html_email_confirmation_error(); exit; } if (isset($t_fid) && !session::check_perm(USER_PERM_THREAD_CREATE | USER_PERM_POST_READ, $t_fid)) { $error_msg_array[] = gettext("You cannot create new threads in this folder"); $valid = false; } if (attachments_get_count($aid) > 0 && !session::check_perm(USER_PERM_POST_ATTACHMENTS | USER_PERM_POST_READ, $t_fid)) { $error_msg_array[] = gettext("You cannot post attachments in this folder. Remove attachments to continue."); $valid = false; } } } if (isset($_POST['t_to_user']) && strlen(trim($_POST['t_to_user'])) > 0) { $t_to_user = trim($_POST['t_to_user']); if ($to_user = user_get_by_logon($t_to_user)) { $t_to_uid = $to_user['UID']; } else { $error_msg_array[] = gettext("Invalid username!"); $valid = false; } } else { if (isset($reply_to_tid) && isset($reply_to_pid)) { if ($message_user = message_get_user($reply_to_tid, $reply_to_pid)) { $t_to_uid = $message_user['UID']; $t_to_user = $message_user['LOGON']; } } } $allow_html = true; $allow_sig = true;
if (!($thread_data = thread_get($tid))) { light_html_draw_error(gettext("The requested thread could not be found or access was denied.")); } $reply_message['CONTENT'] = message_get_content($tid, $reply_to_pid); if (perm_get_user_permissions($reply_message['FROM_UID']) & USER_PERM_WORMED && !session::check_perm(USER_PERM_FOLDER_MODERATE, $fid) || (!isset($reply_message['CONTENT']) || $reply_message['CONTENT'] == "") && $thread_data['POLL_FLAG'] != 'Y' && $reply_to_pid != 0) { light_html_draw_error(gettext("Message not found. Check that it hasn't been deleted.")); } } if (isset($_POST['to_logon'])) { if (strlen(trim($_POST['to_logon'])) > 0) { $to_logon_array = preg_split('/,\\s*/u', trim($_POST['to_logon'], ', ')); $to_logon_array = array_filter(array_map('trim', $to_logon_array), 'strlen'); foreach ($to_logon_array as $key => $recipient) { $to_logon = trim($recipient); unset($to_logon_array[$key]); if (($to_user = user_get_by_logon($to_logon)) !== false) { $to_logon_array[$to_user['UID']] = array('UID' => $to_user['UID'], 'LOGON' => $to_user['LOGON'], 'NICKNAME' => $to_user['NICKNAME']); } else { $error_msg_array[] = sprintf(gettext("User %s not found"), htmlentities_array($to_logon)); $valid = false; } } $to_logon = implode(', ', array_map('user_get_logon_callback', $to_logon_array)); if ($valid && sizeof($to_logon_array) > 10) { $error_msg_array[] = gettext("There is a limit of 10 recipients per message. Please amend your recipient list."); $valid = false; } } } else { if (isset($tid) && isset($reply_to_pid) && $reply_to_pid > 0) { $to_logon = $reply_message['FROM_LOGON'];
} else { $t_old_frequency = ""; } if (isset($_POST['t_max_item_count']) && in_array($_POST['t_max_item_count'], range(1, 10))) { $t_max_item_count = $_POST['t_max_item_count']; } else { $valid = false; $error_msg_array[] = gettext("Max Item Count must be between 1 and 10"); } if (isset($_POST['t_old_max_item_count']) && is_numeric($_POST['t_old_max_item_count'])) { $t_old_max_item_count = $_POST['t_old_max_item_count']; } else { $t_old_max_item_count = 0; } if ($valid && ($t_new_name != $t_old_name || $t_new_user != $t_old_user || $t_new_fid != $t_old_fid || $t_new_url != $t_old_url || $t_new_prefix != $t_old_prefix || $t_new_frequency != $t_old_frequency || $t_max_item_count != $t_old_max_item_count)) { if ($t_user_array = user_get_by_logon($t_new_user)) { $t_new_uid = $t_user_array['UID']; if (rss_feed_update($feed_id, $t_new_name, $t_new_uid, $t_new_fid, $t_new_url, $t_new_prefix, $t_new_frequency, $t_max_item_count)) { $log_data = array($t_new_name, $t_old_name, $t_new_user, $t_old_user, $t_new_fid, $t_old_fid, $t_new_url, $t_old_url, $t_new_prefix, $t_old_prefix, $t_new_frequency, $t_old_frequency); admin_add_log_entry(EDITED_RSS_FEED, $log_data); header_redirect("admin_rss_feeds.php?webtag={$webtag}&edited=true"); exit; } else { $error_msg_array[] = gettext("Failed to update RSS Feed"); } } else { $error_msg_array[] = gettext("Unknown RSS User Account"); } } } } else {
