Rev 831 | Blame | Last modification | View Log | RSS feed
<?php
////////////////////////////////////////////////////////////////////////////////
// //
// Copyright (C) 2006 Phorum Development Team //
// http://www.phorum.org //
// //
// This program is free software. You can redistribute it and/or modify //
// it under the terms of either the current Phorum License (viewable at //
// phorum.org) or the Phorum License that was distributed with this file //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
// //
// You should have received a copy of the Phorum License //
// along with this program. //
////////////////////////////////////////////////////////////////////////////////
if(!defined("PHORUM")) return;
// Check if the user is allowed to post a new message or a reply.
if( ($mode == "post" && !phorum_user_access_allowed(PHORUM_USER_ALLOW_NEW_TOPIC)) ||
($mode == "reply" && !phorum_user_access_allowed(PHORUM_USER_ALLOW_REPLY)) ) { if ($PHORUM["DATA"]["LOGGEDIN"]) {
// If users are logged in and can't post, they don't have rights to do so.
$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["NoPost"];
} else {
// Check if they could post if logged in. If so, let them know to log in.
if( ($mode == "reply" && $PHORUM["reg_perms"] & PHORUM_USER_ALLOW_REPLY) ||
($mode == "post" && $PHORUM["reg_perms"] & PHORUM_USER_ALLOW_NEW_TOPIC) ) {
$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["PleaseLoginPost"];
} else {
$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["NoPost"];
}
}
$error_flag = true;
return;
// Check that they are logged in according to the security settings in
// the admin. If they aren't then either set a message with a login link
// (when running as include) or redirect to the login page.
} elseif($PHORUM["DATA"]["LOGGEDIN"] && !$PHORUM["DATA"]["FULLY_LOGGEDIN"]){
if (isset($PHORUM["postingargs"]["as_include"])) {
// Generate the URL to return to after logging in.
$args = array(PHORUM_REPLY_URL, $PHORUM["args"][1]);
if (isset($PHORUM["args"][2])) $args[] = $PHORUM["args"][2];
if (isset($PHORUM["args"]["quote"])) $args[] = "quote=1";
$redir = urlencode(call_user_func_array('phorum_get_url', $args));
$url = phorum_get_url(PHORUM_LOGIN_URL, "redir=$redir");
$PHORUM["DATA"]["URL"]["REDIRECT"] = $url;
$PHORUM["DATA"]["BACKMSG"] = $PHORUM["DATA"]["LANG"]["LogIn"];
$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["PeriodicLogin"];
$error_flag = true;
return;
} else {
// Generate the URL to return to after logging in.
$args = array(PHORUM_POSTING_URL);
if (isset($PHORUM["args"][1])) $args[] = $PHORUM["args"][1];
if (isset($PHORUM["args"][2])) $args[] = $PHORUM["args"][2];
if (isset($PHORUM["args"]["quote"])) $args[] = "quote=1";
$redir = urlencode(call_user_func_array('phorum_get_url', $args));
phorum_redirect_by_url(phorum_get_url(PHORUM_LOGIN_URL,"redir=$redir"));
exit();
}
}
// Put read-only user info in the message.
if ($mode == "post" || $mode == "reply")
{
if ($PHORUM["DATA"]["LOGGEDIN"]){
$message["user_id"] = $PHORUM["user"]["user_id"];
$message["author"] = $PHORUM["user"]["username"];
} else {
$message["user_id"] = 0;
}
}
// On finishing up, find the original message data in case we're
// editing or replying. Put read-only data in the message to prevent
// data tampering.
if ($finish && ($mode == 'edit' || $mode == 'reply'))
{
$id = $mode == "edit" ? "message_id" : "parent_id";
$origmessage = phorum_db_get_message($message[$id]);
if (! $origmessage) {
phorum_redirect_by_url(phorum_get_url(PHORUM_INDEX_URL));
exit();
}
// Copy read-only information for editing messages.
if ($mode == "edit") {
$message = phorum_posting_merge_db2form($message, $origmessage, READONLYFIELDS);
// Copy read-only information for replying to messages.
} else {
$message["parent_id"] = $origmessage["message_id"];
$message["thread"] = $origmessage["thread"];
}
}
// We never store the email address in the message in case it
// was posted by a registered user.
if ($message["user_id"]) {
$message["email"] = "";
}
// Find the startmessage for the thread.
if ($mode == "reply" || $mode == "edit") {
$top_parent = phorum_db_get_message($message["thread"]);
}
// Do permission checks for replying to messages.
if ($mode == "reply")
{
// Find the direct parent for this message.
if ($message["thread"] != $message["parent_id"]) {
$parent = phorum_db_get_message($message["parent_id"]);
} else {
$parent = $top_parent;
}
// If this thread is unapproved, then get out.
$unapproved =
empty($top_parent) ||
empty($parent) ||
$top_parent["closed"] ||
$top_parent["status"] != PHORUM_STATUS_APPROVED ||
$parent["status"] != PHORUM_STATUS_APPROVED;
if ($unapproved)
{
// In case we run the editor included in the read page,
// we should not redirect to the listpage for moderators.
// Else a moderator can never read an unapproved message.
if (isset($PHORUM["postingargs"]["as_include"])) {
if ($PHORUM["DATA"]["MODERATOR"]) {
$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["UnapprovedMessage"];
$error_flag = true;
return;
}
}
// In other cases, redirect users that are replying to
// unapproved messages to the message list.
phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));
exit;
}
}
// Do permission checks for editing messages.
if ($mode == "edit")
{
// Check if the user is allowed to edit this post.
$timelim = $PHORUM["user_edit_timelimit"];
$useredit =
$message["user_id"] == $PHORUM["user"]["user_id"] &&
phorum_user_access_allowed(PHORUM_USER_ALLOW_EDIT) &&
! empty($top_parent) &&
! $top_parent["closed"] &&
(! $timelim || $message["datestamp"] + ($timelim * 60) >= time());
// Moderators are allowed to edit message, but not messages from
// announcement threads. Announcements may only be edited by users
// for which the option "announcement" is set as allowed.
$moderatoredit =
$PHORUM["DATA"]["MODERATOR"] &&
$message["forum_id"] == $PHORUM["forum_id"] &&
($message["special"] != "announcement" ||
$PHORUM["DATA"]["OPTION_ALLOWED"]["announcement"]);
if (!$useredit && !$moderatoredit) {
$PHORUM["DATA"]["MESSAGE"] =
$PHORUM["DATA"]["LANG"]["EditPostForbidden"];
$error_flag = true;
return;
}
}
?>