/** * Fetches proper ajax query depending on post from a single user's messages or from a wall to wall page * * @param array Userinfo of user that this is being posted to * @param string Source Page * @param int The comment that was made during this ajax call * @param array Userinfo of the other user of the wall to wall view * * @return string */ function fetch_vm_ajax_query($userinfo, $vmid, $type = 'wall', $userinfo2 = null) { global $vbulletin; $hook_query_fields = $hook_query_joins = $hook_query_where = ''; $hook_query_fields2 = $hook_query_joins2 = $hook_query_where2 = ''; ($hook = vBulletinHook::fetch_hook('visitor_message_post_ajax')) ? eval($hook) : false; if ($type != 'wall') { $state = array('visible'); if (can_moderate(0, 'canmoderatevisitormessages') or $vbulletin->userinfo['userid'] == $userinfo['userid']) { $state[] = 'moderation'; } if (can_moderate(0, 'canmoderatevisitormessages') or $vbulletin->userinfo['userid'] == $userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile']) { $state[] = 'deleted'; $deljoinsql = "LEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON (visitormessage.vmid = deletionlog.primaryid AND deletionlog.type = 'visitormessage')"; } else { $deljoinsql = ''; } $state_or = array("visitormessage.state IN ('" . implode("','", $state) . "')"); // Get the viewing user's moderated posts if ($vbulletin->userinfo['userid'] and !can_moderate(0, 'canmoderatevisitormessages') and $vbulletin->userinfo['userid'] != $userinfo['userid']) { $state_or[] = "(visitormessage.postuserid = " . $vbulletin->userinfo['userid'] . " AND state = 'moderation')"; } $sql = "\n\t\t\tSELECT\n\t\t\t\tvisitormessage.*, user.*, visitormessage.ipaddress AS messageipaddress, visitormessage.userid AS profileuserid\n\t\t\t\t" . ($vbulletin->userinfo['userid'] ? ",IF(userlist.userid IS NOT NULL, 1, 0) AS bbuser_iscontact_of_user" : "") . "\n\t\t\t\t" . ($deljoinsql ? ",deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason" : "") . "\n\t\t\t\t" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight, customavatar.width_thumb AS avwidth_thumb, customavatar.height_thumb AS avheight_thumb, customavatar.filedata_thumb" : "") . "\n\t\t\t\t{$hook_query_fields}\n\t\t\tFROM " . TABLE_PREFIX . "visitormessage AS visitormessage\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (visitormessage.postuserid = user.userid)\n\t\t\t" . ($vbulletin->userinfo['userid'] ? "LEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON (userlist.userid = user.userid AND userlist.type = 'buddy' AND userlist.relationid = " . $vbulletin->userinfo['userid'] . ")" : "") . "\n\t\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\t{$deljoinsql}\n\t\t\t{$hook_query_joins}\n\t\t\tWHERE visitormessage.userid = {$userinfo['userid']}\n\t\t\t\tAND (" . implode(" OR ", $state_or) . ")\n\t\t\t\tAND " . (($lastviewed = $vbulletin->GPC['lastcomment']) ? "(visitormessage.dateline > {$lastviewed} OR visitormessage.vmid = {$vmid})" : "visitormessage.vmid = {$vmid}") . "\n\t\t\t\t{$hook_query_where}\n\t\t\tORDER BY visitormessage.dateline ASC\n\t\t"; } else { $sql1 = $sql2 = array(); $state1 = array('visible'); if ($viewself or fetch_visitor_message_perm('canmoderatevisitormessages', $userinfo)) { $state1[] = 'moderation'; } if (can_moderate(0, 'canmoderatevisitormessages')) { $state1[] = 'deleted'; $delsql1 = ",deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason"; $deljoinsql1 = "LEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON (visitormessage.vmid = deletionlog.primaryid AND deletionlog.type = 'visitormessage')"; } else { if ($deljoinsql2) { $delsql1 = ",0 AS del_userid, '' AS del_username, '' AS del_reason"; } } $sql1[] = "visitormessage.userid = {$userinfo['userid']}"; $sql1[] = "visitormessage.postuserid = {$userinfo2['userid']}"; $sql1[] = "visitormessage.state IN ('" . implode("','", $state1) . "')"; $sql1[] = "(visitormessage.dateline > " . $vbulletin->GPC['lastcomment'] . " OR visitormessage.vmid = {$vmid})"; $state2 = array('visible'); if (fetch_visitor_message_perm('canmoderatevisitormessages', $userinfo2)) { $state2[] = 'moderation'; } if (can_moderate(0, 'canmoderatevisitormessages') or $viewself and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile']) { $state2[] = 'deleted'; $deljoinsql2 = "LEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON (visitormessage.vmid = deletionlog.primaryid AND deletionlog.type = 'visitormessage')"; } else { $deljoinsql2 = ''; } $sql2[] = "visitormessage.userid = {$userinfo2['userid']}"; $sql2[] = "visitormessage.postuserid = {$userinfo['userid']}"; $sql2[] = "visitormessage.state IN ('" . implode("','", $state2) . "')"; $sql2[] = "visitormessage.dateline > " . $vbulletin->GPC['lastcomment']; $sql = "\n\t\t\t(\n\t\t\t\tSELECT\n\t\t\t\t\tvisitormessage.