/**
* Common actions for all methods in the class
*/
public function pre_dispatch()
{
global $context;
$context['page_title'] = $context['forum_name'];
if (isset($context['page_title_html_safe'])) {
$context['page_title_html_safe'] = Util::htmlspecialchars(un_htmlspecialchars($context['page_title']));
}
if (!empty($context['standalone'])) {
setupMenuContext();
}
}
function GetJumpTo()
{
global $user_info, $context, $smcFunc, $sourcedir;
// Find the boards/cateogories they can see.
require_once $sourcedir . '/Subs-MessageIndex.php';
$boardListOptions = array('use_permissions' => true, 'selected_board' => isset($context['current_board']) ? $context['current_board'] : 0);
$context['jump_to'] = getBoardList($boardListOptions);
// Make the board safe for display.
foreach ($context['jump_to'] as $id_cat => $cat) {
$context['jump_to'][$id_cat]['name'] = un_htmlspecialchars(strip_tags($cat['name']));
foreach ($cat['boards'] as $id_board => $board) {
$context['jump_to'][$id_cat]['boards'][$id_board]['name'] = un_htmlspecialchars(strip_tags($board['name']));
}
}
$context['sub_template'] = 'jump_to';
}
/**
* Get a list of boards and categories used for the jumpto dropdown.
*/
public function action_jumpto()
{
global $context;
// Find the boards/categories they can see.
require_once SUBSDIR . '/Boards.subs.php';
$boardListOptions = array('selected_board' => isset($context['current_board']) ? $context['current_board'] : 0);
$context += getBoardList($boardListOptions);
// Make the board safe for display.
foreach ($context['categories'] as $id_cat => $cat) {
$context['categories'][$id_cat]['name'] = un_htmlspecialchars(strip_tags($cat['name']));
foreach ($cat['boards'] as $id_board => $board) {
$context['categories'][$id_cat]['boards'][$id_board]['name'] = un_htmlspecialchars(strip_tags($board['name']));
}
}
$context['sub_template'] = 'jump_to';
}
function retrieveGlobalHFContent($placement)
{
global $context, $boarddir, $sourcedir, $global_hf, $modSettings;
if (!isset($_GET['xml']) && (!isset($_GET['action']) || $_GET['action'] != 'dlattach')) {
$global_hf = array('head' => un_htmlspecialchars(file_get_contents($boarddir . '/smfhacks_resources/global-hf-head.txt')), 'header' => un_htmlspecialchars(file_get_contents($boarddir . '/smfhacks_resources/global-hf-header.txt')), 'footer' => un_htmlspecialchars(file_get_contents($boarddir . '/smfhacks_resources/global-hf-footer.txt')));
if ($placement != 'load') {
if (!empty($modSettings['global_header_bbc'])) {
$global_hf['parsed']['header'] = parse_bbc($global_hf['header']);
}
if (!empty($modSettings['global_footer_bbc'])) {
$global_hf['parsed']['footer'] = parse_bbc($global_hf['footer']);
}
loadTemplate('smfhacks_templates/global-hf');
loadSubTemplate('global_hf' . $placement, true);
} elseif (!empty($global_hf['head'])) {
$context['html_headers'] .= "\n" . $global_hf['head'];
}
}
}
function EditorMain()
{
global $context, $smcFunc;
checkSession('get');
if (!isset($_REQUEST['view']) || !isset($_REQUEST['message'])) {
fatal_lang_error('no_access', false);
}
$context['sub_template'] = 'sendbody';
$context['view'] = (int) $_REQUEST['view'];
// Return the right thing for the mode.
if ($context['view']) {
$_REQUEST['message'] = strtr($_REQUEST['message'], array('#smcol#' => ';', '#smlt#' => '<', '#smgt#' => '>', '#smamp#' => '&'));
$context['message'] = bbc_to_html($_REQUEST['message']);
} else {
$_REQUEST['message'] = un_htmlspecialchars($_REQUEST['message']);
$_REQUEST['message'] = strtr($_REQUEST['message'], array('#smcol#' => ';', '#smlt#' => '<', '#smgt#' => '>', '#smamp#' => '&'));
$context['message'] = html_to_bbc($_REQUEST['message']);
}
$context['message'] = commonAPI::htmlspecialchars($context['message']);
}
function sportal_main()
{
global $smcFunc, $context, $sourcedir;
if (WIRELESS) {
redirectexit('action=forum');
}
$context['page_title'] = $context['forum_name'];
if (isset($context['page_title_html_safe'])) {
$context['page_title_html_safe'] = $smcFunc['htmlspecialchars'](un_htmlspecialchars($context['page_title']));
}
if (!empty($context['standalone'])) {
setupMenuContext();
}
$actions = array('addarticle' => array('PortalArticles.php', 'sportal_add_article'), 'articles' => array('PortalArticles.php', 'sportal_articles'), 'credits' => array('', 'sportal_credits'), 'pages' => array('PortalPages.php', 'sportal_pages'), 'removearticle' => array('PortalArticles.php', 'sportal_remove_article'), 'shoutbox' => array('PortalShoutbox.php', 'sportal_shoutbox'));
if (!isset($_REQUEST['sa']) || !isset($actions[$_REQUEST['sa']])) {
$_REQUEST['sa'] = 'articles';
}
if (!empty($actions[$_REQUEST['sa']][0])) {
require_once $sourcedir . '/' . $actions[$_REQUEST['sa']][0];
}
$actions[$_REQUEST['sa']][1]();
}
/**
* Issue/manage an user's warning status.
* @uses ProfileAccount template issueWarning sub template
* @uses Profile template
*/
public function action_issuewarning()
{
global $txt, $scripturl, $modSettings, $mbname, $context, $cur_profile;
$memID = currentMemberID();
// make sure the sub-template is set...
loadTemplate('ProfileAccount');
$context['sub_template'] = 'issueWarning';
// We need this because of template_load_warning_variables
loadTemplate('Profile');
loadJavascriptFile('profile.js');
// jQuery-UI FTW!
$modSettings['jquery_include_ui'] = true;
loadCSSFile('jquery.ui.slider.css');
loadCSSFile('jquery.ui.theme.css');
// Get all the actual settings.
list($modSettings['warning_enable'], $modSettings['user_limit']) = explode(',', $modSettings['warning_settings']);
// This stores any legitimate errors.
$issueErrors = array();
// Doesn't hurt to be overly cautious.
if (empty($modSettings['warning_enable']) || $context['user']['is_owner'] && !$cur_profile['warning'] || !allowedTo('issue_warning')) {
fatal_lang_error('no_access', false);
}
// Get the base (errors related) stuff done.
loadLanguage('Errors');
$context['custom_error_title'] = $txt['profile_warning_errors_occurred'];
// Make sure things which are disabled stay disabled.
$modSettings['warning_watch'] = !empty($modSettings['warning_watch']) ? $modSettings['warning_watch'] : 110;
$modSettings['warning_moderate'] = !empty($modSettings['warning_moderate']) && !empty($modSettings['postmod_active']) ? $modSettings['warning_moderate'] : 110;
$modSettings['warning_mute'] = !empty($modSettings['warning_mute']) ? $modSettings['warning_mute'] : 110;
$context['warning_limit'] = allowedTo('admin_forum') ? 0 : $modSettings['user_limit'];
$context['member']['warning'] = $cur_profile['warning'];
$context['member']['name'] = $cur_profile['real_name'];
// What are the limits we can apply?
$context['min_allowed'] = 0;
$context['max_allowed'] = 100;
if ($context['warning_limit'] > 0) {
require_once SUBSDIR . '/Moderation.subs.php';
$current_applied = warningDailyLimit($memID);
$context['min_allowed'] = max(0, $cur_profile['warning'] - $current_applied - $context['warning_limit']);
$context['max_allowed'] = min(100, $cur_profile['warning'] - $current_applied + $context['warning_limit']);
}
// Defaults.
$context['warning_data'] = array('reason' => '', 'notify' => '', 'notify_subject' => '', 'notify_body' => '');
// Are we saving?
if (isset($_POST['save'])) {
// Security is good here.
checkSession('post');
// This cannot be empty!
$_POST['warn_reason'] = isset($_POST['warn_reason']) ? trim($_POST['warn_reason']) : '';
if ($_POST['warn_reason'] == '' && !$context['user']['is_owner']) {
$issueErrors[] = 'warning_no_reason';
}
$_POST['warn_reason'] = Util::htmlspecialchars($_POST['warn_reason']);
// If the value hasn't changed it's either no JS or a real no change (Which this will pass)
if ($_POST['warning_level'] == 'SAME') {
$_POST['warning_level'] = $_POST['warning_level_nojs'];
}
$_POST['warning_level'] = (int) $_POST['warning_level'];
$_POST['warning_level'] = max(0, min(100, $_POST['warning_level']));
if ($_POST['warning_level'] < $context['min_allowed']) {
$_POST['warning_level'] = $context['min_allowed'];
} elseif ($_POST['warning_level'] > $context['max_allowed']) {
$_POST['warning_level'] = $context['max_allowed'];
}
require_once SUBSDIR . '/Moderation.subs.php';
// Do we actually have to issue them with a PM?
$id_notice = 0;
if (!empty($_POST['warn_notify']) && empty($issueErrors)) {
$_POST['warn_sub'] = trim($_POST['warn_sub']);
$_POST['warn_body'] = trim($_POST['warn_body']);
if (empty($_POST['warn_sub']) || empty($_POST['warn_body'])) {
$issueErrors[] = 'warning_notify_blank';
} else {
require_once SUBSDIR . '/PersonalMessage.subs.php';
$from = array('id' => 0, 'name' => $context['forum_name'], 'username' => $context['forum_name']);
sendpm(array('to' => array($memID), 'bcc' => array()), $_POST['warn_sub'], $_POST['warn_body'], false, $from);
// Log the notice.
$id_notice = logWarningNotice($_POST['warn_sub'], $_POST['warn_body']);
}
}
// Just in case - make sure notice is valid!
$id_notice = (int) $id_notice;
// What have we changed?
$level_change = $_POST['warning_level'] - $cur_profile['warning'];
// No errors? Proceed! Only log if you're not the owner.
if (empty($issueErrors)) {
// Log what we've done!
if (!$context['user']['is_owner']) {
logWarning($memID, $cur_profile['real_name'], $id_notice, $level_change, $_POST['warn_reason']);
}
// Make the change.
updateMemberData($memID, array('warning' => $_POST['warning_level']));
// Leave a lovely message.
$context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : $txt['profile_warning_success'];
} else {
// Try to remember some bits.
$context['warning_data'] = array('reason' => $_POST['warn_reason'], 'notify' => !empty($_POST['warn_notify']), 'notify_subject' => isset($_POST['warn_sub']) ? $_POST['warn_sub'] : '', 'notify_body' => isset($_POST['warn_body']) ? $_POST['warn_body'] : '');
}
// Show the new improved warning level.
$context['member']['warning'] = $_POST['warning_level'];
}
// Taking a look first, good idea that one.
if (isset($_POST['preview'])) {
$warning_body = !empty($_POST['warn_body']) ? trim(censorText($_POST['warn_body'])) : '';
$context['preview_subject'] = !empty($_POST['warn_sub']) ? trim(Util::htmlspecialchars($_POST['warn_sub'])) : '';
if (empty($_POST['warn_sub']) || empty($_POST['warn_body'])) {
$issueErrors[] = 'warning_notify_blank';
}
if (!empty($_POST['warn_body'])) {
require_once SUBSDIR . '/Post.subs.php';
preparsecode($warning_body);
$warning_body = parse_bbc($warning_body, true);
}
// Try to remember some bits.
$context['warning_data'] = array('reason' => $_POST['warn_reason'], 'notify' => !empty($_POST['warn_notify']), 'notify_subject' => isset($_POST['warn_sub']) ? $_POST['warn_sub'] : '', 'notify_body' => isset($_POST['warn_body']) ? $_POST['warn_body'] : '', 'body_preview' => $warning_body);
}
if (!empty($issueErrors)) {
// Fill in the suite of errors.
$context['post_errors'] = array();
foreach ($issueErrors as $error) {
$context['post_errors'][] = $txt[$error];
}
}
$context['page_title'] = $txt['profile_issue_warning'];
// Let's use a generic list to get all the current warnings
require_once SUBSDIR . '/GenericList.class.php';
require_once SUBSDIR . '/Profile.subs.php';
// Work our the various levels.
$context['level_effects'] = array(0 => $txt['profile_warning_effect_none'], $modSettings['warning_watch'] => $txt['profile_warning_effect_watch'], $modSettings['warning_moderate'] => $txt['profile_warning_effect_moderation'], $modSettings['warning_mute'] => $txt['profile_warning_effect_mute']);
$context['current_level'] = 0;
foreach ($context['level_effects'] as $limit => $dummy) {
if ($context['member']['warning'] >= $limit) {
$context['current_level'] = $limit;
}
}
// Build a list to view the warnings
$listOptions = array('id' => 'issued_warnings', 'title' => $txt['profile_viewwarning_previous_warnings'], 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['profile_viewwarning_no_warnings'], 'base_href' => $scripturl . '?action=profile;area=issuewarning;sa=user;u=' . $memID, 'default_sort_col' => 'log_time', 'get_items' => array('function' => 'list_getUserWarnings', 'params' => array($memID)), 'get_count' => array('function' => 'list_getUserWarningCount', 'params' => array($memID)), 'columns' => array('issued_by' => array('header' => array('value' => $txt['profile_warning_previous_issued'], 'style' => 'width: 20%;'), 'data' => array('function' => create_function('$warning', '
return $warning[\'issuer\'][\'link\'];
')), 'sort' => array('default' => 'lc.member_name DESC', 'reverse' => 'lc.member_name')), 'log_time' => array('header' => array('value' => $txt['profile_warning_previous_time'], 'style' => 'width: 30%;'), 'data' => array('db' => 'time'), 'sort' => array('default' => 'lc.log_time DESC', 'reverse' => 'lc.log_time')), 'reason' => array('header' => array('value' => $txt['profile_warning_previous_reason']), 'data' => array('function' => create_function('$warning', '
global $scripturl, $txt, $settings;
$ret = \'
<div class="floatleft">
\' . $warning[\'reason\'] . \'
</div>\';
// If a notice was sent, provide a way to view it
if (!empty($warning[\'id_notice\']))
$ret .= \'
<div class="floatright">
<a href="\' . $scripturl . \'?action=moderate;area=notice;nid=\' . $warning[\'id_notice\'] . \'" onclick="window.open(this.href, \\\'\\\', \\\'scrollbars=yes,resizable=yes,width=400,height=250\\\');return false;" target="_blank" class="new_win" title="\' . $txt[\'profile_warning_previous_notice\'] . \'"><img src="\' . $settings[\'images_url\'] . \'/filter.png" alt="" /></a>
</div>\';
return $ret;'))), 'level' => array('header' => array('value' => $txt['profile_warning_previous_level'], 'style' => 'width: 6%;'), 'data' => array('db' => 'counter'), 'sort' => array('default' => 'lc.counter DESC', 'reverse' => 'lc.counter'))));
// Create the list for viewing.
createList($listOptions);
$warning_for_message = isset($_REQUEST['msg']) ? (int) $_REQUEST['msg'] : false;
$warned_message_subject = '';
// Are they warning because of a message?
if (isset($_REQUEST['msg']) && 0 < (int) $_REQUEST['msg']) {
require_once SUBSDIR . '/Messages.subs.php';
$message = basicMessageInfo((int) $_REQUEST['msg']);
if (!empty($message)) {
$warned_message_subject = $message['subject'];
}
}
require_once SUBSDIR . '/Maillist.subs.php';
// Any custom templates?
$context['notification_templates'] = array();
$notification_templates = maillist_templates('warntpl');
foreach ($notification_templates as $row) {
// If we're not warning for a message skip any that are.
if (!$warning_for_message && strpos($row['body'], '{MESSAGE}') !== false) {
continue;
}
$context['notification_templates'][] = array('title' => $row['title'], 'body' => $row['body']);
}
// Setup the "default" templates.
foreach (array('spamming', 'offence', 'insulting') as $type) {
$context['notification_templates'][] = array('title' => $txt['profile_warning_notify_title_' . $type], 'body' => sprintf($txt['profile_warning_notify_template_outline' . (!empty($warning_for_message) ? '_post' : '')], $txt['profile_warning_notify_for_' . $type]));
}
// Replace all the common variables in the templates.
foreach ($context['notification_templates'] as $k => $name) {
$context['notification_templates'][$k]['body'] = strtr($name['body'], array('{MEMBER}' => un_htmlspecialchars($context['member']['name']), '{MESSAGE}' => '[url=' . $scripturl . '?msg=' . $warning_for_message . ']' . un_htmlspecialchars($warned_message_subject) . '[/url]', '{SCRIPTURL}' => $scripturl, '{FORUMNAME}' => $mbname, '{REGARDS}' => replaceBasicActionUrl($txt['regards_team'])));
}
}
/**
* Will authenticate the username/password combo
*
* Use this before setting the cookie to check if the username password are correct.
*
* @param mixed $username the user's member name, email or member id
* @param string $password the password plaintext or encrypted in any of several
* methods including smf's method: sha1(strtolower($username) . $password)
* @param bool $encrypted whether the password is encrypted or not. If you get
this wrong we'll figure it out anyways, just saves some work if it's right
* @return bool whether the user is authenticated or not
* @since 0.1.0
*/
function smfapi_authenticate($username = '', $password = '', $encrypted = true)
{
global $scripturl, $user_info, $user_settings, $smcFunc;
global $cookiename, $modSettings, $sc, $sourcedir;
if ('' == $username || '' == $password) {
return false;
}
// just in case they used the email or member id...
$data = smfapi_getUserData($username);
if (empty($data)) {
return false;
} else {
$username = $data['member_name'];
}
// load the data up!
$request = $smcFunc['db_query']('', '
SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
openid_uri, passwd_flood
FROM {db_prefix}members
WHERE ' . ($smcFunc['db_case_sensitive'] ? 'LOWER(member_name) = LOWER({string:user_name})' : 'member_name = {string:user_name}') . '
LIMIT 1', array('user_name' => $smcFunc['db_case_sensitive'] ? strtolower($username) : $username));
// no user data found... invalid username
if ($smcFunc['db_num_rows']($request) == 0) {
return false;
}
$user_settings = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
if (40 != strlen($user_settings['passwd'])) {
// invalid hash in the db
return false;
}
// if it's not encrypted, do it now
if (!$encrypted) {
$sha_passwd = sha1(strtolower($user_settings['member_name']) . smfapi_unHtmlspecialchars($password));
} else {
$sha_passwd = $password;
}
// if they match the password/hash is correct
if ($user_settings['passwd'] == $sha_passwd) {
$user_info["id"] = $user_settings['id_member'];
return true;
} else {
// try other hashing schemes
$other_passwords = array();
// in case they sent the encrypted password into this as unencrypted
$other_passwords[] = $password;
// none of the below cases will be used most of the time
// (because the salt is normally set)
if ('' == $user_settings['password_salt']) {
// YaBB SE, Discus, MD5 (used a lot), SHA-1 (used some), SMF 1.0.x,
// IkonBoard, and none at all
$other_passwords[] = crypt($password, substr($password, 0, 2));
$other_passwords[] = crypt($password, substr($user_settings['passwd'], 0, 2));
$other_passwords[] = md5($password);
$other_passwords[] = sha1($password);
$other_passwords[] = md5_hmac($password, strtolower($user_settings['member_name']));
$other_passwords[] = md5($password . strtolower($user_settings['member_name']));
$other_passwords[] = md5(md5($password));
$other_passwords[] = $password;
// this one is a strange one... MyPHP, crypt() on the MD5 hash
$other_passwords[] = crypt(md5($password), md5($password));
// Snitz style - SHA-256. Technically, this is a downgrade, but most PHP
// configurations don't support sha256 anyway.
if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) {
$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $password));
}
// phpBB3 users new hashing. We now support it as well ;)
$other_passwords[] = phpBB3_password_check($password, $user_settings['passwd']);
// APBoard 2 login method
$other_passwords[] = md5(crypt($password, 'CRYPT_MD5'));
} elseif (strlen($user_settings['passwd']) == 32) {
// vBulletin 3 style hashing? Let's welcome them with open arms \o/
$other_passwords[] = md5(md5($password) . $user_settings['password_salt']);
// hmm.. p'raps it's Invision 2 style?
$other_passwords[] = md5(md5($user_settings['password_salt']) . md5($password));
// some common md5 ones
$other_passwords[] = md5($user_settings['password_salt'] . $password);
$other_passwords[] = md5($password . $user_settings['password_salt']);
} elseif (strlen($user_settings['passwd']) == 40) {
// maybe they are using a hash from before the password fix
$other_passwords[] = sha1(strtolower($user_settings['member_name']) . smfapi_unHtmlspecialchars($password));
// BurningBoard3 style of hashing
$other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($password)));
// perhaps we converted to UTF-8 and have a valid password being
// hashed differently
if (!empty($modSettings['previousCharacterSet']) && $modSettings['previousCharacterSet'] != 'utf8') {
// try iconv first, for no particular reason
if (function_exists('iconv')) {
$other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $password)));
}
// say it aint so, iconv failed
if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding')) {
$other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($password, 'UTF-8', $modSettings['previousCharacterSet'])));
}
}
}
// SMF's sha1 function can give a funny result on Linux (not our fault!)
// if we've now got the real one let the old one be valid!
if (strpos(strtolower(PHP_OS), 'win') !== 0) {
require_once $sourcedir . '/Subs-Compat.php';
$other_passwords[] = sha1_smf(strtolower($user_settings['member_name']) . smfapi_unHtmlspecialchars($password));
}
// if ANY of these other hashes match we'll accept it
if (in_array($user_settings['passwd'], $other_passwords)) {
// we're not going to update the password or the hash. whatever was
// used worked, so it will work again through this api, or SMF will
// update it if the user authenticates through there. No sense messing
// with it if it's not broken imo. Authentication successful
$user_info["id"] = $user_settings['id_member'];
return true;
}
}
//authentication failed
return false;
}
function sendNotifications($ID_TOPIC, $type)
{
global $txt, $scripturl, $db_prefix, $language, $user_info;
global $ID_MEMBER, $modSettings, $sourcedir;
$notification_types = array('reply' => array('subject' => 'notification_reply_subject', 'message' => 'notification_reply'), 'sticky' => array('subject' => 'notification_sticky_subject', 'message' => 'notification_sticky'), 'lock' => array('subject' => 'notification_lock_subject', 'message' => 'notification_lock'), 'unlock' => array('subject' => 'notification_unlock_subject', 'message' => 'notification_unlock'), 'remove' => array('subject' => 'notification_remove_subject', 'message' => 'notification_remove'), 'move' => array('subject' => 'notification_move_subject', 'message' => 'notification_move'), 'merge' => array('subject' => 'notification_merge_subject', 'message' => 'notification_merge'), 'split' => array('subject' => 'notification_split_subject', 'message' => 'notification_split'));
$current_type = $notification_types[$type];
// Can't do it if there's no topic.
if (empty($ID_TOPIC)) {
return;
} elseif (!is_numeric($ID_TOPIC)) {
trigger_error('sendNotifications(): \'' . $ID_TOPIC . '\' is not a topic id', E_USER_NOTICE);
}
// Get the subject and body...
$result = db_query("\n\t\tSELECT mf.subject, ml.body, t.ID_LAST_MSG\n\t\tFROM ({$db_prefix}topics AS t, {$db_prefix}messages AS mf, {$db_prefix}messages AS ml)\n\t\tWHERE t.ID_TOPIC = {$ID_TOPIC}\n\t\t\tAND mf.ID_MSG = t.ID_FIRST_MSG\n\t\t\tAND ml.ID_MSG = t.ID_LAST_MSG\n\t\tLIMIT 1", __FILE__, __LINE__);
list($subject, $body, $last_id) = mysql_fetch_row($result);
mysql_free_result($result);
if (empty($last_id)) {
trigger_error('sendNotifications(): non-existant topic passed', E_USER_NOTICE);
}
// Censor...
censorText($subject);
censorText($body);
$subject = un_htmlspecialchars($subject);
$body = trim(un_htmlspecialchars(strip_tags(strtr(parse_bbc($body, false, $last_id), array('<br />' => "\n", '</div>' => "\n", '</li>' => "\n", '[' => '[', ']' => ']')))));
// Find the members with notification on for this topic.
$members = db_query("\n\t\tSELECT\n\t\t\tmem.ID_MEMBER, mem.emailAddress, mem.notifyOnce, mem.notifyTypes, mem.notifySendBody, mem.lngfile,\n\t\t\tln.sent, mem.ID_GROUP, mem.additionalGroups, b.memberGroups, mem.ID_POST_GROUP, t.ID_MEMBER_STARTED\n\t\tFROM ({$db_prefix}log_notify AS ln, {$db_prefix}members AS mem, {$db_prefix}topics AS t, {$db_prefix}boards AS b)\n\t\tWHERE ln.ID_TOPIC = {$ID_TOPIC}\n\t\t\tAND t.ID_TOPIC = {$ID_TOPIC}\n\t\t\tAND b.ID_BOARD = t.ID_BOARD\n\t\t\tAND mem.ID_MEMBER != {$ID_MEMBER}\n\t\t\tAND mem.is_activated = 1\n\t\t\tAND mem.notifyTypes < " . ($type == 'reply' ? '4' : '3') . "\n\t\t\tAND ln.ID_MEMBER = mem.ID_MEMBER\n\t\tGROUP BY mem.ID_MEMBER\n\t\tORDER BY mem.lngfile", __FILE__, __LINE__);
$sent = 0;
while ($row = mysql_fetch_assoc($members)) {
// Easier to check this here... if they aren't the topic poster do they really want to know?
if ($type != 'reply' && $row['notifyTypes'] == 2 && $row['ID_MEMBER'] != $row['ID_MEMBER_STARTED']) {
continue;
}
if ($row['ID_GROUP'] != 1) {
$allowed = explode(',', $row['memberGroups']);
$row['additionalGroups'] = explode(',', $row['additionalGroups']);
$row['additionalGroups'][] = $row['ID_GROUP'];
$row['additionalGroups'][] = $row['ID_POST_GROUP'];
if (count(array_intersect($allowed, $row['additionalGroups'])) == 0) {
continue;
}
}
$needed_language = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'];
if (empty($current_language) || $current_language != $needed_language) {
$current_language = loadLanguage('Post', $needed_language, false);
}
$message = sprintf($txt[$current_type['message']], un_htmlspecialchars($user_info['name']));
if ($type != 'remove') {
$message .= $scripturl . '?topic=' . $ID_TOPIC . '.new;topicseen#new' . "\n\n" . $txt['notifyUnsubscribe'] . ': ' . $scripturl . '?action=notify;topic=' . $ID_TOPIC . '.0';
}
// Do they want the body of the message sent too?
if (!empty($row['notifySendBody']) && $type == 'reply' && empty($modSettings['disallow_sendBody'])) {
$message .= "\n\n" . $txt['notification_reply_body'] . "\n\n" . $body;
}
if (!empty($row['notifyOnce']) && $type == 'reply') {
$message .= "\n\n" . $txt['notifyXOnce2'];
}
// Send only if once is off or it's on and it hasn't been sent.
if ($type != 'reply' || empty($row['notifyOnce']) || empty($row['sent'])) {
sendmail($row['emailAddress'], sprintf($txt[$current_type['subject']], $subject), $message . "\n\n" . $txt[130], null, 'm' . $last_id);
$sent++;
}
}
mysql_free_result($members);
if (isset($current_language) && $current_language != $user_info['language']) {
loadLanguage('Post');
}
// Sent!
if ($type == 'reply' && !empty($sent)) {
db_query("\n\t\t\tUPDATE {$db_prefix}log_notify\n\t\t\tSET sent = 1\n\t\t\tWHERE ID_TOPIC = {$ID_TOPIC}\n\t\t\t\tAND ID_MEMBER != {$ID_MEMBER}", __FILE__, __LINE__);
}
}
function EditPost2()
{
global $txt, $smcFunc, $sourcedir;
checkSession('post');
// Get the ID
$id = (int) $_REQUEST['id'];
if (empty($id)) {
fatal_error($txt['postscheduler_nopostselected'], false);
}
// If we came from WYSIWYG then turn it back into BBC regardless.
if (!empty($_REQUEST['message_mode']) && isset($_REQUEST['message'])) {
require_once $sourcedir . '/Subs-Editor.php';
$_REQUEST['message'] = html_to_bbc($_REQUEST['message']);
// We need to unhtml it now as it gets done shortly.
$_REQUEST['message'] = un_htmlspecialchars($_REQUEST['message']);
}
$subject = $smcFunc['htmlspecialchars']($_REQUEST['subject'], ENT_QUOTES);
$boardselect = (int) $_REQUEST['boardselect'];
$postername = str_replace('"', '', $_REQUEST['postername']);
$postername = str_replace("'", '', $postername);
$postername = str_replace('\\', '', $postername);
$postername = $smcFunc['htmlspecialchars']($postername, ENT_QUOTES);
$msgicon = $smcFunc['htmlspecialchars']($_REQUEST['msgicon'], ENT_QUOTES);
$message = $smcFunc['htmlspecialchars']($_REQUEST['message'], ENT_QUOTES);
$topicid = (int) $_REQUEST['topicid'];
if ($subject == '') {
fatal_error($txt['postscheduler_err_subject'], false);
}
if ($postername == '') {
fatal_error($txt['postscheduler_err_postername'], false);
}
if ($boardselect == 0) {
fatal_error($txt['postscheduler_err_forum'], false);
}
if ($message == '') {
fatal_error($txt['postscheduler_err_message'], false);
}
$topiclocked = isset($_REQUEST['topiclocked']) ? 1 : 0;
$month = (int) $_REQUEST['month'];
$day = (int) $_REQUEST['day'];
$year = (int) $_REQUEST['year'];
$hour = (int) $_REQUEST['hour'];
$minute = (int) $_REQUEST['minute'];
$ampm = $_REQUEST['ampm'];
$minute = str_pad($minute, 2, "0", STR_PAD_LEFT);
$time_in_24_hour_format = DATE("H", STRTOTIME("{$hour}:{$minute} {$ampm}"));
if (!empty($month) && !empty($day) && !empty($year)) {
$post_time = mktime($time_in_24_hour_format, $minute, 0, $month, $day, $year);
} else {
fatal_error($txt['postscheduler_err_date'], false);
}
// Lookup the Memeber ID of the postername
$memid = 0;
$dbresult = $smcFunc['db_query']('', "\n\tSELECT \n\t\treal_name, ID_MEMBER \n\tFROM {db_prefix}members \n\tWHERE real_name = '{$postername}' OR member_name = '{$postername}' LIMIT 1");
$row = $smcFunc['db_fetch_assoc']($dbresult);
$smcFunc['db_free_result']($dbresult);
if ($smcFunc['db_affected_rows']() != 0) {
$memid = $row['ID_MEMBER'];
}
$smcFunc['db_query']('', "\n\t\tUPDATE {db_prefix}postscheduler \n\t\tSET \n\t\t\tID_BOARD = {$boardselect}, subject = '{$subject}', postername = '{$postername}', ID_MEMBER = {$memid}, locked = '{$topiclocked}', \n\t\t\tbody = '{$message}',id_topic = '{$topicid}',post_time = '{$post_time}',\n\t\t\tmsgicon = '{$msgicon}'\n\n\t WHERE ID_POST = {$id} LIMIT 1");
// Redirect to the Admin
redirectexit('action=admin;area=postscheduler;sa=admin');
}
/**
* Show the list of topics in this board, along with any child boards.
*/
function MessageIndex()
{
global $txt, $scripturl, $board, $modSettings, $context;
global $options, $settings, $board_info, $user_info, $smcFunc, $sourcedir;
// If this is a redirection board head off.
if ($board_info['redirect']) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}boards
SET num_posts = num_posts + 1
WHERE id_board = {int:current_board}', array('current_board' => $board));
redirectexit($board_info['redirect']);
}
if (WIRELESS) {
$context['sub_template'] = WIRELESS_PROTOCOL . '_messageindex';
} else {
loadTemplate('MessageIndex');
}
$context['name'] = $board_info['name'];
$context['description'] = $board_info['description'];
// How many topics do we have in total?
$board_info['total_topics'] = allowedTo('approve_posts') ? $board_info['num_topics'] + $board_info['unapproved_topics'] : $board_info['num_topics'] + $board_info['unapproved_user_topics'];
// View all the topics, or just a few?
$context['topics_per_page'] = empty($modSettings['disableCustomPerPage']) && !empty($options['topics_per_page']) && !WIRELESS ? $options['topics_per_page'] : $modSettings['defaultMaxTopics'];
$context['messages_per_page'] = empty($modSettings['disableCustomPerPage']) && !empty($options['messages_per_page']) && !WIRELESS ? $options['messages_per_page'] : $modSettings['defaultMaxMessages'];
$maxindex = isset($_REQUEST['all']) && !empty($modSettings['enableAllMessages']) ? $board_info['total_topics'] : $context['topics_per_page'];
// Right, let's only index normal stuff!
if (count($_GET) > 1) {
$session_name = session_name();
foreach ($_GET as $k => $v) {
if (!in_array($k, array('board', 'start', $session_name))) {
$context['robot_no_index'] = true;
}
}
}
if (!empty($_REQUEST['start']) && (!is_numeric($_REQUEST['start']) || $_REQUEST['start'] % $context['messages_per_page'] != 0)) {
$context['robot_no_index'] = true;
}
// If we can view unapproved messages and there are some build up a list.
if (allowedTo('approve_posts') && ($board_info['unapproved_topics'] || $board_info['unapproved_posts'])) {
$untopics = $board_info['unapproved_topics'] ? '<a href="' . $scripturl . '?action=moderate;area=postmod;sa=topics;brd=' . $board . '">' . $board_info['unapproved_topics'] . '</a>' : 0;
$unposts = $board_info['unapproved_posts'] ? '<a href="' . $scripturl . '?action=moderate;area=postmod;sa=posts;brd=' . $board . '">' . ($board_info['unapproved_posts'] - $board_info['unapproved_topics']) . '</a>' : 0;
$context['unapproved_posts_message'] = sprintf($txt['there_are_unapproved_topics'], $untopics, $unposts, $scripturl . '?action=moderate;area=postmod;sa=' . ($board_info['unapproved_topics'] ? 'topics' : 'posts') . ';brd=' . $board);
}
// Make sure the starting place makes sense and construct the page index.
if (isset($_REQUEST['sort'])) {
$context['page_index'] = constructPageIndex($scripturl . '?board=' . $board . '.%1$d;sort=' . $_REQUEST['sort'] . (isset($_REQUEST['desc']) ? ';desc' : ''), $_REQUEST['start'], $board_info['total_topics'], $maxindex, true);
} else {
$context['page_index'] = constructPageIndex($scripturl . '?board=' . $board . '.%1$d', $_REQUEST['start'], $board_info['total_topics'], $maxindex, true);
}
$context['start'] =& $_REQUEST['start'];
// Set a canonical URL for this page.
$context['canonical_url'] = $scripturl . '?board=' . $board . '.' . $context['start'];
$context['links'] = array('first' => $_REQUEST['start'] >= $context['topics_per_page'] ? $scripturl . '?board=' . $board . '.0' : '', 'prev' => $_REQUEST['start'] >= $context['topics_per_page'] ? $scripturl . '?board=' . $board . '.' . ($_REQUEST['start'] - $context['topics_per_page']) : '', 'next' => $_REQUEST['start'] + $context['topics_per_page'] < $board_info['total_topics'] ? $scripturl . '?board=' . $board . '.' . ($_REQUEST['start'] + $context['topics_per_page']) : '', 'last' => $_REQUEST['start'] + $context['topics_per_page'] < $board_info['total_topics'] ? $scripturl . '?board=' . $board . '.' . floor(($board_info['total_topics'] - 1) / $context['topics_per_page']) * $context['topics_per_page'] : '', 'up' => $board_info['parent'] == 0 ? $scripturl . '?' : $scripturl . '?board=' . $board_info['parent'] . '.0');
$context['page_info'] = array('current_page' => $_REQUEST['start'] / $context['topics_per_page'] + 1, 'num_pages' => floor(($board_info['total_topics'] - 1) / $context['topics_per_page']) + 1);
if (isset($_REQUEST['all']) && !empty($modSettings['enableAllMessages']) && $maxindex > $modSettings['enableAllMessages']) {
$maxindex = $modSettings['enableAllMessages'];
$_REQUEST['start'] = 0;
}
// Build a list of the board's moderators.
