public function output()
{
global $vbulletin;
$vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT));
// verify the userid exists, don't want useless entries in our table.
if ($vbulletin->GPC['userid'] and $vbulletin->GPC['userid'] != $vbulletin->userinfo['userid']) {
if (!($userinfo = fetch_userinfo($vbulletin->GPC['userid']))) {
standard_error(fetch_error('invalidid', $vbphrase['user'], $vbulletin->options['contactuslink']));
}
// are we a member of this user's blog?
if (!is_member_of_blog($vbulletin->userinfo, $userinfo)) {
print_no_permission();
}
$userid = $userinfo['userid'];
/* Blog posting check */
if (!($userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) {
print_no_permission();
}
} else {
$userinfo =& $vbulletin->userinfo;
$userid = '';
/* Blog posting check, no guests! */
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) or !($vbulletin->userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !$vbulletin->userinfo['userid']) {
print_no_permission();
}
}
require_once DIR . '/includes/blog_functions_shared.php';
prepare_blog_category_permissions($userinfo, true);
$globalcats = $this->construct_category($userinfo, 'global');
$localcats = $this->construct_category($userinfo, 'local');
return array('globalcategorybits' => $globalcats, 'localcategorybits' => $localcats);
}
function showItem()
{
global $vbulletin, $vbphrase, $itembit_right_column;
$showvalues = false;
$this->getExtraInfo();
if (!$this->bypassEnableForm() and $this->itemtypedata['options']['edit_time']) {
if (!$this->canEdit()) {
$itembit_right_column .= construct_phrase($vbphrase['kbank_itemshow_customize_userinfo_cantedit'], vb_number_format($this->data['options']['edit_time']));
$showvalues = true;
} else {
$itembit_right_column .= construct_phrase($vbphrase['kbank_itemshow_customize_userinfo_canedit'], vb_number_format($this->data['options']['edit_time']), vb_number_format($this->itemtypedata['options']['edit_time']));
}
}
if ($this->data['status'] == KBANK_ITEM_ENABLED or $showvalues) {
if ($this->data['userid'] == $vbulletin->userinfo['userid']) {
$userinfo =& $vbulletin->userinfo;
} else {
if (!$vbulletin->userinfo['kbank_granted'][$this->data['userid']]['fetched']) {
$vbulletin->userinfo['kbank_granted'][$this->data['userid']] = fetch_userinfo($this->data['userid']);
$vbulletin->userinfo['kbank_granted'][$this->data['userid']]['fetched'] = true;
}
$userinfo =& $vbulletin->userinfo['kbank_granted'][$this->data['userid']];
}
$userinfo['musername'] = null;
$this->work($userinfo);
if ($this->data['options']['username'] or $this->data['options']['username_color'] or $this->data['options']['username_strong']) {
$itembit_right_column .= construct_phrase($vbphrase['kbank_itemshow_customize_userinfo_username'], $userinfo['musername']);
}
if ($this->data['options']['usertitle'] or $this->data['options']['usertitle_color']) {
$itembit_right_column .= construct_phrase($vbphrase['kbank_itemshow_customize_userinfo_usertitle'], $userinfo['usertitle']);
}
}
return parent::showItem();
}
/**
* Формирует(но не сохраняет) тело сообщения
*
* @param array $post
* @global vB_Registry $vbulletin
* @return string
*/
protected function _make_message_body($post)
{
global $vbulletin, $foruminfo, $threadinfo;
$message = '';
if (!intval($this->_post_id)) {
return $message;
}
if (empty($post['pagetext'])) {
$post['pagetext'] = $post['message'];
}
$post['allowsmilie'] = $post['enablesmilies'];
// get attachments
require_once DIR . '/packages/vbattach/attach.php';
$attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post');
$postattach = $attach->fetch_postattach(0, $this->_post_id);
$post['attachments'] = $postattach;
$userinfo = fetch_userinfo($post['userid']);
require_once DIR . '/includes/class_postbit.php';
$postbit_factory = new vB_Postbit_Factory();
$postbit_factory->registry =& $vbulletin;
$postbit_factory->forum =& $foruminfo;
$postbit_factory->thread =& $threadinfo;
$postbit_factory->cache = array();
$postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
$postbit_factory->bbcode_parser->set_parse_userinfo($userinfo);
$postbit_obj =& $postbit_factory->fetch_postbit('post_nntp');
$this->_body = $postbit_obj->construct_postbit($post);
return $this->_body;
}
function RegisterService($who)
{
global $db, $vbulletin, $server;
$result = array();
if (!$vbulletin->options['vbb_serviceonoff']) {
$result['Code'] = 1;
$result['Text'] = 'vbb_service_turned_off';
} else {
if ($vbulletin->options['vbb_servicepw'] != $_SERVER['PHP_AUTH_PW']) {
$result['Code'] = 1;
$result['Text'] = 'vbb_invalid_servicepw';
} else {
$userid = fetch_userid_by_service($who['ServiceName'], $who['Username']);
if (empty($userid) || $userid <= 0) {
$result['Code'] = 1;
$result['Text'] = 'invalid_user';
} else {
unset($vbulletin->userinfo);
$vbulletin->userinfo =& fetch_userinfo($userid);
$permissions = cache_permissions($vbulletin->userinfo);
$vbulletin->options['hourdiff'] = (date('Z', TIMENOW) / 3600 - $vbulletin->userinfo['timezoneoffset']) * 3600;
fetch_options_overrides($vbulletin->userinfo);
fetch_time_data();
// everything is ok
$result['Code'] = 0;
}
}
}
return $result;
}
/**
* Create from the user id
*
* @param int $id
* @return vB_Legacy_User
*/
public static function createFromId($id, $extra_flags = 0)
{
$user = new vB_Legacy_User();
if ($id == 0) {
$user->initGuest();
} else {
$user->record = fetch_userinfo($id, $extra_flags);
}
return $user;
}
function fetch_userinfo_from_username($username, $option = 0, $languageid = 0)
{
$result = $this->db->query("SELECT * FROM " . TABLE_PREFIX . "user WHERE username = '******'");
$useridq = $this->db->fetch_array($result);
if (!$useridq) {
return $useridq;
}
$userid = $useridq['userid'];
return fetch_userinfo($userid, $option, $languageid);
}
function hqth_get_value($userid)
{
global $vbulletin;
$userinfo = fetch_userinfo($userid);
$user_post_number = $userinfo['posts'];
$user_num_buyed = hqth_get_num_buyed($userid);
$user_oldmaster_fee = $vbulletin->options['hqthffs_fee_oldmaster'];
$ffs_default_money = $vbulletin->options['hqthffs_default_money'];
$user_page_fee = $vbulletin->options['hqthffs_fee_page'];
$user_redeemer_fee = $vbulletin->options['hqthffs_fee_redeemer'];
eval('$userprice = ' . $vbulletin->options['hqthffs_pet_cast'] . ';');
return $userprice;
}
function add_member_to_group($member, $order_details, $renewal)
{
if ($renewal || is_wp_error($member) || !$member) {
return;
}
if (!empty($order_details['_acp_order_product_id'])) {
$member_group = get_post_meta($order_details['_acp_order_product_id'], '_acp_product_vbulletin_group', true);
}
if (empty($member_group)) {
$member_group = accesspress_get_option('vbulletin_group');
}
if (!$member_group) {
return;
}
$vb_user_id = get_user_meta($member, 'vbulletin_user_id', true);
if (empty($vb_user_id)) {
return;
}
// get the vBulletin user
$vb_user_data = datamanager_init('User', $GLOBALS['vbulletin'], ERRTYPE_ARRAY);
$user_info = fetch_userinfo($vb_user_id);
$vb_user_data->set_existing($user_info);
// check for existing user
$vb_primary_group = $vb_user_data->fetch_field('usergroupid');
if (empty($vb_primary_group) || !is_numeric($vb_primary_group)) {
$vb_user_data->set('usergroupid', $member_group);
// user already has this primary group
} elseif ($vb_primary_group == $member_group) {
return;
// add to secondary group
} else {
$secondary_groups = array($member_group);
$groups = $vb_user_data->fetch_field('membergroupids');
if (!empty($groups)) {
$secondary_groups = explode(',', $groups);
if (in_array($member_group, $secondary_groups)) {
return;
}
$secondary_groups[] = $member_group;
sort($secondary_groups);
}
$vb_user_data->set('membergroupids', implode(',', $secondary_groups));
}
$vb_user_data->pre_save();
if (empty($vb_user_data->errors)) {
$vb_user_id = $vb_user_data->save();
}
}
/**
* Validates login status on external service and logs in vBulletin
*/
public function login()
{
global $vbulletin;
$vbulletin->session = NULL;
// Get and store vbnexus-id and vbnexus-srv
$vBNexus = vBNexus::getInstance();
$vbnexus_service = $vBNexus->getConfig('vbnexus_service');
$vbnexus_userid = $vBNexus->getConfig('vbnexus_userid');
if (!$vbnexus_userid) {
$vbnexus_userid = $this->getUserOnline();
$vBNexus->setConfig('vbnexus_userid', $vbnexus_userid);
}
// Returning null if authentication from service failed (unexpected error)
// If this happens, there's likely cookies issues on the server or the
// applications config is wrong/incomplete in fb or gfc
if (!$vbnexus_userid) {
return NULL;
}
// Get all available information on this user
$sql = "SELECT `u`.`usergroupid`,\r\n `u`.`username`,\r\n `u`.`email`,\r\n `n`.*\r\n FROM " . TABLE_PREFIX . "vbnexus_user `n`\r\n LEFT JOIN " . TABLE_PREFIX . "user `u` USING (`userid`)\r\n WHERE `n`.`service` = '{$vbnexus_service}'\r\n AND `n`.`nonvbid` = '{$vbnexus_userid}'";
$res = $vbulletin->db->query_first($sql);
// Returning false if user not registered yet with this external account
if (!$res || !$res['userid']) {
return false;
}
/************* Starts: fix proxied emails from vBNexus3 ***************/
$oldemails = array('fb' => '/@proxymail\\.facebook\\.com$/', 'gfc' => "/apps\\+|{$vbnexus_userid}[@\\.]/");
if (preg_match($oldemails[$vbnexus_service], $res['email'])) {
$this->fixOldEmail($res, $vbnexus_userid);
} elseif ($vbnexus_service == 'gfc' && !$res['associated']) {
$this->associateAccount($res, $vbnexus_userid);
}
/********** Ends: ask for a valid password for GFC accounts ***********/
// Process vBulletin login
require_once DIR . '/includes/functions_login.php';
$vbulletin->userinfo = fetch_userinfo($res['userid']);
$vbulletin->session->created = false;
process_new_login('', false, '');
// On login, store a cookie with vbnexus params
if ($vbulletin->session->created) {
$vBNexusInfo = array('userid' => $res['userid'], 'service' => $vbnexus_service, 'nexusid' => $vbnexus_userid, 'can_publish' => $this->canPublish());
setcookie(COOKIE_PREFIX . 'vbnexus', serialize($vBNexusInfo));
}
return !!$vbulletin->session->created;
}
// ######################### START MAIN SCRIPT ############################
// ########################################################################
print_cp_header($vbphrase['administrator_permissions_manager']);
if (!in_array($vbulletin->userinfo['userid'], preg_split('#\\s*,\\s*#s', $vbulletin->config['SpecialUsers']['superadministrators'], -1, PREG_SPLIT_NO_EMPTY))) {
print_stop_message('sorry_you_are_not_allowed_to_edit_admin_permissions');
}
// ############################# LOG ACTION ###############################
$vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_INT));
if ($vbulletin->GPC['userid']) {
$user = $db->query_first("\n\t\tSELECT administrator.*, IF(administrator.userid IS NULL, 0, 1) AS isadministrator,\n\t\t\tuser.userid, user.username\n\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\tLEFT JOIN " . TABLE_PREFIX . "administrator AS administrator ON(administrator.userid = user.userid)\n\t\tWHERE user.userid = " . $vbulletin->GPC['userid']);
if (!$user) {
print_stop_message('no_matches_found');
} else {
if (!$user['isadministrator']) {
// should this user have an administrator record??
