function sp_featured_admin_options_save()
{
check_admin_referer('forum-adminform_userplugin', 'forum-adminform_userplugin');
# Save options
$topics = sp_filter_title_save(trim($_POST['topic_list']));
$topics = explode(',', $topics);
sp_add_sfmeta('featured', 'topics', $topics, true);
$posts = sp_filter_title_save(trim($_POST['post_list']));
$posts = explode(',', $posts);
sp_add_sfmeta('featured', 'posts', $posts, true);
$out = __('Featured topics and posts options updated', 'sp-featured');
return $out;
}
function spa_save_usergroups_edit_usergroup()
{
check_admin_referer('forum-adminform_usergroupedit', 'forum-adminform_usergroupedit');
$usergroupdata = array();
$usergroup_id = sp_esc_int($_POST['usergroup_id']);
$usergroupdata['usergroup_name'] = sp_filter_title_save(trim($_POST['usergroup_name']));
$usergroupdata['usergroup_desc'] = sp_filter_title_save(trim($_POST['usergroup_desc']));
$usergroupdata['usergroup_badge'] = sp_filter_filename_save(trim($_POST['usergroup_badge']));
if (isset($_POST['usergroup_join'])) {
$usergroupdata['usergroup_join'] = 1;
} else {
$usergroupdata['usergroup_join'] = 0;
}
if (isset($_POST['usergroup_is_moderator'])) {
$usergroupdata['usergroup_is_moderator'] = 1;
} else {
$usergroupdata['usergroup_is_moderator'] = 0;
}
# update the user group info
$sql = 'UPDATE ' . SFUSERGROUPS . ' SET ';
$sql .= 'usergroup_name="' . $usergroupdata['usergroup_name'] . '", ';
$sql .= 'usergroup_desc="' . $usergroupdata['usergroup_desc'] . '", ';
$sql .= 'usergroup_badge="' . $usergroupdata['usergroup_badge'] . '", ';
$sql .= 'usergroup_join="' . $usergroupdata['usergroup_join'] . '", ';
$sql .= 'usergroup_is_moderator="' . $usergroupdata['usergroup_is_moderator'] . '" ';
$sql .= "WHERE usergroup_id={$usergroup_id}";
$success = spdb_query($sql);
sp_reset_memberships();
if ($success == false) {
$mess = spa_text('User group update failed');
} else {
$mess = spa_text('User group record updated');
do_action('sph_usergroup_new', $usergroup_id);
}
return $mess;
}
spa_etext('No users with this special rank');
}
echo '</fieldset>';
}
if ($action == 'delsmiley') {
$file = sp_esc_str($_GET['file']);
$path = SF_STORE_DIR . '/' . $spPaths['smileys'] . '/' . $file;
@unlink($path);
# load smiles from sfmeta
$meta = sp_get_sfmeta('smileys', 'smileys');
# now cycle through to remove this entry and resave
if (!empty($meta[0]['meta_value'])) {
$newsmileys = array();
foreach ($meta[0]['meta_value'] as $name => $info) {
if ($info[0] != $file) {
$newsmileys[$name][0] = sp_filter_title_save($info[0]);
$newsmileys[$name][1] = sp_filter_name_save($info[1]);
$newsmileys[$name][2] = sp_filter_name_save($info[2]);
$newsmileys[$name][3] = $info[3];
$newsmileys[$name][4] = $info[4];
}
}
sp_update_sfmeta('smileys', 'smileys', $newsmileys, $meta[0]['meta_id'], true);
}
echo '1';
}
if ($action == 'delbadge') {
$file = sp_esc_str($_GET['file']);
$path = SF_STORE_DIR . '/' . $spPaths['ranks'] . '/' . $file;
@unlink($path);
echo '1';
function sp_UpdateProfile()
{
global $spGlobals, $spThisUser;
# make sure nonce is there
check_admin_referer('forum-profile', 'forum-profile');
$message = array();
# dont update forum if its locked down
if ($spGlobals['lockdown']) {
$message['type'] = 'error';
$message['text'] = sp_text('This forum is currently locked - access is read only - profile not updated');
return $message;
}
# do we have a form to update?
if (isset($_GET['form'])) {
$thisForm = sp_esc_str($_GET['form']);
} else {
$message['type'] = 'error';
$message['text'] = sp_text('Profile update aborted - no valid form');
return $message;
}
# do we have an actual user to update?
if (isset($_GET['userid'])) {
$thisUser = sp_esc_int($_GET['userid']);
} else {
$message['type'] = 'error';
$message['text'] = sp_text('Profile update aborted - no valid user');
return $message;
}
# Check the user ID for current user of admin edit
if ($thisUser != $spThisUser->ID && !$spThisUser->admin) {
$message['type'] = 'error';
$message['text'] = sp_text('Profile update aborted - no valid user');
return $message;
}
if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) {
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (empty($pass1) || empty($pass2) || $pass1 != $pass2) {
$message['type'] = 'error';
$message['text'] = sp_text('Cannot save profile until password has been changed');
return $message;
}
}
# form save filter
$thisForm = apply_filters('sph_profile_save_thisForm', $thisForm);
# valid save attempt, so lets process the save
switch ($thisForm) {
case 'show-memberships':
# update memberships
# any usergroup removals?
if (isset($_POST['usergroup_leave'])) {
foreach ($_POST['usergroup_leave'] as $membership) {
sp_remove_membership(sp_esc_str($membership), $thisUser);
