Display.php 73 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718
  1. <?php
  2. /**
  3. * This is perhaps the most important and probably most accessed file in all
  4. * of SMF. This file controls topic, message, and attachment display.
  5. *
  6. * Simple Machines Forum (SMF)
  7. *
  8. * @package SMF
  9. * @author Simple Machines http://www.simplemachines.org
  10. * @copyright 2011 Simple Machines
  11. * @license http://www.simplemachines.org/about/smf/license.php BSD
  12. *
  13. * @version 2.1 Alpha 1
  14. */
  15. if (!defined('SMF'))
  16. die('Hacking attempt...');
  17. /**
  18. * The central part of the board - topic display.
  19. * This function loads the posts in a topic up so they can be displayed.
  20. * It supports wireless, using wap/wap2/imode and the Wireless templates.
  21. * It uses the main sub template of the Display template.
  22. * It requires a topic, and can go to the previous or next topic from it.
  23. * It jumps to the correct post depending on a number/time/IS_MSG passed.
  24. * It depends on the messages_per_page, defaultMaxMessages and enableAllMessages settings.
  25. * It is accessed by ?topic=id_topic.START.
  26. */
  27. function Display()
  28. {
  29. global $scripturl, $txt, $modSettings, $context, $settings;
  30. global $options, $sourcedir, $user_info, $board_info, $topic, $board;
  31. global $attachments, $messages_request, $topicinfo, $language, $smcFunc;
  32. // What are you gonna display if these are empty?!
  33. if (empty($topic))
  34. fatal_lang_error('no_board', false);
  35. // Load the proper template and/or sub template.
  36. if (WIRELESS)
  37. $context['sub_template'] = WIRELESS_PROTOCOL . '_display';
  38. else
  39. loadTemplate('Display');
  40. // Not only does a prefetch make things slower for the server, but it makes it impossible to know if they read it.
  41. if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
  42. {
  43. ob_end_clean();
  44. header('HTTP/1.1 403 Prefetch Forbidden');
  45. die;
  46. }
  47. // How much are we sticking on each page?
  48. $context['messages_per_page'] = empty($modSettings['disableCustomPerPage']) && !empty($options['messages_per_page']) && !WIRELESS ? $options['messages_per_page'] : $modSettings['defaultMaxMessages'];
  49. // Let's do some work on what to search index.
  50. if (count($_GET) > 2)
  51. foreach ($_GET as $k => $v)
  52. {
  53. if (!in_array($k, array('topic', 'board', 'start', session_name())))
  54. $context['robot_no_index'] = true;
  55. }
  56. if (!empty($_REQUEST['start']) && (!is_numeric($_REQUEST['start']) || $_REQUEST['start'] % $context['messages_per_page'] != 0))
  57. $context['robot_no_index'] = true;
  58. // Find the previous or next topic. Make a fuss if there are no more.
  59. if (isset($_REQUEST['prev_next']) && ($_REQUEST['prev_next'] == 'prev' || $_REQUEST['prev_next'] == 'next'))
  60. {
  61. // No use in calculating the next topic if there's only one.
  62. if ($board_info['num_topics'] > 1)
  63. {
  64. // Just prepare some variables that are used in the query.
  65. $gt_lt = $_REQUEST['prev_next'] == 'prev' ? '>' : '<';
  66. $order = $_REQUEST['prev_next'] == 'prev' ? '' : ' DESC';
  67. $request = $smcFunc['db_query']('', '
  68. SELECT t2.id_topic
  69. FROM {db_prefix}topics AS t
  70. INNER JOIN {db_prefix}topics AS t2 ON (' . (empty($modSettings['enableStickyTopics']) ? '
  71. t2.id_last_msg ' . $gt_lt . ' t.id_last_msg' : '
  72. (t2.id_last_msg ' . $gt_lt . ' t.id_last_msg AND t2.is_sticky ' . $gt_lt . '= t.is_sticky) OR t2.is_sticky ' . $gt_lt . ' t.is_sticky') . ')
  73. WHERE t.id_topic = {int:current_topic}
  74. AND t2.id_board = {int:current_board}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : '
  75. AND (t2.approved = {int:is_approved} OR (t2.id_member_started != {int:id_member_started} AND t2.id_member_started = {int:current_member}))') . '
  76. ORDER BY' . (empty($modSettings['enableStickyTopics']) ? '' : ' t2.is_sticky' . $order . ',') . ' t2.id_last_msg' . $order . '
  77. LIMIT 1',
  78. array(
  79. 'current_board' => $board,
  80. 'current_member' => $user_info['id'],
  81. 'current_topic' => $topic,
  82. 'is_approved' => 1,
  83. 'id_member_started' => 0,
  84. )
  85. );
  86. // No more left.
  87. if ($smcFunc['db_num_rows']($request) == 0)
  88. {
  89. $smcFunc['db_free_result']($request);
  90. // Roll over - if we're going prev, get the last - otherwise the first.
  91. $request = $smcFunc['db_query']('', '
  92. SELECT id_topic
  93. FROM {db_prefix}topics
  94. WHERE id_board = {int:current_board}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : '
  95. AND (approved = {int:is_approved} OR (id_member_started != {int:id_member_started} AND id_member_started = {int:current_member}))') . '
  96. ORDER BY' . (empty($modSettings['enableStickyTopics']) ? '' : ' is_sticky' . $order . ',') . ' id_last_msg' . $order . '
  97. LIMIT 1',
  98. array(
  99. 'current_board' => $board,
  100. 'current_member' => $user_info['id'],
  101. 'is_approved' => 1,
  102. 'id_member_started' => 0,
  103. )
  104. );
  105. }
  106. // Now you can be sure $topic is the id_topic to view.
  107. list ($topic) = $smcFunc['db_fetch_row']($request);
  108. $smcFunc['db_free_result']($request);
  109. $context['current_topic'] = $topic;
  110. }
  111. // Go to the newest message on this topic.
  112. $_REQUEST['start'] = 'new';
  113. }
  114. // Add 1 to the number of views of this topic (except for robots).
  115. if (!$user_info['possibly_robot'] && (empty($_SESSION['last_read_topic']) || $_SESSION['last_read_topic'] != $topic))
  116. {
  117. $smcFunc['db_query']('', '
  118. UPDATE {db_prefix}topics
  119. SET num_views = num_views + 1
  120. WHERE id_topic = {int:current_topic}',
  121. array(
  122. 'current_topic' => $topic,
  123. )
  124. );
  125. $_SESSION['last_read_topic'] = $topic;
  126. }
  127. // @todo Why isn't this cached?
  128. // @todo if we get id_board in this query and cache it, we can save a query on posting
  129. // Get all the important topic info.
  130. $request = $smcFunc['db_query']('', '
  131. SELECT
  132. t.num_replies, t.num_views, t.locked, ms.subject, t.is_sticky, t.id_poll,
  133. t.id_member_started, t.id_first_msg, t.id_last_msg, t.approved, t.unapproved_posts,
  134. ' . ($user_info['is_guest'] ? 't.id_last_msg + 1' : 'IFNULL(lt.id_msg, IFNULL(lmr.id_msg, -1)) + 1') . ' AS new_from
  135. ' . (!empty($modSettings['recycle_board']) && $modSettings['recycle_board'] == $board ? ', id_previous_board, id_previous_topic' : '') . '
  136. FROM {db_prefix}topics AS t
  137. INNER JOIN {db_prefix}messages AS ms ON (ms.id_msg = t.id_first_msg)' . ($user_info['is_guest'] ? '' : '
  138. LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = {int:current_topic} AND lt.id_member = {int:current_member})
  139. LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.id_board = {int:current_board} AND lmr.id_member = {int:current_member})') . '
  140. WHERE t.id_topic = {int:current_topic}
  141. LIMIT 1',
  142. array(
  143. 'current_member' => $user_info['id'],
  144. 'current_topic' => $topic,
  145. 'current_board' => $board,
  146. )
  147. );
  148. if ($smcFunc['db_num_rows']($request) == 0)
  149. fatal_lang_error('not_a_topic', false);
  150. $topicinfo = $smcFunc['db_fetch_assoc']($request);
  151. $smcFunc['db_free_result']($request);
  152. $context['real_num_replies'] = $context['num_replies'] = $topicinfo['num_replies'];
  153. $context['topic_first_message'] = $topicinfo['id_first_msg'];
  154. $context['topic_last_message'] = $topicinfo['id_last_msg'];
  155. // Add up unapproved replies to get real number of replies...
  156. if ($modSettings['postmod_active'] && allowedTo('approve_posts'))
  157. $context['real_num_replies'] += $topicinfo['unapproved_posts'] - ($topicinfo['approved'] ? 0 : 1);
  158. // If this topic has unapproved posts, we need to work out how many posts the user can see, for page indexing.
  159. if ($modSettings['postmod_active'] && $topicinfo['unapproved_posts'] && !$user_info['is_guest'] && !allowedTo('approve_posts'))
  160. {
  161. $request = $smcFunc['db_query']('', '
  162. SELECT COUNT(id_member) AS my_unapproved_posts
  163. FROM {db_prefix}messages
  164. WHERE id_topic = {int:current_topic}
  165. AND id_member = {int:current_member}
  166. AND approved = 0',
  167. array(
  168. 'current_topic' => $topic,
  169. 'current_member' => $user_info['id'],
  170. )
  171. );
  172. list ($myUnapprovedPosts) = $smcFunc['db_fetch_row']($request);
  173. $smcFunc['db_free_result']($request);
  174. $context['total_visible_posts'] = $context['num_replies'] + $myUnapprovedPosts + ($topicinfo['approved'] ? 1 : 0);
  175. }
  176. else
  177. $context['total_visible_posts'] = $context['num_replies'] + $topicinfo['unapproved_posts'] + ($topicinfo['approved'] ? 1 : 0);
  178. // When was the last time this topic was replied to? Should we warn them about it?
  179. $request = $smcFunc['db_query']('', '
  180. SELECT poster_time
  181. FROM {db_prefix}messages
  182. WHERE id_msg = {int:id_last_msg}
  183. LIMIT 1',
  184. array(
  185. 'id_last_msg' => $topicinfo['id_last_msg'],
  186. )
  187. );
  188. list ($lastPostTime) = $smcFunc['db_fetch_row']($request);
  189. $smcFunc['db_free_result']($request);
  190. $context['oldTopicError'] = !empty($modSettings['oldTopicDays']) && $lastPostTime + $modSettings['oldTopicDays'] * 86400 < time() && empty($topicinfo['is_sticky']);
  191. // The start isn't a number; it's information about what to do, where to go.
  192. if (!is_numeric($_REQUEST['start']))
  193. {
  194. // Redirect to the page and post with new messages, originally by Omar Bazavilvazo.
  195. if ($_REQUEST['start'] == 'new')
  196. {
  197. // Guests automatically go to the last post.
  198. if ($user_info['is_guest'])
  199. {
  200. $context['start_from'] = $context['total_visible_posts'] - 1;
  201. $_REQUEST['start'] = empty($options['view_newest_first']) ? $context['start_from'] : 0;
  202. }
  203. else
  204. {
  205. // Find the earliest unread message in the topic. (the use of topics here is just for both tables.)