$userinfo = fetch_userinfo($user['userid']);
cache_permissions($userinfo);
if ($userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) {
$admindm =& datamanager_init('Admin', $vbulletin, ERRTYPE_SILENT);
$admindm->set('userid', $userinfo['userid']);
$admindm->save();
unset($admindm);
} else {
print_stop_message('invalid_user_specified');
}
}
}
$admindm =& datamanager_init('Admin', $vbulletin, ERRTYPE_CP);
$admindm->set_existing($user);
} else {
$user = array();
/**
* Sends email notifications for discussions.
*
* @param int $discussion - The discussion being updated
* @param int $messageid - Id of the message that triggered the update
* @param string $postusername - Optional username displayed on post
*/
function exec_send_sg_notification($discussionid, $gmid = false, $postusername = false)
{
global $vbulletin;
if (!$vbulletin->options['enableemail']) {
return;
}
$discussion = fetch_socialdiscussioninfo($discussionid);
// if there are no subscribers, no need to send notifications
if (!$discussion['subscribers']) {
return;
}
// if the discussion is moderated or deleted, don't send notification
if ('deleted' == $discussion['state'] or 'moderation' == $discussion['state']) {
return;
}
$group = fetch_socialgroupinfo($discussion['groupid']);
if (!$gmid) {
// get last gmid from discussion
$gmid = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(gmid) AS gmid\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND state = 'visible'\n\t\t");
$gmid = $gmid['gmid'];
}
// get message details
$gmessage = fetch_groupmessageinfo($gmid);
if (!$gmessage) {
return;
}
// get post time of previous message - if a user hasn't been active since then we won't resend a notification
$lastposttime = ($lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND dateline < {$gmessage['dateline']}\n\t\t\t\tAND state = 'visible'\n\t")) ? $lastposttime['dateline'] : $gmessage['dateline'];
$discussion['title'] = unhtmlspecialchars($discussion['title']);
$group['name'] = unhtmlspecialchars($group['name']);
// temporarily use postusername in userinfo
if (!$postusername) {
// get current user name if user exists
if ($gmessage['postuserid'] and $userinfo = fetch_userinfo($gmessage['postuserid'])) {
$postusername = $userinfo['username'];
} else {
$postusername = $gmessage['postusername'];
}
}
$postusername = unhtmlspecialchars($postusername);
$userid = $gmessage['postuserid'];
($hook = vBulletinHook::fetch_hook('newpost_sg_notification_start')) ? eval($hook) : false;
$useremails = $vbulletin->db->query_read_slave("\n\t\tSELECT user.*, subscribediscussion.emailupdate, subscribediscussion.subscribediscussionid, IF(socialgroupmember.userid IS NOT NULL,1,0) ismember\n\t\tFROM " . TABLE_PREFIX . "subscribediscussion AS subscribediscussion\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (subscribediscussion.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember ON (socialgroupmember.userid = user.userid AND socialgroupmember.groupid = {$group['groupid']})\n\t\tWHERE subscribediscussion.discussionid = {$discussion['discussionid']}\n\t\t AND subscribediscussion.emailupdate = 1\n\t\t AND " . ($gmessage['postuserid'] ? " CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE ' " . intval($userid) . " '" : '') . "\n\t\t AND user.usergroupid <> 3\n\t\t AND user.userid <> " . intval($userid) . "\n\t\t AND user.lastactivity >= " . intval($lastposttime) . "\n\t\t AND (usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\n\t");
vbmail_start();
// parser for plaintexting the message pagetext
require_once DIR . '/includes/class_bbcode_alt.php';
$plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list());
$pagetext_cache = array();
// used to cache the results per languageid for speed
$evalemail = array();
while ($touser = $vbulletin->db->fetch_array($useremails)) {
// check user can view discussion
$permissions = cache_permissions($touser, false);
if (!($vbulletin->usergroupcache["{$touser['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']) or !($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview']) or !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canviewgroups']) or $group['options'] & $vbulletin->bf_misc_socialgroupoptions['join_to_view'] and !$touser['ismember'] and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayscreatediscussion']) and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayspostmessage'])) {
continue;
}
$touser['username'] = unhtmlspecialchars($touser['username']);
$touser['languageid'] = iif($touser['languageid'] == 0, $vbulletin->options['languageid'], $touser['languageid']);
$touser['auth'] = md5($touser['userid'] . $touser['subscribediscussionid'] . $touser['salt'] . COOKIE_SALT);
if (empty($evalemail)) {
$email_texts = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT text, languageid, fieldname\n\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify_discussion'\n\t\t\t");
while ($email_text = $vbulletin->db->fetch_array($email_texts)) {
$emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text'];
}
require_once DIR . '/includes/functions_misc.php';
foreach ($emails as $languageid => $email_text) {
// lets cycle through our array of notify phrases
$text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
$text_message = replace_template_variables($text_message);
$text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
$text_subject = replace_template_variables($text_subject);
$evalemail["{$languageid}"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
}
// parse the page text into plain text, taking selected language into account
if (!isset($pagetext_cache["{$touser['languageid']}"])) {
$plaintext_parser->set_parsing_language($touser['languageid']);
$pagetext_cache["{$touser['languageid']}"] = $plaintext_parser->parse($gmessage['pagetext']);
}
$pagetext = $pagetext_cache["{$touser['languageid']}"];
($hook = vBulletinHook::fetch_hook('new_sg_message_notification_message')) ? eval($hook) : false;
eval(iif(empty($evalemail["{$touser['languageid']}"]), $evalemail["-1"], $evalemail["{$touser['languageid']}"]));
vbmail($touser['email'], $subject, $message);
}
$vbulletin->db->free_result($useremails);
unset($plaintext_parser, $pagetext_cache);
vbmail_end();
}
/**
* Deletes all private messages belonging to the specified user
*
* @param integer User ID
* @param boolean If true, update the user record in the database to reflect their new number of private messages
*
* @return mixed If messages are deleted, will return a string to be printed out detailing work done by this function
*/
function delete_user_pms($userid, $updateuser = true)
{
global $vbulletin, $vbphrase;
$userid = intval($userid);
// array to store pm ids message ids
$pms = array();
// array to store the number of pmtext records used by this user
$pmTextCount = array();
// array to store the ids of any pmtext records that are used soley by this user
$deleteTextIDs = array();
// array to store results
$out = array();
// first zap all receipts belonging to this user
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "pmreceipt WHERE userid = {$userid}");
$out['receipts'] = $vbulletin->db->affected_rows();
// now find all this user's private messages
$messages = $vbulletin->db->query_read("\n\t\tSELECT pmid, pmtextid\n\t\tFROM " . TABLE_PREFIX . "pm\n\t\tWHERE userid = {$userid}\n\t");
while ($message = $vbulletin->db->fetch_array($messages)) {
// stick this record into our $pms array
$pms["{$message['pmid']}"] = $message['pmtextid'];
// increment the number of PMs that use the current PMtext record
$pmTextCount["{$message['pmtextid']}"]++;
}
$vbulletin->db->free_result($messages);
if (!empty($pms)) {
// zap all pm records belonging to this user
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "pm WHERE userid = {$userid}");
$out['pms'] = $vbulletin->db->affected_rows();
$out['pmtexts'] = 0;
// update the user record if necessary
if ($updateuser and $user = fetch_userinfo($userid)) {
$updateduser = true;
$userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdm->set_existing($user);
$userdm->set('pmtotal', 0);
$userdm->set('pmunread', 0);
$userdm->set('pmpopup', 'IF(pmpopup=2, 1, pmpopup)', false);
$userdm->save();
unset($userdm);
}
} else {
$out['pms'] = 0;
$out['pmtexts'] = 0;
}
// in case the totals have been corrupted somehow
if (!isset($updateduser) and $updateuser and $user = fetch_userinfo($userid)) {
$userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdm->set_existing($user);
$userdm->set('pmtotal', 0);
$userdm->set('pmunread', 0);
$userdm->set('pmpopup', 'IF(pmpopup=2, 1, pmpopup)', false);
$userdm->save();
unset($userdm);
}
foreach ($out as $k => $v) {
$out["{$k}"] = vb_number_format($v);
}
return $out;
}
$search = $db->query_first("
SELECT *
FROM " . TABLE_PREFIX . "blog_search
WHERE blogsearchid = " . $vbulletin->GPC['searchid']
);
if (!$search OR ($search['userid'] AND $search['userid'] != $vbulletin->userinfo['userid']))
{
standard_error(fetch_error('invalidid', $vbphrase['search'], $vbulletin->options['contactuslink']));
}
($hook = vBulletinHook::fetch_hook('blog_search_results_start')) ? eval($hook) : false;
if ($search['searchuserid'])
{
$userinfo = fetch_userinfo($search['searchuserid'], 1);
$sidebar =& build_user_sidebar($userinfo);
}
else
{
$sidebar =& build_overview_sidebar();
}
// Set Perpage .. this limits it to 10. Any reason for more?