$context['moderators'] =& $board_info['moderators'];
$context['link_moderators'] = array();
if (!empty($board_info['moderators'])) {
foreach ($board_info['moderators'] as $mod) {
$context['link_moderators'][] = '<a href="' . $scripturl . '?action=profile;u=' . $mod['id'] . '" title="' . $txt['board_moderator'] . '">' . $mod['name'] . '</a>';
}
$context['linktree'][count($context['linktree']) - 1]['extra_after'] = '<span class="board_moderators"> (' . (count($context['link_moderators']) == 1 ? $txt['moderator'] : $txt['moderators']) . ': ' . implode(', ', $context['link_moderators']) . ')</span>';
}
// Mark current and parent boards as seen.
if (!$user_info['is_guest']) {
// We can't know they read it if we allow prefetches.
if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch') {
ob_end_clean();
header('HTTP/1.1 403 Prefetch Forbidden');
die;
}
$smcFunc['db_insert']('replace', '{db_prefix}log_boards', array('id_msg' => 'int', 'id_member' => 'int', 'id_board' => 'int'), array($modSettings['maxMsgID'], $user_info['id'], $board), array('id_member', 'id_board'));
if (!empty($board_info['parent_boards'])) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_boards
SET id_msg = {int:id_msg}
WHERE id_member = {int:current_member}
AND id_board IN ({array_int:board_list})', array('current_member' => $user_info['id'], 'board_list' => array_keys($board_info['parent_boards']), 'id_msg' => $modSettings['maxMsgID']));
// We've seen all these boards now!
foreach ($board_info['parent_boards'] as $k => $dummy) {
if (isset($_SESSION['topicseen_cache'][$k])) {
unset($_SESSION['topicseen_cache'][$k]);
}
}
}
if (isset($_SESSION['topicseen_cache'][$board])) {
unset($_SESSION['topicseen_cache'][$board]);
}
$request = $smcFunc['db_query']('', '
SELECT sent
FROM {db_prefix}log_notify
WHERE id_board = {int:current_board}
AND id_member = {int:current_member}
LIMIT 1', array('current_board' => $board, 'current_member' => $user_info['id']));
$context['is_marked_notify'] = $smcFunc['db_num_rows']($request) != 0;
if ($context['is_marked_notify']) {
list($sent) = $smcFunc['db_fetch_row']($request);
if (!empty($sent)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_notify
SET sent = {int:is_sent}
WHERE id_board = {int:current_board}
AND id_member = {int:current_member}', array('current_board' => $board, 'current_member' => $user_info['id'], 'is_sent' => 0));
}
}
$smcFunc['db_free_result']($request);
} else {
$context['is_marked_notify'] = false;
}
// 'Print' the header and board info.
$context['page_title'] = strip_tags($board_info['name']);
// Set the variables up for the template.
$context['can_mark_notify'] = allowedTo('mark_notify') && !$user_info['is_guest'];
$context['can_post_new'] = allowedTo('post_new') || $modSettings['postmod_active'] && allowedTo('post_unapproved_topics');
$context['can_post_poll'] = $modSettings['pollMode'] == '1' && allowedTo('poll_post') && $context['can_post_new'];
$context['can_moderate_forum'] = allowedTo('moderate_forum');
$context['can_approve_posts'] = allowedTo('approve_posts');
require_once $sourcedir . '/Subs-BoardIndex.php';
$boardIndexOptions = array('include_categories' => false, 'base_level' => $board_info['child_level'] + 1, 'parent_id' => $board_info['id'], 'set_latest_post' => false, 'countChildPosts' => !empty($modSettings['countChildPosts']));
$context['boards'] = getBoardIndex($boardIndexOptions);
// Nosey, nosey - who's viewing this topic?
if (!empty($settings['display_who_viewing'])) {
$context['view_members'] = array();
$context['view_members_list'] = array();
$context['view_num_hidden'] = 0;
$request = $smcFunc['db_query']('', '
SELECT
lo.id_member, lo.log_time, mem.real_name, mem.member_name, mem.show_online,
mg.online_color, mg.id_group, mg.group_name
FROM {db_prefix}log_online AS lo
LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = lo.id_member)
LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = CASE WHEN mem.id_group = {int:reg_member_group} THEN mem.id_post_group ELSE mem.id_group END)
WHERE INSTR(lo.url, {string:in_url_string}) > 0 OR lo.session = {string:session}', array('reg_member_group' => 0, 'in_url_string' => 's:5:"board";i:' . $board . ';', 'session' => $user_info['is_guest'] ? 'ip' . $user_info['ip'] : session_id()));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (empty($row['id_member'])) {
continue;
}
if (!empty($row['online_color'])) {
$link = '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '" style="color: ' . $row['online_color'] . ';">' . $row['real_name'] . '</a>';
} else {
$link = '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>';
}
$is_buddy = in_array($row['id_member'], $user_info['buddies']);
if ($is_buddy) {
$link = '<strong>' . $link . '</strong>';
}
if (!empty($row['show_online']) || allowedTo('moderate_forum')) {
$context['view_members_list'][$row['log_time'] . $row['member_name']] = empty($row['show_online']) ? '<em>' . $link . '</em>' : $link;
}
$context['view_members'][$row['log_time'] . $row['member_name']] = array('id' => $row['id_member'], 'username' => $row['member_name'], 'name' => $row['real_name'], 'group' => $row['id_group'], 'href' => $scripturl . '?action=profile;u=' . $row['id_member'], 'link' => $link, 'is_buddy' => $is_buddy, 'hidden' => empty($row['show_online']));
if (empty($row['show_online'])) {
$context['view_num_hidden']++;
}
}
$context['view_num_guests'] = $smcFunc['db_num_rows']($request) - count($context['view_members']);
$smcFunc['db_free_result']($request);
// Put them in "last clicked" order.
krsort($context['view_members_list']);
krsort($context['view_members']);
}
// Default sort methods.
$sort_methods = array('subject' => 'mf.subject', 'starter' => 'IFNULL(memf.real_name, mf.poster_name)', 'last_poster' => 'IFNULL(meml.real_name, ml.poster_name)', 'replies' => 't.num_replies', 'views' => 't.num_views', 'first_post' => 't.id_topic', 'last_post' => 't.id_last_msg');
// They didn't pick one, default to by last post descending.
if (!isset($_REQUEST['sort']) || !isset($sort_methods[$_REQUEST['sort']])) {
$context['sort_by'] = 'last_post';
$_REQUEST['sort'] = 'id_last_msg';
$ascending = isset($_REQUEST['asc']);
} else {
$context['sort_by'] = $_REQUEST['sort'];
$_REQUEST['sort'] = $sort_methods[$_REQUEST['sort']];
$ascending = !isset($_REQUEST['desc']);
}
$context['sort_direction'] = $ascending ? 'up' : 'down';
// Calculate the fastest way to get the topics.
$start = (int) $_REQUEST['start'];
if ($start > ($board_info['total_topics'] - 1) / 2) {
$ascending = !$ascending;
$fake_ascending = true;
$maxindex = $board_info['total_topics'] < $start + $maxindex + 1 ? $board_info['total_topics'] - $start : $maxindex;
$start = $board_info['total_topics'] < $start + $maxindex + 1 ? 0 : $board_info['total_topics'] - $start - $maxindex;
} else {
$fake_ascending = false;
}
// Setup the default topic icons...
$stable_icons = array('xx', 'thumbup', 'thumbdown', 'exclamation', 'question', 'lamp', 'smiley', 'angry', 'cheesy', 'grin', 'sad', 'wink', 'poll', 'moved', 'recycled', 'wireless', 'clip');
$context['icon_sources'] = array();
foreach ($stable_icons as $icon) {
$context['icon_sources'][$icon] = 'images_url';
}
$topic_ids = array();
$context['topics'] = array();
// Sequential pages are often not optimized, so we add an additional query.
$pre_query = $start > 0;
if ($pre_query && $maxindex > 0) {
$request = $smcFunc['db_query']('', '
SELECT t.id_topic
FROM {db_prefix}topics AS t' . ($context['sort_by'] === 'last_poster' ? '
INNER JOIN {db_prefix}messages AS ml ON (ml.id_msg = t.id_last_msg)' : (in_array($context['sort_by'], array('starter', 'subject')) ? '
INNER JOIN {db_prefix}messages AS mf ON (mf.id_msg = t.id_first_msg)' : '')) . ($context['sort_by'] === 'starter' ? '
LEFT JOIN {db_prefix}members AS memf ON (memf.id_member = mf.id_member)' : '') . ($context['sort_by'] === 'last_poster' ? '
LEFT JOIN {db_prefix}members AS meml ON (meml.id_member = ml.id_member)' : '') . '
WHERE t.id_board = {int:current_board}' . (!$modSettings['postmod_active'] || $context['can_approve_posts'] ? '' : '
AND (t.approved = {int:is_approved}' . ($user_info['is_guest'] ? '' : ' OR t.id_member_started = {int:current_member}') . ')') . '
ORDER BY ' . (!empty($modSettings['enableStickyTopics']) ? 'is_sticky' . ($fake_ascending ? '' : ' DESC') . ', ' : '') . $_REQUEST['sort'] . ($ascending ? '' : ' DESC') . '
LIMIT {int:start}, {int:maxindex}', array('current_board' => $board, 'current_member' => $user_info['id'], 'is_approved' => 1, 'id_member_guest' => 0, 'start' => $start, 'maxindex' => $maxindex));
$topic_ids = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$topic_ids[] = $row['id_topic'];
}
}
// Grab the appropriate topic information...
if (!$pre_query || !empty($topic_ids)) {
// For search engine effectiveness we'll link guests differently.
$context['pageindex_multiplier'] = empty($modSettings['disableCustomPerPage']) && !empty($options['messages_per_page']) && !WIRELESS ? $options['messages_per_page'] : $modSettings['defaultMaxMessages'];
$result = $smcFunc['db_query']('substring', '
SELECT
t.id_topic, t.num_replies, t.locked, t.num_views, t.is_sticky, t.id_poll, t.id_previous_board,
' . ($user_info['is_guest'] ? '0' : 'IFNULL(lt.id_msg, IFNULL(lmr.id_msg, -1)) + 1') . ' AS new_from,
t.id_last_msg, t.approved, t.unapproved_posts, t.id_redirect_topic, ml.poster_time AS last_poster_time,
ml.id_msg_modified, ml.subject AS last_subject, ml.icon AS last_icon,
ml.poster_name AS last_member_name, ml.id_member AS last_id_member, ' . (!empty($settings['avatars_on_indexes']) ? 'meml.avatar,' : '') . '
IFNULL(meml.real_name, ml.poster_name) AS last_display_name, t.id_first_msg,
mf.poster_time AS first_poster_time, mf.subject AS first_subject, mf.icon AS first_icon,
mf.poster_name AS first_member_name, mf.id_member AS first_id_member,
IFNULL(memf.real_name, mf.poster_name) AS first_display_name, ' . (!empty($modSettings['preview_characters']) ? '
SUBSTRING(ml.body, 1, ' . ($modSettings['preview_characters'] + 256) . ') AS last_body,
SUBSTRING(mf.body, 1, ' . ($modSettings['preview_characters'] + 256) . ') AS first_body,' : '') . 'ml.smileys_enabled AS last_smileys, mf.smileys_enabled AS first_smileys' . (!empty($settings['avatars_on_indexes']) ? ',
IFNULL(a.id_attach, 0) AS id_attach, a.filename, a.attachment_type' : '') . '
FROM {db_prefix}topics AS t
INNER JOIN {db_prefix}messages AS ml ON (ml.id_msg = t.id_last_msg)
INNER JOIN {db_prefix}messages AS mf ON (mf.id_msg = t.id_first_msg)
LEFT JOIN {db_prefix}members AS meml ON (meml.id_member = ml.id_member)
LEFT JOIN {db_prefix}members AS memf ON (memf.id_member = mf.id_member)' . ($user_info['is_guest'] ? '' : '
LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = t.id_topic AND lt.id_member = {int:current_member})
LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.id_board = {int:current_board} AND lmr.id_member = {int:current_member})') . (!empty($settings['avatars_on_indexes']) ? '
LEFT JOIN {db_prefix}attachments AS a ON (a.id_member = ml.id_member)' : '') . '
WHERE ' . ($pre_query ? 't.id_topic IN ({array_int:topic_list})' : 't.id_board = {int:current_board}') . (!$modSettings['postmod_active'] || $context['can_approve_posts'] ? '' : '
AND (t.approved = {int:is_approved}' . ($user_info['is_guest'] ? '' : ' OR t.id_member_started = {int:current_member}') . ')') . '
ORDER BY ' . ($pre_query ? 'FIND_IN_SET(t.id_topic, {string:find_set_topics})' : (!empty($modSettings['enableStickyTopics']) ? 'is_sticky' . ($fake_ascending ? '' : ' DESC') . ', ' : '') . $_REQUEST['sort'] . ($ascending ? '' : ' DESC')) . '
LIMIT ' . ($pre_query ? '' : '{int:start}, ') . '{int:maxindex}', array('current_board' => $board, 'current_member' => $user_info['id'], 'topic_list' => $topic_ids, 'is_approved' => 1, 'find_set_topics' => implode(',', $topic_ids), 'start' => $start, 'maxindex' => $maxindex));
// Begin 'printing' the message index for current board.
while ($row = $smcFunc['db_fetch_assoc']($result)) {
if ($row['id_poll'] > 0 && $modSettings['pollMode'] == '0') {
continue;
}
if (!$pre_query) {
$topic_ids[] = $row['id_topic'];
}
// Does the theme support message previews?
if (!empty($settings['message_index_preview']) && !empty($modSettings['preview_characters'])) {
// Limit them to $modSettings['preview_characters'] characters
$row['first_body'] = strip_tags(strtr(parse_bbc($row['first_body'], $row['first_smileys'], $row['id_first_msg']), array('<br />' => ' ')));
if ($smcFunc['strlen']($row['first_body']) > $modSettings['preview_characters']) {
$row['first_body'] = $smcFunc['substr']($row['first_body'], 0, $modSettings['preview_characters']) . '...';
}
$row['last_body'] = strip_tags(strtr(parse_bbc($row['last_body'], $row['last_smileys'], $row['id_last_msg']), array('<br />' => ' ')));
if ($smcFunc['strlen']($row['last_body']) > $modSettings['preview_characters']) {
$row['last_body'] = $smcFunc['substr']($row['last_body'], 0, $modSettings['preview_characters']) . '...';
}
// Censor the subject and message preview.
censorText($row['first_subject']);
censorText($row['first_body']);
// Don't censor them twice!
if ($row['id_first_msg'] == $row['id_last_msg']) {
$row['last_subject'] = $row['first_subject'];
$row['last_body'] = $row['first_body'];
} else {
censorText($row['last_subject']);
censorText($row['last_body']);
}
} else {
$row['first_body'] = '';
$row['last_body'] = '';
censorText($row['first_subject']);
if ($row['id_first_msg'] == $row['id_last_msg']) {
$row['last_subject'] = $row['first_subject'];
} else {
censorText($row['last_subject']);
}
}
// Decide how many pages the topic should have.
if ($row['num_replies'] + 1 > $context['messages_per_page']) {
$pages = '« ';
// We can't pass start by reference.
$start = -1;
$pages .= constructPageIndex($scripturl . '?topic=' . $row['id_topic'] . '.%1$d', $start, $row['num_replies'] + 1, $context['messages_per_page'], true, false);
// If we can use all, show all.
if (!empty($modSettings['enableAllMessages']) && $row['num_replies'] + 1 < $modSettings['enableAllMessages']) {
$pages .= ' <a href="' . $scripturl . '?topic=' . $row['id_topic'] . '.0;all">' . $txt['all'] . '</a>';
}
$pages .= ' »';
} else {
$pages = '';
}
// We need to check the topic icons exist...
if (!empty($modSettings['messageIconChecks_enable'])) {
if (!isset($context['icon_sources'][$row['first_icon']])) {
$context['icon_sources'][$row['first_icon']] = file_exists($settings['theme_dir'] . '/images/post/' . $row['first_icon'] . '.png') ? 'images_url' : 'default_images_url';
}
if (!isset($context['icon_sources'][$row['last_icon']])) {
$context['icon_sources'][$row['last_icon']] = file_exists($settings['theme_dir'] . '/images/post/' . $row['last_icon'] . '.png') ? 'images_url' : 'default_images_url';
}
} else {
if (!isset($context['icon_sources'][$row['first_icon']])) {
$context['icon_sources'][$row['first_icon']] = 'images_url';
}
if (!isset($context['icon_sources'][$row['last_icon']])) {
$context['icon_sources'][$row['last_icon']] = 'images_url';
}
}
if (!empty($settings['avatars_on_indexes'])) {
// Allow themers to show the latest poster's avatar along with the topic
if (!empty($row['avatar'])) {
if ($modSettings['avatar_action_too_large'] == 'option_html_resize' || $modSettings['avatar_action_too_large'] == 'option_js_resize') {
$avatar_width = !empty($modSettings['avatar_max_width_external']) ? ' width="' . $modSettings['avatar_max_width_external'] . '"' : '';
$avatar_height = !empty($modSettings['avatar_max_height_external']) ? ' height="' . $modSettings['avatar_max_height_external'] . '"' : '';
} else {
$avatar_width = '';
$avatar_height = '';
}
}
}
// 'Print' the topic info.
$context['topics'][$row['id_topic']] = array('id' => $row['id_topic'], 'first_post' => array('id' => $row['id_first_msg'], 'member' => array('username' => $row['first_member_name'], 'name' => $row['first_display_name'], 'id' => $row['first_id_member'], 'href' => !empty($row['first_id_member']) ? $scripturl . '?action=profile;u=' . $row['first_id_member'] : '', 'link' => !empty($row['first_id_member']) ? '<a href="' . $scripturl . '?action=profile;u=' . $row['first_id_member'] . '" title="' . $txt['profile_of'] . ' ' . $row['first_display_name'] . '" class="preview">' . $row['first_display_name'] . '</a>' : $row['first_display_name']), 'time' => timeformat($row['first_poster_time']), 'timestamp' => forum_time(true, $row['first_poster_time']), 'subject' => $row['first_subject'], 'preview' => $row['first_body'], 'icon' => $row['first_icon'], 'icon_url' => $settings[$context['icon_sources'][$row['first_icon']]] . '/post/' . $row['first_icon'] . '.png', 'href' => $scripturl . '?topic=' . (empty($row['id_redirect_topic']) ? $row['id_topic'] : $row['id_redirect_topic']) . '.0', 'link' => '<a href="' . $scripturl . '?topic=' . (empty($row['id_redirect_topic']) ? $row['id_topic'] : $row['id_redirect_topic']) . '.0">' . $row['first_subject'] . '</a>'), 'last_post' => array('id' => $row['id_last_msg'], 'member' => array('username' => $row['last_member_name'], 'name' => $row['last_display_name'], 'id' => $row['last_id_member'], 'href' => !empty($row['last_id_member']) ? $scripturl . '?action=profile;u=' . $row['last_id_member'] : '', 'link' => !empty($row['last_id_member']) ? '<a href="' . $scripturl . '?action=profile;u=' . $row['last_id_member'] . '">' . $row['last_display_name'] . '</a>' : $row['last_display_name']), 'time' => timeformat($row['last_poster_time']), 'timestamp' => forum_time(true, $row['last_poster_time']), 'subject' => $row['last_subject'], 'preview' => $row['last_body'], 'icon' => $row['last_icon'], 'icon_url' => $settings[$context['icon_sources'][$row['last_icon']]] . '/post/' . $row['last_icon'] . '.png', 'href' => $scripturl . '?topic=' . (empty($row['id_redirect_topic']) ? $row['id_topic'] : $row['id_redirect_topic']) . ($user_info['is_guest'] ? '.' . (!empty($options['view_newest_first']) ? 0 : (int) ($row['num_replies'] / $context['pageindex_multiplier']) * $context['pageindex_multiplier']) . '#msg' . $row['id_last_msg'] : ($row['num_replies'] == 0 ? '.0' : '.msg' . $row['id_last_msg']) . '#new'), 'link' => '<a href="' . $scripturl . '?topic=' . (empty($row['id_redirect_topic']) ? $row['id_topic'] : $row['id_redirect_topic']) . ($user_info['is_guest'] ? '.' . (!empty($options['view_newest_first']) ? 0 : (int) ($row['num_replies'] / $context['pageindex_multiplier']) * $context['pageindex_multiplier']) . '#msg' . $row['id_last_msg'] : ($row['num_replies'] == 0 ? '.0' : '.msg' . $row['id_last_msg']) . '#new') . '" ' . ($row['num_replies'] == 0 ? '' : 'rel="nofollow"') . '>' . $row['last_subject'] . '</a>'), 'is_sticky' => !empty($modSettings['enableStickyTopics']) && !empty($row['is_sticky']), 'is_locked' => !empty($row['locked']), 'is_poll' => $modSettings['pollMode'] == '1' && $row['id_poll'] > 0, 'is_hot' => $row['num_replies'] >= $modSettings['hotTopicPosts'], 'is_very_hot' => $row['num_replies'] >= $modSettings['hotTopicVeryPosts'], 'is_posted_in' => false, 'icon' => $row['first_icon'], 'icon_url' => $settings[$context['icon_sources'][$row['first_icon']]] . '/post/' . $row['first_icon'] . '.png', 'subject' => $row['first_subject'], 'new' => $row['new_from'] <= $row['id_msg_modified'], 'new_from' => $row['new_from'], 'newtime' => $row['new_from'], 'new_href' => $scripturl . '?topic=' . (empty($row['id_redirect_topic']) ? $row['id_topic'] : $row['id_redirect_topic']) . '.msg' . $row['new_from'] . '#new', 'pages' => $pages, 'replies' => comma_format($row['num_replies']), 'views' => comma_format($row['num_views']), 'approved' => $row['approved'], 'unapproved_posts' => $row['unapproved_posts']);
if (!empty($settings['avatars_on_indexes'])) {
$context['topics'][$row['id_topic']]['last_post']['member']['avatar'] = array('name' => $row['avatar'], 'image' => $row['avatar'] == '' ? $row['id_attach'] > 0 ? '<img class="avatar" src="' . (empty($row['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt="" />' : '' : (stristr($row['avatar'], 'http://') ? '<img class="avatar" src="' . $row['avatar'] . '"' . $avatar_width . $avatar_height . ' alt="" />' : '<img class="avatar" src="' . $modSettings['avatar_url'] . '/' . htmlspecialchars($row['avatar']) . '" alt="" />'), 'href' => $row['avatar'] == '' ? $row['id_attach'] > 0 ? empty($row['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $row['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename'] : '' : (stristr($row['avatar'], 'http://') ? $row['avatar'] : $modSettings['avatar_url'] . '/' . $row['avatar']), 'url' => $row['avatar'] == '' ? '' : (stristr($row['avatar'], 'http://') ? $row['avatar'] : $modSettings['avatar_url'] . '/' . $row['avatar']));
}
determineTopicClass($context['topics'][$row['id_topic']]);
}
$smcFunc['db_free_result']($result);
// Fix the sequence of topics if they were retrieved in the wrong order. (for speed reasons...)
if ($fake_ascending) {
$context['topics'] = array_reverse($context['topics'], true);
}
if (!empty($modSettings['enableParticipation']) && !$user_info['is_guest'] && !empty($topic_ids)) {
$result = $smcFunc['db_query']('', '
SELECT id_topic
FROM {db_prefix}messages
WHERE id_topic IN ({array_int:topic_list})
AND id_member = {int:current_member}
GROUP BY id_topic
LIMIT ' . count($topic_ids), array('current_member' => $user_info['id'], 'topic_list' => $topic_ids));
while ($row = $smcFunc['db_fetch_assoc']($result)) {
$context['topics'][$row['id_topic']]['is_posted_in'] = true;
$context['topics'][$row['id_topic']]['class'] = 'my_' . $context['topics'][$row['id_topic']]['class'];
}
$smcFunc['db_free_result']($result);
}
}
$context['jump_to'] = array('label' => addslashes(un_htmlspecialchars($txt['jump_to'])), 'board_name' => htmlspecialchars(strtr(strip_tags($board_info['name']), array('&' => '&'))), 'child_level' => $board_info['child_level']);
// Is Quick Moderation active/needed?
if (!empty($options['display_quick_mod']) && !empty($context['topics'])) {
$context['can_markread'] = $context['user']['is_logged'];
$context['can_lock'] = allowedTo('lock_any');
$context['can_sticky'] = allowedTo('make_sticky') && !empty($modSettings['enableStickyTopics']);
$context['can_move'] = allowedTo('move_any');
$context['can_remove'] = allowedTo('remove_any');
$context['can_merge'] = allowedTo('merge_any');
// Ignore approving own topics as it's unlikely to come up...
$context['can_approve'] = $modSettings['postmod_active'] && allowedTo('approve_posts') && !empty($board_info['unapproved_topics']);
// Can we restore topics?
$context['can_restore'] = allowedTo('move_any') && !empty($modSettings['recycle_enable']) && $modSettings['recycle_board'] == $board;
// Set permissions for all the topics.
foreach ($context['topics'] as $t => $topic) {
$started = $topic['first_post']['member']['id'] == $user_info['id'];
$context['topics'][$t]['quick_mod'] = array('lock' => allowedTo('lock_any') || $started && allowedTo('lock_own'), 'sticky' => allowedTo('make_sticky') && !empty($modSettings['enableStickyTopics']), 'move' => allowedTo('move_any') || $started && allowedTo('move_own'), 'modify' => allowedTo('modify_any') || $started && allowedTo('modify_own'), 'remove' => allowedTo('remove_any') || $started && allowedTo('remove_own'), 'approve' => $context['can_approve'] && $topic['unapproved_posts']);
$context['can_lock'] |= $started && allowedTo('lock_own');
$context['can_move'] |= $started && allowedTo('move_own');
$context['can_remove'] |= $started && allowedTo('remove_own');
}
// Find the boards/cateogories they can move their topic to.
if ($options['display_quick_mod'] == 1 && $context['can_move'] && !empty($context['topics'])) {
require_once $sourcedir . '/Subs-MessageIndex.php';
$boardListOptions = array('excluded_boards' => array($board), 'not_redirection' => true, 'use_permissions' => true, 'selected_board' => empty($_SESSION['move_to_topic']) ? null : $_SESSION['move_to_topic']);
// With no other boards to see, it's useless to move.
if (empty($context['move_to_boards'])) {
$context['can_move'] = false;
}
}
// Can we use quick moderation checkboxes?
if ($options['display_quick_mod'] == 1) {
$context['can_quick_mod'] = $context['user']['is_logged'] || $context['can_approve'] || $context['can_remove'] || $context['can_lock'] || $context['can_sticky'] || $context['can_move'] || $context['can_merge'] || $context['can_restore'];
} else {
$context['can_quick_mod'] = $context['can_remove'] || $context['can_lock'] || $context['can_sticky'] || $context['can_move'];
}
}
if (!empty($context['can_quick_mod']) && $options['display_quick_mod'] == 1) {
$context['qmod_actions'] = array('approve', 'remove', 'lock', 'sticky', 'move', 'merge', 'restore', 'markread');
call_integration_hook('integrate_quick_mod_actions');
}
// If there are children, but no topics and no ability to post topics...
$context['no_topic_listing'] = !empty($context['boards']) && empty($context['topics']) && !$context['can_post_new'];
// Build the message index button array.
$context['normal_buttons'] = array('new_topic' => array('test' => 'can_post_new', 'text' => 'new_topic', 'image' => 'new_topic.png', 'lang' => true, 'url' => $scripturl . '?action=post;board=' . $context['current_board'] . '.0', 'active' => true), 'post_poll' => array('test' => 'can_post_poll', 'text' => 'new_poll', 'image' => 'new_poll.png', 'lang' => true, 'url' => $scripturl . '?action=post;board=' . $context['current_board'] . '.0;poll'), 'notify' => array('test' => 'can_mark_notify', 'text' => $context['is_marked_notify'] ? 'unnotify' : 'notify', 'image' => ($context['is_marked_notify'] ? 'un' : '') . 'notify.png', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . ($context['is_marked_notify'] ? $txt['notification_disable_board'] : $txt['notification_enable_board']) . '\');"', 'url' => $scripturl . '?action=notifyboard;sa=' . ($context['is_marked_notify'] ? 'off' : 'on') . ';board=' . $context['current_board'] . '.' . $context['start'] . ';' . $context['session_var'] . '=' . $context['session_id']), 'markread' => array('text' => 'mark_read_short', 'image' => 'markread.png', 'lang' => true, 'url' => $scripturl . '?action=markasread;sa=board;board=' . $context['current_board'] . '.0;' . $context['session_var'] . '=' . $context['session_id']));
// Allow adding new buttons easily.
call_integration_hook('integrate_messageindex_buttons');
}
/**
* Allows the user to report a personal message to an administrator.
*
* - In the first instance requires that the ID of the message to report is passed through $_GET.
* - It allows the user to report to either a particular administrator - or the whole admin team.
* - It will forward on a copy of the original message without allowing the reporter to make changes.
*
* @uses report_message sub-template.
*/
function ReportMessage()
{
global $txt, $context, $scripturl, $sourcedir;
global $user_info, $language, $modSettings, $smcFunc;
// Check that this feature is even enabled!
if (empty($modSettings['enableReportPM']) || empty($_REQUEST['pmsg'])) {
fatal_lang_error('no_access', false);
}
$pmsg = (int) $_REQUEST['pmsg'];
if (!isAccessiblePM($pmsg, 'inbox')) {
fatal_lang_error('no_access', false);
}
$context['pm_id'] = $pmsg;
$context['page_title'] = $txt['pm_report_title'];
// If we're here, just send the user to the template, with a few useful context bits.
if (!isset($_POST['report'])) {
$context['sub_template'] = 'report_message';
// @todo I don't like being able to pick who to send it to. Favoritism, etc. sucks.
// Now, get all the administrators.
$request = $smcFunc['db_query']('', '
SELECT id_member, real_name
FROM {db_prefix}members
WHERE id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0
ORDER BY real_name', array('admin_group' => 1));
$context['admins'] = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['admins'][$row['id_member']] = $row['real_name'];
}
$smcFunc['db_free_result']($request);
// How many admins in total?
$context['admin_count'] = count($context['admins']);
} else {
// Check the session before proceeding any further!
checkSession('post');
// First, pull out the message contents, and verify it actually went to them!
$request = $smcFunc['db_query']('', '
SELECT pm.subject, pm.body, pm.msgtime, pm.id_member_from, IFNULL(m.real_name, pm.from_name) AS sender_name
FROM {db_prefix}personal_messages AS pm
INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm)
LEFT JOIN {db_prefix}members AS m ON (m.id_member = pm.id_member_from)
WHERE pm.id_pm = {int:id_pm}
AND pmr.id_member = {int:current_member}
AND pmr.deleted = {int:not_deleted}
LIMIT 1', array('current_member' => $user_info['id'], 'id_pm' => $context['pm_id'], 'not_deleted' => 0));
// Can only be a hacker here!
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('no_access', false);
}
list($subject, $body, $time, $memberFromID, $memberFromName) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Remove the line breaks...
$body = preg_replace('~<br ?/?' . '>~i', "\n", $body);
// Get any other recipients of the email.
$request = $smcFunc['db_query']('', '
SELECT mem_to.id_member AS id_member_to, mem_to.real_name AS to_name, pmr.bcc
FROM {db_prefix}pm_recipients AS pmr
LEFT JOIN {db_prefix}members AS mem_to ON (mem_to.id_member = pmr.id_member)
WHERE pmr.id_pm = {int:id_pm}
AND pmr.id_member != {int:current_member}', array('current_member' => $user_info['id'], 'id_pm' => $context['pm_id']));
$recipients = array();
$hidden_recipients = 0;
while ($row = $smcFunc['db_fetch_assoc']($request)) {
// If it's hidden still don't reveal their names - privacy after all ;)
if ($row['bcc']) {
$hidden_recipients++;
} else {
$recipients[] = '[url=' . $scripturl . '?action=profile;u=' . $row['id_member_to'] . ']' . $row['to_name'] . '[/url]';
}
}
$smcFunc['db_free_result']($request);
if ($hidden_recipients) {
$recipients[] = sprintf($txt['pm_report_pm_hidden'], $hidden_recipients);
}
// Now let's get out and loop through the admins.
$request = $smcFunc['db_query']('', '
SELECT id_member, real_name, lngfile
FROM {db_prefix}members
WHERE (id_group = {int:admin_id} OR FIND_IN_SET({int:admin_id}, additional_groups) != 0)
' . (empty($_POST['id_admin']) ? '' : 'AND id_member = {int:specific_admin}') . '
ORDER BY lngfile', array('admin_id' => 1, 'specific_admin' => isset($_POST['id_admin']) ? (int) $_POST['id_admin'] : 0));
// Maybe we shouldn't advertise this?
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('no_access', false);
}
$memberFromName = un_htmlspecialchars($memberFromName);
// Prepare the message storage array.
$messagesToSend = array();
// Loop through each admin, and add them to the right language pile...
while ($row = $smcFunc['db_fetch_assoc']($request)) {
// Need to send in the correct language!
$cur_language = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'];
if (!isset($messagesToSend[$cur_language])) {
loadLanguage('PersonalMessage', $cur_language, false);
// Make the body.
$report_body = str_replace(array('{REPORTER}', '{SENDER}'), array(un_htmlspecialchars($user_info['name']), $memberFromName), $txt['pm_report_pm_user_sent']);
$report_body .= "\n" . '[b]' . $_POST['reason'] . '[/b]' . "\n\n";
if (!empty($recipients)) {
$report_body .= $txt['pm_report_pm_other_recipients'] . ' ' . implode(', ', $recipients) . "\n\n";
}
$report_body .= $txt['pm_report_pm_unedited_below'] . "\n" . '[quote author=' . (empty($memberFromID) ? '"' . $memberFromName . '"' : $memberFromName . ' link=action=profile;u=' . $memberFromID . ' date=' . $time) . ']' . "\n" . un_htmlspecialchars($body) . '[/quote]';
// Plonk it in the array ;)
$messagesToSend[$cur_language] = array('subject' => ($smcFunc['strpos']($subject, $txt['pm_report_pm_subject']) === false ? $txt['pm_report_pm_subject'] : '') . un_htmlspecialchars($subject), 'body' => $report_body, 'recipients' => array('to' => array(), 'bcc' => array()));
}
// Add them to the list.
$messagesToSend[$cur_language]['recipients']['to'][$row['id_member']] = $row['id_member'];
}
$smcFunc['db_free_result']($request);
// Send a different email for each language.
foreach ($messagesToSend as $lang => $message) {
sendpm($message['recipients'], $message['subject'], $message['body']);
}
// Give the user their own language back!
if (!empty($modSettings['userLanguage'])) {
loadLanguage('PersonalMessage', '', false);
}
// Leave them with a template.
