request['type'])) {
$this->ajax_die('empty type');
}
if (isset($this->request['post_id'])) {
$post_id = (int)$this->request['post_id'];
$post = DB()->fetch_row("SELECT t.*, f.*, p.*, pt.post_text
FROM " . BB_TOPICS . " t, " . BB_FORUMS . " f, " . BB_POSTS . " p, " . BB_POSTS_TEXT . " pt
WHERE p.post_id = $post_id
AND t.topic_id = p.topic_id
AND f.forum_id = t.forum_id
AND p.post_id = pt.post_id
LIMIT 1");
if (!$post) {
$this->ajax_die('not post');
}
$is_auth = auth(AUTH_ALL, $post['forum_id'], $userdata, $post);
if ($post['topic_status'] == TOPIC_LOCKED && !$is_auth['auth_mod']) {
$this->ajax_die($lang['TOPIC_LOCKED']);
}
} elseif (isset($this->request['topic_id'])) {
$topic_id = (int)$this->request['topic_id'];
$post = DB()->fetch_row("SELECT t.*, f.*
FROM " . BB_TOPICS . " t, " . BB_FORUMS . " f
WHERE t.topic_id = $topic_id
AND f.forum_id = t.forum_id
LIMIT 1");
if (!$post) {
$this->ajax_die('not post');
}
$is_auth = auth(AUTH_ALL, $post['forum_id'], $userdata, $post);
}
if (!defined('WORD_LIST_OBTAINED')) {
$orig_word = array();
$replace_word = array();
obtain_word_list($orig_word, $replace_word);
define('WORD_LIST_OBTAINED', true);
}
switch ($this->request['type']) {
case 'delete':
if ($post['post_id'] != $post['topic_first_post_id'] && $is_auth['auth_delete'] && ($is_auth['auth_mod'] || ($userdata['user_id'] == $post['poster_id'] && $post['topic_last_post_id'] == $post['post_id'] && $post['post_time'] + 3600 * 3 > TIMENOW))) {
if (empty($this->request['confirmed'])) {
$this->prompt_for_confirm($lang['CONFIRM_DELETE']);
}
\TorrentPier\Legacy\Admin\Common::post_delete($post_id);
// Update atom feed
update_atom('topic', (int)$this->request['topic_id']);
$this->response['hide'] = true;
$this->response['post_id'] = $post_id;
} else {
$this->ajax_die(sprintf($lang['SORRY_AUTH_DELETE'], strip_tags($is_auth['auth_delete_type'])));
}
break;
case 'reply':
if (bf($userdata['user_opt'], 'user_opt', 'dis_post')) {
$this->ajax_die(strip_tags($lang['RULES_REPLY_CANNOT']));
} elseif (!$is_auth['auth_reply']) {
$this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
}
$quote_username = ($post['post_username'] != '') ? $post['post_username'] : get_username($post['poster_id']);
$message = "[quote=\"" . $quote_username . "\"][qpost=" . $post['post_id'] . "]" . $post['post_text'] . "[/quote]\r";
// hide user passkey
$message = preg_replace('#(?<=\?uk=)[a-zA-Z0-9]{10}(?=&)#', 'passkey', $message);
// hide sid
$message = preg_replace('#(?<=[\?&;]sid=)[a-zA-Z0-9]{12}#', 'sid', $message);
if (!empty($orig_word)) {
$message = (!empty($message)) ? preg_replace($orig_word, $replace_word, $message) : '';
}
if ($post['post_id'] == $post['topic_first_post_id']) {
$message = "[quote]" . $post['topic_title'] . "[/quote]\r";
}
if (mb_strlen($message, 'UTF-8') > 1000) {
$this->response['redirect'] = make_url(POSTING_URL . '?mode=quote&p=' . $post_id);
}
$this->response['quote'] = true;
$this->response['message'] = $message;
break;
case 'view_message':
$message = (string)$this->request['message'];
if (!trim($message)) {
$this->ajax_die($lang['EMPTY_MESSAGE']);
}
$message = htmlCHR($message, false, ENT_NOQUOTES);
$this->response['message_html'] = bbcode2html($message);
$this->response['res_id'] = @$this->request['res_id'];
break;
case 'edit':
case 'editor':
if (bf($userdata['user_opt'], 'user_opt', 'dis_post_edit')) {
$this->ajax_die($lang['POST_EDIT_CANNOT']);
}
if ($post['poster_id'] != $userdata['user_id'] && !$is_auth['auth_mod']) {
$this->ajax_die($lang['EDIT_OWN_POSTS']);
}
if ((mb_strlen($post['post_text'], 'UTF-8') > 1000) || $post['post_attachment'] || ($post['topic_first_post_id'] == $post_id)) {
$this->response['redirect'] = make_url(POSTING_URL . '?mode=editpost&p=' . $post_id);
} elseif ($this->request['type'] == 'editor') {
$text = (string)$this->request['text'];
$text = prepare_message($text);
