/**
* Returns a nice <select> list of forums, complete with displayorder, parenting and depth information
*
* @param string Optional name of the first <option>
* @param boolean Show the top <option> or not
* @param boolean Display an <option> labelled 'Select a forum'
* @param string Name of can_moderate() option to check for each forum - if 'none', show all forums
* @param string Character(s) to use to indicate forum depth
* @param boolean Show '(no posting)' after title of category-type forums
*
* @return array Array for use in building a <select> to show options
*/
function fetch_moderator_forum_options($topname = NULL, $displaytop = true, $displayselectforum = false, $permcheck = '', $depthmark = '--', $show_no_posting = true)
{
global $vbphrase, $vbulletin;
$select_options = array();
if ($displayselectforum) {
$selectoptions[0] = $vbphrase['select_forum'];
$selectedid = 0;
}
if ($displaytop) {
$select_options['-1'] = $topname === NULL ? $vbphrase['no_one'] : $topname;
$startdepth = $depthmark;
} else {
$startdepth = '';
}
foreach ($vbulletin->forumcache as $forum) {
$perms = fetch_permissions($forum['forumid']);
if (!($perms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
continue;
}
if (empty($forum['link'])) {
if ($permcheck == 'none' or can_moderate($forum['forumid'], $permcheck)) {
$select_options["{$forum['forumid']}"] = str_repeat($depthmark, $forum['depth']) . "{$startdepth} {$forum['title']}";
if ($show_no_posting) {
$select_options["{$forum['forumid']}"] .= ' ' . ($forum['options'] & $vbulletin->bf_misc_forumoptions['allowposting'] ? '' : " ({$vbphrase['no_posting']})") . " {$forum['allowposting']}";
}
}
}
}
return $select_options;
}
/**
* Creates new thread or gives error and then redirects user
*
* @param string Title of thread
* @param string Message of post
* @param integer ForumID for thread
* @param boolean Allow guest posts
*/
function create_new_thread($title = 'Defauglt Title', $message = 'Defagult Message', $id = 3, $guest = false)
{
// set some globals
global $forumperms, $vbulletin, $vbphrase;
// init some variables
$fail = 0;
$errors = array();
$newpost = array();
// init post information
if ($guest and $vbulletin->userinfo['userid'] == 0) {
$newpost['username'] = $vbphrase['guest'];
}
$newpost['title'] = $title;
$newpost['message'] = $message;
$newpost['signature'] = '0';
if ($vbulletin->userinfo['signature'] != '') {
$newpost['signature'] = '1';
}
$newpost['parseurl'] = '1';
$newpost['emailupdate'] = '9999';
// attempt thread create
$foruminfo = verify_id('forum', $id, 0, 1);
if (!$foruminfo['forumid']) {
$fail = 1;
}
$forumperms = fetch_permissions($foruminfo['forumid']);
if (!function_exists('build_new_post')) {
require_once DIR . '/includes/functions_newpost.php';
}
build_new_post('thread', $foruminfo, array(), array(), $newpost, $errors);
if (sizeof($errors) > 0) {
$fail = 1;
}
// do redirection
if (!$fail) {
$vbulletin->url = $vbulletin->options['bburl'] . '/showthread.php?' . $vbulletin->session->vars['sessionurl'] . "p=" . $newpost['postid'] . "#post" . $newpost['postid'];
eval(print_standard_redirect('redirect_postthanks'));
} else {
$vbulletin->url = $vbulletin->options['bburl'];
eval(print_standard_redirect($vbphrase['error'] . ': ' . $vbphrase['redirecting'], 0, 1));
}
}
public function fetchTemplate($templatename, $activity, $skipgroup = false, $fetchphrase = false)
{
global $show;
$postinfo =& $this->content['post'][$activity['contentid']];
$threadinfo =& $this->content['thread'][$postinfo['threadid']];
$foruminfo =& vB::$vbulletin->forumcache[$threadinfo['forumid']];
$threadinfo['prefix_plain_html'] = htmlspecialchars_uni($this->vbphrase["prefix_{$threadinfo['prefixid']}_title_plain"]);
$threadinfo['prefix_rich'] = $this->vbphrase["prefix_{$threadinfo['prefixid']}_title_rich"];
$activity['postdate'] = vbdate(vB::$vbulletin->options['dateformat'], $activity['dateline'], true);
$activity['posttime'] = vbdate(vB::$vbulletin->options['timeformat'], $activity['dateline']);
$preview = strip_quotes($postinfo['pagetext']);
$postinfo['preview'] = htmlspecialchars_uni(fetch_censored_text(fetch_trimmed_title(strip_bbcode($preview, false, true, true, true), vb::$vbulletin->options['as_snippet'])));
$forumperms = fetch_permissions($threadinfo['forumid']);
$show['threadcontent'] = $forumperms & vB::$vbulletin->bf_ugp_forumpermissions['canviewthreads'] ? true : false;
$userinfo = $this->fetchUser($activity['userid'], $postinfo['username']);
if ($fetchphrase) {
if ($threadinfo['pollid']) {
if ($userinfo['userid']) {
$phrase = construct_phrase($this->vbphrase['x_replied_to_a_poll_y_in_z'], fetch_seo_url('member', $userinfo), $userinfo['username'], fetch_seo_url('thread', $threadinfo), $threadinfo['prefix_rich'], $threadinfo['title'], fetch_seo_url('forum', $foruminfo), $foruminfo['title']);
} else {
$phrase = construct_phrase($this->vbphrase['guest_x_replied_to_a_poll_y_in_z'], $userinfo['username'], fetch_seo_url('thread', $threadinfo), $threadinfo['prefix_rich'], $threadinfo['title'], fetch_seo_url('forum', $foruminfo), $foruminfo['title']);
}
} else {
if ($userinfo['userid']) {
$phrase = construct_phrase($this->vbphrase['x_replied_to_a_thread_y_in_z'], fetch_seo_url('member', $userinfo), $userinfo['username'], fetch_seo_url('thread', $threadinfo), $threadinfo['prefix_rich'], $threadinfo['title'], fetch_seo_url('forum', $foruminfo), $foruminfo['title']);
} else {
$phrase = construct_phrase($this->vbphrase['guest_x_replied_to_a_thread_y_in_z'], $userinfo['username'], fetch_seo_url('thread', $threadinfo), $threadinfo['prefix_rich'], $threadinfo['title'], fetch_seo_url('forum', $foruminfo), $foruminfo['title']);
}
}
return array('phrase' => $phrase, 'userinfo' => $userinfo, 'activity' => $activity);
} else {
$templater = vB_Template::create($templatename);
$templater->register('userinfo', $userinfo);
$templater->register('activity', $activity);
$templater->register('threadinfo', $threadinfo);
$templater->register('postinfo', $postinfo);
$templater->register('pageinfo', array('p' => $postinfo['postid']));
$templater->register('foruminfo', $foruminfo);
return $templater->render();
}
}
/**
* Get an array of bbtags stusus(allow / forbid) for user
*
*
* @global vB_Registry $vbulletin
* @param array $user_info
* @param mixed $forumid
* @param string $optiongroup
* @param bool $is_filter_type_inbound - Indicates whether the filtering is for presaving or for output rendering.
* @return array
*
*/
function get_tags_status_list($user_info = NULL, $forumid = NULL, $optiongroup = NULL, $is_filter_type_inbound = true)
{
global $vbulletin;
$allawbbcodes = array('BASIC', 'COLOR', 'SIZE', 'FONT', 'ALIGN', 'LIST', 'URL', 'CODE', 'PHP', 'HTML');
// user init
if (is_null($user_info) || empty($user_info)) {
$user_info = $vbulletin->userinfo;
}
$userid = $user_info['userid'];
// optiongroup init
if (is_null($optiongroup)) {
switch (THIS_SCRIPT) {
case 'group':
$optiongroup = 'sg_allowed_bbcode';
break;
case 'visitormessage':
$optiongroup = 'vm_allowed_bbcode';
break;
case 'picturecomment':
$optiongroup = 'pc_allowed_bbcode';
break;
default:
$optiongroup = 'allowedbbcodes';
}
}
$permissions = fetch_permissions(0, $userid, $user_info);
$aditional_bbcode_filters = unserialize($permissions['aditional_bbcode_filters']);
$is_need_aditional_verification = is_need_aditional_bbtags_verification($permissions, $forumid, $optiongroup, $is_filter_type_inbound);
// checking tags
$tags = array();
foreach ($allawbbcodes as $bbtag) {
$tag_bit = @constant('ALLOW_BBCODE_' . strtoupper($bbtag));
if ($is_need_aditional_verification and array_key_exists($tag_bit, $aditional_bbcode_filters)) {
$tags[$bbtag] = $aditional_bbcode_filters[$tag_bit] ? $tag_bit : 0;
} else {
$tags[$bbtag] = $vbulletin->options[$optiongroup] & $tag_bit;
}
}
return $tags;
}
function convert_ids_to_titles()
{
global $vbulletin;
global $albumids, $attachmentids, $calendarids, $eventids, $forumids, $infractionids, $pmids, $postids, $searchids, $socialgroupids, $threadids, $userids;
global $wol_album, $wol_attachment, $wol_calendar, $wol_event, $wol_inf, $wol_pm, $wol_post, $wol_search, $wol_socialgroup, $wol_thread, $wol_user;
if ($attachmentids) {
$postidquery = $vbulletin->db->query_read_slave("\n\t\t\tSELECT postid, attachmentid\n\t\t\tFROM " . TABLE_PREFIX . "attachment\n\t\t\tWHERE attachmentid IN (0{$attachmentids})\n\t\t");
while ($postidqueryr = $vbulletin->db->fetch_array($postidquery)) {
$postids .= ',' . $postidqueryr['postid'];
$wol_attachment["{$postidqueryr['attachmentid']}"] = $postidqueryr['postid'];
}
}
if ($postids) {
$postidquery = $vbulletin->db->query_read_slave("\n\t\t\tSELECT threadid, postid\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE postid IN (0{$postids})\n\t\t");
while ($postidqueryr = $vbulletin->db->fetch_array($postidquery)) {
$threadids .= ',' . $postidqueryr['threadid'];
$wol_post["{$postidqueryr['postid']}"] = $postidqueryr['threadid'];
}
}
if ($socialgroupids) {
$socialgroups = $vbulletin->db->query_read_slave("\n\t\t\tSELECT name, groupid\n\t\t\tFROM " . TABLE_PREFIX . "socialgroup\n\t\t\tWHERE groupid IN (0{$socialgroupids})\n\t\t");
while ($socialgroup = $vbulletin->db->fetch_array($socialgroups)) {
$wol_socialgroup["{$socialgroup['groupid']}"]['name'] = $socialgroup['name'];
}
}
if ($albumids) {
$albums = $vbulletin->db->query_read_slave("\n\t\t\tSELECT title, albumid, state, userid\n\t\t\tFROM " . TABLE_PREFIX . "album\n\t\t\tWHERE albumid IN (0{$albumids})\n\t\t");
while ($album = $vbulletin->db->fetch_array($albums)) {
$wol_album["{$album['albumid']}"] = $album;
}
}
if ($threadids) {
$threadresults = $vbulletin->db->query_read_slave("\n\t\t\tSELECT thread.title, thread.prefixid, thread.threadid, thread.forumid, thread.postuserid, thread.visible\n\t\t\t" . iif($vbulletin->options['threadpreview'] > 0, ",post.pagetext AS preview") . "\n\t\t\t" . iif($vbulletin->options['threadsubscribed'] and $vbulletin->userinfo['userid'], ", NOT ISNULL(subscribethread.subscribethreadid) AS issubscribed") . "\n\t\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\t\t" . iif($vbulletin->options['threadpreview'] > 0, "LEFT JOIN " . TABLE_PREFIX . "post AS post ON(post.postid = thread.firstpostid)") . "\n\t\t\t" . iif($vbulletin->options['threadsubscribed'] and $vbulletin->userinfo['userid'], " LEFT JOIN " . TABLE_PREFIX . "subscribethread AS subscribethread ON(subscribethread.threadid = thread.threadid AND subscribethread.userid = " . $vbulletin->userinfo['userid'] . " AND canview = 1)") . "\n\t\t\tWHERE thread.threadid IN (0{$threadids})\n\t\t");
while ($threadresult = $vbulletin->db->fetch_array($threadresults)) {
$wol_thread["{$threadresult['threadid']}"]['title'] = $threadresult['title'];
$wol_thread["{$threadresult['threadid']}"]['prefixid'] = $threadresult['prefixid'];
$wol_thread["{$threadresult['threadid']}"]['forumid'] = $threadresult['forumid'];
$wol_thread["{$threadresult['threadid']}"]['postuserid'] = $threadresult['postuserid'];
$wol_thread["{$threadresult['threadid']}"]['isdeleted'] = $threadresult['visible'] == 2 ? true : false;
$wol_thread["{$threadresult['threadid']}"]['visible'] = $threadresult['visible'] == 1 ? true : false;
$wol_thread["{$threadresult['threadid']}"]['issubscribed'] = $threadresult['issubscribed'];
// format thread preview if there is one
$userperms = fetch_permissions($threadresult['forumid']);
if (!empty($threadresult['preview']) and $vbulletin->options['threadpreview'] > 0 and $userperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) {
// Get Buddy List
$buddy = array();
if (trim($vbulletin->userinfo['buddylist'])) {
$buddylist = preg_split('/( )+/', trim($vbulletin->userinfo['buddylist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($buddylist as $buddyuserid) {
$buddy["{$buddyuserid}"] = 1;
}
}
DEVDEBUG('buddies: ' . implode(', ', array_keys($buddy)));
// Get Ignore Users
$ignore = array();
if (trim($vbulletin->userinfo['ignorelist'])) {
$ignorelist = preg_split('/( )+/', trim($vbulletin->userinfo['ignorelist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($ignorelist as $ignoreuserid) {
if (!$buddy["{$ignoreuserid}"]) {
$ignore["{$ignoreuserid}"] = 1;
}
}
}
DEVDEBUG('ignored users: ' . implode(', ', array_keys($ignore)));
if (!$ignore["{$threadresult['postuserid']}"]) {
$threadresult['preview'] = strip_quotes($threadresult['preview']);
$threadresult['preview'] = htmlspecialchars_uni(strip_bbcode(fetch_trimmed_title($threadresult['preview'], $vbulletin->options['threadpreview']), false, true));
$wol_thread["{$threadresult['threadid']}"]['preview'] = $threadresult['preview'];
}
}
}
}
if ($calendarids) {
$calendarresults = $vbulletin->db->query_read_slave("\n\t\t\tSELECT calendarid, title\n\t\t\tFROM " . TABLE_PREFIX . "calendar\n\t\t\tWHERE calendarid IN (0{$calendarids})\n\t\t");
while ($calendarresult = $vbulletin->db->fetch_array($calendarresults)) {
$wol_calendar["{$calendarresult['calendarid']}"] = $calendarresult['title'];
}
}
if ($infractionids) {
$infractions = $vbulletin->db->query_read_slave("\n\t\t\tSELECT infractionid, userid\n\t\t\tFROM " . TABLE_PREFIX . "infraction\n\t\t\tWHERE infractionid IN (0{$infractionids})\n\t\t");
while ($infraction = $vbulletin->db->fetch_array($infractions)) {
$wol_inf["{$infraction['infractionid']}"]['userid'] = $infraction['userid'];
$userids .= ',' . $infraction['userid'];
}
}
if ($eventids) {
$eventresults = $vbulletin->db->query_read_slave("\n\t\t\tSELECT eventid, title, userid, calendarid\n\t\t\tFROM " . TABLE_PREFIX . "event\n\t\t\tWHERE eventid IN (0{$eventids})\n\t\t");
while ($eventresult = $vbulletin->db->fetch_array($eventresults)) {
$wol_event["{$eventresult['eventid']}"]['title'] = $eventresult['title'];
$wol_event["{$eventresult['eventid']}"]['calendarid'] = $eventresult['calendarid'];
$wol_event["{$eventresult['eventid']}"]['postuserid'] = $eventresult['userid'];
}
}
if ($pmids and $vbulletin->userinfo['permissions']['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlinefull']) {
$pmresults = $vbulletin->db->query_read_slave("\n\t\t\tSELECT pmtext.fromuserid, pm.pmid\n\t\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON (pm.pmtextid = pmtext.pmtextid)\n\t\t\tWHERE pmid IN (0{$pmids})\n\t\t\t");
while ($pmresult = $vbulletin->db->fetch_array($pmresults)) {
