diff --git a/upload/ajax/posts.php b/upload/ajax/posts.php
index d4c4fcc18..381845a7d 100644
--- a/upload/ajax/posts.php
+++ b/upload/ajax/posts.php
@@ -1,290 +1,290 @@
-request['type']))
-{
- $this->ajax_die('empty type');
-}
-if (isset($this->request['post_id']))
-{
- $post_id = (int) $this->request['post_id'];
- $post = DB()->fetch_row("SELECT t.*, f.*, p.*, pt.post_text
- FROM ". BB_TOPICS ." t, ". BB_FORUMS ." f, ". BB_POSTS ." p, ". BB_POSTS_TEXT ." pt
- WHERE p.post_id = $post_id
- AND t.topic_id = p.topic_id
- AND f.forum_id = t.forum_id
- AND p.post_id = pt.post_id
- LIMIT 1");
-}
-
-if (!defined('WORD_LIST_OBTAINED'))
-{
- $orig_word = array();
- $replace_word = array();
- obtain_word_list($orig_word, $replace_word);
- define('WORD_LIST_OBTAINED', true);
-}
-
-switch($this->request['type'])
-{
- case 'delete';
- if(!$post) $this->ajax_die('not post');
-
- $is_auth = auth(AUTH_ALL, $post['forum_id'], $userdata, $post);
-
- if($post['post_id'] != $post['topic_first_post_id'] && ($is_auth['auth_mod'] || ($userdata['user_id'] == $post['poster_id'] && $is_auth['auth_delete'] && $post['topic_last_post_id'] == $post['post_id'] && $post['post_time'] + 3600*3 > TIMENOW)))
- {
- if (empty($this->request['confirmed']))
- {
- $this->prompt_for_confirm($lang['CONFIRM_DELETE']);
- }
- post_delete($post_id);
- $this->response['hide'] = true;
- $this->response['post_id'] = $post_id;
- }
- else
- {
- $this->ajax_die(sprintf($lang['SORRY_AUTH_DELETE'], strip_tags($is_auth['auth_delete_type'])));
- }
- break;
-
- case 'reply';
- if(!$post) $this->ajax_die($lang['NOT_POST']);
-
- $is_auth = auth(AUTH_ALL, $post['forum_id'], $userdata, $post);
- if(bf($userdata['user_opt'], 'user_opt', 'allow_post'))
- {
- $this->ajax_die($lang['RULES_REPLY_CANNOT']);
- }
- else if(!$is_auth['auth_reply'])
- {
- $this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
- }
-
- // Use trim to get rid of spaces placed there by MS-SQL 2000
- $quote_username = (trim($post['post_username']) != '') ? $post['post_username'] : get_username($post['poster_id']);
- $message = "[quote=\"". $quote_username ."\"]". $post['post_text'] ."[/quote]\n";
- // hide user passkey
- $message = preg_replace('#(?<=\?uk=)[a-zA-Z0-9]{10}(?=&)#', 'passkey', $message);
- // hide sid
- $message = preg_replace('#(?<=[\?&;]sid=)[a-zA-Z0-9]{12}#', 'sid', $message);
-
- if (!empty($orig_word))
- {
- $message = (!empty($message)) ? preg_replace($orig_word, $replace_word, $message) : '';
- }
-
- if($post['post_id'] == $post['topic_first_post_id'])
- {
- $message = "[quote]". $post['topic_title'] ."[/quote]\n";
- }
- if(mb_strlen($message, 'UTF-8') > 1000)
- {
- $this->response['redirect'] = make_url('posting.php?mode=quote&p='. $post_id);
- }
-
- $this->response['quote'] = true;
- $this->response['message'] = $message;
- break;
-
- case 'view_message':
- $message = (string) $this->request['message'];
- if(!trim($message)) $this->ajax_die($lang['EMPTY_MESSAGE']);
-
- $this->response['message_html'] = bbcode2html($message);
- $this->response['res_id'] = $this->request['res_id'];
- break;
-
- case 'edit':
- case 'editor':
- if(!$post) $this->ajax_die($lang['NOT_POST']);
-
- if((mb_strlen($post['post_text'], 'UTF-8') > 1000) || $post['post_attachment'] || ($post['topic_first_post_id'] == $post_id))
- {
- $this->response['redirect'] = make_url('posting.php?mode=editpost&p='. $post_id);
- }
- else if($this->request['type'] == 'editor')
- {
