Subversion Repositories Applications.papyrus

Rev

Rev 831 | Blame | Last modification | View Log | RSS feed

<?php

////////////////////////////////////////////////////////////////////////////////
//                                                                            //
//   Copyright (C) 2006  Phorum Development Team                              //
//   http://www.phorum.org                                                    //
//                                                                            //
//   This program is free software. You can redistribute it and/or modify     //
//   it under the terms of either the current Phorum License (viewable at     //
//   phorum.org) or the Phorum License that was distributed with this file    //
//                                                                            //
//   This program is distributed in the hope that it will be useful,          //
//   but WITHOUT ANY WARRANTY, without even the implied warranty of           //
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                     //
//                                                                            //
//   You should have received a copy of the Phorum License                    //
//   along with this program.                                                 //
////////////////////////////////////////////////////////////////////////////////

// This script can initially be called in multiple ways to indicate what
// type of posting mode will be used. The parameters are:
//
// 1) The forum id.
//
// 2) The mode to use. Possibilities are:
//
//    - post        Post a new message (default if no mode is issued)
//    - edit        User edit of an already posted message
//    - moderation  Moderator edit of an already posted message
//    - reply       Reply to a message
//    - quote       Reply to a message, with quoting of the original message
//
// 3) If edit, moderation or reply is used: the message id.
//
// Examples:
// http://yoursite/phorum/posting.php?10,quote,15
// http://yoursite/phorum/posting.php?10,edit,20
// http://yoursite/phorum/posting.php?10,post
//
// This script can also be included in another page (for putting the editor
// screen inline in a page), by setting up the $PHORUM["postingargs"] before
// including:
//
// $PHORUM["postingargs"]["as_include"] any true value, to flag included state
// $PHORUM["postingargs"][0] the forum id
// $PHORUM["postingargs"][1] the mode to use (post,reply,quote,edit,moderation)
// $PHORUM["postingargs"][2] the message id to work with (omit for "post")
//

// ----------------------------------------------------------------------
// Basic setup and checks
// ----------------------------------------------------------------------

if (! defined('phorum_page')) {
    define('phorum_page', 'post');
}

include_once("./common.php");
include_once("include/format_functions.php");

// Check if the Phorum is in read-only mode.
if(isset($PHORUM["status"]) && $PHORUM["status"]=="read-only"){
    phorum_build_common_urls();
    $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["ReadOnlyMessage"];
    // Only show header and footer when not included in another page.
    if (phorum_page == "post") {
        include phorum_get_template("header");
        phorum_hook("after_header");
    }
    include phorum_get_template("message");
    if (phorum_page == "post") {
        phorum_hook("before_footer");
        include phorum_get_template("footer");
    }
    return;
}

// No forum id was set. Take the user back to the index.
if(empty($PHORUM["forum_id"])){
    $dest_url = phorum_get_url(PHORUM_INDEX_URL);
    phorum_redirect_by_url($dest_url);
    exit();
}

// Somehow we got to a folder in posting.php. Take the
// user back to the folder.
if($PHORUM["folder_flag"]){
    $dest_url = phorum_get_url(PHORUM_INDEX_URL, $PHORUM["forum_id"]);
    phorum_redirect_by_url($dest_url);
    exit();
}

// ----------------------------------------------------------------------
// Definitions
// ----------------------------------------------------------------------

// A list of valid posting modes.
$valid_modes = array(
    "post",       // Post a new message
    "reply",      // Post a reply to a message
    "quote",      // Post a reply with quoting of the message replied to
    "edit",       // Edit a message
    "moderation", // Edit a message in moderator modus
);

