error_dialog('ERROR: you aren't allowed to post', 'Your account has been blocked from posting');
}
}
if ((!isset($_GET['msg_id']) || !($msg_id = (int) $_GET['msg_id'])) && (!isset($_POST['msg_id']) || !($msg_id = (int) $_POST['msg_id']))) {
error_dialog('ERROR', 'No Such Message');
}
if (!_uid) {
std_error('access');
}
/* permission check */
is_allowed_user($usr);
$msg = db_sab('SELECT t.forum_id, m.subject, m.post_stamp, u.alias, mm.id AS md, ((CASE WHEN g2.id IS NOT NULL THEN g2.group_cache_opt ELSE g1.group_cache_opt END) & 2) > 0 AS gco, mr.id AS reported
FROM phpgw_fud_msg m
INNER JOIN phpgw_fud_thread t ON m.thread_id=t.id
INNER JOIN phpgw_fud_group_cache g1 ON g1.user_id=' . (_uid ? '2147483647' : '0') . ' AND g1.resource_id=t.forum_id
LEFT JOIN phpgw_fud_group_cache g2 ON g2.user_id=' . _uid . ' AND g2.resource_id=t.forum_id
LEFT JOIN phpgw_fud_mod mm ON mm.forum_id=t.forum_id AND mm.user_id=' . _uid . '
LEFT JOIN phpgw_fud_users u ON m.poster_id=u.id
LEFT JOIN phpgw_fud_msg_report mr ON mr.msg_id=' . $msg_id . ' AND mr.user_id=' . _uid . '
WHERE m.id=' . $msg_id . ' AND m.apr=1');
if (!$msg) {
invl_inp_err();
}
if (!($usr->users_opt & 1048576) && !$msg->md && !$msg->gco) {
std_error('access');
}
if ($msg->reported) {
error_dialog('Already Reported', 'This message was already reported and the report is currently in moderation staff's review queue.');
}
if (!empty($_POST['reason']) && ($reason = trim($_POST['reason']))) {
q("INSERT INTO phpgw_fud_msg_report (user_id, msg_id, reason, stamp) VALUES(" . _uid . ", " . $msg_id . ", '" . addslashes(htmlspecialchars($reason)) . "', " . __request_timestamp__ . ")");
function approve($id, $unlock_safe = false)
{
/* fetch info about the message, poll (if one exists), thread & forum */
$mtf = db_sab('SELECT
m.id, m.poster_id, m.apr, m.subject, m.foff, m.length, m.file_id, m.thread_id, m.poll_id, m.attach_cnt,
m.post_stamp, m.reply_to, m.mlist_msg_id,
t.forum_id, t.last_post_id, t.root_msg_id, t.last_post_date,
m2.post_stamp AS frm_last_post_date,
f.name AS frm_name,
u.alias, u.email, u.sig,
n.id AS nntp_id, ml.id AS mlist_id
FROM phpgw_fud_msg m
INNER JOIN phpgw_fud_thread t ON m.thread_id=t.id
INNER JOIN phpgw_fud_forum f ON t.forum_id=f.id
LEFT JOIN phpgw_fud_msg m2 ON f.last_post_id=m2.id
LEFT JOIN phpgw_fud_users u ON m.poster_id=u.id
LEFT JOIN phpgw_fud_mlist ml ON ml.forum_id=f.id
LEFT JOIN phpgw_fud_nntp n ON n.forum_id=f.id
WHERE m.id=' . $id . ' AND m.apr=0');
/* nothing to do or bad message id */
if (!$mtf) {
return;
}
if ($mtf->alias) {
reverse_fmt($mtf->alias);
} else {
$mtf->alias = $GLOBALS['ANON_NICK'];
}
if (!db_locked()) {
db_lock('phpgw_fud_thread_view WRITE, phpgw_fud_level WRITE, phpgw_fud_users WRITE, phpgw_fud_forum WRITE, phpgw_fud_thread WRITE, phpgw_fud_msg WRITE');
$ll = 1;
}
q("UPDATE phpgw_fud_msg SET apr=1 WHERE id=" . $mtf->id);
if ($mtf->poster_id) {
user_set_post_count($mtf->poster_id);
}
$last_post_id = $mtf->post_stamp > $mtf->frm_last_post_date ? $mtf->id : 0;
if ($mtf->root_msg_id == $mtf->id) {
/* new thread */
rebuild_forum_view($mtf->forum_id);
$threads = 1;
} else {
/* reply to thread */
if ($mtf->post_stamp > $mtf->last_post_date) {
th_inc_post_count($mtf->thread_id, 1, $mtf->id, $mtf->post_stamp);
} else {
th_inc_post_count($mtf->thread_id, 1);
}
rebuild_forum_view($mtf->forum_id, q_singleval('SELECT page FROM phpgw_fud_thread_view WHERE forum_id=' . $mtf->forum_id . ' AND thread_id=' . $mtf->thread_id));
$threads = 0;
}
/* update forum thread & post count as well as last_post_id field */
frm_updt_counts($mtf->forum_id, 1, $threads, $last_post_id);
if ($unlock_safe || isset($ll)) {
db_unlock();
}
if ($mtf->poll_id) {
poll_activate($mtf->poll_id, $mtf->forum_id);
}
$mtf->body = read_msg_body($mtf->foff, $mtf->length, $mtf->file_id);
if ($GLOBALS['FUD_OPT_1'] & 16777216) {
index_text(preg_match('!Re: !i', $mtf->subject) ? '' : $mtf->subject, $mtf->body, $mtf->id);
}
/* handle notifications */
if ($mtf->root_msg_id == $mtf->id) {
if (empty($mtf->frm_last_post_date)) {
$mtf->frm_last_post_date = 0;
}
/* send new thread notifications to forum subscribers */
$c = uq('SELECT u.email, u.icq, u.users_opt
FROM phpgw_fud_forum_notify fn
INNER JOIN phpgw_fud_users u ON fn.user_id=u.id
LEFT JOIN phpgw_fud_forum_read r ON r.forum_id=fn.forum_id AND r.user_id=fn.user_id
INNER JOIN phpgw_fud_group_cache g1 ON g1.user_id=2147483647 AND g1.resource_id=' . $mtf->forum_id . '
LEFT JOIN phpgw_fud_group_cache g2 ON g2.user_id=fn.user_id AND g2.resource_id=' . $mtf->forum_id . '
WHERE
fn.forum_id=' . $mtf->forum_id . ' AND fn.user_id!=' . (int) $mtf->poster_id . '
AND (CASE WHEN (r.last_view IS NULL AND (u.last_read=0 OR u.last_read >= ' . $mtf->frm_last_post_date . ')) OR r.last_view > ' . $mtf->frm_last_post_date . ' THEN 1 ELSE 0 END)=1
