} else {
             $t_options_new = "";
         }
     }
     if (isset($_POST['t_section_new']) && is_numeric($_POST['t_section_new'])) {
         $t_section_new = $_POST['t_section_new'];
     } else {
         $error_msg_array[] = gettext("Invalid profile section ID or section not found");
         $valid = false;
     }
     if ($valid) {
         if (profile_item_update($piid, $t_section_new, $t_type_new, $t_name_new, $t_options_new)) {
             $profile_item = profile_get_item($piid);
             if ($t_name_new != $profile_item['NAME'] || $t_type_new != $profile_item['TYPE'] || $t_section_new != $psid || $t_options_new != $profile_item['OPTIONS']) {
                 $log_data = array($t_name_new, $profile_item['NAME'], $t_type_new, $profile_item['TYPE'], $t_section_new, $psid);
                 admin_add_log_entry(CHANGE_PROFILE_ITEM, $log_data);
             }
             header_redirect("admin_prof_items.php?webtag={$webtag}&psid={$psid}&edited=true");
             exit;
         } else {
             $error_msg_array[] = gettext("Failed to update profile item");
             $valid = false;
         }
     }
 } else {
     if (isset($_POST['additem'])) {
         $redirect = "admin_prof_items.php?webtag={$webtag}&psid={$psid}&additem=true&sect_page={$sect_page}";
         header_redirect($redirect);
         exit;
     }
 }
         if ($process_valid && !session::check_perm(USER_PERM_FOLDER_MODERATE, $delete_fid)) {
             $process_valid = false;
         }
         if ($process_valid && !($thread_data = thread_get($delete_tid, false, false, true))) {
             $process_valid = false;
         }
         if ($process_valid && !($preview_message = messages_get($delete_tid, $delete_pid, 1))) {
             $process_valid = false;
         }
         if ($process_valid && isset($preview_message['APPROVED'])) {
             $process_valid = false;
         }
         if ($process_valid && post_delete($delete_tid, $delete_pid)) {
             post_add_edit_text($delete_tid, $delete_pid);
             if (session::check_perm(USER_PERM_FOLDER_MODERATE, $delete_fid) && (!isset($preview_message['FROM_UID']) || $preview_message['FROM_UID'] != $_SESSION['UID'])) {
                 admin_add_log_entry(DELETE_POST, array($delete_fid, $delete_tid, $delete_pid));
             }
         } else {
             $valid = false;
         }
     }
     if ($valid) {
         header_redirect("admin_post_approve.php?webtag={$webtag}&page={$page}&delete_success=true");
         exit;
     } else {
         $error_msg_array[] = gettext("Failed to delete some messages");
     }
 } else {
     html_draw_top(array('title' => gettext('Delete Message'), 'class' => 'window_title'));
     html_display_msg(gettext("Delete"), gettext("Are you sure you want to delete all of the selected messages?"), "admin_post_approve.php", 'post', array('delete_messages' => gettext("Yes"), 'back' => gettext("No")), array('page' => $page, 'process' => $process_messages, 'delete_confirm' => 'Y'), '_self', 'center');
     html_draw_bottom();
                    $t_thread_create = (double) isset($_POST['t_thread_create'][$fid]) ? $_POST['t_thread_create'][$fid] : 0;
                    $t_post_edit = (double) isset($_POST['t_post_edit'][$fid]) ? $_POST['t_post_edit'][$fid] : 0;
                    $t_post_delete = (double) isset($_POST['t_post_delete'][$fid]) ? $_POST['t_post_delete'][$fid] : 0;
                    $t_post_attach = (double) isset($_POST['t_post_attach'][$fid]) ? $_POST['t_post_attach'][$fid] : 0;
                    $t_moderator = (double) isset($_POST['t_moderator'][$fid]) ? $_POST['t_moderator'][$fid] : 0;
                    $t_post_html = (double) isset($_POST['t_post_html'][$fid]) ? $_POST['t_post_html'][$fid] : 0;
                    $t_post_sig = (double) isset($_POST['t_post_sig'][$fid]) ? $_POST['t_post_sig'][$fid] : 0;
                    $t_post_approval = (double) isset($_POST['t_post_approval'][$fid]) ? $_POST['t_post_approval'][$fid] : 0;
                    $new_group_perms = (double) $t_post_read | $t_post_create | $t_thread_create;
                    $new_group_perms = (double) $new_group_perms | $t_post_edit | $t_post_delete;
                    $new_group_perms = (double) $new_group_perms | $t_moderator | $t_post_attach;
                    $new_group_perms = (double) $new_group_perms | $t_post_html | $t_post_sig | $t_post_approval;
                    perm_update_group_folder_perms($new_gid, $fid, $new_group_perms);
                }
            }
            admin_add_log_entry(CREATE_USER_GROUP, array($t_name));
            if (isset($_POST['add_users'])) {
                header_redirect("admin_user_groups_edit_users.php?webtag={$webtag}&gid={$new_gid}&added=true");
                exit;
            } else {
                header_redirect("admin_user_groups.php?webtag={$webtag}&added=true");
                exit;
            }
        }
    }
}
html_draw_top(array('title' => gettext('Admin - Manage User Groups - Add User Group'), 'class' => 'window_title', 'main_css' => 'admin.css'));
echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Manage User Groups"), html_style_image('separator'), gettext("Add User Group"), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
    html_display_error_array($error_msg_array, '800', 'center');
}
        if ($valid) {
            $ret = rawurlencode($ret);
            $user_search = rawurlencode($user_search);
            header_redirect("admin_forum_access.php?webtag={$webtag}&user_search={$user_search}&ret={$ret}&added=true");
            exit;
        }
    }
} else {
    if (isset($_POST['remove'])) {
        $valid = true;
        if (isset($_POST['remove_user']) && is_array($_POST['remove_user'])) {
            foreach ($_POST['remove_user'] as $remove_user_uid) {
                if ($user_logon = user_get_logon($remove_user_uid)) {
                    if (user_update_forums($remove_user_uid, $forum_fid, FORUM_USER_DISALLOWED)) {
