Ejemplo n.º 1
0
 public function display()
 {
     global $lang_common;
     if ($this->user->g_read_board == '0') {
         message($lang_common['No view'], '403');
     } elseif ($this->user->g_view_users == '0') {
         message($lang_common['No permission'], '403');
     }
     // Load the userlist.php language file
     require FEATHER_ROOT . 'lang/' . $this->user->language . '/userlist.php';
     // Load the search.php language file
     require FEATHER_ROOT . 'lang/' . $this->user->language . '/search.php';
     // Determine if we are allowed to view post counts
     $show_post_count = $this->config['o_show_post_count'] == '1' || $this->user->is_admmod ? true : false;
     $username = $this->request->get('username') && $this->user->g_search_users == '1' ? feather_trim($this->request->get('username')) : '';
     $show_group = $this->request->get('show_group') ? intval($this->request->get('show_group')) : -1;
     $sort_by = $this->request->get('sort_by') && (in_array($this->request->get('sort_by'), array('username', 'registered')) || $this->request->get('sort_by') == 'num_posts' && $show_post_count) ? $this->request->get('sort_by') : 'username';
     $sort_dir = $this->request->get('sort_dir') && $this->request->get('sort_dir') == 'DESC' ? 'DESC' : 'ASC';
     $num_users = $this->model->fetch_user_count($username, $show_group);
     // Determine the user offset (based on $page)
     $num_pages = ceil($num_users / 50);
     $p = !$this->request->get('p') || $page <= 1 || $page > $num_pages ? 1 : intval($page);
     $start_from = 50 * ($p - 1);
     $page_title = array(feather_escape($this->config['o_board_title']), $lang_common['User list']);
     if ($this->user->g_search_users == '1') {
         $focus_element = array('userlist', 'username');
     }
     // Generate paging links
     $paging_links = '<span class="pages-label">' . $lang_common['Pages'] . ' </span>' . paginate_old($num_pages, $p, '?username='******'&amp;show_group=' . $show_group . '&amp;sort_by=' . $sort_by . '&amp;sort_dir=' . $sort_dir);
     define('FEATHER_ALLOW_INDEX', 1);
     define('FEATHER_ACTIVE_PAGE', 'userlist');
     $this->header->setTitle($page_title)->setPage($p)->setFocusElement($focus_element)->setPagingLinks($paging_links)->display();
     $this->feather->render('userlist.php', array('lang_common' => $lang_common, 'lang_search' => $lang_search, 'lang_ul' => $lang_ul, 'feather' => $this->feather, 'username' => $username, 'show_group' => $show_group, 'sort_by' => $sort_by, 'sort_dir' => $sort_dir, 'show_post_count' => $show_post_count, 'paging_links' => $paging_links, 'feather_config' => $this->config, 'dropdown_menu' => $this->model->generate_dropdown_menu($show_group), 'userlist_data' => $this->model->print_users($username, $start_from, $sort_by, $sort_dir, $show_group)));
     $this->footer->display();
 }
Ejemplo n.º 2
0
 public function update_word()
 {
     global $lang_admin_censoring;
     $id = intval(key($this->request->post('update')));
     $search_for = feather_trim($this->request->post('search_for')[$id]);
     $replace_with = feather_trim($this->request->post('replace_with')[$id]);
     if ($search_for == '') {
         message($lang_admin_censoring['Must enter word message']);
     }
     $set_search_word = array('search_for' => $search_for, 'replace_with' => $replace_with);
     DB::for_table('censoring')->find_one($id)->set($set_search_word)->save();
     // Regenerate the censoring cache
     if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
         require FEATHER_ROOT . 'include/cache.php';
     }
     generate_censoring_cache();
     redirect(get_link('admin/censoring/'), $lang_admin_censoring['Word updated redirect']);
 }
Ejemplo n.º 3
0
 public function display()
 {
     global $lang_common, $lang_admin_maintenance, $lang_admin_common;
     require FEATHER_ROOT . 'include/common_admin.php';
     if ($this->user->g_id != FEATHER_ADMIN) {
         message($lang_common['No permission'], '403');
     }
     define('FEATHER_ADMIN_CONSOLE', 1);
     // Load the admin_options.php language file
     require FEATHER_ROOT . 'lang/' . $admin_language . '/maintenance.php';
     $action = '';
     if ($this->request->post('action')) {
         $action = $this->request->post('action');
     } elseif ($this->request->get('action')) {
         $action = $this->request->get('action');
     }
     if ($action == 'rebuild') {
         $this->model->rebuild();
         $page_title = array(feather_escape($this->config['o_board_title']), $lang_admin_maintenance['Rebuilding search index']);
         $this->feather->render('admin/maintenance/rebuild.php', array('lang_admin_maintenance' => $lang_admin_maintenance, 'page_title' => $page_title));
         $query_str = $this->model->get_query_str();
         exit('<script type="text/javascript">window.location="' . get_link('admin/maintenance/') . $query_str . '"</script><hr /><p>' . sprintf($lang_admin_maintenance['Javascript redirect failed'], '<a href="' . get_link('admin/maintenance/') . $query_str . '">' . $lang_admin_maintenance['Click here'] . '</a>') . '</p>');
     }
     if ($action == 'prune') {
         $prune_from = feather_trim($this->request->post('prune_from'));
         $prune_sticky = intval($this->request->post('prune_sticky'));
         $page_title = array(feather_escape($this->config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Prune']);
         define('FEATHER_ACTIVE_PAGE', 'admin');
         $this->header->setTitle($page_title)->display();
         generate_admin_menu('maintenance');
         if ($this->request->post('prune_comply')) {
             $this->model->prune_comply($prune_from, $prune_sticky);
         }
         $this->feather->render('admin/maintenance/prune.php', array('lang_admin_maintenance' => $lang_admin_maintenance, 'lang_admin_common' => $lang_admin_common, 'prune_sticky' => $prune_sticky, 'prune_from' => $prune_from, 'prune' => $this->model->get_info_prune($prune_sticky, $prune_from)));
         $this->footer->display();
     }
     $page_title = array(feather_escape($this->config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Maintenance']);
     define('FEATHER_ACTIVE_PAGE', 'admin');
     $this->header->setTitle($page_title)->display();
     generate_admin_menu('maintenance');
     $this->feather->render('admin/maintenance/admin_maintenance.php', array('lang_admin_maintenance' => $lang_admin_maintenance, 'lang_admin_common' => $lang_admin_common, 'first_id' => $this->model->get_first_id(), 'categories' => $this->model->get_categories()));
     $this->footer->display();
 }
Ejemplo n.º 4
0
 public function add_category()
 {
     global $lang_common, $lang_admin_common, $lang_admin_categories;
     if ($this->user->g_id != FEATHER_ADMIN) {
         message($lang_common['No permission'], '403');
     }
     // Load the admin_options.php language file
     require FEATHER_ROOT . 'include/common_admin.php';
     require FEATHER_ROOT . 'lang/' . $admin_language . '/categories.php';
     $cat_name = feather_trim($this->request->post('cat_name'));
     if ($cat_name == '') {
         redirect(get_link('admin/categories/'), $lang_admin_categories['Must enter name message']);
     }
     if ($this->model->add_category($cat_name)) {
         redirect(get_link('admin/categories/'), $lang_admin_categories['Category added redirect']);
     } else {
         //TODO, add error message
         redirect(get_link('admin/categories/'), $lang_admin_categories['Category added redirect']);
     }
 }
Ejemplo n.º 5
0
function pun_mail($to, $subject, $message, $reply_to_email = '', $reply_to_name = '')
{
    global $feather_config, $lang_common;
    // Use \r\n for SMTP servers, the system's line ending for local mailers
    $smtp = $feather_config['o_smtp_host'] != '';
    $EOL = $smtp ? "\r\n" : FORUM_EOL;
    // Default sender/return address
    $from_name = sprintf($lang_common['Mailer'], $feather_config['o_board_title']);
    $from_email = $feather_config['o_webmaster_email'];
    // Do a little spring cleaning
    $to = feather_trim(preg_replace('%[\\n\\r]+%s', '', $to));
    $subject = feather_trim(preg_replace('%[\\n\\r]+%s', '', $subject));
    $from_email = feather_trim(preg_replace('%[\\n\\r:]+%s', '', $from_email));
    $from_name = feather_trim(preg_replace('%[\\n\\r:]+%s', '', str_replace('"', '', $from_name)));
    $reply_to_email = feather_trim(preg_replace('%[\\n\\r:]+%s', '', $reply_to_email));
    $reply_to_name = feather_trim(preg_replace('%[\\n\\r:]+%s', '', str_replace('"', '', $reply_to_name)));
    // Set up some headers to take advantage of UTF-8
    $from = '"' . encode_mail_text($from_name) . '" <' . $from_email . '>';
    $subject = encode_mail_text($subject);
    $headers = 'From: ' . $from . $EOL . 'Date: ' . gmdate('r') . $EOL . 'MIME-Version: 1.0' . $EOL . 'Content-transfer-encoding: 8bit' . $EOL . 'Content-type: text/plain; charset=utf-8' . $EOL . 'X-Mailer: FeatherBB Mailer';
    // If we specified a reply-to email, we deal with it here
    if (!empty($reply_to_email)) {
        $reply_to = '"' . encode_mail_text($reply_to_name) . '" <' . $reply_to_email . '>';
        $headers .= $EOL . 'Reply-To: ' . $reply_to;
    }
    // Make sure all linebreaks are LF in message (and strip out any NULL bytes)
    $message = str_replace("", '', feather_linebreaks($message));
    $message = str_replace("\n", $EOL, $message);
    $mailer = $smtp ? 'smtp_mail' : 'mail';
    $mailer($to, $subject, $message, $headers);
}
Ejemplo n.º 6
0
function output_html($feed)
{
    // Send the Content-type header in case the web server is setup to send something else
    header('Content-type: text/html; charset=utf-8');
    header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    foreach ($feed['items'] as $item) {
        if (utf8_strlen($item['title']) > FORUM_EXTERN_MAX_SUBJECT_LENGTH) {
            $subject_truncated = feather_escape(feather_trim(utf8_substr($item['title'], 0, FORUM_EXTERN_MAX_SUBJECT_LENGTH - 5))) . ' …';
        } else {
            $subject_truncated = feather_escape($item['title']);
        }
        echo '<li><a href="' . feather_escape($item['link']) . '" title="' . feather_escape($item['title']) . '">' . $subject_truncated . '</a></li>' . "\n";
    }
}
Ejemplo n.º 7
0
 public function edit_positions()
 {
     global $lang_admin_forums;
     foreach ($this->request->post('position') as $forum_id => $position) {
         $position = (int) feather_trim($position);
         $this->model->update_positions($forum_id, $position);
     }
     // Regenerate the quick jump cache
     if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
         require FEATHER_ROOT . 'include/cache.php';
     }
     generate_quickjump_cache();
     redirect(get_link('admin/forums/'), $lang_admin_forums['Forums updated redirect']);
 }
Ejemplo n.º 8
0
 public function check_for_errors()
 {
     global $lang_register, $lang_prof_reg, $lang_common, $lang_antispam, $lang_antispam_questions;
     $user = array();
     $user['errors'] = '';
     // Check that someone from this IP didn't register a user within the last hour (DoS prevention)
     $already_registered = DB::for_table('users')->where('registration_ip', get_remote_address())->where_gt('registered', time() - 3600)->find_one();
     if ($already_registered) {
         message($lang_register['Registration flood']);
     }
     $user['username'] = feather_trim($this->request->post('req_user'));
     $user['email1'] = strtolower(feather_trim($this->request->post('req_email1')));
     if ($this->config['o_regs_verify'] == '1') {
         $email2 = strtolower(feather_trim($this->request->post('req_email2')));
         $user['password1'] = random_pass(12);
         $password2 = $user['password1'];
     } else {
         $user['password1'] = feather_trim($this->request->post('req_password1'));
         $password2 = feather_trim($this->request->post('req_password2'));
     }
     // Validate username and passwords
     $user['errors'] = check_username($user['username'], $user['errors']);
     if (feather_strlen($user['password1']) < 6) {
         $user['errors'][] = $lang_prof_reg['Pass too short'];