*, visitormessage.dateline AS pmdateline, user.*, visitormessage.ipaddress AS messageipaddress, visitormessage.userid AS profileuserid\n\t\t\t\t\t{$delsql1}\n\t\t\t\t\t" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "\n\t\t\t\t\t{$hook_query_fields}\n\t\t\t\tFROM " . TABLE_PREFIX . "visitormessage AS visitormessage\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (visitormessage.postuserid = user.userid)\n\t\t\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\t\t{$deljoinsql1}\n\t\t\t\t{$hook_query_joins}\n\t\t\t\tWHERE " . implode(" AND ", $sql1) . "\n\t\t\t\t{$hook_query_where}\n\t\t\t)\n\t\t\tUNION\n\t\t\t(\n\t\t\t\tSELECT\n\t\t\t\t\tvisitormessage.*, visitormessage.dateline AS pmdateline, user.*, visitormessage.ipaddress AS messageipaddress, visitormessage.userid AS profileuserid\n\t\t\t\t\t" . ($deljoinsql2 ? ",deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason" : "") . "\n\t\t\t\t\t" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "\n\t\t\t\t\t{$hook_query_fields2}\n\t\t\t\tFROM " . TABLE_PREFIX . "visitormessage AS visitormessage\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (visitormessage.postuserid = user.userid)\n\t\t\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\t\t{$deljoinsql2}\n\t\t\t\t{$hook_query_joins2}\n\t\t\t\tWHERE " . implode(" AND ", $sql2) . "\n\t\t\t\t{$hook_query_where2}\n\t\t\t)\n\t\t\tORDER BY pmdateline ASC\n\t\t\t"; } return $sql; }
$reportobj->set_extrainfo('user', $userinfo); $perform_floodcheck = $reportobj->need_floodcheck(); if ($perform_floodcheck) { $reportobj->perform_floodcheck_precommit(); } if (!$messageinfo['vmid']) { eval(standard_error(fetch_error('invalidid', $vbphrase['message'], $vbulletin->options['contactuslink']))); } if ( ($messageinfo['state'] == 'moderation' AND !fetch_visitor_message_perm('canmoderatevisitormessages', $userinfo, $messageinfo) AND $messageinfo['postuserid'] != $vbulletin->userinfo['userid']) OR ($messageinfo['state'] == 'deleted' AND !fetch_visitor_message_perm('candeletevisitormessages', $userinfo, $messageinfo))) { eval(standard_error(fetch_error('invalidid', $vbphrase['message'], $vbulletin->options['contactuslink']))); } ($hook = vBulletinHook::fetch_hook('report_start')) ? eval($hook) : false; if ($_REQUEST['do'] == 'report') { // draw nav bar $navbits = array(); $navbits[fetch_seo_url('member', $userinfo)] = $userinfo['username']; $navbits[''] = $vbphrase['report_bad_visitor_message']; $navbits = construct_navbits($navbits); $usernamecode = vB_Template::create('newpost_usernamecode')->render();
} if (can_moderate(0, 'candeletevisitormessages')) { foreach ($messagearray as $message) { log_moderator_action($message, $physicaldel ? 'vm_by_x_for_y_removed' : 'vm_by_x_for_y_soft_deleted', array($message['postusername'], $message['profile_username'])); } } // empty cookie setcookie('vbulletin_inlinevmessage', '', TIMENOW - 3600, '/'); ($hook = vBulletinHook::fetch_hook('member_inlinemod_dodelete')) ? eval($hook) : false; eval(print_standard_redirect('redirect_inline_deletedmessages', true, $forceredirect)); } if ($_POST['do'] == 'inlineundelete') { // Validate Messages $messages = $db->query_read_slave("\r\n\t\tSELECT visitormessage.vmid, visitormessage.state, visitormessage.userid, visitormessage.dateline,\r\n\t\t\tvisitormessage.postuserid, visitormessage.postusername,\r\n\t\t\tuser.username AS profile_username\r\n\t\tFROM " . TABLE_PREFIX . "visitormessage AS visitormessage\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (visitormessage.userid = user.userid)\r\n\t\tWHERE vmid IN ({$messageids})\r\n\t\t\tAND visitormessage.state = 'deleted'\r\n\t"); while ($message = $db->fetch_array($messages)) { if (!fetch_visitor_message_perm('canundeletevisitormessages', $userinfo, $message)) { standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_messages')); } $messagearray["{$message['vmid']}"] = $message; $userlist["{$message['userid']}"] = true; } if (empty($messagearray)) { standard_error(fetch_error('you_did_not_select_any_valid_messages')); } $db->query_write("\r\n\t\tDELETE FROM " . TABLE_PREFIX . "deletionlog\r\n\t\tWHERE type = 'visitormessage' AND\r\n\t\t\tprimaryid IN(" . implode(',', array_keys($messagearray)) . ")\r\n\t"); $db->query_write("\r\n\t\tUPDATE " . TABLE_PREFIX . "visitormessage\r\n\t\tSET state = 'visible'\r\n\t\tWHERE vmid IN(" . implode(',', array_keys($messagearray)) . ")\r\n\t"); foreach (array_keys($userlist) as $userid) { build_visitor_message_counters($userid); } if (can_moderate(0, 'candeletevisitormessages')) { foreach ($messagearray as $message) {
/** * Prepares the User's Visitor Message Statistics * * @param array The Latest Visitor Message */ function prepare_visitor_message_stats($vminfo) { global $vbphrase; if ((!isset($this->prepared['vm_total']) or !isset($this->prepared['lastvm_date']) or !isset($this->prepared['lastvm_time'])) and $this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_visitor_messaging'] and (!$this->userinfo['vm_contactonly'] or can_moderate(0, 'canmoderatevisitormessages') or $this->userinfo['userid'] == $this->registry->userinfo['userid'] or $this->userinfo['bbuser_iscontact_of_user']) and ($this->userinfo['vm_enable'] or can_moderate(0, 'canmoderatevisitormessages') and $this->registry->userinfo['userid'] != $this->userinfo['userid'])) { require_once DIR . '/includes/functions_visitormessage.php'; $state = array('visible'); if (fetch_visitor_message_perm('canmoderatevisitormessages', $this->userinfo)) { $state[] = 'moderation'; } if (can_moderate(0, 'canmoderatevisitormessages') or $this->registry->userinfo['userid'] == $this->userinfo['userid'] and $this->registry->userinfo['permissions']['visitormessagepermissions'] & $this->registry->bf_ugp_visitormessagepermissions['canmanageownprofile']) { $state[] = 'deleted'; $deljoinsql = "LEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON (visitormessage.vmid = deletionlog.primaryid AND deletionlog.type = 'visitormessage')"; } else { $deljoinsql = ''; } $state_or = array("visitormessage.state IN ('" . implode("','", $state) . "')"); if (!fetch_visitor_message_perm('canmoderatevisitormessages', $this->userinfo)) { $state_or[] = "(visitormessage.postuserid = " . $this->registry->userinfo['userid'] . " AND state = 'moderation')"; } $coventry = ''; if ($this->registry->options['globalignore'] != '') { if (!can_moderate(0, 'candeletevisitormessages') and !can_moderate(0, 'canremovevisitormessages')) { require_once DIR . '/includes/functions_bigthree.php'; $coventry = fetch_coventry('string'); } } if (empty($vminfo)) { $vminfo = $this->registry->db->query_first("\n\t\t\t\t\tSELECT COUNT(*) AS messages, MAX(visitormessage.dateline) AS dateline\n\t\t\t\t\tFROM " . TABLE_PREFIX . "visitormessage AS visitormessage\n\t\t\t\t\t{$deljoinsql}\n\t\t\t\t\tWHERE visitormessage.userid = " . $this->prepared['userid'] . "\n\t\t\t\t\t\tAND (" . implode(" OR ", $state_or) . ")\n\t\t\t\t\t" . ($coventry ? "AND visitormessage.postuserid NOT IN (" . $coventry . ")" : '') . "\n\t\t\t\t"); } $this->prepared['vm_total'] = intval($vminfo['messages']); if ($vminfo['dateline']) { $this->prepared['lastvm_time'] = vbdate($this->registry->options['timeformat'], $vminfo['dateline'], true); $this->prepared['lastvm_date'] = vbdate($this->registry->options['dateformat'], $vminfo['dateline'], true); } else { $this->prepared['lastvm_date'] = $vbphrase['never']; $this->prepared['lastvm_time'] = ''; } } }