                        $forum_name = forum_get_name($forum_fid);
                        admin_add_log_entry(CHANGE_FORUM_ACCESS, array($forum_name, $user_logon));
                    } else {
                        $error_msg_array[] = sprintf(gettext("Failed to remove permissions from user '%s'"), $user_logon);
                        $valid = false;
                    }
                }
            }
            if ($valid) {
                $ret = rawurlencode($ret);
                $user_search = rawurlencode($user_search);
                header_redirect("admin_forum_access.php?webtag={$webtag}&user_search={$user_search}&ret={$ret}&removed=true");
                exit;
            }
        }
    }
}
             $t_max_item_count = $_POST['t_max_item_count'];
         } else {
             $valid = false;
             $error_msg_array[] = gettext("Max Item Count must be between 1 and 10");
         }
         if (isset($_POST['t_old_max_item_count']) && is_numeric($_POST['t_old_max_item_count'])) {
             $t_old_max_item_count = $_POST['t_old_max_item_count'];
         } else {
             $t_old_max_item_count = 0;
         }
         if ($valid && ($t_new_name != $t_old_name || $t_new_user != $t_old_user || $t_new_fid != $t_old_fid || $t_new_url != $t_old_url || $t_new_prefix != $t_old_prefix || $t_new_frequency != $t_old_frequency || $t_max_item_count != $t_old_max_item_count)) {
             if ($t_user_array = user_get_by_logon($t_new_user)) {
                 $t_new_uid = $t_user_array['UID'];
                 if (rss_feed_update($feed_id, $t_new_name, $t_new_uid, $t_new_fid, $t_new_url, $t_new_prefix, $t_new_frequency, $t_max_item_count)) {
                     $log_data = array($t_new_name, $t_old_name, $t_new_user, $t_old_user, $t_new_fid, $t_old_fid, $t_new_url, $t_old_url, $t_new_prefix, $t_old_prefix, $t_new_frequency, $t_old_frequency);
                     admin_add_log_entry(EDITED_RSS_FEED, $log_data);
                     header_redirect("admin_rss_feeds.php?webtag={$webtag}&edited=true");
                     exit;
                 } else {
                     $error_msg_array[] = gettext("Failed to update RSS Feed");
                 }
             } else {
                 $error_msg_array[] = gettext("Unknown RSS User Account");
             }
         }
     }
 } else {
     if (isset($_POST['addfeed'])) {
         $redirect = "admin_rss_feeds.php?webtag={$webtag}&page={$page}&addfeed=true";
         header_redirect($redirect);
         exit;
Beispiel #6
0
function ban_check($user_data, $send_error = true)
{
    if (!($db = db::get())) {
        return false;
    }
    if (!is_array($user_data)) {
        return false;
    }
    $user_data_keys = array('UID', 'IPADDRESS', 'REFERER', 'LOGON', 'NICKNAME', 'EMAIL');
    $user_data = array_intersect_key($user_data, array_flip($user_data_keys));
    if (!($table_prefix = get_table_prefix())) {
        return false;
    }
    $admin_log_types_array = array(BAN_TYPE_IP => BAN_HIT_TYPE_IP, BAN_TYPE_LOGON => BAN_HIT_TYPE_LOGON, BAN_TYPE_NICK => BAN_HIT_TYPE_NICK, BAN_TYPE_EMAIL => BAN_HIT_TYPE_EMAIL, BAN_TYPE_REF => BAN_HIT_TYPE_REF);
    $ban_check_select_array = array();
    $ban_check_where_array = array();
    $user_banned = false;
    if (isset($user_data['IPADDRESS']) && strlen(trim($user_data['IPADDRESS'])) > 0) {
        $ban_check_select_array[] = sprintf("'%s' AS IPADDRESS", $db->escape($user_data['IPADDRESS']));
        $ban_check_where_array[] = sprintf("('%s' LIKE BANDATA AND BANTYPE = %d)", $db->escape($user_data['IPADDRESS']), BAN_TYPE_IP);
    }
    if (isset($user_data['REFERER']) && strlen(trim($user_data['REFERER'])) > 0) {
        $ban_check_select_array[] = sprintf("'%s' AS REFERER", $db->escape($user_data['REFERER']));
        $ban_check_where_array[] = sprintf("('%s' LIKE BANDATA AND BANTYPE = %d)", $db->escape($user_data['REFERER']), BAN_TYPE_REF);
    }
    if (!isset($user_data['UID']) || $user_data['UID'] > 0) {
        if (isset($user_data['LOGON']) && strlen(trim($user_data['LOGON'])) > 0) {
            $ban_check_select_array[] = sprintf("'%s' AS LOGON", $db->escape($user_data['LOGON']));
            $ban_check_where_array[] = sprintf("('%s' LIKE BANDATA AND BANTYPE = %d)", $db->escape($user_data['LOGON']), BAN_TYPE_LOGON);
        }
        if (isset($user_data['NICKNAME']) && strlen(trim($user_data['NICKNAME'])) > 0) {
            $ban_check_select_array[] = sprintf("'%s' AS NICKNAME", $db->escape($user_data['NICKNAME']));
            $ban_check_where_array[] = sprintf("('%s' LIKE BANDATA AND BANTYPE = %d)", $db->escape($user_data['NICKNAME']), BAN_TYPE_NICK);
        }
        if (isset($user_data['EMAIL']) && strlen(trim($user_data['EMAIL'])) > 0) {
            $ban_check_select_array[] = sprintf("'%s' AS EMAIL", $db->escape($user_data['EMAIL']));
            $ban_check_where_array[] = sprintf("('%s' LIKE BANDATA AND BANTYPE = %d)", $db->escape($user_data['EMAIL']), BAN_TYPE_EMAIL);
        }
    }
    $ban_check_select_list = implode(", ", $ban_check_select_array);
    $ban_check_where_query = implode(" OR ", $ban_check_where_array);
    if (strlen(trim($ban_check_where_query)) > 0 && strlen(trim($ban_check_select_list)) > 0) {
        $current_datetime = date(MYSQL_DATETIME_MIDNIGHT, time());
        $sql = "SELECT ID, BANTYPE, BANDATA, {$ban_check_select_list} ";
        $sql .= "FROM `{$table_prefix}BANNED` WHERE ({$ban_check_where_query}) ";
        $sql .= "AND (EXPIRES > CAST('{$current_datetime}' AS DATETIME) OR EXPIRES = 0)";
        if (!($result = $db->query($sql))) {
            return false;
        }
        if ($result->num_rows > 0) {
            $user_banned = true;
            while (($ban_check_result_array = $result->fetch_assoc()) !== null) {
                if (isset($ban_check_result_array['BANTYPE']) && is_numeric($ban_check_result_array['BANTYPE'])) {
                    $ban_check_type = $ban_check_result_array['BANTYPE'];
                    if (($ban_check_data = ban_check_process_data($ban_check_result_array)) !== false) {