     } elseif ($user['password1'] != $password2) {
         $user['errors'][] = $lang_prof_reg['Pass not match'];
     }
     // Antispam feature
     $question = $this->request->post('captcha_q') ? trim($this->request->post('captcha_q')) : '';
     $answer = $this->request->post('captcha') ? strtoupper(trim($this->request->post('captcha'))) : '';
     $lang_antispam_questions_array = array();
     foreach ($lang_antispam_questions as $k => $v) {
         $lang_antispam_questions_array[md5($k)] = strtoupper($v);
     }
     if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) {
         $user['errors'][] = $lang_antispam['Robot test fail'];
     }
     // Validate email
     require FEATHER_ROOT . 'include/email.php';
     if (!is_valid_email($user['email1'])) {
         $user['errors'][] = $lang_common['Invalid email'];
     } elseif ($this->config['o_regs_verify'] == '1' && $user['email1'] != $email2) {
         $user['errors'][] = $lang_register['Email not match'];
     }
     // Check if it's a banned email address
     if (is_banned_email($user['email1'])) {
         if ($this->config['p_allow_banned_email'] == '0') {
             $user['errors'][] = $lang_prof_reg['Banned email'];
         }
         $user['banned_email'] = 1;
         // Used later when we send an alert email
     }
     // Check if someone else already has registered with that email address
     $dupe_list = array();
     $dupe_mail = DB::for_table('users')->select('username')->where('email', $user['email1'])->find_many();
     if ($dupe_mail) {
         if ($this->config['p_allow_dupe_email'] == '0') {
             $user['errors'][] = $lang_prof_reg['Dupe email'];
         }
         foreach ($dupe_mail as $cur_dupe) {
             $dupe_list[] = $cur_dupe['username'];
         }
     }
     // Make sure we got a valid language string
     if ($this->request->post('language')) {
         $user['language'] = preg_replace('%[\\.\\\\/]%', '', $this->request->post('language'));
         if (!file_exists(FEATHER_ROOT . 'lang/' . $user['language'] . '/common.php')) {
             message($lang_common['Bad request'], '404');
         }
     } else {
         $user['language'] = $this->config['o_default_lang'];
     }
     return $user;
 }
Ejemplo n.º 9
0
function url_friendly($str)
{
    require FEATHER_ROOT . 'include/url_replace.php';
    $str = strtr($str, $url_replace);
    $str = strtolower(utf8_decode($str));
    $str = feather_trim(preg_replace(array('/[^a-z0-9\\s]/', '/[\\s]+/'), array('', '-'), $str), '-');
    if (empty($str)) {
        $str = 'view';
    }
    return $str;
}
Ejemplo n.º 10
0
 public function send_notifications_reply($tid, $cur_posting, $new_pid, $post)
 {
     // Get the post time for the previous post in this topic
     $previous_post_time = DB::for_table('posts')->where('topic_id', $tid)->order_by_desc('id')->find_one_col('posted');
     // Get any subscribed users that should be notified (banned users are excluded)
     $where_send_notifications_reply = array(array('fp.read_forum' => 'IS NULL'), array('fp.read_forum' => '1'));
     $select_send_notifications_reply = array('u.id', 'u.email', 'u.notify_with_post', 'u.language');
     $result = DB::for_table('users')->table_alias('u')->select_many($select_send_notifications_reply)->inner_join('topic_subscriptions', array('u.id', '=', 's.user_id'), 's')->left_outer_join('forum_perms', array('fp.forum_id', '=', $cur_posting['id']), 'fp', true)->left_outer_join('forum_perms', array('fp.group_id', '=', 'u.group_id'))->left_outer_join('online', array('u.id', '=', 'o.user_id'), 'o')->left_outer_join('bans', array('u.username', '=', 'b.username'), 'b')->where_raw('COALESCE(o.logged, u.last_visit)>' . $previous_post_time)->where_null('b.username')->where_any_is($where_send_notifications_reply)->where('s.topic_id', $tid)->where_not_equal('u.id', $this->user->id)->find_many();
     if ($result) {
         require_once FEATHER_ROOT . 'include/email.php';
         $notification_emails = array();
         $censored_message = feather_trim(censor_words($post['message']));
         if ($this->config['o_censoring'] == '1') {
             $cleaned_message = bbcode2email($censored_message, -1);
         } else {
             $cleaned_message = bbcode2email($post['message'], -1);
         }
         // Loop through subscribed users and send emails
         foreach ($result as $cur_subscriber) {
             // Is the subscription email for $cur_subscriber['language'] cached or not?
             if (!isset($notification_emails[$cur_subscriber['language']])) {
                 if (file_exists(FEATHER_ROOT . 'lang/' . $cur_subscriber['language'] . '/mail_templates/new_reply.tpl')) {
                     // Load the "new reply" template
                     $mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $cur_subscriber['language'] . '/mail_templates/new_reply.tpl'));
                     // Load the "new reply full" template (with post included)
                     $mail_tpl_full = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $cur_subscriber['language'] . '/mail_templates/new_reply_full.tpl'));
                     // The first row contains the subject (it also starts with "Subject:")
                     $first_crlf = strpos($mail_tpl, "\n");
                     $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
                     $mail_message = trim(substr($mail_tpl, $first_crlf));
                     $first_crlf = strpos($mail_tpl_full, "\n");
                     $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf - 8));
                     $mail_message_full = trim(substr($mail_tpl_full, $first_crlf));
                     $mail_subject = str_replace('<topic_subject>', $cur_posting['subject'], $mail_subject);
                     $mail_message = str_replace('<topic_subject>', $cur_posting['subject'], $mail_message);
                     $mail_message = str_replace('<replier>', $post['username'], $mail_message);
                     $mail_message = str_replace('<post_url>', get_link('post/' . $new_pid . '/#p' . $new_pid), $mail_message);
                     $mail_message = str_replace('<unsubscribe_url>', get_base_url() . '/misc.php?action=unsubscribe&tid=' . $tid, $mail_message);
                     $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
                     $mail_subject_full = str_replace('<topic_subject>', $cur_posting['subject'], $mail_subject_full);
                     $mail_message_full = str_replace('<topic_subject>', $cur_posting['subject'], $mail_message_full);
                     $mail_message_full = str_replace('<replier>', $post['username'], $mail_message_full);
                     $mail_message_full = str_replace('<message>', $cleaned_message, $mail_message_full);
                     $mail_message_full = str_replace('<post_url>', get_link('post/' . $new_pid . '/#p' . $new_pid), $mail_message_full);
                     $mail_message_full = str_replace('<unsubscribe_url>', get_base_url() . '/misc.php?action=unsubscribe&tid=' . $tid, $mail_message_full);
                     $mail_message_full = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message_full);
                     $notification_emails[$cur_subscriber['language']][0] = $mail_subject;
                     $notification_emails[$cur_subscriber['language']][1] = $mail_message;
                     $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full;
                     $notification_emails[$cur_subscriber['language']][3] = $mail_message_full;
                     $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null;
                 }
             }
             // We have to double check here because the templates could be missing
             if (isset($notification_emails[$cur_subscriber['language']])) {
                 if ($cur_subscriber['notify_with_post'] == '0') {
                     pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]);
                 } else {
                     pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);
                 }
             }
         }
         unset($cleaned_message);
     }
 }
Ejemplo n.º 11
0
 public function update_options()
 {
     global $lang_admin_options, $lang_common;
     $form = array('board_title' => feather_trim($this->request->post('form_board_title')), 'board_desc' => feather_trim($this->request->post('form_board_desc')), 'base_url' => feather_trim($this->request->post('form_base_url')), 'default_timezone' => floatval($this->request->post('form_default_timezone')), 'default_dst' => $this->request->post('form_default_dst') != '1' ? '0' : '1', 'default_lang' => feather_trim($this->request->post('form_default_lang')), 'default_style' => feather_trim($this->request->post('form_default_style')), 'time_format' => feather_trim($this->request->post('form_time_format')), 'date_format' => feather_trim($this->request->post('form_date_format')), 'timeout_visit' => intval($this->request->post('form_timeout_visit')) > 0 ? intval($this->request->post('form_timeout_visit')) : 1, 'timeout_online' => intval($this->request->post('form_timeout_online')) > 0 ? intval($this->request->post('form_timeout_online')) : 1, 'redirect_delay' => intval($this->request->post('form_redirect_delay')) >= 0 ? intval($this->request->post('form_redirect_delay')) : 0, 'show_version' => $this->request->post('form_show_version') != '1' ? '0' : '1', 'show_user_info' => $this->request->post('form_show_user_info') != '1' ? '0' : '1', 'show_post_count' => $this->request->post('form_show_post_count') != '1' ? '0' : '1', 'smilies' => $this->request->post('form_smilies') != '1' ? '0' : '1', 'smilies_sig' => $this->request->post('form_smilies_sig') != '1' ? '0' : '1', 'make_links' => $this->request->post('form_make_links') != '1' ? '0' : '1', 'topic_review' => intval($this->request->post('form_topic_review')) >= 0 ? intval($this->request->post('form_topic_review')) : 0, 'disp_topics_default' => intval($this->request->post('form_disp_topics_default')), 'disp_posts_default' => intval($this->request->post('form_disp_posts_default')), 'indent_num_spaces' => intval($this->request->post('form_indent_num_spaces')) >= 0 ? intval($this->request->post('form_indent_num_spaces')) : 0, 'quote_depth' => intval($this->request->post('form_quote_depth')) > 0 ? intval($this->request->post('form_quote_depth')) : 1, 'quickpost' => $this->request->post('form_quickpost') != '1' ? '0' : '1', 'users_online' => $this->request->post('form_users_online') != '1' ? '0' : '1', 'censoring' => $this->request->post('form_censoring') != '1' ? '0' : '1', 'signatures' => $this->request->post('form_signatures') != '1' ? '0' : '1', 'show_dot' => $this->request->post('form_show_dot') != '1' ? '0' : '1', 'topic_views' => $this->request->post('form_topic_views') != '1' ? '0' : '1', 'quickjump' => $this->request->post('form_quickjump') != '1' ? '0' : '1', 'gzip' => $this->request->post('form_gzip') != '1' ? '0' : '1', 'search_all_forums' => $this->request->post('form_search_all_forums') != '1' ? '0' : '1', 'additional_navlinks' => feather_trim($this->request->post('form_additional_navlinks')), 'feed_type' => intval($this->request->post('form_feed_type')), 'feed_ttl' => intval($this->request->post('form_feed_ttl')), 'report_method' => intval($this->request->post('form_report_method')), 'mailing_list' => feather_trim($this->request->post('form_mailing_list')), 'avatars' => $this->request->post('form_avatars') != '1' ? '0' : '1', 'avatars_dir' => feather_trim($this->request->post('form_avatars_dir')), 'avatars_width' => intval($this->request->post('form_avatars_width')) > 0 ? intval($this->request->post('form_avatars_width')) : 1, 'avatars_height' => intval($this->request->post('form_avatars_height')) > 0 ? intval($this->request->post('form_avatars_height')) : 1, 'avatars_size' => intval($this->request->post('form_avatars_size')) > 0 ? intval($this->request->post('form_avatars_size')) : 1, 'admin_email' => strtolower(feather_trim($this->request->post('form_admin_email'))), 'webmaster_email' => strtolower(feather_trim($this->request->post('form_webmaster_email'))), 'forum_subscriptions' => $this->request->post('form_forum_subscriptions') != '1' ? '0' : '1', 'topic_subscriptions' => $this->request->post('form_topic_subscriptions') != '1' ? '0' : '1', 'smtp_host' => feather_trim($this->request->post('form_smtp_host')), 'smtp_user' => feather_trim($this->request->post('form_smtp_user')), 'smtp_ssl' => $this->request->post('form_smtp_ssl') != '1' ? '0' : '1', 'regs_allow' => $this->request->post('form_regs_allow') != '1' ? '0' : '1', 'regs_verify' => $this->request->post('form_regs_verify') != '1' ? '0' : '1', 'regs_report' => $this->request->post('form_regs_report') != '1' ? '0' : '1', 'rules' => $this->request->post('form_rules') != '1' ? '0' : '1', 'rules_message' => feather_trim($this->request->post('form_rules_message')), 'default_email_setting' => intval($this->request->post('form_default_email_setting')), 'announcement' => $this->request->post('form_announcement') != '1' ? '0' : '1', 'announcement_message' => feather_trim($this->request->post('form_announcement_message')), 'maintenance' => $this->request->post('form_maintenance') != '1' ? '0' : '1', 'maintenance_message' => feather_trim($this->request->post('form_maintenance_message')));
