I just installed the Advanced Vote Manager and now anytime I create a new topic I get a whole bunch of error messages. Can someone please help me get these resolved.
Code: Select all
<?php
/***************************************************************************
* functions_post.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: functions_post.php,v 1.9.2.52 2006/05/06 13:38:55 grahamje Exp $
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
if (!defined('IN_PHPBB'))
{
die('Hacking attempt');
}
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&', '<', '>', '"');
$unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#');
$unhtml_specialchars_replace = array('>', '<', '"', '&');
//
// This function will prepare a posted message for
// entry into the database.
//
function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
{
global $board_config, $html_entities_match, $html_entities_replace;
//
// Clean up the message
//
$message = trim($message);
if ($html_on)
{
// If HTML is on, we try to make it safe
// This approach is quite agressive and anything that does not look like a valid tag
// is going to get converted to HTML entities
$message = stripslashes($message);
$html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
$matches = array();
$message_split = preg_split($html_match, $message);
preg_match_all($html_match, $message, $matches);
$message = '';
foreach ($message_split as $part)
{
$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
$message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag);
}
$message = addslashes($message);
$message = str_replace('"', '\"', $message);
}
else
{
$message = preg_replace($html_entities_match, $html_entities_replace, $message);
}
if($bbcode_on && $bbcode_uid != '')
{
$message = bbencode_first_pass($message, $bbcode_uid);
}
return $message;
}
function unprepare_message($message)
{
global $unhtml_specialchars_match, $unhtml_specialchars_replace;
return preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, $message);
}
//
// Prepare a message for posting
//
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length, &$poll_length_h, &$max_vote, &$undo_vote)
{
global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path;
// Check username
if (!empty($username))
{
$username = phpbb_clean_username($username);
if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username']))
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
$result = validate_username($username);
if ($result['error'])
{
$error_msg .= (!empty($error_msg)) ? '<br />' . $result['error_msg'] : $result['error_msg'];
}
}
else
{
$username = '';
}
}
// Check subject
if (!empty($subject))
{
$subject = htmlspecialchars(trim($subject));
}
else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
{
$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
}
// Check message
if (!empty($message))
{
$bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : '';
$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
}
else if ($mode != 'delete' && $mode != 'poll_delete')
{
$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
}
//
// Handle poll stuff
//
if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
{
$poll_length = (isset($poll_length)) ? max(0, ($poll_length+$poll_length_h/24)) : 0;
$max_vote = (isset($max_vote)) ? max(0, intval($max_vote)) : 0;
$undo_vote = (isset($undo_vote)) ? max(0, intval($undo_vote)) : 0;
if (!empty($poll_title))
{
$poll_title = htmlspecialchars(trim($poll_title));
}
if(!empty($poll_options))
{
$temp_option_text = array();
while(list($option_id, $option_text) = @each($poll_options))
{
$option_text = trim($option_text);
if (!empty($option_text))
{
$temp_option_text[intval($option_id)] = htmlspecialchars($option_text);
}
}
$option_text = $temp_option_text;
if (count($poll_options) < 2)
{
$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
}
else if (count($poll_options) > $board_config['max_poll_options'])
{
$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
}
else if ($poll_title == '')
{
$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];
}
}
}
return;
}
//
// Post a new topic/reply/poll or edit existing post/poll
//
function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, $post_username, $post_subject, $post_message, $poll_title, &$poll_options, &$poll_length, &$max_vote, &$hide_vote, &$undo_vote)
{
global $board_config, $lang, $db, $phpbb_root_path, $forum_freeze_status, $phpEx;
global $userdata, $user_ip;
include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
$current_time = time();
if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost')
{
//
// Flood control
//
$where_sql = ($userdata['user_id'] == ANONYMOUS) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id'];
$sql = "SELECT MAX(post_time) AS last_post_time
FROM " . POSTS_TABLE . "
WHERE $where_sql";
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval']))
{
message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
}
}
}
}