}
}
# any usergroup joins?
if (isset($_POST['usergroup_join'])) {
foreach ($_POST['usergroup_join'] as $membership) {
sp_add_membership(sp_esc_int($membership), $thisUser);
}
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfileMemberships', $message, $thisUser);
# output update message
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Memberships updated');
}
break;
case 'account-settings':
# update account settings
# check for password update
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (!empty($pass1) || !empty($pass2)) {
if ($pass1 != $pass2) {
$message['type'] = 'error';
$message['text'] = sp_text('Please enter the same password in the two password fields');
return $message;
} else {
# update the password
$user = new stdClass();
$user->ID = (int) $thisUser;
$user->user_pass = $pass1;
wp_update_user(get_object_vars($user));
if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) {
delete_user_meta($spThisUser->ID, 'sp_change_pw');
}
}
}
# now check the email is valid and unique
$update = apply_filters('sph_ProfileUserEmailUpdate', true);
if ($update) {
$curEmail = sp_filter_email_save($_POST['curemail']);
$email = sp_filter_email_save($_POST['email']);
if ($email != $curEmail) {
if (empty($email)) {
$message['type'] = 'error';
$message['text'] = sp_text('Please enter a valid email address');
return $message;
} elseif (($owner_id = email_exists($email)) && $owner_id != $thisUser) {
$message['type'] = 'error';
$message['text'] = sp_text('The email address is already registered. Please choose another one');
return $message;
}
# save new email address
$sql = 'UPDATE ' . SFUSERS . " SET user_email='{$email}' WHERE ID=" . $thisUser;
spdb_query($sql);
}
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfileSettings', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Account settings updated');
}
break;
case 'edit-profile':
# update profile settings
# validate any username change
$update = apply_filters('sph_ProfileUserDisplayNameUpdate', true);
if ($update) {
$spProfile = sp_get_option('sfprofile');
if ($spProfile['nameformat'] || $spThisUser->admin) {
$display_name = !empty($_POST['display_name']) ? trim($_POST['display_name']) : spdb_table(SFUSERS, "ID={$thisUser}", 'user_login');
$display_name = sp_filter_name_save($display_name);
# make sure display name isnt already used
if ($_POST['oldname'] != $display_name) {
$records = spdb_table(SFMEMBERS, "display_name='{$display_name}'");
if ($records) {
foreach ($records as $record) {
if ($record->user_id != $thisUser) {
$message['type'] = 'error';
$message['text'] = $display_name . ' ' . sp_text('is already in use - please choose a different display name');
return $message;
}
}
}
# validate display name
$errors = new WP_Error();
$user = new stdClass();
$user->display_name = $display_name;
sp_validate_display_name($errors, true, $user);
if ($errors->get_error_codes()) {
$message['type'] = 'error';
$message['text'] = sp_text('The display name you have chosen is not allowed on this site');
return $message;
}
# now save the display name
sp_update_member_item($thisUser, 'display_name', $display_name);
# Update new users list with changed display name
sp_update_newuser_name(sp_filter_name_save($_POST['oldname']), $display_name);
# do we need to sync display name with wp?
$options = sp_get_member_item($thisUser, 'user_options');
if ($options['namesync']) {
spdb_query('UPDATE ' . SFUSERS . ' SET display_name="' . $display_name . '" WHERE ID=' . $thisUser);
}
}
}
}
# save the url
$update = apply_filters('sph_ProfileUserWebsiteUpdate', true);
if ($update) {
$url = sp_filter_url_save($_POST['website']);
$sql = 'UPDATE ' . SFUSERS . ' SET user_url="' . $url . '" WHERE ID=' . $thisUser;
spdb_query($sql);
}
# update first name, last name, location and biorgraphy
$update = apply_filters('sph_ProfileUserFirstNameUpdate', true);
if ($update) {
update_user_meta($thisUser, 'first_name', sp_filter_name_save(trim($_POST['first_name'])));
}
$update = apply_filters('sph_ProfileUserLastNameUpdate', true);
if ($update) {
update_user_meta($thisUser, 'last_name', sp_filter_name_save(trim($_POST['last_name'])));
}
$update = apply_filters('sph_ProfileUserLocationUpdate', true);
if ($update) {
update_user_meta($thisUser, 'location', sp_filter_title_save(trim($_POST['location'])));
}
$update = apply_filters('sph_ProfileUserBiographyUpdate', true);
if ($update) {
update_user_meta($thisUser, 'description', sp_filter_save_kses($_POST['description']));
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfileProfile', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Profile settings updated');
}
break;
case 'edit-identities':
# update identity settings
# update the user identities
$update = apply_filters('sph_ProfileUserAIMUpdate', true);
if ($update) {
update_user_meta($thisUser, 'aim', sp_filter_title_save(trim($_POST['aim'])));
}
$update = apply_filters('sph_ProfileUserYahooUpdate', true);
if ($update) {
update_user_meta($thisUser, 'yim', sp_filter_title_save(trim($_POST['yim'])));
}
$update = apply_filters('sph_ProfileUserGoogleUpdate', true);
if ($update) {
update_user_meta($thisUser, 'jabber', sp_filter_title_save(trim($_POST['jabber'])));
}
$update = apply_filters('sph_ProfileUserMSNUpdate', true);
if ($update) {
update_user_meta($thisUser, 'msn', sp_filter_title_save(trim($_POST['msn'])));
}
$update = apply_filters('sph_ProfileUserICQUpdate', true);
if ($update) {
update_user_meta($thisUser, 'icq', sp_filter_title_save(trim($_POST['icq'])));
}
$update = apply_filters('sph_ProfileUserSkypeUpdate', true);
if ($update) {
update_user_meta($thisUser, 'skype', sp_filter_title_save(trim($_POST['skype'])));
}
$update = apply_filters('sph_ProfileUserFacebookUpdate', true);
if ($update) {
update_user_meta($thisUser, 'facebook', sp_filter_title_save(trim($_POST['facebook'])));
}
$update = apply_filters('sph_ProfileUserMySpaceUpdate', true);
if ($update) {
update_user_meta($thisUser, 'myspace', sp_filter_title_save(trim($_POST['myspace'])));
}
$update = apply_filters('sph_ProfileUserTwitterUpdate', true);
if ($update) {
update_user_meta($thisUser, 'twitter', sp_filter_title_save(trim($_POST['twitter'])));
}
$update = apply_filters('sph_ProfileUserLinkedInUpdate', true);
if ($update) {
update_user_meta($thisUser, 'linkedin', sp_filter_title_save(trim($_POST['linkedin'])));
}
$update = apply_filters('sph_ProfileUserYouTubeUpdate', true);
if ($update) {
update_user_meta($thisUser, 'youtube', sp_filter_title_save(trim($_POST['youtube'])));
}
$update = apply_filters('sph_ProfileUserGooglePlusUpdate', true);
if ($update) {
update_user_meta($thisUser, 'googleplus', sp_filter_title_save(trim($_POST['googleplus'])));
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfileIdentities', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Identities updated');
}
break;
case 'avatar-upload':