  206. $request = $smcFunc['db_query']('', '
  207. SELECT IFNULL(lt.id_msg, IFNULL(lmr.id_msg, -1)) + 1 AS new_from
  208. FROM {db_prefix}topics AS t
  209. LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = {int:current_topic} AND lt.id_member = {int:current_member})
  210. LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.id_board = {int:current_board} AND lmr.id_member = {int:current_member})
  211. WHERE t.id_topic = {int:current_topic}
  212. LIMIT 1',
  213. array(
  214. 'current_board' => $board,
  215. 'current_member' => $user_info['id'],
  216. 'current_topic' => $topic,
  217. )
  218. );
  219. list ($new_from) = $smcFunc['db_fetch_row']($request);
  220. $smcFunc['db_free_result']($request);
  221. // Fall through to the next if statement.
  222. $_REQUEST['start'] = 'msg' . $new_from;
  223. }
  224. }
  225. // Start from a certain time index, not a message.
  226. if (strpos($_REQUEST['start'], 'from') === 0)
  227. {
  228. $timestamp = (int) substr($_REQUEST['start'], 4);
  229. if ($timestamp === 0)
  230. $_REQUEST['start'] = 0;
  231. else
  232. {
  233. // Find the number of messages posted before said time...
  234. $request = $smcFunc['db_query']('', '
  235. SELECT COUNT(*)
  236. FROM {db_prefix}messages
  237. WHERE poster_time < {int:timestamp}
  238. AND id_topic = {int:current_topic}' . ($modSettings['postmod_active'] && $topicinfo['unapproved_posts'] && !allowedTo('approve_posts') ? '
  239. AND (approved = {int:is_approved}' . ($user_info['is_guest'] ? '' : ' OR id_member = {int:current_member}') . ')' : ''),
  240. array(
  241. 'current_topic' => $topic,
  242. 'current_member' => $user_info['id'],
  243. 'is_approved' => 1,
  244. 'timestamp' => $timestamp,
  245. )
  246. );
  247. list ($context['start_from']) = $smcFunc['db_fetch_row']($request);
  248. $smcFunc['db_free_result']($request);
  249. // Handle view_newest_first options, and get the correct start value.
  250. $_REQUEST['start'] = empty($options['view_newest_first']) ? $context['start_from'] : $context['total_visible_posts'] - $context['start_from'] - 1;
  251. }
  252. }
  253. // Link to a message...
  254. elseif (strpos($_REQUEST['start'], 'msg') === 0)
  255. {
  256. $virtual_msg = (int) substr($_REQUEST['start'], 3);
  257. if (!$topicinfo['unapproved_posts'] && $virtual_msg >= $topicinfo['id_last_msg'])
  258. $context['start_from'] = $context['total_visible_posts'] - 1;
  259. elseif (!$topicinfo['unapproved_posts'] && $virtual_msg <= $topicinfo['id_first_msg'])
  260. $context['start_from'] = 0;
  261. else
  262. {
  263. // Find the start value for that message......
  264. $request = $smcFunc['db_query']('', '
  265. SELECT COUNT(*)
  266. FROM {db_prefix}messages
  267. WHERE id_msg < {int:virtual_msg}
  268. AND id_topic = {int:current_topic}' . ($modSettings['postmod_active'] && $topicinfo['unapproved_posts'] && !allowedTo('approve_posts') ? '
  269. AND (approved = {int:is_approved}' . ($user_info['is_guest'] ? '' : ' OR id_member = {int:current_member}') . ')' : ''),
  270. array(
  271. 'current_member' => $user_info['id'],
  272. 'current_topic' => $topic,
  273. 'virtual_msg' => $virtual_msg,
  274. 'is_approved' => 1,
  275. 'no_member' => 0,
  276. )
  277. );
  278. list ($context['start_from']) = $smcFunc['db_fetch_row']($request);
  279. $smcFunc['db_free_result']($request);
  280. }
  281. // We need to reverse the start as well in this case.
  282. $_REQUEST['start'] = empty($options['view_newest_first']) ? $context['start_from'] : $context['total_visible_posts'] - $context['start_from'] - 1;
  283. }
  284. }
  285. // Create a previous next string if the selected theme has it as a selected option.
  286. $context['previous_next'] = $modSettings['enablePreviousNext'] ? '<a href="' . $scripturl . '?topic=' . $topic . '.0;prev_next=prev#new">' . $txt['previous_next_back'] . '</a> <a href="' . $scripturl . '?topic=' . $topic . '.0;prev_next=next#new">' . $txt['previous_next_forward'] . '</a>' : '';
  287. // Check if spellchecking is both enabled and actually working. (for quick reply.)
  288. $context['show_spellchecking'] = !empty($modSettings['enableSpellChecking']) && function_exists('pspell_new');
  289. // Do we need to show the visual verification image?
  290. $context['require_verification'] = !$user_info['is_mod'] && !$user_info['is_admin'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || ($user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1));
  291. if ($context['require_verification'])
  292. {
  293. require_once($sourcedir . '/Subs-Editor.php');
  294. $verificationOptions = array(
  295. 'id' => 'post',
  296. );
  297. $context['require_verification'] = create_control_verification($verificationOptions);
  298. $context['visual_verification_id'] = $verificationOptions['id'];
  299. }
  300. // Are we showing signatures - or disabled fields?
  301. $context['signature_enabled'] = substr($modSettings['signature_settings'], 0, 1) == 1;
  302. $context['disabled_fields'] = isset($modSettings['disabled_profile_fields']) ? array_flip(explode(',', $modSettings['disabled_profile_fields'])) : array();
  303. // Censor the title...
  304. censorText($topicinfo['subject']);
  305. $context['page_title'] = $topicinfo['subject'];
  306. // Is this topic sticky, or can it even be?
  307. $topicinfo['is_sticky'] = empty($modSettings['enableStickyTopics']) ? '0' : $topicinfo['is_sticky'];
  308. // Default this topic to not marked for notifications... of course...
  309. $context['is_marked_notify'] = false;
  310. // Did we report a post to a moderator just now?
  311. $context['report_sent'] = isset($_GET['reportsent']);
  312. // Let's get nosey, who is viewing this topic?
  313. if (!empty($settings['display_who_viewing']))
  314. {
  315. // Start out with no one at all viewing it.
  316. $context['view_members'] = array();
  317. $context['view_members_list'] = array();
  318. $context['view_num_hidden'] = 0;
  319. // Search for members who have this topic set in their GET data.
  320. $request = $smcFunc['db_query']('', '
  321. SELECT
  322. lo.id_member, lo.log_time, mem.real_name, mem.member_name, mem.show_online,
  323. mg.online_color, mg.id_group, mg.group_name
  324. FROM {db_prefix}log_online AS lo
  325. LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = lo.id_member)
  326. LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = CASE WHEN mem.id_group = {int:reg_id_group} THEN mem.id_post_group ELSE mem.id_group END)
  327. WHERE INSTR(lo.url, {string:in_url_string}) > 0 OR lo.session = {string:session}',
  328. array(
  329. 'reg_id_group' => 0,
  330. 'in_url_string' => 's:5:"topic";i:' . $topic . ';',
  331. 'session' => $user_info['is_guest'] ? 'ip' . $user_info['ip'] : session_id(),
  332. )
  333. );
  334. while ($row = $smcFunc['db_fetch_assoc']($request))
  335. {
  336. if (empty($row['id_member']))
  337. continue;
  338. if (!empty($row['online_color']))
  339. $link = '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '" style="color: ' . $row['online_color'] . ';">' . $row['real_name'] . '</a>';
  340. else
  341. $link = '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>';
  342. $is_buddy = in_array($row['id_member'], $user_info['buddies']);
  343. if ($is_buddy)
  344. $link = '<strong>' . $link . '</strong>';
  345. // Add them both to the list and to the more detailed list.
  346. if (!empty($row['show_online']) || allowedTo('moderate_forum'))
  347. $context['view_members_list'][$row['log_time'] . $row['member_name']] = empty($row['show_online']) ? '<em>' . $link . '</em>' : $link;
  348. $context['view_members'][$row['log_time'] . $row['member_name']] = array(
  349. 'id' => $row['id_member'],
  350. 'username' => $row['member_name'],
  351. 'name' => $row['real_name'],
  352. 'group' => $row['id_group'],
  353. 'href' => $scripturl . '?action=profile;u=' . $row['id_member'],
  354. 'link' => $link,
  355. 'is_buddy' => $is_buddy,
  356. 'hidden' => empty($row['show_online']),
  357. );
  358. if (empty($row['show_online']))
  359. $context['view_num_hidden']++;
  360. }
  361. // The number of guests is equal to the rows minus the ones we actually used ;).
  362. $context['view_num_guests'] = $smcFunc['db_num_rows']($request) - count($context['view_members']);
  363. $smcFunc['db_free_result']($request);
  364. // Sort the list.
  365. krsort($context['view_members']);
  366. krsort($context['view_members_list']);
  367. }
  368. // If all is set, but not allowed... just unset it.
  369. $can_show_all = !empty($modSettings['enableAllMessages']) && $context['total_visible_posts'] > $context['messages_per_page'] && $context['total_visible_posts'] < $modSettings['enableAllMessages'];
  370. if (isset($_REQUEST['all']) && !$can_show_all)
  371. unset($_REQUEST['all']);
  372. // Otherwise, it must be allowed... so pretend start was -1.
  373. elseif (isset($_REQUEST['all']))
  374. $_REQUEST['start'] = -1;
  375. // Construct the page index, allowing for the .START method...
  376. $context['page_index'] = constructPageIndex($scripturl . '?topic=' . $topic . '.%1$d', $_REQUEST['start'], $context['total_visible_posts'], $context['messages_per_page'], true);
  377. $context['start'] = $_REQUEST['start'];
  378. // This is information about which page is current, and which page we're on - in case you don't like the constructed page index. (again, wireles..)
  379. $context['page_info'] = array(
  380. 'current_page' => $_REQUEST['start'] / $context['messages_per_page'] + 1,
  381. 'num_pages' => floor(($context['total_visible_posts'] - 1) / $context['messages_per_page']) + 1,
  382. );
  383. // Figure out all the link to the next/prev/first/last/etc. for wireless mainly.
  384. $context['links'] = array(
  385. 'first' => $_REQUEST['start'] >= $context['messages_per_page'] ? $scripturl . '?topic=' . $topic . '.0' : '',
  386. 'prev' => $_REQUEST['start'] >= $context['messages_per_page'] ? $scripturl . '?topic=' . $topic . '.' . ($_REQUEST['start'] - $context['messages_per_page']) : '',
  387. 'next' => $_REQUEST['start'] + $context['messages_per_page'] < $context['total_visible_posts'] ? $scripturl . '?topic=' . $topic. '.' . ($_REQUEST['start'] + $context['messages_per_page']) : '',
  388. 'last' => $_REQUEST['start'] + $context['messages_per_page'] < $context['total_visible_posts'] ? $scripturl . '?topic=' . $topic. '.' . (floor($context['total_visible_posts'] / $context['messages_per_page']) * $context['messages_per_page']) : '',
  389. 'up' => $scripturl . '?board=' . $board . '.0'
  390. );
  391. // If they are viewing all the posts, show all the posts, otherwise limit the number.