$context['sub_template'] = 'report_message_complete';
}
}
function Login2()
{
global $txt, $scripturl, $user_info, $user_settings, $smcFunc;
global $cookiename, $maintenance, $modSettings, $context, $sc, $sourcedir;
// Load cookie authentication stuff.
require_once $sourcedir . '/Subs-Auth.php';
if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest']) {
if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\\{i:0;(i:\\d{1,6}|s:[1-8]:"\\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\\d{1,14};(i:3;i:\\d;)?\\}$~', $_COOKIE[$cookiename]) === 1) {
list(, , $timeout) = @unserialize($_COOKIE[$cookiename]);
} elseif (isset($_SESSION['login_' . $cookiename])) {
list(, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]);
} else {
trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
}
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt']));
setLoginCookie($timeout - time(), $user_info['id'], sha1($user_settings['passwd'] . $user_settings['password_salt']));
redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
} elseif (isset($_GET['sa']) && $_GET['sa'] == 'check') {
// Strike! You're outta there!
if ($_GET['member'] != $user_info['id']) {
fatal_lang_error('login_cookie_error', false);
}
// Some whitelisting for login_url...
if (empty($_SESSION['login_url'])) {
redirectexit();
} else {
// Best not to clutter the session data too much...
$temp = $_SESSION['login_url'];
unset($_SESSION['login_url']);
redirectexit($temp);
}
}
// Beyond this point you are assumed to be a guest trying to login.
if (!$user_info['is_guest']) {
redirectexit();
}
// Set the login_url if it's not already set (but careful not to send us to an attachment).
if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) {
$_SESSION['login_url'] = $_SESSION['old_url'];
}
// Are you guessing with a script that doesn't keep the session id?
spamProtection('login');
// Been guessing a lot, haven't we?
if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
fatal_lang_error('login_threshold_fail', 'critical');
}
// Set up the cookie length. (if it's invalid, just fall through and use the default.)
if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) {
$modSettings['cookieTime'] = 3153600;
} elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) {
$modSettings['cookieTime'] = (int) $_POST['cookielength'];
}
loadLanguage('Login');
// Load the template stuff - wireless or normal.
if (WIRELESS) {
$context['sub_template'] = WIRELESS_PROTOCOL . '_login';
} else {
loadTemplate('Login');
$context['sub_template'] = 'login';
}
// Set up the default/fallback stuff.
$context['default_username'] = isset($_REQUEST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_REQUEST['user'])) : '';
$context['default_password'] = '';
$context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600;
$context['login_errors'] = array($txt['error_occured']);
$context['page_title'] = $txt['login'];
// Add the login chain to the link tree.
$context['linktree'][] = array('url' => $scripturl . '?action=login', 'name' => $txt['login']);
if (!empty($_REQUEST['openid_identifier']) && !empty($modSettings['enableOpenID'])) {
require_once $sourcedir . '/Subs-OpenID.php';
return smf_openID_validate($_REQUEST['openid_identifier']);
}
// You forgot to type your username, dummy!
if (!isset($_REQUEST['user']) || $_REQUEST['user'] == '') {
$context['login_errors'] = array($txt['need_username']);
return;
}
// Hmm... maybe 'admin' will login with no password. Uhh... NO!
if ((!isset($_POST['passwrd']) || $_POST['passwrd'] == '') && (!isset($_REQUEST['hash_passwrd']) || strlen($_REQUEST['hash_passwrd']) != 40)) {
$context['login_errors'] = array($txt['no_password']);
return;
}
// No funky symbols either.
if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~', '', $_REQUEST['user'])) != 0) {
$context['login_errors'] = array($txt['error_invalid_characters_username']);
return;
}
// Are we using any sort of integration to validate the login?
if (isset($modSettings['integrate_validate_login']) && is_callable($modSettings['integrate_validate_login'])) {
if (call_user_func(strpos($modSettings['integrate_validate_login'], '::') === false ? $modSettings['integrate_validate_login'] : explode('::', $modSettings['integrate_validate_login']), $_REQUEST['user'], isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40 ? $_REQUEST['hash_passwrd'] : null, $modSettings['cookieTime']) == 'retry') {
$context['login_errors'] = array($txt['login_hash_error']);
$context['disable_login_hashing'] = true;
return;
}
}
// Load the data up!
$request = $smcFunc['db_query']('', '
SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
openid_uri, passwd_flood
FROM {db_prefix}members
WHERE ' . ($smcFunc['db_case_sensitive'] ? 'LOWER(member_name) = LOWER({string:user_name})' : 'member_name = {string:user_name}') . '
LIMIT 1', array('user_name' => $smcFunc['db_case_sensitive'] ? strtolower($_REQUEST['user']) : $_REQUEST['user']));
// Probably mistyped or their email, try it as an email address. (member_name first, though!)
if ($smcFunc['db_num_rows']($request) == 0) {
$smcFunc['db_free_result']($request);
$request = $smcFunc['db_query']('', '
SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt, openid_uri,
passwd_flood
FROM {db_prefix}members
WHERE email_address = {string:user_name}
LIMIT 1', array('user_name' => $_REQUEST['user']));
// Let them try again, it didn't match anything...
if ($smcFunc['db_num_rows']($request) == 0) {
$context['login_errors'] = array($txt['username_no_exist']);
return;
}
}
$user_settings = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Figure out the password using SMF's encryption - if what they typed is right.
if (isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40) {
// Needs upgrading?
if (strlen($user_settings['passwd']) != 40) {
$context['login_errors'] = array($txt['login_hash_error']);
$context['disable_login_hashing'] = true;
unset($user_settings);
return;
} elseif ($_REQUEST['hash_passwrd'] == sha1($user_settings['passwd'] . $sc)) {
$sha_passwd = $user_settings['passwd'];
} else {
// Don't allow this!
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
$_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1;
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
$context['disable_login_hashing'] = true;
$context['login_errors'] = array($txt['incorrect_password']);
unset($user_settings);
return;
}
}
} else {
$sha_passwd = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
}
// Bad password! Thought you could fool the database?!
if ($user_settings['passwd'] != $sha_passwd) {
// Let's be cautious, no hacking please. thanx.
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
// Maybe we were too hasty... let's try some other authentication methods.
$other_passwords = array();
// None of the below cases will be used most of the time (because the salt is normally set.)
if ($user_settings['password_salt'] == '') {
// YaBB SE, Discus, MD5 (used a lot), SHA-1 (used some), SMF 1.0.x, IkonBoard, and none at all.
$other_passwords[] = crypt($_POST['passwrd'], substr($_POST['passwrd'], 0, 2));
$other_passwords[] = crypt($_POST['passwrd'], substr($user_settings['passwd'], 0, 2));
$other_passwords[] = md5($_POST['passwrd']);
$other_passwords[] = sha1($_POST['passwrd']);
$other_passwords[] = md5_hmac($_POST['passwrd'], strtolower($user_settings['member_name']));
$other_passwords[] = md5($_POST['passwrd'] . strtolower($user_settings['member_name']));
$other_passwords[] = $_POST['passwrd'];
// This one is a strange one... MyPHP, crypt() on the MD5 hash.
$other_passwords[] = crypt(md5($_POST['passwrd']), md5($_POST['passwrd']));
// Snitz style - SHA-256. Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway.
if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) {
$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd']));
}
// phpBB3 users new hashing. We now support it as well ;).
$other_passwords[] = phpBB3_password_check($_POST['passwrd'], $user_settings['passwd']);
// APBoard 2 Login Method.
$other_passwords[] = md5(crypt($_REQUEST['passwrd'], 'CRYPT_MD5'));
} elseif (strlen($user_settings['passwd']) == 32) {
// vBulletin 3 style hashing? Let's welcome them with open arms \o/.
$other_passwords[] = md5(md5($_POST['passwrd']) . $user_settings['password_salt']);
// Hmm.. p'raps it's Invision 2 style?
$other_passwords[] = md5(md5($user_settings['password_salt']) . md5($_POST['passwrd']));
// Some common md5 ones.
$other_passwords[] = md5($user_settings['password_salt'] . $_POST['passwrd']);
$other_passwords[] = md5($_POST['passwrd'] . $user_settings['password_salt']);
$other_passwords[] = md5($_POST['passwrd']);
$other_passwords[] = md5(md5($_POST['passwrd']));
} elseif (strlen($user_settings['passwd']) == 40) {
// Maybe they are using a hash from before the password fix.
$other_passwords[] = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
// BurningBoard3 style of hashing.
$other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_REQUEST['passwrd'])));
// Perhaps we converted to UTF-8 and have a valid password being hashed differently.
if ($context['character_set'] == 'utf8' && !empty($modSettings['previousCharacterSet']) && $modSettings['previousCharacterSet'] != 'utf8') {
// Try iconv first, for no particular reason.
if (function_exists('iconv')) {
$other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd'])));
}
// Say it aint so, iconv failed!
if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding')) {
$other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet'])));
}
}
}
// SMF's sha1 function can give a funny result on Linux (Not our fault!). If we've now got the real one let the old one be valid!
if (strpos(strtolower(PHP_OS), 'win') !== 0) {
require_once $sourcedir . '/Subs-Compat.php';
$other_passwords[] = sha1_smf(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
}
// Whichever encryption it was using, let's make it use SMF's now ;).
if (in_array($user_settings['passwd'], $other_passwords)) {
$user_settings['passwd'] = $sha_passwd;
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
// Update the password and set up the hash.
updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt']));
} else {
// They've messed up again - keep a count to see if they need a hand.
$_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1;
// Hmm... don't remember it, do you? Here, try the password reminder ;).
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
// Log an error so we know that it didn't go well in the error log.
log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
$context['login_errors'] = array($txt['incorrect_password']);
return;
}
}
} elseif (!empty($user_settings['passwd_flood'])) {
// Let's be sure they wern't a little hacker.
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood'], true);
// If we got here then we can reset the flood counter.
updateMemberData($user_settings['id_member'], array('passwd_flood' => ''));
}
// Correct password, but they've got no salt; fix it!
if ($user_settings['password_salt'] == '') {
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_settings['id_member'], array('password_salt' => $user_settings['password_salt']));
}
// Check their activation status.
if (!checkActivation()) {
return;
}
DoLogin();
}
function scheduled_daily_digest()
{
global $is_weekly, $txt, $mbname, $scripturl, $sourcedir, $context, $modSettings;
// We'll want this...
require_once $sourcedir . '/lib/Subs-Post.php';
loadEssentialThemeData();
$is_weekly = !empty($is_weekly) ? 1 : 0;
// Right - get all the notification data FIRST.
$request = smf_db_query('
SELECT ln.id_topic, COALESCE(t.id_board, ln.id_board) AS id_board, mem.email_address, mem.member_name, mem.notify_types,
mem.lngfile, mem.id_member
FROM {db_prefix}log_notify AS ln
INNER JOIN {db_prefix}members AS mem ON (mem.id_member = ln.id_member)
LEFT JOIN {db_prefix}topics AS t ON (ln.id_topic != {int:empty_topic} AND t.id_topic = ln.id_topic)
WHERE mem.notify_regularity = {int:notify_regularity}
AND mem.is_activated = {int:is_activated}', array('empty_topic' => 0, 'notify_regularity' => $is_weekly ? '3' : '2', 'is_activated' => 1));
$members = array();
$langs = array();
$notify = array();
while ($row = mysql_fetch_assoc($request)) {
if (!isset($members[$row['id_member']])) {
$members[$row['id_member']] = array('email' => $row['email_address'], 'name' => $row['member_name'], 'id' => $row['id_member'], 'notifyMod' => $row['notify_types'] < 3 ? true : false, 'lang' => $row['lngfile']);
$langs[$row['lngfile']] = $row['lngfile'];
}
// Store this useful data!
$boards[$row['id_board']] = $row['id_board'];
if ($row['id_topic']) {
$notify['topics'][$row['id_topic']][] = $row['id_member'];
} else {
$notify['boards'][$row['id_board']][] = $row['id_member'];
}
}
mysql_free_result($request);
if (empty($boards)) {
return true;
}
// Just get the board names.
$request = smf_db_query('
SELECT id_board, name
FROM {db_prefix}boards
WHERE id_board IN ({array_int:board_list})', array('board_list' => $boards));
$boards = array();
while ($row = mysql_fetch_assoc($request)) {
$boards[$row['id_board']] = $row['name'];
}
mysql_free_result($request);
if (empty($boards)) {
return true;
}
// Get the actual topics...
$request = smf_db_query('
SELECT ld.note_type, t.id_topic, t.id_board, t.id_member_started, m.id_msg, m.subject,
b.name AS board_name
FROM {db_prefix}log_digest AS ld
INNER JOIN {db_prefix}topics AS t ON (t.id_topic = ld.id_topic
AND t.id_board IN ({array_int:board_list}))
INNER JOIN {db_prefix}messages AS m ON (m.id_msg = t.id_first_msg)
INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board)
WHERE ' . ($is_weekly ? 'ld.daily != {int:daily_value}' : 'ld.daily IN (0, 2)'), array('board_list' => array_keys($boards), 'daily_value' => 2));
$types = array();
while ($row = mysql_fetch_assoc($request)) {
if (!isset($types[$row['note_type']][$row['id_board']])) {
$types[$row['note_type']][$row['id_board']] = array('lines' => array(), 'name' => $row['board_name'], 'id' => $row['id_board']);
}
if ($row['note_type'] == 'reply') {
if (isset($types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']])) {
$types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']]['count']++;
} else {
$types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']] = array('id' => $row['id_topic'], 'subject' => un_htmlspecialchars($row['subject']), 'count' => 1);
}
} elseif ($row['note_type'] == 'topic') {
if (!isset($types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']])) {
$types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']] = array('id' => $row['id_topic'], 'subject' => un_htmlspecialchars($row['subject']));
}
} else {
if (!isset($types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']])) {
$types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']] = array('id' => $row['id_topic'], 'subject' => un_htmlspecialchars($row['subject']), 'starter' => $row['id_member_started']);
}
}
$types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']]['members'] = array();
if (!empty($notify['topics'][$row['id_topic']])) {
$types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']]['members'] = array_merge($types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']]['members'], $notify['topics'][$row['id_topic']]);
}
if (!empty($notify['boards'][$row['id_board']])) {
$types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']]['members'] = array_merge($types[$row['note_type']][$row['id_board']]['lines'][$row['id_topic']]['members'], $notify['boards'][$row['id_board']]);
}
}
mysql_free_result($request);
if (empty($types)) {
return true;
}
// Let's load all the languages into a cache thingy.
$langtxt = array();
foreach ($langs as $lang) {
loadLanguage('Post', $lang);
loadLanguage('index', $lang);
loadLanguage('EmailTemplates', $lang);
$langtxt[$lang] = array('subject' => $txt['digest_subject_' . ($is_weekly ? 'weekly' : 'daily')], 'char_set' => $txt['lang_character_set'], 'intro' => sprintf($txt['digest_intro_' . ($is_weekly ? 'weekly' : 'daily')], $mbname), 'new_topics' => $txt['digest_new_topics'], 'topic_lines' => $txt['digest_new_topics_line'], 'new_replies' => $txt['digest_new_replies'], 'mod_actions' => $txt['digest_mod_actions'], 'replies_one' => $txt['digest_new_replies_one'], 'replies_many' => $txt['digest_new_replies_many'], 'sticky' => $txt['digest_mod_act_sticky'], 'lock' => $txt['digest_mod_act_lock'], 'unlock' => $txt['digest_mod_act_unlock'], 'remove' => $txt['digest_mod_act_remove'], 'move' => $txt['digest_mod_act_move'], 'merge' => $txt['digest_mod_act_merge'], 'split' => $txt['digest_mod_act_split'], 'bye' => $txt['regards_team']);
}
// Right - send out the silly things - this will take quite some space!
$emails = array();
foreach ($members as $mid => $member) {
// Right character set!
$context['character_set'] = 'UTF-8';
// Do the start stuff!
$email = array('subject' => $mbname . ' - ' . $langtxt[$lang]['subject'], 'body' => $member['name'] . ',' . "\n\n" . $langtxt[$lang]['intro'] . "\n" . $scripturl . '?action=profile;area=notification;u=' . $member['id'] . "\n", 'email' => $member['email']);
// All new topics?
if (isset($types['topic'])) {
$titled = false;
foreach ($types['topic'] as $id => $board) {
foreach ($board['lines'] as $topic) {
if (in_array($mid, $topic['members'])) {
if (!$titled) {
$email['body'] .= "\n" . $langtxt[$lang]['new_topics'] . ':' . "\n" . '-----------------------------------------------';
$titled = true;
}
$email['body'] .= "\n" . sprintf($langtxt[$lang]['topic_lines'], $topic['subject'], $board['name']);
}
}
}
if ($titled) {
$email['body'] .= "\n";
}
}
// What about replies?
if (isset($types['reply'])) {
$titled = false;
foreach ($types['reply'] as $id => $board) {
foreach ($board['lines'] as $topic) {
if (in_array($mid, $topic['members'])) {
if (!$titled) {
$email['body'] .= "\n" . $langtxt[$lang]['new_replies'] . ':' . "\n" . '-----------------------------------------------';
$titled = true;
}
$email['body'] .= "\n" . ($topic['count'] == 1 ? sprintf($langtxt[$lang]['replies_one'], $topic['subject']) : sprintf($langtxt[$lang]['replies_many'], $topic['count'], $topic['subject']));
}
}
}
if ($titled) {
$email['body'] .= "\n";
}
}
// Finally, moderation actions!
$titled = false;
foreach ($types as $note_type => $type) {
if ($note_type == 'topic' || $note_type == 'reply') {
continue;
}
foreach ($type as $id => $board) {
foreach ($board['lines'] as $topic) {
if (in_array($mid, $topic['members'])) {
if (!$titled) {
$email['body'] .= "\n" . $langtxt[$lang]['mod_actions'] . ':' . "\n" . '-----------------------------------------------';
$titled = true;
}
$email['body'] .= "\n" . sprintf($langtxt[$lang][$note_type], $topic['subject']);
}
}
}
}
if ($titled) {
$email['body'] .= "\n";
}
// Then just say our goodbyes!
$email['body'] .= "\n\n" . $txt['regards_team'];
// Send it - low priority!
sendmail($email['email'], $email['subject'], $email['body'], null, null, false, 4);
}
// Clean up...
if ($is_weekly) {
smf_db_query('
DELETE FROM {db_prefix}log_digest
WHERE daily != {int:not_daily}', array('not_daily' => 0));
smf_db_query('
UPDATE {db_prefix}log_digest
SET daily = {int:daily_value}
WHERE daily = {int:not_daily}', array('daily_value' => 2, 'not_daily' => 0));
} else {
// Clear any only weekly ones, and stop us from sending daily again.
smf_db_query('
DELETE FROM {db_prefix}log_digest
WHERE daily = {int:daily_value}', array('daily_value' => 2));
smf_db_query('
UPDATE {db_prefix}log_digest
SET daily = {int:both_value}
WHERE daily = {int:no_value}', array('both_value' => 1, 'no_value' => 0));
}
// Just in case the member changes their settings mark this as sent.
$members = array_keys($members);
smf_db_query('
UPDATE {db_prefix}log_notify
SET sent = {int:is_sent}
WHERE id_member IN ({array_int:member_list})', array('member_list' => $members, 'is_sent' => 1));
// Log we've done it...
return true;
}
function EditSmileys()
{
global $modSettings, $context, $settings, $db_prefix, $txt, $boarddir;
// Force the correct tab to be displayed.
$context['admin_tabs']['tabs']['editsmileys']['is_selected'] = true;
// Submitting a form?
if (isset($_POST['sc'])) {
checkSession();
// Changing the selected smileys?
if (isset($_POST['smiley_action']) && !empty($_POST['checked_smileys'])) {
foreach ($_POST['checked_smileys'] as $id => $smiley_id) {
$_POST['checked_smileys'][$id] = (int) $smiley_id;
}
if ($_POST['smiley_action'] == 'delete') {
db_query("\n\t\t\t\t\tDELETE FROM {$db_prefix}smileys\n\t\t\t\t\tWHERE ID_SMILEY IN (" . implode(', ', $_POST['checked_smileys']) . ')', __FILE__, __LINE__);
} else {
// Check it's a valid type.
$displayTypes = array('post' => 0, 'hidden' => 1, 'popup' => 2);
if (isset($displayTypes[$_POST['smiley_action']])) {
db_query("\n\t\t\t\t\t\tUPDATE {$db_prefix}smileys\n\t\t\t\t\t\tSET hidden = " . $displayTypes[$_POST['smiley_action']] . "\n\t\t\t\t\t\tWHERE ID_SMILEY IN (" . implode(', ', $_POST['checked_smileys']) . ')', __FILE__, __LINE__);
}
}
} elseif (isset($_POST['smiley'])) {
$_POST['smiley'] = (int) $_POST['smiley'];
$_POST['smiley_code'] = htmltrim__recursive($_POST['smiley_code']);
$_POST['smiley_filename'] = htmltrim__recursive($_POST['smiley_filename']);
$_POST['smiley_location'] = empty($_POST['smiley_location']) || $_POST['smiley_location'] > 2 || $_POST['smiley_location'] < 0 ? 0 : (int) $_POST['smiley_location'];
// Make sure some code was entered.
if (empty($_POST['smiley_code'])) {
fatal_lang_error('smiley_has_no_code');
}
// Also make sure a filename was given.
if (empty($_POST['smiley_filename'])) {
fatal_lang_error('smiley_has_no_filename');
}
// Check whether the new code has duplicates. It should be unique.
$request = db_query("\n\t\t\t\tSELECT ID_SMILEY\n\t\t\t\tFROM {$db_prefix}smileys\n\t\t\t\tWHERE code = BINARY '{$_POST['smiley_code']}'" . (empty($_POST['smiley']) ? '' : "\n\t\t\t\t\tAND ID_SMILEY != {$_POST['smiley']}"), __FILE__, __LINE__);
if (mysql_num_rows($request) > 0) {
fatal_lang_error('smiley_not_unique');
}
mysql_free_result($request);
db_query("\n\t\t\t\tUPDATE {$db_prefix}smileys\n\t\t\t\tSET\n\t\t\t\t\tcode = '{$_POST['smiley_code']}',\n\t\t\t\t\tfilename = '{$_POST['smiley_filename']}',\n\t\t\t\t\tdescription = '{$_POST['smiley_description']}',\n\t\t\t\t\thidden = {$_POST['smiley_location']}\n\t\t\t\tWHERE ID_SMILEY = {$_POST['smiley']}", __FILE__, __LINE__);
// Sort all smiley codes for more accurate parsing (longest code first).
db_query("\n\t\t\t\tALTER TABLE {$db_prefix}smileys\n\t\t\t\tORDER BY LENGTH(code) DESC", __FILE__, __LINE__);
}
cache_put_data('parsing_smileys', null, 480);
cache_put_data('posting_smileys', null, 480);
}
// Load all known smiley sets.
$context['smiley_sets'] = explode(',', $modSettings['smiley_sets_known']);
$set_names = explode("\n", $modSettings['smiley_sets_names']);
foreach ($context['smiley_sets'] as $i => $set) {
$context['smiley_sets'][$i] = array('id' => $i, 'path' => htmlspecialchars($set), 'name' => htmlspecialchars($set_names[$i]), 'selected' => $set == $modSettings['smiley_sets_default']);
}
// Prepare overview of all (custom) smileys.
if ($context['sub_action'] == 'editsmileys') {
$sortColumns = array('code', 'filename', 'description', 'hidden');
// Default to 'order by filename'.
$context['sort'] = empty($_REQUEST['sort']) || !in_array($_REQUEST['sort'], $sortColumns) ? 'filename' : $_REQUEST['sort'];
$request = db_query("\n\t\t\tSELECT ID_SMILEY, code, filename, description, smileyRow, smileyOrder, hidden\n\t\t\tFROM {$db_prefix}smileys\n\t\t\tORDER BY {$context['sort']}", __FILE__, __LINE__);
$context['smileys'] = array();
while ($row = mysql_fetch_assoc($request)) {
$context['smileys'][] = array('id' => $row['ID_SMILEY'], 'code' => htmlspecialchars($row['code']), 'filename' => htmlspecialchars($row['filename']), 'description' => htmlspecialchars($row['description']), 'row' => $row['smileyRow'], 'order' => $row['smileyOrder'], 'location' => empty($row['hidden']) ? $txt['smileys_location_form'] : ($row['hidden'] == 1 ? $txt['smileys_location_hidden'] : $txt['smileys_location_popup']), 'sets_not_found' => array());
}
mysql_free_result($request);
if (!empty($modSettings['smileys_dir']) && is_dir($modSettings['smileys_dir'])) {
foreach ($context['smiley_sets'] as $smiley_set) {
foreach ($context['smileys'] as $smiley_id => $smiley) {
if (!file_exists($modSettings['smileys_dir'] . '/' . un_htmlspecialchars($smiley_set['path']) . '/' . $smiley['filename'])) {
$context['smileys'][$smiley_id]['sets_not_found'][] = $smiley_set['path'];
}
}
}
}
$context['selected_set'] = $modSettings['smiley_sets_default'];
} elseif ($context['sub_action'] == 'modifysmiley') {
// Get a list of all known smiley sets.
$context['smileys_dir'] = empty($modSettings['smileys_dir']) ? $boarddir . '/Smileys' : $modSettings['smileys_dir'];
$context['smileys_dir_found'] = is_dir($context['smileys_dir']);
$context['smiley_sets'] = explode(',', $modSettings['smiley_sets_known']);
$set_names = explode("\n", $modSettings['smiley_sets_names']);
foreach ($context['smiley_sets'] as $i => $set) {
$context['smiley_sets'][$i] = array('id' => $i, 'path' => htmlspecialchars($set), 'name' => htmlspecialchars($set_names[$i]), 'selected' => $set == $modSettings['smiley_sets_default']);
}
$context['selected_set'] = $modSettings['smiley_sets_default'];
// Get all possible filenames for the smileys.
$context['filenames'] = array();
if ($context['smileys_dir_found']) {
foreach ($context['smiley_sets'] as $smiley_set) {
if (!file_exists($context['smileys_dir'] . '/' . un_htmlspecialchars($smiley_set['path']))) {
continue;
}
$dir = dir($context['smileys_dir'] . '/' . un_htmlspecialchars($smiley_set['path']));
while ($entry = $dir->read()) {
if (!in_array($entry, $context['filenames']) && in_array(strrchr($entry, '.'), array('.jpg', '.gif', '.jpeg', '.png'))) {
$context['filenames'][strtolower($entry)] = array('id' => htmlspecialchars($entry), 'selected' => false);
}
}
$dir->close();
}
ksort($context['filenames']);
}
$request = db_query("\n\t\t\tSELECT ID_SMILEY AS id, code, filename, description, hidden AS location, 0 AS is_new\n\t\t\tFROM {$db_prefix}smileys\n\t\t\tWHERE ID_SMILEY = " . (int) $_REQUEST['smiley'], __FILE__, __LINE__);
if (mysql_num_rows($request) != 1) {
fatal_lang_error('smiley_not_found');
}
$context['current_smiley'] = mysql_fetch_assoc($request);
mysql_free_result($request);
$context['current_smiley']['code'] = htmlspecialchars($context['current_smiley']['code']);
$context['current_smiley']['filename'] = htmlspecialchars($context['current_smiley']['filename']);
$context['current_smiley']['description'] = htmlspecialchars($context['current_smiley']['description']);
if (isset($context['filenames'][strtolower($context['current_smiley']['filename'])])) {
$context['filenames'][strtolower($context['current_smiley']['filename'])]['selected'] = true;
}
}
}
function do_postchecks()
{
global $context, $txt, $settings, $boarddir, $smcFunc, $sourcedir;
// If we have any setting changes add them to this array
$updateArray = array();
// which screen do we come frm?
if (!empty($_POST['tpadmin_form'])) {
// get it
$from = $_POST['tpadmin_form'];
//news
if ($from == 'news') {
return 'news';
} elseif ($from == 'blockoverview') {
checkSession('post');
isAllowedTo('tp_blocks');
$block = array();
foreach ($_POST as $what => $value) {
if (substr($what, 5, 7) == 'tpblock') {
// get the id
$bid = substr($what, 12);
if (!isset($block[$bid])) {
$block[$bid] = array();
}
if ($value != 'control' && !in_array($value, $block[$bid])) {
$block[$bid][] = $value;
}
}
}
foreach ($block as $bl => $blo) {
$request = $smcFunc['db_query']('', '
SELECT access FROM {db_prefix}tp_blocks
WHERE id = {int:blockid}', array('blockid' => $bl));
if ($smcFunc['db_num_rows']($request) > 0) {
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
$request = $smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET access = {string:access} WHERE id = {int:blockid}', array('access' => implode(',', $blo), 'blockid' => $bl));
}
}
return 'blocks;overview';
} elseif (in_array($from, array('settings', 'frontpage', 'artsettings', 'panels'))) {
checkSession('post');
isAllowedTo('tp_settings');
$w = array();
$ssi = array();
foreach ($_POST as $what => $value) {
if (substr($what, 0, 3) == 'tp_') {
$where = substr($what, 3);
$clean = $value;
// for frontpage, do some extra
if ($from == 'frontpage') {
if (substr($what, 0, 20) == 'tp_frontpage_visual_') {
$w[] = substr($what, 20);
unset($clean);
} elseif (substr($what, 0, 21) == 'tp_frontpage_usorting') {
$w[] = 'sort_' . $value;
unset($clean);
} elseif (substr($what, 0, 26) == 'tp_frontpage_sorting_order') {
$w[] = 'sortorder_' . $value;
unset($clean);
} elseif (substr($what, 0, 11) == 'tp_ssiboard') {
if ($value != 0) {
$ssi[$value] = $value;
}
}
}
if ($from == 'settings' && $what == 'tp_frontpage_title') {
$updateArray['frontpage_title'] = $clean;
} else {
if (isset($clean)) {
$updateArray[$where] = $clean;
}
}
}
}
// check the frontpage visual setting..
if ($from == 'frontpage') {
$updateArray['frontpage_visual'] = implode(',', $w);
$updateArray['SSI_board'] = implode(',', $ssi);
}
updateTPSettings($updateArray);
return $from;
} elseif ($from == 'categories') {
checkSession('post');
isAllowedTo('tp_articles');
foreach ($_POST as $what => $value) {
if (substr($what, 0, 3) == 'tp_') {
// for frontpage, do some extra
if ($from == 'categories') {
if (substr($what, 0, 19) == 'tp_category_value2_') {
$where = tp_sanitize(substr($what, 19));
//make sure parent are not its own parent
$request = $smcFunc['db_query']('', '
SELECT value2 FROM {db_prefix}tp_variables
WHERE id = {string:varid} LIMIT 1', array('varid' => $value));
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
if ($row['value2'] == $where) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value2 = {string:val2}
WHERE id = {string:varid} LIMIT 1', array('val2' => '0', 'varid' => $value));
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value2 = {string:val2}
WHERE id = {string:varid} LIMIT 1', array('val2' => $value, 'varid' => $where));
}
}
}
}
return $from;
} elseif ($from == 'articles') {
checkSession('post');
isAllowedTo('tp_articles');
foreach ($_POST as $what => $value) {
if (substr($what, 0, 14) == 'tp_article_pos') {
$where = tp_sanitize(substr($what, 14));
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET parse = {int:parse}
WHERE id = {int:artid} LIMIT 1', array('parse' => $value, 'artid' => $where));
}
}
if (isset($_POST['tpadmin_form_category']) && is_numeric($_POST['tpadmin_form_category'])) {
return $from . ';cu=' . $_POST['tpadmin_form_category'];
} else {
return $from;
}
} elseif ($from == 'modules') {
checkSession('post');
isAllowedTo('tp_settings');
foreach ($_POST as $what => $value) {
if ($what == 'tp_show_download') {
$updateArray['show_download'] = $value;
} elseif (substr($what, 0, 14) == 'tpmodule_state') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_modules
SET active = {int:active}
WHERE id = {int:modid}', array('active' => $value, 'modid' => substr($what, 14)));
}
}
updateTPSettings($updateArray);
return $from;
} elseif ($from == 'menuitems') {
checkSession('post');
isAllowedTo('tp_blocks');
$all = explode(',', $context['TPortal']['sitemap_items']);
foreach ($_POST as $what => $value) {
if (substr($what, 0, 8) == 'menu_pos') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET subtype = {string:subtype}
WHERE id = {int:varid}', array('subtype' => tp_sanitize($value), 'varid' => substr($what, 8)));
} elseif (substr($what, 0, 8) == 'menu_sub') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value4 = {string:val4}
WHERE id = {int:varid}', array('val4' => tp_sanitize($value), 'varid' => substr($what, 8)));
} elseif (substr($what, 0, 15) == 'tp_menu_sitemap') {
$new = substr($what, 15);
if ($value == 0 && in_array($new, $all)) {
foreach ($all as $key => $value) {
if ($all[$key] == $new) {
unset($all[$key]);
}
}
} elseif ($value == 1 && !in_array($new, $all)) {
$all[] = $new;
}
$updateArray['sitemap_items'] = implode(',', $all);
}
}
updateTPSettings($updateArray);
redirectexit('action=tpadmin;sa=menubox;mid=' . $_POST['tp_menuid']);
} elseif ($from == 'menus') {
checkSession('post');
isAllowedTo('tp_blocks');
foreach ($_POST as $what => $value) {
if (substr($what, 0, 12) == 'tp_menu_name') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value1 = {string:val1}
WHERE id = {int:varid}', array('val1' => tp_sanitize($value), 'varid' => substr($what, 12)));
}
}
redirectexit('action=tpadmin;sa=menubox');
} elseif ($from == 'singlemenuedit') {
checkSession('post');
isAllowedTo('tp_blocks');
$where = isset($_POST['tpadmin_form_id']) ? $_POST['tpadmin_form_id'] : 0;
foreach ($_POST as $what => $value) {
if ($what == 'tp_menu_name') {
// make sure special charachters can't be done
$value = preg_replace('~&#\\d+$~', '', $value);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value1 = {string:val1}
WHERE id = {int:varid}', array('val1' => $value, 'varid' => $where));
} elseif ($what == 'tp_menu_newlink') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value2 = {string:var2}
WHERE id = {int:varid}', array('var2' => $value, 'varid' => $where));
} elseif ($what == 'tp_menu_menuid') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET subtype2 = {int:subtype2}
WHERE id = {int:varid}', array('subtype2' => $value, 'varid' => $where));
} elseif ($what == 'tp_menu_type') {
if ($value == 'cats') {
$idtype = 'cats' . $_POST['tp_menu_category'];
} elseif ($value == 'arti') {
$idtype = 'arti' . $_POST['tp_menu_article'];
} elseif ($value == 'link') {
$idtype = $_POST['tp_menu_link'];
} elseif ($value == 'head') {
$idtype = 'head';
} elseif ($value == 'spac') {
$idtype = 'spac';
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value3 = {string:val3}
WHERE id = {int:varid}', array('val3' => $idtype, 'varid' => $where));
} elseif ($what == 'tp_menu_sub') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value4 = {string:val4}
WHERE id = {int:varid}', array('val4' => $value, 'varid' => $where));
} elseif (substr($what, 0, 15) == 'tp_menu_newlink') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value2 =
WHERE id = {int:varid}', array('val2' => $value, 'varid' => $where));
}
}
redirectexit('action=tpadmin;linkedit=' . $where . ';' . $context['session_var'] . '=' . $context['session_id']);
} elseif ($from == 'addcategory') {
checkSession('post');
isAllowedTo('tp_articles');
$name = !empty($_POST['tp_cat_name']) ? $_POST['tp_cat_name'] : $txt['tp-noname'];
$parent = !empty($_POST['tp_cat_parent']) ? $_POST['tp_cat_parent'] : '0';
$smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'value3' => 'string', 'type' => 'string', 'value4' => 'string', 'value5' => 'int', 'subtype' => 'string', 'value7' => 'string', 'value8' => 'string', 'subtype2' => 'int'), array(strip_tags($name), $parent, '', 'category', '', 0, '', 'catlayout=1|layout=1', 0, 0), array('id'));
$go = $smcFunc['db_insert_id']('{db_prefix}tp_variables', 'id');
redirectexit('action=tpadmin;sa=categories;cu=' . $go);
} elseif ($from == 'clist') {
checkSession('post');
isAllowedTo('tp_articles');
$cats = array();
foreach ($_POST as $what => $value) {
if (substr($what, 0, 8) == 'tp_clist') {
$cats[] = $value;
}
}
if (sizeof($cats) > 0) {
$catnames = implode(',', $cats);
} else {
$catnames = '';
}
$updateArray['cat_list'] = $catnames;
updateTPSettings($updateArray);
return $from;
} elseif ($from == 'editcategory') {
checkSession('post');
isAllowedTo('tp_articles');
$options = array();
$groups = array();
$where = $_POST['tpadmin_form_id'];
foreach ($_POST as $what => $value) {
if (substr($what, 0, 3) == 'tp_') {
$clean = tp_sanitize($value);
$param = substr($what, 12);
if (in_array($param, array('value5', 'value6', 'value8'))) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET ' . $param . ' = {string:val}
WHERE id = {int:varid} LIMIT 1', array('val' => $value, 'varid' => $where));
} elseif ($param == 'value2') {
//make sure parent are not its own parent
$request = $smcFunc['db_query']('', '
SELECT value2 FROM {db_prefix}tp_variables
WHERE id = {int:varid} LIMIT 1', array('varid' => $value));
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
if ($row['value2'] == $where) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value2 = {string:val2}
WHERE id = {int:varid} LIMIT 1', array('val2' => '0', 'varid' => $value));
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value2 = {string:val2}
WHERE id = {int:varid} LIMIT 1', array('val2' => $value, 'varid' => $where));
} elseif ($param == 'value1') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value1 = {string:val1}
WHERE id = {int:varid} LIMIT 1', array('val1' => strip_tags($value), 'varid' => $where));
} elseif ($param == 'value4') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value4 = {string:val4}
WHERE id = {int:varid} LIMIT 1', array('val4' => $value, 'varid' => $where));
} elseif ($param == 'value9') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value9 = {string:val9}
WHERE id = {int:varid} LIMIT 1', array('val9' => $value, 'varid' => $where));
} elseif (substr($param, 0, 6) == 'group_') {
$groups[] = substr($param, 6);
} else {
$options[] = $param . '=' . $value;
}
}
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value3 = {string:val3}, value7 = {string:val7}
WHERE id = {int:varid} LIMIT 1', array('val3' => implode(',', $groups), 'val7' => implode('|', $options), 'varid' => $where));
$from = 'categories;cu=' . $where;
return $from;
} elseif ($from == 'strays') {
checkSession('post');
isAllowedTo('tp_articles');
$ccats = array();
// check if we have some values
foreach ($_POST as $what => $value) {
if (substr($what, 0, 16) == 'tp_article_stray') {
$ccats[] = substr($what, 16);
} elseif ($what == 'tp_article_cat') {
$straycat = $value;
} elseif ($what == 'tp_article_new') {
$straynewcat = $value;
}
}
// update
if (isset($straycat) && sizeof($ccats) > 0) {
$category = $straycat;
if ($category == 0 && !empty($straynewcat)) {
$request = $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'type' => 'string'), array(strip_tags($straynewcat), '0', 'category'), array('id'));
$newcategory = $smcFunc['db_insert_id']('{db_prefix}tp_variables', 'id');
$smcFunc['db_free_result']($request);
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET category = {int:cat}
WHERE id IN ({array_int:artid})', array('cat' => !empty($newcategory) ? $newcategory : $category, 'artid' => $ccats));
}
return $from;
} elseif ($from == 'articons') {
checkSession('post');
isAllowedTo('tp_articles');
// any icons sent?
