0,0 → 1,887 |
<?php |
/*************************************************************************** |
* functions_post.php |
* ------------------- |
* begin : Saturday, Feb 13, 2001 |
* copyright : (C) 2001 The phpBB Group |
* email : support@phpbb.com |
* |
* $Id: functions_post.php,v 1.9.2.52 2006/05/06 13:38:55 grahamje Exp $ |
* |
* |
***************************************************************************/ |
|
/*************************************************************************** |
* |
* This program is free software; you can redistribute it and/or modify |
* it under the terms of the GNU General Public License as published by |
* the Free Software Foundation; either version 2 of the License, or |
* (at your option) any later version. |
* |
***************************************************************************/ |
|
if (!defined('IN_PHPBB')) |
{ |
die('Hacking attempt'); |
} |
|
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#'); |
$html_entities_replace = array('&', '<', '>', '"'); |
|
$unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#'); |
$unhtml_specialchars_replace = array('>', '<', '"', '&'); |
|
// |
// This function will prepare a posted message for |
// entry into the database. |
// |
function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) |
{ |
global $board_config, $html_entities_match, $html_entities_replace; |
|
// |
// Clean up the message |
// |
$message = trim($message); |
|
if ($html_on) |
{ |
// If HTML is on, we try to make it safe |
// This approach is quite agressive and anything that does not look like a valid tag |
// is going to get converted to HTML entities |
$message = stripslashes($message); |
$html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#'; |
$matches = array(); |
|
$message_split = preg_split($html_match, $message); |
preg_match_all($html_match, $message, $matches); |
|
$message = ''; |
|
foreach ($message_split as $part) |
{ |
$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2])); |
$message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag); |
} |
|
$message = addslashes($message); |
$message = str_replace('"', '\"', $message); |
} |
else |
{ |
$message = preg_replace($html_entities_match, $html_entities_replace, $message); |
} |
|
if($bbcode_on && $bbcode_uid != '') |
{ |
$message = bbencode_first_pass($message, $bbcode_uid); |
} |
|
return $message; |
} |
|
function unprepare_message($message) |
{ |
global $unhtml_specialchars_match, $unhtml_specialchars_replace; |
|
return preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, $message); |
} |
|
// |
// Prepare a message for posting |
// |
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length) |
{ |
global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path; |
|
// Check username |
if (!empty($username)) |
{ |
$username = phpbb_clean_username($username); |
|
if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username'])) |
{ |
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); |
|
$result = validate_username($username); |
if ($result['error']) |
{ |
$error_msg .= (!empty($error_msg)) ? '<br />' . $result['error_msg'] : $result['error_msg']; |
} |
} |
else |
{ |
$username = ''; |
} |
} |
|
// Check subject |
if (!empty($subject)) |
{ |
$subject = htmlspecialchars(trim($subject)); |
} |
else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) |
{ |
$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject']; |
} |
|
// Check message |
if (!empty($message)) |
{ |
$bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : ''; |
$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); |
} |
else if ($mode != 'delete' && $mode != 'poll_delete') |
{ |
$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message']; |
} |
|
// |
// Handle poll stuff |
// |
if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) |
{ |
$poll_length = (isset($poll_length)) ? max(0, intval($poll_length)) : 0; |
|
if (!empty($poll_title)) |
{ |
$poll_title = htmlspecialchars(trim($poll_title)); |
} |
|
if(!empty($poll_options)) |
{ |
$temp_option_text = array(); |
while(list($option_id, $option_text) = @each($poll_options)) |
{ |
$option_text = trim($option_text); |
if (!empty($option_text)) |
{ |
$temp_option_text[intval($option_id)] = htmlspecialchars($option_text); |
} |
} |
$option_text = $temp_option_text; |
|
if (count($poll_options) < 2) |
{ |
$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; |
} |
else if (count($poll_options) > $board_config['max_poll_options']) |