  392. if ($can_show_all)
  393. {
  394. if (isset($_REQUEST['all']))
  395. {
  396. // No limit! (actually, there is a limit, but...)
  397. $context['messages_per_page'] = -1;
  398. $context['page_index'] .= empty($modSettings['compactTopicPagesEnable']) ? '<strong>' . $txt['all'] . '</strong> ' : '[<strong>' . $txt['all'] . '</strong>] ';
  399. // Set start back to 0...
  400. $_REQUEST['start'] = 0;
  401. }
  402. // They aren't using it, but the *option* is there, at least.
  403. else
  404. $context['page_index'] .= '&nbsp;<a href="' . $scripturl . '?topic=' . $topic . '.0;all">' . $txt['all'] . '</a> ';
  405. }
  406. // Build the link tree.
  407. $context['linktree'][] = array(
  408. 'url' => $scripturl . '?topic=' . $topic . '.0',
  409. 'name' => $topicinfo['subject'],
  410. 'extra_before' => $settings['linktree_inline'] ? $txt['topic'] . ': ' : ''
  411. );
  412. // Build a list of this board's moderators.
  413. $context['moderators'] = &$board_info['moderators'];
  414. $context['link_moderators'] = array();
  415. if (!empty($board_info['moderators']))
  416. {
  417. // Add a link for each moderator...
  418. foreach ($board_info['moderators'] as $mod)
  419. $context['link_moderators'][] = '<a href="' . $scripturl . '?action=profile;u=' . $mod['id'] . '" title="' . $txt['board_moderator'] . '">' . $mod['name'] . '</a>';
  420. // And show it after the board's name.
  421. $context['linktree'][count($context['linktree']) - 2]['extra_after'] = ' (' . (count($context['link_moderators']) == 1 ? $txt['moderator'] : $txt['moderators']) . ': ' . implode(', ', $context['link_moderators']) . ')';
  422. }
  423. // Information about the current topic...
  424. $context['is_locked'] = $topicinfo['locked'];
  425. $context['is_sticky'] = $topicinfo['is_sticky'];
  426. $context['is_very_hot'] = $topicinfo['num_replies'] >= $modSettings['hotTopicVeryPosts'];
  427. $context['is_hot'] = $topicinfo['num_replies'] >= $modSettings['hotTopicPosts'];
  428. $context['is_approved'] = $topicinfo['approved'];
  429. // @todo Tricks? We don't want to show the poll icon in the topic class here, so pretend it's not one.
  430. $context['is_poll'] = false;
  431. determineTopicClass($context);
  432. $context['is_poll'] = $topicinfo['id_poll'] > 0 && $modSettings['pollMode'] == '1' && allowedTo('poll_view');
  433. // Did this user start the topic or not?
  434. $context['user']['started'] = $user_info['id'] == $topicinfo['id_member_started'] && !$user_info['is_guest'];
  435. $context['topic_starter_id'] = $topicinfo['id_member_started'];
  436. // Set the topic's information for the template.
  437. $context['subject'] = $topicinfo['subject'];
  438. $context['num_views'] = $topicinfo['num_views'];
  439. $context['mark_unread_time'] = $topicinfo['new_from'];
  440. // Set a canonical URL for this page.
  441. $context['canonical_url'] = $scripturl . '?topic=' . $topic . '.' . $context['start'];
  442. // For quick reply we need a response prefix in the default forum language.
  443. if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix', 600)))
  444. {
  445. if ($language === $user_info['language'])
  446. $context['response_prefix'] = $txt['response_prefix'];
  447. else
  448. {
  449. loadLanguage('index', $language, false);
  450. $context['response_prefix'] = $txt['response_prefix'];
  451. loadLanguage('index');
  452. }
  453. cache_put_data('response_prefix', $context['response_prefix'], 600);
  454. }
  455. // If we want to show event information in the topic, prepare the data.
  456. if (allowedTo('calendar_view') && !empty($modSettings['cal_showInTopic']) && !empty($modSettings['cal_enabled']))
  457. {
  458. // First, try create a better time format, ignoring the "time" elements.
  459. if (preg_match('~%[AaBbCcDdeGghjmuYy](?:[^%]*%[AaBbCcDdeGghjmuYy])*~', $user_info['time_format'], $matches) == 0 || empty($matches[0]))
  460. $date_string = $user_info['time_format'];
  461. else
  462. $date_string = $matches[0];
  463. // Any calendar information for this topic?
  464. $request = $smcFunc['db_query']('', '
  465. SELECT cal.id_event, cal.start_date, cal.end_date, cal.title, cal.id_member, mem.real_name
  466. FROM {db_prefix}calendar AS cal
  467. LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = cal.id_member)
  468. WHERE cal.id_topic = {int:current_topic}
  469. ORDER BY start_date',
  470. array(
  471. 'current_topic' => $topic,
  472. )
  473. );
  474. $context['linked_calendar_events'] = array();
  475. while ($row = $smcFunc['db_fetch_assoc']($request))
  476. {
  477. // Prepare the dates for being formatted.
  478. $start_date = sscanf($row['start_date'], '%04d-%02d-%02d');
  479. $start_date = mktime(12, 0, 0, $start_date[1], $start_date[2], $start_date[0]);
  480. $end_date = sscanf($row['end_date'], '%04d-%02d-%02d');
  481. $end_date = mktime(12, 0, 0, $end_date[1], $end_date[2], $end_date[0]);
  482. $context['linked_calendar_events'][] = array(
  483. 'id' => $row['id_event'],
  484. 'title' => $row['title'],
  485. 'can_edit' => allowedTo('calendar_edit_any') || ($row['id_member'] == $user_info['id'] && allowedTo('calendar_edit_own')),
  486. 'modify_href' => $scripturl . '?action=post;msg=' . $topicinfo['id_first_msg'] . ';topic=' . $topic . '.0;calendar;eventid=' . $row['id_event'] . ';' . $context['session_var'] . '=' . $context['session_id'],
  487. 'start_date' => timeformat($start_date, $date_string, 'none'),
  488. 'start_timestamp' => $start_date,
  489. 'end_date' => timeformat($end_date, $date_string, 'none'),
  490. 'end_timestamp' => $end_date,
  491. 'is_last' => false
  492. );
  493. }
  494. $smcFunc['db_free_result']($request);
  495. if (!empty($context['linked_calendar_events']))
  496. $context['linked_calendar_events'][count($context['linked_calendar_events']) - 1]['is_last'] = true;
  497. }
  498. // Create the poll info if it exists.
  499. if ($context['is_poll'])
  500. {
  501. // Get the question and if it's locked.
  502. $request = $smcFunc['db_query']('', '
  503. SELECT
  504. p.question, p.voting_locked, p.hide_results, p.expire_time, p.max_votes, p.change_vote,
  505. p.guest_vote, p.id_member, IFNULL(mem.real_name, p.poster_name) AS poster_name, p.num_guest_voters, p.reset_poll
  506. FROM {db_prefix}polls AS p
  507. LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = p.id_member)
  508. WHERE p.id_poll = {int:id_poll}
  509. LIMIT 1',
  510. array(
  511. 'id_poll' => $topicinfo['id_poll'],
  512. )
  513. );
  514. $pollinfo = $smcFunc['db_fetch_assoc']($request);
  515. $smcFunc['db_free_result']($request);
  516. $request = $smcFunc['db_query']('', '
  517. SELECT COUNT(DISTINCT id_member) AS total
  518. FROM {db_prefix}log_polls
  519. WHERE id_poll = {int:id_poll}
  520. AND id_member != {int:not_guest}',
  521. array(
  522. 'id_poll' => $topicinfo['id_poll'],
  523. 'not_guest' => 0,
  524. )
  525. );
  526. list ($pollinfo['total']) = $smcFunc['db_fetch_row']($request);
  527. $smcFunc['db_free_result']($request);
  528. // Total voters needs to include guest voters
  529. $pollinfo['total'] += $pollinfo['num_guest_voters'];
  530. // Get all the options, and calculate the total votes.
  531. $request = $smcFunc['db_query']('', '
  532. SELECT pc.id_choice, pc.label, pc.votes, IFNULL(lp.id_choice, -1) AS voted_this
  533. FROM {db_prefix}poll_choices AS pc
  534. LEFT JOIN {db_prefix}log_polls AS lp ON (lp.id_choice = pc.id_choice AND lp.id_poll = {int:id_poll} AND lp.id_member = {int:current_member} AND lp.id_member != {int:not_guest})
  535. WHERE pc.id_poll = {int:id_poll}',
  536. array(
  537. 'current_member' => $user_info['id'],
  538. 'id_poll' => $topicinfo['id_poll'],
  539. 'not_guest' => 0,
  540. )
  541. );
  542. $pollOptions = array();
  543. $realtotal = 0;
  544. $pollinfo['has_voted'] = false;
  545. while ($row = $smcFunc['db_fetch_assoc']($request))
  546. {
  547. censorText($row['label']);
  548. $pollOptions[$row['id_choice']] = $row;
  549. $realtotal += $row['votes'];
  550. $pollinfo['has_voted'] |= $row['voted_this'] != -1;
  551. }
  552. $smcFunc['db_free_result']($request);
  553. // If this is a guest we need to do our best to work out if they have voted, and what they voted for.
  554. if ($user_info['is_guest'] && $pollinfo['guest_vote'] && allowedTo('poll_vote'))
  555. {
  556. if (!empty($_COOKIE['guest_poll_vote']) && preg_match('~^[0-9,;]+$~', $_COOKIE['guest_poll_vote']) && strpos($_COOKIE['guest_poll_vote'], ';' . $topicinfo['id_poll'] . ',') !== false)
  557. {
  558. // ;id,timestamp,[vote,vote...]; etc
  559. $guestinfo = explode(';', $_COOKIE['guest_poll_vote']);
  560. // Find the poll we're after.
  561. foreach ($guestinfo as $i => $guestvoted)
  562. {
  563. $guestvoted = explode(',', $guestvoted);
  564. if ($guestvoted[0] == $topicinfo['id_poll'])
  565. break;
  566. }
  567. // Has the poll been reset since guest voted?
  568. if ($pollinfo['reset_poll'] > $guestvoted[1])
  569. {
  570. // Remove the poll info from the cookie to allow guest to vote again
  571. unset($guestinfo[$i]);
  572. if (!empty($guestinfo))
  573. $_COOKIE['guest_poll_vote'] = ';' . implode(';', $guestinfo);
  574. else
  575. unset($_COOKIE['guest_poll_vote']);
  576. }
  577. else
  578. {
  579. // What did they vote for?
  580. unset($guestvoted[0], $guestvoted[1]);
  581. foreach ($pollOptions as $choice => $details)
  582. {
  583. $pollOptions[$choice]['voted_this'] = in_array($choice, $guestvoted) ? 1 : -1;
  584. $pollinfo['has_voted'] |= $pollOptions[$choice]['voted_this'] != -1;
  585. }
  586. unset($choice, $details, $guestvoted);
  587. }
  588. unset($guestinfo, $guestvoted, $i);
  589. }
  590. }
  591. // Set up the basic poll information.
