function MessagePost2() { global $txt, $ID_MEMBER, $context, $sourcedir; global $db_prefix, $user_info, $modSettings, $scripturl, $func; isAllowedTo('pm_send'); require_once $sourcedir . '/Subs-Auth.php'; if (loadLanguage('PersonalMessage', '', false) === false) { loadLanguage('InstantMessage'); } // Extract out the spam settings - it saves database space! list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']); // Check whether we've gone over the limit of messages we can send per hour - fatal error if fails! if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail'))) { // How many messages have they sent this last hour? $request = db_query("\n\t\t\tSELECT COUNT(pr.ID_PM) AS postCount\n\t\t\tFROM ({$db_prefix}personal_messages AS pm, {$db_prefix}pm_recipients AS pr)\n\t\t\tWHERE pm.ID_MEMBER_FROM = {$ID_MEMBER}\n\t\t\t\tAND pm.msgtime > " . (time() - 3600) . "\n\t\t\t\tAND pr.ID_PM = pm.ID_PM", __FILE__, __LINE__); list($postCount) = mysql_fetch_row($request); mysql_free_result($request); if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) { // Excempt moderators. $request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}moderators\n\t\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}", __FILE__, __LINE__); if (mysql_num_rows($request) == 0) { fatal_error(sprintf($txt['pm_too_many_per_hour'], $modSettings['pm_posts_per_hour'])); } mysql_free_result($request); } } // Initialize the errors we're about to make. $post_errors = array(); // If your session timed out, show an error, but do allow to re-submit. if (checkSession('post', '', false) != '') { $post_errors[] = 'session_timeout'; } $_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : ''; $_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : stripslashes($_POST['to']); $_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : stripslashes($_POST['bcc']); // Did they make any mistakes? if ($_REQUEST['subject'] == '') { $post_errors[] = 'no_subject'; } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { $post_errors[] = 'no_message'; } elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) { $post_errors[] = 'long_message'; } if (empty($_REQUEST['to']) && empty($_REQUEST['bcc']) && empty($_REQUEST['u'])) { $post_errors[] = 'no_to'; } // Wrong verification code? if (!$user_info['is_admin'] && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification'] && (empty($_REQUEST['visual_verification_code']) || strtoupper($_REQUEST['visual_verification_code']) !== $_SESSION['visual_verification_code'])) { $post_errors[] = 'wrong_verification_code'; } // If they did, give a chance to make ammends. if (!empty($post_errors)) { return messagePostError($post_errors, $func['htmlspecialchars']($_REQUEST['to']), $func['htmlspecialchars']($_REQUEST['bcc'])); } // Want to take a second glance before you send? if (isset($_REQUEST['preview'])) { // Set everything up to be displayed. $context['preview_subject'] = $func['htmlspecialchars'](stripslashes($_REQUEST['subject'])); $context['preview_message'] = $func['htmlspecialchars'](stripslashes($_REQUEST['message']), ENT_QUOTES); preparsecode($context['preview_message'], true); // Parse out the BBC if it is enabled. $context['preview_message'] = parse_bbc($context['preview_message']); // Censor, as always. censorText($context['preview_subject']); censorText($context['preview_message']); // Set a descriptive title. $context['page_title'] = $txt[507] . ' - ' . $context['preview_subject']; // Pretend they messed up :P. return messagePostError(array(), $func['htmlspecialchars']($_REQUEST['to']), $func['htmlspecialchars']($_REQUEST['bcc'])); } // Protect from message spamming. spamProtection('spam'); // Prevent double submission of this form. checkSubmitOnce('check'); // Initialize member ID array. $recipients = array('to' => array(), 'bcc' => array()); // Format the to and bcc members. $input = array('to' => array(), 'bcc' => array()); if (empty($_REQUEST['u'])) { // To who..? if (!empty($_REQUEST['to'])) { // We're going to take out the "s anyway ;). $_REQUEST['to'] = strtr($_REQUEST['to'], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $_REQUEST['to'], $matches); $input['to'] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['to'])))); } // Your secret's safe with me! if (!empty($_REQUEST['bcc'])) { // We're going to take out the "s anyway ;). $_REQUEST['bcc'] = strtr($_REQUEST['bcc'], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $_REQUEST['bcc'], $matches); $input['bcc'] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['bcc'])))); } foreach ($input as $rec_type => $rec) { foreach ($rec as $index => $member) { if (strlen(trim($member)) > 0) { $input[$rec_type][$index] = $func['htmlspecialchars']($func['strtolower'](stripslashes(trim($member)))); } else { unset($input[$rec_type][$index]); } } } // Find the requested members - bcc and to. $foundMembers = findMembers(array_merge($input['to'], $input['bcc'])); // Store IDs of the members that were found. foreach ($foundMembers as $member) { // It's easier this way. $member['name'] = strtr($member['name'], array(''' => '\'')); foreach ($input as $rec_type => $to_members) { if (array_intersect(array($func['strtolower']($member['username']), $func['strtolower']($member['name']), $func['strtolower']($member['email'])), $to_members)) { $recipients[$rec_type][] = $member['id']; // Get rid of this username. The ones that remain were not found. $input[$rec_type] = array_diff($input[$rec_type], array($func['strtolower']($member['username']), $func['strtolower']($member['name']), $func['strtolower']($member['email']))); } } } } else { $_REQUEST['u'] = explode(',', $_REQUEST['u']); foreach ($_REQUEST['u'] as $key => $uID) { $_REQUEST['u'][$key] = (int) $uID; } $request = db_query("\n\t\t\tSELECT ID_MEMBER\n\t\t\tFROM {$db_prefix}members\n\t\t\tWHERE ID_MEMBER IN (" . implode(',', $_REQUEST['u']) . ")\n\t\t\tLIMIT " . count($_REQUEST['u']), __FILE__, __LINE__); while ($row = mysql_fetch_assoc($request)) { $recipients['to'][] = $row['ID_MEMBER']; } mysql_free_result($request); } // Before we send the PM, let's make sure we don't have an abuse of numbers. if (!empty($modSettings['max_pm_recipients']) && count($recipients['to']) + count($recipients['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) { $context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients']))); } else { if (!empty($recipients['to']) || !empty($recipients['bcc'])) { $context['send_log'] = sendpm($recipients, $_REQUEST['subject'], $_REQUEST['message'], !empty($_REQUEST['outbox'])); } else { $context['send_log'] = array('sent' => array(), 'failed' => array()); } } // Add a log message for all recipients that were not found. foreach ($input as $rec_type => $rec) { // Either bad_to or bad_bcc. if (!empty($rec) && !in_array('bad_' . $rec_type, $post_errors)) { $post_errors[] = 'bad_' . $rec_type; } foreach ($rec as $i => $member) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $input[$rec_type][$i]); } } // Mark the message as "replied to". if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') { db_query("\n\t\t\tUPDATE {$db_prefix}pm_recipients\n\t\t\tSET is_read = is_read | 2\n\t\t\tWHERE ID_PM = " . (int) $_REQUEST['replied_to'] . "\n\t\t\t\tAND ID_MEMBER = {$ID_MEMBER}\n\t\t\tLIMIT 1", __FILE__, __LINE__); } // If one or more of the recipient were invalid, go back to the post screen with the failed usernames. if (!empty($context['send_log']['failed'])) { return messagePostError($post_errors, empty($input['to']) ? '' : '"' . implode('", "', $input['to']) . '"', empty($input['bcc']) ? '' : '"' . implode('", "', $input['bcc']) . '"'); } // Go back to the where they sent from, if possible... redirectexit($context['current_label_redirect']); }
function ComposeMailing() { global $txt, $sourcedir, $context, $smcFunc; // Start by finding any members! $toClean = array(); if (!empty($_POST['members'])) { $toClean[] = 'members'; } if (!empty($_POST['exclude_members'])) { $toClean[] = 'exclude_members'; } if (!empty($toClean)) { require_once $sourcedir . '/Subs-Auth.php'; foreach ($toClean as $type) { // Remove the quotes. $_POST[$type] = strtr($_POST[$type], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $_POST[$type], $matches); $_POST[$type] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST[$type])))); foreach ($_POST[$type] as $index => $member) { if (strlen(trim($member)) > 0) { $_POST[$type][$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($member))); } else { unset($_POST[$type][$index]); } } // Find the members $_POST[$type] = implode(',', array_keys(findMembers($_POST[$type]))); } } if (isset($_POST['member_list']) && is_array($_POST['member_list'])) { $members = array(); foreach ($_POST['member_list'] as $member_id) { $members[] = (int) $member_id; } $_POST['members'] = implode(',', $members); } if (isset($_POST['exclude_member_list']) && is_array($_POST['exclude_member_list'])) { $members = array(); foreach ($_POST['exclude_member_list'] as $member_id) { $members[] = (int) $member_id; } $_POST['exclude_members'] = implode(',', $members); } // Clean the other vars. SendMailing(true); // We need a couple strings from the email template file loadLanguage('EmailTemplates'); // Get a list of all full banned users. Use their Username and email to find them. Only get the ones that can't login to turn off notification. $request = $smcFunc['db_query']('', ' SELECT DISTINCT mem.id_member FROM {db_prefix}ban_groups AS bg INNER JOIN {db_prefix}ban_items AS bi ON (bg.id_ban_group = bi.id_ban_group) INNER JOIN {db_prefix}members AS mem ON (bi.id_member = mem.id_member) WHERE (bg.cannot_access = {int:cannot_access} OR bg.cannot_login = {int:cannot_login}) AND (bg.expire_time IS NULL OR bg.expire_time > {int:current_time})', array('cannot_access' => 1, 'cannot_login' => 1, 'current_time' => time())); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['recipients']['exclude_members'][] = $row['id_member']; } $smcFunc['db_free_result']($request); $request = $smcFunc['db_query']('', ' SELECT DISTINCT bi.email_address FROM {db_prefix}ban_items AS bi INNER JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group) WHERE (bg.cannot_access = {int:cannot_access} OR bg.cannot_login = {int:cannot_login}) AND (COALESCE(bg.expire_time, 1=1) OR bg.expire_time > {int:current_time}) AND bi.email_address != {string:blank_string}', array('cannot_access' => 1, 'cannot_login' => 1, 'current_time' => time(), 'blank_string' => '')); $condition_array = array(); $condition_array_params = array(); $count = 0; while ($row = $smcFunc['db_fetch_assoc']($request)) { $condition_array[] = '{string:email_' . $count . '}'; $condition_array_params['email_' . $count++] = $row['email_address']; } if (!empty($condition_array)) { $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}members WHERE email_address IN(' . implode(', ', $condition_array) . ')', $condition_array_params); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['recipients']['exclude_members'][] = $row['id_member']; } } // Did they select moderators - if so add them as specific members... if (!empty($context['recipients']['groups']) && in_array(3, $context['recipients']['groups']) || !empty($context['recipients']['exclude_groups']) && in_array(3, $context['recipients']['exclude_groups'])) { $request = $smcFunc['db_query']('', ' SELECT DISTINCT mem.id_member AS identifier FROM {db_prefix}members AS mem INNER JOIN {db_prefix}moderators AS mods ON (mods.id_member = mem.id_member) WHERE mem.is_activated = {int:is_activated}', array('is_activated' => 1)); while ($row = $smcFunc['db_fetch_assoc']($request)) { if (in_array(3, $context['recipients'])) { $context['recipients']['exclude_members'][] = $row['identifier']; } else { $context['recipients']['members'][] = $row['identifier']; } } $smcFunc['db_free_result']($request); } // For progress bar! $context['total_emails'] = count($context['recipients']['emails']); $request = $smcFunc['db_query']('', ' SELECT MAX(id_member) FROM {db_prefix}members', array()); list($context['max_id_member']) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Clean up the arrays. $context['recipients']['members'] = array_unique($context['recipients']['members']); $context['recipients']['exclude_members'] = array_unique($context['recipients']['exclude_members']); // Setup the template! $context['page_title'] = $txt['admin_newsletters']; $context['sub_template'] = 'email_members_compose'; $context['default_subject'] = htmlspecialchars($context['forum_name'] . ': ' . $txt['subject']); $context['default_message'] = htmlspecialchars($txt['message'] . "\n\n" . $txt['regards_team'] . "\n\n" . '{$board_url}'); }
function shd_save_ticket() { global $txt, $modSettings, $sourcedir, $context, $scripturl; global $user_info, $options, $smcFunc, $memberContext; // Ticket's gotta have a subject if (!isset($_POST['subject']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['subject'])) === '') { $context['shd_errors'][] = 'no_subject'; $_POST['subject'] = ''; } else { $_POST['subject'] = strtr($smcFunc['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')); } if (empty($context['ticket_id'])) { // Are we inside a known department? $dept = isset($_REQUEST['dept']) ? (int) $_REQUEST['dept'] : 0; if (!$context['shd_multi_dept']) { shd_is_allowed_to('shd_new_ticket', $context['shd_department']); } else { $newdept = isset($_REQUEST['newdept']) ? (int) $_REQUEST['newdept'] : $dept; shd_is_allowed_to('shd_new_ticket', $newdept); // But if they didn't specify a department, execution won't have ended here if they had the ability in at least one department. if ($newdept == 0) { $context['shd_errors'][] = 'no_dept'; } } // some healthy defaults $context['ticket_id'] = 0; $new_ticket = true; $msg = 0; $is_own = true; $new_status = TICKET_STATUS_NEW; $private = false; $urgency = TICKET_URGENCY_LOW; $assigned = array('id' => 0, 'name' => $txt['shd_unassigned'], 'link' => '<span class="error">' . $txt['shd_unassigned'] . '</span>'); $num_replies = 0; } else { // hmm, we're saving an update, let's get the existing ticket details and we can check permissions and stuff $new_ticket = false; $ticketinfo = shd_load_ticket(); $dept = $ticketinfo['dept']; // S'pose we'd better check the permissions here if (!shd_allowed_to('shd_edit_ticket_any', $dept) && (!shd_allowed_to('shd_edit_ticket_own', $dept) || !$ticketinfo['is_own'])) { fatal_lang_error('cannot_shd_edit_ticket', false); } $msg = $ticketinfo['id_first_msg']; $is_own = $ticketinfo['is_own']; $private = $ticketinfo['private']; $urgency = $ticketinfo['urgency']; $new_status = $ticketinfo['status']; $assigned = array('id' => $ticketinfo['assigned_id'], 'name' => !empty($ticketinfo['assigned_id']) ? $ticketinfo['assigned_name'] : $txt['shd_unassigned'], 'link' => !empty($ticketinfo['assigned_id']) ? shd_profile_link($ticketinfo['assigned_name'], $ticketinfo['assigned_id']) : '<span class="error">' . $txt['shd_unassigned'] . '</span>'); $num_replies = $ticketinfo['num_replies']; } $context['ticket_form'] = array('dept' => isset($newdept) ? $newdept : $dept, 'form_title' => $new_ticket ? $txt['shd_create_ticket'] : $txt['shd_edit_ticket'], 'form_action' => $scripturl . '?action=helpdesk;sa=saveticket', 'first_msg' => $new_ticket ? 0 : $ticketinfo['id_first_msg'], 'message' => $_POST['shd_message'], 'subject' => $_POST['subject'], 'ticket' => $context['ticket_id'], 'link' => $new_ticket ? '' : '<a href="' . $scripturl . '?action=helpdesk;sa=ticket;ticket=' . $context['ticket_id'] . '">' . $ticketinfo['subject'] . '</a>', 'msg' => $msg, 'display_id' => empty($context['ticket_id']) ? '' : str_pad($context['ticket_id'], $modSettings['shd_zerofill'], '0', STR_PAD_LEFT), 'status' => $new_status, 'private' => array('setting' => $private, 'can_change' => shd_allowed_to('shd_alter_privacy_any', $dept) || $is_own && shd_allowed_to('shd_alter_privacy_own', $dept), 'options' => array(0 => 'shd_ticket_notprivate', 1 => 'shd_ticket_private')), 'assigned' => $assigned, 'num_replies' => $num_replies, 'do_attach' => shd_allowed_to('shd_post_attachment', $dept), 'return_to_ticket' => isset($_REQUEST['goback']), 'disable_smileys' => !empty($_REQUEST['no_smileys'])); if (isset($newdept)) { $context['ticket_form']['selecting_dept'] = true; } if (!empty($context['ticket_form']['selecting_dept'])) { shd_get_postable_depts(); } $context['can_solve'] = !$new_ticket && (shd_allowed_to('shd_resolve_ticket_any', $dept) || shd_allowed_to('shd_resolve_ticket_own', $dept) && $ticketinfo['starter_id'] == $user_info['id']); $context['log_action'] = $new_ticket ? 'newticket' : 'editticket'; $context['log_params']['subject'] = $context['ticket_form']['subject']; $context['can_post_proxy'] = $new_ticket && isset($_REQUEST['proxy']) && shd_allowed_to('shd_post_proxy', $dept); if ($context['can_post_proxy'] && !empty($_REQUEST['proxy_author'])) { // OK, so we have a name... do we know this person? require_once $sourcedir . '/Subs-Auth.php'; $proxy_author = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($_REQUEST['proxy_author']))); $_REQUEST['proxy_author'] = $smcFunc['htmlspecialchars'](trim($_REQUEST['proxy_author'])); if (!empty($_REQUEST['proxy_author'])) { $member = findMembers($proxy_author); if (!empty($member)) { list($context['ticket_form']['proxy_id']) = array_keys($member); $context['ticket_form']['proxy'] = $member[$context['ticket_form']['proxy_id']]['name']; } else { $context['ticket_form']['proxy'] = $_REQUEST['proxy_author']; $context['shd_errors'][] = 'shd_proxy_unknown'; } } } shd_posting_additional_options(); // Ticket privacy if (empty($modSettings['shd_privacy_display']) || $modSettings['shd_privacy_display'] == 'smart') { $context['display_private'] = shd_allowed_to('shd_view_ticket_private_any', $dept) || shd_allowed_to('shd_alter_privacy_own', $dept) || shd_allowed_to('shd_alter_privacy_any', $dept) || $context['ticket_form']['private']['setting']; } else { $context['display_private'] = true; } // Custom fields? shd_load_custom_fields(true, $context['ticket_form']['ticket'], $context['ticket_form']['dept']); list($missing_fields, $invalid_fields) = shd_validate_custom_fields('ticket', $context['ticket_form']['dept']); $context['can_override_fields'] = shd_allowed_to('shd_override_cf', $context['ticket_form']['dept']); $context['overriding_fields'] = $context['can_override_fields'] && isset($_POST['override_cf']); // Did any custom fields fail validation? if (!empty($invalid_fields)) { $context['shd_errors'][] = 'invalid_fields'; $txt['error_invalid_fields'] = sprintf($txt['error_invalid_fields'], implode(', ', $invalid_fields)); } // Any flat-out missing? if (!empty($missing_fields) && !$context['overriding_fields']) { $context['shd_errors'][] = 'missing_fields'; $txt['error_missing_fields'] = sprintf($txt['error_missing_fields'], implode(', ', $missing_fields)); } if ($context['can_override_fields'] && !empty($missing_fields)) { $context['ticket_form']['additional_opts']['override_cf'] = array('show' => true, 'checked' => false, 'text' => $txt['shd_override_cf']); } // Preview? if (isset($_REQUEST['preview'])) { $context['ticket_form']['preview'] = array('title' => $txt['shd_previewing_ticket'] . ': ' . (empty($_POST['subject']) ? '<em>' . $txt['no_subject'] . '</em>' : $_POST['subject']), 'body' => shd_format_text($_POST['shd_message'])); } if (!$new_ticket && !empty($ticketinfo['modified_time'])) { $context['ticket_form'] += array('modified' => array('name' => $ticketinfo['modified_name'], 'id' => $ticketinfo['modified_id'], 'time' => timeformat($ticketinfo['modified_time']), 'link' => shd_profile_link($ticketinfo['modified_name'], $ticketinfo['modified_id']))); } if (!