if ($mode == 'editpost')
{
remove_search_post($post_id);
}
if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
{
$topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0;
$sql = ($mode != "editpost") ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote, topic_freeze) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote, $forum_freeze_status)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type " . (($post_data['edit_vote'] || !empty($poll_title)) ? ", topic_vote = " . $topic_vote : "") . " WHERE topic_id = $topic_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
if ($mode == 'newtopic')
{
$topic_id = $db->sql_nextid();
}
}
$edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : "";
$sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_freeze, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", $forum_freeze_status, '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id";
if (!$db->sql_query($sql, BEGIN_TRANSACTION))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
if ($mode != 'editpost')
{
$post_id = $db->sql_nextid();
}
$sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject));
//
// Add poll
//
if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2)
{
$sql = (!$post_data['has_poll']) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length, vote_max, vote_hide, vote_undo) VALUES ($topic_id, '$poll_title', $current_time, " . ($poll_length * 86400) . ", '$max_vote', '$hide_vote', '$undo_vote')" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ($poll_length * 86400) . ", vote_max = '$max_vote', vote_hide = '$hide_vote', vote_undo = '$undo_vote' WHERE topic_id = $topic_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
$delete_option_sql = '';
$old_poll_result = array();
if ($mode == 'editpost' && $post_data['has_poll'])
{
$sql = "SELECT vote_option_id, vote_result
FROM " . VOTE_RESULTS_TABLE . "
WHERE vote_id = $poll_id
ORDER BY vote_option_id ASC";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql);
}
while ($row = $db->sql_fetchrow($result))
{
$old_poll_result[$row['vote_option_id']] = $row['vote_result'];
if (!isset($poll_options[$row['vote_option_id']]))
{
$delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id'];
}
}
}
else
{
$poll_id = $db->sql_nextid();
}
@reset($poll_options);
$poll_option_id = 1;
while (list($option_id, $option_text) = each($poll_options))
{
if (!empty($option_text))
{
$option_text = str_replace("\'", "''", htmlspecialchars($option_text));
$poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0;
$sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
$poll_option_id++;
}
}
if ($delete_option_sql != '')
{
$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
WHERE vote_option_id IN ($delete_option_sql)
AND vote_id = $poll_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql);
}
}
}
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">';
$message = $lang['Stored'] . '<br /><br />' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
return false;
}
//
// Update post stats and details
//
function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$user_id)
{
global $db;
$sign = ($mode == 'delete') ? '- 1' : '+ 1';
$forum_update_sql = "forum_posts = forum_posts $sign";
$topic_update_sql = '';
if ($mode == 'delete')
{
if ($post_data['last_post'])
{
if ($post_data['first_post'])
{
$forum_update_sql .= ', forum_topics = forum_topics - 1';
}
else
{
$topic_update_sql .= 'topic_replies = topic_replies - 1';
$sql = "SELECT MAX(post_id) AS last_post_id
FROM " . POSTS_TABLE . "
WHERE topic_id = $topic_id";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
$topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id'];
}
}
if ($post_data['last_topic'])
{
$sql = "SELECT MAX(post_id) AS last_post_id
FROM " . POSTS_TABLE . "
WHERE forum_id = $forum_id";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
$forum_update_sql .= ($row['last_post_id']) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0';
}
}
}
else if ($post_data['first_post'])
{
$sql = "SELECT MIN(post_id) AS first_post_id
FROM " . POSTS_TABLE . "
WHERE topic_id = $topic_id";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
$topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['first_post_id'];
}
}
else
{
$topic_update_sql .= 'topic_replies = topic_replies - 1';
}
}
else if ($mode != 'poll_delete')
{
$forum_update_sql .= ", forum_last_post_id = $post_id" . (($mode == 'newtopic') ? ", forum_topics = forum_topics $sign" : "");
$topic_update_sql = "topic_last_post_id = $post_id" . (($mode == 'reply') ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id");
}
else
{
$topic_update_sql .= 'topic_vote = 0';
}
if ($mode != 'poll_delete')
{
$sql = "UPDATE " . FORUMS_TABLE . " SET
$forum_update_sql
WHERE forum_id = $forum_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
}
if ($topic_update_sql != '')
{
$sql = "UPDATE " . TOPICS_TABLE . " SET
$topic_update_sql
WHERE topic_id = $topic_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
}
