/**
* Add pages
*
* @param Array $data
* @return int
*/
public function addPage($userID, $data)
{
global $db;
if (!is_numeric($userID) || $data['pageName'] == '') {
return;
}
// failed
//Create Links
$links = [];
if (isset($data['title'])) {
foreach ($data['title'] as $i => $title) {
$links[] = ['title' => trim(strip_tags($title)), 'link' => trim(strip_tags($data['url'][$i]))];
}
}
//Move Image File
list($width, $height, $type, $attr) = getimagesize(DIR_FS_PHOTO_TMP . $data['file']);
if ($width > MAX_IMAGE_WIDTH || $height > MAX_IMAGE_HEIGHT) {
buckys_add_message(MSG_PHOTO_MAX_SIZE_ERROR, MSG_TYPE_ERROR);
return false;
}
$ratio = floatval($width / $data['width']);
$sourceWidth = ($data['x2'] - $data['x1']) * $ratio;
BuckysPost::moveFileFromTmpToUserFolder($userID, $data['file'], PROFILE_IMAGE_WIDTH, PROFILE_IMAGE_HEIGHT, $data['x1'] * $ratio, $data['y1'] * $ratio, $sourceWidth, $sourceWidth);
$query = $db->prepare("INSERT INTO " . TABLE_PAGES . "(`userID`, `title`, `logo`, `about`, `links`, `createdDate`, `status`)\n VALUES(%d, %s, %s, %s, %s, %s, 1)", $userID, $data['pageName'], $data['file'], $data['pageDescription'], serialize($links), date('Y-m-d H:i:s'));
if (!($newID = $db->insert($query))) {
buckys_add_message($db->getLastError(), MSG_TYPE_ERROR);
}
return $newID;
}
/**
* Create New Message
*
* @param mixed $data
*/
public function composeMessage($data)
{
global $db;
$receivers = $data['to'];
if (!buckys_not_null($receivers)) {
buckys_add_message(MSG_SENDER_EMPTY_ERROR, MSG_TYPE_ERROR);
return false;
}
if (trim($data['subject']) == '') {
buckys_add_message(MSG_MESSAGE_SUBJECT_EMPTY_ERROR, MSG_TYPE_ERROR);
return false;
}
if (trim($data['body']) == '') {
buckys_add_message(MSG_MESSAGE_BODY_EMPTY_ERROR, MSG_TYPE_ERROR);
return false;
}
$createdDate = date("Y-m-d H:i:s");
if (!is_array($receivers)) {
$receivers = array($receivers);
}
//Remove Duplicated Messages
$receivers = array_unique($receivers);
$nonFriend = array();
$sents = array();
$errors = array();
$isError = false;
foreach ($receivers as $receiver) {
//Create A message row for Sender
$sender = $data['userID'];
$receiverInfo = BuckysUser::getUserBasicInfo($receiver);
//confirm that current user and receiver is friend
/*if(!BuckysFriend::isFriend($receiver, $sender))
{
$nonFriend[] = $receiverInfo['firstName'] . " " . $receiverInfo['lastName'];
$isError = true;
continue;
}*/
$insertData = array('userID' => $sender, 'sender' => $sender, 'receiver' => $receiver, 'subject' => $data['subject'], 'body' => $data['body'], 'status' => 'read', 'created_date' => $createdDate);
$newId1 = $db->insertFromArray(TABLE_MESSAGES, $insertData);
//Create A message row for receiver
$sender = $data['userID'];
$insertData = array('userID' => $receiver, 'sender' => $sender, 'receiver' => $receiver, 'subject' => $data['subject'], 'body' => $data['body'], 'status' => 'unread', 'created_date' => $createdDate);
$newId2 = $db->insertFromArray(TABLE_MESSAGES, $insertData);
$sents[] = $receiverInfo['firstName'] . ' ' . $receiverInfo['lastName'];
}
if (count($sents) > 0) {
buckys_add_message(MSG_NEW_MESSAGE_SENT, MSG_TYPE_SUCCESS);
}
if (count($nonFriend) > 0) {
if (count($nonFriend) > 1) {
$msg = sprintf(MSG_COMPOSE_MESSAGE_ERROR_TO_NON_FRIENDS, implode(", ", $nonFriend));
} else {
$msg = sprintf(MSG_COMPOSE_MESSAGE_ERROR_TO_NON_FRIEND, $nonFriend[0]);
}
buckys_add_message($msg, MSG_TYPE_ERROR);
}
return !$isError;
}
/**
* Create New Album
*
* @param Int $userID
* @param String $title
* @return bool|int|null|string
*/
public static function createAlbum($userID, $title, $visibility)
{
global $db;
$now = date('Y-m-d H:i:s');
$newId = $db->insertFromArray(TABLE_ALBUMS, ['owner' => $userID, 'name' => $title, 'created_date' => $now, 'visibility' => $visibility]);
if (!$newId) {
buckys_add_message($db->getLastError(), MSG_TYPE_ERROR);
return false;
} else {
//Success
buckys_add_message(MSG_NEW_ALBUM_CREATED, MSG_TYPE_SUCCESS);
return $newId;
}
}
/**
* @param $data
* @return bool|int|string
*/
public static function createTopic($data)
{
