function execute(&$request)
{
$config =& new FATemplate(FA_FORCE | FA_NOCACHE);
$config->setVar('db_driver', $request['db_info']['driver']);
$config->setVar('db_database', $request['db_info']['database']);
$config->setVar('db_directory', $request['db_info']['directory']);
$config->setVar('db_server', $request['db_info']['server']);
$config->setVar('db_user', $request['db_info']['user']);
$config->setVar('db_pass', $request['db_info']['pass']);
// ftp settings
$config->setVar('use_ftp', $request['ftp_info']['use']);
$config->setVar('ftp_user', $request['ftp_info']['user']);
$config->setVar('ftp_pass', $request['ftp_info']['pass']);
$config->setVar('cache_in_db', $_POST['store_cache'] == 'db' ? 'TRUE' : 'FALSE');
$_CONFIG = array();
$_CONFIG['ftp']['use_ftp'] = $request['ftp_info']['use'] == 'TRUE' ? TRUE : FALSE;
$_CONFIG['ftp']['username'] = $request['ftp_info']['user'];
$_CONFIG['ftp']['password'] = $request['ftp_info']['pass'];
$GLOBALS['_CONFIG'] = $_CONFIG;
$GLOBALS['_DBA'] = $request['dba'];
$buffer = $config->run(dirname(__FILE__) . '/templates/config.php');
$config->writeBuffer(INCLUDE_BASE_DIR . '/k4bb/config.php', '<?php' . FA_NL . $buffer . FA_NL . '?>');
$sqldata =& new FATemplate(FA_FORCE | FA_NOCACHE);
$_POST['admin_created'] = time();
foreach ($_POST as $key => $val) {
$sqldata->setVar($key, k4_htmlentities($val, ENT_QUOTES));
}
$sqldata->setVar('IMG_DIR', '{$IMG_DIR}');
$buffer = file_get_contents($request['schema']);
$queries = explode(';', $buffer);
foreach ($queries as $query) {
if (trim($query)) {
$request['dba']->executeUpdate(trim($query));
}
}
$buffer = $sqldata->run(dirname(__FILE__) . '/schema/k4.data.schema');
$queries = explode(FA_NL, $buffer);
foreach ($queries as $query) {
if ($query) {
$request['dba']->executeUpdate($query);
}
}
// create the cache
$general_cache = new K4GeneralCacheFilter();
$cache = array();
$methods = get_class_methods($general_cache);
foreach ($methods as $function) {
if (substr($function, 0, 6) == 'cache_') {
$general_cache->{$function}($cache, $request);
}
}
define('CACHE_IN_DB', $_POST['store_cache'] == 'db' ? TRUE : FALSE);
DBCache::createCache($cache);
// all done :D
$request['template']->render(INSTALLER_BASE_DIR . '/templates/success.html');
}
function execute(&$request)
{
global $_QUERYPARAMS, $_DATASTORE, $_SETTINGS;
$this->dba = $request['dba'];
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION');
/* Check the request ID */
if (!isset($_REQUEST['forum_id']) || !$_REQUEST['forum_id'] || intval($_REQUEST['forum_id']) == 0) {
$action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST');
}
/* Check the request ID */
if (!isset($_REQUEST['forum_id']) || !$_REQUEST['forum_id'] || intval($_REQUEST['forum_id']) == 0) {
$action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST');
}
$forum = $request['dba']->getRow("SELECT * FROM " . K4FORUMS . " WHERE forum_id = " . intval($_REQUEST['forum_id']));
/* Check the forum data given */
if (!$forum || !is_array($forum) || empty($forum)) {
$action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST');
}
/* Make sure the we are trying to post into a forum */
if (!($forum['row_type'] & FORUM) || $forum['forum_id'] == GARBAGE_BIN) {
$action = new K4InformationAction(new K4LanguageElement('L_CANTPOSTTONONFORUM'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_CANTPOSTTONONFORUM');
}
/* Do we have permission to post to this forum? */
if ($request['user']->get('perms') < get_map('topics', 'can_add', array('forum_id' => $forum['forum_id']))) {
$action = new K4InformationAction(new K4LanguageElement('L_PERMCANTPOST'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_PERMCANTPOST');
}
/* General error checking */
if (!isset($_REQUEST['name']) || $_REQUEST['name'] == '') {
$action = new K4InformationAction(new K4LanguageElement('L_INSERTTOPICNAME'), 'content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTTOPICNAME');
}
if (!$this->runPostFilter('name', new FALengthFilter(intval($_SETTINGS['topicmaxchars'])))) {
$action = new K4InformationAction(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])));
}
if (!$this->runPostFilter('name', new FALengthFilter(intval($_SETTINGS['topicmaxchars']), intval($_SETTINGS['topicminchars'])))) {
$action = new K4InformationAction(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])));
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$action = new K4InformationAction(new K4LanguageElement('L_INSERTTOPICMESSAGE'), 'content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTTOPICMESSAGE');
}
/* Get our topic */
$draft = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id = " . intval($_REQUEST['post_id']) . " AND is_draft = 1 AND poster_id = " . intval($request['user']->get('id')));
if (!$draft || !is_array($draft) || empty($draft)) {
$action = new K4InformationAction(new K4LanguageElement('L_DRAFTDOESNTEXIST'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_DRAFTDOESNTEXIST');
}
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], 'L_POSTTOPIC', $forum);
$created = time();
/* Initialize the bbcode parser with the topic message */
$_REQUEST['message'] = substr($_REQUEST['message'], 0, $_SETTINGS['postmaxchars']);
/* Parse the bbcode */
$body_text = $_REQUEST['message'];
$submit_type = isset($_REQUEST['submit_type']) ? $_REQUEST['submit_type'] : 'post';
if (!isset($_REQUEST['disable_bbcode']) || !$_REQUEST['disable_bbcode']) {
$parser =& new BBParser();
Globals::setGlobal('forum_id', $forum['forum_id']);
Globals::setGlobal('maxpolloptions', $request['template']->getVar('maxpolloptions') > $forum['maxpolloptions'] ? $forum['maxpolloptions'] : $request['template']->getVar('maxpolloptions'));
Globals::setGlobal('maxpollquestions', $request['template']->getVar('maxpollquestions') > $forum['maxpollquestions'] ? $forum['maxpollquestions'] : $request['template']->getVar('maxpollquestions'));
if ($submit_type == 'post' || $submit_type == 'draft' || isset($_REQUEST['post'])) {
$parser->register('BBPollNode');
}
$body_text = $parser->parse($body_text);
$is_poll = Globals::getGlobal('is_poll');
}
// permissions are taken into account inside the poller
//$poller = &new K4BBPolls($body_text, $draft['body_text'], $forum, $draft['post_id']);
/**
* Figure out what type of topic type this is
*/
$post_type = isset($_REQUEST['post_type']) && intval($_REQUEST['post_type']) != 0 ? $_REQUEST['post_type'] : TOPIC_NORMAL;
if ($post_type == TOPIC_STICKY && $request['user']->get('perms') < get_map('sticky', 'can_add', array('forum_id' => $forum['forum_id']))) {
$post_type = TOPIC_NORMAL;
} else {
if ($post_type == TOPIC_ANNOUNCE && $request['user']->get('perms') < get_map('announce', 'can_add', array('forum_id' => $forum['forum_id']))) {
$post_type = TOPIC_NORMAL;
}
}
$is_feature = isset($_REQUEST['is_feature']) && $_REQUEST['is_feature'] == 'yes' ? 1 : 0;
if ($is_feature == 1 && $request['user']->get('perms') < get_map('feature', 'can_add', array('forum_id' => $forum['forum_id']))) {
$is_feature = 0;
}
/* If we are submitting or saving a draft */
if ($submit_type == 'post' || $submit_type == 'draft' || (isset($_REQUEST['post']) || isset($_REQUEST['draft']))) {
/**
* Build the queries to add the draft
*/
$poster_name = $request['user']->get('id') <= 0 ? k4_htmlentities(isset($_REQUEST['poster_name']) ? $_REQUEST['poster_name'] : '', ENT_QUOTES) : $request['user']->get('name');
$update_a = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET name=?,body_text=?,posticon=?,disable_html=?,disable_bbcode=?,disable_emoticons=?,disable_sig=?,disable_areply=?,disable_aurls=?,is_draft=?,post_type=?,is_feature=?,is_poll=?,created=? WHERE post_id=?");
/* Set the informtion */
$update_a->setInt(1, $created);
$update_a->setInt(2, $draft['post_id']);
/* Set the topic information */
$update_a->setString(1, k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES));
$update_a->setString(2, $body_text);
$update_a->setString(3, $request['user']->get('perms') >= get_map('posticons', 'can_add', array('forum_id' => $forum['forum_id'])) ? isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif' : 'clear.gif');
$update_a->setInt(4, isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'] ? 1 : 0);
$update_a->setInt(5, isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'] ? 1 : 0);
$update_a->setInt(6, isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'] ? 1 : 0);
$update_a->setInt(7, isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'] ? 0 : 1);
$update_a->setInt(8, isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'] ? 1 : 0);
$update_a->setInt(9, isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'] ? 1 : 0);
$update_a->setInt(10, 0);
$update_a->setInt(11, $post_type);
$update_a->setInt(12, $is_feature);
$update_a->setInt(13, $is_poll);
$update_a->setInt(14, $created);
$update_a->setInt(15, $draft['post_id']);
/**
* Do the queries
*/
$update_a->executeUpdate();
$forum_update = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET topics=topics+1,posts=posts+1,post_created=?,post_name=?,post_uname=?,post_id=?,post_uid=?,post_posticon=? WHERE forum_id=?");
$datastore_update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data=? WHERE varname=?");
if (isset($_REQUEST['submit_type']) && $_REQUEST['submit_type'] == 'post' || isset($_REQUEST['post'])) {
$request['dba']->executeUpdate("UPDATE " . K4USERINFO . " SET num_posts=num_posts+1,total_posts=total_posts+1 WHERE user_id=" . intval($request['user']->get('id')));
}
/* Set the forum values */
$forum_update->setInt(1, $created);
$forum_update->setString(2, k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES));
$forum_update->setString(3, $poster_name);
$forum_update->setInt(4, $draft['post_id']);
$forum_update->setInt(5, $request['user']->get('id'));
$forum_update->setString(6, iif($request['user']->get('perms') >= get_map('posticons', 'can_add', array('forum_id' => $forum['forum_id'])), isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'clear.gif'));
$forum_update->setInt(7, $forum['forum_id']);
/* Set the datastore values */
$datastore = $_DATASTORE['forumstats'];
$datastore['num_topics'] = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4POSTS . " WHERE is_draft=0");
$datastore_update->setString(1, serialize($datastore));
$datastore_update->setString(2, 'forumstats');
/**
* Update the forums table and datastore table
*/
$forum_update->executeUpdate();
$datastore_update->executeUpdate();
reset_cache('datastore');
/**
* Subscribe this user to the topic
*/
if (isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply']) {
$subscribe = $request['dba']->prepareStatement("INSERT INTO " . K4SUBSCRIPTIONS . " (user_id,post_id,forum_id,email) VALUES (?,?,?,?)");
$subscribe->setInt(1, $request['user']->get('id'));
$subscribe->setInt(2, $draft['id']);
$subscribe->setInt(3, $forum['forum_id']);
$subscribe->setString(4, $request['user']->get('email'));
$subscribe->executeUpdate();
}
// deal with attachments
if ($request['template']->getVar('nojs') == 0) {
attach_files($request, $forum, $draft['post_id']);
}
// set up the topic queue
set_send_topic_mail($forum['forum_id'], $poster_name == '' ? $request['template']->getVar('L_GUEST') : $poster_name);
/* Redirect the user */
$action = new K4InformationAction(new K4LanguageElement('L_ADDEDTOPIC', k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES), $forum['name']), 'content', FALSE, 'viewtopic.php?id=' . $draft['post_id'], 3);
return $action->execute($request);
/* If we are previewing */
} else {
/**
* Post Previewing
*/
if (!USE_XMLHTTP) {
$request['template']->setVar('L_TITLETOOSHORT', sprintf($request['template']->getVar('L_TITLETOOSHORT'), $request['template']->getVar('topicminchars'), $request['template']->getVar('topicmaxchars')));
/* Get and set the emoticons and post icons to the template */
$emoticons = $request['dba']->executeQuery("SELECT * FROM " . K4EMOTICONS . " WHERE clickable=1");
$posticons = $request['dba']->executeQuery("SELECT * FROM " . K4POSTICONS);
/* Add the emoticons and posticons */
$request['template']->setList('emoticons', $emoticons);
$request['template']->setList('posticons', $posticons);
/* Set some emoticon information */
$request['template']->setVar('emoticons_per_row', $request['template']->getVar('smcolumns'));
$request['template']->setVar('emoticons_per_row_remainder', $request['template']->getVar('smcolumns') - 1);
$request['template']->setVar('newtopic_action', 'newtopic.php?act=postdraft');
$request['template']->setVisibility('post_topic', TRUE);
post_attachment_options($request, $forum, $draft);
topic_post_options($request['template'], $request['user'], $forum);
/* Create our editor */
create_editor($request, $_REQUEST['message'], 'post', $forum);
}
/* Set topic iterator array elements to be passed to the template */
