Example #1
0
/**
 * Logs an administrator action taking any arguments as log data.
 */
function log_admin_action()
{
    global $db, $mybb;
    $data = func_get_args();
    if (count($data) == 1 && is_array($data[0])) {
        $data = $data[0];
    }
    if (!is_array($data)) {
        $data = array($data);
    }
    $log_entry = array("uid" => (int) $mybb->user['uid'], "ipaddress" => $db->escape_binary(my_inet_pton(get_ip())), "dateline" => TIME_NOW, "module" => $db->escape_string($mybb->get_input('module')), "action" => $db->escape_string($mybb->get_input('action')), "data" => $db->escape_string(@my_serialize($data)));
    $db->insert_query("adminlog", $log_entry);
}
Example #2
0
 /**
  * Initialize a session
  */
 function init()
 {
     global $db, $mybb, $cache;
     // Get our visitor's IP.
     $this->ipaddress = get_ip();
     $this->packedip = my_inet_pton($this->ipaddress);
     // Find out the user agent.
     $this->useragent = $_SERVER['HTTP_USER_AGENT'];
     // Attempt to find a session id in the cookies.
     if (isset($mybb->cookies['sid']) && !defined('IN_UPGRADE')) {
         $sid = $db->escape_string($mybb->cookies['sid']);
         // Load the session
         $query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip=" . $db->escape_binary($this->packedip));
         $session = $db->fetch_array($query);
         if ($session['sid']) {
             $this->sid = $session['sid'];
         }
     }
     // If we have a valid session id and user id, load that users session.
     if (!empty($mybb->cookies['mybbuser'])) {
         $logon = explode("_", $mybb->cookies['mybbuser'], 2);
         $this->load_user($logon[0], $logon[1]);
     }
     // If no user still, then we have a guest.
     if (!isset($mybb->user['uid'])) {
         // Detect if this guest is a search engine spider. (bots don't get a cookied session ID so we first see if that's set)
         if (!$this->sid) {
             $spiders = $cache->read("spiders");
             if (is_array($spiders)) {
                 foreach ($spiders as $spider) {
                     if (my_strpos(my_strtolower($this->useragent), my_strtolower($spider['useragent'])) !== false) {
                         $this->load_spider($spider['sid']);
                     }
                 }
             }
         }
         // Still nothing? JUST A GUEST!
         if (!$this->is_spider) {
             $this->load_guest();
         }
     }
     // As a token of our appreciation for getting this far (and they aren't a spider), give the user a cookie
     if ($this->sid && (!isset($mybb->cookies['sid']) || $mybb->cookies['sid'] != $this->sid) && $this->is_spider != true) {
         my_setcookie("sid", $this->sid, -1, true);
     }
 }
Example #3
0
/**
 * Installation is finished
 */
function install_done()
{
    global $output, $db, $mybb, $errors, $cache, $lang;
    if (empty($mybb->input['adminuser'])) {
        $errors[] = $lang->admin_step_error_nouser;
    }
    if (empty($mybb->input['adminpass'])) {
        $errors[] = $lang->admin_step_error_nopassword;
    }
    if ($mybb->get_input('adminpass') != $mybb->get_input('adminpass2')) {
        $errors[] = $lang->admin_step_error_nomatch;
    }
    if (empty($mybb->input['adminemail'])) {
        $errors[] = $lang->admin_step_error_noemail;
    }
    if (is_array($errors)) {
        create_admin_user();
    }
    require MYBB_ROOT . 'inc/config.php';
    $db = db_connection($config);
    require MYBB_ROOT . 'inc/settings.php';
    $mybb->settings =& $settings;
    ob_start();
    $output->print_header($lang->finish_setup, 'finish');
    echo $lang->done_step_usergroupsinserted;
    // Insert all of our user groups from the XML file
    $usergroup_settings = file_get_contents(INSTALL_ROOT . 'resources/usergroups.xml');
    $parser = new XMLParser($usergroup_settings);
    $parser->collapse_dups = 0;
    $tree = $parser->get_tree();
    $admin_gid = '';
    $group_count = 0;
    foreach ($tree['usergroups'][0]['usergroup'] as $usergroup) {
        // usergroup[cancp][0][value]
        $new_group = array();
        foreach ($usergroup as $key => $value) {
            if (!is_array($value)) {
                continue;
            }
            $new_group[$key] = $db->escape_string($value[0]['value']);
        }
        $db->insert_query("usergroups", $new_group, false);
        // If this group can access the admin CP and we haven't established the admin group - set it (just in case we ever change IDs)
        if ($new_group['cancp'] == 1 && !$admin_gid) {
            $admin_gid = $usergroup['gid'][0]['value'];
        }
        $group_count++;
    }
    // Restart usergroup sequence with correct # of groups
    if ($config['database']['type'] == "pgsql") {
        $db->query("SELECT setval('{$config['database']['table_prefix']}usergroups_gid_seq', (SELECT max(gid) FROM {$config['database']['table_prefix']}usergroups));");
    }
    echo $lang->done . '</p>';
    echo $lang->done_step_admincreated;
    $now = TIME_NOW;
    $salt = random_str();
    $loginkey = generate_loginkey();
    $saltedpw = md5(md5($salt) . md5($mybb->get_input('adminpass')));
    $newuser = array('username' => $db->escape_string($mybb->get_input('adminuser')), 'password' => $saltedpw, 'salt' => $salt, 'loginkey' => $loginkey, 'email' => $db->escape_string($mybb->get_input('adminemail')), 'usergroup' => $admin_gid, 'regdate' => $now, 'lastactive' => $now, 'lastvisit' => $now, 'website' => '', 'icq' => '', 'aim' => '', 'yahoo' => '', 'skype' => '', 'google' => '', 'birthday' => '', 'signature' => '', 'allownotices' => 1, 'hideemail' => 0, 'subscriptionmethod' => '0', 'receivepms' => 1, 'pmnotice' => 1, 'pmnotify' => 1, 'buddyrequestspm' => 1, 'buddyrequestsauto' => 0, 'showimages' => 1, 'showvideos' => 1, 'showsigs' => 1, 'showavatars' => 1, 'showquickreply' => 1, 'invisible' => 0, 'style' => '0', 'timezone' => 0, 'dst' => 0, 'threadmode' => '', 'daysprune' => 0, 'regip' => $db->escape_binary(my_inet_pton(get_ip())), 'language' => '', 'showcodebuttons' => 1, 'tpp' => 0, 'ppp' => 0, 'referrer' => 0, 'buddylist' => '', 'ignorelist' => '', 'pmfolders' => '', 'notepad' => '', 'showredirect' => 1, 'usernotes' => '');
    $db->insert_query('users', $newuser);
    echo $lang->done . '</p>';
    echo $lang->done_step_adminoptions;
    $adminoptions = file_get_contents(INSTALL_ROOT . 'resources/adminoptions.xml');
    $parser = new XMLParser($adminoptions);