- $text = (string) $this->request['text'];
- $text = prepare_message($text);
-
- if(mb_strlen($text) > 2)
- {
- if($text != $post['post_text'])
- {
- if($bb_cfg['max_smilies'])
- {
- $count_smilies = substr_count(bbcode2html($text), ';
- if($count_smilies > $bb_cfg['max_smilies'])
- {
- $this->ajax_die(sprintf($lang['MAX_SMILIES_PER_POST'], $bb_cfg['max_smilies']));
- }
- }
- DB()->query()
$post_id,
- 'post_text' => $text,
- ));
- }
- }
- else $this->ajax_die($lang['EMPTY_MESSAGE']);
-
- $this->response['html'] = bbcode2html($text);
- }
- else
- {
- $is_auth = auth(AUTH_ALL, $post['forum_id'], $userdata, $post);
- if ($post['topic_status'] == TOPIC_LOCKED && !$is_auth['auth_mod'])
- {
- $this->ajax_die($lang['TOPIC_LOCKED']);
- }
- else if(!$is_auth['auth_edit'])
- {
- $this->ajax_die(sprintf($lang['SORRY_AUTH_EDIT'], strip_tags($is_auth['auth_edit_type'])));
- }
-
- $hidden_form = '';
- $hidden_form .= '';
- $hidden_form .= '';
-
- $this->response['text'] = '
- ';
- }
- $this->response['post_id'] = $post_id;
- break;
-
- case 'add':
- if (!isset($this->request['topic_id']))
- {
- $this->ajax_die('empty topic_id');
- }
- $topic_id = (int) $this->request['topic_id'];
- $t_data = DB()->fetch_row("SELECT t.*, f.*
- FROM ". BB_TOPICS ." t, ". BB_FORUMS ." f
- WHERE t.topic_id = $topic_id
- AND f.forum_id = t.forum_id
- LIMIT 1");
- if(!$t_data) $this->ajax_die($lang['TOPIC_POST_NOT_EXIST']);
-
- $is_auth = auth(AUTH_ALL, $t_data['forum_id'], $userdata, $t_data);
- if(bf($userdata['user_opt'], 'user_opt', 'allow_post'))
- {
- $this->ajax_die($lang['RULES_REPLY_CANNOT']);
- }
- else if(!$is_auth['auth_reply'])
- {
- $this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
- }
-
- $message = (string) $this->request['message'];
- $message = prepare_message($message);
-
- // Flood control
- $where_sql = (IS_GUEST) ? "p.poster_ip = '". USER_IP ."'" : "p.poster_id = {$userdata['user_id']}";
-
- $sql = "SELECT MAX(p.post_time) AS last_post_time FROM ". BB_POSTS ." p WHERE $where_sql";
- if ($row = DB()->fetch_row($sql) AND $row['last_post_time'])
- {
- if ($userdata['user_level'] == USER)
- {
- if (TIMENOW - $row['last_post_time'] < $bb_cfg['flood_interval'])
- {
- $this->ajax_die($lang['FLOOD_ERROR']);
- }
- }
- }
-
- // Double Post Control
- if (!empty($row['last_post_time']) && !IS_AM)
- {
- $sql = "
- SELECT pt.post_text
- FROM ". BB_POSTS ." p, ". BB_POSTS_TEXT ." pt
- WHERE $where_sql
- AND p.post_time = ". (int) $row['last_post_time'] ."
- AND pt.post_id = p.post_id
- LIMIT 1
- ";
-
- if ($row = DB()->fetch_row($sql))
- {
- $last_msg = DB()->escape($row['post_text']);
-
- if ($last_msg == $message)
- {
- $this->ajax_die($lang['DOUBLE_POST_ERROR']);
- }
- }
- }
-
- if($bb_cfg['max_smilies'])
- {
- $count_smilies = substr_count(bbcode2html($message), ';
- if($count_smilies > $bb_cfg['max_smilies'])
- {
- $this->ajax_die(sprintf($lang['MAX_SMILIES_PER_POST'], $bb_cfg['max_smilies']));
- }
- }
-
- DB()->sql_query()
sql_nextid();
- DB()->sql_query("INSERT INTO " . BB_POSTS_TEXT . " (post_id, post_text) VALUES ($post_id, '". DB()->escape($message) ."')");
-
- update_post_stats('reply', $t_data, $t_data['forum_id'], $topic_id, $post_id, $userdata['user_id']);
-
- add_search_words($post_id, stripslashes($message), stripslashes($t_data['topic_title']));
- update_post_html(array(
- 'post_id' => $post_id,
- 'post_text' => $message,
- ));
-
- $this->response['redirect'] = make_url(POST_URL . $post_id .'#'. $post_id);
