function sp_can_view($forumid, $view, $userid = 0, $posterid = 0, $topicid = 0, $postid = 0) { global $spGlobals, $spThisUser, $spStatus; # bail if awaiting upgrade since no forums are visible if (!isset($spStatus) || isset($spStatus) && $spStatus != 'ok') { return; } # return false for any disabled forums since they are not shown on front end if (in_array($forumid, $spGlobals['disabled_forums'])) { return false; } # make sure we at least use the current user if (empty($userid)) { $userid = $spThisUser->ID; } $auth = false; switch ($view) { case 'forum-title': $auth = sp_get_auth('view_forum', $forumid, $userid) || sp_get_auth('view_forum_lists', $forumid, $userid) || sp_get_auth('view_forum_topic_lists', $forumid, $userid); $auth = apply_filters('sph_auth_view_forum_title', $auth, $forumid, $view, $userid, $posterid); break; case 'topic-title': $auth = sp_get_auth('view_forum', $forumid, $userid) || sp_get_auth('view_forum_topic_lists', $forumid, $userid); $auth = apply_filters('sph_auth_view_topic_title', $auth, $forumid, $view, $userid, $posterid); break; case 'post-content': $auth = sp_get_auth('view_forum', $forumid, $userid) && (!sp_is_forum_admin($posterid) || sp_get_auth('view_admin_posts', $forumid, $userid)) && (sp_is_forum_admin($posterid) || sp_is_forum_mod($posterid) || $userid == $posterid || !sp_get_auth('view_own_admin_posts', $forumid, $userid)); $auth = apply_filters('sph_auth_view_post_content', $auth, $forumid, $view, $userid, $posterid, $topicid, $postid); break; default: $auth = apply_filters('sph_auth_view_' . $view, $auth, $forumid, $view, $userid, $posterid, $topicid, $postid); break; } $auth = apply_filters('sph_auth_view', $auth, $forumid, $view, $userid, $posterid); return $auth; }
function sp_topicview_query($topicid = 0, $cPage = 1, $forumid = 0) { global $spGlobals, $spThisUser, $spVars; # do we have a valid topic id if ($topicid == 0) { $this->topicViewStatus = 'no data'; return; } else { $WHERE = SFTOPICS . '.topic_id=' . $topicid; } # default to no access $this->topicViewStatus = 'no access'; # some setup vars $startlimit = 0; $lastpage = 0; # how many posts per page? $ppaged = $spGlobals['display']['posts']['perpage']; if (!$ppaged) { $ppaged = 10; } # setup where we are in the post list (paging) if ($cPage != 1) { $startlimit = ($cPage - 1) * $ppaged; } $LIMIT = $startlimit . ', ' . $ppaged; # Set up order by $setSort = false; $reverse = false; $setSort = $spGlobals['display']['posts']['sortdesc']; if (isset($spGlobals['sort_order']['topic'])) { $reverse = array_search($topicid, (array) $spGlobals['sort_order']['topic']) !== false ? true : false; } if (isset($spThisUser->postDESC) && $spThisUser->postDESC) { $reverse = !$reverse; } if ($setSort xor $reverse) { $ORDER = 'post_pinned DESC, ' . SFPOSTS . ".post_id DESC"; } else { $ORDER = 'post_pinned DESC, ' . SFPOSTS . ".post_id ASC"; } # add newpost/sfwaiting support for admins $waitCheck = ', NULL AS new_post'; if ($spThisUser->admin || $spThisUser->moderator) { $waitCheck = ', ' . SFWAITING . '.post_count AS new_post'; } # Discover if this topic is in users new post list $maybeNewPost = false; if ($spThisUser->member && sp_is_in_users_newposts($topicid)) { $maybeNewPost = true; } # retrieve topic and post records $spdb = new spdbComplex(); $spdb->table = SFTOPICS; $spdb->found_rows = true; $spdb->fields = 'group_id, ' . SFTOPICS . '.topic_id, ' . SFTOPICS . '.forum_id, topic_name, topic_slug, topic_status, topic_pinned, topic_icon, topic_opened, ' . SFTOPICS . '.post_count, forum_name, forum_slug, forum_status, forum_disabled, forum_rss_private, ' . SFPOSTS . '.post_id, ' . spdb_zone_datetime('post_date') . ', ' . SFPOSTS . '.user_id, ' . SFTOPICS . '.user_id AS topic_starter, guest_name, guest_email, post_status, post_pinned, post_index, post_edit, poster_ip, source, post_content' . $waitCheck; $spdb->join = array(SFPOSTS . ' ON ' . SFTOPICS . '.topic_id=' . SFPOSTS . '.topic_id', SFFORUMS . ' ON ' . SFTOPICS . '.forum_id=' . SFFORUMS . '.forum_id'); if ($spThisUser->admin || $spThisUser->moderator) { $spdb->left_join = array(SFWAITING . ' ON ' . SFPOSTS . '.post_id=' . SFWAITING . '.post_id'); } $spdb->where = $WHERE; $spdb->orderby = $ORDER; $spdb->limits = $LIMIT; $spdb = apply_filters('sph_topicview_query', $spdb, $this); if (!empty($spThisUser->inspect['q_spTopicView'])) { $spdb->inspect = 'spTopicView'; $spdb->show = true; } $records = $spdb->select(); $t = array(); if ($records) { $tidx = $topicid; $pidx = 0; $r = current($records); if (sp_get_auth('view_forum', $r->forum_id)) { $this->topicViewStatus = 'data'; # construct the parent topic object $t[$tidx] = new stdClass(); $t[$tidx]->topic_id = $r->topic_id; $t[$tidx]->forum_id = $r->forum_id; $t[$tidx]->group_id = $r->group_id; $t[$tidx]->forum_name = sp_filter_title_display($r->forum_name); $t[$tidx]->topic_name = sp_filter_title_display($r->topic_name); $t[$tidx]->topic_slug = $r->topic_slug; $t[$tidx]->topic_opened = $r->topic_opened; $t[$tidx]->forum_status = $r->forum_status; $t[$tidx]->topic_pinned = $r->topic_pinned; $t[$tidx]->forum_disabled = $r->forum_disabled; $t[$tidx]->forum_slug = $r->forum_slug; $t[$tidx]->forum_rss_private = $r->forum_rss_private; $t[$tidx]->topic_permalink = sp_build_url($r->forum_slug, $r->topic_slug, 1, 0); $t[$tidx]->topic_status = $r->topic_status; $t[$tidx]->topic_icon = sanitize_file_name($r->topic_icon); $t[$tidx]->rss = ''; $t[$tidx]->editmode = 0; $t[$tidx]->tools_flag = 1; $t[$tidx]->display_page = $this->topicPage; $t[$tidx]->posts_per_page = $ppaged; $t[$tidx]->unread = 0; # user calc_rows and nor post_count as - for example - some posts may be hiodden by choice. $t[$tidx]->post_count = spdb_select('var', 'SELECT FOUND_ROWS()'); # Can the user create new topics or should we lock the forum? $t[$tidx]->start_topics = sp_get_auth('start_topics', $r->forum_id); $t[$tidx]->reply_topics = sp_get_auth('reply_topics', $r->forum_id); $t[$tidx]->reply_own_topics = sp_get_auth('reply_own_topics', $r->forum_id); # grab topic start info $t[$tidx]->topic_starter = $r->topic_starter; $totalPages = $r->post_count / $ppaged; if (!is_int($totalPages)) { $totalPages = intval($totalPages) + 1; } $t[$tidx]->total_pages = $totalPages; if ($setSort xor $reverse) { if ($cPage == 1) { $lastpage = true; } } else { if ($cPage == $totalPages) { $lastpage = true; } } $t[$tidx]->last_page = $lastpage; $t[$tidx] = apply_filters('sph_topicview_topic_record', $t[$tidx], $r); reset($records); unset($r); # now loop through the post records $newPostFlag = false; $firstPostPage = 1; $pinned = 0; # define post id and post user id arrays for plugins to use in combined filter $p = array(); $u = array(); foreach ($records as $r) { $pidx = $r->post_id; $p[] = $pidx; # prepare for user object $cUser = $spThisUser->ID == $r->user_id; $cSmall = !