function kbank_print_stop_message() { global $vbulletin; $args = func_get_args(); if (VB_AREA == 'AdminCP') { //back-end call_user_func_array('print_stop_message', $args); } else { //font-end $message = call_user_func_array('fetch_error', $args); if (defined('CP_REDIRECT')) { $vbulletin->url = CP_REDIRECT; eval(print_standard_redirect($message, false, true)); } else { eval(standard_error($message)); } } }
/** * Creates new thread or gives error and then redirects user * * @param string Title of thread * @param string Message of post * @param integer ForumID for thread * @param boolean Allow guest posts */ function create_new_thread($title = 'Defauglt Title', $message = 'Defagult Message', $id = 3, $guest = false) { // set some globals global $forumperms, $vbulletin, $vbphrase; // init some variables $fail = 0; $errors = array(); $newpost = array(); // init post information if ($guest and $vbulletin->userinfo['userid'] == 0) { $newpost['username'] = $vbphrase['guest']; } $newpost['title'] = $title; $newpost['message'] = $message; $newpost['signature'] = '0'; if ($vbulletin->userinfo['signature'] != '') { $newpost['signature'] = '1'; } $newpost['parseurl'] = '1'; $newpost['emailupdate'] = '9999'; // attempt thread create $foruminfo = verify_id('forum', $id, 0, 1); if (!$foruminfo['forumid']) { $fail = 1; } $forumperms = fetch_permissions($foruminfo['forumid']); if (!function_exists('build_new_post')) { require_once DIR . '/includes/functions_newpost.php'; } build_new_post('thread', $foruminfo, array(), array(), $newpost, $errors); if (sizeof($errors) > 0) { $fail = 1; } // do redirection if (!$fail) { $vbulletin->url = $vbulletin->options['bburl'] . '/showthread.php?' . $vbulletin->session->vars['sessionurl'] . "p=" . $newpost['postid'] . "#post" . $newpost['postid']; eval(print_standard_redirect('redirect_postthanks')); } else { $vbulletin->url = $vbulletin->options['bburl']; eval(print_standard_redirect($vbphrase['error'] . ': ' . $vbphrase['redirecting'], 0, 1)); } }
eval(standard_error(fetch_error('threadratevoted'))); } } } else { $threadrate =& datamanager_init('ThreadRate', $vbulletin, ERRTYPE_STANDARD); $threadrate->set_info('thread', $threadinfo); $threadrate->set('threadid', $threadinfo['threadid']); $threadrate->set('userid', 0); $threadrate->set('vote', $vbulletin->GPC['vote']); $threadrate->set('ipaddress', IPADDRESS); ($hook = vBulletinHook::fetch_hook('threadrate_add')) ? eval($hook) : false; $threadrate->save(); $update = true; if (!$vbulletin->GPC['ajax']) { $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}&page=" . $vbulletin->GPC['pagenumber'] . "&pp=" . $vbulletin->GPC['perpage']; eval(print_standard_redirect('redirect_threadrate_add')); } } } } require_once DIR . '/includes/class_xml.php'; $xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); $xml->add_group('threadrating'); if ($update) { $thread = $db->query_first_slave("\n\t\tSELECT votetotal, votenum\n\t\tFROM " . TABLE_PREFIX . "thread\n\t\tWHERE threadid = {$threadinfo['threadid']}\n\t"); if ($thread['votenum'] >= $vbulletin->options['showvotes']) { // Show Voteavg $thread['voteavg'] = vb_number_format($thread['votetotal'] / $thread['votenum'], 2); $thread['rating'] = round($thread['votetotal'] / $thread['votenum']); $xml->add_tag('voteavg', process_replacement_vars("{$vbphrase['rating']}: <img class=\"inlineimg\" src=\"{$stylevar['imgdir_rating']}/rating_{$thread['rating']}.gif\" alt=\"" . construct_phrase($vbphrase['thread_rating_x_votes_y_average'], $thread['votenum'], $thread['voteavg']) . "\" border=\"0\" />")); } else {
)); if ($vbulletin->GPC['reason'] == '') { eval(standard_error(fetch_error('noreason'))); } if ($perform_floodcheck) { $reportobj->perform_floodcheck_commit(); } $reportobj->do_report($vbulletin->GPC['reason'], $messageinfo); $url =& $vbulletin->url; eval(print_standard_redirect('redirect_reportthanks')); } } if ($_REQUEST['do'] == 'quickedit') { $vbulletin->input->clean_array_gpc('p', array( 'editorid' => TYPE_NOHTML, )); require_once(DIR . '/includes/class_xml.php'); require_once(DIR . '/includes/functions_editor.php'); $vminfo = verify_visitormessage($vbulletin->GPC['vmid']);
/** * Creates a new post * * @param string 'thread' for the first post in a new thread, 'reply' otherwise * @param array Forum Information * @param array Thread Information * @param array Post Information for the "Parent" post * @param array Post Information for the post being created * @param array (return) Array of errors * */ function build_new_post($type = 'thread', $foruminfo, $threadinfo, $postinfo, &$post, &$errors) { //NOTE: permissions are not checked in this function // $post is passed by reference, so that any changes (wordwrap, censor, etc) here are reflected on the copy outside the function // $post[] includes: // title, iconid, message, parseurl, email, signature, preview, disablesmilies, rating // $errors will become any error messages that come from the checks before preview kicks in global $vbulletin, $vbphrase, $forumperms; // ### PREPARE OPTIONS AND CHECK VALID INPUT ### $post['disablesmilies'] = intval($post['disablesmilies']); $post['enablesmilies'] = $post['disablesmilies'] ? 0 : 1; $post['folderid'] = intval($post['folderid']); $post['emailupdate'] = intval($post['emailupdate']); $post['rating'] = intval($post['rating']); $post['podcastsize'] = intval($post['podcastsize']); /*$post['parseurl'] = intval($post['parseurl']); $post['email'] = intval($post['email']); $post['signature'] = intval($post['signature']); $post['preview'] = iif($post['preview'], 1, 0); $post['iconid'] = intval($post['iconid']); $post['message'] = trim($post['message']); $post['title'] = trim(preg_replace('/�*32;/', ' ', $post['title'])); $post['username'] = trim($post['username']); $post['posthash'] = trim($post['posthash']); $post['poststarttime'] = trim($post['poststarttime']);*/ // Make sure the posthash is valid if (md5($post['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $post['posthash']) { $post['posthash'] = 'invalid posthash'; // don't phrase me } // OTHER SANITY CHECKS $threadinfo['threadid'] = intval($threadinfo['threadid']); // create data manager if ($type == 'thread') { $dataman =& datamanager_init('Thread_FirstPost', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $dataman->set('prefixid', $post['prefixid']); } else { $dataman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); } // set info $dataman->set_info('preview', $post['preview']); $dataman->set_info('parseurl', $post['parseurl']); $dataman->set_info('posthash', $post['posthash']); $dataman->set_info('forum', $foruminfo); $dataman->set_info('thread', $threadinfo); if (!$vbulletin->GPC['fromquickreply']) { $dataman->set_info('show_title_error', true); } if ($foruminfo['podcast'] and (!empty($post['podcasturl']) or !empty($post['podcastexplicit']) or !empty($post['podcastauthor']) or !empty($post['podcastsubtitle']) or !empty($post['podcastkeywords']))) { $dataman->set_info('podcastexplicit', $post['podcastexplicit']); $dataman->set_info('podcastauthor', $post['podcastauthor']); $dataman->set_info('podcastkeywords', $post['podcastkeywords']); $dataman->set_info('podcastsubtitle', $post['podcastsubtitle']); $dataman->set_info('podcasturl', $post['podcasturl']); if ($post['podcastsize']) { $dataman->set_info('podcastsize', $post['podcastsize']); } } // set options $dataman->setr('showsignature', $post['signature']); $dataman->setr('allowsmilie', $post['enablesmilies']); // set data $dataman->setr('userid', $vbulletin->userinfo['userid']); if ($vbulletin->userinfo['userid'] == 0) { $dataman->setr('username', $post['username']); } $dataman->setr('title', $post['title']); $dataman->setr('pagetext', $post['message']); $dataman->setr('iconid', $post['iconid']); // see if post has to be moderated or if poster in a mod if (($foruminfo['moderatenewthread'] and $type == 'thread' or $foruminfo['moderatenewpost'] and $type == 'reply' or !($forumperms & $vbulletin->bf_ugp_forumpermissions['followforummoderation'])) and !can_moderate($foruminfo['forumid']) or $type == 'reply' and ($postinfo['postid'] and !