public function run()
{
parent::run();
$this->getInputJson();
if (!($token = validateToken($this->input['token']))) {
throw new \Exception("Invalid token.");
}
//TODO: delete global somehow
global $user;
$user = new \User($token['uid']);
if (isset($this->input['remove'])) {
if (!$user->removeFavorites($this->input['remove'])) {
throw new \Exception("Could not remove favorites.");
}
}
if (isset($this->input['add'])) {
if (!$user->addFavorites($this->input['add'])) {
throw new \Exception("Could not add favorites.");
}
}
$favorites = array();
$user->getFavorites();
foreach ($user->favorites as $favorite) {
$favorites[] = $favorite['tid'];
}
$this->return['favorites'] = $favorites;
}
/**
* The function that handles adding, and deleting holiday data
*/
function ModifyHolidays()
{
global $sourcedir, $scripturl, $txt, $context;
// Submitting something...
if (isset($_REQUEST['delete']) && !empty($_REQUEST['holiday'])) {
checkSession();
validateToken('admin-mc');
foreach ($_REQUEST['holiday'] as $id => $value) {
$_REQUEST['holiday'][$id] = (int) $id;
}
// Now the IDs are "safe" do the delete...
require_once $sourcedir . '/Subs-Calendar.php';
removeHolidays($_REQUEST['holiday']);
}
createToken('admin-mc');
$listOptions = array('id' => 'holiday_list', 'title' => $txt['current_holidays'], 'items_per_page' => 20, 'base_href' => $scripturl . '?action=admin;area=managecalendar;sa=holidays', 'default_sort_col' => 'name', 'get_items' => array('file' => $sourcedir . '/Subs-Calendar.php', 'function' => 'list_getHolidays'), 'get_count' => array('file' => $sourcedir . '/Subs-Calendar.php', 'function' => 'list_getNumHolidays'), 'no_items_label' => $txt['holidays_no_entries'], 'columns' => array('name' => array('header' => array('value' => $txt['holidays_title']), 'data' => array('sprintf' => array('format' => '<a href="' . $scripturl . '?action=admin;area=managecalendar;sa=editholiday;holiday=%1$d">%2$s</a>', 'params' => array('id_holiday' => false, 'title' => false))), 'sort' => array('default' => 'title', 'reverse' => 'title DESC')), 'date' => array('header' => array('value' => $txt['date']), 'data' => array('function' => create_function('$rowData', '
global $txt;
// Recurring every year or just a single year?
$year = $rowData[\'year\'] == \'0004\' ? sprintf(\'(%1$s)\', $txt[\'every_year\']) : $rowData[\'year\'];
// Construct the date.
return sprintf(\'%1$d %2$s %3$s\', $rowData[\'day\'], $txt[\'months\'][(int) $rowData[\'month\']], $year);
')), 'sort' => array('default' => 'event_date', 'reverse' => 'event_date DESC')), 'check' => array('header' => array('value' => '<input type="checkbox" onclick="invertAll(this, this.form);" class="input_check" />'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="holiday[%1$d]" class="input_check" />', 'params' => array('id_holiday' => false)), 'style' => 'text-align: center'))), 'form' => array('href' => $scripturl . '?action=admin;area=managecalendar;sa=holidays', 'token' => 'admin-mc'), 'additional_rows' => array(array('position' => 'below_table_data', 'value' => '
<input type="submit" name="delete" value="' . $txt['quickmod_delete_selected'] . '" class="button_submit" />
<a class="button_link" href="' . $scripturl . '?action=admin;area=managecalendar;sa=editholiday" style="margin: 0 1em">' . $txt['holidays_add'] . '</a>', 'style' => 'text-align: right;')));
require_once $sourcedir . '/Subs-List.php';
createList($listOptions);
//loadTemplate('ManageCalendar');
$context['page_title'] = $txt['manage_holidays'];
// Since the list is the only thing to show, use the default list template.
$context['default_list'] = 'holiday_list';
$context['sub_template'] = 'show_list';
}
/**
* The function that handles adding, and deleting holiday data
*/
public function action_holidays()
{
global $scripturl, $txt, $context;
// Submitting something...
if (isset($_REQUEST['delete']) && !empty($_REQUEST['holiday'])) {
checkSession();
validateToken('admin-mc');
$to_remove = array_map('intval', array_keys($_REQUEST['holiday']));
// Now the IDs are "safe" do the delete...
require_once SUBSDIR . '/Calendar.subs.php';
removeHolidays($to_remove);
}
createToken('admin-mc');
$listOptions = array('id' => 'holiday_list', 'title' => $txt['current_holidays'], 'items_per_page' => 20, 'base_href' => $scripturl . '?action=admin;area=managecalendar;sa=holidays', 'default_sort_col' => 'name', 'get_items' => array('file' => SUBSDIR . '/Calendar.subs.php', 'function' => 'list_getHolidays'), 'get_count' => array('file' => SUBSDIR . '/Calendar.subs.php', 'function' => 'list_getNumHolidays'), 'no_items_label' => $txt['holidays_no_entries'], 'columns' => array('name' => array('header' => array('value' => $txt['holidays_title']), 'data' => array('sprintf' => array('format' => '<a href="' . $scripturl . '?action=admin;area=managecalendar;sa=editholiday;holiday=%1$d">%2$s</a>', 'params' => array('id_holiday' => false, 'title' => false))), 'sort' => array('default' => 'title', 'reverse' => 'title DESC')), 'date' => array('header' => array('value' => $txt['date']), 'data' => array('function' => create_function('$rowData', '
global $txt;
// Recurring every year or just a single year?
$year = $rowData[\'year\'] == \'0004\' ? sprintf(\'(%1$s)\', $txt[\'every_year\']) : $rowData[\'year\'];
// Construct the date.
return sprintf(\'%1$d %2$s %3$s\', $rowData[\'day\'], $txt[\'months\'][(int) $rowData[\'month\']], $year);
')), 'sort' => array('default' => 'event_date', 'reverse' => 'event_date DESC')), 'check' => array('header' => array('value' => '<input type="checkbox" onclick="invertAll(this, this.form);" class="input_check" />', 'class' => 'centertext'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="holiday[%1$d]" class="input_check" />', 'params' => array('id_holiday' => false)), 'class' => 'centertext'))), 'form' => array('href' => $scripturl . '?action=admin;area=managecalendar;sa=holidays', 'token' => 'admin-mc'), 'additional_rows' => array(array('position' => 'below_table_data', 'class' => 'submitbutton', 'value' => '<input type="submit" name="delete" value="' . $txt['quickmod_delete_selected'] . '" class="right_submit" onclick="return confirm(\'' . $txt['holidays_delete_confirm'] . '\');" />
<a class="linkbutton" href="' . $scripturl . '?action=admin;area=managecalendar;sa=editholiday">' . $txt['holidays_add'] . '</a>')));
require_once SUBSDIR . '/GenericList.class.php';
createList($listOptions);
$context['page_title'] = $txt['manage_holidays'];
}
/**
* Shows an interface to set and test censored words.
* It uses the censor_vulgar, censor_proper, censorWholeWord, and censorIgnoreCase
* settings.
* Requires the admin_forum permission.
* Accessed from ?action=admin;area=postsettings;sa=censor.
*
* @uses the Admin template and the edit_censored sub template.
*/
function SetCensor()
{
global $txt, $modSettings, $context, $smcFunc, $sourcedir;
if (!empty($_POST['save_censor'])) {
// Make sure censoring is something they can do.
checkSession();
validateToken('admin-censor');
$censored_vulgar = array();
$censored_proper = array();
// Rip it apart, then split it into two arrays.
if (isset($_POST['censortext'])) {
$_POST['censortext'] = explode("\n", strtr($_POST['censortext'], array("\r" => '')));
foreach ($_POST['censortext'] as $c) {
list($censored_vulgar[], $censored_proper[]) = array_pad(explode('=', trim($c)), 2, '');
}
} elseif (isset($_POST['censor_vulgar'], $_POST['censor_proper'])) {
if (is_array($_POST['censor_vulgar'])) {
foreach ($_POST['censor_vulgar'] as $i => $value) {
if (trim(strtr($value, '*', ' ')) == '') {
unset($_POST['censor_vulgar'][$i], $_POST['censor_proper'][$i]);
}
}
$censored_vulgar = $_POST['censor_vulgar'];
$censored_proper = $_POST['censor_proper'];
} else {
$censored_vulgar = explode("\n", strtr($_POST['censor_vulgar'], array("\r" => '')));
$censored_proper = explode("\n", strtr($_POST['censor_proper'], array("\r" => '')));
}
}
// Set the new arrays and settings in the database.
$updates = array('censor_vulgar' => implode("\n", $censored_vulgar), 'censor_proper' => implode("\n", $censored_proper), 'censorWholeWord' => empty($_POST['censorWholeWord']) ? '0' : '1', 'censorIgnoreCase' => empty($_POST['censorIgnoreCase']) ? '0' : '1');
call_integration_hook('integrate_save_censors', array(&$updates));
updateSettings($updates);
}
if (isset($_POST['censortest'])) {
require_once $sourcedir . '/Subs-Post.php';
$censorText = htmlspecialchars($_POST['censortest'], ENT_QUOTES);
preparsecode($censorText);
$context['censor_test'] = strtr(censorText($censorText), array('"' => '"'));
}
// Set everything up for the template to do its thang.
$censor_vulgar = explode("\n", $modSettings['censor_vulgar']);
$censor_proper = explode("\n", $modSettings['censor_proper']);
$context['censored_words'] = array();
for ($i = 0, $n = count($censor_vulgar); $i < $n; $i++) {
if (empty($censor_vulgar[$i])) {
continue;
}
// Skip it, it's either spaces or stars only.
if (trim(strtr($censor_vulgar[$i], '*', ' ')) == '') {
continue;
}
$context['censored_words'][htmlspecialchars(trim($censor_vulgar[$i]))] = isset($censor_proper[$i]) ? htmlspecialchars($censor_proper[$i]) : '';
}
call_integration_hook('integrate_censors');
$context['sub_template'] = 'edit_censored';
$context['page_title'] = $txt['admin_censored_words'];
createToken('admin-censor');
}
public function validateInput()
{
parent::validateInput();
if (!isset($this->input['token'])) {
throw new \Exception("JSON input misses token.");
}
if (!($token = validateToken($this->input['token']))) {
throw new \Exception("Invalid token.");
}
}
public function run()
{
parent::run();
$this->getInputJson();
if (!($token = validateToken($this->input['token']))) {
throw new \Exception("Invalid token.");
}
//TODO: delete global somehow
global $user;
$user = new \User($token['uid']);
$user->getFavorites();
$data = array('username' => $user->username, 'nickname' => $user->nickname, 'name' => $user->name, 'email' => $user->email);
foreach ($user->favorites as $favorite) {
$data['favorites'][] = $favorite['tid'];
}
$this->return['user'] = $data;
}
function validatePrivileges($privileges = array(), $no_error = false)
{
return function () use($privileges, $no_error) {
try {
// Inicjalizacja modelu użytkownika
$user = new \Model\User();
// Pobranie instancji szkieletu Slim Framework
$app = \Slim\Slim::getInstance();
// Pobranie tokenu z pola Authorization nagłówka HTTP i jego walidacja
$token = validateToken($app->request->headers->get('Authorization'));
try {
// Pobranie danych uzytkownika o zadanym tokenie
$u = $user->getByToken($token, 'administrator');
} catch (Exception $e) {
throw new Exception('Użytkownik nie jest zalogowany.', 401);
}
// Sprawdzenie wymaganych uprawnień
if (!in_array($u['privileges'], $privileges)) {
throw new Exception('Brak uprawnień.', 401);
}
// Zapamiętanie danych potrzebnych do logowania jako zmienne globalne
$GLOBALS['user_id'] = $u['user_id'];
$GLOBALS['token'] = $token;
$GLOBALS['privileges'] = $u['privileges'];
try {
// Jeśli różnica pomiędzy ostatnią aktywnością, a bierzącym czasem
// wynosi 60 sekund, to odświeżamy autoryzację
$diff = abs(strtotime(date('Y-m-d H:i:s')) - strtotime($u['last_auth']));
if ($diff > 60) {
$res = $user->refreshAuth($token);
}
} catch (Exception $e) {
}
} catch (Exception $e) {
$GLOBALS['user_id'] = -1;
$GLOBALS['token'] = '';
$GLOBALS['privileges'] = 'guest';
if (!$no_error) {
jsonError($app, $e, true);
}
}
};
}
/**
* Edit a 'it bounced' template.