    $parser->collapse_dups = 0;
    $tree = $parser->get_tree();
    $insertmodule = array();
    $db->delete_query("adminoptions");
    // Insert all the admin permissions
    foreach ($tree['adminoptions'][0]['user'] as $users) {
        $uid = $users['attributes']['uid'];
        foreach ($users['permissions'][0]['module'] as $module) {
            foreach ($module['permission'] as $permission) {
                $insertmodule[$module['attributes']['name']][$permission['attributes']['name']] = $permission['value'];
            }
        }
        $defaultviews = array();
        foreach ($users['defaultviews'][0]['view'] as $view) {
            $defaultviews[$view['attributes']['type']] = $view['value'];
        }
        $adminoptiondata = array('uid' => (int) $uid, 'cpstyle' => '', 'notes' => '', 'permissions' => $db->escape_string(my_serialize($insertmodule)), 'defaultviews' => $db->escape_string(my_serialize($defaultviews)));
        $insertmodule = array();
        $db->insert_query('adminoptions', $adminoptiondata);
    }
    echo $lang->done . '</p>';
    // Automatic Login
    my_unsetcookie("sid");
    my_unsetcookie("mybbuser");
    my_setcookie('mybbuser', $uid . '_' . $loginkey, null, true);
    ob_end_flush();
    // Make fulltext columns if supported
    if ($db->supports_fulltext('threads')) {
        $db->create_fulltext_index('threads', 'subject');
    }
    if ($db->supports_fulltext_boolean('posts')) {
        $db->create_fulltext_index('posts', 'message');
    }
    echo $lang->done_step_cachebuilding;
    require_once MYBB_ROOT . 'inc/class_datacache.php';
    $cache = new datacache();
    $cache->update_version();
    $cache->update_attachtypes();
    $cache->update_smilies();
    $cache->update_badwords();
    $cache->update_usergroups();
    $cache->update_forumpermissions();
    $cache->update_stats();
    $cache->update_statistics();
    $cache->update_forums();
    $cache->update_moderators();
    $cache->update_usertitles();
    $cache->update_reportedcontent();
    $cache->update_awaitingactivation();
    $cache->update_mycode();
    $cache->update_profilefields();
    $cache->update_posticons();
    $cache->update_spiders();
    $cache->update_bannedips();
    $cache->update_banned();
    $cache->update_bannedemails();
    $cache->update_birthdays();
    $cache->update_groupleaders();
    $cache->update_threadprefixes();
    $cache->update_forumsdisplay();
    $cache->update("plugins", array());
    $cache->update("internal_settings", array('encryption_key' => random_str(32)));
    $cache->update_default_theme();
    $version_history = array();
    $dh = opendir(INSTALL_ROOT . "resources");
    while (($file = readdir($dh)) !== false) {
        if (preg_match("#upgrade([0-9]+).php\$#i", $file, $match)) {
            $version_history[$match[1]] = $match[1];
        }
    }
    sort($version_history, SORT_NUMERIC);
    $cache->update("version_history", $version_history);
    // Schedule an update check so it occurs an hour ago.  Gotta stay up to date!
    $update['nextrun'] = TIME_NOW - 3600;
    $db->update_query("tasks", $update, "tid='12'");
    $cache->update_update_check();
    $cache->update_tasks();
    echo $lang->done . '</p>';
    echo $lang->done_step_success;
    $written = 0;
    if (is_writable('./')) {
        $lock = @fopen('./lock', 'w');
        $written = @fwrite($lock, '1');
        @fclose($lock);
        if ($written) {
            echo $lang->done_step_locked;
        }
    }
    if (!$written) {
        echo $lang->done_step_dirdelete;
    }
    echo $lang->done_whats_next;
    $output->print_footer('');
}
Example #4
0
if (!empty($mybb->user['uid'])) {
    $query = $db->simple_select("adminoptions", "*", "uid='" . $mybb->user['uid'] . "'");
    $admin_options = $db->fetch_array($query);
    if (!empty($admin_options['cplanguage']) && file_exists(MYBB_ROOT . "inc/languages/" . $admin_options['cplanguage'] . "/admin/home_dashboard.lang.php")) {
        $cp_language = $admin_options['cplanguage'];
        $lang->set_language($cp_language, "admin");
        $lang->load("global");
        // Reload global language vars
        $lang->load("messages", true);
    }
    if (!empty($admin_options['cpstyle']) && file_exists(MYBB_ADMIN_DIR . "/styles/{$admin_options['cpstyle']}/main.css")) {
        $cp_style = $admin_options['cpstyle'];
    }
    // Update the session information in the DB
    if ($admin_session['sid']) {
        $db->update_query("adminsessions", array('lastactive' => TIME_NOW, 'ip' => $db->escape_binary(my_inet_pton(get_ip()))), "sid='" . $db->escape_string($admin_session['sid']) . "'");
    }
    // Fetch administrator permissions
    $mybb->admin['permissions'] = get_admin_permissions($mybb->user['uid']);
}
// Include the layout generation class overrides for this style
if (file_exists(MYBB_ADMIN_DIR . "/styles/{$cp_style}/style.php")) {
    require_once MYBB_ADMIN_DIR . "/styles/{$cp_style}/style.php";
}
// Check if any of the layout generation classes we can override exist in the style file
$classes = array("Page" => "DefaultPage", "SidebarItem" => "DefaultSidebarItem", "PopupMenu" => "DefaultPopupMenu", "Table" => "DefaultTable", "Form" => "DefaultForm", "FormContainer" => "DefaultFormContainer");
foreach ($classes as $style_name => $default_name) {
    // Style does not have this layout generation class, create it
    if (!class_exists($style_name)) {
        eval("class {$style_name} extends {$default_name} { }");
    }
Example #5
0
 static function xmlhttp()
 {
     global $mybb, $db, $charset;
     switch ($mybb->input['action']) {
         case 'dvz_sb_get_shouts':
             $permissions = self::access_view() && !isset($mybb->input['from']) || self::access_refresh();
             $handler = function () use($mybb, $db) {
                 $data = self::get_multiple("WHERE s.id > " . (int) $mybb->input['from'] . " ORDER BY s.id DESC LIMIT " . abs((int) $mybb->settings['dvz_sb_num']));
                 $html = null;
                 // JS-handled empty response
                 $lastId = 0;
                 while ($row = $db->fetch_array($data)) {
                     if ($lastId == 0) {
                         $lastId = $row['id'];
                     }
                     $shout = self::render_shout($row);
                     $html = $mybb->settings['dvz_sb_reversed'] ? $shout . $html : $html . $shout;
                 }
                 if ($html != null) {