     if ($form['board_title'] == '') {
         message($lang_admin_options['Must enter title message']);
     }
     // Make sure base_url doesn't end with a slash
     if (substr($form['base_url'], -1) == '/') {
         $form['base_url'] = substr($form['base_url'], 0, -1);
     }
     // Convert IDN to Punycode if needed
     if (preg_match('/[^\\x00-\\x7F]/', $form['base_url'])) {
         if (!function_exists('idn_to_ascii')) {
             message($lang_admin_options['Base URL problem']);
         } else {
             $form['base_url'] = idn_to_ascii($form['base_url']);
         }
     }
     $languages = forum_list_langs();
     if (!in_array($form['default_lang'], $languages)) {
         message($lang_common['Bad request'], '404');
     }
     $styles = forum_list_styles();
     if (!in_array($form['default_style'], $styles)) {
         message($lang_common['Bad request'], '404');
     }
     if ($form['time_format'] == '') {
         $form['time_format'] = 'H:i:s';
     }
     if ($form['date_format'] == '') {
         $form['date_format'] = 'Y-m-d';
     }
     require FEATHER_ROOT . 'include/email.php';
     if (!is_valid_email($form['admin_email'])) {
         message($lang_admin_options['Invalid e-mail message']);
     }
     if (!is_valid_email($form['webmaster_email'])) {
         message($lang_admin_options['Invalid webmaster e-mail message']);
     }
     if ($form['mailing_list'] != '') {
         $form['mailing_list'] = strtolower(preg_replace('%\\s%S', '', $form['mailing_list']));
     }
     // Make sure avatars_dir doesn't end with a slash
     if (substr($form['avatars_dir'], -1) == '/') {
         $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1);
     }
     if ($form['additional_navlinks'] != '') {
         $form['additional_navlinks'] = feather_trim(feather_linebreaks($form['additional_navlinks']));
     }
     // Change or enter a SMTP password
     if ($this->request->post('form_smtp_change_pass')) {
         $smtp_pass1 = $this->request->post('form_smtp_pass1') ? feather_trim($this->request->post('form_smtp_pass1')) : '';
         $smtp_pass2 = $this->request->post('form_smtp_pass2') ? feather_trim($this->request->post('form_smtp_pass2')) : '';
         if ($smtp_pass1 == $smtp_pass2) {
             $form['smtp_pass'] = $smtp_pass1;
         } else {
             message($lang_admin_options['SMTP passwords did not match']);
         }
     }
     if ($form['announcement_message'] != '') {
         $form['announcement_message'] = feather_linebreaks($form['announcement_message']);
     } else {
         $form['announcement_message'] = $lang_admin_options['Enter announcement here'];
         $form['announcement'] = '0';
     }
     if ($form['rules_message'] != '') {
         $form['rules_message'] = feather_linebreaks($form['rules_message']);
     } else {
         $form['rules_message'] = $lang_admin_options['Enter rules here'];
         $form['rules'] = '0';
     }
     if ($form['maintenance_message'] != '') {
         $form['maintenance_message'] = feather_linebreaks($form['maintenance_message']);
     } else {
         $form['maintenance_message'] = $lang_admin_options['Default maintenance message'];
         $form['maintenance'] = '0';
     }
     // Make sure the number of displayed topics and posts is between 3 and 75
     if ($form['disp_topics_default'] < 3) {
         $form['disp_topics_default'] = 3;
     } elseif ($form['disp_topics_default'] > 75) {
         $form['disp_topics_default'] = 75;
     }
     if ($form['disp_posts_default'] < 3) {
         $form['disp_posts_default'] = 3;
     } elseif ($form['disp_posts_default'] > 75) {
         $form['disp_posts_default'] = 75;
     }
     if ($form['feed_type'] < 0 || $form['feed_type'] > 2) {
         message($lang_common['Bad request'], '404');
     }
     if ($form['feed_ttl'] < 0) {
         message($lang_common['Bad request'], '404');
     }
     if ($form['report_method'] < 0 || $form['report_method'] > 2) {
         message($lang_common['Bad request'], '404');
     }
     if ($form['default_email_setting'] < 0 || $form['default_email_setting'] > 2) {
         message($lang_common['Bad request'], '404');
     }
     if ($form['timeout_online'] >= $form['timeout_visit']) {
         message($lang_admin_options['Timeout error message']);
     }
     foreach ($form as $key => $input) {
         // Only update values that have changed
         if (array_key_exists('o_' . $key, $this->config) && $this->config['o_' . $key] != $input) {
             if ($input != '' || is_int($input)) {
                 DB::for_table('config')->where('conf_name', 'o_' . $key)->update_many('conf_value', $input);
             } else {
                 DB::for_table('config')->where('conf_name', 'o_' . $key)->update_many_expr('conf_value', 'NULL');
             }
         }
     }
     // Regenerate the config cache
     if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
         require FEATHER_ROOT . 'include/cache.php';
     }
     generate_config_cache();
     clear_feed_cache();
     redirect(get_link('admin/options/'), $lang_admin_options['Options updated redirect']);
 }
Ejemplo n.º 12
0
    $default_style = 'FeatherBB';
} else {
    $db_type = $_POST['req_db_type'];
    $db_host = feather_trim($_POST['req_db_host']);
    $db_name = feather_trim($_POST['req_db_name']);
    $db_username = feather_trim($_POST['db_username']);
    $db_password = feather_trim($_POST['db_password']);
    $db_prefix = feather_trim($_POST['db_prefix']);
    $username = feather_trim($_POST['req_username']);
    $email = strtolower(feather_trim($_POST['req_email']));
    $password1 = feather_trim($_POST['req_password1']);
    $password2 = feather_trim($_POST['req_password2']);
    $title = feather_trim($_POST['req_title']);
    $description = feather_trim($_POST['desc']);
    $base_url = feather_trim($_POST['req_base_url']);
    $default_lang = feather_trim($_POST['req_default_lang']);
    $default_style = 'FeatherBB';
    $alerts = array();
    // Make sure base_url doesn't end with a slash
    if (substr($base_url, -1) == '/') {
        $base_url = substr($base_url, 0, -1);
    }
    // Validate username and passwords
    if (feather_strlen($username) < 2) {
        $alerts[] = $lang_install['Username 1'];
    } elseif (feather_strlen($username) > 25) {
        // This usually doesn't happen since the form element only accepts 25 characters
        $alerts[] = $lang_install['Username 2'];
    } elseif (!strcasecmp($username, 'Guest')) {
        $alerts[] = $lang_install['Username 3'];
    } elseif (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) {
Ejemplo n.º 13
0
 public function get_info_prune($prune_sticky, $prune_from)
 {
     global $lang_admin_maintenance;
     $prune = array();
     $prune['days'] = feather_trim($this->request->post('req_prune_days'));
     if ($prune['days'] == '' || preg_match('%[^0-9]%', $prune['days'])) {
         message($lang_admin_maintenance['Days must be integer message']);
     }
     $prune['date'] = time() - $prune['days'] * 86400;
     // Concatenate together the query for counting number of topics to prune
     $query = DB::for_table('topics')->where_lt('last_post', $prune['date'])->where_null('moved_to');
     if ($prune_sticky == '0') {
         $query = $query->where('sticky', 0);
     }
     if ($prune_from != 'all') {
         $query = $query->where('forum_id', intval($prune_from));
         // Fetch the forum name (just for cosmetic reasons)
         $forum = DB::for_table('forums')->where('id', $prune_from)->find_one_col('forum_name');
         $prune['forum'] = '"' . feather_escape($forum) . '"';
     } else {
         $prune['forum'] = $lang_admin_maintenance['All forums'];
     }
     $prune['num_topics'] = $query->count('id');
     if (!$prune['num_topics']) {
         message(sprintf($lang_admin_maintenance['No old topics message'], $prune['days']));
     }
     return $prune;
 }
Ejemplo n.º 14
0
 public function get_user_search()
 {
     global $db_type, $lang_common, $lang_admin_users;
     $form = $this->request->get('form') ? $this->request->get('form') : array();
     $search = array();
     // trim() all elements in $form
     $form = array_map('feather_trim', $form);
     $posts_greater = $this->request->get('posts_greater') ? feather_trim($this->request->get('posts_greater')) : '';
     $posts_less = $this->request->get('posts_less') ? feather_trim($this->request->get('posts_less')) : '';
     $last_post_after = $this->request->get('last_post_after') ? feather_trim($this->request->get('last_post_after')) : '';
     $last_post_before = $this->request->get('last_post_before') ? feather_trim($this->request->get('last_post_before')) : '';
     $last_visit_after = $this->request->get('last_visit_after') ? feather_trim($this->request->get('last_visit_after')) : '';
     $last_visit_before = $this->request->get('last_visit_before') ? feather_trim($this->request->get('last_visit_before')) : '';
     $registered_after = $this->request->get('registered_after') ? feather_trim($this->request->get('registered_after')) : '';
     $registered_before = $this->request->get('registered_before') ? feather_trim($this->request->get('registered_before')) : '';
     $order_by = $search['order_by'] = $this->request->get('order_by') && in_array($this->request->get('order_by'), array('username', 'email', 'num_posts', 'last_post', 'last_visit', 'registered')) ? $this->request->get('order_by') : 'username';
     $direction = $search['direction'] = $this->request->get('direction') && $this->request->get('direction') == 'DESC' ? 'DESC' : 'ASC';
     $user_group = $this->request->get('user_group') ? intval($this->request->get('user_group')) : -1;
     $search['query_str'][] = 'order_by=' . $order_by;
     $search['query_str'][] = 'direction=' . $direction;
     $search['query_str'][] = 'user_group=' . $user_group;
     if (preg_match('%[^0-9]%', $posts_greater . $posts_less)) {
         message($lang_admin_users['Non numeric message']);
     }
     $search['conditions'] = array();
     // Try to convert date/time to timestamps
     if ($last_post_after != '') {
         $search['query_str'][] = 'last_post_after=' . $last_post_after;
         $last_post_after = strtotime($last_post_after);
         if ($last_post_after === false || $last_post_after == -1) {
             message($lang_admin_users['Invalid date time message']);
         }
         $search['conditions'][] = 'u.last_post>' . $last_post_after;
     }
     if ($last_post_before != '') {
         $search['query_str'][] = 'last_post_before=' . $last_post_before;
         $last_post_before = strtotime($last_post_before);
         if ($last_post_before === false || $last_post_before == -1) {
             message($lang_admin_users['Invalid date time message']);
         }
         $search['conditions'][] = 'u.last_post<' . $last_post_before;
     }
     if ($last_visit_after != '') {
