post != edit

Why yes...yes I am.

I got it fixed before I read your post.  I had to include around line 158 a line like this:


$tag = $_POST['threadTag']

For some reason defining it inside the required php mod file didn't cut it.  Oh well!  Its working now and I'll hopefully get it all changed in short order.  Now to make a way to change the tags via the admin interface.

Hello all.   I'm making a mod right now that adds thread tags (a small image to the left of the Thread Subject when viewing a forum) to punbb.  I'm getting an error when I try to submit a new thread that's pretty non-specific.  Basically, I'm not sure how the post.php script works exactly.  I need to insert a value into the tag column in the posts database, and I'm trying to use a $tag variable to specify that value (chosen by radio buttons).  I'm putting the code for this in a separate file named mod_thread_tag.php and doing a require on it in the post.php script. 

I've put my forum into debug now, and I'm getting the following error: "File: /post.php
Line: 290

PunBB reported: Unable to create topic THIS IS QUERY 3

Database reported: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', )' at line 1 (Errno: 1064)"

I added the THIS IS QUERY 3 bit so I would know which post query was causing the specific issue.

What have I done wrong?  I'm guessing it has to do with submitting the $tag variable value into the database, but I'm unsure where I've gone wrong.  Below is the relevant code. Thanks in advance.  I'm pretty new to php, so please don't kill me if I did something obviously dumb.  Do I have to check $tag being assigned by using an isset on the $_POST['tag'] here?  Is naming the check list tag and having a variable in php named $tag throwing it off?

post.php

<?php


define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';
require PUN_ROOT.'include/image_upload/image_upload.php';

if ($pun_user['g_read_board'] == '0')
    message($lang_common['No view']);


$tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
$fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
if ($tid < 1 && $fid < 1 || $tid > 0 && $fid > 0)
    message($lang_common['Bad request']);

// Fetch some info about the topic and/or the forum
if ($tid)
    $result = $db->query('SELECT f.id, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, fp.image_upload, t.subject, t.closed FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$tid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
else
    $result = $db->query('SELECT f.id, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, fp.image_upload FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());

if (!$db->num_rows($result))
    message($lang_common['Bad request']);

$cur_posting = $db->fetch_assoc($result);

// Is someone trying to post into a redirect forum?
if ($cur_posting['redirect_url'] != '')
    message($lang_common['Bad request']);

// Sort out who the moderators are and if we are currently a moderator (or an admin)
$mods_array = ($cur_posting['moderators'] != '') ? unserialize($cur_posting['moderators']) : array();
$is_admmod = ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_id'] == PUN_MOD && array_key_exists($pun_user['username'], $mods_array))) ? true : false;

// Do we have permission to post?
if ((($tid && (($cur_posting['post_replies'] == '' && $pun_user['g_post_replies'] == '0') || $cur_posting['post_replies'] == '0')) ||
    ($fid && (($cur_posting['post_topics'] == '' && $pun_user['g_post_topics'] == '0') || $cur_posting['post_topics'] == '0')) ||
    (isset($cur_posting['closed']) && $cur_posting['closed'] == '1')) &&
    !$is_admmod)
    message($lang_common['No permission']);

// Load the post.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php';

// Start with a clean slate
$errors = array();


// Did someone just hit "Submit" or "Preview"?
if (isset($_POST['form_sent']))
{
    // Make sure form_user is correct
    if (($pun_user['is_guest'] && $_POST['form_user'] != 'Guest') || (!$pun_user['is_guest'] && $_POST['form_user'] != $pun_user['username']))
        message($lang_common['Bad request']);

    // Flood protection
    if (!$pun_user['is_guest'] && !isset($_POST['preview']) && $pun_user['last_post'] != '' && (time() - $pun_user['last_post']) < $pun_user['g_post_flood'])
        $errors[] = $lang_post['Flood start'].' '.$pun_user['g_post_flood'].' '.$lang_post['flood end'];

    // If it's a new topic
    if ($fid)
    {
        $subject = pun_trim($_POST['req_subject']);
        
        if ($subject == '')
            $errors[] = $lang_post['No subject'];
        else if (pun_strlen($subject) > 70)
            $errors[] = $lang_post['Too long subject'];
        else if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_MOD)
            $subject = ucwords(strtolower($subject));
    }


