public function actionGetPost()
{
// Whole function is an ugly hack. Revisit later.
global $dependencies, $zresponse;
$postid = $this->_input->filterSingle('postid', XenForo_Input::UINT);
$type = $this->_input->filterSingle('type', XenForo_Input::STRING);
$signature = $this->_input->filterSingle('signature', XenForo_Input::UINT);
if (!$type || $type == '') {
$type = 'html';
}
$user_model = $this->getModelFromCache('XenForo_Model_User');
$session_model = $this->getModelFromCache('XenForo_Model_Session');
$thread_model = $this->getModelFromCache('XenForo_Model_Thread');
$forum_model = $this->getModelFromCache('XenForo_Model_Forum');
$attachment_model = $this->getModelFromCache('XenForo_Model_Attachment');
$helper = $this->getHelper('ForumThreadPost');
try {
list($post, $thread, $forum) = $helper->assertPostValidAndViewable($postid);
} catch (Exception $e) {
json_error($e->getControllerResponse()->errorText->render());
}
$post_model = $this->_getPostModel();
$post = $post_model->getPostById($postid, array('join' => XenForo_Model_Post::FETCH_THREAD | XenForo_Model_Post::FETCH_FORUM | XenForo_Model_Post::FETCH_USER | XenForo_Model_Post::FETCH_USER_PROFILE));
$user = $user_model->getUserById($post['user_id']);
$online_info = $session_model->getSessionActivityRecords(array('user_id' => $post['user_id'], 'cutOff' => array('>', $session_model->getOnlineStatusTimeout())));
$is_online = false;
if (count($online_info) == 1) {
$is_online = true;
}
$avatarurl = '';
if ($user !== false) {
$avatarurl = process_avatarurl(XenForo_Template_Helper_Core::getAvatarUrl($user, 'm'));
if (strpos($avatarurl, '/xenforo/avatars/avatar_') !== false) {
$avatarurl = '';
}
}
$attachments = $attachment_model->getAttachmentsByContentId('post', $postid);
$message = fr_strip_smilies($this, $post['message']);
list($text, $nuked_quotes, $images) = parse_post($message, true, array());
$image = '';
if ($type == 'html') {
$css = <<<EOF
<style type="text/css">
body {
margin: 0;
padding: 3;
font: 13px Arial, Helvetica, sans-serif;
}
.alt2 {
background-color: #e6edf5;
font: 13px Arial, Helvetica, sans-serif;
}
html {
-webkit-text-size-adjust: none;
}
</style>
EOF;
$formatter = XenForo_BbCode_Formatter_Base::create('ForumRunner_BbCode_Formatter_BbCode_Post', array('smilies' => XenForo_Application::get('smilies')));
$parser = new XenForo_BbCode_Parser($formatter);
$html = $css . $parser->render($message);
if ($signature && $post['signature']) {
$html .= '<div style="border-top: 1px dashed grey; font-size: 9pt; margin-top: 5px; padding: 5px 0 0;">' . $parser->render(fr_strip_smilies($this, $post['signature'])) . '</div>';
}
} else {
if ($type == 'facebook') {
$html = XenForo_Helper_String::censorString(XenForo_Helper_String::bbCodeStrip($message, true));
if (count($attachments)) {
$attachments = array_values($attachments);
$link = XenForo_Link::buildPublicLink('attachments', $attachments[0]);
$image = fr_get_xenforo_bburl() . '/' . $link;
}
}
}
$post_page = floor($post['position'] / XenForo_Application::get('options')->messagesPerPage) + 1;
$out = array('post_id' => $post['post_id'], 'thread_id' => $post['thread_id'], 'forum_id' => $post['node_id'], 'forum_title' => prepare_utf8_string(strip_tags($post['node_title'])), 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string(XenForo_Locale::date($post['register_date'], 'absolute')), 'usertitle' => XenForo_Template_Helper_Core::helperUserTitle($user), 'numposts' => $user ? $user['message_count'] : 0, 'userid' => $post['user_id'], 'title' => prepare_utf8_string($post['title']), 'online' => $is_online, 'post_timestamp' => prepare_utf8_string(XenForo_Locale::dateTime($post['post_date'], 'absolute')), 'html' => prepare_utf8_string($html), 'quotable' => $nuked_quotes, 'canpost' => $thread_model->canReplyToThread($thread, $forum), 'canattach' => $forum_model->canUploadAndManageAttachment($forum), 'post_link' => fr_get_xenforo_bburl() . '/' . XenForo_Link::buildPublicLink('threads', $thread, array('page' => $post_page)) . '#post-' . $post['post_id']);
if ($image != '') {
$out['image'] = $image;
}
if ($avatarurl != '') {
$out['avatarurl'] = $avatarurl;
}
return $out;
}
function fb_verify_asset_with_token($verifications_json, $token)
{
$uidx = get_uid($verifications_json);
$pidx = get_pid($verifications_json);
if (!$pidx || !$uidx) {
return false;
}
$postx = get_post_with_token($uidx, $pidx, $token);
$post_contentx = parse_post($postx);
$expected_contentx = get_expected_text($verifications_json);
$check = $post_contentx == $expected_contentx ? TRUE : FALSE;
// Eyal, I think we should log the following msg
if (!$check) {
$msg = $check ? 'Asset is verified' : 'Asset verification failed. Expected [' . $expected_contentx . '] but got [' . $post_contentx . ']';
echo "<br/>msg: [" . $msg . "]";
}
return $check;
}
function do_get_post()
{
global $vbulletin, $db, $foruminfo, $threadinfo, $postid, $postinfo;
$vbulletin->input->clean_array_gpc('r', array('type' => TYPE_STR));
$type = 'html';
if ($vbulletin->GPC['type']) {
$type = $vbulletin->GPC['type'];
}
if (!$postinfo['postid']) {
standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink']));
}
if ((!$postinfo['visible'] or $postinfo['isdeleted']) and !can_moderate($threadinfo['forumid'])) {
standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink']));
}
if ((!$threadinfo['visible'] or $threadinfo['isdeleted']) and !can_moderate($threadinfo['forumid'])) {
standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink']));
}
$forumperms = fetch_permissions($threadinfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) {
json_error(ERR_NO_PERMISSION);
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) {
json_error(ERR_NO_PERMISSION);
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
$postbit_factory = new vB_Postbit_Factory();
$postbit_factory->registry =& $vbulletin;
$postbit_factory->forum =& $foruminfo;
$postbit_factory->cache = array();
$postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
$post = $db->query_first_slave("\n\tSELECT\n\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n\t user.*, userfield.*, usertextfield.*,\n\t " . iif($foruminfo['allowicons'], 'icon.title as icontitle, icon.iconpath,') . "\n\t IF(user.displaygroupid=0, user.usergroupid, user.displaygroupid) AS displaygroupid, infractiongroupid,\n\t\t" . iif($vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight,') . "\n\t\t" . ((can_moderate($threadinfo['forumid'], 'canmoderateposts') or can_moderate($threadinfo['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . "\n\t\teditlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline, editlog.reason AS edit_reason, editlog.hashistory,\n\t\tpostparsed.pagetext_html, postparsed.hasimages,\n\t\tsigparsed.signatureparsed, sigparsed.hasimages AS sighasimages,\n\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight\n\t\t" . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), $vbulletin->profilefield['hidden']) . "\n\t\t{$hook_query_fields}\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t\t" . iif($foruminfo['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . "\n\t\t" . iif($vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . "\n\t\t" . ((can_moderate($threadinfo['forumid'], 'canmoderateposts') or can_moderate($threadinfo['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . "\n\t\tLEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ")\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ")\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid)\n\t\t{$hook_query_joins}\n\t\tWHERE post.postid = {$postid}\n ");
$types = vB_Types::instance();
$contenttypeid = $types->getContentTypeID('vBForum_Post');
$attachments = $db->query_read_slave("\n\t\tSELECT\n\t\t\tfd.thumbnail_dateline, fd.filesize, IF(fd.thumbnail_filesize > 0, 1, 0) AS hasthumbnail, fd.thumbnail_filesize,\n\t\t\ta.dateline, a.state, a.attachmentid, a.counter, a.contentid AS postid, a.filename,\n\t\t\ttype.contenttypes\n\t\tFROM " . TABLE_PREFIX . "attachment AS a\n\t\tINNER JOIN " . TABLE_PREFIX . "filedata AS fd ON (a.filedataid = fd.filedataid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "attachmenttype AS type ON (fd.extension = type.extension)\n\t\tWHERE\n\t\t\ta.contentid = {$postid}\n\t\t\t\tAND\n\t\t\ta.contenttypeid = {$contenttypeid}\n\t\tORDER BY a.attachmentid\n\t");
$fr_images = array();
while ($attachment = $db->fetch_array($attachments)) {
$lfilename = strtolower($attachment['filename']);
if (strpos($lfilename, '.jpe') !== false || strpos($lfilename, '.png') !== false || strpos($lfilename, '.gif') !== false || strpos($lfilename, '.jpg') !== false || strpos($lfilename, '.jpeg') !== false) {
$tmp = array('img' => $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid']);
if ($vbulletin->options['attachthumbs']) {
$tmp['tmb'] = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'] . '&stc=1&thumb=1';
}
$fr_images[] = $tmp;
}
}
$postbits = '';
$postbit_obj =& $postbit_factory->fetch_postbit('post');
$postbit_obj->cachable = $post_cachable;
$postbits .= $postbit_obj->construct_postbit($post);
if ($type == 'html') {
$bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
$vbulletin->templatecache['bbcode_quote'] = '
<div style=\\"margin:0px; margin-top:0px;\\">
<table cellpadding=\\"$stylevar[cellpadding]\\" cellspacing=\\"0\\" border=\\"0\\" width=\\"100%\\">
<tr>
<td class=\\"alt2\\" style=\\"border:1px solid #777777;\\">
".(($show[\'username\']) ? ("
<div>
" . construct_phrase("$vbphrase[originally_posted_by_x]", "$username") . "
</div>
<div style=\\"font-style:italic\\">$message</div>
") : ("
$message
"))."