*
* @uses bounce_template sub template
*/
public function action_modify_bounce_templates()
{
global $context, $txt, $user_info;
require_once SUBSDIR . '/Moderation.subs.php';
$context['id_template'] = isset($_REQUEST['tid']) ? (int) $_REQUEST['tid'] : 0;
$context['is_edit'] = (bool) $context['id_template'];
// Standard template things, you know the drill
$context['page_title'] = $context['is_edit'] ? $txt['ml_bounce_template_modify'] : $txt['ml_bounce_template_add'];
$context['sub_template'] = 'bounce_template';
$context[$context['admin_menu_name']]['current_subsection'] = 'templates';
// Defaults to show
$context['template_data'] = array('title' => '', 'body' => $txt['ml_bounce_template_body_default'], 'subject' => $txt['ml_bounce_template_subject_default'], 'personal' => false, 'can_edit_personal' => true);
// If it's an edit load it.
if ($context['is_edit']) {
modLoadTemplate($context['id_template'], 'bnctpl');
}
// Wait, we are saving?
if (isset($_POST['save'])) {
checkSession('post');
validateToken('mod-mlt');
// To check the BBC is good...
require_once SUBSDIR . '/Post.subs.php';
// Bit of cleaning!
$template_body = trim($_POST['template_body']);
$template_title = trim($_POST['template_title']);
// Need something in both boxes.
if (!empty($template_body) && !empty($template_title)) {
// Safety first.
$template_title = Util::htmlspecialchars($template_title);
// Clean up BBC.
preparsecode($template_body);
// But put line breaks back!
$template_body = strtr($template_body, array('<br />' => "\n"));
// Is this personal?
$recipient_id = !empty($_POST['make_personal']) ? $user_info['id'] : 0;
// Updating or adding ?
if ($context['is_edit']) {
// Simple update...
modAddUpdateTemplate($recipient_id, $template_title, $template_body, $context['id_template'], true, 'bnctpl');
// If it wasn't visible and now is they've effectively added it.
if ($context['template_data']['personal'] && !$recipient_id) {
logAction('add_bounce_template', array('template' => $template_title));
} elseif (!$context['template_data']['personal'] && $recipient_id) {
logAction('delete_bounce_template', array('template' => $template_title));
} else {
logAction('modify_bounce_template', array('template' => $template_title));
}
} else {
modAddUpdateTemplate($recipient_id, $template_title, $template_body, $context['id_template'], false, 'bnctpl');
logAction('add_bounce_template', array('template' => $template_title));
}
// Get out of town...
redirectexit('action=admin;area=maillist;sa=emailtemplates');
} else {
$context['warning_errors'] = array();
$context['template_data']['title'] = !empty($template_title) ? $template_title : '';
$context['template_data']['body'] = !empty($template_body) ? $template_body : $txt['ml_bounce_template_body_default'];
$context['template_data']['personal'] = !empty($recipient_id);
if (empty($template_title)) {
$context['warning_errors'][] = $txt['ml_bounce_template_error_no_title'];
}
if (empty($template_body)) {
$context['warning_errors'][] = $txt['ml_bounce_template_error_no_body'];
}
}
}
createToken('mod-mlt');
}
/**
* Shows the contact form for the user to fill out
* Needs to be enabled to be used
*/
public function action_contact()
{
global $context, $txt, $user_info, $modSettings;
// Already inside, no need to use this, just send a PM
// Disabled, you cannot enter.
if (!$user_info['is_guest'] || empty($modSettings['enable_contactform']) || $modSettings['enable_contactform'] == 'disabled') {
redirectexit();
}
loadLanguage('Login');
loadTemplate('Register');
if (isset($_REQUEST['send'])) {
checkSession('post');
validateToken('contact');
spamProtection('contact');
// No errors, yet.
$context['errors'] = array();
loadLanguage('Errors');
// Could they get the right send topic verification code?
require_once SUBSDIR . '/VerificationControls.class.php';
require_once SUBSDIR . '/Members.subs.php';
// form validation
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
$validator->sanitation_rules(array('emailaddress' => 'trim', 'contactmessage' => 'trim|Util::htmlspecialchars'));
$validator->validation_rules(array('emailaddress' => 'required|valid_email', 'contactmessage' => 'required'));
$validator->text_replacements(array('emailaddress' => $txt['error_email'], 'contactmessage' => $txt['error_message']));
// Any form errors
if (!$validator->validate($_POST)) {
$context['errors'] = $validator->validation_errors();
}
// How about any verification errors
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$context['errors'][] = $txt['error_' . $error];
}
}
// No errors, then send the PM to the admins
if (empty($context['errors'])) {
$admins = admins();
if (!empty($admins)) {
require_once SUBSDIR . '/PersonalMessage.subs.php';
sendpm(array('to' => array_keys($admins), 'bcc' => array()), $txt['contact_subject'], $_REQUEST['contactmessage'], false, array('id' => 0, 'name' => $validator->emailaddress, 'username' => $validator->emailaddress));
}
// Send the PM
redirectexit('action=contact;sa=done');
} else {
$context['emailaddress'] = $validator->emailaddress;
$context['contactmessage'] = $validator->contactmessage;
}
}
if (isset($_GET['sa']) && $_GET['sa'] == 'done') {
$context['sub_template'] = 'contact_form_done';
} else {
$context['sub_template'] = 'contact_form';
$context['page_title'] = $txt['admin_contact_form'];
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions);
$context['visual_verification_id'] = $verificationOptions['id'];
}
createToken('contact');
}
function list_integration_hooks()
{
global $sourcedir, $scripturl, $context, $txt, $modSettings, $settings;
$context['filter'] = '';
$currentHooks = get_integration_hooks();
if (isset($_GET['filter']) && in_array($_GET['filter'], array_keys($currentHooks))) {
$context['filter'] = ';filter=' . $_GET['filter'];
}
if (!empty($modSettings['handlinghooks_enabled'])) {
if (!empty($_REQUEST['do']) && isset($_REQUEST['hook']) && isset($_REQUEST['function'])) {
checkSession('request');
validateToken('admin-hook', 'request');
if ($_REQUEST['do'] == 'remove') {
remove_integration_function($_REQUEST['hook'], urldecode($_REQUEST['function']));
} else {
if ($_REQUEST['do'] == 'disable') {
// It's a hack I know...but I'm way too lazy!!!
$function_remove = $_REQUEST['function'];
$function_add = $_REQUEST['function'] . ']';
} else {
$function_remove = $_REQUEST['function'] . ']';
$function_add = $_REQUEST['function'];
}
$file = !empty($_REQUEST['includedfile']) ? urldecode($_REQUEST['includedfile']) : '';
remove_integration_function($_REQUEST['hook'], $function_remove, $file);
add_integration_function($_REQUEST['hook'], $function_add, $file);
redirectexit('action=admin;area=modsettings;sa=hooks' . $context['filter']);
}
}
}
$list_options = array('id' => 'list_integration_hooks', 'title' => $txt['hooks_title_list'], 'items_per_page' => 20, 'base_href' => $scripturl . '?action=admin;area=modsettings;sa=hooks' . $context['filter'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'default_sort_col' => 'hook_name', 'get_items' => array('function' => 'get_integration_hooks_data'), 'get_count' => array('function' => 'get_integration_hooks_count'), 'no_items_label' => $txt['hooks_no_hooks'], 'columns' => array('hook_name' => array('header' => array('value' => $txt['hooks_field_hook_name']), 'data' => array('db' => 'hook_name'), 'sort' => array('default' => 'hook_name', 'reverse' => 'hook_name DESC')), 'function_name' => array('header' => array('value' => $txt['hooks_field_function_name']), 'data' => array('function' => create_function('$data', '
global $txt;
if (!empty($data[\'included_file\']))
return $txt[\'hooks_field_function\'] . \': \' . $data[\'real_function\'] . \'<br />\' . $txt[\'hooks_field_included_file\'] . \': \' . $data[\'included_file\'];
else
return $data[\'real_function\'];
')), 'sort' => array('default' => 'function_name', 'reverse' => 'function_name DESC')), 'file_name' => array('header' => array('value' => $txt['hooks_field_file_name']), 'data' => array('db' => 'file_name'), 'sort' => array('default' => 'file_name', 'reverse' => 'file_name DESC')), 'status' => array('header' => array('value' => $txt['hooks_field_hook_exists'], 'style' => 'width:3%'), 'data' => array('function' => create_function('$data', '
global $txt, $settings, $scripturl, $context;
$change_status = array(\'before\' => \'\', \'after\' => \'\');
if ($data[\'can_be_disabled\'] && $data[\'status\'] != \'deny\')
{
$change_status[\'before\'] = \'<a href="\' . $scripturl . \'?action=admin;area=modsettings;sa=hooks;do=\' . ($data[\'enabled\'] ? \'disable\' : \'enable\') . \';hook=\' . $data[\'hook_name\'] . \';function=\' . $data[\'real_function\'] . (!empty($data[\'included_file\']) ? \';includedfile=\' . urlencode($data[\'included_file\']) : \'\') . $context[\'filter\'] . \';\' . $context[\'admin-hook_token_var\'] . \'=\' . $context[\'admin-hook_token\'] . \';\' . $context[\'session_var\'] . \'=\' . $context[\'session_id\'] . \'" onclick="return confirm(\' . javaScriptEscape($txt[\'quickmod_confirm\']) . \');">\';
$change_status[\'after\'] = \'</a>\';
}
return $change_status[\'before\'] . \'<img src="\' . $settings[\'images_url\'] . \'/admin/post_moderation_\' . $data[\'status\'] . \'.png" alt="\' . $data[\'img_text\'] . \'" title="\' . $data[\'img_text\'] . \'" />\' . $change_status[\'after\'];
'), 'class' => 'centertext'), 'sort' => array('default' => 'status', 'reverse' => 'status DESC'))), 'additional_rows' => array(array('position' => 'after_title', 'value' => $txt['hooks_disable_instructions'] . '<br />
' . $txt['hooks_disable_legend'] . ':
<ul style="list-style: none;">
<li><img src="' . $settings['images_url'] . '/admin/post_moderation_allow.png" alt="' . $txt['hooks_active'] . '" title="' . $txt['hooks_active'] . '" /> ' . $txt['hooks_disable_legend_exists'] . '</li>
<li><img src="' . $settings['images_url'] . '/admin/post_moderation_moderate.png" alt="' . $txt['hooks_disabled'] . '" title="' . $txt['hooks_disabled'] . '" /> ' . $txt['hooks_disable_legend_disabled'] . '</li>
<li><img src="' . $settings['images_url'] . '/admin/post_moderation_deny.png" alt="' . $txt['hooks_missing'] . '" title="' . $txt['hooks_missing'] . '" /> ' . $txt['hooks_disable_legend_missing'] . '</li>
</ul>')));
if (!empty($modSettings['handlinghooks_enabled'])) {
createToken('admin-hook', 'request');
$list_options['columns']['remove'] = array('header' => array('value' => $txt['hooks_button_remove'], 'style' => 'width:3%'), 'data' => array('function' => create_function('$data', '
global $txt, $settings, $scripturl, $context;
if (!$data[\'hook_exists\'])
return \'