$new_ticket) { loadMemberData($ticketinfo['starter_id']); if (loadMemberContext($ticketinfo['starter_id'])) { $context['ticket_form']['member'] = array('name' => $ticketinfo['starter_name'], 'id' => $ticketinfo['starter_id'], 'link' => shd_profile_link($ticketinfo['starter_name'], $ticketinfo['starter_id']), 'avatar' => $memberContext[$ticketinfo['starter_id']]['avatar']); } } shd_load_attachments(); // Ticket privacy, let's see if we can override our healthy default with the post value if ($context['ticket_form']['private']['can_change']) { $new_private = isset($_POST['shd_private']) ? (int) $_POST['shd_private'] : $private; $context['ticket_form']['private']['setting'] = isset($context['ticket_form']['private']['options'][$new_private]) ? (bool) $new_private : $private; } // Ticket urgency shd_get_urgency_options($is_own, $context['ticket_form']['dept']); if ($context['ticket_form']['urgency']['can_change']) { $new_urgency = isset($_POST['shd_urgency']) ? (int) $_POST['shd_urgency'] : $urgency; $context['ticket_form']['urgency']['setting'] = isset($context['ticket_form']['urgency']['options'][$new_urgency]) ? $new_urgency : $urgency; } else { $context['ticket_form']['urgency']['setting'] = $urgency; } // A few basic checks if ($context['ticket_form']['status'] == TICKET_STATUS_CLOSED) { fatal_lang_error('shd_cannot_edit_closed', false); } elseif ($context['ticket_form']['status'] == TICKET_STATUS_DELETED) { fatal_lang_error('shd_cannon_edit_deleted', false); } // OK, does the user want to close this ticket? Are there any problems with that? if (!empty($context['can_solve']) && !empty($_POST['resolve_ticket'])) { $string = shd_check_dependencies(); if (!empty($string)) { $context['shd_errors'][] = $string; } } if (!empty($context['shd_errors']) || !empty($context['ticket_form']['preview'])) { checkSubmitOnce('free'); // Anything else for redisplaying the form $context['page_title'] = $txt['shd_helpdesk']; $context['sub_template'] = 'ticket_post'; shd_check_attachments(); // Set up the fancy editor shd_postbox('shd_message', un_preparsecode($context['ticket_form']['message']), array('post_button' => $context['ticket_form']['form_title'])); // Build the link tree and navigation $context['linktree'][] = array('name' => $new_ticket ? $txt['shd_create_ticket'] : sprintf($txt['shd_edit_ticket_linktree'], $context['ticket_form']['link'])); checkSubmitOnce('register'); } else { // It all worked, w00t, so let's get ready to rumble $attachIDs = shd_handle_attachments(); if ($new_ticket) { // Now to add the ticket details $posterOptions = array('id' => $user_info['id']); $msgOptions = array('body' => $context['ticket_form']['message'], 'id' => $context['ticket_form']['msg'], 'smileys_enabled' => empty($context['ticket_form']['disable_smileys']), 'attachments' => $attachIDs); $ticketOptions = array('id' => $context['ticket_form']['ticket'], 'dept' => $context['ticket_form']['dept'], 'mark_as_read' => true, 'subject' => $context['ticket_form']['subject'], 'private' => $context['ticket_form']['private']['setting'], 'status' => $context['ticket_form']['status'], 'urgency' => $context['ticket_form']['urgency']['setting'], 'assigned' => $context['ticket_form']['assigned']['id'], 'custom_fields' => !empty($context['ticket_form']['custom_fields']['ticket']) ? $context['ticket_form']['custom_fields']['ticket'] : array()); // Just before we do... proxy ticket? if (!empty($context['ticket_form']['proxy_id'])) { // 1. Fix the poster options $posterOptions['id'] = $context['ticket_form']['proxy_id']; // 2. Make sure it's marked read for the right user $ticketOptions['mark_as_read_proxy'] = $user_info['id']; // 3. Fix the log items $context['log_action'] = 'newticketproxy'; $context['log_params']['user_id'] = $context['ticket_form']['proxy_id']; $context['log_params']['user_name'] = $context['ticket_form']['proxy']; } shd_create_ticket_post($msgOptions, $ticketOptions, $posterOptions); // Update our nice ticket store with the ticket id $context['ticket_id'] = $ticketOptions['id']; $context['ticket_form']['ticket'] = $ticketOptions['id']; // Handle notifications require_once $sourcedir . '/sd_source/SimpleDesk-Notifications.php'; shd_notifications_notify_newticket($msgOptions, $ticketOptions, $posterOptions); } else { // Only add what has actually changed // Now to add the ticket details $posterOptions = array(); $msgOptions = array('id' => $context['ticket_form']['msg'], 'attachments' => $attachIDs); $ticketOptions = array('id' => $context['ticket_form']['ticket'], 'custom_fields' => !empty($context['ticket_form']['custom_fields']['ticket']) ? $context['ticket_form']['custom_fields']['ticket'] : array()); if ((bool) $ticketinfo['smileys_enabled'] == $context['ticket_form']['disable_smileys']) { // since one is enabled, one is 'now disable'... $msgOptions['smileys_enabled'] = !$context['ticket_form']['disable_smileys']; } // This things don't trigger modified time if ($ticketinfo['private'] != $context['ticket_form']['private']['setting']) { $ticketOptions['private'] = $context['ticket_form']['private']['setting']; // log the change too $action = empty($context['ticket_form']['private']['setting']) ? 'marknotprivate' : 'markprivate'; // i.e. based on new setting shd_log_action($action, array('ticket' => $context['ticket_form']['ticket'], 'subject' => $context['ticket_form']['subject'])); } if ($ticketinfo['urgency'] != $context['ticket_form']['urgency']['setting']) { $ticketOptions['urgency'] = $context['ticket_form']['urgency']['setting']; // log the change too $action = $context['ticket_form']['urgency']['setting'] > $ticketinfo['urgency'] ? 'urgency_increase' : 'urgency_decrease'; shd_log_action($action, array('ticket' => $context['ticket_form']['ticket'], 'subject' => $context['ticket_form']['subject'], 'urgency' => $context['ticket_form']['urgency']['setting'])); } // But these things do! if ($ticketinfo['subject'] != $context['ticket_form']['subject']) { $ticketOptions['subject'] = $context['ticket_form']['subject']; } if ($ticketinfo['body'] != $context['ticket_form']['message']) { $msgOptions['body'] = $context['ticket_form']['message']; } if (isset($ticketOptions['subject']) || isset($msgOptions['body'])) { $msgOptions['modified'] = array('id' => $user_info['id'], 'name' => $user_info['name'], 'time' => time()); } if (!empty($context['can_solve']) && !empty($_POST['resolve_ticket'])) { $ticketOptions['status'] = TICKET_STATUS_CLOSED; shd_log_action('resolve', array('ticket' => $context['ticket_id'], 'subject' => $ticketinfo['subject'])); } // DOOOOOOOO EEEEEEEEEEET NAO! shd_modify_ticket_post($msgOptions, $ticketOptions, $posterOptions); // OK, did we get any custom fields back? if (!empty($context['custom_fields_updated'])) { foreach ($context['custom_fields_updated'] as $field) { if ($field['oldvalue'] == $field['newvalue']) { continue; } $action = 'cf_' . ($field['scope'] == CFIELD_TICKET ? 'tkt' : 'rpl') . (empty($field['default']) ? 'change_' : 'chgdef_') . ($field['visible'][0] ? 'user' : '') . ($field['visible'][1] ? 'staff' : '') . 'admin'; unset($field['default'], $field['scope'], $field['visible']); $field['subject'] = $ticketinfo['subject']; shd_log_action($action, $field); } } } shd_done_posting(); } }
function mob_m_ban_user($rpcmsg) { global $mobdb, $context, $func, $user_info, $modSettings, $user_info, $sourcedir; checkSession('session'); // Cannot ban an user? if (!allowedTo('manage_bans')) { mob_error('cannot ban users'); } $reason = strtr($func['htmlspecialchars']($rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : ''), array("\r" => '', "\n" => '', "\t" => '')); $username = $rpcmsg->getScalarValParam(0); require_once $sourcedir . '/Subs-Auth.php'; // If we have an user ID, use it otherwise search for the user if (!is_null($id_user)) { $request = $mobdb->query(' SELECT ID_MEMBER FROM {db_prefix}members WHERE ID_MEMBER = {int:member}', array('member' => $id_user)); if ($mobdb->num_rows($request) == 0) { $id_user = null; } else { list($id_user) = $mobdb->fetch_row($request); } $mobdb->free_result($request); } // Otherwise search from the DB, if (is_null($id_user)) { $username = utf8ToAscii($username); $members = findMembers($username); if (empty($members)) { mob_error('user not found'); } $member_ids = array_keys($members); $id_user = $members[$member_ids[0]]['id']; } $member = $id_user; // Create the ban $mobdb->query(' INSERT INTO {db_prefix}ban_groups (name, ban_time, cannot_access, expire_time, reason) VALUES ({string:name}, {int:time}, 1, NULL, {string:reason})', array('time' => time(), 'name' => 'Tapatalk ban (' . $username . ')', 'reason' => $reason)); $id_ban_group = $mobdb->insert_id(); // Insert the user into the ban $mobdb->query(' INSERT INTO {db_prefix}ban_items (ID_BAN_GROUP, ID_MEMBER) VALUES ({int:group}, {int:member})', array('group' => $id_ban_group, 'member' => $member)); // Do we have to delete every post made by this user? // !!! Optimize this if ($rpcmsg->getScalarValParam(1) == 2) { require_once $sourcedir . '/RemoveTopic.php'; @ignore_user_abort(); @set_time_limit(0); $request = $mobdb->query(' SELECT m.ID_MSG AS id_msg FROM {db_prefix}messages AS m LEFT JOIN {db_prefix}topics AS t ON (t.ID_TOPIC = m.ID_TOPIC) WHERE m.ID_MEMBER = {int:member} AND (t.ID_FIRST_MSG != m.ID_MSG OR t.numReplies = 0)', array('member' => $member)); while ($row = $mobdb->fetch_assoc($request)) { removeMessage($row['id_msg']); } $mobdb->free_result($request); } // Return a true response return new xmlrpcresp(new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean')), 'struct')); }
/** * Re-attribute posts to the user sent from the maintenance page. */ public function action_reattribute_display() { global $context, $txt; checkSession(); // Start by doing some data checking require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); $validator->sanitation_rules(array('posts' => 'empty', 'type' => 'trim', 'from_email' => 'trim', 'from_name' => 'trim', 'to' => 'trim')); $validator->validation_rules(array('from_email' => 'valid_email', 'from_name' => 'required', 'to' => 'required', 'type' => 'contains[name,email]')); $validator->validate($_POST); // Do we have a valid set of options to continue? if ($validator->type === 'name' && !empty($validator->from_name) || $validator->type === 'email' && !$validator->validation_errors('from_email')) { // Find the member. require_once SUBSDIR . '/Auth.subs.php'; $members = findMembers($validator->to); // No members, no further if (empty($members)) { fatal_lang_error('reattribute_cannot_find_member'); } $memID = array_shift($members); $memID = $memID['id']; $email = $validator->type == 'email' ? $validator->from_email : ''; $membername = $validator->type == 'name' ? $validator->from_name : ''; // Now call the reattribute function. require_once SUBSDIR . '/Members.subs.php'; reattributePosts($memID, $email, $membername, !$validator->posts); $context['maintenance_finished'] = array('errors' => array(sprintf($txt['maintain_done'], $txt['maintain_reattribute_posts']))); } else { // Show them the correct error if ($validator->type === 'name' && empty($validator->from_name)) { $error = $validator->validation_errors(array('from_name', 'to')); } else { $error = $validator->validation_errors(array('from_email', 'to')); } $context['maintenance_finished'] = array('errors' => $error, 'type' => 'minor'); } }