# upload avatar
# did we get an avatar to upload?
if (empty($_FILES['avatar-upload']['name'])) {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the avatar filename was empty');
return $message;
}
# Verify the file extension
global $spPaths;
$uploaddir = SF_STORE_DIR . '/' . $spPaths['avatars'] . '/';
$filename = basename($_FILES['avatar-upload']['name']);
$path = pathinfo($filename);
$ext = strtolower($path['extension']);
if ($ext != 'jpg' && $ext != 'jpeg' && $ext != 'gif' && $ext != 'png') {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, only JPG, JPEG, PNG, or GIF files are allowed');
return $message;
}
# check image file mimetype
$mimetype = 0;
$mimetype = exif_imagetype($_FILES['avatar-upload']['tmp_name']);
if (empty($mimetype) || $mimetype == 0 || $mimetype > 3) {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the avatar file is an invalid format');
return $message;
}
# make sure file extension and mime type actually match
if ($mimetype == 1 && $ext != 'gif' || $mimetype == 2 && ($ext != 'jpg' && $ext != 'jpeg') || $mimetype == 3 && $ext != 'png') {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the file mime type does not match file extension');
return $message;
}
# Clean up file name just in case
$filename = date('U') . sp_filter_filename_save(basename($_FILES['avatar-upload']['name']));
$uploadfile = $uploaddir . $filename;
# check for existence
if (file_exists($uploadfile)) {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the avatar file already exists');
return $message;
}
# check file size against limit if provided
$spAvatars = sp_get_option('sfavatars');
if ($_FILES['avatar-upload']['size'] > $spAvatars['sfavatarfilesize']) {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the avatar file exceeds the maximum allowed size');
return $message;
}
# valid avatar, so try moving the uploaded file to the avatar storage directory
if (move_uploaded_file($_FILES['avatar-upload']['tmp_name'], $uploadfile)) {
@chmod("{$uploadfile}", 0644);
# do we need to resize?
$sfavatars = sp_get_option('sfavatars');
if ($sfavatars['sfavatarresize']) {
$editor = wp_get_image_editor($uploadfile);
if (is_wp_error($editor)) {
@unlink($uploadfile);
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, there was a problem resizing the avatar');
return $message;
} else {
$editor->resize($sfavatars['sfavatarsize'], $sfavatars['sfavatarsize'], true);
$imageinfo = $editor->save($uploadfile);
$filename = $imageinfo['file'];
}
}
# update member avatar data
$avatar = sp_get_member_item($thisUser, 'avatar');
$avatar['uploaded'] = $filename;
sp_update_member_item($thisUser, 'avatar', $avatar);
} else {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, the avatar file could not be moved to the avatar storage location');
return $message;
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfileAvatarUpload', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Uploaded avatar updated');
}
break;
case 'avatar-pool':
# pool avatar
# get pool avatar name
$filename = sp_filter_filename_save($_POST['spPoolAvatar']);
# error if no pool avatar provided
if (empty($filename)) {
$message['type'] = 'error';
$message['text'] = sp_text('Sorry, you must select a pool avatar before trying to save it');
return $message;
}
# save the pool avatar
$avatar = sp_get_member_item($thisUser, 'avatar');
$avatar['pool'] = $filename;
sp_update_member_item($thisUser, 'avatar', $avatar);
# fire action for plugins
$message = apply_filters('sph_UpdateProfileAvatarPool', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Pool avatar updated');
}
break;
case 'avatar-remote':
# remote avatar
# get remote avatar name
$filename = sp_filter_url_save($_POST['spAvatarRemote']);
$avatar = sp_get_member_item($thisUser, 'avatar');
$avatar['remote'] = $filename;
sp_update_member_item($thisUser, 'avatar', $avatar);
# fire action for plugins
$message = apply_filters('sph_UpdateProfileAvatarRemote', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Remote avatar updated');
}
break;
case 'edit-signature':
# save signature
# Check if maxmium links has been exceeded
$numLinks = substr_count($_POST['postitem'], '</a>');
$spFilters = sp_get_option('sffilters');
if (!sp_get_auth('create_links', 'global', $thisUser) && $numLinks > 0 && !$spThisUser->admin) {
$message['type'] = 'error';
$message['text'] = sp_text('You are not allowed to put links in signatures');
return $message;
}
if (sp_get_auth('create_links', 'global', $thisUser) && $spFilters['sfmaxlinks'] != 0 && $numLinks > $spFilters['sfmaxlinks'] && !$spThisUser->admin) {
$message['type'] = 'error';
$message['text'] = sp_text('Maximum number of allowed links exceeded in signature') . ': ' . $spFilters['sfmaxlinks'] . ' ' . sp_text('allowed');
return $message;
}
// $sig = esc_sql(sp_filter_save_kses(trim($_POST['postitem'])));
$sig = sp_filter_content_save($_POST['postitem'], 'edit');
sp_update_member_item($thisUser, 'signature', $sig);
# fire action for plugins
$message = apply_filters('sph_UpdateProfileSignature', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Signature updated');
}
break;
case 'edit-photos':
# save photos
$photos = array();
$spProfileOptions = sp_get_option('sfprofile');
for ($x = 0; $x < $spProfileOptions['photosmax']; $x++) {
$photos[$x] = sp_filter_url_save($_POST['photo' . $x]);
}
update_user_meta($thisUser, 'photos', $photos);
# fire action for plugins
$message = apply_filters('sph_UpdateProfilePhotos', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Photos updated');
}
break;
case 'edit-global-options':
# save global options
$options = sp_get_member_item($thisUser, 'user_options');
$options['hidestatus'] = isset($_POST['hidestatus']) ? true : false;
$update = apply_filters('sph_ProfileUserSyncNameUpdate', true);
if ($update) {
