/**
* Load object from an id
*
* @param int $id
* @return vB_Legacy_Calendar
*/
public static function create_from_id($id)
{
global $_CALENDAROPTIONS, $_CALENDARHOLIDAYS;
$calendarinfo = verify_id('calendar', intval($id), false, true);
$getoptions = convert_bits_to_array($calendarinfo['options'], $_CALENDAROPTIONS);
$calendarinfo = array_merge($calendarinfo, $getoptions);
$geteaster = convert_bits_to_array($calendarinfo['holidays'], $_CALENDARHOLIDAYS);
$calendarinfo = array_merge($calendarinfo, $geteaster);
if ($calendarinfo) {
return self::create_from_record($calendarinfo);
} else {
return null;
}
}
function process_showgroups_userinfo($user)
{
global $vbulletin, $permissions, $stylevar, $show;
$user = array_merge($user, convert_bits_to_array($user['options'], $vbulletin->bf_misc_useroptions));
$user = array_merge($user, convert_bits_to_array($user['adminoptions'], $vbulletin->bf_misc_adminoptions));
cache_permissions($user, false);
fetch_online_status($user, true);
if (!$user['invisible'] or $permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehidden']) {
$user['lastonline'] = vbdate($vbulletin->options['dateformat'], $user['lastactivity'], 1);
} else {
$user['lastonline'] = ' ';
}
fetch_musername($user);
return $user;
}
$sql = fetch_vm_ajax_query($userinfo, $vbulletin->GPC['vmid'], 'edit');
}
else if ($vbulletin->GPC['fromconverse'])
{
$sql = fetch_vm_ajax_query($userinfo, $vmid, 'wall', $userinfo2);
}
else
{
$sql = fetch_vm_ajax_query($userinfo, $vmid, 'user');
}
$messages = $db->query_read_slave($sql);
while ($message = $db->fetch_array($messages))
{
// Process user.options
$message = array_merge($message, convert_bits_to_array($message['options'], $vbulletin->bf_misc_useroptions));
if ($message['profileuserid'] == $vbulletin->userinfo['userid'] AND $message['state'] == 'visible' AND !$message['messageread'])
{
$read_ids[] = $message['vmid'];
}
$response_handler =& $factory->create($message);
$response_handler->cachable = false;
if ($vbulletin->GPC['fromconverse'])
{
$response_handler->converse = false;
}
else
{
$response_handler->converse = true;
$moderator = array();
foreach ($myobj->data['misc']['moderatorpermissions'] as $permission => $option) {
$moderator["{$permission}"] = $option['default'] ? 1 : 0;
}
foreach ($myobj->data['misc']['moderatorpermissions2'] as $permission => $option) {
$moderator["{$permission}"] = $option['default'] ? 1 : 0;
}
$moderator['forumid'] = $foruminfo['forumid'];
$moderator['forumtitle'] = $foruminfo['forumtitle'];
print_form_header('moderator', 'update');
print_table_header(construct_phrase($vbphrase['add_new_moderator_to_forum_x'], $foruminfo['forumtitle']));
} else {
// edit moderator - query moderator
$moderator = $db->query_first("\n\t\t\tSELECT moderator.moderatorid, moderator.userid,\n\t\t\tmoderator.forumid, moderator.permissions, moderator.permissions2, user.username, forum.title AS forumtitle, user.username\n\t\t\tFROM " . TABLE_PREFIX . "moderator AS moderator\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = moderator.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "forum AS forum ON (forum.forumid = moderator.forumid)\n\t\t\tWHERE moderatorid = " . $vbulletin->GPC['moderatorid'] . "\n\t\t");
$perms = convert_bits_to_array($moderator['permissions'], $vbulletin->bf_misc_moderatorpermissions);
$perms2 = convert_bits_to_array($moderator['permissions2'], $vbulletin->bf_misc_moderatorpermissions2);
$moderator = array_merge($perms, $perms2, $moderator);
log_admin_action('username = '******'username'] . ', userid = ' . $moderator['userid']);
// delete link
print_form_header('moderator', 'remove');
construct_hidden_code('moderatorid', $vbulletin->GPC['moderatorid']);
print_table_header($vbphrase['if_you_would_like_to_remove_this_moderator'] . ' <input type="submit" class="button" value="' . $vbphrase['remove'] . '" tabindex="1" />');
print_table_footer();
print_form_header('moderator', 'update');
construct_hidden_code('moderatorid', $vbulletin->GPC['moderatorid']);
print_table_header(construct_phrase($vbphrase['edit_moderator_x_for_forum_y'], $moderator['username'], $moderator['forumtitle']));
}
}
if ($_REQUEST['do'] != 'editglobal') {
print_forum_chooser($vbphrase['forum_and_children'], 'forumid', $moderator['forumid']);
if ($_REQUEST['do'] == 'add') {
if ($limitlower <= 0) {
$limitlower = 1;
}
$getevents = $db->query_read_slave("\n\t\tSELECT event.*, IF(dateline_to = 0, 1, 0) AS singleday, user.username, user.options, user.adminoptions, user.usergroupid, user.membergroupids, user.infractiongroupids, IF(options & " . $vbulletin->bf_misc_useroptions['hasaccessmask'] . ", 1, 0) AS hasaccessmask,\n\t\t\tsubscribeevent.reminder, subscribeevent.subscribeeventid\n\t\t\t" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight, customavatar.width_thumb AS avwidth_thumb, customavatar.height_thumb AS avheight_thumb, filedata_thumb, NOT ISNULL(customavatar.userid) AS hascustom" : "") . "\n\t\tFROM " . TABLE_PREFIX . "subscribeevent AS subscribeevent\n\t\tLEFT JOIN " . TABLE_PREFIX . "event AS event ON (subscribeevent.eventid = event.eventid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (event.userid = user.userid)\n\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\tWHERE\n\t\t\tsubscribeevent.userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\tAND\n\t\t\tevent.visible = 1\n\t\tORDER BY\n\t\t\t{$sqlsortfield} {$sortorder}\n\t\tLIMIT " . ($limitlower - 1) . ", {$perpage}\n\t");
$itemcount = ($pagenumber - 1) * $perpage;
$first = $itemcount + 1;
if ($db->num_rows($getevents)) {
$show['haveevents'] = true;
while ($event = $db->fetch_array($getevents)) {
if (empty($reminders["{$event['reminder']}"])) {
$event['reminder'] = 3600;
}
$event['reminder'] = $vbphrase[$reminders[$event['reminder']]];
$offset = $event['dst'] ? $vbulletin->userinfo['timezoneoffset'] : $vbulletin->userinfo['tzoffset'];
$event = array_merge($event, convert_bits_to_array($event['options'], $vbulletin->bf_misc_useroptions));
$event = array_merge($event, convert_bits_to_array($event['adminoptions'], $vbulletin->bf_misc_adminoptions));
cache_permissions($event, false);
fetch_avatar_from_userinfo($event, true);
$event['dateline_from_user'] = $event['dateline_from'] + $offset * 3600;
$event['dateline_to_user'] = $event['dateline_to'] + $offset * 3600;
$event['preview'] = htmlspecialchars_uni(strip_bbcode(fetch_trimmed_title(strip_quotes($event['event']), 300), false, true));
$event = fetch_event_date_time($event);
$event['calendar'] = $calendarcache["{$event['calendarid']}"];
$show['singleday'] = !empty($event['singleday']) ? true : false;
($hook = vBulletinHook::fetch_hook('calendar_viewreminder_event')) ? eval($hook) : false;
$oppositesort = $sortorder == 'asc' ? 'desc' : 'asc';
$templater = vB_Template::create('calendar_reminder_eventbit');
$templater->register('date1', $date1);
$templater->register('date2', $date2);
$templater->register('daterange', $daterange);
$templater->register('event', $event);
}
$query = fetch_query_sql($langupdate, 'language', "WHERE languageid = " . $vbulletin->GPC['dolanguageid']);
$db->query_write($query);
if ($vbulletin->GPC['isdefault'] and $vbulletin->GPC['dolanguageid'] != $vbulletin->options['languageid']) {
$do = 'setdefault';
} else {
$do = 'modify';
}
build_language_datastore();
define('CP_REDIRECT', 'language.php?dolanguageid=' . $vbulletin->GPC['dolanguageid'] . '&do=' . $do);
print_stop_message('saved_language_x_successfully', $newlang['title']);
}
// ##########################################################################
if ($_REQUEST['do'] == 'edit_settings') {
$language = fetch_languages_array($vbulletin->GPC['dolanguageid']);
$getoptions = convert_bits_to_array($language['options'], $vbulletin->bf_misc_languageoptions);
$language = array_merge($language, $getoptions);
print_form_header('language', 'update_settings');
construct_hidden_code('dolanguageid', $vbulletin->GPC['dolanguageid']);
print_table_header(construct_phrase($vbphrase['x_y_id_z'], $vbphrase['language'], $language['title'], $language['languageid']));
print_description_row($vbphrase['general_settings'], 0, 2, 'thead');
print_input_row($vbphrase['title'], 'title', $language['title'], 0);
print_yes_no_row($vbphrase['allow_user_selection'], 'userselect', $language['userselect']);
print_yes_no_row($vbphrase['is_default_language'], 'isdefault', iif($vbulletin->GPC['dolanguageid'] == $vbulletin->options['languageid'], 1, 0));
print_yes_no_row($vbphrase['enable_directional_markup_fix'], 'options[dirmark]', $language['dirmark']);
print_label_row($vbphrase['text_direction'], '<label for="rb_l2r"><input type="radio" name="options[direction]" id="rb_l2r" value="1" tabindex="1"' . iif($language['direction'], ' checked="checked"') . " />{$vbphrase['left_to_right']}</label><br />" . '
<label for="rb_r2l"><input type="radio" name="options[direction]" id="rb_r2l" value="0" tabindex="1"' . iif(!$language['direction'], ' checked="checked"') . " />{$vbphrase['right_to_left']}</label>", '', 'top', 'direction');
print_input_row($vbphrase['language_code'], 'languagecode', $language['languagecode']);
print_input_row($vbphrase['html_charset'] . "<code><meta http-equiv="Content-Type" content="text/html; charset=<b>{$language['charset']}</b>" /></code>", 'charset', $language['charset']);
print_input_row($vbphrase['image_folder_override'], 'imagesoverride', $language['imagesoverride']);
print_description_row($vbphrase['date_time_formatting'], 0, 2, 'thead');
photoplog_output_page('photoplog_error_page', $vbphrase['photoplog_error'], $vbphrase['photoplog_bad_inline']);
}
$photoplog_comment_infos = $db->query_read_slave("SELECT commentid, catid, fileid, userid\r\n\t\tFROM " . PHOTOPLOG_PREFIX . "photoplog_ratecomment\r\n\t\tWHERE commentid IN (" . implode(',', $photoplog_comment_ids) . ")\r\n\t\t{$photoplog_catid_sql2}\r\n\t\t{$photoplog_admin_sql2}\r\n\t\tAND comment != ''\r\n\t");
$photoplog_inline_perm = array();
while ($photoplog_comment_info = $db->fetch_array($photoplog_comment_infos)) {
$photoplog_inline_commentid = $photoplog_comment_info['commentid'];
$photoplog_inline_catid = $photoplog_comment_info['catid'];
