function form_check_csrf_token()
{
if (!isset($_SERVER['REQUEST_METHOD']) || mb_strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') {
return;
}
if (in_array(basename($_SERVER['PHP_SELF']), get_csrf_exempt_files()) || defined('BH_DISABLE_CSRF')) {
return;
}
if (!($token_name = forum_get_setting('csrf_token_name'))) {
html_draw_error(gettext('Sorry, you do not have access to this page.'));
}
if (!isset($_POST[$token_name]) || $_POST[$token_name] != session::get_csrf_token()) {
unset($_POST[$token_name]);
session::refresh_csrf_token();
html_draw_error(gettext('Sorry, you do not have access to this page.'));
}
unset($_POST[$token_name]);
}
$logon = null;
if (isset($_GET['uid']) && is_numeric($_GET['uid'])) {
$uid = $_GET['uid'];
if (!($logon = user_get_logon($uid))) {
html_draw_error(gettext("Unknown user"));
}
} else {
if (isset($_GET['logon']) && strlen(trim($_GET['logon'])) > 0) {
$logon = trim($_GET['logon']);
if (($user_array = user_get_by_logon($logon)) !== false) {
$uid = $user_array['UID'];
}
}
}
if (!isset($uid)) {
html_draw_error(gettext("No user specified."));
}
// Get the Profile Sections.
$profile_sections = profile_sections_get();
// Get the user's profile data.
$user_profile = user_get_profile($uid);
// User relationship.
$peer_relationship = user_get_relationship($uid, $_SESSION['UID']);
// Popup title.
$page_title = format_user_name($user_profile['LOGON'], $user_profile['NICKNAME']);
html_draw_top(array('title' => $page_title, 'js' => array('js/user_profile.js'), 'base_target' => '_blank', 'pm_popup_disabled' => true, 'class' => 'window_title'));
echo "<div align=\"center\">\n";
echo " <table width=\"600\" cellpadding=\"0\" cellspacing=\"0\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
html_draw_error(gettext("You must provide a link ID!"));
}
}
if (isset($_POST['parent_fid']) && is_numeric($_POST['parent_fid'])) {
$parent_fid = $_POST['parent_fid'];
} else {
if (isset($_GET['parent_fid']) && is_numeric($_GET['parent_fid'])) {
$parent_fid = $_GET['parent_fid'];
} else {
$parent_fid = 1;
}
}
$creator_uid = links_get_creator_uid($lid);
$user_perm_links_moderate = session::check_perm(USER_PERM_LINKS_MODERATE, 0);
if (!($link = links_get_single($lid, !$user_perm_links_moderate))) {
html_draw_error(gettext("Invalid link ID!"));
}
if (isset($_POST['cancel'])) {
header_redirect("links.php?webtag={$webtag}");
exit;
}
if (session::logged_in()) {
$valid = true;
if (isset($_POST['addvote'])) {
if (isset($_POST['vote']) && is_numeric($_POST['vote'])) {
links_vote($lid, $_POST['vote'], $_SESSION['UID']);
$success_msg = gettext("Your vote has been recorded");
} else {
$error_msg_array[] = gettext("You must choose a rating!");
$valid = false;
}
require_once BH_INCLUDE_PATH . 'logon.inc.php';
require_once BH_INCLUDE_PATH . 'mods_list.inc.php';
require_once BH_INCLUDE_PATH . 'session.inc.php';
require_once BH_INCLUDE_PATH . 'threads.inc.php';
require_once BH_INCLUDE_PATH . 'word_filter.inc.php';
// Check we're logged in correctly
if (!session::logged_in()) {
html_guest_error();
}
if (isset($_GET['fid']) && is_numeric($_GET['fid'])) {
$fid = $_GET['fid'];
} else {
if (isset($_POST['fid']) && is_numeric($_POST['fid'])) {
$fid = $_POST['fid'];
} else {
html_draw_error(gettext("Cannot display folder moderators"));
}
}
$folder_title = folder_get_title($fid);
html_draw_top(sprintf('title=%s', sprintf(gettext("Moderator list - %s"), $folder_title)), 'pm_popup_disabled', 'class=window_title');
echo "<div align=\"center\">\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"550\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"posthead\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\" colspan=\"1\">", gettext("Moderator list"), " - ", $folder_title, "</td>\n";
echo " </tr>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
if ($admin_edit === true) {
echo " <tr>\n";
echo " <td align=\"center\">", form_submit("save", gettext("Save")), " ", form_submit("cancel", gettext("Cancel")), "</td>\n";
echo " </tr>\n";
} else {
echo " <tr>\n";
echo " <td align=\"center\">", form_submit("save", gettext("Save")), "</td>\n";
echo " </tr>\n";
}
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo "</form>\n";
if ($admin_edit === true) {
echo "</div>\n";
}
html_draw_bottom();
} else {
html_draw_error(gettext("The forum owner has not set up Profiles."));
}
html_display_warning_msg(sprintf('%s<p>%s</p>%s', gettext("<b>All</b> matches against the whole text so filtering mom to mum will also change moment to mument."), gettext("<b>Whole Word</b> matches against whole words only so filtering mom to mum will NOT change moment to mument."), gettext("<b>PREG</b> allows you to use Perl Regular Expressions to match text.")), '600', 'left');
