/** * Loads article previews for display with the portal index template */ public function action_sportal_index() { global $context, $modSettings; // Showing articles on the index page? if (!empty($modSettings['sp_articles_index'])) { require_once SUBSDIR . '/PortalArticle.subs.php'; $context['sub_template'] = 'portal_index'; // Set up the pages $total_articles = sportal_get_articles_count(); $total = min($total_articles, !empty($modSettings['sp_articles_index_total']) ? $modSettings['sp_articles_index_total'] : 20); $per_page = min($total, !empty($modSettings['sp_articles_index_per_page']) ? $modSettings['sp_articles_index_per_page'] : 5); $start = !empty($_REQUEST['articles']) ? (int) $_REQUEST['articles'] : 0; if ($total > $per_page) { $context['article_page_index'] = constructPageIndex($context['portal_url'] . '?articles=%1$d', $start, $total, $per_page, true); } // If we have some articles require_once SUBSDIR . '/PortalArticle.subs.php'; $context['articles'] = sportal_get_articles(0, true, true, 'spa.id_article DESC', 0, $per_page, $start); foreach ($context['articles'] as $article) { if (empty($modSettings['sp_articles_length']) && ($cutoff = Util::strpos($article['body'], '[cutoff]')) !== false) { $article['body'] = Util::substr($article['body'], 0, $cutoff); if ($article['type'] === 'bbc') { require_once SUBSDIR . '/Post.subs.php'; preparsecode($article['body']); } } $context['articles'][$article['id']]['preview'] = sportal_parse_content($article['body'], $article['type'], 'return'); $context['articles'][$article['id']]['date'] = htmlTime($article['date']); // Just want a shorter look on the index page if (!empty($modSettings['sp_articles_length'])) { $context['articles'][$article['id']]['preview'] = Util::shorten_html($context['articles'][$article['id']]['preview'], $modSettings['sp_articles_length']); } } } }
/** * testPreparseCode, runs preparsecode on the bbcode */ public function testPreparseCode() { foreach ($this->bbPreparse_tests as $testcase) { $test = $testcase[0]; $expected = $testcase[1]; preparsecode($test); $this->assertEqual($expected, $test); } }
/** * Save a new draft, or update an existing draft. */ function saveDraft() { global $smcFunc, $topic, $board, $user_info, $options; if (!isset($_REQUEST['draft']) || $user_info['is_guest'] || empty($options['use_drafts'])) { return false; } $msgid = isset($_REQUEST['msg']) ? $_REQUEST['msg'] : 0; // Clean up what we may or may not have $subject = isset($_POST['subject']) ? $_POST['subject'] : ''; $message = isset($_POST['message']) ? $_POST['message'] : ''; $icon = isset($_POST['icon']) ? preg_replace('~[\\./\\\\*:"\'<>]~', '', $_POST['icon']) : 'xx'; // Sanitise what we do have $subject = commonAPI::htmltrim(commonAPI::htmlspecialchars($subject)); $message = commonAPI::htmlspecialchars($message, ENT_QUOTES); preparsecode($message); if (commonAPI::htmltrim(commonAPI::htmlspecialchars($subject)) === '' && commonAPI::htmltrim(commonAPI::htmlspecialchars($_POST['message']), ENT_QUOTES) === '') { fatal_lang_error('empty_draft', false); } // Hrm, so is this a new draft or not? if (isset($_REQUEST['draft_id']) && (int) $_REQUEST['draft_id'] > 0 || $msgid) { $_REQUEST['draft_id'] = (int) $_REQUEST['draft_id']; $id_cond = $msgid ? ' 1=1 ' : ' id_draft = {int:draft} '; $id_sel = $msgid ? ' AND id_msg = {int:message} ' : ' AND id_board = {int:board} AND id_topic = {int:topic} '; // Does this draft exist? smf_db_query(' UPDATE {db_prefix}drafts SET subject = {string:subject}, body = {string:body}, updated = {int:post_time}, icon = {string:post_icon}, smileys = {int:smileys_enabled}, is_locked = {int:locked}, is_sticky = {int:sticky} WHERE ' . $id_cond . ' AND id_member = {int:member} ' . $id_sel . ' LIMIT 1', array('draft' => $_REQUEST['draft_id'], 'board' => $board, 'topic' => $topic, 'message' => $msgid, 'member' => $user_info['id'], 'subject' => $subject, 'body' => $message, 'post_time' => time(), 'post_icon' => $icon, 'smileys_enabled' => !isset($_POST['ns']) ? 1 : 0, 'locked' => !empty($_POST['lock_draft']) ? 1 : 0, 'sticky' => isset($_POST['sticky']) ? 1 : 0)); if (smf_db_affected_rows() != 0) { return $_REQUEST['draft_id']; } } smf_db_insert('insert', '{db_prefix}drafts', array('id_board' => 'int', 'id_topic' => 'int', 'id_msg' => 'int', 'id_member' => 'int', 'subject' => 'string', 'body' => 'string', 'updated' => 'int', 'icon' => 'string', 'smileys' => 'int', 'is_locked' => 'int', 'is_sticky' => 'int'), array($board, $topic, $msgid, $user_info['id'], $subject, $message, time(), $icon, !isset($_POST['ns']) ? 1 : 0, !empty($_POST['lock_draft']) ? 1 : 0, isset($_POST['sticky']) ? 1 : 0), array('id_draft')); return smf_db_insert_id('{db_prefix}drafts'); }
/** * View a specific category, showing all articles it contains */ public function action_sportal_category() { global $context, $scripturl, $modSettings; // Basic article support require_once SUBSDIR . '/PortalArticle.subs.php'; $category_id = !empty($_REQUEST['category']) ? $_REQUEST['category'] : 0; if (is_int($category_id)) { $category_id = (int) $category_id; } else { $category_id = Util::htmlspecialchars($category_id, ENT_QUOTES); } $context['category'] = sportal_get_categories($category_id, true, true); if (empty($context['category']['id'])) { fatal_lang_error('error_sp_category_not_found', false); } // Set up the pages $total_articles = sportal_get_articles_in_cat_count($context['category']['id']); $per_page = min($total_articles, !empty($modSettings['sp_articles_per_page']) ? $modSettings['sp_articles_per_page'] : 10); $start = !empty($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0; if ($total_articles > $per_page) { $context['page_index'] = constructPageIndex($context['category']['href'] . ';start=%1$d', $start, $total_articles, $per_page, true); } // Load the articles in this category $context['articles'] = sportal_get_articles(0, true, true, 'spa.id_article DESC', $context['category']['id'], $per_page, $start); foreach ($context['articles'] as $article) { // Cut me mick if (($cutoff = Util::strpos($article['body'], '[cutoff]')) !== false) { $article['body'] = Util::substr($article['body'], 0, $cutoff); if ($article['type'] === 'bbc') { require_once SUBSDIR . '/Post.subs.php'; preparsecode($article['body']); } } $context['articles'][$article['id']]['preview'] = sportal_parse_content($article['body'], $article['type'], 'return'); $context['articles'][$article['id']]['date'] = htmlTime($article['date']); } $context['linktree'][] = array('url' => $scripturl . '?category=' . $context['category']['category_id'], 'name' => $context['category']['name']); $context['page_title'] = $context['category']['name']; $context['sub_template'] = 'view_category'; }
/** * Test install a package. */ public function action_install() { global $txt, $context, $scripturl, $settings; // You have to specify a file!! if (!isset($_REQUEST['package']) || trim($_REQUEST['package']) == '') { redirectexit('action=admin;area=packages'); } $context['filename'] = preg_replace('~[\\.]+~', '.', $_REQUEST['package']); // Do we have an existing id, for uninstalls and the like. $context['install_id'] = isset($_REQUEST['pid']) ? (int) $_REQUEST['pid'] : 0; // These will be needed require_once SUBSDIR . '/Package.subs.php'; require_once SUBSDIR . '/Themes.subs.php'; // Load up the package FTP information? create_chmod_control(); // Make sure temp directory exists and is empty. if (file_exists(BOARDDIR . '/packages/temp')) { deltree(BOARDDIR . '/packages/temp', false); } // Attempt to create the temp directory if (!mktree(BOARDDIR . '/packages/temp', 0755)) { deltree(BOARDDIR . '/packages/temp', false); if (!mktree(BOARDDIR . '/packages/temp', 0777)) { deltree(BOARDDIR . '/packages/temp', false); create_chmod_control(array(BOARDDIR . '/packages/temp/delme.tmp'), array('destination_url' => $scripturl . '?action=admin;area=packages;sa=' . $_REQUEST['sa'] . ';package=' . $context['filename'], 'crash_on_error' => true)); deltree(BOARDDIR . '/packages/temp', false); if (!mktree(BOARDDIR . '/packages/temp', 0777)) { fatal_lang_error('package_cant_download', false); } } } // Change our last link tree item for more information on this Packages area. $context['uninstalling'] = $_REQUEST['sa'] === 'uninstall'; $context['linktree'][count($context['linktree']) - 1] = array('url' => $scripturl . '?action=admin;area=packages;sa=browse', 'name' => $context['uninstalling'] ? $txt['package_uninstall_actions'] : $txt['install_actions']); $context['page_title'] .= ' - ' . ($context['uninstalling'] ? $txt['package_uninstall_actions'] : $txt['install_actions']); $context['sub_template'] = 'view_package'; if (!file_exists(BOARDDIR . '/packages/' . $context['filename'])) { deltree(BOARDDIR . '/packages/temp'); fatal_lang_error('package_no_file', false); } // Extract the files so we can get things like the readme, etc. if (is_file(BOARDDIR . '/packages/' . $context['filename'])) { $context['extracted_files'] = read_tgz_file(BOARDDIR . '/packages/' . $context['filename'], BOARDDIR . '/packages/temp'); if ($context['extracted_files'] && !file_exists(BOARDDIR . '/packages/temp/package-info.xml')) { foreach ($context['extracted_files'] as $file) { if (basename($file['filename']) == 'package-info.xml') { $context['base_path'] = dirname($file['filename']) . '/'; break; } } } if (!isset($context['base_path'])) { $context['base_path'] = ''; } } elseif (is_dir(BOARDDIR . '/packages/' . $context['filename'])) { copytree(BOARDDIR . '/packages/' . $context['filename'], BOARDDIR . '/packages/temp'); $context['extracted_files'] = listtree(BOARDDIR . '/packages/temp'); $context['base_path'] = ''; } else { fatal_lang_error('no_access', false); } // Load up any custom themes we may want to install into... $theme_paths = getThemesPathbyID(); // Get the package info... $packageInfo = getPackageInfo($context['filename']); if (!is_array($packageInfo)) { fatal_lang_error($packageInfo); } $packageInfo['filename'] = $context['filename']; $context['package_name'] = isset($packageInfo['name']) ? $packageInfo['name'] : $context['filename']; // Set the type of extraction... $context['extract_type'] = isset($packageInfo['type']) ? $packageInfo['type'] : 'modification'; // The mod isn't installed.... unless proven otherwise. $context['is_installed'] = false; // See if it is installed? $package_installed = isPackageInstalled($packageInfo['id']); $context['database_changes'] = array(); if (isset($packageInfo['uninstall']['database'])) { $context['database_changes'][] = $txt['execute_database_changes'] . ' - ' . $packageInfo['uninstall']['database']; } elseif (!empty($package_installed['db_changes'])) { foreach ($package_installed['db_changes'] as $change) { if (isset($change[2]) && isset($txt['package_db_' . $change[0]])) { $context['database_changes'][] = sprintf($txt['package_db_' . $change[0]], $change[1], $change[2]); } elseif (isset($txt['package_db_' . $change[0]])) { $context['database_changes'][] = sprintf($txt['package_db_' . $change[0]], $change[1]); } else { $context['database_changes'][] = $change[0] . '-' . $change[1] . (isset($change[2]) ? '-' . $change[2] : ''); } } } // Uninstalling? if ($context['uninstalling']) { // Wait, it's not installed yet! if (!isset($package_installed['old_version']) && $context['uninstalling']) { deltree(BOARDDIR . '/packages/temp'); fatal_lang_error('package_cant_uninstall', false); } $actions = parsePackageInfo($packageInfo['xml'], true, 'uninstall'); // Gadzooks! There's no uninstaller at all!? if (empty($actions)) { deltree(BOARDDIR . '/packages/temp'); fatal_lang_error('package_uninstall_cannot', false); } // Can't edit the custom themes it's edited if you're unisntalling, they must be removed. $context['themes_locked'] = true; // Only let them uninstall themes it was installed into. foreach ($theme_paths as $id => $data) { if ($id != 1 && !in_array($id, $package_installed['old_themes'])) { unset($theme_paths[$id]); } } } elseif (isset($package_installed['old_version']) && $package_installed['old_version'] != $packageInfo['version']) { // Look for an upgrade... $actions = parsePackageInfo($packageInfo['xml'], true, 'upgrade', $package_installed['old_version']); // There was no upgrade.... if (empty($actions)) { $context['is_installed'] = true; } else { // Otherwise they can only upgrade themes from the first time around. foreach ($theme_paths as $id => $data) { if ($id != 1 && !in_array($id, $package_installed['old_themes'])) { unset($theme_paths[$id]); } } } } elseif (isset($package_installed['old_version']) && $package_installed['old_version'] == $packageInfo['version']) { $context['is_installed'] = true; } if (!isset($package_installed['old_version']) || $context['is_installed']) { $actions = parsePackageInfo($packageInfo['xml'], true, 'install'); } $context['actions'] = array(); $context['ftp_needed'] = false; $context['has_failure'] = false; $chmod_files = array(); // No actions found, return so we can display an error if (empty($actions)) { return; } // This will hold data about anything that can be installed in other themes. $themeFinds = array('candidates' => array(), 'other_themes' => array()); // Now prepare things for the template. foreach ($actions as $action) { // Not failed until proven otherwise. $failed = false; $thisAction = array(); if ($action['type'] == 'chmod') { $chmod_files[] = $action['filename']; continue; } elseif ($action['type'] == 'readme' || $action['type'] == 'license') { $type = 'package_' . $action['type']; if (file_exists(BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename'])) { $context[$type] = htmlspecialchars(trim(file_get_contents(BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename']), "\n\r"), ENT_COMPAT, 'UTF-8'); } elseif (file_exists($action['filename'])) { $context[$type] = htmlspecialchars(trim(file_get_contents($action['filename']), "\n\r"), ENT_COMPAT, 'UTF-8'); } if (!empty($action['parse_bbc'])) { require_once SUBSDIR . '/Post.subs.php'; preparsecode($context[$type]); $context[$type] = parse_bbc($context[$type]); } else { $context[$type] = nl2br($context[$type]); } continue; } elseif ($action['type'] == 'redirect') { continue; } elseif ($action['type'] == 'error') { $context['has_failure'] = true; if (isset($action['error_msg']) && isset($action['error_var'])) { $context['failure_details'] = sprintf($txt['package_will_fail_' . $action['error_msg']], $action['error_var']); } elseif (isset($action['error_msg'])) { $context['failure_details'] = isset($txt['package_will_fail_' . $action['error_msg']]) ? $txt['package_will_fail_' . $action['error_msg']] : $action['error_msg']; } } elseif ($action['type'] == 'modification') { if (!file_exists(BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename'])) { $context['has_failure'] = true; $context['actions'][] = array('type' => $txt['execute_modification'], 'action' => Util::htmlspecialchars(strtr($action['filename'], array(BOARDDIR => '.'))), 'description' => $txt['package_action_error'], 'failed' => true); } else { if ($action['boardmod']) { $mod_actions = parseBoardMod(@file_get_contents(BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename']), true, $action['reverse'], $theme_paths); } else { $mod_actions = parseModification(@file_get_contents(BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename']), true, $action['reverse'], $theme_paths); } if (count($mod_actions) == 1 && isset($mod_actions[0]) && $mod_actions[0]['type'] == 'error' && $mod_actions[0]['filename'] == '-') { $mod_actions[0]['filename'] = $action['filename']; } foreach ($mod_actions as $key => $mod_action) { // Lets get the last section of the file name. if (isset($mod_action['filename']) && substr($mod_action['filename'], -13) != '.template.php') { $actual_filename = strtolower(substr(strrchr($mod_action['filename'], '/'), 1) . '||' . $action['filename']); } elseif (isset($mod_action['filename']) && preg_match('~([\\w]*)/([\\w]*)\\.template\\.php$~', $mod_action['filename'], $matches)) { $actual_filename = strtolower($matches[1] . '/' . $matches[2] . '.template.php||' . $action['filename']); } else { $actual_filename = $key; } if ($mod_action['type'] == 'opened') { $failed = false; } elseif ($mod_action['type'] == 'failure') { if (empty($mod_action['is_custom'])) { $context['has_failure'] = true; } $failed = true; } elseif ($mod_action['type'] == 'chmod') { $chmod_files[] = $mod_action['filename']; } elseif ($mod_action['type'] == 'saved') { if (!empty($mod_action['is_custom'])) { if (!isset($context['theme_actions'][$mod_action['is_custom']])) { $context['theme_actions'][$mod_action['is_custom']] = array('name' => $theme_paths[$mod_action['is_custom']]['name'], 'actions' => array(), 'has_failure' => $failed); } else { $context['theme_actions'][$mod_action['is_custom']]['has_failure'] |= $failed; } $context['theme_actions'][$mod_action['is_custom']]['actions'][$actual_filename] = array('type' => $txt['execute_modification'], 'action' => Util::htmlspecialchars(strtr($mod_action['filename'], array(BOARDDIR => '.'))), 'description' => $failed ? $txt['package_action_failure'] : $txt['package_action_success'], 'failed' => $failed); } elseif (!isset($context['actions'][$actual_filename])) { $context['actions'][$actual_filename] = array('type' => $txt['execute_modification'], 'action' => Util::htmlspecialchars(strtr($mod_action['filename'], array(BOARDDIR => '.'))), 'description' => $failed ? $txt['package_action_failure'] : $txt['package_action_success'], 'failed' => $failed); } else { $context['actions'][$actual_filename]['failed'] |= $failed; $context['actions'][$actual_filename]['description'] = $context['actions'][$actual_filename]['failed'] ? $txt['package_action_failure'] : $txt['package_action_success']; } } elseif ($mod_action['type'] == 'skipping') { $context['actions'][$actual_filename] = array('type' => $txt['execute_modification'], 'action' => Util::htmlspecialchars(strtr($mod_action['filename'], array(BOARDDIR => '.'))), 'description' => $txt['package_action_skipping']); } elseif ($mod_action['type'] == 'missing' && empty($mod_action['is_custom'])) { $context['has_failure'] = true; $context['actions'][$actual_filename] = array('type' => $txt['execute_modification'], 'action' => Util::htmlspecialchars(strtr($mod_action['filename'], array(BOARDDIR => '.'))), 'description' => $txt['package_action_missing'], 'failed' => true); } elseif ($mod_action['type'] == 'error') { $context['actions'][$actual_filename] = array('type' => $txt['execute_modification'], 'action' => Util::htmlspecialchars(strtr($mod_action['filename'], array(BOARDDIR => '.'))), 'description' => $txt['package_action_error'], 'failed' => true); } } // We need to loop again just to get the operations down correctly. foreach ($mod_actions as $operation_key => $mod_action) { // Lets get the last section of the file name. if (isset($mod_action['filename']) && substr($mod_action['filename'], -13) != '.template.php') { $actual_filename = strtolower(substr(strrchr($mod_action['filename'], '/'), 1) . '||' . $action['filename']); } elseif (isset($mod_action['filename']) && preg_match('~([\\w]*)/([\\w]*)\\.template\\.php$~', $mod_action['filename'], $matches)) { $actual_filename = strtolower($matches[1] . '/' . $matches[2] . '.template.php||' . $action['filename']); } else { $actual_filename = $operation_key; } // We just need it for actual parse changes. if (!in_array($mod_action['type'], array('error', 'result', 'opened', 'saved', 'end', 'missing', 'skipping', 'chmod'))) { if (empty($mod_action['is_custom'])) { $context['actions'][$actual_filename]['operations'][] = array('type' => $txt['execute_modification'], 'action' => Util::htmlspecialchars(strtr($mod_action['filename'], array(BOARDDIR => '.'))), 'description' => $mod_action['failed'] ? $txt['package_action_failure'] : $txt['package_action_success'], 'position' => $mod_action['position'], 'operation_key' => $operation_key, 'filename' => $action['filename'], 'is_boardmod' => $action['boardmod'], 'failed' => $mod_action['failed'], 'ignore_failure' => !empty($mod_action['ignore_failure'])); } // Themes are under the saved type. if (isset($mod_action['is_custom']) && isset($context['theme_actions'][$mod_action['is_custom']])) { $context['theme_actions'][$mod_action['is_custom']]['actions'][$actual_filename]['operations'][] = array('type' => $txt['execute_modification'], 'action' => Util::htmlspecialchars(strtr($mod_action['filename'], array(BOARDDIR => '.'))), 'description' => $mod_action['failed'] ? $txt['package_action_failure'] : $txt['package_action_success'], 'position' => $mod_action['position'], 'operation_key' => $operation_key, 'filename' => $action['filename'], 'is_boardmod' => $action['boardmod'], 'failed' => $mod_action['failed'], 'ignore_failure' => !empty($mod_action['ignore_failure'])); } } } } } elseif ($action['type'] == 'code') { $thisAction = array('type' => $txt['execute_code'], 'action' => Util::htmlspecialchars($action['filename'])); } elseif ($action['type'] == 'database') { $thisAction = array('type' => $txt['execute_database_changes'], 'action' => Util::htmlspecialchars($action['filename'])); } elseif (in_array($action['type'], array('create-dir', 'create-file'))) { $thisAction = array('type' => $txt['package_create'] . ' ' . ($action['type'] == 'create-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => Util::htmlspecialchars(strtr($action['destination'], array(BOARDDIR => '.')))); } elseif ($action['type'] == 'hook') { $action['description'] = !isset($action['hook'], $action['function']) ? $txt['package_action_failure'] : $txt['package_action_success']; if (!isset($action['hook'], $action['function'])) { $context['has_failure'] = true; } $thisAction = array('type' => $action['reverse'] ? $txt['execute_hook_remove'] : $txt['execute_hook_add'], 'action' => sprintf($txt['execute_hook_action'], Util::htmlspecialchars($action['hook']))); } elseif ($action['type'] == 'credits') { $thisAction = array('type' => $txt['execute_credits_add'], 'action' => sprintf($txt['execute_credits_action'], Util::htmlspecialchars($action['title']))); } elseif ($action['type'] == 'requires') { $installed_version = false; $version_check = true; // Package missing required values? if (!isset($action['id'])) { $context['has_failure'] = true; } else { // See if this dependency is installed $installed_version = checkPackageDependency($action['id']); // Do a version level check (if requested) in the most basic way $version_check = isset($action['version']) ? $installed_version == $action['version'] : true; } // Set success or failure information $action['description'] = $installed_version && $version_check ? $txt['package_action_success'] : $txt['package_action_failure']; $context['has_failure'] = !