$photoplog_inline_perm[$photoplog_inline_commentid]['caneditowncomments'] = 0;
$photoplog_inline_perm[$photoplog_inline_commentid]['candeleteowncomments'] = 0;
$photoplog_inline_perm[$photoplog_inline_commentid]['caneditothercomments'] = 0;
$photoplog_inline_perm[$photoplog_inline_commentid]['candeleteothercomments'] = 0;
$photoplog_inline_perm[$photoplog_inline_commentid]['catid'] = 0;
$photoplog_inline_perm[$photoplog_inline_commentid]['fileid'] = 0;
$photoplog_inline_perm[$photoplog_inline_commentid]['userid'] = 0;
if (isset($photoplog_inline_bits[$photoplog_inline_catid])) {
$photoplog_inline_perm[$photoplog_inline_commentid] = convert_bits_to_array($photoplog_inline_bits[$photoplog_inline_catid], $photoplog_categoryoptpermissions);
$photoplog_inline_perm[$photoplog_inline_commentid]['catid'] = $photoplog_inline_catid;
$photoplog_inline_perm[$photoplog_inline_commentid]['fileid'] = $photoplog_comment_info['fileid'];
$photoplog_inline_perm[$photoplog_inline_commentid]['userid'] = $photoplog_comment_info['userid'];
}
}
$db->free_result($photoplog_comment_infos);
if (empty($photoplog_inline_perm)) {
photoplog_index_bounce();
}
$photoplog_comment_sql = array();
$photoplog_cat_ids = array();
$photoplog_file_ids = array();
$photoplog_user_ids = array();
foreach ($photoplog_inline_perm as $photoplog_inline_perm_commentid => $photoplog_inline_perm_array) {
if ($_REQUEST['do'] == 'edit' && $photoplog_file_id != $photoplog_inline_perm_array['fileid']) {
$usergroup = array('pmquota' => 0, 'pmsendmax' => 5, 'attachlimit' => 1000000, 'avatarmaxwidth' => 50, 'avatarmaxheight' => 50, 'avatarmaxsize' => 20000, 'profilepicmaxwidth' => 100, 'profilepicmaxheight' => 100, 'profilepicmaxsize' => 25000, 'sigmaxsizebbcode' => 7);
}
$permgroups = $db->query_read("\n\t\t\tSELECT usergroup.usergroupid, title,\n\t\t\t\t(COUNT(forumpermission.forumpermissionid) + COUNT(calendarpermission.calendarpermissionid)) AS permcount\n\t\t\tFROM " . TABLE_PREFIX . "usergroup AS usergroup\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermission AS forumpermission ON (usergroup.usergroupid = forumpermission.usergroupid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "calendarpermission AS calendarpermission ON (usergroup.usergroupid = calendarpermission.usergroupid)\n\t\t\tGROUP BY usergroup.usergroupid\n\t\t\tHAVING permcount > 0\n\t\t\tORDER BY title\n\t\t");
$ugarr = array('-1' => '--- ' . $vbphrase['none'] . ' ---');
while ($group = $db->fetch_array($permgroups)) {
$ugarr["{$group['usergroupid']}"] = $group['title'];
}
print_table_header($vbphrase['default_forum_permissions']);
print_select_row($vbphrase['create_permissions_based_off_of_forum'], 'ugid_base', $ugarr, $vbulletin->GPC['defaultgroupid']);
print_table_break();
print_table_header($vbphrase['add_new_usergroup']);
} else {
$usergroup = $db->query_first("\n\t\t\tSELECT * FROM " . TABLE_PREFIX . "usergroup\n\t\t\tWHERE usergroupid = " . $vbulletin->GPC['usergroupid'] . "\n\t\t");
$ug_bitfield = array();
foreach ($vbulletin->bf_ugp as $permissiongroup => $fields) {
$ug_bitfield["{$permissiongroup}"] = convert_bits_to_array($usergroup["{$permissiongroup}"], $fields);
}
construct_hidden_code('usergroupid', $vbulletin->GPC['usergroupid']);
print_table_header(construct_phrase($vbphrase['x_y_id_z'], $vbphrase['usergroup'], $usergroup[title], $usergroup[usergroupid]), 2, 0);
}
print_input_row($vbphrase['title'], 'usergroup[title]', $usergroup['title']);
print_input_row($vbphrase['description'], 'usergroup[description]', $usergroup['description']);
print_input_row($vbphrase['usergroup_user_title'], 'usergroup[usertitle]', $usergroup['usertitle']);
print_label_row($vbphrase['username_markup'], '<span style="white-space:nowrap">
<input size="15" type="text" class="bginput" name="usergroup[opentag]" value="' . htmlspecialchars_uni($usergroup['opentag']) . '" tabindex="1" />
<input size="15" type="text" class="bginput" name="usergroup[closetag]" value="' . htmlspecialchars_uni($usergroup['closetag']) . '" tabindex="1" />
</span>', '', 'top', 'htmltags');
print_input_row($vbphrase['password_expiry'], 'usergroup[passwordexpires]', $usergroup['passwordexpires']);
print_input_row($vbphrase['password_history'], 'usergroup[passwordhistory]', $usergroup['passwordhistory']);
print_table_break();
print_column_style_code(array('width: 70%', 'width: 30%'));
if (defined('FEED_SAVE_ERROR') and is_array($feed)) {
// save error, show stuff again
$form_title = $feed['rssfeedid'] ? $vbphrase['edit_rss_feed'] : $vbphrase['add_new_rss_feed'];
} else {
if ($vbulletin->GPC['rssfeedid'] and $feed = $db->query_first("\r\n\t\tSELECT rssfeed.*, user.username\r\n\t\tFROM " . TABLE_PREFIX . "rssfeed AS rssfeed\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = rssfeed.userid)\r\n\t\tWHERE rssfeed.rssfeedid = " . $vbulletin->GPC['rssfeedid'] . "\r\n\t")) {
// feed is defined
$form_title = $vbphrase['edit_rss_feed'];
} else {
// add new feed
$feed = array('options' => 1025, 'ttl' => 1800, 'maxresults' => 0, 'endannouncement' => 7, 'titletemplate' => $vbphrase['rssfeed_title_template'], 'bodytemplate' => $vbphrase['rssfeed_body_template'], 'itemtype' => 'thread');
$form_title = $vbphrase['add_new_rss_feed'];
}
}
$checked = array();
if (!defined('FEED_SAVE_ERROR') and !is_array($feed['options'])) {
$feed['options'] = convert_bits_to_array($feed['options'], $vbulletin->bf_misc_feedoptions);
}
foreach ($feed['options'] as $bitname => $bitvalue) {
$checked["{$bitname}"] = $bitvalue ? ' checked="checked"' : '';
}
$checked['itemtype']["{$feed['itemtype']}"] = ' checked="checked"';
print_form_header('rssposter', 'update');
print_table_header($form_title);
if ($feed['rssfeedid']) {
print_checkbox_row($vbphrase['reset_last_checked_time'], 'resetlastrun', 0, 1, "<span class=\"normal\">{$vbphrase['reset']}</span>");
}
print_yes_no_row($vbphrase['feed_is_enabled'], 'options[enabled]', $feed['options']['enabled']);
print_input_row($vbphrase['title'], 'title', $feed['title'], false, 50);
print_input_row($vbphrase['url_of_feed'], 'url', $feed['url'], true, 50);
print_select_row($vbphrase['check_feed_every'], 'ttl', array(600 => construct_phrase($vbphrase['x_minutes'], 10), 1200 => construct_phrase($vbphrase['x_minutes'], 20), 1800 => construct_phrase($vbphrase['x_minutes'], 30), 3600 => construct_phrase($vbphrase['x_minutes'], 60), 7200 => construct_phrase($vbphrase['x_hours'], 2), 14400 => construct_phrase($vbphrase['x_hours'], 4), 21600 => construct_phrase($vbphrase['x_hours'], 6), 28800 => construct_phrase($vbphrase['x_hours'], 8), 36000 => construct_phrase($vbphrase['x_hours'], 10), 43200 => construct_phrase($vbphrase['x_hours'], 12)), $feed['ttl']);
print_input_row($vbphrase['maximum_items_to_fetch'], 'maxresults', $feed['maxresults'], true, 50);
if ($permgroups and $permgroups->valid()) {
foreach ($permgroups as $group) {
$ugarr["{$group['usergroupid']}"] = $group['title'];
}
}
print_table_header($vbphrase['default_forum_permissions']);
print_select_row($vbphrase['create_permissions_based_off_of_forum'], 'ugid_base', $ugarr, $vbulletin->GPC['defaultgroupid']);
print_table_break();
print_table_header($vbphrase['add_new_usergroup_gcpusergroup']);
} else {
$usergroup = vB_Api::instanceInternal('usergroup')->fetchUsergroupByID($vbulletin->GPC['usergroupid']);
$ug_bitfield = array();
foreach ($vbulletin->bf_ugp as $permissiongroup => $fields) {
$ug_bitfield["{$permissiongroup}"] = convert_bits_to_array($usergroup["{$permissiongroup}"], $fields);
if (array_key_exists($permissiongroup, $usergroup_org)) {
$usergroup_org[$permissiongroup] = convert_bits_to_array($usergroup_org["{$permissiongroup}"], $fields);
}
}
try {
$channelPerms = vB_ChannelPermission::instance()->fetchPermissions(1, $usergroup['usergroupid']);
$groupinfo["moderator_permissions"] = array();
$groupinfo["createpermissions"] = array();
if (!empty($channelPerms) and !empty($channelPerms[$usergroup['usergroupid']])) {
$channelPerms = $channelPerms[$usergroup['usergroupid']];
foreach (array('edit_time', 'require_moderate', 'maxtags', 'maxstartertags', 'maxothertags', 'maxattachments') as $field) {
$usergroup[$field] = $channelPerms[$field];
}
$ug_bitfield['createpermissions'] = $usergroup['moderator_permissions'] = array();
foreach ($channelPerms['bitfields']['createpermissions'] as $createPerm) {
if ($createPerm['used']) {
$ug_bitfield['createpermissions'][$createPerm['name']] = $createPerm['set'];
}
}
$getperms = fetch_forum_permissions($usergroupid, $forumid);
construct_hidden_code('forumpermission[usergroupid]', $usergroupid);
construct_hidden_code('forumid', $forumid);
} else {
$getperms = $db->query_first("\n\t\t\tSELECT *\n\t\t\tFROM " . TABLE_PREFIX . "forumpermission\n\t\t\tWHERE forumpermissionid = {$forumpermissionid}\n\t\t");
if (!$getperms) {
print_table_footer();
print_stop_message('invalid_forum_permissions_specified');
}
$usergroup['title'] = $vbulletin->usergroupcache["{$getperms['usergroupid']}"]['title'];
$forum['title'] = $vbulletin->forumcache["{$getperms['forumid']}"]['title'];
construct_hidden_code('forumpermissionid', $forumpermissionid);
}
$forumpermission = convert_bits_to_array($getperms['forumpermissions'], $vbulletin->bf_ugp_forumpermissions);
print_table_header(construct_phrase($vbphrase['edit_forum_permissions_for_usergroup_x_in_forum_y'], $usergroup['title'], $forum['title']));
print_description_row('
<label for="uug_1"><input type="radio" name="useusergroup" value="1" id="uug_1" onclick="this.form.reset(); this.checked=true;"' . iif(empty($forumpermissionid), ' checked="checked"') . ' />' . $vbphrase['use_default_permissions'] . '</label>
<br />
<label for="uug_0"><input type="radio" name="useusergroup" value="0" id="uug_0"' . iif(!empty($forumpermissionid), ' checked="checked"') . ' />' . $vbphrase['use_custom_permissions'] . '</label>
', 0, 2, 'tfoot', '', 'mode');
print_table_break();
print_forum_permission_rows($vbphrase['edit_forum_permissions'], $forumpermission, 'js_set_custom();');
print_submit_row($vbphrase['save']);
}
// ###################### Start do update #######################
if ($_POST['do'] == 'doupdate') {
