public function admin_form(&$qa_content)
{
$saved = false;
$error = false;
if (qa_clicked(self::RESET_BTN)) {
if (qa_check_form_security_code('donut/admin_options', qa_post_text('code'))) {
if (donut_reset_all_options()) {
$saved = true;
qa_opt('donut_defaults_set_ok', 1);
}
} else {
$error = qa_lang_html('admin/form_security_expired');
}
}
$form = array('ok' => $saved ? donut_lang('options_reset') : null, 'fields' => array('simple_note' => array('type' => 'static', 'label' => donut_lang('admin_notes'), 'error' => $error)), 'buttons' => array(array('label' => qa_lang_html('admin/reset_options_button'), 'tags' => 'NAME="' . self::RESET_BTN . '"')), 'hidden' => array('code' => qa_get_form_security_code('donut/admin_options')));
return $form;
}
createQuestion($title, $content, $areaclass, $conclass, $tags);
$topath = qa_get('to');
if (isset($topath)) {
qa_redirect_raw("/" . $topath);
} else {
qa_redirect_raw('/');
}
}
}
} else {
qa_redirect_raw('/view/question.php');
}
}
if ($doanswer) {
if (!qa_get_logged_in_userid()) {
if (!qa_check_form_security_code('answer', qa_post_text('code')) || strtolower($_SESSION['VerifyCode']) != strtolower(qa_post_text('captcha'))) {
$errors['page'] = '验证码错误,请重试';
qa_redirect_raw('/questiondetail/' . $_POST['question'] . '.html?error=' . urlencode($errors['page']));
} else {
$parentid = $_POST['question'];
$content = $_POST['content'];
createAnswer($parentid, $content);
$topath = qa_get('to');
if (isset($topath)) {
qa_redirect_raw("/" . $topath);
} else {
qa_redirect_raw('/');
}
}
}
}
if (!qa_admin_check_privileges($qa_content)) {
return $qa_content;
}
// Process user actions
$securityexpired = false;
$recalculate = false;
$optionnames = qa_db_points_option_names();
if (qa_clicked('doshowdefaults')) {
$options = array();
foreach ($optionnames as $optionname) {
$options[$optionname] = qa_default_option($optionname);
}
} else {
if (qa_clicked('docancel')) {
} elseif (qa_clicked('dosaverecalc')) {
if (!qa_check_form_security_code('admin/points', qa_post_text('code'))) {
$securityexpired = true;
} else {
foreach ($optionnames as $optionname) {
qa_set_option($optionname, (int) qa_post_text('option_' . $optionname));
}
if (!qa_post_text('has_js')) {
qa_redirect('admin/recalc', array('dorecalcpoints' => 1));
} else {
$recalculate = true;
}
}
}
$options = qa_get_options($optionnames);
}
// Prepare content for theme
function qa_page_q_edit_c_submit($comment, $question, $parent, &$in, &$errors)
{
$commentid = $comment['postid'];
$prefix = 'c' . $commentid . '_';
$in = array();
if ($comment['isbyuser']) {
$in['name'] = qa_post_text($prefix . 'name');
$in['notify'] = qa_post_text($prefix . 'notify') ? true : false;
$in['email'] = qa_post_text($prefix . 'email');
}
if (!qa_user_post_permit_error('permit_edit_silent', $comment)) {
$in['silent'] = qa_post_text($prefix . 'silent');
}
qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']);
// here the $in array only contains values for parts of the form that were displayed, so those are only ones checked by filters
$errors = array();
if (!qa_check_form_security_code('edit-' . $commentid, qa_post_text($prefix . 'code'))) {
$errors['content'] = qa_lang_html('misc/form_security_again');
} else {
$in['queued'] = qa_opt('moderate_edited_again') && qa_user_moderation_reason(qa_user_level_for_post($comment));
$filtermodules = qa_load_modules_with('filter', 'filter_comment');
foreach ($filtermodules as $filtermodule) {
$oldin = $in;
$filtermodule->filter_comment($in, $errors, $question, $parent, $comment);
qa_update_post_text($in, $oldin);
}
if (empty($errors)) {
$userid = qa_get_logged_in_userid();
$handle = qa_get_logged_in_handle();
$cookieid = qa_cookie_get();
if (!isset($in['silent'])) {
$in['silent'] = false;
}
$setnotify = $comment['isbyuser'] ? qa_combine_notify_email($comment['userid'], $in['notify'], $in['email']) : $comment['notify'];
qa_comment_set_content($comment, $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, $parent, @$in['name'], $in['queued'], $in['silent']);
return true;
}
}
return false;
}
GNU General Public License for more details.