    // If the user is logged in we get the username and e-mail from $pun_user
    if (!$pun_user['is_guest'])
    {
        $username = $pun_user['username'];
        $email = $pun_user['email'];
    }
    // Otherwise it should be in $_POST
    else
    {
        $username = trim($_POST['req_username']);
        $email = strtolower(trim(($pun_config['p_force_guest_email'] == '1') ? $_POST['req_email'] : $_POST['email']));

        // Load the register.php/profile.php language files
        require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';
        require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';

        // It's a guest, so we have to validate the username
        if (strlen($username) < 2)
            $errors[] = $lang_prof_reg['Username too short'];
        else if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang_common['Guest']))
            $errors[] = $lang_prof_reg['Username guest'];
        else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username))
            $errors[] = $lang_prof_reg['Username IP'];

        if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false)
            $errors[] = $lang_prof_reg['Username reserved chars'];
        if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username))
            $errors[] = $lang_prof_reg['Username BBCode'];

        // Check username for any censored words
        $temp = censor_words($username);
        if ($temp != $username)
            $errors[] = $lang_register['Username censor'];

        // Check that the username (or a too similar username) is not already registered
        $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE username=\''.$db->escape($username).'\' OR username=\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
        if ($db->num_rows($result))
        {
            $busy = $db->result($result);
            $errors[] = $lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2'];
        }

        if ($pun_config['p_force_guest_email'] == '1' || $email != '')
        {
            require PUN_ROOT.'include/email.php';
            if (!is_valid_email($email))
                $errors[] = $lang_common['Invalid e-mail'];
        }
    }

    // Clean up message from POST
    $tag = $_POST['tag'];
    $message = pun_linebreaks(pun_trim($_POST['req_message']));

    if ($message == '')
        $errors[] = $lang_post['No message'];
    else if (strlen($message) > 65535)
        $errors[] = $lang_post['Too long message'];
    else if ($pun_config['p_message_all_caps'] == '0' && strtoupper($message) == $message && $pun_user['g_id'] > PUN_MOD)
        $message = ucwords(strtolower($message));

    // Validate BBCode syntax
    if ($pun_config['p_message_bbcode'] == '1' && strpos($message, '[') !== false && strpos($message, ']') !== false)
    {
        require PUN_ROOT.'include/parser.php';
        $message = preparse_bbcode($message, $errors);
    }


    require PUN_ROOT.'include/search_idx.php';

    $hide_smilies = isset($_POST['hide_smilies']) ? 1 : 0;
    $subscribe = isset($_POST['subscribe']) ? 1 : 0;

    $now = time();

    // Did everything go according to plan?
    if (empty($errors) && !isset($_POST['preview']))
    {
        // If it's a reply
        if ($tid)
        {
            if (!$pun_user['is_guest'])
            {
                // Insert the new post
                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id, tag) VALUES(\''.$db->escape($username).'\', '.$pun_user['id'].', \''.get_remote_address().'\', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$tid.','.$tag.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
                $new_pid = $db->insert_id();

                // To subscribe or not to subscribe, that ...
                if ($pun_config['o_subscriptions'] == '1' && $subscribe)
                {
                    $result = $db->query('SELECT 1 FROM '.$db->prefix.'subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$tid) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
                    if (!$db->num_rows($result))
                        $db->query('INSERT INTO '.$db->prefix.'subscriptions (user_id, topic_id) VALUES('.$pun_user['id'].' ,'.$tid.')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());
                }
            }
            else
            {
                // It's a guest. Insert the new post
                $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$email.'\'' : 'NULL';
                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id, tag) VALUES(\''.$db->escape($username).'\', \''.get_remote_address().'\', '.$email_sql.', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$tid.','.$tag.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
                $new_pid = $db->insert_id();
            }

            // Count number of replies in the topic
            $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'posts WHERE topic_id='.$tid) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $db->error());
            $num_replies = $db->result($result, 0) - 1;

            // Update topic
            $db->query('UPDATE '.$db->prefix.'topics SET num_replies='.$num_replies.', last_post='.$now.', last_post_id='.$new_pid.', last_poster=\''.$db->escape($username).'\' WHERE id='.$tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());

            update_search_index('post', $new_pid, $message);

            update_forum($cur_posting['id']);

            // Should we send out notifications?
            if ($pun_config['o_subscriptions'] == '1')
            {
                // Get the post time for the previous post in this topic
                $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
                $previous_post_time = $db->result($result);

                // Get any subscribed users that should be notified (banned users are excluded)
                $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
                if ($db->num_rows($result))
                {
                    require_once PUN_ROOT.'include/email.php';

                    $notification_emails = array();