$vbulletin->input->clean_array_gpc('p', array('forumpermissionid' => TYPE_INT, 'forumpermission' => TYPE_ARRAY_INT, 'useusergroup' => TYPE_INT, 'forumid' => TYPE_INT));
if (!$vbulletin->GPC['forumpermissionid']) {
$forum_perms = $db->query_first("\n\t\t\tSELECT forumpermissionid\n\t\t\tFROM " . TABLE_PREFIX . "forumpermission\n\t\t\tWHERE usergroupid = " . $vbulletin->GPC['forumpermission']['usergroupid'] . "\n\t\t\t\tAND forumid = " . $vbulletin->GPC['forumid']);
/**
* Prepare any data needed for the output
*
* @param string The id of the block
* @param array Options specific to the block
*/
function prepare_output($id = '', $options = array())
{
global $show, $vbphrase, $messagearea, $vBeditTemplate;
require_once DIR . '/includes/functions_visitormessage.php';
require_once DIR . '/includes/class_bbcode.php';
require_once DIR . '/includes/class_visitormessage.php';
if (is_array($options)) {
$options = array_merge($this->option_defaults, $options);
} else {
$options = $this->option_defaults;
}
if ($options['vmid']) {
$messageinfo = verify_visitormessage($options['vmid'], false);
}
$state = array('visible');
if (fetch_visitor_message_perm('canmoderatevisitormessages', $this->profile->userinfo)) {
$state[] = 'moderation';
}
if (can_moderate(0, 'canmoderatevisitormessages') or $this->registry->userinfo['userid'] == $this->profile->userinfo['userid'] and $this->registry->userinfo['permissions']['visitormessagepermissions'] & $this->registry->bf_ugp_visitormessagepermissions['canmanageownprofile']) {
$state[] = 'deleted';
$deljoinsql = "LEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON (visitormessage.vmid = deletionlog.primaryid AND deletionlog.type = 'visitormessage')";
} else {
$deljoinsql = '';
}
$state_or = array("visitormessage.state IN ('" . implode("','", $state) . "')");
// Get the viewing user's moderated posts
if ($this->registry->userinfo['userid'] and !fetch_visitor_message_perm('canmoderatevisitormessages', $this->profile->userinfo)) {
$state_or[] = "(visitormessage.postuserid = " . $this->registry->userinfo['userid'] . " AND state = 'moderation')";
}
$perpage = (!$options['perpage'] or $options['perpage'] > $this->registry->options['vm_maxperpage']) ? $this->registry->options['vm_perpage'] : $options['perpage'];
if ($messageinfo['vmid']) {
$getpagenum = $this->registry->db->query_first("\n\t\t\t\tSELECT COUNT(*) AS comments\n\t\t\t\tFROM " . TABLE_PREFIX . "visitormessage AS visitormessage\n\t\t\t\tWHERE userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\t\tAND (" . implode(" OR ", $state_or) . ")\n\t\t\t\t\tAND dateline >= {$messageinfo['dateline']}\n\t\t\t");
$options['pagenumber'] = ceil($getpagenum['comments'] / $perpage);
}
$pagenumber = $options['pagenumber'];
do {
if (!$pagenumber or $options['tab'] != $id and $options['tab'] != '') {
$pagenumber = 1;
}
$start = ($pagenumber - 1) * $perpage;
$hook_query_fields = $hook_query_joins = $hook_query_where = '';
($hook = vBulletinHook::fetch_hook('member_profileblock_visitormessage_query')) ? eval($hook) : false;
if ($this->registry->options['globalignore'] != '') {
if (!can_moderate(0, 'candeletevisitormessages') and !can_moderate(0, 'canremovevisitormessages')) {
require_once DIR . '/includes/functions_bigthree.php';
$coventry = fetch_coventry('string');
}
}
$messagebits = '';
$messages = $this->registry->db->query_read("\n\t\t\t\tSELECT " . (!isset($this->profile->prepared['vm_total']) ? "SQL_CALC_FOUND_ROWS" : "") . "\n\t\t\t\t\tvisitormessage.*, user.*, visitormessage.ipaddress AS messageipaddress\n\t\t\t\t\t" . ($this->registry->userinfo['userid'] ? ",IF(userlist.userid IS NOT NULL, 1, 0) AS bbuser_iscontact_of_user" : "") . "\n\t\t\t\t\t" . ($deljoinsql ? ",deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason" : "") . "\n\t\t\t\t\t" . ($this->registry->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight, customavatar.width_thumb AS avwidth_thumb, customavatar.height_thumb AS avheight_thumb, filedata_thumb, NOT ISNULL(customavatar.userid) AS hascustom" : "") . "\n\t\t\t\t\t{$hook_query_fields}\n\t\t\t\tFROM " . TABLE_PREFIX . "visitormessage AS visitormessage\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (visitormessage.postuserid = user.userid)\n\t\t\t\t" . ($this->registry->userinfo['userid'] ? "LEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON (userlist.userid = user.userid AND userlist.type = 'buddy' AND userlist.relationid = " . $this->registry->userinfo['userid'] . ")" : "") . "\n\t\t\t\t" . ($this->registry->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\t\t{$deljoinsql}\n\t\t\t\t{$hook_query_joins}\n\t\t\t\tWHERE visitormessage.userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\t\tAND (" . implode(" OR ", $state_or) . ")\n\t\t\t\t" . ($coventry ? "AND visitormessage.postuserid NOT IN (" . $coventry . ")" : '') . "\n\t\t\t\t\t{$hook_query_where}\n\t\t\t\tORDER BY visitormessage.dateline DESC\n\t\t\t\tLIMIT {$start}, {$perpage}\n\t\t\t");
if (!isset($this->profile->prepared['vm_total'])) {
list($messagetotal) = $this->registry->db->query_first("SELECT FOUND_ROWS()", DBARRAY_NUM);
} else {
$messagetotal = $this->profile->prepared['vm_total'];
}
if ($start >= $messagetotal) {
$pagenumber = ceil($messagetotal / $perpage);
}
} while ($start >= $messagetotal and $messagetotal);
$this->block_data['messagestart'] = $start + 1;
$this->block_data['messageend'] = min($start + $perpage, $messagetotal);
$bbcode = new vB_BbCodeParser($this->registry, fetch_tag_list());
$factory = new vB_Visitor_MessageFactory($this->registry, $bbcode, $this->profile->userinfo);
$messagebits = '';
if ($this->registry->userinfo['userid'] and empty($options['showignored'])) {
$ignorelist = preg_split('/( )+/', trim($this->registry->userinfo['ignorelist']), -1, PREG_SPLIT_NO_EMPTY);
} else {
$ignorelist = array();
}
$firstrecord = array();
$read_ids = array();
while ($message = $this->registry->db->fetch_array($messages)) {
// Process user.options
$message = array_merge($message, convert_bits_to_array($message['options'], $this->registry->bf_misc_useroptions));
if (!$firstrecord) {
$firstrecord = $message;
}
if ($ignorelist and in_array($message['postuserid'], $ignorelist)) {
$message['ignored'] = true;
}
if (empty($options['showignored']) and in_coventry($message['postuserid'])) {
$message['ignored'] = true;
}
$response_handler =& $factory->create($message);
$response_handler->converse = true;
if (!$message['vm_enable'] and (!can_moderate(0, 'canmoderatevisitormessages') or $this->registry->userinfo['userid'] == $message['postuserid']) or $message['vm_contactonly'] and !can_moderate(0, 'canmoderatevisitormessages') and $message['postuserid'] != $this->registry->userinfo['userid'] and !$message['bbuser_iscontact_of_user']) {
$response_handler->converse = false;
}
$response_handler->cachable = false;
$messagebits .= $response_handler->construct();
if (!$message['messageread'] and $message['state'] == 'visible') {
$read_ids[] = $message['vmid'];
}
$lastcomment = !$lastcomment ? $message['dateline'] : $lastcomment;
}
$readvms = 0;
// If it's our profile and the visible or default tab then we hope they've read it
// if ($this->profile->userinfo['userid'] == $this->registry->userinfo['userid'] AND ($options['tab'] == $id OR $options['tab'] == '') AND !empty($read_ids))
if ($this->profile->userinfo['userid'] == $this->registry->userinfo['userid']) {
if (!empty($read_ids)) {
$readvms = sizeof($read_ids);
$this->registry->db->query_write("UPDATE " . TABLE_PREFIX . "visitormessage SET messageread = 1 WHERE vmid IN (" . implode(',', $read_ids) . ")");
}
if ($this->profile->userinfo['vmunreadcount'] - $readvms > 0 and $this->registry->options['globalignore'] != '') {
// We still have unread VMs somewhere, and Tachy is enabled
build_visitor_message_counters($this->profile->userinfo['userid']);
} else {
if ($readvms) {
// This is more than likely on the second page
$this->registry->db->query_write("\n\t\t\t\t\tUPDATE " . TABLE_PREFIX . "user\n\t\t\t\t\tSET vmunreadcount = IF(vmunreadcount >= {$readvms}, vmunreadcount - {$readvms}, 0)\n\t\t\t\t\tWHERE userid = " . $this->registry->userinfo['userid']);
}
}
}
if ($pagenumber == 1 and (!isset($this->profile->prepared['vm_total']) or !isset($this->profile->prepared['lastvm_time']) or !isset($this->profile->prepared['lastvm_date']))) {
$pminfo = array('dateline' => $firstrecord['dateline'], 'messages' => $messagetotal);
} else {
$pminfo = null;
}
$this->profile->prepare('vm_total', $pminfo);
$this->block_data['messagebits'] = $messagebits;
$this->block_data['lastcomment'] = $lastcomment;
$show['delete'] = fetch_visitor_message_perm('candeletevisitormessages', $this->profile->userinfo);
$show['undelete'] = fetch_visitor_message_perm('canundeletevisitormessages', $this->profile->userinfo);
$show['approve'] = fetch_visitor_message_perm('canmoderatevisitormessages', $this->profile->userinfo);
$show['inlinemod'] = ($show['delete'] or $show['undelete'] or $show['approve']);
// Only allow AJAX QC on the first page
$show['quickcomment'] = $show['post_visitor_message'];
$show['allow_ajax_qc'] = ($pagenumber == 1 and $messagetotal) ? 1 : 0;
$pageinfo = array('tab' => $id);
if ($options['perpage'] != $this->registry->options['vm_perpage']) {
$pageindo['pp'] = $options['perpage'];
}
if (!empty($options['showignored'])) {
$pageinfo['showignored'] = 1;
}
$this->block_data['pagenav'] = construct_page_nav($pagenumber, $perpage, $messagetotal, '', '', $id, 'member', $this->profile->userinfo, $pageinfo);
$this->block_data['messagetotal'] = $messagetotal;
$show['view_conversation'] = (!$this->profile->prepared['myprofile'] and THIS_SCRIPT != 'converse' and $this->registry->userinfo['vm_enable']);
if ($show['quickcomment']) {
require_once DIR . '/includes/functions_editor.php';
$this->block_data['editorid'] = construct_edit_toolbar('', false, 'visitormessage', $this->registry->options['allowsmilies'], true, false, 'qr_small', '', array(), 'content', 'vBForum_VisitorMessage', 0, $this->profile->userinfo['userid']);
$this->block_data['messagearea'] = $messagearea;
$this->block_data['clientscript'] = $vBeditTemplate['clientscript'];