</td>
</tr>
</table>
</div>
';
$css = <<<EOF
<style type="text/css">
body {
margin: 0;
padding: 3;
font: 13px Arial, Helvetica, sans-serif;
}
.alt2 {
background-color: #e6edf5;
font: 13px Arial, Helvetica, sans-serif;
}
html {
-webkit-text-size-adjust: none;
}
</style>
EOF;
$html = $css . $bbcode_parser->parse($post['pagetext']);
$image = '';
} else {
if ($type == 'facebook') {
$html = fetch_censored_text(strip_bbcode(strip_quotes($post['pagetext']), false, true));
if (count($fr_images)) {
$image = $fr_images[0]['img'];
}
}
}
// Figure out if we can post
$canpost = true;
if ($threadinfo['isdeleted'] or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
$canpost = false;
}
if (!$foruminfo['allowposting'] or $foruminfo['link'] or !$foruminfo['cancontainthreads']) {
$canpost = false;
}
if (!$threadinfo['open']) {
if (!can_moderate($threadinfo['forumid'], 'canopenclose')) {
$canpost = false;
}
}
if (($vbulletin->userinfo['userid'] != $threadinfo['postuserid'] or !$vbulletin->userinfo['userid']) and (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyothers']))) {
$canpost = false;
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyown']) and $vbulletin->userinfo['userid'] == $threadinfo['postuserid']) {
$canpost = false;
}
// Avatar work
$avatarurl = '';
if ($post['avatarurl']) {
$avatarurl = process_avatarurl($post['avatarurl']);
}
// Get post date/time
$postdate = vbdate($vbulletin->options['dateformat'], $post['dateline'], 1);
$posttime = vbdate($vbulletin->options['timeformat'], $post['dateline']);
// Parse the post for quotes and inline images
list($text, $nuked_quotes, $images) = parse_post($post['pagetext'], $post['allowsmilie'] && $usesmilies);
$out = array('html' => prepare_utf8_string($html), 'post_id' => $post['postid'], 'thread_id' => $post['threadid'], 'forum_id' => $foruminfo['forumid'], 'forum_title' => prepare_utf8_string($foruminfo['title_clean']), 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string($post['joindate']), 'usertitle' => prepare_utf8_string(strip_tags($post['usertitle'])), 'numposts' => $post['posts'] ? (string) $post['posts'] : '0', 'userid' => $post['userid'], 'title' => prepare_utf8_string($post['title']), 'post_timestamp' => prepare_utf8_string(date_trunc($postdate) . ' ' . $posttime), 'canpost' => $canpost, 'quotable' => $nuked_quotes, 'canattach' => $forumperms & $vbulletin->bf_ugp_forumpermissions['canpostattachment'] and $vbulletin->userinfo['userid'], 'edittext' => prepare_utf8_string($post['pagetext']));
if ($avatarurl != '') {
$out['avatarurl'] = $avatarurl;
}
if ($post['editlink']) {
$out['canedit'] = true;
}
if ($image != '') {
$out['image'] = $image;
}
return $out;
}
function fr_parse_conversation_reply($message, $conversation_id)
{
$userinfo = vB_Api::instance('user')->fetchUserinfo($message['userid']);
list($parsed_text, , ) = parse_post($message['rawtext']);
$out = array('post_id' => $message['nodeid'], 'thread_id' => $conversation_id, 'title' => $message['title'] ? $message['title'] : remove_bbcode($message['pagetext']), 'userid' => $message['userid'], 'username' => $message['authorname'], 'usertitle' => $userinfo['usertitle'], 'numposts' => $userinfo['posts'], 'joindate' => fr_date($userinfo['joindate']), 'online' => fr_get_user_online($userinfo['lastactivity']), 'text' => $parsed_text, 'quotable' => $message['rawtext']);
return $out;
}
function get_article_comments($article, $associated_thread_id, $userinfo, &$pageno, &$perpage, &$total)
{
require_once DIR . '/includes/functions_misc.php';
require_once DIR . '/includes/functions.php';
require_once DIR . '/includes/functions_databuild.php';
require_once DIR . '/includes/functions_bigthree.php';
$posts_out = array();
fetch_phrase_group('posting');
$threadinfo = verify_id('thread', $associated_thread_id, 0, 1);
$foruminfo = verify_id('forum', $threadinfo['forumid'], 0, 1);
//First let's see if we have forum/thread view permissions. If not,
// we're done
if (!($permissions = can_view_thread($article->getNodeId(), $userinfo))) {
return array();
}
$forumperms = fetch_permissions($threadinfo['forumid']);
//Normally this thread will be wide open, so let's get the list first
// without checking. We'll verify each post anyway.
//get our results
$results = get_comments($permissions, $associated_thread_id);
$record_count = count($results);
if (!$results or !count($results)) {
return array();
}
//we accept the parameter "last" for pageno.
if ($pageno == FR_LAST_POST) {
$pageno = intval(($record_count + $perpage - 1) / $perpage);
$first = ($pageno - 1) * $perpage;
} else {
$pageno = max(1, intval($pageno));
$first = $perpage * ($pageno - 1);
}
//Let's trim off the results we need.
//This also tells us if we should show the "next" button.
