post.php: For posting messages on a forum (big)

hatrickpatrick

I'm using a forum code I downloaded; First bad sign, a parse error in it's post file. This file is extremely messy and annoying, the original author even left a comment to that effect at the top.

Could anyone please tell me where these parse errors are?

Parse error: parse error, unexpected T_STRING in /home/www/wamsyk.100webspace.net/post.php on line 108

<?php
/ I hate this file, I'm going to rewrite it sometime. /

require_once 'includes/header.inc.php';

$page->title = 'Post';
$page->header();
echo '<h1>Post New Message</h1>';

$boardid = (isset($GET['board']) ? intval($GET['board']) : null);
$topicid = (isset($GET['topic']) ? intval($GET['topic']) : null);
$mode = (!isset($_GET['topic']) ? 'topic' : 'message');

if ($mode == 'message') {
$board_info = $SQL->fetch_assoc($SQL->query('SELECT b., t.
FROM topics t
LEFT JOIN boards b ON b.board_id = t.topic_boardid
WHERE t.topic_id = '.$topicid));
} else if ($mode == 'topic') {
$board_info = $SQL->fetch_assoc($SQL->query('SELECT * FROM boards WHERE board_id = '.$boardid));
} else {
$page->error('data');
}

/ Bang Bang, Errors >> /
if (!isset($board_info['board_id']))
$page->error('boardid');
else if (!board_auth($board_info, $DATA['user'], 'post') || $DATA['user']['auth'] == false)
$page->error('other', 'You aren\'t authorized to post on this board.');
else if ($mode == 'message' && !isset($board_info['topic_id']))
$page->error('topicid');
else if ($mode == 'message' && $board_info['topic_status'] != 0 && $DATA['user']['user_level'] < $_CONF['perms']['moderator'])
$page->error('other', 'This topic is closed. You cannot post in closed topics.');

/ Message drafting query stuff /
if ($mode == 'topic' && isset($GET['draft'])) {
$draft = $SQL->fetch_assoc($SQL->query('SELECT * FROM drafts WHERE draft_id = '.(int)$GET['draft'].' AND draft_boardid = '.$boardid.' AND draft_user = '.$_DATA['user']['user_id']));

if (!isset($draft['draft_id']))
	$page->error('data');

$_POST['topic_title'] = html_entity_decode($draft['draft_topic']);
$_POST['message_text'] = html_entity_decode($draft['draft_msg']);

} else if ($mode == 'message' && isset($GET['draft'])) {
$draft = $SQL->fetch_assoc($SQL->query('SELECT * FROM drafts WHERE draft_id = '.(int)$GET['draft'].' AND draft_topicid = '.$topicid.' AND draft_user = '.$_DATA['user']['user_id']));

if (!isset($draft['draft_id']))
	$page->error('data');

$_POST['message_text'] = html_entity_decode($draft['draft_msg']);

}

/ Page Links /

if (isset ($GET['topic']))
$page_links = array('gentopic.php?board='.$board_info['topic_boardid'] => 'Topic List', 'genmessage.php?topic='.$topicid => 'Message List', 'drafts.php' => 'Drafts');
if (isset ($GET['board']))
$page_links['gentopic.php?board='.$boardid] = 'Topic list';

$page->userbar($page_links);

/ Start post validation/insertion/
if (isset ($POST['post']) || isset($POST['preview']) || isset($POST['preview_spelling'])) {
$postparse = new post();
if ($mode == 'topic') {
$message_text = $postparse->message($POST['message_text']);
$topic_title = $postparse->topic($POST['topic_title']);
$topic_limit_check = $SQL->fetch_assoc($SQL->query('SELECT COUNT(topic_id) AS num_posted FROM topics WHERE topic_time > '.(time() - 60).' AND topic_creator = '.$DATA['user']['user_id'].''));
}
else
$message_text = $postparse->message($_POST['message_text']);

$msg_limit_check = $SQL->fetch_assoc($SQL->query('SELECT COUNT(`message_id`) AS `msgs_posted` FROM `messages` WHERE `message_time` > '.(time() - 60).' AND `message_poster` = '.$_DATA['user']['user_id'].' AND `message_status` = 0'));

