Gazelle/sections/forums/takeedit.php

122 lines
4.1 KiB
PHP
Raw Normal View History

2011-03-28 14:21:28 +00:00
<?
authorize();
/*********************************************************************\
//--------------Take Post--------------------------------------------//
2013-02-22 08:00:24 +00:00
The page that handles the backend of the 'edit post' function.
2011-03-28 14:21:28 +00:00
$_GET['action'] must be "takeedit" for this page to work.
It will be accompanied with:
$_POST['post'] - the ID of the post
$_POST['body']
\*********************************************************************/
2013-05-27 08:00:58 +00:00
include(SERVER_ROOT.'/classes/text.class.php'); // Text formatting class
2011-03-28 14:21:28 +00:00
$Text = new TEXT;
// Quick SQL injection check
2013-05-05 08:00:31 +00:00
if (!$_POST['post'] || !is_number($_POST['post']) || !is_number($_POST['key'])) {
2011-03-28 14:21:28 +00:00
error(0,true);
}
// End injection check
// Variables for database input
$UserID = $LoggedUser['ID'];
2013-03-10 08:00:41 +00:00
$Body = $_POST['body']; //Don't URL Decode
2011-03-28 14:21:28 +00:00
$PostID = $_POST['post'];
$Key = $_POST['key'];
2012-07-23 08:00:17 +00:00
$SQLTime = sqltime();
2013-01-21 08:00:33 +00:00
$DoPM = isset($_POST['pm']) ? $_POST['pm'] : 0;
2011-03-28 14:21:28 +00:00
2013-02-22 08:00:24 +00:00
// Mainly
2013-05-05 08:00:31 +00:00
$DB->query("
SELECT
2011-03-28 14:21:28 +00:00
p.Body,
p.AuthorID,
p.TopicID,
t.IsLocked,
t.ForumID,
f.MinClassWrite,
2013-05-05 08:00:31 +00:00
CEIL((
SELECT COUNT(ID)
2013-02-22 08:00:24 +00:00
FROM forums_posts
WHERE forums_posts.TopicID = p.TopicID
2013-05-05 08:00:31 +00:00
AND forums_posts.ID <= '$PostID')/".POSTS_PER_PAGE."
) AS Page
FROM forums_posts as p
2011-03-28 14:21:28 +00:00
JOIN forums_topics as t on p.TopicID = t.ID
2013-02-22 08:00:24 +00:00
JOIN forums as f ON t.ForumID=f.ID
2013-05-05 08:00:31 +00:00
WHERE p.ID='$PostID'");
2011-03-28 14:21:28 +00:00
list($OldBody, $AuthorID, $TopicID, $IsLocked, $ForumID, $MinClassWrite, $Page) = $DB->next_record();
// Make sure they aren't trying to edit posts they shouldn't
// We use die() here instead of error() because whatever we spit out is displayed to the user in the box where his forum post is
2013-05-05 08:00:31 +00:00
if (!check_forumperm($ForumID, 'Write') || ($IsLocked && !check_perms('site_moderate_forums'))) {
2013-04-30 18:18:07 +00:00
error('Either the thread is locked, or you lack the permission to edit this post.', true);
2011-03-28 14:21:28 +00:00
}
2013-05-05 08:00:31 +00:00
if ($UserID != $AuthorID && !check_perms('site_moderate_forums')) {
2011-03-28 14:21:28 +00:00
error(403,true);
}
2013-05-05 08:00:31 +00:00
if ($LoggedUser['DisablePosting']) {
error('Your posting privileges have been removed.', true);
2011-03-28 14:21:28 +00:00
}
2013-05-05 08:00:31 +00:00
if ($DB->record_count() == 0) {
2011-03-28 14:21:28 +00:00
error(404,true);
}
2013-01-21 08:00:33 +00:00
// Send a PM to the user to notify them of the edit
2013-05-05 08:00:31 +00:00
if ($UserID != $AuthorID && $DoPM) {
2013-01-21 08:00:33 +00:00
$PMSubject = 'Your post #'.$PostID.' has been edited';
2013-05-05 08:00:31 +00:00
$PMurl = 'https://'.SSL_SITE_URL.'/forums.php?action=viewthread&postid='.$PostID.'#post'.$PostID;
$ProfLink = '[url=https://'.SSL_SITE_URL.'/user.php?id='.$UserID.']'.$LoggedUser['Username'].'[/url]';
2013-01-21 08:00:33 +00:00
$PMBody = 'One of your posts has been edited by '.$ProfLink.': [url]'.$PMurl.'[/url]';
2013-03-10 08:00:41 +00:00
Misc::send_pm($AuthorID, 0, $PMSubject, $PMBody);
2013-01-21 08:00:33 +00:00
}
2011-03-28 14:21:28 +00:00
// Perform the update
2013-05-05 08:00:31 +00:00
$DB->query("
UPDATE forums_posts
SET
Body = '" . db_string($Body) . "',
EditedUserID = '$UserID',
EditedTime = '".$SQLTime."'