  592. $context['poll'] = array(
  593. 'id' => $topicinfo['id_poll'],
  594. 'image' => 'normal_' . (empty($pollinfo['voting_locked']) ? 'poll' : 'locked_poll'),
  595. 'question' => parse_bbc($pollinfo['question']),
  596. 'total_votes' => $pollinfo['total'],
  597. 'change_vote' => !empty($pollinfo['change_vote']),
  598. 'is_locked' => !empty($pollinfo['voting_locked']),
  599. 'options' => array(),
  600. 'lock' => allowedTo('poll_lock_any') || ($context['user']['started'] && allowedTo('poll_lock_own')),
  601. 'edit' => allowedTo('poll_edit_any') || ($context['user']['started'] && allowedTo('poll_edit_own')),
  602. 'allowed_warning' => $pollinfo['max_votes'] > 1 ? sprintf($txt['poll_options6'], min(count($pollOptions), $pollinfo['max_votes'])) : '',
  603. 'is_expired' => !empty($pollinfo['expire_time']) && $pollinfo['expire_time'] < time(),
  604. 'expire_time' => !empty($pollinfo['expire_time']) ? timeformat($pollinfo['expire_time']) : 0,
  605. 'has_voted' => !empty($pollinfo['has_voted']),
  606. 'starter' => array(
  607. 'id' => $pollinfo['id_member'],
  608. 'name' => $row['poster_name'],
  609. 'href' => $pollinfo['id_member'] == 0 ? '' : $scripturl . '?action=profile;u=' . $pollinfo['id_member'],
  610. 'link' => $pollinfo['id_member'] == 0 ? $row['poster_name'] : '<a href="' . $scripturl . '?action=profile;u=' . $pollinfo['id_member'] . '">' . $row['poster_name'] . '</a>'
  611. )
  612. );
  613. // Make the lock and edit permissions defined above more directly accessible.
  614. $context['allow_lock_poll'] = $context['poll']['lock'];
  615. $context['allow_edit_poll'] = $context['poll']['edit'];
  616. // You're allowed to vote if:
  617. // 1. the poll did not expire, and
  618. // 2. you're either not a guest OR guest voting is enabled... and
  619. // 3. you're not trying to view the results, and
  620. // 4. the poll is not locked, and
  621. // 5. you have the proper permissions, and
  622. // 6. you haven't already voted before.
  623. $context['allow_vote'] = !$context['poll']['is_expired'] && (!$user_info['is_guest'] || ($pollinfo['guest_vote'] && allowedTo('poll_vote'))) && empty($pollinfo['voting_locked']) && allowedTo('poll_vote') && !$context['poll']['has_voted'];
  624. // You're allowed to view the results if:
  625. // 1. you're just a super-nice-guy, or
  626. // 2. anyone can see them (hide_results == 0), or
  627. // 3. you can see them after you voted (hide_results == 1), or
  628. // 4. you've waited long enough for the poll to expire. (whether hide_results is 1 or 2.)
  629. $context['allow_poll_view'] = allowedTo('moderate_board') || $pollinfo['hide_results'] == 0 || ($pollinfo['hide_results'] == 1 && $context['poll']['has_voted']) || $context['poll']['is_expired'];
  630. $context['poll']['show_results'] = $context['allow_poll_view'] && (isset($_REQUEST['viewresults']) || isset($_REQUEST['viewResults']));
  631. $context['show_view_results_button'] = $context['allow_vote'] && (!$context['allow_poll_view'] || !$context['poll']['show_results'] || !$context['poll']['has_voted']);
  632. // You're allowed to change your vote if:
  633. // 1. the poll did not expire, and
  634. // 2. you're not a guest... and
  635. // 3. the poll is not locked, and
  636. // 4. you have the proper permissions, and
  637. // 5. you have already voted, and
  638. // 6. the poll creator has said you can!
  639. $context['allow_change_vote'] = !$context['poll']['is_expired'] && !$user_info['is_guest'] && empty($pollinfo['voting_locked']) && allowedTo('poll_vote') && $context['poll']['has_voted'] && $context['poll']['change_vote'];
  640. // You're allowed to return to voting options if:
  641. // 1. you are (still) allowed to vote.
  642. // 2. you are currently seeing the results.
  643. $context['allow_return_vote'] = $context['allow_vote'] && $context['poll']['show_results'];
  644. // Calculate the percentages and bar lengths...
  645. $divisor = $realtotal == 0 ? 1 : $realtotal;
  646. // Determine if a decimal point is needed in order for the options to add to 100%.
  647. $precision = $realtotal == 100 ? 0 : 1;
  648. // Now look through each option, and...
  649. foreach ($pollOptions as $i => $option)
  650. {
  651. // First calculate the percentage, and then the width of the bar...
  652. $bar = round(($option['votes'] * 100) / $divisor, $precision);
  653. $barWide = $bar == 0 ? 1 : floor(($bar * 8) / 3);
  654. // Now add it to the poll's contextual theme data.
  655. $context['poll']['options'][$i] = array(
  656. 'id' => 'options-' . $i,
  657. 'percent' => $bar,
  658. 'votes' => $option['votes'],
  659. 'voted_this' => $option['voted_this'] != -1,
  660. 'bar' => '<span style="white-space: nowrap;"><img src="' . $settings['images_url'] . '/poll_' . ($context['right_to_left'] ? 'right' : 'left') . '.gif" alt="" /><img src="' . $settings['images_url'] . '/poll_middle.gif" width="' . $barWide . '" height="12" alt="-" /><img src="' . $settings['images_url'] . '/poll_' . ($context['right_to_left'] ? 'left' : 'right') . '.gif" alt="" /></span>',
  661. // Note: IE < 8 requires us to set a width on the container, too.
  662. 'bar_ndt' => $bar > 0 ? '<div class="bar" style="width: ' . ($bar * 3.5 + 4) . 'px;"><div style="width: ' . $bar * 3.5 . 'px;"></div></div>' : '',
  663. 'bar_width' => $barWide,
  664. 'option' => parse_bbc($option['label']),
  665. 'vote_button' => '<input type="' . ($pollinfo['max_votes'] > 1 ? 'checkbox' : 'radio') . '" name="options[]" id="options-' . $i . '" value="' . $i . '" class="input_' . ($pollinfo['max_votes'] > 1 ? 'check' : 'radio') . '" />'
  666. );
  667. }
  668. }
  669. // Calculate the fastest way to get the messages!
  670. $ascending = empty($options['view_newest_first']);
  671. $start = $_REQUEST['start'];
  672. $limit = $context['messages_per_page'];
  673. $firstIndex = 0;
  674. if ($start >= $context['total_visible_posts'] / 2 && $context['messages_per_page'] != -1)
  675. {
  676. $ascending = !$ascending;
  677. $limit = $context['total_visible_posts'] <= $start + $limit ? $context['total_visible_posts'] - $start : $limit;
  678. $start = $context['total_visible_posts'] <= $start + $limit ? 0 : $context['total_visible_posts'] - $start - $limit;
  679. $firstIndex = $limit - 1;
  680. }
  681. // Get each post and poster in this topic.
  682. $request = $smcFunc['db_query']('display_get_post_poster', '
  683. SELECT id_msg, id_member, approved
  684. FROM {db_prefix}messages
  685. WHERE id_topic = {int:current_topic}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : (!empty($modSettings['db_mysql_group_by_fix']) ? '' : '
  686. GROUP BY id_msg') . '
  687. HAVING (approved = {int:is_approved}' . ($user_info['is_guest'] ? '' : ' OR id_member = {int:current_member}') . ')') . '
  688. ORDER BY id_msg ' . ($ascending ? '' : 'DESC') . ($context['messages_per_page'] == -1 ? '' : '
  689. LIMIT ' . $start . ', ' . $limit),
  690. array(
  691. 'current_member' => $user_info['id'],
  692. 'current_topic' => $topic,
  693. 'is_approved' => 1,
  694. 'blank_id_member' => 0,
  695. )
  696. );
  697. $messages = array();
  698. $all_posters = array();
  699. while ($row = $smcFunc['db_fetch_assoc']($request))
  700. {
  701. if (!empty($row['id_member']))
  702. $all_posters[$row['id_msg']] = $row['id_member'];
  703. $messages[] = $row['id_msg'];
  704. }
  705. $smcFunc['db_free_result']($request);
  706. $posters = array_unique($all_posters);
  707. // Guests can't mark topics read or for notifications, just can't sorry.
  708. if (!$user_info['is_guest'])
  709. {
  710. $mark_at_msg = max($messages);
  711. if ($mark_at_msg >= $topicinfo['id_last_msg'])
  712. $mark_at_msg = $modSettings['maxMsgID'];
  713. if ($mark_at_msg >= $topicinfo['new_from'])
  714. {
  715. $smcFunc['db_insert']($topicinfo['new_from'] == 0 ? 'ignore' : 'replace',
  716. '{db_prefix}log_topics',
  717. array(
  718. 'id_member' => 'int', 'id_topic' => 'int', 'id_msg' => 'int',
  719. ),
  720. array(
  721. $user_info['id'], $topic, $mark_at_msg,
  722. ),
  723. array('id_member', 'id_topic')
  724. );
  725. }
  726. // Check for notifications on this topic OR board.
  727. $request = $smcFunc['db_query']('', '
  728. SELECT sent, id_topic
  729. FROM {db_prefix}log_notify
  730. WHERE (id_topic = {int:current_topic} OR id_board = {int:current_board})
  731. AND id_member = {int:current_member}
  732. LIMIT 2',
  733. array(
  734. 'current_board' => $board,
  735. 'current_member' => $user_info['id'],
  736. 'current_topic' => $topic,
  737. )
  738. );
  739. $do_once = true;
  740. while ($row = $smcFunc['db_fetch_assoc']($request))
  741. {
  742. // Find if this topic is marked for notification...
  743. if (!empty($row['id_topic']))
  744. $context['is_marked_notify'] = true;
  745. // Only do this once, but mark the notifications as "not sent yet" for next time.
  746. if (!empty($row['sent']) && $do_once)
  747. {
  748. $smcFunc['db_query']('', '
  749. UPDATE {db_prefix}log_notify
  750. SET sent = {int:is_not_sent}
  751. WHERE (id_topic = {int:current_topic} OR id_board = {int:current_board})
  752. AND id_member = {int:current_member}',
  753. array(
  754. 'current_board' => $board,
  755. 'current_member' => $user_info['id'],
  756. 'current_topic' => $topic,
  757. 'is_not_sent' => 0,
  758. )
  759. );
  760. $do_once = false;
  761. }
  762. }
  763. // Have we recently cached the number of new topics in this board, and it's still a lot?
  764. if (isset($_REQUEST['topicseen']) && isset($_SESSION['topicseen_cache'][$board]) && $_SESSION['topicseen_cache'][$board] > 5)
  765. $_SESSION['topicseen_cache'][$board]--;
  766. // Mark board as seen if this is the only new topic.
  767. elseif (isset($_REQUEST['topicseen']))
  768. {
  769. // Use the mark read tables... and the last visit to figure out if this should be read or not.