if (file_exists($_FILES['tp_article_newicon']['tmp_name'])) {
TPuploadpicture('tp_article_newicon', '', '300', 'jpg,gif,png', 'tp-files/tp-articles/icons');
}
if (file_exists($_FILES['tp_article_newillustration']['tmp_name'])) {
$name = TPuploadpicture('tp_article_newillustration', '', '500', 'jpg,gif,png', 'tp-files/tp-articles/illustrations');
tp_createthumb('tp-files/tp-articles/illustrations/' . $name, 128, 128, 'tp-files/tp-articles/illustrations/s_' . $name);
unlink('tp-files/tp-articles/illustrations/' . $name);
}
// how about deleted?
foreach ($_POST as $what => $value) {
if (substr($what, 0, 7) == 'articon') {
unlink($boarddir . '/tp-files/tp-articles/icons/' . $value);
} elseif (substr($what, 0, 15) == 'artillustration') {
unlink($boarddir . '/tp-files/tp-articles/illustrations/' . $value);
}
}
return $from;
} elseif ($from == 'menuadd') {
checkSession('post');
isAllowedTo('tp_blocks');
if (!empty($_POST['tp_menu_title'])) {
$mtitle = strip_tags($_POST['tp_menu_title']);
$smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'type' => 'string'), array($mtitle, 'menus'), array('id'));
redirectexit('action=tpadmin;sa=menubox');
}
} elseif ($from == 'menuaddsingle') {
checkSession('post');
isAllowedTo('tp_blocks');
$mid = $_POST['tp_menu_menuid'];
$mtitle = strip_tags($_POST['tp_menu_title']);
if ($mtitle == '') {
$mtitle = $txt['tp-no_title'];
}
$mtype = $_POST['tp_menu_type'];
$mcat = isset($_POST['tp_menu_category']) ? $_POST['tp_menu_category'] : '';
$mart = isset($_POST['tp_menu_article']) ? $_POST['tp_menu_article'] : '';
$mlink = isset($_POST['tp_menu_link']) ? $_POST['tp_menu_link'] : '';
$mhead = isset($_POST['tp_menu_head']) ? $_POST['tp_menu_head'] : '';
$mnewlink = isset($_POST['tp_menu_newlink']) ? $_POST['tp_menu_newlink'] : '0';
if ($mtype == 'cats') {
$mtype = 'cats' . $mcat;
} elseif ($mtype == 'arti') {
$mtype = 'arti' . $mart;
} elseif ($mtype == 'head') {
$mtype = 'head' . $mhead;
} elseif ($mtype == 'spac') {
$mtype = 'spac';
} else {
$mtype = $mlink;
}
$msub = $_POST['tp_menu_sub'];
$smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'value3' => 'string', 'type' => 'string', 'value4' => 'string', 'value5' => 'int', 'subtype2' => 'int'), array($mtitle, $mnewlink, $mtype, 'menubox', $msub, -1, $mid), array('id'));
redirectexit('action=tpadmin;sa=menubox;mid=' . $mid);
} elseif ($from == 'submission') {
checkSession('post');
isAllowedTo('tp_articles');
$ccats = array();
// check if we have some values
foreach ($_POST as $what => $value) {
if (substr($what, 0, 21) == 'tp_article_submission') {
$ccats[] = substr($what, 21);
} elseif ($what == 'tp_article_cat') {
$straycat = $value;
} elseif ($what == 'tp_article_new') {
$straynewcat = $value;
}
}
// update
if (isset($straycat) && sizeof($ccats) > 0) {
$category = $straycat;
if ($category == 0 && !empty($straynewcat)) {
$request = $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'type' => 'string'), array($straynewcat, '0', 'category'), array('id'));
$newcategory = $smcFunc['db_insert_id']('{db_prefix}tp_variables', 'id');
$smcFunc['db_free_result']($request);
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET approved = {int:approved}, category = {int:cat}
WHERE id IN ({array_int:artid})', array('approved' => 1, 'cat' => !empty($newcategory) ? $newcategory : $category, 'artid' => $ccats));
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}tp_variables
WHERE type = {string:type}
AND value5 IN ({array_int:val5})', array('type' => 'art_not_approved', 'val5' => $ccats));
}
return $from;
} elseif ($from == 'blocks') {
checkSession('post');
isAllowedTo('tp_blocks');
foreach ($_POST as $what => $value) {
if (substr($what, 0, 3) == 'pos') {
$where = substr($what, 3);
if (is_numeric($where)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET pos = {int:pos}
WHERE id = {int:blockid}', array('pos' => $value, 'blockid' => $where));
}
} elseif (substr($what, 0, 6) == 'addpos') {
$where = substr($what, 6);
if (is_numeric($where)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET pos = (pos + 11)
WHERE id = {int:blockid}', array('blockid' => $where));
}
} elseif (substr($what, 0, 6) == 'subpos') {
$where = substr($what, 6);
if (is_numeric($where)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks SET pos = (pos - 11)
WHERE id = {int:blockid}', array('blockid' => $where));
}
} elseif (substr($what, 0, 4) == 'type') {
$where = substr($what, 4);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET type = {int:type}
WHERE id = {int:blockid}', array('type' => $value, 'blockid' => $where));
} elseif (substr($what, 0, 5) == 'title') {
$where = strip_tags(substr($what, 5));
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET title = {string:title}
WHERE id = {int:blockid}', array('title' => $value, 'blockid' => $where));
} elseif (substr($what, 0, 9) == 'blockbody') {
$where = tp_sanitize(substr($what, 9));
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET body = {string:body}
WHERE id = {int:blockid}', array('body' => $value, 'blockid' => $where));
}
}
redirectexit('action=tpadmin;sa=blocks');
} elseif ($from == 'addblock') {
checkSession('post');
isAllowedTo('tp_blocks');
$title = empty($_POST['tp_addblocktitle']) ? '-no title-' : $_POST['tp_addblocktitle'];
$panel = $_POST['tp_addblockpanel'];
$type = $_POST['tp_addblock'];
if (!is_numeric($type)) {
if (substr($type, 0, 3) == 'mb_') {
$request = $smcFunc['db_query']('', '
SELECT * FROM {db_prefix}tp_blocks
WHERE id = {int:blockid}', array('blockid' => substr($type, 3)));
if ($smcFunc['db_num_rows']($request) > 0) {
$cp = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
}
} else {
$od = TPparseModfile(file_get_contents($boarddir . '/tp-files/tp-blockcodes/' . $type . '.blockcode'), array('code'));
}
}
if (isset($od['code'])) {
$body = tp_convertphp($od['code']);
$type = 10;
} else {
$body = '';
}
if (isset($cp)) {
$smcFunc['db_insert']('INSERT', '{db_prefix}tp_blocks', array('type' => 'int', 'frame' => 'string', 'title' => 'string', 'body' => 'string', 'access' => 'string', 'bar' => 'int', 'pos' => 'int', 'off' => 'int', 'visible' => 'string', 'var1' => 'int', 'var2' => 'int', 'lang' => 'string', 'access2' => 'string', 'editgroups' => 'string'), array($cp['type'], $cp['frame'], $title, $cp['body'], $cp['access'], $panel, 0, 1, 1, $cp['var1'], $cp['var2'], $cp['lang'], $cp['access2'], $cp['editgroups']), array('id'));
} else {
$smcFunc['db_insert']('INSERT', '{db_prefix}tp_blocks', array('type' => 'int', 'frame' => 'string', 'title' => 'string', 'body' => 'string', 'access' => 'string', 'bar' => 'int', 'pos' => 'int', 'off' => 'int', 'visible' => 'string', 'var1' => 'int', 'var2' => 'int', 'lang' => 'string', 'access2' => 'string', 'editgroups' => 'string'), array($type, 'theme', $title, $body, '-1,0,1', $panel, 0, 1, 1, 0, 0, '', 'actio=allpages', ''), array('id'));
}
$where = $smcFunc['db_insert_id']('{db_prefix}tp_blocks', 'id');
if (!empty($where)) {
redirectexit('action=tpadmin;blockedit=' . $where . ';sesc=' . $context['session_id']);
} else {
redirectexit('action=tpadmin;sa=blocks');
}
} elseif ($from == 'blockedit') {
checkSession('post');
isAllowedTo('tp_blocks');
$where = is_numeric($_POST['tpadmin_form_id']) ? $_POST['tpadmin_form_id'] : 0;
$tpgroups = array();
$editgroups = array();
$access = array();
$lang = array();
foreach ($_POST as $what => $value) {
if (substr($what, 0, 9) == 'tp_block_') {
$setting = substr($what, 9);
if ($setting == 'body') {
// If we came from WYSIWYG then turn it back into BBC regardless.
if (!empty($_REQUEST['tp_block_body_mode']) && isset($_REQUEST['tp_block_body'])) {
require_once $sourcedir . '/Subs-Editor.php';
$_REQUEST['tp_block_body'] = html_to_bbc($_REQUEST['tp_block_body']);
// We need to unhtml it now as it gets done shortly.
$_REQUEST['tp_block_body'] = un_htmlspecialchars($_REQUEST['tp_block_body']);
// We need this for everything else.
$value = $_POST['tp_block_body'] = $_REQUEST['tp_block_body'];
}
// PHP block?
if ($_POST['tp_block_type'] == 10) {
$value = tp_convertphp($value);
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET ' . $setting . ' = {string:value}
WHERE id = {int:blockid}', array('value' => $value, 'blockid' => $where));
} elseif ($setting == 'title') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET title = {string:title}
WHERE id = {int:blockid}', array('title' => $value, 'blockid' => $where));
} elseif ($setting == 'body_mode' || $setting == 'body_choice' || $setting == 'body_pure') {
$go = '';
} elseif ($setting == 'frame') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET frame = {string:val}
WHERE id = {int:blockid}', array('val' => $value, 'blockid' => $where));
} else {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET ' . $setting . ' = {raw:val}
WHERE id = {int:blockid}', array('val' => $value, 'blockid' => $where));
}
} elseif (substr($what, 0, 8) == 'tp_group') {
$tpgroups[] = substr($what, 8);
} elseif (substr($what, 0, 12) == 'tp_editgroup') {
$editgroups[] = substr($what, 12);
} elseif (substr($what, 0, 10) == 'actiontype') {
$access[] = 'actio=' . $value;
} elseif (substr($what, 0, 9) == 'boardtype') {
$access[] = 'board=' . $value;
} elseif (substr($what, 0, 11) == 'articletype') {
$access[] = 'tpage=' . $value;
} elseif (substr($what, 0, 12) == 'categorytype') {
$access[] = 'tpcat=' . $value;
} elseif (substr($what, 0, 8) == 'langtype') {
$access[] = 'tlang=' . $value;
} elseif (substr($what, 0, 9) == 'dlcattype') {
$access[] = 'dlcat=' . $value;
} elseif (substr($what, 0, 9) == 'tpmodtype') {
$access[] = 'tpmod=' . $value;
} elseif (substr($what, 0, 9) == 'custotype' && !empty($value)) {
$items = explode(',', $value);
foreach ($items as $iti => $it) {
$access[] = 'actio=' . $it;
}
} elseif (substr($what, 0, 8) == 'tp_lang_') {
if (substr($what, 8) != '') {
$lang[] = substr($what, 8) . '|' . $value;
}
} elseif (substr($what, 0, 18) == 'tp_userbox_options') {
if (!isset($userbox)) {
$userbox = array();
}
$userbox[] = $value;
} elseif (substr($what, 0, 8) == 'tp_theme') {
$theme = substr($what, 8);
if (!isset($themebox)) {
$themebox = array();
}
// get the path too
if (isset($_POST['tp_path' . $theme])) {
$tpath = $_POST['tp_path' . $theme];
} else {
$tpath = '';
}
$themebox[] = $theme . '|' . $value . '|' . $tpath;
}
}
// construct the access++
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET access2 = {string:acc2},
access = {string:acc},
lang = {string:lang},
editgroups = {string:editgrp}
WHERE id = {int:blockid}', array('acc2' => implode(',', $access), 'acc' => implode(',', $tpgroups), 'lang' => implode('|', $lang), 'editgrp' => implode(',', $editgroups), 'blockid' => $where));
if (isset($userbox)) {
$updateArray['userbox_options'] = implode(',', $userbox);
}
if (isset($themebox)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET body = {string:body}
WHERE id = {int:blockid}', array('body' => implode(',', $themebox), 'blockid' => $where));
}
// anything from PHP block?
if (isset($_POST['blockcode_overwrite'])) {
// get the blockcode
$newval = TPparseModfile(file_get_contents($boarddir . '/tp-files/tp-blockcodes/' . $_POST['tp_blockcode'] . '.blockcode'), array('code'));
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_blocks
SET body = {string:body}
WHERE id = {int:blockid}', array('body' => $newval['code'], 'blockid' => $where));
}
// check if uploadad picture
if (isset($_FILES['qup_blockbody']) && file_exists($_FILES['qup_blockbody']['tmp_name'])) {
$name = TPuploadpicture('qup_blockbody', $context['user']['id'] . 'uid');
tp_createthumb('tp-images/' . $name, 50, 50, 'tp-images/thumbs/thumb_' . $name);
}
updateTPSettings($updateArray);
redirectexit('action=tpadmin;blockedit=' . $where . ';' . $context['session_var'] . '=' . $context['session_id']);
} elseif (substr($from, 0, 11) == 'editarticle') {
checkSession('post');
isAllowedTo('tp_articles');
$new = false;
$where = substr($from, 11);
if (empty($where)) {
// we need to create one first
$smcFunc['db_insert']('INSERT', '{db_prefix}tp_articles', array('date' => 'int'), array(time()), array('id'));
$where = $smcFunc['db_insert_id']('{db_prefix}tp_articles', 'id');
$new = true;
$from = 'editarticle' . $where;
}
// check if uploads are there
if (file_exists($_FILES['tp_article_illupload']['tmp_name'])) {
$name = TPuploadpicture('tp_article_illupload', '', '180', 'jpg,gif,png', 'tp-files/tp-articles/illustrations');
tp_createthumb('tp-files/tp-articles/illustrations/' . $name, 128, 128, 'tp-files/tp-articles/illustrations/s_' . $name);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET illustration = {string:ill}
WHERE id = {int:artid} LIMIT 1', array('ill' => 's_' . $name, 'artid' => $where));
}
// check if uploadad picture
if (isset($_FILES['qup_tp_article_body']) && file_exists($_FILES['qup_tp_article_body']['tmp_name'])) {
$name = TPuploadpicture('qup_tp_article_body', $context['user']['id'] . 'uid');
tp_createthumb('tp-images/' . $name, 50, 50, 'tp-images/thumbs/thumb_' . $name);
}
$options = array();
foreach ($_POST as $what => $value) {
if (substr($what, 0, 11) == 'tp_article_' && !empty($where)) {
$setting = substr($what, 11);
if ($setting == 'authorid') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET author_id = {int:auth}
WHERE id = {int:artid} LIMIT 1', array('auth' => $value, 'artid' => $where));
} elseif ($setting == 'idtheme') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET id_theme = {int:id_theme}
WHERE id = {int:artid} LIMIT 1', array('id_theme' => $value, 'artid' => $where));
} elseif ($setting == 'subject') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET subject = {string:subject}
WHERE id = {int:artid} LIMIT 1', array('subject' => $value, 'artid' => $where));
} elseif ($setting == 'shortname') {
$value = htmlspecialchars(str_replace(' ', '-', $value), ENT_QUOTES);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET shortname = {string:shortname}
WHERE id = {int:artid} LIMIT 1', array('shortname' => $value, 'artid' => $where));
} elseif ($setting == 'category') {
// for the event, get the allowed
$request = $smcFunc['db_query']('', '
SELECT value3 FROM {db_prefix}tp_variables
WHERE id = {int:varid} LIMIT 1', array('varid' => $value));
if ($smcFunc['db_num_rows']($request) > 0) {
$row = $smcFunc['db_fetch_assoc']($request);
$allowed = $row['value3'];
$smcFunc['db_free_result']($request);
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET category = {int:cat}
WHERE id = {int:artid} LIMIT 1', array('cat' => $value, 'artid' => $where));
} elseif (in_array($setting, array('body', 'intro'))) {
// If we came from WYSIWYG then turn it back into BBC regardless.
if (!empty($_REQUEST['tp_article_body_mode']) && isset($_REQUEST['tp_article_body'])) {
require_once $sourcedir . '/Subs-Editor.php';
$_REQUEST['tp_article_body'] = html_to_bbc($_REQUEST['tp_article_body']);
// We need to unhtml it now as it gets done shortly.
$_REQUEST['tp_article_body'] = un_htmlspecialchars($_REQUEST['tp_article_body']);
// We need this for everything else.
if ($setting == 'body') {
$value = $_POST['tp_article_body'] = $_REQUEST['tp_article_body'];
} elseif ($settings == 'intro') {
$value = $_POST['tp_article_intro'] = $_REQUEST['tp_article_intro'];
}
}
// in case of HTML article we need to check it
if (isset($_POST['tp_article_body_pure']) && isset($_POST['tp_article_body_choice'])) {
if ($_POST['tp_article_body_choice'] == 0) {
if ($setting == 'body') {
$value = $_POST['tp_article_body_pure'];
} elseif ($setting == 'intro') {
$value = $_POST['tp_article_intro'];
}
}
// save the choice too
$request = $smcFunc['db_query']('', '
SELECT id FROM {db_prefix}tp_variables
WHERE subtype2 = {int:sub2}
AND type = {string:type} LIMIT 1', array('sub2' => $where, 'type' => 'editorchoice'));
if ($smcFunc['db_num_rows']($request) > 0) {
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_variables
SET value1 = {string:val1}
WHERE subtype2 = {int:sub2}
AND type = {string:type}', array('val1' => $_POST['tp_article_body_choice'], 'sub2' => $where, 'type' => 'editorchoice'));
} else {
$smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'type' => 'string', 'subtype2' => 'int'), array($_POST['tp_article_body_choice'], 'editorchoice', $where), array('id'));
}
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET ' . $setting . ' = {string:val}
WHERE id = {int:artid} LIMIT 1', array('val' => $value, 'artid' => $where));
} elseif (in_array($setting, array('day', 'month', 'year', 'minute', 'hour', 'timestamp'))) {
$timestamp = mktime($_POST['tp_article_hour'], $_POST['tp_article_minute'], 0, $_POST['tp_article_month'], $_POST['tp_article_day'], $_POST['tp_article_year']);
if (!isset($savedtime)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET date = {int:date}
WHERE id = {int:artid} LIMIT 1', array('date' => $timestamp, 'artid' => $where));
}
$savedtime = 1;
} elseif (in_array($setting, array('pubstartday', 'pubstartmonth', 'pubstartyear', 'pubstartminute', 'pubstarthour', 'pub_start'))) {
// are all zero? then skip
if (empty($_POST['tp_article_pubstarthour']) && empty($_POST['tp_article_pubstartminute']) && empty($_POST['tp_article_pubstartmonth']) && empty($_POST['tp_article_pubstartday']) && empty($_POST['tp_article_pubstartyear'])) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET pub_start = {int:start}
WHERE id = {int:artid} LIMIT 1', array('start' => 0, 'artid' => $where));
} else {
$timestamp = mktime($_POST['tp_article_pubstarthour'], $_POST['tp_article_pubstartminute'], 0, $_POST['tp_article_pubstartmonth'], $_POST['tp_article_pubstartday'], $_POST['tp_article_pubstartyear']);
}
if (!isset($pubstart)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET pub_start = {int:start}
WHERE id = {int:artid} LIMIT 1', array('start' => $timestamp, 'artid' => $where));
}
$pubstart = 1;
} elseif (in_array($setting, array('pubendday', 'pubendmonth', 'pubendyear', 'pubendminute', 'pubendhour', 'pub_start'))) {
// are all zero? then skip
if (empty($_POST['tp_article_pubendhour']) && empty($_POST['tp_article_pubendminute']) && empty($_POST['tp_article_pubendmonth']) && empty($_POST['tp_article_pubendday']) && empty($_POST['tp_article_pubendyear'])) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET pub_end = {int:end}
WHERE id = {int:artid} LIMIT 1', array('end' => 0, 'artid' => $where));
} else {
$timestamp = mktime($_POST['tp_article_pubendhour'], $_POST['tp_article_pubendminute'], 0, $_POST['tp_article_pubendmonth'], $_POST['tp_article_pubendday'], $_POST['tp_article_pubendyear']);
}
if (!isset($pubend)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET pub_end = {int:end}
WHERE id = {int:artid} LIMIT 1', array('end' => $timestamp, 'artid' => $where));
}
$pubend = 1;
} elseif (substr($setting, 0, 8) == 'options_') {
if (substr($setting, 0, 19) == 'options_lblockwidth' || substr($setting, 0, 19) == 'options_rblockwidth') {
$options[] = substr($setting, 8) . $value;
} else {
$options[] = substr($setting, 8);
}
} elseif (in_array($setting, array('body_mode', 'intro_mode', 'illupload', 'body_pure', 'body_choice'))) {
// ignore it
continue;
} elseif ($setting == 'approved') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET approved = {int:approved}
WHERE id = {int:artid} LIMIT 1', array('approved' => $value, 'artid' => $where));
if ($value == 1) {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}tp_variables
WHERE type = {string:type}
AND value5 = {int:val5}', array('type' => 'art_not_approved', 'val5' => $where));
} elseif ($new) {
$smcFunc['db_insert']('replace', '{db_prefix}tp_variables', array('type' => 'string', 'value5' => 'int'), array('art_not_approved', $where), array('id'));
}
} else {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET ' . $setting . ' = {string:val}
WHERE id = {int:artid} LIMIT 1', array('val' => $value, 'artid' => $where));
}
}
}
// if this was a new article
if ($_POST['tp_article_approved'] == 1 && $_POST['tp_article_off'] == 0) {
tp_recordevent($timestamp, $_POST['tp_article_authorid'], 'tp-createdarticle', 'page=' . $where, 'Creation of new article.', isset($allowed) ? $allowed : 0, $where);
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_articles
SET options = {string:opt}
WHERE id = {int:artid} LIMIT 1', array('opt' => implode(',', $options), 'artid' => $where));
}
} else {
return;
}
}
function EditSmileys()
{
global $modSettings, $context, $settings, $txt, $boarddir;
global $smcFunc, $scripturl, $sourcedir;
// Force the correct tab to be displayed.
$context[$context['admin_menu_name']]['current_subsection'] = 'editsmileys';
// Submitting a form?
if (isset($_POST[$context['session_var']])) {
checkSession();
// Changing the selected smileys?
if (isset($_POST['smiley_action']) && !empty($_POST['checked_smileys'])) {
foreach ($_POST['checked_smileys'] as $id => $smiley_id) {
$_POST['checked_smileys'][$id] = (int) $smiley_id;
}
if ($_POST['smiley_action'] == 'delete') {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}smileys
WHERE id_smiley IN ({array_int:checked_smileys})', array('checked_smileys' => $_POST['checked_smileys']));
} else {
// Check it's a valid type.
$displayTypes = array('post' => 0, 'hidden' => 1, 'popup' => 2);
if (isset($displayTypes[$_POST['smiley_action']])) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}smileys
SET hidden = {int:display_type}
WHERE id_smiley IN ({array_int:checked_smileys})', array('checked_smileys' => $_POST['checked_smileys'], 'display_type' => $displayTypes[$_POST['smiley_action']]));
}
}
} elseif (isset($_POST['smiley'])) {
// Is it a delete?
if (!empty($_POST['deletesmiley'])) {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}smileys
WHERE id_smiley = {int:current_smiley}', array('current_smiley' => $_POST['smiley']));
} else {
$_POST['smiley'] = (int) $_POST['smiley'];
$_POST['smiley_code'] = htmltrim__recursive($_POST['smiley_code']);
$_POST['smiley_filename'] = htmltrim__recursive($_POST['smiley_filename']);
$_POST['smiley_location'] = empty($_POST['smiley_location']) || $_POST['smiley_location'] > 2 || $_POST['smiley_location'] < 0 ? 0 : (int) $_POST['smiley_location'];
// Make sure some code was entered.
if (empty($_POST['smiley_code'])) {
fatal_lang_error('smiley_has_no_code');
}
// Also make sure a filename was given.
if (empty($_POST['smiley_filename'])) {
fatal_lang_error('smiley_has_no_filename');
}
// Check whether the new code has duplicates. It should be unique.
$request = $smcFunc['db_query']('', '
SELECT id_smiley
FROM {db_prefix}smileys
WHERE code = {raw:mysql_binary_type} {string:smiley_code}' . (empty($_POST['smiley']) ? '' : '
AND id_smiley != {int:current_smiley}'), array('current_smiley' => $_POST['smiley'], 'mysql_binary_type' => $smcFunc['db_title'] == 'MySQL' ? 'BINARY' : '', 'smiley_code' => $_POST['smiley_code']));
if ($smcFunc['db_num_rows']($request) > 0) {
fatal_lang_error('smiley_not_unique');
}
$smcFunc['db_free_result']($request);
$smcFunc['db_query']('', '
UPDATE {db_prefix}smileys
SET
code = {string:smiley_code},
filename = {string:smiley_filename},
description = {string:smiley_description},
hidden = {int:smiley_location}
WHERE id_smiley = {int:current_smiley}', array('smiley_location' => $_POST['smiley_location'], 'current_smiley' => $_POST['smiley'], 'smiley_code' => $_POST['smiley_code'], 'smiley_filename' => $_POST['smiley_filename'], 'smiley_description' => $_POST['smiley_description']));
}
// Sort all smiley codes for more accurate parsing (longest code first).
sortSmileyTable();
}
cache_put_data('parsing_smileys', null, 480);
cache_put_data('posting_smileys', null, 480);
}
// Load all known smiley sets.
$context['smiley_sets'] = explode(',', $modSettings['smiley_sets_known']);
$set_names = explode("\n", $modSettings['smiley_sets_names']);
foreach ($context['smiley_sets'] as $i => $set) {
$context['smiley_sets'][$i] = array('id' => $i, 'path' => htmlspecialchars($set), 'name' => htmlspecialchars($set_names[$i]), 'selected' => $set == $modSettings['smiley_sets_default']);
}
// Prepare overview of all (custom) smileys.
if ($context['sub_action'] == 'editsmileys') {
// Determine the language specific sort order of smiley locations.
$smiley_locations = array($txt['smileys_location_form'], $txt['smileys_location_hidden'], $txt['smileys_location_popup']);
asort($smiley_locations);
// Create a list of options for selecting smiley sets.
$smileyset_option_list = '
<select name="set" onchange="changeSet(this.options[this.selectedIndex].value);">';
foreach ($context['smiley_sets'] as $smiley_set) {
$smileyset_option_list .= '
<option value="' . $smiley_set['path'] . '"' . ($modSettings['smiley_sets_default'] == $smiley_set['path'] ? ' selected="selected"' : '') . '>' . $smiley_set['name'] . '</option>';
}
$smileyset_option_list .= '
</select>';
$listOptions = array('id' => 'smiley_list', 'items_per_page' => 40, 'base_href' => $scripturl . '?action=admin;area=smileys;sa=editsmileys', 'default_sort_col' => 'filename', 'get_items' => array('function' => 'list_getSmileys'), 'get_count' => array('function' => 'list_getNumSmileys'), 'no_items_label' => $txt['smileys_no_entries'], 'columns' => array('picture' => array('data' => array('sprintf' => array('format' => '<a href="' . $scripturl . '?action=admin;area=smileys;sa=modifysmiley;smiley=%1$d"><img src="' . $modSettings['smileys_url'] . '/' . $modSettings['smiley_sets_default'] . '/%2$s" alt="%3$s" style="padding: 2px;" id="smiley%1$d" /><input type="hidden" name="smileys[%1$d][filename]" value="%2$s" /></a>', 'params' => array('id_smiley' => false, 'filename' => true, 'description' => true)), 'style' => 'text-align: center;')), 'code' => array('header' => array('value' => $txt['smileys_code']), 'data' => array('db_htmlsafe' => 'code'), 'sort' => array('default' => 'code', 'reverse' => 'code DESC')), 'filename' => array('header' => array('value' => $txt['smileys_filename']), 'data' => array('db_htmlsafe' => 'filename', 'class' => 'windowbg'), 'sort' => array('default' => 'filename', 'reverse' => 'filename DESC')), 'location' => array('header' => array('value' => $txt['smileys_location']), 'data' => array('function' => create_function('$rowData', '
global $txt;
if (empty($rowData[\'hidden\']))
return $txt[\'smileys_location_form\'];
elseif ($rowData[\'hidden\'] == 1)
return $txt[\'smileys_location_hidden\'];
else
return $txt[\'smileys_location_popup\'];
'), 'class' => 'windowbg'), 'sort' => array('default' => 'FIND_IN_SET(hidden, \'' . implode(',', array_keys($smiley_locations)) . '\')', 'reverse' => 'FIND_IN_SET(hidden, \'' . implode(',', array_keys($smiley_locations)) . '\') DESC')), 'tooltip' => array('header' => array('value' => $txt['smileys_description']), 'data' => array('function' => create_function('$rowData', empty($modSettings['smileys_dir']) || !is_dir($modSettings['smileys_dir']) ? '
return htmlspecialchars($rowData[\'description\']);
' : '
global $context, $txt, $modSettings;
// Check if there are smileys missing in some sets.
$missing_sets = array();
foreach ($context[\'smiley_sets\'] as $smiley_set)
if (!file_exists(sprintf(\'%1$s/%2$s/%3$s\', $modSettings[\'smileys_dir\'], $smiley_set[\'path\'], $rowData[\'filename\'])))
$missing_sets[] = $smiley_set[\'path\'];
$description = htmlspecialchars($rowData[\'description\']);
if (!empty($missing_sets))
$description .= sprintf(\'<br /><span class="smalltext"><strong>%1$s:</strong> %2$s</span>\', $txt[\'smileys_not_found_in_set\'], implode(\', \', $missing_sets));
return $description;
'), 'class' => 'windowbg'), 'sort' => array('default' => 'description', 'reverse' => 'description DESC')), 'modify' => array('header' => array('value' => $txt['smileys_modify']), 'data' => array('sprintf' => array('format' => '<a href="' . $scripturl . '?action=admin;area=smileys;sa=modifysmiley;smiley=%1$d">' . $txt['smileys_modify'] . '</a>', 'params' => array('id_smiley' => false)), 'style' => 'text-align: center;')), 'check' => array('header' => array('value' => '<input type="checkbox" onclick="invertAll(this, this.form);" class="input_check" />'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="checked_smileys[]" value="%1$d" class="input_check" />', 'params' => array('id_smiley' => false)), 'style' => 'text-align: center'))), 'form' => array('href' => $scripturl . '?action=admin;area=smileys;sa=editsmileys', 'name' => 'smileyForm'), 'additional_rows' => array(array('position' => 'above_column_headers', 'value' => $smileyset_option_list, 'style' => 'text-align: right;'), array('position' => 'below_table_data', 'value' => '
<select name="smiley_action" onchange="makeChanges(this.value);">
<option value="-1">' . $txt['smileys_with_selected'] . ':</option>
<option value="-1">--------------</option>
<option value="hidden">' . $txt['smileys_make_hidden'] . '</option>
<option value="post">' . $txt['smileys_show_on_post'] . '</option>
<option value="popup">' . $txt['smileys_show_on_popup'] . '</option>
<option value="delete">' . $txt['smileys_remove'] . '</option>
</select>
<noscript><input type="submit" name="perform_action" value="' . $txt['go'] . '" class="button_submit" /></noscript>', 'style' => 'text-align: right;')), 'javascript' => '
function makeChanges(action)
{
if (action == \'-1\')
return false;
else if (action == \'delete\')
{
if (confirm(\'' . $txt['smileys_confirm'] . '\'))
document.forms.smileyForm.submit();
}
else
document.forms.smileyForm.submit();
return true;
}
function changeSet(newSet)
{
var currentImage, i, knownSmileys = [];
if (knownSmileys.length == 0)
{
for (var i = 0, n = document.images.length; i < n; i++)
if (document.images[i].id.substr(0, 6) == \'smiley\')
knownSmileys[knownSmileys.length] = document.images[i].id.substr(6);
}
for (i = 0; i < knownSmileys.length; i++)
{
currentImage = document.getElementById("smiley" + knownSmileys[i]);
currentImage.src = "' . $modSettings['smileys_url'] . '/" + newSet + "/" + document.forms.smileyForm["smileys[" + knownSmileys[i] + "][filename]"].value;
}
}');
require_once $sourcedir . '/Subs-List.php';
createList($listOptions);
// The list is the only thing to show, so make it the main template.
$context['default_list'] = 'smiley_list';
$context['sub_template'] = 'show_list';
} elseif ($context['sub_action'] == 'modifysmiley') {
// Get a list of all known smiley sets.