                     echo json_encode(['html' => $html, 'last' => $lastId]);
                 }
             };
             break;
         case 'dvz_sb_shout':
             $permissions = self::access_shout() && verify_post_check($mybb->input['key'], true);
             $handler = function () use($mybb) {
                 if (!self::antiflood_pass() && !self::access_mod()) {
                     die('A');
                 }
                 // JS-handled error (Anti-flood)
                 self::shout(['uid' => $mybb->user['uid'], 'text' => $mybb->input['text'], 'ipaddress' => my_inet_pton(get_ip())]);
             };
             break;
         case 'dvz_sb_get':
             $data = self::get($mybb->input['id']);
             $permissions = (self::access_mod() || self::access_mod_own() && $data['uid'] == $mybb->user['uid']) && verify_post_check($mybb->input['key'], true);
             $handler = function () use($data) {
                 echo json_encode(['text' => $data['text']]);
             };
             break;
         case 'dvz_sb_update':
             $permissions = self::can_mod($mybb->input['id']) && verify_post_check($mybb->input['key'], true);
             $handler = function () use($mybb) {
                 self::update($mybb->input['id'], $mybb->input['text']);
                 echo self::parse($mybb->input['text'], self::get_username($mybb->input['id']));
             };
             break;
         case 'dvz_sb_delete':
             $permissions = self::can_mod($mybb->input['id']) && verify_post_check($mybb->input['key'], true);
             $handler = function () use($mybb) {
                 self::delete($mybb->input['id']);
             };
             break;
     }
     if (isset($permissions)) {
         if ($permissions == false) {
             echo 'P';
             // JS-handled error (Permissions)
         } else {
             header('Content-type: text/plain; charset=' . $charset);
             header('Cache-Control: no-store');
             // force update on load
             $handler();
         }
     }
 }
Example #6
0
 /**
  * Insert a thread into the database.
  *
  * @return array Array of new thread details, tid and visibility.
  */
 function insert_thread()
 {
     global $db, $mybb, $plugins, $cache, $lang;
     // Yes, validating is required.
     if (!$this->get_validated()) {
         die("The thread needs to be validated before inserting it into the DB.");
     }
     if (count($this->get_errors()) > 0) {
         die("The thread is not valid.");
     }
     $thread =& $this->data;
     // Fetch the forum this thread is being made in
     $forum = get_forum($thread['fid']);
     // This thread is being saved as a draft.
     if ($thread['savedraft']) {
         $visible = -2;
     } else {
         $forumpermissions = forum_permissions($thread['fid'], $thread['uid']);
         // Decide on the visibility of this post.
         if ($forumpermissions['modthreads'] == 1 && !is_moderator($thread['fid'], "", $thread['uid'])) {
             $visible = 0;
         } else {
             $visible = 1;
         }
         // Are posts from this user being moderated? Change visibility
         if ($mybb->user['uid'] == $thread['uid'] && $mybb->user['moderateposts'] == 1) {
             $visible = 0;
         }
     }
     // Have a post ID but not a thread ID - fetch thread ID
     if (!empty($thread['pid']) && !$thread['tid']) {
         $query = $db->simple_select("posts", "tid", "pid='{$thread['pid']}");
         $thread['tid'] = $db->fetch_field($query, "tid");
     }
     if (isset($thread['pid']) && $thread['pid'] > 0) {
         $query = $db->simple_select("posts", "pid", "pid='{$thread['pid']}' AND uid='{$thread['uid']}' AND visible='-2'");
         $draft_check = $db->fetch_field($query, "pid");
     } else {
         $draft_check = false;
     }
     // Are we updating a post which is already a draft? Perhaps changing it into a visible post?
     if ($draft_check) {
         $this->thread_insert_data = array("subject" => $db->escape_string($thread['subject']), "icon" => (int) $thread['icon'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "lastpost" => (int) $thread['dateline'], "lastposter" => $db->escape_string($thread['username']), "visible" => $visible);
         $plugins->run_hooks("datahandler_post_insert_thread", $this);
         $db->update_query("threads", $this->thread_insert_data, "tid='{$thread['tid']}'");
         $this->post_insert_data = array("subject" => $db->escape_string($thread['subject']), "icon" => (int) $thread['icon'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "message" => $db->escape_string($thread['message']), "ipaddress" => $db->escape_binary(my_inet_pton(get_ip())), "includesig" => $thread['options']['signature'], "smilieoff" => $thread['options']['disablesmilies'], "visible" => $visible);
         $plugins->run_hooks("datahandler_post_insert_thread_post", $this);
         $db->update_query("posts", $this->post_insert_data, "pid='{$thread['pid']}'");
         $this->tid = $thread['tid'];
         $this->pid = $thread['pid'];
     } else {
         $this->thread_insert_data = array("fid" => $thread['fid'], "subject" => $db->escape_string($thread['subject']), "prefix" => (int) $thread['prefix'], "icon" => (int) $thread['icon'], "uid" => $thread['uid'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "lastpost" => (int) $thread['dateline'], "lastposter" => $db->escape_string($thread['username']), "views" => 0, "replies" => 0, "visible" => $visible, "notes" => '');
         $plugins->run_hooks("datahandler_post_insert_thread", $this);
         $this->tid = $db->insert_query("threads", $this->thread_insert_data);
         $this->post_insert_data = array("tid" => $this->tid, "fid" => $thread['fid'], "subject" => $db->escape_string($thread['subject']), "icon" => (int) $thread['icon'], "uid" => $thread['uid'], "username" => $db->escape_string($thread['username']), "dateline" => (int) $thread['dateline'], "message" => $db->escape_string($thread['message']), "ipaddress" => $db->escape_binary(my_inet_pton(get_ip())), "includesig" => $thread['options']['signature'], "smilieoff" => $thread['options']['disablesmilies'], "visible" => $visible);
         $plugins->run_hooks("datahandler_post_insert_thread_post", $this);
         $this->pid = $db->insert_query("posts", $this->post_insert_data);
         // Now that we have the post id for this first post, update the threads table.
