function asb_strip_url($message) { $message = ' ' . $message; $message = preg_replace("#([\\>\\s\\(\\)])(http|https|ftp|news){1}://([^\\/\"\\s\\<\\[\\.]+\\.([^\\/\"\\s\\<\\[\\.]+\\.)*[\\w]+(:[0-9]+)?(/[^\"\\s<\\[]*)?)#i", '', $message); $message = preg_replace("#([\\>\\s\\(\\)])(www|ftp)\\.(([^\\/\"\\s\\<\\[\\.]+\\.)*[\\w]+(:[0-9]+)?(/[^\"\\s<\\[]*)?)#i", '', $message); return my_substr($message, 1); }
public function create_action($id, $type) { checkObject(); checkObjectModule('documents'); object_set_visit_module('documents'); if (!$GLOBALS['rechte']) { throw new AccessDeniedException(); } PageLayout::setTitle(_('Neuen Ordner erstellen')); $options = array(); $options[md5('new_top_folder')] = _('Namen auswählen oder wie Eingabe') . ' -->'; $query = "SELECT SUM(1) FROM folder WHERE range_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($id)); if ($statement->fetchColumn() == 0) { $options[$id] = _('Allgemeiner Dateiordner'); } if ($type === 'sem') { $query = "SELECT statusgruppe_id AS id, statusgruppen.name AS name\n FROM statusgruppen\n LEFT JOIN folder ON (statusgruppe_id = folder.range_id)\n WHERE statusgruppen.range_id = ? AND folder_id IS NULL\n ORDER BY position"; $statement = DBManager::get()->prepare($query); $statement->execute(array($id)); $statement->setFetchMode(PDO::FETCH_ASSOC); foreach ($statement as $row) { $options[$row['id']] = sprintf(_('Dateiordner der Gruppe: %s'), $row['name']); } $issues = array(); $shown_dates = array(); $query = "SELECT themen_termine.issue_id, termine.date, folder.name, termine.termin_id, date_typ\n FROM termine\n LEFT JOIN themen_termine USING (termin_id)\n LEFT JOIN folder ON (themen_termine.issue_id = folder.range_id)\n WHERE termine.range_id = ? AND folder.folder_id IS NULL\n ORDER BY termine.date, name"; $statement = DBManager::get()->prepare($query); $statement->execute(array($id)); $statement->setFetchMode(PDO::FETCH_ASSOC); foreach ($statement as $row) { if ($row['name']) { continue; } $name = sprintf(_('Ordner für %s [%s]'), date('d.m.Y', $row['date']), $GLOBALS['TERMIN_TYP'][$row['date_typ']]['name']); if ($row['issue_id']) { if (!$issues[$row['issue_id']]) { $issues[$row['issue_id']] = new Issue(array('issue_id' => $row['issue_id'])); } $name .= ', ' . my_substr($issues[$row['issue_id']]->toString(), 0, 20); $option_id = $row['issue_id']; } else { $option_id = $row['termin_id']; } $options[$option_id] = $name; } } $this->options = $options; $this->id = $id; }
/** * Clean up a description and append it to google_seo_meta. * * @param string The unfiltered description that should be used. */ function google_seo_meta_description($description) { global $settings, $plugins, $google_seo_meta; if ($settings['google_seo_meta_length'] > 0) { $description = strip_tags($description); $description = str_replace(" ", " ", $description); $description = preg_replace("/\\[[^\\]]+\\]/u", "", $description); $description = preg_replace("/\\s+/u", " ", $description); $description = trim($description); $description = my_substr($description, 0, $settings['google_seo_meta_length'], true); $description = trim($description); if ($description) { $plugins->add_hook('pre_output_page', 'google_seo_meta_output'); $google_seo_meta = "<meta name=\"description\" content=\"{$description}\" />\n{$google_seo_meta}"; } } }
$memban['adminuser'] = build_profile_link($memban['adminuser'], $memban['admin']); // Display a nice warning to the user eval('$bannedbit = "' . $templates->get('member_profile_banned') . '";'); } $adminoptions = ''; if ($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1) { eval("\$adminoptions = \"" . $templates->get("member_profile_adminoptions") . "\";"); } $modoptions = $viewnotes = $editnotes = $editprofile = $banuser = $manageuser = ''; $can_purge_spammer = purgespammer_show($memprofile['postnum'], $memprofile['usergroup'], $memprofile['uid']); if ($mybb->usergroup['canmodcp'] == 1 || $can_purge_spammer) { $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes'])); if (!empty($memprofile['usernotes'])) { if (strlen($memprofile['usernotes']) > 100) { eval("\$viewnotes = \"" . $templates->get("member_profile_modoptions_viewnotes") . "\";"); $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100) . "... {$viewnotes}"; } } else { $memprofile['usernotes'] = $lang->no_usernotes; } if ($mybb->usergroup['caneditprofiles'] == 1) { eval("\$editprofile = \"" . $templates->get("member_profile_modoptions_editprofile") . "\";"); eval("\$editnotes = \"" . $templates->get("member_profile_modoptions_editnotes") . "\";"); } if ($mybb->usergroup['canbanusers'] == 1 && (!$memban['uid'] || $memban['uid'] && $mybb->user['uid'] == $memban['admin'] || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1)) { eval("\$banuser = \"" . $templates->get("member_profile_modoptions_banuser") . "\";"); } if ($can_purge_spammer) { eval("\$purgespammer = \"" . $templates->get('member_profile_modoptions_purgespammer') . "\";"); } if (!empty($editprofile) || !empty($banuser) || !empty($purgespammer)) {
<tr> <td valign="top"> <? $search_exp = Request::get('search_exp'); if ($search_exp): $users = getSearchResults(trim($search_exp), $range_id, 'sem'); if ($users): ?> <select name="searchPersons[]" size="5" multiple style="width: 90%;"> <? if (is_array($users)) foreach ($users as $user) : ?> <option value="<?php echo htmlReady($user['username']); ?> "> <?php echo htmlReady(my_substr($user['fullname'], 0, 35)); ?> (<?php echo $user['username']; ?> ), <?php echo $user['perms']; ?> </option> <? endforeach; ?> </select> <?php echo Icon::create('refresh', ['title' => _('Personen suchen')])->asInput(['valign' => 'bottom', 'name' => 'search', 'value' => _('Personen suchen')]); ?> <br> <? else : // no users there ?>
} } $loginhandler->set_data(array('username' => $mybb->input['username'], 'password' => $mybb->input['password'])); if ($loginhandler->validate_login() == true) { $mybb->user = get_user($loginhandler->login_data['uid']); } if ($mybb->user['uid']) { if (login_attempt_check_acp($mybb->user['uid']) == true) { log_admin_action(array('type' => 'admin_locked_out', 'uid' => (int) $mybb->user['uid'], 'username' => $mybb->user['username'])); $default_page->show_lockedout(); } $db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'"); $sid = md5(uniqid(microtime(true), true)); $useragent = $_SERVER['HTTP_USER_AGENT']; if (my_strlen($useragent) > 200) { $useragent = my_substr($useragent, 0, 200); } // Create a new admin session for this user $admin_session = array("sid" => $sid, "uid" => $mybb->user['uid'], "loginkey" => $mybb->user['loginkey'], "ip" => $db->escape_binary(my_inet_pton(get_ip())), "dateline" => TIME_NOW, "lastactive" => TIME_NOW, "data" => my_serialize(array()), "useragent" => $db->escape_string($useragent)); $db->insert_query("adminsessions", $admin_session); $admin_session['data'] = array(); // Only reset the loginattempts when we're really logged in and the user doesn't need to enter a 2fa code $query = $db->simple_select("adminoptions", "authsecret", "uid='{$mybb->user['uid']}'"); $admin_options = $db->fetch_array($query); if (empty($admin_options['authsecret'])) { $db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'"); } my_setcookie("adminsid", $sid, '', true); my_setcookie('acploginattempts', 0); $post_verify = false; $mybb->request_method = "get";
eval("\$latest_post = \"" . $templates->get("modcp_awaitingmoderation_none") . "\";"); } eval("\$awaitingposts = \"" . $templates->get("modcp_awaitingposts") . "\";"); } if ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) { $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}"); $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); if ($unapproved_threads > 0) { $query = $db->simple_select("threads", "tid, subject, uid, username, dateline", "visible='0' {$flist_queue_threads}", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => 1)); $thread = $db->fetch_array($query); $thread['date'] = my_date('relative', $thread['dateline']); $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']); $thread['link'] = get_thread_link($thread['tid']); $thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']); if (my_strlen($thread['subject']) > 25) { $post['subject'] = my_substr($thread['subject'], 0, 25) . "..."; } $thread['subject'] = htmlspecialchars_uni($thread['subject']); $thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']); $unapproved_threads = my_number_format($unapproved_threads); eval("\$latest_thread = \"" . $templates->get("modcp_lastthread") . "\";"); } else { eval("\$latest_thread = \"" . $templates->get("modcp_awaitingmoderation_none") . "\";"); } eval("\$awaitingthreads = \"" . $templates->get("modcp_awaitingthreads") . "\";"); } if (!empty($awaitingattachments) || !empty($awaitingposts) || !empty($awaitingthreads)) { eval("\$awaitingmoderation = \"" . $templates->get("modcp_awaitingmoderation") . "\";"); } } $latestfivemodactions = '';
echo $institute_id; ?> " <? if ($institute_id == $resObject->getInstitutId()) echo 'selected'; ?>> <?php echo htmlReady(my_substr($faculty['Name'], 0, 50)); ?> </option> <? foreach ($faculty['institutes'] as $institute_id => $name): ?> <option style="padding-left: 1.5em;" value="<?php echo $institute_id; ?> " <? if ($institute_id == $resObject->getInstitutId()) echo 'selected'; ?>> <?php echo htmlReady(my_substr($name, 0, 50)); ?> </option> <? endforeach; ?> <? endforeach; ?> </select> <? else : ?> <?php echo MessageBox::info(_('Sie können die Einordnung in die Orga-Struktur nicht ändern.')); ?> <? endif; ?> </td> </tr> <? endif; ?> <? if ($resObject->getCategoryId()) : ?> <? foreach ($EditResourceData->selectProperties() as $property): ?>
foreach ($faculties as $faculty) { $export_pagecontent .= "<option style=\"font-weight:bold;\" "; if ($range_id == $faculty['fakultaets_id']) { $export_pagecontent .= " selected"; } $export_pagecontent .= " value=\"" . $faculty['Institut_id'] . "\">" . htmlReady(my_substr($faculty['Name'], 0, 60)) . "</option>"; $inst_statement->execute(array($faculty['Institut_id'])); while ($institute = $inst_statement->fetch(PDO::FETCH_ASSOC)) { $export_pagecontent .= sprintf("<option value=\"%s\"", $institute['Institut_id']); if ($range_id == $institute['Institut_id'] && $range_id != $faculty['Institut_id']) { $export_pagecontent .= " selected"; } $export_pagecontent .= sprintf("> %s </option>\n", htmlReady(my_substr($institute['Name'], 0, 60))); } $inst_statement->closeCursor(); } if ($perm->have_perm("root")) { $export_pagecontent .= "<option style=\"font-weight:bold;\" value=\"root\">Alle Einrichtungen"; } $export_pagecontent .= "</select><br><br>"; $export_pagecontent .= "<b>"._("Art der auszugebenden Daten: ") . "</b><br><select name=\"ex_type\">"; $export_pagecontent .= "<option"; if ($ex_type=="veranstaltung") $export_pagecontent .= " selected";