  770. $request = $smcFunc['db_query']('', '
  771. SELECT COUNT(*)
  772. FROM {db_prefix}topics AS t
  773. LEFT JOIN {db_prefix}log_boards AS lb ON (lb.id_board = {int:current_board} AND lb.id_member = {int:current_member})
  774. LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = t.id_topic AND lt.id_member = {int:current_member})
  775. WHERE t.id_board = {int:current_board}
  776. AND t.id_last_msg > IFNULL(lb.id_msg, 0)
  777. AND t.id_last_msg > IFNULL(lt.id_msg, 0)' . (empty($_SESSION['id_msg_last_visit']) ? '' : '
  778. AND t.id_last_msg > {int:id_msg_last_visit}'),
  779. array(
  780. 'current_board' => $board,
  781. 'current_member' => $user_info['id'],
  782. 'id_msg_last_visit' => (int) $_SESSION['id_msg_last_visit'],
  783. )
  784. );
  785. list ($numNewTopics) = $smcFunc['db_fetch_row']($request);
  786. $smcFunc['db_free_result']($request);
  787. // If there're no real new topics in this board, mark the board as seen.
  788. if (empty($numNewTopics))
  789. $_REQUEST['boardseen'] = true;
  790. else
  791. $_SESSION['topicseen_cache'][$board] = $numNewTopics;
  792. }
  793. // Probably one less topic - maybe not, but even if we decrease this too fast it will only make us look more often.
  794. elseif (isset($_SESSION['topicseen_cache'][$board]))
  795. $_SESSION['topicseen_cache'][$board]--;
  796. // Mark board as seen if we came using last post link from BoardIndex. (or other places...)
  797. if (isset($_REQUEST['boardseen']))
  798. {
  799. $smcFunc['db_insert']('replace',
  800. '{db_prefix}log_boards',
  801. array('id_msg' => 'int', 'id_member' => 'int', 'id_board' => 'int'),
  802. array($modSettings['maxMsgID'], $user_info['id'], $board),
  803. array('id_member', 'id_board')
  804. );
  805. }
  806. }
  807. $attachments = array();
  808. // If there _are_ messages here... (probably an error otherwise :!)
  809. if (!empty($messages))
  810. {
  811. // Fetch attachments.
  812. if (!empty($modSettings['attachmentEnable']) && allowedTo('view_attachments'))
  813. {
  814. $request = $smcFunc['db_query']('', '
  815. SELECT
  816. a.id_attach, a.id_folder, a.id_msg, a.filename, a.file_hash, IFNULL(a.size, 0) AS filesize, a.downloads, a.approved,
  817. a.width, a.height' . (empty($modSettings['attachmentShowImages']) || empty($modSettings['attachmentThumbnails']) ? '' : ',
  818. IFNULL(thumb.id_attach, 0) AS id_thumb, thumb.width AS thumb_width, thumb.height AS thumb_height') . '
  819. FROM {db_prefix}attachments AS a' . (empty($modSettings['attachmentShowImages']) || empty($modSettings['attachmentThumbnails']) ? '' : '
  820. LEFT JOIN {db_prefix}attachments AS thumb ON (thumb.id_attach = a.id_thumb)') . '
  821. WHERE a.id_msg IN ({array_int:message_list})
  822. AND a.attachment_type = {int:attachment_type}',
  823. array(
  824. 'message_list' => $messages,
  825. 'attachment_type' => 0,
  826. 'is_approved' => 1,
  827. )
  828. );
  829. $temp = array();
  830. while ($row = $smcFunc['db_fetch_assoc']($request))
  831. {
  832. if (!$row['approved'] && $modSettings['postmod_active'] && !allowedTo('approve_posts') && (!isset($all_posters[$row['id_msg']]) || $all_posters[$row['id_msg']] != $user_info['id']))
  833. continue;
  834. $temp[$row['id_attach']] = $row;
  835. if (!isset($attachments[$row['id_msg']]))
  836. $attachments[$row['id_msg']] = array();
  837. }
  838. $smcFunc['db_free_result']($request);
  839. // This is better than sorting it with the query...
  840. ksort($temp);
  841. foreach ($temp as $row)
  842. $attachments[$row['id_msg']][] = $row;
  843. }
  844. // What? It's not like it *couldn't* be only guests in this topic...
  845. if (!empty($posters))
  846. loadMemberData($posters);
  847. $messages_request = $smcFunc['db_query']('', '
  848. SELECT
  849. id_msg, icon, subject, poster_time, poster_ip, id_member, modified_time, modified_name, body,
  850. smileys_enabled, poster_name, poster_email, approved,
  851. id_msg_modified < {int:new_from} AS is_read
  852. FROM {db_prefix}messages
  853. WHERE id_msg IN ({array_int:message_list})
  854. ORDER BY id_msg' . (empty($options['view_newest_first']) ? '' : ' DESC'),
  855. array(
  856. 'message_list' => $messages,
  857. 'new_from' => $topicinfo['new_from'],
  858. )
  859. );
  860. // Go to the last message if the given time is beyond the time of the last message.
  861. if (isset($context['start_from']) && $context['start_from'] >= $topicinfo['num_replies'])
  862. $context['start_from'] = $topicinfo['num_replies'];
  863. // Since the anchor information is needed on the top of the page we load these variables beforehand.
  864. $context['first_message'] = isset($messages[$firstIndex]) ? $messages[$firstIndex] : $messages[0];
  865. if (empty($options['view_newest_first']))
  866. $context['first_new_message'] = isset($context['start_from']) && $_REQUEST['start'] == $context['start_from'];
  867. else
  868. $context['first_new_message'] = isset($context['start_from']) && $_REQUEST['start'] == $topicinfo['num_replies'] - $context['start_from'];
  869. }
  870. else
  871. {
  872. $messages_request = false;
  873. $context['first_message'] = 0;
  874. $context['first_new_message'] = false;
  875. }
  876. $context['jump_to'] = array(
  877. 'label' => addslashes(un_htmlspecialchars($txt['jump_to'])),
  878. 'board_name' => htmlspecialchars(strtr(strip_tags($board_info['name']), array('&amp;' => '&'))),
  879. 'child_level' => $board_info['child_level'],
  880. );
  881. // Set the callback. (do you REALIZE how much memory all the messages would take?!?)
  882. // This will be called from the template.
  883. $context['get_message'] = 'prepareDisplayContext';
  884. // Now set all the wonderful, wonderful permissions... like moderation ones...
  885. $common_permissions = array(
  886. 'can_approve' => 'approve_posts',
  887. 'can_ban' => 'manage_bans',
  888. 'can_sticky' => 'make_sticky',
  889. 'can_merge' => 'merge_any',
  890. 'can_split' => 'split_any',
  891. 'calendar_post' => 'calendar_post',
  892. 'can_mark_notify' => 'mark_any_notify',
  893. 'can_send_topic' => 'send_topic',
  894. 'can_send_pm' => 'pm_send',
  895. 'can_report_moderator' => 'report_any',
  896. 'can_moderate_forum' => 'moderate_forum',
  897. 'can_issue_warning' => 'issue_warning',
  898. 'can_restore_topic' => 'move_any',
  899. 'can_restore_msg' => 'move_any',
  900. );
  901. foreach ($common_permissions as $contextual => $perm)
  902. $context[$contextual] = allowedTo($perm);
  903. // Permissions with _any/_own versions. $context[YYY] => ZZZ_any/_own.
  904. $anyown_permissions = array(
  905. 'can_move' => 'move',
  906. 'can_lock' => 'lock',
  907. 'can_delete' => 'remove',
  908. 'can_add_poll' => 'poll_add',
  909. 'can_remove_poll' => 'poll_remove',
  910. 'can_reply' => 'post_reply',
  911. 'can_reply_unapproved' => 'post_unapproved_replies',
  912. );
  913. foreach ($anyown_permissions as $contextual => $perm)
  914. $context[$contextual] = allowedTo($perm . '_any') || ($context['user']['started'] && allowedTo($perm . '_own'));
  915. // Cleanup all the permissions with extra stuff...
  916. $context['can_mark_notify'] &= !$context['user']['is_guest'];
  917. $context['can_sticky'] &= !empty($modSettings['enableStickyTopics']);
  918. $context['calendar_post'] &= !empty($modSettings['cal_enabled']);
  919. $context['can_add_poll'] &= $modSettings['pollMode'] == '1' && $topicinfo['id_poll'] <= 0;
  920. $context['can_remove_poll'] &= $modSettings['pollMode'] == '1' && $topicinfo['id_poll'] > 0;
  921. $context['can_reply'] &= empty($topicinfo['locked']) || allowedTo('moderate_board');
  922. $context['can_reply_unapproved'] &= $modSettings['postmod_active'] && (empty($topicinfo['locked']) || allowedTo('moderate_board'));
  923. $context['can_issue_warning'] &= in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1;
  924. // Handle approval flags...
  925. $context['can_reply_approved'] = $context['can_reply'];
  926. $context['can_reply'] |= $context['can_reply_unapproved'];
  927. $context['can_quote'] = $context['can_reply'] && (empty($modSettings['disabledBBC']) || !in_array('quote', explode(',', $modSettings['disabledBBC'])));
  928. $context['can_mark_unread'] = !$user_info['is_guest'] && $settings['show_mark_read'];
  929. $context['can_send_topic'] = (!$modSettings['postmod_active'] || $topicinfo['approved']) && allowedTo('send_topic');
  930. // Start this off for quick moderation - it will be or'd for each post.
  931. $context['can_remove_post'] = allowedTo('delete_any') || (allowedTo('delete_replies') && $context['user']['started']);
  932. // Can restore topic? That's if the topic is in the recycle board and has a previous restore state.
  933. $context['can_restore_topic'] &= !empty($modSettings['recycle_enable']) && $modSettings['recycle_board'] == $board && !empty($topicinfo['id_previous_board']);
  934. $context['can_restore_msg'] &= !empty($modSettings['recycle_enable']) && $modSettings['recycle_board'] == $board && !empty($topicinfo['id_previous_topic']);
  935. // Wireless shows a "more" if you can do anything special.
  936. if (WIRELESS && WIRELESS_PROTOCOL != 'wap')
  937. {
  938. $context['wireless_more'] = $context['can_sticky'] || $context['can_lock'] || allowedTo('modify_any');
  939. $context['wireless_moderate'] = isset($_GET['moderate']) ? ';moderate' : '';
  940. }
  941. // Load up the "double post" sequencing magic.
  942. if (!empty($options['display_quick_reply']))
  943. {
  944. checkSubmitOnce('register');
  945. $context['name'] = isset($_SESSION['guest_name']) ? $_SESSION['guest_name'] : '';
  946. $context['email'] = isset($_SESSION['guest_email']) ? $_SESSION['guest_email'] : '';
  947. }
  948. }
  949. /**
  950. * Callback for the message display.
  951. * It actually gets and prepares the message context.
  952. * This function will start over from the beginning if reset is set to true, which is
  953. * useful for showing an index before or after the posts.
  954. * @param bool $reset, default false.
  955. */
  956. function prepareDisplayContext($reset = false)
  957. {
  958. global $settings, $txt, $modSettings, $scripturl, $options, $user_info, $smcFunc;
  959. global $memberContext, $context, $messages_request, $topic, $attachments, $topicinfo;
  960. static $counter = null;
  961. // If the query returned false, bail.