         $firstpostup = array("firstpost" => $this->pid);
         $db->update_query("threads", $firstpostup, "tid='{$this->tid}'");
     }
     // If we're not saving a draft there are some things we need to check now
     if (!$thread['savedraft']) {
         if ($thread['options']['subscriptionmethod'] != "" && $thread['uid'] > 0) {
             switch ($thread['options']['subscriptionmethod']) {
                 case "pm":
                     $notification = 2;
                     break;
                 case "email":
                     $notification = 1;
                     break;
                 default:
                     $notification = 0;
             }
             require_once MYBB_ROOT . "inc/functions_user.php";
             add_subscribed_thread($this->tid, $notification, $thread['uid']);
         }
         // Perform any selected moderation tools.
         if (is_moderator($thread['fid'], "", $thread['uid']) && is_array($thread['modoptions'])) {
             $lang->load($this->language_file, true);
             $modoptions = $thread['modoptions'];
             $modlogdata['fid'] = $thread['fid'];
             if (isset($thread['tid'])) {
                 $modlogdata['tid'] = $thread['tid'];
             }
             $modoptions_update = array();
             // Close the thread.
             if (!empty($modoptions['closethread'])) {
                 $modoptions_update['closed'] = 1;
                 log_moderator_action($modlogdata, $lang->thread_closed);
             }
             // Stick the thread.
             if (!empty($modoptions['stickthread'])) {
                 $modoptions_update['sticky'] = 1;
                 log_moderator_action($modlogdata, $lang->thread_stuck);
             }
             // Execute moderation options.
             if ($modoptions_update) {
                 $db->update_query('threads', $modoptions_update, "tid='{$this->tid}'");
             }
         }
         if ($visible == 1) {
             // If we have a registered user then update their post count and last post times.
             if ($thread['uid'] > 0) {
                 $user = get_user($thread['uid']);
                 $update_query = array();
                 // Only update the lastpost column of the user if the date of the thread is newer than their last post.
                 if ($thread['dateline'] > $user['lastpost']) {
                     // Yes this has a single quote within a double quote. It's not a bug.
                     $update_query['lastpost'] = "'{$thread['dateline']}'";
                 }
                 // Update the post count if this forum allows post counts to be tracked
                 if ($forum['usepostcounts'] != 0) {
                     $update_query['postnum'] = "postnum+1";
                 }
                 if ($forum['usethreadcounts'] != 0) {
                     $update_query['threadnum'] = 'threadnum+1';
                 }
                 // Only update the table if we need to.
                 if (!empty($update_query)) {
                     $db->update_query("users", $update_query, "uid='{$thread['uid']}'", 1, true);
                 }
             }
             if (!isset($forum['lastpost'])) {
                 $forum['lastpost'] = 0;
             }
             $done_users = array();
             // Queue up any forum subscription notices to users who are subscribed to this forum.
             $excerpt = my_substr($thread['message'], 0, $mybb->settings['subscribeexcerpt']) . $lang->emailbit_viewthread;
             // Parse badwords
             require_once MYBB_ROOT . "inc/class_parser.php";
             $parser = new postParser();
             $excerpt = $parser->parse_badwords($excerpt);
             $query = $db->query("\n\t\t\t\t\tSELECT u.username, u.email, u.uid, u.language, u.loginkey, u.salt, u.regdate\n\t\t\t\t\tFROM " . TABLE_PREFIX . "forumsubscriptions fs\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=fs.uid)\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "usergroups g ON (g.gid=u.usergroup)\n\t\t\t\t\tWHERE fs.fid='" . (int) $thread['fid'] . "'\n\t\t\t\t\tAND fs.uid != '" . (int) $thread['uid'] . "'\n\t\t\t\t\tAND u.lastactive > '{$forum['lastpost']}'\n\t\t\t\t\tAND g.isbannedgroup != 1\n\t\t\t\t");
             while ($subscribedmember = $db->fetch_array($query)) {
                 if ($done_users[$subscribedmember['uid']]) {
                     continue;
                 }
                 $done_users[$subscribedmember['uid']] = 1;
                 $forumpermissions = forum_permissions($thread['fid'], $subscribedmember['uid']);
                 if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) {
                     continue;
                 }
                 if (!is_moderator($thread['fid'], "", $subscribedmember['uid']) && $forumpermissions['canonlyviewownthreads'] == 1) {
                     // In a 'view own only' forum and not a moderator
                     continue;
                 }
                 // Determine the language pack we'll be using to send this email in and load it if it isn't already.
