1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
|
<?php
$filename="newthread.php";
require("./global.php");
if($_REQUEST['action']=="announce") {
if(!isset($threadid) || $thread['important']!=2) eval("error(\"".$tpl->get("error_falselink")."\");");
if(($wbbuserdata['issupermod']==0 && $modpermissions['userid']!=$wbbuserdata['userid']) || !$wbbuserdata['userid']) access_error();
$action="announce";
if(isset($_POST['send'])) {
$boardids = $_POST['boardids'];
if(count($boardids)) {
$boardids = implode("','$threadid'),('",$boardids);
$db->query("INSERT IGNORE INTO bb".$n."_announcements (boardid,threadid) VALUES ('$boardids','$threadid')");
}
header("Location: thread.php?threadid=$threadid&sid=$session[hash]");
exit();
}
$result = $db->query("SELECT boardid, parentid, boardorder, title, invisible FROM bb".$n."_boards ORDER by parentid ASC, boardorder ASC");
while ($row = $db->fetch_array($result)) $boardcache[$row['parentid']][$row['boardorder']][$row['boardid']] = $row;
$result = $db->query("SELECT * FROM bb".$n."_permissions WHERE groupid = '$wbbuserdata[groupid]'");
while ($row = $db->fetch_array($result)) $permissioncache[$row['boardid']] = $row;
$board_options=makeboardselect(0,1,$boardid);
$navbar=getNavbar($board['parentlist']);
eval ("\$navbar .= \"".$tpl->get("navbar_board")."\";");
eval("\$tpl->output(\"".$tpl->get("newthread_announce")."\");");
exit();
}
require("./acp/lib/class_parse.php");
unset($message);
unset($topic);
unset($guestname);
if(!isset($boardid)) eval("error(\"".$tpl->get("error_falselink")."\");");
if($wbbuserdata['canstarttopic']==0 || $board['startpermission']==0 || $board['closed']==1 || $board['isboard']==0) access_error();
if($newthread_default_checked_0==1) $checked[0]="checked";
if($wbbuserdata['emailnotify']==1) $checked[1]="checked";
if($newthread_default_checked_2==1) $checked[2]="checked";
if($newthread_default_checked_3==1) $checked[3]="checked";
$imp_checked[0]="checked";
if(isset($_POST['send'])) {
$topic=trim($_POST['topic']);
if($dostopshooting==1) $topic=stopShooting($topic);
$message=stripcrap(trim($_POST['message']));
if(isset($_POST['iconid'])) $iconid=intval($_POST['iconid']);
else $iconid=0;
if(!$wbbuserdata['userid']) $guestname=trim($_POST['guestname']);
if(!isset($_POST['preview'])) {
$error="";
if(!$wbbuserdata['userid']) {
$wbbuserdata['username']=$guestname;
if(!$wbbuserdata['username'] || !verify_username($wbbuserdata['username'])) eval ("\$error .= \"".$tpl->get("newthread_error2")."\";");
$wbbuserdata['username']=htmlspecialchars($wbbuserdata['username']);
}
if(!$topic || !$message || ($_POST['mustuseprefix'] && !$_POST['prefix'])) eval ("\$error .= \"".$tpl->get("newthread_error1")."\";");
/* Anfang Attachmenthack by php-engeneering.de */
if(!isset($_POST['preview'])) {
if ($_FILES['atta']['name'] != ""){
if($_FILES['atta']['size'] > $attachment_settings['size']) eval ("\$error .= \"".$tpl->get("attachment_error1")."\";");
if(!eregi("(".$attachment_settings['typ'].")$", $_FILES['atta']['name'])) eval ("\$error .= \"".$tpl->get("attachment_error2")."\";");
if(!$error) {
if (file_exists("attachments/".$_FILES['atta']['name'])) {
mt_srand ((double)microtime()* 1000000);
$zahl = mt_rand (0, 100);
$dname = explode(".",$_FILES['atta']['name']);
$dnamesize = count($dname);
$upfile_ext = $dname[$dnamesize -1];
$upfile_ext = strtolower($upfile_ext);
$extnum = strlen($upfile_ext);
