function sp_UpdateProfile()
{
global $spGlobals, $spThisUser;
# make sure nonce is there
check_admin_referer('forum-profile', 'forum-profile');
$message = array();
# dont update forum if its locked down
if ($spGlobals['lockdown']) {
$message['type'] = 'error';
$message['text'] = sp_text('This forum is currently locked - access is read only - profile not updated');
return $message;
}
# do we have a form to update?
if (isset($_GET['form'])) {
$thisForm = sp_esc_str($_GET['form']);
} else {
$message['type'] = 'error';
$message['text'] = sp_text('Profile update aborted - no valid form');
return $message;
}
# do we have an actual user to update?
if (isset($_GET['userid'])) {
$thisUser = sp_esc_int($_GET['userid']);
} else {
$message['type'] = 'error';
$message['text'] = sp_text('Profile update aborted - no valid user');
return $message;
}
# Check the user ID for current user of admin edit
if ($thisUser != $spThisUser->ID && !$spThisUser->admin) {
$message['type'] = 'error';
$message['text'] = sp_text('Profile update aborted - no valid user');
return $message;
}
if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) {
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (empty($pass1) || empty($pass2) || $pass1 != $pass2) {
$message['type'] = 'error';
$message['text'] = sp_text('Cannot save profile until password has been changed');
return $message;
}
}
# form save filter
$thisForm = apply_filters('sph_profile_save_thisForm', $thisForm);
# valid save attempt, so lets process the save
switch ($thisForm) {
case 'show-memberships':
# update memberships
# any usergroup removals?
if (isset($_POST['usergroup_leave'])) {
foreach ($_POST['usergroup_leave'] as $membership) {
sp_remove_membership(sp_esc_str($membership), $thisUser);
}
}
# any usergroup joins?
if (isset($_POST['usergroup_join'])) {
foreach ($_POST['usergroup_join'] as $membership) {
sp_add_membership(sp_esc_int($membership), $thisUser);
}
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfileMemberships', $message, $thisUser);
# output update message
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Memberships updated');
}
break;
case 'account-settings':
# update account settings
# check for password update
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (!empty($pass1) || !empty($pass2)) {
if ($pass1 != $pass2) {
$message['type'] = 'error';
$message['text'] = sp_text('Please enter the same password in the two password fields');
return $message;
} else {
# update the password
$user = new stdClass();
$user->ID = (int) $thisUser;
$user->user_pass = $pass1;
wp_update_user(get_object_vars($user));
if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) {
delete_user_meta($spThisUser->ID, 'sp_change_pw');
}
}
}
# now check the email is valid and unique
$update = apply_filters('sph_ProfileUserEmailUpdate', true);
if ($update) {
$curEmail = sp_filter_email_save($_POST['curemail']);
$email = sp_filter_email_save($_POST['email']);
if ($email != $curEmail) {
if (empty($email)) {
$message['type'] = 'error';
$message['text'] = sp_text('Please enter a valid email address');
return $message;
} elseif (($owner_id = email_exists($email)) && $owner_id != $thisUser) {
$message['type'] = 'error';
$message['text'] = sp_text('The email address is already registered. Please choose another one');
return $message;
}
# save new email address
$sql = 'UPDATE ' . SFUSERS . " SET user_email='{$email}' WHERE ID=" . $thisUser;
spdb_query($sql);
}
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfileSettings', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Account settings updated');
}
break;
case 'edit-profile':
# update profile settings
# validate any username change
$update = apply_filters('sph_ProfileUserDisplayNameUpdate', true);
if ($update) {
$spProfile = sp_get_option('sfprofile');
if ($spProfile['nameformat'] || $spThisUser->admin) {
$display_name = !empty($_POST['display_name']) ? trim($_POST['display_name']) : spdb_table(SFUSERS, "ID={$thisUser}", 'user_login');
$display_name = sp_filter_name_save($display_name);
# make sure display name isnt already used
if ($_POST['oldname'] != $display_name) {
$records = spdb_table(SFMEMBERS, "display_name='{$display_name}'");
if ($records) {
foreach ($records as $record) {
if ($record->user_id != $thisUser) {
$message['type'] = 'error';
$message['text'] = $display_name . ' ' . sp_text('is already in use - please choose a different display name');
return $message;
}
}
}
# validate display name
$errors = new WP_Error();
$user = new stdClass();
$user->display_name = $display_name;
sp_validate_display_name($errors, true, $user);
if ($errors->get_error_codes()) {
$message['type'] = 'error';
$message['text'] = sp_text('The display name you have chosen is not allowed on this site');
return $message;
}
# now save the display name
sp_update_member_item($thisUser, 'display_name', $display_name);
# Update new users list with changed display name
sp_update_newuser_name(sp_filter_name_save($_POST['oldname']), $display_name);