($installed_version && $version_check); $thisAction = array('type' => $txt['package_requires'], 'action' => $txt['package_check_for'] . ' ' . $action['id'] . (isset($action['version']) ? ' / ' . ($version_check ? $action['version'] : '<span class="error">' . $action['version'] . '</span>') : '')); } elseif (in_array($action['type'], array('require-dir', 'require-file'))) { // Do this one... $thisAction = array('type' => $txt['package_extract'] . ' ' . ($action['type'] == 'require-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => Util::htmlspecialchars(strtr($action['destination'], array(BOARDDIR => '.')))); // Could this be theme related? if (!empty($action['unparsed_destination']) && preg_match('~^\\$(languagedir|languages_dir|imagesdir|themedir|themes_dir)~i', $action['unparsed_destination'], $matches)) { // Is the action already stated? $theme_action = !empty($action['theme_action']) && in_array($action['theme_action'], array('no', 'yes', 'auto')) ? $action['theme_action'] : 'auto'; // If it's not auto do we think we have something we can act upon? if ($theme_action != 'auto' && !in_array($matches[1], array('languagedir', 'languages_dir', 'imagesdir', 'themedir'))) { $theme_action = ''; } elseif ($theme_action == 'auto' && $matches[1] != 'imagesdir') { $theme_action = ''; } // So, we still want to do something? if ($theme_action != '') { $themeFinds['candidates'][] = $action; } elseif ($matches[1] == 'themes_dir') { $themeFinds['other_themes'][] = strtolower(strtr(parse_path($action['unparsed_destination']), array('\\' => '/')) . '/' . basename($action['filename'])); } } } elseif (in_array($action['type'], array('move-dir', 'move-file'))) { $thisAction = array('type' => $txt['package_move'] . ' ' . ($action['type'] == 'move-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => Util::htmlspecialchars(strtr($action['source'], array(BOARDDIR => '.'))) . ' => ' . Util::htmlspecialchars(strtr($action['destination'], array(BOARDDIR => '.')))); } elseif (in_array($action['type'], array('remove-dir', 'remove-file'))) { $thisAction = array('type' => $txt['package_delete'] . ' ' . ($action['type'] == 'remove-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => Util::htmlspecialchars(strtr($action['filename'], array(BOARDDIR => '.')))); // Could this be theme related? if (!empty($action['unparsed_filename']) && preg_match('~^\\$(languagedir|languages_dir|imagesdir|themedir|themes_dir)~i', $action['unparsed_filename'], $matches)) { // Is the action already stated? $theme_action = !empty($action['theme_action']) && in_array($action['theme_action'], array('no', 'yes', 'auto')) ? $action['theme_action'] : 'auto'; $action['unparsed_destination'] = $action['unparsed_filename']; // If it's not auto do we think we have something we can act upon? if ($theme_action != 'auto' && !in_array($matches[1], array('languagedir', 'languages_dir', 'imagesdir', 'themedir'))) { $theme_action = ''; } elseif ($theme_action == 'auto' && $matches[1] != 'imagesdir') { $theme_action = ''; } // So, we still want to do something? if ($theme_action != '') { $themeFinds['candidates'][] = $action; } elseif ($matches[1] == 'themes_dir') { $themeFinds['other_themes'][] = strtolower(strtr(parse_path($action['unparsed_filename']), array('\\' => '/')) . '/' . basename($action['filename'])); } } } if (empty($thisAction)) { continue; } if (isset($action['filename'])) { if ($context['uninstalling']) { $file = in_array($action['type'], array('remove-dir', 'remove-file')) ? $action['filename'] : BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename']; } else { $file = BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename']; } if (!file_exists($file)) { $context['has_failure'] = true; $thisAction += array('description' => $txt['package_action_error'], 'failed' => true); } } // @todo None given? if (empty($thisAction['description'])) { $thisAction['description'] = isset($action['description']) ? $action['description'] : ''; } $context['actions'][] = $thisAction; } // Have we got some things which we might want to do "multi-theme"? if (!empty($themeFinds['candidates'])) { foreach ($themeFinds['candidates'] as $action_data) { // Get the part of the file we'll be dealing with. preg_match('~^\\$(languagedir|languages_dir|imagesdir|themedir)(\\|/)*(.+)*~i', $action_data['unparsed_destination'], $matches); if ($matches[1] == 'imagesdir') { $path = '/' . basename($settings['default_images_url']); } elseif ($matches[1] == 'languagedir' || $matches[1] == 'languages_dir') { $path = '/languages'; } else { $path = ''; } if (!empty($matches[3])) { $path .= $matches[3]; } if (!$context['uninstalling']) { $path .= '/' . basename($action_data['filename']); } // Loop through each custom theme to note it's candidacy! foreach ($theme_paths as $id => $theme_data) { if (isset($theme_data['theme_dir']) && $id != 1) { $real_path = $theme_data['theme_dir'] . $path; // Confirm that we don't already have this dealt with by another entry. if (!in_array(strtolower(strtr($real_path, array('\\' => '/'))), $themeFinds['other_themes'])) { // Check if we will need to chmod this. if (!mktree(dirname($real_path), false)) { $temp = dirname($real_path); while (!file_exists($temp) && strlen($temp) > 1) { $temp = dirname($temp); } $chmod_files[] = $temp; } if ($action_data['type'] == 'require-dir' && !is_writable($real_path) && (file_exists($real_path) || !is_writable(dirname($real_path)))) { $chmod_files[] = $real_path; } if (!isset($context['theme_actions'][$id])) { $context['theme_actions'][$id] = array('name' => $theme_data['name'], 'actions' => array()); } if ($context['uninstalling']) { $context['theme_actions'][$id]['actions'][] = array('type' => $txt['package_delete'] . ' ' . ($action_data['type'] == 'require-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => strtr($real_path, array('\\' => '/', BOARDDIR => '.')), 'description' => '', 'value' => base64_encode(serialize(array('type' => $action_data['type'], 'orig' => $action_data['filename'], 'future' => $real_path, 'id' => $id))), 'not_mod' => true); } else { $context['theme_actions'][$id]['actions'][] = array('type' => $txt['package_extract'] . ' ' . ($action_data['type'] == 'require-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => strtr($real_path, array('\\' => '/', BOARDDIR => '.')), 'description' => '', 'value' => base64_encode(serialize(array('type' => $action_data['type'], 'orig' => $action_data['destination'], 'future' => $real_path, 'id' => $id))), 'not_mod' => true); } } } } } } // Trash the cache... which will also check permissions for us! package_flush_cache(true); if (file_exists(BOARDDIR . '/packages/temp')) { deltree(BOARDDIR . '/packages/temp'); } if (!empty($chmod_files)) { $ftp_status = create_chmod_control($chmod_files); $context['ftp_needed'] = !empty($ftp_status['files']['notwritable']) && !empty($context['package_ftp']); } $context['post_url'] = $scripturl . '?action=admin;area=packages;sa=' . ($context['uninstalling'] ? 'uninstall' : 'install') . ($context['ftp_needed'] ? '' : '2') . ';package=' . $context['filename'] . ';pid=' . $context['install_id']; checkSubmitOnce('register'); }
function TP_createtopic($title, $text, $icon, $board, $sticky = 0, $submitter) { global $user_info, $board_info, $sourcedir; require_once $sourcedir . '/Subs-Post.php'; $body = str_replace(array("<", ">", "\n", "\t"), array("<", ">", "<br>", " "), $text); preparsecode($body); // Collect all parameters for the creation or modification of a post. $msgOptions = array('id' => empty($_REQUEST['msg']) ? 0 : (int) $_REQUEST['msg'], 'subject' => $title, 'body' => $body, 'icon' => $icon, 'smileys_enabled' => '1', 'attachments' => array()); $topicOptions = array('id' => empty($topic) ? 0 : $topic, 'board' => $board, 'poll' => null, 'lock_mode' => null, 'sticky_mode' => $sticky, 'mark_as_read' => true); $posterOptions = array('id' => $submitter, 'name' => '', 'email' => '', 'update_post_count' => !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count']); if (createPost($msgOptions, $topicOptions, $posterOptions)) { $topi = $topicOptions['id']; } else { $topi = 0; } return $topi; }
// Add the changes for articles articleUpdates(); // make sure TPShout is available $request = $smcFunc['db_query']('', ' SELECT id FROM {db_prefix}tp_modules WHERE modulename = {string:name}', array('name' => 'TPShout')); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_modules SET logo = {string:logo}', array('logo' => 'tpshoutbox.png')); } else { $newmod = array('version' => '1.2', 'modulename' => 'TPShout', 'title' => 'TP Simple Shout', 'subquery' => 'shout', 'autoload_run' => 'TPShout.php', 'autoload_admin' => 'TPShout.php', 'autorun' => '', 'autorun_admin' => '', 'db' => '', 'permissions' => 'tp_can_admin_shout|1', 'active' => 1, 'languages' => 'english', 'blockrender' => 'tpshout_fetch', 'adminhook' => 'tpshout_adminhook', 'logo' => 'tpshoutbox.png', 'tpversion' => '1.2', 'smfversion' => '2.0.x', 'description' => '[b]TP Simple Shoutbox[/b] is the original shoutbox from v0.9 series of TinyPortal, now converted to a TP module. It allows shout in BBC format, scrolling of shouts, insert of BBC codes and smilies and an admin interface to delete or modify shouts.<br /> ', 'author' => 'IchBin', 'email' => '*****@*****.**', 'website' => 'http://www.tinyportal.net', 'profile' => 'tpshout_profile', 'frontsection' => 'tpshout_frontpage'); require_once $sourcedir . '/Subs-Post.php'; preparsecode($newmod['description']); // ok, insert this into modules table. $smcFunc['db_insert']('INSERT', '{db_prefix}tp_modules', array('version' => 'string', 'modulename' => 'string', 'title' => 'string', 'subquery' => 'string', 'autoload_run' => 'string', 'autoload_admin' => 'string', 'autorun' => 'string', 'autorun_admin' => 'string', 'db' => 'string', 'permissions' => 'string', 'active' => 'int', 'languages' => 'string', 'blockrender' => 'string', 'adminhook' => 'string', 'logo' => 'string', 'tpversion' => 'string', 'smfversion' => 'string', 'description' => 'string', 'author' => 'string', 'email' => 'string', 'website' => 'string', 'profile' => 'string', 'frontsection' => 'string'), $newmod, array('id')); } // check if blocks access2 needs converting if (isset($convertaccess)) { $request = $smcFunc['db_query']('', ' SELECT id ,access2 FROM {db_prefix}tp_blocks WHERE 1'); if ($smcFunc['db_num_rows']($request) > 0) { $new = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { unset($new); $new = array(); $a = explode('|', $row['access2']); if (count($a) > 1) { foreach ($a as $b => $what) {
/** * Prepare subject and message of an email for the preview box * * Used in action_mailingcompose and RetrievePreview (Xml.controller.php) * * @package Mail */ function prepareMailingForPreview() { global $context, $modSettings, $scripturl, $user_info, $txt; loadLanguage('Errors'); require_once SUBSDIR . '/Post.subs.php'; $processing = array('preview_subject' => 'subject', 'preview_message' => 'message'); // Use the default time format. $user_info['time_format'] = $modSettings['time_format']; $variables = array('{$board_url}', '{$current_time}', '{$latest_member.link}', '{$latest_member.id}', '{$latest_member.name}'); $html = $context['send_html']; // We might need this in a bit $cleanLatestMember = empty($context['send_html']) || $context['send_pm'] ? un_htmlspecialchars($modSettings['latestRealName']) : $modSettings['latestRealName']; foreach ($processing as $key => $post) { $context[$key] = !empty($_REQUEST[$post]) ? $_REQUEST[$post] : ''; if (empty($context[$key]) && empty($_REQUEST['xml'])) { $context['post_error']['messages'][] = $txt['error_no_' . $post]; } elseif (!empty($_REQUEST['xml'])) { continue; } preparsecode($context[$key]); // Sending as html then we convert any bbc if ($html) { $enablePostHTML = $modSettings['enablePostHTML']; $modSettings['enablePostHTML'] = $context['send_html']; $context[$key] = parse_bbc($context[$key]); $modSettings['enablePostHTML'] = $enablePostHTML; } // Replace in all the standard things. $context[$key] = str_replace($variables, array(!empty($context['send_html']) ? '<a href="' . $scripturl . '">' . $scripturl . '</a>' : $scripturl, standardTime(forum_time(), false), !empty($context['send_html']) ? '<a href="' . $scripturl . '?action=profile;u=' . $modSettings['latestMember'] . '">' . $cleanLatestMember . '</a>' : ($context['send_pm'] ? '[url=' . $scripturl . '?action=profile;u=' . $modSettings['latestMember'] . ']' . $cleanLatestMember . '[/url]' : $cleanLatestMember), $modSettings['latestMember'], $cleanLatestMember), $context[$key]); } }
function PackageInstallTest() { global $boarddir, $txt, $context, $scripturl, $sourcedir, $modSettings, $settings; // You have to specify a file!! if (!isset($_REQUEST['package']) || $_REQUEST['package'] == '') { redirectexit('action=admin;area=packages'); } $context['filename'] = preg_replace('~[\\.]+~', '.', $_REQUEST['package']); // Do we have an existing id, for uninstalls and the like. $context['install_id'] = isset($_REQUEST['pid']) ? (int) $_REQUEST['pid'] : 0; require_once $sourcedir . '/lib/Subs-Package.php'; // Load up the package FTP information? create_chmod_control(); // Make sure temp directory exists and is empty. if (file_exists($boarddir . '/Packages/temp')) { deltree($boarddir . '/Packages/temp', false); } if (!mktree($boarddir . '/Packages/temp', 0755)) { deltree($boarddir . '/Packages/temp', false); if (!mktree($boarddir . '/Packages/temp', 0777)) { deltree($boarddir . '/Packages/temp', false); create_chmod_control(array($boarddir . '/Packages/temp/delme.tmp'), array('destination_url' => $scripturl . '?action=admin;area=packages;sa=' . $_REQUEST['sa'] . ';package=' . $_REQUEST['package'], 'crash_on_error' => true)); deltree($boarddir . '/Packages/temp', false); if (!mktree($boarddir . '/Packages/temp', 0777)) { fatal_lang_error('package_cant_download', false); } } } $context['uninstalling'] = $_REQUEST['sa'] == 'uninstall'; // Change our last link tree item for more information on this Packages area. $context['linktree'][count($context['linktree']) - 1] = array('url' => $scripturl . '?action=admin;area=packages;sa=browse', 'name' => $context['uninstalling'] ? $txt['package_uninstall_actions'] : $txt['install_actions']); $context['page_title'] .= ' - ' . ($context['uninstalling'] ? $txt['package_uninstall_actions'] : $txt['install_actions']); $context['sub_template'] = 'view_package'; if (!file_exists($boarddir . '/Packages/' . $context['filename'])) { deltree($boarddir . '/Packages/temp'); fatal_lang_error('package_no_file', false); } // Extract the files so we can get things like the readme, etc. if (is_file($boarddir . '/Packages/' . $context['filename'])) { $context['extracted_files'] = read_tgz_file($boarddir . '/Packages/' . $context['filename'], $boarddir . '/Packages/temp'); if ($context['extracted_files'] && !file_exists($boarddir . '/Packages/temp/package-info.xml')) { foreach ($context['extracted_files'] as $file) { if (basename($file['filename']) == 'package-info.xml') { $context['base_path'] = dirname($file['filename']) . '/'; break; } } } if (!isset($context['base_path'])) { $context['base_path'] = ''; } } elseif (is_dir($boarddir . '/Packages/' . $context['filename'])) { copytree($boarddir . '/Packages/' . $context['filename'], $boarddir . '/Packages/temp'); $context['extracted_files'] = listtree($boarddir . '/Packages/temp'); $context['base_path'] = ''; } else { fatal_lang_error('no_access', false); } // Load up any custom themes we may want to install into... $request = smf_db_query(' SELECT id_theme, variable, value FROM {db_prefix}themes WHERE (id_theme = {int:default_theme} OR id_theme IN ({array_int:known_theme_list})) AND variable IN ({string:name}, {string:theme_dir})', array('known_theme_list' => explode(',', $modSettings['knownThemes']), 'default_theme' => 1, 'name' => 'name', 'theme_dir' => 'theme_dir')); $theme_paths = array(); while ($row = mysql_fetch_assoc($request)) { $theme_paths[$row['id_theme']][$row['variable']] = $row['value']; } mysql_free_result($request); // Get the package info... $packageInfo = getPackageInfo($context['filename']); if (!is_array($packageInfo)) { fatal_lang_error($packageInfo); } $packageInfo['filename'] = $context['filename']; $context['package_name'] = isset($packageInfo['name']) ? $packageInfo['name'] : $context['filename']; // Set the type of extraction... $context['extract_type'] = isset($packageInfo['type']) ? $packageInfo['type'] : 'modification'; // The mod isn't installed.... unless proven otherwise. $context['is_installed'] = false; // See if it is installed? $request = smf_db_query(' SELECT version, themes_installed, db_changes FROM {db_prefix}log_packages WHERE package_id = {string:current_package} AND install_state != {int:not_installed} ORDER BY time_installed DESC LIMIT 1', array('not_installed' => 0, 'current_package' => $packageInfo['id'])); while ($row = mysql_fetch_assoc($request)) { $old_themes = explode(',', $row['themes_installed']); $old_version = $row['version']; $db_changes = empty($row['db_changes']) ? array() : unserialize($row['db_changes']); } mysql_free_result($request); $context['database_changes'] = array(); if (!empty($db_changes)) { foreach ($db_changes as $change) { if (isset($change[2]) && isset($txt['package_db_' . $change[0]])) { $context['database_changes'][] = sprintf($txt['package_db_' . $change[0]], $change[1], $change[2]); } elseif (isset($txt['package_db_' . $change[0]])) { $context['database_changes'][] = sprintf($txt['package_db_' . $change[0]], $change[1]); } else { $context['database_changes'][] = $change[0] . '-' . $change[1] . (isset($change[2]) ? '-' . $change[2] : ''); } } } // Uninstalling? if ($context['uninstalling']) { // Wait, it's not installed yet! if (!isset($old_version) && $context['uninstalling']) { deltree($boarddir . '/Packages/temp'); fatal_lang_error('package_cant_uninstall', false); } $actions = parsePackageInfo($packageInfo['xml'], true, 'uninstall'); // Gadzooks! There's no uninstaller at all!? if (empty($actions)) { deltree($boarddir . '/Packages/temp'); fatal_lang_error('package_uninstall_cannot', false); } // Can't edit the custom themes it's edited if you're unisntalling, they must be removed. $context['themes_locked'] = true; // Only let them uninstall themes it was installed into. foreach ($theme_paths as $id => $data) { if ($id != 1 && !in_array($id, $old_themes)) { unset($theme_paths[$id]); } } } elseif (isset($old_version) && $old_version != $packageInfo['version']) { // Look for an upgrade... $actions = parsePackageInfo($packageInfo['xml'], true, 'upgrade', $old_version); // There was no upgrade.... if (empty($actions)) { $context['is_installed'] = true; } else { // Otherwise they can only upgrade themes from the first time around. foreach ($theme_paths as $id => $data) { if ($id != 1 && !in_array($id, $old_themes)) { unset($theme_paths[$id]); } } } } elseif (isset($old_version) && $old_version == $packageInfo['version']) { $context['is_installed'] = true; } if (!isset($old_version) || $context['is_installed']) { $actions = parsePackageInfo($packageInfo['xml'], true, 'install'); } $context['actions'] = array(); $context['ftp_needed'] = false; $context['has_failure'] = false; $chmod_files = array(); if (empty($actions)) { return; } // This will hold data about anything that can be installed in other themes. $themeFinds = array('candidates' => array(), 'other_themes' => array()); // Now prepare things for the template. foreach ($actions as $action) { // Not failed until proven otherwise. $failed = false; if ($action['type'] == 'chmod') { $chmod_files[] = $action['filename']; continue; } elseif ($action['type'] == 'readme') { if (file_exists($boarddir . '/Packages/temp/' . $context['base_path'] . $action['filename'])) { $context['package_readme'] = htmlspecialchars(trim(file_get_contents($boarddir . '/Packages/temp/' . $context['base_path'] . $action['filename']), "\n\r")); } elseif (file_exists($action['filename'])) { $context['package_readme'] = htmlspecialchars(trim(file_get_contents($action['filename']), "\n\r")); } if (!empty($action['parse_bbc'])) { require_once $sourcedir . '/lib/Subs-Post.php'; preparsecode($context['package_readme']); $context['package_readme'] = parse_bbc($context['package_readme']); } else { $context['package_readme'] = nl2br($context['package_readme']); } continue; } elseif ($action['type'] == 'redirect') { continue; } elseif ($action['type'] == 'error') { $context['has_failure'] = true; } elseif ($action['type'] == 'modification') { if (!file_exists($boarddir . '/Packages/temp/' . $context['base_path'] . $action['filename'])) { $context['has_failure'] = true; $context['actions'][] = array('type' => $txt['execute_modification'], 'action' => commonAPI::htmlspecialchars(strtr($action['filename'], array($boarddir => '.'))), 'description' => $txt['package_action_error'], 'failed' => true); } if ($action['boardmod']) { $mod_actions = parseBoardMod(@file_get_contents($boarddir . '/Packages/temp/' . $context['base_path'] . $action['filename']), true, $action['reverse'], $theme_paths); } else { $mod_actions = parseModification(@file_get_contents($boarddir . '/Packages/temp/' . $context['base_path'] . $action['filename']), true, $action['reverse'], $theme_paths); } if (count($mod_actions) == 1 && isset($mod_actions[0]) && $mod_actions[0]['type'] == 'error' && $mod_actions[0]['filename'] == '-') { $mod_actions[0]['filename'] = $action['filename']; } foreach ($mod_actions as $key => $mod_action) { // Lets get the last section of the file name. if (isset($mod_action['filename']) && substr($mod_action['filename'], -13) != '.template.php') { $actual_filename = strtolower(substr(strrchr($mod_action['filename'], '/'), 1) . '||' . $action['filename']); } elseif (isset($mod_action['filename']) && preg_match('~([\\w]*)/([\\w]*)\\.template\\.php$~', $mod_action['filename'], $matches)) { $actual_filename = strtolower($matches[1] . '/' . $matches[2] . '.template.php' . '||' . $action['filename']); } else { $actual_filename = $key; } if ($mod_action['type'] == 'opened') { $failed = false; } elseif ($mod_action['type'] == 'failure') { if (empty($mod_action['is_custom'])) { $context['has_failure'] = true; } $failed = true; } elseif ($mod_action['type'] == 'chmod') { $chmod_files[] = $mod_action['filename']; } elseif ($mod_action['type'] == 'saved') { if (!empty($mod_action['is_custom'])) { if (!isset($context['theme_actions'][$mod_action['is_custom']])) { $context['theme_actions'][$mod_action['is_custom']] = array('name' => $theme_paths[$mod_action['is_custom']]['name'], 'actions' => array(), 'has_failure' => $failed); } else { $context['theme_actions'][$mod_action['is_custom']]['has_failure'] |= $failed; } $context['theme_actions'][$mod_action['is_custom']]['actions'][$actual_filename] = array('type' => $txt['execute_modification'], 'action' => commonAPI::htmlspecialchars(strtr($mod_action['filename'], array($boarddir => '.'))), 'description' => $failed ? $txt['package_action_failure'] : $txt['package_action_success'], 'failed' => $failed); } elseif (!isset($context['actions'][$actual_filename])) { $context['actions'][$actual_filename] = array('type' => $txt['execute_modification'], 'action' => commonAPI::htmlspecialchars(strtr($mod_action['filename'], array($boarddir => '.'))), 'description' => $failed ? $txt['package_action_failure'] : $txt['package_action_success'], 'failed' => $failed); } else { $context['actions'][$actual_filename]['failed'] |= $failed; $context['actions'][$actual_filename]['description'] = $context['actions'][$actual_filename]['failed'] ? $txt['package_action_failure'] : $txt['package_action_success']; } } elseif ($mod_action['type'] == 'skipping') { $context['actions'][$actual_filename] = array('type' => $txt['execute_modification'], 'action' => commonAPI::htmlspecialchars(strtr($mod_action['filename'], array($boarddir => '.'))), 'description' => $txt['package_action_skipping']); } elseif ($mod_action['type'] == 'missing' && empty($mod_action['is_custom'])) { $context['has_failure'] = true; $context['actions'][$actual_filename] = array('type' => $txt['execute_modification'], 'action' => commonAPI::htmlspecialchars(strtr($mod_action['filename'], array($boarddir => '.'))), 'description' => $txt['package_action_missing'], 'failed' => true); } elseif ($mod_action['type'] == 'error') { $context['actions'][$actual_filename] = array('type' => $txt['execute_modification'], 'action' => commonAPI::htmlspecialchars(strtr($mod_action['filename'], array($boarddir => '.'))), 'description' => $txt['package_action_error'], 'failed' => true); } } // We need to loop again just to get the operations down correctly. foreach ($mod_actions as $operation_key => $mod_action) { // Lets get the last section of the file name. if (isset($mod_action['filename']) && substr($mod_action['filename'], -13) != '.template.php') { $actual_filename = strtolower(substr(strrchr($mod_action['filename'], '/'), 1) . '||' . $action['filename']); } elseif (isset($mod_action['filename']) && preg_match('~([\\w]*)/([\\w]*)\\.template\\.php$~', $mod_action['filename'], $matches)) { $actual_filename = strtolower($matches[1] . '/' . $matches[2] . '.template.php' . '||' . $action['filename']); } else { $actual_filename = $key; } // We just need it for actual parse changes. if (!in_array($mod_action['type'], array('error', 'result', 'opened', 'saved', 'end', 'missing', 'skipping', 'chmod'))) { if (empty($mod_action['is_custom'])) { $context['actions'][$actual_filename]['operations'][] = array('type' => $txt['execute_modification'], 'action' => commonAPI::htmlspecialchars(strtr($mod_action['filename'], array($boarddir => '.'))), 'description' => $mod_action['failed'] ? $txt['package_action_failure'] : $txt['package_action_success'], 'position' => $mod_action['position'], 'operation_key' => $operation_key, 'filename' => $action['filename'], 'is_boardmod' => $action['boardmod'], 'failed' => $mod_action['failed'], 'ignore_failure' => !empty($mod_action['ignore_failure'])); } // Themes are under the saved type. if (isset($mod_action['is_custom']) && isset($context['theme_actions'][$mod_action['is_custom']])) { $context['theme_actions'][$mod_action['is_custom']]['actions'][$actual_filename]['operations'][] = array('type' => $txt['execute_modification'], 'action' => commonAPI::htmlspecialchars(strtr($mod_action['filename'], array($boarddir => '.'))), 'description' => $mod_action['failed'] ? $txt['package_action_failure'] : $txt['package_action_success'], 'position' => $mod_action['position'], 'operation_key' => $operation_key, 'filename' => $action['filename'], 'is_boardmod' => $action['boardmod'], 'failed' => $mod_action['failed'], 'ignore_failure' => !empty($mod_action['ignore_failure'])); } } } // Don't add anything else. $thisAction = array(); } elseif ($action['type'] == 'code') { $thisAction = array('type' => $txt['execute_code'], 'action' => commonAPI::htmlspecialchars($action['filename'])); } elseif ($action['type'] == 'database') { $thisAction = array('type' => $txt['execute_database_changes'], 'action' => commonAPI::htmlspecialchars($action['filename'])); } elseif (in_array($action['type'], array('create-dir', 'create-file'))) { $thisAction = array('type' => $txt['package_create'] . ' ' . ($action['type'] == 'create-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => commonAPI::htmlspecialchars(strtr($action['destination'], array($boarddir => '.')))); } elseif (in_array($action['type'], array('require-dir', 'require-file'))) { // Do this one... $thisAction = array('type' => $txt['package_extract'] . ' ' . ($action['type'] == 'require-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => commonAPI::htmlspecialchars(strtr($action['destination'], array($boarddir => '.')))); // Could this be theme related? if (!empty($action['unparsed_destination']) && preg_match('~^\\$(languagedir|languages_dir|imagesdir|themedir|themes_dir)~i', $action['unparsed_destination'], $matches)) { // Is the action already stated? $theme_action = !empty($action['theme_action']) && in_array($action['theme_action'], array('no', 'yes', 'auto')) ? $action['theme_action'] : 'auto'; // If it's not auto do we think we have something we can act upon? if ($theme_action != 'auto' && !in_array($matches[1], array('languagedir', 'languages_dir', 'imagesdir', 'themedir'))) { $theme_action = ''; } elseif ($theme_action == 'auto' && $matches[1] != 'imagesdir') { $theme_action = ''; } // So, we still want to do something? if ($theme_action != '') { $themeFinds['candidates'][] = $action; } elseif ($matches[1] == 'themes_dir') { $themeFinds['other_themes'][] = strtolower(strtr(parse_path($action['unparsed_destination']), array('\\' => '/')) . '/' . basename($action['filename'])); } } } elseif (in_array($action['type'], array('move-dir', 'move-file'))) { $thisAction = array('type' => $txt['package_move'] . ' ' . ($action['type'] == 'move-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => commonAPI::htmlspecialchars(strtr($action['source'], array($boarddir => '.'))) . ' => ' . commonAPI::htmlspecialchars(strtr($action['destination'], array($boarddir => '.')))); } elseif (in_array($action['type'], array('remove-dir', 'remove-file'))) { $thisAction = array('type' => $txt['package_delete'] . ' ' . ($action['type'] == 'remove-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => commonAPI::htmlspecialchars(strtr($action['filename'], array($boarddir => '.')))); // Could this be theme related? if (!empty($action['unparsed_filename']) && preg_match('~^\\$(languagedir|languages_dir|imagesdir|themedir|themes_dir)~i', $action['unparsed_filename'], $matches)) { // Is the action already stated? $theme_action = !empty($action['theme_action']) && in_array($action['theme_action'], array('no', 'yes', 'auto')) ? $action['theme_action'] : 'auto'; $action['unparsed_destination'] = $action['unparsed_filename']; // If it's not auto do we think we have something we can act upon? if ($theme_action != 'auto' && !in_array($matches[1], array('languagedir', 'languages_dir', 'imagesdir', 'themedir'))) { $theme_action = ''; } elseif ($theme_action == 'auto' && $matches[1] != 'imagesdir') { $theme_action = ''; } // So, we still want to do something? if ($theme_action != '') { $themeFinds['candidates'][] = $action; } elseif ($matches[1] == 'themes_dir') { $themeFinds['other_themes'][] = strtolower(strtr(parse_path($action['unparsed_filename']), array('\\' => '/')) . '/' . basename($action['filename'])); } } } if (empty($thisAction)) { continue; } // !!! None given? $thisAction['description'] = isset($action['description']) ? $action['description'] : ''; $context['actions'][] = $thisAction; } // Have we got some things which we might want to do "multi-theme"? if (!empty($themeFinds['candidates'])) { foreach ($themeFinds['candidates'] as $action_data) { // Get the part of the file we'll be dealing with. preg_match('~^\\$(languagedir|languages_dir|imagesdir|themedir)(\\|/)*(.+)*~i', $action_data['unparsed_destination'], $matches); if ($matches[1] == 'imagesdir') { $path = '/' . basename($settings['default_images_url']); } elseif ($matches[1] == 'languagedir' || $matches[1] == 'languages_dir') { $path = '/languages'; } else { $path = ''; } if (!empty($matches[3])) { $path .= $matches[3]; } if (!$context['uninstalling']) { $path .= '/' . basename($action_data['filename']); } // Loop through each custom theme to note it's candidacy! foreach ($theme_paths as $id => $theme_data) { if (isset($theme_data['theme_dir']) && $id != 1) { $real_path = $theme_data['theme_dir'] . $path; // Confirm that we don't already have this dealt with by another entry. if (!in_array(strtolower(strtr($real_path, array('\\' => '/'))), $themeFinds['other_themes'])) { // Check if we will need to chmod this. if (!mktree(dirname($real_path), false)) { $temp = dirname($real_path); while (!file_exists($temp) && strlen($temp) > 1) { $temp = dirname($temp); } $chmod_files[] = $temp; } if ($action_data['type'] == 'require-dir' && !is_writable($real_path) && (file_exists($real_path) || !is_writable(dirname($real_path)))) { $chmod_files[] = $real_path; } if (!isset($context['theme_actions'][$id])) { $context['theme_actions'][$id] = array('name' => $theme_data['name'], 'actions' => array()); } if ($context['uninstalling']) { $context['theme_actions'][$id]['actions'][] = array('type' => $txt['package_delete'] . ' ' . ($action_data['type'] == 'require-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => strtr($real_path, array('\\' => '/', $boarddir => '.')), 'description' => '', 'value' => base64_encode(serialize(array('type' => $action_data['type'], 'orig' => $action_data['filename'], 'future' => $real_path, 'id' => $id))), 'not_mod' => true); } else { $context['theme_actions'][$id]['actions'][] = array('type' => $txt['package_extract'] . ' ' . ($action_data['type'] == 'require-dir' ? $txt['package_tree'] : $txt['package_file']), 'action' => strtr($real_path, array('\\' => '/', $boarddir => '.')), 'description' => '', 'value' => base64_encode(serialize(array('type' => $action_data['type'], 'orig' => $action_data['destination'], 'future' => $real_path, 'id' => $id))), 'not_mod' => true); } } } } } } // Trash the cache... which will also check permissions for us! package_flush_cache(true); if (file_exists($boarddir . '/Packages/temp')) { deltree($boarddir . '/Packages/temp'); } if (!empty($chmod_files)) { $ftp_status = create_chmod_control($chmod_files); $context['ftp_needed'] = !empty($ftp_status['files']['notwritable']) && !empty($context['package_ftp']); } checkSubmitOnce('register'); }
/** * Shows an interface to set and test censored words. * * - It uses the censor_vulgar, censor_proper, censorWholeWord, and * censorIgnoreCase settings. * - Requires the admin_forum permission. * - Accessed from ?action=admin;area=postsettings;sa=censor. * * @uses the Admin template and the edit_censored sub template. */ public function action_censor() { global $txt, $modSettings, $context; if (!empty($_POST['save_censor'])) { // Make sure censoring is something they can do. checkSession(); validateToken('admin-censor'); $censored_vulgar = array(); $censored_proper = array(); // Rip it apart, then split it into two arrays. if (isset($_POST['censortext'])) { $_POST['censortext'] = explode("\n", strtr($_POST['censortext'], array("\r" => ''))); foreach ($_POST['censortext'] as $c) { list($censored_vulgar[], $censored_proper[]) = array_pad(explode('=', trim($c)), 2, ''); } } elseif (isset($_POST['censor_vulgar'], $_POST['censor_proper'])) { if (is_array($_POST['censor_vulgar'])) { foreach ($_POST['censor_vulgar'] as $i => $value) { if (trim(strtr($value, '*', ' ')) == '') { unset($_POST['censor_vulgar'][$i], $_POST['censor_proper'][$i]); } } $censored_vulgar = $_POST['censor_vulgar']; $censored_proper = $_POST['censor_proper']; } else { $censored_vulgar = explode("\n", strtr($_POST['censor_vulgar'], array("\r" => ''))); $censored_proper = explode("\n", strtr($_POST['censor_proper'], array("\r" => ''))); } } // Set the new arrays and settings in the database. $updates = array('censor_vulgar' => implode("\n", $censored_vulgar), 'censor_proper' => implode("\n", $censored_proper), 'censorWholeWord' => empty($_POST['censorWholeWord']) ? '0' : '1', 'censorIgnoreCase' => empty($_POST['censorIgnoreCase']) ? '0' : '1'); call_integration_hook('integrate_save_censors', array(&$updates)); updateSettings($updates); } // Testing a word to see how it will be censored? if (isset($_POST['censortest'])) { require_once SUBSDIR . '/Post.subs.php'; $censorText = htmlspecialchars($_POST['censortest'], ENT_QUOTES, 'UTF-8'); preparsecode($censorText); $pre_censor = $censorText; $context['censor_test'] = strtr(censorText($censorText), array('"' => '"')); } // Set everything up for the template to do its thang. $censor_vulgar = explode("\n", $modSettings['censor_vulgar']); $censor_proper = explode("\n", $modSettings['censor_proper']); $context['censored_words'] = array(); for ($i = 0, $n = count($censor_vulgar); $i < $n; $i++) { if (empty($censor_vulgar[$i])) { continue; } // Skip it, it's either spaces or stars only. if (trim(strtr($censor_vulgar[$i], '*', ' ')) == '') { continue; } $context['censored_words'][htmlspecialchars(trim($censor_vulgar[$i]))] = isset($censor_proper[$i]) ? htmlspecialchars($censor_proper[$i], ENT_COMPAT, 'UTF-8') : ''; } call_integration_hook('integrate_censors'); createToken('admin-censor'); // Using ajax? if (isset($_REQUEST['xml'], $_POST['censortest'])) { // Clear the templates $template_layers = Template_Layers::getInstance(); $template_layers->removeAll(); // Send back a response loadTemplate('Json'); $context['sub_template'] = 'send_json'; $context['json_data'] = array('result' => true, 'censor' => $pre_censor . ' <i class="fa fa-arrow-circle-right"></i> ' . $context['censor_test'], 'token_val' => $context['admin-censor_token_var'], 'token' => $context['admin-censor_token']); } else { $context['sub_template'] = 'edit_censored'; $context['page_title'] = $txt['admin_censored_words']; } }
/** * Let the administrator(s) edit the news items for the forum. * * What it does: * - It writes an entry into the moderation log. * - This function uses the edit_news administration area. * - Called by ?action=admin;area=news. * - Requires the edit_news permission. * - Can be accessed with ?action=admin;sa=editnews. */ public function action_editnews() { global $txt, $modSettings, $context, $scripturl; require_once SUBSDIR . '/Post.subs.php'; // The 'remove selected' button was pressed. if (!empty($_POST['delete_selection']) && !empty($_POST['remove'])) { checkSession(); // Store the news temporarily in this array. $temp_news = explode("\n", $modSettings['news']); // Remove the items that were selected. foreach ($temp_news as $i => $news) { if (in_array($i, $_POST['remove'])) { unset($temp_news[$i]); } } // Update the database. updateSettings(array('news' => implode("\n", $temp_news))); logAction('news'); } elseif (!empty($_POST['save_items'])) { checkSession(); foreach ($_POST['news'] as $i => $news) { if (trim($news) == '') { unset($_POST['news'][$i]); } else { $_POST['news'][$i] = Util::htmlspecialchars($_POST['news'][$i], ENT_QUOTES); preparsecode($_POST['news'][$i]); } } // Send the new news to the database. updateSettings(array('news' => implode("\n", $_POST['news']))); // Log this into the moderation log. logAction('news'); } // We're going to want this for making our list. require_once SUBSDIR . '/GenericList.class.php'; require_once SUBSDIR . '/News.subs.php'; $context['page_title'] = $txt['admin_edit_news']; // Use the standard templates for showing this. $listOptions = array('id' => 'news_lists', 'get_items' => array('function' => 'getNews'), 'columns' => array('news' => array('header' => array('value' => $txt['admin_edit_news']), 'data' => array('function' => create_function('$news', ' return \'<textarea class="" id="data_\' . $news[\'id\'] . \'" rows="3" name="news[]">\' . $news[\'unparsed\'] . \'</textarea> <br /> <div id="preview_\' . $news[\'id\'] . \'"></div>\'; '), 'class' => 'newsarea')), 'preview' => array('header' => array('value' => $txt['preview']), 'data' => array('function' => create_function('$news', ' return \'<div id="box_preview_\' . $news[\'id\'] . \'">\' . $news[\'parsed\'] . \'</div>\'; '), 'class' => 'newspreview')), 'check' => array('header' => array('value' => '<input type="checkbox" onclick="invertAll(this, this.form);" class="input_check" />', 'class' => 'centertext'), 'data' => array('function' => create_function('$news', ' if (is_numeric($news[\'id\'])) return \'<input type="checkbox" name="remove[]" value="\' . $news[\'id\'] . \'" class="input_check" />\'; else return \'\'; '), 'class' => 'centertext'))), 'form' => array('href' => $scripturl . '?action=admin;area=news;sa=editnews', 'hidden_fields' => array($context['session_var'] => $context['session_id'])), 'additional_rows' => array(array('position' => 'bottom_of_list', 'class' => 'submitbutton', 'value' => ' <input type="submit" name="save_items" value="' . $txt['save'] . '" class="right_submit" /> <input type="submit" name="delete_selection" value="' . $txt['editnews_remove_selected'] . '" onclick="return confirm(\'' . $txt['editnews_remove_confirm'] . '\');" class="right_submit" /> <span id="moreNewsItems_link" style="display: none;"> <a class="linkbutton" href="javascript:void(0);" onclick="addAnotherNews(); return false;">' . $txt['editnews_clickadd'] . '</a> </span>')), 'javascript' => ' document.getElementById(\'list_news_lists_last\').style.display = "none"; document.getElementById("moreNewsItems_link").style.display = ""; var last_preview = 0; var txt_preview = ' . javaScriptEscape($txt['preview']) . '; var txt_news_error_no_news = ' . javaScriptEscape($txt['news_error_no_news']) . '; $(document).ready(function () { $("div[id ^= \'preview_\']").each(function () { var preview_id = $(this).attr(\'id\').split(\'_\')[1]; if (last_preview < preview_id) last_preview = preview_id; make_preview_btn(preview_id); }); }); '); // Create the request list. createList($listOptions); $context['sub_template'] = 'show_list'; $context['default_list'] = 'news_lists'; }
