| [ PHPXref.com ] | [ Generated: Sun Jul 20 20:57:59 2008 ] | [ vtiger Forums 1.1 ] |
| [ Index ] [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 /*************************************************************************** 3 * support_posting.php 4 * ------------------- 5 * begin : Saturday, Mar 26, 2004 6 * copyright : (C) 2001 The phpBB Group 7 * email : support@phpbb.com 8 * 9 * $Id: support_posting.php,v 1.2 2005/03/31 12:28:53 isaac Exp $ 10 * 11 * 12 ***************************************************************************/ 13 14 /*************************************************************************** 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License as published by 18 * the Free Software Foundation; either version 2 of the License, or 19 * (at your option) any later version. 20 * 21 ***************************************************************************/ 22 23 define('IN_PHPBB', true); 24 $phpbb_root_path = './'; 25 include ($phpbb_root_path . 'extension.inc'); 26 include($phpbb_root_path . 'common.'.$phpEx); 27 include($phpbb_root_path . 'includes/bbcode.'.$phpEx); 28 include($phpbb_root_path . 'includes/functions_post.'.$phpEx); 29 30 // 31 // Check and set various parameters 32 // 33 $params = array('submit' => 'post', 'confirm' => 'confirm', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode'); 34 while( list($var, $param) = @each($params) ) 35 { 36 if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) ) 37 { 38 $$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param]; 39 } 40 else 41 { 42 $$var = ''; 43 } 44 } 45 46 $params = array('forum_id' => POST_FORUM_URL, 'topic_id' => POST_TOPIC_URL, 'post_id' => POST_POST_URL); 47 while( list($var, $param) = @each($params) ) 48 { 49 if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) ) 50 { 51 $$var = ( !empty($HTTP_POST_VARS[$param]) ) ? intval($HTTP_POST_VARS[$param]) : intval($HTTP_GET_VARS[$param]); 52 } 53 else 54 { 55 $$var = ''; 56 } 57 } 58 59 $refresh = $preview || $poll_add || $poll_edit || $poll_delete; 60 61 // 62 // Set topic type 63 // 64 $topic_type = ( !empty($HTTP_POST_VARS['topictype']) ) ? intval($HTTP_POST_VARS['topictype']) : POST_NORMAL; 65 66 // 67 // If the mode is set to topic review then output 68 // that review ... 69 // 70 if ( $mode == 'topicreview' ) 71 { 72 require($phpbb_root_path . 'includes/topic_review.'.$phpEx); 73 74 topic_review($topic_id, false); 75 exit; 76 } 77 else if ( $mode == 'smilies' ) 78 { 79 generate_smilies('window', PAGE_POSTING); 80 exit; 81 } 82 83 // 84 // Start session management 85 // 86 $userdata = session_pagestart($user_ip, PAGE_POSTING); 87 init_userprefs($userdata); 88 // 89 // End session management 90 // 91 92 // 93 // Was cancel pressed? If so then redirect to the appropriate 94 // page, no point in continuing with any further checks 95 // 96 if ( isset($HTTP_POST_VARS['cancel']) ) 97 { 98 if ( $post_id ) 99 { 100 $redirect = "viewtopic.$phpEx?" . POST_POST_URL . "=$post_id"; 101 $post_append = "#$post_id"; 102 } 103 else if ( $topic_id ) 104 { 105 $redirect = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id"; 106 $post_append = ''; 107 } 108 else if ( $forum_id ) 109 { 110 $redirect = "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"; 111 $post_append = ''; 112 } 113 else 114 { 115 $redirect = "index.$phpEx"; 116 $post_append = ''; 117 } 118 119 redirect(append_sid($redirect, true) . $post_append); 120 } 121 122 // 123 // What auth type do we need to check? 