function get_contact_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $parser, $displaygroupfields; $lang->load("member"); $input = Tapatalk_Input::filterXmlInput(array('user_id' => Tapatalk_Input::STRING), $xmlrpc_params); if (isset($input['user_id']) && !empty($input['user_id'])) { $uid = $input['user_id']; } else { $uid = $mybb->user['uid']; } if ($mybb->user['uid'] != $uid) { $member = get_user($uid); } else { $member = $mybb->user; } if (!$member['uid']) { error($lang->error_nomember); } // Guests or those without permission can't email other users if ($mybb->usergroup['cansendemail'] == 0 || !$mybb->user['uid']) { error_no_permission(); } if ($member['hideemail'] != 0) { error($lang->error_hideemail); } $user_info = array('result' => new xmlrpcval(true, 'boolean'), 'user_id' => new xmlrpcval($member['uid']), 'display_name' => new xmlrpcval(basic_clean($member['username']), 'base64'), 'enc_email' => new xmlrpcval(base64_encode(encrypt($member['email'], loadAPIKey())))); $xmlrpc_user_info = new xmlrpcval($user_info, 'struct'); return new xmlrpcresp($xmlrpc_user_info); }
function upload_avatar_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; //chdir("../"); $input = Tapatalk_Input::filterXmlInput(array('content' => Tapatalk_Input::STRING), $xmlrpc_params); if ($mybb->usergroup['canuploadavatars'] == 0) { error_no_permission(); } $avatar = upload_avatar($_FILES['upload']); if ($avatar['error']) { return xmlrespfalse($avatar['error']); } else { if ($avatar['width'] > 0 && $avatar['height'] > 0) { $avatar_dimensions = $avatar['width'] . "|" . $avatar['height']; } $updated_avatar = array("avatar" => $avatar['avatar'] . '?dateline=' . TIME_NOW, "avatardimensions" => $avatar_dimensions, "avatartype" => "upload"); $db->update_query("users", $updated_avatar, "uid='" . $mybb->user['uid'] . "'"); } return xmlresptrue(); }
function m_delete_post_func($xmlrpc_params) { global $input, $post, $thread, $forum, $pid, $tid, $fid, $modlogdata, $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $moderation, $parser; $input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::INT, 'mode' => Tapatalk_Input::INT, 'reason_text' => Tapatalk_Input::STRING), $xmlrpc_params); // Load global language phrases $lang->load("editpost"); $plugins->run_hooks("editpost_start"); // No permission for guests if (!$mybb->user['uid']) { error_no_permission(); } // Get post info $pid = intval($input['post_id']); $query = $db->simple_select("posts", "*", "pid='{$pid}'"); $post = $db->fetch_array($query); if (!$post['pid']) { error($lang->error_invalidpost); } // Get thread info $tid = $post['tid']; $thread = get_thread($tid); if (!$thread['tid']) { error($lang->error_invalidthread); } // Get forum info $fid = $post['fid']; $forum = get_forum($fid); if (!$forum || $forum['type'] != "f") { error($lang->error_closedinvalidforum); } if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) { error_no_permission(); } $forumpermissions = forum_permissions($fid); if (!is_moderator($fid, "candeleteposts")) { if ($thread['closed'] == 1) { error($lang->redirect_threadclosed); } if ($forumpermissions['candeleteposts'] == 0) { error_no_permission(); } if ($mybb->user['uid'] != $post['uid']) { error_no_permission(); } } // Check if this forum is password protected and we have a valid password check_forum_password($forum['fid']); $plugins->run_hooks("editpost_deletepost"); $modlogdata['fid'] = $fid; $modlogdata['tid'] = $tid; $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc")); $firstcheck = $db->fetch_array($query); if ($firstcheck['pid'] == $pid) { if ($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads")) { delete_thread($tid); mark_reports($tid, "thread"); log_moderator_action($modlogdata, $lang->thread_deleted); } else { error_no_permission(); } } else { if ($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts")) { // Select the first post before this delete_post($pid, $tid); mark_reports($pid, "post"); log_moderator_action($modlogdata, $lang->post_deleted); } else { error_no_permission(); } } $response = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'is_login_mod' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval("", 'base64')), 'struct'); return new xmlrpcresp($response); }
function get_user_info_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $parser, $displaygroupfields; $lang->load("member"); $input = Tapatalk_Input::filterXmlInput(array('user_name' => Tapatalk_Input::STRING, 'user_id' => Tapatalk_Input::INT), $xmlrpc_params); if ($mybb->usergroup['canviewprofiles'] == 0) { error_no_permission(); } if (isset($input['user_id']) && !empty($input['user_id'])) { $uid = $input['user_id']; } elseif (!empty($input['user_name'])) { $query = $db->simple_select("users", "uid", "username='******'user_name_esc']}'"); $uid = $db->fetch_field($query, "uid"); } else { $uid = $mybb->user['uid']; } if ($mybb->user['uid'] != $uid) { $memprofile = get_user($uid); } else { $memprofile = $mybb->user; } if (!$memprofile['uid']) { error($lang->error_nomember); } // Get member's permissions $memperms = user_permissions($memprofile['uid']); if (!$memprofile['displaygroup']) { $memprofile['displaygroup'] = $memprofile['usergroup']; } // Grab the following fields from the user's displaygroup $displaygroupfields = array("title", "usertitle", "stars", "starimage", "image", "usereputationsystem"); $displaygroup = usergroup_displaygroup($memprofile['displaygroup']); // Get the user title for this user unset($usertitle); unset($stars); if (trim($memprofile['usertitle']) != '') { // User has custom user title $usertitle = $memprofile['usertitle']; } elseif (trim($displaygroup['usertitle']) != '') { // User has group title $usertitle = $displaygroup['usertitle']; } else { // No usergroup title so get a default one $query = $db->simple_select("usertitles", "*", "", array('order_by' => 'posts', 'order_dir' => 'DESC')); while ($title = $db->fetch_array($query)) { if ($memprofile['postnum'] >= $title['posts']) { $usertitle = $title['title']; $stars = $title['stars']; $starimage = $title['starimage']; break; } } } // User is currently online and this user has permissions to view the user on the WOL $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins'] * 60; $query = $db->simple_select("sessions", "location,nopermission", "uid='{$uid}' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1)); $session = $db->fetch_array($query); if (($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid']) && !empty($session)) { // Fetch their current location $lang->load("online"); require_once MYBB_ROOT . "inc/functions_online.php"; $activity = fetch_wol_activity($session['location'], $session['nopermission']); /*unset($activity['tid']); unset($activity['fid']); unset($activity['pid']); unset($activity['eid']); unset($activity['aid']);*/ $location = strip_tags(build_friendly_wol_location($activity)); $location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']); $online = true; } else { $online = false; } // Get custom fields start $custom_fields_list = array(); if ($memprofile['birthday']) { $membday = explode("-", $memprofile['birthday']); if ($memprofile['birthdayprivacy'] != 'none') { if ($membday[0] && $membday[1] && $membday[2]) { $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday'])); if ($membday[2] >= 1970) { $w_day = date("l", mktime(0, 0, 0, $membday[1], $membday[0], $membday[2])); $membday = format_bdays($mybb->settings['dateformat'], $membday[1], $membday[0], $membday[2], $w_day); } else { $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]); $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]); $membday = date($bdayformat, $membday); } $membdayage = $lang->membdayage; } elseif ($membday[2]) { $membday = mktime(0, 0, 0, 1, 1, $membday[2]); $membday = date("Y", $membday); $membdayage = ''; } else { $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0); $membday = date("F j", $membday); $membdayage = ''; } } if ($memprofile['birthdayprivacy'] == 'age') { $membday = $lang->birthdayhidden; } else { if ($memprofile['birthdayprivacy'] == 'none') { $membday = $lang->birthdayhidden; $membdayage = ''; } } $custom_fields_list[] = new xmlrpcval(array('name' => new xmlrpcval(basic_clean($lang->date_of_birth), 'base64'), 'value' => new xmlrpcval(basic_clean("{$membday} {$membdayage}"), 'base64')), 'struct'); } // thank you/like field global $mobiquo_config; $prefix = $mobiquo_config['thlprefix']; if ($mybb->settings[$prefix . 'enabled'] == "1") { $lang->load("thankyoulike"); if ($mybb->settings[$prefix . 'thankslike'] == "like") { $lang->tyl_total_tyls_given = $lang->tyl_total_likes_given; $lang->tyl_total_tyls_rcvd = $lang->tyl_total_likes_rcvd; } else { if ($mybb->settings[$prefix . 