/** * Add pages * * @param Array $data * @return int */ public function addPage($userID, $data) { global $db; if (!is_numeric($userID) || $data['pageName'] == '') { return; } // failed //Create Links $links = []; if (isset($data['title'])) { foreach ($data['title'] as $i => $title) { $links[] = ['title' => trim(strip_tags($title)), 'link' => trim(strip_tags($data['url'][$i]))]; } } //Move Image File list($width, $height, $type, $attr) = getimagesize(DIR_FS_PHOTO_TMP . $data['file']); if ($width > MAX_IMAGE_WIDTH || $height > MAX_IMAGE_HEIGHT) { buckys_add_message(MSG_PHOTO_MAX_SIZE_ERROR, MSG_TYPE_ERROR); return false; } $ratio = floatval($width / $data['width']); $sourceWidth = ($data['x2'] - $data['x1']) * $ratio; BuckysPost::moveFileFromTmpToUserFolder($userID, $data['file'], PROFILE_IMAGE_WIDTH, PROFILE_IMAGE_HEIGHT, $data['x1'] * $ratio, $data['y1'] * $ratio, $sourceWidth, $sourceWidth); $query = $db->prepare("INSERT INTO " . TABLE_PAGES . "(`userID`, `title`, `logo`, `about`, `links`, `createdDate`, `status`)\n VALUES(%d, %s, %s, %s, %s, %s, 1)", $userID, $data['pageName'], $data['file'], $data['pageDescription'], serialize($links), date('Y-m-d H:i:s')); if (!($newID = $db->insert($query))) { buckys_add_message($db->getLastError(), MSG_TYPE_ERROR); } return $newID; }
/** * Create New Message * * @param mixed $data */ public function composeMessage($data) { global $db; $receivers = $data['to']; if (!buckys_not_null($receivers)) { buckys_add_message(MSG_SENDER_EMPTY_ERROR, MSG_TYPE_ERROR); return false; } if (trim($data['subject']) == '') { buckys_add_message(MSG_MESSAGE_SUBJECT_EMPTY_ERROR, MSG_TYPE_ERROR); return false; } if (trim($data['body']) == '') { buckys_add_message(MSG_MESSAGE_BODY_EMPTY_ERROR, MSG_TYPE_ERROR); return false; } $createdDate = date("Y-m-d H:i:s"); if (!is_array($receivers)) { $receivers = array($receivers); } //Remove Duplicated Messages $receivers = array_unique($receivers); $nonFriend = array(); $sents = array(); $errors = array(); $isError = false; foreach ($receivers as $receiver) { //Create A message row for Sender $sender = $data['userID']; $receiverInfo = BuckysUser::getUserBasicInfo($receiver); //confirm that current user and receiver is friend /*if(!BuckysFriend::isFriend($receiver, $sender)) { $nonFriend[] = $receiverInfo['firstName'] . " " . $receiverInfo['lastName']; $isError = true; continue; }*/ $insertData = array('userID' => $sender, 'sender' => $sender, 'receiver' => $receiver, 'subject' => $data['subject'], 'body' => $data['body'], 'status' => 'read', 'created_date' => $createdDate); $newId1 = $db->insertFromArray(TABLE_MESSAGES, $insertData); //Create A message row for receiver $sender = $data['userID']; $insertData = array('userID' => $receiver, 'sender' => $sender, 'receiver' => $receiver, 'subject' => $data['subject'], 'body' => $data['body'], 'status' => 'unread', 'created_date' => $createdDate); $newId2 = $db->insertFromArray(TABLE_MESSAGES, $insertData); $sents[] = $receiverInfo['firstName'] . ' ' . $receiverInfo['lastName']; } if (count($sents) > 0) { buckys_add_message(MSG_NEW_MESSAGE_SENT, MSG_TYPE_SUCCESS); } if (count($nonFriend) > 0) { if (count($nonFriend) > 1) { $msg = sprintf(MSG_COMPOSE_MESSAGE_ERROR_TO_NON_FRIENDS, implode(", ", $nonFriend)); } else { $msg = sprintf(MSG_COMPOSE_MESSAGE_ERROR_TO_NON_FRIEND, $nonFriend[0]); } buckys_add_message($msg, MSG_TYPE_ERROR); } return !$isError; }
/** * Create New Album * * @param Int $userID * @param String $title * @return bool|int|null|string */ public static function createAlbum($userID, $title, $visibility) { global $db; $now = date('Y-m-d H:i:s'); $newId = $db->insertFromArray(TABLE_ALBUMS, ['owner' => $userID, 'name' => $title, 'created_date' => $now, 'visibility' => $visibility]); if (!$newId) { buckys_add_message($db->getLastError(), MSG_TYPE_ERROR); return false; } else { //Success buckys_add_message(MSG_NEW_ALBUM_CREATED, MSG_TYPE_SUCCESS); return $newId; } }