$post_array = array_slice($results, $first, $perpage, true);
if (!$post_array) {
return array();
}
$firstpostid = false;
$displayed_dateline = 0;
if (vB::$vbulletin->options['threadmarking'] and vB::$vbulletin->userinfo['userid']) {
$threadview = max($threadinfo['threadread'], $threadinfo['forumread'], TIMENOW - vB::$vbulletin->options['markinglimit'] * 86400);
} else {
$threadview = intval(fetch_bbarray_cookie('thread_lastview', $thread['threadid']));
if (!$threadview) {
$threadview = vB::$vbulletin->userinfo['lastvisit'];
}
}
require_once DIR . '/includes/functions_user.php';
$show['inlinemod'] = false;
$postids = array();
$postids = ' post.postid in (' . implode(', ', $post_array) . ')';
$posts = vB::$vbulletin->db->query_read($sql = "\n\tSELECT\n\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n\t user.*, userfield.*, usertextfield.*,\n\t " . iif($forum['allowicons'], 'icon.title as icontitle, icon.iconpath,') . "\n\t " . iif(vB::$vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight,') . "\n\t " . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . "\n\t " . iif($deljoin, 'deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason,') . "\n\t editlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline,\n\t editlog.reason AS edit_reason, editlog.hashistory,\n\t postparsed.pagetext_html, postparsed.hasimages,\n\t sigparsed.signatureparsed, sigparsed.hasimages AS sighasimages,\n\t sigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight,\n\t IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid,\n\t customprofilepic.userid AS profilepic, customprofilepic.dateline AS profilepicdateline, customprofilepic.width AS ppwidth, customprofilepic.height AS ppheight\n\t " . iif(!($permissions['genericpermissions'] & vB::$vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), vB::$vbulletin->profilefield['hidden']) . "\n\t {$hook_query_fields}\n\t FROM " . TABLE_PREFIX . "post AS post\n\t LEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n\t LEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n\t LEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t " . iif($forum['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . "\n\t " . iif(vB::$vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . "\n\t " . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . "\n\t {$deljoin}\n\t LEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid)\n\t LEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ")\n\t LEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ")\n\t LEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid)\n\t LEFT JOIN " . TABLE_PREFIX . "customprofilepic AS customprofilepic ON (user.userid = customprofilepic.userid)\n\t {$hook_query_joins}\n\t WHERE {$postids}\n\t ORDER BY post.dateline\n\t ");
if (!($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['canseethumbnails']) and !($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['cangetattachment'])) {
vB::$vbulletin->options['attachthumbs'] = 0;
}
if (!($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['cangetattachment'])) {
vB::$vbulletin->options['viewattachedimages'] = 0;
}
$postcount = count($postid_array);
$counter = 0;
$postbits = '';
vB::$vbulletin->noheader = true;
while ($post = vB::$vbulletin->db->fetch_array($posts)) {
if (!$privileges['can_moderate_forums']) {
if ($privileges['is_coventry'] or $post['visible'] == 2) {
continue;
}
}
// post/thread is deleted by moderator and we don't have permission to see it
if (!($post['visible'] or $privileges['can_moderate_posts'])) {
continue;
}
if (!intval($post['userid'])) {
$post['avatarid'] = false;
} else {
if (!$post['hascustomavatar']) {
if ($post['profilepic']) {
$post['hascustomavatar'] = 1;
$post['avatarid'] = true;
$post['avatarpath'] = "./image.php?u=" . $post['userid'] . "&dateline=" . $post['profilepicdateline'] . "&type=profile";
$post['avwidth'] = $post['ppwidth'];
$post['avheight'] = $post['ppheight'];
} else {
$post['hascustomavatar'] = 1;
$post['avatarid'] = true;
// explicity setting avatarurl to allow guests comments to show unknown avatar
$post['avatarurl'] = $post['avatarpath'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . '/unknown.gif';
$post['avwidth'] = 60;
$post['avheight'] = 60;
}
}
}
if ($tachyuser = in_coventry($post['userid']) and !can_moderate($thread['forumid'])) {
continue;
}
if ($post['visible'] == 1 and !$tachyuser) {
++$counter;
if ($postorder) {
$post['postcount'] = --$postcount;
} else {
$post['postcount'] = ++$postcount;
}
}
if ($tachyuser) {
$fetchtype = 'post_global_ignore';
} else {
if ($ignore["{$post['userid']}"]) {
$fetchtype = 'post_ignore';
} else {
if ($post['visible'] == 2) {
$fetchtype = 'post_deleted';
} else {
$fetchtype = 'post';
}
}
}
if (vB::$vbulletin->GPC['viewfull'] and $post['postid'] == $postinfo['postid'] and $fetchtype != 'post' and (can_moderate($threadinfo['forumid']) or !$post['isdeleted'])) {
$fetchtype = 'post';
}
if (!$firstpostid) {
$firstpostid = $post['postid'];
}
$post['islastshown'] = $post['postid'] == $lastpostid;
$post['isfirstshown'] = ($counter == 1 and $fetchtype == 'post' and $post['visible'] == 1);
$post['islastshown'] = $post['postid'] == $lastpostid;
$post['attachments'] = $postattach["{$post['postid']}"];
$canedit = false;
if (!$threadinfo['isdeleted'] and !$post['isdeleted'] and (can_moderate($threadinfo['forumid'], 'caneditposts') or $threadinfo['open'] and $post['userid'] == vB::$vbulletin->userinfo['userid'] and $forumperms & vB::$vbulletin->bf_ugp_forumpermissions['caneditpost'] and ($post['dateline'] >= TIMENOW - vB::$vbulletin->options['edittimelimit'] * 60 or vB::$vbulletin->options['edittimelimit'] == 0))) {
$canedit = true;
}
// Get post date/time
$postdate = vbdate(vB::$vbulletin->options['dateformat'], $post['dateline'], 1);
$posttime = vbdate(vB::$vbulletin->options['timeformat'], $post['dateline']);
$attachments = array();
$fr_images = array();
// Attachments (images).
if (count($post['attachments']) > 0) {
foreach ($post['attachments'] as $attachment) {
$lfilename = strtolower($attachment['filename']);
if (strpos($lfilename, '.jpe') !== false || strpos($lfilename, '.png') !== false || strpos($lfilename, '.gif') !== false || strpos($lfilename, '.jpg') !== false || strpos($lfilename, '.jpeg') !== false) {
$fr_images[] = array('img' => vB::$vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'], 'tmb' => vB::$vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'] . '&stc=1&thumb=1');
}
}
}
// Parse the post for quotes and inline images
list($text, $nuked_quotes, $images) = parse_post($post['pagetext'], false);
if (count($fr_images) > 0) {
$text .= "<br/>";
foreach ($fr_images as $attachment) {
$text .= "<img src=\"{$attachment['img']}\"/>";
}
}
foreach ($images as $image) {
$fr_images[] = array('img' => $image);
}
$avatarurl = '';
// Avatar work
if (vB::$vbulletin->options['avatarenabled']) {
require_once DIR . '/includes/functions_user.php';
$userinfo = fetch_userinfo($post['userid'], FETCH_USERINFO_AVATAR);
fetch_avatar_from_userinfo($userinfo);
if ($userinfo['avatarurl']) {
