function sp_featured_admin_options_save() { check_admin_referer('forum-adminform_userplugin', 'forum-adminform_userplugin'); # Save options $topics = sp_filter_title_save(trim($_POST['topic_list'])); $topics = explode(',', $topics); sp_add_sfmeta('featured', 'topics', $topics, true); $posts = sp_filter_title_save(trim($_POST['post_list'])); $posts = explode(',', $posts); sp_add_sfmeta('featured', 'posts', $posts, true); $out = __('Featured topics and posts options updated', 'sp-featured'); return $out; }
function spa_save_usergroups_edit_usergroup() { check_admin_referer('forum-adminform_usergroupedit', 'forum-adminform_usergroupedit'); $usergroupdata = array(); $usergroup_id = sp_esc_int($_POST['usergroup_id']); $usergroupdata['usergroup_name'] = sp_filter_title_save(trim($_POST['usergroup_name'])); $usergroupdata['usergroup_desc'] = sp_filter_title_save(trim($_POST['usergroup_desc'])); $usergroupdata['usergroup_badge'] = sp_filter_filename_save(trim($_POST['usergroup_badge'])); if (isset($_POST['usergroup_join'])) { $usergroupdata['usergroup_join'] = 1; } else { $usergroupdata['usergroup_join'] = 0; } if (isset($_POST['usergroup_is_moderator'])) { $usergroupdata['usergroup_is_moderator'] = 1; } else { $usergroupdata['usergroup_is_moderator'] = 0; } # update the user group info $sql = 'UPDATE ' . SFUSERGROUPS . ' SET '; $sql .= 'usergroup_name="' . $usergroupdata['usergroup_name'] . '", '; $sql .= 'usergroup_desc="' . $usergroupdata['usergroup_desc'] . '", '; $sql .= 'usergroup_badge="' . $usergroupdata['usergroup_badge'] . '", '; $sql .= 'usergroup_join="' . $usergroupdata['usergroup_join'] . '", '; $sql .= 'usergroup_is_moderator="' . $usergroupdata['usergroup_is_moderator'] . '" '; $sql .= "WHERE usergroup_id={$usergroup_id}"; $success = spdb_query($sql); sp_reset_memberships(); if ($success == false) { $mess = spa_text('User group update failed'); } else { $mess = spa_text('User group record updated'); do_action('sph_usergroup_new', $usergroup_id); } return $mess; }
spa_etext('No users with this special rank'); } echo '</fieldset>'; } if ($action == 'delsmiley') { $file = sp_esc_str($_GET['file']); $path = SF_STORE_DIR . '/' . $spPaths['smileys'] . '/' . $file; @unlink($path); # load smiles from sfmeta $meta = sp_get_sfmeta('smileys', 'smileys'); # now cycle through to remove this entry and resave if (!empty($meta[0]['meta_value'])) { $newsmileys = array(); foreach ($meta[0]['meta_value'] as $name => $info) { if ($info[0] != $file) { $newsmileys[$name][0] = sp_filter_title_save($info[0]); $newsmileys[$name][1] = sp_filter_name_save($info[1]); $newsmileys[$name][2] = sp_filter_name_save($info[2]); $newsmileys[$name][3] = $info[3]; $newsmileys[$name][4] = $info[4]; } } sp_update_sfmeta('smileys', 'smileys', $newsmileys, $meta[0]['meta_id'], true); } echo '1'; } if ($action == 'delbadge') { $file = sp_esc_str($_GET['file']); $path = SF_STORE_DIR . '/' . $spPaths['ranks'] . '/' . $file; @unlink($path); echo '1';
function sp_UpdateProfile() { global $spGlobals, $spThisUser; # make sure nonce is there check_admin_referer('forum-profile', 'forum-profile'); $message = array(); # dont update forum if its locked down if ($spGlobals['lockdown']) { $message['type'] = 'error'; $message['text'] = sp_text('This forum is currently locked - access is read only - profile not updated'); return $message; } # do we have a form to update? if (isset($_GET['form'])) { $thisForm = sp_esc_str($_GET['form']); } else { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid form'); return $message; } # do we have an actual user to update? if (isset($_GET['userid'])) { $thisUser = sp_esc_int($_GET['userid']); } else { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid user'); return $message; } # Check the user ID for current user of admin edit if ($thisUser != $spThisUser->ID && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid user'); return $message; } if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) { $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (empty($pass1) || empty($pass2) || $pass1 != $pass2) { $message['type'] = 'error'; $message['text'] = sp_text('Cannot save profile until password has been changed'); return $message; } } # form save filter $thisForm = apply_filters('sph_profile_save_thisForm', $thisForm); # valid save attempt, so lets process the save switch ($thisForm) { case 'show-memberships': # update memberships # any usergroup removals? if (isset($_POST['usergroup_leave'])) { foreach ($_POST['usergroup_leave'] as $membership) { sp_remove_membership(sp_esc_str($membership), $thisUser); } } # any usergroup joins? if (isset($_POST['usergroup_join'])) { foreach ($_POST['usergroup_join'] as $membership) { sp_add_membership(sp_esc_int($membership), $thisUser); } } # fire action for plugins $message = apply_filters('sph_UpdateProfileMemberships', $message, $thisUser); # output update message if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Memberships updated'); } break; case 'account-settings': # update account settings # check for password update $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (!empty($pass1) || !empty($pass2)) { if ($pass1 != $pass2) { $message['type'] = 'error'; $message['text'] = sp_text('Please enter the same password in the two password fields'); return $message; } else { # update the password $user = new stdClass(); $user->ID = (int) $thisUser; $user->user_pass = $pass1; wp_update_user(get_object_vars($user)); if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) { delete_user_meta($spThisUser->ID, 'sp_change_pw'); } } } # now check the email is valid and unique $update = apply_filters('sph_ProfileUserEmailUpdate', true); if ($update) { $curEmail = sp_filter_email_save($_POST['curemail']); $email = sp_filter_email_save($_POST['email']); if ($email != $curEmail) { if (empty($email)) { $message['type'] = 'error'; $message['text'] = sp_text('Please enter a valid email address'); return $message; } elseif (($owner_id = email_exists($email)) && $owner_id != $thisUser) { $message['type'] = 'error'; $message['text'] = sp_text('The email address is already registered. Please choose another one'); return $message; } # save new email address $sql = 'UPDATE ' . SFUSERS . " SET user_email='{$email}' WHERE ID=" . $thisUser; spdb_query($sql); } } # fire action for plugins $message = apply_filters('sph_UpdateProfileSettings', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Account settings updated'); } break; case 'edit-profile': # update profile settings # validate any username change $update = apply_filters('sph_ProfileUserDisplayNameUpdate', true); if ($update) { $spProfile = sp_get_option('sfprofile'); if ($spProfile['nameformat'] || $spThisUser->admin) { $display_name = !empty($_POST['display_name']) ? trim($_POST['display_name']) : spdb_table(SFUSERS, "ID={$thisUser}", 'user_login'); $display_name = sp_filter_name_save($display_name); # make sure display name isnt already used if ($_POST['oldname'] != $display_name) { $records = spdb_table(SFMEMBERS, "display_name='{$display_name}'"); if ($records) { foreach ($records as $record) { if ($record->user_id != $thisUser) { $message['type'] = 'error'; $message['text'] = $display_name . ' ' . sp_text('is already in use - please choose a different display name'); return $message; } } } # validate display name $errors = new WP_Error(); $user = new stdClass(); $user->display_name = $display_name; sp_validate_display_name($errors, true, $user); if ($errors->get_error_codes()) { $message['type'] = 'error'; $message['text'] = sp_text('The display name you have chosen is not allowed on this site'); return $message; } # now save the display name sp_update_member_item($thisUser, 'display_name', $display_name); # Update new users list with changed display name sp_update_newuser_name(sp_filter_name_save($_POST['oldname']), $display_name); # do we need to sync display name with wp? $options = sp_get_member_item($thisUser, 'user_options'); if ($options['namesync']) { spdb_query('UPDATE ' . SFUSERS . ' SET display_name="' . $display_name . '" WHERE ID=' . $thisUser); } } } } # save the url $update = apply_filters('sph_ProfileUserWebsiteUpdate', true); if ($update) { $url = sp_filter_url_save($_POST['website']); $sql = 'UPDATE ' . SFUSERS . ' SET user_url="' . $url . '" WHERE ID=' . $thisUser; spdb_query($sql); } # update first name, last name, location and biorgraphy $update = apply_filters('sph_ProfileUserFirstNameUpdate', true); if ($update) { update_user_meta($thisUser, 'first_name', sp_filter_name_save(trim($_POST['first_name']))); } $update = apply_filters('sph_ProfileUserLastNameUpdate', true); if ($update) { update_user_meta($thisUser, 'last_name', sp_filter_name_save(trim($_POST['last_name']))); } $update = apply_filters('sph_ProfileUserLocationUpdate', true); if ($update) { update_user_meta($thisUser, 'location', sp_filter_title_save(trim($_POST['location']))); } $update = apply_filters('sph_ProfileUserBiographyUpdate', true); if ($update) { update_user_meta($thisUser, 'description', sp_filter_save_kses($_POST['description'])); } # fire action for plugins $message = apply_filters('sph_UpdateProfileProfile', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Profile settings updated'); } break; case 'edit-identities': # update identity settings # update the user identities $update = apply_filters('sph_ProfileUserAIMUpdate', true); if ($update) { update_user_meta($thisUser, 'aim', sp_filter_title_save(trim($_POST['aim']))); } $update = apply_filters('sph_ProfileUserYahooUpdate', true); if ($update) { update_user_meta($thisUser, 'yim', sp_filter_title_save(trim($_POST['yim']))); } $update = apply_filters('sph_ProfileUserGoogleUpdate', true); if ($update) { update_user_meta($thisUser, 'jabber', sp_filter_title_save(trim($_POST['jabber']))); } $update = apply_filters('sph_ProfileUserMSNUpdate', true); if ($update) { update_user_meta($thisUser, 'msn', sp_filter_title_save(trim($_POST['msn']))); } $update = apply_filters('sph_ProfileUserICQUpdate', true); if ($update) { update_user_meta($thisUser, 'icq', sp_filter_title_save(trim($_POST['icq']))); } $update = apply_filters('sph_ProfileUserSkypeUpdate', true); if ($update) { update_user_meta($thisUser, 'skype', sp_filter_title_save(trim($_POST['skype']))); } $update = apply_filters('sph_ProfileUserFacebookUpdate', true); if ($update) { update_user_meta($thisUser, 'facebook', sp_filter_title_save(trim($_POST['facebook']))); } $update = apply_filters('sph_ProfileUserMySpaceUpdate', true); if ($update) { update_user_meta($thisUser, 'myspace', sp_filter_title_save(trim($_POST['myspace']))); } $update = apply_filters('sph_ProfileUserTwitterUpdate', true); if ($update) { update_user_meta($thisUser, 'twitter', sp_filter_title_save(trim($_POST['twitter']))); } $update = apply_filters('sph_ProfileUserLinkedInUpdate', true); if ($update) { update_user_meta($thisUser, 'linkedin', sp_filter_title_save(trim($_POST['linkedin']))); } $update = apply_filters('sph_ProfileUserYouTubeUpdate', true); if ($update) { update_user_meta($thisUser, 'youtube', sp_filter_title_save(trim($_POST['youtube']))); } $update = apply_filters('sph_ProfileUserGooglePlusUpdate', true); if ($update) { update_user_meta($thisUser, 'googleplus', sp_filter_title_save(trim($_POST['googleplus']))); } # fire action for plugins $message = apply_filters('sph_UpdateProfileIdentities', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Identities updated'); } break; case 'avatar-upload': # upload