[ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 /*************************************************************************** 3 * functions_post.php 4 * ------------------- 5 * begin : Saturday, Feb 13, 2001 6 * copyright : (C) 2001 The phpBB Group 7 * email : support@phpbb.com 8 * 9 * $Id: functions_post.php 5886 2006-05-06 13:38:55Z grahamje $ 10 * 11 * 12 ***************************************************************************/ 13 14 /*************************************************************************** 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License as published by 18 * the Free Software Foundation; either version 2 of the License, or 19 * (at your option) any later version. 20 * 21 ***************************************************************************/ 22 23 if (!defined('IN_PHPBB')) 24 { 25 die('Hacking attempt'); 26 } 27 28 $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#'); 29 $html_entities_replace = array('&', '<', '>', '"'); 30 31 $unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); 32 $unhtml_specialchars_replace = array('>', '<', '"', '&'); 33 34 // 35 // This function will prepare a posted message for 36 // entry into the database. 37 // 38 function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) 39 { 40 global $board_config, $html_entities_match, $html_entities_replace; 41 42 // 43 // Clean up the message 44 // 45 $message = trim($message); 46 47 if ($html_on) 48 { 49 // If HTML is on, we try to make it safe 50 // This approach is quite agressive and anything that does not look like a valid tag 51 // is going to get converted to HTML entities 52 $message = stripslashes($message); 53 $html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#'; 54 $matches = array(); 55 56 $message_split = preg_split($html_match, $message); 57 preg_match_all($html_match, $message, $matches); 58 59 $message = ''; 60 61 foreach ($message_split as $part) 62 { 63 $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2])); 64 $message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag); 65 } 66 67 $message = addslashes($message); 68 $message = str_replace('"', '\"', $message); 69 } 70 else 71 { 72 $message = preg_replace($html_entities_match, $html_entities_replace, $message); 73 } 74 75 if($bbcode_on && $bbcode_uid != '') 76 { 77 $message = bbencode_first_pass($message, $bbcode_uid); 78 } 79 80 return $message; 81 } 82 83 function unprepare_message($message) 84 { 85 global $unhtml_specialchars_match, $unhtml_specialchars_replace; 86 87 return preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, $message); 88 } 89 90 // 91 // Prepare a message for posting 92 // 93 function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length) 94 { 95 global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; 96 97 // Check username 98 if (!empty($username)) 99 { 100 $username = phpbb_clean_username($username); 101 102 if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username'])) 103 { 104 include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); 105 106 $result = validate_username($username); 107 if ($result['error']) 108 { 109 $error_msg .= (!empty($error_msg)) ? '<br />' . $result['error_msg'] : $result['error_msg']; 110 } 111 } 112 else 113 { 114 $username = ''; 115 } 116 } 117 118 // Check subject 119 if (!empty($subject)) 120 { 121 $subject = htmlspecialchars(trim($subject)); 122 } 123 else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) 124 { 125 $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject']; 126 } 127 128 // Check message 129 if (!empty($message)) 130 { 131 $bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : ''; 132 $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); 133 } 134 else if ($mode != 'delete' && $mode != 'poll_delete') 135 { 136 $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message']; 137 } 138 139 // 140 // Handle poll stuff 141 // 142 if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) 143 { 144 $poll_length = (isset($poll_length)) ? max(0, intval($poll_length)) : 0; 145 146 if (!empty($poll_title)) 147 { 148 $poll_title = htmlspecialchars(trim($poll_title)); 149 } 150 151 if(!empty($poll_options)) 152 { 153 $temp_option_text = array(); 154 while(list($option_id, $option_text) = @each($poll_options)) 155 { 156 $option_text = trim($option_text); 157 if (!empty($option_text)) 158 { 159 $temp_option_text[intval($option_id)] = htmlspecialchars($option_text); 160 } 161 } 162 $option_text = $temp_option_text; 163 164 if (count($poll_options) < 2) 165 { 166 $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; 167 } 168 else if (count($poll_options) > $board_config['max_poll_options']) 169 { 170 $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; 171 } 172 else if ($poll_title == '') 173 { 174 $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; 175 } 176 } 177 } 178 179 return; 180 } 181 182 // 183 // Post a new topic/reply/poll or edit existing post/poll 184 // 185 function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, &$poll_options, &$poll_length) 186 { 187 global $board_config, $lang, $db, $phpbb_root_path, $phpEx; 188 global $userdata, $user_ip; 189 190 include($phpbb_root_path . 'includes/functions_search.'.$phpEx); 191 192 $current_time = time(); 193 194 if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') 195 { 196 // 197 // Flood control 198 // 199 $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; 200 $sql = "SELECT MAX(post_time) AS last_post_time 201 FROM " . POSTS_TABLE . " 202 WHERE $where_sql"; 203 if ($result = $db->sql_query($sql)) 204 { 205 if ($row = $db->sql_fetchrow($result)) 206 { 207 if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval'])) 208 { 209 message_die(GENERAL_MESSAGE, $lang['Flood_Error']); 210 } 211 } 212 } 213 } 214 215 if ($mode == 'editpost') 216 { 217 remove_search_post($post_id); 218 } 219 220 if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) 221 { 222 $topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0; 223 224 $sql = ($mode != "editpost") ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type " . (($post_data['edit_vote'] || !empty($poll_title)) ? ", topic_vote = " . $topic_vote : "") . " WHERE topic_id = $topic_id"; 225 if (!$db->sql_query($sql)) 226 { 227 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 228 } 229 230 if ($mode == 'newtopic') 231 { 232 $topic_id = $db->sql_nextid(); 233 } 234 } 235 236 $edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; 237 $sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id"; 238 if (!$db->sql_query($sql, BEGIN_TRANSACTION)) 239 { 240 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 241 } 242 243 if ($mode != 'editpost') 244 { 245 $post_id = $db->sql_nextid(); 246 } 247 248 $sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id"; 249 if (!$db->sql_query($sql)) 250 { 251 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 252 } 253 254 add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject)); 255 256 // 257 // Add poll 258 // 259 if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2) 260 { 261 $sql = (!$post_data['has_poll']) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ($poll_length * 86400) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ($poll_length * 86400) . " WHERE topic_id = $topic_id"; 262 if (!$db->sql_query($sql)) 263 { 264 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 265 } 266 267 $delete_option_sql = ''; 268 $old_poll_result = array(); 269 if ($mode == 'editpost' && $post_data['has_poll']) 270 { 271 $sql = "SELECT vote_option_id, vote_result 272 FROM " . VOTE_RESULTS_TABLE . " 273 WHERE vote_id = $poll_id 274 ORDER BY vote_option_id ASC"; 275 if (!($result = $db->sql_query($sql))) 276 { 277 message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); 278 } 279 280 while ($row = $db->sql_fetchrow($result)) 281 { 282 $old_poll_result[$row['vote_option_id']] = $row['vote_result']; 283 284 if (!isset($poll_options[$row['vote_option_id']])) 285 { 286 $delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; 287 } 288 } 289 } 290 else 291 { 292 $poll_id = $db->sql_nextid(); 293 } 294 295 @reset($poll_options); 296 297 $poll_option_id = 1; 298 while (list($option_id, $option_text) = each($poll_options)) 299 { 300 if (!empty($option_text)) 301 { 302 $option_text = str_replace("\'", "''", htmlspecialchars($option_text)); 303 $poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0; 304 305 $sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id"; 306 if (!