<?php
if(!defined('DATALIFEENGINE')){die("Hacking attempt!");}
	
	$forum_id = intval($_REQUEST['forum_id']);
	$postcount = intval ($forums_array[$forum_id]['postcount']);
	$subscription = intval($_REQUEST['subscription']);

    // Îòêðûòèå íîâîé òåìû ïðè ìèíèìóìå ñîîáùåíèé íà ôîðóìå ó þçåðà
    if ($member_id['forum_post'] >= $forum_config['min_post']  OR $member_id['user_group'] < 2){
        $access_topic = check_access($forums_array[$forum_id]['access_topic']);
    }else{
        $access_topic = false;
        forum_msg($f_lang['all_info'], "Äëÿ îòêðûòèÿ íîâîé òåìû íóæíî èìåòü ìèíèìóì ".$forum_config['min_post']."  ïîëåçíûõ ñîîáùåíèé íà ôîðóìå");
    }
    //Îòêðûòèå íîâîé òåìû ïðè ìèíèìóìå ñîîáùåíèé íà ôîðóìå ó þçåðà.

	if ($access_topic)
	{
		if (!$_REQUEST['subaction'])
		{
			$access_upload = check_access($forums_array[$forum_id]['access_upload']);
			
			$upload_var = array('area' => "topic", 'forum_id'  => $forum_id, 'topic_id'  => get_salt(),);
			
				$tpl->set('[not-wysywyg]', "");
				
				$tpl->set('{wysiwyg}','');
				
				$tpl->set('[/not-wysywyg]',"");
				
				include_once SYSTEM_DIR.'/forum/sources/components/bbcode.php';

			$topic_action_add = $a_forum_url."act=add_topic&subaction=1";
			
			$tpl->load_template($tpl_dir.'addtopic.tpl');
			
			$tpl->set('{bbcode}',$bb_code);
			$tpl->set('{topic_title}',"");
			$tpl->set('{topic_descr}',"");
			$tpl->set('{text}',"");

			if ($is_logged)
			{
				$tpl->set_block("'\\[not-logged\\](.*?)\\[/not-logged\\]'si","");
			}
			else
			{
				$tpl->set('[not-logged]','');
				$tpl->set('[/not-logged]','');
			}
			
			if (check_access($forum_config['tools_poll']))
			{
				$tpl->set('[poll]','');
				$tpl->set('[/poll]','');
			}
			else
			{
				$tpl->set_block("'\\[poll\\](.*?)\\[/poll\\]'si","");
			}
			
			if (check_access($forum_config['topic_captcha']))
			{
				$tpl->set('[sec_code]',"");
				$tpl->set('[/sec_code]',"");
				
				$path = parse_url($config['http_home_url']);
				$anti_bot = !defined('FORUM_SUB_DOMAIN') ? 'system/modules/' : '';
				
				$tpl->set('{sec_code}',"<span id=\"dle-captcha\"><img src=\"".$path['path'].$anti_bot."antibot.php\" alt=\"${lang['sec_image']}\" border=\"0\"></span>");
			}
			else
			{
				$tpl->set('{sec_code}',"");
				$tpl->set_block("'\\[sec_code\\](.*?)\\[/sec_code\\]'si","");
			}
			
			$tpl->copy_template = "<form  method=\"post\" name=\"forum-post-form\" id=\"forum-post-form\" action=\"{$topic_action_add}\">".$tpl->copy_template."
			<input type=\"hidden\" name=\"forum_id\" value=\"{$forum_id}\" />
			<input type=\"hidden\" name=\"add_tid\" value=\"{$upload_var['topic_id']}\" /></form>
            <div id=\"uploads-form\"></div>";
			
			$tpl->compile('dle_forum');
			
			$tpl->clear();
		}
		
		else
		{
			if (check_access($forum_config['topic_captcha']))
			{
				if ($_REQUEST['sec_code'] !== $_SESSION['sec_code_session'] and isset($_SESSION['sec_code_session']))
				{
					$topic_captcha = true;
					