$options['namesync'] = isset($_POST['namesync']) ? true : false;
}
sp_update_member_item($thisUser, 'user_options', $options);
# fire action for plugins
$message = apply_filters('sph_UpdateProfileGlobalOptions', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Global options updated');
}
break;
case 'edit-posting-options':
# save posting options
$update = apply_filters('sph_ProfileUserEditorUpdate', true);
if ($update) {
$options = sp_get_member_item($thisUser, 'user_options');
if (isset($_POST['editor'])) {
$options['editor'] = sp_esc_int($_POST['editor']);
}
sp_update_member_item($thisUser, 'user_options', $options);
}
# fire action for plugins
$message = apply_filters('sph_UpdateProfilePostingOptions', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Posting options updated');
}
break;
case 'edit-display-options':
# save display options
$options = sp_get_member_item($thisUser, 'user_options');
if (isset($_POST['timezone'])) {
if (preg_match('/^UTC[+-]/', $_POST['timezone'])) {
# correct for manual UTC offets
$userOffset = preg_replace('/UTC\\+?/', '', $_POST['timezone']) * 3600;
} else {
# get timezone offset for user
$date_time_zone_selected = new DateTimeZone(sp_esc_str($_POST['timezone']));
$userOffset = timezone_offset_get($date_time_zone_selected, date_create());
}
# get timezone offset for server based on wp settings
$wptz = get_option('timezone_string');
if (empty($wptz)) {
$serverOffset = get_option('gmt_offset');
} else {
$date_time_zone_selected = new DateTimeZone($wptz);
$serverOffset = timezone_offset_get($date_time_zone_selected, date_create());
}
# calculate time offset between user and server
$options['timezone'] = (int) round(($userOffset - $serverOffset) / 3600, 2);
$options['timezone_string'] = sp_esc_str($_POST['timezone']);
} else {
$options['timezone'] = 0;
$options['timezone_string'] = 'UTC';
}
if (isset($_POST['unreadposts'])) {
$sfcontrols = sp_get_option('sfcontrols');
$options['unreadposts'] = is_numeric($_POST['unreadposts']) ? max(min(sp_esc_int($_POST['unreadposts']), $sfcontrols['sfmaxunreadposts']), 0) : $sfcontrols['sfdefunreadposts'];
}
$options['topicASC'] = isset($_POST['topicASC']);
$options['postDESC'] = isset($_POST['postDESC']);
sp_update_member_item($thisUser, 'user_options', $options);
# fire action for plugins
$message = apply_filters('sph_UpdateProfileDisplayOptions', $message, $thisUser);
# output profile save status
if (empty($message)) {
$message['type'] = 'success';
$message['text'] = sp_text('Display options updated');
}
break;
default:
break;
}
# let plugins do their thing on success
$message = apply_filters('sph_ProfileFormSave_' . $thisForm, $message, $thisUser, $thisForm);
do_action('sph_UpdateProfile', $thisUser, $thisForm);
# reset the plugin_data just in case
sp_reset_member_plugindata($thisUser);
# done saving - return the messages
return $message;
}
function sp_profile_delete_menu($tab, $name)
{
# sanitize before use
$tab = sp_filter_title_save($tab);
$name = sp_filter_title_save($name);
# get the current tabs
$tabs = sp_profile_get_tabs();
if (empty($tabs)) {
return false;
}
# find the requested tab
foreach ($tabs as &$thisTab) {
if ($thisTab['name'] == $tab) {
# make sure the menu doesnt already exist on this tab
if ($thisTab['menus']) {
foreach ($thisTab['menus'] as $index => $menu) {
if ($menu['name'] == $name) {
unset($thisTab['menus'][$index]);
}
}
$thisTab['menus'] = array_values($thisTab['menus']);
}
}
}
# reorder tabs afer removal and save
$newtabs = serialize(array_values($tabs));
$result = sp_add_sfmeta('profile', 'tabs', $tabs);
return $result;
}
function spa_save_integration_storage_data()
{
check_admin_referer('forum-adminform_storage', 'forum-adminform_storage');
$mess = spa_text('Storage locations updated');
$sfstorage = array();
$sfstorage = sp_get_option('sfconfig');
if (!empty($_POST['plugins'])) {
$sfstorage['plugins'] = trim(sp_filter_title_save(trim($_POST['plugins'])), '/');
}
if (!empty($_POST['themes'])) {
$sfstorage['themes'] = trim(sp_filter_title_save(trim($_POST['themes'])), '/');
}
if (!empty($_POST['avatars'])) {
$sfstorage['avatars'] = trim(sp_filter_title_save(trim($_POST['avatars'])), '/');
}
if (!empty($_POST['avatar-pool'])) {
$sfstorage['avatar-pool'] = trim(sp_filter_title_save(trim($_POST['avatar-pool'])), '/');
}
if (!empty($_POST['smileys'])) {
$sfstorage['smileys'] = trim(sp_filter_title_save(trim($_POST['smileys'])), '/');
}
if (!empty($_POST['ranks'])) {
$sfstorage['ranks'] = trim(sp_filter_title_save(trim($_POST['ranks'])), '/');
}
if (!empty($_POST['image-uploads'])) {
$sfstorage['image-uploads'] = trim(sp_filter_title_save(trim($_POST['image-uploads'])), '/');
}
if (!empty($_POST['media-uploads'])) {
$sfstorage['media-uploads'] = trim(sp_filter_title_save(trim($_POST['media-uploads'])), '/');
}
if (!empty($_POST['file-uploads'])) {
$sfstorage['file-uploads'] = trim(sp_filter_title_save(trim($_POST['file-uploads'])), '/');
}
if (!empty($_POST['custom-icons'])) {
$sfstorage['custom-icons'] = trim(sp_filter_title_save(trim($_POST['custom-icons'])), '/');
}
if (!empty($_POST['language-sp'])) {
$sfstorage['language-sp'] = trim(sp_filter_title_save(trim($_POST['language-sp'])), '/');
}
if (!empty($_POST['language-sp-plugins'])) {
$sfstorage['language-sp-plugins'] = trim(sp_filter_title_save(trim($_POST['language-sp-plugins'])), '/');
}
if (!empty($_POST['language-sp-themes'])) {
$sfstorage['language-sp-themes'] = trim(sp_filter_title_save(trim($_POST['language-sp-themes'])), '/');
}
if (!empty($_POST['cache'])) {
$sfstorage['cache'] = trim(sp_filter_title_save(trim($_POST['cache'])), '/');
}
sp_update_option('sfconfig', $sfstorage);
do_action('sph_integration_storage_save');
return $mess;
}
function spa_save_email_data()
{
check_admin_referer('forum-adminform_email', 'forum-adminform_email');
$mess = spa_text('Options updated');
