Mercurial Mercurial > repos > decir / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
decir/posting.php
changeset 1 6f8b7c6fac02
parent 0 0417a5a0c7be
child 3 88b85b9b9272
equal deleted inserted replaced
0:0417a5a0c7be 1:6f8b7c6fac02 
    58     $parms2 = unserialize($parms2);
 
    58     $parms2 = unserialize($parms2);
 
    59     $mode = 'already_taken_care_of';
 
    59     $mode = 'already_taken_care_of';
 
    60   }
 
    60   }
 
    61   else if ( isset($_POST['do']['post']) )
 
    61   else if ( isset($_POST['do']['post']) )
 
    62   {
 
    62   {
 
       
    63     $errors = Array();
 
       
    64     
    63     // Decrypt authorization array
 
    65     // Decrypt authorization array
 
    64     $parms = $aes->decrypt($_POST['authorization'], $session->private_key, ENC_HEX);
 
    66     $parms = $aes->decrypt($_POST['authorization'], $session->private_key, ENC_HEX);
 
       
    67     if ( !$parms )
 
       
    68       $errors[] = 'Could not decrypt authorization key.';
 
    65     $parms = unserialize($parms);
 
    69     $parms = unserialize($parms);
 
    66     
    70     
    67     // Perform a little input validation
 
    71     // Perform a little input validation
 
    68     $errors = Array();
 
       
    69     if ( empty($_POST['post_text']) )
 
    72     if ( empty($_POST['post_text']) )
 
    70       $errors[] = 'Please enter a post.';
 
    73       $errors[] = 'Please enter a post.';
 
    71     if ( empty($_POST['subject']) && $parms['mode'] == 'topic' )
 
    74     if ( empty($_POST['subject']) && $parms['mode'] == 'topic' )
 
    72       $errors[] = 'Please enter a topic title.';
 
    75       $errors[] = 'Please enter a topic title.';
 
    73     // It's OK to trust this! The auth key is encrypted with the site's private key.
 
    76     // It's OK to trust this! The auth key is encrypted with the site's private key.
 
    74     if ( !$parms['authorized'] )
 
    77     if ( !$parms['authorized'] )
 
    75       $errors[] = 'Invalid authorization key';
 
    78       $errors[] = 'Invalid authorization key';
 
    76     
    79     
    77     if ( sizeof($errors) > 0 )
 
    80     if ( sizeof($errors) < 1 )
 
    78     {
 
    81     {
 
    79       // Collect other options
 
    82       // Collect other options
 
    80       
    83       
    81       // Submit post
 
    84       // Submit post
 
    82       decir_submit_post();
 
    85       if ( $parms['mode'] == 'reply' || $parms['mode'] == 'quote' )
 
       
    86       {
 
       
    87         $result = decir_submit_post($parms['topic_in'], $_POST['subject'], $_POST['post_text'], $post_id);
 
       
    88         if ( $result )
 
       
    89         {
 
       
    90           // update forum stats
 
       
    91           $user = $db->escape($session->username);
 
       
    92           $q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, last_post_id = $post_id, last_post_topic = {$parms['topic_in']}, last_post_user = $session->user_id WHERE forum_id={$parms['forum_in']};");
 
       
    93           if ( !$q )
 
       
    94           {
 
       
    95             $db->_die('Decir posting.php under Submit post [reply]');
 
       
    96           }
 
       
    97           $url = makeUrlNS('Special', 'Forum/Topic/' . $parms['topic_in'], false, true);
 
       
    98           redirect($url, 'Post submitted', 'Your post has been submitted successfully.', 4);
 
       
    99         }
 
       
   100       }
 
       
   101       else if ( $parms['mode'] == 'topic' )
 
       
   102       {
 
       
   103         $result = decir_submit_topic($parms['forum_id'], $_POST['subject'], $_POST['post_text'], $topic_id, $post_id);
 
       
   104         if ( $result )
 
       
   105         {
 
       
   106           // update forum stats
 
       
   107           $q = $db->sql_query('UPDATE '.table_prefix."decir_forums SET num_posts = num_posts+1, num_topics = num_topics+1, last_post_id = $post_id, last_post_topic = $topic_id, last_post_user = $session->user_id WHERE forum_id={$parms['forum_id']};");
 
       
   108           if ( !$q )
 
