function MessagePost2()
{
global $txt, $ID_MEMBER, $context, $sourcedir;
global $db_prefix, $user_info, $modSettings, $scripturl, $func;
isAllowedTo('pm_send');
require_once $sourcedir . '/Subs-Auth.php';
if (loadLanguage('PersonalMessage', '', false) === false) {
loadLanguage('InstantMessage');
}
// Extract out the spam settings - it saves database space!
list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']);
// Check whether we've gone over the limit of messages we can send per hour - fatal error if fails!
if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail'))) {
// How many messages have they sent this last hour?
$request = db_query("\n\t\t\tSELECT COUNT(pr.ID_PM) AS postCount\n\t\t\tFROM ({$db_prefix}personal_messages AS pm, {$db_prefix}pm_recipients AS pr)\n\t\t\tWHERE pm.ID_MEMBER_FROM = {$ID_MEMBER}\n\t\t\t\tAND pm.msgtime > " . (time() - 3600) . "\n\t\t\t\tAND pr.ID_PM = pm.ID_PM", __FILE__, __LINE__);
list($postCount) = mysql_fetch_row($request);
mysql_free_result($request);
if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) {
// Excempt moderators.
$request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}moderators\n\t\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}", __FILE__, __LINE__);
if (mysql_num_rows($request) == 0) {
fatal_error(sprintf($txt['pm_too_many_per_hour'], $modSettings['pm_posts_per_hour']));
}
mysql_free_result($request);
}
}
// Initialize the errors we're about to make.
$post_errors = array();
// If your session timed out, show an error, but do allow to re-submit.
if (checkSession('post', '', false) != '') {
$post_errors[] = 'session_timeout';
}
$_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
$_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : stripslashes($_POST['to']);
$_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : stripslashes($_POST['bcc']);
// Did they make any mistakes?
if ($_REQUEST['subject'] == '') {
$post_errors[] = 'no_subject';
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$post_errors[] = 'no_message';
} elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
}
if (empty($_REQUEST['to']) && empty($_REQUEST['bcc']) && empty($_REQUEST['u'])) {
$post_errors[] = 'no_to';
}
// Wrong verification code?
if (!$user_info['is_admin'] && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification'] && (empty($_REQUEST['visual_verification_code']) || strtoupper($_REQUEST['visual_verification_code']) !== $_SESSION['visual_verification_code'])) {
$post_errors[] = 'wrong_verification_code';
}
// If they did, give a chance to make ammends.
if (!empty($post_errors)) {
return messagePostError($post_errors, $func['htmlspecialchars']($_REQUEST['to']), $func['htmlspecialchars']($_REQUEST['bcc']));
}
// Want to take a second glance before you send?
if (isset($_REQUEST['preview'])) {
// Set everything up to be displayed.
$context['preview_subject'] = $func['htmlspecialchars'](stripslashes($_REQUEST['subject']));
$context['preview_message'] = $func['htmlspecialchars'](stripslashes($_REQUEST['message']), ENT_QUOTES);
preparsecode($context['preview_message'], true);
// Parse out the BBC if it is enabled.
$context['preview_message'] = parse_bbc($context['preview_message']);
// Censor, as always.
censorText($context['preview_subject']);
censorText($context['preview_message']);
// Set a descriptive title.
$context['page_title'] = $txt[507] . ' - ' . $context['preview_subject'];
// Pretend they messed up :P.
return messagePostError(array(), $func['htmlspecialchars']($_REQUEST['to']), $func['htmlspecialchars']($_REQUEST['bcc']));
}
// Protect from message spamming.
spamProtection('spam');
// Prevent double submission of this form.
checkSubmitOnce('check');
// Initialize member ID array.
$recipients = array('to' => array(), 'bcc' => array());
// Format the to and bcc members.
$input = array('to' => array(), 'bcc' => array());
if (empty($_REQUEST['u'])) {
// To who..?
if (!empty($_REQUEST['to'])) {
// We're going to take out the "s anyway ;).
$_REQUEST['to'] = strtr($_REQUEST['to'], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $_REQUEST['to'], $matches);
$input['to'] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['to']))));
}
// Your secret's safe with me!
if (!empty($_REQUEST['bcc'])) {
// We're going to take out the "s anyway ;).
$_REQUEST['bcc'] = strtr($_REQUEST['bcc'], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $_REQUEST['bcc'], $matches);
$input['bcc'] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['bcc']))));
}
foreach ($input as $rec_type => $rec) {
foreach ($rec as $index => $member) {
if (strlen(trim($member)) > 0) {
$input[$rec_type][$index] = $func['htmlspecialchars']($func['strtolower'](stripslashes(trim($member))));
} else {
unset($input[$rec_type][$index]);
}
}
}
// Find the requested members - bcc and to.
$foundMembers = findMembers(array_merge($input['to'], $input['bcc']));
// Store IDs of the members that were found.
foreach ($foundMembers as $member) {
// It's easier this way.
$member['name'] = strtr($member['name'], array(''' => '\''));
foreach ($input as $rec_type => $to_members) {
if (array_intersect(array($func['strtolower']($member['username']), $func['strtolower']($member['name']), $func['strtolower']($member['email'])), $to_members)) {
$recipients[$rec_type][] = $member['id'];
// Get rid of this username. The ones that remain were not found.
$input[$rec_type] = array_diff($input[$rec_type], array($func['strtolower']($member['username']), $func['strtolower']($member['name']), $func['strtolower']($member['email'])));
}
}
}
} else {
$_REQUEST['u'] = explode(',', $_REQUEST['u']);
foreach ($_REQUEST['u'] as $key => $uID) {
$_REQUEST['u'][$key] = (int) $uID;
}
$request = db_query("\n\t\t\tSELECT ID_MEMBER\n\t\t\tFROM {$db_prefix}members\n\t\t\tWHERE ID_MEMBER IN (" . implode(',', $_REQUEST['u']) . ")\n\t\t\tLIMIT " . count($_REQUEST['u']), __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($request)) {
$recipients['to'][] = $row['ID_MEMBER'];
}
mysql_free_result($request);
}
// Before we send the PM, let's make sure we don't have an abuse of numbers.
if (!empty($modSettings['max_pm_recipients']) && count($recipients['to']) + count($recipients['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) {
$context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])));
} else {
if (!empty($recipients['to']) || !empty($recipients['bcc'])) {
$context['send_log'] = sendpm($recipients, $_REQUEST['subject'], $_REQUEST['message'], !empty($_REQUEST['outbox']));
} else {
$context['send_log'] = array('sent' => array(), 'failed' => array());
}
}
// Add a log message for all recipients that were not found.
foreach ($input as $rec_type => $rec) {
// Either bad_to or bad_bcc.
if (!empty($rec) && !in_array('bad_' . $rec_type, $post_errors)) {
$post_errors[] = 'bad_' . $rec_type;
}
foreach ($rec as $i => $member) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $input[$rec_type][$i]);
}
}
// Mark the message as "replied to".
if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') {
db_query("\n\t\t\tUPDATE {$db_prefix}pm_recipients\n\t\t\tSET is_read = is_read | 2\n\t\t\tWHERE ID_PM = " . (int) $_REQUEST['replied_to'] . "\n\t\t\t\tAND ID_MEMBER = {$ID_MEMBER}\n\t\t\tLIMIT 1", __FILE__, __LINE__);
}
// If one or more of the recipient were invalid, go back to the post screen with the failed usernames.
if (!empty($context['send_log']['failed'])) {
return messagePostError($post_errors, empty($input['to']) ? '' : '"' . implode('", "', $input['to']) . '"', empty($input['bcc']) ? '' : '"' . implode('", "', $input['bcc']) . '"');
}
// Go back to the where they sent from, if possible...
redirectexit($context['current_label_redirect']);
}
function ComposeMailing()
{
global $txt, $sourcedir, $context, $smcFunc;
// Start by finding any members!
$toClean = array();
if (!empty($_POST['members'])) {
$toClean[] = 'members';
}
if (!empty($_POST['exclude_members'])) {
$toClean[] = 'exclude_members';
}
if (!empty($toClean)) {
require_once $sourcedir . '/Subs-Auth.php';
foreach ($toClean as $type) {
// Remove the quotes.
$_POST[$type] = strtr($_POST[$type], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $_POST[$type], $matches);
$_POST[$type] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST[$type]))));
foreach ($_POST[$type] as $index => $member) {
if (strlen(trim($member)) > 0) {
$_POST[$type][$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($member)));
} else {
unset($_POST[$type][$index]);
}
}
// Find the members
$_POST[$type] = implode(',', array_keys(findMembers($_POST[$type])));
}
}
if (isset($_POST['member_list']) && is_array($_POST['member_list'])) {
$members = array();
foreach ($_POST['member_list'] as $member_id) {
$members[] = (int) $member_id;
}
$_POST['members'] = implode(',', $members);
}
if (isset($_POST['exclude_member_list']) && is_array($_POST['exclude_member_list'])) {
$members = array();
foreach ($_POST['exclude_member_list'] as $member_id) {
$members[] = (int) $member_id;
}
$_POST['exclude_members'] = implode(',', $members);
}
// Clean the other vars.
SendMailing(true);
// We need a couple strings from the email template file
loadLanguage('EmailTemplates');
// Get a list of all full banned users. Use their Username and email to find them. Only get the ones that can't login to turn off notification.
$request = $smcFunc['db_query']('', '
SELECT DISTINCT mem.id_member
FROM {db_prefix}ban_groups AS bg
INNER JOIN {db_prefix}ban_items AS bi ON (bg.id_ban_group = bi.id_ban_group)
INNER JOIN {db_prefix}members AS mem ON (bi.id_member = mem.id_member)
WHERE (bg.cannot_access = {int:cannot_access} OR bg.cannot_login = {int:cannot_login})
AND (bg.expire_time IS NULL OR bg.expire_time > {int:current_time})', array('cannot_access' => 1, 'cannot_login' => 1, 'current_time' => time()));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['recipients']['exclude_members'][] = $row['id_member'];
}
$smcFunc['db_free_result']($request);
$request = $smcFunc['db_query']('', '
SELECT DISTINCT bi.email_address
FROM {db_prefix}ban_items AS bi
INNER JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group)
WHERE (bg.cannot_access = {int:cannot_access} OR bg.cannot_login = {int:cannot_login})
AND (COALESCE(bg.expire_time, 1=1) OR bg.expire_time > {int:current_time})
AND bi.email_address != {string:blank_string}', array('cannot_access' => 1, 'cannot_login' => 1, 'current_time' => time(), 'blank_string' => ''));
$condition_array = array();
$condition_array_params = array();
$count = 0;
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$condition_array[] = '{string:email_' . $count . '}';
$condition_array_params['email_' . $count++] = $row['email_address'];
}
if (!empty($condition_array)) {
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}members
WHERE email_address IN(' . implode(', ', $condition_array) . ')', $condition_array_params);
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['recipients']['exclude_members'][] = $row['id_member'];
}
}
// Did they select moderators - if so add them as specific members...
if (!empty($context['recipients']['groups']) && in_array(3, $context['recipients']['groups']) || !empty($context['recipients']['exclude_groups']) && in_array(3, $context['recipients']['exclude_groups'])) {
$request = $smcFunc['db_query']('', '
SELECT DISTINCT mem.id_member AS identifier
FROM {db_prefix}members AS mem
INNER JOIN {db_prefix}moderators AS mods ON (mods.id_member = mem.id_member)
WHERE mem.is_activated = {int:is_activated}', array('is_activated' => 1));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (in_array(3, $context['recipients'])) {
$context['recipients']['exclude_members'][] = $row['identifier'];
} else {
$context['recipients']['members'][] = $row['identifier'];
}
}
$smcFunc['db_free_result']($request);
}
// For progress bar!