<a href="\' . $scripturl . \'?action=admin;area=modsettings;sa=hooks;do=remove;hook=\' . $data[\'hook_name\'] . \';function=\' . urlencode($data[\'function_name\']) . $context[\'filter\'] . \';\' . $context[\'admin-hook_token_var\'] . \'=\' . $context[\'admin-hook_token\'] . \';\' . $context[\'session_var\'] . \'=\' . $context[\'session_id\'] . \'" onclick="return confirm(\' . javaScriptEscape($txt[\'quickmod_confirm\']) . \');">
<img src="\' . $settings[\'images_url\'] . \'/icons/quick_remove.png" alt="\' . $txt[\'hooks_button_remove\'] . \'" title="\' . $txt[\'hooks_button_remove\'] . \'" />
</a>\';
'), 'class' => 'centertext'));
$list_options['form'] = array('href' => $scripturl . '?action=admin;area=modsettings;sa=hooks' . $context['filter'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'name' => 'list_integration_hooks');
}
require_once $sourcedir . '/Subs-List.php';
createList($list_options);
$context['page_title'] = $txt['hooks_title_list'];
$context['sub_template'] = 'show_list';
$context['default_list'] = 'list_integration_hooks';
}
function checkToken()
{
if (isset($_POST["reg-borrower"])) {
return true;
// capcha support already there
//return validateToken('reg-borrower');
} else {
if (isset($_POST["reg-lender"])) {
return true;
// capcha support already there
//return validateToken('reg-lender');
} else {
if (isset($_POST['reg-partner'])) {
return true;
// capcha support already there
//return validateToken('reg-partner');
} else {
if (isset($_POST["userlogin"])) {
return true;
//return validateToken('userlogin');
} else {
if (isset($_POST['loanapplication'])) {
return validateToken('loanapplication');
} else {
if (isset($_POST['editloanapplication'])) {
return validateToken('editloanapplication');
} else {
if (isset($_POST['exrate'])) {
return validateToken('exrate');
} else {
if (isset($_POST['amt_entered'])) {
return validateToken('amt_entered');
} else {
if (isset($_POST['confirmApplication'])) {
return validateToken('confirmApplication');
} else {
if (isset($_POST['lenderbid'])) {
return validateToken('lenderbid');
} else {
if (isset($_POST['lenderbidUp'])) {
return validateToken('lenderbidUp');
} else {
if (isset($_POST['minfundamount'])) {
return validateToken('minfundamount');
} else {
if (isset($_POST['activatePartner'])) {
return validateToken('activatePartner');
} else {
if (isset($_POST['deactivatePartner'])) {
return validateToken('deactivatePartner');
} else {
if (isset($_POST['activateLender'])) {
return validateToken('activateLender');
} else {
if (isset($_POST['deactivateLender'])) {
return validateToken('deactivateLender');
} else {
if (isset($_POST['deactivateBorrower'])) {
return validateToken('deactivateBorrower');
} else {
if (isset($_POST['deleteBorrower'])) {
return validateToken('deleteBorrower');
} else {
if (isset($_POST['deletePartner'])) {
return validateToken('deletePartner');
} else {
if (isset($_POST['deleteLender'])) {
return validateToken('deleteLender');
} else {
if (isset($_POST['makeLoanExpire'])) {
return validateToken('makeLoanExpire');
} else {
if (isset($_POST['makeLoanActive'])) {
return validateToken('makeLoanActive');
} else {
if (isset($_POST['sendbulkmails'])) {
return validateToken('sendbulkmails');
} else {
if (isset($_POST['addpaymenttolender'])) {
return validateToken('addpaymenttolender');
} else {
if (isset($_POST['adddonationtolender'])) {
return validateToken('adddonationtolender');
} else {
if (isset($_POST['changePassword'])) {
return validateToken('changePassword');
} else {
if (isset($_POST['forgiveShare'])) {
return validateToken('forgiveShare');
} else {
if (isset($_POST['assignedPartner'])) {
return true;
} else {
if (isset($_POST['referral'])) {
return validateToken('referral');
} else {
if (isset($_POST['add-repayment_instruction'])) {
return validateToken('add-repayment_instruction');
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
if (isset($_POST["editborrower"])) {
return validateToken('editborrower');
} else {
if (isset($_POST["editlender"])) {
return validateToken('editlender');
} else {
if (isset($_POST['editpartner'])) {
return validateToken('editpartner');
} else {
if (isset($_POST['activateBorrower'])) {
return validateToken('activateBorrower');
} else {
if (isset($_POST['acceptbids'])) {
return validateToken('acceptbids');
} else {
if (isset($_POST['Payment'])) {
return validateToken('Payment');
} else {
if (isset($_POST['repaymentfeedback'])) {
return validateToken('repaymentfeedback');
} else {
if (isset($_POST['makeLoanDefault'])) {
return validateToken('makeLoanDefault');
} else {
if (isset($_POST['makeLoanUndoDefault'])) {
return validateToken('makeLoanUndoDefault');
} else {
if (isset($_POST['cancelloan'])) {
return validateToken('cancelloan');
} else {
if (isset($_POST['forgetpassword'])) {
return validateToken('forgetpassword');
} else {
if (isset($_POST['withdraw'])) {
return validateToken('withdraw');
} else {
if (isset($_POST['paywithdraw'])) {
return validateToken('paywithdraw');
} else {
if (isset($_POST['PaySimplewithdraw'])) {
return validateToken('PaySimplewithdraw');
} else {
if (isset($_POST['paysimplewithdrawadmin'])) {
return validateToken('paysimplewithdrawadmin');
} else {
if (isset($_POST['Otherwithdraw'])) {
return validateToken('Otherwithdraw');
} else {
if (isset($_POST['payotherwithdrawadmin'])) {
return validateToken('payotherwithdrawadmin');
} else {
if (isset($_POST['emailregister'])) {
return validateToken('emailregister');
} else {
if (isset($_POST['emailsent'])) {
return validateToken('emailsent');
} else {
if (isset($_POST['portfolioreport'])) {
return validateToken('portfolioreport');
} else {
if (isset($_POST['portfolioreportnew'])) {
return validateToken('portfolioreportnew');
} else {
if (isset($_POST['transactionhistory'])) {
return validateToken('transactionhistory');
} else {
if (isset($_POST['tr_hidden'])) {
return validateToken('tr_hidden');
} else {
if (isset($_POST['translatorhidden'])) {
return validateToken('translatorhidden');
} else {
if (isset($_POST['translatorlang'])) {
return validateToken('translatorlang');
} else {
if (isset($_POST['giftcardorder'])) {
return validateToken('giftcardorder');
} else {
if (isset($_POST['redeemCard'])) {
return validateToken('redeemCard');
} else {
if (isset($_POST['donate_card'])) {
return validateToken('donate_card');
} else {
if (isset($_POST['promotLoan'])) {
return validateToken('promotLoan');
} else {
if (isset($_POST['invite_frnds'])) {
return validateToken('invite_frnds');
} else {
if (isset($_POST['get_contacts'])) {
return validateToken('get_contacts');
} else {
if (isset($_POST['get_loans'])) {
return validateToken('get_loans');
} else {
if (isset($_POST['repay_report'])) {
return validateToken('repay_report');
} else {
if (isset($_POST['declinedBorrower'])) {
return validateToken('declinedBorrower');
} else {
if (isset($_POST['reScheduleLoan'])) {
return validateToken('reScheduleLoan');
} else {
if (isset($_POST['update-repayment_instruction'])) {
return validateToken('update-repayment_instruction');
} else {
if (isset($_POST['del-repayment_instruction'])) {
return validateToken('del-repayment_instruction');
} else {
if (isset($_POST['del-repayment_instruction'])) {
return validateToken('del-repayment_instruction');
} else {
if (isset($_POST['sendShareEmail'])) {
return validateToken('sendShareEmail');
} else {
if (isset($_POST['campaign'])) {
return validateToken('campaign');
} else {
if (isset($_POST['deactivateAccount'])) {
return validateToken('deactivateAccount');
} else {
if (isset($_POST['emailedTo'])) {
return true;
} else {
if (isset($_POST['automaticLending'])) {
return validateToken('automaticLending');
} else {
if (isset($_POST['upload_funds'])) {
return validateToken('upload_funds');
} else {
if (isset($_POST['lender_invite'])) {
return validateToken('lender_invite');
} else {
return true;
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
/**
* Show the log of all tasks that have taken place.
*
* @uses ManageScheduledTasks language file
*/
function TaskLog()
{
global $scripturl, $context, $txt, $smcFunc, $sourcedir;
// Lets load the language just incase we are outside the Scheduled area.
loadLanguage('ManageScheduledTasks');
// Empty the log?
if (!empty($_POST['removeAll'])) {
checkSession();
validateToken('admin-tl');
$smcFunc['db_query']('truncate_table', '
TRUNCATE {db_prefix}log_scheduled_tasks', array());
}
// Setup the list.
$listOptions = array('id' => 'task_log', 'items_per_page' => 30, 'title' => $txt['scheduled_log'], 'no_items_label' => $txt['scheduled_log_empty'], 'base_href' => $context['admin_area'] == 'scheduledtasks' ? $scripturl . '?action=admin;area=scheduledtasks;sa=tasklog' : $scripturl . '?action=admin;area=logs;sa=tasklog', 'default_sort_col' => 'date', 'get_items' => array('function' => 'list_getTaskLogEntries'), 'get_count' => array('function' => 'list_getNumTaskLogEntries'), 'columns' => array('name' => array('header' => array('value' => $txt['scheduled_tasks_name']), 'data' => array('db' => 'name')), 'date' => array('header' => array('value' => $txt['scheduled_log_time_run']), 'data' => array('function' => create_function('$rowData', '
return timeformat($rowData[\'time_run\'], true);
')), 'sort' => array('default' => 'lst.id_log DESC', 'reverse' => 'lst.id_log')), 'time_taken' => array('header' => array('value' => $txt['scheduled_log_time_taken']), 'data' => array('sprintf' => array('format' => $txt['scheduled_log_time_taken_seconds'], 'params' => array('time_taken' => false))), 'sort' => array('default' => 'lst.time_taken', 'reverse' => 'lst.time_taken DESC'))), 'form' => array('href' => $context['admin_area'] == 'scheduledtasks' ? $scripturl . '?action=admin;area=scheduledtasks;sa=tasklog' : $scripturl . '?action=admin;area=logs;sa=tasklog', 'token' => 'admin-tl'), 'additional_rows' => array(array('position' => 'below_table_data', 'value' => '
<input type="submit" name="removeAll" value="' . $txt['scheduled_log_empty_log'] . '" onclick="return confirm(\'' . $txt['scheduled_log_empty_log_confirm'] . '\');" class="button_submit" />', 'style' => 'text-align: right;'), array('position' => 'after_title', 'value' => $txt['scheduled_tasks_time_offset'], 'class' => 'windowbg2')));
createToken('admin-tl');
require_once $sourcedir . '/Subs-List.php';
createList($listOptions);
$context['sub_template'] = 'show_list';
$context['default_list'] = 'task_log';
// Make it all look tify.
$context[$context['admin_menu_name']]['current_subsection'] = 'tasklog';
$context['page_title'] = $txt['scheduled_log'];
}
/**
* Show the log of all tasks that have taken place.