$context['smileys_dir'] = empty($modSettings['smileys_dir']) ? $boarddir . '/Smileys' : $modSettings['smileys_dir'];
$context['smileys_dir_found'] = is_dir($context['smileys_dir']);
$context['smiley_sets'] = explode(',', $modSettings['smiley_sets_known']);
$set_names = explode("\n", $modSettings['smiley_sets_names']);
foreach ($context['smiley_sets'] as $i => $set) {
$context['smiley_sets'][$i] = array('id' => $i, 'path' => htmlspecialchars($set), 'name' => htmlspecialchars($set_names[$i]), 'selected' => $set == $modSettings['smiley_sets_default']);
}
$context['selected_set'] = $modSettings['smiley_sets_default'];
// Get all possible filenames for the smileys.
$context['filenames'] = array();
if ($context['smileys_dir_found']) {
foreach ($context['smiley_sets'] as $smiley_set) {
if (!file_exists($context['smileys_dir'] . '/' . un_htmlspecialchars($smiley_set['path']))) {
continue;
}
$dir = dir($context['smileys_dir'] . '/' . un_htmlspecialchars($smiley_set['path']));
while ($entry = $dir->read()) {
if (!in_array($entry, $context['filenames']) && in_array(strrchr($entry, '.'), array('.jpg', '.gif', '.jpeg', '.png'))) {
$context['filenames'][strtolower($entry)] = array('id' => htmlspecialchars($entry), 'selected' => false);
}
}
$dir->close();
}
ksort($context['filenames']);
}
$request = $smcFunc['db_query']('', '
SELECT id_smiley AS id, code, filename, description, hidden AS location, 0 AS is_new
FROM {db_prefix}smileys
WHERE id_smiley = {int:current_smiley}', array('current_smiley' => (int) $_REQUEST['smiley']));
if ($smcFunc['db_num_rows']($request) != 1) {
fatal_lang_error('smiley_not_found');
}
$context['current_smiley'] = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
$context['current_smiley']['code'] = htmlspecialchars($context['current_smiley']['code']);
$context['current_smiley']['filename'] = htmlspecialchars($context['current_smiley']['filename']);
$context['current_smiley']['description'] = htmlspecialchars($context['current_smiley']['description']);
if (isset($context['filenames'][strtolower($context['current_smiley']['filename'])])) {
$context['filenames'][strtolower($context['current_smiley']['filename'])]['selected'] = true;
}
}
}
/**
* Updates BBC img tags in a message so that the width / height respect the forum settings.
*
* - Will add the width/height attrib if needed, or update existing ones if they break the rules
*
* @package Posts
* @param string $message
*/
function resizeBBCImages(&$message)
{
global $modSettings;
// We'll need this for image processing
require_once SUBSDIR . '/Attachments.subs.php';
// Find all the img tags - with or without width and height.
preg_match_all('~\\[img(\\s+width=\\d+)?(\\s+height=\\d+)?(\\s+width=\\d+)?\\](.+?)\\[/img\\]~is', $message, $matches, PREG_PATTERN_ORDER);
$replaces = array();
foreach ($matches[0] as $match => $dummy) {
// If the width was after the height, handle it.
$matches[1][$match] = !empty($matches[3][$match]) ? $matches[3][$match] : $matches[1][$match];
// Now figure out if they had a desired height or width...
$desired_width = !empty($matches[1][$match]) ? (int) substr(trim($matches[1][$match]), 6) : 0;
$desired_height = !empty($matches[2][$match]) ? (int) substr(trim($matches[2][$match]), 7) : 0;
// One was omitted, or both. We'll have to find its real size...
if (empty($desired_width) || empty($desired_height)) {
list($width, $height) = url_image_size(un_htmlspecialchars($matches[4][$match]));
// They don't have any desired width or height!
if (empty($desired_width) && empty($desired_height)) {
$desired_width = $width;
$desired_height = $height;
} elseif (empty($desired_width) && !empty($height)) {
$desired_width = (int) ($desired_height * $width / $height);
} elseif (!empty($width)) {
$desired_height = (int) ($desired_width * $height / $width);
}
}
// If the width and height are fine, just continue along...
if ($desired_width <= $modSettings['max_image_width'] && $desired_height <= $modSettings['max_image_height']) {
continue;
}
// Too bad, it's too wide. Make it as wide as the maximum.
if ($desired_width > $modSettings['max_image_width'] && !empty($modSettings['max_image_width'])) {
$desired_height = (int) ($modSettings['max_image_width'] * $desired_height / $desired_width);
$desired_width = $modSettings['max_image_width'];
}
// Now check the height, as well. Might have to scale twice, even...
if ($desired_height > $modSettings['max_image_height'] && !empty($modSettings['max_image_height'])) {
$desired_width = (int) ($modSettings['max_image_height'] * $desired_width / $desired_height);
$desired_height = $modSettings['max_image_height'];
}
$replaces[$matches[0][$match]] = '[img' . (!empty($desired_width) ? ' width=' . $desired_width : '') . (!empty($desired_height) ? ' height=' . $desired_height : '') . ']' . $matches[4][$match] . '[/img]';
}
// If any img tags were actually changed...
if (!empty($replaces)) {
$message = strtr($message, $replaces);
}
}
function cleanLangString($string, $to_display = true)
{
global $smcFunc;
// If going to display we make sure it doesn't have any HTML in it - etc.
$new_string = '';
if ($to_display) {
// Are we in a string (0 = no, 1 = single quote, 2 = parsed)
$in_string = 0;
$is_escape = false;
for ($i = 0; $i < strlen($string); $i++) {
// Handle ecapes first.
if ($string[$i] == '\\') {
// Toggle the escape.
$is_escape = !$is_escape;
// If we're now escaped don't add this string.
if ($is_escape) {
continue;
}
} elseif (($string[$i] == 'n' || $string[$i] == 't') && $in_string == 2 && $is_escape) {
// Put the escape back...
$new_string .= $string[$i] == 'n' ? "\n" : "\t";
$is_escape = false;
continue;
} elseif ($string[$i] == '\'') {
// Already in a parsed string, or escaped in a linear string, means we print it - otherwise something special.
if ($in_string != 2 && ($in_string != 1 || !$is_escape)) {
// Is it the end of a single quote string?
if ($in_string == 1) {
$in_string = 0;
} else {
$in_string = 1;
}
// Don't actually include this character!
continue;
}
} elseif ($string[$i] == '"') {
// Already in a single quote string, or escaped in a parsed string, means we print it - otherwise something special.
if ($in_string != 1 && ($in_string != 2 || !$is_escape)) {
// Is it the end of a double quote string?
if ($in_string == 2) {
$in_string = 0;
} else {
$in_string = 2;
}
// Don't actually include this character!
continue;
}
} elseif ($in_string == 0 && (empty($string[$i]) || $string[$i] == '.')) {
continue;
} elseif ($in_string == 0 && $string[$i] == '$') {
// Find the whole of it!
preg_match('~([\\$A-Za-z0-9\'\\[\\]_-]+)~', substr($string, $i), $matches);
if (!empty($matches[1])) {
// Come up with some pseudo thing to indicate this is a var.
//!!! Do better than this, please!
$new_string .= '{%' . $matches[1] . '%}';
// We're not going to reparse this.
$i += strlen($matches[1]) - 1;
}
continue;
} elseif ($in_string == 0) {
continue;
}
// Actually add the character to the string!
$new_string .= $string[$i];
// If anything was escaped it ain't any longer!
$is_escape = false;
}
// Unhtml then rehtml the whole thing!
$new_string = htmlspecialchars(un_htmlspecialchars($new_string));
} else {
// Keep track of what we're doing...
$in_string = 0;
// This is for deciding whether to HTML a quote.
$in_html = false;
for ($i = 0; $i < strlen($string); $i++) {
// Handle line breaks!
if ($string[$i] == "\n" || $string[$i] == "\t") {
// Are we in a string? Is it the right type?
if ($in_string == 1) {
// Change type!
$new_string .= '\' . "\\' . ($string[$i] == "\n" ? 'n' : 't');
$in_string = 2;
} elseif ($in_string == 2) {
$new_string .= '\\' . ($string[$i] == "\n" ? 'n' : 't');
} else {
$new_string .= ($new_string ? ' . ' : '') . '"\\' . ($string[$i] == "\n" ? 'n' : 't');
}
continue;
} elseif ($in_string == 2) {
$in_string = 0;
$new_string .= '"';
}
// Not in a string yet?
if ($in_string != 1) {
$in_string = 1;
$new_string .= ($new_string ? ' . ' : '') . '\'';
}
// Is this a variable?
if ($string[$i] == '{' && $string[$i + 1] == '%' && $string[$i + 2] == '$') {
// Grab the variable.
preg_match('~\\{%([\\$A-Za-z0-9\'\\[\\]_-]+)%\\}~', substr($string, $i), $matches);
if (!empty($matches[1])) {
if ($in_string == 1) {
$new_string .= '\' . ';
} elseif ($new_string) {
$new_string .= ' . ';
}
$new_string .= $matches[1];
$i += strlen($matches[1]) + 3;
$in_string = 0;
}
continue;
} elseif ($string[$i] == '<') {
// Probably HTML?
if ($string[$i + 1] != ' ') {
$in_html = true;
} else {
$new_string .= '<';
continue;
}
} elseif ($string[$i] == '>') {
// Will it be HTML?
if ($in_html) {
$in_html = false;
} else {
$new_string .= '>';
continue;
}
}
// Is it a slash? If so escape it...
if ($string[$i] == '\\') {
$new_string .= '\\';
} elseif ($string[$i] == '"') {
// If we're in HTML we leave it as a quote - otherwise we entity it.
if (!$in_html) {
$new_string .= '"';
continue;
}
} elseif ($string[$i] == '\'') {
// Must be in a string so escape it.
$new_string .= '\\';
}
// Finally add the character to the string!
$new_string .= $string[$i];
}
// If we ended as a string then close it off.
if ($in_string == 1) {
$new_string .= '\'';
} elseif ($in_string == 2) {
$new_string .= '"';
}
}
return $new_string;
}
/**
* A special function for handling the hell which is sending approval notifications.
*
* @param mixed[] $topicData
*/
function sendApprovalNotifications(&$topicData)
{
global $scripturl, $language, $user_info, $modSettings;
$db = database();
// Clean up the data...
if (!is_array($topicData) || empty($topicData)) {
return;
}
// Email ahoy
require_once SUBSDIR . '/Mail.subs.php';
require_once SUBSDIR . '/Emailpost.subs.php';
$topics = array();
$digest_insert = array();
foreach ($topicData as $topic => $msgs) {
foreach ($msgs as $msgKey => $msg) {
// Convert it to markdown for sending, censor is done as well
pbe_prepare_text($topicData[$topic][$msgKey]['body'], $topicData[$topic][$msgKey]['subject']);
$topics[] = $msg['id'];
$digest_insert[] = array($msg['topic'], $msg['id'], 'reply', $user_info['id']);
}
}
// These need to go into the digest too...
$db->insert('', '{db_prefix}log_digest', array('id_topic' => 'int', 'id_msg' => 'int', 'note_type' => 'string', 'exclude' => 'int'), $digest_insert, array());
// Find everyone who needs to know about this.
$members = $db->query('', '
SELECT
mem.id_member, mem.email_address, mem.notify_regularity, mem.notify_types, mem.notify_send_body, mem.lngfile,
ln.sent, mem.id_group, mem.additional_groups, b.member_groups, mem.id_post_group, t.id_member_started,
ln.id_topic
FROM {db_prefix}log_notify AS ln
INNER JOIN {db_prefix}members AS mem ON (mem.id_member = ln.id_member)
INNER JOIN {db_prefix}topics AS t ON (t.id_topic = ln.id_topic)
INNER JOIN {db_prefix}boards AS b ON (b.id_board = t.id_board)
WHERE ln.id_topic IN ({array_int:topic_list})
AND mem.is_activated = {int:is_activated}
AND mem.notify_types < {int:notify_types}
AND mem.notify_regularity < {int:notify_regularity}
GROUP BY mem.id_member, ln.id_topic, mem.email_address, mem.notify_regularity, mem.notify_types, mem.notify_send_body, mem.lngfile, ln.sent, mem.id_group, mem.additional_groups, b.member_groups, mem.id_post_group, t.id_member_started
ORDER BY mem.lngfile', array('topic_list' => $topics, 'is_activated' => 1, 'notify_types' => 4, 'notify_regularity' => 2));
$sent = 0;
$current_language = $user_info['language'];
while ($row = $db->fetch_assoc($members)) {
if ($row['id_group'] != 1) {
$allowed = explode(',', $row['member_groups']);
$row['additional_groups'] = explode(',', $row['additional_groups']);
$row['additional_groups'][] = $row['id_group'];
$row['additional_groups'][] = $row['id_post_group'];
if (count(array_intersect($allowed, $row['additional_groups'])) == 0) {
continue;
}
}
$needed_language = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'];
if (empty($current_language) || $current_language != $needed_language) {
$current_language = loadLanguage('Post', $needed_language, false);
}
$sent_this_time = false;
$replacements = array('TOPICLINK' => $scripturl . '?topic=' . $row['id_topic'] . '.new;topicseen#new', 'UNSUBSCRIBELINK' => $scripturl . '?action=notify;topic=' . $row['id_topic'] . '.0');
// Now loop through all the messages to send.
foreach ($topicData[$row['id_topic']] as $msg) {
$replacements += array('TOPICSUBJECT' => $msg['subject'], 'POSTERNAME' => un_htmlspecialchars($msg['name']));
$message_type = 'notification_reply';
// Do they want the body of the message sent too?
if (!empty($row['notify_send_body']) && empty($modSettings['disallow_sendBody'])) {
$message_type .= '_body';
$replacements['MESSAGE'] = $msg['body'];
}
if (!empty($row['notify_regularity'])) {
$message_type .= '_once';
}
// Send only if once is off or it's on and it hasn't been sent.
if (empty($row['notify_regularity']) || empty($row['sent']) && !$sent_this_time) {
$emaildata = loadEmailTemplate($message_type, $replacements, $needed_language);
sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, 'm' . $msg['last_id']);
$sent++;
}
$sent_this_time = true;
}
}
$db->free_result($members);
if (isset($current_language) && $current_language != $user_info['language']) {
loadLanguage('Post');
}
// Sent!
if (!empty($sent)) {
$db->query('', '
UPDATE {db_prefix}log_notify
SET sent = {int:is_sent}
WHERE id_topic IN ({array_int:topic_list})
AND id_member != {int:current_member}', array('current_member' => $user_info['id'], 'topic_list' => $topics, 'is_sent' => 1));
}
}
}
echo "</td>\n</tr>\n";
}
show_admin_header();
if ($action == "loadtemplate") {
$content = implode("", file(ROOT_PATH . TEMPLATE_DIR . "/" . $template_folder . "/" . $template_file_name));
$action = "modifytemplates";
}
if ($action == "savetemplate") {
if (isset($HTTP_POST_VARS['content'])) {
$content = trim($HTTP_POST_VARS['content']);
} else {
$content = "";
}
if ($template_file_name != "" && $content != "") {
$content = un_htmlspecialchars($content);
$content = stripslashes($content);
$fp = @fopen(ROOT_PATH . TEMPLATE_DIR . "/" . $template_folder . "/" . $template_file_name, "w+");
if (@fwrite($fp, $content)) {
$msg = $lang['template_edit_success'];
} else {
$msg = sprintf("<span class=\"marktext\">%s</span>", $lang['template_edit_error']);
}
}
$action = "modifytemplates";
}
if ($action == "modifytemplates") {
if ($msg != "") {
printf("<p><b>%s</b></p>\n", $msg);
}
show_table_header($lang['edit_templates'], 2);
/**
* Allows the admin to choose from predefined and custom templates
*
* - Uses the selected template to send a bounce notification with
* details as specified by the template
* - Accessd by ?action=admin;area=maillist;sa=bounce;item=?'
* - Redirects to action=admin;area=maillist;sa=bounced
*
* @uses bounce_email sub-template
*/
public function action_bounce_email()
{
global $context, $txt, $modSettings, $scripturl, $mbname;
if (!isset($_REQUEST['bounce'])) {
checkSession('get');
validateToken('admin-ml', 'get');
}
require_once SUBSDIR . '/Mail.subs.php';
// We should have been sent an email ID
if (isset($_REQUEST['item'])) {
// Needs to be an int!
$id = (int) $_REQUEST['item'];
// Load up the email details, no funny biz yall ;)
$temp_email = list_maillist_unapproved($id);
if (!empty($temp_email)) {
// Set the options
$_POST['item'] = (int) $temp_email[0]['id_email'];
$fullerrortext = $txt[$temp_email[0]['error_code']];
// Build the template selection area, first the standard ones
$bounce = array('bounce', 'inform');
foreach ($bounce as $k => $type) {
$context['bounce_templates'][$k]['body'] = $txt['ml_' . $type . '_body'];
$context['bounce_templates'][$k]['subject'] = $txt['ml_' . $type . '_subject'];
$context['bounce_templates'][$k]['title'] = $txt['ml_' . $type . '_title'];
}
// And now any custom ones available for this moderator
$context['bounce_templates'] += array_merge($context['bounce_templates'], maillist_templates('bnctpl', $txt['ml_bounce_template_subject_default']));
// Replace all the variables in the templates
foreach ($context['bounce_templates'] as $k => $name) {
$context['bounce_templates'][$k]['body'] = strtr($name['body'], array('{MEMBER}' => un_htmlspecialchars($temp_email[0]['name']), '{SCRIPTURL}' => $scripturl, '{FORUMNAME}' => $mbname, '{REGARDS}' => replaceBasicActionUrl($txt['regards_team']), '{SUBJECT}' => $temp_email[0]['subject'], '{ERROR}' => $fullerrortext, '{FORUMNAME}' => $mbname, '{FORUMNAMESHORT}' => !empty($modSettings['maillist_sitename']) ? $modSettings['maillist_sitename'] : $mbname, '{EMAILREGARDS}' => !empty($modSettings['maillist_sitename_regards']) ? $modSettings['maillist_sitename_regards'] : ''));
}
} else {
$context['settings_message'] = $txt['badid'];
}
} else {
$context['settings_message'] = $txt['badid'];
}
// Check if they are sending the notice
if (isset($_REQUEST['bounce']) && isset($temp_email)) {
checkSession('post');
validateToken('admin-ml');
// They did check the box, how else could they have posted
if (isset($_POST['warn_notify'])) {
// lets make sure we have the items to send it
$check_emails = explode('=>', $temp_email[0]['from']);
$to = trim($check_emails[0]);
$subject = trim($_POST['warn_sub']);
$body = trim($_POST['warn_body']);
if (empty($body) || empty($subject)) {
$context['settings_message'] = $txt['bad_bounce'];
} else {
// Time for someone to get a we're so sorry message!
sendmail($to, $subject, $body, null, null, false, 5);
redirectexit('action=admin;area=maillist;bounced');
}
}
}
// Prepare and show the template
createToken('admin-ml');
$context['warning_data'] = array('notify' => '', 'notify_subject' => '', 'notify_body' => '');
$context['body'] = isset($fullerrortext) ? parse_bbc($fullerrortext) : '';
$context['item'] = isset($_POST['item']) ? $_POST['item'] : '';
$context['notice_to'] = $txt['to'] . ' ' . isset($temp_email[0]['from']) ? $temp_email[0]['from'] : '';
$context['page_title'] = $txt['bounce_title'];
$context['sub_template'] = 'bounce_email';
}
$image_keywords_arr = explode(',', $image_keywords);
array_walk($image_keywords_arr, 'trim_value');
$image_keywords = implode(',', array_unique(array_filter($image_keywords_arr)));
} else {
$image_keywords = "";
}
$image_active = intval($HTTP_POST_VARS['image_active_' . $i]);
$image_allow_comments = intval($HTTP_POST_VARS['image_allow_comments_' . $i]);
$additional_field_sql = "";
$additional_value_sql = "";
if (!empty($additional_image_fields)) {
$table_fields = $site_db->get_table_fields(IMAGES_TABLE);
foreach ($additional_image_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key . '_' . $i]) && isset($table_fields[$key])) {
$additional_field_sql .= ", {$key}";
$additional_value_sql .= ", '" . un_htmlspecialchars(trim($HTTP_POST_VARS[$key . '_' . $i])) . "'";
}
}
}
$file = MEDIA_PATH . ($old_cat_id != 0 ? "/" . $old_cat_id : "") . "/" . $image_media_file;
$big_dir = MEDIA_PATH . "/" . $old_cat_id . "/" . $big_folder;
$big_file = "";
$log[] = str_replace("{file}", str_replace(ROOT_PATH, "", $file), $lang['cni_working']);
if (file_exists($file)) {
$image_media_file_backup = $image_media_file;
if ($cat_id != $old_cat_id) {
$image_media_file = copy_media($image_media_file, $old_cat_id, $cat_id);
if ($image_media_file && file_exists(MEDIA_PATH . "/" . $cat_id . "/" . $image_media_file)) {
$log[] = str_replace("{name}", MEDIA_DIR . "/" . $cat_id, $lang['cni_copy_success']);
} else {
$log[] = str_replace("{name}", MEDIA_DIR . "/" . $cat_id, $lang['cni_copy_error']);
/**
* Handles the sending of the forum mailing in batches.
*
* What it does:
* - Called by ?action=admin;area=news;sa=mailingsend
* - Requires the send_mail permission.
* - Redirects to itself when more batches need to be sent.
* - Redirects to ?action=admin after everything has been sent.
*
* @uses the ManageNews template and email_members_send sub template.
* @param bool $clean_only = false; if set, it will only clean the variables, put them in context, then return.
*/
public function action_mailingsend($clean_only = false)
{
global $txt, $context, $scripturl, $modSettings, $user_info;
// A nice successful screen if you did it
if (isset($_REQUEST['success'])) {
$context['sub_template'] = 'email_members_succeeded';
loadTemplate('ManageNews');
return;
}
// If just previewing we prepare a message and return it for viewing
if (isset($_POST['preview'])) {
$context['preview'] = true;
return $this->action_mailingcompose();
}
// How many to send at once? Quantity depends on whether we are queueing or not.
// @todo Might need an interface? (used in Post.controller.php too with different limits)
$num_at_once = empty($modSettings['mail_queue']) ? 60 : 1000;
// If by PM's I suggest we half the above number.
if (!empty($_POST['send_pm'])) {
$num_at_once /= 2;
}
checkSession();
// Where are we actually to?
$context['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0;
$context['email_force'] = !empty($_POST['email_force']) ? 1 : 0;
$context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0;
$context['total_emails'] = !empty($_POST['total_emails']) ? (int) $_POST['total_emails'] : 0;
$context['max_id_member'] = !empty($_POST['max_id_member']) ? (int) $_POST['max_id_member'] : 0;
$context['send_html'] = !empty($_POST['send_html']) ? 1 : 0;
$context['parse_html'] = !empty($_POST['parse_html']) ? 1 : 0;
// Create our main context.
$context['recipients'] = array('groups' => array(), 'exclude_groups' => array(), 'members' => array(), 'exclude_members' => array(), 'emails' => array());
// Have we any excluded members?
if (!empty($_POST['exclude_members'])) {
$members = explode(',', $_POST['exclude_members']);
foreach ($members as $member) {
if ($member >= $context['start']) {
$context['recipients']['exclude_members'][] = (int) $member;
}
}
}
// What about members we *must* do?
if (!empty($_POST['members'])) {
$members = explode(',', $_POST['members']);
foreach ($members as $member) {
if ($member >= $context['start']) {
$context['recipients']['members'][] = (int) $member;
}
}
}
// Cleaning groups is simple - although deal with both checkbox and commas.
if (isset($_POST['groups'])) {
if (is_array($_POST['groups'])) {
foreach ($_POST['groups'] as $group => $dummy) {
$context['recipients']['groups'][] = (int) $group;
}
} elseif (trim($_POST['groups']) != '') {
$groups = explode(',', $_POST['groups']);
foreach ($groups as $group) {
$context['recipients']['groups'][] = (int) $group;
}
}
}
// Same for excluded groups
if (isset($_POST['exclude_groups'])) {
if (is_array($_POST['exclude_groups'])) {
foreach ($_POST['exclude_groups'] as $group => $dummy) {
$context['recipients']['exclude_groups'][] = (int) $group;
}
} elseif (trim($_POST['exclude_groups']) != '') {
$groups = explode(',', $_POST['exclude_groups']);
foreach ($groups as $group) {
$context['recipients']['exclude_groups'][] = (int) $group;
}
}
}
// Finally - emails!
if (!empty($_POST['emails'])) {
$addressed = array_unique(explode(';', strtr($_POST['emails'], array("\n" => ';', "\r" => ';', ',' => ';'))));
foreach ($addressed as $curmem) {
$curmem = trim($curmem);
if ($curmem != '') {
$context['recipients']['emails'][$curmem] = $curmem;
}
}
}
// If we're only cleaning drop out here.
if ($clean_only) {
return;
}
// Some functions we will need
require_once SUBSDIR . '/Mail.subs.php';
if ($context['send_pm']) {
require_once SUBSDIR . '/PersonalMessage.subs.php';
}
// We are relying too much on writing to superglobals...
$base_subject = !empty($_POST['subject']) ? $_POST['subject'] : '';
$base_message = !empty($_POST['message']) ? $_POST['message'] : '';
// Save the message and its subject in $context
$context['subject'] = htmlspecialchars($base_subject, ENT_COMPAT, 'UTF-8');
$context['message'] = htmlspecialchars($base_message, ENT_COMPAT, 'UTF-8');
// Prepare the message for sending it as HTML
if (!$context['send_pm'] && !empty($_POST['send_html'])) {
// Prepare the message for HTML.
if (!empty($_POST['parse_html'])) {
$base_message = str_replace(array("\n", ' '), array('<br />' . "\n", ' '), $base_message);
}
// This is here to prevent spam filters from tagging this as spam.
if (preg_match('~\\<html~i', $base_message) == 0) {
if (preg_match('~\\<body~i', $base_message) == 0) {
$base_message = '<html><head><title>' . $base_subject . '</title></head>' . "\n" . '<body>' . $base_message . '</body></html>';
} else {
$base_message = '<html>' . $base_message . '</html>';
}
}
}
if (empty($base_message) || empty($base_subject)) {
$context['preview'] = true;
return $this->action_mailingcompose();
}
// Use the default time format.
$user_info['time_format'] = $modSettings['time_format'];
$variables = array('{$board_url}', '{$current_time}', '{$latest_member.link}', '{$latest_member.id}', '{$latest_member.name}');
// We might need this in a bit
$cleanLatestMember = empty($_POST['send_html']) || $context['send_pm'] ? un_htmlspecialchars($modSettings['latestRealName']) : $modSettings['latestRealName'];
// Replace in all the standard things.
$base_message = str_replace($variables, array(!empty($_POST['send_html']) ? '<a href="' . $scripturl . '">' . $scripturl . '</a>' : $scripturl, standardTime(forum_time(), false), !empty($_POST['send_html']) ? '<a href="' . $scripturl . '?action=profile;u=' . $modSettings['latestMember'] . '">' . $cleanLatestMember . '</a>' : ($context['send_pm'] ? '[url=' . $scripturl . '?action=profile;u=' . $modSettings['latestMember'] . ']' . $cleanLatestMember . '[/url]' : $cleanLatestMember), $modSettings['latestMember'], $cleanLatestMember), $base_message);
$base_subject = str_replace($variables, array($scripturl, standardTime(forum_time(), false), $modSettings['latestRealName'], $modSettings['latestMember'], $modSettings['latestRealName']), $base_subject);
$from_member = array('{$member.email}', '{$member.link}', '{$member.id}', '{$member.name}');
// If we still have emails, do them first!
$i = 0;
foreach ($context['recipients']['emails'] as $k => $email) {
// Done as many as we can?
if ($i >= $num_at_once) {
break;
}
// Don't sent it twice!
unset($context['recipients']['emails'][$k]);
// Dammit - can't PM emails!
if ($context['send_pm']) {
continue;
}
$to_member = array($email, !empty($_POST['send_html']) ? '<a href="mailto:' . $email . '">' . $email . '</a>' : $email, '??', $email);
sendmail($email, str_replace($from_member, $to_member, $base_subject), str_replace($from_member, $to_member, $base_message), null, null, !empty($_POST['send_html']), 5);
// Done another...
$i++;
}
// Got some more to send this batch?
$last_id_member = 0;
if ($i < $num_at_once) {
// Need to build quite a query!
$sendQuery = '(';
$sendParams = array();
if (!empty($context['recipients']['groups'])) {
// Take the long route...
$queryBuild = array();
foreach ($context['recipients']['groups'] as $group) {
$sendParams['group_' . $group] = $group;
$queryBuild[] = 'mem.id_group = {int:group_' . $group . '}';
if (!empty($group)) {
$queryBuild[] = 'FIND_IN_SET({int:group_' . $group . '}, mem.additional_groups) != 0';
$queryBuild[] = 'mem.id_post_group = {int:group_' . $group . '}';
}
}
if (!empty($queryBuild)) {
$sendQuery .= implode(' OR ', $queryBuild);
}
}
if (!empty($context['recipients']['members'])) {
$sendQuery .= ($sendQuery == '(' ? '' : ' OR ') . 'mem.id_member IN ({array_int:members})';
$sendParams['members'] = $context['recipients']['members'];
}
$sendQuery .= ')';
// If we've not got a query then we must be done!
if ($sendQuery == '()') {
redirectexit('action=admin');
}
// Anything to exclude?
if (!empty($context['recipients']['exclude_groups']) && in_array(0, $context['recipients']['exclude_groups'])) {
$sendQuery .= ' AND mem.id_group != {int:regular_group}';
}
if (!empty($context['recipients']['exclude_members'])) {
$sendQuery .= ' AND mem.id_member NOT IN ({array_int:exclude_members})';
$sendParams['exclude_members'] = $context['recipients']['exclude_members'];
}
// Force them to have it?
if (empty($context['email_force'])) {
$sendQuery .= ' AND mem.notify_announcements = {int:notify_announcements}';
}
require_once SUBSDIR . '/News.subs.php';
// Get the smelly people - note we respect the id_member range as it gives us a quicker query.
$recipients = getNewsletterRecipients($sendQuery, $sendParams, $context['start'], $num_at_once, $i);
foreach ($recipients as $row) {
$last_id_member = $row['id_member'];
// What groups are we looking at here?
if (empty($row['additional_groups'])) {
$groups = array($row['id_group'], $row['id_post_group']);
} else {
$groups = array_merge(array($row['id_group'], $row['id_post_group']), explode(',', $row['additional_groups']));
}
// Excluded groups?
if (array_intersect($groups, $context['recipients']['exclude_groups'])) {
continue;
}
// We might need this
$cleanMemberName = empty($_POST['send_html']) || $context['send_pm'] ? un_htmlspecialchars($row['real_name']) : $row['real_name'];
// Replace the member-dependant variables
$message = str_replace($from_member, array($row['email_address'], !empty($_POST['send_html']) ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $cleanMemberName . '</a>' : ($context['send_pm'] ? '[url=' . $scripturl . '?action=profile;u=' . $row['id_member'] . ']' . $cleanMemberName . '[/url]' : $cleanMemberName), $row['id_member'], $cleanMemberName), $base_message);
$subject = str_replace($from_member, array($row['email_address'], $row['real_name'], $row['id_member'], $row['real_name']), $base_subject);
// Send the actual email - or a PM!
if (!$context['send_pm']) {
sendmail($row['email_address'], $subject, $message, null, null, !empty($_POST['send_html']), 5);
} else {
sendpm(array('to' => array($row['id_member']), 'bcc' => array()), $subject, $message);
}
}
}
// If used our batch assume we still have a member.
if ($i >= $num_at_once) {
$last_id_member = $context['start'];
} elseif (empty($last_id_member) && $context['start'] + $num_at_once < $context['max_id_member']) {
$last_id_member = $context['start'] + $num_at_once;
} elseif (empty($last_id_member) && empty($context['recipients']['emails'])) {
// Log this into the admin log.
logAction('newsletter', array(), 'admin');
redirectexit('action=admin;area=news;sa=mailingsend;success');
}
$context['start'] = $last_id_member;
// Working out progress is a black art of sorts.
$percentEmails = $context['total_emails'] == 0 ? 0 : count($context['recipients']['emails']) / $context['total_emails'] * ($context['total_emails'] / ($context['total_emails'] + $context['max_id_member']));
$percentMembers = $context['start'] / $context['max_id_member'] * ($context['max_id_member'] / ($context['total_emails'] + $context['max_id_member']));
$context['percentage_done'] = round(($percentEmails + $percentMembers) * 100, 2);
$context['page_title'] = $txt['admin_newsletters'];
$context['sub_template'] = 'email_members_send';
}
function Display()
{
global $scripturl, $txt, $modSettings, $context, $settings;
global $options, $sourcedir, $user_info, $board_info, $topic, $board;
global $attachments, $messages_request, $topicinfo, $language, $smcFunc;
// What are you gonna display if these are empty?!
if (empty($topic)) {
fatal_lang_error('no_board', false);
}
// Load the proper template and/or sub template.
if (WIRELESS) {
$context['sub_template'] = WIRELESS_PROTOCOL . '_display';
} else {
loadTemplate('Display');
}
// Not only does a prefetch make things slower for the server, but it makes it impossible to know if they read it.
if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch') {
ob_end_clean();
header('HTTP/1.1 403 Prefetch Forbidden');
die;
}
// How much are we sticking on each page?
$context['messages_per_page'] = empty($modSettings['disableCustomPerPage']) && !empty($options['messages_per_page']) && !WIRELESS ? $options['messages_per_page'] : $modSettings['defaultMaxMessages'];
// Let's do some work on what to search index.
if (count($_GET) > 2) {
foreach ($_GET as $k => $v) {
if (!in_array($k, array('topic', 'board', 'start', session_name()))) {
$context['robot_no_index'] = true;
}
}
}
if (!empty($_REQUEST['start']) && (!is_numeric($_REQUEST['start']) || $_REQUEST['start'] % $context['messages_per_page'] != 0)) {
$context['robot_no_index'] = true;
}
// Find the previous or next topic. Make a fuss if there are no more.
if (isset($_REQUEST['prev_next']) && ($_REQUEST['prev_next'] == 'prev' || $_REQUEST['prev_next'] == 'next')) {
// No use in calculating the next topic if there's only one.
if ($board_info['num_topics'] > 1) {
// Just prepare some variables that are used in the query.
$gt_lt = $_REQUEST['prev_next'] == 'prev' ? '>' : '<';
$order = $_REQUEST['prev_next'] == 'prev' ? '' : ' DESC';
$request = $smcFunc['db_query']('', '
SELECT t2.id_topic
FROM {db_prefix}topics AS t
INNER JOIN {db_prefix}topics AS t2 ON (' . (empty($modSettings['enableStickyTopics']) ? '
t2.id_last_msg ' . $gt_lt . ' t.id_last_msg' : '
(t2.id_last_msg ' . $gt_lt . ' t.id_last_msg AND t2.is_sticky ' . $gt_lt . '= t.is_sticky) OR t2.is_sticky ' . $gt_lt . ' t.is_sticky') . ')
WHERE t.id_topic = {int:current_topic}
AND t2.id_board = {int:current_board}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : '
AND (t2.approved = {int:is_approved} OR (t2.id_member_started != {int:id_member_started} AND t2.id_member_started = {int:current_member}))') . '
ORDER BY' . (empty($modSettings['enableStickyTopics']) ? '' : ' t2.is_sticky' . $order . ',') . ' t2.id_last_msg' . $order . '
LIMIT 1', array('current_board' => $board, 'current_member' => $user_info['id'], 'current_topic' => $topic, 'is_approved' => 1, 'id_member_started' => 0));
// No more left.
if ($smcFunc['db_num_rows']($request) == 0) {
$smcFunc['db_free_result']($request);
// Roll over - if we're going prev, get the last - otherwise the first.