2011-03-28 14:21:28 +00:00
WHERE ID='$PostID'");
2013-05-05 08:00:31 +00:00
$CatalogueID = floor((POSTS_PER_PAGE * $Page - POSTS_PER_PAGE) / THREAD_CATALOGUE);
2011-03-28 14:21:28 +00:00
$Cache->begin_transaction('thread_'.$TopicID.'_catalogue_'.$CatalogueID);
if ($Cache->MemcacheDBArray[$Key]['ID'] != $PostID) {
$Cache->cancel_transaction();
2013-06-27 08:01:06 +00:00
$Cache->delete_value('thread_'.$TopicID.'_catalogue_'.$CatalogueID); //just clear the cache for would be cache-screwer-uppers
2011-03-28 14:21:28 +00:00
} else {
$Cache->update_row($Key, array(
'ID'=>$Cache->MemcacheDBArray[$Key]['ID'],
'AuthorID'=>$Cache->MemcacheDBArray[$Key]['AuthorID'],
'AddedTime'=>$Cache->MemcacheDBArray[$Key]['AddedTime'],
2013-03-10 08:00:41 +00:00
'Body'=>$Body, //Don't url decode.
2011-03-28 14:21:28 +00:00
'EditedUserID'=>$LoggedUser['ID'],
2012-07-23 08:00:17 +00:00
'EditedTime'=>$SQLTime,
2011-03-28 14:21:28 +00:00
'Username'=>$LoggedUser['Username']
));
2013-05-05 08:00:31 +00:00
$Cache->commit_transaction(3600 * 24 * 5);
2011-03-28 14:21:28 +00:00
}
2012-07-23 08:00:17 +00:00
$ThreadInfo = get_thread_info($TopicID);
2013-05-05 08:00:31 +00:00
if ($ThreadInfo['StickyPostID'] == $PostID) {
2013-03-10 08:00:41 +00:00
$ThreadInfo['StickyPost']['Body'] = $Body;
2012-07-23 08:00:17 +00:00
$ThreadInfo['StickyPost']['EditedUserID'] = $LoggedUser['ID'];
$ThreadInfo['StickyPost']['EditedTime'] = $SQLTime;
$Cache->cache_value('thread_'.$TopicID.'_info', $ThreadInfo, 0);
}
2011-03-28 14:21:28 +00:00
2013-05-05 08:00:31 +00:00
$DB->query("
INSERT INTO comments_edits (Page, PostID, EditUser, EditTime, Body)
VALUES ('forums', $PostID, $UserID, '$SQLTime', '".db_string($OldBody)."')");
2011-10-06 08:00:12 +00:00
$Cache->delete_value("forums_edits_$PostID");
2011-03-28 14:21:28 +00:00
// This gets sent to the browser, which echoes it in place of the old body
2013-03-10 08:00:41 +00:00
echo $Text->full_format($Body);
2011-03-28 14:21:28 +00:00
?>
<br /><br />Last edited by <a href="user.php?id=<?=$LoggedUser['ID']?>"><?=$LoggedUser['Username']?></a> just now