$context['shop_inv'] = array('last_col_type' => 'none'); // This code from PersonalMessage.php. It trims the " characters off the membername posted, // and then puts all names into an array $_REQUEST['member'] = strtr($_REQUEST['member'], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $_REQUEST['member'], $matches); $members = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['member'])))); // Loop through all the names found foreach ($members as $index => $member) { if (strlen(trim($member)) > 0) { $members[$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](stripslashes(trim($member)))); } else { unset($members[$index]); } } // Find all these members $context['shop_invother'] = findMembers($members); // None of the entered members exist? if (count($context['shop_invother']) == 0) { fatal_lang_error('shop_members_no_exist', true, array(implode(', ', $members))); } // Loop through all the members we found foreach ($context['shop_invother'] as $key => $member) { // Start with an empty inventory array $context['shop_invother'][$key]['items'] = array(); // TODO: Can this be more efficient? // Get the user's inventory $result = $smcFunc['db_query']('', "\n\t\t\tSELECT it.name, it.desc, it.image, inv.id\n\t\t\tFROM ({db_prefix}shop_inventory AS inv, {db_prefix}shop_items AS it)\n\t\t\tWHERE ownerid = {int:id} AND inv.itemid = it.id", array('id' => $member['id'])); // Loop through all the items while ($row = $smcFunc['db_fetch_assoc']($result)) { $context['shop_invother'][$key]['items'][] = array('name' => $row['name'], 'desc' => $row['desc'], 'image' => $row['image']); }
/** * Called by index.php?action=findmember. * This function result is used as a popup for searching members. * * @deprecated since 1.0 * @uses sub template find_members of the Members template. */ public function action_findmember() { global $context, $scripturl, $user_info, $settings; checkSession('get'); // Load members template loadTemplate('Members'); loadTemplate('index'); Template_Layers::getInstance()->removeAll(); $context['sub_template'] = 'find_members'; if (isset($_REQUEST['search'])) { $context['last_search'] = Util::htmlspecialchars($_REQUEST['search'], ENT_QUOTES); } else { $_REQUEST['start'] = 0; } // Allow the user to pass the input to be added to to the box. $context['input_box_name'] = isset($_REQUEST['input']) && preg_match('~^[\\w-]+$~', $_REQUEST['input']) === 1 ? $_REQUEST['input'] : 'to'; // Take the delimiter over GET in case it's \n or something. $context['delimiter'] = isset($_REQUEST['delim']) ? $_REQUEST['delim'] == 'LB' ? "\n" : $_REQUEST['delim'] : ', '; $context['quote_results'] = !empty($_REQUEST['quote']); // List all the results. $context['results'] = array(); // Some buddy related settings ;) $context['show_buddies'] = !empty($user_info['buddies']); $context['buddy_search'] = isset($_REQUEST['buddies']); // If the user has done a search, well - search. if (isset($_REQUEST['search'])) { require_once SUBSDIR . '/Auth.subs.php'; $_REQUEST['search'] = Util::htmlspecialchars($_REQUEST['search'], ENT_QUOTES); $context['results'] = findMembers(array($_REQUEST['search']), true, $context['buddy_search']); $total_results = count($context['results']); $_REQUEST['start'] = (int) $_REQUEST['start']; // This is a bit hacky, but its defined in index template, and this is a popup $settings['page_index_template'] = array('base_link' => '<li class="linavPages"><a class="navPages" href="{base_link}" role="menuitem">%2$s</a></li>', 'previous_page' => '<span class="previous_page" role="menuitem">{prev_txt}</span>', 'current_page' => '<li class="linavPages"><strong class="current_page" role="menuitem">%1$s</strong></li>', 'next_page' => '<span class="next_page" role="menuitem">{next_txt}</span>', 'expand_pages' => '<li class="linavPages expand_pages" role="menuitem" {custom}> <a href="#">...</a> </li>', 'all' => '<li class="linavPages all_pages" role="menuitem">{all_txt}</li>'); $context['page_index'] = constructPageIndex($scripturl . '?action=findmember;search=' . $context['last_search'] . ';' . $context['session_var'] . '=' . $context['session_id'] . ';input=' . $context['input_box_name'] . ($context['quote_results'] ? ';quote=1' : '') . ($context['buddy_search'] ? ';buddies' : ''), $_REQUEST['start'], $total_results, 7); // Determine the navigation context $base_url = $scripturl . '?action=findmember;search=' . urlencode($context['last_search']) . (empty($_REQUEST['u']) ? '' : ';u=' . $_REQUEST['u']) . ';' . $context['session_var'] . '=' . $context['session_id']; $context['links'] += array('prev' => $_REQUEST['start'] >= 7 ? $base_url . ';start=' . ($_REQUEST['start'] - 7) : '', 'next' => $_REQUEST['start'] + 7 < $total_results ? $base_url . ';start=' . ($_REQUEST['start'] + 7) : ''); $context['page_info'] = array('current_page' => $_REQUEST['start'] / 7 + 1, 'num_pages' => floor(($total_results - 1) / 7) + 1); $context['results'] = array_slice($context['results'], $_REQUEST['start'], 7); } }
function MaintainReattributePosts() { global $sourcedir, $context, $txt; checkSession(); // Find the member. require_once $sourcedir . '/Subs-Auth.php'; $members = findMembers($_POST['to']); if (empty($members)) { fatal_lang_error('reattribute_cannot_find_member'); } $memID = array_shift($members); $memID = $memID['id']; $email = $_POST['type'] == 'email' ? $_POST['from_email'] : ''; $membername = $_POST['type'] == 'name' ? $_POST['from_name'] : ''; // Now call the reattribute function. require_once $sourcedir . '/Subs-Members.php'; reattributePosts($memID, $email, $membername, !empty($_POST['posts'])); $context['maintenance_finished'] = $txt['maintain_reattribute_posts']; }
/** * Send a personal message. */ public function action_send2() { global $txt, $context, $user_info, $modSettings; // All the helpers we need require_once SUBSDIR . '/Auth.subs.php'; require_once SUBSDIR . '/Post.subs.php'; // PM Drafts enabled and needed? if ($context['drafts_pm_save'] && (isset($_POST['save_draft']) || isset($_POST['id_pm_draft']))) { require_once SUBSDIR . '/Drafts.subs.php'; } loadLanguage('PersonalMessage', '', false); // Extract out the spam settings - it saves database space! list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']); // Initialize the errors we're about to make. $post_errors = Error_Context::context('pm', 1); // Check whether we've gone over the limit of messages we can send per hour - fatal error if fails! if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') { // How many have they sent this last hour? $pmCount = pmCount($user_info['id'], 3600); if (!empty($pmCount) && $pmCount >= $modSettings['pm_posts_per_hour']) { if (!isset($_REQUEST['xml'])) { fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour'])); } else { $post_errors->addError('pm_too_many_per_hour'); } } } // If your session timed out, show an error, but do allow to re-submit. if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') { $post_errors->addError('session_timeout'); } $_REQUEST['subject'] = isset($_REQUEST['subject']) ? strtr(Util::htmltrim($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')) : ''; $_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to']; $_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc']; // Route the input from the 'u' parameter to the 'to'-list. if (!empty($_POST['u'])) { $_POST['recipient_to'] = explode(',', $_POST['u']); } // Construct the list of recipients. $recipientList = array(); $namedRecipientList = array(); $namesNotFound = array(); foreach (array('to', 'bcc') as $recipientType) { // First, let's see if there's user ID's given. $recipientList[$recipientType] = array(); if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) { foreach ($_POST['recipient_' . $recipientType] as $recipient) { $recipientList[$recipientType][] = (int) $recipient; } } // Are there also literal names set? if (!empty($_REQUEST[$recipientType])) { // We're going to take out the "s anyway ;). $recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $recipientString, $matches); $namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString)))); // Clean any literal names entered foreach ($namedRecipientList[$recipientType] as $index => $recipient) { if (strlen(trim($recipient)) > 0) { $namedRecipientList[$recipientType][$index] = Util::htmlspecialchars(Util::strtolower(trim($recipient))); } else { unset($namedRecipientList[$recipientType][$index]); } } // Now see if we can resolove the entered name to an actual user if (!empty($namedRecipientList[$recipientType])) { $foundMembers = findMembers($namedRecipientList[$recipientType]); // Assume all are not found, until proven otherwise. $namesNotFound[$recipientType] = $namedRecipientList[$recipientType]; // Make sure we only have each member listed once, incase they did not use the select list foreach ($foundMembers as $member) { $testNames = array(Util::strtolower($member['username']), Util::strtolower($member['name']), Util::strtolower($member['email'])); if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) { $recipientList[$recipientType][] = $member['id']; // Get rid of this username, since we found it. $namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames); } } } } // Selected a recipient to be deleted? Remove them now. if (!empty($_POST['delete_recipient'])) { $recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient'])); } // Make sure we don't include the same name twice $recipientList[$recipientType] = array_unique($recipientList[$recipientType]); } // Are we changing the recipients some how? $is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']); // Check if there's at least one recipient. if (empty($recipientList['to']) && empty($recipientList['bcc'])) { $post_errors->addError('no_to'); } // Make sure that we remove the members who did get it from the screen. if (!