/** * Load object from an id * * @param int $id * @return vB_Legacy_Calendar */ public static function create_from_id($id) { global $_CALENDAROPTIONS, $_CALENDARHOLIDAYS; $calendarinfo = verify_id('calendar', intval($id), false, true); $getoptions = convert_bits_to_array($calendarinfo['options'], $_CALENDAROPTIONS); $calendarinfo = array_merge($calendarinfo, $getoptions); $geteaster = convert_bits_to_array($calendarinfo['holidays'], $_CALENDARHOLIDAYS); $calendarinfo = array_merge($calendarinfo, $geteaster); if ($calendarinfo) { return self::create_from_record($calendarinfo); } else { return null; } }
function process_showgroups_userinfo($user) { global $vbulletin, $permissions, $stylevar, $show; $user = array_merge($user, convert_bits_to_array($user['options'], $vbulletin->bf_misc_useroptions)); $user = array_merge($user, convert_bits_to_array($user['adminoptions'], $vbulletin->bf_misc_adminoptions)); cache_permissions($user, false); fetch_online_status($user, true); if (!$user['invisible'] or $permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehidden']) { $user['lastonline'] = vbdate($vbulletin->options['dateformat'], $user['lastactivity'], 1); } else { $user['lastonline'] = ' '; } fetch_musername($user); return $user; }
$sql = fetch_vm_ajax_query($userinfo, $vbulletin->GPC['vmid'], 'edit'); } else if ($vbulletin->GPC['fromconverse']) { $sql = fetch_vm_ajax_query($userinfo, $vmid, 'wall', $userinfo2); } else { $sql = fetch_vm_ajax_query($userinfo, $vmid, 'user'); } $messages = $db->query_read_slave($sql); while ($message = $db->fetch_array($messages)) { // Process user.options $message = array_merge($message, convert_bits_to_array($message['options'], $vbulletin->bf_misc_useroptions)); if ($message['profileuserid'] == $vbulletin->userinfo['userid'] AND $message['state'] == 'visible' AND !$message['messageread']) { $read_ids[] = $message['vmid']; } $response_handler =& $factory->create($message); $response_handler->cachable = false; if ($vbulletin->GPC['fromconverse']) { $response_handler->converse = false; } else { $response_handler->converse = true;
$moderator = array(); foreach ($myobj->data['misc']['moderatorpermissions'] as $permission => $option) { $moderator["{$permission}"] = $option['default'] ? 1 : 0; } foreach ($myobj->data['misc']['moderatorpermissions2'] as $permission => $option) { $moderator["{$permission}"] = $option['default'] ? 1 : 0; } $moderator['forumid'] = $foruminfo['forumid']; $moderator['forumtitle'] = $foruminfo['forumtitle']; print_form_header('moderator', 'update'); print_table_header(construct_phrase($vbphrase['add_new_moderator_to_forum_x'], $foruminfo['forumtitle'])); } else { // edit moderator - query moderator $moderator = $db->query_first("\n\t\t\tSELECT moderator.moderatorid, moderator.userid,\n\t\t\tmoderator.forumid, moderator.permissions, moderator.permissions2, user.username, forum.title AS forumtitle, user.username\n\t\t\tFROM " . TABLE_PREFIX . "moderator AS moderator\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = moderator.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "forum AS forum ON (forum.forumid = moderator.forumid)\n\t\t\tWHERE moderatorid = " . $vbulletin->GPC['moderatorid'] . "\n\t\t"); $perms = convert_bits_to_array($moderator['permissions'], $vbulletin->bf_misc_moderatorpermissions); $perms2 = convert_bits_to_array($moderator['permissions2'], $vbulletin->bf_misc_moderatorpermissions2); $moderator = array_merge($perms, $perms2, $moderator); log_admin_action('username = '******'username'] . ', userid = ' . $moderator['userid']); // delete link print_form_header('moderator', 'remove'); construct_hidden_code('moderatorid', $vbulletin->GPC['moderatorid']); print_table_header($vbphrase['if_you_would_like_to_remove_this_moderator'] . ' <input type="submit" class="button" value="' . $vbphrase['remove'] . '" tabindex="1" />'); print_table_footer(); print_form_header('moderator', 'update'); construct_hidden_code('moderatorid', $vbulletin->GPC['moderatorid']); print_table_header(construct_phrase($vbphrase['edit_moderator_x_for_forum_y'], $moderator['username'], $moderator['forumtitle'])); } } if ($_REQUEST['do'] != 'editglobal') { print_forum_chooser($vbphrase['forum_and_children'], 'forumid', $moderator['forumid']); if ($_REQUEST['do'] == 'add') {
if ($limitlower <= 0) { $limitlower = 1; } $getevents = $db->query_read_slave("\n\t\tSELECT event.*, IF(dateline_to = 0, 1, 0) AS singleday, user.username, user.options, user.adminoptions, user.usergroupid, user.membergroupids, user.infractiongroupids, IF(options & " . $vbulletin->bf_misc_useroptions['hasaccessmask'] . ", 1, 0) AS hasaccessmask,\n\t\t\tsubscribeevent.reminder, subscribeevent.subscribeeventid\n\t\t\t" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight, customavatar.width_thumb AS avwidth_thumb, customavatar.height_thumb AS avheight_thumb, filedata_thumb, NOT ISNULL(customavatar.userid) AS hascustom" : "") . "\n\t\tFROM " . TABLE_PREFIX . "subscribeevent AS subscribeevent\n\t\tLEFT JOIN " . TABLE_PREFIX . "event AS event ON (subscribeevent.eventid = event.eventid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (event.userid = user.userid)\n\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\tWHERE\n\t\t\tsubscribeevent.userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\tAND\n\t\t\tevent.visible = 1\n\t\tORDER BY\n\t\t\t{$sqlsortfield} {$sortorder}\n\t\tLIMIT " . ($limitlower - 1) . ", {$perpage}\n\t"); $itemcount = ($pagenumber - 1) * $perpage; $first = $itemcount + 1; if ($db->num_rows($getevents)) { $show['haveevents'] = true; while ($event = $db->fetch_array($getevents)) { if (empty($reminders["{$event['reminder']}"])) { $event['reminder'] = 3600; } $event['reminder'] = $vbphrase[$reminders[$event['reminder']]]; $offset = $event['dst'] ? $vbulletin->userinfo['timezoneoffset'] : $vbulletin->userinfo['tzoffset']; $event = array_merge($event, convert_bits_to_array($event['options'], $vbulletin->bf_misc_useroptions)); $event = array_merge($event, convert_bits_to_array($event['adminoptions'], $vbulletin->bf_misc_adminoptions)); cache_permissions($event, false); fetch_avatar_from_userinfo($event, true); $event['dateline_from_user'] = $event['dateline_from'] + $offset * 3600; $event['dateline_to_user'] = $event['dateline_to'] + $offset * 3600; $event['preview'] = htmlspecialchars_uni(strip_bbcode(fetch_trimmed_title(strip_quotes($event['event']), 300), false, true)); $event = fetch_event_date_time($event); $event['calendar'] = $calendarcache["{$event['calendarid']}"]; $show['singleday'] = !empty($event['singleday']) ? true : false; ($hook = vBulletinHook::fetch_hook('calendar_viewreminder_event')) ? eval($hook) : false; $oppositesort = $sortorder == 'asc' ? 'desc' : 'asc'; $templater = vB_Template::create('calendar_reminder_eventbit'); $templater->register('date1', $date1); $templater->register('date2', $date2); $templater->register('daterange', $daterange); $templater->register('event', $event);
} $query = fetch_query_sql($langupdate, 'language', "WHERE languageid = " . $vbulletin->GPC['dolanguageid']); $db->query_write($query); if ($vbulletin->GPC['isdefault'] and $vbulletin->GPC['dolanguageid'] != $vbulletin->options['languageid']) { $do = 'setdefault'; } else { $do = 'modify'; } build_language_datastore(); define('CP_REDIRECT', 'language.php?dolanguageid=' . $vbulletin->GPC['dolanguageid'] . '&do=' . $do); print_stop_message('saved_language_x_successfully', $newlang['title']); } // ########################################################################## if ($_REQUEST['do'] == 'edit_settings') { $language = fetch_languages_array($vbulletin->GPC['dolanguageid']); $getoptions = convert_bits_to_array($language['options'], $vbulletin->bf_misc_languageoptions); $language = array_merge($language, $getoptions); print_form_header('language', 'update_settings'); construct_hidden_code('dolanguageid', $vbulletin->GPC['dolanguageid']); print_table_header(construct_phrase($vbphrase['x_y_id_z'], $vbphrase['language'], $language['title'], $language['languageid'])); print_description_row($vbphrase['general_settings'], 0, 2, 'thead'); print_input_row($vbphrase['title'], 'title', $language['title'], 0); print_yes_no_row($vbphrase['allow_user_selection'], 'userselect', $language['userselect']); print_yes_no_row($vbphrase['is_default_language'], 'isdefault', iif($vbulletin->GPC['dolanguageid'] == $vbulletin->options['languageid'], 1, 0)); print_yes_no_row($vbphrase['enable_directional_markup_fix'], 'options[dirmark]', $language['dirmark']); print_label_row($vbphrase['text_direction'], '<label for="rb_l2r"><input type="radio" name="options[direction]" id="rb_l2r" value="1" tabindex="1"' . iif($language['direction'], ' checked="checked"') . " />{$vbphrase['left_to_right']}</label><br />" . ' <label for="rb_r2l"><input type="radio" name="options[direction]" id="rb_r2l" value="0" tabindex="1"' . iif(!$language['direction'], ' checked="checked"') . " />{$vbphrase['right_to_left']}</label>", '', 'top', 'direction'); print_input_row($vbphrase['language_code'], 'languagecode', $language['languagecode']); print_input_row($vbphrase['html_charset'] . "<code><meta http-equiv="Content-Type" content="text/html; charset=<b>{$language['charset']}</b>" /></code>", 'charset', $language['charset']); print_input_row($vbphrase['image_folder_override'], 'imagesoverride', $language['imagesoverride']); print_description_row($vbphrase['date_time_formatting'], 0, 2, 'thead');