{ |
$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; |
} |
else if ($poll_title == '') |
{ |
$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; |
} |
} |
} |
|
return; |
} |
|
// |
// Post a new topic/reply/poll or edit existing post/poll |
// |
function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, &$poll_options, &$poll_length) |
{ |
global $board_config, $lang, $db, $phpbb_root_path, $phpEx; |
global $userdata, $user_ip; |
|
include($phpbb_root_path . 'includes/functions_search.'.$phpEx); |
|
$current_time = time(); |
|
if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') |
{ |
// |
// Flood control |
// |
$where_sql = ($userdata['user_id'] == ANONYMOUS) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id']; |
$sql = "SELECT MAX(post_time) AS last_post_time |
FROM " . POSTS_TABLE . " |
WHERE $where_sql"; |
if ($result = $db->sql_query($sql)) |
{ |
if ($row = $db->sql_fetchrow($result)) |
{ |
if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval'])) |
{ |
message_die(GENERAL_MESSAGE, $lang['Flood_Error']); |
} |
} |
} |
} |
|
if ($mode == 'editpost') |
{ |
remove_search_post($post_id); |
} |
|
if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post'])) |
{ |
$topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0; |
|
$sql = ($mode != "editpost") ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type " . (($post_data['edit_vote'] || !empty($poll_title)) ? ", topic_vote = " . $topic_vote : "") . " WHERE topic_id = $topic_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); |
} |
|
if ($mode == 'newtopic') |
{ |
$topic_id = $db->sql_nextid(); |
} |
} |
|
$edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : ""; |
$sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id"; |
if (!$db->sql_query($sql, BEGIN_TRANSACTION)) |
{ |
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); |
} |
|
if ($mode != 'editpost') |
{ |
$post_id = $db->sql_nextid(); |
} |
|
$sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); |
} |
|
add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject)); |
|
// |
// Add poll |
// |
if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2) |
{ |
$sql = (!$post_data['has_poll']) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ($poll_length * 86400) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ($poll_length * 86400) . " WHERE topic_id = $topic_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); |
} |
|
$delete_option_sql = ''; |
$old_poll_result = array(); |
if ($mode == 'editpost' && $post_data['has_poll']) |
{ |
$sql = "SELECT vote_option_id, vote_result |
FROM " . VOTE_RESULTS_TABLE . " |
WHERE vote_id = $poll_id |
ORDER BY vote_option_id ASC"; |
if (!($result = $db->sql_query($sql))) |
{ |
message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql); |
} |
|
while ($row = $db->sql_fetchrow($result)) |
{ |
$old_poll_result[$row['vote_option_id']] = $row['vote_result']; |
|
if (!isset($poll_options[$row['vote_option_id']])) |
{ |
$delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id']; |
} |
} |
} |
else |
{ |
$poll_id = $db->sql_nextid(); |
} |
|
@reset($poll_options); |
|
$poll_option_id = 1; |
while (list($option_id, $option_text) = each($poll_options)) |
{ |
if (!empty($option_text)) |
{ |
$option_text = str_replace("\'", "''", htmlspecialchars($option_text)); |
$poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0; |
|
$sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); |
} |
$poll_option_id++; |
} |
} |
|
if ($delete_option_sql != '') |
{ |
$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " |
WHERE vote_option_id IN ($delete_option_sql) |
AND vote_id = $poll_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql); |
} |
} |
} |
|
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">'; |
$message = $lang['Stored'] . '<br /><br />' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>'); |
|
return false; |
} |
|
// |
// Update post stats and details |
// |
function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$user_id) |
{ |
global $db; |
|
$sign = ($mode == 'delete') ? '- 1' : '+ 1'; |
$forum_update_sql = "forum_posts = forum_posts $sign"; |
$topic_update_sql = ''; |
|
if ($mode == 'delete') |
{ |
if ($post_data['last_post']) |
{ |
if ($post_data['first_post']) |
{ |
$forum_update_sql .= ', forum_topics = forum_topics - 1'; |
} |
else |
{ |
|
$topic_update_sql .= 'topic_replies = topic_replies - 1'; |
|
$sql = "SELECT MAX(post_id) AS last_post_id |