$avatarurl = process_avatarurl($userinfo['avatarurl']);
}
}
$tmp = array('post_id' => $post['postid'], 'thread_id' => $post['threadid'], 'forum_id' => $foruminfo['forumid'], 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string($post['joindate']), 'usertitle' => prepare_utf8_string(strip_tags($post['usertitle'])), 'numposts' => $post['posts'], 'userid' => $post['userid'], 'title' => prepare_utf8_string($post['title']), 'post_timestamp' => prepare_utf8_string(date_trunc($postdate) . ' ' . $posttime), 'fr_images' => $fr_images, 'image_thumbs' => array());
// Soft Deleted
if ($post['visible'] == 2) {
$tmp['deleted'] = true;
$tmp['del_username'] = prepare_utf8_string($post['del_username']);
if ($post['del_reason']) {
$tmp['del_reason'] = prepare_utf8_string($post['del_reason']);
}
} else {
$tmp['text'] = $text;
$tmp['quotable'] = $nuked_quotes;
if ($canedit) {
$tmp['canedit'] = true;
$tmp['edittext'] = prepare_utf8_string($post['pagetext']);
}
}
if ($avatarurl != '') {
$tmp['avatarurl'] = $avatarurl;
}
$posts_out[] = $tmp;
}
if ($LASTPOST['dateline'] > $displayed_dateline) {
$displayed_dateline = $LASTPOST['dateline'];
if ($displayed_dateline <= $threadview) {
$updatethreadcookie = true;
}
}
// Set thread last view
if ($displayed_dateline and $displayed_dateline > $threadview) {
mark_thread_read($threadinfo, $foruminfo, vB::$vbulletin->userinfo['userid'], $displayed_dateline);
}
vB::$vbulletin->db->free_result($posts);
unset($post);
$total = $record_count;
return $posts_out;
}
$er = json_decode($post, TRUE)['error']['message'];
// $user_post = get_post('100010281887017','486051034905643');
// TESTS
// $var_test = ()? PASS:FAIL;
$verified_test = fb_verify_asset($verified_json) == 1 ? PASS : FAIL;
$unverified_test = fb_verify_asset($unverified_json) != 1 ? PASS : FAIL;
$fake_networks_test = fb_verify_asset($fake_networks_json) != 1 ? PASS : FAIL;
$another_user_test = fb_verify_asset($user2_json) == 1 ? PASS : FAIL;
$third_user_test = fb_verify_asset($user3_json) == 1 ? PASS : FAIL;
$another_token_test = fb_verify_asset_with_token($verified_json, FB_APP_TOKEN_2) == 1 ? PASS : FAIL;
$pid_test = $pid == 486035954907151.0 ? PASS : FAIL;
$uid_test = $uid == 1232952150 ? PASS : FAIL;
$expected_text = preg_match("/LJEC6Q2h9JKNvZqEC87TbEXvxm4br1uivb2QX/", get_expected_text($verified_json)) ? PASS : FAIL;
// 2015-10-06T08:28:06+0000
$getpost_test = strlen($ct) == 24 ? PASS : FAIL;
$content_test = preg_match("/LJEC6Q2h9JKNvZqEC87TbEXvxm4br1uivb2QX/", parse_post($post)) ? PASS : FAIL;
$error_test = preg_match("/Error validating access token/", $er) ? FAIL : PASS;
// OUTPUT
echo "<br/>verified_test: [" . $verified_test . "]";
echo "<br/>unverified_test: [" . $unverified_test . "]";
echo "<br/>fake_networks_test: [" . $fake_networks_test . "]";
echo "<br/>another_user_test: [" . $another_user_test . "]";
echo "<br/>third_user_test: [" . $third_user_test . "]";
echo "<br/>another_token_test: [" . $another_token_test . "]";
echo "<hr/>";
echo "<br/>post id from json: [" . $pid_test . "]";
echo "<br/>user id from json: [" . $uid_test . "]";
// echo "<br/>access token from file: [".$accesstoken_test."]";
echo "<br/>expected txt [" . $expected_text . "]";
echo "<br/>getpost: [" . $getpost_test . "]";
echo "<br/>post content: [" . $content_test . "]";
function do_showresults($searchid, $pagenumber = 1, $perpage = 25)
{
global $vbulletin, $db, $show, $vbphrase, $current_user, $show;
$vbulletin->options['threadpreview'] = FR_PREVIEW_LEN;
$vbulletin->input->clean_array_gpc('r', array('previewtype' => TYPE_INT));
$previewtype = $vbulletin->GPC['previewtype'];
if (!$previewtype) {
$previewtype = 1;
}
$bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
// Get exclude IDs
$exclude_ids = @explode(',', $vbulletin->options['forumrunner_exclude']);
if (in_array('-1', $exclude_ids)) {
$exclude_ids = array();
}
if ($results = vB_Search_Results::create_from_searchid($current_user, $searchid)) {
$pages = $results->get_page($pagenumber, $perpage, 10000);
} else {
$pages = array();
}
if (count($pages) == 0) {
$threads[]['error'] = strip_tags(fetch_error('searchnoresults', ''));
return array('threads' => $threads, 'total_threads' => count($threads));
}
$thread_data = array();
$skipped = 0;
foreach ($pages as $item) {
switch (get_class($item)) {
case 'vBForum_Search_Result_Thread':
$thread = $item->get_thread();
$foruminfo = fetch_foruminfo($thread->get_field('forumid'));
$parentlist = explode(',', substr($foruminfo['parentlist'], 0, -3));
$skip = false;
foreach ($parentlist as $parent_id) {
if (in_array($parent_id, $exclude_ids)) {
$skip = true;
}
}
if ($thread->get_field('visible') == 2) {
$skip = true;
}
if ($skip) {
$skipped++;
continue;
}
$lastread = $thread->get_forum()->get_last_read_by_current_user($current_user);
$legacy_thread = process_thread_array($thread->get_record(), $lastread);
$date = vbdate($vbulletin->options['dateformat'], $thread->get_field('lastpost'));
$time = vbdate($vbulletin->options['timeformat'], $thread->get_field('lastpost'));
$previewinfo = $db->query_first_slave("\n\t\tSELECT *\n\t\tFROM " . TABLE_PREFIX . "post\n\t\tWHERE postid = " . $thread->get_field($previewtype == 1 ? 'firstpostid' : 'lastpostid') . "\n\t ");
$preview = '';
if (method_exists($bbcode_parser, 'get_preview')) {
$preview = $bbcode_parser->get_preview(fetch_censored_text($previewinfo['pagetext']), 200);
} else {
// vB4 prior to vB4.0.4 did not have get_preview()
list($text, $nuked_quotes, $images) = parse_post($previewinfo['pagetext'], true, array());
$preview = preview_chop(fetch_censored_text($nuked_quotes), 200);
}
$avatarurl = '';
if ($previewinfo['userid'] > 0) {
$userinfoavatar = fetch_userinfo($previewinfo['userid'], FETCH_USERINFO_AVATAR);
fetch_avatar_from_userinfo($userinfoavatar, true, false);
if ($userinfoavatar['avatarurl'] != '') {
$avatarurl = process_avatarurl($userinfoavatar['avatarurl']);
}
unset($userinfoavatar);
}
$tmp = array('thread_id' => $thread->get_field('threadid'), 'new_posts' => $show['gotonewpost'], 'forum_id' => $thread->get_field('forumid'), 'total_posts' => $thread->get_field('replycount'), 'forum_title' => prepare_utf8_string(strip_tags($foruminfo['title'])), 'thread_title' => prepare_utf8_string(strip_tags($thread->get_field('title'))), 'thread_preview' => prepare_utf8_string(preview_chop(strip_tags(strip_bbcode(html_entity_decode($preview))), FR_PREVIEW_LEN)), 'post_userid' => $previewinfo['userid'], 'post_lastposttime' => prepare_utf8_string(date_trunc($date) . ' ' . $time), 'post_username' => prepare_utf8_string(strip_tags($previewinfo['username'])));
if ($avatarurl != '') {
$tmp['avatarurl'] = $avatarurl;
}
if ($thread->get_field('prefixid')) {
$prefixid = $thread->get_field('prefixid');
$tmp['prefix'] = prepare_utf8_string(strip_tags($vbphrase["prefix_{$prefixid}_title_plain"]));
}
if ($thread->get_field('attach')) {
$tmp['attach'] = true;
}
if ($thread->get_field('pollid')) {
$tmp['poll'] = true;
}
$thread_data[] = $tmp;
break;
case 'vBForum_Search_Result_Post':
$post = $item->get_post();
$thread = $post->get_thread();