AND ((CASE WHEN g2.id IS NOT NULL THEN g2.group_cache_opt ELSE g1.group_cache_opt END) & 2) > 0');
$notify_type = 'frm';
} else {
/* send new reply notifications to thread subscribers */
$c = uq('SELECT u.email, u.icq, u.users_opt, r.msg_id, u.id
FROM phpgw_fud_thread_notify tn
INNER JOIN phpgw_fud_users u ON tn.user_id=u.id
LEFT JOIN phpgw_fud_read r ON r.thread_id=tn.thread_id AND r.user_id=tn.user_id
INNER JOIN phpgw_fud_group_cache g1 ON g1.user_id=2147483647 AND g1.resource_id=' . $mtf->forum_id . '
LEFT JOIN phpgw_fud_group_cache g2 ON g2.user_id=tn.user_id AND g2.resource_id=' . $mtf->forum_id . '
WHERE
tn.thread_id=' . $mtf->thread_id . ' AND tn.user_id!=' . (int) $mtf->poster_id . '
AND (r.msg_id=' . $mtf->last_post_id . ' OR (r.msg_id IS NULL AND ' . $mtf->post_stamp . ' > u.last_read))
AND ((CASE WHEN g2.id IS NOT NULL THEN g2.group_cache_opt ELSE g1.group_cache_opt END) & 2) > 0');
$notify_type = 'thr';
}
while ($r = db_rowarr($c)) {
if ($r[2] & 16) {
$to['EMAIL'] = $r[0];
} else {
$to['ICQ'] = $r[1] . '@pager.icq.com';
}
if (isset($r[4]) && is_null($r[3])) {
$tl[] = $r[4];
}
}
unset($c);
if (isset($tl)) {
/* this allows us to mark the message we are sending notification about as read, so that we do not re-notify the user
* until this message is read.
*/
q('INSERT INTO phpgw_fud_read (thread_id, msg_id, last_view, user_id) SELECT ' . $mtf->thread_id . ', 0, 0, id FROM phpgw_fud_users WHERE id IN(' . implode(',', $tl) . ')');
}
if (isset($to)) {
send_notifications($to, $mtf->id, $mtf->subject, $mtf->alias, $notify_type, $notify_type == 'thr' ? $mtf->thread_id : $mtf->forum_id, $mtf->frm_name, $mtf->forum_id);
}
// Handle Mailing List and/or Newsgroup syncronization.
if (($mtf->nntp_id || $mtf->mlist_id) && !$mtf->mlist_msg_id) {
fud_use('email_msg_format.inc', true);
reverse_fmt($mtf->alias);
$from = $mtf->poster_id ? $mtf->alias . ' <' . $mtf->email . '>' : $GLOBALS['ANON_NICK'] . ' <' . $GLOBALS['NOTIFY_FROM'] . '>';
$body = $mtf->body . ($mtf->msg_opt & 1 && $mtf->sig ? "\n--\n" . $mtf->sig : '');
plain_text($body);
plain_text($subject);
if ($mtf->reply_to) {
$replyto_id = q_singleval('SELECT mlist_msg_id FROM phpgw_fud_msg WHERE id=' . $mtf->reply_to);
} else {
$replyto_id = 0;
}
if ($mtf->attach_cnt) {
$r = uq("SELECT a.id, a.original_name,\n\t\t\t\t\t\tCASE WHEN m.mime_hdr IS NULL THEN 'application/octet-stream' ELSE m.mime_hdr END\n\t\t\t\t\t\tFROM phpgw_fud_attach a\n\t\t\t\t\t\tLEFT JOIN phpgw_fud_mime m ON a.mime_type=m.id\n\t\t\t\t\t\tWHERE a.message_id=" . $mtf->id . " AND a.attach_opt=0");
while ($ent = db_rowarr($r)) {
$attach[$ent[1]] = file_get_contents($GLOBALS['FILE_STORE'] . $ent[0] . '.atch');
if ($mtf->mlist_id) {
$attach_mime[$ent[1]] = $ent[2];
}
}
} else {
$attach_mime = $attach = null;
}
if ($mtf->nntp_id) {
fud_use('nntp.inc', true);
$nntp_adm = db_sab('SELECT * FROM phpgw_fud_nntp WHERE id=' . $mtf->nntp_id);
$nntp = new fud_nntp();
$nntp->server = $nntp_adm->server;
$nntp->newsgroup = $nntp_adm->newsgroup;
$nntp->port = $nntp_adm->port;
$nntp->timeout = $nntp_adm->timeout;
$nntp->nntp_opt = $nntp_adm->nntp_opt;
$nntp->login = $nntp_adm->login;
$nntp->pass = $nntp_adm->pass;
define('sql_p', 'phpgw_fud_');
$lock = $nntp->get_lock();
$nntp->post_message($mtf->subject, $body, $from, $mtf->id, $replyto_id, $attach);
$nntp->close_connection();
$nntp->release_lock($lock);
} else {
fud_use('mlist_post.inc', true);
$GLOBALS['CHARSET'] = 'ISO-8859-15';
$r = db_saq('SELECT name, additional_headers FROM phpgw_fud_mlist WHERE id=' . $mtf->mlist_id);
mail_list_post($r[0], $from, $mtf->subject, $body, $mtf->id, $replyto_id, $attach, $attach_mime, $r[1]);
}
}
}
} else {
if ($gr_resource) {
foreach ($gr_resource as $v) {
q('INSERT INTO ' . $DBHOST_TBL_PREFIX . 'group_resources (resource_id, group_id) VALUES(' . (int) $v . ', ' . $gid . ')');
}
}
/* only rebuild the group cache if the all ANON/REG users were added */
if ($gr_ramasks) {
grp_rebuild_cache(array(0, 2147483647));
}
}
} else {
if (($frm = q_singleval('SELECT forum_id FROM ' . $DBHOST_TBL_PREFIX . 'groups WHERE id=' . $edit)) !== null) {
/* update an existing group */
if (!$res) {
$old = db_sab("SELECT groups_opt, groups_opti FROM " . $DBHOST_TBL_PREFIX . "groups WHERE id=" . $edit);
} else {
$old =& $res[$edit];
}
group_sync($edit, isset($_POST['gr_name']) ? $_POST['gr_name'] : null, $gr_inherit_id, $perm, $permi);
if (!$frm) {
q('DELETE FROM ' . $DBHOST_TBL_PREFIX . 'group_resources WHERE group_id=' . $edit);
$aff = db_affected();
if ($gr_resource) {
foreach ($gr_resource as $v) {
q('INSERT INTO ' . $DBHOST_TBL_PREFIX . 'group_resources (resource_id, group_id) VALUES(' . (int) $v . ', ' . $edit . ')');
}
}
}
/* only rebuild caches if the permissions or number of resources had changed. */
if ($perm != $old->groups_opt || $permi != $old->groups_opti || $aff != count($gr_resource)) {