More about this license: http://www.question2answer.org/license.php
*/
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
require_once QA_INCLUDE_DIR . 'qa-app-cookies.php';
require_once QA_INCLUDE_DIR . 'qa-app-votes.php';
require_once QA_INCLUDE_DIR . 'qa-app-format.php';
require_once QA_INCLUDE_DIR . 'qa-app-options.php';
require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
$postid = qa_post_text('postid');
$vote = qa_post_text('vote');
$code = qa_post_text('code');
$userid = qa_get_logged_in_userid();
$cookieid = qa_cookie_get();
if (!qa_check_form_security_code('vote', $code)) {
$voteerror = qa_lang_html('misc/form_security_reload');
} else {
$post = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $postid));
$voteerror = qa_vote_error_html($post, $vote, $userid, qa_request());
}
if ($voteerror === false) {
qa_vote_set($post, $userid, qa_get_logged_in_handle(), $cookieid, $vote);
$post = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $postid));
$fields = qa_post_html_fields($post, $userid, $cookieid, array(), null, array('voteview' => qa_get_vote_view($post, true)));
$themeclass = qa_load_theme_class(qa_get_site_theme(), 'voting', null, null);
echo "QA_AJAX_RESPONSE\n1\n";
$themeclass->voting_inner_html($fields);
} else {
echo "QA_AJAX_RESPONSE\n0\n" . $voteerror;
}
}
list($useraccount, $userprofile) = qa_db_select_with_pending(qa_db_user_account_selectspec($userid, true), qa_db_user_profile_selectspec($userid, true));
qa_report_event('u_save', $userid, $useraccount['handle'], qa_cookie_get());
if (empty($errors)) {
qa_redirect('account', array('state' => 'profile-saved'));
}
qa_logged_in_user_flush();
}
}
// Process change password if clicked
if (qa_clicked('dochangepassword')) {
require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
$inoldpassword = qa_post_text('oldpassword');
$innewpassword1 = qa_post_text('newpassword1');
$innewpassword2 = qa_post_text('newpassword2');
if (!qa_check_form_security_code('password', qa_post_text('code'))) {
$errors['page'] = qa_lang_html('misc/form_security_again');
} else {
$errors = array();
if ($haspassword && strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck'])) {
$errors['oldpassword'] = qa_lang('users/password_wrong');
}
$useraccount['password'] = $inoldpassword;
$errors = $errors + qa_password_validate($innewpassword1, $useraccount);
// array union
if ($innewpassword1 != $innewpassword2) {
$errors['newpassword2'] = qa_lang('users/password_mismatch');
}
if (empty($errors)) {
qa_db_user_set_password($userid, $innewpassword1);
qa_db_user_set($userid, 'sessioncode', '');
$wallposterrorhtml = qa_wall_error_html($loginuserid, $useraccount['userid'], $useraccount['flags']);
foreach ($usermessages as $message) {
if ($message['deleteable'] && qa_clicked('m' . $message['messageid'] . '_dodelete')) {
if (!qa_check_form_security_code('wall-' . $useraccount['handle'], qa_post_text('code'))) {
$errors['page'] = qa_lang_html('misc/form_security_again');
} else {
qa_wall_delete_post($loginuserid, qa_get_logged_in_handle(), qa_cookie_get(), $message);
qa_redirect(qa_request(), $_GET);
}
}
}
if (qa_clicked('dowallpost')) {
$inmessage = qa_post_text('message');
if (!strlen($inmessage)) {
$errors['message'] = qa_lang('profile/post_wall_empty');
} elseif (!qa_check_form_security_code('wall-' . $useraccount['handle'], qa_post_text('code'))) {
$errors['message'] = qa_lang_html('misc/form_security_again');
} elseif (!$wallposterrorhtml) {
qa_wall_add_post($loginuserid, qa_get_logged_in_handle(), qa_cookie_get(), $useraccount['userid'], $useraccount['handle'], $inmessage, '');
qa_redirect(qa_request());
}
}
// Prepare content for theme
$qa_content = qa_content_prepare();
$qa_content['title'] = qa_lang_html_sub('profile/wall_for_x', $userhtml);
$qa_content['error'] = @$errors['page'];
$qa_content['script_rel'][] = 'qa-content/qa-user.js?' . QA_VERSION;
$qa_content['message_list'] = array('tags' => 'id="wallmessages"', 'form' => array('tags' => 'name="wallpost" method="post" action="' . qa_self_html() . '"', 'style' => 'tall', 'hidden' => array('qa_click' => '', 'handle' => qa_html($useraccount['handle']), 'start' => qa_html($start), 'code' => qa_get_form_security_code('wall-' . $useraccount['handle']))), 'messages' => array());
if ($start == 0) {
// only allow posting on first page
if ($wallposterrorhtml) {
return include QA_INCLUDE_DIR . 'qa-page-not-found.php';
}
// Find recently (hidden, queued or not) questions, answers, comments and edits for this IP
$userid = qa_get_logged_in_userid();
list($qs, $qs_queued, $qs_hidden, $a_qs, $a_queued_qs, $a_hidden_qs, $c_qs, $c_queued_qs, $c_hidden_qs, $edit_qs) = qa_db_select_with_pending(qa_db_qs_selectspec($userid, 'created', 0, null, $ip, false), qa_db_qs_selectspec($userid, 'created', 0, null, $ip, 'Q_QUEUED'), qa_db_qs_selectspec($userid, 'created', 0, null, $ip, 'Q_HIDDEN', true), qa_db_recent_a_qs_selectspec($userid, 0, null, $ip, false), qa_db_recent_a_qs_selectspec($userid, 0, null, $ip, 'A_QUEUED'), qa_db_recent_a_qs_selectspec($userid, 0, null, $ip, 'A_HIDDEN', true), qa_db_recent_c_qs_selectspec($userid, 0, null, $ip, false), qa_db_recent_c_qs_selectspec($userid, 0, null, $ip, 'C_QUEUED'), qa_db_recent_c_qs_selectspec($userid, 0, null, $ip, 'C_HIDDEN', true), qa_db_recent_edit_qs_selectspec($userid, 0, null, $ip, false));
