/** * Checks whether user is logged in and outputs login box * for guests or returns error response for registered users. * * @return Response object */ public function needs_auth() { if (!$this->user->data['is_registered']) { login_box($this->get_current_url()); } return $this->error($this->user->lang['NO_AUTH'], 403); }
public function base() { $note = utf8_normalize_nfc($this->request->variable('note', '', true)); $submit = isset($_POST['submit']) ? true : false; $error = array(); // check if user s logged in, since this page can be used only after registration... if (!$this->user->data['is_registered']) { login_box($this->helper->route('vinny_usersnotes_controller')); } // ... and also this is not for bots (especially for bad ones :) if ($this->user->data['is_bot']) { redirect(append_sid("{$this->phpbb_root_path}index.{$this->phpEx}")); } $s_action = $this->helper->route('vinny_usersnotes_controller'); $s_hidden_fields = ''; add_form_key('postform'); // create a template variables $this->template->assign_vars(array('S_POST_ACTION' => $s_action, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'ERROR' => sizeof($error) ? implode('<br />', $error) : '')); if ($submit) { /*if(!check_form_key('postform')) { trigger_error('FORM_INVALID'); }*/ $sql = 'UPDATE ' . USERS_TABLE . ' SET user_note = "' . $note . '" WHERE user_id = ' . $this->user->data['user_id']; $this->db->sql_query($sql); meta_refresh(3, $this->helper->route('vinny_usersnotes_controller')); trigger_error(sprintf($this->user->lang['NOTES_SAVED'], $this->helper->route('vinny_usersnotes_controller'))); } // create a template variables $this->template->assign_vars(array('NOTE' => $this->user->data['user_note'])); $this->template->assign_block_vars('navlinks', array('FORUM_NAME' => $this->user->lang['NOTES'])); return $this->helper->render('notes.html', $this->user->lang['NOTES']); }
public function login_redirect() { if (!$this->user->data['is_registered']) { login_box(); } $this->template->assign_var('A_VARIABLE', 'I am a variable'); return $this->helper->render('foo_bar_body.html'); }
function main() { // Only registered users can go beyond this point if (!$this->user->data['is_registered']) { if ($this->user->data['is_bot']) { redirect(append_sid("{$this->phpbb_root_path}index.{$this->phpEx}")); } login_box('', $this->user->lang['LOGIN_INFO']); } $adm_points = $this->request->variable('adm_points', false); $u_id = $this->request->variable('user_id', 0); $post_id = $this->request->variable('post_id', 0); if (empty($u_id)) { $message = $this->user->lang['EDIT_NO_ID_SPECIFIED'] . '<br /><br /><a href="' . $this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'bank_edit')) . '">« ' . $this->user->lang['BACK_TO_PREV'] . '</a>'; trigger_error($message); } $user_id = $u_id; add_form_key('bank_edit'); if ($adm_points != false && ($this->auth->acl_get('a_') || $this->auth->acl_get('m_chg_bank'))) { $this->template->assign_block_vars('administer_bank', array()); $submit = isset($_POST['submit']) ? true : false; if ($submit) { if (!check_form_key('bank_edit')) { trigger_error('FORM_INVALID'); } $new_points = round($this->request->variable('points', 0.0), 2); $this->functions_points->set_bank($u_id, $new_points); $sql_array = array('SELECT' => 'user_id, username, user_points, user_colour', 'FROM' => array(USERS_TABLE => 'u'), 'WHERE' => 'user_id = ' . (int) $u_id); $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query($sql); $points_user = $this->db->sql_fetchrow($result); // Add logs $this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_MOD_BANK', false, array($points_user['username'])); $message = $post_id ? sprintf($this->user->lang['EDIT_P_RETURN_POST'], '<a href="' . append_sid("{$this->phpbb_root_path}viewtopic.{$this->phpEx}", "p=" . $post_id) . '">', '</a>') : sprintf($this->user->lang['EDIT_P_RETURN_INDEX'], '<a href="' . append_sid("{$this->phpbb_root_path}index.{$this->phpEx}") . '">', '</a>'); trigger_error(sprintf($this->user->lang['EDIT_POINTS_SET'], $this->config['points_name']) . $message); } else { $sql_array = array('SELECT' => 'u.user_id, u.username, u.user_points, u.user_colour, b.holding', 'FROM' => array(USERS_TABLE => 'u'), 'LEFT_JOIN' => array(array('FROM' => array($this->points_bank_table => 'b'), 'ON' => 'u.user_id = b.user_id')), 'WHERE' => 'u.user_id = ' . (int) $u_id); $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); if (empty($u_id)) { $message = $this->user->lang['EDIT_USER_NOT_EXIST'] . '<br /><br /><a href="' . $this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'bank_edit')) . '">« ' . $this->user->lang['BACK_TO_PREV'] . '</a>'; trigger_error($message); } $hidden_fields = build_hidden_fields(array('user_id' => $u_id, 'post_id' => $post_id)); $this->template->assign_vars(array('USER_NAME' => get_username_string('full', $u_id, $row['username'], $row['user_colour']), 'BANK_POINTS' => sprintf($this->functions_points->number_format_points($row['holding'])), 'POINTS_NAME' => $this->config['points_name'], 'CURRENT_VALUE' => $row['holding'], 'L_POINTS_MODIFY' => sprintf($this->user->lang['EDIT_BANK_MODIFY'], $this->config['points_name']), 'L_P_BANK_TITLE' => sprintf($this->user->lang['EDIT_P_BANK_TITLE'], $this->config['points_name']), 'L_USERNAME' => $this->user->lang['USERNAME'], 'L_SET_AMOUNT' => $this->user->lang['EDIT_SET_AMOUNT'], 'U_USER_LINK' => append_sid("{$this->phpbb_root_path}memberlist.{$this->phpEx}", "mode=viewprofile&u=" . $u_id), 'S_ACTION' => $this->helper->route('dmzx_ultimatepoints_controller', array('mode' => 'bank_edit', 'adm_points' => '1')), 'S_HIDDEN_FIELDS' => $hidden_fields)); } } // Generate the page page_header($this->user->lang['EDIT_POINTS_ADMIN']); // Generate the page template $this->template->set_filenames(array('body' => 'points/points_bank_edit.html')); page_footer(); }
public static function not_authorised($backlink, $loginlink = '', $login_explain = '') { global $user, $phpbb_container; $url = $phpbb_container->get('phpbbgallery.core.url'); if (!$user->data['is_registered'] && $loginlink) { if ($login_explain && isset($user->lang[$login_explain])) { $login_explain = $user->lang[$login_explain]; } else { $login_explain = ''; } login_box($loginlink, $login_explain); } else { $url->meta_refresh(3, $backlink); trigger_error('NOT_AUTHORISED'); } }
public function handle($notify_id = 0) { $this->user->add_lang_ext('gn36/versionchecknotifier', 'global'); if (!$notify_id) { trigger_error('INVALID_NOTIFICATION_ID_REDIRECT'); } if (!$this->user->data['is_registered']) { login_box(); } $notifications = $this->manager->load_notifications(array('notification_id' => intval($notify_id))); if (!isset($notifications['notifications'][$notify_id])) { trigger_error('INVALID_NOTIFICATION_ID_REDIRECT'); } /** @var $notification \phpbb\notification\type\base */ $notification = $notifications['notifications'][$notify_id]; $url = $notification->get_url(); redirect($url, false, true); }
trigger_error($message); break; default: $default = true; break; } // We use this approach because it does not impose large code changes if (!$default) { return true; } // Only registered users can go beyond this point if (!$user->data['is_registered']) { if ($user->data['is_bot']) { redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); } login_box('', $user->lang['LOGIN_EXPLAIN_UCP']); } // Instantiate module system and generate list of available modules $module->list_modules('ucp'); // Check if the zebra module is set if ($module->is_active('zebra', 'friends')) { // Output listing of friends online $update_time = $config['load_online_time'] * 60; $sql = $db->sql_build_query('SELECT_DISTINCT', array('SELECT' => 'u.user_id, u.username, u.username_clean, u.user_colour, MAX(s.session_time) as online_time, MIN(s.session_viewonline) AS viewonline', 'FROM' => array(USERS_TABLE => 'u', ZEBRA_TABLE => 'z'), 'LEFT_JOIN' => array(array('FROM' => array(SESSIONS_TABLE => 's'), 'ON' => 's.session_user_id = z.zebra_id')), 'WHERE' => 'z.user_id = ' . $user->data['user_id'] . ' AND z.friend = 1 AND u.user_id = z.zebra_id', 'GROUP_BY' => 'z.zebra_id, u.user_id, u.username_clean, u.user_colour, u.username', 'ORDER_BY' => 'u.username_clean ASC')); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $which = time() - $update_time < $row['online_time'] && ($row['viewonline'] || $auth->acl_get('u_viewonline')) ? 'online' : 'offline'; $template->assign_block_vars("friends_{$which}", array('USER_ID' => $row['user_id'], 'U_PROFILE' => get_username_string('profile', $row['user_id'], $row['username'], $row['user_colour']), 'USER_COLOUR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']), 'USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']), 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']))); }
/** * Method to render the page data * * @var bool Bool if the rendering is only for index * @return array Data for page rendering */ public function render_data_for_page($only_for_index = false) { $include_on_index = $only_for_index === true; // Add lang file $this->user->add_lang('posting'); //chat enabled if (!$this->config['mchat_enable']) { trigger_error($this->user->lang['MCHAT_ENABLE'], E_USER_NOTICE); } // avatars if (!function_exists('get_user_avatar')) { include $this->phpbb_root_path . 'includes/functions_display.' . $this->phpEx; } if (($this->config_mchat = $this->cache->get('_mchat_config')) === false) { $this->functions_mchat->mchat_cache(); } $this->config_mchat = $this->cache->get('_mchat_config'); // Access rights $mchat_allow_bbcode = $this->config['allow_bbcode'] && $this->auth->acl_get('u_mchat_bbcode') ? true : false; $mchat_smilies = $this->config['allow_smilies'] && $this->auth->acl_get('u_mchat_smilies') ? true : false; $mchat_urls = $this->config['allow_post_links'] && $this->auth->acl_get('u_mchat_urls') ? true : false; $mchat_ip = $this->auth->acl_get('u_mchat_ip') ? true : false; $mchat_pm = $this->auth->acl_get('u_mchat_pm') ? true : false; $mchat_like = $this->auth->acl_get('u_mchat_like') ? true : false; $mchat_quote = $this->auth->acl_get('u_mchat_quote') ? true : false; $mchat_add_mess = $this->auth->acl_get('u_mchat_use') ? true : false; $mchat_view = $this->auth->acl_get('u_mchat_view') ? true : false; $mchat_no_flood = $this->auth->acl_get('u_mchat_flood_ignore') ? true : false; $mchat_read_archive = $this->auth->acl_get('u_mchat_archive') ? true : false; $mchat_founder = $this->user->data['user_type'] == USER_FOUNDER ? true : false; $mchat_session_time = !empty($this->config_mchat['timeout']) ? $this->config_mchat['timeout'] : (!empty($this->config['load_online_time']) ? $this->config['load_online_time'] * 60 : $this->config['session_length']); $mchat_rules = !empty($this->config_mchat['rules']) || isset($this->user->lang[strtoupper('mchat_rules')]) ? true : false; $mchat_avatars = !empty($this->config_mchat['avatars']) && $this->user->optionget('viewavatars') && $this->user->data['user_mchat_avatars'] ? true : false; // needed variables // Request options. $mchat_mode = $this->request->variable('mode', ''); $mchat_read_mode = $mchat_archive_mode = $mchat_custom_page = $mchat_no_message = false; // set redirect if on index or custom page $on_page = $include_on_index ? 