					$_SESSION['sec_code_session'] = FALSE;
				}
			}
			else
			{
				$topic_captcha = false;
			}
			
			if (!$topic_captcha){
			
			require_once SYSTEM_DIR.'/classes/parse.class.php';
			
			$parse = new ParseFilter(Array(), Array(), 1, 1);

			if (!$is_logged)
			{
				$name = $db->safesql($parse->process(trim($_POST['name'])));
				$mail = $db->safesql($parse->process(trim($_POST['mail'])));
				
				$member_id['name'] = $name;
				
				$db->query("SELECT name from " . USERPREFIX . "_users where LOWER(name) = '".strtolower($name)."'");
				
				if (!$db->num_rows() > 0)
				{
					$name_ok = true;
				}
				else
				{
					$name_ok = false;
				}
				
				$db->free();
				
				if(preg_match("/^[\.A-z0-9_\-]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $mail))
				{
					$mail_ok = true;
				}
				else
				{
					$mail_ok = false;
				}
				
				if ($name_ok and $mail_ok)
				{
					$access_add = true;
				}
				else
				{
					$access_add = false;
					
					if (!$name_ok) $stop .= $f_lang['err_name'];
					
					if (!$mail_ok) $stop .= $f_lang['err_mail'];
				}
			}
			else
			{
				$access_add = true;
			}

			$topic_title = $db->safesql($parse->process($_POST['topic_title']));
			$topic_descr = $db->safesql($parse->process($_POST['topic_descr']));

			$topic_text = $parse->process($_POST['post_text']);
				
				$topic_text = $db->safesql($parse->BB_Parse($topic_text, FALSE));
				
			$topic_text = auto_wrap ($topic_text);
			
			if (strlen($topic_text) > $forum_config['post_maxlen'])
			{
				$post_maxlen = true;
				
				$stop .= $f_lang['ajax_stop_4'];
			}
			else
			{
				$post_maxlen = false;
			}
			
			if ($topic_title and $topic_text and $access_add and !$post_maxlen)
			{
				$_IP = $db->safesql($_SERVER['REMOTE_ADDR']);
				
				$vote_title = trim($db->safesql($parse->process($_POST['vote_title'])));
				$frage = trim($db->safesql($parse->process($_POST['frage'])));
				$vote_body = $db->safesql($parse->BB_Parse($parse->process($_POST['vote_body']), false));
				$poll_multiple = intval($_POST['poll_multiple']);
				
				$_TIME = time()+($config['date_adjust']*60);
				$topic_date = date ("Y-m-d H:i:s", $_TIME);
				
				if ($forum_config['meta_topic'])
				{
					$meta = forum_metatags($topic_title . ' ' . $topic_descr . ': ' . $topic_text);
				}
				else{ $meta = ""; }
				
				$db->query("INSERT INTO " . PREFIX . "_forum_topics (forum_id, title, topic_descr, author_topic, start_date, last_date, last_poster_name, poll_title, frage, poll_body, multiple, meta_descr, meta_keywords) values ('$forum_id', '$topic_title', '$topic_descr', '$member_id[name]', '$topic_date', '$topic_date', '$member_id[name]', '$vote_title', '$frage', '$vote_body', '$poll_multiple', '$meta[description]', '$meta[keywords]')");
				
				$topic_id = $db->insert_id();
				
				$db->query("INSERT INTO " . PREFIX . "_forum_posts (topic_id, post_date, post_author, post_text, post_ip, is_register, e_mail, is_count) values ('$topic_id', '$topic_date', '$member_id[name]', '$topic_text', '$_IP', '$is_logged', '$mail', '$postcount')");
				
				$new_pid = $db->insert_id();
				
				set_first_post_id ($topic_id, $new_pid);
				