// Check we have permission to view this page, and whether we can block or unblock IPs
if (qa_user_maximum_permit_error('permit_anon_view_ips')) {
$qa_content = qa_content_prepare();
$qa_content['error'] = qa_lang_html('users/no_permission');
return $qa_content;
}
$blockable = qa_user_level_maximum() >= QA_USER_LEVEL_MODERATOR;
// allow moderator in one category to block across all categories
// Perform blocking or unblocking operations as appropriate
if (qa_clicked('doblock') || qa_clicked('dounblock') || qa_clicked('dohideall')) {
if (!qa_check_form_security_code('ip-' . $ip, qa_post_text('code'))) {
$pageerror = qa_lang_html('misc/form_security_again');
} elseif ($blockable) {
if (qa_clicked('doblock')) {
$oldblocked = qa_opt('block_ips_write');
qa_set_option('block_ips_write', (strlen($oldblocked) ? $oldblocked . ' , ' : '') . $ip);
qa_report_event('ip_block', $userid, qa_get_logged_in_handle(), qa_cookie_get(), array('ip' => $ip));
qa_redirect(qa_request());
}
if (qa_clicked('dounblock')) {
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
$blockipclauses = qa_block_ips_explode(qa_opt('block_ips_write'));
foreach ($blockipclauses as $key => $blockipclause) {
if (qa_block_ip_match($ip, $blockipclause)) {
unset($blockipclauses[$key]);
}
exit;
}
require_once QA_INCLUDE_DIR . 'app/admin.php';
require_once QA_INCLUDE_DIR . 'app/recalc.php';
// Check we have administrative privileges
if (!qa_admin_check_privileges($qa_content)) {
return $qa_content;
}
// Find out the operation
$allowstates = array('dorecountposts', 'doreindexcontent', 'dorecalcpoints', 'dorefillevents', 'dorecalccategories', 'dodeletehidden', 'doblobstodisk', 'doblobstodb');
$recalcnow = false;
foreach ($allowstates as $allowstate) {
if (qa_post_text($allowstate) || qa_get($allowstate)) {
$state = $allowstate;
$code = qa_post_text('code');
if (isset($code) && qa_check_form_security_code('admin/recalc', $code)) {
$recalcnow = true;
}
}
}
if ($recalcnow) {
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body>
<tt>
<?php
function qa_check_page_clicks()
{
if (qa_to_override(__FUNCTION__)) {
$args = func_get_args();
return qa_call_override(__FUNCTION__, $args);
}
global $qa_page_error_html;
if (qa_is_http_post()) {
foreach ($_POST as $field => $value) {
if (strpos($field, 'vote_') === 0) {
// voting...
@(list($dummy, $postid, $vote, $anchor) = explode('_', $field));
if (isset($postid) && isset($vote)) {
if (!qa_check_form_security_code('vote', qa_post_text('code'))) {
$qa_page_error_html = qa_lang_html('misc/form_security_again');
} else {
require_once QA_INCLUDE_DIR . 'app/votes.php';
require_once QA_INCLUDE_DIR . 'db/selects.php';
$userid = qa_get_logged_in_userid();
$post = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $postid));
$qa_page_error_html = qa_vote_error_html($post, $vote, $userid, qa_request());
if (!$qa_page_error_html) {
qa_vote_set($post, $userid, qa_get_logged_in_handle(), qa_cookie_get(), $vote);
qa_redirect(qa_request(), $_GET, null, null, $anchor);
}
break;
}
}
} elseif (strpos($field, 'favorite_') === 0) {
// favorites...
@(list($dummy, $entitytype, $entityid, $favorite) = explode('_', $field));
if (isset($entitytype) && isset($entityid) && isset($favorite)) {
if (!qa_check_form_security_code('favorite-' . $entitytype . '-' . $entityid, qa_post_text('code'))) {
$qa_page_error_html = qa_lang_html('misc/form_security_again');
} else {
require_once QA_INCLUDE_DIR . 'app/favorites.php';
qa_user_favorite_set(qa_get_logged_in_userid(), qa_get_logged_in_handle(), qa_cookie_get(), $entitytype, $entityid, $favorite);
qa_redirect(qa_request(), $_GET);
}
}
} elseif (strpos($field, 'notice_') === 0) {
// notices...
@(list($dummy, $noticeid) = explode('_', $field));
if (isset($noticeid)) {
if (!qa_check_form_security_code('notice-' . $noticeid, qa_post_text('code'))) {
$qa_page_error_html = qa_lang_html('misc/form_security_again');
} else {
if ($noticeid == 'visitor') {
setcookie('qa_noticed', 1, time() + 86400 * 3650, '/', QA_COOKIE_DOMAIN);
} elseif ($noticeid == 'welcome') {
require_once QA_INCLUDE_DIR . 'db/users.php';
qa_db_user_set_flag(qa_get_logged_in_userid(), QA_USER_FLAGS_WELCOME_NOTICE, false);
} else {
require_once QA_INCLUDE_DIR . 'db/notices.php';
qa_db_usernotice_delete(qa_get_logged_in_userid(), $noticeid);
}
qa_redirect(qa_request(), $_GET);
}
}
}
}
}
}
return $qa_content;
}
// Process submitted form
if (qa_clicked('doregister')) {
require_once QA_INCLUDE_DIR . 'app/limits.php';
if (qa_user_limits_remaining(QA_LIMIT_REGISTRATIONS)) {
require_once QA_INCLUDE_DIR . 'app/users-edit.php';