function JavaScriptModify() { global $sourcedir, $modSettings, $board, $topic, $txt; global $user_info, $context, $smcFunc, $language; // We have to have a topic! if (empty($topic)) { obExit(false); } checkSession('get'); require_once $sourcedir . '/Subs-Post.php'; // Assume the first message if no message ID was given. $request = $smcFunc['db_query']('', ' SELECT t.locked, t.num_replies, t.id_member_started, t.id_first_msg, m.id_msg, m.id_member, m.poster_time, m.subject, m.smileys_enabled, m.body, m.icon, m.modified_time, m.modified_name, m.approved FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic}) WHERE m.id_msg = {raw:id_msg} AND m.id_topic = {int:current_topic}' . (allowedTo('approve_posts') ? '' : (!$modSettings['postmod_active'] ? ' AND (m.id_member != {int:guest_id} AND m.id_member = {int:current_member})' : ' AND (m.approved = {int:is_approved} OR (m.id_member != {int:guest_id} AND m.id_member = {int:current_member}))')), array('current_member' => $user_info['id'], 'current_topic' => $topic, 'id_msg' => empty($_REQUEST['msg']) ? 't.id_first_msg' : (int) $_REQUEST['msg'], 'is_approved' => 1, 'guest_id' => 0)); if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_board', false); } $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // Change either body or subject requires permissions to modify messages. if (isset($_POST['message']) || isset($_POST['subject']) || isset($_REQUEST['icon'])) { if (!empty($row['locked'])) { isAllowedTo('moderate_board'); } if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) { if ((!$modSettings['postmod_active'] || $row['approved']) && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_own')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_own'); } } elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_any')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_any'); } // Only log this action if it wasn't your message. $moderationAction = $row['id_member'] != $user_info['id']; } $post_errors = array(); if (isset($_POST['subject']) && $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['subject'])) !== '') { $_POST['subject'] = strtr($smcFunc['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')); // Maximum number of characters. if ($smcFunc['strlen']($_POST['subject']) > 100) { $_POST['subject'] = $smcFunc['substr']($_POST['subject'], 0, 100); } } elseif (isset($_POST['subject'])) { $post_errors[] = 'no_subject'; unset($_POST['subject']); } if (isset($_POST['message'])) { if ($smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['message'])) === '') { $post_errors[] = 'no_message'; unset($_POST['message']); } elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_POST['message']) > $modSettings['max_messageLength']) { $post_errors[] = 'long_message'; unset($_POST['message']); } else { $_POST['message'] = $smcFunc['htmlspecialchars']($_POST['message'], ENT_QUOTES); preparsecode($_POST['message']); if ($smcFunc['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '') { $post_errors[] = 'no_message'; unset($_POST['message']); } } } if (isset($_POST['lock'])) { if (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $row['id_member']) { unset($_POST['lock']); } elseif (!allowedTo('lock_any')) { if ($row['locked'] == 1) { unset($_POST['lock']); } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 2; } } elseif (!empty($row['locked']) && !empty($_POST['lock']) || $_POST['lock'] == $row['locked']) { unset($_POST['lock']); } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 1; } } if (isset($_POST['sticky']) && !allowedTo('make_sticky')) { unset($_POST['sticky']); } if (empty($post_errors)) { $msgOptions = array('id' => $row['id_msg'], 'subject' => isset($_POST['subject']) ? $_POST['subject'] : null, 'body' => isset($_POST['message']) ? $_POST['message'] : null, 'icon' => isset($_REQUEST['icon']) ? preg_replace('~[\\./\\\\*\':"<>]~', '', $_REQUEST['icon']) : null); $topicOptions = array('id' => $topic, 'board' => $board, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true); $posterOptions = array(); // Only consider marking as editing if they have edited the subject, message or icon. if (isset($_POST['subject']) && $_POST['subject'] != $row['subject'] || isset($_POST['message']) && $_POST['message'] != $row['body'] || isset($_REQUEST['icon']) && $_REQUEST['icon'] != $row['icon']) { // And even then only if the time has passed... if (time() - $row['poster_time'] > $modSettings['edit_wait_time'] || $user_info['id'] != $row['id_member']) { $msgOptions['modify_time'] = time(); $msgOptions['modify_name'] = $user_info['name']; } } else { $moderationAction = false; } modifyPost($msgOptions, $topicOptions, $posterOptions); // If we didn't change anything this time but had before put back the old info. if (!isset($msgOptions['modify_time']) && !empty($row['modified_time'])) { $msgOptions['modify_time'] = $row['modified_time']; $msgOptions['modify_name'] = $row['modified_name']; } // Changing the first subject updates other subjects to 'Re: new_subject'. if (isset($_POST['subject']) && isset($_REQUEST['change_all_subjects']) && $row['id_first_msg'] == $row['id_msg'] && !empty($row['num_replies']) && (allowedTo('modify_any') || $row['id_member_started'] == $user_info['id'] && allowedTo('modify_replies'))) { // Get the proper (default language) response prefix first. if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) { if ($language === $user_info['language']) { $context['response_prefix'] = $txt['response_prefix']; } else { loadLanguage('index', $language, false); $context['response_prefix'] = $txt['response_prefix']; loadLanguage('index'); } cache_put_data('response_prefix', $context['response_prefix'], 600); } $smcFunc['db_query']('', ' UPDATE {db_prefix}messages SET subject = {string:subject} WHERE id_topic = {int:current_topic} AND id_msg != {int:id_first_msg}', array('current_topic' => $topic, 'id_first_msg' => $row['id_first_msg'], 'subject' => $context['response_prefix'] . $_POST['subject'])); } if (!empty($moderationAction)) { logAction('modify', array('topic' => $topic, 'message' => $row['id_msg'], 'member' => $row['id_member'], 'board' => $board)); } } if (isset($_REQUEST['xml'])) { $context['sub_template'] = 'modifydone'; if (empty($post_errors) && isset($msgOptions['subject']) && isset($msgOptions['body'])) { $context['message'] = array('id' => $row['id_msg'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? timeformat($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? $msgOptions['modify_name'] : ''), 'subject' => $msgOptions['subject'], 'first_in_topic' => $row['id_msg'] == $row['id_first_msg'], 'body' => strtr($msgOptions['body'], array(']]>' => ']]]]><![CDATA[>'))); censorText($context['message']['subject']); censorText($context['message']['body']); $context['message']['body'] = parse_bbc($context['message']['body'], $row['smileys_enabled'], $row['id_msg']); } elseif (empty($post_errors)) { $context['sub_template'] = 'modifytopicdone'; $context['message'] = array('id' => $row['id_msg'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? timeformat($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? $msgOptions['modify_name'] : ''), 'subject' => isset($msgOptions['subject']) ? $msgOptions['subject'] : ''); censorText($context['message']['subject']); } else { $context['message'] = array('id' => $row['id_msg'], 'errors' => array(), 'error_in_subject' => in_array('no_subject', $post_errors), 'error_in_body' => in_array('no_message', $post_errors) || in_array('long_message', $post_errors)); loadLanguage('Errors'); foreach ($post_errors as $post_error) { if ($post_error == 'long_message') { $context['message']['errors'][] = sprintf($txt['error_' . $post_error], $modSettings['max_messageLength']); } else { $context['message']['errors'][] = $txt['error_' . $post_error]; } } } } else { obExit(false); } }
function warning_preview() { global $context, $sourcedir, $smcFunc, $txt, $user_info, $scripturl, $mbname; require_once $sourcedir . '/Subs-Post.php'; loadLanguage('Errors'); loadLanguage('ModerationCenter'); $user = isset($_POST['user']) ? (int) $_POST['user'] : 0; $context['post_error']['messages'] = array(); if (allowedTo('issue_warning')) { $warning_body = !empty($_POST['body']) ? trim(censorText($_POST['body'])) : ''; $context['preview_subject'] = !empty($_POST['title']) ? trim($smcFunc['htmlspecialchars']($_POST['title'])) : ''; if (isset($_POST['issuing'])) { if (empty($_POST['title']) || empty($_POST['body'])) { $context['post_error']['messages'][] = $txt['warning_notify_blank']; } } else { if (empty($_POST['title'])) { $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_title']; } if (empty($_POST['body'])) { $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_body']; } // Add in few replacements. /** * These are the defaults: * - {MEMBER} - Member Name. => current user for review * - {MESSAGE} - Link to Offending Post. (If Applicable) => not applicable here, so not replaced * - {FORUMNAME} - Forum Name. * - {SCRIPTURL} - Web address of forum. * - {REGARDS} - Standard email sign-off. */ $find = array('{MEMBER}', '{FORUMNAME}', '{SCRIPTURL}', '{REGARDS}'); $replace = array($user_info['name'], $mbname, $scripturl, $txt['regards_team']); $warning_body = str_replace($find, $replace, $warning_body); } if (!empty($_POST['body'])) { preparsecode($warning_body); $warning_body = parse_bbc($warning_body, true); } $context['preview_message'] = $warning_body; } else { $context['post_error']['messages'][] = array('value' => $txt['cannot_issue_warning'], 'attributes' => array('type' => 'error')); } $context['sub_template'] = 'pm'; }
function JavaScriptModify() { global $db_prefix, $sourcedir, $modSettings, $board, $topic, $txt; global $user_info, $ID_MEMBER, $context, $func, $language; // We have to have a topic! if (empty($topic)) { obExit(false); } checkSession('get'); require_once $sourcedir . '/Subs-Post.php'; // Assume the first message if no message ID was given. $request = db_query("\n\t\t\tSELECT \n\t\t\t\tt.locked, t.numReplies, t.ID_MEMBER_STARTED, t.ID_FIRST_MSG,\n\t\t\t\tm.ID_MSG, m.ID_MEMBER, m.posterTime, m.subject, m.smileysEnabled, m.body,\n\t\t\t\tm.modifiedTime, m.modifiedName\n\t\t\tFROM ({$db_prefix}messages AS m, {$db_prefix}topics AS t)\n\t\t\tWHERE m.ID_MSG = " . (empty($_REQUEST['msg']) ? 't.ID_FIRST_MSG' : (int) $_REQUEST['msg']) . "\n\t\t\t\tAND m.ID_TOPIC = {$topic}\n\t\t\t\tAND t.ID_TOPIC = {$topic}", __FILE__, __LINE__); if (mysql_num_rows($request) == 0) { fatal_lang_error('smf232', false); } $row = mysql_fetch_assoc($request); mysql_free_result($request); // Change either body or subject requires permissions to modify messages. if (isset($_POST['message']) || isset($_POST['subject']) || isset($_POST['icon'])) { if (!empty($row['locked'])) { isAllowedTo('moderate_board'); } if ($row['ID_MEMBER'] == $ID_MEMBER && !allowedTo('modify_any')) { if (!empty($modSettings['edit_disable_time']) && $row['posterTime'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) { fatal_lang_error('modify_post_time_passed', false); } elseif ($row['ID_MEMBER_STARTED'] == $ID_MEMBER && !allowedTo('modify_own')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_own'); } } elseif ($row['ID_MEMBER_STARTED'] == $ID_MEMBER && !allowedTo('modify_any')) { isAllowedTo('modify_replies'); } else { isAllowedTo('modify_any'); } // Only log this action if it wasn't your message. $moderationAction = $row['ID_MEMBER'] != $ID_MEMBER; } $post_errors = array(); if (isset($_POST['subject']) && $func['htmltrim']($_POST['subject']) !== '') { $_POST['subject'] = strtr($func['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')); // Maximum number of characters. if ($func['strlen']($_POST['subject']) > 100) { $_POST['subject'] = addslashes($func['substr'](stripslashes($_POST['subject']), 0, 100)); } } else { $post_errors[] = 'no_subject'; unset($_POST['subject']); } if (isset($_POST['message'])) { if ($func['htmltrim']($_POST['message']) === '') { $post_errors[] = 'no_message'; unset($_POST['message']); } elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_POST['message']) > $modSettings['max_messageLength']) { $post_errors[] = 'long_message'; unset($_POST['message']); } else { $_POST['message'] = $func['htmlspecialchars']($_POST['message'], ENT_QUOTES); preparsecode($_POST['message']); if ($func['htmltrim'](strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '') { $post_errors[] = 'no_message'; unset($_POST['message']); } } } if (isset($_POST['lock'])) { if (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $ID_MEMBER != $row['ID_MEMBER']) { unset($_POST['lock']); } elseif (!allowedTo('lock_any')) { if ($row['locked'] == 1) { unset($_POST['lock']); } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 2; } } elseif (!empty($row['locked']) && !empty($_POST['lock']) || $_POST['lock'] == $row['locked']) { unset($_POST['lock']); } else { $_POST['lock'] = empty($_POST['lock']) ? 0 : 1; } } if (isset($_POST['sticky']) && !allowedTo('make_sticky')) { unset($_POST['sticky']); } if (empty($post_errors)) { $msgOptions = array('id' => $row['ID_MSG'], 'subject' => isset($_POST['subject']) ? $_POST['subject'] : null, 'body' => isset($_POST['message']) ? $_POST['message'] : null, 'icon' => isset($_POST['icon']) ? preg_replace('~[\\./\\\\*\':"<>]~', '', $_POST['icon']) : null); $topicOptions = array('id' => $topic, 'board' => $board, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true); $posterOptions = array(); // Only consider marking as editing if they have edited the subject, message or icon. if (isset($_POST['subject']) && $_POST['subject'] != $row['subject'] || isset($_POST['message']) && $_POST['message'] != $row['body'] || isset($_POST['icon']) && $_POST['icon'] != $row['icon']) { // And even then only if the time has passed... if (time() - $row['posterTime'] > $modSettings['edit_wait_time'] || $ID_MEMBER != $row['ID_MEMBER']) { $msgOptions['modify_time'] = time(); $msgOptions['modify_name'] = addslashes($user_info['name']); } } modifyPost($msgOptions, $topicOptions, $posterOptions); // If we didn't change anything this time but had before put back the old info. if (!isset($msgOptions['modify_time']) && !empty($row['modifiedTime'])) { $msgOptions['modify_time'] = $row['modifiedTime']; $msgOptions['modify_name'] = $row['modifiedName']; } // Changing the first subject updates other subjects to 'Re: new_subject'. if (isset($_POST['subject']) && isset($_REQUEST['change_all_subjects']) && $row['ID_FIRST_MSG'] == $row['ID_MSG'] && !empty($row['numReplies']) && (allowedTo('modify_any') || $row['ID_MEMBER_STARTED'] == $ID_MEMBER && allowedTo('modify_replies'))) { // Get the proper (default language) response prefix first. if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) { if ($language === $user_info['language']) { $context['response_prefix'] = $txt['response_prefix']; } else { loadLanguage('index', $language, false); $context['response_prefix'] = $txt['response_prefix']; loadLanguage('index'); } cache_put_data('response_prefix', $context['response_prefix'], 600); } db_query("\n\t\t\t\tUPDATE {$db_prefix}messages\n\t\t\t\tSET subject = '{$context['response_prefix']}{$_POST['subject']}'\n\t\t\t\tWHERE ID_TOPIC = {$topic}\n\t\t\t\t\tAND ID_MSG != {$row['ID_FIRST_MSG']}\n\t\t\t\tLIMIT {$row['numReplies']}", __FILE__, __LINE__); } if ($moderationAction) { logAction('modify', array('topic' => $topic, 'message' => $row['ID_MSG'], 'member' => $row['ID_MEMBER_STARTED'])); } } if (isset($_REQUEST['xml'])) { $context['sub_template'] = 'modifydone'; if (empty($post_errors) && isset($msgOptions['subject']) && isset($msgOptions['body'])) { $context['message'] = array('id' => $row['ID_MSG'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? timeformat($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? stripslashes($msgOptions['modify_name']) : ''), 'subject' => stripslashes($msgOptions['subject']), 'first_in_topic' => $row['ID_MSG'] == $row['ID_FIRST_MSG'], 'body' => strtr(stripslashes($msgOptions['body']), array(']]>' => ']]]]><![CDATA[>'))); censorText($context['message']['subject']); censorText($context['message']['body']); $context['message']['body'] = parse_bbc($context['message']['body'], $row['smileysEnabled'], $row['ID_MSG']); } elseif (empty($post_errors) && isset($msgOptions['subject'])) { $context['sub_template'] = 'modifytopicdone'; $context['message'] = array('id' => $row['ID_MSG'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? timeformat($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? stripslashes($msgOptions['modify_name']) : ''), 'subject' => stripslashes($msgOptions['subject'])); censorText($context['message']['subject']); } else { $context['message'] = array('id' => $row['ID_MSG'], 'errors' => array(), 'error_in_subject' => in_array('no_subject', $post_errors), 'error_in_body' => in_array('no_message', $post_errors) || in_array('long_message', $post_errors)); loadLanguage('Errors'); foreach ($post_errors as $post_error) { $context['message']['errors'][] = $txt['error_' . $post_error]; } } } else { obExit(false); } }
function Adk_formclear($toclean) { global $smcFunc, $sourcedir; require_once $sourcedir . '/Subs-Post.php'; $toclean = $smcFunc['htmlspecialchars']($toclean, ENT_QUOTES); $toclean = $smcFunc['htmltrim']($toclean, ENT_QUOTES); preparsecode($toclean); return $toclean; }
require_once $parser_dir . '/HtmlParser.php'; require_once '../../BBCHelpers.php'; globalSettings(); $bbc = new \BBC\DefaultCodes(array(), array()); $autolink = new \BBC\Autolink($bbc); $html = new \BBC\HtmlParser(); $parser = new \BBC\Parser($bbc, $autolink, $html); $smiley_parser = new \BBC\SmileyParser($modSettings['smileys_url'] . '/' . $user_info['smiley_set'] . '/'); // Preparser require_once '../../PreparserTests/OldPreparser/OldPreParser.php'; foreach ($messages as $i => $input) { $class_name = 'Message' . $i; $filename = 'Message' . $i . '.php'; // These aren't preparsed. This is how they will be stored. $stored = $input; preparsecode($stored); if ($stored !== $input) { echo "\nMessage {$i} needs to be preparsed<br>"; } $output = $parser->parse($stored); $smiley_parser->parse($output); $escaped_input = addslashes($input); $escaped_stored = addslashes($stored); $escaped_output = addslashes($output); $file_contents = <<<EOF <?php /* The original message {$escaped_input} */