                        if (isset($user_data['UID']) && $user_data['UID'] > 0) {
                            array_push($ban_check_data, $user_data['UID'], $user_data['LOGON']);
                        }
                        admin_add_log_entry($admin_log_types_array[$ban_check_type], $ban_check_data);
                    }
                }
            }
        }
    }
    if ($user_banned !== true) {
        $cached_response = false;
        if (($user_banned = sfs_check_banned($user_data, $cached_response)) !== false) {
            if ($cached_response === false) {
                $log_data = array($user_data['IPADDRESS'], $user_data['LOGON'], $user_data['EMAIL']);
                if (isset($user_data['UID'])) {
                    $log_data[] = $user_data['UID'];
                }
                admin_add_log_entry(BAN_HIT_TYPE_SFS, $log_data);
            }
        }
    }
    if ($user_banned === true && $send_error === true) {
        header_status(500, 'Internal Server Error');
        exit;
    }
    return $user_banned;
}
Beispiel #7
0
        post_edit_refuse($tid, $pid);
        html_draw_bottom();
        exit;
    }
    if (forum_get_setting('require_post_approval', 'Y') && isset($preview_message['APPROVED']) && $preview_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
        html_draw_top(sprintf("title=%s", gettext("Error")));
        post_edit_refuse($tid, $pid);
        html_draw_bottom();
        exit;
    }
}
if (isset($_POST['endpoll'])) {
    if (poll_close($tid)) {
        post_add_edit_text($tid, 1);
        if (session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid) && $preview_message['FROM_UID'] != session::get_value('UID')) {
            admin_add_log_entry(EDIT_POST, array($t_fid, $tid, $pid));
        }
    }
    if ($thread_data['LENGTH'] > 1) {
        header_redirect("discussion.php?webtag={$webtag}&msg={$msg}&edit_success={$msg}");
        exit;
    } else {
        header_redirect("discussion.php?webtag={$webtag}&edit_success={$msg}");
        exit;
    }
}
html_draw_top(sprintf("title=%s", gettext("Close Poll")), "post.js", "resize_width=720", "basetarget=_blank", 'class=window_title');
echo "<h1>", gettext("Close Poll"), " {$tid}.{$pid}</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
    html_display_error_array($error_msg_array, '720', 'left');
}
                 $filter_enabled = $_POST['filter_enabled'];
             } else {
                 $filter_enabled = WORD_FILTER_DISABLED;
             }
             if (isset($_POST['replace_text']) && strlen(trim($_POST['replace_text'])) > 0) {
                 $replace_text = trim($_POST['replace_text']);
             } else {
                 $replace_text = "";
             }
             if ($valid) {
                 if ($filter_option == WORD_FILTER_TYPE_PREG && preg_match('/e[^\\/]*$/Diu', $match_text)) {
                     $match_text = preg_replace_callback('/\\/[^\\/]*$/Diu', 'word_filter_apply_limit_preg', $match_text);
                 }
                 if (admin_update_word_filter($filter_id, $filter_name, $match_text, $replace_text, $filter_option, $filter_enabled)) {
                     $log_data = array($filter_option, $match_text, $replace_text, $filter_option);
                     admin_add_log_entry(EDIT_WORD_FILTER, $log_data);
                     header_redirect("admin_wordfilter.php?webtag={$webtag}&updated=true");
                     exit;
                 } else {
                     $error_msg_array[] = gettext("Failed to update word filter. Check that the filter still exists.");
                 }
             }
         } else {
             if (isset($_POST['addfilter'])) {
                 $redirect = "admin_wordfilter.php?webtag={$webtag}&addfilter=true";
                 header_redirect($redirect);
                 exit;
             }
         }
     }
 }
                 admin_add_log_entry(DELETE_THREAD, array($tid, $thread_data['TITLE']));
                 html_draw_top(sprintf('title=%s', gettext("Delete Thread")), 'class=window_title');
                 html_display_msg(gettext("Delete Thread"), gettext("Thread was successfully deleted"), 'discussion.php', 'get', array('continue' => gettext("Continue")), false, html_get_frame_name('main'), 'center');
                 html_draw_bottom();
                 exit;
             } else {
                 $error_msg_array[] = gettext("Failed to delete thread.");
                 $valid = false;
             }
         }
     }
     if (isset($_POST['undelete_thread']) && $_POST['undelete_thread'] == "Y") {
         if (isset($_POST['undelete_thread_confirm']) && $_POST['undelete_thread_confirm'] == "Y") {
             if (thread_undelete($tid)) {
                 post_add_edit_text($tid, 1);
                 admin_add_log_entry(UNDELETE_THREAD, array($tid, $thread_data['TITLE']));
                 html_draw_top(sprintf('title=%s', gettext("Undelete Thread")), 'class=window_title');
                 html_display_msg(gettext("Undelete Thread"), gettext("Thread was successfully undeleted"), 'thread_options.php', 'get', array('back' => gettext("Back")), array('msg' => $msg), '_self', 'center');
                 html_draw_bottom();
                 exit;
             } else {
                 $error_msg_array[] = gettext("Failed to un-delete thread");
                 $valid = false;
             }
         }
     }
 }
 if ($valid) {
     header_redirect("thread_options.php?webtag={$webtag}&msg={$msg}&updated=true");
     exit;
 }
function attachments_delete_thumbnail($hash)
{
    if (!is_md5($hash)) {
        return false;
    }
    if (!($db = db::get())) {
        return false;
    }
    if (($uid = session::get_value('UID')) === false) {
        return false;
    }
    if (!($attachment_dir = forum_get_setting('attachment_dir'))) {
        return false;
    }
    // Fetch the attachment to make sure the user
    // is able to delete it, i.e. it belongs to them.