if ($mode != 'poll_delete')
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_posts = user_posts $sign
WHERE user_id = $user_id";
if (!$db->sql_query($sql, END_TRANSACTION))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
}
return;
}
//
// Delete a post/poll
//
function delete_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id)
{
global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
global $userdata, $user_ip;
if ($mode != 'poll_delete')
{
include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
$sql = "DELETE FROM " . POSTS_TABLE . "
WHERE post_id = $post_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . POSTS_TEXT_TABLE . "
WHERE post_id = $post_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
if ($post_data['last_post'])
{
if ($post_data['first_post'])
{
$forum_update_sql .= ', forum_topics = forum_topics - 1';
$sql = "DELETE FROM " . TOPICS_TABLE . "
WHERE topic_id = $topic_id
OR topic_moved_id = $topic_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE topic_id = $topic_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
}
}
}
remove_search_post($post_id);
}
if ($mode == 'poll_delete' || ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) && $post_data['has_poll'] && $post_data['edit_poll'])
{
$sql = "DELETE FROM " . VOTE_DESC_TABLE . "
WHERE topic_id = $topic_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
WHERE vote_id = $poll_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . VOTE_USERS_TABLE . "
WHERE vote_id = $poll_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
}
}
if ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post'])
{
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . '=' . $forum_id) . '">';
$message = $lang['Deleted'];
}
else
{
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $topic_id) . '">';
$message = (($mode == 'poll_delete') ? $lang['Poll_delete'] : $lang['Deleted']) . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>');
}
$message .= '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
return;
}
//
// Handle user notification on new post
//
function user_notification($mode, &$post_data, &$topic_title, &$forum_id, &$topic_id, &$post_id, &$notify_user)
{
global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
global $userdata, $user_ip;
$current_time = time();
if ($mode != 'delete')
{
if ($mode == 'reply')
{
$sql = "SELECT ban_userid
FROM " . BANLIST_TABLE;
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql);
}
$user_id_sql = '';
while ($row = $db->sql_fetchrow($result))
{
if (isset($row['ban_userid']) && !empty($row['ban_userid']))
{
$user_id_sql .= ', ' . $row['ban_userid'];
}
}
$sql = "SELECT u.user_id, u.user_email, u.user_lang
FROM " . TOPICS_WATCH_TABLE . " tw, " . USERS_TABLE . " u
WHERE tw.topic_id = $topic_id
AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . ")
AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . "
AND u.user_id = tw.user_id";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql);
}
$update_watched_sql = '';
$bcc_list_ary = array();
if ($row = $db->sql_fetchrow($result))
{
// Sixty second limit
@set_time_limit(60);
do
{
if ($row['user_email'] != '')
{
$bcc_list_ary[$row['user_lang']][] = $row['user_email'];
}
$update_watched_sql .= ($update_watched_sql != '') ? ', ' . $row['user_id'] : $row['user_id'];
}
while ($row = $db->sql_fetchrow($result));
//
// Let's do some checking to make sure that mass mail functions
// are working in win32 versions of php.
//
if (preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery'])
{
$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';
// We are running on windows, force delivery to use our smtp functions
// since php's are broken by default
$board_config['smtp_delivery'] = 1;
$board_config['smtp_host'] = @$ini_val('SMTP');
}
if (sizeof($bcc_list_ary))
{
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path']));
$script_name = ($script_name != '') ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx;
$server_name = trim($board_config['server_name']);
$server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://';
$server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) . '/' : '/';
$orig_word = array();
$replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
$emailer->from($board_config['board_email']);
$emailer->replyto($board_config['board_email']);
$topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($topic_title)) : unprepare_message($topic_title);
@reset($bcc_list_ary);
while (list($user_lang, $bcc_list) = each($bcc_list_ary))
{
$emailer->use_template('topic_notify', $user_lang);
for ($i = 0; $i < count($bcc_list); $i++)
{
$emailer->bcc($bcc_list[$i]);
}
// The Topic_reply_notification lang string below will be used
// if for some reason the mail template subject cannot be read
// ... note it will not necessarily be in the posters own language!
$emailer->set_subject($lang['Topic_reply_notification']);
// This is a nasty kludge to remove the username var ... till (if?)
