function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) { if (isset($_REQUEST['varname']) && $_REQUEST['varname'] != '') { reset_cache($_REQUEST['varname']); $name = ucwords(implode(' ', explode('_', $_REQUEST['varname']))); $action = new K4InformationAction(new K4LanguageElement('L_REFRESHEDCACHEITEM', $name), 'content', FALSE, 'admin.php?act=cache', 3); } else { $action = new K4InformationAction(new K4LanguageElement('L_REFRESHEDCACHE'), 'content', FALSE, 'admin.php?act=cache', 3); $general_cache = new K4GeneralCacheFilter(); $cache = array(); $methods = get_class_methods($general_cache); foreach ($methods as $function) { if (substr($function, 0, 6) == 'cache_') { $general_cache->{$function}($cache, $request); } } if (USE_CACHE) { DBCache::createCache($cache); } } return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) { // // DEMO VERSION // if(K4DEMOMODE) { // no_perms_error($request, 'content'); // return TRUE; // } global $_QUERYPARAMS; if (isset($_REQUEST['settinggroupid']) && intval($_REQUEST['settinggroupid']) > 0) { $settings = $request['dba']->executeQuery("SELECT * FROM " . K4SETTINGS . " WHERE settinggroupid = " . intval($_REQUEST['settinggroupid'])); while ($settings->next()) { $setting = $settings->current(); $new_val = ctype_digit($_REQUEST[$setting['varname']]) && $_REQUEST[$setting['varname']] != '' ? intval($_REQUEST[$setting['varname']]) : $request['dba']->quote($_REQUEST[$setting['varname']]); $request['dba']->executeUpdate("UPDATE " . K4SETTINGS . " SET value = '{$new_val}' WHERE varname = '" . $request['dba']->quote($setting['varname']) . "'"); } } k4_bread_crumbs($request['template'], $request['dba'], 'L_OPTIONS'); reset_cache('settings'); $request['template']->setVar('options_on', '_on'); $request['template']->setFile('sidebar_menu', 'menus/options.html'); $action = new K4InformationAction(new K4LanguageElement('L_UPDATEDOPTIONS'), 'content', FALSE, 'admin.php?act=options', 3); return $action->execute($request); } else { no_perms_error($request, 'content'); } return TRUE; }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) { global $_DATASTORE; k4_bread_crumbs($request['template'], $request['dba'], 'L_EMAILUSERS'); $request['template']->setVar('misc_on', '_on'); $request['template']->setFile('sidebar_menu', 'menus/misc.html'); if (isset($_DATASTORE['massmail'])) { $action = new K4InformationAction(new K4LanguageElement('L_EMAILINPROGRESS'), 'content', FALSE); return $action->execute($request); } if (!isset($_REQUEST['subject']) || $_REQUEST['subject'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INSERTMAILSUBJECT'), 'content', TRUE); return $action->execute($request); } if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INSERTMAILMESSAGE'), 'content', TRUE); return $action->execute($request); } $from = isset($_REQUEST['from']) && $_REQUEST['from'] != '' ? $_REQUEST['from'] : 'noreply'; $subject = $_REQUEST['subject']; $message = preg_replace("~(\r\n|\r|\n)~i", "\n", $_REQUEST['message']); // set where to start the userids to email in the datastore $update = $request['dba']->prepareStatement("INSERT INTO " . K4DATASTORE . " (varname, data) VALUES (?,?)"); $update->setString(1, 'massmail'); $update->setString(2, serialize(array('startid' => 0, 'from' => $from, 'subject' => $subject, 'message' => $message))); $update->executeUpdate(); reset_cache('email_queue'); // success $action = new K4InformationAction(new K4LanguageElement('L_EMAILSSENTTOUSERS'), 'content', FALSE); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) { k4_bread_crumbs($request['template'], $request['dba'], 'L_PERMISSIONMASKS'); if (!isset($_REQUEST['f']) || intval($_REQUEST['f']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDFORUM'), 'content', FALSE); return $action->execute($request); } $forum = $request['dba']->getRow("SELECT * FROM " . K4FORUMS . " WHERE forum_id = " . intval($_REQUEST['f'])); if (!is_array($forum) || empty($forum)) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDFORUM'), 'content', FALSE); return $action->execute($request); } if (!isset($_REQUEST['g']) || intval($_REQUEST['g']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDUSERGROUP'), 'content', TRUE); return $action->execute($request); } $group = $request['dba']->getRow("SELECT * FROM " . K4USERGROUPS . " WHERE id = " . intval($_REQUEST['g'])); if (!is_array($group) || empty($group)) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDUSERGROUP'), 'content', TRUE); return $action->execute($request); } $maps = $request['dba']->executeQuery("SELECT * FROM " . K4MAPS . " WHERE group_id = 0 AND forum_id = " . intval($forum['forum_id'])); // delete all of the perms because we are going to readd them // by doing this, we are guranteed to store the minimum number // of changed permissions $request['dba']->executeUpdate("DELETE FROM " . K4MAPS . " WHERE group_id = " . intval($group['id']) . " AND forum_id = " . intval($forum['forum_id'])); $insert = $request['dba']->prepareStatement("INSERT INTO " . K4MAPS . " (row_level,name,varname,category_id,forum_id,user_id,group_id,can_view,can_add,can_edit,can_del,value,parent_id) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)"); while ($maps->next()) { $temp = $maps->current(); $add = FALSE; if (isset($_REQUEST[$temp['varname'] . '_can_view']) && $_REQUEST[$temp['varname'] . '_can_view'] != $temp['can_view']) { $add = TRUE; } if (isset($_REQUEST[$temp['varname'] . '_can_add']) && $_REQUEST[$temp['varname'] . '_can_add'] != $temp['can_add']) { $add = TRUE; } if (isset($_REQUEST[$temp['varname'] . '_can_edit']) && $_REQUEST[$temp['varname'] . '_can_edit'] != $temp['can_edit']) { $add = TRUE; } if (isset($_REQUEST[$temp['varname'] . '_can_del']) && $_REQUEST[$temp['varname'] . '_can_del'] != $temp['can_del']) { $add = TRUE; } if ($add) { $insert->setInt(1, $temp['row_level']); $insert->setString(2, $temp['name']); $insert->setString(3, $temp['varname']); $insert->setInt(4, $temp['category_id']); $insert->setInt(5, $temp['forum_id']); $insert->setInt(6, $temp['user_id']); $insert->setInt(7, $group['id']); $insert->setInt(8, $_REQUEST[$temp['varname'] . '_can_view']); $insert->setInt(9, $_REQUEST[$temp['varname'] . '_can_add']); $insert->setInt(10, $_REQUEST[$temp['varname'] . '_can_edit']); $insert->setInt(11, $_REQUEST[$temp['varname'] . '_can_del']); $insert->setString(12, $temp['value']); $insert->setInt(13, $temp['parent_id']); $insert->executeUpdate(); } } reset_cache('maps'); // usermasks are part of the maps $action = new K4InformationAction(new K4LanguageElement('L_UPDATEDPERMMASK', $group['name'], $forum['name']), 'content', TRUE, 'admin.php?act=masks', 3); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= ADMIN) { k4_bread_crumbs($request['template'], $request['dba'], 'L_USERTITLES'); $request['template']->setVar('users_on', '_on'); $request['template']->setFile('sidebar_menu', 'menus/users.html'); if (!isset($_REQUEST['title_id']) || intval($_REQUEST['title_id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_BADUSERTITLE'), 'content', TRUE); return $action->execute($request); } $title = $request['dba']->getRow("SELECT * FROM " . K4USERTITLES . " WHERE title_id = " . intval($_REQUEST['title_id'])); if (!is_array($title) || empty($title)) { $action = new K4InformationAction(new K4LanguageElement('L_BADUSERTITLE'), 'content', TRUE); return $action->execute($request); } $request['dba']->executeUpdate("DELETE FROM " . K4USERTITLES . " WHERE title_id = " . intval($title['title_id'])); reset_cache('user_titles'); $action = new K4InformationAction(new K4LanguageElement('L_UPDATEDUSERTITLE', $title['title_text']), 'content', FALSE, 'admin.php?act=usertitles', 3); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$request) { global $_QUERYPARAMS, $_DATASTORE, $_USERGROUPS; /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); if (!isset($_REQUEST['id']) || intval($_REQUEST['id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_POSTDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } /* Get our topic */ $post = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id = " . intval($_REQUEST['id'])); if (!$post || !is_array($post) || empty($post)) { $action = new K4InformationAction(new K4LanguageElement('L_POSTDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } $forum = $request['dba']->getRow("SELECT * FROM " . K4FORUMS . " WHERE forum_id = " . intval($post['forum_id'])); /* Check the forum data given */ if (!$forum || !is_array($forum) || empty($forum)) { $action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } $delete_topic = FALSE; if ($forum['forum_id'] == GARBAGE_BIN && $this->row_type & TOPIC) { $delete_topic = TRUE; } /* Make sure the we are trying to delete from a forum */ if (!($forum['row_type'] & FORUM)) { $action = new K4InformationAction(new K4LanguageElement('L_CANTDELFROMNONFORUM'), 'content', FALSE); return $action->execute($request); } /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], $this->row_type & REPLY ? 'L_DELETEREPLY' : 'L_DELETETOPIC', $post, $forum); $maps_var = $this->row_type & TOPIC ? 