/**
* Builds the custom Profile Field Data
*
* @param boolean Should we show hidden fields if we're allowed to view them?
*/
function build_field_data($showhidden)
{
if ($this->data_built) {
return;
}
$this->categories = array(0 => array());
$this->locations = array();
if (!isset($this->factory->privacy_requirements)) {
$this->fetch_privacy_requirements();
}
$profilefields_result = $this->registry->db->query_read_slave("\n\t\t\tSELECT pf.profilefieldcategoryid, pfc.location, pf.*\n\t\t\tFROM " . TABLE_PREFIX . "profilefield AS pf\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "profilefieldcategory AS pfc ON(pfc.profilefieldcategoryid = pf.profilefieldcategoryid)\n\t\t\tWHERE pf.form = 0 " . iif($showhidden or !($this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canseehiddencustomfields']), "\n\t\t\t\t\tAND pf.hidden = 0") . "\n\t\t\tORDER BY pfc.displayorder, pf.displayorder\n\t\t");
while ($profilefield = $this->registry->db->fetch_array($profilefields_result)) {
$requirement = isset($this->factory->privacy_requirements["profile_cat{$profilefield['profilefieldcategoryid']}"]) ? $this->factory->privacy_requirements["profile_cat{$profilefield['profilefieldcategoryid']}"] : $this->default_privacy_requirement;
if (fetch_user_relationship($this->profile->userinfo['userid'], $this->registry->userinfo['userid']) >= $requirement) {
$this->categories["{$profilefield['profilefieldcategoryid']}"][] = $profilefield;
$this->locations["{$profilefield['profilefieldcategoryid']}"] = $profilefield['location'];
}
}
$this->data_built = true;
}
/**
* Determines if the browsing user can view a specific section of a user's profile.
*
* @param integer User ID to check against
* @param string Name of the section to check
* @param string Optional override for privacy requirement (prevents query)
* @param array Optional array of userinfo (to save on querying)
*
* @return boolean
*/
function can_view_profile_section($userid, $section, $privacy_requirement = null, $userinfo = null)
{
global $vbulletin;
if (!$vbulletin->options['profileprivacy']) {
// not enabled - always viewable
return true;
}
if (!is_array($userinfo)) {
if ($userid == $vbulletin->userinfo['userid']) {
return true;
}
$userinfo = fetch_userinfo($userid);
if (!$userinfo) {
return true;
}
} else {
if ($userinfo['userid'] == $vbulletin->userinfo['userid']) {
return true;
}
}
if (!isset($userinfo['permissions'])) {
cache_permissions($userinfo, false);
}
if (!($userinfo['permissions']['usercsspermissions'] & $vbulletin->bf_ugp_usercsspermissions['caneditprivacy'])) {
// user doesn't have permission - always viewable
return true;
}
if ($privacy_requirement === null) {
$privacy_requirement = $vbulletin->db->query_first_slave("\n\t\t\tSELECT requirement\n\t\t\tFROM " . TABLE_PREFIX . "profileblockprivacy\n\t\t\tWHERE userid = " . intval($userinfo['userid']) . "\n\t\t\t\tAND blockid = '" . $vbulletin->db->escape_string($section) . "'\n\t\t");
$privacy_requirement = $privacy_requirement['requirement'] ? $privacy_requirement['requirement'] : 0;
}
return !$privacy_requirement or fetch_user_relationship($userinfo['userid'], $vbulletin->userinfo['userid']) >= $privacy_requirement;
}
/**
* Builds conditions for the message query based on the user's permissions.
* @see fetch()
*
* @access protected
*
* @return string The built SQL
*/
function state_sql()
{
if (isset($this->state_sql)) {
return $this->state_sql;
}
// Build state conditions for query
$state = array('public');
if ($this->parent_id) {
if (can_view_private_albums($this->parent_id)) {
$state[] = 'private';
}
if (can_view_profile_albums($this->parent_id)) {
$state[] = 'profile';
}
}
$this->state_sql = "AND (album.state IN ('" . implode("','", $state) . "')";
if ($this->show_moderated and can_moderate(0, 'canmoderatepictures')) {
$this->state_sql .= 'AND (album.visible > 0 OR album.moderation > 0)';
} else {
$this->state_sql .= 'AND album.visible > 0';
}
$this->state_sql .= ')';
require_once DIR . '/includes/functions_user.php';
$privacy_requirement = fetch_user_relationship($this->parent_id, $this->registry->userinfo['userid']);
$this->state_sql .= " AND (profileblockprivacy.requirement <= " . intval($privacy_requirement) . " OR profileblockprivacy.requirement IS NULL)";
return $this->state_sql;
}
/**
* Verify permissions of a single attachment
*
* @return bool
*/
public function verify_attachment()
{
if (!($this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_albums']))
{
return false;
}
$hook_query_fields = $hook_query_joins = $hook_query_where = '';
($hook = vBulletinHook::fetch_hook('attachment_start')) ? eval($hook) : false;
$selectsql = array(
"album.state AS albumstate, album.albumid, album.userid AS albumuserid",
"pbp.requirement AS privacy_requirement",
);
$joinsql = array(
"LEFT JOIN " . TABLE_PREFIX . "album AS album ON (album.albumid = a.contentid)",
"LEFT JOIN " . TABLE_PREFIX . "profileblockprivacy AS pbp ON (pbp.userid = a.userid AND pbp.blockid = 'albums')",
);
if (!$this->verify_attachment_specific('vBForum_Album', $selectsql, $joinsql))
{
return false;
}
/* TODO
$this->browsinginfo = array(
'bloginfo' => array(
'blogid' => $this->attachmentinfo['blogid'],
),
'userinfo' => array(
