function startLogin($username)
{
try {
if (checkSession($username)) {
$con = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD);
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$date = new DateTime();
$token = hash("sha256", $date->format('Y-m-d H:i:s'));
$sql = "UPDATE userssession SET token = '{$token}' WHERE username = :username";
$stmt = $con->prepare($sql);
$stmt->bindValue("username", $username, PDO::PARAM_STR);
$stmt->execute();
$session = loadSession($username);
echo $session->getJSON();
} else {
// create a new token
$con = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD);
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$date = new DateTime();
$token = hash("sha256", $date->format('Y-m-d H:i:s'));
$sql = "INSERT INTO userssession(username,token) VALUES (:username,'{$token}')";
$stmt = $con->prepare($sql);
$stmt->bindValue("username", $username, PDO::PARAM_STR);
$stmt->execute();
$session = loadSession($username);
echo $session->getJSON();
}
} catch (PDOException $e) {
$e->getMessage();
}
}
/**
* This is the main dispatcher. Sets up all the available sub-actions, all the tabs and selects
* the appropriate one based on the sub-action.
*
* Requires the admin_forum permission.
* Redirects to the appropriate function based on the sub-action.
*
* @uses edit_settings adminIndex.
*/
function ModifySettings()
{
global $context, $txt, $scripturl, $boarddir;
// This is just to keep the database password more secure.
isAllowedTo('admin_forum');
// Load up all the tabs...
$context[$context['admin_menu_name']]['tab_data'] = array('title' => $txt['admin_server_settings'], 'help' => 'serversettings', 'description' => $txt['admin_basic_settings']);
checkSession('request');
// The settings are in here, I swear!
loadLanguage('ManageSettings');
$context['page_title'] = $txt['admin_server_settings'];
$context['sub_template'] = 'show_settings';
$subActions = array('general' => 'ModifyGeneralSettings', 'database' => 'ModifyDatabaseSettings', 'cookie' => 'ModifyCookieSettings', 'cache' => 'ModifyCacheSettings', 'loads' => 'ModifyLoadBalancingSettings', 'phpinfo' => 'ShowPHPinfoSettings');
call_integration_hook('integrate_server_settings', array(&$subActions));
// By default we're editing the core settings
$_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : 'general';
$context['sub_action'] = $_REQUEST['sa'];
// Any messages to speak of?
$context['settings_message'] = isset($_REQUEST['msg']) && isset($txt[$_REQUEST['msg']]) ? $txt[$_REQUEST['msg']] : '';
// Warn the user if there's any relevant information regarding Settings.php.
if ($_REQUEST['sa'] != 'cache') {
// Warn the user if the backup of Settings.php failed.
$settings_not_writable = !is_writable($boarddir . '/Settings.php');
$settings_backup_fail = !@is_writable($boarddir . '/Settings_bak.php') || !@copy($boarddir . '/Settings.php', $boarddir . '/Settings_bak.php');
if ($settings_not_writable) {
$context['settings_message'] = '<div class="centertext"><strong>' . $txt['settings_not_writable'] . '</strong></div><br />';
} elseif ($settings_backup_fail) {
$context['settings_message'] = '<div class="centertext"><strong>' . $txt['admin_backup_fail'] . '</strong></div><br />';
}
$context['settings_not_writable'] = $settings_not_writable;
}
// Call the right function for this sub-action.
$subActions[$_REQUEST['sa']]();
}
/**
* Config array for chaning the karma settings
* Accessed from ?action=admin;area=featuresettings;sa=karma;
*
* @param $return_config
*/
function ModifyKarmaSettings($return_config = false)
{
global $txt, $scripturl, $context, $modSettings;
loadLanguage('Karma+ManageKarma');
if (empty($modSettings['karmaMode'])) {
$config_vars = array(array('select', 'karmaMode', explode('|', $txt['karma_options'])));
} else {
$config_vars = array(array('select', 'karmaMode', explode('|', $txt['karma_options'])), '', array('int', 'karmaMinPosts', 6, 'postinput' => strtolower($txt['posts'])), array('float', 'karmaWaitTime', 6, 'postinput' => $txt['hours']), array('check', 'karmaTimeRestrictAdmins'));
}
call_integration_hook('integrate_karma_settings', array(&$config_vars));
if ($return_config) {
return $config_vars;
}
// Saving?