$db->sql_query($sql)) 307 { 308 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 309 } 310 $poll_option_id++; 311 } 312 } 313 314 if ($delete_option_sql != '') 315 { 316 $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " 317 WHERE vote_option_id IN ($delete_option_sql) 318 AND vote_id = $poll_id"; 319 if (!$db->sql_query($sql)) 320 { 321 message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql); 322 } 323 } 324 } 325 326 $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">'; 327 $message = $lang['Stored'] . '<br /><br />' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>'); 328 329 return false; 330 } 331 332 // 333 // Update post stats and details 334 // 335 function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$user_id) 336 { 337 global $db; 338 339 $sign = ($mode == 'delete') ? '- 1' : '+ 1'; 340 $forum_update_sql = "forum_posts = forum_posts $sign"; 341 $topic_update_sql = ''; 342 343 if ($mode == 'delete') 344 { 345 if ($post_data['last_post']) 346 { 347 if ($post_data['first_post']) 348 { 349 $forum_update_sql .= ', forum_topics = forum_topics - 1'; 350 } 351 else 352 { 353 354 $topic_update_sql .= 'topic_replies = topic_replies - 1'; 355 356 $sql = "SELECT MAX(post_id) AS last_post_id 357 FROM " . POSTS_TABLE . " 358 WHERE topic_id = $topic_id"; 359 if (!($result = $db->sql_query($sql))) 360 { 361 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); 362 } 363 364 if ($row = $db->sql_fetchrow($result)) 365 { 366 $topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id']; 367 } 368 } 369 370 if ($post_data['last_topic']) 371 { 372 $sql = "SELECT MAX(post_id) AS last_post_id 373 FROM " . POSTS_TABLE . " 374 WHERE forum_id = $forum_id"; 375 if (!($result = $db->sql_query($sql))) 376 { 377 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); 378 } 379 380 if ($row = $db->sql_fetchrow($result)) 381 { 382 $forum_update_sql .= ($row['last_post_id']) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0'; 383 } 384 } 385 } 386 else if ($post_data['first_post']) 387 { 388 $sql = "SELECT MIN(post_id) AS first_post_id 389 FROM " . POSTS_TABLE . " 390 WHERE topic_id = $topic_id"; 391 if (!($result = $db->sql_query($sql))) 392 { 393 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); 394 } 395 396 if ($row = $db->sql_fetchrow($result)) 397 { 398 $topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['first_post_id']; 399 } 400 } 401 else 402 { 403 $topic_update_sql .= 'topic_replies = topic_replies - 1'; 404 } 405 } 406 else if ($mode != 'poll_delete') 407 { 408 $forum_update_sql .= ", forum_last_post_id = $post_id" . (($mode == 'newtopic') ? ", forum_topics = forum_topics $sign" : ""); 409 $topic_update_sql = "topic_last_post_id = $post_id" . (($mode == 'reply') ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id"); 410 } 411 else 412 { 413 $topic_update_sql .= 'topic_vote = 0'; 414 } 415 416 if ($mode != 'poll_delete') 417 { 418 $sql = "UPDATE " . FORUMS_TABLE . " SET 419 $forum_update_sql 420 WHERE forum_id = $forum_id"; 421 if (!$db->sql_query($sql)) 422 { 423 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 424 } 425 } 426 427 if ($topic_update_sql != '') 428 { 429 $sql = "UPDATE " . TOPICS_TABLE . " SET 430 $topic_update_sql 431 WHERE topic_id = $topic_id"; 432 if (!$db->sql_query($sql)) 433 { 434 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 435 } 436 } 437 438 if ($mode != 'poll_delete') 439 { 440 $sql = "UPDATE " . USERS_TABLE . " 441 SET user_posts = user_posts $sign 442 WHERE user_id = $user_id"; 443 if (!$db->sql_query($sql, END_TRANSACTION)) 444 { 445 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); 446 } 447 } 448 449 return; 450 } 451 452 // 453 // Delete a post/poll 454 // 455 function delete_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id) 456 { 457 global $board_config, $lang, $db, $phpbb_root_path, $phpEx; 458 global $userdata, $user_ip; 459 460 if ($mode != 'poll_delete') 461 { 462 include($phpbb_root_path . 