[fixes #13] Merging in a LOT of work. Dang.

2025-05-19 08:40:21 -07:00 · 2015-08-13 23:33:31 -07:00 · 2015-08-13 23:33:31 -07:00 · b91650258a
commit b91650258a
parent dc92457987 a38c716711
6 changed files with 414 additions and 466 deletions
--- a/lib/function.php
+++ b/lib/function.php
@ -394,84 +394,91 @@ function generatenumbergfx($num,$minlen=0,$double=false){
 	return $gfxcode;
 }
-function dotag($in,$str){
+
-	global $tagval,$v,$tzoff,$dateformat, $hacks, $sql;
+
-	if(stristr($str,$in)){
+function dotags($msg, $user, &$tags = array()) {
-		if($in=='/me ')		$out="*<b>$v[username]</b> ";
+	global $sql, $dateformat, $tzoff;
-		elseif($in=='&numposts&')	$out=$v[posts];
+	if (is_string($tags)) {
-		elseif($in=='&numdays&')	$out=floor($v[days]);
+		$tags	= json_decode($tags, true);
 		elseif($in=='&exp&')		$out=$v[exp];
 		elseif($in=='&postrank&')	$out=$sql->resultq("SELECT count(*) FROM users WHERE posts>$v[posts]",0,0)+1;
 		elseif($in=='&postrank10k&')	$out=$sql->resultq("SELECT count(*) FROM users WHERE posts+10000>$v[posts]",0,0)+1;
 		elseif($in=='&postrank20k&')	$out=$sql->resultq("SELECT count(*) FROM users WHERE posts+20000>$v[posts]",0,0)+1;
 		elseif($in=='&postrank30k&')	$out=$sql->resultq("SELECT count(*) FROM users WHERE posts+30000>$v[posts]",0,0)+1;
 		elseif($in=='&5000&')		$out=5000-$v[posts];
 		elseif($in=='&20000&')		$out=20000-$v[posts];
 		elseif($in=='&30000&')		$out=30000-$v[posts];
 		elseif($in=='&expdone&')	$out=$v[expdone];
 		elseif($in=='&expnext&')	$out=$v[expnext];
 		elseif($in=='&expdone1k&')	$out=floor($v[expdone]/1000);
 		elseif($in=='&expnext1k&')	$out=floor($v[expnext]/1000);
 		elseif($in=='&expdone10k&')	$out=floor($v[expdone]/10000);
 		elseif($in=='&expnext10k&')	$out=floor($v[expnext]/10000);
 		elseif($in=='&exppct&')		$out=sprintf('%01.1f',@(1-$v[expnext]/$v[lvllen])*100);
 		elseif($in=='&exppct2&')	$out=sprintf('%01.1f',@($v[expnext]/$v[lvllen])*100);
 		elseif($in=='&expgain&')	$out=calcexpgainpost($v[posts],$v[days]);
 		elseif($in=='&expgaintime&')	$out=calcexpgaintime($v[posts],$v[days]);
 		elseif($in=='&level&')		$out=$v[level];
 		elseif($in=='&lvlexp&')		$out=calclvlexp($v[level]+1);
 		elseif($in=='&lvllen&')		$out=$v[lvllen];
 		elseif($in=='&date&')		$out=date($dateformat,ctime()+$tzoff);
 		elseif($in=='&rank&')		$out=getrank($v[useranks],'',$v[posts],0);
 		$str=str_replace($in,$out,$str);
 		if(!stristr($tagval,$in)) $tagval.="\xB0\xBB$in"."\xAB\xB0$out";
 	}
-	return $str;
+
 	if (empty($tags)) {
 		$tags	= array(
 			'/me '			=> "*<b>". $user['username'] ."</b> ",
 			'&date&'		=> date($dateformat, ctime() + $tzoff),
 			'&numdays&'		=> floor($user['days']),
 			'&numposts&'	=> $user['posts'],
 			'&rank&'		=> getrank($user['useranks'], '', $user['posts'], 0),
 			'&postrank&'	=> $sql->resultq("SELECT count(*) FROM `users` WHERE posts>$user[posts]")+1,
 			'&5000&'		=>  5000 - $user['posts'],
 			'&10000&'		=> 10000 - $user['posts'],
 			'&20000&'		=> 20000 - $user['posts'],
 			'&30000&'		=> 30000 - $user['posts'],
 			'&exp&'			=> $user['exp'],
 			'&expgain&'		=> calcexpgainpost($user['posts'], $user['days']),
 			'&expgaintime&'	=> calcexpgaintime($user['posts'], $user['days']),
 			'&expdone&'		=> $user['expdone'],
 			'&expdone1k&'	=> floor($user['expdone'] /  1000),
 			'&expdone10k&'	=> floor($user['expdone'] / 10000),
 			'&expnext&'		=> $user['expnext'],
 			'&expnext1k&'	=> floor($user['expnext'] /  1000),
 			'&expnext10k&'	=> floor($user['expnext'] / 10000),
 			'&exppct&'		=> sprintf('%01.1f', ($user['lvllen'] ? (1 - $user['expnext'] / $user['lvllen']) : 0) * 100),
 			'&exppct2&'		=> sprintf('%01.1f', ($user['lvllen'] ? (    $user['expnext'] / $user['lvllen']) : 0) * 100),
 			'&level&'		=> $user['level'],
 			'&lvlexp&'		=> calclvlexp($user['level'] + 1),
 			'&lvllen&'		=> $user['lvllen'],
 			);
 	}
 	$msg	= strtr($msg, $tags);
 	return $msg;
 }
-function doreplace($msg,$posts,$days,$username,$min=0){
+
-  global $tagval,$v,$sql;
+
-  $user=$sql->fetchq("SELECT * FROM users WHERE name='".addslashes($username)."'", MYSQL_BOTH, true);