photoplog_output_page('photoplog_error_page', $vbphrase['photoplog_error'], $vbphrase['photoplog_bad_inline']); } $photoplog_comment_infos = $db->query_read_slave("SELECT commentid, catid, fileid, userid\r\n\t\tFROM " . PHOTOPLOG_PREFIX . "photoplog_ratecomment\r\n\t\tWHERE commentid IN (" . implode(',', $photoplog_comment_ids) . ")\r\n\t\t{$photoplog_catid_sql2}\r\n\t\t{$photoplog_admin_sql2}\r\n\t\tAND comment != ''\r\n\t"); $photoplog_inline_perm = array(); while ($photoplog_comment_info = $db->fetch_array($photoplog_comment_infos)) { $photoplog_inline_commentid = $photoplog_comment_info['commentid']; $photoplog_inline_catid = $photoplog_comment_info['catid']; $photoplog_inline_perm[$photoplog_inline_commentid]['caneditowncomments'] = 0; $photoplog_inline_perm[$photoplog_inline_commentid]['candeleteowncomments'] = 0; $photoplog_inline_perm[$photoplog_inline_commentid]['caneditothercomments'] = 0; $photoplog_inline_perm[$photoplog_inline_commentid]['candeleteothercomments'] = 0; $photoplog_inline_perm[$photoplog_inline_commentid]['catid'] = 0; $photoplog_inline_perm[$photoplog_inline_commentid]['fileid'] = 0; $photoplog_inline_perm[$photoplog_inline_commentid]['userid'] = 0; if (isset($photoplog_inline_bits[$photoplog_inline_catid])) { $photoplog_inline_perm[$photoplog_inline_commentid] = convert_bits_to_array($photoplog_inline_bits[$photoplog_inline_catid], $photoplog_categoryoptpermissions); $photoplog_inline_perm[$photoplog_inline_commentid]['catid'] = $photoplog_inline_catid; $photoplog_inline_perm[$photoplog_inline_commentid]['fileid'] = $photoplog_comment_info['fileid']; $photoplog_inline_perm[$photoplog_inline_commentid]['userid'] = $photoplog_comment_info['userid']; } } $db->free_result($photoplog_comment_infos); if (empty($photoplog_inline_perm)) { photoplog_index_bounce(); } $photoplog_comment_sql = array(); $photoplog_cat_ids = array(); $photoplog_file_ids = array(); $photoplog_user_ids = array(); foreach ($photoplog_inline_perm as $photoplog_inline_perm_commentid => $photoplog_inline_perm_array) { if ($_REQUEST['do'] == 'edit' && $photoplog_file_id != $photoplog_inline_perm_array['fileid']) {
$usergroup = array('pmquota' => 0, 'pmsendmax' => 5, 'attachlimit' => 1000000, 'avatarmaxwidth' => 50, 'avatarmaxheight' => 50, 'avatarmaxsize' => 20000, 'profilepicmaxwidth' => 100, 'profilepicmaxheight' => 100, 'profilepicmaxsize' => 25000, 'sigmaxsizebbcode' => 7); } $permgroups = $db->query_read("\n\t\t\tSELECT usergroup.usergroupid, title,\n\t\t\t\t(COUNT(forumpermission.forumpermissionid) + COUNT(calendarpermission.calendarpermissionid)) AS permcount\n\t\t\tFROM " . TABLE_PREFIX . "usergroup AS usergroup\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermission AS forumpermission ON (usergroup.usergroupid = forumpermission.usergroupid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "calendarpermission AS calendarpermission ON (usergroup.usergroupid = calendarpermission.usergroupid)\n\t\t\tGROUP BY usergroup.usergroupid\n\t\t\tHAVING permcount > 0\n\t\t\tORDER BY title\n\t\t"); $ugarr = array('-1' => '--- ' . $vbphrase['none'] . ' ---'); while ($group = $db->fetch_array($permgroups)) { $ugarr["{$group['usergroupid']}"] = $group['title']; } print_table_header($vbphrase['default_forum_permissions']); print_select_row($vbphrase['create_permissions_based_off_of_forum'], 'ugid_base', $ugarr, $vbulletin->GPC['defaultgroupid']); print_table_break(); print_table_header($vbphrase['add_new_usergroup']); } else { $usergroup = $db->query_first("\n\t\t\tSELECT * FROM " . TABLE_PREFIX . "usergroup\n\t\t\tWHERE usergroupid = " . $vbulletin->GPC['usergroupid'] . "\n\t\t"); $ug_bitfield = array(); foreach ($vbulletin->bf_ugp as $permissiongroup => $fields) { $ug_bitfield["{$permissiongroup}"] = convert_bits_to_array($usergroup["{$permissiongroup}"], $fields); } construct_hidden_code('usergroupid', $vbulletin->GPC['usergroupid']); print_table_header(construct_phrase($vbphrase['x_y_id_z'], $vbphrase['usergroup'], $usergroup[title], $usergroup[usergroupid]), 2, 0); } print_input_row($vbphrase['title'], 'usergroup[title]', $usergroup['title']); print_input_row($vbphrase['description'], 'usergroup[description]', $usergroup['description']); print_input_row($vbphrase['usergroup_user_title'], 'usergroup[usertitle]', $usergroup['usertitle']); print_label_row($vbphrase['username_markup'], '<span style="white-space:nowrap"> <input size="15" type="text" class="bginput" name="usergroup[opentag]" value="' . htmlspecialchars_uni($usergroup['opentag']) . '" tabindex="1" /> <input size="15" type="text" class="bginput" name="usergroup[closetag]" value="' . htmlspecialchars_uni($usergroup['closetag']) . '" tabindex="1" /> </span>', '', 'top', 'htmltags'); print_input_row($vbphrase['password_expiry'], 'usergroup[passwordexpires]', $usergroup['passwordexpires']); print_input_row($vbphrase['password_history'], 'usergroup[passwordhistory]', $usergroup['passwordhistory']); print_table_break(); print_column_style_code(array('width: 70%', 'width: 30%'));
if (defined('FEED_SAVE_ERROR') and is_array($feed)) { // save error, show stuff again $form_title = $feed['rssfeedid'] ? $vbphrase['edit_rss_feed'] : $vbphrase['add_new_rss_feed']; } else { if ($vbulletin->GPC['rssfeedid'] and $feed = $db->query_first("\r\n\t\tSELECT rssfeed.*, user.username\r\n\t\tFROM " . TABLE_PREFIX . "rssfeed AS rssfeed\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = rssfeed.userid)\r\n\t\tWHERE rssfeed.rssfeedid = " . $vbulletin->GPC['rssfeedid'] . "\r\n\t")) { // feed is defined $form_title = $vbphrase['edit_rss_feed']; } else { // add new feed $feed = array('options' => 1025, 'ttl' => 1800, 'maxresults' => 0, 'endannouncement' => 7, 'titletemplate' => $vbphrase['rssfeed_title_template'], 'bodytemplate' => $vbphrase['rssfeed_body_template'], 'itemtype' => 'thread'); $form_title = $vbphrase['add_new_rss_feed']; } } $checked = array(); if (!defined('FEED_SAVE_ERROR') and !is_array($feed['options'])) { $feed['options'] = convert_bits_to_array($feed['options'], $vbulletin->bf_misc_feedoptions); } foreach ($feed['options'] as $bitname => $bitvalue) { $checked["{$bitname}"] = $bitvalue ? ' checked="checked"' : ''; } $checked['itemtype']["{$feed['itemtype']}"] = ' checked="checked"'; print_form_header('rssposter', 'update'); print_table_header($form_title); if ($feed['rssfeedid']) { print_checkbox_row($vbphrase['reset_last_checked_time'], 'resetlastrun', 0, 1, "<span class=\"normal\">{$vbphrase['reset']}</span>"); } print_yes_no_row($vbphrase['feed_is_enabled'], 'options[enabled]', $feed['options']['enabled']); print_input_row($vbphrase['title'], 'title', $feed['title'], false, 50); print_input_row($vbphrase['url_of_feed'], 'url', $feed['url'], true, 50); print_select_row($vbphrase['check_feed_every'], 'ttl', array(600 => construct_phrase($vbphrase['x_minutes'], 10), 1200 => construct_phrase($vbphrase['x_minutes'], 20), 1800 => construct_phrase($vbphrase['x_minutes'], 30), 3600 => construct_phrase($vbphrase['x_minutes'], 60), 7200 => construct_phrase($vbphrase['x_hours'], 2), 14400 => construct_phrase($vbphrase['x_hours'], 4), 21600 => construct_phrase($vbphrase['x_hours'], 6), 28800 => construct_phrase($vbphrase['x_hours'], 8), 36000 => construct_phrase($vbphrase['x_hours'], 10), 43200 => construct_phrase($vbphrase['x_hours'], 12)), $feed['ttl']); print_input_row($vbphrase['maximum_items_to_fetch'], 'maxresults', $feed['maxresults'], true, 50);
if ($permgroups and $permgroups->valid()) { foreach ($permgroups as $group) { $ugarr["{$group['usergroupid']}"] = $group['title']; } } print_table_header($vbphrase['default_forum_permissions']); print_select_row($vbphrase['create_permissions_based_off_of_forum'], 'ugid_base', $ugarr, $vbulletin->GPC['defaultgroupid']); print_table_break(); print_table_header($vbphrase['add_new_usergroup_gcpusergroup']); } else { $usergroup = vB_Api::instanceInternal('usergroup')->fetchUsergroupByID($vbulletin->GPC['usergroupid']); $ug_bitfield = array(); foreach ($vbulletin->bf_ugp as $permissiongroup => $fields) { $ug_bitfield["{$permissiongroup}"] = convert_bits_to_array($usergroup["{$permissiongroup}"], $fields); if (array_key_exists($permissiongroup, $usergroup_org)) { $usergroup_org[$permissiongroup] = convert_bits_to_array($usergroup_org["{$permissiongroup}"], $fields); } } try { $channelPerms = vB_ChannelPermission::instance()->fetchPermissions(1, $usergroup['usergroupid']); $groupinfo["moderator_permissions"] = array(); $groupinfo["createpermissions"] = array(); if (!empty($channelPerms) and !empty($channelPerms[$usergroup['usergroupid']])) { $channelPerms = $channelPerms[$usergroup['usergroupid']]; foreach (array('edit_time', 'require_moderate', 'maxtags', 'maxstartertags', 'maxothertags', 'maxattachments') as $field) { $usergroup[$field] = $channelPerms[$field]; } $ug_bitfield['createpermissions'] = $usergroup['moderator_permissions'] = array(); foreach ($channelPerms['bitfields']['createpermissions'] as $createPerm) { if ($createPerm['used']) { $ug_bitfield['createpermissions'][$createPerm['name']] = $createPerm['set'];
} } $getperms = fetch_forum_permissions($usergroupid, $forumid); construct_hidden_code('forumpermission[usergroupid]', $usergroupid); construct_hidden_code('forumid', $forumid); } else { $getperms = $db->query_first("\n\t\t\tSELECT *\n\t\t\tFROM " . TABLE_PREFIX . "forumpermission\n\t\t\tWHERE forumpermissionid = {$forumpermissionid}\n\t\t"); if (!$getperms) { print_table_footer(); print_stop_message('invalid_forum_permissions_specified'); } $usergroup['title'] = $vbulletin->usergroupcache["{$getperms['usergroupid']}"]['title']; $forum['title'] = $vbulletin->forumcache["{$getperms['forumid']}"]['title']; construct_hidden_code('forumpermissionid', $forumpermissionid); } $forumpermission = convert_bits_to_array($getperms['forumpermissions'], $vbulletin->bf_ugp_forumpermissions); print_table_header(construct_phrase($vbphrase['edit_forum_permissions_for_usergroup_x_in_forum_y'], $usergroup['title'], $forum['title'])); print_description_row(' <label for="uug_1"><input type="radio" name="useusergroup" value="1" id="uug_1" onclick="this.form.reset(); this.checked=true;"' . iif(empty($forumpermissionid), ' checked="checked"') . ' />' . $vbphrase['use_default_permissions'] . '</label> <br /> <label for="uug_0"><input type="radio" name="useusergroup" value="0" id="uug_0"' . iif(!empty($forumpermissionid), ' checked="checked"') . ' />' . $vbphrase['use_custom_permissions'] . '</label> ', 0, 2, 'tfoot', '', 'mode'); print_table_break(); print_forum_permission_rows($vbphrase['edit_forum_permissions'], $forumpermission, 'js_set_custom();'); print_submit_row($vbphrase['save']); } // ###################### Start do update ####################### if ($_POST['do'] == 'doupdate') { $vbulletin->input->clean_array_gpc('p', array('forumpermissionid' => TYPE_INT, 'forumpermission' => TYPE_ARRAY_INT, 'useusergroup' => TYPE_INT, 'forumid' => TYPE_INT)); if (!$vbulletin->GPC['forumpermissionid']) { $forum_perms = $db->query_first("\n\t\t\tSELECT forumpermissionid\n\t\t\tFROM " . TABLE_PREFIX . "forumpermission\n\t\t\tWHERE usergroupid = " . $vbulletin->GPC['forumpermission']['usergroupid'] . "\n\t\t\t\tAND forumid = " . $vbulletin->GPC['forumid']);
