/**
* Sends the reply notification to users subscribed to this issue.
*
* @param array Info about this issue
* @param array Info about this note (including text)
*/
function send_issue_reply_notification($issue, $issuenote)
{
global $vbulletin, $db, $vbphrase;
if ($issuenote['type'] != 'user' and $issuenote['type'] != 'petition') {
// only send if the note is a "normal" note type
return;
}
$project = fetch_project_info($issue['projectid']);
$previousnote = $db->query_first("\r\n\t\tSELECT MAX(dateline) AS dateline\r\n\t\tFROM " . TABLE_PREFIX . "pt_issuenote AS issuenote\r\n\t\tWHERE issuenote.issueid = {$issue['issueid']}\r\n\t\t\tAND issuenote.dateline < {$issuenote['dateline']}\r\n\t\t\tAND issuenote.visible = 'visible'\r\n\t\t\tAND issuenote.type IN ('user', 'petition')\r\n\t");
$notifications = $db->query_read_slave("\r\n\t\tSELECT user.*\r\n\t\tFROM " . TABLE_PREFIX . "pt_issuesubscribe AS issuesubscribe\r\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (issuesubscribe.userid = user.userid)\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\r\n\t\tWHERE issuesubscribe.issueid = {$issue['issueid']}\r\n\t\t\tAND issuesubscribe.subscribetype = 'instant'\r\n\t\t\tAND (usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\r\n\t\t\t" . ($issuenote['userid'] ? "AND CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE ' " . intval($issuenote['userid']) . " '" : '') . "\r\n\t\t\tAND user.userid <> {$issuenote['userid']}\r\n\t\t\tAND user.lastactivity >= " . intval($previousnote['dateline']) . "\r\n\t");
if ($db->num_rows($notifications) == 0) {
return;
}
require_once DIR . '/includes/functions_misc.php';
require_once DIR . '/includes/class_bbcode_alt.php';
$plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list());
$pagetext_cache = array();
// used to cache the results per languageid for speed
$evalemail = array();
$email_texts = $vbulletin->db->query_read_slave("\r\n\t\tSELECT text, languageid, fieldname\r\n\t\tFROM " . TABLE_PREFIX . "phrase\r\n\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify_pt'\r\n\t");
while ($email_text = $vbulletin->db->fetch_array($email_texts)) {
$emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text'];
}
foreach ($emails as $languageid => $email_text) {
// lets cycle through our array of notify phrases
$text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
$text_message = replace_template_variables($text_message);
$text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
$text_subject = replace_template_variables($text_subject);
$evalemail["{$languageid}"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
vbmail_start();
while ($notification = $vbulletin->db->fetch_array($notifications)) {
// check that this user has the correct permissions to view
if (verify_issue_perms($issue, $notification) === false or verify_issue_note_perms($issue, $issuenote, $notification) === false) {
continue;
}
$notification['username'] = unhtmlspecialchars($notification['username']);
$notification['languageid'] = iif($notification['languageid'] == 0, $vbulletin->options['languageid'], $notification['languageid']);
// parse the page text into plain text, taking selected language into account
if (!isset($pagetext_cache["{$notification['languageid']}"])) {
$plaintext_parser->set_parsing_language($notification['languageid']);
$pagetext_cache["{$notification['languageid']}"] = $plaintext_parser->parse($issuenote['pagetext'], 'pt');
}
$pagetext = $pagetext_cache["{$notification['languageid']}"];
eval(empty($evalemail["{$notification['languageid']}"]) ? $evalemail["-1"] : $evalemail["{$notification['languageid']}"]);
vbmail($notification['email'], $subject, $message);
}
unset($plaintext_parser, $pagetext_cache);
vbmail_end();
}
/**
* Sends Thread subscription Notifications
*
* @param integer The Thread ID
* @param integer The User ID making the Post
* @param integer The Post ID of the new post
*
*/
function exec_send_notification($threadid, $userid, $postid)
{
// $threadid = threadid to send from;
// $userid = userid of who made the post
// $postid = only sent if post is moderated -- used to get username correctly
global $vbulletin, $message, $postusername;
if (!$vbulletin->options['enableemail']) {
return;
}
// include for fetch_phrase
require_once DIR . '/includes/functions_misc.php';
$threadinfo = fetch_threadinfo($threadid);
$foruminfo = fetch_foruminfo($threadinfo['forumid']);
// get last reply time
if ($postid) {
$dateline = $vbulletin->db->query_first("\n\t\t\tSELECT dateline, pagetext\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE postid = {$postid}\n\t\t");
$pagetext_orig = $dateline['pagetext'];
$lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tWHERE threadid = {$threadid}\n\t\t\t\tAND dateline < {$dateline['dateline']}\n\t\t\t\tAND visible = 1\n\t\t");
} else {
$lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(postid) AS postid, MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tWHERE threadid = {$threadid}\n\t\t\t\tAND visible = 1\n\t\t");
$pagetext = $vbulletin->db->query_first("\n\t\t\tSELECT pagetext\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE postid = {$lastposttime['postid']}\n\t\t");
$pagetext_orig = $pagetext['pagetext'];
unset($pagetext);
}
$threadinfo['title'] = unhtmlspecialchars($threadinfo['title']);
$foruminfo['title_clean'] = unhtmlspecialchars($foruminfo['title_clean']);
$temp = $vbulletin->userinfo['username'];
if ($postid) {
$postinfo = fetch_postinfo($postid);
$vbulletin->userinfo['username'] = unhtmlspecialchars($postinfo['username']);
} else {
$vbulletin->userinfo['username'] = unhtmlspecialchars(!$vbulletin->userinfo['userid'] ? $postusername : $vbulletin->userinfo['username']);
}
require_once DIR . '/includes/class_bbcode_alt.php';
$plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list());
$pagetext_cache = array();
// used to cache the results per languageid for speed
$mod_emails = fetch_moderator_newpost_emails('newpostemail', $foruminfo['parentlist'], $language_info);
($hook = vBulletinHook::fetch_hook('newpost_notification_start')) ? eval($hook) : false;
$useremails = $vbulletin->db->query_read_slave("\n\t\tSELECT user.*, subscribethread.emailupdate, subscribethread.subscribethreadid\n\t\tFROM " . TABLE_PREFIX . "subscribethread AS subscribethread\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (subscribethread.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tWHERE subscribethread.threadid = {$threadid} AND\n\t\t\tsubscribethread.emailupdate IN (1, 4) AND\n\t\t\tsubscribethread.canview = 1 AND\n\t\t\t" . ($userid ? "CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE '% " . intval($userid) . " %' AND" : '') . "\n\t\t\tuser.usergroupid <> 3 AND\n\t\t\tuser.userid <> " . intval($userid) . " AND\n\t\t\tuser.lastactivity >= " . intval($lastposttime['dateline']) . " AND\n\t\t\t(usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\n\t");
vbmail_start();
$evalemail = array();
while ($touser = $vbulletin->db->fetch_array($useremails)) {
if (!($vbulletin->usergroupcache["{$touser['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'])) {
continue;
} else {
if (in_array($touser['email'], $mod_emails)) {
// this user already received an email about this post via
// a new post email for mods -- don't send another
continue;
}
}
$touser['username'] = unhtmlspecialchars($touser['username']);
$touser['languageid'] = iif($touser['languageid'] == 0, $vbulletin->options['languageid'], $touser['languageid']);
$touser['auth'] = md5($touser['userid'] . $touser['subscribethreadid'] . $touser['salt'] . COOKIE_SALT);
if (empty($evalemail)) {
$email_texts = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT text, languageid, fieldname\n\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify'\n\t\t\t");
while ($email_text = $vbulletin->db->fetch_array($email_texts)) {
$emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text'];
}
require_once DIR . '/includes/functions_misc.php';
foreach ($emails as $languageid => $email_text) {
// lets cycle through our array of notify phrases
$text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
$text_message = replace_template_variables($text_message);
$text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
$text_subject = replace_template_variables($text_subject);
$evalemail["{$languageid}"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
}
// parse the page text into plain text, taking selected language into account
if (!isset($pagetext_cache["{$touser['languageid']}"])) {
$plaintext_parser->set_parsing_language($touser['languageid']);
$pagetext_cache["{$touser['languageid']}"] = $plaintext_parser->parse($pagetext_orig, $foruminfo['forumid']);
}
$pagetext = $pagetext_cache["{$touser['languageid']}"];
if ($threadinfo['prefixid']) {
// need prefix in correct language
$threadinfo['prefix_plain'] = fetch_phrase("prefix_{$threadinfo['prefixid']}_title_plain", 'global', '', false, true, $touser['languageid'], false) . ' ';
} else {
$threadinfo['prefix_plain'] = '';
}
($hook = vBulletinHook::fetch_hook('newpost_notification_message')) ? eval($hook) : false;
eval(iif(empty($evalemail["{$touser['languageid']}"]), $evalemail["-1"], $evalemail["{$touser['languageid']}"]));
if ($touser['emailupdate'] == 4 and !empty($touser['icq'])) {
// instant notification by ICQ
$touser['email'] = $touser['icq'] . '@pager.icq.com';