// translators update their templates
$emailer->msg = preg_replace('#[ ]?{USERNAME}#', '', $emailer->msg);
$emailer->assign_vars(array(
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
'SITENAME' => $board_config['sitename'],
'TOPIC_TITLE' => $topic_title,
'U_TOPIC' => $server_protocol . $server_name . $server_port . $script_name . '?' . POST_POST_URL . "=$post_id#$post_id",
'U_STOP_WATCHING_TOPIC' => $server_protocol . $server_name . $server_port . $script_name . '?' . POST_TOPIC_URL . "=$topic_id&unwatch=topic")
);
$emailer->send();
$emailer->reset();
}
}
}
$db->sql_freeresult($result);
if ($update_watched_sql != '')
{
$sql = "UPDATE " . TOPICS_WATCH_TABLE . "
SET notify_status = " . TOPIC_WATCH_NOTIFIED . "
WHERE topic_id = $topic_id
AND user_id IN ($update_watched_sql)";
$db->sql_query($sql);
}
}
$sql = "SELECT topic_id
FROM " . TOPICS_WATCH_TABLE . "
WHERE topic_id = $topic_id
AND user_id = " . $userdata['user_id'];
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if (!$notify_user && !empty($row['topic_id']))
{
$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
WHERE topic_id = $topic_id
AND user_id = " . $userdata['user_id'];
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql);
}
}
else if ($notify_user && empty($row['topic_id']))
{
$sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status)
VALUES (" . $userdata['user_id'] . ", $topic_id, 0)";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql);
}
}
}
}
//
// Fill smiley templates (or just the variables) with smileys
// Either in a window or inline
//
function generate_smilies($mode, $page_id)
{
global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path;
global $user_ip, $session_length, $starttime;
global $userdata;
$inline_columns = 4;
$inline_rows = 5;
$window_columns = 8;
if ($mode == 'window')
{
$userdata = session_pagestart($user_ip, $page_id);
init_userprefs($userdata);
$gen_simple_header = TRUE;
$page_title = $lang['Emoticons'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'smiliesbody' => 'posting_smilies.tpl')
);
}
$sql = "SELECT emoticon, code, smile_url
FROM " . SMILIES_TABLE . "
ORDER BY smilies_id";
if ($result = $db->sql_query($sql))
{
$num_smilies = 0;
$rowset = array();
while ($row = $db->sql_fetchrow($result))
{
if (empty($rowset[$row['smile_url']]))
{
$rowset[$row['smile_url']]['code'] = str_replace("'", "\\'", str_replace('\\', '\\\\', $row['code']));
$rowset[$row['smile_url']]['emoticon'] = $row['emoticon'];
$num_smilies++;
}
}
if ($num_smilies)
{
$smilies_count = ($mode == 'inline') ? min(19, $num_smilies) : $num_smilies;
$smilies_split_row = ($mode == 'inline') ? $inline_columns - 1 : $window_columns - 1;
$s_colspan = 0;
$row = 0;
$col = 0;
while (list($smile_url, $data) = @each($rowset))
{
if (!$col)
{
$template->assign_block_vars('smilies_row', array());
}
$template->assign_block_vars('smilies_row.smilies_col', array(
'SMILEY_CODE' => $data['code'],
'SMILEY_IMG' => $board_config['smilies_path'] . '/' . $smile_url,
'SMILEY_DESC' => $data['emoticon'])
);
$s_colspan = max($s_colspan, $col + 1);
if ($col == $smilies_split_row)
{
if ($mode == 'inline' && $row == $inline_rows - 1)
{
break;
}
$col = 0;
$row++;
}
else
{
$col++;
}
}
if ($mode == 'inline' && $num_smilies > $inline_rows * $inline_columns)
{
$template->assign_block_vars('switch_smilies_extra', array());
$template->assign_vars(array(
'L_MORE_SMILIES' => $lang['More_emoticons'],
'U_MORE_SMILIES' => append_sid("posting.$phpEx?mode=smilies"))
);
}
$template->assign_vars(array(
'L_EMOTICONS' => $lang['Emoticons'],
'L_CLOSE_WINDOW' => $lang['Close_window'],
'S_SMILIES_COLSPAN' => $s_colspan)
);
}
}
if ($mode == 'window')
{
$template->pparse('smiliesbody');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
}
/**
* Called from within prepare_message to clean included HTML tags if HTML is
* turned on for that post
* @param array $tag Matching text from the message to parse
*/
function clean_html($tag)
{
global $board_config;
if (empty($tag[0]))
{
return '';
}
$allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags']));
$disallowed_attributes = '/^(?:style|on)/i';
// Check if this is an end tag
preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches);