global $db, $TNB_GLOBALS;
$title = trim($data['title']);
$category = trim($data['category']);
$content = $data['content'];
if (!$title || !$category || !$content) {
return MSG_ALL_FIELDS_REQUIRED;
}
//Check Category ID is valid or not
$query = $db->prepare("SELECT categoryID FROM " . TABLE_FORUM_CATEGORIES . " WHERE categoryID=%d", $category);
$categoryID = $db->getVar($query);
if (!$categoryID) {
return MSG_INVALID_REQUEST;
}
$content = buckys_remove_tags_inside_code($content);
//Remove Invalid Image URLs
$content = buckys_remove_invalid_image_urls($content);
$query = "INSERT INTO " . TABLE_FORUM_TOPICS . "(\n `topicTitle`, \n `topicContent`, \n `categoryID`, \n `creatorID`, \n `createdDate`, \n `replies`, \n `lastReplyID`, \n `lastReplyDate`, \n `lastReplierID`, \n `views`, \n `status`\n )VALUES(\n '" . $db->escapeInput($title) . "',\n '" . $db->escapeInput($content, false) . "',\n '" . $db->escapeInput($categoryID) . "',\n '" . $TNB_GLOBALS['user']['userID'] . "',\n '" . date("Y-m-d H:i:s") . "',\n '0',\n '0',\n '0000-00-00 00:00:00',\n '0',\n '0',\n 'pending'\n )";
$db->query($query);
$newID = $db->getLastInsertId();
if (!$newID) {
buckys_add_message($db->getLastError(), MSG_TYPE_ERROR);
return false;
}
//If the user has more than 5 actived posts(topics or replies), update the topic status to 1
$count1 = $db->getVar("SELECT count(1) FROM " . TABLE_FORUM_TOPICS . " WHERE creatorID=" . $TNB_GLOBALS['user']['userID'] . " AND `status`='publish'");
$count2 = $db->getVar("SELECT count(1) FROM " . TABLE_FORUM_REPLIES . " WHERE creatorID=" . $TNB_GLOBALS['user']['userID'] . " AND `status`='publish'");
if ($count1 + $count2 >= 5) {
$db->updateFromArray(TABLE_FORUM_TOPICS, ['status' => 'publish'], ['topicID' => $newID]);
//Update Category Table
$db->query("UPDATE " . TABLE_FORUM_CATEGORIES . " SET lastTopicID=" . $newID . ", `topics`=`topics` + 1 WHERE categoryID=" . $categoryID);
//Increase user posts count
$db->query("UPDATE " . TABLE_USERS . " SET `posts_count`=`posts_count` + 1 WHERE userID=" . $TNB_GLOBALS['user']['userID']);
buckys_add_message(MSG_TOPIC_POSTED_SUCCESSFULLY, MSG_TYPE_SUCCESS);
return $newID;
}
buckys_add_message(MSG_POST_IS_UNDER_PREVIEW, MSG_TYPE_SUCCESS);
return $newID;
}
}
exit;
//==================== Follow This Page ====================//
//==================== Follow This Page ====================//
case 'follow':
$isAjax = isset($_REQUEST['buckys_ajax']) ? true : false;
if ($isAjax) {
header('Content-type: application/xml');
}
if (!buckys_check_form_token('request')) {
if ($isAjax) {
$resultXML = ['status' => 'error', 'message' => MSG_INVALID_REQUEST];
render_result_xml($resultXML);
exit;
} else {
buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
}
}
$paramPageID = get_secure_integer($_REQUEST['pid']);
$result = $pageFollowerIns->addFollower($paramPageID, $userID);
if ($result) {
if ($isAjax) {
$resultXML = ['status' => 'success', 'message' => 'MSG_FOLLOW_PAGE_SUCCESS', 'html' => 'Unfollow', 'link' => '/page.php?action=unfollow&pid=' . $paramPageID . buckys_get_token_param()];
render_result_xml($resultXML);
exit;
} else {
buckys_redirect('/page.php?pid=' . $paramPageID, MSG_FOLLOW_PAGE_SUCCESS, MSG_TYPE_SUCCESS);
}
} else {
if ($isAjax) {
$resultXML = ['status' => 'error', 'message' => MSG_FOLLOW_PAGE_FAIL];
buckys_redirect("/index.php");
}
if (!$_POST['currentPassword'] || !$_POST['newPassword'] || !$_POST['newPassword2']) {
buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
$isValid = false;
} else {
if ($_POST['newPassword'] != $_POST['newPassword2']) {
buckys_redirect("/change_password.php", MSG_NOT_MATCH_PASSWORD, MSG_TYPE_ERROR);
$isValid = false;
}
}
//Check Current Password
$data = BuckysUser::getUserData($userID);
if (!$data) {
buckys_redirect("/index.php");
}
if (!buckys_validate_password($_POST['currentPassword'], $data['password'])) {
buckys_add_message(MSG_CURRENT_PASSWORD_NOT_CORRECT, MSG_TYPE_ERROR);
$isValid = false;
}
if ($isValid) {
$pwd = buckys_encrypt_password($_POST['newPassword']);