$wol_pm["{$pmresult['pmid']}"] = $pmresult['fromuserid'];
$userids .= ',' . intval($pmresult['fromuserid']);
}
}
if ($searchids and $vbulletin->userinfo['permissions']['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlinefull']) {
$searchresults = $vbulletin->db->query_read_slave("\n\t\t\tSELECT searchid, search.userid, query, searchuser, user.userid AS targetuserid\n\t\t\tFROM " . TABLE_PREFIX . "search AS search\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.username = search.searchuser)\n\t\t\tWHERE searchid IN (0{$searchids})\n\t\t");
while ($searchresult = $vbulletin->db->fetch_array($searchresults)) {
if ($searchresult['searchuser']) {
if (!$searchresult['targetuserid']) {
$result = $vbulletin->db->query_first_slave("\n\t\t\t\t\t\tSELECT userid AS targetuserid\n\t\t\t\t\t\tFROM " . TABLE_PREFIX . "user\n\t\t\t\t\t\tWHERE username = '******'searchuser'])) . "'\n\t\t\t\t\t");
}
if ($result['targetuserid']) {
$searchresult['targetuserid'] = $result['targetuserid'];
}
if ($searchresult['targetuserid']) {
$userids .= ",{$searchresult['targetuserid']}";
}
}
$wol_search["{$searchresult['searchid']}"] = $searchresult;
}
}
if ($userids and $vbulletin->userinfo['permissions']['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlinefull']) {
$userresults = $vbulletin->db->query_read_slave("\n\t\t\tSELECT userid, username, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tWHERE userid IN (0{$userids})\n\t\t");
while ($userresult = $vbulletin->db->fetch_array($userresults)) {
fetch_musername($userresult);
$wol_user["{$userresult['userid']}"] = $userresult['musername'];
}
}
($hook = vBulletinHook::fetch_hook('online_ids_titles')) ? eval($hook) : false;
}
function do_subscribe_thread()
{
global $vbulletin, $db, $foruminfo, $threadinfo;
if (!$vbulletin->userinfo['userid']) {
json_error(ERR_INVALID_LOGGEDIN, RV_NOT_LOGGED_IN);
}
$vbulletin->input->clean_array_gpc('r', array('emailupdate' => TYPE_UINT, 'folderid' => TYPE_INT));
$vbulletin->GPC['folderid'] = 0;
if (!$foruminfo['forumid']) {
json_error(ERR_INVALID_THREAD);
}
$forumperms = fetch_permissions($foruminfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
json_error(ERR_INVALID_THREAD);
}
if (!$foruminfo['allowposting'] or $foruminfo['link'] or !$foruminfo['cancontainthreads']) {
json_error(ERR_CANNOT_SUB_FORUM_CLOSED);
}
// check if there is a forum password and if so, ensure the user has it set
if (!verify_forum_password($foruminfo['forumid'], $foruminfo['password'], false)) {
json_error(ERR_CANNOT_SUB_PASSWORD);
}
if ($threadinfo['threadid']) {
if (!$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts') or $threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts')) {
json_error(ERR_INVALID_THREAD);
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or ($vbulletin->userinfo['userid'] != $threadinfo['postuserid'] or !$vbulletin->userinfo['userid']) and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers'])) {
json_error(ERR_INVALID_THREAD);
}
/*insert query*/
$db->query_write("\n\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, " . $vbulletin->GPC['emailupdate'] . ", " . $vbulletin->GPC['folderid'] . ", 1)\n\t\t");
} else {
if ($foruminfo['forumid']) {
/*insert query*/
$db->query_write("\n\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribeforum (userid, emailupdate, forumid)\n\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", " . $vbulletin->GPC['emailupdate'] . ", " . $vbulletin->GPC['forumid'] . ")\n\t\t");
}
}
return array('success' => true);
}
/**
* pre_delete function - extend if the contenttype needs to do anything
*
* @param array list of deleted attachment ids to delete
* @param boolean verify permission to delete
*
* @return boolean
*/
public function pre_delete($list, $checkperms = true)
{
@ignore_user_abort(true);
// init lists
$this->lists = array('postlist' => array(), 'threadlist' => array());
if ($checkperms) {
// Verify that we have permission to view these attachmentids
$attachmultiple = new vB_Attachment_Display_Multiple($this->registry);
$attachments = $attachmultiple->fetch_results("a.attachmentid IN (" . implode(", ", $list) . ")");
if (count($list) != count($attachments)) {
return false;
}
}
$ids = $this->registry->db->query_read("\n\t\t\tSELECT\n\t\t\t\ta.attachmentid, a.userid, IF(a.contentid = 0, 1, 0) AS inprogress,\n\t\t\t\tpost.postid, post.threadid, post.dateline AS p_dateline, post.userid AS post_userid,\n\t\t\t\tthread.forumid, thread.threadid, thread.open,\n\t\t\t\teditlog.hashistory\n\t\t\tFROM " . TABLE_PREFIX . "attachment AS a\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = a.contentid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (thread.threadid = post.threadid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON (editlog.postid = post.postid)\n\t\t\tWHERE a.attachmentid IN (" . implode(", ", $list) . ")\n\t\t");
while ($id = $this->registry->db->fetch_array($ids)) {
if (!$id['inprogress'] and $checkperms) {
if (!$id['open'] and !can_moderate($id['forumid'], 'canopenclose') and !$this->registry->options['allowclosedattachdel']) {
return false;
} else {
if (!can_moderate($id['forumid'], 'caneditposts')) {
$forumperms = fetch_permissions($id['forumid']);
if (!($forumperms & $this->registry->bf_ugp_forumpermissions['caneditpost']) or $this->registry->userinfo['userid'] != $id['userid']) {
return false;
} else {
if (!$this->registry->options['allowattachdel'] and $this->registry->options['edittimelimit'] and $id['p_dateline'] < TIMENOW - $this->registry->options['edittimelimit'] * 60) {
return false;
}
}
}
}
}
if ($id['postid']) {
$this->lists['postlist']["{$id['postid']}"]++;
if ($this->log) {
if ($this->registry->userinfo['permissions']['genericoptions'] & $this->registry->bf_ugp_genericoptions['showeditedby'] and $id['p_dateline'] < TIMENOW - $this->registry->options['noeditedbytime'] * 60) {
if (empty($replaced["{$id['postid']}"])) {
/*insert query*/
$this->registry->db->query_write("\n\t\t\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "editlog\n\t\t\t\t\t\t\t\t\t\t(postid, userid, username, dateline, hashistory)\n\t\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t\t({$id['postid']},\n\t\t\t\t\t\t\t\t\t" . $this->registry->userinfo['userid'] . ",\n\t\t\t\t\t\t\t\t\t'" . $this->registry->db->escape_string($this->registry->userinfo['username']) . "',\n\t\t\t\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t\t\t\t" . intval($id['hashistory']) . ")\n\t\t\t\t\t\t\t");
$replaced["{$id['postid']}"] = true;
}
}
if ($this->registry->userinfo['userid'] != $id['post_userid'] and can_moderate($id['forumid'], 'caneditposts')) {
$postinfo = array('postid' => &$id['postid'], 'threadid' => &$id['threadid'], 'forumid' => &$id['forumid'], 'attachmentid' => &$id['attachmentid']);
require_once DIR . '/includes/functions_log_error.php';
log_moderator_action($postinfo, 'attachment_removed');
}
}
}
if ($id['threadid']) {
$this->lists['threadlist']["{$id['threadid']}"]++;
}
}
return true;
}
construct_hidden_code('oldpermissions', $user['adminpermissions']);
print_table_header(construct_phrase($vbphrase['x_y_id_z'], $vbphrase['administrator_permissions'], $user['username'], $user['userid']));
print_label_row("{$vbphrase['administrator']}: <a href=\"user.php?" . $vbulletin->session->vars['sessionurl'] . "do=edit&u=" . $vbulletin->GPC['userid'] . "\">{$user['username']}</a>", '<div align="' . $stylevar['right'] . '"><input type="button" class="button" value=" ' . $vbphrase['all_yes'] . ' " onclick="js_check_all_option(this.form, 1);" /> <input type="button" class="button" value=" ' . $vbphrase['all_no'] . ' " onclick="js_check_all_option(this.form, 0);" /></div>', 'thead');
foreach (convert_bits_to_array($user['adminpermissions'], $ADMINPERMISSIONS) as $field => $value) {
print_yes_no_row($permsphrase["{$field}"] == '' ? $vbphrase['n_a'] : $permsphrase["{$field}"], "adminpermissions[{$field}]", $value);
}
($hook = vBulletinHook::fetch_hook('admin_permissions_form')) ? eval($hook) : false;
print_select_row($vbphrase['control_panel_style_choice'], 'cssprefs', array_merge(array('' => "({$vbphrase['default']})"), fetch_cpcss_options()), $user['cssprefs']);
print_input_row($vbphrase['dismissed_news_item_ids'], 'dismissednews', $user['dismissednews']);
print_submit_row();
}
// #############################################################################
if ($_REQUEST['do'] == 'modify') {
print_form_header('adminpermissions', 'edit');
print_table_header($vbphrase['administrator_permissions'], 3);
$users = $db->query_read("\n\t\tSELECT user.username, usergroupid, membergroupids, infractiongroupids, administrator.*\n\t\tFROM " . TABLE_PREFIX . "administrator AS administrator\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING(userid)\n\t\tORDER BY user.username\n\t");
while ($user = $db->fetch_array($users)) {
$perms = fetch_permissions(0, $user['userid'], $user);
if ($perms['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) {
print_cells_row(array("<a href=\"user.php?" . $vbulletin->session->vars['sessionurl'] . "do=edit&u={$user['userid']}\" name=\"user{$user['userid']}\"><b>{$user['username']}</b></a>", '-', construct_link_code($vbphrase['view_control_panel_log'], "adminlog.php?" . $vbulletin->session->vars['sessionurl'] . "do=view&script=&u={$user['userid']}") . construct_link_code($vbphrase['edit_permissions'], "adminpermissions.php?" . $vbulletin->session->vars['sessionurl'] . "do=edit&u={$user['userid']}")), 0, '', 0);
}
}
print_table_footer();
}
print_cp_footer();
/*======================================================================*\
|| ####################################################################
|| # Downloaded: 12:56, Sat Oct 11th 2008
|| # CVS: $RCSfile$ - $Revision: 25308 $
|| ####################################################################
\*======================================================================*/
/**
* Does the report
*
* @param string The Reason for the report
* @param array Information regarding the item being reported
*
*/
function do_report($reason, &$iteminfo)
{
global $vbphrase;
$this->iteminfo =& $iteminfo;
$reportinfo = array('rusername' => unhtmlspecialchars($this->registry->userinfo['username']), 'ruserid' => $this->registry->userinfo['userid'], 'remail' => $this->registry->userinfo['email']);
if ($this->registry->options['postmaxchars'] > 0) {
$reportinfo['reason'] = substr($reason, 0, $this->registry->options['postmaxchars']);
} else {
$reportinfo['reason'] = $reason;
}
$reportthread = ($rpforumid = $this->registry->options['rpforumid'] and $rpforuminfo = fetch_foruminfo($rpforumid));
$reportemail = ($this->registry->options['enableemail'] and $this->registry->options['rpemail']);
$mods = array();
$reportinfo['modlist'] = '';
$moderators = $this->fetch_affected_moderators();
if ($moderators) {
while ($moderator = $this->registry->db->fetch_array($moderators)) {
$mods["{$moderator['userid']}"] = $moderator;
$reportinfo['modlist'] .= (!empty($reportinfo['modlist']) ? ', ' : '') . unhtmlspecialchars($moderator['username']);
}
}
if (empty($reportinfo['modlist'])) {
$reportinfo['modlist'] = $vbphrase['n_a'];
}
$this->set_reportinfo($reportinfo);
if ($reportthread) {
// Determine if we need to create a thread or a post
if (!$this->iteminfo['reportthreadid'] or !($rpthreadinfo = fetch_threadinfo($this->iteminfo['reportthreadid'])) or $rpthreadinfo and ($rpthreadinfo['isdeleted'] or !$rpthreadinfo['visible'] or $rpthreadinfo['forumid'] != $rpforuminfo['forumid'])) {
eval(fetch_email_phrases('report' . $this->phrasekey . '_newthread', 0));
if (!$this->registry->options['rpuserid'] or !($userinfo = fetch_userinfo($this->registry->options['rpuserid']))) {
$userinfo =& $this->registry->userinfo;
}
$threadman =& datamanager_init('Thread_FirstPost', $this->registry, ERRTYPE_SILENT, 'threadpost');
$threadman->set_info('forum', $rpforuminfo);
$threadman->set_info('is_automated', true);
$threadman->set_info('skip_moderator_email', true);
$threadman->set_info('mark_thread_read', true);
$threadman->set_info('parseurl', true);
$threadman->set('allowsmilie', true);
$threadman->set('userid', $userinfo['userid']);
$threadman->setr_info('user', $userinfo);
$threadman->set('title', $subject);
$threadman->set('pagetext', $message);
$threadman->set('forumid', $rpforuminfo['forumid']);
$threadman->set('visible', 1);
if ($userinfo['userid'] != $this->registry->userinfo['userid']) {
// not posting as the current user, IP won't make sense
$threadman->set('ipaddress', '');
}
$rpthreadid = $threadman->save();
if ($this->update_item_reportid($rpthreadid)) {
$threadman->set_info('skip_moderator_email', false);
$threadman->email_moderators(array('newthreademail', 'newpostemail'));
$this->iteminfo['reportthreadid'] = 0;
$rpthreadinfo = array('threadid' => $rpthreadid, 'forumid' => $rpforuminfo['forumid'], 'postuserid' => $userinfo['userid']);
// check the permission of the other user
$userperms = fetch_permissions($rpthreadinfo['forumid'], $userinfo['userid'], $userinfo);
if ($userperms & $this->registry->bf_ugp_forumpermissions['canview'] and $userperms & $this->registry->bf_ugp_forumpermissions['canviewthreads'] and $userinfo['autosubscribe'] != -1) {
$this->registry->db->query_write("\n\t\t\t\t\t\t\tINSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread\n\t\t\t\t\t\t\t\t(userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t(" . $userinfo['userid'] . ", {$rpthreadinfo['threadid']}, {$userinfo['autosubscribe']}, 0, 1)\n\t\t\t\t\t\t");
}
} else {
// Delete the thread we just created
if ($delthread = fetch_threadinfo($rpthreadid)) {
$threadman =& datamanager_init('Thread', $this->registry, ERRTYPE_SILENT, 'threadpost');
$threadman->set_existing($delthread);
$threadman->delete($rpforuminfo['countposts'], true, NULL, false);
unset($threadman);
}
$this->refetch_iteminfo();
}
}
if ($this->iteminfo['reportthreadid'] and $rpthreadinfo = fetch_threadinfo($this->iteminfo['reportthreadid']) and !$rpthreadinfo['isdeleted'] and $rpthreadinfo['visible'] == 1 and $rpthreadinfo['forumid'] == $rpforuminfo['forumid']) {
eval(fetch_email_phrases('reportitem_newpost', 0));
// Already reported, thread still exists/visible, and thread is in the right forum.
