html_email_confirmation_error();
exit;
}
if (isset($t_fid) && !session::check_perm(USER_PERM_THREAD_CREATE | USER_PERM_POST_READ, $t_fid)) {
$error_msg_array[] = gettext("You cannot create new threads in this folder");
$valid = false;
}
if (attachments_get_count($aid) > 0 && !session::check_perm(USER_PERM_POST_ATTACHMENTS | USER_PERM_POST_READ, $t_fid)) {
$error_msg_array[] = gettext("You cannot post attachments in this folder. Remove attachments to continue.");
$valid = false;
}
}
}
if (isset($_POST['t_to_user']) && strlen(trim($_POST['t_to_user'])) > 0) {
$t_to_user = trim($_POST['t_to_user']);
if ($to_user = user_get_by_logon($t_to_user)) {
$t_to_uid = $to_user['UID'];
} else {
$error_msg_array[] = gettext("Invalid username!");
$valid = false;
}
} else {
if (isset($reply_to_tid) && isset($reply_to_pid)) {
if ($message_user = message_get_user($reply_to_tid, $reply_to_pid)) {
$t_to_uid = $message_user['UID'];
$t_to_user = $message_user['LOGON'];
}
}
}
$allow_html = true;
$allow_sig = true;
if (!($thread_data = thread_get($tid))) {
light_html_draw_error(gettext("The requested thread could not be found or access was denied."));
}
$reply_message['CONTENT'] = message_get_content($tid, $reply_to_pid);
if (perm_get_user_permissions($reply_message['FROM_UID']) & USER_PERM_WORMED && !session::check_perm(USER_PERM_FOLDER_MODERATE, $fid) || (!isset($reply_message['CONTENT']) || $reply_message['CONTENT'] == "") && $thread_data['POLL_FLAG'] != 'Y' && $reply_to_pid != 0) {
light_html_draw_error(gettext("Message not found. Check that it hasn't been deleted."));
}
}
if (isset($_POST['to_logon'])) {
if (strlen(trim($_POST['to_logon'])) > 0) {
$to_logon_array = preg_split('/,\\s*/u', trim($_POST['to_logon'], ', '));
$to_logon_array = array_filter(array_map('trim', $to_logon_array), 'strlen');
foreach ($to_logon_array as $key => $recipient) {
$to_logon = trim($recipient);
unset($to_logon_array[$key]);
if (($to_user = user_get_by_logon($to_logon)) !== false) {
$to_logon_array[$to_user['UID']] = array('UID' => $to_user['UID'], 'LOGON' => $to_user['LOGON'], 'NICKNAME' => $to_user['NICKNAME']);
} else {
$error_msg_array[] = sprintf(gettext("User %s not found"), htmlentities_array($to_logon));
$valid = false;
}
}
$to_logon = implode(', ', array_map('user_get_logon_callback', $to_logon_array));
if ($valid && sizeof($to_logon_array) > 10) {
$error_msg_array[] = gettext("There is a limit of 10 recipients per message. Please amend your recipient list.");
$valid = false;
}
}
} else {
if (isset($tid) && isset($reply_to_pid) && $reply_to_pid > 0) {
$to_logon = $reply_message['FROM_LOGON'];
} else {
$t_old_frequency = "";
}
if (isset($_POST['t_max_item_count']) && in_array($_POST['t_max_item_count'], range(1, 10))) {
$t_max_item_count = $_POST['t_max_item_count'];
} else {
$valid = false;
$error_msg_array[] = gettext("Max Item Count must be between 1 and 10");
}
if (isset($_POST['t_old_max_item_count']) && is_numeric($_POST['t_old_max_item_count'])) {
$t_old_max_item_count = $_POST['t_old_max_item_count'];
} else {
$t_old_max_item_count = 0;
}
if ($valid && ($t_new_name != $t_old_name || $t_new_user != $t_old_user || $t_new_fid != $t_old_fid || $t_new_url != $t_old_url || $t_new_prefix != $t_old_prefix || $t_new_frequency != $t_old_frequency || $t_max_item_count != $t_old_max_item_count)) {
if ($t_user_array = user_get_by_logon($t_new_user)) {
$t_new_uid = $t_user_array['UID'];
if (rss_feed_update($feed_id, $t_new_name, $t_new_uid, $t_new_fid, $t_new_url, $t_new_prefix, $t_new_frequency, $t_max_item_count)) {
$log_data = array($t_new_name, $t_old_name, $t_new_user, $t_old_user, $t_new_fid, $t_old_fid, $t_new_url, $t_old_url, $t_new_prefix, $t_old_prefix, $t_new_frequency, $t_old_frequency);
admin_add_log_entry(EDITED_RSS_FEED, $log_data);
header_redirect("admin_rss_feeds.php?webtag={$webtag}&edited=true");
exit;
} else {
$error_msg_array[] = gettext("Failed to update RSS Feed");
}
} else {
$error_msg_array[] = gettext("Unknown RSS User Account");
}
}
}
} else {
function email_send_pw_reminder($logon)
{
// Validate function arguments
if (!is_string($logon)) {
return false;
}
// Check the User Logon is valid.