/** * @param $data * @return bool|int|string */ public static function createTopic($data) { global $db, $TNB_GLOBALS; $title = trim($data['title']); $category = trim($data['category']); $content = $data['content']; if (!$title || !$category || !$content) { return MSG_ALL_FIELDS_REQUIRED; } //Check Category ID is valid or not $query = $db->prepare("SELECT categoryID FROM " . TABLE_FORUM_CATEGORIES . " WHERE categoryID=%d", $category); $categoryID = $db->getVar($query); if (!$categoryID) { return MSG_INVALID_REQUEST; } $content = buckys_remove_tags_inside_code($content); //Remove Invalid Image URLs $content = buckys_remove_invalid_image_urls($content); $query = "INSERT INTO " . TABLE_FORUM_TOPICS . "(\n `topicTitle`, \n `topicContent`, \n `categoryID`, \n `creatorID`, \n `createdDate`, \n `replies`, \n `lastReplyID`, \n `lastReplyDate`, \n `lastReplierID`, \n `views`, \n `status`\n )VALUES(\n '" . $db->escapeInput($title) . "',\n '" . $db->escapeInput($content, false) . "',\n '" . $db->escapeInput($categoryID) . "',\n '" . $TNB_GLOBALS['user']['userID'] . "',\n '" . date("Y-m-d H:i:s") . "',\n '0',\n '0',\n '0000-00-00 00:00:00',\n '0',\n '0',\n 'pending'\n )"; $db->query($query); $newID = $db->getLastInsertId(); if (!$newID) { buckys_add_message($db->getLastError(), MSG_TYPE_ERROR); return false; } //If the user has more than 5 actived posts(topics or replies), update the topic status to 1 $count1 = $db->getVar("SELECT count(1) FROM " . TABLE_FORUM_TOPICS . " WHERE creatorID=" . $TNB_GLOBALS['user']['userID'] . " AND `status`='publish'"); $count2 = $db->getVar("SELECT count(1) FROM " . TABLE_FORUM_REPLIES . " WHERE creatorID=" . $TNB_GLOBALS['user']['userID'] . " AND `status`='publish'"); if ($count1 + $count2 >= 5) { $db->updateFromArray(TABLE_FORUM_TOPICS, ['status' => 'publish'], ['topicID' => $newID]); //Update Category Table $db->query("UPDATE " . TABLE_FORUM_CATEGORIES . " SET lastTopicID=" . $newID . ", `topics`=`topics` + 1 WHERE categoryID=" . $categoryID); //Increase user posts count $db->query("UPDATE " . TABLE_USERS . " SET `posts_count`=`posts_count` + 1 WHERE userID=" . $TNB_GLOBALS['user']['userID']); buckys_add_message(MSG_TOPIC_POSTED_SUCCESSFULLY, MSG_TYPE_SUCCESS); return $newID; } buckys_add_message(MSG_POST_IS_UNDER_PREVIEW, MSG_TYPE_SUCCESS); return $newID; }
} exit; //==================== Follow This Page ====================// //==================== Follow This Page ====================// case 'follow': $isAjax = isset($_REQUEST['buckys_ajax']) ? true : false; if ($isAjax) { header('Content-type: application/xml'); } if (!buckys_check_form_token('request')) { if ($isAjax) { $resultXML = ['status' => 'error', 'message' => MSG_INVALID_REQUEST]; render_result_xml($resultXML); exit; } else { buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } } $paramPageID = get_secure_integer($_REQUEST['pid']); $result = $pageFollowerIns->addFollower($paramPageID, $userID); if ($result) { if ($isAjax) { $resultXML = ['status' => 'success', 'message' => 'MSG_FOLLOW_PAGE_SUCCESS', 'html' => 'Unfollow', 'link' => '/page.php?action=unfollow&pid=' . $paramPageID . buckys_get_token_param()]; render_result_xml($resultXML); exit; } else { buckys_redirect('/page.php?pid=' . $paramPageID, MSG_FOLLOW_PAGE_SUCCESS, MSG_TYPE_SUCCESS); } } else { if ($isAjax) { $resultXML = ['status' => 'error', 'message' => MSG_FOLLOW_PAGE_FAIL];
buckys_redirect("/index.php"); } if (!$_POST['currentPassword'] || !$_POST['newPassword'] || !$_POST['newPassword2']) { buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR); $isValid = false; } else { if ($_POST['newPassword'] != $_POST['newPassword2']) { buckys_redirect("/change_password.php", MSG_NOT_MATCH_PASSWORD, MSG_TYPE_ERROR); $isValid = false; } } //Check Current Password $data = BuckysUser::getUserData($userID); if (!$data) { buckys_redirect("/index.php"); } if (!buckys_validate_password($_POST['currentPassword'], $data['password'])) { buckys_add_message(MSG_CURRENT_PASSWORD_NOT_CORRECT, MSG_TYPE_ERROR); $isValid = false; } if ($isValid) { $pwd = buckys_encrypt_password($_POST['newPassword']); BuckysUser::updateUserFields($userID, array('password' => $pwd)); buckys_redirect('/change_password.php', MSG_PASSWORD_UPDATED); } } buckys_enqueue_stylesheet('account.css'); buckys_enqueue_stylesheet('info.css'); $BUCKYS_GLOBALS['content'] = 'change_password'; $BUCKYS_GLOBALS['title'] = "Change Password - BuckysRoom"; require DIR_FS_TEMPLATE . $BUCKYS_GLOBALS['template'] . "/" . $BUCKYS_GLOBALS['layout'] . ".php";