+function doreplace($msg, $posts, $days, $username, &$tags = null) {
-  $v[useranks]=$user[useranks];
+	global $tagval, $sql;
-  $v[username]=$username;
+	
-  $msg=dotag('/me ',$msg);
+	// This should probably go off of user ID but welp
-  if(!stristr($msg,'&')) return $msg;
+	$user			= $sql->fetchq("SELECT * FROM `users` WHERE `name` = '".addslashes($username)."'", MYSQL_BOTH, true);
-  $v[posts]=$posts;
+
-  $v[days]=$days;
+	$userdata		= array(
-  $v[exp]=calcexp($posts,$days);
+		'id'		=> $user['id'],
-  $v[level]=calclvl($v[exp]);
+		'username'	=> $username,
-  $v[lvllen]=totallvlexp($v[level]);
+		'posts'		=> $posts,
-  $v[expdone]=$v[exp]-calclvlexp($v[level]);
+		'days'		=> $days,
-  $v[expnext]=calcexpleft($v[exp]);
+		'useranks'	=> $user['useranks'],
-  $v[id] = $user[id];
+		'exp'		=> calcexp($posts,$days)
-  $msg=dotag('&numposts&',$msg);
+		);
-  $msg=dotag('&numdays&',$msg);
+
-  $msg=dotag('&exp&',$msg);
+	$userdata['level']		= calclvl($userdata['exp']);
-  $msg=dotag('&5000&',$msg);
+	$userdata['expdone']	= $userdata['exp'] - calclvlexp($userdata['level']);
-  $msg=dotag('&20000&',$msg);
+	$userdata['expnext']	= calcexpleft($userdata['exp']);
-  $msg=dotag('&30000&',$msg);
+	$userdata['lvllen']		= totallvlexp($userdata['level']);
-  $msg=dotag('&expdone&',$msg);
+
-  $msg=dotag('&expnext&',$msg);
+
-  $msg=dotag('&expdone1k&',$msg);
+	if (!$tags) {
-  $msg=dotag('&expnext1k&',$msg);
+		$tags	= array();
-  $msg=dotag('&expdone10k&',$msg);
+	}
-  $msg=dotag('&expnext10k&',$msg);
+	$msg	= dotags($msg, $userdata, $tags);
-  $msg=dotag('&exppct&',$msg);
+
-  $msg=dotag('&exppct2&',$msg);
+	return $msg;
  $msg=dotag('&expgain&',$msg);
  $msg=dotag('&expgaintime&',$msg);
  $msg=dotag('&level&',$msg);
  $msg=dotag('&lvlexp&',$msg);
  $msg=dotag('&lvllen&',$msg);
  $msg=dotag('&date&',$msg);
  $msg=dotag('&rank&',$msg);
  if(!$min){
    $msg=dotag('&postrank&',$msg);
    $msg=dotag('&postrank10k&',$msg);
    $msg=dotag('&postrank20k&',$msg);
    $msg=dotag('&postrank30k&',$msg);
  }
  return $msg;
 }
 function escape_codeblock($text) {
 	$list = array("[code]", "[/code]", "<", "\\\"" , "\\\\" , "\\'", "[", ":", ")", "_");
 	$list2 = array("", "", "&lt;", "\"", "\\", "\'", "&#91;", "&#58;", "&#41;", "&#95;");
 	// @TODO why not just use htmlspecialchars() or htmlentities()
 	return "[quote]<code>". str_replace($list, $list2, $text[0]) ."</code>[/quote]";	
 }
 function doreplace2($msg, $options='0|0'){
 	// options will contain smiliesoff|htmloff
 	$options = explode("|", $options);
@ -481,8 +488,7 @@ function doreplace2($msg, $options='0|0'){
 	$list = array("<", "\\\"" , "\\\\" , "\\'", "[", ":", ")", "_");
 	$list2 = array("&lt;", "\"", "\\", "\'", "&#91;", "&#58;", "&#41;", "&#95;");
-	$msg=preg_replace("'\[code\](.*?)\[/code\]'sie",
+	$msg=preg_replace_callback("'\[code\](.*?)\[/code\]'si", 'escape_codeblock',$msg);
 	 '\''."[quote]<code>".'\''.'.str_replace($list,$list2,\'\\1\').\'</code>[/quote]\'',$msg);
 	if ($htmloff) {
@ -520,8 +526,6 @@ function doreplace2($msg, $options='0|0'){
 	$msg=preg_replace("'\[img\](.*?)\[/img\]'si", '<img src=\\1>', $msg);
 	$msg=preg_replace("'\[url\](.*?)\[/url\]'si", '<a href=\\1>\\1</a>', $msg);
 	$msg=preg_replace("'\[url=(.*?)\](.*?)\[/url\]'si", '<a href=\\1>\\2</a>', $msg);
 	$msg=preg_replace("/\[trope\](.*?)\[\/trope\]/sie", "'<a href=\'http://tvtropes.org/pmwiki/pmwiki.php/Main/\\1\'>'.formatting_trope('\\1').'</a>'", $msg);
 	$msg=preg_replace("/\[trope=(.*?)\](.*?)\[\/trope\]/sie", "'<a href=\'http://tvtropes.org/pmwiki/pmwiki.php/Main/\\1\'>\\2</a>'", $msg);
 	$msg=str_replace('http://nightkev.110mb.com/justus_layout.css','about:blank',$msg);
 	do {
@ -534,32 +538,20 @@ function doreplace2($msg, $options='0|0'){
 	return $msg;
 }
 function settags($text,$tags){
 	// @TODO: FIX THIS SHIT
 	return $text;
-	global $hacks;
+function settags($text, $tags) {
-	if (filter_bool($hacks['noposts'])) {
+
-		$badtags	= array("&5000&", "&20000&", "&30000&", "&numposts&", );
+	if (!$tags) {
 		return $text;
 	} else {