# do we need to sync display name with wp?
$options = sp_get_member_item($thisUser, 'user_options');
if ($options['namesync']) {
spdb_query('UPDATE ' . SFUSERS . ' SET display_name="' . $display_name . '" WHERE ID=' . $thisUser);
}
}
}
}
# save the url
$update = apply_filters('sph_ProfileUserWebsiteUpdate', true);
if ($update) {
$url = sp_filter_url_save($_POST['website']);
$sql = 'UPDATE ' . SFUSERS . ' SET user_url="' . $url . '" WHERE ID=' . $thisUser;
spdb_query($sql);
}
# update first name, last name, location and biorgraphy
$update = apply_filters('sph_ProfileUserFirstNameUpdate', true);
if ($update) {
update_user_meta($thisUser, 'first_name', sp_filter_name_save(trim($_POST['first_name'])));
}
$update = apply_filters('sph_ProfileUserLastNameUpdate', true);
if ($update) {
update_user_meta($thisUser, 'last_name', sp_filter_name_save(trim($_POST['last_name'])));
}
$update = apply_filters('sph_ProfileUserLocationUpdate', true);
if ($update) {
update_user_meta($thisUser, 'location', sp_filter_title_save(trim($_POST['location'])));
}
$update = apply_filters('sph_ProfileUserBiographyUpdate', true);
if ($update) {
update_user_meta($thisUser, 'description', sp_filter_save_kses($_POST['description']));
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfileProfile', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Profile settings updated');
}
break;
case 'edit-identities':
# update identity settings
# update the user identities
$update = apply_filters('sph_ProfileUserAIMUpdate', true);
if ($update) {
update_user_meta($thisUser, 'aim', sp_filter_title_save(trim($_POST['aim'])));
}
$update = apply_filters('sph_ProfileUserYahooUpdate', true);
if ($update) {
update_user_meta($thisUser, 'yim', sp_filter_title_save(trim($_POST['yim'])));
}
$update = apply_filters('sph_ProfileUserGoogleUpdate', true);
if ($update) {
update_user_meta($thisUser, 'jabber', sp_filter_title_save(trim($_POST['jabber'])));
}
$update = apply_filters('sph_ProfileUserMSNUpdate', true);
if ($update) {
update_user_meta($thisUser, 'msn', sp_filter_title_save(trim($_POST['msn'])));
}
$update = apply_filters('sph_ProfileUserICQUpdate', true);
if ($update) {
update_user_meta($thisUser, 'icq', sp_filter_title_save(trim($_POST['icq'])));
}
$update = apply_filters('sph_ProfileUserSkypeUpdate', true);
if ($update) {
update_user_meta($thisUser, 'skype', sp_filter_title_save(trim($_POST['skype'])));
}
$update = apply_filters('sph_ProfileUserFacebookUpdate', true);
if ($update) {
update_user_meta($thisUser, 'facebook', sp_filter_title_save(trim($_POST['facebook'])));
}
$update = apply_filters('sph_ProfileUserMySpaceUpdate', true);
if ($update) {
update_user_meta($thisUser, 'myspace', sp_filter_title_save(trim($_POST['myspace'])));
}
$update = apply_filters('sph_ProfileUserTwitterUpdate', true);
if ($update) {
update_user_meta($thisUser, 'twitter', sp_filter_title_save(trim($_POST['twitter'])));
}
$update = apply_filters('sph_ProfileUserLinkedInUpdate', true);
if ($update) {
update_user_meta($thisUser, 'linkedin', sp_filter_title_save(trim($_POST['linkedin'])));
}
$update = apply_filters('sph_ProfileUserYouTubeUpdate', true);
if ($update) {
update_user_meta($thisUser, 'youtube', sp_filter_title_save(trim($_POST['youtube'])));
}
$update = apply_filters('sph_ProfileUserGooglePlusUpdate', true);
if ($update) {
update_user_meta($thisUser, 'googleplus', sp_filter_title_save(trim($_POST['googleplus'])));
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfileIdentities', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Identities updated');
}
break;
case 'avatar-upload':