/** * @return bool */ public static function resetVotes() { global $db; //Check user acl again if (!buckys_check_user_acl(USER_ACL_ADMINISTRATOR)) { buckys_add_message(MSG_PERMISSION_DENIED, MSG_TYPE_ERROR); return false; } $db->query("DELETE FROM " . TABLE_MODERATOR_CANDIDATES); $db->query("DELETE FROM " . TABLE_MODERATOR_VOTES); return true; }
/** * Like Post * * @param int $userID * @param int $postID * @param $action * @param bool $checkToken * @return bool|int|null|string */ public static function likePost($userID, $postID, $action, $checkToken = true) { global $db; $post = BuckysPost::getPostById($postID); if ($checkToken && !buckys_check_form_token('request')) { buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR); return false; } if (!$post || $post['poster'] == $userID) { buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR); return false; } if ($post['visibility'] == 0 && !BuckysFriend::isFriend($userID, $post['poster'])) { buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR); return false; } if (!BuckysUsersDailyActivity::checkUserDailyLimit($userID, 'likes')) { buckys_add_message(sprintf(MSG_DAILY_LIKES_LIMIT_EXCEED_ERROR, USER_DAILY_LIMIT_LIKES), MSG_TYPE_ERROR); return false; } //Check already like it or not $query = $db->prepare("SELECT likeID FROM " . TABLE_POSTS_LIKES . " WHERE userID=%s AND postID=%s", $userID, $postID); $likeId = $db->getVar($query); if ($action == 'likePost') { if ($likeId) { buckys_add_message(MSG_ALREADY_LIKED_POST, MSG_TYPE_ERROR); return false; } BuckysUsersDailyActivity::addLikes($userID); //Like This post $rs = $db->insertFromArray(TABLE_POSTS_LIKES, ['userID' => $userID, 'postID' => $postID]); //Update likes on the posts table $query = $db->prepare('UPDATE ' . TABLE_POSTS . ' SET `likes`=`likes` + 1 WHERE postID=%d', $postID); $db->query($query); //Add Activity $activityId = BuckysActivity::addActivity($userID, $postID, 'post', 'like', $rs); //Add Notification BuckysActivity::addNotification($post['poster'], $activityId, BuckysActivity::NOTIFICATION_TYPE_LIKE_POST); //Increase Hits BuckysHit::addHit($postID, $userID); //Update User Stats BuckysUser::updateStats($post['poster'], 'likes', 1); return $rs; } else { if ($action == 'unlikePost') { if (!$likeId) { buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR); return false; } BuckysUsersDailyActivity::addLikes($userID); $query = $db->prepare("DELETE FROM " . TABLE_POSTS_LIKES . " WHERE userID=%s AND postID=%s", $userID, $postID); $db->query($query); //Update likes on the posts table $query = $db->prepare('UPDATE ' . TABLE_POSTS . ' SET `likes`=`likes` - 1 WHERE postID=%d', $postID); $db->query($query); //Increase Hits BuckysHit::removeHit($postID, $userID); //Update User Stats BuckysUser::updateStats($post['poster'], 'likes', -1); return true; } } }
<?php require dirname(__FILE__) . '/includes/bootstrap.php'; if (!($userID = buckys_is_logged_in())) { buckys_redirect('/index.php', MSG_NOT_LOGGED_IN_USER, MSG_TYPE_ERROR); } buckys_enqueue_stylesheet('trade.css'); buckys_enqueue_stylesheet('account.css'); buckys_enqueue_javascript('trade.js'); $TNB_GLOBALS['content'] = 'shipping_info'; //$TNB_GLOBALS['headerType'] = 'trade'; $view = []; $paramFillShippingInfoFromShop = get_secure_integer($_REQUEST['fill']); if ($paramFillShippingInfoFromShop == 'shop') { buckys_add_message('Before buying an item, you must fill out your shipping information in order to determine shipping fees.', MSG_TYPE_ERROR); } //Save Shipping info $tradeUserIns = new BuckysTradeUser(); $countryIns = new BuckysCountry(); if ($_POST['action'] == 'saveShippingInfo') { $paramData = ['shippingAddress' => $_POST['shippingAddress'], 'shippingAddress2' => $_POST['shippingAddress2'], 'shippingCity' => $_POST['shippingCity'], 'shippingState' => $_POST['shippingState'], 'shippingZip' => $_POST['shippingZip'], 'shippingCountryID' => $_POST['shippingCountryID']]; $retVal = $tradeUserIns->updateShippingInfo($userID, $paramData); if ($retVal == false) { $view['status'] = ['success' => false, 'message' => 'Something goes wrong! Please contact customer support.']; } else { $view['status'] = ['success' => true, 'message' => 'Your shipping info has been updated successfully.']; } } //Get offer_received info $view['trade_user_info'] = $tradeUserIns->getUserByID($userID); $view['country_list'] = $countryIns->getCountryList();
