/**
* Logs an administrator action taking any arguments as log data.
*/
function log_admin_action()
{
global $db, $mybb;
$data = func_get_args();
if (count($data) == 1 && is_array($data[0])) {
$data = $data[0];
}
if (!is_array($data)) {
$data = array($data);
}
$log_entry = array("uid" => (int) $mybb->user['uid'], "ipaddress" => $db->escape_binary(my_inet_pton(get_ip())), "dateline" => TIME_NOW, "module" => $db->escape_string($mybb->get_input('module')), "action" => $db->escape_string($mybb->get_input('action')), "data" => $db->escape_string(@my_serialize($data)));
$db->insert_query("adminlog", $log_entry);
}
/**
* Initialize a session
*/
function init()
{
global $db, $mybb, $cache;
// Get our visitor's IP.
$this->ipaddress = get_ip();
$this->packedip = my_inet_pton($this->ipaddress);
// Find out the user agent.
$this->useragent = $_SERVER['HTTP_USER_AGENT'];
// Attempt to find a session id in the cookies.
if (isset($mybb->cookies['sid']) && !defined('IN_UPGRADE')) {
$sid = $db->escape_string($mybb->cookies['sid']);
// Load the session
$query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip=" . $db->escape_binary($this->packedip));
$session = $db->fetch_array($query);
if ($session['sid']) {
$this->sid = $session['sid'];
}
}
// If we have a valid session id and user id, load that users session.
if (!empty($mybb->cookies['mybbuser'])) {
$logon = explode("_", $mybb->cookies['mybbuser'], 2);
$this->load_user($logon[0], $logon[1]);
}
// If no user still, then we have a guest.
if (!isset($mybb->user['uid'])) {
// Detect if this guest is a search engine spider. (bots don't get a cookied session ID so we first see if that's set)
if (!$this->sid) {
$spiders = $cache->read("spiders");
if (is_array($spiders)) {
foreach ($spiders as $spider) {
if (my_strpos(my_strtolower($this->useragent), my_strtolower($spider['useragent'])) !== false) {
$this->load_spider($spider['sid']);
}
}
}
}
// Still nothing? JUST A GUEST!
if (!$this->is_spider) {
$this->load_guest();
}
}
// As a token of our appreciation for getting this far (and they aren't a spider), give the user a cookie
if ($this->sid && (!isset($mybb->cookies['sid']) || $mybb->cookies['sid'] != $this->sid) && $this->is_spider != true) {
my_setcookie("sid", $this->sid, -1, true);
}
}
/**
* Installation is finished
*/
function install_done()
{
global $output, $db, $mybb, $errors, $cache, $lang;
if (empty($mybb->input['adminuser'])) {
$errors[] = $lang->admin_step_error_nouser;
}
if (empty($mybb->input['adminpass'])) {
$errors[] = $lang->admin_step_error_nopassword;
}
if ($mybb->get_input('adminpass') != $mybb->get_input('adminpass2')) {
$errors[] = $lang->admin_step_error_nomatch;
}
if (empty($mybb->input['adminemail'])) {
$errors[] = $lang->admin_step_error_noemail;
}
if (is_array($errors)) {
create_admin_user();
}
require MYBB_ROOT . 'inc/config.php';
$db = db_connection($config);
require MYBB_ROOT . 'inc/settings.php';
$mybb->settings =& $settings;
ob_start();
$output->print_header($lang->finish_setup, 'finish');
echo $lang->done_step_usergroupsinserted;
// Insert all of our user groups from the XML file
$usergroup_settings = file_get_contents(INSTALL_ROOT . 'resources/usergroups.xml');
$parser = new XMLParser($usergroup_settings);
$parser->collapse_dups = 0;
$tree = $parser->get_tree();
$admin_gid = '';
$group_count = 0;
foreach ($tree['usergroups'][0]['usergroup'] as $usergroup) {
// usergroup[cancp][0][value]
$new_group = array();
foreach ($usergroup as $key => $value) {
if (!is_array($value)) {
continue;
}
$new_group[$key] = $db->escape_string($value[0]['value']);
}
$db->insert_query("usergroups", $new_group, false);
// If this group can access the admin CP and we haven't established the admin group - set it (just in case we ever change IDs)
if ($new_group['cancp'] == 1 && !$admin_gid) {
$admin_gid = $usergroup['gid'][0]['value'];
}
$group_count++;
}
// Restart usergroup sequence with correct # of groups
if ($config['database']['type'] == "pgsql") {
$db->query("SELECT setval('{$config['database']['table_prefix']}usergroups_gid_seq', (SELECT max(gid) FROM {$config['database']['table_prefix']}usergroups));");
}
echo $lang->done . '</p>';
echo $lang->done_step_admincreated;
$now = TIME_NOW;
$salt = random_str();
$loginkey = generate_loginkey();
$saltedpw = md5(md5($salt) . md5($mybb->get_input('adminpass')));