echo "</form>\n";
html_draw_bottom();
} else {
if (isset($_POST['filter_id']) || isset($_GET['filter_id'])) {
if (isset($_POST['filter_id']) && is_numeric($_POST['filter_id'])) {
$filter_id = $_POST['filter_id'];
} else {
if (isset($_GET['filter_id']) && is_numeric($_GET['filter_id'])) {
$filter_id = $_GET['filter_id'];
} else {
html_draw_error(gettext("You must specify a filter ID"));
}
}
if (!($word_filter_array = user_get_word_filter($filter_id))) {
html_draw_error(gettext("Invalid Filter ID"));
exit;
}
html_draw_top(sprintf('title=%s', gettext("My Controls - Edit Word Filter")), 'class=window_title');
echo "<h1>", gettext("Edit Word Filter"), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '600', 'left');
}
echo "<br />\n";
echo "<form accept-charset=\"utf-8\" name=\"startpage\" method=\"post\" action=\"edit_wordfilter.php\">\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden('filter_id', htmlentities_array($filter_id)), "\n";
echo " ", form_input_hidden("delete_filters[{$filter_id}]", 'Y'), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"600\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">", form_submit("user_alias_submit", gettext("Update")), " ", form_submit("cancel", gettext("Back")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo "</form>\n";
echo "</div>\n";
html_draw_bottom();
exit;
} else {
if ($action == 'delete_user') {
if (!session::check_perm(USER_PERM_ADMIN_TOOLS, 0, 0)) {
html_draw_error(gettext("You do not have permission to use this section."), 'admin_user.php', 'get', array('back' => gettext("Back")), array('uid' => $uid));
}
html_draw_top("title={$page_title}", 'class=window_title');
echo "<h1>{$page_title}</h1>\n";
echo "<br />\n";
echo "<div align=\"center\">\n";
echo "<form accept-charset=\"utf-8\" name=\"admin_user_form\" action=\"admin_user.php\" method=\"post\">\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden("uid", htmlentities_array($uid)), "\n";
echo " ", form_input_hidden("action", htmlentities_array($action)), "\n";
echo " ", form_input_hidden("ret", htmlentities_array("admin_user.php?webtag={$webtag}&uid={$uid}")), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"600\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
}
}
if (isset($_POST['remove'])) {
if (isset($_POST['remove_user']) && is_array($_POST['remove_user'])) {
foreach ($_POST['remove_user'] as $uid) {
if (perm_user_in_group($uid, $gid)) {
perm_remove_user_from_group($uid, $gid);
if (($user_logon = user_get_logon($uid)) && ($group_name = perm_get_group_name($gid))) {
admin_add_log_entry(REMOVE_USER_FROM_GROUP, array($user_logon, $group_name));
}
}
}
}
}
if (!($group = perm_get_group($gid))) {
html_draw_error(gettext("Supplied GID is not a user group"), 'admin_user_groups.php', 'get', array('back' => gettext("Back")));
}
html_draw_top(array('title' => sprintf(gettext('Admin - Manage User Groups - %s - Add/Remove Users'), $group['GROUP_NAME']), 'class' => 'window_title', 'main_css' => 'admin.css'));
$group_users_array = perm_group_get_users($gid, $start_main);
echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Manage User Groups"), html_style_image('separator'), "{$group['GROUP_NAME']}", html_style_image('separator'), "", gettext("Add/Remove Users"), "</h1>\n";
if (isset($_GET['added'])) {
html_display_success_msg(gettext("Successfully added group. Add users to this group by searching for them below."), '800', 'center');
} else {
if (sizeof($group_users_array['user_array']) < 1) {
html_display_warning_msg(gettext("There are no users in this group. Add users to this group by searching for them below."), '800', 'center');
}
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo "<form accept-charset=\"utf-8\" name=\"f_folders\" action=\"admin_user_groups_edit_users.php\" method=\"post\">\n";
echo " ", form_csrf_token_field(), "\n";
// If attachments are disabled then no need to go any further.
if (forum_get_setting('attachments_enabled', 'N')) {
html_draw_error(gettext("Attachments have been disabled by the forum owner."));
}
// If the attachments directory is undefined we can't go any further
if (!($attachment_dir = attachments_check_dir())) {
html_draw_error(gettext("Attachments have been disabled by the forum owner."));
}
// If no AID we must stop.
if (isset($_GET['aid']) && is_md5($_GET['aid'])) {
$aid = $_GET['aid'];
} else {
if (isset($_POST['aid']) && is_md5($_POST['aid'])) {
$aid = $_POST['aid'];
} else {
html_draw_error(gettext("AID not specified."));
}
}
// User's UID
$uid = session::get_value('UID');
// Maximum attachment space
$max_attachment_space = attachments_get_max_space();
// Get user's free attachment space.