// Configuration that we use for fields that we use in the editor form.
// Format for the array elements:
// [0] The type of field (string, integer, boolean, array).
// [1] Whether the value must be included as a hidden form field
//     if the field is read-write flagged. So this is used for
//     identifying values which are always implemented  as a
//     hidden form fields.
// [2] Whether the field is read-only or not. Within the editing process,
//     this parameter can be changed to make the field writable.
//     (for example if a moderator is editing a message).
// [3] A default value to initialize the form field with.
//
$PHORUM["post_fields"] = array(
    "message_id"     => array("integer",  true,   true,  0),
    "user_id"        => array("integer",  true,   true,  0),
    "datestamp"      => array("string",   true,   true,  ''),
    "status"         => array("integer",  false,  true,  0),
    "author"         => array("string",   false,  true,  ''),
    "email"          => array("string",   false,  true,  ''),
    "subject"        => array("string",   false,  false, ''),
    "body"           => array("string",   false,  false, ''),
    "forum_id"       => array("integer",  true,   true,  $PHORUM["forum_id"]),
    "thread"         => array("integer",  true,   true,  0),
    "parent_id"      => array("integer",  true,   true,  0),
    "allow_reply"    => array("boolean",  false,  true,  1),
    "special"        => array("string",   false,  true,  ''),
    "email_notify"   => array("boolean",  false,  false, 0),
    "show_signature" => array("boolean",  false,  false, 0),
    "attachments"    => array("array",    true,   true,  array()),
    "meta"           => array("array",    true,   true,  array()),
    "thread_count"   => array("integer",  true,   true,  0),
    "mode"           => array("string",   true,   true,  ''),
);

// Indices for referencing the fields in $post_fields.
define("pf_TYPE",     0);
define("pf_HIDDEN",   1);
define("pf_READONLY", 2);
define("pf_INIT",     3);

// Definitions for a clear $apply_readonly parameter in
// the function phorum_posting_merge_db2form().
define("ALLFIELDS", false);
define("READONLYFIELDS", true);

// ----------------------------------------------------------------------
// Gather information about the editor state and start processing
// ----------------------------------------------------------------------

// Is this an initial request?
$initial = ! isset($_POST["message_id"]);

// Is finish, cancel of preview clicked?
$finish  = (! $initial && isset($_POST["finish"]));
$cancel  = (! $initial && isset($_POST["cancel"]));
$preview = (! $initial && isset($_POST["preview"]));

// Do we already have postingargs or do we use the global args?
if (! isset($PHORUM["postingargs"])) {
    $PHORUM["postingargs"] = $PHORUM["args"];
}

// Find out what editing mode we're running in.
if ($initial) {
    $mode = isset($PHORUM["postingargs"][1]) ? $PHORUM["postingargs"][1] : "post";

    // Quote may also be passed as a phorum parameter (quote=1).
    if ($mode == "reply" && isset($PHORUM["postingargs"]["quote"]) && $PHORUM["postingargs"]["quote"]) {
        $mode = "quote";
    }

} else {
    if (! isset($_POST["mode"])) {
        die("Missing parameter \"mode\" in request");
    }
    $mode = $_POST["mode"];
}
if (! in_array($mode, $valid_modes)) {
    die("Illegal mode issued: $mode");
}

// Find out if we are attaching or detaching something.
// For detaching $do_detach will be set to the attachment's file_id.
$do_detach = false;
$do_attach = false;
foreach ($_POST as $var => $val) {
    if (substr($var, 0, 7) == "detach:") {
        $do_detach = substr($var, 7);
    } elseif ($var == "attach") {
        $do_attach = true;
    }
}

// In case users click on post or preview, without uploading
// their attachment first, we fake an upload action.
if (count($_FILES)) {
    list($name, $data) = each($_FILES);
    if ($data["size"]) $do_attach = true;
    reset($_FILES);
}

// Set all our URL's
phorum_build_common_urls();
$PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url(PHORUM_POSTING_URL);

// Keep track of errors.
$error_flag = false;
$PHORUM["DATA"]["MESSAGE"] = null;
$PHORUM["DATA"]["ERROR"] = null;

// Do things that are specific for first time or followup requests.
if ($initial) {
    include("./include/posting/request_first.php");
} else {
    include("./include/posting/request_followup.php");
}

// Store the posting mode in the form parameters, so we can remember
// the mode throughout the editing cycle (for example to be able to
// create page titles which match the editing mode).
$PHORUM["DATA"]["MODE"] = $mode;

// ----------------------------------------------------------------------
// Permission and ability handling
// ----------------------------------------------------------------------