'includes/functions_search.'.$phpEx); 463 464 $sql = "DELETE FROM " . POSTS_TABLE . " 465 WHERE post_id = $post_id"; 466 if (!$db->sql_query($sql)) 467 { 468 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); 469 } 470 471 $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " 472 WHERE post_id = $post_id"; 473 if (!$db->sql_query($sql)) 474 { 475 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); 476 } 477 478 if ($post_data['last_post']) 479 { 480 if ($post_data['first_post']) 481 { 482 $forum_update_sql .= ', forum_topics = forum_topics - 1'; 483 $sql = "DELETE FROM " . TOPICS_TABLE . " 484 WHERE topic_id = $topic_id 485 OR topic_moved_id = $topic_id"; 486 if (!$db->sql_query($sql)) 487 { 488 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); 489 } 490 491 $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " 492 WHERE topic_id = $topic_id"; 493 if (!$db->sql_query($sql)) 494 { 495 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); 496 } 497 } 498 } 499 500 remove_search_post($post_id); 501 } 502 503 if ($mode == 'poll_delete' || ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) && $post_data['has_poll'] && $post_data['edit_poll']) 504 { 505 $sql = "DELETE FROM " . VOTE_DESC_TABLE . " 506 WHERE topic_id = $topic_id"; 507 if (!$db->sql_query($sql)) 508 { 509 message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); 510 } 511 512 $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " 513 WHERE vote_id = $poll_id"; 514 if (!$db->sql_query($sql)) 515 { 516 message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); 517 } 518 519 $sql = "DELETE FROM " . VOTE_USERS_TABLE . " 520 WHERE vote_id = $poll_id"; 521 if (!$db->sql_query($sql)) 522 { 523 message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); 524 } 525 } 526 527 if ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) 528 { 529 $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . '=' . $forum_id) . '">'; 530 $message = $lang['Deleted']; 531 } 532 else 533 { 534 $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $topic_id) . '">'; 535 $message = (($mode == 'poll_delete') ? $lang['Poll_delete'] : $lang['Deleted']) . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>'); 536 } 537 538 $message .= '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>'); 539 540 return; 541 } 542 543 // 544 // Handle user notification on new post 545 // 546 function user_notification($mode, &$post_data, &$topic_title, &$forum_id, &$topic_id, &$post_id, &$notify_user) 547 { 548 global $board_config, $lang, $db, $phpbb_root_path, $phpEx; 549 global $userdata, $user_ip; 550 551 $current_time = time(); 552 553 if ($mode != 'delete') 554 { 555 if ($mode == 'reply') 556 { 557 $sql = "SELECT ban_userid 558 FROM " . BANLIST_TABLE; 559 if (!($result = $db->sql_query($sql))) 560 { 561 message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql); 562 } 563 564 $user_id_sql = ''; 565 while ($row = $db->sql_fetchrow($result)) 566 { 567 if (isset($row['ban_userid']) && !empty($row['ban_userid'])) 568 { 569 $user_id_sql .= ', ' . $row['ban_userid']; 570 } 571 } 572 573 $sql = "SELECT u.user_id, u.user_email, u.user_lang 574 FROM " . TOPICS_WATCH_TABLE . " tw, " . USERS_TABLE . " u 575 WHERE tw.topic_id = $topic_id 576 AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . ") 577 AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " 578 AND u.user_id = tw.user_id"; 579 if (!($result = $db->sql_query($sql))) 580 { 581 message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql); 582 } 583 584 $update_watched_sql = ''; 585 $bcc_list_ary = array(); 586 587 if ($row = $db->sql_fetchrow($result)) 588 { 589 // Sixty second limit 590 @set_time_limit(60); 591 592 do 593 { 594 if ($row['user_email'] != '') 595 { 596 $bcc_list_ary[$row['user_lang']][] = $row['user_email']; 597 } 598 $update_watched_sql .