/** * Verify permissions of a single attachment * * @return bool */ public function verify_attachment() { if (!($this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_groups']) or !($this->registry->userinfo['permissions']['socialgrouppermissions'] & $this->registry->bf_ugp_socialgrouppermissions['canviewgroups']) or !$this->registry->options['socnet_groups_pictures_enabled']) { return false; } // Called in verify_attachment_specific(). // $hook_query_fields = $hook_query_joins = $hook_query_where = ''; // ($hook = vBulletinHook::fetch_hook('attachment_start')) ? eval($hook) : false; $selectsql = array("'public' AS albumstate", "sg.options AS groupoptions", "sgm.type AS ownermembertype", "bm.type AS browsermembertype"); $joinsql = array("LEFT JOIN " . TABLE_PREFIX . "socialgroupmember AS sgm ON (sgm.userid = a.userid AND sgm.groupid = a.contentid AND sgm.type = 'member')", "LEFT JOIN " . TABLE_PREFIX . "socialgroup AS sg ON (sg.groupid = a.contentid)", "LEFT JOIN " . TABLE_PREFIX . "socialgroupmember AS bm ON (bm.userid = " . $this->registry->userinfo['userid'] . " AND bm.groupid = a.contentid)"); if (!$this->verify_attachment_specific('vBForum_SocialGroup', $selectsql, $joinsql)) { return false; } /* TODO $this->browsinginfo = array( 'bloginfo' => array( 'blogid' => $this->attachmentinfo['blogid'], ), 'userinfo' => array( 'userid' => $this->attachmentinfo['userid'], ), ); */ $canviewcontent = (!($this->attachmentinfo['groupoptions'] & $this->registry->bf_misc_socialgroupoptions['join_to_view']) or !$this->registry->options['sg_allow_join_to_view'] or $this->attachmentinfo['browsermembertype'] == 'member' or can_moderate(0, 'caneditsocialgroups') or fetch_socialgroup_perm('canalwayspostmessage') or fetch_socialgroup_perm('canalwascreatediscussion')); if (!$canviewcontent) { return false; } if ($this->attachmentinfo['contentid'] == 0) { // there may be a condition where certain moderators could benefit by seeing these, I just don't know of any conditions at present if ($this->registry->userinfo['userid'] != $this->attachmentinfo['userid']) { return false; } } else { if (isset($this->attachmentinfo['browsermembertype']) and empty($this->attachmentinfo['browsermembertype']) or $this->attachmentinfo['ownermembertype'] != 'member') { return false; } else { if ($this->attachmentinfo['state'] == 'moderation' and $this->attachmentinfo['userid'] != $this->registry->userinfo['userid'] and !can_moderate(0, 'canmoderategrouppicture')) { // I am not aware of a need to ever return clear.gif for a picture viewed in the group setting. return false; } else { if (!($this->attachmentinfo['groupoptions'] & $this->registry->bf_misc_socialgroupoptions['enable_group_albums'])) { return false; } else { if (!$this->registry->GPC['thumb']) { if ($this->attachmentinfo['browsermembertype'] != 'member' and !can_moderate(0, 'caneditgrouppicture')) { return false; } else { return true; } } } } } } return true; }
/** * Takes information regardign a group, and prepares the information within it * for display * * @param array Group Array * @param bool Whether to fetch group members and avatars * * @return array Group Array with prepared information * */ function prepare_socialgroup($group, $fetchmembers = false) { global $vbulletin; if (!is_array($group)) { return array(); } if ($fetchmembers) { $membersinfo = cache_group_members(); $group['membersinfo'] = $membersinfo[$group['groupid']]; } $group['joindate'] = !empty($group['joindate']) ? vbdate($vbulletin->options['dateformat'], $group['joindate'], true) : ''; $group['createtime'] = !empty($group['createdate']) ? vbdate($vbulletin->options['timeformat'], $group['createdate'], true) : ''; $group['createdate'] = !empty($group['createdate']) ? vbdate($vbulletin->options['dateformat'], $group['createdate'], true) : ''; $group['lastupdatetime'] = !empty($group['lastupdate']) ? vbdate($vbulletin->options['timeformat'], $group['lastupdate'], true) : ''; $group['lastupdatedate'] = !empty($group['lastupdate']) ? vbdate($vbulletin->options['dateformat'], $group['lastupdate'], true) : ''; $group['visible'] = vb_number_format($group['visible']); $group['moderation'] = vb_number_format($group['moderation']); $group['members'] = vb_number_format($group['members']); $group['moderatedmembers'] = vb_number_format($group['moderatedmembers']); $group['categoryname'] = htmlspecialchars_uni($group['categoryname']); $group['discussions'] = vb_number_format($group['discussions']); $group['lastdiscussion'] = fetch_word_wrapped_string(fetch_censored_text($group['lastdiscussion'])); $group['trimdiscussion'] = fetch_trimmed_title($group['lastdiscussion']); if (!