                    // Loop through subscribed users and send e-mails
                    while ($cur_subscriber = $db->fetch_assoc($result))
                    {
                        // Is the subscription e-mail for $cur_subscriber['language'] cached or not?
                        if (!isset($notification_emails[$cur_subscriber['language']]))
                        {
                            if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'))
                            {
                                // Load the "new reply" template
                                $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl'));

                                // Load the "new reply full" template (with post included)
                                $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl'));

                                // The first row contains the subject (it also starts with "Subject:")
                                $first_crlf = strpos($mail_tpl, "\n");
                                $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
                                $mail_message = trim(substr($mail_tpl, $first_crlf));

                                $first_crlf = strpos($mail_tpl_full, "\n");
                                $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8));
                                $mail_message_full = trim(substr($mail_tpl_full, $first_crlf));

                                $mail_subject = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject);
                                $mail_message = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message);
                                $mail_message = str_replace('<replier>', $username, $mail_message);
                                $mail_message = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message);
                                $mail_message = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message);
                                $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);

                                $mail_subject_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject_full);
                                $mail_message_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message_full);
                                $mail_message_full = str_replace('<replier>', $username, $mail_message_full);
                                $mail_message_full = str_replace('<message>', $message, $mail_message_full);
                                $mail_message_full = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full);
                                $mail_message_full = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message_full);
                                $mail_message_full = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full);

                                $notification_emails[$cur_subscriber['language']][0] = $mail_subject;
                                $notification_emails[$cur_subscriber['language']][1] = $mail_message;
                                $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full;
                                $notification_emails[$cur_subscriber['language']][3] = $mail_message_full;

                                $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null;
                            }
                        }

                        // We have to double check here because the templates could be missing
                        if (isset($notification_emails[$cur_subscriber['language']]))
                        {
                            if ($cur_subscriber['notify_with_post'] == '0')
                                pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]);
                            else
                                pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);
                        }
                    }
                }
            }
        }
        // If it's a new topic
        else if ($fid)
        {
            // Create the topic
            $db->query('INSERT INTO '.$db->prefix.'topics (poster, subject, posted, last_post, last_poster, forum_id, tag) VALUES(\''.$db->escape($username).'\', \''.$db->escape($subject).'\', '.$now.', '.$now.', \''.$db->escape($username).'\', '.$fid.'\', '.$tag.')') or error('Unable to create topic', __FILE__, __LINE__, $db->error());
            $new_tid = $db->insert_id();

            if (!$pun_user['is_guest'])
            {
                // To subscribe or not to subscribe, that ...
                if ($pun_config['o_subscriptions'] == '1' && (isset($_POST['subscribe']) && $_POST['subscribe'] == '1'))
                    $db->query('INSERT INTO '.$db->prefix.'subscriptions (user_id, topic_id) VALUES('.$pun_user['id'].' ,'.$new_tid.')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());

                // Create the post ("topic post")
                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', '.$pun_user['id'].', \''.get_remote_address().'\', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$new_tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
            }
            else
            {
                // Create the post ("topic post")
                $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$email.'\'' : 'NULL';
                $db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', \''.get_remote_address().'\', '.$email_sql.', \''.$db->escape($message).'\', \''.$hide_smilies.'\', '.$now.', '.$new_tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
            }
            $new_pid = $db->insert_id();

            // Update the topic with last_post_id
            $db->query('UPDATE '.$db->prefix.'topics SET last_post_id='.$new_pid.' WHERE id='.$new_tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());

            update_search_index('post', $new_pid, $message, $subject);

            update_forum($fid);
        }

        // If the posting user is logged in, increment his/her post count
        if (!$pun_user['is_guest'])
        {
            $low_prio = ($db_type == 'mysql') ? 'LOW_PRIORITY ' : '';
            $db->query('UPDATE '.$low_prio.$db->prefix.'users SET num_posts=num_posts+1, last_post='.$now.' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
        }

        $upload_result = process_uploaded_images($new_pid);
        redirect('viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $upload_result.$lang_post['Post redirect']);

    }
}


// If a topic id was specified in the url (it's a reply).
if ($tid)
{
    $action = $lang_post['Post a reply'];
    $form = '<form id="post" method="post" action="post.php?action=post&tid='.$tid.'" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}" enctype="multipart/form-data">';

    // If a quote-id was specified in the url.
    if (isset($_GET['qid']))
    {
        $qid = intval($_GET['qid']);
        if ($qid < 1)
            message($lang_common['Bad request']);