= ($update_watched_sql != '') ? ', ' . $row['user_id'] : $row['user_id']; 599 } 600 while ($row = $db->sql_fetchrow($result)); 601 602 // 603 // Let's do some checking to make sure that mass mail functions 604 // are working in win32 versions of php. 605 // 606 if (preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery']) 607 { 608 $ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var'; 609 610 // We are running on windows, force delivery to use our smtp functions 611 // since php's are broken by default 612 $board_config['smtp_delivery'] = 1; 613 $board_config['smtp_host'] = @$ini_val('SMTP'); 614 } 615 616 if (sizeof($bcc_list_ary)) 617 { 618 include($phpbb_root_path . 'includes/emailer.'.$phpEx); 619 $emailer = new emailer($board_config['smtp_delivery']); 620 621 $script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path'])); 622 $script_name = ($script_name != '') ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx; 623 $server_name = trim($board_config['server_name']); 624 $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; 625 $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) . '/' : '/'; 626 627 $orig_word = array(); 628 $replacement_word = array(); 629 obtain_word_list($orig_word, $replacement_word); 630 631 $emailer->from($board_config['board_email']); 632 $emailer->replyto($board_config['board_email']); 633 634 $topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($topic_title)) : unprepare_message($topic_title); 635 636 @reset($bcc_list_ary); 637 while (list($user_lang, $bcc_list) = each($bcc_list_ary)) 638 { 639 $emailer->use_template('topic_notify', $user_lang); 640 641 for ($i = 0; $i < count($bcc_list); $i++) 642 { 643 $emailer->bcc($bcc_list[$i]); 644 } 645 646 // The Topic_reply_notification lang string below will be used 647 // if for some reason the mail template subject cannot be read 648 // ... note it will not necessarily be in the posters own language! 649 $emailer->set_subject($lang['Topic_reply_notification']); 650 651 // This is a nasty kludge to remove the username var ... till (if?) 652 // translators update their templates 653 $emailer->msg = preg_replace('#[ ]?{USERNAME}#', '', $emailer->msg); 654 655 $emailer->assign_vars(array( 656 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '', 657 'SITENAME' => $board_config['sitename'], 658 'TOPIC_TITLE' => $topic_title, 659 660 'U_TOPIC' => $server_protocol . $server_name . $server_port . $script_name . '?' . POST_POST_URL . "=$post_id#$post_id", 661 'U_STOP_WATCHING_TOPIC' => $server_protocol . $server_name . $server_port . $script_name . '?' . POST_TOPIC_URL . "=$topic_id&unwatch=topic") 662 ); 663 664 $emailer->send(); 665 $emailer->reset(); 666 } 667 } 668 } 669 $db->sql_freeresult($result); 670 671 if ($update_watched_sql != '') 672 { 673 $sql = "UPDATE " . TOPICS_WATCH_TABLE . " 674 SET notify_status = " . TOPIC_WATCH_NOTIFIED . " 675 WHERE topic_id = $topic_id 676 AND user_id IN ($update_watched_sql)"; 677 $db->sql_query($sql); 678 } 679 } 680 681 $sql = "SELECT topic_id 682 FROM " . TOPICS_WATCH_TABLE . " 683 WHERE topic_id = $topic_id 684 AND user_id = " . $userdata['user_id']; 685 if (!($result = $db->sql_query($sql))) 686 { 687 message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); 688 } 689 690 $row = $db->sql_fetchrow($result); 691 692 if (!$notify_user && !empty($row['topic_id'])) 693 { 694 $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " 695 WHERE topic_id = $topic_id 696 AND user_id = " . $userdata['user_id']; 697 if (!$db->sql_query($sql)) 698 { 699 message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql); 700 } 701 } 702 else if ($notify_user && empty($row['topic_id'])) 703 { 704 $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) 705 VALUES (" . $userdata['user_id'] . ", $topic_id, 0)"; 706 if (!$db->sql_query($sql)) 707 { 708 message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql); 709 } 710 } 711 } 712 } 713 714 // 715 // Fill smiley templates (or just the variables) with smileys 716 // Either in a window or inline 717 // 718 function generate_smilies($mode, $page_id) 719 { 720 global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path; 721 global $user_ip, $session_length, $starttime; 722 global $userdata; 723 724 $inline_columns = 4; 725 $inline_rows = 5; 726 $window_columns = 8; 727 728 if ($mode == 'window') 729 { 730 $userdata = session_pagestart($user_ip, $page_id); 731 init_userprefs($userdata); 732 733 $gen_simple_header = TRUE; 734 735 $page_title = $lang['Emoticons']; 736 include($phpbb_root_path . 