       
   109           {
 
       
   110             $db->_die('Decir posting.php under Submit post [topic]');
 
       
   111           }
 
       
   112           $url = makeUrlNS('Special', 'Forum/Topic/' . $topic_id, false, true);
 
       
   113           redirect($url, 'Post submitted', 'Your post has been submitted successfully.', 4);
 
       
   114         }
 
       
   115       }
 
    83       return;
 
   116       return;
 
    84     }
 
   117     }
 
       
   118     $mode = 'already_taken_care_of';
 
       
   119     $parms2 = $parms;
 
       
   120     $parms = htmlspecialchars($_POST['authorization']);
 
    85   }
 
   121   }
 
    86 }
 
   122 }
 
    87 
   123 
    88 if ( $mode == 'reply' || $mode == 'quote' )
 
   124 if ( $mode == 'reply' || $mode == 'quote' )
 
    89 {
 
   125 {
 
    90   if ( $mode == 'reply' )
 
   126   if ( $mode == 'reply' )
 
    91   {
 
   127   {
 
    92     $message = '';
 
   128     $message = '';
 
       
   129     $subject = '';
 
    93     // Validate topic ID
 
   130     // Validate topic ID
 
    94     $topic_id = intval($paths->getParam(2));
 
   131     $topic_id = intval($paths->getParam(2));
 
    95     if ( empty($topic_id) )
 
   132     if ( empty($topic_id) )
 
    96       die_friendly('Error', '<p>Invalid topic ID</p>');
 
   133       die_friendly('Error', '<p>Invalid topic ID</p>');
 
    97     $title = 'Reply to topic';
 
   134     $title = 'Reply to topic';
 
   106     $post_id = intval($paths->getParam(2));
 
   143     $post_id = intval($paths->getParam(2));
 
   107     if ( empty($post_id) )
 
   144     if ( empty($post_id) )
 
   108       die_friendly('Error', '<p>Invalid post ID</p>');
 
   145       die_friendly('Error', '<p>Invalid post ID</p>');
 
   109     
   146     
   110     // Get post text and topic ID
 
   147     // Get post text and topic ID
 
   111     $q = $db->sql_query('SELECT p.topic_id,t.post_text,t.bbcode_uid,p.poster_name FROM '.table_prefix.'decir_posts AS p
 
   148     $q = $db->sql_query('SELECT p.topic_id,t.post_text,t.bbcode_uid,p.poster_name,p.post_subject FROM '.table_prefix.'decir_posts AS p
 
   112                            LEFT JOIN '.table_prefix.'decir_posts_text AS t
 
   149                            LEFT JOIN '.table_prefix.'decir_posts_text AS t
 
   113                              ON ( p.post_id = t.post_id )
 
   150                              ON ( p.post_id = t.post_id )
 
   114                            WHERE p.post_id=' . $post_id . ';');
 
   151                            WHERE p.post_id=' . $post_id . ';');
 
   115     
   152     
   116     if ( !$q )
 
   153     if ( !$q )
 
   121     
   158     
   122     $row = $db->fetchrow();
 
   159     $row = $db->fetchrow();
 
   123     $db->free_result();
 
   160     $db->free_result();
 
   124     
   161     
   125     $message = '[quote="' . $row['poster_name'] . '"]' . bbcode_strip_uid( $row['post_text'], $row['bbcode_uid'] ) . '[/quote]';
 
   162     $message = '[quote="' . $row['poster_name'] . '"]' . bbcode_strip_uid( $row['post_text'], $row['bbcode_uid'] ) . '[/quote]';
 
       
   163     $subject = 'Re: ' . htmlspecialchars($row['post_subject']);
 
   126     $quote_poster = $row['poster_name'];
 
   164     $quote_poster = $row['poster_name'];
 
   127     $topic_id = intval($row['topic_id']);
 
   165     $topic_id = intval($row['topic_id']);
 
   128     
   166     
   129     $title = 'Reply to topic with quote';
 
   167     $title = 'Reply to topic with quote';
 
   130     
   168     
   137     $db->_die();
 
   175     $db->_die();
 
   138   
   176   
   139   $row = $db->fetchrow();
 
   177   $row = $db->fetchrow();
 
   140   $db->free_result();
 
   178   $db->free_result();
 