// Make a descision on what posting mode we're really handling, based on
// the data that we have. The posting modes "reply" and "quote" will
// both be called "reply" from here. Modes "edit" and "moderation" will
// be called "edit" from here. The exact editor behaviour for editing is
// based on the user's permissions, not on posting mode.
$mode = "post";
if ($message["message_id"]) {
    $mode = "edit";
} elseif ($message["parent_id"]) {
    $mode = "reply";
}

// Do ban list checks. Only check the bans on entering and
// on finishing up. No checking is needed on intermediate requests.
if (! $error_flag && ($initial || $finish || $preview)) {
    include("./include/posting/check_banlist.php");
}

// Determine the abilities that the current user has.
if (! $error_flag)
{
    // Is the forum running in a moderated state?
    $PHORUM["DATA"]["MODERATED"] =
        $PHORUM["moderation"] == PHORUM_MODERATE_ON &&
        !phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_MESSAGES);

    // Does the user have administrator permissions?
    $PHORUM["DATA"]["ADMINISTRATOR"] = $PHORUM["user"]["admin"];

    // Does the user have moderator permissions?
    $PHORUM["DATA"]["MODERATOR"] =
        phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_MESSAGES);

    // Ability: Do we allow attachments?
    $PHORUM["DATA"]["ATTACHMENTS"] = $PHORUM["max_attachments"] > 0 && phorum_user_access_allowed(PHORUM_USER_ALLOW_ATTACH);

    $PHORUM["DATA"]["EMAILNOTIFY"] =
    (isset($PHORUM['allow_email_notify']) && !empty($PHORUM['allow_email_notify']))? 1 : 0;

    // What special options can this user set for a message?
    $PHORUM["DATA"]["OPTION_ALLOWED"] = array(
        "sticky"        => false,   // Sticky flag for message sorting
        "announcement"  => false,   // Announcement flag for message sorting
        "allow_reply"   => false,   // Wheter replies are allowed in the thread
    );
    // For moderators and administrators.
    if (($PHORUM["DATA"]["MODERATOR"] || $PHORUM["DATA"]["ADMINISTRATOR"]) && $message["parent_id"] == 0) {
        $PHORUM["DATA"]["OPTION_ALLOWED"]["sticky"] = true;
        $PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"] = true;
    }
    // For administrators only.
    if ($PHORUM["DATA"]["ADMINISTRATOR"]) {
        $PHORUM["DATA"]["OPTION_ALLOWED"]["announcement"] = true;
    }
}

if (! $error_flag)
{
    // A hook to allow modules to change the abilities from above.
    phorum_hook("posting_permission");

    // Show special sort options in the editor? These only are
    // honoured for the thread starter messages, so we check the
    // parent_id for that.
    $PHORUM["DATA"]["SHOW_SPECIALOPTIONS"] =
        $message["parent_id"] == 0 &&
        ($PHORUM["DATA"]["OPTION_ALLOWED"]["announcement"] ||
         $PHORUM["DATA"]["OPTION_ALLOWED"]["sticky"]);

    // Show special sort options or allow_reply in the editor?
    $PHORUM["DATA"]["SHOW_THREADOPTIONS"] =
        $PHORUM["DATA"]["SHOW_SPECIALOPTIONS"] ||
        $PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"];
}

// Set extra writeable fields, based on the user's abilities.
if (isset($PHORUM["DATA"]["ATTACHMENTS"]) && $PHORUM["DATA"]["ATTACHMENTS"]) {
    // Keep it as a hidden field.
    $PHORUM["post_fields"]["attachments"][pf_READONLY] = false;
}
if (isset($PHORUM["DATA"]["MODERATOR"]) && $PHORUM["DATA"]["MODERATOR"]) {
    if (! $message["user_id"]) {
        $PHORUM["post_fields"]["author"][pf_READONLY] = false;
        $PHORUM["post_fields"]["email"][pf_READONLY] = false;
    }
}
if (isset($PHORUM["DATA"]["SHOW_SPECIALOPTIONS"]) && $PHORUM["DATA"]["SHOW_SPECIALOPTIONS"]) {
    $PHORUM["post_fields"]["special"][pf_READONLY] = false;
}
if (isset($PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"]) && $PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"]) {
    $PHORUM["post_fields"]["allow_reply"][pf_READONLY] = false;
}