$request = $smcFunc['db_query']('', '
SELECT id_topic
FROM {db_prefix}topics
WHERE id_board = {int:current_board}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : '
AND (approved = {int:is_approved} OR (id_member_started != {int:id_member_started} AND id_member_started = {int:current_member}))') . '
ORDER BY' . (empty($modSettings['enableStickyTopics']) ? '' : ' is_sticky' . $order . ',') . ' id_last_msg' . $order . '
LIMIT 1', array('current_board' => $board, 'current_member' => $user_info['id'], 'is_approved' => 1, 'id_member_started' => 0));
}
// Now you can be sure $topic is the id_topic to view.
list($topic) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
$context['current_topic'] = $topic;
}
// Go to the newest message on this topic.
$_REQUEST['start'] = 'new';
}
// Add 1 to the number of views of this topic.
if (empty($_SESSION['last_read_topic']) || $_SESSION['last_read_topic'] != $topic) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}topics
SET num_views = num_views + 1
WHERE id_topic = {int:current_topic}', array('current_topic' => $topic));
$_SESSION['last_read_topic'] = $topic;
}
// Get all the important topic info.
$request = $smcFunc['db_query']('', '
SELECT
t.num_replies, t.num_views, t.locked, ms.subject, t.is_sticky, t.id_poll,
t.id_member_started, t.id_first_msg, t.id_last_msg, t.approved, t.unapproved_posts,
' . ($user_info['is_guest'] ? 't.id_last_msg + 1' : 'IFNULL(lt.id_msg, IFNULL(lmr.id_msg, -1)) + 1') . ' AS new_from
' . (!empty($modSettings['recycle_board']) && $modSettings['recycle_board'] == $board ? ', id_previous_board, id_previous_topic' : '') . '
FROM {db_prefix}topics AS t
INNER JOIN {db_prefix}messages AS ms ON (ms.id_msg = t.id_first_msg)' . ($user_info['is_guest'] ? '' : '
LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = {int:current_topic} AND lt.id_member = {int:current_member})
LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.id_board = {int:current_board} AND lmr.id_member = {int:current_member})') . '
WHERE t.id_topic = {int:current_topic}
LIMIT 1', array('current_member' => $user_info['id'], 'current_topic' => $topic, 'current_board' => $board));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('not_a_topic', false);
}
$topicinfo = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
$context['real_num_replies'] = $context['num_replies'] = $topicinfo['num_replies'];
$context['topic_first_message'] = $topicinfo['id_first_msg'];
$context['topic_last_message'] = $topicinfo['id_last_msg'];
// Add up unapproved replies to get real number of replies...
if ($modSettings['postmod_active'] && allowedTo('approve_posts')) {
$context['real_num_replies'] += $topicinfo['unapproved_posts'] - ($topicinfo['approved'] ? 0 : 1);
}
// If this topic has unapproved posts, we need to work out how many posts the user can see, for page indexing.
if ($modSettings['postmod_active'] && $topicinfo['unapproved_posts'] && !$user_info['is_guest'] && !allowedTo('approve_posts')) {
$request = $smcFunc['db_query']('', '
SELECT COUNT(id_member) AS my_unapproved_posts
FROM {db_prefix}messages
WHERE id_topic = {int:current_topic}
AND id_member = {int:current_member}
AND approved = 0', array('current_topic' => $topic, 'current_member' => $user_info['id']));
list($myUnapprovedPosts) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
$context['total_visible_posts'] = $context['num_replies'] + $myUnapprovedPosts + ($topicinfo['approved'] ? 1 : 0);
} else {
$context['total_visible_posts'] = $context['num_replies'] + $topicinfo['unapproved_posts'] + ($topicinfo['approved'] ? 1 : 0);
}
// When was the last time this topic was replied to? Should we warn them about it?
$request = $smcFunc['db_query']('', '
SELECT poster_time
FROM {db_prefix}messages
WHERE id_msg = {int:id_last_msg}
LIMIT 1', array('id_last_msg' => $topicinfo['id_last_msg']));
list($lastPostTime) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
$context['oldTopicError'] = !empty($modSettings['oldTopicDays']) && $lastPostTime + $modSettings['oldTopicDays'] * 86400 < time() && empty($sticky);
// The start isn't a number; it's information about what to do, where to go.
if (!is_numeric($_REQUEST['start'])) {
// Redirect to the page and post with new messages, originally by Omar Bazavilvazo.
if ($_REQUEST['start'] == 'new') {
// Guests automatically go to the last post.
if ($user_info['is_guest']) {
$context['start_from'] = $context['total_visible_posts'] - 1;
$_REQUEST['start'] = empty($options['view_newest_first']) ? $context['start_from'] : 0;
} else {
// Find the earliest unread message in the topic. (the use of topics here is just for both tables.)
$request = $smcFunc['db_query']('', '
SELECT IFNULL(lt.id_msg, IFNULL(lmr.id_msg, -1)) + 1 AS new_from
FROM {db_prefix}topics AS t
LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = {int:current_topic} AND lt.id_member = {int:current_member})
LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.id_board = {int:current_board} AND lmr.id_member = {int:current_member})
WHERE t.id_topic = {int:current_topic}
LIMIT 1', array('current_board' => $board, 'current_member' => $user_info['id'], 'current_topic' => $topic));
list($new_from) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Fall through to the next if statement.
$_REQUEST['start'] = 'msg' . $new_from;
}
}
// Start from a certain time index, not a message.
if (substr($_REQUEST['start'], 0, 4) == 'from') {
$timestamp = (int) substr($_REQUEST['start'], 4);
if ($timestamp === 0) {
$_REQUEST['start'] = 0;
} else {
// Find the number of messages posted before said time...
$request = $smcFunc['db_query']('', '
SELECT COUNT(*)
FROM {db_prefix}messages
WHERE poster_time < {int:timestamp}
AND id_topic = {int:current_topic}' . ($modSettings['postmod_active'] && $topicinfo['unapproved_posts'] && !allowedTo('approve_posts') ? '
AND (approved = {int:is_approved}' . ($user_info['is_guest'] ? '' : ' OR id_member = {int:current_member}') . ')' : ''), array('current_topic' => $topic, 'current_member' => $user_info['id'], 'is_approved' => 1, 'timestamp' => $timestamp));
list($context['start_from']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Handle view_newest_first options, and get the correct start value.
$_REQUEST['start'] = empty($options['view_newest_first']) ? $context['start_from'] : $context['total_visible_posts'] - $context['start_from'] - 1;
}
} elseif (substr($_REQUEST['start'], 0, 3) == 'msg') {
$virtual_msg = (int) substr($_REQUEST['start'], 3);
if (!$topicinfo['unapproved_posts'] && $virtual_msg >= $topicinfo['id_last_msg']) {
$context['start_from'] = $context['total_visible_posts'] - 1;
} elseif (!$topicinfo['unapproved_posts'] && $virtual_msg <= $topicinfo['id_first_msg']) {
$context['start_from'] = 0;
} else {
// Find the start value for that message......
$request = $smcFunc['db_query']('', '
SELECT COUNT(*)
FROM {db_prefix}messages
WHERE id_msg < {int:virtual_msg}
AND id_topic = {int:current_topic}' . ($modSettings['postmod_active'] && $topicinfo['unapproved_posts'] && !allowedTo('approve_posts') ? '
AND (approved = {int:is_approved}' . ($user_info['is_guest'] ? '' : ' OR id_member = {int:current_member}') . ')' : ''), array('current_member' => $user_info['id'], 'current_topic' => $topic, 'virtual_msg' => $virtual_msg, 'is_approved' => 1, 'no_member' => 0));
list($context['start_from']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
}
// We need to reverse the start as well in this case.
$_REQUEST['start'] = empty($options['view_newest_first']) ? $context['start_from'] : $context['total_visible_posts'] - $context['start_from'] - 1;
}
}
// Create a previous next string if the selected theme has it as a selected option.
$context['previous_next'] = $modSettings['enablePreviousNext'] ? '<a href="' . $scripturl . '?topic=' . $topic . '.0;prev_next=prev#new">' . $txt['previous_next_back'] . '</a> <a href="' . $scripturl . '?topic=' . $topic . '.0;prev_next=next#new">' . $txt['previous_next_forward'] . '</a>' : '';
// Check if spellchecking is both enabled and actually working. (for quick reply.)
$context['show_spellchecking'] = !empty($modSettings['enableSpellChecking']) && function_exists('pspell_new');
// Do we need to show the visual verification image?
$context['require_verification'] = !$user_info['is_mod'] && !$user_info['is_admin'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || $user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1);
if ($context['require_verification']) {
require_once $sourcedir . '/Subs-Editor.php';
$verificationOptions = array('id' => 'post');
$context['require_verification'] = create_control_verification($verificationOptions);
$context['visual_verification_id'] = $verificationOptions['id'];
}
// Are we showing signatures - or disabled fields?
$context['signature_enabled'] = substr($modSettings['signature_settings'], 0, 1) == 1;
$context['disabled_fields'] = isset($modSettings['disabled_profile_fields']) ? array_flip(explode(',', $modSettings['disabled_profile_fields'])) : array();
// Censor the title...
censorText($topicinfo['subject']);
$context['page_title'] = $topicinfo['subject'];
// Is this already an article?
$request = $smcFunc['db_query']('', '
SELECT id_message
FROM {db_prefix}sp_articles
WHERE id_message = {int:message}', array('message' => $context['topic_first_message']));
list($context['topic_is_article']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Is this topic sticky, or can it even be?
$topicinfo['is_sticky'] = empty($modSettings['enableStickyTopics']) ? '0' : $topicinfo['is_sticky'];
// Default this topic to not marked for notifications... of course...
$context['is_marked_notify'] = false;
// Did we report a post to a moderator just now?
$context['report_sent'] = isset($_GET['reportsent']);
// Let's get nosey, who is viewing this topic?
if (!empty($settings['display_who_viewing'])) {
// Start out with no one at all viewing it.
$context['view_members'] = array();
$context['view_members_list'] = array();
$context['view_num_hidden'] = 0;
// Search for members who have this topic set in their GET data.
$request = $smcFunc['db_query']('', '
SELECT
lo.id_member, lo.log_time, mem.real_name, mem.member_name, mem.show_online,
mg.online_color, mg.id_group, mg.group_name
FROM {db_prefix}log_online AS lo
LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = lo.id_member)
LEFT JOIN {db_prefix}membergroups AS mg ON (mg.id_group = CASE WHEN mem.id_group = {int:reg_id_group} THEN mem.id_post_group ELSE mem.id_group END)
WHERE INSTR(lo.url, {string:in_url_string}) > 0 OR lo.session = {string:session}', array('reg_id_group' => 0, 'in_url_string' => 's:5:"topic";i:' . $topic . ';', 'session' => $user_info['is_guest'] ? 'ip' . $user_info['ip'] : session_id()));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (empty($row['id_member'])) {
continue;
}
if (!empty($row['online_color'])) {
$link = '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '" style="color: ' . $row['online_color'] . ';">' . $row['real_name'] . '</a>';
} else {
$link = '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>';
}
$is_buddy = in_array($row['id_member'], $user_info['buddies']);
if ($is_buddy) {
$link = '<strong>' . $link . '</strong>';
}
// Add them both to the list and to the more detailed list.
if (!empty($row['show_online']) || allowedTo('moderate_forum')) {
$context['view_members_list'][$row['log_time'] . $row['member_name']] = empty($row['show_online']) ? '<em>' . $link . '</em>' : $link;
}
$context['view_members'][$row['log_time'] . $row['member_name']] = array('id' => $row['id_member'], 'username' => $row['member_name'], 'name' => $row['real_name'], 'group' => $row['id_group'], 'href' => $scripturl . '?action=profile;u=' . $row['id_member'], 'link' => $link, 'is_buddy' => $is_buddy, 'hidden' => empty($row['show_online']));
if (empty($row['show_online'])) {
$context['view_num_hidden']++;
}
}
// The number of guests is equal to the rows minus the ones we actually used ;).
$context['view_num_guests'] = $smcFunc['db_num_rows']($request) - count($context['view_members']);
$smcFunc['db_free_result']($request);
// Sort the list.
krsort($context['view_members']);
krsort($context['view_members_list']);
}
// If all is set, but not allowed... just unset it.
$can_show_all = !empty($modSettings['enableAllMessages']) && $context['total_visible_posts'] > $context['messages_per_page'] && $context['total_visible_posts'] < $modSettings['enableAllMessages'];
if (isset($_REQUEST['all']) && !$can_show_all) {
unset($_REQUEST['all']);
} elseif (isset($_REQUEST['all'])) {
$_REQUEST['start'] = -1;
}
// Construct the page index, allowing for the .START method...
$context['page_index'] = constructPageIndex($scripturl . '?topic=' . $topic . '.%1$d', $_REQUEST['start'], $context['total_visible_posts'], $context['messages_per_page'], true);
$context['start'] = $_REQUEST['start'];
// This is information about which page is current, and which page we're on - in case you don't like the constructed page index. (again, wireles..)
$context['page_info'] = array('current_page' => $_REQUEST['start'] / $context['messages_per_page'] + 1, 'num_pages' => floor(($context['total_visible_posts'] - 1) / $context['messages_per_page']) + 1);
// Figure out all the link to the next/prev/first/last/etc. for wireless mainly.
$context['links'] = array('first' => $_REQUEST['start'] >= $context['messages_per_page'] ? $scripturl . '?topic=' . $topic . '.0' : '', 'prev' => $_REQUEST['start'] >= $context['messages_per_page'] ? $scripturl . '?topic=' . $topic . '.' . ($_REQUEST['start'] - $context['messages_per_page']) : '', 'next' => $_REQUEST['start'] + $context['messages_per_page'] < $context['total_visible_posts'] ? $scripturl . '?topic=' . $topic . '.' . ($_REQUEST['start'] + $context['messages_per_page']) : '', 'last' => $_REQUEST['start'] + $context['messages_per_page'] < $context['total_visible_posts'] ? $scripturl . '?topic=' . $topic . '.' . floor($context['total_visible_posts'] / $context['messages_per_page']) * $context['messages_per_page'] : '', 'up' => $scripturl . '?board=' . $board . '.0');
// If they are viewing all the posts, show all the posts, otherwise limit the number.
if ($can_show_all) {
if (isset($_REQUEST['all'])) {
// No limit! (actually, there is a limit, but...)
$context['messages_per_page'] = -1;
$context['page_index'] .= empty($modSettings['compactTopicPagesEnable']) ? '<strong>' . $txt['all'] . '</strong> ' : '[<strong>' . $txt['all'] . '</strong>] ';
// Set start back to 0...
$_REQUEST['start'] = 0;
} else {
$context['page_index'] .= ' <a href="' . $scripturl . '?topic=' . $topic . '.0;all">' . $txt['all'] . '</a> ';
}
}
// Build the link tree.
$context['linktree'][] = array('url' => $scripturl . '?topic=' . $topic . '.0', 'name' => $topicinfo['subject'], 'extra_before' => $settings['linktree_inline'] ? $txt['topic'] . ': ' : '');
// Build a list of this board's moderators.
$context['moderators'] =& $board_info['moderators'];
$context['link_moderators'] = array();
if (!empty($board_info['moderators'])) {
// Add a link for each moderator...
foreach ($board_info['moderators'] as $mod) {
$context['link_moderators'][] = '<a href="' . $scripturl . '?action=profile;u=' . $mod['id'] . '" title="' . $txt['board_moderator'] . '">' . $mod['name'] . '</a>';
}
// And show it after the board's name.
$context['linktree'][count($context['linktree']) - 2]['extra_after'] = ' (' . (count($context['link_moderators']) == 1 ? $txt['moderator'] : $txt['moderators']) . ': ' . implode(', ', $context['link_moderators']) . ')';
}
// Information about the current topic...
$context['is_locked'] = $topicinfo['locked'];
$context['is_sticky'] = $topicinfo['is_sticky'];
$context['is_very_hot'] = $topicinfo['num_replies'] >= $modSettings['hotTopicVeryPosts'];
$context['is_hot'] = $topicinfo['num_replies'] >= $modSettings['hotTopicPosts'];
$context['is_approved'] = $topicinfo['approved'];
// We don't want to show the poll icon in the topic class here, so pretend it's not one.
$context['is_poll'] = false;
determineTopicClass($context);
$context['is_poll'] = $topicinfo['id_poll'] > 0 && $modSettings['pollMode'] == '1' && allowedTo('poll_view');
// Did this user start the topic or not?
$context['user']['started'] = $user_info['id'] == $topicinfo['id_member_started'] && !$user_info['is_guest'];
$context['topic_starter_id'] = $topicinfo['id_member_started'];
// Set the topic's information for the template.
$context['subject'] = $topicinfo['subject'];
$context['num_views'] = $topicinfo['num_views'];
$context['mark_unread_time'] = $topicinfo['new_from'];
// Set a canonical URL for this page.
$context['canonical_url'] = $scripturl . '?topic=' . $topic . '.' . $context['start'];
// For quick reply we need a response prefix in the default forum language.
if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix', 600))) {
if ($language === $user_info['language']) {
$context['response_prefix'] = $txt['response_prefix'];
} else {
loadLanguage('index', $language, false);
$context['response_prefix'] = $txt['response_prefix'];
loadLanguage('index');
}
cache_put_data('response_prefix', $context['response_prefix'], 600);
}
// If we want to show event information in the topic, prepare the data.
if (allowedTo('calendar_view') && !empty($modSettings['cal_showInTopic']) && !empty($modSettings['cal_enabled'])) {
// First, try create a better time format, ignoring the "time" elements.
if (preg_match('~%[AaBbCcDdeGghjmuYy](?:[^%]*%[AaBbCcDdeGghjmuYy])*~', $user_info['time_format'], $matches) == 0 || empty($matches[0])) {
$date_string = $user_info['time_format'];
} else {
$date_string = $matches[0];
}
// Any calendar information for this topic?
$request = $smcFunc['db_query']('', '
SELECT cal.id_event, cal.start_date, cal.end_date, cal.title, cal.id_member, mem.real_name
FROM {db_prefix}calendar AS cal
LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = cal.id_member)
WHERE cal.id_topic = {int:current_topic}
ORDER BY start_date', array('current_topic' => $topic));
$context['linked_calendar_events'] = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
// Prepare the dates for being formatted.
$start_date = sscanf($row['start_date'], '%04d-%02d-%02d');
$start_date = mktime(12, 0, 0, $start_date[1], $start_date[2], $start_date[0]);
$end_date = sscanf($row['end_date'], '%04d-%02d-%02d');
$end_date = mktime(12, 0, 0, $end_date[1], $end_date[2], $end_date[0]);
$context['linked_calendar_events'][] = array('id' => $row['id_event'], 'title' => $row['title'], 'can_edit' => allowedTo('calendar_edit_any') || $row['id_member'] == $user_info['id'] && allowedTo('calendar_edit_own'), 'modify_href' => $scripturl . '?action=post;msg=' . $topicinfo['id_first_msg'] . ';topic=' . $topic . '.0;calendar;eventid=' . $row['id_event'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'start_date' => timeformat($start_date, $date_string, 'none'), 'start_timestamp' => $start_date, 'end_date' => timeformat($end_date, $date_string, 'none'), 'end_timestamp' => $end_date, 'is_last' => false);
}
$smcFunc['db_free_result']($request);
if (!empty($context['linked_calendar_events'])) {
$context['linked_calendar_events'][count($context['linked_calendar_events']) - 1]['is_last'] = true;
}
}
// Create the poll info if it exists.
if ($context['is_poll']) {
// Get the question and if it's locked.
$request = $smcFunc['db_query']('', '
SELECT
p.question, p.voting_locked, p.hide_results, p.expire_time, p.max_votes, p.change_vote,
p.guest_vote, p.id_member, IFNULL(mem.real_name, p.poster_name) AS poster_name, p.num_guest_voters, p.reset_poll
FROM {db_prefix}polls AS p
LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = p.id_member)
WHERE p.id_poll = {int:id_poll}
LIMIT 1', array('id_poll' => $topicinfo['id_poll']));
$pollinfo = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
$request = $smcFunc['db_query']('', '
SELECT COUNT(DISTINCT id_member) AS total
FROM {db_prefix}log_polls
WHERE id_poll = {int:id_poll}
AND id_member != {int:not_guest}', array('id_poll' => $topicinfo['id_poll'], 'not_guest' => 0));
list($pollinfo['total']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Total voters needs to include guest voters
$pollinfo['total'] += $pollinfo['num_guest_voters'];
// Get all the options, and calculate the total votes.
$request = $smcFunc['db_query']('', '
SELECT pc.id_choice, pc.label, pc.votes, IFNULL(lp.id_choice, -1) AS voted_this
FROM {db_prefix}poll_choices AS pc
LEFT JOIN {db_prefix}log_polls AS lp ON (lp.id_choice = pc.id_choice AND lp.id_poll = {int:id_poll} AND lp.id_member = {int:current_member} AND lp.id_member != {int:not_guest})
WHERE pc.id_poll = {int:id_poll}', array('current_member' => $user_info['id'], 'id_poll' => $topicinfo['id_poll'], 'not_guest' => 0));
$pollOptions = array();
$realtotal = 0;
$pollinfo['has_voted'] = false;
while ($row = $smcFunc['db_fetch_assoc']($request)) {
censorText($row['label']);
$pollOptions[$row['id_choice']] = $row;
$realtotal += $row['votes'];
$pollinfo['has_voted'] |= $row['voted_this'] != -1;
}
$smcFunc['db_free_result']($request);
// If this is a guest we need to do our best to work out if they have voted, and what they voted for.
if ($user_info['is_guest'] && $pollinfo['guest_vote'] && allowedTo('poll_vote')) {
if (!empty($_COOKIE['guest_poll_vote']) && preg_match('~^[0-9,;]+$~', $_COOKIE['guest_poll_vote']) && strpos($_COOKIE['guest_poll_vote'], ';' . $topicinfo['id_poll'] . ',') !== false) {
// ;id,timestamp,[vote,vote...]; etc
$guestinfo = explode(';', $_COOKIE['guest_poll_vote']);
// Find the poll we're after.
foreach ($guestinfo as $i => $guestvoted) {
$guestvoted = explode(',', $guestvoted);
if ($guestvoted[0] == $topicinfo['id_poll']) {
break;
}
}
// Has the poll been reset since guest voted?
if ($pollinfo['reset_poll'] > $guestvoted[1]) {
// Remove the poll info from the cookie to allow guest to vote again
unset($guestinfo[$i]);
if (!empty($guestinfo)) {
$_COOKIE['guest_poll_vote'] = ';' . implode(';', $guestinfo);
} else {
unset($_COOKIE['guest_poll_vote']);
}
} else {
// What did they vote for?
unset($guestvoted[0], $guestvoted[1]);
foreach ($pollOptions as $choice => $details) {
$pollOptions[$choice]['voted_this'] = in_array($choice, $guestvoted) ? 1 : -1;
$pollinfo['has_voted'] |= $pollOptions[$choice]['voted_this'] != -1;
}
unset($choice, $details, $guestvoted);
}
unset($guestinfo, $guestvoted, $i);
}
}
// Set up the basic poll information.
$context['poll'] = array('id' => $topicinfo['id_poll'], 'image' => 'normal_' . (empty($pollinfo['voting_locked']) ? 'poll' : 'locked_poll'), 'question' => parse_bbc($pollinfo['question']), 'total_votes' => $pollinfo['total'], 'change_vote' => !empty($pollinfo['change_vote']), 'is_locked' => !empty($pollinfo['voting_locked']), 'options' => array(), 'lock' => allowedTo('poll_lock_any') || $context['user']['started'] && allowedTo('poll_lock_own'), 'edit' => allowedTo('poll_edit_any') || $context['user']['started'] && allowedTo('poll_edit_own'), 'allowed_warning' => $pollinfo['max_votes'] > 1 ? sprintf($txt['poll_options6'], min(count($pollOptions), $pollinfo['max_votes'])) : '', 'is_expired' => !empty($pollinfo['expire_time']) && $pollinfo['expire_time'] < time(), 'expire_time' => !empty($pollinfo['expire_time']) ? timeformat($pollinfo['expire_time']) : 0, 'has_voted' => !empty($pollinfo['has_voted']), 'starter' => array('id' => $pollinfo['id_member'], 'name' => $row['poster_name'], 'href' => $pollinfo['id_member'] == 0 ? '' : $scripturl . '?action=profile;u=' . $pollinfo['id_member'], 'link' => $pollinfo['id_member'] == 0 ? $row['poster_name'] : '<a href="' . $scripturl . '?action=profile;u=' . $pollinfo['id_member'] . '">' . $row['poster_name'] . '</a>'));
// Make the lock and edit permissions defined above more directly accessible.
$context['allow_lock_poll'] = $context['poll']['lock'];
$context['allow_edit_poll'] = $context['poll']['edit'];
// You're allowed to vote if:
// 1. the poll did not expire, and
// 2. you're either not a guest OR guest voting is enabled... and
// 3. you're not trying to view the results, and
// 4. the poll is not locked, and
// 5. you have the proper permissions, and
// 6. you haven't already voted before.
$context['allow_vote'] = !$context['poll']['is_expired'] && (!$user_info['is_guest'] || $pollinfo['guest_vote'] && allowedTo('poll_vote')) && empty($pollinfo['voting_locked']) && allowedTo('poll_vote') && !$context['poll']['has_voted'];
// You're allowed to view the results if:
// 1. you're just a super-nice-guy, or
// 2. anyone can see them (hide_results == 0), or
// 3. you can see them after you voted (hide_results == 1), or
// 4. you've waited long enough for the poll to expire. (whether hide_results is 1 or 2.)
$context['allow_poll_view'] = allowedTo('moderate_board') || $pollinfo['hide_results'] == 0 || $pollinfo['hide_results'] == 1 && $context['poll']['has_voted'] || $context['poll']['is_expired'];
$context['poll']['show_results'] = $context['allow_poll_view'] && (isset($_REQUEST['viewresults']) || isset($_REQUEST['viewResults']));
$context['show_view_results_button'] = $context['allow_vote'] && (!$context['allow_poll_view'] || !$context['poll']['show_results'] || !$context['poll']['has_voted']);
// You're allowed to change your vote if:
// 1. the poll did not expire, and
// 2. you're not a guest... and
// 3. the poll is not locked, and
// 4. you have the proper permissions, and
// 5. you have already voted, and
// 6. the poll creator has said you can!
$context['allow_change_vote'] = !$context['poll']['is_expired'] && !$user_info['is_guest'] && empty($pollinfo['voting_locked']) && allowedTo('poll_vote') && $context['poll']['has_voted'] && $context['poll']['change_vote'];
// You're allowed to return to voting options if:
// 1. you are (still) allowed to vote.
// 2. you are currently seeing the results.
$context['allow_return_vote'] = $context['allow_vote'] && $context['poll']['show_results'];
// Calculate the percentages and bar lengths...
$divisor = $realtotal == 0 ? 1 : $realtotal;
// Determine if a decimal point is needed in order for the options to add to 100%.
$precision = $realtotal == 100 ? 0 : 1;
// Now look through each option, and...
foreach ($pollOptions as $i => $option) {
// First calculate the percentage, and then the width of the bar...
$bar = round($option['votes'] * 100 / $divisor, $precision);
$barWide = $bar == 0 ? 1 : floor($bar * 8 / 3);
// Now add it to the poll's contextual theme data.
$context['poll']['options'][$i] = array('id' => 'options-' . $i, 'percent' => $bar, 'votes' => $option['votes'], 'voted_this' => $option['voted_this'] != -1, 'bar' => '<span style="white-space: nowrap;"><img src="' . $settings['images_url'] . '/poll_' . ($context['right_to_left'] ? 'right' : 'left') . '.gif" alt="" /><img src="' . $settings['images_url'] . '/poll_middle.gif" width="' . $barWide . '" height="12" alt="-" /><img src="' . $settings['images_url'] . '/poll_' . ($context['right_to_left'] ? 'left' : 'right') . '.gif" alt="" /></span>', 'bar_ndt' => $bar > 0 ? '<div class="bar" style="width: ' . ($bar * 3.5 + 4) . 'px;"><div style="width: ' . $bar * 3.5 . 'px;"></div></div>' : '', 'bar_width' => $barWide, 'option' => parse_bbc($option['label']), 'vote_button' => '<input type="' . ($pollinfo['max_votes'] > 1 ? 'checkbox' : 'radio') . '" name="options[]" id="options-' . $i . '" value="' . $i . '" class="input_' . ($pollinfo['max_votes'] > 1 ? 'check' : 'radio') . '" />');
}
}
// Calculate the fastest way to get the messages!
$ascending = empty($options['view_newest_first']);
$start = $_REQUEST['start'];
$limit = $context['messages_per_page'];
$firstIndex = 0;
if ($start >= $context['total_visible_posts'] / 2 && $context['messages_per_page'] != -1) {
$ascending = !$ascending;
$limit = $context['total_visible_posts'] <= $start + $limit ? $context['total_visible_posts'] - $start : $limit;
$start = $context['total_visible_posts'] <= $start + $limit ? 0 : $context['total_visible_posts'] - $start - $limit;
$firstIndex = $limit - 1;
}
// Get each post and poster in this topic.
$request = $smcFunc['db_query']('display_get_post_poster', '
SELECT id_msg, id_member, approved
FROM {db_prefix}messages
WHERE id_topic = {int:current_topic}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : (!empty($modSettings['db_mysql_group_by_fix']) ? '' : '
GROUP BY id_msg') . '
HAVING (approved = {int:is_approved}' . ($user_info['is_guest'] ? '' : ' OR id_member = {int:current_member}') . ')') . '
ORDER BY id_msg ' . ($ascending ? '' : 'DESC') . ($context['messages_per_page'] == -1 ? '' : '
LIMIT ' . $start . ', ' . $limit), array('current_member' => $user_info['id'], 'current_topic' => $topic, 'is_approved' => 1, 'blank_id_member' => 0));
$messages = array();
$all_posters = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (!empty($row['id_member'])) {
$all_posters[$row['id_msg']] = $row['id_member'];
}
$messages[] = $row['id_msg'];
}
$smcFunc['db_free_result']($request);
$posters = array_unique($all_posters);
// Guests can't mark topics read or for notifications, just can't sorry.
if (!$user_info['is_guest']) {
$mark_at_msg = max($messages);
if ($mark_at_msg >= $topicinfo['id_last_msg']) {
$mark_at_msg = $modSettings['maxMsgID'];
}
if ($mark_at_msg >= $topicinfo['new_from']) {
$smcFunc['db_insert']($topicinfo['new_from'] == 0 ? 'ignore' : 'replace', '{db_prefix}log_topics', array('id_member' => 'int', 'id_topic' => 'int', 'id_msg' => 'int'), array($user_info['id'], $topic, $mark_at_msg), array('id_member', 'id_topic'));
}
// Check for notifications on this topic OR board.
$request = $smcFunc['db_query']('', '
SELECT sent, id_topic
FROM {db_prefix}log_notify
WHERE (id_topic = {int:current_topic} OR id_board = {int:current_board})
AND id_member = {int:current_member}
LIMIT 2', array('current_board' => $board, 'current_member' => $user_info['id'], 'current_topic' => $topic));
$do_once = true;
while ($row = $smcFunc['db_fetch_assoc']($request)) {
// Find if this topic is marked for notification...
if (!empty($row['id_topic'])) {
$context['is_marked_notify'] = true;
}
// Only do this once, but mark the notifications as "not sent yet" for next time.
if (!empty($row['sent']) && $do_once) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_notify
SET sent = {int:is_not_sent}
WHERE (id_topic = {int:current_topic} OR id_board = {int:current_board})
AND id_member = {int:current_member}', array('current_board' => $board, 'current_member' => $user_info['id'], 'current_topic' => $topic, 'is_not_sent' => 0));
$do_once = false;
}
}
// Have we recently cached the number of new topics in this board, and it's still a lot?
if (isset($_REQUEST['topicseen']) && isset($_SESSION['topicseen_cache'][$board]) && $_SESSION['topicseen_cache'][$board] > 5) {
$_SESSION['topicseen_cache'][$board]--;
} elseif (isset($_REQUEST['topicseen'])) {
// Use the mark read tables... and the last visit to figure out if this should be read or not.
$request = $smcFunc['db_query']('', '
SELECT COUNT(*)
FROM {db_prefix}topics AS t
LEFT JOIN {db_prefix}log_boards AS lb ON (lb.id_board = {int:current_board} AND lb.id_member = {int:current_member})
LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = t.id_topic AND lt.id_member = {int:current_member})
WHERE t.id_board = {int:current_board}
AND t.id_last_msg > IFNULL(lb.id_msg, 0)
AND t.id_last_msg > IFNULL(lt.id_msg, 0)' . (empty($_SESSION['id_msg_last_visit']) ? '' : '
AND t.id_last_msg > {int:id_msg_last_visit}'), array('current_board' => $board, 'current_member' => $user_info['id'], 'id_msg_last_visit' => (int) $_SESSION['id_msg_last_visit']));
list($numNewTopics) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// If there're no real new topics in this board, mark the board as seen.
if (empty($numNewTopics)) {
$_REQUEST['boardseen'] = true;
} else {
$_SESSION['topicseen_cache'][$board] = $numNewTopics;
}
} elseif (isset($_SESSION['topicseen_cache'][$board])) {
$_SESSION['topicseen_cache'][$board]--;
}
// Mark board as seen if we came using last post link from BoardIndex. (or other places...)
if (isset($_REQUEST['boardseen'])) {
$smcFunc['db_insert']('replace', '{db_prefix}log_boards', array('id_msg' => 'int', 'id_member' => 'int', 'id_board' => 'int'), array($modSettings['maxMsgID'], $user_info['id'], $board), array('id_member', 'id_board'));
}
}
$attachments = array();
// If there _are_ messages here... (probably an error otherwise :!)
if (!empty($messages)) {
// Fetch attachments.
if (!empty($modSettings['attachmentEnable']) && allowedTo('view_attachments')) {
$request = $smcFunc['db_query']('', '
SELECT
a.id_attach, a.id_folder, a.id_msg, a.filename, a.file_hash, IFNULL(a.size, 0) AS filesize, a.downloads, a.approved,
a.width, a.height' . (empty($modSettings['attachmentShowImages']) || empty($modSettings['attachmentThumbnails']) ? '' : ',
IFNULL(thumb.id_attach, 0) AS id_thumb, thumb.width AS thumb_width, thumb.height AS thumb_height') . '
FROM {db_prefix}attachments AS a' . (empty($modSettings['attachmentShowImages']) || empty($modSettings['attachmentThumbnails']) ? '' : '
LEFT JOIN {db_prefix}attachments AS thumb ON (thumb.id_attach = a.id_thumb)') . '
WHERE a.id_msg IN ({array_int:message_list})
AND a.attachment_type = {int:attachment_type}', array('message_list' => $messages, 'attachment_type' => 0, 'is_approved' => 1));
$temp = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (!$row['approved'] && $modSettings['postmod_active'] && !allowedTo('approve_posts') && (!isset($all_posters[$row['id_msg']]) || $all_posters[$row['id_msg']] != $user_info['id'])) {
continue;
}
$temp[$row['id_attach']] = $row;
if (!isset($attachments[$row['id_msg']])) {
$attachments[$row['id_msg']] = array();
}
}
$smcFunc['db_free_result']($request);
// This is better than sorting it with the query...
ksort($temp);
foreach ($temp as $row) {
$attachments[$row['id_msg']][] = $row;
}
}
// What? It's not like it *couldn't* be only guests in this topic...
if (!empty($posters)) {
loadMemberData($posters);
}
$messages_request = $smcFunc['db_query']('', '
SELECT
id_msg, icon, subject, poster_time, poster_ip, id_member, modified_time, modified_name, body,
smileys_enabled, poster_name, poster_email, approved,
id_msg_modified < {int:new_from} AS is_read
FROM {db_prefix}messages
WHERE id_msg IN ({array_int:message_list})
ORDER BY id_msg' . (empty($options['view_newest_first']) ? '' : ' DESC'), array('message_list' => $messages, 'new_from' => $topicinfo['new_from']));
// Go to the last message if the given time is beyond the time of the last message.
if (isset($context['start_from']) && $context['start_from'] >= $topicinfo['num_replies']) {
$context['start_from'] = $topicinfo['num_replies'];
}
// Since the anchor information is needed on the top of the page we load these variables beforehand.