'thankslike'] == "thanks") { $lang->tyl_total_tyls_given = $lang->tyl_total_thanks_given; $lang->tyl_total_tyls_rcvd = $lang->tyl_total_thanks_rcvd; } } $daysreg = (TIME_NOW - $memprofile['regdate']) / (24 * 3600); $tylpd = $memprofile['tyl_unumtyls'] / $daysreg; $tylpd = round($tylpd, 2); if ($tylpd > $memprofile['tyl_unumtyls']) { $tylpd = $memprofile['tyl_unumtyls']; } $tylrcvpd = $memprofile['tyl_unumrcvtyls'] / $daysreg; $tylrcvpd = round($tylrcvpd, 2); if ($tylrcvpd > $memprofile['tyl_unumrcvtyls']) { $tylrcvpd = $memprofile['tyl_unumrcvtyls']; } // Get total tyl and percentage $options = array("limit" => 1); $query = $db->simple_select($prefix . "stats", "*", "title='total'", $options); $total = $db->fetch_array($query); if ($total['value'] == 0) { $percent = "0"; $percent_rcv = "0"; } else { $percent = $memprofile['tyl_unumtyls'] * 100 / $total['value']; $percent = round($percent, 2); $percent_rcv = $memprofile['tyl_unumrcvtyls'] * 100 / $total['value']; $percent_rcv = round($percent_rcv, 2); } if ($percent > 100) { $percent = 100; } if ($percent_rcv > 100) { $percent_rcv = 100; } $memprofile['tyl_unumtyls'] = my_number_format($memprofile['tyl_unumtyls']); $memprofile['tyl_unumrcvtyls'] = my_number_format($memprofile['tyl_unumrcvtyls']); $tylpd_percent_total = $lang->sprintf($lang->tyl_tylpd_percent_total, my_number_format($tylpd), $tyl_thankslikes_given, $percent); $tylrcvpd_percent_total = $lang->sprintf($lang->tyl_tylpd_percent_total, my_number_format($tylrcvpd), $tyl_thankslikes_rcvd, $percent_rcv); addCustomField($lang->tyl_total_tyls_given, "{$memprofile['tyl_unumtyls']} ({$tylpd_percent_total})", $custom_fields_list); addCustomField($lang->tyl_total_tyls_rcvd, "{$memprofile['tyl_unumrcvtyls']} ({$tylrcvpd_percent_total})", $custom_fields_list); } if ($memprofile['timeonline'] > 0) { $timeonline = nice_time($memprofile['timeonline']); addCustomField($lang->timeonline, $timeonline, $custom_fields_list); } if ($mybb->settings['usereferrals'] == 1 && $memprofile['referrals'] > 0) { addCustomField($lang->members_referred, $memprofile['referrals'], $custom_fields_list); } if ($memperms['usereputationsystem'] == 1 && $displaygroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1 && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep'])) { addCustomField($lang->reputation, $memprofile['reputation'], $custom_fields_list); } if ($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || $mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)) { $warning_level = round($memprofile['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100); if ($warning_level > 100) { $warning_level = 100; } addCustomField($lang->warning_level, $warning_level . '%', $custom_fields_list); } if ($memprofile['website']) { $memprofile['website'] = htmlspecialchars_uni($memprofile['website']); addCustomField($lang->homepage, $memprofile['website'], $custom_fields_list); } if ($memprofile['icq']) { addCustomField($lang->icq_number, $memprofile['icq'], $custom_fields_list); } if ($memprofile['aim']) { addCustomField($lang->aim_screenname, $memprofile['aim'], $custom_fields_list); } if ($memprofile['yahoo']) { addCustomField($lang->yahoo_id, $memprofile['yahoo'], $custom_fields_list); } if ($memprofile['msn']) { addCustomField($lang->msn, $memprofile['msn'], $custom_fields_list); } $query = $db->simple_select("userfields", "*", "ufid='{$uid}'"); $userfields = $db->fetch_array($query); if ($mybb->usergroup['cancp'] == 1 || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['canmodcp'] == 1) { $field_hidden = '1=1'; } else { $field_hidden = "hidden=0"; } $query = $db->simple_select("profilefields", "*", "{$field_hidden}", array('order_by' => 'disporder')); while ($customfield = $db->fetch_array($query)) { $thing = explode("\n", $customfield['type'], "2"); $type = trim($thing[0]); $field = "fid{$customfield['fid']}"; $useropts = explode("\n", $userfields[$field]); $customfieldval = $comma = ''; if (is_array($useropts) && ($type == "multiselect" || $type == "checkbox")) { $customfieldval = $userfields[$field]; } else { $customfieldval = $parser->parse_badwords($userfields[$field]); } $customfield['name'] = htmlspecialchars_uni($customfield['name']); if ($customfieldval) { addCustomField($customfield['name'], $customfieldval, $custom_fields_list); } } if ($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW)) { $sig_parser = array("allow_html" => $mybb->settings['sightml'], "allow_mycode" => $mybb->settings['sigmycode'], "allow_smilies" => $mybb->settings['sigsmilies'], "allow_imgcode" => $mybb->settings['sigimgcode'], "me_username" => $memprofile['username'], "filter_badwords" => 1); $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser); $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']); addCustomField($lang->users_signature, $memprofile['signature'], $custom_fields_list); } // Get custom fields end $query = $db->simple_select("banned", "uid", "uid='{$uid}'"); $isbanned = !!$db->fetch_field($query, "uid"); $xmlrpc_user_info = array('user_id' => new xmlrpcval($memprofile['uid'], 'string'), 'username' => new xmlrpcval(basic_clean($memprofile['username']), 'base64'), 'user_name' => new xmlrpcval(basic_clean($memprofile['username']), 'base64'), 'user_type' => check_return_user_type($memprofile['username']), 'post_count' => new xmlrpcval($memprofile['postnum'], 'int'), 'reg_time' => new xmlrpcval(mobiquo_iso8601_encode($memprofile['regdate']), 'dateTime.iso8601'), 'timestamp_reg' => new xmlrpcval($memprofile['regdate'], 'string'), 'last_activity_time' => new xmlrpcval(mobiquo_iso8601_encode($memprofile['lastactive']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($memprofile['lastactive'], 'string'), 'is_online' => new xmlrpcval($online, 'boolean'), 'accept_pm' => new xmlrpcval($memprofile['receivepms'], 'boolean'), 'display_text' => new xmlrpcval($usertitle, 'base64'), 'icon_url' => new xmlrpcval(absolute_url($memprofile['avatar']), 'string'), 'current_activity' => new xmlrpcval($location, 'base64')); if ($mybb->usergroup['canmodcp'] == 1 && $uid != $mybb->user['uid']) { $xmlrpc_user_info['can_ban'] = new xmlrpcval(ture, 'boolean'); } if ($isbanned) { $xmlrpc_user_info['is_ban'] = new xmlrpcval(ture, 'boolean'); } $xmlrpc_user_info['custom_fields_list'] = new xmlrpcval($custom_fields_list, 'array'); return new xmlrpcresp(new xmlrpcval($xmlrpc_user_info, 'struct')); }
function mysteam_usercp() { global $lang, $mybb; if (!$lang->mysteam) { $lang->load('mysteam'); } // Check if current User CP page is Steam Integration. if ($mybb->input['action'] == 'steamid') { global $db, $theme, $templates, $headerinclude, $header, $footer, $plugins, $usercpnav, $steamform; // Make sure user is in an allowed usergroup if set. $is_allowed = mysteam_filter_groups($mybb->user); if (!$is_allowed) { error_no_permission(); } add_breadcrumb($lang->nav_usercp, 'usercp.php'); add_breadcrumb($lang->mysteam_integration, 'usercp.php?action=steamid'); $submit_display = 'display: none;'; if (!$mybb->user['steamid']) { $decouple_display = 'display: none;'; } // Process the form submission if something has been submitted. if ($mybb->input['uid']) { $submit_display = ''; $uid = $db->escape_string($mybb->input['uid']); // If user has attempted to submit a Steam profile . . . if ($mybb->input['submit']) { // If user directly entered a Steam ID . . . if (is_numeric($mybb->input['steamprofile']) && strlen($mybb->input['steamprofile']) === 17) { $steamid = $db->escape_string($mybb->input['steamprofile']); // Ensure the Steam ID is valid. $data = 'http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=' . $mybb->settings['mysteam_apikey'] . '&steamids=' . $steamid; $response = multiRequest($data); if (!strpos($response[0], 'steamid')) { unset($steamid); } else { $decoded = json_decode($response[0]); $steamname = $decoded->response->players[0]->personaname; } } elseif (!strpos($mybb->input['steamprofile'], '/')) { $vanity_url = $db->escape_string($mybb->input['steamprofile']); $data = 'http://api.steampowered.com/ISteamUser/ResolveVanityURL/v0001/?key=' . $mybb->settings['mysteam_apikey'] . '&vanityurl=' . $vanity_url; $response = multiRequest($data); $decoded = json_decode($response[0]); if ($decoded->response->success == 1) { $steamid = $db->escape_string($decoded->response->steamid); } } elseif (strpos($mybb->input['steamprofile'], '/profiles/')) { $trimmed_url = rtrim($mybb->input['steamprofile'], '/'); $parsed_url = explode('/', $trimmed_url); $steamid = end($parsed_url); $data = 'http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=' . $mybb->settings['mysteam_apikey'] . '&steamids=' . $steamid; $response = multiRequest($data); if (!strpos($response[0], 'steamid')) { unset($steamid); } else { $decoded = json_decode($response[0]); $steamname = $decoded->response->players[0]->personaname; } } elseif (strpos($mybb->input['steamprofile'], '/id/')) { $trimmed_url = rtrim($mybb->input['steamprofile'], '/'); $parsed_url = explode('/', $trimmed_url); $vanity_url = end($parsed_url); $data = 'http://api.steampowered.com/ISteamUser/ResolveVanityURL/v0001/?key=' . $mybb->settings['mysteam_apikey'] . '&vanityurl=' . $vanity_url; $response = multiRequest($data); $decoded = json_decode($response[0]); if ($decoded->response->success == 1) { $steamid = $db->escape_string($decoded->response->steamid); } } // If we have a valid Steam ID . . . if ($steamid) { $query = $db->simple_select("users", "username", "steamid='" . $steamid . "'"); $username_same = $db->fetch_field($query, 'username'); // Don't run if Steam ID matches another user's current ID, and display error. if ($db->num_rows($query)) { $submit_message = ' <p><em>' . $lang->please_correct_errors . '</em></p> <p>' . $lang->mysteam_submit_same . $username_same . '</p>'; } else { $db->update_query("users", array('steamid' => $steamid), "uid='" . $uid . "'"); if ($vanity_url) { $success_third_line = '<br /> <strong>' . $lang->mysteam_vanityurl . '</strong>' . $vanity_url . '</p>'; } else { $success_third_line = '<br /> <strong>' . $lang->mysteam_name . '</strong>' . $steamname . '</p>'; } $submit_message = '<p><strong>' . $lang->mysteam_submit_success . '</strong></p> <p><strong>' . $lang->mysteam_steamid . '</strong>' . $steamid . $success_third_line; } } else { $submit_message = '<p><em>' . $lang->please_correct_errors . '</em></p> <p>' . $lang->mysteam_submit_invalid . '</p>'; } } elseif ($mybb->input['decouple']) { $db->update_query("users", array('steamid' => ''), "uid='" . $uid . "'"); $submit_message = $lang->mysteam_decouple_success; } } eval("\$steamform = \"" . $templates->get("mysteam_usercp") . "\";"); output_page($steamform); } }