$users_free_space = attachments_get_free_space($uid, $aid);
// Get the array of allowed attachment mime-types
$attachment_mime_types = attachments_get_mime_types();
// Accumlative attachment file size.
$total_attachment_size = 0;
// Check that $attachment_dir does not have a slash on the end of it.
if (mb_substr($attachment_dir, -1) == '/') {
$attachment_dir = mb_substr($attachment_dir, 0, -1);
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
} else {
if (isset($_POST['lid']) || isset($_GET['lid'])) {
if (isset($_POST['lid']) && is_numeric($_POST['lid'])) {
$lid = $_POST['lid'];
} else {
if (isset($_GET['lid']) && is_numeric($_GET['lid'])) {
$lid = $_GET['lid'];
} else {
html_draw_error(gettext("Invalid link id or link not found"), 'admin_forum_links.php', 'get', array('back' => gettext("Back")));
}
}
if (!($forum_link = forum_links_get_link($lid))) {
html_draw_error(gettext("Invalid link id or link not found"), 'admin_forum_links.php', 'get', array('back' => gettext("Back")));
}
html_draw_top(array('title' => sprintf(gettext('Admin - Forum Links - Edit Link - %s'), $forum_link['TITLE']), 'class' => 'window_title', 'main_css' => 'admin.css'));
echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Forum Links"), html_style_image('separator'), gettext("Edit Link"), html_style_image('separator'), word_filter_add_ob_tags($forum_link['TITLE'], true), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '700', 'center');
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo " <form accept-charset=\"utf-8\" name=\"thread_options\" action=\"admin_forum_links.php\" method=\"post\" target=\"_self\">\n";
echo " ", form_csrf_token_field(), "\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden('lid', htmlentities_array($lid)), "\n";
echo " ", form_input_hidden("t_delete[{$lid}]", "Y"), "\n";
echo " ", form_input_hidden('page', htmlentities_array($page)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"700\">\n";
}
// Load the user prefs
$user_prefs = user_get_prefs($_SESSION['UID']);
// Get the fontsize parameter
$fontsize = isset($_GET['fontsize']) ? $_GET['fontsize'] : null;
// Calculate the new font size.
switch ($fontsize) {
case 'smaller':
$user_prefs = array('FONT_SIZE' => $user_prefs['FONT_SIZE'] - 1);
break;
case 'larger':
$user_prefs = array('FONT_SIZE' => $user_prefs['FONT_SIZE'] + 1);
break;
default:
$user_prefs = array('FONT_SIZE' => $user_prefs['FONT_SIZE']);
break;
}
// Check the font size is not lower than 5
if ($user_prefs['FONT_SIZE'] < 5) {
$user_prefs['FONT_SIZE'] = 5;
}
// Check the font size is not greater than 15
if ($user_prefs['FONT_SIZE'] > 15) {
$user_prefs['FONT_SIZE'] = 15;
}
// Update the user prefs.
if (!user_update_prefs($_SESSION['UID'], $user_prefs)) {
html_draw_error(gettext("Your user preferences could not be updated. Please try again later."));
}
// Redirect back to the messages.
header_redirect("messages.php?webtag={$webtag}&msg={$msg}&font_resize=1");
if (count($edit_message) > 0) {
if ($edit_message['CONTENT'] = message_get_content($tid, $pid)) {
if ((forum_get_setting('allow_post_editing', 'N') || $uid != $edit_message['FROM_UID'] && !(perm_get_user_permissions($edit_message['FROM_UID']) & USER_PERM_PILLORIED) || session::check_perm(USER_PERM_PILLORIED, 0) || $post_edit_time > 0 && time() - $edit_message['CREATED'] >= $post_edit_time * HOUR_IN_SECONDS) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg));
}
if (forum_get_setting('require_post_approval', 'Y') && isset($edit_message['APPROVED']) && $edit_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg));
}
$parsed_message = new MessageTextParse($edit_message['CONTENT']);
$t_content = $parsed_message->getMessage();
$t_sig = $parsed_message->getSig();
} else {
html_draw_error(sprintf(gettext("Message %s was not found"), $msg), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg));
}
} else {
html_draw_error(sprintf(gettext("Message %s was not found"), $msg), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg));
}
}
}
}
$page_title = sprintf(gettext("Edit message %s"), $msg);
html_draw_top("title={$page_title}", "resize_width=785", "basetarget=_blank", "attachments.js", "dictionary.js", "emoticons.js", "post.js", 'class=window_title');
echo "<h1>{$page_title}</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '785', 'left');
}
echo "<br /><form accept-charset=\"utf-8\" name=\"f_post\" action=\"edit.php\" method=\"post\" target=\"_self\">\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden('msg', htmlentities_array($msg)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"785\" class=\"max_width\">\n";
echo " <tr>\n";
require_once 'boot.php';
// Includes required by this page.