$post_error = $postparse->check_lengths();

if ($msg_limit_check['msgs_posted'] >= $_CONF['general']['msg_limit'])
	$post_error = 'You can only post '.$_CONF['general']['msg_limit'].' messages per minute. You have posted '.$msg_limit_check['msgs_posted'].' in the last minute.'; 
if (isset($topic_limit_check) && $topic_limit_check['num_posted'] >= $_CONF['general']['topic_limit'])
	$post_error = 'You can only post '.$_CONF['general']['topic_limit'].' topics per minute. You have posted '.$topic_limit_check['num_posted'].' topics in the last minute.';

if (isset ($post_error))
	echo '<p class="error"><strong>Error:</strong> '.$post_error.'</p>';
else {
	if (isset ($_POST['post']) && !isset ($_GET['topic'])) {
		$insert_cmds = array(
			'topic_creator' => $_DATA['user']['user_id'],
			'topic_time'    => time(),
			'topic_name'    => $topic_title,
			'topic_boardid' => $boardid
			);
		$SQL->insert('topics',$insert_cmds);

		$topicid = $SQL->insert_id();

		/* Poll stuff....olol */
		if (strlen($_POST['question']) >= 3 && substr_count($_POST['options'], "\n") > 0) {
			$sql_cmd = array(
					'poll_name' => htmlentities($_POST['question']),
					'poll_topicid' => $topicid
			);
			$SQL->insert('topic_polls', $sql_cmd);

			$poll_id = $SQL->insert_id();

			$SQL->query('UPDATE `topics` SET `topic_ispoll` = 1 WHERE `topic_id` = '.$topicid);

			$options_array = explode("\n", $_POST['options']);

			foreach($options_array as $option) {
			$option = trim($option);
				if (!empty($option)) {
					$sql_cmd = array(
						'option_poll' => $poll_id,
						'option_name' => htmlentities($option)
					);

					$SQL->insert('topic_polloptions', $sql_cmd);
				}
			}
		}				 
	}

	if (isset ($_POST['post'])) {

		if($_DATA['user']['user_level'] >= 45)
			$message_text = str_replace('[dice]',$_DATA['user']['user_name'].' rolled two six-sided dice: ['.rand(1,6).']['.rand(1,6).']',$message_text);

		$insert_cmds = array(
			'message_poster'  => $_DATA['user']['user_id'],
			'message_time'    => time(),
			'message_text'    => $message_text,
			'message_topicid' => $topicid,
			'message_ip'      => $_DATA['ip']['address'],
			'message_boardid' => $board_info['board_id']
			);

		$SQL->insert('messages', $insert_cmds);
		$msgid = $SQL->insert_id();

		/* Attachments */
		if (isset($_FILES['upload']['name']) $_FILES['upload']['size'] > 0 && $_DATA['user']['user_level'] >= $_CONF['abilities']['attachment']) {
			if ($_FILES['upload']['size'] > $_CONF['general']['attach_limit'])
				$page->error('other', 'The attachment exceeded the upload limit!');
			$update_cmds = array(
				'message_aname' => $_FILES['upload']['name'],
				'message_amime' => $_FILES['upload']['type'],
				'message_asize' => $_FILES['upload']['size']
				);

			if(!move_uploaded_file($_FILES['upload']['tmp_name'], 'attachments/'.$msgid))
				$page->error('other', 'An unknown error occured while uploading the attachment.');

			$SQL->update('messages', $update_cmds, '`message_id` = '.$msgid);
		}

		if ($_DATA['user']['user_level'] >= $_CONF['perms']['moderator'] && isset($_POST['sticky']))
			$SQL->query('UPDATE `topics` SET `topic_sticky` = 1 WHERE `topic_id` = '.$topicid);
		else if ($_DATA['user']['user_level'] >= $_CONF['perms']['moderator'] && isset($_POST['close']))
			$SQL->query('UPDATE `topics` SET `topic_status` = 1 WHERE `topic_id` = '.$topicid);

		rebuild_topic_cache($topicid);

		$msgs = $SQL->fetch_row($SQL->query('SELECT `topic_msgcount` FROM `topics` WHERE `topic_id` = '.$topicid));