$context['total_emails'] = count($context['recipients']['emails']);
$request = $smcFunc['db_query']('', '
SELECT MAX(id_member)
FROM {db_prefix}members', array());
list($context['max_id_member']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Clean up the arrays.
$context['recipients']['members'] = array_unique($context['recipients']['members']);
$context['recipients']['exclude_members'] = array_unique($context['recipients']['exclude_members']);
// Setup the template!
$context['page_title'] = $txt['admin_newsletters'];
$context['sub_template'] = 'email_members_compose';
$context['default_subject'] = htmlspecialchars($context['forum_name'] . ': ' . $txt['subject']);
$context['default_message'] = htmlspecialchars($txt['message'] . "\n\n" . $txt['regards_team'] . "\n\n" . '{$board_url}');
}
function shd_save_ticket()
{
global $txt, $modSettings, $sourcedir, $context, $scripturl;
global $user_info, $options, $smcFunc, $memberContext;
// Ticket's gotta have a subject
if (!isset($_POST['subject']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['subject'])) === '') {
$context['shd_errors'][] = 'no_subject';
$_POST['subject'] = '';
} else {
$_POST['subject'] = strtr($smcFunc['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
}
if (empty($context['ticket_id'])) {
// Are we inside a known department?
$dept = isset($_REQUEST['dept']) ? (int) $_REQUEST['dept'] : 0;
if (!$context['shd_multi_dept']) {
shd_is_allowed_to('shd_new_ticket', $context['shd_department']);
} else {
$newdept = isset($_REQUEST['newdept']) ? (int) $_REQUEST['newdept'] : $dept;
shd_is_allowed_to('shd_new_ticket', $newdept);
// But if they didn't specify a department, execution won't have ended here if they had the ability in at least one department.
if ($newdept == 0) {
$context['shd_errors'][] = 'no_dept';
}
}
// some healthy defaults
$context['ticket_id'] = 0;
$new_ticket = true;
$msg = 0;
$is_own = true;
$new_status = TICKET_STATUS_NEW;
$private = false;
$urgency = TICKET_URGENCY_LOW;
$assigned = array('id' => 0, 'name' => $txt['shd_unassigned'], 'link' => '<span class="error">' . $txt['shd_unassigned'] . '</span>');
$num_replies = 0;
} else {
// hmm, we're saving an update, let's get the existing ticket details and we can check permissions and stuff
$new_ticket = false;
$ticketinfo = shd_load_ticket();
$dept = $ticketinfo['dept'];
// S'pose we'd better check the permissions here
if (!shd_allowed_to('shd_edit_ticket_any', $dept) && (!shd_allowed_to('shd_edit_ticket_own', $dept) || !$ticketinfo['is_own'])) {
fatal_lang_error('cannot_shd_edit_ticket', false);
}
$msg = $ticketinfo['id_first_msg'];
$is_own = $ticketinfo['is_own'];
$private = $ticketinfo['private'];
$urgency = $ticketinfo['urgency'];
$new_status = $ticketinfo['status'];
$assigned = array('id' => $ticketinfo['assigned_id'], 'name' => !empty($ticketinfo['assigned_id']) ? $ticketinfo['assigned_name'] : $txt['shd_unassigned'], 'link' => !empty($ticketinfo['assigned_id']) ? shd_profile_link($ticketinfo['assigned_name'], $ticketinfo['assigned_id']) : '<span class="error">' . $txt['shd_unassigned'] . '</span>');
$num_replies = $ticketinfo['num_replies'];
}
$context['ticket_form'] = array('dept' => isset($newdept) ? $newdept : $dept, 'form_title' => $new_ticket ? $txt['shd_create_ticket'] : $txt['shd_edit_ticket'], 'form_action' => $scripturl . '?action=helpdesk;sa=saveticket', 'first_msg' => $new_ticket ? 0 : $ticketinfo['id_first_msg'], 'message' => $_POST['shd_message'], 'subject' => $_POST['subject'], 'ticket' => $context['ticket_id'], 'link' => $new_ticket ? '' : '<a href="' . $scripturl . '?action=helpdesk;sa=ticket;ticket=' . $context['ticket_id'] . '">' . $ticketinfo['subject'] . '</a>', 'msg' => $msg, 'display_id' => empty($context['ticket_id']) ? '' : str_pad($context['ticket_id'], $modSettings['shd_zerofill'], '0', STR_PAD_LEFT), 'status' => $new_status, 'private' => array('setting' => $private, 'can_change' => shd_allowed_to('shd_alter_privacy_any', $dept) || $is_own && shd_allowed_to('shd_alter_privacy_own', $dept), 'options' => array(0 => 'shd_ticket_notprivate', 1 => 'shd_ticket_private')), 'assigned' => $assigned, 'num_replies' => $num_replies, 'do_attach' => shd_allowed_to('shd_post_attachment', $dept), 'return_to_ticket' => isset($_REQUEST['goback']), 'disable_smileys' => !empty($_REQUEST['no_smileys']));
if (isset($newdept)) {
$context['ticket_form']['selecting_dept'] = true;
}
if (!empty($context['ticket_form']['selecting_dept'])) {
shd_get_postable_depts();
}
$context['can_solve'] = !$new_ticket && (shd_allowed_to('shd_resolve_ticket_any', $dept) || shd_allowed_to('shd_resolve_ticket_own', $dept) && $ticketinfo['starter_id'] == $user_info['id']);
$context['log_action'] = $new_ticket ? 'newticket' : 'editticket';
$context['log_params']['subject'] = $context['ticket_form']['subject'];
$context['can_post_proxy'] = $new_ticket && isset($_REQUEST['proxy']) && shd_allowed_to('shd_post_proxy', $dept);
if ($context['can_post_proxy'] && !empty($_REQUEST['proxy_author'])) {
// OK, so we have a name... do we know this person?
require_once $sourcedir . '/Subs-Auth.php';
$proxy_author = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($_REQUEST['proxy_author'])));
$_REQUEST['proxy_author'] = $smcFunc['htmlspecialchars'](trim($_REQUEST['proxy_author']));
if (!empty($_REQUEST['proxy_author'])) {
$member = findMembers($proxy_author);
if (!empty($member)) {
list($context['ticket_form']['proxy_id']) = array_keys($member);
$context['ticket_form']['proxy'] = $member[$context['ticket_form']['proxy_id']]['name'];
} else {
$context['ticket_form']['proxy'] = $_REQUEST['proxy_author'];
$context['shd_errors'][] = 'shd_proxy_unknown';
}
}
}
shd_posting_additional_options();
// Ticket privacy
if (empty($modSettings['shd_privacy_display']) || $modSettings['shd_privacy_display'] == 'smart') {
$context['display_private'] = shd_allowed_to('shd_view_ticket_private_any', $dept) || shd_allowed_to('shd_alter_privacy_own', $dept) || shd_allowed_to('shd_alter_privacy_any', $dept) || $context['ticket_form']['private']['setting'];
} else {
$context['display_private'] = true;
}
// Custom fields?
shd_load_custom_fields(true, $context['ticket_form']['ticket'], $context['ticket_form']['dept']);
list($missing_fields, $invalid_fields) = shd_validate_custom_fields('ticket', $context['ticket_form']['dept']);
$context['can_override_fields'] = shd_allowed_to('shd_override_cf', $context['ticket_form']['dept']);
$context['overriding_fields'] = $context['can_override_fields'] && isset($_POST['override_cf']);
// Did any custom fields fail validation?
if (!empty($invalid_fields)) {
$context['shd_errors'][] = 'invalid_fields';
$txt['error_invalid_fields'] = sprintf($txt['error_invalid_fields'], implode(', ', $invalid_fields));
}
// Any flat-out missing?
if (!empty($missing_fields) && !$context['overriding_fields']) {
$context['shd_errors'][] = 'missing_fields';
$txt['error_missing_fields'] = sprintf($txt['error_missing_fields'], implode(', ', $missing_fields));
}
if ($context['can_override_fields'] && !empty($missing_fields)) {
$context['ticket_form']['additional_opts']['override_cf'] = array('show' => true, 'checked' => false, 'text' => $txt['shd_override_cf']);
}
// Preview?
if (isset($_REQUEST['preview'])) {
$context['ticket_form']['preview'] = array('title' => $txt['shd_previewing_ticket'] . ': ' . (empty($_POST['subject']) ? '<em>' . $txt['no_subject'] . '</em>' : $_POST['subject']), 'body' => shd_format_text($_POST['shd_message']));
}
if (!$new_ticket && !empty($ticketinfo['modified_time'])) {
$context['ticket_form'] += array('modified' => array('name' => $ticketinfo['modified_name'], 'id' => $ticketinfo['modified_id'], 'time' => timeformat($ticketinfo['modified_time']), 'link' => shd_profile_link($ticketinfo['modified_name'], $ticketinfo['modified_id'])));
}
if (!$new_ticket) {
loadMemberData($ticketinfo['starter_id']);
if (loadMemberContext($ticketinfo['starter_id'])) {
$context['ticket_form']['member'] = array('name' => $ticketinfo['starter_name'], 'id' => $ticketinfo['starter_id'], 'link' => shd_profile_link($ticketinfo['starter_name'], $ticketinfo['starter_id']), 'avatar' => $memberContext[$ticketinfo['starter_id']]['avatar']);
}
}
shd_load_attachments();
// Ticket privacy, let's see if we can override our healthy default with the post value
if ($context['ticket_form']['private']['can_change']) {
$new_private = isset($_POST['shd_private']) ? (int) $_POST['shd_private'] : $private;
$context['ticket_form']['private']['setting'] = isset($context['ticket_form']['private']['options'][$new_private]) ? (bool) $new_private : $private;
}
// Ticket urgency
shd_get_urgency_options($is_own, $context['ticket_form']['dept']);
if ($context['ticket_form']['urgency']['can_change']) {
$new_urgency = isset($_POST['shd_urgency']) ? (int) $_POST['shd_urgency'] : $urgency;
$context['ticket_form']['urgency']['setting'] = isset($context['ticket_form']['urgency']['options'][$new_urgency]) ? $new_urgency : $urgency;
} else {
$context['ticket_form']['urgency']['setting'] = $urgency;
}
// A few basic checks
if ($context['ticket_form']['status'] == TICKET_STATUS_CLOSED) {
fatal_lang_error('shd_cannot_edit_closed', false);
} elseif ($context['ticket_form']['status'] == TICKET_STATUS_DELETED) {
fatal_lang_error('shd_cannon_edit_deleted', false);
}
// OK, does the user want to close this ticket? Are there any problems with that?