$is_recipient_change) { foreach (array_keys($recipientList) as $recipientType) { if (!empty($namesNotFound[$recipientType])) { $post_errors->addError('bad_' . $recipientType); // Since we already have a post error, remove the previous one. $post_errors->removeError('no_to'); foreach ($namesNotFound[$recipientType] as $name) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); } } } } // Did they make any mistakes like no subject or message? if ($_REQUEST['subject'] == '') { $post_errors->addError('no_subject'); } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { $post_errors->addError('no_message'); } elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_REQUEST['message']) > $modSettings['max_messageLength']) { $post_errors->addError('long_message'); } else { // Preparse the message. $message = $_REQUEST['message']; preparsecode($message); // Make sure there's still some content left without the tags. if (Util::htmltrim(strip_tags(parse_bbc(Util::htmlspecialchars($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) { $post_errors->addError('no_message'); } } // Wrong verification code? if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) { require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'pm'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { foreach ($context['require_verification'] as $error) { $post_errors->addError($error); } } } // If they made any errors, give them a chance to make amends. if ($post_errors->hasErrors() && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) { return messagePostError($namedRecipientList, $recipientList); } // Want to take a second glance before you send? if (isset($_REQUEST['preview'])) { // Set everything up to be displayed. $context['preview_subject'] = Util::htmlspecialchars($_REQUEST['subject']); $context['preview_message'] = Util::htmlspecialchars($_REQUEST['message'], ENT_QUOTES, 'UTF-8', true); preparsecode($context['preview_message'], true); // Parse out the BBC if it is enabled. $context['preview_message'] = parse_bbc($context['preview_message']); // Censor, as always. censorText($context['preview_subject']); censorText($context['preview_message']); // Set a descriptive title. $context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject']; // Pretend they messed up but don't ignore if they really did :P. return messagePostError($namedRecipientList, $recipientList); } elseif ($is_recipient_change) { // Maybe we couldn't find one? foreach ($namesNotFound as $recipientType => $names) { $post_errors->addError('bad_' . $recipientType); foreach ($names as $name) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); } } return messagePostError($namedRecipientList, $recipientList); } // Want to save this as a draft and think about it some more? if ($context['drafts_pm_save'] && isset($_POST['save_draft'])) { savePMDraft($recipientList); return messagePostError($namedRecipientList, $recipientList); } elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) { $context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients']))); return messagePostError($namedRecipientList, $recipientList); } // Protect from message spamming. spamProtection('pm'); // Prevent double submission of this form. checkSubmitOnce('check'); // Finally do the actual sending of the PM. if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) { $context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], true, null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0); } else { $context['send_log'] = array('sent' => array(), 'failed' => array()); } // Mark the message as "replied to". if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') { require_once SUBSDIR . '/PersonalMessage.subs.php'; setPMRepliedStatus($user_info['id'], (int) $_REQUEST['replied_to']); } // If one or more of the recipients were invalid, go back to the post screen with the failed usernames. if (!empty($context['send_log']['failed'])) { return messagePostError($namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed']))); } // Message sent successfully? if (!empty($context['send_log']) && empty($context['send_log']['failed'])) { $context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent'; // If we had a PM draft for this one, then its time to remove it since it was just sent if ($context['drafts_pm_save'] && !empty($_POST['id_pm_draft'])) { deleteDrafts($_POST['id_pm_draft'], $user_info['id']); } } // Go back to the where they sent from, if possible... redirectexit($context['current_label_redirect']); }
function ArcadeNewMatch2() { global $scripturl, $txt, $db_prefix, $context, $smcFunc, $user_info, $sourcedir; require_once $sourcedir . '/Subs-Members.php'; require_once $sourcedir . '/Subs-Auth.php'; $match = array(); $showConfirm = false; $errors = array(); if (empty($_REQUEST['match_name']) || trim($_REQUEST['match_name']) == '') { $errors[] = 'no_name'; } elseif ($smcFunc['strlen']($_REQUEST['match_name']) > 20) { $errors[] = 'name_too_long'; } if (!empty($_REQUEST['match_name'])) { $match['name'] = $_REQUEST['match_name']; } if (empty($_REQUEST['game_mode']) || !in_array($_REQUEST['game_mode'], array('normal', 'knockout'))) { $errors[] = 'invalid_game_mode'; } else { $match['game_mode'] = $_REQUEST['game_mode']; } $match['private'] = isset($_REQUEST['private']); $match['num_players'] = empty($_REQUEST['num_players']) ? 0 : $_REQUEST['num_players']; // Check rounds $match['rounds'] = array(); $context['games'] = array(); if (!empty($_REQUEST['rounds'])) { // Check that all are numbers foreach ($_REQUEST['rounds'] as $id => $round) { if ($round != '::GAME_ID::' && (!isset($_REQUEST['delete_round']) || $_REQUEST['delete_round'] != $id)) { $match['rounds'][] = (int) $round; } } } // Game from suggester text field? if (!empty($_REQUEST['arenagame_input'])) { $showConfirm = true; $_REQUEST['arenagame_input'] = strtr($_REQUEST['arenagame_input'], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $_REQUEST['arenagame_input'], $matches); $games = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['arenagame_input'])))); $request = $smcFunc['db_query']('', ' SELECT game.id_game FROM {db_prefix}arcade_games AS game LEFT JOIN {db_prefix}arcade_categories AS category ON (category.id_cat = game.id_cat) WHERE game.game_name IN({array_string:games}) AND {query_arena_game}', array('games' => $games)); while ($row = $smcFunc['db_fetch_assoc']($request)) { $match['rounds'][] = (int) $row['id_game']; } unset($games, $matches); } if (!empty($match['rounds'])) { $request = $smcFunc['db_query']('', ' SELECT game.id_game, game.game_name FROM {db_prefix}arcade_games AS game LEFT JOIN {db_prefix}arcade_categories AS category ON (category.id_cat = game.id_cat) WHERE id_game IN({array_int:games}) AND {query_arena_game}', array('games' => array_unique($match['rounds']))); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['games'][$row['id_game']] = array('id' => $row['id_game'], 'name' => $row['game_name']); } $smcFunc['db_free_result']($request); $valid = true; foreach ($match['rounds'] as $i => $r) { if (!isset($context['games'][$r])) { $valid = false; unset($match['rounds'][$i]); } } if (!$valid) { $errors[] = 'invalid_rounds'; } } // Check players $match['players'] = array(); // Players from add players field? if (!empty($_REQUEST['player'])) { $showConfirm = true; $_REQUEST['player'] = strtr($_REQUEST['player'], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $_REQUEST['player'], $matches); $foundMembers = findMembers(array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['player']))))); foreach ($foundMembers as $member) { $match['players'][] = $member['id']; } unset($foundMembers, $matches); } // Previous / Players added via suggester if (!empty($_REQUEST['players_list'])) { foreach ($_REQUEST['players_list'] as $id) { if (!isset($_REQUEST['delete_player']) || $_REQUEST['delete_player'] != $id) { $match['players'][] = (int) $id; } } } // Remove duplicates $match['players'] = array_unique($match['players']); $totalp = count($match['players']); // Check that selected players are allowed to play $match['players'] = memberAllowedTo(array('arcade_join_match', 'arcade_join_invite_match'), $match['players']); // Check number of players if ($match['num_players'] < $totalp || $match['num_players'] < 2) { $errors[] = 'not_enough_players'; } if (count($match['players']) != $totalp) { $errors[] = 'invalid_members'; } if (count($match['rounds']) === 0) { $errors[] = 'no_rounds'; } if (!checkSubmitOnce('check', false)) { $errors[] = 'submit_twice'; } $showConfirm = $showConfirm || isset($_REQUEST['delete_round']) || isset($_REQUEST['delete_player']) || isset($_REQUEST['player_submit']) || isset($_REQUEST['arenagame_submit']); if ($showConfirm || !empty($errors)) { return ArcadeNewMatch($match, $showConfirm ? array() : $errors); } $matchOptions = array('name' => $smcFunc['htmlspecialchars']($match['name'], ENT_QUOTES), 'starter' => $user_info['id'], 'num_players' => $match['num_players'], 'games' => $match['rounds'], 'num_rounds' => count($match['rounds']), 'players' => $match['players'], 'extra' => array('mode' => $match['game_mode'])); $id_match = createMatch($matchOptions); redirectexit('action=arcade;sa=viewMatch;match=' . $id_match); }
require_once 'libextra.php'; require_once 'db.php'; require_once 'chance.php'; require_once 'misc/bases.php'; //And now the conditionals. if (isset($_GET['trainer']) || isset($_GET['user'])) { //Extra handling for username requests. if (isset($_GET['user'])) { //Before we take one step, we should block searches by email address. findMembers() is not (regular) user facing by default - simply exposing it allows reverse email lookups, which is naughty. if (filter_var($_GET['user'], FILTER_VALIDATE_EMAIL)) { die($error[3]); } require_once '../Sources/Subs-Auth.php'; $possible_user = array($_GET['user']); //SMF's function we're appropriating expects an array no matter what. $userinfo = findMembers($possible_user); //If I don't know this name, sorry. No trainer. if (empty($userinfo)) { die($error[2]); } //SMF "helpfully" keys the result by user ID. Which is the whole point of this search: we don't know it.. reset($userinfo); $id = key($userinfo); } if (!isset($_GET['user'])) { $id = (int) $_GET['trainer']; } $userdata = userdata($id); $userdata = $userdata[0]; if (empty($userdata)) { die($error[2]);
