*
* *
* This script displays the contents for the 'Post Reply' page. Don't forget *
* the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Stop lame hacker kiddies */
$file_name = "post_reply.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Grab the user's IP address from the super global */
$user_ip = $_SERVER['REMOTE_ADDR'];
$step = GetVars("step");
$action = GetVars("action");
$email = GetVars("email");
$include_sig = GetVars("include_sig");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$user_ip, 15);
/* Determine which step to use */
if ($action == "Edit Reply")
$step = 1;
else if ($action == "Post Reply")
$step = 3;
/* Strip out all escape characters */
if ($step == 1)
{
$message = str_replace(" ", "", $message);
$message = stripslashes(htmlspecialchars($message));
}
/* And again, along with adding line breaks */
if ($step == 2)
{
$message = stripslashes(htmlspecialchars($message));
$message = nl2br($message);
$message = str_replace(" ", " ", $message);
}
/* One more time, but add 's */
if ($step == 3)
{
$message = htmlspecialchars($message);
$message = str_replace("<BR>", " ", $message);
}
/* Pull the thread list */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "threads;";
$results = ExeSQL($SQL);
/* Grab the data, and load it in array's */
while ($row = mysql_fetch_array($results))
{
$thread_list[] = $row["thread_id"];
$forum_list[] = $row["forum_id"];
}
/* Check to see if the thread the user is requesting is real */
if (!(in_array($thread_id, $thread_list)))
{
/* If not, let them know, and redirect them */
echo "
Malformed request detected!
\n";
require ("./content/view_forums.php");
return;
}
/* Assign values to use later - yes, I did forget what these do */
$thread_forum = array_search($thread_id, $thread_list);
$correct_forum = $forum_list[$thread_forum];
/* Check to see if the forum the user is requesting is the right one */
if ($correct_forum != $forum_id)
{
/* If not, then tell them off */
echo "
Malformed request detected!
\n";
require ("./content/view_forums.php");
return;
}
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $message == "" ) && ( $step == 3 ) ) || strlen($QUERY_STRING) >= 50 ||
( ( $step == 2 && $QUERY_STRING != "pid=post_reply&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=post_reply" ) ) ||
( $step != 1 && strlen(trim($message)) == 0 ) )
{
/* And if they are, tell them off! */
echo "
Malformed request detected!
\n";
$step = 1;
}
/* Which step do we want to run? */
switch ($step)
{
/* Display the post reply form */
default:
case 1:
ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id );
break;
/* Display the reply for the user to preview */
case 2:
/* Show the top of the form */
echo " \n";
break;
/* Check the user's input, add the reply to the database, and display the reply */
case 3:
/* Make sure they POSTed the form */
if ( $REQUEST_METHOD == "POST" )
{
/* Pull the user's signature */
$SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* Grab the data and load it in a variable */
while ($row = mysql_fetch_array($results))
$signature = $row["user_signature"];
/* If they have a sig, and want to include it, then include it! */
if ($signature != "" && $include_sig == "yes")
$message = $message . "
" . $signature;
/* Insert the reply into the database */
$SQL = "INSERT INTO " . TABLE_PREFIX . "replies (reply_body, user_id, user_ip, thread_id, forum_id) VALUES ('$message', '$user_id', '$user_ip', '$thread_id', '$forum_id');";
$results = ExeSQL($SQL);
/* Now be a good forum, and thank the kind user */
echo "
Thanks for posting!
\n";
/* Show the reply list */
require ("./content/view_replies.php");
}
else
{
/* If they didn't POST it, then error out */
echo "
Malformed request detected!
\n";
ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id, $db_name, $connection );
}
break;
}
/*
* Show the form for the user to fill out
*/
function
ShowPostReplyForm( $username, $password, $email, $message, $include_sig, $user_id, $thread_id, $forum_id )
{
/* Show the beginning of the form */
echo " \n"
. " \n";
}
?>