function email_send_pw_reminder($logon) { // Validate function arguments if (!is_string($logon)) { return false; } // Check the User Logon is valid. if (!($to_user = user_get_by_logon($logon))) { return false; } // Get the Swift Mailer Transport if (!($transport = Swift_TransportFactory::get())) { return false; } //Create the Mailer using the returned Transport $mailer = Swift_Mailer::newInstance($transport); // Create a new message $message = Swift_MessageBeehive::newInstance(); // Get Forum Webtag $webtag = get_webtag(); // Validate the email address before we continue. if (!email_address_valid($to_user['EMAIL'])) { return false; } // Get the forum name, subject, recipient, author, thread title and generate // the messages link. Pass all of them through the recipient's word filter. $forum_name = word_filter_apply(forum_get_setting('forum_name', null, 'A Beehive Forum'), $to_user['UID'], true); $subject = word_filter_apply(sprintf(gettext("Your password reset request from %s"), $forum_name), $to_user['UID'], true); $recipient = word_filter_apply(format_user_name($to_user['LOGON'], $to_user['NICKNAME']), $to_user['UID'], true); // Generate the change password link. $change_pw_link = rawurlencode("/change_pw.php?webtag={$webtag}&u={$to_user['UID']}&h={$to_user['PASSWD']}"); $change_pw_link = html_get_forum_uri("index.php?webtag={$webtag}&final_uri={$change_pw_link}"); // Generate the message body. $message_body = wordwrap(sprintf(gettext("Hello %s,\r\n\r\nYou requested this e-mail from %s because you have forgotten your password.\r\n\r\nClick the link below (or copy and paste it into your browser) to reset your password:\r\n\r\n%s"), $recipient, $forum_name, $change_pw_link)); // Add the recipient $message->setTo($to_user['EMAIL'], $recipient); // Set the subject $message->setSubject($subject); // Set the message body $message->setBody($message_body); // Send the email return $mailer->send($message) > 0; }
function email_send_pw_reminder($logon) { if (!is_string($logon)) { return false; } if (!($to_user = user_get_by_logon($logon))) { return false; } if (!($transport = Swift_TransportFactory::get())) { return false; } $mailer = Swift_Mailer::newInstance($transport); $message = Swift_MessageBeehive::newInstance(); $webtag = get_webtag(); forum_check_webtag_available($webtag); if (!email_address_valid($to_user['EMAIL'])) { return false; } $forum_name = word_filter_apply(forum_get_setting('forum_name', null, 'A Beehive Forum'), $to_user['UID'], true); $subject = word_filter_apply(sprintf(gettext("Your password reset request from %1\$s"), $forum_name), $to_user['UID'], true); $recipient = word_filter_apply(format_user_name($to_user['LOGON'], $to_user['NICKNAME']), $to_user['UID'], true); $change_pw_link = rawurlencode("change_pw.php?webtag={$webtag}&u={$to_user['UID']}&h={$to_user['PASSWD']}"); $change_pw_link = html_get_forum_uri("index.php?webtag={$webtag}&final_uri={$change_pw_link}"); $message->setTo($to_user['EMAIL'], $recipient); $message->setSubject($subject); $message->setBody(wordwrap(sprintf(gettext("Hello %1\$s,\n\nYou requested this e-mail from %2\$s because you have forgotten your password.