/**
* Verifies if an event description is valid or not and attempts to fix it
*
* @return boolean True if valid, false if invalid.
*/
function verify_description()
{
$description =& $this->data['description'];
$description = utf8_handle_4byte_string($description);
$description = trim($description);
if (!$description) {
$this->set_error("missing_description");
return false;
}
return true;
}
/**
* Verifies if a message for a PM is valid.
*
* @return boolean True when valid, false when invalid.
*/
function verify_message()
{
$message =& $this->data['message'];
$message = utf8_handle_4byte_string($message);
// No message, return an error.
if (trim_blank_chrs($message) == '') {
$this->set_error("missing_message");
return false;
}
return true;
}
}
$uid = 0;
}
} else {
$username = $mybb->user['username'];
$uid = $mybb->user['uid'];
}
// Attempt to see if this post is a duplicate or not
if ($uid > 0) {
$user_check = "p.uid='{$uid}'";
} else {
$user_check = "p.ipaddress='" . $db->escape_string($session->ipaddress) . "'";
}
if (!$mybb->input['savedraft'] && !$pid) {
$check_subject = utf8_handle_4byte_string($mybb->input['subject']);
$check_message = utf8_handle_4byte_string($mybb->input['message']);
$query = $db->simple_select("posts p", "p.pid", "{$user_check} AND p.fid='{$forum['fid']}' AND p.subject='" . $db->escape_string($check_subject) . "' AND p.message='" . $db->escape_string($check_message) . "' AND p.dateline>" . (TIME_NOW - 600));
$duplicate_check = $db->fetch_field($query, "pid");
if ($duplicate_check) {
error($lang->error_post_already_submitted);
}
}
// Set up posthandler.
require_once MYBB_ROOT . "inc/datahandlers/post.php";
$posthandler = new PostDataHandler("insert");
$posthandler->action = "thread";
// Set the thread data that came from the input to the $thread array.
$new_thread = array("fid" => $forum['fid'], "subject" => $mybb->input['subject'], "prefix" => $mybb->input['threadprefix'], "icon" => $mybb->input['icon'], "uid" => $uid, "username" => $username, "message" => $mybb->input['message'], "ipaddress" => get_ip(), "posthash" => $mybb->input['posthash']);
if ($pid != '') {
$new_thread['pid'] = $pid;
}
$voteslist .= "||~|~||";
}
$optionslist .= trim(utf8_handle_4byte_string($options[$i]));
if (intval($votes[$i]) <= 0) {
$votes[$i] = "0";
}
$voteslist .= $votes[$i];
$numvotes = $numvotes + $votes[$i];
}
}
if ($mybb->input['timeout'] > 0) {
$timeout = intval($mybb->input['timeout']);
} else {
$timeout = 0;
}
$mybb->input['question'] = utf8_handle_4byte_string($mybb->input['question']);
$updatedpoll = array("question" => $db->escape_string($mybb->input['question']), "options" => $db->escape_string($optionslist), "votes" => $db->escape_string($voteslist), "numoptions" => intval($optioncount), "numvotes" => $numvotes, "timeout" => $timeout, "closed" => $postoptions['closed'], "multiple" => $postoptions['multiple'], "public" => $postoptions['public']);
$plugins->run_hooks("polls_do_editpoll_process");
$db->update_query("polls", $updatedpoll, "pid='" . intval($mybb->input['pid']) . "'");
$plugins->run_hooks("polls_do_editpoll_end");
$modlogdata['fid'] = $thread['fid'];
$modlogdata['tid'] = $thread['tid'];
log_moderator_action($modlogdata, $lang->poll_edited);
redirect(get_thread_link($thread['tid']), $lang->redirect_pollupdated);
}
if ($mybb->input['action'] == "showresults") {
$query = $db->simple_select("polls", "*", "pid='" . intval($mybb->input['pid']) . "'");
$poll = $db->fetch_array($query);
if (!$poll['pid']) {
error($lang->error_invalidpoll);
}
/**
* Verifies if a profile fields are filled in correctly.
*
* @return boolean True when valid, false when invalid.
*/
function verify_profile_fields()
{
global $db;
$user =& $this->data;
$profile_fields =& $this->data['profile_fields'];
// Loop through profile fields checking if they exist or not and are filled in.