avatar # did we get an avatar to upload? if (empty($_FILES['avatar-upload']['name'])) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar filename was empty'); return $message; } # Verify the file extension global $spPaths; $uploaddir = SF_STORE_DIR . '/' . $spPaths['avatars'] . '/'; $filename = basename($_FILES['avatar-upload']['name']); $path = pathinfo($filename); $ext = strtolower($path['extension']); if ($ext != 'jpg' && $ext != 'jpeg' && $ext != 'gif' && $ext != 'png') { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, only JPG, JPEG, PNG, or GIF files are allowed'); return $message; } # check image file mimetype $mimetype = 0; $mimetype = exif_imagetype($_FILES['avatar-upload']['tmp_name']); if (empty($mimetype) || $mimetype == 0 || $mimetype > 3) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file is an invalid format'); return $message; } # make sure file extension and mime type actually match if ($mimetype == 1 && $ext != 'gif' || $mimetype == 2 && ($ext != 'jpg' && $ext != 'jpeg') || $mimetype == 3 && $ext != 'png') { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the file mime type does not match file extension'); return $message; } # Clean up file name just in case $filename = date('U') . sp_filter_filename_save(basename($_FILES['avatar-upload']['name'])); $uploadfile = $uploaddir . $filename; # check for existence if (file_exists($uploadfile)) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file already exists'); return $message; } # check file size against limit if provided $spAvatars = sp_get_option('sfavatars'); if ($_FILES['avatar-upload']['size'] > $spAvatars['sfavatarfilesize']) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file exceeds the maximum allowed size'); return $message; } # valid avatar, so try moving the uploaded file to the avatar storage directory if (move_uploaded_file($_FILES['avatar-upload']['tmp_name'], $uploadfile)) { @chmod("{$uploadfile}", 0644); # do we need to resize? $sfavatars = sp_get_option('sfavatars'); if ($sfavatars['sfavatarresize']) { $editor = wp_get_image_editor($uploadfile); if (is_wp_error($editor)) { @unlink($uploadfile); $message['type'] = 'error'; $message['text'] = sp_text('Sorry, there was a problem resizing the avatar'); return $message; } else { $editor->resize($sfavatars['sfavatarsize'], $sfavatars['sfavatarsize'], true); $imageinfo = $editor->save($uploadfile); $filename = $imageinfo['file']; } } # update member avatar data $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['uploaded'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); } else { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file could not be moved to the avatar storage location'); return $message; } # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarUpload', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Uploaded avatar updated'); } break; case 'avatar-pool': # pool avatar # get pool avatar name $filename = sp_filter_filename_save($_POST['spPoolAvatar']); # error if no pool avatar provided if (empty($filename)) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, you must select a pool avatar before trying to save it'); return $message; } # save the pool avatar $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['pool'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarPool', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Pool avatar updated'); } break; case 'avatar-remote': # remote avatar # get remote avatar name $filename = sp_filter_url_save($_POST['spAvatarRemote']); $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['remote'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarRemote', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Remote avatar updated'); } break; case 'edit-signature': # save signature # Check if maxmium links has been exceeded $numLinks = substr_count($_POST['postitem'], '</a>'); $spFilters = sp_get_option('sffilters'); if (!sp_get_auth('create_links', 'global', $thisUser) && $numLinks > 0 && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('You are not allowed to put links in signatures'); return $message; } if (sp_get_auth('create_links', 'global', $thisUser) && $spFilters['sfmaxlinks'] != 0 && $numLinks > $spFilters['sfmaxlinks'] && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('Maximum number of allowed links exceeded in signature') . ': ' . $spFilters['sfmaxlinks'] . ' ' . sp_text('allowed'); return $message; } // $sig = esc_sql(sp_filter_save_kses(trim($_POST['postitem']))); $sig = sp_filter_content_save($_POST['postitem'], 'edit'); sp_update_member_item($thisUser, 'signature', $sig); # fire action for plugins $message = apply_filters('sph_UpdateProfileSignature', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Signature updated'); } break; case 'edit-photos': # save photos $photos = array(); $spProfileOptions = sp_get_option('sfprofile'); for ($x = 0; $x < $spProfileOptions['photosmax']; $x++) { $photos[$x] = sp_filter_url_save($_POST['photo' . $x]); } update_user_meta($thisUser, 'photos', $photos); # fire action for plugins $message = apply_filters('sph_UpdateProfilePhotos', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Photos updated'); } break; case 'edit-global-options': # save global options $options = sp_get_member_item($thisUser, 'user_options'); $options['hidestatus'] = isset($_POST['hidestatus']) ? true : false; $update = apply_filters('sph_ProfileUserSyncNameUpdate', true); if ($update) { $options['namesync'] = isset($_POST['namesync']) ? true : false; } sp_update_member_item($thisUser, 'user_options', $options); # fire action for plugins $message = apply_filters('sph_UpdateProfileGlobalOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Global options updated'); } break; case 'edit-posting-options': # save posting options $update = apply_filters('sph_ProfileUserEditorUpdate', true); if ($update) { $options = sp_get_member_item($thisUser, 'user_options'); if (isset($_POST['editor'])) { $options['editor'] = sp_esc_int($_POST['editor']); } sp_update_member_item($thisUser, 'user_options', $options); } # fire action for plugins $message = apply_filters('sph_UpdateProfilePostingOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Posting options updated'); } break; case 'edit-display-options': # save display options $options = sp_get_member_item($thisUser, 'user_options'); if (isset($_POST['timezone'])) { if (preg_match('/^UTC[+-]/', $_POST['timezone'])) { # correct for manual UTC offets $userOffset = preg_replace('/UTC\\+?