$inemail = qa_post_text('email');
$inpassword = qa_post_text('password');
$inhandle = qa_post_text('handle');
$interms = (int) qa_post_text('terms');
$inprofile = array();
foreach ($userfields as $userfield) {
$inprofile[$userfield['fieldid']] = qa_post_text('field_' . $userfield['fieldid']);
}
if (!qa_check_form_security_code('register', qa_post_text('code'))) {
$pageerror = qa_lang_html('misc/form_security_again');
} else {
// core validation
$errors = array_merge(qa_handle_email_filter($inhandle, $inemail), qa_password_validate($inpassword));
// T&Cs validation
if ($show_terms && !$interms) {
$errors['terms'] = qa_lang_html('users/terms_not_accepted');
}
// filter module validation
if (count($inprofile)) {
$filtermodules = qa_load_modules_with('filter', 'filter_profile');
foreach ($filtermodules as $filtermodule) {
$filtermodule->filter_profile($inprofile, $errors, null, null);
}
}
// Check we're not using single-sign on integration and that we're not logged in
if (QA_FINAL_EXTERNAL_USERS) {
qa_fatal_error('User login is handled by external code');
}
if (qa_is_logged_in()) {
qa_redirect('');
}
// Process incoming form
if (qa_clicked('doreset')) {
require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
$inemailhandle = qa_post_text('emailhandle');
$incode = trim(qa_post_text('code'));
// trim to prevent passing in blank values to match uninitiated DB rows
$errors = array();
if (!qa_check_form_security_code('reset', qa_post_text('formcode'))) {
$errors['page'] = qa_lang_html('misc/form_security_again');
} else {
if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) {
// handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($inemailhandle);
} else {
$matchusers = qa_db_user_find_by_handle($inemailhandle);
}
if (count($matchusers) == 1) {
// if match more than one (should be impossible), consider it a non-match
require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
// strlen() check is vital otherwise we can reset code for most users by entering the empty string
if (strlen($incode) && strtolower(trim($userinfo['emailcode'])) == strtolower($incode)) {
function cs_ajax_delete_featured_image()
{
$args = strip_tags($_REQUEST['args']);
$args = explode('_', $args);
print_r($args);
if (qa_get_logged_in_level() > QA_USER_LEVEL_ADMIN && isset($args) && qa_check_form_security_code('delete-image', $args[0])) {
require_once QA_INCLUDE_DIR . 'qa-db-metas.php';
$img = qa_db_postmeta_get($args[1], 'featured_image');
if (!empty($img)) {
$thumb_img = preg_replace('/(\\.[^.]+)$/', sprintf('%s$1', '_s'), $img);
$thumb = Q_THEME_DIR . '/uploads/' . $thumb_img;
$big_img = Q_THEME_DIR . '/uploads/' . $img;
qa_db_postmeta_clear($args[1], 'featured_image');
if (file_exists($big_img)) {
unlink($big_img);
}
if (file_exists($thumb)) {
unlink($thumb);
}
}
}
die;
}
Description: Server-side response to Ajax single clicks on posts in admin section
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
More about this license: http://www.question2answer.org/license.php
*/
require_once QA_INCLUDE_DIR . 'qa-app-admin.php';
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
require_once QA_INCLUDE_DIR . 'qa-app-cookies.php';
$entityid = qa_post_text('entityid');
$action = qa_post_text('action');
if (!qa_check_form_security_code('admin/click', qa_post_text('code'))) {
echo "QA_AJAX_RESPONSE\n0\n" . qa_lang('misc/form_security_reload');
} elseif (qa_admin_single_click($entityid, $action)) {
// permission check happens in here
echo "QA_AJAX_RESPONSE\n1\n";
} else {
echo "QA_AJAX_RESPONSE\n0\n" . qa_lang('main/general_error');
}
/*
Omit PHP closing tag to help avoid accidental output
*/
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
More about this license: http://www.question2answer.org/license.php
*/
require_once QA_INCLUDE_DIR . 'app/users.php';
require_once QA_INCLUDE_DIR . 'app/recalc.php';
if (qa_get_logged_in_level() >= QA_USER_LEVEL_ADMIN) {
if (!qa_check_form_security_code('admin/recalc', qa_post_text('code'))) {
$state = '';
$message = qa_lang('misc/form_security_reload');
} else {
$state = qa_post_text('state');
$stoptime = time() + 3;
while (qa_recalc_perform_step($state) && time() < $stoptime) {
}
$message = qa_recalc_get_message($state);
}
} else {
$state = '';
$message = qa_lang('admin/no_privileges');
}
echo "QA_AJAX_RESPONSE\n1\n" . $state . "\n" . qa_html($message);
/*
function ra_installed_plugin()
{
$tables = qa_db_list_tables_lc();
$moduletypes = qa_list_module_types();
$pluginfiles = glob(QA_PLUGIN_DIR . '*/qa-plugin.php');
foreach ($moduletypes as $type) {
$modules = qa_load_modules_with($type, 'init_queries');
foreach ($modules as $name => $module) {
$queries = $module->init_queries($tables);
if (!empty($queries)) {
if (qa_is_http_post()) {
qa_redirect('install');
} else {
$qa_content['error'] = strtr(qa_lang_html('admin/module_x_database_init'), array('^1' => qa_html($name), '^2' => qa_html($type), '^3' => '<a href="' . qa_path_html('install') . '">', '^4' => '</a>'));