'userid' => $this->attachmentinfo['userid'],
),
);
*/
require_once(DIR . '/includes/functions_user.php');
if ($this->attachmentinfo['contentid'] == 0)
{
// there may be a condition where certain moderators could benefit by seeing these, I just don't know of any conditions at present
if ($this->registry->userinfo['userid'] != $this->attachmentinfo['userid'])
{
return false;
}
}
else if (
!$this->attachmentinfo['albumid']
OR
$this->attachmentinfo['albumuserid'] != $this->attachmentinfo['userid']
OR
(
$this->attachmentinfo['state'] == 'moderation'
AND
$this->attachmentinfo['userid'] != $this->registry->userinfo['userid']
AND
!can_moderate(0, 'canmoderatepictures')
AND
!can_moderate(0, 'caneditalbumpicture')
)
OR
(
$this->attachmentinfo['privacy_requirement']
AND
fetch_user_relationship($this->attachmentinfo['userid'], $this->registry->userinfo['userid']) < $this->attachmentinfo['privacy_requirement']
)
OR
(
$this->attachmentinfo['albumstate'] != 'profile'
AND
!($this->registry->userinfo['permissions']['albumpermissions'] & $this->registry->bf_ugp_albumpermissions['canviewalbum'])
)
OR
(
$this->attachmentinfo['albumstate'] == 'private'
AND
!can_view_private_albums($this->attachmentinfo['userid'])
)
)
{
// echo clear.gif, not permissions error. This may only be needed for 'albumstate' == 'profile'
return 0;
}
return true;
}
}
($hook = vBulletinHook::fetch_hook('picture_imageinfo')) ? eval($hook) : false;
$have_image = $imageinfo ? true : false;
if ($have_image and $imageinfo['state'] == 'moderation' and !can_moderate(0, 'canmoderatepictures') and $imageinfo['userid'] != $vbulletin->userinfo['userid'] and !can_moderate(0, 'caneditalbumpicture')) {
$have_image = false;
}
if ($have_image) {
if ($vbulletin->options['album_dataloc'] == 'db') {
$have_image = strlen($imageinfo['filedata']) > 0;
} else {
$have_image = file_exists(fetch_picture_fs_path($imageinfo, $vbulletin->GPC['thumb']));
}
}
if ($have_image) {
if ($vbulletin->GPC['albumid'] and $imageinfo['privacy_requirement']) {
if (fetch_user_relationship($imageinfo['userid'], $vbulletin->userinfo['userid']) < $imageinfo['privacy_requirement']) {
$have_image = false;
}
}
if ($imageinfo['albumstate'] != 'profile' and !($vbulletin->userinfo['permissions']['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['canviewalbum'])) {
// user's w/o viewing permission can only view profile category pictures directly
$have_image = false;
}
if ($imageinfo['albumstate'] == 'private') {
if (!can_view_private_albums($imageinfo['userid'])) {
// private album we can't see
$have_image = false;
}
}
}
($hook = vBulletinHook::fetch_hook('picture_haveimage')) ? eval($hook) : false;
/**
* vBForum_Search_Result_VisitorMessage::can_search()
*
* @param mixed $user: the id of the user requesting access
* @return bool true
*/
public function can_search($user)
{
global $vbulletin;
require_once DIR . '/includes/functions_visitormessage.php';
require_once DIR . '/includes/functions_user.php';
//if visitor messages are turned off don't display anything.
if (!($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_visitor_messaging'])) {
return false;
}
//if the user can't view member profiles at all, they can't see visitor messages.
if (!$user->hasPermission('genericpermissions', 'canviewmembers')) {
return false;
}
//do we have permissions to view this visitor message based on our permissions.
if (!fetch_visitor_message_perm('canviewvisitormessages', $this->message, $this->message)) {
//We have a function fetch_visitor_message_perm in functions_visitormessage
// that tells whether we can see this message. It needs
// $perm, &$userinfo, $message. $perm is 'canviewvisitormessages',
// $userinfo is $vbulletin->userinfo, and $message is an array which,
// as far as I can see, must have state and postuserid. The comment
// says it's the result of a call to fetch_messageinfo(), but we don't have
// any such function.
//So.. if we just pass $message twice, we have all the necessary parameters.
return false;
}
//If this is a message on the current user's profile or the current user is a mod we can skip some checks.
if (!($this->message['userid'] == $user->getField('userid') or can_moderate(0, 'canmoderatevisitormessages'))) {
//if the user has disabled their visitor messages then don't show them.
//this is under the main user options rather than the profile privacy
if (!($this->message['useroptions'] & $vbulletin->bf_misc_useroptions['vm_enable'])) {
return false;
}
}
//do we have permissions to view this user's visitor messages based on privacy settings.
//do this last because it's the most likely to result in an extra query.
$relationship_level = fetch_user_relationship($this->message['userid'], $user->getField('userid'));
if ($relationship_level < $this->message['requirement']) {
return false;
}
//for some reason, in addition to the permission settings under "profile privacy" there is an option to
//limit visitor messages to "contacts only" in the main user option settings. The level for "contact" is
//2 -- anything higher than that should be considered a contact.
if ($this->message['useroptions'] & $vbulletin->bf_misc_useroptions['vm_contactonly'] and $relationship_level < 2) {
return false;
}
return true;
}