# upload avatar
# did we get an avatar to upload?
if (empty($_FILES['avatar-upload']['name'])) {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the avatar filename was empty');
return $message;
}
# Verify the file extension
global $spPaths;
$uploaddir = SF_STORE_DIR . '/' . $spPaths['avatars'] . '/';
$filename = basename($_FILES['avatar-upload']['name']);
$path = pathinfo($filename);
$ext = strtolower($path['extension']);
if ($ext != 'jpg' && $ext != 'jpeg' && $ext != 'gif' && $ext != 'png') {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, only JPG, JPEG, PNG, or GIF files are allowed');
return $message;
}
# check image file mimetype
$mimetype = 0;
$mimetype = exif_imagetype($_FILES['avatar-upload']['tmp_name']);
if (empty($mimetype) || $mimetype == 0 || $mimetype > 3) {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the avatar file is an invalid format');
return $message;
}
# make sure file extension and mime type actually match
if ($mimetype == 1 && $ext != 'gif' || $mimetype == 2 && ($ext != 'jpg' && $ext != 'jpeg') || $mimetype == 3 && $ext != 'png') {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the file mime type does not match file extension');
return $message;
}
# Clean up file name just in case
$filename = date('U') . sp_filter_filename_save(basename($_FILES['avatar-upload']['name']));
$uploadfile = $uploaddir . $filename;
# check for existence
if (file_exists($uploadfile)) {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the avatar file already exists');
return $message;
}
# check file size against limit if provided
$spAvatars = sp_get_option('sfavatars');
if ($_FILES['avatar-upload']['size'] > $spAvatars['sfavatarfilesize']) {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the avatar file exceeds the maximum allowed size');
return $message;
}
# valid avatar, so try moving the uploaded file to the avatar storage directory
if (move_uploaded_file($_FILES['avatar-upload']['tmp_name'], $uploadfile)) {
@chmod("{$uploadfile}", 0644);
# do we need to resize?
$sfavatars = sp_get_option('sfavatars');
if ($sfavatars['sfavatarresize']) {
$editor = wp_get_image_editor($uploadfile);
if (is_wp_error($editor)) {
@unlink($uploadfile);
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, there was a problem resizing the avatar');
return $message;
} else {
$editor->resize($sfavatars['sfavatarsize'], $sfavatars['sfavatarsize'], true);
$imageinfo = $editor->save($uploadfile);
$filename = $imageinfo['file'];
}
}
# update member avatar data
$avatar = sp_get_member_item($thisUser, 'avatar');
$avatar['uploaded'] = $filename;
sp_update_member_item($thisUser, 'avatar', $avatar);
} else {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the avatar file could not be moved to the avatar storage location');
return $message;
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfileAvatarUpload', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Uploaded avatar updated');
}
break;
case 'avatar-pool':
# pool avatar
# get pool avatar name
$filename = sp_filter_filename_save($_POST['spPoolAvatar']);
# error if no pool avatar provided
if (empty($filename)) {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, you must select a pool avatar before trying to save it');
return $message;
}
# save the pool avatar
$avatar = sp_get_member_item($thisUser, 'avatar');
$avatar['pool'] = $filename;
sp_update_member_item($thisUser, 'avatar', $avatar);
# fire action for plugins
$message = apply_filters('sph_UpdateProfileAvatarPool', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Pool avatar updated');
}
break;
case 'avatar-remote':