                 if ($subscribedmember['language'] != '' && $lang->language_exists($subscribedmember['language'])) {
                     $uselang = $subscribedmember['language'];
                 } else {
                     if ($mybb->settings['bblanguage']) {
                         $uselang = $mybb->settings['bblanguage'];
                     } else {
                         $uselang = "english";
                     }
                 }
                 if ($uselang == $mybb->settings['bblanguage']) {
                     $emailsubject = $lang->emailsubject_forumsubscription;
                     $emailmessage = $lang->email_forumsubscription;
                 } else {
                     if (!isset($langcache[$uselang]['emailsubject_forumsubscription'])) {
                         $userlang = new MyLanguage();
                         $userlang->set_path(MYBB_ROOT . "inc/languages");
                         $userlang->set_language($uselang);
                         $userlang->load("messages");
                         $langcache[$uselang]['emailsubject_forumsubscription'] = $userlang->emailsubject_forumsubscription;
                         $langcache[$uselang]['email_forumsubscription'] = $userlang->email_forumsubscription;
                         unset($userlang);
                     }
                     $emailsubject = $langcache[$uselang]['emailsubject_forumsubscription'];
                     $emailmessage = $langcache[$uselang]['email_forumsubscription'];
                 }
                 $emailsubject = $lang->sprintf($emailsubject, $forum['name']);
                 $post_code = md5($subscribedmember['loginkey'] . $subscribedmember['salt'] . $subscribedmember['regdate']);
                 $emailmessage = $lang->sprintf($emailmessage, $subscribedmember['username'], $thread['username'], $forum['name'], $mybb->settings['bbname'], $thread['subject'], $excerpt, $mybb->settings['bburl'], get_thread_link($this->tid), $thread['fid'], $post_code);
                 $new_email = array("mailto" => $db->escape_string($subscribedmember['email']), "mailfrom" => '', "subject" => $db->escape_string($emailsubject), "message" => $db->escape_string($emailmessage), "headers" => '');
                 $db->insert_query("mailqueue", $new_email);
                 unset($userlang);
                 $queued_email = 1;
             }
             // Have one or more emails been queued? Update the queue count
             if (isset($queued_email) && $queued_email == 1) {
                 $cache->update_mailqueue();
             }
         }
     }
     // Assign any uploaded attachments with the specific posthash to the newly created post.
     if ($thread['posthash']) {
         $thread['posthash'] = $db->escape_string($thread['posthash']);
         $attachmentassign = array("pid" => $this->pid, "posthash" => '');
         $db->update_query("attachments", $attachmentassign, "posthash='{$thread['posthash']}' AND pid='0'");
     }
     if ($visible == 1) {
         update_last_post($this->tid);
         update_forum_counters($thread['fid'], array("threads" => "+1", "posts" => "+1"));
         update_forum_lastpost($thread['fid']);
     } else {
         if ($visible == 0) {
             update_forum_counters($thread['fid'], array("unapprovedthreads" => "+1", "unapprovedposts" => "+1"));
         }
     }
     $query = $db->simple_select("attachments", "COUNT(aid) AS attachmentcount", "pid='{$this->pid}' AND visible='1'");
     $attachmentcount = $db->fetch_field($query, "attachmentcount");
     if ($attachmentcount > 0) {
         update_thread_counters($this->tid, array("attachmentcount" => "+{$attachmentcount}"));
     }
     // Return the post's pid and whether or not it is visible.
     $this->return_values = array("pid" => $this->pid, "tid" => $this->tid, "visible" => $visible);
     $plugins->run_hooks("datahandler_post_insert_thread_end", $this);
     return $this->return_values;
 }
Example #7
0
 }
 $where = '1=1';
 $additional_criteria = array();
 // Searching for entries witha  specific username
 if ($mybb->input['username']) {
     $where .= " AND username='******'username']) . "'";
     $additional_criteria[] = "username="******" AND email='" . $db->escape_string($mybb->input['email']) . "'";
     $additional_criteria[] = "email=" . urlencode($mybb->input['email']);
 }
 // Searching for entries with a specific IP
 if ($mybb->input['ipaddress'] > 0) {
     $where .= " AND ipaddress=" . $db->escape_binary(my_inet_pton($mybb->input['ipaddress']));
     $additional_criteria[] = "ipaddress=" . urlencode($mybb->input['ipaddress']);
 }
 if ($additional_criteria) {
     $additional_criteria = "&amp;" . implode("&amp;", $additional_criteria);
 } else {
     $additional_criteria = '';
 }
 // Order?
 switch ($mybb->input['sortby']) {
     case "username":
         $sortby = "username";
         break;
     case "email":
         $sortby = "email";
         break;
Example #8
0
function upgrade30_dbchanges_ip()
{
    global $mybb, $db, $output;
    $output->print_header("IP Conversion");
    $ipstart = $iptable = '';
    switch ($mybb->input['iptask']) {
        case 8:
            echo "<p>Adding database indices (3/3)...</p>";
            flush();
            if (!$db->index_exists('users', 'lastip')) {
                // This may take a while
                if ($db->type == "mysql" || $db->type == "mysqli") {
                    $db->write_query("ALTER TABLE " . TABLE_PREFIX . "users ADD INDEX lastip (lastip)");
                } elseif ($db->type == "pgsql") {
                    $db->write_query("ALTER TABLE " . TABLE_PREFIX . "users ADD INDEX (`lastip`)");
                }
            }
            $next_task = 9;
            break;
        case 7:
            echo "<p>Adding database indices (2/3)...</p>";
            flush();
            if (!$db->index_exists('users', 'regip')) {
                // This may take a while
                if ($db->type == "mysql" || $db->type == "mysqli") {
                    $db->write_query("ALTER TABLE " . TABLE_PREFIX . "users ADD INDEX regip (regip)");
                } elseif ($db->type == "pgsql") {
                    $db->write_query("ALTER TABLE " . TABLE_PREFIX . "users ADD INDEX (`regip`)");
                }
            }
            $next_task = 8;
            break;
        case 6:
            echo "<p>Adding database indices (1/3)...</p>";
            flush();
            if (!$db->index_exists('posts', 'ipaddress')) {
                // This may take a while
                if ($db->type == "mysql" || $db->type == "mysqli") {
                    $db->write_query("ALTER TABLE " . TABLE_PREFIX . "posts ADD INDEX ipaddress (ipaddress)");
                } elseif ($db->type == "pgsql") {
                    $db->write_query("ALTER TABLE " . TABLE_PREFIX . "posts ADD INDEX (`ipaddress`)");
                }
            }
            $next_task = 7;
            break;
        case 5:
            if (!$_POST['ipspage']) {