function replyban_run() { global $db, $mybb, $lang, $templates, $theme, $headerinclude, $header, $footer, $replyban, $moderation; $lang->load("replyban"); if ($mybb->input['action'] != "replyban" && $mybb->input['action'] != "do_replyban" && $mybb->input['action'] != "liftreplyban") { return; } if ($mybb->input['action'] == "replyban") { $tid = $mybb->get_input('tid', MyBB::INPUT_INT); $thread = get_thread($tid); if (!is_moderator($thread['fid'], "canmanagethreads")) { error_no_permission(); } if (!$thread['tid']) { error($lang->error_invalidthread); } $thread['subject'] = htmlspecialchars_uni($thread['subject']); $lang->reply_bans_for = $lang->sprintf($lang->reply_bans_for, $thread['subject']); check_forum_password($thread['fid']); build_forum_breadcrumb($thread['fid']); add_breadcrumb($thread['subject'], get_thread_link($thread['tid'])); add_breadcrumb($lang->reply_bans); $query = $db->query("\r\n\t\t\tSELECT r.*, u.username\r\n\t\t\tFROM " . TABLE_PREFIX . "replybans r\r\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (r.uid=u.uid)\r\n\t\t\tWHERE r.tid='{$thread['tid']}'\r\n\t\t\tORDER BY r.dateline DESC\r\n\t\t"); while ($ban = $db->fetch_array($query)) { $ban['reason'] = htmlspecialchars_uni($ban['reason']); $ban['username'] = build_profile_link($ban['username'], $ban['uid']); if ($ban['lifted'] == 0) { $ban['lifted'] = $lang->permanent; } else { $ban['lifted'] = my_date('relative', $ban['lifted'], '', 2); } $alt_bg = alt_trow(); eval("\$ban_bit .= \"" . $templates->get("moderation_replyban_bit") . "\";"); } if (!$ban_bit) { eval("\$ban_bit = \"" . $templates->get("moderation_replyban_no_bans") . "\";"); } // Generate the banned times dropdown $liftlist = ''; $bantimes = fetch_ban_times(); foreach ($bantimes as $time => $title) { $selected = ''; if (isset($banned['bantime']) && $banned['bantime'] == $time) { $selected = " selected=\"selected\""; } $thattime = ''; if ($time != '---') { $dateline = TIME_NOW; if (isset($banned['dateline'])) { $dateline = $banned['dateline']; } $thatime = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time, $dateline)); $thattime = " ({$thatime})"; } eval("\$liftlist .= \"" . $templates->get("moderation_replyban_liftlist") . "\";"); } eval("\$replyban = \"" . $templates->get("moderation_replyban") . "\";"); output_page($replyban); } if ($mybb->input['action'] == "do_replyban" && $mybb->request_method == "post") { // Verify incoming POST request verify_post_check($mybb->get_input('my_post_key')); $tid = $mybb->get_input('tid', MyBB::INPUT_INT); $thread = get_thread($tid); if (!is_moderator($thread['fid'], "canmanagethreads")) { error_no_permission(); } if (!$thread['tid']) { error($lang->error_invalidthread); } $user = get_user_by_username($mybb->input['username'], array('fields' => array('username'))); if (!$user['uid']) { error($lang->error_invaliduser); } $mybb->input['reason'] = $mybb->get_input('reason'); if (!trim($mybb->input['reason'])) { error($lang->error_missing_reason); } $query = $db->simple_select('replybans', 'rid', "uid='{$user['uid']}' AND tid='{$thread['tid']}'"); $existingban = $db->fetch_field($query, 'rid'); if ($existingban > 0) { error($lang->error_alreadybanned); } if ($mybb->get_input('liftban') == '---') { $lifted = 0; } else { $lifted = ban_date2timestamp($mybb->get_input('liftban'), 0); } $reason = my_substr($mybb->input['reason'], 0, 240); $insert_array = array('uid' => $user['uid'], 'tid' => $thread['tid'], 'dateline' => TIME_NOW, 'reason' => $db->escape_string($reason), 'lifted' => $db->escape_string($lifted)); $db->insert_query('replybans', $insert_array); log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned); moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_user_banned_replying); } if ($mybb->input['action'] == "liftreplyban") { // Verify incoming POST request verify_post_check($mybb->get_input('my_post_key')); $rid = $mybb->get_input('rid', MyBB::INPUT_INT); $query = $db->simple_select("replybans", "*", "rid='{$rid}'"); $ban = $db->fetch_array($query); if (!$ban['rid']) { error($lang->error_invalidreplyban); } $thread = get_thread($ban['tid']); $user = get_user($ban['uid']); if (!$thread['tid']) { error($lang->error_invalidthread); } if (!is_moderator($thread['fid'], "canmanagethreads")) { error_no_permission(); } $db->delete_query("replybans", "rid='{$ban['rid']}'"); log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned_lifted); moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_reply_ban_lifted); } exit; }
function trader_unapprove($fid) { global $mybb, $db, $header, $headerinclude, $footer, $lang; $lang->load("tradefeedback"); $fid = intval($fid); if (!$fid) { error($lang->feedback_invalid_action); } if ($mybb->usergroup['canmodcp'] == 0) { error_no_permission(); } verify_post_check($mybb->input['my_post_key']); // Check if the rep exists $query = $db->simple_select("trade_feedback", "receiver", "fid={$fid}"); $userid = $db->fetch_field($query, "receiver"); if (!$userid) { error($lang->feedback_invalid_action); } $db->write_query("UPDATE " . TABLE_PREFIX . "trade_feedback SET approved=0 WHERE fid={$fid}"); trader_rebuild_reputation($userid); $url = $mybb->settings['bburl'] . "/tradefeedback.php?action=view&uid={$userid}"; $message = $lang->feedback_unapproved_success; redirect($url, $message, "", true); }
function newpoints_shop_page() { global $mybb, $db, $lang, $cache, $theme, $header, $templates, $plugins, $headerinclude, $footer, $options, $inline_errors; if (!$mybb->user['uid']) { return; } newpoints_lang_load("newpoints_shop"); if ($mybb->input['action'] == "do_shop") { verify_post_check($mybb->input['postcode']); $plugins->run_hooks("newpoints_do_shop_start"); switch ($mybb->input['shop_action']) { case 'buy': $plugins->run_hooks("newpoints_shop_buy_start"); // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } // check group rules - primary group check $grouprules = newpoints_getrules('group', $mybb->user['usergroup']); if (!$grouprules) { $grouprules['items_rate'] = 1.0; } // no rule set so default income rate is 1 // if the group items rate is 0, the price of the item is 0 if (floatval($grouprules['items_rate']) == 0) { $item['price'] = 0; } else { $item['price'] = $item['price'] * floatval($grouprules['items_rate']); } if (floatval($item['price']) > floatval($mybb->user['newpoints'])) { $errors[] = $lang->newpoints_shop_not_enough; } if ($item['infinite'] != 1 && $item['stock'] <= 0) { $errors[] = $lang->newpoints_shop_out_of_stock; } if ($item['limit'] != 0) { // Get how many items of this type we have in our inventory $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { $myitems = array(); } // If more than or equal to $item['limit'] -> FAILED if (count(array_keys($myitems, $item['iid'])) >= $item['limit']) { $errors[] = $lang->newpoints_shop_limit_reached; } } if (!empty($errors)) { $inline_errors = inline_error($errors, $lang->newpoints_shop_inline_errors); $mybb->input = array(); $mybb->input['action'] = 'shop'; } else { $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { $myitems = array(); } $myitems[] = $item['iid']; $db->update_query('users', array('newpoints_items' => serialize($myitems)), 'uid=\'' . $mybb->user['uid'] . '\''); // update stock if ($item['infinite'] != 1) { $db->update_query('newpoints_shop_items', array('stock' => $item['stock'] - 1), 'iid=\'' . $item['iid'] . '\''); } // get money from user newpoints_addpoints($mybb->user['uid'], -floatval($item['price'])); if (!empty($item['pm'])) { // send PM if item has private message newpoints_send_pm(array('subject' => $lang->newpoints_shop_bought_item_pm_subject, 'message' => $item['pm'], 'touid' => $mybb->user['uid'], 'receivepms' => 1), -1); } $plugins->run_hooks("newpoints_shop_buy_end", $item); // log purchase newpoints_log('shop_purchase', $lang->sprintf($lang->newpoints_shop_purchased_log, $item['iid'], $item['price'])); redirect($mybb->settings['bburl'] . "/newpoints.php?action=shop", $lang->newpoints_shop_item_bought, $lang->newpoints_shop_item_bought_title); } break; case 'send': $plugins->run_hooks("newpoints_shop_send_start"); // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { error($lang->newpoints_shop_inventory_empty); } // make sure we own the item $key = array_search($item['iid'], $myitems); if ($key === false) { error($lang->newpoints_shop_selected_item_not_owned); } $lang->newpoints_shop_action = $lang->newpoints_shop_send_item; $item['name'] = htmlspecialchars_uni($item['name']); global $shop_action, $data, $colspan; $colspan = 2; $shop_action = 'do_send'; $fields = '<input type="hidden" name="iid" value="' . $item['iid'] . '">'; $data = "<td class=\"trow1\" width=\"50%\"><strong>" . $lang->newpoints_shop_send_item_username . ":</strong><br /><small>" . $lang->newpoints_shop_send_item_message . "</small></td><td class=\"trow1\" width=\"50%\"><input type=\"text\" class=\"textbox\" name=\"username\" value=\"\"></td>"; $plugins->run_hooks("newpoints_shop_send_end"); eval("\$page = \"" . $templates->get('newpoints_shop_do_action') . "\";"); output_page($page); break; case 'do_send': $plugins->run_hooks("newpoints_shop_do_send_start"); // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { error($lang->newpoints_shop_inventory_empty); } // make sure we own the item $key = array_search($item['iid'], $myitems); if ($key === false) { error($lang->newpoints_shop_selected_item_not_owned); } $username = trim($mybb->input['username']); if (!($user = newpoints_getuser_byname($username))) { error($lang->newpoints_shop_invalid_user); } else { if ($user['uid'] == $mybb->user['uid']) { error($lang->newpoints_shop_cant_send_item_self); } // send item to the selected user $useritems = @unserialize($user['newpoints_items']); if (!