public function process()
{
if (!$this->content['blogtextid'] or !vB::$vbulletin->products['vbblog']) {
return true;
}
if (vB::$vbulletin->userinfo['userid']) {
$fields = ", ignored.relationid AS b_ignoreid, buddy.relationid AS b_buddyid";
$joins = "\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = user.userid AND ignored.relationid = " . vB::$vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = user.userid AND buddy.relationid = " . vB::$vbulletin->userinfo['userid'] . " AND buddy.type = 'buddy')\n\t\t\t";
}
$catsql = $this->fetchCategoryPermissions();
$comments = vB::$db->query_read_slave("\n\t\t\tSELECT\n\t\t\t\tIF (bu.title <> '', bu.title, user.username) AS b_blog_title, bt.pagetext AS bt_pagetext, blog.postedby_userid, bt.username AS bt_username,\n\t\t\t\tbt.blogid AS bt_blogid, bt.blogtextid AS bt_blogtextid, bt.title AS bt_title, bt.state AS bt_state, bt.userid AS bt_userid, fp.pagetext AS b_pagetext,\n\t\t\t\tblog.blogid AS b_blogid, blog.title AS b_title, blog.userid AS b_userid, blog.state AS b_state, blog.options AS b_options, blog.views AS b_views, blog.comments_visible AS b_comments_visible,\n\t\t\t\tbu.options_member AS b_options_member, bu.options_guest AS b_options_guest, bu.options_buddy AS b_options_buddy, options_ignore AS b_options_ignore, bu.memberids AS b_memberids, bu.memberblogids AS b_memberblogids,\n\t\t\t\tuser.username AS b_username, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS b_displaygroupid, user.infractiongroupid AS b_infractiongroupid, user.usergroupid AS b_usergroupid, user.membergroupids AS b_membergroupids\n\t\t\t\t{$fields}\n\t\t\tFROM " . TABLE_PREFIX . "blog_text AS bt\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = bt.blogid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = blog.userid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = blog.userid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_text AS fp ON (fp.blogtextid = blog.firstblogtextid)\n\t\t\t{$joins}\n\t\t\t{$catsql['joinsql']}\n\t\t\tWHERE\n\t\t\t\tbt.blogtextid IN (" . implode(",", array_keys($this->content['blogtextid'])) . ")\n\t\t\t\t\tAND\n\t\t\t\tblog.pending = 0\n\t\t\t\t{$catsql['wheresql']}\n\t\t");
while ($comment = vB::$db->fetch_array($comments)) {
$this->content['blogtext'][$comment['blogtextid']] = $comment;
unset($this->content['blogid'][$comment['bt_blogid']]);
$this->content['blogtext'][$comment['bt_blogtextid']] = $this->parse_array($comment, 'bt_');
$this->content['userid'][$comment['bt_userid']] = 1;
if (!$this->content['blog'][$comment['b_blogid']]) {
$this->content['blog'][$comment['b_blogid']] = $this->parse_array($comment, 'b_');
cache_permissions($this->content['blog'][$comment['b_blogid']], false);
$this->content['userid'][$comment['b_userid']] = 1;
$this->content['userid'][$comment['postedby_userid']] = 1;
}
}
$this->content['blogtextid'] = array();
}
private function construct_category($userinfo, $type = 'global')
{
global $vbulletin;
require_once DIR . '/includes/blog_functions_category.php';
if (!$userinfo['permissions']) {
cache_permissions($userinfo, false);
}
if (!isset($vbulletin->vbblog['categorycache']["{$userinfo['userid']}"])) {
fetch_ordered_categories($userinfo['userid']);
}
if (empty($vbulletin->vbblog['categorycache']["{$userinfo['userid']}"])) {
return;
}
if ($userinfo['userid'] != $vbulletin->userinfo['userid']) {
$cantusecats = array_unique(array_merge($userinfo['blogcategorypermissions']['cantpost'], $vbulletin->userinfo['blogcategorypermissions']['cantpost'], $userinfo['blogcategorypermissions']['cantview'], $vbulletin->userinfo['blogcategorypermissions']['cantview']));
} else {
$cantusecats = array_unique(array_merge($userinfo['blogcategorypermissions']['cantpost'], $userinfo['blogcategorypermissions']['cantview']));
}
$result = array();
foreach ($vbulletin->vbblog['categorycache']["{$userinfo['userid']}"] as $blogcategoryid => $category) {
if (!($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_cancreatecategory']) and $category['userid']) {
continue;
} else {
if (in_array($blogcategoryid, $cantusecats)) {
continue;
} else {
if ($type == 'global' and $category['userid'] != 0 or $type == 'local' and $category['userid'] == 0) {
continue;
}
}
}
$result[] = array('blogcategoryid' => $category['blogcategoryid'], 'category' => array('title' => $category['title']));
}
return $result;
}
function RegisterService($who)
{
global $db, $vbulletin, $server;
$result = array();
if (!$vbulletin->options['vbb_serviceonoff']) {
$result['Code'] = 1;
$result['Text'] = 'vbb_service_turned_off';
} else {
if ($vbulletin->options['vbb_servicepw'] != $_SERVER['PHP_AUTH_PW']) {
$result['Code'] = 1;
$result['Text'] = 'vbb_invalid_servicepw';
} else {
$userid = fetch_userid_by_service($who['ServiceName'], $who['Username']);
if (empty($userid) || $userid <= 0) {
$result['Code'] = 1;
$result['Text'] = 'invalid_user';
} else {
unset($vbulletin->userinfo);
$vbulletin->userinfo =& fetch_userinfo($userid);
$permissions = cache_permissions($vbulletin->userinfo);
$vbulletin->options['hourdiff'] = (date('Z', TIMENOW) / 3600 - $vbulletin->userinfo['timezoneoffset']) * 3600;
fetch_options_overrides($vbulletin->userinfo);
fetch_time_data();
// everything is ok
$result['Code'] = 0;
}
}
}
return $result;
}
protected function fetchCanViewAlbum($albumid)
{
if (!$this->fetchCanViewAlbums() or !($album = $this->content['album'][$albumid])) {
return false;
}
if (!($userinfo = $this->content['user'][$album['userid']])) {
return false;
}
cache_permissions($userinfo, false);
if (!can_moderate(0, 'caneditalbumpicture') and !($userinfo['permissions']['albumpermissions'] & vB::$vbulletin->bf_ugp_albumpermissions['canalbum'])) {
return false;
}
if (!can_view_profile_section($album['userid'], 'albums')) {
// private album that we can not see
return false;
}
require_once DIR . '/includes/functions_album.php';
if ($album['state'] == 'private' and !can_view_private_albums($album['userid'], $album['buddy'])) {
// private album that we can not see
return false;
} else {
if ($album['state'] == 'profile' and !can_view_profile_albums($album['userid'])) {
// profile album that we can not see
return false;
}
}
return true;
}
function process_showgroups_userinfo($user)
{
global $vbulletin, $permissions, $stylevar, $show;
$user = array_merge($user, convert_bits_to_array($user['options'], $vbulletin->bf_misc_useroptions));
$user = array_merge($user, convert_bits_to_array($user['adminoptions'], $vbulletin->bf_misc_adminoptions));
cache_permissions($user, false);
fetch_online_status($user, true);
if (!$user['invisible'] or $permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehidden']) {
$user['lastonline'] = vbdate($vbulletin->options['dateformat'], $user['lastactivity'], 1);
} else {
$user['lastonline'] = ' ';
}
fetch_musername($user);
return $user;
}
function do_get_new_updates()
{
global $vbulletin;
require_once DIR . '/includes/functions_login.php';
$vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL));
if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) {
json_error(ERR_NO_PERMISSION);
}
$vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']);
$vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']);
if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['cookieuser'], true)) {
json_error(ERR_NO_PERMISSION);
}
// Don't save the session, we just want pm & marked thread info
process_new_login('', false, '');
// Since we are not saving the session, fetch our userinfo
$vbulletin->userinfo =& fetch_userinfo($vbulletin->userinfo['userid']);
cache_permissions($vbulletin->userinfo, true);
$sub_notices = get_sub_thread_updates();
fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']);
return array('pm_notices' => $vbulletin->userinfo['pmunread'], 'sub_notices' => $sub_notices);
}
function do_get_profile()
{
global $vbulletin;
$userinfo = vB_Api::instance('user')->fetchUserInfo();
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('userid' => vB_Cleaner::TYPE_UINT));
if (!$userinfo['userid'] && !$cleaned['userid']) {
return json_error(ERR_INVALID_LOGGEDIN, RV_NOT_LOGGED_IN);
}
if (!$cleaned['userid']) {
$cleaned['userid'] = $userinfo['userid'];
}
$profile = vB_Api::instance('user')->fetchProfileInfo($cleaned['userid']);
if (empty($profile)) {
return json_error(ERR_NO_PERMISSION);
}
$values = array();
foreach ($profile['customFields']['default'] as $name => $value) {
$value = $value['val'];
if ($value === null) {
$value = '';
}
$values[] = array('name' => (string) new vB_Phrase('cprofilefield', $name), 'value' => $value);
}
$groups = array();
$groups[] = array('name' => 'about', 'values' => $values);
$out = array('username' => prepare_utf8_string($profile['username']), 'joindate' => prepare_utf8_string(fr_date($profile['joindate'])), 'posts' => $profile['posts'], 'online' => fr_get_user_online($profile['lastactivity']), 'avatar_upload' => $profile['canuseavatar'] ? true : false, 'groups' => $groups);
$avatarurl = vB_Library::instance('vb4_functions')->avatarUrl($cleaned['userid']);
if ($avatarurl) {
$out['avatarurl'] = $avatarurl;
}
cache_moderators();
cache_permissions($vbulletin->userinfo);
$canbanuser = ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or can_moderate(0, 'canbanusers'));
if ($canbanuser) {
$out['ban'] = true;
}
return $out;
}
/**
* Sets the user we're working with. Automatically sets permissions as well.
