function do_report()
{
global $vbulletin, $postinfo, $threadinfo, $foruminfo;
if (!$vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
$reportthread = ($rpforumid = $vbulletin->options['rpforumid'] and $rpforuminfo = fetch_foruminfo($rpforumid));
$reportemail = ($vbulletin->options['enableemail'] and $vbulletin->options['rpemail']);
if (!$reportthread and !$reportemail) {
standard_error(fetch_error('emaildisabled'));
}
$reportobj = new vB_ReportItem_Post($vbulletin);
$reportobj->set_extrainfo('forum', $foruminfo);
$reportobj->set_extrainfo('thread', $threadinfo);
$perform_floodcheck = $reportobj->need_floodcheck();
if ($perform_floodcheck) {
$reportobj->perform_floodcheck_precommit();
}
$forumperms = fetch_permissions($threadinfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or $threadinfo['postuserid'] != $vbulletin->userinfo['userid'] and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers'])) {
json_error(ERR_NO_PERMISSION);
}
if (!$postinfo['postid']) {
standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink']));
}
if ((!$postinfo['visible'] or $postinfo['isdeleted']) and !can_moderate($threadinfo['forumid'])) {
standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink']));
}
if ((!$threadinfo['visible'] or $threadinfo['isdeleted']) and !can_moderate($threadinfo['forumid'])) {
standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink']));
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
($hook = vBulletinHook::fetch_hook('report_start')) ? eval($hook) : false;
$vbulletin->input->clean_array_gpc('p', array('reason' => TYPE_STR));
if ($vbulletin->GPC['reason'] == '') {
standard_error(fetch_error('noreason'));
}
if ($perform_floodcheck) {
$reportobj->perform_floodcheck_commit();
}
$reportobj->do_report(prepare_remote_utf8_string($vbulletin->GPC['reason']), $postinfo);
return array('success' => true);
}
function do_login()
{
global $vbulletin, $fr_version, $fr_platform;
$vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL));
$navbg = null;
if (strlen($vbulletin->options['forumrunner_branding_navbar_bg'])) {
$navbg = $vbulletin->options['forumrunner_branding_navbar_bg'];
if (is_iphone() && strlen($navbg) == 7) {
$r = hexdec(substr($navbg, 1, 2));
$g = hexdec(substr($navbg, 3, 2));
$b = hexdec(substr($navbg, 5, 2));
$navbg = "{$r},{$g},{$b}";
}
}
$vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']);
$vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']);
$out = array('v' => $fr_version, 'p' => $fr_platform);
if ($navbg) {
$out['navbg'] = $navbg;
}
if (is_iphone() && $vbulletin->options['forumrunner_admob_publisherid_iphone']) {
$out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_iphone'];
} else {
if (is_android() && $vbulletin->options['forumrunner_admob_publisherid_android']) {
$out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_android'];
}
}
if ($vbulletin->options['forumrunner_google_analytics_id']) {
$out['gan'] = $vbulletin->options['forumrunner_google_analytics_id'];
}
if ($vbulletin->options['forumrunner_facebook_application_id']) {
$out['fb'] = $vbulletin->options['forumrunner_facebook_application_id'];
}
if ($vbulletin->options['forumrunner_cms_onoff']) {
$out['cms'] = true;
$out['cms_section'] = $vbulletin->options['forumrunner_cms_section'];
}
if ($vbulletin->options['forumrunner_enable_registration']) {
$out['reg'] = true;
}
if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums']) {
$out['albums'] = true;
}
if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) {
// This could be an attempt to see if forums require login. Check.
$requires_authentication = false;
if (!($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) {
$requires_authentication = true;
}
// If the forum is closed, require login!
if (!$vbulletin->options['bbactive']) {
$requires_authentication = true;
}
$out += array('authenticated' => false, 'requires_authentication' => $requires_authentication);
} else {
// can the user login?