    if ($table_prefix = get_table_prefix()) {
        $sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, ";
        $sql .= "PAI.PID, THREAD.FID FROM POST_ATTACHMENT_FILES PAF ";
        $sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) ";
        $sql .= "LEFT JOIN `{$table_prefix}THREAD` THREAD ON (THREAD.TID = PAI.TID) ";
        $sql .= "WHERE PAF.HASH = '{$hash}'";
    } else {
        $sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, ";
        $sql .= "PAI.PID FROM POST_ATTACHMENT_FILES PAF ";
        $sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) ";
        $sql .= "WHERE PAF.HASH = '{$hash}'";
    }
    if (!($result = $db->query($sql))) {
        return false;
    }
    if ($result->num_rows == 0) {
        return false;
    }
    $attachment_data = $result->fetch_assoc();
    if (!isset($attachment_data['FID'])) {
        $attachment_data['FID'] = 0;
    }
    if (!($attachment_data['UID'] == $uid || session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']))) {
        return false;
    }
    if (isset($attachment_data['TID']) && isset($attachment_data['PID'])) {
        post_add_edit_text($attachment_data['TID'], $attachment_data['PID']);
        if (session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']) && $attachment_data['UID'] != $uid) {
            $log_data = array($attachment_data['TID'], $attachment_data['PID'], $attachment_data['FILENAME']);
            admin_add_log_entry(ATTACHMENTS_DELETE, $log_data);
        }
    }
    @unlink("{$attachment_dir}/{$hash}.thumb");
    return true;
}
    $t_post_edit = (double) isset($_POST['t_post_edit']) ? $_POST['t_post_edit'] : 0;
    $t_post_delete = (double) isset($_POST['t_post_delete']) ? $_POST['t_post_delete'] : 0;
    $t_post_attach = (double) isset($_POST['t_post_attach']) ? $_POST['t_post_attach'] : 0;
    $t_post_html = (double) isset($_POST['t_post_html']) ? $_POST['t_post_html'] : 0;
    $t_post_sig = (double) isset($_POST['t_post_sig']) ? $_POST['t_post_sig'] : 0;
    $t_guest_access = (double) isset($_POST['t_guest_access']) ? $_POST['t_guest_access'] : 0;
    $t_post_approval = (double) isset($_POST['t_post_approval']) ? $_POST['t_post_approval'] : 0;
    $t_thread_move = (double) isset($_POST['t_thread_move']) ? $_POST['t_thread_move'] : 0;
    // We need a double / float here because we're storing a high bit value
    $t_permissions = (double) $t_post_read | $t_post_create | $t_thread_create;
    $t_permissions = (double) $t_permissions | $t_post_edit | $t_post_delete | $t_post_attach;
    $t_permissions = (double) $t_permissions | $t_post_html | $t_post_sig | $t_guest_access;
    $t_permissions = (double) $t_permissions | $t_post_approval | $t_thread_move;
    if ($valid) {
        if ($new_fid = folder_create($t_name, $t_description, $t_prefix, $t_allowed_types, $t_permissions)) {
            admin_add_log_entry(CREATE_FOLDER, array($t_name));
            header_redirect("admin_folders.php?webtag={$webtag}&added=true&page={$page}");
            exit;
        } else {
            $error_msg_array = gettext("Failed to create new folder");
            $valid = false;
        }
    }
}
// Make the arrays for the allow post types dropdown
$allowed_post_types = array(FOLDER_ALLOW_NORMAL_THREAD => gettext("Normal threads only"), FOLDER_ALLOW_POLL_THREAD => gettext("Poll threads only"), FOLDER_ALLOW_ALL_THREAD => gettext("Both thread types"));
html_draw_top(sprintf("title=%s", gettext("Admin - Manage Folders - Add a new folder")), 'class=window_title');
echo "<h1>", gettext("Admin"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("Manage Folders"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("Add a new folder"), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
    html_display_error_array($error_msg_array, '500', 'center');
}
 if (sizeof($process_links) > 0) {
     if (isset($_POST['delete_confirm']) && $_POST['delete_confirm'] == 'Y') {
         $valid = true;
         foreach ($process_links as $delete_lid) {
             $process_valid = true;
             if ($process_valid && !session::check_perm(USER_PERM_LINKS_MODERATE, 0)) {
                 $process_valid = false;
             }
             if ($process_valid && !($link = links_get_single($delete_lid, false))) {
                 $process_valid = false;
             }
             if ($process_valid && isset($link['DELETED']) && $link['DELETED'] > 0) {
                 $process_valid = false;
             }
             if ($process_valid && links_delete($delete_lid)) {
                 admin_add_log_entry(DELETE_LINK, array($delete_lid));
             } else {
                 $valid = false;
             }
         }
         if ($valid) {
             header_redirect("admin_link_approve.php?webtag={$webtag}&page={$page}&delete_success=true");
             exit;
         } else {
             $error_msg_array[] = gettext("Failed to delete some links");
         }
     } else {
         html_draw_top(array('title' => gettext('Delete Links'), 'class' => 'window_title'));
         html_display_msg(gettext("Delete"), gettext("Are you sure you want to delete all of the selected links?"), "admin_link_approve.php", 'post', array('delete_links' => gettext("Yes"), 'back' => gettext("No")), array('page' => $page, 'process' => $process_links, 'delete_confirm' => 'Y'), '_self', 'center');
         html_draw_bottom();
         exit;
             $error_msg_array[] = gettext("CSS style sheet could not be uploaded. Please try again.");
         } else {
             if (isset($_FILES['cssfile']['type']) && trim($_FILES['cssfile']['type']) == 'text/css') {
                 // Get path info for uploaded file.
                 $path_parts = pathinfo($_FILES['cssfile']['name']);
                 // Check the extension. This isn't fool proof, could be a renamed jpeg. Not sure
                 // how to validate the content as CSS. Maybe try and parse it?
                 if (isset($path_parts['extension']) && $path_parts['extension'] == 'css') {
                     // Read the contents of the file.
                     if ($start_page_css = @file_get_contents($_FILES['cssfile']['tmp_name'])) {
                         // New array of forum settings.
                         $new_forum_settings = array('start_page_css' => $start_page_css);
                         // Save the settings.
                         if (forum_save_settings($new_forum_settings)) {
                             // Update admin log.
                             admin_add_log_entry(EDITED_START_PAGE);
                             // Redirect back to self.
                             header_redirect("admin_startpage.php?webtag={$webtag}&uploaded=true");
                             exit;
                         }
                     }
                 }
                 // Something went wrong above. Show Error message.
                 $error_msg_array[] = gettext("CSS style sheet could not be uploaded. Please try again.");
             } else {
                 // File does not look like text/css
                 $error_msg_array[] = gettext("Invalid file type, you can only upload CSS style sheet files");
             }
         }
     }
 }
Beispiel #14
0
function admin_delete_user($uid, $delete_content = false)
{
    if (!($db = db::get())) {
        return false;
    }
    if (!is_numeric($uid)) {
        return false;
    }
    if (!is_bool($delete_content)) {
        $delete_content = false;
    }
    // Constants for deleting PM data
    $pm_inbox_items = PM_INBOX_ITEMS;
    $pm_sent_items = PM_SENT_ITEMS;
    $pm_outbox_items = PM_OUTBOX_ITEMS;
    $pm_saved_out = PM_SAVED_OUT;
    $pm_saved_in = PM_SAVED_IN;
    $pm_draft_items = PM_DRAFT_ITEMS;
    $current_datetime = date(MYSQL_DATETIME, time());
    // UID of current user
    $admin_uid = session::get_value('UID');
    // Before we delete we verify the user account exists and that
    // the user is not the current user account.
    if (($user_logon = user_get_logon($uid)) && $admin_uid != $uid) {
        // Check to see if we're also deleting the user's content.
        if ($delete_content === true) {
            // Get a list of available forums
            if ($forum_table_prefix_array = forum_get_all_prefixes()) {
                // Loop through all forums and delete all the user data from every forum.
                foreach ($forum_table_prefix_array as $forum_table_prefix) {
                    // Delete log entries created by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}ADMIN_LOG` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Links created by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Link Votes made by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS_VOTE` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Link Comments made by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS_COMMENT` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Poll Votes made by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_POLL_VOTES` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Relationship data for the user and relationships
                    // with this user made by other users.