'index' : 'mchat'; // grab fools..uhmmm, foes the user has $foes_array = array(); $sql = 'SELECT * FROM ' . ZEBRA_TABLE . ' WHERE user_id = ' . $this->user->data['user_id'] . ' AND foe = 1'; $result = $this->db->sql_query($sql); while ($row = $this->db->sql_fetchrow($result)) { $foes_array[] = $row['zebra_id']; } $this->db->sql_freeresult($result); // Request mode... switch ($mchat_mode) { // rules popup.. case 'rules': // If the rules are defined in the language file use them, else just use the entry in the database if ($mchat_rules || isset($this->user->lang[strtoupper('mchat_rules')])) { if (isset($this->user->lang[strtoupper('mchat_rules')])) { $this->template->assign_var('MCHAT_RULES', $this->user->lang[strtoupper('mchat_rules')]); } else { $mchat_rules = $this->config_mchat['rules']; $mchat_rules = explode("\n", $mchat_rules); foreach ($mchat_rules as $mchat_rule) { $mchat_rule = utf8_htmlspecialchars($mchat_rule); $this->template->assign_block_vars('rule', array('MCHAT_RULE' => $mchat_rule)); } } // Output the page // Return for: \$this->helper->render(filename, lang_title); return array('filename' => 'mchat_rules.html', 'lang_title' => $this->user->lang['MCHAT_HELP']); } else { // Show no rules trigger_error('MCHAT_NO_RULES', E_USER_NOTICE); } break; // whois function.. // whois function.. case 'whois': // Must have auths if ($mchat_mode == 'whois' && $mchat_ip) { // function already exists.. if (!function_exists('user_ipwhois')) { include $this->phpbb_root_path . 'includes/functions_user.' . $this->phpEx; } $this->user_ip = $this->request->variable('ip', ''); $this->template->assign_var('WHOIS', user_ipwhois($this->user_ip)); // Output the page // Return for: \$this->helper->render(filename, lang_title); return array('filename' => 'viewonline_whois.html', 'lang_title' => $this->user->lang['WHO_IS_ONLINE']); } else { // Show not authorized trigger_error('NO_AUTH_OPERATION', E_USER_NOTICE); } break; // Clean function... // Clean function... case 'clean': // User logged in? if (!$this->user->data['is_registered'] || !$mchat_founder) { if (!$this->user->data['is_registered']) { // Login box... login_box('', $this->user->lang['LOGIN']); } else { if (!$mchat_founder) { // Show not authorized trigger_error('NO_AUTH_OPERATION', E_USER_NOTICE); } } } $mchat_redirect = $this->request->variable('redirect', ''); $mchat_redirect = $mchat_redirect == 'index' ? append_sid("{$this->phpbb_root_path}index.{$this->phpEx}") : $this->helper->route('dmzx_mchat_controller', array('#mChat')); if (confirm_box(true)) { // Run cleaner $sql = 'TRUNCATE TABLE ' . $this->mchat_table; $this->db->sql_query($sql); meta_refresh(3, $mchat_redirect); trigger_error($this->user->lang['MCHAT_CLEANED'] . '<br /><br />' . sprintf($this->user->lang['RETURN_PAGE'], '<a href="' . $mchat_redirect . '">', '</a>')); } else { // Display confirm box confirm_box(false, $this->user->lang['MCHAT_DELALLMESS']); } $this->phpbb_log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_MCHAT_TABLE_PRUNED'); redirect($mchat_redirect); break; // Archive function... // Archive function... case 'archive': if (!$mchat_read_archive || !$mchat_view) { // redirect to correct page $mchat_redirect = append_sid("{$this->phpbb_root_path}index.{$this->phpEx}"); // Redirect to previous page meta_refresh(3, $mchat_redirect); trigger_error($this->user->lang['MCHAT_NOACCESS_ARCHIVE'] . '<br /><br />' . sprintf($this->user->lang['RETURN_PAGE'], '<a href="' . $mchat_redirect . '">', '</a>')); } if ($this->config['mchat_enable'] && $mchat_read_archive && $mchat_view) { // how many chats do we have? $sql = 'SELECT COUNT(message_id) AS messages FROM ' . $this->mchat_table; $result = $this->db->sql_query($sql); $mchat_total_messages = $this->db->sql_fetchfield('messages'); $this->db->sql_freeresult($result); // prune the chats if necessary and amount in ACP not empty if ($this->config_mchat['prune_enable'] && ($mchat_total_messages > $this->config_mchat['prune_num'] && $this->config_mchat['prune_num'] > 0)) { $this->functions_mchat->mchat_prune((int) $this->config_mchat['prune_num']); } // Reguest... $mchat_archive_start = $this->request->variable('start', 0); $sql_where = $this->user->data['user_mchat_topics'] ? '' : 'WHERE m.forum_id = 0'; // Message row $sql = 'SELECT m.*, u.username, u.user_colour, u.user_avatar, u.user_avatar_type, u.user_avatar_width, u.user_avatar_height, u.user_allow_pm FROM ' . $this->mchat_table . ' m LEFT JOIN ' . USERS_TABLE . ' u ON m.user_id = u.user_id ' . $sql_where . ' ORDER BY m.message_id DESC'; $result = $this->db->sql_query_limit($sql, (int) $this->config_mchat['archive_limit'], $mchat_archive_start); $rows = $this->db->sql_fetchrowset($result); $this->db->sql_freeresult($result); foreach ($rows as $row) { // auth check if ($row['forum_id'] != 0 && !$this->auth->acl_get('f_read', $row['forum_id'])) { continue; } // edit, delete and permission auths $mchat_ban = $this->auth->acl_get('a_authusers') && $this->user->data['user_id'] != $row['user_id'] ? true : false; $mchat_edit = $this->auth->acl_get('u_mchat_edit') && ($this->auth->acl_get('m_') || $this->user->data['user_id'] == $row['user_id']) ? true : false; $mchat_del = $this->auth->acl_get('u_mchat_delete') && ($this->auth->acl_get('m_') || $this->user->data['user_id'] == $row['user_id']) ? true : false; $mchat_avatar = $row['user_avatar'] ? get_user_avatar($row['user_avatar'], $row['user_avatar_type'], $row['user_avatar_width'] > $row['user_avatar_height'] ? 40 : 40 / $row['user_avatar_height'] * $row['user_avatar_width'], $row['user_avatar_height'] > $row['user_avatar_width'] ? 40 : 40 / $row['user_avatar_width'] * $row['user_avatar_height']) : ''; $message_edit = $row['message']; decode_message($message_edit, $row['bbcode_uid']); $message_edit = str_replace('"', '"', $message_edit); // Edit Fix ;) if (sizeof($foes_array)) { if (in_array($row['user_id'], $foes_array)) { $row['message'] = sprintf($this->user->lang['MCHAT_FOE'], get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST'])); } } $row['username'] = mb_ereg_replace("'", "’", $row['username']); $this->template->assign_block_vars('mchatrow', array('MCHAT_ALLOW_BAN' => $mchat_ban, 'MCHAT_ALLOW_EDIT' => $mchat_edit, 'MCHAT_ALLOW_DEL' => $mchat_del, 'MCHAT_USER_AVATAR' => $mchat_avatar, 'U_VIEWPROFILE' => $row['user_id'] != ANONYMOUS ? append_sid("{$this->phpbb_root_path}memberlist.{$this->phpEx}", 'mode=viewprofile&u=' . $row['user_id']) : '', 'U_USER_IDS' => $row['user_id'] != ANONYMOUS && $this->user->data['user_id'] != $row['user_id'] ? append_sid("{$this->phpbb_root_path}ucp.{$this->phpEx}", 'i=pm&mode=compose&u=' . $row['user_id']) : '', 'BOT_USER_ID' => $row['user_id'] != '1', 'U_USER_ID' => $row['user_id'] != ANONYMOUS && $this->config['allow_privmsg'] && $this->auth->acl_get('u_sendpm') && $this->user->data['user_id'] != $row['user_id'] && $row['user_id'] != '1' && ($row['user_allow_pm'] || $this->auth->acl_gets('a_', 'm_') || $this->auth->acl_getf_global('m_')) ? append_sid("{$this->phpbb_root_path}ucp.{$this->phpEx}", 'i=pm&mode=compose&u=' . $row['user_id']) : '', 'MCHAT_MESSAGE_EDIT' => $message_edit, 'MCHAT_MESSAGE_ID' => $row['message_id'], 'MCHAT_USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USERNAME_COLOR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USER_IP' => $row['user_ip'], 'MCHAT_U_WHOIS' => $this->helper->route('dmzx_mchat_controller', array('mode' => 'whois', 'ip' => $row['user_ip'])), 'MCHAT_U_BAN' => append_sid("{$this->phpbb_root_path}adm/index.{$this->phpEx}", 'i=permissions&mode=setting_user_global&user_id[0]=' . $row['user_id'], true, $this->user->session_id), 'MCHAT_MESSAGE' => generate_text_for_display($row['message'], $row['bbcode_uid'], $row['bbcode_bitfield'], $row['bbcode_options']), 'MCHAT_TIME' => $this->user->format_date($row['message_time'], $this->config_mchat['date']), 'MCHAT_CLASS' => $row['message_id'] % 2 ? 1 : 2)); } // Write no message if (empty($rows)) { $mchat_no_message = true; } } // Run query again to get the total message rows... $sql = 'SELECT COUNT(message_id) AS mess_id FROM ' . $this->mchat_table; $result = $this->db->sql_query($sql); $mchat_total_message = $this->db->sql_fetchfield('mess_id'); $this->db->sql_freeresult($result); // Page list function... $pagination_url = $this->helper->route('dmzx_mchat_controller', array('mode' => 'archive')); $start = $this->request->variable('start', 0); $this->pagination->generate_template_pagination($pagination_url, 'pagination', 'start', $mchat_total_message, (int) $this->config_mchat['archive_limit'], $mchat_archive_start); $this->template->assign_vars(array('MCHAT_TOTAL_MESSAGES' => sprintf($this->user->lang['MCHAT_TOTALMESSAGES'], $mchat_total_message))); //add to navlinks $this->template->assign_block_vars('navlinks', array('FORUM_NAME' => $this->user->lang['MCHAT_ARCHIVE_PAGE'], 'U_VIEW_FORUM' => $this->helper->route('dmzx_mchat_controller', array('mode' => 'archive')))); // If archive mode request set true $mchat_archive_mode = true; $old_mode = 'archive'; break; // Read function... // Read function... case 'read': // If mChat disabled or user can't view the chat if (!$this->config['mchat_enable'] || !$mchat_view) { // Forbidden (for jQ AJAX request) throw new \phpbb\exception\http_exception(403, 'MCHAT_ERROR_FORBIDDEN'); } // if we're reading on the custom page, then we are chatting if ($mchat_custom_page) { // insert user into the mChat sessions table $this->functions_mchat->mchat_sessions($mchat_session_time, true); } // Request $mchat_message_last_id = $this->request->variable('message_last_id', 0); $sql_and = $this->user->data['user_mchat_topics'] ? '' : 'AND m.forum_id = 0'; $sql = 'SELECT m.*, u.username, u.user_colour, u.user_avatar, u.user_avatar_type, u.user_avatar_width, u.user_avatar_height, u.user_allow_pm FROM ' . $this->mchat_table . ' m, ' . USERS_TABLE . ' u WHERE m.user_id = u.user_id AND m.message_id > ' . (int) $mchat_message_last_id . ' ' . $sql_and . ' ORDER BY m.message_id DESC'; $result = $this->db->sql_query_limit($sql, (int) $this->config_mchat['message_limit']); $rows = $this->db->sql_fetchrowset($result); $this->db->sql_freeresult($result); // Reverse the array wanting messages appear in reverse if ($this->config['mchat_message_top']) { $rows = array_reverse($rows); } foreach ($rows as $row) { // auth check if ($row['forum_id'] != 0 && !$this->auth->acl_get('f_read', $row['forum_id'])) { continue; } // edit auths if ($this->user->data['user_id'] == ANONYMOUS && $this->user->data['user_id'] == $row['user_id']) { $chat_auths = $this->user->data['session_ip'] == $row['user_ip'] ? true : false; } else { $chat_auths = $this->user->data['user_id'] == $row['user_id'] ? true : false; } // edit, delete and permission auths $mchat_ban = $this->auth->acl_get('a_authusers') && $this->user->data['user_id'] != $row['user_id'] ? true : false; $mchat_edit = $this->auth->acl_get('u_mchat_edit') && ($this->auth->acl_get('m_') || $chat_auths) ? true : false; $mchat_del = $this->auth->acl_get('u_mchat_delete') && ($this->auth->acl_get('m_') || $chat_auths) ? true : false; $mchat_avatar = $row['user_avatar'] ? get_user_avatar($row['user_avatar'], $row['user_avatar_type'], $row['user_avatar_width'] > $row['user_avatar_height'] ? 