$strikes = verify_strike_status($vbulletin->GPC['username'], true);
// make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
$original_userinfo = $vbulletin->userinfo;
if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], true, true)) {
exec_strike_user($vbulletin->GPC['username']);
if ($vbulletin->options['usestrikesystem']) {
if ($strikes === false) {
$message = 'Incorrect login. You have used up your login allowance. Please wait 15 minutes before trying again.';
} else {
$message = 'Incorrect login (' . ($strikes + 1) . ' of 5 tries allowed)';
}
} else {
$message = 'Incorrect login.';
}
json_error($message, RV_BAD_PASSWORD);
}
exec_unstrike_user($vbulletin->GPC['username']);
// create new session
process_new_login('', true, '');
cache_permissions($vbulletin->userinfo, true);
$vbulletin->session->save();
// If the forum is closed, boot em
if (!$vbulletin->options['bbactive'] && !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
process_logout();
json_error(strip_tags($vbulletin->options['bbclosedreason']), RV_BAD_PASSWORD);
}
fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']);
$out += array('authenticated' => true, 'username' => prepare_utf8_string($vbulletin->userinfo['username']), 'cookiepath' => $vbulletin->options['cookiepath']);
}
return $out;
}
function do_ban_user()
{
global $vbulletin, $db, $vbphrase;
require_once DIR . '/includes/functions_banning.php';
require_once DIR . '/includes/adminfunctions.php';
$canbanuser = ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or can_moderate(0, 'canbanusers')) ? true : false;
$canunbanuser = ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or can_moderate(0, 'canunbanusers')) ? true : false;
// check banning permissions
if (!$canbanuser and !$canunbanuser) {
standard_error(fetch_error('no_permission_ban_users'));
}
$vbulletin->input->clean_array_gpc('p', array('usergroupid' => TYPE_INT, 'period' => TYPE_STR, 'reason' => TYPE_NOHTML, 'userid' => TYPE_INT));
$vbulletin->GPC['reason'] = prepare_remote_utf8_string($vbulletin->GPC['reason']);
if (!$canbanuser) {
standard_error(fetch_error('no_permission_ban_users'));
}
/*$liftdate = convert_date_to_timestamp($vbulletin->GPC['period']);
echo "
<p>Period: {$vbulletin->GPC['period']}</p>
<p>Banning <b>{$vbulletin->GPC['username']}</b> into usergroup <i>" . $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['title'] . "</i></p>
<table>
<tr><td>Time now:</td><td>" . vbdate('g:ia l jS F Y', TIMENOW, false, false) . "</td></tr>
<tr><td>Lift date:</td><td>" . vbdate('g:ia l jS F Y', $liftdate, false, false) . "</td></tr>
</table>";
exit;*/
// check that the target usergroup is valid
if (!isset($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]) or $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']) {
standard_error(fetch_error('invalid_usergroup_specified'));
}
// check that the user exists
$user = $db->query_first("\n\t\tSELECT user.*,\n\t\t\tIF(moderator.moderatorid IS NULL, 0, 1) AS ismoderator\n\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\tLEFT JOIN " . TABLE_PREFIX . "moderator AS moderator ON(moderator.userid = user.userid AND moderator.forumid <> -1)\n\t\tWHERE user.userid = " . $vbulletin->GPC['userid'] . "\n\t");
if (!$user or $user['userid'] == $vbulletin->userinfo['userid']) {
standard_error(fetch_error('invalid_user_specified'));
}
if (is_unalterable_user($user['userid'])) {
standard_error(fetch_error('user_is_protected_from_alteration_by_undeletableusers_var'));
}
cache_permissions($user);
// Non-admins can't ban administrators, supermods or moderators
if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
if ($user['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or $user['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator'] or $user['ismoderator']) {
standard_error(fetch_error('no_permission_ban_non_registered_users'));
}
} else {
if ($user['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) {
standard_error(fetch_error('no_permission_ban_non_registered_users'));
}
}
// check that the number of days is valid
if ($vbulletin->GPC['period'] != 'PERMANENT' and !preg_match('#^(D|M|Y)_[1-9][0-9]?$#', $vbulletin->GPC['period'])) {
standard_error(fetch_error('invalid_ban_period_specified'));
}
// if we've got this far all the incoming data is good
if ($vbulletin->GPC['period'] == 'PERMANENT') {
// make this ban permanent
$liftdate = 0;
} else {