$topic_preview = array('post_id' => @$draft['post_id'], 'name' => k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES), 'posticon' => isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'body_text' => $body_text, 'poster_name' => html_entity_decode($draft['poster_name'], ENT_QUOTES), 'poster_id' => $request['user']->get('id'), 'is_poll' => $draft['is_poll'], 'row_left' => 0, 'row_right' => 0, 'post_type' => $post_type, 'is_feature' => $is_feature, 'posticon' => $request['user']->get('perms') >= get_map('posticons', 'can_add', array('forum_id' => $forum['forum_id'])) ? isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif' : 'clear.gif', 'disable_html' => isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'] ? 1 : 0, 'disable_sig' => isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'] ? 0 : 1, 'disable_bbcode' => isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'] ? 1 : 0, 'disable_emoticons' => isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'] ? 1 : 0, 'disable_areply' => isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'] ? 1 : 0, 'disable_aurls' => isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'] ? 1 : 0);
/* Add the topic information to the template */
$topic_iterator = new TopicIterator($request['dba'], $request['user'], $topic_preview, FALSE);
$request['template']->setList('topic', $topic_iterator);
/* Assign the topic preview values to the template */
$topic_preview['body_text'] = $_REQUEST['message'];
foreach ($topic_preview as $key => $val) {
$request['template']->setVar('topic_' . $key, $val);
}
/* Assign the forum information to the template */
foreach ($forum as $key => $val) {
$request['template']->setVar('forum_' . $key, $val);
}
$request['template']->setVar('is_topic', 1);
if (!USE_XMLHTTP) {
/* Set the the button display options */
$request['template']->setVisibility('save_draft', FALSE);
$request['template']->setVisibility('load_button', FALSE);
$request['template']->setVisibility('edit_topic', TRUE);
$request['template']->setVisibility('post_id', TRUE);
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], 'L_POSTTOPIC', $forum);
/* Set the post topic form */
$request['template']->setVar('forum_forum_id', $forum['forum_id']);
$request['template']->setFile('preview', 'post_preview.html');
$request['template']->setFile('content', 'newtopic.html');
} else {
$templateset = $request['user']->isMember() ? $request['user']->get('templateset') : $forum['defaultstyle'];
$html = $request['template']->run(BB_BASE_DIR . '/templates/' . $templateset . '/post_preview.html');
xmlhttp_header();
echo $html;
xmlhttp_footer();
}
}
return TRUE;
}
function execute(&$request)
{
global $_QUERYPARAMS;
k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION');
/**
* Error checking on this member
*/
if (!isset($_REQUEST['id']) || intval($_REQUEST['id']) == 0) {
$action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE);
return $action->execute($request);
}
$member = $request['dba']->getRow("SELECT " . $_QUERYPARAMS['user'] . $_QUERYPARAMS['userinfo'] . " FROM " . K4USERS . " u LEFT JOIN " . K4USERINFO . " ui ON u.id = ui.user_id WHERE u.id = " . intval($_REQUEST['id']));
if (!$member || !is_array($member) || empty($member)) {
$action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE);
return $action->execute($request);
}
if (!$request['user']->isMember()) {
no_perms_error($request);
return TRUE;
}
if (!isset($_REQUEST['subject']) || $_REQUEST['subject'] == '') {
$action = new K4InformationAction(new K4LanguageElement('L_INSERTMAILSUBJECT'), 'content', TRUE);
return $action->execute($request);
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$action = new K4InformationAction(new K4LanguageElement('L_INSERTMAILMESSAGE'), 'content', TRUE);
return $action->execute($request);
}
k4_bread_crumbs($request['template'], $request['dba'], 'L_EMAILUSER');
$message_header = "From: " . $request['user']->get('name') . "\n";
$message_header .= "User ID: " . $request['user']->get('id') . "\n";
$message_header .= "Email: " . $request['user']->get('email') . "\n\n";
if (!email_user($member['email'], k4_htmlentities(stripslashes($_REQUEST['subject']), ENT_NOQUOTES), $message_header . k4_htmlentities(stripslashes($_REQUEST['message']), ENT_NOQUOTES))) {
$action = new K4InformationAction(new K4LanguageElement('L_ERROREMAILING', $member['name']), 'content', FALSE);
return $action->execute($request);
} else {
$action = new K4InformationAction(new K4LanguageElement('L_EMAILSENT', $member['name']), 'content', FALSE, 'member.php?id=' . $member['id'], 3);
return $action->execute($request);
}
return TRUE;
}
/**
* Function to apply a template to polls inside topics/posts
* @param string text The text that the poll is in
* @param object dba Database object
* @param integer poll_id The poll id
* @param text replace_text The text that will be replaced by the poll template
*
* @author Peter Goodman
*/
function poll_template(&$text, &$dba, $poll_id, $replace_text, $post_id, $post_id = FALSE)
{
global $_URL, $_LANG;
// attempt to get our poll question
$question = $dba->getRow("SELECT * FROM " . K4POLLQUESTIONS . " WHERE id = " . intval($poll_id));
// is this person logges it?
$show_results = $_SESSION['user']->isMember() ? FALSE : TRUE;
// do we show the results or not?
$show_results = isset($_REQUEST['sr' . intval($poll_id)]) && intval($_REQUEST['sr' . intval($poll_id)]) == 1 ? TRUE : $show_results;
// if the question is valid
if (is_array($question) && !empty($question)) {
$has_voted = $dba->executeQuery("SELECT * FROM " . K4POLLVOTES . " WHERE question_id = " . intval($question['id']) . " AND user_id = " . intval($_SESSION['user']->get('id')));
$can_vote = TRUE;
if ($has_voted->numRows() > 0) {
$show_results = TRUE;
$can_vote = FALSE;
}
/**
* POLL TEMPLATE HEADER
*/
$tpl = '<a name="poll' . intval($question['id']) . '" id="poll' . intval($question['id']) . '"></a><div align="center"><div align="center" style="width: 75%;">';
//$tpl .= ' <div style="width: 75%;" class="inset_box_small">';
if (!$show_results) {
$tpl .= '<form action="' . K4Url::getGenUrl('viewpoll', 'act=vote&id=' . intval($question['id'])) . '" method="post" enctype="multipart/form-data">';
$tpl .= '<input type="hidden" name="post_id" value="' . intval($post_id) . '" />';
$tpl .= '<input type="hidden" name="post_id" value="' . intval($post_id) . '" />';
}
$tpl .= ' <div class="subheader"><a href="' . K4Url::getGenUrl('viewpoll', 'id=' . $question['id'] . '" title="' . $question['question']) . '">' . $question['question'] . '</a> : ' . $_LANG['L_POLLOPTIONS'] . '</div>';
$tpl .= ' <div class="spacer">';
$tpl .= ' <table width="100%" cellpadding="0" cellspacing="' . K4_TABLE_CELLSPACING . '" border="0" class="table">';
/**
* / POLL TEMPLATE HEADER
*/
// get the answers
$answers = $dba->executeQuery("SELECT * FROM " . K4POLLANSWERS . " WHERE question_id = " . intval($question['id']) . " ORDER BY id ASC");
$i = 0;
// loop through the answers
while ($answers->next()) {
$answer = $answers->current();
$tpl .= ' <tr class="' . iif($i % 2 == 0, 'alt1', 'alt2') . '">';
if ($show_results) {
$num_votes = $dba->getValue("SELECT COUNT(*) FROM " . K4POLLVOTES . " WHERE question_id = " . $question['id'] . " AND answer_id = " . $answer['id']);
$percent = @ceil($num_votes / $question['num_votes'] * 100);
$tpl .= ' <td align="left"><div class="smalltext">' . k4_htmlentities($answer['answer'], ENT_QUOTES) . '</div></td>';
$tpl .= ' <td width="100" align="left"><div class="smalltext"><div style="float: left;border: 1px solid #333333;width: 100px;height: 18px;background-color: #FFFFFF;"><div style="float: left; height: 18px; width: ' . $percent . '%;background-color: #666666;"></div></div><br />(' . $percent . '%, ' . $num_votes . ' ' . $_LANG['L_VOTES'] . ')</div></td>';
} else {
$tpl .= ' <td align="left"><div class="smalltext"><label for="vote' . $answer['id'] . '">' . k4_htmlentities($answer['answer'], ENT_QUOTES) . '</label></div></td>';
$tpl .= ' <td align="center"><div class="smalltext"><input type="radio" id="vote' . $answer['id'] . '" name="vote" value="' . $answer['id'] . '" /></div></td>';
}
$tpl .= ' </tr>';
$i++;
}
/**
* POLL TEMPLATE FOOTER
*/
if (!$show_results) {
$tpl .= ' <tr class="base3">';
$tpl .= ' <td colspan="2" style="text-align:center;"><input type="submit" class="button" value="' . $_LANG['L_VOTE'] . '" /></td>';
$tpl .= ' </tr>';
}
if (!$show_results) {
$url =& new FAUrl($_URL->__toString());
$url->args['sr' . $question['id']] = 1;
$url->anchor = FALSE;
$tpl .= ' <tr class="alt3">';
$tpl .= ' <td colspan="2" style="text-align:center;"><a class="smalltext" href="' . $url->__toString() . '#poll' . intval($question['id']) . '" title="' . $_LANG['L_VIEWRESULTS'] . '">' . $_LANG['L_VIEWRESULTS'] . '</a></td>';
$tpl .= ' </tr>';
} else {
$url =& new FAUrl($_URL->__toString());
unset($url->args['sr' . $question['id']]);
if ($can_vote) {
$tpl .= ' <tr class="alt3">';
$tpl .= ' <td colspan="2" style="text-align:center;"><a class="smalltext" href="' . $url->__toString() . '#poll' . intval($question['id']) . '" title="' . $_LANG['L_VIEWOPTIONS'] . '">' . $_LANG['L_VIEWOPTIONS'] . '</a></td>';
$tpl .= ' </tr>';
}
}
$tpl .= ' </table>';
$tpl .= ' </div>';
if (!$show_results) {
$tpl .= '</form>';
}
$tpl .= '</div></div>';
/**
* / POLL TEMPLATE FOOTER
*/
// replace the poll tag with this poll template
$text = str_replace($replace_text, $tpl, $text);
} else {
$text = str_replace($replace_text, '', $text);
}
}
function execute(&$request)
{
if ($request['user']->isMember() && $request['user']->get('perms') >= ADMIN) {
k4_bread_crumbs($request['template'], $request['dba'], 'L_FAQ');
$request['template']->setVar('faq_on', '_on');
$request['template']->setFile('sidebar_menu', 'menus/faq.html');
if (!isset($_REQUEST['id']) || intval($_REQUEST['id']) == 0) {
$action = new K4InformationAction(new K4LanguageElement('L_BADFAQANSER'), 'content', FALSE);
return $action->execute($request);
}
$faq = $request['dba']->getRow("SELECT * FROM " . K4FAQANSWERS . " WHERE answer_id = " . intval($_REQUEST['id']));
if (!is_array($faq) || empty($faq)) {
$action = new K4InformationAction(new K4LanguageElement('L_BADFAQANSER'), 'content', FALSE);
return $action->execute($request);
}
$question = k4_htmlentities(html_entity_decode($_REQUEST['question'], ENT_QUOTES), ENT_QUOTES);
//$bbcode = new BBCodex($request['dba'], $request['user']->getInfoArray(), $_REQUEST['answer'], FALSE, TRUE, TRUE, TRUE, TRUE);
$parser =& new BBParser();
$update = $request['dba']->prepareStatement("UPDATE " . K4FAQANSWERS . " SET question=?,answer=?,row_order=?,can_view=? WHERE answer_id=?");
$update->setString(1, $question);
$update->setString(2, $parser->parse($_REQUEST['answer']));
$update->setInt(3, $_REQUEST['row_order']);
$update->setInt(4, $_REQUEST['can_view']);
$update->setInt(5, $faq['answer_id']);
$update->executeUpdate();
$action = new K4InformationAction(new K4LanguageElement('L_UPDATEDFAQANSWER', $faq['question']), 'content', FALSE, 'admin.php?act=faq_answers', 3);
return $action->execute($request);
} else {
no_perms_error($request);
}
return TRUE;
}
function execute(&$request)
{
global $_QUERYPARAMS, $_DATASTORE, $_SETTINGS;
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION');
/* Check the request ID */
if (!isset($_REQUEST['forum_id']) || !$_REQUEST['forum_id'] || intval($_REQUEST['forum_id']) == 0) {
$action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST');
}
$forum = $request['dba']->getRow("SELECT * FROM " . K4FORUMS . " WHERE forum_id=" . intval($_REQUEST['forum_id']));
/* Check the forum data given */
if (!$forum || !is_array($forum) || empty($forum)) {
$action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST');
}
/* Make sure the we are trying to edit in a forum */
if (!($forum['row_type'] & FORUM) || $forum['forum_id'] == GARBAGE_BIN) {
$action = new K4InformationAction(new K4LanguageElement('L_CANTEDITTONONFORUM'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_CANTEDITTONONFORUM');
}
/* General error checking */
if ($this->row_type & TOPIC) {
if (!isset($_REQUEST['name']) || $_REQUEST['name'] == '') {
$action = new K4InformationAction(new K4LanguageElement('L_INSERTTOPICNAME'), 'content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTTOPICNAME');
}
$len = strlen($_REQUEST['name']);
if ($len < intval($_SETTINGS['topicminchars']) || $len > intval($_SETTINGS['topicmaxchars'])) {
$action = new K4InformationAction(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])));
}
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$action = new K4InformationAction(new K4LanguageElement('L_INSERTTOPICMESSAGE'), 'content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTTOPICMESSAGE');
}
/* Get our post */
$post = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id = " . intval($_REQUEST['post_id']));
if (!is_array($post) || empty($post)) {
$action = new K4InformationAction(new K4LanguageElement('L_POSTDOESNTEXIST'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_POSTDOESNTEXIST');
}
$type = $this->row_type & TOPIC ? 'topics' : 'replies';
/* Does this person have permission to edit this topic? */
if ($post['poster_id'] == $request['user']->get('id')) {
if (get_map($type, 'can_edit', array('forum_id' => $forum['forum_id'])) > $request['user']->get('perms')) {
$action = new K4InformationAction(new K4LanguageElement('L_YOUNEEDPERMS'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_YOUNEEDPERMS');
}
} else {
if (get_map('other_' . $type, 'can_edit', array('forum_id' => $forum['forum_id'])) > $request['user']->get('perms')) {
$action = new K4InformationAction(new K4LanguageElement('L_YOUNEEDPERMS'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_YOUNEEDPERMS');
}
}
if ($post['is_poll'] == 1) {
// TODO: something here.