$foruminfo = fetch_foruminfo($thread->get_field('forumid'));
$parentlist = explode(',', substr($foruminfo['parentlist'], 0, -3));
$skip = false;
foreach ($parentlist as $parent_id) {
if (in_array($parent_id, $exclude_ids)) {
$skip = true;
}
}
if ($post->get_field('visible') == 2) {
$skip = true;
}
if ($skip) {
$skipped++;
continue;
}
$date = vbdate($vbulletin->options['dateformat'], $post->get_field('dateline'));
$time = vbdate($vbulletin->options['timeformat'], $post->get_field('dateline'));
$avatarurl = '';
if ($post->get_field('userid') > 0) {
$userinfoavatar = fetch_userinfo($post->get_field('userid'), FETCH_USERINFO_AVATAR);
fetch_avatar_from_userinfo($userinfoavatar, true, false);
if ($userinfoavatar['avatarurl'] != '') {
$avatarurl = process_avatarurl($userinfoavatar['avatarurl']);
}
unset($userinfoavatar);
}
$tmp = array('thread_id' => $post->get_field('threadid'), 'post_id' => $post->get_field('postid'), 'jump_to_post' => 1, 'forum_id' => $thread->get_field('forumid'), 'forum_title' => prepare_utf8_string(strip_tags($foruminfo['title'])), 'thread_title' => prepare_utf8_string(strip_tags($thread->get_field('title'))), 'thread_preview' => prepare_utf8_string(preview_chop(htmlspecialchars_uni(fetch_censored_text(strip_bbcode(strip_quotes(html_entity_decode($post->get_field('pagetext'))), false, true))), FR_PREVIEW_LEN)), 'post_userid' => $post->get_field('userid'), 'post_lastposttime' => prepare_utf8_string(date_trunc($date) . ' ' . $time), 'post_username' => prepare_utf8_string(strip_tags($post->get_field('username'))));
if ($avatarurl != '') {
$tmp['avatarurl'] = $avatarurl;
}
if ($thread->get_field('prefixid')) {
$prefixid = $thread->get_field('prefixid');
$tmp['prefix'] = prepare_utf8_string(strip_tags($vbphrase["prefix_{$prefixid}_title_plain"]));
}
if ($post->get_field('attach')) {
$tmp['attach'] = true;
}
$thread_data[] = $tmp;
break;
}
}
$out = array();
if (is_array($thread_data) && count($thread_data) > 0) {
$out['threads'] = $thread_data;
$out['total_threads'] = max($results->get_confirmed_count() - $skipped, 0);
} else {
$out['threads'] = array();
$out['total_threads'] = 0;
}
$out['searchid'] = $searchid;
return $out;
}
public function actionGetConversation()
{
$conversationid = $this->_input->filterSingle('conversationid', XenForo_Input::UINT);
$signature = $this->_input->filterSingle('signature', XenForo_Input::UINT);
$page = max($this->_input->filterSingle('page', XenForo_Input::UINT), 1);
$perpage = $this->_input->filterSingle('perpage', XenForo_Input::UINT);
if (!$perpage) {
$perpage = XenForo_Application::get('options')->messagesPerPage;
}
$conversation_model = $this->_getConversationModel();
$session_model = $this->getModelFromCache('XenForo_Model_Session');
try {
$conversation_info = $this->_getConversationOrError($conversationid);
} catch (Exception $e) {
json_error($e->getControllerResponse()->errorText->render());
}
$gotomessageid = 0;
if ($page == FR_LAST_POST) {
if (!$conversation_info['last_read_date']) {
$page = 1;
} else {
if ($conversation_info['last_read_date'] >= $conversation_info['last_message_date']) {
$first_unread = false;
} else {
$first_unread = $conversation_model->getNextMessageInConversation($conversationid, $conversation_info['last_read_date']);
}
if (!$first_unread || $first_unread['message_id'] == $conversation_info['last_message_id']) {
$page = floor($conversation_info['reply_count'] / $perpage) + 1;
$gotomessageid = $conversation_info['last_message_id'];
} else {
$before = $conversation_model->countMessagesBeforeDateInConversation($conversationid, $first_unread['message_date']);
$page = floor($before / $perpage) + 1;
$gotomessageid = $first_unread['message_id'];
}
}
}
$recipients = $conversation_model->getConversationRecipients($conversationid);
$messages = $conversation_model->getConversationMessages($conversationid, array('page' => $page, 'perPage' => $perpage));
$max = $conversation_model->getMaximumMessageDate($messages);
if ($max > $conversation_info['last_read_date']) {
$conversation_model->markConversationAsRead($conversationid, XenForo_Visitor::getUserId(), $max, $conversation_info['last_message_date']);
}
$messages = $conversation_model->prepareMessages($messages, $conversation_info);
$user_model = $this->getModelFromCache('XenForo_Model_User');
foreach ($messages as &$message) {
$user = $user_model->getUserById($message['user_id']);
$online_info = $session_model->getSessionActivityRecords(array('user_id' => $message['user_id'], 'cutOff' => array('>', $session_model->getOnlineStatusTimeout())));
$is_online = false;
if (count($online_info) == 1) {
$is_online = true;
}
list($text, $nuked_quotes, $images) = parse_post(fr_strip_smilies($this, XenForo_Helper_String::censorString($message['message'])), true);
$fr_images = array();
foreach ($images as $image) {
$fr_images[] = array('img' => $image);
}
$avatarurl = '';
if ($user !== false) {
$avatarurl = process_avatarurl(XenForo_Template_Helper_Core::getAvatarUrl($user, 'm'));
if (strpos($avatarurl, '/xenforo/avatars/avatar_') !== false) {
$avatarurl = '';
}
}
$out = array('post_id' => $message['message_id'], 'thread_id' => $message['conversation_id'], 'username' => prepare_utf8_string(strip_tags($message['username'])), 'joindate' => prepare_utf8_string(XenForo_Locale::date($message['register_date'], 'absolute')), 'usertitle' => XenForo_Template_Helper_Core::helperUserTitle($user), 'numposts' => $user ? $user['message_count'] : 0, 'userid' => $message['user_id'], 'online' => $is_online, 'post_timestamp' => prepare_utf8_string(XenForo_Locale::dateTime($message['message_date'], 'absolute')), 'fr_images' => $fr_images, 'text' => $text, 'quotable' => $nuked_quotes);
if ($avatarurl != '') {
$out['avatarurl'] = $avatarurl;
}
if ($signature) {
$sig = trim(strip_tags(remove_bbcode($message['signature'], true, true), '<a>'));
$sig = str_replace(array("\t", "\r"), array('', ''), $sig);
$sig = str_replace("\n\n", "\n", $sig);
$out['sig'] = prepare_utf8_string($sig);
}
$message_data[] = $out;
}
$out = array('posts' => $message_data, 'total_posts' => $conversation_info['reply_count'] + 1, 'page' => $page, 'canattach' => false, 'canpost' => true, 'title' => prepare_utf8_string(XenForo_Helper_String::censorString($conversation_info['title'])), 'thread_link' => process_avatarurl(XenForo_Link::buildPublicLink('conversations', $conversation_info)));
if ($gotomessageid) {
$out['gotopostid'] = $gotomessageid;
}
$r = array_values($conversation_model->getConversationRecipients($conversationid));
$recipients = '';
for ($i = 0; $i < count($r); $i++) {
if ($i != 0) {
$recipients .= ', ';
}
$recipients .= prepare_utf8_string(strip_tags($r[$i]['username']));
}
$out['recipients'] = $recipients;
return $out;
}
function fr_post_to_bbcode($node)
{
require_once DIR . '/includes/class_core.php';
require_once DIR . '/includes/class_bbcode.php';
$post = array();
$bbcode_parser = new vB_BbCodeParser(vB::get_registry(), fetch_tag_list());
$post['signature'] = '';
if (!empty($node['content']['signature']['raw'])) {
$bbcode_parser->set_parse_userinfo($node['content']['userinfo']);
