public function setSenha($senha)
{
if (vazio_ou_nulo($senha)) {
throw new RegraDeNegocioException('Senha não pode ser vazia!');
}
$senhaTamanho = strlen($senha);
if ($senhaTamanho > 16 || $senhaTamanho < 4) {
throw new RegraDeNegocioException('Senha deve ter entre 4 e 16 caracteres!');
}
if (!is_md5($senha)) {
$senha = md5($senha);
}
$this->senha = $senha;
}
function pm_add_sent_item($sent_item_mid, $to_uid, $from_uid, $subject, $content, $aid)
{
if (!($db = db::get())) {
return false;
}
if (!is_numeric($sent_item_mid)) {
return false;
}
if (!is_numeric($to_uid)) {
return false;
}
if (!is_numeric($from_uid)) {
return false;
}
if (!is_md5($aid)) {
return false;
}
// Escape the subject and content for insertion into database.
$subject_escaped = $db->escape($subject);
$content_escaped = $db->escape($content);
// PM_SENT constant.
$pm_sent = PM_SENT;
// Current datetime
$current_datetime = date(MYSQL_DATETIME, time());
// Insert the main PM Data into the database
$sql = "INSERT INTO PM (TYPE, TO_UID, FROM_UID, SUBJECT, RECIPIENTS, ";
$sql .= "CREATED, NOTIFIED, SMID) VALUES ('{$pm_sent}', '{$to_uid}', '{$from_uid}', ";
$sql .= "'{$subject_escaped}', '', CAST('{$current_datetime}' AS DATETIME), ";
$sql .= "1, '{$sent_item_mid}')";
if ($db->query($sql)) {
$new_mid = $db->insert_id;
// Insert the PM Content into the database
$sql = "INSERT INTO PM_CONTENT (MID, CONTENT) ";
$sql .= "VALUES ('{$new_mid}', '{$content_escaped}')";
if (!$db->query($sql)) {
return false;
}
// Save the attachment ID.
pm_save_attachment_id($new_mid, $aid);
return $new_mid;
}
return false;
}
function forum_get_password($forum_fid)
{
if (!($db = db::get())) {
return false;
}
if (!is_numeric($forum_fid)) {
return false;
}
$sql = "SELECT FORUM_PASSWD FROM FORUMS WHERE FID = '{$forum_fid}'";
if (!($result = $db->query($sql))) {
return false;
}
if ($result->num_rows == 0) {
return false;
}
list($forum_passwd) = $result->fetch_row();
return is_md5($forum_passwd) ? $forum_passwd : false;
}
if (isset($_POST['message_text']) && strlen(trim($_POST['message_text'])) > 0) {
$message_text = fix_html(emoticons_strip($_POST['message_text']));
}
$allow_html = true;
$allow_sig = true;
if (isset($fid) && !session::check_perm(USER_PERM_HTML_POSTING, $fid)) {
$allow_html = false;
}
if (isset($fid) && !session::check_perm(USER_PERM_SIGNATURE, $fid)) {
$allow_sig = false;
}
if ($allow_html == false) {
$message_text = htmlentities_array($message_text);
$sig_text = htmlentities_array($sig_text);
}
if (isset($_POST['aid']) && is_md5($_POST['aid'])) {
$aid = $_POST['aid'];
} else {
$aid = md5(uniqid(mt_rand()));
}
if (session::check_perm(USER_PERM_EMAIL_CONFIRM, 0)) {
html_email_confirmation_error();
exit;
}
if (isset($_POST['preview_poll']) || isset($_POST['preview_form']) || isset($_POST['post'])) {
$valid = true;
if (!isset($thread_title) || strlen(trim($thread_title)) == 0) {
$error_msg_array[] = gettext("You must enter a title for the thread!");
$valid = false;
}
if (!isset($fid) || !folder_is_valid($fid)) {
function post_save_attachment_id($tid, $pid, $aid)
{
if (!is_numeric($tid)) {
return false;
}
if (!is_numeric($pid)) {
return false;
}
if (!is_md5($aid)) {
return false;
}
if (!($db = db::get())) {
return false;
}
if (!($table_prefix = get_table_prefix())) {
return false;
}
if (!($forum_fid = get_forum_fid())) {
return false;
}
$sql = "INSERT INTO POST_ATTACHMENT_IDS (FID, TID, PID, AID) ";
$sql .= "VALUES ({$forum_fid}, {$tid}, {$pid}, '{$aid}') ON DUPLICATE KEY ";
$sql .= "UPDATE AID = VALUES(AID)";
if (!$db->query($sql)) {
return false;
}
return true;
}
function message_display($tid, $message, $msg_count, $first_msg, $folder_fid, $in_list = true, $closed = false, $limit_text = true, $is_poll = false, $show_sigs = true, $is_preview = false, $highlight_array = array())
{
$perm_is_moderator = session::check_perm(USER_PERM_FOLDER_MODERATE, $folder_fid);
$post_edit_time = forum_get_setting('post_edit_time', null, 0);
$post_edit_grace_period = forum_get_setting('post_edit_grace_period', null, 0);
$webtag = get_webtag();
if (($uid = session::get_value('UID')) === false) {
return;
}
if ($posts_per_page = session::get_value('POSTS_PER_PAGE')) {
if ($posts_per_page < 10) {
$posts_per_page = 10;
}
if ($posts_per_page > 30) {
$posts_per_page = 30;
}
} else {
$posts_per_page = 20;
}
if (($quick_reply = session::get_value('REPLY_QUICK')) === false) {
$quick_reply = 'N';
}
if ((!isset($message['CONTENT']) || $message['CONTENT'] == "") && !$is_preview) {
message_display_deleted($tid, isset($message['PID']) ? $message['PID'] : 0, $message, $in_list, $is_preview, $first_msg, $msg_count, $posts_per_page);
return;
}
$from_user_permissions = perm_get_user_permissions($message['FROM_UID']);
if ($uid != $message['FROM_UID']) {
if ($from_user_permissions & USER_PERM_WORMED && !$perm_is_moderator) {
message_display_deleted($tid, $message['PID'], $message, $in_list, $is_preview, $first_msg, $msg_count, $posts_per_page);
return;
}
}
if (!isset($message['FROM_RELATIONSHIP'])) {
$message['FROM_RELATIONSHIP'] = 0;
}
if (!isset($message['TO_RELATIONSHIP'])) {
$message['TO_RELATIONSHIP'] = 0;
}
if ($message['TO_RELATIONSHIP'] & USER_IGNORED_COMPLETELY || $message['FROM_RELATIONSHIP'] & USER_IGNORED_COMPLETELY) {
message_display_deleted($tid, $message['PID'], $message, $in_list, $is_preview, $first_msg, $msg_count, $posts_per_page);
return;
}
// Add emoticons/WikiLinks and ignore signature ----------------------------
if (session::get_value('IMAGES_TO_LINKS') == 'Y') {
$message['CONTENT'] = preg_replace('/<a([^>]*)href="([^"]*)"([^\\>]*)><img[^>]*src="([^"]*)"[^>]*><\\/a>/iu', '[href: <a\\1href="\\2"\\3>\\2</a>][img: <a\\1href="\\4"\\3>\\4</a>]', $message['CONTENT']);
$message['CONTENT'] = preg_replace('/<img[^>]*src="([^"]*)"[^>]*>/iu', '[img: <a href="\\1">\\1</a>]', $message['CONTENT']);
$message['CONTENT'] = preg_replace('/<embed[^>]*src="([^"]*)"[^>]*>/iu', '[object: <a href="\\1">\\1</a>]', $message['CONTENT']);
}
if (!$is_poll || $is_poll && isset($message['PID']) && $message['PID'] > 1) {
$message['CONTENT'] = message_apply_formatting($message['CONTENT'], $message['FROM_RELATIONSHIP'] & USER_IGNORED_SIG || !$show_sigs);
}
// Check length of post to see if we should truncate it for display --------
if (mb_strlen(strip_tags($message['CONTENT'])) > intval(forum_get_setting('maximum_post_length', null, 6226)) && $limit_text) {
$cut_msg = mb_substr($message['CONTENT'], 0, intval(forum_get_setting('maximum_post_length', null, 6226)));
$cut_msg = preg_replace("/(<[^>]+)?\$/Du", "", $cut_msg);
$message['CONTENT'] = fix_html($cut_msg);
$message['CONTENT'] .= "…[" . gettext("Message Truncated") . "]\n<p align=\"center\"><a href=\"display.php?webtag={$webtag}&msg={$tid}.{$message['PID']}\" target=\"_self\">" . gettext("View full message") . "</a>";
}
// Check for words that should be filtered ---------------------------------
if (!$is_poll || $is_poll && isset($message['PID']) && $message['PID'] > 1) {
$message['CONTENT'] = word_filter_add_ob_tags($message['CONTENT'], false);
}
if ($in_list && isset($message['PID'])) {
echo "<a name=\"a{$tid}_{$message['PID']}\"></a>\n";
}
// Check for search words to highlight -------------------------------------
if (is_array($highlight_array) && sizeof($highlight_array) > 0) {
$highlight_pattern = array();
$highlight_replace = array();
foreach ($highlight_array as $key => $word) {
$highlight_word = preg_quote($word, "/");
$highlight_pattern[$key] = "/({$highlight_word})/iu";
$highlight_replace[$key] = "<span class=\"highlight\">\\1</span>";
}
$message_parts = preg_split('/([<|>])/u', $message['CONTENT'], -1, PREG_SPLIT_DELIM_CAPTURE);
for ($i = 0; $i < sizeof($message_parts); $i++) {
if (!($i % 4)) {
$message_parts[$i] = preg_replace($highlight_pattern, $highlight_replace, $message_parts[$i], 1);
}
}
$message['CONTENT'] = implode("", $message_parts);
}
// Little up/down arrows to the left of each message -----------------------
if (forum_get_setting('require_post_approval', 'Y') && $message['FROM_UID'] != $uid) {
if (isset($message['APPROVED']) && $message['APPROVED'] == 0 && !$perm_is_moderator) {
message_display_approval_req($tid, $message['PID'], $in_list, $is_preview, $first_msg, $msg_count, $posts_per_page);
return;
}
}
// OUTPUT MESSAGE ----------------------------------------------------------
if (!$is_preview && $message['MOVED_TID'] > 0 && $message['MOVED_PID'] > 0) {
$post_link = "<a href=\"messages.php?webtag={$webtag}&msg=%s.%s\" target=\"_self\">%s</a>";
$post_link = sprintf($post_link, $message['MOVED_TID'], $message['MOVED_PID'], gettext("here"));
echo "<div align=\"center\">\n";
echo "<table class=\"thread_track_notice\" width=\"96%\">\n";
echo " <tr>\n";