 		$text	= dotags($text, array(), $tags);	
 	}
 	$p1	= 0;
 	for($i=0;$p1<strlen($tags) and $i<100;$i++){
 		$p1+=2;
 		$p2=@strpos($tags,"\xAB\xB0",$p1) or $p2=strlen($tags);
 		$tag=substr($tags,$p1,$p2-$p1);
 		$p2+=2;
 		$p1=@strpos($tags,"\xB0\xBB",$p2) or $p1=strlen($tags);
 		$val=substr($tags,$p2,$p1-$p2);
 		if ($hacks['noposts'] && in_array($tag, $badtags)) {
 			$val	= "";
 		}
 		$text=str_replace($tag,$val,$text);
 	}
 	return $text;
 }
 function doforumlist($id){
 	global $fonttag,$loguser,$power,$sql;
 	$forumlinks="
@ -635,7 +627,7 @@ function getrank($rankset,$title,$posts,$powl){
 	if($title)
 		$rank .= $title;
 	elseif (in_array($powl, $powerranks))
-		$rank .= $powerranks[$powl];
+		$rank .= filter_string($powerranks[$powl]);
 	return $rank;
 }
@ -1078,6 +1070,7 @@ function moodlist($sel = 0, $return = false) {
 	if ($return) return $a;
 	$c[$sel]	= " checked";
 	$ret		= "";
 	if ($log && $loguser['moodurl'])
 		$ret = '
@ -1101,8 +1094,8 @@ function moodlist($sel = 0, $return = false) {
 	foreach($a as $num => $name) {
 		$jsclick = (($log && $loguser['moodurl']) ? "onclick='avatarpreview($loguserid,$num)'" : "");
-		$ret .= "<input type='radio' name='moodid' value='$num'". $c[$num] ." id='mood$num' tabindex='". (9000 + $num) ."' style=\"height: 12px;\" $jsclick>
+		$ret .= "<input type='radio' name='moodid' value='$num'". filter_string($c[$num]) ." id='mood$num' tabindex='". (9000 + $num) ."' style=\"height: 12px;\" $jsclick>
-             <label for='mood$num' ". $c[$sel] ." style=\"font-size: 12px;\">&nbsp;$num:&nbsp;$name</label><br>\r\n";
+             <label for='mood$num' ". filter_string($c[$sel]) ." style=\"font-size: 12px;\">&nbsp;$num:&nbsp;$name</label><br>\r\n";
 	}
 	if (!$sel || !$log || !$loguser['moodurl'])
--- a/lib/threadpost.php
+++ b/lib/threadpost.php
@ -40,7 +40,7 @@
 		$post['text']=doreplace2($post['text'], $post['options']);
 	//  if (strpos($post['text'], "http://hyperhacker.no-ip.org/b/smilies/lolface.png") || strpos($post['text'], "images/smilies/roflx.gif")) $post['text'] = "<img src=images/smilies/roflx.gif><br><br><small>(Excessive post content hidden)</small>";
-		if ($post['editdate']) {
+		if (filter_int($post['editdate'])) {
 			$post['edited'] = " (last edited by {$post['edited']} at ".date($dateformat,$post['editdate']+$tzoff).")";
 		}
@ -79,27 +79,25 @@
 			return $post;
 		}
 		$post['tagval'].="\xB0\xBB";
 		if($loguser['viewsig']!=2){
-			if($headid=$post['headid']) {
+			if($headid=filter_int($post['headid'])) {
 				// just in case
 				if($postl[$headid] === NULL) $postl[$headid]=$sql->resultq("SELECT text FROM postlayouts WHERE id=$headid");
 				$post['headtext']=$postl[$headid];
 			}
-			if($signid=$post['signid']) {
+			if($signid=filter_int($post['signid'])) {
 				// just in case
 				if($postl[$signid] === NULL) $postl[$signid]=$sql->resultq("SELECT text FROM postlayouts WHERE id=$signid");
 				$post['signtext']=$postl[$signid];
 			}
 		}
-		$post['headtext']=settags($post['headtext'],$post['tagval']);
+		$post['headtext']=settags($post['headtext'],filter_string($post['tagval']));
-		$post['signtext']=settags($post['signtext'],$post['tagval']);
+		$post['signtext']=settags($post['signtext'],filter_string($post['tagval']));
 		if($loguser['viewsig']==2){
-			$post['headtext']=doreplace($post['headtext'],$post['num'],($post['date']-$post['regdate'])/86400,$post['name'],1);
+			$post['headtext']=doreplace($post['headtext'],$post['num'],($post['date']-$post['regdate'])/86400,$post['name']);
-			$post['signtext']=doreplace($post['signtext'],$post['num'],($post['date']-$post['regdate'])/86400,$post['name'],1);
+			$post['signtext']=doreplace($post['signtext'],$post['num'],($post['date']-$post['regdate'])/86400,$post['name']);
 		}
 		$post['headtext']=doreplace2($post['headtext']);
 		$post['signtext']=doreplace2($post['signtext']);
--- a/newreply.php
+++ b/newreply.php
@ -17,7 +17,7 @@
 		die();
 	}
- 	$forumid=intval($thread[forum]);
+	$forumid=intval($thread['forum']);
 	$forum=$sql->fetchq("SELECT title,minpower,minpowerreply,id,specialscheme FROM forums WHERE id=$forumid");