error($lang->no_attachments_selected); } $aids = implode(',', array_map('intval', $mybb->input['attachments'])); $query = $db->simple_select("attachments", "*", "aid IN ({$aids}) AND uid='" . $mybb->user['uid'] . "'"); while ($attachment = $db->fetch_array($query)) { remove_attachment($attachment['pid'], '', $attachment['aid']); } $plugins->run_hooks("usercp_do_attachments_end"); redirect("usercp.php?action=attachments", $lang->attachments_deleted); } if ($mybb->input['action'] == "do_notepad" && $mybb->request_method == "post") { // Verify incoming POST request verify_post_check($mybb->get_input('my_post_key')); // Cap at 60,000 chars; text will allow up to 65535? if (my_strlen($mybb->get_input('notepad')) > 60000) { $mybb->input['notepad'] = my_substr($mybb->get_input('notepad'), 0, 60000); } $plugins->run_hooks("usercp_do_notepad_start"); $db->update_query("users", array('notepad' => $db->escape_string($mybb->get_input('notepad'))), "uid='" . $mybb->user['uid'] . "'"); $plugins->run_hooks("usercp_do_notepad_end"); redirect("usercp.php", $lang->redirect_notepadupdated); } if (!$mybb->input['action']) { // Get posts per day $daysreg = (TIME_NOW - $mybb->user['regdate']) / (24 * 3600); if ($daysreg < 1) { $daysreg = 1; } $perday = $mybb->user['postnum'] / $daysreg; $perday = round($perday, 2); if ($perday > $mybb->user['postnum']) {
function process_short_content($post_text, $parser = null, $length = 200) { global $parser, $mybb; require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php'; $post_text = tapatalkEmoji::covertNameToEmpty($post_text); if ($parser === null) { require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); } $array_reg = array(array('reg' => '/\\[color=(.*?)\\](.*?)\\[\\/color\\]/sei', 'replace' => "mobi_color_convert('\$1','\$2' ,false)"), array('reg' => '/\\[php\\](.*?)\\[\\/php\\]/si', 'replace' => '[php]'), array('reg' => '/\\[align=(.*?)\\](.*?)\\[\\/align\\]/si', replace => " \$2 "), array('reg' => '/\\[email\\](.*?)\\[\\/email\\]/si', replace => "[url]"), array('reg' => '/\\[quote(.*?)\\](.*?)\\[\\/quote\\]/si', 'replace' => '[quote]'), array('reg' => '/\\[code\\](.*?)\\[\\/code\\]/si', 'replace' => ''), array('reg' => '/\\[url=(.*?)\\](.*?)\\[\\/url\\]/sei', 'replace' => "mobi_url_convert('\$1','\$2')"), array('reg' => '/\\[img(.*?)\\](.*?)\\[\\/img\\]/si', 'replace' => '[img]'), array('reg' => '/\\[video=(.*?)\\](.*?)\\[\\/video\\]/si', 'replace' => '[V]'), array('reg' => '/\\[attachment=(.*?)\\]/si', 'replace' => '[attach]')); foreach ($array_reg as $arr) { $post_text = preg_replace($arr['reg'], $arr['replace'], $post_text); } //$post_text = tt_covert_list($post_text, '/\[list=1\](.*?)\[\/list\]/si', '2'); //$post_text = tt_covert_list($post_text, '/\[list\](.*?)\[\/list\]/si', '1'); $parser_options = array('allow_html' => 0, 'allow_mycode' => 1, 'allow_smilies' => 0, 'allow_imgcode' => 0, 'filter_badwords' => 1); $post_text = strip_tags($parser->parse_message($post_text, $parser_options)); $post_text = preg_replace('/\\s+/', ' ', $post_text); $post_text = html_entity_decode($post_text); if (my_strlen($post_text) > $length) { $post_text = my_substr(trim($post_text), 0, $length); } return $post_text; }
/** * Build a list of forum bits. * * @param int The parent forum to fetch the child forums for (0 assumes all) * @param int The depth to return forums with. * @return array Array of information regarding the child forums of this parent forum */ function build_forumbits($pid = 0, $depth = 1) { global $fcache, $moderatorcache, $forumpermissions, $theme, $mybb, $templates, $bgcolor, $collapsed, $lang, $showdepth, $plugins, $parser, $forum_viewers; $forum_listing = ''; // If no forums exist with this parent, do nothing if (!is_array($fcache[$pid])) { return; } // Foreach of the forums in this parent foreach ($fcache[$pid] as $parent) { foreach ($parent as $forum) { $forums = $subforums = $sub_forums = ''; $lastpost_data = ''; $counters = ''; $forum_viewers_text = ''; $forum_viewers_text_plain = ''; // Get the permissions for this forum $permissions = $forumpermissions[$forum['fid']]; // If this user doesnt have permission to view this forum and we're hiding private forums, skip this forum if ($permissions['canview'] != 1 && $mybb->settings['hideprivateforums'] == 1) { continue; } $plugins->run_hooks_by_ref("build_forumbits_forum", $forum); // Build the link to this forum $forum_url = get_forum_link($forum['fid']); // This forum has a password, and the user isn't authenticated with it - hide post information $hideinfo = false; $showlockicon = 0; if ($permissions['canviewthreads'] != 1) { $hideinfo = true; } if ($forum['password'] != '' && $mybb->cookies['forumpass'][$forum['fid']] != md5($mybb->user['uid'] . $forum['password'])) { $hideinfo = true; $showlockicon = 1; } $lastpost_data = array("lastpost" => $forum['lastpost'], "lastpostsubject" => $forum['lastpostsubject'], "lastposter" => $forum['lastposter'], "lastposttid" => $forum['lastposttid'], "lastposteruid" => $forum['lastposteruid']); // Fetch subforums of this forum if (isset($fcache[$forum['fid']])) { $forum_info = build_forumbits($forum['fid'], $depth + 1); // Increment forum counters with counters from child forums $forum['threads'] += $forum_info['counters']['threads']; $forum['posts'] += $forum_info['counters']['posts']; $forum['unapprovedthreads'] += $forum_info['counters']['unapprovedthreads']; $forum['unapprovedposts'] += $forum_info['counters']['unapprovedposts']; $forum['viewers'] += $forum_info['counters']['viewing']; // If the child forums' lastpost is greater than the one for this forum, set it as the child forums greatest. if ($forum_info['lastpost']['lastpost'] > $lastpost_data['lastpost']) { $lastpost_data = $forum_info['lastpost']; } $sub_forums = $forum_info['forum_list']; } // If we are hiding information (lastpost) because we aren't authenticated against the password for this forum, remove them if ($hideinfo == true) { unset($lastpost_data); } // If the current forums lastpost is greater than other child forums of the current parent, overwrite it if ($lastpost_data['lastpost'] > $parent_lastpost['lastpost']) { $parent_lastpost = $lastpost_data; } if (is_array($forum_viewers) && $forum_viewers[$forum['fid']] > 0) { $forum['viewers'] = $forum_viewers[$forum['fid']]; } // Increment the counters for the parent forum (returned later) if ($hideinfo != true) { $parent_counters['threads'] += $forum['threads']; $parent_counters['posts'] += $forum['posts']; $parent_counters['unapprovedposts'] += $forum['unapprovedposts']; $parent_counters['unapprovedthreads'] += $forum['unapprovedthreads']; $parent_counters['viewers'] += $forum['viewers']; } // Done with our math, lets talk about displaying - only display forums which are under a certain depth if ($depth > $showdepth) { continue; } // Get the lightbulb status indicator for this forum based on the lastpost $lightbulb = get_forum_lightbulb($forum, $lastpost_data, $showlockicon); // Fetch the number of unapproved threads and posts for this forum $unapproved = get_forum_unapproved($forum); if ($hideinfo == true) { unset($unapproved); } // Sanitize name and description of forum. $forum['name'] = preg_replace("#&(?!\\#[0-9]+;)#si", "&", $forum['name']); // Fix & but allow unicode $forum['description'] = preg_replace("#&(?!\\#[0-9]+;)#si", "&", $forum['description']); // Fix & but allow unicode $forum['name'] = preg_replace("#&([^\\#])(?![a-z1-4]{1,10};)#i", "&\$1", $forum['name']); $forum['description'] = preg_replace("#&([^\\#])(?![a-z1-4]{1,10};)#i", "&\$1", $forum['description']); // If this is a forum and we've got subforums of it, load the subforums list template if ($depth == 2 && $sub_forums) { eval("\$subforums = \"" . $templates->get("forumbit_subforums") . "\";"); } else { if ($depth == 3) { if ($donecount < $mybb->settings['subforumsindex']) { $statusicon = ''; // Showing mini status icons for this forum if ($mybb->settings['subforumsstatusicons'] == 1) { $lightbulb['folder'] = "mini" . $lightbulb['folder']; eval("\$statusicon = \"" . $templates->get("forumbit_depth3_statusicon", 1, 0) . "\";"); } // Fetch the template and append it to the list eval("\$forum_list .= \"" . $templates->get("forumbit_depth3", 1, 0) . "\";"); $comma = ', '; } // Have we reached our max visible subforums? put a nice message and break out of the loop ++$donecount; if ($donecount == $mybb->settings['subforumsindex']) { if (subforums_count($fcache[$pid]) > $donecount) { $forum_list .= $comma . $lang->sprintf($lang->more_subforums, subforums_count($fcache[$pid]) - $donecount); } } continue; } } // Forum is a category, set template type if ($forum['type'] == 'c') { $forumcat = '_cat'; } else { $forumcat = '_forum'; } if ($forum['linkto'] == '') { // No posts have been made in this forum - show never text if (($lastpost_data['lastpost'] == 0 || $lastpost_data['lastposter'] == '') && $hideinfo != true) { $lastpost = "<div style=\"text-align: center;\">{$lang->lastpost_never}</div>"; } elseif ($hideinfo != true) { // Format lastpost date and time $lastpost_date = my_date($mybb->settings['dateformat'], $lastpost_data['lastpost']); $lastpost_time = my_date($mybb->settings['timeformat'], $lastpost_data['lastpost']); // Set up the last poster, last post thread id, last post subject and format appropriately $lastpost_profilelink = build_profile_link($lastpost_data['lastposter'], $lastpost_data['lastposteruid']); $lastpost_link = get_thread_link($lastpost_data['lastposttid'], 0, "lastpost"); $lastpost_subject = $full_lastpost_subject = $parser->parse_badwords($lastpost_data['lastpostsubject']); if (my_strlen($lastpost_subject) > 25) { $lastpost_subject = my_substr($lastpost_subject, 0, 25) . "..."; } $lastpost_subject = htmlspecialchars_uni($lastpost_subject); $full_lastpost_subject = htmlspecialchars_uni($full_lastpost_subject); // Call lastpost template if ($depth != 1) { eval("\$lastpost = \"" . $templates->get("forumbit_depth{$depth}_forum_lastpost") . "\";"); } } if ($mybb->settings['showforumviewing'] != 0 && $forum['viewers'] > 0) { if ($forum['viewers'] == 1) { $forum_viewers_text = $lang->viewing_one; } else { $forum_viewers_text = $lang->sprintf($lang->viewing_multiple, $forum['viewers']); } $forum_viewers_text_plain = $forum_viewers_text; $forum_viewers_text = "<span class=\"smalltext\">{$forum_viewers_text}</span>"; } } // If this forum is a link or is password protected and the user isn't authenticated, set lastpost and counters to "-" if ($forum['linkto'] != '' || $hideinfo == true) { $lastpost = "<div style=\"text-align: center;\">-</div>"; $posts = "-"; $threads = "-"; } else { $posts = my_number_format($forum['posts']); $threads = my_number_format($forum['threads']); } // Moderator column is not off if ($mybb->settings['modlist'] != 0) { $done_moderators = array(); $moderators = ''; // Fetch list of moderators from this forum and its parents $parentlistexploded = explode(',', $forum['parentlist']); foreach ($parentlistexploded as $mfid) { // This forum has moderators if (is_array($moderatorcache[$mfid])) { // Fetch each moderator from the cache and format it, appending it to the list foreach ($moderatorcache[$mfid] as $moderator) { if (in_array($moderator['uid'], $done_moderators)) { continue; } $moderators .