// Technically, if the thread exists but is in the wrong forum, we should create the
// thread, but that should only occur in a race condition.
if (!$this->registry->options['rpuserid'] or !$userinfo and !($userinfo = fetch_userinfo($this->registry->options['rpuserid']))) {
$userinfo =& $this->registry->userinfo;
}
$postman =& datamanager_init('Post', $this->registry, ERRTYPE_STANDARD, 'threadpost');
$postman->set_info('thread', $rpthreadinfo);
$postman->set_info('forum', $rpforuminfo);
$postman->set_info('is_automated', true);
$postman->set_info('parseurl', true);
$postman->set('threadid', $rpthreadinfo['threadid']);
$postman->set('userid', $userinfo['userid']);
$postman->set('allowsmilie', true);
$postman->set('visible', true);
$postman->set('title', $subject);
$postman->set('pagetext', $message);
if ($userinfo['userid'] != $this->registry->userinfo['userid']) {
// not posting as the current user, IP won't make sense
$postman->set('ipaddress', '');
}
$postman->save();
unset($postman);
}
}
if ($reportemail) {
$threadinfo['title'] = unhtmlspecialchars($threadinfo['title']);
$postinfo['title'] = unhtmlspecialchars($postinfo['title']);
if (empty($mods) or $this->registry->options['rpemail'] == 2) {
$moderators = $this->fetch_affected_super_moderators($mods);
if ($moderators) {
while ($moderator = $this->registry->db->fetch_array($moderators)) {
$mods["{$moderator['userid']}"] = $moderator;
}
}
}
($hook = vBulletinHook::fetch_hook('report_send_process')) ? eval($hook) : false;
foreach ($mods as $userid => $moderator) {
if (!empty($moderator['email'])) {
$this->send_moderator_email($moderator, $rpthreadinfo, $reportinfo);
}
}
($hook = vBulletinHook::fetch_hook('report_send_complete')) ? eval($hook) : false;
}
}
function construct_forum_bit($parentid, $depth = 0, $subsonly = 0)
{
global $vbulletin, $vbphrase, $show;
global $imodcache, $lastpostarray, $counters, $inforum;
// this function takes the constant MAXFORUMDEPTH as its guide for how
// deep to recurse down forum lists. if MAXFORUMDEPTH is not defined,
// it will assume a depth of 2.
// call fetch_last_post_array() first to get last post info for forums
if (!is_array($lastpostarray)) {
fetch_last_post_array($parentid);
}
if (empty($vbulletin->iforumcache["{$parentid}"])) {
return;
}
if (!defined('MAXFORUMDEPTH')) {
define('MAXFORUMDEPTH', 2);
}
$forumbits = '';
$depth++;
if ($parentid == -1) {
$parent_is_category = false;
} else {
$parentforum = $vbulletin->forumcache[$parentid];
$parent_is_category = !(bool) ($parentforum['options'] & $vbulletin->bf_misc_forumoptions['cancontainthreads']);
}
foreach ($vbulletin->iforumcache["{$parentid}"] as $forumid) {
// grab the appropriate forum from the $vbulletin->forumcache
$forum = $vbulletin->forumcache["{$forumid}"];
//$lastpostforum = $vbulletin->forumcache["$lastpostarray[$forumid]"];
$lastpostforum = empty($lastpostarray[$forumid]) ? array() : $vbulletin->forumcache["{$lastpostarray[$forumid]}"];
if (!$forum['displayorder'] or !($forum['options'] & $vbulletin->bf_misc_forumoptions['active'])) {
continue;
}
$forumperms = $vbulletin->userinfo['forumpermissions']["{$forumid}"];
$lastpostforumperms = empty($lastpostarray[$forumid]) ? 0 : $vbulletin->userinfo['forumpermissions']["{$lastpostarray[$forumid]}"];
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) and ($vbulletin->forumcache["{$forumid}"]['showprivate'] == 1 or !$vbulletin->forumcache["{$forumid}"]['showprivate'] and !$vbulletin->options['showprivateforums'])) {
// no permission to view current forum
continue;
}
if ($subsonly) {
$childforumbits = construct_forum_bit($forum['forumid'], 1, $subsonly);
} else {
if ($depth < MAXFORUMDEPTH) {
$childforumbits = construct_forum_bit($forum['forumid'], $depth, $subsonly);
} else {
$childforumbits = '';
}
}
// do stuff if we are not doing subscriptions only, or if we ARE doing subscriptions,
// and the forum has a subscribedforumid
if (!$subsonly or $subsonly and !empty($forum['subscribeforumid'])) {
$GLOBALS['forumshown'] = true;
// say that we have shown at least one forum
if ($forum['options'] & $vbulletin->bf_misc_forumoptions['cancontainthreads']) {
// get appropriate suffix for template name
$tempext = '_post';
} else {
$tempext = '_nopost';
}
if (!$vbulletin->options['showforumdescription']) {
// blank forum description if set to not show
$forum['description'] = '';
}
// dates & thread title
$lastpostinfo = empty($lastpostarray["{$forumid}"]) ? array() : $vbulletin->forumcache["{$lastpostarray[$forumid]}"];
// compare last post time for this forum with the last post time specified by
// the $lastpostarray, and if it's less, use the last post info from the forum
// specified by $lastpostarray
if (!empty($lastpostinfo) and $vbulletin->forumcache["{$lastpostarray[$forumid]}"]['lastpost'] > 0) {
if (!($lastpostforumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($lastpostforumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $lastpostinfo['lastposter'] != $vbulletin->userinfo['username']) {
$forum['lastpostinfo'] = $vbphrase['private'];
} else {
$lastpostinfo['lastpostdate'] = vbdate($vbulletin->options['dateformat'], $lastpostinfo['lastpost'], 1);
$lastpostinfo['lastposttime'] = vbdate($vbulletin->options['timeformat'], $lastpostinfo['lastpost']);
$lastpostinfo['trimthread'] = fetch_trimmed_title(fetch_censored_text($lastpostinfo['lastthread']));
if ($lastpostinfo['lastprefixid'] and $vbulletin->options['showprefixlastpost']) {
$lastpostinfo['prefix'] = $vbulletin->options['showprefixlastpost'] == 2 ? $vbphrase["prefix_{$lastpostinfo['lastprefixid']}_title_rich"] : htmlspecialchars_uni($vbphrase["prefix_{$lastpostinfo['lastprefixid']}_title_plain"]);
} else {
$lastpostinfo['prefix'] = '';
}
if ($vbulletin->forumcache["{$lastpostforum['forumid']}"]['options'] & $vbulletin->bf_misc_forumoptions['allowicons'] and $icon = fetch_iconinfo($lastpostinfo['lasticonid'])) {
$show['icon'] = true;
} else {
$show['icon'] = false;
}
$show['lastpostinfo'] = (!$lastpostforum['password'] or verify_forum_password($lastpostforum['forumid'], $lastpostforum['password'], false));
$pageinfo_lastpost = array('p' => $lastpostinfo['lastpostid']);
$pageinfo_newpost = array('goto' => 'newpost');
$threadinfo = array('title' => $lastpostinfo['lastthread'], 'threadid' => $lastpostinfo['lastthreadid']);
// prepare the member action drop-down menu
$memberaction_dropdown = construct_memberaction_dropdown(fetch_lastposter_userinfo($lastpostinfo));
$templater = vB_Template::create('forumhome_lastpostby');
$templater->register('icon', $icon);
$templater->register('memberaction_dropdown', $memberaction_dropdown);
$templater->register('lastpostinfo', $lastpostinfo);
$templater->register('pageinfo_lastpost', $pageinfo_lastpost);
$templater->register('pageinfo_newpost', $pageinfo_newpost);
$templater->register('threadinfo', $threadinfo);
$forum['lastpostinfo'] = $templater->render();
}
} else {
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
$forum['lastpostinfo'] = $vbphrase['private'];
} else {
$forum['lastpostinfo'] = $vbphrase['never'];
}
}
// do light bulb
$forum['statusicon'] = fetch_forum_lightbulb($forumid, $lastpostinfo, $forum);
// add lock to lightbulb if necessary
// from 3.6.9 & 3.7.0 we now show locks only if a user can not post AT ALL
// previously it was just if they could not create new threads
if ($vbulletin->options['showlocks'] and !$forum['link'] and (!($forum['options'] & $vbulletin->bf_misc_forumoptions['allowposting']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canpostnew']) and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyown']) and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyothers']))) {
$forum['statusicon'] .= '_lock';
}
// get posting permissions
$forum['allowposting'] = true;
if (!($forum['options'] & $vbulletin->bf_misc_forumoptions['allowposting'])) {
$forum['allowposting'] = false;
}
// get counters from the counters cache ( prepared by fetch_last_post_array() )
$forum['threadcount'] = $counters["{$forum['forumid']}"]['threadcount'];
$forum['replycount'] = $counters["{$forum['forumid']}"]['replycount'];
// get moderators ( this is why we needed cache_moderators() )
if ($vbulletin->options['showmoderatorcolumn']) {
$clc = 0;
$showmods = array();
$forum['moderators'] = array();
$listexploded = explode(',', $forum['parentlist']);
foreach ($listexploded as $parentforumid) {
if (!isset($imodcache["{$parentforumid}"]) or $parentforumid == -1) {
continue;
}
foreach ($imodcache["{$parentforumid}"] as $moderator) {
if (isset($showmods["{$moderator['userid']}"])) {
continue;
}
($hook = vBulletinHook::fetch_hook('forumbit_moderator')) ? eval($hook) : false;
$clc++;
$showmods["{$moderator['userid']}"] = true;
$moderator['comma'] = $vbphrase['comma_space'];
$forum['moderators'][$clc] = $moderator;
}
}
// Last element
if ($clc) {
$forum['moderators'][$clc]['comma'] = '';
}
}
if ($forum['link']) {
$forum['replycount'] = '-';
$forum['threadcount'] = '-';
$forum['lastpostinfo'] = '-';
} else {
$forum['replycount'] = vb_number_format($forum['replycount']);
$forum['threadcount'] = vb_number_format($forum['threadcount']);
}
$subforums = array();
if (($subsonly or $depth == MAXFORUMDEPTH) and $vbulletin->options['subforumdepth'] > 0) {
$subforums = construct_subforum_bit($forumid);
$clc = sizeof($subforums);
// Last element
if ($clc) {
$subforums[$clc - 1]['comma'] = '';
}
}
$forum['browsers'] = 0;
$children = explode(',', $forum['childlist']);
foreach ($children as $childid) {
$forum['browsers'] += isset($inforum["{$childid}"]) ? $inforum["{$childid}"] : 0;
}
if ($depth == 1 and $tempext == '_nopost') {
global $vbcollapse;
$collapseobj_forumid =& $vbcollapse["collapseobj_forumbit_{$forumid}"];
$collapseimg_forumid =& $vbcollapse["collapseimg_forumbit_{$forumid}"];
$show['collapsebutton'] = true;
} else {
$show['collapsebutton'] = false;
}
$show['forumsubscription'] = !empty($forum['subscribeforumid']);
$show['forumdescription'] = $forum['description'] != '' ? true : false;
$show['subforums'] = !empty($subforums) ? true : false;
$show['browsers'] = ($vbulletin->options['displayloggedin'] and !$forum['link'] and $forum['browsers'] ? true : false);
if ($show['subforums']) {
$templater = vB_Template::create("forumhome_subforums");
$templater->register('subforums', $subforums);
$forum['subforums'] = $templater->render();
}
$perms = fetch_permissions($forumid, 0, array('userid' => 0, 'usergroupid' => 1), false);
// VBIV-14011, Always skip Calendar Permissions
$show['externalrss'] = ($vbulletin->options['externalrss'] and $perms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'] and $perms & $vbulletin->bf_ugp_forumpermissions['canviewothers']);
// build the template for the current forum
($hook = vBulletinHook::fetch_hook('forumbit_display')) ? eval($hook) : false;