$newuser = array('username' => $db->escape_string($mybb->get_input('adminuser')), 'password' => $saltedpw, 'salt' => $salt, 'loginkey' => $loginkey, 'email' => $db->escape_string($mybb->get_input('adminemail')), 'usergroup' => $admin_gid, 'regdate' => $now, 'lastactive' => $now, 'lastvisit' => $now, 'website' => '', 'icq' => '', 'aim' => '', 'yahoo' => '', 'skype' => '', 'google' => '', 'birthday' => '', 'signature' => '', 'allownotices' => 1, 'hideemail' => 0, 'subscriptionmethod' => '0', 'receivepms' => 1, 'pmnotice' => 1, 'pmnotify' => 1, 'buddyrequestspm' => 1, 'buddyrequestsauto' => 0, 'showimages' => 1, 'showvideos' => 1, 'showsigs' => 1, 'showavatars' => 1, 'showquickreply' => 1, 'invisible' => 0, 'style' => '0', 'timezone' => 0, 'dst' => 0, 'threadmode' => '', 'daysprune' => 0, 'regip' => $db->escape_binary(my_inet_pton(get_ip())), 'language' => '', 'showcodebuttons' => 1, 'tpp' => 0, 'ppp' => 0, 'referrer' => 0, 'buddylist' => '', 'ignorelist' => '', 'pmfolders' => '', 'notepad' => '', 'showredirect' => 1, 'usernotes' => '');
$db->insert_query('users', $newuser);
echo $lang->done . '</p>';
echo $lang->done_step_adminoptions;
$adminoptions = file_get_contents(INSTALL_ROOT . 'resources/adminoptions.xml');
$parser = new XMLParser($adminoptions);
$parser->collapse_dups = 0;
$tree = $parser->get_tree();
$insertmodule = array();
$db->delete_query("adminoptions");
// Insert all the admin permissions
foreach ($tree['adminoptions'][0]['user'] as $users) {
$uid = $users['attributes']['uid'];
foreach ($users['permissions'][0]['module'] as $module) {
foreach ($module['permission'] as $permission) {
$insertmodule[$module['attributes']['name']][$permission['attributes']['name']] = $permission['value'];
}
}
$defaultviews = array();
foreach ($users['defaultviews'][0]['view'] as $view) {
$defaultviews[$view['attributes']['type']] = $view['value'];
}
$adminoptiondata = array('uid' => (int) $uid, 'cpstyle' => '', 'notes' => '', 'permissions' => $db->escape_string(my_serialize($insertmodule)), 'defaultviews' => $db->escape_string(my_serialize($defaultviews)));
$insertmodule = array();
$db->insert_query('adminoptions', $adminoptiondata);
}
echo $lang->done . '</p>';
// Automatic Login
my_unsetcookie("sid");
my_unsetcookie("mybbuser");
my_setcookie('mybbuser', $uid . '_' . $loginkey, null, true);
ob_end_flush();
// Make fulltext columns if supported
if ($db->supports_fulltext('threads')) {
$db->create_fulltext_index('threads', 'subject');
}
if ($db->supports_fulltext_boolean('posts')) {
$db->create_fulltext_index('posts', 'message');
}
echo $lang->done_step_cachebuilding;
require_once MYBB_ROOT . 'inc/class_datacache.php';
$cache = new datacache();
$cache->update_version();
$cache->update_attachtypes();
$cache->update_smilies();
$cache->update_badwords();
$cache->update_usergroups();
$cache->update_forumpermissions();
$cache->update_stats();
$cache->update_statistics();
$cache->update_forums();
$cache->update_moderators();
$cache->update_usertitles();
$cache->update_reportedcontent();
$cache->update_awaitingactivation();
$cache->update_mycode();
$cache->update_profilefields();
$cache->update_posticons();
$cache->update_spiders();
$cache->update_bannedips();
$cache->update_banned();
$cache->update_bannedemails();
$cache->update_birthdays();
$cache->update_groupleaders();
$cache->update_threadprefixes();
$cache->update_forumsdisplay();
$cache->update("plugins", array());
$cache->update("internal_settings", array('encryption_key' => random_str(32)));
$cache->update_default_theme();
$version_history = array();
$dh = opendir(INSTALL_ROOT . "resources");
while (($file = readdir($dh)) !== false) {
if (preg_match("#upgrade([0-9]+).php\$#i", $file, $match)) {
$version_history[$match[1]] = $match[1];
}
}
sort($version_history, SORT_NUMERIC);
$cache->update("version_history", $version_history);
// Schedule an update check so it occurs an hour ago. Gotta stay up to date!
$update['nextrun'] = TIME_NOW - 3600;
$db->update_query("tasks", $update, "tid='12'");
$cache->update_update_check();
$cache->update_tasks();
echo $lang->done . '</p>';
echo $lang->done_step_success;
$written = 0;
if (is_writable('./')) {
$lock = @fopen('./lock', 'w');
$written = @fwrite($lock, '1');
@fclose($lock);
if ($written) {
echo $lang->done_step_locked;
}
}
if (!$written) {
echo $lang->done_step_dirdelete;
}
echo $lang->done_whats_next;
$output->print_footer('');
}
if (!empty($mybb->user['uid'])) {
$query = $db->simple_select("adminoptions", "*", "uid='" . $mybb->user['uid'] . "'");
$admin_options = $db->fetch_array($query);
if (!empty($admin_options['cplanguage']) && file_exists(MYBB_ROOT . "inc/languages/" . $admin_options['cplanguage'] . "/admin/home_dashboard.lang.php")) {
$cp_language = $admin_options['cplanguage'];
$lang->set_language($cp_language, "admin");
$lang->load("global");
// Reload global language vars
$lang->load("messages", true);
}
if (!empty($admin_options['cpstyle']) && file_exists(MYBB_ADMIN_DIR . "/styles/{$admin_options['cpstyle']}/main.css")) {
$cp_style = $admin_options['cpstyle'];
}
// Update the session information in the DB
if ($admin_session['sid']) {