if (!($to_user = user_get_by_logon($logon))) {
return false;
}
// Get the Swift Mailer Transport
if (!($transport = Swift_TransportFactory::get())) {
return false;
}
//Create the Mailer using the returned Transport
$mailer = Swift_Mailer::newInstance($transport);
// Create a new message
$message = Swift_MessageBeehive::newInstance();
// Get Forum Webtag
$webtag = get_webtag();
// Validate the email address before we continue.
if (!email_address_valid($to_user['EMAIL'])) {
return false;
}
// Get the forum name, subject, recipient, author, thread title and generate
// the messages link. Pass all of them through the recipient's word filter.
$forum_name = word_filter_apply(forum_get_setting('forum_name', null, 'A Beehive Forum'), $to_user['UID'], true);
$subject = word_filter_apply(sprintf(gettext("Your password reset request from %s"), $forum_name), $to_user['UID'], true);
$recipient = word_filter_apply(format_user_name($to_user['LOGON'], $to_user['NICKNAME']), $to_user['UID'], true);
// Generate the change password link.
$change_pw_link = rawurlencode("/change_pw.php?webtag={$webtag}&u={$to_user['UID']}&h={$to_user['PASSWD']}");
$change_pw_link = html_get_forum_uri("index.php?webtag={$webtag}&final_uri={$change_pw_link}");
// Generate the message body.
$message_body = wordwrap(sprintf(gettext("Hello %s,\r\n\r\nYou requested this e-mail from %s because you have forgotten your password.\r\n\r\nClick the link below (or copy and paste it into your browser) to reset your password:\r\n\r\n%s"), $recipient, $forum_name, $change_pw_link));
// Add the recipient
$message->setTo($to_user['EMAIL'], $recipient);
// Set the subject
$message->setSubject($subject);
// Set the message body
$message->setBody($message_body);
// Send the email
return $mailer->send($message) > 0;
}
function email_send_pw_reminder($logon)
{
if (!is_string($logon)) {
return false;
}
if (!($to_user = user_get_by_logon($logon))) {
return false;
}
if (!($transport = Swift_TransportFactory::get())) {
return false;
}
$mailer = Swift_Mailer::newInstance($transport);
$message = Swift_MessageBeehive::newInstance();
$webtag = get_webtag();
forum_check_webtag_available($webtag);
if (!email_address_valid($to_user['EMAIL'])) {
return false;
}
$forum_name = word_filter_apply(forum_get_setting('forum_name', null, 'A Beehive Forum'), $to_user['UID'], true);
$subject = word_filter_apply(sprintf(gettext("Your password reset request from %1\$s"), $forum_name), $to_user['UID'], true);
$recipient = word_filter_apply(format_user_name($to_user['LOGON'], $to_user['NICKNAME']), $to_user['UID'], true);
$change_pw_link = rawurlencode("change_pw.php?webtag={$webtag}&u={$to_user['UID']}&h={$to_user['PASSWD']}");
$change_pw_link = html_get_forum_uri("index.php?webtag={$webtag}&final_uri={$change_pw_link}");
$message->setTo($to_user['EMAIL'], $recipient);
$message->setSubject($subject);
$message->setBody(wordwrap(sprintf(gettext("Hello %1\$s,\n\nYou requested this e-mail from %2\$s because you have forgotten your password.\n\nTo reset your password, please go to:\n%3\$s"), $recipient, $forum_name, $change_pw_link)));
$message->addPart(wordwrap_html(sprintf(gettext("<p>Hello %1\$s,</p><p>You requested this e-mail from %2\$s because you have forgotten your password.</p><p>To reset your password, please go to:<br /><a href=\"%3\$s\">%3\$s</a></p>"), $recipient, $forum_name, $change_pw_link)), 'text/html');
return $mailer->send($message);
}
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"posthead\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td class=\"subhead\" align=\"left\">", gettext("Search Results"), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">\n";