// Check permissions and apply read-only data.
// Only do this on entering and on finishing up.
// No checking is needed on intermediate requests.
if (! $error_flag && ($initial || $finish)) {
    include("./include/posting/check_permissions.php");
}

// Do permission checks for attachment management.
if (! $error_flag && ($do_attach || $do_detach)) {
    if (! $PHORUM["DATA"]["ATTACHMENTS"]) {
        $PHORUM["DATA"]["MESSAGE"] =
        $PHORUM["DATA"]["LANG"]["AttachNotAllowed"];
        $error_flag = true;
    }
}

// ----------------------------------------------------------------------
// Perform actions
// ----------------------------------------------------------------------

// Only check the integrity of the data on finishing up. During the
// editing process, the user may produce garbage as much as he likes.
if (! $error_flag && $finish) {
    include("./include/posting/check_integrity.php");
}

// Handle cancel request.
if (! $error_flag && $cancel) {
    include("./include/posting/action_cancel.php");
}

// Count the number and total size of active attachments
// that we currently have.
$attach_count = 0;
$attach_totalsize = 0;
foreach ($message["attachments"] as $attachment) {
    if ($attachment["keep"]) {
        $attach_count ++;
        $attach_totalsize += $attachment["size"];
    }
}

// Attachment management. This will update the
// $attach_count and $attach_totalsize variables.
if (! $error_flag && ($do_attach || $do_detach)) {
    include("./include/posting/action_attachments.php");
}

// Handle finishing actions.
if (! $error_flag && $finish)
{
    // Posting mode
    if ($mode == "post" || $mode == "reply") {
        include("./include/posting/action_post.php");
    }
    // Editing mode.
    elseif ($mode == "edit") {
        include("./include/posting/action_edit.php");
    }
    // A little safety net.
    else {
        die("Internal error: finish action for \"$mode\" not available");
    }
}

// ----------------------------------------------------------------------
// Display the page
// ----------------------------------------------------------------------

// Make up the text which must be used on the posting form's submit button.
$button_txtid = $mode == "edit" ? "SaveChanges" : "Post";
$message["submitbutton_text"] = $PHORUM["DATA"]["LANG"][$button_txtid];

// Attachment config
if($PHORUM["max_attachments"]){

    $php_limit = ini_get('upload_max_filesize')*1024;
    $max_packetsize = phorum_db_maxpacketsize();
    if ($max_packetsize == NULL) {
        $db_limit = $php_limit;
    } else {
        $db_limit = $max_packetsize/1024*.6;
    }
    if($PHORUM["max_attachment_size"]==0) $PHORUM["max_attachment_size"]=$php_limit;
    $PHORUM["max_attachment_size"] = min($PHORUM["max_attachment_size"], $php_limit, $db_limit);
    if ($PHORUM["max_totalattachment_size"]) {
        if ($PHORUM["max_totalattachment_size"] < $PHORUM["max_attachment_size"]) {
            $PHORUM["max_attachment_size"] = $PHORUM["max_totalattachment_size"];
        }
    }