124 // 125 $is_auth = array(); 126 switch( $mode ) 127 { 128 case 'newtopic': 129 if ( $topic_type == POST_ANNOUNCE ) 130 { 131 $is_auth_type = 'auth_announce'; 132 } 133 else if ( $topic_type == POST_STICKY ) 134 { 135 $is_auth_type = 'auth_sticky'; 136 } 137 else 138 { 139 $is_auth_type = 'auth_post'; 140 } 141 break; 142 case 'reply': 143 case 'quote': 144 $is_auth_type = 'auth_reply'; 145 break; 146 case 'editpost': 147 $is_auth_type = 'auth_edit'; 148 break; 149 case 'update_ticket': 150 $ticket_id = ( !empty($HTTP_GET_VARS['ticket_id']) ) ? $HTTP_GET_VARS['ticket_id'] : $HTTP_POST_VARS['ticket_id']; 151 $sql = "UPDATE " . TOPICS_TABLE . " SET ticket_id = '" . $ticket_id . "' WHERE topic_id = " . $topic_id ." OR topic_moved_id = ".$topic_id; 152 if ( !$db->sql_query($sql) ) 153 { 154 message_die(GENERAL_ERROR, 'Could not update ticket id for topic '.$topic_id, '', __LINE__, __FILE__, $sql); 155 } 156 message_die(GENERAL_MESSAGE, "Ticket ID: " . $ticket_id . " has been updated for topic $topic_id."); 157 break; 158 case 'delete': 159 case 'poll_delete': 160 $is_auth_type = 'auth_delete'; 161 break; 162 case 'vote': 163 $is_auth_type = 'auth_vote'; 164 break; 165 case 'topicreview': 166 $is_auth_type = 'auth_read'; 167 break; 168 default: 169 message_die(GENERAL_MESSAGE, $lang['No_post_mode']); 170 break; 171 } 172 173 // 174 // Here we do various lookups to find topic_id, forum_id, post_id etc. 175 // Doing it here prevents spoofing (eg. faking forum_id, topic_id or post_id 176 // 177 $error_msg = ''; 178 $post_data = array(); 179 switch ( $mode ) 180 { 181 case 'newtopic': 182 if ( empty($forum_id) ) 183 { 184 message_die(GENERAL_MESSAGE, $lang['Forum_not_exist']); 185 } 186 187 $sql = "SELECT * 188 FROM " . FORUMS_TABLE . " 189 WHERE forum_id = $forum_id"; 190 break; 191 192 case 'reply': 193 case 'vote': 194 if ( empty( $topic_id) ) 195 { 196 message_die(GENERAL_MESSAGE, $lang['No_topic_id']); 197 } 198 199 $sql = "SELECT f.*, t.topic_status, t.topic_title 200 FROM " . FORUMS_TABLE . " f, " . TOPICS_TABLE . " t 201 WHERE t.topic_id = $topic_id 202 AND f.forum_id = t.forum_id"; 203 break; 204 205 case 'quote': 206 case 'editpost': 207 case 'delete': 208 case 'poll_delete': 209 if ( empty($post_id) ) 210 { 211 message_die(GENERAL_MESSAGE, $lang['No_post_id']); 212 } 213 214 $select_sql = ( !$submit ) ? ", t.topic_title, p.enable_bbcode, p.enable_html, p.enable_smilies, p.enable_sig, p.post_username, pt.post_subject, pt.post_text, pt.bbcode_uid, u.username, u.user_id, u.user_sig" : ''; 215 $from_sql = ( !$submit ) ? ", " . POSTS_TEXT_TABLE . " pt, " . USERS_TABLE . " u" : ''; 216 $where_sql = ( !$submit ) ? "AND pt.post_id = p.post_id AND u.user_id = p.poster_id" : ''; 217 218 $sql = "SELECT f.*, t.topic_id, t.topic_status, t.topic_type, t.topic_first_post_id, t.topic_last_post_id, t.topic_vote, p.post_id, p.poster_id" . $select_sql . " 219 FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $from_sql . " 220 WHERE p.post_id = $post_id 221 AND t.topic_id = p.topic_id 222 AND f.forum_id = p.forum_id 223 $where_sql"; 224 break; 225 226 default: 227 message_die(GENERAL_MESSAGE, $lang['No_valid_mode']); 228 } 229 230 if ( $result = $db->sql_query($sql) ) 231 { 232 $post_info = $db->sql_fetchrow($result); 233 234 $forum_id = $post_info['forum_id']; 235 $forum_name = $post_info['forum_name']; 236 $forum_email = $post_info['forum_email']; 237 238 $is_auth = auth(AUTH_ALL, $forum_id, $userdata, $post_info); 239 240 if ( $post_info['forum_status'] == FORUM_LOCKED && !