($group['options'] & $vbulletin->bf_misc_socialgroupoptions['enable_group_albums'])) { // albums disabled in this group - force 0 pictures $group['picturecount'] = 0; } $group['rawpicturecount'] = $group['picturecount']; $group['picturecount'] = vb_number_format($group['picturecount']); $group['rawname'] = $group['name']; $group['rawdescription'] = $group['description']; $group['name'] = fetch_word_wrapped_string(fetch_censored_text($group['name'])); if ($group['description']) { $group['shortdescription'] = fetch_word_wrapped_string(fetch_censored_text(fetch_trimmed_title($group['description'], 185))); } else { $group['shortdescription'] = $group['name']; } $group['mediumdescription'] = fetch_word_wrapped_string(fetch_censored_text(fetch_trimmed_title($group['description'], 1000))); $group['description'] = nl2br(fetch_word_wrapped_string(fetch_censored_text($group['description']))); $group['is_owner'] = $group['creatoruserid'] == $vbulletin->userinfo['userid']; $group['is_automoderated'] = ($group['options'] & $vbulletin->bf_misc_socialgroupoptions['owner_mod_queue'] and $vbulletin->options['sg_allow_owner_mod_queue'] and !$vbulletin->options['social_moderation']); $group['canviewcontent'] = (!($group['options'] & $vbulletin->bf_misc_socialgroupoptions['join_to_view']) or !$vbulletin->options['sg_allow_join_to_view'] or $group['membertype'] == 'member' or can_moderate(0, 'canmoderategroupmessages') or can_moderate(0, 'canremovegroupmessages') or can_moderate(0, 'candeletegroupmessages') or fetch_socialgroup_perm('canalwayspostmessage') or fetch_socialgroup_perm('canalwascreatediscussion')); $group['lastpostdate'] = vbdate($vbulletin->options['dateformat'], $group['lastpost'], true); $group['lastposttime'] = vbdate($vbulletin->options['timeformat'], $group['lastpost']); $group['lastposterid'] = $group['canviewcontent'] ? $group['lastposterid'] : 0; $group['lastposter'] = $group['canviewcontent'] ? $group['lastposter'] : ''; // check read marking //remove notice and make readtime determination a bit more clear if (!empty($group['readtime'])) { $readtime = $group['readtime']; } else { $readtime = fetch_bbarray_cookie('group_marking', $group['groupid']); if (!$readtime) { $readtime = $vbulletin->userinfo['lastvisit']; } } // get thumb url $group['iconurl'] = fetch_socialgroupicon_url($group, true); // check if social group is moderated to join $group['membermoderated'] = 'moderated' == $group['type']; // posts older than markinglimit days won't be highlighted as new $oldtime = TIMENOW - $vbulletin->options['markinglimit'] * 24 * 60 * 60; $readtime = max((int) $readtime, $oldtime); $group['readtime'] = $readtime; $group['is_read'] = $readtime >= $group['lastpost']; // Legacy Hook 'group_prepareinfo' Removed // return $group; }
/** * Determines whether we can edit a specific group message * * @param array Message Information * @param array Group Information * * @return boolean */ function can_edit_group_message($messageinfo, $group) { global $vbulletin; if (!$vbulletin->userinfo['userid']) { return false; } switch ($messageinfo['state']) { case 'deleted': $canviewdeleted = (fetch_socialgroup_modperm('canundeletegroupmessages', $group) or $vbulletin->userinfo['userid'] == $messageinfo['postuserid'] and fetch_socialgroup_perm('canmanagemessages')); if (!$canviewdeleted) { return false; } return fetch_socialgroup_modperm('canundeletegroupmessages', $group) and can_moderate(0, 'caneditgroupmessages'); break; default: if ($messageinfo['postuserid'] == $vbulletin->userinfo['userid'] and fetch_socialgroup_perm('canmanagemessages')) { return true; } } return can_moderate(0, 'caneditgroupmessages'); }