# Save Email Options
# Thanks to Andrew Hamilton for these routines (mail-from plugion)
# Remove any illegal characters and convert to lowercase both the user name and domain name
$domain_input_errors = array('http://', 'https://', 'ftp://', 'www.');
$domainname = strtolower(sp_filter_title_save(trim($_POST['sfmaildomain'])));
$domainname = str_replace($domain_input_errors, '', $domainname);
$domainname = preg_replace('/[^0-9a-z\\-\\.]/i', '', $domainname);
$illegal_chars_username = array('(', ')', '<', '>', ',', ';', ':', '\\', '"', '[', ']', '@', ' ');
$username = strtolower(sp_filter_name_save(trim($_POST['sfmailfrom'])));
$username = str_replace($illegal_chars_username, '', $username);
$sfmail = array();
$sfmail['sfmailsender'] = sp_filter_name_save(trim($_POST['sfmailsender']));
$sfmail['sfmailfrom'] = $username;
$sfmail['sfmaildomain'] = $domainname;
$sfmail['sfmailuse'] = isset($_POST['sfmailuse']);
sp_update_option('sfmail', $sfmail);
# Save new user mail options
$sfmail = array();
$sfmail['sfusespfreg'] = isset($_POST['sfusespfreg']);
$sfmail['sfnewusersubject'] = sp_filter_title_save(trim($_POST['sfnewusersubject']));
$sfmail['sfnewusertext'] = sp_filter_title_save(trim($_POST['sfnewusertext']));
sp_update_option('sfnewusermail', $sfmail);
do_action('sph_option_email_save');
return $mess;
}
function spa_save_permissions_new_auth()
{
check_admin_referer('forum-adminform_authnew', 'forum-adminform_authnew');
# create the auth
if (!empty($_POST['auth_name'])) {
$active = isset($_POST['auth_active']) ? 1 : 0;
$ignored = isset($_POST['auth_guests']) ? 1 : 0;
$enabling = isset($_POST['auth_enabling']) ? 1 : 0;
$result = sp_add_auth(sp_filter_title_save($_POST['auth_name']), sp_filter_title_save($_POST['auth_desc']), $active, $ignored, $enabling);
if ($result) {
# reset the auths to account for new auth
sp_reset_auths();
$mess = spa_text('New auth added');
} else {
$mess = spa_text('New auth failed - duplicate auth?');
}
} else {
$mess = spa_text('New auth failed - missing data');
}
return $mess;
}
function spa_update_specialrank($id)
{
check_admin_referer('special-rank-update', 'special-rank-update');
# save special forum ranks
if (!empty($_POST['specialrankdesc'])) {
$desc = $_POST['specialrankdesc'];
$badge = $_POST['specialrankbadge'];
$rank = sp_get_sfmeta('special_rank', false, $id);
$rank[0]['meta_value']['badge'] = sp_filter_filename_save($badge[$id]);
sp_update_sfmeta('special_rank', sp_filter_title_save(trim($desc[$id])), $rank[0]['meta_value'], $id, 1);
if ($_POST['currentname'][$id] != $desc[$id]) {
spdb_query("UPDATE " . SFSPECIALRANKS . "\n\t\t\t\t\t\tSET special_rank = '" . $desc[$id] . "'\n\t\t\t\t\t\tWHERE special_rank = '" . $_POST['currentname'][$id] . "'");
}
}
do_action('sph_component_srank_update_save');
$mess = spa_text('Special ranks updated');
return $mess;
}
function spa_users_members_form()
{
spa_paint_options_init();
spa_paint_open_tab(spa_text('Users') . ' - ' . spa_text('Member Information'), true);
spa_paint_open_panel();
spa_paint_open_fieldset(spa_text('Member Information'), 'true', 'users-info');
if (isset($_POST['usersearch'])) {
$term = sp_filter_title_save(trim($_POST['usersearch']));
} else {
$term = '';
}
if (isset($_GET['userspage'])) {
$page = sp_esc_int($_GET['userspage']);
} else {
$page = '';
}
$user_search = new SP_User_Search($term, $page);
?>
<form id="posts-filter" name="searchfilter" action="<?php
echo SFADMINUSER . '&form=member-info';
?>
" method="post">
<div class="tablenav">
<?php
if ($user_search->results_are_paged()) {
?>
<div class="tablenav-pages">
<?php
$args = array();
if (!empty($user_search->search_term)) {
$args['usersearch'] = urlencode($user_search->search_term);
}
$user_search->paging_text = paginate_links(array('total' => ceil($user_search->total_users_for_query / $user_search->users_per_page), 'current' => $user_search->page, 'base' => 'admin.php?page=simple-press/admin/panel-users/spa-users.php&form=member-info&%_%', 'format' => 'userspage=%#%', 'add_args' => $args));
echo $user_search->page_links();
?>
</div>
<?php
}
?>
<div>
<label class="hidden" for="post-search-input"><?php
spa_etext('Search Members');
?>
:</label>
<input type="text" class="sfacontrol" id="post-search-input" name="usersearch" value="<?php
echo esc_attr($user_search->search_term);
?>
" />
<input type="button" class="button-primary" onclick="javascript:document.searchfilter.submit();" id="sfusersearch" name="sfusersearch" value="<?php
spa_etext('Search Members');
?>
" />
</div>
<br class="clear" />
</div>
<br class="clear" />
</form>
<?php
if ($user_search->get_results()) {
?>
<?php
if ($user_search->is_search()) {
?>
<p><a href="<?php
echo SFADMINUSER;
?>
"><?php
echo sprintf(spa_text('%s Back to All Members'), '«');
?>
</a></p>
<?php
}
?>
<table id="memTable" class="widefat fixed spMobileTable1280">
<thead>
<tr>
<th style="text-align:center;width:4%"><?php
spa_etext('ID');
?>
</th>
<th style="text-align:center;"><?php
spa_etext('Login Name');
?>
</th>
<th style="text-align:center;"><?php
spa_etext('Display Name');
?>
</th>
<th style="text-align:center;width:15%"><?php
spa_etext('First Post');
?>
</th>
<th style="text-align:center;width:15%"><?php
spa_etext('Last Post');
?>
</th>
<th style="text-align:center;width:3.5%"><?php
spa_etext('Posts');
?>
</th>
<th style="text-align:center;"><?php
spa_etext('Last Visit');
?>
</th>
<th style="text-align:center;"><?php
spa_etext('Memberships');
?>
</th>
<th style="text-align:center;width:auto;"><?php
spa_etext('Rank');
?>
</th>
<th style="text-align:center;"><?php
spa_etext('Actions');
?>
</th>
</tr>
</thead>
<tbody id="users" class="list:user user-list">
<?php
$style = '';
$class = 'class="spMobileTableData"';
# grab user post/page counts
$users = $user_search->get_results();
# output users
foreach ($users as $userid) {