/** * Prepare any data needed for the output * * @param string The id of the block * @param array Options specific to the block */ function prepare_output($id = '', $options = array()) { global $show, $vbphrase, $messagearea, $vBeditTemplate; require_once DIR . '/includes/functions_visitormessage.php'; require_once DIR . '/includes/class_bbcode.php'; require_once DIR . '/includes/class_visitormessage.php'; if (is_array($options)) { $options = array_merge($this->option_defaults, $options); } else { $options = $this->option_defaults; } if ($options['vmid']) { $messageinfo = verify_visitormessage($options['vmid'], false); } $state = array('visible'); if (fetch_visitor_message_perm('canmoderatevisitormessages', $this->profile->userinfo)) { $state[] = 'moderation'; } if (can_moderate(0, 'canmoderatevisitormessages') or $this->registry->userinfo['userid'] == $this->profile->userinfo['userid'] and $this->registry->userinfo['permissions']['visitormessagepermissions'] & $this->registry->bf_ugp_visitormessagepermissions['canmanageownprofile']) { $state[] = 'deleted'; $deljoinsql = "LEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON (visitormessage.vmid = deletionlog.primaryid AND deletionlog.type = 'visitormessage')"; } else { $deljoinsql = ''; } $state_or = array("visitormessage.state IN ('" . implode("','", $state) . "')"); // Get the viewing user's moderated posts if ($this->registry->userinfo['userid'] and !fetch_visitor_message_perm('canmoderatevisitormessages', $this->profile->userinfo)) { $state_or[] = "(visitormessage.postuserid = " . $this->registry->userinfo['userid'] . " AND state = 'moderation')"; } $perpage = (!$options['perpage'] or $options['perpage'] > $this->registry->options['vm_maxperpage']) ? $this->registry->options['vm_perpage'] : $options['perpage']; if ($messageinfo['vmid']) { $getpagenum = $this->registry->db->query_first("\n\t\t\t\tSELECT COUNT(*) AS comments\n\t\t\t\tFROM " . TABLE_PREFIX . "visitormessage AS visitormessage\n\t\t\t\tWHERE userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\t\tAND (" . implode(" OR ", $state_or) . ")\n\t\t\t\t\tAND dateline >= {$messageinfo['dateline']}\n\t\t\t"); $options['pagenumber'] = ceil($getpagenum['comments'] / $perpage); } $pagenumber = $options['pagenumber']; do { if (!$pagenumber or $options['tab'] != $id and $options['tab'] != '') { $pagenumber = 1; } $start = ($pagenumber - 1) * $perpage; $hook_query_fields = $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook('member_profileblock_visitormessage_query')) ? eval($hook) : false; if ($this->registry->options['globalignore'] != '') { if (!can_moderate(0, 'candeletevisitormessages') and !can_moderate(0, 'canremovevisitormessages')) { require_once DIR . '/includes/functions_bigthree.php'; $coventry = fetch_coventry('string'); } } $messagebits = ''; $messages = $this->registry->db->query_read("\n\t\t\t\tSELECT " . (!isset($this->profile->prepared['vm_total']) ? "SQL_CALC_FOUND_ROWS" : "") . "\n\t\t\t\t\tvisitormessage.*, user.*, visitormessage.ipaddress AS messageipaddress\n\t\t\t\t\t" . ($this->registry->userinfo['userid'] ? ",IF(userlist.userid IS NOT NULL, 1, 0) AS bbuser_iscontact_of_user" : "") . "\n\t\t\t\t\t" . ($deljoinsql ? ",deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason" : "") . "\n\t\t\t\t\t" . ($this->registry->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight, customavatar.width_thumb AS avwidth_thumb, customavatar.height_thumb AS avheight_thumb, filedata_thumb, NOT ISNULL(customavatar.userid) AS hascustom" : "") . "\n\t\t\t\t\t{$hook_query_fields}\n\t\t\t\tFROM " . TABLE_PREFIX . "visitormessage AS visitormessage\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (visitormessage.postuserid = user.userid)\n\t\t\t\t" . ($this->registry->userinfo['userid'] ? "LEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON (userlist.userid = user.userid AND userlist.type = 'buddy' AND userlist.relationid = " . $this->registry->userinfo['userid'] . ")" : "") . "\n\t\t\t\t" . ($this->registry->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\t\t{$deljoinsql}\n\t\t\t\t{$hook_query_joins}\n\t\t\t\tWHERE visitormessage.userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\t\tAND (" . implode(" OR ", $state_or) . ")\n\t\t\t\t" . ($coventry ? "AND visitormessage.postuserid NOT IN (" . $coventry . ")" : '') . "\n\t\t\t\t\t{$hook_query_where}\n\t\t\t\tORDER BY visitormessage.dateline DESC\n\t\t\t\tLIMIT {$start}, {$perpage}\n\t\t\t"); if (!isset($this->profile->prepared['vm_total'])) { list($messagetotal) = $this->registry->db->query_first("SELECT FOUND_ROWS()", DBARRAY_NUM); } else { $messagetotal = $this->profile->prepared['vm_total']; } if ($start >= $messagetotal) { $pagenumber = ceil($messagetotal / $perpage); } } while ($start >= $messagetotal and $messagetotal); $this->block_data['messagestart'] = $start + 1; $this->block_data['messageend'] = min($start + $perpage, $messagetotal); $bbcode = new vB_BbCodeParser($this->registry, fetch_tag_list()); $factory = new vB_Visitor_MessageFactory($this->registry, $bbcode, $this->profile->userinfo); $messagebits = ''; if ($this->registry->userinfo['userid'] and empty($options['showignored'])) { $ignorelist = preg_split('/( )+/', trim($this->registry->userinfo['ignorelist']), -1, PREG_SPLIT_NO_EMPTY); } else { $ignorelist = array(); } $firstrecord = array(); $read_ids = array(); while ($message = $this->registry->db->fetch_array($messages)) { // Process user.options $message = array_merge($message, convert_bits_to_array($message['options'], $this->registry->bf_misc_useroptions)); if (!$firstrecord) { $firstrecord = $message; } if ($ignorelist and in_array($message['postuserid'], $ignorelist)) { $message['ignored'] = true; } if (empty($options['showignored']) and in_coventry($message['postuserid'])) { $message['ignored'] = true; } $response_handler =& $factory->create($message); $response_handler->converse = true; if (!$message['vm_enable'] and (!can_moderate(0, 'canmoderatevisitormessages') or $this->registry->userinfo['userid'] == $message['postuserid']) or $message['vm_contactonly'] and !can_moderate(0, 'canmoderatevisitormessages') and $message['postuserid'] != $this->registry->userinfo['userid'] and !$message['bbuser_iscontact_of_user']) { $response_handler->converse = false; } $response_handler->cachable = false; $messagebits .= $response_handler->construct(); if (!$message['messageread'] and $message['state'] == 'visible') { $read_ids[] = $message['vmid']; } $lastcomment = !$lastcomment ? $message['dateline'] : $lastcomment; } $readvms = 0; // If it's our profile and the visible or default tab then we hope they've read it // if ($this->profile->userinfo['userid'] == $this->registry->userinfo['userid'] AND ($options['tab'] == $id OR $options['tab'] == '') AND !empty($read_ids)) if ($this->profile->userinfo['userid'] == $this->registry->userinfo['userid']) { if (!empty($read_ids)) { $readvms = sizeof($read_ids); $this->registry->db->query_write("UPDATE " . TABLE_PREFIX . "visitormessage SET messageread = 1 WHERE vmid IN (" . implode(',', $read_ids) . ")"); } if ($this->profile->userinfo['vmunreadcount'] - $readvms > 0 and $this->registry->options['globalignore'] != '') { // We still have unread VMs somewhere, and Tachy is enabled build_visitor_message_counters($this->profile->userinfo['userid']); } else { if ($readvms) { // This is more than likely on the second page $this->registry->db->query_write("\n\t\t\t\t\tUPDATE " . TABLE_PREFIX . "user\n\t\t\t\t\tSET vmunreadcount = IF(vmunreadcount >= {$readvms}, vmunreadcount - {$readvms}, 0)\n\t\t\t\t\tWHERE userid = " . $this->registry->userinfo['userid']); } } } if ($pagenumber == 1 and (!isset($this->profile->prepared['vm_total']) or !isset($this->profile->prepared['lastvm_time']) or !isset($this->profile->prepared['lastvm_date']))) { $pminfo = array('dateline' => $firstrecord['dateline'], 'messages' => $messagetotal); } else { $pminfo = null; } $this->profile->prepare('vm_total', $pminfo); $this->block_data['messagebits'] = $messagebits; $this->block_data['lastcomment'] = $lastcomment; $show['delete'] = fetch_visitor_message_perm('candeletevisitormessages', $this->profile->userinfo); $show['undelete'] = fetch_visitor_message_perm('canundeletevisitormessages', $this->profile->userinfo); $show['approve'] = fetch_visitor_message_perm('canmoderatevisitormessages', $this->profile->userinfo); $show['inlinemod'] = ($show['delete'] or $show['undelete'] or $show['approve']); // Only allow AJAX QC on the first page $show['quickcomment'] = $show['post_visitor_message']; $show['allow_ajax_qc'] = ($pagenumber == 1 and $messagetotal) ? 1 : 0; $pageinfo = array('tab' => $id); if ($options['perpage'] != $this->registry->options['vm_perpage']) { $pageindo['pp'] = $options['perpage']; } if (!empty($options['showignored'])) { $pageinfo['showignored'] = 1; } $this->block_data['pagenav'] = construct_page_nav($pagenumber, $perpage, $messagetotal, '', '', $id, 'member', $this->profile->userinfo, $pageinfo); $this->block_data['messagetotal'] = $messagetotal; $show['view_conversation'] = (!$this->profile->prepared['myprofile'] and THIS_SCRIPT != 'converse' and $this->registry->userinfo['vm_enable']); if ($show['quickcomment']) { require_once DIR . '/includes/functions_editor.php'; $this->block_data['editorid'] = construct_edit_toolbar('', false, 'visitormessage', $this->registry->options['allowsmilies'], true, false, 'qr_small', '', array(), 'content', 'vBForum_VisitorMessage', 0, $this->profile->userinfo['userid']); $this->block_data['messagearea'] = $messagearea; $this->block_data['clientscript'] = $vBeditTemplate['clientscript']; } }
unset($photoplog_permissions); $photoplog_perm_denied = array(); $photoplog_perm_allowed = array(); $photoplog_inline_bits = array(); foreach ($photoplog_perm_membergroups_array as $photoplog_perm_membergroup_groupid) { foreach ($photoplog_list_relatives as $photoplog_list_relatives_catid => $photoplog_list_relatives_array) { if (!isset($photoplog_inline_bits[$photoplog_list_relatives_catid])) { $photoplog_inline_bits[$photoplog_list_relatives_catid] = 0; } if ($photoplog_list_relatives_catid != '-1' && $photoplog_current_results[$photoplog_perm_membergroup_groupid][$photoplog_list_relatives_catid]) { $photoplog_cat_mod_opt = intval($photoplog_current_results[$photoplog_perm_membergroup_groupid][$photoplog_list_relatives_catid]['options']); $photoplog_cat_mod_val = $photoplog_cat_mod_opt % 2; if ($photoplog_cat_mod_val == 0) { $photoplog_perm_denied[] = intval($photoplog_list_relatives_catid); } else { $photoplog_cat_mod_arr = convert_bits_to_array($photoplog_cat_mod_opt, $photoplog_categoryoptpermissions); if (defined('PHOTOPLOG_THIS_SCRIPT') && PHOTOPLOG_THIS_SCRIPT == 'categories' && ($_REQUEST['do'] == 'suggest' && !$photoplog_cat_mod_arr['cansuggestcategories'] || $_REQUEST['do'] == 'create' && !$photoplog_cat_mod_arr['cancreateunmoderatedcategories'])) { $photoplog_perm_denied[] = intval($photoplog_list_relatives_catid); } else { if (defined('PHOTOPLOG_THIS_SCRIPT') && PHOTOPLOG_THIS_SCRIPT == 'edit' && !$photoplog_cat_mod_arr['canuploadfiles']) { if ($photoplog_perm_catid != $photoplog_list_relatives_catid) { $photoplog_perm_denied[] = intval($photoplog_list_relatives_catid); } else { $photoplog_perm_allowed[] = intval($photoplog_list_relatives_catid); $photoplog_inline_temp = intval($photoplog_current_results[$photoplog_perm_membergroup_groupid][$photoplog_list_relatives_catid]['options']); $photoplog_inline_bits[$photoplog_list_relatives_catid] = $photoplog_inline_bits[$photoplog_list_relatives_catid] | $photoplog_inline_temp; } } else { if (defined('PHOTOPLOG_THIS_SCRIPT') && PHOTOPLOG_THIS_SCRIPT == 'search' && !$photoplog_cat_mod_arr['canusesearchfeature']) { $photoplog_perm_denied[] = intval($photoplog_list_relatives_catid); } else {