                $ipp = 5000;
            } else {
                $ipp = $_POST['ipspage'];
            }
            if ($_POST['ipstart']) {
                $startat = $_POST['ipstart'];
                $upper = $startat + $ipp - 1;
                $lower = $startat;
            } else {
                $startat = 0;
                $upper = $ipp;
                $lower = 0;
            }
            $next_task = 5;
            switch ($mybb->input['iptable']) {
                case 7:
                    echo "<p>Converting user IPs...</p>";
                    flush();
                    $query = $db->simple_select("users", "COUNT(uid) AS ipcount");
                    if ($db->type == "mysql" || $db->type == "mysqli") {
                        $next_task = 6;
                    } else {
                        $next_task = 9;
                    }
                    break;
                case 6:
                    echo "<p>Converting thread rating IPs...</p>";
                    flush();
                    $query = $db->simple_select("threadratings", "COUNT(rid) AS ipcount");
                    break;
                case 5:
                    echo "<p>Converting session IPs...</p>";
                    flush();
                    $query = $db->simple_select("sessions", "COUNT(sid) AS ipcount");
                    break;
                case 4:
                    echo "<p>Converting post IPs...</p>";
                    flush();
                    $query = $db->simple_select("posts", "COUNT(pid) AS ipcount");
                    break;
                case 3:
                    echo "<p>Converting moderator log IPs...</p>";
                    flush();
                    $query = $db->simple_select("moderatorlog", "COUNT(DISTINCT ipaddress) AS ipcount");
                    break;
                case 2:
                    echo "<p>Converting mail log IPs...</p>";
                    flush();
                    $query = $db->simple_select("maillogs", "COUNT(mid) AS ipcount");
                    break;
                default:
                    echo "<p>Converting admin log IPs...</p>";
                    flush();
                    $query = $db->simple_select("adminlog", "COUNT(DISTINCT ipaddress) AS ipcount");
                    break;
            }
            $cnt = $db->fetch_array($query);
            if ($upper > $cnt['ipcount']) {
                $upper = $cnt['ipcount'];
            }
            echo "<p>Converting ip {$lower} to {$upper} ({$cnt['ipcount']} Total)</p>";
            flush();
            $ipaddress = false;
            switch ($mybb->input['iptable']) {
                case 7:
                    $query = $db->simple_select("users", "uid, regip, lastip", "", array('limit_start' => $lower, 'limit' => $ipp));
                    break;
                case 6:
                    $query = $db->simple_select("threadratings", "rid, ipaddress", "", array('limit_start' => $lower, 'limit' => $ipp));
                    break;
                case 5:
                    $query = $db->simple_select("sessions", "sid, ip", "", array('limit_start' => $lower, 'limit' => $ipp));
                    break;
                case 4:
                    $query = $db->simple_select("posts", "pid, ipaddress", "", array('limit_start' => $lower, 'limit' => $ipp));
                    break;
                case 3:
                    $query = $db->simple_select("moderatorlog", "DISTINCT(ipaddress)", "", array('limit_start' => $lower, 'limit' => $ipp));
                    break;
                case 2:
                    $query = $db->simple_select("maillogs", "mid, ipaddress", "", array('limit_start' => $lower, 'limit' => $ipp));
                    break;
                default:
                    $query = $db->simple_select("adminlog", "DISTINCT(ipaddress)", "", array('limit_start' => $lower, 'limit' => $ipp));
                    $mybb->input['iptable'] = 1;
                    break;
            }
            while ($data = $db->fetch_array($query)) {
                // Skip invalid IPs
                switch ($mybb->input['iptable']) {
                    case 7:
                        $ip1 = my_inet_pton($db->unescape_binary($data['regip']));
                        $ip2 = my_inet_pton($db->unescape_binary($data['lastip']));
                        if ($ip1 === false && $ip2 === false) {
                            continue;
                        }
                        break;
                    case 5:
                        $ip = my_inet_pton($db->unescape_binary($data['ip']));
                        if ($ip === false) {
                            continue;
                        }
                        break;
                    case 6:
                    case 4:
                    case 3:
                    case 2:
                    default:
                        $ip = my_inet_pton($db->unescape_binary($data['ipaddress']));
                        if ($ip === false) {
                            continue;
                        }
                        break;
                }
                switch ($mybb->input['iptable']) {
                    case 7:
                        $db->update_query("users", array('regip' => $db->escape_binary($ip1), 'lastip' => $db->escape_binary($ip2)), "uid = '" . (int) $data['uid'] . "'");
                        break;
                    case 6:
                        $db->update_query("threadratings", array('ipaddress' => $db->escape_binary($ip)), "rid = '" . (int) $data['rid'] . "'");
                        break;
                    case 5:
                        $db->update_query("sessions", array('ip' => $db->escape_binary($ip)), "sid = '" . (int) $data['sid'] . "'");
                        break;
                    case 4:
                        $db->update_query("posts", array('ipaddress' => $db->escape_binary($ip)), "pid = '" . (int) $data['pid'] . "'");
                        break;
                    case 3:
                        $db->update_query("moderatorlog", array('ipaddress' => $db->escape_binary($ip)), "ipaddress = '" . $db->escape_string($data['ipaddress']) . "'");
                        break;
                    case 2:
                        $db->update_query("maillogs", array('ipaddress' => $db->escape_binary($ip)), "mid = '" . (int) $data['mid'] . "'");
                        break;
                    default:
                        $db->update_query("adminlog", array('ipaddress' => $db->escape_binary($ip)), "ipaddress = '" . $db->escape_string($data['ipaddress']) . "'");
                        break;
                }
                $ipaddress = true;
            }
            $remaining = $upper - $cnt['ipcount'];
            if ($remaining && $ipaddress) {
                $startat = $startat + $ipp;
                $ipstart = "<input type=\"hidden\" name=\"ipstart\" value=\"{$startat}\" />";
                $iptable = $mybb->input['iptable'];