'topics' : 'replies'; /* Does this person have permission to remove this post? */ if ($post['poster_id'] == $request['user']->get('id')) { if (get_map($maps_var, 'can_del', array('forum_id' => $forum['forum_id'])) > $request['user']->get('perms')) { no_perms_error($request); return TRUE; } } else { if (get_map('other_' . $maps_var, 'can_del', array('forum_id' => $forum['forum_id'])) > $request['user']->get('perms')) { no_perms_error($request); return TRUE; } } $user_usergroups = $request['user']->get('usergroups') != '' ? explode('|', $request['user']->get('usergroups')) : array(); $forum_usergroups = $forum['moderating_groups'] != '' ? explode('|', $forum['moderating_groups']) : array(); if (!is_moderator($request['user']->getInfoArray(), $forum)) { no_perms_error($request); return TRUE; } /* Begin the SQL transaction */ $request['dba']->beginTransaction(); /** * Should we update the topic? */ if ($this->row_type & REPLY) { $topic_last_reply = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id <> " . intval($post['post_id']) . " AND parent_id=" . intval($post['parent_id']) . " ORDER BY created DESC LIMIT 1"); $topic_update = $request['dba']->prepareStatement("UPDATE " . K4POSTS . " SET lastpost_created=?,lastpost_uname=?,lastpost_uid=?,lastpost_id=?,num_replies=? WHERE post_id=?"); $topic_update->setInt(1, $topic_last_reply['created']); $topic_update->setString(2, $topic_last_reply['poster_name']); $topic_update->setInt(3, $topic_last_reply['poster_id']); $topic_update->setInt(4, $topic_last_reply['post_id']); $topic_update->setInt(5, intval($request['dba']->getValue("SELECT COUNT(*) FROM " . K4POSTS . " WHERE parent_id=" . intval($post['parent_id'])) - 1)); // use this to make sure we get the right count $topic_update->setInt(6, $post['parent_id']); $topic_update->executeUpdate(); } /** * Remove any bad post reports, get a count of replies, change * user post counts and remove attachments! WOAH! */ $num_replies_to_remove = 1; if ($this->row_type & REPLY) { $request['dba']->executeUpdate("DELETE FROM " . K4BADPOSTREPORTS . " WHERE post_id = " . intval($post['post_id'])); } else { $posts = $request['dba']->executeQuery("SELECT post_id,poster_id,attachments FROM " . K4POSTS . " WHERE ( (parent_id=" . intval($post['post_id']) . " AND row_type=" . REPLY . ") OR (post_id=" . intval($post['post_id']) . " AND row_type=" . TOPIC . ") )"); $num_replies_to_remove = intval($posts->numrows() - 1); while ($posts->next()) { $p = $posts->current(); // remove bad post report $request['dba']->executeUpdate("DELETE FROM " . K4BADPOSTREPORTS . " WHERE post_id = " . intval($p['post_id'])); // change user post count if ($delete_topic || $this->row_type & REPLY) { $request['dba']->executeUpdate("UPDATE " . K4USERINFO . " SET num_posts=num_posts-1 WHERE user_id=" . intval($p['poster_id'])); } if ($p['attachments'] > 0) { remove_attachments($request, $p, FALSE); } } } /** * Delete/Move the post */ if ($delete_topic || $this->row_type & REPLY) { $request['dba']->executeUpdate("DELETE FROM " . K4POSTS . " WHERE post_id = " . intval($post['post_id'])); // change or remove replies if ($this->row_type & REPLY) { $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET row_order=row_order-1 WHERE row_order>" . intval($post['row_order']) . " AND post_id=" . intval($post['forum_id'])); } else { $request['dba']->executeUpdate("DELETE FROM " . K4POSTS . " WHERE parent_id=" . intval($post['post_id'])); $request['dba']->executeUpdate("DELETE FROM " . K4RATINGS . " WHERE post_id = " . intval($post['post_id'])); } } else { /* Move this topic and its replies to the garbage bin */ if ($this->row_type & TOPIC) { // parent_id is left as the current forum id $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET forum_id=" . GARBAGE_BIN . " WHERE ( (parent_id=" . intval($post['post_id']) . " AND row_type=" . REPLY . ") OR post_id=" . intval($post['post_id']) . ")"); // update the garbage bin $newpost_created = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE forum_id=" . GARBAGE_BIN . " ORDER BY created DESC LIMIT 1"); $forum_update = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET posts=posts+?,replies=replies+?,topics=topics+?,post_created=?,post_name=?,post_uname=?,post_id=?,post_uid=?,post_posticon=? WHERE forum_id=?"); $forum_update->setInt(1, $this->row_type & REPLY ? $num_replies_to_remove : $num_replies_to_remove + 1); $forum_update->setInt(2, $num_replies_to_remove); $forum_update->setInt(3, $this->row_type & REPLY ? 0 : 1); $forum_update->setInt(4, $newpost_created['created']); $forum_update->setString(5, $newpost_created['name']); $forum_update->setString(6, $newpost_created['poster_name']); $forum_update->setInt(7, $newpost_created['post_id']); $forum_update->setInt(8, $newpost_created['poster_id']); $forum_update->setString(9, $newpost_created['posticon']); $forum_update->setInt(10, GARBAGE_BIN); $forum_update->executeUpdate(); } } /* Get that last post in this forum that's not part of/from this topic */ $lastpost_created = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE forum_id=" . intval($post['forum_id']) . " ORDER BY created DESC LIMIT 1"); if (!is_array($lastpost_created) || empty($lastpost_created)) { $lastpost_created = array('created' => 0, 'name' => '', 'poster_name' => '', 'post_id' => 0, 'poster_id' => 0, 'posticon' => ''); } /** * Update the forum and the datastore */ $forum_update = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET posts=posts-?,replies=replies-?,topics=topics-?,post_created=?,post_name=?,post_uname=?,post_id=?,post_uid=?,post_posticon=? WHERE forum_id=?"); /* Set the forum values */ $forum_update->setInt(1, $this->row_type & REPLY ? $num_replies_to_remove : $num_replies_to_remove + 1); $forum_update->setInt(2, $num_replies_to_remove); $forum_update->setInt(3, $this->row_type & REPLY ? 0 : 1); $forum_update->setInt(4, $lastpost_created['created']); $forum_update->setString(5, $lastpost_created['name']); $forum_update->setString(6, $lastpost_created['poster_name']); $forum_update->setInt(7, $lastpost_created['post_id']); $forum_update->setInt(8, $lastpost_created['poster_id']); $forum_update->setString(9, $lastpost_created['posticon']); $forum_update->setInt(10, $forum['forum_id']); $forum_update->executeUpdate(); /* Set the datastore values */ if ($delete_topic || $this->row_type & REPLY) { $datastore_update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data=? WHERE varname=?"); $datastore = $_DATASTORE['forumstats']; $datastore['num_replies'] = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4POSTS . " WHERE row_type=" . REPLY); $datastore['num_topics'] = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4POSTS . " WHERE row_type=" . TOPIC); $datastore_update->setString(1, serialize($datastore)); $datastore_update->setString(2, 'forumstats'); /* Execute datastore update query */ $datastore_update->executeUpdate(); // Update the datastore cache reset_cache('datastore'); } $request['dba']->commitTransaction(); /* Redirect the user */ $action = new K4InformationAction(new K4LanguageElement($this->row_type & REPLY ? 'L_DELETEDREPLY' : 'L_DELETEDTOPIC', $post['name']), 'content', FALSE, $this->row_type & REPLY ? 'viewtopic.php?id=' . $post['parent_id'] : 'viewforum.php?f=' . $post['forum_id'], 3); return $action->execute($request); }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) { global $_FILTERS, $_FORUMFILTERS, $_ALLFORUMS; k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); if (!isset($_REQUEST['forum_id']) || intval($_REQUEST['forum_id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDFORUM'), 'content', FALSE); return $action->execute($request); } $forum = $_ALLFORUMS[intval($_REQUEST['forum_id'])]; if (!($forum['row_type'] & METAFORUM)) { $action = new K4InformationAction(new K4LanguageElement('L_FORUMCANTHAVEFILTERS'), 'content', FALSE); return $action->execute($request); } // clear all the filters, we might put them back in later ;) $request['dba']->executeUpdate("DELETE FROM " . K4FORUMFILTERS . " WHERE forum_id=" . intval($forum['forum_id'])); // go through all of the filters checked off to use $checked_filters = $_REQUEST['filters']; if (is_array($checked_filters) && !empty($checked_filters)) { // create the query $insert = $request['dba']->prepareStatement("INSERT INTO " . K4FORUMFILTERS . " (forum_id,filter_id,insert1,insert2,insert3) VALUES (?,?,?,?,?)"); $insert->setInt(1, $forum['forum_id']); foreach ($checked_filters as $filter_id) { $filter_id = intval($filter_id); $insert1 = $insert2 = $insert3 = ''; if (isset($_FILTERS[$filter_id])) { $filter =& $_FILTERS[$filter_id]; if (intval($filter['num_inserts']) > 0) { if (isset($_REQUEST[$filter_id . '_insert1'])) { if (intval($filter['insert1_type']) != 0 && $_REQUEST[$filter_id . '_insert1'] != '') { $insert1 = $this->getFilterVal($filter, 'insert1', $_REQUEST[$filter_id . '_insert1']); } } if (intval($filter['insert2_type']) != META_SAME) { if (isset($_REQUEST[$filter_id . '_insert1'])) { if ($filter['insert2_type'] != 0 && $_REQUEST[$filter_id . '_insert2'] != '') { $insert2 = $this->getFilterVal($filter, 'insert2', $_REQUEST[$filter_id . '_insert2']); } } } else { $insert2 = $insert1; } if (intval($filter['insert3_type']) != META_SAME) { if (isset($_REQUEST[$filter_id . '_insert3'])) { if ($filter['insert3_type'] != 0 && $_REQUEST[$filter_id . '_insert3'] != '') { $insert3 = $this->getFilterVal($filter, 'insert3', $_REQUEST[$filter_id . '_insert3']); } } } else { $insert3 = $insert2; } } $num_filled = 0; if ($insert1 != '') { $num_filled++; } if ($insert2 != '') { $num_filled++; } if ($insert3 != '') { $num_filled++; } if ($num_filled >= intval($filter['num_inserts'])) { $insert->setInt(2, $filter_id); $insert->setString(3, $insert1); $insert->setString(4, $insert2); $insert->setString(5, $insert3); $insert->executeUpdate(); } } } } reset_cache('forum_filters'); $action = new K4InformationAction(new K4LanguageElement('L_UPDATEDFORUMFILTERS', $forum['name']), 'content', FALSE, 'admin.php?act=forum_select', 3); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) { k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); if (!isset($_REQUEST['filter_id']) || intval($_REQUEST['filter_id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDFILTER'), 'content', FALSE); return $action->execute($request); } $filter_id = intval($_REQUEST['filter_id']); global $_FILTERS; if (!isset($_FILTERS[$filter_id]) || empty($_FILTERS[$filter_id])) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDFILTER'), 'content', FALSE); return $action->execute($request); } $filter = $_FILTERS[$filter_id]; $request['dba']->executeUpdate("DELETE FROM " . K4FILTERS . " WHERE filter_id=" . $filter_id); $request['dba']->executeUpdate("DELETE FROM " . K4FORUMFILTERS . " WHERE filter_id=" . $filter_id); reset_cache('filters'); reset_cache('forum_filters'); k4_bread_crumbs($request['template'], $request['dba'], 'L_REMOVEFILTER'); $action = new K4InformationAction(new K4LanguageElement('L_REMOVEDFILTER', $filter['filter_name']), 'content', FALSE, 'admin.php?act=filters_manage', 3); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$request) { global $_QUERYPARAMS, $_DATASTORE; /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); /* Check the request ID */ if (!isset($_REQUEST['id']) || !