$is_auth['auth_mod']) 241 { 242 message_die(GENERAL_MESSAGE, $lang['Forum_locked']); 243 } 244 else if ( $mode != 'newtopic' && $post_info['topic_status'] == TOPIC_LOCKED && !$is_auth['auth_mod']) 245 { 246 message_die(GENERAL_MESSAGE, $lang['Topic_locked']); 247 } 248 249 if ( $mode == 'editpost' || $mode == 'delete' || $mode == 'poll_delete' ) 250 { 251 $topic_id = $post_info['topic_id']; 252 253 $post_data['poster_post'] = ( $post_info['poster_id'] == $userdata['user_id'] ) ? true : false; 254 $post_data['first_post'] = ( $post_info['topic_first_post_id'] == $post_id ) ? true : false; 255 $post_data['last_post'] = ( $post_info['topic_last_post_id'] == $post_id ) ? true : false; 256 $post_data['last_topic'] = ( $post_info['forum_last_post_id'] == $post_id ) ? true : false; 257 $post_data['has_poll'] = ( $post_info['topic_vote'] ) ? true : false; 258 $post_data['topic_type'] = $post_info['topic_type']; 259 $post_data['poster_id'] = $post_info['poster_id']; 260 261 if ( $post_data['first_post'] && $post_data['has_poll'] ) 262 { 263 $sql = "SELECT * 264 FROM " . VOTE_DESC_TABLE . " vd, " . VOTE_RESULTS_TABLE . " vr 265 WHERE vd.topic_id = $topic_id 266 AND vr.vote_id = vd.vote_id 267 ORDER BY vr.vote_option_id"; 268 if ( !($result = $db->sql_query($sql)) ) 269 { 270 message_die(GENERAL_ERROR, 'Could not obtain vote data for this topic', '', __LINE__, __FILE__, $sql); 271 } 272 273 $poll_options = array(); 274 $poll_results_sum = 0; 275 if ( $row = $db->sql_fetchrow($result) ) 276 { 277 $poll_title = $row['vote_text']; 278 $poll_id = $row['vote_id']; 279 $poll_length = $row['vote_length'] / 86400; 280 281 do 282 { 283 $poll_options[$row['vote_option_id']] = $row['vote_option_text']; 284 $poll_results_sum += $row['vote_result']; 285 } 286 while ( $row = $db->sql_fetchrow($result) ); 287 } 288 289 $post_data['edit_poll'] = ( ( !$poll_results_sum || $is_auth['auth_mod'] ) && $post_data['first_post'] ) ? true : 0; 290 } 291 else 292 { 293 $post_data['edit_poll'] = ($post_data['first_post'] && $is_auth['auth_pollcreate']) ? true : false; 294 } 295 296 // 297 // Can this user edit/delete the post/poll? 298 // 299 if ( $post_info['poster_id'] != $userdata['user_id'] && !$is_auth['auth_mod'] ) 300 { 301 $message = ( $delete || $mode == 'delete' ) ? $lang['Delete_own_posts'] : $lang['Edit_own_posts']; 302 $message .= '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>'); 303 304 message_die(GENERAL_MESSAGE, $message); 305 } 306 else if ( !$post_data['last_post'] && !$is_auth['auth_mod'] && ( $mode == 'delete' || $delete ) ) 307 { 308 message_die(GENERAL_MESSAGE, $lang['Cannot_delete_replied']); 309 } 310 else if ( !$post_data['edit_poll'] && !$is_auth['auth_mod'] && ( $mode == 'poll_delete' || $poll_delete ) ) 311 { 312 message_die(GENERAL_MESSAGE, $lang['Cannot_delete_poll']); 313 } 314 } 315 else 316 { 317 if ( $mode == 'quote' ) 318 { 319 $topic_id = $post_info['topic_id']; 320 } 321 322 $post_data['first_post'] = ( $mode == 'newtopic' ) ? true : 0; 323 $post_data['last_post'] = false; 324 $post_data['has_poll'] = false; 325 $post_data['edit_poll'] = false; 326 } 327 } 328 else 329 { 330 message_die(GENERAL_MESSAGE, $lang['No_such_post']); 331 } 332 333 // 334 // The user is not authed, if they're not logged in then redirect 335 // them, else show them an error message 336 // 337 /* if ( !