$useritems) { $useritems = array(); } $useritems[] = $item['iid']; $db->update_query('users', array('newpoints_items' => serialize($useritems)), 'uid=\'' . $user['uid'] . '\''); // remove item from our inventory unset($myitems[$key]); sort($myitems); $db->update_query('users', array('newpoints_items' => serialize($myitems)), 'uid=\'' . $mybb->user['uid'] . '\''); $plugins->run_hooks("newpoints_shop_do_send_end"); // send pm to user newpoints_send_pm(array('subject' => $lang->newpoints_shop_item_received_title, 'message' => $lang->sprintf($lang->newpoints_shop_item_received, htmlspecialchars_uni($mybb->user['username']), htmlspecialchars_uni($item['name'])), 'touid' => $user['uid'], 'receivepms' => 1), -1); // log newpoints_log('shop_send', $lang->sprintf($lang->newpoints_shop_sent_log, $item['iid'], $user['uid'], $user['username'])); redirect($mybb->settings['bburl'] . "/newpoints.php?action=shop&shop_action=myitems", $lang->newpoints_shop_item_sent, $lang->newpoints_shop_item_sent_title); } break; case 'sell': $plugins->run_hooks("newpoints_shop_sell_start"); // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { error($lang->newpoints_shop_inventory_empty); } // make sure we own the item $key = array_search($item['iid'], $myitems); if ($key === false) { error($lang->newpoints_shop_selected_item_not_owned); } $lang->newpoints_shop_action = $lang->newpoints_shop_sell_item; $item['name'] = htmlspecialchars_uni($item['name']); global $shop_action, $data, $colspan; $colspan = 1; $shop_action = 'do_sell'; $fields = '<input type="hidden" name="iid" value="' . $item['iid'] . '">'; $data = "<td class=\"trow1\" width=\"100%\">" . $lang->sprintf($lang->newpoints_shop_sell_item_confirm, htmlspecialchars_uni($item['name']), newpoints_format_points(floatval($item['price']) * $mybb->settings['newpoints_shop_percent'])) . "</td>"; $plugins->run_hooks("newpoints_shop_sell_end"); eval("\$page = \"" . $templates->get('newpoints_shop_do_action') . "\";"); output_page($page); break; case 'do_sell': $plugins->run_hooks("newpoints_shop_do_sell_start"); // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { error($lang->newpoints_shop_inventory_empty); } // make sure we own the item $key = array_search($item['iid'], $myitems); if ($key === false) { error($lang->newpoints_shop_selected_item_not_owned); } // remove item from our inventory unset($myitems[$key]); sort($myitems); $db->update_query('users', array('newpoints_items' => serialize($myitems)), 'uid=\'' . $mybb->user['uid'] . '\''); // update stock if ($item['infinite'] != 1) { $db->update_query('newpoints_shop_items', array('stock' => $item['stock'] + 1), 'iid=\'' . $item['iid'] . '\''); } newpoints_addpoints($mybb->user['uid'], floatval($item['price']) * $mybb->settings['newpoints_shop_percent']); $plugins->run_hooks("newpoints_shop_do_sell_end"); // log newpoints_log('shop_sell', $lang->sprintf($lang->newpoints_shop_sell_log, $item['iid'], floatval($item['price']) * $mybb->settings['newpoints_shop_percent'])); redirect($mybb->settings['bburl'] . "/newpoints.php?action=shop&shop_action=myitems", $lang->newpoints_shop_item_sell, $lang->newpoints_shop_item_sell_title); break; default: error_no_permission(); } $plugins->run_hooks("newpoints_do_shop_end"); } // shop page if ($mybb->input['action'] == "shop") { $plugins->run_hooks("newpoints_shop_start"); if ($mybb->input['shop_action'] == 'view') { // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } $item['name'] = htmlspecialchars_uni($item['name']); $item['description'] = htmlspecialchars_uni($item['description']); // check group rules - primary group check $grouprules = newpoints_getrules('group', $mybb->user['usergroup']); if (!$grouprules) { $grouprules['items_rate'] = 1.0; } // no rule set so default income rate is 1 // if the group items rate is 0, the price of the item is 0 if (floatval($grouprules['items_rate']) == 0) { $item['price'] = 0; } else { $item['price'] = $item['price'] * floatval($grouprules['items_rate']); } $item['price'] = newpoints_format_points($item['price']); if ($item['price'] > $mybb->user['newpoints']) { $item['price'] = '<span style="color: #FF0000;">' . $item['price'] . '</span>'; } // build icon if ($item['icon'] != '') { $item['icon'] = htmlspecialchars_uni($item['icon']); $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $item['icon'] . '">'; } else { $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/images/newpoints/default.png">'; } if ($item['infinite'] == 1) { $item['stock'] = $lang->newpoints_shop_infinite; } else { $item['stock'] = intval($item['stock']); } if ($item['sendable'] == 1) { $item['sendable'] = $lang->newpoints_shop_yes; } else { $item['sendable'] = $lang->newpoints_shop_no; } if ($item['sellable'] == 1) { $item['sellable'] = $lang->newpoints_shop_yes; } else { $item['sellable'] = $lang->newpoints_shop_no; } eval("\$page = \"" . $templates->get('newpoints_shop_view_item') . "\";"); } elseif ($mybb->input['shop_action'] == 'myitems') { $uid = intval($mybb->input['uid']); $uidpart = ''; if ($uid > 0) { $user = get_user($uid); // we're viewing someone else's inventory if (!empty($user)) { // we can't view others inventories if we don't have enough previleges if ($mybb->settings['newpoints_shop_viewothers'] != 1 && $mybb->usergroup['cancp'] != 1 && $mybb->user['uid'] != $uid) { error_no_permission(); } $myitems = @unserialize($user['newpoints_items']); $lang->newpoints_shop_myitems = $lang->sprintf($lang->newpoints_shop_items_username, htmlspecialchars_uni($user['username'])); $uidpart = "&uid=" . $uid; // we need this for pagination } else { $myitems = @unserialize($mybb->user['newpoints_items']); } } else { $myitems = @unserialize($mybb->user['newpoints_items']); } $items = ''; $newrow = true; $invert_bgcolor = alt_trow(); if ($mybb->settings['newpoints_shop_sendable'] != 1) { $sendable = false; } else { $sendable = true; } if ($mybb->settings['newpoints_shop_sellable'] != 1) { $sellable = false; } else { $sellable = true; } require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); $parser_options = array('allow_mycode' => 1, 'allow_smilies' => 1, 'allow_imgcode' => 0, 'allow_html' => 0, 'filter_badwords' => 1); if (!empty($myitems)) { // pagination $per_page = 10; $mybb->input['page'] = intval($mybb->input['page']); if ($mybb->input['page'] && $mybb->input['page'] > 1) { $mybb->input['page'] = intval($mybb->input['page']); $start = $mybb->input['page'] * $per_page - $per_page; } else { $mybb->input['page'] = 1; $start = 0; } // total items $total_rows = $db->fetch_field($db->simple_select("newpoints_shop_items", "COUNT(iid) as items", 'visible=1 AND iid IN (' . implode(',', array_unique($myitems)) . ')'), "items"); // multi-page if ($total_rows > $per_page) { $multipage = multipage($total_rows, $per_page, $mybb->input['page'], $mybb->settings['bburl'] . "/newpoints.php?action=shop&shop_action=myitems" . $uidpart); } $query = $db->simple_select('newpoints_shop_items', '*', 'visible=1 AND iid IN (' . implode(',', array_unique($myitems)) . ')', array('limit' => "{$start}, {$per_page}")); while ($item = $db->fetch_array($query)) { if ($newrow === true) { $trstart = '<tr>'; $trend = ''; $newrow = false; } elseif ($newrow === false) { $trstart = ''; $trend = '</tr>'; $newrow = true; } if ($sellable === true && $item['sellable']) { if ($sendable === true && $item['sendable']) { $tdstart = '<td width="50%">'; } else { $tdstart = '<td width="100%">'; } $sell = $tdstart . '<form action="newpoints.php" method="POST"><input type="hidden" name="action" value="do_shop"><input type="hidden" name="shop_action" value="sell"><input type="hidden" name="iid" value="' . $item['iid'] . '"><input type="hidden" name="postcode" value="' . $mybb->post_code . '"><input type="submit" name="submit" value="' . $lang->newpoints_shop_sell . '"></form></td>'; } else { $sell = ''; } if ($sendable === true && $item['sendable']) { if ($sell == '') { $tdstart = '<td width="100%">'; } else { $tdstart = '<td width="50%">'; } $send = $tdstart . '<form action="newpoints.php" method="POST"><input type="hidden" name="action" value="do_shop"><input type="hidden" name="shop_action" value="send"><input type="hidden" name="iid" value="' . $item['iid'] . '"><input type="hidden" name="postcode" value="' . $mybb->post_code . '"><input type="submit" name="submit" value="' . $lang->newpoints_shop_send . '"></form></td>'; } else { $send = ''; } if (!$send && !$sell) { $send = $lang->newpoints_shop_no_options; } $item['description'] = $parser->parse_message($item['description'], $parser_options); // check group rules - primary group check $grouprules = newpoints_getrules('group', $mybb->user['usergroup']); if (!$grouprules) { $grouprules['items_rate'] = 1.0; } // no rule set so default income rate is 1 // if the group items rate is 0, the price of the item is 0 if (floatval($grouprules['items_rate']) == 0) { $item['price'] = 0; } else { $item['price'] = $item['price'] * floatval($grouprules['items_rate']); } $item['price'] = newpoints_format_points($item['price']); $item['quantity'] = count(array_keys($myitems, $item['iid'])); // build icon if ($item['icon'] != '') { $item['icon'] = htmlspecialchars_uni($item['icon']); $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $item['icon'] . '">'; } else { $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/images/newpoints/default.png">'; } $bgcolor = alt_trow(); $invert_bgcolor = alt_trow(); eval("\$items .= \"" . $trstart . $templates->get('newpoints_shop_myitems_item') . $trend . "\";"); } if (!$items) { eval("\$items = \"" . $templates->get('newpoints_shop_myitems_no_items') . "\";"); } else { if ($newrow === false) { eval("\$items .= \"" . $templates->get('newpoints_shop_myitems_item_empty') . "</tr>" . "\";"); $newrow = true; } } } else { eval("\$items = \"" . $templates->get('newpoints_shop_myitems_no_items') . "\";"); } eval("\$page = \"" . $templates->get('newpoints_shop_myitems') . "\";"); } else { // check group rules - primary group check $grouprules = newpoints_getrules('group', $mybb->user['usergroup']); if (!$grouprules) { $grouprules['items_rate'] = 1.0; } // no rule set so default income rate is 1 // if the group items rate is 0, the price of the item is 0 $itemsrate = floatval($grouprules['items_rate']); global $cats, $items; // get categories $query = $db->simple_select('newpoints_shop_categories', '*', '', array('order_by' => 'disporder', 'order_dir' => 'ASC')); while ($cat = $db->fetch_array($query)) { $categories[$cat['cid']] = $cat; } // get items and store them in their categories $query = $db->simple_select('newpoints_shop_items', '*', 'visible=1 AND cid>0', array('order_by' => 'disporder', 'order_dir' => 'ASC')); while ($item = $db->fetch_array($query)) { $items_array[$item['cid']][$item['iid']] = $item; } $cats = ''; $bgcolor = ''; $bgcolor = alt_trow(); // build items and categories if (!empty($categories)) { foreach ($categories as $cid => $category) { $items = ''; if ($category['items'] > 0 && !empty($items_array[$category['cid']])) { foreach ($items_array as $cid => $member) { if ($cid != $category['cid']) { continue; } $bgcolor = alt_trow(); foreach ($member as $iid => $item) { // skip hidden items if ($item['visible'] == 0) { continue; } if ($item['infinite'] == 1) { $item['stock'] = $lang->newpoints_shop_infinite; } if ($item['price'] > $mybb->user['newpoints']) { $enough_money = false; } else { $enough_money = true; } $item['name'] = htmlspecialchars_uni($item['name']); $item['description'] = htmlspecialchars_uni($item['description']); $item['price'] = newpoints_format_points($item['price'] * $itemsrate); // build icon if ($item['icon'] != '') { $item['icon'] = htmlspecialchars_uni($item['icon']); $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $item['icon'] . '">'; } else { $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/images/newpoints/default.png">'; } if (!