if (sizeof($matches))
{
if (in_array(strtolower($matches[1]), $allowed_html_tags))
{
return '</' . $matches[1] . '>';
}
else
{
return htmlspecialchars('</' . $matches[1] . '>');
}
}
// Check if this is an allowed tag
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
$attributes = '';
if (!empty($tag[2]))
{
preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test);
for ($i = 0; $i < sizeof($test[0]); $i++)
{
if (preg_match($disallowed_attributes, $test[1][$i]))
{
continue;
}
$attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i];
}
}
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
return '<' . $tag[1] . $attributes . '>';
}
else
{
return htmlspecialchars('<' . $tag[1] . $attributes . '>');
}
}
// Finally, this is not an allowed tag so strip all the attibutes and escape it
else
{
return htmlspecialchars('<' . $tag[1] . '>');
}
}
?>
Code: Select all
<?php
/***************************************************************************
* posting.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: posting.php,v 1.159.2.28 2006/01/28 14:56:51 grahamje Exp $
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
// Log actions MOD Start
include($phpbb_root_path . 'includes/functions_log.'.$phpEx);
// Log actions MOD End
//
// Check and set various parameters
//
$params = array('submit' => 'post', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode');
while( list($var, $param) = @each($params) )
{
if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) )
{
$$var = ( !empty($HTTP_POST_VARS[$param]) ) ? htmlspecialchars($HTTP_POST_VARS[$param]) : htmlspecialchars($HTTP_GET_VARS[$param]);
}
else
{
$$var = '';
}
}
$confirm = isset($HTTP_POST_VARS['confirm']) ? true : false;
$params = array('forum_id' => POST_FORUM_URL, 'topic_id' => POST_TOPIC_URL, 'post_id' => POST_POST_URL);
while( list($var, $param) = @each($params) )
{
if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) )
{
$$var = ( !empty($HTTP_POST_VARS[$param]) ) ? intval($HTTP_POST_VARS[$param]) : intval($HTTP_GET_VARS[$param]);
}
else
{
$$var = '';
}
}
$refresh = $preview || $poll_add || $poll_edit || $poll_delete;
$orig_word = $replacement_word = array();
//
// Set topic type
//
$topic_type = ( !empty($HTTP_POST_VARS['topictype']) ) ? intval($HTTP_POST_VARS['topictype']) : POST_NORMAL;
$topic_type = ( in_array($topic_type, array(POST_NORMAL, POST_STICKY, POST_ANNOUNCE)) ) ? $topic_type : POST_NORMAL;
//
// If the mode is set to topic review then output
// that review ...
//
if ( $mode == 'topicreview' )
{
require($phpbb_root_path . 'includes/topic_review.'.$phpEx);
topic_review($topic_id, false);
exit;
}
else if ( $mode == 'smilies' )
{
generate_smilies('window', PAGE_POSTING);
exit;
}
//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_POSTING);
init_userprefs($userdata);
//
// End session management
//
//
// Was cancel pressed? If so then redirect to the appropriate
// page, no point in continuing with any further checks
//
if ( isset($HTTP_POST_VARS['cancel']) )
{
if ( $post_id )
{
$redirect = "viewtopic.$phpEx?" . POST_POST_URL . "=$post_id";
$post_append = "#$post_id";
}
else if ( $topic_id )
{
$redirect = "viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id";
$post_append = '';
}
else if ( $forum_id )
{
$redirect = "viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id";
$post_append = '';
}
else
{
$redirect = "index.$phpEx";
$post_append = '';
}
redirect(append_sid($redirect, true) . $post_append);
}
//
// What auth type do we need to check?
//
$is_auth = array();
switch( $mode )
{
case 'newtopic':
if ( $topic_type == POST_ANNOUNCE )
{
$is_auth_type = 'auth_announce';
}
else if ( $topic_type == POST_STICKY )
{
$is_auth_type = 'auth_sticky';
}
else
{
$is_auth_type = 'auth_post';
}
break;
case 'reply':
case 'quote':
$is_auth_type = 'auth_reply';
break;
case 'editpost':
$is_auth_type = 'auth_edit';
break;
case 'delete':
case 'poll_delete':
$is_auth_type = 'auth_delete';
break;
case 'vote':
$is_auth_type = 'auth_vote';
break;
case 'topicreview':
$is_auth_type = 'auth_read';
break;
default:
message_die(GENERAL_MESSAGE, $lang['No_post_mode']);
break;
}
//
// Here we do various lookups to find topic_id, forum_id, post_id etc.