 	if ($forum['minpower'] && $power < $forum['minpower']) {
 		$forum['title'] = '';
@ -30,15 +30,18 @@
 	require_once 'lib/layout.php';
 	$smilies=readsmilies();
-	if(!$ppp) $ppp=(!$log?20:$loguser[postsperpage]);
+	if(!filter_int($ppp)) $ppp=(!$log?20:$loguser['postsperpage']);
 	$fonline=fonlineusers($forumid);
 	$header=makeheader($header1,$headlinks,$header2 ."	$tblstart$tccell1s>$fonline$tblend");
-	if(@mysql_num_rows($sql->query("SELECT user FROM forummods WHERE forum=$forumid and user=$loguserid"))) $ismod=1;
+	if(mysql_num_rows($sql->query("SELECT user FROM forummods WHERE forum='$forumid' and user='$loguserid'"))) $ismod=1;
 	$modoptions	= "";
 	if ($ismod) {
-		if ($thread[sticky] == 1) $sticky = "checked";
+		if ($thread['sticky'] == 1) $sticky = "checked";
 		$modoptions = "	<tr>$tccell1><b>Moderator Options:</b></td>$tccell2l colspan=2>
 		$inpc=\"close\" id=\"close\" value=\"1\"><label for=\"close\">Close</label> -
 		$inpc=\"stick\" id=\"stick\" value=\"1\" $sticky><label for=\"stick\">Sticky</label>";
@ -49,11 +52,8 @@
 	$header	= "$header
 		$fonttag<a href=index.php>$boardname</a> - <a href=forum.php?id=$forumid>$forum[title]</a> - $thread[title]<form action=newreply.php name=replier method=post autocomplete=\"off\"> $tblstart";
 	replytoolbar(1);
-	if($log) activitycheck($loguserid);
+	// Post preview
  // Post preview
 	if (($power>=$forum['minpowerreply'] || $forum['minpowerreply']<1) && $id>0) {
 		$postlist="<tr>$tccellh colspan=2 style=\"font-weight:bold;\">Thread history</tr><tr>$tccellh width=150>User</td>$tccellh width=*>Post</tr>";
 		$qppp = $ppp + 1;
@ -63,13 +63,13 @@
 		while($post=$sql->fetch($posts)){
 			$bg = ((($i++) & 1) ? 'tdbg2' : 'tdbg1');
 			if ($ppp-- > 0){
-				$postnum=($post[num]?"$post[num]/":'');
+				$postnum=($post['num']?"$post[num]/":'');
 				$tcellbg="<td class='tbl $bg font' valign=top>";
-				$namecolor=getnamecolor($post[sex],$post[powerlevel]);
+				$namecolor=getnamecolor($post['sex'],$post['powerlevel']);
 				$postlist.="<tr>
 					$tcellbg<a href=profile.php?id=$post[user]><font $namecolor>$post[name]</font></a>$smallfont<br>
 					Posts: $postnum$post[posts]</td>
-					$tcellbg".doreplace2(dofilters($post[text]), $post[options])."</tr>
+					$tcellbg".doreplace2(dofilters($post['text']), $post['options'])."</tr>
 				";
 			}
 			else{
@ -79,8 +79,8 @@
 		}
 	}
-	if(!$_POST['action'] && !$thread['closed'] && !($banned && $log)
+	if(!filter_string($_POST['action']) && !$thread['closed'] && !($banned && $log)
-	 && ($power>=$forum[minpowerreply] || $forum[minpowerreply]<1) && $id>0) {
+		&& ($power>=$forum['minpowerreply'] || $forum['minpowerreply']<1) && $id>0) {
 		print $header;
 		print "";
@ -96,257 +96,211 @@
 			$altloginjs = "<span>";
 		}
-		if($postid){
+		$quotemsg	= "";
 		if(filter_int($postid)){
 			$post=$sql->fetchq("SELECT user,text,thread FROM posts,posts_text WHERE id=$postid AND id=pid");
-			$post['text']=str_replace('<br>',$br,$post[text]);
+			$post['text']=str_replace('<br>',$br,$post['text']);
 			$u=$post['user'];
 			$users[$u]=loaduser($u,1);
 			if($post['thread']==$id) $quotemsg="[quote={$users[$u]['name']}]{$post['text']}[/quote]\r\n";
 		}
-  print "
+		print "
-	 <body>
+			<body>
-	  $tccellh width=150>&nbsp</td>$tccellh colspan=2>&nbsp<tr>
+			$tccellh width=150>&nbsp</td>$tccellh colspan=2>&nbsp<tr>
-	  $tccell1><b>{$passhint}</td> $tccell2l colspan=2>
+			$tccell1><b>{$passhint}</td> $tccell2l colspan=2>
-		{$altloginjs}
+			{$altloginjs}
-		<b>Username:</b> $inpt=username VALUE=\"".htmlspecialchars($username)."\" SIZE=25 MAXLENGTH=25 autocomplete=\"off\">
+			<b>Username:</b> $inpt=username VALUE=\"".htmlspecialchars($username)."\" SIZE=25 MAXLENGTH=25 autocomplete=\"off\">
-		<b>Password:</b> $inpp=password SIZE=13 MAXLENGTH=64 autocomplete=\"off\">
+			<b>Password:</b> $inpp=password SIZE=13 MAXLENGTH=64 autocomplete=\"off\">
-		</span><tr>
+			</span><tr>
-	  $tccell1><b>Reply:</td>
+			$tccell1><b>Reply:</td>
-	  $tccell2l width=800px valign=top>".replytoolbar(2)."