echo " <div class=\"search_popup_results\">\n";
echo " <table width=\"95%\">\n";
}
if (sizeof($selected_array) > 0) {
foreach ($selected_array as $selected_option) {
if ($type == SEARCH_LOGON && ($user_data = user_get_by_logon($selected_option))) {
if ($multi === 'Y') {
echo " <tr>\n";
echo " <td align=\"left\">", form_checkbox("selected[]", htmlentities_array($user_data['LOGON']), null, true), " <a href=\"user_profile.php?webtag={$webtag}&uid={$user_data['UID']}\" target=\"_blank\" class=\"popup 650x500\">", word_filter_add_ob_tags(format_user_name($user_data['LOGON'], $user_data['NICKNAME']), true), "</a></td>\n";
echo " </tr>\n";
} else {
echo " <tr>\n";
echo " <td align=\"left\">", form_radio("selected", htmlentities_array($user_data['LOGON']), null, true), " <a href=\"user_profile.php?webtag={$webtag}&uid={$user_data['UID']}\" target=\"_blank\" class=\"popup 650x500\">", word_filter_add_ob_tags(format_user_name($user_data['LOGON'], $user_data['NICKNAME']), true), "</a></td>\n";
echo " </tr>\n";
}
} else {
if (($thread_data = thread_get($selected_option)) !== false) {
echo " <tr>\n";
echo " <td align=\"left\">", form_radio("selected", $thread_data['TID'], null, true), " <a href=\"messages.php?webtag={$webtag}&msg={$thread_data['TID']}.1\" target=\"_blank\">", word_filter_add_ob_tags($thread_data['TITLE'], true), "</a></td>\n";
echo " </tr>\n";
}
}
if (isset($t_reply_mid) && is_numeric($t_reply_mid) && $t_reply_mid > 0) {
if ($pm_data = pm_message_get($t_reply_mid)) {
$pm_data['CONTENT'] = pm_get_content($t_reply_mid);
} else {
light_pm_error_refuse();
}
}
if (isset($_POST['t_to_uid_others']) && strlen(trim($_POST['t_to_uid_others'])) > 0) {
$t_recipient_array = preg_split("/[;|,]/u", trim($_POST['t_to_uid_others']));
$t_new_recipient_array['TO_UID'] = array();
$t_new_recipient_array['LOGON'] = array();
$t_new_recipient_array['NICK'] = array();
foreach ($t_recipient_array as $key => $t_recipient) {
$to_logon = trim($t_recipient);
if ($to_user = user_get_by_logon($to_logon)) {
$peer_relationship = user_get_peer_relationship($to_user['UID'], $uid);
if (!in_array($to_user['UID'], $t_new_recipient_array['TO_UID'])) {
$t_new_recipient_array['TO_UID'][] = $to_user['UID'];
$t_new_recipient_array['LOGON'][] = $to_user['LOGON'];
$t_new_recipient_array['NICK'][] = $to_user['NICKNAME'];
}
if ($to_radio == 'others') {
if ($peer_relationship ^ USER_BLOCK_PM && user_allow_pm($to_user['UID']) || session::check_perm(USER_PERM_FOLDER_MODERATE, 0)) {
pm_user_prune_folders();
if (pm_get_free_space($uid) < sizeof($t_new_recipient_array['TO_UID'])) {
$error_msg_array[] = gettext("You do not have enough free space to send this message.");
$valid = false;
}
} else {
$error_msg_array[] = sprintf(gettext("%s has opted out of receiving personal messages"), $to_logon);
require_once BH_INCLUDE_PATH . 'user.inc.php';
require_once BH_INCLUDE_PATH . 'user_profile.inc.php';
require_once BH_INCLUDE_PATH . 'user_rel.inc.php';
require_once BH_INCLUDE_PATH . 'word_filter.inc.php';
// End Required includes
$uid = null;
$logon = null;
if (isset($_GET['uid']) && is_numeric($_GET['uid'])) {
$uid = $_GET['uid'];
if (!($logon = user_get_logon($uid))) {
html_draw_error(gettext("Unknown user"));
}
} else {
if (isset($_GET['logon']) && strlen(trim($_GET['logon'])) > 0) {
$logon = trim($_GET['logon']);
if (($user_array = user_get_by_logon($logon)) !== false) {
$uid = $user_array['UID'];
}
}
}
if (!isset($uid)) {
html_draw_error(gettext("No user specified."));
}
// Get the Profile Sections.