if (!empty($context['can_solve']) && !empty($_POST['resolve_ticket'])) {
$string = shd_check_dependencies();
if (!empty($string)) {
$context['shd_errors'][] = $string;
}
}
if (!empty($context['shd_errors']) || !empty($context['ticket_form']['preview'])) {
checkSubmitOnce('free');
// Anything else for redisplaying the form
$context['page_title'] = $txt['shd_helpdesk'];
$context['sub_template'] = 'ticket_post';
shd_check_attachments();
// Set up the fancy editor
shd_postbox('shd_message', un_preparsecode($context['ticket_form']['message']), array('post_button' => $context['ticket_form']['form_title']));
// Build the link tree and navigation
$context['linktree'][] = array('name' => $new_ticket ? $txt['shd_create_ticket'] : sprintf($txt['shd_edit_ticket_linktree'], $context['ticket_form']['link']));
checkSubmitOnce('register');
} else {
// It all worked, w00t, so let's get ready to rumble
$attachIDs = shd_handle_attachments();
if ($new_ticket) {
// Now to add the ticket details
$posterOptions = array('id' => $user_info['id']);
$msgOptions = array('body' => $context['ticket_form']['message'], 'id' => $context['ticket_form']['msg'], 'smileys_enabled' => empty($context['ticket_form']['disable_smileys']), 'attachments' => $attachIDs);
$ticketOptions = array('id' => $context['ticket_form']['ticket'], 'dept' => $context['ticket_form']['dept'], 'mark_as_read' => true, 'subject' => $context['ticket_form']['subject'], 'private' => $context['ticket_form']['private']['setting'], 'status' => $context['ticket_form']['status'], 'urgency' => $context['ticket_form']['urgency']['setting'], 'assigned' => $context['ticket_form']['assigned']['id'], 'custom_fields' => !empty($context['ticket_form']['custom_fields']['ticket']) ? $context['ticket_form']['custom_fields']['ticket'] : array());
// Just before we do... proxy ticket?
if (!empty($context['ticket_form']['proxy_id'])) {
// 1. Fix the poster options
$posterOptions['id'] = $context['ticket_form']['proxy_id'];
// 2. Make sure it's marked read for the right user
$ticketOptions['mark_as_read_proxy'] = $user_info['id'];
// 3. Fix the log items
$context['log_action'] = 'newticketproxy';
$context['log_params']['user_id'] = $context['ticket_form']['proxy_id'];
$context['log_params']['user_name'] = $context['ticket_form']['proxy'];
}
shd_create_ticket_post($msgOptions, $ticketOptions, $posterOptions);
// Update our nice ticket store with the ticket id
$context['ticket_id'] = $ticketOptions['id'];
$context['ticket_form']['ticket'] = $ticketOptions['id'];
// Handle notifications
require_once $sourcedir . '/sd_source/SimpleDesk-Notifications.php';
shd_notifications_notify_newticket($msgOptions, $ticketOptions, $posterOptions);
} else {
// Only add what has actually changed
// Now to add the ticket details
$posterOptions = array();
$msgOptions = array('id' => $context['ticket_form']['msg'], 'attachments' => $attachIDs);
$ticketOptions = array('id' => $context['ticket_form']['ticket'], 'custom_fields' => !empty($context['ticket_form']['custom_fields']['ticket']) ? $context['ticket_form']['custom_fields']['ticket'] : array());
if ((bool) $ticketinfo['smileys_enabled'] == $context['ticket_form']['disable_smileys']) {
// since one is enabled, one is 'now disable'...
$msgOptions['smileys_enabled'] = !$context['ticket_form']['disable_smileys'];
}
// This things don't trigger modified time
if ($ticketinfo['private'] != $context['ticket_form']['private']['setting']) {
$ticketOptions['private'] = $context['ticket_form']['private']['setting'];
// log the change too
$action = empty($context['ticket_form']['private']['setting']) ? 'marknotprivate' : 'markprivate';
// i.e. based on new setting
shd_log_action($action, array('ticket' => $context['ticket_form']['ticket'], 'subject' => $context['ticket_form']['subject']));
}
if ($ticketinfo['urgency'] != $context['ticket_form']['urgency']['setting']) {
$ticketOptions['urgency'] = $context['ticket_form']['urgency']['setting'];
// log the change too
$action = $context['ticket_form']['urgency']['setting'] > $ticketinfo['urgency'] ? 'urgency_increase' : 'urgency_decrease';
shd_log_action($action, array('ticket' => $context['ticket_form']['ticket'], 'subject' => $context['ticket_form']['subject'], 'urgency' => $context['ticket_form']['urgency']['setting']));
}
// But these things do!
if ($ticketinfo['subject'] != $context['ticket_form']['subject']) {
$ticketOptions['subject'] = $context['ticket_form']['subject'];
}
if ($ticketinfo['body'] != $context['ticket_form']['message']) {
$msgOptions['body'] = $context['ticket_form']['message'];
}
if (isset($ticketOptions['subject']) || isset($msgOptions['body'])) {
$msgOptions['modified'] = array('id' => $user_info['id'], 'name' => $user_info['name'], 'time' => time());
}
if (!empty($context['can_solve']) && !empty($_POST['resolve_ticket'])) {
$ticketOptions['status'] = TICKET_STATUS_CLOSED;
shd_log_action('resolve', array('ticket' => $context['ticket_id'], 'subject' => $ticketinfo['subject']));
}
// DOOOOOOOO EEEEEEEEEEET NAO!
shd_modify_ticket_post($msgOptions, $ticketOptions, $posterOptions);
// OK, did we get any custom fields back?
if (!empty($context['custom_fields_updated'])) {
foreach ($context['custom_fields_updated'] as $field) {
if ($field['oldvalue'] == $field['newvalue']) {
continue;
}
$action = 'cf_' . ($field['scope'] == CFIELD_TICKET ? 'tkt' : 'rpl') . (empty($field['default']) ? 'change_' : 'chgdef_') . ($field['visible'][0] ? 'user' : '') . ($field['visible'][1] ? 'staff' : '') . 'admin';
unset($field['default'], $field['scope'], $field['visible']);
$field['subject'] = $ticketinfo['subject'];
shd_log_action($action, $field);
}
}
}
shd_done_posting();
}
}
function mob_m_ban_user($rpcmsg)
{
global $mobdb, $context, $func, $user_info, $modSettings, $user_info, $sourcedir;
checkSession('session');
// Cannot ban an user?
if (!allowedTo('manage_bans')) {
mob_error('cannot ban users');
}
$reason = strtr($func['htmlspecialchars']($rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : ''), array("\r" => '', "\n" => '', "\t" => ''));
$username = $rpcmsg->getScalarValParam(0);
require_once $sourcedir . '/Subs-Auth.php';
// If we have an user ID, use it otherwise search for the user
if (!is_null($id_user)) {
$request = $mobdb->query('
SELECT ID_MEMBER
FROM {db_prefix}members
WHERE ID_MEMBER = {int:member}', array('member' => $id_user));
if ($mobdb->num_rows($request) == 0) {
$id_user = null;
} else {
list($id_user) = $mobdb->fetch_row($request);
}
$mobdb->free_result($request);
}
// Otherwise search from the DB,
if (is_null($id_user)) {
$username = utf8ToAscii($username);
$members = findMembers($username);
if (empty($members)) {
mob_error('user not found');
}
$member_ids = array_keys($members);
$id_user = $members[$member_ids[0]]['id'];
}
$member = $id_user;
// Create the ban
$mobdb->query('
INSERT INTO {db_prefix}ban_groups
(name, ban_time, cannot_access, expire_time, reason)
VALUES
({string:name}, {int:time}, 1, NULL, {string:reason})', array('time' => time(), 'name' => 'Tapatalk ban (' . $username . ')', 'reason' => $reason));
$id_ban_group = $mobdb->insert_id();
// Insert the user into the ban
$mobdb->query('
INSERT INTO {db_prefix}ban_items
(ID_BAN_GROUP, ID_MEMBER)
VALUES
({int:group}, {int:member})', array('group' => $id_ban_group, 'member' => $member));
// Do we have to delete every post made by this user?
// !!! Optimize this
if ($rpcmsg->getScalarValParam(1) == 2) {
require_once $sourcedir . '/RemoveTopic.php';
@ignore_user_abort();
@set_time_limit(0);
$request = $mobdb->query('
SELECT m.ID_MSG AS id_msg
FROM {db_prefix}messages AS m
LEFT JOIN {db_prefix}topics AS t ON (t.ID_TOPIC = m.ID_TOPIC)
WHERE m.ID_MEMBER = {int:member}
AND (t.ID_FIRST_MSG != m.ID_MSG OR t.numReplies = 0)', array('member' => $member));
while ($row = $mobdb->fetch_assoc($request)) {
removeMessage($row['id_msg']);
}
$mobdb->free_result($request);
}
// Return a true response
return new xmlrpcresp(new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean')), 'struct'));
}
/**
* Re-attribute posts to the user sent from the maintenance page.