= "{$comma}<a href=\"" . get_profile_link($moderator['uid']) . "\">" . htmlspecialchars_uni($moderator['username']) . "</a>"; $comma = ', '; $done_moderators[] = $moderator['uid']; } } } $comma = ''; // If we have a moderators list, load the template if ($moderators) { eval("\$modlist = \"" . $templates->get("forumbit_moderators") . "\";"); } else { $modlist = ''; } } // Descriptions aren't being shown - blank them if ($mybb->settings['showdescriptions'] == 0) { $forum['description'] = ''; } // Check if this category is either expanded or collapsed and hide it as necessary. $expdisplay = ''; $collapsed_name = "cat_{$forum['fid']}_c"; if (isset($collapsed[$collapsed_name]) && $collapsed[$collapsed_name] == "display: show;") { $expcolimage = "collapse_collapsed.gif"; $expdisplay = "display: none;"; $expaltext = "[+]"; } else { $expcolimage = "collapse.gif"; $expaltext = "[-]"; } // Swap over the alternate backgrounds $bgcolor = alt_trow(); // Add the forum to the list eval("\$forum_list .= \"" . $templates->get("forumbit_depth{$depth}{$forumcat}") . "\";"); } } // Return an array of information to the parent forum including child forums list, counters and lastpost information return array("forum_list" => $forum_list, "counters" => $parent_counters, "lastpost" => $parent_lastpost); }
/** * Create a new session. * * @param int The user id to bind the session to. */ function create_session($uid = 0) { global $db; $speciallocs = $this->get_special_locations(); // If there is a proper uid, delete by uid. if ($uid > 0) { $db->delete_query("sessions", "uid='{$uid}'"); $onlinedata['uid'] = $uid; } else { if ($this->is_spider == true) { $db->delete_query("sessions", "sid='{$this->sid}'"); } else { $db->delete_query("sessions", "ip=" . $db->escape_binary($this->packedip)); $onlinedata['uid'] = 0; } } // If the user is a search enginge spider, ... if ($this->is_spider == true) { $onlinedata['sid'] = $this->sid; } else { $onlinedata['sid'] = md5(uniqid(microtime(true), true)); } $onlinedata['time'] = TIME_NOW; $onlinedata['ip'] = $db->escape_binary($this->packedip); $onlinedata['location'] = $db->escape_string(substr(get_current_location(), 0, 150)); $onlinedata['useragent'] = $db->escape_string(my_substr($this->useragent, 0, 100)); $onlinedata['location1'] = (int) $speciallocs['1']; $onlinedata['location2'] = (int) $speciallocs['2']; $onlinedata['nopermission'] = 0; $db->replace_query("sessions", $onlinedata, "sid", false); $this->sid = $onlinedata['sid']; $this->uid = $onlinedata['uid']; }
foreach ($message as $key => $v) { ?> <span class="message_box"> <div class="row"> <div class="col-xs-9"> <a class="read_message" message_id="<?php echo $v["message_id"]; ?> " target="_blank" href="<?php echo U('Comment/index', array('post_id' => $v['post_id'])); ?> "><?php echo $v["send_user"]["username"]; ?> :<?php echo my_substr(strip_tags(htmlspecialchars_decode($v['body'])), 100); ?> </a> </div> <div class="col-xs-1"> <?php if (!$v['is_read']) { ?> <a class="read_message" message_id="<?php echo $v["message_id"]; ?> " target="_blank" href="<?php echo U('Comment/index', array('post_id' => $v['post_id'])); ?> "><span message_id="<?php echo $v["message_id"];
<? foreach ($members as $member): ?> <tr> <td class="gruppe<?php echo $seminars[$member['seminar_id']]['gruppe']; ?> "> </td> <td> <a href="<?php echo URLHelper::getLink('seminar_main.php', array('auswahl' => $member['seminar_id'])); ?> "> <?php echo Config::get()->IMPORTANT_SEMNUMBER ? htmlReady($seminars[$member['seminar_id']]['sem_nr']) : ''; ?> <?php echo htmlReady(my_substr($seminars[$member['seminar_id']]['name'], 0, 70)); ?> </a> <? if (!$seminars[$member['seminar_id']]['visible']): ?> <?php echo _('(versteckt)'); ?> <? endif; ?> <input type="hidden" name="m_checked[<?php echo $member['seminar_id']; ?> ][33]" value="0"> </td> <? foreach (array_values($modules) as $index => $data): ?> <td> <input type="checkbox" name="m_checked[<?php
"> <?php echo $method == 'post' ? CSRFProtection::tokenTag() : ''; ?> <select class="sidebar-selectlist" size="<?php echo (int) $size ?: 8; ?> " name="<?php echo htmlReady($name); ?> " onKeyDown="if (event.keyCode === 13) { jQuery(this).closest('form')[0].submit(); }" <?php echo $size == 1 ? 'onchange' : 'onClick'; ?> ="jQuery(this).closest('form')[0].submit();" size="10" style="max-width: 200px;cursor:pointer" class="text-top" aria-label="<?php echo _("Wählen Sie ein Objekt aus. Sie gelangen dann zur neuen Seite."); ?> "> <? foreach ($elements as $element): ?> <option <?php echo $value == $element->getid() ? 'selected' : ''; ?> value="<?php echo htmlReady($element->getid()); ?> "><?php echo htmlReady(my_substr($element->getLabel(), 0, 30)); ?> </option> <? endforeach; ?> </select> </form>
function iriDomain($ip) { $host = gethostbyaddr($ip); if (ereg('^([0-9]{1,3}\\.){3}[0-9]{1,3}$', $host)) { return ""; } else { return my_substr(strrchr($host, "."), 1); } }
function luc_hdate($dt = "00000000") { return mysql2date(get_option('date_format'), my_substr($dt, 0, 4) . "-" . my_substr($dt, 4, 2) . "-" . my_substr($dt, 6, 2)); }
/** * Fetch a users activity and any corresponding details from their location. * * @param string The location (URL) of the user. * @return array Array of location and activity information */ function fetch_wol_activity($location, $nopermission = false) { global $uid_list, $aid_list, $pid_list, $tid_list, $fid_list, $ann_list, $eid_list, $plugins, $user, $parameters; $user_activity = array(); $split_loc = explode(".php", $location); if (isset($user['location']) && $split_loc[0] == $user['location']) { $filename = ''; } else { $filename = my_substr($split_loc[0], -my_strpos(strrev($split_loc[0]), "/")); } $parameters = array(); if ($split_loc[1]) { $temp = explode("&", my_substr($split_loc[1], 1)); foreach ($temp as $param) { $temp2 = explode("=", $param, 2); if (isset($temp2[1])) { $parameters[$temp2[0]] = $temp2[1]; } } } if ($nopermission) { $filename = "nopermission"; } switch ($filename) { case "announcements": if (!isset($parameters['aid'])) { $parameters['aid'] = 0; } $parameters['aid'] = (int) $parameters['aid']; if ($parameters['aid'] > 0) { $ann_list[$parameters['aid']] = $parameters['aid']; } $user_activity['activity'] = "announcements"; $user_activity['ann'] = $parameters['aid']; break; case "attachment": if (!isset($parameters['aid'])) { $parameters['aid'] = 0; } $parameters['aid'] = (int) $parameters['aid']; if ($parameters['aid'] > 0) { $aid_list[] = $parameters['aid']; } $user_activity['activity'] = "attachment"; $user_activity['aid'] = $parameters['aid']; break; case "calendar": if (!isset($parameters['action'])) { $parameters['action'] = ''; } if ($parameters['action'] == "event") { if (!isset($parameters['eid'])) { $parameters['eid'] = 0; } $parameters['eid'] = (int) $parameters['eid']; if ($parameters['eid'] > 0) { $eid_list[$parameters['eid']] = $parameters['eid']; } $user_activity['activity'] = "calendar_event"; $user_activity['eid'] = $parameters['eid']; } elseif ($parameters['action'] == "addevent" || $parameters['action'] == "do_addevent") { $user_activity['activity'] = "calendar_addevent"; } elseif ($parameters['action'] == "editevent" || $parameters['action'] == "do_editevent") { $user_activity['activity'] = "calendar_editevent"; } else { $user_activity['activity'] = "calendar"; } break; case "contact": $user_activity['activity'] = "contact"; break; case "editpost": $user_activity['activity'] = "editpost"; break; case "forumdisplay": if (!isset($parameters['fid'])) { $parameters['fid'] = 0; } $parameters['fid'] = (int) $parameters['fid']; if ($parameters['fid'] > 0) { $fid_list[$parameters['fid']] = $parameters['fid']; } $user_activity['activity'] = "forumdisplay"; $user_activity['fid'] = $parameters['fid']; break; case "index": case '': $user_activity['activity'] = "index"; break; case "managegroup": $user_activity['activity'] = "managegroup"; break; case "member": if (!isset($parameters['action'])) { $parameters['action'] = ''; } if ($parameters['action'] == "activate") { $user_activity['activity'] = "member_activate"; } elseif ($parameters['action'] == "register" || $parameters['action'] == "do_register") { $user_activity['activity'] = "member_register"; } elseif ($parameters['action'] == "login" || $parameters['action'] == "do_login") { $user_activity['activity'] = "member_login"; } elseif ($parameters['action'] == "logout") { $user_activity['activity'] = "member_logout"; } elseif ($parameters['action'] == "profile") { $user_activity['activity'] = "member_profile"; if (!isset($parameters['uid'])) { $parameters['uid'] = 0; } $parameters['uid'] = (int) $parameters['uid']; if ($parameters['uid'] > 0) { $uid_list[$parameters['uid']] = $parameters['uid']; } $user_activity['uid'] = $parameters['uid']; } elseif ($parameters['action'] == "emailuser" || $parameters['action'] == "do_emailuser") { $user_activity['activity'] = "member_emailuser"; } elseif ($parameters['action'] == "rate" || $parameters['action'] == "do_rate") { $user_activity['activity'] = "member_rate"; } elseif ($parameters['action'] == "resendactivation" || $parameters['action'] == "do_resendactivation") { $user_activity['activity'] = "member_resendactivation"; } elseif ($parameters['action'] == "lostpw" || $parameters['action'] == "do_lostpw" || $parameters['action'] == "resetpassword") { $user_activity['activity'] = "member_lostpw"; } else { $user_activity['activity'] = "member"; } break; case "memberlist": $user_activity['activity'] = "memberlist"; break; case "misc": if (!isset($parameters['action'])) { $parameters['action'] = ''; } $accepted_parameters = array("markread", "help", "buddypopup", "smilies", "syndication", "imcenter", "dstswitch"); if ($parameters['action'] == "whoposted") { if (!isset($parameters['tid'])) { $parameters['tid'] = 0; } $parameters['tid'] = (int) $parameters['tid']; if ($parameters['tid'] > 0) { $tid_list[$parameters['tid']] = $parameters['tid']; } $user_activity['activity'] = "misc_whoposted"; $user_activity['tid'] = $parameters['tid']; } elseif (in_array($parameters['action'], $accepted_parameters)) { $user_activity['activity'] = "misc_" . $parameters['action']; } else { $user_activity['activity'] = "misc"; } break; case "modcp": if (!isset($parameters['action'])) { $parameters['action'] = 0; } $accepted_parameters = array("modlogs", "announcements", "finduser", "warninglogs", "ipsearch"); foreach ($accepted_parameters as $action) { if ($parameters['action'] == $action) { $user_activity['activity'] = "modcp_" . $action; break; } } $accepted_parameters = array(); $accepted_parameters['report'] = array("do_reports", "reports", "allreports"); $accepted_parameters['new_announcement'] = array("do_new_announcement", "new_announcement"); $accepted_parameters['delete_announcement'] = array("do_delete_announcement", "delete_announcement"); $accepted_parameters['edit_announcement'] = array("do_edit_announcement", "edit_announcement"); $accepted_parameters['mod_queue'] = array("do_modqueue", "modqueue"); $accepted_parameters['editprofile'] = array("do_editprofile", "editprofile"); $accepted_parameters['banning'] = array("do_banuser", "banning", "liftban", "banuser"); foreach ($accepted_parameters as $name => $actions) { if (in_array($parameters['action'], $actions)) { $user_activity['activity'] = "modcp_" . $name; break; } } if (empty($user_activity['activity'])) { $user_activity['activity'] = "modcp"; } break; case "moderation": $user_activity['activity'] = "moderation"; break; case "newreply": if (!isset($parameters['tid'])) { $parameters['tid'] = 0; } $parameters['tid'] = (int) $parameters['tid']; if ($parameters['tid'] > 0) { $tid_list[$parameters['tid']] = $parameters['tid']; } $user_activity['activity'] = "newreply"; $user_activity['tid'] = $parameters['tid']; break; case "newthread": if (!isset($parameters['fid'])) { $parameters['fid'] = 0; } $parameters['fid'] = (int) $parameters['fid']; if ($parameters['fid'] > 0) { $fid_list[$parameters['fid']] = $parameters['fid']; } $user_activity['activity'] = "newthread"; $user_activity['fid'] = $parameters['fid']; break; case "online": if (!isset($parameters['action'])) { $parameters['action'] = ''; } if ($parameters['action'] == "today") { $user_activity['activity'] = "woltoday"; } else { $user_activity['activity'] = "wol"; } break; case "polls": if (!isset($parameters['action'])) { $parameters['action'] = ''; } // Make the "do" parts the same as the other one. if ($parameters['action'] == "do_newpoll") { $user_activity['activity'] = "newpoll"; } elseif ($parameters['action'] == "do_editpoll") { $user_activity['activity'] = "editpoll"; } else { $accepted_parameters = array("do_editpoll", "editpoll", "newpoll", "do_newpoll", "showresults", "vote"); foreach ($accepted_parameters as $action) { if ($parameters['action'] == $action) { $user_activity['activity'] = $action; break; } } if (!$user_activity['activity']) { $user_activity['activity'] = "showresults"; } } break; case "printthread": if (!isset($parameters['tid'])) { $parameters['tid'] = 0; } $parameters['tid'] = (int) $parameters['tid']; if ($parameters['tid'] > 0) { $tid_list[$parameters['tid']] = $parameters['tid']; } $user_activity['activity'] = "printthread"; $user_activity['tid'] = $parameters['tid']; break; case "private": if (!isset($parameters['action'])) { $parameters['action'] = ''; } if ($parameters['action'] == "send" || $parameters['action'] == "do_send") { $user_activity['activity'] = "private_send"; } elseif ($parameters['action'] == "read") { $user_activity['activity'] = "private_read"; } elseif ($parameters['action'] == "folders" || $parameters['action'] == "do_folders") { $user_activity['activity'] = "private_folders"; } else { $user_activity['activity'] = "private"; } break; case "ratethread": $user_activity['activity'] = "ratethread"; break; case "report": $user_activity['activity'] = "report"; break; case "reputation": if (!isset($parameters['uid'])) { $parameters['uid'] = 0; } $parameters['uid'] = (int) $parameters['uid']; if ($parameters['uid'] > 0) { $uid_list[$parameters['uid']] = $parameters['uid']; } $user_activity['uid'] = $parameters['uid']; if ($parameters['action'] == "add") { $user_activity['activity'] = "reputation"; } else { $user_activity['activity'] = "reputation_report"; } break; case "search": $user_activity['activity'] = "search"; break; case "sendthread": if (!isset($parameters['tid'])) { $parameters['tid'] = 0; } $parameters['tid'] = (int) $parameters['tid']; if ($parameters['tid'] > 0) { $tid_list[$parameters['tid']] = $parameters['tid']; } $user_activity['activity'] = "sendthread"; $user_activity['tid'] = $parameters['tid']; break; case "showteam": $user_activity['activity'] = "showteam"; break; case "showthread": if (!isset($parameters['action'])) { $parameters['action'] = 0; } if (!isset($parameters['pid'])) { $parameters['pid'] = 0; } $parameters['pid'] = (int) $parameters['pid']; if ($parameters['pid'] > 0 && $parameters['action'] == "showpost") { $pid_list[$parameters['pid']] = $parameters['pid']; $user_activity['activity'] = "showpost"; $user_activity['pid'] = $parameters['pid']; } else { if (!isset($parameters['page'])) { $parameters['page'] = 0; } $parameters['page'] = (int) $parameters['page']; $user_activity['page'] = $parameters['page']; if (!isset($parameters['tid'])) { $parameters['tid'] = 0; } $parameters['tid'] = (int) $parameters['tid']; if ($parameters['tid'] > 0) { $tid_list[$parameters['tid']] = $parameters['tid']; } $user_activity['activity'] = "showthread"; $user_activity['tid'] = $parameters['tid']; } break; case "stats": $user_activity['activity'] = "stats"; break; case "usercp": if (!isset($parameters['action'])) { $parameters['action'] = ''; } if ($parameters['action'] == "profile" || $parameters['action'] == "do_profile") { $user_activity['activity'] = "usercp_profile"; } elseif ($parameters['action'] == "options" || $parameters['action'] == "do_options") { $user_activity['activity'] = "usercp_options"; } elseif ($parameters['action'] == "password" || $parameters['action'] == "do_password") { $user_activity['activity'] = "usercp_password"; } elseif ($parameters['action'] == "editsig" || $parameters['action'] == "do_editsig") { $user_activity['activity'] = "usercp_editsig"; } elseif ($parameters['action'] == "avatar" || $parameters['action'] == "do_avatar") { $user_activity['activity'] = "usercp_avatar"; } elseif ($parameters['action'] == "editlists" || $parameters['action'] == "do_editlists") { $user_activity['activity'] = "usercp_editlists"; } elseif ($parameters['action'] == "favorites") { $user_activity['activity'] = "usercp_favorites"; } elseif ($parameters['action'] == "subscriptions") { $user_activity['activity'] = "usercp_subscriptions"; } elseif ($parameters['action'] == "notepad" || $parameters['action'] == "do_notepad") { $user_activity['activity'] = "usercp_notepad"; } else { $user_activity['activity'] = "usercp"; } break; case "usercp2": if (!isset($parameters['action'])) { $parameters['action'] = ''; } if ($parameters['action'] == "addfavorite" || $parameters['action'] == "removefavorite" || $parameters['action'] == "removefavorites") { $user_activity['activity'] = "usercp2_favorites"; } else { if ($parameters['action'] == "addsubscription" || $parameters['action'] == "do_addsubscription" || $parameters['action'] == "removesubscription" || $parameters['action'] == "removesubscriptions") { $user_activity['activity'] = "usercp2_subscriptions"; } } break; case "portal": $user_activity['activity'] = "portal"; break; case "warnings": if (!isset($parameters['action'])) { $parameters['action'] = ''; } if ($parameters['action'] == "warn" || $parameters['action'] == "do_warn") { $user_activity['activity'] = "warnings_warn"; } elseif ($parameters['action'] == "do_revoke") { $user_activity['activity'] = "warnings_revoke"; } elseif ($parameters['action'] == "view") { $user_activity['activity'] = "warnings_view"; } else { $user_activity['activity'] = "warnings"; } break; case "nopermission": $user_activity['activity'] = "nopermission"; $user_activity['nopermission'] = 1; break; default: $user_activity['activity'] = "unknown"; break; } // Expects $location to be passed through already sanitized $user_activity['location'] = $location; $user_activity = $plugins->run_hooks("fetch_wol_activity_end", $user_activity); return $user_activity; }
/** * creates the items head * * @access private * @param string $itemID the current item * @return string the item head (html) */ function getItemHead($itemID) { $mode = $this->getInstance($itemID); if ($this->itemID == $itemID) { # $group = new EvaluationGroup($itemID); $head = " "; if ($this->tree->tree_data[$itemID]['name'] == "" && $mode == QUESTION_BLOCK) { $head .= NO_QUESTION_GROUP_TITLE; } else { $head .= htmlready(my_substr($this->tree->tree_data[$itemID]['name'], 0, 60)); } } else { if ($mode == QUESTION_BLOCK) { $group =& $this->tree->getGroupObject($itemID); $templateID = $group->getTemplateID(); if ($templateID) { $template = new EvaluationQuestion($templateID); $templateTitle = htmlReady($template->getText()); } else { $templateTitle = NO_TEMPLATE_GROUP; } if ($templateTitle == "") { $templateTitle = NO_TEMPLATE; } $template = " </td>\n" . " <td align=\"right\" valign=\"bottom\" " . "class=\"printhead\" nowrap=\"nowrap\">\n" . "<b>" . _("Vorlage") . ": " . $templateTitle . "</b> "; } $head = " <a class=\"tree\" href=\"" . URLHelper::getLink($this->getSelf("itemID={$itemID}", false)) . "\"" . tooltip(_("Diesen Block öffnen"), true) . ">"; if ($this->tree->tree_data[$itemID]['name'] == "" && $mode == QUESTION_BLOCK) { $head .= NO_QUESTION_GROUP_TITLE; } else { $head .= htmlready(my_substr($this->tree->tree_data[$itemID]['name'], 0, 60)); } $head .= "</a>"; if ($template) { $head .= $template; } } if ($itemID == ROOT_BLOCK) { $itemID2 = $this->evalID; } else { $itemID2 = $itemID; } // the "verschiebäfinger" if ($this->moveItemID && $this->tree->tree_data[$itemID]['parent_id'] != $this->moveItemID && ($mode == ARRANGMENT_BLOCK || $itemID == ROOT_BLOCK) && $this->moveItemID != $itemID2) { $parentID = $this->tree->tree_data[$itemID]['parent_id']; if (!$parentID) { $parentID = ROOT_BLOCK; } while ($parentID != ROOT_BLOCK && $parentID != $this->moveItemID) { $parentID = $this->tree->tree_data[$parentID]['parent_id']; if ($parentID == $this->moveItemID) { $moveItemIsParent = 1; } } $moveItem = " </td>\n" . " <td align=\"right\" valign=\"middle\" class=\"printhead\" nowrap=\"nowrap\">\n" . $this->createLinkImage(EVAL_PIC_MOVE_GROUP, _("Den ausgwählten Block in diesen Block verschieben"), "&itemID={$itemID}&cmd=MoveGroup", NO, NULL, NO) . " "; } if ($moveItem && !$moveItemIsParent) { $move_mode = $this->getInstance($this->moveItemID); if ($mode == ARRANGMENT_BLOCK) { $group =& $this->tree->getGroupObject($itemID); if ($children = $group->getChildren()) { if ($this->getInstance($children[0]->getObjectID()) == ARRANGMENT_BLOCK) { $move_type = ARRANGMENT_BLOCK; } else { $move_type = QUESTION_BLOCK; } } else { $move_type = "both"; } } elseif ($mode == ROOT_BLOCK) { $move_type = ARRANGMENT_BLOCK; } else { $move_type = "no"; } if ($move_type == "both" || $move_mode == $move_type) { $head .= $moveItem; } } if (!($this->tree->isFirstKid($itemID) && $this->tree->isLastKid($itemID)) && $itemID != $this->startItemID && $this->tree->tree_data[$itemID]['parent_id'] == $this->startItemID) { $head .= " </td>\n" . " <td align=\"right\" valign=\"bottom\" class=\"printhead\" nowrap=\"nowrap\">\n" . $this->createLinkImage(EVAL_PIC_MOVE_UP, _("Block nach oben verschieben"), "cmd=Move&direction=up&groupID={$itemID}", NO) . $this->createLinkImage(EVAL_PIC_MOVE_DOWN, _("Block nach unten verschieben"), "cmd=Move&direction=down&groupID={$itemID}", NO) . " "; } return $head; }