} $reportthread = ($rpforumid = $vbulletin->options['rpforumid'] and $rpforuminfo = fetch_foruminfo($rpforumid)); $reportemail = ($vbulletin->options['enableemail'] and $vbulletin->options['rpemail']); if (!$reportthread and !$reportemail) { eval(standard_error(fetch_error('emaildisabled'))); } $reportobj = new vB_ReportItem_VisitorMessage($vbulletin); $reportobj->set_extrainfo('user', $userinfo); $perform_floodcheck = $reportobj->need_floodcheck(); if ($perform_floodcheck) { $reportobj->perform_floodcheck_precommit(); } if (!$messageinfo['vmid']) { eval(standard_error(fetch_error('invalidid', $vbphrase['message'], $vbulletin->options['contactuslink']))); } if ($messageinfo['state'] == 'moderation' and !fetch_visitor_message_perm('canmoderatevisitormessages', $userinfo, $messageinfo) and $messageinfo['postuserid'] != $vbulletin->userinfo['userid'] or $messageinfo['state'] == 'deleted' and !fetch_visitor_message_perm('candeletevisitormessages', $userinfo, $messageinfo)) { eval(standard_error(fetch_error('invalidid', $vbphrase['message'], $vbulletin->options['contactuslink']))); } ($hook = vBulletinHook::fetch_hook('report_start')) ? eval($hook) : false; if ($_REQUEST['do'] == 'report') { // draw nav bar $navbits = array(); $navbits['member.php?' . $vbulletin->session->vars['sessionurl'] . "u={$userinfo['userid']}"] = $userinfo['username']; $navbits[''] = $vbphrase['report_bad_visitor_message']; $navbits = construct_navbits($navbits); require_once DIR . '/includes/functions_editor.php'; $textareacols = fetch_textarea_width(); eval('$usernamecode = "' . fetch_template('newpost_usernamecode') . '";'); eval('$navbar = "' . fetch_template('navbar') . '";'); $url =& $vbulletin->url; ($hook = vBulletinHook::fetch_hook('report_form_start')) ? eval($hook) : false;
/** * Sets up different display variables for the Visitor Message * */ function process_display() { global $show, $vbphrase; $show['converse'] = false; if ($this->converse) { if ($this->userinfo['userid'] == $this->registry->userinfo['userid']) { // viewing our own profile if ($this->message['postuserid'] AND $this->message['postuserid'] != $this->userinfo['userid']) { $show['converse'] = true; $this->message['hostuserid'] = $this->message['postuserid']; $this->message['guestuserid'] = $this->userinfo['userid']; $this->message['converse_description_phrase'] = construct_phrase($vbphrase['view_your_conversation_with_x'], $this->message['username']); } } else if ($this->message['postuserid'] AND $this->message['postuserid'] != $this->userinfo['userid']) { // Not our profile! $show['converse'] = true; $this->message['hostuserid'] = $this->userinfo['userid']; $this->message['guestuserid'] = $this->message['postuserid']; if ($this->message['postuserid'] == $this->registry->userinfo['userid']) { // viewing your own message on someone else's profile $this->message['converse_description_phrase'] = construct_phrase($vbphrase['view_your_conversation_with_x'], $this->userinfo['username']); } else { // viewing user[x]'s message on user[y]'s profile $this->message['converse_description_phrase'] = construct_phrase($vbphrase['view_conversation_between_x_and_y'], $this->userinfo['username'], $this->message['username']); } } } if ($show['conversepage']) { if ($this->message['profileuserid'] == $this->registry->userinfo['userid']) { $this->message['hostuserid'] = $this->message['postuserid']; $this->message['guestuserid'] = $this->message['profileuserid']; } else { $this->message['hostuserid'] = $this->message['profileuserid']; $this->message['guestuserid'] = $this->message['postuserid']; } } $show['edit'] = fetch_visitor_message_perm('caneditvisitormessages', $this->userinfo, $this->message); $show['moderation'] = ($this->message['state'] == 'moderation'); // Set up special situation where we show the inline mod box for posts on our profile when those posts are combined with our posts on another user's profile. $userinfo = $this->userinfo; $message = $this->message; if (!$this->converse) { if ($this->userinfo['userid'] != $this->registry->userinfo['userid'] OR $this->message['postuserid'] == $this->userinfo['userid']) { // This forces the inlinemod checks below to only use the moderator permissions $userinfo = null; $message = null; } } $show['inlinemod'] = ( fetch_visitor_message_perm('canmoderatevisitormessages', $userinfo, $message) OR fetch_visitor_message_perm('canundeletevisitormessages', $userinfo, $message) OR ( ( $userinfo['userid'] == $this->registry->userinfo['userid'] AND $this->registry->userinfo['permissions']['visitormessagepermissions'] & $this->registry->bf_ugp_visitormessagepermissions['canmanageownprofile'] AND $this->message['state'] != 'deleted' ) OR can_moderate(0, 'candeletevisitormessages') OR can_moderate(0, 'canremovevisitormessages') ) ); }