if ($vbulletin->GPC['perpage'] == 0)
{
$perpage = 15;
}
else if ($vbulletin->GPC['perpage'] > 10)
{
$perpage = 30;
/**
* Does the report
*
* @param string The Reason for the report
* @param array Information regarding the item being reported
*
*/
function do_report($reason, &$iteminfo)
{
global $vbphrase;
$this->iteminfo =& $iteminfo;
$reportinfo = array('rusername' => unhtmlspecialchars($this->registry->userinfo['username']), 'ruserid' => $this->registry->userinfo['userid'], 'remail' => $this->registry->userinfo['email']);
if ($this->registry->options['postmaxchars'] > 0) {
$reportinfo['reason'] = substr($reason, 0, $this->registry->options['postmaxchars']);
} else {
$reportinfo['reason'] = $reason;
}
$reportthread = ($rpforumid = $this->registry->options['rpforumid'] and $rpforuminfo = fetch_foruminfo($rpforumid));
$reportemail = ($this->registry->options['enableemail'] and $this->registry->options['rpemail']);
$mods = array();
$reportinfo['modlist'] = '';
$moderators = $this->fetch_affected_moderators();
if ($moderators) {
while ($moderator = $this->registry->db->fetch_array($moderators)) {
$mods["{$moderator['userid']}"] = $moderator;
$reportinfo['modlist'] .= (!empty($reportinfo['modlist']) ? ', ' : '') . unhtmlspecialchars($moderator['username']);
}
}
if (empty($reportinfo['modlist'])) {
$reportinfo['modlist'] = $vbphrase['n_a'];
}
$this->set_reportinfo($reportinfo);
if ($reportthread) {
// Determine if we need to create a thread or a post
if (!$this->iteminfo['reportthreadid'] or !($rpthreadinfo = fetch_threadinfo($this->iteminfo['reportthreadid'])) or $rpthreadinfo and ($rpthreadinfo['isdeleted'] or !$rpthreadinfo['visible'] or $rpthreadinfo['forumid'] != $rpforuminfo['forumid'])) {
eval(fetch_email_phrases('report' . $this->phrasekey . '_newthread', 0));
if (!$this->registry->options['rpuserid'] or !($userinfo = fetch_userinfo($this->registry->options['rpuserid']))) {
$userinfo =& $this->registry->userinfo;
}
$threadman =& datamanager_init('Thread_FirstPost', $this->registry, ERRTYPE_SILENT, 'threadpost');
$threadman->set_info('forum', $rpforuminfo);
$threadman->set_info('is_automated', true);
$threadman->set_info('skip_moderator_email', true);
$threadman->set_info('mark_thread_read', true);
$threadman->set_info('parseurl', true);
$threadman->set('allowsmilie', true);
$threadman->set('userid', $userinfo['userid']);
$threadman->setr_info('user', $userinfo);
$threadman->set('title', $subject);
$threadman->set('pagetext', $message);
$threadman->set('forumid', $rpforuminfo['forumid']);
$threadman->set('visible', 1);
if ($userinfo['userid'] != $this->registry->userinfo['userid']) {
// not posting as the current user, IP won't make sense
$threadman->set('ipaddress', '');
}
$rpthreadid = $threadman->save();
if ($this->update_item_reportid($rpthreadid)) {
$threadman->set_info('skip_moderator_email', false);
$threadman->email_moderators(array('newthreademail', 'newpostemail'));
$this->iteminfo['reportthreadid'] = 0;
$rpthreadinfo = array('threadid' => $rpthreadid, 'forumid' => $rpforuminfo['forumid'], 'postuserid' => $userinfo['userid']);
// check the permission of the other user
$userperms = fetch_permissions($rpthreadinfo['forumid'], $userinfo['userid'], $userinfo);
if ($userperms & $this->registry->bf_ugp_forumpermissions['canview'] and $userperms & $this->registry->bf_ugp_forumpermissions['canviewthreads'] and $userinfo['autosubscribe'] != -1) {
$this->registry->db->query_write("\n\t\t\t\t\t\t\tINSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread\n\t\t\t\t\t\t\t\t(userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t(" . $userinfo['userid'] . ", {$rpthreadinfo['threadid']}, {$userinfo['autosubscribe']}, 0, 1)\n\t\t\t\t\t\t");
}
} else {
// Delete the thread we just created
if ($delthread = fetch_threadinfo($rpthreadid)) {
$threadman =& datamanager_init('Thread', $this->registry, ERRTYPE_SILENT, 'threadpost');
$threadman->set_existing($delthread);
$threadman->delete($rpforuminfo['countposts'], true, NULL, false);
unset($threadman);
}
$this->refetch_iteminfo();
}
}
if ($this->iteminfo['reportthreadid'] and $rpthreadinfo = fetch_threadinfo($this->iteminfo['reportthreadid']) and !$rpthreadinfo['isdeleted'] and $rpthreadinfo['visible'] == 1 and $rpthreadinfo['forumid'] == $rpforuminfo['forumid']) {
eval(fetch_email_phrases('reportitem_newpost', 0));
// Already reported, thread still exists/visible, and thread is in the right forum.
// Technically, if the thread exists but is in the wrong forum, we should create the
// thread, but that should only occur in a race condition.
if (!$this->registry->options['rpuserid'] or !$userinfo and !($userinfo = fetch_userinfo($this->registry->options['rpuserid']))) {
$userinfo =& $this->registry->userinfo;
}
$postman =& datamanager_init('Post', $this->registry, ERRTYPE_STANDARD, 'threadpost');
$postman->set_info('thread', $rpthreadinfo);
$postman->set_info('forum', $rpforuminfo);
$postman->set_info('is_automated', true);
$postman->set_info('parseurl', true);
$postman->set('threadid', $rpthreadinfo['threadid']);
$postman->set('userid', $userinfo['userid']);
$postman->set('allowsmilie', true);
$postman->set('visible', true);
$postman->set('title', $subject);
$postman->set('pagetext', $message);
if ($userinfo['userid'] != $this->registry->userinfo['userid']) {
// not posting as the current user, IP won't make sense
$postman->set('ipaddress', '');
}
$postman->save();
unset($postman);
}
}
if ($reportemail) {
$threadinfo['title'] = unhtmlspecialchars($threadinfo['title']);
$postinfo['title'] = unhtmlspecialchars($postinfo['title']);
if (empty($mods) or $this->registry->options['rpemail'] == 2) {
$moderators = $this->fetch_affected_super_moderators($mods);
if ($moderators) {
while ($moderator = $this->registry->db->fetch_array($moderators)) {
$mods["{$moderator['userid']}"] = $moderator;
}
}
}
($hook = vBulletinHook::fetch_hook('report_send_process')) ? eval($hook) : false;
foreach ($mods as $userid => $moderator) {
if (!empty($moderator['email'])) {
$this->send_moderator_email($moderator, $rpthreadinfo, $reportinfo);
}
}
($hook = vBulletinHook::fetch_hook('report_send_complete')) ? eval($hook) : false;
}
}
/**
* protected void associateAccount(array $user, int $vbnexus_userid)
* Forces GFC users to choose a password (and a valid email too for
* users of vbnexus3). The change is then flagged in the database with
* field vbnexus_user.associated set to 2.
*
* @param array $user
* @param int $vbnexus_userid
* @return void
*/
protected function associateAccount($user, $vbnexus_userid)
{
global $vbulletin, $vboptions, $vbphrase, $stylevar, $vbnexus_loc;
if (!intval($user['userid'])) {
return false;
}
// If the user is submitting email and/or password, process it
if (isset($_POST['vbnexus_gfc_fix'])) {
// Validate input
if (empty($_POST['email'])) {
$vbnexus_error = "A valid email is required";
} elseif (empty($_POST['password'])) {
$vbnexus_error = "A valid password is required";
} elseif (empty($_POST['password2']) || $_POST['password'] != $_POST['password2']) {
$vbnexus_error = "Passwords do not match";
} else {
$require_activation = $vbulletin->options['verifyemail'] && $user['email'] != $_POST['email'];
$userdata =& datamanager_init('user', $vbulletin, ERRTYPE_SILENT);
$userdata->set_existing(fetch_userinfo($user['userid']));
$userdata->set('password', $_POST['password']);
// We can ignore validation of the email if it wasn't changed
$user['email'] == $_POST['email'] || $userdata->set('email', $_POST['email']);
if ($require_activation) {
$userdata->set('usergroupid', 3);
}
if ($userdata->has_errors(false)) {
$vbnexus_error = join('</li><li>', $userdata->errors);
} elseif ($userdata->save()) {
if ($require_activation) {
// Email phrase 'activateaccount' expects vars called $userid, $username
// and $activateid to be defined and meaningfull
$userid = $user['userid'];
$username = $user['username'];
$activateid = build_user_activation_id($userid, $user['usergroupid'], 0);
eval(fetch_email_phrases('activateaccount', $languageid));
// After eval'ing activateaccount we have vars $subject and $message set
vbmail($_POST['email'], $subject, $message, true);
}
// The user was updated, there's now a valid password and email, so let's flag it
$sql = "UPDATE `" . TABLE_PREFIX . "vbnexus_user`\r\n SET `associated` = 2\r\n WHERE `nonvbid` = '{$vbnexus_userid}'\r\n AND `service` = 'gfc'";
$vbulletin->db->query_write($sql);
if ($vbulletin->db->query_write($sql)) {
// Returning since we're done here and execution should go on normally
return;
} else {
// This should never happen, it's mostly for debugging if something goes wrong
$errmsg = "An error occurred trying to update your GFC information. Please try again." . " If the problem persists please report it to an admin.";
return eval(standard_error($errmsg));
// Prints and exits
}
} else {
// This should never happen, it's mostly for debugging if something goes wrong
$errmsg = "An error occurred trying to update the account information. Please try again." . " If the problem persists please report it to an admin.";
return eval(standard_error($errmsg));
// Prints and exits
}
}
$user['email'] = $_POST['email'];
}
$vBNexusUser = $user;
// No need to show mock emails from old vbnexus (< 3)
if (empty($_POST['email']) && preg_match("/apps\\+|{$vbnexus_userid}[@\\.]/", $user['email'])) {
$vBNexusUser['email'] = '';
}
$vbnexus_loc = $_GET['loc'];
// This will print a Message box (not really an error, but the actual form) and exit
eval('$html = "' . fetch_template('vbnexus_3_gfc_invalid_email') . '";');
eval(standard_error($html));
}
/**
* This is a pre_save method that only applies to the subclasses that have post
* fields as their members (ie, not _Thread). Likely only called in those class's
* pre_save methods.