$_REQUEST['id'] || intval($_REQUEST['id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } $forum = $request['dba']->getRow("SELECT * FROM " . K4FORUMS . " WHERE forum_id = " . intval($_REQUEST['id'])); /* Check the forum data given */ if (!$forum || !is_array($forum) || empty($forum)) { $action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } /* Make sure the we are trying to post into a forum */ if (!($forum['row_type'] & FORUM)) { $action = new K4InformationAction(new K4LanguageElement('L_CANTMODNONFORUM'), 'content', FALSE); return $action->execute($request); } /** * Check for moderating permission */ if (!is_moderator($request['user']->getInfoArray(), $forum)) { no_perms_error($request); return TRUE; } if (!isset($_REQUEST['action']) || $_REQUEST['action'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_NEEDSELECTACTION'), 'content', TRUE); return $action->execute($request); } if (!isset($_REQUEST['topics']) || $_REQUEST['topics'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_NEESSELECTTOPICS'), 'content', TRUE); return $action->execute($request); } $topics = explode("|", $_REQUEST['topics']); if (!is_array($topics) || count($topics) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_NEESSELECTTOPICS'), 'content', TRUE); return $action->execute($request); } $query_extra = ''; $i = 0; foreach ($topics as $id) { $query_extra .= $i == 0 ? ' ' : ' OR '; $query_extra .= 'post_id = ' . intval($id); $query_reply_extra .= $i == 0 ? ' ' : ' OR '; $query_reply_extra .= 'parent_id=' . intval($id); $i++; } $request['template']->setVisibility('check_checkboxes', TRUE); switch ($_REQUEST['action']) { /** * Lock topics */ case 'lock': if ($request['user']->get('perms') < get_map('closed', 'can_add', array('forum_id' => $forum['forum_id']))) { no_perms_error($request); return TRUE; } $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET post_locked = 1 WHERE (" . $query_extra . ")"); k4_bread_crumbs($request['template'], $request['dba'], 'L_LOCKTOPICS', $forum); $action = new K4InformationAction(new K4LanguageElement('L_LOCKEDTOPICS'), 'content', TRUE, referer(), 3); return $action->execute($request); break; /** * Stick topics */ /** * Stick topics */ case 'stick': if ($request['user']->get('perms') < get_map('sticky', 'can_add', array('forum_id' => $forum['forum_id']))) { no_perms_error($request); return TRUE; } $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET post_type = " . TOPIC_STICKY . ", post_expire = 0 WHERE (" . $query_extra . ")"); k4_bread_crumbs($request['template'], $request['dba'], 'L_STICKTOPICS', $forum); $action = new K4InformationAction(new K4LanguageElement('L_STUCKTOPICS'), 'content', TRUE, referer(), 3); return $action->execute($request); break; /** * Announce topics */ /** * Announce topics */ case 'announce': if ($request['user']->get('perms') < get_map('announce', 'can_add', array('forum_id' => $forum['forum_id']))) { no_perms_error($request); return TRUE; } $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET post_type = " . TOPIC_ANNOUNCE . ", post_expire = 0 WHERE (" . $query_extra . ")"); k4_bread_crumbs($request['template'], $request['dba'], 'L_ANNOUNCETOPICS', $forum); $action = new K4InformationAction(new K4LanguageElement('L_ANNOUNCEDTOPICS'), 'content', TRUE, referer(), 3); return $action->execute($request); break; /** * Feature topics */ /** * Feature topics */ case 'feature': if ($request['user']->get('perms') < get_map('feature', 'can_add', array('forum_id' => $forum['forum_id']))) { no_perms_error($request); return TRUE; } $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET is_feature = 1, post_expire = 0 WHERE (" . $query_extra . ")"); k4_bread_crumbs($request['template'], $request['dba'], 'L_FEATURETOPICS', $forum); $action = new K4InformationAction(new K4LanguageElement('L_FEATUREDTOPICS'), 'content', TRUE, referer(), 3); return $action->execute($request); break; /** * Remove any special formatting on topics */ /** * Remove any special formatting on topics */ case 'normal': if ($request['user']->get('perms') < get_map('normalize', 'can_add', array('forum_id' => $forum['forum_id']))) { no_perms_error($request); return TRUE; } $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET is_feature = 0, display = 1, queue = 0, post_type = " . TOPIC_NORMAL . ", post_expire = 0, post_locked = 0 WHERE (" . $query_extra . ")"); k4_bread_crumbs($request['template'], $request['dba'], 'L_SETASNORMALTOPICS', $forum); $action = new K4InformationAction(new K4LanguageElement('L_NORMALIZEDTOPICS'), 'content', TRUE, referer(), 3); return $action->execute($request); break; /** * Insert the topics into the moderator's queue for checking */ /** * Insert the topics into the moderator's queue for checking */ case 'queue': if ($request['user']->get('perms') < get_map('queue', 'can_add', array('forum_id' => $forum['forum_id']))) { no_perms_error($request); return TRUE; } $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET queue = 1 WHERE (" . $query_extra . ")"); k4_bread_crumbs($request['template'], $request['dba'], 'L_QUEUETOPICS', $forum); $action = new K4InformationAction(new K4LanguageElement('L_QUEUEDTOPICS'), 'content', TRUE, referer(), 3); return $action->execute($request); break; /** * Subscribe to all of the selected topics */ /** * Subscribe to all of the selected topics */ case 'subscribe': foreach ($topics as $post_id) { $is_subscribed = $request['dba']->getRow("SELECT * FROM " . K4SUBSCRIPTIONS . " WHERE user_id = " . intval($request['user']->get('id')) . " AND post_id = " . intval($post_id)); if (!is_array($is_subscribed) || empty($is_subscribed)) { $subscribe = $request['dba']->prepareStatement("INSERT INTO " . K4SUBSCRIPTIONS . " (user_id,user_name,post_id,forum_id,email,category_id) VALUES (?,?,?,?,?,?)"); $subscribe->setInt(1, $request['user']->get('id')); $subscribe->setString(2, $request['user']->get('name')); $subscribe->setInt(3, $post_id); $subscribe->setInt(4, $forum['forum_id']); $subscribe->setString(5, $request['user']->get('email')); $subscribe->setInt(6, $forum['category_id']); $subscribe->executeUpdate(); } } k4_bread_crumbs($request['template'], $request['dba'], 'L_SUBSCRIPTION', $forum); $action = new K4InformationAction(new K4LanguageElement('L_SUBSCRIBEDTOPICS'), 'content', TRUE, referer(), 3); return $action->execute($request); break; /** * Add selected topics to the queue to be deleted */ /** * Add selected topics to the queue to be deleted */ case 'delete': if ($request['user']->get('perms') < get_map('delete', 'can_add', array('forum_id' => $forum['forum_id']))) { no_perms_error($request); return TRUE; } $delete_topic = FALSE; if ($forum['forum_id'] == GARBAGE_BIN && $post['row_type'] & TOPIC) { $delete_topic = TRUE; } $users = array(); // find the users for topics first $t = $request['dba']->executeQuery("SELECT * FROM " . K4POSTS . " WHERE row_type=" . TOPIC . " AND ({$query_extra}) AND forum_id=" . intval($forum['forum_id'])); while ($t->next()) { $temp = $t->current(); $users[$temp['poster_id']] = isset($users[$temp['poster_id']]) ? $users[$temp['poster_id']] + 1 : 1; // remove ratings if ($temp['rating'] > 0 && $delete_topic) { $request['dba']->executeUpdate("DELETE FROM " . K4RATINGS . " WHERE post_id = " . intval($temp['post_id'])); } // remove attachments if ($temp['attachments'] > 0 && $delete_topic) { remove_attachments($request, $temp, FALSE); } // remove bad post reports $request['dba']->executeUpdate("DELETE FROM " . K4BADPOSTREPORTS . " WHERE post_id = " . intval($temp['post_id'])); } $num_topics = $t->numrows(); $num_topics = $forum['topics'] < $num_topics ? $forum['topics'] : $num_topics; $t->free(); // find them for replies $r = $request['dba']->executeQuery("SELECT * FROM " . K4POSTS . " WHERE row_type=" . REPLY . " AND ({$query_reply_extra}) AND forum_id=" . intval($forum['forum_id'])); while ($r->next()) { $temp = $r->current(); $users[$temp['poster_id']] = isset($users[$temp['poster_id']]) ? $users[$temp['poster_id']] + 1 : 1; // remove attachments if ($temp['attachments'] > 0) { remove_attachments($request, $temp, FALSE); } // remove bad post reports $request['dba']->executeUpdate("DELETE FROM " . K4BADPOSTREPORTS . " WHERE post_id = " . intval($temp['post_id'])); } $num_replies = $r->numrows(); $num_replies = $forum['replies'] < $num_replies ? $forum['replies'] : $num_replies; $r->free(); if ($delete_topic) { // loop through the users and change their post counts foreach ($users as $id => $postcount) { $request['dba']->executeUpdate("UPDATE " . K4USERINFO . " SET num_posts = num_posts-{$postcount} WHERE user_id = {$id}"); } // Remove everything $request['dba']->executeUpdate("DELETE FROM " . K4POSTS . " WHERE row_type=" . TOPIC . " AND (" . $query_extra . ")"); $request['dba']->executeUpdate("DELETE FROM " . K4POSTS . " WHERE row_type=" . REPLY . " AND (" . $query_reply_extra . ")"); } else { // Move everything $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET forum_id=" . GARBAGE_BIN . " WHERE row_type=" . TOPIC . " AND (" . $query_extra . ")"); $request['dba']->executeUpdate("UPDATE " . K4POSTS . " SET forum_id=" . GARBAGE_BIN . " WHERE row_type=" . REPLY . " AND (" . $query_reply_extra . ")"); } /* Get that last post in this forum that's not part of/from one of these topics */ $no_post = array('created' => 0, 'name' => '', 'poster_name' => '', 'post_id' => 0, 'poster_id' => 0, 'posticon' => ''); $lastpost_created = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE (" . str_replace('=', '<>', $query_extra) . ") AND forum_id=" . intval($forum['forum_id']) . " ORDER BY created DESC LIMIT 1"); $lastpost_created = !$lastpost_created || !is_array($lastpost_created) || empty($lastpost_created) ? $no_post : $lastpost_created; /** * Update the forum and the datastore */ $forum_update = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET topics=topics-?,posts=posts-?,replies=replies-?,post_id=?,post_created=?,post_name=?,post_uname=?,post_uid=?,post_posticon=? WHERE forum_id=?"); $datastore_update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data=? WHERE varname=?"); /* Set the forum values */ $forum_update->setInt(1, $num_topics); $forum_update->setInt(2, $num_replies + $num_topics); $forum_update->setInt(3, $num_replies); $forum_update->setInt(4, $lastpost_created['post_id']); $forum_update->setInt(5, $lastpost_created['created']); $forum_update->setString(6, $lastpost_created['name']); $forum_update->setString(7, $lastpost_created['poster_name']); $forum_update->setInt(8, $lastpost_created['poster_id']); $forum_update->setString(9, $lastpost_created['posticon']); $forum_update->setInt(10, $forum['forum_id']); /* Execute the forum and datastore update queries */ $forum_update->executeUpdate(); if (!