$postinfo['visible'] and !empty($postinfo['specifiedpost']) or !$threadinfo['visible'])) { // note: specified post comes from a variable passed into newreply.php $dataman->set('visible', 0); $post['visible'] = 0; } else { $dataman->set('visible', 1); $post['visible'] = 1; } if ($type != 'thread') { if ($postinfo['postid'] == 0) { // get parentid of the new post // we're not posting a new thread, so make this post a child of the first post in the thread $getfirstpost = $vbulletin->db->query_first("SELECT postid FROM " . TABLE_PREFIX . "post WHERE threadid={$threadinfo['threadid']} ORDER BY dateline LIMIT 1"); $parentid = $getfirstpost['postid']; } else { $parentid = $postinfo['postid']; } $dataman->setr('parentid', $parentid); $dataman->setr('threadid', $threadinfo['threadid']); } else { $dataman->setr('forumid', $foruminfo['forumid']); } $errors = array(); // done! ($hook = vBulletinHook::fetch_hook('newpost_process')) ? eval($hook) : false; if ($vbulletin->GPC['fromquickreply'] and $post['preview']) { $errors = array(); return; } if ($vbulletin->options['hvcheck_post'] and !$post['preview'] and !$vbulletin->userinfo['userid']) { require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library($vbulletin); if (!$verify->verify_token($post['humanverify'])) { $dataman->error($verify->fetch_error()); } } if ($dataman->info['podcastsize']) { $post['podcastsize'] = $dataman->info['podcastsize']; } // check if this forum requires a prefix if ($type == 'thread' and !$dataman->fetch_field('prefixid') and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) { // only require a prefix if we actually have options for this forum require_once DIR . '/includes/functions_prefix.php'; if (fetch_prefix_array($foruminfo['forumid'])) { $dataman->error('thread_prefix_required'); } } if ($type == 'thread' and $post['taglist']) { fetch_valid_tags($dataman->thread, $post['taglist'], $tag_errors, true, false); if ($tag_errors) { foreach ($tag_errors as $error) { $dataman->error($error); } } } $dataman->pre_save(); $errors = array_merge($errors, $dataman->errors); if ($post['preview']) { return; } // ### DUPE CHECK ### $dupehash = md5($foruminfo['forumid'] . $post['title'] . $post['message'] . $vbulletin->userinfo['userid'] . $type); $prevpostfound = false; $prevpostthreadid = 0; if ($prevpost = $vbulletin->db->query_first("\n\t\tSELECT posthash.threadid\n\t\tFROM " . TABLE_PREFIX . "posthash AS posthash\n\t\tWHERE posthash.userid = " . $vbulletin->userinfo['userid'] . " AND\n\t\t\tposthash.dupehash = '" . $vbulletin->db->escape_string($dupehash) . "' AND\n\t\t\tposthash.dateline > " . (TIMENOW - 300) . "\n\t")) { if ($type == 'thread' and $prevpost['threadid'] == 0 or $type == 'reply' and $prevpost['threadid'] == $threadinfo['threadid']) { $prevpostfound = true; $prevpostthreadid = $prevpost['threadid']; } } // Redirect user to forumdisplay since this is a duplicate post if ($prevpostfound) { if ($type == 'thread') { $vbulletin->url = 'forumdisplay.php?' . $vbulletin->session->vars['sessionurl'] . "f={$foruminfo['forumid']}"; eval(print_standard_redirect('redirect_duplicatethread', true, true)); } else { // with ajax quick reply we need to use the error system if ($vbulletin->GPC['ajax']) { $dataman->error('duplicate_post'); $errors = $dataman->errors; return; } else { $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$prevpostthreadid}&goto=newpost"; if ($post['ajaxqrfailed']) { // ajax qr failed. While this is a dupe, most likely the user didn't // see the initial post, so act like it went through. eval(print_standard_redirect('redirect_postthanks', true, true)); } else { eval(print_standard_redirect('redirect_duplicatepost', true, true)); } } } } if (sizeof($errors) > 0) { return; } $id = $dataman->save(); if ($type == 'thread') { $post['threadid'] = $id; $threadinfo =& $dataman->thread; $post['postid'] = $dataman->fetch_field('firstpostid'); } else { $post['postid'] = $id; } $post['visible'] = $dataman->fetch_field('visible'); $set_open_status = false; $set_sticky_status = false; if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) { $set_open_status = true; } if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) { $set_sticky_status = true; } if ($set_open_status or $set_sticky_status) { $thread =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost'); if ($type == 'thread') { $thread->set_existing($dataman->thread); if ($set_open_status) { $post['postpoll'] = false; } } else { $thread->set_existing($threadinfo); } if ($set_open_status) { $thread->set('open', $thread->fetch_field('open') == 1 ? 0 : 1); } if ($set_sticky_status) { $thread->set('sticky', $thread->fetch_field('sticky') == 1 ? 0 : 1); } $thread->save(); } if ($type == 'thread') { add_tags_to_thread($threadinfo, $post['taglist']); } // ### DO THREAD RATING ### build_thread_rating($post['rating'], $foruminfo, $threadinfo); // ### DO EMAIL NOTIFICATION ### if ($post['visible'] and $type != 'thread' and !in_coventry($vbulletin->userinfo['userid'], true)) { exec_send_notification($threadinfo['threadid'], $vbulletin->userinfo['userid'], $post['postid']); } // ### DO THREAD SUBSCRIPTION ### if ($vbulletin->userinfo['userid'] != 0) { require_once DIR . '/includes/functions_misc.php'; $post['emailupdate'] = verify_subscription_choice($post['emailupdate'], $vbulletin->userinfo, 9999); ($hook = vBulletinHook::fetch_hook('newpost_subscribe')) ? eval($hook) : false; if (!$threadinfo['issubscribed'] and $post['emailupdate'] != 9999) { // user is not subscribed to this thread so insert it /*insert query*/ $vbulletin->db->query_write("INSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } else { // User is subscribed, see if they changed the settings for this thread if ($post['emailupdate'] == 9999) { // Remove this subscription, user chose 'No Subscription' $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "subscribethread WHERE threadid = {$threadinfo['threadid']} AND userid = " . $vbulletin->userinfo['userid']); } else { if ($threadinfo['emailupdate'] != $post['emailupdate'] or $threadinfo['folderid'] != $post['folderid']) { // User changed the settings so update the current record /*insert query*/ $vbulletin->db->query_write("REPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } } } } ($hook = vBulletinHook::fetch_hook('newpost_complete')) ? eval($hook) : false; }
// ############################################################################ // ######################### ADD EVENT REMINDER ############################### // ############################################################################ if ($_POST['do'] == 'doaddreminder') { $vbulletin->input->clean_array_gpc('p', array('reminder' => TYPE_UINT)); if (!$vbulletin->userinfo['userid']) { print_no_permission(); } if (!$eventinfo['eventid']) { eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']))); } ($hook = vBulletinHook::fetch_hook('calendar_doaddreminder')) ? eval($hook) : false; /*insert query*/ $db->query_write("\n\t\tREPLACE INTO " . TABLE_PREFIX . "subscribeevent (userid, eventid, reminder)\n\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$eventinfo['eventid']}, " . (!empty($reminders["{$vbulletin->GPC['reminder']}"]) ? $vbulletin->GPC['reminder'] : 3600) . ")\n\t"); $vbulletin->url = 'calendar.php?' . $vbulletin->session->vars['sessionurl'] . "do=getinfo&e={$eventinfo['eventid']}"; print_standard_redirect('redirect_subsadd_event'); } // ############################### start add subscription ############################### if ($_REQUEST['do'] == 'addreminder') { if (!$vbulletin->userinfo['userid']) { print_no_permission(); } if (!$eventinfo['eventid']) { eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']))); } $navbits['calendar.php?' . $vbulletin->session->vars['sessionurl'] . "do=viewreminder"] = $vbphrase['event_reminders']; $navbits[''] = $vbphrase['add_reminder']; $navbits = construct_navbits($navbits); require_once DIR . '/includes/functions_user.php'; construct_usercp_nav('event_reminders'); $navbar = render_navbar_template($navbits);