/', '', $_POST['timezone']) * 3600; } else { # get timezone offset for user $date_time_zone_selected = new DateTimeZone(sp_esc_str($_POST['timezone'])); $userOffset = timezone_offset_get($date_time_zone_selected, date_create()); } # get timezone offset for server based on wp settings $wptz = get_option('timezone_string'); if (empty($wptz)) { $serverOffset = get_option('gmt_offset'); } else { $date_time_zone_selected = new DateTimeZone($wptz); $serverOffset = timezone_offset_get($date_time_zone_selected, date_create()); } # calculate time offset between user and server $options['timezone'] = (int) round(($userOffset - $serverOffset) / 3600, 2); $options['timezone_string'] = sp_esc_str($_POST['timezone']); } else { $options['timezone'] = 0; $options['timezone_string'] = 'UTC'; } if (isset($_POST['unreadposts'])) { $sfcontrols = sp_get_option('sfcontrols'); $options['unreadposts'] = is_numeric($_POST['unreadposts']) ? max(min(sp_esc_int($_POST['unreadposts']), $sfcontrols['sfmaxunreadposts']), 0) : $sfcontrols['sfdefunreadposts']; } $options['topicASC'] = isset($_POST['topicASC']); $options['postDESC'] = isset($_POST['postDESC']); sp_update_member_item($thisUser, 'user_options', $options); # fire action for plugins $message = apply_filters('sph_UpdateProfileDisplayOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Display options updated'); } break; default: break; } # let plugins do their thing on success $message = apply_filters('sph_ProfileFormSave_' . $thisForm, $message, $thisUser, $thisForm); do_action('sph_UpdateProfile', $thisUser, $thisForm); # reset the plugin_data just in case sp_reset_member_plugindata($thisUser); # done saving - return the messages return $message; }
function sp_profile_delete_menu($tab, $name) { # sanitize before use $tab = sp_filter_title_save($tab); $name = sp_filter_title_save($name); # get the current tabs $tabs = sp_profile_get_tabs(); if (empty($tabs)) { return false; } # find the requested tab foreach ($tabs as &$thisTab) { if ($thisTab['name'] == $tab) { # make sure the menu doesnt already exist on this tab if ($thisTab['menus']) { foreach ($thisTab['menus'] as $index => $menu) { if ($menu['name'] == $name) { unset($thisTab['menus'][$index]); } } $thisTab['menus'] = array_values($thisTab['menus']); } } } # reorder tabs afer removal and save $newtabs = serialize(array_values($tabs)); $result = sp_add_sfmeta('profile', 'tabs', $tabs); return $result; }
function spa_save_integration_storage_data() { check_admin_referer('forum-adminform_storage', 'forum-adminform_storage'); $mess = spa_text('Storage locations updated'); $sfstorage = array(); $sfstorage = sp_get_option('sfconfig'); if (!empty($_POST['plugins'])) { $sfstorage['plugins'] = trim(sp_filter_title_save(trim($_POST['plugins'])), '/'); } if (!empty($_POST['themes'])) { $sfstorage['themes'] = trim(sp_filter_title_save(trim($_POST['themes'])), '/'); } if (!empty($_POST['avatars'])) { $sfstorage['avatars'] = trim(sp_filter_title_save(trim($_POST['avatars'])), '/'); } if (!empty($_POST['avatar-pool'])) { $sfstorage['avatar-pool'] = trim(sp_filter_title_save(trim($_POST['avatar-pool'])), '/'); } if (!empty($_POST['smileys'])) { $sfstorage['smileys'] = trim(sp_filter_title_save(trim($_POST['smileys'])), '/'); } if (!empty($_POST['ranks'])) { $sfstorage['ranks'] = trim(sp_filter_title_save(trim($_POST['ranks'])), '/'); } if (!empty($_POST['image-uploads'])) { $sfstorage['image-uploads'] = trim(sp_filter_title_save(trim($_POST['image-uploads'])), '/'); } if (!empty($_POST['media-uploads'])) { $sfstorage['media-uploads'] = trim(sp_filter_title_save(trim($_POST['media-uploads'])), '/'); } if (!empty($_POST['file-uploads'])) { $sfstorage['file-uploads'] = trim(sp_filter_title_save(trim($_POST['file-uploads'])), '/'); } if (!empty($_POST['custom-icons'])) { $sfstorage['custom-icons'] = trim(sp_filter_title_save(trim($_POST['custom-icons'])), '/'); } if (!empty($_POST['language-sp'])) { $sfstorage['language-sp'] = trim(sp_filter_title_save(trim($_POST['language-sp'])), '/'); } if (!empty($_POST['language-sp-plugins'])) { $sfstorage['language-sp-plugins'] = trim(sp_filter_title_save(trim($_POST['language-sp-plugins'])), '/'); } if (!empty($_POST['language-sp-themes'])) { $sfstorage['language-sp-themes'] = trim(sp_filter_title_save(trim($_POST['language-sp-themes'])), '/'); } if (!empty($_POST['cache'])) { $sfstorage['cache'] = trim(sp_filter_title_save(trim($_POST['cache'])), '/'); } sp_update_option('sfconfig', $sfstorage); do_action('sph_integration_storage_save'); return $mess; }