$enough_money) { $item['price'] = '<span style="color: #FF0000;">' . $item['price'] . '</span>'; } eval("\$items .= \"" . $templates->get('newpoints_shop_item') . "\";"); } } } else { eval("\$items = \"" . $templates->get('newpoints_shop_no_items') . "\";"); } // if it's not visible, don't show it if ($category['visible'] == 0) { continue; } // check if we have permissions to view the category if (!newpoints_shop_check_permissions($category['usergroups'])) { continue; } // Expanded by default feature global $extdisplay, $expcolimage, $expdisplay, $expaltext, $icon; $expdisplay = ''; if (intval($category['expanded']) == 0) { $expcolimage = "collapse_collapsed.gif"; $expdisplay = "display: none;"; $expaltext = "[+]"; } else { $expcolimage = "collapse.gif"; $expaltext = "[-]"; } // build icon if ($category['icon'] != '') { $category['icon'] = htmlspecialchars_uni($category['icon']); $category['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $category['icon'] . '" style="vertical-align:middle">'; } // sanitize html $category['description'] = htmlspecialchars_uni($category['description']); $category['name'] = htmlspecialchars_uni($category['name']); eval("\$cats .= \"" . $templates->get('newpoints_shop_category') . "\";"); } } else { eval("\$cats = \"" . $templates->get('newpoints_shop_no_cats') . "\";"); } eval("\$page = \"" . $templates->get('newpoints_shop') . "\";"); } $plugins->run_hooks("newpoints_shop_end"); // output page output_page($page); } }
function cloudflare_moderation_start() { global $mybb, $db, $cache, $fid, $pid; if (!$mybb->settings['cloudflare_postbit_spam'] || $mybb->input['action'] != 'cloudflare_report_spam') { return; } if (!$mybb->input['pid']) { error($lang->error_invalidpost); } $pid = intval($mybb->input['pid']); if (!$mybb->input['fid']) { error($lang->error_invalidforum); } $fid = intval($mybb->input['fid']); if (!is_moderator($fid)) { error_no_permission(); } $query = $db->query("\n\t\tSELECT p.uid, p.username, u.email, p.message, p.ipaddress, p.tid\n\t\tFROM " . TABLE_PREFIX . "posts p\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=p.uid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "forums f ON (f.fid=p.fid)\n\t\tWHERE p.pid = '{$pid}'\n\t"); $post = $db->fetch_array($query); if (!$post) { error($lang->error_invalidpost); } if (!$mybb->input['my_post_key']) { error_no_permission(); } verify_post_check($mybb->input['my_post_key']); $spammer = get_user($post['uid']); $data = array("a" => $spammer['username'], "am" => $spammer['email'], "ip" => $post['ipaddress'], "con" => substr($post['message'], 0, 100)); $data = urlencode(json_encode($data)); cloudflare_report_spam($data); redirect(get_post_link($pid), "Spam successfully reported to CloudFlare. You may now ban the spammer."); }
function mysupport_modcp_support_denial() { global $mybb; if ($mybb->settings['enablemysupport'] != 1) { return; } global $db, $cache, $lang, $theme, $templates, $headerinclude, $header, $footer, $modcp_nav, $mod_log_action, $redirect; $lang->load("mysupport"); if ($mybb->input['action'] == "supportdenial") { if (!mysupport_usergroup("canmanagesupportdenial")) { error_no_permission(); } add_breadcrumb($lang->nav_modcp, "modcp.php"); add_breadcrumb($lang->support_denial, "modcp.php?action=supportdenial"); if ($mybb->input['do'] == "do_denysupport") { verify_post_check($mybb->input['my_post_key']); if ($mybb->settings['enablemysupportsupportdenial'] != 1) { mysupport_error($lang->support_denial_not_enabled); exit; } // get username from UID // this is if we're revoking via the list of denied users, we specify a UID here if ($mybb->input['uid']) { $uid = intval($mybb->input['uid']); $user = get_user($uid); $username = $user['username']; } elseif ($mybb->input['username']) { $username = $db->escape_string($mybb->input['username']); $query = $db->simple_select("users", "uid", "username = '******'"); $uid = $db->fetch_field($query, "uid"); } if (!$uid || !$username) { mysupport_error($lang->support_denial_reason_invalid_user); exit; } if (isset($mybb->input['deniedsupportreason'])) { $deniedsupportreason = intval($mybb->input['deniedsupportreason']); } else { $deniedsupportreason = 0; } if ($mybb->input['tid'] != 0) { $tid = intval($mybb->input['tid']); $thread_info = get_thread($tid); $fid = $thread_info['fid']; $redirect_url = get_thread_link($tid); } else { $redirect_url = "modcp.php?action=supportdenial"; } $mod_log_action = ""; $redirect = ""; $mysupport_cache = $cache->read("mysupport"); // -1 is if we're revoking and 0 is no reason, so those are exempt if (!array_key_exists($deniedsupportreason, $mysupport_cache['deniedreasons']) && $deniedsupportreason != -1 && $deniedsupportreason != 0) { mysupport_error($lang->support_denial_reason_invalid_reason); exit; } elseif ($deniedsupportreason == -1) { $update = array("deniedsupport" => 0, "deniedsupportreason" => 0, "deniedsupportuid" => 0); $db->update_query("users", $update, "uid = '" . intval($uid) . "'"); $update = array("closed" => 0, "closedbymysupport" => 0); $mysupport_forums = implode(",", array_map("intval", mysupport_forums())); $db->update_query("threads", $update, "uid = '" . intval($uid) . "' AND fid IN (" . $db->escape_string($mysupport_forums) . ") AND closed = '1' AND closedbymysupport = '2'"); mysupport_mod_log_action(11, $lang->sprintf($lang->deny_support_revoke_mod_log, $username)); mysupport_redirect_message($lang->sprintf($lang->deny_support_revoke_success, htmlspecialchars_uni($username))); } else { $update = array("deniedsupport" => 1, "deniedsupportreason" => intval($deniedsupportreason), "deniedsupportuid" => intval($mybb->user['uid'])); $db->update_query("users", $update, "uid = '" . intval($uid) . "'"); if ($mybb->settings['mysupportclosewhendenied'] == 1) { $update = array("closed" => 1, "closedbymysupport" => 2); $mysupport_forums = implode(",", array_map("intval", mysupport_forums())); $db->update_query("threads", $update, "uid = '" . intval($uid) . "' AND fid IN (" . $db->escape_string($mysupport_forums) . ") AND closed = '0'"); } if ($deniedsupportreason != 0) { $deniedsupportreason = $db->fetch_field($query, "name"); mysupport_mod_log_action(11, $lang->sprintf($lang->deny_support_mod_log_reason, $username, $deniedsupportreason)); } else { mysupport_mod_log_action(11, $lang->sprintf($lang->deny_support_mod_log, $username)); } mysupport_redirect_message($lang->sprintf($lang->deny_support_success, htmlspecialchars_uni($username))); } if (!empty($mod_log_action)) { $mod_log_data = array("fid" => intval($fid), "tid" => intval($tid)); log_moderator_action($mod_log_data, $mod_log_action); } redirect($redirect_url, $redirect); } elseif ($mybb->input['do'] == "denysupport") { if ($mybb->settings['enablemysupportsupportdenial'] != 1) { mysupport_error($lang->support_denial_not_enabled); exit; } $uid = intval($mybb->input['uid']); $tid = intval($mybb->input['tid']); $user = get_user($uid); $username = $user['username']; $user_link = build_profile_link(htmlspecialchars_uni($username), intval($uid), "blank"); if ($mybb->input['uid']) { $deny_support_to = $lang->sprintf($lang->deny_support_to, htmlspecialchars_uni($username)); } else { $deny_support_to = $lang->deny_support_to_user; } add_breadcrumb($deny_support_to); $deniedreasons = ""; $deniedreasons .= "<label for=\"deniedsupportreason\">{$lang->reason}:</label> <select name=\"deniedsupportreason\" id=\"deniedsupportreason\">\n"; // if they've not been denied support yet or no reason was given, show an empty option that will be selected if ($user['deniedsupport'] == 0 || $user['deniedsupportreason'] == 0) { $deniedreasons .= "<option value=\"0\"></option>\n"; } $mysupport_cache = $cache->read("mysupport"); if (!empty($mysupport_cache['deniedreasons'])) { // if there's one or more reasons set, show them in a dropdown foreach ($mysupport_cache['deniedreasons'] as $deniedreasons) { $selected = ""; // if a reason has been given, we'd be editing it, so this would select the current one if ($user['deniedsupport'] == 1 && $user['deniedsupportreason'] == $deniedreason['mid']) { $selected = " selected=\"selected\""; } $deniedreasons .= "<option value=\"" . intval($deniedreason['mid']) . "\"{$selected}>" . htmlspecialchars_uni($deniedreason['name']) . "</option>\n"; } } $deniedreasons .= "<option value=\"0\">{$lang->support_denial_reasons_none}</option>\n"; // if they've been denied support, give an option to revoke it if ($user['deniedsupport'] == 1) { $deniedreasons .= "<option value=\"0\">-----</option>\n"; $deniedreasons .= "<option value=\"-1\">{$lang->revoke}</option>\n"; } $deniedreasons .= "</select>\n"; eval("\$deny_support = \"" . $templates->get('mysupport_deny_support_deny') . "\";"); eval("\$deny_support_page = \"" . $templates->get('mysupport_deny_support') . "\";"); output_page($deny_support_page); } else { $query = $db->write_query("\r\n\t\t\t\tSELECT u1.username AS support_denied_username, u1.uid AS support_denied_uid, u2.username AS support_denier_username, u2.uid AS support_denier_uid, m.name AS support_denied_reason\r\n\t\t\t\tFROM " . TABLE_PREFIX . "users u\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "mysupport m ON (u.deniedsupportreason = m.mid)\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u1 ON (u1.uid = u.uid)\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u2 ON (u2.uid = u.deniedsupportuid)\r\n\t\t\t\tWHERE u.deniedsupport = '1'\r\n\t\t\t\tORDER BY u1.username ASC\r\n\t\t\t"); if ($db->num_rows($query) > 0) { while ($denieduser = $db->fetch_array($query)) { $bgcolor = alt_trow(); $support_denied_user = build_profile_link(htmlspecialchars_uni($denieduser['support_denied_username']), intval($denieduser['support_denied_uid'])); $support_denier_user = build_profile_link(htmlspecialchars_uni($denieduser['support_denier_username']), intval($denieduser['support_denier_uid'])); if (empty($denieduser['support_denied_reason'])) { $support_denial_reason = $lang->support_denial_no_reason; } else { $support_denial_reason = $denieduser['support_denied_reason']; } eval("\$denied_users .= \"" . $templates->get('mysupport_deny_support_list_user') . "\";"); } } else { $denied_users = "<tr><td class=\"trow1\" align=\"center\" colspan=\"5\">{$lang->support_denial_no_users}</td></tr>"; } eval("\$deny_support = \"" . $templates->get('mysupport_deny_support_list') . "\";"); eval("\$deny_support_page = \"" . $templates->get('mysupport_deny_support') . "\";"); output_page($deny_support_page); } } }