require_once BH_INCLUDE_PATH . 'constants.inc.php';
require_once BH_INCLUDE_PATH . 'form.inc.php';
require_once BH_INCLUDE_PATH . 'format.inc.php';
require_once BH_INCLUDE_PATH . 'header.inc.php';
require_once BH_INCLUDE_PATH . 'html.inc.php';
require_once BH_INCLUDE_PATH . 'lang.inc.php';
require_once BH_INCLUDE_PATH . 'links.inc.php';
require_once BH_INCLUDE_PATH . 'logon.inc.php';
require_once BH_INCLUDE_PATH . 'perm.inc.php';
require_once BH_INCLUDE_PATH . 'session.inc.php';
require_once BH_INCLUDE_PATH . 'word_filter.inc.php';
// Check links section is enabled
if (!forum_get_setting('show_links', 'Y')) {
html_draw_error(gettext("You may not access this section."));
}
$folders = links_folders_get(!session::check_perm(USER_PERM_LINKS_MODERATE, 0));
if (isset($_GET['fid']) && isset($folders[$_GET['fid']])) {
$fid = $_GET['fid'];
} else {
if (is_array($folders)) {
list($fid) = array_keys($folders);
} else {
links_create_top_folder(gettext("Top Level"));
header_redirect("links.php?webtag={$webtag}&fid=1");
}
}
if (isset($_GET['action'])) {
if (session::check_perm(USER_PERM_LINKS_MODERATE, 0) && $_GET['action'] == "folderhide") {
links_folder_change_visibility($fid, false);
} else {
html_draw_error(gettext("You must specify type of search to perform"));
}
}
// Check the multi selection with the type
if ($type == SEARCH_THREAD) {
$multi = 'N';
}
// Form Object ID
if (isset($_POST['obj_id']) && strlen(trim($_POST['obj_id'])) > 0) {
$obj_id = trim($_POST['obj_id']);
} else {
if (isset($_GET['obj_id']) && strlen(trim($_GET['obj_id'])) > 0) {
$obj_id = trim($_GET['obj_id']);
} else {
html_draw_error(gettext("No form object specified for return text"));
}
}
// Current selection
if (isset($_POST['selected']) && is_array($_POST['selected'])) {
$selected_array = array_unique($_POST['selected']);
} else {
if (isset($_GET['selected']) && strlen(trim($_GET['selected'])) > 0) {
$selected_array = array_unique(preg_split('/,\\s*/u', trim($_GET['selected'], ', ')));
} else {
$selected_array = array();
}
}
// Make sure the selected_array is not greater than maxmium
if ($type == SEARCH_LOGON && $multi === 'Y') {
$selected_array = array_splice($selected_array, 0, 10);
list($thread_info, $folder_order, $thread_count) = threads_get_sticky($uid, $folder, $page);
break;
case MOST_UNREAD_POSTS:
list($thread_info, $folder_order, $thread_count) = threads_get_longest_unread($uid, $folder, $page);
break;
case DELETED_THREADS:
list($thread_info, $folder_order, $thread_count) = threads_get_deleted($uid, $folder, $page);
break;
default:
list($thread_info, $folder_order, $thread_count) = threads_get_all($uid, $folder, $page);
break;
}
// Now, the actual bit that displays the threads...
// Get folder FIDs and titles
if (!($folder_info = threads_get_folders())) {
html_draw_error(gettext("There are no folders available."));
}
// Get total number of messages for each folder
$folder_msgs = threads_get_folder_msgs();
// Check that the folder order is a valid array.
if (!is_array($folder_order)) {
$folder_order = array();
}
// Check the folder display order.
if (session::get_value('THREADS_BY_FOLDER') == 'Y') {
$folder_order = array_keys($folder_info);
}
// Check for a message to display and re-order the thread list.
if (isset($_REQUEST['msg']) && validate_msg($_REQUEST['msg'])) {
list($selected_tid) = explode('.', $_REQUEST['msg']);
if ($thread = thread_get($selected_tid)) {
require_once BH_INCLUDE_PATH . 'post.inc.php';
require_once BH_INCLUDE_PATH . 'session.inc.php';
require_once BH_INCLUDE_PATH . 'styles.inc.php';
require_once BH_INCLUDE_PATH . 'text_captcha.inc.php';
require_once BH_INCLUDE_PATH . 'timezone.inc.php';
require_once BH_INCLUDE_PATH . 'user.inc.php';
// Where are we going after we've logged on?
if (isset($_GET['final_uri']) && strlen(trim($_GET['final_uri'])) > 0) {
$available_files_preg = implode("|^", array_map('preg_quote_callback', get_available_files()));
if (preg_match("/^{$available_files_preg}/u", trim($_GET['final_uri'])) > 0) {
$final_uri = href_cleanup_query_keys($_GET['final_uri']);
}
}
// check to see if user registration is available
if (forum_get_setting('allow_new_registrations', 'N')) {
html_draw_error(gettext("Sorry, new user registrations are not allowed right now. Please check back later."));
}
// Get an array of available emoticon sets
$available_emoticons = emoticons_get_available();
// Get an array of available languages
$available_langs = lang_get_available();
// Get an array of available timezones.