/** * Prepare any data needed for the output * * @param string The id of the block * @param array Options specific to the block */ function prepare_output($id = '', $options = array()) { global $show, $vbphrase, $messagearea, $vBeditTemplate; require_once DIR . '/includes/functions_visitormessage.php'; require_once DIR . '/includes/class_bbcode.php'; require_once DIR . '/includes/class_visitormessage.php'; if (is_array($options)) { $options = array_merge($this->option_defaults, $options); } else { $options = $this->option_defaults; } if ($options['vmid']) { $messageinfo = verify_visitormessage($options['vmid'], false); } $state = array('visible'); if (fetch_visitor_message_perm('canmoderatevisitormessages', $this->profile->userinfo)) { $state[] = 'moderation'; } if (can_moderate(0, 'canmoderatevisitormessages') or $this->registry->userinfo['userid'] == $this->profile->userinfo['userid'] and $this->registry->userinfo['permissions']['visitormessagepermissions'] & $this->registry->bf_ugp_visitormessagepermissions['canmanageownprofile']) { $state[] = 'deleted'; $deljoinsql = "LEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON (visitormessage.vmid = deletionlog.primaryid AND deletionlog.type = 'visitormessage')"; } else { $deljoinsql = ''; } $state_or = array("visitormessage.state IN ('" . implode("','", $state) . "')"); // Get the viewing user's moderated posts if ($this->registry->userinfo['userid'] and !fetch_visitor_message_perm('canmoderatevisitormessages', $this->profile->userinfo)) { $state_or[] = "(visitormessage.postuserid = " . $this->registry->userinfo['userid'] . " AND state = 'moderation')"; } $perpage = (!$options['perpage'] or $options['perpage'] > $this->registry->options['vm_maxperpage']) ? $this->registry->options['vm_perpage'] : $options['perpage']; if ($messageinfo['vmid']) { $getpagenum = $this->registry->db->query_first("\n\t\t\t\tSELECT COUNT(*) AS comments\n\t\t\t\tFROM " . TABLE_PREFIX . "visitormessage AS visitormessage\n\t\t\t\tWHERE userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\t\tAND (" . implode(" OR ", $state_or) . ")\n\t\t\t\t\tAND dateline >= {$messageinfo['dateline']}\n\t\t\t"); $options['pagenumber'] = ceil($getpagenum['comments'] / $perpage); } $pagenumber = $options['pagenumber']; do { if (!$pagenumber or $options['tab'] != $id and $options['tab'] != '') { $pagenumber = 1; } $start = ($pagenumber - 1) * $perpage; $hook_query_fields = $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook('member_profileblock_visitormessage_query')) ? eval($hook) : false; if ($this->registry->options['globalignore'] != '') { if (!can_moderate(0, 'candeletevisitormessages') and !can_moderate(0, 'canremovevisitormessages')) { require_once DIR . '/includes/functions_bigthree.php'; $coventry = fetch_coventry('string'); } } $messagebits = ''; $messages = $this->registry->db->query_read("\n\t\t\t\tSELECT " . (!isset($this->profile->prepared['vm_total']) ? "SQL_CALC_FOUND_ROWS" : "") . "\n\t\t\t\t\tvisitormessage.*, user.*, visitormessage.ipaddress AS messageipaddress\n\t\t\t\t\t" . ($this->registry->userinfo['userid'] ? ",IF(userlist.userid IS NOT NULL, 1, 0) AS bbuser_iscontact_of_user" : "") . "\n\t\t\t\t\t" . ($deljoinsql ? ",deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason" : "") . "\n\t\t\t\t\t" . ($this->registry->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight, customavatar.width_thumb AS avwidth_thumb, customavatar.height_thumb AS avheight_thumb, filedata_thumb, NOT ISNULL(customavatar.userid) AS hascustom" : "") . "\n\t\t\t\t\t{$hook_query_fields}\n\t\t\t\tFROM " . TABLE_PREFIX . "visitormessage AS visitormessage\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (visitormessage.postuserid = user.userid)\n\t\t\t\t" . ($this->registry->userinfo['userid'] ? "LEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON (userlist.userid = user.userid AND userlist.type = 'buddy' AND userlist.relationid = " . $this->registry->userinfo['userid'] . ")" : "") . "\n\t\t\t\t" . ($this->registry->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\t\t{$deljoinsql}\n\t\t\t\t{$hook_query_joins}\n\t\t\t\tWHERE