$userfields = array();
$comma = '';
$editable = '';
if (!$this->data['profile_fields_editable']) {
$editable = "editable=1";
}
// Fetch all profile fields first.
$options = array('order_by' => 'disporder');
$query = $db->simple_select('profilefields', 'name, type, fid, required, maxlength', $editable, $options);
// Then loop through the profile fields.
while ($profilefield = $db->fetch_array($query)) {
$profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
$thing = explode("\n", $profilefield['type'], "2");
$type = trim($thing[0]);
$field = "fid{$profilefield['fid']}";
// If the profile field is required, but not filled in, present error.
if ($type != "multiselect" && $type != "checkbox") {
if (trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") {
$this->set_error('missing_required_profile_field', array($profilefield['name']));
}
} elseif (($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") {
$this->set_error('missing_required_profile_field', array($profilefield['name']));
}
// Sort out multiselect/checkbox profile fields.
$options = '';
if (($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field])) {
$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
foreach ($profile_fields[$field] as $value) {
if (!in_array(htmlspecialchars_uni($value), $expoptions)) {
$this->set_error('bad_profile_field_values', array($profilefield['name']));
}
if ($options) {
$options .= "\n";
}
$options .= $db->escape_string($value);
}
} elseif ($type == "select" || $type == "radio") {
$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
if (!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "") {
$this->set_error('bad_profile_field_values', array($profilefield['name']));
}
$options = $db->escape_string($profile_fields[$field]);
} elseif ($type == "textarea") {
if ($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) {
$this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
}
$profile_fields[$field] = utf8_handle_4byte_string($profile_fields[$field]);
$options = $db->escape_string($profile_fields[$field]);
} else {
$profile_fields[$field] = utf8_handle_4byte_string($profile_fields[$field]);
if ($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) {
$this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
}
$options = $db->escape_string($profile_fields[$field]);
}
$user['user_fields'][$field] = $options;
}
return true;
}
$pm_recipients[] = $mod['uid'];
} else {
my_mail($mod['email'], $emailsubject, $emailmessage);
}
}
if (count($pm_recipients) > 0) {
$emailsubject = $lang->sprintf($lang->emailsubject_reportpost, $mybb->settings['bbname']);
$emailmessage = $lang->sprintf($lang->email_reportpost, $mybb->user['username'], $mybb->settings['bbname'], $post['subject'], $mybb->settings['bburl'], str_replace('&', '&', get_post_link($post['pid'], $thread['tid']) . "#pid" . $post['pid']), $thread['subject'], $mybb->input['reason']);
require_once MYBB_ROOT . "inc/datahandlers/pm.php";
$pmhandler = new PMDataHandler();
$pm = array("subject" => $emailsubject, "message" => $emailmessage, "icon" => 0, "fromid" => $mybb->user['uid'], "toid" => $pm_recipients);
$pmhandler->admin_override = true;
$pmhandler->set_data($pm);
// Now let the pm handler do all the hard work.
if (!$pmhandler->validate_pm()) {
// Force it to valid to just get it out of here
$pmhandler->is_validated = true;
$pmhandler->errors = array();
}
$pminfo = $pmhandler->insert_pm();
}
} else {
$mybb->input['reason'] = utf8_handle_4byte_string($mybb->input['reason']);
$reportedpost = array("pid" => intval($mybb->input['pid']), "tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $mybb->user['uid'], "dateline" => TIME_NOW, "reportstatus" => 0, "reason" => $db->escape_string(htmlspecialchars_uni($mybb->input['reason'])));
$db->insert_query("reportedposts", $reportedpost);
$cache->update_reportedposts();
}
$plugins->run_hooks("report_do_report_end");
eval("\$report = \"" . $templates->get("report_thanks") . "\";");
output_page($report);
}
if ($mybb->input['reputation'] > 0 && $mybb->settings['posrep'] != 1) {
$show_back = 1;
$message = $lang->add_positive_disabled;
eval("\$error = \"" . $templates->get("reputation_add_error") . "\";");
output_page($error);
exit;
}
// The length of the comment is too long
if (my_strlen($mybb->input['comments']) > $mybb->settings['maxreplength']) {
$show_back = 1;
$message = $lang->sprintf($lang->add_toolong, $mybb->settings['maxreplength']);
eval("\$error = \"" . $templates->get("reputation_add_error") . "\";");
output_page($error);
exit;
}
$mybb->input['comments'] = utf8_handle_4byte_string($mybb->input['comments']);
// Build array of reputation data.