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PEER` WHERE UID = '{$uid}' OR PEER_UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete folder preferences set by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_FOLDER` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete User's Preferences
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PREFS` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete User's Profile.
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PROFILE` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete User's Signature
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_SIG` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete User's Thread Read Data
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_THREAD` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete User's Tracking data (Post Count, etc.)
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_TRACK` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Word Filter Entries made by user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}WORD_FILTER` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Polls created by user
                    $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}THREAD` SET POLL_FLAG = 'N', ";
                    $sql .= "MODIFIED = CAST('{$current_datetime}' AS DATETIME) WHERE BY_UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete threads started by the user where
                    // the thread only contains a single post.
                    $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}THREAD` SET DELETED = 'Y', ";
                    $sql .= "MODIFIED = CAST('{$current_datetime}' AS DATETIME) WHERE BY_UID = '{$uid}' ";
                    $sql .= "AND LENGTH = 1";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete content of posts made by this user
                    $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}POST_CONTENT` POST_CONTENT ";
                    $sql .= "LEFT JOIN `{$forum_table_prefix}POST` POST ON (POST.TID = POST_CONTENT.TID ";
                    $sql .= "AND POST.PID = POST_CONTENT.PID) SET POST_CONTENT.CONTENT = NULL ";
                    $sql .= "WHERE POST.FROM_UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Mark posts made by this user as approved so they don't appear in the
                    // approval queue.
                    $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}POST` ";
                    $sql .= "SET APPROVED = CAST('{$current_datetime}' AS DATETIME), ";
                    $sql .= "APPROVED_BY = '{$admin_uid}' WHERE FROM_UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                }
            }
            // Delete Dictionary entries added by user
            $sql = "DELETE QUICK FROM DICTIONARY WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User Group Entries related to this user.
            $sql = "DELETE QUICK FROM GROUP_USERS WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's PM Content
            $sql = "DELETE QUICK FROM PM_CONTENT USING PM_CONTENT ";
            $sql .= "LEFT JOIN PM ON (PM.MID = PM_CONTENT.MID) ";
            $sql .= "WHERE ((PM.TYPE & {$pm_inbox_items} > 0) AND PM.TO_UID = '{$uid}') ";
            $sql .= "OR ((PM.TYPE & {$pm_sent_items} > 0) AND PM.FROM_UID = '{$uid}' AND PM.SMID = 0) ";
            $sql .= "OR ((PM.TYPE & {$pm_outbox_items} > 0) AND PM.FROM_UID = '{$uid}') ";
            $sql .= "OR ((PM.TYPE & {$pm_saved_out} > 0) AND PM.FROM_UID = '{$uid}') ";
            $sql .= "OR ((PM.TYPE & {$pm_saved_in} > 0) AND PM.TO_UID = '{$uid}') ";
            $sql .= "OR ((PM.TYPE & {$pm_draft_items} > 0) AND PM.FROM_UID = '{$uid}') ";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's PMs.
            $sql = "DELETE QUICK FROM PM WHERE ((TYPE & {$pm_inbox_items} > 0) ";
            $sql .= "AND TO_UID = '{$uid}') OR ((TYPE & {$pm_sent_items} > 0) ";
            $sql .= "AND FROM_UID = '{$uid}' AND SMID = 0) OR ((TYPE & {$pm_outbox_items} > 0) ";
            $sql .= "AND FROM_UID = '{$uid}') OR ((TYPE & {$pm_saved_out} > 0) ";
            $sql .= "AND FROM_UID = '{$uid}') OR ((TYPE & {$pm_saved_in} > 0) ";
            $sql .= "AND TO_UID = '{$uid}') OR ((TYPE & {$pm_draft_items} > 0) ";
            $sql .= "AND FROM_UID = '{$uid}') ";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's PM Search Results
            $sql = "DELETE QUICK FROM PM_SEARCH_RESULTS WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Attachments (doesn't remove the physical files).
            $sql = "DELETE QUICK FROM POST_ATTACHMENT_FILES WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Search Results.
            $sql = "DELETE QUICK FROM SEARCH_RESULTS WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Sessions
            $sql = "DELETE QUICK FROM SESSIONS WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Forum Preferences and Permissions
            $sql = "DELETE QUICK FROM USER_FORUM WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's History Data (Logon, Nickname, Email address changes)
            $sql = "DELETE QUICK FROM USER_HISTORY WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Global Preferences
            $sql = "DELETE QUICK FROM USER_PREFS WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Visitor Log Data
            $sql = "DELETE QUICK FROM VISITOR_LOG WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Add a log entry to show what we've done.
            admin_add_log_entry(DELETE_USER_DATA, array($uid, $user_logon));
        }
        // Delete the User account.
        $sql = "DELETE QUICK FROM USER WHERE UID = '{$uid}'";
        if (!$db->query($sql)) {
            return false;
        }
        // Add a log entry to show what we've done.