}
}
unset($photoplog_permissions);
$photoplog_perm_denied = array();
$photoplog_perm_allowed = array();
$photoplog_inline_bits = array();
foreach ($photoplog_perm_membergroups_array as $photoplog_perm_membergroup_groupid) {
foreach ($photoplog_list_relatives as $photoplog_list_relatives_catid => $photoplog_list_relatives_array) {
if (!isset($photoplog_inline_bits[$photoplog_list_relatives_catid])) {
$photoplog_inline_bits[$photoplog_list_relatives_catid] = 0;
}
if ($photoplog_list_relatives_catid != '-1' && $photoplog_current_results[$photoplog_perm_membergroup_groupid][$photoplog_list_relatives_catid]) {
$photoplog_cat_mod_opt = intval($photoplog_current_results[$photoplog_perm_membergroup_groupid][$photoplog_list_relatives_catid]['options']);
$photoplog_cat_mod_val = $photoplog_cat_mod_opt % 2;
if ($photoplog_cat_mod_val == 0) {
$photoplog_perm_denied[] = intval($photoplog_list_relatives_catid);
} else {
$photoplog_cat_mod_arr = convert_bits_to_array($photoplog_cat_mod_opt, $photoplog_categoryoptpermissions);
if (defined('PHOTOPLOG_THIS_SCRIPT') && PHOTOPLOG_THIS_SCRIPT == 'categories' && ($_REQUEST['do'] == 'suggest' && !$photoplog_cat_mod_arr['cansuggestcategories'] || $_REQUEST['do'] == 'create' && !$photoplog_cat_mod_arr['cancreateunmoderatedcategories'])) {
$photoplog_perm_denied[] = intval($photoplog_list_relatives_catid);
} else {
if (defined('PHOTOPLOG_THIS_SCRIPT') && PHOTOPLOG_THIS_SCRIPT == 'edit' && !$photoplog_cat_mod_arr['canuploadfiles']) {
if ($photoplog_perm_catid != $photoplog_list_relatives_catid) {
$photoplog_perm_denied[] = intval($photoplog_list_relatives_catid);
} else {
$photoplog_perm_allowed[] = intval($photoplog_list_relatives_catid);
$photoplog_inline_temp = intval($photoplog_current_results[$photoplog_perm_membergroup_groupid][$photoplog_list_relatives_catid]['options']);
$photoplog_inline_bits[$photoplog_list_relatives_catid] = $photoplog_inline_bits[$photoplog_list_relatives_catid] | $photoplog_inline_temp;
}
} else {
if (defined('PHOTOPLOG_THIS_SCRIPT') && PHOTOPLOG_THIS_SCRIPT == 'search' && !$photoplog_cat_mod_arr['canusesearchfeature']) {
$photoplog_perm_denied[] = intval($photoplog_list_relatives_catid);
} else {
/**
* Caches the subscriptions from the database into an array
*/
function cache_user_subscriptions()
{
if (empty($this->subscriptioncache)) {
$permissions = $this->registry->db->query_read_slave("\n\t\t\t\tSELECT subscriptionid, usergroupid\n\t\t\t\tFROM " . TABLE_PREFIX . "subscriptionpermission\n\t\t\t");
$permcache = array();
while ($perm = $this->registry->db->fetch_array($permissions)) {
$permcache["{$perm['subscriptionid']}"]["{$perm['usergroupid']}"] = $perm['usergroupid'];
}
$subscriptions = $this->registry->db->query_read_slave("SELECT * FROM " . TABLE_PREFIX . "subscription ORDER BY displayorder");
while ($subscription = $this->registry->db->fetch_array($subscriptions)) {
$subscription = array_merge($subscription, convert_bits_to_array($subscription['adminoptions'], $this->registry->bf_misc_adminoptions));
if (!empty($permcache["{$subscription['subscriptionid']}"])) {
$subscription['deniedgroups'] = $permcache["{$subscription['subscriptionid']}"];
}
$this->subscriptioncache["{$subscription['subscriptionid']}"] = $subscription;
}
unset($permcache);
$this->registry->db->free_result($subscriptions);
$this->registry->db->free_result($permissions);
}
}
/**
* Fetch default usergroup data for adding or editing new usergroup
*
* @param int $usergroupid If present, the data will be copied from this usergroup
* @return array Default usergroup data. It contains four sub-arrays:
* 'usergroup' - Basic usergroup information
* 'ugarr' - usergroups to be used for 'Create Forum Permissions Based off of Usergroup'
* 'ug_bitfield' - Usergroup bitfield
* 'groupinfo' - Usergroup permission information
*/
public function fetchDefaultData($usergroupid = 0)
{
$this->checkHasAdminPermission('canadminpermissions');
$bf_ugp = vB::getDatastore()->get_value('bf_ugp');
require_once DIR . '/includes/class_bitfield_builder.php';
$myobj =& vB_Bitfield_Builder::init();
if ($usergroupid) {
$usergroup = vB::getDbAssertor()->getRow('usergroup', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_TABLE, vB_dB_Query::CONDITIONS_KEY => array('usergroupid' => $usergroupid)));
$ug_bitfield = array();
foreach ($bf_ugp as $permissiongroup => $fields) {
$ug_bitfield["{$permissiongroup}"] = convert_bits_to_array($usergroup["{$permissiongroup}"], $fields);
}
} else {
$ug_bitfield = array('genericoptions' => array('showgroup' => 1, 'showeditedby' => 1, 'isnotbannedgroup' => 1), 'forumpermissions' => array('canview' => 1, 'canviewothers' => 1, 'cangetattachment' => 1, 'cansearch' => 1, 'canthreadrate' => 1, 'canpostattachment' => 1, 'canpostpoll' => 1, 'canvote' => 1, 'canviewthreads' => 1), 'forumpermissions2' => array('cangetimgattachment' => 1), 'wolpermissions' => array('canwhosonline' => 1), 'genericpermissions' => array('canviewmembers' => 1, 'canmodifyprofile' => 1, 'canseeprofilepic' => 1, 'canusesignature' => 1, 'cannegativerep' => 1, 'canuserep' => 1, 'cansearchft_nl' => 1));
// set default numeric permissions
$usergroup = array('pmquota' => 0, 'pmsendmax' => 5, 'attachlimit' => 1000000, 'avatarmaxwidth' => 200, 'avatarmaxheight' => 200, 'avatarmaxsize' => 20000, 'profilepicmaxwidth' => 100, 'profilepicmaxheight' => 100, 'profilepicmaxsize' => 25000, 'sigmaxsizebbcode' => 7);
}
$permgroups = vB::getDbAssertor()->assertQuery('usergroup_fetchperms', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED));
$ugarr = array();
foreach ($permgroups as $group) {
$ugarr["{$group['usergroupid']}"] = $group['title'];
}
foreach ((array) $myobj->data['ugp'] as $grouptitle => $perms) {
if ($grouptitle == 'createpermissions') {
continue;
}
foreach ($perms as $permtitle => $permvalue) {
if (empty($permvalue['group'])) {
continue;
}
$groupinfo["{$permvalue['group']}"]["{$permtitle}"] = array('phrase' => $permvalue['phrase'], 'value' => $permvalue['value'], 'parentgroup' => $grouptitle);
if ($permvalue['intperm']) {
$groupinfo["{$permvalue['group']}"]["{$permtitle}"]['intperm'] = true;
}
if (!empty($myobj->data['layout']["{$permvalue['group']}"]['ignoregroups'])) {
$groupinfo["{$permvalue['group']}"]['ignoregroups'] = $myobj->data['layout']["{$permvalue['group']}"]['ignoregroups'];
}
if (!empty($permvalue['ignoregroups'])) {
$groupinfo["{$permvalue['group']}"]["{$permtitle}"]['ignoregroups'] = $permvalue['ignoregroups'];
}
if (!empty($permvalue['options'])) {
$groupinfo["{$permvalue['group']}"]["{$permtitle}"]['options'] = $permvalue['options'];
}
}
}
return array('usergroup' => $usergroup, 'ug_bitfield' => $ug_bitfield, 'ugarr' => $ugarr, 'groupinfo' => $groupinfo);
}
if ($_REQUEST['do'] == 'edit') {
$vbulletin->input->clean_array_gpc('g', array('catid' => TYPE_UINT));
$photoplog_catid = $vbulletin->GPC['catid'];
$photoplog_category_info = $db->query_first("SELECT title,\r\n\t\t\t\tdescription, displayorder, parentid, options\r\n\t\t\tFROM " . PHOTOPLOG_PREFIX . "photoplog_categories\r\n\t\t\tWHERE catid = " . intval($photoplog_catid) . "\r\n\t\t");
} else {
if ($_REQUEST['do'] == 'review') {
$vbulletin->input->clean_array_gpc('g', array('suggestid' => TYPE_UINT));
$photoplog_suggestid = $vbulletin->GPC['suggestid'];
$photoplog_category_info = $db->query_first("SELECT title,\r\n\t\t\t\tdescription, displayorder, parentid, options\r\n\t\t\tFROM " . PHOTOPLOG_PREFIX . "photoplog_suggestedcats\r\n\t\t\tWHERE suggestid = " . intval($photoplog_suggestid) . "\r\n\t\t");
}
}
if (!$photoplog_category_info) {
print_stop_message(no_results_matched_your_query);
} else {
$photoplog_category = $photoplog_category_info;
$photoplog_category_options = convert_bits_to_array($photoplog_category_info['options'], $photoplog_categoryoptions);
unset($photoplog_category_info);
if ($_REQUEST['do'] == 'edit') {
print_form_header('photoplog_category', 'doedit');
construct_hidden_code('s', $vbulletin->session->vars['sessionhash']);
construct_hidden_code('catid', $photoplog_catid);
print_table_header($vbphrase['photoplog_edit_this_category']);
} else {
if ($_REQUEST['do'] == 'review') {
print_form_header('photoplog_category', 'doadd');
construct_hidden_code('s', $vbulletin->session->vars['sessionhash']);
construct_hidden_code('suggestid', $photoplog_suggestid);
print_table_header($vbphrase['photoplog_add_new_category']);
}
}
print_input_row($vbphrase['photoplog_title'], 'photoplog_category[title]', $photoplog_category['title']);
/**
* Any startup work that needs to be done to a note.
*/
function prepare_start()
{
$this->message = array_merge($this->message, convert_bits_to_array($this->message['options'], $this->registry->bf_misc_useroptions));
$this->message = array_merge($this->message, convert_bits_to_array($this->message['adminoptions'], $this->registry->bf_misc_adminoptions));
$this->message['checkbox_value'] = 0;
$this->message['checkbox_value'] += ($this->message['state'] == 'moderation') ? POST_FLAG_INVISIBLE : 0;
$this->message['checkbox_value'] += ($this->message['state'] == 'deleted') ? POST_FLAG_DELETED : 0;
}
/**
* Insert or Update an user
*
* @param integer $userid Userid to be updated. Set to 0 if you want to insert a new user.
* @param string $password Password for the user. Empty means no change. May be overriden by the $extra array
* @param array $user Basic user information such as email or home page
* * username
* * email
* * usertitle
* * birthday
* * usergroupid (will get no_permissions exception without administrate user permissions)
* * membergroupids (will get no_permissions exception without administrate user permissions)
* * list not complete
* @param array $options vB options for the user
* @param array $adminoptions Admin Override Options for the user
* @param array $userfield User's User Profile Field data
* @param array $notificationOptions
* @param array $hvinput Human Verify input data. @see vB_Api_Hv::verifyToken()
* @param array $extra Generic flags or data to affect processing.
* * registration
* * email
* * newpass
* * password
* * acnt_settings
* @return integer New or updated userid.