/** * Saves a PM draft in the user_drafts table * The core draft feature must be enable, as well as the pm draft option * Determines if this is a new or and update to an existing draft * * @global type $context * @global type $user_info * @global type $smcFunc * @global type $modSettings * @param string $post_errors * @param type $recipientList * @return boolean */ function SavePMDraft(&$post_errors, $recipientList) { global $context, $user_info, $smcFunc, $modSettings; // PM survey says ... can you stay or must you go if (empty($modSettings['drafts_enabled']) || empty($modSettings['drafts_pm_enabled']) || !allowedTo('pm_draft') || !isset($_POST['save_draft'])) { return false; } // read in what you sent us $id_pm_draft = (int) $_POST['id_pm_draft']; $draft_info = ReadDraft($id_pm_draft, 1); // determine who this is being sent to if (isset($_REQUEST['xml'])) { $recipientList['to'] = isset($_POST['recipient_to']) ? explode(',', $_POST['recipient_to']) : array(); $recipientList['bcc'] = isset($_POST['recipient_bcc']) ? explode(',', $_POST['recipient_bcc']) : array(); } elseif (!empty($draft_info['to_list']) && empty($recipientList)) { $recipientList = unserialize($draft_info['to_list']); } // prepare the data we got from the form $reply_id = empty($_POST['replied_to']) ? 0 : (int) $_POST['replied_to']; $outbox = empty($_POST['outbox']) ? 0 : 1; $draft['body'] = $smcFunc['htmlspecialchars']($_POST['message'], ENT_QUOTES); $draft['subject'] = strtr($smcFunc['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')); // message and subject still need a bit more massaging preparsecode($draft['body']); if ($smcFunc['strlen']($draft['subject']) > 100) { $draft['subject'] = $smcFunc['substr']($draft['subject'], 0, 100); } // Modifying an existing PM draft? if (!empty($id_pm_draft) && !empty($draft_info) && $draft_info['id_member'] == $user_info['id']) { $smcFunc['db_query']('', ' UPDATE {db_prefix}user_drafts SET id_reply = {int:id_reply}, type = {int:type}, poster_time = {int:poster_time}, subject = {string:subject}, body = {string:body}, to_list = {string:to_list}, outbox = {int:outbox} WHERE id_draft = {int:id_pm_draft} LIMIT 1', array('id_reply' => $reply_id, 'type' => 1, 'poster_time' => time(), 'subject' => $draft['subject'], 'body' => $draft['body'], 'id_pm_draft' => $id_pm_draft, 'to_list' => serialize($recipientList), 'outbox' => $outbox)); // some items to return to the form $context['draft_saved'] = true; $context['id_pm_draft'] = $id_pm_draft; } else { $smcFunc['db_insert']('', '{db_prefix}user_drafts', array('id_reply' => 'int', 'type' => 'int', 'poster_time' => 'int', 'id_member' => 'int', 'subject' => 'string-255', 'body' => 'string-65534', 'to_list' => 'string-255', 'outbox' => 'int'), array($reply_id, 1, time(), $user_info['id'], $draft['subject'], $draft['body'], serialize($recipientList), $outbox), array('id_draft')); // get the new id $id_pm_draft = $smcFunc['db_insert_id']('{db_prefix}user_drafts', 'id_draft'); // everything go as expected, if not toss an error if (!empty($id_pm_draft)) { $context['draft_saved'] = true; $context['id_pm_draft'] = $id_pm_draft; } else { $post_errors[] = 'draft_not_saved'; } } // if we were called from the autosave function, send something back if (!empty($id_pm_draft) && isset($_REQUEST['xml']) && !in_array('session_timeout', $post_errors)) { XmlDraft($id_pm_draft); } return; }
function EditNews() { global $txt, $modSettings, $context, $sourcedir, $user_info; global $smcFunc; require_once $sourcedir . '/Subs-Post.php'; // The 'remove selected' button was pressed. if (!empty($_POST['delete_selection']) && !empty($_POST['remove'])) { checkSession(); // Store the news temporarily in this array. $temp_news = explode("\n", $modSettings['news']); // Remove the items that were selected. foreach ($temp_news as $i => $news) { if (in_array($i, $_POST['remove'])) { unset($temp_news[$i]); } } // Update the database. updateSettings(array('news' => implode("\n", $temp_news))); logAction('news'); } elseif (!empty($_POST['save_items'])) { checkSession(); foreach ($_POST['news'] as $i => $news) { if (trim($news) == '') { unset($_POST['news'][$i]); } else { $_POST['news'][$i] = $smcFunc['htmlspecialchars']($_POST['news'][$i], ENT_QUOTES); preparsecode($_POST['news'][$i]); } } // Send the new news to the database. updateSettings(array('news' => implode("\n", $_POST['news']))); // Log this into the moderation log. logAction('news'); } // Ready the current news. foreach (explode("\n", $modSettings['news']) as $id => $line) { $context['admin_current_news'][$id] = array('id' => $id, 'unparsed' => un_preparsecode($line), 'parsed' => preg_replace('~<([/]?)form[^>]*?[>]*>~i', '<em class="smalltext"><$1form></em>', parse_bbc($line))); } $context['sub_template'] = 'edit_news'; $context['page_title'] = $txt['admin_edit_news']; }
function sendpm($recipients, $subject, $message, $store_outbox = false, $from = null, $pm_head = 0) { global $scripturl, $txt, $user_info, $language; global $modSettings, $sourcedir; // Make sure the PM language file is loaded, we might need something out of it. loadLanguage('PersonalMessage'); $onBehalf = $from !== null; // Initialize log array. $log = array('failed' => array(), 'sent' => array()); if ($from === null) { $from = array('id' => $user_info['id'], 'name' => $user_info['name'], 'username' => $user_info['username']); } else { $user_info['name'] = $from['name']; } // This is the one that will go in their inbox. $htmlmessage = commonAPI::htmlspecialchars($message, ENT_QUOTES); $htmlsubject = commonAPI::htmlspecialchars($subject); preparsecode($htmlmessage); // Integrated PMs HookAPI::callHook('integrate_personal_message', array($recipients, $from['username'], $subject, $message)); // Get a list of usernames and convert them to IDs. $usernames = array(); foreach ($recipients as $rec_type => $rec) { foreach ($rec as $id => $member) { if (!is_numeric($recipients[$rec_type][$id])) { //$recipients[$rec_type][$id] = commonAPI::strtolower(trim(preg_replace('/[<>&"\'=\\\]/', '', $recipients[$rec_type][$id]))); $recipients[$rec_type][$id] = commonAPI::strtolower(trim(preg_replace('/[<>&"\'=\\]/', '', $recipients[$rec_type][$id]))); $usernames[$recipients[$rec_type][$id]] = 0; } } } if (!empty($usernames)) { $request = smf_db_query(' SELECT id_member, member_name FROM {db_prefix}members WHERE ' . 'member_name' . ' IN ({array_string:usernames})', array('usernames' => array_keys($usernames))); while ($row = mysql_fetch_assoc($request)) { if (isset($usernames[commonAPI::strtolower($row['member_name'])])) { $usernames[commonAPI::strtolower($row['member_name'])] = $row['id_member']; } } mysql_free_result($request); // Replace the usernames with IDs. Drop usernames that couldn't be found. foreach ($recipients as $rec_type => $rec) { foreach ($rec as $id => $member) { if (is_numeric($recipients[$rec_type][$id])) { continue; } if (!empty($usernames[$member])) { $recipients[$rec_type][$id] = $usernames[$member]; } else { $log['failed'][$id] = sprintf($txt['pm_error_user_not_found'], $recipients[$rec_type][$id]); unset($recipients[$rec_type][$id]); } } } } // Make sure there are no duplicate 'to' members. $recipients['to'] = array_unique($recipients['to']); // Only 'bcc' members that aren't already in 'to'. $recipients['bcc'] = array_diff(array_unique($recipients['bcc']), $recipients['to']); // Combine 'to' and 'bcc' recipients. $all_to = array_merge($recipients['to'], $recipients['bcc']); // Check no-one will want it deleted right away! $request = smf_db_query(' SELECT id_member, criteria, is_or FROM {db_prefix}pm_rules WHERE id_member IN ({array_int:to_members}) AND delete_pm = {int:delete_pm}', array('to_members' => $all_to, 'delete_pm' => 1)); $deletes = array(); // Check whether we have to apply anything... while ($row = mysql_fetch_assoc($request)) { $criteria = unserialize($row['criteria']); // Note we don't check the buddy status, cause deletion from buddy = madness! $delete = false; foreach ($criteria as $criterium) { $match = false; if ($criterium['t'] == 'mid' && $criterium['v'] == $from['id'] || $criterium['t'] == 'gid' && in_array($criterium['v'], $user_info['groups']) || $criterium['t'] == 'sub' && strpos($subject, $criterium['v']) !== false || $criterium['t'] == 'msg' && strpos($message, $criterium['v']) !== false) { $delete = true; } elseif (!$row['is_or']) { $delete = false; break; } } if ($delete) { $deletes[$row['id_member']] = 1; } } mysql_free_result($request); // Load the membergrounp message limits. //!!! Consider caching this? static $message_limit_cache = array(); if (!allowedTo('moderate_forum') && empty($message_limit_cache)) { $request = smf_db_query(' SELECT id_group, max_messages FROM {db_prefix}membergroups', array()); while ($row = mysql_fetch_assoc($request)) { $message_limit_cache[$row['id_group']] = $row['max_messages']; } mysql_free_result($request); } // Load the groups that are allowed to read PMs. $allowed_groups = array(); $disallowed_groups = array(); $request = smf_db_query(' SELECT id_group, add_deny FROM {db_prefix}permissions WHERE permission = {string:read_permission}', array('read_permission' => 'pm_read')); while ($row = mysql_fetch_assoc($request)) { if (empty($row['add_deny'])) { $disallowed_groups[] = $row['id_group']; } else { $allowed_groups[] = $row['id_group']; } } mysql_free_result($request); if (empty($modSettings['permission_enable_deny'])) { $disallowed_groups = array(); } $request = smf_db_query(' SELECT member_name, real_name, id_member, email_address, lngfile, pm_email_notify, instant_messages,' . (allowedTo('moderate_forum') ? ' 0' : ' (pm_receive_from = {int:admins_only}' . (empty($modSettings['enable_buddylist']) ? '' : ' OR (pm_receive_from = {int:buddies_only} AND FIND_IN_SET({string:from_id}, buddy_list) = 0) OR (pm_receive_from = {int:not_on_ignore_list} AND FIND_IN_SET({string:from_id}, pm_ignore_list) != 0)') . ')') . ' AS ignored, FIND_IN_SET({string:from_id}, buddy_list) != 0 AS is_buddy, is_activated, additional_groups, id_group, id_post_group FROM {db_prefix}members WHERE id_member IN ({array_int:recipients}) ORDER BY lngfile LIMIT {int:count_recipients}', array('not_on_ignore_list' => 1, 'buddies_only' => 2, 'admins_only' => 3, 'recipients' => $all_to, 'count_recipients' => count($all_to), 'from_id' => $from['id'])); $notifications = array(); $as_notifications = array(); while ($row = mysql_fetch_assoc($request)) { // Don't do anything for members to be deleted! if (isset($deletes[$row['id_member']])) { continue; } // We need to know this members groups. $groups = explode(',', $row['additional_groups']); $groups[] = $row['id_group']; $groups[] = $row['id_post_group']; $message_limit = -1; // For each group see whether they've gone over their limit - assuming they're not an admin. if (!in_array(1, $groups)) { foreach ($groups as $id) { if (isset($message_limit_cache[$id]) && $message_limit != 0 && $message_limit < $message_limit_cache[$id]) { $message_limit = $message_limit_cache[$id]; } } if ($message_limit > 0 && $message_limit <= $row['instant_messages']) { $log['failed'][$row['id_member']] = sprintf($txt['pm_error_data_limit_reached'], $row['real_name']); unset($all_to[array_search($row['id_member'], $all_to)]); continue; } // Do they have any of the allowed groups? if (count(array_intersect($allowed_groups, $groups)) == 0 || count(array_intersect($disallowed_groups, $groups)) != 0) { $log['failed'][$row['id_member']] = sprintf($txt['pm_error_user_cannot_read'], $row['real_name']); unset($all_to[array_search($row['id_member'], $all_to)]); continue; } } // Note that PostgreSQL can return a lowercase t/f for FIND_IN_SET if (!empty($row['ignored']) && $row['ignored'] != 'f' && $row['id_member'] != $from['id']) { $log['failed'][$row['id_member']] = sprintf($txt['pm_error_ignored_by_user'], $row['real_name']); unset($all_to[array_search($row['id_member'], $all_to)]); continue; } // If the receiving account is banned (>=10) or pending deletion (4), refuse to send the PM. if ($row['is_activated'] >= 10 || $row['is_activated'] == 4 && !$user_info['is_admin']) { $log['failed'][$row['id_member']] = sprintf($txt['pm_error_user_cannot_read'], $row['real_name']); unset($all_to[array_search($row['id_member'], $all_to)]); continue; } // Send a notification, if enabled - taking the buddy list into account. if (!empty($row['email_address']) && ($row['pm_email_notify'] == 1 || $row['pm_email_notify'] > 1 && (!empty($modSettings['enable_buddylist']) && $row['is_buddy'])) && $row['is_activated'] == 1) { $notifications[empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']][] = $row['email_address']; } $as_notifications[] = $row['id_member']; $log['sent'][$row['id_member']] = sprintf(isset($txt['pm_successfully_sent']) ? $txt['pm_successfully_sent'] : '', $row['real_name']); } mysql_free_result($request); // Only 'send' the message if there are any recipients left. if (empty($all_to)) { return $log; } // Insert the message itself and then grab the last insert id. smf_db_insert('', '{db_prefix}personal_messages', array('id_pm_head' => 'int', 'id_member_from' => 'int', 'deleted_by_sender' => 'int', 'from_name' => 'string-255', 'msgtime' => 'int', 'subject' => 'string-255', 'body' => 'string-65534'), array($pm_head, $from['id'], $store_outbox ? 0 : 1, $from['username'], time(), $htmlsubject, $htmlmessage), array('id_pm')); $id_pm = smf_db_insert_id('{db_prefix}personal_messages', 'id_pm'); if ($modSettings['astream_active']) { require_once $sourcedir . '/lib/Subs-Activities.php'; $id_act = aStreamAdd($from['id'], ACT_PM, array('member_name' => $from['username']), 0, 0, $id_pm, $from['id'], ACT_PLEVEL_PRIVATE); if ((int) $id_act > 0) { aStreamAddNotification($as_notifications, $id_act, ACT_PM); } } // Add the recipients. if (!empty($id_pm)) { // If this is new we need to set it part of it's own conversation. if (empty($pm_head)) { smf_db_query(' UPDATE {db_prefix}personal_messages SET id_pm_head = {int:id_pm_head} WHERE id_pm = {int:id_pm_head}', array('id_pm_head' => $id_pm)); } // Some people think manually deleting personal_messages is fun... it's not. We protect against it though :) smf_db_query(' DELETE FROM {db_prefix}pm_recipients WHERE id_pm = {int:id_pm}', array('id_pm' => $id_pm)); $insertRows = array(); foreach ($all_to as $to) { $insertRows[] = array($id_pm, $to, in_array($to, $recipients['bcc']) ? 1 : 0, isset($deletes[$to]) ? 1 : 0, 1); } smf_db_insert('insert', '{db_prefix}pm_recipients', array('id_pm' => 'int', 'id_member' => 'int', 'bcc' => 'int', 'deleted' => 'int', 'is_new' => 'int'), $insertRows, array('id_pm', 'id_member')); } censorText($message); censorText($subject); $message = trim(un_htmlspecialchars(strip_tags(strtr(parse_bbc(htmlspecialchars($message), false), array('<br />' => "\n", '</div>' => "\n", '</li>' => "\n", '[' => '[', ']' => ']'))))); foreach ($notifications as $lang => $notification_list) { // Make sure to use the right language. loadLanguage('index+PersonalMessage', $lang, false); // Replace the right things in the message strings. $mailsubject = str_replace(array('SUBJECT', 'SENDER'), array($subject, un_htmlspecialchars($from['name'])), $txt['new_pm_subject']); $mailmessage = str_replace(array('SUBJECT', 'MESSAGE', 'SENDER'), array($subject, $message, un_htmlspecialchars($from['name'])), $txt['pm_email']); $mailmessage .= "\n\n" . $txt['instant_reply'] . ' ' . $scripturl . '?action=pm;sa=send;f=inbox;pmsg=' . $id_pm . ';quote;u=' . $from['id']; // Off the notification email goes! sendmail($notification_list, $mailsubject, $mailmessage, null, 'p' . $id_pm, false, 2, null, true); } // Back to what we were on before! loadLanguage('index+PersonalMessage'); // Add one to their unread and read message counts. foreach ($all_to as $k => $id) { if (isset($deletes[$id])) { unset($all_to[$k]); } } if (!empty($all_to)) { updateMemberData($all_to, array('instant_messages' => '+', 'unread_messages' => '+', 'new_pm' => 1)); } return $log; }
/** * Issue/manage an user's warning status. * @uses ProfileAccount template issueWarning sub template * @uses Profile template */ public function action_issuewarning() { global $txt, $scripturl, $modSettings, $mbname, $context, $cur_profile; $memID = currentMemberID(); // make sure the sub-template is set... loadTemplate('ProfileAccount'); $context['sub_template'] = 'issueWarning'; // We need this because of template_load_warning_variables loadTemplate('Profile'); loadJavascriptFile('profile.js'); // jQuery-UI FTW! $modSettings['jquery_include_ui'] = true; loadCSSFile('jquery.ui.slider.css'); loadCSSFile('jquery.ui.theme.css'); // Get all the actual settings. list($modSettings['warning_enable'], $modSettings['user_limit']) = explode(',', $modSettings['warning_settings']); // This stores any legitimate errors. $issueErrors = array(); // Doesn't hurt to be overly cautious. if (empty($modSettings['warning_enable']) || $context['user']['is_owner'] && !$cur_profile['warning'] || !allowedTo('issue_warning')) { fatal_lang_error('no_access', false); } // Get the base (errors related) stuff done. loadLanguage('Errors'); $context['custom_error_title'] = $txt['profile_warning_errors_occurred']; // Make sure things which are disabled stay disabled. $modSettings['warning_watch'] = !empty($modSettings['warning_watch']) ? $modSettings['warning_watch'] : 110; $modSettings['warning_moderate'] = !empty($modSettings['warning_moderate']) && !empty($modSettings['postmod_active']) ? $modSettings['warning_moderate'] : 110; $modSettings['warning_mute'] = !empty($modSettings['warning_mute']) ? $modSettings['warning_mute'] : 110; $context['warning_limit'] = allowedTo('admin_forum') ? 0 : $modSettings['user_limit']; $context['member']['warning'] = $cur_profile['warning']; $context['member']['name'] = $cur_profile['real_name']; // What are the limits we can apply? $context['min_allowed'] = 0; $context['max_allowed'] = 100; if ($context['warning_limit'] > 0) { require_once SUBSDIR . '/Moderation.subs.php'; $current_applied = warningDailyLimit($memID); $context['min_allowed'] = max(0, $cur_profile['warning'] - $current_applied - $context['warning_limit']); $context['max_allowed'] = min(100, $cur_profile['warning'] - $current_applied + $context['warning_limit']); } // Defaults. $context['warning_data'] = array('reason' => '', 'notify' => '', 'notify_subject' => '', 'notify_body' => ''); // Are we saving? if (isset($_POST['save'])) { // Security is good here. checkSession('post'); // This cannot be empty! $_POST['warn_reason'] = isset($_POST['warn_reason']) ? trim($_POST['warn_reason']) : ''; if ($_POST['warn_reason'] == '' && !$context['user']['is_owner']) { $issueErrors[] = 'warning_no_reason'; } $_POST['warn_reason'] = Util::htmlspecialchars($_POST['warn_reason']); // If the value hasn't changed it's either no JS or a real no change (Which this will pass) if ($_POST['warning_level'] == 'SAME') { $_POST['warning_level'] = $_POST['warning_level_nojs']; } $_POST['warning_level'] = (int) $_POST['warning_level']; $_POST['warning_level'] = max(0, min(100, $_POST['warning_level'])); if ($_POST['warning_level'] < $context['min_allowed']) { $_POST['warning_level'] = $context['min_allowed']; } elseif ($_POST['warning_level'] > $context['max_allowed']) { $_POST['warning_level'] = $context['max_allowed']; } require_once SUBSDIR . '/Moderation.subs.php'; // Do we actually have to issue them with a PM? $id_notice = 0; if (!empty($_POST['warn_notify']) && empty($issueErrors)) { $_POST['warn_sub'] = trim($_POST['warn_sub']); $_POST['warn_body'] = trim($_POST['warn_body']); if (empty($_POST['warn_sub']) || empty($_POST['warn_body'])) { $issueErrors[] = 'warning_notify_blank'; } else { require_once SUBSDIR . '/PersonalMessage.subs.php'; $from = array('id' => 0, 'name' => $context['forum_name'], 'username' => $context['forum_name']); sendpm(array('to' => array($memID), 'bcc' => array()), $_POST['warn_sub'], $_POST['warn_body'], false, $from); // Log the notice. $id_notice = logWarningNotice($_POST['warn_sub'], $_POST['warn_body']); } } // Just in case - make sure notice is valid! $id_notice = (int) $id_notice; // What have we changed? $level_change = $_POST['warning_level'] - $cur_profile['warning']; // No errors? Proceed! Only log if you're not the owner. if (empty($issueErrors)) { // Log what we've done! if (!