        admin_add_log_entry(DELETE_USER, array($user_logon));
        return true;
    }
    return false;
}
                 } else {
                     $t_uri = "";
                 }
                 if (isset($_POST['t_old_title']) && strlen(trim($_POST['t_old_title'])) > 0) {
                     $t_old_title = trim($_POST['t_old_title']);
                 } else {
                     $t_old_title = "";
                 }
                 if (isset($_POST['t_old_uri']) && strlen(trim($_POST['t_old_uri'])) > 0) {
                     $t_old_uri = trim($_POST['t_old_uri']);
                 } else {
                     $t_old_uri = "";
                 }
                 if ($valid) {
                     if (forum_links_update_link($lid, $t_title, $t_uri)) {
                         admin_add_log_entry(EDIT_FORUM_LINKS, array($lid, $t_title));
                         header_redirect("admin_forum_links.php?webtag={$webtag}&page={$page}&edited=true");
                     } else {
                         $error_msg_array[] = sprintf(gettext("Failed to update forum link '%s'"), $t_title);
                         $valid = false;
                     }
                 }
             }
         } else {
             if (isset($_POST['addlink'])) {
                 header_redirect("admin_forum_links.php?webtag={$webtag}&page={$page}&addlink=true");
                 exit;
             }
         }
     }
 }
Beispiel #16
0
             $old_ban_data = trim($_POST['old_bandata']);
         } else {
             $old_ban_data = "";
         }
         if (isset($_POST['old_banexpires']) && strlen(trim($_POST['old_banexpires'])) > 0) {
             $old_ban_expires = trim($_POST['old_banexpires']);
         } else {
             $old_ban_expires = 0;
         }
         if ($valid) {
             $dup_ban_id = check_ban_data($ban_type, $ban_data);
             if (!$dup_ban_id || $dup_ban_id == $ban_id) {
                 if (update_ban_data($ban_id, $ban_type, $ban_data, $ban_comment, $ban_expires)) {
                     if ($ban_type != $old_ban_type || $ban_data != $old_ban_data || $ban_expires != $old_ban_expires) {
                         $log_data = array($ban_id, $ban_type, $ban_data, $old_ban_type, $old_ban_data, $old_ban_expires);
                         admin_add_log_entry(UPDATED_BAN, $log_data);
                     }
                     header_redirect("admin_banned.php?webtag={$webtag}&edited=true");
                     exit;
                 }
             } else {
                 $error_msg_array[] = gettext("Duplicate ban data entered. Please check your wildcards to see if they already match the data entered");
                 $valid = false;
             }
         }
     }
 } else {
     if (isset($_POST['addban'])) {
         $redirect = "admin_banned.php?webtag={$webtag}&addban=true";
         header_redirect($redirect);
         exit;
         $psid = $_POST['psid'];
     } else {
         $error_msg_array[] = gettext("Must specify a profile section ID");
         $valid = false;
     }
     if (isset($_POST['t_name_new']) && strlen(trim($_POST['t_name_new'])) > 0) {
         $t_new_name = trim($_POST['t_name_new']);
     } else {
         $error_msg_array[] = gettext("Must specify a profile section name");
         $valid = false;
     }
     if ($valid) {
         if (profile_section_update($psid, $t_new_name)) {
             $t_section_name = profile_section_get_name($psid);
             if ($t_new_name != $t_section_name) {
                 admin_add_log_entry(CHANGE_PROFILE_SECT, array($t_section_name, $t_new_name));
             }
             header_redirect("admin_prof_sect.php?webtag={$webtag}&edited=true");
             exit;
         }
     }
 } else {
     if (isset($_POST['addsection'])) {
         $redirect = "admin_prof_sect.php?webtag={$webtag}&page={$page}&addsection=true";
         header_redirect($redirect);
         exit;
     } else {
         if (isset($_POST['viewitems']) && is_array($_POST['viewitems'])) {
             list($psid) = array_keys($_POST['viewitems']);
             $redirect = "admin_prof_items.php?webtag={$webtag}&psid={$psid}&sect_page={$page}";
             header_redirect($redirect);
Beispiel #18
0
        }
        if ((session::get_value('UID') != $preview_message['FROM_UID'] || session::check_perm(USER_PERM_PILLORIED, 0)) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
            post_edit_refuse($tid, $pid);
        }
        if (forum_get_setting('require_post_approval', 'Y') && isset($preview_message['APPROVED']) && $preview_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
            post_edit_refuse($tid, $pid);
        }
    } else {
        html_draw_error(gettext("That post does not exist in this thread!"));
    }
}
if (isset($_POST['delete']) && is_numeric($tid) && is_numeric($pid)) {
    if (post_delete($tid, $pid)) {
        post_add_edit_text($tid, $pid);
        if (session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid) && $preview_message['FROM_UID'] != session::get_value('UID')) {
            admin_add_log_entry(DELETE_POST, array($t_fid, $tid, $pid));
        }
        if ($thread_data['LENGTH'] > 1) {
            header_redirect("discussion.php?webtag={$webtag}&msg={$msg}&delete_success={$msg}");
            exit;
        } else {
            header_redirect("discussion.php?webtag={$webtag}&delete_success={$msg}");
            exit;
        }
    } else {
        $error_msg_array[] = gettext("Error deleting post");
    }
}
html_draw_top(sprintf("title=%s", gettext("Delete Message")), "post.js", "resize_width=720", "basetarget=_blank", 'class=window_title');
echo "<h1>", gettext("Delete Message"), " {$tid}.{$pid}</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
        $page = $_POST['page'] > 0 ? $_POST['page'] : 1;
    } else {
        $page = 1;
    }
}
// Array to hold error messages
$error_msg_array = array();
// Delete folders.
if (isset($_POST['delete'])) {
    $valid = true;
    if (isset($_POST['t_delete']) && is_array($_POST['t_delete'])) {
        foreach ($_POST['t_delete'] as $fid => $delete_folder) {
            if ($valid && $delete_folder == "Y" && ($folder_data = folder_get($fid))) {
                if ($folder_data['THREAD_COUNT'] < 1) {
                    if (folder_delete($fid)) {
                        admin_add_log_entry(DELETE_FOLDER, array($folder_data['TITLE']));
                    } else {
                        $error_msg_array[] = gettext("Failed to delete folder.");
                        $valid = false;
                    }
                } else {
                    $error_msg_array[] = gettext("Cannot delete folders that still contain threads.");
                    $valid = false;
                }
            }
        }
        if ($valid) {
            header_redirect("admin_folders.php?webtag={$webtag}&page={$page}&deleted=true");
            exit;
        }
    }
    }
} else {
    $sort_dir = "ASC";
}
if (isset($_GET['page']) && is_numeric($_GET['page'])) {
    $page = $_GET['page'] > 0 ? $_GET['page'] : 1;
} else {
    $page = 1;
}
if (isset($_POST['delete'])) {
    $valid = true;
    if (isset($_POST['delete_group']) && is_array($_POST['delete_group'])) {
        foreach ($_POST['delete_group'] as $gid) {
            if ($group_name = perm_get_group_name($gid)) {
                if (perm_remove_group($gid)) {
                    admin_add_log_entry(DELETE_USER_GROUP, array($group_name));
                } else {
                    $error_msg_array[] = sprintf(gettext("Failed to delete group %s"), $group_name);
                    $valid = false;
                }
            }
        }
        if ($valid) {
            header_redirect("admin_user_groups.php?webtag={$webtag}&deleted=true");
            exit;
        }
    }
}
html_draw_top(sprintf('title=%s', gettext("Admin - User Groups")), 'class=window_title');
$user_groups_array = perm_get_user_groups($page, $sort_by, $sort_dir);
echo "<h1>", gettext("Admin"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("User Groups"), "</h1>\n";
            if (!perm_user_in_group($uid, $gid)) {
                perm_add_user_to_group($uid, $gid);
                if (($user_logon = user_get_logon($uid)) && ($group_name = perm_get_group_name($gid))) {
                    admin_add_log_entry(ADD_USER_TO_GROUP, array($user_logon, $group_name));
