root/trunk/redirectors/preview.php

<?php

/**
 * Package: Spam Board 5
 * File: redirectors/preview.php
 * Description: Preview of a post before saving it to the database
 *
 * Copyright (C) 2007, 2009 Hannes Schueller
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, version 3 of the
 * License.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program (see LICENCE). If not,
 * see <http://www.gnu.org/licenses/>.
 **/

// called independently from index
require_once('../includes/config/settings.php');

// load classes on demand
function __autoload($class) {
    global $SETTINGS;
    if (is_file($SETTINGS['fspath'] . 'classes/pages/' . $class . '.php')) {
        require_once($SETTINGS['fspath'] . 'classes/pages/' . $class . '.php');
    } elseif (is_file($SETTINGS['fspath'] . 'classes/misc/' . $class . '.php')) {
        require_once($SETTINGS['fspath'] . 'classes/misc/' . $class . '.php');
    } else { die('Class ' . $class . ' not found.'); }
}

// initialize global warnings array
$WARNINGS = Array();

// import version number
require_once($SETTINGS['fspath'] . 'includes/config/version.php');
// bots definition
require_once($SETTINGS['fspath'] . 'includes/config/bots.php');
// formatting object
$F = new Format();
require($SETTINGS['fspath'] . 'includes/lang/' . $SETTINGS['language'] . '.php');
// open database connection
$C = new Connection();
Member::session();
if (isset($_SESSION['lang']) && $_SESSION['lang'] != '') {
    include($SETTINGS['fspath'] . 'includes/lang/' . $_SESSION['lang'] . '.php');
}
// translate passed variables to local identifiers
require($SETTINGS['fspath'] . 'includes/input.php');

// page start
$_pref = '../';
$html = Page::start();

// check if user has permission; required: read; independent from id
if (Member::checkRights('Preview', 'r')) {
    // permission granted
    // header
    $html->body->addChild('h2', $LANG['Preview']);
    $INPUT['user'] = base64_decode(strtr($INPUT['user'], '-_', '+/'));
    if (isset($INPUT['user']) && $INPUT['user'] != '') {
        // manual authentication
        // get user info
        $q = $C->prepare('SELECT memberid, membername AS poster FROM sb_members WHERE membername=:user');
        $q->bindParam(':user', $INPUT['user'], PDO::PARAM_STR);
        $s = $q->execute();
        if ($s && $row = $q->fetchObject()) {
            // valid member
            $row->postedbymember = $row->memberid;
        } else {
            // guest
            $row->poster = $INPUT['user'];
            $row->postedbymember = 0;
        }
        $q = NULL;
    } else {
        // logged in
        $row = new stdClass();
        $row->poster = $_SESSION['membername'];
        $row->postedbymember = 1;
    }
    // decode post
    $row->post = $F->htmlentities(base64_decode(strtr($INPUT['post'], '-_', '+/')), TRUE);
    $row->postid = 0;
    // construct and format timestamp
    $_now = new DateTime('now', new DateTimeZone('UTC'));
    $row->posttime = $_now->format('Y-m-d H:i:s');
    // display post as it would look with all the above information
    $table = new Table();
    $p = new Post();
    $p->setPost($row);
    $p->add($table);
    $html->body->addElement($table->get());
    // link to close pop up
    $div = $html->body->addChild('div');
    $div->addAttribute('align', 'center');
    $a = $div->addChild('a', $LANG['Close_Window']);
    $a->addAttribute('href', 'javascript:self.close()');
} else {
    // permission denied
    $div = $html->body->addChild('div', $LANG['error_permission_denied']);
    $div->addAttribute('class', 'message');
}

// page output
Page::send($html);

?>