\n\nTo reset your password, please go to:\n%3\$s"), $recipient, $forum_name, $change_pw_link))); $message->addPart(wordwrap_html(sprintf(gettext("<p>Hello %1\$s,</p><p>You requested this e-mail from %2\$s because you have forgotten your password.</p><p>To reset your password, please go to:<br /><a href=\"%3\$s\">%3\$s</a></p>"), $recipient, $forum_name, $change_pw_link)), 'text/html'); return $mailer->send($message); }
echo " <td align=\"left\">\n"; echo " <table class=\"box\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td align=\"left\" class=\"posthead\">\n"; echo " <table class=\"posthead\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td class=\"subhead\" align=\"left\">", gettext("Search Results"), "</td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"center\">\n"; echo " <div class=\"search_popup_results\">\n"; echo " <table width=\"95%\">\n"; } if (sizeof($selected_array) > 0) { foreach ($selected_array as $selected_option) { if ($type == SEARCH_LOGON && ($user_data = user_get_by_logon($selected_option))) { if ($multi === 'Y') { echo " <tr>\n"; echo " <td align=\"left\">", form_checkbox("selected[]", htmlentities_array($user_data['LOGON']), null, true), " <a href=\"user_profile.php?webtag={$webtag}&uid={$user_data['UID']}\" target=\"_blank\" class=\"popup 650x500\">", word_filter_add_ob_tags(format_user_name($user_data['LOGON'], $user_data['NICKNAME']), true), "</a></td>\n"; echo " </tr>\n"; } else { echo " <tr>\n"; echo " <td align=\"left\">", form_radio("selected", htmlentities_array($user_data['LOGON']), null, true), " <a href=\"user_profile.php?webtag={$webtag}&uid={$user_data['UID']}\" target=\"_blank\" class=\"popup 650x500\">", word_filter_add_ob_tags(format_user_name($user_data['LOGON'], $user_data['NICKNAME']), true), "</a></td>\n"; echo " </tr>\n"; } } else { if (($thread_data = thread_get($selected_option)) !== false) { echo " <tr>\n"; echo " <td align=\"left\">", form_radio("selected", $thread_data['TID'], null, true), " <a href=\"messages.php?webtag={$webtag}&msg={$thread_data['TID']}.1\" target=\"_blank\">", word_filter_add_ob_tags($thread_data['TITLE'], true), "</a></td>\n"; echo " </tr>\n"; }
} if (isset($t_reply_mid) && is_numeric($t_reply_mid) && $t_reply_mid > 0) { if ($pm_data = pm_message_get($t_reply_mid)) { $pm_data['CONTENT'] = pm_get_content($t_reply_mid); } else { light_pm_error_refuse(); } } if (isset($_POST['t_to_uid_others']) && strlen(trim($_POST['t_to_uid_others'])) > 0) { $t_recipient_array = preg_split("/[;|,]/u", trim($_POST['t_to_uid_others'])); $t_new_recipient_array['TO_UID'] = array(); $t_new_recipient_array['LOGON'] = array(); $t_new_recipient_array['NICK'] = array(); foreach ($t_recipient_array as $key => $t_recipient) { $to_logon = trim($t_recipient); if ($to_user = user_get_by_logon($to_logon)) { $peer_relationship = user_get_peer_relationship($to_user['UID'], $uid); if (!in_array($to_user['UID'], $t_new_recipient_array['TO_UID'])) { $t_new_recipient_array['TO_UID'][] = $to_user['UID']; $t_new_recipient_array['LOGON'][] = $to_user['LOGON']; $t_new_recipient_array['NICK'][] = $to_user['NICKNAME']; } if ($to_radio == 'others') { if ($peer_relationship ^ USER_BLOCK_PM && user_allow_pm($to_user['UID']) || session::check_perm(USER_PERM_FOLDER_MODERATE, 0)) { pm_user_prune_folders(); if (pm_get_free_space($uid) < sizeof($t_new_recipient_array['TO_UID'])) { $error_msg_array[] = gettext("You do not have enough free space to send this message."); $valid = false; } } else { $error_msg_array[] = sprintf(gettext("%s has opted out of receiving personal messages"), $to_logon);