*
* @uses ManageScheduledTasks language file
*/
public function action_log()
{
global $scripturl, $context, $txt;
require_once SUBSDIR . '/ScheduledTasks.subs.php';
// Lets load the language just in case we are outside the Scheduled area.
loadLanguage('ManageScheduledTasks');
// Empty the log?
if (!empty($_POST['removeAll'])) {
checkSession();
validateToken('admin-tl');
emptyTaskLog();
}
// Setup the list.
$listOptions = array('id' => 'task_log', 'items_per_page' => 30, 'title' => $txt['scheduled_log'], 'no_items_label' => $txt['scheduled_log_empty'], 'base_href' => $context['admin_area'] == 'scheduledtasks' ? $scripturl . '?action=admin;area=scheduledtasks;sa=tasklog' : $scripturl . '?action=admin;area=logs;sa=tasklog', 'default_sort_col' => 'date', 'get_items' => array('function' => array($this, 'list_getTaskLogEntries')), 'get_count' => array('function' => array($this, 'list_getNumTaskLogEntries')), 'columns' => array('name' => array('header' => array('value' => $txt['scheduled_tasks_name']), 'data' => array('db' => 'name')), 'date' => array('header' => array('value' => $txt['scheduled_log_time_run']), 'data' => array('function' => create_function('$rowData', '
return standardTime($rowData[\'time_run\'], true);
')), 'sort' => array('default' => 'lst.id_log DESC', 'reverse' => 'lst.id_log')), 'time_taken' => array('header' => array('value' => $txt['scheduled_log_time_taken']), 'data' => array('sprintf' => array('format' => $txt['scheduled_log_time_taken_seconds'], 'params' => array('time_taken' => false))), 'sort' => array('default' => 'lst.time_taken', 'reverse' => 'lst.time_taken DESC')), 'task_completed' => array('header' => array('value' => $txt['scheduled_log_completed']), 'data' => array('function' => create_function('$rowData', '
global $settings, $txt;
return \'<img src="\' . $settings[\'images_url\'] . \'/admin/complete_\' . ($rowData[\'task_completed\'] ? \'success\' : \'fail\') . \'.png" alt="\' . sprintf($txt[$rowData[\'task_completed\'] ? \'maintain_done\' : \'maintain_fail\'], $rowData[\'name\']) . \'" />\';
')))), 'form' => array('href' => $context['admin_area'] == 'scheduledtasks' ? $scripturl . '?action=admin;area=scheduledtasks;sa=tasklog' : $scripturl . '?action=admin;area=logs;sa=tasklog', 'token' => 'admin-tl'), 'additional_rows' => array(array('position' => 'below_table_data', 'value' => '
<input type="submit" name="removeAll" value="' . $txt['scheduled_log_empty_log'] . '" onclick="return confirm(\'' . $txt['scheduled_log_empty_log_confirm'] . '\');" class="right_submit" />'), array('position' => 'after_title', 'value' => $txt['scheduled_tasks_time_offset'], 'class' => 'windowbg2')));
createToken('admin-tl');
require_once SUBSDIR . '/GenericList.class.php';
createList($listOptions);
$context['sub_template'] = 'show_list';
$context['default_list'] = 'task_log';
// Make it all look tify.
$context[$context['admin_menu_name']]['current_subsection'] = 'tasklog';
$context['page_title'] = $txt['scheduled_log'];
}
/**
* Editing a membergroup.
* Screen to edit a specific membergroup.
* Called by ?action=admin;area=membergroups;sa=edit;group=x.
* It requires the manage_membergroups permission.
* Also handles the delete button of the edit form.
* Redirects to ?action=admin;area=membergroups.
*
* @uses the edit_group sub template of ManageMembergroups.
*/
function EditMembergroup()
{
global $context, $txt, $sourcedir, $modSettings, $smcFunc;
$_REQUEST['group'] = isset($_REQUEST['group']) && $_REQUEST['group'] > 0 ? (int) $_REQUEST['group'] : 0;
if (!empty($modSettings['deny_boards_access'])) {
loadLanguage('ManagePermissions');
}
// Make sure this group is editable.
if (!empty($_REQUEST['group'])) {
$request = $smcFunc['db_query']('', '
SELECT id_group
FROM {db_prefix}membergroups
WHERE id_group = {int:current_group}' . (allowedTo('admin_forum') ? '' : '
AND group_type != {int:is_protected}') . '
LIMIT {int:limit}', array('current_group' => $_REQUEST['group'], 'is_protected' => 1, 'limit' => 1));
list($_REQUEST['group']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
}
// Now, do we have a valid id?
if (empty($_REQUEST['group'])) {
fatal_lang_error('membergroup_does_not_exist', false);
}
// The delete this membergroup button was pressed.
if (isset($_POST['delete'])) {
checkSession();
validateToken('admin-mmg');
require_once $sourcedir . '/Subs-Membergroups.php';
deleteMembergroups($_REQUEST['group']);
redirectexit('action=admin;area=membergroups;');
} elseif (isset($_POST['save'])) {
// Validate the session.
checkSession();
validateToken('admin-mmg');
// Can they really inherit from this group?
if (isset($_POST['group_inherit']) && $_POST['group_inherit'] != -2 && !allowedTo('admin_forum')) {
$request = $smcFunc['db_query']('', '
SELECT group_type
FROM {db_prefix}membergroups
WHERE id_group = {int:inherit_from}
LIMIT {int:limit}', array('inherit_from' => $_POST['group_inherit'], 'limit' => 1));
list($inherit_type) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
}
// Set variables to their proper value.
$_POST['max_messages'] = isset($_POST['max_messages']) ? (int) $_POST['max_messages'] : 0;
$_POST['min_posts'] = isset($_POST['min_posts']) && isset($_POST['group_type']) && $_POST['group_type'] == -1 && $_REQUEST['group'] > 3 ? abs($_POST['min_posts']) : ($_REQUEST['group'] == 4 ? 0 : -1);
$_POST['icons'] = empty($_POST['icon_count']) || $_POST['icon_count'] < 0 ? '' : min((int) $_POST['icon_count'], 99) . '#' . $_POST['icon_image'];
$_POST['group_desc'] = isset($_POST['group_desc']) && ($_REQUEST['group'] == 1 || isset($_POST['group_type']) && $_POST['group_type'] != -1) ? trim($_POST['group_desc']) : '';
$_POST['group_type'] = !isset($_POST['group_type']) || $_POST['group_type'] < 0 || $_POST['group_type'] > 3 || $_POST['group_type'] == 1 && !allowedTo('admin_forum') ? 0 : (int) $_POST['group_type'];
$_POST['group_hidden'] = empty($_POST['group_hidden']) || $_POST['min_posts'] != -1 || $_REQUEST['group'] == 3 ? 0 : (int) $_POST['group_hidden'];
$_POST['group_inherit'] = $_REQUEST['group'] > 1 && $_REQUEST['group'] != 3 && (empty($inherit_type) || $inherit_type != 1) ? (int) $_POST['group_inherit'] : -2;
//@todo Don't set online_color for the Moderators group?
// Do the update of the membergroup settings.
$smcFunc['db_query']('', '
UPDATE {db_prefix}membergroups
SET group_name = {string:group_name}, online_color = {string:online_color},
max_messages = {int:max_messages}, min_posts = {int:min_posts}, icons = {string:icons},
description = {string:group_desc}, group_type = {int:group_type}, hidden = {int:group_hidden},
id_parent = {int:group_inherit}
WHERE id_group = {int:current_group}', array('max_messages' => $_POST['max_messages'], 'min_posts' => $_POST['min_posts'], 'group_type' => $_POST['group_type'], 'group_hidden' => $_POST['group_hidden'], 'group_inherit' => $_POST['group_inherit'], 'current_group' => (int) $_REQUEST['group'], 'group_name' => $smcFunc['htmlspecialchars']($_POST['group_name']), 'online_color' => $_POST['online_color'], 'icons' => $_POST['icons'], 'group_desc' => $_POST['group_desc']));
call_integration_hook('integrate_save_membergroup', array((int) $_REQUEST['group']));
// Time to update the boards this membergroup has access to.
if ($_REQUEST['group'] == 2 || $_REQUEST['group'] > 3) {
$accesses = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess'];
$changed_boards['allow'] = array();
$changed_boards['deny'] = array();
$changed_boards['ignore'] = array();
foreach ($accesses as $group_id => $action) {
$changed_boards[$action][] = (int) $group_id;
}
foreach (array('allow', 'deny') as $board_action) {
// Find all board this group is in, but shouldn't be in.
$request = $smcFunc['db_query']('', '
SELECT id_board, {raw:column}
FROM {db_prefix}boards
WHERE FIND_IN_SET({string:current_group}, {raw:column}) != 0' . (empty($changed_boards[$board_action]) ? '' : '
AND id_board NOT IN ({array_int:board_access_list})'), array('current_group' => (int) $_REQUEST['group'], 'board_access_list' => $changed_boards[$board_action], 'column' => $board_action == 'allow' ? 'member_groups' : 'deny_member_groups'));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}boards
SET {raw:column} = {string:member_group_access}
WHERE id_board = {int:current_board}', array('current_board' => $row['id_board'], 'member_group_access' => implode(',', array_diff(explode(',', $row['member_groups']), array($_REQUEST['group']))), 'column' => $board_action == 'allow' ? 'member_groups' : 'deny_member_groups'));
}
$smcFunc['db_free_result']($request);
// Add the membergroup to all boards that hadn't been set yet.
if (!empty($changed_boards[$board_action])) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}boards
SET {raw:column} = CASE WHEN {raw:column} = {string:blank_string} THEN {string:group_id_string} ELSE CONCAT({raw:column}, {string:comma_group}) END
WHERE id_board IN ({array_int:board_list})
AND FIND_IN_SET({int:current_group}, {raw:column}) = 0', array('board_list' => $changed_boards[$board_action], 'blank_string' => '', 'current_group' => (int) $_REQUEST['group'], 'group_id_string' => (string) (int) $_REQUEST['group'], 'comma_group' => ',' . $_REQUEST['group'], 'column' => $board_action == 'allow' ? 'member_groups' : 'deny_member_groups'));
}
}
}
// Remove everyone from this group!
if ($_POST['min_posts'] != -1) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}members
SET id_group = {int:regular_member}
WHERE id_group = {int:current_group}', array('regular_member' => 0, 'current_group' => (int) $_REQUEST['group']));
$request = $smcFunc['db_query']('', '
SELECT id_member, additional_groups
FROM {db_prefix}members
WHERE FIND_IN_SET({string:current_group}, additional_groups) != 0', array('current_group' => (int) $_REQUEST['group']));
$updates = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$updates[$row['additional_groups']][] = $row['id_member'];
}
$smcFunc['db_free_result']($request);
foreach ($updates as $additional_groups => $memberArray) {
updateMemberData($memberArray, array('additional_groups' => implode(',', array_diff(explode(',', $additional_groups), array((int) $_REQUEST['group'])))));
}
} elseif ($_REQUEST['group'] != 3) {
// Making it a hidden group? If so remove everyone with it as primary group (Actually, just make them additional).
if ($_POST['group_hidden'] == 2) {
$request = $smcFunc['db_query']('', '
SELECT id_member, additional_groups
FROM {db_prefix}members
WHERE id_group = {int:current_group}
AND FIND_IN_SET({int:current_group}, additional_groups) = 0', array('current_group' => (int) $_REQUEST['group']));
$updates = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$updates[$row['additional_groups']][] = $row['id_member'];
}
$smcFunc['db_free_result']($request);
foreach ($updates as $additional_groups => $memberArray) {
updateMemberData($memberArray, array('additional_groups' => implode(',', array_merge(explode(',', $additional_groups), array((int) $_REQUEST['group'])))));
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}members
SET id_group = {int:regular_member}
WHERE id_group = {int:current_group}', array('regular_member' => 0, 'current_group' => $_REQUEST['group']));
}
// Either way, let's check our "show group membership" setting is correct.