BuckysUser::updateUserFields($userID, array('password' => $pwd));
buckys_redirect('/change_password.php', MSG_PASSWORD_UPDATED);
}
}
buckys_enqueue_stylesheet('account.css');
buckys_enqueue_stylesheet('info.css');
$BUCKYS_GLOBALS['content'] = 'change_password';
$BUCKYS_GLOBALS['title'] = "Change Password - BuckysRoom";
require DIR_FS_TEMPLATE . $BUCKYS_GLOBALS['template'] . "/" . $BUCKYS_GLOBALS['layout'] . ".php";
/**
* @return bool
*/
public static function resetVotes()
{
global $db;
//Check user acl again
if (!buckys_check_user_acl(USER_ACL_ADMINISTRATOR)) {
buckys_add_message(MSG_PERMISSION_DENIED, MSG_TYPE_ERROR);
return false;
}
$db->query("DELETE FROM " . TABLE_MODERATOR_CANDIDATES);
$db->query("DELETE FROM " . TABLE_MODERATOR_VOTES);
return true;
}
/**
* Like Post
*
* @param int $userID
* @param int $postID
* @param $action
* @param bool $checkToken
* @return bool|int|null|string
*/
public static function likePost($userID, $postID, $action, $checkToken = true)
{
global $db;
$post = BuckysPost::getPostById($postID);
if ($checkToken && !buckys_check_form_token('request')) {
buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
return false;
}
if (!$post || $post['poster'] == $userID) {
buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
return false;
}
if ($post['visibility'] == 0 && !BuckysFriend::isFriend($userID, $post['poster'])) {
buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
return false;
}
if (!BuckysUsersDailyActivity::checkUserDailyLimit($userID, 'likes')) {
buckys_add_message(sprintf(MSG_DAILY_LIKES_LIMIT_EXCEED_ERROR, USER_DAILY_LIMIT_LIKES), MSG_TYPE_ERROR);
return false;
}
//Check already like it or not
$query = $db->prepare("SELECT likeID FROM " . TABLE_POSTS_LIKES . " WHERE userID=%s AND postID=%s", $userID, $postID);
$likeId = $db->getVar($query);
if ($action == 'likePost') {
if ($likeId) {
buckys_add_message(MSG_ALREADY_LIKED_POST, MSG_TYPE_ERROR);
return false;
}
BuckysUsersDailyActivity::addLikes($userID);
//Like This post
$rs = $db->insertFromArray(TABLE_POSTS_LIKES, ['userID' => $userID, 'postID' => $postID]);
//Update likes on the posts table
$query = $db->prepare('UPDATE ' . TABLE_POSTS . ' SET `likes`=`likes` + 1 WHERE postID=%d', $postID);
$db->query($query);
//Add Activity
$activityId = BuckysActivity::addActivity($userID, $postID, 'post', 'like', $rs);
//Add Notification
BuckysActivity::addNotification($post['poster'], $activityId, BuckysActivity::NOTIFICATION_TYPE_LIKE_POST);
//Increase Hits
BuckysHit::addHit($postID, $userID);
//Update User Stats
BuckysUser::updateStats($post['poster'], 'likes', 1);
return $rs;
} else {
if ($action == 'unlikePost') {
if (!$likeId) {
buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
return false;
}
BuckysUsersDailyActivity::addLikes($userID);
$query = $db->prepare("DELETE FROM " . TABLE_POSTS_LIKES . " WHERE userID=%s AND postID=%s", $userID, $postID);
$db->query($query);
//Update likes on the posts table
$query = $db->prepare('UPDATE ' . TABLE_POSTS . ' SET `likes`=`likes` - 1 WHERE postID=%d', $postID);
$db->query($query);
//Increase Hits
BuckysHit::removeHit($postID, $userID);
//Update User Stats
BuckysUser::updateStats($post['poster'], 'likes', -1);
return true;
}
}
}
<?php
require dirname(__FILE__) . '/includes/bootstrap.php';
if (!($userID = buckys_is_logged_in())) {
buckys_redirect('/index.php', MSG_NOT_LOGGED_IN_USER, MSG_TYPE_ERROR);
}
buckys_enqueue_stylesheet('trade.css');
buckys_enqueue_stylesheet('account.css');
buckys_enqueue_javascript('trade.js');
$TNB_GLOBALS['content'] = 'shipping_info';
//$TNB_GLOBALS['headerType'] = 'trade';
$view = [];
$paramFillShippingInfoFromShop = get_secure_integer($_REQUEST['fill']);
if ($paramFillShippingInfoFromShop == 'shop') {
buckys_add_message('Before buying an item, you must fill out your shipping information in order to determine shipping fees.', MSG_TYPE_ERROR);
}
//Save Shipping info
$tradeUserIns = new BuckysTradeUser();
$countryIns = new BuckysCountry();
if ($_POST['action'] == 'saveShippingInfo') {