$templater = vB_Template::create("forumhome_forumbit_level{$depth}{$tempext}");
$templater->register('childforumbits', $childforumbits);
$templater->register('collapseimg_forumid', $collapseimg_forumid);
$templater->register('collapseobj_forumid', $collapseobj_forumid);
$templater->register('forum', $forum);
$templater->register('forumid', $forumid);
$templater->register('parent_is_category', $parent_is_category);
$forumbits .= $templater->render();
} else {
$forumbits .= $childforumbits;
}
}
return $forumbits;
}
/**
* Prepare any data needed for the output
*
* @param string The id of the block
* @param array Options specific to the block
*/
function prepare_output($id = '', $options = array())
{
global $show, $vbphrase, $vbulletin, $userperms, $permissions;
if ($vbulletin->options['reputationenable'] and ($this->profile->userinfo['showreputation'] or !($userperms['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canhiderep']))) {
$reputations = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT user.username, reputation.whoadded, reputation.postid, thread.title, thread.forumid, post.threadid,\n\t\t\t\treputation.reputation, reputation.reason, reputation.dateline, thread.postuserid, reputation.reputationid\n\t\t\t\tFROM " . TABLE_PREFIX . "reputation AS reputation\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "post AS post USING (postid)\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = reputation.whoadded)\n\t\t\t\tWHERE reputation.userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\tAND thread.visible = 1 AND post.visible = 1\n\t\t\t\tORDER BY reputation.dateline DESC\n\t\t\t");
$this->block_data['reputation'] = array();
if ($vbulletin->userinfo['userid'] == $this->profile->userinfo['userid']) {
$options['showraters'] = true;
}
require_once DIR . '/includes/class_bbcode.php';
$bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
while ($reputation = $vbulletin->db->fetch_array($reputations) and $this->count < $options['comments']) {
$forumperms = fetch_permissions($reputation['forumid']);
if ($forumperms & $vbulletin->bf_ugp_forumpermissions['canview'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'] and ($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers'] or $reputation['postuserid'] == $vbulletin->userinfo['userid'])) {
$this->count++;
if ($reputation['reputation'] > 0) {
$reputation['posneg'] = 'pos';
} else {
if ($reputation['reputation'] < 0) {
$reputation['posneg'] = 'neg';
} else {
$reputation['posneg'] = 'balance';
}
}
$reputation['postinfo'] = array('p' => $reputation['postid']);
$reputation['threadinfo'] = array('title' => $reputation['title'], 'threadid' => $reputation['threadid']);
$reputation['timestamp'] = $reputation['dateline'];
$reputation['showraters'] = $options['showraters'];
$reputation['timeline'] = vbdate($vbulletin->options['timeformat'], $reputation['dateline']);
$reputation['dateline'] = vbdate($vbulletin->options['dateformat'], $reputation['dateline']);
$reputation['reason'] = $bbcode_parser->parse($reputation['reason']);
$reputation['username'] = $reputation['username'] ? $reputation['username'] : $vbphrase['n_a'];
if (empty($reputation['reason'])) {
$reputation['reason'] = $vbphrase['no_comment'];
}
($hook = vBulletinHook::fetch_hook('member_profileblock_reputationbit')) ? eval($hook) : false;
$this->block_data['reputation'][] = $reputation;
}
}
}
}
$navbits = construct_navbits(array('' => $vbphrase['user_control_panel']));
eval('$navbar = "' . fetch_template('navbar') . '";');
eval('print_output("' . fetch_template('USERCP_SHELL') . '");');
}
// ###########################################################################
// ########################### UPDATE SUBSCRIPTIONS ##########################
// ###########################################################################
if ($_REQUEST['action'] == "updatesubs") {
if (!$vbulletin->userinfo['userid']) {
print_no_permission();
}
//get a list of all the forum ID's
$tables = $db->query_read("\r\n\t\tSELECT forumid\r\n\t\tFROM " . TABLE_PREFIX . "forum\r\n\t");
//scan through the list to perform the subscription action
while ($curr_forum = $db->fetch_array($tables)) {
//get full forum info
$curr_forum = fetch_foruminfo($curr_forum['forumid'], false);
//if the user has permission to view the given forum, and if forum is postable...
if ($perms = fetch_permissions($curr_forum["forumid"]) and $perms & $vbulletin->bf_ugp_forumpermissions['canview'] and $curr_forum["cancontainthreads"]) {
$vbulletin->input->clean_gpc('r', 'forumid' . $curr_forum['forumid'], TYPE_UINT);
$new_sublevel = $vbulletin->GPC["forumid" . $curr_forum["forumid"]];
if ($new_sublevel == 0) {
$db->query_write("\r\n\t\t\t\tDELETE FROM " . TABLE_PREFIX . "subscribeforum\r\n\t\t\t\tWHERE userid = '" . $vbulletin->userinfo['userid'] . "'\r\n\t\t\t\tAND forumid = '" . $curr_forum['forumid'] . "'");
} else {
$db->query_write("\r\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribeforum (userid, emailupdate, forumid)\r\n\t\t\t\t\tVALUES ('" . $vbulletin->userinfo['userid'] . "', '" . $new_sublevel . "', '" . $curr_forum['forumid'] . "')\r\n\t\t\t\t");
}
}
}
$vbulletin->url = "subscribeforums.php";
eval(print_standard_redirect('ei_sub_forums_updated', true, true));
}
<?php
if ($_REQUEST['do'] == 'vietvbb_stats' and $vbulletin->options['vietvbbtopstats_enable_global']) {
// Check forum permission
$vietvbbstatsforumperms = array();
foreach ($vbulletin->forumcache as $vietvbbtsforum) {
$vietvbbstatsforumperms[$vietvbbtsforum["forumid"]] = fetch_permissions($vietvbbtsforum['forumid']);
if (!($vietvbbstatsforumperms[$vietvbbtsforum["forumid"]] & $vbulletin->bf_ugp_forumpermissions['canview']) or !($vietvbbtsforum['options'] & $vbulletin->bf_misc_forumoptions['active']) and !$vbulletin->options['showprivateforums'] and !in_array($vbulletin->userinfo['usergroupid'], array(5, 6, 7))) {
$vietvbbexclfids .= ',' . $vietvbbtsforum['forumid'];
}
}
// Excl
if ($vbulletin->options['vietvbbtopstats_excl_forums']) {
$vietvbbexclfids .= ',' . $vbulletin->options['vietvbbtopstats_excl_forums'];
}
$vietvbbexclfids = substr($vietvbbexclfids, 1);
if ($vietvbbexclfids) {
$vietvbbexclforums_lastposts = "AND thread.forumid NOT IN({$vietvbbexclfids})";
$vietvbbexclforums_topforums = "AND thread.forumid NOT IN({$vietvbbexclfids})";
$vietvbbexclforums = "AND forumid NOT IN({$vietvbbexclfids})";
}
if ($vbulletin->options['vietvbbtopstats_excl_groups_listing']) {
$vietvbbexclgroups = "AND user.usergroupid NOT IN (" . $vbulletin->options['vietvbbtopstats_excl_groups_listing'] . ")";
}
//trim
$trimthreadtitle = $vbulletin->options['vietvbbtopstats_trim_threadtitles'];
$trimusername = $vbulletin->options['vietvbbtopstats_trim_usernames'];
$trimforumtitles = $vbulletin->options['vietvbbtopstats_trim_forumtitles'];
$vietvbb_afs_bpar = array("<strong>", "</strong>", "<b>", "</b>", "font-weight: bold", "font-weight:bold");
// Number result
switch ($vbulletin->options['vietvbbtopstats_result']) {
private static function showComments($nodeid, $userinfo, $pageno,
$perpage, $target_url, $associatedthreadid )
{
require_once DIR . '/includes/functions_misc.php';
require_once DIR . '/includes/functions.php';
require_once DIR . '/includes/functions_databuild.php';
require_once DIR . '/includes/functions_bigthree.php';
global $vbphrase;
global $show;
global $sessionhash;
fetch_phrase_group('posting');
//First let's see if we have forum/thread view permissions. If not,
// we're done
if (! $permissions = self::canViewThread($nodeid, $userinfo))
{
return false;
}
$forumperms = fetch_permissions(self::getForumId($nodeid));
//Normally this thread will be wide open, so let's get the list first
// without checking. We'll verify each post anyway.
//get our results
$results = self::getComments($nodeid, $userinfo, $permissions, $associatedthreadid);
$record_count = count($results);
if (!$results OR !count($results))
{
return '';
}
//If we are passed a postid, we'll display just that comment.
if (vB::$vbulletin->GPC_exists['postid'] AND intval(vB::$vbulletin->GPC['postid'])
AND ($record_count > $perpage) AND in_array(vB::$vbulletin->GPC['postid'], $results))
{
$index = array_search(vB::$vbulletin->GPC['postid'], $results) ;
$pageno = max(1,ceil($index/$perpage));
$first = ($pageno -1) * $perpage;
}
else
{
//we accept the parameter "last" for pageno.
if ($pageno == 'last')
{
$pageno = intval(($record_count + $perpage -1) / $perpage);
$first = ($pageno -1) * $perpage;
}
else
{
$pageno = max(1, intval($pageno) );
$first = $perpage * ($pageno -1) ;
}
}
//Let's trim off the results we need.
//This also tells us if we should show the "next" button.
$results = array_slice($results, $first, $perpage, true);
//Now format the overall block.
if (!count($results) OR !$comments = self::renderResult( $userinfo, $results, $permissions,
$forumperms, $target_url, $nodeid)
OR ($comments == ''))
{
return false;
}
if (strpos($target_url,'?') === false)
{
$target_url .= '?';
}
$pagenav = construct_page_nav($pageno, $perpage, $record_count, $target_url, '', 'comments');
$template = vB_Template::create('vbcms_comments_block');
$template->register('comment_count', $record_count );
$template->register('sessionhash', $sessionhash );
$template->register('pagenav', $pagenav);
$template->register('cms_comments', $comments);
$template->register('this_url', $target_url);
$template->register('nodeid', $nodeid);
$template->register('target_url', $target_url);
return $template->render() ;
}
function get_article_comments($article, $associated_thread_id, $userinfo, &$pageno, &$perpage, &$total)
{
require_once DIR . '/includes/functions_misc.php';
require_once DIR . '/includes/functions.php';
require_once DIR . '/includes/functions_databuild.php';
require_once DIR . '/includes/functions_bigthree.php';
$posts_out = array();
fetch_phrase_group('posting');
$threadinfo = verify_id('thread', $associated_thread_id, 0, 1);
$foruminfo = verify_id('forum', $threadinfo['forumid'], 0, 1);
//First let's see if we have forum/thread view permissions. If not,
// we're done
if (!($permissions = can_view_thread($article->getNodeId(), $userinfo))) {
return array();
}
$forumperms = fetch_permissions($threadinfo['forumid']);
//Normally this thread will be wide open, so let's get the list first
// without checking. We'll verify each post anyway.
//get our results
$results = get_comments($permissions, $associated_thread_id);
$record_count = count($results);
if (!$results or !count($results)) {
return array();
}
//we accept the parameter "last" for pageno.
if ($pageno == FR_LAST_POST) {
$pageno = intval(($record_count + $perpage - 1) / $perpage);
$first = ($pageno - 1) * $perpage;
} else {
$pageno = max(1, intval($pageno));
$first = $perpage * ($pageno - 1);
}
//Let's trim off the results we need.
//This also tells us if we should show the "next" button.