$request = $smcFunc['db_query']('', '
SELECT COUNT(*)
FROM {db_prefix}membergroups
WHERE group_type > {int:non_joinable}', array('non_joinable' => 1));
list($have_joinable) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Do we need to update the setting?
if (empty($modSettings['show_group_membership']) && $have_joinable || !empty($modSettings['show_group_membership']) && !$have_joinable) {
updateSettings(array('show_group_membership' => $have_joinable ? 1 : 0));
}
}
// Do we need to set inherited permissions?
if ($_POST['group_inherit'] != -2 && $_POST['group_inherit'] != $_POST['old_inherit']) {
require_once $sourcedir . '/ManagePermissions.php';
updateChildPermissions($_POST['group_inherit']);
}
// Finally, moderators!
$moderator_string = isset($_POST['group_moderators']) ? trim($_POST['group_moderators']) : '';
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}group_moderators
WHERE id_group = {int:current_group}', array('current_group' => $_REQUEST['group']));
if ((!empty($moderator_string) || !empty($_POST['moderator_list'])) && $_POST['min_posts'] == -1 && $_REQUEST['group'] != 3) {
// Get all the usernames from the string
if (!empty($moderator_string)) {
$moderator_string = strtr(preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', htmlspecialchars($moderator_string), ENT_QUOTES), array('"' => '"'));
preg_match_all('~"([^"]+)"~', $moderator_string, $matches);
$moderators = array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $moderator_string)));
for ($k = 0, $n = count($moderators); $k < $n; $k++) {
$moderators[$k] = trim($moderators[$k]);
if (strlen($moderators[$k]) == 0) {
unset($moderators[$k]);
}
}
// Find all the id_member's for the member_name's in the list.
$group_moderators = array();
if (!empty($moderators)) {
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}members
WHERE member_name IN ({array_string:moderators}) OR real_name IN ({array_string:moderators})
LIMIT ' . count($moderators), array('moderators' => $moderators));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$group_moderators[] = $row['id_member'];
}
$smcFunc['db_free_result']($request);
}
} else {
$moderators = array();
foreach ($_POST['moderator_list'] as $moderator) {
$moderators[] = (int) $moderator;
}
$group_moderators = array();
if (!empty($moderators)) {
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}members
WHERE id_member IN ({array_int:moderators})
LIMIT {int:num_moderators}', array('moderators' => $moderators, 'num_moderators' => count($moderators)));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$group_moderators[] = $row['id_member'];
}
$smcFunc['db_free_result']($request);
}
}
// Found some?
if (!empty($group_moderators)) {
$mod_insert = array();
foreach ($group_moderators as $moderator) {
$mod_insert[] = array($_REQUEST['group'], $moderator);
}
$smcFunc['db_insert']('insert', '{db_prefix}group_moderators', array('id_group' => 'int', 'id_member' => 'int'), $mod_insert, array('id_group', 'id_member'));
}
}
// There might have been some post group changes.
updateStats('postgroups');
// We've definitely changed some group stuff.
updateSettings(array('settings_updated' => time()));
// Log the edit.
logAction('edited_group', array('group' => $_POST['group_name']), 'admin');
redirectexit('action=admin;area=membergroups');
}
// Fetch the current group information.
$request = $smcFunc['db_query']('', '
SELECT group_name, description, min_posts, online_color, max_messages, icons, group_type, hidden, id_parent
FROM {db_prefix}membergroups
WHERE id_group = {int:current_group}
LIMIT 1', array('current_group' => (int) $_REQUEST['group']));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('membergroup_does_not_exist', false);
}
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
$row['icons'] = explode('#', $row['icons']);
$context['group'] = array('id' => $_REQUEST['group'], 'name' => $row['group_name'], 'description' => htmlspecialchars($row['description']), 'editable_name' => $row['group_name'], 'color' => $row['online_color'], 'min_posts' => $row['min_posts'], 'max_messages' => $row['max_messages'], 'icon_count' => (int) $row['icons'][0], 'icon_image' => isset($row['icons'][1]) ? $row['icons'][1] : '', 'is_post_group' => $row['min_posts'] != -1, 'type' => $row['min_posts'] != -1 ? 0 : $row['group_type'], 'hidden' => $row['min_posts'] == -1 ? $row['hidden'] : 0, 'inherited_from' => $row['id_parent'], 'allow_post_group' => $_REQUEST['group'] == 2 || $_REQUEST['group'] > 4, 'allow_delete' => $_REQUEST['group'] == 2 || $_REQUEST['group'] > 4, 'allow_protected' => allowedTo('admin_forum'));
// Get any moderators for this group
$request = $smcFunc['db_query']('', '
SELECT mem.id_member, mem.real_name
FROM {db_prefix}group_moderators AS mods
INNER JOIN {db_prefix}members AS mem ON (mem.id_member = mods.id_member)
WHERE mods.id_group = {int:current_group}', array('current_group' => $_REQUEST['group']));
$context['group']['moderators'] = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['group']['moderators'][$row['id_member']] = $row['real_name'];
}
$smcFunc['db_free_result']($request);
$context['group']['moderator_list'] = empty($context['group']['moderators']) ? '' : '"' . implode('", "', $context['group']['moderators']) . '"';
if (!empty($context['group']['moderators'])) {
list($context['group']['last_moderator_id']) = array_slice(array_keys($context['group']['moderators']), -1);
}
// Get a list of boards this membergroup is allowed to see.
$context['boards'] = array();
if ($_REQUEST['group'] == 2 || $_REQUEST['group'] > 3) {
$request = $smcFunc['db_query']('', '
SELECT b.id_cat, c.name as cat_name, b.id_board, b.name, b.child_level,
FIND_IN_SET({string:current_group}, b.member_groups) != 0 AS can_access, FIND_IN_SET({string:current_group}, b.deny_member_groups) != 0 AS cannot_access
FROM {db_prefix}boards AS b
LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat)
ORDER BY board_order', array('current_group' => (int) $_REQUEST['group']));
$context['categories'] = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
// This category hasn't been set up yet..
if (!isset($context['categories'][$row['id_cat']])) {
$context['categories'][$row['id_cat']] = array('id' => $row['id_cat'], 'name' => $row['cat_name'], 'boards' => array());
}
// Set this board up, and let the template know when it's a child. (indent them..)
$context['categories'][$row['id_cat']]['boards'][$row['id_board']] = array('id' => $row['id_board'], 'name' => $row['name'], 'child_level' => $row['child_level'], 'allow' => !(empty($row['can_access']) || $row['can_access'] == 'f'), 'deny' => !(empty($row['cannot_access']) || $row['cannot_access'] == 'f'));
}
$smcFunc['db_free_result']($request);
// Now, let's sort the list of categories into the boards for templates that like that.
$temp_boards = array();
foreach ($context['categories'] as $category) {
$temp_boards[] = array('name' => $category['name'], 'child_ids' => array_keys($category['boards']));
$temp_boards = array_merge($temp_boards, array_values($category['boards']));
// Include a list of boards per category for easy toggling.
$context['categories'][$category['id']]['child_ids'] = array_keys($category['boards']);
}
$max_boards = ceil(count($temp_boards) / 2);
if ($max_boards == 1) {
$max_boards = 2;
}
}
// Finally, get all the groups this could be inherited off.
$request = $smcFunc['db_query']('', '
SELECT id_group, group_name
FROM {db_prefix}membergroups
WHERE id_group != {int:current_group}' . (empty($modSettings['permission_enable_postgroups']) ? '
AND min_posts = {int:min_posts}' : '') . (allowedTo('admin_forum') ? '' : '
AND group_type != {int:is_protected}') . '
AND id_group NOT IN (1, 3)
AND id_parent = {int:not_inherited}', array('current_group' => (int) $_REQUEST['group'], 'min_posts' => -1, 'not_inherited' => -2, 'is_protected' => 1));
$context['inheritable_groups'] = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['inheritable_groups'][$row['id_group']] = $row['group_name'];
}
$smcFunc['db_free_result']($request);
call_integration_hook('integrate_view_membergroup');
$context['sub_template'] = 'edit_group';
$context['page_title'] = $txt['membergroups_edit_group'];
createToken('admin-mmg');
}
/**
* Edit settings related to the sphinx or sphinxQL search function.
*
* - Called by ?action=admin;area=managesearch;sa=sphinx.
* - Checks if connection to search daemon is possible
*/
public function action_managesphinx()
{
global $txt, $context, $modSettings;
// Saving the settings
if (isset($_POST['save'])) {
checkSession();
validateToken('admin-mssphinx');
updateSettings(array('sphinx_data_path' => rtrim($_POST['sphinx_data_path'], '/'), 'sphinx_log_path' => rtrim($_POST['sphinx_log_path'], '/'), 'sphinx_stopword_path' => $_POST['sphinx_stopword_path'], 'sphinx_indexer_mem' => (int) $_POST['sphinx_indexer_mem'], 'sphinx_searchd_server' => $_POST['sphinx_searchd_server'], 'sphinx_searchd_port' => (int) $_POST['sphinx_searchd_port'], 'sphinxql_searchd_port' => (int) $_POST['sphinxql_searchd_port'], 'sphinx_max_results' => (int) $_POST['sphinx_max_results']));
} elseif (isset($_POST['checkconnect'])) {
checkSession();
validateToken('admin-mssphinx');
// If they have not picked sphinx yet, let them know, but we can still check connections
if (empty($modSettings['search_index']) || $modSettings['search_index'] !== 'sphinx' && $modSettings['search_index'] !== 'sphinxql') {
$context['settings_message'][] = $txt['sphinx_test_not_selected'];
$context['error_type'] = 'notice';
}
// Try to connect via Sphinx API?
if (!empty($modSettings['search_index']) && ($modSettings['search_index'] === 'sphinx' || empty($modSettings['search_index']))) {
if (@file_exists(SOURCEDIR . '/sphinxapi.php')) {
include_once SOURCEDIR . '/sphinxapi.php';
$mySphinx = new SphinxClient();
$mySphinx->SetServer($modSettings['sphinx_searchd_server'], (int) $modSettings['sphinx_searchd_port']);
$mySphinx->SetLimits(0, (int) $modSettings['sphinx_max_results']);
$mySphinx->SetMatchMode(SPH_MATCH_BOOLEAN);
$mySphinx->SetSortMode(SPH_SORT_ATTR_ASC, 'id_topic');
$request = $mySphinx->Query('test', 'elkarte_index');
if ($request === false) {
$context['settings_message'][] = $txt['sphinx_test_connect_failed'];
$context['error_type'] = 'serious';
} else {
$context['settings_message'][] = $txt['sphinx_test_passed'];
}
} else {
$context['settings_message'][] = $txt['sphinx_test_api_missing'];
$context['error_type'] = 'serious';
}
}
// Try to connect via SphinxQL
if (!empty($modSettings['search_index']) && ($modSettings['search_index'] === 'sphinxql' || empty($modSettings['search_index']))) {
if (!empty($modSettings['sphinx_searchd_server']) && !empty($modSettings['sphinxql_searchd_port'])) {
$result = @mysqli_connect($modSettings['sphinx_searchd_server'] === 'localhost' ? '127.0.0.1' : $modSettings['sphinx_searchd_server'], '', '', '', (int) $modSettings['sphinxql_searchd_port']);
if ($result === false) {
$context['settings_message'][] = $txt['sphinxql_test_connect_failed'];
$context['error_type'] = 'serious';
} else {
$context['settings_message'][] = $txt['sphinxql_test_passed'];
}
} else {
$context['settings_message'][] = $txt['sphinxql_test_connect_failed'];
$context['error_type'] = 'serious';
}
}
} elseif (isset($_POST['createconfig'])) {
checkSession();
validateToken('admin-mssphinx');
require_once SUBSDIR . '/ManageSearch.subs.php';
createSphinxConfig();
}
// Setup for the template
$context['page_title'] = $txt['search_sphinx'];
$context['page_description'] = $txt['sphinx_description'];
$context['sub_template'] = 'manage_sphinx';
createToken('admin-mssphinx');
}
class ResponseItem
{
public $isValid = false;
public $validation;
public $mediaId;
public $renditions = array();
function __construct($mediaId, $validation)
{
$this->mediaId = $mediaId;
$this->validation = $validation;
$this->isValid = $this->validation->isValid;
if ($this->isValid) {
$this->getRenditions();
}
}
function getRenditions()
{
$mediaItems = createMediaItems();
foreach ($mediaItems as $mediaItem) {
if ($mediaItem->videoId == $this->mediaId) {
$rendition = array("type" => "video/mp4", "src" => $mediaItem->getVideo());
array_push($this->renditions, $rendition);
break;
}
}
}
}
$isValid = validateToken($requestorId, $resourceId, $shortMediaToken);
$response = new ResponseItem($mediaId, $isValid);
header('Content-type: application/json');
echo json_encode($response);
/**
* Prepares the information from the moderation log for viewing.