// get the unixtime for when this ban will be lifted
$liftdate = convert_date_to_timestamp($vbulletin->GPC['period']);
}
// check to see if there is already a ban record for this user in the userban table
if ($check = $db->query_first("SELECT userid, liftdate FROM " . TABLE_PREFIX . "userban WHERE userid = {$user['userid']}")) {
if ($liftdate and $liftdate < $check['liftdate']) {
if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and !can_moderate(0, 'canunbanusers')) {
standard_error(fetch_error('no_permission_un_ban_users'));
}
}
// there is already a record - just update this record
$db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "userban SET\n\t\t\tbandate = " . TIMENOW . ",\n\t\t\tliftdate = {$liftdate},\n\t\t\tadminid = " . $vbulletin->userinfo['userid'] . ",\n\t\t\treason = '" . $db->escape_string($vbulletin->GPC['reason']) . "'\n\t\t\tWHERE userid = {$user['userid']}\n\t\t");
} else {
// insert a record into the userban table
/*insert query*/
$db->query_write("\n\t\t\tINSERT INTO " . TABLE_PREFIX . "userban\n\t\t\t(userid, usergroupid, displaygroupid, customtitle, usertitle, adminid, bandate, liftdate, reason)\n\t\t\tVALUES\n\t\t\t({$user['userid']}, {$user['usergroupid']}, {$user['displaygroupid']}, {$user['customtitle']}, '" . $db->escape_string($user['usertitle']) . "', " . $vbulletin->userinfo['userid'] . ", " . TIMENOW . ", {$liftdate}, '" . $db->escape_string($vbulletin->GPC['reason']) . "')\n\t\t");
}
// update the user record
$userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdm->set_existing($user);
$userdm->set('usergroupid', $vbulletin->GPC['usergroupid']);
$userdm->set('displaygroupid', 0);
// update the user's title if they've specified a special user title for the banned group
if ($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle'] != '') {
$userdm->set('usertitle', $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle']);
$userdm->set('customtitle', 0);
}
$userdm->save();
unset($userdm);
return array('success' => true);
}
require_once DIR . "/vb/search/core.php";
require_once DIR . "/vb/legacy/currentuser.php";
require_once DIR . "/vb/search/resultsview.php";
require_once DIR . "/vb/search/searchtools.php";
require_once DIR . '/includes/class_bbcode.php';
$vbulletin->options['hv_type'] = false;
$search_core = vB_Search_Core::get_instance();
$current_user = new vB_Legacy_CurrentUser();
$search_type = vB_Search_Core::get_instance()->get_search_type('vBForum', 'Common');
$globals = $search_type->listSearchGlobals();
$vbulletin->input->clean_array_gpc('r', $globals);
if ($vbulletin->GPC['query']) {
$vbulletin->GPC['query'] = prepare_remote_utf8_string($vbulletin->GPC['query']);
}
if ($vbulletin->GPC['searchuser']) {
$vbulletin->GPC['searchuser'] = prepare_remote_utf8_string($vbulletin->GPC['searchuser']);
}
if ($vbulletin->GPC['sortby'] == 'lastpost') {
$vbulletin->GPC['sortby'] = 'dateline';
}
$vbulletin->GPC['contenttypeid'] = 1;
// vbforum
$vbulletin->GPC_exists['contenttypeid'] = true;
$vbulletin->GPC['searchfromtype'] = 'vBForum:Post';
$vbulletin->GPC_exists['searchfromtype'] = true;
function do_search_getnew()
{
global $vbulletin, $search_core, $current_user;
$args = process_input(array('do' => STRING));
$vbulletin->input->clean_array_gpc('r', array('days' => TYPE_UINT, 'exclude' => TYPE_NOHTML, 'include' => TYPE_NOHTML, 'showposts' => TYPE_BOOL, 'oldmethod' => TYPE_BOOL, 'sortby' => TYPE_NOHTML, 'noannounce' => TYPE_BOOL, 'pagenumber' => TYPE_UINT, 'perpage' => TYPE_UINT));
if (!$current_user->hasPermission('forumpermissions', 'cansearch')) {
function do_send_pm()
{
global $vbulletin, $db, $permissions;
if (!$vbulletin->userinfo['userid']) {
json_error(ERR_INVALID_LOGGEDIN, RV_NOT_LOGGED_IN);
}
$vbulletin->input->clean_array_gpc('r', array('wysiwyg' => TYPE_BOOL, 'title' => TYPE_NOHTML, 'message' => TYPE_STR, 'parseurl' => TYPE_BOOL, 'savecopy' => TYPE_BOOL, 'signature' => TYPE_BOOL, 'disablesmilies' => TYPE_BOOL, 'receipt' => TYPE_BOOL, 'preview' => TYPE_STR, 'recipients' => TYPE_STR, 'bccrecipients' => TYPE_STR, 'iconid' => TYPE_UINT, 'forward' => TYPE_BOOL, 'folderid' => TYPE_INT, 'sendanyway' => TYPE_BOOL));
if ($vbulletin->GPC['message']) {
$vbulletin->GPC['message'] = prepare_remote_utf8_string($vbulletin->GPC['message']);
}
if ($vbulletin->GPC['title']) {
$vbulletin->GPC['title'] = prepare_remote_utf8_string($vbulletin->GPC['title']);
}
if ($vbulletin->GPC['recipients']) {
