Subversion Repositories Applications.papyrus

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
831 florian 1
<?php
2
 
3
////////////////////////////////////////////////////////////////////////////////
4
//                                                                            //
5
//   Copyright (C) 2006  Phorum Development Team                              //
6
//   http://www.phorum.org                                                    //
7
//                                                                            //
8
//   This program is free software. You can redistribute it and/or modify     //
9
//   it under the terms of either the current Phorum License (viewable at     //
10
//   phorum.org) or the Phorum License that was distributed with this file    //
11
//                                                                            //
12
//   This program is distributed in the hope that it will be useful,          //
13
//   but WITHOUT ANY WARRANTY, without even the implied warranty of           //
14
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                     //
15
//                                                                            //
16
//   You should have received a copy of the Phorum License                    //
17
//   along with this program.                                                 //
18
////////////////////////////////////////////////////////////////////////////////
19
 
20
if(!defined("PHORUM")) return;
21
 
22
// Check if the user is allowed to post a new message or a reply.
23
if( ($mode == "post" && !phorum_user_access_allowed(PHORUM_USER_ALLOW_NEW_TOPIC)) ||
24
    ($mode == "reply" && !phorum_user_access_allowed(PHORUM_USER_ALLOW_REPLY)) ) { if ($PHORUM["DATA"]["LOGGEDIN"]) {
25
        // If users are logged in and can't post, they don't have rights to do so.
26
        $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["NoPost"];
27
    } else {
28
        // Check if they could post if logged in. If so, let them know to log in.
29
        if( ($mode == "reply" && $PHORUM["reg_perms"] & PHORUM_USER_ALLOW_REPLY) ||
30
            ($mode == "post" && $PHORUM["reg_perms"] & PHORUM_USER_ALLOW_NEW_TOPIC) ) {
31
            $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["PleaseLoginPost"];
32
        } else {
33
                $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["NoPost"];
34
        }
35
    }
36
    $error_flag = true;
37
    return;
38
 
39
// Check that they are logged in according to the security settings in
40
// the admin. If they aren't then either set a message with a login link
41
// (when running as include) or redirect to the login page.
42
} elseif($PHORUM["DATA"]["LOGGEDIN"] && !$PHORUM["DATA"]["FULLY_LOGGEDIN"]){
43
 
44
    if (isset($PHORUM["postingargs"]["as_include"])) {
45
 
46
        // Generate the URL to return to after logging in.
47
        $args = array(PHORUM_REPLY_URL, $PHORUM["args"][1]);
48
        if (isset($PHORUM["args"][2])) $args[] = $PHORUM["args"][2];
49
        if (isset($PHORUM["args"]["quote"])) $args[] = "quote=1";
50
        $redir = urlencode(call_user_func_array('phorum_get_url', $args));
51
        $url = phorum_get_url(PHORUM_LOGIN_URL, "redir=$redir");
52
 
53
        $PHORUM["DATA"]["URL"]["REDIRECT"] = $url;
54
        $PHORUM["DATA"]["BACKMSG"] = $PHORUM["DATA"]["LANG"]["LogIn"];
55
        $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["PeriodicLogin"];
56
        $error_flag = true;
57
        return;
58
 
59
    } else {
60
 
61
        // Generate the URL to return to after logging in.
62
        $args = array(PHORUM_POSTING_URL);
63
        if (isset($PHORUM["args"][1])) $args[] = $PHORUM["args"][1];
64
        if (isset($PHORUM["args"][2])) $args[] = $PHORUM["args"][2];
65
        if (isset($PHORUM["args"]["quote"])) $args[] = "quote=1";
66
        $redir = urlencode(call_user_func_array('phorum_get_url', $args));
67
 
68
        phorum_redirect_by_url(phorum_get_url(PHORUM_LOGIN_URL,"redir=$redir"));
69
        exit();
70
 
71
    }
72
}
73
 
74
// Put read-only user info in the message.
75
if ($mode == "post" || $mode == "reply")
76
{
77
    if ($PHORUM["DATA"]["LOGGEDIN"]){
78
        $message["user_id"] = $PHORUM["user"]["user_id"];
79
        $message["author"]  = $PHORUM["user"]["username"];
80
    } else {
81
        $message["user_id"] = 0;
82
    }
83
}
84
 