*
* @return bool True on success, false on failure
*/
function pre_save_post($doquery = true)
{
if ($this->info['forum']['podcast'] and $this->info['podcasturl'] and empty($this->info['podcastsize'])) {
require_once DIR . '/includes/class_upload.php';
$upload = new vB_Upload_Abstract($this->registry);
if (!($this->info['podcastsize'] = intval($upload->fetch_remote_filesize($this->info['podcasturl'])))) {
$this->error('invalid_podcasturl');
return false;
}
}
if (!$this->condition) {
if ($this->fetch_field('userid', 'post') == 0 and $this->fetch_field('username', 'post') == '') {
$this->error('nousername');
return false;
}
if ($this->fetch_field('dateline', 'post') === null) {
$this->set('dateline', TIMENOW);
}
if ($this->fetch_field('ipaddress', 'post') === null) {
$this->set('ipaddress', $this->registry->options['logip'] ? IPADDRESS : '');
}
// flood check
if ($this->registry->options['floodchecktime'] > 0 and empty($this->info['preview']) and empty($this->info['is_automated']) and $this->fetch_field('userid', 'post')) {
if (!$this->info['user']) {
$this->info['user'] = fetch_userinfo($this->fetch_field('userid', 'post'));
}
$user =& $this->info['user'];
if ($user['lastpost'] <= TIMENOW and !can_moderate($this->info['forum']['forumid'], '', $user['userid'], $user['usergroupid'] . (trim($user['membergroupids']) ? ",{$user['membergroupids']}" : ''))) {
if (!class_exists('vB_FloodCheck')) {
require_once DIR . '/includes/class_floodcheck.php';
}
$this->floodcheck =& new vB_FloodCheck($this->registry, 'user', 'lastpost');
$this->floodcheck->commit_key($this->registry->userinfo['userid'], TIMENOW, TIMENOW - $this->registry->options['floodchecktime']);
if ($this->floodcheck->is_flooding()) {
$this->error('postfloodcheck', $this->registry->options['floodchecktime'], $this->floodcheck->flood_wait());
return false;
}
if ($this->errors) {
// if we already have errors, the save won't happen, so rollback now...
$this->floodcheck->rollback();
} else {
// ...or, in case we have a new error
$this->set_failure_callback(array(&$this->floodcheck, 'rollback'));
}
}
}
}
if (!$this->verify_image_count('pagetext', 'allowsmilie', $this->info['forum']['forumid'], 'post')) {
return false;
}
if ($this->info['posthash']) {
$this->info['newattach'] = $this->fetch_attachment_count($this->info['posthash'], $this->fetch_field('userid', 'post'));
$this->set('attach', intval($this->fetch_field('attach')) + $this->info['newattach']);
}
// New posts that aren't automated and are visible should be scanned
if (!$this->condition and !empty($this->registry->options['vb_antispam_key']) and empty($this->info['is_automated']) and $this->fetch_field('visible') == 1 and (!$this->registry->options['vb_antispam_posts'] or $this->registry->userinfo['posts'] < $this->registry->options['vb_antispam_posts']) and !can_moderate()) {
require_once DIR . '/includes/class_akismet.php';
$akismet = new vB_Akismet($this->registry);
$akismet->akismet_board = $this->registry->options['bburl'];
$akismet->akismet_key = $this->registry->options['vb_antispam_key'];
if ($akismet->verify_text(array('user_ip' => IPADDRESS, 'user_agent' => USER_AGENT, 'comment_type' => 'post', 'comment_author' => $this->registry->userinfo['userid'] ? $this->registry->userinfo['username'] : $this->fetch_field('username', 'post'), 'comment_author_email' => $this->registry->userinfo['email'], 'comment_author_url' => $this->registry->userinfo['homepage'], 'comment_content' => $this->fetch_field('pagetext', 'post'))) === 'spam') {
$this->set('visible', 0);
$this->spamlog_insert = true;
}
}
return true;
}
if (!empty($albuminfo)) {
$formdata = $albuminfo;
} else {
$formdata = array('albumid' => 0, 'title' => '', 'description' => '', 'state' => 'public', 'userid' => $vbulletin->userinfo['userid']);
}
}
$formdata['albumtype_' . $formdata['state']] = 'checked="checked"';
$show['delete_option'] = (!defined('PREVIEW_ERRORS') and !empty($albuminfo['albumid']) and ($vbulletin->userinfo['userid'] == $albuminfo['userid'] or can_moderate(0, 'candeletealbumpicture')));
$show['album_used_in_css'] = false;
if (!empty($albuminfo['albumid'])) {
if ($db->query_first("\n\t\t\tSELECT selector\n\t\t\tFROM " . TABLE_PREFIX . "usercss\n\t\t\tWHERE userid = {$albuminfo['userid']}\n\t\t\t\tAND property = 'background_image'\n\t\t\t\tAND value LIKE '{$albuminfo['albumid']},%'\n\t\t\tLIMIT 1\n\t\t")) {
$show['album_used_in_css'] = true;
}
}
// if permitted to customize profile, or album is already a profile-type, show the profile-type option
$creator = fetch_userinfo($formdata['userid']);
cache_permissions($creator);
$show['albumtype_profile'] = ($albuminfo['state'] == 'profile' or $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_profile_styling'] and $creator['permissions']['usercsspermissions'] & $vbulletin->bf_ugp_usercsspermissions['caneditbgimage']);
($hook = vBulletinHook::fetch_hook('album_album_edit')) ? eval($hook) : false;
// navbar and final output
$navbits = construct_navbits(array('member.php?' . $vbulletin->session->vars['sessionurl'] . "u={$userinfo['userid']}" => construct_phrase($vbphrase['xs_profile'], $userinfo['username']), 'album.php?' . $vbulletin->session->vars['sessionurl'] . "u={$userinfo['userid']}" => $vbphrase['albums'], '' => !empty($albuminfo['albumid']) ? $vbphrase['edit_album'] : $vbphrase['add_album']));
eval('$navbar = "' . fetch_template('navbar') . '";');
eval('print_output("' . fetch_template('album_edit') . '");');
}
// #######################################################################
if ($_POST['do'] == 'updatepictures') {
$vbulletin->input->clean_array_gpc('p', array('pictures' => TYPE_ARRAY, 'coverpictureid' => TYPE_UINT, 'frompicture' => TYPE_BOOL));
if (empty($albuminfo)) {
standard_error(fetch_error('invalidid', $vbphrase['album'], $vbulletin->options['contactuslink']));
}
if ($userinfo['userid'] != $vbulletin->userinfo['userid'] and !can_moderate(0, 'caneditalbumpicture')) {
/**
* Generates a Preview of a post
*
* @param array Information regarding the new post
* @param integer The User ID posting
* @param array Information regarding attachments
*
* @return string The Generated Preview
*
*/
function process_post_preview(&$newpost, $postuserid = 0, $attachmentinfo = NULL)
{
global $vbphrase, $checked, $rate, $previewpost, $stylevar, $foruminfo, $vbulletin, $show;
require_once DIR . '/includes/class_bbcode.php';
$bbcode_parser =& new vB_BbCodeParser($vbulletin, fetch_tag_list());
if ($attachmentinfo) {
$bbcode_parser->attachments =& $attachmentinfo;
}
$previewpost = 1;
$bbcode_parser->unsetattach = true;
$previewmessage = $bbcode_parser->parse($newpost['message'], $foruminfo['forumid'], iif($newpost['disablesmilies'], 0, 1));
$post = array('userid' => $postuserid ? $postuserid : $vbulletin->userinfo['userid']);
if (!empty($attachmentinfo)) {
require_once DIR . '/includes/class_postbit.php';
$post['attachments'] =& $attachmentinfo;
$postbit_factory =& new vB_Postbit_Factory();
$postbit_factory->registry =& $vbulletin;
$postbit_factory->forum =& $foruminfo;
$postbit_obj =& $postbit_factory->fetch_postbit('post');
$postbit_obj->post =& $post;
$postbit_obj->process_attachments();
}
if ($post['userid'] != $vbulletin->userinfo['userid']) {
$fetchsignature = $vbulletin->db->query_first("\n\t\t\tSELECT signature\n\t\t\tFROM " . TABLE_PREFIX . "usertextfield\n\t\t\tWHERE userid = {$postuserid}\n\t\t");
$signature =& $fetchsignature['signature'];
} else {
$signature = $vbulletin->userinfo['signature'];
}
$show['signature'] = false;
if ($newpost['signature'] and trim($signature)) {
$userinfo = fetch_userinfo($post['userid'], FETCH_USERINFO_SIGPIC);
if ($post['userid'] != $vbulletin->userinfo['userid']) {
cache_permissions($userinfo, false);
} else {
$userinfo['permissions'] =& $vbulletin->userinfo['permissions'];
}
if ($userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canusesignature']) {
$bbcode_parser->set_parse_userinfo($userinfo);
$post['signature'] = $bbcode_parser->parse($signature, 'signature');
$bbcode_parser->set_parse_userinfo(array());