$vbulletin->GPC['recipients'] = prepare_remote_utf8_string($vbulletin->GPC['recipients']);
}
$vbulletin->GPC['savecopy'] = true;
if ($permissions['pmquota'] < 1) {
json_error(ERR_NO_PERMISSION);
} else {
if (!$vbulletin->userinfo['receivepm']) {
json_error(strip_tags(fetch_error('pm_turnedoff')), RV_POST_ERROR);
}
}
if (fetch_privatemessage_throttle_reached($vbulletin->userinfo['userid'])) {
json_error(strip_tags(fetch_error('pm_throttle_reached', $vbulletin->userinfo['permissions']['pmthrottlequantity'], $vbulletin->options['pmthrottleperiod'])), RV_POST_ERROR);
}
// include useful functions
require_once DIR . '/includes/functions_newpost.php';
// parse URLs in message text
if ($vbulletin->options['privallowbbcode'] and $vbulletin->GPC['parseurl']) {
$vbulletin->GPC['message'] = convert_url_to_bbcode($vbulletin->GPC['message']);
}
$pm['message'] =& $vbulletin->GPC['message'];
$pm['title'] =& $vbulletin->GPC['title'];
$pm['parseurl'] =& $vbulletin->GPC['parseurl'];
$pm['savecopy'] =& $vbulletin->GPC['savecopy'];
$pm['signature'] =& $vbulletin->GPC['signature'];
$pm['disablesmilies'] =& $vbulletin->GPC['disablesmilies'];
$pm['sendanyway'] =& $vbulletin->GPC['sendanyway'];
$pm['receipt'] =& $vbulletin->GPC['receipt'];
$pm['recipients'] =& $vbulletin->GPC['recipients'];
$pm['bccrecipients'] =& $vbulletin->GPC['bccrecipients'];
$pm['pmid'] =& $vbulletin->GPC['pmid'];
$pm['iconid'] =& $vbulletin->GPC['iconid'];
$pm['forward'] =& $vbulletin->GPC['forward'];
$pm['folderid'] =& $vbulletin->GPC['folderid'];
// *************************************************************
// PROCESS THE MESSAGE AND INSERT IT INTO THE DATABASE
$errors = array();
// catches errors
if ($vbulletin->userinfo['pmtotal'] > $permissions['pmquota'] or $vbulletin->userinfo['pmtotal'] == $permissions['pmquota'] and $pm['savecopy']) {
json_error(strip_tags(fetch_error('yourpmquotaexceeded')), RV_POST_ERROR);
}
// create the DM to do error checking and insert the new PM
$pmdm =& datamanager_init('PM', $vbulletin, ERRTYPE_ARRAY);
$pmdm->set_info('savecopy', $pm['savecopy']);
$pmdm->set_info('receipt', $pm['receipt']);
$pmdm->set_info('cantrackpm', $cantrackpm);
$pmdm->set_info('forward', $pm['forward']);
$pmdm->set_info('bccrecipients', $pm['bccrecipients']);
if ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) {
$pmdm->overridequota = true;
}
$pmdm->set('fromuserid', $vbulletin->userinfo['userid']);
$pmdm->set('fromusername', $vbulletin->userinfo['username']);
$pmdm->setr('title', $pm['title']);
$pmdm->set_recipients($pm['recipients'], $permissions, 'cc');
$pmdm->set_recipients($pm['bccrecipients'], $permissions, 'bcc');
$pmdm->setr('message', $pm['message']);
$pmdm->setr('iconid', $pm['iconid']);
$pmdm->set('dateline', TIMENOW);
$pmdm->setr('showsignature', $pm['signature']);
$pmdm->set('allowsmilie', $pm['disablesmilies'] ? 0 : 1);
if (!$pm['forward']) {
$pmdm->set_info('parentpmid', $pm['pmid']);
}
$pmdm->set_info('replypmid', $pm['pmid']);
($hook = vBulletinHook::fetch_hook('private_insertpm_process')) ? eval($hook) : false;
$pmdm->pre_save();
// deal with user using receivepmbuddies sending to non-buddies
if ($vbulletin->userinfo['receivepmbuddies'] and is_array($pmdm->info['recipients'])) {
$users_not_on_list = array();
// get a list of super mod groups
$smod_groups = array();
foreach ($vbulletin->usergroupcache as $ugid => $groupinfo) {
if ($groupinfo['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']) {
// super mod group
$smod_groups[] = $ugid;
}
}
// now filter out all moderators (and super mods) from the list of recipients
// to check against the buddy list
$check_recipients = $pmdm->info['recipients'];
$mods = $db->query_read_slave("\n\t\t\tSELECT user.userid\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "moderator AS moderator ON (moderator.userid = user.userid)\n\t\t\tWHERE user.userid IN (" . implode(',', array_keys($check_recipients)) . ")\n\t\t\t\tAND ((moderator.userid IS NOT NULL AND moderator.forumid <> -1)\n\t\t\t\t" . (!empty($smod_groups) ? "OR user.usergroupid IN (" . implode(',', $smod_groups) . ")" : '') . "\n\t\t\t\t)\n\t\t");
while ($mod = $db->fetch_array($mods)) {
unset($check_recipients["{$mod['userid']}"]);
}
if (!empty($check_recipients)) {
// filter those on our buddy list out