if (isset($_GET['save'])) {
checkSession();
call_integration_hook('integrate_save_karma_settings');
saveDBSettings($config_vars);
$_SESSION['adm-save'] = true;
redirectexit('action=admin;area=featuresettings;sa=karma');
}
$context['post_url'] = $scripturl . '?action=admin;area=featuresettings;save;sa=karma';
$context['settings_title'] = $txt['karma'];
loadLanguage('ManageKarma');
prepareDBSettingContext($config_vars);
}
function authenticateUser($redirectUrl)
{
checkSession();
if (!isUserLoggedIn()) {
redirect($redirectUrl);
}
}
function gplus_unsync()
{
global $user_info;
checkSession('get');
updateMemberData($user_info['id'], array('gpid' => '', 'gpname' => ''));
redirectexit('action=profile');
}
function save()
{
global $boarddir, $context;
checkSession('post');
$styleheaders = $_POST['headers'];
$stylefooters = $_POST['footers'];
$styleheaders = stripslashes($styleheaders);
$stylefooters = stripslashes($stylefooters);
//Save Headers
$filename = $boarddir . '/smfheader.txt';
@chmod($filename, 0644);
if (!($handle = fopen($filename, 'w'))) {
fatal_error('Can not open' . $filename . '.', false);
}
// Write the headers to our opened file.
if (!fwrite($handle, $styleheaders)) {
//fatal_error('Can not write to' . $filename . '.',false);
}
fclose($handle);
//Save Footers
$filename = $boarddir . '/smffooter.txt';
@chmod($filename, 0644);
if (!($handle = fopen($filename, 'w'))) {
fatal_error('Can not open' . $filename . '.', false);
}
// Write the headers to our opened file.
if (!fwrite($handle, $stylefooters)) {
//fatal_error('Can not write to' . $filename . '.',false);
}
fclose($handle);
redirectexit('action=globalhf;sesc=' . $context['session_id']);
}
/**
* This action handler method displays and allows to change avatar settings.
*
* - Called by index.php?action=admin;area=manageattachments;sa=avatars.
*
* @uses 'avatars' sub-template.
*/
public function action_avatarSettings_display()
{
global $txt, $context, $scripturl;
// Initialize the form
$this->_initAvatarSettingsForm();
$config_vars = $this->_avatarSettings->settings();
// Saving avatar settings?
if (isset($_GET['save'])) {
checkSession();
call_integration_hook('integrate_save_avatar_settings');
// Disable if invalid values would result
if (isset($_POST['custom_avatar_enabled']) && $_POST['custom_avatar_enabled'] == 1 && (empty($_POST['custom_avatar_dir']) || empty($_POST['custom_avatar_url']))) {
$_POST['custom_avatar_enabled'] = 0;
}
Settings_Form::save_db($config_vars);
redirectexit('action=admin;area=manageattachments;sa=avatars');
}
// Attempt to figure out if the admin is trying to break things.
$context['settings_save_onclick'] = 'return document.getElementById(\'custom_avatar_enabled\').value == 1 && (document.getElementById(\'custom_avatar_dir\').value == \'\' || document.getElementById(\'custom_avatar_url\').value == \'\') ? confirm(\'' . $txt['custom_avatar_check_empty'] . '\') : true;';
// We need this for the in-line permissions
createToken('admin-mp');
// Prepare the context.
$context['post_url'] = $scripturl . '?action=admin;area=manageattachments;save;sa=avatars';
Settings_Form::prepare_db($config_vars);
// Add a layer for the javascript.
Template_Layers::getInstance()->add('avatar_settings');
$context['sub_template'] = 'show_settings';
}
/**
* Adminstration page for topics: allows to display and set settings related to topics.
*
* Requires the admin_forum permission.
* Accessed from ?action=admin;area=postsettings;sa=topics.
* @uses Admin template, edit_topic_settings sub-template.
*/
public function action_topicSettings_display()
{
global $context, $txt, $scripturl;
// Initialize the form
$this->_initTopicSettingsForm();
// Retrieve the current config settings
$config_vars = $this->_topicSettings->settings();
// Setup the template.
$context['sub_template'] = 'show_settings';
// Are we saving them - are we??
if (isset($_GET['save'])) {
// Security checks
checkSession();
// Notify addons and integrations of the settings change.
call_integration_hook('integrate_save_topic_settings');
// Save the result!
Settings_Form::save_db($config_vars);
// We're done here, pal.
redirectexit('action=admin;area=postsettings;sa=topics');
}
// Set up the template stuff nicely.