}
}
}
}
if (qa_is_http_post() && !qa_check_form_security_code('admin/plugins', qa_post_text('qa_form_security_code'))) {
$qa_content['error'] = qa_lang_html('misc/form_security_reload');
$showpluginforms = false;
} else {
$showpluginforms = true;
}
$plugin = array();
if (count($pluginfiles)) {
foreach ($pluginfiles as $pluginindex => $pluginfile) {
$plugindirectory = dirname($pluginfile) . '/';
$hash = qa_admin_plugin_directory_hash($plugindirectory);
$showthisform = $showpluginforms && qa_get('show') == $hash;
$contents = file_get_contents($pluginfile);
$metadata = qa_admin_addon_metadata($contents, array('name' => 'Plugin Name', 'uri' => 'Plugin URI', 'description' => 'Plugin Description', 'version' => 'Plugin Version', 'date' => 'Plugin Date', 'author' => 'Plugin Author', 'author_uri' => 'Plugin Author URI', 'license' => 'Plugin License', 'min_q2a' => 'Plugin Minimum Question2Answer Version', 'min_php' => 'Plugin Minimum PHP Version', 'update' => 'Plugin Update Check URI'));
if (strlen(@$metadata['name'])) {
$namehtml = qa_html($metadata['name']);
} else {
$namehtml = qa_lang_html('admin/unnamed_plugin');
}
$plugin_name = $namehtml;
if (strlen(@$metadata['uri'])) {
$plugin_uri = qa_html($metadata['uri']);
}
if (strlen(@$metadata['version'])) {
$plugin_version = qa_html($metadata['version']);
}
if (strlen(@$metadata['author'])) {
$plugin_author = qa_html($metadata['author']);
if (strlen(@$metadata['author_uri'])) {
$plugin_author_url = qa_html($metadata['author_uri']);
}
}
if (strlen(@$metadata['version']) && strlen(@$metadata['update'])) {
$elementid = 'version_check_' . md5($plugindirectory);
$plugin_update = '(<span id="' . $elementid . '"></span>)';
$qa_content['script_onloads'][] = array("qa_version_check(" . qa_js($metadata['update']) . ", 'Plugin Version', " . qa_js($metadata['version'], true) . ", 'Plugin URI', " . qa_js($elementid) . ");");
}
if (strlen(@$metadata['description'])) {
$plugin_description = qa_html($metadata['description']);
}
//if (isset($pluginoptionmodules[$plugindirectory]))
$plugin_option = qa_admin_plugin_options_path($plugindirectory);
if (qa_qa_version_below(@$metadata['min_q2a'])) {
$plugin_error = qa_lang_html_sub('admin/requires_q2a_version', qa_html($metadata['min_q2a']));
} elseif (qa_php_version_below(@$metadata['min_php'])) {
$plugin_error = qa_lang_html_sub('admin/requires_php_version', qa_html($metadata['min_php']));
}
$plugin[] = array('tags' => 'id="' . qa_html($hash) . '"', 'name' => @$plugin_name, 'uri' => @$plugin_uri, 'version' => @$plugin_version, 'author' => @$plugin_author, 'author_url' => @$plugin_author_url, 'update' => @$plugin_update, 'description' => @$plugin_description, 'path' => @$plugindirectory, 'option' => @$plugin_option, 'error' => @$plugin_error, 'fields' => array(array('type' => 'custom')));
}
}
return $plugin;
}
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
More about this license: http://www.question2answer.org/license.php
*/
require_once QA_INCLUDE_DIR . 'qa-app-messages.php';
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
require_once QA_INCLUDE_DIR . 'qa-app-cookies.php';
require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
$tohandle = qa_post_text('handle');
$start = (int) qa_post_text('start');
$usermessages = qa_db_select_with_pending(qa_db_recent_messages_selectspec(null, null, $tohandle, false, null, $start));
$usermessages = qa_wall_posts_add_rules($usermessages, $start);
foreach ($usermessages as $message) {
if (qa_clicked('m' . $message['messageid'] . '_dodelete') && $message['deleteable']) {
if (qa_check_form_security_code('wall-' . $tohandle, qa_post_text('code'))) {
qa_wall_delete_post(qa_get_logged_in_userid(), qa_get_logged_in_handle(), qa_cookie_get(), $message);
echo "QA_AJAX_RESPONSE\n1\n";
return;
}
}
}
echo "QA_AJAX_RESPONSE\n0\n";
/*
Omit PHP closing tag to help avoid accidental output
*/
$oldpoints = qa_post_text('edit');
if (!isset($oldpoints)) {
$oldpoints = qa_get('edit');
}
$pointstitle = qa_get_points_to_titles();
// Check admin privileges (do late to allow one DB query)
if (!qa_admin_check_privileges($qa_content)) {
return $qa_content;
}
// Process saving an old or new user title
$securityexpired = false;
if (qa_clicked('docancel')) {
qa_redirect('admin/users');
} elseif (qa_clicked('dosavetitle')) {
require_once QA_INCLUDE_DIR . 'util/string.php';
if (!qa_check_form_security_code('admin/usertitles', qa_post_text('code'))) {
$securityexpired = true;
} else {
if (qa_post_text('dodelete')) {
unset($pointstitle[$oldpoints]);
} else {
$intitle = qa_post_text('title');
$inpoints = qa_post_text('points');
$errors = array();
// Verify the title and points are legitimate
if (!strlen($intitle)) {
$errors['title'] = qa_lang('main/field_required');
}
if (!is_numeric($inpoints)) {
$errors['points'] = qa_lang('main/field_required');
} else {
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