$paramData = ['shippingAddress' => $_POST['shippingAddress'], 'shippingAddress2' => $_POST['shippingAddress2'], 'shippingCity' => $_POST['shippingCity'], 'shippingState' => $_POST['shippingState'], 'shippingZip' => $_POST['shippingZip'], 'shippingCountryID' => $_POST['shippingCountryID']];
$retVal = $tradeUserIns->updateShippingInfo($userID, $paramData);
if ($retVal == false) {
$view['status'] = ['success' => false, 'message' => 'Something goes wrong! Please contact customer support.'];
} else {
$view['status'] = ['success' => true, 'message' => 'Your shipping info has been updated successfully.'];
}
}
//Get offer_received info
$view['trade_user_info'] = $tradeUserIns->getUserByID($userID);
$view['country_list'] = $countryIns->getCountryList();
require dirname(dirname(__FILE__)) . '/includes/bootstrap.php';
//Getting Current User ID
if (!buckys_check_user_acl(USER_ACL_REGISTERED)) {
buckys_redirect('/index.php', MSG_PERMISSION_DENIED, MSG_TYPE_ERROR);
}
$userID = buckys_is_logged_in();
$classAds = new BuckysAds();
//Add Funds
if (isset($_POST['action']) && $_POST['action'] == 'add-funds') {
if (!buckys_check_form_token()) {
buckys_redirect('/ads/advertiser.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
}
$adID = buckys_escape_query_integer($_POST['id']);
$adDetail = $classAds->getAdById($adID);
if (!$adDetail || $adDetail['ownerID'] != $userID && buckys_check_user_acl(USER_ACL_MODERATOR)) {
buckys_redirect('/ads/advertiser.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
}
$result = $classAds->addFunds($userID, $adID, $_POST['amount']);
buckys_add_message($classAds->last_message, $result ? MSG_TYPE_SUCCESS : MSG_TYPE_ERROR);
}
buckys_enqueue_stylesheet('publisher.css');
$adID = buckys_escape_query_integer($_GET['id']);
$adDetail = $classAds->getAdById($adID);
if (!$adDetail || $adDetail['ownerID'] != $userID && buckys_check_user_acl(USER_ACL_MODERATOR)) {
buckys_redirect('/ads/advertiser.php');
}
$TNB_GLOBALS['headerType'] = "ads";
$TNB_GLOBALS['content'] = "ads/view";
buckys_enqueue_javascript('jquery.number.js');
$TNB_GLOBALS['title'] = "View Ad - thenewboston Ads";
require DIR_FS_TEMPLATE . $TNB_GLOBALS['template'] . "/" . $TNB_GLOBALS['layout'] . ".php";
/**
* @param $email
* @param $token
* @return bool
*/
public static function verifyAccount($email, $token)
{
global $db;
$query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE token=%s AND email=%s AND STATUS=0", $token, $email);
$userID = $db->getVar($query);
if (!$userID) {
buckys_add_message(MSG_INVALID_TOKEN, MSG_TYPE_ERROR);
return false;
}
//Verify links
$query = $db->prepare("UPDATE " . TABLE_USERS . " SET status=1, token='' WHERE userID=%d", $userID);
$db->query($query);
buckys_add_message(MSG_ACCOUNT_VERIFIED, MSG_TYPE_SUCCESS);
//Make this user to friend with bucky
$query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE email=%s", TNB_ADMIN_EMAIL);
$buckysID = $db->getVar($query);
//$buckysID = $db->getVar("Select userID FROM " . TABLE_USERS . " WHERE email='*****@*****.**'");
$db->insertFromArray(TABLE_FRIENDS, ['userID' => $buckysID, 'userFriendID' => $userID, 'status' => '1']);
$db->insertFromArray(TABLE_FRIENDS, ['userID' => $userID, 'userFriendID' => $buckysID, 'status' => '1']);
//Create Bitcoin account
BuckysBitcoin::createWallet($userID, $email);
//Create Default Ads for the users
$classPublisherAds = new BuckysPublisherAds();
$classPublisherAds->createDefaultPublisherAds($userID);
return true;
}
$categoryID = isset($_GET['id']) ? $_GET['id'] : 0;
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'follow' || $_REQUEST['action'] == 'unfollow') {
if (!($userID = buckys_is_logged_in()) && buckys_check_form_token('request')) {
buckys_redirect(isset($_REQUEST['return']) ? base64_decode($_REQUEST['return']) : '/forum', MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
}
$category = BuckysForumCategory::getCategory($categoryID);
if (!$category || $_REQUEST['action'] == 'follow' && BuckysForumFollower::isFollow($category['categoryID'], $userID) || $_REQUEST['action'] == 'unfollow' && !BuckysForumFollower::isFollow($category['categoryID'], $userID) || $category['creatorID'] == $userID) {