            } else {
                $iptable = $mybb->input['iptable'] + 1;
            }
            if ($iptable <= 10) {
                $iptable = "<input type=\"hidden\" name=\"iptable\" value=\"{$iptable}\" />";
            }
            break;
        case 4:
            $next_task = 4;
            switch ($mybb->input['iptable']) {
                case 10:
                    echo "<p>Updating user table (4/4)...</p>";
                    flush();
                    $table = 'users';
                    $column = 'lastip';
                    $next_task = 5;
                    break;
                case 9:
                    echo "<p>Updating user table (3/4)...</p>";
                    flush();
                    $table = 'users';
                    $column = 'regip';
                    break;
                case 8:
                    echo "<p>Updating threadreating table...</p>";
                    flush();
                    $table = 'threadratings';
                    $column = 'ipaddress';
                    break;
                case 7:
                    echo "<p>Updating session table...</p>";
                    flush();
                    $table = 'sessions';
                    $column = 'ip';
                    break;
                case 6:
                    echo "<p>Updating searchlog table...</p>";
                    flush();
                    $table = 'searchlog';
                    $column = 'ipaddress';
                    // Skip conversion
                    $db->delete_query('searchlog');
                    break;
                case 5:
                    echo "<p>Updating post table (2/2)...</p>";
                    flush();
                    $table = 'posts';
                    $column = 'ipaddress';
                    break;
                case 4:
                    echo "<p>Updating moderatorlog table...</p>";
                    flush();
                    $table = 'moderatorlog';
                    $column = 'ipaddress';
                    break;
                case 3:
                    echo "<p>Updating maillog table...</p>";
                    flush();
                    $table = 'maillogs';
                    $column = 'ipaddress';
                    break;
                case 2:
                    echo "<p>Updating adminsession table...</p>";
                    flush();
                    $table = 'adminsessions';
                    $column = 'ip';
                    // Skip conversion
                    $db->delete_query('adminsessions');
                    break;
                default:
                    echo "<p>Updating adminlog table...</p>";
                    flush();
                    $mybb->input['iptable'] = 1;
                    $table = 'adminlog';
                    $column = 'ipaddress';
                    break;
            }
            // Truncate invalid IPs
            $db->write_query("UPDATE " . TABLE_PREFIX . "{$table} SET {$column} = SUBSTR({$column}, 16) WHERE LENGTH({$column})>16");
            switch ($db->type) {
                case "pgsql":
                    // Drop default value before converting the column
                    $db->modify_column($table, $column, false, false);
                    $db->modify_column($table, $column, "bytea USING {$column}::bytea", 'set', "''");
                    break;
                case "sqlite":
                    $db->modify_column($table, $column, "blob(16) NOT NULL default ''");
                    break;
                default:
                    $db->modify_column($table, $column, "varbinary(16) NOT NULL default ''");
                    break;
            }
            if ($mybb->input['iptable'] < 10) {
                $iptable = "<input type=\"hidden\" name=\"iptable\" value=\"" . ($mybb->input['iptable'] + 1) . "\" />";
            }
            break;
        case 3:
            echo "<p>Updating user table (2/4)...</p>";
            flush();
            if ($db->field_exists('longlastip', 'users')) {
                // This may take a while
                $db->drop_column("users", "longlastip");
            }
            $next_task = 4;
            break;
        case 2:
            echo "<p>Updating user table (1/4)...</p>";
            flush();
            if ($db->field_exists('longregip', 'users')) {
                // This may take a while
                $db->drop_column("users", "longregip");
            }
            $next_task = 3;
            break;
        default:
            echo "<p>Updating post table (1/2)...</p>";
            flush();
            if ($db->field_exists('longipaddress', 'posts')) {
                // This may take a while
                $db->drop_column("posts", "longipaddress");
            }
            $next_task = 2;
            break;
    }
    if ($next_task == 9) {
        $contents = "<p>Click next to continue with the upgrade process.</p>";
        $nextact = "30_updatetheme";
    } else {
        $contents = "<p><input type=\"hidden\" name=\"iptask\" value=\"{$next_task}\" />{$iptable}{$ipstart}Done. Click Next to continue the IP conversion.</p>";
        global $footer_extra;
        $footer_extra = "<script type=\"text/javascript\">\$(document).ready(function() { var button = \$('.submit_button'); if(button) { button.val('Automatically Redirecting...'); button.prop('disabled', true); button.css('color', '#aaa'); button.css('border-color', '#aaa'); document.forms[0].submit(); } });</script>";
        $nextact = "30_dbchanges_ip";
    }
    $output->print_contents($contents);
    $output->print_footer($nextact);
}
 /**
  * Execute Normal and Inline Thread Moderation
  *
  * @param array $thread_options Moderation information
  * @param array Thread IDs. Only the first one will be used, but it needs to be an array
  * @return boolean true
  */
 function execute_thread_moderation($thread_options, $tids)
 {
     global $db, $mybb;
     $tid = (int) $tids[0];
     // Take the first thread to get thread data from
     $query = $db->simple_select("threads", 'fid', "tid='{$tid}'");
     $thread = $db->fetch_array($query);
     // If deleting threads, only do that
     if ($thread_options['deletethread'] == 1) {
         foreach ($tids as $tid) {
             $this->delete_thread($tid);
         }
     } else {
         if ($thread_options['mergethreads'] == 1 && count($tids) > 1) {
             $tid_list = implode(',', $tids);
             $options = array('order_by' => 'dateline', 'order_dir' => 'DESC');
             $query = $db->simple_select("threads", 'tid, subject', "tid IN ({$tid_list})", $options);
             // Select threads from newest to oldest
             $last_tid = 0;
             while ($tid = $db->fetch_array($query)) {
                 if ($last_tid != 0) {
                     $this->merge_threads($last_tid, $tid['tid'], $tid['subject']);
                     // And keep merging them until we get down to one thread.