  962. if ($messages_request == false)
  963. return false;
  964. // Remember which message this is. (ie. reply #83)
  965. if ($counter === null || $reset)
  966. $counter = empty($options['view_newest_first']) ? $context['start'] : $context['total_visible_posts'] - $context['start'];
  967. // Start from the beginning...
  968. if ($reset)
  969. return @$smcFunc['db_data_seek']($messages_request, 0);
  970. // Attempt to get the next message.
  971. $message = $smcFunc['db_fetch_assoc']($messages_request);
  972. if (!$message)
  973. {
  974. $smcFunc['db_free_result']($messages_request);
  975. return false;
  976. }
  977. // $context['icon_sources'] says where each icon should come from - here we set up the ones which will always exist!
  978. if (empty($context['icon_sources']))
  979. {
  980. $stable_icons = array('xx', 'thumbup', 'thumbdown', 'exclamation', 'question', 'lamp', 'smiley', 'angry', 'cheesy', 'grin', 'sad', 'wink', 'moved', 'recycled', 'wireless', 'clip');
  981. $context['icon_sources'] = array();
  982. foreach ($stable_icons as $icon)
  983. $context['icon_sources'][$icon] = 'images_url';
  984. }
  985. // Message Icon Management... check the images exist.
  986. if (empty($modSettings['messageIconChecks_disable']))
  987. {
  988. // If the current icon isn't known, then we need to do something...
  989. if (!isset($context['icon_sources'][$message['icon']]))
  990. $context['icon_sources'][$message['icon']] = file_exists($settings['theme_dir'] . '/images/post/' . $message['icon'] . '.gif') ? 'images_url' : 'default_images_url';
  991. }
  992. elseif (!isset($context['icon_sources'][$message['icon']]))
  993. $context['icon_sources'][$message['icon']] = 'images_url';
  994. // If you're a lazy bum, you probably didn't give a subject...
  995. $message['subject'] = $message['subject'] != '' ? $message['subject'] : $txt['no_subject'];
  996. // Are you allowed to remove at least a single reply?
  997. $context['can_remove_post'] |= allowedTo('delete_own') && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 >= time()) && $message['id_member'] == $user_info['id'];
  998. // If it couldn't load, or the user was a guest.... someday may be done with a guest table.
  999. if (!loadMemberContext($message['id_member'], true))
  1000. {
  1001. // Notice this information isn't used anywhere else....
  1002. $memberContext[$message['id_member']]['name'] = $message['poster_name'];
  1003. $memberContext[$message['id_member']]['id'] = 0;
  1004. $memberContext[$message['id_member']]['group'] = $txt['guest_title'];
  1005. $memberContext[$message['id_member']]['link'] = $message['poster_name'];
  1006. $memberContext[$message['id_member']]['email'] = $message['poster_email'];
  1007. $memberContext[$message['id_member']]['show_email'] = showEmailAddress(true, 0);
  1008. $memberContext[$message['id_member']]['is_guest'] = true;
  1009. }
  1010. else
  1011. {
  1012. $memberContext[$message['id_member']]['can_view_profile'] = allowedTo('profile_view_any') || ($message['id_member'] == $user_info['id'] && allowedTo('profile_view_own'));
  1013. $memberContext[$message['id_member']]['is_topic_starter'] = $message['id_member'] == $context['topic_starter_id'];
  1014. $memberContext[$message['id_member']]['can_see_warning'] = !isset($context['disabled_fields']['warning_status']) && $memberContext[$message['id_member']]['warning_status'] && ($context['user']['can_mod'] || (!$user_info['is_guest'] && !empty($modSettings['warning_show']) && ($modSettings['warning_show'] > 1 || $message['id_member'] == $user_info['id'])));
  1015. }
  1016. $memberContext[$message['id_member']]['ip'] = $message['poster_ip'];
  1017. // Do the censor thang.
  1018. censorText($message['body']);
  1019. censorText($message['subject']);
  1020. // Run BBC interpreter on the message.
  1021. $message['body'] = parse_bbc($message['body'], $message['smileys_enabled'], $message['id_msg']);
  1022. // Compose the memory eat- I mean message array.
  1023. $output = array(
  1024. 'attachment' => loadAttachmentContext($message['id_msg']),
  1025. 'alternate' => $counter % 2,
  1026. 'id' => $message['id_msg'],
  1027. 'href' => $scripturl . '?topic=' . $topic . '.msg' . $message['id_msg'] . '#msg' . $message['id_msg'],
  1028. 'link' => '<a href="' . $scripturl . '?topic=' . $topic . '.msg' . $message['id_msg'] . '#msg' . $message['id_msg'] . '" rel="nofollow">' . $message['subject'] . '</a>',
  1029. 'member' => &$memberContext[$message['id_member']],
  1030. 'icon' => $message['icon'],
  1031. 'icon_url' => $settings[$context['icon_sources'][$message['icon']]] . '/post/' . $message['icon'] . '.gif',
  1032. 'subject' => $message['subject'],
  1033. 'time' => timeformat($message['poster_time']),
  1034. 'timestamp' => forum_time(true, $message['poster_time']),
  1035. 'counter' => $counter,
  1036. 'modified' => array(
  1037. 'time' => timeformat($message['modified_time']),
  1038. 'timestamp' => forum_time(true, $message['modified_time']),
  1039. 'name' => $message['modified_name']
  1040. ),
  1041. 'body' => $message['body'],
  1042. 'new' => empty($message['is_read']),
  1043. 'approved' => $message['approved'],
  1044. 'first_new' => isset($context['start_from']) && $context['start_from'] == $counter,
  1045. 'is_ignored' => !empty($modSettings['enable_buddylist']) && !empty($options['posts_apply_ignore_list']) && in_array($message['id_member'], $context['user']['ignoreusers']),
  1046. 'can_approve' => !$message['approved'] && $context['can_approve'],
  1047. 'can_unapprove' => $message['approved'] && $context['can_approve'],
  1048. 'can_modify' => (!$context['is_locked'] || allowedTo('moderate_board')) && (allowedTo('modify_any') || (allowedTo('modify_replies') && $context['user']['started']) || (allowedTo('modify_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || !$message['approved'] || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time()))),
  1049. 'can_remove' => allowedTo('delete_any') || (allowedTo('delete_replies') && $context['user']['started']) || (allowedTo('delete_own') && $message['id_member'] == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $message['poster_time'] + $modSettings['edit_disable_time'] * 60 > time())),
  1050. 'can_see_ip' => allowedTo('moderate_forum') || ($message['id_member'] == $user_info['id'] && !empty($user_info['id'])),
  1051. );
  1052. // Is this user the message author?
  1053. $output['is_message_author'] = $message['id_member'] == $user_info['id'];
  1054. if (empty($options['view_newest_first']))
  1055. $counter++;
  1056. else
  1057. $counter--;
  1058. return $output;
  1059. }
  1060. /**
  1061. * Downloads an attachment or avatar, and increments the downloads.
  1062. * It requires the view_attachments permission. (not for avatars!)
  1063. * It disables the session parser, and clears any previous output.
  1064. * It depends on the attachmentUploadDir setting being correct.
  1065. * It is accessed via the query string ?action=dlattach.
  1066. * Views to attachments and avatars do not increase hits and are not logged in the "Who's Online" log.
  1067. */
  1068. function Download()
  1069. {
  1070. global $txt, $modSettings, $user_info, $scripturl, $context, $sourcedir, $topic, $smcFunc;
  1071. // Some defaults that we need.
  1072. $context['character_set'] = empty($modSettings['global_character_set']) ? (empty($txt['lang_character_set']) ? 'ISO-8859-1' : $txt['lang_character_set']) : $modSettings['global_character_set'];
  1073. $context['utf8'] = $context['character_set'] === 'UTF-8';
  1074. $context['no_last_modified'] = true;
  1075. // Make sure some attachment was requested!
  1076. if (!isset($_REQUEST['attach']) && !isset($_REQUEST['id']))
  1077. fatal_lang_error('no_access', false);
  1078. $_REQUEST['attach'] = isset($_REQUEST['attach']) ? (int) $_REQUEST['attach'] : (int) $_REQUEST['id'];
  1079. if (isset($_REQUEST['type']) && $_REQUEST['type'] == 'avatar')
  1080. {
  1081. $request = $smcFunc['db_query']('', '
  1082. SELECT id_folder, filename, file_hash, fileext, id_attach, attachment_type, mime_type, approved, id_member
  1083. FROM {db_prefix}attachments
  1084. WHERE id_attach = {int:id_attach}
  1085. AND id_member > {int:blank_id_member}
  1086. LIMIT 1',
  1087. array(
  1088. 'id_attach' => $_REQUEST['attach'],
  1089. 'blank_id_member' => 0,
  1090. )
  1091. );
  1092. $_REQUEST['image'] = true;
  1093. }
  1094. // This is just a regular attachment...
  1095. else
  1096. {
  1097. // This checks only the current board for $board/$topic's permissions.
  1098. isAllowedTo('view_attachments');
  1099. // Make sure this attachment is on this board.
  1100. // @todo: We must verify that $topic is the attachment's topic, or else the permission check above is broken.
  1101. $request = $smcFunc['db_query']('', '
  1102. SELECT a.id_folder, a.filename, a.file_hash, a.fileext, a.id_attach, a.attachment_type, a.mime_type, a.approved, m.id_member
  1103. FROM {db_prefix}attachments AS a
  1104. INNER JOIN {db_prefix}messages AS m ON (m.id_msg = a.id_msg AND m.id_topic = {int:current_topic})
  1105. INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board})
  1106. WHERE a.id_attach = {int:attach}
  1107. LIMIT 1',
  1108. array(
  1109. 'attach' => $_REQUEST['attach'],
  1110. 'current_topic' => $topic,
  1111. )
  1112. );
  1113. }
  1114. if ($smcFunc['db_num_rows']($request) == 0)
  1115. fatal_lang_error('no_access', false);
  1116. list ($id_folder, $real_filename, $file_hash, $file_ext, $id_attach, $attachment_type, $mime_type, $is_approved, $id_member) = $smcFunc['db_fetch_row']($request);
  1117. $smcFunc['db_free_result']($request);
  1118. // If it isn't yet approved, do they have permission to view it?
  1119. if (!$is_approved && ($id_member == 0 || $user_info['id'] != $id_member) && ($attachment_type == 0 || $attachment_type == 3))
  1120. isAllowedTo('approve_posts');
  1121. // Update the download counter (unless it's a thumbnail).
  1122. if ($attachment_type != 3)
  1123. $smcFunc['db_query']('attach_download_increase', '
  1124. UPDATE LOW_PRIORITY {db_prefix}attachments
  1125. SET downloads = downloads + 1
  1126. WHERE id_attach = {int:id_attach}',
  1127. array(
  1128. 'id_attach' => $id_attach,
  1129. )
  1130. );
  1131. $filename = getAttachmentFilename($real_filename, $_REQUEST['attach'], $id_folder, false, $file_hash);
  1132. // This is done to clear any output that was made before now.
  1133. ob_clean();
  1134. // No point in a nicer message, because this is supposed to be an attachment anyway...