/** * Caches the subscriptions from the database into an array */ function cache_user_subscriptions() { if (empty($this->subscriptioncache)) { $permissions = $this->registry->db->query_read_slave("\n\t\t\t\tSELECT subscriptionid, usergroupid\n\t\t\t\tFROM " . TABLE_PREFIX . "subscriptionpermission\n\t\t\t"); $permcache = array(); while ($perm = $this->registry->db->fetch_array($permissions)) { $permcache["{$perm['subscriptionid']}"]["{$perm['usergroupid']}"] = $perm['usergroupid']; } $subscriptions = $this->registry->db->query_read_slave("SELECT * FROM " . TABLE_PREFIX . "subscription ORDER BY displayorder"); while ($subscription = $this->registry->db->fetch_array($subscriptions)) { $subscription = array_merge($subscription, convert_bits_to_array($subscription['adminoptions'], $this->registry->bf_misc_adminoptions)); if (!empty($permcache["{$subscription['subscriptionid']}"])) { $subscription['deniedgroups'] = $permcache["{$subscription['subscriptionid']}"]; } $this->subscriptioncache["{$subscription['subscriptionid']}"] = $subscription; } unset($permcache); $this->registry->db->free_result($subscriptions); $this->registry->db->free_result($permissions); } }
/** * Fetch default usergroup data for adding or editing new usergroup * * @param int $usergroupid If present, the data will be copied from this usergroup * @return array Default usergroup data. It contains four sub-arrays: * 'usergroup' - Basic usergroup information * 'ugarr' - usergroups to be used for 'Create Forum Permissions Based off of Usergroup' * 'ug_bitfield' - Usergroup bitfield * 'groupinfo' - Usergroup permission information */ public function fetchDefaultData($usergroupid = 0) { $this->checkHasAdminPermission('canadminpermissions'); $bf_ugp = vB::getDatastore()->get_value('bf_ugp'); require_once DIR . '/includes/class_bitfield_builder.php'; $myobj =& vB_Bitfield_Builder::init(); if ($usergroupid) { $usergroup = vB::getDbAssertor()->getRow('usergroup', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_TABLE, vB_dB_Query::CONDITIONS_KEY => array('usergroupid' => $usergroupid))); $ug_bitfield = array(); foreach ($bf_ugp as $permissiongroup => $fields) { $ug_bitfield["{$permissiongroup}"] = convert_bits_to_array($usergroup["{$permissiongroup}"], $fields); } } else { $ug_bitfield = array('genericoptions' => array('showgroup' => 1, 'showeditedby' => 1, 'isnotbannedgroup' => 1), 'forumpermissions' => array('canview' => 1, 'canviewothers' => 1, 'cangetattachment' => 1, 'cansearch' => 1, 'canthreadrate' => 1, 'canpostattachment' => 1, 'canpostpoll' => 1, 'canvote' => 1, 'canviewthreads' => 1), 'forumpermissions2' => array('cangetimgattachment' => 1), 'wolpermissions' => array('canwhosonline' => 1), 'genericpermissions' => array('canviewmembers' => 1, 'canmodifyprofile' => 1, 'canseeprofilepic' => 1, 'canusesignature' => 1, 'cannegativerep' => 1, 'canuserep' => 1, 'cansearchft_nl' => 1)); // set default numeric permissions $usergroup = array('pmquota' => 0, 'pmsendmax' => 5, 'attachlimit' => 1000000, 'avatarmaxwidth' => 200, 'avatarmaxheight' => 200, 'avatarmaxsize' => 20000, 'profilepicmaxwidth' => 100, 'profilepicmaxheight' => 100, 'profilepicmaxsize' => 25000, 'sigmaxsizebbcode' => 7); } $permgroups = vB::getDbAssertor()->assertQuery('usergroup_fetchperms', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED)); $ugarr = array(); foreach ($permgroups as $group) { $ugarr["{$group['usergroupid']}"] = $group['title']; } foreach ((array) $myobj->data['ugp'] as $grouptitle => $perms) { if ($grouptitle == 'createpermissions') { continue; } foreach ($perms as $permtitle => $permvalue) { if (empty($permvalue['group'])) { continue; } $groupinfo["{$permvalue['group']}"]["{$permtitle}"] = array('phrase' => $permvalue['phrase'], 'value' => $permvalue['value'], 'parentgroup' => $grouptitle); if ($permvalue['intperm']) { $groupinfo["{$permvalue['group']}"]["{$permtitle}"]['intperm'] = true; } if (!empty($myobj->data['layout']["{$permvalue['group']}"]['ignoregroups'])) { $groupinfo["{$permvalue['group']}"]['ignoregroups'] = $myobj->data['layout']["{$permvalue['group']}"]['ignoregroups']; } if (!empty($permvalue['ignoregroups'])) { $groupinfo["{$permvalue['group']}"]["{$permtitle}"]['ignoregroups'] = $permvalue['ignoregroups']; } if (!empty($permvalue['options'])) { $groupinfo["{$permvalue['group']}"]["{$permtitle}"]['options'] = $permvalue['options']; } } } return array('usergroup' => $usergroup, 'ug_bitfield' => $ug_bitfield, 'ugarr' => $ugarr, 'groupinfo' => $groupinfo); }
if ($_REQUEST['do'] == 'edit') { $vbulletin->input->clean_array_gpc('g', array('catid' => TYPE_UINT)); $photoplog_catid = $vbulletin->GPC['catid']; $photoplog_category_info = $db->query_first("SELECT title,\r\n\t\t\t\tdescription, displayorder, parentid, options\r\n\t\t\tFROM " . PHOTOPLOG_PREFIX . "photoplog_categories\r\n\t\t\tWHERE catid = " . intval($photoplog_catid) . "\r\n\t\t"); } else { if ($_REQUEST['do'] == 'review') { $vbulletin->input->clean_array_gpc('g', array('suggestid' => TYPE_UINT)); $photoplog_suggestid = $vbulletin->GPC['suggestid']; $photoplog_category_info = $db->query_first("SELECT title,\r\n\t\t\t\tdescription, displayorder, parentid, options\r\n\t\t\tFROM " . PHOTOPLOG_PREFIX . "photoplog_suggestedcats\r\n\t\t\tWHERE suggestid = " . intval($photoplog_suggestid) . "\r\n\t\t"); } } if (!$photoplog_category_info) { print_stop_message(no_results_matched_your_query); } else { $photoplog_category = $photoplog_category_info; $photoplog_category_options = convert_bits_to_array($photoplog_category_info['options'], $photoplog_categoryoptions); unset($photoplog_category_info); if ($_REQUEST['do'] == 'edit') { print_form_header('photoplog_category', 'doedit'); construct_hidden_code('s', $vbulletin->session->vars['sessionhash']); construct_hidden_code('catid', $photoplog_catid); print_table_header($vbphrase['photoplog_edit_this_category']); } else { if ($_REQUEST['do'] == 'review') { print_form_header('photoplog_category', 'doadd'); construct_hidden_code('s', $vbulletin->session->vars['sessionhash']); construct_hidden_code('suggestid', $photoplog_suggestid); print_table_header($vbphrase['photoplog_add_new_category']); } } print_input_row($vbphrase['photoplog_title'], 'photoplog_category[title]', $photoplog_category['title']);
/** * Any startup work that needs to be done to a note. */ function prepare_start() { $this->message = array_merge($this->message, convert_bits_to_array($this->message['options'], $this->registry->bf_misc_useroptions)); $this->message = array_merge($this->message, convert_bits_to_array($this->message['adminoptions'], $this->registry->bf_misc_adminoptions)); $this->message['checkbox_value'] = 0; $this->message['checkbox_value'] += ($this->message['state'] == 'moderation') ? POST_FLAG_INVISIBLE : 0; $this->message['checkbox_value'] += ($this->message['state'] == 'deleted') ? POST_FLAG_DELETED : 0; }
/** * Insert or Update an user * * @param integer $userid Userid to be updated. Set to 0 if you want to insert a new user. * @param string $password Password for the user. Empty means no change. May be overriden by the $extra array * @param array $user Basic user information such as email or home page * * username * * email * * usertitle * * birthday * * usergroupid (will get no_permissions exception without administrate user permissions) * * membergroupids (will get no_permissions exception without administrate user permissions) * * list not complete * @param array $options vB options for the user * @param array $adminoptions Admin Override Options for the user * @param array $userfield User's User Profile Field data * @param array $notificationOptions * @param array $hvinput Human Verify input data. @see vB_Api_Hv::verifyToken() * @param array $extra Generic flags or data to affect processing. * * registration * * email * * newpass * * password * * acnt_settings * @return integer New or updated userid. */ public function save($userid, $password, $user, $options, $adminoptions, $userfield, $notificationOptions = array(), $hvinput = array(), $extra = array()) { $db = vB::getDbAssertor(); $vboptions = vB::getDatastore()->getValue('options'); $userContext = vB::getUserContext(); $currentUserId = $userContext->fetchUserId(); $userid = intval($userid); $coppauser = false; //set up some booleans to control behavior. This is done to simply/document the later code $newuser = !$userid; $canadminusers = $this->hasAdminPermission('canadminusers'); $adminoverride = ($canadminusers and empty($extra['acnt_settings']) and empty($extra['acnt_settings'])); $changingCurrentUser = $userid == $currentUserId; // Not sure why we do this at all. The caller should handle this appropriately. // We shouldn't set $userid = $currentUserId if $userid == 0 here // Cause we may need to allow logged-in user to register again if ($userid < 0 and $currentUserId) { $userid = $currentUserId; } //we'll need this all over the place if this isn't a new user. if (!$newuser) { $userinfo = vB_User::fetchUserInfo($userid); } //check some permissions. If we can admin users we can skip all of these checks. Some checks //only apply to some cases, such as registering a newuser. We also check various fields //in some cases and not others. if (!$canadminusers) { if ($newuser) { // Check if registration is allowed if (!$vboptions['allowregistration']) { throw new vB_Exception_Api('noregister'); } // Check Multiple Registrations Per User if ($currentUserId and !