                }
            }
        }
    }
}
if (isset($_POST['remove'])) {
    if (isset($_POST['remove_user']) && is_array($_POST['remove_user'])) {
        foreach ($_POST['remove_user'] as $uid) {
            if (perm_user_in_group($uid, $gid)) {
                perm_remove_user_from_group($uid, $gid);
                if (($user_logon = user_get_logon($uid)) && ($group_name = perm_get_group_name($gid))) {
                    admin_add_log_entry(REMOVE_USER_FROM_GROUP, array($user_logon, $group_name));
                }
            }
        }
    }
}
if (!($group = perm_get_group($gid))) {
    html_draw_error(gettext("Supplied GID is not a user group"), 'admin_user_groups.php', 'get', array('back' => gettext("Back")));
}
html_draw_top(array('title' => sprintf(gettext('Admin - Manage User Groups - %s - Add/Remove Users'), $group['GROUP_NAME']), 'class' => 'window_title', 'main_css' => 'admin.css'));
$group_users_array = perm_group_get_users($gid, $start_main);
echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Manage User Groups"), html_style_image('separator'), "{$group['GROUP_NAME']}", html_style_image('separator'), "", gettext("Add/Remove Users"), "</h1>\n";
if (isset($_GET['added'])) {
    html_display_success_msg(gettext("Successfully added group. Add users to this group by searching for them below."), '800', 'center');
} else {
    if (sizeof($group_users_array['user_array']) < 1) {
            } else {
                $new_forum_settings['searchbots_show_active'] = "N";
            }
            if (isset($_POST['guest_account_enabled']) && $_POST['guest_account_enabled'] == "Y") {
                $new_forum_settings['guest_account_enabled'] = "Y";
            } else {
                $new_forum_settings['guest_account_enabled'] = "N";
            }
            if (isset($_POST['guest_show_recent']) && $_POST['guest_show_recent'] == "Y") {
                $new_forum_settings['guest_show_recent'] = "Y";
            } else {
                $new_forum_settings['guest_show_recent'] = "N";
            }
            if ($valid) {
                if (forum_save_settings($new_forum_settings)) {
                    admin_add_log_entry(EDIT_FORUM_SETTINGS, array($new_forum_settings['forum_name']));
                    header_redirect("admin_forum_settings.php?webtag={$webtag}&updated=true");
                } else {
                    $valid = false;
                    $error_msg_array[] = gettext("Failed to update forum settings. Please try again later.");
                }
            }
        }
    }
}
html_draw_top(array('title' => gettext('Admin - Forum Settings'), 'class' => 'window_title', 'js' => array('js/emoticons.js', 'ckeditor/ckeditor.js'), 'main_css' => 'admin.css'));
echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Forum Settings"), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
    html_display_error_array($error_msg_array, '700', 'center');
} else {
    if (isset($_GET['updated'])) {
Beispiel #23
0
                     $t_post_html = (double) isset($_POST['t_post_html'][$fid]) ? $_POST['t_post_html'][$fid] : 0;
                     $t_post_sig = (double) isset($_POST['t_post_sig'][$fid]) ? $_POST['t_post_sig'][$fid] : 0;
                     $t_post_approval = (double) isset($_POST['t_post_approval'][$fid]) ? $_POST['t_post_approval'][$fid] : 0;
                     $new_user_perms = (double) $t_post_read | $t_post_create | $t_thread_create;
                     $new_user_perms = (double) $new_user_perms | $t_post_edit | $t_post_delete;
                     $new_user_perms = (double) $new_user_perms | $t_moderator | $t_post_attach;
                     $new_user_perms = (double) $new_user_perms | $t_post_html | $t_post_sig | $t_post_approval;
                     if ($new_user_perms != $folder_array[$fid]['STATUS']) {
                         if (!perm_update_user_folder_perms($uid, $fid, $new_user_perms)) {
                             $error_msg_array[] = gettext("Failed to update folder access settings");
                             $valid = false;
                         }
                     }
                 }
                 if ($valid) {
                     admin_add_log_entry(USER_FOLDER_PERMS_CHANGED, array($user['LOGON']));
                 }
             }
             // Confirmation email
             if (isset($_POST['t_confirm_email']) && $_POST['t_confirm_email'] == 'resend') {
                 if (!email_send_user_confirmation($uid)) {
                     $error_msg_array[] = gettext("Failed to resend Email confirmation to user.");
                     $valid = false;
                 }
             }
         }
         if ($valid) {
             $success_html = gettext("Updates saved successfully");
         }
     }
 }
function attachments_delete_thumbnail($hash)
{
    if (!is_md5($hash)) {
        return false;
    }
    if (!($db = db::get())) {
        return false;
    }
    if (!isset($_SESSION['UID']) || !is_numeric($_SESSION['UID'])) {
        return false;
    }
    if (!($attachment_dir = attachments_check_dir())) {
        return false;
    }
    $sql = "SELECT PAF.AID, PAF.UID, PAF.FILENAME, PAI.TID, ";
    $sql .= "PAI.PID FROM POST_ATTACHMENT_FILES PAF ";
    $sql .= "LEFT JOIN POST_ATTACHMENT_IDS PAI ON (PAI.AID = PAF.AID) ";
    $sql .= "WHERE PAF.HASH = '{$hash}'";
    if (!($result = $db->query($sql))) {
        return false;
    }
    if ($result->num_rows == 0) {
        return false;
    }
    $attachment_data = $result->fetch_assoc();
    if (!isset($attachment_data['FID'])) {
        $attachment_data['FID'] = 0;
    }
    if (!($attachment_data['UID'] == $_SESSION['UID'] || session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']))) {
        return false;
    }
    if (isset($attachment_data['TID']) && isset($attachment_data['PID'])) {
        post_add_edit_text($attachment_data['TID'], $attachment_data['PID']);
        if (session::check_perm(USER_PERM_FOLDER_MODERATE, $attachment_data['FID']) && $attachment_data['UID'] != $_SESSION['UID']) {
            $log_data = array($attachment_data['TID'], $attachment_data['PID'], $attachment_data['FILENAME']);
            admin_add_log_entry(ATTACHMENTS_DELETE, $log_data);
        }
    }
    @unlink("{$attachment_dir}/{$hash}.thumb");
    return true;
}
Beispiel #25
0
         }
         if (isset($_POST['title']) && strlen(trim($_POST['title'])) > 0) {
             $title = trim($_POST['title']);
         } else {
             $error_msg_array[] = gettext("You must specify a name!");
             $valid = false;
         }
         if (isset($_POST['description']) && strlen(trim($_POST['description'])) > 0) {
             $description = trim($_POST['description']);
         } else {
             $description = "";
         }
         if ($valid) {
             links_update($lid, $fid, $_SESSION['UID'], $title, $uri, $description);
             if (session::check_perm(USER_PERM_FOLDER_MODERATE, 0) && $link['UID'] != $_SESSION['UID']) {
                 admin_add_log_entry(DELETE_LINK, array($lid));
             }
             header_redirect("links_detail.php?webtag={$webtag}&lid={$lid}&fid={$fid}");
         }
     }
     if ($user_perm_links_moderate || $link['UID'] == $_SESSION['UID']) {
         if (isset($_POST['hide']) && $_POST['hide'] == "confirm") {
             links_change_visibility($lid, false);
         } else {
             if (!isset($_POST['hide']) || isset($_POST['hide']) && $_POST['hide'] != "confirm") {
                 links_change_visibility($lid, true);
             }
         }
         header_redirect("links_detail.php?webtag={$webtag}&lid={$lid}&fid={$fid}");
     }
 }
Beispiel #26
0
function admin_delete_user($uid, $delete_content = false)
{
    if (!($db = db::get())) {
        return false;
    }
    if (!is_numeric($uid)) {
        return false;
    }
    if (!is_bool($delete_content)) {
        $delete_content = false;
    }
    $current_datetime = date(MYSQL_DATETIME, time());
    // Mark as read cut off
    $modified_cutoff_datetime = forum_get_unread_cutoff_datetime();
    // UID of current user
    if (!isset($_SESSION['UID']) || !is_numeric($_SESSION['UID'])) {
        return false;
    }
    // Before we delete we verify the user account exists and that
    // the user is not the current user account.