FROM " . POSTS_TABLE . " |
WHERE topic_id = $topic_id"; |
if (!($result = $db->sql_query($sql))) |
{ |
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); |
} |
|
if ($row = $db->sql_fetchrow($result)) |
{ |
$topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id']; |
} |
} |
|
if ($post_data['last_topic']) |
{ |
$sql = "SELECT MAX(post_id) AS last_post_id |
FROM " . POSTS_TABLE . " |
WHERE forum_id = $forum_id"; |
if (!($result = $db->sql_query($sql))) |
{ |
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); |
} |
|
if ($row = $db->sql_fetchrow($result)) |
{ |
$forum_update_sql .= ($row['last_post_id']) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0'; |
} |
} |
} |
else if ($post_data['first_post']) |
{ |
$sql = "SELECT MIN(post_id) AS first_post_id |
FROM " . POSTS_TABLE . " |
WHERE topic_id = $topic_id"; |
if (!($result = $db->sql_query($sql))) |
{ |
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); |
} |
|
if ($row = $db->sql_fetchrow($result)) |
{ |
$topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['first_post_id']; |
} |
} |
else |
{ |
$topic_update_sql .= 'topic_replies = topic_replies - 1'; |
} |
} |
else if ($mode != 'poll_delete') |
{ |
$forum_update_sql .= ", forum_last_post_id = $post_id" . (($mode == 'newtopic') ? ", forum_topics = forum_topics $sign" : ""); |
$topic_update_sql = "topic_last_post_id = $post_id" . (($mode == 'reply') ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id"); |
} |
else |
{ |
$topic_update_sql .= 'topic_vote = 0'; |
} |
|
if ($mode != 'poll_delete') |
{ |
$sql = "UPDATE " . FORUMS_TABLE . " SET |
$forum_update_sql |
WHERE forum_id = $forum_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); |
} |
} |
|
if ($topic_update_sql != '') |
{ |
$sql = "UPDATE " . TOPICS_TABLE . " SET |
$topic_update_sql |
WHERE topic_id = $topic_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); |
} |
} |
|
if ($mode != 'poll_delete') |
{ |
$sql = "UPDATE " . USERS_TABLE . " |
SET user_posts = user_posts $sign |
WHERE user_id = $user_id"; |
if (!$db->sql_query($sql, END_TRANSACTION)) |
{ |
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); |
} |
} |
|
return; |
} |
|
// |
// Delete a post/poll |
// |
function delete_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id) |
{ |
global $board_config, $lang, $db, $phpbb_root_path, $phpEx; |
global $userdata, $user_ip; |
|
if ($mode != 'poll_delete') |
{ |
include($phpbb_root_path . 'includes/functions_search.'.$phpEx); |
|
$sql = "DELETE FROM " . POSTS_TABLE . " |
WHERE post_id = $post_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); |
} |
|
$sql = "DELETE FROM " . POSTS_TEXT_TABLE . " |
WHERE post_id = $post_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); |
} |
|
if ($post_data['last_post']) |
{ |
if ($post_data['first_post']) |
{ |
$forum_update_sql .= ', forum_topics = forum_topics - 1'; |
$sql = "DELETE FROM " . TOPICS_TABLE . " |
WHERE topic_id = $topic_id |
OR topic_moved_id = $topic_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); |
} |
|
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " |
WHERE topic_id = $topic_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql); |
} |
} |
} |
|
remove_search_post($post_id); |
} |
|
if ($mode == 'poll_delete' || ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) && $post_data['has_poll'] && $post_data['edit_poll']) |
{ |
$sql = "DELETE FROM " . VOTE_DESC_TABLE . " |
WHERE topic_id = $topic_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); |
} |
|
$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " |
WHERE vote_id = $poll_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); |
} |
|
$sql = "DELETE FROM " . VOTE_USERS_TABLE . " |
WHERE vote_id = $poll_id"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql); |
} |
} |
|
if ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) |
{ |
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . '=' . $forum_id) . '">'; |
$message = $lang['Deleted']; |
} |
else |
{ |
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $topic_id) . '">'; |
$message = (($mode == 'poll_delete') ? $lang['Poll_delete'] : $lang['Deleted']) . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>'); |
} |
|
$message .= '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>'); |
|
return; |
} |
|
// |
// Handle user notification on new post |
// |
function user_notification($mode, &$post_data, &$topic_title, &$forum_id, &$topic_id, &$post_id, &$notify_user) |