*
* @param integer User to process
* @param boolean Whether to fetch existing CSS data
*
* @return boolean True on success
*/
function set_userid($userid, $fetch = true)
{
$userid = intval($userid);
if ($userid == $this->registry->userinfo['userid']) {
$this->userid = $userid;
$this->permissions = $this->registry->userinfo['permissions'];
} else {
if ($user = $this->dbobject->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = {$userid}")) {
$this->userid = $userid;
$this->permissions = cache_permissions($user, false);
} else {
global $vbphrase;
$this->error[] = fetch_error('invalidid', $vbphrase['user'], $this->registry->options['contactuslink']);
return false;
}
}
if ($fetch) {
$this->existing = $this->fetch_existing();
}
return true;
}
}
break;
// do move
// do move
case 'domove':
if (!can_moderate_calendar($calendarinfo['calendarid'], 'canmoveevents')) {
print_no_permission();
} else {
if (!($vbulletin->userinfo['calendarpermissions']["{$vbulletin->GPC['newcalendarid']}"] & $vbulletin->bf_ugp_calendarpermissions['canviewcalendar'])) {
print_no_permission();
}
// unsubscribe users who can't view the calendar that the event is now in
$users = $db->query_read("\n\t\t\t\t\tSELECT user.userid, usergroupid, membergroupids, infractiongroupids, IF(options & " . $vbulletin->bf_misc_useroptions['hasaccessmask'] . ", 1, 0) AS hasaccessmask\n\t\t\t\t\tFROM " . TABLE_PREFIX . "subscribeevent AS subscribeevent\n\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING (userid)\n\t\t\t\t\tWHERE eventid = {$eventinfo['eventid']}\n\t\t\t\t");
$deleteuser = '******';
while ($thisuser = $db->fetch_array($users)) {
cache_permissions($thisuser);
$userperms =& $thisuser['calendarpermissions']["{$vbulletin->GPC['newcalendarid']}"];
if ($userperms & $vbulletin->bf_ugp_calendarpermissions['canviewcalendar'] and ($eventinfo['userid'] == $thisuser['userid'] or $userperms & $vbulletin->bf_ugp_calendarpermissions['canviewothersevent'])) {
// don't delete
continue;
} else {
$deleteuser .= ',' . $thisuser['userid'];
}
}
if ($deleteuser) {
$query = "DELETE FROM " . TABLE_PREFIX . "subscribeevent WHERE eventid = {$eventinfo['eventid']} AND userid IN ({$deleteuser})";
$db->query_write($query);
}
// init event datamanager class
$eventdata =& datamanager_init('Event', $vbulletin, ERRTYPE_STANDARD);
$eventdata->verify_datetime = false;
$userinfo['userid'] != $vbulletin->userinfo['userid']
AND
!$userinfo['bbuser_iscontact_of_user']
)
{
// are you a contact?
print_no_permission();
}
require_once(DIR . '/includes/functions_user.php');
if (!can_view_profile_section($userinfo['userid'], 'visitor_messaging'))
{
print_no_permission();
}
cache_permissions($userinfo, false);
if ($userinfo['usergroupid'] == 4 AND !($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']))
{
print_no_permission();
}
$canpostmessage = (
$userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canviewmembers']
AND $vbulletin->userinfo['userid']
AND (
(
$vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmessageownprofile']
AND $vbulletin->userinfo['userid'] == $userinfo['userid']
)
OR (
/**
* Generates a Preview of a post
*
* @param array Information regarding the new post
* @param integer The User ID posting
* @param array Information regarding attachments
*
* @return string The Generated Preview
*
*/
function process_post_preview(&$newpost, $postuserid = 0, $attachmentinfo = NULL)
{
global $vbphrase, $checked, $rate, $previewpost, $stylevar, $foruminfo, $vbulletin, $show;
require_once DIR . '/includes/class_bbcode.php';
$bbcode_parser =& new vB_BbCodeParser($vbulletin, fetch_tag_list());
if ($attachmentinfo) {
$bbcode_parser->attachments =& $attachmentinfo;
}
$previewpost = 1;
$bbcode_parser->unsetattach = true;
$previewmessage = $bbcode_parser->parse($newpost['message'], $foruminfo['forumid'], iif($newpost['disablesmilies'], 0, 1));
$post = array('userid' => $postuserid ? $postuserid : $vbulletin->userinfo['userid']);
if (!empty($attachmentinfo)) {
require_once DIR . '/includes/class_postbit.php';
$post['attachments'] =& $attachmentinfo;
$postbit_factory =& new vB_Postbit_Factory();
$postbit_factory->registry =& $vbulletin;
$postbit_factory->forum =& $foruminfo;
$postbit_obj =& $postbit_factory->fetch_postbit('post');
$postbit_obj->post =& $post;
$postbit_obj->process_attachments();
}
if ($post['userid'] != $vbulletin->userinfo['userid']) {
$fetchsignature = $vbulletin->db->query_first("\n\t\t\tSELECT signature\n\t\t\tFROM " . TABLE_PREFIX . "usertextfield\n\t\t\tWHERE userid = {$postuserid}\n\t\t");
$signature =& $fetchsignature['signature'];
} else {
$signature = $vbulletin->userinfo['signature'];
}
$show['signature'] = false;
if ($newpost['signature'] and trim($signature)) {
$userinfo = fetch_userinfo($post['userid'], FETCH_USERINFO_SIGPIC);
if ($post['userid'] != $vbulletin->userinfo['userid']) {
cache_permissions($userinfo, false);
} else {
$userinfo['permissions'] =& $vbulletin->userinfo['permissions'];
}
if ($userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canusesignature']) {
$bbcode_parser->set_parse_userinfo($userinfo);
$post['signature'] = $bbcode_parser->parse($signature, 'signature');
$bbcode_parser->set_parse_userinfo(array());
$show['signature'] = true;
}
}
if ($foruminfo['allowicons'] and $newpost['iconid']) {
if ($icon = $vbulletin->db->query_first_slave("\n\t\t\tSELECT title as title, iconpath\n\t\t\tFROM " . TABLE_PREFIX . "icon\n\t\t\tWHERE iconid = " . intval($newpost['iconid']) . "\n\t\t")) {
$newpost['iconpath'] = $icon['iconpath'];
$newpost['icontitle'] = $icon['title'];
}
} else {
if ($vbulletin->options['showdeficon'] != '') {
$newpost['iconpath'] = $vbulletin->options['showdeficon'];
$newpost['icontitle'] = $vbphrase['default'];
}
}
$show['messageicon'] = iif($newpost['iconpath'], true, false);
$show['errors'] = false;
($hook = vBulletinHook::fetch_hook('newpost_preview')) ? eval($hook) : false;
if ($previewmessage != '') {
eval('$postpreview = "' . fetch_template('newpost_preview') . "\";");
} else {
$postpreview = '';
}
construct_checkboxes($newpost);
if ($newpost['rating']) {
$rate["{$newpost['rating']}"] = ' ' . 'selected="selected"';
}
return $postpreview;
}
$limitlower = 1;
}
$getevents = $db->query_read_slave("\n\t\tSELECT event.*, IF(dateline_to = 0, 1, 0) AS singleday, user.username, user.options, user.adminoptions, user.usergroupid, user.membergroupids, user.infractiongroupids, IF(options & " . $vbulletin->bf_misc_useroptions['hasaccessmask'] . ", 1, 0) AS hasaccessmask,\n\t\t\tsubscribeevent.reminder, subscribeevent.subscribeeventid\n\t\t\t" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight, customavatar.width_thumb AS avwidth_thumb, customavatar.height_thumb AS avheight_thumb, filedata_thumb, NOT ISNULL(customavatar.userid) AS hascustom" : "") . "\n\t\tFROM " . TABLE_PREFIX . "subscribeevent AS subscribeevent\n\t\tLEFT JOIN " . TABLE_PREFIX . "event AS event ON (subscribeevent.eventid = event.eventid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (event.userid = user.userid)\n\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\tWHERE\n\t\t\tsubscribeevent.userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\tAND\n\t\t\tevent.visible = 1\n\t\tORDER BY\n\t\t\t{$sqlsortfield} {$sortorder}\n\t\tLIMIT " . ($limitlower - 1) . ", {$perpage}\n\t");
$itemcount = ($pagenumber - 1) * $perpage;
$first = $itemcount + 1;
if ($db->num_rows($getevents)) {
$show['haveevents'] = true;
while ($event = $db->fetch_array($getevents)) {
if (empty($reminders["{$event['reminder']}"])) {
$event['reminder'] = 3600;
}
$event['reminder'] = $vbphrase[$reminders[$event['reminder']]];
$offset = $event['dst'] ? $vbulletin->userinfo['timezoneoffset'] : $vbulletin->userinfo['tzoffset'];
$event = array_merge($event, convert_bits_to_array($event['options'], $vbulletin->bf_misc_useroptions));
$event = array_merge($event, convert_bits_to_array($event['adminoptions'], $vbulletin->bf_misc_adminoptions));
cache_permissions($event, false);
fetch_avatar_from_userinfo($event, true);
$event['dateline_from_user'] = $event['dateline_from'] + $offset * 3600;
$event['dateline_to_user'] = $event['dateline_to'] + $offset * 3600;
$event['preview'] = htmlspecialchars_uni(strip_bbcode(fetch_trimmed_title(strip_quotes($event['event']), 300), false, true));
$event = fetch_event_date_time($event);
$event['calendar'] = $calendarcache["{$event['calendarid']}"];
$show['singleday'] = !empty($event['singleday']) ? true : false;