# remote avatar
# get remote avatar name
$filename = sp_filter_url_save($_POST['spAvatarRemote']);
$avatar = sp_get_member_item($thisUser, 'avatar');
$avatar['remote'] = $filename;
sp_update_member_item($thisUser, 'avatar', $avatar);
# fire action for plugins
$message = apply_filters('sph_UpdateProfileAvatarRemote', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Remote avatar updated');
}
break;
case 'edit-signature':
# save signature
# Check if maxmium links has been exceeded
$numLinks = substr_count($_POST['postitem'], '</a>');
$spFilters = sp_get_option('sffilters');
if (!sp_get_auth('create_links', 'global', $thisUser) && $numLinks > 0 && !$spThisUser->admin) {
$message['type'] = 'error';
$message['text'] = sp_text('You are not allowed to put links in signatures');
return $message;
}
if (sp_get_auth('create_links', 'global', $thisUser) && $spFilters['sfmaxlinks'] != 0 && $numLinks > $spFilters['sfmaxlinks'] && !$spThisUser->admin) {
$message['type'] = 'error';
$message['text'] = sp_text('Maximum number of allowed links exceeded in signature') . ': ' . $spFilters['sfmaxlinks'] . ' ' . sp_text('allowed');
return $message;
}
// $sig = esc_sql(sp_filter_save_kses(trim($_POST['postitem'])));
$sig = sp_filter_content_save($_POST['postitem'], 'edit');
sp_update_member_item($thisUser, 'signature', $sig);
# fire action for plugins
$message = apply_filters('sph_UpdateProfileSignature', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Signature updated');
}
break;
case 'edit-photos':
# save photos
$photos = array();
$spProfileOptions = sp_get_option('sfprofile');
for ($x = 0; $x < $spProfileOptions['photosmax']; $x++) {
$photos[$x] = sp_filter_url_save($_POST['photo' . $x]);
}
update_user_meta($thisUser, 'photos', $photos);
# fire action for plugins
$message = apply_filters('sph_UpdateProfilePhotos', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Photos updated');
}
break;
case 'edit-global-options':
# save global options
$options = sp_get_member_item($thisUser, 'user_options');
$options['hidestatus'] = isset($_POST['hidestatus']) ? true : false;
$update = apply_filters('sph_ProfileUserSyncNameUpdate', true);
if ($update) {
$options['namesync'] = isset($_POST['namesync']) ? true : false;
}
sp_update_member_item($thisUser, 'user_options', $options);
# fire action for plugins
$message = apply_filters('sph_UpdateProfileGlobalOptions', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Global options updated');
}
break;
case 'edit-posting-options':
# save posting options
$update = apply_filters('sph_ProfileUserEditorUpdate', true);
if ($update) {
$options = sp_get_member_item($thisUser, 'user_options');
if (isset($_POST['editor'])) {
$options['editor'] = sp_esc_int($_POST['editor']);
}
sp_update_member_item($thisUser, 'user_options', $options);
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfilePostingOptions', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Posting options updated');
}
break;
case 'edit-display-options':
# save display options
$options = sp_get_member_item($thisUser, 'user_options');
if (isset($_POST['timezone'])) {
if (preg_match('/^UTC[+-]/', $_POST['timezone'])) {
# correct for manual UTC offets
$userOffset = preg_replace('/UTC\\+?/', '', $_POST['timezone']) * 3600;
} else {
# get timezone offset for user
$date_time_zone_selected = new DateTimeZone(sp_esc_str($_POST['timezone']));
$userOffset = timezone_offset_get($date_time_zone_selected, date_create());
}
# get timezone offset for server based on wp settings
$wptz = get_option('timezone_string');
if (empty($wptz)) {
$serverOffset = get_option('gmt_offset');
} else {
$date_time_zone_selected = new DateTimeZone($wptz);