        $result = $db->query('SELECT poster, message FROM '.$db->prefix.'posts WHERE id='.$qid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());
        if (!$db->num_rows($result))
            message($lang_common['Bad request']);

        list($q_poster, $q_message) = $db->fetch_row($result);

        $q_message = str_replace('[img]', '[url]', $q_message);
        $q_message = str_replace('[/img]', '[/url]', $q_message);
        $q_message = pun_htmlspecialchars($q_message);

        if ($pun_config['p_message_bbcode'] == '1')
        {
            // If username contains a square bracket, we add "" or '' around it (so we know when it starts and ends)
            if (strpos($q_poster, '[') !== false || strpos($q_poster, ']') !== false)
            {
                if (strpos($q_poster, '\'') !== false)
                    $q_poster = '"'.$q_poster.'"';
                else
                    $q_poster = '\''.$q_poster.'\'';
            }
            else
            {
                // Get the characters at the start and end of $q_poster
                $ends = substr($q_poster, 0, 1).substr($q_poster, -1, 1);

                // Deal with quoting "Username" or 'Username' (becomes '"Username"' or "'Username'")
                if ($ends == '\'\'')
                    $q_poster = '"'.$q_poster.'"';
                else if ($ends == '""')
                    $q_poster = '\''.$q_poster.'\'';
            }

            $quote = '[quote='.$q_poster.']'.$q_message.'[/quote]
'."\n";
        }
        else
            $quote = '> '.$q_poster.' '.$lang_common['wrote'].':'."\n\n".'> '.$q_message."\n";
    }

    $forum_name = '<a href="viewforum.php?id='.$cur_posting['id'].'">'.pun_htmlspecialchars($cur_posting['forum_name']).'</a>';
}
// If a forum_id was specified in the url (new topic).
else if ($fid)
{
    $action = $lang_post['Post new topic'];
    $form = '<form id="post" method="post" action="post.php?action=post&fid='.$fid.'" onsubmit="return process_form(this)" enctype="multipart/form-data">';

    $forum_name = pun_htmlspecialchars($cur_posting['forum_name']);
}
else
    message($lang_common['Bad request']);


$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$action;
$required_fields = array('req_email' => $lang_common['E-mail'], 'req_subject' => $lang_common['Subject'], 'req_message' => $lang_common['Message'], 'tag' => $lang_common['Tag']);
$focus_element = array('post');

if (!$pun_user['is_guest'])
    $focus_element[] = ($fid) ? 'req_subject' : 'req_message';
else
{
    $required_fields['req_username'] = $lang_post['Guest name'];
    $focus_element[] = 'req_username';
}

require PUN_ROOT.'header.php';

?>
<div class="linkst">
    <div class="inbox">
        <ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a></li><li> » <?php echo $forum_name ?><?php if (isset($cur_posting['subject'])) echo '</li><li> » '.pun_htmlspecialchars($cur_posting['subject']) ?></li></ul>
    </div>
</div>

<?php

// If there are errors, we display them
if (!empty($errors))
{

?>
<div id="posterror" class="block">
    <h2><span><?php echo $lang_post['Post errors'] ?></span></h2>
    <div class="box">
        <div class="inbox">
            <p><?php echo $lang_post['Post errors info'] ?></p>
            <ul>
<?php

    while (list(, $cur_error) = each($errors))
        echo "\t\t\t\t".'<li><strong>'.$cur_error.'</strong></li>'."\n";
?>
            </ul>
        </div>
    </div>
</div>

<?php

}
else if (isset($_POST['preview']))
{
    require_once PUN_ROOT.'include/parser.php';
    $preview_message = parse_message($message, $hide_smilies);

?>
<div id="postpreview" class="blockpost">
    <h2><span><?php echo $lang_post['Post preview'] ?></span></h2>
    <div class="box">
        <div class="inbox">
            <div class="postright">
                <div class="postmsg">
                    <?php echo $preview_message."\n" ?>
                </div>
            </div>
        </div>
    </div>
</div>

<?php

}


$cur_index = 1;

?>
<div class="blockform">
    <h2><span><?php echo $action ?></span></h2>
    <div class="box">
        <?php echo $form."\n" ?>
            <div class="inform">
                <fieldset>
                    <legend><?php echo $lang_common['Write message legend'] ?></legend>
                    <div class="infldset txtarea">
                        <input type="hidden" name="form_sent" value="1" />
                        <input type="hidden" name="form_user" value="<?php echo (!$pun_user['is_guest']) ? pun_htmlspecialchars($pun_user['username']) : 'Guest'; ?>" />
<?php

if ($pun_user['is_guest'])
{
    $email_label = ($pun_config['p_force_guest_email'] == '1') ? '<strong>'.$lang_common['E-mail'].'</strong>' : $lang_common['E-mail'];
    $email_form_name = ($pun_config['p_force_guest_email'] == '1') ? 'req_email' : 'email';