buckys_redirect(isset($_REQUEST['return']) ? base64_decode($_REQUEST['return']) : '/forum', MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
}
if ($_REQUEST['action'] == 'follow') {
BuckysForumFollower::followForum($userID, $categoryID);
buckys_add_message(MSG_FOLLOW_FORUM_SUCCESS);
} else {
BuckysForumFollower::unfollowForum($userID, $categoryID);
buckys_add_message(MSG_UNFOLLOW_FORUM_SUCCESS);
}
buckys_redirect(isset($_REQUEST['return']) ? base64_decode($_REQUEST['return']) : '/forum');
}
}
$category = BuckysForumCategory::getCategory($categoryID);
if (!$category) {
buckys_redirect('/forum');
}
//Getting Topics by category id
$page = isset($_GET['page']) ? $_GET['page'] : 1;
$orderby = isset($_GET['orderby']) ? $_GET['orderby'] : 'recent';
switch ($orderby) {
case 'recent':
$orderbyString = 'lastReplyDate DESC';
break;
/**
* @param $userID
* @return bool
*/
private function _getTransactions($userID)
{
global $db;
$bitcoinInfo = BuckysUser::getUserBitcoinInfo($userID);
//Getting User Last Transaction
$query = $db->prepare("SELECT * FROM " . TABLE_USERS_BITCOIN_TRANSACTIONS_HISTORY . " WHERE userID=%d ORDER BY `date` DESC", $userID);
$lastTrans = $db->getRow($query);
$limit = 20;
$offset = 0;
do {
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_URL, 'https://blockchain.info/address/' . $bitcoinInfo['bitcoin_address'] . '?format=json&limit=' . $limit . '&offset=' . $offset);
$return = curl_exec($ch);
curl_close($ch);
$returnData = json_decode($return);
if (!$returnData) {
buckys_add_message("There was an error to get transactions: " . $return, MSG_TYPE_ERROR);
return false;
}
if (isset($returnData->error)) {
buckys_add_message('There was an error to get transactions: ' . $returnData->error, MSG_TYPE_ERROR);
return false;
} else {
$transactions = $returnData->txs;
if (!$transactions) {
$this->fixBalances($userID, !$lastTrans ? 0.0 : $lastTrans['balance']);
return true;
}
foreach ($transactions as $trx) {
if ($lastTrans && $lastTrans['hash'] == $trx->hash) {
$this->fixBalances($userID, !$lastTrans ? 0.0 : $lastTrans['balance']);
return true;
}
$row = [];
$row['userID'] = $userID;
$row['hash'] = $trx->hash;
$row['date'] = $trx->time;
$row['balance'] = -1.0;
$row['addr'] = [];
$row['amount'] = [];
$row['totalAmount'] = 0;
if ($trx->inputs[0]->prev_out->addr != $bitcoinInfo['bitcoin_address']) {
$row['addr'][] = $trx->inputs[0]->prev_out->addr;
foreach ($trx->out as $out) {
if ($out->addr == $bitcoinInfo['bitcoin_address']) {
$row['amount'][] = intval($out->value);
$row['totalAmount'] += intval($out->value);
}
}
$row['type'] = 'received';
} else {
//Send Bitcoin
foreach ($trx->out as $out) {
if ($out->addr != $bitcoinInfo['bitcoin_address']) {
$row['addr'][] = $out->addr;
$row['amount'][] = -1 * intval($out->value);
$row['totalAmount'] += intval($out->value);
}
}
if (!$row['addr']) {
$row['addr'][] = $trx->out[0]->addr;
$row['amount'][] = -1 * intval($trx->out[0]->value);
$row['totalAmount'] += 0;
}
$row['type'] = 'sent';
$row['totalAmount'] += ceil($trx->size / 1000) * 10000;
}
$row['addr'] = implode("\n", $row['addr']);
$row['amount'] = implode("\n", $row['amount']);
$db->insertFromArray(TABLE_USERS_BITCOIN_TRANSACTIONS_HISTORY, $row);
}
if (count($transactions) < $limit) {
$this->fixBalances($userID, !$lastTrans ? 0.0 : $lastTrans['balance']);
return true;
}
}
$offset += $limit;
} while (1);
return true;
}
if (!buckys_check_user_acl(USER_ACL_MODERATOR)) {
buckys_redirect('/index.php', MSG_PERMISSION_DENIED, MSG_TYPE_ERROR);
}
if (isset($_REQUEST['action'])) {
if ($_REQUEST['action'] == 'delete-objects') {
BuckysReport::deleteObjects($_REQUEST['reportID']);
buckys_add_message(MSG_REPORTED_OBJECT_REMOVED);
} else {
if ($_REQUEST['action'] == 'approve-objects') {
BuckysReport::approveObjects($_REQUEST['reportID']);
buckys_add_message(MSG_REPORTED_OBJECT_APPROVED);
} else {
if ($_REQUEST['action'] == 'ban-users') {
$return = BuckysReport::banUsers($_REQUEST['reportID']);
if ($return > 0) {