echo " <td align=\"left\">", sprintf(gettext("<b>Thread Split:</b> This post has been moved %s"), $post_link), "</td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "</div>\n";
echo $in_list ? "<br />\n" : '';
return;
}
echo "<div align=\"center\">\n";
echo "<table width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\n";
echo " <tr>\n";
if ($in_list && !$is_preview) {
message_display_navigation($tid, $message['PID'], $first_msg, $msg_count, $posts_per_page);
}
echo " <td align=\"center\">\n";
echo " <table width=\"100%\" class=\"box\" cellpadding=\"0\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td width=\"1%\" align=\"right\" style=\"white-space: nowrap\"><span class=\"posttofromlabel\"> ", gettext("From"), ": </span></td>\n";
echo " <td style=\"white-space: nowrap\" width=\"98%\" align=\"left\"><span class=\"posttofrom\">";
if ($message['FROM_UID'] > -1) {
echo "<a href=\"user_profile.php?webtag={$webtag}&uid={$message['FROM_UID']}\" target=\"_blank\" class=\"popup 650x500\">";
echo word_filter_add_ob_tags(format_user_name($message['FLOGON'], $message['FNICK']), true), "</a></span>";
} else {
echo word_filter_add_ob_tags(format_user_name($message['FLOGON'], $message['FNICK']), true), "</span>";
}
if (session::get_value('SHOW_AVATARS') == 'Y') {
if (isset($message['AVATAR_URL']) && strlen($message['AVATAR_URL']) > 0) {
echo " <img src=\"{$message['AVATAR_URL']}\" alt=\"\" title=\"", word_filter_add_ob_tags(format_user_name($message['FLOGON'], $message['FNICK']), true), "\" border=\"0\" width=\"16\" height=\"16\" />";
} else {
if (isset($message['AVATAR_AID']) && is_md5($message['AVATAR_AID'])) {
$attachment = attachments_get_by_hash($message['AVATAR_AID']);
if ($profile_picture_href = attachments_make_link($attachment, false, false, false, false)) {
echo " <img src=\"{$profile_picture_href}&avatar_picture\" alt=\"\" title=\"", word_filter_add_ob_tags(format_user_name($message['FLOGON'], $message['FNICK']), true), "\" border=\"0\" width=\"16\" height=\"16\" />\n";
}
}
}
}
$temp_ignore = false;
// If the user posting a poll is ignored, remove ignored status for this message only so the poll can be seen
if ($is_poll && isset($message['PID']) && $message['PID'] == 1 && $message['FROM_RELATIONSHIP'] & USER_IGNORED) {
$message['FROM_RELATIONSHIP'] -= USER_IGNORED;
$temp_ignore = true;
}
if ($message['FROM_RELATIONSHIP'] & USER_FRIEND) {
echo " <img src=\"", html_style_image('friend.png'), "\" alt=\"", gettext("Friend"), "\" title=\"", gettext("Friend"), "\" />";
} else {
if ($message['FROM_RELATIONSHIP'] & USER_IGNORED || $temp_ignore) {
echo " <img src=\"", html_style_image('enemy.png'), "\" alt=\"", gettext("Ignored user"), "\" title=\"", gettext("Ignored user"), "\" />";
}
}
echo "</td>\n";
echo " <td width=\"1%\" align=\"right\" style=\"white-space: nowrap\"><span class=\"postinfo\">";
if ($message['FROM_RELATIONSHIP'] & USER_IGNORED && $limit_text && $uid != 0) {
echo "<b>", gettext("Ignored message"), "</b>";
} else {
if ($in_list) {
if ($from_user_permissions & USER_PERM_WORMED) {
echo "<b>", gettext("Wormed user"), "</b> ";
}
if ($message['FROM_RELATIONSHIP'] & USER_IGNORED_SIG) {
echo "<b>", gettext("Ignored signature"), "</b> ";
}
if (forum_get_setting('require_post_approval', 'Y') && isset($message['APPROVED']) && $message['APPROVED'] == 0) {
echo "<b>", gettext("Approval Required"), "</b> ";
}
echo format_time($message['CREATED']);
}
}
echo " </span></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td width=\"1%\" align=\"right\" style=\"white-space: nowrap\"><span class=\"posttofromlabel\"> ", gettext("To"), ": </span></td>\n";
echo " <td style=\"white-space: nowrap\" width=\"98%\" align=\"left\"><span class=\"posttofrom\">";
if ($message['TLOGON'] != gettext("ALL") && $message['TO_UID'] != 0) {
echo "<a href=\"user_profile.php?webtag={$webtag}&uid={$message['TO_UID']}\" target=\"_blank\" class=\"popup 650x500\">";
echo word_filter_add_ob_tags(format_user_name($message['TLOGON'], $message['TNICK']), true), "</a></span>";
if ($message['TO_RELATIONSHIP'] & USER_FRIEND) {
echo " <img src=\"", html_style_image('friend.png'), "\" alt=\"", gettext("Friend"), "\" title=\"", gettext("Friend"), "\" />";
} else {
if ($message['TO_RELATIONSHIP'] & USER_IGNORED) {
echo " <img src=\"", html_style_image('enemy.png'), "\" alt=\"", gettext("Ignored user"), "\" title=\"", gettext("Ignored user"), "\" />";
}
}
if (isset($message['VIEWED']) && $message['VIEWED'] > 0) {
echo " <span class=\"smalltext\"><img src=\"", html_style_image('post_read.png'), "\" alt=\"\" title=\"", sprintf(gettext("Read: %s"), format_time($message['VIEWED'])), "\" /></span>";
} else {
if ($is_preview == false) {
echo " <span class=\"smalltext\"><img src=\"", html_style_image('post_unread.png'), "\" alt=\"\" title=\"", gettext("Unread Message"), "\" /></span>";
}
}
} else {
echo "", gettext("ALL"), "</span>";
}
echo "</td>\n";
echo " <td align=\"right\" style=\"white-space: nowrap\"><span class=\"postinfo\">";
if ($message['FROM_RELATIONSHIP'] & USER_IGNORED && $limit_text && $in_list && $uid != 0) {
echo "<a href=\"user_rel.php?webtag={$webtag}&uid={$message['FROM_UID']}&msg={$tid}.{$message['PID']}\" target=\"_self\">", gettext("Stop ignoring this user"), "</a> ";
echo "<a href=\"display.php?webtag={$webtag}&msg={$tid}.{$message['PID']}\" target=\"_self\">", gettext("View Message"), "</a>";
} else {
if ($in_list && $msg_count > 0) {
if ($is_poll) {
echo "<a href=\"poll_results.php?webtag={$webtag}&tid={$tid}\" target=\"_blank\" class=\"popup 800x600\"><img src=\"", html_style_image('poll.png'), "\" border=\"0\" alt=\"", gettext("This is a poll. Click to view results."), "\" title=\"", gettext("This is a poll. Click to view results."), "\" /></a> ", gettext("Poll"), " ";
}
echo sprintf(gettext("%s of %s"), $message['PID'], $msg_count);
}
}
echo " </span></td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
if (!($message['FROM_RELATIONSHIP'] & USER_IGNORED) || !$limit_text) {
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table width=\"100%\">\n";
echo " <tr>\n";
echo " <td colspan=\"3\" align=\"right\"><span class=\"postnumber\">";
if ($in_list && $msg_count > 0) {
$title = $message['PID'] == 1 ? "" . gettext("Permanent link to this thread") . " ({$tid}.1)" : "" . gettext("Link to this post");
if ($is_preview) {
echo "<a href=\"messages.php?webtag={$webtag}&msg={$tid}.{$message['PID']}\" target=\"_blank\" title=\"{$title}\">{$tid}.{$message['PID']}</a>";
} else {
echo "<a href=\"index.php?webtag={$webtag}&msg={$tid}.{$message['PID']}\" target=\"", html_get_top_frame_name(), "\" title=\"{$title}\">{$tid}.{$message['PID']}</a>";
}
if ($message['REPLY_TO_PID'] > 0) {
$title = "" . gettext("Link to post") . " #{$message['REPLY_TO_PID']}";
echo " ", gettext("In reply to"), " ";
if (intval($message['REPLY_TO_PID']) >= intval($first_msg)) {
echo "<a href=\"#a{$tid}_{$message['REPLY_TO_PID']}\" target=\"_self\" title=\"{$title}\">";
echo "{$tid}.{$message['REPLY_TO_PID']}</a>";
} else {
if ($is_preview) {
echo "<a href=\"messages.php?webtag={$webtag}&msg={$tid}.{$message['REPLY_TO_PID']}\" target=\"_blank\" title=\"{$title}\">";
echo "{$tid}.{$message['REPLY_TO_PID']}</a>";
} else {
echo "<a href=\"messages.php?webtag={$webtag}&msg={$tid}.{$message['REPLY_TO_PID']}\" target=\"_self\" title=\"{$title}\">";
echo "{$tid}.{$message['REPLY_TO_PID']}</a>";
}
}
}
}
echo " </span></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=\"postbody postcontent\" align=\"left\">{$message['CONTENT']}</td>\n";
echo " </tr>\n";
if (isset($message['EDITED']) && $message['EDITED'] > 0) {
if ($post_edit_grace_period == 0 || $message['EDITED'] - $message['CREATED'] > $post_edit_grace_period * MINUTE_IN_SECONDS) {
if ($edit_user = user_get_logon($message['EDITED_BY'])) {
echo " <tr>\n";
echo " <td class=\"postbody\" align=\"left\"><p class=\"edit_text\">", sprintf(gettext("EDITED: %s by %s"), format_time($message['EDITED']), $edit_user), "</p></td>\n";
echo " </tr>\n";
}
}
}
if (forum_get_setting('require_post_approval', 'Y') && isset($message['APPROVED']) && $message['APPROVED'] > 0 && $perm_is_moderator) {
if (isset($message['APPROVED_BY']) && $message['APPROVED_BY'] > 0 && $message['APPROVED_BY'] != $message['FROM_UID']) {
if ($approved_user = user_get_logon($message['APPROVED_BY'])) {
echo " <tr>\n";
echo " <td class=\"postbody\" align=\"left\"><p class=\"approved_text\">", sprintf(gettext("APPROVED: %s by %s"), format_time($message['APPROVED']), $approved_user), "</p></td>\n";
echo " </tr>\n";
}
}
}
if ($tid != 0 && isset($message['PID']) || isset($message['AID'])) {
$aid = isset($message['AID']) ? $message['AID'] : attachments_get_id($tid, $message['PID']);
$attachments_array = array();
$image_attachments_array = array();
if (attachments_get($message['FROM_UID'], $aid, $attachments_array, $image_attachments_array)) {