*/
public function action_reattribute_display()
{
global $context, $txt;
checkSession();
// Start by doing some data checking
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
$validator->sanitation_rules(array('posts' => 'empty', 'type' => 'trim', 'from_email' => 'trim', 'from_name' => 'trim', 'to' => 'trim'));
$validator->validation_rules(array('from_email' => 'valid_email', 'from_name' => 'required', 'to' => 'required', 'type' => 'contains[name,email]'));
$validator->validate($_POST);
// Do we have a valid set of options to continue?
if ($validator->type === 'name' && !empty($validator->from_name) || $validator->type === 'email' && !$validator->validation_errors('from_email')) {
// Find the member.
require_once SUBSDIR . '/Auth.subs.php';
$members = findMembers($validator->to);
// No members, no further
if (empty($members)) {
fatal_lang_error('reattribute_cannot_find_member');
}
$memID = array_shift($members);
$memID = $memID['id'];
$email = $validator->type == 'email' ? $validator->from_email : '';
$membername = $validator->type == 'name' ? $validator->from_name : '';
// Now call the reattribute function.
require_once SUBSDIR . '/Members.subs.php';
reattributePosts($memID, $email, $membername, !$validator->posts);
$context['maintenance_finished'] = array('errors' => array(sprintf($txt['maintain_done'], $txt['maintain_reattribute_posts'])));
} else {
// Show them the correct error
if ($validator->type === 'name' && empty($validator->from_name)) {
$error = $validator->validation_errors(array('from_name', 'to'));
} else {
$error = $validator->validation_errors(array('from_email', 'to'));
}
$context['maintenance_finished'] = array('errors' => $error, 'type' => 'minor');
}
}
$context['shop_inv'] = array('last_col_type' => 'none');
// This code from PersonalMessage.php. It trims the " characters off the membername posted,
// and then puts all names into an array
$_REQUEST['member'] = strtr($_REQUEST['member'], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $_REQUEST['member'], $matches);
$members = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['member']))));
// Loop through all the names found
foreach ($members as $index => $member) {
if (strlen(trim($member)) > 0) {
$members[$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](stripslashes(trim($member))));
} else {
unset($members[$index]);
}
}
// Find all these members
$context['shop_invother'] = findMembers($members);
// None of the entered members exist?
if (count($context['shop_invother']) == 0) {
fatal_lang_error('shop_members_no_exist', true, array(implode(', ', $members)));
}
// Loop through all the members we found
foreach ($context['shop_invother'] as $key => $member) {
// Start with an empty inventory array
$context['shop_invother'][$key]['items'] = array();
// TODO: Can this be more efficient?
// Get the user's inventory
$result = $smcFunc['db_query']('', "\n\t\t\tSELECT it.name, it.desc, it.image, inv.id\n\t\t\tFROM ({db_prefix}shop_inventory AS inv, {db_prefix}shop_items AS it)\n\t\t\tWHERE ownerid = {int:id} AND inv.itemid = it.id", array('id' => $member['id']));
// Loop through all the items
while ($row = $smcFunc['db_fetch_assoc']($result)) {
$context['shop_invother'][$key]['items'][] = array('name' => $row['name'], 'desc' => $row['desc'], 'image' => $row['image']);
}
/**
* Called by index.php?action=findmember.
* This function result is used as a popup for searching members.
*
* @deprecated since 1.0
* @uses sub template find_members of the Members template.
*/
public function action_findmember()
{
global $context, $scripturl, $user_info, $settings;
checkSession('get');
// Load members template
loadTemplate('Members');
loadTemplate('index');
Template_Layers::getInstance()->removeAll();
$context['sub_template'] = 'find_members';
if (isset($_REQUEST['search'])) {
$context['last_search'] = Util::htmlspecialchars($_REQUEST['search'], ENT_QUOTES);
} else {
$_REQUEST['start'] = 0;
}
// Allow the user to pass the input to be added to to the box.
$context['input_box_name'] = isset($_REQUEST['input']) && preg_match('~^[\\w-]+$~', $_REQUEST['input']) === 1 ? $_REQUEST['input'] : 'to';
// Take the delimiter over GET in case it's \n or something.
$context['delimiter'] = isset($_REQUEST['delim']) ? $_REQUEST['delim'] == 'LB' ? "\n" : $_REQUEST['delim'] : ', ';
$context['quote_results'] = !empty($_REQUEST['quote']);
// List all the results.
$context['results'] = array();
// Some buddy related settings ;)
$context['show_buddies'] = !empty($user_info['buddies']);
$context['buddy_search'] = isset($_REQUEST['buddies']);
// If the user has done a search, well - search.
if (isset($_REQUEST['search'])) {
require_once SUBSDIR . '/Auth.subs.php';
$_REQUEST['search'] = Util::htmlspecialchars($_REQUEST['search'], ENT_QUOTES);
$context['results'] = findMembers(array($_REQUEST['search']), true, $context['buddy_search']);
$total_results = count($context['results']);
$_REQUEST['start'] = (int) $_REQUEST['start'];
// This is a bit hacky, but its defined in index template, and this is a popup
$settings['page_index_template'] = array('base_link' => '<li class="linavPages"><a class="navPages" href="{base_link}" role="menuitem">%2$s</a></li>', 'previous_page' => '<span class="previous_page" role="menuitem">{prev_txt}</span>', 'current_page' => '<li class="linavPages"><strong class="current_page" role="menuitem">%1$s</strong></li>', 'next_page' => '<span class="next_page" role="menuitem">{next_txt}</span>', 'expand_pages' => '<li class="linavPages expand_pages" role="menuitem" {custom}> <a href="#">...</a> </li>', 'all' => '<li class="linavPages all_pages" role="menuitem">{all_txt}</li>');
$context['page_index'] = constructPageIndex($scripturl . '?action=findmember;search=' . $context['last_search'] . ';' . $context['session_var'] . '=' . $context['session_id'] . ';input=' . $context['input_box_name'] . ($context['quote_results'] ? ';quote=1' : '') . ($context['buddy_search'] ? ';buddies' : ''), $_REQUEST['start'], $total_results, 7);
// Determine the navigation context
$base_url = $scripturl . '?action=findmember;search=' . urlencode($context['last_search']) . (empty($_REQUEST['u']) ? '' : ';u=' . $_REQUEST['u']) . ';' . $context['session_var'] . '=' . $context['session_id'];
$context['links'] += array('prev' => $_REQUEST['start'] >= 7 ? $base_url . ';start=' . ($_REQUEST['start'] - 7) : '', 'next' => $_REQUEST['start'] + 7 < $total_results ? $base_url . ';start=' . ($_REQUEST['start'] + 7) : '');
$context['page_info'] = array('current_page' => $_REQUEST['start'] / 7 + 1, 'num_pages' => floor(($total_results - 1) / 7) + 1);
$context['results'] = array_slice($context['results'], $_REQUEST['start'], 7);
}
}
function MaintainReattributePosts()
{
global $sourcedir, $context, $txt;
checkSession();
// Find the member.
require_once $sourcedir . '/Subs-Auth.php';
$members = findMembers($_POST['to']);
if (empty($members)) {
fatal_lang_error('reattribute_cannot_find_member');
}
$memID = array_shift($members);
$memID = $memID['id'];
$email = $_POST['type'] == 'email' ? $_POST['from_email'] : '';
$membername = $_POST['type'] == 'name' ? $_POST['from_name'] : '';
// Now call the reattribute function.
require_once $sourcedir . '/Subs-Members.php';
reattributePosts($memID, $email, $membername, !empty($_POST['posts']));
$context['maintenance_finished'] = $txt['maintain_reattribute_posts'];
}
/**
* Send a personal message.
*/
public function action_send2()
{
global $txt, $context, $user_info, $modSettings;
// All the helpers we need
require_once SUBSDIR . '/Auth.subs.php';
require_once SUBSDIR . '/Post.subs.php';
// PM Drafts enabled and needed?
if ($context['drafts_pm_save'] && (isset($_POST['save_draft']) || isset($_POST['id_pm_draft']))) {
require_once SUBSDIR . '/Drafts.subs.php';
}
loadLanguage('PersonalMessage', '', false);
// Extract out the spam settings - it saves database space!
list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']);
// Initialize the errors we're about to make.
$post_errors = Error_Context::context('pm', 1);
// Check whether we've gone over the limit of messages we can send per hour - fatal error if fails!
if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') {
// How many have they sent this last hour?
$pmCount = pmCount($user_info['id'], 3600);
if (!empty($pmCount) && $pmCount >= $modSettings['pm_posts_per_hour']) {
if (!isset($_REQUEST['xml'])) {
fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour']));
} else {
$post_errors->addError('pm_too_many_per_hour');
}
}
}
// If your session timed out, show an error, but do allow to re-submit.
if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') {
$post_errors->addError('session_timeout');
}
$_REQUEST['subject'] = isset($_REQUEST['subject']) ? strtr(Util::htmltrim($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')) : '';
$_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to'];
$_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc'];
// Route the input from the 'u' parameter to the 'to'-list.
if (!empty($_POST['u'])) {
$_POST['recipient_to'] = explode(',', $_POST['u']);
}
// Construct the list of recipients.
$recipientList = array();
$namedRecipientList = array();
$namesNotFound = array();
foreach (array('to', 'bcc') as $recipientType) {
// First, let's see if there's user ID's given.
$recipientList[$recipientType] = array();
if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) {
foreach ($_POST['recipient_' . $recipientType] as $recipient) {
$recipientList[$recipientType][] = (int) $recipient;
}
}
// Are there also literal names set?
if (!empty($_REQUEST[$recipientType])) {
// We're going to take out the "s anyway ;).
$recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $recipientString, $matches);
$namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString))));
// Clean any literal names entered
foreach ($namedRecipientList[$recipientType] as $index => $recipient) {
if (strlen(trim($recipient)) > 0) {
$namedRecipientList[$recipientType][$index] = Util::htmlspecialchars(Util::strtolower(trim($recipient)));
} else {
unset($namedRecipientList[$recipientType][$index]);
}
}
// Now see if we can resolove the entered name to an actual user
if (!empty($namedRecipientList[$recipientType])) {
$foundMembers = findMembers($namedRecipientList[$recipientType]);
// Assume all are not found, until proven otherwise.
$namesNotFound[$recipientType] = $namedRecipientList[$recipientType];
// Make sure we only have each member listed once, incase they did not use the select list
foreach ($foundMembers as $member) {
$testNames = array(Util::strtolower($member['username']), Util::strtolower($member['name']), Util::strtolower($member['email']));
if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) {
$recipientList[$recipientType][] = $member['id'];
// Get rid of this username, since we found it.
$namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames);
}
}
}
}
// Selected a recipient to be deleted? Remove them now.
if (!empty($_POST['delete_recipient'])) {
$recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient']));
}
// Make sure we don't include the same name twice
$recipientList[$recipientType] = array_unique($recipientList[$recipientType]);
}
// Are we changing the recipients some how?
$is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']);
// Check if there's at least one recipient.
if (empty($recipientList['to']) && empty($recipientList['bcc'])) {
$post_errors->addError('no_to');
}
// Make sure that we remove the members who did get it from the screen.
if (!$is_recipient_change) {
foreach (array_keys($recipientList) as $recipientType) {
if (!empty($namesNotFound[$recipientType])) {
$post_errors->addError('bad_' . $recipientType);
// Since we already have a post error, remove the previous one.