$context['user']['is_owner']) { logWarning($memID, $cur_profile['real_name'], $id_notice, $level_change, $_POST['warn_reason']); } // Make the change. updateMemberData($memID, array('warning' => $_POST['warning_level'])); // Leave a lovely message. $context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : $txt['profile_warning_success']; } else { // Try to remember some bits. $context['warning_data'] = array('reason' => $_POST['warn_reason'], 'notify' => !empty($_POST['warn_notify']), 'notify_subject' => isset($_POST['warn_sub']) ? $_POST['warn_sub'] : '', 'notify_body' => isset($_POST['warn_body']) ? $_POST['warn_body'] : ''); } // Show the new improved warning level. $context['member']['warning'] = $_POST['warning_level']; } // Taking a look first, good idea that one. if (isset($_POST['preview'])) { $warning_body = !empty($_POST['warn_body']) ? trim(censorText($_POST['warn_body'])) : ''; $context['preview_subject'] = !empty($_POST['warn_sub']) ? trim(Util::htmlspecialchars($_POST['warn_sub'])) : ''; if (empty($_POST['warn_sub']) || empty($_POST['warn_body'])) { $issueErrors[] = 'warning_notify_blank'; } if (!empty($_POST['warn_body'])) { require_once SUBSDIR . '/Post.subs.php'; preparsecode($warning_body); $warning_body = parse_bbc($warning_body, true); } // Try to remember some bits. $context['warning_data'] = array('reason' => $_POST['warn_reason'], 'notify' => !empty($_POST['warn_notify']), 'notify_subject' => isset($_POST['warn_sub']) ? $_POST['warn_sub'] : '', 'notify_body' => isset($_POST['warn_body']) ? $_POST['warn_body'] : '', 'body_preview' => $warning_body); } if (!empty($issueErrors)) { // Fill in the suite of errors. $context['post_errors'] = array(); foreach ($issueErrors as $error) { $context['post_errors'][] = $txt[$error]; } } $context['page_title'] = $txt['profile_issue_warning']; // Let's use a generic list to get all the current warnings require_once SUBSDIR . '/GenericList.class.php'; require_once SUBSDIR . '/Profile.subs.php'; // Work our the various levels. $context['level_effects'] = array(0 => $txt['profile_warning_effect_none'], $modSettings['warning_watch'] => $txt['profile_warning_effect_watch'], $modSettings['warning_moderate'] => $txt['profile_warning_effect_moderation'], $modSettings['warning_mute'] => $txt['profile_warning_effect_mute']); $context['current_level'] = 0; foreach ($context['level_effects'] as $limit => $dummy) { if ($context['member']['warning'] >= $limit) { $context['current_level'] = $limit; } } // Build a list to view the warnings $listOptions = array('id' => 'issued_warnings', 'title' => $txt['profile_viewwarning_previous_warnings'], 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['profile_viewwarning_no_warnings'], 'base_href' => $scripturl . '?action=profile;area=issuewarning;sa=user;u=' . $memID, 'default_sort_col' => 'log_time', 'get_items' => array('function' => 'list_getUserWarnings', 'params' => array($memID)), 'get_count' => array('function' => 'list_getUserWarningCount', 'params' => array($memID)), 'columns' => array('issued_by' => array('header' => array('value' => $txt['profile_warning_previous_issued'], 'style' => 'width: 20%;'), 'data' => array('function' => create_function('$warning', ' return $warning[\'issuer\'][\'link\']; ')), 'sort' => array('default' => 'lc.member_name DESC', 'reverse' => 'lc.member_name')), 'log_time' => array('header' => array('value' => $txt['profile_warning_previous_time'], 'style' => 'width: 30%;'), 'data' => array('db' => 'time'), 'sort' => array('default' => 'lc.log_time DESC', 'reverse' => 'lc.log_time')), 'reason' => array('header' => array('value' => $txt['profile_warning_previous_reason']), 'data' => array('function' => create_function('$warning', ' global $scripturl, $txt, $settings; $ret = \' <div class="floatleft"> \' . $warning[\'reason\'] . \' </div>\'; // If a notice was sent, provide a way to view it if (!empty($warning[\'id_notice\'])) $ret .= \' <div class="floatright"> <a href="\' . $scripturl . \'?action=moderate;area=notice;nid=\' . $warning[\'id_notice\'] . \'" onclick="window.open(this.href, \\\'\\\', \\\'scrollbars=yes,resizable=yes,width=400,height=250\\\');return false;" target="_blank" class="new_win" title="\' . $txt[\'profile_warning_previous_notice\'] . \'"><img src="\' . $settings[\'images_url\'] . \'/filter.png" alt="" /></a> </div>\'; return $ret;'))), 'level' => array('header' => array('value' => $txt['profile_warning_previous_level'], 'style' => 'width: 6%;'), 'data' => array('db' => 'counter'), 'sort' => array('default' => 'lc.counter DESC', 'reverse' => 'lc.counter')))); // Create the list for viewing. createList($listOptions); $warning_for_message = isset($_REQUEST['msg']) ? (int) $_REQUEST['msg'] : false; $warned_message_subject = ''; // Are they warning because of a message? if (isset($_REQUEST['msg']) && 0 < (int) $_REQUEST['msg']) { require_once SUBSDIR . '/Messages.subs.php'; $message = basicMessageInfo((int) $_REQUEST['msg']); if (!empty($message)) { $warned_message_subject = $message['subject']; } } require_once SUBSDIR . '/Maillist.subs.php'; // Any custom templates? $context['notification_templates'] = array(); $notification_templates = maillist_templates('warntpl'); foreach ($notification_templates as $row) { // If we're not warning for a message skip any that are. if (!$warning_for_message && strpos($row['body'], '{MESSAGE}') !== false) { continue; } $context['notification_templates'][] = array('title' => $row['title'], 'body' => $row['body']); } // Setup the "default" templates. foreach (array('spamming', 'offence', 'insulting') as $type) { $context['notification_templates'][] = array('title' => $txt['profile_warning_notify_title_' . $type], 'body' => sprintf($txt['profile_warning_notify_template_outline' . (!empty($warning_for_message) ? '_post' : '')], $txt['profile_warning_notify_for_' . $type])); } // Replace all the common variables in the templates. foreach ($context['notification_templates'] as $k => $name) { $context['notification_templates'][$k]['body'] = strtr($name['body'], array('{MEMBER}' => un_htmlspecialchars($context['member']['name']), '{MESSAGE}' => '[url=' . $scripturl . '?msg=' . $warning_for_message . ']' . un_htmlspecialchars($warned_message_subject) . '[/url]', '{SCRIPTURL}' => $scripturl, '{FORUMNAME}' => $mbname, '{REGARDS}' => replaceBasicActionUrl($txt['regards_team']))); } }
function ModifyWarningTemplate() { global $smcFunc, $context, $txt, $user_info, $sourcedir; $context['id_template'] = isset($_REQUEST['tid']) ? (int) $_REQUEST['tid'] : 0; $context['is_edit'] = $context['id_template']; // Standard template things. $context['page_title'] = $context['is_edit'] ? $txt['mc_warning_template_modify'] : $txt['mc_warning_template_add']; $context['sub_template'] = 'warn_template'; $context[$context['moderation_menu_name']]['current_subsection'] = 'templates'; // Defaults. $context['template_data'] = array('title' => '', 'body' => $txt['mc_warning_template_body_default'], 'personal' => false, 'can_edit_personal' => true); // If it's an edit load it. if ($context['is_edit']) { $request = $smcFunc['db_query']('', ' SELECT id_member, id_recipient, recipient_name AS template_title, body FROM {db_prefix}log_comments WHERE id_comment = {int:id} AND comment_type = {string:warntpl} AND (id_recipient = {int:generic} OR id_recipient = {int:current_member})', array('id' => $context['id_template'], 'warntpl' => 'warntpl', 'generic' => 0, 'current_member' => $user_info['id'])); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['template_data'] = array('title' => $row['template_title'], 'body' => $smcFunc['htmlspecialchars']($row['body']), 'personal' => $row['id_recipient'], 'can_edit_personal' => $row['id_member'] == $user_info['id']); } $smcFunc['db_free_result']($request); } // Wait, we are saving? if (isset($_POST['save'])) { checkSession('post'); // To check the BBC is pretty good... require_once $sourcedir . '/Subs-Post.php'; // Bit of cleaning! $_POST['template_body'] = trim($_POST['template_body']); $_POST['template_title'] = trim($_POST['template_title']); // Need something in both boxes. if (empty($_POST['template_body']) || empty($_POST['template_title'])) { fatal_error($txt['mc_warning_template_error_empty']); } // Safety first. $_POST['template_title'] = $smcFunc['htmlspecialchars']($_POST['template_title']); // Clean up BBC. preparsecode($_POST['template_body']); // But put line breaks back! $_POST['template_body'] = strtr($_POST['template_body'], array('<br />' => "\n")); // Is this personal? $recipient_id = !empty($_POST['make_personal']) ? $user_info['id'] : 0; // If we are this far it's save time. if ($context['is_edit']) { // Simple update... $smcFunc['db_query']('', ' UPDATE {db_prefix}log_comments SET id_recipient = {int:personal}, recipient_name = {string:title}, body = {string:body} WHERE id_comment = {int:id} AND comment_type = {string:warntpl} AND (id_recipient = {int:generic} OR id_recipient = {int:current_member})' . ($recipient_id ? ' AND id_member = {int:current_member}' : ''), array('personal' => $recipient_id, 'title' => $_POST['template_title'], 'body' => $_POST['template_body'], 'id' => $context['id_template'], 'warntpl' => 'warntpl', 'generic' => 0, 'current_member' => $user_info['id'])); // If it wasn't visible and now is they've effectively added it. if ($context['template_data']['personal'] && !$recipient_id) { logAction('add_warn_template', array('template' => $_POST['template_title'])); } elseif (!$context['template_data']['personal'] && $recipient_id) { logAction('delete_warn_template', array('template' => $_POST['template_title'])); } else { logAction('modify_warn_template', array('template' => $_POST['template_title'])); } } else { $smcFunc['db_insert']('', '{db_prefix}log_comments', array('id_member' => 'int', 'member_name' => 'string', 'comment_type' => 'string', 'id_recipient' => 'int', 'recipient_name' => 'string-255', 'body' => 'string-65535', 'log_time' => 'int'), array($user_info['id'], $user_info['name'], 'warntpl', $recipient_id, $_POST['template_title'], $_POST['template_body'], time()), array('id_comment')); logAction('add_warn_template', array('template' => $_POST['template_title'])); } // Get out of town... redirectexit('action=moderate;area=warnings;sa=templates'); } }
/** * Send it! */ function MessagePost2() { global $txt, $context, $sourcedir; global $user_info, $modSettings, $scripturl, $smcFunc; isAllowedTo('pm_send'); require_once $sourcedir . '/Subs-Auth.php'; loadLanguage('PersonalMessage', '', false); // Extract out the spam settings - it saves database space! list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']); // Initialize the errors we're about to make. $post_errors = array(); // Check whether we've gone over the limit of messages we can send per hour - fatal error if fails! if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') { // How many have they sent this last hour? $request = $smcFunc['db_query']('', ' SELECT COUNT(pr.id_pm) AS post_count FROM {db_prefix}personal_messages AS pm INNER JOIN {db_prefix}pm_recipients AS pr ON (pr.id_pm = pm.id_pm) WHERE pm.id_member_from = {int:current_member} AND pm.msgtime > {int:msgtime}', array('current_member' => $user_info['id'], 'msgtime' => time() - 3600)); list($postCount) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) { if (!isset($_REQUEST['xml'])) { fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour'])); } else { $post_errors[] = 'pm_too_many_per_hour'; } } } // If your session timed out, show an error, but do allow to re-submit. if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') { $post_errors[] = 'session_timeout'; } $_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : ''; $_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to']; $_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc']; // Route the input from the 'u' parameter to the 'to'-list. if (!empty($_POST['u'])) { $_POST['recipient_to'] = explode(',', $_POST['u']); } // Construct the list of recipients. $recipientList = array(); $namedRecipientList = array(); $namesNotFound = array(); foreach (array('to', 'bcc') as $recipientType) { // First, let's see if there's user ID's given. $recipientList[$recipientType] = array(); if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) { foreach ($_POST['recipient_' . $recipientType] as $recipient) { $recipientList[$recipientType][] = (int) $recipient; } } // Are there also literal names set? if (!empty($_REQUEST[$recipientType])) { // We're going to take out the "s anyway ;). $recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $recipientString, $matches); $namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString)))); foreach ($namedRecipientList[$recipientType] as $index => $recipient) { if (strlen(trim($recipient)) > 0) { $namedRecipientList[$recipientType][$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($recipient))); } else { unset($namedRecipientList[$recipientType][$index]); } } if (!empty($namedRecipientList[$recipientType])) { $foundMembers = findMembers($namedRecipientList[$recipientType]); // Assume all are not found, until proven otherwise. $namesNotFound[$recipientType] = $namedRecipientList[$recipientType]; foreach ($foundMembers as $member) { $testNames = array($smcFunc['strtolower']($member['username']), $smcFunc['strtolower']($member['name']), $smcFunc['strtolower']($member['email'])); if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) { $recipientList[$recipientType][] = $member['id']; // Get rid of this username, since we found it. $namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames); } } } } // Selected a recipient to be deleted? Remove them now. if (!empty($_POST['delete_recipient'])) { $recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient'])); } // Make sure we don't include the same name twice $recipientList[$recipientType] = array_unique($recipientList[$recipientType]); } // Are we changing the recipients some how? $is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']); // Check if there's at least one recipient. if (empty($recipientList['to']) && empty($recipientList['bcc'])) { $post_errors[] = 'no_to'; } // Make sure that we remove the members who did get it from the screen. if (!$is_recipient_change) { foreach ($recipientList as $recipientType => $dummy) { if (!empty($namesNotFound[$recipientType])) { $post_errors[] = 'bad_' . $recipientType; // Since we already have a post error, remove the previous one. $post_errors = array_diff($post_errors, array('no_to')); foreach ($namesNotFound[$recipientType] as $name) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); } } } } // Did they make any mistakes? if ($_REQUEST['subject'] == '') { $post_errors[] = 'no_subject'; } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { $post_errors[] = 'no_message'; } elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) { $post_errors[] = 'long_message'; } else { // Preparse the message. $message = $_REQUEST['message']; preparsecode($message); // Make sure there's still some content left without the tags. if ($smcFunc['htmltrim'](strip_tags(parse_bbc($smcFunc['htmlspecialchars']($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) { $post_errors[] = 'no_message'; } } // Wrong verification code? if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'pm'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { $post_errors = array_merge($post_errors, $context['require_verification']); } } // If they did, give a chance to make ammends. if (!empty($post_errors) && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) { return messagePostError($post_errors, $namedRecipientList, $recipientList); } // Want to take a second glance before you send? if (isset($_REQUEST['preview'])) { // Set everything up to be displayed. $context['preview_subject'] = $smcFunc['htmlspecialchars']($_REQUEST['subject']); $context['preview_message'] = $smcFunc['htmlspecialchars']($_REQUEST['message'], ENT_QUOTES); preparsecode($context['preview_message'], true); // Parse out the BBC if it is enabled. $context['preview_message'] = parse_bbc($context['preview_message']); // Censor, as always. censorText($context['preview_subject']); censorText($context['preview_message']); // Set a descriptive title. $context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject']; // Pretend they messed up but don't ignore if they really did :P. return messagePostError($post_errors, $namedRecipientList, $recipientList); } elseif ($is_recipient_change) { // Maybe we couldn't find one? foreach ($namesNotFound as $recipientType => $names) { $post_errors[] = 'bad_' . $recipientType; foreach ($names as $name) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); } } return messagePostError(array(), $namedRecipientList, $recipientList); } // Want to save this as a draft and think about it some more? if (!empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_pm_enabled']) && isset($_POST['save_draft'])) { require_once $sourcedir . '/Drafts.php'; SavePMDraft($post_errors, $recipientList); return messagePostError($post_errors, $namedRecipientList, $recipientList); } elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) { $context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients']))); return messagePostError($post_errors, $namedRecipientList, $recipientList); } // Protect from message spamming. spamProtection('pm'); // Prevent double submission of this form. checkSubmitOnce('check'); // Do the actual sending of the PM. if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) { $context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], !empty($_REQUEST['outbox']), null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0); } else { $context['send_log'] = array('sent' => array(), 'failed' => array()); } // Mark the message as "replied to". if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') { $smcFunc['db_query']('', ' UPDATE {db_prefix}pm_recipients SET is_read = is_read | 2 WHERE id_pm = {int:replied_to} AND id_member = {int:current_member}', array('current_member' => $user_info['id'], 'replied_to' => (int) $_REQUEST['replied_to'])); } // If one or more of the recipient were invalid, go back to the post screen with the failed usernames. if (!empty($context['send_log']['failed'])) { return messagePostError($post_errors, $namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed']))); } // Message sent successfully? if (!empty($context['send_log']) && empty($context['send_log']['failed'])) { $context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent'; } // Go back to the where they sent from, if possible... redirectexit($context['current_label_redirect']); }
function shd_validate_custom_fields($scope, $dept) { global $context, $smcFunc, $txt, $sourcedir; require_once $sourcedir . '/Subs-Post.php'; if (empty($context['ticket_form']['custom_fields'][$scope])) { return array(array(), array()); } $missing_fields = array(); $invalid_fields = array(); foreach ($context['ticket_form']['custom_fields'][$scope] as $field_id => $field) { if (!$field['editable'] || !in_array($dept, $field['depts'])) { continue; } if (empty($field['options']['inactive'])) { $field['options']['inactive'] = array(); } // Multi-selects are special. Deal with them first. if ($field['type'] == CFIELD_TYPE_MULTI) { $newvalues = array(); foreach ($field['options'] as $k => $v) { if (!empty($_POST['field-' . $field_id . '-' . $k])) { if (!in_array($k, $field['options']['inactive']) || empty($field['is_required'])) { $newvalues[] = $k; } } } $value = !empty($newvalues) ? implode(',', $newvalues) : ''; if (!empty($field['is_required']) && count($newvalues) < $field['is_required']) { $missing_fields[$field_id] = sprintf($txt['error_missing_multi'], $field['name'], $field['is_required']); } } elseif (isset($_POST['field-' . $field_id])) { if ($field['type'] != CFIELD_TYPE_MULTI) { $value = trim($_POST['field-' . $field_id]); } // Now to sanitise the individual value. switch ($field['type']) { case CFIELD_TYPE_TEXT: case CFIELD_TYPE_LARGETEXT: if ($field['is_required'] && empty($value)) { $missing_fields[$field_id] = $field['name']; } else { if (!empty($field['length'])) { $value = $smcFunc['substr']($value, 0, $field['length']); } $value = $smcFunc['htmlspecialchars']($value, ENT_QUOTES); preparsecode($value); } break; case CFIELD_TYPE_INT: // Well, check it was provided with a non empty value and check that that was a number and a whole one at that... if (empty($value) && $field['is_required']) { $missing_fields[$field_id] = $field['name']; } elseif (!empty($value) && (!is_numeric($value) || $value != (string) (int) $value)) { $invalid_fields[$field_id] = $field['name']; } break; case CFIELD_TYPE_FLOAT: // Ordinarily we'd use PHP internally to do this and just cast it. But prior to 5.2.17 / 5.3.5 on x86 builds... it can hang PHP. if (empty($value) && $field['is_required']) { $missing_fields[$field_id] = $field['name']; } elseif (!empty($value) && !preg_match('~^[-+]?\\d*(\\.\\d{0,10}([eE][-+]?\\d{1,2})?)?$~', $value)) { $invalid_fields[$field_id] = $field['name']; } elseif (strpos($value, '.') === 0) { $value = '0' . $value; } elseif (strpos($value, '-.') === 0) { $value = str_replace('-.', '-0.', $value); } break; case CFIELD_TYPE_SELECT: case CFIELD_TYPE_RADIO: // It's set but is it a number and a number that represents a key in the array? Same principle for select and radio. if ($field['is_required'] && (empty($value) || in_array($value, $field['options']['inactive']))) { $missing_fields[$field_id] = $field['name']; } elseif (!empty($value) && (!is_numeric($value) || !isset($field['options'][(int) $value]))) { $invalid_fields[$field_id] = $field['name']; } break; case CFIELD_TYPE_CHECKBOX: // If there's something in it, it's on, simple as that. $value = 1; break; } } elseif ($field['is_required']) { $missing_fields[$field_id] = $field['name']; } elseif ($field['type'] == CFIELD_TYPE_CHECKBOX) { $value = 0; } // Did we actually come up with a value in the end? if (isset($value)) { // OK... well, if it's a new ticket, we're saving the value. Even if it's default, so that we're clear that there is a value for it. $context['ticket_form']['custom_fields'][$scope][$field_id]['new_value'] = $value; unset($value); // for next time } } return array($missing_fields, $invalid_fields); }