85
// On finishing up, find the original message data in case we're
86
// editing or replying. Put read-only data in the message to prevent
87
// data tampering.
88
if ($finish && ($mode == 'edit' || $mode == 'reply'))
89
{
90
    $id = $mode == "edit" ? "message_id" : "parent_id";
91
    $origmessage = phorum_db_get_message($message[$id]);
92
    if (! $origmessage) {
93
        phorum_redirect_by_url(phorum_get_url(PHORUM_INDEX_URL));
94
        exit();
95
    }
96
 
97
    // Copy read-only information for editing messages.
98
    if ($mode == "edit") {
99
        $message = phorum_posting_merge_db2form($message, $origmessage, READONLYFIELDS);
100
    // Copy read-only information for replying to messages.
101
    } else {
102
        $message["parent_id"] = $origmessage["message_id"];
103
        $message["thread"] = $origmessage["thread"];
104
    }
105
}
106
 
107
// We never store the email address in the message in case it
108
// was posted by a registered user.
109
if ($message["user_id"]) {
110
    $message["email"] = "";
111
}
112
 
113
// Find the startmessage for the thread.
114
if ($mode == "reply" || $mode == "edit") {
115
    $top_parent = phorum_db_get_message($message["thread"]);
116
}
117
 
118
// Do permission checks for replying to messages.
119
if ($mode == "reply")
120
{
121
    // Find the direct parent for this message.
122
    if ($message["thread"] != $message["parent_id"]) {
123
        $parent = phorum_db_get_message($message["parent_id"]);
124
    } else {
125
        $parent = $top_parent;
126
    }
127
 
128
    // If this thread is unapproved, then get out.
129
    $unapproved =
130
        empty($top_parent) ||
131
        empty($parent) ||
132
        $top_parent["closed"] ||
133
        $top_parent["status"] != PHORUM_STATUS_APPROVED ||
134
        $parent["status"] != PHORUM_STATUS_APPROVED;
135
 
136
    if ($unapproved)
137
    {
138
        // In case we run the editor included in the read page,
139
        // we should not redirect to the listpage for moderators.
140
        // Else a moderator can never read an unapproved message.
141
        if (isset($PHORUM["postingargs"]["as_include"])) {
142
            if ($PHORUM["DATA"]["MODERATOR"]) {
143
                $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["UnapprovedMessage"];
144
                $error_flag = true;
145
                return;
146
            }
147
        }
148
 
149
        // In other cases, redirect users that are replying to
150
        // unapproved messages to the message list.
151
        phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));
152
        exit;
153
    }
154
 
155
}
156
 
157
// Do permission checks for editing messages.
158
if ($mode == "edit")
159
{
160
    // Check if the user is allowed to edit this post.
161
    $timelim = $PHORUM["user_edit_timelimit"];
162
    $useredit =
163
        $message["user_id"] == $PHORUM["user"]["user_id"] &&
164
        phorum_user_access_allowed(PHORUM_USER_ALLOW_EDIT) &&
165
        ! empty($top_parent) &&
166
        ! $top_parent["closed"] &&
167
        (! $timelim || $message["datestamp"] + ($timelim * 60) >= time());
168
 
169
    // Moderators are allowed to edit message, but not messages from
170
    // announcement threads. Announcements may only be edited by users
171
    // for which the option "announcement" is set as allowed.
172
    $moderatoredit =
173
        $PHORUM["DATA"]["MODERATOR"] &&
174
        $message["forum_id"] == $PHORUM["forum_id"] &&
175
        ($message["special"] != "announcement" ||
176
         $PHORUM["DATA"]["OPTION_ALLOWED"]["announcement"]);
177
 
178
    if (!$useredit && !$moderatoredit) {
179
        $PHORUM["DATA"]["MESSAGE"] =
180
            $PHORUM["DATA"]["LANG"]["EditPostForbidden"];
181
        $error_flag = true;
182
        return;
183
    }
184
}
185
 
186
 
187
?>