$context['first_message'] = isset($messages[$firstIndex]) ? $messages[$firstIndex] : $messages[0];
if (empty($options['view_newest_first'])) {
$context['first_new_message'] = isset($context['start_from']) && $_REQUEST['start'] == $context['start_from'];
} else {
$context['first_new_message'] = isset($context['start_from']) && $_REQUEST['start'] == $topicinfo['num_replies'] - $context['start_from'];
}
} else {
$messages_request = false;
$context['first_message'] = 0;
$context['first_new_message'] = false;
}
$context['jump_to'] = array('label' => addslashes(un_htmlspecialchars($txt['jump_to'])), 'board_name' => htmlspecialchars(strtr(strip_tags($board_info['name']), array('&' => '&'))), 'child_level' => $board_info['child_level']);
// Set the callback. (do you REALIZE how much memory all the messages would take?!?)
$context['get_message'] = 'prepareDisplayContext';
// Now set all the wonderful, wonderful permissions... like moderation ones...
$common_permissions = array('can_approve' => 'approve_posts', 'can_ban' => 'manage_bans', 'can_sticky' => 'make_sticky', 'can_merge' => 'merge_any', 'can_split' => 'split_any', 'calendar_post' => 'calendar_post', 'can_mark_notify' => 'mark_any_notify', 'can_send_topic' => 'send_topic', 'can_send_pm' => 'pm_send', 'can_report_moderator' => 'report_any', 'can_moderate_forum' => 'moderate_forum', 'can_issue_warning' => 'issue_warning', 'can_restore_topic' => 'move_any', 'can_restore_msg' => 'move_any');
foreach ($common_permissions as $contextual => $perm) {
$context[$contextual] = allowedTo($perm);
}
// Permissions with _any/_own versions. $context[YYY] => ZZZ_any/_own.
$anyown_permissions = array('can_move' => 'move', 'can_lock' => 'lock', 'can_delete' => 'remove', 'can_add_poll' => 'poll_add', 'can_remove_poll' => 'poll_remove', 'can_reply' => 'post_reply', 'can_reply_unapproved' => 'post_unapproved_replies');
foreach ($anyown_permissions as $contextual => $perm) {
$context[$contextual] = allowedTo($perm . '_any') || $context['user']['started'] && allowedTo($perm . '_own');
}
// Cleanup all the permissions with extra stuff...
$context['can_mark_notify'] &= !$context['user']['is_guest'];
$context['can_sticky'] &= !empty($modSettings['enableStickyTopics']);
$context['calendar_post'] &= !empty($modSettings['cal_enabled']);
$context['can_add_poll'] &= $modSettings['pollMode'] == '1' && $topicinfo['id_poll'] <= 0;
$context['can_remove_poll'] &= $modSettings['pollMode'] == '1' && $topicinfo['id_poll'] > 0;
$context['can_reply'] &= empty($topicinfo['locked']) || allowedTo('moderate_board');
$context['can_reply_unapproved'] &= $modSettings['postmod_active'] && (empty($topicinfo['locked']) || allowedTo('moderate_board'));
$context['can_issue_warning'] &= in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1;
// Handle approval flags...
$context['can_reply_approved'] = $context['can_reply'];
$context['can_reply'] |= $context['can_reply_unapproved'];
$context['can_quote'] = $context['can_reply'] && (empty($modSettings['disabledBBC']) || !in_array('quote', explode(',', $modSettings['disabledBBC'])));
$context['can_mark_unread'] = !$user_info['is_guest'] && $settings['show_mark_read'];
$context['can_send_topic'] = (!$modSettings['postmod_active'] || $topicinfo['approved']) && allowedTo('send_topic');
// Start this off for quick moderation - it will be or'd for each post.
$context['can_remove_post'] = allowedTo('delete_any') || allowedTo('delete_replies') && $context['user']['started'];
// Can restore topic? That's if the topic is in the recycle board and has a previous restore state.
$context['can_restore_topic'] &= !empty($modSettings['recycle_enable']) && $modSettings['recycle_board'] == $board && !empty($topicinfo['id_previous_board']);
$context['can_restore_msg'] &= !empty($modSettings['recycle_enable']) && $modSettings['recycle_board'] == $board && !empty($topicinfo['id_previous_topic']);
// Wireless shows a "more" if you can do anything special.
if (WIRELESS && WIRELESS_PROTOCOL != 'wap') {
$context['wireless_more'] = $context['can_sticky'] || $context['can_lock'] || allowedTo('modify_any');
$context['wireless_moderate'] = isset($_GET['moderate']) ? ';moderate' : '';
}
// Load up the "double post" sequencing magic.
if (!empty($options['display_quick_reply'])) {
checkSubmitOnce('register');
$context['name'] = isset($_SESSION['guest_name']) ? $_SESSION['guest_name'] : '';
$context['email'] = isset($_SESSION['guest_email']) ? $_SESSION['guest_email'] : '';
}
}
function ReportToModerator2()
{
global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $sourcedir, $language, $context, $smcFunc;
// You must have the proper permissions!
isAllowedTo('report_any');
// Make sure they aren't spamming.
spamProtection('reporttm');
require_once $sourcedir . '/Subs-Post.php';
// No errors, yet.
$post_errors = array();
// Check their session.
if (checkSession('post', '', false) != '') {
$post_errors[] = 'session_timeout';
}
// Make sure we have a comment and it's clean.
if (!isset($_POST['comment']) || $smcFunc['htmltrim']($_POST['comment']) === '') {
$post_errors[] = 'no_comment';
}
$poster_comment = strtr($smcFunc['htmlspecialchars']($_POST['comment']), array("\r" => '', "\n" => '', "\t" => ''));
// Guests need to provide their address!
if ($user_info['is_guest']) {
$_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']);
if ($_POST['email'] === '') {
$post_errors[] = 'no_email';
} elseif (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['email']) == 0) {
$post_errors[] = 'bad_email';
}
isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
$user_info['email'] = htmlspecialchars($_POST['email']);
}
// Could they get the right verification code?
if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) {
require_once $sourcedir . '/Subs-Editor.php';
$verificationOptions = array('id' => 'report');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
$post_errors = array_merge($post_errors, $context['require_verification']);
}
}
// Any errors?
if (!empty($post_errors)) {
loadLanguage('Errors');
$context['post_errors'] = array();
foreach ($post_errors as $post_error) {
$context['post_errors'][] = $txt['error_' . $post_error];
}
return ReportToModerator();
}
// Get the basic topic information, and make sure they can see it.
$_POST['msg'] = (int) $_POST['msg'];
$request = $smcFunc['db_query']('', '
SELECT m.id_topic, m.id_board, m.subject, m.body, m.id_member AS id_poster, m.poster_name, mem.real_name
FROM {db_prefix}messages AS m
LEFT JOIN {db_prefix}members AS mem ON (m.id_member = mem.id_member)
WHERE m.id_msg = {int:id_msg}
AND m.id_topic = {int:current_topic}
LIMIT 1', array('current_topic' => $topic, 'id_msg' => $_POST['msg']));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('no_board', false);
}
$message = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
$poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
$reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
$subject = un_htmlspecialchars($message['subject']);
// Get a list of members with the moderate_board permission.
require_once $sourcedir . '/Subs-Members.php';
$moderators = membersAllowedTo('moderate_board', $board);
$request = $smcFunc['db_query']('', '
SELECT id_member, email_address, lngfile, mod_prefs
FROM {db_prefix}members
WHERE id_member IN ({array_int:moderator_list})
AND notify_types != {int:notify_types}
ORDER BY lngfile', array('moderator_list' => $moderators, 'notify_types' => 4));
// Check that moderators do exist!
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('no_mods', false);
}
// If we get here, I believe we should make a record of this, for historical significance, yabber.
if (empty($modSettings['disable_log_report'])) {
$request2 = $smcFunc['db_query']('', '
SELECT id_report, ignore_all
FROM {db_prefix}log_reported
WHERE id_msg = {int:id_msg}
AND (closed = {int:not_closed} OR ignore_all = {int:ignored})
ORDER BY ignore_all DESC', array('id_msg' => $_POST['msg'], 'not_closed' => 0, 'ignored' => 1));
if ($smcFunc['db_num_rows']($request2) != 0) {
list($id_report, $ignore) = $smcFunc['db_fetch_row']($request2);
}
$smcFunc['db_free_result']($request2);
// If we're just going to ignore these, then who gives a monkeys...
if (!empty($ignore)) {
redirectexit('topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']);
}
// Already reported? My god, we could be dealing with a real rogue here...
if (!empty($id_report)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_reported
SET num_reports = num_reports + 1, time_updated = {int:current_time}
WHERE id_report = {int:id_report}', array('current_time' => time(), 'id_report' => $id_report));
} else {
if (empty($message['real_name'])) {
$message['real_name'] = $message['poster_name'];
}
$smcFunc['db_insert']('', '{db_prefix}log_reported', array('id_msg' => 'int', 'id_topic' => 'int', 'id_board' => 'int', 'id_member' => 'int', 'membername' => 'string', 'subject' => 'string', 'body' => 'string', 'time_started' => 'int', 'time_updated' => 'int', 'num_reports' => 'int', 'closed' => 'int'), array($_POST['msg'], $message['id_topic'], $message['id_board'], $message['id_poster'], $message['real_name'], $message['subject'], $message['body'], time(), time(), 1, 0), array('id_report'));
$id_report = $smcFunc['db_insert_id']('{db_prefix}log_reported', 'id_report');
}
// Now just add our report...
if ($id_report) {
$smcFunc['db_insert']('', '{db_prefix}log_reported_comments', array('id_report' => 'int', 'id_member' => 'int', 'membername' => 'string', 'email_address' => 'string', 'member_ip' => 'string', 'comment' => 'string', 'time_sent' => 'int'), array($id_report, $user_info['id'], $user_info['name'], $user_info['email'], $user_info['ip'], $poster_comment, time()), array('id_comment'));
}
}
// Find out who the real moderators are - for mod preferences.
$request2 = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}moderators
WHERE id_board = {int:current_board}', array('current_board' => $board));
$real_mods = array();
while ($row = $smcFunc['db_fetch_assoc']($request2)) {
$real_mods[] = $row['id_member'];
}
$smcFunc['db_free_result']($request2);
// Send every moderator an email.
while ($row = $smcFunc['db_fetch_assoc']($request)) {
// Maybe they don't want to know?!
if (!empty($row['mod_prefs'])) {
list(, , $pref_binary) = explode('|', $row['mod_prefs']);
if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) {
continue;
}
}
$replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg'], 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']);
$emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
// Send it to the moderator.
sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 2);
}
$smcFunc['db_free_result']($request);
// Keep track of when the mod reports get updated, that way we know when we need to look again.
updateSettings(array('last_mod_report_action' => time()));
// Back to the post we reported!
redirectexit('reportsent;topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']);
}
unset($next_prev_cache);
//-----------------------------------------------------
//--- Save Comment ------------------------------------
//-----------------------------------------------------
$error = 0;
if ($action == "postcomment" && isset($HTTP_POST_VARS[URL_ID])) {
$id = intval($HTTP_POST_VARS[URL_ID]);
$sql = "SELECT cat_id, image_allow_comments\n FROM " . IMAGES_TABLE . "\n WHERE image_id = {$id}";
$row = $site_db->query_firstrow($sql);
if ($row['image_allow_comments'] == 0 || !check_permission("auth_postcomment", $row['cat_id']) || !$row) {
$msg = $lang['comments_deactivated'];
} else {
$user_name = un_htmlspecialchars(trim($HTTP_POST_VARS['user_name']));
$comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
$captcha = isset($HTTP_POST_VARS['captcha']) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";
// Flood Check
$sql = "SELECT comment_ip, comment_date\n FROM " . COMMENTS_TABLE . "\n WHERE image_id = {$id}\n ORDER BY comment_date DESC\n LIMIT 1";
$spam_row = $site_db->query_firstrow($sql);
$spamtime = $spam_row['comment_date'] + 180;
if ($session_info['session_ip'] == $spam_row['comment_ip'] && time() <= $spamtime && $user_info['user_level'] != ADMIN) {
$msg .= ($msg != "" ? "<br />" : "") . $lang['spamming'];
$error = 1;
}
$user_name_field = get_user_table_field("", "user_name");
if (!empty($user_name_field)) {
if ($site_db->not_empty("SELECT {$user_name_field} FROM " . USERS_TABLE . " WHERE {$user_name_field} = '" . strtolower($user_name) . "' AND " . get_user_table_field("", "user_id") . " <> '" . $user_info['user_id'] . "'")) {
$msg .= ($msg != "" ? "<br />" : "") . $lang['username_exists'];
$error = 1;
}
}
function TPortalDLAdmin()
{
global $txt, $scripturl, $boarddir, $boardurl, $smcFunc, $context, $settings, $sourcedir;
// check permissions
if (isset($_POST['dl_useredit'])) {
checkSession('post');
} else {
isAllowedTo('tp_dlmanager');
}
// add visual options to this section
$dl_visual = explode(',', $context['TPortal']['dl_visual_options']);
$dv = array('left', 'right', 'center', 'top', 'bottom', 'lower');
foreach ($dv as $v => $val) {
if (in_array($val, $dl_visual)) {
$context['TPortal'][$val . 'panel'] = '1';
$context['TPortal']['dl_' . $val] = '1';
} else {
$context['TPortal'][$val . 'panel'] = '0';
}
}
if (in_array('showtop', $dl_visual)) {
$context['TPortal']['showtop'] = true;
$context['TPortal']['dl_top'] = true;
} else {
$context['TPortal']['showtop'] = false;
}
if ($context['TPortal']['hidebars_admin_only'] == '1') {
tp_hidebars();
}
// fetch membergroups so we can quickly set permissions
// dlmanager, dlupload, dlcreatetopic
$context['TPortal']['perm_all_groups'] = get_grps();
$context['TPortal']['perm_groups'] = tp_fetchpermissions(array('tp_dlmanager', 'tp_dlupload', 'tp_dlcreatetopic'));
$context['TPortal']['boards'] = tp_fetchboards();
$context['TPortal']['all_dlitems'] = array();
$request = $smcFunc['db_query']('', '
SELECT id, name FROM {db_prefix}tp_dlmanager
WHERE type = {string:type}
ORDER BY name ASC', array('type' => 'dlitem'));
if ($smcFunc['db_num_rows']($request) > 0) {
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['TPortal']['all_dlitems'][] = array('id' => $row['id'], 'name' => $row['name']);
}
$smcFunc['db_free_result']($request);
}
// Add in BBC editor before we call in template so the headers are there
if ($context['TPortal']['dl_wysiwyg'] == 'bbc') {
if ($context['TPortal']['dlsub'] == 'adminaddcat') {
$context['TPortal']['editor_id'] = 'newdladmin_text';
TP_prebbcbox($context['TPortal']['editor_id']);
} else {
$context['TPortal']['editor_id'] = 'tp_dl_introtext';
TP_prebbcbox($context['TPortal']['editor_id'], $context['TPortal']['dl_introtext']);
}
}
// any items from the ftp screen?
if (!empty($_POST['ftpdlsend'])) {
// new category?
if (!empty($_POST['assign-ftp-newcat'])) {
$newcat = true;
$newcatname = $_POST['assign-ftp-newcat'];
if (isset($_POST['assign-ftp-cat']) && $_POST['assign-ftp-cat'] > 0) {
$newcatparent = $_POST['assign-ftp-cat'];
} else {
$newcatparent = 0;
}
if ($newcatname == '') {
$newcatname = '-no name-';
}
} else {
$newcat = false;
$newcatname = '';
$newcatnow = $_POST['assign-ftp-cat'];
$newcatparent = 0;
}
// if new category create it first.
if ($newcat) {
$request = $smcFunc['db_insert']('INSERT', '{db_prefix}tp_dlmanager', array('name' => 'string', 'description' => 'string', 'icon' => 'string', 'category' => 'int', 'type' => 'string', 'downloads' => 'int', 'views' => 'int', 'file' => 'string', 'created' => 'int', 'last_access' => 'int', 'filesize' => 'int', 'parent' => 'int', 'access' => 'string', 'link' => 'string', 'author_id' => 'int', 'screenshot' => 'string', 'rating' => 'string', 'voters' => 'string', 'subitem' => 'int'), array($newcatname, '', '', 0, 'dlcat', 0, 0, '', 0, 0, 0, $newcatparent, '', '', $context['user']['id'], '', '', '', 0), array('id'));
$newcatnow = $smcFunc['db_insert_id']($request);
}
// now go through each file and put it into the table.
foreach ($_POST as $what => $value) {
if (substr($what, 0, 19) == 'assign-ftp-checkbox') {
$name = $value;
$now = time();
$fsize = filesize($boarddir . '/tp-downloads/' . $value);
$smcFunc['db_insert']('INSERT', '{db_prefix}tp_dlmanager', array('name' => 'string', 'description' => 'string', 'icon' => 'string', 'category' => 'int', 'type' => 'string', 'downloads' => 'int', 'views' => 'int', 'file' => 'string', 'created' => 'int', 'last_access' => 'int', 'filesize' => 'int', 'parent' => 'int', 'access' => 'string', 'link' => 'string', 'author_id' => 'int', 'screenshot' => 'string', 'rating' => 'string', 'voters' => 'string', 'subitem' => 'int'), array($name, '', '', $newcatnow, 'dlitem', 1, 1, $value, $now, $now, $fsize, 0, '', '', $context['user']['id'], '', '', '', 0), array('id'));
}
}
// done, set a value to make member aware of assigned category
redirectexit('action=tpmod;dl=adminftp;ftpcat=' . $newcatnow);
}
// check for new category
if (!empty($_POST['newdlsend'])) {
// get the items
$name = strip_tags($_POST['newdladmin_name']);
// no html here
if (empty($name)) {
$name = $txt['tp-dlnotitle'];
}
$text = $_POST['newdladmin_text'];
$parent = $_POST['newdladmin_parent'];
$icon = $boardurl . '/tp-downloads/icons/' . $_POST['newdladmin_icon'];
// special case, the access
$dlgrp = array();
foreach ($_POST as $what => $value) {
if (substr($what, 0, 16) == 'newdladmin_group') {
$vv = substr($what, 16);
if ($vv != '-2') {
$dlgrp[] = $vv;
}
}
}
$access = implode(',', $dlgrp);
// insert the category
$request = $smcFunc['db_insert']('INSERT', '{db_prefix}tp_dlmanager', array('name' => 'string', 'description' => 'string', 'icon' => 'string', 'category' => 'int', 'type' => 'string', 'downloads' => 'int', 'views' => 'int', 'file' => 'string', 'created' => 'int', 'last_access' => 'int', 'filesize' => 'int', 'parent' => 'int', 'access' => 'string', 'link' => 'string', 'author_id' => 'int', 'screenshot' => 'string', 'rating' => 'string', 'voters' => 'string', 'subitem' => 'int'), array($name, $text, $icon, 0, 'dlcat', 0, 0, '', 0, 0, 0, $parent, $access, '', $context['user']['id'], '', '', '', 0), array('id'));
$newcat = $smcFunc['db_insert_id']($request);
redirectexit('action=tpmod;dl=admineditcat' . $newcat);
}
$myid = 0;
// check if tag links are present
if (isset($_POST['dladmin_itemtags'])) {
$itemid = $_POST['dladmin_itemtags'];
// get title
$request = $smcFunc['db_query']('', '
SELECT name FROM {db_prefix}tp_dlmanager
WHERE id = {int:item} LIMIT 1', array('item' => $itemid));
$title = $smcFunc['db_fetch_row']($request);
// remove old ones first
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}tp_variables
WHERE value3 = {string:val3}
AND subtype2 = {int:sub}', array('val3' => 'dladmin_itemtags', 'sub' => $itemid));
$alltags = array();
foreach ($_POST as $what => $value) {
// a tag from edit items
if (substr($what, 0, 17) == 'dladmin_itemtags_') {
$tag = substr($what, 17);
$itemid = $value;
// insert new one
$href = '?action=tpmod;dl=item' . $itemid;
$tg = '<span style="background: url(' . $settings['tp_images_url'] . '/glyph_download.png) no-repeat;" class="taglink">' . $title[0] . '</span>';
if (!empty($tag)) {
$smcFunc['db_query']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'value3' => 'string', 'type' => 'string', 'value4' => 'string', 'value5' => 'int', 'subtype' => 'string', 'value7' => 'string', 'value8' => 'string', 'subtype2' => 'int'), array($href, $tg, 'dladmin_itemtags', '', 0, $tag, '', '', $itemid), array('id'));
$alltags[] = $tag;
}
}
}
$tg = implode(',', $alltags);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET global_tag = {string:tag}
WHERE id = {int:item}', array('tag' => $tg, 'item' => $itemid));
$myid = $itemid;
$go = 2;
$newgo = 2;
}
// check if tag links are present -categories
if (isset($_POST['dladmin_cattags'])) {
$itemid = $_POST['dladmin_cattags'];
// get title
$request = $smcFunc['db_query']('', '
SELECT name FROM {db_prefix}tp_dlmanager
WHERE id = {int:item} LIMIT 1', array('item' => $itemid));
$title = $smcFunc['db_fetch_row']($request);
// remove old ones first
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}tp_variables
WHERE value3 = {string:val3}
AND subtype2 = {int:sub}', array('val3' => 'dladmin_cattags', 'sub' => $itemid));
foreach ($_POST as $what => $value) {
// a tag from edit category
if (substr($what, 0, 16) == 'dladmin_cattags_') {
$tag = substr($what, 16);
$itemid = $value;
// insert new one
$href = '?action=tpmod;dl=cat' . $itemid;
$title = $title[0] . ' [' . strtolower($txt['tp-downloads']) . '] ';
$smcFunc['db_query']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'value3' => 'string', 'type' => 'string', 'value4' => 'string', 'value5' => 'int', 'subtype' => 'string', 'value7' => 'string', 'value8' => 'string', 'subtype2' => 'int'), array($href, $title, 'dladmin_cattags', '', 0, $tag, '', '', $itemid), array('id'));
}
}
$myid = $itemid;
$go = 3;
$newgo = 3;
}
// check for access value
if (!empty($_POST['dlsend'])) {
$admgrp = array();
$groupset = false;
$dlgrp = array();
$dlset = false;
$visual = array();
$visualset = false;
$creategrp = array();
$dlmanager_grp = array();
$dlupload_grp = array();
$dlcreatetopic_grp = array();
// Our settings array to send to updateTPSettings();
$changeArray = array();
foreach ($_POST as $what => $value) {
if (substr($what, 0, 13) == 'dladmin_group') {
$val = substr($what, 13);
if ($val != '-2') {
$admgrp[] = $val;
}
$groupset = true;
$id = $value;
} elseif (substr($what, 0, 8) == 'tp_group') {
if ($value != '-2') {
$dlgrp[] = $value;
}
$dlset = true;
} elseif (substr($what, 0, 20) == 'tp_dl_visual_options') {
if ($value != 'not') {
$visual[] = $value;
}
$visualset = true;
} elseif (substr($what, 0, 11) == 'tp_dlboards') {
$creategrp[] = $value;
}
}
if ($groupset) {
$dlaccess = implode(',', $admgrp);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET access = {string:access}
WHERE id = {int:item}', array('access' => $dlaccess, 'item' => $id));
}
if (!empty($_POST['dlsettings'])) {
$changeArray['dl_createtopic_boards'] = implode(',', $creategrp);
}
if ($dlset) {
$changeArray['dl_approve_groups'] = implode(',', $dlgrp);
}
if ($visualset) {
$changeArray['dl_visual_options'] = implode(',', $visual);
}
$go = 0;
if (!empty($_FILES['qup_dladmin_text']['tmp_name']) && (file_exists($_FILES['qup_dladmin_text']['tmp_name']) || is_uploaded_file($_FILES['qup_dladmin_text']['tmp_name']))) {
$name = TPuploadpicture('qup_dladmin_text', $context['user']['id'] . 'uid');
tp_createthumb('tp-images/' . $name, 50, 50, 'tp-images/thumbs/thumb_' . $name);
}
if (!empty($_FILES['qup_blockbody']['tmp_name']) && (file_exists($_FILES['qup_dladmin_text']['tmp_name']) || is_uploaded_file($_FILES['qup_dladmin_text']['tmp_name']))) {
$name = TPuploadpicture('qup_dladmin_text', $context['user']['id'] . 'uid');
tp_createthumb('tp-images/' . $name, 50, 50, 'tp-images/thumbs/thumb_' . $name);
}
// a screenshot from edit item screen?
if (!empty($_FILES['tp_dluploadpic_edit']['tmp_name']) && (file_exists($_FILES['tp_dluploadpic_edit']['tmp_name']) || is_uploaded_file($_FILES['tp_dluploadpic_edit']['tmp_name']))) {
$shot = true;
} else {
$shot = false;
}
if ($shot) {
$sid = $_POST['tp_dluploadpic_editID'];
$sfile = 'tp_dluploadpic_edit';
$uid = $context['user']['id'] . 'uid';
$dim = '1800';
$suf = 'jpg,gif,png';
$dest = 'tp-images/dlmanager';
$sname = TPuploadpicture($sfile, $uid, $dim, $suf, $dest);
$screenshot = $sname;
tp_createthumb($dest . '/' . $sname, $context['TPortal']['dl_screenshotsize'][0], $context['TPortal']['dl_screenshotsize'][1], $dest . '/thumb/' . $sname);
tp_createthumb($dest . '/' . $sname, $context['TPortal']['dl_screenshotsize'][2], $context['TPortal']['dl_screenshotsize'][3], $dest . '/listing/' . $sname);
tp_createthumb($dest . '/' . $sname, $context['TPortal']['dl_screenshotsize'][4], $context['TPortal']['dl_screenshotsize'][5], $dest . '/single/' . $sname);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET screenshot = {string:ss}
WHERE id = {int:item}', array('ss' => $screenshot, 'item' => $sid));
$uploaded = true;
} else {
$screenshot = '';
$uploaded = false;
}
if (isset($_POST['tp_dluploadpic_link']) && !$uploaded) {
$sid = $_POST['tp_dluploadpic_editID'];
$screenshot = $_POST['tp_dluploadpic_link'];
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET screenshot = {string:ss}
WHERE id = {int:item}', array('ss' => $screenshot, 'item' => $sid));
} else {
$screenshot = '';
}
// a new file uploaded?
if (!empty($_FILES['tp_dluploadfile_edit']['tmp_name']) && is_uploaded_file($_FILES['tp_dluploadfile_edit']['tmp_name'])) {
$shot = true;
} else {
$shot = false;
}
if ($shot) {
$sid = $_POST['tp_dluploadfile_editID'];
$shotname = $_FILES['tp_dluploadfile_edit']['name'];
$sname = strtr($shotname, 'ŠŽšžŸÀÁÂÃÄÅÇÈÉÊËÌÍÎÏÑÒÓÔÕÖØÙÚÛÜÝàáâãäåçèéêëìíîïñòóôõöøùúûüýÿ', 'SZszYAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy');
$sname = strtr($sname, array('Þ' => 'TH', 'þ' => 'th', 'Ð' => 'DH', 'ð' => 'dh', 'ß' => 'ss', 'Œ' => 'OE', 'œ' => 'oe', 'Æ' => 'AE', 'æ' => 'ae', 'µ' => 'u'));
$sname = preg_replace(array('/\\s/', '/[^\\w_\\.\\-]/'), array('_', ''), $sname);
$sname = time() . $sname;
// check the size
$dlfilesize = filesize($_FILES['tp_dluploadfile_edit']['tmp_name']);
if ($dlfilesize > 1000 * $context['TPortal']['dl_max_upload_size']) {
unlink($_FILES['tp_dluploadfile_edit']['tmp_name']);
$error = $txt['tp-dlmaxerror'] . ' ' . $context['TPortal']['dl_max_upload_size'] . ' Kb<br /><br />' . $txt['tp-dlmaxerror2'] . ': ' . ceil($dlfilesize / 1000) . ' Kb';
fatal_error($error);
}
// check the extension
$allowed = explode(',', $context['TPortal']['dl_allowed_types']);
$match = false;
foreach ($allowed as $extension => $value) {
$ext = '.' . $value;
$extlen = strlen($ext);
if (substr($sname, strlen($sname) - $extlen, $extlen) == $ext) {
$match = true;
}
}
if (!$match) {
unlink($_FILES['tp_dluploadfile_edit']['tmp_name']);
$error = $txt['tp-dlexterror'] . ':<b> <br />' . $context['TPortal']['dl_allowed_types'] . '</b><br /><br />' . $txt['tp-dlexterror2'] . ': <b>' . $sname . '</b>';
fatal_error($error);
}
$success2 = move_uploaded_file($_FILES['tp_dluploadfile_edit']['tmp_name'], $boarddir . '/tp-downloads/' . $sname);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET file = {string:file}
WHERE id = {int:item}', array('file' => $sname, 'item' => $sid));
$new_upload = true;
// update filesize as well
$value = filesize($boarddir . '/tp-downloads/' . $sname);
if (!is_numeric($value)) {
$value = 0;
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET filesize = {int:size}
WHERE id = {int:item}', array('size' => $value, 'item' => $sid));
$myid = $sid;
$go = 2;
}
// get all values from forms
foreach ($_POST as $what => $value) {
if (substr($what, 0, 12) == 'dladmin_name') {
$id = substr($what, 12);
// no html here
$value = strip_tags($value);
if (empty($value)) {
$value = '-no title-';
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET name = {string:name}
WHERE id = {int:item}', array('name' => $value, 'item' => $id));
} elseif (substr($what, 0, 12) == 'dladmin_icon') {
$id = substr($what, 12);
if ($value != '') {
$val = $boardurl . '/tp-downloads/icons/' . $value;
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET icon = {string:icon}
WHERE id = {int:item}', array('icon' => $val, 'item' => $id));
}
} elseif (substr($what, 0, 12) == 'dladmin_text') {
$id = substr($what, 12);
if (is_numeric($id)) {
// If we came from WYSIWYG then turn it back into BBC regardless.
if (!empty($_REQUEST[$what . '_mode']) && isset($_REQUEST[$what])) {
require_once $sourcedir . '/Subs-Editor.php';
$_REQUEST[$what] = html_to_bbc($_REQUEST[$what]);
// We need to unhtml it now as it gets done shortly.
$_REQUEST[$what] = un_htmlspecialchars($_REQUEST[$what]);
// We need this for everything else.
$value = $_POST[$what] = $_REQUEST[$what];
}
if (isset($_POST['dladmin_text' . $id . '_pure']) && isset($_POST['dladmin_text' . $id . '_choice'])) {
if ($_POST['dladmin_text' . $id . '_choice'] == 1) {
$value = $_POST['dladmin_text' . $id];
} else {
$value = $_POST['dladmin_text' . $id . '_pure'];
}
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET description = {string:desc}
WHERE id = {int:item}', array('desc' => $value, 'item' => $id));
}
} elseif (substr($what, 0, 14) == 'dladmin_delete') {
$id = substr($what, 14);
$request = $smcFunc['db_query']('', '
SELECT * FROM {db_prefix}tp_dlmanager
WHERE id = {int:item}', array('item' => $id));
if ($smcFunc['db_num_rows']($request) > 0) {
$row = $smcFunc['db_fetch_assoc']($request);
if ($row['type'] == 'dlitem') {
$category = $row['category'];
if ($category > 0) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET downloads = downloads - 1
WHERE id = {int:cat} LIMIT 1', array('cat' => $category));
}
// delete both screenshot and file
if (!empty($row['file']) && file_exists($boarddir . '/tp-downloads/' . $row['file'])) {
$succ = unlink($boarddir . '/tp-downloads/' . $row['file']);
if (!$succ) {
$err = $txt['tp-dlfilenotdel'] . ' (' . $row['file'] . ')';
}
}
if (!empty($row['screenshot']) && file_exists($boarddir . '/' . $row['screenshot'])) {
$succ2 = unlink($boarddir . '/' . $row['screenshot']);
if (!$succ2) {
$err .= '<br />' . $txt['tp-dlssnotdel'] . ' (' . $row['screenshot'] . ')';
}
}
}
$smcFunc['db_free_result']($request);
}
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}tp_dlmanager
WHERE id = {int:item}', array('item' => $id));
if (isset($err)) {
fatal_error($err);
}
redirectexit('action=tpmod;dl=admincat' . $category);
} elseif (substr($what, 0, 15) == 'dladmin_approve' && $value == 'ON') {
$id = abs(substr($what, 15));
$request = $smcFunc['db_query']('', '
SELECT category FROM {db_prefix}tp_dlmanager
WHERE id = {int:item}', array('item' => $id));
if ($smcFunc['db_num_rows']($request) > 0) {
$row = $smcFunc['db_fetch_row']($request);
$newcat = abs($row[0]);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET category = {int:cat}
WHERE id = {int:item}', array('cat' => $newcat, 'item' => $id));
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}tp_variables
WHERE type = {string:type}
AND value5 = {int:val5}', array('type' => 'dl_not_approved', 'val5' => $id));
$smcFunc['db_free_result']($request);
}
} elseif (substr($what, 0, 16) == 'dl_admin_approve' && $value == 'ON') {
$id = abs(substr($what, 16));
$request = $smcFunc['db_query']('', '
SELECT category FROM {db_prefix}tp_dlmanager
WHERE id = {int:item}', array('item' => $id));
if ($smcFunc['db_num_rows']($request) > 0) {
$row = $smcFunc['db_fetch_row']($request);
$newcat = abs($row[0]);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET category = {int:cat}
WHERE id = {int:item}', array('cat' => $newcat, 'item' => $id));
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}tp_variables
WHERE type = {string:type}
AND value5 = {int:val5}', array('type' => 'dl_not_approved', 'val5' => $id));
$smcFunc['db_free_result']($request);
}
} elseif (substr($what, 0, 16) == 'dladmin_category') {
$id = substr($what, 16);
// update, but not on negative values :)
if ($value > 0) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET category = {int:cat}
WHERE id = {int:item}', array('cat' => $value, 'item' => $id));
}
} elseif (substr($what, 0, 14) == 'dladmin_parent') {
$id = substr($what, 14);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET parent = {int:parent}
WHERE id = {int:item}', array('parent' => $value, 'item' => $id));
} elseif (substr($what, 0, 15) == 'dladmin_subitem') {
$id = substr($what, 15);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET subitem = {int:sub}
WHERE id = {int:item}', array('sub' => $value, 'item' => $id));
} elseif (substr($what, 0, 11) == 'tp_dlcatpos') {
$id = substr($what, 11);
if (!empty($_POST['admineditcatval'])) {
$myid = $_POST['admineditcatval'];
$go = 4;
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET downloads = {int:down}
WHERE id = {int:item}', array('down' => $value, 'item' => $id));
} elseif (substr($what, 0, 18) == 'dladmin_screenshot') {
$id = substr($what, 18);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET screenshot = {string:ss}
WHERE id = {int:item}', array('ss' => $value, 'item' => $id));
} elseif (substr($what, 0, 12) == 'dladmin_link') {
$id = substr($what, 12);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET link = {string:link}
WHERE id = {int:item}', array('link' => $value, 'item' => $id));
} elseif (substr($what, 0, 12) == 'dladmin_file' && !isset($new_upload)) {
$id = substr($what, 12);
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET file = {string:file}
WHERE id = {int:item}', array('file' => $value, 'item' => $id));
$myid = $id;
$go = 2;
} elseif (substr($what, 0, 12) == 'dladmin_size' && !isset($new_upload)) {
$id = substr($what, 12);
// check the actual size
$name = $_POST['dladmin_file' . $id];
$value = filesize($boarddir . '/tp-downloads/' . $name);
if (!is_numeric($value)) {
$value = 0;
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}tp_dlmanager
SET filesize = {int:size}
WHERE id = {int:item}', array('size' => $value, 'item' => $id));
} elseif ($what == 'tp_dl_allowed_types') {
$changeArray['dl_allowed_types'] = $value;
$go = 1;
} elseif ($what == 'tp_dl_usescreenshot') {
$changeArray['dl_usescreenshot'] = $value;
$go = 1;
} elseif (substr($what, 0, 20) == 'tp_dl_screenshotsize') {
// which one
$who = substr($what, 20);
$result = $smcFunc['db_query']('', '
SELECT value FROM {db_prefix}tp_settings
WHERE name = {string:name} LIMIT 1', array('name' => 'dl_screenshotsizes'));
$row = $smcFunc['db_fetch_assoc']($result);
$smcFunc['db_free_result']($result);
$all = explode(',', $row['value']);
$all[$who] = $value;
$changeArray['dl_screenshotsizes'] = implode(',', $all);
$go = 1;
} elseif ($what == 'tp_dl_showfeatured') {
$changeArray['dl_showfeatured'] = $value;
$go = 1;
} elseif ($what == 'tp_dl_wysiwyg') {
$changeArray['dl_wysiwyg'] = $value;
$go = 1;
} elseif ($what == 'tp_dl_showrecent') {
$changeArray['dl_showlatest'] = $value;
$go = 1;
} elseif ($what == 'tp_dl_showstats') {
$changeArray['dl_showstats'] = $value;
$go = 1;
} elseif ($what == 'tp_dl_showcategorytext') {
$changeArray['dl_showcategorylist'] = $value;
$go = 1;
} elseif ($what == 'tp_dl_featured') {
$changeArray['dl_featured'] = $value;
$go = 1;
} elseif ($what == 'tp_dl_introtext') {
if ($context['TPortal']['dl_wysiwyg'] == 'bbc') {
// If we came from WYSIWYG then turn it back into BBC regardless.
if (!empty($_REQUEST['tp_dl_introtext']) && isset($_REQUEST['tp_dl_introtext'])) {
require_once $sourcedir . '/Subs-Editor.php';
$_REQUEST['tp_dl_introtext'] = html_to_bbc($_REQUEST['tp_dl_introtext']);
// We need to unhtml it now as it gets done shortly.