($hook = vBulletinHook::fetch_hook('calendar_viewreminder_event')) ? eval($hook) : false;
$oppositesort = $sortorder == 'asc' ? 'desc' : 'asc';
$templater = vB_Template::create('calendar_reminder_eventbit');
$templater->register('date1', $date1);
$templater->register('date2', $date2);
$templater->register('daterange', $daterange);
$templater->register('event', $event);
$templater->register('eventdate', $eventdate);
/**
* Process note as if a registered user posted
*/
function process_registered_user()
{
global $show, $vbphrase;
fetch_musername($this->message);
$this->message['onlinestatus'] = 0;
// now decide if we can see the user or not
if ($this->message['lastactivity'] > (TIMENOW - $this->registry->options['cookietimeout']) AND $this->message['lastvisit'] != $this->message['lastactivity'])
{
if ($this->message['invisible'])
{
if (($this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canseehidden']) OR $this->message['userid'] == $this->registry->userinfo['userid'])
{
// user is online and invisible BUT bbuser can see them
$this->message['onlinestatus'] = 2;
}
}
else
{
// user is online and visible
$this->message['onlinestatus'] = 1;
}
}
if (!isset($this->factory->perm_cache["{$this->message['userid']}"]))
{
$this->factory->perm_cache["{$this->message['userid']}"] = cache_permissions($this->message, false);
}
if ( // no avatar defined for this user
empty($this->message['avatarurl'])
OR // visitor doesn't want to see avatars
($this->registry->userinfo['userid'] > 0 AND !$this->registry->userinfo['showavatars'])
OR // user has a custom avatar but no permission to display it
(!$this->message['avatarid'] AND !($this->factory->perm_cache["{$this->message['userid']}"]['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canuseavatar']) AND !$this->message['adminavatar']) //
)
{
$show['avatar'] = false;
}
else
{
$show['avatar'] = true;
}
$show['emaillink'] = (
$this->message['showemail'] AND $this->registry->options['displayemails'] AND (
!$this->registry->options['secureemail'] OR (
$this->registry->options['secureemail'] AND $this->registry->options['enableemail']
)
) AND $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canemailmember']
AND $this->registry->userinfo['userid']
);
$show['homepage'] = ($this->message['homepage'] != '' AND $this->message['homepage'] != 'http://');
$show['pmlink'] = ($this->registry->options['enablepms'] AND $this->registry->userinfo['permissions']['pmquota'] AND ($this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']
OR ($this->message['receivepm'] AND $this->factory->perm_cache["{$this->userinfo['userid']}"]['pmquota'])
)) ? true : false;
}
/**
* Sends email notifications for discussions.
*
* @param int $discussion - The discussion being updated
* @param int $messageid - Id of the message that triggered the update
* @param string $postusername - Optional username displayed on post
*/
function exec_send_sg_notification($discussionid, $gmid = false, $postusername = false)
{
global $vbulletin;
if (!$vbulletin->options['enableemail']) {
return;
}
$discussion = fetch_socialdiscussioninfo($discussionid);
// if there are no subscribers, no need to send notifications
if (!$discussion['subscribers']) {
return;
}
// if the discussion is moderated or deleted, don't send notification
if ('deleted' == $discussion['state'] or 'moderation' == $discussion['state']) {
return;
}
$group = fetch_socialgroupinfo($discussion['groupid']);
if (!$gmid) {
// get last gmid from discussion
$gmid = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(gmid) AS gmid\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND state = 'visible'\n\t\t");
$gmid = $gmid['gmid'];
}
// get message details
$gmessage = fetch_groupmessageinfo($gmid);
if (!$gmessage) {
return;
}
// get post time of previous message - if a user hasn't been active since then we won't resend a notification
$lastposttime = ($lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND dateline < {$gmessage['dateline']}\n\t\t\t\tAND state = 'visible'\n\t")) ? $lastposttime['dateline'] : $gmessage['dateline'];
$discussion['title'] = unhtmlspecialchars($discussion['title']);
$group['name'] = unhtmlspecialchars($group['name']);
// temporarily use postusername in userinfo
if (!$postusername) {
// get current user name if user exists
if ($gmessage['postuserid'] and $userinfo = fetch_userinfo($gmessage['postuserid'])) {
$postusername = $userinfo['username'];
} else {
$postusername = $gmessage['postusername'];
}
}
$postusername = unhtmlspecialchars($postusername);
$userid = $gmessage['postuserid'];
($hook = vBulletinHook::fetch_hook('newpost_sg_notification_start')) ? eval($hook) : false;
$useremails = $vbulletin->db->query_read_slave("\n\t\tSELECT user.*, subscribediscussion.emailupdate, subscribediscussion.subscribediscussionid, IF(socialgroupmember.userid IS NOT NULL,1,0) ismember\n\t\tFROM " . TABLE_PREFIX . "subscribediscussion AS subscribediscussion\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (subscribediscussion.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember ON (socialgroupmember.userid = user.userid AND socialgroupmember.groupid = {$group['groupid']})\n\t\tWHERE subscribediscussion.discussionid = {$discussion['discussionid']}\n\t\t AND subscribediscussion.emailupdate = 1\n\t\t AND " . ($gmessage['postuserid'] ? " CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE ' " . intval($userid) . " '" : '') . "\n\t\t AND user.usergroupid <> 3\n\t\t AND user.userid <> " . intval($userid) . "\n\t\t AND user.lastactivity >= " . intval($lastposttime) . "\n\t\t AND (usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\n\t");
vbmail_start();
// parser for plaintexting the message pagetext
require_once DIR . '/includes/class_bbcode_alt.php';
$plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list());
$pagetext_cache = array();
// used to cache the results per languageid for speed
$evalemail = array();
while ($touser = $vbulletin->db->fetch_array($useremails)) {
// check user can view discussion
$permissions = cache_permissions($touser, false);
if (!($vbulletin->usergroupcache["{$touser['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']) or !($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview']) or !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canviewgroups']) or $group['options'] & $vbulletin->bf_misc_socialgroupoptions['join_to_view'] and !$touser['ismember'] and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayscreatediscussion']) and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayspostmessage'])) {
continue;
}
$touser['username'] = unhtmlspecialchars($touser['username']);
$touser['languageid'] = iif($touser['languageid'] == 0, $vbulletin->options['languageid'], $touser['languageid']);
$touser['auth'] = md5($touser['userid'] . $touser['subscribediscussionid'] . $touser['salt'] . COOKIE_SALT);
if (empty($evalemail)) {
$email_texts = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT text, languageid, fieldname\n\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify_discussion'\n\t\t\t");
while ($email_text = $vbulletin->db->fetch_array($email_texts)) {
$emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text'];
}
require_once DIR . '/includes/functions_misc.php';
foreach ($emails as $languageid => $email_text) {
// lets cycle through our array of notify phrases
$text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
$text_message = replace_template_variables($text_message);
$text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
$text_subject = replace_template_variables($text_subject);
$evalemail["{$languageid}"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
}
// parse the page text into plain text, taking selected language into account
if (!isset($pagetext_cache["{$touser['languageid']}"])) {
$plaintext_parser->set_parsing_language($touser['languageid']);
$pagetext_cache["{$touser['languageid']}"] = $plaintext_parser->parse($gmessage['pagetext']);
}
$pagetext = $pagetext_cache["{$touser['languageid']}"];
($hook = vBulletinHook::fetch_hook('new_sg_message_notification_message')) ? eval($hook) : false;
eval(iif(empty($evalemail["{$touser['languageid']}"]), $evalemail["-1"], $evalemail["{$touser['languageid']}"]));
vbmail($touser['email'], $subject, $message);
}
$vbulletin->db->free_result($useremails);
unset($plaintext_parser, $pagetext_cache);
vbmail_end();
}
function process_new_login($logintype, $cookieuser, $cssprefs)
{
global $vbulletin;
$lang_info = array(