40 : 40 / $row['user_avatar_height'] * $row['user_avatar_width'], $row['user_avatar_height'] > $row['user_avatar_width'] ? 40 : 40 / $row['user_avatar_width'] * $row['user_avatar_height']) : ''; $message_edit = $row['message']; decode_message($message_edit, $row['bbcode_uid']); $message_edit = str_replace('"', '"', $message_edit); $message_edit = mb_ereg_replace("'", "’", $message_edit); // Edit Fix ;) if (sizeof($foes_array)) { if (in_array($row['user_id'], $foes_array)) { $row['message'] = sprintf($this->user->lang['MCHAT_FOE'], get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST'])); } } $row['username'] = mb_ereg_replace("'", "’", $row['username']); $this->template->assign_block_vars('mchatrow', array('MCHAT_ALLOW_BAN' => $mchat_ban, 'MCHAT_ALLOW_EDIT' => $mchat_edit, 'MCHAT_ALLOW_DEL' => $mchat_del, 'MCHAT_USER_AVATAR' => $mchat_avatar, 'U_VIEWPROFILE' => $row['user_id'] != ANONYMOUS ? append_sid("{$this->phpbb_root_path}memberlist.{$this->phpEx}", 'mode=viewprofile&u=' . $row['user_id']) : '', 'U_USER_IDS' => $row['user_id'] != ANONYMOUS && $this->user->data['user_id'] != $row['user_id'] ? append_sid("{$this->phpbb_root_path}ucp.{$this->phpEx}", 'i=pm&mode=compose&u=' . $row['user_id']) : '', 'BOT_USER_ID' => $row['user_id'] != '1', 'U_USER_ID' => $row['user_id'] != ANONYMOUS && $this->config['allow_privmsg'] && $this->auth->acl_get('u_sendpm') && $this->user->data['user_id'] != $row['user_id'] && $row['user_id'] != '1' && ($row['user_allow_pm'] || $this->auth->acl_gets('a_', 'm_') || $this->auth->acl_getf_global('m_')) ? append_sid("{$this->phpbb_root_path}ucp.{$this->phpEx}", 'i=pm&mode=compose&u=' . $row['user_id']) : '', 'MCHAT_MESSAGE_EDIT' => $message_edit, 'MCHAT_MESSAGE_ID' => $row['message_id'], 'MCHAT_USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USERNAME_COLOR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USER_IP' => $row['user_ip'], 'MCHAT_U_WHOIS' => $this->helper->route('dmzx_mchat_controller', array('mode' => 'whois', 'ip' => $row['user_ip'])), 'MCHAT_U_BAN' => append_sid("{$this->phpbb_root_path}adm/index.{$this->phpEx}", 'i=permissions&mode=setting_user_global&user_id[0]=' . $row['user_id'], true, $this->user->session_id), 'MCHAT_MESSAGE' => generate_text_for_display($row['message'], $row['bbcode_uid'], $row['bbcode_bitfield'], $row['bbcode_options']), 'MCHAT_TIME' => $this->user->format_date($row['message_time'], $this->config_mchat['date']), 'MCHAT_CLASS' => $row['message_id'] % 2 ? 1 : 2)); } // Write no message if (empty($rows)) { $mchat_no_message = true; } // If read mode request set true $mchat_read_mode = true; break; // Stats function... // Stats function... case 'stats': // If mChat disabled or user can't view the chat if (!$this->config['mchat_enable'] || !$mchat_view || !$this->config_mchat['whois']) { // Forbidden (for jQ AJAX request) throw new \phpbb\exception\http_exception(403, 'MCHAT_ERROR_FORBIDDEN'); } $mchat_stats = $this->functions_mchat->mchat_users($mchat_session_time); if (!empty($mchat_stats['online_userlist'])) { $message = '<div class="mChatStats" id="mChatStats"><a href="#" onclick="mChat.toggle(\'UserList\'); return false;">' . $mchat_stats['mchat_users_count'] . '</a> ' . $mchat_stats['refresh_message'] . '<br /><span id="mChatUserList" style="display: none; float: left;">' . $mchat_stats['online_userlist'] . '</span></div>'; } else { $message = '<div class="mChatStats" id="Div1">' . $this->user->lang['MCHAT_NO_CHATTERS'] . ' (' . $mchat_stats['refresh_message'] . ')</div>'; } if ($this->request->is_ajax()) { // Return for: \Symfony\Component\HttpFoundation\JsonResponse return array('json' => true, 'message' => $message); } else { throw new \phpbb\exception\http_exception(501, 'MCHAT_ERROR_NOT_IMPLEMENTED'); } break; // Add function... // Add function... case 'add': // If mChat disabled if (!$this->config['mchat_enable'] || !$mchat_add_mess || !check_form_key('mchat_posting', -1)) { // Forbidden (for jQ AJAX request) if ($this->request->is_ajax()) { // FOR DEBUG throw new \phpbb\exception\http_exception(403, 'MCHAT_ERROR_FORBIDDEN'); } } // Reguest... $message = utf8_ucfirst(utf8_normalize_nfc($this->request->variable('message', '', true))); // must have something other than bbcode in the message if (empty($mchatregex)) { //let's strip all the bbcode $mchatregex = '#\\[/?[^\\[\\]]+\\]#mi'; } $message_chars = preg_replace($mchatregex, '', $message); $message_chars = utf8_strlen(trim($message_chars)) > 0 ? true : false; if (!$message || !$message_chars) { // Not Implemented (for jQ AJAX request) throw new \phpbb\exception\http_exception(501, 'MCHAT_ERROR_NOT_IMPLEMENTED'); } // Flood control if (!$mchat_no_flood && $this->config_mchat['flood_time']) { $mchat_flood_current_time = time(); $sql = 'SELECT message_time FROM ' . $this->mchat_table . ' WHERE user_id = ' . (int) $this->user->data['user_id'] . ' ORDER BY message_time DESC'; $result = $this->db->sql_query_limit($sql, 1); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); if ($row['message_time'] > 0 && $mchat_flood_current_time - $row['message_time'] < (int) $this->config_mchat['flood_time']) { // Locked (for jQ AJAX request) throw new \phpbb\exception\http_exception(400, 'MCHAT_BAD_REQUEST'); } } // insert user into the mChat sessions table $this->functions_mchat->mchat_sessions($mchat_session_time, true); // we override the $this->config['min_post_chars'] entry? if ($this->config_mchat['override_min_post_chars']) { $old_cfg['min_post_chars'] = $this->config['min_post_chars']; $this->config['min_post_chars'] = 0; } //we do the same for the max number of smilies? if ($this->config_mchat['override_smilie_limit']) { $old_cfg['max_post_smilies'] = $this->config['max_post_smilies']; $this->config['max_post_smilies'] = 0; } // Add function part code from http://wiki.phpbb.com/Parsing_text $uid = $bitfield = $options = ''; // will be modified by generate_text_for_storage generate_text_for_storage($message, $uid, $bitfield, $options, $mchat_allow_bbcode, $mchat_urls, $mchat_smilies); // Not allowed bbcodes if (!$mchat_allow_bbcode || $this->config_mchat['bbcode_disallowed']) { if (!$mchat_allow_bbcode) { $bbcode_remove = '#\\[/?[^\\[\\]]+\\]#Usi'; $message = preg_replace($bbcode_remove, '', $message); } else { if ($this->config_mchat['bbcode_disallowed']) { if (empty($bbcode_replace)) { $bbcode_replace = array('#\\[(' . $this->config_mchat['bbcode_disallowed'] . ')[^\\[\\]]+\\]#Usi', '#\\[/(' . $this->config_mchat['bbcode_disallowed'] . ')[^\\[\\]]+\\]#Usi'); } $message = preg_replace($bbcode_replace, '', $message); } } } $sql_ary = array('forum_id' => 0, 'post_id' => 0, 'user_id' => $this->user->data['user_id'], 'user_ip' => $this->user->data['session_ip'], 'message' => str_replace('\'', '’', $message), 'bbcode_bitfield' => $bitfield, 'bbcode_uid' => $uid, 'bbcode_options' => $options, 'message_time' => time()); $sql = 'INSERT INTO ' . $this->mchat_table . ' ' . $this->db->sql_build_array('INSERT', $sql_ary); $this->db->sql_query($sql); // reset the config settings if (isset($old_cfg['min_post_chars'])) { $this->config['min_post_chars'] = $old_cfg['min_post_chars']; unset($old_cfg['min_post_chars']); } if (isset($old_cfg['max_post_smilies'])) { $this->config['max_post_smilies'] = $old_cfg['max_post_smilies']; unset($old_cfg['max_post_smilies']); } // Stop run code! if ($this->request->is_ajax()) { // Return for: \Symfony\Component\HttpFoundation\JsonResponse return array('json' => true, 'success' => true); } else { exit_handler(); } break; // Edit function... // Edit function... case 'edit': $message_id = $this->request->variable('message_id', 0); // If mChat disabled and not edit if (!$this->config['mchat_enable'] || !$message_id) { // Forbidden (for jQ AJAX request) throw new \phpbb\exception\http_exception(403, 'MCHAT_ERROR_FORBIDDEN'); } // check for the correct user $sql = 'SELECT * FROM ' . $this->mchat_table . ' WHERE message_id = ' . (int) $message_id; $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); // edit and delete auths $mchat_edit = $this->auth->acl_get('u_mchat_edit') && ($this->auth->acl_get('m_') || $this->user->data['user_id'] == $row['user_id']) ? true : false; $mchat_del = $this->auth->acl_get('u_mchat_delete') && ($this->auth->acl_get('m_') || $this->user->data['user_id'] == $row['user_id']) ? true : false; // If mChat disabled and not edit if (!$mchat_edit) { // Forbidden (for jQ AJAX request) throw new \phpbb\exception\http_exception(403, 'MCHAT_ERROR_FORBIDDEN'); } // Reguest... $message = $this->request->variable('message', '', true); // must have something other than bbcode in the message if (empty($mchatregex)) { //let's strip all the bbcode $mchatregex = '#\\[/?[^\\[\\]]+\\]#mi'; } $message_chars = preg_replace($mchatregex, '', $message); $message_chars = utf8_strlen(trim($message_chars)) > 0 ? true : false; if (!$message || !$message_chars) { // Not Implemented (for jQ AJAX request) throw new \phpbb\exception\http_exception(501, 'MCHAT_ERROR_NOT_IMPLEMENTED'); } // Message limit $message = $this->config_mchat['max_message_lngth'] != 0 && utf8_strlen($message) >= $this->config_mchat['max_message_lngth'] + 3 ? utf8_substr($message, 0, $this->config_mchat['max_message_lngth']) . '...' : $message; // we override the $this->config['min_post_chars'] entry? if ($this->config_mchat['override_min_post_chars']) { $old_cfg['min_post_chars'] = $this->config['min_post_chars']; $this->config['min_post_chars'] = 0; } //we do the same for the max number of smilies? if ($this->config_mchat['override_smilie_limit']) { $old_cfg['max_post_smilies'] = $this->config['max_post_smilies']; $this->config['max_post_smilies'] = 0; } // Edit function part code from http://wiki.phpbb.com/Parsing_text $uid = $bitfield = $options = ''; // will be modified by generate_text_for_storage generate_text_for_storage($message, $uid, $bitfield, $options, $mchat_allow_bbcode, $mchat_urls, $mchat_smilies); // Not allowed bbcodes if (!$mchat_allow_bbcode || $this->config_mchat['bbcode_disallowed']) { if (!$mchat_allow_bbcode) { $bbcode_remove = '#\\[/?[^\\[\\]]+\\]#Usi'; $message = preg_replace($bbcode_remove, '', $message); } else { if ($this->config_mchat['bbcode_disallowed']) { if (empty($bbcode_replace)) { $bbcode_replace = array('#\\[(' . $this->config_mchat['bbcode_disallowed'] . ')[^\\[\\]]+\\]#Usi', '#\\[/(' . $this->config_mchat['bbcode_disallowed'] . ')[^\\[\\]]+\\]#Usi'); } $message = preg_replace($bbcode_replace, '', $message); } } } $sql_ary = array('message' => str_replace('\'', '’', $message), 'bbcode_bitfield' => $bitfield, 'bbcode_uid' => $uid, 'bbcode_options' => $options); $sql = 'UPDATE ' . $this->mchat_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE message_id = ' . (int) $message_id; $this->db->sql_query($sql); // Message edited...now read it $sql = 'SELECT m.