$data = spa_get_members_info($userid);
if ($data) {
?>
<tr id="user-delete-<?php
echo $userid;
?>
" <?php
echo $class;
?>
>
<td data-label='<?php
spa_etext('ID');
?>
'><?php
echo $userid;
?>
</td>
<td data-label='<?php
spa_etext('Login Name');
?>
'><?php
echo $data['login'];
?>
</td>
<?php
$displayname = !empty($data['display_name']) ? $data['display_name'] : '';
?>
<td data-label='<?php
spa_etext('Display Name');
?>
'><strong><?php
echo sp_filter_name_display($displayname);
?>
</strong></td>
<td data-label='<?php
spa_etext('First Post');
?>
'><?php
echo $data['first'];
?>
</td>
<td data-label='<?php
spa_etext('Last Post');
?>
'><?php
echo $data['last'];
?>
</td>
<td data-label='<?php
spa_etext('Posts');
?>
'>
<?php
if ($data['posts'] == -1) {
echo '<img style="vertical-align:top" src="' . SFADMINIMAGES . 'sp_UserNoPosts.png" title="' . spa_text('User has not yet visited forum') . '" alt="" />';
} else {
echo $data['posts'];
}
?>
</td>
<td data-label='<?php
spa_etext('Last Visit');
?>
'><?php
echo sp_date('d', $data['lastvisit']);
?>
</td>
<td data-label='<?php
spa_etext('Memberships');
?>
'><?php
echo $data['memberships'];
?>
</td>
<td data-label='<?php
spa_etext('Rank');
?>
'><?php
echo $data['rank'];
?>
</td>
<td style="text-align:center">
<?php
$site = SFHOMEURL . 'index.php?sp_ahah=profile&sfnonce=' . wp_create_nonce('forum-ahah') . "&action=popup&user={$userid}";
$title = spa_text('Member Profile');
$position = 'center';
echo '<a id="memberprofile' . $userid . '" href="javascript:void(null)" onclick="spjDialogAjax(this, \'' . $site . '\', \'' . $title . '\', 750, 0, \'' . $position . '\');"><img src="' . SFADMINIMAGES . 'sp_UserProfile.png" title="' . spa_text('View Member Profile') . '" alt="" /></a>';
# check to see if user can delete users before giving option to delete
if (current_user_can('delete_user', $userid)) {
$nonce = wp_create_nonce('bulk-users');
$url = admin_url('users.php?action=delete&user='******'&_wpnonce=' . $nonce . '&wp_http_referer=admin.php?page=simple-press/admin/panel-users/spa-users.php');
echo '<a href="' . $url . '"><img src="' . SFCOMMONIMAGES . 'delete.png" title="' . spa_text('Delete User') . '" alt="" />';
}
?>
</td>
</tr>
<?php
}
$class = strpos($class, 'alternate') === false ? 'class="spMobileTableData alternate"' : 'class="spMobileTableData"';
}
?>
</tbody>
</table>
<div class="tablenav">
<?php
if ($user_search->results_are_paged()) {
?>
<div class="tablenav-pages"><?php
$user_search->page_links();
?>
</div>
<?php
}
?>
<br class="clear" />
</div>
<?php
}
spa_paint_close_fieldset();
spa_paint_close_panel();
do_action('sph_users_members_panel');
spa_paint_close_container();
spa_paint_close_tab();
}
function sp_SearchResults($args = '')
{
global $spSearchView, $spThisUser, $spListView;
$defs = array('tagId' => 'spSearchList', 'tagClass' => 'spSearchSection', 'template' => 'spListView.php', 'first' => 0, 'get' => 0);
$a = wp_parse_args($args, $defs);
$a = apply_filters('sph_SearchResults_args', $a);
extract($a, EXTR_SKIP);
# sanitize before use
$tagId = esc_attr($tagId);
$tagClass = esc_attr($tagClass);
$template = sp_filter_title_save($template);
$first = (int) $first;
$get = (int) $get;
if ($get) {
do_action('sph_search_results');
return $spSearchView->searchData;
}
echo "<div id='{$tagId}' class='{$tagClass}'>\n";
$spListView = new spTopicList($spSearchView->searchData, 0, false, '', $first, 1, 'search');
sp_load_template($template);
echo "</div>\n";
}
function sp_post_notification($user, $message, $postid)
{
global $spThisUser;
if (!$spThisUser->admin && !$spThisUser->moderator) {
return;
}
$userid = spdb_table(SFMEMBERS, "display_name='{$user}'", 'user_id');
if (empty($userid)) {
return;
}
$topic_id = spdb_table(SFPOSTS, "post_id={$postid}", 'topic_id');
$nData = array();
$nData['user_id'] = $userid;
$nData['guest_email'] = '';
$nData['post_id'] = $postid;
$nData['link'] = sp_permalink_from_postid($postid);
$nData['link_text'] = spdb_table(SFTOPICS, "topic_id={$topic_id}", 'topic_name');
$nData['message'] = sp_filter_title_save($message);
$nData['expires'] = $time;
# 30 days; 24 hours; 60 mins; 60secs
sp_add_notice($nData);
}
function validateData()
{
$this->abort = false;
$this->newpost['action'] = $this->action;
# Check flood control (done here vice validatePermission() so we can use the return to post feature)
if (!sp_get_auth('bypass_flood_control', $this->newpost['forumid'], $this->userid)) {
$flood = sp_get_cache('floodcontrol');
if (!empty($flood) && time() < $flood) {
$this->abort = true;
$this->message = sp_text('Flood control exceeded, please slow down - Post cannot be saved yet');
return;
}
}
# Check topic name
if (empty($this->newpost['topicname'])) {
$this->abort = true;
$this->message = sp_text('No topic name has been entered and post cannot be saved');
return;
} else {
$this->newpost['topicname'] = sp_filter_title_save($this->newpost['topicname'], SFTOPICS, 'topic_name');
}
# Check Post Content
if (empty($this->newpost['postcontent'])) {
$this->abort = true;
$this->message = sp_text('No topic post has been entered and post cannot be saved');
return;
} else {
$this->newpost['postcontent_unescaped'] = sp_filter_content_save($this->newpost['postcontent'], 'new', false, SFPOSTS, 'post_content');
$this->newpost['postcontent'] = sp_filter_content_save($this->newpost['postcontent'], 'new', true, SFPOSTS, 'post_content');
}
# Check and set user names/ids etc
if ($this->guest) {
$sfguests = sp_get_option('sfguests');
if (empty($this->newpost['guestname']) || (empty($this->newpost['guestemail']) || !is_email($this->newpost['guestemail'])) && $sfguests['reqemail']) {
$this->abort = true;
$this->message = sp_text('Guest name and valid email address required');
return;
}
# force maximum lengths
$this->newpost['guestname'] = substr(sp_filter_name_save($this->newpost['guestname']), 0, 20);