function method_get_participated_topic() { global $context, $mobdb, $mobsettings, $modSettings, $user_info, $sourcedir; // Guest? if ($user_info['is_guest']) { createErrorResponse(21); } // Get the username $username = base64_decode($context['mob_request']['params'][0][0]); if (empty($username)) { createErrorResponse(8); } require_once $sourcedir . '/Subs-Auth.php'; ######## Added by Sean############## $username = htmltrim__recursive($username); $username = stripslashes__recursive($username); $username = htmlspecialchars__recursive($username); $username = addslashes__recursive($username); ################################################################## // Does this user exist? $members = findMembers($username); if (empty($members)) { createErrorResponse(8); } $id_member = array_keys($members); $member = $members[$id_member[0]]; if (empty($member)) { createErrorResponse(8); } // Do we have start num defined? if (isset($context['mob_request']['params'][1])) { $start_num = (int) $context['mob_request']['params'][1][0]; } // Do we have last number defined? if (isset($context['mob_request']['params'][2])) { $last_num = (int) $context['mob_request']['params'][2][0]; } // Perform some start/last num checks if (isset($start_num) && isset($last_num)) { if ($start_num > $last_num) { createErrorResponse(3); } elseif ($last_num - $start_num > 50) { $last_num = $start_num + 50; } } // Default number of topics per page $topics_per_page = 20; // Generate the limit clause $limit = ''; if (!isset($start_num) && !isset($last_num)) { $start_num = 0; $limit = $topics_per_page; } elseif (isset($start_num) && !isset($last_num)) { $limit = $topics_per_page; } elseif (isset($start_num) && isset($last_num)) { $limit = $last_num - $start_num + 1; } elseif (empty($start_num) && empty($last_num)) { $start_num = 0; $limit = $topics_per_page; } // Get the count $mobdb->query(' SELECT t.ID_TOPIC FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC) INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = t.ID_BOARD) WHERE {query_see_board} AND m.ID_MEMBER = {int:member} GROUP BY t.ID_TOPIC ORDER BY t.ID_TOPIC DESC', array('member' => $id_member[0])); $tids = array(); while ($row = $mobdb->fetch_assoc()) { $tids[] = $row['ID_TOPIC']; } $mobdb->free_result(); $count = count($tids); if ($limit + $start_num > $count) { $limit = $count - $start_num; } $tids = array_slice($tids, $start_num, $limit); $topics = array(); if (count($tids)) { // Grab the topics $mobdb->query(' SELECT t.ID_TOPIC AS id_topic, t.isSticky AS is_sticky, t.locked, fm.subject AS topic_title, t.numViews AS views, t.numReplies AS replies, IFNULL(mem.ID_MEMBER, 0) AS id_member, mem.realName, mem.memberName, mem.avatar, IFNULL(a.ID_ATTACH, 0) AS id_attach, a.filename, a.attachmentType AS attachment_type, IFNULL(lm.posterTime, fm.posterTime) AS last_message_time, ' . ($user_info['is_guest'] ? '0' : 'ln.ID_TOPIC AS is_notify, IFNULL(lt.ID_MSG, IFNULL(lmr.ID_MSG, -1)) + 1') . ' AS new_from, IFNULL(lm.body, fm.body) AS body, lm.ID_MSG_MODIFIED AS id_msg_modified, b.name AS board_name, b.ID_BOARD AS id_board FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC) INNER JOIN {db_prefix}messages AS fm ON (t.ID_FIRST_MSG = fm.ID_MSG) INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = t.ID_BOARD) LEFT JOIN {db_prefix}messages AS lm ON (t.ID_LAST_MSG = lm.ID_MSG) LEFT JOIN {db_prefix}members AS mem ON (lm.ID_MEMBER = mem.ID_MEMBER)' . ($user_info['is_guest'] ? '' : ' LEFT JOIN {db_prefix}log_topics AS lt ON (lt.ID_TOPIC = t.ID_TOPIC AND lt.ID_MEMBER = {int:current_member}) LEFT JOIN {db_prefix}log_notify AS ln ON ((ln.ID_TOPIC = t.ID_TOPIC OR ln.ID_BOARD = t.ID_BOARD) AND ln.ID_MEMBER = {int:current_member}) LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.ID_BOARD = t.ID_BOARD AND lmr.ID_MEMBER = {int:current_member})') . ' LEFT JOIN {db_prefix}attachments AS a ON (a.ID_MEMBER = mem.ID_MEMBER) WHERE {query_see_board} AND m.ID_MEMBER = {int:member} AND t.ID_TOPIC IN ({array_int:topic_ids}) ORDER BY lm.posterTime DESC', array('current_member' => $user_info['id'], 'member' => $id_member[0], 'topic_ids' => $tids)); while ($row = $mobdb->fetch_assoc()) { // Add stuff to the array $topics[$row['id_topic']] = array('id' => $row['id_topic'], 'title' => processSubject($row['topic_title']), 'short_msg' => processShortContent($row['body']), 'replies' => $row['replies'], 'views' => $row['views'], 'poster' => array('id' => $row['id_member'], 'username' => $row['memberName'], 'post_name' => $row['realName'], 'avatar' => get_avatar($row)), 'is_new' => $user_info['is_guest'] ? 0 : $row['new_from'] <= $row['id_msg_modified'], 'board' => $row['id_board'], 'board_name' => $row['board_name'], 'post_time' => mobiquo_time($row['last_message_time']), 'is_marked_notify' => !empty($row['is_notify']), 'is_locked' => !empty($row['locked'])); } $mobdb->free_result(); } // LAME! outputRPCSubscribedTopics($topics, $count); }
function shd_admin_maint_reattribute() { global $context, $txt, $smcFunc, $sourcedir; checkSession('request'); $context['page_title'] = $txt['shd_admin_maint_reattribute']; $context['sub_template'] = 'shd_admin_maint_reattributedone'; // Find the member. require_once $sourcedir . '/Subs-Auth.php'; $members = findMembers($_POST['to']); if (empty($members)) { fatal_lang_error('shd_reattribute_cannot_find_member'); } $memID = array_shift($members); $memID = $memID['id']; if ($_POST['type'] == 'email') { if (empty($_POST['from_email'])) { fatal_lang_error('shd_reattribute_no_email'); } $clause = 'poster_email = {string:attribute}'; $attribute = $_POST['from_email']; } elseif ($_POST['type'] == 'name') { if (empty($_POST['from_name'])) { fatal_lang_error('shd_reattribute_no_user'); } $clause = 'poster_name = {string:attribute}'; $attribute = $_POST['from_name']; } elseif ($_POST['type'] == 'starter') { if (empty($_POST['from_starter'])) { fatal_lang_error('shd_reattribute_no_user'); } $from = findMembers($_POST['from_starter']); if (empty($from)) { fatal_lang_error('shd_reattribute_cannot_find_member_from'); } $fromID = array_shift($from); $attribute = $fromID['id']; $clause = 'id_msg in ( SELECT id_first_msg FROM {db_prefix}helpdesk_tickets WHERE id_member_started = {int:attribute})'; } else { fatal_lang_error('shd_reattribute_no_user'); } // Now, we don't delete the user id from posts on account deletion, never have. // So, get all the user ids attached to this user/email, make sure they're not in use, and then reattribute them. $members = array(); $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}helpdesk_ticket_replies WHERE ' . $clause, array('attribute' => $attribute)); while ($row = $smcFunc['db_fetch_row']($request)) { $members[] = $row[0]; } $smcFunc['db_free_result']($request); // Did we find any members? If not, bail. if (empty($members)) { fatal_lang_error('shd_reattribute_no_messages', false); } // Topic starters are a bit easier. if ($_POST['type'] == 'starter') { $smcFunc['db_query']('', ' UPDATE {db_prefix}helpdesk_ticket_replies SET id_member = {int:new_id} WHERE id_msg IN ( SELECT id_first_msg FROM {db_prefix}helpdesk_tickets WHERE id_member_started = {int:from_id})', array('new_id' => $memID, 'from_id' => $attribute)); } else { // So we found some old member ids. Are any of them still in use? $temp_members = loadMemberData($members, false, 'minimal'); if (empty($temp_members)) { $temp_members = array(); } $members = array_diff($members, $temp_members); if (empty($members)) { fatal_lang_error('shd_reattribute_in_use', false); } // OK, let's go! $smcFunc['db_query']('', ' UPDATE {db_prefix}helpdesk_ticket_replies SET id_member = {int:new_id} WHERE id_member IN ({array_int:old_ids})', array('new_id' => $memID, 'old_ids' => $members)); } }
/** * Called by index.php?action=findmember. * - is used as a popup for searching members. * - uses sub template find_members of the Help template. * - also used to add members for PM's sent using wap2/imode protocol. */ function JSMembers() { global $context, $scripturl, $user_info, $smcFunc; checkSession('get'); if (WIRELESS) { $context['sub_template'] = WIRELESS_PROTOCOL . '_pm'; } else { // Why is this in the Help template, you ask? Well, erm... it helps you. Does that work? loadTemplate('Help'); $context['template_layers'] = array(); $context['sub_template'] = 'find_members'; } if (isset($_REQUEST['search'])) { $context['last_search'] = $smcFunc['htmlspecialchars']($_REQUEST['search'], ENT_QUOTES); } else { $_REQUEST['start'] = 0; } // Allow the user to pass the input to be added to to the box. $context['input_box_name'] = isset($_REQUEST['input']) && preg_match('~^[\\w-]+$~', $_REQUEST['input']) === 1 ? $_REQUEST['input'] : 'to'; // Take the delimiter over GET in case it's \n or something. $context['delimiter'] = isset($_REQUEST['delim']) ? $_REQUEST['delim'] == 'LB' ? "\n" : $_REQUEST['delim'] : ', '; $context['quote_results'] = !empty($_REQUEST['quote']); // List all the results. $context['results'] = array(); // Some buddy related settings ;) $context['show_buddies'] = !empty($user_info['buddies']); $context['buddy_search'] = isset($_REQUEST['buddies']); // If the user has done a search, well - search. if (isset($_REQUEST['search'])) { $_REQUEST['search'] = $smcFunc['htmlspecialchars']($_REQUEST['search'], ENT_QUOTES); $context['results'] = findMembers(array($_REQUEST['search']), true, $context['buddy_search']); $total_results = count($context['results']); $context['page_index'] = constructPageIndex($scripturl . '?action=findmember;search=' . $context['last_search'] . ';' . $context['session_var'] . '=' . $context['session_id'] . ';input=' . $context['input_box_name'] . ($context['quote_results'] ? ';quote=1' : '') . ($context['buddy_search'] ? ';buddies' : ''), $_REQUEST['start'], $total_results, 7); // Determine the navigation context (especially useful for the wireless template). $base_url = $scripturl . '?action=findmember;search=' . urlencode($context['last_search']) . (empty($_REQUEST['u']) ? '' : ';u=' . $_REQUEST['u']) . ';' . $context['session_var'] . '=' . $context['session_id']; $context['links'] = array('first' => $_REQUEST['start'] >= 7 ? $base_url . ';start=0' : '', 'prev' => $_REQUEST['start'] >= 7 ? $base_url . ';start=' . ($_REQUEST['start'] - 7) : '', 'next' => $_REQUEST['start'] + 7 < $total_results ? $base_url . ';start=' . ($_REQUEST['start'] + 7) : '', 'last' => $_REQUEST['start'] + 7 < $total_results ? $base_url . ';start=' . floor(($total_results - 1) / 7) * 7 : '', 'up' => $scripturl . '?action=pm;sa=send' . (empty($_REQUEST['u']) ? '' : ';u=' . $_REQUEST['u'])); $context['page_info'] = array('current_page' => $_REQUEST['start'] / 7 + 1, 'num_pages' => floor(($total_results - 1) / 7) + 1); $context['results'] = array_slice($context['results'], $_REQUEST['start'], 7); } else { $context['links']['up'] = $scripturl . '?action=pm;sa=send' . (empty($_REQUEST['u']) ? '' : ';u=' . $_REQUEST['u']); } }