         $search['query_str'][] = 'last_visit_after=' . $last_visit_after;
         $last_visit_after = strtotime($last_visit_after);
         if ($last_visit_after === false || $last_visit_after == -1) {
             message($lang_admin_users['Invalid date time message']);
         }
         $search['conditions'][] = 'u.last_visit>' . $last_visit_after;
     }
     if ($last_visit_before != '') {
         $search['query_str'][] = 'last_visit_before=' . $last_visit_before;
         $last_visit_before = strtotime($last_visit_before);
         if ($last_visit_before === false || $last_visit_before == -1) {
             message($lang_admin_users['Invalid date time message']);
         }
         $search['conditions'][] = 'u.last_visit<' . $last_visit_before;
     }
     if ($registered_after != '') {
         $search['query_str'][] = 'registered_after=' . $registered_after;
         $registered_after = strtotime($registered_after);
         if ($registered_after === false || $registered_after == -1) {
             message($lang_admin_users['Invalid date time message']);
         }
         $search['conditions'][] = 'u.registered>' . $registered_after;
     }
     if ($registered_before != '') {
         $search['query_str'][] = 'registered_before=' . $registered_before;
         $registered_before = strtotime($registered_before);
         if ($registered_before === false || $registered_before == -1) {
             message($lang_admin_users['Invalid date time message']);
         }
         $search['conditions'][] = 'u.registered<' . $registered_before;
     }
     $like_command = $db_type == 'pgsql' ? 'ILIKE' : 'LIKE';
     foreach ($form as $key => $input) {
         if ($input != '' && in_array($key, array('username', 'email', 'title', 'realname', 'url', 'jabber', 'icq', 'msn', 'aim', 'yahoo', 'location', 'signature', 'admin_note'))) {
             $search['conditions'][] = 'u.' . str_replace("'", "''", $key) . ' ' . $like_command . ' \'' . str_replace("'", "''", str_replace('*', '%', $input)) . '\'';
             $search['query_str'][] = 'form%5B' . $key . '%5D=' . urlencode($input);
         }
     }
     if ($posts_greater != '') {
         $search['query_str'][] = 'posts_greater=' . $posts_greater;
         $search['conditions'][] = 'u.num_posts>' . $posts_greater;
     }
     if ($posts_less != '') {
         $search['query_str'][] = 'posts_less=' . $posts_less;
         $search['conditions'][] = 'u.num_posts<' . $posts_less;
     }
     if ($user_group > -1) {
         $search['conditions'][] = 'u.group_id=' . $user_group;
     }
     return $search;
 }
Ejemplo n.º 15
0
<?php 
}
?>
						<label class="required"><strong><?php 
echo $lang_common['Message'];
?>
 <span><?php 
echo $lang_common['Required'];
?>
</span></strong><br />
                        <script>postEditorToolbar('req_message');</script>
						<textarea name="req_message" id="req_message" rows="20" cols="95" tabindex="<?php 
echo $cur_index++;
?>
"><?php 
echo $feather->request->post('req_message') ? feather_linebreaks(feather_trim(feather_escape($feather->request->post('req_message')))) : (isset($quote) ? $quote : '');
?>
</textarea><br /></label>
						<ul class="bblinks">
							<li><span><a href="<?php 
echo get_link('help/#bbcode');
?>
" onclick="window.open(this.href); return false;"><?php 
echo $lang_common['BBCode'];
?>
</a> <?php 
echo $feather_config['p_message_bbcode'] == '1' ? $lang_common['on'] : $lang_common['off'];
?>
</span></li>
							<li><span><a href="<?php 
echo get_link('help/#url');
Ejemplo n.º 16
0
 public function setup_variables($cur_post, $is_admmod, $can_edit_subject, $errors)
 {
     global $pd;
     $post = array();
     $post['hide_smilies'] = $this->request->post('hide_smilies') ? '1' : '0';
     $post['stick_topic'] = $this->request->post('stick_topic') ? '1' : '0';
     if (!$is_admmod) {
         $post['stick_topic'] = $cur_post['sticky'];
     }
     // Clean up message from POST
     $post['message'] = feather_linebreaks(feather_trim($this->request->post('req_message')));
     // Validate BBCode syntax
     if ($this->config['p_message_bbcode'] == '1') {
         require_once FEATHER_ROOT . 'include/parser.php';
         $post['message'] = preparse_bbcode($post['message'], $errors);
     }
     // Replace four-byte characters (MySQL cannot handle them)
     $post['message'] = strip_bad_multibyte_chars($post['message']);
     // Get the subject
     if ($can_edit_subject) {
         $post['subject'] = feather_trim($this->request->post('req_subject'));
     }
     return $post;
 }
Ejemplo n.º 17
0
 public function password_forgotten()
 {
     global $lang_common, $lang_login;
     if (!$this->user->is_guest) {
         header('Location: ' . get_base_url());
         exit;
     }
     // Start with a clean slate
     $errors = array();
     if ($this->feather->request()->isPost()) {
         require FEATHER_ROOT . 'include/email.php';
         // Validate the email address
         $email = strtolower(feather_trim($this->request->post('req_email')));
         if (!is_valid_email($email)) {
             $errors[] = $lang_common['Invalid email'];
         }
         // Did everything go according to plan?
         if (empty($errors)) {
             $select_password_forgotten = array('id', 'username', 'last_email_sent');
             $result = DB::for_table('users')->select_many($select_password_forgotten)->where('email', $email)->find_many();
             if ($result) {
                 // Load the "activate password" template
                 $mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/activate_password.tpl'));
                 // The first row contains the subject
                 $first_crlf = strpos($mail_tpl, "\n");
                 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
                 $mail_message = trim(substr($mail_tpl, $first_crlf));
                 // Do the generic replacements first (they apply to all emails sent out here)
                 $mail_message = str_replace('<base_url>', get_base_url() . '/', $mail_message);
                 $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
                 // Loop through users we found
                 foreach ($result as $cur_hit) {
                     if ($cur_hit->last_email_sent != '' && time() - $cur_hit->last_email_sent < 3600 && time() - $cur_hit->last_email_sent >= 0) {
                         message(sprintf($lang_login['Email flood'], intval((3600 - (time() - $cur_hit->last_email_sent)) / 60)), true);
                     }
                     // Generate a new password and a new password activation code
                     $new_password = random_pass(12);
                     $new_password_key = random_pass(8);
                     $update_password = array('activate_string' => feather_hash($new_password), 'activate_key' => $new_password_key, 'last_email_sent' => time());
                     DB::for_table('users')->where('id', $cur_hit->id)->find_one()->set($update_password)->save();
                     // Do the user specific replacements to the template
                     $cur_mail_message = str_replace('<username>', $cur_hit->username, $mail_message);
                     $cur_mail_message = str_replace('<activation_url>', get_link('user/' . $cur_hit->id . '/action/change_pass/?key=' . $new_password_key), $cur_mail_message);
                     $cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
                     pun_mail($email, $mail_subject, $cur_mail_message);
                 }
                 message($lang_login['Forget mail'] . ' <a href="mailto:' . feather_escape($this->config['o_admin_email']) . '">' . feather_escape($this->config['o_admin_email']) . '</a>.', true);
             } else {
                 $errors[] = $lang_login['No email match'] . ' ' . htmlspecialchars($email) . '.';
             }
         }
     }
     return $errors;
 }
Ejemplo n.º 18
0
 public function get_search_results()
 {
     global $db_type, $lang_common, $lang_search;
     $search = array();
     $action = $this->request->get('action') ? $this->request->get('action') : null;
     $forums = $this->request->get('forums') ? is_array($this->request->get('forums')) ? $this->request->get('forums') : array_filter(explode(',', $this->request->get('forums'))) : ($this->request->get('forums') ? array($this->request->get('forums')) : array());
     $sort_dir = $this->request->get('sort_dir') && $this->request->get('sort_dir') == 'DESC' ? 'DESC' : 'ASC';
     $forums = array_map('intval', $forums);
     // Allow the old action names for backwards compatibility reasons
     if ($action == 'show_user') {
         $action = 'show_user_posts';
     } elseif ($action == 'show_24h') {
         $action = 'show_recent';
     }
     // If a search_id was supplied
     if ($this->request->get('search_id')) {
         $search_id = intval($this->request->get('search_id'));
         if ($search_id < 1) {
             message($lang_common['Bad request'], '404');
         }
     } elseif ($action == 'search') {
         $keywords = $this->request->get('keywords') ? utf8_strtolower(feather_trim($this->request->get('keywords'))) : null;
         $author = $this->request->get('author') ? utf8_strtolower(feather_trim($this->request->get('author'))) : null;
         if (preg_match('%^[\\*\\%]+$%', $keywords) || feather_strlen(str_replace(array('*', '%'), '', $keywords)) < FEATHER_SEARCH_MIN_WORD && !is_cjk($keywords)) {
             $keywords = '';
         }
         if (preg_match('%^[\\*\\%]+$%', $author) || feather_strlen(str_replace(array('*', '%'), '', $author)) < 2) {
             $author = '';
         }
         if (!$keywords && !$author) {
             message($lang_search['No terms']);
         }
         if ($author) {
             $author = str_replace('*', '%', $author);
         }
         $show_as = $this->request->get('show_as') && $this->request->get('show_as') == 'topics' ? 'topics' : 'posts';
         $sort_by = $this->request->get('sort_by') ? intval($this->request->get('sort_by')) : 0;
         $search_in = !$this->request->get('search_in') || $this->request->get('search_in') == '0' ? 0 : ($this->request->get('search_in') == '1' ? 1 : -1);
     } elseif ($action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions') {
         $user_id = $this->request->get('user_id') ? intval($this->request->get('user_id')) : $this->user->id;
         if ($user_id < 2) {
             message($lang_common['Bad request'], '404');
         }
         // Subscribed topics can only be viewed by admins, moderators and the users themselves
         if ($action == 'show_subscriptions' && !$this->user->is_admmod && $user_id != $this->user->id) {
             message($lang_common['No permission'], '403');
         }
     } elseif ($action == 'show_recent') {
         $interval = $this->request->get('value') ? intval($this->request->get('value')) : 86400;
     } elseif ($action == 'show_replies') {
         if ($this->user->is_guest) {
             message($lang_common['Bad request'], '404');
         }
     } elseif ($action != 'show_new' && $action != 'show_unanswered') {
         message($lang_common['Bad request'], '404');
     }
     // If a valid search_id was supplied we attempt to fetch the search results from the db
     if (isset($search_id)) {
         $ident = $this->user->is_guest ? get_remote_address() : $this->user->username;
         $search_data = DB::for_table('search_cache')->where('id', $search_id)->where('ident', $ident)->find_one_col('search_data');
         if ($search_data) {
             $temp = unserialize($search_data);
             $search_ids = unserialize($temp['search_ids']);
             $num_hits = $temp['num_hits'];
             $sort_by = $temp['sort_by'];
             $sort_dir = $temp['sort_dir'];
             $show_as = $temp['show_as'];
             $search_type = $temp['search_type'];
             unset($temp);
         } else {
             message($lang_search['No hits']);
         }
     } else {
         $keyword_results = $author_results = array();
         // Search a specific forum?