    // Data for attachment explanation.
    if ($PHORUM["allow_attachment_types"]) {
        $PHORUM["DATA"]["ATTACH_FILE_TYPES"] = str_replace(";", ", ", $PHORUM["allow_attachment_types"]);
        $PHORUM["DATA"]["EXPLAIN_ATTACH_FILE_TYPES"] = str_replace("%types%", $PHORUM["DATA"]["ATTACH_FILE_TYPES"], $PHORUM["DATA"]["LANG"]["AttachFileTypes"]);
    }
    if ($PHORUM["max_attachment_size"]) {
        $PHORUM["DATA"]["ATTACH_FILE_SIZE"] = $PHORUM["max_attachment_size"];
        $PHORUM["DATA"]["ATTACH_FORMATTED_FILE_SIZE"] = phorum_filesize($PHORUM["max_attachment_size"] * 1024);
        $PHORUM["DATA"]["EXPLAIN_ATTACH_FILE_SIZE"] = str_replace("%size%", $PHORUM["DATA"]["ATTACH_FORMATTED_FILE_SIZE"], $PHORUM["DATA"]["LANG"]["AttachFileSize"]);
    }
    if ($PHORUM["max_totalattachment_size"] && $PHORUM["max_attachments"]>1) {
        $PHORUM["DATA"]["ATTACH_TOTALFILE_SIZE"] = $PHORUM["max_totalattachment_size"];
        $PHORUM["DATA"]["ATTACH_FORMATTED_TOTALFILE_SIZE"] = phorum_filesize($PHORUM["max_totalattachment_size"] * 1024);
        $PHORUM["DATA"]["EXPLAIN_ATTACH_TOTALFILE_SIZE"] = str_replace("%size%", $PHORUM["DATA"]["ATTACH_FORMATTED_TOTALFILE_SIZE"], $PHORUM["DATA"]["LANG"]["AttachTotalFileSize"]);
    }
    if ($PHORUM["max_attachments"] && $PHORUM["max_attachments"]>1) {
        $PHORUM["DATA"]["ATTACH_MAX_ATTACHMENTS"] = $PHORUM["max_attachments"];
        $PHORUM["DATA"]["ATTACH_REMAINING_ATTACHMENTS"] = $PHORUM["max_attachments"] - $attach_count;
        $PHORUM["DATA"]["EXPLAIN_ATTACH_MAX_ATTACHMENTS"] = str_replace("%count%", $PHORUM["DATA"]["ATTACH_REMAINING_ATTACHMENTS"], $PHORUM["DATA"]["LANG"]["AttachMaxAttachments"]);
    }

    // A flag for the template building to be able to see if the
    // attachment storage space is full.
    $PHORUM["DATA"]["ATTACHMENTS_FULL"] =
        $attach_count >= $PHORUM["max_attachments"] ||
        ($PHORUM["max_totalattachment_size"] &&
        $attach_totalsize >= $PHORUM["max_totalattachment_size"]*1024);
}

// Let the templates know if we're running as an include.
$PHORUM["DATA"]["EDITOR_AS_INCLUDE"] =
    isset($PHORUM["postingargs"]["as_include"]) && $PHORUM["postingargs"]["as_include"];

// Process data for previewing.
if ($preview) {
    include("./include/posting/action_preview.php");
}

// Always put the current mode in the message, so hook
// writers can use this for identifying what we're doing.
$message["mode"] = $mode;

// Create hidden form field code. Fields which are read-only are
// all added as a hidden form fields in the form. Also the fields
// for which the pf_HIDDEN flag is set will be added to the
// hidden fields.
$hidden = "";
foreach ($PHORUM["post_fields"] as $var => $spec)
{
    if ($var == "mode") {
        $val = $mode;
    } elseif ($spec[pf_TYPE] == "array") {
        $val = htmlspecialchars(serialize($message[$var]));
    } else {
        $val = htmlentities($message[$var], ENT_COMPAT, $PHORUM["DATA"]["CHARSET"]);
    }
    if ($spec[pf_READONLY] || $spec[pf_HIDDEN]) {
        $hidden .= '<input type="hidden" name="' . $var .  '" ' .
                   'value="' . $val . "\" />\n";
    }
}
$PHORUM["DATA"]["POST_VARS"] .= $hidden;

// Process data for XSS prevention.
foreach ($message as $var => $val)
{
    // The meta information should not be used in templates, because
    // nothing is escaped here. But we might want to use the data in
    // mods which are run after this code. We continue here, so the
    // data won't be stripped from the message data later on.
    if ($var == "meta") continue;

    if ($var == "attachments") {
        if (is_array($val)) {
            foreach ($val as $nr => $data)
            {
                // Do not show attachments which are not kept.
                if (! $data["keep"]) {
                    unset($message["attachments"][$nr]);
                    continue;
                }