*/
public function save($userid, $password, $user, $options, $adminoptions, $userfield, $notificationOptions = array(), $hvinput = array(), $extra = array())
{
$db = vB::getDbAssertor();
$vboptions = vB::getDatastore()->getValue('options');
$userContext = vB::getUserContext();
$currentUserId = $userContext->fetchUserId();
$userid = intval($userid);
$coppauser = false;
//set up some booleans to control behavior. This is done to simply/document the later code
$newuser = !$userid;
$canadminusers = $this->hasAdminPermission('canadminusers');
$adminoverride = ($canadminusers and empty($extra['acnt_settings']) and empty($extra['acnt_settings']));
$changingCurrentUser = $userid == $currentUserId;
// Not sure why we do this at all. The caller should handle this appropriately.
// We shouldn't set $userid = $currentUserId if $userid == 0 here
// Cause we may need to allow logged-in user to register again
if ($userid < 0 and $currentUserId) {
$userid = $currentUserId;
}
//we'll need this all over the place if this isn't a new user.
if (!$newuser) {
$userinfo = vB_User::fetchUserInfo($userid);
}
//check some permissions. If we can admin users we can skip all of these checks. Some checks
//only apply to some cases, such as registering a newuser. We also check various fields
//in some cases and not others.
if (!$canadminusers) {
if ($newuser) {
// Check if registration is allowed
if (!$vboptions['allowregistration']) {
throw new vB_Exception_Api('noregister');
}
// Check Multiple Registrations Per User
if ($currentUserId and !$vboptions['allowmultiregs']) {
$currentUser = vB::getCurrentSession()->fetch_userinfo();
throw new vB_Exception_Api('signing_up_but_currently_logged_in_msg', array($currentUser['username'], $vboptions['frontendurl'] . '/auth/logout?logouthash=' . $currentUser['logouthash']));
}
// If it's a new registration, we need to verify the HV
// VBV-9386: HV is disabled when accessing through the VB_API in vb4.
// Tere is also a comment saying that it should be enabled once it goes live???
if (!defined('VB_API') or defined('VB_API') and VB_API !== true) {
vB_Api::instanceInternal('hv')->verifyToken($hvinput, 'register');
}
// Verify Stop Forum Spam
$nospam = vB_StopForumSpam::instance();
if (!$nospam->checkRegistration($user['username'], vB::getRequest()->getIpAddress(), $user['email'])) {
throw new vB_Exception_Api('noregister');
}
} else {
//attempting to update somebody else's profile -- only admins can do this
if (!$changingCurrentUser) {
throw new vB_Exception_Api('no_permission');
}
//we need to handle this more gracefully -- this is kindof weird.
if (!$userContext->hasPermission('genericpermissions', 'canmodifyprofile')) {
// User can only update email and password
return $this->saveEmailPassword($extra);
}
if (isset($user['privacy_options']) and !$userContext->hasPermission('usercsspermissions', 'caneditprivacy')) {
// User doesn't have permission to update privacy
throw new vB_Exception_Api('no_permission');
}
if (isset($options['invisible']) and !empty($options['invisible']) and !$userContext->hasPermission('genericpermissions', 'caninvisible')) {
// User doesn't have permission to go invisible
throw new vB_Exception_Api('no_permission');
}
}
//handle some fields that users should not be able to set (the admin can do what he wants)
if (isset($user['usergroupid'])) {
throw new vB_Exception_Api('no_permission');
}
if (isset($user['membergroupids'])) {
throw new vB_Exception_Api('no_permission');
}
}
/*
* Some checks for all cases.
*/
//check the user title length. Skip for any administrator. Not sure if we should be checking for edit user permissions or not, but
//it's not a major issue if admins can set their own titles to something really long so changing it at this point is not wise.
if (isset($user['usertitle']) and vB_String::vbStrlen($user['usertitle']) > $vboptions['ctMaxChars'] and !$userContext->isAdministrator()) {
throw new vB_Exception_Api('please_enter_user_title_with_at_least_x_characters', $vboptions['ctMaxChars']);
}
//don't allow changes to an unalterable user unless the user themselves requests it. We might want to lock down what the
//user can edit in this case.
require_once DIR . '/includes/adminfunctions.php';
if (!$changingCurrentUser and is_unalterable_user($userid)) {
throw new vB_Exception_Api('user_is_protected_from_alteration_by_undeletableusers_var');
}
$olduser = array();
if ($userid != 0) {
// Get old user information
$olduser = $db->getRow('user_fetchforupdating', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'userid' => $userid));
if (!$olduser) {
throw new vB_Exception_Api('invalid_user_specified');
}
}
// if birthday is required
if ($vboptions['reqbirthday'] and empty($olduser['birthday']) and empty($user['birthday'])) {
if (count($userfield)) {
throw new vB_Exception_Api('birthdayfield');
} else {
throw new vB_Exception_Api('birthdayfield_nonprofile_tab');
}
}
/*
* If we are changing the password or email from the account setting we need to validate the users
* existing password.
*/
//we allow stuff for the account profile page to be passed separately in the $extra array.
//we shouldn't but cleaning that up is a larger task.
if (!empty($extra['acnt_settings'])) {
if (!empty($extra['email'])) {
$user['email'] = $extra['email'];
}
//new password to set
if (!empty($extra['newpass'])) {
$password = $extra['newpass'];
}
//the user's existing password -- needed to verify to set certain sensative fields.
if (!empty($extra['password'])) {
$user['password'] = $extra['password'];
}
}
//if we are setting the password or the email we may need to check the user's existing
//password as an extra precaution.
// * If this is an existing user
// * If we are changing the password or email
// * If we are not overriding as an admin
if (!$newuser and (!empty($password) or !empty($user['email'])) and !$adminoverride) {
$loginlib = vB_Library::instance('login');
if (!$user['password']) {
throw new vB_Exception_Api('enter_current_password');
}
$login = array_intersect_key($userinfo, array_flip(array('userid', 'token', 'scheme')));
$auth = $loginlib->verifyPasswordFromInfo($login, array(array('password' => $user['password'], 'encoding' => 'text')));
if (!$auth['auth']) {
throw new vB_Exception_Api('badpassword', vB5_Route::buildUrl('lostpw|fullurl'));
}
}
//this is the user's existing password which we don't need now that we've verified it.
//attempting to set it to the DM, which we do below for all user fields causes problems.
unset($user['password']);
//if this is a newuser we need to have a password -- even if this is an admin creating the user
if ($newuser and empty($password)) {
throw new vB_Exception_Api('invalid_password_specified');
}
/*
* If we got this far, we basically have permission to update the user in the way we requested.
*/
$bf_misc_useroptions = vB::getDatastore()->getValue('bf_misc_useroptions');
$bf_misc_adminoptions = vB::getDatastore()->getValue('bf_misc_adminoptions');
$bf_misc_notificationoptions = vB::getDatastore()->getValue('bf_misc_usernotificationoptions');
$usergroupcache = vB::getDatastore()->getValue('usergroupcache');
$user['ipaddress'] = vB::getRequest()->getIpAddress();
$olduser = array_merge($olduser, convert_bits_to_array($olduser['options'], $bf_misc_useroptions));
$olduser = array_merge($olduser, convert_bits_to_array($olduser['adminoptions'], $bf_misc_adminoptions));
$olduser = array_merge($olduser, convert_bits_to_array($olduser['notification_options'], $bf_misc_notificationoptions));
// get threaded mode options
if (isset($olduser['threadedmode']) and ($olduser['threadedmode'] == 1 or $olduser['threadedmode'] == 2)) {
$threaddisplaymode = $olduser['threadedmode'];
} else {
if (isset($olduser['postorder']) and $olduser['postorder'] == 0) {
$threaddisplaymode = 0;
} else {
$threaddisplaymode = 3;
}
}
$olduser['threadedmode'] = $threaddisplaymode;
// Let's handle this at API level, ignore list is causing problems in the data manager
//handle ignorelist
if (isset($user['ignorelist'])) {
$user['ignorelist'] = $this->updateIgnorelist($userid, explode(',', $user['ignorelist']));
} else {
$user['ignorelist'] = array();
}
// init data manager
$userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_ARRAY_UNPROCESSED);
/*
* If this was called from the account settings or registration pages
* (not the Admin Control Panel) then we shouldn't be setting admin override.
* Should also make sure that the admin is logged in and its not just a case of someone
* telling the API that we're in the ACP
*/
if ($adminoverride) {
$userdata->adminoverride = true;
}
$updateUGPCache = false;
// set existing info if this is an update
if (!$newuser) {
// birthday
if (!$adminoverride and $user['birthday'] and $olduser['birthday'] and $user['birthday'] != $olduser['birthday'] and $vboptions['reqbirthday']) {
throw new vB_Exception_Api('has_no_permission_change_birthday');
}
// update buddy list
$user['buddylist'] = array();
foreach (explode(' ', $userinfo['buddylist']) as $buddy) {
if (in_array($buddy, $user['ignorelist']) === false) {
$user['buddylist'][] = $buddy;
}
}
$userinfo['posts'] = intval($user['posts']);
// update usergroups cache if needed...
$uInfoMUgpIds = explode(',', trim($userinfo['membergroupids']));
$uInfoUgpId = trim($userinfo['usergroupid']);
$uIGpIds = explode(',', trim($userinfo['infractiongroupids']));
$mUgpIds = isset($user['membergroupids']) ? $user['membergroupids'] : false;
$ugpId = isset($user['usergroupid']) ? trim($user['usergroupid']) : false;
$iGpIds = isset($user['infractiongroupids']) ? explode(',', trim($user['infractiongroupids'])) : false;
if ($ugpId and $uInfoUgpId != $ugpId or $mUgpIds and array_diff($uInfoMUgpIds, $mUgpIds) or $iGpIds and array_diff($iGpIds, $uIGpIds)) {
$updateUGPCache = true;
}
$userdata->set_existing($userinfo);
} else {
if ($this->useCoppa()) {
if (empty($user['birthday'])) {
throw new vB_Exception_Api('under_thirteen_registration_denied');
}
if ($this->needsCoppa($user['birthday'])) {
if ($vboptions['usecoppa'] == 2) {
throw new vB_Exception_Api('under_thirteen_registration_denied');
} else {
if (empty($user['parentemail'])) {
throw new vB_Exception_Api('coppa_rules_description');
}
$userdata->set_info('coppauser', true);
$userdata->set_info('coppapassword', $password);
$options['coppauser'] = 1;
$coppauser = true;
}
} else {
if ($vboptions['moderatenewmembers']) {
$userdata->set_info('usergroupid', 4);
} else {
if ($vboptions['verifyemail']) {
$userdata->set_info('usergroupid', 3);
} else {
$userdata->set_info('usergroupid', 2);
}
}
}
}
}
//should not be required with the new password code.
// if no username is provided then is taken from old userinfo, datamanager needs username always set to perform password checks.
