Location: PHPKode > projects > phpStickyBoard > phpStickyBoard-0.0.7/phpStickyBoard/proceed.post.php
<?php
$ret = array();
    
$image = new Securimage();
$valid = (!($token['auth_board']['nocaptcha']&&$token['auth_global']['nocaptcha']))?
	($image->check($_POST['captcha']) == true):true;
	
if(!$valid) $ret[] = 'proceed/post/hashcash';
if(!(
    $token['userid'] > 0
    && $token['auth_global']['post'] != 0					# Not banned from global maintence.
    && $token['auth_board']['post'] != 0					# Not banned from board maintener.
)){										# Not authorized.
    $ret[] = 'proceed/post/authorize';
} else {
    $title = isset($_POST['title'])?trim($_POST['title']):false;
    $content = isset($_POST['content'])?trim($_POST['content']):false;
    $authlevel = isset($_POST['authlevel'])&&is_numeric($_POST['authlevel'])?
	$_POST['authlevel']:$token['auth_board']['authlevel'];
	
    if((!$title)||cstrlen($title)>60) $ret[] = 'proceed/post/title';
    if((!$content)||cstrlen($content)>10240) $ret[] = 'proceed/post/content';
    $content = nbbc_parse($content);
    if(!$ret){
	$title = base64_encode($title);
	$content = base64_encode(gzcompress($content,9));
    								        # -- Magic number
	if(isset($_POST['board'])){						# Post a new thread in specified board.
	    $boardid = $_POST['board'];
	    if(!is_numeric($boardid))
	        $ret[] = 'proceed/post/boardid';
	    else {    
	        #  TODO verify post permission to this board and/or appending to this parent, even the existence of this board/thread is doubted!
	        $r = mysql_query("SELECT * FROM post_boards WHERE ID='$boardid'");
		if(!($row = mysql_fetch_array($r))){				# When This board not found.
		    $ret[] = 'proceed/post/boardid';
		} else {
		    if($row['authlevel']>$token['auth_board']['authlevel'])	# Posting to a board not authorized.
		        $ret[] = 'proceed/post/authorize';
		    else 
		        if($token['auth_board']['authlevel']<$authlevel 
		    	|| $authlevel < $row['authlevel'])			# Desired authlevel can not be achieved.
			    $ret[] = 'proceed/post/desiredauthlevel';
			else
			    $board_count = $row['postcount'];
		}
		# # # # #
		$parentid = 0;
		if(isset($_POST['parent'])){					 # Append to specified thread.
		    $parentid = $_POST['parent'];
		    if(!is_numeric($parentid))
		        $ret[] = 'proceed/post/parentid';
		}
		if(!$ret){
		    $sqls = array("INSERT INTO pending_post
		            (title,content,authlevel,boardid,userid,parent,tokenid,timestamp
		            )VALUES(
		             '$title',
		             '$content',
			     '$authlevel',
		             '$boardid',
		             '{$token['userid']}',
		             '{$parentid}',
			     '{$tokenid}',
			    '" . time() . "'
	                )");
		    if($parentid==0)						# Update board's post count when new post encounters.
			$sqls[] = "UPDATE post_boards SET postcount='" .
		        ($board_count + 1) . "' WHERE ID='$boardid'";
		}
	    }
	} else 
	    $ret[] = 'proceed/post/parameter';
	if(isset($sqls)&&$sqls&&count($ret)==0){
	    foreach($sqls as $sql)
		mysql_query($sql);
	    $ret = 'Your post was accepted.';
	}
    }
}
?>
Return current item: phpStickyBoard