$available_timezones = get_available_timezones();
// Initialise the text captcha
$text_captcha = new captcha(6, 15, 25, 9, 30);
// Array to hold error messages
$error_msg_array = array();
// Top frame target
$frame_top_target = html_get_top_frame_name();
if (isset($_GET['private_key']) && strlen(trim($_GET['private_key'])) > 0) {
$text_captcha_private_key = trim($_GET['private_key']);
function post_edit_refuse($tid, $pid)
{
html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => "{$tid}.{$pid}"));
}
if (links_add_folder($fid, $name, $_SESSION['UID'], true)) {
header_redirect("links.php?webtag={$webtag}&fid={$fid}&folder_added={$name}");
exit;
} else {
$error_msg_array[] = gettext("Failed to add folder");
$valid = false;
}
}
} else {
if (isset($_GET['fid']) && is_numeric($_GET['fid'])) {
$fid = $_GET['fid'];
if ($_GET['mode'] == 'link' && !in_array($fid, array_keys($folders))) {
html_draw_error(gettext("You must specify a valid folder!"));
}
} else {
html_draw_error(gettext("You must specify a folder!"));
}
}
}
if ($mode == LINKS_ADD_LINK) {
html_draw_top(array('title' => gettext("Links - Add a link"), 'class' => 'window_title'));
echo "<h1>", gettext("Links"), html_style_image('separator'), gettext("Add a link"), "</h1>\n";
echo "<p>", gettext("Adding link in"), ": <b>" . links_get_folder_path_links($fid, $folders, false) . "</b></p>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '500', 'left');
}
echo "<form accept-charset=\"utf-8\" name=\"linkadd\" action=\"links_add.php\" method=\"post\" target=\"_self\">\n";
echo " ", form_csrf_token_field(), "\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden("fid", htmlentities_array($fid)) . "\n";
echo " ", form_input_hidden("mode", LINKS_ADD_LINK) . "\n";
$available_files_preg = implode("|^", array_map('preg_quote_callback', get_available_files()));
if (preg_match("/^{$available_files_preg}/u", basename($ret)) < 1) {
$ret = "admin_forums.php?webtag={$webtag}";
}
}
if (isset($_POST['back'])) {
header_redirect($ret);
}
if (isset($_POST['enable'])) {
if (forum_update_access($forum_fid, FORUM_RESTRICTED)) {
header_redirect("admin_forum_access.php?webtag={$webtag}");
exit;
}
}
if (!forum_get_setting('access_level', FORUM_RESTRICTED)) {
html_draw_error(gettext("Forum is not set to Restricted Mode. Do you want to enable it now?"), 'admin_forum_access.php', 'post', array('enable' => gettext("Enable"), 'back' => gettext("Back")), array('ret' => $ret), false, 'center');
}
if (isset($_GET['page']) && is_numeric($_GET['page'])) {
$main_page = $_GET['main_page'];
} else {
if (isset($_POST['main_page']) && is_numeric($_POST['main_page'])) {
$main_page = $_POST['main_page'];
} else {
$main_page = 1;
}
}
if (isset($_GET['search_page']) && is_numeric($_GET['search_page'])) {
$search_page = $_GET['search_page'];
} else {
if (isset($_POST['search_page']) && is_numeric($_POST['search_page'])) {
$search_page = $_POST['search_page'];
} else {
if (isset($_GET['print_msg']) && validate_msg($_GET['print_msg'])) {
$msg = $_GET['print_msg'];
list($tid, $pid) = explode('.', $msg);
} else {
html_draw_error(gettext("Invalid Message ID or no Message ID specified."));
}
}
if (!($thread_data = thread_get($tid, session::check_perm(USER_PERM_ADMIN_TOOLS, 0)))) {
html_draw_error(gettext("The requested thread could not be found or access was denied."));
}
if (!($folder_data = folder_get($thread_data['FID']))) {
html_draw_error(gettext("The requested folder could not be found or access was denied."));
}
if (!($message = messages_get($tid, $pid, 1))) {
html_draw_error(gettext("That post does not exist in this thread!"));
}
html_draw_top("title={$thread_data['TITLE']}", "post.js", "basetarget=_blank", 'class=window_title');
if (isset($thread_data['STICKY']) && isset($thread_data['STICKY_UNTIL'])) {
if ($thread_data['STICKY'] == "Y" && $thread_data['STICKY_UNTIL'] != 0 && time() > $thread_data['STICKY_UNTIL']) {
thread_set_sticky($tid, false);
$thread_data['STICKY'] = "N";
}
}
$show_sigs = session::get_value('VIEW_SIGS') == 'N' ? false : true;
echo "<div align=\"center\">\n";
echo "<table width=\"96%\" border=\"0\">\n";
echo " <tr>\n";
echo " <td align=\"left\">", messages_top($tid, $pid, $thread_data['FID'], $folder_data['TITLE'], $thread_data['TITLE'], $thread_data['INTEREST'], $folder_data['INTEREST'], $thread_data['STICKY'], $thread_data['CLOSED'], $thread_data['ADMIN_LOCK'], $thread_data['DELETED'] == 'Y', true), "</td>\n";
echo " <td align=\"right\">", messages_social_links($tid), "</td>\n";