				$db->query("UPDATE " . PREFIX . "_forum_forums SET topics = topics+1, f_last_tid = '$topic_id', f_last_title = '$topic_title', f_last_date ='$topic_date', f_last_poster_name = '$member_id[name]' WHERE id ='$forum_id'");
				
				if ($forum_config['set_topic_post'] and $postcount and $is_logged)
				{
					$db->query("UPDATE " . PREFIX . "_users SET forum_post = forum_post+1 WHERE name = '$member_id[name]'");
				}
				
				if ($forum_config['set_sub_last_up'] and $is_parentid = $forums_array[$forum_id]['parentid'])
				{
					$db->query("UPDATE " . PREFIX . "_forum_forums SET f_last_tid = '$topic_id', f_last_title = '$topic_title', f_last_date = '$topic_date', f_last_poster_name = '$member_id[name]', last_post_id = '$new_pid' WHERE id = '$is_parentid'");
				}
				
				if ($subscription and $is_logged)
				{
					$db->query("SELECT * FROM " . PREFIX . "_forum_subscription WHERE topic_id = '$topic_id' and user_id = '{$member_id['user_id']}'");
					
					if (!$db->num_rows() and $topic_id)
					{
						$db->query("INSERT INTO " . PREFIX . "_forum_subscription (user_id, topic_id) values ('{$member_id['user_id']}', '$topic_id')");
					}
				}
				
				if ($_REQUEST['add_tid'])
				{
					if (stristr ($topic_text, "[attachment="))
					{
						$result = $db->query("SELECT * FROM " . PREFIX . "_forum_files
						                      WHERE topic_id = '{$_REQUEST['add_tid']}' and file_attach = '0'");
						                      
						while ($att = $db->get_row($result))
						{
							if (stristr($topic_text, "[attachment={$att['file_id']}]") OR stristr($topic_text, "/forum/files/{$att['onserver']}"))
							{
								$update_id[] = $att['file_id'];
							}
						}
						
						if ($update_id)
						{
							$update_list = implode(',', $update_id);
							
							$db->query("UPDATE " . PREFIX . "_forum_files SET topic_id = '$topic_id', post_id = '$new_pid', file_attach = '1' WHERE file_id IN ({$update_list})");
						}
					}
				}
				
				if ($forum_config['topic_email'])
				{
					$topic_link = $config['http_home_url']."?do=forum&showtopic={$topic_id}";
					
					include_once SYSTEM_DIR.'/classes/mail.class.php';
					
					$mail = new dle_mail ($config);
					
					$mail_tpl = $db->super_query("SELECT template FROM " . PREFIX . "_forum_email where name='new_topic' LIMIT 0,1");
					
					$mail_tpl['template'] = stripslashes($mail_tpl['template']);
					
					$mail_result = str_replace("{%username%}", $member_id[name], $mail_tpl['template']);
					
					$mail_result = str_replace("{%date%}", $topic_date, $mail_result);
					
					$mail_result = str_replace("{%title%}", $topic_title, $mail_result);
					
					$mail_result = str_replace("{%link%}", $topic_link, $mail_result);
					
					$mail->send ($config['admin_mail'], "DLE Forum - NEW TOPIC", $mail_result);
				}
				
				if ($forum_config['mod_rewrite'])
				{
					$topic_location = $forum_url."/topic_".$topic_id;
				}
				else
				{
					$topic_location = $forum_url."showtopic=".$topic_id;
				}
				
                $cache->clear('forum_show_last');
				
				header("Location: $topic_location");
			}
			
			else
			{
				forum_msg($f_lang['f_msg'], $f_lang['topic_add_stop'], 'stop', "<br />".$stop);
			}
			
			}
			
			else
			{
				if ($topic_captcha)
				{
					forum_msg($f_lang['all_info'], $f_lang['captcha_stop']);
				}
			}
		}
	}
	
	else
	{
		$group_name = $user_group[$member_id['user_group']]['group_name'];
		
		forum_msg($f_lang['f_msg'], $f_lang['topic_add_ndeny'], 'user_group', $group_name);
	}
	
	if ($forum_config['forum_bar'])
	{
		$bbr_fid = $forum_id;
		$bbr_fname = $forums_array[$forum_id]['name'];
		
		$category_id = $forums_array[$forum_id]['main_id'];
		
		$bbr_cid = $category_id;
		$bbr_name = $cats_array[$category_id]['cat_name'];
		
		$bbr_app = $f_lang['app_newtopic'];
	}
	
?>