$post['signature'] = $bbcode_parser->parse($node['content']['signature']['raw'], 'signature', true, false, '', $node['content']['signaturepic'], true);
$sig = trim(remove_bbcode(strip_tags($post['signature']), true, true), '<a>');
$sig = str_replace(array("\t", "\r"), array('', ''), $sig);
$sig = str_replace("\n\n", "\n", $sig);
$post['signature'] = $sig;
}
list($text, , $images) = parse_post($node['content']['rawtext']);
$post['html'] = $text;
$post['images'] = $images;
return $post;
}
function do_get_announcement()
{
global $vbulletin, $db, $foruminfo;
if (empty($foruminfo['forumid'])) {
json_error(ERR_INVALID_FORUM);
}
$usesmilies = false;
// begin vbulletin
$forumlist = '';
if ($announcementinfo['forumid'] > -1 or $vbulletin->GPC['forumid']) {
$foruminfo = verify_id('forum', $vbulletin->GPC['forumid'], 1, 1);
$curforumid = $foruminfo['forumid'];
$forumperms = fetch_permissions($foruminfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) {
json_error(ERR_NO_PERMISSION);
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
$forumlist = fetch_forum_clause_sql($foruminfo['forumid'], 'announcement.forumid');
} else {
if (!$announcementinfo['announcementid']) {
json_error(ERR_INVALID_ANNOUNCEMENT);
}
}
$hook_query_fields = $hook_query_joins = $hook_query_where = '';
$announcements = $db->query_read_slave("\n\t\tSELECT announcement.announcementid, announcement.announcementid AS postid, startdate, enddate, announcement.title, pagetext, announcementoptions, views, announcement.pagetext,\n\t\t\tuser.*, userfield.*, usertextfield.*,\n\t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight,\n\t\t\tIF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid\n\t\t\t" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "\n\t\t\t" . ($vbulletin->userinfo['userid'] ? ", NOT ISNULL(announcementread.announcementid) AS readannouncement" : "") . "\n\t\t\t{$hook_query_fields}\n\t\tFROM " . TABLE_PREFIX . "announcement AS announcement\n\t\t" . ($vbulletin->userinfo['userid'] ? "LEFT JOIN " . TABLE_PREFIX . "announcementread AS announcementread ON(announcementread.announcementid = announcement.announcementid AND announcementread.userid = " . $vbulletin->userinfo['userid'] . ")" : "") . "\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid=announcement.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid=announcement.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid=announcement.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = announcement.userid)\n\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid=user.avatarid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid=announcement.userid)" : "") . "\n\t\t{$hook_query_joins}\n\t\tWHERE\n\t\t\t" . ($vbulletin->GPC['announcementid'] ? "announcement.announcementid = " . $vbulletin->GPC['announcementid'] : "startdate <= " . TIMENOW . " AND enddate >= " . TIMENOW . " " . (!empty($forumlist) ? "AND {$forumlist}" : "")) . "\n\t\t\t{$hook_query_where}\n\t\tORDER BY startdate DESC, announcementid DESC\n\t");
if ($db->num_rows($announcements) == 0) {
// no announcements
json_error(ERR_INVALID_ANNOUNCEMENT);
}
if (!$vbulletin->options['oneannounce'] and $vbulletin->GPC['announcementid'] and !empty($forumlist)) {
$anncount = $db->query_first_slave("\n\t\t\tSELECT COUNT(*) AS total\n\t\t\tFROM " . TABLE_PREFIX . "announcement AS announcement\n\t\t\tWHERE startdate <= " . TIMENOW . "\n\t\t\t\tAND enddate >= " . TIMENOW . "\n\t\t\t\tAND {$forumlist}\n\t\t");
$anncount['total'] = intval($anncount['total']);
$show['viewall'] = $anncount['total'] > 1 ? true : false;
} else {
$show['viewall'] = false;
}
require_once DIR . '/includes/class_postbit.php';
$show['announcement'] = true;
$counter = 0;
$anncids = array();
$announcebits = '';
$announceread = array();
$postbit_factory = new vB_Postbit_Factory();
$postbit_factory->registry =& $vbulletin;
$postbit_factory->forum =& $foruminfo;
$postbit_factory->cache = array();
$postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
while ($post = $db->fetch_array($announcements)) {
$postbit_obj =& $postbit_factory->fetch_postbit('announcement');
$post['counter'] = ++$counter;
$postbit_obj->construct_postbit($post);
$anncids[] = $post['announcementid'];
$announceread[] = "({$post['announcementid']}, " . $vbulletin->userinfo['userid'] . ")";
// FRNR start
$fr_images = array();
$docattach = array();
// Attachments (images).
if (is_array($post['attachments']) && count($post['attachments']) > 0) {
foreach ($post['attachments'] as $attachment) {
$lfilename = strtolower($attachment['filename']);
if (strpos($lfilename, '.jpe') !== false || strpos($lfilename, '.png') !== false || strpos($lfilename, '.gif') !== false || strpos($lfilename, '.jpg') !== false || strpos($lfilename, '.jpeg') !== false) {
$tmp = array('img' => $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid']);
if ($vbulletin->options['attachthumbs']) {
$tmp['tmb'] = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'] . '&stc=1&thumb=1';
}
$fr_images[] = $tmp;
}
if (strpos($lfilename, '.pdf') !== false) {
$docattach[] = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'];
}
}
}
// Parse the post for quotes and inline images
list($text, $nuked_quotes, $images) = parse_post($post['pagetext'], $usesmilies, $attachments);
if (count($fr_images) > 0) {
$text .= "<br/>";
foreach ($fr_images as $attachment) {
$text .= "<img src=\"{$attachment['img']}\"/>";
}
}
foreach ($images as $image) {
$fr_images[] = array('img' => $image);
}
// Avatar work
$avatarurl = '';
if ($post['avatarurl']) {
$avatarurl = process_avatarurl($post['avatarurl']);
}
$tmp = array('username' => prepare_utf8_string(strip_tags($post['username'])), 'userid' => $post['userid'], 'title' => prepare_utf8_string($post['title']), 'text' => $text, 'post_timestamp' => prepare_utf8_string(date_trunc($post['startdate'])), 'fr_images' => $fr_images);
if ($avatarurl != '') {
$tmp['avatarurl'] = $avatarurl;
}
$posts_out[] = $tmp;
}
if (!empty($anncids)) {
$db->shutdown_query("\n\t\t\tUPDATE " . TABLE_PREFIX . "announcement\n\t\t\tSET views = views + 1\n\t\t\tWHERE announcementid IN (" . implode(', ', $anncids) . ")\n\t\t");
if ($vbulletin->userinfo['userid']) {
$db->shutdown_query("\n\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "announcementread\n\t\t\t\t\t(announcementid, userid)\n\t\t\t\tVALUES\n\t\t\t\t\t" . implode(', ', $announceread) . "\n\t\t\t");
}
}
if (!is_array($posts_out)) {
$posts_out = array();
}
return array('posts' => $posts_out, 'total_posts' => count($posts_out));
}
public function actionGetThread()
{
$threadid = $this->_input->filterSingle('threadid', XenForo_Input::UINT);
$postid = $this->_input->filterSingle('postid', XenForo_Input::UINT);
$signature = $this->_input->filterSingle('signature', XenForo_Input::UINT);
$page = max($this->_input->filterSingle('page', XenForo_Input::UINT), 1);
$perpage = $this->_input->filterSingle('perpage', XenForo_Input::UINT);
if (!$perpage) {
$perpage = XenForo_Application::get('options')->messagesPerPage;
}
$visitor = XenForo_Visitor::getInstance();
$user_model = $this->getModelFromCache('XenForo_Model_User');