$db->update_query("adminsessions", array('lastactive' => TIME_NOW, 'ip' => $db->escape_binary(my_inet_pton(get_ip()))), "sid='" . $db->escape_string($admin_session['sid']) . "'");
}
// Fetch administrator permissions
$mybb->admin['permissions'] = get_admin_permissions($mybb->user['uid']);
}
// Include the layout generation class overrides for this style
if (file_exists(MYBB_ADMIN_DIR . "/styles/{$cp_style}/style.php")) {
require_once MYBB_ADMIN_DIR . "/styles/{$cp_style}/style.php";
}
// Check if any of the layout generation classes we can override exist in the style file
$classes = array("Page" => "DefaultPage", "SidebarItem" => "DefaultSidebarItem", "PopupMenu" => "DefaultPopupMenu", "Table" => "DefaultTable", "Form" => "DefaultForm", "FormContainer" => "DefaultFormContainer");
foreach ($classes as $style_name => $default_name) {
// Style does not have this layout generation class, create it
if (!class_exists($style_name)) {
eval("class {$style_name} extends {$default_name} { }");
}
static function xmlhttp()
{
global $mybb, $db, $charset;
switch ($mybb->input['action']) {
case 'dvz_sb_get_shouts':
$permissions = self::access_view() && !isset($mybb->input['from']) || self::access_refresh();
$handler = function () use($mybb, $db) {
$data = self::get_multiple("WHERE s.id > " . (int) $mybb->input['from'] . " ORDER BY s.id DESC LIMIT " . abs((int) $mybb->settings['dvz_sb_num']));
$html = null;
// JS-handled empty response
$lastId = 0;
while ($row = $db->fetch_array($data)) {
if ($lastId == 0) {
$lastId = $row['id'];
}
$shout = self::render_shout($row);
$html = $mybb->settings['dvz_sb_reversed'] ? $shout . $html : $html . $shout;
}
if ($html != null) {
echo json_encode(['html' => $html, 'last' => $lastId]);
}
};
break;
case 'dvz_sb_shout':
$permissions = self::access_shout() && verify_post_check($mybb->input['key'], true);
$handler = function () use($mybb) {
if (!self::antiflood_pass() && !self::access_mod()) {
die('A');
}
// JS-handled error (Anti-flood)
self::shout(['uid' => $mybb->user['uid'], 'text' => $mybb->input['text'], 'ipaddress' => my_inet_pton(get_ip())]);
};
break;
case 'dvz_sb_get':
$data = self::get($mybb->input['id']);
$permissions = (self::access_mod() || self::access_mod_own() && $data['uid'] == $mybb->user['uid']) && verify_post_check($mybb->input['key'], true);
$handler = function () use($data) {
echo json_encode(['text' => $data['text']]);
};
break;
case 'dvz_sb_update':
$permissions = self::can_mod($mybb->input['id']) && verify_post_check($mybb->input['key'], true);
$handler = function () use($mybb) {
self::update($mybb->input['id'], $mybb->input['text']);
echo self::parse($mybb->input['text'], self::get_username($mybb->input['id']));
};
break;
case 'dvz_sb_delete':
$permissions = self::can_mod($mybb->input['id']) && verify_post_check($mybb->input['key'], true);
$handler = function () use($mybb) {
self::delete($mybb->input['id']);
};
break;
}
if (isset($permissions)) {
if ($permissions == false) {
echo 'P';
// JS-handled error (Permissions)
} else {
header('Content-type: text/plain; charset=' . $charset);
header('Cache-Control: no-store');
// force update on load
$handler();
}
}
}
/**
* Insert a thread into the database.
*
* @return array Array of new thread details, tid and visibility.
*/
function insert_thread()
{
global $db, $mybb, $plugins, $cache, $lang;
// Yes, validating is required.
if (!$this->get_validated()) {
die("The thread needs to be validated before inserting it into the DB.");
}
if (count($this->get_errors()) > 0) {
die("The thread is not valid.");
}
$thread =& $this->data;
// Fetch the forum this thread is being made in
$forum = get_forum($thread['fid']);
// This thread is being saved as a draft.
if ($thread['savedraft']) {
$visible = -2;
} else {
$forumpermissions = forum_permissions($thread['fid'], $thread['uid']);
// Decide on the visibility of this post.
if ($forumpermissions['modthreads'] == 1 && !is_moderator($thread['fid'], "", $thread['uid'])) {
$visible = 0;
} else {
$visible = 1;
}
// Are posts from this user being moderated? Change visibility
if ($mybb->user['uid'] == $thread['uid'] && $mybb->user['moderateposts'] == 1) {
$visible = 0;
}
}
// Have a post ID but not a thread ID - fetch thread ID
if (!empty($thread['pid']) && !$thread['tid']) {
$query = $db->simple_select("posts", "tid", "pid='{$thread['pid']}");
$thread['tid'] = $db->fetch_field($query, "tid");
}
if (isset($thread['pid']) && $thread['pid'] > 0) {
$query = $db->simple_select("posts", "pid", "pid='{$thread['pid']}' AND uid='{$thread['uid']}' AND visible='-2'");
$draft_check = $db->fetch_field($query, "pid");
} else {
$draft_check = false;
}
// Are we updating a post which is already a draft? Perhaps changing it into a visible post?