   141   
   179   
   142   $forum_perms = $session->fetch_page_acl('DecirForum', $row['forum_id']);
 
   180   $forum_perms = $session->fetch_page_acl($row['forum_id'], 'DecirForum');
 
   143   $topic_perms = $session->fetch_page_acl('DecirTopic', $row['topic_id']);
 
   181   $topic_perms = $session->fetch_page_acl($row['topic_id'], 'DecirTopic');
 
   144   
   182   
   145   if ( !$forum_perms->get_permissions('decir_see_forum') )
 
   183   if ( !$forum_perms->get_permissions('decir_see_forum') )
 
   146     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
 
   184     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
 
   147   
   185   
   148   if ( !$topic_perms->get_permissions('decir_reply') )
 
   186   if ( !$topic_perms->get_permissions('decir_reply') )
 
   164   
   202   
   165 }
 
   203 }
 
   166 else if ( $mode == 'topic' )
 
   204 else if ( $mode == 'topic' )
 
   167 {
 
   205 {
 
   168   $message = '';
 
   206   $message = '';
 
       
   207   $subject = '';
 
   169   // Validate topic ID
 
   208   // Validate topic ID
 
   170   $forum_id = intval($paths->getParam(2));
 
   209   $forum_id = intval($paths->getParam(2));
 
   171   if ( empty($forum_id) )
 
   210   if ( empty($forum_id) )
 
   172     die_friendly('Error', '<p>Invalid forum ID</p>');
 
   211     die_friendly('Error', '<p>Invalid forum ID</p>');
 
   173   $title = 'Post new topic';
 
   212   $title = 'Post new topic';
 
   174   
   213   
   175   // Topic ID is good, verify topic status
 
   214   // Topic ID is good, verify topic status
 
   176   $q = $db->sql_query('SELECT forum_id FROM '.table_prefix.'decir_forums WHERE forum_id=' . $forum_id . ';');
 
   215   $q = $db->sql_query('SELECT forum_id, forum_name FROM '.table_prefix.'decir_forums WHERE forum_id=' . $forum_id . ';');
 
   177   
   216   
   178   if ( !$q )
 
   217   if ( !$q )
 
   179     $db->_die();
 
   218     $db->_die();
 
   180   
   219   
   181   if ( $db->numrows() < 1 )
 
   220   if ( $db->numrows() < 1 )
 
   182     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
 
   221     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
 
   183   
   222   
   184   $row = $db->fetchrow();
 
   223   $row = $db->fetchrow();
 
   185   $db->free_result();
 
   224   $db->free_result();
 
   186   
   225   
   187   $forum_perms = $session->fetch_page_acl('DecirForum', $row['forum_id']);
 
   226   $forum_perms = $session->fetch_page_acl($row['forum_id'], 'DecirForum');
 
   188   
   227   
   189   if ( !$forum_perms->get_permissions('decir_see_forum') )
 
   228   if ( !$forum_perms->get_permissions('decir_see_forum') )
 
   190     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
 
   229     die_friendly('Error', '<p>The forum you requested does not exist.</p>');
 
   191   
   230   
   192   $parms = Array(
 
   231   $parms = Array(
 
   193       'mode' => $mode,
 
   232       'mode' => $mode,
 
   194       'forum_in' => $forum_in,
 
   233       'forum_id' => $forum_id,
 
   195       'timestamp' => time(),
 
   234       'timestamp' => time(),
 
   196       'authorized' => true
 
   235       'authorized' => true
 
   197     );
 
   236     );
 
   198   
   237   
   199   $parms = serialize($parms);
 
   238   $parms = serialize($parms);
 
   201   
   240   
   202 }
 
   241 }
 
   203 else if ( $mode == 'already_taken_care_of' )
 
   242 else if ( $mode == 'already_taken_care_of' )
 
   204 {
 
   243 {
 
   205   $mode = $parms2['mode'];
 
   244   $mode = $parms2['mode'];
 
   206   $title = ( $mode == 'topic' ) ? 'Post new topic' : ( $mode == 'reply' ) ? 'Reply to topic' : ( $mode  == 'quote' ) ? 'Reply to topic with quote' : 'Duh...';
 
   245   $title = ( $mode == 'topic' ) ? 'Post new topic' : ( ( $mode == 'reply' ) ? 'Reply to topic' : ( $mode  == 'quote' ) ? 'Reply to topic with quote' : 'Duh...' );
 