$is_auth[$is_auth_type] ) 338 { 339 if ( $userdata['session_logged_in'] ) 340 { 341 message_die(GENERAL_MESSAGE, sprintf($lang['Sorry_' . $is_auth_type], $is_auth[$is_auth_type . "_type"])); 342 } 343 344 switch( $mode ) 345 { 346 case 'newtopic': 347 $redirect = "mode=newtopic&" . POST_FORUM_URL . "=" . $forum_id; 348 break; 349 case 'reply': 350 case 'topicreview': 351 $redirect = "mode=reply&" . POST_TOPIC_URL . "=" . $topic_id; 352 break; 353 case 'quote': 354 case 'editpost': 355 $redirect = "mode=quote&" . POST_POST_URL ."=" . $post_id; 356 break; 357 } 358 359 redirect(append_sid("login.$phpEx?redirect=posting.$phpEx&" . $redirect, true)); 360 }*/ 361 362 // 363 // Set toggles for various options 364 // 365 if ( !$board_config['allow_html'] ) 366 { 367 $html_on = 0; 368 } 369 else 370 { 371 $html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_html'] : $userdata['user_allowhtml'] ); 372 } 373 374 if ( !$board_config['allow_bbcode'] ) 375 { 376 $bbcode_on = 0; 377 } 378 else 379 { 380 $bbcode_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_bbcode']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_bbcode'] : $userdata['user_allowbbcode'] ); 381 } 382 383 if ( !$board_config['allow_smilies'] ) 384 { 385 $smilies_on = 0; 386 } 387 else 388 { 389 $smilies_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_smilies']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_smilies'] : $userdata['user_allowsmile'] ); 390 } 391 392 if ( ($submit || $refresh) && $is_auth['auth_read']) 393 { 394 $notify_user = ( !empty($HTTP_POST_VARS['notify']) ) ? TRUE : 0; 395 } 396 else 397 { 398 if ( $mode != 'newtopic' && $userdata['session_logged_in'] && $is_auth['auth_read'] ) 399 { 400 $sql = "SELECT topic_id 401 FROM " . TOPICS_WATCH_TABLE . " 402 WHERE topic_id = $topic_id 403 AND user_id = " . $userdata['user_id']; 404 if ( !($result = $db->sql_query($sql)) ) 405 { 406 message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); 407 } 408 409 $notify_user = ( $db->sql_fetchrow($result) ) ? TRUE : $userdata['user_notify']; 410 } 411 else 412 { 413 $notify_user = ( $userdata['session_logged_in'] && $is_auth['auth_read'] ) ? $userdata['user_notify'] : 0; 414 } 415 } 416 417 $attach_sig = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['attach_sig']) ) ? TRUE : 0 ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? 0 : $userdata['user_attachsig'] ); 418 419 // -------------------- 420 // What shall we do? 421 // 422 if ( ( $delete || $poll_delete || $mode == 'delete' ) && !$confirm ) 423 { 424 // 425 // Confirm deletion 426 // 427 $s_hidden_fields = '<input type="hidden" name="' . POST_POST_URL . '" value="' . $post_id . '" />'; 428 $s_hidden_fields .= ( $delete || $mode == "delete" ) ? '<input type="hidden" name="mode" value="delete" />' : '<input type="hidden" name="mode" value="poll_delete" />'; 429 430 $l_confirm = ( $delete || $mode == 'delete' ) ? $lang['Confirm_delete'] : $lang['Confirm_delete_poll']; 431 432 // 433 // Output confirmation page 434 // 435 include($phpbb_root_path . 'includes/page_header.'.$phpEx); 436 437 $template->set_filenames(array( 438 'confirm_body' => 'confirm_body.tpl') 439 ); 440 441 $template->assign_vars(array( 442 'MESSAGE_TITLE' => $lang['Information'], 443 'MESSAGE_TEXT' => $l_confirm, 444 445 'L_YES' => $lang['Yes'], 446 'L_NO' => $lang['No'], 447 448 'S_CONFIRM_ACTION' => append_sid("posting.