$context['post_url'] = $scripturl . '?action=admin;area=postsettings;save;sa=topics';
$context['settings_title'] = $txt['manageposts_topic_settings'];
// Prepare the settings
Settings_Form::prepare_db($config_vars);
}
function sportal_admin_state_change()
{
checkSession('get');
if (!empty($_REQUEST['block_id'])) {
$id = (int) $_REQUEST['block_id'];
} elseif (!empty($_REQUEST['category_id'])) {
$id = (int) $_REQUEST['category_id'];
} elseif (!empty($_REQUEST['article_id'])) {
$id = (int) $_REQUEST['article_id'];
} else {
fatal_lang_error('error_sp_id_empty', false);
}
changeState($_REQUEST['type'], $id);
if ($_REQUEST['type'] == 'block') {
$sides = array(1 => 'left', 2 => 'top', 3 => 'bottom', 4 => 'right');
$list = !empty($_GET['redirect']) && isset($sides[$_GET['redirect']]) ? $sides[$_GET['redirect']] : 'list';
redirectexit('action=admin;area=portalblocks;sa=' . $list);
} elseif ($_REQUEST['type'] == 'category') {
redirectexit('action=admin;area=portalarticles;sa=categories');
} elseif ($_REQUEST['type'] == 'article') {
redirectexit('action=admin;area=portalarticles;sa=articles');
} else {
redirectexit('action=admin;area=portalconfig');
}
}
/**
* This keeps track of all registered handling functions for auto suggest
* functionality and passes execution to them.
* Accessed by action=suggest.
* @uses Xml template
*/
public function action_suggest()
{
global $context;
// These are all registered types.
$searchTypes = array('member' => array('file' => SUBSDIR . '/Suggest.class.php', 'class' => 'Suggest', 'function' => 'member'));
call_integration_hook('integrate_autosuggest', array(&$searchTypes));
checkSession('get');
loadTemplate('Xml');
// Any parameters?
$context['search_param'] = isset($_REQUEST['search_param']) ? unserialize(base64_decode($_REQUEST['search_param'])) : array();
if (isset($_REQUEST['suggest_type'], $_REQUEST['search']) && isset($searchTypes[$_REQUEST['suggest_type']])) {
// Shortcut
$currentSearch = $searchTypes[$_REQUEST['suggest_type']];
// Do we have a file to include?
if (!empty($currentSearch['file']) && file_exists($currentSearch['file'])) {
require_once $currentSearch['file'];
}
// If it is a class, let's instantiate it
if (!empty($currentSearch['class']) && class_exists($currentSearch['class'])) {
$suggest = new $currentSearch['class']();
// Okay, let's at least assume the method exists... *rolleyes*
$context['xml_data'] = $suggest->{$currentSearch}['function']();
} elseif (function_exists('action_suggest_' . $currentSearch['function'])) {
$function = 'action_suggest_' . $searchTypes[$_REQUEST['suggest_type']];
$context['xml_data'] = $function();
}
if (!empty($context['xml_data'])) {
$context['sub_template'] = 'generic_xml';
}
}
}
public function fb_usync()
{
global $fb_hook_object;
checkSession('get');
updateMemberData($fb_hook_object->user_info_id, array('fbname' => '', 'fbid' => ''));
$fb_hook_object->update_themes_face_del('face_pro', $fb_hook_object->user_info_id);
redirectexit('action=profile;u=' . $fb_hook_object->user_info_id . ';facebook_unsync');
}
function RepairBoards()
{
global $txt, $scripturl, $db_connection, $context, $sourcedir;
global $salvageCatID, $salvageBoardID, $smcFunc, $errorTests;
isAllowedTo('admin_forum');
// Try secure more memory.
@ini_set('memory_limit', '128M');
// Print out the top of the webpage.
$context['page_title'] = $txt['admin_repair'];
$context['sub_template'] = 'repair_boards';
$context[$context['admin_menu_name']]['current_subsection'] = 'general';
// Load the language file.
loadLanguage('ManageMaintenance');
// Make sure the tabs stay nice.
$context[$context['admin_menu_name']]['tab_data'] = array('title' => $txt['maintain_title'], 'help' => '', 'description' => $txt['maintain_info'], 'tabs' => array());
// Start displaying errors without fixing them.
if (isset($_GET['fixErrors'])) {
checkSession('get');
}
// Will want this.
loadForumTests();
// Giant if/else. The first displays the forum errors if a variable is not set and asks
// if you would like to continue, the other fixes the errors.
if (!isset($_GET['fixErrors'])) {
$context['error_search'] = true;
$context['repair_errors'] = array();
$context['to_fix'] = findForumErrors();
if (!empty($context['to_fix'])) {
$_SESSION['repairboards_to_fix'] = $context['to_fix'];
$_SESSION['repairboards_to_fix2'] = null;
if (empty($context['repair_errors'])) {
$context['repair_errors'][] = '???';
}
}
} else {
$context['error_search'] = false;
$context['to_fix'] = isset($_SESSION['repairboards_to_fix']) ? $_SESSION['repairboards_to_fix'] : array();
require_once $sourcedir . '/Subs-Boards.php';
// Get the MySQL version for future reference.