*, u.username, u.user_colour, u.user_avatar, u.user_avatar_type, u.user_avatar_width, u.user_avatar_height, u.user_allow_pm FROM ' . $this->mchat_table . ' m, ' . USERS_TABLE . ' u WHERE m.user_id = u.user_id AND m.message_id = ' . (int) $message_id . ' ORDER BY m.message_id DESC'; $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); $message_edit = $row['message']; decode_message($message_edit, $row['bbcode_uid']); $message_edit = str_replace('"', '"', $message_edit); // Edit Fix ;) $message_edit = mb_ereg_replace("'", "’", $message_edit); // Edit Fix ;) $mchat_ban = $this->auth->acl_get('a_authusers') && $this->user->data['user_id'] != $row['user_id'] ? true : false; $mchat_avatar = $row['user_avatar'] ? get_user_avatar($row['user_avatar'], $row['user_avatar_type'], $row['user_avatar_width'] > $row['user_avatar_height'] ? 40 : 40 / $row['user_avatar_height'] * $row['user_avatar_width'], $row['user_avatar_height'] > $row['user_avatar_width'] ? 40 : 40 / $row['user_avatar_width'] * $row['user_avatar_height']) : ''; $this->template->assign_block_vars('mchatrow', array('MCHAT_ALLOW_BAN' => $mchat_ban, 'MCHAT_ALLOW_EDIT' => $mchat_edit, 'MCHAT_ALLOW_DEL' => $mchat_del, 'MCHAT_MESSAGE_EDIT' => $message_edit, 'MCHAT_USER_AVATAR' => $mchat_avatar, 'U_VIEWPROFILE' => $row['user_id'] != ANONYMOUS ? append_sid("{$this->phpbb_root_path}memberlist.{$this->phpEx}", 'mode=viewprofile&u=' . $row['user_id']) : '', 'U_USER_IDS' => $row['user_id'] != ANONYMOUS && $this->user->data['user_id'] != $row['user_id'] ? append_sid("{$this->phpbb_root_path}ucp.{$this->phpEx}", 'i=pm&mode=compose&u=' . $row['user_id']) : '', 'BOT_USER_ID' => $row['user_id'] != '1', 'U_USER_ID' => $row['user_id'] != ANONYMOUS && $this->config['allow_privmsg'] && $this->auth->acl_get('u_sendpm') && $this->user->data['user_id'] != $row['user_id'] && $row['user_id'] != '1' && ($row['user_allow_pm'] || $this->auth->acl_gets('a_', 'm_') || $this->auth->acl_getf_global('m_')) ? append_sid("{$this->phpbb_root_path}ucp.{$this->phpEx}", 'i=pm&mode=compose&u=' . $row['user_id']) : '', 'MCHAT_MESSAGE_ID' => $row['message_id'], 'MCHAT_USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USERNAME_COLOR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USER_IP' => $row['user_ip'], 'MCHAT_U_WHOIS' => $this->helper->route('dmzx_mchat_controller', array('mode' => 'whois', 'ip' => $row['user_ip'])), 'MCHAT_U_BAN' => append_sid("{$this->phpbb_root_path}adm/index.{$this->phpEx}", 'i=permissions&mode=setting_user_global&user_id[0]=' . $row['user_id'], true, $this->user->session_id), 'MCHAT_MESSAGE' => censor_text(generate_text_for_display($row['message'], $row['bbcode_uid'], $row['bbcode_bitfield'], $row['bbcode_options'])), 'MCHAT_TIME' => $this->user->format_date($row['message_time'], $this->config_mchat['date']), 'MCHAT_CLASS' => $row['message_id'] % 2 ? 1 : 2)); // reset the config settings if (isset($old_cfg['min_post_chars'])) { $this->config['min_post_chars'] = $old_cfg['min_post_chars']; unset($old_cfg['min_post_chars']); } if (isset($old_cfg['max_post_smilies'])) { $this->config['max_post_smilies'] = $old_cfg['max_post_smilies']; unset($old_cfg['max_post_smilies']); } //adds a log // $message_author = get_username_string('no_profile', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']); // add_log('admin', 'LOG_EDITED_MCHAT', $message_author); $this->phpbb_log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EDITED_MCHAT', false, array($row['username'])); // insert user into the mChat sessions table $this->functions_mchat->mchat_sessions($mchat_session_time, true); // If read mode request set true $mchat_read_mode = true; break; // Delete function... // Delete function... case 'delete': $message_id = $this->request->variable('message_id', 0); // If mChat disabled if (!$this->config['mchat_enable'] || !$message_id) { // Forbidden (for jQ AJAX request) throw new \phpbb\exception\http_exception(403, 'MCHAT_ERROR_FORBIDDEN'); } // check for the correct user $sql = 'SELECT m.*, u.username, u.user_colour FROM ' . $this->mchat_table . ' m LEFT JOIN ' . USERS_TABLE . ' u ON m.user_id = u.user_id WHERE m.message_id = ' . (int) $message_id; $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); // edit and delete auths $mchat_edit = $this->auth->acl_get('u_mchat_edit') && ($this->auth->acl_get('m_') || $this->user->data['user_id'] == $row['user_id']) ? true : false; $mchat_del = $this->auth->acl_get('u_mchat_delete') && ($this->auth->acl_get('m_') || $this->user->data['user_id'] == $row['user_id']) ? true : false; // If mChat disabled if (!$mchat_del) { // Forbidden (for jQ AJAX request) throw new \phpbb\exception\http_exception(403, 'MCHAT_ERROR_FORBIDDEN'); } // Run delete! $sql = 'DELETE FROM ' . $this->mchat_table . ' WHERE message_id = ' . (int) $message_id; $this->db->sql_query($sql); //adds a log $this->phpbb_log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_DELETED_MCHAT', false, array($row['username'])); // insert user into the mChat sessions table $this->functions_mchat->mchat_sessions($mchat_session_time, true); // Stop running code if ($this->request->is_ajax()) { // Return for: \Symfony\Component\HttpFoundation\JsonResponse return array('json' => true, 'success' => true); } else { exit_handler(); } break; // Default function... // Default function... default: // If not include in index.php set mchat.php page true if (!$include_on_index) { // Yes its custom page... $mchat_custom_page = true; // If custom page false mchat.php page redirect to index... if (!$this->config_mchat['custom_page'] && $mchat_custom_page) { $mchat_redirect = append_sid("{$this->phpbb_root_path}index.{$this->phpEx}"); // Redirect to previous page meta_refresh(3, $mchat_redirect); trigger_error($this->user->lang['MCHAT_NO_CUSTOM_PAGE'] . '<br /><br />' . sprintf($this->user->lang['RETURN_PAGE'], '<a href="' . $mchat_redirect . '">', '</a>')); } // user has permissions to view the custom chat? if (!$mchat_view && $mchat_custom_page) { trigger_error('NOT_AUTHORISED', E_USER_NOTICE); } // if whois true if ($this->config_mchat['whois']) { // Grab group details for legend display for who is online on the custom page. $order_legend = $this->config['legend_sort_groupname'] ? 'group_name' : 'group_legend'; if ($this->auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) { $sql = 'SELECT group_id, group_name, group_colour, group_type FROM ' . GROUPS_TABLE . ' WHERE group_legend <> 0 ORDER BY ' . $order_legend . ' ASC'; } else { $sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_type FROM ' . GROUPS_TABLE . ' g LEFT JOIN ' . USER_GROUP_TABLE . ' ug ON (g.group_id = ug.group_id AND ug.user_id = ' . $this->user->data['user_id'] . ' AND ug.user_pending = 0) WHERE g.group_legend <> 0 AND (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . (int) $this->user->data['user_id'] . ') ORDER BY g.' . $order_legend . ' ASC'; } $result = $this->db->sql_query($sql); $legend = array(); while ($row = $this->db->sql_fetchrow($result)) { $colour_text = $row['group_colour'] ? ' style="color:#' . $row['group_colour'] . '"' : ''; $group_name = $row['group_type'] == GROUP_SPECIAL ? $this->user->lang['G_' . $row['group_name']] : $row['group_name']; if ($row['group_name'] == 'BOTS' || $this->user->data['user_id'] != ANONYMOUS && !$this->auth->acl_get('u_viewprofile')) { $legend[] = '<span' . $colour_text . '>' . $group_name . '</span>'; } else { $legend[] = '<a' . $colour_text . ' href="' . append_sid("{$this->phpbb_root_path}memberlist.{$this->phpEx}", 'mode=group&g=' . $row['group_id']) . '">' . $group_name . '</a>'; } } $this->db->sql_freeresult($result); $legend = implode(', ', $legend); // Assign index specific vars $this->template->assign_vars(array('LEGEND' => $legend)); } $this->template->assign_block_vars('navlinks', array('FORUM_NAME' => $this->user->lang['MCHAT_TITLE'], 'U_VIEW_FORUM' => $this->helper->route('dmzx_mchat_controller'))); } // Run code... if ($mchat_view) { $message_number = $mchat_custom_page ? $this->config_mchat['message_limit'] : $this->config_mchat['message_num']; $sql_where = $this->user->data['user_mchat_topics'] ? '' : 'WHERE m.forum_id = 0'; // Message row $sql = 'SELECT m.*, u.username, u.user_colour, u.user_avatar, u.user_avatar_type, u.user_avatar_width, u.user_avatar_height, u.user_allow_pm FROM ' . $this->mchat_table . ' m LEFT JOIN ' . USERS_TABLE . ' u ON m.user_id = u.user_id ' . $sql_where . ' ORDER BY message_id DESC'; $result = $this->db->sql_query_limit($sql, $message_number); $rows = $this->db->sql_fetchrowset($result); $this->db->sql_freeresult($result); if ($this->config['mchat_message_top']) { $rows = array_reverse($rows, true); } foreach ($rows as $row) { // auth check if ($row['forum_id'] != 0 && !$this->auth->acl_get('f_read', $row['forum_id'])) { continue; } // edit, delete and permission auths $mchat_ban = $this->auth->acl_get('a_authusers') && $this->user->data['user_id'] != $row['user_id'] ? true : false; // edit auths if ($this->user->data['user_id'] == ANONYMOUS && $this->user->data['user_id'] == $row['user_id']) { $chat_auths = $this->user->data['session_ip'] == $row['user_ip'] ? true : false; } else { $chat_auths = $this->user->data['user_id'] == $row['user_id'] ? true : false; } $mchat_edit = $this->auth->acl_get('u_mchat_edit') && ($this->auth->acl_get('m_') || $chat_auths) ? true : false; $mchat_del = $this->auth->acl_get('u_mchat_delete') && ($this->auth->acl_get('m_') || $chat_auths) ? true : false; $mchat_avatar = $row['user_avatar'] ? get_user_avatar($row['user_avatar'], $row['user_avatar_type'], $row['user_avatar_width'] > $row['user_avatar_height'] ? 40 : 40 / $row['user_avatar_height'] * $row['user_avatar_width'], $row['user_avatar_height'] > $row['user_avatar_width'] ? 40 : 40 / $row['user_avatar_width'] * $row['user_avatar_height']) : ''; $message_edit = $row['message']; decode_message($message_edit, $row['bbcode_uid']); $message_edit = str_replace('"', '"', $message_edit); // Edit Fix ;) $message_edit = mb_ereg_replace("'", "’", $message_edit); if (sizeof($foes_array)) { if (in_array($row['user_id'], $foes_array)) { $row['message'] = sprintf($this->user->lang['MCHAT_FOE'], get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST'])); } } $row['username'] = mb_ereg_replace("'", "’", $row['username']); $message = str_replace('\'', '’', $row['message']); $this->template->assign_block_vars('mchatrow', array('MCHAT_ALLOW_BAN' => $mchat_ban, 'MCHAT_ALLOW_EDIT' => $mchat_edit, 'MCHAT_ALLOW_DEL' => $mchat_del, 'MCHAT_USER_AVATAR' => $mchat_avatar, 'U_VIEWPROFILE' => $row['user_id'] != ANONYMOUS ? append_sid("{$this->phpbb_root_path}memberlist.{$this->phpEx}", 'mode=viewprofile&u=' . $row['user_id']) : '', 'U_USER_IDS' => $row['user_id'] != ANONYMOUS && $this->user->data['user_id'] != $row['user_id'] ? append_sid("{$this->phpbb_root_path}ucp.