function hello_new() { global $mybb; // If we're not running the 'hello' action as specified in our form, get out of there. if ($mybb->get_input('action') != 'hello') { return; } // Only accept POST if ($mybb->request_method != 'post') { error_no_permission(); } global $lang; // Correct post key? This is important to prevent CSRF verify_post_check($mybb->get_input('my_post_key')); // Load our language file $lang->load('hello'); $message = trim($mybb->get_input('message')); // Message cannot be empty if (!$message || my_strlen($message) > 100) { error($lang->hello_message_empty); } global $db; // Escape input data $message = $db->escape_string($message); // Insert into database $db->insert_query('hello_messages', array('message' => $message)); // Redirect to index.php with a message redirect('index.php', $lang->hello_done); }
function hook_newpoints_do_shop_start() { global $mybb, $db, $lang, $cache, $theme, $header, $templates, $plugins, $headerinclude, $footer, $options, $inline_errors; if ($mybb->get_input('shop_action') == 'buy_sticky') { $do = false; } elseif ($mybb->get_input('shop_action') == 'do_buy_sticky') { $do = true; } else { return false; } if ($do) { $plugins->run_hooks('newpoints_shop_do_buy_sticky_start'); } else { $plugins->run_hooks('newpoints_shop_buy_sticky_start'); } if (!($item = newpoints_shop_get_item($mybb->get_input('iid', 1)))) { error($lang->newpoints_shop_invalid_item); } if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if (!$item['visible'] || !$cat['visible']) { error_no_permission(); } if (!$item['buy_sticky'] || $item['buy_sticky_time'] < 1) { error_no_permission(); } $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { error($lang->newpoints_shop_inventory_empty); } $key = array_search($item['iid'], $myitems); if ($key === false) { error($lang->newpoints_shop_selected_item_not_owned); } $this->load_language(); if ($do) { // ~~~ @ https://github.com/PaulBender/Move-Posts/blob/master/inc/plugins/moveposts.php#L217 // if ($db->table_exists('google_seo')) { $regexp = "{$mybb->settings['bburl']}/{$mybb->settings['google_seo_url_threads']}"; if ($regexp) { $regexp = preg_quote($regexp, '#'); $regexp = str_replace('\\{\\$url\\}', '([^./]+)', $regexp); $regexp = str_replace('\\{url\\}', '([^./]+)', $regexp); $regexp = "#^{$regexp}\$#u"; } $url = $mybb->get_input('threadurl'); $url = preg_replace('/^([^#?]*)[#?].*$/u', '\\1', $url); $url = preg_replace($regexp, '\\1', $url); $url = urldecode($url); $query = $db->simple_select('google_seo', 'id', "idtype='4' AND url='{$db->escape_string($url)}'"); $redeemtid = $db->fetch_field($query, 'id'); } $realurl = explode('#', $mybb->get_input('threadurl')); $mybb->input['threadurl'] = $realurl[0]; if (substr($mybb->get_input('threadurl'), -4) == 'html') { preg_match('#thread-([0-9]+)?#i', $mybb->get_input('threadurl'), $threadmatch); preg_match('#post-([0-9]+)?#i', $mybb->get_input('threadurl'), $postmatch); if ($threadmatch[1]) { $parameters['tid'] = $threadmatch[1]; } if ($postmatch[1]) { $parameters['pid'] = $postmatch[1]; } } else { $splitloc = explode('.php', $mybb->get_input('threadurl')); $temp = explode('&', my_substr($splitloc[1], 1)); if (!empty($temp)) { for ($i = 0; $i < count($temp); $i++) { $temp2 = explode('=', $temp[$i], 2); $parameters[$temp2[0]] = $temp2[1]; } } else { $temp2 = explode('=', $splitloc[1], 2); $parameters[$temp2[0]] = $temp2[1]; } } if ($parameters['pid'] && !$parameters['tid']) { $query = $db->simple_select('posts', '*', "pid='" . (int) $parameters['pid'] . "'"); $post = $db->fetch_array($query); $redeemtid = $post['tid']; } elseif ($parameters['tid']) { $redeemtid = $parameters['tid']; } $thread = get_thread($redeemtid); // ~~~ // if (!$thread['tid'] || !$thread['visible'] || $thread['deletetime']) { error($lang->newpoints_buy_sticky_redeem_error_invalid); } if ($thread['sticky']) { error($lang->newpoints_buy_sticky_redeem_error_alreadystickied); } if ($thread['closed']) { error($lang->newpoints_buy_sticky_redeem_error_closedthread); } if ($thread['uid'] != $mybb->user['uid']) { error($lang->newpoints_buy_sticky_redeem_error_wronguser); } // We need more extensive permission checkings here late on.. require_once MYBB_ROOT . 'inc/class_moderation.php'; $moderation = new Moderation(); $lang->load('moderation'); $moderation->stick_threads($thread['tid']); log_moderator_action(array('fid' => $thread['fid'], 'tid' => $thread['tid']), $lang->sprintf($lang->mod_process, $lang->stuck)); newpoints_log('buy_sticky', $mybb->settings['bburl'] . '/' . get_thread_link($thread['tid']), $mybb->user['username'], $mybb->user['uid']); $rundate = TIME_NOW + $item['buy_sticky_time'] * 86400; $did = $db->insert_query("delayedmoderation", array('type' => $db->escape_string('stick'), 'delaydateline' => (int) $rundate, 'uid' => (int) $mybb->user['uid'], 'tids' => (int) $thread['tid'], 'fid' => (int) $thread['fid'], 'dateline' => TIME_NOW, 'inputs' => $db->escape_string(my_serialize(array('new_forum' => (int) $thread['fid'], 'method' => 'move', 'redirect_expire' => ''))))); $plugins->run_hooks('moderation_do_delayedmoderation'); // remove item from our inventory unset($myitems[$key]); sort($myitems); $db->update_query('users', array('newpoints_items' => serialize($myitems)), "uid='" . (int) $mybb->user['uid'] . "'"); $plugins->run_hooks('newpoints_shop_do_buy_sticky_end'); $message = $lang->sprintf($lang->newpoints_buy_sticky_redeem_done, my_date('relative', $rundate, '', 2)); redirect($mybb->settings['bburl'] . '/newpoints.php?action=shop&shop_action=myitems', $message, $lang->newpoints_buy_sticky_redeem_done_title); } else { $lang->newpoints_shop_action = $lang->newpoints_buy_sticky_redeem_title; $item['name'] = htmlspecialchars_uni($item['name']); global $shop_action, $data, $colspan; $colspan = 2; $shop_action = 'do_buy_sticky'; $fields = '<input type="hidden" name="iid" value="' . $item['iid'] . '">'; $data = "<td class=\"trow1\" width=\"50%\"><strong>" . $lang->newpoints_buy_sticky_redeem_thread . ":</strong><br /><small>" . $lang->newpoints_buy_sticky_redeem_message . "</small></td><td class=\"trow1\" width=\"50%\"><input type=\"text\" class=\"textbox\" name=\"threadurl\" value=\"\"></td>"; $plugins->run_hooks('newpoints_shop_buy_sticky_end'); $page = eval($templates->render('newpoints_shop_do_action')); output_page($page); } exit; }
function mylikes_popup() { global $db, $mybb, $lang, $groupscache, $templates; if ($mybb->input['action'] == "likes_recount") { // Rebuild the cache for this post - the reputation/like counter may have changed if (!empty($mybb->input['pid'])) { JB_MyLikes_Like::cache($mybb->input['pid']); } exit; } if ($mybb->input['action'] != "likes") { return; } if (empty($mybb->input['pid']) || empty($mybb->input['uid'])) { error_no_permission(); } $lang->load("mylikes"); $pid = $mybb->get_input("pid"); $uid = $mybb->get_input("uid"); $query = $db->simple_select("reputation", "*", "uid={$uid} AND pid={$pid}"); $users = ""; while ($like = $db->fetch_array($query)) { $user = get_user($like['adduid']); $name = format_name($user['username'], $user['usergroup'], $user['displaygroup']); $profile_link = build_profile_link($name, $user['uid'], '_blank', 'if(window.opener) { window.opener.location = this.href; return false; }'); $send_pm = ''; if ($mybb->user['receivepms'] != 0 && $user['receivepms'] != 0 && $groupscache[$user['usergroup']]['canusepms'] != 0) { eval("\$send_pm = \"" . $templates->get("misc_buddypopup_user_sendpm") . "\";"); } if ($user['lastactive']) { $last_active = $lang->sprintf($lang->last_active, my_date('relative', $user['lastactive'])); } else { $last_active = $lang->sprintf($lang->last_active, $lang->never); } $user['avatar'] = format_avatar(htmlspecialchars_uni($user['avatar']), $user['avatardimensions'], '44x44'); $online_alt = alt_trow(); $users .= eval($templates->render("misc_mylikes_like")); } if (empty($users)) { $users = eval($templates->render("misc_mylikes_nolikes")); } echo eval($templates->render("misc_mylikes", 1, 0)); exit; }
function avatarep_popup() { global $lang, $mybb, $templates, $avatarep_popup, $db; if ($mybb->settings['avatarep_active'] == 0 || $mybb->settings['avatarep_active'] == 1 && $mybb->settings['avatarep_menu'] == 0) { return false; } if ($mybb->input['action'] == "avatarep_popup") { if ($mybb->usergroup['canviewprofiles'] == 0) { error_no_permission(); } $lang->load("member"); $lang->load("avatarep"); $uid = intval($mybb->input['uid']); $memprofile = get_user($uid); $memprofile['avatar'] = htmlspecialchars_uni($memprofile['avatar']); if (strlen(trim($memprofile['avatar'])) == 0) { $memprofile['avatar'] = "images/default_avatar.png"; } $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']); $usertitle = ""; if (!empty($memprofile['usertitle'])) { $usertitle = $memprofile['usertitle']; $usertitle = "({$usertitle})"; } $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']); $memprofile['postnum'] = my_number_format($memprofile['postnum']); $warning_link = "warnings.php?uid={$memprofile['uid']}"; $warning_level = round($memprofile['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100); $memlastvisitdate = my_date($mybb->settings['dateformat'], $memprofile['lastactive']); $memlastvisittime = my_date($mybb->settings['timeformat'], $memprofile['lastactive']); // User is currently online and this user has permissions to view the user on the WOL $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins'] * 60; $query = $db->simple_select("sessions", "location,nopermission", "uid='{$uid}' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1)); $session = $db->fetch_array($query); if (($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid']) && !empty($session)) { eval("\$online_status = \"" . $templates->get("member_profile_online") . "\";"); } else { eval("\$online_status = \"" . $templates->get("member_profile_offline") . "\";"); } eval("\$avatarep_popup = \"" . $templates->get("avatarep_popup") . "\";"); output_page($avatarep_popup); } }