* Show the moderation log, or admin log...
* Disallows the deletion of events within twenty-four hours of now.
* Requires the admin_forum permission for admin log.
* Accessed via ?action=moderate;area=modlog.
*
* @uses Modlog template, main sub-template.
*/
public function action_log()
{
global $txt, $context, $scripturl;
require_once SUBSDIR . '/Modlog.subs.php';
// Are we looking at the moderation log or the administration log.
$context['log_type'] = isset($_REQUEST['sa']) && $_REQUEST['sa'] == 'adminlog' ? 3 : 1;
if ($context['log_type'] == 3) {
isAllowedTo('admin_forum');
}
// These change dependant on whether we are viewing the moderation or admin log.
if ($context['log_type'] == 3 || $_REQUEST['action'] == 'admin') {
$context['url_start'] = '?action=admin;area=logs;sa=' . ($context['log_type'] == 3 ? 'adminlog' : 'modlog') . ';type=' . $context['log_type'];
} else {
$context['url_start'] = '?action=moderate;area=modlog;type=' . $context['log_type'];
}
$context['can_delete'] = allowedTo('admin_forum');
loadLanguage('Modlog');
$context['page_title'] = $context['log_type'] == 3 ? $txt['modlog_admin_log'] : $txt['modlog_view'];
// The number of entries to show per page of log file.
$context['displaypage'] = 30;
// Amount of hours that must pass before allowed to delete file.
$context['hoursdisable'] = 24;
// Handle deletion...
if (isset($_POST['removeall']) && $context['can_delete']) {
checkSession();
validateToken('mod-ml');
deleteLogAction($context['log_type'], $context['hoursdisable']);
} elseif (!empty($_POST['remove']) && isset($_POST['delete']) && $context['can_delete']) {
checkSession();
validateToken('mod-ml');
deleteLogAction($context['log_type'], $context['hoursdisable'], $_POST['delete']);
}
// If we're coming from a search, get the variables.
if (!empty($_REQUEST['params']) && empty($_REQUEST['is_search'])) {
$search_params = base64_decode(strtr($_REQUEST['params'], array(' ' => '+')));
$search_params = @unserialize($search_params);
}
// This array houses all the valid quick search types.
$searchTypes = array('action' => array('sql' => 'lm.action', 'label' => $txt['modlog_action']), 'member' => array('sql' => 'mem.real_name', 'label' => $txt['modlog_member']), 'position' => array('sql' => 'mg.group_name', 'label' => $txt['modlog_position']), 'ip' => array('sql' => 'lm.ip', 'label' => $txt['modlog_ip']));
// Setup the allowed search
$context['order'] = isset($_REQUEST['sort']) && isset($searchTypes[$_REQUEST['sort']]) ? $_REQUEST['sort'] : 'member';
if (!isset($search_params['string']) || !empty($_REQUEST['search']) && $search_params['string'] != $_REQUEST['search']) {
$search_params_string = empty($_REQUEST['search']) ? '' : $_REQUEST['search'];
} else {
$search_params_string = $search_params['string'];
}
if (isset($_REQUEST['search_type']) || empty($search_params['type']) || !isset($searchTypes[$search_params['type']])) {
$search_params_type = isset($_REQUEST['search_type']) && isset($searchTypes[$_REQUEST['search_type']]) ? $_REQUEST['search_type'] : $context['order'];
} else {
$search_params_type = $search_params['type'];
}
$search_params_column = $searchTypes[$search_params_type]['sql'];
$search_params = array('string' => $search_params_string, 'type' => $search_params_type);
// Setup the search context.
$context['search_params'] = empty($search_params['string']) ? '' : base64_encode(serialize($search_params));
$context['search'] = array('string' => $search_params['string'], 'type' => $search_params['type'], 'label' => $searchTypes[$search_params_type]['label']);
// If they are searching by action, then we must do some manual intervention to search in their language!
if ($search_params['type'] == 'action' && !empty($search_params['string'])) {
// Build a regex which looks for the words
$regex = '';
$search = explode(' ', $search_params['string']);
foreach ($search as $word) {
$regex .= '(?=[\\w\\s]*' . $word . ')';
}
// For the moment they can only search for ONE action!
foreach ($txt as $key => $text) {
if (strpos($key, 'modlog_ac_') === 0 && preg_match('~' . $regex . '~i', $text)) {
$search_params['string'] = substr($key, 10);
break;
}
}
}
require_once SUBSDIR . '/GenericList.class.php';
// This is all the information required for a moderation/admin log listing.
$listOptions = array('id' => 'moderation_log_list', 'width' => '100%', 'items_per_page' => $context['displaypage'], 'no_items_label' => $txt['modlog_' . ($context['log_type'] == 3 ? 'admin_log_' : '') . 'no_entries_found'], 'base_href' => $scripturl . $context['url_start'] . (!empty($context['search_params']) ? ';params=' . $context['search_params'] : ''), 'default_sort_col' => 'time', 'get_items' => array('function' => array($this, 'getModLogEntries'), 'params' => array(!empty($search_params['string']) ? ' INSTR({raw:sql_type}, {string:search_string})' : '', array('sql_type' => $search_params_column, 'search_string' => $search_params['string']), $context['log_type'])), 'get_count' => array('function' => array($this, 'getModLogEntryCount'), 'params' => array(!empty($search_params['string']) ? ' INSTR({raw:sql_type}, {string:search_string})' : '', array('sql_type' => $search_params_column, 'search_string' => $search_params['string']), $context['log_type'])), 'columns' => array('action' => array('header' => array('value' => $txt['modlog_action'], 'class' => 'lefttext'), 'data' => array('db' => 'action_text', 'class' => 'smalltext'), 'sort' => array('default' => 'lm.action', 'reverse' => 'lm.action DESC')), 'time' => array('header' => array('value' => $txt['modlog_date'], 'class' => 'lefttext'), 'data' => array('db' => 'time', 'class' => 'smalltext'), 'sort' => array('default' => 'lm.log_time DESC', 'reverse' => 'lm.log_time')), 'moderator' => array('header' => array('value' => $txt['modlog_member'], 'class' => 'lefttext'), 'data' => array('db' => 'moderator_link', 'class' => 'smalltext'), 'sort' => array('default' => 'mem.real_name', 'reverse' => 'mem.real_name DESC')), 'position' => array('header' => array('value' => $txt['modlog_position'], 'class' => 'lefttext'), 'data' => array('db' => 'position', 'class' => 'smalltext'), 'sort' => array('default' => 'mg.group_name', 'reverse' => 'mg.group_name DESC')), 'ip' => array('header' => array('value' => $txt['modlog_ip'], 'class' => 'lefttext'), 'data' => array('db' => 'ip', 'class' => 'smalltext'), 'sort' => array('default' => 'lm.ip', 'reverse' => 'lm.ip DESC')), 'delete' => array('header' => array('value' => '<input type="checkbox" name="all" class="input_check" onclick="invertAll(this, this.form);" />', 'class' => 'centertext'), 'data' => array('function' => create_function('$entry', '
return \'<input type="checkbox" class="input_check" name="delete[]" value="\' . $entry[\'id\'] . \'"\' . ($entry[\'editable\'] ? \'\' : \' disabled="disabled"\') . \' />\';
'), 'class' => 'centertext'))), 'form' => array('href' => $scripturl . $context['url_start'], 'include_sort' => true, 'include_start' => true, 'hidden_fields' => array($context['session_var'] => $context['session_id'], 'params' => $context['search_params']), 'token' => 'mod-ml'), 'additional_rows' => array(array('class' => 'submitbutton', 'position' => 'below_table_data', 'value' => '
<div id="quick_log_search">
' . $txt['modlog_search'] . ' (' . $txt['modlog_by'] . ': ' . $context['search']['label'] . ')
<input type="text" name="search" size="18" value="' . Util::htmlspecialchars($context['search']['string']) . '" class="input_text" />
<input type="submit" name="is_search" value="' . $txt['modlog_go'] . '" class="button_submit" />
' . ($context['can_delete'] ? '|
<input type="submit" name="remove" value="' . $txt['modlog_remove'] . '" onclick="return confirm(\'' . $txt['modlog_remove_selected_confirm'] . '\');" class="right_submit" />
<input type="submit" name="removeall" value="' . $txt['modlog_removeall'] . '" onclick="return confirm(\'' . $txt['modlog_remove_all_confirm'] . '\');" class="right_submit" />' : '') . '
</div>')));
createToken('mod-ml');
// Create the log listing
createList($listOptions);
$context['sub_template'] = 'show_list';
$context['default_list'] = 'moderation_log_list';
}
/**
* Change moderation preferences.
*/
function ModerationSettings()
{
global $context, $smcFunc, $txt, $sourcedir, $scripturl, $user_settings, $user_info;
// Some useful context stuff.
loadTemplate('ModerationCenter');
$context['page_title'] = $txt['mc_settings'];
$context['sub_template'] = 'moderation_settings';
// What blocks can this user see?
$context['homepage_blocks'] = array('n' => $txt['mc_prefs_latest_news'], 'p' => $txt['mc_notes']);
if ($context['can_moderate_groups']) {
$context['homepage_blocks']['g'] = $txt['mc_group_requests'];
}
if ($context['can_moderate_boards']) {
$context['homepage_blocks']['r'] = $txt['mc_reported_posts'];
$context['homepage_blocks']['w'] = $txt['mc_watched_users'];
}
// Does the user have any settings yet?
if (empty($user_settings['mod_prefs'])) {
$mod_blocks = 'n' . ($context['can_moderate_boards'] ? 'wr' : '') . ($context['can_moderate_groups'] ? 'g' : '');
$pref_binary = 5;
$show_reports = 1;
} else {
list($show_reports, $mod_blocks, $pref_binary) = explode('|', $user_settings['mod_prefs']);
}
// Are we saving?
if (isset($_POST['save'])) {
checkSession('post');
validateToken('mod-set');
/* Current format of mod_prefs is:
x|ABCD|yyy
WHERE:
x = Show report count on forum header.
ABCD = Block indexes to show on moderation main page.
yyy = Integer with the following bit status:
- yyy & 1 = Always notify on reports.
- yyy & 2 = Notify on reports for moderators only.
- yyy & 4 = Notify about posts awaiting approval.
*/
// Do blocks first!
$mod_blocks = '';
if (!empty($_POST['mod_homepage'])) {
foreach ($_POST['mod_homepage'] as $k => $v) {
// Make sure they can add this...
if (isset($context['homepage_blocks'][$k])) {
$mod_blocks .= $k;
}
}
}
// Now check other options!