if ($draft_check) {
$this->thread_insert_data = array("subject" => $db->escape_string($thread['subject']), "icon" => (int) $thread['icon'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "lastpost" => (int) $thread['dateline'], "lastposter" => $db->escape_string($thread['username']), "visible" => $visible);
$plugins->run_hooks("datahandler_post_insert_thread", $this);
$db->update_query("threads", $this->thread_insert_data, "tid='{$thread['tid']}'");
$this->post_insert_data = array("subject" => $db->escape_string($thread['subject']), "icon" => (int) $thread['icon'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "message" => $db->escape_string($thread['message']), "ipaddress" => $db->escape_binary(my_inet_pton(get_ip())), "includesig" => $thread['options']['signature'], "smilieoff" => $thread['options']['disablesmilies'], "visible" => $visible);
$plugins->run_hooks("datahandler_post_insert_thread_post", $this);
$db->update_query("posts", $this->post_insert_data, "pid='{$thread['pid']}'");
$this->tid = $thread['tid'];
$this->pid = $thread['pid'];
} else {
$this->thread_insert_data = array("fid" => $thread['fid'], "subject" => $db->escape_string($thread['subject']), "prefix" => (int) $thread['prefix'], "icon" => (int) $thread['icon'], "uid" => $thread['uid'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "lastpost" => (int) $thread['dateline'], "lastposter" => $db->escape_string($thread['username']), "views" => 0, "replies" => 0, "visible" => $visible, "notes" => '');
$plugins->run_hooks("datahandler_post_insert_thread", $this);
$this->tid = $db->insert_query("threads", $this->thread_insert_data);
$this->post_insert_data = array("tid" => $this->tid, "fid" => $thread['fid'], "subject" => $db->escape_string($thread['subject']), "icon" => (int) $thread['icon'], "uid" => $thread['uid'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "message" => $db->escape_string($thread['message']), "ipaddress" => $db->escape_binary(my_inet_pton(get_ip())), "includesig" => $thread['options']['signature'], "smilieoff" => $thread['options']['disablesmilies'], "visible" => $visible);
$plugins->run_hooks("datahandler_post_insert_thread_post", $this);
$this->pid = $db->insert_query("posts", $this->post_insert_data);
// Now that we have the post id for this first post, update the threads table.
$firstpostup = array("firstpost" => $this->pid);
$db->update_query("threads", $firstpostup, "tid='{$this->tid}'");
}
// If we're not saving a draft there are some things we need to check now
if (!$thread['savedraft']) {
if ($thread['options']['subscriptionmethod'] != "" && $thread['uid'] > 0) {
switch ($thread['options']['subscriptionmethod']) {
case "pm":
$notification = 2;
break;
case "email":
$notification = 1;
break;
default:
$notification = 0;
}
require_once MYBB_ROOT . "inc/functions_user.php";
add_subscribed_thread($this->tid, $notification, $thread['uid']);
}
// Perform any selected moderation tools.
if (is_moderator($thread['fid'], "", $thread['uid']) && is_array($thread['modoptions'])) {
$lang->load($this->language_file, true);
$modoptions = $thread['modoptions'];
$modlogdata['fid'] = $thread['fid'];
if (isset($thread['tid'])) {
$modlogdata['tid'] = $thread['tid'];
}
$modoptions_update = array();
// Close the thread.
if (!empty($modoptions['closethread'])) {
$modoptions_update['closed'] = 1;
log_moderator_action($modlogdata, $lang->thread_closed);
}
// Stick the thread.
if (!empty($modoptions['stickthread'])) {
$modoptions_update['sticky'] = 1;
log_moderator_action($modlogdata, $lang->thread_stuck);
}
// Execute moderation options.
if ($modoptions_update) {
$db->update_query('threads', $modoptions_update, "tid='{$this->tid}'");
}
}
if ($visible == 1) {
// If we have a registered user then update their post count and last post times.
if ($thread['uid'] > 0) {
$user = get_user($thread['uid']);
$update_query = array();
// Only update the lastpost column of the user if the date of the thread is newer than their last post.
if ($thread['dateline'] > $user['lastpost']) {
// Yes this has a single quote within a double quote. It's not a bug.
$update_query['lastpost'] = "'{$thread['dateline']}'";
}
// Update the post count if this forum allows post counts to be tracked
if ($forum['usepostcounts'] != 0) {
$update_query['postnum'] = "postnum+1";
}
if ($forum['usethreadcounts'] != 0) {
$update_query['threadnum'] = 'threadnum+1';
}
// Only update the table if we need to.
if (!empty($update_query)) {
$db->update_query("users", $update_query, "uid='{$thread['uid']}'", 1, true);
}
}
if (!isset($forum['lastpost'])) {
$forum['lastpost'] = 0;
}
$done_users = array();
// Queue up any forum subscription notices to users who are subscribed to this forum.
$excerpt = my_substr($thread['message'], 0, $mybb->settings['subscribeexcerpt']) . $lang->emailbit_viewthread;
// Parse badwords
require_once MYBB_ROOT . "inc/class_parser.php";
$parser = new postParser();
$excerpt = $parser->parse_badwords($excerpt);
$query = $db->query("\n\t\t\t\t\tSELECT u.username, u.email, u.uid, u.language, u.loginkey, u.salt, u.regdate\n\t\t\t\t\tFROM " . TABLE_PREFIX . "forumsubscriptions fs\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=fs.uid)\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "usergroups g ON (g.gid=u.usergroup)\n\t\t\t\t\tWHERE fs.fid='" . (int) $thread['fid'] . "'\n\t\t\t\t\tAND fs.uid != '" . (int) $thread['uid'] . "'\n\t\t\t\t\tAND u.lastactive > '{$forum['lastpost']}'\n\t\t\t\t\tAND g.isbannedgroup != 1\n\t\t\t\t");
while ($subscribedmember = $db->fetch_array($query)) {
if ($done_users[$subscribedmember['uid']]) {
continue;
}
$done_users[$subscribedmember['uid']] = 1;
$forumpermissions = forum_permissions($thread['fid'], $subscribedmember['uid']);
if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) {
continue;
}
if (!is_moderator($thread['fid'], "", $subscribedmember['uid']) && $forumpermissions['canonlyviewownthreads'] == 1) {
// In a 'view own only' forum and not a moderator
continue;
}
// Determine the language pack we'll be using to send this email in and load it if it isn't already.