// Doing it here prevents spoofing (eg. faking forum_id, topic_id or post_id
//
$error_msg = '';
$post_data = array();
switch ( $mode )
{
case 'newtopic':
if ( empty($forum_id) )
{
message_die(GENERAL_MESSAGE, $lang['Forum_not_exist']);
}
$sql = "SELECT *
FROM " . FORUMS_TABLE . "
WHERE forum_id = $forum_id";
break;
case 'reply':
case 'vote':
if ( empty( $topic_id) )
{
message_die(GENERAL_MESSAGE, $lang['No_topic_id']);
}
$sql = "SELECT f.*, t.topic_status, t.topic_title, t.topic_type
FROM " . FORUMS_TABLE . " f, " . TOPICS_TABLE . " t
WHERE t.topic_id = $topic_id
AND f.forum_id = t.forum_id";
break;
case 'quote':
case 'editpost':
case 'delete':
case 'poll_delete':
if ( empty($post_id) )
{
message_die(GENERAL_MESSAGE, $lang['No_post_id']);
}
$select_sql = (!$submit) ? ', t.topic_title, p.enable_bbcode, p.enable_html, p.enable_smilies, p.enable_sig, p.post_username, pt.post_subject, pt.post_text, pt.bbcode_uid, u.username, u.user_id, u.user_sig, u.user_sig_bbcode_uid' : '';
$from_sql = ( !$submit ) ? ", " . POSTS_TEXT_TABLE . " pt, " . USERS_TABLE . " u" : '';
$where_sql = ( !$submit ) ? "AND pt.post_id = p.post_id AND u.user_id = p.poster_id" : '';
$sql = "SELECT f.*, t.topic_id, t.topic_status, t.topic_type, t.topic_first_post_id, t.topic_last_post_id, t.topic_vote, p.post_id, p.poster_id" . $select_sql . "
FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $from_sql . "
WHERE p.post_id = $post_id
AND t.topic_id = p.topic_id
AND f.forum_id = p.forum_id
$where_sql";
break;
default:
message_die(GENERAL_MESSAGE, $lang['No_valid_mode']);
}
if ( $result = $db->sql_query($sql) )
{
$post_info = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$forum_id = $post_info['forum_id'];
$forum_name = $post_info['forum_name'];
$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $post_info);
if ( $post_info['forum_status'] == FORUM_LOCKED && !$is_auth['auth_mod'])
{
message_die(GENERAL_MESSAGE, $lang['Forum_locked']);
}
else if ( $mode != 'newtopic' && $post_info['topic_status'] == TOPIC_LOCKED && !$is_auth['auth_mod'])
{
message_die(GENERAL_MESSAGE, $lang['Topic_locked']);
}
if ( $mode == 'editpost' || $mode == 'delete' || $mode == 'poll_delete' )
{
$sql = "SELECT forum_freeze
FROM " . FORUMS_TABLE . "
WHERE forum_id = $forum_id";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain forum freeze information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$forum_freeze_status = intval($row['forum_freeze']);
if($is_auth['auth_mod'])
{
$forum_freeze_status = 0;
}
$topic_id = $post_info['topic_id'];
$post_data['poster_post'] = ( $post_info['poster_id'] == $userdata['user_id'] ) ? true : false;
$post_data['first_post'] = ( $post_info['topic_first_post_id'] == $post_id ) ? true : false;
$post_data['last_post'] = ( $post_info['topic_last_post_id'] == $post_id ) ? true : false;
$post_data['last_topic'] = ( $post_info['forum_last_post_id'] == $post_id ) ? true : false;
$post_data['has_poll'] = ( $post_info['topic_vote'] ) ? true : false;
$post_data['topic_type'] = $post_info['topic_type'];
$post_data['poster_id'] = $post_info['poster_id'];
if ( $post_data['first_post'] && $post_data['has_poll'] )
{
$sql = "SELECT *
FROM " . VOTE_DESC_TABLE . " vd, " . VOTE_RESULTS_TABLE . " vr
WHERE vd.topic_id = $topic_id
AND vr.vote_id = vd.vote_id
ORDER BY vr.vote_option_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain vote data for this topic', '', __LINE__, __FILE__, $sql);
}
$poll_options = array();
$poll_results_sum = 0;
if ( $row = $db->sql_fetchrow($result) )
{
$poll_title = $row['vote_text'];
$poll_id = $row['vote_id'];
$poll_length = intval($row['vote_length'] / 86400);
$poll_length_h = intval( ( $row['vote_length'] - ( $poll_length * 86400) ) / 3600 ) ;
$max_vote = $row['vote_max'];
$hide_vote = $row['vote_hide'];
$undo_vote = $row['vote_undo'];
do
{
$poll_options[$row['vote_option_id']] = $row['vote_option_text'];
$poll_results_sum += $row['vote_result'];
}
while ( $row = $db->sql_fetchrow($result) );
}
$db->sql_freeresult($result);
$post_data['edit_poll'] = ( ( !$poll_results_sum || $is_auth['auth_mod'] ) && $post_data['first_post'] ) ? true : 0;
}
else
{
$post_data['edit_poll'] = ($post_data['first_post'] && $is_auth['auth_pollcreate']) ? true : false;
}
//
// Can this user edit/delete the post/poll?