buckys_add_message(MSG_BAN_USERS);
}
}
}
}
buckys_redirect('/reported.php');
exit;
}
$page = isset($_GET['page']) ? $_GET['page'] : 1;
$totalCount = BuckysReport::getReportedObjectCount();
//Init Pagination Class
$pagination = new Pagination($totalCount, BuckysReport::$COUNT_PER_PAGE, $page);
$page = $pagination->getCurrentPage();
$objects = BuckysReport::getReportedObject($page, BuckysReport::$COUNT_PER_PAGE);
buckys_enqueue_stylesheet('account.css');
buckys_enqueue_stylesheet('moderator.css');
/**
* Ban users
*
* @param Array $ids
* @return int
*/
public static function banUsers($ids)
{
global $db;
if (!is_array($ids)) {
$ids = [$ids];
}
$query = "SELECT * FROM " . TABLE_REPORTS . " WHERE reportID IN (" . implode(", ", $ids) . ")";
$rows = $db->getResultsArray($query);
$bannedUsers = 0;
$adminUsers = 0;
foreach ($rows as $row) {
//Getting User ID
if ($row['objectType'] == 'post') {
$query = "SELECT poster FROM " . TABLE_POSTS . " WHERE postID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'comment') {
$query = "SELECT commenter FROM " . TABLE_POSTS_COMMENTS . " WHERE commentID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'video_comment') {
$query = "SELECT userID FROM " . TABLE_VIDEO_COMMENTS . " WHERE commentID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'message') {
$query = "SELECT sender FROM " . TABLE_MESSAGES . " WHERE messageID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'topic') {
$query = "SELECT creatorID FROM " . TABLE_FORUM_TOPICS . " WHERE topicID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'reply') {
$query = "SELECT creatorID FROM " . TABLE_FORUM_REPLIES . " WHERE replyID=" . $row['objectID'];
}
}
}
}
}
}
$userID = $db->getVar($query);
if ($userID) {
if (!buckys_check_user_acl(USER_ACL_MODERATOR, $userID)) {
BuckysBanUser::banUser($userID);
$bannedUsers++;
} else {
$adminUsers++;
}
}
}
if ($adminUsers > 0) {
buckys_add_message(MSG_CAN_NOT_BAN_ADMIN, MSG_TYPE_NOTIFY);
}
return $bannedUsers;
}
/**
* @param $id
* @param $file
* @param int $x
* @param int $y
* @param $size
* @return bool|void
*/
public static function saveForumImage($id, $file, $x = 0, $y = 0, $size)
{
global $db;
$sourceFile = DIR_FS_PHOTO_TMP . $file;
$destFile = DIR_FS_ROOT . "images/forum/logos/" . $file;
$destFile1 = DIR_FS_ROOT . "images/forum/icons/" . $file;
list($width, $height, $type, $attr) = getimagesize(DIR_FS_PHOTO_TMP . $file);
if ($width > MAX_IMAGE_WIDTH || $height > MAX_IMAGE_HEIGHT) {
buckys_add_message(MSG_PHOTO_MAX_SIZE_ERROR, MSG_TYPE_ERROR);
return false;
}
$destType = image_type_to_mime_type($type);
//Create Logo File
buckys_resize_image($sourceFile, $destFile, $destType, 350, 350, $x, $y, $size, $size);
buckys_resize_image($sourceFile, $destFile1, $destType, 30, 30, $x, $y, $size, $size);
//Update Category
$query = $db->prepare("UPDATE " . TABLE_FORUM_CATEGORIES . " SET `image`=%s WHERE categoryID=%d", $file, $id);
$db->query($query);
return;
}
public function verifyAccount($email, $token)
{
global $db;
$query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE token=%s AND email=%s AND status=0", $token, $email);
$userID = $db->getVar($query);
if (!$userID) {
buckys_add_message(MSG_INVALID_TOKEN, MSG_TYPE_ERROR);
return false;
}
//Verify links
$query = $db->prepare("UPDATE " . TABLE_USERS . " SET status=1, token='' WHERE userID=%d", $userID);
$db->query($query);
buckys_add_message(MSG_ACCOUNT_VERIFIED, MSG_TYPE_SUCCESS);
//make this user to friend with bucky
$buckysID = $db->getVar("Select userID FROM " . TABLE_USERS . " WHERE email='*****@*****.**'");
$db->insertFromArray(TABLE_FRIENDS, array('userID' => $buckysID, 'userFriendID' => $userID, 'status' => '1'));
$db->insertFromArray(TABLE_FRIENDS, array('userID' => $userID, 'userFriendID' => $buckysID, 'status' => '1'));
return true;
}
buckys_redirect("/page_add.php", MSG_PAGE_NAME_EMPTY, MSG_TYPE_ERROR);
}
if (!$_POST['file']) {
buckys_redirect("/page_add.php", MSG_PAGE_LOGO_EMPTY, MSG_TYPE_ERROR);
}
if (!isset($_POST['file']) || strpos($_POST['file'], "../") !== false || !file_exists(DIR_FS_PHOTO_TMP . $_POST['file'])) {