}
/* Does this user have permission to edit this topic if it is locked? */
if ($post['post_locked'] == 1 && get_map('closed', 'can_edit', array('forum_id' => $forum['forum_id'])) > $request['user']->get('perms')) {
$action = new K4InformationAction(new K4LanguageElement('L_YOUNEEDPERMS'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_YOUNEEDPERMS');
}
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], $this->row_type & TOPIC ? 'L_EDITTOPIC' : 'L_EDITREPLY', $post, $forum);
/* Initialize the bbcode parser with the topic message */
$_REQUEST['message'] = substr($_REQUEST['message'], 0, $_SETTINGS['postmaxchars']);
/* Parse the bbcode */
$body_text = $_REQUEST['message'];
$submit_type = isset($_REQUEST['submit_type']) ? $_REQUEST['submit_type'] : 'post';
if (!isset($_REQUEST['disable_bbcode']) || !$_REQUEST['disable_bbcode']) {
$parser =& new BBParser();
Globals::setGlobal('forum_id', $forum['forum_id']);
Globals::setGlobal('maxpolloptions', $request['template']->getVar('maxpolloptions') > $forum['maxpolloptions'] ? $forum['maxpolloptions'] : $request['template']->getVar('maxpolloptions'));
Globals::setGlobal('maxpollquestions', $request['template']->getVar('maxpollquestions') > $forum['maxpollquestions'] ? $forum['maxpollquestions'] : $request['template']->getVar('maxpollquestions'));
if ($submit_type == 'post' || isset($_REQUEST['post'])) {
$parser->register('BBPollNode');
}
$body_text = $parser->parse($body_text);
if ($submit_type == 'post' || isset($_REQUEST['post'])) {
$body_text = $parser->comparePolls($post['post_id'], $body_text, $post['body_text'], $request['dba']);
}
$is_poll = Globals::getGlobal('is_poll');
}
// permissions are taken into account inside the poller
//$poller = &new K4BBPolls($body_text, $topic['body_text'], $forum, $topic['post_id']);
$request['template']->setVar('newtopic_action', 'newtopic.php?act=updatetopic');
if ($this->row_type & TOPIC) {
/* Get the topic type */
$post_type = isset($_REQUEST['post_type']) && intval($_REQUEST['post_type']) != 0 ? $_REQUEST['post_type'] : TOPIC_NORMAL;
/* Check the topic type and check if this user has permission to post that type of topic */
if ($post_type == TOPIC_STICKY && $request['user']->get('perms') < get_map('sticky', 'can_add', array('forum_id' => $forum['forum_id']))) {
$post_type = TOPIC_NORMAL;
} else {
if ($post_type == TOPIC_ANNOUNCE && $request['user']->get('perms') < get_map('announce', 'can_add', array('forum_id' => $forum['forum_id']))) {
$post_type = TOPIC_NORMAL;
}
}
/* Is this a featured topic? */
$is_feature = isset($_REQUEST['is_feature']) && $_REQUEST['is_feature'] == 'yes' ? 1 : 0;
if ($is_feature == 1 && $request['user']->get('perms') < get_map('feature', 'can_add', array('forum_id' => $forum['forum_id']))) {
$is_feature = 0;
}
} else {
$post_type = TOPIC_NORMAL;
$is_feature = 0;
}
/* If we are saving this topic */
if ($submit_type == 'post' || isset($_REQUEST['post'])) {
$posticon = iif($request['user']->get('perms') >= get_map('posticons', 'can_add', array('forum_id' => $forum['forum_id'])), isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'clear.gif');
$time = time();
$name = k4_htmlentities($_REQUEST['name'], ENT_QUOTES);
/**
* Build the queries to update the topic
*/
$update_a = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET name=?,body_text=?,posticon=?,disable_html=?,disable_bbcode=?,disable_emoticons=?,disable_sig=?,disable_areply=?,disable_aurls=?,is_draft=?,edited_time=?,edited_username=?,edited_userid=?,is_feature=?,post_type=?,post_expire=?,is_poll=? WHERE post_id=?");
$update_a->setString(1, $name);
$update_a->setString(2, $body_text);
$update_a->setString(3, $posticon);
$update_a->setInt(4, isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'] ? 1 : 0);
$update_a->setInt(5, isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'] ? 1 : 0);
$update_a->setInt(6, isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'] ? 1 : 0);
$update_a->setInt(7, isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'] ? 0 : 1);
$update_a->setInt(8, isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'] ? 1 : 0);
$update_a->setInt(9, isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'] ? 1 : 0);
$update_a->setInt(10, 0);
$update_a->setInt(11, $time);
$update_a->setString(12, $request['user']->get('id') <= 0 ? k4_htmlentities(isset($_REQUEST['poster_name']) ? $_REQUEST['poster_name'] : '', ENT_QUOTES) : $request['user']->get('name'));
$update_a->setInt(13, $request['user']->get('id'));
$update_a->setInt(14, $is_feature);
$update_a->setInt(15, $post_type);
$update_a->setInt(16, $post_type > TOPIC_NORMAL ? intval(isset($_REQUEST['post_expire']) ? $_REQUEST['post_expire'] : 0) : 0);
$update_a->setInt(17, $is_poll);
$update_a->setInt(18, $post['post_id']);
$update_a->executeUpdate();
/* If this topic is a redirect/ connects to one, update the original */
if ($this->row_type & TOPIC && ($post['moved_new_post_id'] > 0 || $post['moved_old_post_id'] > 0)) {
$redirect = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET name=?,edited_time=?,edited_username=?,edited_userid=? WHERE post_id=?");
$redirect->setString(1, $name);
$redirect->setInt(2, time());
$redirect->setString(3, $request['user']->get('name'));
$redirect->setInt(4, $request['user']->get('id'));
$redirect->setInt(5, $post['moved_new_post_id'] > 0 ? $post['moved_new_post_id'] : $post['moved_old_post_id']);
$redirect->executeUpdate();
/**
* Subscribe/Unsubscribe this user to the topic
*/
$is_subscribed = $request['dba']->getRow("SELECT * FROM " . K4SUBSCRIPTIONS . " WHERE user_id = " . intval($request['user']->get('id')) . " AND post_id = " . intval($post['post_id']));
if (isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply']) {
if (!is_array($is_subscribed) || empty($is_subscribed)) {
$subscribe = $request['dba']->prepareStatement("INSERT INTO " . K4SUBSCRIPTIONS . " (user_id,post_id,forum_id,email) VALUES (?,?,?,?)");
$subscribe->setInt(1, $request['user']->get('id'));
$subscribe->setInt(2, $topic['post_id']);
$subscribe->setInt(3, $forum['forum_id']);
$subscribe->setString(4, $request['user']->get('email'));
$subscribe->executeUpdate();
}
} else {
if (!isset($_REQUEST['disable_areply']) || !$_REQUEST['disable_areply']) {
if (is_array($is_subscribed) && !empty($is_subscribed)) {
$subscribe = $request['dba']->prepareStatement("DELETE FROM " . K4SUBSCRIPTIONS . " WHERE user_id=? AND post_id=?");
$subscribe->setInt(1, $request['user']->get('id'));
$subscribe->setInt(2, $topic['post_id']);
$subscribe->executeUpdate();
}
}
}
}
// deal with attachments
if ($request['template']->getVar('nojs') == 0) {
attach_files($request, $forum, $post);
}
/* Should we update the forum's last post info? */
if ($forum['lastpost_id'] == $post['post_id']) {
// if this topic is the forums last post
if ($forum['lastpost_id'] == $post['post_id'] && $forum['lastpost_created'] == $post['created']) {
$forum_topic_update = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET lastpost_name=?,lastpost_posticon=? WHERE forum_id=?");
$forum_topic_update->setString(1, $name);
$forum_topic_update->setString(2, $posticon);
$forum_topic_update->setInt(3, $forum['forum_id']);
$forum_topic_update->executeUpdate();
}
}
/* Redirect the user */
$action = new K4InformationAction(new K4LanguageElement($this->row_type & TOPIC ? 'L_UPDATEDTOPIC' : 'L_UPDATEDREPLY', $name), 'content', FALSE, 'findpost.php?id=' . $post['post_id'], 3);
return $action->execute($request);
} else {
/**
* Post Previewing
*/
if (!USE_XMLHTTP) {
$request['template']->setVar('L_TITLETOOSHORT', sprintf($request['template']->getVar('L_TITLETOOSHORT'), $request['template']->getVar('topicminchars'), $request['template']->getVar('topicmaxchars')));
/* Get and set the emoticons and post icons to the template */
$emoticons = $request['dba']->executeQuery("SELECT * FROM " . K4EMOTICONS . " WHERE clickable = 1");
$posticons = $request['dba']->executeQuery("SELECT * FROM " . K4POSTICONS);
$request['template']->setList('emoticons', $emoticons);
$request['template']->setList('posticons', $posticons);
$request['template']->setVar('emoticons_per_row', $request['template']->getVar('smcolumns'));
$request['template']->setVar('emoticons_per_row_remainder', $request['template']->getVar('smcolumns') - 1);
post_attachment_options($request, $forum, $post);
topic_post_options($request['template'], $request['user'], $forum);
/* Create our editor */
create_editor($request, $_REQUEST['message'], 'post', $forum);
}
$topic_preview = array('post_id' => @$post['post_id'], 'name' => $name, 'posticon' => isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'body_text' => $body_text, 'poster_name' => html_entity_decode($topic['poster_name'], ENT_QUOTES), 'poster_id' => $request['user']->get('id'), 'is_poll' => $topic['is_poll'], 'row_left' => 0, 'row_right' => 0, 'post_type' => $post_type, 'is_feature' => $is_feature, 'disable_html' => isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'] ? 1 : 0, 'disable_sig' => isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'] ? 1 : 0, 'disable_bbcode' => isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'] ? 1 : 0, 'disable_emoticons' => isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'] ? 1 : 0, 'disable_areply' => isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'] ? 1 : 0, 'disable_aurls' => isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'] ? 1 : 0);
/* Add the topic information to the template */
$topic_iterator =& new TopicIterator($request['dba'], $request['user'], $topic_preview, FALSE);
$request['template']->setList('topic', $topic_iterator);
/* Assign the topic preview values to the template */
$topic_preview['body_text'] = $_REQUEST['message'];
foreach ($topic_preview as $key => $val) {
$request['template']->setVar('topic_' . $key, $val);
}
/* Assign the forum information to the template */
foreach ($forum as $key => $val) {
$request['template']->setVar('forum_' . $key, $val);
}
if (!USE_XMLHTTP) {
/* Set the the button display options */
$request['template']->setVisibility('save_draft', FALSE);
$request['template']->setVisibility('load_button', FALSE);
$request['template']->setVisibility('edit_topic', TRUE);
$request['template']->setVisibility('post_id', TRUE);
$request['template']->setVisibility('post_topic', FALSE);
$request['template']->setVisibility('edit_post', TRUE);
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], 'L_POSTTOPIC', $forum);
/* Set the post topic form */
$request['template']->setVar('forum_forum_id', $forum['forum_id']);
$request['template']->setFile('preview', 'post_preview.html');
$request['template']->setFile('content', 'newtopic.html');
} else {
$templateset = $request['user']->isMember() ? $request['user']->get('templateset') : $forum['defaultstyle'];
xmlhttp_header();
echo $request['template']->run(BB_BASE_DIR . '/templates/' . $templateset . '/post_preview.html');
xmlhttp_footer();
}
}
return TRUE;
}
function execute(&$request)
{
global $_QUERYPARAMS, $_ALLFORUMS, $_URL;
k4_bread_crumbs($request['template'], $request['dba'], 'L_SEARCHRESULTS');
if (get_map('advsearch', 'can_add', array()) > $request['user']->get('perms')) {
// something here?