function ougc_pages_show() { global $db, $ougc_pages, $lang, $templates, $mybb, $footer, $headerinclude, $header, $theme, $page, $category; // Load lang $ougc_pages->lang_load(); !$ougc_pages->invalid_page or error($lang->ougc_pages_error_invalidpage); !$ougc_pages->invalid_çategory or error($lang->ougc_pages_error_invalidçategory); !$ougc_pages->no_permission or error_no_permission(); // Load custom page language file if exists $lang->load('ougc_pages_' . $category['cid'], false, true); $lang->load('ougc_pages_' . $page['pid'], false, true); $category['name'] = htmlspecialchars_uni($category['name']); /*if($category['breadcrumb']) { add_breadcrumb($category['name'], $ougc_pages->get_category_link($category['cid'])); }`*/ add_breadcrumb($category['name'], $ougc_pages->get_category_link($category['cid'])); $gids = explode(',', $mybb->user['additionalgroups']); $gids[] = $mybb->user['usergroup']; $gids = array_filter(array_unique($gids)); $sqlwhere = 'visible=\'1\' AND cid=\'' . (int) $category['cid'] . '\' AND groups!=\'\' AND (groups=\'-1\''; switch ($db->type) { case 'pgsql': case 'sqlite': foreach ($gids as $gid) { $gid = (int) $gid; $sqlwhere .= ' OR \',\'||groups||\',\' LIKE \'%,' . $gid . ',%\''; } break; default: foreach ($gids as $gid) { $gid = (int) $gid; $sqlwhere .= ' OR CONCAT(\',\',groups,\',\') LIKE \'%,' . $gid . ',%\''; } break; } $sqlwhere .= ')'; /*$navigation = array('previous' => '', 'right' => 'next');*/ if (!empty($page)) { $title = $page['name'] = htmlspecialchars_uni($page['name']); $description = $page['description'] = htmlspecialchars_uni($page['description']); add_breadcrumb($page['name'], $ougc_pages->get_page_link($page['pid'])); /*if($category['navigation']) { $sqlwhere .= 'AND php!=\'1\' AND disporder'; $where = '<\''.(int)$page['disporder'].'\''; $query = $db->simple_select('ougc_pages', 'pid', $sqlwhere.$where, array('order_by' => 'disporder, name', 'limit' => 1)); $previous_page_id = (int)$db->fetch_field($query, 'pid'); if($previous_page_id) { $previous_link = $ougc_pages->get_page_link($previous_page_id); eval('$navigation[\'previous\'] = "'.$templates->get('ougcpages_navigation_previous').'";'); } $where = '>\''.(int)$page['disporder'].'\''; $query = $db->simple_select('ougc_pages', 'pid', $sqlwhere.$where, array('order_by' => 'disporder, name', 'limit' => 1)); $next_page_id = (int)$db->fetch_field($query, 'pid'); if($next_page_id) { $next_link = $ougc_pages->get_page_link($next_page_id); eval('$navigation[\'next\'] = "'.$templates->get('ougcpages_navigation_next').'";'); } }*/ $templates->cache['ougcpages_temporary_tmpl'] = $page['template']; #TODO: Add "Las updated on DATELINE..." to page eval('$content = "' . $templates->get('ougcpages_temporary_tmpl') . '";'); if ($page['wrapper']) { eval('$content = "' . $templates->get('ougcpages_wrapper') . '";'); } } else { $title = $category['name'] = htmlspecialchars_uni($category['name']); $description = $category['description'] = htmlspecialchars_uni($category['description']); $query = $db->simple_select('ougc_pages', '*', $sqlwhere, array('order_by' => 'disporder')); $page_list = ''; while ($page = $db->fetch_array($query)) { $page['name'] = htmlspecialchars_uni($page['name']); $page_link = $ougc_pages->get_page_link($page['pid']); eval('$page_list .= "' . $templates->get('ougcpages_category_list_item') . '";'); } if (!$page_list) { eval('$content = "' . $templates->get('ougcpages_category_list_empty') . '";'); } else { eval('$content = "' . $templates->get('ougcpages_category_list') . '";'); } eval('$content = "' . $templates->get('ougcpages_wrapper') . '";'); } /*if($category['navigation']) { eval('$content = "'.$templates->get('ougcpages_navigation').'";'); }*/ /*if($portal) { return $content; }*/ eval('$page = "' . $templates->get('ougcpages') . '";'); output_page($page); exit; }
function get_announcement_func($xmlrpc_params) { global $db, $lang, $mybb, $position, $plugins, $pids, $groupscache; $input = Tapatalk_Input::filterXmlInput(array('topic_id' => Tapatalk_Input::STRING, 'start_num' => Tapatalk_Input::INT, 'last_num' => Tapatalk_Input::INT, 'return_html' => Tapatalk_Input::INT), $xmlrpc_params); $parser = new Tapatalk_Parser(); // Load global language phrases $lang->load("announcements"); $aid = intval($_GET['aid']); // Get announcement fid $query = $db->simple_select("announcements", "fid", "aid='{$aid}'"); $announcement = $db->fetch_array($query); $plugins->run_hooks("announcements_start"); if (!$announcement) { error($lang->error_invalidannouncement); } // Get forum info $fid = $announcement['fid']; if ($fid > 0) { $forum = get_forum($fid); if (!$forum) { error($lang->error_invalidforum); } // Make navigation build_forum_breadcrumb($forum['fid']); // Permissions $forumpermissions = forum_permissions($forum['fid']); if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) { error_no_permission(); } // Check if this forum is password protected and we have a valid password check_forum_password($forum['fid']); } add_breadcrumb($lang->nav_announcements); $archive_url = build_archive_link("announcement", $aid); // Get announcement info $time = TIME_NOW; $query = $db->query("\n\t\tSELECT u.*, u.username AS userusername, a.*, f.*\n\t\tFROM " . TABLE_PREFIX . "announcements a\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=a.uid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfields f ON (f.ufid=u.uid)\n\t\tWHERE a.startdate<='{$time}' AND (a.enddate>='{$time}' OR a.enddate='0') AND a.aid='{$aid}'\n\t"); $announcementarray = $db->fetch_array($query); if (!$announcementarray) { error($lang->error_invalidannouncement); } // Gather usergroup data from the cache // Field => Array Key $data_key = array('title' => 'grouptitle', 'usertitle' => 'groupusertitle', 'stars' => 'groupstars', 'starimage' => 'groupstarimage', 'image' => 'groupimage', 'namestyle' => 'namestyle', 'usereputationsystem' => 'usereputationsystem'); foreach ($data_key as $field => $key) { $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field]; } $announcementarray['dateline'] = $announcementarray['startdate']; $announcementarray['userusername'] = $announcementarray['username']; $announcement = build_postbit($announcementarray, 3); $announcementarray['subject'] = $parser->parse_badwords($announcementarray['subject']); $lang->forum_announcement = $lang->sprintf($lang->forum_announcement, htmlspecialchars_uni($announcementarray['subject'])); if ($announcementarray['startdate'] > $mybb->user['lastvisit']) { $setcookie = true; if (isset($mybb->cookies['mybb']['announcements']) && is_scalar($mybb->cookies['mybb']['announcements'])) { $cookie = my_unserialize(stripslashes($mybb->cookies['mybb']['announcements'])); if (isset($cookie[$announcementarray['aid']])) { $setcookie = false; } } if ($setcookie) { my_set_array_cookie('announcements', $announcementarray['aid'], $announcementarray['startdate'], -1); } } $user_info = get_user($announcementarray['aid']); $icon_url = absolute_url($user_info['avatar']); // prepare xmlrpc return $xmlrpc_post = new xmlrpcval(array('topic_id' => new xmlrpcval('ann_' . $announcementarray['aid']), 'post_title' => new xmlrpcval(basic_clean($announcementarray['subject']), 'base64'), 'post_content' => new xmlrpcval(process_post($announcementarray['message'], $input['return_html']), 'base64'), 'post_author_id' => new xmlrpcval($announcementarray['uid']), 'post_author_name' => new xmlrpcval(basic_clean($announcementarray['username']), 'base64'), 'user_type' => new xmlrpcval(check_return_user_type($announcementarray['username']), 'base64'), 'icon_url' => new xmlrpcval(absolute_url($icon_url)), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($announcementarray['dateline']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($announcementarray['dateline'], 'string')), 'struct'); $result = array('total_post_num' => new xmlrpcval(1, 'int'), 'can_reply' => new xmlrpcval(false, 'boolean'), 'can_subscribe' => new xmlrpcval(false, 'boolean'), 'posts' => new xmlrpcval(array($xmlrpc_post), 'array')); return new xmlrpcresp(new xmlrpcval($result, 'struct')); }