function spa_save_email_data() { check_admin_referer('forum-adminform_email', 'forum-adminform_email'); $mess = spa_text('Options updated'); # Save Email Options # Thanks to Andrew Hamilton for these routines (mail-from plugion) # Remove any illegal characters and convert to lowercase both the user name and domain name $domain_input_errors = array('http://', 'https://', 'ftp://', 'www.'); $domainname = strtolower(sp_filter_title_save(trim($_POST['sfmaildomain']))); $domainname = str_replace($domain_input_errors, '', $domainname); $domainname = preg_replace('/[^0-9a-z\\-\\.]/i', '', $domainname); $illegal_chars_username = array('(', ')', '<', '>', ',', ';', ':', '\\', '"', '[', ']', '@', ' '); $username = strtolower(sp_filter_name_save(trim($_POST['sfmailfrom']))); $username = str_replace($illegal_chars_username, '', $username); $sfmail = array(); $sfmail['sfmailsender'] = sp_filter_name_save(trim($_POST['sfmailsender'])); $sfmail['sfmailfrom'] = $username; $sfmail['sfmaildomain'] = $domainname; $sfmail['sfmailuse'] = isset($_POST['sfmailuse']); sp_update_option('sfmail', $sfmail); # Save new user mail options $sfmail = array(); $sfmail['sfusespfreg'] = isset($_POST['sfusespfreg']); $sfmail['sfnewusersubject'] = sp_filter_title_save(trim($_POST['sfnewusersubject'])); $sfmail['sfnewusertext'] = sp_filter_title_save(trim($_POST['sfnewusertext'])); sp_update_option('sfnewusermail', $sfmail); do_action('sph_option_email_save'); return $mess; }
function spa_save_permissions_new_auth() { check_admin_referer('forum-adminform_authnew', 'forum-adminform_authnew'); # create the auth if (!empty($_POST['auth_name'])) { $active = isset($_POST['auth_active']) ? 1 : 0; $ignored = isset($_POST['auth_guests']) ? 1 : 0; $enabling = isset($_POST['auth_enabling']) ? 1 : 0; $result = sp_add_auth(sp_filter_title_save($_POST['auth_name']), sp_filter_title_save($_POST['auth_desc']), $active, $ignored, $enabling); if ($result) { # reset the auths to account for new auth sp_reset_auths(); $mess = spa_text('New auth added'); } else { $mess = spa_text('New auth failed - duplicate auth?'); } } else { $mess = spa_text('New auth failed - missing data'); } return $mess; }
function spa_update_specialrank($id) { check_admin_referer('special-rank-update', 'special-rank-update'); # save special forum ranks if (!empty($_POST['specialrankdesc'])) { $desc = $_POST['specialrankdesc']; $badge = $_POST['specialrankbadge']; $rank = sp_get_sfmeta('special_rank', false, $id); $rank[0]['meta_value']['badge'] = sp_filter_filename_save($badge[$id]); sp_update_sfmeta('special_rank', sp_filter_title_save(trim($desc[$id])), $rank[0]['meta_value'], $id, 1); if ($_POST['currentname'][$id] != $desc[$id]) { spdb_query("UPDATE " . SFSPECIALRANKS . "\n\t\t\t\t\t\tSET special_rank = '" . $desc[$id] . "'\n\t\t\t\t\t\tWHERE special_rank = '" . $_POST['currentname'][$id] . "'"); } } do_action('sph_component_srank_update_save'); $mess = spa_text('Special ranks updated'); return $mess; }
function spa_users_members_form() { spa_paint_options_init(); spa_paint_open_tab(spa_text('Users') . ' - ' . spa_text('Member Information'), true); spa_paint_open_panel(); spa_paint_open_fieldset(spa_text('Member Information'), 'true', 'users-info'); if (isset($_POST['usersearch'])) { $term = sp_filter_title_save(trim($_POST['usersearch'])); } else { $term = ''; } if (isset($_GET['userspage'])) { $page = sp_esc_int($_GET['userspage']); } else { $page = ''; } $user_search = new SP_User_Search($term, $page); ?> <form id="posts-filter" name="searchfilter" action="<?php echo SFADMINUSER . '&form=member-info'; ?> " method="post"> <div class="tablenav"> <?php if ($user_search->results_are_paged()) { ?> <div class="tablenav-pages"> <?php $args = array(); if (!empty($user_search->search_term)) { $args['usersearch'] = urlencode($user_search->search_term); } $user_search->paging_text = paginate_links(array('total' => ceil($user_search->total_users_for_query / $user_search->users_per_page), 'current' => $user_search->page, 'base' => 'admin.php?page=simple-press/admin/panel-users/spa-users.php&form=member-info&%_%', 'format' => 'userspage=%#%', 'add_args' => $args)); echo $user_search->page_links(); ?> </div> <?php } ?> <div> <label class="hidden" for="post-search-input"><?php spa_etext('Search Members'); ?> :</label> <input type="text" class="sfacontrol" id="post-search-input" name="usersearch" value="<?php echo esc_attr($user_search->search_term); ?> " /> <input type="button" class="button-primary" onclick="javascript:document.searchfilter.submit();" id="sfusersearch" name="sfusersearch" value="<?php spa_etext('Search Members'); ?> " /> </div> <br class="clear" /> </div> <br class="clear" /> </form> <?php if ($user_search->get_results()) { ?> <?php if ($user_search->is_search()) { ?> <p><a href="<?php echo SFADMINUSER; ?> "><?php echo sprintf(spa_text('%s Back to All Members'), '«'); ?> </a></p> <?php } ?> <table id="memTable" class="widefat fixed spMobileTable1280"> <thead> <tr> <th style="text-align:center;width:4%"><?php spa_etext('ID'); ?> </th> <th style="text-align:center;"><?php spa_etext('Login Name'); ?> </th> <th style="text-align:center;"><?php spa_etext('Display Name'); ?> </th> <th style="text-align:center;width:15%"><?php spa_etext('First Post'); ?> </th> <th style="text-align:center;width:15%"><?php spa_etext('Last Post'); ?> </th> <th style="text-align:center;width:3.5%"><?php spa_etext('Posts'); ?> </th> <th style="text-align:center;"><?php spa_etext('Last Visit'); ?> </th> <th style="text-align:center;"><?php spa_etext('Memberships'); ?> </th> <th style="text-align:center;width:auto;"><?php spa_etext('Rank'); ?> </th> <th style="text-align:center;"><?php spa_etext('Actions'); ?> </th> </tr> </thead> <tbody id="users" class="list:user user-list"> <?php $style = ''; $class = 'class="spMobileTableData"'; # grab user post/page counts $users = $user_search->get_results(); # output users foreach ($users as $userid) { $data = spa_get_members_info($userid); if ($data) { ?> <tr id="user-delete-<?php echo $userid; ?> " <?php echo $class; ?> > <td data-label='<?php spa_etext('ID'); ?> '><?php echo $userid; ?