require_once BH_INCLUDE_PATH . 'user.inc.php'; require_once BH_INCLUDE_PATH . 'user_profile.inc.php'; require_once BH_INCLUDE_PATH . 'user_rel.inc.php'; require_once BH_INCLUDE_PATH . 'word_filter.inc.php'; // End Required includes $uid = null; $logon = null; if (isset($_GET['uid']) && is_numeric($_GET['uid'])) { $uid = $_GET['uid']; if (!($logon = user_get_logon($uid))) { html_draw_error(gettext("Unknown user")); } } else { if (isset($_GET['logon']) && strlen(trim($_GET['logon'])) > 0) { $logon = trim($_GET['logon']); if (($user_array = user_get_by_logon($logon)) !== false) { $uid = $user_array['UID']; } } } if (!isset($uid)) { html_draw_error(gettext("No user specified.")); } // Get the Profile Sections. $profile_sections = profile_sections_get(); // Get the user's profile data. $user_profile = user_get_profile($uid); // User relationship. $peer_relationship = user_get_relationship($uid, $_SESSION['UID']); // Popup title. $page_title = format_user_name($user_profile['LOGON'], $user_profile['NICKNAME']);
if (isset($_POST['fid']) && is_numeric($_POST['fid'])) { $fid = $_POST['fid']; } else { $error_msg_array[] = gettext("Invalid forum or forum is not available"); $valid = false; } if ($valid && ($forum_data = forum_get($fid))) { if (isset($_POST['t_name']) && strlen(trim($_POST['t_name'])) > 0) { $t_name = trim($_POST['t_name']); } else { $error_msg_array[] = gettext("You must supply a forum name"); $valid = false; } if (isset($_POST['t_owner']) && strlen(trim($_POST['t_owner'])) > 0) { $t_owner = trim($_POST['t_owner']); if (($t_user_array = user_get_by_logon($t_owner)) !== false) { $t_owner_uid = $t_user_array['UID']; } else { $valid = false; $error_msg_array[] = gettext("Unknown user"); } } else { $t_owner = ""; $t_owner_uid = 0; } if (isset($_POST['t_access']) && is_numeric($_POST['t_access'])) { $t_access = $_POST['t_access']; } else { $error_msg_array[] = gettext("You must supply a forum access level"); $valid = false; }
require_once BH_INCLUDE_PATH . 'logon.inc.php'; require_once BH_INCLUDE_PATH . 'profile.inc.php'; require_once BH_INCLUDE_PATH . 'session.inc.php'; require_once BH_INCLUDE_PATH . 'user.inc.php'; require_once BH_INCLUDE_PATH . 'user_profile.inc.php'; require_once BH_INCLUDE_PATH . 'user_rel.inc.php'; require_once BH_INCLUDE_PATH . 'word_filter.inc.php'; if (isset($_GET['uid']) && is_numeric($_GET['uid'])) { $uid = $_GET['uid']; if (!($logon = user_get_logon($uid))) { html_draw_error(gettext("Unknown user")); } } else { if (isset($_GET['logon']) && strlen(trim($_GET['logon'])) > 0) { $logon = trim($_GET['logon']); if ($user_array = user_get_by_logon($logon)) { $uid = $user_array['UID']; } } } if (!isset($uid)) { html_draw_error(gettext("No user specified.")); } // Get the Profile Sections. $profile_sections = profile_sections_get(); // Get the user's profile data. $user_profile = user_get_profile($uid); // User relationship. $peer_relationship = user_get_relationship($uid, session::get_value('UID')); // Popup title. $page_title = format_user_name($user_profile['LOGON'], $user_profile['NICKNAME']);