}
vbmail($touser['email'], $subject, $message);
}
unset($plaintext_parser, $pagetext_cache);
$vbulletin->userinfo['username'] = $temp;
vbmail_end();
}
/**
* Processes a raw template for conditionals, phrases etc into PHP code for eval()
*
* @param string Template
*
* @return string
*/
function compile_template($template)
{
$orig_template = $template;
$template = addslashes($template);
$template = process_template_conditionals($template);
$template = process_template_phrases('phrase', $template, 'parse_phrase_tag');
if (!function_exists('replace_template_variables')) {
require_once DIR . '/includes/functions_misc.php';
}
$template = replace_template_variables($template, false);
($hook = vBulletinHook::fetch_hook('template_compile')) ? eval($hook) : false;
$template = str_replace('\\\\$', '\\$', $template);
if (function_exists('token_get_all')) {
$tokens = @token_get_all('<?php $var = "' . $template . '"; ?>');
foreach ($tokens as $token) {
if (is_array($token)) {
switch ($token[0]) {
case T_INCLUDE:
case T_INCLUDE_ONCE:
case T_REQUIRE:
case T_REQUIRE_ONCE:
global $vbphrase;
echo "<p> </p><p> </p>";
print_form_header('', '', 0, 1, '', '65%');
print_table_header($vbphrase['vbulletin_message']);
print_description_row($vbphrase['file_inclusion_not_permitted']);
print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)'));
print_cp_footer();
exit;
}
}
}
}
if (function_exists('verify_demo_template')) {
verify_demo_template($template);
}
return $template;
}
function post_save_each($doquery = true)
{
$blogid = intval($this->fetch_field('blogid'));
$userid = intval($this->fetch_field('userid'));
$blogtextid = $this->fetch_field('blogtextid');
$postedby_userid = intval($this->fetch_field('postedby_userid'));
require_once(DIR . '/vb/search/indexcontroller/queue.php');
vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogEntry', 'index', $blogid);
vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogComment', 'group_data_change', $blogid);
if (!$condition AND $this->info['addtags'])
{
// invalidate users tag cloud
$dataman =& datamanager_init('Blog_User', $this->registry, ERRTYPE_SILENT);
$info = array('bloguserid' => $userid);
$dataman->set_existing($info);
$dataman->set('tagcloud', '');
$dataman->save();
}
$this->build_category_counters();
build_blog_stats();
// Insert entry for moderation
if ($this->fetch_field('state') == 'moderation')
{
/*insert query*/
$this->dbobject->query_write("
INSERT IGNORE INTO " . TABLE_PREFIX . "blog_moderation
(primaryid, type, dateline)
VALUES
($blogid, 'blogid', " . TIMENOW . ")
");
}
// Insert entry for moderation
if (!$this->condition AND ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') OR $this->fetch_field('pending'))
{
$userinfo = array('bloguserid' => $userid);
$userdata =& datamanager_init('Blog_user', $this->registry, ERRTYPE_SILENT);
$userdata->set_existing($userinfo);
if ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft')
{
$userdata->set($this->fetch_field('state'), $this->fetch_field('state') . ' + 1', false);
}
if ($this->fetch_field('pending'))
{
$userdata->set('pending', 'pending + 1', false);
}
$userdata->save();
}
// Send Email Notification
if (((!$this->condition AND !$this->fetch_field('pending')) OR $this->info['send_notification']) AND ($this->fetch_field('state') == 'visible' OR $this->fetch_field('state') == 'moderation') AND $this->registry->options['enableemail'])
{
$lastposttime = $this->dbobject->query_first("
SELECT MAX(dateline) AS dateline
FROM " . TABLE_PREFIX . "blog AS blog
WHERE blogid = $blogid
AND dateline < " . $this->fetch_field('dateline') . "
AND state = 'visible'
");
$entrytitle = unhtmlspecialchars($this->fetch_field('title'));
if (defined('VBBLOG_PERMS') AND $this->registry->userinfo['userid'] == $this->fetch_field('userid'))
{
$blogtitle = unhtmlspecialchars($this->registry->userinfo['blog_title']);
$username = unhtmlspecialchars($this->registry->userinfo['username']);
$userinfo =& $this->registry->userinfo;
}
else
{
if (!defined('VBBLOG_PERMS'))
{ // Tell the fetch_userinfo plugin that we need the blog fields in case this class is being called by a non blog script
define('VBBLOG_PERMS', true);
}
$userinfo = fetch_userinfo($this->fetch_field('userid'), 1);
cache_permissions($userinfo, false);
$blogtitle = unhtmlspecialchars($userinfo['blog_title']);
if ($userinfo['userid'] != $this->fetch_field('userid'))
{
$userinfo2 = fetch_userinfo($this->fetch_field('userid'), 1);
$username = unhtmlspecialchars($userinfo2['username']);
}
else
{
$username = unhtmlspecialchars($userinfo['username']);
}
}
require_once(DIR . '/includes/class_bbcode_alt.php');