$users = $db->query_read_slave("\n\t\t\t\tSELECT userlist.relationid\n\t\t\t\tFROM " . TABLE_PREFIX . "userlist AS userlist\n\t\t\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\t\tAND userlist.relationid IN(" . implode(array_keys($check_recipients), ',') . ")\n\t\t\t\t\tAND type = 'buddy'\n\t\t\t");
while ($user = $db->fetch_array($users)) {
unset($check_recipients["{$user['relationid']}"]);
}
}
// what's left must be those who are neither mods or on our buddy list
foreach ($check_recipients as $userid => $user) {
$users_not_on_list["{$userid}"] = $user['username'];
}
if (!empty($users_not_on_list) and (!$vbulletin->GPC['sendanyway'] or !empty($errors))) {
$users = '';
foreach ($users_not_on_list as $userid => $username) {
$users .= "<li><a href=\"member.php?" . $vbulletin->session->vars['sessionurl'] . "u={$userid}\" target=\"profile\">{$username}</a></li>";
}
$pmdm->error('pm_non_contacts_cant_reply', $users);
}
}
// check for message flooding
if ($vbulletin->options['pmfloodtime'] > 0 and !$vbulletin->GPC['preview']) {
if (!($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and !can_moderate()) {
$floodcheck = $db->query_first("\n\t\t\t\tSELECT pmtextid, title, dateline\n\t\t\t\tFROM " . TABLE_PREFIX . "pmtext AS pmtext\n\t\t\t\tWHERE fromuserid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\tORDER BY dateline DESC\n\t\t\t");
if (($timepassed = TIMENOW - $floodcheck['dateline']) < $vbulletin->options['pmfloodtime']) {
json_error(strip_tags(fetch_error('pmfloodcheck', $vbulletin->options['pmfloodtime'], $vbulletin->options['pmfloodtime'] - $timepassed)), RV_POST_ERROR);
}
}
}
// process errors if there are any
$errors = array_merge($errors, $pmdm->errors);
if (!empty($errors)) {
json_error(strip_tags($errors[0]), RV_POST_ERROR);
} else {
if ($vbulletin->GPC['preview'] != '') {
define('PMPREVIEW', 1);
$foruminfo = array('forumid' => 'privatemessage', 'allowicons' => $vbulletin->options['privallowicons']);
$preview = process_post_preview($pm);
$_REQUEST['do'] = 'newpm';
} else {
// everything's good!
$pmdm->save();
// force pm counters to be rebuilt
$vbulletin->userinfo['pmunread'] = -1;
build_pm_counters();
}
}
return array('success' => 1);
}
function do_post_edit()
{
global $vbulletin, $db, $foruminfo, $forumperms, $threadinfo;
global $postinfo, $vbphrase, $stylevar, $permissions;
$checked = array();
$edit = array();
$postattach = array();
$contenttype = 'vBForum_Post';
if (!$postinfo['postid'] or $postinfo['isdeleted'] or !$postinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
json_error(ERR_INVALID_TOP, RV_POST_ERROR);
}
if (!$threadinfo['threadid'] or $threadinfo['isdeleted'] or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
json_error(ERR_INVALID_TOP, RV_POST_ERROR);
}
if ($vbulletin->options['wordwrap']) {
$threadinfo['title'] = fetch_word_wrapped_string($threadinfo['title']);
}
// get permissions info
$_permsgetter_ = 'edit post';
$forumperms = fetch_permissions($threadinfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) {
json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
}
$foruminfo = fetch_foruminfo($threadinfo['forumid'], false);
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
// need to get last post-type information
cache_ordered_forums(1);
// determine if we are allowed to be updating the thread's info
$can_update_thread = ($threadinfo['firstpostid'] == $postinfo['postid'] and (can_moderate($threadinfo['forumid'], 'caneditthreads') or $postinfo['dateline'] + $vbulletin->options['editthreadtitlelimit'] * 60 > TIMENOW));
// otherwise, post is being edited
if (!can_moderate($threadinfo['forumid'], 'caneditposts')) {
// check for moderator
if (!$threadinfo['open']) {
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}";
json_error(fetch_error('threadclosed'), RV_POST_ERROR);
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['caneditpost'])) {
json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
} else {
if ($vbulletin->userinfo['userid'] != $postinfo['userid']) {
// check user owns this post
json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
} else {
// check for time limits
if ($postinfo['dateline'] < TIMENOW - $vbulletin->options['edittimelimit'] * 60 and $vbulletin->options['edittimelimit'] != 0) {
json_error(fetch_error('edittimelimit', $vbulletin->options['edittimelimit'], $vbulletin->options['contactuslink']), RV_POST_ERROR);
}
}
}
}
// Variables reused in templates
$poststarttime =& $vbulletin->input->clean_gpc('r', poststarttime, TYPE_UINT);
$posthash = md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']);