                $message[$var][$nr]["name"] = htmlspecialchars($data["name"]);
                $message[$var][$nr]["size"] = phorum_filesize(round($data["size"]));
            }
        }
    } else {
        if (is_scalar($val)) {
            $message[$var] = htmlspecialchars($val);
        } else {
            // Not used in the template, unless proven otherwise.
            $message[$var] = '[removed from template data]';
        }
    }
}

// A cancel button is not needed if the editor is included in a page.
// This can also be used by the before_editor hook to disable the
// cancel button in all pages.
$PHORUM["DATA"]["SHOW_CANCEL_BUTTON"] = (isset($PHORUM["postingargs"]["as_include"]) ? false : true);

// A hook to give modules a last chance to update the message data.
$message = phorum_hook("before_editor", $message);

// Make the message data available to the template engine.
$PHORUM["DATA"]["POST"] = $message;

// Set the field to focus.
$focus = "phorum_subject";
if (!empty($message["subject"])) $focus = "phorum_textarea";
$PHORUM["DATA"]["FOCUS_TO_ID"] = $focus;

// Load page header.
if (! isset($PHORUM["postingargs"]["as_include"])) {
    include phorum_get_template("header");
    phorum_hook("after_header");
}

// Load page content.
if (isset($PHORUM["DATA"]["MESSAGE"])) {
    include phorum_get_template("message");
} else {
    include phorum_get_template("posting");
}

// Load page footer.
if (! isset($PHORUM["postingargs"]["as_include"])) {
    phorum_hook("before_footer");
    include phorum_get_template("footer");
}

// ----------------------------------------------------------------------
// Functions
// ----------------------------------------------------------------------

// Merge data from a database message record into the form fields
// that we use. If $apply_readonly is set to a true value, then
// only the fields which are flagged as read-only will be copied.
function phorum_posting_merge_db2form($form, $db, $apply_readonly = false)
{
    $PHORUM = $GLOBALS['PHORUM'];

    // If we have a user linked to the current message, then get the
    // user data from the database, if it has to be applied as
    // read-only data.
    if ($PHORUM["post_fields"]["email"][pf_READONLY] || $PHORUM["post_fields"]["author"][pf_READONLY]) {
        if ($db["user_id"]) {
            $user_info = phorum_user_get($db["user_id"], false);
            $user_info["author"] = $user_info["username"];
        }
    }

    foreach ($PHORUM["post_fields"] as $key => $info)
    {
        // Skip writeable fields if we only have to apply read-only ones.
        if ($apply_readonly && ! $info[pf_READONLY]) continue;

        switch ($key) {
            case "show_signature": {
                $form[$key] = !empty($db["meta"]["show_signature"]);
                break;
            }

            case "allow_reply": {
                $form[$key] = ! $db["closed"];
                break;
            }

            case "email_notify": {
                $form[$key] = phorum_db_get_if_subscribed(
                    $db["forum_id"], $db["thread"], $db["user_id"]);
                break;
            }

            case "forum_id": {
                $form["forum_id"] = $db["forum_id"] ? $db["forum_id"] : $PHORUM["forum_id"];
                break;
            }

            case "attachments": {
                $form[$key] = array();
                if (isset($db["meta"]["attachments"])) {
                    foreach ($db["meta"]["attachments"] as $data) {
                        $data["keep"] = true;
                        $data["linked"] = true;
                        $form["attachments"][] = $data;
                    }
                }
                break;
            }

            case "author":
            case "email": {
                if ($db["user_id"]) {
                    $form[$key] = $user_info[$key];
                } else {
                    $form[$key] = $db[$key];
                }
                break;
            }

            case "special": {
                if ($db["sort"] == PHORUM_SORT_ANNOUNCEMENT) {
                    $form["special"] = "announcement";
                } elseif ($db["sort"] == PHORUM_SORT_STICKY) {
                    $form["special"] = "sticky";
                } else {
                    $form["special"] = "";
                }
                break;
            }

            case "mode": {
                // NOOP
                break;
            }

            default:
                $form[$key] = $db[$key];
        }
    }
    return $form;
}

?>