$profile_sections = profile_sections_get();
// Get the user's profile data.
$user_profile = user_get_profile($uid);
// User relationship.
$peer_relationship = user_get_relationship($uid, $_SESSION['UID']);
// Popup title.
$page_title = format_user_name($user_profile['LOGON'], $user_profile['NICKNAME']);
if (isset($_POST['fid']) && is_numeric($_POST['fid'])) {
$fid = $_POST['fid'];
} else {
$error_msg_array[] = gettext("Invalid forum or forum is not available");
$valid = false;
}
if ($valid && ($forum_data = forum_get($fid))) {
if (isset($_POST['t_name']) && strlen(trim($_POST['t_name'])) > 0) {
$t_name = trim($_POST['t_name']);
} else {
$error_msg_array[] = gettext("You must supply a forum name");
$valid = false;
}
if (isset($_POST['t_owner']) && strlen(trim($_POST['t_owner'])) > 0) {
$t_owner = trim($_POST['t_owner']);
if (($t_user_array = user_get_by_logon($t_owner)) !== false) {
$t_owner_uid = $t_user_array['UID'];
} else {
$valid = false;
$error_msg_array[] = gettext("Unknown user");
}
} else {
$t_owner = "";
$t_owner_uid = 0;
}
if (isset($_POST['t_access']) && is_numeric($_POST['t_access'])) {
$t_access = $_POST['t_access'];
} else {
$error_msg_array[] = gettext("You must supply a forum access level");
$valid = false;
}
require_once BH_INCLUDE_PATH . 'logon.inc.php';
require_once BH_INCLUDE_PATH . 'profile.inc.php';
require_once BH_INCLUDE_PATH . 'session.inc.php';
require_once BH_INCLUDE_PATH . 'user.inc.php';
require_once BH_INCLUDE_PATH . 'user_profile.inc.php';
require_once BH_INCLUDE_PATH . 'user_rel.inc.php';
require_once BH_INCLUDE_PATH . 'word_filter.inc.php';
if (isset($_GET['uid']) && is_numeric($_GET['uid'])) {
$uid = $_GET['uid'];
if (!($logon = user_get_logon($uid))) {
html_draw_error(gettext("Unknown user"));
}
} else {
if (isset($_GET['logon']) && strlen(trim($_GET['logon'])) > 0) {
$logon = trim($_GET['logon']);
if ($user_array = user_get_by_logon($logon)) {
$uid = $user_array['UID'];
}
}
}
if (!isset($uid)) {
html_draw_error(gettext("No user specified."));
}
// Get the Profile Sections.
$profile_sections = profile_sections_get();
// Get the user's profile data.
$user_profile = user_get_profile($uid);
// User relationship.
$peer_relationship = user_get_relationship($uid, session::get_value('UID'));
// Popup title.