$mysql_version = $smcFunc['db_server_info']($db_connection);
// Actually do the fix.
findForumErrors(true);
// Note that we've changed everything possible ;)
updateSettings(array('settings_updated' => time()));
updateStats('message');
updateStats('topic');
updateSettings(array('calendar_updated' => time()));
if (!empty($salvageBoardID)) {
$context['redirect_to_recount'] = true;
}
$_SESSION['repairboards_to_fix'] = null;
$_SESSION['repairboards_to_fix2'] = null;
}
}
/**
* Check if the user is who he/she says he is
* Makes sure the user is who they claim to be by requiring a password to be typed in every hour.
* Is turned on and off by the securityDisable setting.
* Uses the adminLogin() function of Subs-Auth.php if they need to login, which saves all request (post and get) data.
*
* @param string $type = admin
*/
function validateSession($type = 'admin')
{
global $modSettings, $sourcedir, $user_info, $sc, $user_settings;
// We don't care if the option is off, because Guests should NEVER get past here.
is_not_guest();
// Validate what type of session check this is.
$types = array();
call_integration_hook('integrate_validateSession', array($types));
$type = in_array($type, $types) || $type == 'moderate' ? $type : 'admin';
// If we're using XML give an additional ten minutes grace as an admin can't log on in XML mode.
$refreshTime = isset($_GET['xml']) ? 4200 : 3600;
// Is the security option off?
if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')])) {
return;
}
// Or are they already logged in?, Moderator or admin sesssion is need for this area
if (!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time() || !empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()) {
return;
}
require_once $sourcedir . '/Subs-Auth.php';
// Hashed password, ahoy!
if (isset($_POST[$type . '_hash_pass']) && strlen($_POST[$type . '_hash_pass']) == 40) {
checkSession();
$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST[$type . '_hash_pass'], true)), true);
if ($good_password || $_POST[$type . '_hash_pass'] == sha1($user_info['passwd'] . $sc)) {
$_SESSION[$type . '_time'] = time();
return;
}
}
// Posting the password... check it.
if (isset($_POST[$type . '_pass'])) {
checkSession();
$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST[$type . '_pass'], false)), true);
// Password correct?
if ($good_password || sha1(strtolower($user_info['username']) . $_POST[$type . '_pass']) == $user_info['passwd']) {
$_SESSION[$type . '_time'] = time();
return;
}
}
// OpenID?
if (!empty($user_settings['openid_uri'])) {
require_once $sourcedir . '/Subs-OpenID.php';
smf_openID_revalidate();
$_SESSION[$type . '_time'] = time();
return;
}
// Need to type in a password for that, man.
if (!isset($_GET['xml'])) {
adminLogin($type);
} else {
return 'session_verify_fail';
}
}
public function action_index()
{
global $user_info;
checkSession('get');
$id_notice = isset($_GET['idnotice']) ? (int) $_GET['idnotice'] : 0;
if (!empty($id_notice)) {
require_once SUBSDIR . '/DismissibleNotices.class.php';
$notice = new Dismissible_Notices();
$notice->disableMemberNotice($id_notice, $user_info['id']);
}
die;
}
/**
* Called from a mouse click,
* works out what we want to do with attachments and actions it.
* Accessed by ?action=attachapprove
*/
public function action_attachapprove()
{
global $user_info;
// Security is our primary concern...
checkSession('get');
// If it approve or delete?
$is_approve = !isset($_GET['sa']) || $_GET['sa'] != 'reject' ? true : false;
$attachments = array();
require_once SUBSDIR . '/ManageAttachments.subs.php';
// If we are approving all ID's in a message , get the ID's.
if ($_GET['sa'] == 'all' && !empty($_GET['mid'])) {
$id_msg = (int) $_GET['mid'];
$attachments = attachmentsOfMessage($id_msg);
} elseif (!empty($_GET['aid'])) {
$attachments[] = (int) $_GET['aid'];
}
if (empty($attachments)) {
fatal_lang_error('no_access', false);
}
// @todo nb: this requires permission to approve posts, not manage attachments
// Now we have some ID's cleaned and ready to approve, but first - let's check we have permission!
$allowed_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts');
if ($allowed_boards == array(0)) {
$approve_query = '';
} elseif (!empty($allowed_boards)) {
$approve_query = ' AND m.id_board IN (' . implode(',', $allowed_boards) . ')';
} else {
$approve_query = ' AND 0';
}
// Validate the attachments exist and have the right approval state.