$vboptions['allowmultiregs']) { $currentUser = vB::getCurrentSession()->fetch_userinfo(); throw new vB_Exception_Api('signing_up_but_currently_logged_in_msg', array($currentUser['username'], $vboptions['frontendurl'] . '/auth/logout?logouthash=' . $currentUser['logouthash'])); } // If it's a new registration, we need to verify the HV // VBV-9386: HV is disabled when accessing through the VB_API in vb4. // Tere is also a comment saying that it should be enabled once it goes live??? if (!defined('VB_API') or defined('VB_API') and VB_API !== true) { vB_Api::instanceInternal('hv')->verifyToken($hvinput, 'register'); } // Verify Stop Forum Spam $nospam = vB_StopForumSpam::instance(); if (!$nospam->checkRegistration($user['username'], vB::getRequest()->getIpAddress(), $user['email'])) { throw new vB_Exception_Api('noregister'); } } else { //attempting to update somebody else's profile -- only admins can do this if (!$changingCurrentUser) { throw new vB_Exception_Api('no_permission'); } //we need to handle this more gracefully -- this is kindof weird. if (!$userContext->hasPermission('genericpermissions', 'canmodifyprofile')) { // User can only update email and password return $this->saveEmailPassword($extra); } if (isset($user['privacy_options']) and !$userContext->hasPermission('usercsspermissions', 'caneditprivacy')) { // User doesn't have permission to update privacy throw new vB_Exception_Api('no_permission'); } if (isset($options['invisible']) and !empty($options['invisible']) and !$userContext->hasPermission('genericpermissions', 'caninvisible')) { // User doesn't have permission to go invisible throw new vB_Exception_Api('no_permission'); } } //handle some fields that users should not be able to set (the admin can do what he wants) if (isset($user['usergroupid'])) { throw new vB_Exception_Api('no_permission'); } if (isset($user['membergroupids'])) { throw new vB_Exception_Api('no_permission'); } } /* * Some checks for all cases. */ //check the user title length. Skip for any administrator. Not sure if we should be checking for edit user permissions or not, but //it's not a major issue if admins can set their own titles to something really long so changing it at this point is not wise. if (isset($user['usertitle']) and vB_String::vbStrlen($user['usertitle']) > $vboptions['ctMaxChars'] and !$userContext->isAdministrator()) { throw new vB_Exception_Api('please_enter_user_title_with_at_least_x_characters', $vboptions['ctMaxChars']); } //don't allow changes to an unalterable user unless the user themselves requests it. We might want to lock down what the //user can edit in this case. require_once DIR . '/includes/adminfunctions.php'; if (!$changingCurrentUser and is_unalterable_user($userid)) { throw new vB_Exception_Api('user_is_protected_from_alteration_by_undeletableusers_var'); } $olduser = array(); if ($userid != 0) { // Get old user information $olduser = $db->getRow('user_fetchforupdating', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'userid' => $userid)); if (!$olduser) { throw new vB_Exception_Api('invalid_user_specified'); } } // if birthday is required if ($vboptions['reqbirthday'] and empty($olduser['birthday']) and empty($user['birthday'])) { if (count($userfield)) { throw new vB_Exception_Api('birthdayfield'); } else { throw new vB_Exception_Api('birthdayfield_nonprofile_tab'); } } /* * If we are changing the password or email from the account setting we need to validate the users * existing password. */ //we allow stuff for the account profile page to be passed separately in the $extra array. //we shouldn't but cleaning that up is a larger task. if (!empty($extra['acnt_settings'])) { if (!empty($extra['email'])) { $user['email'] = $extra['email']; } //new password to set if (!empty($extra['newpass'])) { $password = $extra['newpass']; } //the user's existing password -- needed to verify to set certain sensative fields. if (!empty($extra['password'])) { $user['password'] = $extra['password']; } } //if we are setting the password or the email we may need to check the user's existing //password as an extra precaution. // * If this is an existing user // * If we are changing the password or email // * If we are not overriding as an admin if (!$newuser and (!empty($password) or !empty($user['email'])) and !$adminoverride) { $loginlib = vB_Library::instance('login'); if (!$user['password']) { throw new vB_Exception_Api('enter_current_password'); } $login = array_intersect_key($userinfo, array_flip(array('userid', 'token', 'scheme'))); $auth = $loginlib->verifyPasswordFromInfo($login, array(array('password' => $user['password'], 'encoding' => 'text'))); if (!$auth['auth']) { throw new vB_Exception_Api('badpassword', vB5_Route::buildUrl('lostpw|fullurl')); } } //this is the user's existing password which we don't need now that we've verified it. //attempting to set it to the DM, which we do below for all user fields causes problems. unset($user['password']); //if this is a newuser we need to have a password -- even if this is an admin creating the user if ($newuser and empty($password)) { throw new vB_Exception_Api('invalid_password_specified'); } /* * If we got this far, we basically have permission to update the user in the way we requested. */ $bf_misc_useroptions = vB::getDatastore()->getValue('bf_misc_useroptions'); $bf_misc_adminoptions = vB::getDatastore()->getValue('bf_misc_adminoptions'); $bf_misc_notificationoptions = vB::getDatastore()->getValue('bf_misc_usernotificationoptions'); $usergroupcache = vB::getDatastore()->getValue('usergroupcache'); $user['ipaddress'] = vB::getRequest()->getIpAddress(); $olduser = array_merge($olduser, convert_bits_to_array($olduser['options'], $bf_misc_useroptions)); $olduser = array_merge($olduser, convert_bits_to_array($olduser['adminoptions'], $bf_misc_adminoptions)); $olduser = array_merge($olduser, convert_bits_to_array($olduser['notification_options'], $bf_misc_notificationoptions)); // get threaded mode options if (isset($olduser['threadedmode']) and ($olduser['threadedmode'] == 1 or $olduser['threadedmode'] == 2)) { $threaddisplaymode = $olduser['threadedmode']; } else { if (isset($olduser['postorder']) and $olduser['postorder'] == 0) { $threaddisplaymode = 0; } else { $threaddisplaymode = 3; } } $olduser['threadedmode'] = $threaddisplaymode; // Let's handle this at API level, ignore list is causing problems in the data manager //handle ignorelist if (isset($user['ignorelist'])) { $user['ignorelist'] = $this->updateIgnorelist($userid, explode(',', $user['ignorelist'])); } else { $user['ignorelist'] = array(); } // init data manager $userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_ARRAY_UNPROCESSED); /* * If this was called from the account settings or registration pages * (not the Admin Control Panel) then we shouldn't be setting admin override. * Should also make sure that the admin is logged in and its not just a case of someone * telling the API that we're in the ACP */ if ($adminoverride) { $userdata->adminoverride = true; } $updateUGPCache = false; // set existing info if this is an update if (!$newuser) { // birthday if (!$adminoverride and $user['birthday'] and $olduser['birthday'] and $user['birthday'] != $olduser['birthday'] and $vboptions['reqbirthday']) { throw new vB_Exception_Api('has_no_permission_change_birthday'); } // update buddy list $user['buddylist'] = array(); foreach (explode(' ', $userinfo['buddylist']) as $buddy) { if (in_array($buddy, $user['ignorelist']) === false) { $user['buddylist'][] = $buddy; } } $userinfo['posts'] = intval($user['posts']); // update usergroups cache if needed... $uInfoMUgpIds = explode(',', trim($userinfo['membergroupids'])); $uInfoUgpId = trim($userinfo['usergroupid']); $uIGpIds = explode(',', trim($userinfo['infractiongroupids'])); $mUgpIds = isset($user['membergroupids']) ? $user['membergroupids'] : false; $ugpId = isset($user['usergroupid']) ? trim($user['usergroupid']) : false; $iGpIds = isset($user['infractiongroupids']) ? explode(',', trim($user['infractiongroupids'])) : false; if ($ugpId and $uInfoUgpId != $ugpId or $mUgpIds and array_diff($uInfoMUgpIds, $mUgpIds) or $iGpIds and array_diff($iGpIds, $uIGpIds)) { $updateUGPCache = true; } $userdata->set_existing($userinfo); } else { if ($this->useCoppa()) { if (empty($user['birthday'])) { throw new vB_Exception_Api('under_thirteen_registration_denied'); } if ($this->needsCoppa($user['birthday'])) { if ($vboptions['usecoppa'] == 2) { throw new vB_Exception_Api('under_thirteen_registration_denied'); } else { if (empty($user['parentemail'])) { throw new vB_Exception_Api('coppa_rules_description'); } $userdata->set_info('coppauser', true); $userdata->set_info('coppapassword', $password); $options['coppauser'] = 1; $coppauser = true; } } else { if ($vboptions['moderatenewmembers']) { $userdata->set_info('usergroupid', 4); } else { if ($vboptions['verifyemail']) { $userdata->set_info('usergroupid', 3); } else { $userdata->set_info('usergroupid', 2); } } } } } //should not be required with the new password code. // if no username is provided then is taken from old userinfo, datamanager needs username always set to perform password checks. //$username = (empty($user['username']) ? $userinfo['username'] : $user['username']); //$userdata->set('username', $username); //unset($user['username']); // user options foreach ($bf_misc_useroptions as $key => $val) { if (isset($options["{$key}"])) { $userdata->set_bitfield('options', $key, $options["{$key}"]); } else { if (isset($olduser["{$key}"])) { $userdata->set_bitfield('options', $key, $olduser["{$key}"]); } } } foreach ($adminoptions as $key => $val) { $userdata->set_bitfield('adminoptions', $key, $val); } // notification options foreach ($notificationOptions as $key => $val) { // @TODO related to VBV-92 if ($olduser["{$key}"] != $val) { $userdata->set_bitfield('notification_options', $key, $val); } else { if ($olduser["{$key}"] == $val) { $userdata->set_bitfield('notification_options', $key, $olduser["{$key}"]); } } } $displaygroupid = (array_key_exists('displaygroupid', $user) and intval($user['displaygroupid'])) ? $user['displaygroupid'] : ''; if (isset($user['usergroupid']) and $user['usergroupid']) { $displaygroupid = $user['usergroupid']; } elseif (isset($olduser['usergroupid']) and $olduser['usergroupid']) { $displaygroupid = $olduser['usergroupid']; } // custom user title if (isset($user['usertitle']) and $user['usertitle']) { $userdata->set_usertitle($user['usertitle'], $user['customtitle'] ? false : true, $usergroupcache["{$displaygroupid}"], $userContext->hasPermission('genericpermissions', 'canusecustomtitle'), $userContext->isAdministrator()); unset($user['usertitle'], $user['customtitle']); } else { if (isset($user['usertitle']) and empty($user['usertitle']) and empty($user['customtitle'])) { $userdata->set_usertitle('', true, $usergroupcache["{$displaygroupid}"], $userContext->hasPermission('genericpermissions', 'canusecustomtitle'), $userContext->isAdministrator()); unset($user['usertitle'], $user['customtitle']); } } // privacy_options $privacyChanged = false; if (isset($user['privacy_options']) and $user['privacy_options']) { foreach ($user['privacy_options'] as $opt => $val) { if (!in_array($opt, $this->privacyOptions)) { unset($user['privacy_options'][$opt]); } } // check if we need to update cached values... if ($olduser['privacy_options']) { $check = unserialize($olduser['privacy_options']); $diff = array_diff_assoc($user['privacy_options'], $check); if (!empty($diff)) { $privacyChanged = true; } } $user['privacy_options'] = serialize($user['privacy_options']); } // Update from user fields foreach ($user as $key => $val) { if (!