'lang_locale' => $vbulletin->userinfo['lang_locale'],
'lang_charset' => $vbulletin->userinfo['lang_charset']
);
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $vbulletin->db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'");
if ($vbulletin->session->created == true AND $vbulletin->session->vars['userid'] == 0)
{
// if we just created a session on this page, there's no reason not to use it
$newsession =& $vbulletin->session;
}
else
{
$newsession = new vB_Session($vbulletin, '', $vbulletin->userinfo['userid'], '', $vbulletin->session->vars['styleid'], $vbulletin->session->vars['languageid']);
}
$newsession->set('userid', $vbulletin->userinfo['userid']);
$newsession->set('loggedin', 1);
if ($logintype == 'cplogin')
{
$newsession->set('bypass', 1);
}
else
{
$newsession->set('bypass', 0);
}
$newsession->set_session_visibility(($vbulletin->superglobal_size['_COOKIE'] > 0));
$newsession->fetch_userinfo();
$vbulletin->session =& $newsession;
$vbulletin->userinfo = $newsession->userinfo;
$vbulletin->userinfo['lang_locale'] = $lang_info['lang_locale'];
$vbulletin->userinfo['lang_charset'] = $lang_info['lang_charset'];
// admin control panel or upgrade script login
if ($logintype === 'cplogin')
{
$permissions = cache_permissions($vbulletin->userinfo, false);
$vbulletin->userinfo['permissions'] =& $permissions;
if ($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])
{
if ($cssprefs != '')
{
$admininfo = $vbulletin->db->query_first_slave("SELECT * FROM " . TABLE_PREFIX . "administrator WHERE userid = " . $vbulletin->userinfo['userid']);
if ($admininfo)
{
$admindm =& datamanager_init('Admin', $vbulletin, ERRTYPE_SILENT);
$admindm->set_existing($admininfo);
$admindm->set('cssprefs', $vbulletin->GPC['cssprefs']);
$admindm->save();
}
}
$cpsession = $vbulletin->session->fetch_sessionhash();
/*insert query*/
$vbulletin->db->query_write("INSERT INTO " . TABLE_PREFIX . "cpsession (userid, hash, dateline) VALUES (" . $vbulletin->userinfo['userid'] . ", '" . $vbulletin->db->escape_string($cpsession) . "', " . TIMENOW . ")");
vbsetcookie('cpsession', $cpsession, false, true, true);
if (!$cookieuser AND empty($vbulletin->GPC[COOKIE_PREFIX . 'userid']))
{
vbsetcookie('userid', $vbulletin->userinfo['userid'], false, true, true);
vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), false, true, true);
}
}
}
// moderator control panel login
if ($logintype === 'modcplogin')
{
$permissions = cache_permissions($vbulletin->userinfo, false);
$vbulletin->userinfo['permissions'] =& $permissions;
require_once(DIR . '/includes/functions_calendar.php');
if (can_moderate() OR can_moderate_calendar())
{
$cpsession = $vbulletin->session->fetch_sessionhash();
/*insert query*/
$vbulletin->db->query_write("INSERT INTO " . TABLE_PREFIX . "cpsession (userid, hash, dateline) VALUES (" . $vbulletin->userinfo['userid'] . ", '" . $vbulletin->db->escape_string($cpsession) . "', " . TIMENOW . ")");
vbsetcookie('cpsession', $cpsession, false, true, true);
if (!$cookieuser AND empty($vbulletin->GPC[COOKIE_PREFIX . 'userid']))
{
vbsetcookie('userid', $vbulletin->userinfo['userid'], false, true, true);
vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), false, true, true);
}
}
}
($hook = vBulletinHook::fetch_hook('login_process')) ? eval($hook) : false;
}
$formdata = $albuminfo;
} else {
$formdata = array('albumid' => 0, 'title' => '', 'description' => '', 'state' => 'public', 'userid' => $vbulletin->userinfo['userid']);
}
}
$formdata['albumtype_' . $formdata['state']] = 'checked="checked"';
$show['delete_option'] = (!defined('PREVIEW_ERRORS') and !empty($albuminfo['albumid']) and ($vbulletin->userinfo['userid'] == $albuminfo['userid'] or can_moderate(0, 'candeletealbumpicture')));
$show['album_used_in_css'] = false;
if (!empty($albuminfo['albumid'])) {
if ($db->query_first("\n\t\t\tSELECT selector\n\t\t\tFROM " . TABLE_PREFIX . "usercss\n\t\t\tWHERE userid = {$albuminfo['userid']}\n\t\t\t\tAND property = 'background_image'\n\t\t\t\tAND value LIKE '{$albuminfo['albumid']},%'\n\t\t\tLIMIT 1\n\t\t")) {
$show['album_used_in_css'] = true;
}
}
// if permitted to customize profile, or album is already a profile-type, show the profile-type option
$creator = fetch_userinfo($formdata['userid']);
cache_permissions($creator);
$show['albumtype_profile'] = ($albuminfo['state'] == 'profile' or $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_profile_styling'] and $creator['permissions']['usercsspermissions'] & $vbulletin->bf_ugp_usercsspermissions['caneditbgimage']);
($hook = vBulletinHook::fetch_hook('album_album_edit')) ? eval($hook) : false;
// navbar and final output
$navbits = construct_navbits(array('member.php?' . $vbulletin->session->vars['sessionurl'] . "u={$userinfo['userid']}" => construct_phrase($vbphrase['xs_profile'], $userinfo['username']), 'album.php?' . $vbulletin->session->vars['sessionurl'] . "u={$userinfo['userid']}" => $vbphrase['albums'], '' => !empty($albuminfo['albumid']) ? $vbphrase['edit_album'] : $vbphrase['add_album']));
eval('$navbar = "' . fetch_template('navbar') . '";');
eval('print_output("' . fetch_template('album_edit') . '");');
}
// #######################################################################
if ($_POST['do'] == 'updatepictures') {
$vbulletin->input->clean_array_gpc('p', array('pictures' => TYPE_ARRAY, 'coverpictureid' => TYPE_UINT, 'frompicture' => TYPE_BOOL));
if (empty($albuminfo)) {
standard_error(fetch_error('invalidid', $vbphrase['album'], $vbulletin->options['contactuslink']));
}
if ($userinfo['userid'] != $vbulletin->userinfo['userid'] and !can_moderate(0, 'caneditalbumpicture')) {
print_no_permission();
/**
* Processes this post's user info assuming the user is registered.
*/
function process_registered_user()
{
global $show, $vbphrase;
$post =& $this->post; // this is a stopgap required for rank's eval code
fetch_musername($this->post);
// get online status -- function call also sets values in $this->post
$this->post['online_status_code'] = fetch_online_status($this->post, true);
if (empty($this->cache['perms'][$this->post['userid']]))
{
$this->cache['perms'][$this->post['userid']] = cache_permissions($this->post, false);
}
// get avatar
if ($this->post['avatarid'])
{
$this->post['avatarurl'] = $this->post['avatarpath'];
}
else
{
if ($this->post['hascustomavatar'] AND $this->registry->options['avatarenabled'])
{
if ($this->registry->options['usefileavatar'])
{
$this->post['avatarurl'] = $this->registry->options['avatarurl'] . '/avatar' . $this->post['userid'] . '_' . $this->post['avatarrevision'] . '.gif';
}
else
{
$this->post['avatarurl'] = 'image.php?' . $this->registry->session->vars['sessionurl'] . 'u=' . $this->post['userid'] . '&dateline=' . $this->post['avatardateline'];
}
if ($this->post['avwidth'] AND $this->post['avheight'])
{
$this->post['avwidth'] = 'width="' . $this->post['avwidth'] . '"';
$this->post['avheight'] = 'height="' . $this->post['avheight'] . '"';
}
else
{
$this->post['avwidth'] = '';
$this->post['avheight'] = '';
}
}
else
{
$this->post['avatarurl'] = '';
}
}
if ( // no avatar defined for this user
empty($this->post['avatarurl'])
OR // visitor doesn't want to see avatars
($this->registry->userinfo['userid'] > 0 AND !$this->registry->userinfo['showavatars'])
OR // user has a custom avatar but no permission to display it
(!$this->post['avatarid'] AND !($this->cache['perms'][$this->post['userid']]['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canuseavatar']) AND !$this->post['adminavatar']) //
)
{
$show['avatar'] = false;
}
else
{
$show['avatar'] = true;
}
// Generate Reputation Power
if ($this->registry->options['postelements'] & POST_SHOW_REPPOWER AND $this->registry->options['reputationenable'])
{
if (!empty($this->cache['reppower'][$this->post['userid']]))
{
$this->post['reppower'] = $this->cache['reppower'][$this->post['userid']];
}
else
{
$this->post['reppower'] = fetch_reppower($this->post, $this->cache['perms'][$this->post['userid']]);
$this->cache['reppower'][$this->post['userid']] = $this->post['reppower'];
}
$show['reppower'] = true;
}
else
{
$show['reppower'] = false;
}
// get reputation
if ($this->registry->options['reputationenable'])
{
fetch_reputation_image($this->post, $this->cache['perms'][$this->post['userid']]);
$show['reputation'] = true;
}
else
{
$show['reputation'] = false;
}
// get join date & posts per day
$jointime = (TIMENOW - $this->post['joindate']) / 86400; // Days Joined
if ($jointime < 1)
{
// User has been a member for less than one day.