$attachments = validateAttachments($attachments, $approve_query);
// Set up a return link based off one of the attachments for this message
$attach_home = attachmentBelongsTo($attachments[0]);
$redirect = 'topic=' . $attach_home['id_topic'] . '.msg' . $attach_home['id_msg'] . '#msg' . $attach_home['id_msg'];
if (empty($attachments)) {
fatal_lang_error('no_access', false);
}
// Finally, we are there. Follow through!
if ($is_approve) {
// Checked and deemed worthy.
approveAttachments($attachments);
} else {
removeAttachments(array('id_attach' => $attachments, 'do_logging' => true));
}
// We approved or removed, either way we reset those numbers
cache_put_data('num_menu_errors', null, 900);
// Return to the topic....
redirectexit($redirect);
}
/**
* If you have a general mod setting to add stick it here.
*/
public function action_addonSettings_display()
{
// Initialize the form
$this->_initAddonSettingsForm();
// Initialize settings
$config_vars = $this->_addonSettings->settings();
// Saving?
if (isset($_GET['save'])) {
checkSession();
call_integration_hook('integrate_save_general_mod_settings');
Settings_Form::save_db($config_vars);
redirectexit('action=admin;area=addonsettings;sa=general');
}
Settings_Form::prepare_db($config_vars);
}
function CLS_ChangeThemeSettings($return_config = false)
{
global $txt, $scripturl, $context;
$config_vars = array();
$config_vars[] = array('check', 'change_theme_check_top');
$config_vars[] = array('check', 'change_theme_check_bot');
if ($return_config) {
return $config_vars;
}
$context['post_url'] = $scripturl . '?action=admin;area=modsettings;save;sa=cls';
if (isset($_GET['save'])) {
checkSession();
saveDBSettings($config_vars);
redirectexit('action=admin;area=modsettings;sa=cls');
}
prepareDBSettingContext($config_vars);
}
public static function installProducts()
{
global $context;
isAllowedTo('admin_forum');
checkSession('get');
$action = isset($_REQUEST['sa']) ? $_REQUEST['sa'] : '';
$pluginlist = isset($_REQUEST['p']) ? explode(',', $_REQUEST['p']) : array();
if (!empty($pluginlist) && ($action === 'install' || $action === 'uninstall')) {
foreach ($pluginlist as $plugin) {
if ($action === 'install') {
self::install($plugin);
} else {
self::uninstall($plugin);
}
}
}
redirectexit('action=admin;area=plugins;' . $context['session_var'] . '=' . $context['session_id']);
}
function ArcadeMaintenanceHighscore()
{
global $sourcedir, $scripturl, $txt, $modSettings, $context, $settings, $smcFunc;
if (isset($_REQUEST['score_action'])) {
checkSession();
if ($_REQUEST['score_action'] == 'older' && is_numeric($_REQUEST['age'])) {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}arcade_scores
WHERE end_time < {int:time}', array('time' => time() - (int) $_REQUEST['age'] * 86400));
} elseif ($_REQUEST['score_action'] == 'all') {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}arcade_scores', array());
}
redirectexit('action=admin;area=arcademaintenance;maintenance=fixScores;back=score;' . $context['session_var'] . '=' . $context['session_id']);
}
// Template
$context['sub_template'] = 'arcade_admin_maintenance_highscore';
}
public function createUserHandle($email, $username, $password, $verified, $custom_register_fields, $profile, &$errors)
{
global $sourcedir, $context, $modSettings, $maintenance, $mmessage, $scripturl;
checkSession();
$_POST['emailActivate'] = true;
if (empty($password)) {
get_error('password cannot be empty');
}
if (!($maintenance == 0)) {
get_error('Forum is in maintenance model or Tapatalk is disabled by forum administrator.');
}
if ($modSettings['registration_method'] == 0) {
$register_mode = 'nothing';
} else {
if ($modSettings['registration_method'] == 1) {
$register_mode = $verified ? 'nothing' : 'activation';
} else {
$register_mode = isset($modSettings['auto_approval_tp_user']) && $modSettings['auto_approval_tp_user'] && $verified ? 'nothing' : 'approval';
}
}
$email = htmltrim__recursive(str_replace(array("\n", "\r"), '', $email));
$username = htmltrim__recursive(str_replace(array("\n", "\r"), '', $username));
$password = htmltrim__recursive(str_replace(array("\n", "\r"), '', $password));
$group = 0;
if ($register_mode == 'nothing' && isset($modSettings['tp_iar_usergroup_assignment'])) {
$group = $modSettings['tp_iar_usergroup_assignment'];
}
$regOptions = array('interface' => $register_mode == 'approval' ? 'guest' : 'admin', 'username' => $username, 'email' => $email, 'password' => $password, 'password_check' => $password, 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($password), 'require' => $register_mode, 'memberGroup' => (int) $group);