?>                        <label class="conl"><strong><?php echo $lang_post['Guest name'] ?></strong><br /><input type="text" name="req_username" value="<?php if (isset($_POST['req_username'])) echo pun_htmlspecialchars($username); ?>" size="25" maxlength="25" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
                        <label class="conl"><?php echo $email_label ?><br /><input type="text" name="<?php echo $email_form_name ?>" value="<?php if (isset($_POST[$email_form_name])) echo pun_htmlspecialchars($email); ?>" size="50" maxlength="50" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
                        <div class="clearer"></div>
<?php

}

if ($fid): ?>
                        <label><strong><?php echo $lang_common['Subject'] ?></strong><br /><input class="longinput" type="text" name="req_subject" value="<?php if (isset($_POST['req_subject'])) echo pun_htmlspecialchars($subject); ?>" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
<?php endif; require PUN_ROOT.'mod_thread_tags.php';?>
<?php require PUN_ROOT.'mod_easy_bbcode.php';?>                    
<label><strong><?php echo $lang_common['Message'] ?></strong><br />
                        <textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars($message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
                            <ul class="bblinks">
                            <li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
                            <li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
                            <li><a href="help.php#smilies" onclick="window.open(this.href); return false;"><?php echo $lang_common['Smilies'] ?></a>: <?php echo ($pun_config['o_smilies'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
                        </ul>
                    </div>
                </fieldset>
<?php

$checkboxes = array();
if (!$pun_user['is_guest'])
{
    if ($pun_config['o_smilies'] == '1')
        $checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'];

    if ($pun_config['o_subscriptions'] == '1')
        $checkboxes[] = '<label><input type="checkbox" name="subscribe" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['subscribe']) ? ' checked="checked"' : '').' />'.$lang_post['Subscribe'];
}
else if ($pun_config['o_smilies'] == '1')
    $checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'];

if (!empty($checkboxes))
{

?>
            </div>
            <div class="inform">
<?php
                show_image_upload($cur_posting);
?>
                <fieldset>
                    <legend><?php echo $lang_common['Options'] ?></legend>
                    <div class="infldset">
                        <div class="rbox">
                            <?php echo implode('<br /></label>'."\n\t\t\t\t", $checkboxes).'<br /></label>'."\n" ?>
                        </div>
                    </div>
                </fieldset>
<?php

}

?>
            </div>
                    <p><input type="submit" name="submit" value="<?php echo $lang_common['Submit'] ?>" tabindex="<?php echo $cur_index++ ?>" accesskey="s" /><input type="submit" name="preview" onclick="ClearUploadSlots();" value="<?php echo $lang_post['Preview'] ?>" tabindex="<?php echo $cur_index++ ?>" accesskey="p" /><a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
        </form>
    </div>
</div>

<?php

// Check to see if the topic review is to be displayed.
if ($tid && $pun_config['o_topic_review'] != '0')
{
    require_once PUN_ROOT.'include/parser.php';

    $result = $db->query('SELECT poster, message, hide_smilies, posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT '.$pun_config['o_topic_review']) or error('Unable to fetch topic review', __FILE__, __LINE__, $db->error());

?>

<div id="postreview" class="blockpost">
    <h2><span><?php echo $lang_post['Topic review'] ?></span></h2>
<?php

    //Set background switching on
    $bg_switch = true;
    $post_count = 0;

    while ($cur_post = $db->fetch_assoc($result))
    {
        // Switch the background color for every message.
        $bg_switch = ($bg_switch) ? $bg_switch = false : $bg_switch = true;
        $vtbg = ($bg_switch) ? ' roweven' : ' rowodd';
        $post_count++;

        $cur_post['message'] = parse_message($cur_post['message'], $cur_post['hide_smilies']);

?>
    <div class="box<?php echo $vtbg ?>">
        <div class="inbox">
            <div class="postleft">
                <dl>
                    <dt><strong><?php echo pun_htmlspecialchars($cur_post['poster']) ?></strong></dt>
                    <dd><?php echo format_time($cur_post['posted']) ?></dd>
                </dl>
            </div>
            <div class="postright">
                <div class="postmsg">
                    <?php echo $cur_post['message'] ?>
                </div>
            </div>
            <div class="clearer"></div>
        </div>
    </div>
<?php