{$this->phpEx}", 'i=pm&mode=compose&u=' . $row['user_id']) : '', 'BOT_USER_ID' => $row['user_id'] != '1', 'U_USER_ID' => $row['user_id'] != ANONYMOUS && $this->config['allow_privmsg'] && $this->auth->acl_get('u_sendpm') && $this->user->data['user_id'] != $row['user_id'] && $row['user_id'] != '1' && ($row['user_allow_pm'] || $this->auth->acl_gets('a_', 'm_') || $this->auth->acl_getf_global('m_')) ? append_sid("{$this->phpbb_root_path}ucp.{$this->phpEx}", 'i=pm&mode=compose&u=' . $row['user_id']) : '', 'MCHAT_MESSAGE_EDIT' => $message_edit, 'MCHAT_MESSAGE_ID' => $row['message_id'], 'MCHAT_USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USERNAME_COLOR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour'], $this->user->lang['GUEST']), 'MCHAT_USER_IP' => $row['user_ip'], 'MCHAT_U_WHOIS' => $this->helper->route('dmzx_mchat_controller', array('mode' => 'whois', 'ip' => $row['user_ip'])), 'MCHAT_U_BAN' => append_sid("{$this->phpbb_root_path}adm/index.{$this->phpEx}", 'i=permissions&mode=setting_user_global&user_id[0]=' . $row['user_id'], true, $this->user->session_id), 'MCHAT_MESSAGE' => generate_text_for_display($message, $row['bbcode_uid'], $row['bbcode_bitfield'], $row['bbcode_options']), 'MCHAT_TIME' => $this->user->format_date($row['message_time'], $this->config_mchat['date']), 'MCHAT_CLASS' => $row['message_id'] % 2 ? 1 : 2)); } // Write no message if (empty($rows)) { $mchat_no_message = true; } // display custom bbcodes if ($mchat_allow_bbcode && $this->config['allow_bbcode']) { $this->functions_mchat->display_mchat_bbcodes(); } // Smile row if ($mchat_smilies) { if (!function_exists('generate_smilies')) { include $this->phpbb_root_path . 'includes/functions_posting.' . $this->phpEx; } generate_smilies('inline', 0); } // If the static message is defined in the language file use it, else just use the entry in the database if (isset($this->user->lang[strtoupper('static_message')]) || !empty($this->config_mchat['static_message'])) { $this->config_mchat['static_message'] = $this->config_mchat['static_message']; if (isset($this->user->lang[strtoupper('static_message')])) { $this->config_mchat['static_message'] = $this->user->lang[strtoupper('static_message')]; } } // If the static message is defined in the language file use it, else just use the entry in the database if (isset($this->user->lang[strtoupper('mchat_rules')]) || !empty($this->config_mchat['rules'])) { if (isset($this->user->lang[strtoupper('mchat_rules')])) { $this->config_mchat['rules'] = $this->user->lang[strtoupper('mchat_rules')]; } } // a list of users using the chat if ($mchat_custom_page) { $mchat_users = $this->functions_mchat->mchat_users($mchat_session_time, true); } else { $mchat_users = $this->functions_mchat->mchat_users($mchat_session_time); } $this->template->assign_vars(array('MCHAT_USERS_COUNT' => $mchat_users['mchat_users_count'], 'MCHAT_USERS_LIST' => $mchat_users['online_userlist'])); } break; } // show index stats if (!empty($this->config['mchat_stats_index']) && !empty($this->user->data['user_mchat_stats_index'])) { // stats display $mchat_session_time = !empty($this->config_mchat['timeout']) ? $this->config_mchat['timeout'] : $this->config['session_length']; $mchat_stats = $this->functions_mchat->mchat_users($mchat_session_time); $this->template->assign_vars(array('MCHAT_INDEX_STATS' => true, 'MCHAT_INDEX_USERS_COUNT' => $mchat_stats['mchat_users_count'], 'MCHAT_INDEX_USERS_LIST' => !empty($mchat_stats['online_userlist']) ? $mchat_stats['online_userlist'] : '', 'L_MCHAT_ONLINE_EXPLAIN' => $mchat_stats['refresh_message'])); } $copyright = base64_decode('PGEgaHJlZj0iaHR0cDovL3JtY2dpcnI4My5vcmciPlJNY0dpcnI4MzwvYT4gJmNvcHk7IDxhIGhyZWY9Imh0dHA6Ly93d3cuZG16eC13ZWIubmV0IiB0aXRsZT0id3d3LmRtengtd2ViLm5ldCI+ZG16eDwvYT4='); add_form_key('mchat_posting'); // Template function... $this->template->assign_vars(array('MCHAT_FILE_NAME' => $this->helper->route('dmzx_mchat_controller'), 'MCHAT_REFRESH_JS' => 1000 * $this->config_mchat['refresh'], 'MCHAT_ADD_MESSAGE' => $mchat_add_mess, 'MCHAT_READ_MODE' => $mchat_read_mode, 'MCHAT_ARCHIVE_MODE' => $mchat_archive_mode, 'MCHAT_INPUT_TYPE' => $this->user->data['user_mchat_input_area'], 'MCHAT_RULES' => $mchat_rules, 'MCHAT_ALLOW_SMILES' => $mchat_smilies, 'MCHAT_ALLOW_IP' => $mchat_ip, 'MCHAT_ALLOW_PM' => $mchat_pm, 'MCHAT_ALLOW_LIKE' => $mchat_like, 'MCHAT_ALLOW_QUOTE' => $mchat_quote, 'MCHAT_NOMESSAGE_MODE' => $mchat_no_message, 'MCHAT_ALLOW_BBCODES' => $mchat_allow_bbcode && $this->config['allow_bbcode'] ? true : false, 'MCHAT_MESSAGE_TOP' => $this->config['mchat_message_top'] ? true : false, 'MCHAT_ENABLE' => $this->config['mchat_enable'], 'MCHAT_ARCHIVE_URL' => $this->helper->route('dmzx_mchat_controller', array('mode' => 'archive')), 'MCHAT_CUSTOM_PAGE' => $mchat_custom_page, 'MCHAT_INDEX_HEIGHT' => $this->config_mchat['index_height'], 'MCHAT_CUSTOM_HEIGHT' => $this->config_mchat['custom_height'], 'MCHAT_READ_ARCHIVE_BUTTON' => $mchat_read_archive, 'MCHAT_FOUNDER' => $mchat_founder, 'MCHAT_CLEAN_URL' => $this->helper->route('dmzx_mchat_controller', array('mode' => 'clean', 'redirect' => $on_page)), 'MCHAT_STATIC_MESS' => !empty($this->config_mchat['static_message']) ? htmlspecialchars_decode($this->config_mchat['static_message']) : '', 'L_MCHAT_COPYRIGHT' => $copyright, 'MCHAT_WHOIS' => $this->config_mchat['whois'], 'MCHAT_MESSAGE_LNGTH' => $this->config_mchat['max_message_lngth'], 'L_MCHAT_MESSAGE_LNGTH_EXPLAIN' => intval($this->config_mchat['max_message_lngth']) ? sprintf($this->user->lang['MCHAT_MESSAGE_LNGTH_EXPLAIN'], intval($this->config_mchat['max_message_lngth'])) : '', 'MCHAT_MESS_LONG' => sprintf($this->user->lang['MCHAT_MESS_LONG'], $this->config_mchat['max_message_lngth']), 'MCHAT_USER_TIMEOUT' => $this->config_mchat['timeout'] ? 1000 * $this->config_mchat['timeout'] : false, 'MCHAT_WHOIS_REFRESH' => 1000 * $this->config_mchat['whois_refresh'], 'MCHAT_PAUSE_ON_INPUT' => $this->config_mchat['pause_on_input'] ? true : false, 'L_MCHAT_ONLINE_EXPLAIN' => $this->functions_mchat->mchat_session_time($mchat_session_time), 'MCHAT_REFRESH_YES' => sprintf($this->user->lang['MCHAT_REFRESH_YES'], $this->config_mchat['refresh']), 'L_MCHAT_WHOIS_REFRESH_EXPLAIN' => sprintf($this->user->lang['WHO_IS_REFRESH_EXPLAIN'], $this->config_mchat['whois_refresh']), 'S_MCHAT_AVATARS' => $mchat_avatars, 'S_MCHAT_LOCATION' => $this->config_mchat['location'], 'S_MCHAT_SOUND_YES' => $this->user->data['user_mchat_sound'], 'S_MCHAT_INDEX_STATS' => $this->user->data['user_mchat_stats_index'], 'U_MORE_SMILIES' => append_sid("{$this->phpbb_root_path}posting.{$this->phpEx}", 'mode=smilies'), 'U_MCHAT_RULES' => $this->helper->route('dmzx_mchat_controller', array('mode' => 'rules')), 'S_MCHAT_ON_INDEX' => $this->config['mchat_on_index'] && !empty($this->user->data['user_mchat_index']) ? true : false)); // Return for: \$this->helper->render(filename, lang_title); return array('filename' => 'mchat_body.html', 'lang_title' => $this->user->lang['MCHAT_TITLE']); }
$db->sql_freeresult($result); if (!$forum_data) { trigger_error('NO_FORUM'); } // Configure style, language, etc. $user->setup('viewforum', $forum_data['forum_style']); // Redirect to login upon emailed notification links if (isset($_GET['e']) && !$user->data['is_registered']) { login_box('', $user->lang['LOGIN_NOTIFY_FORUM']); } // Permissions check if (!$auth->acl_gets('f_list', 'f_read', $forum_id) || $forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link'] && !$auth->acl_get('f_read', $forum_id)) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('SORRY_AUTH_READ'); } login_box('', $user->lang['LOGIN_VIEWFORUM']); } // Forum is passworded ... check whether access has been granted to this // user this session, if not show login box if ($forum_data['forum_password']) { login_forum_box($forum_data); } // Is this forum a link? ... User got here either because the // number of clicks is being tracked or they guessed the id if ($forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link']) { // Does it have click tracking enabled? if ($forum_data['forum_flags'] & FORUM_FLAG_LINK_TRACK) { $sql = 'UPDATE ' . FORUMS_TABLE . ' SET forum_posts_approved = forum_posts_approved + 1 WHERE forum_id = ' . $forum_id; $db->sql_query($sql);
if ($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id)) { $is_authed = true; } break; case 'delete': if ($user->data['is_registered'] && $auth->acl_gets('f_delete', 'm_delete', $forum_id)) { $is_authed = true; } break; } if (!$is_authed) { $check_auth = $mode == 'quote' ? 'reply' : $mode; if ($user->data['is_registered']) { trigger_error('USER_CANNOT_' . strtoupper($check_auth)); } login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]); } // Is the user able to post within this forum? if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply'))) { trigger_error('USER_CANNOT_FORUM_POST'); } // Forum/Topic locked? if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) { trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED'); } // Can we edit this post ... if we're a moderator with rights then always yes // else it depends on editing times, lock status and if we're the correct user if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id)) { if ($user->data['user_id'] != $post_data['poster_id']) { trigger_error('USER_CANNOT_EDIT'); }
extract($phpbb_dispatcher->trigger_event('core.viewtopic_before_f_read_check', compact($vars))); // Start auth check if (!$overrides_f_read_check && !$auth->acl_get('f_read', $forum_id)) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('SORRY_AUTH_READ'); } login_box('', $user->lang['LOGIN_VIEWFORUM']); } // Forum is passworded ... check whether access has been granted to this // user this session, if not show login box if (!$overrides_forum_password_check && $topic_data['forum_password']) { login_forum_box($topic_data); } // Redirect to login upon emailed notification links if user is not logged in. if (isset($_GET['e']) && $user->data['user_id'] == ANONYMOUS) { login_box(build_url('e') . '#unread', $user->lang['LOGIN_NOTIFY_TOPIC']); } // What is start equal to? if ($post_id) { $start = floor($topic_data['prev_posts'] / $config['posts_per_page']) * $config['posts_per_page']; } // Get topic tracking info if (!isset($topic_tracking_info)) { $topic_tracking_info = array(); // Get topic tracking info if ($config['load_db_lastread'] && $user->data['is_registered']) { $tmp_topic_data = array($topic_id => $topic_data); $topic_tracking_info = get_topic_tracking($forum_id, $topic_id, $tmp_topic_data, array($forum_id => $topic_data['forum_mark_time'])); unset($tmp_topic_data); } else { if ($config['load_anon_lastread'] || $user->data['is_registered']) {
*/ /** * @ignore */ define('IN_PHPBB', true); $phpbb_root_path = defined('PHPBB_ROOT_PATH') ? PHPBB_ROOT_PATH : '../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); include $phpbb_root_path . 'common.' . $phpEx; require $phpbb_root_path . 'ads/constants.' . $phpEx; // Start session management $user->session_begin(); $auth->acl($user->data); $user->setup('mods/info_acp_ads'); // Display a login box if they are not logged in if (!$user->data['is_registered']) { login_box(); } if (!file_exists($phpbb_root_path . 'umil/umil_frontend.' . $phpEx)) { trigger_error('Please download the latest UMIL (Unified MOD Install Library) from: <a href="http://www.phpbb.com/mods/umil/">phpBB.com/mods/umil</a>', E_USER_ERROR); } include $phpbb_root_path . 'umil/umil_frontend.' . $phpEx; $umil = new umil_frontend('ACP_ADVERTISEMENT_MANAGEMENT', true); // Check after initiating UMIL. if ($user->data['user_type'] != USER_FOUNDER) { trigger_error('FOUNDERS_ONLY'); } if ($umil->confirm_box(true)) { include $phpbb_root_path . 'ads/versions.' . $phpEx; $umil->run_actions('uninstall', $versions, 'ads_version'); } else { $umil->display_stages(array('CONFIRM', 'UNINSTALL'));