header('Location: /egroupware/fudforum/3814588639/index.php?t=' . d_thread_view . '&th=' . $th_id . '&' . _rsidl);
exit;
}
$mids = implode(',', $a);
$mc = count($a);
$start = $a[0];
$end = $a[$mc - 1];
}
/* fetch all relevant information */
$data = db_sab('SELECT
t.id, t.forum_id, t.replies, t.root_msg_id, t.last_post_id, t.last_post_date,
m1.post_stamp AS new_th_lps, m1.id AS new_th_lpi,
m2.post_stamp AS old_fm_lpd,
f1.last_post_id AS src_lpi,
f2.last_post_id AS dst_lpi
FROM phpgw_fud_thread t
INNER JOIN phpgw_fud_forum f1 ON t.forum_id=f1.id
INNER JOIN phpgw_fud_forum f2 ON f2.id=' . $forum . '
INNER JOIN phpgw_fud_msg m1 ON m1.id=' . $end . '
INNER JOIN phpgw_fud_msg m2 ON m2.id=f2.last_post_id
WHERE t.id=' . $th);
/* sanity check */
if (!$data->replies) {
header('Location: /egroupware/fudforum/3814588639/index.php?t=' . d_thread_view . '&th=' . $th_id . '&' . _rsidl);
exit;
}
apply_custom_replace($_POST['new_title']);
if ($mc != $data->replies + 1) {
/* check that we need to move the entire thread */
db_lock('phpgw_fud_thread_view WRITE, phpgw_fud_thread WRITE, phpgw_fud_forum WRITE, phpgw_fud_msg WRITE, phpgw_fud_poll WRITE');
function &usr_reg_get_full($id)
{
if ($r = db_sab('SELECT * FROM phpgw_fud_users WHERE id=' . $id)) {
if (!function_exists('aggregate_methods')) {
$o = new fud_user_reg();
foreach ($r as $k => $v) {
$o->{$k} = $v;
}
$r = $o;
} else {
aggregate_methods($r, 'fud_user_reg');
}
}
return $r;
}
}
$tabs .= $pg == $tab ? '<td class="tabA"><div class="tabT"><a href="' . $tab_url . '">' . $tab_name . '</a></div></td>' : '<td class="tabI"><div class="tabT"><a href="' . $tab_url . '">' . $tab_name . '</a></div></td>';
}
$tabs = '<table border=0 cellspacing=1 cellpadding=0 class="tab">
<tr class="tab">' . $tabs . '</tr>
</table>';
}
}
if (!isset($_GET['id']) || !($id = (int) $_GET['id'])) {
invl_inp_err();
}
$m = db_sab('SELECT
p.*,
u.id AS user_id, u.alias, u.users_opt, u.avatar_loc, u.email, u.posted_msg_count, u.join_date,
u.location, u.sig, u.icq, u.aim, u.msnm, u.yahoo, u.jabber, u.affero, u.custom_status, u.last_visit,
l.name AS level_name, l.level_opt, l.img AS level_img
FROM
phpgw_fud_pmsg p
INNER JOIN phpgw_fud_users u ON p.ouser_id=u.id
LEFT JOIN phpgw_fud_level l ON u.level_id=l.id
WHERE p.duser_id=' . _uid . ' AND p.id=' . $id);
if (!$m) {
invl_inp_err();
}
ses_update_status($usr->sid, 'Legge/Scrive i messagi personali');
$cur_ppage = tmpl_cur_ppage($m->fldr, $folders, $m->subject);
/* Next Msg */
if ($nid = q_singleval('SELECT p.id FROM phpgw_fud_pmsg p INNER JOIN phpgw_fud_users u ON u.id=p.ouser_id WHERE p.duser_id=' . _uid . ' AND p.fldr=' . $m->fldr . ' AND post_stamp>' . $m->post_stamp . ' ORDER BY p.post_stamp ASC LIMIT 1')) {
$dpmsg_next_message = '<a href="/egroupware/fudforum/3814588639/index.php?t=pmsg_view&' . _rsid . '&id=' . $nid . '" class="GenLink">Messaggio successivo <img src="/egroupware/fudforum/3814588639/theme/italian/images/goto.gif" alt="" /></a>';
} else {
$dpmsg_next_message = '';
}
function msg_get($id)
{
if ($r = db_sab('SELECT * FROM phpgw_fud_msg WHERE id=' . $id)) {
$r->body = read_msg_body($r->foff, $r->length, $r->file_id);
un_register_fps();
return $r;
}
error_dialog('Messaggio non valido', 'Il messaggio che stai cercando di visualizzare non esiste.');
}
function init_user()
{
$o1 =& $GLOBALS['FUD_OPT_1'];
$o2 =& $GLOBALS['FUD_OPT_2'];
$phpgw =& $GLOBALS['phpgw_info']['user'];
/* delete old sessions */
if (!(rand() % 10)) {
q("DELETE FROM phpgw_fud_ses WHERE time_sec+" . $GLOBALS['phpgw_info']['server']['sessions_timeout'] . " < " . __request_timestamp__);
}
$u = db_sab("SELECT \n\t\t\ts.id AS sid, s.data, s.returnto, \n\t\t\tt.id AS theme_id, t.lang, t.name AS theme_name, t.locale, t.theme, t.pspell_lang, t.theme_opt, \n\t\t\tu.alias, u.posts_ppg, u.time_zone, u.sig, u.last_visit, u.last_read, u.cat_collapse_status, u.users_opt, u.ignore_list, u.ignore_list, u.buddy_list, u.id, u.group_leader_list, u.email, u.login \n\t\t\tFROM phpgw_fud_ses s\n\t\t\tINNER JOIN phpgw_fud_users u ON u.id=(CASE WHEN s.user_id>2000000000 THEN 1 ELSE s.user_id END) \n\t\t\tINNER JOIN phpgw_fud_themes t ON t.id=u.theme WHERE s.ses_id='" . s . "'");
if (!$u) {
/* registered user */
if ($phpgw['account_lid'] != $GLOBALS['ANON_NICK']) {
/* this means we do not have an entry for this user in the sessions table */
$uid = q_singleval("SELECT id FROM phpgw_fud_users WHERE egw_id=" . (int) $phpgw['account_id']);
$id = db_qid("INSERT INTO phpgw_fud_ses (user_id, ses_id, time_sec) VALUES(" . $uid . ", '" . s . "', " . __request_timestamp__ . ")");
$u = db_sab('SELECT s.id AS sid, s.data, s.returnto, t.id AS theme_id, t.lang, t.name AS theme_name, t.locale, t.theme, t.pspell_lang, t.theme_opt, u.alias, u.posts_ppg, u.time_zone, u.sig, u.last_visit, u.last_read, u.cat_collapse_status, u.users_opt, u.ignore_list, u.ignore_list, u.buddy_list, u.id, u.group_leader_list, u.email, u.login FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=s.user_id INNER JOIN phpgw_fud_themes t ON t.id=u.theme WHERE s.id=' . $id);