   207 }
 
   246 }
 
   208 else
 
   247 else
 
   209 {
 
   248 {
 
   210   die_friendly('Invalid request', '<p>Invalid action defined</p>');
 
   249   die_friendly('Invalid request', '<p>Invalid action defined</p>');
 
   211 }
 
   250 }
 
   219     <link rel="stylesheet" type="text/css" href="' . scriptPath . '/decir/js/colorpick/farbtastic.css" />
 
   258     <link rel="stylesheet" type="text/css" href="' . scriptPath . '/decir/js/colorpick/farbtastic.css" />
 
   220     <!-- DECIR END -->');
 
   259     <!-- DECIR END -->');
 
   221 
   260 
   222 $template->header();
 
   261 $template->header();
 
   223 
   262 
       
   263 if ( isset($errors) )
 
       
   264 {
 
       
   265   echo '<div class="error-box" style="margin: 10px 0;">
 
       
   266           <b>Your post could not be submitted.</b>
 
       
   267           <ul>
 
       
   268             <li>' . implode("</li>\n            <li>", $errors) . '</li>
 
       
   269           </ul>
 
       
   270         </div>';
 
       
   271 }
 
       
   272 
   224 if ( $do_preview )
 
   273 if ( $do_preview )
 
   225 {
 
   274 {
 
   226   echo 'Doing preview';
 
   275   $message = $_POST['post_text'];
 
       
   276   $subject = htmlspecialchars($_POST['subject']);
 
       
   277   $message_render = render_bbcode($message);
 
       
   278   $message_render = RenderMan::smilieyize($message_render);
 
       
   279   echo '<div style="border: 1px solid #222222; background-color: #F0F0F0; padding: 10px; max-height: 300px; clip: rect(0px,auto,auto,0px); overflow: auto; margin: 10px 0;">
 
       
   280           <h2>Post preview</h2>
 
       
   281           <p>' . $message_render . '</p>
 
       
   282         </div>';
 
   227 }
 
   283 }
 
   228 
   284 
   229 $url = makeUrlNS('Special', 'Forum/New', 'act=post', true);
 
   285 $url = makeUrlNS('Special', 'Forum/New', 'act=post', true);
 
   230 echo '<br />
 
   286 echo '<br />
 
   231       <form action="' . $url . '" method="post" enctype="multipart/form-data">';
 
   287       <form action="' . $url . '" method="post" enctype="multipart/form-data">';
 
       
   288 echo '<div class="tblholder">
 
       
   289         <table border="0" cellspacing="1" cellpadding="4">';
 
       
   290 echo '<tr><td class="row2">Post subject:</td><td class="row1"><input name="subject" type="text" size="50" style="width: 100%;" value="' . $subject . '" /></td>';
 
       
   291 echo '<tr><td class="row3" colspan="2">';
 
   232 echo '<textarea name="post_text" class="bbcode" rows="20" cols="80">' . $message . '</textarea>';
 
   292 echo '<textarea name="post_text" class="bbcode" rows="20" cols="80">' . $message . '</textarea>';
 
   233 echo '<input type="hidden" name="authorization" value="' . $parms . '" />';
 
   293 echo '</td></tr>';
 
   234 echo '<div style="text-align: center; margin-top: 10px;"><input type="submit" name="do[post]" value="Submit post" style="font-weight: bold;" />&nbsp;<input type="submit" name="do[preview]" value="Show preview" /></div>';
 
   294 echo '
 
       
   295       <!-- This authorization code is encrypted with '.AES_BITS.'-bit AES. -->
 
       
   296       ';
 
       
   297 echo '<tr><th colspan="2" class="subhead"><input type="hidden" name="authorization" value="' . $parms . '" />';
 
       
   298 echo '<input type="submit" name="do[post]" value="Submit post" style="font-weight: bold;" />&nbsp;<input type="submit" name="do[preview]" value="Show preview" /></th></tr>';
 
       
   299 echo '</table></div>';
 
   235 echo '</form>';
 
   300 echo '</form>';
 
   236 
   301 
   237 $template->footer();
 
   302 $template->footer();
 
   238 
   303 
   239 ?>
 
   304 ?>
Decir