$denyusers[$user['userid']] = $user['usergrouprequestid']; } } } // check that we STILL have some valid requests if (!empty($authusers)) { $updateQuery = "\n\t\t\tUPDATE " . TABLE_PREFIX . "user SET\n\t\t\tmembergroupids = IF(membergroupids = '', " . $vbulletin->GPC['usergroupid'] . ", CONCAT(membergroupids, '," . $vbulletin->GPC['usergroupid'] . "'))\n\t\t\tWHERE userid IN(" . implode(', ', array_keys($authusers)) . ")\n\t\t"; $db->query_write($updateQuery); } ($hook = vBulletinHook::fetch_hook('joinrequest_process_complete')) ? eval($hook) : false; // delete processed join requests if (!empty($delete)) { $deleteQuery = "\n\t\t\tDELETE FROM " . TABLE_PREFIX . "usergrouprequest\n\t\t\tWHERE usergrouprequestid IN(" . implode(', ', $delete) . ")\n\t\t"; $db->query_write($deleteQuery); } print_standard_redirect('join_requests_processed', true, true); } // ############################################################################# // view join requests if ($_REQUEST['do'] == 'viewjoinrequests') { $vbulletin->input->clean_array_gpc('r', array('usergroupid' => TYPE_UINT, 'pagenumber' => TYPE_UINT, 'perpage' => TYPE_UINT)); $usergroupid = $vbulletin->GPC['usergroupid']; ($hook = vBulletinHook::fetch_hook('joinrequest_view_start')) ? eval($hook) : false; if (!$vbulletin->GPC['usergroupid'] or !isset($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"])) { eval(standard_error(fetch_error('invalidid', $vbphrase['usergroup'], $vbulletin->options['contactuslink']))); } $usergroups = array(); // query usergroups of which bbuser is a leader $joinrequests = $db->query_read_slave("\n\t\tSELECT usergroupleader.usergroupid, COUNT(usergrouprequestid) AS requests\n\t\tFROM " . TABLE_PREFIX . "usergroupleader AS usergroupleader\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergrouprequest AS usergrouprequest USING(usergroupid)\n\t\tWHERE usergroupleader.userid = " . $vbulletin->userinfo['userid'] . "\n\t\tGROUP BY usergroupleader.usergroupid\n\t"); while ($joinrequest = $db->fetch_array($joinrequests)) { $usergroups["{$joinrequest['usergroupid']}"] = intval($joinrequest['requests']);
require_once(DIR . '/includes/class_floodcheck.php'); $floodcheck = new vB_FloodCheck($vbulletin, 'user', 'emailstamp'); $floodcheck->commit_key($vbulletin->userinfo['userid'], TIMENOW, TIMENOW - $vbulletin->options['emailfloodtime']); if ($floodcheck->is_flooding()) { eval(standard_error(fetch_error('emailfloodcheck', $vbulletin->options['emailfloodtime'], $floodcheck->flood_wait()))); } } ($hook = vBulletinHook::fetch_hook('sendmessage_domailmember')) ? eval($hook) : false; $message = fetch_censored_text($vbulletin->GPC['message']); eval(fetch_email_phrases('usermessage', $userinfo['languageid'])); vbmail($userinfo['email'], fetch_censored_text($vbulletin->GPC['emailsubject']), $message , false, $vbulletin->userinfo['email'], '', $vbulletin->userinfo['username']); // parse this next line with eval: $sendtoname = $userinfo['username']; eval(print_standard_redirect('redirect_sentemail')); } } /*======================================================================*\ || #################################################################### || # || # CVS: $RCSfile$ - $Revision: 35508 $ || #################################################################### \*======================================================================*/ ?>
$templater = vB_Template::create('moderation_deleteattachments'); $templater->register_page_templates(); $templater->register('navbar', $navbar); $templater->register('attachmentcount', $attachmentcount); $templater->register('attachmentids', $attachmentids); $templater->register('url', $url); print_output($templater->render()); } if ($_POST['do'] == 'doattachmentdelete') { // Permissions are verified within the attachment dm $attachdata =& datamanager_init('Attachment', $vbulletin, ERRTYPE_STANDARD); $attachdata->condition = "attachmentid IN (" . implode(", ", $attachmentids) . ")"; $attachdata->delete(); // empty cookie setcookie('vbulletin_inlineattachment', '', TIMENOW - 3600, '/'); ($hook = vBulletinHook::fetch_hook('attachment_inlinemod_dodelete')) ? eval($hook) : false; eval(print_standard_redirect('redirect_inline_deletedattachments', true, $forceredirect)); } /*======================================================================*\ || #################################################################### || # || # SVN: $Revision: 30287 $ || #################################################################### \*======================================================================*/
function do_login_redirect() { global $vbulletin, $vbphrase; if ($vbulletin->url == 'login.php' or $vbulletin->url == $vbulletin->options['forumhome'] . '.php' or strpos($vbulletin->url, 'do=logout') !== false) { $vbulletin->url = $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']; } else { $vbulletin->url = fetch_replaced_session_url($vbulletin->url); $vbulletin->url = preg_replace('#^/+#', '/', $vbulletin->url); // bug 3654 don't ask why } $temp = strpos($vbulletin->url, '?'); if ($temp) { $formfile = substr($vbulletin->url, 0, $temp); } else { $formfile =& $vbulletin->url; } $postvars = $vbulletin->GPC['postvars']; ($hook = vBulletinHook::fetch_hook('login_redirect')) ? eval($hook) : false; // recache the global group to get the stuff from the new language $globalgroup = $vbulletin->db->query_first_slave("\n\t\tSELECT phrasegroup_global, languagecode, charset\n\t\tFROM " . TABLE_PREFIX . "language\n\t\tWHERE languageid = " . intval($vbulletin->userinfo['languageid'] ? $vbulletin->userinfo['languageid'] : $vbulletin->options['languageid'])); if ($globalgroup) { $vbphrase = array_merge($vbphrase, unserialize($globalgroup['phrasegroup_global'])); global $stylevar; if ($stylevar['charset'] != $globalgroup['charset']) { // change the character set in a bunch of places - a total hack global $headinclude; $headinclude = str_replace("content=\"text/html; charset={$stylevar['charset']}\"", "content=\"text/html; charset={$globalgroup['charset']}\"", $headinclude); $stylevar['charset'] = $globalgroup['charset']; $vbulletin->userinfo['lang_charset'] = $globalgroup['charset']; exec_headers(); } $stylevar['languagecode'] = $globalgroup['languagecode']; } eval(print_standard_redirect('redirect_login', true, true, $vbulletin->userinfo['languageid'])); }
$folderid = intval($folderid); if (empty($title)) { if ($folders["{$folderid}"]) { $deletefolders .= iif($deletefolders, ',', '') . $folderid; } unset($folders["{$folderid}"]); } else { $folders["{$folderid}"] = $title; } } if ($deletefolders) { $db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "subscribethread\n\t\t\t\tSET folderid = 0\n\t\t\t\tWHERE folderid IN ({$deletefolders}) AND\n\t\t\t\t\tuserid = " . $vbulletin->userinfo['userid']); } if (!empty($folders)) { natcasesort($folders); } require_once DIR . '/includes/functions_databuild.php'; build_usertextfields('subfolders', iif(empty($folders), '', serialize($folders))); } $itemtype = $vbphrase['subscription']; $itemtypes = $vbphrase['subscriptions']; $vbulletin->url = 'subscription.php?' . $vbulletin->session->vars['sessionurl'] . 'do=viewsubscription'; eval(print_standard_redirect('foldersedited')); } #end doeditfolders /*======================================================================*\ || #################################################################### || # Downloaded: 12:56, Sat Oct 11th 2008 || # CVS: $RCSfile$ - $Revision: 27136 $ || #################################################################### \*======================================================================*/