$_REQUEST['tp_dl_introtext'] = un_htmlspecialchars($_REQUEST['tp_dl_introtext']);
// We need this for everything else.
$value = $_POST['tp_dl_introtext'] = $_REQUEST['tp_dl_introtext'];
}
}
$changeArray['dl_introtext'] = trim($value);
$go = 1;
} elseif ($what == 'tp_dluploadsize') {
$changeArray['dl_max_upload_size'] = $value;
$go = 1;
} elseif ($what == 'tp_dl_approveonly') {
$changeArray['dl_approve'] = $value;
$go = 1;
} elseif ($what == 'tp_dlallowupload') {
$changeArray['dl_allow_upload'] = $value;
$go = 1;
} elseif ($what == 'tp_dl_fileprefix') {
$changeArray['dl_fileprefix'] = $value;
$go = 1;
} elseif ($what == 'tp_dltheme') {
$changeArray['dlmanager_theme'] = $value;
$go = 1;
}
}
// Update all the changes settings finally
updateTPSettings($changeArray);
// if we came from useredit screen..
if (isset($_POST['dl_useredit'])) {
redirectexit('action=tpmod;dl=useredit' . $_POST['dl_useredit']);
}
if (!empty($newgo)) {
$go = $newgo;
}
// guess not, admin screen then
if ($go == 1) {
redirectexit('action=tpmod;dl=adminsettings');
} elseif ($go == 2) {
redirectexit('action=tpmod;dl=adminitem' . $myid);
} elseif ($go == 3) {
redirectexit('action=tpmod;dl=admineditcat' . $myid);
} elseif ($go == 4) {
redirectexit('action=tpmod;dl=admincat' . $myid);
}
}
// ****************
TP_dlgeticons();
// get all themes
$context['TPthemes'] = array();
$request = $smcFunc['db_query']('', '
SELECT value AS name, id_theme as ID_THEME
FROM {db_prefix}themes
WHERE variable = {string:var}
AND id_member = {int:id_mem}
ORDER BY value ASC', array('var' => 'name', 'id_mem' => 0));
if ($smcFunc['db_num_rows']($request) > 0) {
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['TPthemes'][] = array('id' => $row['ID_THEME'], 'name' => $row['name']);
}
$smcFunc['db_free_result']($request);
}
// fetch all files from tp-downloads
$context['TPortal']['tp-downloads'] = array();
$count = 1;
if ($handle = opendir($boarddir . '/tp-downloads')) {
while (false !== ($file = readdir($handle))) {
if ($file != '.' && $file != '..' && $file != '.htaccess' && $file != 'icons') {
$size = floor(filesize($boarddir . '/tp-downloads/' . $file) / 102.4) / 10;
$context['TPortal']['tp-downloads'][$count] = array('id' => $count, 'file' => $file, 'size' => $size);
$count++;
}
}
closedir($handle);
}
// get all membergroups for permissions
$context['TPortal']['dlgroups'] = get_grps(true, true);
//fetch all categories
$sorted = array();
$context['TPortal']['linkcats'] = array();
$srequest = $smcFunc['db_query']('', '
SELECT id, name, description, icon, access, parent
FROM {db_prefix}tp_dlmanager
WHERE type = {string:type} ORDER BY downloads ASC', array('type' => 'dlcat'));
if ($smcFunc['db_num_rows']($srequest) > 0) {
while ($row = $smcFunc['db_fetch_assoc']($srequest)) {
// for the linktree
$context['TPortal']['linkcats'][$row['id']] = array('id' => $row['id'], 'name' => $row['name'], 'parent' => $row['parent']);
$sorted[$row['id']] = array('id' => $row['id'], 'parent' => $row['parent'], 'name' => $row['name'], 'text' => $row['description'], 'icon' => $row['icon']);
}
$smcFunc['db_free_result']($srequest);
}
// sort them
if (count($sorted) > 1) {
$context['TPortal']['admuploadcats'] = chain('id', 'parent', 'name', $sorted);
} else {
$context['TPortal']['admuploadcats'] = $sorted;
}
$context['TPortal']['dl_admcats'] = array();
$context['TPortal']['dl_admcats2'] = array();
$context['TPortal']['dl_admitems'] = array();
$context['TPortal']['dl_admcount'] = array();
$context['TPortal']['dl_admsubmitted'] = array();
$context['TPortal']['dl_allitems'] = array();
// count items in each category
$request = $smcFunc['db_query']('', '
SELECT file, category
FROM {db_prefix}tp_dlmanager
WHERE type = {string:type}', array('type' => 'dlitem'));
if ($smcFunc['db_num_rows']($request) > 0) {
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if ($row['category'] < 0) {
if (isset($context['TPortal']['dl_admsubmitted'][abs($row['category'])])) {
$context['TPortal']['dl_admsubmitted'][abs($row['category'])]++;
} else {
$context['TPortal']['dl_admsubmitted'][abs($row['category'])] = 1;
}
} else {
if (isset($context['TPortal']['dl_admcount'][$row['category']])) {
$context['TPortal']['dl_admcount'][$row['category']]++;
} else {
$context['TPortal']['dl_admcount'][$row['category']] = 1;
}
}
$context['TPortal']['dl_allitems'][] = $row['file'];
}
$smcFunc['db_free_result']($request);
}
// fetch all categories
$admsub = substr($context['TPortal']['dlsub'], 5);
if ($admsub == '') {
$context['TPortal']['dl_title'] = $txt['tp-dladmin'];
// fetch all categories with subcats
$req = $smcFunc['db_query']('', '
SELECT * FROM {db_prefix}tp_dlmanager
WHERE type = {string:type}
ORDER BY downloads ASC', array('type' => 'dlcat'));
if ($smcFunc['db_num_rows']($req) > 0) {
while ($brow = $smcFunc['db_fetch_assoc']($req)) {
if (isset($context['TPortal']['dl_admcount'][$brow['id']])) {
$items = $context['TPortal']['dl_admcount'][$brow['id']];
} else {
$items = 0;
}
if (isset($context['TPortal']['dl_admsubmitted'][$brow['id']])) {
$sitems = $context['TPortal']['dl_admsubmitted'][$brow['id']];
} else {
$sitems = 0;
}
$context['TPortal']['admcats'][] = array('id' => $brow['id'], 'name' => $brow['name'], 'icon' => $brow['icon'], 'access' => $brow['access'], 'parent' => $brow['parent'], 'description' => $brow['description'], 'shortname' => $brow['link'], 'items' => $items, 'submitted' => $sitems, 'total' => $items + $sitems, 'href' => $scripturl . '?action=tpmod;dl=admincat' . $brow['id'], 'href2' => $scripturl . '?action=tpmod;dl=admineditcat' . $brow['id'], 'href3' => $scripturl . '?action=tpmod;dl=admindelcat' . $brow['id'], 'pos' => $brow['downloads']);
}
$smcFunc['db_free_result']($req);
}
} elseif (substr($admsub, 0, 3) == 'cat') {
$cat = substr($admsub, 3);
// get the parent first
$request = $smcFunc['db_query']('', '
SELECT parent, name, link
FROM {db_prefix}tp_dlmanager
WHERE type = {string:type}
AND id = {int:item}', array('type' => 'dlcat', 'item' => $cat));
if ($smcFunc['db_num_rows']($request) > 0) {
$row = $smcFunc['db_fetch_assoc']($request);
$catparent = abs($row['parent']);
$catname = $row['name'];
$catshortname = $row['link'];
$smcFunc['db_free_result']($request);
}
// fetch items within a category
$request = $smcFunc['db_query']('', '
SELECT dl.*, dl.author_id as authorID,m.real_name as realName
FROM ({db_prefix}tp_dlmanager AS dl, {db_prefix}members AS m)
WHERE abs(dl.category) = {int:cat}
AND dl.type = {string:type}
AND dl.subitem = {int:sub}
AND dl.author_id = m.id_member
ORDER BY dl.id DESC', array('cat' => $cat, 'type' => 'dlitem', 'sub' => 0));
if ($smcFunc['db_num_rows']($request) > 0) {
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['TPortal']['dl_admitems'][] = array('id' => $row['id'], 'name' => $row['name'], 'icon' => $row['icon'], 'category' => abs($row['category']), 'file' => $row['file'], 'filesize' => floor($row['filesize'] / 1024), 'views' => $row['views'], 'authorID' => $row['authorID'], 'author' => '<a href="' . $scripturl . '?action=profile;u=' . $row['authorID'] . '">' . $row['realName'] . '</a>', 'created' => timeformat($row['created']), 'last_access' => timeformat($row['last_access']), 'description' => $row['description'], 'downloads' => $row['downloads'], 'sshot' => $row['screenshot'], 'link' => $row['link'], 'href' => $scripturl . '?action=tpmod;dl=adminitem' . $row['id'], 'approved' => $row['category'] < 0 ? '0' : '1', 'approve' => $scripturl . '?action=tpmod;dl=adminapprove' . $row['id']);
}
$smcFunc['db_free_result']($request);
}
// fetch all categories with subcats
$request = $smcFunc['db_query']('', '
SELECT * FROM {db_prefix}tp_dlmanager
WHERE type = {string:type}
ORDER BY name ASC', array('type' => 'dlcat'));
if ($smcFunc['db_num_rows']($request) > 0) {
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (isset($context['TPortal']['dl_admcount'][$row['id']])) {
$items = $context['TPortal']['dl_admcount'][$row['id']];
} else {
$items = 0;
}
if (isset($context['TPortal']['dl_admsubmitted'][$row['id']])) {
$sitems = $context['TPortal']['dl_admsubmitted'][$row['id']];
} else {
$sitems = 0;
}
$context['TPortal']['admcats'][] = array('id' => $row['id'], 'name' => $row['name'], 'pos' => $row['downloads'], 'icon' => $row['icon'], 'shortname' => $row['link'], 'access' => $row['access'], 'parent' => $row['parent'], 'description' => $row['description'], 'items' => $items, 'submitted' => $sitems, 'total' => $items + $sitems, 'href' => $scripturl . '?action=tpmod;dl=admincat' . $row['id'], 'href2' => $scripturl . '?action=tpmod;dl=admineditcat' . $row['id'], 'href3' => $scripturl . '?action=tpmod;dl=admindelcat' . $row['id']);
}
$smcFunc['db_free_result']($request);
}
// check to see if its child
$parents = array();
while ($catparent > 0) {
$parents[$catparent] = array('id' => $catparent, 'name' => $context['TPortal']['linkcats'][$catparent]['name'], 'parent' => $context['TPortal']['linkcats'][$catparent]['parent']);
$catparent = $context['TPortal']['linkcats'][$catparent]['parent'];
}
// make the linktree
TPadd_linktree($scripturl . '?action=tpmod;dl=admin', $txt['tp-dladmin']);
if (isset($parents)) {
$parts = array_reverse($parents, TRUE);
// add to the linktree
foreach ($parts as $parent) {
TPadd_linktree($scripturl . '?action=tpmod;dl=admincat' . $parent['id'], $parent['name']);
}
}
// add to the linktree
TPadd_linktree($scripturl . '?action=tpmod;dl=admincat' . $cat, $catname);
} elseif ($context['TPortal']['dlsub'] == 'adminsubmission') {
// check any submissions if admin
$submitted = array();
isAllowedTo('tp_dlmanager');
$context['TPortal']['dl_admitems'] = array();
$request = $smcFunc['db_query']('', '
SELECT dl.id, dl.name, dl.file, dl.created, dl.filesize, dl.author_id as authorID, m.real_name as realName
FROM ({db_prefix}tp_dlmanager AS dl, {db_prefix}members AS m)
WHERE dl.type = {string:type}
AND dl.category < 0
AND dl.author_id = m.id_member', array('type' => 'dlitem'));
if ($smcFunc['db_num_rows']($request) > 0) {
$rows = $smcFunc['db_num_rows']($request);
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['TPortal']['dl_admitems'][] = array('id' => $row['id'], 'name' => $row['name'], 'file' => $row['file'], 'filesize' => floor($row['filesize'] / 1024), 'href' => $scripturl . '?action=tpmod;dl=adminitem' . $row['id'], 'author' => '<a href="' . $scripturl . '?action=profile;u=' . $row['authorID'] . '">' . $row['realName'] . '</a>', 'date' => timeformat($row['created']));
$submitted[] = $row['id'];
}
$smcFunc['db_free_result']($request);
}
// check that submissions link to downloads
$request = $smcFunc['db_query']('', '
SELECT id,value5 FROM {db_prefix}tp_variables
WHERE type = {string:type}', array('type' => 'dl_not_approved'));
if ($smcFunc['db_num_rows']($request) > 0) {
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$what = $row['id'];
if (!in_array($row['value5'], $submitted)) {
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}tp_variables
WHERE id = {int:item}', array('item' => $what));
}
}
$smcFunc['db_free_result']($request);
}
} elseif (substr($admsub, 0, 7) == 'editcat') {
$context['TPortal']['dl_title'] = '<a href="' . $scripturl . '?action=tpmod;dl=admin">' . $txt['tp-dladmin'] . '</a>';
$cat = substr($admsub, 7);
// edit category
$request = $smcFunc['db_query']('', '
SELECT * FROM {db_prefix}tp_dlmanager
WHERE id = {int:item}
AND type = {string:type} LIMIT 1', array('item' => $cat, 'type' => 'dlcat'));
if ($smcFunc['db_num_rows']($request) > 0) {
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['TPortal']['admcats'][] = array('id' => $row['id'], 'name' => $row['name'], 'access' => $row['access'], 'shortname' => $row['link'], 'description' => $row['description'], 'icon' => $row['icon'], 'parent' => $row['parent']);
}
$smcFunc['db_free_result']($request);
}
if ($context['TPortal']['dl_wysiwyg'] == 'bbc') {
$context['TPortal']['editor_id'] = 'dladmin_text' . $context['TPortal']['admcats'][0]['id'];
TP_prebbcbox($context['TPortal']['editor_id'], $context['TPortal']['admcats'][0]['description']);
}
} elseif (substr($admsub, 0, 6) == 'delcat') {
$context['TPortal']['dl_title'] = '<a href="' . $scripturl . '?action=tpmod;dl=admin">' . $txt['tp-dladmin'] . '</a>';
$cat = substr($admsub, 6);
// delete category and all item it's in
$request = $smcFunc['db_query']('', '
DELETE FROM {db_prefix}tp_dlmanager
WHERE type = {string:type}
AND category = {int:cat}', array('type' => 'dlitem', 'cat' => $cat));
$request = $smcFunc['db_query']('', '
DELETE FROM {db_prefix}tp_dlmanager
WHERE id = {int:cat} LIMIT 1', array('cat' => $cat));
redirectexit('action=tpmod;dl=admin');
} elseif (substr($admsub, 0, 8) == 'settings') {
$context['TPortal']['dl_title'] = $txt['tp-dlsettings'];
} elseif (substr($admsub, 0, 4) == 'item') {
$item = substr($admsub, 4);
$request = $smcFunc['db_query']('', '
SELECT * FROM {db_prefix}tp_dlmanager
WHERE id = {int:item}
AND type = {string:type} LIMIT 1', array('item' => $item, 'type' => 'dlitem'));
if ($smcFunc['db_num_rows']($request) > 0) {
$row = $smcFunc['db_fetch_assoc']($request);
// is it actually a subitem?
if ($row['subitem'] > 0) {
redirectexit('action=tpmod;dl=adminitem' . $row['subitem']);
}
// Add in BBC editor before we call in template so the headers are there
if ($context['TPortal']['dl_wysiwyg'] == 'bbc') {
$context['TPortal']['editor_id'] = 'dladmin_text' . $item;
TP_prebbcbox($context['TPortal']['editor_id'], $row['description']);
}
// get all items for a list
$context['TPortal']['admitems'] = array();
$itemlist = $smcFunc['db_query']('', '
SELECT id, name FROM {db_prefix}tp_dlmanager
WHERE id != {int:item}
AND type = {string:type}
AND subitem = 0
ORDER BY name ASC', array('item' => $item, 'type' => 'dlitem'));
if ($smcFunc['db_num_rows']($itemlist) > 0) {
while ($ilist = $smcFunc['db_fetch_assoc']($itemlist)) {
$context['TPortal']['admitems'][] = array('id' => $ilist['id'], 'name' => $ilist['name']);
}
}
// Any additional files then..?
$subitem = $row['id'];
$fdata = array();
$fetch = $smcFunc['db_query']('', '
SELECT id, name, file, downloads, filesize, created
FROM {db_prefix}tp_dlmanager
WHERE type = {string:type}
AND subitem = {int:sub}', array('type' => 'dlitem', 'sub' => $subitem));
if ($smcFunc['db_num_rows']($fetch) > 0) {
while ($frow = $smcFunc['db_fetch_assoc']($fetch)) {
if ($context['TPortal']['dl_fileprefix'] == 'K') {
$ffs = ceil($row['filesize'] / 1000) . ' Kb';
} elseif ($context['TPortal']['dl_fileprefix'] == 'M') {
$ffs = ceil($row['filesize'] / 1000) / 1000 . ' Mb';
} elseif ($context['TPortal']['dl_fileprefix'] == 'G') {
$ffs = ceil($row['filesize'] / 1000000) / 1000 . ' Gb';
}
$fdata[] = array('id' => $frow['id'], 'name' => $frow['name'], 'file' => $frow['file'], 'href' => $scripturl . '?action=tpmod;dl=item' . $frow['id'], 'downloads' => $frow['downloads'], 'created' => $frow['created'], 'filesize' => $ffs);
}
$smcFunc['db_free_result']($fetch);
}
if (!empty($row['screenshot'])) {
if (substr($row['screenshot'], 0, 10) == 'tp-images/') {
$sshot = $boardurl . '/' . $row['screenshot'];
} else {
$sshot = $boardurl . '/tp-images/dlmanager/listing/' . $row['screenshot'];
}
}
$context['TPortal']['dl_admitems'][] = array('id' => $row['id'], 'name' => $row['name'], 'icon' => $row['icon'], 'category' => $row['category'], 'file' => $row['file'], 'views' => $row['views'], 'authorID' => $row['author_id'], 'description' => $row['description'], 'created' => timeformat($row['created']), 'last_access' => timeformat($row['last_access']), 'filesize' => substr($row['file'], 14) != '- empty item -' ? floor(filesize($boarddir . '/tp-downloads/' . $row['file']) / 1024) : '0', 'downloads' => $row['downloads'], 'sshot' => !empty($sshot) ? $sshot : '', 'screenshot' => $row['screenshot'], 'link' => $row['link'], 'href' => $scripturl . '?action=tpmod;dl=adminitem' . $row['id'], 'approved' => $row['category'] < 0 ? '0' : '1', 'approve' => $scripturl . '?action=tpmod;dl=adminitem' . $row['id'], 'subitem' => $fdata);
$authorID = $row['author_id'];
$catparent = $row['category'];
$itemname = $row['name'];
$smcFunc['db_free_result']($request);
$request = $smcFunc['db_query']('', '
SELECT mem.real_name as realName
FROM {db_prefix}members as mem
WHERE mem.id_member = {int:id_mem}', array('id_mem' => $authorID));
if ($smcFunc['db_num_rows']($request) > 0) {
$row = $smcFunc['db_fetch_assoc']($request);
$context['TPortal']['admcurrent']['member'] = $row['realName'];
$smcFunc['db_free_result']($request);
} else {
$context['TPortal']['admcurrent']['member'] = '-' . $txt['guest_title'] . '-';
}
}
// check to see if its child
$parents = array();
while ($catparent > 0) {
$parents[$catparent] = array('id' => $catparent, 'name' => $context['TPortal']['linkcats'][$catparent]['name'], 'parent' => $context['TPortal']['linkcats'][$catparent]['parent']);
$catparent = $context['TPortal']['linkcats'][$catparent]['parent'];
}
// make the linktree
TPadd_linktree($scripturl . '?action=tpmod;dl=admin', $txt['tp-dldownloads']);
if (isset($parents)) {
$parts = array_reverse($parents, TRUE);
// add to the linktree
foreach ($parts as $parent) {
TPadd_linktree($scripturl . '?action=tpmod;dl=admincat' . $parent['id'], $parent['name']);
}
}
// add to the linktree
TPadd_linktree($scripturl . '?action=tpmod;dl=adminitem' . $item, $itemname);
}
loadTemplate('TPdladmin');
if (loadLanguage('TPmodules') == false) {
loadLanguage('TPmodules', 'english');
}
if (loadLanguage('TPortalAdmin') == false) {
loadLanguage('TPortalAdmin', 'english');
}
// setup admin tabs according to subaction
$context['admin_area'] = 'tp_dlmanager';
$context['admin_tabs'] = array('title' => $txt['tp-dlheader1'], 'help' => $txt['tp-dlheader2'], 'description' => $txt['tp-dlheader3'], 'tabs' => array());
if (allowedTo('tp_dlmanager')) {
$context['TPortal']['subtabs'] = array('admin' => array('text' => 'tp-dltabs4', 'url' => $scripturl . '?action=tpmod;dl=admin', 'active' => substr($context['TPortal']['dlsub'], 0, 5) == 'admin' && $context['TPortal']['dlsub'] != 'adminsettings' && $context['TPortal']['dlsub'] != 'adminaddcat' && $context['TPortal']['dlsub'] != 'adminftp' && $context['TPortal']['dlsub'] != 'adminsubmission'), 'settings' => array('text' => 'tp-dltabs1', 'url' => $scripturl . '?action=tpmod;dl=adminsettings', 'active' => $context['TPortal']['dlsub'] == 'adminsettings'), 'addcategory' => array('text' => 'tp-dltabs2', 'url' => $scripturl . '?action=tpmod;dl=adminaddcat', 'active' => $context['TPortal']['dlsub'] == 'adminaddcat'), 'upload' => array('text' => 'tp-dltabs3', 'url' => $scripturl . '?action=tpmod;dl=upload', 'active' => $context['TPortal']['dlsub'] == 'upload'), 'submissions' => array('text' => 'tp-dlsubmissions', 'url' => $scripturl . '?action=tpmod;dl=adminsubmission', 'active' => $context['TPortal']['dlsub'] == 'adminsubmission'), 'ftp' => array('text' => 'tp-dlftp', 'url' => $scripturl . '?action=tpmod;dl=adminftp', 'active' => $context['TPortal']['dlsub'] == 'adminftp'));
}
$context['template_layers'][] = 'tpadm';
$context['template_layers'][] = 'subtab';
TPadminIndex('');
$context['current_action'] = 'admin';
}
function sportal_admin_page_edit()
{
global $txt, $context, $modSettings, $smcFunc, $sourcedir, $options;
require_once $sourcedir . '/Subs-Editor.php';
require_once $sourcedir . '/Subs-Post.php';
$context['SPortal']['is_new'] = empty($_REQUEST['page_id']);
if (!empty($_REQUEST['content_mode']) && $_POST['type'] == 'bbc') {
$_REQUEST['content'] = html_to_bbc($_REQUEST['content']);
$_REQUEST['content'] = un_htmlspecialchars($_REQUEST['content']);
$_POST['content'] = $_REQUEST['content'];
}
$context['sides'] = array(5 => $txt['sp-positionHeader'], 1 => $txt['sp-positionLeft'], 2 => $txt['sp-positionTop'], 3 => $txt['sp-positionBottom'], 4 => $txt['sp-positionRight'], 6 => $txt['sp-positionFooter']);
$blocks = getBlockInfo();
$context['page_blocks'] = array();
foreach ($blocks as $block) {
$shown = false;
$tests = array('all', 'allpages', 'sforum');
if (!$context['SPortal']['is_new']) {
$tests[] = 'p' . (int) $_REQUEST['page_id'];
}
foreach (array('display', 'display_custom') as $field) {
if (substr($block[$field], 0, 4) === '$php') {
continue 2;
}
$block[$field] = explode(',', $block[$field]);
if (!$context['SPortal']['is_new'] && in_array('-p' . (int) $_REQUEST['page_id'], $block[$field])) {
continue;
}
foreach ($tests as $test) {
if (in_array($test, $block[$field])) {
$shown = true;
break;
}
}
}
$context['page_blocks'][$block['column']][] = array('id' => $block['id'], 'label' => $block['label'], 'shown' => $shown);
}
if (!empty($_POST['submit'])) {
checkSession();
if (!isset($_POST['title']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES)) === '') {
fatal_lang_error('sp_error_page_name_empty', false);
}
if (!isset($_POST['namespace']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES)) === '') {
fatal_lang_error('sp_error_page_namespace_empty', false);
}
$result = $smcFunc['db_query']('', '
SELECT id_page
FROM {db_prefix}sp_pages
WHERE namespace = {string:namespace}
AND id_page != {int:current}
LIMIT 1', array('limit' => 1, 'namespace' => $smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES), 'current' => (int) $_POST['page_id']));
list($has_duplicate) = $smcFunc['db_fetch_row']($result);
$smcFunc['db_free_result']($result);
if (!empty($has_duplicate)) {
fatal_lang_error('sp_error_page_namespace_duplicate', false);
}
if (preg_match('~[^A-Za-z0-9_]+~', $_POST['namespace']) != 0) {
fatal_lang_error('sp_error_page_namespace_invalid_chars', false);
}
if (preg_replace('~[0-9]+~', '', $_POST['namespace']) === '') {
fatal_lang_error('sp_error_page_namespace_numeric', false);
}
if ($_POST['type'] == 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) {
$error = sp_validate_php($_POST['content']);
if ($error) {
fatal_lang_error('error_sp_php_' . $error, false);
}
}
$permission_set = 0;
$groups_allowed = $groups_denied = '';
if (!empty($_POST['permission_set'])) {
$permission_set = (int) $_POST['permission_set'];
} elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) {
$groups_allowed = $groups_denied = array();
foreach ($_POST['membergroups'] as $id => $value) {
if ($value == 1) {
$groups_allowed[] = (int) $id;
} elseif ($value == -1) {
$groups_denied[] = (int) $id;
}
}
$groups_allowed = implode(',', $groups_allowed);
$groups_denied = implode(',', $groups_denied);
}
if (!empty($_POST['blocks']) && is_array($_POST['blocks'])) {
foreach ($_POST['blocks'] as $id => $block) {
$_POST['blocks'][$id] = (int) $block;
}
} else {
$_POST['blocks'] = array();
}
$fields = array('namespace' => 'string', 'title' => 'string', 'body' => 'string', 'type' => 'string', 'permission_set' => 'int', 'groups_allowed' => 'string', 'groups_denied' => 'string', 'style' => 'string', 'status' => 'int');
$page_info = array('id' => (int) $_POST['page_id'], 'namespace' => $smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES), 'title' => $smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES), 'body' => $smcFunc['htmlspecialchars']($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']) ? 1 : 0);
if ($page_info['type'] == 'bbc') {
preparsecode($page_info['body']);
}
if ($context['SPortal']['is_new']) {
unset($page_info['id']);
$smcFunc['db_insert']('', '{db_prefix}sp_pages', $fields, $page_info, array('id_page'));
$page_info['id'] = $smcFunc['db_insert_id']('{db_prefix}sp_pages', 'id_page');
} else {
$update_fields = array();
foreach ($fields as $name => $type) {
$update_fields[] = $name . ' = {' . $type . ':' . $name . '}';
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}sp_pages
SET ' . implode(', ', $update_fields) . '
WHERE id_page = {int:id}', $page_info);
}
$to_show = array();
$not_to_show = array();
$changes = array();
foreach ($context['page_blocks'] as $page_blocks) {
foreach ($page_blocks as $block) {
if ($block['shown'] && !in_array($block['id'], $_POST['blocks'])) {
$not_to_show[] = $block['id'];
} elseif (!$block['shown'] && in_array($block['id'], $_POST['blocks'])) {
$to_show[] = $block['id'];
}
}
}
foreach ($to_show as $id) {
if (empty($blocks[$id]['display']) && empty($blocks[$id]['display_custom']) || $blocks[$id]['display'] == 'sportal') {
$changes[$id] = array('display' => 'portal,p' . $page_info['id'], 'display_custom' => '');
} elseif (in_array($blocks[$id]['display'], array('allaction', 'allboard'))) {
$changes[$id] = array('display' => '', 'display_custom' => $blocks[$id]['display'] . ',p' . $page_info['id']);
} elseif (in_array('-p' . $page_info['id'], explode(',', $blocks[$id]['display_custom']))) {
$changes[$id] = array('display' => $blocks[$id]['display'], 'display_custom' => implode(',', array_diff(explode(',', $blocks[$id]['display_custom']), array('-p' . $page_info['id']))));
} elseif (empty($blocks[$id]['display_custom'])) {
$changes[$id] = array('display' => implode(',', array_merge(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
} else {
$changes[$id] = array('display' => $blocks[$id]['display'], 'display_custom' => implode(',', array_merge(explode(',', $blocks[$id]['display_custom']), array('p' . $page_info['id']))));
}
}
foreach ($not_to_show as $id) {
if (count(array_intersect(array($blocks[$id]['display'], $blocks[$id]['display_custom']), array('sforum', 'allpages', 'all'))) > 0) {
$changes[$id] = array('display' => '', 'display_custom' => $blocks[$id]['display'] . $blocks[$id]['display_custom'] . ',-p' . $page_info['id']);
} elseif (empty($blocks[$id]['display_custom'])) {
$changes[$id] = array('display' => implode(',', array_diff(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
} else {
$changes[$id] = array('display' => implode(',', array_diff(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => implode(',', array_diff(explode(',', $blocks[$id]['display_custom']), array('p' . $page_info['id']))));
}
}
foreach ($changes as $id => $data) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}sp_blocks
SET
display = {string:display},
display_custom = {string:display_custom}
WHERE id_block = {int:id}', array('id' => $id, 'display' => $data['display'], 'display_custom' => $data['display_custom']));
}
redirectexit('action=admin;area=portalpages');
}
if (!empty($_POST['preview'])) {
$permission_set = 0;
$groups_allowed = $groups_denied = array();
if (!empty($_POST['permission_set'])) {
$permission_set = (int) $_POST['permission_set'];
} elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) {
foreach ($_POST['membergroups'] as $id => $value) {
if ($value == 1) {
$groups_allowed[] = (int) $id;
} elseif ($value == -1) {
$groups_denied[] = (int) $id;
}
}
}
$context['SPortal']['page'] = array('id' => $_POST['page_id'], 'page_id' => $_POST['namespace'], 'title' => $smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES), 'body' => $smcFunc['htmlspecialchars']($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']));
if ($context['SPortal']['page']['type'] == 'bbc') {
preparsecode($context['SPortal']['page']['body']);
}
loadTemplate('PortalPages');
$context['SPortal']['preview'] = true;
} elseif ($context['SPortal']['is_new']) {
$context['SPortal']['page'] = array('id' => 0, 'page_id' => 'page' . mt_rand(1, 5000), 'title' => $txt['sp_pages_default_title'], 'body' => '', 'type' => 'bbc', 'permission_set' => 3, 'groups_allowed' => array(), 'groups_denied' => array(), 'style' => '', 'status' => 1);
} else {
$_REQUEST['page_id'] = (int) $_REQUEST['page_id'];
$context['SPortal']['page'] = sportal_get_pages($_REQUEST['page_id']);
}
if ($context['SPortal']['page']['type'] == 'bbc') {
$context['SPortal']['page']['body'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), un_preparsecode($context['SPortal']['page']['body']));
}
if ($context['SPortal']['page']['type'] != 'bbc') {
$temp_editor = !empty($options['wysiwyg_default']);
$options['wysiwyg_default'] = false;
}
$editorOptions = array('id' => 'content', 'value' => $context['SPortal']['page']['body'], 'width' => '95%', 'height' => '200px', 'preview_type' => 0);
create_control_richedit($editorOptions);
$context['post_box_name'] = $editorOptions['id'];
if (isset($temp_editor)) {
$options['wysiwyg_default'] = $temp_editor;
}
$context['SPortal']['page']['groups'] = sp_load_membergroups();
$context['SPortal']['page']['style'] = sportal_parse_style('explode', $context['SPortal']['page']['style'], !empty($context['SPortal']['preview']));
$context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp_admin_pages_add'] : $txt['sp_admin_pages_edit'];
$context['sub_template'] = 'pages_edit';
}
function text2words($text, $max_chars = 20, $encrypt = false)
{
global $smcFunc, $context;
// Step 1: Remove entities/things we don't consider words:
$words = preg_replace('~(?:[\\x0B\\0' . ($context['utf8'] ? $context['server']['complex_preg_chars'] ? '\\x{A0}' : "Â " : '\\xA0') . '\\t\\r\\s\\n(){}\\[\\]<>!@$%^*.,:+=`\\~\\?/\\\\]+|&(?:amp|lt|gt|quot);)+~' . ($context['utf8'] ? 'u' : ''), ' ', strtr($text, array('<br />' => ' ')));
// Step 2: Entities we left to letters, where applicable, lowercase.
$words = un_htmlspecialchars($smcFunc['strtolower']($words));
// Step 3: Ready to split apart and index!
$words = explode(' ', $words);
if ($encrypt) {
$possible_chars = array_flip(array_merge(range(46, 57), range(65, 90), range(97, 122)));
$returned_ints = array();
foreach ($words as $word) {
if (($word = trim($word, '-_\'')) !== '') {
$encrypted = substr(crypt($word, 'uk'), 2, $max_chars);
$total = 0;
for ($i = 0; $i < $max_chars; $i++) {
$total += $possible_chars[ord($encrypted[$i])] * pow(63, $i);
}
$returned_ints[] = $max_chars == 4 ? min($total, 16777215) : $total;
}
}
return array_unique($returned_ints);
} else {
// Trim characters before and after and add slashes for database insertion.
$returned_words = array();
foreach ($words as $word) {
if (($word = trim($word, '-_\'')) !== '') {
$returned_words[] = $max_chars === null ? $word : substr($word, 0, $max_chars);
}
}
// Filter out all words that occur more than once.
return array_unique($returned_words);
}
}