         $forum_sql = !empty($forums) || empty($forums) && $this->config['o_search_all_forums'] == '0' && !$this->user->is_admmod ? ' AND t.forum_id IN (' . implode(',', $forums) . ')' : '';
         if (!empty($author) || !empty($keywords)) {
             // Flood protection
             if ($this->user->last_search && time() - $this->user->last_search < $this->user->g_search_flood && time() - $this->user->last_search >= 0) {
                 message(sprintf($lang_search['Search flood'], $this->user->g_search_flood, $this->user->g_search_flood - (time() - $this->user->last_search)));
             }
             if (!$this->user->is_guest) {
                 DB::for_table('users')->where('id', $this->user->id)->update_many('last_search', time());
             } else {
                 DB::for_table('online')->where('ident', get_remote_address())->update_many('last_search', time());
             }
             switch ($sort_by) {
                 case 1:
                     $sort_by_sql = $show_as == 'topics' ? 't.poster' : 'p.poster';
                     $sort_type = SORT_STRING;
                     break;
                 case 2:
                     $sort_by_sql = 't.subject';
                     $sort_type = SORT_STRING;
                     break;
                 case 3:
                     $sort_by_sql = 't.forum_id';
                     $sort_type = SORT_NUMERIC;
                     break;
                 case 4:
                     $sort_by_sql = 't.last_post';
                     $sort_type = SORT_NUMERIC;
                     break;
                 default:
                     $sort_by_sql = $show_as == 'topics' ? 't.last_post' : 'p.posted';
                     $sort_type = SORT_NUMERIC;
                     break;
             }
             // If it's a search for keywords
             if ($keywords) {
                 // split the keywords into words
                 $keywords_array = split_words($keywords, false);
                 if (empty($keywords_array)) {
                     message($lang_search['No hits']);
                 }
                 // Should we search in message body or topic subject specifically?
                 $search_in_cond = $search_in ? $search_in > 0 ? ' AND m.subject_match = 0' : ' AND m.subject_match = 1' : '';
                 $word_count = 0;
                 $match_type = 'and';
                 $sort_data = array();
                 foreach ($keywords_array as $cur_word) {
                     switch ($cur_word) {
                         case 'and':
                         case 'or':
                         case 'not':
                             $match_type = $cur_word;
                             break;
                         default:
                             if (is_cjk($cur_word)) {
                                 $where_cond = str_replace('*', '%', $cur_word);
                                 $where_cond_cjk = $search_in ? $search_in > 0 ? 'p.message LIKE %:where_cond%' : 't.subject LIKE %:where_cond%' : 'p.message LIKE %:where_cond% OR t.subject LIKE %:where_cond%';
                                 $result = DB::for_table('posts')->raw_query('SELECT p.id AS post_id, p.topic_id, ' . $sort_by_sql . ' AS sort_by FROM ' . $this->feather->prefix . 'posts AS p INNER JOIN ' . $this->feather->prefix . 'topics AS t ON t.id=p.topic_id LEFT JOIN ' . $this->feather->prefix . 'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id=' . $this->user->g_id . ') WHERE (' . $where_cond_cjk . ') AND (fp.read_forum IS NULL OR fp.read_forum=1)' . $forum_sql, array(':where_cond' => $where_cond))->find_many();
                             } else {
                                 $result = DB::for_table('posts')->raw_query('SELECT m.post_id, p.topic_id, ' . $sort_by_sql . ' AS sort_by FROM ' . $this->feather->prefix . 'search_words AS w INNER JOIN ' . $this->feather->prefix . 'search_matches AS m ON m.word_id = w.id INNER JOIN ' . $this->feather->prefix . 'posts AS p ON p.id=m.post_id INNER JOIN ' . $this->feather->prefix . 'topics AS t ON t.id=p.topic_id LEFT JOIN ' . $this->feather->prefix . 'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id=' . $this->user->g_id . ') WHERE w.word LIKE :where_cond' . $search_in_cond . ' AND (fp.read_forum IS NULL OR fp.read_forum=1)' . $forum_sql, array(':where_cond' => str_replace('*', '%', $cur_word)))->find_many();
                             }
                             $row = array();
                             foreach ($result as $temp) {
                                 $row[$temp['post_id']] = $temp['topic_id'];
                                 if (!$word_count) {
                                     $keyword_results[$temp['post_id']] = $temp['topic_id'];
                                     $sort_data[$temp['post_id']] = $temp['sort_by'];
                                 } elseif ($match_type == 'or') {
                                     $keyword_results[$temp['post_id']] = $temp['topic_id'];
                                     $sort_data[$temp['post_id']] = $temp['sort_by'];
                                 } elseif ($match_type == 'not') {
                                     unset($keyword_results[$temp['post_id']]);
                                     unset($sort_data[$temp['post_id']]);
                                 }
                             }
                             if ($match_type == 'and' && $word_count) {
                                 foreach ($keyword_results as $post_id => $topic_id) {
                                     if (!isset($row[$post_id])) {
                                         unset($keyword_results[$post_id]);
                                         unset($sort_data[$post_id]);
                                     }
                                 }
                             }
                             ++$word_count;
                             $pdo = DB::get_db();
                             $pdo = null;
                             break;
                     }
                 }
                 // Sort the results - annoyingly array_multisort re-indexes arrays with numeric keys, so we need to split the keys out into a separate array then combine them again after
                 $post_ids = array_keys($keyword_results);
                 $topic_ids = array_values($keyword_results);
                 array_multisort(array_values($sort_data), $sort_dir == 'DESC' ? SORT_DESC : SORT_ASC, $sort_type, $post_ids, $topic_ids);
                 // combine the arrays back into a key=>value array (array_combine is PHP5 only unfortunately)
                 $num_results = count($keyword_results);
                 $keyword_results = array();
                 for ($i = 0; $i < $num_results; $i++) {
                     $keyword_results[$post_ids[$i]] = $topic_ids[$i];
                 }
                 unset($sort_data, $post_ids, $topic_ids);
             }
             // If it's a search for author name (and that author name isn't Guest)
             if ($author && $author != 'guest' && $author != utf8_strtolower($lang_common['Guest'])) {
                 $username_exists = DB::for_table('users')->select('id')->where_like('username', $author)->find_many();
                 if ($username_exists) {
                     $user_ids = array();
                     foreach ($username_exists as $row) {
                         $user_ids[] = $row['id'];
                     }
                     $result = DB::for_table('posts')->raw_query('SELECT p.id AS post_id, p.topic_id FROM ' . $this->feather->prefix . 'posts AS p INNER JOIN ' . $this->feather->prefix . 'topics AS t ON t.id=p.topic_id LEFT JOIN ' . $this->feather->prefix . 'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id=' . $this->user->g_id . ') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.poster_id IN(' . implode(',', $user_ids) . ')' . $forum_sql . ' ORDER BY ' . $sort_by_sql . ' ' . $sort_dir)->find_many();
                     foreach ($result as $temp) {
                         $author_results[$temp['post_id']] = $temp['topic_id'];
                     }
                     $pdo = DB::get_db();
                     $pdo = null;
                 }
             }
             // If we searched for both keywords and author name we want the intersection between the results
             if ($author && $keywords) {
                 $search_ids = array_intersect_assoc($keyword_results, $author_results);
                 $search_type = array('both', array($keywords, feather_trim($this->request->get('author'))), implode(',', $forums), $search_in);
             } elseif ($keywords) {
                 $search_ids = $keyword_results;
                 $search_type = array('keywords', $keywords, implode(',', $forums), $search_in);
             } else {
                 $search_ids = $author_results;
                 $search_type = array('author', feather_trim($this->request->get('author')), implode(',', $forums), $search_in);
             }
             unset($keyword_results, $author_results);
             if ($show_as == 'topics') {
                 $search_ids = array_values($search_ids);
             } else {
                 $search_ids = array_keys($search_ids);
             }
             $search_ids = array_unique($search_ids);
             $num_hits = count($search_ids);
             if (!$num_hits) {
                 message($lang_search['No hits']);
             }
         } elseif ($action == 'show_new' || $action == 'show_recent' || $action == 'show_replies' || $action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions' || $action == 'show_unanswered') {
             $search_type = array('action', $action);
             $show_as = 'topics';
             // We want to sort things after last post
             $sort_by = 0;
             $sort_dir = 'DESC';
             $where_search_action = array(array('fp.read_forum' => 'IS NULL'), array('fp.read_forum' => '1'));
             // If it's a search for new posts since last visit
             if ($action == 'show_new') {
                 if ($this->user->is_guest) {
                     message($lang_common['No permission'], '403');
                 }
                 $result = DB::for_table('topics')->table_alias('t')->select('t.id')->left_outer_join('forum_perms', array('fp.forum_id', '=', 't.forum_id'), 'fp')->left_outer_join('forum_perms', array('fp.group_id', '=', $this->user->g_id), null, true)->where_any_is($where_search_action)->where_gt('t.last_post', $this->user->last_visit)->where_null('t.moved_to')->order_by_desc('t.last_post');
                 if ($this->request->get('fid')) {
                     $result = $result->where('t.forum_id', intval($this->request->get('fid')));
                 }
                 $result = $result->find_many();
                 $num_hits = count($result);
                 if (!$num_hits) {
                     message($lang_search['No new posts']);
                 }
             } elseif ($action == 'show_recent') {
                 $result = DB::for_table('topics')->table_alias('t')->select('t.id')->left_outer_join('forum_perms', array('fp.forum_id', '=', 't.forum_id'), 'fp')->left_outer_join('forum_perms', array('fp.group_id', '=', $this->user->g_id), null, true)->where_any_is($where_search_action)->where_gt('t.last_post', time() - $interval)->where_null('t.moved_to')->order_by_desc('t.last_post');
                 if ($this->request->get('fid')) {
                     $result = $result->where('t.forum_id', intval($this->request->get('fid')));
                 }
                 $result = $result->find_many();
                 $num_hits = count($result);