                 }
                 $last_tid = $tid['tid'];
             }
         }
         if ($thread_options['deletepoll'] == 1) {
             foreach ($tids as $tid) {
                 $this->delete_poll($tid);
             }
         }
         if ($thread_options['removeredirects'] == 1) {
             foreach ($tids as $tid) {
                 $this->remove_redirects($tid);
             }
         }
         if ($thread_options['removesubscriptions'] == 1) {
             $this->remove_thread_subscriptions($tids, true);
         }
         if ($thread_options['approvethread'] == 'approve') {
             $this->approve_threads($tids, $thread['fid']);
         } elseif ($thread_options['approvethread'] == 'unapprove') {
             $this->unapprove_threads($tids, $thread['fid']);
         } elseif ($thread_options['approvethread'] == 'toggle') {
             $this->toggle_thread_visibility($tids, $thread['fid']);
         }
         if ($thread_options['softdeletethread'] == 'softdelete') {
             $this->soft_delete_threads($tids);
         } elseif ($thread_options['softdeletethread'] == 'restore') {
             $this->restore_threads($tids);
         } elseif ($thread_options['softdeletethread'] == 'toggle') {
             $this->toggle_thread_softdelete($tids);
         }
         if ($thread_options['openthread'] == 'open') {
             $this->open_threads($tids);
         } elseif ($thread_options['openthread'] == 'close') {
             $this->close_threads($tids);
         } elseif ($thread_options['openthread'] == 'toggle') {
             $this->toggle_thread_status($tids);
         }
         if ($thread_options['stickthread'] == 'stick') {
             $this->stick_threads($tids);
         } elseif ($thread_options['stickthread'] == 'unstick') {
             $this->unstick_threads($tids);
         } elseif ($thread_options['stickthread'] == 'toggle') {
             $this->toggle_thread_importance($tids);
         }
         if ($thread_options['threadprefix'] != '-1') {
             $this->apply_thread_prefix($tids, $thread_options['threadprefix']);
             // Update thread prefix
         }
         if (my_strtolower(trim($thread_options['newsubject'])) != '{subject}') {
             $this->change_thread_subject($tids, $thread_options['newsubject']);
         }
         if (!empty($thread_options['addreply'])) {
             $tid_list = implode(',', $tids);
             $query = $db->simple_select("threads", 'uid, fid, subject, tid, firstpost, closed', "tid IN ({$tid_list}) AND closed NOT LIKE 'moved|%'");
             require_once MYBB_ROOT . "inc/datahandlers/post.php";
             // Loop threads adding a reply to each one
             while ($thread = $db->fetch_array($query)) {
                 $posthandler = new PostDataHandler("insert");
                 if (empty($thread_options['replysubject'])) {
                     $new_subject = 'RE: ' . $thread['subject'];
                 } else {
                     $new_subject = str_ireplace('{username}', $mybb->user['username'], $thread_options['replysubject']);
                     $new_subject = str_ireplace('{subject}', $thread['subject'], $new_subject);
                 }
                 // Set the post data that came from the input to the $post array.
                 $post = array("tid" => $thread['tid'], "replyto" => $thread['firstpost'], "fid" => $thread['fid'], "subject" => $new_subject, "uid" => $mybb->user['uid'], "username" => $mybb->user['username'], "message" => $thread_options['addreply'], "ipaddress" => $db->escape_binary(my_inet_pton(get_ip())));
                 // Set up the post options from the input.
                 $post['options'] = array("signature" => 1, "emailnotify" => 0, "disablesmilies" => 0);
                 if ($thread['closed'] == 1) {
                     // Keep this thread closed
                     $post['modoptions']['closethread'] = 1;
                 }
                 $posthandler->set_data($post);
                 if ($posthandler->validate_post($post)) {
                     $posthandler->insert_post($post);
                 }
             }
         }
         if ($thread_options['movethread'] > 0 && $thread_options['movethread'] != $thread['fid']) {
             if ($thread_options['movethreadredirect'] == 1) {
                 $time = TIME_NOW + $thread_options['movethreadredirectexpire'] * 86400;
                 foreach ($tids as $tid) {
                     $this->move_thread($tid, $thread_options['movethread'], 'redirect', $time);
                 }
             } else {
                 $this->move_threads($tids, $thread_options['movethread']);
             }
         }
         if ($thread_options['copythread'] > 0 || $thread_options['copythread'] == -2) {
             if ($thread_options['copythread'] == -2) {
                 $thread_options['copythread'] = $thread['fid'];
             }
             foreach ($tids as $tid) {
                 $new_tid = $this->move_thread($tid, $thread_options['copythread'], 'copy');
             }
         }
         if (!empty($thread_options['recountrebuild'])) {
             require_once MYBB_ROOT . '/inc/functions_rebuild.php';
             foreach ($tids as $tid) {
                 rebuild_thread_counters($tid);
             }
         }
     }
     // Do we have a PM subject and PM message?
     if (isset($thread_options['pm_subject']) && $thread_options['pm_subject'] != '' && isset($thread_options['pm_message']) && $thread_options['pm_message'] != '') {
         $tid_list = implode(',', $tids);
         // For each thread, we send a PM to the author
         $query = $db->simple_select("threads", 'uid', "tid IN ({$tid_list})");
         while ($uid = $db->fetch_field($query, 'uid')) {
             // Let's send our PM
             $pm = array('subject' => $thread_options['pm_subject'], 'message' => $thread_options['pm_message'], 'touid' => $uid);
             send_pm($pm, $mybb->user['uid'], 1);
         }
     }
     return true;
 }
Example #10
0
 /**
  * Converts IP-Adresses to the Format used by MyBB
  *
  * @uses mybb_functions.php
  * @param string $ip IP-Adress in dotted decimal writing (for example 127.0.0.1)
  * @return string returns the IP-Adress in the format used by MyBB
  */
 public function ip2my($ip)
 {
     return my_inet_pton($ip);
 }
Example #11
0
/**
 * Log a user spam block from StopForumSpam (or other spam service providers...)
 *
 * @param string $username The username that the user was using.
 * @param string $email    The email address the user was using.
 * @param string $ip_address The IP addres of the user.
 * @param array  $data     An array of extra data to go with the block (eg: confidence rating).
 * @return bool Whether the action was logged successfully.
 */
function log_spam_block($username = '', $email = '', $ip_address = '', $data = array())
{
    global $db, $session;
    if (!is_array($data)) {
        $data = array($data);
    }
    if (!$ip_address) {
        $ip_address = get_ip();
    }
    $ip_address = my_inet_pton($ip_address);
    $insert_array = array('username' => $db->escape_string($username), 'email' => $db->escape_string($email), 'ipaddress' => $db->escape_binary($ip_address), 'dateline' => (int) TIME_NOW, 'data' => $db->escape_string(@my_serialize($data)));
    return (bool) $db->insert_query('spamlog', $insert_array);
}