}
/* Do we force it to rewrite the session? */
if (isset($_REQUEST['rewrite_session']) && intval($_REQUEST['rewrite_session']) == 1 && isset($_SESSION['search']['search_queries'])) {
unset($_SESSION['search']['search_queries']);
}
/**
* Sort out author information
*/
$user_ids = '';
if (isset($_REQUEST['author']) && $_REQUEST['author'] != '') {
$author = k4_htmlentities(trim($_REQUEST['author']), ENT_QUOTES);
if (!isset($_REQUEST['exact']) || !$_REQUEST['exact']) {
$author = str_replace('%', '*', $author);
$author = intval($request['template']->getVar('allowwildcards')) == 1 ? str_replace('*', '%', $author) : str_replace('*', ' ', $author);
// wildcard/partial match
$user_search = "LOWER(name) LIKE LOWER('%" . $request['dba']->quote($author) . "%')";
} else {
// exact match
$user_search = "name = '" . $request['dba']->quote($author) . "'";
}
if (strlen($author) < $request['template']->getVar('minsearchlength') || strlen($author) > $request['template']->getVar('maxsearchlength')) {
$action = new K4InformationAction(new K4LanguageElement('L_INVALIDSEARCHKEYWORDS', $request['template']->getVar('minsearchlength'), $request['template']->getVar('maxsearchlength')), 'content', TRUE, 'search.php', 5);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(sprintf($request['template']->getVar('L_INVALIDSEARCHKEYWORDS'), $request['template']->getVar('minsearchlength'), $request['template']->getVar('maxsearchlength')));
}
$users = $request['dba']->executeQuery("SELECT * FROM " . K4USERS . " WHERE {$user_search}");
if ($users->numrows() > 0) {
$user_ids = ' AND (';
while ($users->next()) {
$user = $users->current();
$user_ids .= $users->key() == 0 ? ' poster_id = ' . intval($user['id']) : ' OR poster_id = ' . intval($user['id']);
}
$user_ids .= ') ';
} else {
$action = new K4InformationAction(new K4LanguageElement('L_NOAUTHORSBYNAME'), 'content', FALSE, 'search.php', 5);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_NOAUTHORSBYNAME');
}
}
/**
* Sort out forum information
*/
$forum_ids = '';
$category_ids = '';
$searchable_forums = '';
/* This will handle different types of forum data */
if (isset($_REQUEST['forums']) && is_array($_REQUEST['forums']) && !empty($_REQUEST['forums'])) {
$forums = $_REQUEST['forums'];
} elseif (isset($_REQUEST['forums']) && count(explode("|", $_REQUEST['forums'])) > 0) {
$forums = explode("|", $_REQUEST['forums']);
} else {
$forums = array();
}
/* Now start looking thouroughly at the data */
if (is_array($forums) && !empty($forums)) {
$subforums = isset($_REQUEST['searchsubforums']) && intval($_REQUEST['searchsubforums']) == 1 ? TRUE : FALSE;
$allforums = intval(@$forums[0]) == -1 ? TRUE : FALSE;
$searchable_forums = $allforums ? '-1' : '';
// do not include the first option
for ($i = 1; $i < count($forums); $i++) {
$id = intval($forums[$i]);
// forums
if (isset($_ALLFORUMS[$id])) {
if (get_map('', 'can_view', array('forum_id' => $id)) <= $request['user']->get('perms')) {
$forum_ids .= !$subforums && $_ALLFORUMS[$id]['row_level'] > 2 ? '' : ' OR forum_id = ' . intval($id);
$searchable_forums .= '|' . $id;
}
}
}
$category_ids = $category_ids != '' ? ' AND (' . substr($category_ids, 4) . ') ' : '';
$forum_ids = $forum_ids != '' ? ' AND (' . substr($forum_ids, 4) . ') ' : '';
// if(($allforums && !$subforums) || (!$allforums && !$subforums) ) {
// $forum_ids = $forum_ids != '' ? ' AND ('. substr($forum_ids, 4) .') ' : '';
// } else {
// $category_ids = '';
// $forum_ids = '';
// $searchable_forums = '-1';
// }
}
/* Set which forums we're looking through to the display options field */
$request['template']->setVar('search_forums', trim($searchable_forums, '|'));
/**
* Sort out keywords
*/
$keyword_query = '';
if (isset($_REQUEST['keywords']) && $_REQUEST['keywords'] != '' && !isset($_REQUEST['newposts'])) {
// deal with wildcrds
$keywords = str_replace('%', '*', $_REQUEST['keywords']);
$keywords = intval($request['template']->getVar('allowwildcards')) == 1 ? str_replace('*', '%', $keywords) : str_replace('*', ' ', $keywords);
// are the keywords too short or too long?
if (strlen($keywords) < $request['template']->getVar('minsearchlength') || strlen($keywords) > $request['template']->getVar('maxsearchlength')) {
$action = new K4InformationAction(new K4LanguageElement('L_INVALIDSEARCHKEYWORDS', $request['template']->getVar('minsearchlength'), $request['template']->getVar('maxsearchlength')), 'content', TRUE, 'search.php', 5);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(sprintf($request['template']->getVar('L_INVALIDSEARCHKEYWORDS'), $request['template']->getVar('minsearchlength'), $request['template']->getVar('maxsearchlength')));
}
// has the person specified where to search?
if (isset($_REQUEST['searchwhere']) && $_REQUEST['searchwhere'] != '' && $_REQUEST['searchwhere'] != 'subjectmessage') {
if ($_REQUEST['searchwhere'] == 'subject') {
$keyword_query = " AND LOWER(name) LIKE LOWER('%" . $request['dba']->quote($keywords) . "%')";
} else {
if ($_REQUEST['searchwhere'] == 'message') {
$keyword_query = " AND LOWER(body_text) LIKE LOWER('%" . $request['dba']->quote($keywords) . "%')";
}
}
} else {
$keyword_query = " AND (LOWER(name) LIKE LOWER('%" . $request['dba']->quote($keywords) . "%') OR LOWER(body_text) LIKE LOWER('%" . $request['dba']->quote($keywords) . "%')) ";
}
}
// set where we are searching to the template
$request['template']->setVar('search_where', !isset($_REQUEST['searchwhere']) ? 'subjectmessage' : $_REQUEST['searchwhere']);
// are there no keywords, user ids, etc?
if ($keyword_query == '' && $user_ids == '' && !isset($_SESSION['search']['search_queries']) && !isset($_REQUEST['newposts'])) {
$action = new K4InformationAction(new K4LanguageElement('L_SEARCHINVALID'), 'content', TRUE, 'search.php', 3);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_SEARCHINVALID');
}
/**
* Viewing preferences
*/
$sort_orders = array('created', 'poster_name', 'name', 'forum_id');
$viewas = isset($_SESSION['search']['search_queries']['viewas']) && $_SESSION['search']['search_queries']['viewas'] == 'topics' ? 'topics' : (isset($_REQUEST['viewas']) && $_REQUEST['viewas'] == 'topics' ? 'topics' : 'posts');
$resultsperpage = $viewas == 'topics' ? intval($request['template']->getVar('searchtopicsperpage')) : intval($request['template']->getVar('searchpostsperpage'));
$resultsperpage = isset($_REQUEST['limit']) && ctype_digit($_REQUEST['limit']) && intval($_REQUEST['limit']) > 0 ? intval($_REQUEST['limit']) : $resultsperpage;
$page = isset($_REQUEST['page']) && ctype_digit($_REQUEST['page']) && intval($_REQUEST['page']) > 0 ? intval($_REQUEST['page']) : 1;
$daysprune = isset($_REQUEST['daysprune']) && ctype_digit($_REQUEST['daysprune']) ? $_REQUEST['daysprune'] == -1 ? 0 : intval($_REQUEST['daysprune']) : 0;
$daysprune = $daysprune > 0 ? time() - @($daysprune * 86400) : 0;
$sortorder = isset($_SESSION['search']['search_queries']['order']) && $_SESSION['search']['search_queries']['order'] == 'ASC' ? 'ASC' : (isset($_REQUEST['order']) && $_REQUEST['order'] == 'ASC' ? 'ASC' : 'DESC');
$sortedby = isset($_SESSION['search']['search_queries']['sort']) && $_SESSION['search']['search_queries']['sort'] != 'DESC' ? $_SESSION['search']['search_queries']['sort'] : (isset($_REQUEST['sort']) && $_REQUEST['sort'] != '' ? $_REQUEST['sort'] : 'created');
$start = ceil(@($page - 1) * $resultsperpage);
/**
* Execute the search
*/
/* Create an array of the queries that we will use to weed out posts and pass through the session */
$select = "num_replies, forum_id, post_id, post_id, body_text, name, posticon, is_poll, poster_name, poster_id, views, lastpost_uname, lastpost_uid, created, row_type";
$general_condition = "is_draft=0 AND queue=0 AND display=1 AND moved_new_post_id=0 AND post_id>0";
//$selectr = "num_replies, forum_id, post_id, post_id, body_text, name, posticon, is_poll, poster_name, poster_id, poster_ip as views, poster_ip, category_id, created, row_type";
$queries = array('posts' => "SELECT **SELECT** FROM " . K4POSTS . " WHERE {$general_condition} {$user_ids} {$forum_ids} {$category_ids} {$keyword_query} AND created >= {$daysprune} ORDER BY {$sortedby} {$sortorder}", 'topics_only' => "SELECT **SELECT** FROM " . K4POSTS . " WHERE row_type=" . TOPIC . " AND {$general_condition} {$user_ids} {$forum_ids} {$keyword_query} ORDER BY {$sortedby} {$sortorder}", 'viewas' => $viewas, 'limit' => $resultsperpage, 'sort' => $sortedby, 'order' => $sortorder, 'author' => @$_REQUEST['author'], 'keywords' => @$_REQUEST['keywords'], 'subforums' => intval(@$_REQUEST['searchsubforums']));
//print_r($queries);
// set these queries to the session
if (isset($_SESSION['search']['search_queries']) && is_array($_SESSION['search']['search_queries']) && !empty($_SESSION['search']['search_queries'])) {
$queries = $_SESSION['search']['search_queries'];
} else {
$_SESSION['search']['search_queries'] = $queries;
}
/* Get topics and replies */
if ($queries['viewas'] == 'posts') {
if (!isset($queries['num_results'])) {
$num_results = $request['dba']->getValue(str_replace('**SELECT**', 'COUNT(post_id)', $queries['posts']));
$_SESSION['search']['search_queries']['num_results'] = $num_results;
} else {
$num_results = $queries['num_results'];
}
/* Set the iterator */
$result = $request['dba']->executeQuery(str_replace('**SELECT**', $select, $queries['posts']) . " LIMIT {$start}," . intval($queries['limit']));
$it =& new SearchResultsIterator($request['dba'], $result);
/* Get topics only */
} else {
if (!isset($queries['num_results'])) {
$num_results = $request['dba']->getValue(str_replace('**SELECT**', 'COUNT(post_id)', $queries['topics_only']));
$_SESSION['search']['search_queries']['num_results'] = $num_results;
} else {
$num_results = $queries['num_results'];
}
/* get the topics */
$topics = $request['dba']->executeQuery(str_replace('**SELECT**', '*', $queries['topics_only']) . " LIMIT {$start}," . $queries['limit']);
/* Apply the topics iterator */
$it =& new TopicsIterator($request['dba'], $request['user'], $topics, $request['template']->getVar('IMG_DIR'), array('postsperpage' => $queries['limit']));
}
/**
* Pagination
*/
/* Create the Pagination */
$url = new FAUrl($_URL->__toString());
$url->args['limit'] = $queries['limit'];
$url->args['viewas'] = $queries['viewas'];
$url->args['sort'] = $queries['sort'];
$url->args['order'] = $queries['order'];
$url->args['page'] = FALSE;
$url->anchor = FALSE;
$num_pages = ceil(@($num_results / $queries['limit']));
$pager =& new FAPaginator($url, $num_results, $page, $queries['limit']);
$base_url = new FAUrl($_URL->__toString());
if ($num_results > $resultsperpage) {
$request['template']->setPager('searchresults_pager', $pager);
/* Create a friendly url for our pager jump */
$request['template']->setVar('pagejumper_url', preg_replace('~&~i', '&', $base_url->__toString()));
}
/* Outside valid page range, redirect */
if (!$pager->hasPage($page) && $num_pages > 0) {
$base_url->args['page'] = $num_pages;
$action = new K4InformationAction(new K4LanguageElement('L_PASTPAGELIMIT'), 'content', FALSE, $base_url->__toString(), 3);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_PASTPAGELIMIT');
}
// finish stuff off
$request['template']->setVar('mod_panel', 0);
$request['template']->setVar('search_panel', 1);
$request['template']->setList('search_results', $it);
/* Search data gathered */
$request['template']->setVar('search_viewas', $queries['viewas']);
$request['template']->setVar('search_viewas_int', $queries['viewas'] == 'posts' ? 1 : 2);
// for the if statements
$request['template']->setVar('search_num_results', $num_results);
$request['template']->setVar('search_author', $queries['author']);
$request['template']->setVar('search_keywords', $queries['keywords']);
$request['template']->setVar('search_sort', $queries['sort']);
$request['template']->setVar('search_limit', $queries['limit']);
$request['template']->setVar('search_order', $queries['order']);
$request['template']->setVar('search_subforums', $queries['subforums']);