/** * Initialize a session */ function init() { global $db, $mybb, $cache; // Get our visitor's IP. $this->ipaddress = get_ip(); // Find out the user agent. $this->useragent = $_SERVER['HTTP_USER_AGENT']; if (my_strlen($this->useragent) > 100) { $this->useragent = my_substr($this->useragent, 0, 100); } // Attempt to find a session id in the cookies. if (isset($mybb->cookies['sid'])) { $this->sid = $db->escape_string($mybb->cookies['sid']); // Load the session $query = $db->simple_select("sessions", "*", "sid='{$this->sid}' AND ip='" . $db->escape_string($this->ipaddress) . "'", array('limit' => 1)); $session = $db->fetch_array($query); if ($session['sid']) { $this->sid = $session['sid']; $this->uid = $session['uid']; } else { $this->sid = 0; $this->uid = 0; $this->logins = 1; $this->failedlogin = 0; } } // Still no session, fall back if (!$this->sid) { $this->sid = 0; $this->uid = 0; $this->logins = 1; $this->failedlogin = 0; } // If we have a valid session id and user id, load that users session. if ($mybb->cookies['mybbuser']) { $logon = explode("_", $mybb->cookies['mybbuser'], 2); $this->load_user($logon[0], $logon[1]); } // If no user still, then we have a guest. if (!isset($mybb->user['uid'])) { // Detect if this guest is a search engine spider. (bots don't get a cookied session ID so we first see if that's set) if (!$this->sid) { $spiders = $cache->read("spiders"); if (is_array($spiders)) { foreach ($spiders as $spider) { if (my_strpos(my_strtolower($this->useragent), my_strtolower($spider['useragent'])) !== false) { $this->load_spider($spider['sid']); } } } } // Still nothing? JUST A GUEST! if (!$this->is_spider) { $this->load_guest(); } } // As a token of our appreciation for getting this far (and they aren't a spider), give the user a cookie if ($this->sid && $mybb->cookies['sid'] != $this->sid && $this->is_spider != true) { my_setcookie("sid", $this->sid, -1, true); } }
} } } } if ($forum['allowpicons'] != 0) { $posticons = get_post_icons(); } // No subject? if (!isset($subject)) { if (!empty($mybb->input['subject'])) { $subject = $mybb->get_input('subject'); } else { $subject = $thread['subject']; // Subject too long? Shorten it to avoid error message if (my_strlen($subject) > 85) { $subject = my_substr($subject, 0, 82) . '...'; } $subject = "RE: " . $subject; } } // Preview a post that was written. $preview = ''; if (!empty($mybb->input['previewpost'])) { // If this isn't a logged in user, then we need to do some special validation. if ($mybb->user['uid'] == 0) { // If they didn't specify a username then give them "Guest" if (!$mybb->get_input('username')) { $username = $lang->guest; } else { $username = $mybb->get_input('username'); }
$thread['displayprefix'] = ''; if ($thread['prefix'] != 0) { $threadprefix = build_prefixes($thread['prefix']); if ($threadprefix['prefix']) { $thread['threadprefix'] = $threadprefix['prefix'] . ' '; $thread['displayprefix'] = $threadprefix['displaystyle'] . ' '; } } if (substr($thread['closed'], 0, 6) == "moved|") { $thread['tid'] = 0; } $reply_subject = $parser->parse_badwords($thread['subject']); $thread['subject'] = htmlspecialchars_uni($reply_subject); // Subject too long? Shorten it to avoid error message if (my_strlen($reply_subject) > 85) { $reply_subject = my_substr($reply_subject, 0, 82) . '...'; } $reply_subject = htmlspecialchars_uni($reply_subject); $tid = $thread['tid']; $fid = $thread['fid']; if (!$thread['username']) { $thread['username'] = $lang->guest; } $visibleonly = "AND visible='1'"; $visibleonly2 = "AND p.visible='1' AND t.visible='1'"; // Is the currently logged in user a moderator of this forum? if (is_moderator($fid)) { $visibleonly = " AND (visible='1' OR visible='0')"; $visibleonly2 = "AND (p.visible='1' OR p.visible='0') AND (t.visible='1' OR t.visible='0')"; $ismod = true; } else {
/** * @param array $view * * @return string */ function build_users_view($view) { global $mybb, $db, $cache, $lang, $user_view_fields, $page; $view_title = ''; if ($view['title']) { $title_string = "view_title_{$view['vid']}"; if ($lang->{$title_string}) { $view['title'] = $lang->{$title_string}; } $view_title .= " (" . htmlspecialchars_uni($view['title']) . ")"; } // Build the URL to this view if (!isset($view['url'])) { $view['url'] = "index.php?module=user-users"; } if (!is_array($view['conditions'])) { $view['conditions'] = my_unserialize($view['conditions']); } if (!is_array($view['fields'])) { $view['fields'] = my_unserialize($view['fields']); } if (!is_array($view['custom_profile_fields'])) { $view['custom_profile_fields'] = my_unserialize($view['custom_profile_fields']); } if (isset($mybb->input['username'])) { $view['conditions']['username'] = $mybb->input['username']; } if ($view['vid']) { $view['url'] .= "&vid={$view['vid']}"; } else { // If this is a custom view we need to save everything ready to pass it on from page to page global $admin_session; if (!$mybb->input['search_id']) { $search_id = md5(random_str()); $admin_session['data']['user_views'][$search_id] = $view; update_admin_session('user_views', $admin_session['data']['user_views']); $mybb->input['search_id'] = $search_id; } $view['url'] .= "&search_id=" . htmlspecialchars_uni($mybb->input['search_id']); } if (isset($mybb->input['username'])) { $view['url'] .= "&username="******"&", "&", $view['url'])) { update_admin_session('last_users_url', str_replace("&", "&", $view['url'])); } if (isset($view['conditions']['referrer'])) { $view['url'] .= "&action=referrers&uid=" . htmlspecialchars_uni($view['conditions']['referrer']); } // Do we not have any views? if (empty($view)) { return false; } $table = new Table(); // Build header for table based view if ($view['view_type'] != "card") { foreach ($view['fields'] as $field) { if (!$user_view_fields[$field]) { continue; } $view_field = $user_view_fields[$field]; $field_options = array(); if ($view_field['width']) { $field_options['width'] = $view_field['width']; } if ($view_field['align']) { $field_options['class'] = "align_" . $view_field['align']; } $table->construct_header($view_field['title'], $field_options); } $table->construct_header("<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this);\" />"); // Create a header for the "select" boxes } $search_sql = '1=1'; // Build the search SQL for users // List of valid LIKE search fields $user_like_fields = array("username", "email", "website", "icq", "aim", "yahoo", "skype", "google", "signature", "usertitle"); foreach ($user_like_fields as $search_field) { if (!empty($view['conditions'][$search_field]) && !$view['conditions'][$search_field . '_blank']) { $search_sql .= " AND u.{$search_field} LIKE '%" . $db->escape_string_like($view['conditions'][$search_field]) . "%'"; } else { if (!empty($view['conditions'][$search_field . '_blank'])) { $search_sql .= " AND u.{$search_field} != ''"; } } } // EXACT matching fields $user_exact_fields = array("referrer"); foreach ($user_exact_fields as $search_field) { if (!empty($view['conditions'][$search_field])) { $search_sql .= " AND u.{$search_field}='" . $db->escape_string($view['conditions'][$search_field]) . "'"; } } // LESS THAN or GREATER THAN $direction_fields = array("postnum", "threadnum"); foreach ($direction_fields as $search_field) { $direction_field = $search_field . "_dir"; if (isset($view['conditions'][$search_field]) && ($view['conditions'][$search_field] || $view['conditions'][$search_field] === '0') && $view['conditions'][$direction_field]) { switch ($view['conditions'][$direction_field]) { case "greater_than": $direction = ">"; break; case "less_than": $direction = "<"; break; default: $direction = "="; } $search_sql .= " AND u.{$search_field}{$direction}'" . $db->escape_string($view['conditions'][$search_field]) . "'"; } } // Registration searching $reg_fields = array("regdate"); foreach ($reg_fields as $search_field) { if (!empty($view['conditions'][$search_field]) && (int) $view['conditions'][$search_field]) { $threshold = TIME_NOW - (int) $view['conditions'][$search_field] * 24 * 60 * 60; $search_sql .= " AND u.{$search_field} >= '{$threshold}'"; } } // IP searching $ip_fields = array("regip", "lastip"); foreach ($ip_fields as $search_field) { if (!empty($view['conditions'][$search_field])) { $ip_range = fetch_ip_range($view['conditions'][$search_field]); if (!is_array($ip_range)) { $ip_sql = "{$search_field}=" . $db->escape_binary($ip_range); } else { $ip_sql = "{$search_field} BETWEEN " . $db->escape_binary($ip_range[0]) . " AND " . $db->escape_binary($ip_range[1]); } $search_sql .= " AND {$ip_sql}"; } } // Post IP searching if (!empty($view['conditions']['postip'])) { $ip_range = fetch_ip_range($view['conditions']['postip']); if (!is_array($ip_range)) { $ip_sql = "ipaddress=" . $db->escape_binary($ip_range); } else { $ip_sql = "ipaddress BETWEEN " . $db->escape_binary($ip_range[0]) . " AND " . $db->escape_binary($ip_range[1]); } $ip_uids = array(0); $query = $db->simple_select("posts", "uid", $ip_sql); while ($uid = $db->fetch_field($query, "uid")) { $ip_uids[] = $uid; } $search_sql .= " AND u.uid IN(" . implode(',', $ip_uids) . ")"; unset($ip_uids); } // Custom Profile Field searching if ($view['custom_profile_fields']) { $userfield_sql = '1=1'; foreach ($view['custom_profile_fields'] as $column => $input) { if (is_array($input)) { foreach ($input as $value => $text) { if ($value == $column) { $value = $text; } if ($value == $lang->na) { continue; } if (strpos($column, '_blank') !== false) { $column = str_replace('_blank', '', $column); $userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''"; } else { $userfield_sql .= ' AND ' . $db->escape_string($column) . "='" . $db->escape_string($value) . "'"; } } } else { if (!empty($input)) { if ($input == $lang->na) { continue; } if (strpos($column, '_blank') !== false) { $column = str_replace('_blank', '', $column); $userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''"; } else { $userfield_sql .= ' AND ' . $db->escape_string($column) . " LIKE '%" . $db->escape_string_like($input) . "%'"; } } } } if ($userfield_sql != '1=1') { $userfield_uids = array(0); $query = $db->simple_select("userfields", "ufid", $userfield_sql); while ($userfield = $db->fetch_array($query)) { $userfield_uids[] = $userfield['ufid']; } $search_sql .