$serverOffset = timezone_offset_get($date_time_zone_selected, date_create());
}
# calculate time offset between user and server
$options['timezone'] = (int) round(($userOffset - $serverOffset) / 3600, 2);
$options['timezone_string'] = sp_esc_str($_POST['timezone']);
} else {
$options['timezone'] = 0;
$options['timezone_string'] = 'UTC';
}
if (isset($_POST['unreadposts'])) {
$sfcontrols = sp_get_option('sfcontrols');
$options['unreadposts'] = is_numeric($_POST['unreadposts']) ? max(min(sp_esc_int($_POST['unreadposts']), $sfcontrols['sfmaxunreadposts']), 0) : $sfcontrols['sfdefunreadposts'];
}
$options['topicASC'] = isset($_POST['topicASC']);
$options['postDESC'] = isset($_POST['postDESC']);
sp_update_member_item($thisUser, 'user_options', $options);
# fire action for plugins
$message = apply_filters('sph_UpdateProfileDisplayOptions', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Display options updated');
}
break;
default:
break;
}
# let plugins do their thing on success
$message = apply_filters('sph_ProfileFormSave_' . $thisForm, $message, $thisUser, $thisForm);
do_action('sph_UpdateProfile', $thisUser, $thisForm);
# reset the plugin_data just in case
sp_reset_member_plugindata($thisUser);
# done saving - return the messages
return $message;
}
function sp_update_post_urls($old, $new)
{
global $wpdb;
if (empty($old) || empty($new)) {
return;
}
$posts = spdb_table(SFPOSTS, 'post_content LIKE "%/' . esc_sql($wpdb->esc_like($old)) . '%"', '');
if (!empty($posts)) {
foreach ($posts as $p) {
$pc = str_replace('/' . $old, '/' . $new, sp_filter_content_edit($p->post_content));
$pc = sp_filter_content_save($pc, 'edit');
spdb_query('UPDATE ' . SFPOSTS . " SET post_content = '{$pc}' WHERE post_id=" . $p->post_id);
}
}
}
function validateData()
{
$this->abort = false;
$this->newpost['action'] = $this->action;
# Check flood control (done here vice validatePermission() so we can use the return to post feature)
if (!sp_get_auth('bypass_flood_control', $this->newpost['forumid'], $this->userid)) {
$flood = sp_get_cache('floodcontrol');
if (!empty($flood) && time() < $flood) {
$this->abort = true;
$this->message = sp_text('Flood control exceeded, please slow down - Post cannot be saved yet');
return;
}
}
# Check topic name
if (empty($this->newpost['topicname'])) {
$this->abort = true;
$this->message = sp_text('No topic name has been entered and post cannot be saved');
return;
} else {
$this->newpost['topicname'] = sp_filter_title_save($this->newpost['topicname'], SFTOPICS, 'topic_name');
}
# Check Post Content
if (empty($this->newpost['postcontent'])) {
$this->abort = true;
$this->message = sp_text('No topic post has been entered and post cannot be saved');
return;
} else {
$this->newpost['postcontent_unescaped'] = sp_filter_content_save($this->newpost['postcontent'], 'new', false, SFPOSTS, 'post_content');
$this->newpost['postcontent'] = sp_filter_content_save($this->newpost['postcontent'], 'new', true, SFPOSTS, 'post_content');
}
# Check and set user names/ids etc
if ($this->guest) {
$sfguests = sp_get_option('sfguests');
if (empty($this->newpost['guestname']) || (empty($this->newpost['guestemail']) || !is_email($this->newpost['guestemail'])) && $sfguests['reqemail']) {
$this->abort = true;
$this->message = sp_text('Guest name and valid email address required');
return;
}
# force maximum lengths
$this->newpost['guestname'] = substr(sp_filter_name_save($this->newpost['guestname']), 0, 20);
$this->newpost['guestemail'] = substr(sp_filter_email_save($this->newpost['guestemail']), 0, 50);
$this->newpost['postername'] = $this->newpost['guestname'];