+			$tccell2l width=800px valign=top>
-	  $txta=message ROWS=21 COLS=$numcols style=\"width: 100%; max-width: 800px; resize:vertical;\" ".replytoolbar(3).">". htmlspecialchars($quotemsg, ENT_QUOTES, "ISO-8859-1") ."</TEXTAREA></td>
+			$txta=message ROWS=21 COLS=$numcols style=\"width: 100%; max-width: 800px; resize:vertical;\">". htmlspecialchars($quotemsg, ENT_QUOTES) ."</TEXTAREA></td>
-    $tccell2l width=*>".moodlist($moodid)."</td><tr>
+		$tccell2l width=*>".moodlist(filter_int($moodid))."</td><tr>
-	<tr>
+		<tr>
-	  $tccell1>&nbsp</td>$tccell2l colspan=2>
+			$tccell1>&nbsp</td>$tccell2l colspan=2>
-	  $inph=action VALUE=postreply>
+			$inph=action VALUE=postreply>
-	  $inph=id VALUE=$id>
+			$inph=id VALUE=$id>
-	  $inph=valid value=\"". md5($_SERVER['REMOTE_ADDR'] . $id ."sillysaltstring") ."\">
+			$inph=valid value=\"". md5($_SERVER['REMOTE_ADDR'] . $id ."sillysaltstring") ."\">
-	  $inps=submit VALUE=\"Submit reply\">
+			$inps=submit VALUE=\"Submit reply\">
-	  $inps=preview VALUE=\"Preview reply\"></td>
+			$inps=preview VALUE=\"Preview reply\"></td>
-	<tr>$tccell1><b>Options:</b></td>$tccell2l colspan=2>
+		<tr>$tccell1><b>Options:</b></td>$tccell2l colspan=2>
-		$inpc=\"nosmilies\" id=\"nosmilies\" value=\"1\"><label for=\"nosmilies\">Disable Smilies</label> - 
+			$inpc=\"nosmilies\" id=\"nosmilies\" value=\"1\"><label for=\"nosmilies\">Disable Smilies</label> -
-		$inpc=\"nolayout\" id=\"nolayout\" value=\"1\"><label for=\"nolayout\">Disable Layout</label> - 
+			$inpc=\"nolayout\" id=\"nolayout\" value=\"1\"><label for=\"nolayout\">Disable Layout</label> -
-		$inpc=\"nohtml\" id=\"nohtml\" value=\"1\"><label for=\"nohtml\">Disable HTML</label></td></tr>
+			$inpc=\"nohtml\" id=\"nohtml\" value=\"1\"><label for=\"nohtml\">Disable HTML</label></td></tr>
-		$modoptions
+			$modoptions
-		$tblend
+			$tblend
-		<br>
+			<br>
-	 $tblstart$postlist$tblend
+			$tblstart$postlist$tblend
-	</table>
+		</table>
-		</form>
+			</form>
-	$fonttag<a href=index.php>$boardname</a> - <a href=forum.php?id=$forumid>$forum[title]</a> - $thread[title]
+		$fonttag<a href=index.php>$boardname</a> - <a href=forum.php?id=$forumid>$forum[title]</a> - $thread[title]";
-	".replytoolbar(4);
+	} elseif(!$_POST['action']) {
-  } elseif(!$_POST[action]) {
+		print $header;
-			print $header;
+		print "$tccell1>You are not allowed to post in this thread.
-			print "$tccell1>You are not allowed to post in this thread.
+		<br>".redirect("index.php", 'return to the index page', 0)."</table>";
 			<br>".redirect("index.php", 'return to the index page', 0)."</table>";
 	}
-  if($_POST[action]=='postreply' && !($banned && $log) && $id>0) {
+	if ($_POST['action'] == 'postreply' && !($banned && $log) && $id > 0) {
 		if ($log && !$password)
 			$userid = $loguserid;
 		else
 			$userid = checkuser($username,$password);
 /*
 	if (stripos($message, "i hate metal man!!") !== false) {
 		xk_ircsend("1|". xk(4) ."NO BONUS!". xk() ." Seems that ". xk(11) ."'$username'". xk() ." is another rereg, so I've banned his account (". xk(11) ."$userid". xk() .") and IP (". xk(11) ."$userip". xk() .").");
 		$sql -> query("UPDATE `users` SET `power` = '-1', `title` = 'Get out.' WHERE `id` = '$userid'");
 		$sql -> query("INSERT INTO `ipbans` SET `ip` = '". $_SERVER['REMOTE_ADDR'] ."', `date` = '". ctime() ."', `reason` = 'NO BONUS'");
 		die("Winners don't do drugs!");
 	}
 */
-	$error='';
+		$error='';
    if($userid==-1) 
      $error="Either you didn't enter an existing username, or you haven't entered the right password for the username.";
    else{
 	$user=@$sql->fetchq("SELECT * FROM users WHERE id=$userid");
 //      if($thread[lastposter]==$userid && $user[powerlevel]<=2)
 //        $error='You already have the last reply in this thread.';
      if($thread[closed])
        $error='The thread is closed and no more replies can be posted.';
      if($user[powerlevel]<$forum[minpowerreply])
        $error='Replying in this forum is restricted, and you are not allowed to post in this forum.';
      if(!$message)
        $error="You didn't enter anything in the post.";
    }
    if(!$error){
 	activitycheck($userid);
 	$sign=$user[signature];
 	$head=$user[postheader];
 	if($user[postbg]) $head="<div style=background:url($user[postbg]);height=100%>$head";
-	$numposts=$user[posts]+ 1;
+		if ($userid == -1) {
-
+			$error	= "Either you didn't enter an existing username, or you haven't entered the right password for the username.";