    if (($user_logon = user_get_logon($uid)) && $_SESSION['UID'] != $uid) {
        // Check to see if we're also deleting the user's content.
        if ($delete_content === true) {
            // Get a list of available forums
            if (($forum_table_prefix_array = forum_get_all_prefixes()) !== false) {
                // Loop through all forums and delete all the user data from every forum.
                foreach ($forum_table_prefix_array as $forum_table_prefix) {
                    // Delete log entries created by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}ADMIN_LOG` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Links created by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Link Votes made by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS_VOTE` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Link Comments made by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}LINKS_COMMENT` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Poll Votes made by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_POLL_VOTES` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Relationship data for the user and relationships
                    // with this user made by other users.
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PEER` WHERE UID = '{$uid}' OR PEER_UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete folder preferences set by the user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_FOLDER` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete User's Preferences
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PREFS` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete User's Profile.
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_PROFILE` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete User's Signature
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_SIG` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete User's Thread Read Data
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_THREAD` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete User's Tracking data (Post Count, etc.)
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}USER_TRACK` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Word Filter Entries made by user
                    $sql = "DELETE QUICK FROM `{$forum_table_prefix}WORD_FILTER` WHERE UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete Polls created by user
                    $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}THREAD` SET POLL_FLAG = 'N', ";
                    $sql .= "MODIFIED = IF(MODIFIED < CAST('{$modified_cutoff_datetime}' AS DATETIME), ";
                    $sql .= "MODIFIED, CAST('{$current_datetime}' AS DATETIME)) WHERE BY_UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete threads started by the user where
                    // the thread only contains a single post.
                    $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}THREAD` SET DELETED = 'Y', ";
                    $sql .= "MODIFIED = IF(MODIFIED < CAST('{$modified_cutoff_datetime}' AS DATETIME), ";
                    $sql .= "MODIFIED, CAST('{$current_datetime}' AS DATETIME)) WHERE BY_UID = '{$uid}' ";
                    $sql .= "AND LENGTH = 1";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Delete content of posts made by this user
                    $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}POST_CONTENT` POST_CONTENT ";
                    $sql .= "LEFT JOIN `{$forum_table_prefix}POST` POST ON (POST.TID = POST_CONTENT.TID ";
                    $sql .= "AND POST.PID = POST_CONTENT.PID) SET POST_CONTENT.CONTENT = NULL ";
                    $sql .= "WHERE POST.FROM_UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                    // Mark posts made by this user as approved so they don't appear in the
                    // approval queue.
                    $sql = "UPDATE LOW_PRIORITY `{$forum_table_prefix}POST` ";
                    $sql .= "SET APPROVED = CAST('{$current_datetime}' AS DATETIME), ";
                    $sql .= "APPROVED_BY = '{$_SESSION['UID']}' WHERE FROM_UID = '{$uid}'";
                    if (!$db->query($sql)) {
                        return false;
                    }
                }
            }
            // Delete User Group Entries related to this user.
            $sql = "DELETE QUICK FROM GROUP_USERS WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Remove all PM_TYPE records
            $sql = "DELETE QUICK FROM PM_TYPE WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Remove all PM_RECIPIENT records
            $sql = "DELETE QUICK FROM PM_RECIPIENT WHERE TO_UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete any PMs from this user.
            $sql = "DELETE QUICK FROM PM WHERE FROM_UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Remove any PMs that have no recipients.
            $sql = "DELETE QUICK FROM PM, PM_CONTENT USING PM ";
            $sql .= "LEFT JOIN PM_CONTENT ON (PM_CONTENT.MID = PM.MID) ";
            $sql .= "LEFT JOIN PM_RECIPIENT ON (PM_RECIPIENT.MID = PM.MID) ";
            $sql .= "LEFT JOIN PM_TYPE ON (PM_TYPE.MID = PM.MID) ";
            $sql .= "WHERE PM_TYPE.MID IS NULL OR PM_RECIPIENT.MID IS NULL";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete all the attachments uploaded by the user.
            $sql = "SELECT HASH FROM POST_ATTACHMENT_FILES WHERE UID = '{$uid}'";
            if (!($result = $db->query($sql))) {
                return false;
            }
            while (($attachment_data = $result->fetch_assoc()) !== null) {
                attachments_delete($attachment_data['HASH']);
            }
            // Delete User's PM Search Results
            $sql = "DELETE QUICK FROM PM_SEARCH_RESULTS WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Attachments (doesn't remove the physical files).
            $sql = "DELETE QUICK FROM POST_ATTACHMENT_FILES WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Search Results.
            $sql = "DELETE QUICK FROM SEARCH_RESULTS WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Sessions
            $sql = "DELETE QUICK FROM SESSIONS WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Forum Preferences and Permissions
            $sql = "DELETE QUICK FROM USER_FORUM WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's History Data (Logon, Nickname, Email address changes)
            $sql = "DELETE QUICK FROM USER_HISTORY WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Global Preferences
            $sql = "DELETE QUICK FROM USER_PERM WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Global Preferences
            $sql = "DELETE QUICK FROM USER_PREFS WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Delete User's Visitor Log Data
            $sql = "DELETE QUICK FROM VISITOR_LOG WHERE UID = '{$uid}'";
            if (!$db->query($sql)) {
                return false;
            }
            // Add a log entry to show what we've done.
            admin_add_log_entry(DELETE_USER_DATA, array($uid, $user_logon));
        }
        // Delete the User account.
        $sql = "DELETE QUICK FROM USER WHERE UID = '{$uid}'";
        if (!$db->query($sql)) {
            return false;
        }
        // Add a log entry to show what we've done.
        admin_add_log_entry(DELETE_USER, array($user_logon));
        return true;
    }
    return false;
}