3 require 'include/class.message.php';
5 $page_name = isset($_GET['t']) ?
'Post Message' : 'Create Topic';
7 $boardinfo = mysql_fetch_row(mysql_query('SELECT `post_level`, `topic_level`, `board` FROM `boards`
8 WHERE `board` = '.intval($_GET['b'])));
10 $level_restriction = isset ($_GET['t']) ?
$boardinfo[0] : $boardinfo[1];
11 $topic_level = $boardinfo[1];
12 require 'top.inc.php';
14 // Board/topic checking
15 if ( empty($boardinfo[2]) ||
!is_numeric($_GET['b']) ||
(isset($_GET['t']) && !is_numeric($_GET['t'])) )
16 stop('Invalid link.');
18 elseif ( isset($_GET['t']) &&
19 !mysql_result(mysql_query('SELECT COUNT(*) FROM `topics` WHERE `topic` = '.intval($_GET['t']).' AND `board` = '.intval($_GET['b'])), 0) )
20 stop('Invalid topic link.');
22 elseif ( isset($_GET['t']) &&
23 mysql_result(mysql_query('SELECT `visible` FROM `topics` WHERE `topic` = '.intval($_GET['t'])), 0) < 0 )
24 stop('<div class="alert">This topic has been closed or deleted. You cannot post in it.</div>');
27 $msglimit = 180 / $userinfo['level'];
28 $tpclimit = 90 - $userinfo['level'];
30 if ( isset($_POST['submit']) ) {
31 // Strip crap from topic title
32 $topic_title = trim($_POST['topictitle']);
33 if ( $userinfo['level'] >= ADMIN
&& $_POST['tophtm'] )
34 $html_title = $topic_title;
35 elseif ( $userinfo['level'] >= REG_USER
&& $_POST['tophtm'] )
36 $html_title = '<em>'.htmlspecialchars($topic_title).'</em>';
38 $html_title = htmlspecialchars($topic_title);
40 $user_message = new Message($_POST['msgtext']);
41 if ( $user_message->output
!== false )
42 $html_message = $user_message->output
;
45 if ( empty($_GET['t']) && $topic_title === '' )
46 echo '<div class="alert">Topic titles can\'t be blank.</div>';
47 elseif ( trim(preg_replace('#<[a-z]+.*>#Usi', '', $html_message)) === '' )
48 echo '<div class="alert">You can\'t post blank messages.</div>';
49 elseif ( $user_message->output
=== false )
50 echo '<div class="alert">You have an HTML error in your post somewhere.</div>';
52 // Shows preview if there are no errors
53 elseif ( $_POST['submit'] === 'Preview' ) {
54 echo '<div class="alert">Preview Message</div>',"\n",
55 ( !empty($html_title) ?
'<div class="c2">Topic: '.$html_title."</div>\n" : '' ).
56 '<div class="c1">',$html_message,"</div>\n";
60 elseif ( $_POST['submit'] ) {
61 if ( empty($_GET['t']) ) {
62 if ( mysql_result(mysql_query('SELECT COUNT(*) FROM `topics`
63 WHERE `title` = \''.mysql_real_escape_string(strip_tags($html_title)).'\'
64 AND `board` = '.intval($_GET['b'])), 0) >= 1)
65 stop('<div class="alert">A topic with this title has already been posted on this board.</div>');
66 mysql_query('INSERT INTO `topics` (`title`, `board`, `user`) VALUES (
67 \''.mysql_real_escape_string($html_title).'\',
68 '.intval($_GET['b']).',
69 '.$userinfo['user'].')');
70 $topicid = mysql_insert_id();
73 $topicid = intval($_GET['t']);
76 mysql_query('INSERT INTO `message-data` (`content`) VALUES (\''.mysql_real_escape_string ($html_message).'\')');
77 mysql_query('INSERT INTO `messages` (`message`, `topic`, `user`, `ip`, `time`) VALUES (
80 '.$userinfo['user'].',
81 INET_ATON(\''.$_SERVER['REMOTE_ADDR'].'\'),
85 if ( $userinfo['points'] <= 74 )
86 mysql_query('UPDATE `users` SET `points` = (`points` + 1) WHERE `user` = '.$userinfo['user']);
88 mysql_query('UPDATE `users` SET `points` = 0, `cookies` = (`cookies` + 1) WHERE `user` = '.$userinfo['user']);
90 header('HTTP/1.1 303 See Other');
91 header('Location: view'.$thingy.'.php'.URL_STRING
);
93 stop('Return to from which you <a href="'.$thingy.'.php'.URL_STRING
.'">came</a>.');
97 $msgtext = isset($_POST['msgtext']) ?
htmlspecialchars($_POST['msgtext']) : '';
99 if ( !$msgtext && $userinfo['sig'] )
104 echo '<div class="c3">Post Message</div>';
106 if ( empty($_GET['t']) ) {
107 echo '<form method="post" action="',$_SERVER['PHP_SELF'],URL_STRING
,"\">\n",
109 "<legend>Topic</legend>\n";
112 if ( $userinfo['level'] >= ADMIN
)
113 echo '<small>(<label for="title_html">Enable HTML <input type="checkbox" name="tophtm"',
114 ( !empty($_POST['tophtm']) ?
' checked="checked"' : '' ),' accesskey="e"/></label>)</small>',"\n";
116 <input type="text" maxlength="80" style="width: 100%; display: block"'.( isset($topic_title) ?
' value="'.htmlentities ($topic_title).'"' : '' ).' name="topictitle"/>
119 list($topicname) = mysql_fetch_row(mysql_query('SELECT `title` FROM `topics` WHERE `topic` = '.intval($_GET['t'])));
120 echo '<form method="post" action="',$_SERVER['PHP_SELF'],URL_STRING
,"\">\n",
121 '<div class="c2">Topic: <a href="topic.php',URL_STRING
,'">',$topicname,"</a></div>\n";
125 <legend>Message <small>(X)</small></legend>
126 <textarea style="width: 100%" rows="20" cols="80" name="msgtext" accesskey="x">',$msgtext,'</textarea>
129 <button type="submit" name="submit" value="post" accesskey="p"><u>P</u>ost</button>
130 <button type="submit" name="submit" value="Preview" accesskey="r">P<u>r</u>eview</button>