$plaintext_parser = new vB_BbCodeParser_PlainText($this->registry, fetch_tag_list());
$pagetext_cache = array(); // used to cache the results per languageid for speed
$pagetext_orig =& $this->fetch_field('pagetext', 'blog_text');
($hook = vBulletinHook::fetch_hook('blog_user_notification_start')) ? eval($hook) : false;
$useremails = $this->dbobject->query_read_slave("
SELECT
user.*,
blog_subscribeuser.blogsubscribeuserid,
bm.blogmoderatorid,
ignored.relationid AS ignoreid, buddy.relationid AS buddyid,
bu.isblogmoderator, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid
FROM " . TABLE_PREFIX . "blog_subscribeuser AS blog_subscribeuser
INNER JOIN " . TABLE_PREFIX . "user AS user ON (blog_subscribeuser.userid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "blog_moderator AS bm ON (bm.userid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = $userid AND buddy.relationid = user.userid AND buddy.type = 'buddy')
LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = $userid AND ignored.relationid = user.userid AND ignored.type = 'ignore')
LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = user.userid)
WHERE
blog_subscribeuser.bloguserid = $userid
AND
" . ($userid == $postedby_userid ? "blog_subscribeuser.userid <> $userid AND" : "") . "
blog_subscribeuser.type = 'email'
AND
user.usergroupid <> 3
AND
user.lastactivity >= " . intval($lastposttime['dateline']) . "
");
vbmail_start();
$setoptions = $this->fetch_field('options');
$evalemail = array();
while ($touser = $this->dbobject->fetch_array($useremails))
{
cache_permissions($touser, false);
// only send private entries to contacts and moderators
if ($setoptions["{$this->bitfields['options']['private']}"] AND !$touser['buddyid'] AND !$touser['blogmoderatorid'] AND !is_member_of_blog($touser, $userinfo))
{
continue;
}
if (!($this->registry->usergroupcache["$touser[usergroupid]"]['genericoptions'] & $this->registry->bf_ugp_genericoptions['isnotbannedgroup']))
{
continue;
}
if ($this->fetch_field('state') == 'moderation')
{
if ($touser['userid'] != $userid AND !can_moderate_blog('canmoderateentries', $touser))
{
continue;
}
}
if (!empty($this->info['categories']))
{
prepare_blog_category_permissions($touser);
if (array_intersect($touser['blogcategorypermissions']['cantview'], $this->info['categories']) AND $userinfo['userid'] != $touser['userid'])
{
continue;
}
}
if (!($touser['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
continue;
}
else if (
!$touser['blogmoderatorid']
AND
!($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'])
AND
!($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['ismoderator'])
AND
(!$userinfo['ignore_canviewmyblog'] OR !$touser['ignoreid'])
AND
(!$userinfo['buddy_canviewmyblog'] OR !$touser['buddyid'])
AND
(!$userinfo['member_canviewmyblog'] OR (!$userinfo['buddy_canviewmyblog'] AND $touser['budyid']) OR (!$userinfo['ignore_canviewmyblog'] AND $touser['ignoreid']))
AND
!is_member_of_blog($touser, $userinfo)
)
{
continue;
}
$touser['username'] = unhtmlspecialchars($touser['username']);
$touser['languageid'] = iif($touser['languageid'] == 0, $this->registry->options['languageid'], $touser['languageid']);
$touser['auth'] = md5($touser['userid'] . $touser['blogsubscribeuserid'] . $touser['salt'] . COOKIE_SALT);
if (empty($evalemail))
{
$email_texts = $this->dbobject->query_read_slave("
SELECT text, languageid, fieldname
FROM " . TABLE_PREFIX . "phrase
WHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'blog_user_notify'
");
while ($email_text = $this->dbobject->fetch_array($email_texts))
{
$emails["$email_text[languageid]"]["$email_text[fieldname]"] = $email_text['text'];
}
require_once(DIR . '/includes/functions_misc.php');
foreach ($emails AS $languageid => $email_text)
{
// lets cycle through our array of notify phrases
$text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
$text_message = replace_template_variables($text_message);
$text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
$text_subject = replace_template_variables($text_subject);
$evalemail["$languageid"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
}
// parse the page text into plain text, taking selected language into account
if (!isset($pagetext_cache["$touser[languageid]"]))
{
$plaintext_parser->set_parsing_language($touser['languageid']);
$pagetext_cache["$touser[languageid]"] = $plaintext_parser->parse($pagetext_orig);
}
$pagetext = $pagetext_cache["$touser[languageid]"];
($hook = vBulletinHook::fetch_hook('blog_user_notification_message')) ? eval($hook) : false;
eval(iif(empty($evalemail["$touser[languageid]"]), $evalemail["-1"], $evalemail["$touser[languageid]"]));
vbmail($touser['email'], $subject, $message);
}