    }

?>
</div>
<?php

}

require PUN_ROOT.'footer.php';
?>

And here's the mod_thread_tag.php:

                        <div style="padding-top: 4px">
                        <label><strong>Thread Tag</strong></label>
<input type="radio" name="threadTag" value="1" CHECKED> <img src="/img/tags/1.gif" align="middle">    
<input type="radio" name="threadTag" value="2"> <img src="/img/tags/2.gif" align="middle">    
<input type="radio" name="threadTag" value="3"> <img src="/img/tags/3.gif" align="middle">    
<input type="radio" name="threadTag" value="4"> <img src="/img/tags/4.gif" align="middle">    
<input type="radio" name="threadTag" value="5"> <img src="/img/tags/5.gif" align="middle">    
<input type="radio" name="threadTag" value="6"> <img src="/img/tags/6.gif" align="middle">    <br>
<input type="radio" name="threadTag" value="7"> <img src="/img/tags/7.gif" align="middle">    
<input type="radio" name="threadTag" value="8"> <img src="/img/tags/8.gif" align="middle">    
<input type="radio" name="threadTag" value="9"> <img src="/img/tags/9.gif" align="middle">    
<input type="radio" name="threadTag" value="10"> <img src="/img/tags/10.gif" align="middle">    
<input type="radio" name="threadTag" value="11"> <img src="/img/tags/11.gif" align="middle">    
<input type="radio" name="threadTag" value="12"> <img src="/img/tags/12.gif" align="middle">    <br>
<input type="radio" name="threadTag" value="13"> <img src="/img/tags/13.gif" align="middle">    
<input type="radio" name="threadTag" value="14"> <img src="/img/tags/14.gif" align="middle">    
<input type="radio" name="threadTag" value="15"> <img src="/img/tags/15.gif" align="middle">    
<input type="radio" name="threadTag" value="16"> <img src="/img/tags/16.gif" align="middle">    
<input type="radio" name="threadTag" value="17"> <img src="/img/tags/17.gif" align="middle">    
<input type="radio" name="threadTag" value="18"> <img src="/img/tags/18.gif" align="middle">    <br>
<input type="radio" name="threadTag" value="19"> <img src="/img/tags/19.gif" align="middle">    
<input type="radio" name="threadTag" value="20"> <img src="/img/tags/20.gif" align="middle">    
<input type="radio" name="threadTag" value="21"> <img src="/img/tags/21.gif" align="middle">    
<input type="radio" name="threadTag" value="22"> <img src="/img/tags/22.gif" align="middle">    
<input type="radio" name="threadTag" value="23"> <img src="/img/tags/23.gif" align="middle">    
<input type="radio" name="threadTag" value="24"> <img src="/img/tags/24.gif" align="middle">    <br>
<input type="radio" name="threadTag" value="25"> <img src="/img/tags/25.gif" align="middle">    
<input type="radio" name="threadTag" value="26"> <img src="/img/tags/26.gif" align="middle">    
<input type="radio" name="threadTag" value="27"> <img src="/img/tags/27.gif" align="middle">    
<input type="radio" name="threadTag" value="28"> <img src="/img/tags/28.gif" align="middle">    
<input type="radio" name="threadTag" value="29"> <img src="/img/tags/29.gif" align="middle">    
<input type="radio" name="threadTag" value="30"> <img src="/img/tags/30.gif" align="middle">    <br>
<input type="radio" name="threadTag" value="31"> <img src="/img/tags/31.gif" align="middle">    
<input type="radio" name="threadTag" value="32"> <img src="/img/tags/32.gif" align="middle">    
<input type="radio" name="threadTag" value="33"> <img src="/img/tags/33.gif" align="middle">    
<input type="radio" name="threadTag" value="34"> <img src="/img/tags/34.gif" align="middle">    
<input type="radio" name="threadTag" value="35"> <img src="/img/tags/35.gif" align="middle">    
<input type="radio" name="threadTag" value="36"> <img src="/img/tags/36.gif" align="middle">    <br>
<input type="radio" name="threadTag" value="37"> <img src="/img/tags/37.gif" align="middle">    
<input type="radio" name="threadTag" value="38"> <img src="/img/tags/38.gif" align="middle">    
<input type="radio" name="threadTag" value="39"> <img src="/img/tags/39.gif" align="middle">    
<input type="radio" name="threadTag" value="40"> <img src="/img/tags/40.gif" align="middle">    
<input type="radio" name="threadTag" value="41"> <img src="/img/tags/41.gif" align="middle">    
<input type="radio" name="threadTag" value="42"> <img src="/img/tags/42.gif" align="middle">    <br>
<input type="radio" name="threadTag" value="43"> <img src="/img/tags/43.gif" align="middle">    
<input type="radio" name="threadTag" value="44"> <img src="/img/tags/44.gif" align="middle">    
<input type="radio" name="threadTag" value="45"> <img src="/img/tags/45.gif" align="middle">    
<input type="radio" name="threadTag" value="46"> <img src="/img/tags/46.gif" align="middle">    
<input type="radio" name="threadTag" value="47"> <img src="/img/tags/47.gif" align="middle">    
<input type="radio" name="threadTag" value="48"> <img src="/img/tags/48.gif" align="middle">    <br>
                        </div>
<?php

