Code:
// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################
if ($_REQUEST['action'] == '')
{
$_REQUEST['action'] = "form";
}
$bbuserinfo = $vbulletin->userinfo;
// start navbar
$navbits = array();
$navbits['newthread.php?' . $vbulletin->session->vars['sessionurl'] . "do=$formname"] = $formtitle;
$navbits = construct_navbits($navbits);
eval('$navbar = "' . fetch_template('navbar') . '";');
if ($_REQUEST['action'] == "submit")
{
if ($answerall == "1")
{
if ($answer1 == '' OR $answer2 == '' OR $answer3 == '' OR $answer4 == '' OR $answer5 == '')
{
$errormessage = "$bbuserinfo[username], you need to answer every question!";
eval('print_output("' . fetch_template('STANDARD_ERROR') . '");');
exit();
}
}
$vbulletin->input->clean_array_gpc('p', array(
'wysiwyg' => TYPE_BOOL,
'message' => TYPE_STR
));
if ($vbulletin->GPC['wysiwyg'])
{
require_once(DIR . '/includes/functions_wysiwyg.php');
$vbtextanswer = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $foruminfo['allowhtml']);
}
else
{
$vbtextanswer =& $vbulletin->GPC['message'];
}
eval('$formsend = "' . fetch_template("$answertemplate") . '";');
$posthash = $vbulletin->input->clean_gpc('p', 'posthash', TYPE_NOHTML);
$poststarttime = $vbulletin->input->clean_gpc('p', 'poststarttime', TYPE_UINT);
if ($_POST['submit'] == 'Submit')
{
if ($formforum == "1")
{
$foruminfo = verify_id('forum', $formforumid, 0, 1);
$forumperms = fetch_permissions($foruminfo[forumid]);
$newpost['username'] =& $vbulletin->userinfo['username'];
$newpost['message'] =& $formsend;
$newpost['title'] =& $posttitle;
$newpost['parseurl'] = '1';
$newpost['poststarttime'] = $poststarttime;
$newpost['posthash'] = $posthash;
if ($vbulletin->userinfo['autosubscribe'] != -1)
{
$newpost['emailupdate'] = $vbulletin->userinfo['autosubscribe'];
}
else
{
$newpost['emailupdate'] = 9999;
}
if ($vbulletin->userinfo['signature'] != '')
{
$newpost['signature'] = '1';
}
else
{
$newpost['signature'] = '0';
}
build_new_post('thread', $foruminfo, array(), array(), $newpost, $errors);
if ($formpoll == "1")
{
$threadinfo = verify_id('thread', $newpost[threadid], 0, 1);
$polloptions = count($polloption);
$question = $posttitle;
$vbulletin->GPC['options'] = $polloption;
$counter = 0;
$optioncount = 0;
$badoption = '';
while ($counter++ < $polloptions)
{ // 0..Pollnum-1 we want, as arrays start with 0
if ($vbulletin->options['maxpolllength'] AND vbstrlen($vbulletin->GPC['options']["$counter"]) > $vbulletin->options['maxpolllength'])
{
$badoption .= iif($badoption, ', ') . $counter;
}
if (!empty($vbulletin->GPC['options']["$counter"]))
{
$optioncount++;
}
}
// Add the poll
$poll =& datamanager_init('Poll', $vbulletin, ERRTYPE_STANDARD);
$counter = 0;
while ($counter++ < $polloptions)
{
if ($vbulletin->GPC['options']["$counter"] != '')
{
$poll->set_option($vbulletin->GPC['options']["$counter"]);
}
}
$poll->set('question', $question);
$poll->set('dateline', TIMENOW);
$poll->set('active', '1');
$poll->set('public', $pollpublic);
$pollid = $poll->save();
//end create new poll
// update thread
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->set('pollid', $pollid);
$threadman->save();
}
}
if ($formreply == "1")
{
$threadinfo = verify_id('thread', $formreplythreadid, 0, 1);
$forumperms = fetch_permissions($threadinfo[forumid]);
$newpost['username'] =& $vbulletin->userinfo['username'];
$newpost['message'] =& $formsend;
$newpost['title'] =& $posttitle;
$newpost['parseurl'] = "1";
$newpost['poststarttime'] = $poststarttime;
$newpost['posthash'] = $posthash;
if ($vbulletin->userinfo['autosubscribe'] != -1)
{
$newpost['emailupdate'] = $vbulletin->userinfo['autosubscribe'];
}
else
{
$newpost['emailupdate'] = 9999;
}
if ($vbulletin->userinfo['signature'] != '')
{
$newpost['signature'] = '1';
}
else
{
$newpost['signature'] = '0';
}
build_new_post('reply', $foruminfo, $threadinfo, $postinfo, $newpost, $errors);
}
if ($formpm == "1")
{
$vbulletin->GPC['message'] =& $formsend;
$vbulletin->GPC['title'] =& $posttitle;
$vbulletin->GPC['recipients'] =& $formpmname;
$pm['message'] =& $vbulletin->GPC['message'];
$pm['title'] =& $vbulletin->GPC['title'];
$pm['recipients'] =& $vbulletin->GPC['recipients'];
// create the DM to do error checking and insert the new PM
$pmdm =& datamanager_init('PM', $vbulletin, ERRTYPE_ARRAY);
$pmdm->set('fromuserid', $vbulletin->userinfo['userid']);
$pmdm->set('fromusername', $vbulletin->userinfo['username']);
$pmdm->setr('title', $pm['title']);
$pmdm->setr('message', $pm['message']);
$pmdm->set_recipients($pm['recipients'], $permissions);
$pmdm->set('dateline', TIMENOW);
// everything's good!