} else {
/* anonymous user */
do {
$uid = 2000000000 + mt_rand(1, 147483647);
} while (!($id = db_li("INSERT INTO phpgw_fud_ses (time_sec, ses_id, user_id) VALUES (" . __request_timestamp__ . ", '" . s . "', " . $uid . ")", $ef, 1)));
$u = db_sab('SELECT s.id AS sid, s.data, s.returnto, t.id AS theme_id, t.lang, t.name AS theme_name, t.locale, t.theme, t.pspell_lang, t.theme_opt, u.alias, u.posts_ppg, u.time_zone, u.sig, u.last_visit, u.last_read, u.cat_collapse_status, u.users_opt, u.ignore_list, u.ignore_list, u.buddy_list, u.id, u.group_leader_list, u.email, u.login FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=1 INNER JOIN phpgw_fud_themes t ON t.id=u.theme WHERE s.id=' . $id);
}
}
/* grant admin access */
if (!empty($phpgw['apps']['admin'])) {
$u->users_opt |= 1048576;
}
/* this is ugly, very ugly, but there is no way around it, we need to see if the
* user's language had changed and we can only do it this way.
*/
$langl = array('bg' => 'bulgarian', 'zh' => 'chinese_big5', 'cs' => 'czech', 'nl' => 'dutch', 'fr' => 'french', 'de' => 'german', 'it' => 'italian', 'lv' => 'latvian', 'no' => 'norwegian', 'pl' => 'polish', 'pt' => 'portuguese', 'ro' => 'romanian', 'ru' => 'russian', 'sk' => 'slovak', 'es' => 'spanish', 'sv' => 'swedish', 'tr' => 'turkish', 'en' => 'english');
$lang =& $phpgw['preferences']['common']['lang'];
if (isset($langl[$lang]) && $langl[$lang] != $u->lang) {
if (!($o = db_sab("SELECT * FROM phpgw_fud_themes WHERE lang='{$langl[$lang]}'"))) {
fud_use('compiler.inc', true);
fud_use('theme.inc', true);
$thm = new fud_theme();
$thm->name = $thm->lang = $langl[$lang];
$thm->theme = 'default';
$thm->pspell_lang = file_get_contents($GLOBALS['DATA_DIR'] . 'thm/default/i18n/' . $langl[$lang] . '/pspell_lang');
$thm->locale = file_get_contents($GLOBALS['DATA_DIR'] . 'thm/default/i18n/' . $langl[$lang] . '/locale');
$thm->theme_opt = 1;
$thm->add();
compile_all('default', $langl[$lang], $langl[$lang]);
$o = db_sab("SELECT * FROM phpgw_fud_themes WHERE lang='{$langl[$lang]}'");
}
$u->lang = $o->lang;
$u->theme_name = $o->name;
$u->locale = $o->locale;
$u->theme_id = $o->id;
$u->theme = $o->theme;
$u->pspell_lang = $o->pspell_lang;
$u->theme_opt = $o->theme_opt;
q("UPDATE phpgw_fud_users SET theme=" . $u->theme_id . " WHERE id=" . $u->id);
}
if ($u->data) {
$u->data = @unserialize($u->data);
}
$u->users_opt = (int) $u->users_opt;
/* set timezone */
@putenv('TZ=' . $u->time_zone);
/* set locale */
setlocale(LC_ALL, $u->locale);
/* view format for threads & messages */
define('d_thread_view', $u->users_opt & 256 ? 'msg' : 'tree');
define('t_thread_view', $u->users_opt & 128 ? 'thread' : 'threadt');
/* theme path */
@define('fud_theme', 'theme/' . ($u->theme_name ? $u->theme_name : 'default') . '/');
/* define _uid, which, will tell us if this is a 'real' user or not */
define('__fud_real_user__', $u->id != 1 ? $u->id : 0);
define('_uid', __fud_real_user__);
if (__fud_real_user__) {
q('UPDATE phpgw_fud_users SET last_visit=' . __request_timestamp__ . ' WHERE id=' . $u->id);
}
return $u;
}
function check_ppost_form($msg_subject)
{
if (!strlen(trim($msg_subject))) {
set_err('msg_subject', 'Subject required');
}
if (post_check_images()) {
set_err('msg_body', 'Maximum ' . $GLOBALS['MAX_IMAGE_COUNT'] . ' images are allowed per post, please decrease the number of images');
}
$list = explode(';', $_POST['msg_to_list']);
foreach ($list as $v) {
$v = trim($v);
if (strlen($v)) {
if (!($obj = db_sab('SELECT u.users_opt, u.id, ui.ignore_id FROM phpgw_fud_users u LEFT JOIN phpgw_fud_user_ignore ui ON ui.user_id=u.id AND ui.ignore_id=' . _uid . ' WHERE u.alias=' . strnull(addslashes(htmlspecialchars($v)))))) {
set_err('msg_to_list', 'There is no user named "' . htmlspecialchars($v) . '" this forum');
break;
}
if (!empty($obj->ignore_id)) {
set_err('msg_to_list', 'You cannot send a private message to "' . htmlspecialchars($v) . '", because this person is ignoring you.');
break;
} else {
if (!($obj->users_opt & 32) && !($GLOBALS['usr']->users_opt & 1048576)) {
set_err('msg_to_list', 'You cannot send a private message to "' . htmlspecialchars($v) . '", because this person is not accepting private messages.');
break;
} else {
$GLOBALS['recv_user_id'][] = $obj->id;
}
}
}
}
if (empty($_POST['msg_to_list'])) {
set_err('msg_to_list', 'Cannot send a message, missing recipient');
}
return $GLOBALS['__error__'];
}
}
if (!isset($_GET['start']) || !($start = (int) $_GET['start'])) {
$start = 0;
}
/* This query creates frm object that contains info about the current
* forum, category & user's subscription status & permissions to the
* forum.