require dirname(dirname(__FILE__)) . '/includes/bootstrap.php'; //Getting Current User ID if (!buckys_check_user_acl(USER_ACL_REGISTERED)) { buckys_redirect('/index.php', MSG_PERMISSION_DENIED, MSG_TYPE_ERROR); } $userID = buckys_is_logged_in(); $classAds = new BuckysAds(); //Add Funds if (isset($_POST['action']) && $_POST['action'] == 'add-funds') { if (!buckys_check_form_token()) { buckys_redirect('/ads/advertiser.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } $adID = buckys_escape_query_integer($_POST['id']); $adDetail = $classAds->getAdById($adID); if (!$adDetail || $adDetail['ownerID'] != $userID && buckys_check_user_acl(USER_ACL_MODERATOR)) { buckys_redirect('/ads/advertiser.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } $result = $classAds->addFunds($userID, $adID, $_POST['amount']); buckys_add_message($classAds->last_message, $result ? MSG_TYPE_SUCCESS : MSG_TYPE_ERROR); } buckys_enqueue_stylesheet('publisher.css'); $adID = buckys_escape_query_integer($_GET['id']); $adDetail = $classAds->getAdById($adID); if (!$adDetail || $adDetail['ownerID'] != $userID && buckys_check_user_acl(USER_ACL_MODERATOR)) { buckys_redirect('/ads/advertiser.php'); } $TNB_GLOBALS['headerType'] = "ads"; $TNB_GLOBALS['content'] = "ads/view"; buckys_enqueue_javascript('jquery.number.js'); $TNB_GLOBALS['title'] = "View Ad - thenewboston Ads"; require DIR_FS_TEMPLATE . $TNB_GLOBALS['template'] . "/" . $TNB_GLOBALS['layout'] . ".php";
/** * @param $email * @param $token * @return bool */ public static function verifyAccount($email, $token) { global $db; $query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE token=%s AND email=%s AND STATUS=0", $token, $email); $userID = $db->getVar($query); if (!$userID) { buckys_add_message(MSG_INVALID_TOKEN, MSG_TYPE_ERROR); return false; } //Verify links $query = $db->prepare("UPDATE " . TABLE_USERS . " SET status=1, token='' WHERE userID=%d", $userID); $db->query($query); buckys_add_message(MSG_ACCOUNT_VERIFIED, MSG_TYPE_SUCCESS); //Make this user to friend with bucky $query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE email=%s", TNB_ADMIN_EMAIL); $buckysID = $db->getVar($query); //$buckysID = $db->getVar("Select userID FROM " . TABLE_USERS . " WHERE email='*****@*****.**'"); $db->insertFromArray(TABLE_FRIENDS, ['userID' => $buckysID, 'userFriendID' => $userID, 'status' => '1']); $db->insertFromArray(TABLE_FRIENDS, ['userID' => $userID, 'userFriendID' => $buckysID, 'status' => '1']); //Create Bitcoin account BuckysBitcoin::createWallet($userID, $email); //Create Default Ads for the users $classPublisherAds = new BuckysPublisherAds(); $classPublisherAds->createDefaultPublisherAds($userID); return true; }
$categoryID = isset($_GET['id']) ? $_GET['id'] : 0; if (isset($_REQUEST['action'])) { if ($_REQUEST['action'] == 'follow' || $_REQUEST['action'] == 'unfollow') { if (!($userID = buckys_is_logged_in()) && buckys_check_form_token('request')) { buckys_redirect(isset($_REQUEST['return']) ? base64_decode($_REQUEST['return']) : '/forum', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } $category = BuckysForumCategory::getCategory($categoryID); if (!$category || $_REQUEST['action'] == 'follow' && BuckysForumFollower::isFollow($category['categoryID'], $userID) || $_REQUEST['action'] == 'unfollow' && !BuckysForumFollower::isFollow($category['categoryID'], $userID) || $category['creatorID'] == $userID) { buckys_redirect(isset($_REQUEST['return']) ? base64_decode($_REQUEST['return']) : '/forum', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } if ($_REQUEST['action'] == 'follow') { BuckysForumFollower::followForum($userID, $categoryID); buckys_add_message(MSG_FOLLOW_FORUM_SUCCESS); } else { BuckysForumFollower::unfollowForum($userID, $categoryID); buckys_add_message(MSG_UNFOLLOW_FORUM_SUCCESS); } buckys_redirect(isset($_REQUEST['return']) ? base64_decode($_REQUEST['return']) : '/forum'); } } $category = BuckysForumCategory::getCategory($categoryID); if (!$category) { buckys_redirect('/forum'); } //Getting Topics by category id $page = isset($_GET['page']) ? $_GET['page'] : 1; $orderby = isset($_GET['orderby']) ? $_GET['orderby'] : 'recent'; switch ($orderby) { case 'recent': $orderbyString = 'lastReplyDate DESC'; break;