'includes/page_header.'.$phpEx); 737 738 $template->set_filenames(array( 739 'smiliesbody' => 'posting_smilies.tpl') 740 ); 741 } 742 743 $sql = "SELECT emoticon, code, smile_url 744 FROM " . SMILIES_TABLE . " 745 ORDER BY smilies_id"; 746 if ($result = $db->sql_query($sql)) 747 { 748 $num_smilies = 0; 749 $rowset = array(); 750 while ($row = $db->sql_fetchrow($result)) 751 { 752 if (empty($rowset[$row['smile_url']])) 753 { 754 $rowset[$row['smile_url']]['code'] = str_replace("'", "\\'", str_replace('\\', '\\\\', $row['code'])); 755 $rowset[$row['smile_url']]['emoticon'] = $row['emoticon']; 756 $num_smilies++; 757 } 758 } 759 760 if ($num_smilies) 761 { 762 $smilies_count = ($mode == 'inline') ? min(19, $num_smilies) : $num_smilies; 763 $smilies_split_row = ($mode == 'inline') ? $inline_columns - 1 : $window_columns - 1; 764 765 $s_colspan = 0; 766 $row = 0; 767 $col = 0; 768 769 while (list($smile_url, $data) = @each($rowset)) 770 { 771 if (!$col) 772 { 773 $template->assign_block_vars('smilies_row', array()); 774 } 775 776 $template->assign_block_vars('smilies_row.smilies_col', array( 777 'SMILEY_CODE' => $data['code'], 778 'SMILEY_IMG' => $board_config['smilies_path'] . '/' . $smile_url, 779 'SMILEY_DESC' => $data['emoticon']) 780 ); 781 782 $s_colspan = max($s_colspan, $col + 1); 783 784 if ($col == $smilies_split_row) 785 { 786 if ($mode == 'inline' && $row == $inline_rows - 1) 787 { 788 break; 789 } 790 $col = 0; 791 $row++; 792 } 793 else 794 { 795 $col++; 796 } 797 } 798 799 if ($mode == 'inline' && $num_smilies > $inline_rows * $inline_columns) 800 { 801 $template->assign_block_vars('switch_smilies_extra', array()); 802 803 $template->assign_vars(array( 804 'L_MORE_SMILIES' => $lang['More_emoticons'], 805 'U_MORE_SMILIES' => append_sid("posting.$phpEx?mode=smilies")) 806 ); 807 } 808 809 $template->assign_vars(array( 810 'L_EMOTICONS' => $lang['Emoticons'], 811 'L_CLOSE_WINDOW' => $lang['Close_window'], 812 'S_SMILIES_COLSPAN' => $s_colspan) 813 ); 814 } 815 } 816 817 if ($mode == 'window') 818 { 819 $template->pparse('smiliesbody'); 820 821 include($phpbb_root_path . 'includes/page_tail.'.$phpEx); 822 } 823 } 824 825 /** 826 * Called from within prepare_message to clean included HTML tags if HTML is 827 * turned on for that post 828 * @param array $tag Matching text from the message to parse 829 */ 830 function clean_html($tag) 831 { 832 global $board_config; 833 834 if (empty($tag[0])) 835 { 836 return ''; 837 } 838 839 $allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags'])); 840 $disallowed_attributes = '/^(?:style|on)/i'; 841 842 // Check if this is an end tag 843 preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches); 844 if (sizeof($matches)) 845 { 846 if (in_array(strtolower($matches[1]), $allowed_html_tags)) 847 { 848 return '</' . $matches[1] . '>'; 849 } 850 else 851 { 852 return htmlspecialchars('</' . $matches[1] . '>'); 853 } 854 } 855 856 // Check if this is an allowed tag 857 if (in_array(strtolower($tag[1]), $allowed_html_tags)) 858 { 859 $attributes = ''; 860 if (!empty($tag[2])) 861 { 862 preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test); 863 for ($i = 0; $i < sizeof($test[0]); $i++) 864 { 865 if (preg_match($disallowed_attributes, $test[1][$i])) 866 { 867 continue; 868 } 869 $attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i]; 870 } 871 } 872 if (in_array(strtolower($tag[1]), $allowed_html_tags)) 873 { 874 return '<' . $tag[1] . $attributes . '>'; 875 } 876 else 877 { 878 return htmlspecialchars('<' . $tag[1] . $attributes . '>'); 879 } 880 } 881 // Finally, this is not an allowed tag so strip all the attibutes and escape it 882 else 883 { 884 return htmlspecialchars('<' . $tag[1] . '>'); 885 } 886 } 887 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Mon Jan 14 19:21:40 2013 | Cross-referenced by PHPXref 0.7.1 |