unset($plaintext_parser, $pagetext_cache);
vbmail_end();
}
$this->post_save_each_blogtext($doquery);
if ($this->fetch_field('dateline') <= TIMENOW)
{
$this->insert_dupehash($this->fetch_field('blogid'));
}
if ($this->condition AND $this->info['emailupdate'] == 'none' AND ($userid != $this->registry->userinfo['userid'] OR ($userid == $this->registry->userinfo['userid'] AND $this->existing['entrysubscribed'])))
{
$this->dbobject->query_write("
DELETE FROM " . TABLE_PREFIX . "blog_subscribeentry
WHERE blogid = $blogid AND userid = $userid
");
}
else if ($this->info['emailupdate'] == 'email' OR $this->info['emailupdate'] == 'usercp')
{
$this->dbobject->query_write("
REPLACE INTO " . TABLE_PREFIX . "blog_subscribeentry
(blogid, dateline, type, userid)
VALUES
($blogid, " . TIMENOW . ", '" . $this->info['emailupdate'] . "', $userid)
");
}
($hook = vBulletinHook::fetch_hook('blog_fpdata_postsave')) ? eval($hook) : false;
}
$pmdm->pre_save();
if (empty($pmdm->errors)) {
$pmdm->save();
($hook = vBulletinHook::fetch_hook('private_insertpm_complete')) ? eval($hook) : false;
}
unset($pmdm);
}
} else {
if ($status == -1) {
// deleted
if ($vbulletin->GPC['send_deleted']) {
if (!isset($evalemail_deleted["{$user['languageid']}"])) {
$email_text = $db->query_first("\n\t\t\t\t\t\t\tSELECT text\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\t\t\t\tWHERE fieldname = 'emailbody'\n\t\t\t\t\t\t\t\tAND varname = 'moderation_deleted'\n\t\t\t\t\t\t\t\tAND languageid IN(-1,0,{$chosenlanguage})\n\t\t\t\t\t\t\tORDER BY languageid DESC\n\t\t\t\t\t\t");
$email_subject = $db->query_first("\n\t\t\t\t\t\t\tSELECT text\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\t\t\t\tWHERE fieldname = 'emailsubject'\n\t\t\t\t\t\t\t\tAND varname = 'moderation_deleted'\n\t\t\t\t\t\t\t\tAND languageid IN(-1,0,{$chosenlanguage})\n\t\t\t\t\t\t\tORDER BY languageid DESC\n\t\t\t\t\t\t");
$text_message = replace_template_variables(str_replace("\\'", "'", addslashes($email_text['text'])));
$text_subject = replace_template_variables(str_replace("\\'", "'", addslashes($email_subject['text'])));
$evalemail_deleted["{$user['languageid']}"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
eval($evalemail_deleted["{$user['languageid']}"]);
vbmail($user['email'], $subject, $message, true);
}
$userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdm->set_existing($user);
$userdm->delete();
unset($userdm);
}
}
// else, do nothing
/**
* Sends email notifications for discussions.
*
* @param int $discussion - The discussion being updated
* @param int $messageid - Id of the message that triggered the update
* @param string $postusername - Optional username displayed on post
*/
function exec_send_sg_notification($discussionid, $gmid = false, $postusername = false)
{
global $vbulletin;
if (!$vbulletin->options['enableemail']) {
return;
}
$discussion = fetch_socialdiscussioninfo($discussionid);
// if there are no subscribers, no need to send notifications
if (!$discussion['subscribers']) {
return;
}
// if the discussion is moderated or deleted, don't send notification
if ('deleted' == $discussion['state'] or 'moderation' == $discussion['state']) {
return;
}
$group = fetch_socialgroupinfo($discussion['groupid']);
if (!$gmid) {
// get last gmid from discussion
$gmid = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(gmid) AS gmid\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND state = 'visible'\n\t\t");
$gmid = $gmid['gmid'];
}
// get message details
$gmessage = fetch_groupmessageinfo($gmid);
if (!$gmessage) {
return;
}
// get post time of previous message - if a user hasn't been active since then we won't resend a notification
$lastposttime = ($lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND dateline < {$gmessage['dateline']}\n\t\t\t\tAND state = 'visible'\n\t")) ? $lastposttime['dateline'] : $gmessage['dateline'];
$discussion['title'] = unhtmlspecialchars($discussion['title']);
$group['name'] = unhtmlspecialchars($group['name']);
// temporarily use postusername in userinfo
if (!$postusername) {
// get current user name if user exists
if ($gmessage['postuserid'] and $userinfo = fetch_userinfo($gmessage['postuserid'])) {
$postusername = $userinfo['username'];
} else {
$postusername = $gmessage['postusername'];
}
}
$postusername = unhtmlspecialchars($postusername);
$userid = $gmessage['postuserid'];
($hook = vBulletinHook::fetch_hook('newpost_sg_notification_start')) ? eval($hook) : false;