$request['template']->setVar('search_daysprune', isset($_REQUEST['daysprune']) ? intval($_REQUEST['daysprune']) : 0);
$request['template']->setVar('post_length', isset($_REQUEST['post_length']) && intval($_REQUEST['post_length']) > 0 ? intval($_REQUEST['post_length']) : intval($request['template']->getVar('searchpostlength')));
$request['template']->setFile('content', 'search_results.html');
//$request['template']->setFile('content_extra', 'search_sort_menu.html');
$request['template']->setVisibility('forum_midsection', FALSE);
/* Memory Saving */
unset($result);
if (USE_XMLHTTP) {
$html = $request['template']->run(BB_BASE_DIR . '/templates/' . $request['user']->get('templateset') . '/search_results_simple.html');
xmlhttp_header();
echo $html;
xmlhttp_footer();
}
return TRUE;
}
function execute(&$request)
{
if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) {
global $_PROFILEFIELDS, $_SETTINGS;
k4_bread_crumbs($request['template'], $request['dba'], 'L_USERS');
$request['template']->setVar('users_on', '_on');
$request['template']->setFile('sidebar_menu', 'menus/users.html');
if (!isset($_REQUEST['user_id']) || intval($_REQUEST['user_id']) == 0) {
$action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE);
return $action->execute($request);
}
$user = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE id=" . intval($_REQUEST['user_id']) . " LIMIT 1");
if (!is_array($user) || empty($user)) {
$action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE);
return $action->execute($request);
}
/* Collect the custom profile fields */
$query_fields = '';
foreach ($_PROFILEFIELDS as $field) {
/* This insures that we only put in what we need to */
if (isset($_REQUEST[$field['name']])) {
switch ($field['inputtype']) {
default:
case 'text':
case 'textarea':
case 'select':
if ($_REQUEST[$field['name']] != '') {
$query_fields .= ', ' . $field['name'] . "='" . $request['dba']->quote(k4_htmlentities($_REQUEST[$field['name']], ENT_QUOTES)) . "'";
}
break;
case 'multiselect':
case 'radio':
case 'check':
if (is_array($_REQUEST[$field['name']]) && !empty($_REQUEST[$field['name']])) {
$query_fields .= ',' . $field['name'] . "='" . $request['dba']->quote(serialize($_REQUEST[$field['name']])) . "'";
}
break;
}
}
}
/**
* Error checking
*/
/* Username checks */
if (!$this->runPostFilter('uname', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE);
}
if (!$this->runPostFilter('uname', new FARegexFilter('~^[a-zA-Z]([a-zA-Z0-9]*[-_ ]?)*[a-zA-Z0-9]*$~'))) {
$action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE);
}
if (!$this->runPostFilter('uname', new FALengthFilter(intval($_SETTINGS['maxuserlength'])))) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOLONG', intval($_SETTINGS['maxuserlength'])), 'content', TRUE);
}
if (!$this->runPostFilter('uname', new FALengthFilter(intval($_SETTINGS['maxuserlength']), intval($_SETTINGS['minuserlength'])))) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOSHORT', intval($_SETTINGS['minuserlength']), intval($_SETTINGS['maxuserlength'])), 'content', TRUE);
}
if ($_REQUEST['uname'] != $user['name']) {
if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE name = '" . $request['dba']->quote($_REQUEST['uname']) . "'") > 0) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMETAKEN'), 'content', TRUE);
}
}
if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4BADUSERNAMES . " WHERE name = '" . $request['dba']->quote($_REQUEST['uname']) . "'") > 0) {
$action = new K4InformationAction(new K4LanguageElement('L_USERNAMENOTGOOD'), 'content', TRUE);
}
if (isset($action)) {
return $action->execute($request);
}
/* Check the appropriatness of the username */
$name = $_REQUEST['uname'];
replace_censors($name);
if ($name != $_REQUEST['uname']) {
$action = new K4InformationAction(new K4LanguageElement('L_INNAPROPRIATEUNAME'), 'content', TRUE);
}
/* Email checks */
if (!$this->runPostFilter('email', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAIL'), 'content', TRUE);
}
if (!$this->runPostFilter('email', new FARegexFilter('~^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$~'))) {
$action = new K4InformationAction(new K4LanguageElement('L_NEEDVALIDEMAIL'), 'content', TRUE);
}
if ($_SETTINGS['requireuniqueemail'] == 1 && $_REQUEST['email'] != $user['email']) {
if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE email = '" . $request['dba']->quote($_REQUEST['email']) . "'") > 0) {
$action = new K4InformationAction(new K4LanguageElement('L_EMAILTAKEN'), 'content', TRUE);
}
}
if (isset($action)) {
return $action->execute($request);
}
/**
*
* Update User
*
*/
$usergroups = isset($_REQUEST['usergroups']) && is_array($_REQUEST['usergroups']) ? $_REQUEST['usergroups'] : array(2);
$name = k4_htmlentities(strip_tags($_REQUEST['uname']), ENT_QUOTES);
$reg_key = md5(uniqid(rand(), TRUE));
$insert_a = $request['dba']->prepareStatement("UPDATE " . K4USERS . " SET name=?,email=?,perms=?,usergroups=? WHERE id=?");
$insert_a->setString(1, $name);
$insert_a->setString(2, $_REQUEST['email']);
$insert_a->setInt(3, $_REQUEST['permissions']);
$insert_a->setString(4, '|' . implode('|', $usergroups) . '|');
// Registered Users
$insert_a->setInt(5, $user['id']);
$insert_a->executeUpdate();
$insert_b = $request['dba']->prepareStatement("UPDATE " . K4USERINFO . " SET timezone=? " . $query_fields . " WHERE user_id=?");
$insert_b->setInt(1, intval(@$_REQUEST['timezone']));
$insert_b->setInt(2, $user['id']);
$insert_b->executeUpdate();
/**
*
* User Profile
*
*/
$query = "UPDATE " . K4USERINFO . " SET ";
$error = '';
$fields = array('fullname', 'icq', 'aim', 'msn', 'yahoo', 'jabber', 'googletalk');
foreach ($fields as $field) {
if (isset($_REQUEST[$field]) && $_REQUEST[$field] != '') {
$query .= $field . "='" . $request['dba']->quote($_REQUEST[$field]) . "', ";
}
}
// deal with the timezone
if (isset($_REQUEST['timezone']) && $_REQUEST['timezone'] != '') {
$query .= "timezone = " . intval($_REQUEST['timezone']) . ", ";
}
// could this check get any uglier/more stupid?
$birthday = '';
if (isset($_REQUEST['month']) && isset($_REQUEST['day']) && isset($_REQUEST['year'])) {
if (intval($_REQUEST['month']) != 0 && ctype_digit($_REQUEST['month']) && (intval($_REQUEST['day']) != 0 && ctype_digit($_REQUEST['day'])) && (intval($_REQUEST['year']) != 0 && ctype_digit($_REQUEST['year']))) {
$birthday = $request['dba']->quote($_REQUEST['month'] . '/' . $_REQUEST['day'] . '/' . $_REQUEST['year']);
$birthday = strlen($birthday) == 10 ? $birthday : '';
}
}
// finish off this query
$query .= "birthday = '" . $birthday . "' WHERE user_id = " . intval($user['id']);
/* Update the user */
$request['dba']->executeUpdate($query);
/**
*
* User Options
*
*/
/* Do half-checks on the styles/language stuff */
$language = !in_array($_REQUEST['language'], get_files(K4_BASE_DIR . '/lang/', TRUE, TRUE)) ? $request['user']->get('language') : $_REQUEST['language'];
$imageset = !in_array($_REQUEST['imageset'], get_files(BB_BASE_DIR . '/Images/', TRUE, TRUE)) ? $request['user']->get('imageset') : $_REQUEST['imageset'];
$templateset = !in_array($_REQUEST['templateset'], get_files(BB_BASE_DIR . '/templates/', TRUE, TRUE)) ? $request['user']->get('templateset') : $_REQUEST['templateset'];
$styleset = $request['dba']->getRow("SELECT * FROM " . K4STYLES . " WHERE id = " . intval($_REQUEST['styleset']) . " LIMIT 1");
$styleset = is_array($styleset) && !empty($styleset) ? $styleset['name'] : $request['user']->get('styleset');
/* Change the users' invisible mode */
if (isset($_REQUEST['invisible']) && (intval($_REQUEST['invisible']) == 0 || intval($_REQUEST['invisible']) == 1) && intval($_REQUEST['invisible']) != $request['user']->get('invisible')) {
$request['dba']->executeUpdate("UPDATE " . K4USERS . " SET invisible = " . intval($_REQUEST['invisible']) . " WHERE id = " . intval($request['user']->get('id')));
}
/**
* Prepare the big query
*/
$query = $request['dba']->prepareStatement("UPDATE " . K4USERSETTINGS . " SET templateset=?,styleset=?,imageset=?,language=?,topic_display=?,notify_pm=?,popup_pm=?,topicsperpage=?,postsperpage=?,viewimages=?,viewavatars=?,viewsigs=?,viewflash=?,viewemoticons=?,viewcensors=?,topic_threaded=? WHERE user_id = ?");
$query->setString(1, $templateset);
$query->setString(2, $styleset);
$query->setString(3, $imageset);
$query->setString(4, $language);
$query->setInt(5, $_REQUEST['topic_display']);
$query->setInt(6, $_REQUEST['notify_pm']);
$query->setInt(7, $_REQUEST['popup_pm']);
$query->setInt(8, $_REQUEST['topicsperpage']);
$query->setInt(9, $_REQUEST['postsperpage']);
$query->setInt(10, $_REQUEST['viewimages']);
$query->setInt(11, $_REQUEST['viewavatars']);
$query->setInt(12, $_REQUEST['viewsigs']);
$query->setInt(13, $_REQUEST['viewflash']);
$query->setInt(14, $_REQUEST['viewemoticons']);
$query->setInt(15, $_REQUEST['viewcensors']);
$query->setInt(16, $_REQUEST['topic_threaded']);
$query->setInt(17, $user['id']);
$query->executeUpdate();
/**
*
* Datastore
*
*/
if ($_DATASTORE['forumstats']['newest_user_id'] == $user['id']) {
$datastore_update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data=? WHERE varname=?");
$datastore = $_DATASTORE['forumstats'];
$datastore['newest_user_name'] = $name;
$datastore_update->setString(1, serialize($datastore));
$datastore_update->setString(2, 'forumstats');
$datastore_update->executeUpdate();
reset_cache('datastore');
}
/**
*
* User Name
*
*/
if ($name != $user['name']) {
$request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET poster_name='" . $request['dba']->quote($name) . "' WHERE poster_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET edited_username='******'dba']->quote($name) . "' WHERE edited_userid=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET lastpost_uname='" . $request['dba']->quote($name) . "' WHERE lastpost_uid=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4FORUMS . " SET post_uname='" . $request['dba']->quote($name) . "' WHERE post_uid=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4POLLVOTES . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4RATINGS . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4USERGROUPS . " SET mod_name='" . $request['dba']->quote($name) . "' WHERE mod_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4BADPOSTREPORTS . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4BADPOSTREPORTS . " SET poster_name='" . $request['dba']->quote($name) . "' WHERE poster_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4BANNEDUSERS . " SET user_name='" . $request['dba']->quote($name) . "' WHERE user_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4PRIVMESSAGES . " SET poster_name='" . $request['dba']->quote($name) . "' WHERE poster_id=" . intval($user['id']));
$request['dba']->executeUpdate("UPDATE " . K4PRIVMESSAGES . " SET member_name='" . $request['dba']->quote($name) . "' WHERE member_id=" . intval($user['id']));
}
/**
*
* DONE
*
*/
$action = new K4InformationAction(new K4LanguageElement('L_UPDATEDUSER', $name), 'content', FALSE, 'admin.php?act=users', 3);
return $action->execute($request);
} else {
no_perms_error($request);
}
return TRUE;
}
function flatten($noparse = FALSE)
{
if ($noparse) {
return $this->getUnparsed($noparse);
}
$body = parent::flatten($noparse);
$question = trim($this->_attrib);
$items = explode('[*]', $body);
$param = $this->_attrib;
$maxpolloptions = intval(Globals::getGlobal('maxpolloptions'));
$forum_id = intval(Globals::getGlobal('forum_id'));
if (!Globals::getGlobal('num_polls')) {
Globals::setGlobal('num_polls', 0);
}
$can_poll = $forum_id > 0 && $_SESSION['user']->get('perms') >= get_map('bbcode', 'can_add', array('forum_id' => $forum_id));
$ret = '';
if (count($items) > 0 && $maxpolloptions > 0 && $can_poll && $question != '' && Globals::getGlobal('num_polls') <= Globals::getGlobal('maxpollquestions')) {
global $_DBA;
$question = $_DBA->quote(k4_htmlentities($question, ENT_QUOTES));