$delete_topic) { // update the garbage bin forum $newpost_created = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE forum_id=" . GARBAGE_BIN . " ORDER BY created DESC LIMIT 1"); $forum_update = $request['dba']->prepareStatement("UPDATE " . K4FORUMS . " SET posts=posts+?,replies=replies+?,topics=topics+?,post_created=?,post_name=?,post_uname=?,post_id=?,post_uid=?,post_posticon=? WHERE forum_id=?"); $forum_update->setInt(1, $num_replies + $num_topics); $forum_update->setInt(2, $num_replies); $forum_update->setInt(3, $num_topics); $forum_update->setInt(4, $newpost_created['created']); $forum_update->setString(5, $newpost_created['name']); $forum_update->setString(6, $newpost_created['poster_name']); $forum_update->setInt(7, $newpost_created['post_id']); $forum_update->setInt(8, $newpost_created['poster_id']); $forum_update->setString(9, $newpost_created['posticon']); $forum_update->setInt(10, GARBAGE_BIN); $forum_update->executeUpdate(); } else { // update the datastore $datastore = $_DATASTORE['forumstats']; $datastore['num_topics'] = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4POSTS . " WHERE is_draft = 0 AND queue = 0 AND display = 1 AND row_type=" . TOPIC); $datastore['num_replies'] = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4POSTS . " WHERE row_type=" . REPLY); $datastore_update->setString(1, serialize($datastore)); $datastore_update->setString(2, 'forumstats'); $datastore_update->executeUpdate(); } reset_cache('datastore'); k4_bread_crumbs($request['template'], $request['dba'], 'L_DELETETOPICS', $forum); $action = new K4InformationAction(new K4LanguageElement('L_DELETEDTOPICS'), 'content', TRUE, referer(), 5); return $action->execute($request); break; /** * Move/copy topics to a destination forum */ /** * Move/copy topics to a destination forum */ case 'move': if ($request['user']->get('perms') < get_map('move', 'can_add', array('forum_id' => $forum['forum_id']))) { no_perms_error($request); return TRUE; } if (count($topics) <= 0) { k4_bread_crumbs($request['template'], $request['dba'], 'L_MOVETOPICS', $forum); $action = new K4InformationAction(new K4LanguageElement('L_NEEDSELECTTOPIC'), 'content', FALSE); return $action->execute($request); } /* Get the topics */ $result = $request['dba']->executeQuery("SELECT * FROM " . K4POSTS . " WHERE row_type=" . TOPIC . " AND is_draft=0 AND queue = 0 AND display = 1 AND forum_id = " . intval($forum['forum_id']) . " AND (" . $query_extra . ") ORDER BY created DESC"); /* Apply the topics iterator */ $it =& new TopicsIterator($request['dba'], $request['user'], $result, $request['template']->getVar('IMG_DIR'), $forum); $request['template']->setList('topics', $it); $request['template']->setVar('topics', $_REQUEST['topics']); $request['template']->setVar('forum_id', $forum['forum_id']); $request['template']->setVar('modpanel', 1); k4_bread_crumbs($request['template'], $request['dba'], 'L_MOVETOPICS', $forum); $request['template']->setFile('content', 'move_topics.html'); break; /* Invalid action has been taken */ /* Invalid action has been taken */ default: k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); $action = new K4InformationAction(new K4LanguageElement('L_NEEDSELECTACTION'), 'content', FALSE); return $action->execute($request); break; } return TRUE; }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= ADMIN) { global $_SETTINGS; if (!isset($_REQUEST['id']) || intval($_REQUEST['id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDCENSOR'), 'content', FALSE); return $action->execute($request); } $censor = $request['dba']->getRow("SELECT * FROM " . K4WORDCENSORS . " WHERE id = " . intval($_REQUEST['id'])); if (!is_array($censor) || empty($censor)) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDCENSOR'), 'content', FALSE); return $action->execute($request); } $request['dba']->executeUpdate("DELETE FROM " . K4WORDCENSORS . " WHERE id = " . intval($censor['id'])); $action = new K4InformationAction(new K4LanguageElement('L_REMOVEDWORDCENSOR', $censor['word']), 'content', FALSE, 'admin.php?act=censors', 3); reset_cache('censors'); k4_bread_crumbs($request['template'], $request['dba'], 'L_WORDCENSORS'); $request['template']->setVar('posts_on', '_on'); $request['template']->setFile('sidebar_menu', 'menus/posts.html'); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) { global $_USERGROUPS; k4_bread_crumbs($request['template'], $request['dba'], 'L_USERS'); $request['template']->setVar('users_on', '_on'); $request['template']->setFile('sidebar_menu', 'menus/users.html'); if (!isset($_REQUEST['user_id']) || intval($_REQUEST['user_id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE); return $action->execute($request); } $member = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE id=" . intval($_REQUEST['user_id']) . " LIMIT 1"); if (!is_array($member) || empty($member)) { $action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE); return $action->execute($request); } if (!isset($_REQUEST['group_id']) || intval($_REQUEST['group_id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_GROUPDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } if (!isset($_USERGROUPS[intval($_REQUEST['group_id'])])) { $action = new K4InformationAction(new K4LanguageElement('L_GROUPDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } $group = $_USERGROUPS[intval($_REQUEST['group_id'])]; /* Should we set the group moderator? */ if ($group['mod_name'] == '' || $group['mod_id'] == 0) { $admin = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE perms >= " . intval(ADMIN) . " ORDER BY perms,id ASC LIMIT 1"); $request['dba']->executeUpdate("UPDATE " . K4USERGROUPS . " SET mod_name = '" . $request['dba']->quote($admin['name']) . "', mod_id = " . intval($admin['id']) . " WHERE id = " . intval($group['id'])); reset_cache('usergroups'); $group['mod_name'] = $admin['name']; $group['mod_id'] = $admin['id']; } if ($group['mod_id'] == $member['id']) { $action = new K4InformationAction(new K4LanguageElement('L_YOUAREMODERATOR'), 'content', TRUE); return $action->execute($request); } $result = explode('|', trim($member['usergroups'] . '|')); $groups = $member['usergroups'] != '' ? iif(!$result, force_usergroups($member), $result) : array(); $in_group = FALSE; foreach ($groups as $id) { if (isset($_USERGROUPS[$id]) && $id == $group['id']) { $in_group = TRUE; } } if ($in_group) { $action = new K4InformationAction(new K4LanguageElement('L_BELONGSTOGROUP'), 'content', TRUE); return $action->execute($request); } $groups[] = intval($group['id']); $extra = NULL; if ($member['perms'] < $group['min_perm']) { $extra .= ', perms=' . intval($group['min_perm']); } /* Add this user to the group and change his perms if we need to */ $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET usergroups='" . $request['dba']->quote('|' . implode('|', $groups) . '|') . "' {$extra} WHERE id = " . intval($member['id'])); k4_bread_crumbs($request['template'], $request['dba'], 'L_ADDUSER'); $action = new K4InformationAction(new K4LanguageElement('L_ADDEDUSERTOGROUP', $member['name'], $group['name']), 'content', FALSE, 'admin.php?act=users', 3); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) { /* Error checking on the fields */ if (!isset($_REQUEST['id']) || intval($_REQUEST['id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDUSERGROUP'), 'content', TRUE); return $action->execute($request); } $group = $request['dba']->getRow("SELECT * FROM " . K4USERGROUPS . " WHERE id = " . intval($_REQUEST['id'])); if (!is_array($group) || empty($group)) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDUSERGROUP'), 'content', TRUE); return $action->execute($request); } if (!isset($_REQUEST['name']) || $_REQUEST['name'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INSERTGROUPNAME'), 'content', TRUE); return $action->execute($request); } if (!isset($_REQUEST['nicename']) || $_REQUEST['nicename'] == '') { //$action = new K4InformationAction(new K4LanguageElement('L_INSERTGROUPNICENAME'), 'content', TRUE); //return $action->execute($request); // makes it not require the nice name $_REQUEST['nicename'] = ''; } $g = $request['dba']->getRow("SELECT * FROM " . K4USERGROUPS . " WHERE name = '" . $request['dba']->quote($_REQUEST['name']) . "' AND id != " . intval($group['id'])); if (is_array($g) && !empty($g)) { $action = new K4InformationAction(new K4LanguageElement('L_GROUPNAMEEXISTS'), 'content', TRUE); return $action->execute($request); } if (!isset($_REQUEST['description']) || $_REQUEST['description'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INSERTGROUPDESC'), 'content', TRUE); return $action->execute($request); } if (!isset($_REQUEST['mod_name']) || $_REQUEST['mod_name'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INSERTMODNAME'), 'content', TRUE); return $action->execute($request); } $moderator = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE name = '" . $request['dba']->quote($_REQUEST['mod_name']) . "'"); if (!is_array($moderator) || empty($moderator)) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDMODNAME'), 'content', TRUE); return $action->execute($request); } if (!isset($_REQUEST['color']) || $_REQUEST['color'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INSERTGROUPCOLOR'), 'content', TRUE); return $action->execute($request); } $filename = ''; if (isset($_FILES['avatar_upload']) && is_array($_FILES['avatar_upload'])) { $filename = $_FILES['avatar_upload']['tmp_name']; } if (isset($_REQUEST['avatar_browse']) && $_REQUEST['avatar_browse'] != '') { $filename = $_REQUEST['avatar_browse']; } if ($filename != '') { $file_ext = explode(".", $filename); $exts = array('gif', 'jpg', 'jpeg', 'bmp', 'png', 'tiff'); if (count($file_ext) >= 2) { $file_ext = $file_ext[count($file_ext) - 1]; if (!in_array(strtolower($file_ext), $exts)) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDAVATAREXT'), 