More about this license: http://www.question2answer.org/license.php
*/
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
require_once QA_INCLUDE_DIR . 'qa-db-notices.php';
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
$noticeid = qa_post_text('noticeid');
if (!qa_check_form_security_code('notice-' . $noticeid, qa_post_text('code'))) {
echo "QA_AJAX_RESPONSE\n0\n" . qa_lang('misc/form_security_reload');
} else {
if ($noticeid == 'visitor') {
setcookie('qa_noticed', 1, time() + 86400 * 3650, '/', QA_COOKIE_DOMAIN);
} else {
$userid = qa_get_logged_in_userid();
if ($noticeid == 'welcome') {
qa_db_user_set_flag($userid, QA_USER_FLAGS_WELCOME_NOTICE, false);
} else {
qa_db_usernotice_delete($userid, $noticeid);
}
}
echo "QA_AJAX_RESPONSE\n1";
}
/*
function qa_admin_check_clicks()
{
if (qa_is_http_post()) {
foreach ($_POST as $field => $value) {
if (strpos($field, 'admin_') === 0) {
@(list($dummy, $entityid, $action) = explode('_', $field));
if (strlen($entityid) && strlen($action)) {
if (!qa_check_form_security_code('admin/click', qa_post_text('code'))) {
return qa_lang_html('misc/form_security_again');
} elseif (qa_admin_single_click($entityid, $action)) {
qa_redirect(qa_request());
}
}
}
}
}
return null;
}
case false:
break;
default:
$errorhtml = qa_lang_html('users/no_permission');
break;
}
if (isset($errorhtml)) {
$qa_content = qa_content_prepare();
$qa_content['error'] = $errorhtml;
return $qa_content;
}
// Process sending a message to user
$messagesent = qa_get_state() == 'message-sent';
if (qa_post_text('domessage')) {
$inmessage = qa_post_text('message');
if (!qa_check_form_security_code('message-' . $handle, qa_post_text('code'))) {
$pageerror = qa_lang_html('misc/form_security_again');
} else {
if (empty($inmessage)) {
$errors['message'] = qa_lang('misc/message_empty');
}
if (empty($errors)) {
require_once QA_INCLUDE_DIR . 'qa-db-messages.php';
require_once QA_INCLUDE_DIR . 'qa-app-emails.php';
if (qa_opt('show_message_history')) {
$messageid = qa_db_message_create($loginuserid, $toaccount['userid'], $inmessage, '', false);
} else {
$messageid = null;
}
$fromhandle = qa_get_logged_in_handle();
$canreply = !(qa_get_logged_in_flags() & QA_USER_FLAGS_NO_MESSAGES);
qa_redirect(qa_request(), array('edit' => $editcategory['categoryid']));
} elseif (isset($editcategory['categoryid'])) {
qa_redirect(qa_request());
} else {
qa_redirect(qa_request(), array('edit' => @$editcategory['parentid']));
}
} elseif (qa_clicked('dosetmissing')) {
if (!qa_check_form_security_code('admin/categories', qa_post_text('code'))) {
$securityexpired = true;
} else {
$inreassign = qa_get_category_field_value('reassign');
qa_db_category_reassign($editcategory['categoryid'], $inreassign);
qa_redirect(qa_request(), array('recalc' => 1, 'edit' => $editcategory['categoryid']));
}
} elseif (qa_clicked('dosavecategory')) {
if (!qa_check_form_security_code('admin/categories', qa_post_text('code'))) {
$securityexpired = true;
} elseif (qa_post_text('dodelete')) {
if (!$hassubcategory) {
$inreassign = qa_get_category_field_value('reassign');
qa_db_category_reassign($editcategory['categoryid'], $inreassign);
qa_db_category_delete($editcategory['categoryid']);
qa_redirect(qa_request(), array('recalc' => 1, 'edit' => $editcategory['parentid']));
}
} else {
require_once QA_INCLUDE_DIR . 'util/string.php';
$inname = qa_post_text('name');
$incontent = qa_post_text('content');
$inparentid = $setparent ? qa_get_category_field_value('parent') : $editcategory['parentid'];
$inposition = qa_post_text('position');
$errors = array();
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
More about this license: http://www.question2answer.org/license.php
*/
require_once QA_INCLUDE_DIR . 'app/messages.php';
require_once QA_INCLUDE_DIR . 'app/users.php';
require_once QA_INCLUDE_DIR . 'app/cookies.php';
require_once QA_INCLUDE_DIR . 'db/selects.php';
$message = qa_post_text('message');
$tohandle = qa_post_text('handle');
$morelink = qa_post_text('morelink');
$touseraccount = qa_db_select_with_pending(qa_db_user_account_selectspec($tohandle, false));
$loginuserid = qa_get_logged_in_userid();
$errorhtml = qa_wall_error_html($loginuserid, $touseraccount['userid'], $touseraccount['flags']);
if ($errorhtml || !strlen($message) || !qa_check_form_security_code('wall-' . $tohandle, qa_post_text('code'))) {
echo "QA_AJAX_RESPONSE\n0";
} else {
$messageid = qa_wall_add_post($loginuserid, qa_get_logged_in_handle(), qa_cookie_get(), $touseraccount['userid'], $touseraccount['handle'], $message, '');
$touseraccount['wallposts']++;
// won't have been updated
$usermessages = qa_db_select_with_pending(qa_db_recent_messages_selectspec(null, null, $touseraccount['userid'], true, qa_opt('page_size_wall')));
$usermessages = qa_wall_posts_add_rules($usermessages, 0);
$themeclass = qa_load_theme_class(qa_get_site_theme(), 'wall', null, null);
echo "QA_AJAX_RESPONSE\n1\n";
echo 'm' . $messageid . "\n";
// element in list to be revealed
foreach ($usermessages as $message) {