$tag = $_POST['threadTag'];
?>

Cut out the props to Rikard here for cleaner posting, but you get the point.  What am I doing wrong?

4

(27 replies, posted in Feature requests)

Interestingly enough, after updating all of my files to 1.2.8 my spoiler tags no longer work.  Any thoughts on this folks?

Do you know of a better one out there?  It doesn't have to be fancy or anything...it just needs to work.

Thanks for the code.

Edit:  works great.  If there's a cleaner, more secure method of file upload out there please let me know.  I see what you did to make this happen, so I think i can reproduce it.  smile  Thanks again.

6

(27 replies, posted in Feature requests)

Paul wrote:

Line breaks are <br />.

Forgive my ignorance, but does that break a span tag?  I wouldn't think it would.

Hello all,

I'm trying to get a file upload script working on my site.  Basically, I've installed the easy smilies mod and want a way for my moderators (friends of mine) to be able to upload files.  I've made it so only moderators and admins can see the link, but it takes them to an ugly page.  What I'm wanting is a nice embedded upload script in one of the fancy divs. Trouble is, every time I try to do this, it looks like crunk.  Here's the upload code (obviously borrowed):

<?php
//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   You may change maxsize, and allowable upload file types.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
//Mmaximum file size. You may increase or decrease.
$MAX_SIZE = 200000;
                            
//Allowable file Mime Types. Add more mime types if you want
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
                   ,'image/png');

//Allowable file ext. names. you may add more extension names.            
$FILE_EXTS  = array('.jpg','.png','.gif'); 

//Allow file delete? no, if only allow upload only
$DELETABLE  = false;                               


//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   Do not touch the below if you are not confident.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/************************************************************
 *     Setup variables
 ************************************************************/
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "img/smilies/";
$upload_url = $url_dir."/img/smilies/";
$message ="";

/************************************************************
 *     Create Upload Directory
 ************************************************************/
if (!is_dir("img/smilies")) {
  if (!mkdir($upload_dir))
      die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
      die ("change permission to 755 failed.");
}

/************************************************************
 *     Process User's Request
 ************************************************************/
if ($_REQUEST[del] && $DELETABLE)  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);
  
  if (strpos($_REQUEST[del],"/.")>0);                  //possible hacking
  else if (strpos($_REQUEST[del],"files/") === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)=="files/") {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

    $file_type = $_FILES['userfile']['type']; 
  $file_name = $_FILES['userfile']['name'];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  //File Size Check
  if ( $_FILES['userfile']['size'] > $MAX_SIZE) 
     $message = "The file size is over 200k.";
  //File Type/Extension Check
  else if (!in_array($file_type, $FILE_MIMES) 
          && !in_array($file_ext, $FILE_EXTS) )
     $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
  else
     $message = do_upload($upload_dir, $upload_url);
  
  print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else 
    $message = "Invalid File Specified.";

/************************************************************
 *     List Files
 ************************************************************/
$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "<a href='$upload_dir$file'>".$file."</a>";
      if ($DELETABLE)
        $filelist .= " <a href='?del=$upload_dir$file' title='delete'>x</a>";
      $filelist .= "<sub><small><small><font color=grey>  ".date("d-m H:i", filemtime($upload_dir.$file))
                   ."</font></small></small></sub>";
      $filelist .="<br>";
   }
}

function do_upload($upload_dir, $upload_url) {

    $temp_name = $_FILES['userfile']['tmp_name'];
    $file_name = $_FILES['userfile']['name']; 
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
    $file_path = $upload_dir.$file_name;