$post_array = array_slice($results, $first, $perpage, true);
if (!$post_array) {
return array();
}
$firstpostid = false;
$displayed_dateline = 0;
if (vB::$vbulletin->options['threadmarking'] and vB::$vbulletin->userinfo['userid']) {
$threadview = max($threadinfo['threadread'], $threadinfo['forumread'], TIMENOW - vB::$vbulletin->options['markinglimit'] * 86400);
} else {
$threadview = intval(fetch_bbarray_cookie('thread_lastview', $thread['threadid']));
if (!$threadview) {
$threadview = vB::$vbulletin->userinfo['lastvisit'];
}
}
require_once DIR . '/includes/functions_user.php';
$show['inlinemod'] = false;
$postids = array();
$postids = ' post.postid in (' . implode(', ', $post_array) . ')';
$posts = vB::$vbulletin->db->query_read($sql = "\n\tSELECT\n\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n\t user.*, userfield.*, usertextfield.*,\n\t " . iif($forum['allowicons'], 'icon.title as icontitle, icon.iconpath,') . "\n\t " . iif(vB::$vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight,') . "\n\t " . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . "\n\t " . iif($deljoin, 'deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason,') . "\n\t editlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline,\n\t editlog.reason AS edit_reason, editlog.hashistory,\n\t postparsed.pagetext_html, postparsed.hasimages,\n\t sigparsed.signatureparsed, sigparsed.hasimages AS sighasimages,\n\t sigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight,\n\t IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid,\n\t customprofilepic.userid AS profilepic, customprofilepic.dateline AS profilepicdateline, customprofilepic.width AS ppwidth, customprofilepic.height AS ppheight\n\t " . iif(!($permissions['genericpermissions'] & vB::$vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), vB::$vbulletin->profilefield['hidden']) . "\n\t {$hook_query_fields}\n\t FROM " . TABLE_PREFIX . "post AS post\n\t LEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n\t LEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n\t LEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t " . iif($forum['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . "\n\t " . iif(vB::$vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . "\n\t " . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . "\n\t {$deljoin}\n\t LEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid)\n\t LEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ")\n\t LEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ")\n\t LEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid)\n\t LEFT JOIN " . TABLE_PREFIX . "customprofilepic AS customprofilepic ON (user.userid = customprofilepic.userid)\n\t {$hook_query_joins}\n\t WHERE {$postids}\n\t ORDER BY post.dateline\n\t ");
if (!($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['canseethumbnails']) and !($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['cangetattachment'])) {
vB::$vbulletin->options['attachthumbs'] = 0;
}
if (!($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['cangetattachment'])) {
vB::$vbulletin->options['viewattachedimages'] = 0;
}
$postcount = count($postid_array);
$counter = 0;
$postbits = '';
vB::$vbulletin->noheader = true;
while ($post = vB::$vbulletin->db->fetch_array($posts)) {
if (!$privileges['can_moderate_forums']) {
if ($privileges['is_coventry'] or $post['visible'] == 2) {
continue;
}
}
// post/thread is deleted by moderator and we don't have permission to see it
if (!($post['visible'] or $privileges['can_moderate_posts'])) {
continue;
}
if (!intval($post['userid'])) {
$post['avatarid'] = false;
} else {
if (!$post['hascustomavatar']) {
if ($post['profilepic']) {
$post['hascustomavatar'] = 1;
$post['avatarid'] = true;
$post['avatarpath'] = "./image.php?u=" . $post['userid'] . "&dateline=" . $post['profilepicdateline'] . "&type=profile";
$post['avwidth'] = $post['ppwidth'];
$post['avheight'] = $post['ppheight'];
} else {
$post['hascustomavatar'] = 1;
$post['avatarid'] = true;
// explicity setting avatarurl to allow guests comments to show unknown avatar
$post['avatarurl'] = $post['avatarpath'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . '/unknown.gif';
$post['avwidth'] = 60;
$post['avheight'] = 60;
}
}
}
if ($tachyuser = in_coventry($post['userid']) and !can_moderate($thread['forumid'])) {
continue;
}
if ($post['visible'] == 1 and !$tachyuser) {
++$counter;
if ($postorder) {
$post['postcount'] = --$postcount;
} else {
$post['postcount'] = ++$postcount;
}
}
if ($tachyuser) {
$fetchtype = 'post_global_ignore';
} else {
if ($ignore["{$post['userid']}"]) {
$fetchtype = 'post_ignore';
} else {
if ($post['visible'] == 2) {
$fetchtype = 'post_deleted';
} else {
$fetchtype = 'post';
}
}
}
if (vB::$vbulletin->GPC['viewfull'] and $post['postid'] == $postinfo['postid'] and $fetchtype != 'post' and (can_moderate($threadinfo['forumid']) or !$post['isdeleted'])) {
$fetchtype = 'post';
}
if (!$firstpostid) {
$firstpostid = $post['postid'];
}
$post['islastshown'] = $post['postid'] == $lastpostid;
$post['isfirstshown'] = ($counter == 1 and $fetchtype == 'post' and $post['visible'] == 1);
$post['islastshown'] = $post['postid'] == $lastpostid;
$post['attachments'] = $postattach["{$post['postid']}"];
$canedit = false;
if (!$threadinfo['isdeleted'] and !$post['isdeleted'] and (can_moderate($threadinfo['forumid'], 'caneditposts') or $threadinfo['open'] and $post['userid'] == vB::$vbulletin->userinfo['userid'] and $forumperms & vB::$vbulletin->bf_ugp_forumpermissions['caneditpost'] and ($post['dateline'] >= TIMENOW - vB::$vbulletin->options['edittimelimit'] * 60 or vB::$vbulletin->options['edittimelimit'] == 0))) {
$canedit = true;
}
// Get post date/time
$postdate = vbdate(vB::$vbulletin->options['dateformat'], $post['dateline'], 1);
$posttime = vbdate(vB::$vbulletin->options['timeformat'], $post['dateline']);
$attachments = array();
$fr_images = array();
// Attachments (images).
if (count($post['attachments']) > 0) {
foreach ($post['attachments'] as $attachment) {
$lfilename = strtolower($attachment['filename']);
if (strpos($lfilename, '.jpe') !== false || strpos($lfilename, '.png') !== false || strpos($lfilename, '.gif') !== false || strpos($lfilename, '.jpg') !== false || strpos($lfilename, '.jpeg') !== false) {
$fr_images[] = array('img' => vB::$vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'], 'tmb' => vB::$vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'] . '&stc=1&thumb=1');
}
}
}
// Parse the post for quotes and inline images
list($text, $nuked_quotes, $images) = parse_post($post['pagetext'], false);
if (count($fr_images) > 0) {
$text .= "<br/>";
foreach ($fr_images as $attachment) {
$text .= "<img src=\"{$attachment['img']}\"/>";
}
}
foreach ($images as $image) {
$fr_images[] = array('img' => $image);
}
$avatarurl = '';
// Avatar work
if (vB::$vbulletin->options['avatarenabled']) {
require_once DIR . '/includes/functions_user.php';
$userinfo = fetch_userinfo($post['userid'], FETCH_USERINFO_AVATAR);
fetch_avatar_from_userinfo($userinfo);
if ($userinfo['avatarurl']) {
$avatarurl = process_avatarurl($userinfo['avatarurl']);
}
}
$tmp = array('post_id' => $post['postid'], 'thread_id' => $post['threadid'], 'forum_id' => $foruminfo['forumid'], 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string($post['joindate']), 'usertitle' => prepare_utf8_string(strip_tags($post['usertitle'])), 'numposts' => $post['posts'], 'userid' => $post['userid'], 'title' => prepare_utf8_string($post['title']), 'post_timestamp' => prepare_utf8_string(date_trunc($postdate) . ' ' . $posttime), 'fr_images' => $fr_images, 'image_thumbs' => array());
// Soft Deleted
if ($post['visible'] == 2) {
$tmp['deleted'] = true;
$tmp['del_username'] = prepare_utf8_string($post['del_username']);
if ($post['del_reason']) {
$tmp['del_reason'] = prepare_utf8_string($post['del_reason']);
}
} else {
$tmp['text'] = $text;
$tmp['quotable'] = $nuked_quotes;
if ($canedit) {
$tmp['canedit'] = true;
$tmp['edittext'] = prepare_utf8_string($post['pagetext']);
}
}
if ($avatarurl != '') {
$tmp['avatarurl'] = $avatarurl;
}
$posts_out[] = $tmp;
}
if ($LASTPOST['dateline'] > $displayed_dateline) {
$displayed_dateline = $LASTPOST['dateline'];
if ($displayed_dateline <= $threadview) {
$updatethreadcookie = true;
}
}
// Set thread last view
if ($displayed_dateline and $displayed_dateline > $threadview) {
mark_thread_read($threadinfo, $foruminfo, vB::$vbulletin->userinfo['userid'], $displayed_dateline);
}
vB::$vbulletin->db->free_result($posts);
unset($post);
$total = $record_count;
return $posts_out;
}
1
)));
}
}
// ###### END SPECIAL PATHS
// These $_REQUEST values will get used in the sort template so they are assigned to normal variables
$perpage = $vbulletin->input->clean_gpc('r', 'perpage', TYPE_UINT);
$pagenumber = $vbulletin->input->clean_gpc('r', 'pagenumber', TYPE_UINT);
$daysprune = $vbulletin->input->clean_gpc('r', 'daysprune', TYPE_INT);
$sortfield = $vbulletin->input->clean_gpc('r', 'sortfield', TYPE_STR);
// get permission to view forum
$_permsgetter_ = 'forumdisplay';
$forumperms = fetch_permissions($foruminfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']))
{
print_no_permission();
}
// disable thread preview if we can't view threads
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']))
{
$vbulletin->options['threadpreview'] = 0;
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
// verify that we are at the canonical SEO url
// ########################################################################
// ######################### START MAIN SCRIPT ############################
// ########################################################################
print_cp_header($vbphrase['thread_manager']);
if (!can_moderate(0, 'canmassmove') and !can_moderate(0, 'canmassprune')) {
print_stop_message('no_permission');
} else {
if ($_REQUEST['do'] != 'prune' and $_REQUEST['do'] != 'move') {
$type = $vbulletin->GPC['type'] == 'move' ? 'canmassmove' : 'canmassprune';
if (!can_moderate(0, $type)) {
print_stop_message('no_permission');
}
// generate a list of valid forums that can be worked with for sanity purposes
$forumids = array();
foreach ($vbulletin->forumcache as $forum) {
$perms = fetch_permissions($forum['forumid']);
if (!($perms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
continue;
}
if (empty($forum['link'])) {
if (can_moderate($forum['forumid'], $type)) {
$forumids["{$forum['forumid']}"] = $forum['forumid'];
}
}
}
if (empty($forumids)) {
// shouldn't get here but just make sure
print_stop_message('no_permission');
}
}
}
foreach ($forum_children as $forumid) {
if ($forumid == '-1') {
continue;
}
$forum_active_cache["{$forumid}"] = false;
}
break;
}
$forum_active_cache["{$current_forum['forumid']}"] = true;
$current_forum = $vbulletin->forumcache["{$current_forum['parentid']}"];
}
}
if (!$forum_active_cache["{$simthread['forumid']}"]) {
continue;
}
$fperms = fetch_permissions($simthread['forumid']);
if ($fperms & $vbulletin->bf_ugp_forumpermissions['canview'] and ($fperms & $vbulletin->bf_ugp_forumpermissions['canviewothers'] or $vbulletin->userinfo['userid'] != 0 and $simthread['postuserid'] == $vbulletin->userinfo['userid'])) {
// format thread preview if there is one
if ($ignore["{$simthread['postuserid']}"]) {
$simthread['preview'] = '';
} else {
if (isset($simthread['preview']) and $vbulletin->options['threadpreview'] > 0) {
$simthread['preview'] = strip_quotes($simthread['preview']);
$simthread['preview'] = htmlspecialchars_uni(fetch_trimmed_title(strip_bbcode($simthread['preview'], false, true), $vbulletin->options['threadpreview']));
}
}
$simthread['lastreplydate'] = vbdate($vbulletin->options['dateformat'], $simthread['lastpost'], true);
$simthread['lastreplytime'] = vbdate($vbulletin->options['timeformat'], $simthread['lastpost']);
if ($simthread['prefixid']) {
$simthread['prefix_plain_html'] = htmlspecialchars_uni($vbphrase["prefix_{$simthread['prefixid']}_title_plain"]);
$simthread['prefix_rich'] = $vbphrase["prefix_{$simthread['prefixid']}_title_rich"];
$hook_query_fields = $hook_query_joins = $hook_query_where = '';
($hook = vBulletinHook::fetch_hook('attachment_start')) ? eval($hook) : false;
$idname = $vbphrase['attachment'];
$imagetype = !empty($vbulletin->GPC['thumb']) ? 'thumbnail' : 'filedata';
if (!($attachmentinfo = $db->query_first_slave("\n\tSELECT filename, attachment.postid, attachment.userid, attachmentid, attachment.extension,\n\t\t" . (!empty($vbulletin->GPC['thumb']) ? 'thumbnail_dateline AS dateline, thumbnail_filesize AS filesize,' : 'attachment.dateline, filesize,') . "\n\t\tattachment.visible, attachmenttype.newwindow, mimetype, thread.forumid, thread.threadid, thread.postuserid,\n\t\tpost.visible AS post_visible, thread.visible AS thread_visible\n\t\t{$hook_query_fields}\n\tFROM " . TABLE_PREFIX . "attachment AS attachment\n\tLEFT JOIN " . TABLE_PREFIX . "attachmenttype AS attachmenttype ON (attachmenttype.extension = attachment.extension)\n\tLEFT JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = attachment.postid)\n\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (post.threadid = thread.threadid)\n\t{$hook_query_joins}\n\tWHERE " . ($vbulletin->GPC['postid'] ? "attachment.postid = " . $vbulletin->GPC['postid'] : "attachmentid = " . $vbulletin->GPC['attachmentid']) . "\n\t\t{$hook_query_where}\n"))) {
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
}
if ($attachmentinfo['postid'] == 0) {
// Attachment that is in progress but hasn't been finalized
if ($vbulletin->userinfo['userid'] != $attachmentinfo['userid'] and !can_moderate($attachmentinfo['forumid'], 'caneditposts')) {
// Person viewing did not upload it
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
}
// else allow user to view the attachment (from the attachment manager for example)
} else {
$forumperms = fetch_permissions($attachmentinfo['forumid']);
$threadinfo = array('threadid' => $attachmentinfo['threadid']);
// used for session.inthread
$foruminfo = array('forumid' => $attachmentinfo['forumid']);
// used for session.inforum
# Block attachments belonging to soft deleted posts and threads
if (!can_moderate($attachmentinfo['forumid']) and ($attachmentinfo['post_visible'] == 2 or $attachmentinfo['thread_visible'] == 2)) {
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
}
# Block attachments belonging to moderated posts and threads
if (!can_moderate($attachmentinfo['forumid'], 'canmoderateposts') and ($attachmentinfo['post_visible'] == 0 or $attachmentinfo['thread_visible'] == 0)) {
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($attachmentinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) {
print_no_permission();
}
$bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
$infractions = $db->query_read_slave("\r\n\tSELECT points, infraction.*, thread.title, thread.threadid, thread.forumid, thread.postuserid, user.username,\r\n\tthread.visible AS thread_visible, post.visible, thread.postuserid, IF(ISNULL(post.postid) AND infraction.postid != 0, 1, 0) AS postdeleted\r\n\tFROM " . TABLE_PREFIX . "infraction AS infraction\r\n\tLEFT JOIN " . TABLE_PREFIX . "post AS post ON (infraction.postid = post.postid)\r\n\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (post.threadid = thread.threadid)\r\n\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (infraction.whoadded = user.userid)\r\n\tWHERE infraction.userid = " . $vbulletin->userinfo['userid'] . "\r\n\tORDER BY infraction.dateline DESC\r\n\tLIMIT 5\r\n");
while ($infraction = $db->fetch_array($infractions)) {
$show['threadtitle'] = true;
$show['postdeleted'] = false;
if ($infraction['postid'] != 0) {
if ($infraction['postdeleted']) {
$show['postdeleted'] = true;
} else {
if ((!$infraction['visible'] or !$infraction['thread_visible']) and !can_moderate($infraction['forumid'], 'canmoderateposts')) {
$show['threadtitle'] = false;
} else {
if (($infraction['visible'] == 2 or $infraction['thread_visible'] == 2) and !can_moderate($infraction['forumid'], 'candeleteposts')) {
$show['threadtitle'] = false;
} else {
$forumperms = fetch_permissions($infraction['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
$show['threadtitle'] = false;
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($infraction['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) {
$show['threadtitle'] = false;
}
}
}
}
}
$show['expired'] = $show['reversed'] = $show['neverexpires'] = false;
$card = $infraction['points'] > 0 ? 'redcard' : 'yellowcard';
$infraction['timeline'] = vbdate($vbulletin->options['timeformat'], $infraction['dateline']);
$infraction['dateline'] = vbdate($vbulletin->options['dateformat'], $infraction['dateline']);
switch ($infraction['action']) {
/**
* Prepares the User's last post information
*
*/
function prepare_lastpost()
{
global $show, $vbphrase;
$this->prepared['lastposttitle'] = '';
if ($this->registry->options['profilelastpost'] and $this->userinfo['lastpost'] and !in_coventry($this->userinfo['userid'])) {
if ($this->userinfo['lastpostid'] and $getlastpost = $this->registry->db->query_first_slave("\n\t\t\t\tSELECT thread.title, thread.threadid, thread.forumid, post.postid, post.dateline\n\t\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\t\t\tWHERE post.postid = " . $this->userinfo['lastpostid'] . "\n\t\t\t\t\tAND post.visible = 1\n\t\t\t\t\tAND thread.visible = 1\n\t\t\t")) {
$getperms = fetch_permissions($getlastpost['forumid']);
if ($getperms & $this->registry->bf_ugp_forumpermissions['canview']) {
$this->prepared['lastposttitle'] = $getlastpost['title'];
$this->prepared['lastposturl'] = 'showthread.php?' . $this->registry->session->vars['sessionurl'] . "p={$getlastpost['postid']}#post{$getlastpost['postid']}";
$this->prepared['lastpostdate'] = vbdate($this->registry->options['dateformat'], $getlastpost['dateline'], true);
$this->prepared['lastposttime'] = vbdate($this->registry->options['timeformat'], $getlastpost['dateline']);
}
}
if ($this->prepared['lastposttitle'] === '') {
$getlastposts = $this->registry->db->query_read_slave("\n\t\t\t\t\tSELECT thread.title, thread.threadid, thread.forumid, post.postid, post.dateline\n\t\t\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\t\t\t\tWHERE thread.visible = 1\n\t\t\t\t\t\tAND post.userid = " . $this->userinfo['userid'] . "\n\t\t\t\t\t\tAND post.visible = 1\n\t\t\t\t\tORDER BY post.dateline DESC\n\t\t\t\t\tLIMIT 20\n\t\t\t\t");
while ($getlastpost = $this->registry->db->fetch_array($getlastposts)) {
$getperms = fetch_permissions($getlastpost['forumid']);
if ($getperms & $this->registry->bf_ugp_forumpermissions['canview']) {
$this->prepared['lastposttitle'] = $getlastpost['title'];
$this->prepared['lastposturl'] = 'showthread.php?' . $this->registry->session->vars['sessionurl'] . "p={$getlastpost['postid']}#post{$getlastpost['postid']}";
$this->prepared['lastpostdate'] = vbdate($this->registry->options['dateformat'], $getlastpost['dateline'], true);
$this->prepared['lastposttime'] = vbdate($this->registry->options['timeformat'], $getlastpost['dateline']);
break;
}
}
}
}
$this->prepared['lastpost'] = true;
}
/**
* Accepts a list of recipients names to create the touserarray field
*
* @param string Single user name, or semi-colon separated list of user names
* @param array $permissions array for sending user.