/** * @param $userID * @return bool */ private function _getTransactions($userID) { global $db; $bitcoinInfo = BuckysUser::getUserBitcoinInfo($userID); //Getting User Last Transaction $query = $db->prepare("SELECT * FROM " . TABLE_USERS_BITCOIN_TRANSACTIONS_HISTORY . " WHERE userID=%d ORDER BY `date` DESC", $userID); $lastTrans = $db->getRow($query); $limit = 20; $offset = 0; do { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_URL, 'https://blockchain.info/address/' . $bitcoinInfo['bitcoin_address'] . '?format=json&limit=' . $limit . '&offset=' . $offset); $return = curl_exec($ch); curl_close($ch); $returnData = json_decode($return); if (!$returnData) { buckys_add_message("There was an error to get transactions: " . $return, MSG_TYPE_ERROR); return false; } if (isset($returnData->error)) { buckys_add_message('There was an error to get transactions: ' . $returnData->error, MSG_TYPE_ERROR); return false; } else { $transactions = $returnData->txs; if (!$transactions) { $this->fixBalances($userID, !$lastTrans ? 0.0 : $lastTrans['balance']); return true; } foreach ($transactions as $trx) { if ($lastTrans && $lastTrans['hash'] == $trx->hash) { $this->fixBalances($userID, !$lastTrans ? 0.0 : $lastTrans['balance']); return true; } $row = []; $row['userID'] = $userID; $row['hash'] = $trx->hash; $row['date'] = $trx->time; $row['balance'] = -1.0; $row['addr'] = []; $row['amount'] = []; $row['totalAmount'] = 0; if ($trx->inputs[0]->prev_out->addr != $bitcoinInfo['bitcoin_address']) { $row['addr'][] = $trx->inputs[0]->prev_out->addr; foreach ($trx->out as $out) { if ($out->addr == $bitcoinInfo['bitcoin_address']) { $row['amount'][] = intval($out->value); $row['totalAmount'] += intval($out->value); } } $row['type'] = 'received'; } else { //Send Bitcoin foreach ($trx->out as $out) { if ($out->addr != $bitcoinInfo['bitcoin_address']) { $row['addr'][] = $out->addr; $row['amount'][] = -1 * intval($out->value); $row['totalAmount'] += intval($out->value); } } if (!$row['addr']) { $row['addr'][] = $trx->out[0]->addr; $row['amount'][] = -1 * intval($trx->out[0]->value); $row['totalAmount'] += 0; } $row['type'] = 'sent'; $row['totalAmount'] += ceil($trx->size / 1000) * 10000; } $row['addr'] = implode("\n", $row['addr']); $row['amount'] = implode("\n", $row['amount']); $db->insertFromArray(TABLE_USERS_BITCOIN_TRANSACTIONS_HISTORY, $row); } if (count($transactions) < $limit) { $this->fixBalances($userID, !$lastTrans ? 0.0 : $lastTrans['balance']); return true; } } $offset += $limit; } while (1); return true; }
if (!buckys_check_user_acl(USER_ACL_MODERATOR)) { buckys_redirect('/index.php', MSG_PERMISSION_DENIED, MSG_TYPE_ERROR); } if (isset($_REQUEST['action'])) { if ($_REQUEST['action'] == 'delete-objects') { BuckysReport::deleteObjects($_REQUEST['reportID']); buckys_add_message(MSG_REPORTED_OBJECT_REMOVED); } else { if ($_REQUEST['action'] == 'approve-objects') { BuckysReport::approveObjects($_REQUEST['reportID']); buckys_add_message(MSG_REPORTED_OBJECT_APPROVED); } else { if ($_REQUEST['action'] == 'ban-users') { $return = BuckysReport::banUsers($_REQUEST['reportID']); if ($return > 0) { buckys_add_message(MSG_BAN_USERS); } } } } buckys_redirect('/reported.php'); exit; } $page = isset($_GET['page']) ? $_GET['page'] : 1; $totalCount = BuckysReport::getReportedObjectCount(); //Init Pagination Class $pagination = new Pagination($totalCount, BuckysReport::$COUNT_PER_PAGE, $page); $page = $pagination->getCurrentPage(); $objects = BuckysReport::getReportedObject($page, BuckysReport::$COUNT_PER_PAGE); buckys_enqueue_stylesheet('account.css'); buckys_enqueue_stylesheet('moderator.css');