echo " </tr>\n";
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
} else {
if (isset($_POST['feed_id']) || isset($_GET['feed_id'])) {
if (isset($_POST['feed_id']) && is_numeric($_POST['feed_id'])) {
$feed_id = $_POST['feed_id'];
} else {
if (isset($_GET['feed_id']) && is_numeric($_GET['feed_id'])) {
$feed_id = $_GET['feed_id'];
} else {
html_draw_error(gettext("Invalid feed id or feed not found"), 'admin_rss_feeds.php', 'get', array('back' => gettext("Back")));
}
}
if (!($rss_feed = rss_feed_get($feed_id))) {
html_draw_error(gettext("Invalid feed id or feed not found"), 'admin_rss_feeds.php', 'get', array('back' => gettext("Back")));
}
html_draw_top(sprintf('title=%s', sprintf(gettext("Admin - RSS Feeds - Edit Feed - %s"), $rss_feed['NAME'])), 'search_popup.js', 'class=window_title');
echo "<h1>", gettext("Admin"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("RSS Feeds"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("Edit Feed"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", word_filter_add_ob_tags($rss_feed['NAME'], true), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '500', 'center');
} else {
if (isset($rss_stream_success)) {
html_display_success_msg($rss_stream_success, '500', 'center');
}
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo " <form accept-charset=\"utf-8\" name=\"thread_options\" action=\"admin_rss_feeds.php\" method=\"post\" target=\"_self\">\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden('feed_id', htmlentities_array($feed_id)), "\n";
if (!($user_peer = user_get($peer_uid))) {
html_draw_error(gettext("Invalid username!"));
}
} else {
if (isset($_POST['uid']) && is_numeric($_POST['uid'])) {
$peer_uid = $_POST['uid'];
if (!($user_peer = user_get($peer_uid))) {
html_draw_error(gettext("Invalid username!"));
}
} else {
html_draw_error(gettext("No user specified!"));
}
}
// Cannot modify relationship settings for the current account
if ($peer_uid == $_SESSION['UID']) {
html_draw_error(gettext("You cannot change user relationship for your own user account"));
}
// Fetch the perms of the peer
$peer_perms = perm_get_user_permissions($peer_uid);
// Form submt code
if (isset($_POST['save'])) {
$peer_user_status = (double) isset($_POST['peer_user_status']) ? $_POST['peer_user_status'] : 0;
$peer_sig_display = (double) isset($_POST['peer_sig_display']) ? $_POST['peer_sig_display'] : 0;
$peer_block_pm = (double) isset($_POST['peer_block_pm']) ? $_POST['peer_block_pm'] : 0;
$peer_relationship = (double) $peer_user_status | $peer_sig_display | $peer_block_pm;
if (isset($_POST['nickname']) && strlen(trim($_POST['nickname'])) > 0) {
$peer_nickname = strip_tags(trim($_POST['nickname']));
} else {
if (!($peer_nickname = user_get_nickname($peer_uid))) {
$peer_nickname = "";
}
exit;
} else {
$error_msg_array[] = gettext("Error creating post! Please try again in a few minutes.");
}
} else {
$error_msg_array[] = sprintf(gettext("You can only post once every %s seconds. Please try again later."), forum_get_setting('minimum_post_frequency', null, 0));
}
}
if (!isset($t_fid)) {
$t_fid = 1;
}
if ($new_thread && !($folder_dropdown = folder_draw_dropdown($t_fid, "t_fid", "", FOLDER_ALLOW_NORMAL_THREAD, USER_PERM_THREAD_CREATE, "", "post_folder_dropdown"))) {
html_draw_error(gettext("You cannot create new threads."));
}
if (isset($thread_data['CLOSED']) && $thread_data['CLOSED'] > 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_error(gettext("This thread is closed, you cannot post in it!"));
}
html_draw_top(sprintf("title=%s", gettext("Post message")), "resize_width=785", "basetarget=_blank", "post.js", "attachments.js", "emoticons.js", "dictionary.js", 'search.js', 'search_popup.js', 'class=window_title');
echo "<h1>", gettext("Post message"), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '785', 'left');
}
if (!$new_thread && isset($thread_data['CLOSED']) && $thread_data['CLOSED'] > 0 && session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_display_warning_msg(gettext("Warning: this thread is closed for posting to normal users."), '785', 'left');
}
echo "<br /><form accept-charset=\"utf-8\" name=\"f_post\" action=\"post.php\" method=\"post\" target=\"_self\">\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden('t_dedupe', htmlentities_array($t_dedupe)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"785\" class=\"max_width\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
} else {
if (isset($_POST['psid']) || isset($_GET['psid'])) {