$show['signature'] = true;
}
}
if ($foruminfo['allowicons'] and $newpost['iconid']) {
if ($icon = $vbulletin->db->query_first_slave("\n\t\t\tSELECT title as title, iconpath\n\t\t\tFROM " . TABLE_PREFIX . "icon\n\t\t\tWHERE iconid = " . intval($newpost['iconid']) . "\n\t\t")) {
$newpost['iconpath'] = $icon['iconpath'];
$newpost['icontitle'] = $icon['title'];
}
} else {
if ($vbulletin->options['showdeficon'] != '') {
$newpost['iconpath'] = $vbulletin->options['showdeficon'];
$newpost['icontitle'] = $vbphrase['default'];
}
}
$show['messageicon'] = iif($newpost['iconpath'], true, false);
$show['errors'] = false;
($hook = vBulletinHook::fetch_hook('newpost_preview')) ? eval($hook) : false;
if ($previewmessage != '') {
eval('$postpreview = "' . fetch_template('newpost_preview') . "\";");
} else {
$postpreview = '';
}
construct_checkboxes($newpost);
if ($newpost['rating']) {
$rate["{$newpost['rating']}"] = ' ' . 'selected="selected"';
}
return $postpreview;
}
if ($user) {
$userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdm->set_existing($user);
$userdm->set('reputation', "reputation - {$diff}", false);
$userdm->save();
unset($userdm);
}
}
define('CP_REDIRECT', "adminreputation.php?do=list&u=" . $vbulletin->GPC['userid']);
print_stop_message('saved_reputation_successfully');
}
// *************************************************************************************************
if ($_POST['do'] == 'killreputation') {
$vbulletin->input->clean_array_gpc('p', array('reputationid' => TYPE_INT));
$repinfo = verify_id('reputation', $vbulletin->GPC['reputationid'], 0, 1);
$user = fetch_userinfo($repinfo['userid']);
if ($user) {
$userdm =& datamanager_init('User', $vbulletin, ERRTYPE_CP);
$userdm->set_existing($user);
$userdm->set('reputation', $user['reputation'] - $repinfo['reputation']);
$userdm->save();
unset($userdm);
}
$db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "reputation\n\t\tWHERE reputationid = " . $vbulletin->GPC['reputationid']);
define('CP_REDIRECT', "adminreputation.php?do=list&u={$repinfo['userid']}");
print_stop_message('deleted_reputation_successfully');
}
// *************************************************************************************************
if ($_REQUEST['do'] == 'deletereputation') {
$vbulletin->input->clean_array_gpc('r', array('reputationid' => TYPE_INT));
print_delete_confirmation('reputation', $vbulletin->GPC['reputationid'], 'adminreputation', 'killreputation');
function get_username_massively($useridpack)
{
if (!empty($useridpack)) {
$usernamepack = array();
$useridpack = explode(",", $useridpack);
foreach ($useridpack as $userid) {
if (($userinfo = fetch_userinfo($userid)) === false) {
$usernamepack[] = "false";
} else {
$usernamepack[] = $userinfo['username'];
}
}
return implode(", ", $usernamepack);
}
}
/**
* (Re)Generates an Activation ID for a user
*
* @param integer User's ID
* @param integer The group to move the user to when they are activated
* @param integer 0 for Normal Activation, 1 for Forgotten Password
* @param boolean Whether this is an email change or not
*
* @return string The Activation ID
*
*/
function build_user_activation_id($userid, $usergroupid, $type, $emailchange = 0)
{
global $vbulletin;
if ($usergroupid == 3 or $usergroupid == 0) {
// stop them getting stuck in email confirmation group forever :)
$usergroupid = 2;
}
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = {$userid} AND type = {$type}");
$activateid = vbrand(0, 100000000);
/*insert query*/
$vbulletin->db->query_write("\n\t\tREPLACE INTO " . TABLE_PREFIX . "useractivation\n\t\t\t(userid, dateline, activationid, type, usergroupid, emailchange)\n\t\tVALUES\n\t\t\t({$userid}, " . TIMENOW . ", {$activateid} , {$type}, {$usergroupid}, " . intval($emailchange) . ")\n\t");
if ($userinfo = fetch_userinfo($userid)) {
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdata->set_existing($userinfo);
$userdata->set_bitfield('options', 'noactivationmails', 0);
$userdata->save();
}
return $activateid;
}
print_cp_redirect("photoplog_category.php?" . $vbulletin->session->vars['sessionurl'] . "do=moderate", 1);
}
if ($_REQUEST['do'] == 'moderate') {
$photoplog_moderate_cats = $db->query_read("SELECT suggestid, userid, title\r\n\t\tFROM " . PHOTOPLOG_PREFIX . "photoplog_suggestedcats\r\n\t\tWHERE catid = 0 AND approve = 0\r\n\t\tORDER BY dateline DESC\r\n\t");
if ($photoplog_moderate_cats) {
print_form_header('photoplog_category', 'decline');
construct_hidden_code('s', $vbulletin->session->vars['sessionhash']);
construct_hidden_code('suggestid', 0);
print_table_header($vbphrase['photoplog_moderate_categories'], 3);
print_cells_row(array($vbphrase['photoplog_title'], '<nobr>' . $vbphrase['photoplog_submitted_by'] . '</nobr>', $vbphrase['photoplog_controls']), 1, '', -1);
$photoplog_cnt_bits = 0;
while ($photoplog_moderate_cat = $db->fetch_array($photoplog_moderate_cats)) {
$photoplog_cnt_bits++;
$photoplog_suggestid = intval($photoplog_moderate_cat['suggestid']);
$photoplog_title = htmlspecialchars_uni($photoplog_moderate_cat['title']);
$photoplog_userinfo = fetch_userinfo(intval($photoplog_moderate_cat['userid']));
$photoplog_username = $photoplog_userinfo['username'];
$photoplog_userid = $photoplog_userinfo['userid'];
$photoplog_suggested_by = "<a href=\"user.php?" . $vbulletin->session->vars['sessionurl'] . "do=edit&u=" . $photoplog_userid . "\">" . $photoplog_username . "</a>";
$bgclass = fetch_row_bgclass();
echo "\r\n\t\t\t\t<tr>\r\n\t\t\t\t\t<td class=\"{$bgclass}\" width=\"100%\"><a href=\"photoplog_category.php?" . $vbulletin->session->vars['sessionurl'] . "do=review&suggestid=" . $photoplog_suggestid . "\">" . $photoplog_title . "</a></td>\r\n\t\t\t\t\t<td class=\"{$bgclass}\">{$photoplog_suggested_by}</td>\r\n\t\t\t\t\t<td class=\"{$bgclass}\"><nobr><a href=\"photoplog_category.php?" . $vbulletin->session->vars['sessionurl'] . "do=review&suggestid=" . $photoplog_suggestid . "\">" . $vbphrase['photoplog_review'] . "</a> <a href=\"photoplog_category.php?" . $vbulletin->session->vars['sessionurl'] . "do=decline&suggestid=" . $photoplog_suggestid . "\">" . $vbphrase['photoplog_decline'] . "</a></nobr></td>\r\n\t\t\t\t</tr>\r\n\t\t\t";
}
if ($photoplog_cnt_bits) {
print_table_footer(3, "<input type=\"submit\" class=\"button\" tabindex=\"1\" value=\"" . $vbphrase['photoplog_decline_all'] . "\" accesskey=\"s\" />");
} else {
print_description_row($vbphrase['photoplog_nothing_to_moderate'], 0, 3);
print_table_footer();
}
} else {
print_form_header('', '');
construct_hidden_code('s', $vbulletin->session->vars['sessionhash']);
/**
* Verifies permissions to attach content to posts
*
* @param array Contenttype information - bypass reading environment settings
*
* @return boolean
*/
public function verify_permissions($info = array())
{
global $show;
if ($info) {
$this->values['postid'] = $info['postid'];
$this->values['threadid'] = $info['threadid'];
$this->values['forumid'] = $info['forumid'];
} else {
$this->values['postid'] = intval($this->values['p']) ? intval($this->values['p']) : intval($this->values['postid']);
$this->values['threadid'] = intval($this->values['t']) ? intval($this->values['t']) : intval($this->values['threadid']);
$this->values['forumid'] = intval($this->values['f']) ? intval($this->values['f']) : intval($this->values['forumid']);
}
if ($this->values['postid']) {
if (!($this->postinfo = fetch_postinfo($this->values['postid']))) {
return false;
}
$this->values['threadid'] = $this->postinfo['threadid'];
}
if ($this->values['threadid']) {
if (!($this->threadinfo = fetch_threadinfo($this->values['threadid']))) {
return false;
}
$this->values['forumid'] = $this->threadinfo['forumid'];
}
if ($this->values['forumid'] and !($this->foruminfo = fetch_foruminfo($this->values['forumid']))) {
return false;
}
if (!$this->foruminfo and !$this->threadinfo and !($this->postinfo and $this->values['editpost'])) {
return false;
}
$forumperms = fetch_permissions($this->foruminfo['forumid']);
// No permissions to post attachments in this forum or no permission to view threads in this forum.