eval(print_standard_redirect('payment_complete', true, true)); } } else { if ($apiobj->type == 2) { $subobj->delete_user_subscription($apiobj->paymentinfo['subscriptionid'], $apiobj->paymentinfo['userid'], $apiobj->paymentinfo['subscriptionsubid']); } } } else { if ($apiobj->type == 2) { // transaction is a reversal / refund $subobj->delete_user_subscription($apiobj->paymentinfo['subscriptionid'], $apiobj->paymentinfo['userid'], $apiobj->paymentinfo['subscriptionsubid']); } else { // its most likely a re-post of a payment, if we've already dealt with it serve up a redirect if ($apiobj->display_feedback) { $vbulletin->url = $vbulletin->options['bburl'] . '/payments.php'; eval(print_standard_redirect('payment_complete', true, true)); } } } } else { // something went horribly wrong, get $apiobj->error $trans = array('state' => 0, 'dateline' => TIMENOW, 'paymentapiid' => $api['paymentapiid'], 'request' => serialize(array('vb_error_code' => $apiobj->error_code, 'GET' => serialize($_GET), 'POST' => serialize($_POST)))); $db->query_write(fetch_query_sql($trans, 'paymenttransaction')); if ($apiobj->display_feedback and !empty($apiobj->error)) { //die("<p>{$apiobj->error}</p>"); // we dont load header / footer, so just show the LITE template define('VB_ERROR_LITE', true); standard_error($apiobj->error); } } }
$navbits = construct_navbits(array('' => $vbphrase['user_control_panel'])); eval('$navbar = "' . fetch_template('navbar') . '";'); eval('print_output("' . fetch_template('USERCP_SHELL') . '");'); } // ########################################################################### // ########################### UPDATE SUBSCRIPTIONS ########################## // ########################################################################### if ($_REQUEST['action'] == "updatesubs") { if (!$vbulletin->userinfo['userid']) { print_no_permission(); } //get a list of all the forum ID's $tables = $db->query_read("\r\n\t\tSELECT forumid\r\n\t\tFROM " . TABLE_PREFIX . "forum\r\n\t"); //scan through the list to perform the subscription action while ($curr_forum = $db->fetch_array($tables)) { //get full forum info $curr_forum = fetch_foruminfo($curr_forum['forumid'], false); //if the user has permission to view the given forum, and if forum is postable... if ($perms = fetch_permissions($curr_forum["forumid"]) and $perms & $vbulletin->bf_ugp_forumpermissions['canview'] and $curr_forum["cancontainthreads"]) { $vbulletin->input->clean_gpc('r', 'forumid' . $curr_forum['forumid'], TYPE_UINT); $new_sublevel = $vbulletin->GPC["forumid" . $curr_forum["forumid"]]; if ($new_sublevel == 0) { $db->query_write("\r\n\t\t\t\tDELETE FROM " . TABLE_PREFIX . "subscribeforum\r\n\t\t\t\tWHERE userid = '" . $vbulletin->userinfo['userid'] . "'\r\n\t\t\t\tAND forumid = '" . $curr_forum['forumid'] . "'"); } else { $db->query_write("\r\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribeforum (userid, emailupdate, forumid)\r\n\t\t\t\t\tVALUES ('" . $vbulletin->userinfo['userid'] . "', '" . $new_sublevel . "', '" . $curr_forum['forumid'] . "')\r\n\t\t\t\t"); } } } $vbulletin->url = "subscribeforums.php"; eval(print_standard_redirect('ei_sub_forums_updated', true, true)); }
$url = unhtmlspecialchars($vbulletin->url); if (preg_match('/\\?([^#]*)(#.*)?$/s', $url, $match)) { parse_str($match[1], $parts); if ($parts['postid'] == $postinfo['postid'] or $parts['p'] == $postinfo['postid']) { // we've deleted the post that we came into this thread from // blank the redirect as it will be set below $vbulletin->url = ''; } } else { if ($removaltype or !can_moderate($threadinfo['forumid'], 'candeleteposts')) { // hard deleted or not moderating -> redirect back to the thread $vbulletin->url = ''; } } if (!stristr($vbulletin->url, 'showthread.php')) { $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . 't=' . $threadinfo['threadid']; } eval(print_standard_redirect('redirect_deletepost')); } } else { ($hook = vBulletinHook::fetch_hook('editpost_delete_complete')) ? eval($hook) : false; $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "p={$postinfo['postid']}#post{$postinfo['postid']}"; eval(print_standard_redirect('redirect_nodelete')); } } /*======================================================================*\ || #################################################################### || # Downloaded: 12:56, Sat Oct 11th 2008 || # CVS: $RCSfile$ - $Revision: 26636 $ || #################################################################### \*======================================================================*/
{ $temp = unserialize($check); if ($temp['do'] == 'doenterpwd') { $vbulletin->GPC['postvars'] = ''; } } else { $vbulletin->GPC['postvars'] = ''; } } // workaround IIS cookie+location header bug $forceredirect = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false); eval(print_standard_redirect('forumpasswordcorrect', true, $forceredirect)); } else { require_once(DIR . '/includes/functions_misc.php'); $vbulletin->GPC['url'] = str_replace('&', '&', $vbulletin->GPC['url']); $postvars = construct_post_vars_html() . '<input type="hidden" name="securitytoken" value="' . $vbulletin->userinfo['securitytoken'] . '" />'; // TODO; Convert 'forumpasswordincorrect' to vB4 style eval(standard_error(fetch_error('forumpasswordincorrect', $vbulletin->session->vars['sessionhash'], htmlspecialchars_uni($vbulletin->GPC['url']), $foruminfo['forumid'], $postvars,
/** * Creates a new post * * @param string 'thread' for the first post in a new thread, 'reply' otherwise * @param array Forum Information * @param array Thread Information * @param array Post Information for the "Parent" post * @param array Post Information for the post being created * @param array (return) Array of errors * */ function build_new_post($type = 'thread', $foruminfo, $threadinfo, $postinfo, &$post, &$errors) { //NOTE: permissions are not checked in this function // $post is passed by reference, so that any changes (wordwrap, censor, etc) here are reflected on the copy outside the function // $post[] includes: // title, iconid, message, parseurl, email, signature, preview, disablesmilies, rating // $errors will become any error messages that come from the checks before preview kicks in global $vbulletin, $vbphrase, $forumperms; // ### PREPARE OPTIONS AND CHECK VALID INPUT ### $post['disablesmilies'] = intval($post['disablesmilies']); $post['enablesmilies'] = $post['disablesmilies'] ? 0 : 1; $post['folderid'] = intval($post['folderid']); $post['emailupdate'] = intval($post['emailupdate']); $post['rating'] = intval($post['rating']); $post['podcastsize'] = intval($post['podcastsize']); // Make sure the posthash is valid if (md5($post['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $post['posthash']) { $post['posthash'] = 'invalid posthash'; // don't phrase me } // OTHER SANITY CHECKS $threadinfo['threadid'] = intval($threadinfo['threadid']); // Doublepost // $dp_flag = false; // create data manager if ($type == 'thread') { $dataman =& datamanager_init('Thread_FirstPost', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $dataman->set('prefixid', $post['prefixid']); } else { $dataman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $dupehash = md5($foruminfo['forumid'] . $post['title'] . $post['message'] . $vbulletin->userinfo['userid'] . $type); // Doublepost Check // if ($vbulletin->options['dp_timespan'] and VB_API !== true and $cutoff = TIMENOW - $vbulletin->options['dp_timespan'] * 60 and $threadinfo['lastpost'] > $cutoff and !$post['preview'] and $threadinfo['lastposter'] == $vbulletin->userinfo['username'] and !($foruminfo['options'] & $vbulletin->bf_misc_forumoptions['bypassdp']) and !($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['bypassdoublepost']) and $doublepost = $vbulletin->db->query_first("\n\t\t\t\tSELECT post.*, posthash.userid AS dupe_userid\n\t\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "posthash AS posthash ON (\n\t\t\t\t\tposthash.threadid = {$threadinfo['threadid']}\n\t\t\t\t\t\tAND\n\t\t\t\t\tposthash.dupehash = '" . $vbulletin->db->escape_string($dupehash) . "'\n\t\t\t\t\t\tAND\n\t\t\t\t\tposthash.userid = {$vbulletin->userinfo['userid']}\n\t\t\t\t\t\tAND\n\t\t\t\t\tposthash.dateline > " . (TIMENOW - 300) . "\n\t\t\t\t)\n\t\t\t\tWHERE\n\t\t\t\t\tpost.visible = 1\n\t\t\t\t\t\tAND\n\t\t\t\t\tpost.postid = " . $threadinfo['lastpostid'] . "\n\t\t\t\t\t\tAND\n\t\t\t\t\tpost.threadid = " . $threadinfo['threadid'] . "\n\t\t\t\tLIMIT 1\t") and $attach = $vbulletin->db->query_first("\n\t\t\t\tSELECT count(attachmentid) AS attach\n\t\t\t\tFROM " . TABLE_PREFIX . "attachment\n\t\t\t\tWHERE state = 'visible'\n\t\t\t\tAND posthash = '" . $post['posthash'] . "'") and ($vbulletin->options['attachlimit'] == 0 or $attach['attach'] + $doublepost['attach'] <= $vbulletin->options['attachlimit'])) { $cstate = $vbulletin->options['dp_color'] ? 