// Start session management //$user->session_begin(); //$auth->acl($user->data); global $config, $db, $user, $auth, $template, $cache; global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; $db->return_on_error = 1; if (!$user->data['is_registered']) { if ($user->data['is_bot']) { redirect(append_sid("{$phpbb_root_path}index.$phpEx")); } login_box('', 'LOGIN'); } else if ($user->data['user_type'] != USER_FOUNDER) { die('You are not allowed in here. :)'); } //if (isset($config['photo_gallery_version']) && version_compare($config['photo_gallery_version'], '0.1.0', '>=')) //{ // trigger_error('you already have the latest photo gallery installed'); // exit; //} switch ($db->sql_layer) { case 'mysql':
function main($id, $mode) { global $config, $phpbb_root_path, $phpEx; global $db, $user, $auth, $template; $user_id = request_var('u', 0); $key = request_var('k', ''); $sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason FROM ' . USERS_TABLE . "\n\t\t\tWHERE user_id = {$user_id}"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error('NO_USER'); } if ($user_row['user_type'] != USER_INACTIVE && !$user_row['user_newpasswd']) { meta_refresh(3, append_sid("{$phpbb_root_path}index.{$phpEx}")); trigger_error('ALREADY_ACTIVATED'); } if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL || $user_row['user_actkey'] != $key) { trigger_error('WRONG_ACTIVATION'); } // Do not allow activating by non administrators when admin activation is on // Only activation type the user should be able to do is INACTIVE_REMIND // or activate a new password which is not an activation state :@ if (!$user_row['user_newpasswd'] && $user_row['user_inactive_reason'] != INACTIVE_REMIND && $config['require_activation'] == USER_ACTIVATION_ADMIN && !$auth->acl_get('a_user')) { if (!$user->data['is_registered']) { login_box('', $user->lang['NO_AUTH_OPERATION']); } trigger_error('NO_AUTH_OPERATION'); } $update_password = $user_row['user_newpasswd'] ? true : false; if ($update_password) { $sql_ary = array('user_actkey' => '', 'user_password' => $user_row['user_newpasswd'], 'user_newpasswd' => '', 'user_pass_convert' => 0, 'user_login_attempts' => 0); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_row['user_id']; $db->sql_query($sql); add_log('user', $user_row['user_id'], 'LOG_USER_NEW_PASSWORD', $user_row['username']); } if (!$update_password) { include_once $phpbb_root_path . 'includes/functions_user.' . $phpEx; user_active_flip('activate', $user_row['user_id']); $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_actkey = ''\n\t\t\t\tWHERE user_id = {$user_row['user_id']}"; $db->sql_query($sql); // Create the correct logs add_log('user', $user_row['user_id'], 'LOG_USER_ACTIVE_USER'); if ($auth->acl_get('a_user')) { add_log('admin', 'LOG_USER_ACTIVE', $user_row['username']); } } if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password) { include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $messenger = new messenger(false); $messenger->template('admin_welcome_activated', $user_row['user_lang']); $messenger->to($user_row['user_email'], $user_row['username']); $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); $messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($user_row['username']))); $messenger->send($user_row['user_notify_type']); $message = 'ACCOUNT_ACTIVE_ADMIN'; } else { if (!$update_password) { $message = $user_row['user_inactive_reason'] == INACTIVE_PROFILE ? 'ACCOUNT_ACTIVE_PROFILE' : 'ACCOUNT_ACTIVE'; } else { $message = 'PASSWORD_ACTIVATED'; } } meta_refresh(3, append_sid("{$phpbb_root_path}index.{$phpEx}")); trigger_error($user->lang[$message]); }
if (!$config['load_unreads_search']) { $template->assign_var('S_NO_SEARCH', true); trigger_error('NO_SEARCH_UNREADS'); } else if (!$config['load_anon_lastread'] && !$user->data['is_registered']) { login_box('', $user->lang['LOGIN_EXPLAIN_UNREADSEARCH']); } break; // The "new posts" search uses user_lastvisit which is user based, so it should require user to log in. case 'newposts': if ($user->data['user_id'] == ANONYMOUS) { login_box('', $user->lang['LOGIN_EXPLAIN_NEWPOSTS']); } break; default: // There's nothing to do here for now ;) break; } // Is user able to search? Has search been disabled? if (!$auth->acl_get('u_search') || !$auth->acl_getf_global('f_search') || !$config['load_search']) { $template->assign_var('S_NO_SEARCH', true); trigger_error('NO_SEARCH'); }
$result = $_CLASS['core_db']->query($sql); $posting_data = $_CLASS['core_db']->fetch_row_assoc($result); $_CLASS['core_db']->free_result($result); if (!$posting_data) { trigger_error('NO_POST'); } require_once $site_file_root . 'includes/forums/message_parser.php'; require_once $site_file_root . 'includes/forums/functions_admin.php'; require_once $site_file_root . 'includes/forums/functions_posting.php'; // remove extract($posting_data); if ($posting_data['forum_type'] == FORUM_POST && !$_CLASS['auth']->acl_get('f_' . $mode, $forum_id) && !$_CLASS['auth']->acl_get('m_' . $mode, $forum_id)) { if ($_CLASS['core_user']->is_user) { trigger_error('USER_CANNOT_' . strtoupper($mode)); } login_box(array('explain' => $_CLASS['core_user']->lang['LOGIN_EXPLAIN_' . strtoupper($mode)])); } $forum_id = (int) $posting_data['forum_id']; $topic_id = (int) $topic_id; $post_id = (int) $post_id; $posting_data['post_edit_locked'] = isset($posting_data['post_edit_locked']) ? (int) $posting_data['post_edit_locked'] : false; $_CLASS['core_user']->add_lang(array('posting', 'mcp', 'viewtopic')); $_CLASS['core_user']->add_img(); if ($forum_password) { $forum_info = array('forum_id' => $forum_id, 'forum_password' => $forum_password); login_forum_box($forum_info); unset($forum_info); } $post_subject = in_array($mode, array('quote', 'edit', 'delete')) ? $posting_data['post_subject'] : (isset($posting_data['topic_title']) ? $posting_data['topic_title'] : ''); $topic_time_limit = isset($posting_data['topic_time_limit']) && $posting_data['topic_time_limit'] ? (int) $posting_data['topic_time_limit'] / 86400 : 0; $poll_length = isset($poll_length) ? $poll_length ? (int) $poll_length / 86400 : (int) $poll_length : 0;
//$fb_uid = $facebook->get_loggedin_user(); $fb_uid = $facebook->require_login(); if (!$fb_uid) { exit; } // Start session management $user->session_begin(); $auth->acl($user->data); $user->setup('mods/facebook-connect'); $module = new p_master(); // phpBB login if (!$user->data['is_registered']) { if ($user->data['is_bot']) { redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); } login_box('', $user->lang['LOGIN_EXPLAIN_FACEBOOK']); } // At this point, we are connected to both facebook and phpBB // id facebook et user courant correspondent // id facebook et user courant ne correspondent pas: // id facebook 'trusted' présent mais pour un autre compte (et le facebok id de ce compte est vide ... ou pas) // le compte courant a un facebook id autre que celui annoncé // The facebook id is in the user row ? if ($user->data['facebook_id']) { // The facebook id is registered, and owned by the user connected if ($user->data['facebook_id'] == $fb_uid) { meta_refresh(3, append_sid("{$phpbb_root_path}/index.{$phpEx}")); $message = $user->lang['FACEBOOK_ACCOUNT_ALREADY_LINKED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>'); trigger_error($message); } else { // Check who own the faceebook id
* @var bool is_authed Does the user have the required permissions? * @since 3.1.3-RC1 */ $vars = array('post_id', 'topic_id', 'forum_id', 'draft_id', 'lastclick', 'submit', 'preview', 'save', 'load', 'refresh', 'mode', 'error', 'is_authed'); extract($phpbb_dispatcher->trigger_event('core.modify_posting_auth', compact($vars))); if (!$is_authed) { $check_auth = $mode == 'quote' ? 'reply' : $mode; if ($user->data['is_registered']) { trigger_error('USER_CANNOT_' . strtoupper($check_auth)); } $message = $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]; if ($request->is_ajax()) { $json = new phpbb\json_response(); $json->send(array('title' => $user->lang['INFORMATION'], 'message' => $message)); } login_box('', $message); } // Is the user able to post within this forum? if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply'))) { trigger_error('USER_CANNOT_FORUM_POST'); } // Forum/Topic locked? if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) { trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED'); } // Can we edit this post ... if we're a moderator with rights then always yes // else it depends on editing times, lock status and if we're the correct user if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id)) { $force_edit_allowed = false; $s_cannot_edit = $user->data['user_id'] != $post_data['poster_id']; $s_cannot_edit_time = $config['edit_time'] && $post_data['post_time'] <= time() - $config['edit_time'] * 60;
// egosearch is an author search if ($search_id == 'egosearch') { $author_id = $user->data['user_id']; if ($user->data['user_id'] == ANONYMOUS) { login_box('', $user->lang['LOGIN_EXPLAIN_EGOSEARCH']); } } // search for unread posts needs user to be logged in // if topics tracking for guests is disabled if ($search_id == 'unreadposts' && !$config['load_anon_lastread'] && !$user->data['is_registered']) { login_box('', $user->lang['LOGIN_EXPLAIN_UNREADSEARCH']); } // If we are looking for authors get their ids $author_id_ary = array(); $sql_author_match = ''; if ($author_id) { $author_id_ary[] = $author_id; } else if ($author) { if ((strpos($author, '*') !== false) && (utf8_strlen(str_replace(array('*', '%'), '', $author)) < $config['min_search_author_chars'])) { trigger_error(sprintf($user->lang['TOO_FEW_AUTHOR_CHARS'], $config['min_search_author_chars'])); }
$user->setup(array('posting', 'lang_meeting', 'meetings', 'viewtopic', 'mods/gallery')); $gallery_root_path = GALLERY_ROOT_PATH; include_once "{$phpbb_root_path}{$gallery_root_path}includes/common.{$phpEx}"; include_once "{$phpbb_root_path}{$gallery_root_path}includes/permissions.{$phpEx}"; add_form_key('gallery'); /** */ // Set start point for meeting overview list $config['posts_per_page'] = $user->data['user_posts_per_page']; $per_page = $config['posts_per_page']; // Start auth check if (!$auth->acl_get('u_meeting_view')) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('MEETING_AUTH_NO_VIEW'); } login_box('', $user->lang['LOGIN_VIEWMEETING']); } // Grab Meeting config $sql = 'SELECT * FROM ' . MEETING_CONFIG_TABLE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $meeting_config[$row['config_name']] = $row['config_value']; } $db->sql_freeresult($result); // Grab only parameters needed here $id = request_var('id', 0); $mode = request_var('mode', ''); $video = request_var('album_video', ''); //++++++++++++++++++++++++++++++++++++++++++++++++ $mode = !$mode ? 'detail' : $mode;