define('mobi_register', 1);
require_once $sourcedir . '/Subs-Members.php';
$memberID = registerMember($regOptions);
if (!empty($memberID)) {
$context['new_member'] = array('id' => $memberID, 'name' => $username, 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $username . '</a>');
$context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']);
//update profile
if (isset($profile) && !empty($profile) && is_array($profile)) {
$profile_vars = array('avatar' => $profile['avatar_url']);
updateMemberData($memberID, $profile_vars);
}
return get_user_by_name_or_email($username, false);
}
return null;
}
/**
* @param bool $return_config
* @return array config vars
*/
function addMenuButtonWithBoardsListAdminSettings($return_config = false)
{
global $txt, $scripturl, $context;
loadLanguage('MenuButtonWithBoardsList/');
$context['page_title'] = $txt['menu_button_with_boards'];
$context['post_url'] = $scripturl . '?action=admin;area=modsettings;save;sa=menu_button_with_boards';
$context['settings_message'] = '';
$config_vars = array(array('title', 'menu_button_with_boards_settings'), array('text', 'menu_button_with_boards_title'), array('text', 'menu_button_with_boards_cats', 'subtext' => $txt['menu_button_with_boards_cats_desc']));
if ($return_config) {
return $config_vars;
}
if (isset($_GET['save'])) {
checkSession();
saveDBSettings($config_vars);
clean_cache();
redirectexit('action=admin;area=modsettings;sa=menu_button_with_boards');
}
prepareDBSettingContext($config_vars);
}
/**
* Administration page in Posts and Topics > BBC.
*
* - This method handles displaying and changing which BBC tags are enabled on the forum.
*
* @uses Admin template, edit_bbc_settings sub-template.
*/
public function action_bbcSettings_display()
{
global $context, $txt, $modSettings, $scripturl;
// Initialize the form
$this->_initBBCSettingsForm();
$config_vars = $this->_bbcSettings->settings();
// Make sure a nifty javascript will enable/disable checkboxes, according to BBC globally set or not.
addInlineJavascript('
toggleBBCDisabled(\'disabledBBC\', ' . (empty($modSettings['enableBBC']) ? 'true' : 'false') . ');', true);
// We'll need this forprepare_db() and save_db()
require_once SUBSDIR . '/SettingsForm.class.php';
// Make sure we check the right tags!
$modSettings['bbc_disabled_disabledBBC'] = empty($modSettings['disabledBBC']) ? array() : explode(',', $modSettings['disabledBBC']);
// Save page
if (isset($_GET['save'])) {
checkSession();
// Security: make a pass through all tags and fix them as necessary
$bbcTags = array();
foreach (parse_bbc(false) as $tag) {
$bbcTags[] = $tag['tag'];
}
if (!isset($_POST['disabledBBC_enabledTags'])) {
$_POST['disabledBBC_enabledTags'] = array();
} elseif (!is_array($_POST['disabledBBC_enabledTags'])) {
$_POST['disabledBBC_enabledTags'] = array($_POST['disabledBBC_enabledTags']);
}
// Work out what is actually disabled!
$_POST['disabledBBC'] = implode(',', array_diff($bbcTags, $_POST['disabledBBC_enabledTags']));
// Notify addons and integrations
call_integration_hook('integrate_save_bbc_settings', array($bbcTags));
// Save the result
Settings_Form::save_db($config_vars);
// And we're out of here!
redirectexit('action=admin;area=postsettings;sa=bbc');
}
// Make sure the template stuff is ready now...
$context['sub_template'] = 'show_settings';
$context['page_title'] = $txt['manageposts_bbc_settings_title'];
$context['post_url'] = $scripturl . '?action=admin;area=postsettings;save;sa=bbc';
$context['settings_title'] = $txt['manageposts_bbc_settings_title'];
Settings_Form::prepare_db($config_vars);
}
function pv_delete($memID)
{
global $smcFunc, $context, $user_info;
checkSession('get');
if ($context['user']['is_owner'] && !allowedTo('pv_remove_own')) {
isAllowedTo('pv_remove_any_any');
} elseif ($user_info['id'] == $member && !allowedTo('pv_remove_any_own')) {
isAllowedTo('pv_remove_any_any');
}
$member = !empty($_REQUEST['member']) ? (int) $_REQUEST['member'] : 0;
if (empty($member)) {
fatal_lang_error('pv_no_member', false);
}
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}log_Maximum_visitors
WHERE id_member = {int:member}
AND id_profile = {int:profile}
LIMIT 1', array('member' => $member, 'profile' => $memID));
redirectexit('action=profile;u=' . $memID . ';pv');
}
/**
* Modify any setting related to drafts.