$this->post['postsperday'] = $this->post['posts'];
}
else
{
$this->post['postsperday'] = vb_number_format($this->post['posts'] / $jointime, 2);
}
$this->post['joindate'] = vbdate($this->registry->options['registereddateformat'], $this->post['joindate']);
// format posts number
$this->post['posts'] = vb_number_format($this->post['posts']);
$show['profile'] = true;
$show['search'] = true;
$show['buddy'] = true;
$show['emaillink'] = (
$this->post['showemail'] AND $this->registry->options['displayemails'] AND (
!$this->registry->options['secureemail'] OR (
$this->registry->options['secureemail'] AND $this->registry->options['enableemail']
)
) AND $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canemailmember']
AND $this->registry->userinfo['userid']
);
$show['homepage'] = ($this->post['homepage'] != '' AND $this->post['homepage'] != 'http://');
$show['pmlink'] = ($this->registry->options['enablepms'] AND $this->registry->userinfo['permissions']['pmquota'] AND ($this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']
OR ($this->post['receivepm'] AND $this->cache['perms'][$this->post['userid']]['pmquota'])
)) ? true : false;
// Generate Age
if ($this->registry->options['postelements'] & POST_SHOW_AGE AND ($this->post['showbirthday'] == 1 OR $this->post['showbirthday'] == 2))
{
if (!$this->cache['year'])
{
$this->cache['year'] = vbdate('Y', TIMENOW, false, false);
$this->cache['month'] = vbdate('n', TIMENOW, false, false);
$this->cache['day'] = vbdate('j', TIMENOW, false, false);
}
if (empty($this->cache['age'][$this->post['userid']]))
{
$date = explode('-', $this->post['birthday']);
if ($this->cache['year'] > $date[2] AND $date[2] != '0000')
{
$this->post['age'] = $this->cache['year'] - $date[2];
if ($this->cache['month'] < $date[0] OR ($this->cache['month'] == $date[0] AND $this->cache['day'] < $date[1]))
{
$this->post['age']--;
}
if ($this->post['age'] < 101)
{
$this->cache['age'][$this->post['userid']] = $this->post['age'];
}
else
{
unset($this->post['age']);
}
}
}
else
{
$this->post['age'] = $this->cache['age'][$this->post['userid']];
}
}
// Display infractions
$show['infraction'] = ($this->post['userid'] AND ($this->registry->options['postelements'] & POST_SHOW_INFRACTION) AND (
$this->post['ipoints'] OR $this->post['warnings'] OR $this->post['infractions']) AND (
$this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canreverseinfraction']
OR $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canseeinfraction']
OR $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['cangiveinfraction']
OR ($this->post['userid'] == $this->registry->userinfo['userid'] /*AND $this->registry->options['canseeown']*/)
));
// Moved to a function to allow child overriding, i.e. announcements
$this->process_signature();
}
{ // This should not be blank but win32 has a bug in regards to mktime and dates < 1970
if ($bday[2] == '0000')
{
$userinfo['birthday'] = "$bday[0]-$bday[1]";
}
else
{
$userinfo['birthday'] = "$bday[0]-$bday[1]-$bday[2]";
}
}
}
}
if ($show['reputationcol'])
{
$checkperms = cache_permissions($userinfo, false);
fetch_reputation_image($userinfo, $checkperms);
}
$can_view_profile_pic = (
$show['profilepiccol']
AND $userinfo['profilepic']
AND ($userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canprofilepic'] OR $userinfo['adminprofilepic'])
);
if ($userinfo['profilepicrequirement'] AND !can_view_profile_section($userinfo['userid'], 'profile_picture', $userinfo['profilepicrequirement'], $userinfo))
{
$can_view_profile_pic = false;
}
if ($can_view_profile_pic)
{
/**
* Cache's the User's Permissions
*
*/
function prepare_userperms()
{
$this->prepared['userperms'] = cache_permissions($this->userinfo, false);
}
$show['deletethread'] = ($threadinfo['visible'] != 2 and can_moderate($threadinfo['forumid'], 'candeleteposts') or can_moderate($threadinfo['forumid'], 'canremoveposts') or $forumperms & $vbulletin->bf_ugp_forumpermissions['candeletepost'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['candeletethread'] and $vbulletin->userinfo['userid'] == $threadinfo['postuserid'] and ($vbulletin->options['edittimelimit'] == 0 or $threadinfo['dateline'] > TIMENOW - $vbulletin->options['edittimelimit'] * 60)) ? true : false;
$show['adminoptions'] = ($show['editpoll'] or $show['movethread'] or $show['deleteposts'] or $show['editthread'] or $show['managethread'] or $show['openclose'] or $show['deletethread']) ? true : false;
// #############################################################################
// Setup Add Poll Conditional
if ($vbulletin->userinfo['userid'] != $threadinfo['postuserid'] and !can_moderate($foruminfo['forumid'], 'caneditpoll') or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canpostnew']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canpostpoll']) or $threadinfo['pollid'] or !can_moderate($foruminfo['forumid'], 'caneditpoll') and $vbulletin->options['addpolltimeout'] and TIMENOW - $vbulletin->options['addpolltimeout'] * 60 > $threadinfo['dateline']) {
$show['addpoll'] = false;
} else {
$show['addpoll'] = true;
}
// #############################################################################
// show forum rules
construct_forum_rules($forum, $forumperms);
// #############################################################################
// build social bookmarking links
$guestuser = array('userid' => 0, 'usergroupid' => 0);
cache_permissions($guestuser);
$bookmarksites = '';
if ($thread['visible'] and !$thread['isdeleted'] and $guestuser['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'] and $guestuser['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canview'] and $guestuser['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewthreads'] and ($guestuser['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewothers'] or $threadinfo['postuserid'] == 0)) {
if ($vbulletin->options['socialbookmarks'] and is_array($vbulletin->bookmarksitecache) and !empty($vbulletin->bookmarksitecache)) {
$raw_title = html_entity_decode($thread['title'], ENT_QUOTES);
foreach ($vbulletin->bookmarksitecache as $bookmarksite) {
//this was done as a friendly url and then changed back as part of a bug ported from 3.8.x a while back.
//There appear to be some issues with UTF in titles and twitter (which was part of the bug fix from 3.8.x)
//This needs to be looked at in order to properly use the friendly urls, however I don't want to do it as part
//of this effort (making things available in subdirectories). However I'm generating the url out of the
//seo url framework to centralized some of the other url logic made available.
$threadlink = vB_Friendly_Url::fetchLibrary($vbulletin, 'thread|nosession|bburl', $thread)->get_url(FRIENDLY_URL_OFF);
$bookmarksite['link'] = str_replace(array('{URL}', '{TITLE}'), array(urlencode($threadlink), urlencode($bookmarksite['utf8encode'] ? utf8_encode($raw_title) : $raw_title)), $bookmarksite['url']);
($hook = vBulletinHook::fetch_hook('showthread_bookmarkbit')) ? eval($hook) : false;
$templater = vB_Template::create('showthread_bookmarksite');
$templater->register('bookmarksite', $bookmarksite);
}
if ($countbcc and $vbulletin->userinfo['userid'] == $pm['fromuserid'] and $pm['folderid'] == -1) {
if ($countcc) {
$bccrecipients = $bcclist;
} else {
$ccrecipients = $bcclist;
}
}
$show['recipients'] = true;
}
$show['quickreply'] = ($permissions['pmquota'] and $vbulletin->userinfo['receivepm'] and !fetch_privatemessage_throttle_reached($vbulletin->userinfo['userid']));
if ($pm['fromuserid']) {
$recipient = $db->query_first("\n\t\t\tSELECT usertextfield.*, user.*, userlist.type\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid=user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON(user.userid = userlist.userid AND userlist.relationid = " . $vbulletin->userinfo['userid'] . " AND userlist.type = 'buddy')\n\t\t\tWHERE user.userid = " . intval($pm['fromuserid']));
if (!empty($recipient)) {
$recipient = array_merge($recipient, convert_bits_to_array($recipient['options'], $vbulletin->bf_misc_useroptions));
cache_permissions($recipient, false);
if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and (!$recipient['receivepm'] or !$recipient['permissions']['pmquota'] or $recipient['receivepmbuddies'] and !can_moderate() and $recipient['type'] != 'buddy')) {
$show['quickreply'] = false;
}
} else {
$show['quickreply'] = false;
}
} else {
$show['quickreply'] = false;
}
if ($vbulletin->GPC['showhistory'] and $pm['parentpmid']) {
$threadresult = $vbulletin->db->query_read_slave("\n\t\t\tSELECT pm.*, pmtext.*\n\t\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\t\tINNER JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t\tWHERE (pm.parentpmid=" . $pm['parentpmid'] . "\n\t\t\t\t\tOR pm.pmid = " . $pm['parentpmid'] . ")\n\t\t\tAND pm.pmid != " . $pm['pmid'] . "\n\t\t\tAND pm.userid=" . $vbulletin->userinfo['userid'] . "\n\t\t\tAND pmtext.dateline < " . $pm['dateline'] . "\n\t\t\tORDER BY pmtext.dateline DESC\n\t\t");
if ($vbulletin->db->num_rows($threadresult)) {
$threadpms = '';
while ($threadpm = $vbulletin->db->fetch_array($threadresult)) {
$postbit_factory = new vB_Postbit_Factory();
/**
* Verifies permissions to attach content to posts
*
* @param array Contenttype information - bypass reading environment settings
*
* @return boolean
*/
public function verify_permissions($info = array())
{
global $show;
if ($info) {
$this->values['postid'] = $info['postid'];
$this->values['threadid'] = $info['threadid'];
$this->values['forumid'] = $info['forumid'];
} else {
$this->values['postid'] = intval($this->values['p']) ? intval($this->values['p']) : intval($this->values['postid']);
$this->values['threadid'] = intval($this->values['t']) ? intval($this->values['t']) : intval($this->values['threadid']);
$this->values['forumid'] = intval($this->values['f']) ? intval($this->values['f']) : intval($this->values['forumid']);
}
if ($this->values['postid']) {
if (!($this->postinfo = fetch_postinfo($this->values['postid']))) {
return false;
}
$this->values['threadid'] = $this->postinfo['threadid'];
}
if ($this->values['threadid']) {
if (!($this->threadinfo = fetch_threadinfo($this->values['threadid']))) {
return false;
}
$this->values['forumid'] = $this->threadinfo['forumid'];
}
if ($this->values['forumid'] and !($this->foruminfo = fetch_foruminfo($this->values['forumid']))) {
return false;
}
if (!$this->foruminfo and !$this->threadinfo and !($this->postinfo and $this->values['editpost'])) {
return false;
}
$forumperms = fetch_permissions($this->foruminfo['forumid']);
// No permissions to post attachments in this forum or no permission to view threads in this forum.