echo " <tr>\n";
echo " <td class=\"postbody\" align=\"left\">\n";
if (is_array($attachments_array) && sizeof($attachments_array) > 0) {
echo " <p><b>", gettext("Attachments"), ":</b><br />\n";
foreach ($attachments_array as $attachment) {
echo " ", attachments_make_link($attachment), "<br />\n";
}
echo " </p>\n";
}
if (is_array($image_attachments_array) && sizeof($image_attachments_array) > 0) {
echo " <p><b>", gettext("Image Attachments"), ":</b><br />\n";
foreach ($image_attachments_array as $key => $attachment) {
echo " ", attachments_make_link($attachment), "\n";
}
echo " </p>\n";
}
echo " </td>\n";
echo " </tr>\n";
}
}
echo " </table>\n";
if (!$is_preview) {
echo " <table width=\"100%\" class=\"postresponse\" cellspacing=\"1\" cellpadding=\"0\">\n";
echo " <tr>\n";
if (isset($message['ANON_LOGON']) && $message['ANON_LOGON'] > USER_ANON_DISABLED || !isset($message['USER_ACTIVE']) || is_null($message['USER_ACTIVE'])) {
echo " <td width=\"25%\" align=\"left\">";
echo " <img src=\"", html_style_image('status_offline.png'), "\" alt=\"\" title=\"", gettext("Inactive / Offline"), "\" />";
echo " </td>\n";
} else {
echo " <td width=\"25%\" align=\"left\">";
echo " <img src=\"", html_style_image('status_online.png'), "\" alt=\"\" title=\"", gettext("Online"), "\" />";
echo " </td>\n";
}
echo " <td width=\"50%\" style=\"white-space: nowrap\">";
if ($msg_count > 0) {
if (!$closed && session::check_perm(USER_PERM_POST_CREATE, $folder_fid) || $perm_is_moderator) {
if ($quick_reply == 'Y') {
echo "<img src=\"", html_style_image('quickreply.png'), "\" border=\"0\" alt=\"", gettext("Quick Reply"), "\" title=\"", gettext("Quick Reply"), "\" />\n";
echo "<a href=\"Javascript:void(0)\" rel=\"{$tid}.{$message['PID']}\" target=\"_self\" class=\"quick_reply_link\">", gettext("Quick Reply"), "</a>\n";
} else {
echo "<img src=\"", html_style_image('post.png'), "\" border=\"0\" alt=\"", gettext("Reply"), "\" title=\"", gettext("Reply"), "\" />";
echo " <a href=\"post.php?webtag={$webtag}&replyto={$tid}.{$message['PID']}\" target=\"_parent\" id=\"reply_{$message['PID']}\">", gettext("Reply"), "</a>";
}
echo " <img src=\"", html_style_image('quote_disabled.png'), "\" border=\"0\" alt=\"", gettext("Quote"), "\" title=\"", gettext("Quote"), "\" id=\"quote_img_{$message['PID']}\" />";
echo " <a href=\"post.php?webtag={$webtag}&replyto={$tid}.{$message['PID']}&quote_list={$message['PID']}\" target=\"_parent\" title=\"", gettext("Quote"), "\" id=\"quote_{$message['PID']}\" rel=\"{$message['PID']}\">", gettext("Quote"), "</a>";
if (!session::check_perm(USER_PERM_PILLORIED, 0) && ($uid != $message['FROM_UID'] && $from_user_permissions & USER_PERM_PILLORIED || $uid == $message['FROM_UID']) && session::check_perm(USER_PERM_POST_EDIT, $folder_fid) && ($post_edit_time == 0 || time() - $message['CREATED'] < $post_edit_time * HOUR_IN_SECONDS) && forum_get_setting('allow_post_editing', 'Y') || $perm_is_moderator) {
if ($is_poll && $message['PID'] == 1) {
if (!poll_is_closed($tid) || $perm_is_moderator) {
echo " <img src=\"", html_style_image('edit.png'), "\" border=\"0\" alt=\"", gettext("Edit Poll"), "\" title=\"", gettext("Edit Poll"), "\" />";
echo " <a href=\"edit_poll.php?webtag={$webtag}&msg={$tid}.{$message['PID']}\" target=\"_parent\">", gettext("Edit Poll"), "</a>\n";
}
} else {
echo " <img src=\"", html_style_image('edit.png'), "\" border=\"0\" alt=\"", gettext("Edit"), "\" title=\"", gettext("Edit"), "\" />";
echo " <a href=\"edit.php?webtag={$webtag}&msg={$tid}.{$message['PID']}\" target=\"_parent\">", gettext("Edit"), "</a>";
}
}
}
} else {
echo " ";
}
echo "</td>\n";
echo " <td width=\"25%\" align=\"right\" style=\"white-space: nowrap\">\n";
echo " <span class=\"post_options\" id=\"post_options_{$tid}.{$message['PID']}\"></span>\n";
echo " </td>\n";
echo " </tr>";
echo " </table>\n";
} else {
echo " <table width=\"100%\" class=\"postresponse\" cellspacing=\"1\" cellpadding=\"0\">\n";
echo " <tr>\n";
echo " <td> </td>\n";
echo " </tr>\n";
echo " </table>\n";
}
}
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
if ($in_list && !$is_preview) {
message_display_navigation($tid, $message['PID'], $first_msg, $msg_count, $posts_per_page);
}
echo " </tr>\n";
echo " </table>\n";
if ($in_list && isset($message['PID'])) {
echo " <div id=\"quick_reply_{$message['PID']}\"></div>\n";
}
echo "</div>\n";
echo $in_list ? "<br />\n" : '';
}
function openinviter_conf()
{
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$options = array();
$ers = array();
if (empty($_POST['message_body_box'])) {
$ers['message'] = __("Message missing");
} elseif (strlen($_POST['message_body_box']) < 15) {
$ers['message'] = __("Message body too short. Minimum length: 15 chars");
} else {
$options['message_body'] = $_POST['message_body_box'];
}
if (empty($_POST['message_subject_box'])) {
$ers['message_subject'] = __("Message subject missing");
} elseif (strlen($_POST['message_subject_box']) < 5) {
$ers['message_subject'] = __("Message subject too short. Minimum length: 5 chars");
} else {
$options['message_subject'] = $_POST['message_subject_box'];
}
if (empty($_POST['username_box'])) {
$ers['username'] = __("OpenInviter.com Username missing");
} else {
$options['username'] = $_POST['username_box'];
}
if (empty($_POST['private_key_box'])) {
$ers['private_key'] = __("OpenInviter.com Private Key missing");
} elseif (!is_md5($_POST['private_key_box'])) {
$ers['private_key'] = __("Invalid OpenInviter.com Private Key");
} else {
$options['private_key'] = $_POST['private_key_box'];
}
if (empty($_POST['transport_box'])) {
$ers['transport'] = __("Transport missing");
} else {
$options['transport'] = $_POST['transport_box'];
}
if (empty($_POST['cookie_path_box'])) {
$ers['cookie'] = __("Cookie path missing");
} else {
$options['cookie_path'] = $_POST['cookie_path_box'];
}
if (empty($_POST['local_debug_box'])) {
$ers['local_debug'] = __("Local debugger setting missing");
} else {
$options['local_debug'] = $_POST['local_debug_box'] == 'off' ? false : $_POST['local_debug_box'];
}
if (empty($_POST['remote_debug_box'])) {
$ers['remote_debug'] = __("Remote debugger setting missing");
} else {
$options['remote_debug'] = $_POST['remote_debug_box'] == 'on' ? true : false;
}
if (!isset($_POST['filter_emails_box'])) {
$options['filter_emails'] = false;
} else {
$options['filter_emails'] = true;
}
if (count($ers) == 0) {
if (!get_option('openinviter_settings')) {
add_option('openinviter_settings', $options);
} else {
update_option('openinviter_settings', $options);
}
$path = WP_PLUGIN_DIR . "/openinviter-for-wordpress/oi_includes/config.php";
$file_contents = "<?php\n";
$file_contents .= "\$openinviter_settings=array(\n" . row2text($options) . "\n);\n";
$file_contents .= "?>";
file_put_contents($path, $file_contents);
echo "<div id='message' class='updated fade'><p><strong>" . __('Options saved.') . "</strong></p></div>";
} else {
echo "<div id='message' class='error'><p><strong>" . __('Errors encountered:') . "</strong>";
foreach ($ers as $er) {
echo "<br> {$er}";
}
echo "</p></div>";
}
} else {
$options = get_option('openinviter_settings');
global $openinviter_options;
foreach ($openinviter_options['settings'] as $key => $val) {
if (!isset($options[$key])) {
$options[$key] = $val['default'];
}
}
}
$transports = array('curl' => __('cURL'), 'wget' => __('WGET'));
$local_debugs = array('off' => __('None'), 'on_error' => __('Errors only'), 'always' => __('Always'));
$remote_debugs = array('off' => __('Off'), 'on' => __('On'));
$contents = "<div class='wrap'><h2>" . __('OpenInviter Configuration') . "</h2>\n\t\t\t<div class='narrow'><form action='' method='POST' style='margin: auto; width: 600px;'><p>\n\t\t\t" . sprintf(__('<strong>Tip</strong>: You can get your API details (username and private key) from <a href="%1$s">OpenInviter.com</a>. If you don\'t have an OpenInviter.com account you can sign up at <a href="%2$s">OpenInviter.com</a>.'), 'http://openinviter.com/get_key.php', 'http://openinviter.com/register.php') . "</p>\n\t\t\t\t<table>\n\t\t\t\t<tr><td valign='top'><strong><label for='message_body_box'>" . __("Invite message body") . "</label></strong></td><td><textarea rows='5' cols='47' id='message_body_box' name='message_body_box'>{$options['message_body']}</textarea></td></tr>\n\t\t\t\t<tr><td valign='top'><strong><label for='message_subject_box'>" . __("Invite message subject") . "</label></strong></td><td><input type='text' id='message_subject_box' name='message_subject_box' value='{$options['message_subject']}' style='font-family: 'Courier New', Courier, mono; font-size: 1.5em;' size='50' /></td></tr>\n\t\t\t\t<tr><td colspan='2' align='right'>The <strong>%s</strong> in the message subject will be replaced with the sender</td></tr>\n\t\t\t\t<tr><td colspan='2'> </td></tr>\n\t\t\t\t<tr><td><strong><label for='username_box'>" . __('OpenInviter.com Username') . "</label></strong></td><td><input id='username_box' name='username_box' type='text' value='{$options['username']}' style='font-family: 'Courier New', Courier, mono; font-size: 1.5em;' size='50' /></td></tr>\n\t\t\t\t<tr><td><strong><label for='private_key_box'>" . __('OpenInviter.com Private Key') . "</label></strong></td><td><input id='private_key_box' name='private_key_box' type='text' value='{$options['private_key']}' style='font-family: 'Courier New', Courier, mono; font-size: 1.5em;' size='50' /></td></tr>\n\t\t\t\t<tr><td><strong><label for='transport_box'>" . __("Transport") . "</label></strong></td><td><select id='transport_box' name='transport_box'><option value=''></option>";