//
if ( $post_info['poster_id'] != $userdata['user_id'] && !$is_auth['auth_mod'] )
{
$message = ( $delete || $mode == 'delete' ) ? $lang['Delete_own_posts'] : $lang['Edit_own_posts'];
$message .= '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
else if ( !$post_data['last_post'] && !$is_auth['auth_mod'] && ( $mode == 'delete' || $delete ) )
{
message_die(GENERAL_MESSAGE, $lang['Cannot_delete_replied']);
}
else if ( !$post_data['edit_poll'] && !$is_auth['auth_mod'] && ( $mode == 'poll_delete' || $poll_delete ) )
{
message_die(GENERAL_MESSAGE, $lang['Cannot_delete_poll']);
}
}
else
{
if ( $mode == 'quote' )
{
$topic_id = $post_info['topic_id'];
}
if ( $mode == 'newtopic' )
{
$post_data['topic_type'] = POST_NORMAL;
$sql = "SELECT forum_freeze
FROM " . FORUMS_TABLE . "
WHERE forum_id = $forum_id";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain forum freeze information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$forum_freeze_status = intval($row['forum_freeze']);
if(!$is_auth['auth_mod'])
{
$forum_freeze_status = $forum_freeze_status;
}
else
{
$forum_freeze_status = 0;
}
}
$post_data['first_post'] = ( $mode == 'newtopic' ) ? true : 0;
$post_data['last_post'] = false;
$post_data['has_poll'] = false;
$post_data['edit_poll'] = false;
}
if ( $mode == 'poll_delete' && !isset($poll_id) )
{
message_die(GENERAL_MESSAGE, $lang['No_such_post']);
}
}
else
{
message_die(GENERAL_MESSAGE, $lang['No_such_post']);
}
//
// Has the user been suspended?
//
if (!$userdata['user_allowpost'] && ( $userdata['user_level'] != ADMIN && $userdata['user_level'] != MOD ))
{
message_die(GENERAL_MESSAGE, $lang['Sorry_suspended']);
}
//
// The user is not authed, if they're not logged in then redirect
// them, else show them an error message
//
if ( !$is_auth[$is_auth_type] )
{
if ( $userdata['session_logged_in'] )
{
message_die(GENERAL_MESSAGE, sprintf($lang['Sorry_' . $is_auth_type], $is_auth[$is_auth_type . "_type"]));
}
switch( $mode )
{
case 'newtopic':
$redirect = "mode=newtopic&" . POST_FORUM_URL . "=" . $forum_id;
break;
case 'reply':
case 'topicreview':
$redirect = "mode=reply&" . POST_TOPIC_URL . "=" . $topic_id;
break;
case 'quote':
case 'editpost':
$redirect = "mode=quote&" . POST_POST_URL ."=" . $post_id;
break;
}
redirect(append_sid("login.$phpEx?redirect=posting.$phpEx&" . $redirect, true));
}
//
// Set toggles for various options
//
if ( !$board_config['allow_html'] )
{
$html_on = 0;
}
else
{
$html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_html'] : $userdata['user_allowhtml'] );
}
if ( !$board_config['allow_bbcode'] )
{
$bbcode_on = 0;
}
else
{
$bbcode_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_bbcode']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_bbcode'] : $userdata['user_allowbbcode'] );
}
if ( !$board_config['allow_smilies'] )
{
$smilies_on = 0;
}
else
{
$smilies_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_smilies']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_smilies'] : $userdata['user_allowsmile'] );
}
if ( ($submit || $refresh) && $is_auth['auth_read'])
{
$notify_user = ( !empty($HTTP_POST_VARS['notify']) ) ? TRUE : 0;
}
else
{
if ( $mode != 'newtopic' && $userdata['session_logged_in'] && $is_auth['auth_read'] )
{
$sql = "SELECT topic_id
FROM " . TOPICS_WATCH_TABLE . "
WHERE topic_id = $topic_id
AND user_id = " . $userdata['user_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql);
}
$notify_user = ( $db->sql_fetchrow($result) ) ? TRUE : $userdata['user_notify'];
$db->sql_freeresult($result);
}
else
{
$notify_user = ( $userdata['session_logged_in'] && $is_auth['auth_read'] ) ? $userdata['user_notify'] : 0;
}
}
$attach_sig = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['attach_sig']) ) ? TRUE : 0 ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? 0 : $userdata['user_attachsig'] );
// --------------------
// What shall we do?