$attanum = strlen ($_FILES['atta']['name']);
$unterschied = $attanum - $extnum - 1;
$filename = substr($_FILES['atta']['name'],0,$unterschied);
$_FILES['atta']['name'] = $filename . $zahl . "." . $upfile_ext;
}
move_uploaded_file($_FILES['atta']['tmp_name'], "attachments/".$_FILES['atta']['name']);
$attachments = 1;
}
}
}
/* Ende Attachmenthack by php-engeneering.de */
if(flood_control($wbbuserdata['userid'],$REMOTE_ADDR,$wbbuserdata['avoidfc'])) eval ("\$error .= \"".$tpl->get("newthread_error3")."\";");
if($wbbuserdata['maxpostimage']!=-1 && substr_count(strtolower($message),"[img]")>$wbbuserdata['maxpostimage']) eval ("\$error .= \"".$tpl->get("newthread_error4")."\";");
if($error) eval ("\$newthread_error .= \"".$tpl->get("newthread_error")."\";");
else {
if($_POST['parseurl']==1) $message=parseURL($message);
$result=$db->query_first("SELECT postid FROM bb".$n."_posts WHERE userid='$wbbuserdata[userid]' AND username='".addslashes($wbbuserdata['username'])."' AND iconid='$iconid' AND posttopic='".addslashes(htmlspecialchars($topic))."' AND message='".addslashes($message)."' AND ipaddress='".$REMOTE_ADDR."' AND posttime>='".(time()-$dpvtime)."'",1);
if($result['postid']) {
header("Location: thread.php?postid=$result[postid]&sid=$session[hash]#post$result[postid]");
exit();
}
if(isset($_POST['poll_id'])) {
$poll_id=intval($_POST['poll_id']);
$poll_verify = $db->query_first("SELECT threadid FROM bb".$n."_polls WHERE pollid = '$poll_id'");
if($poll_verify['threadid'] || $poll_verify['threadid']!=0) $poll_id=0;
}
else $poll_id=0;
if($wbbuserdata['canpostwithoutmoderation']==1) $board['moderatenew']=0;
$time=time();
if(isset($_POST['important']) && ($wbbuserdata['issupermod'] || ($modpermissions['userid']==$wbbuserdata['userid'] && $wbbuserdata['userid']))) $important=intval($_POST['important']);
else $important=0;
$db->query("INSERT INTO bb".$n."_threads (threadid,boardid,topic,iconid,starttime,starterid,starter,lastposttime,lastposterid,lastposter,pollid,important,visible,prefix,attachments) VALUES (NULL,'$boardid','".addslashes(htmlspecialchars($topic))."','$iconid','$time','$wbbuserdata[userid]','".addslashes($wbbuserdata[username])."','$time','$wbbuserdata[userid]','".addslashes($wbbuserdata[username])."','$poll_id','$important','".ifelse($board['moderatenew']==10 || $board['moderatenew']==11,0,1)."','".trim($_POST['prefix'])."','$attachments')");
$threadid=$db->insert_id();
if($_POST['poll_id']) $db->unbuffered_query("UPDATE bb".$n."_polls SET threadid='$threadid' WHERE pollid='$poll_id'",1);
$db->query("INSERT INTO bb".$n."_posts (postid,threadid,userid,username,iconid,posttopic,posttime,message,allowsmilies,showsignature,ipaddress,visible,attachment,attachment_size) VALUES (NULL,'$threadid','$wbbuserdata[userid]','".addslashes($wbbuserdata['username'])."','$iconid','".addslashes(htmlspecialchars($topic))."','$time','".addslashes($message)."','".(1-intval($_POST['disablesmilies']))."','".intval($_POST['showsignature'])."','".$REMOTE_ADDR."','".ifelse($board['moderatenew']==10 || $board['moderatenew']==11,0,1)."','".$_FILES['atta']['name']."','".$_FILES['atta']['size']."')");
//Admin-Comment
if($wbbuserdata['groupid']!='1' && $wbbuserdata['groupid']!='9') $message = preg_replace ("/\[admin](.*?)\[\/admin\]/si", "", $message);
//Admin-Comment