$insert_question = $_DBA->executeUpdate("INSERT INTO " . K4POLLQUESTIONS . " (question, created, user_id, user_name) VALUES ('{$question}', " . time() . ", " . intval($_SESSION['user']->get('id')) . ", '" . $_DBA->quote($_SESSION['user']->get('name')) . "')");
$question_id = $_DBA->getInsertId(K4POLLQUESTIONS, 'id');
$buffer = '';
$i = 0;
foreach ($items as $item) {
if ($i >= $maxpolloptions) {
break;
}
$item = trim(strip_tags(preg_replace("~(\r\n|\r|\n|\t|<br>|<br\\/>|<br \\/>)~i", "", $item)));
if ($item != '') {
$_DBA->executeUpdate("INSERT INTO " . K4POLLANSWERS . " (question_id,answer) VALUES (" . intval($question_id) . ", '" . $_DBA->quote(k4_htmlentities($item, ENT_QUOTES)) . "')");
$i++;
}
}
Globals::setGlobal('is_poll', TRUE);
Globals::setGlobal('num_polls', Globals::getGlobal('num_polls') + 1);
$ret = "[poll={$question_id}]";
}
return $ret;
}
function execute(&$request)
{
if ($request['user']->isMember() && $request['user']->get('perms') >= ADMIN) {
$types = array('text', 'textarea', 'select', 'multiselect', 'radio', 'checkbox');
if (!isset($_REQUEST['inputtype']) || $_REQUEST['inputtype'] == '' || !in_array($_REQUEST['inputtype'], $types)) {
$action = new K4InformationAction(new K4LanguageElement('L_NEEDFIELDINPUTTYPE'), 'content', TRUE);
return $action->execute($request);
}
$last_field = $request['dba']->getValue("SELECT name FROM " . K4PROFILEFIELDS . " ORDER BY name DESC LIMIT 1");
if (!$last_field || $last_field == '') {
$name = 'field1';
} else {
$name = 'field' . (intval(substr($last_field, -1)) + 1);
}
$insert = $request['dba']->prepareStatement("INSERT INTO " . K4PROFILEFIELDS . " (name,title,description,default_value,inputtype,user_maxlength,inputoptions,min_perm,display_register,display_profile,display_topic,display_post,display_memberlist,display_image,display_size,display_rows,display_order,is_editable,is_private,is_required,special_pcre) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");
$insert->setString(1, $name);
$insert->setString(2, @$_REQUEST['title']);
$insert->setString(3, @$_REQUEST['description']);
$insert->setString(4, @$_REQUEST['default_value']);
$insert->setString(5, @$_REQUEST['inputtype']);
$insert->setInt(6, intval(@$_REQUEST['user_maxlength']) > 0 ? intval(@$_REQUEST['user_maxlength']) : 255);
$insert->setString(7, isset($_REQUEST['inputoptions']) && @$_REQUEST['inputoptions'] != '' ? serialize(explode('\\n', preg_replace("~(\r|\n|\r\n)~is", "\n", @$_REQUEST['inputoptions']))) : '');
$insert->setInt(8, @$_REQUEST['min_perm']);
$insert->setInt(9, isset($_REQUEST['display_register']) && @$_REQUEST['display_register'] == 'yes' ? 1 : 0);
$insert->setInt(10, isset($_REQUEST['display_profile']) && @$_REQUEST['display_profile'] == 'yes' ? 1 : 0);
$insert->setInt(11, isset($_REQUEST['display_topic']) && @$_REQUEST['display_topic'] == 'yes' ? 1 : 0);
$insert->setInt(12, isset($_REQUEST['display_post']) && @$_REQUEST['display_post'] == 'yes' ? 1 : 0);
$insert->setInt(13, isset($_REQUEST['display_memberlist']) && @$_REQUEST['display_memberlist'] == 'yes' ? 1 : 0);
$insert->setString(14, @$_REQUEST['display_image']);
$insert->setInt(15, @$_REQUEST['display_size']);
$insert->setInt(16, @$_REQUEST['display_rows']);
$insert->setInt(17, @$_REQUEST['display_order']);
$insert->setInt(18, @$_REQUEST['is_editable']);
$insert->setInt(19, @$_REQUEST['is_private']);
$insert->setInt(20, @$_REQUEST['is_required']);
$insert->setString(21, @$_REQUEST['special_pcre']);
push_error_handler(create_function('', 'return TRUE;'));
$ret = @$request['dba']->executeQuery("SELECT " . $name . " FROM " . K4USERINFO . " LIMIT 1");
pop_error_handler();
if ($ret === FALSE) {
$update_type = "ADD";
} else {
$update_type = "CHANGE " . $name;
}
if ($_REQUEST['inputtype'] != 'textarea') {
$params = "VARCHAR(" . iif(intval(@$_REQUEST['user_maxlength']) > 0, intval(@$_REQUEST['user_maxlength']), 255) . ") NOT NULL DEFAULT '" . k4_htmlentities(@$_REQUEST['default_value'], ENT_QUOTES) . "'";
} else {
if ($_REQUEST['inputtype'] == 'textarea') {
$params = "TEXT";
}
}
/* If there is a problem altering the userinfo table, don't continue past this point. */
$request['dba']->alterTable(K4USERINFO, "{$update_type} {$name} {$params}");
$insert->executeUpdate();
reset_cache('profile_fields');
k4_bread_crumbs($request['template'], $request['dba'], 'L_USERPROFILEFIELDS');
$request['template']->setVar('users_on', '_on');
$request['template']->setFile('sidebar_menu', 'menus/users.html');
$action = new K4InformationAction(new K4LanguageElement('L_ADDEDPROFILEFIELD', $_REQUEST['title']), 'content', FALSE, 'admin.php?act=userfields', 3);
return $action->execute($request);
} else {
no_perms_error($request);
}
return TRUE;
}
function execute(&$request)
{
if ($request['user']->get('perms') < get_map('banusers', 'can_add', array())) {
no_perms_error($request);
return TRUE;
}
if (isset($_REQUEST['id'])) {
if (intval($_REQUEST['id']) > 0) {
$user = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE id = " . intval($_REQUEST['id']));
if (!is_array($user) || empty($user)) {
k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION');
$action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE);
return $action->execute($request);
}
} else {
$user = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE ip = '" . $request['dba']->quote($_REQUEST['user_ip']) . "'");
if (!is_array($user) || empty($user)) {
$user = array('id' => 0, 'banned' => 0, 'name' => '', 'ip' => '', 'perms' => 0);
}
}
k4_bread_crumbs($request['template'], $request['dba'], !isset($_REQUEST['user_ip']) ? 'L_BANUSER' : 'L_BANIPRANGE');
if ($user['perms'] > $request['user']->get('perms')) {
no_perms_error($request);
return TRUE;
}
if ($user['id'] == $request['user']->get('id')) {
no_perms_error($request);
return TRUE;
}
// unban
if ($user['banned'] == 1) {
$request['dba']->executeUpdate("UPDATE " . K4USERS . " SET banned = 0 WHERE id = " . intval($user['id']));
$request['dba']->executeUpdate("DELETE FROM " . K4BANNEDUSERS . " WHERE user_id = " . intval($user['id']));
reset_cache('banned_users');
$action = new K4InformationAction(new K4LanguageElement('L_UNBANNEDUSER', $user['name']), 'content', TRUE, 'index.php', 3);
return $action->execute($request);
// ban user
} else {
$reason = preg_replace("~(\r\n|\r|\n)~i", '<br />', k4_htmlentities(@$_REQUEST['reason'], ENT_QUOTES));
$ban = $request['dba']->prepareStatement("INSERT INTO " . K4BANNEDUSERS . " (user_id,user_name,user_ip,reason,expiry) VALUES (?,?,?,?,?)");
$ip = isset($_REQUEST['user_ip']) && $_REQUEST['user_ip'] != '' ? str_replace('\\*', '([0-9]+?)', preg_quote($_REQUEST['user_ip'])) : preg_quote($user['ip']);
if ($ip != '') {
$ban->setInt(1, $user['id']);
$ban->setString(2, $user['name']);
$ban->setString(3, $ip);
$ban->setString(4, $reason);
$ban->setInt(5, time() + intval(@$_REQUEST['expiry']) * 86400);
$ban->executeUpdate();
}
if ($user['id'] > 0) {
$request['dba']->executeUpdate("UPDATE " . K4USERS . " SET banned = 1 WHERE id = " . intval($user['id']));
}
reset_cache('banned_users');
$action = new K4InformationAction(new K4LanguageElement(!isset($_REQUEST['user_ip']) ? 'L_BANNEDUSER' : 'L_BANNEDIPRANGE', $user['name']), 'content', TRUE, 'index.php', 3);
return $action->execute($request);
}
} else {
k4_bread_crumbs($request['template'], $request['dba'], 'L_BANUSER');
$request['template']->setFile('content', 'finduser.html');
}
}
function current()
{
$temp = parent::current();
$temp['file_icon'] = !file_exists($this->abs_path . $temp['file_type'] . '.gif') ? $this->img_dir . 'unknown.gif' : $this->img_dir . $temp['file_type'] . '.gif';
$temp['file_name'] = k4_htmlentities($temp['file_name'], ENT_QUOTES);
$temp['is_image'] = 0;
if (in_array($temp['file_type'], $this->images)) {
$temp['is_image'] = 1;
}
return $temp;
}
function execute(&$request)
{
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], 'L_USERCONTROLPANEL');
global $_SETTINGS;
$check = new K4PMCheckPerms();
$check->execute($request);
if (get_map('pm_message', 'can_add', array()) > $request['user']->get('perms')) {
no_perms_error($request);
return TRUE;
}
$num_pms = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4PRIVMESSAGES . " WHERE poster_id = " . intval($request['user']->get('id')));
$max_pms = intval($request['template']->getVar('pmquota'));
if ($num_pms >= $max_pms) {
$action = new K4InformationAction(new K4LanguageElement('L_TOOMANYPMS', $num_pms, $max_pms), 'usercp_content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_TOOMANYPMS', $num_pms, $max_pms));
}
k4_bread_crumbs($request['template'], $request['dba'], 'L_USERCONTROLPANEL');
$request['template']->setFile('content', 'usercp.html');
/**
* Get who the message is going to
*/
if (!$this->runPostFilter('to', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_NEEDSENDPMTOSOMEONE'), 'usercp_content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_NEEDSENDPMTOSOMEONE');
}
$users = isset($_REQUEST['to']) && $_REQUEST['to'] != '' ? explode(",", $_REQUEST['to']) : array($_REQUEST['to']);
$users = isset($_REQUEST['cc']) && $_REQUEST['cc'] != '' ? array_merge($users, explode(",", $_REQUEST['to'])) : $users;
$valid_users = array();
$draft_users = array();
foreach ($users as $username) {
$username = trim($username);
if (!in_array($username, $draft_users) && $username != $request['user']->get('name') && $username != '') {
$user = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE name = '" . $request['dba']->quote(k4_htmlentities($username, ENT_QUOTES)) . "'");
if (is_array($user) && !empty($user)) {
if (get_map('pm_message', 'can_view', array()) <= $user['perms']) {
$valid_users[] = $user;
$draft_users[] = $user['name'];
}
}
}
}
if (!is_array($valid_users) || empty($valid_users)) {
$action = new K4InformationAction(new K4LanguageElement('L_PMNOVALIDRECIEVERS'), 'usercp_content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_PMNOVALIDRECIEVERS');
}
/**
* Check over posting inputs
*/
/* General error checking */
if (!$this->runPostFilter('name', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_INSERTTOPICNAME'), 'usercp_content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTPMSUBJECT');
}
if (!$this->runPostFilter('name', new FALengthFilter(intval($_SETTINGS['topicmaxchars'])))) {
$action = new K4InformationAction(new K4LanguageElement('L_PMSUBJECTTOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'usercp_content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_PMSUBJECTTOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])));
}
if (!$this->runPostFilter('name', new FALengthFilter(intval($_SETTINGS['topicmaxchars']), intval($_SETTINGS['topicminchars'])))) {
$action = new K4InformationAction(new K4LanguageElement('L_PMSUBJECTTOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'usercp_content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(new K4LanguageElement('L_PMSUBJECTTOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])));
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$action = new K4InformationAction(new K4LanguageElement('L_INSERTPMMESSAGE'), 'usercp_content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_INSERTPMMESSAGE');
}
/* Set the message created time */
$created = time();
$_REQUEST['message'] = substr($_REQUEST['message'], 0, $_SETTINGS['pmmaxchars']);
/* Initialize the bbcode parser with the topic message */
/*$bbcode = &new BBCodex($request['dba'], $request['user']->getInfoArray(), $_REQUEST['message'], 0,
iif((isset($_REQUEST['disable_html']) && $_REQUEST['disable_html']), FALSE, TRUE),
iif((isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode']), FALSE, TRUE),
iif((isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons']), FALSE, TRUE),
iif((isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls']), FALSE, TRUE));*/
/* Parse the bbcode */
$body_text = $_REQUEST['message'];
if (!isset($_REQUEST['disable_bbcode']) || !$_REQUEST['disable_bbcode']) {
$parser =& new BBParser();
Globals::setGlobal('forum_id', 0);
Globals::setGlobal('maxpolloptions', 0);
$body_text = $parser->parse($body_text);
}
$parent_id = 0;
$message_id = 0;
/**
* Was this message originally a draft?