$this->newpost['guestemail'] = substr(sp_filter_email_save($this->newpost['guestemail']), 0, 50);
$this->newpost['postername'] = $this->newpost['guestname'];
$this->newpost['posteremail'] = $this->newpost['guestemail'];
# check for blacklisted guest name
$blockedGuest = sp_get_option('guest-name');
if (!empty($blockedGuest)) {
$names = explode(',', $blockedGuest);
foreach ($names as $name) {
if (strtolower(trim($name)) == strtolower($this->newpost['guestname'])) {
$this->abort = true;
$this->message = sp_text('The guest name you have chosen is not allowed on this site');
return;
}
}
}
# check that the guest name is not the same as a current user
$checkdupe = spdb_table(SFMEMBERS, "display_name='" . $this->newpost['guestname'] . "'", 'display_name');
if (!empty($checkdupe)) {
$this->abort = true;
$this->message = sp_text('This user name already belongs to a forum member');
return;
}
}
# Check if links allowed or if maxmium links have been exceeded
$sffilters = sp_get_option('sffilters');
if (!$this->admin) {
$links = $this->count_links();
if (sp_get_auth('create_links', $this->newpost['forumid'], $this->userid)) {
if ($sffilters['sfmaxlinks'] > 0 && $links > $sffilters['sfmaxlinks']) {
$this->abort = true;
$this->message = sp_text('Maximum number of allowed links exceeded') . ': ' . $sffilters['sfmaxlinks'] . ' ' . sp_text('allowed');
return;
}
} else {
if ($links > 0) {
$this->abort = true;
$this->message = sp_text('You are not allowed to put links in post content');
return;
}
}
}
# Check if maxmium smileys have been exceeded
if (!$this->admin) {
if (isset($sffilters['sfmaxsmileys']) && $sffilters['sfmaxsmileys'] > 0 && $this->count_smileys() > $sffilters['sfmaxsmileys']) {
$this->abort = true;
$this->message = sp_text('Maximum number of allowed smileys exceeded') . ': ' . $sffilters['sfmaxsmileys'] . ' ' . sp_text('allowed');
return;
}
}
# Check for duplicate post of option is set
if ($this->member && $sffilters['sfdupemember'] == true || $this->guest && $sffilters['sfdupeguest'] == true) {
# But not admin or moderator
if (!$this->admin && !$this->moderator) {
$dupecheck = spdb_table(SFPOSTS, 'forum_id = ' . $this->newpost['forumid'] . ' AND topic_id=' . $this->newpost['topicid'] . " AND post_content='" . $this->newpost['postcontent'] . "' AND poster_ip='" . $this->newpost['posterip'] . "'", 'row', '', '', ARRAY_A);
if ($dupecheck) {
$this->abort = true;
$this->message = sp_text('Duplicate post refused');
return;
}
}
}
# Establish moderation status
$bypassAll = sp_get_auth('bypass_moderation', $this->newpost['forumid'], $this->userid);
$bypassOnce = sp_get_auth('bypass_moderation_once', $this->newpost['forumid'], $this->userid);
if ($bypassAll == true && $bypassOnce == true) {
$this->newpost['poststatus'] = 0;
} else {
if ($bypassAll == false && $bypassOnce == false) {
$this->newpost['poststatus'] = 1;
} else {
if ($bypassAll == true && $bypassOnce == false) {
$this->newpost['poststatus'] = 1;
if ($this->member) {
$prior = spdb_table(SFPOSTS, 'user_id=' . $this->newpost['userid'] . ' AND post_status=0', 'row', '', '1');
if ($prior) {
$this->newpost['poststatus'] = 0;
}
} else {
if ($this->guest) {
$prior = spdb_table(SFPOSTS, "guest_name='" . $this->newpost['guestname'] . "' AND guest_email='" . $this->newpost['guestemail'] . "' AND post_status=0", 'row', '', '1');
if ($prior) {
$this->newpost['poststatus'] = 0;
}
}
}
} else {
$this->newpost['poststatus'] = 1;
}
}
}
# Finally one or two other data items
if ($this->action == 'topic') {
$this->newpost['topicslug'] = sp_create_slug($this->newpost['topicname'], true, SFTOPICS, 'topic_slug');
} else {
$this->newpost['emailprefix'] = 'Re: ';
}
$this->newpost['groupname'] = sp_get_group_name_from_forum($this->newpost['forumid']);
if (empty($this->newpost['forumname'])) {
$this->newpost['forumname'] = spdb_table(SFFORUMS, "forum_slug='" . $this->newpost['forumslug'] . "'", 'forum_name');
}
$this->newpost = apply_filters('sph_post_data_validation', $this->newpost);
do_action('sph_pre_post_create', $this->newpost);
$this->newpost = apply_filters('sph_new_forum_post', $this->newpost);
}
function spa_save_forums_edit_group()
{
check_admin_referer('forum-adminform_groupedit', 'forum-adminform_groupedit');
$groupdata = array();
$group_id = sp_esc_int($_POST['group_id']);
$groupdata['group_name'] = sp_filter_title_save(trim($_POST['group_name']));
$groupdata['group_desc'] = sp_filter_text_save(trim($_POST['group_desc']));
$groupdata['group_message'] = sp_filter_text_save(trim($_POST['group_message']));
$ug_list = array_unique($_POST['usergroup_id']);
$perm_list = $_POST['role'];
if (!empty($_POST['group_icon'])) {
# Check new icon exists
$groupdata['group_icon'] = sp_filter_title_save(trim($_POST['group_icon']));
$path = SFCUSTOMDIR . $groupdata['group_icon'];
if (!file_exists($path)) {
$mess = sprintf(spa_text('Custom icon %s does not exist'), $groupdata['group_icon']);
return $mess;
}
} else {
$groupdata['group_icon'] = null;
}
if (isset($_POST['group_rss'])) {
$groupdata['group_rss'] = sp_filter_save_cleanurl($_POST['group_rss']);
} else {
$groupdata['group_rss'] = sp_filter_save_cleanurl($_POST['cgroup_rss']);
}
# save the default permissions for the group
for ($x = 0; $x < count($ug_list); $x++) {
$ug = sp_esc_int($ug_list[$x]);
$perm = sp_esc_int($perm_list[$x]);
if (spa_get_defpermissions_role($group_id, $ug)) {
$sql = 'UPDATE ' . SFDEFPERMISSIONS . "\n\t\t\t\t\tSET permission_role={$perm}\n\t\t\t\t\tWHERE group_id={$group_id} AND usergroup_id={$ug}";
spdb_query($sql);
} else {
if ($perm != -1) {
spa_add_defpermission_row($group_id, $ug, $perm);
}
}
}
if ($groupdata['group_name'] == $_POST['cgroup_name'] && $groupdata['group_desc'] == $_POST['cgroup_desc'] && $groupdata['group_rss'] == $_POST['cgroup_rss'] && $groupdata['group_message'] == $_POST['cgroup_message'] && $groupdata['group_icon'] == $_POST['cgroup_icon']) {