if (isset($_POST['fid']) && is_numeric($_POST['fid'])) { $fid = $_POST['fid']; } else { $error_msg_array[] = gettext("Invalid forum or forum is not available"); $valid = false; } if ($valid && ($forum_data = forum_get($fid))) { if (isset($_POST['t_name']) && strlen(trim($_POST['t_name'])) > 0) { $t_name = trim($_POST['t_name']); } else { $error_msg_array[] = gettext("You must supply a forum name"); $valid = false; } if (isset($_POST['t_owner']) && strlen(trim($_POST['t_owner'])) > 0) { $t_owner = trim($_POST['t_owner']); if ($t_user_array = user_get_by_logon($t_owner)) { $t_owner_uid = $t_user_array['UID']; } else { $valid = false; $error_msg_array[] = gettext("Unknown user"); } } else { $t_owner = ""; $t_owner_uid = 0; } if (isset($_POST['t_access']) && is_numeric($_POST['t_access'])) { $t_access = $_POST['t_access']; } else { $error_msg_array[] = gettext("You must supply a forum access level"); $valid = false; }
function search_execute($search_arguments, &$error) { if (!isset($_SESSION['UID']) || !is_numeric($_SESSION['UID'])) { return false; } // If the user has performed a search within the last x minutes bail out if (!check_search_frequency()) { $error = SEARCH_FREQUENCY_TOO_GREAT; return false; } // Database connection. if (!($db = db::get())) { return false; } // Ensure the date_from argument is set if (!isset($search_arguments['date_from']) || !is_numeric($search_arguments['date_from'])) { $search_arguments['date_from'] = SEARCH_FROM_ONE_MONTH_AGO; } // Ensure the date_to argument is set. if (!isset($search_arguments['date_to']) || !is_numeric($search_arguments['date_to'])) { $search_arguments['date_to'] = SEARCH_TO_TODAY; } // Ensure the sort_by argument is set. if (!isset($search_arguments['sort_by']) || !is_numeric($search_arguments['sort_by'])) { $search_arguments['sort_by'] = SEARCH_SORT_CREATED; } // Ensure the sort_dir argument is set. if (!isset($search_arguments['sort_dir']) || !is_numeric($search_arguments['sort_dir'])) { $search_arguments['sort_dir'] = SEARCH_SORT_DESC; } // Check the sort_dir is valid if (!in_array($search_arguments['sort_dir'], array(SEARCH_SORT_ASC, SEARCH_SORT_DESC))) { $search_arguments['sort_dir'] = SEARCH_SORT_DESC; } // Get available folders $folders_array = folder_get_available_array(); // Check the selected folder is valid if (!isset($search_arguments['fid']) || !in_array($search_arguments['fid'], $folders_array)) { $search_arguments['fid'] = implode(',', $folders_array); } // Username based search. if (isset($search_arguments['username']) && strlen(trim($search_arguments['username'])) > 0) { // Make sure the uid_array key is an empty array. $search_arguments['user_uid_array'] = array(); // Username argument is a comma separated list. $search_arguments['username_array'] = preg_split('/,\\s*/u', trim($search_arguments['username'], ', ')); // Iterate over the provided usernames foreach ($search_arguments['username_array'] as $username) { // Check the username is valid. if (!($user = user_get_by_logon(trim($username)))) { $error = SEARCH_USER_NOT_FOUND; return false; } // Add the user UID to the uid_array $search_arguments['user_uid_array'][] = $user['UID']; } } // Each user can only store one search result so we should // clean up their previous search if applicable. $sql = "DELETE QUICK FROM SEARCH_RESULTS WHERE UID = '{$_SESSION['UID']}'"; if (!$db->query($sql)) { return false; } // Execute search via Swiftsearch, unless we're searching for a tag. if (!isset($search_arguments['search_tag']) && forum_get_setting('sphinx_search_enabled', 'Y')) { return sphinx_search_execute($search_arguments, $error); } // Execute the search with MySQL Fulltext return search_mysql_execute($search_arguments, $error); }