$cUser; $t[$tidx]->posts[$pidx] = new stdClass(); $t[$tidx]->posts[$pidx]->post_id = $r->post_id; $t[$tidx]->posts[$pidx]->post_date = $r->post_date; $t[$tidx]->posts[$pidx]->user_id = $r->user_id; $t[$tidx]->posts[$pidx]->guest_name = sp_filter_name_display($r->guest_name); $t[$tidx]->posts[$pidx]->guest_email = sp_filter_email_display($r->guest_email); $t[$tidx]->posts[$pidx]->post_status = $r->post_status; $t[$tidx]->posts[$pidx]->post_pinned = $r->post_pinned; $t[$tidx]->posts[$pidx]->post_index = $r->post_index; $t[$tidx]->posts[$pidx]->poster_ip = $r->poster_ip; $t[$tidx]->posts[$pidx]->source = $r->source; $t[$tidx]->posts[$pidx]->post_permalink = sp_build_url($r->forum_slug, $r->topic_slug, $cPage, $r->post_id); $t[$tidx]->posts[$pidx]->edits = ''; $t[$tidx]->posts[$pidx]->last_post = 0; $t[$tidx]->posts[$pidx]->last_post_on_page = 0; $t[$tidx]->posts[$pidx]->first_post_on_page = $firstPostPage; $t[$tidx]->posts[$pidx]->editmode = 0; $t[$tidx]->posts[$pidx]->post_content = sp_filter_content_display($r->post_content); $t[$tidx]->posts[$pidx]->first_pinned = 0; $t[$tidx]->posts[$pidx]->last_pinned = 0; $t[$tidx]->posts[$pidx]->postUser = new stdClass(); $t[$tidx]->posts[$pidx]->postUser = clone sp_get_user($r->user_id, $cUser, $cSmall); # populate the user guest name and email in case the poster is a guest if ($r->user_id == 0) { $t[$tidx]->posts[$pidx]->postUser->guest_name = $t[$tidx]->posts[$pidx]->guest_name; $t[$tidx]->posts[$pidx]->postUser->guest_email = $t[$tidx]->posts[$pidx]->guest_email; $t[$tidx]->posts[$pidx]->postUser->display_name = $t[$tidx]->posts[$pidx]->guest_name; $t[$tidx]->posts[$pidx]->postUser->ip = $t[$tidx]->posts[$pidx]->poster_ip; } # pinned status if ($firstPostPage == 1 && $r->post_pinned) { $t[$tidx]->posts[$pidx]->first_pinned = true; $pinned = $pidx; } if ($firstPostPage == 0 && $pinned > 0 && $r->post_pinned == false) { $t[$tidx]->posts[$pinned]->last_pinned = true; } elseif ($r->post_pinned) { $pinned = $pidx; } $firstPostPage = 0; # Is this a new post for the current user? if ($spThisUser->guest) { $newPostFlag = false; } else { if ($maybeNewPost && strtotime($r->post_date) > strtotime($spThisUser->lastvisit)) { $newPostFlag = true; } if (isset($r->new_post)) { $newPostFlag = true; } } $t[$tidx]->posts[$pidx]->new_post = $newPostFlag; # do we need to hide an admin post? if (!sp_get_auth('view_admin_posts', $r->forum_id) && sp_is_forum_admin($r->user_id)) { $adminview = sp_get_sfmeta('adminview', 'message'); if ($adminview) { $t[$tidx]->posts[$pidx]->post_content = '<div class="spMessage">'; $t[$tidx]->posts[$pidx]->post_content .= sp_filter_text_display($adminview[0]['meta_value']); $t[$tidx]->posts[$pidx]->post_content .= '</div>'; } else { $t[$tidx]->posts[$pidx]->post_content = ''; } } # do we need to hide an others posts? if (sp_get_auth('view_own_admin_posts', $r->forum_id) && !sp_is_forum_admin($r->user_id) && !sp_is_forum_mod($r->user_id) && $spThisUser->ID != $r->user_id) { $userview = sp_get_sfmeta('userview', 'message'); if ($userview) { $t[$tidx]->posts[$pidx]->post_content = '<div class="spMessage">'; $t[$tidx]->posts[$pidx]->post_content .= sp_filter_text_display($userview[0]['meta_value']); $t[$tidx]->posts[$pidx]->post_content .