  1135. if (!file_exists($filename))
  1136. {
  1137. loadLanguage('Errors');
  1138. header('HTTP/1.0 404 ' . $txt['attachment_not_found']);
  1139. header('Content-Type: text/plain; charset=' . (empty($context['character_set']) ? 'ISO-8859-1' : $context['character_set']));
  1140. // We need to die like this *before* we send any anti-caching headers as below.
  1141. die('404 - ' . $txt['attachment_not_found']);
  1142. }
  1143. // If it hasn't been modified since the last time this attachement was retrieved, there's no need to display it again.
  1144. if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE']))
  1145. {
  1146. list($modified_since) = explode(';', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
  1147. if (strtotime($modified_since) >= filemtime($filename))
  1148. {
  1149. ob_end_clean();
  1150. // Answer the question - no, it hasn't been modified ;).
  1151. header('HTTP/1.1 304 Not Modified');
  1152. exit;
  1153. }
  1154. }
  1155. // Check whether the ETag was sent back, and cache based on that...
  1156. $eTag = '"' . substr($_REQUEST['attach'] . $real_filename . filemtime($filename), 0, 64) . '"';
  1157. if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) && strpos($_SERVER['HTTP_IF_NONE_MATCH'], $eTag) !== false)
  1158. {
  1159. ob_end_clean();
  1160. header('HTTP/1.1 304 Not Modified');
  1161. exit;
  1162. }
  1163. // Send the attachment headers.
  1164. header('Pragma: ');
  1165. if (!isBrowser('gecko'))
  1166. header('Content-Transfer-Encoding: binary');
  1167. header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 525600 * 60) . ' GMT');
  1168. header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($filename)) . ' GMT');
  1169. header('Accept-Ranges: bytes');
  1170. header('Connection: close');
  1171. header('ETag: ' . $eTag);
  1172. // IE 6 just doesn't play nice. As dirty as this seems, it works.
  1173. if (isBrowser('ie6') && isset($_REQUEST['image']))
  1174. unset($_REQUEST['image']);
  1175. // Make sure the mime type warrants an inline display.
  1176. elseif (isset($_REQUEST['image']) && !empty($mime_type) && strpos($mime_type, 'image/') !== 0)
  1177. unset($_REQUEST['image']);
  1178. // Does this have a mime type?
  1179. elseif (!empty($mime_type) && (isset($_REQUEST['image']) || !in_array($file_ext, array('jpg', 'gif', 'jpeg', 'x-ms-bmp', 'png', 'psd', 'tiff', 'iff'))))
  1180. header('Content-Type: ' . strtr($mime_type, array('image/bmp' => 'image/x-ms-bmp')));
  1181. else
  1182. {
  1183. header('Content-Type: ' . (isBrowser('ie') || isBrowser('opera') ? 'application/octetstream' : 'application/octet-stream'));
  1184. if (isset($_REQUEST['image']))
  1185. unset($_REQUEST['image']);
  1186. }
  1187. // Convert the file to UTF-8, cuz most browsers dig that.
  1188. $utf8name = !$context['utf8'] && function_exists('iconv') ? iconv($context['character_set'], 'UTF-8', $real_filename) : (!$context['utf8'] && function_exists('mb_convert_encoding') ? mb_convert_encoding($real_filename, 'UTF-8', $context['character_set']) : $real_filename);
  1189. $fixchar = create_function('$n', '
  1190. if ($n < 32)
  1191. return \'\';
  1192. elseif ($n < 128)
  1193. return chr($n);
  1194. elseif ($n < 2048)
  1195. return chr(192 | $n >> 6) . chr(128 | $n & 63);
  1196. elseif ($n < 65536)
  1197. return chr(224 | $n >> 12) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);
  1198. else
  1199. return chr(240 | $n >> 18) . chr(128 | $n >> 12 & 63) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);');
  1200. $disposition = !isset($_REQUEST['image']) ? 'attachment' : 'inline';
  1201. // Different browsers like different standards...
  1202. if (isBrowser('firefox'))
  1203. header('Content-Disposition: ' . $disposition . '; filename*=UTF-8\'\'' . rawurlencode(preg_replace('~&#(\d{3,8});~e', '$fixchar(\'$1\')', $utf8name)));
  1204. elseif (isBrowser('opera'))
  1205. header('Content-Disposition: ' . $disposition . '; filename="' . preg_replace('~&#(\d{3,8});~e', '$fixchar(\'$1\')', $utf8name) . '"');
  1206. elseif (isBrowser('ie'))
  1207. header('Content-Disposition: ' . $disposition . '; filename="' . urlencode(preg_replace('~&#(\d{3,8});~e', '$fixchar(\'$1\')', $utf8name)) . '"');
  1208. else
  1209. header('Content-Disposition: ' . $disposition . '; filename="' . $utf8name . '"');
  1210. // If this has an "image extension" - but isn't actually an image - then ensure it isn't cached cause of silly IE.
  1211. if (!isset($_REQUEST['image']) && in_array($file_ext, array('gif', 'jpg', 'bmp', 'png', 'jpeg', 'tiff')))
  1212. header('Cache-Control: no-cache');
  1213. else
  1214. header('Cache-Control: max-age=' . (525600 * 60) . ', private');
  1215. header('Content-Length: ' . filesize($filename));
  1216. // Try to buy some time...
  1217. @set_time_limit(600);
  1218. // Recode line endings for text files, if enabled.
  1219. if (!empty($modSettings['attachmentRecodeLineEndings']) && !isset($_REQUEST['image']) && in_array($file_ext, array('txt', 'css', 'htm', 'html', 'php', 'xml')))
  1220. {
  1221. if (strpos($_SERVER['HTTP_USER_AGENT'], 'Windows') !== false)
  1222. $callback = create_function('$buffer', 'return preg_replace(\'~[\r]?\n~\', "\r\n", $buffer);');
  1223. elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'Mac') !== false)
  1224. $callback = create_function('$buffer', 'return preg_replace(\'~[\r]?\n~\', "\r", $buffer);');
  1225. else
  1226. $callback = create_function('$buffer', 'return preg_replace(\'~[\r]?\n~\', "\n", $buffer);');
  1227. }
  1228. // Since we don't do output compression for files this large...
  1229. if (filesize($filename) > 4194304)
  1230. {
  1231. // Forcibly end any output buffering going on.
  1232. if (function_exists('ob_get_level'))
  1233. {
  1234. while (@ob_get_level() > 0)
  1235. @ob_end_clean();
  1236. }
  1237. else
  1238. {
  1239. @ob_end_clean();
  1240. @ob_end_clean();
  1241. @ob_end_clean();
  1242. }
  1243. $fp = fopen($filename, 'rb');
  1244. while (!feof($fp))
  1245. {
  1246. if (isset($callback))
  1247. echo $callback(fread($fp, 8192));
  1248. else
  1249. echo fread($fp, 8192);
  1250. flush();
  1251. }
  1252. fclose($fp);
  1253. }
  1254. // On some of the less-bright hosts, readfile() is disabled. It's just a faster, more byte safe, version of what's in the if.
  1255. elseif (isset($callback) || @readfile($filename) === null)
  1256. echo isset($callback) ? $callback(file_get_contents($filename)) : file_get_contents($filename);
  1257. obExit(false);
  1258. }
  1259. /**
  1260. * This loads an attachment's contextual data including, most importantly, its size
  1261. * if it is an image.
  1262. * Pre-condition: $attachments array to have been filled with the proper attachment data, as Display() does.
  1263. * (@todo change this pre-condition, too fragile and error-prone.)
  1264. * It requires the view_attachments permission to calculate image size.
  1265. * It attempts to keep the "aspect ratio" of the posted image in line, even if it has to be resized by
  1266. * the max_image_width and max_image_height settings.
  1267. */
  1268. function loadAttachmentContext($id_msg)
  1269. {
  1270. global $attachments, $modSettings, $txt, $scripturl, $topic, $sourcedir, $smcFunc;
  1271. // Set up the attachment info - based on code by Meriadoc.
  1272. $attachmentData = array();
  1273. $have_unapproved = false;
  1274. if (isset($attachments[$id_msg]) && !empty($modSettings['attachmentEnable']))
  1275. {
  1276. foreach ($attachments[$id_msg] as $i => $attachment)
  1277. {
  1278. $attachmentData[$i] = array(
  1279. 'id' => $attachment['id_attach'],
  1280. 'name' => preg_replace('~&amp;#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($attachment['filename'])),
  1281. 'downloads' => $attachment['downloads'],
  1282. 'size' => round($attachment['filesize'] / 1024, 2) . ' ' . $txt['kilobyte'],
  1283. 'byte_size' => $attachment['filesize'],
  1284. 'href' => $scripturl . '?action=dlattach;topic=' . $topic . '.0;attach=' . $attachment['id_attach'],
  1285. 'link' => '<a href="' . $scripturl . '?action=dlattach;topic=' . $topic . '.0;attach=' . $attachment['id_attach'] . '">' . htmlspecialchars($attachment['filename']) . '</a>',
  1286. 'is_image' => !empty($attachment['width']) && !empty($attachment['height']) && !empty($modSettings['attachmentShowImages']),
  1287. 'is_approved' => $attachment['approved'],
  1288. );
  1289. // If something is unapproved we'll note it so we can sort them.
  1290. if (!$attachment['approved'])
  1291. $have_unapproved = true;
  1292. if (!$attachmentData[$i]['is_image'])
  1293. continue;
  1294. $attachmentData[$i]['real_width'] = $attachment['width'];
  1295. $attachmentData[$i]['width'] = $attachment['width'];
  1296. $attachmentData[$i]['real_height'] = $attachment['height'];
  1297. $attachmentData[$i]['height'] = $attachment['height'];
  1298. // Let's see, do we want thumbs?
  1299. if (!empty($modSettings['attachmentThumbnails']) && !empty($modSettings['attachmentThumbWidth']) && !empty($modSettings['attachmentThumbHeight']) && ($attachment['width'] > $modSettings['attachmentThumbWidth'] || $attachment['height'] > $modSettings['attachmentThumbHeight']) && strlen($attachment['filename']) < 249)
  1300. {
  1301. // A proper thumb doesn't exist yet? Create one!
  1302. if (empty($attachment['id_thumb']) || $attachment['thumb_width'] > $modSettings['attachmentThumbWidth'] || $attachment['thumb_height'] > $modSettings['attachmentThumbHeight'] || ($attachment['thumb_width'] < $modSettings['attachmentThumbWidth'] && $attachment['thumb_height'] < $modSettings['attachmentThumbHeight']))
  1303. {
  1304. $filename = getAttachmentFilename($attachment['filename'], $attachment['id_attach'], $attachment['id_folder']);
  1305. require_once($sourcedir . '/Subs-Graphics.php');
  1306. if (createThumbnail($filename, $modSettings['attachmentThumbWidth'], $modSettings['attachmentThumbHeight']))
  1307. {
  1308. // So what folder are we putting this image in?