= " AND u.uid IN(" . implode(',', $userfield_uids) . ")"; unset($userfield_uids); } } // Usergroup based searching if (isset($view['conditions']['usergroup'])) { if (!is_array($view['conditions']['usergroup'])) { $view['conditions']['usergroup'] = array($view['conditions']['usergroup']); } foreach ($view['conditions']['usergroup'] as $usergroup) { $usergroup = (int) $usergroup; if (!$usergroup) { continue; } $additional_sql = ''; switch ($db->type) { case "pgsql": case "sqlite": $additional_sql .= " OR ','||additionalgroups||',' LIKE '%,{$usergroup},%'"; break; default: $additional_sql .= "OR CONCAT(',',additionalgroups,',') LIKE '%,{$usergroup},%'"; } } $search_sql .= " AND (u.usergroup IN (" . implode(",", array_map('intval', $view['conditions']['usergroup'])) . ") {$additional_sql})"; } // COPPA users only? if (isset($view['conditions']['coppa'])) { $search_sql .= " AND u.coppauser=1 AND u.usergroup=5"; } // Extra SQL? if (isset($view['extra_sql'])) { $search_sql .= $view['extra_sql']; } // Lets fetch out how many results we have $query = $db->query("\n\t\tSELECT COUNT(u.uid) AS num_results\n\t\tFROM " . TABLE_PREFIX . "users u\n\t\tWHERE {$search_sql}\n\t"); $num_results = $db->fetch_field($query, "num_results"); // No matching results then return false if (!$num_results) { return false; } else { if (!$view['perpage']) { $view['perpage'] = 20; } $view['perpage'] = (int) $view['perpage']; // Establish which page we're viewing and the starting index for querying if (!isset($mybb->input['page'])) { $mybb->input['page'] = 1; } else { $mybb->input['page'] = $mybb->get_input('page', MyBB::INPUT_INT); } if ($mybb->input['page']) { $start = ($mybb->input['page'] - 1) * $view['perpage']; } else { $start = 0; $mybb->input['page'] = 1; } $from_bit = ""; if (isset($mybb->input['from']) && $mybb->input['from'] == "home") { $from_bit = "&from=home"; } switch ($view['sortby']) { case "regdate": case "lastactive": case "postnum": case "reputation": $view['sortby'] = $db->escape_string($view['sortby']); break; case "numposts": $view['sortby'] = "postnum"; break; case "numthreads": $view['sortby'] = "threadnum"; break; case "warninglevel": $view['sortby'] = "warningpoints"; break; default: $view['sortby'] = "username"; } if ($view['sortorder'] != "desc") { $view['sortorder'] = "asc"; } $usergroups = $cache->read("usergroups"); // Fetch matching users $query = $db->query("\n\t\t\tSELECT u.*\n\t\t\tFROM " . TABLE_PREFIX . "users u\n\t\t\tWHERE {$search_sql}\n\t\t\tORDER BY {$view['sortby']} {$view['sortorder']}\n\t\t\tLIMIT {$start}, {$view['perpage']}\n\t\t"); $users = ''; while ($user = $db->fetch_array($query)) { $comma = $groups_list = ''; $user['view']['username'] = "******"index.php?module=user-users&action=edit&uid={$user['uid']}\">" . format_name($user['username'], $user['usergroup'], $user['displaygroup']) . "</a>"; $user['view']['usergroup'] = htmlspecialchars_uni($usergroups[$user['usergroup']]['title']); if ($user['additionalgroups']) { $additional_groups = explode(",", $user['additionalgroups']); foreach ($additional_groups as $group) { $groups_list .= $comma . htmlspecialchars_uni($usergroups[$group]['title']); $comma = $lang->comma; } } if (!$groups_list) { $groups_list = $lang->none; } $user['view']['additionalgroups'] = "<small>{$groups_list}</small>"; $user['view']['email'] = "<a href=\"mailto:" . htmlspecialchars_uni($user['email']) . "\">" . htmlspecialchars_uni($user['email']) . "</a>"; $user['view']['regdate'] = my_date('relative', $user['regdate']); $user['view']['lastactive'] = my_date('relative', $user['lastactive']); // Build popup menu $popup = new PopupMenu("user_{$user['uid']}", $lang->options); $popup->add_item($lang->view_profile, $mybb->settings['bburl'] . '/' . get_profile_link($user['uid'])); $popup->add_item($lang->edit_profile_and_settings, "index.php?module=user-users&action=edit&uid={$user['uid']}"); // Banning options... is this user banned? if ($usergroups[$user['usergroup']]['isbannedgroup'] == 1) { // Yes, so do we want to edit the ban or pardon his crime? $popup->add_item($lang->edit_ban, "index.php?module=user-banning&uid={$user['uid']}#username"); $popup->add_item($lang->lift_ban, "index.php?module=user-banning&action=lift&uid={$user['uid']}&my_post_key={$mybb->post_code}"); } else { // Not banned... but soon maybe! $popup->add_item($lang->ban_user, "index.php?module=user-banning&uid={$user['uid']}#username"); } if ($user['usergroup'] == 5) { if ($user['coppauser']) { $popup->add_item($lang->approve_coppa_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}"); } else { $popup->add_item($lang->approve_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}"); } } $popup->add_item($lang->delete_user, "index.php?module=user-users&action=delete&uid={$user['uid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->user_deletion_confirmation}')"); $popup->add_item($lang->show_referred_users, "index.php?module=user-users&action=referrers&uid={$user['uid']}"); $popup->add_item($lang->show_ip_addresses, "index.php?module=user-users&action=ipaddresses&uid={$user['uid']}"); $popup->add_item($lang->show_attachments, "index.php?module=forum-attachments&results=1&username="******"-"; } if ($mybb->settings['enablewarningsystem'] != 0 && $usergroups[$user['usergroup']]['canreceivewarnings'] != 0) { if ($mybb->settings['maxwarningpoints'] < 1) { $mybb->settings['maxwarningpoints'] = 10; } $warning_level = round($user['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100); if ($warning_level > 100) { $warning_level = 100; } $user['view']['warninglevel'] = get_colored_warning_level($warning_level); } if ($user['avatar'] && my_substr($user['avatar'], 0, 7) !== 'http://' && my_substr($user['avatar'], 0, 8) !== 'https://') { $user['avatar'] = "../{$user['avatar']}"; } if ($view['view_type'] == "card") { $scaled_avatar = fetch_scaled_avatar($user, 80, 80); } else { $scaled_avatar = fetch_scaled_avatar($user, 34, 34); } if (!$user['avatar']) { $user['avatar'] = "../" . $mybb->settings['useravatar']; } $user['view']['avatar'] = "<img src=\"" . htmlspecialchars_uni($user['avatar']) . "\" alt=\"\" width=\"{$scaled_avatar['width']}\" height=\"{$scaled_avatar['height']}\" />"; // Convert IP's to readable $user['regip'] = my_inet_ntop($db->unescape_binary($user['regip'])); $user['lastip'] = my_inet_ntop($db->unescape_binary($user['lastip'])); if ($view['view_type'] == "card") { $users .= build_user_view_card($user, $view, $i); } else { build_user_view_table($user, $view, $table); } } // If card view, we need to output the results if ($view['view_type'] == "card") { $table->construct_cell($users); $table->construct_row(); } } if (!isset($view['table_id'])) { $view['table_id'] = "users_list"; } $switch_view = "<div class=\"float_right\">"; $switch_url = $view['url']; if ($mybb->input['page'] > 0) { $switch_url .= "&page=" . $mybb->get_input('page', MyBB::INPUT_INT); } if ($view['view_type'] != "card") { $switch_view .= "<strong>{$lang->table_view}</strong> | <a href=\"{$switch_url}&type=card\" style=\"font-weight: normal;\">{$lang->card_view}</a>"; } else { $switch_view .= "<a href=\"{$switch_url}&type=table\" style=\"font-weight: normal;\">{$lang->table_view}</a> | <strong>{$lang->card_view}</strong>"; } $switch_view .= "</div>"; // Do we need to construct the pagination? if ($num_results > $view['perpage']) { $pagination = draw_admin_pagination($mybb->input['page'], $view['perpage'], $num_results, $view['url'] . "&type={$view['view_type']}"); $search_class = "float_right"; $search_style = ""; } else { $search_class = ''; $search_style = "text-align: right;"; } $search_action = $view['url']; // stop &username= in the query string if ($view_upos = strpos($search_action, '&username='******'post', 'search_form', 0, '', true); $built_view = $search->construct_return; $built_view .= "<div class=\"{$search_class}\" style=\"padding-bottom: 3px; margin-top: -9px; {$search_style}\">"; $built_view .= $search->generate_hidden_field('action', 'search') . "\n"; if (isset($view['conditions']['username'])) { $default_class = ''; $value = $view['conditions']['username']; } else { $default_class = "search_default"; $value = $lang->search_for_user; } $built_view .= $search->generate_text_box('username', $value, array('id' => 'search_keywords', 'class' => "{$default_class} field150 field_small")) . "\n"; $built_view .= "<input type=\"submit\" class=\"search_button\" value=\"{$lang->search}\" />\n"; if ($view['popup']) { $built_view .= " <div style=\"display: inline\">{$view['popup']}</div>\n"; } $built_view .= "<script type=\"text/javascript\">\n\t\tvar form = \$(\"#search_form\");\n\t\tform.submit(function() {\n\t\t\tvar search = \$('#search_keywords');\n\t\t\tif(search.val() == '' || search.val() == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\tsearch.focus();\n\t\t\t\treturn false;\n\t\t\t}\n\t\t});\n\n\t\tvar search = \$(\"#search_keywords\");\n\t\tsearch.focus(function()\n\t\t{\n\t\t\tvar searched_focus = \$(this);\n\t\t\tif(searched_focus.val() == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\tsearched_focus.removeClass(\"search_default\");\n\t\t\t\tsearched_focus.val(\"\");\n\t\t\t}\n\t\t});\n\n\t\tsearch.blur(function()\n\t\t{\n\t\t\tvar searched_blur = \$(this);\n\t\t\tif(searched_blur.val() == \"\")\n\t\t\t{\n\t\t\t\tsearched_blur.addClass('search_default');\n\t\t\t\tsearched_blur.val('" . addcslashes($lang->search_for_user, "'") . "');\n\t\t\t}\n\t\t});\n\n\t\t// fix the styling used if we have a different default value\n\t\tif(search.val() != '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t{\n\t\t\t\$(search).removeClass('search_default');\n\t\t}\n\t\t</script>\n"; $built_view .= "</div>\n"; // Autocompletion for usernames // TODO Select2 $built_view .= $search->end(); if (isset($pagination)) { $built_view .= $pagination; } if ($view['view_type'] != "card") { $checkbox = ''; } else { $checkbox = "<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this)\" /> "; } $built_view .= $table->construct_html("{$switch_view}<div>{$checkbox}{$lang->users}{$view_title}</div>", 1, "", $view['table_id']); if (isset($pagination)) { $built_view .= $pagination; } $built_view .= ' <script type="text/javascript" src="' . $mybb->settings['bburl'] . '/jscripts/inline_moderation.js?ver=1800"></script> <form action="index.php?module=user-users" method="post"> <input type="hidden" name="my_post_key" value="' . $mybb->post_code . '" /> <input type="hidden" name="action" value="inline_edit" /> <div class="float_right"><span class="smalltext"><strong>' . $lang->inline_edit . '</strong></span> <select name="inline_action"> <option value="multiactivate">' . $lang->inline_activate . '</option> <option value="multiban">' . $lang->inline_ban . '</option> <option value="multiusergroup">' . $lang->inline_usergroup . '</option> <option value="multidelete">' . $lang->inline_delete . '</option> <option value="multiprune">' . $lang->inline_prune . '</option> </select> <input type="submit" class="submit_button inline_element" name="go" value="' . $lang->go . ' (0)" id="inline_go" /> <input type="button" onclick="javascript:inlineModeration.clearChecked();" value="' . $lang->clear . '" class="submit_button inline_element" /> </div> </form> <br style="clear: both;" /> <script type="text/javascript"> <!-- var go_text = "' . $lang->go . '"; var all_text = "1"; var inlineType = "user"; var inlineId = "acp"; // --> </script>'; return $built_view; }