if (!($forumperms & $this->registry->bf_ugp_forumpermissions['canpostattachment']) or !($forumperms & $this->registry->bf_ugp_forumpermissions['canview']) or !($forumperms & $this->registry->bf_ugp_forumpermissions['canviewthreads'])) {
return false;
}
if (!$this->postinfo and !$this->foruminfo['allowposting'] or $this->foruminfo['link'] or !$this->foruminfo['cancontainthreads']) {
return false;
}
if ($this->threadinfo) {
if ($this->threadinfo['isdeleted'] or !$this->threadinfo['visible'] and !can_moderate($this->threadinfo['forumid'], 'canmoderateposts')) {
return false;
}
if (!$this->threadinfo['open']) {
if (!can_moderate($this->threadinfo['forumid'], 'canopenclose')) {
return false;
}
}
if ($this->registry->userinfo['userid'] != $this->threadinfo['postuserid'] and (!($forumperms & $this->registry->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $this->registry->bf_ugp_forumpermissions['canreplyothers']))) {
return false;
}
// don't call this part on editpost.php (which will have a $postid)
if (!$this->postinfo and !($forumperms & $this->registry->bf_ugp_forumpermissions['canreplyown']) and $this->registry->userinfo['userid'] == $this->threadinfo['postuserid']) {
return false;
}
} else {
if (!($forumperms & $this->registry->bf_ugp_forumpermissions['canpostnew'])) {
return false;
}
}
if ($this->postinfo) {
if (!can_moderate($this->threadinfo['forumid'], 'caneditposts')) {
if (!($forumperms & $this->registry->bf_ugp_forumpermissions['caneditpost'])) {
return false;
} else {
if ($this->registry->userinfo['userid'] != $this->postinfo['userid']) {
// check user owns this post
return false;
} else {
// check for time limits
if ($this->postinfo['dateline'] < TIMENOW - $this->registry->options['edittimelimit'] * 60 and $this->registry->options['edittimelimit']) {
return false;
}
}
}
}
$this->contentid = $this->postinfo['postid'];
$this->userinfo = fetch_userinfo($this->postinfo['userid']);
cache_permissions($this->userinfo, true);
} else {
$this->userinfo = $this->registry->userinfo;
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($this->foruminfo['forumid'], $this->foruminfo['password'], false);
if (!$this->foruminfo['allowposting']) {
$show['attachoption'] = false;
$show['forumclosed'] = true;
}
return true;
}
{
$vbulletin->options['cpstylefolder'] = $vbulletin->userinfo['cssprefs'];
}
// ###################### Get date / time info #######################
// override date/time settings if specified
fetch_options_overrides($vbulletin->userinfo);
fetch_time_data();
// ############################################ LANGUAGE STUFF ####################################
// initialize $vbphrase and set language constants
$vbphrase = init_language();
$_tmp = NULL;
fetch_stylevars($_tmp, $vbulletin->userinfo);
$permissions = cache_permissions($vbulletin->userinfo, true);
$vbulletin->userinfo['permissions'] =& $permissions;
$cpsession = array();
$vbulletin->input->clean_array_gpc('c', array(
COOKIE_PREFIX . 'cpsession' => TYPE_STR,
));
if (!empty($vbulletin->GPC[COOKIE_PREFIX . 'cpsession']))
{
$cpsession = $db->query_first("
SELECT * FROM " . TABLE_PREFIX . "cpsession
WHERE userid = " . $vbulletin->userinfo['userid'] . "
AND hash = '" . $db->escape_string($vbulletin->GPC[COOKIE_PREFIX . 'cpsession']) . "'
AND dateline > " . iif($vbulletin->options['timeoutcontrolpanel'], intval(TIMENOW - $vbulletin->options['cookietimeout']), intval(TIMENOW - 3600))
);
print_table_break();
print_submit_row($vbphrase['continue']);
}
}
// ###################### Start do moderate and coppa #######################
if ($_POST['do'] == 'domoderate') {
$vbulletin->input->clean_array_gpc('p', array('send_validated' => TYPE_INT, 'send_deleted' => TYPE_INT, 'validate' => TYPE_ARRAY_INT));
if (empty($vbulletin->GPC['validate'])) {
print_stop_message('please_complete_required_fields');
} else {
$evalemail_validated = array();
$evalemail_deleted = array();
require_once DIR . '/includes/functions_misc.php';
if ($vbulletin->options['welcomepm']) {
if ($fromuser = fetch_userinfo($vbulletin->options['welcomepm'])) {
cache_permissions($fromuser, false);
}
}
foreach ($vbulletin->GPC['validate'] as $userid => $status) {
$userid = intval($userid);
$user = $db->query_first("\n\t\t\t\tSELECT *\n\t\t\t\tFROM " . TABLE_PREFIX . "user\n\t\t\t\tWHERE userid = {$userid}\n\t\t\t");
if (!$user) {
// use was likely deleted
continue;
}
$username = unhtmlspecialchars($user['username']);
$chosenlanguage = iif($user['languageid'] < 1, intval($vbulletin->options['languageid']), intval($user['languageid']));
if ($status == 1) {
// validated
// init user data manager
$displaygroupid = ($user['displaygroupid'] > 0 and $user['displaygroupid'] != $user['usergroupid']) ? $user['displaygroupid'] : 2;
} else {
// insert username(s) of specified recipients
if ($vbulletin->GPC['userid']) {
$recipients = array();
if (is_array($vbulletin->GPC['userid'])) {
foreach ($vbulletin->GPC['userid'] as $recipient) {
$recipients[] = intval($recipient);
}
} else {
$recipients[] = intval($vbulletin->GPC['userid']);
}
$users = $db->query_read_slave("\n\t\t\t\t\tSELECT usertextfield.*, user.*, userlist.type\n\t\t\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid=user.userid)\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON(user.userid = userlist.userid AND userlist.relationid = " . $vbulletin->userinfo['userid'] . " AND userlist.type = 'buddy')\n\t\t\t\t\tWHERE user.userid IN(" . implode(', ', $recipients) . ")\n\t\t\t\t");
$recipients = array();
while ($user = $db->fetch_array($users)) {
$user = array_merge($user, convert_bits_to_array($user['options'], $vbulletin->bf_misc_useroptions));
cache_permissions($user, false);
if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and (!$user['receivepm'] or !$user['permissions']['pmquota'] or $user['receivepmbuddies'] and !can_moderate() and $user['type'] != 'buddy')) {
eval(standard_error(fetch_error('pmrecipturnedoff', $user['username'])));
}
$recipients[] = $user['username'];
}
if (empty($recipients)) {
$pm['recipients'] = '';
} else {
$pm['recipients'] = implode(' ; ', $recipients);
}
}
($hook = vBulletinHook::fetch_hook('private_newpm_blank')) ? eval($hook) : false;
}
construct_checkboxes(array('savecopy' => true, 'parseurl' => true, 'signature' => iif($vbulletin->userinfo['signature'] !== '', true)));
$show['bcclink'] = true;
function post_save_each($doquery = true)
{
$blogid = intval($this->fetch_field('blogid'));
$userid = intval($this->fetch_field('userid'));
$blogtextid = $this->fetch_field('blogtextid');
$postedby_userid = intval($this->fetch_field('postedby_userid'));
require_once(DIR . '/vb/search/indexcontroller/queue.php');
vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogEntry', 'index', $blogid);
vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogComment', 'group_data_change', $blogid);
if (!$condition AND $this->info['addtags'])
{
// invalidate users tag cloud
$dataman =& datamanager_init('Blog_User', $this->registry, ERRTYPE_SILENT);
$info = array('bloguserid' => $userid);
$dataman->set_existing($info);
$dataman->set('tagcloud', '');
$dataman->save();
}
$this->build_category_counters();
build_blog_stats();
// Insert entry for moderation
if ($this->fetch_field('state') == 'moderation')
{
/*insert query*/
$this->dbobject->query_write("
INSERT IGNORE INTO " . TABLE_PREFIX . "blog_moderation
(primaryid, type, dateline)
VALUES
($blogid, 'blogid', " . TIMENOW . ")
");
}
// Insert entry for moderation
if (!$this->condition AND ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') OR $this->fetch_field('pending'))
{
$userinfo = array('bloguserid' => $userid);
$userdata =& datamanager_init('Blog_user', $this->registry, ERRTYPE_SILENT);
$userdata->set_existing($userinfo);
if ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft')
{
$userdata->set($this->fetch_field('state'), $this->fetch_field('state') . ' + 1', false);
}
if ($this->fetch_field('pending'))
{
$userdata->set('pending', 'pending + 1', false);
}
$userdata->save();
}
// Send Email Notification