foreach ($transports as $value => $name) {
$contents .= "<option value='{$value}'" . ($options['transport'] == $value ? ' selected' : '') . ">{$name}</option>";
}
$contents .= "</select></td></tr>\n\t\t\t\t<tr><td><strong><label for='cookie_path_box'>" . __("Cookie path") . "</label></strong></td><td><input type='text' id='cookie_path_box' name='cookie_path_box' value='{$options['cookie_path']}' style='font-family: 'Courier New', Courier, mono; font-size: 1.5em;' size='50' /></td></tr>\n\t\t\t\t<tr><td><strong><label for='local_debug_box'>" . __('Local debugger') . "</label></strong></td><td><select id='local_debug_box' name='local_debug_box'><option value=''></option>";
if ($options['local_debug'] === false) {
$options['local_debug'] = 'off';
}
if ($options['remote_debug'] === false) {
$options['remote_debug'] = 'off';
} else {
$options['remote_debug'] = 'on';
}
foreach ($local_debugs as $value => $name) {
$contents .= "<option value='{$value}'" . ($options['local_debug'] == $value ? ' selected' : '') . ">{$name}</option>";
}
$contents .= "</select></td></tr>\n\t\t\t\t<tr><td><strong><label for='remote_debug_box'>" . __('Remote debugger') . "</label></strong></td><td><select id='remote_debug_box' name='remote_debug_box'><option value=''></option>";
foreach ($remote_debugs as $value => $name) {
$contents .= "<option value='{$value}'" . ($options['remote_debug'] == $value ? ' selected' : '') . ">{$name}</option>";
}
$contents .= "</select></td></tr>\n\t\t\t\t<tr><td><strong><label for='filter_emails_box'>" . __('Filter emails') . "</label></strong></td><td><input id='filter_emails_box' name='filter_emails_box' type='checkbox' value='Y'" . ($options['filter_emails'] ? ' checked' : '') . "></td></tr>\n\t\t\t\t<tr><td colspan='2' align='center'><p class='submit'><input type='submit' id='submit' name='save' value='" . __("Save options") . "' /></p></td></tr>\n\t\t\t\t</table>\n\t\t\t</form>\n\t\t\t</div>\n\t\t</div>";
echo $contents;
}
header('Location: index.php?action=backupjobs');
} else {
echo 'Unable to delete file';
}
} else {
echo 'File does not exist';
}
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'backuprestore') {
checkacl('restoreb');
include $config['path'] . '/includes/backuprestore.php';
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'logout') {
session_unset();
session_destroy();
logevent('User ' . $_SESSION['user'] . ' logged out', 'activity');
header('Location: index.php');
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'runbackup' && isset($_REQUEST['id']) && is_md5($_REQUEST['id'])) {
checkacl('backnow');
logevent('User ' . $_SESSION['user'] . ' ran backup job manually', 'activity');
//making sure backup job is not terminated
ignore_user_abort(true);
set_time_limit(0);
echo 'Backup task has been started, please do not close this window <pre>';
echo shell_exec(escapeshellcmd('php ' . $config['path'] . '/cron.php ' . $_REQUEST['id']));
echo '</pre>';
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'activitylogs') {
checkacl('alog');
$smarty->display($config['path'] . '/templates/header.tpl');
echo '<h4>Activity Logs</h4>';
$activitylogs = json_decode(file_get_contents($config['path'] . '/db/db-activitylog.json'), true);
$activitylogs = array_reverse($activitylogs);
echo '<table class="table table-bordered table-striped">';
$chat_id = $chatid;
$head_name = lang($L['chat_with'], array($user['username']));
$head_title = $head_name . $DT['seo_delimiter'] . $head_title;
$forward = is_url($forward) ? addslashes(dhtmlspecialchars($forward)) : '';
if (strpos($forward, $MOD['linkurl']) !== false) {
$forward = '';
}
$chat = $db->get_one("SELECT * FROM {$table} WHERE chatid='{$chatid}'");
if ($chat) {
$db->query("UPDATE {$table} SET forward='{$forward}' WHERE chatid='{$chatid}'");
} else {
$db->query("INSERT INTO {$table} (chatid,fromuser,touser,tgettime,forward) VALUES ('{$chat_id}','{$_username}','{$touser}','0','{$forward}')");
}
$type = 1;
} else {
if (isset($chatid) && is_md5($chatid)) {
$chat = $db->get_one("SELECT * FROM {$table} WHERE chatid='{$chatid}'");
if ($chat && ($chat['touser'] == $_username || $chat['fromuser'] == $_username)) {
if ($chat['touser'] == $_username) {
$user = userinfo($chat['fromuser']);
} else {
if ($chat['fromuser'] == $_username) {
$user = userinfo($chat['touser']);
}
}
$online = online($user['userid']);
$chat_id = $chatid;
$head_name = lang($L['chat_with'], array($user['username']));
$head_title = $head_name . $DT['seo_delimiter'] . $head_title;
} else {
dheader('?action=index');
echo " </tr>\n";
}
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"5\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
if ($uid == session::get_value('UID')) {
if (!is_md5($aid)) {
$aid = md5(uniqid(mt_rand()));
}
if ($popup == 1) {
echo " <tr>\n";
echo " <td align=\"center\">";
echo " <a href=\"attachments.php?webtag={$webtag}&aid={$aid}\" class=\"button popup 660x500\" id=\"attachments\"><span>", gettext("Attachments"), "</span></a>\n";
echo " ", form_submit('delete', gettext("Delete")), " ", form_submit('close', gettext("Close"));
echo " </td>\n";
echo " </tr>\n";
} else {
echo " <tr>\n";
echo " <td align=\"center\">";
echo " <a href=\"attachments.php?webtag={$webtag}&aid={$aid}\" class=\"button popup 660x500\" id=\"attachments\"><span>", gettext("Attachments"), "</span></a>\n";
echo " ", form_submit('delete', gettext("Delete"));
echo " </td>\n";
if ($r) {
$username = $r['username'];
}
}
} else {
message($L['login_msg_not_member']);
}
}
if ($MOD['passport'] == 'uc') {
include DT_ROOT . '/api/' . $MOD['passport'] . '.inc.php';
}
$user = $do->login($username, $password, $cookietime);
if ($user) {
if ($MOD['passport'] && $MOD['passport'] != 'uc') {
$api_url = '';
$user['password'] = is_md5($password) ? $password : md5($password);
//Once MD5
if (strtoupper($MOD['passport_charset']) != DT_CHARSET) {
$user = convert($user, DT_CHARSET, $MOD['passport_charset']);
}
extract($user);
include DT_ROOT . '/api/' . $MOD['passport'] . '.inc.php';
if ($api_url) {
$forward = $api_url;
}
}
#if($MOD['sso']) include DT_ROOT.'/api/sso.inc.php';
if ($DT['login_log'] == 2) {
$do->login_log($username, $password, $user['passsalt'], 0);
}
if ($api_msg) {
function user_get_profile($uid)
{
if (!($db = db::get())) {
return false;
}
if (!is_numeric($uid)) {
return false;
}
$peer_uid = session::get_value('UID');
if (!($table_prefix = get_table_prefix())) {
return false;
}
if (!($forum_fid = get_forum_fid())) {
return false;
}
$user_groups_array = array();
$user_prefs = user_get_prefs($uid);
$session_gc_maxlifetime = ini_get('session.gc_maxlifetime');
$session_cutoff_datetime = date(MYSQL_DATETIME, time() - $session_gc_maxlifetime);
$sql = "SELECT USER.UID, USER.LOGON, USER.NICKNAME, USER_PEER.PEER_NICKNAME, ";
$sql .= "UNIX_TIMESTAMP(USER_FORUM.LAST_VISIT) AS LAST_VISIT, ";
$sql .= "UNIX_TIMESTAMP(USER.REGISTERED) AS REGISTERED, ";
$sql .= "UNIX_TIMESTAMP(USER_TRACK.USER_TIME_BEST) AS USER_TIME_BEST, ";
$sql .= "UNIX_TIMESTAMP(USER_TRACK.USER_TIME_TOTAL) AS USER_TIME_TOTAL, ";
$sql .= "USER_PEER.RELATIONSHIP, SESSIONS.ID FROM USER USER ";
$sql .= "LEFT JOIN USER_PREFS USER_PREFS_GLOBAL ON (USER_PREFS_GLOBAL.UID = USER.UID) ";
$sql .= "LEFT JOIN `{$table_prefix}USER_PREFS` USER_PREFS_FORUM ";
$sql .= "ON (USER_PREFS_FORUM.UID = USER.UID) ";
$sql .= "LEFT JOIN `{$table_prefix}USER_PEER` USER_PEER ";
$sql .= "ON (USER_PEER.PEER_UID = USER.UID AND USER_PEER.UID = '{$peer_uid}') ";
$sql .= "LEFT JOIN USER_FORUM USER_FORUM ON (USER_FORUM.UID = USER.UID ";
$sql .= "AND USER_FORUM.FID = '{$forum_fid}') ";
$sql .= "LEFT JOIN `{$table_prefix}USER_TRACK` USER_TRACK ";
$sql .= "ON (USER_TRACK.UID = USER.UID) ";
$sql .= "LEFT JOIN SESSIONS ON (SESSIONS.UID = USER.UID ";
$sql .= "AND SESSIONS.TIME >= CAST('{$session_cutoff_datetime}' AS DATETIME)) ";
$sql .= "WHERE USER.UID = '{$uid}' ";
$sql .= "GROUP BY USER.UID";
if (!($result = $db->query($sql))) {