*
* - Requires the admin_forum permission.
* - Accessed from ?action=admin;area=managedrafts
*
* @uses Admin template, edit_topic_settings sub-template.
*/
public function action_draftSettings_display()
{
global $context, $txt, $scripturl;
isAllowedTo('admin_forum');
loadLanguage('Drafts');
// Initialize the form
$this->_initDraftSettingsForm();
$config_vars = $this->_draftSettings->settings();
// Setup the template.
$context['page_title'] = $txt['managedrafts_settings'];
$context['sub_template'] = 'show_settings';
$context[$context['admin_menu_name']]['tab_data'] = array('title' => $txt['drafts'], 'help' => '', 'description' => $txt['managedrafts_settings_description']);
// Saving them ?
if (isset($_GET['save'])) {
checkSession();
call_integration_hook('integrate_save_drafts_settings');
// Protect them from themselves.
$_POST['drafts_autosave_frequency'] = $_POST['drafts_autosave_frequency'] < 30 ? 30 : $_POST['drafts_autosave_frequency'];
Settings_Form::save_db($config_vars);
redirectexit('action=admin;area=managedrafts');
}
// Some javascript to enable / disable the frequency input box
addInlineJavascript('
var autosave = document.getElementById(\'drafts_autosave_enabled\');
createEventListener(autosave);
autosave.addEventListener(\'change\', toggle);
toggle();
function toggle()
{
var select_elem = document.getElementById(\'drafts_autosave_frequency\');
select_elem.disabled = !autosave.checked;
}', true);
// Final settings...
$context['post_url'] = $scripturl . '?action=admin;area=managedrafts;save';
$context['settings_title'] = $txt['managedrafts_settings'];
// Prepare the settings...
Settings_Form::prepare_db($config_vars);
}
/**
* This is the main dispatcher. Sets up all the available sub-actions, all the tabs and selects
* the appropriate one based on the sub-action.
*
* What it does:
* - Requires the admin_forum permission.
* - Redirects to the appropriate function based on the sub-action.
*
* @uses edit_settings adminIndex.
* @see Action_Controller::action_index()
*/
public function action_index()
{
global $context, $txt;
// We're working with them settings here.
require_once SUBSDIR . '/SettingsForm.class.php';
// The settings are in here, I swear!
loadLanguage('ManageSettings');
// This is just to keep the database password more secure.
isAllowedTo('admin_forum');
checkSession('request');
$subActions = array('general' => array($this, 'action_generalSettings_display', 'permission' => 'admin_forum'), 'database' => array($this, 'action_databaseSettings_display', 'permission' => 'admin_forum'), 'cookie' => array($this, 'action_cookieSettings_display', 'permission' => 'admin_forum'), 'cache' => array($this, 'action_cacheSettings_display', 'permission' => 'admin_forum'), 'loads' => array($this, 'action_balancingSettings_display', 'permission' => 'admin_forum'), 'phpinfo' => array($this, 'action_phpinfo', 'permission' => 'admin_forum'));
$action = new Action('server_settings');
// Load up all the tabs...
$context[$context['admin_menu_name']]['tab_data'] = array('title' => $txt['admin_server_settings'], 'help' => 'serversettings', 'description' => $txt['admin_basic_settings']);
// By default we're editing the core settings, call integrate_sa_server_settings
$subAction = $action->initialize($subActions, 'general');
// Last things for the template
$context['sub_action'] = $subAction;
$context['page_title'] = $txt['admin_server_settings'];
$context['sub_template'] = 'show_settings';
// Any messages to speak of?
$context['settings_message'] = isset($_REQUEST['msg']) && isset($txt[$_REQUEST['msg']]) ? $txt[$_REQUEST['msg']] : '';
// Warn the user if there's any relevant information regarding Settings.php.
if ($subAction != 'cache') {
// Warn the user if the backup of Settings.php failed.
$settings_not_writable = !is_writable(BOARDDIR . '/Settings.php');
$settings_backup_fail = !@is_writable(BOARDDIR . '/Settings_bak.php') || !@copy(BOARDDIR . '/Settings.php', BOARDDIR . '/Settings_bak.php');
if ($settings_not_writable) {
$context['settings_message'] = $txt['settings_not_writable'];
$context['error_type'] = 'notice';
} elseif ($settings_backup_fail) {
$context['settings_message'] = $txt['admin_backup_fail'];
$context['error_type'] = 'notice';
}
$context['settings_not_writable'] = $settings_not_writable;
}
// Call the right function for this sub-action.