$useremails = $vbulletin->db->query_read_slave("\n\t\tSELECT user.*, subscribediscussion.emailupdate, subscribediscussion.subscribediscussionid, IF(socialgroupmember.userid IS NOT NULL,1,0) ismember\n\t\tFROM " . TABLE_PREFIX . "subscribediscussion AS subscribediscussion\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (subscribediscussion.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember ON (socialgroupmember.userid = user.userid AND socialgroupmember.groupid = {$group['groupid']})\n\t\tWHERE subscribediscussion.discussionid = {$discussion['discussionid']}\n\t\t AND subscribediscussion.emailupdate = 1\n\t\t AND " . ($gmessage['postuserid'] ? " CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE ' " . intval($userid) . " '" : '') . "\n\t\t AND user.usergroupid <> 3\n\t\t AND user.userid <> " . intval($userid) . "\n\t\t AND user.lastactivity >= " . intval($lastposttime) . "\n\t\t AND (usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\n\t");
vbmail_start();
// parser for plaintexting the message pagetext
require_once DIR . '/includes/class_bbcode_alt.php';
$plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list());
$pagetext_cache = array();
// used to cache the results per languageid for speed
$evalemail = array();
while ($touser = $vbulletin->db->fetch_array($useremails)) {
// check user can view discussion
$permissions = cache_permissions($touser, false);
if (!($vbulletin->usergroupcache["{$touser['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']) or !($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview']) or !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canviewgroups']) or $group['options'] & $vbulletin->bf_misc_socialgroupoptions['join_to_view'] and !$touser['ismember'] and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayscreatediscussion']) and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayspostmessage'])) {
continue;
}
$touser['username'] = unhtmlspecialchars($touser['username']);
$touser['languageid'] = iif($touser['languageid'] == 0, $vbulletin->options['languageid'], $touser['languageid']);
$touser['auth'] = md5($touser['userid'] . $touser['subscribediscussionid'] . $touser['salt'] . COOKIE_SALT);
if (empty($evalemail)) {
$email_texts = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT text, languageid, fieldname\n\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify_discussion'\n\t\t\t");
while ($email_text = $vbulletin->db->fetch_array($email_texts)) {
$emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text'];
}
require_once DIR . '/includes/functions_misc.php';
foreach ($emails as $languageid => $email_text) {
// lets cycle through our array of notify phrases
$text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
$text_message = replace_template_variables($text_message);
$text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
$text_subject = replace_template_variables($text_subject);
$evalemail["{$languageid}"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
}
// parse the page text into plain text, taking selected language into account
if (!isset($pagetext_cache["{$touser['languageid']}"])) {
$plaintext_parser->set_parsing_language($touser['languageid']);
$pagetext_cache["{$touser['languageid']}"] = $plaintext_parser->parse($gmessage['pagetext']);
}
$pagetext = $pagetext_cache["{$touser['languageid']}"];
($hook = vBulletinHook::fetch_hook('new_sg_message_notification_message')) ? eval($hook) : false;
eval(iif(empty($evalemail["{$touser['languageid']}"]), $evalemail["-1"], $evalemail["{$touser['languageid']}"]));
vbmail($touser['email'], $subject, $message);
}
$vbulletin->db->free_result($useremails);
unset($plaintext_parser, $pagetext_cache);
vbmail_end();
}
/**
* Processes a raw template for conditionals, phrases etc into PHP code for eval()
*
* @param string Template
*
* @return string
*/
function compile_template($template, &$errors = array())
{
$orig_template = $template;
$template = preg_replace('#[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]#', '', $template);
$new_syntax = (strpos($template, '<vb:') !== false OR strpos($template, '{vb:') !== false);
$old_syntax = (strpos($template, '<if') !== false OR strpos($template, '<phrase') !== false);
$maybe_old_syntax = preg_match('/(^|[^{])\$[a-z0-9_]+\[?/si', $template);
if (!$new_syntax AND ($old_syntax OR $maybe_old_syntax))
{
$template = addslashes($template);
$template = process_template_conditionals($template);
$template = process_template_phrases('phrase', $template, 'parse_phrase_tag');
$template = process_seo_urls($template);
if (!function_exists('replace_template_variables') OR !function_exists('validate_string_for_interpolation'))
{
require_once(DIR . '/includes/functions_misc.php');
}
//only check the old style syntax, the new style doesn't use string interpolation and isn't affected
//by this exploit. The new syntax doesn't 100% pass this check.