return false;
}
if ($result->num_rows == 0) {
return false;
}
$user_profile = $result->fetch_assoc();
if (isset($user_prefs['ANON_LOGON']) && $user_prefs['ANON_LOGON'] > USER_ANON_DISABLED) {
$anon_logon = $user_prefs['ANON_LOGON'];
} else {
$anon_logon = USER_ANON_DISABLED;
}
if ($anon_logon == USER_ANON_DISABLED && isset($user_profile['LAST_VISIT']) && $user_profile['LAST_VISIT'] > 0) {
$user_profile['LAST_LOGON'] = format_time($user_profile['LAST_VISIT']);
} else {
$user_profile['LAST_LOGON'] = gettext("Unknown");
}
if (isset($user_profile['REGISTERED']) && $user_profile['REGISTERED'] > 0) {
$user_profile['REGISTERED'] = format_date($user_profile['REGISTERED']);
} else {
$user_profile['REGISTERED'] = gettext("Unknown");
}
if (isset($user_profile['USER_TIME_BEST']) && $user_profile['USER_TIME_BEST'] > 0) {
$user_profile['USER_TIME_BEST'] = format_time_display($user_profile['USER_TIME_BEST']);
} else {
$user_profile['USER_TIME_BEST'] = gettext("Unknown");
}
if (isset($user_profile['USER_TIME_TOTAL']) && $user_profile['USER_TIME_TOTAL'] > 0) {
$user_profile['USER_TIME_TOTAL'] = format_time_display($user_profile['USER_TIME_TOTAL']);
} else {
$user_profile['USER_TIME_TOTAL'] = gettext("Unknown");
}
if (isset($user_prefs['DOB_DISPLAY']) && !empty($user_prefs['DOB']) && $user_prefs['DOB'] != "0000-00-00") {
if ($user_prefs['DOB_DISPLAY'] == USER_DOB_DISPLAY_BOTH) {
$user_profile['DOB'] = format_birthday($user_prefs['DOB']);
$user_profile['AGE'] = format_age($user_prefs['DOB']);
} else {
if ($user_prefs['DOB_DISPLAY'] == USER_DOB_DISPLAY_DATE) {
$user_profile['DOB'] = format_birthday($user_prefs['DOB']);
} else {
if ($user_prefs['DOB_DISPLAY'] == USER_DOB_DISPLAY_AGE) {
$user_profile['AGE'] = format_age($user_prefs['DOB']);
}
}
}
}
if (isset($user_prefs['PIC_URL']) && strlen($user_prefs['PIC_URL']) > 0) {
$user_profile['PIC_URL'] = $user_prefs['PIC_URL'];
}
if (isset($user_prefs['PIC_AID']) && is_md5($user_prefs['PIC_AID'])) {
$user_profile['PIC_AID'] = $user_prefs['PIC_AID'];
}
if (isset($user_prefs['AVATAR_URL']) && strlen($user_prefs['AVATAR_URL']) > 0) {
$user_profile['AVATAR_URL'] = $user_prefs['AVATAR_URL'];
}
if (isset($user_prefs['AVATAR_AID']) && is_md5($user_prefs['AVATAR_AID'])) {
$user_profile['AVATAR_AID'] = $user_prefs['AVATAR_AID'];
}
if (isset($user_prefs['HOMEPAGE_URL']) && strlen($user_prefs['HOMEPAGE_URL']) > 0) {
$user_profile['HOMEPAGE_URL'] = $user_prefs['HOMEPAGE_URL'];
}
if (!isset($user_profile['RELATIONSHIP'])) {
$user_profile['RELATIONSHIP'] = 0;
}
if (isset($user_profile['PEER_NICKNAME'])) {
if (!is_null($user_profile['PEER_NICKNAME']) && strlen($user_profile['PEER_NICKNAME']) > 0) {
$user_profile['NICKNAME'] = $user_profile['PEER_NICKNAME'];
}
}
if ($anon_logon == USER_ANON_DISABLED) {
if (isset($user_profile['ID'])) {
$user_profile['STATUS'] = gettext("Online");
} else {
$user_profile['STATUS'] = gettext("Inactive / Offline");
}
} else {
$user_profile['STATUS'] = gettext("Unknown");
}
if ($user_post_count = user_get_post_count($uid)) {
$user_profile['POST_COUNT'] = $user_post_count;
} else {
$user_profile['POST_COUNT'] = 0;
}
if ($user_local_time = user_format_local_time($user_prefs)) {
$user_profile['LOCAL_TIME'] = $user_local_time;
}
if (user_is_banned($uid)) {
$user_profile['USER_GROUPS'] = gettext("Banned");
} else {
perm_user_get_group_names($uid, $user_groups_array);
if (sizeof($user_groups_array) > 0) {
$user_profile['USER_GROUPS'] = implode(', ', $user_groups_array);
} else {
$user_profile['USER_GROUPS'] = gettext("Registered");
}
}
return $user_profile;
}
/**
* Confirmation of password restoring process
*
* @param string $key
*
* @return array|bool array('id' => <i>id</i>, 'password' => <i>password</i>) or <b>false</b> on failure
*/
function restore_password_confirmation($key)
{
if (!is_md5($key)) {
return false;
}
$id = $this->db_prime()->qfs(["SELECT `id`\n\t\t\tFROM `[prefix]users`\n\t\t\tWHERE\n\t\t\t\t`reg_key`\t= '%s' AND\n\t\t\t\t`status`\t= '%s'\n\t\t\tLIMIT 1", $key, self::STATUS_ACTIVE]);
if (!$id) {
return false;
}
$data = $this->get('data', $id);
if (!isset($data['restore_until'])) {
return false;
} elseif ($data['restore_until'] < TIME) {
unset($data['restore_until']);
$this->set('data', $data, $id);
return false;
}
unset($data['restore_until']);
$Config = Config::instance();
$password = password_generate($Config->core['password_min_length'], $Config->core['password_min_strength']);
$this->set(['password_hash' => hash('sha512', hash('sha512', $password) . Core::instance()->public_key), 'data' => $data], null, $id);
$this->add_session($id);
return ['id' => $id, 'password' => $password];
}
function login_log($username, $password, $admin = 0, $message = '')
{
global $DT_PRE, $DT_TIME, $DT_IP, $L;
$password = is_md5($password) ? md5($password) : md5(md5($password));
$agent = addslashes(htmlspecialchars(strip_sql($_SERVER['HTTP_USER_AGENT'])));
$message or $message = $L['member_login_ok'];
if ($message == $L['member_login_ok']) {
cache_delete($DT_IP . '.php', 'ban');
}
$this->db->query("INSERT INTO {$DT_PRE}login (username,password,admin,loginip,logintime,message,agent) VALUES ('{$username}','{$password}','{$admin}','{$DT_IP}','{$DT_TIME}','{$message}','{$agent}')");
}
function attachments_make_link($attachment, $show_thumbs = true, $limit_filename = false, $local_path = false, $img_tag = true)
{
if (!is_array($attachment)) {
return false;
}
if (!is_bool($show_thumbs)) {
$show_thumbs = true;
}
if (!is_bool($limit_filename)) {
$limit_filename = false;
}
if (!is_bool($local_path)) {
$local_path = false;
}
if (!is_bool($img_tag)) {
$img_tag = true;
}
if (!($attachment_dir = forum_get_setting('attachment_dir'))) {
return false;
}
if (!isset($attachment['aid'])) {
return false;
}
if (!isset($attachment['hash'])) {
return false;
}
if (!isset($attachment['filename'])) {
return false;
}
if (!isset($attachment['downloads'])) {
return false;
}
if (!is_md5($attachment['aid'])) {
return false;
}
if (!is_md5($attachment['hash'])) {
return false;
}
$webtag = get_webtag();
if (forum_get_setting('attachment_thumbnails', 'Y') && (($user_show_thumbs = session::get_value('SHOW_THUMBS')) > 0 || !session::logged_in())) {
$thumbnail_size = array(1 => 50, 2 => 100, 3 => 150);
$thumbnail_max_size = isset($thumbnail_size[$user_show_thumbs]) ? $thumbnail_size[$user_show_thumbs] : 100;
} else {
$thumbnail_max_size = 100;
$show_thumbs = false;
}
if ($local_path) {
$attachment_href = "attachments/{$attachment['filename']}";
} else {
$attachment_href = "get_attachment.php?webtag={$webtag}&hash={$attachment['hash']}";
$attachment_href .= "&filename={$attachment['filename']}";
}
if ($img_tag === true) {
$title_array = array();
if (mb_strlen($attachment['filename']) > 16 && $limit_filename) {
$title_array[] = gettext("Filename") . ": {$attachment['filename']}";
$attachment['filename'] = mb_substr($attachment['filename'], 0, 16);
$attachment['filename'] .= "…";
}
if (isset($attachment['filesize']) && is_numeric($attachment['filesize'])) {
$title_array[] = gettext("Size") . ": " . format_file_size($attachment['filesize']);
}
if ($attachment['downloads'] == 1) {
$title_array[] = gettext("Downloaded: 1 time");
} else {
$title_array[] = sprintf(gettext("Downloaded: %d times"), $attachment['downloads']);
}
if (@file_exists("{$attachment_dir}/{$attachment['hash']}.thumb") && $show_thumbs) {
if (@($image_info = getimagesize("{$attachment_dir}/{$attachment['hash']}"))) {
$title_array[] = gettext("Dimensions") . ": {$image_info[0]}x{$image_info[1]}px";
$thumbnail_width = $image_info[0];
$thumbnail_height = $image_info[1];
while ($thumbnail_width > $thumbnail_max_size || $thumbnail_height > $thumbnail_max_size) {
$thumbnail_width--;
$thumbnail_height = floor($thumbnail_width * ($image_info[1] / $image_info[0]));
}
$title = implode(", ", $title_array);
$attachment_link = "<span class=\"attachment_thumb\"><a href=\"{$attachment_href}\" title=\"{$title}\" ";
$attachment_link .= "target=\"_blank\"><img src=\"{$attachment_href}&thumb=1\"";
$attachment_link .= "border=\"0\" width=\"{$thumbnail_width}\" height=\"{$thumbnail_height}\"";
$attachment_link .= "alt=\"{$title}\" title=\"{$title}\" /></a></span>";
return $attachment_link;
}
}
$title = implode(", ", $title_array);
$attachment_link = "<img src=\"";
$attachment_link .= html_style_image('attach.png');
$attachment_link .= "\" width=\"14\" height=\"14\" border=\"0\" ";
$attachment_link .= "alt=\"" . gettext("Attachment") . "\" ";
$attachment_link .= "title=\"" . gettext("Attachment") . "\" />";
$attachment_link .= "<a href=\"{$attachment_href}\" title=\"{$title}\" ";
$attachment_link .= "target=\"_blank\">{$attachment['filename']}</a>\n";
return $attachment_link;
}
return $attachment_href;
}
} else {
if ($DT['mail_type'] == 'close') {
message($L['send_mail_close']);