if (((!$this->condition AND !$this->fetch_field('pending')) OR $this->info['send_notification']) AND ($this->fetch_field('state') == 'visible' OR $this->fetch_field('state') == 'moderation') AND $this->registry->options['enableemail'])
{
$lastposttime = $this->dbobject->query_first("
SELECT MAX(dateline) AS dateline
FROM " . TABLE_PREFIX . "blog AS blog
WHERE blogid = $blogid
AND dateline < " . $this->fetch_field('dateline') . "
AND state = 'visible'
");
$entrytitle = unhtmlspecialchars($this->fetch_field('title'));
if (defined('VBBLOG_PERMS') AND $this->registry->userinfo['userid'] == $this->fetch_field('userid'))
{
$blogtitle = unhtmlspecialchars($this->registry->userinfo['blog_title']);
$username = unhtmlspecialchars($this->registry->userinfo['username']);
$userinfo =& $this->registry->userinfo;
}
else
{
if (!defined('VBBLOG_PERMS'))
{ // Tell the fetch_userinfo plugin that we need the blog fields in case this class is being called by a non blog script
define('VBBLOG_PERMS', true);
}
$userinfo = fetch_userinfo($this->fetch_field('userid'), 1);
cache_permissions($userinfo, false);
$blogtitle = unhtmlspecialchars($userinfo['blog_title']);
if ($userinfo['userid'] != $this->fetch_field('userid'))
{
$userinfo2 = fetch_userinfo($this->fetch_field('userid'), 1);
$username = unhtmlspecialchars($userinfo2['username']);
}
else
{
$username = unhtmlspecialchars($userinfo['username']);
}
}
require_once(DIR . '/includes/class_bbcode_alt.php');
$plaintext_parser = new vB_BbCodeParser_PlainText($this->registry, fetch_tag_list());
$pagetext_cache = array(); // used to cache the results per languageid for speed
$pagetext_orig =& $this->fetch_field('pagetext', 'blog_text');
($hook = vBulletinHook::fetch_hook('blog_user_notification_start')) ? eval($hook) : false;
$useremails = $this->dbobject->query_read_slave("
SELECT
user.*,
blog_subscribeuser.blogsubscribeuserid,
bm.blogmoderatorid,
ignored.relationid AS ignoreid, buddy.relationid AS buddyid,
bu.isblogmoderator, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid
FROM " . TABLE_PREFIX . "blog_subscribeuser AS blog_subscribeuser
INNER JOIN " . TABLE_PREFIX . "user AS user ON (blog_subscribeuser.userid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "blog_moderator AS bm ON (bm.userid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = $userid AND buddy.relationid = user.userid AND buddy.type = 'buddy')
LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = $userid AND ignored.relationid = user.userid AND ignored.type = 'ignore')
LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = user.userid)
WHERE
blog_subscribeuser.bloguserid = $userid
AND
" . ($userid == $postedby_userid ? "blog_subscribeuser.userid <> $userid AND" : "") . "
blog_subscribeuser.type = 'email'
AND
user.usergroupid <> 3
AND
user.lastactivity >= " . intval($lastposttime['dateline']) . "
");
vbmail_start();
$setoptions = $this->fetch_field('options');
$evalemail = array();
while ($touser = $this->dbobject->fetch_array($useremails))
{
cache_permissions($touser, false);
// only send private entries to contacts and moderators
if ($setoptions["{$this->bitfields['options']['private']}"] AND !$touser['buddyid'] AND !$touser['blogmoderatorid'] AND !is_member_of_blog($touser, $userinfo))
{
continue;
}
if (!($this->registry->usergroupcache["$touser[usergroupid]"]['genericoptions'] & $this->registry->bf_ugp_genericoptions['isnotbannedgroup']))
{
continue;
}
if ($this->fetch_field('state') == 'moderation')
{
if ($touser['userid'] != $userid AND !can_moderate_blog('canmoderateentries', $touser))
{
continue;
}
}
if (!empty($this->info['categories']))
{
prepare_blog_category_permissions($touser);
if (array_intersect($touser['blogcategorypermissions']['cantview'], $this->info['categories']) AND $userinfo['userid'] != $touser['userid'])
{
continue;
}
}
if (!($touser['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
continue;
}
else if (
!$touser['blogmoderatorid']
AND
!($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'])
AND
!($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['ismoderator'])
AND
(!$userinfo['ignore_canviewmyblog'] OR !$touser['ignoreid'])
AND
(!$userinfo['buddy_canviewmyblog'] OR !$touser['buddyid'])
AND
(!$userinfo['member_canviewmyblog'] OR (!$userinfo['buddy_canviewmyblog'] AND $touser['budyid']) OR (!$userinfo['ignore_canviewmyblog'] AND $touser['ignoreid']))
AND
!is_member_of_blog($touser, $userinfo)
)
{
continue;
}
$touser['username'] = unhtmlspecialchars($touser['username']);
$touser['languageid'] = iif($touser['languageid'] == 0, $this->registry->options['languageid'], $touser['languageid']);
$touser['auth'] = md5($touser['userid'] . $touser['blogsubscribeuserid'] . $touser['salt'] . COOKIE_SALT);
if (empty($evalemail))
{
$email_texts = $this->dbobject->query_read_slave("
SELECT text, languageid, fieldname
FROM " . TABLE_PREFIX . "phrase
WHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'blog_user_notify'
");
while ($email_text = $this->dbobject->fetch_array($email_texts))
{
$emails["$email_text[languageid]"]["$email_text[fieldname]"] = $email_text['text'];
}
require_once(DIR . '/includes/functions_misc.php');
foreach ($emails AS $languageid => $email_text)
{
// lets cycle through our array of notify phrases
$text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
$text_message = replace_template_variables($text_message);
$text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
$text_subject = replace_template_variables($text_subject);
$evalemail["$languageid"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
}
// parse the page text into plain text, taking selected language into account
if (!isset($pagetext_cache["$touser[languageid]"]))
{
$plaintext_parser->set_parsing_language($touser['languageid']);
$pagetext_cache["$touser[languageid]"] = $plaintext_parser->parse($pagetext_orig);
}
$pagetext = $pagetext_cache["$touser[languageid]"];
($hook = vBulletinHook::fetch_hook('blog_user_notification_message')) ? eval($hook) : false;
eval(iif(empty($evalemail["$touser[languageid]"]), $evalemail["-1"], $evalemail["$touser[languageid]"]));
vbmail($touser['email'], $subject, $message);
}
unset($plaintext_parser, $pagetext_cache);
vbmail_end();
}
$this->post_save_each_blogtext($doquery);
if ($this->fetch_field('dateline') <= TIMENOW)
{
$this->insert_dupehash($this->fetch_field('blogid'));
}
if ($this->condition AND $this->info['emailupdate'] == 'none' AND ($userid != $this->registry->userinfo['userid'] OR ($userid == $this->registry->userinfo['userid'] AND $this->existing['entrysubscribed'])))
{
$this->dbobject->query_write("
DELETE FROM " . TABLE_PREFIX . "blog_subscribeentry
WHERE blogid = $blogid AND userid = $userid
");
}
else if ($this->info['emailupdate'] == 'email' OR $this->info['emailupdate'] == 'usercp')
{
$this->dbobject->query_write("
REPLACE INTO " . TABLE_PREFIX . "blog_subscribeentry
(blogid, dateline, type, userid)
VALUES
($blogid, " . TIMENOW . ", '" . $this->info['emailupdate'] . "', $userid)
");
}
($hook = vBulletinHook::fetch_hook('blog_fpdata_postsave')) ? eval($hook) : false;
}
print_label_row($bitfieldnames["$val"], '<b>' . $vbphrase['no'] . '</b>');
}
}
}
print_table_footer();
}
// ###################### Start viewing resources for specific user ########################
if ($_REQUEST['do'] == 'viewuser')
{
$userinfo = fetch_userinfo($vbulletin->GPC['userid']);
if (!$userinfo)
{
print_stop_message('invalid_user_specified');
}
$perms = cache_permissions($userinfo);
print_form_header('', '');
print_table_header($userinfo['username'] . " <span class=\"normal\">(userid: $userinfo[userid])</span>");
foreach ($userinfo['forumpermissions'] AS $forumid => $forumperms)
{
print_table_header($vbulletin->forumcache["$forumid"]['title'] . " <span class=\"normal\">(forumid: $forumid)</span>");
foreach ($vbulletin->bf_ugp_forumpermissions AS $key => $val)
{
if (bitwise($userinfo['forumpermissions']["$forumid"], $val))
{
print_label_row($bitfieldnames["$val"], '<b>' . $vbphrase['yes'] . '</b>');
}
else
function check_attachment_overage()
{
if ($this->registry->options['attachtotalspace']) {
$attachdata = $this->registry->db->query_first_slave("SELECT SUM(filesize) AS sum FROM " . TABLE_PREFIX . "attachment");