'content', TRUE); return $action->execute($request); } } else { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDAVATAREXT'), 'content', TRUE); return $action->execute($request); } } /* Build the queries */ $update_a = $request['dba']->prepareStatement("UPDATE " . K4USERGROUPS . " SET name=?,nicename=?,description=?,mod_name=?,mod_id=?,min_perm=?,max_perm=?,display_legend=?,color=?,avatar=? WHERE id=?"); $update_b = $request['dba']->prepareStatement("UPDATE " . K4USERS . " SET usergroups=?,perms=? WHERE id=?"); /* Set the query values */ $update_a->setString(1, $_REQUEST['name']); $update_a->setString(2, $_REQUEST['nicename']); $update_a->setString(3, $_REQUEST['description']); $update_a->setString(4, $moderator['name']); $update_a->setInt(5, $moderator['id']); $update_a->setInt(6, $_REQUEST['min_perm']); $update_a->setInt(7, $_REQUEST['max_perm']); $update_a->setInt(8, $_REQUEST['display_legend']); $update_a->setString(9, $_REQUEST['color']); $update_a->setString(10, $filename); $update_a->setInt(11, $group['id']); $update_a->executeUpdate(); // update all user perms $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET perms=" . intval($_REQUEST['min_perm']) . " WHERE usergroups LIKE '|" . intval($group['id']) . "|' AND perms < " . intval($_REQUEST['min_perm'])); $group_id = $request['dba']->getInsertId(K4USERGROUPS, 'id'); // update the mod $usergroups = $moderator['usergroups'] != '' ? explode('|', $moderator['usergroups']) : array(); if (is_array($usergroups)) { $usergroups[] = $group_id; } else { $usergroups = array($group_id); } $update_b->setString(1, '|' . implode('|', $usergroups) . '|'); $update_b->setInt(2, intval($_REQUEST['min_perm']) > $moderator['perms'] ? $_REQUEST['min_perm'] : $moderator['perms']); $update_b->setInt(3, $moderator['id']); /** * Update the user's information, if the mod name changes, the previous moderator will * still be a member of the group, just not the moderator. */ $update_b->executeUpdate(); if (isset($_FILES['avatar_upload']) && is_array($_FILES['avatar_upload'])) { $dir = BB_BASE_DIR . '/tmp/upload/group_avatars'; @chmod($dir, 0777); move_uploaded_file($_FILES['avatar_upload']['tmp_name'], $dir . '/' . $filename); } reset_cache('usergroups'); k4_bread_crumbs($request['template'], $request['dba'], 'L_USERGROUPS'); $request['template']->setVar('users_on', '_on'); $request['template']->setFile('sidebar_menu', 'menus/users.html'); $action = new K4InformationAction(new K4LanguageElement('L_UPDATEDUSERGROUP', $_REQUEST['name']), 'content', FALSE, 'admin.php?act=usergroups', 3); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$request) { global $_USERGROUPS, $_QUERYPARAMS; if (!isset($_REQUEST['id']) || intval($_REQUEST['id']) == 0) { k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); $action = new K4InformationAction(new K4LanguageElement('L_GROUPDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } if (!isset($_USERGROUPS[intval($_REQUEST['id'])])) { k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); $action = new K4InformationAction(new K4LanguageElement('L_GROUPDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } if (!isset($_REQUEST['user_id']) || intval($_REQUEST['user_id']) == 0) { /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); $action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE); return $action->execute($request); return TRUE; } $group = $_USERGROUPS[intval($_REQUEST['id'])]; $member = $request['dba']->getRow("SELECT " . $_QUERYPARAMS['user'] . $_QUERYPARAMS['userinfo'] . " FROM " . K4USERS . " u LEFT JOIN " . K4USERINFO . " ui ON u.id=ui.user_id WHERE u.id = '" . intval($_REQUEST['user_id']) . "'"); if (!$member || !is_array($member) || empty($member)) { /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); $action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE); return $action->execute($request); } /* Should we set the group moderator? */ if ($group['mod_name'] == '' || $group['mod_id'] == 0) { $admin = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE perms >= " . intval(ADMIN) . " ORDER BY perms,id ASC LIMIT 1"); $request['dba']->executeUpdate("UPDATE " . K4USERGROUPS . " SET mod_name = '" . $request['dba']->quote($admin['name']) . "', mod_id = " . intval($admin['id']) . " WHERE id = " . intval($group['id'])); reset_cache('usergroups'); $group['mod_name'] = $admin['name']; $group['mod_id'] = $admin['id']; } if ($group['mod_id'] == $member['id']) { /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); $action = new K4InformationAction(new K4LanguageElement('L_YOUAREMODERATOR'), 'content', TRUE); return $action->execute($request); } $result = explode('|', trim($member['usergroups'], '|')); $groups = $member['usergroups'] != '' ? iif(!$result, force_usergroups($member), $result) : array(); $groups = array_values($groups); $in_group = FALSE; $i = 0; foreach ($groups as $id) { if (isset($_USERGROUPS[$id]) && $id == $group['id']) { $in_group = TRUE; // remove the person from the user group unset($groups[$i]); } $i++; } $groups = array_values($groups); if (!$in_group) { /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); $action = new K4InformationAction(new K4LanguageElement('L_NOTBELONGSTOGROUP'), 'content', TRUE); return $action->execute($request); } $newgroup = get_user_max_group(array('usergroups' => '|' . implode('|', $groups) . '|'), $_USERGROUPS); $perms = 5; if (isset($newgroup['max_perms'])) { if ($request['user']->get('perms') > $newgroup['max_perms']) { $perms = $newgroup['max_perms']; } else { if ($request['user']->get('perms') < $newgroup['min_perms']) { $perms = $newgroup['min_perms']; } } } /* Add this user to the group and change his perms if we need to */ $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET usergroups='" . $request['dba']->quote('|' . implode('|', $groups) . '|') . "', perms=" . intval($perms) . " WHERE id = " . intval($member['id'])); k4_bread_crumbs($request['template'], $request['dba'], 'L_REMOVEUSER'); $action = new K4InformationAction(new K4LanguageElement('L_REMOVEDUSERFROMGROUP', $member['name'], $group['name']), 'content', FALSE, 'usergroups.php?id=' . intval($group['id']), 3); return $action->execute($request); return TRUE; }
function execute(&$request) { global $_USERGROUPS, $_QUERYPARAMS, $_URL; /** * Are we looking at the list of user groups? */ if (!isset($_REQUEST['id']) || intval($_REQUEST['id']) == 0) { $result = explode('|', $request['user']->get('usergroups')); $groups = $request['user']->get('usergroups') && $request['user']->get('usergroups') != '' ? iif(!$result, force_usergroups($request['user']->getInfoArray()), $result) : array(); $query = "SELECT * FROM " . K4USERGROUPS . " WHERE display_legend = 1"; if ($request['user']->get('perms') < ADMIN) { foreach ($groups as $id) { if (isset($_USERGROUPS[$id])) { $query .= ' OR id = ' . intval($id); } } } else { $query = "SELECT * FROM " . K4USERGROUPS; } $groups = $request['dba']->executeQuery($query); $request['template']->setList('usergroups', $groups); k4_bread_crumbs($request['template'], $request['dba'], 'L_USERGROUPS'); $request['template']->setFile('content', 'usergroups.html'); /** * Are we looking at a specific user group? */ } else { /* Is this user group set? */ if (!isset($_USERGROUPS[intval($_REQUEST['id'])])) { k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); $action = new K4InformationAction(new K4LanguageElement('L_GROUPDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } $group = $_USERGROUPS[intval($_REQUEST['id'])]; /** * If the group admin has yet to be set, set it to our administrator */ if ($group['mod_name'] == '' || $group['mod_id'] == 0) { /* Get our administrator */ $admin = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE perms >= " . intval(ADMIN) . " ORDER BY perms,id ASC LIMIT 1"); $request['dba']->executeUpdate("UPDATE " . K4USERGROUPS . " SET mod_name = '" . $request['dba']->quote($admin['name']) . "', mod_id = " . intval($admin['id']) . " WHERE id = " . intval($group['id'])); reset_cache('usergroups'); /* Add this info to the group array so that we can access it later */ $group['mod_name'] = $admin['name']; $group['mod_id'] = $admin['id']; } /* Get our admins max user group.. it _should_ be the administrators group */ $g = get_user_max_group($request['dba']->getRow("SELECT " . $_QUERYPARAMS['user'] . $_QUERYPARAMS['userinfo'] . " FROM " . K4USERS . " u LEFT JOIN " . K4USERINFO . " ui ON u.id=ui.user_id WHERE u.id = " . intval($group['mod_id'])), $_USERGROUPS); /* Set his group's color */ $group['mod_color'] = !isset($g['color']) || $g['color'] == '' ? '000000' : $g['color']; /* Add this group's info to the database */ foreach ($group as $key => $val) { $request['template']->setVar('group_' . $key, $val); } /* Create the Pagination */ $resultsperpage = 10; $num_results = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE usergroups LIKE '%|" . intval($group['id']) . "|%' AND id <> " . intval($group['mod_id'])); $perpage = isset($_REQUEST['limit']) && ctype_digit($_REQUEST['limit']) && intval($_REQUEST['limit']) > 0 ? intval($_REQUEST['limit']) : $resultsperpage; $num_pages = ceil($num_results / $perpage); $page = isset($_REQUEST['page']) && ctype_digit($_REQUEST['page']) && intval($_REQUEST['page']) > 0 ? intval($_REQUEST['page']) : 1; $pager =& new FAPaginator($_URL, $num_results, $page, $perpage); if ($num_results > $perpage) { $request['template']->setPager('users_pager', $pager); /* Create a friendly url for our pager jump */ $page_jumper = new FAUrl($_URL->__toString()); $page_jumper->args['limit'] = $perpage; $page_jumper->args['page'] = FALSE; $page_jumper->anchor = FALSE; $request['template']->setVar('pagejumper_url', preg_replace('~&~i', '&', $page_jumper->__toString())); } /* Outside valid page range, redirect */ if (!$pager->hasPage($page) && $num_pages > 0) { $action = new K4InformationAction(new K4LanguageElement('L_PASTPAGELIMIT'), 'content', FALSE, 'usergroups.php?id=' . $group['id'] . '&limit=' . $perpage . '&page=' . $num_pages, 3); return $action->execute($request); } /* Get the members for this usergroup */ $start = ($page - 1) * $perpage; /* Get the members of this usergroup */ if ($num_results > 0) { $result = $request['dba']->executeQuery("SELECT " . $_QUERYPARAMS['user'] . $_QUERYPARAMS['userinfo'] . " FROM " . K4USERS . " u LEFT JOIN " . K4USERINFO . " ui ON u.id=ui.user_id WHERE u.usergroups LIKE '%|" . intval($group['id']) . "|%' AND u.id <> " . intval($group['mod_id']) . " LIMIT " . intval($start) . ", " . intval($perpage)); $users =& new UsersIterator($result); $request['template']->setList('users_in_usergroup', $users); } $request['template']->setVar('num_group_members', $num_results); if ($request['user']->get('id') == $group['mod_id']) { $request['template']->setVisibility('add_user', TRUE); $request['template']->setVar('is_mod', 1); } k4_bread_crumbs($request['template'], $request['dba'], $group['name']); $request['template']->setFile('content', 'lookup_usergroup.html'); } return TRUE; }