$userid or $olduser["{$key}"] != $val) { $userdata->set($key, $val); } } $membergroupids = false; if (isset($user['membergroupids']) and is_array($user['membergroupids'])) { $membergroupids = $user['membergroupids']; } //add facebook user group for new users being registered with FB //not entirely thrilled with putting this here, but doing it in a less //fragile way requires a greater refactoring of the registration code if ($newuser and $vboptions['facebookusergroupid']) { $fblib = vB_Library::instance('facebook'); if ($fblib->isFacebookEnabled() and $fblib->userIsLoggedIn()) { if (is_array($membergroupids)) { $membergroupids[] = $vboptions['facebookusergroupid']; } else { $membergroupids = array($vboptions['facebookusergroupid']); } } } //actually set the usergroup array if we have one if (is_array($membergroupids)) { $userdata->set('membergroupids', $membergroupids); } // custom profile fields if (!empty($userfield) and is_array($userfield)) { $userdata->set_userfields($userfield, true, 'admin'); } // handles ignorelist and buddylist correctly $userdata->set('ignorelist', $user['ignorelist']); $userdata->set('buddylist', isset($user['buddylist']) ? $user['buddylist'] : array()); // timezone if (empty($user['timezoneoffset']) and $newuser) { $userdata->set('timezoneoffset', $vboptions['timeoffset']); } //the secret really isn't related to the password, but we want to change it //periodically and for now "every time the user changes their password" //works (we previously used the password salt so that's when it got changed //prior to the refactor). if (!empty($password)) { $userdata->set('secret', vB_Library::instance('user')->generateUserSecret()); } // save data $newuserid = $userdata->save(); if ($userdata->has_errors(false)) { throw $userdata->get_exception(); } //a bit of a hack. If the DM save function runs an update of an existing user then //it returns true rather than the userid (despite what the comments say). However its //not clear how to handle that in the DM (which looks like it could be use to alter //multiple users wholesale, in which case we really don't have an ID. Better to catch it here. if ($newuserid === true) { $newuserid = $userid; } //if we have a new password, then let's set it. if (!empty($password)) { try { //lookup the history for the user we are editing, which is not necesarily the //user that we currently are. if ($changinCurrentUser) { $history = $userContext->getUsergroupLimit('passwordhistory'); } else { if ($adminoverride) { $history = 0; } else { $history = vB::getUserContext($userid)->getUsergroupLimit('passwordhistory'); } } $loginlib = vB_Library::instance('login'); $loginlib->setPassword($newuserid, $password, array('passwordhistorylength' => $history), array('passwordhistory' => $adminoverride)); } catch (Exception $e) { //if this is a new user, deleted it if we fail to set the intial password. if ($newuser) { $db->delete('user', array('userid' => $newuserid)); } throw $e; } } if ($updateUGPCache) { vB_Cache::instance(vB_Cache::CACHE_FAST)->event('perms_changed'); } if ($privacyChanged) { vB_Cache::instance()->event('userPrivacyChg_' . $userid); } // clear user info cached $this->library->clearUserInfo(array($newuserid)); // update session's languageid, VBV-11318 if (isset($user['languageid'])) { vB::getCurrentSession()->set('languageid', $user['languageid']); } if ($newuser and $vboptions['newuseremail'] != '') { // Prepare email data $customfields = ''; if (!empty($userfield) and is_array($userfield)) { $customfields = $userdata->set_userfields($userfield, true, 'register'); } $maildata = vB_Api::instanceInternal('phrase')->fetchEmailPhrases('newuser', array($user['username'], vB::getDatastore()->getOption('bbtitle'), vB5_Route::buildUrl('profile|fullurl', array('userid' => $user['userid'])), $user['email'], $user['birthday'], $user['ipaddress'], $customfields), array(vB::getDatastore()->getOption('bbtitle'))); // Send out the emails $newemails = explode(' ', $vboptions['newuseremail']); foreach ($newemails as $toemail) { if (trim($toemail)) { vB_Mail::vbmail($toemail, $maildata['subject'], $maildata['message'], false); } } } // Check if we need to send out activate email $verifyEmail = (defined('VB_AREA') and VB_AREA == 'AdminCP') ? false : true; if ($newuser and $vboptions['verifyemail'] and $verifyEmail) { $this->library->sendActivateEmail($newuserid); } // Check if we need to send out welcome email if ($newuser and $userdata->fetch_field('usergroupid') == 2 and $vboptions['welcomemail']) { // Send welcome mail $username = trim(unhtmlspecialchars($user['username'])); $maildata = vB_Api::instanceInternal('phrase')->fetchEmailPhrases('welcomemail', array($username, $vboptions['bbtitle']), array($vboptions['bbtitle']), isset($user['languageid']) ? $user['languageid'] : vB::getDatastore()->getOption('languageid')); vB_Mail::vbmail($user['email'], $maildata['subject'], $maildata['message'], true); } return $newuserid; }
$ccrecipients = $cclist; } if ($countbcc and $vbulletin->userinfo['userid'] == $pm['fromuserid'] and $pm['folderid'] == -1) { if ($countcc) { $bccrecipients = $bcclist; } else { $ccrecipients = $bcclist; } } $show['recipients'] = true; } $show['quickreply'] = ($permissions['pmquota'] and $vbulletin->userinfo['receivepm'] and !fetch_privatemessage_throttle_reached($vbulletin->userinfo['userid'])); if ($pm['fromuserid']) { $recipient = $db->query_first("\n\t\t\tSELECT usertextfield.*, user.*, userlist.type\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid=user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON(user.userid = userlist.userid AND userlist.relationid = " . $vbulletin->userinfo['userid'] . " AND userlist.type = 'buddy')\n\t\t\tWHERE user.userid = " . intval($pm['fromuserid'])); if (!empty($recipient)) { $recipient = array_merge($recipient, convert_bits_to_array($recipient['options'], $vbulletin->bf_misc_useroptions)); cache_permissions($recipient, false); if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and (!$recipient['receivepm'] or !$recipient['permissions']['pmquota'] or $recipient['receivepmbuddies'] and !can_moderate() and $recipient['type'] != 'buddy')) { $show['quickreply'] = false; } } else { $show['quickreply'] = false; } } else { $show['quickreply'] = false; } if ($vbulletin->GPC['showhistory'] and $pm['parentpmid']) { $threadresult = $vbulletin->db->query_read_slave("\n\t\t\tSELECT pm.*, pmtext.*\n\t\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\t\tINNER JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t\tWHERE (pm.parentpmid=" . $pm['parentpmid'] . "\n\t\t\t\t\tOR pm.pmid = " . $pm['parentpmid'] . ")\n\t\t\tAND pm.pmid != " . $pm['pmid'] . "\n\t\t\tAND pm.userid=" . $vbulletin->userinfo['userid'] . "\n\t\t\tAND pmtext.dateline < " . $pm['dateline'] . "\n\t\t\tORDER BY pmtext.dateline DESC\n\t\t"); if ($vbulletin->db->num_rows($threadresult)) { $threadpms = ''; while ($threadpm = $vbulletin->db->fetch_array($threadresult)) {
} else { print_stop_message('no_matches_found'); } } // ###################### Start viewuser ####################### if ($_REQUEST['do'] == 'viewuser') { if (!can_moderate(0, 'canviewprofile')) { print_stop_message('no_permission'); } $OUTERTABLEWIDTH = '95%'; $INNERTABLEWIDTH = '100%'; if (empty($vbulletin->GPC['userid'])) { print_stop_message('invalid_user_specified'); } $user = $db->query_first("\n\t\tSELECT user.*,usertextfield.signature,avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar,\n\t\t\tcustomavatar.width AS avatarwidth, customavatar.height AS avatarheight, customprofilepic.height AS profilepicheight,\n\t\t\tcustomprofilepic.width AS profilepicwidth,\n\t\t\tcustomavatar.dateline AS avatardateline, customprofilepic.userid AS profilepic, customprofilepic.dateline AS profilepicdateline\n\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\tLEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON avatar.avatarid = user.avatarid\n\t\tLEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON customavatar.userid = user.userid\n\t\tLEFT JOIN " . TABLE_PREFIX . "customprofilepic AS customprofilepic ON customprofilepic.userid = user.userid\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tWHERE user.userid = " . $vbulletin->GPC['userid'] . "\n\t"); $getoptions = convert_bits_to_array($user['options'], $vbulletin->bf_misc_useroptions); $user = array_merge($user, $getoptions); // get threaded mode options if ($user['threadedmode'] == 1 or $user['threadedmode'] == 2) { $threaddisplaymode = $user['threadedmode']; } else { if ($user['postorder'] == 0) { $threaddisplaymode = 0; } else { $threaddisplaymode = 3; } } $userfield = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "userfield WHERE userid=" . $vbulletin->GPC['userid']); // make array for daysprune menu $pruneoptions = array('-1' => '- ' . $vbphrase['use_forum_default'] . ' -', '1' => $vbphrase['show_threads_from_last_day'], '2' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 2), '7' => $vbphrase['show_threads_from_last_week'], '10' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 10), '14' => construct_phrase($vbphrase['show_threads_from_last_x_weeks'], 2), '30' => $vbphrase['show_threads_from_last_month'], '45' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 45), '60' => construct_phrase($vbphrase['show_threads_from_last_x_months'], 2), '75' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 75), '100' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 100), '365' => $vbphrase['show_threads_from_last_year'], '1000' => construct_phrase($vbphrase['show_threads_from_last_x_days'], 1000)); if ($pruneoptions["{$user['daysprune']}"] == '') {