		$page = ceil($msgs[0]/$_CONF['display']['default_ipp']);
		if ($_DATA['user']['user_invertmsg'] == 0)
			header('Location: genmessage.php?topic='.$topicid.'&page='.$page.'#msg'.$msgid);
		else
			header('Location: genmessage.php?topic='.$topicid.'&page='.$page.'#msg'.$msgid);

		$page->footer();
	}
	else if (isset ($_POST['preview']) || isset($_POST['preview_spelling'])) {
		if (!isset ($_GET['topic']))
			echo 
			'<form enctype="multipart/form-data" action="?board='.$boardid.'" method="post">
			<strong>Topic Title</strong><br />
			<div class="message">'.$topic_title.'</div>
			<input type="hidden" name="topic_title" value="'.htmlentities($_POST['topic_title']).'" />
			<input type="hidden" name="question" value="'.htmlentities($_POST['question']).'" />
			<input type="hidden" name="options" value="'.htmlentities($_POST['options']).'" />';
		else
			echo '<form enctype="multipart/form-data" action="?topic='.$topicid.'" method="post">';

		echo 
		'<strong>Message Text</strong><br />
		<div class="message">'.$message_text.'</div><br />
		<input type="hidden" name="message_text" value="'.htmlentities($_POST['message_text']).'" />
		<input type="hidden" name="processor" value="'.htmlentities($_POST['processor']).'" />
		<input type="submit" name="post" value="Post Message!" />
		</form>';
	}
}

} else if (isset($POST['save'])) {
$sql_cmd = array(
'draft_user' => $DATA['user']['user_id'],
'draft_msg' => htmlentities($_POST['message_text']),
'draft_time' => time(),
'draft_boardid' => $board_info['board_id']
);

continued below

hatrickpatrick

if ($mode == 'message')
$sql_cmd['draft_topicid'] = $topicid;
else
$sql_cmd['topic_topic'] = htmlentities($_POST['topic_title']);

$SQL->insert('drafts', $sql_cmd);
echo '<div class="system">This message has been saved.</div>';

}

echo '<div class="container">';

if (isset($GET['topic'])) {
echo
'<form enctype="multipart/form-data" action="?topic='.$topicid.'" method="post" name="msgform">
<h2>Current Topic</h2>
<p><a href="genmessage.php?topic='.$topicid.'" target="Blank">'.$board_info['topic_name'].'</a><br />
(Click above to open the topic in a new window)</p>';
} else {
echo
'<form enctype="multipart/form-data" action="?board='.$boardid.'" method="post" name="msgform">
<h2>Topic Name</h2>
<p><strong>Topic Name: </strong><input type="text" name="topic_title" size="50" maxlength="80" value="'.(isset($POST['topic_title']) ? htmlentities($POST['topic_title']) : '').'" /><br />
<small>(Must be between 3 and 80 characters in length)</small></p>';
}

if ($DATA['user']['user_level'] >= $CONF['perms']['moderator']) {
echo '
<h2>Topic Options [<a onClick="toggleDisplay(\'topicOptions\')">Toggle</a>]</h2>
<p id="topicOptions">
<input type="checkbox" name="sticky" value="1" /> Sticky Topic<br />
<input type="checkbox" name="close" value="1" /> Close Topic<br />
</p>';
}

if ($mode == 'topic') {
echo '<h2>Poll Topic [<a onClick="toggleDisplay(\'pollcreate\')">Toggle</a>]</h2>
<p id="pollcreate">
<strong>Question:</strong>
<input type="text" name="question" '.(isset($POST['question']) ? 'value="'.htmlentities($POST['question']).'"' : '').'/><br />
<strong>Poll Options</strong> <small>(One per line, at least 2 options)</small><br />
<textarea name="options" rows="5" cols="30">'.(isset($POST['options']) ? ''.htmlentities($POST['options']).'' : '').'</textarea>
</p>';
}

<script>
document.getElementById('pollcreate').style.display="none";
document.getElementById('topicOptions').style.display="none";
function toggleDisplay(id){
if (document.getElementById(id).style.display == "none") {
document.getElementById(id).style.display="block";
} else {
document.getElementById(id).style.display="none";
}
}
</script>