$vbulletin->input->clean_array_gpc('p', array('stickunstick' => TYPE_BOOL, 'openclose' => TYPE_BOOL, 'wysiwyg' => TYPE_BOOL, 'message' => TYPE_STR, 'title' => TYPE_STR, 'prefixid' => TYPE_NOHTML, 'iconid' => TYPE_UINT, 'parseurl' => TYPE_BOOL, 'signature' => TYPE_BOOL, 'disablesmilies' => TYPE_BOOL, 'reason' => TYPE_NOHTML, 'preview' => TYPE_STR, 'folderid' => TYPE_UINT, 'emailupdate' => TYPE_UINT, 'ajax' => TYPE_BOOL, 'advanced' => TYPE_BOOL, 'postcount' => TYPE_UINT, 'podcasturl' => TYPE_STR, 'podcastsize' => TYPE_UINT, 'podcastexplicit' => TYPE_BOOL, 'podcastkeywords' => TYPE_STR, 'podcastsubtitle' => TYPE_STR, 'podcastauthor' => TYPE_STR, 'quickeditnoajax' => TYPE_BOOL));
if ($vbulletin->GPC['message']) {
$vbulletin->GPC['message'] = prepare_remote_utf8_string($vbulletin->GPC['message']);
}
$vbulletin->GPC['signature'] = $vbulletin->GPC_exists['signature'] = true;
// Make sure the posthash is valid
($hook = vBulletinHook::fetch_hook('editpost_update_start')) ? eval($hook) : false;
if (md5($poststarttime . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $posthash) {
$posthash = 'invalid posthash';
// don't phrase me
}
// ### PREP INPUT ###
if ($vbulletin->GPC['wysiwyg']) {
require_once DIR . '/includes/functions_wysiwyg.php';
$edit['message'] = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $foruminfo['allowhtml']);
} else {
$edit['message'] =& $vbulletin->GPC['message'];
}
$cansubscribe = true;
// Are we editing someone else's post? If so load that users subscription info for this thread.
if ($vbulletin->userinfo['userid'] != $postinfo['userid']) {
if ($postinfo['userid']) {
$userinfo = fetch_userinfo($postinfo['userid']);
cache_permissions($userinfo);
}
$cansubscribe = ($userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canview'] and $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewthreads'] and ($threadinfo['postuserid'] == $userinfo['userid'] or $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewothers']));
if ($cansubscribe and $otherthreadinfo = $db->query_first_slave("\n\t\t\tSELECT emailupdate, folderid\n\t\t\tFROM " . TABLE_PREFIX . "subscribethread\n\t\t\tWHERE threadid = {$threadinfo['threadid']} AND\n\t\t\t\tuserid = {$postinfo['userid']} AND\n\t\t\t\tcanview = 1")) {
$threadinfo['issubscribed'] = true;
$threadinfo['emailupdate'] = $otherthreadinfo['emailupdate'];
$threadinfo['folderid'] = $otherthreadinfo['folderid'];
} else {
$threadinfo['issubscribed'] = false;
// use whatever emailupdate setting came through
}
}
if ($vbulletin->GPC['ajax'] or $vbulletin->GPC['quickeditnoajax']) {
// quick edit
$tmpmessage = $vbulletin->GPC['ajax'] ? convert_urlencoded_unicode($edit['message']) : $edit['message'];
$edit = $postinfo;
$edit['message'] =& $tmpmessage;
$edit['title'] = unhtmlspecialchars($edit['title']);
$edit['signature'] =& $edit['showsignature'];
$edit['enablesmilies'] =& $edit['allowsmilie'];
$edit['disablesmilies'] = $edit['enablesmilies'] ? 0 : 1;
$edit['parseurl'] = true;
$edit['prefixid'] = $threadinfo['prefixid'];
$edit['reason'] = fetch_censored_text($vbulletin->GPC['ajax'] ? convert_urlencoded_unicode($vbulletin->GPC['reason']) : $vbulletin->GPC['reason']);
} else {
$edit['iconid'] =& $vbulletin->GPC['iconid'];
$edit['title'] =& $vbulletin->GPC['title'];
$edit['prefixid'] = ($vbulletin->GPC_exists['prefixid'] and can_use_prefix($vbulletin->GPC['prefixid'])) ? $vbulletin->GPC['prefixid'] : $threadinfo['prefixid'];
$edit['podcasturl'] =& $vbulletin->GPC['podcasturl'];
$edit['podcastsize'] =& $vbulletin->GPC['podcastsize'];
$edit['podcastexplicit'] =& $vbulletin->GPC['podcastexplicit'];
$edit['podcastkeywords'] =& $vbulletin->GPC['podcastkeywords'];
$edit['podcastsubtitle'] =& $vbulletin->GPC['podcastsubtitle'];
$edit['podcastauthor'] =& $vbulletin->GPC['podcastauthor'];
// Leave this off for quickedit->advanced so that a post with unparsed links doesn't get parsed just by going to Advanced Edit
$edit['parseurl'] = true;
$edit['signature'] =& $vbulletin->GPC['signature'];
$edit['disablesmilies'] =& $vbulletin->GPC['disablesmilies'];
$edit['enablesmilies'] = $edit['allowsmilie'] = $edit['disablesmilies'] ? 0 : 1;
$edit['stickunstick'] =& $vbulletin->GPC['stickunstick'];
$edit['openclose'] =& $vbulletin->GPC['openclose'];
$edit['reason'] = fetch_censored_text($vbulletin->GPC['reason']);
$edit['preview'] =& $vbulletin->GPC['preview'];