//
if ( ( $delete || $poll_delete || $mode == 'delete' ) && !$confirm )
{
//
// Confirm deletion
//
$s_hidden_fields = '<input type="hidden" name="' . POST_POST_URL . '" value="' . $post_id . '" />';
$s_hidden_fields .= ( $delete || $mode == "delete" ) ? '<input type="hidden" name="mode" value="delete" />' : '<input type="hidden" name="mode" value="poll_delete" />';
$l_confirm = ( $delete || $mode == 'delete' ) ? $lang['Confirm_delete'] : $lang['Confirm_delete_poll'];
//
// Output confirmation page
//
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'confirm_body' => 'confirm_body.tpl')
);
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Information'],
'MESSAGE_TEXT' => $l_confirm,
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("posting.$phpEx"),
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
$template->pparse('confirm_body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else if ( $mode == 'vote' )
{
//
// Vote in a poll
//
if ( (!empty($HTTP_POST_VARS['vote_id'])) && (is_array($HTTP_POST_VARS['vote_id'])) && (isset($HTTP_POST_VARS['vote_id'])) )
{
$vote_option_id = intval($HTTP_POST_VARS['vote_id']);
$vote_id = $HTTP_POST_VARS['vote_id'];
$sql = "SELECT vd.vote_id, vd.vote_max
FROM " . VOTE_DESC_TABLE . " vd, " . VOTE_RESULTS_TABLE . " vr
WHERE vd.topic_id = $topic_id
AND vr.vote_id = vd.vote_id
AND vr.vote_option_id = $vote_option_id
GROUP BY vd.vote_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain vote data for this topic', '', __LINE__, __FILE__, $sql);
}
if ( $vote_info = $db->sql_fetchrow($result) )
{
$max_vote = $vote_info['vote_max'];
$id_vote = $vote_info['vote_id'];
}
$sql = "SELECT *
FROM " . VOTE_USERS_TABLE . "
WHERE vote_id = $id_vote
AND vote_user_id = " . $userdata['user_id'];
if ( !($result2 = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql);
}
$prev_vote = $db->sql_numrows();
$counter = 0;
$row = $db->sql_fetchrowset($result2);
$vbn = array();
for ($i = 0; $i < count($vote_id); $i++)
{
// check if already voted on certain options
$flag = false;
for ($j = 0; $j < $prev_vote; $j++)
{
if ($vote_id[$i] == $row[$j]['vote_option_id'])
{
$flag = true;
break;
}
}
if (!$flag)
{
$vbn[$counter] = $vote_id[$i];
$counter++;
}
}
$db->sql_freeresult($result2);
$sql = "SELECT vd.vote_id
FROM " . VOTE_DESC_TABLE . " vd, " . VOTE_RESULTS_TABLE . " vr
WHERE vd.topic_id = $topic_id
AND vr.vote_id = vd.vote_id
AND vr.vote_option_id = $vote_option_id
GROUP BY vd.vote_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain vote data for this topic', '', __LINE__, __FILE__, $sql);
}
if ( $vote_info = $db->sql_fetchrow($result) )
{
$vote_id = $vote_info['vote_id'];
$sql = "SELECT *
FROM " . VOTE_USERS_TABLE . "
WHERE vote_id = $vote_id
AND vote_user_id = " . $userdata['user_id'];
if ( !($result2 = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql);
}
if ( $max_vote >= (count($vbn) + $prev_vote) ) // Modded
{
foreach ($vbn as $vote_option_id)
{
$sql = "UPDATE " . VOTE_RESULTS_TABLE . "
SET vote_result = vote_result + 1
WHERE vote_id = $vote_id
AND vote_option_id = $vote_option_id";
if ( !$db->sql_query($sql, BEGIN_TRANSACTION) )
{
message_die(GENERAL_ERROR, 'Could not update poll result', '', __LINE__, __FILE__, $sql);
}
$sql = "INSERT INTO " . VOTE_USERS_TABLE . " (vote_id, vote_user_id, vote_user_ip, vote_option_id)
VALUES ($vote_id, " . $userdata['user_id'] . ", '$user_ip', $vote_option_id)";
if ( !$db->sql_query($sql, END_TRANSACTION) )
{
message_die(GENERAL_ERROR, "Could not insert user_id for poll", "", __LINE__, __FILE__, $sql);
}
}
if ( !($prev_vote) )
{
$sql = "UPDATE " . VOTE_DESC_TABLE . "
SET vote_voted = vote_voted + 1
WHERE vote_id = $vote_id
AND topic_id = $topic_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update poll voted', '', __LINE__, __FILE__, $sql);
}
}
$message = $lang['Vote_cast'];
}
else
{
$message = $lang['Already_voted'];
}
$db->sql_freeresult($result2);
}
else
{
$message = $lang['No_vote_option'];
}
$db->sql_freeresult($result);
$template->assign_vars(array(
'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">')
);
$message .= '<br /><br />' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a&
Maybe it's supposed to do that? Not sure.