function mob_get_user_info($rpcmsg) { global $mobdb, $context, $modSettings, $memberContext, $user_profile, $sourcedir, $txt, $user_info; $username = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : null; $id_user = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : null; if (empty($username) && empty($id_user)) { $id_user = $user_info['id']; } $id_user = intval($id_user); require_once $sourcedir . '/Subs-Auth.php'; // If we have an user ID, use it otherwise search for the user if (!is_null($id_user)) { $request = $mobdb->query(' SELECT ID_MEMBER FROM {db_prefix}members WHERE ID_MEMBER = {int:member}', array('member' => $id_user)); if ($mobdb->num_rows($request) == 0) { $id_user = null; } else { list($id_user) = $mobdb->fetch_row($request); } $mobdb->free_result($request); } // Otherwise search from the DB, if (is_null($id_user)) { $username = utf8ToAscii($username); $members = findMembers($username); if (empty($members)) { mob_error('user not found'); } $member_ids = array_keys($members); $id_user = $members[$member_ids[0]]['id']; } loadMemberData($id_user); loadMemberContext($id_user); $member = $memberContext[$id_user]; // Is the guy banned? $request = $mobdb->query(' SELECT COUNT(*) FROM {db_prefix}ban_items AS bi INNER JOIN {db_prefix}ban_groups AS bg ON (bg.ID_BAN_GROUP = bi.ID_BAN_GROUP) WHERE bi.ID_MEMBER = {int:member} AND (bg.expire_time IS NULL OR bg.expire_time > {int:time}) AND bg.cannot_access != 0', array('member' => $member['id'], 'time' => time())); $banned = false; list($count) = $mobdb->fetch_row($request); if ($count > 0) { $banned = true; } $mobdb->free_result($request); loadLanguage('Profile'); // Load the current action $current_action = determineActions($user_profile[$id_user]['url']); // Figure out all the custom fields $custom_fields = array(); $custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval($txt[87], 'base64'), 'value' => new xmlrpcval(!empty($member['group']) ? $member['group'] : $member['post_group'], 'base64')), 'struct'); // Custom communication fields $fields = array('icq', 'aim', 'msn', 'yim'); $_fields = array($txt[513], $txt[603], $txt['MSN'], $txt[604]); foreach ($fields as $k => $field) { if (!empty($member[$field]['name'])) { $custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval(processSubject($_fields[$k]), 'base64'), 'value' => new xmlrpcval(processSubject($member[$field]['name']), 'base64')), 'struct'); } } if ($modSettings['karmaMode'] == '1' || $modSettings['karmaMode'] == '2') { $custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval(processSubject($modSettings['karmaLabel']), 'base64'), 'value' => new xmlrpcval(processSubject($modSettings['karmaMode'] == '1' ? $member['karma']['good'] - $member['karma']['bad'] : '+' . $member['karma']['good'] . '/-' . $member['karma']['bad']), 'base64')), 'struct'); } if (!empty($member['gender']['name'])) { $custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval(processSubject($txt[231]), 'base64'), 'value' => new xmlrpcval(processSubject($member['gender']['name']), 'base64')), 'struct'); } if (!empty($member['location'])) { $custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval(processSubject($txt[227]), 'base64'), 'value' => new xmlrpcval(processSubject($member['location']), 'base64')), 'struct'); } if (!empty($member['signature'])) { $custom_fields[] = new xmlrpcval(array('name' => new xmlrpcval(processSubject($txt[85]), 'base64'), 'value' => new xmlrpcval(processSubject($member['signature']), 'base64')), 'struct'); } $response = array('user_id' => new xmlrpcval($member['id'], 'string'), 'user_name' => new xmlrpcval(processUsername(!empty($member['name']) ? $member['name'] : $member['username']), 'base64'), 'display_name' => new xmlrpcval(processUsername(!empty($member['name']) ? $member['name'] : $member['username']), 'base64'), 'post_count' => new xmlrpcval($member['posts'], 'int'), 'reg_time' => new xmlrpcval(mobiquo_time($member['registered_timestamp']), 'dateTime.iso8601'), 'is_online' => new xmlrpcval(!empty($user_profile[$id_user]['isOnline']), 'boolean'), 'accept_pm' => new xmlrpcval(true, 'boolean'), 'display_text' => new xmlrpcval(processSubject($member['title']), 'base64'), 'icon_url' => new xmlrpcval($member['avatar']['href'], 'string'), 'current_activity' => new xmlrpcval(processSubject($current_action), 'base64'), 'current_action' => new xmlrpcval(processSubject($current_action), 'base64'), 'is_ban' => new xmlrpcval($banned, 'boolean'), 'can_ban' => new xmlrpcval(allowedTo('manage_bans'), 'boolean'), 'custom_fields_list' => new xmlrpcval($custom_fields, 'array')); if ($banned) { $response['user_type'] = new xmlrpcval('banned', 'base64'); } // Return the response return new xmlrpcresp(new xmlrpcval($response, 'struct')); }
/** * Shows a form to edit a forum mailing and its recipients. * * What it does: * - Called by ?action=admin;area=news;sa=mailingcompose. * - Requires the send_mail permission. * - Form is submitted to ?action=admin;area=news;sa=mailingsend. * * @uses ManageNews template, email_members_compose sub-template. */ public function action_mailingcompose() { global $txt, $context; // Setup the template! $context['page_title'] = $txt['admin_newsletters']; $context['sub_template'] = 'email_members_compose'; $context['subject'] = !empty($_POST['subject']) ? $_POST['subject'] : $context['forum_name'] . ': ' . htmlspecialchars($txt['subject'], ENT_COMPAT, 'UTF-8'); $context['message'] = !empty($_POST['message']) ? $_POST['message'] : htmlspecialchars($txt['message'] . "\n\n" . replaceBasicActionUrl($txt['regards_team']) . "\n\n" . '{$board_url}', ENT_COMPAT, 'UTF-8'); // Needed for the WYSIWYG editor. require_once SUBSDIR . '/Editor.subs.php'; // Now create the editor. $editorOptions = array('id' => 'message', 'value' => $context['message'], 'height' => '250px', 'width' => '100%', 'labels' => array('post_button' => $txt['sendtopic_send']), 'preview_type' => 2); create_control_richedit($editorOptions); if (isset($context['preview'])) { require_once SUBSDIR . '/Mail.subs.php'; $context['recipients']['members'] = !empty($_POST['members']) ? explode(',', $_POST['members']) : array(); $context['recipients']['exclude_members'] = !empty($_POST['exclude_members']) ? explode(',', $_POST['exclude_members']) : array(); $context['recipients']['groups'] = !empty($_POST['groups']) ? explode(',', $_POST['groups']) : array(); $context['recipients']['exclude_groups'] = !empty($_POST['exclude_groups']) ? explode(',', $_POST['exclude_groups']) : array(); $context['recipients']['emails'] = !empty($_POST['emails']) ? explode(';', $_POST['emails']) : array(); $context['email_force'] = !empty($_POST['email_force']) ? 1 : 0; $context['total_emails'] = !empty($_POST['total_emails']) ? (int) $_POST['total_emails'] : 0; $context['max_id_member'] = !empty($_POST['max_id_member']) ? (int) $_POST['max_id_member'] : 0; $context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0; $context['send_html'] = !empty($_POST['send_html']) ? '1' : '0'; return prepareMailingForPreview(); } // Start by finding any members! $toClean = array(); if (!empty($_POST['members'])) { $toClean[] = 'members'; } if (!empty($_POST['exclude_members'])) { $toClean[] = 'exclude_members'; } if (!empty($toClean)) { require_once SUBSDIR . '/Auth.subs.php'; foreach ($toClean as $type) { // Remove the quotes. $_POST[$type] = strtr((string) $_POST[$type], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $_POST[$type], $matches); $_POST[$type] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $_POST[$type])))); foreach ($_POST[$type] as $index => $member) { if (strlen(trim($member)) > 0) { $_POST[$type][$index] = Util::htmlspecialchars(Util::strtolower(trim($member))); } else { unset($_POST[$type][$index]); } } // Find the members $_POST[$type] = implode(',', array_keys(findMembers($_POST[$type]))); } } if (isset($_POST['member_list']) && is_array($_POST['member_list'])) { $members = array(); foreach ($_POST['member_list'] as $member_id) { $members[] = (int) $member_id; } $_POST['members'] = implode(',', $members); } if (isset($_POST['exclude_member_list']) && is_array($_POST['exclude_member_list'])) { $members = array(); foreach ($_POST['exclude_member_list'] as $member_id) { $members[] = (int) $member_id; } $_POST['exclude_members'] = implode(',', $members); } // Clean the other vars. $this->action_mailingsend(true); // We need a couple strings from the email template file loadLanguage('EmailTemplates'); require_once SUBSDIR . '/News.subs.php'; // Get a list of all full banned users. Use their Username and email to find them. // Only get the ones that can't login to turn off notification. $context['recipients']['exclude_members'] = excludeBannedMembers(); // Did they select moderators - if so add them as specific members... if (!empty($context['recipients']['groups']) && in_array(3, $context['recipients']['groups']) || !empty($context['recipients']['exclude_groups']) && in_array(3, $context['recipients']['exclude_groups'])) { $mods = getModerators(); foreach ($mods as $row) { if (in_array(3, $context['recipients'])) { $context['recipients']['exclude_members'][] = $row; } else { $context['recipients']['members'][] = $row; } } } require_once SUBSDIR . '/Members.subs.php'; // For progress bar! $context['total_emails'] = count($context['recipients']['emails']); $context['max_id_member'] = maxMemberID(); // Clean up the arrays. $context['recipients']['members'] = array_unique($context['recipients']['members']); $context['recipients']['exclude_members'] = array_unique($context['recipients']['exclude_members']); }
function shd_get_named_people($field) { global $smcFunc, $sourcedir, $context; if (!isset($context['named_people'])) { $context['named_people'] = array(); } require_once $sourcedir . '/Subs-Auth.php'; $members = array(); // First look for the autosuggest values. if (!empty($_POST[$field . '_name_from']) && is_array($_POST[$field . '_name_from'])) { foreach ($_POST['starter_name_from'] as $member) { if ((int) $member > 0) { $members[] = (int) $member; } } } // Failing that, let's look at the name itself for those without JS. if (!empty($_POST[$field . '_name'])) { // We're going to take out the "s anyway ;). $names = strtr($_POST[$field . '_name'], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $names, $matches); $namedlist = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $names)))); foreach ($namedlist as $index => $name) { if (strlen(trim($name)) > 0) { $namedlist[$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($name))); } else { unset($namedlist[$index]); } } if (!empty($namedlist)) { $foundMembers = findMembers($namedlist); // Assume all are not found, until proven otherwise. $namesNotFound[$recipientType] = $namedlist; foreach ($foundMembers as $member) { $testNames = array($smcFunc['strtolower']($member['username']), $smcFunc['strtolower']($member['name']), $smcFunc['strtolower']($member['email'])); if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) { $members[] = $member['id']; $context['named_people'][$member['id']] = $member['real_name']; } } } } return array_unique($members); }