$edit['folderid'] =& $vbulletin->GPC['folderid'];
if (!$vbulletin->GPC['advanced']) {
if ($vbulletin->GPC_exists['emailupdate']) {
$edit['emailupdate'] =& $vbulletin->GPC['emailupdate'];
} else {
$edit['emailupdate'] = array_pop($array = array_keys(fetch_emailchecked($threadinfo)));
}
}
}
$dataman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
$dataman->set_existing($postinfo);
($hook = vBulletinHook::fetch_hook('editpost_update_process')) ? eval($hook) : false;
// set info
$dataman->set_info('parseurl', $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_URL and $foruminfo['allowbbcode'] and $edit['parseurl']);
$dataman->set_info('posthash', $posthash);
$dataman->set_info('forum', $foruminfo);
$dataman->set_info('thread', $threadinfo);
$dataman->set_info('show_title_error', true);
$dataman->set_info('podcasturl', $edit['podcasturl']);
$dataman->set_info('podcastsize', $edit['podcastsize']);
$dataman->set_info('podcastexplicit', $edit['podcastexplicit']);
$dataman->set_info('podcastkeywords', $edit['podcastkeywords']);
$dataman->set_info('podcastsubtitle', $edit['podcastsubtitle']);
$dataman->set_info('podcastauthor', $edit['podcastauthor']);
if ($postinfo['userid'] == $vbulletin->userinfo['userid']) {
$dataman->set_info('user', $vbulletin->userinfo);
}
// set options
$dataman->setr('showsignature', $edit['signature']);
$dataman->setr('allowsmilie', $edit['enablesmilies']);
// set data
/*$dataman->setr('userid', $vbulletin->userinfo['userid']);
if ($vbulletin->userinfo['userid'] == 0)
{
$dataman->setr('username', $post['username']);
}*/
$dataman->setr('title', $edit['title']);
$dataman->setr('pagetext', $edit['message']);
if ($postinfo['userid'] != $vbulletin->userinfo['userid']) {
$dataman->setr('iconid', $edit['iconid'], true, false);
} else {
$dataman->setr('iconid', $edit['iconid']);
}
$postusername = $vbulletin->userinfo['username'];
$dataman->pre_save();
if ($dataman->errors) {
$errors = $dataman->errors;
}
if ($dataman->info['podcastsize']) {
$edit['podcastsize'] = $dataman->info['podcastsize'];
}
if (sizeof($errors) > 0) {
fr_standard_error($errors[0]);
} else {
if ($edit['preview']) {
require_once DIR . '/packages/vbattach/attach.php';
$attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post');
$postattach = $attach->fetch_postattach($posthash, $postinfo['postid']);
// ### PREVIEW POST ###
$postpreview = process_post_preview($edit, $postinfo['userid'], $postattach);
$previewpost = true;
$_REQUEST['do'] = 'editpost';
} else {
if ($vbulletin->GPC['advanced']) {
// Don't display preview on QuickEdit->Advanced as parseurl is turned off and so the preview won't be correct unless the post originally had checked to not parse links
// If you turn on parseurl then the opposite happens and you have to go unparse your links if that is what you want. Compromise
$_REQUEST['do'] = 'editpost';
} else {
// ### POST HAS NO ERRORS ###
$dataman->save();
$update_edit_log = true;
// don't show edited by AND reason unchanged - don't update edit log
if (!($permissions['genericoptions'] & $vbulletin->bf_ugp_genericoptions['showeditedby']) and $edit['reason'] == $postinfo['edit_reason']) {
$update_edit_log = false;
}
if ($update_edit_log) {
// ug perm: show edited by
if ($postinfo['dateline'] < TIMENOW - $vbulletin->options['noeditedbytime'] * 60 or !empty($edit['reason'])) {
// save the postedithistory
if ($vbulletin->options['postedithistory']) {
// insert original post on first edit
if (!$db->query_first("SELECT postedithistoryid FROM " . TABLE_PREFIX . "postedithistory WHERE original = 1 AND postid = " . $postinfo['postid'])) {
$db->query_write("\n\t\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "postedithistory\n\t\t\t\t\t\t\t\t(postid, userid, username, title, iconid, dateline, reason, original, pagetext)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t\t\t" . $postinfo['userid'] . ",\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['username']) . "',\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['title']) . "',\n\t\t\t\t\t\t\t\t{$postinfo['iconid']},\n\t\t\t\t\t\t\t\t" . $postinfo['dateline'] . ",\n\t\t\t\t\t\t\t\t'',\n\t\t\t\t\t\t\t\t1,\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['pagetext']) . "')\n\t\t\t\t\t\t");
}
// insert the new version