- break;
-
- default:
- $this->ajax_die('empty type');
- break;
-}
+request['type']))
+{
+ $this->ajax_die('empty type');
+}
+if (isset($this->request['post_id']))
+{
+ $post_id = (int) $this->request['post_id'];
+ $post = DB()->fetch_row("SELECT t.*, f.*, p.*, pt.post_text
+ FROM ". BB_TOPICS ." t, ". BB_FORUMS ." f, ". BB_POSTS ." p, ". BB_POSTS_TEXT ." pt
+ WHERE p.post_id = $post_id
+ AND t.topic_id = p.topic_id
+ AND f.forum_id = t.forum_id
+ AND p.post_id = pt.post_id
+ LIMIT 1");
+}
+
+if (!defined('WORD_LIST_OBTAINED'))
+{
+ $orig_word = array();
+ $replace_word = array();
+ obtain_word_list($orig_word, $replace_word);
+ define('WORD_LIST_OBTAINED', true);
+}
+
+switch($this->request['type'])
+{
+ case 'delete';
+ if(!$post) $this->ajax_die('not post');
+
+ $is_auth = auth(AUTH_ALL, $post['forum_id'], $userdata, $post);
+
+ if($post['post_id'] != $post['topic_first_post_id'] && ($is_auth['auth_mod'] || ($userdata['user_id'] == $post['poster_id'] && $is_auth['auth_delete'] && $post['topic_last_post_id'] == $post['post_id'] && $post['post_time'] + 3600*3 > TIMENOW)))
+ {
+ if (empty($this->request['confirmed']))
+ {
+ $this->prompt_for_confirm($lang['CONFIRM_DELETE']);
+ }
+ post_delete($post_id);
+ $this->response['hide'] = true;
+ $this->response['post_id'] = $post_id;
+ }
+ else
+ {
+ $this->ajax_die(sprintf($lang['SORRY_AUTH_DELETE'], strip_tags($is_auth['auth_delete_type'])));
+ }
+ break;
+
+ case 'reply';
+ if(!$post) $this->ajax_die($lang['NOT_POST']);
+
+ $is_auth = auth(AUTH_ALL, $post['forum_id'], $userdata, $post);
+ if(bf($userdata['user_opt'], 'user_opt', 'allow_post'))
+ {
+ $this->ajax_die($lang['RULES_REPLY_CANNOT']);
+ }
+ else if(!$is_auth['auth_reply'])
+ {
+ $this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
+ }
+
+ // Use trim to get rid of spaces placed there by MS-SQL 2000
+ $quote_username = (trim($post['post_username']) != '') ? $post['post_username'] : get_username($post['poster_id']);
+ $message = "[quote=\"". $quote_username ."\"]". $post['post_text'] ."[/quote]\n";
+ // hide user passkey
+ $message = preg_replace('#(?<=\?uk=)[a-zA-Z0-9]{10}(?=&)#', 'passkey', $message);
+ // hide sid
+ $message = preg_replace('#(?<=[\?&;]sid=)[a-zA-Z0-9]{12}#', 'sid', $message);
+
+ if (!empty($orig_word))
+ {
+ $message = (!empty($message)) ? preg_replace($orig_word, $replace_word, $message) : '';
+ }
+
+ if($post['post_id'] == $post['topic_first_post_id'])
+ {
+ $message = "[quote]". $post['topic_title'] ."[/quote]\n";
+ }
+ if(mb_strlen($message, 'UTF-8') > 1000)
+ {
+ $this->response['redirect'] = make_url('posting.php?mode=quote&p='. $post_id);
+ }
+
+ $this->response['quote'] = true;
+ $this->response['message'] = $message;
+ break;
+
+ case 'view_message':
+ $message = (string) $this->request['message'];
+ if(!trim($message)) $this->ajax_die($lang['EMPTY_MESSAGE']);
+
+ $this->response['message_html'] = bbcode2html($message);
+ $this->response['res_id'] = @$this->request['res_id'];
+ break;
+
+ case 'edit':
+ case 'editor':
+ if(!$post) $this->ajax_die($lang['NOT_POST']);
+
+ if((mb_strlen($post['post_text'], 'UTF-8') > 1000) || $post['post_attachment'] || ($post['topic_first_post_id'] == $post_id))
+ {
+ $this->response['redirect'] = make_url('posting.php?mode=editpost&p='. $post_id);
+ }
+ else if($this->request['type'] == 'editor')
+ {
+ $text = (string) $this->request['text'];
+ $text = prepare_message($text);
+