function execute(&$action, &$request) { global $_DATASTORE; if (isset($_DATASTORE['massmail']) && is_array($_DATASTORE['massmail'])) { $maxid = $_DATASTORE['massmail']['startid'] + EMAIL_INTERVAL; $users = $request['dba']->executeQuery("SELECT name, email FROM " . K4USERS . " WHERE id >= " . intval($_DATASTORE['massmail']['startid']) . " AND id < " . intval($maxid)); if ($users->numrows() > 0) { $bcc = ''; $to = ''; /* Send out a specific frequency of emails */ while ($users->next()) { $user = $users->current(); if ($user['email'] != '') { email_user($user['email'], $_DATASTORE['massmail']['subject'], $_DATASTORE['massmail']['message'], $_DATASTORE['massmail']['from']); // if($to != '') { // $bcc .= $user['email'] .", "; // } else { // $to = $user['email']; // } } } // $bcc = $bcc != '' ? "\nBcc:". trim(trim($bcc), ',') : ''; // email_user($to, $_DATASTORE['massmail']['subject'], $_DATASTORE['massmail']['message'], $_DATASTORE['massmail']['from'], $bcc); /* Change the properties of the massmail */ $_DATASTORE['massmail']['startid'] = $maxid; // update the datastore $update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data = ? WHERE varname = 'massmail'"); $update->setString(1, serialize($_DATASTORE['massmail'])); $update->executeUpdate(); } else { $request['dba']->executeUpdate("DELETE FROM " . K4DATASTORE . " WHERE varname = 'massmail'"); } reset_cache('datastore'); } }
function execute(&$request) { global $_QUERYPARAMS, $_DATASTORE, $_USERGROUPS; /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); if (!isset($_REQUEST['id']) || !$_REQUEST['id'] || intval($_REQUEST['id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_TOPICDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } /* Get our topic */ $topic = $request['dba']->getRow("SELECT * FROM " . K4POSTS . " WHERE post_id = " . intval($_REQUEST['id'])); if (!$topic || !is_array($topic) || empty($topic)) { $action = new K4InformationAction(new K4LanguageElement('L_TOPICDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } $forum = $request['dba']->getRow("SELECT * FROM " . K4FORUMS . " WHERE forum_id = " . intval($topic['forum_id'])); /* Check the forum data given */ if (!$forum || !is_array($forum) || empty($forum)) { $action = new K4InformationAction(new K4LanguageElement('L_FORUMDOESNTEXIST'), 'content', FALSE); return $action->execute($request); } /* Make sure the we are trying to delete from a forum */ if (!($forum['row_type'] & FORUM)) { $action = new K4InformationAction(new K4LanguageElement('L_CANTDELFROMNONFORUM'), 'content', FALSE); return $action->execute($request); } /* set the breadcrumbs bit */ k4_bread_crumbs($request['template'], $request['dba'], 'L_DELETETOPIC', $forum); /* Are we dealing with a topic or a poll? */ $type = $topic['is_poll'] == 1 ? 'polls' : 'topics'; /* Does this person have permission to remove this topic? */ if ($topic['poster_id'] == $request['user']->get('id')) { if (get_map($type, 'can_del', array('forum_id' => $forum['forum_id'])) > $request['user']->get('perms')) { no_perms_error($request); return TRUE; } } else { if (get_map('other_' . $type, 'can_del', array('forum_id' => $forum['forum_id'])) > $request['user']->get('perms')) { no_perms_error($request); return TRUE; } } if (!is_moderator($request['user']->getInfoArray(), $forum)) { no_perms_error($request); return TRUE; } /** * Remove the topic and all of its replies */ /* Remove the topic and all replies from the information table */ remove_item($topic['post_id'], 'post_id'); // delete this topics attachments remove_attachments($request, $topic); // delete any possible moved topic redirectors $request['dba']->executeUpdate("DELETE FROM " . K4POSTS . " WHERE moved_new_post_id = " . intval($topic['post_id'])); reset_cache('datastore'); reset_cache('email_queue'); /* Redirect the user */ $action = new K4InformationAction(new K4LanguageElement('L_DELETEDTOPIC', $topic['name'], $forum['name']), 'content', FALSE, 'viewforum.php?f=' . $forum['forum_id'], 3); return $action->execute($request); }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) { /* Error check */ if (!isset($_REQUEST['id']) || intval($_REQUEST['id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDMAPID'), 'content', FALSE); return $action->execute($request); } $map = $request['dba']->getRow("SELECT * FROM " . K4MAPS . " WHERE id = " . intval($_REQUEST['id'])); /* Error check */ if (!is_array($map) || empty($map)) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDMAPID'), 'content', FALSE); return $action->execute($request); } /* Update this map's parent */ if ($map['parent_id'] > 0) { $num_children = intval($map['num_children']) + 1; $request['dba']->executeUpdate("UPDATE " . K4MAPS . " SET num_children=num_children-" . $num_children . " WHERE id = " . intval($map['parent_id'])); } /* Remove this mapp node */ $request['dba']->executeUpdate("DELETE FROM " . K4MAPS . " WHERE id = " . intval($map['id'])); /* Recursively remove all of its children */ if ($map['num_children'] > 0) { $this->recursive_remove($map['id']); } reset_cache('maps'); k4_bread_crumbs($request['template'], $request['dba'], 'L_PERMISSIONS'); $request['template']->setVar('options_on', '_on'); $request['template']->setFile('sidebar_menu', 'menus/options.html'); /* Redirect the user */ $action = new K4InformationAction(new K4LanguageElement('L_REMOVEDMAPSITEM'), 'content', FALSE, 'admin.php?act=permissions_gui', 3); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$request) { if ($request['user']->get('perms') < get_map('flaguser', 'can_add', array())) { no_perms_error($request); return TRUE; } if (isset($_REQUEST['id'])) { $user = $request['dba']->getRow("SELECT * FROM " . K4USERS . " WHERE id = " . intval($_REQUEST['id'])); if (!is_array($user) || empty($user)) { k4_bread_crumbs($request['template'], $request['dba'], 'L_INFORMATION'); $action = new K4InformationAction(new K4LanguageElement('L_USERDOESNTEXIST'), 'content', TRUE); return $action->execute($request); } if ($user['flag_level'] == 0) { $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET flag_level = 1 WHERE id = " . intval($user['id'])); k4_bread_crumbs($request['template'], $request['dba'], 'L_FLAGUSER'); $action = new K4InformationAction(new K4LanguageElement('L_FLAGGEDUSER', $user['name']), 'content', TRUE, 'index.php', 3); } else { $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET flag_level = 0 WHERE id = " . intval($user['id'])); k4_bread_crumbs($request['template'], $request['dba'], 'L_UNFLAGUSER'); $action = new K4InformationAction(new K4LanguageElement('L_UNFLAGGEDUSER', $user['name']), 'content', TRUE, 'index.php', 3); } reset_cache('flagged_users'); return $action->execute($request); } else { k4_bread_crumbs($request['template'], $request['dba'], 'L_FLAGUSER'); $request['template']->setFile('content', 'finduser.html'); } }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= ADMIN) { if (!isset($_REQUEST['field']) || $_REQUEST['field'] == '') { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDUSERFIELD'), 'content', TRUE); return $action->execute($request); } $field = $request['dba']->getRow("SELECT * FROM " . K4PROFILEFIELDS . " WHERE name = '" . $request['dba']->quote($_REQUEST['field']) . "'"); if (!$field || !is_array($field) || empty($field)) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDUSERFIELD'), 'content', TRUE); return $action->execute($request); } push_error_handler(create_function('', 'return TRUE;')); $ret = $request['dba']->executeQuery("SELECT " . $field['name'] . " FROM " . K4USERINFO . " LIMIT 1"); pop_error_handler(); if ($ret === FALSE) { /* Delete the profile field version of this because obviously it shouldn't exist */ $request['dba']->executeUpdate("DELETE FROM " . K4PROFILEFIELDS . " WHERE name = '" . $request['dba']->quote($field['name']) . "'"); $action = new K4InformationAction(new K4LanguageElement('L_INVALIDUSERFIELD'), 'content', TRUE); return $action->execute($request); } $update = $request['dba']->prepareStatement("UPDATE " . K4PROFILEFIELDS . " SET title=?, description=?, default_value=?, inputtype=?, user_maxlength=?, inputoptions=?, min_perm=?, display_register=?, display_profile=?, display_topic=?, display_post=?, display_memberlist=?, display_image=?, display_size=?, display_rows=?, display_order=?, is_editable=?, is_private=?, is_required=?, special_pcre=? WHERE name=?"); $update->setString(1, @$_REQUEST['title']); $update->setString(2, @$_REQUEST['description']); $update->setString(3, @$_REQUEST['default_value']); $update->setString(4, @$_REQUEST['inputtype']); $update->setInt(5, intval(@$_REQUEST['user_maxlength']) > 0 ? intval(@$_REQUEST['user_maxlength']) : 255); $update->setString(6, isset($_REQUEST['inputoptions']) && @$_REQUEST['inputoptions'] != '' ? serialize(explode('\\n', preg_replace("~(\r|\n|\r\n)~is", "\n", @$_REQUEST['inputoptions']))) : ''); $update->setInt(7, @$_REQUEST['min_perm']); $update->setInt(8, isset($_REQUEST['display_register']) && @$_REQUEST['display_register'] == 'yes' ? 1 : 0); $update->setInt(9, isset($_REQUEST['display_profile']) && @$_REQUEST['display_profile'] == 'yes' ? 1 : 0); $update->setInt(10, isset($_REQUEST['display_topic']) && @$_REQUEST['display_topic'] == 'yes' ? 1 : 0); $update->setInt(11, isset($_REQUEST['display_post']) && @$_REQUEST['display_post'] == 'yes' ? 1 : 0); $update->setInt(12, isset($_REQUEST['display_memberlist']) && @$_REQUEST['display_memberlist'] == 'yes' ? 