*/
make_perms_query($fields, $join, $frm_id);
$frm = db_sab('SELECT
f.id, f.name, f.thread_count,
c.name AS cat_name,
fn.forum_id AS subscribed,
m.forum_id AS md,
a.ann_id AS is_ann,
' . $fields . '
FROM phpgw_fud_forum f
INNER JOIN phpgw_fud_cat c ON c.id=f.cat_id
LEFT JOIN phpgw_fud_forum_notify fn ON fn.user_id=' . _uid . ' AND fn.forum_id=' . $frm_id . '
LEFT JOIN phpgw_fud_mod m ON m.user_id=' . _uid . ' AND m.forum_id=' . $frm_id . '
' . $join . '
LEFT JOIN phpgw_fud_ann_forums a ON a.forum_id=' . $frm_id . '
WHERE f.id=' . $frm_id . ' LIMIT 1');
if (!$frm) {
invl_inp_err();
}
$MOD = $usr->users_opt & 1048576 || $frm->md;
/* check that the user has permissions to access this forum */
if (!($frm->group_cache_opt & 2) && !$MOD) {
if (!isset($_GET['logoff'])) {
std_error('perms');
} else {
fud_use('fileio.inc');
fud_use('mlist.inc', true);
fud_use('scripts_common.inc', true);
define('sql_p', $DBHOST_TBL_PREFIX);
if (is_numeric($_SERVER['argv'][1])) {
$mlist = db_sab('SELECT * FROM ' . sql_p . 'mlist WHERE id=' . $_SERVER['argv'][1]);
} else {
$mlist = db_sab("SELECT * FROM " . sql_p . "mlist WHERE name='" . addslashes($_SERVER['argv'][1]) . "'");
}
if (!$mlist) {
exit('Invalid list identifier');
}
$CREATE_NEW_USERS = $mlist->mlist_opt & 64;
$FUD_OPT_2 |= $FUD_OPT_2 & ~(1024 | 8388608);
$FUD_OPT_2 |= 128;
$frm = db_sab('SELECT id, forum_opt, message_threshold, (max_attach_size * 1024) AS max_attach_size, max_file_attachments FROM ' . sql_p . 'forum WHERE id=' . $mlist->forum_id);
$emsg = new fud_emsg();
$emsg->subject_cleanup_rgx = $mlist->subject_regex_haystack;
$emsg->subject_cleanup_rep = $mlist->subject_regex_needle;
$emsg->body_cleanup_rgx = $mlist->body_regex_haystack;
$emsg->body_cleanup_rep = $mlist->body_regex_needle;
$emsg->parse_input($mlist->mlist_opt & 16);
$emsg->fetch_useful_headers();
$emsg->clean_up_data();
$msg_post = new fud_msg_edit();
// Handler for our own messages, which do not need to be imported.