$this->newpost['posteremail'] = $this->newpost['guestemail'];
# check for blacklisted guest name
$blockedGuest = sp_get_option('guest-name');
if (!empty($blockedGuest)) {
$names = explode(',', $blockedGuest);
foreach ($names as $name) {
if (strtolower(trim($name)) == strtolower($this->newpost['guestname'])) {
$this->abort = true;
$this->message = sp_text('The guest name you have chosen is not allowed on this site');
return;
}
}
}
# check that the guest name is not the same as a current user
$checkdupe = spdb_table(SFMEMBERS, "display_name='" . $this->newpost['guestname'] . "'", 'display_name');
if (!empty($checkdupe)) {
$this->abort = true;
$this->message = sp_text('This user name already belongs to a forum member');
return;
}
}
# Check if links allowed or if maxmium links have been exceeded
$sffilters = sp_get_option('sffilters');
if (!$this->admin) {
$links = $this->count_links();
if (sp_get_auth('create_links', $this->newpost['forumid'], $this->userid)) {
if ($sffilters['sfmaxlinks'] > 0 && $links > $sffilters['sfmaxlinks']) {
$this->abort = true;
$this->message = sp_text('Maximum number of allowed links exceeded') . ': ' . $sffilters['sfmaxlinks'] . ' ' . sp_text('allowed');
return;
}
} else {
if ($links > 0) {
$this->abort = true;
$this->message = sp_text('You are not allowed to put links in post content');
return;
}
}
}
# Check if maxmium smileys have been exceeded
if (!$this->admin) {
if (isset($sffilters['sfmaxsmileys']) && $sffilters['sfmaxsmileys'] > 0 && $this->count_smileys() > $sffilters['sfmaxsmileys']) {
$this->abort = true;
$this->message = sp_text('Maximum number of allowed smileys exceeded') . ': ' . $sffilters['sfmaxsmileys'] . ' ' . sp_text('allowed');
return;
}
}
# Check for duplicate post of option is set
if ($this->member && $sffilters['sfdupemember'] == true || $this->guest && $sffilters['sfdupeguest'] == true) {
# But not admin or moderator
if (!$this->admin && !$this->moderator) {
$dupecheck = spdb_table(SFPOSTS, 'forum_id = ' . $this->newpost['forumid'] . ' AND topic_id=' . $this->newpost['topicid'] . " AND post_content='" . $this->newpost['postcontent'] . "' AND poster_ip='" . $this->newpost['posterip'] . "'", 'row', '', '', ARRAY_A);
if ($dupecheck) {
$this->abort = true;
$this->message = sp_text('Duplicate post refused');
return;
}
}
}
# Establish moderation status
$bypassAll = sp_get_auth('bypass_moderation', $this->newpost['forumid'], $this->userid);
$bypassOnce = sp_get_auth('bypass_moderation_once', $this->newpost['forumid'], $this->userid);
if ($bypassAll == true && $bypassOnce == true) {
$this->newpost['poststatus'] = 0;
} else {
if ($bypassAll == false && $bypassOnce == false) {
$this->newpost['poststatus'] = 1;
} else {
if ($bypassAll == true && $bypassOnce == false) {
$this->newpost['poststatus'] = 1;
if ($this->member) {
$prior = spdb_table(SFPOSTS, 'user_id=' . $this->newpost['userid'] . ' AND post_status=0', 'row', '', '1');
if ($prior) {
$this->newpost['poststatus'] = 0;
}
} else {
if ($this->guest) {
$prior = spdb_table(SFPOSTS, "guest_name='" . $this->newpost['guestname'] . "' AND guest_email='" . $this->newpost['guestemail'] . "' AND post_status=0", 'row', '', '1');
if ($prior) {
$this->newpost['poststatus'] = 0;
}
}
}
} else {
$this->newpost['poststatus'] = 1;
}
}
}
# Finally one or two other data items
if ($this->action == 'topic') {
$this->newpost['topicslug'] = sp_create_slug($this->newpost['topicname'], true, SFTOPICS, 'topic_slug');
} else {
$this->newpost['emailprefix'] = 'Re: ';
}
$this->newpost['groupname'] = sp_get_group_name_from_forum($this->newpost['forumid']);
if (empty($this->newpost['forumname'])) {