visitormessage.userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\t\tAND (" . implode(" OR ", $state_or) . ")\n\t\t\t\t" . ($coventry ? "AND visitormessage.postuserid NOT IN (" . $coventry . ")" : '') . "\n\t\t\t\t\t{$hook_query_where}\n\t\t\t\tORDER BY visitormessage.dateline DESC\n\t\t\t\tLIMIT {$start}, {$perpage}\n\t\t\t"); if (!isset($this->profile->prepared['vm_total'])) { list($messagetotal) = $this->registry->db->query_first("SELECT FOUND_ROWS()", DBARRAY_NUM); } else { $messagetotal = $this->profile->prepared['vm_total']; } if ($start >= $messagetotal) { $pagenumber = ceil($messagetotal / $perpage); } } while ($start >= $messagetotal and $messagetotal); $this->block_data['messagestart'] = $start + 1; $this->block_data['messageend'] = min($start + $perpage, $messagetotal); $bbcode = new vB_BbCodeParser($this->registry, fetch_tag_list()); $factory = new vB_Visitor_MessageFactory($this->registry, $bbcode, $this->profile->userinfo); $messagebits = ''; if ($this->registry->userinfo['userid'] and empty($options['showignored'])) { $ignorelist = preg_split('/( )+/', trim($this->registry->userinfo['ignorelist']), -1, PREG_SPLIT_NO_EMPTY); } else { $ignorelist = array(); } $firstrecord = array(); $read_ids = array(); while ($message = $this->registry->db->fetch_array($messages)) { // Process user.options $message = array_merge($message, convert_bits_to_array($message['options'], $this->registry->bf_misc_useroptions)); if (!$firstrecord) { $firstrecord = $message; } if ($ignorelist and in_array($message['postuserid'], $ignorelist)) { $message['ignored'] = true; } if (empty($options['showignored']) and in_coventry($message['postuserid'])) { $message['ignored'] = true; } $response_handler =& $factory->create($message); $response_handler->converse = true; if (!$message['vm_enable'] and (!can_moderate(0, 'canmoderatevisitormessages') or $this->registry->userinfo['userid'] == $message['postuserid']) or $message['vm_contactonly'] and !can_moderate(0, 'canmoderatevisitormessages') and $message['postuserid'] != $this->registry->userinfo['userid'] and !$message['bbuser_iscontact_of_user']) { $response_handler->converse = false; } $response_handler->cachable = false; $messagebits .= $response_handler->construct(); if (!$message['messageread'] and $message['state'] == 'visible') { $read_ids[] = $message['vmid']; } $lastcomment = !$lastcomment ? $message['dateline'] : $lastcomment; } $readvms = 0; // If it's our profile and the visible or default tab then we hope they've read it // if ($this->profile->userinfo['userid'] == $this->registry->userinfo['userid'] AND ($options['tab'] == $id OR $options['tab'] == '') AND !empty($read_ids)) if ($this->profile->userinfo['userid'] == $this->registry->userinfo['userid']) { if (!empty($read_ids)) { $readvms = sizeof($read_ids); $this->registry->db->query_write("UPDATE " . TABLE_PREFIX . "visitormessage SET messageread = 1 WHERE vmid IN (" . implode(',', $read_ids) . ")"); } if ($this->profile->userinfo['vmunreadcount'] - $readvms > 0 and $this->registry->options['globalignore'] != '') { // We still have unread VMs somewhere, and Tachy is enabled build_visitor_message_counters($this->profile->userinfo['userid']); } else { if ($readvms) { // This is more than likely on the second page $this->registry->db->query_write("\n\t\t\t\t\tUPDATE " . TABLE_PREFIX . "user\n\t\t\t\t\tSET vmunreadcount = IF(vmunreadcount >= {$readvms}, vmunreadcount - {$readvms}, 0)\n\t\t\t\t\tWHERE userid = " . $this->registry->userinfo['userid']); } } } if ($pagenumber == 1 and (!isset($this->profile->prepared['vm_total']) or !isset($this->profile->prepared['lastvm_time']) or !isset($this->profile->prepared['lastvm_date']))) { $pminfo = array('dateline' => $firstrecord['dateline'], 'messages' => $messagetotal); } else { $pminfo = null; } $this->profile->prepare('vm_total', $pminfo); $this->block_data['messagebits'] = $messagebits; $this->block_data['lastcomment'] = $lastcomment; $show['delete'] = fetch_visitor_message_perm('candeletevisitormessages', $this->profile->userinfo); $show['undelete'] = fetch_visitor_message_perm('canundeletevisitormessages', $this->profile->userinfo); $show['approve'] = fetch_visitor_message_perm('canmoderatevisitormessages', $this->profile->userinfo); $show['inlinemod'] = ($show['delete'] or $show['undelete'] or $show['approve']); // Only allow AJAX QC on the first page $show['quickcomment'] = $show['post_visitor_message']; $show['allow_ajax_qc'] = ($pagenumber == 1 and $messagetotal) ? 