha(); |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
304 |
$captcha_url = makeUrlNS('Special', 'Captcha/' . $hash); |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
305 |
$captcha_img = "<img alt=\"If you cannot read this image please contact the site administrator for assistance.\" src=\"$captcha_url\" onclick=\"this.src=this.src+'/a';\" style=\"cursor: pointer;\" />"; |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
306 |
echo '<tr><td class="row2" rowspan="2">Image verification:</td><td class="row1">' . $captcha_img . '</td></tr>'; |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
307 |
echo '<tr><td class="row1">Please input the code you see in the image: <input type="hidden" name="captcha_hash" value="' . $hash . '" /><input type="text" name="captcha_code" size="8" /></td></tr>'; |
88b85b9b9272
What can I say? More progress. Mostly bugfixes and ACL stuff now. Which reminds me - don't use this release, there are quite a few access bugs in it right now.
Dan
parents:
1
diff
changeset
|
308 |
} |
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
309 |
echo '<tr><td class="row3" colspan="2">'; |
0 | 310 |
echo '<textarea name="post_text" class="bbcode" rows="20" cols="80">' . $message . '</textarea>'; |
1
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
311 |
echo '</td></tr>'; |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
312 |
echo ' |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
313 |
<!-- This authorization code is encrypted with '.AES_BITS.'-bit AES. --> |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
314 |
'; |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
315 |
echo '<tr><th colspan="2" class="subhead"><input type="hidden" name="authorization" value="' . $parms . '" />'; |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
316 |
echo '<input type="submit" name="do[post]" value="Submit post" style="font-weight: bold;" /> <input type="submit" name="do[preview]" value="Show preview" /></th></tr>'; |
6f8b7c6fac02
Let's just say: major progress and still only 20% complete. So many changes I forgot to commit.
Dan
parents:
0
diff
changeset
|
317 |
echo '</table></div>'; |
0 | 318 |
echo '</form>'; |
319 |
||
6 | 320 |
decir_show_footers(); |
0 | 321 |
$template->footer(); |
322 |
||
323 |
?> |