}
if ($MOD['checkuser'] != 2) {
dheader(DT_PATH);
}
if ($submit) {
captcha($captcha);
check_name($username) or message($L['send_check_username_bad']);
$user = $db->get_one("SELECT email,password,groupid FROM {$DT_PRE}member WHERE username='******'");
if ($user) {
if ($user['groupid'] != 4) {
dalert($L['send_check_deny'], DT_PATH);
}
if ($user['password'] != (is_md5($password) ? md5($password) : md5(md5($password)))) {
message($L['send_check_password_bad']);
}
$email = trim($email);
if ($email && $email != $user['email']) {
is_email($email) or message($L['send_check_email_bad']);
$r = $db->get_one("SELECT userid FROM {$DT_PRE}member WHERE email='{$email}'");
if ($r) {
message($L['send_check_email_repeat']);
}
$db->query("UPDATE {$DT_PRE}member SET email='{$email}' WHERE username='******'");
} else {
$email = $user['email'];
}
$auth = make_auth($username);
$db->query("UPDATE {$DT_PRE}member SET auth='{$auth}',authtime='{$DT_TIME}' WHERE username='******'");
echo " <tr>\n";
echo " <td align=\"center\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
// Get recent visitors
if ($recent_visitors_array = visitor_log_get_recent()) {
echo " <tr>\n";
echo " <td align=\"center\">\n";
echo " <table class=\"posthead\" border=\"0\" width=\"100%\" cellpadding=\"2\" cellspacing=\"0\">\n";
foreach ($recent_visitors_array as $recent_visitor) {
if (isset($recent_visitor['LAST_LOGON']) && $recent_visitor['LAST_LOGON'] > 0) {
echo " <tr>\n";
if (session::get_value('SHOW_AVATARS') == 'Y') {
if (isset($recent_visitor['AVATAR_URL']) && strlen($recent_visitor['AVATAR_URL']) > 0) {
echo " <td valign=\"top\" class=\"postbody\" align=\"left\" width=\"25\"><img src=\"{$recent_visitor['AVATAR_URL']}\" alt=\"\" title=\"", word_filter_add_ob_tags(htmlentities_array(format_user_name($recent_visitor['LOGON'], $recent_visitor['NICKNAME']))), "\" border=\"0\" width=\"16\" height=\"16\" /></td>\n";
} else {
if (isset($recent_visitor['AVATAR_AID']) && is_md5($recent_visitor['AVATAR_AID'])) {
$attachment = attachments_get_by_hash($recent_visitor['AVATAR_AID']);
if ($profile_picture_href = attachments_make_link($attachment, false, false, false, false)) {
echo " <td valign=\"top\" class=\"postbody\" align=\"left\" width=\"25\"><img src=\"{$profile_picture_href}&avatar_picture\" alt=\"\" title=\"", word_filter_add_ob_tags(htmlentities_array(format_user_name($recent_visitor['LOGON'], $recent_visitor['NICKNAME']))), "\" border=\"0\" width=\"16\" height=\"16\" /></td>\n";
} else {
echo " <td valign=\"top\" align=\"left\" class=\"postbody\" width=\"25\"><img src=\"", html_style_image('bullet.png'), "\" alt=\"", gettext('User'), "\" title=\"", gettext('User'), "\" /></td>\n";
}
} else {
echo " <td valign=\"top\" align=\"left\" class=\"postbody\" width=\"25\"><img src=\"", html_style_image('bullet.png'), "\" alt=\"", gettext('User'), "\" title=\"", gettext('User'), "\" /></td>\n";
}
}
} else {
echo " <td valign=\"top\" align=\"left\" class=\"postbody\" width=\"25\"><img src=\"", html_style_image('bullet.png'), "\" alt=\"", gettext('User'), "\" title=\"", gettext('User'), "\" /></td>\n";
}
if (isset($recent_visitor['SID']) && !is_null($recent_visitor['SID']) && forum_get_setting('searchbots_show_recent', 'Y')) {
echo " <td valign=\"top\" align=\"left\"><a href=\"{$recent_visitor['URL']}\" target=\"_blank\">", word_filter_add_ob_tags(htmlentities_array($recent_visitor['NAME'])), "</a></td>\n";
function attachments_make_link($attachment, $show_thumbs = true, $limit_filename = false, $local_path = false, $img_tag = true)
{
if (!is_array($attachment)) {
return false;
}
if (!is_bool($show_thumbs)) {
$show_thumbs = true;
}
if (!is_bool($limit_filename)) {
$limit_filename = false;
}
if (!is_bool($local_path)) {
$local_path = false;
}
if (!is_bool($img_tag)) {
$img_tag = true;
}
if (!($attachment_dir = attachments_check_dir())) {
return false;
}
if (!isset($attachment['hash'])) {
return false;
}
if (!isset($attachment['filename'])) {
return false;
}
if (!isset($attachment['downloads'])) {
return false;
}
if (!is_md5($attachment['hash'])) {
return false;
}
$thumbnail_max_size = 100;
$webtag = get_webtag();
forum_check_webtag_available($webtag);
if (isset($_SESSION['SHOW_THUMBS']) && is_numeric($_SESSION['SHOW_THUMBS'])) {
$user_show_thumbs = $_SESSION['SHOW_THUMBS'];
} else {
$user_show_thumbs = 100;
}
if ($show_thumbs && forum_get_setting('attachment_thumbnails', 'Y') && ($user_show_thumbs > 0 || !session::logged_in())) {
$thumbnail_size = array(1 => 50, 2 => 100, 3 => 150);
$thumbnail_max_size = isset($thumbnail_size[$user_show_thumbs]) ? $thumbnail_size[$user_show_thumbs] : 100;
} else {
$show_thumbs = false;
}
if ($local_path) {
$attachment_href = "attachments/{$attachment['filename']}";
} else {
$attachment_href = "get_attachment.php?webtag={$webtag}&hash={$attachment['hash']}";
$attachment_href .= "&filename={$attachment['filename']}";
}
if ($img_tag) {
$title_array = array();
if (mb_strlen($attachment['filename']) > 16 && $limit_filename) {
$title_array[] = sprintf(gettext("Filename: %s"), $attachment['filename']);
$attachment['filename'] = format_file_name($attachment['filename']);
}
if (isset($attachment['filesize']) && is_numeric($attachment['filesize']) && $attachment['filesize'] > 0) {
$title_array[] = sprintf(gettext("Size: %s"), format_file_size($attachment['filesize']));
}
if ($attachment['downloads'] == 1) {
$title_array[] = gettext("Downloaded: 1 time");
} else {
$title_array[] = sprintf(gettext("Downloaded: %d times"), $attachment['downloads']);
}
if (isset($attachment['width'], $attachment['height'])) {
$title_array[] = sprintf(gettext("Dimensions %dx%dpx"), $attachment['width'], $attachment['height']);
}
$title = implode(", ", $title_array);
if ($show_thumbs && isset($attachment['thumbnail']) && $attachment['thumbnail'] == 'Y') {
$thumbnail_width = 150;
$thumbnail_height = 150;
while ($thumbnail_width > $thumbnail_max_size) {
$thumbnail_width--;
$thumbnail_height--;
}
$attachment_link = "<a href=\"{$attachment_href}\" target=\"_blank\"><span class=\"attachment_thumb\" ";
$attachment_link .= "style=\"background-image: url('{$attachment_href}&thumb=1'); ";
$attachment_link .= "width: {$thumbnail_width}px; height: {$thumbnail_height}px\" ";
$attachment_link .= "title=\"{$title}\"></span></a>";
} else {
$attachment_link = html_style_image('attach', gettext("Attachment"));
$attachment_link .= "<a href=\"{$attachment_href}\" title=\"{$title}\" ";
$attachment_link .= "target=\"_blank\">{$attachment['filename']}</a>";
}
return $attachment_link;
}
return $attachment_href;
}
/*
[Destoon B2B System] Copyright (c) 2008-2013 Destoon.COM
This is NOT a freeware, use is subject to license.txt
*/
@set_time_limit(0);
require 'common.inc.php';
if ($DT_BOT) {
dhttp(403);
}
$from = isset($from) ? trim($from) : '';
$swfupload = isset($swfupload) ? 1 : 0;
$errmsg = '';
if ($swfupload) {
//Fix FlashPlayer Bug
$swf_userid = intval($swf_userid);
if ($swf_userid != $_userid && is_md5($swf_auth)) {
$swf_groupid = intval($swf_groupid);
if ($swf_auth == md5($swf_userid . $swf_username . $swf_groupid . $swf_company . DT_KEY . $DT_IP) || $swf_auth == md5($swf_userid . $swf_username . $swf_groupid . convert($swf_company, 'utf-8', DT_CHARSET) . DT_KEY . $DT_IP)) {
$_userid = $swf_userid;
$_username = $swf_username;
$_groupid = $swf_groupid;
$_company = convert($swf_company, 'utf-8', DT_CHARSET);
$MG = cache_read('group-' . $_groupid . '.php');
} else {
$errmsg = 'Error(0)' . 'SWFUpload Denied';
if ($swfupload) {
exit(convert($errmsg, DT_CHARSET, 'utf-8'));
}
dalert($errmsg);
}
}
function forum_get_saved_password(&$password, &$passhash, &$sesshash)
{
$webtag = get_webtag($webtag_search);
if (isset($_COOKIE["bh_{$webtag}_password"]) && strlen(_stripslashes($_COOKIE["bh_{$webtag}_password"])) > 0) {
$password = _stripslashes($_COOKIE["bh_{$webtag}_password"]);
} else {
$password = "";
}
if (isset($_COOKIE["bh_{$webtag}_passhash"]) && is_md5($_COOKIE["bh_{$webtag}_passhash"])) {
$passhash = trim(_stripslashes($_COOKIE["bh_{$webtag}_passhash"]));
} else {
$passhash = "";
}
if (isset($_COOKIE["bh_{$webtag}_sesshash"]) && is_md5($_COOKIE["bh_{$webtag}_sesshash"])) {
$sesshash = trim(_stripslashes($_COOKIE["bh_{$webtag}_sesshash"]));
} else {
$sesshash = "";
}
return true;
}
/**
* Validates user
*
* Validates user using key sent to the user via email upon registration. Can be turned on/off
* @global resource
* @param string $email email of user being validated
* @param string $key key given at registration
* @return integer|boolean
*/
function validate_user($email, $key)
{
global $database;
// Error codes
// 904 - Email not given
// 905 - Invalid email
// 906 - No key given
// 907 - Invaid key given
// 908 - Invalid key / email combo
// Empty email?