/** * Post a message at the end of the original topic * * @param string $reason the text that will become the message body * @param string $subject the text that will become the message subject * @param mixed[] $board_info some board informations (at least id, name, if posts are counted) * @param string $new_topic used to buld the url for moving to a new topic */ function postSplitRedirect($reason, $subject, $board_info, $new_topic) { global $scripturl, $user_info, $language, $txt, $topic, $board; // Should be in the boardwide language. if ($user_info['language'] != $language) { loadLanguage('index', $language); } preparsecode($reason); // Add a URL onto the message. $reason = strtr($reason, array($txt['movetopic_auto_board'] => '[url=' . $scripturl . '?board=' . $board_info['id'] . '.0]' . $board_info['name'] . '[/url]', $txt['movetopic_auto_topic'] => '[iurl]' . $scripturl . '?topic=' . $new_topic . '.0[/iurl]')); $msgOptions = array('subject' => $txt['split'] . ': ' . strtr(Util::htmltrim(Util::htmlspecialchars($subject)), array("\r" => '', "\n" => '', "\t" => '')), 'body' => $reason, 'icon' => 'moved', 'smileys_enabled' => 1); $topicOptions = array('id' => $topic, 'board' => $board, 'mark_as_read' => true); $posterOptions = array('id' => $user_info['id'], 'update_post_count' => empty($board_info['count_posts'])); createPost($msgOptions, $topicOptions, $posterOptions); }
function sendpm($recipients, $subject, $message, $store_outbox = false, $from = null) { global $db_prefix, $ID_MEMBER, $scripturl, $txt, $user_info, $language, $func, $modSettings; // Initialize log array. $log = array('failed' => array(), 'sent' => array()); if ($from === null) { $from = array('id' => $ID_MEMBER, 'name' => $user_info['name'], 'username' => $user_info['username']); } else { $user_info['name'] = $from['name']; } // This is the one that will go in their inbox. $htmlmessage = $func['htmlspecialchars']($message, ENT_QUOTES); $htmlsubject = $func['htmlspecialchars']($subject); preparsecode($htmlmessage); // Integrated PMs if (isset($modSettings['integrate_personal_message']) && function_exists($modSettings['integrate_personal_message'])) { $modSettings['integrate_personal_message']($recipients, $from['username'], $subject, $message); } // Get a list of usernames and convert them to IDs. $usernames = array(); foreach ($recipients as $rec_type => $rec) { foreach ($rec as $id => $member) { if (!is_numeric($recipients[$rec_type][$id])) { $recipients[$rec_type][$id] = $func['strtolower'](trim(preg_replace('/[<>&"\'=\\\\]/', '', $recipients[$rec_type][$id]))); $usernames[$recipients[$rec_type][$id]] = 0; } } } if (!empty($usernames)) { $request = db_query("\n\t\t\tSELECT ID_MEMBER, memberName\n\t\t\tFROM {$db_prefix}members\n\t\t\tWHERE memberName IN ('" . implode("', '", array_keys($usernames)) . "')", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($request)) { if (isset($usernames[$func['strtolower']($row['memberName'])])) { $usernames[$func['strtolower']($row['memberName'])] = $row['ID_MEMBER']; } } mysql_free_result($request); // Replace the usernames with IDs. Drop usernames that couldn't be found. foreach ($recipients as $rec_type => $rec) { foreach ($rec as $id => $member) { if (is_numeric($recipients[$rec_type][$id])) { continue; } if (!empty($usernames[$member])) { $recipients[$rec_type][$id] = $usernames[$member]; } else { $log['failed'][] = sprintf($txt['pm_error_user_not_found'], $recipients[$rec_type][$id]); unset($recipients[$rec_type][$id]); } } } } // Make sure there are no duplicate 'to' members. $recipients['to'] = array_unique($recipients['to']); // Only 'bcc' members that aren't already in 'to'. $recipients['bcc'] = array_diff(array_unique($recipients['bcc']), $recipients['to']); // Combine 'to' and 'bcc' recipients. $all_to = array_merge($recipients['to'], $recipients['bcc']); $request = db_query("\n\t\tSELECT\n\t\t\tmem.memberName, mem.realName, mem.ID_MEMBER, mem.emailAddress, mem.lngfile, mg.maxMessages,\n\t\t\tmem.pm_email_notify, mem.instantMessages," . (allowedTo('moderate_forum') ? ' 0' : "\n\t\t\t(mem.pm_ignore_list = '*' OR FIND_IN_SET({$from['id']}, mem.pm_ignore_list))") . " AS ignored,\n\t\t\tFIND_IN_SET({$from['id']}, mem.buddy_list) AS is_buddy, mem.is_activated,\n\t\t\t(mem.ID_GROUP = 1 OR FIND_IN_SET(1, mem.additionalGroups)) AS is_admin\n\t\tFROM {$db_prefix}members AS mem\n\t\t\tLEFT JOIN {$db_prefix}membergroups AS mg ON (mg.ID_GROUP = IF(mem.ID_GROUP = 0, mem.ID_POST_GROUP, mem.ID_GROUP))\n\t\tWHERE mem.ID_MEMBER IN (" . implode(", ", $all_to) . ")\n\t\tORDER BY mem.lngfile\n\t\tLIMIT " . count($all_to), __FILE__, __LINE__); $notifications = array(); while ($row = mysql_fetch_assoc($request)) { // Has the receiver gone over their message limit, assuming that neither they nor the sender are important?! if (!empty($row['maxMessages']) && $row['maxMessages'] <= $row['instantMessages'] && !allowedTo('moderate_forum') && !$row['is_admin']) { $log['failed'][] = sprintf($txt['pm_error_data_limit_reached'], $row['realName']); unset($all_to[array_search($row['ID_MEMBER'], $all_to)]); continue; } if (!empty($row['ignored'])) { $log['failed'][] = sprintf($txt['pm_error_ignored_by_user'], $row['realName']); unset($all_to[array_search($row['ID_MEMBER'], $all_to)]); continue; } // Send a notification, if enabled - taking into account buddy list!. if (!empty($row['emailAddress']) && ($row['pm_email_notify'] == 1 || $row['pm_email_notify'] > 1 && ($row['is_buddy'] || !empty($modSettings['enable_buddylist']))) && $row['is_activated'] == 1) { $notifications[empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']][] = $row['emailAddress']; } $log['sent'][] = sprintf(isset($txt['pm_successfully_sent']) ? $txt['pm_successfully_sent'] : '', $row['realName']); } mysql_free_result($request); // Only 'send' the message if there are any recipients left. if (empty($all_to)) { return $log; } // Insert the message itself and then grab the last insert id. db_query("\n\t\tINSERT INTO {$db_prefix}personal_messages\n\t\t\t(ID_MEMBER_FROM, deletedBySender, fromName, msgtime, subject, body)\n\t\tVALUES ({$from['id']}, " . ($store_outbox ? '0' : '1') . ", SUBSTRING('{$from['username']}', 1, 255), " . time() . ", SUBSTRING('{$htmlsubject}', 1, 255), SUBSTRING('{$htmlmessage}', 1, 65534))", __FILE__, __LINE__); $ID_PM = db_insert_id(); // Add the recipients. if (!empty($ID_PM)) { // Some people think manually deleting personal_messages is fun... it's not. We protect against it though :) db_query("\n\t\t\tDELETE FROM {$db_prefix}pm_recipients\n\t\t\tWHERE ID_PM = {$ID_PM}", __FILE__, __LINE__); $insertRows = array(); foreach ($all_to as $to) { $insertRows[] = "({$ID_PM}, {$to}, " . (in_array($to, $recipients['bcc']) ? '1' : '0') . ')'; } db_query("\n\t\t\tINSERT INTO {$db_prefix}pm_recipients\n\t\t\t\t(ID_PM, ID_MEMBER, bcc)\n\t\t\tVALUES " . implode(', ', $insertRows), __FILE__, __LINE__); } $message = stripslashes($message); censorText($message); censorText($subject); $message = trim(un_htmlspecialchars(strip_tags(strtr(parse_bbc(htmlspecialchars($message), false), array('<br />' => "\n", '</div>' => "\n", '</li>' => "\n", '[' => '[', ']' => ']'))))); foreach ($notifications as $lang => $notification_list) { // Make sure to use the right language. if (loadLanguage('PersonalMessage', $lang, false) === false) { loadLanguage('InstantMessage', $lang, false); } // Replace the right things in the message strings. $mailsubject = str_replace(array('SUBJECT', 'SENDER'), array($subject, un_htmlspecialchars($from['name'])), $txt[561]); $mailmessage = str_replace(array('SUBJECT', 'MESSAGE', 'SENDER'), array($subject, $message, un_htmlspecialchars($from['name'])), $txt[562]); $mailmessage .= "\n\n" . $txt['instant_reply'] . ' ' . $scripturl . '?action=pm;sa=send;f=inbox;pmsg=' . $ID_PM . ';quote;u=' . $from['id']; // Off the notification email goes! sendmail($notification_list, $mailsubject, $mailmessage, null, 'p' . $ID_PM); } // Back to what we were on before! if (loadLanguage('PersonalMessage') === false) { loadLanguage('InstantMessage'); } // Add one to their unread and read message counts. updateMemberData($all_to, array('instantMessages' => '+', 'unreadMessages' => '+')); return $log; }
function UpdateJSONFeedBots() { global $smcFunc, $txt, $context, $sourcedir, $tag_attrs, $feedcount, $smcFunc, $maxitemcount, $insideitem, $tag, $modSettings; // Load the language files if (loadlanguage('FeedPoster') == false) { loadLanguage('FeedPoster', 'english'); } // First get all the enabled bots $context['feeds'] = array(); $request = $smcFunc['db_query']('', "\n\t\t\tSELECT\n\t\t\t\tID_FEED, ID_BOARD, feedurl, title, postername, updatetime, enabled, html,\n\t\t\t\tID_MEMBER, locked, articlelink, topicprefix, numbertoimport, importevery,\n\t\t\t\tmsgicon, footer, id_topic \n\t\t\tFROM {db_prefix}feedbot\n\t\t\tWHERE enabled = 1 AND json = 1"); while ($row = $smcFunc['db_fetch_assoc']($request)) { $request2 = $smcFunc['db_query']('', "\n\t\t\tSELECT\n\t\t\t\tcount_posts\n\t\t\tFROM {db_prefix}boards \n\t\t\tWHERE ID_BOARD = " . $row['ID_BOARD']); $row2 = $smcFunc['db_fetch_assoc']($request2); $row['count_posts'] = $row2['count_posts']; $context['feeds'][] = $row; } $smcFunc['db_free_result']($request); // For the createPost function require_once $sourcedir . '/Subs-Post.php'; require_once $sourcedir . '/Subs-Editor.php'; // Check if a field expired foreach ($context['feeds'] as $key => $feed) { $current_time = time(); // If the feedbot time to next import has expired if ($current_time > $feed['updatetime']) { $feeddata = disguise_curl($feed['feedurl']); $json_feed_object = json_decode($feeddata); $feedcount = 0; $context['feeditems'] = array(); if (!empty($json_feed_object->entries)) { foreach ($json_feed_object->entries as $entry) { // echo "<h2>{$entry->title}</h2>"; // $published = date("g:i A F j, Y", strtotime($entry->published)); // echo "<small>{$published}</small>"; //echo "<p>{$entry->content}</p>"; $context['feeditems'][$feedcount]['title'] = (string) $entry->title; $context['feeditems'][$feedcount]['description'] = (string) $entry->content; $context['feeditems'][$feedcount]['description'] = html_to_bbc($context['feeditems'][$feedcount]['description']); $context['feeditems'][$feedcount]['link'] = (string) $entry->alternate; $feedcount++; } } if (!empty($feeddata)) { // Process the XML $maxitemcount = $feed['numbertoimport']; $context['feeditems'] = array_reverse($context['feeditems']); // Loop though all the items $myfeedcount = 0; for ($i = 0; $i < $feedcount; $i++) { if ($myfeedcount >= $maxitemcount) { continue; } // Check feed Log // Generate the hash for the log if (!isset($context['feeditems'][$i]['title']) || !isset($context['feeditems'][$i]['description'])) { continue; } if (empty($context['feeditems'][$i]['title']) && empty($context['feeditems'][$i]['description'])) { continue; } $itemhash = md5($context['feeditems'][$i]['title'] . $context['feeditems'][$i]['description']); $request = $smcFunc['db_query']('', "\n\t\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t\tfeedtime\n\t\t\t\t\t\t\tFROM {db_prefix}feedbot_log\n\t\t\t\t\t\t\tWHERE feedhash = '{$itemhash}'"); $smcFunc['db_free_result']($request); // If no has has found that means no duplicate entry if ($smcFunc['db_affected_rows']() == 0) { // Create the Post $msg_title = $smcFunc['htmlspecialchars']($feed['html'] ? $context['feeditems'][$i]['title'] : strip_tags($context['feeditems'][$i]['title']), ENT_QUOTES); $msg_title = trim($msg_title); $msg_body = ''; if ($feed['html']) { $msg_body = $smcFunc['htmlspecialchars']($context['feeditems'][$i]['description'], ENT_QUOTES); $msg_body = trim($msg_body); preparsecode($msg_body); $msg_body = '[html]' . $msg_body . '[/html]'; $msg_body .= $smcFunc['htmlspecialchars']("\n\n" . $txt['feedposter_source'] . "[url=" . $context['feeditems'][$i]['link'] . "]" . $msg_title . "[/url]", ENT_QUOTES); if (!empty($feed['footer'])) { $msg_body .= $smcFunc['htmlspecialchars']("\n\n" . $feed['footer'], ENT_QUOTES); } } else { $msg_body = $smcFunc['htmlspecialchars'](strip_tags($context['feeditems'][$i]['description']), ENT_QUOTES); $msg_body = trim($msg_body); $msg_body .= $smcFunc['htmlspecialchars']("\n\n" . $txt['feedposter_source'] . "[url=" . $context['feeditems'][$i]['link'] . "]" . $msg_title . "[/url]", ENT_QUOTES); if (!empty($feed['footer'])) { $msg_body .= $smcFunc['htmlspecialchars']("\n\n" . $feed['footer'], ENT_QUOTES); } } $msg_title = htmlspecialchars_decode($msg_title); $msg_body = htmlspecialchars_decode($msg_body); $updatePostCount = $feed['ID_MEMBER'] == 0 ? 0 : 1; if ($feed['count_posts'] == 0) { $updatePostCount = 0; } $msgOptions = array('id' => 0, 'subject' => $feed['topicprefix'] . $msg_title, 'body' => '[b]' . $msg_title . "[/b]\n\n" . $msg_body, 'icon' => $feed['msgicon'], 'smileys_enabled' => 1, 'attachments' => array()); $topicOptions = array('id' => $row['id_topic'], 'board' => $feed['ID_BOARD'], 'poll' => null, 'lock_mode' => $feed['locked'], 'sticky_mode' => null, 'mark_as_read' => false); $posterOptions = array('id' => $feed['ID_MEMBER'], 'name' => $feed['postername'], 'email' => '', 'ip' => '127.0.0.1', 'update_post_count' => $updatePostCount); createPost($msgOptions, $topicOptions, $posterOptions); $topicID = 0; if (isset($topicOptions['id'])) { $topicID = $topicOptions['id']; } $msgID = 0; if (isset($msgOptions['id'])) { $msgID = $msgOptions['id']; } // Add Feed Log $fid = $feed['ID_FEED']; $ftime = time(); $smcFunc['db_query']('', "\n\t\t\t\t\t\t\t\tINSERT INTO {db_prefix}feedbot_log\n\t\t\t\t\t\t\t\t\t(ID_FEED, feedhash, feedtime, ID_TOPIC,ID_MSG)\n\t\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t\t({$fid},'{$itemhash}',{$ftime},{$topicID},{$msgID})"); $smcFunc['db_query']('', "\n\t\t\t\t\t\t\t\tUPDATE {db_prefix}feedbot\n\t\t\t\t\t\t\t\tSET total_posts = total_posts + 1 \n\t\t\t\t\t\t\t\tWHERE ID_FEED = {$fid}\n\t\t\t\t\t\t\t\t"); $myfeedcount++; } } } // End get feed data // Set the RSS Feed Update time $updatetime = time() + 60 * $feed['importevery']; $smcFunc['db_query']('', "\n\t\t\tUPDATE {db_prefix}feedbot \n\t\t\tSET \n\t\t\t\tupdatetime = '{$updatetime}'\n\t\t\n\t\t\tWHERE ID_FEED = " . $feed['ID_FEED']); } // End expire check } // End for each feed }
function MoveTopic2() { global $txt, $board, $topic, $scripturl, $sourcedir, $modSettings, $context; global $board, $language, $user_info, $smcFunc; if (empty($topic)) { fatal_lang_error('no_access', false); } // You can't choose to have a redirection topic and use an empty reason. if (isset($_POST['postRedirect']) && (!isset($_POST['reason']) || trim($_POST['reason']) == '')) { fatal_lang_error('movetopic_no_reason', false); } // Make sure this form hasn't been submitted before. checkSubmitOnce('check'); $request = $smcFunc['db_query']('', ' SELECT id_member_started, id_first_msg, approved FROM {db_prefix}topics WHERE id_topic = {int:current_topic} LIMIT 1', array('current_topic' => $topic)); list($id_member_started, $id_first_msg, $context['is_approved']) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Can they see it? if (!$context['is_approved']) { isAllowedTo('approve_posts'); } // Can they move topics on this board? if (!allowedTo('move_any')) { if ($id_member_started == $user_info['id']) { isAllowedTo('move_own'); $boards = array_merge(boardsAllowedTo('move_own'), boardsAllowedTo('move_any')); } else { isAllowedTo('move_any'); } } else { $boards = boardsAllowedTo('move_any'); } // If this topic isn't approved don't let them move it if they can't approve it! if ($modSettings['postmod_active'] && !$context['is_approved'] && !allowedTo('approve_posts')) { // Only allow them to move it to other boards they can't approve it in. $can_approve = boardsAllowedTo('approve_posts'); $boards = array_intersect($boards, $can_approve); } checkSession(); require_once $sourcedir . '/Subs-Post.php'; // The destination board must be numeric. $_POST['toboard'] = (int) $_POST['toboard']; // Make sure they can see the board they are trying to move to (and get whether posts count in the target board). $request = $smcFunc['db_query']('', ' SELECT b.count_posts, b.name, m.subject FROM {db_prefix}boards AS b INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic}) INNER JOIN {db_prefix}messages AS m ON (m.id_msg = t.id_first_msg) WHERE {query_see_board} AND b.id_board = {int:to_board} AND b.redirect = {string:blank_redirect} LIMIT 1', array('current_topic' => $topic, 'to_board' => $_POST['toboard'], 'blank_redirect' => '')); if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_board'); } list($pcounter, $board_name, $subject) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Remember this for later. $_SESSION['move_to_topic'] = $_POST['toboard']; // Rename the topic... if (isset($_POST['reset_subject'], $_POST['custom_subject']) && $_POST['custom_subject'] != '') { $_POST['custom_subject'] = strtr($smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['custom_subject'])), array("\r" => '', "\n" => '', "\t" => '')); // Keep checking the length. if ($smcFunc['strlen']($_POST['custom_subject']) > 100) { $_POST['custom_subject'] = $smcFunc['substr']($_POST['custom_subject'], 0, 100); } // If it's still valid move onwards and upwards. if ($_POST['custom_subject'] != '') { if (isset($_POST['enforce_subject'])) { // Get a response prefix, but in the forum's default language. if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) { if ($language === $user_info['language']) { $context['response_prefix'] = $txt['response_prefix']; } else { loadLanguage('index', $language, false); $context['response_prefix'] = $txt['response_prefix']; loadLanguage('index'); } cache_put_data('response_prefix', $context['response_prefix'], 600); } $smcFunc['db_query']('', ' UPDATE {db_prefix}messages SET subject = {string:subject} WHERE id_topic = {int:current_topic}', array('current_topic' => $topic, 'subject' => $context['response_prefix'] . $_POST['custom_subject'])); } $smcFunc['db_query']('', ' UPDATE {db_prefix}messages SET subject = {string:custom_subject} WHERE id_msg = {int:id_first_msg}', array('id_first_msg' => $id_first_msg, 'custom_subject' => $_POST['custom_subject'])); // Fix the subject cache. updateStats('subject', $topic, $_POST['custom_subject']); } } // Create a link to this in the old board. //!!! Does this make sense if the topic was unapproved before? I'd just about say so. if (isset($_POST['postRedirect'])) { // Should be in the boardwide language. if ($user_info['language'] != $language) { loadLanguage('index', $language); } $_POST['reason'] = $smcFunc['htmlspecialchars']($_POST['reason'], ENT_QUOTES); preparsecode($_POST['reason']); // Add a URL onto the message. $_POST['reason'] = strtr($_POST['reason'], array($txt['movetopic_auto_board'] => '[url=' . $scripturl . '?board=' . $_POST['toboard'] . '.0]' . $board_name . '[/url]', $txt['movetopic_auto_topic'] => '[iurl]' . $scripturl . '?topic=' . $topic . '.0[/iurl]')); $msgOptions = array('subject' => $txt['moved'] . ': ' . $subject, 'body' => $_POST['reason'], 'icon' => 'moved', 'smileys_enabled' => 1); $topicOptions = array('board' => $board, 'lock_mode' => 1, 'mark_as_read' => true); $posterOptions = array('id' => $user_info['id'], 'update_post_count' => empty($pcounter)); createPost($msgOptions, $topicOptions, $posterOptions); } $request = $smcFunc['db_query']('', ' SELECT count_posts FROM {db_prefix}boards WHERE id_board = {int:current_board} LIMIT 1', array('current_board' => $board)); list($pcounter_from) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if ($pcounter_from != $pcounter) { $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}messages WHERE id_topic = {int:current_topic} AND approved = {int:is_approved}', array('current_topic' => $topic, 'is_approved' => 1)); $posters = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { if (!isset($posters[$row['id_member']])) { $posters[$row['id_member']] = 0; } $posters[$row['id_member']]++; } $smcFunc['db_free_result']($request); foreach ($posters as $id_member => $posts) { // The board we're moving from counted posts, but not to. if (empty($pcounter_from)) { updateMemberData($id_member, array('posts' => 'posts - ' . $posts)); } else { updateMemberData($id_member, array('posts' => 'posts + ' . $posts)); } } } // Do the move (includes statistics update needed for the redirect topic). moveTopics($topic, $_POST['toboard']); // Log that they moved this topic. if (!allowedTo('move_own') || $id_member_started != $user_info['id']) { logAction('move', array('topic' => $topic, 'board_from' => $board, 'board_to' => $_POST['toboard'])); } // Notify people that this topic has been moved? sendNotifications($topic, 'move'); // Why not go back to the original board in case they want to keep moving? if (!isset($_REQUEST['goback'])) { redirectexit('board=' . $board . '.0'); } else { redirectexit('topic=' . $topic . '.0'); } }