{ |
global $board_config, $lang, $db, $phpbb_root_path, $phpEx; |
global $userdata, $user_ip; |
|
$current_time = time(); |
|
if ($mode != 'delete') |
{ |
if ($mode == 'reply') |
{ |
$sql = "SELECT ban_userid |
FROM " . BANLIST_TABLE; |
if (!($result = $db->sql_query($sql))) |
{ |
message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql); |
} |
|
$user_id_sql = ''; |
while ($row = $db->sql_fetchrow($result)) |
{ |
if (isset($row['ban_userid']) && !empty($row['ban_userid'])) |
{ |
$user_id_sql .= ', ' . $row['ban_userid']; |
} |
} |
|
$sql = "SELECT u.user_id, u.user_email, u.user_lang |
FROM " . TOPICS_WATCH_TABLE . " tw, " . USERS_TABLE . " u |
WHERE tw.topic_id = $topic_id |
AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . ") |
AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " |
AND u.user_id = tw.user_id"; |
if (!($result = $db->sql_query($sql))) |
{ |
message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql); |
} |
|
$update_watched_sql = ''; |
$bcc_list_ary = array(); |
|
if ($row = $db->sql_fetchrow($result)) |
{ |
// Sixty second limit |
@set_time_limit(60); |
|
do |
{ |
if ($row['user_email'] != '') |
{ |
$bcc_list_ary[$row['user_lang']][] = $row['user_email']; |
} |
$update_watched_sql .= ($update_watched_sql != '') ? ', ' . $row['user_id'] : $row['user_id']; |
} |
while ($row = $db->sql_fetchrow($result)); |
|
// |
// Let's do some checking to make sure that mass mail functions |
// are working in win32 versions of php. |
// |
if (preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery']) |
{ |
$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var'; |
|
// We are running on windows, force delivery to use our smtp functions |
// since php's are broken by default |
$board_config['smtp_delivery'] = 1; |
$board_config['smtp_host'] = @$ini_val('SMTP'); |
} |
|
if (sizeof($bcc_list_ary)) |
{ |
include($phpbb_root_path . 'includes/emailer.'.$phpEx); |
$emailer = new emailer($board_config['smtp_delivery']); |
|
$script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path'])); |
$script_name = ($script_name != '') ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx; |
$server_name = trim($board_config['server_name']); |
$server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://'; |
$server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) . '/' : '/'; |
|
$orig_word = array(); |
$replacement_word = array(); |
obtain_word_list($orig_word, $replacement_word); |
|
$emailer->from($board_config['board_email']); |
$emailer->replyto($board_config['board_email']); |
|
$topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($topic_title)) : unprepare_message($topic_title); |
|
@reset($bcc_list_ary); |
while (list($user_lang, $bcc_list) = each($bcc_list_ary)) |
{ |
$emailer->use_template('topic_notify', $user_lang); |
|
for ($i = 0; $i < count($bcc_list); $i++) |
{ |
$emailer->bcc($bcc_list[$i]); |
} |
|
// The Topic_reply_notification lang string below will be used |
// if for some reason the mail template subject cannot be read |
// ... note it will not necessarily be in the posters own language! |
$emailer->set_subject($lang['Topic_reply_notification']); |
|
// This is a nasty kludge to remove the username var ... till (if?) |
// translators update their templates |
$emailer->msg = preg_replace('#[ ]?{USERNAME}#', '', $emailer->msg); |
|
$emailer->assign_vars(array( |
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '', |
'SITENAME' => $board_config['sitename'], |
'TOPIC_TITLE' => $topic_title, |
|
'U_TOPIC' => $server_protocol . $server_name . $server_port . $script_name . '?' . POST_POST_URL . "=$post_id#$post_id", |
'U_STOP_WATCHING_TOPIC' => $server_protocol . $server_name . $server_port . $script_name . '?' . POST_TOPIC_URL . "=$topic_id&unwatch=topic") |
); |
|
$emailer->send(); |
$emailer->reset(); |
} |
} |
} |
$db->sql_freeresult($result); |
|
if ($update_watched_sql != '') |
{ |
$sql = "UPDATE " . TOPICS_WATCH_TABLE . " |
SET notify_status = " . TOPIC_WATCH_NOTIFIED . " |
WHERE topic_id = $topic_id |
AND user_id IN ($update_watched_sql)"; |
$db->sql_query($sql); |
} |
} |
|
$sql = "SELECT topic_id |
FROM " . TOPICS_WATCH_TABLE . " |
WHERE topic_id = $topic_id |
AND user_id = " . $userdata['user_id']; |
if (!($result = $db->sql_query($sql))) |
{ |
message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql); |
} |
|
$row = $db->sql_fetchrow($result); |
|
if (!$notify_user && !empty($row['topic_id'])) |
{ |