$db->query_write("\n\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "postedithistory\n\t\t\t\t\t\t\t(postid, userid, username, title, iconid, dateline, reason, pagetext)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t\t" . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['title']) . "',\n\t\t\t\t\t\t\t{$edit['iconid']},\n\t\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['reason']) . "',\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['message']) . "')\n\t\t\t\t\t");
}
/*insert query*/
$db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "editlog\n\t\t\t\t\t\t(postid, userid, username, dateline, reason, hashistory)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t" . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t'" . $db->escape_string($edit['reason']) . "',\n\t\t\t\t\t\t" . ($vbulletin->options['postedithistory'] ? 1 : 0) . ")\n\t\t\t\t");
}
}
$date = vbdate($vbulletin->options['dateformat'], TIMENOW);
$time = vbdate($vbulletin->options['timeformat'], TIMENOW);
// initialize thread / forum update clauses
$forumupdate = false;
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->set_info('pagetext', $edit['message']);
if ($can_update_thread and $edit['title'] != '') {
// need to update thread title and iconid
if (!can_moderate($threadinfo['forumid'])) {
$threadman->set_info('skip_moderator_log', true);
}
$threadman->set_info('skip_first_post_update', true);
if ($edit['title'] != $postinfo['title']) {
$threadman->set('title', unhtmlspecialchars($edit['title']));
}
if ($edit['iconid'] != $postinfo['iconid']) {
$threadman->set('iconid', $edit['iconid']);
}
if ($vbulletin->GPC_exists['prefixid'] and can_use_prefix($vbulletin->GPC['prefixid'])) {
$threadman->set('prefixid', $vbulletin->GPC['prefixid']);
if ($threadman->thread['prefixid'] === '' and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) {
// the prefix wasn't valid or was set to an empty one, but that's not allowed
$threadman->do_unset('prefixid');
}
}
// do we need to update the forum counters?
$forumupdate = $foruminfo['lastthreadid'] == $threadinfo['threadid'] ? true : false;
}
// can this user open/close this thread if they want to?
if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) {
$threadman->set('open', $threadman->fetch_field('open') == 1 ? 0 : 1);
}
if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
$threadman->set('sticky', $threadman->fetch_field('sticky') == 1 ? 0 : 1);
}
($hook = vBulletinHook::fetch_hook('editpost_update_thread')) ? eval($hook) : false;
$threadman->save();
// if this is a mod edit, then log it
if ($vbulletin->userinfo['userid'] != $postinfo['userid'] and can_moderate($threadinfo['forumid'], 'caneditposts')) {
$modlog = array('threadid' => $threadinfo['threadid'], 'forumid' => $threadinfo['forumid'], 'postid' => $postinfo['postid']);
log_moderator_action($modlog, 'post_x_edited', $postinfo['title']);
}
require_once DIR . '/includes/functions_databuild.php';
// do forum update if necessary
if ($forumupdate) {
build_forum_counters($threadinfo['forumid']);
}
// don't do thread subscriptions if we are doing quick edit
if (!$vbulletin->GPC['ajax'] and !$vbulletin->GPC['quickeditnoajax']) {
// ### DO THREAD SUBSCRIPTION ###
// We use $postinfo[userid] so that we update the user who posted this, not the user who is editing this
if (!$threadinfo['issubscribed'] and $edit['emailupdate'] != 9999) {
// user is not subscribed to this thread so insert it
/*insert query*/
$db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES ({$postinfo['userid']}, {$threadinfo['threadid']}, {$edit['emailupdate']}, {$edit['folderid']}, 1)\n\t\t\t\t");
} else {
// User is subscribed, see if they changed the settings for this thread
if ($edit['emailupdate'] == 9999) {
// Remove this subscription, user chose 'No Subscription'
/*insert query*/
$db->query_write("\n\t\t\t\t\t\tDELETE FROM " . TABLE_PREFIX . "subscribethread\n\t\t\t\t\t\tWHERE threadid = {$threadinfo['threadid']}\n\t\t\t\t\t\t\tAND userid = {$postinfo['userid']}\n\t\t\t\t\t");
} else {
if ($threadinfo['emailupdate'] != $edit['emailupdate'] or $threadinfo['folderid'] != $edit['folderid']) {
// User changed the settings so update the current record
/*insert query*/
$db->query_write("\n\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\t\tVALUES ({$postinfo['userid']}, {$threadinfo['threadid']}, {$edit['emailupdate']}, {$edit['folderid']}, 1)\n\t\t\t\t\t");
}
}
}
}
($hook = vBulletinHook::fetch_hook('editpost_update_complete')) ? eval($hook) : false;
}
}
}
return array('success' => true);
}