*
* @return boolean
*/
function set_recipients($recipientlist, &$permissions, $type = 'bcc')
{
$names = array();
// names in the recipient list
$users = array();
// users from the recipient list found in the user table
$notfound = array();
// names from the recipient list NOT found in the user table
$recipients = array();
// users to whom the message WILL be sent
$errors = array();
$recipientlist = trim($recipientlist);
$this->info['permissions'] =& $permissions;
if (!empty($this->info['is_automated'])) {
$this->overridequota = true;
}
// pmboxfull needs $fromusername defined
if (($fromusername = $this->fetch_field('fromusername')) === null) {
trigger_error('Set fromusername before calling set_recipients()', E_USER_ERROR);
}
if (($fromuserid = $this->fetch_field('fromuserid')) === null) {
trigger_error('Set fromuserid before calling set_recipients()', E_USER_ERROR);
}
$fromuser = fetch_userinfo($fromuserid);
// check for valid recipient string
if ($recipientlist == '') {
return false;
}
// split multiple recipients into an array
if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $recipientlist)) {
$recipientlist = preg_split('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $recipientlist, -1, PREG_SPLIT_NO_EMPTY);
foreach ($recipientlist as $recipient) {
$recipient = trim($recipient);
if ($recipient != '') {
$names[] = htmlspecialchars_uni($recipient);
}
}
} else {
$names[] = htmlspecialchars_uni($recipientlist);
}
// check for max allowed recipients
if ($permissions['pmsendmax'] > 0) {
$this->info['numusers'] += sizeof($names);
}
// query recipients
$checkusers = $this->dbobject->query_read_slave("\n\t\t\tSELECT usertextfield.*, user.*\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t\t\tWHERE username IN('" . implode('\', \'', array_map(array($this->dbobject, 'escape_string'), $names)) . "')\n\t\t\tORDER BY user.username\n\t\t");
// build array of checked users
while ($checkuser = $this->dbobject->fetch_array($checkusers)) {
$lowname = vbstrtolower($checkuser['username']);
$checkuserperms = fetch_permissions(0, $checkuser['userid'], $checkuser);
if ($checkuserperms['pmquota'] < 1 and !$this->overridequota) {
if ($checkuser['options'] & $this->registry->bf_misc_useroptions['receivepm']) {
// This will cause the 'can't receive pms' error below to be triggered
$checkuser['options'] -= $this->registry->bf_misc_useroptions['receivepm'];
}
}
$users["{$lowname}"] = $checkuser;
}
// check to see if any recipients were not found
foreach ($names as $name) {
$lowname = vbstrtolower($name);
if (!isset($users["{$lowname}"])) {
$notfound[] = $name;
}
}
if (!empty($notfound)) {
$this->error('pmrecipientsnotfound', implode("</li>\r\n<li>", $notfound));
return false;
}
// run through recipients to check if we can insert the message
foreach ($users as $lowname => $user) {
if (!($user['options'] & $this->registry->bf_misc_useroptions['receivepm']) and !$this->overridequota) {
// recipient has private messaging disabled
$this->error('pmrecipturnedoff', $user['username']);
return false;
} else {
if ($user['options'] & $this->registry->bf_misc_useroptions['receivepmbuddies'] and strpos(" {$user['buddylist']} ", " {$fromuser['userid']} ") === false and !can_moderate() and !$this->overridequota) {
// recipient receives PMs only from buddies and sender is not on the list and not board staff
$this->error('pmrecipturnedoff', $user['username']);
return false;
} else {
// don't allow a tachy user to sends pms to anyone other than himself
if (in_coventry($fromuser['userid'], true) and $user['userid'] != $fromuser['userid']) {
$this->info['tostring']["{$type}"]["{$user['userid']}"] = $user['username'];
continue;
} else {
if (strpos(" {$user['ignorelist']} ", ' ' . $fromuser['userid'] . ' ') !== false and !$this->overridequota) {
// recipient is ignoring sender
if ($permissions['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']) {
$recipients["{$lowname}"] = true;
$this->info['tostring']["{$type}"]["{$user['userid']}"] = $user['username'];
} else {
// bbuser is being ignored by recipient - do not send, but do not error
$this->info['tostring']["{$type}"]["{$user['userid']}"] = $user['username'];
continue;
}
} else {
cache_permissions($user, false);
if ($user['permissions'] < 1) {
// recipient has no pm permission
$this->error('pmusernotallowed', $user['username']);
} else {
if ($user['pmtotal'] >= $user['permissions']['pmquota'] and !$this->overridequota) {
// recipient is over their pm quota, is the sender allowed to ignore it?
if ($permissions['pmpermissions'] & $this->registry->bf_ugp_pmpermissions['canignorequota']) {
$recipients["{$lowname}"] = true;
$this->info['tostring']["{$type}"]["{$user['userid']}"] = $user['username'];
} else {
if ($user['usergroupid'] != 3 and $user['usergroupid'] != 4) {
$touserinfo =& $user;
eval(fetch_email_phrases('pmboxfull', $touserinfo['languageid'], '', 'email'));
vbmail($touserinfo['email'], $emailsubject, $emailmessage, true);
$this->error('pmquotaexceeded', $user['username']);
} else {
$this->error('pmquotaexceeded', $user['username']);
}
}
} else {
if (!($user['options'] & $this->registry->bf_misc_useroptions['pmboxwarning']) and $user['permissions']['pmquota'] and ($user['pmtotal'] + 1) / $user['permissions']['pmquota'] >= 0.9) {
// Send email about box being almost full
$this->info['pmwarning']["{$user['userid']}"] = true;
}
// okay, send the message!
$recipients["{$lowname}"] = true;
$this->info['tostring']["{$type}"]["{$user['userid']}"] = $user['username'];
}
}
}
}
}
}
}
if (empty($this->errors)) {
foreach ($recipients as $lowname => $bool) {
$user =& $users["{$lowname}"];
$this->info['recipients']["{$user['userid']}"] = $user;
}
return true;
} else {
return false;
}
}
function goto_nextthread($threadid, $throwerror = true)
{
global $vbulletin;
$thread = verify_id('thread', $threadid, $throwerror, 1);
$forumperms = fetch_permissions($thread['forumid']);
// remove threads from users on the global ignore list if user is not a moderator
if ($coventry = fetch_coventry('string') and !can_moderate($thread['forumid'])) {
$globalignore = "AND postuserid NOT IN ({$coventry})";
} else {
$globalignore = '';
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers'])) {
$limitothers = "AND postuserid = " . $vbulletin->userinfo['userid'] . " AND " . $vbulletin->userinfo['userid'] . " <> 0";
} else {
$limitothers = '';
}
if ($vbulletin->userinfo['userid'] and in_coventry($vbulletin->userinfo['userid'], true)) {
$lastpost_info = ",IF(tachythreadpost.userid IS NULL, thread.lastpost, tachythreadpost.lastpost) AS lastpost";
$tachyjoin = "LEFT JOIN " . TABLE_PREFIX . "tachythreadpost AS tachythreadpost ON " . "(tachythreadpost.threadid = thread.threadid AND tachythreadpost.userid = " . $vbulletin->userinfo['userid'] . ')';
$lastpost_having = "HAVING lastpost > {$thread['lastpost']}";
} else {
$lastpost_info = "";
$tachyjoin = "";
$lastpost_having = "AND lastpost > {$thread['lastpost']}";
}
if ($getnextnewest = $vbulletin->db->query_first_slave("\n\t\tSELECT thread.threadid, thread.title\n\t\t\t{$lastpost_info}\n\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\t{$tachyjoin}\n\t\tWHERE forumid = {$thread['forumid']}\n\t\t\tAND visible = 1\n\t\t\tAND open <> 10\n\t\t\t{$globalignore}\n\t\t\t{$limitothers}\n\t\t{$lastpost_having}\n\t\tORDER BY lastpost\n\t\tLIMIT 1\n\t")) {
$threadid = $getnextnewest['threadid'];
unset($thread);
} else {
if ($throwerror) {
eval(standard_error(fetch_error('nonextnewest')));
}
}
return $getnextnewest;
}
function convert_ids_to_titles()
{
global $vbulletin;
global $albumids, $attachmentids, $calendarids, $eventids, $forumids,
$infractionids, $pmids, $postids, $searchids, $socialgroupids, $threadids, $userids;
global $wol_album, $wol_attachment, $wol_calendar, $wol_event, $wol_inf, $wol_pm,
$wol_post, $wol_search, $wol_socialgroup, $wol_thread, $wol_user;
/*
if ($attachmentids)
{
$postidquery = $vbulletin->db->query_read_slave("
SELECT postid, attachmentid
FROM " . TABLE_PREFIX . "attachment
WHERE attachmentid IN (0$attachmentids)
");
while ($postidqueryr = $vbulletin->db->fetch_array($postidquery))
{
$postids .= ',' . $postidqueryr['postid'];
$wol_attachment["$postidqueryr[attachmentid]"] = $postidqueryr['postid'];
}
}
*/
if ($postids)
{
$postidquery = $vbulletin->db->query_read_slave("
SELECT threadid, postid
FROM " . TABLE_PREFIX . "post
WHERE postid IN (0$postids)
");
while ($postidqueryr = $vbulletin->db->fetch_array($postidquery))
{
$threadids .= ',' . $postidqueryr['threadid'];
$wol_post["$postidqueryr[postid]"] = $postidqueryr['threadid'];
}
}
if ($socialgroupids)
{
$socialgroups = $vbulletin->db->query_read_slave("
SELECT name, groupid
FROM " . TABLE_PREFIX . "socialgroup
WHERE groupid IN (0$socialgroupids)
");
while ($socialgroup = $vbulletin->db->fetch_array($socialgroups))
{
$wol_socialgroup["$socialgroup[groupid]"]['name'] = $socialgroup['name'];
}
}
if ($albumids)
{
$albums = $vbulletin->db->query_read_slave("
SELECT album.title, album.albumid, album.state, album.userid
FROM " . TABLE_PREFIX . "album AS album
LEFT JOIN " . TABLE_PREFIX . "profileblockprivacy AS profileblockprivacy ON
(profileblockprivacy.userid = album.userid AND profileblockprivacy.blockid = 'albums')
WHERE album.albumid IN (0$albumids)
AND (profileblockprivacy.requirement = 0 OR profileblockprivacy.requirement IS NULL)
");
while ($album = $vbulletin->db->fetch_array($albums))
{
$wol_album["$album[albumid]"] = $album;
}
}
if ($threadids)
{
$threadresults = $vbulletin->db->query_read_slave("
SELECT thread.title, thread.prefixid, thread.threadid, thread.forumid, thread.postuserid, thread.visible
" . iif($vbulletin->options['threadpreview'] > 0, ",post.pagetext AS preview") . "
" . iif($vbulletin->options['threadsubscribed'] AND $vbulletin->userinfo['userid'], ", NOT ISNULL(subscribethread.subscribethreadid) AS issubscribed") . "
FROM " . TABLE_PREFIX . "thread AS thread
" . iif($vbulletin->options['threadpreview'] > 0, "LEFT JOIN " . TABLE_PREFIX . "post AS post ON(post.postid = thread.firstpostid)") . "
" . iif($vbulletin->options['threadsubscribed'] AND $vbulletin->userinfo['userid'], " LEFT JOIN " . TABLE_PREFIX . "subscribethread AS subscribethread ON(subscribethread.threadid = thread.threadid AND subscribethread.userid = " . $vbulletin->userinfo['userid'] . " AND canview = 1)") . "
WHERE thread.threadid IN (0$threadids)
");
while ($threadresult = $vbulletin->db->fetch_array($threadresults))
{
$wol_thread["$threadresult[threadid]"]['title'] = $threadresult['title'];
$wol_thread["$threadresult[threadid]"]['prefixid'] = $threadresult['prefixid'];
$wol_thread["$threadresult[threadid]"]['forumid'] = $threadresult['forumid'];
$wol_thread["$threadresult[threadid]"]['postuserid'] = $threadresult['postuserid'];
$wol_thread["$threadresult[threadid]"]['isdeleted'] = ($threadresult['visible'] == 2) ? true : false;
$wol_thread["$threadresult[threadid]"]['visible'] = ($threadresult['visible'] == 1) ? true : false;
$wol_thread["$threadresult[threadid]"]['issubscribed'] = $threadresult['issubscribed'];
// format thread preview if there is one
$userperms = fetch_permissions($threadresult['forumid']);
if (!empty($threadresult['preview']) AND $vbulletin->options['threadpreview'] > 0 AND ($userperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']))
{
// Get Buddy List
$buddy = array();
if (trim($vbulletin->userinfo['buddylist']))
{
$buddylist = preg_split('/( )+/', trim($vbulletin->userinfo['buddylist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($buddylist AS $buddyuserid)
{
$buddy["$buddyuserid"] = 1;
}
}
DEVDEBUG('buddies: ' . implode(', ', array_keys($buddy)));
// Get Ignore Users
$ignore = array();
if (trim($vbulletin->userinfo['ignorelist']))
{
$ignorelist = preg_split('/( )+/', trim($vbulletin->userinfo['ignorelist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($ignorelist AS $ignoreuserid)
{
if (!$buddy["$ignoreuserid"])
{
$ignore["$ignoreuserid"] = 1;
}
}
}
DEVDEBUG('ignored users: ' . implode(', ', array_keys($ignore)));
if (!$ignore["$threadresult[postuserid]"])
{
$threadresult['preview'] = strip_quotes($threadresult['preview']);
$threadresult['preview'] = htmlspecialchars_uni(strip_bbcode(fetch_trimmed_title($threadresult['preview'], $vbulletin->options['threadpreview']), false, true));
$wol_thread["$threadresult[threadid]"]['preview'] = $threadresult['preview'];
}
}
}
}
if ($calendarids)
{
$calendarresults = $vbulletin->db->query_read_slave("
SELECT calendarid, title
FROM " . TABLE_PREFIX . "calendar
WHERE calendarid IN (0$calendarids)
");
while ($calendarresult = $vbulletin->db->fetch_array($calendarresults))
{
$wol_calendar["$calendarresult[calendarid]"] = $calendarresult['title'];
}
}
if ($infractionids)
{
$infractions = $vbulletin->db->query_read_slave("
SELECT infractionid, userid
FROM " . TABLE_PREFIX . "infraction
WHERE infractionid IN (0$infractionids)
");
while ($infraction = $vbulletin->db->fetch_array($infractions))
{
$wol_inf["$infraction[infractionid]"]['userid'] = $infraction['userid'];
$userids .= ',' . $infraction['userid'];
}
}
if ($eventids)
{
$eventresults = $vbulletin->db->query_read_slave("
SELECT eventid, title, userid, calendarid
FROM " . TABLE_PREFIX . "event
WHERE eventid IN (0$eventids)
");
while ($eventresult = $vbulletin->db->fetch_array($eventresults))
{
$wol_event["$eventresult[eventid]"]['title'] = $eventresult['title'];
$wol_event["$eventresult[eventid]"]['calendarid'] = $eventresult['calendarid'];
$wol_event["$eventresult[eventid]"]['postuserid'] = $eventresult['userid'];
}
}
if ($pmids AND ($vbulletin->userinfo['permissions']['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlinefull']))
{
$pmresults = $vbulletin->db->query_read_slave("
SELECT pmtext.fromuserid, pm.pmid
FROM " . TABLE_PREFIX . "pm AS pm
LEFT JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON (pm.pmtextid = pmtext.pmtextid)
WHERE pmid IN (0$pmids)
");
while ($pmresult = $vbulletin->db->fetch_array($pmresults))
{
$wol_pm["$pmresult[pmid]"] = $pmresult['fromuserid'];
$userids .= ',' . intval($pmresult['fromuserid']);
}
}
if ($searchids AND ($vbulletin->userinfo['permissions']['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlinefull']))
{
//rework this to get what the code assumes the array looks like from the new search code.