$pref_binary = 0;
if ($context['can_moderate_approvals'] && !empty($_POST['mod_notify_approval'])) {
$pref_binary |= 4;
}
if ($context['can_moderate_boards']) {
if (!empty($_POST['mod_notify_report'])) {
$pref_binary |= $_POST['mod_notify_report'] == 2 ? 1 : 2;
}
$show_reports = !empty($_POST['mod_show_reports']) ? 1 : 0;
}
// Put it all together.
$mod_prefs = $show_reports . '|' . $mod_blocks . '|' . $pref_binary;
updateMemberData($user_info['id'], array('mod_prefs' => $mod_prefs));
}
// What blocks does the user currently have selected?
$context['mod_settings'] = array('show_reports' => $show_reports, 'notify_report' => $pref_binary & 2 ? 1 : ($pref_binary & 1 ? 2 : 0), 'notify_approval' => $pref_binary & 4, 'user_blocks' => str_split($mod_blocks));
createToken('mod-set');
}
/**
* Actually logs you in.
*
* What it does:
* - checks credentials and checks that login was successful.
* - it employs protection against a specific IP or user trying to brute force
* a login to an account.
* - upgrades password encryption on login, if necessary.
* - after successful login, redirects you to $_SESSION['login_url'].
* - accessed from ?action=login2, by forms.
*
* On error, uses the same templates action_login() uses.
*/
public function action_login2()
{
global $txt, $scripturl, $user_info, $user_settings, $modSettings, $context, $sc;
// Load cookie authentication and all stuff.
require_once SUBSDIR . '/Auth.subs.php';
// Beyond this point you are assumed to be a guest trying to login.
if (!$user_info['is_guest']) {
redirectexit();
}
// Are you guessing with a script?
checkSession('post');
validateToken('login');
spamProtection('login');
// Set the login_url if it's not already set (but careful not to send us to an attachment).
if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0 || isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false) {
$_SESSION['login_url'] = $_SESSION['old_url'];
}
// Been guessing a lot, haven't we?
if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
fatal_lang_error('login_threshold_fail', 'critical');
}
// Set up the cookie length. (if it's invalid, just fall through and use the default.)
if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) {
$modSettings['cookieTime'] = 3153600;
} elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) {
$modSettings['cookieTime'] = (int) $_POST['cookielength'];
}
loadLanguage('Login');
// Load the template stuff
loadTemplate('Login');
loadJavascriptFile('sha256.js', array('defer' => true));
$context['sub_template'] = 'login';
// Set up the default/fallback stuff.
$context['default_username'] = isset($_POST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_POST['user'], ENT_COMPAT, 'UTF-8')) : '';
$context['default_password'] = '';
$context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600;
$context['login_errors'] = array($txt['error_occurred']);
$context['page_title'] = $txt['login'];
// Add the login chain to the link tree.
$context['linktree'][] = array('url' => $scripturl . '?action=login', 'name' => $txt['login']);
// This is an OpenID login. Let's validate...
if (!empty($_POST['openid_identifier']) && !empty($modSettings['enableOpenID'])) {
require_once SUBSDIR . '/OpenID.subs.php';
$open_id = new OpenID();
if ($open_id->validate($_POST['openid_identifier']) !== 'no_data') {
return $open_id;
} else {
$context['login_errors'] = array($txt['openid_not_found']);
return;
}
}
// You forgot to type your username, dummy!
if (!isset($_POST['user']) || $_POST['user'] == '') {
$context['login_errors'] = array($txt['need_username']);
return;
}
// No one needs a username that long, plus we only support 80 chars in the db
if (Util::strlen($_POST['user']) > 80) {
$_POST['user'] = Util::substr($_POST['user'], 0, 80);
}
// Can't use a password > 64 characters sorry, to long and only good for a DoS attack
// Plus we expect a 64 character one from SHA-256
if (isset($_POST['passwrd']) && strlen($_POST['passwrd']) > 64 || isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) > 64) {
$context['login_errors'] = array($txt['improper_password']);
return;
}
// Hmm... maybe 'admin' will login with no password. Uhh... NO!
if ((!isset($_POST['passwrd']) || $_POST['passwrd'] == '') && (!isset($_POST['hash_passwrd']) || strlen($_POST['hash_passwrd']) != 64)) {
$context['login_errors'] = array($txt['no_password']);
return;
}
// No funky symbols either.
if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~', '', $_POST['user'])) != 0) {
$context['login_errors'] = array($txt['error_invalid_characters_username']);
return;
}
// Are we using any sort of integration to validate the login?
if (in_array('retry', call_integration_hook('integrate_validate_login', array($_POST['user'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime'])), true)) {
$context['login_errors'] = array($txt['login_hash_error']);
$context['disable_login_hashing'] = true;
return;
}
// Find them... if we can
$user_settings = loadExistingMember($_POST['user']);
// Let them try again, it didn't match anything...
if (empty($user_settings)) {
$context['login_errors'] = array($txt['username_no_exist']);
return;
}
// Figure out if the password is using Elk's encryption - if what they typed is right.
if (isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) === 64) {
// Challenge what was passed
$valid_password = validateLoginPassword($_POST['hash_passwrd'], $user_settings['passwd']);
// Let them in
if ($valid_password) {
$sha_passwd = $_POST['hash_passwrd'];
$valid_password = true;
} elseif (preg_match('/^[0-9a-f]{40}$/i', $user_settings['passwd']) && isset($_POST['old_hash_passwrd']) && $_POST['old_hash_passwrd'] === hash('sha1', $user_settings['passwd'] . $sc)) {
// Old password passed, turn off hashing and ask for it again so we can update the db to something more secure.
$context['login_errors'] = array($txt['login_hash_error']);
$context['disable_login_hashing'] = true;
unset($user_settings);
return;
} else {
// Don't allow this!
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
$_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? $_SESSION['failed_login'] + 1 : 1;
// To many tries, maybe they need a reminder
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
// Wrong password, lets enable plain text responses in case form hashing is causing problems
$context['disable_login_hashing'] = true;
$context['login_errors'] = array($txt['incorrect_password']);
unset($user_settings);
return;
}
}
} else {
// validateLoginPassword will hash this like the form normally would and check its valid
$sha_passwd = $_POST['passwrd'];
$valid_password = validateLoginPassword($sha_passwd, $user_settings['passwd'], $user_settings['member_name']);
}
// Bad password! Thought you could fool the database?!
if ($valid_password === false) {
// Let's be cautious, no hacking please. thanx.
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
// Maybe we were too hasty... let's try some other authentication methods.
$other_passwords = $this->_other_passwords($user_settings);
// Whichever encryption it was using, let's make it use ElkArte's now ;).
if (in_array($user_settings['passwd'], $other_passwords)) {
$user_settings['passwd'] = validateLoginPassword($sha_passwd, '', '', true);
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
// Update the password hash and set up the salt.
updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt'], 'passwd_flood' => ''));
} else {
// They've messed up again - keep a count to see if they need a hand.
$_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? $_SESSION['failed_login'] + 1 : 1;
// Hmm... don't remember it, do you? Here, try the password reminder ;).
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
// Log an error so we know that it didn't go well in the error log.
log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
$context['login_errors'] = array($txt['incorrect_password']);
return;
}
}
} elseif (!empty($user_settings['passwd_flood'])) {
// Let's be sure they weren't a little hacker.
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood'], true);
// If we got here then we can reset the flood counter.
updateMemberData($user_settings['id_member'], array('passwd_flood' => ''));
}
// Correct password, but they've got no salt; fix it!
if ($user_settings['password_salt'] == '') {
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_settings['id_member'], array('password_salt' => $user_settings['password_salt']));
}
// Check their activation status.
if (!checkActivation()) {
return;
}
doLogin();
}
/**
* Reorders the message icons from a drag/drop event
*/
public function action_messageiconorder()
{
global $context, $txt;
// Initilize
$context['xml_data'] = array();
$errors = array();
$order = array();
// Seems these will be needed
loadLanguage('Errors');
loadLanguage('ManageSmileys');
require_once SUBSDIR . '/MessageIcons.subs.php';
// You have to be allowed to do this
$validation_token = validateToken('admin-sort', 'post', true, false);
$validation_session = validateSession();
if (empty($validation_session) && $validation_token === true) {
// No questions that we are reordering
if (isset($_POST['order']) && $_POST['order'] == 'reorder') {
// Get the current list of icons.
$message_icons = fetchMessageIconsDetails();
$view_order = 0;
$iconInsert = array();
// The field ids arrive in 1-n view order, so we simply build an update array
foreach ($_POST['list_message_icon_list'] as $id) {
$iconInsert[] = array($id, $message_icons[$id]['board_id'], $message_icons[$id]['title'], $message_icons[$id]['filename'], $view_order);
$view_order++;
}
// With the replace set
if (!empty($iconInsert)) {
updateMessageIcon($iconInsert);
sortMessageIconTable();
} else {
$errors[] = array('value' => $txt['no_sortable_items']);
}
}
$order[] = array('value' => $txt['icons_reordered']);
} else {
if (!empty($validation_session)) {
$errors[] = array('value' => $txt[$validation_session]);
}
if (empty($validation_token)) {
$errors[] = array('value' => $txt['token_verify_fail']);
}
}
// New generic token for use
createToken('admin-sort', 'post');
$tokens = array(array('value' => $context['admin-sort_token'], 'attributes' => array('type' => 'token')), array('value' => $context['admin-sort_token_var'], 'attributes' => array('type' => 'token_var')));
// Return the response
$context['sub_template'] = 'generic_xml';
$context['xml_data'] = array('orders' => array('identifier' => 'order', 'children' => $order), 'tokens' => array('identifier' => 'token', 'children' => $tokens), 'errors' => array('identifier' => 'error', 'children' => $errors));
}
/**
* Edit some profile fields?
*
* - Accessed with ?action=admin;area=featuresettings;sa=profileedit
*
* @uses sub template edit_profile_field
*/
public function action_profileedit()
{
global $txt, $scripturl, $context;
require_once SUBSDIR . '/ManageFeatures.subs.php';
loadTemplate('ManageFeatures');
// Sort out the context!
$context['fid'] = isset($_GET['fid']) ? (int) $_GET['fid'] : 0;
$context[$context['admin_menu_name']]['current_subsection'] = 'profile';
$context['page_title'] = $context['fid'] ? $txt['custom_edit_title'] : $txt['custom_add_title'];
$context['sub_template'] = 'edit_profile_field';
// any errors messages to show?
if (isset($_GET['msg'])) {
loadLanguage('Errors');
if (isset($txt['custom_option_' . $_GET['msg']])) {
$context['custom_option__error'] = $txt['custom_option_' . $_GET['msg']];
}
}
// Load the profile language for section names.
loadLanguage('Profile');
// Load up the profile field, if one was supplied
if ($context['fid']) {
$context['field'] = getProfileField($context['fid']);
}
// Setup the default values as needed.
if (empty($context['field'])) {
$context['field'] = array('name' => '', 'colname' => '???', 'desc' => '', 'profile_area' => 'forumprofile', 'reg' => false, 'display' => false, 'memberlist' => false, 'type' => 'text', 'max_length' => 255, 'rows' => 4, 'cols' => 30, 'bbc' => false, 'default_check' => false, 'default_select' => '', 'options' => array('', '', ''), 'active' => true, 'private' => false, 'can_search' => false, 'mask' => 'nohtml', 'regex' => '', 'enclose' => '', 'placement' => 0);
}
// All the javascript for this page... everything else is in admin.js
addJavascriptVar(array('startOptID' => count($context['field']['options'])));
addInlineJavascript('updateInputBoxes();', true);
// Are we toggling which ones are active?
if (isset($_POST['onoff'])) {
checkSession();
validateToken('admin-scp');
// Enable and disable custom fields as required.
