diff -r 000000000000 -r f9ffdbd96607 punbb/edit.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/punbb/edit.php Wed Jul 11 21:01:48 2007 -0400 @@ -0,0 +1,264 @@ +query('SELECT f.id AS fid, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, t.id AS tid, t.subject, t.posted, t.closed, p.poster, p.poster_id, p.message, p.hide_smilies FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); +if (!$db->num_rows($result)) + message($lang_common['Bad request']); + +$cur_post = $db->fetch_assoc($result); + +// Sort out who the moderators are and if we are currently a moderator (or an admin) +$mods_array = ($cur_post['moderators'] != '') ? unserialize($cur_post['moderators']) : array(); +$is_admmod = ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_id'] == PUN_MOD && array_key_exists($pun_user['username'], $mods_array))) ? true : false; + +// Determine whether this post is the "topic post" or not +$result = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$cur_post['tid'].' ORDER BY posted LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); +$topic_post_id = $db->result($result); + +$can_edit_subject = ($id == $topic_post_id && (($pun_user['g_edit_subjects_interval'] == '0' || (time() - $cur_post['posted']) < $pun_user['g_edit_subjects_interval']) || $is_admmod)) ? true : false; + +// Do we have permission to edit this post? +if (($pun_user['g_edit_posts'] == '0' || + $cur_post['poster_id'] != $pun_user['id'] || + $cur_post['closed'] == '1') && + !$is_admmod) + message($lang_common['No permission']); + +// Load the post.php/edit.php language file +require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php'; + +// Start with a clean slate +$errors = array(); + + +if (isset($_POST['form_sent'])) +{ + if ($is_admmod) + confirm_referrer('edit.php'); + + // If it is a topic it must contain a subject + if ($can_edit_subject) + { + $subject = pun_trim($_POST['req_subject']); + + if ($subject == '') + $errors[] = $lang_post['No subject']; + else if (pun_strlen($subject) > 70) + $errors[] = $lang_post['Too long subject']; + else if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_MOD) + $subject = ucwords(strtolower($subject)); + } + + // Clean up message from POST + $message = pun_linebreaks(pun_trim($_POST['req_message'])); + + if ($message == '') + $errors[] = $lang_post['No message']; + else if (strlen($message) > 65535) + $errors[] = $lang_post['Too long message']; + else if ($pun_config['p_message_all_caps'] == '0' && strtoupper($message) == $message && $pun_user['g_id'] > PUN_MOD) + $message = ucwords(strtolower($message)); + + // Validate BBCode syntax + if ($pun_config['p_message_bbcode'] == '1' && strpos($message, '[') !== false && strpos($message, ']') !== false) + { + require PUN_ROOT.'include/parser.php'; + $message = preparse_bbcode($message, $errors); + } + + + $hide_smilies = isset($_POST['hide_smilies']) ? intval($_POST['hide_smilies']) : 0; + if ($hide_smilies != '1') $hide_smilies = '0'; + + // Did everything go according to plan? + if (empty($errors) && !isset($_POST['preview'])) + { + $edited_sql = (!isset($_POST['silent']) || !$is_admmod) ? $edited_sql = ', edited='.time().', edited_by=\''.$db->escape($pun_user['username']).'\'' : ''; + + require PUN_ROOT.'include/search_idx.php'; + + if ($can_edit_subject) + { + // Update the topic and any redirect topics + $db->query('UPDATE '.$db->prefix.'topics SET subject=\''.$db->escape($subject).'\' WHERE id='.$cur_post['tid'].' OR moved_to='.$cur_post['tid']) or error('Unable to update topic', __FILE__, __LINE__, $db->error()); + + // We changed the subject, so we need to take that into account when we update the search words + update_search_index('edit', $id, $message, $subject); + } + else + update_search_index('edit', $id, $message); + + // Update the post + $db->query('UPDATE '.$db->prefix.'posts SET message=\''.$db->escape($message).'\', hide_smilies=\''.$hide_smilies.'\''.$edited_sql.' WHERE id='.$id) or error('Unable to update post', __FILE__, __LINE__, $db->error()); + + redirect('viewtopic.php?pid='.$id.'#p'.$id, $lang_post['Edit redirect']); + } +} + + + +$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_post['Edit post']; +$required_fields = array('req_subject' => $lang_common['Subject'], 'req_message' => $lang_common['Message']); +$focus_element = array('edit', 'req_message'); +require PUN_ROOT.'header.php'; + +$cur_index = 1; + +?> +
+
+ +
+
+ + +
+

+
+

+
    +'.$cur_error.''."\n"; +?> +
+
+
+
+ + +
+

+
+
+
+
+ +
+
+
+
+
+ + +
+

+
+
+
+
+ + +
+ + +
    +
  • :
    • +
  • :
    • +
  • :
    • +
+
+
+ '.$lang_post['Hide smilies']; + else + $checkboxes[] = '
+
+
+ +
+
+ '."\n\t\t\t\t\t\t\t", $checkboxes).''."\n" ?> +
+
+
+ +
+

+
+
+
+