define('IN_PHPBB', true); $phpbb_root_path = defined('PHPBB_ROOT_PATH') ? PHPBB_ROOT_PATH : './'; $phpEx = substr(strrchr(__FILE__, '.'), 1); include $phpbb_root_path . 'common.' . $phpEx; include $phpbb_root_path . 'includes/functions_display.' . $phpEx; // Start session management $user->session_begin(); $auth->acl($user->data); $user->setup('viewforum'); // Mark notifications read if ($mark_notification = $request->variable('mark_notification', 0)) { if ($user->data['user_id'] == ANONYMOUS) { if ($request->is_ajax()) { trigger_error('LOGIN_REQUIRED'); } login_box('', $user->lang['LOGIN_REQUIRED']); } if (check_link_hash($request->variable('hash', ''), 'mark_notification_read')) { /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); $notification = $phpbb_notifications->load_notifications(array('notification_id' => $mark_notification)); if (isset($notification['notifications'][$mark_notification])) { $notification = $notification['notifications'][$mark_notification]; $notification->mark_read(); if ($request->is_ajax()) { $json_response = new \phpbb\json_response(); $json_response->send(array('success' => true)); } if ($redirect = $request->variable('redirect', '')) { redirect(append_sid($phpbb_root_path . $redirect)); }
$template->assign_block_vars('pic_row', array('U_IMAGE' => ($gallery_data[$i]['attach_id'] and $gallery_data[$i]['attach_is_image'] and !empty($gallery_data[$i]['attach_thumb_location']) and !empty($gallery_data[$i]['attach_location'])) ? append_sid("{$phpbb_root_path}garage.{$phpEx}", "mode=view_image&image_id=" . $gallery_data[$i]['attach_id']) : '', 'U_REMOVE_IMAGE' => append_sid("{$phpbb_root_path}garage_track.{$phpEx}", "mode=remove_lap_image&&VID={$vid}&LID={$lid}&image_id=" . $gallery_data[$i]['attach_id']), 'U_SET_HILITE' => $gallery_data[$i]['hilite'] == 0 ? append_sid("{$phpbb_root_path}garage_track.{$phpEx}", "mode=set_lap_hilite&image_id=" . $gallery_data[$i]['attach_id'] . "&VID={$vid}&LID={$lid}") : '', 'IMAGE' => $phpbb_root_path . GARAGE_UPLOAD_PATH . $gallery_data[$i]['attach_thumb_location'], 'IMAGE_TITLE' => $gallery_data[$i]['attach_file'])); } $garage_template->sidemenu(); break; /** * Update existing lap */ /** * Update existing lap */ case 'update_lap': /** * Check user logged in, else redirecting to login with return address to get them back */ if ($user->data['user_id'] == ANONYMOUS) { login_box("garage_track.{$phpEx}?mode=edit_lap&LID={$lid}&VID={$vid}"); } /** * Check vehicle ownership, only owners & moderators with correct permissions get past here */ $garage_vehicle->check_ownership($vid); /** * Get all required/optional data and check required data is present */ $params = array('track_id' => '', 'condition_id' => '', 'type_id' => '', 'minute' => '', 'second' => '', 'millisecond' => '', 'redirect' => ''); $data = $garage->process_vars($params); $params = array('track_id', 'condition_id', 'type_id', 'minute', 'second', 'millisecond'); $garage->check_required_vars($params); /** * Perform required DB work to update lap */
function main($id, $mode) { global $config, $phpbb_root_path, $phpEx; global $db, $user, $auth, $template, $phpbb_container, $phpbb_dispatcher; $user_id = request_var('u', 0); $key = request_var('k', ''); $sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason FROM ' . USERS_TABLE . "\n\t\t\tWHERE user_id = {$user_id}"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error('NO_USER'); } if ($user_row['user_type'] != USER_INACTIVE && !$user_row['user_newpasswd']) { meta_refresh(3, append_sid("{$phpbb_root_path}index.{$phpEx}")); trigger_error('ALREADY_ACTIVATED'); } if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL || $user_row['user_actkey'] !== $key) { trigger_error('WRONG_ACTIVATION'); } // Do not allow activating by non administrators when admin activation is on // Only activation type the user should be able to do is INACTIVE_REMIND // or activate a new password which is not an activation state :@ if (!$user_row['user_newpasswd'] && $user_row['user_inactive_reason'] != INACTIVE_REMIND && $config['require_activation'] == USER_ACTIVATION_ADMIN && !$auth->acl_get('a_user')) { if (!$user->data['is_registered']) { login_box('', $user->lang['NO_AUTH_OPERATION']); } trigger_error('NO_AUTH_OPERATION'); } $update_password = $user_row['user_newpasswd'] ? true : false; if ($update_password) { $sql_ary = array('user_actkey' => '', 'user_password' => $user_row['user_newpasswd'], 'user_newpasswd' => '', 'user_login_attempts' => 0); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_row['user_id']; $db->sql_query($sql); add_log('user', $user_row['user_id'], 'LOG_USER_NEW_PASSWORD', $user_row['username']); } if (!$update_password) { include_once $phpbb_root_path . 'includes/functions_user.' . $phpEx; user_active_flip('activate', $user_row['user_id']); $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_actkey = ''\n\t\t\t\tWHERE user_id = {$user_row['user_id']}"; $db->sql_query($sql); // Create the correct logs add_log('user', $user_row['user_id'], 'LOG_USER_ACTIVE_USER'); if ($auth->acl_get('a_user')) { add_log('admin', 'LOG_USER_ACTIVE', $user_row['username']); } } if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password) { $phpbb_notifications = $phpbb_container->get('notification_manager'); $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']); include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $messenger = new messenger(false); $messenger->template('admin_welcome_activated', $user_row['user_lang']); $messenger->set_addresses($user_row); $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($user_row['username']))); $messenger->send($user_row['user_notify_type']); $message = 'ACCOUNT_ACTIVE_ADMIN'; } else { if (!$update_password) { $message = $user_row['user_inactive_reason'] == INACTIVE_PROFILE ? 'ACCOUNT_ACTIVE_PROFILE' : 'ACCOUNT_ACTIVE'; } else { $message = 'PASSWORD_ACTIVATED'; } } /** * This event can be used to modify data after user account's activation * * @event core.ucp_activate_after * @var array user_row Array with some user data * @var string message Language string of the message that will be displayed to the user * @since 3.1.6-RC1 */ $vars = array('user_row', 'message'); extract($phpbb_dispatcher->trigger_event('core.ucp_activate_after', compact($vars))); meta_refresh(3, append_sid("{$phpbb_root_path}index.{$phpEx}")); trigger_error($user->lang[$message]); }
if ($user->data['user_id'] != ANONYMOUS) { trigger_error('SORRY_AUTH_READ'); } login_box('', $user->lang['LOGIN_VIEWFORUM']); } // Forum is passworded ... check whether access has been granted to this // user this session, if not show login box if ($topic_data['forum_password']) { login_forum_box($topic_data); } // Redirect to login or to the correct post upon emailed notification links if (isset($_GET['e'])) { $jump_to = request_var('e', 0); $redirect_url = append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", "f={$forum_id}&t={$topic_id}"); if ($user->data['user_id'] == ANONYMOUS) { login_box($redirect_url . "&p={$post_id}&e={$jump_to}", $user->lang['LOGIN_NOTIFY_TOPIC']); } if ($jump_to > 0) { // We direct the already logged in user to the correct post... redirect($redirect_url . (!$post_id ? "&p={$jump_to}" : "&p={$post_id}") . "#p{$jump_to}"); } } // What is start equal to? if ($post_id) { $start = floor($topic_data['prev_posts'] / $config['posts_per_page']) * $config['posts_per_page']; } // Get topic tracking info if (!isset($topic_tracking_info)) { $topic_tracking_info = array(); // Get topic tracking info if ($config['load_db_lastread'] && $user->data['is_registered']) {
$auth->acl($user->data); $user->setup('memberlist'); // Get and set some variables $mode = $request->variable('mode', ''); $session_id = $request->variable('s', ''); $start = $request->variable('start', 0); $sort_key = $request->variable('sk', 'b'); $sort_dir = $request->variable('sd', 'd'); $show_guests = $config['load_online_guests'] ? $request->variable('sg', 0) : 0; // Can this user view profiles/memberlist? if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel')) { if ($user->data['user_id'] != ANONYMOUS) { send_status_line(403, 'Forbidden'); trigger_error('NO_VIEW_USERS'); } login_box('', $user->lang['LOGIN_EXPLAIN_VIEWONLINE']); } /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); /* @var $viewonline_helper \phpbb\viewonline_helper */ $viewonline_helper = $phpbb_container->get('viewonline_helper'); $sort_key_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_JOINED'], 'c' => $user->lang['SORT_LOCATION']); $sort_key_sql = array('a' => 'u.username_clean', 'b' => 's.session_time', 'c' => 's.session_page'); // Sorting and order if (!isset($sort_key_text[$sort_key])) { $sort_key = 'b'; } $order_by = $sort_key_sql[$sort_key] . ' ' . ($sort_dir == 'a' ? 'ASC' : 'DESC'); // Whois requested if ($mode == 'whois' && $auth->acl_get('a_') && $session_id) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx;
$template->assign_block_vars('pic_row', array('U_IMAGE' => ($gallery_data[$i]['attach_id'] and $gallery_data[$i]['attach_is_image'] and !empty($gallery_data[$i]['attach_thumb_location']) and !empty($gallery_data[$i]['attach_location'])) ? append_sid("{$phpbb_root_path}garage.{$phpEx}", "mode=view_image&image_id=" . $gallery_data[$i]['attach_id']) : '', 'U_REMOVE_IMAGE' => append_sid("{$phpbb_root_path}garage_dynorun.{$phpEx}", "mode=remove_dynorun_image&&VID={$vid}&DID={$did}&image_id=" . $gallery_data[$i]['attach_id']), 'U_SET_HILITE' => $gallery_data[$i]['hilite'] == 0 ? append_sid("{$phpbb_root_path}garage_dynorun.{$phpEx}", "mode=set_dynorun_hilite&image_id=" . $gallery_data[$i]['attach_id'] . "&VID={$vid}&DID={$did}") : '', 'IMAGE' => $phpbb_root_path . GARAGE_UPLOAD_PATH . $gallery_data[$i]['attach_thumb_location'], 'IMAGE_TITLE' => $gallery_data[$i]['attach_file'])); } $garage_template->sidemenu(); break; /** * Update existing dynorun */ /** * Update existing dynorun */ case 'update_dynorun': /** * Check user logged in, else redirecting to login with return address to get them back */ if ($user->data['user_id'] == ANONYMOUS) { login_box("garage_dynorun.{$phpEx}?mode=edit_dynorun&DID={$did}&VID={$vid}"); } /** * Check vehicle ownership, only owners & moderators with correct permissions get past here */ $garage_vehicle->check_ownership($vid); /** * Get all required/optional data and check required data is present */ $params = array('dynocentre_id' => '', 'bhp' => '', 'bhp_decimal' => '', 'torque' => '', 'torque_decimal' => '', 'boost' => '', 'boost_decimal' => '', 'nitrous' => '', 'peakpoint' => '', 'peakpoint_decimal' => '', 'editupload' => '', 'image_id' => '', 'redirect' => ''); $data = $garage->process_vars($params); $params = array('bhp_unit' => '', 'torque_unit' => '', 'boost_unit' => ''); $data += $garage->process_mb_vars($params); $params = array('dynocentre_id', 'bhp', 'bhp_decimal', 'bhp_unit'); $garage->check_required_vars($params); /**