> </td> <td data-label='<?php spa_etext('Login Name'); ?> '><?php echo $data['login']; ?> </td> <?php $displayname = !empty($data['display_name']) ? $data['display_name'] : ''; ?> <td data-label='<?php spa_etext('Display Name'); ?> '><strong><?php echo sp_filter_name_display($displayname); ?> </strong></td> <td data-label='<?php spa_etext('First Post'); ?> '><?php echo $data['first']; ?> </td> <td data-label='<?php spa_etext('Last Post'); ?> '><?php echo $data['last']; ?> </td> <td data-label='<?php spa_etext('Posts'); ?> '> <?php if ($data['posts'] == -1) { echo '<img style="vertical-align:top" src="' . SFADMINIMAGES . 'sp_UserNoPosts.png" title="' . spa_text('User has not yet visited forum') . '" alt="" />'; } else { echo $data['posts']; } ?> </td> <td data-label='<?php spa_etext('Last Visit'); ?> '><?php echo sp_date('d', $data['lastvisit']); ?> </td> <td data-label='<?php spa_etext('Memberships'); ?> '><?php echo $data['memberships']; ?> </td> <td data-label='<?php spa_etext('Rank'); ?> '><?php echo $data['rank']; ?> </td> <td style="text-align:center"> <?php $site = SFHOMEURL . 'index.php?sp_ahah=profile&sfnonce=' . wp_create_nonce('forum-ahah') . "&action=popup&user={$userid}"; $title = spa_text('Member Profile'); $position = 'center'; echo '<a id="memberprofile' . $userid . '" href="javascript:void(null)" onclick="spjDialogAjax(this, \'' . $site . '\', \'' . $title . '\', 750, 0, \'' . $position . '\');"><img src="' . SFADMINIMAGES . 'sp_UserProfile.png" title="' . spa_text('View Member Profile') . '" alt="" /></a>'; # check to see if user can delete users before giving option to delete if (current_user_can('delete_user', $userid)) { $nonce = wp_create_nonce('bulk-users'); $url = admin_url('users.php?action=delete&user='******'&_wpnonce=' . $nonce . '&wp_http_referer=admin.php?page=simple-press/admin/panel-users/spa-users.php'); echo '<a href="' . $url . '"><img src="' . SFCOMMONIMAGES . 'delete.png" title="' . spa_text('Delete User') . '" alt="" />'; } ?> </td> </tr> <?php } $class = strpos($class, 'alternate') === false ? 'class="spMobileTableData alternate"' : 'class="spMobileTableData"'; } ?> </tbody> </table> <div class="tablenav"> <?php if ($user_search->results_are_paged()) { ?> <div class="tablenav-pages"><?php $user_search->page_links(); ?> </div> <?php } ?> <br class="clear" /> </div> <?php } spa_paint_close_fieldset(); spa_paint_close_panel(); do_action('sph_users_members_panel'); spa_paint_close_container(); spa_paint_close_tab(); }
function sp_SearchResults($args = '') { global $spSearchView, $spThisUser, $spListView; $defs = array('tagId' => 'spSearchList', 'tagClass' => 'spSearchSection', 'template' => 'spListView.php', 'first' => 0, 'get' => 0); $a = wp_parse_args($args, $defs); $a = apply_filters('sph_SearchResults_args', $a); extract($a, EXTR_SKIP); # sanitize before use $tagId = esc_attr($tagId); $tagClass = esc_attr($tagClass); $template = sp_filter_title_save($template); $first = (int) $first; $get = (int) $get; if ($get) { do_action('sph_search_results'); return $spSearchView->searchData; } echo "<div id='{$tagId}' class='{$tagClass}'>\n"; $spListView = new spTopicList($spSearchView->searchData, 0, false, '', $first, 1, 'search'); sp_load_template($template); echo "</div>\n"; }
function sp_post_notification($user, $message, $postid) { global $spThisUser; if (!$spThisUser->admin && !$spThisUser->moderator) { return; } $userid = spdb_table(SFMEMBERS, "display_name='{$user}'", 'user_id'); if (empty($userid)) { return; } $topic_id = spdb_table(SFPOSTS, "post_id={$postid}", 'topic_id'); $nData = array(); $nData['user_id'] = $userid; $nData['guest_email'] = ''; $nData['post_id'] = $postid; $nData['link'] = sp_permalink_from_postid($postid); $nData['link_text'] = spdb_table(SFTOPICS, "topic_id={$topic_id}", 'topic_name'); $nData['message'] = sp_filter_title_save($message); $nData['expires'] = $time; # 30 days; 24 hours; 60 mins; 60secs sp_add_notice($nData); }
function validateData() { $this->abort = false; $this->newpost['action'] = $this->action; # Check flood control (done here vice validatePermission() so we can use the return to post feature) if (!sp_get_auth('bypass_flood_control', $this->newpost['forumid'], $this->userid)) { $flood = sp_get_cache('floodcontrol'); if (!empty($flood) && time() < $flood) { $this->abort = true; $this->message = sp_text('Flood control exceeded, please slow down - Post cannot be saved yet'); return; } } # Check topic name if (empty($this->newpost['topicname'])) { $this->abort = true; $this->message = sp_text('No topic name has been entered and post cannot be saved'); return; } else { $this->newpost['topicname'] = sp_filter_title_save($this->newpost['topicname'], SFTOPICS, 'topic_name'); } # Check Post Content if (empty($this->newpost['postcontent'])) { $this->abort = true; $this->message = sp_text('No topic post has been entered and post cannot be saved'); return; } else { $this->newpost['postcontent_unescaped'] = sp_filter_content_save($this->newpost['postcontent'], 'new', false, SFPOSTS, 'post_content'); $this->newpost['postcontent'] = sp_filter_content_save($this->newpost['postcontent'], 'new', true, SFPOSTS, 'post_content'); } # Check and set user names/ids etc if ($this->guest) { $sfguests = sp_get_option('sfguests'); if (empty($this->newpost['guestname']) || (empty($this->newpost['guestemail']) || !is_email($this->newpost['guestemail'])) && $sfguests['reqemail']) { $this->abort = true; $this->message = sp_text('Guest name and valid email address required'); return; } # force maximum lengths $this->newpost['guestname'] = substr(sp_filter_name_save($this->newpost['guestname']), 0, 20); $this->newpost['guestemail'] = substr(sp_filter_email_save($this->newpost['guestemail']), 0, 