 	$numdays=(ctime()-$user[regdate])/86400;
 	$message=doreplace($message,$numposts,$numdays,$username);
 	$rsign=doreplace($sign,$numposts,$numdays,$username);
 	$rhead=doreplace($head,$numposts,$numdays,$username);
 	$currenttime=ctime();
 	if($submit){
 	  if (!(!$x_hacks['host'] && $userid == 715) || true) {
 	  $sql->query("UPDATE `users` SET `posts` = $numposts, `lastposttime` = '$currenttime' WHERE `id` = '$userid'");
 		if ($nolayout) {
 			$headid = 0;
 			$signid = 0;
 		} else {
-			$headid=getpostlayoutid($head);
+			$user	= @$sql->fetchq("SELECT * FROM users WHERE id='$userid'");
-			$signid=getpostlayoutid($sign);
+			if ($thread['closed'])
 				$error	= 'The thread is closed and no more replies can be posted.';
 			if ($user['powerlevel']<$forum['minpowerreply'])
 				$error	= 'Replying in this forum is restricted, and you are not allowed to post in this forum.';
 			if (!$message)
 				$error	= "You didn't enter anything in the post.";
 		}
 		if (!$error) {
-		if ($ismod) {
+			$sign	= $user['signature'];
-			if ($close) $close = "`closed` = '1',";
+			$head	= $user['postheader'];
-				else $close = "`closed` = '0',";
+			// @TODO: Remove this code
-			if ($stick) $stick = "`sticky` = '1',";
+			if($user['postbg']) $head="<div style=background:url($user[postbg]);height=100%>$head";
-				else $stick = "`sticky` = '0',";
+
 			$numposts		= $user['posts']+ 1;
 			$numdays		= (ctime()-$user['regdate'])/86400;
 			$tags			= array();
 			$message		= doreplace($message,$numposts,$numdays,$username, $tags);
 			$tagval			= $sql->escape(json_encode($tags));
 			$rsign			= doreplace($sign,$numposts,$numdays,$username);
 			$rhead			= doreplace($head,$numposts,$numdays,$username);
 			$currenttime	= ctime();
 			if (filter_string($_POST['submit'])) {
 				$sql->query("UPDATE `users` SET `posts` = $numposts, `lastposttime` = '$currenttime' WHERE `id` = '$userid'");
 				if (filter_bool($nolayout)) {
 					$headid = 0;
 					$signid = 0;
 				} else {
 					$headid=getpostlayoutid($head);
 					$signid=getpostlayoutid($sign);
 				}
 				$close	= "";
 				$stick	= "";
 				if ($ismod) {
 					if ($close) $close = "`closed` = '1',";
 						else $close = "`closed` = '0',";
 					if ($stick) $stick = "`sticky` = '1',";
 						else $stick = "`sticky` = '0',";
 				}
 				$sql->query("INSERT INTO posts (thread,user,date,ip,num,headid,signid,moodid) VALUES ($id,$userid,$currenttime,'$userip',$numposts,$headid,$signid,'". $_POST['moodid'] ."')");
 				$pid=mysql_insert_id();
 				$options = filter_int($nosmilies) . "|" . filter_int($nohtml);
 				if($pid) $sql->query("INSERT INTO `posts_text` (`pid`,`text`,`tagval`, `options`) VALUES ('$pid','$message','$tagval', '$options')");
 				$sql->query("UPDATE `threads` SET $close $stick `replies` =  `replies` + 1, `lastpostdate` = '$currenttime', `lastposter` = '$userid' WHERE `id`='$id'");
 				$sql->query("UPDATE `forums` SET `numposts` = `numposts` + 1, `lastpostdate` = '$currenttime', `lastpostuser` ='$userid', `lastpostid` = '$pid' WHERE `id`='$forumid'");
 				$sql->query("UPDATE `threadsread` SET `read` = '0' WHERE `tid` = '$id'");
 				$sql->query("REPLACE INTO threadsread SET `uid` = '$userid', `tid` = '$id', `time` = ". ctime() .", `read` = '1'");
 				xk_ircout("reply", $user['name'], array(
 					'forum'		=> $forum['title'],
 					'fid'		=> $forumid,
 					'thread'	=> str_replace("&lt;", "<", $thread['title']),
 					'pid'		=> $pid,
 					'pow'		=> $forum['minpower'],
 				));
 				return header("Location: thread.php?pid=$pid#$pid");
 			} else {
 				loadtlayout();
 				$message				= stripslashes($message);
 				$ppost					= $user;
 				$ppost['posts']++;
 				$ppost['uid']			= $userid;
 				$ppost['num']			= $numposts;
 				$ppost['lastposttime']	= $currenttime;
 				$ppost['date']			= $currenttime;
 				$ppost['moodid']		= $_POST['moodid'];
 				if (filter_bool($nolayout)) {
 					$ppost['headtext'] = "";
 					$ppost['signtext'] = "";
 				} else {
 					$ppost['headtext']=$rhead;
 					$ppost['signtext']=$rsign;
 				}
 				$ppost['text']		= $message;
 				$ppost['options']	= filter_int($nosmilies) . "|" . filter_int($nohtml);
 				if($isadmin) $ip=$userip;
 				$chks = array("", "", "");
 				if ($nosmilies) $chks[0] = "checked";
 				if ($nolayout)  $chks[1] = "checked";
 				if ($nohtml)    $chks[2] = "checked";
 				print "$header
 				<body onload=window.document.REPLIER.message.focus()>
 				$tccellh>Post preview
 				$tblend$tblstart
 				".threadpost($ppost,1)."