if (!($forumperms & $this->registry->bf_ugp_forumpermissions['canpostattachment']) or !($forumperms & $this->registry->bf_ugp_forumpermissions['canview']) or !($forumperms & $this->registry->bf_ugp_forumpermissions['canviewthreads'])) {
return false;
}
if (!$this->postinfo and !$this->foruminfo['allowposting'] or $this->foruminfo['link'] or !$this->foruminfo['cancontainthreads']) {
return false;
}
if ($this->threadinfo) {
if ($this->threadinfo['isdeleted'] or !$this->threadinfo['visible'] and !can_moderate($this->threadinfo['forumid'], 'canmoderateposts')) {
return false;
}
if (!$this->threadinfo['open']) {
if (!can_moderate($this->threadinfo['forumid'], 'canopenclose')) {
return false;
}
}
if ($this->registry->userinfo['userid'] != $this->threadinfo['postuserid'] and (!($forumperms & $this->registry->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $this->registry->bf_ugp_forumpermissions['canreplyothers']))) {
return false;
}
// don't call this part on editpost.php (which will have a $postid)
if (!$this->postinfo and !($forumperms & $this->registry->bf_ugp_forumpermissions['canreplyown']) and $this->registry->userinfo['userid'] == $this->threadinfo['postuserid']) {
return false;
}
} else {
if (!($forumperms & $this->registry->bf_ugp_forumpermissions['canpostnew'])) {
return false;
}
}
if ($this->postinfo) {
if (!can_moderate($this->threadinfo['forumid'], 'caneditposts')) {
if (!($forumperms & $this->registry->bf_ugp_forumpermissions['caneditpost'])) {
return false;
} else {
if ($this->registry->userinfo['userid'] != $this->postinfo['userid']) {
// check user owns this post
return false;
} else {
// check for time limits
if ($this->postinfo['dateline'] < TIMENOW - $this->registry->options['edittimelimit'] * 60 and $this->registry->options['edittimelimit']) {
return false;
}
}
}
}
$this->contentid = $this->postinfo['postid'];
$this->userinfo = fetch_userinfo($this->postinfo['userid']);
cache_permissions($this->userinfo, true);
} else {
$this->userinfo = $this->registry->userinfo;
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($this->foruminfo['forumid'], $this->foruminfo['password'], false);
if (!$this->foruminfo['allowposting']) {
$show['attachoption'] = false;
$show['forumclosed'] = true;
}
return true;
}
{
$subject = $vbulletin->GPC['other_subject'];
}
else
{
$options = explode("\n", trim($vbulletin->options['contactusoptions']));
foreach($options AS $index => $title)
{
if ($index == $subject)
{
if (preg_match('#^{(.*)} (.*)$#siU', $title, $matches))
{
$title =& $matches[2];
if (is_numeric($matches[1]) AND intval($matches[1]) !== 0)
{
$userinfo = fetch_userinfo($matches[1]);
$alt_email =& $userinfo['email'];
$languageid =& $userinfo['languageid'];
}
else
{
$alt_email = $matches[1];
}
}
$subject = $title;
break;
}
}
}
}
function do_get_subscriptions()
{
global $vbulletin, $db, $show, $vbphrase, $permissions, $subscribecounters;
$vbulletin->options['threadpreview'] = FR_PREVIEW_LEN;
if (!$vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if (!$vbulletin->userinfo['userid'] and $_REQUEST['do'] != 'removesubscription' or $vbulletin->userinfo['userid'] and !($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview']) or $vbulletin->userinfo['usergroupid'] == 4 or !($permissions['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'])) {
json_error(ERR_NO_PERMISSION);
}
$thread_data = array();
$unread_subs = 0;
// vbulletin expects folderid, but we will just get them all
$vbulletin->input->clean_array_gpc('r', array('folderid' => TYPE_NOHTML, 'perpage' => TYPE_UINT, 'pagenumber' => TYPE_UINT, 'sortfield' => TYPE_NOHTML, 'sortorder' => TYPE_NOHTML, 'previewtype' => TYPE_INT));
$previewtype = $vbulletin->GPC['previewtype'];
if (!$previewtype) {
$previewtype = 1;
}
$vbulletin->GPC['folderid'] = 'all';
// Values that are reused in templates
$sortfield =& $vbulletin->GPC['sortfield'];
$perpage =& $vbulletin->GPC['perpage'];
$pagenumber =& $vbulletin->GPC['pagenumber'];
$folderid =& $vbulletin->GPC['folderid'];
if ($folderid == 'all') {
$getallfolders = true;
$show['allfolders'] = true;
} else {
$folderid = intval($folderid);
}
$folderselect["{$folderid}"] = 'selected="selected"';
// Build folder jump
require_once DIR . '/includes/functions_misc.php';
$folders = construct_folder_jump(1, $folderid, false, '', true);
$templater = vB_Template::create('subscribe_folder_jump');
$templater->register('folders', $folders);
$folderjump = $templater->render();
// look at sorting options:
if ($vbulletin->GPC['sortorder'] != 'asc') {
$vbulletin->GPC['sortorder'] = 'desc';
$sqlsortorder = 'DESC';
$order = array('desc' => 'selected="selected"');
} else {
$sqlsortorder = '';
$order = array('asc' => 'selected="selected"');
}
switch ($sortfield) {
case 'title':
case 'lastpost':
case 'replycount':
case 'views':
case 'postusername':
$sqlsortfield = 'thread.' . $sortfield;
break;
default:
$handled = false;
if (!$handled) {
$sqlsortfield = 'thread.lastpost';
$sortfield = 'lastpost';
}
}
$sort = array($sortfield => 'selected="selected"');
if ($getallfolders) {
$totalallthreads = array_sum($subscribecounters);
} else {
$totalallthreads = $subscribecounters["{$folderid}"];
}
// set defaults
sanitize_pageresults($totalallthreads, $pagenumber, $perpage, 200, $vbulletin->options['maxthreads']);
// display threads
$limitlower = ($pagenumber - 1) * $perpage + 1;
$limitupper = $pagenumber * $perpage;
if ($limitupper > $totalallthreads) {
$limitupper = $totalallthreads;
if ($limitlower > $totalallthreads) {
$limitlower = $totalallthreads - $perpage;
}
}
if ($limitlower <= 0) {
$limitlower = 1;
}
$hook_query_fields = $hook_query_joins = $hook_query_where = '';
$getthreads = $db->query_read_slave("\n\t\tSELECT thread.threadid, emailupdate, subscribethreadid, thread.forumid, thread.postuserid\n\t\t\t{$hook_query_fields}\n\t\tFROM " . TABLE_PREFIX . "subscribethread AS subscribethread\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread ON(thread.threadid = subscribethread.threadid)\n\t\t{$hook_query_joins}\n\t\tWHERE subscribethread.userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\tAND thread.visible = 1\n\t\t\tAND canview = 1\n\t\t" . iif(!$getallfolders, "\tAND folderid = {$folderid}") . "\n\t\t\t{$hook_query_where}\n\t\tORDER BY {$sqlsortfield} {$sqlsortorder}\n\t\tLIMIT " . ($limitlower - 1) . ", {$perpage}\n\t");
if ($totalthreads = $db->num_rows($getthreads)) {
$forumids = array();
$threadids = array();
$emailupdate = array();
$killthreads = array();
while ($getthread = $db->fetch_array($getthreads)) {
$forumperms = fetch_permissions($getthread['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or $getthread['postuserid'] != $vbulletin->userinfo['userid'] and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers'])) {
$killthreads["{$getthread['subscribethreadid']}"] = $getthread['subscribethreadid'];
$totalallthreads--;
continue;
}
$forumids["{$getthread['forumid']}"] = true;
$threadids[] = $getthread['threadid'];
$emailupdate["{$getthread['threadid']}"] = $getthread['emailupdate'];
$subscribethread["{$getthread['threadid']}"] = $getthread['subscribethreadid'];
}
$threadids = implode(',', $threadids);
}
unset($getthread);
$db->free_result($getthreads);
if (!empty($killthreads)) {
// Update thread subscriptions
$vbulletin->db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "subscribethread\n\t\t\tSET canview = 0\n\t\t\tWHERE subscribethreadid IN (" . implode(', ', $killthreads) . ")\n\t\t");
}
if (!empty($threadids)) {
cache_ordered_forums(1);
$colspan = 5;
$show['threadicons'] = false;
// get last read info for each thread
$lastread = array();
foreach (array_keys($forumids) as $forumid) {
if ($vbulletin->options['threadmarking']) {
$lastread["{$forumid}"] = max($vbulletin->forumcache["{$forumid}"]['forumread'], TIMENOW - $vbulletin->options['markinglimit'] * 86400);
} else {
$lastread["{$forumid}"] = max(intval(fetch_bbarray_cookie('forum_view', $forumid)), $vbulletin->userinfo['lastvisit']);
}
if ($vbulletin->forumcache["{$forumid}"]['options'] & $vbulletin->bf_misc_forumoptions['allowicons']) {
$show['threadicons'] = true;
$colspan = 6;
}
}
if ($previewtype == 1) {
$previewfield = "post.pagetext AS preview, post.username AS lastpost_username, post.userid AS lastpost_userid,";
$previewjoin = "LEFT JOIN " . TABLE_PREFIX . "post AS post ON(post.postid = thread.firstpostid)";
} else {
$previewfield = "post.pagetext AS preview, post.username AS lastpost_username, post.userid AS lastpost_userid,";
$previewjoin = "LEFT JOIN " . TABLE_PREFIX . "post AS post ON(post.postid = thread.lastpostid)";
}
$hasthreads = true;
$threadbits = '';
$pagenav = '';
$counter = 0;
$toread = 0;
$vbulletin->options['showvotes'] = intval($vbulletin->options['showvotes']);
if ($vbulletin->userinfo['userid'] and in_coventry($vbulletin->userinfo['userid'], true)) {
$lastpost_info = "IF(tachythreadpost.userid IS NULL, thread.lastpost, tachythreadpost.lastpost) AS lastpost, " . "IF(tachythreadpost.userid IS NULL, thread.lastposter, tachythreadpost.lastposter) AS lastposter, " . "IF(tachythreadpost.userid IS NULL, thread.lastposterid, tachythreadpost.lastposterid) AS lastposterid, " . "IF(tachythreadpost.userid IS NULL, thread.lastpostid, tachythreadpost.lastpostid) AS lastpostid";
$tachyjoin = "LEFT JOIN " . TABLE_PREFIX . "tachythreadpost AS tachythreadpost ON " . "(tachythreadpost.threadid = thread.threadid AND tachythreadpost.userid = " . $vbulletin->userinfo['userid'] . ')';
} else {
$lastpost_info = 'thread.lastpost, thread.lastposter, thread.lastposterid, thread.lastpostid';
$tachyjoin = '';
}
$hook_query_fields = $hook_query_joins = $hook_query_where = '';