    //File Name Check
  if ( $file_name =="") { 
      $message = "Invalid File Name Specified";
      return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0755))
       $message = "change permission to 755 failed.";
  else
    $message = ($result)?"$file_name uploaded successfully." :
               "Somthing is wrong with uploading a file.";
  return $message;
}

?>

<font color=red><?=$_REQUEST[message]?></font>
   <br>
   Submit a smiley.  Size limit is 200k.  Files must be .gif, .jpg, or .png.  E-mail or post to let me know you upped something and I'll activate it. 
   Name the file the exact same thing you'd like the code to be. Example:  if you want the smiley code to be :fart:, name the file fart.gif.
   <form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post">
     Upload File <input type="file" id="userfile" name="userfile">
     <input type="submit" name="upload" value="Upload">
   </form>
   <a href="http://www.pokerpeeps.net/">Return to the Forum</a>

Something breaks when this happens.  I don't know why.  Can anyone help?

8

(27 replies, posted in Feature requests)

In testing, it seems to break if I put a carriage return or two in.  Odd that.  Does punbb handle carriage returns as < p > tags or something similar that would break the span?

9

(27 replies, posted in Feature requests)

Ok...with a little bit of digging and trial and error, I got a rollover spoiler mod put together.  Its actually quite easy.

Open Parser.php
---------------------------------------------------------
Find around line 66:

'#\[img\]\s*(.*?)\s*\[/img\]#is',

After, add:

'#\[spoiler\]\s*#i',
'#\s*\[/spoiler\]#i',

---------------------------------------------------------
Find around line 77:

'[img]$1[/img]',

After, add:

'[spoiler]',
'[/spoiler]',


---------------------------------------------------------

Find around line 324:

'#\[email=(.*?)\](.*?)\[/email\]#',

After, add:  

'#\[spoiler\](.*?)\[/spoiler\]#',


---------------------------------------------------------

Find around line 335:

'<a href="mailto:$1">$2</a>',

After, add:

'<span class="spoiler" onmouseover="this.style.color=\'#FFFFFF\';" onmouseout="this.style.color=this.style.backgroundColor=\'#000000\'">$1</span>',

Save, upload.

Then in each of your style sheets, add the following: 

.spoiler {COLOR: black; TEXT-DECORATION: none; background-color: black; font-weight: normal;}

Save/upload and you're done.  Works as follows [spoiler]spoiler text here[/spoiler].

To see it in action, you can visit http://forums.pokerpeeps.net.  You'll have to register, though. sad

10

(27 replies, posted in Feature requests)

Frank H wrote:

http://forum.rscnet.org/ use select on their [spoiler][/spoiler] tag

Ah...SA must have custom coded their spoiler tags, cause they use vBulletin and have rollover tags.

11

(27 replies, posted in Feature requests)

vBulletin uses rollovers as far as I'm aware.  I'm on a large forum using vBulletin and this is how it functions there.  Perhaps they modified it to work that way.  *shrug*

12

(27 replies, posted in Feature requests)

Paul wrote:

Is this something like you had in mind
http://www.post21.co.uk/pun12/viewtopic.php?pid=7#p7

This is EXACTLY what I was thinking of.  How did you implement this?  This is done via BBcode, correct?  Can I get some instruction on how to get this going on my site?  Thanks in advance.

Edit:  I posted on the test forum over there.  I was thinking of using bbcode tags to make it all happen.  Also, do these work inline?  If so, that'd be great.  Thanks for all your efforts here.

13

(27 replies, posted in Feature requests)

Ah...much better on the style sheet side. 

Here's hoping someone can hack that code into the parser.php file.  I don't think this would bog down punbb, and I think it would be a fairly commonly used feature on several forums.  Its nice to be able to spoiler secrets about games, movies, and books out so you don't ruin anything for anyone.

14

(27 replies, posted in Feature requests)

I tried to add the spoiler tag mod posted in the mod forum on my site (running 1.2.5) but to no avail.  I was wondering if it would be possible in a future release to include this bbcode, as I don't think it would be too intensive.  Basically, I'm envisioning a black background and black text for the spoilered text.  When you rollover the text with the mouse, it would turn white and reveal the spoiler.  Most of this would probably be accomplished with the style sheets, but there needs to be some php to parse the [spoiler] tags.

If you do not want to include this, could you give me guidance on how to incorporate this into my site?  I imagine it will most likely just reside in the includes\parser.php file.