1 : 0; $minchar = intval($vbulletin->options['postminchars']) <= 0 ? 1 : intval($vbulletin->options['postminchars']); if (vbstrlen(strip_bbcode($post['message'], $vbulletin->options['ignorequotechars'])) < $minchar) { require_once DIR . '/includes/functions_misc.php'; $errors[] = construct_phrase(fetch_phrase('tooshort', 'error'), $minchar); return false; } if ($doublepost['dupe_userid']) { require_once DIR . '/includes/functions_misc.php'; $errors[] = fetch_phrase('duplicate_post', 'error'); return false; } switch ($vbulletin->options['dp_spacer']) { case 1: // None $cstate = 2; break; case 2: // Custom $spacer = $vbulletin->options['dp_text']; break; default: $spacer = $vbphrase['dp_spacer_default']; break; } switch ($cstate) { case 1: // Coloured spacer $spacer = "\n\n" . '[COLOR="' . $vbulletin->options['dp_color'] . '"]' . $spacer . '[/COLOR]' . "\n\n"; break; case 2: // No spacer. $spacer = "\n\n"; break; default: $spacer = "\n\n" . $spacer . "\n\n"; break; } $dp_flag = true; $id = $doublepost['postid']; // Need to set valid values for later // $doublepost['signature'] = $doublepost['showsignature']; $doublepost['disablesmilies'] = intval($doublepost['disablesmilies']); $doublepost['enablesmilies'] = $doublepost['disablesmilies'] ? 0 : 1; $doublepost['folderid'] = intval($doublepost['folderid']); $doublepost['emailupdate'] = intval($doublepost['emailupdate']); $doublepost['rating'] = intval($doublepost['rating']); $doublepost['podcastsize'] = intval($doublepost['podcastsize']); $doublepost['doublepost'] = $dp_flag; $doublepost['posthash'] = $post['posthash']; $doublepost['oldmessage'] = $post['message']; $doublepost['message'] = $doublepost['pagetext'] . $spacer . $post['message']; $post = $doublepost; unset($doublepost); $dataman->set_existing($post); if ($vbulletin->options['dp_bump']) { $post['dateline'] = TIMENOW; $dataman->set('dateline', $post['dateline']); } } else { $dp_flag = false; } } // set info $dataman->set_info('dpflag', $dp_flag); $dataman->set_info('preview', $post['preview']); $dataman->set_info('parseurl', $post['parseurl']); $dataman->set_info('posthash', $post['posthash']); $dataman->set_info('forum', $foruminfo); $dataman->set_info('thread', $threadinfo); if (!$vbulletin->GPC['fromquickreply']) { $dataman->set_info('show_title_error', true); } if ($foruminfo['podcast'] and (!empty($post['podcasturl']) or !empty($post['podcastexplicit']) or !empty($post['podcastauthor']) or !empty($post['podcastsubtitle']) or !empty($post['podcastkeywords']))) { $dataman->set_info('podcastexplicit', $post['podcastexplicit']); $dataman->set_info('podcastauthor', $post['podcastauthor']); $dataman->set_info('podcastkeywords', $post['podcastkeywords']); $dataman->set_info('podcastsubtitle', $post['podcastsubtitle']); $dataman->set_info('podcasturl', $post['podcasturl']); if ($post['podcastsize']) { $dataman->set_info('podcastsize', $post['podcastsize']); } } // set options $dataman->setr('showsignature', $post['signature']); $dataman->setr('allowsmilie', $post['enablesmilies']); $dataman->setr('htmlstate', $post['htmlstate']); // set data $dataman->setr('userid', $vbulletin->userinfo['userid']); if ($vbulletin->userinfo['userid'] == 0) { $dataman->setr('username', $post['username']); } $dataman->setr('title', $post['title']); $dataman->setr('pagetext', $post['message']); $dataman->setr('iconid', $post['iconid']); // see if post has to be moderated or if poster in a mod if (($foruminfo['moderatenewthread'] and $type == 'thread' or $foruminfo['moderatenewpost'] and $type == 'reply' or !($forumperms & $vbulletin->bf_ugp_forumpermissions['followforummoderation'])) and !can_moderate($foruminfo['forumid']) or $type == 'reply' and ($postinfo['postid'] and !$postinfo['visible'] and !empty($postinfo['specifiedpost']) or !$threadinfo['visible'])) { // note: specified post comes from a variable passed into newreply.php $dataman->set('visible', 0); $post['visible'] = 0; } else { $dataman->set('visible', 1); $post['visible'] = 1; } if ($type != 'thread') { if ($dp_flag) { $parentid = $post['parentid']; } else { if ($postinfo['postid']) { // get parentid of the new post // we're not posting a new thread, so make this post a child of the first post in the thread if (!empty($threadinfo['firstpostid'])) { //we have the postid in the thread table (firstpostid) $parentid = $threadinfo['firstpostid']; } else { //for some reason it might not be available in the $threadinfo array, need to fetch it $getfirstpost = $vbulletin->db->query_first("SELECT postid FROM " . TABLE_PREFIX . "post WHERE threadid={$threadinfo['threadid']} ORDER BY dateline LIMIT 1"); $parentid = $getfirstpost['postid']; } } else { $parentid = $postinfo['postid']; } } $dataman->setr('parentid', $parentid); $dataman->setr('threadid', $threadinfo['threadid']); } else { $dataman->setr('forumid', $foruminfo['forumid']); } $errors = array(); // done! ($hook = vBulletinHook::fetch_hook('newpost_process')) ? eval($hook) : false; if ($vbulletin->GPC['fromquickreply'] and $post['preview']) { $errors = array(); return; } if (fetch_require_hvcheck('post') and !$post['preview']) { require_once DIR . '/includes/class_humanverify.php'; $verify =& vB_HumanVerify::fetch_library($vbulletin); if (!$verify->verify_token($post['humanverify'])) { $dataman->error($verify->fetch_error()); } } if ($dataman->info['podcastsize']) { $post['podcastsize'] = $dataman->info['podcastsize']; } // check if this forum requires a prefix if ($type == 'thread' and !$dataman->fetch_field('prefixid') and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) { // only require a prefix if we actually have options for this forum require_once DIR . '/includes/functions_prefix.php'; if (fetch_prefix_array($foruminfo['forumid'])) { $dataman->error('thread_prefix_required'); } } if ($type == 'thread' and $post['taglist']) { $threadinfo['postuserid'] = $vbulletin->userinfo['userid']; require_once DIR . '/includes/class_taggablecontent.php'; $content = vB_Taggable_Content_Item::create($vbulletin, "vBForum_Thread", $dataman->thread['threadid'], $threadinfo); $limits = $content->fetch_tag_limits(); $content->filter_tag_list_content_limits($post['taglist'], $limits, $tag_errors, true, false); if ($tag_errors) { foreach ($tag_errors as $error) { $dataman->error($error); } } $dataman->setr('taglist', $post['taglist']); } if ($type == 'reply' and $vbulletin->GPC['return_node']) { $dataman->set_info('nodeid', $vbulletin->GPC['return_node']); } $dataman->pre_save(); $errors = array_merge($errors, $dataman->errors); if ($post['preview']) { return; } // ### DUPE CHECK ### $dupehash = md5($foruminfo['forumid'] . $post['title'] . $post['message'] . $vbulletin->userinfo['userid'] . $type); $prevpostfound = false; $prevpostthreadid = 0; if ($prevpost = $vbulletin->db->query_first("\n\t\tSELECT posthash.threadid, thread.title\n\t\tFROM " . TABLE_PREFIX . "posthash AS posthash\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (thread.threadid = posthash.threadid)\n\t\tWHERE posthash.userid = " . $vbulletin->userinfo['userid'] . " AND\n\t\t\tposthash.dupehash = '" . $vbulletin->db->escape_string($dupehash) . "' AND\n\t\t\tposthash.dateline > " . (TIMENOW - 300) . "\n\t")) { if ($type == 'thread' and $prevpost['threadid'] == 0 or $type == 'reply' and $prevpost['threadid'] == $threadinfo['threadid']) { $prevpostfound = true; $prevpostthreadid = $prevpost['threadid']; } } // Redirect user to forumdisplay since this is a duplicate post if ($prevpostfound) { if ($type == 'thread') { $vbulletin->url = fetch_seo_url('forum', $foruminfo); print_standard_redirect('redirect_duplicatethread', true, true); } else { // with ajax quick reply we need to use the error system if ($vbulletin->GPC['ajax']) { $dataman->error('duplicate_post'); $errors = $dataman->errors; return; } else { $vbulletin->url = fetch_seo_url('thread', $prevpost, array('goto' => 