50); $this->newpost['postername'] = $this->newpost['guestname']; $this->newpost['posteremail'] = $this->newpost['guestemail']; # check for blacklisted guest name $blockedGuest = sp_get_option('guest-name'); if (!empty($blockedGuest)) { $names = explode(',', $blockedGuest); foreach ($names as $name) { if (strtolower(trim($name)) == strtolower($this->newpost['guestname'])) { $this->abort = true; $this->message = sp_text('The guest name you have chosen is not allowed on this site'); return; } } } # check that the guest name is not the same as a current user $checkdupe = spdb_table(SFMEMBERS, "display_name='" . $this->newpost['guestname'] . "'", 'display_name'); if (!empty($checkdupe)) { $this->abort = true; $this->message = sp_text('This user name already belongs to a forum member'); return; } } # Check if links allowed or if maxmium links have been exceeded $sffilters = sp_get_option('sffilters'); if (!$this->admin) { $links = $this->count_links(); if (sp_get_auth('create_links', $this->newpost['forumid'], $this->userid)) { if ($sffilters['sfmaxlinks'] > 0 && $links > $sffilters['sfmaxlinks']) { $this->abort = true; $this->message = sp_text('Maximum number of allowed links exceeded') . ': ' . $sffilters['sfmaxlinks'] . ' ' . sp_text('allowed'); return; } } else { if ($links > 0) { $this->abort = true; $this->message = sp_text('You are not allowed to put links in post content'); return; } } } # Check if maxmium smileys have been exceeded if (!$this->admin) { if (isset($sffilters['sfmaxsmileys']) && $sffilters['sfmaxsmileys'] > 0 && $this->count_smileys() > $sffilters['sfmaxsmileys']) { $this->abort = true; $this->message = sp_text('Maximum number of allowed smileys exceeded') . ': ' . $sffilters['sfmaxsmileys'] . ' ' . sp_text('allowed'); return; } } # Check for duplicate post of option is set if ($this->member && $sffilters['sfdupemember'] == true || $this->guest && $sffilters['sfdupeguest'] == true) { # But not admin or moderator if (!$this->admin && !$this->moderator) { $dupecheck = spdb_table(SFPOSTS, 'forum_id = ' . $this->newpost['forumid'] . ' AND topic_id=' . $this->newpost['topicid'] . " AND post_content='" . $this->newpost['postcontent'] . "' AND poster_ip='" . $this->newpost['posterip'] . "'", 'row', '', '', ARRAY_A); if ($dupecheck) { $this->abort = true; $this->message = sp_text('Duplicate post refused'); return; } } } # Establish moderation status $bypassAll = sp_get_auth('bypass_moderation', $this->newpost['forumid'], $this->userid); $bypassOnce = sp_get_auth('bypass_moderation_once', $this->newpost['forumid'], $this->userid); if ($bypassAll == true && $bypassOnce == true) { $this->newpost['poststatus'] = 0; } else { if ($bypassAll == false && $bypassOnce == false) { $this->newpost['poststatus'] = 1; } else { if ($bypassAll == true && $bypassOnce == false) { $this->newpost['poststatus'] = 1; if ($this->member) { $prior = spdb_table(SFPOSTS, 'user_id=' . $this->newpost['userid'] . ' AND post_status=0', 'row', '', '1'); if ($prior) { $this->newpost['poststatus'] = 0; } } else { if ($this->guest) { $prior = spdb_table(SFPOSTS, "guest_name='" . $this->newpost['guestname'] . "' AND guest_email='" . $this->newpost['guestemail'] . "' AND post_status=0", 'row', '', '1'); if ($prior) { $this->newpost['poststatus'] = 0; } } } } else { $this->newpost['poststatus'] = 1; } } } # Finally one or two other data items if ($this->action == 'topic') { $this->newpost['topicslug'] = sp_create_slug($this->newpost['topicname'], true, SFTOPICS, 'topic_slug'); } else { $this->newpost['emailprefix'] = 'Re: '; } $this->newpost['groupname'] = sp_get_group_name_from_forum($this->newpost['forumid']); if (empty($this->newpost['forumname'])) { $this->newpost['forumname'] = spdb_table(SFFORUMS, "forum_slug='" . $this->newpost['forumslug'] . "'", 'forum_name'); } $this->newpost = apply_filters('sph_post_data_validation', $this->newpost); do_action('sph_pre_post_create', $this->newpost); $this->newpost = apply_filters('sph_new_forum_post', $this->newpost); }
function spa_save_forums_edit_group() { check_admin_referer('forum-adminform_groupedit', 'forum-adminform_groupedit'); $groupdata = array(); $group_id = sp_esc_int($_POST['group_id']); $groupdata['group_name'] = sp_filter_title_save(trim($_POST['group_name'])); $groupdata['group_desc'] = sp_filter_text_save(trim($_POST['group_desc'])); $groupdata['group_message'] = sp_filter_text_save(trim($_POST['group_message'])); $ug_list = array_unique($_POST['usergroup_id']); $perm_list = $_POST['role']; if (!empty($_POST['group_icon'])) { # Check new icon exists $groupdata['group_icon'] = sp_filter_title_save(trim($_POST['group_icon'])); $path = SFCUSTOMDIR . $groupdata['group_icon']; if (!file_exists($path)) { $mess = sprintf(spa_text('Custom icon %s does not exist'), $groupdata['group_icon']); return $mess; } } else { $groupdata['group_icon'] = null; } if (isset($_POST['group_rss'])) { $groupdata['group_rss'] = sp_filter_save_cleanurl($_POST['group_rss']); } else { $groupdata['group_rss'] = sp_filter_save_cleanurl($_POST['cgroup_rss']); } # save the default permissions for the group for ($x = 0; $x < count($ug_list); $x++) { $ug = sp_esc_int($ug_list[$x]); $perm = sp_esc_int($perm_list[$x]); if (spa_get_defpermissions_role($group_id, $ug)) { $sql = 'UPDATE ' . SFDEFPERMISSIONS . "\n\t\t\t\t\tSET permission_role={$perm}\n\t\t\t\t\tWHERE group_id={$group_id} AND usergroup_id={$ug}"; spdb_query($sql); } else { if ($perm != -1) { spa_add_defpermission_row($group_id, $ug, $perm); } } } if ($groupdata['group_name'] == $_POST['cgroup_name'] && $groupdata['group_desc'] == $_POST['cgroup_desc'] && $groupdata['group_rss'] == $_POST['cgroup_rss'] && $groupdata['group_message'] == $_POST['cgroup_message'] && $groupdata['group_icon'] == $_POST['cgroup_icon']) { $mess = spa_text('No data changed'); } else { $sql = 'UPDATE ' . SFGROUPS . ' SET '; $sql .= 'group_name="' . $groupdata['group_name'] . '", '; $sql .= 'group_desc="' . $groupdata['group_desc'] . '", '; $sql .= 'group_icon="' . $groupdata['group_icon'] . '", '; $sql .= 'group_rss="' . $groupdata['group_rss'] . '", '; $sql .= 'group_message="' . $groupdata['group_message'] . '" '; $sql .= "WHERE group_id={$group_id}"; $success = spdb_query($sql); if ($success == false) { $mess = spa_text('Group record update failed'); do_action('sph_forum_group_edit', $group_id); } else { $mess = spa_text('Forum group record updated'); } } # clear out group cache tpo enable change_user sp_flush_cache('group'); return $mess; }