*/
$draft_loaded = FALSE;
if (isset($_REQUEST['draft']) && intval($_REQUEST['draft']) > 0) {
$draft = $request['dba']->getRow("SELECT * FROM " . K4PRIVMESSAGES . " WHERE pm_id = " . intval($_REQUEST['draft']) . " AND is_draft = 1");
if (is_array($draft) && !empty($draft)) {
$draft_loaded = TRUE;
}
}
if (isset($_REQUEST['reply']) && intval($_REQUEST['reply']) > 0 || $draft_loaded && $draft['message_id'] > 0) {
$post_id = isset($_REQUEST['reply']) ? $_REQUEST['reply'] : $draft['message_id'];
$message = $request['dba']->getRow("SELECT * FROM " . K4PRIVMESSAGES . " WHERE pm_id = " . intval($post_id));
if (is_array($message) && !empty($message)) {
$parent_id = intval($message['pm_id']);
$message_id = intval($message['message_id']) == 0 ? intval($message['pm_id']) : intval($message['message_id']);
}
}
if (isset($_REQUEST['submit_type']) && ($_REQUEST['submit_type'] == 'post' || $_REQUEST['submit_type'] == 'draft') || (isset($_REQUEST['post']) || isset($_REQUEST['draft']))) {
$is_draft = 0;
$folder = PM_INBOX;
/**
* Does this person have permission to post a draft?
*/
if (!$draft_loaded && ($_REQUEST['submit_type'] == 'draft' || isset($_REQUEST['draft']))) {
if ($request['user']->get('perms') < get_map('pm_message_save', 'can_add', array())) {
$action = new K4InformationAction(new K4LanguageElement('L_YOUNEEDPERMS'), 'content', FALSE);
return $action->execute($request);
}
$is_draft = 1;
$folder = PM_SAVEDITEMS;
$valid_users = array($request['user']->getInfoArray());
}
/**
* Should we save this message too?
*/
$do_save = isset($_REQUEST['save_message']) && $_REQUEST['save_message'] ? TRUE : FALSE;
if (!$draft_loaded && $do_save && $is_draft == 0) {
$valid_users[] = $request['user']->getInfoArray();
}
/**
* Can / Do we track this message?
*/
$track = FALSE;
if (isset($_REQUEST['track_message'])) {
$track = FALSE;
// TODO: Message Tracking
}
/**
* Build the queries
*/
$request['dba']->beginTransaction();
$sending_id = md5(uniqid(rand(), true));
$tracker_id = md5(uniqid(rand(), true));
/**
* Loop through the users and send the private message to them
*/
$i = 0;
foreach ($valid_users as $user) {
/* Make sure to add a limit to how many messages can be sent if there is one */
if ($i < $request['template']->getVar('maxsendtopms') && $request['template']->getVar('maxsendtopms') > 0) {
/* Prepare the inserting statement */
$insert_a = $request['dba']->prepareStatement("INSERT INTO " . K4PRIVMESSAGES . " (name,folder_id,poster_name,poster_id,body_text,posticon,disable_html,disable_bbcode,disable_emoticons,disable_sig,disable_areply,disable_aurls,is_draft,created,member_id,member_name,member_has_read,tracker_id,sending_id,parent_id,message_id) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");
$insert_a->setString(1, k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES));
$insert_a->setInt(2, $user['id'] != $request['user']->get('id') || $is_draft == 1 ? $folder : PM_SENTITEMS);
$insert_a->setString(3, $request['user']->get('name'));
$insert_a->setInt(4, $request['user']->get('id'));
$insert_a->setString(5, $body_text);
$insert_a->setString(6, iif($request['user']->get('perms') >= get_map('pm_posticons', 'can_add', array()), isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'clear.gif'));
$insert_a->setInt(7, iif(isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'], 1, 0));
$insert_a->setInt(8, iif(isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'], 1, 0));
$insert_a->setInt(9, iif(isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'], 1, 0));
$insert_a->setInt(10, iif(isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'], 0, 1));
$insert_a->setInt(11, iif(isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'], 1, 0));
$insert_a->setInt(12, iif(isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'], 1, 0));
$insert_a->setInt(13, $is_draft);
$insert_a->setInt(14, $created);
$insert_a->setInt(15, $user['id']);
$insert_a->setString(16, $user['name']);
$insert_a->setInt(17, $user['id'] == $request['user']->get('id') ? 1 : 0);
$insert_a->setString(18, $tracker_id);
$insert_a->setString(19, $sending_id);
$insert_a->setString(20, $parent_id);
$insert_a->setString(21, $message_id);
$insert_a->executeUpdate();
$pm_id = $request['dba']->getInsertId(K4PRIVMESSAGES, 'pm_id');
// update the number of new pm's for that user
if ($user['id'] != $request['user']->get('id')) {
$request['dba']->executeUpdate("UPDATE " . K4USERS . " SET new_pms=new_pms+1 WHERE id = " . intval($user['id']));
}
} else {
break;
}
$i++;
}
/**
* If this PM was a draft, it was sent back to us, now we need to create
* a record of who to send it to for if we choose to send it again
*/
if (!$draft_loaded && (isset($_REQUEST['submit_type']) && $_REQUEST['submit_type'] == 'draft') || isset($_REQUEST['draft'])) {
/* Split who this message is to into 'to' and 'carbon copy' */
$count = count($draft_users);
$to = array_slice($draft_users, 0, ceil($count / 2));
$cc = $count > 1 ? array_slice($draft_users, ceil($count / 2), $count) : array();
$insert = $request['dba']->prepareStatement("INSERT INTO " . K4PRIVMSGDRAFTS . " (pm_id,pm_to,pm_cc) VALUES (?,?,?)");
$insert->setInt(1, $pm_id);
$insert->setString(2, implode(',', $to));
$insert->setString(3, implode(',', $cc));
/* Add the draft information */
$insert->executeUpdate();
}
/**
* If we loaded a draft, deal with it
*/
if ($draft_loaded) {
$request['dba']->executeUpdate("DELETE FROM " . K4PRIVMESSAGES . " WHERE pm_id = " . intval($draft['pm_id']));
$request['dba']->executeUpdate("DELETE FROM " . K4PRIVMSGDRAFTS . " WHERE pm_id = " . intval($draft['pm_id']));
}
/**
* If this was a reply, update its parent and top-message
*/
if ($message_id > 0) {
$request['dba']->executeUpdate("UPDATE " . K4PRIVMESSAGES . " SET num_replies=num_replies+1 WHERE pm_id = " . intval($message_id));
if ($message_id != $parent_id) {
$request['dba']->executeUpdate("UPDATE " . K4PRIVMESSAGES . " SET num_replies=num_replies+1 WHERE pm_id = " . intval($parent_id));
}
}
/* Finish everything off by commiting the SQL transaction */
$request['dba']->commitTransaction();
/**
* Now we're done!