/** * Edit a 'it bounced' template. * * @uses bounce_template sub template */ public function action_modify_bounce_templates() { global $context, $txt, $user_info; require_once SUBSDIR . '/Moderation.subs.php'; $context['id_template'] = isset($_REQUEST['tid']) ? (int) $_REQUEST['tid'] : 0; $context['is_edit'] = (bool) $context['id_template']; // Standard template things, you know the drill $context['page_title'] = $context['is_edit'] ? $txt['ml_bounce_template_modify'] : $txt['ml_bounce_template_add']; $context['sub_template'] = 'bounce_template'; $context[$context['admin_menu_name']]['current_subsection'] = 'templates'; // Defaults to show $context['template_data'] = array('title' => '', 'body' => $txt['ml_bounce_template_body_default'], 'subject' => $txt['ml_bounce_template_subject_default'], 'personal' => false, 'can_edit_personal' => true); // If it's an edit load it. if ($context['is_edit']) { modLoadTemplate($context['id_template'], 'bnctpl'); } // Wait, we are saving? if (isset($_POST['save'])) { checkSession('post'); validateToken('mod-mlt'); // To check the BBC is good... require_once SUBSDIR . '/Post.subs.php'; // Bit of cleaning! $template_body = trim($_POST['template_body']); $template_title = trim($_POST['template_title']); // Need something in both boxes. if (!empty($template_body) && !empty($template_title)) { // Safety first. $template_title = Util::htmlspecialchars($template_title); // Clean up BBC. preparsecode($template_body); // But put line breaks back! $template_body = strtr($template_body, array('<br />' => "\n")); // Is this personal? $recipient_id = !empty($_POST['make_personal']) ? $user_info['id'] : 0; // Updating or adding ? if ($context['is_edit']) { // Simple update... modAddUpdateTemplate($recipient_id, $template_title, $template_body, $context['id_template'], true, 'bnctpl'); // If it wasn't visible and now is they've effectively added it. if ($context['template_data']['personal'] && !$recipient_id) { logAction('add_bounce_template', array('template' => $template_title)); } elseif (!$context['template_data']['personal'] && $recipient_id) { logAction('delete_bounce_template', array('template' => $template_title)); } else { logAction('modify_bounce_template', array('template' => $template_title)); } } else { modAddUpdateTemplate($recipient_id, $template_title, $template_body, $context['id_template'], false, 'bnctpl'); logAction('add_bounce_template', array('template' => $template_title)); } // Get out of town... redirectexit('action=admin;area=maillist;sa=emailtemplates'); } else { $context['warning_errors'] = array(); $context['template_data']['title'] = !empty($template_title) ? $template_title : ''; $context['template_data']['body'] = !empty($template_body) ? $template_body : $txt['ml_bounce_template_body_default']; $context['template_data']['personal'] = !empty($recipient_id); if (empty($template_title)) { $context['warning_errors'][] = $txt['ml_bounce_template_error_no_title']; } if (empty($template_body)) { $context['warning_errors'][] = $txt['ml_bounce_template_error_no_body']; } } } createToken('mod-mlt'); }
function sportal_admin_page_edit() { global $txt, $context, $modSettings, $smcFunc, $sourcedir, $options; require_once $sourcedir . '/Subs-Editor.php'; require_once $sourcedir . '/Subs-Post.php'; $context['SPortal']['is_new'] = empty($_REQUEST['page_id']); if (!empty($_REQUEST['content_mode']) && $_POST['type'] == 'bbc') { $_REQUEST['content'] = html_to_bbc($_REQUEST['content']); $_REQUEST['content'] = un_htmlspecialchars($_REQUEST['content']); $_POST['content'] = $_REQUEST['content']; } $context['sides'] = array(5 => $txt['sp-positionHeader'], 1 => $txt['sp-positionLeft'], 2 => $txt['sp-positionTop'], 3 => $txt['sp-positionBottom'], 4 => $txt['sp-positionRight'], 6 => $txt['sp-positionFooter']); $blocks = getBlockInfo(); $context['page_blocks'] = array(); foreach ($blocks as $block) { $shown = false; $tests = array('all', 'allpages', 'sforum'); if (!$context['SPortal']['is_new']) { $tests[] = 'p' . (int) $_REQUEST['page_id']; } foreach (array('display', 'display_custom') as $field) { if (substr($block[$field], 0, 4) === '$php') { continue 2; } $block[$field] = explode(',', $block[$field]); if (!$context['SPortal']['is_new'] && in_array('-p' . (int) $_REQUEST['page_id'], $block[$field])) { continue; } foreach ($tests as $test) { if (in_array($test, $block[$field])) { $shown = true; break; } } } $context['page_blocks'][$block['column']][] = array('id' => $block['id'], 'label' => $block['label'], 'shown' => $shown); } if (!empty($_POST['submit'])) { checkSession(); if (!isset($_POST['title']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES)) === '') { fatal_lang_error('sp_error_page_name_empty', false); } if (!isset($_POST['namespace']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES)) === '') { fatal_lang_error('sp_error_page_namespace_empty', false); } $result = $smcFunc['db_query']('', ' SELECT id_page FROM {db_prefix}sp_pages WHERE namespace = {string:namespace} AND id_page != {int:current} LIMIT 1', array('limit' => 1, 'namespace' => $smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES), 'current' => (int) $_POST['page_id'])); list($has_duplicate) = $smcFunc['db_fetch_row']($result); $smcFunc['db_free_result']($result); if (!empty($has_duplicate)) { fatal_lang_error('sp_error_page_namespace_duplicate', false); } if (preg_match('~[^A-Za-z0-9_]+~', $_POST['namespace']) != 0) { fatal_lang_error('sp_error_page_namespace_invalid_chars', false); } if (preg_replace('~[0-9]+~', '', $_POST['namespace']) === '') { fatal_lang_error('sp_error_page_namespace_numeric', false); } if ($_POST['type'] == 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) { $error = sp_validate_php($_POST['content']); if ($error) { fatal_lang_error('error_sp_php_' . $error, false); } } $permission_set = 0; $groups_allowed = $groups_denied = ''; if (!empty($_POST['permission_set'])) { $permission_set = (int) $_POST['permission_set']; } elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) { $groups_allowed = $groups_denied = array(); foreach ($_POST['membergroups'] as $id => $value) { if ($value == 1) { $groups_allowed[] = (int) $id; } elseif ($value == -1) { $groups_denied[] = (int) $id; } } $groups_allowed = implode(',', $groups_allowed); $groups_denied = implode(',', $groups_denied); } if (!empty($_POST['blocks']) && is_array($_POST['blocks'])) { foreach ($_POST['blocks'] as $id => $block) { $_POST['blocks'][$id] = (int) $block; } } else { $_POST['blocks'] = array(); } $fields = array('namespace' => 'string', 'title' => 'string', 'body' => 'string', 'type' => 'string', 'permission_set' => 'int', 'groups_allowed' => 'string', 'groups_denied' => 'string', 'style' => 'string', 'status' => 'int'); $page_info = array('id' => (int) $_POST['page_id'], 'namespace' => $smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES), 'title' => $smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES), 'body' => $smcFunc['htmlspecialchars']($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']) ? 1 : 0); if ($page_info['type'] == 'bbc') { preparsecode($page_info['body']); } if ($context['SPortal']['is_new']) { unset($page_info['id']); $smcFunc['db_insert']('', '{db_prefix}sp_pages', $fields, $page_info, array('id_page')); $page_info['id'] = $smcFunc['db_insert_id']('{db_prefix}sp_pages', 'id_page'); } else { $update_fields = array(); foreach ($fields as $name => $type) { $update_fields[] = $name . ' = {' . $type . ':' . $name . '}'; } $smcFunc['db_query']('', ' UPDATE {db_prefix}sp_pages SET ' . implode(', ', $update_fields) . ' WHERE id_page = {int:id}', $page_info); } $to_show = array(); $not_to_show = array(); $changes = array(); foreach ($context['page_blocks'] as $page_blocks) { foreach ($page_blocks as $block) { if ($block['shown'] && !in_array($block['id'], $_POST['blocks'])) { $not_to_show[] = $block['id']; } elseif (!$block['shown'] && in_array($block['id'], $_POST['blocks'])) { $to_show[] = $block['id']; } } } foreach ($to_show as $id) { if (empty($blocks[$id]['display']) && empty($blocks[$id]['display_custom']) || $blocks[$id]['display'] == 'sportal') { $changes[$id] = array('display' => 'portal,p' . $page_info['id'], 'display_custom' => ''); } elseif (in_array($blocks[$id]['display'], array('allaction', 'allboard'))) { $changes[$id] = array('display' => '', 'display_custom' => $blocks[$id]['display'] . ',p' . $page_info['id']); } elseif (in_array('-p' . $page_info['id'], explode(',', $blocks[$id]['display_custom']))) { $changes[$id] = array('display' => $blocks[$id]['display'], 'display_custom' => implode(',', array_diff(explode(',', $blocks[$id]['display_custom']), array('-p' . $page_info['id'])))); } elseif (empty($blocks[$id]['display_custom'])) { $changes[$id] = array('display' => implode(',', array_merge(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => ''); } else { $changes[$id] = array('display' => $blocks[$id]['display'], 'display_custom' => implode(',', array_merge(explode(',', $blocks[$id]['display_custom']), array('p' . $page_info['id'])))); } } foreach ($not_to_show as $id) { if (count(array_intersect(array($blocks[$id]['display'], $blocks[$id]['display_custom']), array('sforum', 'allpages', 'all'))) > 0) { $changes[$id] = array('display' => '', 'display_custom' => $blocks[$id]['display'] . $blocks[$id]['display_custom'] . ',-p' . $page_info['id']); } elseif (empty($blocks[$id]['display_custom'])) { $changes[$id] = array('display' => implode(',', array_diff(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => ''); } else { $changes[$id] = array('display' => implode(',', array_diff(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => implode(',', array_diff(explode(',', $blocks[$id]['display_custom']), array('p' . $page_info['id'])))); } } foreach ($changes as $id => $data) { $smcFunc['db_query']('', ' UPDATE {db_prefix}sp_blocks SET display = {string:display}, display_custom = {string:display_custom} WHERE id_block = {int:id}', array('id' => $id, 'display' => $data['display'], 'display_custom' => $data['display_custom'])); } redirectexit('action=admin;area=portalpages'); } if (!empty($_POST['preview'])) { $permission_set = 0; $groups_allowed = $groups_denied = array(); if (!empty($_POST['permission_set'])) { $permission_set = (int) $_POST['permission_set']; } elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) { foreach ($_POST['membergroups'] as $id => $value) { if ($value == 1) { $groups_allowed[] = (int) $id; } elseif ($value == -1) { $groups_denied[] = (int) $id; } } } $context['SPortal']['page'] = array('id' => $_POST['page_id'], 'page_id' => $_POST['namespace'], 'title' => $smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES), 'body' => $smcFunc['htmlspecialchars']($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status'])); if ($context['SPortal']['page']['type'] == 'bbc') { preparsecode($context['SPortal']['page']['body']); } loadTemplate('PortalPages'); $context['SPortal']['preview'] = true; } elseif ($context['SPortal']['is_new']) { $context['SPortal']['page'] = array('id' => 0, 'page_id' => 'page' . mt_rand(1, 5000), 'title' => $txt['sp_pages_default_title'], 'body' => '', 'type' => 'bbc', 'permission_set' => 3, 'groups_allowed' => array(), 'groups_denied' => array(), 'style' => '', 'status' => 1); } else { $_REQUEST['page_id'] = (int) $_REQUEST['page_id']; $context['SPortal']['page'] = sportal_get_pages($_REQUEST['page_id']); } if ($context['SPortal']['page']['type'] == 'bbc') { $context['SPortal']['page']['body'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), un_preparsecode($context['SPortal']['page']['body'])); } if ($context['SPortal']['page']['type'] != 'bbc') { $temp_editor = !empty($options['wysiwyg_default']); $options['wysiwyg_default'] = false; } $editorOptions = array('id' => 'content', 'value' => $context['SPortal']['page']['body'], 'width' => '95%', 'height' => '200px', 'preview_type' => 0); create_control_richedit($editorOptions); $context['post_box_name'] = $editorOptions['id']; if (isset($temp_editor)) { $options['wysiwyg_default'] = $temp_editor; } $context['SPortal']['page']['groups'] = sp_load_membergroups(); $context['SPortal']['page']['style'] = sportal_parse_style('explode', $context['SPortal']['page']['style'], !empty($context['SPortal']['preview'])); $context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp_admin_pages_add'] : $txt['sp_admin_pages_edit']; $context['sub_template'] = 'pages_edit'; }
function tpshout_admin() { global $context, $scripturl, $txt, $smcFunc, $sourcedir; // check permissions isAllowedTo('tp_can_admin_shout'); if (!isset($context['tp_panels'])) { $context['tp_panels'] = array(); } if (isset($_GET['p']) && is_numeric($_GET['p'])) { $tpstart = $_GET['p']; } else { $tpstart = 0; } require_once $sourcedir . '/Subs-Post.php'; loadtemplate('TPShout'); $context['template_layers'][] = 'tpadm'; $context['template_layers'][] = 'subtab'; loadlanguage('TPortalAdmin'); TPadminIndex('shout', true); $context['current_action'] = 'admin'; if (isset($_REQUEST['send']) || isset($_REQUEST[$txt['tp-send']]) || isset($_REQUEST['tp_preview']) || isset($_REQUEST['TPadmin_blocks'])) { $go = 0; $changeArray = array(); foreach ($_POST as $what => $value) { if (substr($what, 0, 18) == 'tp_shoutbox_remove') { $val = substr($what, 18); $smcFunc['db_query']('', ' DELETE FROM {db_prefix}tp_shoutbox WHERE id = {int:shout}', array('shout' => $val)); $go = 2; } elseif (substr($what, 0, 18) == 'tp_shoutbox_hidden') { $val = substr($what, 18); if (!empty($_POST['tp_shoutbox_sticky' . $val])) { $value = '1'; } else { $value = ''; } if (!empty($_POST['tp_shoutbox_sticky_layout' . $val]) && is_numeric($_POST['tp_shoutbox_sticky_layout' . $val])) { $svalue = $_POST['tp_shoutbox_sticky_layout' . $val]; } else { $svalue = '0'; } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_shoutbox SET value6 = "' . $value . '",value8 = "' . $svalue . '" WHERE id = {int:shout}', array('shout' => $val)); $go = 2; } elseif ($what == 'tp_shoutsdelall' && $value == 'ON') { $smcFunc['db_query']('', ' DELETE FROM {db_prefix}tp_shoutbox WHERE type = {string:type}', array('type' => 'shoutbox')); $go = 2; } elseif ($what == 'tp_shoutsunstickall' && $value == 'ON') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_shoutbox SET value6 = "0", value8 = "0" WHERE 1'); $go = 2; } elseif (substr($what, 0, 16) == 'tp_shoutbox_item') { $val = substr($what, 16); $bshout = $smcFunc['htmlspecialchars'](substr($value, 0, 300)); preparsecode($bshout); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_shoutbox SET value1 = {string:val1} WHERE id = {int:val}', array('val1' => $bshout, 'val' => $val)); $go = 2; } else { $what = substr($what, 3); if ($what == 'shoutbox_smile') { $changeArray['show_shoutbox_smile'] = $value; } if ($what == 'shoutbox_icons') { $changeArray['show_shoutbox_icons'] = $value; } if ($what == 'shoutbox_height') { $changeArray['shoutbox_height'] = $value; } if ($what == 'shoutbox_usescroll') { $changeArray['shoutbox_usescroll'] = $value; } if ($what == 'shoutbox_scrollduration') { if ($value > 5) { $value = 5; } elseif ($value < 1) { $value = 1; } $changeArray['shoutbox_scrollduration'] = $value; } if ($what == 'shoutbox_limit') { if (!is_numeric($value)) { $value = 10; } $changeArray['shoutbox_limit'] = $value; } if ($what == 'shoutbox_refresh') { if (empty($value)) { $value = '0'; } $changeArray['shoutbox_refresh'] = $value; } if ($what == 'show_profile_shouts') { $changeArray['profile_shouts_hide'] = $value; } if ($what == 'shout_allow_links') { $changeArray['shout_allow_links'] = $value; } if ($what == 'shoutbox_layout') { $changeArray['shoutbox_layout'] = $value; } if ($what == 'shout_submit_returnkey') { $changeArray['shout_submit_returnkey'] = $value; } if ($what == 'shoutbox_stitle') { $changeArray['shoutbox_stitle'] = $value; } } } updateTPSettings($changeArray, true); if (empty($go)) { redirectexit('action=tpmod;shout=admin;settings'); } else { redirectexit('action=tpmod;shout=admin'); } } // get latest shouts for admin section // check that a member has been filtered if (isset($_GET['u'])) { $memID = $_GET['u']; } // check that a IP has been filtered if (isset($_GET['ip'])) { $ip = $_GET['ip']; } if (isset($_GET['s'])) { $single = $_GET['s']; } $context['TPortal']['admin_shoutbox_items'] = array(); if (isset($memID)) { $shouts = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}tp_shoutbox WHERE type = {string:type} AND value5 = {int:val5} AND value7 = {int:val7}', array('type' => 'shoutbox', 'val5' => $memID, 'val7' => 0)); $weh = $smcFunc['db_fetch_row']($shouts); $smcFunc['db_free_result']($shouts); $allshouts = $weh[0]; $context['TPortal']['admin_shoutbox_items_number'] = $allshouts; $context['TPortal']['shoutbox_pageindex'] = 'Member ' . $memID . ' filtered (<a href="' . $scripturl . '?action=tpmod;shout=admin">' . $txt['remove'] . '</a>) <br />' . TPageIndex($scripturl . '?action=tpmod;shout=admin;u=' . $memID, $tpstart, $allshouts, 10, true); $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}tp_shoutbox WHERE type = {string:type} AND value5 = {int:val5} AND value7 = {int:val7} ORDER BY value2 DESC LIMIT {int:start},10', array('type' => 'shoutbox', 'val5' => $memID, 'val7' => 0, 'start' => $tpstart)); } elseif (isset($ip)) { $shouts = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}tp_shoutbox WHERE type = {string:type} AND value4 = {string:val4} AND value7 = {int:val7}', array('type' => 'shoutbox', 'val4' => $ip, 'val7' => 0)); $weh = $smcFunc['db_fetch_row']($shouts); $smcFunc['db_free_result']($shouts); $allshouts = $weh[0]; $context['TPortal']['admin_shoutbox_items_number'] = $allshouts; $context['TPortal']['shoutbox_pageindex'] = 'IP ' . $ip . ' filtered (<a href="' . $scripturl . '?action=tpmod;shout=admin">' . $txt['remove'] . '</a>) <br />' . TPageIndex($scripturl . '?action=tpmod;shout=admin;ip=' . urlencode($ip), $tpstart, $allshouts, 10, true); $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}tp_shoutbox WHERE type = {string:type} AND value4 = {string:val4} AND value7 = {int:val7} ORDER BY value2 DESC LIMIT {int:start}, 10', array('type' => 'shoutbox', 'val4' => $ip, 'val7' => 0, 'start' => $tpstart)); } elseif (isset($single)) { // check session checkSession('get'); $context['TPortal']['shoutbox_pageindex'] = ''; $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}tp_shoutbox WHERE type = {string:type} AND value7 = {int:val7} AND id = {int:shout}', array('type' => 'shoutbox', 'val7' => 0, 'shout' => $single)); } else { $shouts = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}tp_shoutbox WHERE type = {string:type} AND value7 = {int:val7}', array('type' => 'shoutbox', 'val7' => 0)); $weh = $smcFunc['db_fetch_row']($shouts); $smcFunc['db_free_result']($shouts); $allshouts = $weh[0]; $context['TPortal']['admin_shoutbox_items_number'] = $allshouts; $context['TPortal']['shoutbox_pageindex'] = TPageIndex($scripturl . '?action=tpmod;shout=admin', $tpstart, $allshouts, 10, true); $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}tp_shoutbox WHERE type = {string:type} AND value7 = {int:val7} ORDER BY value2 DESC LIMIT {int:start}, 10', array('type' => 'shoutbox', 'val7' => 0, 'start' => $tpstart)); } if ($smcFunc['db_num_rows']($request) > 0) { while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['TPortal']['admin_shoutbox_items'][] = array('id' => $row['id'], 'body' => html_entity_decode($row['value1'], ENT_QUOTES), 'poster' => $row['value3'], 'timestamp' => $row['value2'], 'time' => timeformat($row['value2']), 'ip' => $row['value4'], 'ID_MEMBER' => $row['value5'], 'sort_member' => '<a href="' . $scripturl . '?action=tpmod;shout=admin;u=' . $row['value5'] . '">' . $txt['tp-allshoutsbymember'] . '</a>', 'sticky' => $row['value6'], 'sticky_layout' => $row['value8'], 'sort_ip' => '<a href="' . $scripturl . '?action=tpmod;shout=admin;ip=' . $row['value4'] . '">' . $txt['tp-allshoutsbyip'] . '</a>', 'single' => isset($single) ? '<hr><a href="' . $scripturl . '?action=tpmod;shout=admin"><b>' . $txt['tp-allshouts'] . '</b></a>' : ''); } $smcFunc['db_free_result']($request); } $context['TPortal']['subtabs'] = ''; // setup menu items if (allowedTo('tp_can_admin_shout')) { $context['TPortal']['subtabs'] = array('shoutbox_settings' => array('text' => 'tp-settings', 'url' => $scripturl . '?action=tpmod;shout=admin;settings', 'active' => isset($_GET['action']) && ($_GET['action'] == 'tpmod' || $_GET['action'] == 'tpadmin') && isset($_GET['shout']) && $_GET['shout'] == 'admin' && isset($_GET['settings']) ? true : false), 'shoutbox' => array('text' => 'tp-tabs10', 'url' => $scripturl . '?action=tpmod;shout=admin', 'active' => isset($_GET['action']) && ($_GET['action'] == 'tpmod' || $_GET['action'] == 'tpadmin') && isset($_GET['shout']) && $_GET['shout'] == 'admin' && !isset($_GET['settings']) ? true : false)); $context['admin_header']['tp_shout'] = $txt['tp_shout']; } // on settings screen? if (isset($_GET['settings'])) { $context['sub_template'] = 'tpshout_admin_settings'; } else { $context['sub_template'] = 'tpshout_admin'; } $context['page_title'] = 'Shoutbox admin'; tp_hidebars(); }