$themeclass->message_item(qa_wall_post_view($message));
}
if ($morelink && $touseraccount['wallposts'] > count($usermessages)) {
qa_set_option('avatar_default_show', 1);
}
if (strlen($oldblobid)) {
qa_delete_blob($oldblobid);
}
} else {
$errors['avatar_default_show'] = qa_lang_sub('main/image_not_read', implode(', ', qa_gd_image_formats()));
}
}
}
}
}
// Mailings management
if ($adminsection == 'mailing') {
if (qa_clicked('domailingtest') || qa_clicked('domailingstart') || qa_clicked('domailingresume') || qa_clicked('domailingcancel')) {
if (!qa_check_form_security_code('admin/' . $adminsection, qa_post_text('code'))) {
$securityexpired = true;
} else {
if (qa_clicked('domailingtest')) {
$email = qa_get_logged_in_email();
if (qa_mailing_send_one(qa_get_logged_in_userid(), qa_get_logged_in_handle(), $email, qa_get_logged_in_user_field('emailcode'))) {
$formokhtml = qa_lang_html_sub('admin/test_sent_to_x', qa_html($email));
} else {
$formokhtml = qa_lang_html('main/general_error');
}
}
if (qa_clicked('domailingstart')) {
qa_mailing_start();
$startmailing = true;
}
if (qa_clicked('domailingresume')) {
function qa_page_q_add_c_submit($question, $parent, $commentsfollows, $usecaptcha, &$in, &$errors)
{
$parentid = $parent['postid'];
$prefix = 'c' . $parentid . '_';
$in = array('name' => qa_post_text($prefix . 'name'), 'notify' => qa_post_text($prefix . 'notify') !== null, 'email' => qa_post_text($prefix . 'email'), 'queued' => qa_user_moderation_reason(qa_user_level_for_post($parent)) !== false);
qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']);
$errors = array();
if (!qa_check_form_security_code('comment-' . $parent['postid'], qa_post_text($prefix . 'code'))) {
$errors['content'] = qa_lang_html('misc/form_security_again');
} else {
$filtermodules = qa_load_modules_with('filter', 'filter_comment');
foreach ($filtermodules as $filtermodule) {
$oldin = $in;
$filtermodule->filter_comment($in, $errors, $question, $parent, null);
qa_update_post_text($in, $oldin);
}
if ($usecaptcha) {
qa_captcha_validate_post($errors);
}
if (empty($errors)) {
$testwords = implode(' ', qa_string_to_words($in['content']));
foreach ($commentsfollows as $comment) {
if ($comment['basetype'] == 'C' && $comment['parentid'] == $parentid && !$comment['hidden']) {
if (implode(' ', qa_string_to_words($comment['content'])) == $testwords) {
$errors['content'] = qa_lang_html('question/duplicate_content');
}
}
}
}
if (empty($errors)) {
$userid = qa_get_logged_in_userid();
$handle = qa_get_logged_in_handle();
$cookieid = isset($userid) ? qa_cookie_get() : qa_cookie_get_create();
// create a new cookie if necessary
$commentid = qa_comment_create($userid, $handle, $cookieid, $in['content'], $in['format'], $in['text'], $in['notify'], $in['email'], $question, $parent, $commentsfollows, $in['queued'], $in['name']);
return $commentid;
}
}
return null;
}
$qa_content['script_rel'][] = 'qa-content/qa-admin.js?' . QA_VERSION;
$pluginfiles = glob(QA_PLUGIN_DIR . '*/qa-plugin.php');
foreach ($moduletypes as $type) {
$modules = qa_load_modules_with($type, 'init_queries');
foreach ($modules as $name => $module) {
$queries = $module->init_queries($tables);
if (!empty($queries)) {
if (qa_is_http_post()) {
qa_redirect('install');
} else {
$qa_content['error'] = strtr(qa_lang_html('admin/module_x_database_init'), array('^1' => qa_html($name), '^2' => qa_html($type), '^3' => '<a href="' . qa_path_html('install') . '">', '^4' => '</a>'));
}
}
}
}
if (qa_is_http_post() && !qa_check_form_security_code('admin/plugins', qa_post_text('qa_form_security_code'))) {
$qa_content['error'] = qa_lang_html('misc/form_security_reload');
$showpluginforms = false;
} else {
$showpluginforms = true;
}
if (count($pluginfiles)) {
foreach ($pluginfiles as $pluginindex => $pluginfile) {
$plugindirectory = dirname($pluginfile) . '/';
$hash = qa_admin_plugin_directory_hash($plugindirectory);
$showthisform = $showpluginforms && qa_get('show') == $hash;
$contents = file_get_contents($pluginfile);
$metadata = qa_admin_addon_metadata($contents, array('name' => 'Plugin Name', 'uri' => 'Plugin URI', 'description' => 'Plugin Description', 'version' => 'Plugin Version', 'date' => 'Plugin Date', 'author' => 'Plugin Author', 'author_uri' => 'Plugin Author URI', 'license' => 'Plugin License', 'min_q2a' => 'Plugin Minimum Question2Answer Version', 'min_php' => 'Plugin Minimum PHP Version', 'update' => 'Plugin Update Check URI'));
if (strlen(@$metadata['name'])) {
$namehtml = qa_html($metadata['name']);
} else {
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
More about this license: http://www.question2answer.org/license.php
*/
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
require_once QA_INCLUDE_DIR . 'qa-app-cookies.php';
require_once QA_INCLUDE_DIR . 'qa-app-favorites.php';
require_once QA_INCLUDE_DIR . 'qa-app-format.php';
$entitytype = qa_post_text('entitytype');
$entityid = qa_post_text('entityid');