$post_errors->removeError('no_to');
foreach ($namesNotFound[$recipientType] as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
}
}
// Did they make any mistakes like no subject or message?
if ($_REQUEST['subject'] == '') {
$post_errors->addError('no_subject');
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$post_errors->addError('no_message');
} elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_REQUEST['message']) > $modSettings['max_messageLength']) {
$post_errors->addError('long_message');
} else {
// Preparse the message.
$message = $_REQUEST['message'];
preparsecode($message);
// Make sure there's still some content left without the tags.
if (Util::htmltrim(strip_tags(parse_bbc(Util::htmlspecialchars($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) {
$post_errors->addError('no_message');
}
}
// Wrong verification code?
if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) {
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'pm');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$post_errors->addError($error);
}
}
}
// If they made any errors, give them a chance to make amends.
if ($post_errors->hasErrors() && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) {
return messagePostError($namedRecipientList, $recipientList);
}
// Want to take a second glance before you send?
if (isset($_REQUEST['preview'])) {
// Set everything up to be displayed.
$context['preview_subject'] = Util::htmlspecialchars($_REQUEST['subject']);
$context['preview_message'] = Util::htmlspecialchars($_REQUEST['message'], ENT_QUOTES, 'UTF-8', true);
preparsecode($context['preview_message'], true);
// Parse out the BBC if it is enabled.
$context['preview_message'] = parse_bbc($context['preview_message']);
// Censor, as always.
censorText($context['preview_subject']);
censorText($context['preview_message']);
// Set a descriptive title.
$context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject'];
// Pretend they messed up but don't ignore if they really did :P.
return messagePostError($namedRecipientList, $recipientList);
} elseif ($is_recipient_change) {
// Maybe we couldn't find one?
foreach ($namesNotFound as $recipientType => $names) {
$post_errors->addError('bad_' . $recipientType);
foreach ($names as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
return messagePostError($namedRecipientList, $recipientList);
}
// Want to save this as a draft and think about it some more?
if ($context['drafts_pm_save'] && isset($_POST['save_draft'])) {
savePMDraft($recipientList);
return messagePostError($namedRecipientList, $recipientList);
} elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) {
$context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])));
return messagePostError($namedRecipientList, $recipientList);
}
// Protect from message spamming.
spamProtection('pm');
// Prevent double submission of this form.
checkSubmitOnce('check');
// Finally do the actual sending of the PM.
if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) {
$context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], true, null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0);
} else {
$context['send_log'] = array('sent' => array(), 'failed' => array());
}
// Mark the message as "replied to".
if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') {
require_once SUBSDIR . '/PersonalMessage.subs.php';
setPMRepliedStatus($user_info['id'], (int) $_REQUEST['replied_to']);
}
// If one or more of the recipients were invalid, go back to the post screen with the failed usernames.
if (!empty($context['send_log']['failed'])) {
return messagePostError($namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed'])));
}
// Message sent successfully?
if (!empty($context['send_log']) && empty($context['send_log']['failed'])) {
$context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent';
// If we had a PM draft for this one, then its time to remove it since it was just sent
if ($context['drafts_pm_save'] && !empty($_POST['id_pm_draft'])) {
deleteDrafts($_POST['id_pm_draft'], $user_info['id']);
}
}
// Go back to the where they sent from, if possible...
redirectexit($context['current_label_redirect']);
}
function ArcadeNewMatch2()
{
global $scripturl, $txt, $db_prefix, $context, $smcFunc, $user_info, $sourcedir;
require_once $sourcedir . '/Subs-Members.php';
require_once $sourcedir . '/Subs-Auth.php';
$match = array();
$showConfirm = false;
$errors = array();
if (empty($_REQUEST['match_name']) || trim($_REQUEST['match_name']) == '') {
$errors[] = 'no_name';
} elseif ($smcFunc['strlen']($_REQUEST['match_name']) > 20) {
$errors[] = 'name_too_long';
}
if (!empty($_REQUEST['match_name'])) {
$match['name'] = $_REQUEST['match_name'];
}
if (empty($_REQUEST['game_mode']) || !in_array($_REQUEST['game_mode'], array('normal', 'knockout'))) {
$errors[] = 'invalid_game_mode';
} else {
$match['game_mode'] = $_REQUEST['game_mode'];
}
$match['private'] = isset($_REQUEST['private']);
$match['num_players'] = empty($_REQUEST['num_players']) ? 0 : $_REQUEST['num_players'];
// Check rounds
$match['rounds'] = array();
$context['games'] = array();
if (!empty($_REQUEST['rounds'])) {
// Check that all are numbers
foreach ($_REQUEST['rounds'] as $id => $round) {
if ($round != '::GAME_ID::' && (!isset($_REQUEST['delete_round']) || $_REQUEST['delete_round'] != $id)) {
$match['rounds'][] = (int) $round;
}
}
}
// Game from suggester text field?
if (!empty($_REQUEST['arenagame_input'])) {
$showConfirm = true;
$_REQUEST['arenagame_input'] = strtr($_REQUEST['arenagame_input'], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $_REQUEST['arenagame_input'], $matches);
$games = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['arenagame_input']))));
$request = $smcFunc['db_query']('', '
SELECT game.id_game
FROM {db_prefix}arcade_games AS game
LEFT JOIN {db_prefix}arcade_categories AS category ON (category.id_cat = game.id_cat)
WHERE game.game_name IN({array_string:games})
AND {query_arena_game}', array('games' => $games));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$match['rounds'][] = (int) $row['id_game'];
}
unset($games, $matches);
}
if (!empty($match['rounds'])) {
$request = $smcFunc['db_query']('', '
SELECT game.id_game, game.game_name
FROM {db_prefix}arcade_games AS game
LEFT JOIN {db_prefix}arcade_categories AS category ON (category.id_cat = game.id_cat)
WHERE id_game IN({array_int:games})
AND {query_arena_game}', array('games' => array_unique($match['rounds'])));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['games'][$row['id_game']] = array('id' => $row['id_game'], 'name' => $row['game_name']);
}
$smcFunc['db_free_result']($request);
$valid = true;
foreach ($match['rounds'] as $i => $r) {
if (!isset($context['games'][$r])) {
$valid = false;
unset($match['rounds'][$i]);
}
}
if (!$valid) {
$errors[] = 'invalid_rounds';
}
}
// Check players
$match['players'] = array();
// Players from add players field?
if (!empty($_REQUEST['player'])) {
$showConfirm = true;
$_REQUEST['player'] = strtr($_REQUEST['player'], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $_REQUEST['player'], $matches);
$foundMembers = findMembers(array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['player'])))));
foreach ($foundMembers as $member) {
$match['players'][] = $member['id'];
}
unset($foundMembers, $matches);
}
// Previous / Players added via suggester
if (!empty($_REQUEST['players_list'])) {
foreach ($_REQUEST['players_list'] as $id) {
if (!isset($_REQUEST['delete_player']) || $_REQUEST['delete_player'] != $id) {
$match['players'][] = (int) $id;
}
}
}
// Remove duplicates
$match['players'] = array_unique($match['players']);
$totalp = count($match['players']);
// Check that selected players are allowed to play
$match['players'] = memberAllowedTo(array('arcade_join_match', 'arcade_join_invite_match'), $match['players']);
// Check number of players
if ($match['num_players'] < $totalp || $match['num_players'] < 2) {
$errors[] = 'not_enough_players';
}
if (count($match['players']) != $totalp) {
$errors[] = 'invalid_members';
}
if (count($match['rounds']) === 0) {
$errors[] = 'no_rounds';
}
if (!checkSubmitOnce('check', false)) {
$errors[] = 'submit_twice';
}
$showConfirm = $showConfirm || isset($_REQUEST['delete_round']) || isset($_REQUEST['delete_player']) || isset($_REQUEST['player_submit']) || isset($_REQUEST['arenagame_submit']);
if ($showConfirm || !empty($errors)) {
return ArcadeNewMatch($match, $showConfirm ? array() : $errors);
}
$matchOptions = array('name' => $smcFunc['htmlspecialchars']($match['name'], ENT_QUOTES), 'starter' => $user_info['id'], 'num_players' => $match['num_players'], 'games' => $match['rounds'], 'num_rounds' => count($match['rounds']), 'players' => $match['players'], 'extra' => array('mode' => $match['game_mode']));
$id_match = createMatch($matchOptions);
redirectexit('action=arcade;sa=viewMatch;match=' . $id_match);
}
require_once 'libextra.php';
require_once 'db.php';
require_once 'chance.php';
require_once 'misc/bases.php';
//And now the conditionals.
if (isset($_GET['trainer']) || isset($_GET['user'])) {
//Extra handling for username requests.
if (isset($_GET['user'])) {
//Before we take one step, we should block searches by email address. findMembers() is not (regular) user facing by default - simply exposing it allows reverse email lookups, which is naughty.
if (filter_var($_GET['user'], FILTER_VALIDATE_EMAIL)) {
die($error[3]);
}
require_once '../Sources/Subs-Auth.php';
$possible_user = array($_GET['user']);
//SMF's function we're appropriating expects an array no matter what.
$userinfo = findMembers($possible_user);
//If I don't know this name, sorry. No trainer.
if (empty($userinfo)) {
die($error[2]);
}
//SMF "helpfully" keys the result by user ID. Which is the whole point of this search: we don't know it..
reset($userinfo);
$id = key($userinfo);
}
if (!isset($_GET['user'])) {
$id = (int) $_GET['trainer'];
}
$userdata = userdata($id);
$userdata = $userdata[0];
if (empty($userdata)) {
die($error[2]);
function method_get_participated_topic()
{
global $context, $mobdb, $mobsettings, $modSettings, $user_info, $sourcedir;
// Guest?
if ($user_info['is_guest']) {
createErrorResponse(21);
}
// Get the username
$username = base64_decode($context['mob_request']['params'][0][0]);
if (empty($username)) {
createErrorResponse(8);
}
require_once $sourcedir . '/Subs-Auth.php';
######## Added by Sean##############
$username = htmltrim__recursive($username);
$username = stripslashes__recursive($username);
$username = htmlspecialchars__recursive($username);
$username = addslashes__recursive($username);
##################################################################
// Does this user exist?