$threads = $db->query_read_slave("\n\t\t\tSELECT\n\t\t\t\tIF(thread.votenum >= " . $vbulletin->options['showvotes'] . ", thread.votenum, 0) AS votenum,\n\t\t\t\tIF(thread.votenum >= " . $vbulletin->options['showvotes'] . " AND thread.votenum > 0, thread.votetotal / thread.votenum, 0) AS voteavg,\n\t\t\t\tthread.votetotal,\n\t\t\t\t{$previewfield} thread.threadid, thread.title AS threadtitle, thread.forumid, thread.pollid,\n\t\t\t\tthread.open, thread.replycount, thread.postusername, thread.prefixid,\n\t\t\t\t{$lastpost_info}, thread.postuserid, thread.dateline, thread.views, thread.iconid AS threadiconid,\n\t\t\t\tthread.notes, thread.visible, thread.attach, thread.taglist\n\t\t\t\t" . ($vbulletin->options['threadmarking'] ? ", threadread.readtime AS threadread" : '') . "\n\t\t\t\t{$hook_query_fields}\n\t\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\t\t{$previewjoin}\n\t\t\t" . ($vbulletin->options['threadmarking'] ? " LEFT JOIN " . TABLE_PREFIX . "threadread AS threadread ON (threadread.threadid = thread.threadid AND threadread.userid = " . $vbulletin->userinfo['userid'] . ")" : '') . "\n\t\t\t{$tachyjoin}\n\t\t\t{$hook_query_joins}\n\t\t\tWHERE thread.threadid IN ({$threadids})\n\t\t\tORDER BY {$sqlsortfield} {$sqlsortorder}\n\t\t");
unset($sqlsortfield, $sqlsortorder);
require_once DIR . '/includes/functions_forumdisplay.php';
// Get Dot Threads
$dotthreads = fetch_dot_threads_array($threadids);
if ($vbulletin->options['showdots'] and $vbulletin->userinfo['userid']) {
$show['dotthreads'] = true;
} else {
$show['dotthreads'] = false;
}
if ($vbulletin->options['threadpreview'] and $vbulletin->userinfo['ignorelist']) {
// Get Buddy List
$buddy = array();
if (trim($vbulletin->userinfo['buddylist'])) {
$buddylist = preg_split('/( )+/', trim($vbulletin->userinfo['buddylist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($buddylist as $buddyuserid) {
$buddy["{$buddyuserid}"] = 1;
}
}
DEVDEBUG('buddies: ' . implode(', ', array_keys($buddy)));
// Get Ignore Users
$ignore = array();
if (trim($vbulletin->userinfo['ignorelist'])) {
$ignorelist = preg_split('/( )+/', trim($vbulletin->userinfo['ignorelist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($ignorelist as $ignoreuserid) {
if (!$buddy["{$ignoreuserid}"]) {
$ignore["{$ignoreuserid}"] = 1;
}
}
}
DEVDEBUG('ignored users: ' . implode(', ', array_keys($ignore)));
}
$foruminfo['allowratings'] = true;
$show['notificationtype'] = true;
$show['threadratings'] = true;
$show['threadrating'] = true;
while ($thread = $db->fetch_array($threads)) {
$threadid = $thread['threadid'];
// build thread data
$thread = process_thread_array($thread, $lastread["{$thread['forumid']}"]);
switch ($emailupdate["{$thread['threadid']}"]) {
case 0:
$thread['notification'] = $vbphrase['none'];
break;
case 1:
$thread['notification'] = $vbphrase['instant'];
break;
case 2:
$thread['notification'] = $vbphrase['daily'];
break;
case 3:
$thread['notification'] = $vbphrase['weekly'];
break;
default:
$thread['notification'] = $vbphrase['n_a'];
}
$avatarurl = '';
if ($thread['lastpost_userid'] > 0) {
$userinfoavatar = fetch_userinfo($thread['lastpost_userid'], FETCH_USERINFO_AVATAR);
fetch_avatar_from_userinfo($userinfoavatar, true, false);
if ($userinfoavatar['avatarurl'] != '') {
$avatarurl = process_avatarurl($userinfoavatar['avatarurl']);
}
unset($userinfoavatar);
}
$tmp = array('thread_id' => $thread['threadid'], 'new_posts' => $show['gotonewpost'] ? true : false, 'forum_id' => $thread['forumid'], 'total_posts' => $thread['totalposts'] ? $thread['totalposts'] : 0, 'forum_title' => prepare_utf8_string($thread['forumtitle']), 'thread_title' => prepare_utf8_string($thread['threadtitle']), 'thread_preview' => prepare_utf8_string(preview_chop(html_entity_decode($thread['preview']), FR_PREVIEW_LEN)), 'post_userid' => $thread['lastpost_userid'], 'post_lastposttime' => prepare_utf8_string(date_trunc($thread['lastpostdate']) . ' ' . $thread['lastposttime']), 'post_username' => prepare_utf8_string(strip_tags($thread['lastpost_username'])));
if ($avatarurl != '') {
$tmp['avatarurl'] = $avatarurl;
}
if ($thread['attach']) {
$tmp['attach'] = true;
}
if ($thread['pollid']) {
$tmp['poll'] = true;
}
$thread_data[] = $tmp;
}
$db->free_result($threads);
unset($threadids);
} else {
$totalallthreads = 0;
}
$out = array('threads' => $thread_data, 'total_threads' => $totalallthreads);
return $out;
}
print_description_row($vbphrase['email_will_be_sent_in_user_specified_language']);
print_table_break();
print_submit_row($vbphrase['continue']);
}
}
// ###################### Start do moderate and coppa #######################
if ($_POST['do'] == 'domoderate') {
$vbulletin->input->clean_array_gpc('p', array('send_validated' => TYPE_INT, 'send_deleted' => TYPE_INT, 'validate' => TYPE_ARRAY_INT));
if (empty($vbulletin->GPC['validate'])) {
print_stop_message('please_complete_required_fields');
} else {
$evalemail_validated = array();
$evalemail_deleted = array();
require_once DIR . '/includes/functions_misc.php';
if ($vbulletin->options['welcomepm']) {
if ($fromuser = fetch_userinfo($vbulletin->options['welcomepm'])) {
cache_permissions($fromuser, false);
}
}
foreach ($vbulletin->GPC['validate'] as $userid => $status) {
$userid = intval($userid);
$user = $db->query_first("\n\t\t\t\tSELECT *\n\t\t\t\tFROM " . TABLE_PREFIX . "user\n\t\t\t\tWHERE userid = {$userid}\n\t\t\t");
if (!$user) {
// use was likely deleted
continue;
}
$username = unhtmlspecialchars($user['username']);
$chosenlanguage = iif($user['languageid'] < 1, intval($vbulletin->options['languageid']), intval($user['languageid']));
if ($status == 1) {
// validated
// init user data manager
{
print_label_row($bitfieldnames["$val"], '<b>' . $vbphrase['yes'] . '</b>');
}
else
{
print_label_row($bitfieldnames["$val"], '<b>' . $vbphrase['no'] . '</b>');
}
}
}
print_table_footer();
}
// ###################### Start viewing resources for specific user ########################
if ($_REQUEST['do'] == 'viewuser')
{
$userinfo = fetch_userinfo($vbulletin->GPC['userid']);
if (!$userinfo)
{
print_stop_message('invalid_user_specified');
}
$perms = cache_permissions($userinfo);
print_form_header('', '');
print_table_header($userinfo['username'] . " <span class=\"normal\">(userid: $userinfo[userid])</span>");
foreach ($userinfo['forumpermissions'] AS $forumid => $forumperms)
{
print_table_header($vbulletin->forumcache["$forumid"]['title'] . " <span class=\"normal\">(forumid: $forumid)</span>");
foreach ($vbulletin->bf_ugp_forumpermissions AS $key => $val)
{
function post_save_each($doquery = true)
{
$blogid = intval($this->fetch_field('blogid'));
$userid = intval($this->fetch_field('userid'));
$blogtextid = $this->fetch_field('blogtextid');
$postedby_userid = intval($this->fetch_field('postedby_userid'));
require_once(DIR . '/vb/search/indexcontroller/queue.php');
vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogEntry', 'index', $blogid);
vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogComment', 'group_data_change', $blogid);
if (!$condition AND $this->info['addtags'])
{
// invalidate users tag cloud
$dataman =& datamanager_init('Blog_User', $this->registry, ERRTYPE_SILENT);
$info = array('bloguserid' => $userid);
$dataman->set_existing($info);
$dataman->set('tagcloud', '');
$dataman->save();
}
$this->build_category_counters();
build_blog_stats();
// Insert entry for moderation
if ($this->fetch_field('state') == 'moderation')
{
/*insert query*/
$this->dbobject->query_write("
INSERT IGNORE INTO " . TABLE_PREFIX . "blog_moderation
(primaryid, type, dateline)
VALUES
($blogid, 'blogid', " . TIMENOW . ")
");
}
// Insert entry for moderation
if (!$this->condition AND ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') OR $this->fetch_field('pending'))
{
$userinfo = array('bloguserid' => $userid);
$userdata =& datamanager_init('Blog_user', $this->registry, ERRTYPE_SILENT);
$userdata->set_existing($userinfo);
if ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft')
{
$userdata->set($this->fetch_field('state'), $this->fetch_field('state') . ' + 1', false);
}
if ($this->fetch_field('pending'))
{
$userdata->set('pending', 'pending + 1', false);
}
$userdata->save();
}
// Send Email Notification
if (((!$this->condition AND !$this->fetch_field('pending')) OR $this->info['send_notification']) AND ($this->fetch_field('state') == 'visible' OR $this->fetch_field('state') == 'moderation') AND $this->registry->options['enableemail'])
{
$lastposttime = $this->dbobject->query_first("
SELECT MAX(dateline) AS dateline
FROM " . TABLE_PREFIX . "blog AS blog
WHERE blogid = $blogid
AND dateline < " . $this->fetch_field('dateline') . "
AND state = 'visible'
");
$entrytitle = unhtmlspecialchars($this->fetch_field('title'));
if (defined('VBBLOG_PERMS') AND $this->registry->userinfo['userid'] == $this->fetch_field('userid'))
{
$blogtitle = unhtmlspecialchars($this->registry->userinfo['blog_title']);
$username = unhtmlspecialchars($this->registry->userinfo['username']);
$userinfo =& $this->registry->userinfo;
}
else
{
if (!defined('VBBLOG_PERMS'))
{ // Tell the fetch_userinfo plugin that we need the blog fields in case this class is being called by a non blog script
define('VBBLOG_PERMS', true);
}
$userinfo = fetch_userinfo($this->fetch_field('userid'), 1);
cache_permissions($userinfo, false);
$blogtitle = unhtmlspecialchars($userinfo['blog_title']);
if ($userinfo['userid'] != $this->fetch_field('userid'))
{
$userinfo2 = fetch_userinfo($this->fetch_field('userid'), 1);
$username = unhtmlspecialchars($userinfo2['username']);
}
else
{
$username = unhtmlspecialchars($userinfo['username']);
}
}
require_once(DIR . '/includes/class_bbcode_alt.php');
$plaintext_parser = new vB_BbCodeParser_PlainText($this->registry, fetch_tag_list());
$pagetext_cache = array(); // used to cache the results per languageid for speed