'newpost')); if ($post['ajaxqrfailed']) { // ajax qr failed. While this is a dupe, most likely the user didn't // see the initial post, so act like it went through. print_standard_redirect('redirect_postthanks'); } else { print_standard_redirect('redirect_duplicatepost', true, true); } } } } if (sizeof($errors) > 0) { return; } if ($post['doublepost']) { $dataman->save(); } else { $id = $dataman->save(); } if ($type == 'thread') { $post['threadid'] = $id; $threadinfo =& $dataman->thread; $post['postid'] = $dataman->fetch_field('firstpostid'); clear_autosave_text('vBForum_Thread', 0, 0, $vbulletin->userinfo['userid']); } else { $post['postid'] = $id; if ($vbulletin->GPC_exists['return_node'] and intval($vbulletin->GPC['return_node'])) { clear_autosave_text('vBCms_ArticleComment', 0, $vbulletin->GPC['return_node'], $vbulletin->userinfo['userid']); } else { clear_autosave_text('vBForum_Post', 0, $threadinfo['threadid'], $vbulletin->userinfo['userid']); } } post_vb_api_details('vBForum_Post', $post['postid']); $post['visible'] = $dataman->fetch_field('visible'); $set_open_status = false; $set_sticky_status = false; if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) { $set_open_status = true; } if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) { $set_sticky_status = true; } if ($set_open_status or $set_sticky_status) { $thread =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost'); if ($type == 'thread') { $thread->set_existing($dataman->thread); if ($set_open_status) { $post['postpoll'] = false; } } else { $thread->set_existing($threadinfo); } if ($set_open_status) { $thread->set('open', $thread->fetch_field('open') == 1 ? 0 : 1); } if ($set_sticky_status) { $thread->set('sticky', $thread->fetch_field('sticky') == 1 ? 0 : 1); } $thread->save(); } if ($type == 'thread') { require_once DIR . '/includes/class_taggablecontent.php'; $content = vB_Taggable_Content_Item::create($vbulletin, "vBForum_Thread", $dataman->thread['threadid'], $threadinfo); $limits = $content->fetch_tag_limits(); $content->add_tags_to_content($post['taglist'], $limits); } // ### DO THREAD RATING ### build_thread_rating($post['rating'], $foruminfo, $threadinfo); // ### DO EMAIL NOTIFICATION ### if ($post['visible'] and $type != 'thread' and !in_coventry($vbulletin->userinfo['userid'], true)) { exec_send_notification($threadinfo['threadid'], $vbulletin->userinfo['userid'], $post['postid']); } // ### DO THREAD SUBSCRIPTION ### if ($vbulletin->userinfo['userid'] != 0) { require_once DIR . '/includes/functions_misc.php'; $post['emailupdate'] = verify_subscription_choice($post['emailupdate'], $vbulletin->userinfo, 9999); ($hook = vBulletinHook::fetch_hook('newpost_subscribe')) ? eval($hook) : false; if (!$threadinfo['issubscribed'] and $post['emailupdate'] != 9999) { // user is not subscribed to this thread so insert it /*insert query*/ $vbulletin->db->query_write("INSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } else { // User is subscribed, see if they changed the settings for this thread if ($post['emailupdate'] == 9999) { // Remove this subscription, user chose 'No Subscription' $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "subscribethread WHERE threadid = {$threadinfo['threadid']} AND userid = " . $vbulletin->userinfo['userid']); } else { if ($threadinfo['emailupdate'] != $post['emailupdate'] or $threadinfo['folderid'] != $post['folderid']) { // User changed the settings so update the current record /*insert query*/ $vbulletin->db->query_write("REPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES (" . $vbulletin->userinfo['userid'] . ", {$threadinfo['threadid']}, {$post['emailupdate']}, {$post['folderid']}, 1)"); } } } } ($hook = vBulletinHook::fetch_hook('newpost_complete')) ? eval($hook) : false; }
} } require_once DIR . '/includes/functions_user.php'; $users = $db->query_read_slave("\n\t\tSELECT userid, username, email, languageid\n\t\tFROM " . TABLE_PREFIX . "user\n\t\tWHERE email = '" . $db->escape_string($vbulletin->GPC['email']) . "'\n\t"); if ($db->num_rows($users)) { while ($user = $db->fetch_array($users)) { if ($vbulletin->GPC['userid'] and $vbulletin->GPC['userid'] != $user['userid']) { continue; } $user['username'] = unhtmlspecialchars($user['username']); $user['activationid'] = build_user_activation_id($user['userid'], 2, 1); eval(fetch_email_phrases('lostpw', $user['languageid'])); vbmail($user['email'], $subject, $message, true); } $vbulletin->url = str_replace('"', '', $vbulletin->url); eval(print_standard_redirect('redirect_lostpw', true, true)); } else { eval(standard_error(fetch_error('invalidemail', $vbulletin->options['contactuslink']))); } } // ############################### start reset password ############################### if ($vbulletin->GPC['a'] == 'pwd' or $_REQUEST['do'] == 'resetpassword') { $vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT, 'u' => TYPE_UINT, 'activationid' => TYPE_STR, 'i' => TYPE_STR)); if (!$vbulletin->GPC['userid']) { $vbulletin->GPC['userid'] = $vbulletin->GPC['u']; } if (!$vbulletin->GPC['activationid']) { $vbulletin->GPC['activationid'] = $vbulletin->GPC['i']; } $userinfo = verify_id('user', $vbulletin->GPC['userid'], 1, 1); $user = $db->query_first("\n\t\tSELECT activationid, dateline\n\t\tFROM " . TABLE_PREFIX . "useractivation\n\t\tWHERE type = 1\n\t\t\tAND userid = {$userinfo['userid']}\n\t");
eval(standard_error(fetch_error('tooshort', $vbulletin->options['postminchars']))); } ($hook = vBulletinHook::fetch_hook('usernote_donote')) ? eval($hook) : false; if ($vbulletin->GPC['usernoteid']) { // Edited note. $db->query_write("\r\n\t\t\tUPDATE " . TABLE_PREFIX . "usernote\r\n\t\t\tSET message = '" . $db->escape_string($vbulletin->GPC['message']) . "',\r\n\t\t\t\ttitle = '" . $db->escape_string($vbulletin->GPC['title']) . "',\r\n\t\t\t\tallowsmilies = {$allowsmilies}\r\n\t\t\tWHERE usernoteid = " . $vbulletin->GPC['usernoteid'] . "\r\n\t\t"); } else { /*insert query*/ $db->query_write("\r\n\t\t\tINSERT INTO " . TABLE_PREFIX . "usernote (message, dateline, userid, posterid, title, allowsmilies)\r\n\t\t\tVALUES ('" . $db->escape_string($vbulletin->GPC['message']) . "', " . TIMENOW . ", {$userinfo['userid']}, " . $vbulletin->userinfo['userid'] . ", '" . $db->escape_string($vbulletin->GPC['title']) . "', {$allowsmilies})\r\n\t\t"); } if (!$canview) { $vbulletin->url = fetch_seo_url('member', $userinfo); } else { $vbulletin->url = 'usernote.php?' . $vbulletin->session->vars['sessionurl'] . "do=viewuser&u={$userinfo['userid']}"; } eval(print_standard_redirect('redirect_usernoteaddevent')); } // ############################### Start Add User Note ########################## if ($_REQUEST['do'] == 'newnote') { if (!$canpost) { print_no_permission(); } if (empty($checked['parseurl'])) { $checked['parseurl'] = 'checked="checked"'; } if ($vbulletin->options['unallowsmilies'] == 1) { $templater = vB_Template::create('newpost_disablesmiliesoption'); $templater->register('checked', $checked); $disablesmiliesoption = $templater->render(); } $show['editnote'] = false;