public function getData() { //the user can't see socialgroups, abort now. if ( !($this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_groups']) OR !($this->registry->userinfo['permissions']['socialgrouppermissions'] & $this->registry->bf_ugp_socialgrouppermissions['canviewgroups']) ) { return ""; } if ($this->config['sgdiscussions_groupids']) { $groupids = explode(',', $this->config['sgdiscussions_groupids']); $groupidsql = ''; if (intval($groupids[0])) { $groupidsql = " AND socialgroup.groupid IN (-1"; foreach ((array)$groupids as $groupid) { $groupidsql .= "," . intval($groupid); } $groupidsql .= ")"; } } if ($this->config['sgdiscussions_catids']) { $catidsql = ''; if (!in_array(-1, $this->config['sgdiscussions_catids'])) { $catidsql = " AND socialgroup.socialgroupcategoryid IN (-1"; foreach ($this->config['sgdiscussions_catids'] AS $catid) { $catidsql .= ",$catid"; } $catidsql .= ")"; } } $datecut = TIMENOW - ($this->config['datecut'] * 86400); switch (intval($this->config['sgdiscussions_type'])) { case 0: $ordersql = " groupmessage.dateline DESC"; $datecutoffsql = " AND groupmessage.dateline > $datecut"; break; case 1: $ordersql = " discussion.lastpost DESC"; $datecutoffsql = " AND discussion.lastpost > $datecut"; break; case 2: $ordersql = " discussion.visible DESC"; $datecutoffsql = " AND groupmessage.dateline > $datecut"; break; } // remove threads from users on the global ignore list if user is not a moderator $globalignore = ''; if (trim($this->registry->options['globalignore']) != '') { require_once(DIR . '/includes/functions_bigthree.php'); if ($Coventry = fetch_coventry('string')) { $globalignore = "AND groupmessage.postuserid NOT IN ($Coventry) "; } } require_once(DIR . '/includes/functions_socialgroup.php'); $canviewprivate = ( //don't allow groups to be hidden from non members !$this->registry->options['sg_allow_join_to_view'] OR //can see hidden groups can_moderate(0, 'canmoderategroupmessages') OR can_moderate(0, 'canremovegroupmessages') OR can_moderate(0, 'candeletegroupmessages') OR fetch_socialgroup_perm('canalwayspostmessage') OR fetch_socialgroup_perm('canalwascreatediscussion') ); $membertypejoin = ""; $memberfilter = ""; if (!$canviewprivate) { $memberfilter = "AND ( !(socialgroup.options & " . $this->registry->bf_misc_socialgroupoptions["join_to_view"] . ")"; if ($this->registry->userinfo['userid']) { $membertypejoin = "LEFT JOIN " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember ON (socialgroupmember.userid = " . $this->registry->userinfo['userid'] . " AND socialgroupmember.groupid = socialgroup.groupid)"; $memberfilter .= " OR socialgroupmember.type = 'member' "; } $memberfilter.= ")"; } $gms = $this->registry->db->query_read_slave(" SELECT discussion.discussionid, discussion.groupid, discussion.lastpostid, discussion.lastpost, discussion.lastposter, discussion.lastposterid, discussion.visible, groupmessage.gmid, groupmessage.postuserid, groupmessage.postusername, groupmessage.dateline, groupmessage.title, groupmessage.pagetext as message, socialgroup.name as groupname, socialgroup.description as groupdescription, user.* " . ($this->registry->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . " FROM " . TABLE_PREFIX . "discussion AS discussion INNER JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON(discussion.groupid = socialgroup.groupid) INNER JOIN " . TABLE_PREFIX . "groupmessage AS groupmessage ON (discussion.firstpostid = groupmessage.gmid) LEFT JOIN " . TABLE_PREFIX . "user AS user ON (groupmessage.postuserid = user.userid) " . ($this->registry->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . " $membertypejoin WHERE 1=1 $groupidsql $catidsql $memberfilter AND discussion.visible > 0 AND groupmessage.state = 'visible' $datecutoffsql $globalignore ORDER BY$ordersql LIMIT 0," . intval($this->config['sgdiscussions_limit']) . " "); while ($gm = $this->registry->db->fetch_array($gms)) { $gm['title'] = fetch_trimmed_title($gm['title'], $this->config['sgdiscussions_titlemaxchars']); $gm['groupname'] = htmlspecialchars_uni($gm['groupname']); $gm['groupdescription'] = htmlspecialchars_uni($gm['groupdescription']); //$gm['url'] = 'group.php?' . $this->registry->session->vars['sessionurl'] . 'do=discuss&discussionid=' . $gm['discussionid']; //$gm['groupurl'] = 'group.php?' . $this->registry->session->vars['sessionurl'] . 'groupid=' . $gm['groupid']; $gm['date'] = vbdate($this->registry->options['dateformat'], $gm['dateline'], true); $gm['time'] = vbdate($this->registry->options['timeformat'], $gm['dateline']); $gm['lastpostdate'] = vbdate($this->registry->options['dateformat'], $gm['lastpost'], true); $gm['lastposttime'] = vbdate($this->registry->options['timeformat'], $gm['lastpost']); $gm['message'] = $this->get_summary($gm['message'], $this->config['sgdiscussions_messagemaxchars']); // we need to count replies so $gm['replycount'] = $gm['visible'] - 1; // get avatar $this->fetch_avatarinfo($gm); $gmarray[$gm['discussionid']] = $gm; return($gmarray); } }