 				$tblend<br>$tblstart
 				<FORM ACTION=newreply.php NAME=REPLIER METHOD=POST>
 				$tccellh width=150>&nbsp</td>$tccellh colspan=2>&nbsp<tr>
 				$tccell1><b>Reply:</td>
 				$tccell2l width=800px valign=top>$txta=message ROWS=21 COLS=$numcols style=\"width: 100%; max-width: 800px; resize:vertical;\">". htmlspecialchars($message, ENT_QUOTES, "ISO-8859-1") ."</TEXTAREA></td>
 				$tccell2l width=*>".moodlist($moodid)."</td><tr>
 				$tccell1>&nbsp</td>$tccell2l colspan=2>
 				$inps=submit VALUE=\"Submit reply\">
 				$inps=preview VALUE=\"Preview reply\"></td>
 				$inph=username VALUE=\"".htmlspecialchars($username)."\">
 				$inph=password VALUE=\"".htmlspecialchars($password)."\">
 				$inph=valid value=\"". md5($_SERVER['REMOTE_ADDR'] . $id ."sillysaltstring") ."\">
 				$inph=action VALUE=postreply>
 				$inph=id VALUE=$id>
 				<tr>$tccell1><b>Options:</b></td>$tccell2l colspan=2>
 				$inpc=\"nosmilies\" id=\"nosmilies\" value=\"1\" $chks[0]><label for=\"nosmilies\">Disable Smilies</label> -
 				$inpc=\"nolayout\" id=\"nolayout\" value=\"1\" $chks[1]><label for=\"nolayout\">Disable Layout</label> -
 				$inpc=\"nohtml\" id=\"nohtml\" value=\"1\" $chks[2]><label for=\"nohtml\">Disable HTML</label></td></tr>
 				$modoptions
 				$tblend
 				</FORM>
 				$tblstart$postlist$tblend
 				</td></FORM>
 				";
 			}
 		$sql->query("INSERT INTO posts (thread,user,date,ip,num,headid,signid,moodid) VALUES ($id,$userid,$currenttime,'$userip',$numposts,$headid,$signid,'". $_POST['moodid'] ."')");
 		$pid=mysql_insert_id();
 		$options = intval($nosmilies) . "|" . intval($nohtml);
 	  if($pid) $sql->query("INSERT INTO `posts_text` (`pid`,`text`,`tagval`, `options`) VALUES ('$pid','$message','$tagval', '$options')");
 	  if (in_array($id, array(3424, 3425, 3426, 3816, 4907)) && !$x_hacks['host']) {
 		$lastgmpost	= $sql -> resultq("SELECT MAX(`id`) FROM `posts` WHERE `user` = '24' AND `thread` = '$id'");
 		if ($id == 3424) {
 			$inarray	= "49, 203, 41, 29";
 		} elseif ($id == 3425) {
 			$inarray	= "3, 25, 14, 22";
 		} elseif ($id == 3426) {
 			$inarray	= "61, 1, 18, 555";
 		} elseif ($id == 3816) {
 			$inarray	= "4, 10, 66, 125";
 		} elseif ($id == 4907) {
 			$inarray	= "18, 19, 21, 2";
 		}
 		$playerposts	= $sql -> resultq("SELECT COUNT(DISTINCT `user`) FROM `posts` WHERE `user` IN ($inarray) AND `thread` = '$id' AND `id` > '$lastgmpost'");
 		if ($playerposts >= 4) $stick .= " `icon` = 'images/piticon-ok.png',";
 		else  $stick .= " `icon` = 'images/piticon-wait.png',";
 	  }
 	  $sql->query("UPDATE `threads` SET $close $stick `replies` =  `replies` + 1, `lastpostdate` = '$currenttime', `lastposter` = '$userid' WHERE `id`='$id'");
 	  $sql->query("UPDATE `forums` SET `numposts` = `numposts` + 1, `lastpostdate` = '$currenttime', `lastpostuser` ='$userid', `lastpostid` = '$pid' WHERE `id`='$forumid'");
 	  $sql->query("UPDATE `threadsread` SET `read` = '0' WHERE `tid` = '$id'");
 	  $sql->query("REPLACE INTO threadsread SET `uid` = '$userid', `tid` = '$id', `time` = ". ctime() .", `read` = '1'");
 /*
 	  print "
 	   $tccell1>Reply posted successfully!
 	<br>".redirect("thread.php?pid=$pid#$pid", $thread[title], 0) .$tblend;
 */
 		xk_ircout("reply", $user['name'], array(
 			'forum'		=> $forum['title'],
 			'fid'		=> $forumid,
 			'thread'	=> str_replace("&lt;", "<", $thread['title']),
 			'pid'		=> $pid,
 			'pow'		=> $forum['minpower'],
 		));
 		if (in_array($id, array(3426, 4907, 6358)) && !$x_hacks['host'] && false) {
 			relay_vgg($id, $userid, $username, $message);
 		}
 		return header("Location: thread.php?pid=$pid#$pid");
 	  } else {
 		  print "
 		   $tccell1>Reply posted successfully!
 		<br>".redirect("thread.php?id=$id", $thread[title], 0) .$tblend;
 	  }
 	}else{
 		loadtlayout();
 		$message = stripslashes($message);
 		$ppost=$user;
 		$ppost[uid]=$userid;
 		$ppost[num]=$numposts;
 		$ppost[posts]++;
 		$ppost[lastposttime]=$currenttime;
 		$ppost[date]=$currenttime;
 		$ppost[moodid]=$_POST['moodid'];
 		if ($nolayout) {
 			$ppost[headtext] = "";
 			$ppost[signtext] = "";
 		} else {
-			$ppost[headtext]=$rhead;
+			print "$header$tccell1>Couldn't enter the post. $error<br>".redirect("thread.php?id=$id", $thread['title'], 0);
 			$ppost[signtext]=$rsign;
 		}
-		$ppost[text]=$message;
+	}
 		$ppost[options] = $nosmilies . "|" . $nohtml;
 	  if($isadmin) $ip=$userip;
 		$chks = array();
 		if ($nosmilies) $chks[0] = "checked";
 		if ($nolayout)  $chks[1] = "checked";
 		if ($nohtml)    $chks[2] = "checked";
 	  print "$header
 		<body onload=window.document.REPLIER.message.focus()>
 		$tccellh>Post preview
 		$tblend$tblstart
 		".threadpost($ppost,1)."