if (isset($_POST['psid']) && is_numeric($_POST['psid'])) {
$psid = $_POST['psid'];
} else {
if (isset($_GET['psid']) && is_numeric($_GET['psid'])) {
$psid = $_GET['psid'];
} else {
html_draw_error(gettext("Invalid profile section ID or section not found"), 'admin_prof_sect.php', 'get', array('back' => gettext("Back")));
}
}
if (!($profile_section = profile_get_section($psid))) {
html_draw_error(gettext("Invalid profile section ID or section not found"), 'admin_prof_sect.php', 'get', array('back' => gettext("Back")));
}
html_draw_top(array('title' => sprintf(gettext('Admin - Manage Profile Sections - %s'), $profile_section['NAME']), 'class' => 'window_title', 'main_css' => 'admin.css'));
echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Manage Profile Sections"), html_style_image('separator'), word_filter_add_ob_tags($profile_section['NAME'], true), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '700', 'center');
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo " <form accept-charset=\"utf-8\" name=\"thread_options\" action=\"admin_prof_sect.php\" method=\"post\" target=\"_self\">\n";
echo " ", form_csrf_token_field(), "\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden('psid', htmlentities_array($psid)), "\n";
echo " ", form_input_hidden('page', htmlentities_array($page)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"700\">\n";
echo " <tr>\n";
if ($high_interest == "Y") {
thread_set_high_interest($tid);
}
}
if (isset($tid) && $tid > 0) {
$uri = "discussion.php?webtag={$webtag}&msg={$tid}.1";
} else {
$uri = "discussion.php?webtag={$webtag}";
}
header_redirect($uri);
} else {
$error_msg_array[] = sprintf(gettext("You can only post once every %s seconds. Please try again later."), forum_get_setting('minimum_post_frequency', null, 0));
}
}
if (!($folder_dropdown = folder_draw_dropdown($fid, "fid", "", FOLDER_ALLOW_POLL_THREAD, USER_PERM_THREAD_CREATE, "", "post_folder_dropdown"))) {
html_draw_error(gettext("You cannot create new threads."));
}
html_draw_top(sprintf("title=%s", gettext("Create Poll")), "basetarget=_blank", "resize_width=785", "post.js", "poll.js", "attachments.js", "dictionary.js", "emoticons.js", 'class=window_title');
echo "<h1>", gettext("Create Poll"), "</h1>\n";
if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
html_display_error_array($error_msg_array, '785', 'left');
}
echo "<br />\n";
echo "<form accept-charset=\"utf-8\" name=\"f_poll\" action=\"create_poll.php\" method=\"post\" target=\"_self\">\n";
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " ", form_input_hidden('dedupe', htmlentities_array($dedupe)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"785\" class=\"max_width\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
if (isset($_POST['offset_match']) && is_numeric($_POST['offset_match'])) {
$offset_match = $_POST['offset_match'];
} else {
$offset_match = 0;
}
// Restart the spell check
if (isset($_POST['restart'])) {
$current_word = -1;
$offset_match = 0;
$t_ignored_words = array();
}
// New instance of the dictionary
$dictionary = new dictionary();
// Check it's installed
if (!$dictionary->is_installed()) {
html_draw_error(gettext("No dictionary has been installed. Please contact the forum owner to remedy this."));
}
// Initialise it
$dictionary->initialise($t_content, $t_ignored_words, $current_word, $obj_id, $offset_match);
// Check for submit
if (isset($_POST['ignoreall'])) {
// User wants to ignore all references to the current word
$dictionary->add_ignored_word($dictionary->get_current_word());
$dictionary->find_next_word();
} else {
if (isset($_POST['add'])) {
// User wants to add the current word to his dictionary
if (isset($_POST['word']) && strlen(trim($_POST['word'])) > 0) {
$t_custom_word = trim($_POST['word']);
$dictionary->add_custom_word($t_custom_word);
}
function forum_restricted_message()
{
$final_uri = basename(get_request_uri());
$popup_files_preg = get_available_js_popup_files_preg();
if (preg_match("/^{$popup_files_preg}/", $final_uri) > 0) {
$forum_owner_link_target = "_blank";
} else {
$forum_owner_link_target = html_get_top_frame_name();
}
if ($restricted_message = forum_get_setting('restricted_message')) {
html_draw_error(fix_html($restricted_message), '600', 'center');
} else {
$forum_name = forum_get_setting('forum_name', null, 'A Beehive Forum');
if (!($forum_owner_uid = forum_get_setting('owner_uid'))) {
html_draw_error(sprintf(gettext("You do not have access to %s"), htmlentities_array($forum_name)));
}
$webtag = get_webtag();