if ($subscribedmember['language'] != '' && $lang->language_exists($subscribedmember['language'])) {
$uselang = $subscribedmember['language'];
} else {
if ($mybb->settings['bblanguage']) {
$uselang = $mybb->settings['bblanguage'];
} else {
$uselang = "english";
}
}
if ($uselang == $mybb->settings['bblanguage']) {
$emailsubject = $lang->emailsubject_forumsubscription;
$emailmessage = $lang->email_forumsubscription;
} else {
if (!isset($langcache[$uselang]['emailsubject_forumsubscription'])) {
$userlang = new MyLanguage();
$userlang->set_path(MYBB_ROOT . "inc/languages");
$userlang->set_language($uselang);
$userlang->load("messages");
$langcache[$uselang]['emailsubject_forumsubscription'] = $userlang->emailsubject_forumsubscription;
$langcache[$uselang]['email_forumsubscription'] = $userlang->email_forumsubscription;
unset($userlang);
}
$emailsubject = $langcache[$uselang]['emailsubject_forumsubscription'];
$emailmessage = $langcache[$uselang]['email_forumsubscription'];
}
$emailsubject = $lang->sprintf($emailsubject, $forum['name']);
$post_code = md5($subscribedmember['loginkey'] . $subscribedmember['salt'] . $subscribedmember['regdate']);
$emailmessage = $lang->sprintf($emailmessage, $subscribedmember['username'], $thread['username'], $forum['name'], $mybb->settings['bbname'], $thread['subject'], $excerpt, $mybb->settings['bburl'], get_thread_link($this->tid), $thread['fid'], $post_code);
$new_email = array("mailto" => $db->escape_string($subscribedmember['email']), "mailfrom" => '', "subject" => $db->escape_string($emailsubject), "message" => $db->escape_string($emailmessage), "headers" => '');
$db->insert_query("mailqueue", $new_email);
unset($userlang);
$queued_email = 1;
}
// Have one or more emails been queued? Update the queue count
if (isset($queued_email) && $queued_email == 1) {
$cache->update_mailqueue();
}
}
}
// Assign any uploaded attachments with the specific posthash to the newly created post.
if ($thread['posthash']) {
$thread['posthash'] = $db->escape_string($thread['posthash']);
$attachmentassign = array("pid" => $this->pid, "posthash" => '');
$db->update_query("attachments", $attachmentassign, "posthash='{$thread['posthash']}' AND pid='0'");
}
if ($visible == 1) {
update_last_post($this->tid);
update_forum_counters($thread['fid'], array("threads" => "+1", "posts" => "+1"));
update_forum_lastpost($thread['fid']);
} else {
if ($visible == 0) {
update_forum_counters($thread['fid'], array("unapprovedthreads" => "+1", "unapprovedposts" => "+1"));
}
}
$query = $db->simple_select("attachments", "COUNT(aid) AS attachmentcount", "pid='{$this->pid}' AND visible='1'");
$attachmentcount = $db->fetch_field($query, "attachmentcount");
if ($attachmentcount > 0) {
update_thread_counters($this->tid, array("attachmentcount" => "+{$attachmentcount}"));
}
// Return the post's pid and whether or not it is visible.
$this->return_values = array("pid" => $this->pid, "tid" => $this->tid, "visible" => $visible);
$plugins->run_hooks("datahandler_post_insert_thread_end", $this);
return $this->return_values;
}
}
$where = '1=1';
$additional_criteria = array();
// Searching for entries witha specific username
if ($mybb->input['username']) {
$where .= " AND username='******'username']) . "'";
$additional_criteria[] = "username="******" AND email='" . $db->escape_string($mybb->input['email']) . "'";
$additional_criteria[] = "email=" . urlencode($mybb->input['email']);
}
// Searching for entries with a specific IP
if ($mybb->input['ipaddress'] > 0) {
$where .= " AND ipaddress=" . $db->escape_binary(my_inet_pton($mybb->input['ipaddress']));
$additional_criteria[] = "ipaddress=" . urlencode($mybb->input['ipaddress']);
}
if ($additional_criteria) {
$additional_criteria = "&" . implode("&", $additional_criteria);
} else {
$additional_criteria = '';
}
// Order?