$members = findMembers($username);
if (empty($members)) {
createErrorResponse(8);
}
$id_member = array_keys($members);
$member = $members[$id_member[0]];
if (empty($member)) {
createErrorResponse(8);
}
// Do we have start num defined?
if (isset($context['mob_request']['params'][1])) {
$start_num = (int) $context['mob_request']['params'][1][0];
}
// Do we have last number defined?
if (isset($context['mob_request']['params'][2])) {
$last_num = (int) $context['mob_request']['params'][2][0];
}
// Perform some start/last num checks
if (isset($start_num) && isset($last_num)) {
if ($start_num > $last_num) {
createErrorResponse(3);
} elseif ($last_num - $start_num > 50) {
$last_num = $start_num + 50;
}
}
// Default number of topics per page
$topics_per_page = 20;
// Generate the limit clause
$limit = '';
if (!isset($start_num) && !isset($last_num)) {
$start_num = 0;
$limit = $topics_per_page;
} elseif (isset($start_num) && !isset($last_num)) {
$limit = $topics_per_page;
} elseif (isset($start_num) && isset($last_num)) {
$limit = $last_num - $start_num + 1;
} elseif (empty($start_num) && empty($last_num)) {
$start_num = 0;
$limit = $topics_per_page;
}
// Get the count
$mobdb->query('
SELECT t.ID_TOPIC
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC)
INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = t.ID_BOARD)
WHERE {query_see_board}
AND m.ID_MEMBER = {int:member}
GROUP BY t.ID_TOPIC
ORDER BY t.ID_TOPIC DESC', array('member' => $id_member[0]));
$tids = array();
while ($row = $mobdb->fetch_assoc()) {
$tids[] = $row['ID_TOPIC'];
}
$mobdb->free_result();
$count = count($tids);
if ($limit + $start_num > $count) {
$limit = $count - $start_num;
}
$tids = array_slice($tids, $start_num, $limit);
$topics = array();
if (count($tids)) {
// Grab the topics
$mobdb->query('
SELECT t.ID_TOPIC AS id_topic, t.isSticky AS is_sticky, t.locked, fm.subject AS topic_title, t.numViews AS views, t.numReplies AS replies,
IFNULL(mem.ID_MEMBER, 0) AS id_member, mem.realName, mem.memberName, mem.avatar, IFNULL(a.ID_ATTACH, 0) AS id_attach, a.filename, a.attachmentType AS attachment_type,
IFNULL(lm.posterTime, fm.posterTime) AS last_message_time, ' . ($user_info['is_guest'] ? '0' : 'ln.ID_TOPIC AS is_notify, IFNULL(lt.ID_MSG, IFNULL(lmr.ID_MSG, -1)) + 1') . ' AS new_from,
IFNULL(lm.body, fm.body) AS body, lm.ID_MSG_MODIFIED AS id_msg_modified, b.name AS board_name, b.ID_BOARD AS id_board
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC)
INNER JOIN {db_prefix}messages AS fm ON (t.ID_FIRST_MSG = fm.ID_MSG)
INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = t.ID_BOARD)
LEFT JOIN {db_prefix}messages AS lm ON (t.ID_LAST_MSG = lm.ID_MSG)
LEFT JOIN {db_prefix}members AS mem ON (lm.ID_MEMBER = mem.ID_MEMBER)' . ($user_info['is_guest'] ? '' : '
LEFT JOIN {db_prefix}log_topics AS lt ON (lt.ID_TOPIC = t.ID_TOPIC AND lt.ID_MEMBER = {int:current_member})
LEFT JOIN {db_prefix}log_notify AS ln ON ((ln.ID_TOPIC = t.ID_TOPIC OR ln.ID_BOARD = t.ID_BOARD) AND ln.ID_MEMBER = {int:current_member})
LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.ID_BOARD = t.ID_BOARD AND lmr.ID_MEMBER = {int:current_member})') . '
LEFT JOIN {db_prefix}attachments AS a ON (a.ID_MEMBER = mem.ID_MEMBER)
WHERE {query_see_board}
AND m.ID_MEMBER = {int:member} AND t.ID_TOPIC IN ({array_int:topic_ids})
ORDER BY lm.posterTime DESC', array('current_member' => $user_info['id'], 'member' => $id_member[0], 'topic_ids' => $tids));
while ($row = $mobdb->fetch_assoc()) {
// Add stuff to the array
$topics[$row['id_topic']] = array('id' => $row['id_topic'], 'title' => processSubject($row['topic_title']), 'short_msg' => processShortContent($row['body']), 'replies' => $row['replies'], 'views' => $row['views'], 'poster' => array('id' => $row['id_member'], 'username' => $row['memberName'], 'post_name' => $row['realName'], 'avatar' => get_avatar($row)), 'is_new' => $user_info['is_guest'] ? 0 : $row['new_from'] <= $row['id_msg_modified'], 'board' => $row['id_board'], 'board_name' => $row['board_name'], 'post_time' => mobiquo_time($row['last_message_time']), 'is_marked_notify' => !empty($row['is_notify']), 'is_locked' => !empty($row['locked']));
}
$mobdb->free_result();
}
// LAME!
outputRPCSubscribedTopics($topics, $count);
}
function shd_admin_maint_reattribute()
{
global $context, $txt, $smcFunc, $sourcedir;
checkSession('request');
$context['page_title'] = $txt['shd_admin_maint_reattribute'];
$context['sub_template'] = 'shd_admin_maint_reattributedone';
// Find the member.
require_once $sourcedir . '/Subs-Auth.php';
$members = findMembers($_POST['to']);
if (empty($members)) {
fatal_lang_error('shd_reattribute_cannot_find_member');
}
$memID = array_shift($members);
$memID = $memID['id'];
if ($_POST['type'] == 'email') {
if (empty($_POST['from_email'])) {
fatal_lang_error('shd_reattribute_no_email');
}
$clause = 'poster_email = {string:attribute}';
$attribute = $_POST['from_email'];
} elseif ($_POST['type'] == 'name') {
if (empty($_POST['from_name'])) {
fatal_lang_error('shd_reattribute_no_user');
}
$clause = 'poster_name = {string:attribute}';
$attribute = $_POST['from_name'];
} elseif ($_POST['type'] == 'starter') {
if (empty($_POST['from_starter'])) {
fatal_lang_error('shd_reattribute_no_user');
}
$from = findMembers($_POST['from_starter']);
if (empty($from)) {
fatal_lang_error('shd_reattribute_cannot_find_member_from');
}
$fromID = array_shift($from);
$attribute = $fromID['id'];
$clause = 'id_msg in (
SELECT id_first_msg
FROM {db_prefix}helpdesk_tickets
WHERE id_member_started = {int:attribute})';
} else {
fatal_lang_error('shd_reattribute_no_user');
}
// Now, we don't delete the user id from posts on account deletion, never have.
// So, get all the user ids attached to this user/email, make sure they're not in use, and then reattribute them.
$members = array();
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}helpdesk_ticket_replies
WHERE ' . $clause, array('attribute' => $attribute));
while ($row = $smcFunc['db_fetch_row']($request)) {
$members[] = $row[0];
}
$smcFunc['db_free_result']($request);
// Did we find any members? If not, bail.
if (empty($members)) {
fatal_lang_error('shd_reattribute_no_messages', false);
}
// Topic starters are a bit easier.
if ($_POST['type'] == 'starter') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}helpdesk_ticket_replies
SET id_member = {int:new_id}
WHERE id_msg IN (
SELECT id_first_msg
FROM {db_prefix}helpdesk_tickets
WHERE id_member_started = {int:from_id})', array('new_id' => $memID, 'from_id' => $attribute));
} else {
// So we found some old member ids. Are any of them still in use?
$temp_members = loadMemberData($members, false, 'minimal');
if (empty($temp_members)) {
$temp_members = array();
}
$members = array_diff($members, $temp_members);
if (empty($members)) {
fatal_lang_error('shd_reattribute_in_use', false);
}
// OK, let's go!
$smcFunc['db_query']('', '
UPDATE {db_prefix}helpdesk_ticket_replies
SET id_member = {int:new_id}
WHERE id_member IN ({array_int:old_ids})', array('new_id' => $memID, 'old_ids' => $members));
}
}
/**
* Called by index.php?action=findmember.
* - is used as a popup for searching members.
* - uses sub template find_members of the Help template.
* - also used to add members for PM's sent using wap2/imode protocol.
*/
function JSMembers()
{
global $context, $scripturl, $user_info, $smcFunc;
checkSession('get');
if (WIRELESS) {
$context['sub_template'] = WIRELESS_PROTOCOL . '_pm';
} else {
// Why is this in the Help template, you ask? Well, erm... it helps you. Does that work?
loadTemplate('Help');
$context['template_layers'] = array();
$context['sub_template'] = 'find_members';
}
if (isset($_REQUEST['search'])) {
$context['last_search'] = $smcFunc['htmlspecialchars']($_REQUEST['search'], ENT_QUOTES);
} else {
$_REQUEST['start'] = 0;
}
// Allow the user to pass the input to be added to to the box.
$context['input_box_name'] = isset($_REQUEST['input']) && preg_match('~^[\\w-]+$~', $_REQUEST['input']) === 1 ? $_REQUEST['input'] : 'to';
// Take the delimiter over GET in case it's \n or something.
$context['delimiter'] = isset($_REQUEST['delim']) ? $_REQUEST['delim'] == 'LB' ? "\n" : $_REQUEST['delim'] : ', ';
$context['quote_results'] = !empty($_REQUEST['quote']);
// List all the results.
$context['results'] = array();
// Some buddy related settings ;)
$context['show_buddies'] = !empty($user_info['buddies']);
$context['buddy_search'] = isset($_REQUEST['buddies']);
// If the user has done a search, well - search.
if (isset($_REQUEST['search'])) {
$_REQUEST['search'] = $smcFunc['htmlspecialchars']($_REQUEST['search'], ENT_QUOTES);
$context['results'] = findMembers(array($_REQUEST['search']), true, $context['buddy_search']);
$total_results = count($context['results']);
$context['page_index'] = constructPageIndex($scripturl . '?action=findmember;search=' . $context['last_search'] . ';' . $context['session_var'] . '=' . $context['session_id'] . ';input=' . $context['input_box_name'] . ($context['quote_results'] ? ';quote=1' : '') . ($context['buddy_search'] ? ';buddies' : ''), $_REQUEST['start'], $total_results, 7);
// Determine the navigation context (especially useful for the wireless template).