$this->newpost['forumname'] = spdb_table(SFFORUMS, "forum_slug='" . $this->newpost['forumslug'] . "'", 'forum_name');
}
$this->newpost = apply_filters('sph_post_data_validation', $this->newpost);
do_action('sph_pre_post_create', $this->newpost);
$this->newpost = apply_filters('sph_new_forum_post', $this->newpost);
}
function sp_save_edited_post()
{
global $spThisUser, $spVars, $spGlobals;
# post id of edited post
$newpost = array();
$newpost['postid'] = sp_esc_int($_POST['pid']);
# no post editng if guest, in post edit mode or lockdwon
if ($spVars['displaymode'] == 'edit' && $spVars['postedit'] == $newpost['postid']) {
return;
}
if ($spGlobals['lockdown']) {
return;
}
# data for the post - want to ensure absolute forum id plus used for notifications later
$post = spdb_table(SFPOSTS, "post_id={$newpost['postid']}", 'row');
$topic = spdb_table(SFTOPICS, "topic_id={$post->topic_id}", 'row');
# verify we can edit this post
$canEdit = false;
if (sp_get_auth('edit_any_post', $post->forum_id)) {
$canEdit = true;
} else {
if ($post->user_id == $spThisUser->ID) {
$last_post = $newpost['postid'] == $topic->post_id || $post->post_status == 1 && $newpost['postid'] == $topic->post_id_held;
$edit_days = sp_get_option('editpostdays');
$post_date = strtotime(sp_date('d', $post->post_date));
$date_diff = floor((time() - $post_date) / (60 * 60 * 24));
if (sp_get_auth('edit_own_posts_forever', $post->forum_id) || sp_get_auth('edit_own_posts_reply', $post->forum_id) && $last_post || sp_get_auth('edit_own_posts_for_time', $post->forum_id) && $date_diff <= $edit_days) {
$canEdit = true;
}
}
}
if (!$canEdit) {
sp_notify(SPFAILURE, sp_text('Edit failed - you do not have permission'));
return;
}
# post info
$newpost['postcontent'] = $_POST['postitem'];
$newpost['postcontent'] = sp_filter_content_save($newpost['postcontent'], 'edit', true, SFPOSTS, 'post_content');
$newpost['forumid'] = sp_esc_int($_POST['forumid']);
$newpost['forumslug'] = sp_esc_str($_POST['forumslug']);
$newpost['topicid'] = sp_esc_int($_POST['topicid']);
$newpostt['topicslug'] = sp_esc_str($_POST['topicslug']);
# post edit array
$history = spdb_select('var', 'SELECT post_edit FROM ' . SFPOSTS . " WHERE post_id='{$newpost['postid']}'", ARRAY_A);
$postedits = !empty($history) ? unserialize($history) : array();
$x = count($postedits);
$edittime = current_time('mysql');
$postedits[$x]['by'] = sp_filter_name_save($spThisUser->display_name);
$postedits[$x]['at'] = strtotime($edittime);
$newpost['postedits'] = serialize($postedits);
$newpost['postcontent'] = apply_filters('sph_post_edit_data', $newpost['postcontent'], $newpost['postid'], $spThisUser->ID);
$date_update = '';
if (!empty($_POST['editTimestamp'])) {
$yy = sp_esc_int($_POST['tsYear']);
$mm = sp_esc_int($_POST['tsMonth']);
$dd = sp_esc_int($_POST['tsDay']);
$hh = sp_esc_int($_POST['tsHour']);
$mn = sp_esc_int($_POST['tsMinute']);
$ss = sp_esc_int($_POST['tsSecond']);
$dd = $dd > 31 ? 31 : $dd;
$hh = $hh > 23 ? $hh - 24 : $hh;
$mn = $mn > 59 ? $mn - 60 : $mn;
$ss = $ss > 59 ? $ss - 60 : $ss;
$newpost['postdate'] = sprintf('%04d-%02d-%02d %02d:%02d:%02d', $yy, $mm, $dd, $hh, $mn, $ss);
$date_update = ', post_date = "' . $newpost['postdate'] . '"';
}
$sql = 'UPDATE ' . SFPOSTS . " SET post_content='{$newpost['postcontent']}', post_edit='{$newpost['postedits']}'{$date_update} WHERE post_id={$newpost['postid']}";
if (spdb_query($sql) == false) {
sp_notify(SPFAILURE, sp_text('Update failed'));
} else {
sp_notify(SPSUCCESS, sp_text('Updated post saved'));
# set up some data for notifications
$link = sp_permalink_from_postid($newpost['postid']);