<?php
$sig = (!empty ($DATA['user']['user_sig']) ? "\n\n---\n".$DATA['user']['user_sig'] : '');
if ($_DATA['user']['user_editor'] != 2)
$sig = nl2br($sig);

if($DATA['user']['user_editor'] == 2 && isset($POST['message']))
$POST['message'] = str_replace('<br />', '', $POST['message']);

if ($items->user_has_item($_DATA['user']['user_id'], 'SMILIES')) {

echo '<script src="includes/javascript.js"></script>';

$get_smilies = '';
$sc = 1;
foreach ($_CONF['smilies'] as $location => $replace) {
$get_smilies .= '<a href="javascript:add_smiley(\''.$replace.'\')"><img src="'.$location.'" alt="'.$replace.'" border="0"/></a>'.($sc == 4 ? '<br />' : '');
$sc = ($sc == 4 ? 1 : $sc + 1);
}
?>

<table>
<tr><th>Smilies</th><th>Message Text</th></tr>
<tr>
<td style="width: 20%; text-align: center;">
<?= $get_smilies ?>
</td>
<td>
<p>Message may not exceed <?= $CONF['general']['post_maxlen'] ?> characters.</p>
<p><textarea name="message_text" rows="15" cols="50"><?= (isset($POST['message_text']) ? htmlentities($_POST['message_text']) : $sig) ?></textarea>
</td>
</tr>
</table>

<?php } else { ?>
<h2>Message Text</h2>
<p>Message may not exceed <?= $CONF['general']['post_maxlen'] ?> characters.</p>
<p><textarea name="message_text" id="message_text" rows="15" cols="50"><?= (isset($POST['message_text']) ? htmlentities((isset($POST['quickpost']) && $DATA['user']['user_editor'] != 2 ? nl2br($POST['message_text']) : $POST['message_text'])) : $sig) ?></textarea><br />

<?php
}

echo
'</p>';
if ($DATA['user']['user_level'] >= $CONF['abilities']['attachment']) {
echo '<h2>Add Attachment</h2>
<input type="hidden" name="MAX_FILE_SIZE" value="'.$CONF['general']['attach_limit'].'" />
<p><input type="file" name="upload" /> <small>(Max size '.number_format($CONF['general']['attach_limit']/1024).' K😎</small></p>';
}
echo '
<input type="submit" accesskey="a" name="post" value="Add Message" />
<input type="submit" name="preview" value="Preview Message" />
<input type="submit" name="preview_spelling" value="Spellcheck Message" />
<input type="submit" name="save" value="Save/Draft Message" /></p>';

if (isset($_POST['preview_spelling'])) {

$check_words = preg_replace('/<br \/>.{2}/s', ' ', $message_text);
$check_words = preg_replace('/<[^>]*>/s', ' ', $message_text);

$mispelled = check_spelling($check_words);

if (count($mispelled) > 0) {
	echo '<h2>Misspelled words</h2>';

	foreach ($mispelled as $word => $suggestions) {
		echo '<strong>'.$word.'</strong>: ';
		foreach ($suggestions as $sug_word)
			echo ''.$sug_word.', ';
		echo '<br />';
	}
}

}

echo '
</form>
</div>';

$page->footer();

If anyone COULD help me, it would be much appreciated. And thanks very much to anyone who actually takes the time to read through that mess.

kburger

I believe that what's on line 106:

$SQL->query('UPDATE `topics` SET `topic_ispoll` = 1 WHERE `topic_id` = '.$topicid);

Should be:

$SQL->query("UPDATE `topics` SET `topic_ispoll` = 1 WHERE `topic_id` = $topicid");

Edit: Nope. Never mind. That's not it.

Weedpacket

It would probably be easier to just attach the file.... Better yet, just paste the relevant section (obviously, everything after line 108 is not relevant), and use [php]...[/code] tags as well so that formatting is preserved.

hatrickpatrick wrote:
Could anyone please tell me where these parse errors are?

Umm... line 108 springs to mind 😉 which (thanks to kburger's counting them) would be

$options_array = explode("\n", $_POST['options']);

Which admittedly does look fine. When I syntax-check your code I don't find anything wrong with line 108, but I do get an unexpected variable parse error on line 142:

if (isset($_FILES['upload']['name']) $_FILES['upload']['size'] > 0 && $_DATA['user']['user_level'] >= $_CONF['abilities']['attachment']) {

Which is missing an '&&'.