if(!validate_string_for_interpolation($template))
{
global $vbphrase;
echo "<p> </p><p> </p>";
print_form_header('', '', 0, 1, '', '65%');
print_table_header($vbphrase['vbulletin_message']);
print_description_row($vbphrase['template_text_not_safe']);
print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)'));
print_cp_footer();
exit;
}
$template = replace_template_variables($template, false);
$template = str_replace('\\\\$', '\\$', $template);
if (function_exists('token_get_all'))
{
$tokens = @token_get_all('<?php $var = "' . $template . '"; ?>');
foreach ($tokens AS $token)
{
if (is_array($token))
{
switch ($token[0])
{
case T_INCLUDE:
case T_INCLUDE_ONCE:
case T_REQUIRE:
case T_REQUIRE_ONCE:
{
global $vbphrase;
echo "<p> </p><p> </p>";
print_form_header('', '', 0, 1, '', '65%');
print_table_header($vbphrase['vbulletin_message']);
print_description_row($vbphrase['file_inclusion_not_permitted']);
print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)'));
print_cp_footer();
exit;
}
}
}
}
}
}
else
{
require_once(DIR . '/includes/class_template_parser.php');
$parser = new vB_TemplateParser($orig_template);
try
{
$parser->validate($errors);
}
catch (vB_Exception_TemplateFatalError $e)
{
global $vbphrase;
echo "<p> </p><p> </p>";
print_form_header('', '', 0, 1, '', '65%');
print_table_header($vbphrase['vbulletin_message']);
print_description_row($vbphrase[$e->getMessage()]);
print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)'));
print_cp_footer();
exit;
}
$template = $parser->compile();
// TODO: Reimplement these - if done, $session[], $bbuserinfo[], $vboptions will parse in the template without using {vb:raw, which isn't what we
// necessarily want to happen
/*
if (!function_exists('replace_template_variables'))
{
require_once(DIR . '/includes/functions_misc.php');
}
$template = replace_template_variables($template, false);
*/
}
if (function_exists('verify_demo_template'))
{
verify_demo_template($template);
}
($hook = vBulletinHook::fetch_hook('template_compile')) ? eval($hook) : false;
return $template;
}
/**
* Fetches a specific type of phrase from the database
*
* @param string Varname of the phrase to be fetched
* @param integer Phrase Type ID of the phrase to be fetched
* @param string String to be removed from the beginning of specified phrase varname (varname = 'moo_thing', strreplace = 'moo_' => varname = 'thing')
* @param boolean Whether or not to parse any quotes in the fetched text ready for eval()
* @param boolean Fetch phrase from all languages (?)
* @param integer Desired language ID from which to pull the phrase text
* @param boolean If true, converts '{1}' and '{2}' into '%1$s' and '%2$s' etc., in preparation for sprintf() parsing
*
* @return string
*/
function fetch_phrase($phrasename, $fieldname, $strreplace = '', $doquotes = true, $alllanguages = false, $languageid = -1, $dobracevars = true)
{
// we need to do some caching in this function I believe
global $vbulletin, $vbphrase;
static $phrase_cache;
if (!empty($strreplace)) {
if (strpos("{$phrasename}", $strreplace) === 0) {
$phrasename = substr($phrasename, strlen($strreplace));
}
}
$languageid = intval($languageid);
if (!isset($phrase_cache["{$fieldname}-{$phrasename}"])) {
$getphrases = $vbulletin->db->query_read_slave("\n\t\t\tSELECT text, languageid, special\n\t\t\tFROM " . TABLE_PREFIX . "phrase AS phrase\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "phrasetype USING (fieldname)\n\t\t\tWHERE phrase.fieldname = '" . $vbulletin->db->escape_string($fieldname) . "'\n\t\t\t\tAND varname = '" . $vbulletin->db->escape_string($phrasename) . "' " . iif(!$alllanguages, "AND languageid IN (-1, 0, " . ($languageid > 0 ? $languageid : intval(LANGUAGEID)) . ")"));
while ($getphrase = $vbulletin->db->fetch_array($getphrases)) {
$phrase_cache["{$fieldname}-{$phrasename}"]["{$getphrase['languageid']}"] = $getphrase['text'];
$phrase_cache["{$fieldname}-{$phrasename}"]['special'] = $getphrase['special'];
}
unset($getphrase);
$vbulletin->db->free_result($getphrases);
}
$phrase =& $phrase_cache["{$fieldname}-{$phrasename}"];
$special = $phrase['special'];
if ($languageid == -1) {
// didn't pass in a languageid as this is the default value so use the browsing user's languageid
$languageid = LANGUAGEID;
} else {
if ($languageid == 0) {
// the user is using forum default
$languageid = $vbulletin->options['languageid'];
}
}
if (isset($phrase["{$languageid}"])) {
$messagetext = $phrase["{$languageid}"];
} else {
if (isset($phrase[0])) {
$messagetext = $phrase[0];
} else {
if (isset($phrase['-1'])) {
$messagetext = $phrase['-1'];
} else {
if (isset($vbphrase["{$phrasename}"]) and (VB_AREA == 'Upgrade' or VB_AREA == 'Install')) {
$messagetext = $vbphrase["{$phrasename}"];
} else {
$messagetext = "Could not find phrase '{$phrasename}'.";
}
}
}
}
if ($dobracevars) {
$messagetext = str_replace('%', '%%', $messagetext);