switch ($mybb->input['sortby']) {
case "username":
$sortby = "username";
break;
case "email":
$sortby = "email";
break;
function upgrade30_dbchanges_ip()
{
global $mybb, $db, $output;
$output->print_header("IP Conversion");
$ipstart = $iptable = '';
switch ($mybb->input['iptask']) {
case 8:
echo "<p>Adding database indices (3/3)...</p>";
flush();
if (!$db->index_exists('users', 'lastip')) {
// This may take a while
if ($db->type == "mysql" || $db->type == "mysqli") {
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "users ADD INDEX lastip (lastip)");
} elseif ($db->type == "pgsql") {
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "users ADD INDEX (`lastip`)");
}
}
$next_task = 9;
break;
case 7:
echo "<p>Adding database indices (2/3)...</p>";
flush();
if (!$db->index_exists('users', 'regip')) {
// This may take a while
if ($db->type == "mysql" || $db->type == "mysqli") {
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "users ADD INDEX regip (regip)");
} elseif ($db->type == "pgsql") {
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "users ADD INDEX (`regip`)");
}
}
$next_task = 8;
break;
case 6:
echo "<p>Adding database indices (1/3)...</p>";
flush();
if (!$db->index_exists('posts', 'ipaddress')) {
// This may take a while
if ($db->type == "mysql" || $db->type == "mysqli") {
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "posts ADD INDEX ipaddress (ipaddress)");
} elseif ($db->type == "pgsql") {
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "posts ADD INDEX (`ipaddress`)");
}
}
$next_task = 7;
break;
case 5:
if (!$_POST['ipspage']) {
$ipp = 5000;
} else {
$ipp = $_POST['ipspage'];
}
if ($_POST['ipstart']) {
$startat = $_POST['ipstart'];
$upper = $startat + $ipp - 1;
$lower = $startat;
} else {
$startat = 0;
$upper = $ipp;
$lower = 0;
}
$next_task = 5;
switch ($mybb->input['iptable']) {
case 7:
echo "<p>Converting user IPs...</p>";
flush();
$query = $db->simple_select("users", "COUNT(uid) AS ipcount");
if ($db->type == "mysql" || $db->type == "mysqli") {
$next_task = 6;
} else {
$next_task = 9;
}
break;
case 6:
echo "<p>Converting thread rating IPs...</p>";
flush();
$query = $db->simple_select("threadratings", "COUNT(rid) AS ipcount");
break;
case 5:
echo "<p>Converting session IPs...</p>";
flush();
$query = $db->simple_select("sessions", "COUNT(sid) AS ipcount");
break;
case 4:
echo "<p>Converting post IPs...</p>";
flush();
$query = $db->simple_select("posts", "COUNT(pid) AS ipcount");
break;
case 3:
echo "<p>Converting moderator log IPs...</p>";
flush();
$query = $db->simple_select("moderatorlog", "COUNT(DISTINCT ipaddress) AS ipcount");
break;
case 2:
echo "<p>Converting mail log IPs...</p>";
flush();
$query = $db->simple_select("maillogs", "COUNT(mid) AS ipcount");
break;
default:
echo "<p>Converting admin log IPs...</p>";
flush();
$query = $db->simple_select("adminlog", "COUNT(DISTINCT ipaddress) AS ipcount");
break;
}
$cnt = $db->fetch_array($query);
if ($upper > $cnt['ipcount']) {
$upper = $cnt['ipcount'];
}
echo "<p>Converting ip {$lower} to {$upper} ({$cnt['ipcount']} Total)</p>";
flush();
$ipaddress = false;
switch ($mybb->input['iptable']) {
case 7:
$query = $db->simple_select("users", "uid, regip, lastip", "", array('limit_start' => $lower, 'limit' => $ipp));
break;
case 6:
$query = $db->simple_select("threadratings", "rid, ipaddress", "", array('limit_start' => $lower, 'limit' => $ipp));
break;
case 5:
$query = $db->simple_select("sessions", "sid, ip", "", array('limit_start' => $lower, 'limit' => $ipp));
break;
case 4:
$query = $db->simple_select("posts", "pid, ipaddress", "", array('limit_start' => $lower, 'limit' => $ipp));
break;
case 3:
$query = $db->simple_select("moderatorlog", "DISTINCT(ipaddress)", "", array('limit_start' => $lower, 'limit' => $ipp));
break;
case 2:
$query = $db->simple_select("maillogs", "mid, ipaddress", "", array('limit_start' => $lower, 'limit' => $ipp));
break;
default:
$query = $db->simple_select("adminlog", "DISTINCT(ipaddress)", "", array('limit_start' => $lower, 'limit' => $ipp));
$mybb->input['iptable'] = 1;
break;
}
while ($data = $db->fetch_array($query)) {
// Skip invalid IPs
switch ($mybb->input['iptable']) {
case 7:
$ip1 = my_inet_pton($db->unescape_binary($data['regip']));
$ip2 = my_inet_pton($db->unescape_binary($data['lastip']));
if ($ip1 === false && $ip2 === false) {
continue;
}
break;
case 5:
$ip = my_inet_pton($db->unescape_binary($data['ip']));
if ($ip === false) {
continue;
}
break;
case 6:
case 4:
case 3:
case 2:
default:
$ip = my_inet_pton($db->unescape_binary($data['ipaddress']));
if ($ip === false) {
continue;
}
break;
}
switch ($mybb->input['iptable']) {
case 7:
$db->update_query("users", array('regip' => $db->escape_binary($ip1), 'lastip' => $db->escape_binary($ip2)), "uid = '" . (int) $data['uid'] . "'");
break;
case 6:
$db->update_query("threadratings", array('ipaddress' => $db->escape_binary($ip)), "rid = '" . (int) $data['rid'] . "'");
break;
case 5:
$db->update_query("sessions", array('ip' => $db->escape_binary($ip)), "sid = '" . (int) $data['sid'] . "'");
break;
case 4:
$db->update_query("posts", array('ipaddress' => $db->escape_binary($ip)), "pid = '" . (int) $data['pid'] . "'");
break;
case 3:
$db->update_query("moderatorlog", array('ipaddress' => $db->escape_binary($ip)), "ipaddress = '" . $db->escape_string($data['ipaddress']) . "'");
break;
case 2:
$db->update_query("maillogs", array('ipaddress' => $db->escape_binary($ip)), "mid = '" . (int) $data['mid'] . "'");
break;
default:
$db->update_query("adminlog", array('ipaddress' => $db->escape_binary($ip)), "ipaddress = '" . $db->escape_string($data['ipaddress']) . "'");
break;
}
$ipaddress = true;
}
$remaining = $upper - $cnt['ipcount'];
if ($remaining && $ipaddress) {
$startat = $startat + $ipp;
$ipstart = "<input type=\"hidden\" name=\"ipstart\" value=\"{$startat}\" />";
$iptable = $mybb->input['iptable'];
} else {
$iptable = $mybb->input['iptable'] + 1;
}
if ($iptable <= 10) {
$iptable = "<input type=\"hidden\" name=\"iptable\" value=\"{$iptable}\" />";
}
break;
case 4:
$next_task = 4;
switch ($mybb->input['iptable']) {
case 10:
echo "<p>Updating user table (4/4)...</p>";
flush();
$table = 'users';
$column = 'lastip';
$next_task = 5;
break;
case 9:
echo "<p>Updating user table (3/4)...</p>";
flush();
$table = 'users';
$column = 'regip';
break;
case 8:
echo "<p>Updating threadreating table...</p>";
flush();
$table = 'threadratings';
$column = 'ipaddress';
break;
case 7:
echo "<p>Updating session table...</p>";
flush();
$table = 'sessions';
$column = 'ip';
break;
case 6:
echo "<p>Updating searchlog table...</p>";
flush();
$table = 'searchlog';
$column = 'ipaddress';
// Skip conversion
$db->delete_query('searchlog');
break;
case 5:
echo "<p>Updating post table (2/2)...</p>";
flush();
$table = 'posts';
$column = 'ipaddress';
break;
case 4:
echo "<p>Updating moderatorlog table...</p>";
flush();
$table = 'moderatorlog';
$column = 'ipaddress';
break;
case 3:
echo "<p>Updating maillog table...</p>";
flush();
$table = 'maillogs';
$column = 'ipaddress';
break;
case 2:
echo "<p>Updating adminsession table...</p>";
flush();
$table = 'adminsessions';
$column = 'ip';
// Skip conversion
$db->delete_query('adminsessions');
break;
default:
echo "<p>Updating adminlog table...</p>";
flush();
$mybb->input['iptable'] = 1;
$table = 'adminlog';
$column = 'ipaddress';
break;
}
// Truncate invalid IPs
$db->write_query("UPDATE " . TABLE_PREFIX . "{$table} SET {$column} = SUBSTR({$column}, 16) WHERE LENGTH({$column})>16");
switch ($db->type) {
case "pgsql":
// Drop default value before converting the column
$db->modify_column($table, $column, false, false);
$db->modify_column($table, $column, "bytea USING {$column}::bytea", 'set', "''");
break;
case "sqlite":
$db->modify_column($table, $column, "blob(16) NOT NULL default ''");
break;
default:
$db->modify_column($table, $column, "varbinary(16) NOT NULL default ''");
break;
}
if ($mybb->input['iptable'] < 10) {
$iptable = "<input type=\"hidden\" name=\"iptable\" value=\"" . ($mybb->input['iptable'] + 1) . "\" />";
}
break;
case 3:
echo "<p>Updating user table (2/4)...</p>";
flush();
if ($db->field_exists('longlastip', 'users')) {
// This may take a while
$db->drop_column("users", "longlastip");
}
$next_task = 4;
break;
case 2:
echo "<p>Updating user table (1/4)...</p>";
flush();
if ($db->field_exists('longregip', 'users')) {
// This may take a while
$db->drop_column("users", "longregip");
}
$next_task = 3;
break;
default:
echo "<p>Updating post table (1/2)...</p>";
flush();
if ($db->field_exists('longipaddress', 'posts')) {
// This may take a while
$db->drop_column("posts", "longipaddress");
}
$next_task = 2;
break;
}
if ($next_task == 9) {
$contents = "<p>Click next to continue with the upgrade process.</p>";
$nextact = "30_updatetheme";
} else {
$contents = "<p><input type=\"hidden\" name=\"iptask\" value=\"{$next_task}\" />{$iptable}{$ipstart}Done. Click Next to continue the IP conversion.</p>";
global $footer_extra;
$footer_extra = "<script type=\"text/javascript\">\$(document).ready(function() { var button = \$('.submit_button'); if(button) { button.val('Automatically Redirecting...'); button.prop('disabled', true); button.css('color', '#aaa'); button.css('border-color', '#aaa'); document.forms[0].submit(); } });</script>";
$nextact = "30_dbchanges_ip";
}
$output->print_contents($contents);
$output->print_footer($nextact);
}
/**
* Execute Normal and Inline Thread Moderation
*
* @param array $thread_options Moderation information
* @param array Thread IDs. Only the first one will be used, but it needs to be an array
* @return boolean true
*/
function execute_thread_moderation($thread_options, $tids)
{
global $db, $mybb;
$tid = (int) $tids[0];
// Take the first thread to get thread data from
$query = $db->simple_select("threads", 'fid', "tid='{$tid}'");
$thread = $db->fetch_array($query);
// If deleting threads, only do that
if ($thread_options['deletethread'] == 1) {
foreach ($tids as $tid) {
$this->delete_thread($tid);
}
} else {
if ($thread_options['mergethreads'] == 1 && count($tids) > 1) {
$tid_list = implode(',', $tids);
$options = array('order_by' => 'dateline', 'order_dir' => 'DESC');
$query = $db->simple_select("threads", 'tid, subject', "tid IN ({$tid_list})", $options);
// Select threads from newest to oldest
$last_tid = 0;
while ($tid = $db->fetch_array($query)) {
if ($last_tid != 0) {
$this->merge_threads($last_tid, $tid['tid'], $tid['subject']);
// And keep merging them until we get down to one thread.