$action->dispatch($subAction);
}
function processLogout()
{
if (!checkSession()) {
return;
}
// Reset Session Values
$_SESSION['adminAuth'] = '';
$_SESSION['adminTime'] = '';
// If session exists, unregister all variables that exist and destroy session
$exists = false;
$session_array = explode(";", session_encode());
for ($x = 0; $x < count($session_array); $x++) {
$name = substr($session_array[$x], 0, strpos($session_array[$x], "|"));
if (session_is_registered($name)) {
session_unregister('$name');
$exists = true;
}
}
if ($exists) {
session_destroy();
}
}
function ManageShoutbox_Settings2()
{
global $smcFunc, $smcFunc;
checkSession();
$config = array('disable' => 'checkbox', 'startHide' => 'checkbox', 'backgroundColor' => 'text', 'textColor' => 'text', 'boxTitle' => 'text', 'refreshShouts' => 'text', 'startShouts' => 'text', 'keepShouts' => 'text', 'height' => 'text', 'printClass' => 'text', 'timeColor' => 'text', 'timeFormat' => 'text', 'maxMsgLenght' => 'text', 'minMsgLenght' => 'text', 'maxLinkLenght' => 'text', 'fixLongWords' => 'text', 'disableTags' => 'textarea', 'faces' => 'textarea', 'showActions' => 'textarea', 'out_main' => 'textarea', 'showform_down' => 'checkbox', 'showmsg_down' => 'checkbox');
foreach ($config as $s => $t) {
if ($t == 'textarea' && isset($_POST[$s])) {
$_POST[$s] = str_replace("\n", ',', str_replace(array("\r", "\t", "<br />"), '', $_POST[$s]));
}
if ($t == 'checkbox') {
$v = !isset($_POST[$s]) ? 0 : 1;
} else {
$v = !isset($_POST[$s]) ? 0 : addslashes($smcFunc['htmlspecialchars']($smcFunc['htmltrim'](stripslashes($_POST[$s])), ENT_QUOTES));
}
if (!empty($v)) {
$smcFunc['db_insert']('replace', '{db_prefix}shoutbox_settings', array('variable' => 'string', 'value' => 'string'), array($s, $v), array('variable'));
} else {
$smcFunc['db_query']('', "\r\r\n\t\t\t\tDELETE FROM {db_prefix}shoutbox_settings\r\r\n\t\t\t\tWHERE variable = {string:value} LIMIT 1", array('value' => $s));
}
}
redirectexit('action=admin;area=shoutbox');
}
function GlobalHFCheckSaving()
{
if (isset($_POST['global_head'])) {
checkSession();
global $smcFunc, $boarddir;
$file_fields = array('global_head', 'global_header', 'global_footer');
foreach ($file_fields as $key => $value) {
if (isset($_POST[$value])) {
$_POST[$value] = $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST[$value], ENT_QUOTES));
file_put_contents($boarddir . '/smfhacks_resources/global-hf-' . str_replace('global_', '', $value) . '.txt', $_POST[$value]);
}
}
$bbc_fields = array('global_header_bbc', 'global_footer_bbc');
foreach ($bbc_fields as $key => $value) {
if (isset($_POST[$value])) {
$_POST[$value] = (int) $_POST[$value];
$final_arr[$value] = $_POST[$value];
}
}
updateSettings($final_arr);
redirectexit('action=admin;area=globalhf;success=saved');
}
}
function ajaxchat_modifySettings($return_config = false)
{
global $txt, $scripturl, $context, $settings, $sc, $modSettings;
$config_vars = array(array('check', 'enableShoutBox'), array('check', 'anyPageShoutBox'), array('check', 'enableChatButtonNo'));
if ($return_config) {
return $config_vars;
}
$context['post_url'] = $scripturl . '?action=admin;area=modsettings;save;sa=chat';
$context['settings_title'] = $txt['chat'];
// No removing this line you, dirty unwashed mod authors. :p
if (empty($config_vars)) {
$context['settings_save_dont_show'] = true;
$context['settings_message'] = '<div style="text-align: center">' . $txt['modification_no_misc_settings'] . '</div>';
return prepareDBSettingContext($config_vars);
}
// Saving?
if (isset($_GET['save'])) {
checkSession();
$save_vars = $config_vars;
saveDBSettings($save_vars);
redirectexit('action=admin;area=modsettings;sa=chat');
}
prepareDBSettingContext($config_vars);
}
<?php /* * Copyright (c) Codiad & Kent Safranski (codiad.com), distributed * as-is and without warranty under the MIT License. See * [root]/license.txt for more. This information must remain intact. */ require_once '../../config.php'; ////////////////////////////////////////////////////////////////// // Verify Session or Key ////////////////////////////////////////////////////////////////// checkSession();