/** * Ban users * * @param Array $ids * @return int */ public static function banUsers($ids) { global $db; if (!is_array($ids)) { $ids = [$ids]; } $query = "SELECT * FROM " . TABLE_REPORTS . " WHERE reportID IN (" . implode(", ", $ids) . ")"; $rows = $db->getResultsArray($query); $bannedUsers = 0; $adminUsers = 0; foreach ($rows as $row) { //Getting User ID if ($row['objectType'] == 'post') { $query = "SELECT poster FROM " . TABLE_POSTS . " WHERE postID=" . $row['objectID']; } else { if ($row['objectType'] == 'comment') { $query = "SELECT commenter FROM " . TABLE_POSTS_COMMENTS . " WHERE commentID=" . $row['objectID']; } else { if ($row['objectType'] == 'video_comment') { $query = "SELECT userID FROM " . TABLE_VIDEO_COMMENTS . " WHERE commentID=" . $row['objectID']; } else { if ($row['objectType'] == 'message') { $query = "SELECT sender FROM " . TABLE_MESSAGES . " WHERE messageID=" . $row['objectID']; } else { if ($row['objectType'] == 'topic') { $query = "SELECT creatorID FROM " . TABLE_FORUM_TOPICS . " WHERE topicID=" . $row['objectID']; } else { if ($row['objectType'] == 'reply') { $query = "SELECT creatorID FROM " . TABLE_FORUM_REPLIES . " WHERE replyID=" . $row['objectID']; } } } } } } $userID = $db->getVar($query); if ($userID) { if (!buckys_check_user_acl(USER_ACL_MODERATOR, $userID)) { BuckysBanUser::banUser($userID); $bannedUsers++; } else { $adminUsers++; } } } if ($adminUsers > 0) { buckys_add_message(MSG_CAN_NOT_BAN_ADMIN, MSG_TYPE_NOTIFY); } return $bannedUsers; }
/** * @param $id * @param $file * @param int $x * @param int $y * @param $size * @return bool|void */ public static function saveForumImage($id, $file, $x = 0, $y = 0, $size) { global $db; $sourceFile = DIR_FS_PHOTO_TMP . $file; $destFile = DIR_FS_ROOT . "images/forum/logos/" . $file; $destFile1 = DIR_FS_ROOT . "images/forum/icons/" . $file; list($width, $height, $type, $attr) = getimagesize(DIR_FS_PHOTO_TMP . $file); if ($width > MAX_IMAGE_WIDTH || $height > MAX_IMAGE_HEIGHT) { buckys_add_message(MSG_PHOTO_MAX_SIZE_ERROR, MSG_TYPE_ERROR); return false; } $destType = image_type_to_mime_type($type); //Create Logo File buckys_resize_image($sourceFile, $destFile, $destType, 350, 350, $x, $y, $size, $size); buckys_resize_image($sourceFile, $destFile1, $destType, 30, 30, $x, $y, $size, $size); //Update Category $query = $db->prepare("UPDATE " . TABLE_FORUM_CATEGORIES . " SET `image`=%s WHERE categoryID=%d", $file, $id); $db->query($query); return; }
public function verifyAccount($email, $token) { global $db; $query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE token=%s AND email=%s AND status=0", $token, $email); $userID = $db->getVar($query); if (!$userID) { buckys_add_message(MSG_INVALID_TOKEN, MSG_TYPE_ERROR); return false; } //Verify links $query = $db->prepare("UPDATE " . TABLE_USERS . " SET status=1, token='' WHERE userID=%d", $userID); $db->query($query); buckys_add_message(MSG_ACCOUNT_VERIFIED, MSG_TYPE_SUCCESS); //make this user to friend with bucky $buckysID = $db->getVar("Select userID FROM " . TABLE_USERS . " WHERE email='*****@*****.**'"); $db->insertFromArray(TABLE_FRIENDS, array('userID' => $buckysID, 'userFriendID' => $userID, 'status' => '1')); $db->insertFromArray(TABLE_FRIENDS, array('userID' => $userID, 'userFriendID' => $buckysID, 'status' => '1')); return true; }
buckys_redirect("/page_add.php", MSG_PAGE_NAME_EMPTY, MSG_TYPE_ERROR); } if (!$_POST['file']) { buckys_redirect("/page_add.php", MSG_PAGE_LOGO_EMPTY, MSG_TYPE_ERROR); } if (!isset($_POST['file']) || strpos($_POST['file'], "../") !== false || !file_exists(DIR_FS_PHOTO_TMP . $_POST['file'])) { buckys_redirect("/page_add.php", MSG_FILE_UPLOAD_ERROR, MSG_TYPE_ERROR); } $fileParts = pathinfo($_POST['file']); if (!in_array(strtolower($fileParts['extension']), $TNB_GLOBALS['imageTypes'])) { buckys_redirect("/page_add.php", MSG_INVALID_PHOTO_TYPE, MSG_TYPE_ERROR); return false; } $pageClass = new BuckysPage(); if ($pageID = $pageClass->addPage($userID, $_POST)) { buckys_add_message(MSG_PAGE_CREATED_SUCCESSFULLY, MSG_TYPE_SUCCESS); buckys_redirect("/page.php?pid=" . $pageID); } else { buckys_redirect("/page_add.php"); } } buckys_enqueue_stylesheet('account.css'); buckys_enqueue_stylesheet('uploadify.css'); buckys_enqueue_stylesheet('jquery.Jcrop.css'); buckys_enqueue_stylesheet('posting.css'); buckys_enqueue_stylesheet('page.css'); buckys_enqueue_javascript('uploadify/jquery.uploadify.js'); buckys_enqueue_javascript('jquery.Jcrop.js'); buckys_enqueue_javascript('jquery.color.js'); buckys_enqueue_javascript('add_page.js'); $TNB_GLOBALS['content'] = 'page_add';