$setfavorite = qa_post_text('favorite');
$userid = qa_get_logged_in_userid();
if (!qa_check_form_security_code('favorite-' . $entitytype . '-' . $entityid, qa_post_text('code'))) {
echo "QA_AJAX_RESPONSE\n0\n" . qa_lang('misc/form_security_reload');
} elseif (isset($userid)) {
$cookieid = qa_cookie_get();
qa_user_favorite_set($userid, qa_get_logged_in_handle(), $cookieid, $entitytype, $entityid, $setfavorite);
$favoriteform = qa_favorite_form($entitytype, $entityid, $setfavorite, qa_lang($setfavorite ? 'main/remove_favorites' : 'main/add_favorites'));
$themeclass = qa_load_theme_class(qa_get_site_theme(), 'ajax-favorite', null, null);
echo "QA_AJAX_RESPONSE\n1\n";
$themeclass->favorite_inner_html($favoriteform);
}
/*
Omit PHP closing tag to help avoid accidental output
*/
$inmessage = qa_post_text('message');
if (!strlen($inmessage)) {
$errors['message'] = qa_lang('profile/post_wall_empty');
} elseif (!qa_check_form_security_code('wall-' . $useraccount['handle'], qa_post_text('code'))) {
$errors['message'] = qa_lang_html('misc/form_security_again');
} elseif (!$wallposterrorhtml) {
qa_wall_add_post($loginuserid, qa_get_logged_in_handle(), qa_cookie_get(), $userid, $useraccount['handle'], $inmessage, '');
qa_redirect(qa_request(), null, null, null, 'wall');
}
}
}
// Process bonus setting button
if ($loginlevel >= QA_USER_LEVEL_ADMIN && qa_clicked('dosetbonus')) {
require_once QA_INCLUDE_DIR . 'qa-db-points.php';
$inbonus = (int) qa_post_text('bonus');
if (!qa_check_form_security_code('user-activity-' . $handle, qa_post_text('code'))) {
$errors['page'] = qa_lang_html('misc/form_security_again');
} else {
qa_db_points_set_bonus($userid, $inbonus);
qa_db_points_update_ifuser($userid, null);
qa_redirect(qa_request(), null, null, null, 'activity');
}
}
// Prepare content for theme
$qa_content = qa_content_prepare();
$qa_content['title'] = qa_lang_html_sub('profile/user_x', $userhtml);
$qa_content['error'] = @$errors['page'];
if (isset($loginuserid) && !QA_FINAL_EXTERNAL_USERS) {
$favoritemap = qa_get_favorite_non_qs_map();
$favorite = @$favoritemap['user'][$useraccount['userid']];
$qa_content['favorite'] = qa_favorite_form(QA_ENTITY_USER, $useraccount['userid'], $favorite, qa_lang_sub($favorite ? 'main/remove_x_favorites' : 'users/add_user_x_favorites', $handle));
$in['extra'] = qa_opt('extra_field_active') ? qa_post_text('extra') : null;
if (qa_using_tags()) {
$in['tags'] = qa_get_tags_field_value('tags');
}
if (qa_clicked('doask')) {
require_once QA_INCLUDE_DIR . 'qa-app-post-create.php';
require_once QA_INCLUDE_DIR . 'qa-util-string.php';
$categoryids = array_keys(qa_category_path($categories, @$in['categoryid']));
$userlevel = qa_user_level_for_categories($categoryids);
$in['name'] = qa_post_text('name');
$in['notify'] = qa_post_text('notify') ? true : false;
$in['email'] = qa_post_text('email');
$in['queued'] = qa_user_moderation_reason($userlevel) ? true : false;
qa_get_post_content('editor', 'content', $in['editor'], $in['content'], $in['format'], $in['text']);
$errors = array();
if (!qa_check_form_security_code('ask', qa_post_text('code'))) {
$errors['page'] = qa_lang_html('misc/form_security_again');
} else {
$filtermodules = qa_load_modules_with('filter', 'filter_question');
foreach ($filtermodules as $filtermodule) {
$oldin = $in;
$filtermodule->filter_question($in, $errors, null);
qa_update_post_text($in, $oldin);
}
if (qa_using_categories() && count($categories) && !qa_opt('allow_no_category') && !isset($in['categoryid'])) {
$errors['categoryid'] = qa_lang_html('question/category_required');
} elseif (qa_user_permit_error('permit_post_q', null, $userlevel)) {
$errors['categoryid'] = qa_lang_html('question/category_ask_not_allowed');
}
if ($captchareason) {
require_once 'qa-app-captcha.php';
GNU General Public License for more details.
More about this license: http://www.question2answer.org/license.php
*/
require_once QA_INCLUDE_DIR . 'app/messages.php';
require_once QA_INCLUDE_DIR . 'app/users.php';
require_once QA_INCLUDE_DIR . 'app/cookies.php';
require_once QA_INCLUDE_DIR . 'db/selects.php';
$loginUserId = qa_get_logged_in_userid();
$loginUserHandle = qa_get_logged_in_handle();
$fromhandle = qa_post_text('handle');
$start = (int) qa_post_text('start');
$box = qa_post_text('box');
$pagesize = qa_opt('page_size_pms');
if (!isset($loginUserId) || $loginUserHandle !== $fromhandle || !in_array($box, array('inbox', 'outbox'))) {
echo "QA_AJAX_RESPONSE\n0\n";
return;
}
$func = 'qa_db_messages_' . $box . '_selectspec';
$pmSpec = $func('private', $loginUserId, true, $start, $pagesize);
$userMessages = qa_db_select_with_pending($pmSpec);
foreach ($userMessages as $message) {
if (qa_clicked('m' . $message['messageid'] . '_dodelete')) {
if (qa_check_form_security_code('pm-' . $fromhandle, qa_post_text('code'))) {
qa_pm_delete($loginUserId, qa_get_logged_in_handle(), qa_cookie_get(), $message, $box);
echo "QA_AJAX_RESPONSE\n1\n";
return;
}
}
}
echo "QA_AJAX_RESPONSE\n0\n";