if (isset($emsg->headers['x-fudforum']) && preg_match('!([A-Za-z0-9]{32}) <([0-9]+)>!', $emsg->headers['x-fudforum'], $m)) {
if ($m[1] == md5($GLOBALS['WWW_ROOT'])) {
q("UPDATE " . sql_p . "msg SET mlist_msg_id='" . addslashes($emsg->msg_id) . "' WHERE id=" . intval($m[2]) . " AND mlist_msg_id IS NULL");
if (db_affected()) {
exit;
$src_frm_lpi = (int) $thr->f1_lpi;
/* fetch data about dest forum */
$dst_frm_lpi = (int) $thr->f2_lpi;
th_move($thr->id, $to, $thr->root_msg_id, $thr->forum_id, $thr->last_post_date, $thr->last_post_id);
if ($src_frm_lpi == $thr->last_post_id) {
$mid = (int) q_singleval('SELECT MAX(last_post_id) FROM phpgw_fud_thread t INNER JOIN phpgw_fud_msg m ON t.root_msg_id=m.id WHERE t.forum_id=' . $thr->forum_id . ' AND t.moved_to=0 AND m.apr=1');
q('UPDATE phpgw_fud_forum SET last_post_id=' . $mid . ' WHERE id=' . $thr->forum_id);
}
if ($dst_frm_lpi < $thr->last_post_id) {
q('UPDATE phpgw_fud_forum SET last_post_id=' . $thr->last_post_id . ' WHERE id=' . $to);
}
logaction(_uid, 'THRMOVE', $th);
exit("<html><script>window.opener.location='/egroupware/fudforum/3814588639/index.php?t=" . t_thread_view . "&" . _rsid . "&frm_id=" . $thr->forum_id . "'; window.close();</script></html>");
}
if (!$thx) {
$thr = db_sab('SELECT f.name AS frm_name, m.subject, t.forum_id, t.id FROM phpgw_fud_thread t INNER JOIN phpgw_fud_forum f ON f.id=t.forum_id INNER JOIN phpgw_fud_msg m ON t.root_msg_id=m.id WHERE t.id=' . $th);
$r = uq('SELECT f.name, f.id, c.name, m.user_id, (CASE WHEN g2.id IS NOT NULL THEN g2.group_cache_opt ELSE g1.group_cache_opt END) AS gco
FROM phpgw_fud_forum f
INNER JOIN phpgw_fud_fc_view v ON v.f=f.id
INNER JOIN phpgw_fud_cat c ON c.id=v.c
LEFT JOIN phpgw_fud_mod m ON m.user_id=' . _uid . ' AND m.forum_id=f.id
INNER JOIN phpgw_fud_group_cache g1 ON g1.user_id=2147483647 AND g1.resource_id=f.id
LEFT JOIN phpgw_fud_group_cache g2 ON g2.user_id=' . _uid . ' AND g2.resource_id=f.id
WHERE c.id!=0 AND f.id!=' . $thr->forum_id . ($usr->users_opt & 1048576 ? '' : ' AND (CASE WHEN m.user_id IS NOT NULL OR ((CASE WHEN g2.id IS NOT NULL THEN g2.group_cache_opt ELSE g1.group_cache_opt END) & 1) > 0 THEN 1 ELSE 0 END)=1') . '
ORDER BY v.id');
$table_data = $prev_cat = '';
while ($ent = db_rowarr($r)) {
if ($ent[2] !== $prev_cat) {
$table_data .= '<tr><td class="mvTc">' . $ent[2] . '</td></tr>';
$prev_cat = $ent[2];
}
}
make_perms_query($fields, $join, $frm_id);
/* fetch forum, poll & moderator data */
if (!$pl_id) {
/* new poll */
$frm = db_sab('SELECT f.id, f.forum_opt, m.id AS md, ' . $fields . '
FROM phpgw_fud_forum f
LEFT JOIN phpgw_fud_mod m ON m.user_id=' . _uid . ' AND m.forum_id=f.id
' . $join . '
WHERE f.id=' . $frm_id);
} else {
/* editing a poll */
$frm = db_sab('SELECT f.id, f.forum_opt, m.id AS md, ms.id AS old_poll, p.id AS poll_id, p.*, ' . $fields . '
FROM phpgw_fud_forum f
INNER JOIN phpgw_fud_poll p ON p.id=' . $pl_id . '
LEFT JOIN phpgw_fud_mod m ON m.user_id=' . _uid . ' AND m.forum_id=f.id
LEFT JOIN phpgw_fud_msg ms ON ms.poll_id=p.id
' . $join . '
WHERE f.id=' . $frm_id);
}
$frm->group_cache_opt = (int) $frm->group_cache_opt;
$frm->forum_opt = (int) $frm->forum_opt;
if (!$frm || !$frm->md && !($usr->users_opt & 1048576) && (!empty($frm->old_poll) && (!($frm->group_cache_opt & 4096) || !($frm->group_cache_opt & 16) && $frm->owner != _uid)) && !($frm->group_cache_opt & 4)) {
std_error('access');
}
if (isset($_POST['pl_submit'])) {
if ($pl_id) {
/* update a poll */
poll_sync($pl_id, $_POST['pl_name'], $_POST['pl_max_votes'], $_POST['pl_expiry_date']);
} else {
/* adding a new poll */
function check_ppost_form($msg_subject)
{
if (!strlen(trim($msg_subject))) {
set_err('msg_subject', 'Oggetto necessario');
}
if (post_check_images()) {
set_err('msg_body', 'Sono consentite un massimo di ' . $GLOBALS['MAX_IMAGE_COUNT'] . ' immagini per messaggio; per cortesia, riduci il numero di immagini');
}
$list = explode(';', $_POST['msg_to_list']);
foreach ($list as $v) {
$v = trim($v);
if (strlen($v)) {
if (!($obj = db_sab('SELECT u.users_opt, u.id, ui.ignore_id FROM phpgw_fud_users u LEFT JOIN phpgw_fud_user_ignore ui ON ui.user_id=u.id AND ui.ignore_id=' . _uid . ' WHERE u.alias=' . strnull(addslashes(htmlspecialchars($v)))))) {
set_err('msg_to_list', 'Non c'è alcun utente "' . htmlspecialchars($v) . '" in questo forum');
break;
}
if (!empty($obj->ignore_id)) {
set_err('msg_to_list', 'Non puoi spedire un messaggio personale a "' . htmlspecialchars($v) . '", perchè questo utente ha deciso di ignorarti.');
break;
} else {
if (!($obj->users_opt & 32) && !($GLOBALS['usr']->users_opt & 1048576)) {
set_err('msg_to_list', 'Non puoi inviare un messaggio privato a "' . htmlspecialchars($v) . '", perchè non accetta messaggi privati.');
break;
} else {
$GLOBALS['recv_user_id'][] = $obj->id;
}
}
}
}
if (empty($_POST['msg_to_list'])) {