print_stop_message('deleted_user_successfully'); } } // ###################### Start edit ####################### if ($_REQUEST['do'] == 'edit' or $_REQUEST['do'] == 'add') { $OUTERTABLEWIDTH = '95%'; $INNERTABLEWIDTH = '100%'; require_once DIR . '/includes/functions_misc.php'; $vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT)); if ($vbulletin->GPC['userid']) { $user = $db->query_first("\n\t\t\tSELECT user.*, avatar.avatarpath, customavatar.dateline AS avatardateline, customavatar.width AS avatarwidth, customavatar.height AS avatarheight,\n\t\t\tNOT ISNULL(customavatar.userid) AS hascustomavatar, usertextfield.signature,\n\t\t\tcustomprofilepic.width AS profilepicwidth, customprofilepic.height AS profilepicheight,\n\t\t\tcustomprofilepic.dateline AS profilepicdateline, usergroup.adminpermissions,\n\t\t\tNOT ISNULL(customprofilepic.userid) AS hasprofilepic,\n\t\t\tNOT ISNULL(sigpic.userid) AS hassigpic,\n\t\t\tsigpic.width AS sigpicwidth, sigpic.height AS sigpicheight,\n\t\t\tsigpic.userid AS profilepic, sigpic.dateline AS sigpicdateline,\n\t\t\tusercsscache.cachedcss\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "customprofilepic AS customprofilepic ON(customprofilepic.userid = user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON(usergroup.usergroupid = user.usergroupid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usercsscache AS usercsscache ON (user.userid = usercsscache.userid)\n\t\t\tWHERE user.userid = " . $vbulletin->GPC['userid']); if (!$user) { print_stop_message('invalid_user_specified'); } $user = array_merge($user, convert_bits_to_array($user['options'], $vbulletin->bf_misc_useroptions)); $user = array_merge($user, convert_bits_to_array($user['adminoptions'], $vbulletin->bf_misc_adminoptions)); if ($user['coppauser'] == 1) { echo "<p align=\"center\"><b>{$vbphrase['this_is_a_coppa_user_do_not_change_to_registered']}</b></p>\n"; } if ($user['usergroupid'] == 3) { print_form_header('../register', 'emailcode', 0, 0); construct_hidden_code('email', $user['email']); print_submit_row($vbphrase['email_activation_codes'], 0); } // make array for quick links menu $quicklinks = array("user.php?" . $vbulletin->session->vars['sessionurl'] . "do=editaccess&u=" . $vbulletin->GPC['userid'] => $vbphrase['edit_forum_permissions_access_masks'], "resources.php?" . $vbulletin->session->vars['sessionurl'] . "do=viewuser&u=" . $vbulletin->GPC['userid'] => $vbphrase['view_forum_permissions'], "mailto:{$user['email']}" => $vbphrase['send_email_to_user']); if ($user['usergroupid'] == 3) { $quicklinks["../register.php?" . $vbulletin->session->vars['sessionurl'] . "do=requestemail&email=" . urlencode(unhtmlspecialchars($user['email'])) . '&url=' . urlencode($vbulletin->options['bburl'] . '/' . $vbulletin->config['Misc']['admincpdir'] . '/user.php?do=edit&u=' . $vbulletin->GPC['userid'])] = $vbphrase['email_activation_codes']; } require_once DIR . '/includes/class_paid_subscription.php'; $subobj = new vB_PaidSubscription($vbulletin);
/** * Processes miscellaneous post items at the beginning of the construction process. */ function prep_post_start() { $this->post = array_merge($this->post, convert_bits_to_array($this->post['options'], $this->registry->bf_misc_useroptions)); $this->post = array_merge($this->post, convert_bits_to_array($this->post['adminoptions'], $this->registry->bf_misc_adminoptions)); // do word wrap if ($this->registry->options['wordwrap']) { $this->post['title'] = fetch_word_wrapped_string($this->post['title']); } $this->post['title'] = fetch_censored_text($this->post['title']); // init imod checkbox value $this->post['checkbox_value'] = 0; }
if ($eventinfo = $db->query_first_slave("\n\t\tSELECT *\n\t\tFROM " . TABLE_PREFIX . "holiday AS holiday\n\t\tWHERE holidayid = " . $vbulletin->GPC['holidayid'])) { $eventinfo['visible'] = 1; $eventinfo['holiday'] = 1; $eventinfo['title'] = $vbphrase['holiday' . $eventinfo['holidayid'] . '_title']; $eventinfo['event'] = $vbphrase['holiday' . $eventinfo['holidayid'] . '_desc']; } else { eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']))); } } if ($eventinfo['eventid'] and $eventinfo['userid'] != $vbulletin->userinfo['userid'] and !($vbulletin->userinfo['calendarpermissions']["{$eventinfo['calendarid']}"] & $vbulletin->bf_ugp_calendarpermissions['canviewothersevent'])) { print_no_permission(); } $calendarinfo = verify_id('calendar', $vbulletin->GPC['calendarid'], 1, 1); $getoptions = convert_bits_to_array($calendarinfo['options'], $_CALENDAROPTIONS); $calendarinfo = array_merge($calendarinfo, $getoptions); $geteaster = convert_bits_to_array($calendarinfo['holidays'], $_CALENDARHOLIDAYS); $calendarinfo = array_merge($calendarinfo, $geteaster); $calendarid =& $calendarinfo['calendarid']; $calview = htmlspecialchars_uni(fetch_bbarray_cookie('calendar', 'calview' . $calendarinfo['calendarid'])); $calmonth = intval(fetch_bbarray_cookie('calendar', 'calmonth')); $calyear = intval(fetch_bbarray_cookie('calendar', 'calyear')); if (empty($_REQUEST['do'])) { $defaultview = !empty($calendarinfo['weekly']) ? 'displayweek' : (!empty($calendarinfo['yearly']) ? 'displayyear' : 'displaymonth'); $_REQUEST['do'] = !empty($calview) ? $calview : $defaultview; } if ($vbulletin->GPC['sb']) { // Allow showbirthdays to be turned on if they are off -- mainly for the birthday link from the front page $calendarinfo['showbirthdays'] = true; } // chande the start of week for invalid values or guests (which are currently forced to 1, Sunday) if ($vbulletin->userinfo['startofweek'] > 7 or $vbulletin->userinfo['startofweek'] < 1 or $vbulletin->userinfo['userid'] == 0) {
print_form_header('calendarpermission', 'doupdate'); if ($vbulletin->GPC['calendarpermissionid']) { $getperms = $db->query_first("\n\t\t\tSELECT calendarpermission.*, usergroup.title AS grouptitle, calendar.title AS calendartitle\n\t\t\tFROM " . TABLE_PREFIX . "calendarpermission AS calendarpermission\n\t\t\tINNER JOIN " . TABLE_PREFIX . "calendar AS calendar ON (calendar.calendarid = calendarpermission.calendarid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = calendarpermission.usergroupid)\n\t\t\tWHERE calendarpermissionid = " . $vbulletin->GPC['calendarpermissionid']); $usergroup['title'] = $getperms['grouptitle']; $calendar['title'] = $getperms['calendartitle']; construct_hidden_code('calendarpermissionid', $vbulletin->GPC['calendarpermissionid']); construct_hidden_code('calendarid', $getperms['calendarid']); } else { $calendar = $db->query_first("SELECT title FROM " . TABLE_PREFIX . "calendar WHERE calendarid = " . $vbulletin->GPC['calendarid']); $usergroup = $db->query_first("SELECT title FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . $vbulletin->GPC['usergroupid']); $permsgetter_ = 'usergroup permissions'; $getperms = $db->query_first("\n\t\t\tSELECT usergroup.title as grouptitle, calendarpermissions\n\t\t\tFROM " . TABLE_PREFIX . "usergroup AS usergroup\n\t\t\tWHERE usergroupid = " . $vbulletin->GPC['usergroupid']); construct_hidden_code('calendarpermission[usergroupid]', $vbulletin->GPC['usergroupid']); construct_hidden_code('calendarid', $vbulletin->GPC['calendarid']); } $calendarpermission = convert_bits_to_array($getperms['calendarpermissions'], $vbulletin->bf_ugp_calendarpermissions); print_table_header(construct_phrase($vbphrase['edit_calendar_permissions_for_usergroup_x_in_calendar_y'], $usergroup['title'], $calendar['title'])); print_description_row(' <label for="uug_1"><input type="radio" name="useusergroup" value="1" id="uug_1" tabindex="1" onclick="this.form.reset(); this.checked=true;"' . iif(!$vbulletin->GPC['calendarpermissionid'], ' checked="checked"', '') . ' />' . $vbphrase['use_default_permissions'] . '</label> <br /> <label for="uug_0"><input type="radio" name="useusergroup" value="0" id="uug_0" tabindex="1"' . iif($vbulletin->GPC['calendarpermissionid'], ' checked="checked"', '') . ' />' . $vbphrase['use_custom_permissions'] . '</label> ', 0, 2, 'tfoot', '', 'mode'); print_table_break(); print_label_row('<b>' . $vbphrase['custom_calendar_permissions'] . '</b>', ' <input type="button" value="' . $vbphrase['all_yes'] . '" onclick="if (js_set_custom()) { js_check_all_option(this.form, 1); }" class="button" /> <input type="button" value=" ' . $vbphrase['all_no'] . ' " onclick="if (js_set_custom()) { js_check_all_option(this.form, 0); }" class="button" /> ', 'tcat', 'middle'); // Load permissions require_once DIR . '/includes/class_bitfield_builder.php'; $groupinfo = vB_Bitfield_Builder::fetch_permission_group('calendarpermissions'); foreach ($groupinfo as $grouptitle => $group) {
($hook = vBulletinHook::fetch_hook('admin_permissions_process')) ? eval($hook) : false; $admindm->set('cssprefs', $vbulletin->GPC['cssprefs']); $admindm->set('dismissednews', $vbulletin->GPC['dismissednews']); $admindm->save(); define('CP_REDIRECT', "adminpermissions.php?" . $vbulletin->session->vars['sessionurl'] . "#user{$user['userid']}"); print_stop_message('saved_administrator_permissions_successfully'); } // ############################################################################# if ($_REQUEST['do'] == 'edit') { echo "<p align=\"center\">{$vbphrase['give_admin_access_arbitrary_html']}</p>"; print_form_header('adminpermissions', 'update'); construct_hidden_code('userid', $vbulletin->GPC['userid']); construct_hidden_code('oldpermissions', $user['adminpermissions']); print_table_header(construct_phrase($vbphrase['x_y_id_z'], $vbphrase['administrator_permissions'], $user['username'], $user['userid'])); print_label_row("{$vbphrase['administrator']}: <a href=\"user.php?" . $vbulletin->session->vars['sessionurl'] . "do=edit&u=" . $vbulletin->GPC['userid'] . "\">{$user['username']}</a>", '<div align="' . $stylevar['right'] . '"><input type="button" class="button" value=" ' . $vbphrase['all_yes'] . ' " onclick="js_check_all_option(this.form, 1);" /> <input type="button" class="button" value=" ' . $vbphrase['all_no'] . ' " onclick="js_check_all_option(this.form, 0);" /></div>', 'thead'); foreach (convert_bits_to_array($user['adminpermissions'], $ADMINPERMISSIONS) as $field => $value) { print_yes_no_row($permsphrase["{$field}"] == '' ? $vbphrase['n_a'] : $permsphrase["{$field}"], "adminpermissions[{$field}]", $value); } ($hook = vBulletinHook::fetch_hook('admin_permissions_form')) ? eval($hook) : false; print_select_row($vbphrase['control_panel_style_choice'], 'cssprefs', array_merge(array('' => "({$vbphrase['default']})"), fetch_cpcss_options()), $user['cssprefs']); print_input_row($vbphrase['dismissed_news_item_ids'], 'dismissednews', $user['dismissednews']); print_submit_row(); } // ############################################################################# if ($_REQUEST['do'] == 'modify') { print_form_header('adminpermissions', 'edit'); print_table_header($vbphrase['administrator_permissions'], 3); $users = $db->query_read("\n\t\tSELECT user.username, usergroupid, membergroupids, infractiongroupids, administrator.*\n\t\tFROM " . TABLE_PREFIX . "administrator AS administrator\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING(userid)\n\t\tORDER BY user.username\n\t"); while ($user = $db->fetch_array($users)) { $perms = fetch_permissions(0, $user['userid'], $user); if ($perms['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) {