  1309. if (!empty($modSettings['currentAttachmentUploadDir']))
  1310. {
  1311. if (!is_array($modSettings['attachmentUploadDir']))
  1312. $modSettings['attachmentUploadDir'] = @unserialize($modSettings['attachmentUploadDir']);
  1313. $path = $modSettings['attachmentUploadDir'][$modSettings['currentAttachmentUploadDir']];
  1314. $id_folder_thumb = $modSettings['currentAttachmentUploadDir'];
  1315. }
  1316. else
  1317. {
  1318. $path = $modSettings['attachmentUploadDir'];
  1319. $id_folder_thumb = 1;
  1320. }
  1321. // Calculate the size of the created thumbnail.
  1322. $size = @getimagesize($filename . '_thumb');
  1323. list ($attachment['thumb_width'], $attachment['thumb_height']) = $size;
  1324. $thumb_size = filesize($filename . '_thumb');
  1325. // These are the only valid image types for SMF.
  1326. $validImageTypes = array(1 => 'gif', 2 => 'jpeg', 3 => 'png', 5 => 'psd', 6 => 'bmp', 7 => 'tiff', 8 => 'tiff', 9 => 'jpeg', 14 => 'iff');
  1327. // What about the extension?
  1328. $thumb_ext = isset($validImageTypes[$size[2]]) ? $validImageTypes[$size[2]] : '';
  1329. // Figure out the mime type.
  1330. if (!empty($size['mime']))
  1331. $thumb_mime = $size['mime'];
  1332. else
  1333. $thumb_mime = 'image/' . $thumb_ext;
  1334. $thumb_filename = $attachment['filename'] . '_thumb';
  1335. $thumb_hash = getAttachmentFilename($thumb_filename, false, null, true);
  1336. // Add this beauty to the database.
  1337. $smcFunc['db_insert']('',
  1338. '{db_prefix}attachments',
  1339. array('id_folder' => 'int', 'id_msg' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'file_hash' => 'string', 'size' => 'int', 'width' => 'int', 'height' => 'int', 'fileext' => 'string', 'mime_type' => 'string'),
  1340. array($id_folder_thumb, $id_msg, 3, $thumb_filename, $thumb_hash, (int) $thumb_size, (int) $attachment['thumb_width'], (int) $attachment['thumb_height'], $thumb_ext, $thumb_mime),
  1341. array('id_attach')
  1342. );
  1343. $old_id_thumb = $attachment['id_thumb'];
  1344. $attachment['id_thumb'] = $smcFunc['db_insert_id']('{db_prefix}attachments', 'id_attach');
  1345. if (!empty($attachment['id_thumb']))
  1346. {
  1347. $smcFunc['db_query']('', '
  1348. UPDATE {db_prefix}attachments
  1349. SET id_thumb = {int:id_thumb}
  1350. WHERE id_attach = {int:id_attach}',
  1351. array(
  1352. 'id_thumb' => $attachment['id_thumb'],
  1353. 'id_attach' => $attachment['id_attach'],
  1354. )
  1355. );
  1356. $thumb_realname = getAttachmentFilename($thumb_filename, $attachment['id_thumb'], $id_folder_thumb, false, $thumb_hash);
  1357. rename($filename . '_thumb', $thumb_realname);
  1358. // Do we need to remove an old thumbnail?
  1359. if (!empty($old_id_thumb))
  1360. {
  1361. require_once($sourcedir . '/ManageAttachments.php');
  1362. removeAttachments(array('id_attach' => $old_id_thumb), '', false, false);
  1363. }
  1364. }
  1365. }
  1366. }
  1367. // Only adjust dimensions on successful thumbnail creation.
  1368. if (!empty($attachment['thumb_width']) && !empty($attachment['thumb_height']))
  1369. {
  1370. $attachmentData[$i]['width'] = $attachment['thumb_width'];
  1371. $attachmentData[$i]['height'] = $attachment['thumb_height'];
  1372. }
  1373. }
  1374. if (!empty($attachment['id_thumb']))
  1375. $attachmentData[$i]['thumbnail'] = array(
  1376. 'id' => $attachment['id_thumb'],
  1377. 'href' => $scripturl . '?action=dlattach;topic=' . $topic . '.0;attach=' . $attachment['id_thumb'] . ';image',
  1378. );
  1379. $attachmentData[$i]['thumbnail']['has_thumb'] = !empty($attachment['id_thumb']);
  1380. // If thumbnails are disabled, check the maximum size of the image.
  1381. if (!$attachmentData[$i]['thumbnail']['has_thumb'] && ((!empty($modSettings['max_image_width']) && $attachment['width'] > $modSettings['max_image_width']) || (!empty($modSettings['max_image_height']) && $attachment['height'] > $modSettings['max_image_height'])))
  1382. {
  1383. if (!empty($modSettings['max_image_width']) && (empty($modSettings['max_image_height']) || $attachment['height'] * $modSettings['max_image_width'] / $attachment['width'] <= $modSettings['max_image_height']))
  1384. {
  1385. $attachmentData[$i]['width'] = $modSettings['max_image_width'];
  1386. $attachmentData[$i]['height'] = floor($attachment['height'] * $modSettings['max_image_width'] / $attachment['width']);
  1387. }
  1388. elseif (!empty($modSettings['max_image_width']))
  1389. {
  1390. $attachmentData[$i]['width'] = floor($attachment['width'] * $modSettings['max_image_height'] / $attachment['height']);
  1391. $attachmentData[$i]['height'] = $modSettings['max_image_height'];
  1392. }
  1393. }
  1394. elseif ($attachmentData[$i]['thumbnail']['has_thumb'])
  1395. {
  1396. // If the image is too large to show inline, make it a popup.
  1397. if (((!empty($modSettings['max_image_width']) && $attachmentData[$i]['real_width'] > $modSettings['max_image_width']) || (!empty($modSettings['max_image_height']) && $attachmentData[$i]['real_height'] > $modSettings['max_image_height'])))
  1398. $attachmentData[$i]['thumbnail']['javascript'] = 'return reqWin(\'' . $attachmentData[$i]['href'] . ';image\', ' . ($attachment['width'] + 20) . ', ' . ($attachment['height'] + 20) . ', true);';
  1399. else
  1400. $attachmentData[$i]['thumbnail']['javascript'] = 'return expandThumb(' . $attachment['id_attach'] . ');';
  1401. }
  1402. if (!$attachmentData[$i]['thumbnail']['has_thumb'])
  1403. $attachmentData[$i]['downloads']++;
  1404. }
  1405. }
  1406. // Do we need to instigate a sort?
  1407. if ($have_unapproved)
  1408. usort($attachmentData, 'approved_attach_sort');
  1409. return $attachmentData;
  1410. }
  1411. /**
  1412. * A sort function for putting unapproved attachments first.
  1413. * @param $a
  1414. * @param $b
  1415. * @return int, -1, 0, 1
  1416. */
  1417. function approved_attach_sort($a, $b)
  1418. {
  1419. if ($a['is_approved'] == $b['is_approved'])
  1420. return 0;
  1421. return $a['is_approved'] > $b['is_approved'] ? -1 : 1;
  1422. }
  1423. /**
  1424. * In-topic quick moderation.
  1425. */
  1426. function QuickInTopicModeration()
  1427. {
  1428. global $sourcedir, $topic, $board, $user_info, $smcFunc, $modSettings, $context;
  1429. // Check the session = get or post.
  1430. checkSession('request');
  1431. require_once($sourcedir . '/RemoveTopic.php');
  1432. if (empty($_REQUEST['msgs']))
  1433. redirectexit('topic=' . $topic . '.' . $_REQUEST['start']);
  1434. $messages = array();
  1435. foreach ($_REQUEST['msgs'] as $dummy)
  1436. $messages[] = (int) $dummy;
  1437. // We are restoring messages. We handle this in another place.
  1438. if (isset($_REQUEST['restore_selected']))
  1439. redirectexit('action=restoretopic;msgs=' . implode(',', $messages) . ';' . $context['session_var'] . '=' . $context['session_id']);
  1440. // Allowed to delete any message?
  1441. if (allowedTo('delete_any'))
  1442. $allowed_all = true;
  1443. // Allowed to delete replies to their messages?
  1444. elseif (allowedTo('delete_replies'))
  1445. {
  1446. $request = $smcFunc['db_query']('', '
  1447. SELECT id_member_started
  1448. FROM {db_prefix}topics
  1449. WHERE id_topic = {int:current_topic}
  1450. LIMIT 1',
  1451. array(
  1452. 'current_topic' => $topic,
  1453. )
  1454. );
  1455. list ($starter) = $smcFunc['db_fetch_row']($request);
  1456. $smcFunc['db_free_result']($request);
  1457. $allowed_all = $starter == $user_info['id'];
  1458. }
  1459. else
  1460. $allowed_all = false;
  1461. // Make sure they're allowed to delete their own messages, if not any.
  1462. if (!$allowed_all)
  1463. isAllowedTo('delete_own');
  1464. // Allowed to remove which messages?
  1465. $request = $smcFunc['db_query']('', '
  1466. SELECT id_msg, subject, id_member, poster_time
  1467. FROM {db_prefix}messages
  1468. WHERE id_msg IN ({array_int:message_list})
  1469. AND id_topic = {int:current_topic}' . (!$allowed_all ? '
  1470. AND id_member = {int:current_member}' : '') . '
  1471. LIMIT ' . count($messages),
  1472. array(
  1473. 'current_member' => $user_info['id'],
  1474. 'current_topic' => $topic,
  1475. 'message_list' => $messages,
  1476. )
  1477. );
  1478. $messages = array();
  1479. while ($row = $smcFunc['db_fetch_assoc']($request))
  1480. {
  1481. if (!$allowed_all && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + $modSettings['edit_disable_time'] * 60 < time())
  1482. continue;
  1483. $messages[$row['id_msg']] = array($row['subject'], $row['id_member']);
  1484. }
  1485. $smcFunc['db_free_result']($request);
  1486. // Get the first message in the topic - because you can't delete that!
  1487. $request = $smcFunc['db_query']('', '
  1488. SELECT id_first_msg, id_last_msg
  1489. FROM {db_prefix}topics
  1490. WHERE id_topic = {int:current_topic}
  1491. LIMIT 1',
  1492. array(
  1493. 'current_topic' => $topic,
  1494. )
  1495. );
  1496. list ($first_message, $last_message) = $smcFunc['db_fetch_row']($request);
  1497. $smcFunc['db_free_result']($request);
  1498. // Delete all the messages we know they can delete. ($messages)
  1499. foreach ($messages as $message => $info)
  1500. {
  1501. // Just skip the first message - if it's not the last.
  1502. if ($message == $first_message && $message != $last_message)
  1503. continue;
  1504. // If the first message is going then don't bother going back to the topic as we're effectively deleting it.
  1505. elseif ($message == $first_message)
  1506. $topicGone = true;
  1507. removeMessage($message);
  1508. // Log this moderation action ;).
  1509. if (allowedTo('delete_any') && (!allowedTo('delete_own') || $info[1] != $user_info['id']))
  1510. logAction('delete', array('topic' => $topic, 'subject' => $info[0], 'member' => $info[1], 'board' => $board));
  1511. }
  1512. redirectexit(!empty($topicGone) ? 'board=' . $board : 'topic=' . $topic . '.' . $_REQUEST['start']);
  1513. }
  1514. ?>