$group_id = request_var('g', 0); $topic_id = request_var('t', 0); // Check our mode... if (!in_array($mode, array('', 'group', 'viewprofile', 'email', 'contact', 'searchuser', 'leaders'))) { trigger_error('NO_MODE'); } switch ($mode) { case 'email': break; default: // Can this user view profiles/memberlist? if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel')) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('NO_VIEW_USERS'); } login_box('', isset($user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]) ? $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)] : $user->lang['LOGIN_EXPLAIN_MEMBERLIST']); } break; } $start = request_var('start', 0); $submit = isset($_POST['submit']) ? true : false; $default_key = 'c'; $sort_key = request_var('sk', $default_key); $sort_dir = request_var('sd', 'a'); // Grab rank information for later $ranks = $cache->obtain_ranks(); // What do you want to do today? ... oops, I think that line is taken ... switch ($mode) { case 'leaders': // Display a listing of board admins, moderators include $phpbb_root_path . 'includes/functions_user.' . $phpEx;
$sql_order = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC'); /** * Search */ if ($keywords || $username || $user_id || $search_id || $submit) { // clear arrays $id_ary = array(); // This is what our Search could so far if ($user_id) { $search_id = 'usersearch'; } // egosearch is an user search if ($search_id == 'egosearch') { $user_id = $user->data['user_id']; if ($user->data['user_id'] == ANONYMOUS) { login_box('', $user->lang['LOGIN_EXPLAIN_EGOSEARCH']); } } // If we are looking for authors get their ids $user_id_ary = array(); if ($username) { if (strpos($username, '*') !== false && utf8_strlen(str_replace(array('*', '%'), '', $username)) < $config['min_search_author_chars']) { trigger_error(sprintf($user->lang['TOO_FEW_AUTHOR_CHARS'], $config['min_search_author_chars'])); } $sql_where = strpos($username, '*') !== false ? ' username_clean ' . $db->sql_like_expression(str_replace('*', $db->any_char, utf8_clean_string($username))) : " username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; // Missing images and comments of guests/deleted users $sql = 'SELECT user_id FROM ' . USERS_TABLE . "\n\t\t\tWHERE {$sql_where}\n\t\t\t\tAND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')'; $result = $db->sql_query_limit($sql, 100); while ($row = $db->sql_fetchrow($result)) { $user_id_ary[] = (int) $row['user_id'];
/** * Check for banned user * * Checks whether the supplied user is banned by id, ip or email. If no parameters * are passed to the method pre-existing session data is used. * * @param int|false $user_id The user id * @param mixed $user_ips Can contain a string with one IP or an array of multiple IPs * @param string|false $user_email The user email * @param bool $return If $return is false this routine does not return on finding a banned user, * it outputs a relevant message and stops execution. */ function check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false) { global $config, $db, $phpbb_dispatcher; if (defined('IN_CHECK_BAN') || defined('SKIP_CHECK_BAN')) { return; } $banned = false; $cache_ttl = 3600; $where_sql = array(); $sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end FROM ' . BANLIST_TABLE . ' WHERE '; // Determine which entries to check, only return those if ($user_email === false) { $where_sql[] = "ban_email = ''"; } if ($user_ips === false) { $where_sql[] = "(ban_ip = '' OR ban_exclude = 1)"; } if ($user_id === false) { $where_sql[] = '(ban_userid = 0 OR ban_exclude = 1)'; } else { $cache_ttl = $user_id == ANONYMOUS ? 3600 : 0; $_sql = '(ban_userid = ' . $user_id; if ($user_email !== false) { $_sql .= " OR ban_email <> ''"; } if ($user_ips !== false) { $_sql .= " OR ban_ip <> ''"; } $_sql .= ')'; $where_sql[] = $_sql; } $sql .= sizeof($where_sql) ? implode(' AND ', $where_sql) : ''; $result = $db->sql_query($sql, $cache_ttl); $ban_triggered_by = 'user'; while ($row = $db->sql_fetchrow($result)) { if ($row['ban_end'] && $row['ban_end'] < time()) { continue; } $ip_banned = false; if (!empty($row['ban_ip'])) { if (!is_array($user_ips)) { $ip_banned = preg_match('#^' . str_replace('\\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ips); } else { foreach ($user_ips as $user_ip) { if (preg_match('#^' . str_replace('\\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ip)) { $ip_banned = true; break; } } } } if (!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id || $ip_banned || !empty($row['ban_email']) && preg_match('#^' . str_replace('\\*', '.*?', preg_quote($row['ban_email'], '#')) . '$#i', $user_email)) { if (!empty($row['ban_exclude'])) { $banned = false; break; } else { $banned = true; $ban_row = $row; if (!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id) { $ban_triggered_by = 'user'; } else { if ($ip_banned) { $ban_triggered_by = 'ip'; } else { $ban_triggered_by = 'email'; } } // Don't break. Check if there is an exclude rule for this user } } } $db->sql_freeresult($result); /** * Event to set custom ban type * * @event core.session_set_custom_ban * @var bool return If $return is false this routine does not return on finding a banned user, it outputs a relevant message and stops execution * @var bool banned Check if user already banned * @var array|false ban_row Ban data * @var string ban_triggered_by Method that caused ban, can be your custom method * @since 3.1.3-RC1 */ $ban_row = isset($ban_row) ? $ban_row : false; $vars = array('return', 'banned', 'ban_row', 'ban_triggered_by'); extract($phpbb_dispatcher->trigger_event('core.session_set_custom_ban', compact($vars))); if ($banned && !$return) { global $template, $phpbb_root_path, $phpEx; // If the session is empty we need to create a valid one... if (empty($this->session_id)) { // This seems to be no longer needed? - #14971 // $this->session_create(ANONYMOUS); } // Initiate environment ... since it won't be set at this stage $this->setup(); // Logout the user, banned users are unable to use the normal 'logout' link if ($this->data['user_id'] != ANONYMOUS) { $this->session_kill(); } // We show a login box here to allow founders accessing the board if banned by IP if (defined('IN_LOGIN') && $this->data['user_id'] == ANONYMOUS) { $this->setup('ucp'); $this->data['is_registered'] = $this->data['is_bot'] = false; // Set as a precaution to allow login_box() handling this case correctly as well as this function not being executed again. define('IN_CHECK_BAN', 1); login_box("index.{$phpEx}"); // The false here is needed, else the user is able to circumvent the ban. $this->session_kill(false); } // Ok, we catch the case of an empty session id for the anonymous user... // This can happen if the user is logging in, banned by username and the login_box() being called "again". if (empty($this->session_id) && defined('IN_CHECK_BAN')) { $this->session_create(ANONYMOUS); } // Determine which message to output $till_date = $ban_row['ban_end'] ? $this->format_date($ban_row['ban_end']) : ''; $message = $ban_row['ban_end'] ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; $contact_link = phpbb_get_board_contact_link($config, $phpbb_root_path, $phpEx); $message = sprintf($this->lang[$message], $till_date, '<a href="' . $contact_link . '">', '</a>'); $message .= $ban_row['ban_give_reason'] ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $ban_row['ban_give_reason']) : ''; $message .= '<br /><br /><em>' . $this->lang['BAN_TRIGGERED_BY_' . strtoupper($ban_triggered_by)] . '</em>'; // To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again $this->session_kill(false); // A very special case... we are within the cron script which is not supposed to print out the ban message... show blank page if (defined('IN_CRON')) { garbage_collection(); exit_handler(); exit; } trigger_error($message); } return $banned && $ban_row['ban_give_reason'] ? $ban_row['ban_give_reason'] : $banned; }
/** * Topic and forum watching common code */ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0) { global $template, $db, $user, $phpEx, $start, $phpbb_root_path; $table_sql = $mode == 'forum' ? FORUMS_WATCH_TABLE : TOPICS_WATCH_TABLE; $where_sql = $mode == 'forum' ? 'forum_id' : 'topic_id'; $match_id = $mode == 'forum' ? $forum_id : $topic_id; $u_url = "uid={$user->data['user_id']}"; $u_url .= $mode == 'forum' ? '&f' : '&f=' . $forum_id . '&t'; // Is user watching this thread? if ($user_id != ANONYMOUS) { $can_watch = true; if ($notify_status == 'unset') { $sql = "SELECT notify_status\n\t\t\t\tFROM {$table_sql}\n\t\t\t\tWHERE {$where_sql} = {$match_id}\n\t\t\t\t\tAND user_id = {$user_id}"; $result = $db->sql_query($sql); $notify_status = ($row = $db->sql_fetchrow($result)) ? $row['notify_status'] : NULL; $db->sql_freeresult($result); } if (!is_null($notify_status) && $notify_status !== '') { if (isset($_GET['unwatch'])) { $uid = request_var('uid', 0); if ($uid != $user_id) { $redirect_url = append_sid("{$phpbb_root_path}view{$mode}.{$phpEx}", "{$u_url}={$match_id}&start={$start}"); $message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); trigger_error($message); } if ($_GET['unwatch'] == $mode) { $is_watching = 0; $sql = 'DELETE FROM ' . $table_sql . "\n\t\t\t\t\t\tWHERE {$where_sql} = {$match_id}\n\t\t\t\t\t\t\tAND user_id = {$user_id}"; $db->sql_query($sql); } $redirect_url = append_sid("{$phpbb_root_path}view{$mode}.{$phpEx}", "{$u_url}={$match_id}&start={$start}"); meta_refresh(3, $redirect_url); $message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); trigger_error($message); } else { $is_watching = true; if ($notify_status) { $sql = 'UPDATE ' . $table_sql . "\n\t\t\t\t\t\tSET notify_status = 0\n\t\t\t\t\t\tWHERE {$where_sql} = {$match_id}\n\t\t\t\t\t\t\tAND user_id = {$user_id}"; $db->sql_query($sql); } } } else { if (isset($_GET['watch'])) { $token = request_var('hash', ''); $redirect_url = append_sid("{$phpbb_root_path}view{$mode}.{$phpEx}", "{$u_url}={$match_id}&start={$start}"); if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_{$match_id}")) { $is_watching = true; $sql = 'INSERT INTO ' . $table_sql . " (user_id, {$where_sql}, notify_status)\n\t\t\t\t\t\tVALUES ({$user_id}, {$match_id}, 0)"; $db->sql_query($sql); $message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); } else { $message = $user->lang['ERR_WATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); } meta_refresh(3, $redirect_url); trigger_error($message); } else { $is_watching = 0; } } } else { if (isset($_GET['unwatch']) && $_GET['unwatch'] == $mode) { login_box(); } else { $can_watch = 0; $is_watching = 0; } } if ($can_watch) { $s_watching['link'] = append_sid("{$phpbb_root_path}view{$mode}.{$phpEx}", "{$u_url}={$match_id}&" . ($is_watching ? 'unwatch' : 'watch') . "={$mode}&start={$start}&hash=" . generate_link_hash("{$mode}_{$match_id}")); $s_watching['title'] = $user->lang[($is_watching ? 'STOP' : 'START') . '_WATCHING_' . strtoupper($mode)]; $s_watching['is_watching'] = $is_watching; } return; }