if (mb_strlen($text) > 2) {
if ($text != $post['post_text']) {
if ($bb_cfg['max_smilies']) {
$count_smilies = substr_count(bbcode2html($text), ';
if ($count_smilies > $bb_cfg['max_smilies']) {
$this->ajax_die(sprintf($lang['MAX_SMILIES_PER_POST'], $bb_cfg['max_smilies']));
}
}
DB()->query()
query("UPDATE " . BB_POSTS . " SET post_edit_time = '" . TIMENOW . "', post_edit_count = post_edit_count + 1 WHERE post_id = $post_id");
}
$s_text = str_replace('\n', "\n", $text);
$s_topic_title = str_replace('\n', "\n", $post['topic_title']);
add_search_words($post_id, stripslashes($s_text), stripslashes($s_topic_title));
update_post_html(array(
'post_id' => $post_id,
'post_text' => $text,
));
}
} else {
$this->ajax_die($lang['EMPTY_MESSAGE']);
}
// Update atom feed
update_atom('topic', (int)$this->request['topic_id']);
$this->response['html'] = bbcode2html($text);
} else {
$is_auth = auth(AUTH_ALL, $post['forum_id'], $userdata, $post);
if ($post['topic_status'] == TOPIC_LOCKED && !$is_auth['auth_mod']) {
$this->ajax_die($lang['TOPIC_LOCKED']);
} elseif (!$is_auth['auth_edit']) {
$this->ajax_die(sprintf($lang['SORRY_AUTH_EDIT'], strip_tags($is_auth['auth_edit_type'])));
}
$hidden_form = '';
$hidden_form .= '';
$hidden_form .= '';
$this->response['text'] = '
';
}
$this->response['post_id'] = $post_id;
break;
case 'add':
if (!isset($this->request['topic_id'])) {
$this->ajax_die('empty topic_id');
}
if (bf($userdata['user_opt'], 'user_opt', 'dis_post')) {
$this->ajax_die(strip_tags($lang['RULES_REPLY_CANNOT']));
} elseif (!$is_auth['auth_reply']) {
$this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
}
if ($post['topic_status'] == TOPIC_LOCKED && !$is_auth['auth_mod']) {
$this->ajax_die($lang['TOPIC_LOCKED']);
}
$message = (string)$this->request['message'];
$message = prepare_message($message);
// Flood control
$where_sql = (IS_GUEST) ? "p.poster_ip = '" . USER_IP . "'" : "p.poster_id = {$userdata['user_id']}";
$sql = "SELECT MAX(p.post_time) AS last_post_time FROM " . BB_POSTS . " p WHERE $where_sql";
if ($row = DB()->fetch_row($sql) and $row['last_post_time']) {
if ($userdata['user_level'] == USER) {
if (TIMENOW - $row['last_post_time'] < $bb_cfg['flood_interval']) {
$this->ajax_die($lang['FLOOD_ERROR']);
}
}
}
// Double Post Control
if (!empty($row['last_post_time']) && !IS_AM) {
$sql = "
SELECT pt.post_text
FROM " . BB_POSTS . " p, " . BB_POSTS_TEXT . " pt
WHERE $where_sql
AND p.post_time = " . (int)$row['last_post_time'] . "
AND pt.post_id = p.post_id
LIMIT 1
";
if ($row = DB()->fetch_row($sql)) {
$last_msg = DB()->escape($row['post_text']);
if ($last_msg == $message) {
$this->ajax_die($lang['DOUBLE_POST_ERROR']);
}
}
}
if ($bb_cfg['max_smilies']) {
$count_smilies = substr_count(bbcode2html($message), ';
if ($count_smilies > $bb_cfg['max_smilies']) {
$this->ajax_die(sprintf($lang['MAX_SMILIES_PER_POST'], $bb_cfg['max_smilies']));
}
}
DB()->sql_query()
sql_nextid();
DB()->sql_query("INSERT INTO " . BB_POSTS_TEXT . " (post_id, post_text) VALUES ($post_id, '" . DB()->escape($message) . "')");
\TorrentPier\Legacy\Post::update_post_stats('reply', $post, $post['forum_id'], $topic_id, $post_id, $userdata['user_id']);
$s_message = str_replace('\n', "\n", $message);
$s_topic_title = str_replace('\n', "\n", $post['topic_title']);
add_search_words($post_id, stripslashes($s_message), stripslashes($s_topic_title));
update_post_html(array(
'post_id' => $post_id,
'post_text' => $message,
));
if ($bb_cfg['topic_notify_enabled']) {
$notify = !empty($this->request['notify']);
\TorrentPier\Legacy\Post::user_notification('reply', $post, $post['topic_title'], $post['forum_id'], $topic_id, $notify);
}
// Update atom feed
update_atom('topic', (int)$this->request['topic_id']);
$this->response['redirect'] = make_url(POST_URL . "$post_id#$post_id");
break;
default:
$this->ajax_die('empty type');
break;
}