if (empty($email)) {
return 904;
}
// Empty Key?
if (empty($key)) {
return 906;
}
// Valid email?
if (is_email($email)) {
// Valid md5?
if (is_md5($key)) {
//Query
$result = $database->query("SELECT * FROM `users` WHERE `email` = '{$email}' AND `key` = '{$key}' LIMIT 1");
if ($database->num($result) < 1) {
return 908;
} else {
// The user data
$user_data = $database->fetch($result);
// update user fields
$active = update_user($user_data['id'], false, 'active', 1);
$key = update_user($user_data['id'], false, 'key', '');
// What happened?
if ($active && $key) {
// is it true?
if (!alpha($active, 'numeric')) {
// Example of codes
switch ($active) {
case 905:
return false;
break;
default:
return true;
break;
}
}
// is it true?
if (!alpha($key, 'numeric')) {
// Example of codes
switch ($key) {
case 905:
return false;
break;
default:
return true;
break;
}
}
}
}
} else {
return 907;
}
} else {
return 905;
}
}
}
}
if (isset($thread['POLL_FLAG']) && $thread['POLL_FLAG'] == 'Y') {
echo "<a href=\"poll_results.php?webtag={$webtag}&tid={$thread['TID']}\" target=\"_blank\" class=\"popup 800x600\"><img src=\"", html_style_image('poll.png'), "\" border=\"0\" alt=\"", gettext("This is a poll. Click to view results."), "\" title=\"", gettext("This is a poll. Click to view results."), "\" /></a> ";
}
if (isset($thread['STICKY']) && $thread['STICKY'] == "Y") {
echo "<img src=\"", html_style_image('sticky.png'), "\" alt=\"", gettext("Sticky"), "\" title=\"", gettext("Sticky"), "\" /> ";
}
if (isset($thread['TRACK_TYPE']) && $thread['TRACK_TYPE'] == THREAD_TYPE_SPLIT) {
echo "<img src=\"", html_style_image('split_thread.png'), "\" alt=\"", gettext("Thread has been split"), "\" title=\"", gettext("Thread has been split"), "\" /> ";
} else {
if (isset($thread['TRACK_TYPE']) && $thread['TRACK_TYPE'] == THREAD_TYPE_MERGE) {
echo "<img src=\"", html_style_image('merge_thread.png'), "\" alt=\"", gettext("Thread has been merged"), "\" title=\"", gettext("Thread has been merged"), "\" /> ";
}
}
if (isset($thread['AID']) && is_md5($thread['AID'])) {
echo "<img src=\"", html_style_image('attach.png'), "\" alt=\"", gettext("Attachment"), "\" title=\"", gettext("Attachment"), "\" /> ";
}
echo "<span class=\"threadxnewofy\">{$number}</span></td>\n";
echo " <td valign=\"top\" style=\"white-space: nowrap\" align=\"right\"><span class=\"threadtime\">{$thread_time} </span></td>\n";
echo " </tr>\n";
echo " </table>\n";
unset($thread_info[$key]);
}
}
if (is_numeric($folder) && $folder_number == $folder && $thread_count >= 50) {
echo " <table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"3\"><a href=\"thread_list.php?webtag={$webtag}&mode={$mode}&folder={$folder}&page=", $page + 1, "\" class=\"folderinfo\" title=\"", gettext("Show next 50 threads"), "\">", gettext("Next 50 threads"), "</a></td>\n";
echo " </tr>\n";
echo " </table>\n";
/**
* Get new access_token with refresh_token
*
* @param string $refresh_token
* @param string $client Client id
* @param string $secret Client secret
*
* @return array|bool <i>false</i> on failure,
* otherwise array ['access_token' => md5, 'refresh_token' => md5, 'expires_in' => seconds, 'token_type' => 'bearer']
*/
function refresh_token($refresh_token, $client, $secret)
{
$client = $this->get_client($client);
if (!is_md5($refresh_token) || !$client || $client['secret'] != $secret) {
return false;
}
$data = $this->db_prime()->qf(["SELECT\n\t\t\t\t`user`,\n\t\t\t\t`access_token`,\n\t\t\t\t`session`\n\t\t\tFROM `[prefix]oauth2_clients_sessions`\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t= '%s' AND\n\t\t\t\t`refresh_token`\t= '%s'\n\t\t\tLIMIT 1", $client['id'], $refresh_token]);
$this->db_prime()->q("DELETE FROM `[prefix]oauth2_clients_sessions`\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t= '%s' AND\n\t\t\t\t`refresh_token`\t= '%s'\n\t\t\tLIMIT 1", $client['id'], $refresh_token);
if (!$data) {
return false;
}
unset($this->cache->{"tokens/{$data['access_token']}"});
$User = User::instance();
$id = $User->get_session_user($data['session']);
if ($id != $data['user']) {
return false;
}
$User->add_session($id);
$result = $this->get_code($this->add_code($client['id'], 'code'), $client['id'], $client['secret']);
$User->del_session();
return $result;
}
if (is_array($chatid)) {
foreach ($chatid as $cid) {
if (is_md5($cid)) {
$db->query("DELETE FROM {$table} WHERE chatid='{$cid}'");
}
}
} else {
if (is_md5($chatid)) {
$db->query("DELETE FROM {$table} WHERE chatid='{$chatid}'");
}
}
dmsg('删除成功', $forward);
break;
case 'view':
$lists = array();
if (is_md5($chatid)) {
$data = file_get(DT_ROOT . '/file/chat/' . substr($chatid, 0, 2) . '/' . $chatid . '.php');
if ($data) {
$data = trim(substr($data, 13));
$data = explode("\n", $data);
foreach ($data as $d) {
list($time, $name, $word) = explode("|", $d);
if ($MOD['chat_url'] || $MOD['chat_img']) {
if (preg_match_all("/([http|https]+)\\:\\/\\/([a-z0-9\\/\\-\\_\\.\\,\\?\\&\\#\\=\\%\\+\\;]{4,})/i", $word, $m)) {
foreach ($m[0] as $u) {
if ($MOD['chat_img'] && preg_match("/^(jpg|jpeg|gif|png|bmp)\$/i", file_ext($u)) && !preg_match("/([\\?\\&\\=]{1,})/i", $u)) {
$word = str_replace($u, '<img src="' . $u . '" onload="if(this.width>320)this.width=320;" onclick="window.open(this.src);"/>', $word);
} else {
if ($MOD['chat_url']) {
$word = str_replace($u, '<a href="' . $u . '" target="_blank">' . $u . '</a>', $word);
}
function stats_get_active_user_list()
{
$stats = array('ANON_USERS' => 0, 'BOTS' => 0, 'GUESTS' => 0, 'USER_COUNT' => 0, 'USERS' => array());
$search_engine_bots = array();
$user_sort = array();
if (!($db = db::get())) {
return $stats;
}
if (!($table_prefix = get_table_prefix())) {
return $stats;
}
if (!($forum_fid = get_forum_fid())) {
return $stats;
}
$session_gc_maxlifetime = ini_get('session.gc_maxlifetime');
$session_cutoff_datetime = date(MYSQL_DATETIME, time() - $session_gc_maxlifetime);
if (($uid = session::get_value('UID')) === false) {
return $stats;
}
$sql = "SELECT COUNT(UID) FROM SESSIONS WHERE UID = 0 AND SID IS NULL ";
$sql .= "AND SESSIONS.TIME >= CAST('{$session_cutoff_datetime}' AS DATETIME) ";
$sql .= "AND SESSIONS.FID = '{$forum_fid}'";
if (!($result = $db->query($sql))) {
return $stats;
}
list($stats['GUESTS']) = $result->fetch_row();
$sql = "SELECT DISTINCT SESSIONS.UID, USER.LOGON, USER.NICKNAME, USER_PEER2.PEER_NICKNAME, ";
$sql .= "USER_PREFS_GLOBAL.ANON_LOGON, USER_PEER.RELATIONSHIP AS PEER_RELATIONSHIP, ";
$sql .= "USER_PEER2.RELATIONSHIP AS USER_RELATIONSHIP, SEARCH_ENGINE_BOTS.SID, ";
$sql .= "SEARCH_ENGINE_BOTS.URL AS BOT_URL, SEARCH_ENGINE_BOTS.NAME AS BOT_NAME, ";
$sql .= "USER_PREFS_FORUM.AVATAR_URL AS AVATAR_URL_FORUM, USER_PREFS_FORUM.AVATAR_AID AS AVATAR_AID_FORUM, ";
$sql .= "USER_PREFS_GLOBAL.AVATAR_URL AS AVATAR_URL_GLOBAL, USER_PREFS_GLOBAL.AVATAR_AID AS AVATAR_AID_GLOBAL ";
$sql .= "FROM SESSIONS SESSIONS LEFT JOIN USER USER ON (USER.UID = SESSIONS.UID) ";
$sql .= "LEFT JOIN `{$table_prefix}USER_PEER` USER_PEER ";
$sql .= "ON (USER_PEER.UID = SESSIONS.UID AND USER_PEER.PEER_UID = '{$uid}') ";
$sql .= "LEFT JOIN `{$table_prefix}USER_PEER` USER_PEER2 ";
$sql .= "ON (USER_PEER2.PEER_UID = SESSIONS.UID AND USER_PEER2.UID = '{$uid}') ";
$sql .= "LEFT JOIN `{$table_prefix}USER_PREFS` USER_PREFS_FORUM ON (USER_PREFS_FORUM.UID = SESSIONS.UID) ";
$sql .= "LEFT JOIN USER_PREFS USER_PREFS_GLOBAL ON (USER_PREFS_GLOBAL.UID = SESSIONS.UID) ";
$sql .= "LEFT JOIN SEARCH_ENGINE_BOTS ON (SEARCH_ENGINE_BOTS.SID = SESSIONS.SID) ";
$sql .= "WHERE SESSIONS.TIME >= CAST('{$session_cutoff_datetime}' AS DATETIME) ";
$sql .= "AND SESSIONS.FID = '{$forum_fid}' AND (SESSIONS.UID > 0 OR SESSIONS.SID IS NOT NULL)";
if (!($result = $db->query($sql))) {
return $stats;
}
while ($user_data = $result->fetch_assoc()) {