$pagetext_orig =& $this->fetch_field('pagetext', 'blog_text');
($hook = vBulletinHook::fetch_hook('blog_user_notification_start')) ? eval($hook) : false;
$useremails = $this->dbobject->query_read_slave("
SELECT
user.*,
blog_subscribeuser.blogsubscribeuserid,
bm.blogmoderatorid,
ignored.relationid AS ignoreid, buddy.relationid AS buddyid,
bu.isblogmoderator, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid
FROM " . TABLE_PREFIX . "blog_subscribeuser AS blog_subscribeuser
INNER JOIN " . TABLE_PREFIX . "user AS user ON (blog_subscribeuser.userid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "blog_moderator AS bm ON (bm.userid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = $userid AND buddy.relationid = user.userid AND buddy.type = 'buddy')
LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = $userid AND ignored.relationid = user.userid AND ignored.type = 'ignore')
LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = user.userid)
WHERE
blog_subscribeuser.bloguserid = $userid
AND
" . ($userid == $postedby_userid ? "blog_subscribeuser.userid <> $userid AND" : "") . "
blog_subscribeuser.type = 'email'
AND
user.usergroupid <> 3
AND
user.lastactivity >= " . intval($lastposttime['dateline']) . "
");
vbmail_start();
$setoptions = $this->fetch_field('options');
$evalemail = array();
while ($touser = $this->dbobject->fetch_array($useremails))
{
cache_permissions($touser, false);
// only send private entries to contacts and moderators
if ($setoptions["{$this->bitfields['options']['private']}"] AND !$touser['buddyid'] AND !$touser['blogmoderatorid'] AND !is_member_of_blog($touser, $userinfo))
{
continue;
}
if (!($this->registry->usergroupcache["$touser[usergroupid]"]['genericoptions'] & $this->registry->bf_ugp_genericoptions['isnotbannedgroup']))
{
continue;
}
if ($this->fetch_field('state') == 'moderation')
{
if ($touser['userid'] != $userid AND !can_moderate_blog('canmoderateentries', $touser))
{
continue;
}
}
if (!empty($this->info['categories']))
{
prepare_blog_category_permissions($touser);
if (array_intersect($touser['blogcategorypermissions']['cantview'], $this->info['categories']) AND $userinfo['userid'] != $touser['userid'])
{
continue;
}
}
if (!($touser['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
continue;
}
else if (
!$touser['blogmoderatorid']
AND
!($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'])
AND
!($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['ismoderator'])
AND
(!$userinfo['ignore_canviewmyblog'] OR !$touser['ignoreid'])
AND
(!$userinfo['buddy_canviewmyblog'] OR !$touser['buddyid'])
AND
(!$userinfo['member_canviewmyblog'] OR (!$userinfo['buddy_canviewmyblog'] AND $touser['budyid']) OR (!$userinfo['ignore_canviewmyblog'] AND $touser['ignoreid']))
AND
!is_member_of_blog($touser, $userinfo)
)
{
continue;
}
$touser['username'] = unhtmlspecialchars($touser['username']);
$touser['languageid'] = iif($touser['languageid'] == 0, $this->registry->options['languageid'], $touser['languageid']);
$touser['auth'] = md5($touser['userid'] . $touser['blogsubscribeuserid'] . $touser['salt'] . COOKIE_SALT);
if (empty($evalemail))
{
$email_texts = $this->dbobject->query_read_slave("
SELECT text, languageid, fieldname
FROM " . TABLE_PREFIX . "phrase
WHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'blog_user_notify'
");
while ($email_text = $this->dbobject->fetch_array($email_texts))
{
$emails["$email_text[languageid]"]["$email_text[fieldname]"] = $email_text['text'];
}
require_once(DIR . '/includes/functions_misc.php');
foreach ($emails AS $languageid => $email_text)
{
// lets cycle through our array of notify phrases
$text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
$text_message = replace_template_variables($text_message);
$text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
$text_subject = replace_template_variables($text_subject);
$evalemail["$languageid"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
}
// parse the page text into plain text, taking selected language into account
if (!isset($pagetext_cache["$touser[languageid]"]))
{
$plaintext_parser->set_parsing_language($touser['languageid']);
$pagetext_cache["$touser[languageid]"] = $plaintext_parser->parse($pagetext_orig);
}
$pagetext = $pagetext_cache["$touser[languageid]"];
($hook = vBulletinHook::fetch_hook('blog_user_notification_message')) ? eval($hook) : false;
eval(iif(empty($evalemail["$touser[languageid]"]), $evalemail["-1"], $evalemail["$touser[languageid]"]));
vbmail($touser['email'], $subject, $message);
}
unset($plaintext_parser, $pagetext_cache);
vbmail_end();
}
$this->post_save_each_blogtext($doquery);
if ($this->fetch_field('dateline') <= TIMENOW)
{
$this->insert_dupehash($this->fetch_field('blogid'));
}
if ($this->condition AND $this->info['emailupdate'] == 'none' AND ($userid != $this->registry->userinfo['userid'] OR ($userid == $this->registry->userinfo['userid'] AND $this->existing['entrysubscribed'])))
{
$this->dbobject->query_write("
DELETE FROM " . TABLE_PREFIX . "blog_subscribeentry
WHERE blogid = $blogid AND userid = $userid
");
}
else if ($this->info['emailupdate'] == 'email' OR $this->info['emailupdate'] == 'usercp')
{
$this->dbobject->query_write("
REPLACE INTO " . TABLE_PREFIX . "blog_subscribeentry
(blogid, dateline, type, userid)
VALUES
($blogid, " . TIMENOW . ", '" . $this->info['emailupdate'] . "', $userid)
");
}
($hook = vBulletinHook::fetch_hook('blog_fpdata_postsave')) ? eval($hook) : false;
}
// Build variables for the remaining signature permissions
$sigperms_display = array('sigmaxchars' => vb_number_format($permissions['maxchars']), 'sigmaxlines' => vb_number_format($permissions['maxlines']), 'sigpicmaxwidth' => vb_number_format($permissions['sigpicmaxwidth']), 'sigpicmaxheight' => vb_number_format($permissions['sigpicmaxheight']), 'sigpicmaxsize' => vb_number_format($permissions['sigpicmaxsize'], 1, true));
if ($preview_error_signature) {
$signature = $preview_error_signature;
} else {
$signature = $vbulletin->userinfo['signature'];
}
// Free the memory, unless we need it below.
if (!$signature) {
unset($sig_parser);
}
if ($signature) {
if (!$previewmessage) {
require_once DIR . '/includes/class_bbcode.php';
$bbcode_parser =& new vB_BbCodeParser($vbulletin, fetch_tag_list());
$bbcode_parser->set_parse_userinfo(fetch_userinfo($vbulletin->userinfo['userid'], FETCH_USERINFO_SIGPIC), $vbulletin->userinfo['permissions']);
$previewmessage = $bbcode_parser->parse($signature, 'signature');
}
// save a conditional by just overwriting the phrase
$vbphrase['submit_message'] =& $vbphrase['save_signature'];
eval('$preview = "' . fetch_template('newpost_preview') . '";');
}
require_once DIR . '/includes/functions_editor.php';
// set message box width to usercp size
$stylevar['messagewidth'] = $stylevar['messagewidth_usercp'];
$editorid = construct_edit_toolbar(htmlspecialchars_uni($signature), 0, 'signature', $vbulletin->userinfo['permissions']['signaturepermissions'] & $vbulletin->bf_ugp_signaturepermissions['allowsmilies']);
$show['canbbcode'] = $vbulletin->userinfo['permissions']['signaturepermissions'] & $vbulletin->bf_ugp_signaturepermissions['canbbcode'] ? true : false;
// ############### DISPLAY SIG IMAGE CONTROLS ###############
require_once DIR . '/includes/functions_file.php';
$inimaxattach = fetch_max_upload_size();
if ($permissions['signaturepermissions'] & $vbulletin->bf_ugp_signaturepermissions['cansigpic']) {
/**
* Returns appropriate user info for the owner of this session.
*
* @return array Array of user information.
*/
function &fetch_userinfo()
{
if ($this->userinfo) {
// we already calculated this
return $this->userinfo;
} else {
if ($this->vars['userid'] and !defined('SKIP_USERINFO')) {
// user is logged in
$useroptions = (defined('IN_CONTROL_PANEL') ? FETCH_USERINFO_ADMIN : 0) + (defined('AVATAR_ON_NAVBAR') ? FETCH_USERINFO_AVATAR : 0);
$this->userinfo = fetch_userinfo($this->vars['userid'], $useroptions, $this->vars['languageid']);
return $this->userinfo;
} else {
// guest setup
$this->userinfo = array('userid' => 0, 'usergroupid' => 1, 'username' => !empty($_REQUEST['username']) ? htmlspecialchars_uni($_REQUEST['username']) : '', 'password' => '', 'email' => '', 'styleid' => $this->vars['styleid'], 'languageid' => $this->vars['languageid'], 'lastactivity' => $this->vars['lastactivity'], 'daysprune' => 0, 'timezoneoffset' => $this->registry->options['timeoffset'], 'dstonoff' => $this->registry->options['dstonoff'], 'showsignatures' => 1, 'showavatars' => 1, 'showimages' => 1, 'showusercss' => 1, 'dstauto' => 0, 'maxposts' => -1, 'startofweek' => 1, 'threadedmode' => $this->registry->options['threadedmode'], 'securitytoken' => 'guest', 'securitytoken_raw' => 'guest');
$this->userinfo['options'] = $this->registry->bf_misc_useroptions['showsignatures'] | $this->registry->bf_misc_useroptions['showavatars'] | $this->registry->bf_misc_useroptions['showimages'] | $this->registry->bf_misc_useroptions['dstauto'] | $this->registry->bf_misc_useroptions['showusercss'];
if (!defined('SKIP_USERINFO')) {
// get default language
$phraseinfo = $this->registry->db->query_first_slave("\n\t\t\t\t\tSELECT languageid" . fetch_language_fields_sql(0) . "\n\t\t\t\t\tFROM " . TABLE_PREFIX . "language\n\t\t\t\t\tWHERE languageid = " . (!empty($this->vars['languageid']) ? $this->vars['languageid'] : intval($this->registry->options['languageid'])) . "\n\t\t\t\t");
if (empty($phraseinfo)) {
// can't phrase this since we can't find the language
trigger_error('The requested language does not exist, reset via tools.php.', E_USER_ERROR);
}
foreach ($phraseinfo as $_arrykey => $_arryval) {
$this->userinfo["{$_arrykey}"] = $_arryval;
}
unset($phraseinfo);
}
return $this->userinfo;
}
}
}