$base_url = $scripturl . '?action=findmember;search=' . urlencode($context['last_search']) . (empty($_REQUEST['u']) ? '' : ';u=' . $_REQUEST['u']) . ';' . $context['session_var'] . '=' . $context['session_id'];
$context['links'] = array('first' => $_REQUEST['start'] >= 7 ? $base_url . ';start=0' : '', 'prev' => $_REQUEST['start'] >= 7 ? $base_url . ';start=' . ($_REQUEST['start'] - 7) : '', 'next' => $_REQUEST['start'] + 7 < $total_results ? $base_url . ';start=' . ($_REQUEST['start'] + 7) : '', 'last' => $_REQUEST['start'] + 7 < $total_results ? $base_url . ';start=' . floor(($total_results - 1) / 7) * 7 : '', 'up' => $scripturl . '?action=pm;sa=send' . (empty($_REQUEST['u']) ? '' : ';u=' . $_REQUEST['u']));
$context['page_info'] = array('current_page' => $_REQUEST['start'] / 7 + 1, 'num_pages' => floor(($total_results - 1) / 7) + 1);
$context['results'] = array_slice($context['results'], $_REQUEST['start'], 7);
} else {
$context['links']['up'] = $scripturl . '?action=pm;sa=send' . (empty($_REQUEST['u']) ? '' : ';u=' . $_REQUEST['u']);
}
}
function mob_get_user_info($rpcmsg)
{
global $mobdb, $context, $modSettings, $memberContext, $user_profile, $sourcedir, $txt, $user_info;
$username = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : null;
$id_user = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : null;
if (empty($username) && empty($id_user)) {
$id_user = $user_info['id'];
}
$id_user = intval($id_user);
require_once $sourcedir . '/Subs-Auth.php';
// If we have an user ID, use it otherwise search for the user
if (!is_null($id_user)) {
$request = $mobdb->query('
SELECT ID_MEMBER
FROM {db_prefix}members
WHERE ID_MEMBER = {int:member}', array('member' => $id_user));
if ($mobdb->num_rows($request) == 0) {
$id_user = null;
} else {
list($id_user) = $mobdb->fetch_row($request);
}
$mobdb->free_result($request);
}
// Otherwise search from the DB,
if (is_null($id_user)) {
$username = utf8ToAscii($username);
$members = findMembers($username);
if (empty($members)) {
mob_error('user not found');
}
$member_ids = array_keys($members);
$id_user = $members[$member_ids[0]]['id'];
}
loadMemberData($id_user);
loadMemberContext($id_user);
$member = $memberContext[$id_user];
// Is the guy banned?
$request = $mobdb->query('
SELECT COUNT(*)
FROM {db_prefix}ban_items AS bi
INNER JOIN {db_prefix}ban_groups AS bg ON (bg.ID_BAN_GROUP = bi.ID_BAN_GROUP)
WHERE bi.ID_MEMBER = {int:member}
AND (bg.expire_time IS NULL OR bg.expire_time > {int:time})
AND bg.cannot_access != 0', array('member' => $member['id'], 'time' => time()));
$banned = false;
list($count) = $mobdb->fetch_row($request);
if ($count > 0) {
$banned = true;
}
$mobdb->free_result($request);
loadLanguage('Profile');
// Load the current action
$current_action = determineActions($user_profile[$id_user]['url']);
// Figure out all the custom fields
$custom_fields = array();
$custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval($txt[87], 'base64'), 'value' => new xmlrpcval(!empty($member['group']) ? $member['group'] : $member['post_group'], 'base64')), 'struct');
// Custom communication fields
$fields = array('icq', 'aim', 'msn', 'yim');
$_fields = array($txt[513], $txt[603], $txt['MSN'], $txt[604]);
foreach ($fields as $k => $field) {
if (!empty($member[$field]['name'])) {
$custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval(processSubject($_fields[$k]), 'base64'), 'value' => new xmlrpcval(processSubject($member[$field]['name']), 'base64')), 'struct');
}
}
if ($modSettings['karmaMode'] == '1' || $modSettings['karmaMode'] == '2') {
$custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval(processSubject($modSettings['karmaLabel']), 'base64'), 'value' => new xmlrpcval(processSubject($modSettings['karmaMode'] == '1' ? $member['karma']['good'] - $member['karma']['bad'] : '+' . $member['karma']['good'] . '/-' . $member['karma']['bad']), 'base64')), 'struct');
}
if (!empty($member['gender']['name'])) {
$custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval(processSubject($txt[231]), 'base64'), 'value' => new xmlrpcval(processSubject($member['gender']['name']), 'base64')), 'struct');
}
if (!empty($member['location'])) {
$custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval(processSubject($txt[227]), 'base64'), 'value' => new xmlrpcval(processSubject($member['location']), 'base64')), 'struct');
}
if (!empty($member['signature'])) {
$custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval(processSubject($txt[85]), 'base64'), 'value' => new xmlrpcval(processSubject($member['signature']), 'base64')), 'struct');
}
$response = array('user_id' => new xmlrpcval($member['id'], 'string'), 'user_name' => new xmlrpcval(processUsername(!empty($member['name']) ? $member['name'] : $member['username']), 'base64'), 'display_name' => new xmlrpcval(processUsername(!empty($member['name']) ? $member['name'] : $member['username']), 'base64'), 'post_count' => new xmlrpcval($member['posts'], 'int'), 'reg_time' => new xmlrpcval(mobiquo_time($member['registered_timestamp']), 'dateTime.iso8601'), 'is_online' => new xmlrpcval(!empty($user_profile[$id_user]['isOnline']), 'boolean'), 'accept_pm' => new xmlrpcval(true, 'boolean'), 'display_text' => new xmlrpcval(processSubject($member['title']), 'base64'), 'icon_url' => new xmlrpcval($member['avatar']['href'], 'string'), 'current_activity' => new xmlrpcval(processSubject($current_action), 'base64'), 'current_action' => new xmlrpcval(processSubject($current_action), 'base64'), 'is_ban' => new xmlrpcval($banned, 'boolean'), 'can_ban' => new xmlrpcval(allowedTo('manage_bans'), 'boolean'), 'custom_fields_list' => new xmlrpcval($custom_fields, 'array'));
if ($banned) {
$response['user_type'] = new xmlrpcval('banned', 'base64');
}
// Return the response
return new xmlrpcresp(new xmlrpcval($response, 'struct'));
}
/**
* Shows a form to edit a forum mailing and its recipients.
*
* What it does:
* - Called by ?action=admin;area=news;sa=mailingcompose.
* - Requires the send_mail permission.
* - Form is submitted to ?action=admin;area=news;sa=mailingsend.
*
* @uses ManageNews template, email_members_compose sub-template.
*/
public function action_mailingcompose()
{
global $txt, $context;
// Setup the template!
$context['page_title'] = $txt['admin_newsletters'];
$context['sub_template'] = 'email_members_compose';
$context['subject'] = !empty($_POST['subject']) ? $_POST['subject'] : $context['forum_name'] . ': ' . htmlspecialchars($txt['subject'], ENT_COMPAT, 'UTF-8');
$context['message'] = !empty($_POST['message']) ? $_POST['message'] : htmlspecialchars($txt['message'] . "\n\n" . replaceBasicActionUrl($txt['regards_team']) . "\n\n" . '{$board_url}', ENT_COMPAT, 'UTF-8');
// Needed for the WYSIWYG editor.
require_once SUBSDIR . '/Editor.subs.php';
// Now create the editor.
$editorOptions = array('id' => 'message', 'value' => $context['message'], 'height' => '250px', 'width' => '100%', 'labels' => array('post_button' => $txt['sendtopic_send']), 'preview_type' => 2);
create_control_richedit($editorOptions);
if (isset($context['preview'])) {
require_once SUBSDIR . '/Mail.subs.php';
$context['recipients']['members'] = !empty($_POST['members']) ? explode(',', $_POST['members']) : array();
$context['recipients']['exclude_members'] = !empty($_POST['exclude_members']) ? explode(',', $_POST['exclude_members']) : array();
$context['recipients']['groups'] = !empty($_POST['groups']) ? explode(',', $_POST['groups']) : array();
$context['recipients']['exclude_groups'] = !empty($_POST['exclude_groups']) ? explode(',', $_POST['exclude_groups']) : array();
$context['recipients']['emails'] = !empty($_POST['emails']) ? explode(';', $_POST['emails']) : array();
$context['email_force'] = !empty($_POST['email_force']) ? 1 : 0;
$context['total_emails'] = !empty($_POST['total_emails']) ? (int) $_POST['total_emails'] : 0;
$context['max_id_member'] = !empty($_POST['max_id_member']) ? (int) $_POST['max_id_member'] : 0;
$context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0;
$context['send_html'] = !empty($_POST['send_html']) ? '1' : '0';
return prepareMailingForPreview();
}
// Start by finding any members!
$toClean = array();
if (!empty($_POST['members'])) {
$toClean[] = 'members';
}
if (!empty($_POST['exclude_members'])) {
$toClean[] = 'exclude_members';
}
if (!empty($toClean)) {
require_once SUBSDIR . '/Auth.subs.php';
foreach ($toClean as $type) {
// Remove the quotes.
$_POST[$type] = strtr((string) $_POST[$type], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $_POST[$type], $matches);
$_POST[$type] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST[$type]))));
foreach ($_POST[$type] as $index => $member) {
if (strlen(trim($member)) > 0) {
$_POST[$type][$index] = Util::htmlspecialchars(Util::strtolower(trim($member)));
} else {
unset($_POST[$type][$index]);
}
}
// Find the members
$_POST[$type] = implode(',', array_keys(findMembers($_POST[$type])));
}
}
if (isset($_POST['member_list']) && is_array($_POST['member_list'])) {
$members = array();
foreach ($_POST['member_list'] as $member_id) {
$members[] = (int) $member_id;
}
$_POST['members'] = implode(',', $members);
}
if (isset($_POST['exclude_member_list']) && is_array($_POST['exclude_member_list'])) {
$members = array();
foreach ($_POST['exclude_member_list'] as $member_id) {
$members[] = (int) $member_id;
}
$_POST['exclude_members'] = implode(',', $members);
}
// Clean the other vars.
$this->action_mailingsend(true);
// We need a couple strings from the email template file
loadLanguage('EmailTemplates');
require_once SUBSDIR . '/News.subs.php';
// Get a list of all full banned users. Use their Username and email to find them.
// Only get the ones that can't login to turn off notification.
$context['recipients']['exclude_members'] = excludeBannedMembers();
// Did they select moderators - if so add them as specific members...
if (!empty($context['recipients']['groups']) && in_array(3, $context['recipients']['groups']) || !empty($context['recipients']['exclude_groups']) && in_array(3, $context['recipients']['exclude_groups'])) {
$mods = getModerators();
foreach ($mods as $row) {
if (in_array(3, $context['recipients'])) {
$context['recipients']['exclude_members'][] = $row;
} else {
$context['recipients']['members'][] = $row;
}
}
}
require_once SUBSDIR . '/Members.subs.php';
// For progress bar!
$context['total_emails'] = count($context['recipients']['emails']);
$context['max_id_member'] = maxMemberID();
// Clean up the arrays.