*/
if ($is_draft == 0) {
$action = new K4InformationAction(new K4LanguageElement('L_SENTPRIVATEMSG', k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES)), 'usercp_content', FALSE, 'member.php?act=usercp', 3);
return $action->execute($request);
} else {
$action = new K4InformationAction(new K4LanguageElement('L_SAVEDPRIVATEMSG', k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES)), 'usercp_content', FALSE, 'member.php?act=usercp', 3);
return $action->execute($request);
}
} else {
/**
* Message Previewing
*/
if (!USE_XMLHTTP) {
$request['template']->setVar('L_PMSUBJECTTOOSHORT', sprintf($request['template']->getVar('L_TITLETOOSHORT'), $request['template']->getVar('topicminchars'), $request['template']->getVar('topicmaxchars')));
/* Create the bbcode/wysiwyg editor */
create_editor($request, '', 'pm');
$request['template']->setFile('usercp_content', 'pm_newmessage.html');
$request['template']->setVisibility('post_pm', TRUE);
$request['template']->setVar('newpm_action', 'member.php?act=pm_savemessage');
/* Get and set the emoticons and post icons to the template */
$emoticons = $request['dba']->executeQuery("SELECT * FROM " . K4EMOTICONS . " WHERE clickable = 1");
$posticons = $request['dba']->executeQuery("SELECT * FROM " . K4POSTICONS);
/* Add the emoticons and the post icons to the template */
$request['template']->setList('emoticons', $emoticons);
$request['template']->setList('posticons', $posticons);
/* Set some emoticon information */
$request['template']->setVar('emoticons_per_row', $request['template']->getVar('smcolumns'));
$request['template']->setVar('emoticons_per_row_remainder', $request['template']->getVar('smcolumns') - 1);
}
$msg_preview = array('pm_id' => 0, 'name' => k4_htmlentities(html_entity_decode($_REQUEST['name']), ENT_QUOTES), 'posticon' => isset($_REQUEST['posticon']) ? $_REQUEST['posticon'] : 'clear.gif', 'body_text' => $body_text, 'poster_name' => $request['user']->get('name'), 'poster_id' => $request['user']->get('id'), 'disable_html' => iif(isset($_REQUEST['disable_html']) && $_REQUEST['disable_html'], 1, 0), 'disable_sig' => iif(isset($_REQUEST['enable_sig']) && $_REQUEST['enable_sig'], 0, 1), 'disable_bbcode' => iif(isset($_REQUEST['disable_bbcode']) && $_REQUEST['disable_bbcode'], 1, 0), 'disable_emoticons' => iif(isset($_REQUEST['disable_emoticons']) && $_REQUEST['disable_emoticons'], 1, 0), 'disable_areply' => iif(isset($_REQUEST['disable_areply']) && $_REQUEST['disable_areply'], 1, 0), 'disable_aurls' => iif(isset($_REQUEST['disable_aurls']) && $_REQUEST['disable_aurls'], 1, 0));
/* Add the message information to the template */
$pm_iterator =& new K4PrivMsgIterator($request['dba'], $request['user'], $msg_preview, FALSE);
$request['template']->setList('message', $pm_iterator);
/* Assign the message preview values to the template */
$msg_preview['body_text'] = $_REQUEST['message'];
foreach ($msg_preview as $key => $val) {
$request['template']->setVar('pm_' . $key, $val);
}
if (!USE_XMLHTTP) {
/* Set the the button display options */
$request['template']->setVisibility('save_draft', FALSE);
$request['template']->setVisibility('load_button', FALSE);
$request['template']->setVisibility('edit_topic', TRUE);
$request['template']->setVisibility('post_id', TRUE);
$request['template']->setVisibility('post_topic', FALSE);
$request['template']->setVisibility('edit_post', TRUE);
$request['template']->setVisibility('post_pm', TRUE);
/* Create the bbcode/wysiwyg editor */
create_editor($request, $body_text, 'pm');
$request['template']->setVar('L_PMSUBJECTTOOSHORT', sprintf($request['template']->getVar('L_TITLETOOSHORT'), $request['template']->getVar('topicminchars'), $request['template']->getVar('topicmaxchars')));
$request['template']->setVar('newpm_action', 'member.php?act=pm_savemessage');
if ($draft_loaded) {
$request['template']->setVar('edit_type', 'draft');
$request['template']->setVisibility('edit_message', TRUE);
$request['template']->setVisibility('save_draft', FALSE);
}
if ($parent_id > 0) {
$request['template']->setVar('edit_type', 'reply');
}
/* Set the post topic form */
$request['template']->setFile('preview', 'pm_preview.html');
$request['template']->setFile('content', 'usercp.html');
$request['template']->setFile('usercp_content', 'pm_newmessage.html');
} else {
xmlhttp_header();
echo $request['template']->run(BB_BASE_DIR . '/templates/' . $request['user']->get('templateset') . '/pm_preview.html');
xmlhttp_footer();
}
}
}
function execute(&$request)
{
global $_QUERYPARAMS, $_DATASTORE, $_SETTINGS;
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION');
/* Check the request ID */
if (!isset($_REQUEST['id']) || !$_REQUEST['id'] || intval($_REQUEST['id']) == 0) {
$action = new K4InformationAction(new K4LanguageElement('L_TOPICDOESNTEXIST'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_TOPICDOESNTEXIST');
}
/* Get our topic */
$topic = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id = " . intval($_REQUEST['id']));
if (!$topic || !is_array($topic) || empty($topic)) {
$action = new K4InformationAction(new K4LanguageElement('L_TOPICDOESNTEXIST'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_TOPICDOESNTEXIST');
}
$forum = $request['dba']->getRow("SELECT * FROM " . K4FORUMS . " WHERE forum_id = " . intval($topic['forum_id']));
if (!$forum || !is_array($forum) || empty($forum)) {
$action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message('L_FORUMDOESNTEXIST');
}
if (!isset($_REQUEST['name']) || $_REQUEST['name'] == '') {
$name = $topic['name'];
} else {
$name = strip_tags($_REQUEST['name']);
}
$name = $name == '' ? $topic['name'] : $name;
if (strlen($name) < intval($_SETTINGS['topicminchars']) || strlen($name) > intval($_SETTINGS['topicmaxchars'])) {
$action = new K4InformationAction(new K4LanguageElement('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])), 'content', TRUE);
return !USE_XMLHTTP ? $action->execute($request) : xmlhttp_message(sprintf('L_TITLETOOSHORT', intval($_SETTINGS['topicminchars']), intval($_SETTINGS['topicmaxchars'])));
}
if ($name != $topic['name']) {
$name = k4_htmlentities($name, ENT_QUOTES);
if (!is_moderator($request['user']->getInfoArray(), $forum)) {
no_perms_error($request);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_NEEDPERMS');
}
if ($topic['poster_id'] == $request['user']->get('id')) {
if ($request['user']->get('perms') < get_map('topics', 'can_edit', array('forum_id' => $topic['forum_id']))) {
no_perms_error($request);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_NEEDPERMS');
}
} else {
if ($request['user']->get('perms') < get_map('other_topics', 'can_edit', array('forum_id' => $topic['forum_id']))) {
no_perms_error($request);
return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_NEEDPERMS');
}
}
/* If this topic is a redirect/ connects to one, update the original */
if ($topic['moved_new_post_id'] > 0 || $topic['moved_old_post_id'] > 0) {
$redirect = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET name=?,edited_time=?,edited_username=?,edited_userid=? WHERE post_id=?");
$redirect->setString(1, $name);
$redirect->setInt(2, time());
$redirect->setString(3, $request['user']->get('name'));
$redirect->setInt(4, $request['user']->get('id'));
$redirect->setInt(5, $topic['moved_new_post_id'] > 0 ? $topic['moved_new_post_id'] : $topic['moved_old_post_id']);
$redirect->executeUpdate();
}
$update_a = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET name=?,edited_time=?,edited_username=?,edited_userid=? WHERE post_id=?");
$update_a->setString(1, $name);
$update_a->setInt(2, time());
$update_a->setString(3, $request['user']->get('name'));
$update_a->setInt(4, $request['user']->get('id'));
$update_a->setInt(5, $topic['post_id']);
$update_a->executeUpdate();
if ($forum['post_id'] == $topic['post_id']) {
$update_c = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET post_name=? WHERE forum_id=?");
$update_c->setString(1, $name);
$update_c->setInt(2, $forum['forum_id']);
$update_c->executeUpdate();
}
// id this is the last post in a forum
if ($forum['post_id'] == $topic['post_id'] && $forum['post_created'] == $topic['created']) {
$update_d = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET post_name=? WHERE forum_id=?");
$update_d->setString(1, $name);
$update_d->setInt(2, $forum['forum_id']);
$update_d->executeUpdate();
}
}
if (!USE_XMLHTTP) {
k4_bread_crumbs($request['template'], $request['dba'], 'L_EDITTOPIC', $forum);
$action = new K4InformationAction(new K4LanguageElement('L_UPDATEDTOPIC', $topic['name']), 'content', FALSE, referer(), 3);
return $action->execute($request);
} else {
xmlhttp_header();
echo '<a href="viewtopic.php?id=' . $topic['post_id'] . '" title="' . $name . '" style="font-size: 13px;">' . (strlen($name) > 40 ? substr($name, 0, 40) . '...' : $name) . '</a>';
xmlhttp_footer();
}
}
function execute(&$request)
{
if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) {
if (!isset($_REQUEST['name']) || $_REQUEST['name'] == '') {
$action = new K4InformationAction(new K4LanguageElement('L_INSERTSTYLENAME'), 'content', FALSE);
return TRUE;
}
if (!isset($_REQUEST['properties']) || $_REQUEST['properties'] == '') {
$action = new K4InformationAction(new K4LanguageElement('L_INSERTSTYLEPROPERTIES'), 'content', FALSE);
return $action->execute($request);
}
if (!isset($_REQUEST['description']) || $_REQUEST['description'] == '') {
$action = new K4InformationAction(new K4LanguageElement('L_INSERTSTYLEDESCRIPTION'), 'content', FALSE);
return $action->execute($request);
}
$name = $request['dba']->quote($_REQUEST['name']);
$properties = $request['dba']->quote(preg_replace("~(\r\n|\r|\n)~i", "", $_REQUEST['properties']));
$description = $request['dba']->quote(k4_htmlentities($_REQUEST['description'], ENT_QUOTES));
$request['dba']->executeUpdate("UPDATE " . K4CSS . " SET name='{$name}',properties='{$properties}',description='{$description}' WHERE id=" . intval($request['style']['id']));
if (file_exists(BB_BASE_DIR . '/tmp/stylesets/' . preg_replace("~\\s~i", '_', $request['styleset']['name']) . '.css')) {
unlink(BB_BASE_DIR . '/tmp/stylesets/' . preg_replace("~\\s~i", '_', $request['styleset']['name']) . '.css');
}
$action = new K4InformationAction(new K4LanguageElement('L_UPDATEDCSSSTYLE', $name), 'content', FALSE, 'admin.php?act=css&id=' . $request['styleset']['id'], 3);
return $action->execute($request);
} else {
no_perms_error($request);
}
}
function execute(&$request)
{
/* Create the ancestors bar */
k4_bread_crumbs($request['template'], $request['dba'], 'L_SENDPASSWORD');
/* Check if the user is logged in or not */
if ($request['user']->isMember()) {
no_perms_error($request);
return TRUE;
}
if (!$this->runPostFilter('name', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_SUPPLYUSERNAME'), 'content', TRUE);
return $action->execute($request);
}
if (!$this->runPostFilter('email', new FARequiredFilter())) {
$action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAIL'), 'content', TRUE);
return $action->execute($request);
}
if (!$this->runPostFilter('email', new FARegexFilter('~^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$~'))) {
$action = new K4InformationAction(new K4LanguageElement('L_NEEDVALIDEMAIL'), 'content', TRUE);
return $action->execute($request);
}
$user = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE name = '" . $request['dba']->quote(k4_htmlentities($_REQUEST['name'], ENT_QUOTES)) . "'");
if (!is_array($user) || empty($user)) {
$action = new K4InformationAction(new K4LanguageElement('L_INVALIDUSERNAMESPW', k4_htmlentities($_REQUEST['name'], ENT_QUOTES)), 'content', TRUE);
return $action->execute($request);
}
if ($user['email'] != $_REQUEST['email']) {
$action = new K4InformationAction(new K4LanguageElement('L_INVALIDEMAILSPW', $_REQUEST['email']), 'content', TRUE);
return $action->execute($request);
}
if ($user['pass'] == '') {
$action = new K4InformationAction(new K4LanguageElement('L_ACCOUNTDISABLED'), 'content', TRUE);
return $action->execute($request);
}
$newpass = substr(md5(uniqid(rand(), true)), 0, intval($request['template']->getVar('minuserlength')) > 8 ? intval($request['template']->getVar('minuserlength')) : 8);
$request['dba']->executeUpdate("UPDATE " . K4USERS . " SET pass = '******' WHERE id = " . intval($user['id']));
email_user($user['email'], $request['template']->getVar('bbtitle') . ' - ' . $request['template']->getVar('L_PASSWORDCHANGE'), sprintf($request['template']->getVar('L_PASSWORDCHANGEEMAIL'), $user['name'], $newpass));
$action = new K4InformationAction(new K4LanguageElement('L_SENTNEWPASSWORD'), 'content', TRUE);
return $action->execute($request);
}
function execute(&$request)
{
// was valid topic/reply info given?
if (isset($_REQUEST['t']) && intval($_REQUEST['t']) != 0) {
$post = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id = " . intval($_REQUEST['t']));
} elseif (isset($_REQUEST['r']) && intval($_REQUEST['r']) != 0) {
$post = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id = " . intval($_REQUEST['r']));
} else {
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION');
$action = new K4InformationAction(new K4LanguageElement('L_POSTDOESNTEXIST'), 'content', TRUE);
return $action->execute($request);
}
if ($post['row_type'] & TOPIC && ($post['is_draft'] == 1 || $post['queue'] == 1 || $post['display'] == 0)) {
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION');
$action = new K4InformationAction(new K4LanguageElement('L_CANTREPORTPOST'), 'content', TRUE);
return $action->execute($request);
}
// error check the report
if (!isset($_REQUEST['report']) || $_REQUEST['report'] == '') {
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION');
$action = new K4InformationAction(new K4LanguageElement('L_INSERTBADPOSTREPORT'), 'content', TRUE);
return $action->execute($request);
}
/* Has this post already been reported? */
$report = $request['dba']->getRow("SELECT * FROM " . K4BADPOSTREPORTS . " WHERE " . ($post['row_type'] & TOPIC ? 'post_id = ' . intval($post['post_id']) . ' AND post_id = 0' : 'post_id = ' . intval($post['post_id'])));
if (is_array($report) && !empty($report)) {
/* set the breadcrumbs bit */
k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION');
$action = new K4InformationAction(new K4LanguageElement('L_POSTHASBEENREPORTED', $post['name']), 'content', TRUE);
$request['dba']->executeUpdate("UPDATE " . K4BADPOSTREPORTS . " SET num_requests=num_requests+1 WHERE id = " . intval($report['id']));
return $action->execute($request);
}
$insert = $request['dba']->prepareStatement("INSERT INTO " . K4BADPOSTREPORTS . " (forum_id,post_id,message,user_id,user_name,poster_id,poster_name,created) VALUES (?,?,?,?,?,?,?,?)");
// category_id,forum_id,post_id,post_id,message,user_id,user_name,poster_id,poster_name,created
$insert->setInt(1, $post['forum_id']);
$insert->setInt(2, $post['post_id']);
$insert->setString(3, k4_htmlentities($_REQUEST['report'], ENT_QUOTES));
$insert->setInt(4, $request['user']->get('id'));
$insert->setString(5, $request['user']->get('name'));
$insert->setInt(6, $post['poster_id']);
$insert->setString(7, $post['poster_name']);
$insert->setInt(8, time());
/* Insert the report */
$insert->executeUpdate();
/* Create the ancestors bar */
k4_bread_crumbs($request['template'], $request['dba'], 'L_REPORTBADPOST');
$url = $post['row_type'] & TOPIC ? 'viewtopic.php?id=' . $post['post_id'] : 'findpost.php?id=' . $post['post_id'];
$action = new K4InformationAction(new K4LanguageElement('L_REPORTEDPOST', $post['name']), 'content', TRUE, $url, 3);
return $action->execute($request);
return TRUE;
}