function ougc_awards_modcp() { global $mybb, $modcp_nav, $templates, $lang, $awards; $permission = (bool) ($mybb->settings['ougc_awards_modcp'] && ($mybb->settings['ougc_awards_modgroups'] == -1 || $mybb->settings['ougc_awards_modgroups'] && $awards->check_groups($mybb->settings['ougc_awards_modgroups'], false))); if ($permission) { $awards->lang_load(); eval('$awards_nav = "' . $templates->get('ougcawards_modcp_nav') . '";'); $modcp_nav = str_replace('<!--OUGC_AWARDS-->', $awards_nav, $modcp_nav); } if ($mybb->input['action'] != 'awards') { return; } $permission or error_no_permission(); $awards->lang_load(); global $headerinclude, $header, $theme, $footer, $db; add_breadcrumb($lang->ougc_awards_modcp_nav, $awards->build_url()); $error = array(); $errors = ''; // We can give awards from the ModCP if ($mybb->input['manage'] == 'give') { if (!($award = $awards->get_award($mybb->input['aid']))) { error($lang->ougc_awards_error_wrongaward); } add_breadcrumb(strip_tags($award['name'])); add_breadcrumb($lang->ougc_awards_modcp_give); if (!$award['visible']) { error($lang->ougc_awards_error_wrongaward); } if ($mybb->request_method == 'post') { if (!($user = $awards->get_user_by_username($mybb->input['username']))) { $errors = inline_error($lang->ougc_awards_error_invaliduser); } elseif ($awards->get_gived_award($award['aid'], $user['uid'])) { $errors = inline_error($lang->ougc_awards_error_give); } elseif (!$awards->can_edit_user($user['uid'])) { $errors = inline_error($lang->ougc_awards_error_giveperm); } else { $awards->give_award($award, $user, $mybb->input['reason']); $awards->log_action(); $awards->redirect($lang->ougc_awards_redirect_gived); } } $lang->ougc_awards_modcp_title_give = $lang->sprintf($lang->ougc_awards_modcp_title_give, $awards->get_award_info('name', $award['aid'], $award['name'])); eval('$reason = "' . $templates->get('ougcawards_modcp_manage_reason') . '";'); eval('$content = "' . $templates->get('ougcawards_modcp_manage') . '";'); eval('$page = "' . $templates->get('ougcawards_modcp') . '";'); output_page($page); exit; } elseif ($mybb->input['manage'] == 'revoke') { if (!($award = $awards->get_award($mybb->input['aid']))) { error($lang->ougc_awards_error_wrongaward); } add_breadcrumb(strip_tags($award['name'])); add_breadcrumb($lang->ougc_awards_modcp_revoke); if (!$award['visible']) { error($lang->ougc_awards_error_wrongaward); } if ($mybb->request_method == 'post') { if (!($user = $awards->get_user_by_username($mybb->input['username']))) { $errors = inline_error($lang->ougc_awards_error_invaliduser); } elseif (!$awards->get_gived_award($award['aid'], $user['uid'])) { $errors = inline_error($lang->ougc_awards_error_notgive); } elseif (!$awards->can_edit_user($user['uid'])) { $errors = inline_error($lang->ougc_awards_error_giveperm); } else { $awards->revoke_award($award['aid'], $user['uid']); $awards->log_action(); $awards->redirect($lang->ougc_awards_redirect_revoked); } } $lang->ougc_awards_modcp_title_give = $lang->sprintf($lang->ougc_awards_modcp_title_give, $awards->get_award_info('name', $award['aid'], $award['name'])); $lang->ougc_awards_modcp_give = $lang->ougc_awards_modcp_revoke; eval('$content = "' . $templates->get('ougcawards_modcp_manage') . '";'); eval('$page = "' . $templates->get('ougcawards_modcp') . '";'); output_page($page); exit; } else { $limit = (int) $mybb->settings['ougc_awards_perpage']; $limit = $limit > 100 ? 100 : ($limit < 1 ? 1 : $limit); $mybb->input['page'] = (int) $mybb->input['page']; if ($mybb->input['page'] && $mybb->input['page'] > 0) { $start = ($mybb->input['page'] - 1) * $limit; } else { $start = 0; $mybb->input['page'] = 1; } $awardlist = $multipage = ''; $query = $db->simple_select('ougc_awards', '*', 'visible=\'1\'', array('limit_start' => $start, 'limit' => $limit)); if (!$db->num_rows($query)) { eval('$awardlist = "' . $templates->get('ougcawards_modcp_list_empty') . '";'); } else { while ($award = $db->fetch_array($query)) { $trow = alt_trow(); $award['aid'] = (int) $award['aid']; $award['image'] = $awards->get_award_icon($award['aid']); if ($name = $awards->get_award_info('name', $award['aid'])) { $award['name'] = $name; } if ($description = $awards->get_award_info('description', $award['aid'])) { $award['description'] = $description; } eval('$awardlist .= "' . $templates->get('ougcawards_modcp_list_award') . '";'); } $query = $db->simple_select('ougc_awards', 'COUNT(aid) AS awards', $where); $awardscount = (int) $db->fetch_field($query, 'awards'); $multipage = multipage($awardscount, $limit, $mybb->input['page'], $awards->build_url()); isset($multipage) or $multipage = ''; } eval('$content = "' . $templates->get('ougcawards_modcp_list') . '".$multipage;'); eval('$page = "' . $templates->get('ougcawards_modcp') . '";'); output_page($page); exit; } }
public function member_profile_start() { global $mybb; if (!$mybb->settings['mppermissionsenabled'] || !$mybb->usergroup['canviewprofiles']) { return; } $memprofile = false; $uid = $mybb->get_input('uid', 1); if ($uid) { $memprofile = get_user($uid); } elseif ($mybb->user['uid']) { $memprofile = $mybb->user; } if ($mybb->settings['mppermissionsgroups'] != -1 && !is_member($mybb->settings['mppermissionsgroups'], array('usergroup' => $memprofile['usergroup'], 'additionalgroups' => $memprofile['additionalgroups']))) { return; } if (!$memprofile || !$memprofile['myprofilepermissions'] || $mybb->user['uid'] == $memprofile['uid'] || $mybb->usergroup['caneditprofiles']) { return; } require_once MYBB_ROOT . 'inc/functions_modcp.php'; if (modcp_can_manage_user($memprofile['uid'])) { return; } if ($memprofile['myprofilepermissions'] == 1 || !$memprofile['buddylist'] && !$memprofile['ignorelist']) { error_no_permission(); } if (my_strpos(',' . $memprofile['ignorelist'] . ',', ',' . $mybb->user['uid'] . ',') !== false) { error_no_permission(); } if (!my_strpos(',' . $memprofile['buddylist'] . ',', ',' . $mybb->user['uid'] . ',') !== false) { error_no_permission(); } }
public function modcp_start() { global $mybb, $lang, $theme, $settings, $templates, $headerinclude, $header, $modcp_nav; if (isset($mybb->input["action"]) && is_string($mybb->input["action"])) { $action = $mybb->input["action"]; if ($action == "myprofilecomments") { if ($mybb->usergroup["canmanagecomments"] == "0") { error_no_permission(); } else { add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=myprofile"); eval("\$myprofile = \"" . $templates->get("myprofile_comments_modcp_start") . "\";"); output_page($myprofile); } } } }
$lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes); } error($lang->error_emailflooding); } } $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='" . $mybb->get_input('uid', MyBB::INPUT_INT) . "'"); $to_user = $db->fetch_array($query); $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']); if (!$to_user['uid']) { error($lang->error_invaliduser); } if ($to_user['hideemail'] != 0) { error($lang->error_hideemail); } if ($to_user['ignorelist'] && (my_strpos("," . $to_user['ignorelist'] . ",", "," . $mybb->user['uid'] . ",") !== false && $mybb->usergroup['cansendemailoverride'] != 1)) { error_no_permission(); } if (isset($errors) && count($errors) > 0) { $errors = inline_error($errors); $fromname = htmlspecialchars_uni($mybb->get_input('fromname')); $fromemail = htmlspecialchars_uni($mybb->get_input('fromemail')); $subject = htmlspecialchars_uni($mybb->get_input('subject')); $message = htmlspecialchars_uni($mybb->get_input('message')); } else { $errors = ''; $fromname = ''; $fromemail = ''; $subject = ''; $message = ''; } // Generate CAPTCHA?
/** * Modal box for changing the post author. * * */ function accountswitcher_author() { global $mybb, $pid, $tid, $post, $db, $theme, $eas, $headerinclude, $lang, $templates, $postlink, $userUid, $attachedUser, $as_author_userbit, $cancel; // If user author change or mod author change if ($mybb->input['changeauthor'] == 1 && $mybb->settings['aj_changeauthor'] == 1 || $mybb->input['adminauthor'] == 1 && $mybb->settings['aj_admin_changeauthor'] == 1) { // No post author and no mod permissions? if ($mybb->user['uid'] != $post['uid'] && !is_moderator($post['fid'])) { error_no_permission(); } if (!isset($lang->aj_changeauthor_headline)) { $lang->load("accountswitcher"); } $pid = (int) $pid; $postlink = htmlspecialchars_decode(get_post_link($pid, $tid) . '#pid' . $pid); $author_admin = $author = ''; $cancel = '$.modal.close(); return false;'; // Get the attached users if ($mybb->user['uid'] != 0) { // Get the number of users attached to this account $count = $eas->get_attached($post['uid']); // Author moderation if ($mybb->input['adminauthor'] == 1 && $mybb->settings['aj_admin_changeauthor'] == 1) { // Search und set new author $lang->load("global"); $author_admin .= '<div class="modal">' . eval($templates->render('accountswitcher_author_admin')) . '</div>'; } elseif ($mybb->input['changeauthor'] == 1) { $selected = ''; // If there are users attached and the current user can use the Enhanced Account Switcher... if ($mybb->usergroup['as_canswitch'] == 1 && $count > 0) { $userUid = (int) $mybb->user['uid']; $attachedUser = htmlspecialchars_uni($mybb->user['username']); $as_author_userbit .= eval($templates->render('accountswitcher_author_selfbit')); $accounts = $eas->accountswitcher_cache; if (is_array($accounts)) { // Sort accounts by first, secondary, shared accounts and by uid or username $accounts = $eas->sort_attached(); // Get all attached accounts foreach ($accounts as $key => $account) { if ($account['as_uid'] == $mybb->user['uid']) { if ($count > 0) { $userUid = (int) $account['uid']; $attachedUser = htmlspecialchars_uni($account['username']); $as_author_userbit .= eval($templates->render('accountswitcher_author_userbit')); } } } } } // If there are no users attached to current account but the current account is attached to another user if ($count == 0 && $mybb->user['as_uid'] != 0) { // Get the master $master = get_user($mybb->user['as_uid']); // Get masters permissions $permission = user_permissions($master['uid']); // If the master has permission to use the Enhanced Account Switcher, get the userlist if ($permission['as_canswitch'] == 1) { // Create link to master $userUid = (int) $master['uid']; $attachedUser = htmlspecialchars_uni($master['username']); $as_author_userbit .= eval($templates->render('accountswitcher_author_userbit')); // Get all users attached to master from the cache $accounts = $eas->accountswitcher_cache; if (is_array($accounts)) { foreach ($accounts as $key => $account) { // Leave current user out if ($account['uid'] == $mybb->user['uid']) { continue; } if ($account['as_uid'] == $master['uid']) { $userUid = (int) $account['uid']; $attachedUser = htmlspecialchars_uni($account['username']); $as_author_userbit .= eval($templates->render('accountswitcher_author_userbit')); } } } } } } // Build the page $author .= '<div class="modal">' . eval($templates->render('accountswitcher_author_change')) . '</div>'; // For author moderation check permissions and use another form if ($mybb->input['adminauthor'] == 1) { if ($mybb->settings['aj_admin_changegroup'] == 'admin' && $mybb->usergroup['cancp'] != 1 || $mybb->settings['aj_admin_changegroup'] == 'supermods' && $mybb->usergroup['issupermod'] != 1 || $mybb->settings['aj_admin_changegroup'] == 'mods' && !is_moderator($post['fid'])) { error_no_permission(); } $author = $author_admin; } echo $author; exit; } } }