$context['recipients']['members'] = array_unique($context['recipients']['members']);
$context['recipients']['exclude_members'] = array_unique($context['recipients']['exclude_members']);
}
function shd_get_named_people($field)
{
global $smcFunc, $sourcedir, $context;
if (!isset($context['named_people'])) {
$context['named_people'] = array();
}
require_once $sourcedir . '/Subs-Auth.php';
$members = array();
// First look for the autosuggest values.
if (!empty($_POST[$field . '_name_from']) && is_array($_POST[$field . '_name_from'])) {
foreach ($_POST['starter_name_from'] as $member) {
if ((int) $member > 0) {
$members[] = (int) $member;
}
}
}
// Failing that, let's look at the name itself for those without JS.
if (!empty($_POST[$field . '_name'])) {
// We're going to take out the "s anyway ;).
$names = strtr($_POST[$field . '_name'], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $names, $matches);
$namedlist = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $names))));
foreach ($namedlist as $index => $name) {
if (strlen(trim($name)) > 0) {
$namedlist[$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($name)));
} else {
unset($namedlist[$index]);
}
}
if (!empty($namedlist)) {
$foundMembers = findMembers($namedlist);
// Assume all are not found, until proven otherwise.
$namesNotFound[$recipientType] = $namedlist;
foreach ($foundMembers as $member) {
$testNames = array($smcFunc['strtolower']($member['username']), $smcFunc['strtolower']($member['name']), $smcFunc['strtolower']($member['email']));
if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) {
$members[] = $member['id'];
$context['named_people'][$member['id']] = $member['real_name'];
}
}
}
}
return array_unique($members);
}
/**
* Send it!
*/
function MessagePost2()
{
global $txt, $context, $sourcedir;
global $user_info, $modSettings, $scripturl, $smcFunc;
isAllowedTo('pm_send');
require_once $sourcedir . '/Subs-Auth.php';
loadLanguage('PersonalMessage', '', false);
// Extract out the spam settings - it saves database space!
list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']);
// Initialize the errors we're about to make.
$post_errors = array();
// Check whether we've gone over the limit of messages we can send per hour - fatal error if fails!
if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') {
// How many have they sent this last hour?
$request = $smcFunc['db_query']('', '
SELECT COUNT(pr.id_pm) AS post_count
FROM {db_prefix}personal_messages AS pm
INNER JOIN {db_prefix}pm_recipients AS pr ON (pr.id_pm = pm.id_pm)
WHERE pm.id_member_from = {int:current_member}
AND pm.msgtime > {int:msgtime}', array('current_member' => $user_info['id'], 'msgtime' => time() - 3600));
list($postCount) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) {
if (!isset($_REQUEST['xml'])) {
fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour']));
} else {
$post_errors[] = 'pm_too_many_per_hour';
}
}
}
// If your session timed out, show an error, but do allow to re-submit.
if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') {
$post_errors[] = 'session_timeout';
}
$_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
$_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to'];
$_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc'];
// Route the input from the 'u' parameter to the 'to'-list.
if (!empty($_POST['u'])) {
$_POST['recipient_to'] = explode(',', $_POST['u']);
}
// Construct the list of recipients.
$recipientList = array();
$namedRecipientList = array();
$namesNotFound = array();
foreach (array('to', 'bcc') as $recipientType) {
// First, let's see if there's user ID's given.
$recipientList[$recipientType] = array();
if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) {
foreach ($_POST['recipient_' . $recipientType] as $recipient) {
$recipientList[$recipientType][] = (int) $recipient;
}
}
// Are there also literal names set?
if (!empty($_REQUEST[$recipientType])) {
// We're going to take out the "s anyway ;).
$recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $recipientString, $matches);
$namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString))));
foreach ($namedRecipientList[$recipientType] as $index => $recipient) {
if (strlen(trim($recipient)) > 0) {
$namedRecipientList[$recipientType][$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($recipient)));
} else {
unset($namedRecipientList[$recipientType][$index]);
}
}
if (!empty($namedRecipientList[$recipientType])) {
$foundMembers = findMembers($namedRecipientList[$recipientType]);
// Assume all are not found, until proven otherwise.
$namesNotFound[$recipientType] = $namedRecipientList[$recipientType];
foreach ($foundMembers as $member) {
$testNames = array($smcFunc['strtolower']($member['username']), $smcFunc['strtolower']($member['name']), $smcFunc['strtolower']($member['email']));
if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) {
$recipientList[$recipientType][] = $member['id'];
// Get rid of this username, since we found it.
$namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames);
}
}
}
}
// Selected a recipient to be deleted? Remove them now.
if (!empty($_POST['delete_recipient'])) {
$recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient']));
}
// Make sure we don't include the same name twice
$recipientList[$recipientType] = array_unique($recipientList[$recipientType]);
}
// Are we changing the recipients some how?
$is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']);
// Check if there's at least one recipient.
if (empty($recipientList['to']) && empty($recipientList['bcc'])) {
$post_errors[] = 'no_to';
}
// Make sure that we remove the members who did get it from the screen.
if (!$is_recipient_change) {
foreach ($recipientList as $recipientType => $dummy) {
if (!empty($namesNotFound[$recipientType])) {
$post_errors[] = 'bad_' . $recipientType;
// Since we already have a post error, remove the previous one.
$post_errors = array_diff($post_errors, array('no_to'));
foreach ($namesNotFound[$recipientType] as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
}
}
// Did they make any mistakes?
if ($_REQUEST['subject'] == '') {
$post_errors[] = 'no_subject';
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$post_errors[] = 'no_message';
} elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
} else {
// Preparse the message.
$message = $_REQUEST['message'];
preparsecode($message);
// Make sure there's still some content left without the tags.
if ($smcFunc['htmltrim'](strip_tags(parse_bbc($smcFunc['htmlspecialchars']($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) {
$post_errors[] = 'no_message';
}
}
// Wrong verification code?
if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) {
require_once $sourcedir . '/Subs-Editor.php';
$verificationOptions = array('id' => 'pm');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
$post_errors = array_merge($post_errors, $context['require_verification']);
}
}
// If they did, give a chance to make ammends.
if (!empty($post_errors) && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) {
return messagePostError($post_errors, $namedRecipientList, $recipientList);
}
// Want to take a second glance before you send?
if (isset($_REQUEST['preview'])) {
// Set everything up to be displayed.
$context['preview_subject'] = $smcFunc['htmlspecialchars']($_REQUEST['subject']);
$context['preview_message'] = $smcFunc['htmlspecialchars']($_REQUEST['message'], ENT_QUOTES);
preparsecode($context['preview_message'], true);
// Parse out the BBC if it is enabled.
$context['preview_message'] = parse_bbc($context['preview_message']);
// Censor, as always.
censorText($context['preview_subject']);
censorText($context['preview_message']);
// Set a descriptive title.
$context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject'];
// Pretend they messed up but don't ignore if they really did :P.
return messagePostError($post_errors, $namedRecipientList, $recipientList);
} elseif ($is_recipient_change) {
// Maybe we couldn't find one?
foreach ($namesNotFound as $recipientType => $names) {
$post_errors[] = 'bad_' . $recipientType;
foreach ($names as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
return messagePostError(array(), $namedRecipientList, $recipientList);
}
// Want to save this as a draft and think about it some more?
if (!empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_pm_enabled']) && isset($_POST['save_draft'])) {
require_once $sourcedir . '/Drafts.php';
SavePMDraft($post_errors, $recipientList);
return messagePostError($post_errors, $namedRecipientList, $recipientList);
} elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) {
$context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])));
return messagePostError($post_errors, $namedRecipientList, $recipientList);
}
// Protect from message spamming.
spamProtection('pm');
// Prevent double submission of this form.
checkSubmitOnce('check');
// Do the actual sending of the PM.
if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) {
$context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], !empty($_REQUEST['outbox']), null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0);
} else {
$context['send_log'] = array('sent' => array(), 'failed' => array());
}
// Mark the message as "replied to".
if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}pm_recipients
SET is_read = is_read | 2
WHERE id_pm = {int:replied_to}
AND id_member = {int:current_member}', array('current_member' => $user_info['id'], 'replied_to' => (int) $_REQUEST['replied_to']));
}
// If one or more of the recipient were invalid, go back to the post screen with the failed usernames.
if (!empty($context['send_log']['failed'])) {
return messagePostError($post_errors, $namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed'])));
}
// Message sent successfully?
if (!empty($context['send_log']) && empty($context['send_log']['failed'])) {
$context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent';
}
// Go back to the where they sent from, if possible...
redirectexit($context['current_label_redirect']);
}
function mob_get_participated_topic($rpcmsg)
{
global $mobdb, $scripturl, $user_info, $settings, $modSettings, $sourcedir;
require_once $sourcedir . '/Subs-Auth.php';
// Load the parameters, username must always be there
$username = $rpcmsg->getScalarValParam(0);
$start = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : 0;
$end = $rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : $start + 9;
$id_user = $rpcmsg->getParam(3) ? (int) $rpcmsg->getScalarValParam(3) : null;
$count = $end - $start + 1;
// If we have an user ID, use it otherwise search for the user
if (!is_null($id_user)) {
$request = $mobdb->query('
SELECT ID_MEMBER
FROM {db_prefix}members
WHERE ID_MEMBER = {int:member}', array('member' => $id_user));
if ($mobdb->num_rows($request) == 0) {
$id_user = null;
} else {
list($id_user) = $mobdb->fetch_row($request);
}
$mobdb->free_result($request);
}
// Otherwise search from the DB,
if (is_null($id_user)) {
$username = utf8ToAscii($username);
$members = findMembers($username);
if (empty($members)) {
mob_error('user not found');
}
$member_ids = array_keys($members);
$id_user = $members[$member_ids[0]]['id'];
}
// Get the topic's count
$request = $mobdb->query('
SELECT COUNT(*)
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC)
WHERE m.ID_MEMBER = {int:member}
GROUP BY m.ID_TOPIC', array('member' => $id_user));
list($topic_count) = $mobdb->fetch_row($request);
$mobdb->free_result($request);
// Get the topics themselves
$request = $mobdb->query('
SELECT t.ID_TOPIC AS id_topic
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC)
INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = m.ID_BOARD)
INNER JOIN {db_prefix}messages AS lm ON (t.ID_LAST_MSG = lm.ID_MSG)
WHERE m.ID_MEMBER = {int:member}
AND {query_see_board}
GROUP BY m.ID_TOPIC
ORDER BY lm.posterTime DESC
LIMIT {int:start}, {int:limit}', array('member' => $id_user, 'start' => $start, 'limit' => $count));
$topics = array();
while ($row = $mobdb->fetch_assoc($request)) {
$topics[] = $row['id_topic'];
}
$mobdb->free_result($request);
// Return the topics
return new xmlrpcresp(new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'total_topic_num' => new xmlrpcval($topic_count, 'int'), 'topics' => new xmlrpcval(!empty($topics) ? get_topics('t.ID_TOPIC IN ({array_int:topics})', array('topics' => $topics), $start, $count, false) : array(), 'array')), 'struct'));
}