/** * How do we want to name the admin user? */ function create_admin_user() { global $output, $mybb, $errors, $db, $lang; $mybb->input['action'] = "adminuser"; // If no errors then check for errors from last step if (!is_array($errors)) { if (empty($mybb->input['bburl'])) { $errors[] = $lang->config_step_error_url; } if (empty($mybb->input['bbname'])) { $errors[] = $lang->config_step_error_name; } if (is_array($errors)) { configure(); } } $output->print_header($lang->create_admin, 'admin'); echo <<<EOF \t\t<script type="text/javascript">\t \t\tfunction comparePass() \t\t{ \t\t\tvar parenttr = \$('#adminpass2').closest('tr'); \t\t\tvar passval = \$('#adminpass2').val(); \t\t\tif(passval && passval != \$('#adminpass').val()) \t\t\t{ \t\t\t\tif(!parenttr.next('.pass_peeker').length) \t\t\t\t{ \t\t\t\t\tparenttr.removeClass('last').after('<tr class="pass_peeker"><td colspan="2">{$lang->admin_step_nomatch}</td></tr>'); \t\t\t\t} \t\t\t} else { \t\t\t\tparenttr.addClass('last').next('.pass_peeker').remove(); \t\t\t} \t\t} \t\t</script> \t\t EOF; if (is_array($errors)) { $error_list = error_list($errors); echo $lang->sprintf($lang->admin_step_error_config, $error_list); $adminuser = $mybb->get_input('adminuser'); $adminemail = $mybb->get_input('adminemail'); } else { require MYBB_ROOT . 'inc/config.php'; $db = db_connection($config); echo $lang->admin_step_setupsettings; $adminuser = $adminemail = ''; $settings = file_get_contents(INSTALL_ROOT . 'resources/settings.xml'); $parser = new XMLParser($settings); $parser->collapse_dups = 0; $tree = $parser->get_tree(); $groupcount = $settingcount = 0; // Insert all the settings foreach ($tree['settings'][0]['settinggroup'] as $settinggroup) { $groupdata = array('name' => $db->escape_string($settinggroup['attributes']['name']), 'title' => $db->escape_string($settinggroup['attributes']['title']), 'description' => $db->escape_string($settinggroup['attributes']['description']), 'disporder' => (int) $settinggroup['attributes']['disporder'], 'isdefault' => $settinggroup['attributes']['isdefault']); $gid = $db->insert_query('settinggroups', $groupdata); ++$groupcount; foreach ($settinggroup['setting'] as $setting) { $settingdata = array('name' => $db->escape_string($setting['attributes']['name']), 'title' => $db->escape_string($setting['title'][0]['value']), 'description' => $db->escape_string($setting['description'][0]['value']), 'optionscode' => $db->escape_string($setting['optionscode'][0]['value']), 'value' => $db->escape_string($setting['settingvalue'][0]['value']), 'disporder' => (int) $setting['disporder'][0]['value'], 'gid' => $gid, 'isdefault' => 1); $db->insert_query('settings', $settingdata); $settingcount++; } } if (my_substr($mybb->get_input('bburl'), -1, 1) == '/') { $mybb->input['bburl'] = my_substr($mybb->get_input('bburl'), 0, -1); } $db->update_query("settings", array('value' => $db->escape_string($mybb->get_input('bbname'))), "name='bbname'"); $db->update_query("settings", array('value' => $db->escape_string($mybb->get_input('bburl'))), "name='bburl'"); $db->update_query("settings", array('value' => $db->escape_string($mybb->get_input('websitename'))), "name='homename'"); $db->update_query("settings", array('value' => $db->escape_string($mybb->get_input('websiteurl'))), "name='homeurl'"); $db->update_query("settings", array('value' => $db->escape_string($mybb->get_input('cookiedomain'))), "name='cookiedomain'"); $db->update_query("settings", array('value' => $db->escape_string($mybb->get_input('cookiepath'))), "name='cookiepath'"); $db->update_query("settings", array('value' => $db->escape_string($mybb->get_input('contactemail'))), "name='adminemail'"); $db->update_query("settings", array('value' => 'contact.php'), "name='contactlink'"); write_settings(); echo $lang->sprintf($lang->admin_step_insertesettings, $settingcount, $groupcount); // Save the acp pin $pin = addslashes($mybb->get_input('pin')); $file = @fopen(MYBB_ROOT . "inc/config.php", "a"); @fwrite($file, "/**\n * Admin CP Secret PIN\n * If you wish to request a PIN\n * when someone tries to login\n * on your Admin CP, enter it below.\n */\n\n\$config['secret_pin'] = '{$pin}';"); @fclose($file); include_once MYBB_ROOT . "inc/functions_task.php"; $tasks = file_get_contents(INSTALL_ROOT . 'resources/tasks.xml'); $parser = new XMLParser($tasks); $parser->collapse_dups = 0; $tree = $parser->get_tree(); $taskcount = 0; // Insert scheduled tasks foreach ($tree['tasks'][0]['task'] as $task) { $new_task = array('title' => $db->escape_string($task['title'][0]['value']), 'description' => $db->escape_string($task['description'][0]['value']), 'file' => $db->escape_string($task['file'][0]['value']), 'minute' => $db->escape_string($task['minute'][0]['value']), 'hour' => $db->escape_string($task['hour'][0]['value']), 'day' => $db->escape_string($task['day'][0]['value']), 'weekday' => $db->escape_string($task['weekday'][0]['value']), 'month' => $db->escape_string($task['month'][0]['value']), 'enabled' => $db->escape_string($task['enabled'][0]['value']), 'logging' => $db->escape_string($task['logging'][0]['value'])); $new_task['nextrun'] = fetch_next_run($new_task); $db->insert_query("tasks", $new_task); $taskcount++; } // For the version check task, set a random date and hour (so all MyBB installs don't query mybb.com all at the same time) $update_array = array('hour' => rand(0, 23), 'weekday' => rand(0, 6)); $db->update_query("tasks", $update_array, "file = 'versioncheck'"); echo $lang->sprintf($lang->admin_step_insertedtasks, $taskcount); $views = file_get_contents(INSTALL_ROOT . 'resources/adminviews.xml'); $parser = new XMLParser($views); $parser->collapse_dups = 0; $tree = $parser->get_tree(); $view_count = 0; // Insert admin views foreach ($tree['adminviews'][0]['view'] as $view) { $fields = array(); foreach ($view['fields'][0]['field'] as $field) { $fields[] = $field['attributes']['name']; } $conditions = array(); if (isset($view['conditions'][0]['condition']) && is_array($view['conditions'][0]['condition'])) { foreach ($view['conditions'][0]['condition'] as $condition) { if (!$condition['value']) { continue; } if ($condition['attributes']['is_serialized'] == 1) { $condition['value'] = my_unserialize($condition['value']); } $conditions[$condition['attributes']['name']] = $condition['value']; } } $custom_profile_fields = array(); if (isset($view['custom_profile_fields'][0]['field']) && is_array($view['custom_profile_fields'][0]['field'])) { foreach ($view['custom_profile_fields'][0]['field'] as $field) { $custom_profile_fields[] = $field['attributes']['name']; } } $new_view = array("uid" => 0, "type" => $db->escape_string($view['attributes']['type']), "visibility" => (int) $view['attributes']['visibility'], "title" => $db->escape_string($view['title'][0]['value']), "fields" => $db->escape_string(my_serialize($fields)), "conditions" => $db->escape_string(my_serialize($conditions)), "custom_profile_fields" => $db->escape_string(my_serialize($custom_profile_fields)), "sortby" => $db->escape_string($view['sortby'][0]['value']), "sortorder" => $db->escape_string($view['sortorder'][0]['value']), "perpage" => (int) $view['perpage'][0]['value'], "view_type" => $db->escape_string($view['view_type'][0]['value'])); $db->insert_query("adminviews", $new_view); $view_count++; } echo $lang->sprintf($lang->admin_step_insertedviews, $view_count); echo $lang->admin_step_createadmin; } echo $lang->sprintf($lang->admin_step_admintable, $adminuser, $adminemail); $output->print_footer('final'); }
function firstpreview_pm() { global $mybb, $db, $charset, $headerinclude, $header; $header = '<div class="arrow-down"></div>' . $header; // Add jQuery and noConflict for MyBB 1.6.* $jquery = ''; $noconflict = ''; if ($mybb->version < "1.7.0") { $jquery = '<script type="text/javascript"> //<![CDATA[ if (!window.jQuery) { document.write(unescape("%3Cscript src=\\"http://code.jquery.com/jquery-latest.min.js\\" type=\\"text/javascript\\"%3E%3C/script%3E")); } //]]> </script>'; $noconflict = 'jQuery.noConflict();'; } // Background color $bg_color = '#aaaaaa'; if (isset($mybb->settings['firstpreview_bg']) && preg_match('/^#([0-9a-f]{1,6})$/i', $mybb->settings['firstpreview_bg'])) { $bg_color = htmlspecialchars_uni($mybb->settings['firstpreview_bg']); } // Close button $close_preview = '#close_preview{display:none;cursor:pointer;background:#000;color:#fff;float:right;font-size:1em;font-weight:bold;text-align:center;width:20px;height:20px;border-radius:5px}'; if (isset($mybb->settings['firstpreview_close']) && $mybb->settings['firstpreview_close'] == 1) { $close_preview = '#close_preview{cursor:pointer;background:#000;color:#fff;float:right;font-size:1em;font-weight:bold;text-align:center;width:20px;height:20px;border-radius:5px}'; } // Insert the code $headerinclude .= ' <!-- start: first_preview_plugin --> <style type="text/css"> .modal_firstpost{text-align:left;border-radius:7px;-moz-border-radius:7px;-webkit-border-radius:7px;border:1px solid ' . $bgcolor . ';display:none;position:absolute;z-index:29000;width:390px;height:180px;overflow:hidden} .fpreview{z-index:29001;width:390px;height:180px;overflow:auto;background:' . $bg_color . '} .arrow-down{display:none;position:absolute;z-index:28999;width:0;height:0;border-left:20px solid transparent;border-right:20px solid transparent;border-top:20px solid ' . $bg_color . '} .prev_content{padding:10px;height:auto;word-wrap:break-word;-webkit-hyphens:auto;-moz-hyphens:auto;-ms-hyphens:auto;-o-hyphens:auto;hyphens:auto;background:none} ' . $close_preview . ' </style> ' . $jquery . ' <script type="text/javascript"> //<![CDATA[ ' . $noconflict . ' <!-- if(use_xmlhttprequest == 1) { jQuery(document).ready(function(e){e(".pmprev").on("touchenter mouseenter",function(){id=e(this).attr("id");pmid=id.replace(/[^\\d.]/g,"");var t=e(this).offset().left;var n=e(this).offset().top-200;showPost=setTimeout(function(){e.ajax({url:"private.php?pmid="+pmid+"&firstpm=1",type:"post",complete:function(t){e(".modal_firstpost").html(t.responseText)}});e(".modal_firstpost").fadeIn("slow");e(".modal_firstpost").css("top",n);e(".modal_firstpost").css("left",t);e(".arrow-down").fadeIn("slow");e(".arrow-down").css("top",n+180);e(".arrow-down").css("left",t+20);},1500)});e(".pmprev").on("mouseleave touchleave touchend",function(){clearTimeout(showPost);});e(".modal_firstpost").on("mouseleave touchmove",function(){e(".modal_firstpost").fadeOut("slow");e(".arrow-down").fadeOut("fast")});e(".modal_firstpost").on("click", "#close_preview", function(){e(".modal_firstpost").fadeOut("slow");e(".arrow-down").fadeOut("fast")})}); } //]]> </script> <!