}
$last_tid = $tid['tid'];
}
}
if ($thread_options['deletepoll'] == 1) {
foreach ($tids as $tid) {
$this->delete_poll($tid);
}
}
if ($thread_options['removeredirects'] == 1) {
foreach ($tids as $tid) {
$this->remove_redirects($tid);
}
}
if ($thread_options['removesubscriptions'] == 1) {
$this->remove_thread_subscriptions($tids, true);
}
if ($thread_options['approvethread'] == 'approve') {
$this->approve_threads($tids, $thread['fid']);
} elseif ($thread_options['approvethread'] == 'unapprove') {
$this->unapprove_threads($tids, $thread['fid']);
} elseif ($thread_options['approvethread'] == 'toggle') {
$this->toggle_thread_visibility($tids, $thread['fid']);
}
if ($thread_options['softdeletethread'] == 'softdelete') {
$this->soft_delete_threads($tids);
} elseif ($thread_options['softdeletethread'] == 'restore') {
$this->restore_threads($tids);
} elseif ($thread_options['softdeletethread'] == 'toggle') {
$this->toggle_thread_softdelete($tids);
}
if ($thread_options['openthread'] == 'open') {
$this->open_threads($tids);
} elseif ($thread_options['openthread'] == 'close') {
$this->close_threads($tids);
} elseif ($thread_options['openthread'] == 'toggle') {
$this->toggle_thread_status($tids);
}
if ($thread_options['stickthread'] == 'stick') {
$this->stick_threads($tids);
} elseif ($thread_options['stickthread'] == 'unstick') {
$this->unstick_threads($tids);
} elseif ($thread_options['stickthread'] == 'toggle') {
$this->toggle_thread_importance($tids);
}
if ($thread_options['threadprefix'] != '-1') {
$this->apply_thread_prefix($tids, $thread_options['threadprefix']);
// Update thread prefix
}
if (my_strtolower(trim($thread_options['newsubject'])) != '{subject}') {
$this->change_thread_subject($tids, $thread_options['newsubject']);
}
if (!empty($thread_options['addreply'])) {
$tid_list = implode(',', $tids);
$query = $db->simple_select("threads", 'uid, fid, subject, tid, firstpost, closed', "tid IN ({$tid_list}) AND closed NOT LIKE 'moved|%'");
require_once MYBB_ROOT . "inc/datahandlers/post.php";
// Loop threads adding a reply to each one
while ($thread = $db->fetch_array($query)) {
$posthandler = new PostDataHandler("insert");
if (empty($thread_options['replysubject'])) {
$new_subject = 'RE: ' . $thread['subject'];
} else {
$new_subject = str_ireplace('{username}', $mybb->user['username'], $thread_options['replysubject']);
$new_subject = str_ireplace('{subject}', $thread['subject'], $new_subject);
}
// Set the post data that came from the input to the $post array.
$post = array("tid" => $thread['tid'], "replyto" => $thread['firstpost'], "fid" => $thread['fid'], "subject" => $new_subject, "uid" => $mybb->user['uid'], "username" => $mybb->user['username'], "message" => $thread_options['addreply'], "ipaddress" => $db->escape_binary(my_inet_pton(get_ip())));
// Set up the post options from the input.
$post['options'] = array("signature" => 1, "emailnotify" => 0, "disablesmilies" => 0);
if ($thread['closed'] == 1) {
// Keep this thread closed
$post['modoptions']['closethread'] = 1;
}
$posthandler->set_data($post);
if ($posthandler->validate_post($post)) {
$posthandler->insert_post($post);
}
}
}
if ($thread_options['movethread'] > 0 && $thread_options['movethread'] != $thread['fid']) {
if ($thread_options['movethreadredirect'] == 1) {
$time = TIME_NOW + $thread_options['movethreadredirectexpire'] * 86400;
foreach ($tids as $tid) {
$this->move_thread($tid, $thread_options['movethread'], 'redirect', $time);
}
} else {
$this->move_threads($tids, $thread_options['movethread']);
}
}
if ($thread_options['copythread'] > 0 || $thread_options['copythread'] == -2) {
if ($thread_options['copythread'] == -2) {
$thread_options['copythread'] = $thread['fid'];
}
foreach ($tids as $tid) {
$new_tid = $this->move_thread($tid, $thread_options['copythread'], 'copy');
}
}
if (!empty($thread_options['recountrebuild'])) {
require_once MYBB_ROOT . '/inc/functions_rebuild.php';
foreach ($tids as $tid) {
rebuild_thread_counters($tid);
}
}
}
// Do we have a PM subject and PM message?
if (isset($thread_options['pm_subject']) && $thread_options['pm_subject'] != '' && isset($thread_options['pm_message']) && $thread_options['pm_message'] != '') {
$tid_list = implode(',', $tids);
// For each thread, we send a PM to the author
$query = $db->simple_select("threads", 'uid', "tid IN ({$tid_list})");
while ($uid = $db->fetch_field($query, 'uid')) {
// Let's send our PM
$pm = array('subject' => $thread_options['pm_subject'], 'message' => $thread_options['pm_message'], 'touid' => $uid);
send_pm($pm, $mybb->user['uid'], 1);
}
}
return true;
}
/**
* Converts IP-Adresses to the Format used by MyBB
*
* @uses mybb_functions.php
* @param string $ip IP-Adress in dotted decimal writing (for example 127.0.0.1)
* @return string returns the IP-Adress in the format used by MyBB
*/
public function ip2my($ip)
{
return my_inet_pton($ip);
}
/**
* Log a user spam block from StopForumSpam (or other spam service providers...)
*
* @param string $username The username that the user was using.
* @param string $email The email address the user was using.
* @param string $ip_address The IP addres of the user.
* @param array $data An array of extra data to go with the block (eg: confidence rating).
* @return bool Whether the action was logged successfully.
*/
function log_spam_block($username = '', $email = '', $ip_address = '', $data = array())
{
global $db, $session;
if (!is_array($data)) {
$data = array($data);
}
if (!$ip_address) {
$ip_address = get_ip();
}
$ip_address = my_inet_pton($ip_address);
$insert_array = array('username' => $db->escape_string($username), 'email' => $db->escape_string($email), 'ipaddress' => $db->escape_binary($ip_address), 'dateline' => (int) TIME_NOW, 'data' => $db->escape_string(@my_serialize($data)));
return (bool) $db->insert_query('spamlog', $insert_array);
}