1 : 0; $pageinfo = array('tab' => $id); if ($options['perpage'] != $this->registry->options['vm_perpage']) { $pageindo['pp'] = $options['perpage']; } if (!empty($options['showignored'])) { $pageinfo['showignored'] = 1; } $this->block_data['pagenav'] = construct_page_nav($pagenumber, $perpage, $messagetotal, '', '', $id, 'member', $this->profile->userinfo, $pageinfo); $this->block_data['messagetotal'] = $messagetotal; $show['view_conversation'] = (!$this->profile->prepared['myprofile'] and THIS_SCRIPT != 'converse' and $this->registry->userinfo['vm_enable']); if ($show['quickcomment']) { require_once DIR . '/includes/functions_editor.php'; $this->block_data['editorid'] = construct_edit_toolbar('', false, 'visitormessage', $this->registry->options['allowsmilies'], true, false, 'qr_small', '', array(), 'content', 'vBForum_VisitorMessage', 0, $this->profile->userinfo['userid']); $this->block_data['messagearea'] = $messagearea; $this->block_data['clientscript'] = $vBeditTemplate['clientscript']; } }
$response_handler->cachable = false; $block_data['messagebits'] .= $response_handler->construct(); if ($show['inlinemod']) { $have_inlinemod = true; } $block_data['lastcomment'] = !$block_data['lastcomment'] ? $message['dateline'] : $block_data['lastcomment']; } // our profile and ids that need read if (!empty($read_ids)) { $db->query_write("UPDATE " . TABLE_PREFIX . "visitormessage SET messageread = 1 WHERE vmid IN (" . implode(',', $read_ids) . ")"); build_visitor_message_counters($vbulletin->userinfo['userid']); } $dummydata = array(); $show['delete'] = ($have_inlinemod and fetch_visitor_message_perm('candeletevisitormessages', $userinfo2)); $show['undelete'] = ($have_inlinemod and fetch_visitor_message_perm('canundeletevisitormessages', $userinfo2)); $show['approve'] = ($have_inlinemod and fetch_visitor_message_perm('canmoderatevisitormessages', $userinfo2)); $show['inlinemod'] = ($show['delete'] or $show['undelete'] or $show['approve']); // Only allow AJAX QC on the first page $show['quickcomment'] = ($vbulletin->userinfo['userid'] and $viewself and $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_visitor_messaging'] and $userinfo['vm_enable'] and $userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canviewmembers'] and (!$userinfo['vm_contactonly'] or $userinfo['userid'] == $vbulletin->userinfo['userid'] or $userinfo['bbuser_iscontact_of_user'] or can_moderate(0, 'canmoderatevisitormessages')) and ($userinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmessageownprofile'] or $userinfo['userid'] != $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmessageothersprofile'])); $show['post_visitor_message'] = $show['quickcomment']; $show['allow_ajax_qc'] = ($pagenumber == 1 and $messagetotal) ? 1 : 0; $pagenavbits = array("u={$userinfo['userid']}", "u2={$userinfo2['userid']}"); if ($perpage != $vbulletin->options['vm_perpage']) { $pagenavbits[] = "pp={$perpage}"; } if ($vbulletin->GPC['showignored']) { $pagenavbits[] = 'showignored=1'; } $pagenavurl = 'converse.php?' . $vbulletin->session->vars['sessionurl'] . implode('&', $pagenavbits); $block_data['pagenav'] = construct_page_nav($pagenumber, $perpage, $messagetotal, $pagenavurl, ''); if ($show['quickcomment']) {
protected function fetchCanViewVisitorMessage($vmid) { if (!($message = $this->content['visitormessage'][$vmid])) { return false; } if (!($userinfo = $this->content['user'][$message['userid']])) { return false; } if ($userinfo['usergroupid'] == 4 and !(vB::$vbulletin->userinfo['permissions']['adminpermissions'] & vB::$vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) { return false; } if ($userinfo['vm_contactonly'] and !can_moderate(0, 'canmoderatevisitormessages') and $userinfo['userid'] != vB::$vbulletin->userinfo['userid'] and !$userinfo['bbuser_iscontact_of_user'] or !