 		$tblend<br>$tblstart
 		<FORM ACTION=newreply.php NAME=REPLIER METHOD=POST>
 		$tccellh width=150>&nbsp</td>$tccellh colspan=2>&nbsp<tr>
 		$tccell1><b>Reply:</td>
 		$tccell2l width=800px valign=top>$txta=message ROWS=21 COLS=$numcols style=\"width: 100%; max-width: 800px; resize:vertical;\">". htmlspecialchars($message, ENT_QUOTES, "ISO-8859-1") ."</TEXTAREA></td>
    $tccell2l width=*>".moodlist($moodid)."</td><tr>
 		$tccell1>&nbsp</td>$tccell2l colspan=2>
 		$inps=submit VALUE=\"Submit reply\">
 		$inps=preview VALUE=\"Preview reply\"></td>
 		$inph=username VALUE=\"".htmlspecialchars($username)."\">
 		$inph=password VALUE=\"".htmlspecialchars($password)."\">
 		$inph=valid value=\"". md5($_SERVER['REMOTE_ADDR'] . $id ."sillysaltstring") ."\">
 		$inph=action VALUE=postreply>
 		$inph=id VALUE=$id>
 	<tr>$tccell1><b>Options:</b></td>$tccell2l colspan=2>
 		$inpc=\"nosmilies\" id=\"nosmilies\" value=\"1\" $chks[0]><label for=\"nosmilies\">Disable Smilies</label> -
 		$inpc=\"nolayout\" id=\"nolayout\" value=\"1\" $chks[1]><label for=\"nolayout\">Disable Layout</label> -
 		$inpc=\"nohtml\" id=\"nohtml\" value=\"1\" $chks[2]><label for=\"nohtml\">Disable HTML</label></td></tr>
 		$modoptions
 		$tblend
 		</FORM>
 	 $tblstart$postlist$tblend
 		</td></FORM>
 	  ";
      }
    }else
 	print "$header$tccell1>Couldn't enter the post. $error<br>".redirect("thread.php?id=$id", $thread['title'], 0);
  }
  if($thread[closed])
    print "
 	$tccell1>Sorry, but this thread is closed, and no more replies can be posted in it.
 	<br>".redirect("thread.php?id=$id",$thread[title],0);
  if($banned and $log)
    print "
 	$tccell1>Sorry, but you are banned from the board, and can not post.
 	<br>".redirect("thread.php?id=$id",$thread[title],0);
 	if ($thread['closed']) {
 		print "
 		$tccell1>Sorry, but this thread is closed, and no more replies can be posted in it.
 		<br>".redirect("thread.php?id=$id",$thread['title'],0);
 	} elseif($banned and $log) {
 		print "
 		$tccell1>Sorry, but you are banned from the board, and can not post.
 		<br>".redirect("thread.php?id=$id",$thread['title'],0);
 	}
  print $footer;
  printtimedif($startingtime);
 function activitycheck($userid){
  global $id,$thread,$header,$tblstart,$tccell1,$tblend,$footer,$loguser,$sql;
  $activity=$sql->resultq("SELECT count(*) FROM posts WHERE user=$userid AND thread=$id AND date>".(ctime()-86400),0,0);
 //  if($activity>=(stristr($thread[title],'ACS ')?5:5000))
 //    die("$tblstart$tccell1>You have posted enough in this thread today. Come back later!$tblend$footer");
  $activity=$sql->resultq("SELECT count(*) FROM posts WHERE user=$userid AND date>".(ctime()-300),0,0);
 	  if($activity && $userid == 1079)
 		 die("$header$tblstart$tccell1>You can only post once every five minutes! Make it count!$tblend$footer");
 }
--- a/newthread.php
+++ b/newthread.php
@ -200,9 +200,11 @@
 			$numposts = $user[posts] + 1;
 			$numdays = (ctime()-$user[regdate])/86400;
-			$msg = doreplace($msg, $numposts, $numdays, $username);
+			$tags	= array();
 			$msg = doreplace($msg, $numposts, $numdays, $username, $tags);
 			$rsign = doreplace($sign, $numposts, $numdays, $username);
 			$rhead = doreplace($head, $numposts, $numdays, $username);
 			$tagval	= $sql->escape(json_encode($tags));
 			$posticons = file('posticons.dat');
 			$posticon = $posticons[$iconid];
 			$currenttime = ctime();
--- a/thread.php
+++ b/thread.php
@ -392,7 +392,8 @@
 			$pthread = $sql->fetchq("SELECT id,title,forum FROM threads WHERE id=$post[thread]", MYSQL_BOTH, true);
 			$pforum  = $sql->fetchq("SELECT minpower FROM forums WHERE id=".intval($pthread[forum]), MYSQL_BOTH, true);
 		}
-		$post['act'] = $act[$post['user']];
+		
 		$post['act'] = filter_int($act[$post['user']]);
 		if (!$pforum || $pforum['minpower'] <= $power)
 			$postlist .= threadpost($post, $bg, $pthread);
--- a/tlayouts/regular.php
+++ b/tlayouts/regular.php
@ -54,7 +54,7 @@
 		}
-		$reinf=syndrome($post['act']);
+		$reinf=syndrome(filter_int($post['act']));
 		if ($post['lastposttime']) {
 			$sincelastpost	= 'Since last post: '.timeunits(ctime()-$post['lastposttime']);