$reputation = array("uid" => $uid, "adduid" => $mybb->user['uid'], "pid" => intval($mybb->input['pid']), "reputation" => intval($mybb->input['reputation']), "dateline" => TIME_NOW, "comments" => $db->escape_string($mybb->input['comments']));
$plugins->run_hooks("reputation_do_add_process");
// Updating an existing reputation
if ($existing_reputation['uid'] || $existing_post_reputation['uid']) {
if ($existing_reputation['uid']) {
$db->update_query("reputation", $reputation, "rid='" . $existing_reputation['rid'] . "'");
} elseif ($existing_post_reputation['uid']) {
$db->update_query("reputation", $reputation, "rid='" . $existing_post_reputation['rid'] . "'");
}
// Recount the reputation of this user - keep it in sync.
$query = $db->simple_select("reputation", "SUM(reputation) AS reputation_count", "uid='{$uid}'");
$reputation_value = $db->fetch_field($query, "reputation_count");
$db->update_query("users", array('reputation' => intval($reputation_value)), "uid='{$uid}'");
$lang->vote_added = $lang->vote_updated;
/**
* Verifies a post message.
*
* @param string The message content.
*/
function verify_message()
{
global $mybb;
$post =& $this->data;
$post['message'] = trim_blank_chrs($post['message']);
$post['message'] = utf8_handle_4byte_string($post['message']);
// Do we even have a message at all?
if (my_strlen($post['message']) == 0) {
$this->set_error("missing_message");
return false;
} else {
if (strlen($post['message']) > $mybb->settings['maxmessagelength'] && $mybb->settings['maxmessagelength'] > 0 && !is_moderator($post['fid'], "", $post['uid'])) {
$this->set_error("message_too_long", array($mybb->settings['maxmessagelength'], strlen($post['message'])));
return false;
} else {
if (my_strlen($post['message']) < $mybb->settings['minmessagelength'] && $mybb->settings['minmessagelength'] > 0 && !is_moderator($post['fid'], "", $post['uid'])) {
$this->set_error("message_too_short", array($mybb->settings['minmessagelength']));
return false;
}
}
}
return true;
}
}
break;
case 4:
if ($val == $lang->folder_trash || trim($val) == '') {
$val = '';
}
break;
}
}
if ($val != '' && trim($val) == '' && !($key >= 1 && $key <= 4)) {
// If the name only contains whitespace and it's not a default folder, print an error
error($lang->error_emptypmfoldername);
}
if ($val != '' || $key >= 1 && $key <= 4) {
// If there is a name or if this is a default folder, save it
$foldername = utf8_handle_4byte_string($val);
$foldername = $db->escape_string(htmlspecialchars_uni($foldername));
if (my_strpos($foldername, "\$%%\$") === false) {
if ($folders != '') {
$folders .= "\$%%\$";
}
$folders .= "{$fid}**{$foldername}";
} else {
error($lang->error_invalidpmfoldername);
}
} else {
// Delete PMs from the folder
$db->delete_query("privatemessages", "folder='{$fid}' AND uid='" . $mybb->user['uid'] . "'");
}
}
}
/**
* Actually move a file to the uploads directory
*
* @param array The PHP $_FILE array for the file
* @param string The path to save the file in
* @param string The filename for the file (if blank, current is used)
*/
function upload_file($file, $path, $filename = "")
{
global $plugins;
if (empty($file['name']) || $file['name'] == "none" || $file['size'] < 1) {
$upload['error'] = 1;
return $upload;
}
if (!$filename) {
$filename = $file['name'];
}
$upload['original_filename'] = preg_replace("#/\$#", "", $file['name']);
// Make the filename safe
$upload['original_filename'] = utf8_handle_4byte_string($upload['original_filename']);
$filename = preg_replace("#/\$#", "", $filename);
// Make the filename safe
$moved = @move_uploaded_file($file['tmp_name'], $path . "/" . $filename);
if (!$moved) {
$upload['error'] = 2;
return $upload;
}
@my_chmod($path . "/" . $filename, '0644');
$upload['filename'] = $filename;
$upload['path'] = $path;
$upload['type'] = $file['type'];
$upload['size'] = $file['size'];
$upload = $plugins->run_hooks("upload_file_end", $upload);
return $upload;
}