$phpEx"), 449 'S_HIDDEN_FIELDS' => $s_hidden_fields) 450 ); 451 452 $template->pparse('confirm_body'); 453 454 include($phpbb_root_path . 'includes/page_tail.'.$phpEx); 455 } 456 else if ( $mode == 'vote' ) 457 { 458 // 459 // Vote in a poll 460 // 461 if ( !empty($HTTP_POST_VARS['vote_id']) ) 462 { 463 $vote_option_id = intval($HTTP_POST_VARS['vote_id']); 464 465 $sql = "SELECT vd.vote_id 466 FROM " . VOTE_DESC_TABLE . " vd, " . VOTE_RESULTS_TABLE . " vr 467 WHERE vd.topic_id = $topic_id 468 AND vr.vote_id = vd.vote_id 469 AND vr.vote_option_id = $vote_option_id 470 GROUP BY vd.vote_id"; 471 if ( !($result = $db->sql_query($sql)) ) 472 { 473 message_die(GENERAL_ERROR, 'Could not obtain vote data for this topic', '', __LINE__, __FILE__, $sql); 474 } 475 476 if ( $vote_info = $db->sql_fetchrow($result) ) 477 { 478 $vote_id = $vote_info['vote_id']; 479 480 $sql = "SELECT * 481 FROM " . VOTE_USERS_TABLE . " 482 WHERE vote_id = $vote_id 483 AND vote_user_id = " . $userdata['user_id']; 484 if ( !($result = $db->sql_query($sql)) ) 485 { 486 message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql); 487 } 488 489 if ( !($row = $db->sql_fetchrow($result)) ) 490 { 491 $sql = "UPDATE " . VOTE_RESULTS_TABLE . " 492 SET vote_result = vote_result + 1 493 WHERE vote_id = $vote_id 494 AND vote_option_id = $vote_option_id"; 495 if ( !$db->sql_query($sql, BEGIN_TRANSACTION) ) 496 { 497 message_die(GENERAL_ERROR, 'Could not update poll result', '', __LINE__, __FILE__, $sql); 498 } 499 500 $sql = "INSERT INTO " . VOTE_USERS_TABLE . " (vote_id, vote_user_id, vote_user_ip) 501 VALUES ($vote_id, " . $userdata['user_id'] . ", '$user_ip')"; 502 if ( !$db->sql_query($sql, END_TRANSACTION) ) 503 { 504 message_die(GENERAL_ERROR, "Could not insert user_id for poll", "", __LINE__, __FILE__, $sql); 505 } 506 507 $message = $lang['Vote_cast']; 508 } 509 else 510 { 511 $message = $lang['Already_voted']; 512 } 513 } 514 else 515 { 516 $message = $lang['No_vote_option']; 517 } 518 519 $template->assign_vars(array( 520 'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">') 521 ); 522 $message .= '<br /><br />' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>'); 523 message_die(GENERAL_MESSAGE, $message); 524 } 525 else 526 { 527 redirect(append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id", true)); 528 } 529 } 530 else if ( $submit || $confirm ) 531 { 532 //Added by rajkumar 533 $blogcat=''; 534 // 535 // Submit post/vote (newtopic, edit, reply, etc.) 536 // 537 $return_message = ''; 538 $return_meta = ''; 539 540 switch ( $mode ) 541 { 542 case 'editpost': 543 case 'newtopic': 544 $username = ( !empty($HTTP_POST_VARS['username']) ) ? $HTTP_POST_VARS['username'] : ''; 545 $subject = ( !empty($HTTP_POST_VARS['subject']) ) ? trim($HTTP_POST_VARS['subject']) : ''; 546 $message = ( !empty($HTTP_POST_VARS['message']) ) ? $HTTP_POST_VARS['message'] : ''; 547 $poll_title = ( isset($HTTP_POST_VARS['poll_title']) && $is_auth['auth_pollcreate'] ) ? $HTTP_POST_VARS['poll_title'] : ''; 548 $poll_options = ( isset($HTTP_POST_VARS['poll_option_text']) && $is_auth['auth_pollcreate'] ) ? $HTTP_POST_VARS['poll_option_text'] : ''; 549 $poll_length = ( isset($HTTP_POST_VARS['poll_length']) && $is_auth['auth_pollcreate'] ) ? $HTTP_POST_VARS['poll_length'] : ''; 550 $bbcode_uid = ''; 551