# notify admins/mods of edit
$users = spdb_select('set', 'SELECT user_id, admin_options FROM ' . SFMEMBERS . " WHERE admin=1 OR moderator=1");
if ($users) {
$time = time() + 7 * 24 * 60 * 60;
$text = sp_text('A user has edited the post');
foreach ($users as $user) {
$options = unserialize($user->admin_options);
if ($options['notify-edited'] && $spThisUser->ID != $user->user_id) {
# dont notify self
$nData = array();
$nData['user_id'] = $user->user_id;
$nData['guest_email'] = '';
$nData['post_id'] = $newpost['postid'];
$nData['link'] = $link;
$nData['link_text'] = $topic->topic_name;
$nData['message'] = $text;
$nData['expires'] = $time;
# 7 days; 24 hours; 60 mins; 60secs
sp_add_notice($nData);
}
}
}
# notify author of change
$sfadminsettings = sp_get_option('sfadminsettings');
if ($sfadminsettings['editnotice'] && $spThisUser->ID != $post->user_id) {
$nData = array();
$nData['user_id'] = $post->user_id;
$nData['guest_email'] = $post->guest_email;
$nData['post_id'] = $newpost['postid'];
$nData['link'] = $link;
$nData['link_text'] = $topic->topic_name;
$nData['message'] = sp_text('An edit has been made to your post');
$nData['expires'] = time() + 30 * 24 * 60 * 60;
# 30 days; 24 hours; 60 mins; 60secs
sp_add_notice($nData);
}
}
$newpost['userid'] = $spThisUser->ID;
$newpost['action'] = 'edit';
do_action('sph_post_edit_after_save', $newpost);
}
function sp_ListSearchPostContent($args = '')
{
global $spSearchView, $spThisPostList;
$defs = array('tagId' => 'spListPostContent%ID%', 'tagClass' => 'spPostContent', 'excerpt' => 400, 'echo' => 1, 'get' => 0);
$a = wp_parse_args($args, $defs);
$a = apply_filters('sph_ListPostContent_args', $a);
extract($a, EXTR_SKIP);
# sanitize before use
$tagId = esc_attr($tagId);
$tagClass = esc_attr($tagClass);
$excerpt = (int) $excerpt;
$echo = (int) $echo;
$get = (int) $get;
$tagId = str_ireplace('%ID%', $spThisPostList->post_id, $tagId);
if ($get) {
return $spThisPostList->post_content;
}
# build the keywords for highlighting - add on wildcards to match mysql search
if ($spSearchView->searchType == 1 || $spSearchView->searchType == 2) {
if (strpos($spSearchView->searchTermRaw, ' ') === false) {
$highlight = $spSearchView->searchTermRaw;
} else {
$highlight = str_replace(' ', '|', $spSearchView->searchTermRaw);
}
} else {
$highlight = $spSearchView->searchTermRaw;
}
# get the excerpted post content prepared for editing but no mysql escaping
$content = sp_filter_content_save($spThisPostList->post_content, 'new', false);
# lets remove some html content we dont need to show in search results
$content = strip_shortcodes($content);
$content = preg_replace('/<img[^>]+\\>/i', sp_text(' (* image not shown *) '), $content);
$content = preg_replace('#<a.*?>.*?</a>#i', sp_text(' (* link not shown *) '), $content);
$content = preg_replace('#<iframe.*?>.*?</iframe>#i', sp_text(' (* media not shown *) '), $content);
$content = preg_replace('#<audio.*?>.*?</audio>#i', sp_text(' (* media not shown *) '), $content);
$content = preg_replace('#<video.*?>.*?</video>#i', sp_text(' (* media not shown *) '), $content);
# if we still have content left, lets highlight the search terms
if (!empty($content)) {
$content = sp_filter_content_excerpt($content, array_filter(explode('|', $highlight), 'strlen'), $excerpt);
$content = preg_replace('#(?!<.*)(' . $highlight . ')(?![^<>]*(?:</s(?:cript|tyle))?>)#is', '<span class="spSearchTermHighlight">$1</span>', $content);
$content = sp_filter_content_display($content);
}
# display the excerpt with highlighting
$out = "<div id='{$tagId}' class='{$tagClass}'>{$content}</div>\n";
$out = apply_filters('sph_ListPostContent', $out, $a);
if ($echo) {
echo $out;
} else {
return $out;
}
}