                 if (!$num_hits) {
                     message($lang_search['No recent posts']);
                 }
             } elseif ($action == 'show_replies') {
                 $result = DB::for_table('topics')->table_alias('t')->select('t.id')->inner_join('posts', array('t.id', '=', 'p.topic_id'), 'p')->left_outer_join('forum_perms', array('fp.forum_id', '=', 't.forum_id'), 'fp')->left_outer_join('forum_perms', array('fp.group_id', '=', $this->user->g_id), null, true)->where_any_is($where_search_action)->where('p.poster_id', $this->user->id)->group_by('t.id');
                 if ($db_type == 'pgsql') {
                     $result = $result->group_by('t.last_post');
                 }
                 $result = $result->find_many();
                 $num_hits = count($result);
                 if (!$num_hits) {
                     message($lang_search['No user posts']);
                 }
             } elseif ($action == 'show_user_posts') {
                 $show_as = 'posts';
                 $result = DB::for_table('posts')->table_alias('p')->select('p.id')->inner_join('topics', array('p.topic_id', '=', 't.id'), 't')->left_outer_join('forum_perms', array('fp.forum_id', '=', 't.forum_id'), 'fp')->left_outer_join('forum_perms', array('fp.group_id', '=', $this->user->g_id), null, true)->where_any_is($where_search_action)->where('p.poster_id', $user_id)->order_by_desc('p.posted');
                 $result = $result->find_many();
                 $num_hits = count($result);
                 if (!$num_hits) {
                     message($lang_search['No user posts']);
                 }
                 // Pass on the user ID so that we can later know whose posts we're searching for
                 $search_type[2] = $user_id;
             } elseif ($action == 'show_user_topics') {
                 $result = DB::for_table('topics')->table_alias('t')->select('t.id')->inner_join('posts', array('t.first_post_id', '=', 'p.id'), 'p')->left_outer_join('forum_perms', array('fp.forum_id', '=', 't.forum_id'), 'fp')->left_outer_join('forum_perms', array('fp.group_id', '=', $this->user->g_id), null, true)->where_any_is($where_search_action)->where('p.poster_id', $user_id)->order_by_desc('t.last_post');
                 $result = $result->find_many();
                 $num_hits = count($result);
                 if (!$num_hits) {
                     message($lang_search['No user topics']);
                 }
                 // Pass on the user ID so that we can later know whose topics we're searching for
                 $search_type[2] = $user_id;
             } elseif ($action == 'show_subscriptions') {
                 if ($this->user->is_guest) {
                     message($lang_common['Bad request'], '404');
                 }
                 $result = DB::for_table('topics')->table_alias('t')->select('t.id')->inner_join('topic_subscriptions', array('t.id', '=', 's.topic_id'), 's')->inner_join('topic_subscriptions', array('s.user_id', '=', $user_id), null, true)->left_outer_join('forum_perms', array('fp.forum_id', '=', 't.forum_id'), 'fp')->left_outer_join('forum_perms', array('fp.group_id', '=', $this->user->g_id), null, true)->where_any_is($where_search_action)->order_by_desc('t.last_post');
                 $result = $result->find_many();
                 $num_hits = count($result);
                 if (!$num_hits) {
                     message($lang_search['No subscriptions']);
                 }
                 // Pass on user ID so that we can later know whose subscriptions we're searching for
                 $search_type[2] = $user_id;
             } else {
                 $result = DB::for_table('topics')->table_alias('t')->select('t.id')->left_outer_join('forum_perms', array('fp.forum_id', '=', 't.forum_id'), 'fp')->left_outer_join('forum_perms', array('fp.group_id', '=', $this->user->g_id), null, true)->where('t.num_replies', 0)->where_null('t.moved_to')->where_any_is($where_search_action)->order_by_desc('t.last_post');
                 $result = $result->find_many();
                 $num_hits = count($result);
                 if (!$num_hits) {
                     message($lang_search['No unanswered']);
                 }
             }
             $search_ids = array();
             foreach ($result as $row) {
                 $search_ids[] = $row['id'];
             }
             $pdo = DB::get_db();
             $pdo = null;
         } else {
             message($lang_common['Bad request'], '404');
         }
         // Prune "old" search results
         $old_searches = array();
         $result = DB::for_table('online')->select('ident')->find_many();
         if ($result) {
             foreach ($result as $row) {
                 $old_searches[] = $row['ident'];
             }
             DB::for_table('search_cache')->where_not_in('ident', $old_searches)->delete_many();
         }
         // Fill an array with our results and search properties
         $temp = serialize(array('search_ids' => serialize($search_ids), 'num_hits' => $num_hits, 'sort_by' => $sort_by, 'sort_dir' => $sort_dir, 'show_as' => $show_as, 'search_type' => $search_type));
         $search_id = mt_rand(1, 2147483647);
         $ident = $this->user->is_guest ? get_remote_address() : $this->user->username;
         $insert_cache = array('id' => $search_id, 'ident' => $ident, 'search_data' => $temp);
         DB::for_table('search_cache')->create()->set($insert_cache)->save();
         if ($search_type[0] != 'action') {
             $this->db->end_transaction();
             $this->db->close();
             // Redirect the user to the cached result page
             header('Location: ' . get_link('search/?search_id=' . $search_id));
             exit;
         }
     }
     // If we're on the new posts search, display a "mark all as read" link
     if (!$this->user->is_guest && $search_type[0] == 'action' && $search_type[1] == 'show_new') {
         $search['forum_actions'][] = '<a href="' . get_link('mark-read/') . '">' . $lang_common['Mark all as read'] . '</a>';
     }
     // Fetch results to display
     if (!empty($search_ids)) {
         // We have results
         $search['is_result'] = true;
         switch ($sort_by) {
             case 1:
                 $sort_by_sql = $show_as == 'topics' ? 't.poster' : 'p.poster';
                 break;
             case 2:
                 $sort_by_sql = 't.subject';
                 break;
             case 3:
                 $sort_by_sql = 't.forum_id';
                 break;
             default:
                 $sort_by_sql = $show_as == 'topics' ? 't.last_post' : 'p.posted';
                 break;
         }
         // Determine the topic or post offset (based on $_GET['p'])
         $per_page = $show_as == 'posts' ? $this->user->disp_posts : $this->user->disp_topics;
         $num_pages = ceil($num_hits / $per_page);
         $p = !$this->request->get('p') || $this->request->get('p') <= 1 || $this->request->get('p') > $num_pages ? 1 : intval($this->request->get('p'));
         $start_from = $per_page * ($p - 1);
         $search['start_from'] = $start_from;
         // Generate paging links
         $search['paging_links'] = '<span class="pages-label">' . $lang_common['Pages'] . ' </span>' . paginate_old($num_pages, $p, '?search_id=' . $search_id);
         // throw away the first $start_from of $search_ids, only keep the top $per_page of $search_ids
         $search_ids = array_slice($search_ids, $start_from, $per_page);
         // Run the query and fetch the results
         if ($show_as == 'posts') {
             $select_search_post = array('pid' => 'p.id', 'pposter' => 'p.poster', 'pposted' => 'p.posted', 'p.poster_id', 'p.message', 'p.hide_smilies', 'tid' => 't.id', 't.poster', 't.subject', 't.first_post_id', 't.last_post', 't.last_post_id', 't.last_poster', 't.num_replies', 't.forum_id', 'f.forum_name');
             $result = DB::for_table('posts')->table_alias('p')->select_many($select_search_post)->inner_join('topics', array('t.id', '=', 'p.topic_id'), 't')->inner_join('forums', array('f.id', '=', 't.forum_id'), 'f')->where_in('p.id', $search_ids)->order_by($sort_by_sql, $sort_dir)->find_many();
         } else {
             $select_search_topic = array('tid' => 't.id', 't.poster', 't.subject', 't.last_post', 't.last_post_id', 't.last_poster', 't.num_replies', 't.closed', 't.sticky', 't.forum_id', 'f.forum_name');
             $result = DB::for_table('topics')->table_alias('t')->select_many($select_search_topic)->inner_join('forums', array('f.id', '=', 't.forum_id'), 'f')->where_in('t.id', $search_ids)->order_by($sort_by_sql, $sort_dir)->find_many();
         }
         $search['search_set'] = array();
         foreach ($result as $row) {
             $search['search_set'][] = $row;
         }
         $search['crumbs_text']['show_as'] = $lang_search['Search'];
         if ($search_type[0] == 'action') {
             if ($search_type[1] == 'show_user_topics') {
                 $search['crumbs_text']['search_type'] = '<a href="' . get_link('search/?action=show_user_topics&amp;user_id=' . $search_type[2]) . '">' . sprintf($lang_search['Quick search show_user_topics'], feather_escape($search['search_set'][0]['poster'])) . '</a>';
             } elseif ($search_type[1] == 'show_user_posts') {
                 $search['crumbs_text']['search_type'] = '<a href="' . get_link('search/?action=show_user_posts&amp;user_id=' . $search_type[2]) . '">' . sprintf($lang_search['Quick search show_user_posts'], feather_escape($search['search_set'][0]['pposter'])) . '</a>';
             } elseif ($search_type[1] == 'show_subscriptions') {
                 // Fetch username of subscriber
                 $subscriber_id = $search_type[2];
                 $subscriber_name = DB::for_table('users')->where('id', $subscriber_id)->find_one_col('username');
                 if (!$subscriber_name) {
                     message($lang_common['Bad request'], '404');
                 }
                 $search['crumbs_text']['search_type'] = '<a href="' . get_link('search/?action=show_subscription&amp;user_id=' . $subscriber_id) . '">' . sprintf($lang_search['Quick search show_subscriptions'], feather_escape($subscriber_name)) . '</a>';
             } else {
                 $search_url = str_replace('_', '/', $search_type[1]);
                 $search['crumbs_text']['search_type'] = '<a href="' . get_link('search/' . $search_url . '/') . '">' . $lang_search['Quick search ' . $search_type[1]] . '</a>';
             }
         } else {
             $keywords = $author = '';
             if ($search_type[0] == 'both') {
                 list($keywords, $author) = $search_type[1];
                 $search['crumbs_text']['search_type'] = sprintf($lang_search['By both show as ' . $show_as], feather_escape($keywords), feather_escape($author));
             } elseif ($search_type[0] == 'keywords') {
                 $keywords = $search_type[1];
                 $search['crumbs_text']['search_type'] = sprintf($lang_search['By keywords show as ' . $show_as], feather_escape($keywords));
             } elseif ($search_type[0] == 'author') {
                 $author = $search_type[1];
                 $search['crumbs_text']['search_type'] = sprintf($lang_search['By user show as ' . $show_as], feather_escape($author));
             }
             $search['crumbs_text']['search_type'] = '<a href="' . get_link('search/?action=search&amp;keywords=' . urlencode($keywords) . '&amp;author=' . urlencode($author) . '&amp;forums=' . $search_type[2] . '&amp;search_in=' . $search_type[3] . '&amp;sort_by=' . $sort_by . '&amp;sort_dir=' . $sort_dir . '&amp;show_as=' . $show_as) . '">' . $search['crumbs_text']['search_type'] . '</a>';