function do_login_redirect() { global $vbulletin, $vbphrase; $vbulletin->input->fetch_basepath(); if ( $vbulletin->url == 'login.php' OR $vbulletin->url == $vbulletin->options['forumhome'] . '.php' OR strpos($vbulletin->url, 'do=logout') !== false OR (!$vbulletin->options['allowmultiregs'] AND strpos($vbulletin->url, $vbulletin->basepath . 'register.php') === 0) ) { $vbulletin->url = $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']; } else { $vbulletin->url = fetch_replaced_session_url($vbulletin->url); $vbulletin->url = preg_replace('#^/+#', '/', $vbulletin->url); // bug 3654 don't ask why } $temp = strpos($vbulletin->url, '?'); if ($temp) { $formfile = substr($vbulletin->url, 0, $temp); } else { $formfile =& $vbulletin->url; } $postvars = $vbulletin->GPC['postvars']; ($hook = vBulletinHook::fetch_hook('login_redirect')) ? eval($hook) : false; // recache the global group to get the stuff from the new language $globalgroup = $vbulletin->db->query_first_slave(" SELECT phrasegroup_global, languagecode, charset FROM " . TABLE_PREFIX . "language WHERE languageid = " . intval($vbulletin->userinfo['languageid'] ? $vbulletin->userinfo['languageid'] : $vbulletin->options['languageid']) ); if ($globalgroup) { $vbphrase = array_merge($vbphrase, unserialize($globalgroup['phrasegroup_global'])); if (vB_Template_Runtime::fetchStyleVar('charset') != $globalgroup['charset']) { // change the character set in a bunch of places - a total hack global $headinclude; $headinclude = str_replace( "content=\"text/html; charset=" . vB_Template_Runtime::fetchStyleVar('charset') . "\"", "content=\"text/html; charset=$globalgroup[charset]\"", $headinclude ); vB_Template_Runtime::addStyleVar('charset', $globalgroup['charset'], 'imgdir'); $vbulletin->userinfo['lang_charset'] = $globalgroup['charset']; exec_headers(); } if ($vbulletin->GPC['postvars']) { $postvars = @unserialize(verify_client_string($vbulletin->GPC['postvars'])); if ($postvars['securitytoken'] = 'guest') { $vbulletin->userinfo['securitytoken_raw'] = sha1($vbulletin->userinfo['userid'] . sha1($vbulletin->userinfo['salt']) . sha1(COOKIE_SALT)); $vbulletin->userinfo['securitytoken'] = TIMENOW . '-' . sha1(TIMENOW . $vbulletin->userinfo['securitytoken_raw']); $postvars['securitytoken'] = $vbulletin->userinfo['securitytoken']; $vbulletin->GPC['postvars'] = sign_client_string(serialize($postvars)); } } vB_Template_Runtime::addStyleVar('languagecode', $globalgroup['languagecode']); } eval(print_standard_redirect('redirect_login', true, true, $vbulletin->userinfo['languageid'])); }
if (empty($user['activationid'])) { //none exists so create one $user['activationid'] = build_user_activation_id($user['userid'], 2, 0); } else { $user['activationid'] = fetch_random_string(40); $db->query_write("\r\n\t\t\t\t\t\tUPDATE " . TABLE_PREFIX . "useractivation SET\r\n\t\t\t\t\t\t\tdateline = " . TIMENOW . ",\r\n\t\t\t\t\t\t\tactivationid = '{$user['activationid']}'\r\n\t\t\t\t\t\tWHERE userid = {$user['userid']}\r\n\t\t\t\t\t\t\tAND type = 0\r\n\t\t\t\t\t"); } $userid = $user['userid']; $username = $user['username']; $activateid = $user['activationid']; ($hook = vBulletinHook::fetch_hook('register_emailcode_user')) ? eval($hook) : false; eval(fetch_email_phrases('activateaccount', $user['languageid'])); vbmail($user['email'], $subject, $message, true); } } eval(print_standard_redirect('redirect_lostactivatecode', true, true)); } else { eval(standard_error(fetch_error('invalidemail', $vbulletin->options['contactuslink']))); } } // ############################### start coppa form ############################### if ($_REQUEST['do'] == 'coppaform') { if ($vbulletin->userinfo['userid']) { $vbulletin->userinfo['signature'] = nl2br($vbulletin->userinfo['signature']); if ($vbulletin->userinfo['showemail']) { $vbulletin->userinfo['showemail'] = $vbphrase['no']; } else { $vbulletin->userinfo['showemail'] = $vbphrase['yes']; } } else { $vbulletin->userinfo['username'] = '';
$vbulletin->url = 'search.php?' . $vbulletin->session->vars['sessionurl']; if (!empty($globals)) { foreach (array_keys($globals) as $varname) { if (is_array($vbulletin->GPC["{$varname}"])) { foreach ($vbulletin->GPC["{$varname}"] as $_cleanme) { $vbulletin->url .= $varname . '[]=' . urlencode($_cleanme) . '&'; } } else { $vbulletin->url .= $varname . '[]=' . urlencode($vbulletin->GPC["{$varname}"]) . '&'; } } $vbulletin->url = substr($vbulletin->url, 0, -5); } ($hook = vBulletinHook::fetch_hook('search_doprefs_complete')) ? eval($hook) : false; if (!$vbulletin->GPC['ajax']) { eval(print_standard_redirect($clearprefs ? 'search_preferencescleared' : 'search_preferencessaved', true, true)); } else { require_once DIR . '/includes/class_xml.php'; $xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); $xml->add_tag('message', fetch_phrase($clearprefs ? 'redirect_search_preferencescleared' : 'redirect_search_preferencessaved', 'frontredirect', 'redirect_')); $xml->print_xml(); } } // ############################################################################# // finish off the page if ($templatename != '') { ($hook = vBulletinHook::fetch_hook('search_complete')) ? eval($hook) : false; $navbits = construct_navbits($navbits); eval('$navbar = "' . fetch_template('navbar') . '";'); eval('print_output("' . fetch_template($templatename) . '");'); }
$members = $vbulletin->db->query_read("\n\t\tSELECT * FROM " . TABLE_PREFIX . "socialgroupmember\n\t\tWHERE groupid = " . $group['groupid'] . " AND type = 'moderated' AND userid IN ({$ids})\n\t"); while ($member = $vbulletin->db->fetch_array($members)) { $socialgroupmemberdm->set_existing($member); ($hook = vBulletinHook::fetch_hook('group_pending_members')) ? eval($hook) : false; if ($vbulletin->GPC['action'] == 'deny') { $socialgroupmemberdm->delete(); } else { if ($vbulletin->GPC['action'] == 'accept') { $socialgroupmemberdm->set('type', 'member'); $socialgroupmemberdm->save(); } } } $vbulletin->url = 'group.php?' . $vbulletin->session->vars['sessionurl'] . 'do=manage&groupid=' . $group['groupid']; ($hook = vBulletinHook::fetch_hook('group_pending_members_complete')) ? eval($hook) : false; eval(print_standard_redirect('successfully_managed_members')); } // ####################################################################### if ($templatename != '') { ($hook = vBulletinHook::fetch_hook('group_complete')) ? eval($hook) : false; // make navbar $navbits = construct_navbits($navbits); eval('$navbar = "' . fetch_template('navbar') . '";'); $custompagetitle = empty($custompagetitle) ? $pagetitle : $custompagetitle; eval('print_output("' . fetch_template($templatename) . '");'); } /*======================================================================*\ || #################################################################### || # Downloaded: 12:56, Sat Oct 11th 2008 || # CVS: $RCSfile$ - $Revision: 27066 $ || ####################################################################
$userdm->set('displaygroupid', 0); // update the user's title if they've specified a special user title for the banned group if ($vbulletin->usergroupcache["{$banusergroupid}"]['usertitle'] != '') { $userdm->set('usertitle', $vbulletin->usergroupcache["{$banusergroupid}"]['usertitle']); $userdm->set('customtitle', 0); } $userdm->save(); unset($userdm); } } ($hook = vBulletinHook::fetch_hook('infraction_update_complete')) ? eval($hook) : false; if ($postinfo['postid']) { $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "p={$postinfo['postid']}#post{$postinfo['postid']}"; eval(print_standard_redirect('redirect_infraction_added')); } else { eval(print_standard_redirect('redirect_infraction_added')); } } else { ($hook = vBulletinHook::fetch_hook('infraction_update_complete')) ? eval($hook) : false; unset($infdata); $note = htmlspecialchars_uni($vbulletin->GPC['note']); $customexpires = $vbulletin->GPC['expires'] ? $vbulletin->GPC['expires'] : ''; $custompoints = $vbulletin->GPC['points']; $periodselected = array($vbulletin->GPC['period'] => 'selected="selected"'); $customreason = htmlspecialchars_uni($vbulletin->GPC['customreason']); $banreason = $vbulletin->GPC['banreason']; $_REQUEST['do'] = 'report'; } } // ######################### REPORT INFRACTION ############################ if ($_REQUEST['do'] == 'report') {
} if (empty($searcherrors)) { $search_perms = build_blog_permissions_query($vbulletin->userinfo); $searchid = $search->execute($search_perms); ($hook = vBulletinHook::fetch_hook('blog_search_dosearch_complete')) ? eval($hook) : false; if ($search->has_errors()) { $searcherrors = $search->generator->errors; } else { $vbulletin->url = 'blog_search.php?' . $vbulletin->session->vars['sessionurl'] . "do=searchresults&searchid=$searchid"; eval(print_standard_redirect('blog_search_executed')); } } } $_REQUEST['do'] = 'search'; } // ####################################################################### if ($_REQUEST['do'] == 'searchresults') { $vbulletin->input->clean_array_gpc('r', array( 'searchid' => TYPE_UINT, 'start' => TYPE_UINT, 'pagenumber' => TYPE_UINT, 'perpage' => TYPE_UINT