$mess = spa_text('No data changed');
} else {
$sql = 'UPDATE ' . SFGROUPS . ' SET ';
$sql .= 'group_name="' . $groupdata['group_name'] . '", ';
$sql .= 'group_desc="' . $groupdata['group_desc'] . '", ';
$sql .= 'group_icon="' . $groupdata['group_icon'] . '", ';
$sql .= 'group_rss="' . $groupdata['group_rss'] . '", ';
$sql .= 'group_message="' . $groupdata['group_message'] . '" ';
$sql .= "WHERE group_id={$group_id}";
$success = spdb_query($sql);
if ($success == false) {
$mess = spa_text('Group record update failed');
do_action('sph_forum_group_edit', $group_id);
} else {
$mess = spa_text('Forum group record updated');
}
}
# clear out group cache tpo enable change_user
sp_flush_cache('group');
return $mess;
}
function sp_add_notice($nData)
{
# see if we already have an notice here
$notice = spdb_table(SFNOTICES, "user_id={$nData['user_id']} AND post_id={$nData['post_id']} AND message='{$nData['message']}'", 'notice_id');
if (!empty($notice)) {
return;
}
# create the new notice
$spdb = new spdbComplex();
$spdb->table = SFNOTICES;
$spdb->fields = array('user_id', 'guest_email', 'post_id', 'link', 'link_text', 'message', 'expires');
$spdb->data = array($nData['user_id'], $nData['guest_email'], $nData['post_id'], $nData['link'], sp_filter_title_save($nData['link_text']), sp_filter_title_save($nData['message']), $nData['expires']);
$spdb = apply_filters('sph_new_notice_data', $spdb);
$spdb->insert();
}
function spa_update_specialrank($id)
{
check_admin_referer('special-rank-update', 'special-rank-update');
# save special forum ranks
if (!empty($_POST['specialrankdesc'])) {
$desc = $_POST['specialrankdesc'];
$badge = $_POST['specialrankbadge'];
$rank = sp_get_sfmeta('special_rank', false, $id);
$rank[0]['meta_value']['badge'] = sp_filter_filename_save($badge[$id]);
sp_update_sfmeta('special_rank', sp_filter_title_save(trim($desc[$id])), $rank[0]['meta_value'], $id, 1);
}
do_action('sph_component_srank_update_save');
$mess = spa_text('Special ranks updated');
return $mess;
}
function sp_wp_list_pages($ptext)
{
global $spVars, $spGlobals;
if (!empty($spVars['seotitle'])) {
$seotitle = $spVars['seotitle'];
$ptext = str_replace($seotitle, SFPAGETITLE, $ptext);
$seotitle = html_entity_decode($seotitle, ENT_QUOTES);
$seotitle = htmlspecialchars($seotitle, ENT_QUOTES, SFCHARSET);
$ptext = str_replace($seotitle, SFPAGETITLE, $ptext);
$seotitle = sp_filter_title_save($seotitle);
$ptext = str_replace($seotitle, SFPAGETITLE, $ptext);
$ptext = str_replace(strtoupper($seotitle), SFPAGETITLE, $ptext);
} else {
if ($spGlobals['display']['pagetitle']['banner'] || $spGlobals['display']['pagetitle']['notitle']) {
$ptext = str_replace(sp_url() . '"></a>', sp_url() . '">' . SFPAGETITLE . '</a>', $ptext);
}
}
return $ptext;
}
function sp_create_auth_cat($name, $desc)
{
global $spVars;
$success = false;
# make sure the auth category doesnt already exist before we create it
$name = sp_filter_title_save($name);
$auth = spdb_table(SFAUTHCATS, "authcat_name='{$name}'", 'authcat_id');
if (empty($auth)) {
$desc = sp_filter_title_save($desc);
$slug = sp_create_slug($name, true, SFAUTHCATS, 'authcat_slug');
$sql = 'INSERT INTO ' . SFAUTHCATS . " (authcat_name, authcat_slug, authcat_desc) VALUES ('{$name}', '{$slug}', '{$desc}')";
$success = spdb_query($sql);
}
return $success;
}
function spa_save_tabs_menus_data()
{
check_admin_referer('forum-adminform_tabsmenus', 'forum-adminform_tabsmenus');
if (!empty($_POST['spTabsOrder'])) {
# grab the current tabs/menus and init new tabs array
$newTabs = array();
$curTabs = sp_profile_get_tabs();
# need to cycle through all the tabs
$tabList = explode('&', $_POST['spTabsOrder']);
foreach ($tabList as $curTab => $tab) {
$tab = sp_esc_str($tab);
# extract the tab index from the jquery sortable mess
$tabData = explode('=', $tab);
$oldTab = $tabData[1];
# now move the tab stuff (except menus) to its new location
$newTabs[$curTab]['name'] = sp_filter_title_save($_POST['tab-name-' . $oldTab]);
$newTabs[$curTab]['slug'] = sp_filter_title_save($_POST['tab-slug-' . $oldTab]);
$newTabs[$curTab]['auth'] = sp_filter_title_save($_POST['tab-auth-' . $oldTab]);
$newTabs[$curTab]['display'] = isset($_POST['tab-display-' . $oldTab]) ? 1 : 0;
# now update menus for this tab
if (!empty($_POST['spMenusOrder' . $oldTab])) {
$menuList = explode('&', $_POST['spMenusOrder' . $oldTab]);
foreach ($menuList as $curMenu => $menu) {
$menu = sp_esc_str($menu);
# extract the menu index from the jquery sortable mess
$menuData = explode('=', $menu);
$thisMenu = $menuData[1];
# extract the tab the menu came from (what a pain!)
$junk = explode('tab', $menuData[0]);
$stop = strpos($junk[1], '[');
$oldMenuTab = substr($junk[1], 0, $stop);
# copy over the menu from old location to new location
$newTabs[$curTab]['menus'][$curMenu]['name'] = sp_filter_title_save($_POST['menu-name-' . $oldMenuTab . '-' . $thisMenu]);
$newTabs[$curTab]['menus'][$curMenu]['slug'] = sp_filter_title_save($_POST['menu-slug-' . $oldMenuTab . '-' . $thisMenu]);
$newTabs[$curTab]['menus'][$curMenu]['auth'] = sp_filter_title_save($_POST['menu-auth-' . $oldMenuTab . '-' . $thisMenu]);
$newTabs[$curTab]['menus'][$curMenu]['display'] = isset($_POST['menu-display-' . $oldMenuTab . '-' . $thisMenu]) ? 1 : 0;
$form = str_replace('\\', '/', $_POST['menu-form-' . $oldMenuTab . '-' . $thisMenu]);
# sanitize for Win32 installs
$form = preg_replace('|/+|', '/', $form);
# remove any duplicate slash
$newTabs[$curTab]['menus'][$curMenu]['form'] = sp_esc_str($form);
}
} else {
$newTabs[$curTab]['menus'] = array();
}
}
$mess = spa_text('Profile Tabs and Menus Updated!');
sp_add_sfmeta('profile', 'tabs', $newTabs);
} else {
$mess = spa_text('No Changes to profile tabs and menus');
}
return $mess;
}