         }
     }
     $search['show_as'] = $show_as;
     return $search;
 }
Ejemplo n.º 19
0
 public function find_ban($start_from = false)
 {
     global $lang_admin_bans;
     $ban_info = array();
     // trim() all elements in $form
     $ban_info['conditions'] = $ban_info['query_str'] = array();
     $expire_after = $this->request->get('expire_after') ? feather_trim($this->request->get('expire_after')) : '';
     $expire_before = $this->request->get('expire_before') ? feather_trim($this->request->get('expire_before')) : '';
     $ban_info['order_by'] = $this->request->get('order_by') && in_array($this->request->get('order_by'), array('username', 'ip', 'email', 'expire')) ? 'b.' . $this->request->get('order_by') : 'b.username';
     $ban_info['direction'] = $this->request->get('direction') && $this->request->get('direction') == 'DESC' ? 'DESC' : 'ASC';
     $ban_info['query_str'][] = 'order_by=' . $ban_info['order_by'];
     $ban_info['query_str'][] = 'direction=' . $ban_info['direction'];
     // Build the query
     $result = DB::for_table('bans')->table_alias('b')->where_gt('b.id', 0);
     // Try to convert date/time to timestamps
     if ($expire_after != '') {
         $ban_info['query_str'][] = 'expire_after=' . $expire_after;
         $expire_after = strtotime($expire_after);
         if ($expire_after === false || $expire_after == -1) {
             message($lang_admin_bans['Invalid date message']);
         }
         $result = $result->where_gt('b.expire', $expire_after);
     }
     if ($expire_before != '') {
         $ban_info['query_str'][] = 'expire_before=' . $expire_before;
         $expire_before = strtotime($expire_before);
         if ($expire_before === false || $expire_before == -1) {
             message($lang_admin_bans['Invalid date message']);
         }
         $result = $result->where_lt('b.expire', $expire_before);
     }
     if ($this->request->get('username')) {
         $result = $result->where_like('b.username', str_replace('*', '%', $this->request->get('username')));
         $ban_info['query_str'][] = 'username='******'username'));
     }
     if ($this->request->get('ip')) {
         $result = $result->where_like('b.ip', str_replace('*', '%', $this->request->get('ip')));
         $ban_info['query_str'][] = 'ip=' . urlencode($this->request->get('ip'));
     }
     if ($this->request->get('email')) {
         $result = $result->where_like('b.email', str_replace('*', '%', $this->request->get('email')));
         $ban_info['query_str'][] = 'email=' . urlencode($this->request->get('email'));
     }
     if ($this->request->get('message')) {
         $result = $result->where_like('b.message', str_replace('*', '%', $this->request->get('message')));
         $ban_info['query_str'][] = 'message=' . urlencode($this->request->get('message'));
     }
     // Fetch ban count
     if (is_numeric($start_from)) {
         $ban_info['data'] = array();
         $select_bans = array('b.id', 'b.username', 'b.ip', 'b.email', 'b.message', 'b.expire', 'b.ban_creator', 'ban_creator_username' => 'u.username');
         $result = $result->select_many($select_bans)->left_outer_join('users', array('b.ban_creator', '=', 'u.id'), 'u')->order_by($ban_info['order_by'], $ban_info['direction'])->offset($start_from)->limit(50)->find_many();
         foreach ($result as $cur_ban) {
             $ban_info['data'][] = $cur_ban;
         }
     } else {
         $ban_info['num_bans'] = $result->count('id');
     }
     return $ban_info;
 }
Ejemplo n.º 20
0
 public function add_edit_group($groups)
 {
     global $lang_admin_groups;
     if ($this->request->post('group_id')) {
         $group_id = $this->request->post('group_id');
     } else {
         $group_id = 0;
     }
     // Is this the admin group? (special rules apply)
     $is_admin_group = $this->request->post('group_id') && $this->request->post('group_id') == FEATHER_ADMIN ? true : false;
     $title = feather_trim($this->request->post('req_title'));
     $user_title = feather_trim($this->request->post('user_title'));
     $promote_min_posts = $this->request->post('promote_min_posts') ? intval($this->request->post('promote_min_posts')) : '0';
     if ($this->request->post('promote_next_group') && isset($groups[$this->request->post('promote_next_group')]) && !in_array($this->request->post('promote_next_group'), array(FEATHER_ADMIN, FEATHER_GUEST)) && ($this->request->post('group_id') || $this->request->post('promote_next_group') != $this->request->post('group_id'))) {
         $promote_next_group = $this->request->post('promote_next_group');
     } else {
         $promote_next_group = '0';
     }
     $moderator = $this->request->post('moderator') && $this->request->post('moderator') == '1' ? '1' : '0';
     $mod_edit_users = $moderator == '1' && $this->request->post('mod_edit_users') == '1' ? '1' : '0';
     $mod_rename_users = $moderator == '1' && $this->request->post('mod_rename_users') == '1' ? '1' : '0';
     $mod_change_passwords = $moderator == '1' && $this->request->post('mod_change_passwords') == '1' ? '1' : '0';
     $mod_ban_users = $moderator == '1' && $this->request->post('mod_ban_users') == '1' ? '1' : '0';
     $mod_promote_users = $moderator == '1' && $this->request->post('mod_promote_users') == '1' ? '1' : '0';
     $read_board = $this->request->post('read_board') == 0 ? $this->request->post('read_board') : '1';
     $view_users = $this->request->post('view_users') && $this->request->post('view_users') == '1' || $is_admin_group ? '1' : '0';
     $post_replies = $this->request->post('post_replies') == 0 ? $this->request->post('post_replies') : '1';
     $post_topics = $this->request->post('post_topics') == 0 ? $this->request->post('post_topics') : '1';
     $edit_posts = $this->request->post('edit_posts') == 0 ? $this->request->post('edit_posts') : $is_admin_group ? '1' : '0';
     $delete_posts = $this->request->post('delete_posts') == 0 ? $this->request->post('delete_posts') : $is_admin_group ? '1' : '0';
     $delete_topics = $this->request->post('delete_topics') == 0 ? $this->request->post('delete_topics') : $is_admin_group ? '1' : '0';
     $post_links = $this->request->post('post_links') == 0 ? $this->request->post('post_links') : '1';
     $set_title = $this->request->post('set_title') == 0 ? $this->request->post('set_title') : $is_admin_group ? '1' : '0';
     $search = $this->request->post('search') == 0 ? $this->request->post('search') : '1';
     $search_users = $this->request->post('search_users') == 0 ? $this->request->post('search_users') : '1';
     $send_email = $this->request->post('send_email') && $this->request->post('send_email') == '1' || $is_admin_group ? '1' : '0';
     $post_flood = $this->request->post('post_flood') && $this->request->post('post_flood') >= 0 ? $this->request->post('post_flood') : '0';
     $search_flood = $this->request->post('search_flood') && $this->request->post('search_flood') >= 0 ? $this->request->post('search_flood') : '0';
     $email_flood = $this->request->post('email_flood') && $this->request->post('email_flood') >= 0 ? $this->request->post('email_flood') : '0';
     $report_flood = $this->request->post('report_flood') >= 0 ? $this->request->post('report_flood') : '0';
     if ($title == '') {
         message($lang_admin_groups['Must enter title message']);
     }
     $user_title = $user_title != '' ? $user_title : 'NULL';
     $insert_update_group = array('g_title' => $title, 'g_user_title' => $user_title, 'g_promote_min_posts' => $promote_min_posts, 'g_promote_next_group' => $promote_next_group, 'g_moderator' => $moderator, 'g_mod_edit_users' => $mod_edit_users, 'g_mod_rename_users' => $mod_rename_users, 'g_mod_change_passwords' => $mod_change_passwords, 'g_mod_ban_users' => $mod_ban_users, 'g_mod_promote_users' => $mod_promote_users, 'g_read_board' => $read_board, 'g_view_users' => $view_users, 'g_post_replies' => $post_replies, 'g_post_topics' => $post_topics, 'g_edit_posts' => $edit_posts, 'g_delete_posts' => $delete_posts, 'g_delete_topics' => $delete_topics, 'g_post_links' => $post_links, 'g_set_title' => $set_title, 'g_search' => $search, 'g_search_users' => $search_users, 'g_send_email' => $send_email, 'g_post_flood' => $post_flood, 'g_search_flood' => $search_flood, 'g_email_flood' => $email_flood, 'g_report_flood' => $report_flood);
     if ($this->request->post('mode') == 'add') {
         $title_exists = DB::for_table('groups')->where('g_title', $title)->find_one();
         if ($title_exists) {
             message(sprintf($lang_admin_groups['Title already exists message'], feather_escape($title)));
         }
         DB::for_table('groups')->create()->set($insert_update_group)->save();
         $new_group_id = DB::get_db()->lastInsertId($this->feather->prefix . 'groups');
         // Now lets copy the forum specific permissions from the group which this group is based on
         $select_forum_perms = array('forum_id', 'read_forum', 'post_replies', 'post_topics');
         $result = DB::for_table('forum_perms')->select_many($select_forum_perms)->where('group_id', $this->request->post('base_group'))->find_many();
         foreach ($result as $cur_forum_perm) {
             $insert_perms = array('group_id' => $new_group_id, 'forum_id' => $cur_forum_perm['forum_id'], 'read_forum' => $cur_forum_perm['read_forum'], 'post_replies' => $cur_forum_perm['post_replies'], 'post_topics' => $cur_forum_perm['post_topics']);
             DB::for_table('forum_perms')->create()->set($insert_perms)->save();
         }
     } else {
         $title_exists = DB::for_table('groups')->where('g_title', $title)->where_not_equal('g_id', $this->request->post('group_id'))->find_one();
         if ($title_exists) {
             message(sprintf($lang_admin_groups['Title already exists message'], feather_escape($title)));
         }
         DB::for_table('groups')->find_one($this->request->post('group_id'))->set($insert_update_group)->save();
         // Promote all users who would be promoted to this group on their next post
         if ($promote_next_group) {
             DB::for_table('users')->where('group_id', $this->request->post('group_id'))->where_gte('num_posts', $promote_min_posts)->update_many('group_id', $promote_next_group);
         }
     }
     // Regenerate the quick jump cache
     if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
         require FEATHER_ROOT . 'include/cache.php';
     }
     $group_id = $this->request->post('mode') == 'add' ? $new_group_id : $this->request->post('group_id');
     generate_quickjump_cache($group_id);
     if ($this->request->post('mode') == 'edit') {
         redirect(get_link('admin/groups/'), $lang_admin_groups['Group edited redirect']);
     } else {
         redirect(get_link('admin/groups/'), $lang_admin_groups['Group added redirect']);
     }
 }
Ejemplo n.º 21
0
 public function split_posts($tid, $fid, $p = null)
 {
     global $lang_common, $lang_misc, $lang_post;
     $posts = $this->request->post('posts') ? $this->request->post('posts') : array();
     if (empty($posts)) {
         message($lang_misc['No posts selected']);
     }
     if ($this->request->post('split_posts_comply')) {
         if (@preg_match('%[^0-9,]%', $posts)) {
             message($lang_common['Bad request'], '404');
         }
         $move_to_forum = $this->request->post('move_to_forum') ? intval($this->request->post('move_to_forum')) : 0;
         if ($move_to_forum < 1) {
             message($lang_common['Bad request'], '404');
         }
         // How many posts did we just split off?