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " |
WHERE topic_id = $topic_id |
AND user_id = " . $userdata['user_id']; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql); |
} |
} |
else if ($notify_user && empty($row['topic_id'])) |
{ |
$sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status) |
VALUES (" . $userdata['user_id'] . ", $topic_id, 0)"; |
if (!$db->sql_query($sql)) |
{ |
message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql); |
} |
} |
} |
} |
|
// |
// Fill smiley templates (or just the variables) with smileys |
// Either in a window or inline |
// |
function generate_smilies($mode, $page_id) |
{ |
global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path; |
global $user_ip, $session_length, $starttime; |
global $userdata; |
|
$inline_columns = 4; |
$inline_rows = 5; |
$window_columns = 8; |
|
if ($mode == 'window') |
{ |
$userdata = session_pagestart($user_ip, $page_id); |
init_userprefs($userdata); |
|
$gen_simple_header = TRUE; |
|
$page_title = $lang['Emoticons']; |
include($phpbb_root_path . 'includes/page_header.'.$phpEx); |
|
$template->set_filenames(array( |
'smiliesbody' => 'posting_smilies.tpl') |
); |
} |
|
$sql = "SELECT emoticon, code, smile_url |
FROM " . SMILIES_TABLE . " |
ORDER BY smilies_id"; |
if ($result = $db->sql_query($sql)) |
{ |
$num_smilies = 0; |
$rowset = array(); |
while ($row = $db->sql_fetchrow($result)) |
{ |
if (empty($rowset[$row['smile_url']])) |
{ |
$rowset[$row['smile_url']]['code'] = str_replace("'", "\\'", str_replace('\\', '\\\\', $row['code'])); |
$rowset[$row['smile_url']]['emoticon'] = $row['emoticon']; |
$num_smilies++; |
} |
} |
|
if ($num_smilies) |
{ |
$smilies_count = ($mode == 'inline') ? min(19, $num_smilies) : $num_smilies; |
$smilies_split_row = ($mode == 'inline') ? $inline_columns - 1 : $window_columns - 1; |
|
$s_colspan = 0; |
$row = 0; |
$col = 0; |
|
while (list($smile_url, $data) = @each($rowset)) |
{ |
if (!$col) |
{ |
$template->assign_block_vars('smilies_row', array()); |
} |
|
$template->assign_block_vars('smilies_row.smilies_col', array( |
'SMILEY_CODE' => $data['code'], |
'SMILEY_IMG' => $board_config['smilies_path'] . '/' . $smile_url, |
'SMILEY_DESC' => $data['emoticon']) |
); |
|
$s_colspan = max($s_colspan, $col + 1); |
|
if ($col == $smilies_split_row) |
{ |
if ($mode == 'inline' && $row == $inline_rows - 1) |
{ |
break; |
} |
$col = 0; |
$row++; |
} |
else |
{ |
$col++; |
} |
} |
|
if ($mode == 'inline' && $num_smilies > $inline_rows * $inline_columns) |
{ |
$template->assign_block_vars('switch_smilies_extra', array()); |
|
$template->assign_vars(array( |
'L_MORE_SMILIES' => $lang['More_emoticons'], |
'U_MORE_SMILIES' => append_sid("posting.$phpEx?mode=smilies")) |
); |
} |
|
$template->assign_vars(array( |
'L_EMOTICONS' => $lang['Emoticons'], |
'L_CLOSE_WINDOW' => $lang['Close_window'], |
'S_SMILIES_COLSPAN' => $s_colspan) |
); |
} |
} |
|
if ($mode == 'window') |
{ |
$template->pparse('smiliesbody'); |
|
include($phpbb_root_path . 'includes/page_tail.'.$phpEx); |
} |
} |
|
/** |
* Called from within prepare_message to clean included HTML tags if HTML is |
* turned on for that post |
* @param array $tag Matching text from the message to parse |
*/ |
function clean_html($tag) |
{ |
global $board_config; |
|
if (empty($tag[0])) |
{ |
return ''; |
} |
|
$allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags'])); |
$disallowed_attributes = '/^(?:style|on)/i'; |
|
// Check if this is an end tag |
preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches); |
if (sizeof($matches)) |
{ |
if (in_array(strtolower($matches[1]), $allowed_html_tags)) |
{ |
return '</' . $matches[1] . '>'; |
} |
else |
{ |
return htmlspecialchars('</' . $matches[1] . '>'); |
} |
} |
|
// Check if this is an allowed tag |
if (in_array(strtolower($tag[1]), $allowed_html_tags)) |
{ |
$attributes = ''; |
if (!empty($tag[2])) |
{ |
preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test); |
for ($i = 0; $i < sizeof($test[0]); $i++) |
{ |
if (preg_match($disallowed_attributes, $test[1][$i])) |
{ |
continue; |
} |
$attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i]; |
} |
} |
if (in_array(strtolower($tag[1]), $allowed_html_tags)) |
{ |
return '<' . $tag[1] . $attributes . '>'; |
} |
else |
{ |
return htmlspecialchars('<' . $tag[1] . $attributes . '>'); |
} |
} |
// Finally, this is not an allowed tag so strip all the attibutes and escape it |
else |
{ |
return htmlspecialchars('<' . $tag[1] . '>'); |
} |
} |
?> |