1 : 0); $update->setString(13, @$_REQUEST['display_image']); $update->setInt(14, @$_REQUEST['display_size']); $update->setInt(15, @$_REQUEST['display_rows']); $update->setInt(16, @$_REQUEST['display_order']); $update->setInt(17, @$_REQUEST['is_editable']); $update->setInt(18, @$_REQUEST['is_private']); $update->setInt(19, @$_REQUEST['is_required']); $update->setString(20, @$_REQUEST['special_pcre']); $update->setString(21, $field['name']); $update->executeUpdate(); reset_cache('profile_fields'); k4_bread_crumbs($request['template'], $request['dba'], 'L_USERPROFILEFIELDS'); $request['template']->setVar('users_on', '_on'); $request['template']->setFile('sidebar_menu', 'menus/users.html'); $action = new K4InformationAction(new K4LanguageElement('L_UPDATEDPROFILEFIELD', $_REQUEST['title']), 'content', FALSE, 'admin.php?act=userfields', 3); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= SUPERADMIN) { global $_QUERYPARAMS; if (!isset($_REQUEST['id']) || intval($_REQUEST['id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDCATEGORY'), 'content', FALSE); return $action->execute($request); } $category = $request['dba']->getRow("SELECT * FROM " . K4CATEGORIES . " WHERE category_id = " . intval($_REQUEST['id'])); if (!is_array($category) || empty($category)) { $action = new K4InformationAction(new K4LanguageElement('L_INVALIDCATEGORY'), 'content', FALSE); return $action->execute($request); } foreach ($category as $key => $val) { $request['template']->setVar('category_' . $key, $val); } $category_map = $request['dba']->getRow("SELECT * FROM " . K4MAPS . " WHERE varname = 'category" . $category['category_id'] . "' AND category_id = " . intval($category['category_id'])); $category_maps = $request['dba']->executeQuery("SELECT * FROM " . K4MAPS . " WHERE category_id = " . intval($category['category_id']) . " AND forum_id = 0"); while ($category_maps->next()) { $c = $category_maps->current(); if (isset($_REQUEST[$c['varname'] . '_can_view']) && isset($_REQUEST[$c['varname'] . '_can_add']) && isset($_REQUEST[$c['varname'] . '_can_edit']) && isset($_REQUEST[$c['varname'] . '_can_del'])) { if ($_REQUEST[$c['varname'] . '_can_view'] != $c['can_view'] || $_REQUEST[$c['varname'] . '_can_add'] != $c['can_add'] || $_REQUEST[$c['varname'] . '_can_edit'] != $c['can_edit'] || $_REQUEST[$c['varname'] . '_can_del'] != $c['can_del']) { $update = $request['dba']->prepareStatement("UPDATE " . K4MAPS . " SET can_view=?,can_add=?,can_edit=?,can_del=? WHERE varname=? AND category_id=?"); $update->setInt(1, $_REQUEST[$c['varname'] . '_can_view']); $update->setInt(2, $_REQUEST[$c['varname'] . '_can_add']); $update->setInt(3, $_REQUEST[$c['varname'] . '_can_edit']); $update->setInt(4, $_REQUEST[$c['varname'] . '_can_del']); $update->setString(5, $c['varname']); $update->setInt(6, $category['category_id']); $update->executeUpdate(); unset($update); } } } reset_cache('all_forums'); k4_bread_crumbs($request['template'], $request['dba'], 'L_CATEGORIES'); $request['template']->setVar('forums_on', '_on'); $request['template']->setFile('sidebar_menu', 'menus/forums.html'); $action = new K4InformationAction(new K4LanguageElement('L_UPDATEDCATEGORYPERMS', $category['name']), 'content', FALSE, 'admin.php?act=categories', 3); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
/** * Execute our mail queue by sending out an appropriate amount of emails at once */ function execute_mail_queue(&$dba, $mailqueue) { global $_SETTINGS, $_URL; if (is_array($mailqueue) && !empty($mailqueue)) { array_values($mailqueue); if (isset($mailqueue[0])) { $queue = $mailqueue[0]; $users = force_unserialize($mailqueue[0]['userinfo']); if (is_array($users) && !empty($users)) { /* Reset the starting point of this array */ $users = array_values($users); $count = count($users); $user_query = ''; /* Loop through the users */ for ($i = 0; $i < EMAIL_INTERVAL; $i++) { if (isset($users[$i]) && is_array($users[$i]) && intval($users[$i]['id']) != 0) { $temp_i = $i; if ($users[$i]['name'] != $users[$i]['poster_name']) { $message = sprintf($mailqueue[0]['message'], $users[$i]['name'], $users[$i]['poster_name']); $page =& new FAUrl(forum_url()); $page->args = array(); $page->file = FALSE; $page->path = FALSE; $page->anchor = FALSE; $page->scheme = FALSE; /* Email our user */ mail($users[$i]['email'], $mailqueue[0]['subject'], $message, "From: \"" . $_SETTINGS['bbtitle'] . " Forums\" <noreply@" . $page->__toString() . ">"); $user_query .= $i == 0 ? 'user_id = ' . intval($users[$i]['id']) : ' OR user_id = ' . intval($users[$i]['id']); unset($users[$i]); } } } /* Update the subscriptions 'requires revisit' field */ $dba->executeUpdate("UPDATE " . K4SUBSCRIPTIONS . " SET requires_revisit = 1 WHERE post_id = " . $queue['row_id'] . " " . ($user_query != '' ? "AND (" . $user_query . ")" : '')); /* If we have finished with this queue item */ if ($count <= EMAIL_INTERVAL) { $dba->executeUpdate("DELETE FROM " . K4MAILQUEUE . " WHERE id = " . intval($mailqueue[0]['id'])); } else { $users = array_values($users); $update = $dba->prepareStatement("UPDATE " . K4MAILQUEUE . " SET userinfo=? WHERE id=?"); $update->setString(1, serialize($users)); $update->setInt(2, $mailqueue[0]['id']); $update->executeUpdate(); } } else { $dba->executeUpdate("DELETE FROM " . K4MAILQUEUE . " WHERE id = " . intval($mailqueue[0]['id'])); } reset_cache('email_queue'); } } }
function execute(&$request) { if ($request['user']->isMember() && $request['user']->get('perms') >= ADMIN) { k4_bread_crumbs($request['template'], $request['dba'], 'L_FAQ'); $request['template']->setVar('faq_on', '_on'); $request['template']->setFile('sidebar_menu', 'menus/faq.html'); if (!isset($_REQUEST['id']) || intval($_REQUEST['id']) == 0) { $action = new K4InformationAction(new K4LanguageElement('L_BADFAQCATEGORY'), 'content', FALSE, 'admin.php?act=faq_categories', 3); return $action->execute($request); } $category = $request['dba']->getRow("SELECT * FROM " . K4FAQCATEGORIES . " WHERE category_id = " . intval($_REQUEST['id'])); if (!is_array($category) || empty($category)) { $action = new K4InformationAction(new K4LanguageElement('L_BADFAQCATEGORY'), 'content', FALSE, 'admin.php?act=faq_categories', 3); return $action->execute($request); } $request['dba']->beginTransaction(); $request['dba']->executeUpdate("DELETE FROM " . K4FAQCATEGORIES . " WHERE category_id = " . $category['category_id']); $request['dba']->executeUpdate("DELETE FROM " . K4FAQANSWERS . " WHERE category_id = " . $category['category_id']); $this->recursive_delete_faq($request['dba'], $category['category_id']); $request['dba']->executeUpdate("UPDATE " . K4FAQCATEGORIES . " SET num_categories=num_categories-1 WHERE category_id = " . intval($category['parent_id'])); $request['dba']->commitTransaction(); reset_cache('faq_categories'); $action = new K4InformationAction(new K4LanguageElement('L_REMOVEDFAQCATEGORY', $category['name']), 'content', FALSE, 'admin.php?act=faq_categories', 3); return $action->execute($request); } else { no_perms_error($request); } return TRUE; }
function execute(&$action, &$request) { if ($request['event'] == 'register_user') { /* Create the ancestors bar (if we run into any trouble */ k4_bread_crumbs($request['template'], $request['dba'], 'L_REGISTER'); if (intval($request['template']->getVar('allowregistration')) == 0) { if (!USE_XMLHTTP) { no_perms_error($request); return TRUE; } else { xmlhttp_message('L_YOUNEEDPERMS'); } } if (!$request['user']->isMember()) { global $_PROFILEFIELDS, $_SETTINGS, $_URL, $_DATASTORE; /* If we are not allowed to register */ if (isset($_SETTINGS['allowregistration']) && $_SETTINGS['allowregistration'] == 0) { $action = new K4InformationAction(new K4LanguageElement('L_CANTREGISTERADMIN'), 'content', FALSE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_CANTREGISTERADMIN'); } /* Collect the custom profile fields to display */ $query_fields = ''; $query_params = ''; foreach ($_PROFILEFIELDS as $field) { if ($field['display_register'] == 1) { /* This insures that we only put in what we need to */ if (isset($_REQUEST[$field['name']])) { switch ($field['inputtype']) { default: case 'text': case 'textarea': case 'select': if ($_REQUEST[$field['name']] != '') { $query_fields .= ', ' . $field['name']; $query_params .= ", '" . $request['dba']->quote(k4_htmlentities($_REQUEST[$field['name']], ENT_QUOTES)) . "'"; } break; case 'multiselect': case 'radio': case 'check': if (is_array($_REQUEST[$field['name']]) && !empty($_REQUEST[$field['name']])) { $query_fields .= ', ' . $field['name']; $query_params .= ", '" . $request['dba']->quote(serialize($_REQUEST[$field['name']])) . "'"; } break; } } } } /** * Error checking */ /* Username checks */ if (!$this->runPostFilter('username', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_BADUSERNAME'); } if (!$this->runPostFilter('username', new FARegexFilter('~^[a-zA-Z]([a-zA-Z0-9]*[-_ ]?)*[a-zA-Z0-9]*$~'))) { $action = new K4InformationAction(new K4LanguageElement('L_BADUSERNAME'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_BADUSERNAME'); } if (!$this->runPostFilter('username', new FALengthFilter(intval($_SETTINGS['maxuserlength'])))) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOLONG', intval($_SETTINGS['maxuserlength'])), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMETOOSHORT'); } if (!$this->runPostFilter('username', new FALengthFilter(intval($_SETTINGS['maxuserlength']), intval($_SETTINGS['minuserlength'])))) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETOOSHORT', intval($_SETTINGS['minuserlength']), intval($_SETTINGS['maxuserlength'])), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message(new K4LanguageElement('L_USERNAMETOOSHORT', intval($_SETTINGS['minuserlength']), intval($_SETTINGS['maxuserlength']))); } if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE name = '" . $request['dba']->quote($_REQUEST['username']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMETAKEN'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMETAKEN'); } if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4BADUSERNAMES . " WHERE name = '" . $request['dba']->quote($_REQUEST['username']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_USERNAMENOTGOOD'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_USERNAMENOTGOOD'); } /* Check the appropriatness of the username */ $name = $_REQUEST['username']; replace_censors($name); if ($name != $_REQUEST['username']) { $action = new K4InformationAction(new K4LanguageElement('L_INNAPROPRIATEUNAME'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_INNAPROPRIATEUNAME'); } /* Password checks */ if (!