//in particular the searchuser value has been changed from a string to a bool based on usage
//and the fact that we don't really have it.
require_once(DIR . "/vb/search/core.php");
require_once(DIR . '/vb/search/criteria.php');
$searchresults = $vbulletin->db->query_read_slave("
SELECT searchlog.searchlogid AS searchid, searchlog.userid, searchlog.criteria
FROM " . TABLE_PREFIX . "searchlog AS searchlog
WHERE searchlog.searchlogid IN (0$searchids)
");
while ($searchresult = $vbulletin->db->fetch_array($searchresults))
{
if ($searchresult['criteria'])
{
$criteria = unserialize($searchresult['criteria']);
$targetuserid = $criteria->get_target_userid();
if ($targetuserid)
{
$userids .= ",userid";
}
$searchresult['targetuserid'] = $targetuserid;
$searchresult['searchuser'] = (bool) $targetuserid;
$searchresult['query'] = $criteria->get_raw_keywords();
unset($searchresult['criteria']);
}
$wol_search["$searchresult[searchid]"] = $searchresult;
}
}
if ($userids AND ($vbulletin->userinfo['permissions']['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlinefull']))
{
$userresults = $vbulletin->db->query_read_slave("
SELECT userid, username, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid
FROM " . TABLE_PREFIX . "user AS user
WHERE userid IN (0$userids)
");
while ($userresult = $vbulletin->db->fetch_array($userresults))
{
fetch_musername($userresult);
$wol_user["$userresult[userid]"]['musername'] = $userresult['musername'];
$wol_user["$userresult[userid]"]['username'] = $userresult['username'];
}
}
($hook = vBulletinHook::fetch_hook('online_ids_titles')) ? eval($hook) : false;
}
eval('$posters .= "' . fetch_template('whopostedbit') . '";');
}
$totalposts = vb_number_format($totalposts);
($hook = vBulletinHook::fetch_hook('misc_whoposted_complete')) ? eval($hook) : false;
eval('print_output("' . fetch_template('WHOPOSTED') . '");');
} else {
eval(standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink'])));
}
}
// ############################### start show attachments ###############################
if ($_REQUEST['do'] == 'showattachments') {
if (!$threadinfo['threadid'] or $threadinfo['isdeleted'] or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
eval(standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink'])));
}
($hook = vBulletinHook::fetch_hook('misc_showattachments_start')) ? eval($hook) : false;
$forumperms = fetch_permissions($threadinfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) {
print_no_permission();
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] or !$vbulletin->userinfo['userid'])) {
print_no_permission();
}
$attachs = $db->query_read_slave("\n\t\tSELECT attachment.*\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tINNER JOIN " . TABLE_PREFIX . "attachment AS attachment ON (attachment.postid=post.postid AND attachment.visible=1)\n\t\tWHERE threadid = {$threadinfo['threadid']}\n\t\t\tAND post.visible = 1\n\t\tORDER BY filename DESC\n\t");
if ($db->num_rows($attachs)) {
require_once DIR . '/includes/functions_bigthree.php';
while ($attachment = $db->fetch_array($attachs)) {
// hide users in Coventry
$ast = '';
if (in_coventry($attachment['userid']) and !can_moderate($threadinfo['forumid'])) {
continue;
}
$show['quick_links_groups'] = ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_groups'] and $vbulletin->userinfo['permissions']['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canjoingroups']);
$show['quick_links_albums'] = ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums'] and $permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canviewmembers'] and $permissions['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['canviewalbum'] and $permissions['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['canalbum']);
$show['friends_and_contacts'] = ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends'] and $vbulletin->userinfo['permissions']['genericpermissions2'] & $vbulletin->bf_ugp_genericpermissions2['canusefriends']);
// #############################################################################
// page number is used in meta tags (sometimes)
$pagenumber = $vbulletin->input->clean_gpc('r', 'pagenumber', TYPE_UINT);
eval('$headinclude = "' . fetch_template('headinclude') . '";');
eval('$header = "' . fetch_template('header') . '";');
eval('$footer = "' . fetch_template('footer') . '";');
// #############################################################################
// Redirect if this forum has a link
// check if this forum is a link to an outside site
if (trim($foruminfo['link']) != '' and (THIS_SCRIPT != 'subscription' or $_REQUEST['do'] != 'removesubscription')) {
// get permission to view forum
$_permsgetter_ = 'forumdisplay';
$forumperms = fetch_permissions($forumid);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
print_no_permission();
}
// add session hash to local links if necessary
if (preg_match('#^([a-z0-9_]+\\.php)(\\?.*$)?#i', $foruminfo['link'], $match)) {
if ($match[2]) {
// we have a ?xyz part, put session url at beginning if necessary
$query_string = preg_replace('/([^a-z0-9])(s|sessionhash)=[a-z0-9]{32}(&|&)?/', '\\1', $match[2]);
$foruminfo['link'] = $match[1] . '?' . $vbulletin->session->vars['sessionurl_js'] . substr($query_string, 1);
} else {
$foruminfo['link'] .= $vbulletin->session->vars['sessionurl_q'];
}
}
exec_header_redirect($foruminfo['link'], true);
}
/**
* Fetches and prepares posts for quoting. Returned text is BB code.
*
* @param array Array of post IDs to pull from
* @param integer The ID of the thread that is being quoted into
* @param integer Returns the number of posts that were unquoted because of the value of the next argument
* @param array Returns the IDs of the posts that were actually quoted
* @param string Controls what posts are successfully quoted: all, only (only the thread ID), other (only other thread IDs)
* @param boolean Whether to undo the htmlspecialchars calls; useful when returning HTML to be entered via JS
*/
function fetch_quotable_posts($quote_postids, $threadid, &$unquoted_posts, &$quoted_post_ids, $limit_thread = 'only', $unhtmlspecialchars = false)
{
global $vbulletin;
$unquoted_posts = 0;
$quoted_post_ids = array();
$quote_postids = array_diff_assoc(array_unique(array_map('intval', $quote_postids)), array(0));
// limit to X number of posts
if ($vbulletin->options['mqlimit'] > 0) {
$quote_postids = array_slice($quote_postids, 0, $vbulletin->options['mqlimit']);
}
if (empty($quote_postids)) {
// nothing to quote
return '';
}
$hook_query_fields = $hook_query_joins = '';
($hook = vBulletinHook::fetch_hook('quotable_posts_query')) ? eval($hook) : false;
$quote_post_data = $vbulletin->db->query_read_slave("\n\t\tSELECT post.postid, post.title, post.pagetext, post.dateline, post.userid, post.visible AS postvisible,\n\t\t\tIF(user.username <> '', user.username, post.username) AS username,\n\t\t\tthread.threadid, thread.title AS threadtitle, thread.postuserid, thread.visible AS threadvisible,\n\t\t\tforum.forumid, forum.password\n\t\t\t{$hook_query_fields}\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (post.userid = user.userid)\n\t\tINNER JOIN " . TABLE_PREFIX . "thread AS thread ON (post.threadid = thread.threadid)\n\t\tINNER JOIN " . TABLE_PREFIX . "forum AS forum ON (thread.forumid = forum.forumid)\n\t\t{$hook_query_joins}\n\t\tWHERE post.postid IN (" . implode(',', $quote_postids) . ")\n\t");
$quote_posts = array();
while ($quote_post = $vbulletin->db->fetch_array($quote_post_data)) {
if ((!$quote_post['postvisible'] or $quote_post['postvisible'] == 2) and !can_moderate($quote_post['forumid']) or (!$quote_post['threadvisible'] or $quote_post['threadvisible'] == 2) and !can_moderate($quote_post['forumid'])) {
// no permission to view this post
continue;
}
$forumperms = fetch_permissions($quote_post['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($quote_post['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0) or !verify_forum_password($quote_post['forumid'], $quote_post['password'], false) or in_coventry($quote_post['postuserid']) and !can_moderate($quote_post['forumid']) or in_coventry($quote_post['userid']) and !can_moderate($quote_post['forumid'])) {
// no permission to view this post
continue;
}
if ($limit_thread == 'only' and $quote_post['threadid'] != $threadid or $limit_thread == 'other' and $quote_post['threadid'] == $threadid or $limit_thread == 'all') {
$unquoted_posts++;
continue;
}
$skip_post = false;
($hook = vBulletinHook::fetch_hook('quotable_posts_logic')) ? eval($hook) : false;
if ($skip_post) {
continue;
}
$quote_posts["{$quote_post['postid']}"] = $quote_post;
}
$message = '';
foreach ($quote_postids as $quote_postid) {
if (!isset($quote_posts["{$quote_postid}"])) {
continue;
}
$quote_post =& $quote_posts["{$quote_postid}"];
$originalposter = fetch_quote_username($quote_post['username'] . ";{$quote_post['postid']}");
$postdate = vbdate($vbulletin->options['dateformat'], $quote_post['dateline']);
$posttime = vbdate($vbulletin->options['timeformat'], $quote_post['dateline']);
$pagetext = htmlspecialchars_uni($quote_post['pagetext']);
$pagetext = trim(strip_quotes($pagetext));
($hook = vBulletinHook::fetch_hook('newreply_quote')) ? eval($hook) : false;
eval('$message .= "' . fetch_template('newpost_quote', 0, false) . '\\n";');
$quoted_post_ids[] = $quote_postid;
}
if ($unhtmlspecialchars) {
$message = unhtmlspecialchars($message);
}
return $message;
}
function do_get_post()
{
global $vbulletin, $db, $foruminfo, $threadinfo, $postid, $postinfo;
$vbulletin->input->clean_array_gpc('r', array('type' => TYPE_STR));
$type = 'html';
if ($vbulletin->GPC['type']) {
$type = $vbulletin->GPC['type'];
}
if (!$postinfo['postid']) {
standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink']));
}
if ((!$postinfo['visible'] or $postinfo['isdeleted']) and !can_moderate($threadinfo['forumid'])) {
standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink']));
}
if ((!$threadinfo['visible'] or $threadinfo['isdeleted']) and !can_moderate($threadinfo['forumid'])) {
standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink']));
}
$forumperms = fetch_permissions($threadinfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) {
json_error(ERR_NO_PERMISSION);
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) {
json_error(ERR_NO_PERMISSION);
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
$postbit_factory = new vB_Postbit_Factory();
$postbit_factory->registry =& $vbulletin;
$postbit_factory->forum =& $foruminfo;
$postbit_factory->cache = array();
$postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
$post = $db->query_first_slave("\n\tSELECT\n\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n\t user.*, userfield.*, usertextfield.*,\n\t " . iif($foruminfo['allowicons'], 'icon.title as icontitle, icon.iconpath,') . "\n\t IF(user.displaygroupid=0, user.usergroupid, user.displaygroupid) AS displaygroupid, infractiongroupid,\n\t\t" . iif($vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight,') . "\n\t\t" . ((can_moderate($threadinfo['forumid'], 'canmoderateposts') or can_moderate($threadinfo['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . "\n\t\teditlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline, editlog.reason AS edit_reason, editlog.hashistory,\n\t\tpostparsed.pagetext_html, postparsed.hasimages,\n\t\tsigparsed.signatureparsed, sigparsed.hasimages AS sighasimages,\n\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight\n\t\t" . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), $vbulletin->profilefield['hidden']) . "\n\t\t{$hook_query_fields}\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t\t" . iif($foruminfo['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . "\n\t\t" . iif($vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . "\n\t\t" . ((can_moderate($threadinfo['forumid'], 'canmoderateposts') or can_moderate($threadinfo['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . "\n\t\tLEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ")\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ")\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid)\n\t\t{$hook_query_joins}\n\t\tWHERE post.postid = {$postid}\n ");
$types = vB_Types::instance();
$contenttypeid = $types->getContentTypeID('vBForum_Post');
$attachments = $db->query_read_slave("\n\t\tSELECT\n\t\t\tfd.thumbnail_dateline, fd.filesize, IF(fd.thumbnail_filesize > 0, 1, 0) AS hasthumbnail, fd.thumbnail_filesize,\n\t\t\ta.dateline, a.state, a.attachmentid, a.counter, a.contentid AS postid, a.filename,\n\t\t\ttype.contenttypes\n\t\tFROM " . TABLE_PREFIX . "attachment AS a\n\t\tINNER JOIN " . TABLE_PREFIX . "filedata AS fd ON (a.filedataid = fd.filedataid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "attachmenttype AS type ON (fd.extension = type.extension)\n\t\tWHERE\n\t\t\ta.contentid = {$postid}\n\t\t\t\tAND\n\t\t\ta.contenttypeid = {$contenttypeid}\n\t\tORDER BY a.attachmentid\n\t");
$fr_images = array();
while ($attachment = $db->fetch_array($attachments)) {
$lfilename = strtolower($attachment['filename']);
if (strpos($lfilename, '.jpe') !== false || strpos($lfilename, '.png') !== false || strpos($lfilename, '.gif') !== false || strpos($lfilename, '.jpg') !== false || strpos($lfilename, '.jpeg') !== false) {
$tmp = array('img' => $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid']);
if ($vbulletin->options['attachthumbs']) {
$tmp['tmb'] = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'] . '&stc=1&thumb=1';
}
$fr_images[] = $tmp;
}
}
$postbits = '';
$postbit_obj =& $postbit_factory->fetch_postbit('post');
$postbit_obj->cachable = $post_cachable;
$postbits .= $postbit_obj->construct_postbit($post);
if ($type == 'html') {
$bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
$vbulletin->templatecache['bbcode_quote'] = '
<div style=\\"margin:0px; margin-top:0px;\\">
<table cellpadding=\\"$stylevar[cellpadding]\\" cellspacing=\\"0\\" border=\\"0\\" width=\\"100%\\">
<tr>
<td class=\\"alt2\\" style=\\"border:1px solid #777777;\\">
".(($show[\'username\']) ? ("
<div>
" . construct_phrase("$vbphrase[originally_posted_by_x]", "$username") . "
</div>
<div style=\\"font-style:italic\\">$message</div>
") : ("
$message
"))."