$page_title = format_user_name($user_profile['LOGON'], $user_profile['NICKNAME']);
if (isset($_POST['fid']) && is_numeric($_POST['fid'])) {
$fid = $_POST['fid'];
} else {
$error_msg_array[] = gettext("Invalid forum or forum is not available");
$valid = false;
}
if ($valid && ($forum_data = forum_get($fid))) {
if (isset($_POST['t_name']) && strlen(trim($_POST['t_name'])) > 0) {
$t_name = trim($_POST['t_name']);
} else {
$error_msg_array[] = gettext("You must supply a forum name");
$valid = false;
}
if (isset($_POST['t_owner']) && strlen(trim($_POST['t_owner'])) > 0) {
$t_owner = trim($_POST['t_owner']);
if ($t_user_array = user_get_by_logon($t_owner)) {
$t_owner_uid = $t_user_array['UID'];
} else {
$valid = false;
$error_msg_array[] = gettext("Unknown user");
}
} else {
$t_owner = "";
$t_owner_uid = 0;
}
if (isset($_POST['t_access']) && is_numeric($_POST['t_access'])) {
$t_access = $_POST['t_access'];
} else {
$error_msg_array[] = gettext("You must supply a forum access level");
$valid = false;
}
function search_execute($search_arguments, &$error)
{
if (!isset($_SESSION['UID']) || !is_numeric($_SESSION['UID'])) {
return false;
}
// If the user has performed a search within the last x minutes bail out
if (!check_search_frequency()) {
$error = SEARCH_FREQUENCY_TOO_GREAT;
return false;
}
// Database connection.
if (!($db = db::get())) {
return false;
}
// Ensure the date_from argument is set
if (!isset($search_arguments['date_from']) || !is_numeric($search_arguments['date_from'])) {
$search_arguments['date_from'] = SEARCH_FROM_ONE_MONTH_AGO;
}
// Ensure the date_to argument is set.
if (!isset($search_arguments['date_to']) || !is_numeric($search_arguments['date_to'])) {
$search_arguments['date_to'] = SEARCH_TO_TODAY;
}
// Ensure the sort_by argument is set.
if (!isset($search_arguments['sort_by']) || !is_numeric($search_arguments['sort_by'])) {
$search_arguments['sort_by'] = SEARCH_SORT_CREATED;
}
// Ensure the sort_dir argument is set.
if (!isset($search_arguments['sort_dir']) || !is_numeric($search_arguments['sort_dir'])) {
$search_arguments['sort_dir'] = SEARCH_SORT_DESC;
}
// Check the sort_dir is valid
if (!in_array($search_arguments['sort_dir'], array(SEARCH_SORT_ASC, SEARCH_SORT_DESC))) {
$search_arguments['sort_dir'] = SEARCH_SORT_DESC;
}
// Get available folders
$folders_array = folder_get_available_array();
// Check the selected folder is valid
if (!isset($search_arguments['fid']) || !in_array($search_arguments['fid'], $folders_array)) {
$search_arguments['fid'] = implode(',', $folders_array);
}
// Username based search.
if (isset($search_arguments['username']) && strlen(trim($search_arguments['username'])) > 0) {
// Make sure the uid_array key is an empty array.
$search_arguments['user_uid_array'] = array();
// Username argument is a comma separated list.
$search_arguments['username_array'] = preg_split('/,\\s*/u', trim($search_arguments['username'], ', '));
// Iterate over the provided usernames
foreach ($search_arguments['username_array'] as $username) {
// Check the username is valid.
if (!($user = user_get_by_logon(trim($username)))) {
$error = SEARCH_USER_NOT_FOUND;
return false;
}
// Add the user UID to the uid_array
$search_arguments['user_uid_array'][] = $user['UID'];
}
}
// Each user can only store one search result so we should
// clean up their previous search if applicable.
$sql = "DELETE QUICK FROM SEARCH_RESULTS WHERE UID = '{$_SESSION['UID']}'";
if (!$db->query($sql)) {
return false;
}
// Execute search via Swiftsearch, unless we're searching for a tag.
if (!isset($search_arguments['search_tag']) && forum_get_setting('sphinx_search_enabled', 'Y')) {
return sphinx_search_execute($search_arguments, $error);
}
// Execute the search with MySQL Fulltext
return search_mysql_execute($search_arguments, $error);
}