set_err('msg_to_list', 'Non è possibile inviare il messaggio, manca il destinatario');
}
return $GLOBALS['__error__'];
}
$item_s = htmlspecialchars($item_s);
}
} else {
$like = 0;
$item_s = $item;
}
$item_s = "'" . addslashes($item_s) . "'";
$c = q('SELECT id, alias, email FROM ' . $DBHOST_TBL_PREFIX . 'users WHERE ' . $field . ($like ? ' LIKE ' : '=') . $item_s . ' LIMIT 50');
switch ($cnt = db_count($c)) {
case 0:
$search_error = errorify('There are no users matching the specified ' . $field . ' mask.');
unset($c);
break;
case 1:
list($usr_id) = db_rowarr($c);
$u = db_sab('SELECT * FROM ' . $DBHOST_TBL_PREFIX . 'users WHERE id=' . $usr_id);
unset($c);
break;
default:
echo 'There are ' . $cnt . ' users that match this ' . $field . ' mask:<br>';
while ($r = db_rowarr($c)) {
echo '<a href="admuser.php?usr_id=' . $r[0] . '&act=m&' . _rsidl . '">Pick user</a> <b>' . $r[1] . ' / ' . htmlspecialchars($r[2]) . '</b><br>';
}
unset($c);
exit;
break;
}
}
}
require $WWW_ROOT_DISK . 'adm/admpanel.php';
?>
fud_use('adm.inc', true);
fud_use('widgets.inc', true);
$tbl = $GLOBALS['DBHOST_TBL_PREFIX'];
function raw_date($dt)
{
return array(substr($dt, 0, 4), substr($dt, 4, 2), substr($dt, -2));
}
function mk_date($y, $m, $d)
{
return str_pad((int) $y, 4, '0', STR_PAD_LEFT) . str_pad((int) $m, 2, '0', STR_PAD_LEFT) . str_pad((int) $d, 2, '0', STR_PAD_LEFT);
}
if (isset($_GET['del'])) {
q('DELETE FROM ' . $tbl . 'announce WHERE id=' . (int) $_GET['del']);
q('DELETE FROM ' . $tbl . 'ann_forums WHERE ann_id=' . (int) $_GET['del']);
}
if (isset($_GET['edit']) && ($an_d = db_sab('SELECT * FROM ' . $tbl . 'announce WHERE id=' . (int) $_GET['edit']))) {
list($d_year, $d_month, $d_day) = raw_date($an_d->date_started);
list($d2_year, $d2_month, $d2_day) = raw_date($an_d->date_ended);
$a_subject = $an_d->subject;
$a_text = $an_d->text;
$edit = (int) $_GET['edit'];
$c = uq('SELECT forum_id FROM ' . $tbl . 'ann_forums WHERE ann_id=' . (int) $_GET['edit']);
while ($r = db_rowarr($c)) {
$frm_list[$r[0]] = $r[0];
}
} else {
if (isset($_POST['btn_none']) || isset($_POST['btn_all'])) {
$vals = array('edit', 'a_subject', 'a_text', 'd_year', 'd_month', 'd_day', 'd2_year', 'd2_month', 'd2_day');
foreach ($vals as $v) {
${$v} = $_POST[$v];
}
$tbl = $GLOBALS['DBHOST_TBL_PREFIX'];
$edit = isset($_GET['edit']) ? (int) $_GET['edit'] : (isset($_POST['edit']) ? (int) $_POST['edit'] : '');
if (isset($_POST['ml_forum_id'])) {
$mlist = new fud_mlist();
if ($edit) {
$mlist->sync($edit);
$edit = '';
} else {
$mlist->add();
}
} else {
if (isset($_GET['del'])) {
fud_mlist::del((int) $_GET['del']);
}
}
if (isset($_GET['edit']) && $edit && ($o = db_sab('SELECT * FROM ' . $tbl . 'mlist WHERE id=' . $edit))) {
foreach ($o as $k => $v) {
${'ml_' . $k} = $v;
}
$ml_subject_regex_haystack_opt = format_regex($ml_subject_regex_haystack);
$ml_body_regex_haystack_opt = format_regex($ml_body_regex_haystack);
} else {
$tmp = new fud_mlist();
$c = get_object_vars($tmp);
foreach ($c as $k => $v) {
${'ml_' . $k} = $v;
}
$ml_subject_regex_haystack_opt = $ml_body_regex_haystack_opt = '';
}
require $WWW_ROOT_DISK . 'adm/admpanel.php';
if ($FUD_OPT_2 & 8388608) {
invl_inp_err();
}
if ($mbr->user_id == 0) {
$gr_member = '<font class="anon">Anonimo</font>';
} else {
if ($mbr->user_id == '2147483647') {
$gr_member = '<font class="reg">Tutti gli utenti registrati</font>';
} else {
$gr_member = $mbr->alias;
}
}
$perm = $mbr->group_members_opt;
} else {
if ($group_id > 2 && !isset($_POST['btn_submit']) && ($luser_id = q_singleval('SELECT MAX(id) FROM phpgw_fud_group_members WHERE group_id=' . $group_id))) {
/* help trick, we fetch the last user added to the group */
if (!($mbr = db_sab('SELECT 1 AS user_id, group_members_opt FROM phpgw_fud_group_members WHERE id=' . $luser_id))) {
invl_inp_err();
}
$perm = $mbr->group_members_opt;
}
}
/* anon users cannot vote or rate */
if (isset($mbr) && !$mbr->user_id) {
$maxperms = $maxperms & ~(512 | 1024);
}
/* no members inside the group */
if (!$perm && !isset($mbr)) {
$perm = $maxperms;
}
/* translated permission names */
$ts_list = array('p_VISIBLE' => 'Visibile', 'p_READ' => 'Leggi', 'p_POST' => 'Scrivi', 'p_REPLY' => 'Rispondi', 'p_EDIT' => 'Modifica', 'p_DEL' => 'Cancella', 'p_STICKY' => 'Messaggi toppati', 'p_POLL' => 'Crea sondaggi', 'p_FILE' => 'Allega file', 'p_VOTE' => 'Vota', 'p_RATE' => 'Vota i topic', 'p_SPLIT' => 'Spezza i topic', 'p_LOCK' => 'Chiudi topic', 'p_MOVE' => 'Sposta topic', 'p_SML' => 'Usa smiley', 'p_IMG' => 'Usa tag delle immagini', 'p_SEARCH' => 'Can Search');
if ($k['p'] == $k['t']) {
$k['p'] = 0;
}
return $k['v'][$k['p']++];
}
function convert_bdate($val, $month_fmt)
{
$ret['year'] = substr($val, 0, 4);
$ret['day'] = substr($val, 6, 2);
$ret['month'] = strftime($month_fmt, mktime(1, 1, 1, substr($val, 4, 2), 11, 2000));
return $ret;
}