buckys_redirect("/page_add.php", MSG_FILE_UPLOAD_ERROR, MSG_TYPE_ERROR);
}
$fileParts = pathinfo($_POST['file']);
if (!in_array(strtolower($fileParts['extension']), $TNB_GLOBALS['imageTypes'])) {
buckys_redirect("/page_add.php", MSG_INVALID_PHOTO_TYPE, MSG_TYPE_ERROR);
return false;
}
$pageClass = new BuckysPage();
if ($pageID = $pageClass->addPage($userID, $_POST)) {
buckys_add_message(MSG_PAGE_CREATED_SUCCESSFULLY, MSG_TYPE_SUCCESS);
buckys_redirect("/page.php?pid=" . $pageID);
} else {
buckys_redirect("/page_add.php");
}
}
buckys_enqueue_stylesheet('account.css');
buckys_enqueue_stylesheet('uploadify.css');
buckys_enqueue_stylesheet('jquery.Jcrop.css');
buckys_enqueue_stylesheet('posting.css');
buckys_enqueue_stylesheet('page.css');
buckys_enqueue_javascript('uploadify/jquery.uploadify.js');
buckys_enqueue_javascript('jquery.Jcrop.js');
buckys_enqueue_javascript('jquery.color.js');
buckys_enqueue_javascript('add_page.js');
$TNB_GLOBALS['content'] = 'page_add';
BuckysForumModerator::approveApplicants($categoryID, $applicants);
buckys_redirect("/forum/moderator.php?id=" . $categoryID, MSG_APPLICANTS_APPROVED);
}
} else {
if ($_REQUEST['action'] == 'Decline') {
//Check forum token
if (!buckys_check_form_token('request')) {
buckys_redirect('/forum/category.php?id=' . $categoryID, MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
}
//Admin, Site Moderator, Category Admin and Category Moderator can't apply
if (!(buckys_is_admin() || buckys_is_moderator() || buckys_is_forum_admin($category['categoryID']))) {
buckys_redirect('/forum/category.php?id=' . $categoryID, MSG_PERMISSION_DENIED, MSG_TYPE_ERROR);
}
$applicants = isset($_POST['applicant']) ? $_POST['applicant'] : null;
if (!$applicants) {
buckys_add_message(MSG_NO_APPLICANTS_SELECTED, MSG_TYPE_ERROR);
} else {
BuckysForumModerator::declineApplicants($categoryID, $applicants);
buckys_redirect("/forum/moderator.php?id=" . $categoryID, MSG_APPLICANTS_DECLINED);
}
} else {
if ($_REQUEST['action'] == 'delete-moderator') {
//Check forum token
if (!buckys_check_form_token('request')) {
buckys_redirect('/forum/category.php?id=' . $categoryID, MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
}
//Admin, Site Moderator, Category Admin and Category Moderator can't apply
if (!(buckys_is_admin() || buckys_is_moderator() || buckys_is_forum_admin($category['categoryID']))) {
buckys_redirect('/forum/category.php?id=' . $categoryID, MSG_PERMISSION_DENIED, MSG_TYPE_ERROR);
}
$moderator = buckys_escape_query_integer($_REQUEST['moderator']);
/**
* Redirect to the url
* If $msg is not null, set the message to the session
*
* @param String $url
* @param String $msg
* @param int $msg_type: MSG_TYPE_SUCCESS(1)=success, MSG_TYPE_ERROR(0)=error, MSG_TYPE_NOTIFY(2)=notification
*/
function buckys_redirect($url, $msg = null, $msg_type = MSG_TYPE_SUCCESS)
{
if ($msg) {
buckys_add_message($msg, $msg_type);
}
header("Location: " . $url);
exit;
}
/**
* Archive order ID
*/
function archiveOrder()
{
$paramOrderID = get_secure_integer($_REQUEST['id']);
$userID = buckys_is_logged_in();
$orderIns = new BuckysShopOrder();
$flag = $orderIns->archiveOrder($userID, $paramOrderID);
if ($flag) {
buckys_add_message('An item has been archived successfully', MSG_TYPE_SUCCESS);
} else {
buckys_add_message(MSG_PERMISSION_DENIED, MSG_TYPE_ERROR);
}
buckys_redirect('/shop/purchase.php');
}
/**
* Remove item id by userID & itemID : the Item should be belonged to the user
*
* @param integer $itemID
* @param integer $userID
* @return bool|void
*/
public function removeItemByUserID($itemID, $userID)
{
global $db;
if (is_numeric($userID) && is_numeric($itemID)) {
//Check if this item is new (not traded). If it has been traded already, then it couldn't be deleted
$itemData = $this->getItemById($itemID);
if ($itemData['status'] == BuckysTradeItem::STATUS_ITEM_ACTIVE && $itemData['userID'] == $userID) {
$this->removeItems([$itemID]);
//After deleting the items, it will remove related offers which are related to this item.