//$username = (empty($user['username']) ? $userinfo['username'] : $user['username']);
//$userdata->set('username', $username);
//unset($user['username']);
// user options
foreach ($bf_misc_useroptions as $key => $val) {
if (isset($options["{$key}"])) {
$userdata->set_bitfield('options', $key, $options["{$key}"]);
} else {
if (isset($olduser["{$key}"])) {
$userdata->set_bitfield('options', $key, $olduser["{$key}"]);
}
}
}
foreach ($adminoptions as $key => $val) {
$userdata->set_bitfield('adminoptions', $key, $val);
}
// notification options
foreach ($notificationOptions as $key => $val) {
// @TODO related to VBV-92
if ($olduser["{$key}"] != $val) {
$userdata->set_bitfield('notification_options', $key, $val);
} else {
if ($olduser["{$key}"] == $val) {
$userdata->set_bitfield('notification_options', $key, $olduser["{$key}"]);
}
}
}
$displaygroupid = (array_key_exists('displaygroupid', $user) and intval($user['displaygroupid'])) ? $user['displaygroupid'] : '';
if (isset($user['usergroupid']) and $user['usergroupid']) {
$displaygroupid = $user['usergroupid'];
} elseif (isset($olduser['usergroupid']) and $olduser['usergroupid']) {
$displaygroupid = $olduser['usergroupid'];
}
// custom user title
if (isset($user['usertitle']) and $user['usertitle']) {
$userdata->set_usertitle($user['usertitle'], $user['customtitle'] ? false : true, $usergroupcache["{$displaygroupid}"], $userContext->hasPermission('genericpermissions', 'canusecustomtitle'), $userContext->isAdministrator());
unset($user['usertitle'], $user['customtitle']);
} else {
if (isset($user['usertitle']) and empty($user['usertitle']) and empty($user['customtitle'])) {
$userdata->set_usertitle('', true, $usergroupcache["{$displaygroupid}"], $userContext->hasPermission('genericpermissions', 'canusecustomtitle'), $userContext->isAdministrator());
unset($user['usertitle'], $user['customtitle']);
}
}
// privacy_options
$privacyChanged = false;
if (isset($user['privacy_options']) and $user['privacy_options']) {
foreach ($user['privacy_options'] as $opt => $val) {
if (!in_array($opt, $this->privacyOptions)) {
unset($user['privacy_options'][$opt]);
}
}
// check if we need to update cached values...
if ($olduser['privacy_options']) {
$check = unserialize($olduser['privacy_options']);
$diff = array_diff_assoc($user['privacy_options'], $check);
if (!empty($diff)) {
$privacyChanged = true;
}
}
$user['privacy_options'] = serialize($user['privacy_options']);
}
// Update from user fields
foreach ($user as $key => $val) {
if (!$userid or $olduser["{$key}"] != $val) {
$userdata->set($key, $val);
}
}
$membergroupids = false;
if (isset($user['membergroupids']) and is_array($user['membergroupids'])) {
$membergroupids = $user['membergroupids'];
}
//add facebook user group for new users being registered with FB
//not entirely thrilled with putting this here, but doing it in a less
//fragile way requires a greater refactoring of the registration code
if ($newuser and $vboptions['facebookusergroupid']) {
$fblib = vB_Library::instance('facebook');
if ($fblib->isFacebookEnabled() and $fblib->userIsLoggedIn()) {
if (is_array($membergroupids)) {
$membergroupids[] = $vboptions['facebookusergroupid'];
} else {
$membergroupids = array($vboptions['facebookusergroupid']);
}
}
}
//actually set the usergroup array if we have one
if (is_array($membergroupids)) {
$userdata->set('membergroupids', $membergroupids);
}
// custom profile fields
if (!empty($userfield) and is_array($userfield)) {
$userdata->set_userfields($userfield, true, 'admin');
}
// handles ignorelist and buddylist correctly
$userdata->set('ignorelist', $user['ignorelist']);
$userdata->set('buddylist', isset($user['buddylist']) ? $user['buddylist'] : array());
// timezone
if (empty($user['timezoneoffset']) and $newuser) {
$userdata->set('timezoneoffset', $vboptions['timeoffset']);
}
//the secret really isn't related to the password, but we want to change it
//periodically and for now "every time the user changes their password"
//works (we previously used the password salt so that's when it got changed
//prior to the refactor).
if (!empty($password)) {
$userdata->set('secret', vB_Library::instance('user')->generateUserSecret());
}
// save data
$newuserid = $userdata->save();
if ($userdata->has_errors(false)) {
throw $userdata->get_exception();
}
//a bit of a hack. If the DM save function runs an update of an existing user then
//it returns true rather than the userid (despite what the comments say). However its
//not clear how to handle that in the DM (which looks like it could be use to alter
//multiple users wholesale, in which case we really don't have an ID. Better to catch it here.
if ($newuserid === true) {
$newuserid = $userid;
}
//if we have a new password, then let's set it.
if (!empty($password)) {
try {
//lookup the history for the user we are editing, which is not necesarily the
//user that we currently are.
if ($changinCurrentUser) {
$history = $userContext->getUsergroupLimit('passwordhistory');
} else {
if ($adminoverride) {
$history = 0;
} else {
$history = vB::getUserContext($userid)->getUsergroupLimit('passwordhistory');
}
}
$loginlib = vB_Library::instance('login');
$loginlib->setPassword($newuserid, $password, array('passwordhistorylength' => $history), array('passwordhistory' => $adminoverride));
} catch (Exception $e) {
//if this is a new user, deleted it if we fail to set the intial password.
if ($newuser) {
$db->delete('user', array('userid' => $newuserid));
}
throw $e;
}
}
if ($updateUGPCache) {
vB_Cache::instance(vB_Cache::CACHE_FAST)->event('perms_changed');
}
if ($privacyChanged) {
vB_Cache::instance()->event('userPrivacyChg_' . $userid);
}
// clear user info cached
$this->library->clearUserInfo(array($newuserid));
// update session's languageid, VBV-11318
if (isset($user['languageid'])) {
vB::getCurrentSession()->set('languageid', $user['languageid']);
}
if ($newuser and $vboptions['newuseremail'] != '') {
// Prepare email data
$customfields = '';
if (!empty($userfield) and is_array($userfield)) {
$customfields = $userdata->set_userfields($userfield, true, 'register');
}
$maildata = vB_Api::instanceInternal('phrase')->fetchEmailPhrases('newuser', array($user['username'], vB::getDatastore()->getOption('bbtitle'), vB5_Route::buildUrl('profile|fullurl', array('userid' => $user['userid'])), $user['email'], $user['birthday'], $user['ipaddress'], $customfields), array(vB::getDatastore()->getOption('bbtitle')));
// Send out the emails
$newemails = explode(' ', $vboptions['newuseremail']);
foreach ($newemails as $toemail) {
if (trim($toemail)) {
vB_Mail::vbmail($toemail, $maildata['subject'], $maildata['message'], false);
}
}
}
// Check if we need to send out activate email
$verifyEmail = (defined('VB_AREA') and VB_AREA == 'AdminCP') ? false : true;
if ($newuser and $vboptions['verifyemail'] and $verifyEmail) {
$this->library->sendActivateEmail($newuserid);
}
// Check if we need to send out welcome email
if ($newuser and $userdata->fetch_field('usergroupid') == 2 and $vboptions['welcomemail']) {
// Send welcome mail
$username = trim(unhtmlspecialchars($user['username']));
$maildata = vB_Api::instanceInternal('phrase')->fetchEmailPhrases('welcomemail', array($username, $vboptions['bbtitle']), array($vboptions['bbtitle']), isset($user['languageid']) ? $user['languageid'] : vB::getDatastore()->getOption('languageid'));
vB_Mail::vbmail($user['email'], $maildata['subject'], $maildata['message'], true);
}
return $newuserid;
}
$ccrecipients = $cclist;
}
if ($countbcc and $vbulletin->userinfo['userid'] == $pm['fromuserid'] and $pm['folderid'] == -1) {
if ($countcc) {
$bccrecipients = $bcclist;
} else {
$ccrecipients = $bcclist;
}
}
$show['recipients'] = true;
}
$show['quickreply'] = ($permissions['pmquota'] and $vbulletin->userinfo['receivepm'] and !fetch_privatemessage_throttle_reached($vbulletin->userinfo['userid']));
if ($pm['fromuserid']) {
$recipient = $db->query_first("\n\t\t\tSELECT usertextfield.*, user.*, userlist.type\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid=user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON(user.userid = userlist.userid AND userlist.relationid = " . $vbulletin->userinfo['userid'] . " AND userlist.type = 'buddy')\n\t\t\tWHERE user.userid = " . intval($pm['fromuserid']));
if (!empty($recipient)) {
$recipient = array_merge($recipient, convert_bits_to_array($recipient['options'], $vbulletin->bf_misc_useroptions));
cache_permissions($recipient, false);
if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and (!$recipient['receivepm'] or !$recipient['permissions']['pmquota'] or $recipient['receivepmbuddies'] and !can_moderate() and $recipient['type'] != 'buddy')) {
$show['quickreply'] = false;
}
} else {
$show['quickreply'] = false;
}
} else {
$show['quickreply'] = false;
}
if ($vbulletin->GPC['showhistory'] and $pm['parentpmid']) {
$threadresult = $vbulletin->db->query_read_slave("\n\t\t\tSELECT pm.*, pmtext.*\n\t\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\t\tINNER JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t\tWHERE (pm.parentpmid=" . $pm['parentpmid'] . "\n\t\t\t\t\tOR pm.pmid = " . $pm['parentpmid'] . ")\n\t\t\tAND pm.pmid != " . $pm['pmid'] . "\n\t\t\tAND pm.userid=" . $vbulletin->userinfo['userid'] . "\n\t\t\tAND pmtext.dateline < " . $pm['dateline'] . "\n\t\t\tORDER BY pmtext.dateline DESC\n\t\t");
if ($vbulletin->db->num_rows($threadresult)) {
$threadpms = '';
while ($threadpm = $vbulletin->db->fetch_array($threadresult)) {
} else {
print_stop_message('no_matches_found');
}
}
// ###################### Start viewuser #######################
if ($_REQUEST['do'] == 'viewuser') {
if (!can_moderate(0, 'canviewprofile')) {
print_stop_message('no_permission');
}
$OUTERTABLEWIDTH = '95%';
$INNERTABLEWIDTH = '100%';
if (empty($vbulletin->GPC['userid'])) {
print_stop_message('invalid_user_specified');
}
$user = $db->query_first("\n\t\tSELECT user.*,usertextfield.signature,avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar,\n\t\t\tcustomavatar.width AS avatarwidth, customavatar.height AS avatarheight, customprofilepic.height AS profilepicheight,\n\t\t\tcustomprofilepic.width AS profilepicwidth,\n\t\t\tcustomavatar.dateline AS avatardateline, customprofilepic.userid AS profilepic, customprofilepic.dateline AS profilepicdateline\n\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\tLEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON avatar.avatarid = user.avatarid\n\t\tLEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON customavatar.userid = user.userid\n\t\tLEFT JOIN " . TABLE_PREFIX . "customprofilepic AS customprofilepic ON customprofilepic.userid = user.userid\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tWHERE user.userid = " . $vbulletin->GPC['userid'] . "\n\t");
$getoptions = convert_bits_to_array($user['options'], $vbulletin->bf_misc_useroptions);
$user = array_merge($user, $getoptions);
// get threaded mode options