$pmdm->save();
}
if ($formemail == "1")
{
require_once(DIR . '/includes/class_bbcode_alt.php');
$plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list());
$plaintext_parser->set_parsing_language($touserinfo['languageid']);
$formsend = $plaintext_parser->parse($formsend);
$emails = explode(';', $formemailaddress);
foreach ($emails AS $email)
{
vbmail($email, $posttitle, $formsend);
}
}
if ($redirectoption == "1")
{
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "p=$newpost[postid]";
eval(print_standard_redirect('redirect_postthanks'));
exit();
}
if ($redirectoption == "2")
{
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t=$newpost[threadid]";
eval(print_standard_redirect('redirect_postthanks'));
exit();
}
if ($redirectoption == "3")
{
$vbulletin->url = 'forumdisplay.php?' . $vbulletin->session->vars['sessionurl'] . "f=$foruminfo[forumid]";
eval(print_standard_redirect('redirect_postthanks'));
exit();
}
if ($redirectoption == "4")
{
$vbulletin->url = 'editpost.php?do=editpost&' . $vbulletin->session->vars['sessionurl'] . "p=$newpost[postid]";
eval(print_standard_redirect('redirect_postthanks'));
exit();
}
eval('print_output("' . fetch_template('STANDARD_ERROR') . '");');
exit();
}
else
{
require_once('./includes/class_bbcode.php');
$parser =& new vB_BbCodeParser($vbulletin, fetch_tag_list());
$preview = $parser->do_parse($formsend);
$_REQUEST['action'] = 'form';
}
}
if ($_REQUEST['action'] == 'form')
{
if (($formforum OR $formreply) AND $allow_attachments)
{
if ($formforum AND $formreply)
{
$forumid = $formforumid;
}
else if ($formreply)
{
$threadid = $formreplythreadid;
$threadinfo = verify_id('thread', $threadid, 0, 1);
$forumid = $threadinfo[forumid];
}
else
{
$forumid = $formforumid;
}
$forumperms = fetch_permissions($forumid);
// get attachment options
require_once(DIR . '/includes/functions_file.php');
$inimaxattach = fetch_max_upload_size();
$maxattachsize = vb_number_format($inimaxattach, 1, true);
$attachcount = 0;
$attach_editor = array();
$attachment_js = '';
if ($forumperms & $vbulletin->bf_ugp_forumpermissions['canpostattachment'] AND $vbulletin->userinfo['userid'] AND !empty($vbulletin->userinfo['attachmentextensions']))
{
if (!$posthash OR !$poststarttime)
{
$poststarttime = TIMENOW;
$posthash = md5($poststarttime . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']);
}
else
{
if (empty($postattach))
{
$currentattaches = $db->query_read("
SELECT dateline, filename, filesize, attachmentid
FROM " . TABLE_PREFIX . "attachment
WHERE posthash = '" . $db->escape_string($posthash) . "'
AND userid = " . $vbulletin->userinfo['userid']
);
while ($attach = $db->fetch_array($currentattaches))
{
$postattach["$attach[attachmentid]"] = $attach;
}
}
if (!empty($postattach))
{
foreach($postattach AS $attachmentid => $attach)
{
$attach['extension'] = strtolower(file_extension($attach['filename']));
$attach['filename'] = htmlspecialchars_uni($attach['filename']);
$attach['filesize'] = vb_number_format($attach['filesize'], 1, true);
$attach['imgpath'] = "$stylevar[imgdir_attach]/$attach[extension].gif";
$show['attachmentlist'] = true;
eval('$attachments .= "' . fetch_template('newpost_attachmentbit') . '";');
$attachment_js .= construct_attachment_add_js($attachmentid, $attach['filename'], $attach['filesize'], $attach['extension']);
$attach_editor["$attachmentid"] = $attach['filename'];
}
}
}
if ($threadid)
{
$attachurl = "t=$threadid";
}
else
{
$attachurl = "f=$forumid";
}
$newpost_attachmentbit = prepare_newpost_attachmentbit();
eval('$attachmentoption = "' . fetch_template('newpost_attachment') . '";');
if ($threadid)
{
$attach_editor['hash'] = $threadid;
$attach_editor['url'] = "newattachment.php?$session[sessionurl]t=$threadid&poststarttime=$poststarttime&posthash=$posthash";
}
else
{
$attach_editor['hash'] = $forumid;
$attach_editor['url'] = "newattachment.php?$session[sessionurl]f=$forumid&poststarttime=$poststarttime&posthash=$posthash";
}
}
else
{
$attachmentoption = '';
}
}
else
{
$attachmentoption = '';
}
// set message box width to usercp size
$stylevar['messagewidth'] = $stylevar['messagewidth_usercp'];
$editorid = construct_edit_toolbar($vbtextanswer);
eval('print_output("' . fetch_template("$maintemplate") . '");');
}
}
More Information