$userinfo['vm_enable'] and (!can_moderate(0, 'canmoderatevisitormessages') or vB::$vbulletin->userinfo['userid'] == $userinfo['userid'])) { return false; } if (!$this->fetchCanViewMembers() or !(vB::$vbulletin->userinfo['forumpermissions'] & vB::$vbulletin->bf_ugp_forumpermissions['canview']) or !(vB::$vbulletin->options['socnet'] & vB::$vbulletin->bf_misc_socnet['enable_visitor_messaging'])) { return false; } if (!$this->content['user'][$message['userid']]) { return false; } if (!can_view_profile_section($message['userid'], 'visitor_messaging')) { return false; } require_once DIR . '/includes/functions_visitormessage.php'; if ($message['state'] == 'moderation' and !fetch_visitor_message_perm('canmoderatevisitormessages', $this->content['user'][$message['userid']], $message) and $message['postuserid'] != vB::$vbulletin->userinfo['userid']) { return false; } return true; }
/** * vBForum_Search_Result_VisitorMessage::can_search() * * @param mixed $user: the id of the user requesting access * @return bool true */ public function can_search($user) //We have a function fetch_visitor_message_perm in functions_visitormessage // that tells whether we can see this message. It needs // $perm, &$userinfo, $message. $perm is 'canviewvisitormessages', // $userinfo is $vbulletin->userinfo, and $message is an array which, // as far as I can see, must have state and postuserid. The comment // says it's the result of a call to fetch_messageinfo(), but we don't have // any such function. //So.. if we just pass $message twice, we have all the necessary parameters. { require_once( DIR . '/includes/functions_visitormessage.php'); return fetch_visitor_message_perm('canviewvisitormessages', $this->message, $this->message); }
/** * vBForum_Search_Result_VisitorMessage::can_search() * * @param mixed $user: the id of the user requesting access * @return bool true */ public function can_search($user) { global $vbulletin; require_once DIR . '/includes/functions_visitormessage.php'; require_once DIR . '/includes/functions_user.php'; //if visitor messages are turned off don't display anything. if (!($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_visitor_messaging'])) { return false; } //if the user can't view member profiles at all, they can't see visitor messages. if (!$user->hasPermission('genericpermissions', 'canviewmembers')) { return false; } //do we have permissions to view this visitor message based on our permissions. if (!fetch_visitor_message_perm('canviewvisitormessages', $this->message, $this->message)) { //We have a function fetch_visitor_message_perm in functions_visitormessage // that tells whether we can see this message. It needs // $perm, &$userinfo, $message. $perm is 'canviewvisitormessages', // $userinfo is $vbulletin->userinfo, and $message is an array which, // as far as I can see, must have state and postuserid. The comment // says it's the result of a call to fetch_messageinfo(), but we don't have // any such function. //So.. if we just pass $message twice, we have all the necessary parameters. return false; } //If this is a message on the current user's profile or the current user is a mod we can skip some checks. if (!($this->message['userid'] == $user->getField('userid') or can_moderate(0, 'canmoderatevisitormessages'))) { //if the user has disabled their visitor messages then don't show them. //this is under the main user options rather than the profile privacy if (!($this->message['useroptions'] & $vbulletin->bf_misc_useroptions['vm_enable'])) { return false; } } //do we have permissions to view this user's visitor messages based on privacy settings. //do this last because it's the most likely to result in an extra query. $relationship_level = fetch_user_relationship($this->message['userid'], $user->getField('userid')); if ($relationship_level < $this->message['requirement']) { return false; } //for some reason, in addition to the permission settings under "profile privacy" there is an option to //limit visitor messages to "contacts only" in the main user option settings. The level for "contact" is //2 -- anything higher than that should be considered a contact. if ($this->message['useroptions'] & $vbulletin->bf_misc_useroptions['vm_contactonly'] and $relationship_level < 2) { return false; } return true; }