if ($attachdata['sum'] + $this->upload['filesize'] > $this->registry->options['attachtotalspace']) {
$overage = vb_number_format($attachdata['sum'] + $this->upload['filesize'] - $this->registry->options['attachtotalspace'], 1, true);
$admincpdir = $this->registry->config['Misc']['admincpdir'];
eval(fetch_email_phrases('attachfull', 0));
vbmail($this->registry->options['webmasteremail'], $subject, $message);
$this->set_error('upload_attachfull_total', $overage);
return false;
}
}
if ($this->userinfo['permissions']['attachlimit']) {
// Get forums that allow canview access
if (!isset($this->userinfo['forumpermissions'])) {
cache_permissions($this->userinfo, true);
}
$forumids = '';
foreach ($this->userinfo['forumpermissions'] as $forumid => $fperm) {
if ($fperm & $this->registry->bf_ugp_forumpermissions['canview'] and $fperm & $this->registry->bf_ugp_forumpermissions['canviewthreads'] and $fperm & $this->registry->bf_ugp_forumpermissions['cangetattachment']) {
$forumids .= ",{$forumid}";
}
}
$attachdata = $this->registry->db->query_first_slave("\n\t\t\t\tSELECT SUM(attachment.filesize) AS sum\n\t\t\t\tFROM " . TABLE_PREFIX . "attachment AS attachment\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = attachment.postid)\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "thread AS thread ON (post.threadid = thread.threadid)\n\t\t\t\tWHERE attachment.userid = " . $this->userinfo['userid'] . "\n\t\t\t\t\tAND\t((thread.forumid IN (0{$forumids}) AND post.visible <> 2 AND thread.visible <> 2) OR attachment.postid = 0)\n\t\t\t");
if ($attachdata['sum'] + $this->upload['filesize'] > $this->userinfo['permissions']['attachlimit']) {
$overage = vb_number_format($attachdata['sum'] + $this->upload['filesize'] - $this->userinfo['permissions']['attachlimit'], 1, true);
$this->set_error('upload_attachfull_user', $overage, $this->registry->session->vars['sessionurl']);
return false;
}
}
if ($this->userinfo['userid'] and !$this->registry->options['allowduplicates']) {
// read file
$filehash = empty($this->upload['filestuff']) ? md5_file($this->upload['location']) : md5($this->upload['filestuff']);
if (!isset($this->userinfo['forumpermissions'])) {
cache_permissions($this->userinfo, true);
}
$forumids = '';
foreach ($this->userinfo['forumpermissions'] as $forumid => $perm) {
if ($perm & $this->registry->bf_ugp_forumpermissions['canview'] and $perm & $this->registry->bf_ugp_forumpermissions['canviewthreads'] and $perm & $this->registry->bf_ugp_forumpermissions['cangetattachment']) {
$forumids .= ",{$forumid}";
}
}
if ($threadresult = $this->registry->db->query_first_slave("\n\t\t\t\tSELECT post.postid, post.threadid, thread.title, posthash, attachment.filename\n\t\t\t\tFROM " . TABLE_PREFIX . "attachment AS attachment\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = attachment.postid)\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "thread AS thread ON (thread.threadid = post.threadid)\n\t\t\t\tWHERE attachment.userid = " . $this->userinfo['userid'] . "\n\t\t\t\t\tAND attachment.filehash = '" . $this->registry->db->escape_string($filehash) . "'\n\t\t\t\t\tAND ((thread.forumid IN (0{$forumids}) AND post.visible = 1 AND thread.visible = 1) OR attachment.postid = 0)\n\t\t\t\tLIMIT 1\n\t\t\t")) {
// Attachment of an existing post
if ($threadresult['postid']) {
if ($this->postinfo['postid'] != $threadresult['postid'] or $this->upload['filename'] != $threadresult['filename']) {
// doesn't belong to our post or the filename differs so it won't be overwritten
$this->set_error('upload_attachexists', $this->registry->session->vars['sessionurl'], $threadresult['threadid'], $threadresult['title']);
return false;
}
} else {
// Attachment currently being added or abandoned
if ($threadresult['posthash'] != $this->postinfo['posthash']) {
// Doesn't belong to our post
if ($this->userinfo['userid'] == $this->registry->userinfo['userid']) {
$this->set_error('upload_attach_in_progress_delete_here', $this->registry->session->vars['sessionurl']);
} else {
$this->set_error('upload_attach_in_progress', $this->registry->session->vars['sessionurl']);
}
return false;
} else {
if ($this->upload['filename'] != $threadresult['filename']) {
// Belongs to our post but has a different filename //-> won't be overwritten so don't allow
$this->set_error('upload_attach_exists_this_post');
return false;
}
}
}
}
}
return true;
}
$user['extended_type'] = $user['type'];
if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends']) {
switch ($user['friend']) {
case 'yes':
$user['extended_type'] = 'friend';
break;
case 'pending':
case 'denied':
$user['extended_type'] = 'outgoing';
break;
default:
($hook = vBulletinHook::fetch_hook('profile_contactlist_listtype')) ? eval($hook) : false;
}
}
fetch_avatar_from_userinfo($user, true);
cache_permissions($user);
$container = 'buddylist';
$show['incomingrequest'] = false;
$show['outgoingrequest'] = $user['extended_type'] == 'outgoing';
$friendcheck_checked = $user['extended_type'] == 'friend' ? ' checked="checked"' : '';
$user['checked'] = ' checked="checked"';
$friend_list["{$user['userid']}"] = $user['friend'];
$show['friend_checkbox'] = ($show['friend_controls'] and $user['permissions']['genericpermissions2'] & $vbulletin->bf_ugp_genericpermissions2['canusefriends'] and $vbulletin->userinfo['userid'] != $user['userid'] or !empty($friendcheck_checked) and $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends']);
eval('$buddylist .= "' . fetch_template('modifybuddylist_user') . '";');
}
$buddycount = $db->num_rows($users_result);
$incomingcount = 0;
$users_result = $db->query_read_slave("\n\t\tSELECT user.*, userlist.type, userlist.friend\n\t\t" . ($vbulletin->options['avatarenabled'] ? ', avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline, customavatar.width_thumb AS avwidth_thumb, customavatar.height_thumb AS avheight_thumb, customavatar.width as avwidth, customavatar.height as avheight, customavatar.filedata_thumb' : '') . "\n\t\tFROM " . TABLE_PREFIX . "userlist AS userlist\n\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist_ignore ON (userlist_ignore.userid = " . $vbulletin->userinfo['userid'] . " AND userlist_ignore.relationid = userlist.userid AND userlist_ignore.type = 'ignore')\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = userlist.userid)\n\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON (avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON (customavatar.userid = user.userid) " : '') . "\n\t\tWHERE userlist.relationid = " . $vbulletin->userinfo['userid'] . " AND userlist.type = 'buddy' AND userlist.friend = 'pending' AND userlist_ignore.type IS NULL\n\t\tORDER BY user.username\n\t");
while ($user = $db->fetch_array($users_result)) {
// User is a friend already, the other side must have a broken relationship. update theirs
if ($friend_list["{$user['userid']}"] == 'yes') {
<?php
# Zoints Thread Tags System
#
# Copyright 2006 Zoints Inc.
# This code may not be redistributed without prior written consent.
#
error_reporting(E_ALL & ~E_NOTICE);
if (!is_object($vbulletin->db)) {
exit;
}
if ($vbulletin->options['zointstags_on'] and $vbulletin->options['zointstags_zoints'] and !empty($vbulletin->options['zointstags_token']) and !empty($vbulletin->options['zointstags_authkey'])) {
# only get publicly viewable threads
$guest = array();
cache_permissions($guest);
$visible = array();
foreach ($vbulletin->forumcache as $forumid => $forum) {
$forumperms = $guest['forumpermissions']["{$forumid}"];
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) and !$vbulletin->options['showprivateforums'] or !$forum['displayorder'] or !($forum['options'] & $vbulletin->bf_misc_forumoptions['active'])) {
continue;
}
$visible[] = $forumid;
}
if (!count($visible)) {
$visible = array(0);
}
# get recently changed tags from db
$threads = array();
$threadids = array();
$firstpostids = array();
$_threads = $vbulletin->db->query_read("\n\t\tSELECT thread.* FROM " . TABLE_PREFIX . "zoints_tag_update ztu\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread thread ON(ztu.threadid = thread.threadid)\n\t\tWHERE thread.forumid IN(" . implode(',', $visible) . ")\n\t\tLIMIT 250\n\t");