-- end: first_preview_plugin --> '; // Get the pm preview if (isset($mybb->input['firstpm']) && $mybb->input['firstpm'] == 1 && $mybb->request_method == "post") { $pmid = (int) $mybb->input['pmid']; $query = $db->simple_select('privatemessages', '*', "pmid = '" . $pmid . "'"); $pm = $db->fetch_array($query); // Load the users own messages only if ($pm['uid'] != $mybb->user['uid']) { return; } require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject'])); $user = get_user($pm['fromid']); $idtype = 'pmid'; $parser_options['allow_html'] = $mybb->settings['pmsallowhtml']; $parser_options['allow_mycode'] = $mybb->settings['pmsallowmycode']; $parser_options['allow_smilies'] = $mybb->settings['pmsallowsmilies']; $parser_options['allow_imgcode'] = $mybb->settings['pmsallowimgcode']; $parser_options['allow_videocode'] = $mybb->settings['pmsallowvideocode']; $parser_options['me_username'] = $user['username']; $parser_options['filter_badwords'] = 1; $id = $pmid; $pm['message'] = $parser->parse_message($pm['message'], $parser_options); $pmdate = my_date($mybb->settings['dateformat'], $pm['dateline']); $pmtime = my_date($mybb->settings['timeformat'], $pm['dateline']); $pmsent = ' (' . $pmdate . ', ' . $pmtime . ')'; if (isset($mybb->settings['firstpreview_html']) && $mybb->settings['firstpreview_html'] != 1) { $pm['message'] = strip_tags($pm['message'], "<br><p><ul><ol><li>"); } if (!empty($mybb->settings['firstpreview_length']) && $mybb->settings['firstpreview_length'] != "0" && my_strlen($pm['message']) > (int) $mybb->settings['firstpreview_length']) { $pm['message'] = preg_replace("!<a([^>]+)>!isU", "", $pm['message']); $pm['message'] = str_replace("</a>", "", $pm['message']); $pm['message'] = my_substr($pm['message'], 0, (int) $mybb->settings['firstpreview_length']) . '...<p><a href="private.php?action=read&pmid=' . (int) $pm['pmid'] . '">more</a></p>'; } $preview = "<div class=\"fpreview\"><span id=\"close_preview\">❌</span>\n\t\t<div class=\"thead\" style=\"text-align:center; font-weight:bold; min-height:20px;\">" . $pm['subject'] . "</div>\n\t\t<div class=\"tcat\" style=\"padding-left:10px;\">" . build_profile_link(format_name(htmlspecialchars_uni($user['username']), (int) $user['usergroup'], (int) $user['displaygroup']), (int) $pm['fromid']) . "<span class=\"smalltext\">" . $pmsent . "</span></div>\n\t\t<div class=\"prev_content\">" . $pm['message'] . "</div>\n\t\t</div>"; header("Content-type: text/plain; charset={$charset}"); echo $preview; exit; } }
} $plugins->run_hooks("private_folders_end"); eval("\$folders = \"" . $templates->get("private_folders") . "\";"); output_page($folders); } if ($mybb->input['action'] == "do_folders" && $mybb->request_method == "post") { // Verify incoming POST request verify_post_check($mybb->get_input('my_post_key')); $plugins->run_hooks("private_do_folders_start"); $highestid = 2; $folders = ''; $donefolders = array(); $mybb->input['folder'] = $mybb->get_input('folder', MyBB::INPUT_ARRAY); foreach ($mybb->input['folder'] as $key => $val) { if (empty($donefolders[$val])) { if (my_substr($key, 0, 3) == "new") { ++$highestid; $fid = (int) $highestid; } else { if ($key > $highestid) { $highestid = $key; } $fid = (int) $key; // Use default language strings if empty or value is language string switch ($fid) { case 1: if ($val == $lang->folder_inbox || trim($val) == '') { $val = ''; } break; case 2:
function upgrade3_convertattachments() { global $db, $output; $output->print_header("Attachment Conversion to Files"); if (!$_POST['attachmentspage']) { $app = 50; } else { $app = (int) $_POST['attachmentspage']; } if ($_POST['attachmentstart']) { $startat = (int) $_POST['attachmentstart']; $upper = $startat + $app; $lower = $startat; } else { $startat = 0; $upper = $app; $lower = 1; } require_once MYBB_ROOT . "inc/settings.php"; $query = $db->simple_select("attachments", "COUNT(aid) AS attachcount"); $cnt = $db->fetch_array($query); $contents .= "<p>Converting attachments {$lower} to {$upper} (" . $cnt['attachcount'] . " Total)</p>"; echo "<p>Converting attachments {$lower} to {$upper} (" . $cnt['attachcount'] . " Total)</p>"; if ($db->field_exists("uid", TABLE_PREFIX . "attachments")) { $db->write_query("ALTER TABLE " . TABLE_PREFIX . "attachments DROP uid;"); } // Add uid column $db->write_query("ALTER TABLE " . TABLE_PREFIX . "attachments ADD uid smallint(6) NOT NULL AFTER posthash;"); if ($db->field_exists("thumbnail", TABLE_PREFIX . "attachments")) { // Drop thumbnail column $db->write_query("ALTER TABLE " . TABLE_PREFIX . "attachments DROP thumbnail"); } if ($db->field_exists("thumbnail", TABLE_PREFIX . "attachments")) { $db->write_query("ALTER TABLE " . TABLE_PREFIX . "attachments DROP thumbnail;"); } // Add thumbnail column $db->write_query("ALTER TABLE " . TABLE_PREFIX . "attachments ADD thumbnail varchar(120) NOT NULL;"); if ($db->field_exists("attachname", TABLE_PREFIX . "attachments")) { $db->write_query("ALTER TABLE " . TABLE_PREFIX . "attachments DROP attachname;"); } // Add attachname column $db->write_query("ALTER TABLE " . TABLE_PREFIX . "attachments ADD attachname varchar(120) NOT NULL AFTER filesize;"); if (!$db->field_exists("donecon", TABLE_PREFIX . "attachments")) { // Add temporary column $db->write_query("ALTER TABLE " . TABLE_PREFIX . "attachments ADD donecon smallint(1) NOT NULL;"); } $query = $db->query("\n\t\tSELECT a.*, p.uid AS puid, p.dateline \n\t\tFROM " . TABLE_PREFIX . "attachments a \n\t\tLEFT JOIN " . TABLE_PREFIX . "posts p ON (p.pid=a.pid) \n\t\tWHERE a.donecon != '1'\n\t\tORDER BY a.aid ASC LIMIT {$app}\n\t"); while ($attachment = $db->fetch_array($query)) { $filename = "post_" . $attachment['puid'] . "_" . $attachment['dateline'] . $attachment['aid'] . ".attach"; $ext = my_strtolower(my_substr(strrchr($attachment['filename'], "."), 1)); $fp = fopen("../uploads/" . $filename, "wb"); if (!$fp) { die("Unable to create file. Please check permissions and refresh page."); } fwrite($fp, $attachment['filedata']); fclose($fp); unset($attachment['filedata']); if ($ext == "gif" || $ext == "png" || $ext == "jpg" || $ext == "jpeg" || $ext == "jpe") { require_once MYBB_ROOT . "inc/functions_image.php"; $thumbname = str_replace(".attach", "_thumb.{$ext}", $filename); $thumbnail = generate_thumbnail("../uploads/" . $filename, "../uploads", $thumbname, $settings['attachthumbh'], $settings['attachthumbw']); if ($thumbnail['code'] == 4) { // Image was too small - fake a filename $thumbnail['filename'] = "SMALL"; } } $db->write_query("UPDATE " . TABLE_PREFIX . "attachments SET attachname='" . $filename . "', donecon='1', uid='" . $attachment['puid'] . "', thumbnail='" . $thumbnail['filename'] . "' WHERE aid='" . $attachment['aid'] . "'"); unset($thumbnail); } echo "<p>Done.</p>"; $query = $db->simple_select("attachments", "COUNT(aid) AS attachrem", "donecon != '1'"); $cnt = $db->fetch_array($query); if ($cnt['attachrem'] != 0) { $nextact = "3_convertattachments"; $startat = $startat + $app; $contents .= "<p><input type=\"hidden\" name=\"attachmentspage\" value=\"{$app}\" /><input type=\"hidden\" name=\"attachmentstart\" value=\"{$startat}\" />Done. Click Next to move on to the next set of attachments.</p>"; } else { if ($db->field_exists("donecon", TABLE_PREFIX . "attachments")) { $db->write_query("ALTER TABLE " . TABLE_PREFIX . "attachments DROP donecon"); } if ($db->field_exists("filedata", TABLE_PREFIX . "attachments")) { $db->write_query("ALTER TABLE " . TABLE_PREFIX . "attachments DROP filedata"); } if ($db->field_exists("thumbnailsm", TABLE_PREFIX . "attachments")) { $db->write_query("ALTER TABLE " . TABLE_PREFIX . "attachments DROP thumbnailsm"); } $nextact = "3_convertavatars"; $contents .= "<p>Done</p><p>All attachments have been moved to the file system. The next step is converting avatars to the file system.</p>"; $contents .= "<p>If you wish to change the number of uploaded avatars to process per page then you can do so below.</p>"; $contents .= "<p><strong>Avatars Per Page:</strong> <input type=\"text\" size=\"3\" value=\"200\" name=\"userspage\" /></p>"; $contents .= "<p>Once you're ready, press next to begin the conversion.</p>"; } $output->print_contents($contents); $output->print_footer($nextact); }
} else { $query = $db->simple_select("themes", "name, tid, properties", $loadstyle); $theme = $db->fetch_array($query); } // No theme was found - we attempt to load the master or any other theme if (!isset($theme['tid']) || isset($theme['tid']) && !$theme['tid']) { // Missing theme was from a user, run a query to set any users using the theme to the default $db->update_query('users', array('style' => 0), "style = '{$mybb->user['style']}'"); // Attempt to load the master or any other theme if the master is not available $query = $db->simple_select('themes', 'name, tid, properties, stylesheets', '', array('order_by' => 'tid', 'limit' => 1)); $theme = $db->fetch_array($query); } $theme = @array_merge($theme, my_unserialize($theme['properties'])); // Set the appropriate image language directory for this theme. // Are we linking to a remote theme server? if (my_substr($theme['imgdir'], 0, 7) == 'http://' || my_substr($theme['imgdir'], 0, 8) == 'https://') { // If a language directory for the current language exists within the theme - we use it if (!empty($mybb->user['language'])) { $theme['imglangdir'] = $theme['imgdir'] . '/' . $mybb->user['language']; } else { // Check if a custom language directory exists for this theme if (!empty($mybb->settings['bblanguage'])) { $theme['imglangdir'] = $theme['imgdir'] . '/' . $mybb->settings['bblanguage']; } else { $theme['imglangdir'] = $theme['imgdir']; } } } else { $img_directory = $theme['imgdir']; if ($mybb->settings['usecdn'] && !empty($mybb->settings['cdnpath'])) { $img_directory = rtrim($mybb->settings['cdnpath'], '/') . '/' . ltrim($theme['imgdir'], '/');
/** * Truncate too long URLs. * * @param string The string to be truncated. * @param string The word separator. * @param int The soft limit. * @param int The hard limit. * @return string truncated string */ function google_seo_url_truncate($str) { global $settings; $separator = $settings['google_seo_url_separator']; $soft = $settings['google_seo_url_length_soft']; $hard = $settings['google_seo_url_length_hard']; // Cut off word past soft limit. if ($soft && my_strlen($str) > $soft) { // Search the separator after the soft limit. $part = my_substr($str, $soft); $pos = my_strpos($part, $separator); if ($pos === 0 || $pos > 0) { $str = my_substr($str, 0, $soft + $pos); } } // Truncate hard limit. if ($hard && my_strlen($str) > $hard) { $str = my_substr($str, 0, $hard); } return $str; }