$messagetext = preg_replace('#\\{([0-9]+)\\}#sU', '%\\1$s', $messagetext);
}
if ($doquotes) {
$messagetext = str_replace("\\'", "'", addslashes($messagetext));
if ($special) {
// these phrases have variables in them. Thus, they could have variables like $vboptions that need to be replaced
$messagetext = replace_template_variables($messagetext, false);
}
}
return $messagetext;
}
public static function compile(vB_DomNode $main_node, vB_TemplateParser $parser)
{
$true_value = '';
$else_value = '';
$elseif_conditions = array();
$write_location = 'true';
$child_nodes = $main_node->childNodes();
foreach (array_keys($child_nodes) AS $key)
{
// find the 3 types of conditional values: if (true), elseif, else (false)
// use a switch with references so we can write to a single variable for each case
$node =& $child_nodes["$key"];
switch ($write_location)
{
case 'true':
$location_ref =& $true_value;
break;
case 'else':
$location_ref =& $else_value;
break;
case 'elseif':
$keys = array_keys($elseif_conditions);
$key = end($keys);
$location_ref =& $elseif_conditions[$key]['value'];
}
if ($node->type == 'text')
{
$location_ref .= $parser->_escape_string($node->value);
}
else if ($node->type == 'tag')
{
switch ($node->value)
{
case 'elseif':
// found an elseif tag, make a new entry
$elseif_conditions[] = array(
'condition' => $node->attributes['condition'],
'value' => ''
);
$write_location = 'elseif';
break;
case 'else':
// move to else
$write_location = 'else';
break;
default:
// any other tag -- this isn't related to this if
$location_ref .= $parser->_default_node_handler($node);
break;
}
}
else if ($node->type == 'curly')
{
$location_ref .= $parser->_default_node_handler($node);
}
}
// merge the 2 types with conditions (true, elseif) together
$conditions = array_merge(array(
0 => array(
'condition' => $main_node->attributes['condition'],
'value' => $true_value
)), $elseif_conditions);
// now loop through these conditions. Elseif can not be handled by a ternary
// operator, so emulate it via if{}else{if{}else{}.
$output = "'';";
if (!function_exists('replace_template_variables'))
{
require_once(DIR . '/includes/functions_misc.php');
}
$condition_value = replace_template_variables($condition_value, true);
foreach ($conditions AS $condition)
{
$output .= ' if (' . replace_template_variables($condition['condition'], true) . ') {
' .$parser->outputVar . " .= '" . $condition['value'] . "';" . '
} else';
}
$output .= ' {
' . $parser->outputVar . " .= '" . $else_value . "';" . '
}';
$output .= $parser->outputVar . " .= ''";
return $output;
}
// get bits for faq text cache
$faqtext = array();
if (is_array($ifaqcache["{$faqparent}"])) {
fetch_faq_text_array($ifaqcache["{$faqparent}"]);
} else {
eval(standard_error(fetch_error('invalidid', $vbphrase['faq_item'], $vbulletin->options['contactuslink'])));
}
// $censorchars is used in the vb_censor_explain phrase
$censorchars = $vbulletin->options['censorchar'] . $vbulletin->options['censorchar'] . $vbulletin->options['censorchar'] . $vbulletin->options['censorchar'] . $vbulletin->options['censorchar'];
require_once DIR . '/includes/functions_misc.php';
// display FAQs
$faq = array();
foreach ($ifaqcache["{$faqparent}"] as $faq) {
if ($faq['displayorder'] > 0) {
$text = str_replace(array("\\'", '\\\\$'), array("'", '\\$'), addslashes($faq['text']));
eval('$faq[\'text\'] = "' . replace_template_variables($text) . '";');
construct_faq_item($faq, $find, $replace, $replace);
}
}
$faqtitle = $faqcache["{$faqparent}"]['title'];
$show['faqtitle'] = iif($faqtitle, true, false);
// get navbar stuff
$parents = array();
fetch_faq_parents($faqcache["{$faqparent}"]['faqname']);
foreach (array_reverse($parents) as $key => $val) {
// fix for bug #1660
if (isset($navbits["{$key}"])) {
unset($navbits["{$key}"]);
}
$navbits["{$key}"] = $val;
}
function vbseo_get_email_templates($emailtpl)
{
global $vbulletin;
$evalemail = array();
$email_texts = $vbulletin->db->query_read("\nSELECT text, languageid, varname\nFROM " . vbseo_tbl_prefix('phrase') . "\nWHERE varname LIKE '{$emailtpl}%'\n");
while ($email_text = $vbulletin->db->fetch_array($email_texts)) {
$emails["{$email_text['languageid']}"]["{$email_text['varname']}"] = $email_text['text'];
}
require_once DIR . '/includes/functions_misc.' . VBSEO_VB_EXT;
foreach ($emails as $languageid => $email_text) {
$text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text[$emailtpl . '_msg']), $emails['-1'][$emailtpl . '_msg'], $email_text[$emailtpl . '_msg'])));
$text_message = replace_template_variables($text_message);
$text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text[$emailtpl . '_subj']), $emails['-1'][$emailtpl . '_subj'], $email_text[$emailtpl . '_subj'])));
$text_subject = replace_template_variables($text_subject);
$evalemail["{$languageid}"] = '
$msg = "' . $text_message . '";
$subj = "' . $text_subject . '";
';
}
return $evalemail;
}