BuckysForumModerator::approveApplicants($categoryID, $applicants); buckys_redirect("/forum/moderator.php?id=" . $categoryID, MSG_APPLICANTS_APPROVED); } } else { if ($_REQUEST['action'] == 'Decline') { //Check forum token if (!buckys_check_form_token('request')) { buckys_redirect('/forum/category.php?id=' . $categoryID, MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Admin, Site Moderator, Category Admin and Category Moderator can't apply if (!(buckys_is_admin() || buckys_is_moderator() || buckys_is_forum_admin($category['categoryID']))) { buckys_redirect('/forum/category.php?id=' . $categoryID, MSG_PERMISSION_DENIED, MSG_TYPE_ERROR); } $applicants = isset($_POST['applicant']) ? $_POST['applicant'] : null; if (!$applicants) { buckys_add_message(MSG_NO_APPLICANTS_SELECTED, MSG_TYPE_ERROR); } else { BuckysForumModerator::declineApplicants($categoryID, $applicants); buckys_redirect("/forum/moderator.php?id=" . $categoryID, MSG_APPLICANTS_DECLINED); } } else { if ($_REQUEST['action'] == 'delete-moderator') { //Check forum token if (!buckys_check_form_token('request')) { buckys_redirect('/forum/category.php?id=' . $categoryID, MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Admin, Site Moderator, Category Admin and Category Moderator can't apply if (!(buckys_is_admin() || buckys_is_moderator() || buckys_is_forum_admin($category['categoryID']))) { buckys_redirect('/forum/category.php?id=' . $categoryID, MSG_PERMISSION_DENIED, MSG_TYPE_ERROR); } $moderator = buckys_escape_query_integer($_REQUEST['moderator']);
/** * Redirect to the url * If $msg is not null, set the message to the session * * @param String $url * @param String $msg * @param int $msg_type: MSG_TYPE_SUCCESS(1)=success, MSG_TYPE_ERROR(0)=error, MSG_TYPE_NOTIFY(2)=notification */ function buckys_redirect($url, $msg = null, $msg_type = MSG_TYPE_SUCCESS) { if ($msg) { buckys_add_message($msg, $msg_type); } header("Location: " . $url); exit; }
/** * Archive order ID */ function archiveOrder() { $paramOrderID = get_secure_integer($_REQUEST['id']); $userID = buckys_is_logged_in(); $orderIns = new BuckysShopOrder(); $flag = $orderIns->archiveOrder($userID, $paramOrderID); if ($flag) { buckys_add_message('An item has been archived successfully', MSG_TYPE_SUCCESS); } else { buckys_add_message(MSG_PERMISSION_DENIED, MSG_TYPE_ERROR); } buckys_redirect('/shop/purchase.php'); }
/** * Remove item id by userID & itemID : the Item should be belonged to the user * * @param integer $itemID * @param integer $userID * @return bool|void */ public function removeItemByUserID($itemID, $userID) { global $db; if (is_numeric($userID) && is_numeric($itemID)) { //Check if this item is new (not traded). If it has been traded already, then it couldn't be deleted $itemData = $this->getItemById($itemID); if ($itemData['status'] == BuckysTradeItem::STATUS_ITEM_ACTIVE && $itemData['userID'] == $userID) { $this->removeItems([$itemID]); //After deleting the items, it will remove related offers which are related to this item. $tradeOfferIns = new BuckysTradeOffer(); $tradeOfferIns->removeRelatedOffers($itemID); buckys_add_message('An item has been removed successfully.'); return true; } } buckys_add_message('Something goes wrong. Please contact customer support!'); return; }