if ($user['threadedmode'] == 1 or $user['threadedmode'] == 2) {
$threaddisplaymode = $user['threadedmode'];
} else {
if ($user['postorder'] == 0) {
$threaddisplaymode = 0;
} else {
$threaddisplaymode = 3;
}
}
$userfield = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "userfield WHERE userid=" . $vbulletin->GPC['userid']);
// make array for daysprune menu
$pruneoptions = array('-1' => '- ' . $vbphrase['use_forum_default'] . ' -', '1' => $vbphrase['show_threads_from_last_day'], '2' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 2), '7' => $vbphrase['show_threads_from_last_week'], '10' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 10), '14' => construct_phrase($vbphrase['show_threads_from_last_x_weeks'], 2), '30' => $vbphrase['show_threads_from_last_month'], '45' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 45), '60' => construct_phrase($vbphrase['show_threads_from_last_x_months'], 2), '75' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 75), '100' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 100), '365' => $vbphrase['show_threads_from_last_year'], '1000' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 1000));
if ($pruneoptions["{$user['daysprune']}"] == '') {
print_stop_message('deleted_user_successfully');
}
}
// ###################### Start edit #######################
if ($_REQUEST['do'] == 'edit' or $_REQUEST['do'] == 'add') {
$OUTERTABLEWIDTH = '95%';
$INNERTABLEWIDTH = '100%';
require_once DIR . '/includes/functions_misc.php';
$vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT));
if ($vbulletin->GPC['userid']) {
$user = $db->query_first("\n\t\t\tSELECT user.*, avatar.avatarpath, customavatar.dateline AS avatardateline, customavatar.width AS avatarwidth, customavatar.height AS avatarheight,\n\t\t\tNOT ISNULL(customavatar.userid) AS hascustomavatar, usertextfield.signature,\n\t\t\tcustomprofilepic.width AS profilepicwidth, customprofilepic.height AS profilepicheight,\n\t\t\tcustomprofilepic.dateline AS profilepicdateline, usergroup.adminpermissions,\n\t\t\tNOT ISNULL(customprofilepic.userid) AS hasprofilepic,\n\t\t\tNOT ISNULL(sigpic.userid) AS hassigpic,\n\t\t\tsigpic.width AS sigpicwidth, sigpic.height AS sigpicheight,\n\t\t\tsigpic.userid AS profilepic, sigpic.dateline AS sigpicdateline,\n\t\t\tusercsscache.cachedcss\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "customprofilepic AS customprofilepic ON(customprofilepic.userid = user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON(usergroup.usergroupid = user.usergroupid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usercsscache AS usercsscache ON (user.userid = usercsscache.userid)\n\t\t\tWHERE user.userid = " . $vbulletin->GPC['userid']);
if (!$user) {
print_stop_message('invalid_user_specified');
}
$user = array_merge($user, convert_bits_to_array($user['options'], $vbulletin->bf_misc_useroptions));
$user = array_merge($user, convert_bits_to_array($user['adminoptions'], $vbulletin->bf_misc_adminoptions));
if ($user['coppauser'] == 1) {
echo "<p align=\"center\"><b>{$vbphrase['this_is_a_coppa_user_do_not_change_to_registered']}</b></p>\n";
}
if ($user['usergroupid'] == 3) {
print_form_header('../register', 'emailcode', 0, 0);
construct_hidden_code('email', $user['email']);
print_submit_row($vbphrase['email_activation_codes'], 0);
}
// make array for quick links menu
$quicklinks = array("user.php?" . $vbulletin->session->vars['sessionurl'] . "do=editaccess&u=" . $vbulletin->GPC['userid'] => $vbphrase['edit_forum_permissions_access_masks'], "resources.php?" . $vbulletin->session->vars['sessionurl'] . "do=viewuser&u=" . $vbulletin->GPC['userid'] => $vbphrase['view_forum_permissions'], "mailto:{$user['email']}" => $vbphrase['send_email_to_user']);
if ($user['usergroupid'] == 3) {
$quicklinks["../register.php?" . $vbulletin->session->vars['sessionurl'] . "do=requestemail&email=" . urlencode(unhtmlspecialchars($user['email'])) . '&url=' . urlencode($vbulletin->options['bburl'] . '/' . $vbulletin->config['Misc']['admincpdir'] . '/user.php?do=edit&u=' . $vbulletin->GPC['userid'])] = $vbphrase['email_activation_codes'];
}
require_once DIR . '/includes/class_paid_subscription.php';
$subobj = new vB_PaidSubscription($vbulletin);
/**
* Processes miscellaneous post items at the beginning of the construction process.
*/
function prep_post_start()
{
$this->post = array_merge($this->post, convert_bits_to_array($this->post['options'], $this->registry->bf_misc_useroptions));
$this->post = array_merge($this->post, convert_bits_to_array($this->post['adminoptions'], $this->registry->bf_misc_adminoptions));
// do word wrap
if ($this->registry->options['wordwrap'])
{
$this->post['title'] = fetch_word_wrapped_string($this->post['title']);
}
$this->post['title'] = fetch_censored_text($this->post['title']);
// init imod checkbox value
$this->post['checkbox_value'] = 0;
}
if ($eventinfo = $db->query_first_slave("\n\t\tSELECT *\n\t\tFROM " . TABLE_PREFIX . "holiday AS holiday\n\t\tWHERE holidayid = " . $vbulletin->GPC['holidayid'])) {
$eventinfo['visible'] = 1;
$eventinfo['holiday'] = 1;
$eventinfo['title'] = $vbphrase['holiday' . $eventinfo['holidayid'] . '_title'];
$eventinfo['event'] = $vbphrase['holiday' . $eventinfo['holidayid'] . '_desc'];
} else {
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
}
}
if ($eventinfo['eventid'] and $eventinfo['userid'] != $vbulletin->userinfo['userid'] and !($vbulletin->userinfo['calendarpermissions']["{$eventinfo['calendarid']}"] & $vbulletin->bf_ugp_calendarpermissions['canviewothersevent'])) {
print_no_permission();
}
$calendarinfo = verify_id('calendar', $vbulletin->GPC['calendarid'], 1, 1);
$getoptions = convert_bits_to_array($calendarinfo['options'], $_CALENDAROPTIONS);
$calendarinfo = array_merge($calendarinfo, $getoptions);
$geteaster = convert_bits_to_array($calendarinfo['holidays'], $_CALENDARHOLIDAYS);
$calendarinfo = array_merge($calendarinfo, $geteaster);
$calendarid =& $calendarinfo['calendarid'];
$calview = htmlspecialchars_uni(fetch_bbarray_cookie('calendar', 'calview' . $calendarinfo['calendarid']));
$calmonth = intval(fetch_bbarray_cookie('calendar', 'calmonth'));
$calyear = intval(fetch_bbarray_cookie('calendar', 'calyear'));
if (empty($_REQUEST['do'])) {
$defaultview = !empty($calendarinfo['weekly']) ? 'displayweek' : (!empty($calendarinfo['yearly']) ? 'displayyear' : 'displaymonth');
$_REQUEST['do'] = !empty($calview) ? $calview : $defaultview;
}
if ($vbulletin->GPC['sb']) {
// Allow showbirthdays to be turned on if they are off -- mainly for the birthday link from the front page
$calendarinfo['showbirthdays'] = true;
}
// chande the start of week for invalid values or guests (which are currently forced to 1, Sunday)
if ($vbulletin->userinfo['startofweek'] > 7 or $vbulletin->userinfo['startofweek'] < 1 or $vbulletin->userinfo['userid'] == 0) {
print_form_header('calendarpermission', 'doupdate');
if ($vbulletin->GPC['calendarpermissionid']) {
$getperms = $db->query_first("\n\t\t\tSELECT calendarpermission.*, usergroup.title AS grouptitle, calendar.title AS calendartitle\n\t\t\tFROM " . TABLE_PREFIX . "calendarpermission AS calendarpermission\n\t\t\tINNER JOIN " . TABLE_PREFIX . "calendar AS calendar ON (calendar.calendarid = calendarpermission.calendarid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = calendarpermission.usergroupid)\n\t\t\tWHERE calendarpermissionid = " . $vbulletin->GPC['calendarpermissionid']);
$usergroup['title'] = $getperms['grouptitle'];
$calendar['title'] = $getperms['calendartitle'];
construct_hidden_code('calendarpermissionid', $vbulletin->GPC['calendarpermissionid']);
construct_hidden_code('calendarid', $getperms['calendarid']);
} else {
$calendar = $db->query_first("SELECT title FROM " . TABLE_PREFIX . "calendar WHERE calendarid = " . $vbulletin->GPC['calendarid']);
$usergroup = $db->query_first("SELECT title FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . $vbulletin->GPC['usergroupid']);
$permsgetter_ = 'usergroup permissions';
$getperms = $db->query_first("\n\t\t\tSELECT usergroup.title as grouptitle, calendarpermissions\n\t\t\tFROM " . TABLE_PREFIX . "usergroup AS usergroup\n\t\t\tWHERE usergroupid = " . $vbulletin->GPC['usergroupid']);
construct_hidden_code('calendarpermission[usergroupid]', $vbulletin->GPC['usergroupid']);
construct_hidden_code('calendarid', $vbulletin->GPC['calendarid']);
}
$calendarpermission = convert_bits_to_array($getperms['calendarpermissions'], $vbulletin->bf_ugp_calendarpermissions);
print_table_header(construct_phrase($vbphrase['edit_calendar_permissions_for_usergroup_x_in_calendar_y'], $usergroup['title'], $calendar['title']));
print_description_row('
<label for="uug_1"><input type="radio" name="useusergroup" value="1" id="uug_1" tabindex="1" onclick="this.form.reset(); this.checked=true;"' . iif(!$vbulletin->GPC['calendarpermissionid'], ' checked="checked"', '') . ' />' . $vbphrase['use_default_permissions'] . '</label>
<br />
<label for="uug_0"><input type="radio" name="useusergroup" value="0" id="uug_0" tabindex="1"' . iif($vbulletin->GPC['calendarpermissionid'], ' checked="checked"', '') . ' />' . $vbphrase['use_custom_permissions'] . '</label>
', 0, 2, 'tfoot', '', 'mode');
print_table_break();
print_label_row('<b>' . $vbphrase['custom_calendar_permissions'] . '</b>', '
<input type="button" value="' . $vbphrase['all_yes'] . '" onclick="if (js_set_custom()) { js_check_all_option(this.form, 1); }" class="button" />
<input type="button" value=" ' . $vbphrase['all_no'] . ' " onclick="if (js_set_custom()) { js_check_all_option(this.form, 0); }" class="button" />
', 'tcat', 'middle');
// Load permissions
require_once DIR . '/includes/class_bitfield_builder.php';
$groupinfo = vB_Bitfield_Builder::fetch_permission_group('calendarpermissions');
foreach ($groupinfo as $grouptitle => $group) {
($hook = vBulletinHook::fetch_hook('admin_permissions_process')) ? eval($hook) : false;
$admindm->set('cssprefs', $vbulletin->GPC['cssprefs']);
$admindm->set('dismissednews', $vbulletin->GPC['dismissednews']);
$admindm->save();
define('CP_REDIRECT', "adminpermissions.php?" . $vbulletin->session->vars['sessionurl'] . "#user{$user['userid']}");
print_stop_message('saved_administrator_permissions_successfully');
}
// #############################################################################
if ($_REQUEST['do'] == 'edit') {
echo "<p align=\"center\">{$vbphrase['give_admin_access_arbitrary_html']}</p>";
print_form_header('adminpermissions', 'update');
construct_hidden_code('userid', $vbulletin->GPC['userid']);
construct_hidden_code('oldpermissions', $user['adminpermissions']);
print_table_header(construct_phrase($vbphrase['x_y_id_z'], $vbphrase['administrator_permissions'], $user['username'], $user['userid']));