//$db->query("INSERT INTO bb".$n."_threads (postid,threadid,boardid,topic,iconid,starttime,starterid,starter,lastposttime,lastposterid,lastposter,pollid,important,visible,attachments) VALUES (NULL,'$boardid','".addslashes(htmlspecialchars($topic))."','$iconid','$time','$wbbuserdata[userid]','".addslashes($wbbuserdata[username])."','$time','$wbbuserdata[userid]','".addslashes($wbbuserdata[username])."','$poll_id','$important','".ifelse($board['moderatenew']==10 || $board['moderatenew']==11,0,1)."','$attachments')");
//$postid=$db->insert_id();
if($_POST['emailnotify']==1 && $wbbuserdata['userid']) $db->query("INSERT INTO bb".$n."_subscribethreads (userid,threadid,emailnotify,countemails) VALUES ($wbbuserdata[userid],$threadid,1,0)");
wordmatch($postid,$message,$topic);
if($board['moderatenew']==10 || $board['moderatenew']==11) eval("redirect(\"".$tpl->get("redirect_waiting4moderation")."\",\"board.php?boardid=$boardid&sid=$session[hash]\",10);");
else {
$db->query("UPDATE bb".$n."_boards SET threadcount=threadcount+1, postcount=postcount+1, lastthreadid='$threadid', lastposttime='$time', lastposterid='$wbbuserdata[userid]', lastposter='".addslashes($wbbuserdata[username])."' WHERE boardid IN ($board[parentlist],$boardid)");
#beiträge zählen
if($board['countuserposts']) {
$wbbuserdata['userposts']+=1;
list($rankid)=$db->query_first("SELECT rankid FROM bb".$n."_ranks WHERE groupid IN ('0','$wbbuserdata[groupid]') AND needposts<='$wbbuserdata[userposts]' AND gender IN ('0','$wbbuserdata[gender]') ORDER BY needposts DESC, gender DESC LIMIT 1");
$db->query("UPDATE bb".$n."_users SET userposts=userposts+1".ifelse($rankid!=$wbbuserdata['rankid'],", rankid='$rankid'","")." WHERE userid = '$wbbuserdata[userid]'");
}
#beiträge zählen
$result=$db->query("SELECT u.email, u.username, s.countemails FROM bb".$n."_subscribeboards s LEFT JOIN bb".$n."_users u USING(userid) WHERE s.boardid='$boardid' AND s.userid<>'$wbbuserdata[userid]' AND s.emailnotify=1 AND s.countemails<'$maxnotifymails' AND u.email is not null");
while($row=$db->fetch_array($result)) {
eval ("\$mail_subject = \"".$tpl->get("ms_newthread")."\";");
if($row['countemails']==$maxnotifymails-1) eval ("\$mail_text = \"".$tpl->get("mt_newthread_lastone")."\";");
else eval ("\$mail_text = \"".$tpl->get("mt_newthread")."\";");
mailer($row['email'],$mail_subject,$mail_text);
}
$db->query("UPDATE bb".$n."_subscribeboards SET countemails=countemails+1 WHERE boardid='$boardid' AND userid<>'$wbbuserdata[userid]' AND emailnotify=1 AND countemails<'$maxnotifymails'");
if($important==2) {
$db->unbuffered_query("INSERT INTO bb".$n."_announcements (boardid,threadid) VALUES ('$boardid','$threadid')",1);
header("Location: newthread.php?action=announce&threadid=$threadid&sid=$session[hash]");
}
else header("Location: thread.php?threadid=$threadid&sid=$session[hash]");
exit();
}
}
}
else {
$allowsmilies=1-intval($_POST['disablesmilies']);
$parse = new parse($docensor,75,$allowsmilies*$board['allowsmilies'],$board['allowbbcode'],$wbbuserdata['showimages'],$usecode);
$preview_topic=$parse->textwrap(htmlspecialchars($topic),30);
$preview_message=$parse->doparse(ifelse($_POST['parseurl']==1,parseURL($message),$message),$allowsmilies*$board['allowsmilies'],$board['allowhtml'],$board['allowbbcode'],$board['allowimages']);
//Admin-Comment
if($wbbuserdata['groupid']!='1' && $wbbuserdata['groupid']!='9') $preview_message = preg_replace ("/\[admin](.*?)\[\/admin\]/si", "", $preview_message);
else {
$preview_message = preg_replace("/\[admin]/i","<br><div class=\"admin_comment\"><u>Anmerkung vom Admin:</u><br>",$preview_message);