case 'follow': $paramPageID = get_secure_integer($_REQUEST['pid']); $result = $pageFollowerIns->addFollower($paramPageID, $userID); if ($result) { buckys_add_message(MSG_FOLLOW_PAGE_SUCCESS, MSG_TYPE_SUCCESS); } else { buckys_add_message(MSG_FOLLOW_PAGE_FAIL, MSG_TYPE_ERROR); } break; //==================== Add New Page ====================// //==================== Add New Page ====================// case 'unfollow': $paramPageID = get_secure_integer($_REQUEST['pid']); $result = $pageFollowerIns->removeFollower($paramPageID, $userID); if ($result) { buckys_add_message(MSG_UNFOLLOW_PAGE_SUCCESS, MSG_TYPE_SUCCESS); } break; //==================== Add New Page ====================// //==================== Add New Page ====================// case '': break; } } if (isset($_REQUEST['pid']) && is_numeric($_REQUEST['pid'])) { //Display page info $paramPageID = get_secure_integer($_REQUEST['pid']); $paramPostID = isset($_REQUEST['post']) ? get_secure_integer($_REQUEST['post']) : null; $paramPostsOnly = isset($_REQUEST['postsonly']) ? get_secure_integer($_REQUEST['postsonly']) : null; $view['show_all_post'] = false; if ($paramPostsOnly) {
require dirname(__FILE__) . '/includes/bootstrap.php'; //Getting Current User ID $userID = buckys_is_logged_in(); //If the parameter is null, goto homepage if ($userID) { buckys_redirect('/account.php'); } $token = isset($_REQUEST['token']) ? $_REQUEST['token'] : ''; if (!$token) { buckys_redirect('/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } if (!($userID = BuckysUsersToken::checkTokenValidity($token, 'password'))) { buckys_redirect('/register.php?forgotpwd=1', MSG_USER_TOKEN_LINK_NOT_CORRECT, MSG_TYPE_ERROR); } if (isset($_POST['action']) && $_POST['action'] == 'reset-password') { if (!$_POST['password'] || !$_POST['password']) { buckys_add_message(MSG_EMPTY_PASSWORD, MSG_TYPE_ERROR); } else { if ($_POST['password'] != $_POST['password']) { buckys_add_message(MSG_NOT_MATCH_PASSWORD, MSG_TYPE_ERROR); } else { $pwd = buckys_encrypt_password($_POST['password']); BuckysUser::updateUserFields($userID, ['password' => $pwd]); buckys_redirect('/index.php', MSG_PASSWORD_UPDATED); } } } buckys_enqueue_stylesheet('register.css'); buckys_enqueue_javascript('register.js'); $TNB_GLOBALS['content'] = 'reset_password'; require DIR_FS_TEMPLATE . $TNB_GLOBALS['template'] . "/" . $TNB_GLOBALS['layout'] . ".php";
/** * Remove products from user's shop * * @param integer $prodID * @param integer $userID * @return bool|void */ public function removeProductByUserID($prodID, $userID) { global $db; if (is_numeric($userID) && is_numeric($prodID)) { //Check if this product is new (not sold). If it has been sold already, then it couldn't be deleted $prodData = $this->getProductById($prodID); if ($prodData['status'] == BuckysShopProduct::STATUS_ACTIVE && $prodData['userID'] == $userID) { $this->removeProducts([$prodID]); buckys_add_message('An item has been removed successfully.'); return true; } } buckys_add_message('Something goes wrong. Please contact customer support!'); return; }
/** * Like Post * * * @param int $userID * @param int $postID */ public function likePost($userID, $postID, $action) { global $db; $post = BuckysPost::getPostById($postID); if (!$post || $post['poster'] == $userID) { buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR); return false; } if ($post['visibility'] == 0 && !BuckysFriend::isFriend($userID, $post['poster'])) { buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR); return false; } //Check already like it or not $query = $db->prepare("SELECT likeID FROM " . TABLE_POSTS_LIKES . " WHERE userID=%s AND postID=%s", $userID, $postID); $likeId = $db->getVar($query); if ($action == 'likePost') { if ($likeId) { buckys_add_message(MSG_ALREADY_LIKED_POST, MSG_TYPE_ERROR); return false; } //Like This post $rs = $db->insertFromArray(TABLE_POSTS_LIKES, array('userID' => $userID, 'postID' => $postID)); //Update likes on the posts table $query = $db->prepare('UPDATE ' . TABLE_POSTS . ' SET `likes`=`likes` + 1 WHERE postID=%d', $postID); $db->query($query); //Add Activity BuckysActivity::addActivity($userID, $postID, 'post', 'like', $rs); //Increase Hits BuckysHit::addHit($postID, $userID); return $rs; } else { if ($action == 'unlikePost') { if (!$likeId) { buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR); return false; } $query = $db->prepare("DELETE FROM " . TABLE_POSTS_LIKES . " WHERE userID=%s AND postID=%s", $userID, $postID); $db->query($query); //Update likes on the posts table $query = $db->prepare('UPDATE ' . TABLE_POSTS . ' SET `likes`=`likes` - 1 WHERE postID=%d', $postID); $db->query($query); //Increase Hits BuckysHit::removeHit($postID, $userID); return true; } } }