</td>
</tr>
</table>
</div>
';
$css = <<<EOF
<style type="text/css">
body {
margin: 0;
padding: 3;
font: 13px Arial, Helvetica, sans-serif;
}
.alt2 {
background-color: #e6edf5;
font: 13px Arial, Helvetica, sans-serif;
}
html {
-webkit-text-size-adjust: none;
}
</style>
EOF;
$html = $css . $bbcode_parser->parse($post['pagetext']);
$image = '';
} else {
if ($type == 'facebook') {
$html = fetch_censored_text(strip_bbcode(strip_quotes($post['pagetext']), false, true));
if (count($fr_images)) {
$image = $fr_images[0]['img'];
}
}
}
// Figure out if we can post
$canpost = true;
if ($threadinfo['isdeleted'] or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
$canpost = false;
}
if (!$foruminfo['allowposting'] or $foruminfo['link'] or !$foruminfo['cancontainthreads']) {
$canpost = false;
}
if (!$threadinfo['open']) {
if (!can_moderate($threadinfo['forumid'], 'canopenclose')) {
$canpost = false;
}
}
if (($vbulletin->userinfo['userid'] != $threadinfo['postuserid'] or !$vbulletin->userinfo['userid']) and (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyothers']))) {
$canpost = false;
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyown']) and $vbulletin->userinfo['userid'] == $threadinfo['postuserid']) {
$canpost = false;
}
// Avatar work
$avatarurl = '';
if ($post['avatarurl']) {
$avatarurl = process_avatarurl($post['avatarurl']);
}
// Get post date/time
$postdate = vbdate($vbulletin->options['dateformat'], $post['dateline'], 1);
$posttime = vbdate($vbulletin->options['timeformat'], $post['dateline']);
// Parse the post for quotes and inline images
list($text, $nuked_quotes, $images) = parse_post($post['pagetext'], $post['allowsmilie'] && $usesmilies);
$out = array('html' => prepare_utf8_string($html), 'post_id' => $post['postid'], 'thread_id' => $post['threadid'], 'forum_id' => $foruminfo['forumid'], 'forum_title' => prepare_utf8_string($foruminfo['title_clean']), 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string($post['joindate']), 'usertitle' => prepare_utf8_string(strip_tags($post['usertitle'])), 'numposts' => $post['posts'] ? (string) $post['posts'] : '0', 'userid' => $post['userid'], 'title' => prepare_utf8_string($post['title']), 'post_timestamp' => prepare_utf8_string(date_trunc($postdate) . ' ' . $posttime), 'canpost' => $canpost, 'quotable' => $nuked_quotes, 'canattach' => $forumperms & $vbulletin->bf_ugp_forumpermissions['canpostattachment'] and $vbulletin->userinfo['userid'], 'edittext' => prepare_utf8_string($post['pagetext']));
if ($avatarurl != '') {
$out['avatarurl'] = $avatarurl;
}
if ($post['editlink']) {
$out['canedit'] = true;
}
if ($image != '') {
$out['image'] = $image;
}
return $out;
}
$post['counter'] = vb_number_format($post['counter']);
$post['size'] = vb_number_format($post['size'], 1, true);
$post['postdate'] = vbdate($vbulletin->options['dateformat'], $post['p_dateline'], true);
$post['posttime'] = vbdate($vbulletin->options['timeformat'], $post['p_dateline']);
$post['attachmentextension'] = strtolower(file_extension($post['filename']));
$show['thumbnail'] = iif($post['hasthumbnail'] == 1 and $vbulletin->options['attachthumbs'] and $showthumbs, 1, 0);
$show['inprogress'] = iif(!$post['postid'], true, false);
$show['deletebox'] = false;
if ($post['inprogress']) {
$show['deletebox'] = true;
} else {
if ($post['open'] or $vbulletin->options['allowclosedattachdel'] or can_moderate($post['forumid'], 'canopenclose')) {
if (can_moderate($post['forumid'], 'caneditposts')) {
$show['deletebox'] = true;
} else {
$forumperms = fetch_permissions($post['forumid']);
if ($forumperms & $vbulletin->bf_ugp_forumpermissions['caneditpost'] and $vbulletin->userinfo['userid'] == $post['userid']) {
if ($vbulletin->options['allowattachdel'] or !$vbulletin->options['edittimelimit'] or $post['p_dateline'] >= TIMENOW - $vbulletin->options['edittimelimit'] * 60) {
$show['deletebox'] = true;
}
}
}
}
}
if ($show['deletebox']) {
$show['deleteoption'] = true;
}
($hook = vBulletinHook::fetch_hook('profile_editattachments_bit')) ? eval($hook) : false;
eval('$template[\'attachmentlistbits\'] .= "' . fetch_template('modifyattachmentsbit') . '";');
}
$sorturl = 'profile.php?' . $vbulletin->session->vars['sessionurl'] . 'do=editattachments';
/**
* Processes miscellaneous post items at the end of the construction process.
*/
function prep_post_end()
{
global $show;
// check for autoscrolling
global $postid, $onload, $threadedmode;
if ($this->post['postid'] == $postid)
{
$this->post['scrolltothis'] = ' id="currentPost"';
if ($threadedmode == 0)
{
$onload = htmlspecialchars_uni("if (document.body.scrollIntoView && fetch_object('currentPost') && (window.location.href.indexOf('#') == -1 || window.location.href.indexOf('#post') > -1)) { fetch_object('currentPost').scrollIntoView(true); }");
}
}
else
{
$this->post['scrolltothis'] = '';
}
// highlight words from search engine ($_REQUEST[highlight])
// Highlight word in all posts even if we link to one post since if we come from "Last Page" in thread search results, we don't only care about the last post!
if (!empty($this->highlight) AND is_array($this->highlight)) // AND ($_REQUEST['postid'] == $post['postid'] OR empty($_REQUEST['postid'])) )
{
$this->post['message'] = preg_replace('#(^|>)([^<]+)(?=<|$)#sUe', "\$this->process_highlight_postbit('\\2', \$this->highlight, '\\1')", $this->post['message']);
$this->post['message'] = preg_replace('#<vb_highlight>(.*)</vb_highlight>#siU', '<span class="highlight">$1</span>', $this->post['message']);
}
// hide edit button if they can't use it
$forumperms = fetch_permissions($this->thread['forumid']);
if (
!$this->thread['isdeleted'] AND !$this->post['isdeleted'] AND (
can_moderate($this->thread['forumid'], 'caneditposts') OR
//can_moderate($this->thread['forumid'], 'candeleteposts') OR
(
$this->thread['open'] AND
$this->post['userid'] == $this->registry->userinfo['userid'] AND
($forumperms & $this->registry->bf_ugp_forumpermissions['caneditpost']) AND
( $this->post['dateline'] >= (TIMENOW - ($this->registry->options['edittimelimit'] * 60)) OR
$this->registry->options['edittimelimit'] == 0
)
))
)
{
// can edit or delete this post, so show the link
$this->post['editlink'] = 'editpost.php?' . $this->registry->session->vars['sessionurl'] . 'do=editpost&p=' . $this->post['postid'];
if ($this->registry->options['quickedit'])
{
$show['ajax_js'] = true;
}
}
else
{
$this->post['editlink'] = '';
}
if (
!$this->thread['isdeleted'] AND
!$this->post['isdeleted'] AND
$this->forum['allowposting'] AND
!$show['search_engine'] AND
($this->thread['open'] OR can_moderate($this->thread['forumid'], 'canopenclose'))
)
{
$this->post['replylink'] = 'newreply.php?' . $this->registry->session->vars['sessionurl'] . 'do=newreply&p=' . $this->post['postid'];
if ($show['multiquote_global'])
{
$show['multiquote_post'] = true;
$show['multiquote_selected'] = (is_array($this->registry->GPC['vbulletin_multiquote']) AND in_array($this->post['postid'], $this->registry->GPC['vbulletin_multiquote']));
}
}
else
{
$this->post['replylink'] = '';
$show['multiquote_post'] = false;
}
if (!empty($this->post['del_reason']))
{
$this->post['del_reason'] = fetch_censored_text($this->post['del_reason']);
}
$this->post['forwardlink'] = '';
$this->post['reportlink'] = 'report.php?' . $this->registry->session->vars['sessionurl'] . 'p=' . $this->post['postid'];
$show['reportlink'] = (
$this->registry->userinfo['userid']
AND ($this->registry->options['rpforumid'] OR
($this->registry->options['enableemail'] AND $this->registry->options['rpemail']))
);
$show['postcount'] = (!empty($this->post['postcount']) AND !$show['search_engine']);
$show['reputationlink'] = (
($this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canuserep']
OR $this->post['userid'] == $this->registry->userinfo['userid'])
AND $this->registry->options['reputationenable']
AND $this->registry->userinfo['userid']
AND $this->post['userid']
AND $this->post['visible'] != 2
AND $this->registry->usergroupcache[$this->post['usergroupid']]['genericoptions'] & $this->registry->bf_ugp_genericoptions['isnotbannedgroup']
);
$show['infractionlink'] = (
// Must have 'cangiveinfraction' permission. Branch dies right here majority of the time
$this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['cangiveinfraction']
// Can not give yourself an infraction
AND $this->post['userid'] != $this->registry->userinfo['userid']
// Can not give an infraction to a post that already has one
AND empty($this->post['infraction'])
// Can not give an admin an infraction
AND !($this->cache['perms'][$this->post['userid']]['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'])
// Only Admins can give a supermod an infraction
AND (
!($this->cache['perms'][$this->post['userid']]['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['ismoderator'])
OR $this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']
)
// Can not give guests infractions
AND $this->post['userid']
);
// need to see the card to be able to remove it. 'cansee' is designed for groups who can't give infractions
$canseeinfraction = (
$this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canreverseinfraction']
OR $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canseeinfraction']
OR $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['cangiveinfraction']
OR ($this->post['userid'] == $this->registry->userinfo['userid'] /*AND $this->registry->options['canseeown']*/)
);
$show['redcard'] = ($this->post['infraction'] == 2 AND $canseeinfraction);
$show['yellowcard'] = ($this->post['infraction'] == 1 AND $canseeinfraction);
$show['moderated'] = (!$this->post['visible'] OR (!$this->thread['visible'] AND $this->post['postcount'] == 1)) ? true : false;
$show['spam'] = ($show['moderated'] AND $this->post['spamlog_postid']) ? true : false;
$show['deletedpost'] = ($this->post['visible'] == 2 OR ($this->thread['visible'] == 2 AND $this->post['postcount'] == 1)) ? true : false;
parent::prep_post_end();
}