$this->runPostFilter('password', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYPASSWORD'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYPASSWORD'); } if (!$this->runPostFilter('password2', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYPASSCHECK'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYPASSCHECK'); } if (!$this->runPostFilter('password', new FACompareFilter('password2'))) { $action = new K4InformationAction(new K4LanguageElement('L_PASSESDONTMATCH'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_PASSESDONTMATCH'); } /* Email checks */ if (!$this->runPostFilter('email', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAIL'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYEMAIL'); } if (!$this->runPostFilter('email2', new FARequiredFilter())) { $action = new K4InformationAction(new K4LanguageElement('L_SUPPLYEMAILCHECK'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_SUPPLYEMAILCHECK'); } if (!$this->runPostFilter('email', new FACompareFilter('email2'))) { $action = new K4InformationAction(new K4LanguageElement('L_EMAILSDONTMATCH'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_EMAILSDONTMATCH'); } if (!$this->runPostFilter('email', new FARegexFilter('~^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$~'))) { $action = new K4InformationAction(new K4LanguageElement('L_NEEDVALIDEMAIL'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_NEEDVALIDEMAIL'); } if ($_SETTINGS['requireuniqueemail'] == 1) { if ($request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS . " WHERE email = '" . $request['dba']->quote($_REQUEST['email']) . "'") > 0) { $action = new K4InformationAction(new K4LanguageElement('L_EMAILTAKEN'), 'content', TRUE); return !USE_XMLHTTP ? TRUE : xmlhttp_message('L_EMAILTAKEN'); } } /* Exit right here to send no content to the browser if ajax is enabled */ if (USE_XMLHTTP) { exit; } /** * Do the database inserting */ $name = k4_htmlentities(strip_tags($_REQUEST['username']), ENT_QUOTES); $reg_key = md5(uniqid(rand(), TRUE)); $insert_a = $request['dba']->prepareStatement("INSERT INTO " . K4USERS . " (name,email,pass,perms,reg_key,usergroups,created) VALUES (?,?,?,?,?,?,?)"); $insert_a->setString(1, $name); $insert_a->setString(2, $_REQUEST['email']); $insert_a->setString(3, md5($_REQUEST['password'])); $insert_a->setInt(4, PENDING_MEMBER); $insert_a->setString(5, $reg_key); $insert_a->setString(6, '|1|'); $insert_a->setInt(7, time()); $insert_a->executeUpdate(); $user_id = intval($request['dba']->getInsertId(K4USERS, 'id')); $insert_b = $request['dba']->prepareStatement("INSERT INTO " . K4USERINFO . " (user_id,timezone" . $query_fields . ") VALUES (?,?" . $query_params . ")"); $insert_b->setInt(1, $user_id); $insert_b->setInt(2, intval(@$_REQUEST['timezone'])); $request['dba']->executeUpdate("INSERT INTO " . K4USERSETTINGS . " (user_id) VALUES (" . $user_id . ")"); $insert_b->executeUpdate(); $datastore_update = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data=? WHERE varname=?"); /* Set the datastore values */ $datastore = $_DATASTORE['forumstats']; $datastore['num_members'] = $request['dba']->getValue("SELECT COUNT(*) FROM " . K4USERS); $datastore['newest_user_id'] = $user_id; $datastore['newest_user_name'] = $name; $datastore_update->setString(1, serialize($datastore)); $datastore_update->setString(2, 'forumstats'); $datastore_update->executeUpdate(); reset_cache('datastore'); /* Do we need to validate their email by having them follow a url? */ if (intval($_SETTINGS['verifyemail']) == 1) { $verify_url = $_URL; $verify_url->args = array('act' => 'activate_accnt', 'key' => $reg_key); $verify_url->file = 'member.php'; $url = str_replace('&', '&', $verify_url->__toString()); $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET usergroups = '1' WHERE id = " . intval($user_id)); $email = sprintf($request['template']->getVar('L_REGISTEREMAILRMSG'), $name, $_SETTINGS['bbtitle'], $url, $_SETTINGS['bbtitle']); $action = new K4InformationAction(new K4LanguageElement('L_SUCCESSREGISTEREMAIL', $_SETTINGS['bbtitle'], $_REQUEST['email']), 'content', FALSE, 'index.php', 5); //return $action->execute($request); } else { $request['dba']->executeUpdate("UPDATE " . K4USERS . " SET perms = " . MEMBER . ", priv_key = '', reg_key = '' WHERE id = " . intval($user_id)); $action = new K4InformationAction(new K4LanguageElement('L_SUCCESSREGISTER', $_SETTINGS['bbtitle']), 'content', FALSE, 'index.php', 5); //return $action->execute($request); $email = sprintf($request['template']->getVar('L_REGISTEREMAILMSG'), $name, $_SETTINGS['bbtitle'], $_SETTINGS['bbtitle']); } /* Finally, mail our user */ email_user($_REQUEST['email'], sprintf($request['template']->getVar('L_REGISTEREMAILTITLE'), $_SETTINGS['bbtitle']), $email); return TRUE; } else { $action = new K4InformationAction(new K4LanguageElement('L_CANTREGISTERLOGGEDIN'), 'content', FALSE, 'index.php', 3); return TRUE; } return FALSE; } }
function execute(&$request) { //$action = new AdminCSSRequestAction(); //return $action->execute($request); global $_DATASTORE, $_USERGROUPS, $_QUERYPARAMS; // Member/Guest specifics if (!$request['user']->isMember()) { $request['template']->setVar('welcome_title', sprintf($request['template']->getVar('L_WELCOMETITLE'), $request['template']->getVar('bbtitle'))); $request['template']->setFile('quick_login', 'login_form_quick.html'); $request['template']->setVisibility('welcome_msg', TRUE); } // The content panel $request['template']->setFile('content', 'forums.html'); $forums =& new K4ForumsIterator($request['dba'], "SELECT * FROM " . K4FORUMS . " WHERE parent_id=0 ORDER BY row_order ASC"); //$categories = &new K4ForumsIterator($request['dba'], "SELECT * FROM ". K4FORUMS ." WHERE row_type=". CATEGORY ." AND parent_id = 0 ORDER BY row_order ASC"); $request['template']->setVisibility('no_forums', !$forums->hasNext() ? TRUE : FALSE); $request['template']->setList('tlforums', $forums); //$request['template']->setList('categories', $categories); // Set the online users list $user_extra = $request['user']->isMember() ? ' OR (seen > 0 AND user_id = ' . intval($request['user']->get('id')) . ')' : ''; $expired = time() - ini_get('session.gc_maxlifetime'); $online_users = $request['dba']->executeQuery("SELECT * FROM " . K4SESSIONS . " WHERE ((seen >= {$expired}) {$user_extra}) AND ((user_id > 0) OR (user_id = 0 AND name <> '')) GROUP BY name ORDER BY seen DESC"); $online_users =& new K4OnlineUsersIterator($request['dba'], '', $online_users); $request['template']->setList('online_users', $online_users); //$newest_user = $request['dba']->getRow("SELECT name, id FROM ". K4USERS ." ORDER BY id DESC LIMIT 1"); $expired = time() - ini_get('session.gc_maxlifetime'); //print_r($_DATASTORE); exit; $stats = array('num_online_members' => intval(Globals::getGlobal('num_online_members')), 'num_invisible' => intval(Globals::getGlobal('num_online_invisible')), 'num_topics' => intval($_DATASTORE['forumstats']['num_topics']), 'num_replies' => intval($_DATASTORE['forumstats']['num_replies']), 'num_members' => intval($_DATASTORE['forumstats']['num_members']), 'num_guests' => $request['dba']->getValue("SELECT COUNT(*) FROM " . K4SESSIONS . " WHERE seen >= {$expired} AND user_id=0"), 'newest_uid' => $_DATASTORE['forumstats']['newest_user_id'], 'newest_user' => $_DATASTORE['forumstats']['newest_user_name']); $stats['num_online_total'] = $stats['num_online_members'] + $stats['num_invisible'] + $stats['num_guests']; $request['template']->setVar('num_online_members', $stats['num_online_members']); $request['template']->setVar('newest_member', sprintf($request['template']->getVar('L_NEWESTMEMBER'), $stats['newest_uid'], $stats['newest_user'])); $request['template']->setVar('total_users', sprintf($request['template']->getVar('L_TOTALUSERS'), $stats['num_members'])); $request['template']->setVar('total_posts', sprintf($request['template']->getVar('L_TOTALPOSTS'), $stats['num_topics'] + $stats['num_replies'], $stats['num_topics'], $stats['num_replies'])); $request['template']->setVar('online_stats', sprintf($request['template']->getVar('L_ONLINEUSERSTATS'), $stats['num_online_total'], $stats['num_online_members'], $stats['num_guests'], $stats['num_invisible'])); $request['template']->setVar('most_users_ever', sprintf($request['template']->getVar('L_MOSTUSERSEVERONLINE'), $_DATASTORE['maxloggedin']['maxonline'], date("n/j/Y", bbtime($_DATASTORE['maxloggedin']['maxonlinedate'])), date("g:ia", bbtime($_DATASTORE['maxloggedin']['maxonlinedate'])))); if ($stats['num_online_total'] >= $_DATASTORE['maxloggedin']['maxonline']) { $maxloggedin = array('maxonline' => $stats['num_online_total'], 'maxonlinedate' => time()); $query = $request['dba']->prepareStatement("UPDATE " . K4DATASTORE . " SET data = ? WHERE varname = ?"); $query->setString(1, serialize($maxloggedin)); $query->setString(2, 'maxloggedin'); $query->executeUpdate(); reset_cache('datastore'); } // Show the forum status icons $request['template']->setVisibility('forum_status_icons', TRUE); $request['template']->setFile('content_extra', 'forum_status_icons.html'); if ($request['user']->get('perms') >= get_map('can_see_board', 'can_add', array())) { $request['template']->setVisibility('forum_midsection', TRUE); $groups = array(); // Set the usergroups legend list if (is_array($_USERGROUPS) && !empty($_USERGROUPS)) { foreach ($_USERGROUPS as $group) { if ($group['display_legend'] == 1) { $group['U_USERGROUPURL'] = K4Url::getUserGroupUrl($group['id']); $groups[] = $group; } } } } $groups =& new FAArrayIterator($groups); $request['template']->setList('usergroups_legend', $groups); /* Set the forum stats */ $request['template']->setFile('forum_info', 'forum_info.html'); $request['template']->setVar('can_see_board', get_map('can_see_board', 'can_view', array())); k4_bread_crumbs($request['template'], $request['dba'], 'L_HOME'); }