$preview_message = preg_replace("/\[\/admin\]/i","</div>",$preview_message);
}
//Admin-Comment
if($iconid) {
$result = $db->query_first("SELECT * FROM bb".$n."_icons WHERE iconid = '$iconid'");
$preview_posticon=makeimgtag($result['iconpath'],$result['icontitle']);
}
eval ("\$preview_window = \"".$tpl->get("newthread_preview")."\";");
}
if($_POST['parseurl']==1) $checked[0]="checked";
else $checked[0]="";
if($_POST['emailnotify']==1) $checked[1]="checked";
else $checked[1]="";
if($_POST['disablesmilies']==1) $checked[2]="checked";
else $checked[2]="";
if($_POST['showsignature']==1) $checked[3]="checked";
else $checked[3]="";
if(isset($_POST['important'])) {
if($_POST['important']==2) $imp_checked[2]="checked";
if($_POST['important']==1) $imp_checked[1]="checked";
if($_POST['important']!=0) $imp_checked[0]="";
}
}
$navbar=getNavbar($board['parentlist']);
eval ("\$navbar .= \"".$tpl->get("navbar_board")."\";");
if($wbbuserdata['userid']==0) eval ("\$newthread_username .= \"".$tpl->get("newthread_username_input")."\";");
else eval ("\$newthread_username .= \"".$tpl->get("newthread_username")."\";");
if(!isset($iconid)) $iconid=0;
if($board['allowicons']==1) {
$ICONselected[$iconid]="checked";
$result = $db->query("SELECT * FROM bb".$n."_icons ORDER BY iconorder ASC");
$iconcount=0;
while($row=$db->fetch_array($result)) {
$row_iconid=$row['iconid'];
eval ("\$choice_posticons .= \"".$tpl->get("newthread_iconbit")."\";");
if($iconcount==6) {
$choice_posticons.="<br>";
$iconcount=0;
}
else $iconcount++;
}
eval ("\$newthread_icons .= \"".$tpl->get("newthread_icons")."\";");
}
if($board['allowbbcode']==1) $bbcode_buttons = getcodebuttons();
if($board['allowsmilies']==1) $bbcode_smilies = getclickysmilies($smilie_table_cols,$smilie_table_rows);
eval ("\$note .= \"".$tpl->get("note_html_".ifelse($board['allowhtml']==0,"not_")."allow")."\";");
eval ("\$note .= \"".$tpl->get("note_bbcode_".ifelse($board['allowbbcode']==0,"not_")."allow")."\";");
eval ("\$note .= \"".$tpl->get("note_smilies_".ifelse($board['allowsmilies']==0,"not_")."allow")."\";");
eval ("\$note .= \"".$tpl->get("note_images_".ifelse($board['allowimages']==0,"not_")."allow")."\";");
if($wbbuserdata['canpostpoll'] && $board['allowpolls']==1) eval ("\$poll = \"".$tpl->get("newthread_poll")."\";");
if($wbbuserdata['issupermod'] || ($wbbuserdata['userid'] && $modpermissions['userid']==$wbbuserdata['userid'])) eval ("\$newthread_important = \"".$tpl->get("newthread_important")."\";");
if(isset($message)) $message=parse::convertHTML($message);
if(isset($topic)) $topic=str_replace("\"",""",$topic);
if(isset($guestname)) $guestname=str_replace("\"",""",$guestname);
if($board['prefixuse']) {
$prefix_options = "";
if($board['prefixuse']==1 || $board['prefixuse']==2) {
$prefixes = explode("<br />",nl2br($default_prefix));
while(list($key,$val)=each($prefixes)) $newthread_prefixoptions .= makeoption(trim($val),trim($val),$_POST['prefix']);
}
if($board['prefixuse']==2 || $board['prefixuse']==3) {
$prefixes = explode("<br />",nl2br($board['prefix']));
while(list($key,$val)=each($prefixes)) $newthread_prefixoptions .= makeoption(trim($val),trim($val),$_POST['prefix']);
}
eval ("\$newthread_prefix .= \"".$tpl->get("newthread_prefix")."\";");
}
eval("\$tpl->output(\"".$tpl->get("newthread")."\");");
?>
|
dat war wohl n böser leichtsinnsfehler von mir O.o 