$_REQUEST['do'] = 'newpm'; } else { if ($vbulletin->GPC['preview'] != '') { define('PMPREVIEW', 1); $foruminfo = array('forumid' => 'privatemessage', 'allowicons' => $vbulletin->options['privallowicons']); $preview = process_post_preview($pm); $_REQUEST['do'] = 'newpm'; } else { // everything's good! $pmdm->save(); // force pm counters to be rebuilt $vbulletin->userinfo['pmunread'] = -1; build_pm_counters(); ($hook = vBulletinHook::fetch_hook('private_insertpm_complete')) ? eval($hook) : false; $vbulletin->url = 'private.php' . $vbulletin->session->vars['sessionurl_q']; eval(print_standard_redirect('pm_messagesent')); } } } // ############################### start new pm ############################### // form for creating a new private message if ($_REQUEST['do'] == 'newpm') { if ($permissions['pmquota'] < 1) { print_no_permission(); } else { if (!$vbulletin->userinfo['receivepm']) { eval(standard_error(fetch_error('pm_turnedoff'))); } } require_once DIR . '/includes/functions_newpost.php'; ($hook = vBulletinHook::fetch_hook('private_newpm_start')) ? eval($hook) : false;
} $pollvote->set('votetype', 0); if (!$pollvote->save(true, false, false, false, true)) { $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}"; eval(print_standard_redirect('redirect_pollvoteduplicate')); } } } // make last reply date == last vote date if ($vbulletin->options['updatelastpost']) { // option selected in CP $threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost'); $threadman->set_existing($threadinfo); $threadman->set('lastpost', TIMENOW); $threadman->save(); } ($hook = vBulletinHook::fetch_hook('poll_vote_complete')) ? eval($hook) : false; // redirect $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}"; eval(print_standard_redirect('redirect_pollvotethanks')); } else { ($hook = vBulletinHook::fetch_hook('poll_vote_complete')) ? eval($hook) : false; eval(standard_error(fetch_error('nopolloptionselected'))); } } /*======================================================================*\ || #################################################################### || # Downloaded: 08:19, Wed Nov 5th 2008 || # CVS: $RCSfile$ - $Revision: 26399 $ || #################################################################### \*======================================================================*/
// Validate Messages $messages = $db->query_read_slave("\n\t\tSELECT gm.gmid, gm.state, gm.groupid, gm.dateline, gm.postuserid, gm.postusername,\n\t\t\tsocialgroup.name AS group_name, socialgroup.creatoruserid\n\t\tFROM " . TABLE_PREFIX . "groupmessage AS gm\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON (socialgroup.groupid = gm.groupid)\n\t\tWHERE gmid IN ({$messageids})\n\t\t\tAND state = 'deleted'\n\t"); while ($message = $db->fetch_array($messages)) { $message['is_group_owner'] = $message['creatoruserid'] == $vbulletin->userinfo['userid']; $messagearray["{$message['gmid']}"] = $message; $grouplist["{$message['groupid']}"] = true; } if (empty($messagearray)) { standard_error(fetch_error('you_did_not_select_any_valid_messages')); } $db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "deletionlog\n\t\tWHERE type = 'groupmessage' AND\n\t\t\tprimaryid IN(" . implode(',', array_keys($messagearray)) . ")\n\t"); $db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "groupmessage\n\t\tSET state = 'visible'\n\t\tWHERE gmid IN(" . implode(',', array_keys($messagearray)) . ")\n\t"); foreach ($grouplist as $groupid => $foo) { build_group_counters($groupid); } foreach ($messagearray as $message) { if (!$message['is_group_owner']) { log_moderator_action($message, 'gm_by_x_for_y_undeleted', array($message['postusername'], $message['group_name'])); } } // empty cookie setcookie('vbulletin_inlinegmessage', '', TIMENOW - 3600, '/'); ($hook = vBulletinHook::fetch_hook('group_inlinemod_undelete')) ? eval($hook) : false; eval(print_standard_redirect('redirect_inline_undeletedmessages', true, $forceredirect)); } /*======================================================================*\ || #################################################################### || # Downloaded: 09:39, Wed Nov 5th 2008 || # SVN: $Revision: 27889 $ || #################################################################### \*======================================================================*/
$announcementid = $anncdata->save(); if ($announcementinfo) { if ($vbulletin->GPC['reset_views']) { $db->query_write("DELETE FROM " . TABLE_PREFIX . "announcementread WHERE announcementid = $announcementinfo[announcementid]"); } $announcementid = $announcementinfo['announcementid']; } $title = $anncdata->fetch_field('title'); $vbulletin->url = 'announcement.php?' . $vbulletin->session->vars['sessionurl'] . "a=$announcementid"; eval(print_standard_redirect('saved_announcement')); } // ############################################################################# // edit an announcement if ($_REQUEST['do'] == 'edit') { require_once(DIR . '/includes/functions_misc.php'); require_once(DIR . '/includes/functions_editor.php'); require_once(DIR . '/includes/functions_newpost.php'); require_once(DIR . '/includes/modfunctions.php'); if ($announcementinfo['announcementid']) { if (!can_moderate($announcementinfo['forumid'], 'canannounce')) {
($hook = vBulletinHook::fetch_hook('profile_docustomize_process')) ? eval($hook) : false; if ($vbulletin->GPC['ajax']) { // AJAX means get the preview $effective_css = $usercss->build_css($usercss->fetch_effective()); $effective_css = str_replace('/*sessionurl*/', $vbulletin->session->vars['sessionurl_js'], $effective_css); require_once DIR . '/includes/class_xml.php'; $xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); $xml->add_group('preview'); $xml->add_tag('css', process_replacement_vars($effective_css)); $xml->close_group(); $xml->print_xml(); } if (empty($usercss->error) and empty($usercss->invalid)) { $usercss->save(); $vbulletin->url = "profile.php?" . $vbulletin->session->vars['sessionurl'] . "do=customize"; eval(print_standard_redirect('usercss_saved')); } else { if (!empty($usercss->error)) { standard_error(implode("<br />", $usercss->error)); } else { // have invalid, no errors $_REQUEST['do'] = 'customize'; define('HAVE_ERRORS', true); } } } // ####################################################################### if ($_REQUEST['do'] == 'customize') { $cssdisplayinfo = $usercss->build_display_array(); $errors = ''; // if we don't have errors, the displayed values are the existing ones
// Set message state $vbulletin->db->query_write("\r\n\t\tUPDATE " . TABLE_PREFIX . "subscribediscussion\r\n\t\tSET emailupdate = '" . ($_POST['do'] == 'noemail' ? 0 : 1) . "'\r\n\t\tWHERE discussionid IN ({$discussionlist})\r\n\t\tAND userid = " . $vbulletin->userinfo['userid']); eval(print_standard_redirect('subupdate')); } // ############################################################### if ($_POST['do'] == 'updategroup') { $vbulletin->input->clean_array_gpc('p', array('grouplist' => TYPE_ARRAY_UINT, 'act' => TYPE_STR)); if ($vbulletin->GPC['grouplist']) { $grouplist = implode(',', $vbulletin->GPC['grouplist']); $update_type = ''; switch ($vbulletin->GPC['act']) { case 'delete': $vbulletin->db->query_write("\r\n\t\t\t\t\tDELETE FROM " . TABLE_PREFIX . "subscribegroup\r\n\t\t\t\t\tWHERE groupid IN ({$grouplist})\r\n\t\t\t\t\t\tAND userid = " . $vbulletin->userinfo['userid']); break; case 'daily': case 'weekly': case 'none': $update_type = $vbulletin->GPC['act']; } if ($update_type) { $vbulletin->db->query_write("\r\n\t\t\t\tUPDATE " . TABLE_PREFIX . "subscribegroup\r\n\t\t\t\tSET emailupdate = '" . $db->escape_string($update_type) . "'\r\n\t\t\t\tWHERE groupid IN ({$grouplist})\r\n\t\t\t\t\tAND userid = " . $vbulletin->userinfo['userid']); } } eval(print_standard_redirect('subupdate')); } /*======================================================================*\ || #################################################################### || # Downloaded: 23:48, Wed Mar 24th 2010 || # CVS: $RCSfile$ - $Revision: 26399 $ || #################################################################### \*======================================================================*/