$tradeOfferIns = new BuckysTradeOffer();
$tradeOfferIns->removeRelatedOffers($itemID);
buckys_add_message('An item has been removed successfully.');
return true;
}
}
buckys_add_message('Something goes wrong. Please contact customer support!');
return;
}
case 'follow':
$paramPageID = get_secure_integer($_REQUEST['pid']);
$result = $pageFollowerIns->addFollower($paramPageID, $userID);
if ($result) {
buckys_add_message(MSG_FOLLOW_PAGE_SUCCESS, MSG_TYPE_SUCCESS);
} else {
buckys_add_message(MSG_FOLLOW_PAGE_FAIL, MSG_TYPE_ERROR);
}
break;
//==================== Add New Page ====================//
//==================== Add New Page ====================//
case 'unfollow':
$paramPageID = get_secure_integer($_REQUEST['pid']);
$result = $pageFollowerIns->removeFollower($paramPageID, $userID);
if ($result) {
buckys_add_message(MSG_UNFOLLOW_PAGE_SUCCESS, MSG_TYPE_SUCCESS);
}
break;
//==================== Add New Page ====================//
//==================== Add New Page ====================//
case '':
break;
}
}
if (isset($_REQUEST['pid']) && is_numeric($_REQUEST['pid'])) {
//Display page info
$paramPageID = get_secure_integer($_REQUEST['pid']);
$paramPostID = isset($_REQUEST['post']) ? get_secure_integer($_REQUEST['post']) : null;
$paramPostsOnly = isset($_REQUEST['postsonly']) ? get_secure_integer($_REQUEST['postsonly']) : null;
$view['show_all_post'] = false;
if ($paramPostsOnly) {
require dirname(__FILE__) . '/includes/bootstrap.php';
//Getting Current User ID
$userID = buckys_is_logged_in();
//If the parameter is null, goto homepage
if ($userID) {
buckys_redirect('/account.php');
}
$token = isset($_REQUEST['token']) ? $_REQUEST['token'] : '';
if (!$token) {
buckys_redirect('/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
}
if (!($userID = BuckysUsersToken::checkTokenValidity($token, 'password'))) {
buckys_redirect('/register.php?forgotpwd=1', MSG_USER_TOKEN_LINK_NOT_CORRECT, MSG_TYPE_ERROR);
}
if (isset($_POST['action']) && $_POST['action'] == 'reset-password') {
if (!$_POST['password'] || !$_POST['password']) {
buckys_add_message(MSG_EMPTY_PASSWORD, MSG_TYPE_ERROR);
} else {
if ($_POST['password'] != $_POST['password']) {
buckys_add_message(MSG_NOT_MATCH_PASSWORD, MSG_TYPE_ERROR);
} else {
$pwd = buckys_encrypt_password($_POST['password']);
BuckysUser::updateUserFields($userID, ['password' => $pwd]);
buckys_redirect('/index.php', MSG_PASSWORD_UPDATED);
}
}
}
buckys_enqueue_stylesheet('register.css');
buckys_enqueue_javascript('register.js');
$TNB_GLOBALS['content'] = 'reset_password';
require DIR_FS_TEMPLATE . $TNB_GLOBALS['template'] . "/" . $TNB_GLOBALS['layout'] . ".php";
/**
* Remove products from user's shop
*
* @param integer $prodID
* @param integer $userID
* @return bool|void
*/
public function removeProductByUserID($prodID, $userID)
{
global $db;
if (is_numeric($userID) && is_numeric($prodID)) {
//Check if this product is new (not sold). If it has been sold already, then it couldn't be deleted
$prodData = $this->getProductById($prodID);
if ($prodData['status'] == BuckysShopProduct::STATUS_ACTIVE && $prodData['userID'] == $userID) {
$this->removeProducts([$prodID]);
buckys_add_message('An item has been removed successfully.');
return true;
}
}
buckys_add_message('Something goes wrong. Please contact customer support!');
return;
}
/**
* Like Post
*
*
* @param int $userID
* @param int $postID
*/
public function likePost($userID, $postID, $action)
{
global $db;
$post = BuckysPost::getPostById($postID);
if (!$post || $post['poster'] == $userID) {
buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
return false;
}
if ($post['visibility'] == 0 && !BuckysFriend::isFriend($userID, $post['poster'])) {
buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
return false;
}
//Check already like it or not
$query = $db->prepare("SELECT likeID FROM " . TABLE_POSTS_LIKES . " WHERE userID=%s AND postID=%s", $userID, $postID);
$likeId = $db->getVar($query);
if ($action == 'likePost') {
if ($likeId) {
buckys_add_message(MSG_ALREADY_LIKED_POST, MSG_TYPE_ERROR);
return false;
}
//Like This post
$rs = $db->insertFromArray(TABLE_POSTS_LIKES, array('userID' => $userID, 'postID' => $postID));
//Update likes on the posts table
$query = $db->prepare('UPDATE ' . TABLE_POSTS . ' SET `likes`=`likes` + 1 WHERE postID=%d', $postID);
$db->query($query);
//Add Activity
BuckysActivity::addActivity($userID, $postID, 'post', 'like', $rs);
//Increase Hits
BuckysHit::addHit($postID, $userID);
return $rs;
} else {
if ($action == 'unlikePost') {
if (!$likeId) {
buckys_add_message(MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
return false;
}
$query = $db->prepare("DELETE FROM " . TABLE_POSTS_LIKES . " WHERE userID=%s AND postID=%s", $userID, $postID);
$db->query($query);
//Update likes on the posts table
$query = $db->prepare('UPDATE ' . TABLE_POSTS . ' SET `likes`=`likes` - 1 WHERE postID=%d', $postID);
$db->query($query);
//Increase Hits
BuckysHit::removeHit($postID, $userID);
return true;
}
}
}