$forum_owner_pm_link = sprintf('pm_write.php?webtag=%s&uid=%s', $webtag, $forum_owner_uid);
$forum_owner_link = sprintf('<a href="index.php?webtag=%s&final_uri=%s">%s</a>', $webtag, rawurlencode($forum_owner_pm_link), gettext('Forum Owner'));
$apply_for_access_text = sprintf(gettext("To apply for access please contact the %s."), $forum_owner_link);
html_draw_error(sprintf(gettext("You do not have access to %s. To apply for access please contact the %s"), htmlentities_array($forum_name), $apply_for_access_text));
}
}
}
header_redirect($uri);
}
if (!($edit_message = messages_get($tid, 1, 1))) {
html_draw_top(sprintf("title=%s", gettext("Error")));
html_display_error_msg(gettext("That post does not exist in this thread!"));
html_draw_bottom();
exit;
}
$post_edit_time = forum_get_setting('post_edit_time', null, 0);
$uid = session::get_value('UID');
if ((forum_get_setting('allow_post_editing', 'N') || $uid != $edit_message['FROM_UID'] && !(perm_get_user_permissions($edit_message['FROM_UID']) & USER_PERM_PILLORIED) || session::check_perm(USER_PERM_PILLORIED, 0) || $post_edit_time > 0 && time() - $edit_message['CREATED'] >= $post_edit_time * HOUR_IN_SECONDS) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $edit_message));
}
if (forum_get_setting('require_post_approval', 'Y') && isset($edit_message['APPROVED']) && $edit_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $edit_message));
}
if ($preview_message = messages_get($tid, $pid, 1)) {
$preview_message['CONTENT'] = message_get_content($tid, $pid);
if (strlen(trim($preview_message['CONTENT'])) < 1 && !thread_is_poll($tid)) {
html_draw_top(sprintf("title=%s", gettext("Error")));
post_edit_refuse($tid, $pid);
html_draw_bottom();
exit;
}
if ((session::get_value('UID') != $preview_message['FROM_UID'] || session::check_perm(USER_PERM_PILLORIED, 0)) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) {
html_draw_top(sprintf("title=%s", gettext("Error")));
post_edit_refuse($tid, $pid);
html_draw_bottom();
exit;
}
require_once BH_INCLUDE_PATH . 'html.inc.php';
require_once BH_INCLUDE_PATH . 'lang.inc.php';
require_once BH_INCLUDE_PATH . 'logon.inc.php';
require_once BH_INCLUDE_PATH . 'profile.inc.php';
require_once BH_INCLUDE_PATH . 'session.inc.php';
require_once BH_INCLUDE_PATH . 'stats.inc.php';
require_once BH_INCLUDE_PATH . 'user.inc.php';
require_once BH_INCLUDE_PATH . 'user_profile.inc.php';
require_once BH_INCLUDE_PATH . 'word_filter.inc.php';
// Check we're logged in correctly
if (!session::logged_in()) {
html_guest_error();
}
// Check we have Admin / Moderator access
if (!session::check_perm(USER_PERM_ADMIN_TOOLS, 0)) {
html_draw_error(gettext("You do not have permission to use this section."));
}
// Perform additional admin login.
admin_check_credentials();
// Array to hold error messages
$error_msg_array = array();
// Empty array for the stats
$user_stats_array = array('user_stats' => array());
// Submit code
if (isset($_POST['update'])) {
$valid = true;
if (isset($_POST['from_day']) && is_numeric($_POST['from_day'])) {
$from_day = $_POST['from_day'];
} else {
$error_msg_array[] = gettext("Must choose a start day");
$valid = false;
}
if ($search_msg = search_get_first_result_msg()) {
html_draw_top('frame_set_html', 'pm_popup_disabled');
$frameset = new html_frameset_cols('discussion', "{$left_frame_width},*");
$frameset->html_frame("search.php?webtag={$webtag}&page=1", html_get_frame_name('left'));
$frameset->html_frame("messages.php?webtag={$webtag}&msg={$search_msg}&highlight=yes{$edit_success}{$delete_success}", html_get_frame_name('right'));
$frameset->output_html();
html_draw_bottom(true);
} else {
html_draw_top('frame_set_html', 'pm_popup_disabled');
$frameset = new html_frameset_cols('discussion', "{$left_frame_width},*");
$frameset->html_frame("search.php?webtag={$webtag}&page=1", html_get_frame_name('left'));
$frameset->html_frame("search.php?webtag={$webtag}", html_get_frame_name('right'));
$frameset->output_html();
html_draw_bottom(true);
}
} else {
if ($msg = messages_get_most_recent($uid)) {
html_draw_top('frame_set_html', 'pm_popup_disabled');
$frameset = new html_frameset_cols('discussion', "{$left_frame_width},*");
$frameset->html_frame("thread_list.php?webtag={$webtag}&msg={$msg}", html_get_frame_name('left'));
$frameset->html_frame("messages.php?webtag={$webtag}&msg={$msg}{$edit_success}{$delete_success}", html_get_frame_name('right'));
$frameset->output_html();
html_draw_bottom(true);
} else {
html_draw_error(gettext("No Messages"));
}
}
}
}
}