print_label_row("{$vbphrase['administrator']}: <a href=\"user.php?" . $vbulletin->session->vars['sessionurl'] . "do=edit&u=" . $vbulletin->GPC['userid'] . "\">{$user['username']}</a>", '<div align="' . $stylevar['right'] . '"><input type="button" class="button" value=" ' . $vbphrase['all_yes'] . ' " onclick="js_check_all_option(this.form, 1);" /> <input type="button" class="button" value=" ' . $vbphrase['all_no'] . ' " onclick="js_check_all_option(this.form, 0);" /></div>', 'thead');
foreach (convert_bits_to_array($user['adminpermissions'], $ADMINPERMISSIONS) as $field => $value) {
print_yes_no_row($permsphrase["{$field}"] == '' ? $vbphrase['n_a'] : $permsphrase["{$field}"], "adminpermissions[{$field}]", $value);
}
($hook = vBulletinHook::fetch_hook('admin_permissions_form')) ? eval($hook) : false;
print_select_row($vbphrase['control_panel_style_choice'], 'cssprefs', array_merge(array('' => "({$vbphrase['default']})"), fetch_cpcss_options()), $user['cssprefs']);
print_input_row($vbphrase['dismissed_news_item_ids'], 'dismissednews', $user['dismissednews']);
print_submit_row();
}
// #############################################################################
if ($_REQUEST['do'] == 'modify') {
print_form_header('adminpermissions', 'edit');
print_table_header($vbphrase['administrator_permissions'], 3);
$users = $db->query_read("\n\t\tSELECT user.username, usergroupid, membergroupids, infractiongroupids, administrator.*\n\t\tFROM " . TABLE_PREFIX . "administrator AS administrator\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING(userid)\n\t\tORDER BY user.username\n\t");
while ($user = $db->fetch_array($users)) {
$perms = fetch_permissions(0, $user['userid'], $user);
if ($perms['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) {
?>
<table cellpadding="0" cellspacing="0" border="0" width="<?php
echo $OUTERTABLEWIDTH;
?>
" align="center"><tr valign="top"><td>
<table cellpadding="4" cellspacing="0" border="0" align="center" width="100%" class="tborder">
<?php
if ($_REQUEST['do'] == 'add') {
print_table_header($vbphrase['add_new_subscription']);
$sub['active'] = true;
$sub['displayorder'] = 1;
} else {
$sub = $db->query_first("\n\t\t\tSELECT * FROM " . TABLE_PREFIX . "subscription\n\t\t\tWHERE subscriptionid = " . $vbulletin->GPC['subscriptionid'] . "\n\t\t");
$sub['cost'] = unserialize($sub['cost']);
$sub = array_merge($sub, convert_bits_to_array($sub['options'], $subobj->_SUBSCRIPTIONOPTIONS));
$sub = array_merge($sub, convert_bits_to_array($sub['adminoptions'], $vbulletin->bf_misc_adminoptions));
$title = 'sub' . $sub['subscriptionid'] . '_title';
$desc = 'sub' . $sub['subscriptionid'] . '_desc';
$phrases = $db->query_read("\n\t\t\tSELECT varname, text\n\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\tWHERE languageid = 0 AND\n\t\t\t\t\tfieldname = 'subscription' AND\n\t\t\t\t\tvarname IN ('{$title}', '{$desc}')\n\t\t");
while ($phrase = $db->fetch_array($phrases)) {
if ($phrase['varname'] == $title) {
$sub['title'] = $phrase['text'];
$sub['titlevarname'] = 'sub' . $sub['subscriptionid'] . '_title';
} else {
if ($phrase['varname'] == $desc) {
$sub['description'] = $phrase['text'];
$sub['descvarname'] = 'sub' . $sub['subscriptionid'] . '_desc';
}
}
}
print_table_header(construct_phrase($vbphrase['x_y_id_z'], $vbphrase['subscription'], htmlspecialchars_uni($sub['title']), $sub['subscriptionid']));
$vbulletin->input->clean_array_gpc('f', array('userfile' => TYPE_FILE));
($hook = vBulletinHook::fetch_hook('photoplog_edit_doedit_start')) ? eval($hook) : false;
$photoplog_file_id = $vbulletin->GPC['fileid'];
$photoplog_file_catid = $vbulletin->GPC['catid'];
$photoplog_file_catid_default = -101;
$photoplog_file_title = $vbulletin->GPC['title'];
$photoplog_file_description = $vbulletin->GPC['message'];
$photoplog_customfield = $vbulletin->GPC['customfield'];
$photoplog_wysiwyg = $vbulletin->GPC['wysiwyg'];
$photoplog_userfile = $vbulletin->GPC['userfile'];
$photoplog_userlink = $vbulletin->GPC['userlink'];
$photoplog_fielddata = '';
$do_html = false;
if (in_array($photoplog_file_catid, array_keys($photoplog_ds_catopts))) {
$photoplog_categorybit = $photoplog_ds_catopts[$photoplog_file_catid]['options'];
$photoplog_catoptions = convert_bits_to_array($photoplog_categorybit, $photoplog_categoryoptions);
$do_html = $photoplog_catoptions['allowhtml'] ? true : false;
} else {
photoplog_output_page('photoplog_error_page', $vbphrase['photoplog_error'], $vbphrase['photoplog_no'] . ' ' . $vbphrase['photoplog_category']);
}
if ($photoplog_catoptions['actasdivider']) {
$photoplog_file_catid = -999;
}
if ($photoplog_file_catid < 0) {
photoplog_output_page('photoplog_error_page', $vbphrase['photoplog_error'], $vbphrase['photoplog_no'] . ' ' . $vbphrase['photoplog_category']);
}
if ($photoplog_wysiwyg) {
require_once DIR . '/includes/functions_wysiwyg.php';
$photoplog_file_description = str_replace($vbulletin->options['bburl'] . "/images/smilies/", "images/smilies/", $photoplog_file_description);
$photoplog_file_description = convert_wysiwyg_html_to_bbcode($photoplog_file_description, $do_html);
}
// ########################################################################
$vbulletin->input->clean_gpc('r', 'announcementid', TYPE_UINT);
($hook = vBulletinHook::fetch_hook('announcement_start')) ? eval($hook) : false;
// #############################################################################
// verify announcement id if specified
if ($vbulletin->GPC['announcementid'])
{
$announcementinfo = verify_id('announcement', $vbulletin->GPC['announcementid'], 1, 1);
if ($announcementinfo['forumid'] != -1 AND $_POST['do'] != 'update')
{
$vbulletin->GPC['forumid'] = $announcementinfo['forumid'];
}
$announcementinfo = array_merge($announcementinfo , convert_bits_to_array($announcementinfo['announcementoptions'], $vbulletin->bf_misc_announcementoptions));
// verify that the visiting user has permission to view this announcement
if (($announcementinfo['startdate'] > TIMENOW OR $announcementinfo['enddate'] < TIMENOW) AND !can_moderate($vbulletin->GPC['forumid'], 'canannounce'))
{
// announcement date is out of range and user is not a moderator
print_no_permission();
}
}
// #############################################################################
// delete an announcement
if ($_POST['do'] == 'delete')
{
if ($vbulletin->input->clean_gpc('p', 'delete', TYPE_STR) == 'delete' AND can_moderate($announcementinfo['forumid'], 'canannounce'))
{
$remove['buddy'] = array_merge($remove['buddy'], array_diff($clean_lists['buddy_original'], is_array($clean_lists['buddy']) ? $clean_lists['buddy'] : array()));
}
break;
default:
($hook = vBulletinHook::fetch_hook('profile_updatelist_listtype')) ? eval($hook) : false;
break;
}
}
if (!empty($vbulletin->GPC['username'])) {
// friend request
if ($vbulletin->GPC['ajax']) {
$vbulletin->GPC['username'] = convert_urlencoded_unicode($vbulletin->GPC['username']);
}
if ($userinfo = $db->query_first("\n\t\t\t\tSELECT user.userid, userlist.friend, user.options, user.username, user.membergroupids, user.usergroupid, user.email, user.languageid\n\t\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON (userlist.relationid = user.userid AND userlist.userid = " . $vbulletin->userinfo['userid'] . " AND type = 'buddy')\n\t\t\t\tWHERE username = '******'username'])) . "'\n\t\t\t") and (!$vbulletin->GPC_exists['makefriends'] or $userinfo['userid'] != $vbulletin->userinfo['userid'])) {
// user exists and its either not making friends or the user id is different
$userinfo = array_merge($userinfo, convert_bits_to_array($userinfo['options'], $vbulletin->bf_misc_useroptions));
$cansendemail = (($userinfo['adminemail'] or $userinfo['showemail']) and $vbulletin->options['enableemail'] and $vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canemailmember']);
cache_permissions($userinfo);
if ($vbulletin->GPC_exists['makefriends'] and $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends'] and $vbulletin->userinfo['permissions']['genericpermissions2'] & $vbulletin->bf_ugp_genericpermissions2['canusefriends'] and $userinfo['permissions']['genericpermissions2'] & $vbulletin->bf_ugp_genericpermissions2['canusefriends']) {
// Only add the request if its not there
if (empty($userinfo['friend']) or $userinfo['friend'] == 'no') {
$add['friend']["{$userinfo['userid']}"] = $userinfo;
$show['pending'] = true;
}
} else {
// regular buddy
if (empty($userinfo['friend'])) {
// we're not already a buddy so re-add it
$add['buddy']["{$userinfo['userid']}"] = $userinfo;
}
}
define('CP_REDIRECT', 'admincalendar.php');
print_stop_message('deleted_calendar_successfully');
}
// ##################### Start Add/Edit Moderator ##########
if ($_REQUEST['do'] == 'addmod' or $_REQUEST['do'] == 'editmod') {
$vbulletin->input->clean_array_gpc('r', array('moderatorid' => TYPE_INT, 'calendarid' => TYPE_INT));
if (empty($vbulletin->GPC['moderatorid'])) {
// add moderator - set default values
$calendarinfo = $db->query_first("SELECT calendarid, title AS calendartitle FROM " . TABLE_PREFIX . "calendar WHERE calendarid = " . $vbulletin->GPC['calendarid']);
$moderator = array('caneditevents' => 1, 'candeleteevents' => 1, 'canmoderateevents' => 1, 'canviewips' => 1, 'canmoveevents' => 1, 'calendarid' => $calendarinfo['calendarid'], 'calendartitle' => $calendarinfo['calendartitle']);
print_form_header('admincalendar', 'updatemod');
print_table_header(construct_phrase($vbphrase['add_new_moderator_to_calendar_x'], $calendarinfo['calendartitle']));
} else {
// edit moderator - query moderator
$moderator = $db->query_first("\n\t\t\tSELECT calendarmoderatorid, calendarmoderator.userid, calendarmoderator.calendarid, permissions, user.username, title AS calendartitle\n\t\t\tFROM " . TABLE_PREFIX . "calendarmoderator AS calendarmoderator\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = calendarmoderator.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "calendar AS calendar ON (calendar.calendarid = calendarmoderator.calendarid)\n\t\t\tWHERE calendarmoderatorid = " . $vbulletin->GPC['moderatorid']);
$perms = convert_bits_to_array($moderator['permissions'], $vbulletin->bf_misc_calmoderatorpermissions, 1);
$moderator = array_merge($perms, $moderator);
// delete link
print_form_header('admincalendar', 'removemod');
construct_hidden_code('moderatorid', $vbulletin->GPC['moderatorid']);
print_table_header($vbphrase['if_you_would_like_to_remove_this_moderator'] . ' <input type="submit" class="button" value="' . $vbphrase['delete_moderator'] . '" style="font:bold 11px tahoma" />');
print_table_footer();
print_form_header('admincalendar', 'updatemod');
construct_hidden_code('moderatorid', $vbulletin->GPC['moderatorid']);
print_table_header(construct_phrase($vbphrase['edit_moderator_x_for_calendar_y'], $moderator['username'], $moderator['calendartitle']));
}
print_calendar_chooser($vbphrase['calendar'], 'moderator[calendarid]', $moderator['calendarid'], '');
if (empty($vbulletin->GPC['moderatorid'])) {
print_input_row($vbphrase['moderator_username'], 'modusername', $moderator['username']);
} else {
print_label_row($vbphrase['moderator_username'], '<b>' . $moderator['username'] . '</b>');