/** * Send it! */ function MessagePost2() { global $txt, $context, $sourcedir; global $user_info, $modSettings, $scripturl, $smcFunc; isAllowedTo('pm_send'); require_once $sourcedir . '/Subs-Auth.php'; loadLanguage('PersonalMessage', '', false); // Extract out the spam settings - it saves database space! list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']); // Initialize the errors we're about to make. $post_errors = array(); // Check whether we've gone over the limit of messages we can send per hour - fatal error if fails! if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') { // How many have they sent this last hour? $request = $smcFunc['db_query']('', ' SELECT COUNT(pr.id_pm) AS post_count FROM {db_prefix}personal_messages AS pm INNER JOIN {db_prefix}pm_recipients AS pr ON (pr.id_pm = pm.id_pm) WHERE pm.id_member_from = {int:current_member} AND pm.msgtime > {int:msgtime}', array('current_member' => $user_info['id'], 'msgtime' => time() - 3600)); list($postCount) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) { if (!isset($_REQUEST['xml'])) { fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour'])); } else { $post_errors[] = 'pm_too_many_per_hour'; } } } // If your session timed out, show an error, but do allow to re-submit. if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') { $post_errors[] = 'session_timeout'; } $_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : ''; $_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to']; $_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc']; // Route the input from the 'u' parameter to the 'to'-list. if (!empty($_POST['u'])) { $_POST['recipient_to'] = explode(',', $_POST['u']); } // Construct the list of recipients. $recipientList = array(); $namedRecipientList = array(); $namesNotFound = array(); foreach (array('to', 'bcc') as $recipientType) { // First, let's see if there's user ID's given. $recipientList[$recipientType] = array(); if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) { foreach ($_POST['recipient_' . $recipientType] as $recipient) { $recipientList[$recipientType][] = (int) $recipient; } } // Are there also literal names set? if (!empty($_REQUEST[$recipientType])) { // We're going to take out the "s anyway ;). $recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"')); preg_match_all('~"([^"]+)"~', $recipientString, $matches); $namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString)))); foreach ($namedRecipientList[$recipientType] as $index => $recipient) { if (strlen(trim($recipient)) > 0) { $namedRecipientList[$recipientType][$index] = $smcFunc['htmlspecialchars']($smcFunc['strtolower'](trim($recipient))); } else { unset($namedRecipientList[$recipientType][$index]); } } if (!empty($namedRecipientList[$recipientType])) { $foundMembers = findMembers($namedRecipientList[$recipientType]); // Assume all are not found, until proven otherwise. $namesNotFound[$recipientType] = $namedRecipientList[$recipientType]; foreach ($foundMembers as $member) { $testNames = array($smcFunc['strtolower']($member['username']), $smcFunc['strtolower']($member['name']), $smcFunc['strtolower']($member['email'])); if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) { $recipientList[$recipientType][] = $member['id']; // Get rid of this username, since we found it. $namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames); } } } } // Selected a recipient to be deleted? Remove them now. if (!empty($_POST['delete_recipient'])) { $recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient'])); } // Make sure we don't include the same name twice $recipientList[$recipientType] = array_unique($recipientList[$recipientType]); } // Are we changing the recipients some how? $is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']); // Check if there's at least one recipient. if (empty($recipientList['to']) && empty($recipientList['bcc'])) { $post_errors[] = 'no_to'; } // Make sure that we remove the members who did get it from the screen. if (!$is_recipient_change) { foreach ($recipientList as $recipientType => $dummy) { if (!empty($namesNotFound[$recipientType])) { $post_errors[] = 'bad_' . $recipientType; // Since we already have a post error, remove the previous one. $post_errors = array_diff($post_errors, array('no_to')); foreach ($namesNotFound[$recipientType] as $name) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); } } } } // Did they make any mistakes? if ($_REQUEST['subject'] == '') { $post_errors[] = 'no_subject'; } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { $post_errors[] = 'no_message'; } elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) { $post_errors[] = 'long_message'; } else { // Preparse the message. $message = $_REQUEST['message']; preparsecode($message); // Make sure there's still some content left without the tags. if ($smcFunc['htmltrim'](strip_tags(parse_bbc($smcFunc['htmlspecialchars']($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) { $post_errors[] = 'no_message'; } } // Wrong verification code? if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'pm'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { $post_errors = array_merge($post_errors, $context['require_verification']); } } // If they did, give a chance to make ammends. if (!empty($post_errors) && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) { return messagePostError($post_errors, $namedRecipientList, $recipientList); } // Want to take a second glance before you send? if (isset($_REQUEST['preview'])) { // Set everything up to be displayed. $context['preview_subject'] = $smcFunc['htmlspecialchars']($_REQUEST['subject']); $context['preview_message'] = $smcFunc['htmlspecialchars']($_REQUEST['message'], ENT_QUOTES); preparsecode($context['preview_message'], true); // Parse out the BBC if it is enabled. $context['preview_message'] = parse_bbc($context['preview_message']); // Censor, as always. censorText($context['preview_subject']); censorText($context['preview_message']); // Set a descriptive title. $context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject']; // Pretend they messed up but don't ignore if they really did :P. return messagePostError($post_errors, $namedRecipientList, $recipientList); } elseif ($is_recipient_change) { // Maybe we couldn't find one? foreach ($namesNotFound as $recipientType => $names) { $post_errors[] = 'bad_' . $recipientType; foreach ($names as $name) { $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name); } } return messagePostError(array(), $namedRecipientList, $recipientList); } // Want to save this as a draft and think about it some more? if (!empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_pm_enabled']) && isset($_POST['save_draft'])) { require_once $sourcedir . '/Drafts.php'; SavePMDraft($post_errors, $recipientList); return messagePostError($post_errors, $namedRecipientList, $recipientList); } elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) { $context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients']))); return messagePostError($post_errors, $namedRecipientList, $recipientList); } // Protect from message spamming. spamProtection('pm'); // Prevent double submission of this form. checkSubmitOnce('check'); // Do the actual sending of the PM. if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) { $context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], !empty($_REQUEST['outbox']), null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0); } else { $context['send_log'] = array('sent' => array(), 'failed' => array()); } // Mark the message as "replied to". if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') { $smcFunc['db_query']('', ' UPDATE {db_prefix}pm_recipients SET is_read = is_read | 2 WHERE id_pm = {int:replied_to} AND id_member = {int:current_member}', array('current_member' => $user_info['id'], 'replied_to' => (int) $_REQUEST['replied_to'])); } // If one or more of the recipient were invalid, go back to the post screen with the failed usernames. if (!empty($context['send_log']['failed'])) { return messagePostError($post_errors, $namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed']))); } // Message sent successfully? if (!empty($context['send_log']) && empty($context['send_log']['failed'])) { $context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent'; } // Go back to the where they sent from, if possible... redirectexit($context['current_label_redirect']); }
function mob_get_participated_topic($rpcmsg) { global $mobdb, $scripturl, $user_info, $settings, $modSettings, $sourcedir; require_once $sourcedir . '/Subs-Auth.php'; // Load the parameters, username must always be there $username = $rpcmsg->getScalarValParam(0); $start = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : 0; $end = $rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : $start + 9; $id_user = $rpcmsg->getParam(3) ? (int) $rpcmsg->getScalarValParam(3) : null; $count = $end - $start + 1; // If we have an user ID, use it otherwise search for the user if (!is_null($id_user)) { $request = $mobdb->query(' SELECT ID_MEMBER FROM {db_prefix}members WHERE ID_MEMBER = {int:member}', array('member' => $id_user)); if ($mobdb->num_rows($request) == 0) { $id_user = null; } else { list($id_user) = $mobdb->fetch_row($request); } $mobdb->free_result($request); } // Otherwise search from the DB, if (is_null($id_user)) { $username = utf8ToAscii($username); $members = findMembers($username); if (empty($members)) { mob_error('user not found'); } $member_ids = array_keys($members); $id_user = $members[$member_ids[0]]['id']; } // Get the topic's count $request = $mobdb->query(' SELECT COUNT(*) FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC) WHERE m.ID_MEMBER = {int:member} GROUP BY m.ID_TOPIC', array('member' => $id_user)); list($topic_count) = $mobdb->fetch_row($request); $mobdb->free_result($request); // Get the topics themselves $request = $mobdb->query(' SELECT t.ID_TOPIC AS id_topic FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC) INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = m.ID_BOARD) INNER JOIN {db_prefix}messages AS lm ON (t.ID_LAST_MSG = lm.ID_MSG) WHERE m.ID_MEMBER = {int:member} AND {query_see_board} GROUP BY m.ID_TOPIC ORDER BY lm.posterTime DESC LIMIT {int:start}, {int:limit}', array('member' => $id_user, 'start' => $start, 'limit' => $count)); $topics = array(); while ($row = $mobdb->fetch_assoc($request)) { $topics[] = $row['id_topic']; } $mobdb->free_result($request); // Return the topics return new xmlrpcresp(new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'total_topic_num' => new xmlrpcval($topic_count, 'int'), 'topics' => new xmlrpcval(!empty($topics) ? get_topics('t.ID_TOPIC IN ({array_int:topics})', array('topics' => $topics), $start, $count, false) : array(), 'array')), 'struct')); }