if (!isset($_GET['id']) || !(int) $_GET['id']) {
invl_inp_err();
}
if (!($u = db_sab('SELECT u.*, l.name AS level_name, l.level_opt, l.img AS level_img FROM phpgw_fud_users u LEFT JOIN phpgw_fud_level l ON l.id=u.level_id WHERE u.id=' . (int) $_GET['id']))) {
std_error('user');
}
$avatar = $FUD_OPT_1 & 28 && $u->users_opt & 8388608 && !($u->level_opt & 2) ? '<tr class="' . alt_var('search_alt', 'RowStyleA', 'RowStyleB') . '"><td nowrap valign="top" class="GenText">Avatar:</td><td class="GenText">' . $u->avatar_loc . '</td></tr>' : '';
if ($avatar && $u->level_opt & 1) {
$level_name = $level_image = '';
} else {
$level_name = $u->level_name ? '' . $u->level_name . '<br />' : '';
$level_image = $u->level_img ? '<img src="images/' . $u->level_img . '" /><br />' : '';
}
$custom_tags = $u->custom_status ? '' . $u->custom_status . '<br />' : '';
if (!($usr->users_opt & 1048576)) {
$frm_perms = get_all_read_perms(_uid, $usr->users_opt & 524288);
}
$moderation = '';
if ($u->users_opt & 524288) {
}
q('UPDATE phpgw_fud_stats_cache SET
cache_age=' . __request_timestamp__ . ',
last_user_id=' . (int) $obj->last_user_id . ',
user_count=' . (int) $obj->user_count . ',
online_users_anon=' . (int) $obj->online_users_anon . ',
online_users_hidden=' . (int) $obj->online_users_hidden . ',
online_users_reg=' . (int) $obj->online_users_reg . ',
online_users_text=' . strnull(addslashes(@serialize($obj->online_users_text))));
$obj->last_user_alias = q_singleval('SELECT alias FROM phpgw_fud_users WHERE id=' . $obj->last_user_id);
$obj->last_msg_subject = q_singleval('SELECT subject FROM phpgw_fud_msg WHERE id=' . $last_msg_id);
return $obj;
}
$logedin = $forum_info = '';
if ($FUD_OPT_1 & 1073741824 || $FUD_OPT_2 & 16) {
if (!($st_obj = db_sab('SELECT sc.*,m.subject AS last_msg_subject, u.alias AS last_user_alias FROM phpgw_fud_stats_cache sc INNER JOIN phpgw_fud_users u ON u.id=sc.last_user_id INNER JOIN phpgw_fud_msg m ON m.id=' . $last_msg_id . ' WHERE sc.cache_age>' . (__request_timestamp__ - $STATS_CACHE_AGE)))) {
$st_obj =& rebuild_stats_cache($last_msg_id);
} else {
if ($st_obj->online_users_text) {
$st_obj->online_users_text = @unserialize($st_obj->online_users_text);
}
}
$i_spy = $FUD_OPT_1 & 536870912 ? '[<a href="/egroupware/fudforum/3814588639/index.php?t=actions&' . _rsid . '" class="thLnk">mostra quello che fa la gente</a>] [<a href="/egroupware/fudforum/3814588639/index.php?t=online_today&' . _rsid . '" class="thLnk">Visitatori di oggi</a>]' : '';
if ($FUD_OPT_1 & 1073741824) {
if (@count($st_obj->online_users_text)) {
foreach ($st_obj->online_users_text as $k => $v) {
$logedin .= '<a href="/egroupware/fudforum/3814588639/index.php?t=usrinfo&id=' . $k . '&' . _rsid . '" class="GenLink">' . $v . '</a>' . ' ';
}
} else {
$logedin = '';
}
function msg_get($id)
{
if ($r = db_sab('SELECT * FROM phpgw_fud_msg WHERE id=' . $id)) {
$r->body = read_msg_body($r->foff, $r->length, $r->file_id);
un_register_fps();
return $r;
}
error_dialog('Invalid Message', 'The message you are trying to view does not exist.');
}
th_move($thrx->th, $thrx->frm, $data->root_msg_id, $data->forum_id, $data->last_post_date, $data->last_post_id);
if ($data->f1_lpi == $data->last_post_id) {
$mid = (int) q_singleval('SELECT MAX(last_post_id) FROM phpgw_fud_thread t INNER JOIN phpgw_fud_msg m ON t.root_msg_id=m.id WHERE t.forum_id=' . $data->forum_id . ' AND t.moved_to=0 AND m.apr=1');
q('UPDATE phpgw_fud_forum SET last_post_id=' . $mid . ' WHERE id=' . $data->forum_id);
}
if ($data->f2_lpi < $data->last_post_id) {
q('UPDATE phpgw_fud_forum SET last_post_id=' . $data->last_post_id . ' WHERE id=' . $thrx->frm);
}
thx_delete($thrx->id);
logaction($usr->id, 'THRXAPPROVE', $thrx->th);
} else {
if ((isset($_GET['decl']) || isset($_POST['decl'])) && ($thrx = thx_get($decl = (int) (isset($_GET['decl']) ? $_GET['decl'] : $_POST['decl'])))) {
$data = db_sab('SELECT u.email, u.login, u.id, m.subject, f1.name AS f1_name, f2.name AS f2_name, ' . ($usr->users_opt & 1048576 ? ' 1 ' : ' mm.id ') . ' AS md
FROM phpgw_fud_thread t
INNER JOIN phpgw_fud_forum f1 ON t.forum_id=f1.id
INNER JOIN phpgw_fud_forum f2 ON f2.id=' . $thrx->frm . '
INNER JOIN phpgw_fud_msg m ON m.id=t.root_msg_id
INNER JOIN phpgw_fud_users u ON u.id=' . $thrx->req_by . '
LEFT JOIN phpgw_fud_mod mm ON mm.forum_id=' . $thrx->frm . ' AND mm.user_id=' . _uid . '
WHERE t.id=' . $thrx->th);
if (!$data) {
invl_inp_err();
}
if (!$data->md) {
std_error('access');
}
if (!empty($_POST['reason'])) {
send_status_update($data->id, $data->login, $data->email, 'Moving of topic ' . $data->subject . ' into forum ' . htmlspecialchars($data->f2_name) . ' was declined.', htmlspecialchars($_POST['reason']));
thx_delete($thrx->id);
$decl = null;
} else {
$thr_exch_data = '<form method="post" action="/egroupware/fudforum/3814588639/index.php?t=thr_exch" name="thr_exch">