$groupicon =& datamanager_init('SocialGroupIcon', $vbulletin, ERRTYPE_STANDARD); $groupicon->condition = "groupid = " . $group['groupid']; $groupicon->delete(); unset($groupicon); } else { $vbulletin->input->clean_gpc('f', 'upload', TYPE_FILE); require_once DIR . '/includes/class_upload.php'; require_once DIR . '/includes/class_image.php'; $upload = new vB_Upload_SocialGroupIcon($vbulletin); $upload->data =& datamanager_init('SocialGroupIcon', $vbulletin, ERRTYPE_STANDARD); $upload->image =& vB_Image::fetch_library($vbulletin); $upload->set_group_info($group); $upload->maxwidth = FIXED_SIZE_GROUP_ICON_WIDTH; $upload->maxheight = FIXED_SIZE_GROUP_ICON_HEIGHT; $upload->maxuploadsize = $vbulletin->userinfo['permissions']['groupiconmaxsize']; $upload->allowanimation = fetch_socialgroup_perm('cananimategroupicon'); if (!$upload->process_upload($vbulletin->GPC['iconurl'])) { eval(standard_error($upload->fetch_error())); } unset($upload); } ($hook = vBulletinHook::fetch_hook('group_update_groupicon_complete')) ? eval($hook) : false; } if ($vbulletin->GPC['icononly']) { $vbulletin->url = 'group.php?' . $vbulletin->session->vars['sessionurl'] . 'groupid=' . $group['groupid']; eval(print_standard_redirect('successfully_created_group')); } eval(print_standard_redirect('redirect_updatethanks')); } // ####################################################################### if ($templatename != '') {
continue; } else { $candeletemessage = (fetch_socialgroup_modperm('candeletediscussions', $group) or $message['state'] == 'visible' and $message['postuserid'] == $vbulletin->userinfo['userid'] and fetch_socialgroup_perm('canmanagemessages')); if (!$candeletemessage) { standard_error(fetch_error('you_do_not_have_permission_to_soft_delete_discussions')); } } } else { if ($message['state'] == 'moderation' and !fetch_socialgroup_modperm('canmoderategroupmessages', $group)) { standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_messages')); } if ($physicaldel and !can_moderate(0, 'canremovegroupmessages')) { standard_error(fetch_error('you_do_not_have_permission_to_hard_delete_messages')); } // check user has permission to delete the message $candeletemessage = (fetch_socialgroup_modperm('candeletegroupmessages', $group) or $message['state'] == 'visible' and $message['postuserid'] == $vbulletin->userinfo['userid'] and fetch_socialgroup_perm('canmanagemessages')); if (!$candeletemessage) { standard_error(fetch_error('you_do_not_have_permission_to_soft_delete_messages')); } } $message['group_name'] = $group['name']; $message['discussion_name'] = $discussion['title']; $message['groupid'] = $discussion['groupid']; $messagearray["{$message['gmid']}"] = $message; $discussionlist["{$message['discussionid']}"] = true; $grouplist["{$discussion['groupid']}"] = true; $ownerlist["{$group['creatoruserid']}"] = true; } } // Skip messages that are in discussions that will be hard deleted if (sizeof($discussionarray)) {
public function getData() { //the user can't see socialgroups, abort now. if (!($this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_groups']) or !($this->registry->userinfo['permissions']['socialgrouppermissions'] & $this->registry->bf_ugp_socialgrouppermissions['canviewgroups'])) { return ''; } if ($this->config['sgdiscussions_groupids']) { $groupids = explode(',', $this->config['sgdiscussions_groupids']); $groupidsql = ''; if (intval($groupids[0])) { $groupidsql = " AND socialgroup.groupid IN (-1"; foreach ((array) $groupids as $groupid) { $groupidsql .= "," . intval($groupid); } $groupidsql .= ")"; } } if ($this->config['sgdiscussions_catids']) { $catidsql = ''; if (!in_array(-1, $this->config['sgdiscussions_catids'])) { $catidsql = " AND socialgroup.socialgroupcategoryid IN (-1"; foreach ($this->config['sgdiscussions_catids'] as $catid) { $catidsql .