function sp_add_notice($nData) { # see if we already have an notice here $notice = spdb_table(SFNOTICES, "user_id={$nData['user_id']} AND post_id={$nData['post_id']} AND message='{$nData['message']}'", 'notice_id'); if (!empty($notice)) { return; } # create the new notice $spdb = new spdbComplex(); $spdb->table = SFNOTICES; $spdb->fields = array('user_id', 'guest_email', 'post_id', 'link', 'link_text', 'message', 'expires'); $spdb->data = array($nData['user_id'], $nData['guest_email'], $nData['post_id'], $nData['link'], sp_filter_title_save($nData['link_text']), sp_filter_title_save($nData['message']), $nData['expires']); $spdb = apply_filters('sph_new_notice_data', $spdb); $spdb->insert(); }
function spa_update_specialrank($id) { check_admin_referer('special-rank-update', 'special-rank-update'); # save special forum ranks if (!empty($_POST['specialrankdesc'])) { $desc = $_POST['specialrankdesc']; $badge = $_POST['specialrankbadge']; $rank = sp_get_sfmeta('special_rank', false, $id); $rank[0]['meta_value']['badge'] = sp_filter_filename_save($badge[$id]); sp_update_sfmeta('special_rank', sp_filter_title_save(trim($desc[$id])), $rank[0]['meta_value'], $id, 1); } do_action('sph_component_srank_update_save'); $mess = spa_text('Special ranks updated'); return $mess; }
function sp_wp_list_pages($ptext) { global $spVars, $spGlobals; if (!empty($spVars['seotitle'])) { $seotitle = $spVars['seotitle']; $ptext = str_replace($seotitle, SFPAGETITLE, $ptext); $seotitle = html_entity_decode($seotitle, ENT_QUOTES); $seotitle = htmlspecialchars($seotitle, ENT_QUOTES, SFCHARSET); $ptext = str_replace($seotitle, SFPAGETITLE, $ptext); $seotitle = sp_filter_title_save($seotitle); $ptext = str_replace($seotitle, SFPAGETITLE, $ptext); $ptext = str_replace(strtoupper($seotitle), SFPAGETITLE, $ptext); } else { if ($spGlobals['display']['pagetitle']['banner'] || $spGlobals['display']['pagetitle']['notitle']) { $ptext = str_replace(sp_url() . '"></a>', sp_url() . '">' . SFPAGETITLE . '</a>', $ptext); } } return $ptext; }
function sp_create_auth_cat($name, $desc) { global $spVars; $success = false; # make sure the auth category doesnt already exist before we create it $name = sp_filter_title_save($name); $auth = spdb_table(SFAUTHCATS, "authcat_name='{$name}'", 'authcat_id'); if (empty($auth)) { $desc = sp_filter_title_save($desc); $slug = sp_create_slug($name, true, SFAUTHCATS, 'authcat_slug'); $sql = 'INSERT INTO ' . SFAUTHCATS . " (authcat_name, authcat_slug, authcat_desc) VALUES ('{$name}', '{$slug}', '{$desc}')"; $success = spdb_query($sql); } return $success; }
function spa_save_tabs_menus_data() { check_admin_referer('forum-adminform_tabsmenus', 'forum-adminform_tabsmenus'); if (!empty($_POST['spTabsOrder'])) { # grab the current tabs/menus and init new tabs array $newTabs = array(); $curTabs = sp_profile_get_tabs(); # need to cycle through all the tabs $tabList = explode('&', $_POST['spTabsOrder']); foreach ($tabList as $curTab => $tab) { $tab = sp_esc_str($tab); # extract the tab index from the jquery sortable mess $tabData = explode('=', $tab); $oldTab = $tabData[1]; # now move the tab stuff (except menus) to its new location $newTabs[$curTab]['name'] = sp_filter_title_save($_POST['tab-name-' . $oldTab]); $newTabs[$curTab]['slug'] = sp_filter_title_save($_POST['tab-slug-' . $oldTab]); $newTabs[$curTab]['auth'] = sp_filter_title_save($_POST['tab-auth-' . $oldTab]); $newTabs[$curTab]['display'] = isset($_POST['tab-display-' . $oldTab]) ? 1 : 0; # now update menus for this tab if (!empty($_POST['spMenusOrder' . $oldTab])) { $menuList = explode('&', $_POST['spMenusOrder' . $oldTab]); foreach ($menuList as $curMenu => $menu) { $menu = sp_esc_str($menu); # extract the menu index from the jquery sortable mess $menuData = explode('=', $menu); $thisMenu = $menuData[1]; # extract the tab the menu came from (what a pain!) $junk = explode('tab', $menuData[0]); $stop = strpos($junk[1], '['); $oldMenuTab = substr($junk[1], 0, $stop); # copy over the menu from old location to new location $newTabs[$curTab]['menus'][$curMenu]['name'] = sp_filter_title_save($_POST['menu-name-' . $oldMenuTab . '-' . $thisMenu]); $newTabs[$curTab]['menus'][$curMenu]['slug'] = sp_filter_title_save($_POST['menu-slug-' . $oldMenuTab . '-' . $thisMenu]); $newTabs[$curTab]['menus'][$curMenu]['auth'] = sp_filter_title_save($_POST['menu-auth-' . $oldMenuTab . '-' . $thisMenu]); $newTabs[$curTab]['menus'][$curMenu]['display'] = isset($_POST['menu-display-' . $oldMenuTab . '-' . $thisMenu]) ? 1 : 0; $form = str_replace('\\', '/', $_POST['menu-form-' . $oldMenuTab . '-' . $thisMenu]); # sanitize for Win32 installs $form = preg_replace('|/+|', '/', $form); # remove any duplicate slash $newTabs[$curTab]['menus'][$curMenu]['form'] = sp_esc_str($form); } } else { $newTabs[$curTab]['menus'] = array(); } } $mess = spa_text('Profile Tabs and Menus Updated!'); sp_add_sfmeta('profile', 'tabs', $newTabs); } else { $mess = spa_text('No Changes to profile tabs and menus'); } return $mess; }