= '</div>'; } else { $t[$tidx]->posts[$pidx]->post_content = ''; } } # Is this post to be edited? if ($spVars['displaymode'] == 'edit' && $spVars['postedit'] == $r->post_id) { $t[$tidx]->editmode = 1; $t[$tidx]->editpost_id = $r->post_id; $t[$tidx]->editpost_content = sp_filter_content_edit($r->post_content); $t[$tidx]->posts[$pidx]->editmode = 1; } # Add edit history if (!empty($r->post_edit) && is_serialized($r->post_edit)) { $edits = unserialize($r->post_edit); $eidx = 0; foreach ($edits as $e) { $t[$tidx]->posts[$pidx]->edits[$eidx] = new stdClass(); $t[$tidx]->posts[$pidx]->edits[$eidx]->by = $e['by']; $t[$tidx]->posts[$pidx]->edits[$eidx]->at = $e['at']; $eidx++; } } if (!in_array($r->user_id, $u)) { $u[] = $r->user_id; } $t[$tidx]->posts[$pidx] = apply_filters('sph_topicview_post_records', $t[$tidx]->posts[$pidx], $r); } # index of post IDs with position in listing $t[$tidx]->post_keys = $p; $t[$tidx]->posts[$pidx]->last_post = $lastpage; $t[$tidx]->posts[$pidx]->last_post_on_page = 1; # save last post on page id $t[$tidx]->last_post_id = $r->post_id; # allow plugins to add more data to combined topic/post data structure $t[$tidx] = apply_filters('sph_topicview_combined_data', $t[$tidx], $p, $u); unset($records); } else { # check for view forum lists but not topic lists if (sp_can_view($r->forum_id, 'forum-title')) { $this->topicViewStatus = 'sneak peek'; } } } return $t; }
$Rev: 10210 $ */ if (preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) { die('Access denied - you cannot directly call this file'); } sp_forum_api_support(); sp_load_editor(0, 1); global $s0ThisUser; $postid = sp_esc_int($_GET['post']); $forumid = sp_esc_int($_GET['forumid']); if (empty($forumid) || empty($postid)) { die; } if (!sp_get_auth('reply_topics', $forumid)) { if (!is_user_logged_in()) { sp_etext('Access denied - are you logged in?'); } else { sp_etext('Access denied - you do not have permission'); } die; } $post = spdb_table(SFPOSTS, "post_id={$postid}", 'row'); if (!sp_get_auth('view_admin_posts', $forumid) && sp_is_forum_admin($post->user_id)) { die; } if (sp_get_auth('view_own_admin_posts', $forumid) && !sp_is_forum_admin($post->user_id) && !sp_is_forum_mod($post->user_id) && $spThisUser->ID != $post->user_id) { die; } $content = sp_filter_content_edit($post->post_content); echo $content; die;
function sp_UsersAlsoViewing($args = '', $messageLabel = '') { global $spThisUser, $spVars; $defs = array('tagClass' => 'spAlsoViewingContainer', 'userHolder' => 'spBrowsingUserHolder', 'browsingClass' => 'spBrowsingTopic', 'messageClass' => 'spBrowsingMessage', 'avatarClass' => 'spAvatar', 'avatarSize' => 30, 'includeAdmins' => 1, 'includeMods' => 1, 'includeMembers' => 0, 'displayToAll' => 0, 'echo' => 1, 'get' => 0); $a = wp_parse_args($args, $defs); $a = apply_filters('sph_UsersAlsoViewing_args', $a); extract($a, EXTR_SKIP); # sanitize before use $tagClass = esc_attr($tagClass); $browsingClass = esc_attr($browsingClass); $messageClass = esc_attr($messageClass); $avatarClass = esc_attr($avatarClass); $avatarSize = (int) $avatarSize; $includeAdmins = (int) $includeAdmins; $includeMods = (int) $includeMods; $includeMembers = (int) $includeMembers; $displayToAll = (int) $displayToAll; $echo = (int) $echo; $get = (int) $get; # get online user data $members = sp_get_members_online(); if ($get) { return $members; } $out = ''; $tout = ''; # get member info to check against members browsing topic if ($members) { foreach ($members as $user) { if ($spThisUser->ID != $user->trackuserid) { if (!empty($spVars['pageview'])) { if ($spVars['pageview'] == 'topic' && $user->topic_id == $spVars['topicid']) { # check to see if admin, mod, or user if ($displayToAll || $spThisUser->admin && $includeAdmins && sp_is_forum_admin($user->trackuserid) || $displayToAll || $spThisUser->admin && $includeMods && sp_is_forum_mod($user->trackuserid) || $displayToAll || $spThisUser->admin && $includeMembers && !sp_is_forum_mod($user->trackuserid != 0)) { $tout .= "<div class='{$userHolder}'>"; $tout .= sp_UserAvatar("tagClass={$avatarClass}&size={$avatarSize}&link=none&context=user&echo=0", $user->trackuserid); $tout .= "<span class='{$browsingClass}'>"; $tout .= sp_build_name_display($user->trackuserid, $user->display_name); $tout .= "</span>"; $tout .= "<br><span> {$messageLabel}</span>"; $tout .= "</div>"; } } } } } } if (!empty($tout)) { $out = "<div class='{$tagClass}'>"; $out .= $tout; $out .= "</div>"; } # finish it up if ($echo) { echo $out; } else { return $out; } }
function sp_PostIndexQuote($args = '', $label = '', $toolTip = '') { global $spThisUser, $spThisPost, $spThisPostUser, $spThisTopic, $spGlobals; # checks for displaying button if ($spThisTopic->editmode) { return; } if ($spThisPost->post_status != 0 && !$spThisUser->admin) { return; } if (!sp_get_auth('reply_topics', $spThisTopic->forum_id)) { return; } if (($spGlobals['lockdown'] || $spThisTopic->forum_status || $spThisTopic->topic_status) && !$spThisUser->admin) { return; } if (!sp_get_auth('view_admin_posts', $spThisTopic->forum_id) && sp_is_forum_admin($spThisPost->user_id)) { return; } if (sp_get_auth('view_own_admin_posts', $spThisTopic->forum_id) && !sp_is_forum_admin($spThisPost->user_id) && !sp_is_forum_mod($spThisPost->user_id) && $spThisUser->ID != $spThisPost->user_id) { return; } $defs = array('tagId' => 'spPostIndexQuote%ID%', 'tagClass' => 'spButton', 'icon' => 'sp_QuotePost.png', 'iconClass' => 'spIcon', 'echo' => 1); $a = wp_parse_args($args, $defs); $a = apply_filters('sph_PostIndexQuote_args', $a); extract($a, EXTR_SKIP); # sanitize before use $tagId = esc_attr($tagId); $tagClass = esc_attr($tagClass); $icon = sanitize_file_name($icon); $iconClass = esc_attr($iconClass); $toolTip = esc_attr($toolTip); $echo = (int) $echo; $tagId = str_ireplace('%ID%', $spThisPost->post_id, $tagId); $quoteUrl = SFHOMEURL . "index.php?sp_ahah=quote&sfnonce=" . wp_create_nonce('forum-ahah'); if ($spThisPostUser->member) { $name = $spThisPostUser->display_name; } else { $name = $spThisPost->guest_name; } $intro = esc_js($name . ' ' . sp_text('said') . ' '); $out = "<a class='{$tagClass} vtip' id='{$tagId}' title='{$toolTip}' rel='nofollow' href='javascript:void(null)' "; $out .= 'onclick="spjQuotePost(' . $spThisPost->post_id . ', \'' . $intro . '\', ' . $spThisTopic->forum_id . ', \'' . $quoteUrl . '\');">'; if (!empty($icon)) { $out .= "<img class='{$iconClass}' src='" . sp_find_icon(SPTHEMEICONSURL, $icon) . "' alt=''/>\n"; } if (!empty($label)) { $out .= sp_filter_title_display($label); } $out .= "</a>\n"; $out = apply_filters('sph_PostIndexQuote', $out, $a); if ($echo) { echo $out; } else { return $out; } }