if (isset($user_data['ANON_LOGON']) && $user_data['ANON_LOGON'] > USER_ANON_DISABLED) {
$anon_logon = $user_data['ANON_LOGON'];
} else {
$anon_logon = USER_ANON_DISABLED;
}
if (!isset($user_data['USER_RELATIONSHIP'])) {
$user_data['USER_RELATIONSHIP'] = USER_NORMAL;
}
if (!isset($user_data['PEER_RELATIONSHIP'])) {
$user_data['PEER_RELATIONSHIP'] = USER_NORMAL;
}
if (isset($user_data['LOGON']) && isset($user_data['PEER_NICKNAME'])) {
if (!is_null($user_data['PEER_NICKNAME']) && strlen($user_data['PEER_NICKNAME']) > 0) {
$user_data['NICKNAME'] = $user_data['PEER_NICKNAME'];
}
}
if (isset($user_data['AVATAR_URL_FORUM']) && strlen($user_data['AVATAR_URL_FORUM']) > 0) {
$user_data['AVATAR_URL'] = $user_data['AVATAR_URL_FORUM'];
} else {
if (isset($user_data['AVATAR_URL_GLOBAL']) && strlen($user_data['AVATAR_URL_GLOBAL']) > 0) {
$user_data['AVATAR_URL'] = $user_data['AVATAR_URL_GLOBAL'];
} else {
$user_data['AVATAR_URL'] = null;
}
}
if (isset($user_data['AVATAR_AID_FORUM']) && is_md5($user_data['AVATAR_AID_FORUM'])) {
$user_data['AVATAR_AID'] = $user_data['AVATAR_AID_FORUM'];
} else {
if (isset($user_data['AVATAR_AID_GLOBAL']) && is_md5($user_data['AVATAR_AID_GLOBAL'])) {
$user_data['AVATAR_AID'] = $user_data['AVATAR_AID_GLOBAL'];
} else {
$user_data['AVATAR_AID'] = null;
}
}
if (!isset($user_data['LOGON'])) {
$user_data['LOGON'] = gettext("Unknown user");
}
if (!isset($user_data['NICKNAME'])) {
$user_data['NICKNAME'] = "";
}
if (($user_data['USER_RELATIONSHIP'] & USER_IGNORED_COMPLETELY) > 0) {
unset($user_data);
} else {
if (isset($user_data['SID']) && !is_null($user_data['SID'])) {
if (forum_get_setting('searchbots_show_active', 'Y')) {
$stats['BOTS']++;
$user_sort[] = $user_data['BOT_NAME'];
$stats['USERS'][] = array('BOT_NAME' => $user_data['BOT_NAME'], 'BOT_URL' => $user_data['BOT_URL']);
} else {
$stats['GUESTS']++;
}
} else {
if ($anon_logon == USER_ANON_DISABLED || $user_data['UID'] == $uid || ($user_data['PEER_RELATIONSHIP'] & USER_FRIEND) > 0 && $anon_logon == USER_ANON_FRIENDS_ONLY) {
$stats['USER_COUNT']++;
$user_sort[] = format_user_name($user_data['LOGON'], $user_data['NICKNAME']);
$stats['USERS'][] = array('UID' => $user_data['UID'], 'LOGON' => $user_data['LOGON'], 'NICKNAME' => $user_data['NICKNAME'], 'RELATIONSHIP' => $user_data['USER_RELATIONSHIP'], 'ANON_LOGON' => $anon_logon, 'AVATAR_URL' => $user_data['AVATAR_URL'], 'AVATAR_AID' => $user_data['AVATAR_AID']);
} else {
$stats['ANON_USERS']++;
}
}
}
}
$user_sort = array_map('strtolower', $user_sort);
array_multisort($user_sort, SORT_ASC, SORT_STRING, $stats['USERS']);
return $stats;
}
function light_attachments_make_link($attachment)
{
if (!is_array($attachment)) {
return false;
}
if (!isset($attachment['hash']) || !is_md5($attachment['hash'])) {
return false;
}
if (!isset($attachment['filename'])) {
return false;
}
$webtag = get_webtag();
forum_check_webtag_available($webtag);
$href = "get_attachment.php?webtag={$webtag}&hash={$attachment['hash']}";
$href .= "&filename={$attachment['filename']}";
return "<a href=\"{$href}\" target=\"_blank\">{$attachment['filename']}</a>";
}
function forum_check_password($forum_fid)
{
if (!is_numeric($forum_fid)) {
return;
}
$webtag = get_webtag();
if (!forum_check_webtag_available($webtag)) {
return;
}
if (!($forum_passhash = forum_get_password($forum_fid))) {
return;
}
if (isset($_SESSION["{$webtag}_PASSWORD"]) && is_md5($_SESSION["{$webtag}_PASSWORD"])) {
$forum_passhash_check = $_SESSION["{$webtag}_PASSWORD"];
} else {
$forum_passhash_check = null;
}
if (isset($_POST['forum_password']) && strlen($_POST['forum_password']) > 0) {
$forum_passhash_check = md5($_POST['forum_password']);
}
if ($forum_passhash == $forum_passhash_check) {
$_SESSION["{$webtag}_PASSWORD"] = $forum_passhash_check;
return;
}
cache_disable();
html_draw_top(array('title' => gettext("Password Protected Forum")));
echo "<h1>", gettext("Password Protected Forum"), "</h1>\n";
if (isset($_SESSION["{$webtag}_PASSWORD"]) && is_md5($_SESSION["{$webtag}_PASSWORD"])) {
html_display_error_msg(gettext("The username or password you supplied is not valid."), '550', 'center');
}
if (($password_protected_message = forum_get_setting('password_protected_message')) !== false) {
echo fix_html($password_protected_message);
} else {
html_display_warning_msg(gettext("This forum is password protected. To gain access enter the password below."), '400', 'center');
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo " <form accept-charset=\"utf-8\" method=\"post\" action=\"", get_request_uri(), "\" target=\"_self\" autocomplete=\"off\">\n";
echo " ", form_csrf_token_field(), "\n";
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
echo form_input_hidden_array($_POST);
}
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"400\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"400\">\n";
echo " <tr>\n";
echo " <td class=\"posthead\" align=\"center\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\" colspan=\"2\">", gettext("Enter Password"), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"90%\">\n";
echo " <tr>\n";
echo " <td align=\"left\">", gettext("Password"), ":</td>\n";
echo " <td align=\"left\">", form_input_password('forum_password', null, 40), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">", form_submit("logon", gettext("Logon")), " ", form_submit("cancel", gettext("Cancel")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
if (session::check_perm(USER_PERM_ADMIN_TOOLS, 0) || session::check_perm(USER_PERM_FORUM_TOOLS, 0)) {
html_display_warning_msg(gettext("If you want to change some settings on your forum click the Admin link in the navigation bar above."), '400', 'center');
}
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
exit;
}
echo " <td align=\"left\"> </td>\n";
}
echo " <td align=\"right\" valign=\"top\" style=\"white-space: nowrap\" class=\"postbody\">", format_file_size($attachment['filesize']), "</td>\n";
echo " <td align=\"left\" width=\"25\"> </td>\n";
echo " </tr>\n";
$total_attachment_size += $attachment['filesize'];
}
}
}
if (is_array($image_attachments_array) && sizeof($image_attachments_array) > 0) {
foreach ($image_attachments_array as $key => $attachment) {
if ($attachment_link = attachments_make_link($attachment, false)) {
echo " <tr>\n";
echo " <td align=\"center\" width=\"1%\">", form_checkbox("delete_other_attachment[{$attachment['hash']}]", "Y"), "</td>\n";
echo " <td align=\"left\" valign=\"top\" style=\"white-space: nowrap\" class=\"postbody\">{$attachment_link}</td>\n";
if (!is_md5($aid) && is_md5($attachment['aid'])) {
echo " <td align=\"left\" valign=\"top\" style=\"white-space: nowrap\" class=\"postbody\">";
if ($message_link = attachments_get_message_link($attachment['aid'])) {
echo "<a href=\"{$message_link}\" target=\"_blank\">", gettext("View Message"), "</a>";
} else {
if ($message_link = attachments_get_pm_link($attachment['aid'])) {
echo "<a href=\"{$message_link}\" target=\"_blank\">", gettext("View Message"), "</a>";
} else {
echo ' ';
}
}
echo "</td>\n";
} else {
echo " <td align=\"left\"> </td>\n";
}
echo " <td align=\"right\" valign=\"top\" style=\"white-space: nowrap\" class=\"postbody\">", format_file_size($attachment['filesize']), "</td>\n";
function rm($key)
{
is_md5($key) or $key = md5($this->pre . $key);
return file_del(DT_CACHE . '/php/' . substr($key, 0, 2) . '/' . $key . '.php');
}
function is_payword($username, $payword)
{
global $db;
if (strlen($payword) < 6) {
return false;
}
$r = $db->get_one("SELECT payword,password FROM {$db->pre}member WHERE username='******'");
if (!$r) {
return false;
}
$r['payword'] = $r['payword'] ? $r['payword'] : $r['password'];
return $r['payword'] == (is_md5($payword) ? md5($payword) : md5(md5($payword)));
}