= ",{$catid}"; } $catidsql .= ")"; } } $datecut = TIMENOW - $this->config['datecut'] * 86400; switch (intval($this->config['sgdiscussions_type'])) { case 0: $ordersql = " groupmessage.dateline DESC"; $datecutoffsql = " AND groupmessage.dateline > {$datecut}"; break; case 1: $ordersql = " discussion.lastpost DESC"; $datecutoffsql = " AND discussion.lastpost > {$datecut}"; break; case 2: $ordersql = " discussion.visible DESC"; $datecutoffsql = " AND groupmessage.dateline > {$datecut}"; break; } // remove threads from users on the global ignore list if user is not a moderator $globalignore = ''; if (trim($this->registry->options['globalignore']) != '') { require_once DIR . '/includes/functions_bigthree.php'; if ($Coventry = fetch_coventry('string')) { $globalignore = "AND groupmessage.postuserid NOT IN ({$Coventry}) "; } } require_once DIR . '/includes/functions_socialgroup.php'; $canviewprivate = (!$this->registry->options['sg_allow_join_to_view'] or can_moderate(0, 'canmoderategroupmessages') or can_moderate(0, 'canremovegroupmessages') or can_moderate(0, 'candeletegroupmessages') or fetch_socialgroup_perm('canalwayspostmessage') or fetch_socialgroup_perm('canalwascreatediscussion')); $membertypejoin = ""; $memberfilter = ""; if (!$canviewprivate) { $memberfilter = "AND ( !(socialgroup.options & " . $this->registry->bf_misc_socialgroupoptions["join_to_view"] . ")"; if ($this->registry->userinfo['userid']) { $membertypejoin = "LEFT JOIN " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember ON\n\t\t\t\t\t(socialgroupmember.userid = " . $this->registry->userinfo['userid'] . " AND socialgroupmember.groupid = socialgroup.groupid)"; $memberfilter .= " OR socialgroupmember.type = 'member' "; } $memberfilter .= ")"; } // VBIV-4609 changed the user.* to come first, to take the discussion.lastpost instead of user.lastpost since both have lastpost. $gms = $this->registry->db->query_read_slave("\n\t\t\tSELECT user.*, discussion.discussionid, discussion.groupid, discussion.lastpostid, discussion.lastpost,\n\t\t\t\tdiscussion.lastposter, discussion.lastposterid, discussion.visible,\n\t\t\t\tgroupmessage.gmid, groupmessage.postuserid, groupmessage.postusername, groupmessage.dateline,\n\t\t\t\tgroupmessage.title, groupmessage.pagetext as message,\n\t\t\t\tsocialgroup.name as groupname, socialgroup.description as groupdescription\n\t\t\t\t" . ($this->registry->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar,\n\t\t\t\t\tcustomavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "\n\t\t\tFROM " . TABLE_PREFIX . "discussion AS discussion\n\t\t\tINNER JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON(discussion.groupid = socialgroup.groupid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "groupmessage AS groupmessage ON (discussion.firstpostid = groupmessage.gmid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (groupmessage.postuserid = user.userid)\n\t\t\t" . ($this->registry->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t{$membertypejoin}\n\t\tWHERE 1=1\n\t\t\t{$groupidsql}\n\t\t\t{$catidsql}\n\t\t\t{$memberfilter}\n\t\t\tAND discussion.visible > 0\n\t\t\tAND groupmessage.state = 'visible'\n\t\t\t{$datecutoffsql}\n\t\t\t{$globalignore}\n\t\tORDER BY{$ordersql}\n\t\tLIMIT 0," . intval($this->config['sgdiscussions_limit']) . "\n\t\t"); $gmarray = array(); while ($gm = $this->registry->db->fetch_array($gms)) { //trim and censor the title $gm['title'] = fetch_trimmed_title(fetch_censored_text($gm['title']), $this->config['sgdiscussions_titlemaxchars']); $gm['groupname'] = htmlspecialchars_uni($gm['groupname']); $gm['groupdescription'] = htmlspecialchars_uni($gm['groupdescription']); $gm['date'] = vbdate($this->registry->options['dateformat'], $gm['dateline'], true); $gm['time'] = vbdate($this->registry->options['timeformat'], $gm['dateline']); $gm['lastpostdate'] = vbdate($this->registry->options['dateformat'], $gm['lastpost'], true); $gm['lastposttime'] = vbdate($this->registry->options['timeformat'], $gm['lastpost']); $gm['message'] = $this->get_summary($gm['message'], $this->config['sgdiscussions_messagemaxchars']); // we need to count replies so $gm['replycount'] = $gm['visible'] - 1; // get avatar $this->fetch_avatarinfo($gm); $gmarray[$gm['discussionid']] = $gm; } return $gmarray; }