$thread_model = $this->_getThreadModel();
$post_model = $this->_getPostModel();
$forum_model = $this->_getForumModel();
$session_model = $this->getModelFromCache('XenForo_Model_Session');
$helper = $this->getHelper('ForumThreadPost');
$post_helper = new ForumRunner_ControllerHelper_Post($this);
try {
list($thread_info, $forum_info) = $helper->assertThreadValidAndViewable($threadid, array('readUserId' => $visitor['user_id'], 'watchUserId' => $visitor['user_id']), array('readUserId' => $visitor['user_id']));
} catch (Exception $e) {
json_error($e->getControllerResponse()->errorText->render());
}
$gotopostid = 0;
if ($page == FR_LAST_POST) {
// Figure out our last post page and post id
$options = $post_model->getPermissionBasedPostFetchOptions($thread_info, $forum_info);
$read_date = $thread_model->getMaxThreadReadDate($thread_info, $forum_info);
$first_unread = $post_model->getNextPostInThread($threadid, $read_date, $options);
if (!$first_unread) {
$first_unread = $post_model->getLastPostInThread($threadid, $options);
}
if ($first_unread) {
$page = floor($first_unread['position'] / $perpage) + 1;
$gotopostid = $first_unread['post_id'];
} else {
$page = 1;
}
} else {
if ($postid) {
try {
list($tpost, $tthread, $tforum) = $helper->assertPostValidAndViewable($postid);
} catch (Exception $e) {
json_error($e->getControllerResponse()->errorText->render());
}
$page = floor($tpost['position'] / $perpage) + 1;
$gotopostid = $postid;
}
}
if ($thread_model->isRedirect($thread_info)) {
// Redirect thread! XXX RKJ
}
$this->canonicalizePageNumber($page, $perpage, $thread_info['reply_count'] + 1, 'threads', $thread_info);
$post_options = array_merge($post_model->getPermissionBasedPostFetchOptions($thread_info, $forum_info), array('perPage' => $perpage, 'page' => $page, 'join' => XenForo_Model_Post::FETCH_USER | XenForo_Model_Post::FETCH_USER_PROFILE | XenForo_Model_Post::FETCH_FORUM, 'likeUserId' => $visitor['user_id']));
if (!empty($post_options['deleted'])) {
$post_options['join'] |= XenForo_Model_Post::FETCH_DELETION_LOG;
}
$posts = $post_model->getPostsInThread($threadid, $post_options);
$posts = $post_model->getAndMergeAttachmentsIntoPosts($posts);
$mod = array();
$perms = $visitor->getNodePermissions($thread_info['node_id']);
$thread_mod = $thread_model->addInlineModOptionToThread($thread_info, $forum_info, $perms);
$max_post_date = $first_unread = $deleted = $moderated = 0;
foreach ($posts as &$post) {
$post_mod = $post_model->addInlineModOptionToPost($post, $thread_info, $forum_info, $perms);
$mod = array_merge($mod, $post_mod);
$post = $post_model->preparePost($post, $thread_info, $forum_info, $perms);
if ($post['post_date'] > $max_post_date) {
$max_post_date = $post['post_date'];
}
if ($post['isDeleted']) {
$deleted++;
}
if ($post['isModerated']) {
$moderated++;
}
if (!$first_unread && $post['isNew']) {
$first_unread = $post['post_id'];
}
}
$thread_model->markThreadRead($thread_info, $forum_info, $max_post_date, $visitor['user_id']);
fr_update_subsent($thread_info['thread_id'], $max_post_date);
$thread_model->logThreadView($threadid);
$post_data = array();
foreach ($posts as &$post) {
$user = $user_model->getUserById($post['user_id']);
$online_info = $session_model->getSessionActivityRecords(array('user_id' => $post['user_id'], 'cutOff' => array('>', $session_model->getOnlineStatusTimeout())));
$is_online = false;
if (count($online_info) == 1) {
$is_online = true;
}
$fr_images = $docattach = array();
if (isset($post['attachments']) && is_array($post['attachments'])) {
foreach ($post['attachments'] as $attachment) {
$ext = strtolower($attachment['extension']);
$link = XenForo_Link::buildPublicLink('attachments', $attachment);
if ($ext == 'jpe' || $ext == 'jpeg' || $ext == 'png' || $ext == 'gif' || $ext == 'jpg') {
$data = array('img' => fr_get_xenforo_bburl() . '/' . $link);
if ($attachment['thumbnailUrl']) {
$data['tmb'] = fr_get_xenforo_bburl() . '/' . $attachment['thumbnailUrl'];
}
$fr_images[] = $data;
} else {
if ($ext == 'pdf') {
$docattach[] = fr_get_xenforo_bburl() . '/' . $link;
}
}
}
}
list($text, $nuked_quotes, $images) = parse_post(fr_strip_smilies($this, XenForo_Helper_String::censorString($post['message'])), true);
if (count($fr_images) > 0) {
$text .= "<br/>";
foreach ($fr_images as $attachment) {
$text .= "<img src=\"{$attachment['img']}\"/>";
}
}
foreach ($images as $image) {
$fr_images[] = array('img' => $image);
}
$avatarurl = '';
if ($user !== false) {
$avatarurl = process_avatarurl(XenForo_Template_Helper_Core::getAvatarUrl($user, 'm'));
if (strpos($avatarurl, '/xenforo/avatars/avatar_') !== false) {
$avatarurl = '';
}
}
$post_page = floor($post['position'] / XenForo_Application::get('options')->messagesPerPage) + 1;
$out = array('post_id' => $post['post_id'], 'thread_id' => $post['thread_id'], 'forum_id' => $post['node_id'], 'forum_title' => prepare_utf8_string(strip_tags($post['node_title'])), 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string(XenForo_Locale::date($post['register_date'], 'absolute')), 'usertitle' => strip_tags(XenForo_Template_Helper_Core::helperUserTitle($user)), 'numposts' => $user ? $user['message_count'] : 0, 'userid' => $post['user_id'], 'canlike' => $post['canLike'] ? true : false, 'likes' => $post['like_date'] > 0 ? true : false, 'title' => prepare_utf8_string(XenForo_Helper_String::censorString($post['title'])), 'online' => $is_online, 'post_timestamp' => prepare_utf8_string(XenForo_Locale::dateTime($post['post_date'], 'absolute')), 'post_link' => fr_get_xenforo_bburl() . '/' . XenForo_Link::buildPublicLink('threads', $thread_info, array('page' => $post_page)) . '#post-' . $post['post_id'], 'fr_images' => $fr_images);
if ($post['canDelete']) {
$out['candelete'] = true;
}
if ($post['likes']) {
$out['likestext'] = prepare_utf8_string($post_helper->likesHtml($post['post_id'], $post['likes'], $post['like_date'], $post['likeUsers']));
$like_users = '';
for ($i = 0; $i < count($post['likeUsers']); $i++) {
if ($i != 0) {
$like_users .= ', ';
}
$like_users .= $post['likeUsers'][$i]['username'];
}
$out['likesusers'] = prepare_utf8_string($like_users);
}
if ($avatarurl != '') {
$out['avatarurl'] = $avatarurl;
}
if ($post['message_state'] == 'deleted') {
$out += array('deleted' => true, 'del_username' => prepare_utf8_string(strip_tags($post['delete_username'])));
if ($post['delete_reason']) {
$out['del_reason'] = prepare_utf8_string($post['delete_reason']);
}
} else {
if ($post['canEdit']) {
$out += array('canedit' => $post['canEdit']);
}
$out += array('text' => $text, 'quotable' => $nuked_quotes, 'edittext' => prepare_utf8_string($post['message']));
}
if (count($docattach)) {
$out['docattach'] = $docattach;
}
if ($signature) {
$sig = trim(strip_tags(remove_bbcode($post['signature'], true, true), '<a>'));
$sig = str_replace(array("\t", "\r"), array('', ''), $sig);
$sig = str_replace("\n\n", "\n", $sig);
$out['sig'] = prepare_utf8_string($sig);
}
$post_data[] = $out;
}