+ if(mb_strlen($text) > 2)
+ {
+ if($text != $post['post_text'])
+ {
+ if($bb_cfg['max_smilies'])
+ {
+ $count_smilies = substr_count(bbcode2html($text), ';
+ if($count_smilies > $bb_cfg['max_smilies'])
+ {
+ $this->ajax_die(sprintf($lang['MAX_SMILIES_PER_POST'], $bb_cfg['max_smilies']));
+ }
+ }
+ DB()->query()
$post_id,
+ 'post_text' => $text,
+ ));
+ }
+ }
+ else $this->ajax_die($lang['EMPTY_MESSAGE']);
+
+ $this->response['html'] = bbcode2html($text);
+ }
+ else
+ {
+ $is_auth = auth(AUTH_ALL, $post['forum_id'], $userdata, $post);
+ if ($post['topic_status'] == TOPIC_LOCKED && !$is_auth['auth_mod'])
+ {
+ $this->ajax_die($lang['TOPIC_LOCKED']);
+ }
+ else if(!$is_auth['auth_edit'])
+ {
+ $this->ajax_die(sprintf($lang['SORRY_AUTH_EDIT'], strip_tags($is_auth['auth_edit_type'])));
+ }
+
+ $hidden_form = '';
+ $hidden_form .= '';
+ $hidden_form .= '';
+
+ $this->response['text'] = '
+ ';
+ }
+ $this->response['post_id'] = $post_id;
+ break;
+
+ case 'add':
+ if (!isset($this->request['topic_id']))
+ {
+ $this->ajax_die('empty topic_id');
+ }
+ $topic_id = (int) $this->request['topic_id'];
+ $t_data = DB()->fetch_row("SELECT t.*, f.*
+ FROM ". BB_TOPICS ." t, ". BB_FORUMS ." f
+ WHERE t.topic_id = $topic_id
+ AND f.forum_id = t.forum_id
+ LIMIT 1");
+ if(!$t_data) $this->ajax_die($lang['TOPIC_POST_NOT_EXIST']);
+
+ $is_auth = auth(AUTH_ALL, $t_data['forum_id'], $userdata, $t_data);
+ if(bf($userdata['user_opt'], 'user_opt', 'allow_post'))
+ {
+ $this->ajax_die($lang['RULES_REPLY_CANNOT']);
+ }
+ else if(!$is_auth['auth_reply'])
+ {
+ $this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
+ }
+
+ $message = (string) $this->request['message'];
+ $message = prepare_message($message);
+
+ // Flood control
+ $where_sql = (IS_GUEST) ? "p.poster_ip = '". USER_IP ."'" : "p.poster_id = {$userdata['user_id']}";
+
+ $sql = "SELECT MAX(p.post_time) AS last_post_time FROM ". BB_POSTS ." p WHERE $where_sql";
+ if ($row = DB()->fetch_row($sql) AND $row['last_post_time'])
+ {
+ if ($userdata['user_level'] == USER)
+ {
+ if (TIMENOW - $row['last_post_time'] < $bb_cfg['flood_interval'])
+ {
+ $this->ajax_die($lang['FLOOD_ERROR']);
+ }
+ }
+ }
+
+ // Double Post Control
+ if (!empty($row['last_post_time']) && !IS_AM)
+ {
+ $sql = "
+ SELECT pt.post_text
+ FROM ". BB_POSTS ." p, ". BB_POSTS_TEXT ." pt
+ WHERE $where_sql
+ AND p.post_time = ". (int) $row['last_post_time'] ."
+ AND pt.post_id = p.post_id
+ LIMIT 1
+ ";
+
+ if ($row = DB()->fetch_row($sql))
+ {
+ $last_msg = DB()->escape($row['post_text']);
+
+ if ($last_msg == $message)
+ {
+ $this->ajax_die($lang['DOUBLE_POST_ERROR']);
+ }
+ }
+ }
+
+ if($bb_cfg['max_smilies'])
+ {
+ $count_smilies = substr_count(bbcode2html($message), ';
+ if($count_smilies > $bb_cfg['max_smilies'])
+ {
+ $this->ajax_die(sprintf($lang['MAX_SMILIES_PER_POST'], $bb_cfg['max_smilies']));
+ }
+ }
+
+ DB()->sql_query()
sql_nextid();
+ DB()->sql_query("INSERT INTO " . BB_POSTS_TEXT . " (post_id, post_text) VALUES ($post_id, '". DB()->escape($message) ."')");
+
+ update_post_stats('reply', $t_data, $t_data['forum_id'], $topic_id, $post_id, $userdata['user_id']);
+
+ add_search_words($post_id, stripslashes($message), stripslashes($t_data['topic_title']));
+ update_post_html(array(
+ 'post_id' => $post_id,
+ 'post_text' => $message,
+ ));
+
+ $this->response['redirect'] = make_url(POST_URL . $post_id .'#'. $post_id);
+ break;
+
+ default:
+ $this->ajax_die('empty type');
+ break;
+}