?> <table cellpadding="0" cellspacing="0" border="0" width="<?php echo $OUTERTABLEWIDTH; ?> " align="center"><tr valign="top"><td> <table cellpadding="4" cellspacing="0" border="0" align="center" width="100%" class="tborder"> <?php if ($_REQUEST['do'] == 'add') { print_table_header($vbphrase['add_new_subscription']); $sub['active'] = true; $sub['displayorder'] = 1; } else { $sub = $db->query_first("\n\t\t\tSELECT * FROM " . TABLE_PREFIX . "subscription\n\t\t\tWHERE subscriptionid = " . $vbulletin->GPC['subscriptionid'] . "\n\t\t"); $sub['cost'] = unserialize($sub['cost']); $sub = array_merge($sub, convert_bits_to_array($sub['options'], $subobj->_SUBSCRIPTIONOPTIONS)); $sub = array_merge($sub, convert_bits_to_array($sub['adminoptions'], $vbulletin->bf_misc_adminoptions)); $title = 'sub' . $sub['subscriptionid'] . '_title'; $desc = 'sub' . $sub['subscriptionid'] . '_desc'; $phrases = $db->query_read("\n\t\t\tSELECT varname, text\n\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\tWHERE languageid = 0 AND\n\t\t\t\t\tfieldname = 'subscription' AND\n\t\t\t\t\tvarname IN ('{$title}', '{$desc}')\n\t\t"); while ($phrase = $db->fetch_array($phrases)) { if ($phrase['varname'] == $title) { $sub['title'] = $phrase['text']; $sub['titlevarname'] = 'sub' . $sub['subscriptionid'] . '_title'; } else { if ($phrase['varname'] == $desc) { $sub['description'] = $phrase['text']; $sub['descvarname'] = 'sub' . $sub['subscriptionid'] . '_desc'; } } } print_table_header(construct_phrase($vbphrase['x_y_id_z'], $vbphrase['subscription'], htmlspecialchars_uni($sub['title']), $sub['subscriptionid']));
$vbulletin->input->clean_array_gpc('f', array('userfile' => TYPE_FILE)); ($hook = vBulletinHook::fetch_hook('photoplog_edit_doedit_start')) ? eval($hook) : false; $photoplog_file_id = $vbulletin->GPC['fileid']; $photoplog_file_catid = $vbulletin->GPC['catid']; $photoplog_file_catid_default = -101; $photoplog_file_title = $vbulletin->GPC['title']; $photoplog_file_description = $vbulletin->GPC['message']; $photoplog_customfield = $vbulletin->GPC['customfield']; $photoplog_wysiwyg = $vbulletin->GPC['wysiwyg']; $photoplog_userfile = $vbulletin->GPC['userfile']; $photoplog_userlink = $vbulletin->GPC['userlink']; $photoplog_fielddata = ''; $do_html = false; if (in_array($photoplog_file_catid, array_keys($photoplog_ds_catopts))) { $photoplog_categorybit = $photoplog_ds_catopts[$photoplog_file_catid]['options']; $photoplog_catoptions = convert_bits_to_array($photoplog_categorybit, $photoplog_categoryoptions); $do_html = $photoplog_catoptions['allowhtml'] ? true : false; } else { photoplog_output_page('photoplog_error_page', $vbphrase['photoplog_error'], $vbphrase['photoplog_no'] . ' ' . $vbphrase['photoplog_category']); } if ($photoplog_catoptions['actasdivider']) { $photoplog_file_catid = -999; } if ($photoplog_file_catid < 0) { photoplog_output_page('photoplog_error_page', $vbphrase['photoplog_error'], $vbphrase['photoplog_no'] . ' ' . $vbphrase['photoplog_category']); } if ($photoplog_wysiwyg) { require_once DIR . '/includes/functions_wysiwyg.php'; $photoplog_file_description = str_replace($vbulletin->options['bburl'] . "/images/smilies/", "images/smilies/", $photoplog_file_description); $photoplog_file_description = convert_wysiwyg_html_to_bbcode($photoplog_file_description, $do_html); }
// ######################################################################## $vbulletin->input->clean_gpc('r', 'announcementid', TYPE_UINT); ($hook = vBulletinHook::fetch_hook('announcement_start')) ? eval($hook) : false; // ############################################################################# // verify announcement id if specified if ($vbulletin->GPC['announcementid']) { $announcementinfo = verify_id('announcement', $vbulletin->GPC['announcementid'], 1, 1); if ($announcementinfo['forumid'] != -1 AND $_POST['do'] != 'update') { $vbulletin->GPC['forumid'] = $announcementinfo['forumid']; } $announcementinfo = array_merge($announcementinfo , convert_bits_to_array($announcementinfo['announcementoptions'], $vbulletin->bf_misc_announcementoptions)); // verify that the visiting user has permission to view this announcement if (($announcementinfo['startdate'] > TIMENOW OR $announcementinfo['enddate'] < TIMENOW) AND !can_moderate($vbulletin->GPC['forumid'], 'canannounce')) { // announcement date is out of range and user is not a moderator print_no_permission(); } } // ############################################################################# // delete an announcement if ($_POST['do'] == 'delete') { if ($vbulletin->input->clean_gpc('p', 'delete', TYPE_STR) == 'delete' AND can_moderate($announcementinfo['forumid'], 'canannounce')) {
$remove['buddy'] = array_merge($remove['buddy'], array_diff($clean_lists['buddy_original'], is_array($clean_lists['buddy']) ? $clean_lists['buddy'] : array())); } break; default: ($hook = vBulletinHook::fetch_hook('profile_updatelist_listtype')) ? eval($hook) : false; break; } } if (!empty($vbulletin->GPC['username'])) { // friend request if ($vbulletin->GPC['ajax']) { $vbulletin->GPC['username'] = convert_urlencoded_unicode($vbulletin->GPC['username']); } if ($userinfo = $db->query_first("\n\t\t\t\tSELECT user.userid, userlist.friend, user.options, user.username, user.membergroupids, user.usergroupid, user.email, user.languageid\n\t\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON (userlist.relationid = user.userid AND userlist.userid = " . $vbulletin->userinfo['userid'] . " AND type = 'buddy')\n\t\t\t\tWHERE username = '******'username'])) . "'\n\t\t\t") and (!$vbulletin->GPC_exists['makefriends'] or $userinfo['userid'] != $vbulletin->userinfo['userid'])) { // user exists and its either not making friends or the user id is different $userinfo = array_merge($userinfo, convert_bits_to_array($userinfo['options'], $vbulletin->bf_misc_useroptions)); $cansendemail = (($userinfo['adminemail'] or $userinfo['showemail']) and $vbulletin->options['enableemail'] and $vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canemailmember']); cache_permissions($userinfo); if ($vbulletin->GPC_exists['makefriends'] and $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends'] and $vbulletin->userinfo['permissions']['genericpermissions2'] & $vbulletin->bf_ugp_genericpermissions2['canusefriends'] and $userinfo['permissions']['genericpermissions2'] & $vbulletin->bf_ugp_genericpermissions2['canusefriends']) { // Only add the request if its not there if (empty($userinfo['friend']) or $userinfo['friend'] == 'no') { $add['friend']["{$userinfo['userid']}"] = $userinfo; $show['pending'] = true; } } else { // regular buddy if (empty($userinfo['friend'])) { // we're not already a buddy so re-add it $add['buddy']["{$userinfo['userid']}"] = $userinfo; } }
define('CP_REDIRECT', 'admincalendar.php'); print_stop_message('deleted_calendar_successfully'); } // ##################### Start Add/Edit Moderator ########## if ($_REQUEST['do'] == 'addmod' or $_REQUEST['do'] == 'editmod') { $vbulletin->input->clean_array_gpc('r', array('moderatorid' => TYPE_INT, 'calendarid' => TYPE_INT)); if (empty($vbulletin->GPC['moderatorid'])) { // add moderator - set default values $calendarinfo = $db->query_first("SELECT calendarid, title AS calendartitle FROM " . TABLE_PREFIX . "calendar WHERE calendarid = " . $vbulletin->GPC['calendarid']); $moderator = array('caneditevents' => 1, 'candeleteevents' => 1, 'canmoderateevents' => 1, 'canviewips' => 1, 'canmoveevents' => 1, 'calendarid' => $calendarinfo['calendarid'], 'calendartitle' => $calendarinfo['calendartitle']); print_form_header('admincalendar', 'updatemod'); print_table_header(construct_phrase($vbphrase['add_new_moderator_to_calendar_x'], $calendarinfo['calendartitle'])); } else { // edit moderator - query moderator $moderator = $db->query_first("\n\t\t\tSELECT calendarmoderatorid, calendarmoderator.userid, calendarmoderator.calendarid, permissions, user.username, title AS calendartitle\n\t\t\tFROM " . TABLE_PREFIX . "calendarmoderator AS calendarmoderator\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = calendarmoderator.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "calendar AS calendar ON (calendar.calendarid = calendarmoderator.calendarid)\n\t\t\tWHERE calendarmoderatorid = " . $vbulletin->GPC['moderatorid']); $perms = convert_bits_to_array($moderator['permissions'], $vbulletin->bf_misc_calmoderatorpermissions, 1); $moderator = array_merge($perms, $moderator); // delete link print_form_header('admincalendar', 'removemod'); construct_hidden_code('moderatorid', $vbulletin->GPC['moderatorid']); print_table_header($vbphrase['if_you_would_like_to_remove_this_moderator'] . ' <input type="submit" class="button" value="' . $vbphrase['delete_moderator'] . '" style="font:bold 11px tahoma" />'); print_table_footer(); print_form_header('admincalendar', 'updatemod'); construct_hidden_code('moderatorid', $vbulletin->GPC['moderatorid']); print_table_header(construct_phrase($vbphrase['edit_moderator_x_for_calendar_y'], $moderator['username'], $moderator['calendartitle'])); } print_calendar_chooser($vbphrase['calendar'], 'moderator[calendarid]', $moderator['calendarid'], ''); if (empty($vbulletin->GPC['moderatorid'])) { print_input_row($vbphrase['moderator_username'], 'modusername', $moderator['username']); } else { print_label_row($vbphrase['moderator_username'], '<b>' . $moderator['username'] . '</b>');