         $num_posts_splitted = substr_count($posts, ',') + 1;
         // Verify that the post IDs are valid
         $posts_array = explode(',', $posts);
         $result = DB::for_table('posts')->where_in('id', $posts_array)->where('topic_id', $tid)->find_many();
         if (count($result) != $num_posts_splitted) {
             message($lang_common['Bad request'], '404');
         }
         // Verify that the move to forum ID is valid
         $where_split_posts = array(array('fp.post_topics' => 'IS NULL'), array('fp.post_topics' => '1'));
         $result = DB::for_table('forums')->table_alias('f')->left_outer_join('forum_perms', array('fp.forum_id', '=', $move_to_forum), 'fp', true)->left_outer_join('forum_perms', array('fp.group_id', '=', $this->user->g_id), null, true)->where_any_is($where_split_posts)->where_null('f.redirect_url')->find_one();
         if (!$result) {
             message($lang_common['Bad request'], '404');
         }
         // Load the post.php language file
         require FEATHER_ROOT . 'lang/' . $this->user->language . '/post.php';
         // Check subject
         $new_subject = $this->request->post('new_subject') ? feather_trim($this->request->post('new_subject')) : '';
         if ($new_subject == '') {
             message($lang_post['No subject']);
         } elseif (feather_strlen($new_subject) > 70) {
             message($lang_post['Too long subject']);
         }
         // Get data from the new first post
         $select_first_post = array('id', 'poster', 'posted');
         $first_post_data = DB::for_table('posts')->select_many($select_first_post)->where_in('id', $posts_array)->order_by_asc('id')->find_one();
         // Create the new topic
         $insert_topic = array('poster' => $first_post_data['poster'], 'subject' => $new_subject, 'posted' => $first_post_data['posted'], 'first_post_id' => $first_post_data['id'], 'forum_id' => $move_to_forum);
         DB::for_table('topics')->create()->set($insert_topic)->save();
         $new_tid = DB::get_db()->lastInsertId($this->feather->prefix . 'topics');
         // Move the posts to the new topic
         DB::for_table('posts')->where_in('id', $posts_array)->find_one()->set('topic_id', $new_tid)->save();
         // Apply every subscription to both topics
         DB::for_table('topic_subscriptions')->raw_query('INSERT INTO ' . $this->feather->prefix . 'topic_subscriptions (user_id, topic_id) SELECT user_id, ' . $new_tid . ' FROM ' . $this->feather->prefix . 'topic_subscriptions WHERE topic_id=:tid', array('tid' => $tid));
         // Get last_post, last_post_id, and last_poster from the topic and update it
         $select_last_post = array('id', 'poster', 'posted');
         $last_old_post_data = DB::for_table('posts')->select_many($select_last_post)->where('topic_id', $tid)->order_by_desc('id')->find_one();
         // Update the old topic
         $update_old_topic = array('last_post' => $last_old_post_data['posted'], 'last_post_id' => $last_old_post_data['id'], 'last_poster' => $last_old_post_data['poster']);
         DB::for_table('topics')->where('id', $tid)->find_one()->set($update_old_topic)->set_expr('num_replies', 'num_replies-' . $num_posts_splitted)->save();
         // Get last_post, last_post_id, and last_poster from the new topic and update it
         $select_new_post = array('id', 'poster', 'posted');
         $last_new_post_data = DB::for_table('posts')->select_many($select_new_post)->where('topic_id', $new_tid)->order_by_desc('id')->find_one();
         // Update the new topic
         $update_new_topic = array('last_post' => $last_new_post_data['posted'], 'last_post_id' => $last_new_post_data['id'], 'last_poster' => $last_new_post_data['poster']);
         DB::for_table('topics')->where('id', $new_tid)->find_one()->set($update_new_topic)->set_expr('num_replies', 'num_replies-' . $num_posts_splitted - 1)->save();
         update_forum($fid);
         update_forum($move_to_forum);
         redirect(get_link('topic/' . $new_tid . '/'), $lang_misc['Split posts redirect']);
     }
     return $posts;
 }
Ejemplo n.º 22
0
 public function update_profile($id, $info, $section)
 {
     global $lang_common, $lang_profile, $lang_prof_reg, $pd;
     $username_updated = false;
     // Validate input depending on section
     switch ($section) {
         case 'essentials':
             $form = array('timezone' => floatval($this->request->post('form_timezone')), 'dst' => $this->request->post('form_dst') ? '1' : '0', 'time_format' => intval($this->request->post('form_time_format')), 'date_format' => intval($this->request->post('form_date_format')));
             // Make sure we got a valid language string
             if ($this->request->post('form_language')) {
                 $languages = forum_list_langs();
                 $form['language'] = feather_trim($this->request->post('form_language'));
                 if (!in_array($form['language'], $languages)) {
                     message($lang_common['Bad request'], '404');
                 }
             }
             if ($this->user->is_admmod) {
                 $form['admin_note'] = feather_trim($this->request->post('admin_note'));
                 // Are we allowed to change usernames?
                 if ($this->user->g_id == FEATHER_ADMIN || $this->user->g_moderator == '1' && $this->user->g_mod_rename_users == '1') {
                     $form['username'] = feather_trim($this->request->post('req_username'));
                     if ($form['username'] != $info['old_username']) {
                         // Check username
                         require FEATHER_ROOT . 'lang/' . $this->user->language . '/register.php';
                         $errors = '';
                         $errors = check_username($form['username'], $errors, $id);
                         if (!empty($errors)) {
                             message($errors[0]);
                         }
                         $username_updated = true;
                     }
                 }
                 // We only allow administrators to update the post count
                 if ($this->user->g_id == FEATHER_ADMIN) {
                     $form['num_posts'] = intval($this->request->post('num_posts'));
                 }
             }
             if ($this->config['o_regs_verify'] == '0' || $this->user->is_admmod) {
                 require FEATHER_ROOT . 'include/email.php';
                 // Validate the email address
                 $form['email'] = strtolower(feather_trim($this->request->post('req_email')));
                 if (!is_valid_email($form['email'])) {
                     message($lang_common['Invalid email']);
                 }
             }
             break;
         case 'personal':
             $form = array('realname' => $this->request->post('form_realname') ? feather_trim($this->request->post('form_realname')) : '', 'url' => $this->request->post('form_url') ? feather_trim($this->request->post('form_url')) : '', 'location' => $this->request->post('form_location') ? feather_trim($this->request->post('form_location')) : '');
             // Add http:// if the URL doesn't contain it already (while allowing https://, too)
             if ($this->user->g_post_links == '1') {
                 if ($form['url'] != '') {
                     $url = url_valid($form['url']);
                     if ($url === false) {
                         message($lang_profile['Invalid website URL']);
                     }
                     $form['url'] = $url['url'];
                 }
             } else {
                 if (!empty($form['url'])) {
                     message($lang_profile['Website not allowed']);
                 }
                 $form['url'] = '';
             }
             if ($this->user->g_id == FEATHER_ADMIN) {
                 $form['title'] = feather_trim($this->request->post('title'));
             } elseif ($this->user->g_set_title == '1') {
                 $form['title'] = feather_trim($this->request->post('title'));
                 if ($form['title'] != '') {
                     // A list of words that the title may not contain
                     // If the language is English, there will be some duplicates, but it's not the end of the world
                     $forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower($lang_common['Member']), utf8_strtolower($lang_common['Moderator']), utf8_strtolower($lang_common['Administrator']), utf8_strtolower($lang_common['Banned']), utf8_strtolower($lang_common['Guest']));
                     if (in_array(utf8_strtolower($form['title']), $forbidden)) {
                         message($lang_profile['Forbidden title']);
                     }
                 }
             }
             break;
         case 'messaging':
             $form = array('jabber' => feather_trim($this->request->post('form_jabber')), 'icq' => feather_trim($this->request->post('form_icq')), 'msn' => feather_trim($this->request->post('form_msn')), 'aim' => feather_trim($this->request->post('form_aim')), 'yahoo' => feather_trim($this->request->post('form_yahoo')));
             // If the ICQ UIN contains anything other than digits it's invalid
             if (preg_match('%[^0-9]%', $form['icq'])) {
                 message($lang_prof_reg['Bad ICQ']);
             }
             break;
         case 'personality':
             $form = array();
             // Clean up signature from POST
             if ($this->config['o_signatures'] == '1') {
                 $form['signature'] = feather_linebreaks(feather_trim($this->request->post('signature')));
                 // Validate signature
                 if (feather_strlen($form['signature']) > $this->config['p_sig_length']) {
                     message(sprintf($lang_prof_reg['Sig too long'], $this->config['p_sig_length'], feather_strlen($form['signature']) - $this->config['p_sig_length']));
                 } elseif (substr_count($form['signature'], "\n") > $this->config['p_sig_lines'] - 1) {
                     message(sprintf($lang_prof_reg['Sig too many lines'], $this->config['p_sig_lines']));
                 } elseif ($form['signature'] && $this->config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$this->user->is_admmod) {
                     $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature']));
                 }
                 // Validate BBCode syntax
                 if ($this->config['p_sig_bbcode'] == '1') {
                     require FEATHER_ROOT . 'include/parser.php';
                     $errors = array();
                     $form['signature'] = preparse_bbcode($form['signature'], $errors, true);
                     if (count($errors) > 0) {
                         message('<ul><li>' . implode('</li><li>', $errors) . '</li></ul>');
                     }
                 }
             }
             break;
         case 'display':
             $form = array('disp_topics' => feather_trim($this->request->post('form_disp_topics')), 'disp_posts' => feather_trim($this->request->post('form_disp_posts')), 'show_smilies' => $this->request->post('form_show_smilies') ? '1' : '0', 'show_img' => $this->request->post('form_show_img') ? '1' : '0', 'show_img_sig' => $this->request->post('form_show_img_sig') ? '1' : '0', 'show_avatars' => $this->request->post('form_show_avatars') ? '1' : '0', 'show_sig' => $this->request->post('form_show_sig') ? '1' : '0');
             if ($form['disp_topics'] != '') {
                 $form['disp_topics'] = intval($form['disp_topics']);
                 if ($form['disp_topics'] < 3) {
                     $form['disp_topics'] = 3;
                 } elseif ($form['disp_topics'] > 75) {
                     $form['disp_topics'] = 75;
                 }
             }
             if ($form['disp_posts'] != '') {
                 $form['disp_posts'] = intval($form['disp_posts']);
                 if ($form['disp_posts'] < 3) {
                     $form['disp_posts'] = 3;
                 } elseif ($form['disp_posts'] > 75) {
                     $form['disp_posts'] = 75;
                 }
             }
             // Make sure we got a valid style string
             if ($this->request->post('form_style')) {
                 $styles = forum_list_styles();
                 $form['style'] = feather_trim($this->request->post('form_style'));
                 if (!in_array($form['style'], $styles)) {
                     message($lang_common['Bad request'], '404');
                 }
             }
             break;
         case 'privacy':
             $form = array('email_setting' => intval($this->request->post('form_email_setting')), 'notify_with_post' => $this->request->post('form_notify_with_post') ? '1' : '0', 'auto_notify' => $this->request->post('form_auto_notify') ? '1' : '0');
             if ($form['email_setting'] < 0 || $form['email_setting'] > 2) {
                 $form['email_setting'] = $this->config['o_default_email_setting'];
             }
             break;
         default:
             message($lang_common['Bad request'], '404');
     }
     // Single quotes around non-empty values and nothing for empty values
     $temp = array();
     foreach ($form as $key => $input) {
         $temp[$key] = $input;
     }
     if (empty($temp)) {
         message($lang_common['Bad request'], '404');
     }
     DB::for_table('users')->where('id', $id)->find_one()->set($temp)->save();
     // If we changed the username we have to update some stuff
     if ($username_updated) {
         $bans_updated = DB::for_table('bans')->where('username', $info['old_username'])->update_many('username', $form['username']);
         DB::for_table('posts')->where('poster_id', $id)->update_many('poster', $form['username']);
         DB::for_table('posts')->where('edited_by', $info['old_username'])->update_many('edited_by', $form['username']);
         DB::for_table('topics')->where('poster', $info['old_username'])->update_many('poster', $form['username']);
         DB::for_table('topics')->where('last_poster', $info['old_username'])->update_many('last_poster', $form['username']);
         DB::for_table('forums')->where('last_poster', $info['old_username'])->update_many('last_poster', $form['username']);
         DB::for_table('online')->where('ident', $info['old_username'])->update_many('ident', $form['username']);
         // If the user is a moderator or an administrator we have to update the moderator lists
         $group_id = DB::for_table('users')->where('id', $id)->find_one_col('group_id');
         $group_mod = DB::for_table('groups')->where('g_id', $group_id)->find_one_col('g_moderator');
         if ($group_id == FEATHER_ADMIN || $group_mod == '1') {
             $select_mods = array('id', 'moderators');
             $result = DB::for_table('forums')->select_many($select_mods)->find_many();
             foreach ($result as $cur_forum) {
                 $cur_moderators = $cur_forum['moderators'] != '' ? unserialize($cur_forum['moderators']) : array();
                 if (in_array($id, $cur_moderators)) {
                     unset($cur_moderators[$info['old_username']]);
                     $cur_moderators[$form['username']] = $id;
                     uksort($cur_moderators, 'utf8_strcasecmp');
                     DB::for_table('forums')->where('id', $cur_forum['id'])->find_one()->set('moderators', serialize($cur_moderators))->save();
                 }
             }
         }
         // Regenerate the users info cache
         if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
             require FEATHER_ROOT . 'include/cache.php';
         }
         generate_users_info_cache();
         // Check if the bans table was updated and regenerate the bans cache when needed
         if ($bans_updated) {
             generate_bans_cache();
         }
     }
     redirect(get_link('user/' . $id . '/section/' . $section . '/'), $lang_profile['Profile redirect']);
 }