$out = array('posts' => $post_data, 'total_posts' => $thread_info['reply_count'] + 1, 'page' => $page, 'canpost' => $thread_model->canReplyToThread($thread_info, $forum_info), 'canattach' => $forum_model->canUploadAndManageAttachment($forum_info), 'title' => prepare_utf8_string(XenForo_Helper_String::censorString($thread_info['title'])), 'thread_link' => process_avatarurl(XenForo_Link::buildPublicLink('threads', $thread_info, array('page' => $page))), 'subscribed' => $thread_info['thread_is_watched'] ? 1 : 0);
if ($gotopostid) {
$out['gotopostid'] = $gotopostid;
}
if ($thread_info['discussion_type'] == 'poll') {
$poll_model = $this->_getPollModel();
$poll = $poll_model->getPollByContent('thread', $threadid);
if ($poll) {
$out['pollid'] = $poll['poll_id'];
}
}
$modbit = 0;
if (isset($mod['delete']) && $mod['delete']) {
$modbit |= MOD_DELETEPOST;
}
if ($thread_info['sticky'] && isset($thread_mod['unstick']) && $thread_mod['unstick']) {
$modbit |= MOD_UNSTICK;
}
if (!$thread_info['sticky'] && isset($thread_mod['stick']) && $thread_mod['stick']) {
$modbit |= MOD_STICK;
}
if (isset($thread_mod['delete']) && $thread_mod['delete']) {
$modbit |= MOD_DELETETHREAD;
}
XenForo_Application::setDebugMode(true);
if ($thread_info['discussion_open'] && isset($thread_mod['lock']) && $thread_mod['lock']) {
$modbit |= MOD_CLOSE;
}
if (!$thread_info['discussion_open'] && isset($thread_mod['unlock']) && $thread_mod['unlock']) {
$modbit |= MOD_OPEN;
}
if (isset($thread_mod['move']) && $thread_mod['move']) {
$modbit |= MOD_MOVETHREAD;
}
if (XenForo_Permission::hasPermission($visitor['permissions'], 'general', 'cleanSpam')) {
$modbit |= MOD_SPAM_CONTROLS;
}
$out['mod'] = $modbit;
return $out;
}
function do_get_pm()
{
global $vbulletin, $db;
require_once DIR . '/includes/class_postbit.php';
require_once DIR . '/includes/functions_bigthree.php';
$vbulletin->input->clean_array_gpc('r', array('pmid' => TYPE_UINT, 'showhistory' => TYPE_BOOL));
($hook = vBulletinHook::fetch_hook('private_showpm_start')) ? eval($hook) : false;
$pm = $db->query_first_slave("\n\t\tSELECT\n\t\t\tpm.*, pmtext.*,\n\t\t\t" . iif($vbulletin->options['privallowicons'], "icon.title AS icontitle, icon.iconpath,") . "\n\t\t\tIF(ISNULL(pmreceipt.pmid), 0, 1) AS receipt, pmreceipt.readtime, pmreceipt.denied,\n\t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight\n\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t" . iif($vbulletin->options['privallowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = pmtext.iconid)") . "\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmreceipt AS pmreceipt ON(pmreceipt.pmid = pm.pmid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = pmtext.fromuserid)\n\t\tWHERE pm.userid=" . $vbulletin->userinfo['userid'] . " AND pm.pmid=" . $vbulletin->GPC['pmid'] . "\n\t");
if (!$pm) {
json_error(strip_tags(fetch_error('invalidid', $vbphrase['private_message'], $vbulletin->options['contactuslink'])));
}
$folderjump = construct_folder_jump(0, $pm['folderid']);
// do read receipt
$show['receiptprompt'] = $show['receiptpopup'] = false;
if ($pm['receipt'] == 1 and $pm['readtime'] == 0 and $pm['denied'] == 0) {
if ($permissions['pmpermissions'] & $vbulletin->bf_ugp_pmpermissions['candenypmreceipts']) {
// set it to denied just now as some people might have ad blocking that stops the popup appearing
$show['receiptprompt'] = $show['receiptpopup'] = true;
$receipt_question_js = addslashes_js(construct_phrase($vbphrase['x_has_requested_a_read_receipt'], unhtmlspecialchars($pm['fromusername'])), '"');
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET denied = 1 WHERE pmid = {$pm['pmid']}");
} else {
// they can't deny pm receipts so do not show a popup or prompt
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET readtime = " . TIMENOW . " WHERE pmid = {$pm['pmid']}");
}
} else {
if ($pm['receipt'] == 1 and $pm['denied'] == 1) {
$show['receiptprompt'] = true;
}
}
$postbit_factory = new vB_Postbit_Factory();
$postbit_factory->registry =& $vbulletin;
$postbit_factory->cache = array();
$postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
$postbit_obj =& $postbit_factory->fetch_postbit('pm');
$pm_postbit = $pm;
$postbit = $postbit_obj->construct_postbit($pm_postbit);
// update message to show read
if ($pm['messageread'] == 0) {
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "pm SET messageread=1 WHERE userid=" . $vbulletin->userinfo['userid'] . " AND pmid={$pm['pmid']}");
if ($pm['folderid'] >= 0) {
$userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdm->set_existing($vbulletin->userinfo);
$userdm->set('pmunread', 'IF(pmunread >= 1, pmunread - 1, 0)', false);
$userdm->save(true, true);
unset($userdm);
}
}
$cclist = array();
$bcclist = array();
$ccrecipients = '';
$bccrecipients = '';
$touser = unserialize($pm['touserarray']);
if (!is_array($touser)) {
$touser = array();
}
foreach ($touser as $key => $item) {
if (is_array($item)) {
foreach ($item as $subkey => $subitem) {
$userinfo = array('userid' => $subkey, 'username' => $subitem);
$templater = vB_Template::create('pm_messagelistbit_user');
$templater->register('userinfo', $userinfo);
${$key . 'list'}[] = $templater->render();
}
} else {
$userinfo = array('username' => $item, 'userid' => $key);
$templater = vB_Template::create('pm_messagelistbit_user');
$templater->register('userinfo', $userinfo);
$bcclist[] = $templater->render();
}
}
if (count($cclist) > 1 or is_array($touser['cc']) and !in_array($vbulletin->userinfo['username'], $touser['cc']) or $vbulletin->userinfo['userid'] == $pm['fromuserid'] and $pm['folderid'] == -1) {
if (!empty($cclist)) {
$ccrecipients = implode("\r\n", $cclist);
}
if (!empty($bcclist) and $vbulletin->userinfo['userid'] == $pm['fromuserid'] and $pm['folderid'] == -1) {
if (empty($cclist) and count($bcclist == 1)) {
$ccrecipients = implode("\r\n", $bcclist);
} else {
$bccrecipients = implode("\r\n", $bcclist);
}
}
$show['recipients'] = true;
}
$pm['senddate'] = vbdate($vbulletin->options['dateformat'], $pm['dateline']);
$pm['sendtime'] = vbdate($vbulletin->options['timeformat'], $pm['dateline']);
list($text, $nuked_quotes, $images) = parse_post($pm['message'], $vbulletin->options['privallowsmilies'] && $usesmiles);
$fr_images = array();
foreach ($images as $image) {
$fr_images[] = array('img' => $image);
}
// Avatar work
$avatarurl = '';
if ($pm_postbit['avatarurl']) {
$avatarurl = process_avatarurl($pm_postbit['avatarurl']);
}
$to_users = unserialize($pm['touserarray']);
$users = array();
if ($to_users !== false) {
if ($to_users['cc']) {
$users = $to_users['cc'];
} else {
$users = $to_users;
}
}
$out = array('id' => $pm['pmid'], 'pm_unread' => $pm['messageread'] == 0, 'username' => prepare_utf8_string(strip_tags($pm['fromusername'])), 'to_usernames' => prepare_utf8_string(implode('; ', $users)), 'userid' => $pm['fromuserid'], 'title' => prepare_utf8_string($pm['title']), 'online' => fetch_online_status(fetch_userinfo($pm['fromuserid']), false), 'message' => $text, 'quotable' => $nuked_quotes, 'fr_images' => $fr_images, 'pm_timestamp' => prepare_utf8_string(date_trunc($pm['senddate'] . ' ' . $pm['sendtime'])));
if ($avatarurl != '') {
$out['avatarurl'] = $avatarurl;
}
return $out;
}