$enabled = array(0);
foreach ($_POST['cust'] as $id) {
$enabled[] = (int) $id;
}
updateRenamedProfileStatus($enabled);
} elseif (isset($_POST['save'])) {
checkSession();
validateToken('admin-ecp');
// Everyone needs a name - even the (bracket) unknown...
if (trim($_POST['field_name']) == '') {
redirectexit($scripturl . '?action=admin;area=featuresettings;sa=profileedit;fid=' . $_GET['fid'] . ';msg=need_name');
}
// Regex you say? Do a very basic test to see if the pattern is valid
if (!empty($_POST['regex']) && @preg_match($_POST['regex'], 'dummy') === false) {
redirectexit($scripturl . '?action=admin;area=featuresettings;sa=profileedit;fid=' . $_GET['fid'] . ';msg=regex_error');
}
$_POST['field_name'] = Util::htmlspecialchars($_POST['field_name']);
$_POST['field_desc'] = Util::htmlspecialchars($_POST['field_desc']);
// Checkboxes...
$show_reg = isset($_POST['reg']) ? (int) $_POST['reg'] : 0;
$show_display = isset($_POST['display']) ? 1 : 0;
$show_memberlist = isset($_POST['memberlist']) ? 1 : 0;
$bbc = isset($_POST['bbc']) ? 1 : 0;
$show_profile = $_POST['profile_area'];
$active = isset($_POST['active']) ? 1 : 0;
$private = isset($_POST['private']) ? (int) $_POST['private'] : 0;
$can_search = isset($_POST['can_search']) ? 1 : 0;
// Some masking stuff...
$mask = isset($_POST['mask']) ? $_POST['mask'] : '';
if ($mask == 'regex' && isset($_POST['regex'])) {
$mask .= $_POST['regex'];
}
$field_length = isset($_POST['max_length']) ? (int) $_POST['max_length'] : 255;
$enclose = isset($_POST['enclose']) ? $_POST['enclose'] : '';
$placement = isset($_POST['placement']) ? (int) $_POST['placement'] : 0;
// Select options?
$field_options = '';
$newOptions = array();
$default = isset($_POST['default_check']) && $_POST['field_type'] == 'check' ? 1 : '';
if (!empty($_POST['select_option']) && ($_POST['field_type'] == 'select' || $_POST['field_type'] == 'radio')) {
foreach ($_POST['select_option'] as $k => $v) {
// Clean, clean, clean...
$v = Util::htmlspecialchars($v);
$v = strtr($v, array(',' => ''));
// Nada, zip, etc...
if (trim($v) == '') {
continue;
}
// Otherwise, save it boy.
$field_options .= $v . ',';
// This is just for working out what happened with old options...
$newOptions[$k] = $v;
// Is it default?
if (isset($_POST['default_select']) && $_POST['default_select'] == $k) {
$default = $v;
}
}
if (isset($_POST['default_select']) && $_POST['default_select'] == 'no_default') {
$default = 'no_default';
}
$field_options = substr($field_options, 0, -1);
}
// Text area by default has dimensions
if ($_POST['field_type'] == 'textarea') {
$default = (int) $_POST['rows'] . ',' . (int) $_POST['cols'];
}
// Come up with the unique name?
if (empty($context['fid'])) {
$colname = Util::substr(strtr($_POST['field_name'], array(' ' => '')), 0, 6);
preg_match('~([\\w\\d_-]+)~', $colname, $matches);
// If there is nothing to the name, then let's start our own - for foreign languages etc.
if (isset($matches[1])) {
$colname = $initial_colname = 'cust_' . strtolower($matches[1]);
} else {
$colname = $initial_colname = 'cust_' . mt_rand(1, 999999);
}
$unique = ensureUniqueProfileField($colname, $initial_colname);
// Still not a unique colum name? Leave it up to the user, then.
if (!$unique) {
fatal_lang_error('custom_option_not_unique');
}
} else {
// Anything going to check or select is pointless keeping - as is anything coming from check!
if ($_POST['field_type'] == 'check' && $context['field']['type'] != 'check' || ($_POST['field_type'] == 'select' || $_POST['field_type'] == 'radio') && $context['field']['type'] != 'select' && $context['field']['type'] != 'radio' || $context['field']['type'] == 'check' && $_POST['field_type'] != 'check') {
deleteProfileFieldUserData($context['field']['colname']);
} elseif ($_POST['field_type'] == 'select' || $_POST['field_type'] == 'radio') {
$optionChanges = array();
$takenKeys = array();
// Work out what's changed!
foreach ($context['field']['options'] as $k => $option) {
if (trim($option) == '') {
continue;
}
// Still exists?
if (in_array($option, $newOptions)) {
$takenKeys[] = $k;
continue;
}
}
// Finally - have we renamed it - or is it really gone?
foreach ($optionChanges as $k => $option) {
// Just been renamed?
if (!in_array($k, $takenKeys) && !empty($newOptions[$k])) {
updateRenamedProfileField($k, $newOptions, $context['field']['colname'], $option);
}
}
}
// @todo Maybe we should adjust based on new text length limits?
}
// Updating an existing field?
if ($context['fid']) {
$field_data = array('field_length' => $field_length, 'show_reg' => $show_reg, 'show_display' => $show_display, 'show_memberlist' => $show_memberlist, 'private' => $private, 'active' => $active, 'can_search' => $can_search, 'bbc' => $bbc, 'current_field' => $context['fid'], 'field_name' => $_POST['field_name'], 'field_desc' => $_POST['field_desc'], 'field_type' => $_POST['field_type'], 'field_options' => $field_options, 'show_profile' => $show_profile, 'default_value' => $default, 'mask' => $mask, 'enclose' => $enclose, 'placement' => $placement);
updateProfileField($field_data);
// Just clean up any old selects - these are a pain!
if (($_POST['field_type'] == 'select' || $_POST['field_type'] == 'radio') && !empty($newOptions)) {
deleteOldProfileFieldSelects($newOptions, $context['field']['colname']);
}
} else {
$new_field = array('col_name' => $colname, 'field_name' => $_POST['field_name'], 'field_desc' => $_POST['field_desc'], 'field_type' => $_POST['field_type'], 'field_length' => $field_length, 'field_options' => $field_options, 'show_reg' => $show_reg, 'show_display' => $show_display, 'show_memberlist' => $show_memberlist, 'show_profile' => $show_profile, 'private' => $private, 'active' => $active, 'default' => $default, 'can_search' => $can_search, 'bbc' => $bbc, 'mask' => $mask, 'enclose' => $enclose, 'placement' => $placement, 'vieworder' => list_getProfileFieldSize() + 1);
addProfileField($new_field);
}
} elseif (isset($_POST['delete']) && $context['field']['colname']) {
checkSession();
validateToken('admin-ecp');
// Delete the old data first, then the field.
deleteProfileFieldUserData($context['field']['colname']);
deleteProfileField($context['fid']);
}
// Rebuild display cache etc.
if (isset($_POST['delete']) || isset($_POST['save']) || isset($_POST['onoff'])) {
checkSession();
// Update the display cache
updateDisplayCache();
redirectexit('action=admin;area=featuresettings;sa=profile');
}
createToken('admin-ecp');
}
function getPlanned($token, $studentId, $semester, $year)
{
$result = array();
try {
if (!validateToken($token, $studentId)) {
return 403;
}
if (empty($studentId)) {
return 404;
}
$conn = new PDO(DBCONNECTSTRING, DBUSER, DBPASSWORD);
$sql = 'SELECT * FROM course_records,courses WHERE type=2 AND courseId=courses.id AND studentId=:stuId AND semesterCode=:semester AND year=:year';
$stmt = $conn->prepare($sql);
$stmt->bindParam(':stuId', $studentId);
$stmt->bindParam(':semester', $semester);
$stmt->bindParam(':year', $year);
$stmt->execute();
$courses = $stmt->fetchAll();
//echo "Hello";
//echo $stmt->rowCount();
if ($stmt->rowCount() <= 0) {
return $result;
}
foreach ($courses as $course) {
/*echo "<p>json:";
echo print_r($course);
echo "</p>";
*/
$c = new stdClass();
$c->id = $course['id'];
$c->dept = $course['dept'];
$c->num = $course['num'];
$c->type = $course['type'];
$c->reqId = $course['reqId'];
$c->proposedReqId = $course['proposedReqId'];
$c->plannedSemester = $course['semesterCode'];
$c->plannedSemesterName = getSemesterName($c->plannedSemester);
$c->plannedYear = $course['year'];
$result[] = $c;
}
$jsonResult = json_encode($result);
/*echo "<p>json:";
echo $jsonResult;
echo "</p>";
*/
//json_encode
} catch (PDOException $e) {
//echo $sql . "<br>" . $e->getMessage();
return 500;
}
$conn = null;
return $jsonResult;
}
/**
* Shows an interface to set and test censored words.
*
* - It uses the censor_vulgar, censor_proper, censorWholeWord, and
* censorIgnoreCase settings.
* - Requires the admin_forum permission.
* - Accessed from ?action=admin;area=postsettings;sa=censor.
*
* @uses the Admin template and the edit_censored sub template.
*/
public function action_censor()
{
global $txt, $modSettings, $context;
if (!empty($_POST['save_censor'])) {
// Make sure censoring is something they can do.
checkSession();
validateToken('admin-censor');
$censored_vulgar = array();
$censored_proper = array();
// Rip it apart, then split it into two arrays.
if (isset($_POST['censortext'])) {
$_POST['censortext'] = explode("\n", strtr($_POST['censortext'], array("\r" => '')));
foreach ($_POST['censortext'] as $c) {
list($censored_vulgar[], $censored_proper[]) = array_pad(explode('=', trim($c)), 2, '');
}
} elseif (isset($_POST['censor_vulgar'], $_POST['censor_proper'])) {
if (is_array($_POST['censor_vulgar'])) {
foreach ($_POST['censor_vulgar'] as $i => $value) {
if (trim(strtr($value, '*', ' ')) == '') {
unset($_POST['censor_vulgar'][$i], $_POST['censor_proper'][$i]);
}
}
$censored_vulgar = $_POST['censor_vulgar'];
$censored_proper = $_POST['censor_proper'];
} else {
$censored_vulgar = explode("\n", strtr($_POST['censor_vulgar'], array("\r" => '')));
$censored_proper = explode("\n", strtr($_POST['censor_proper'], array("\r" => '')));
}
}
// Set the new arrays and settings in the database.
$updates = array('censor_vulgar' => implode("\n", $censored_vulgar), 'censor_proper' => implode("\n", $censored_proper), 'censorWholeWord' => empty($_POST['censorWholeWord']) ? '0' : '1', 'censorIgnoreCase' => empty($_POST['censorIgnoreCase']) ? '0' : '1');
call_integration_hook('integrate_save_censors', array(&$updates));
updateSettings($updates);
}
// Testing a word to see how it will be censored?
if (isset($_POST['censortest'])) {
require_once SUBSDIR . '/Post.subs.php';
$censorText = htmlspecialchars($_POST['censortest'], ENT_QUOTES, 'UTF-8');
preparsecode($censorText);
$pre_censor = $censorText;
$context['censor_test'] = strtr(censorText($censorText), array('"' => '"'));
}
// Set everything up for the template to do its thang.
$censor_vulgar = explode("\n", $modSettings['censor_vulgar']);
$censor_proper = explode("\n", $modSettings['censor_proper']);
$context['censored_words'] = array();
for ($i = 0, $n = count($censor_vulgar); $i < $n; $i++) {
if (empty($censor_vulgar[$i])) {
continue;
}
// Skip it, it's either spaces or stars only.
if (trim(strtr($censor_vulgar[$i], '*', ' ')) == '') {
continue;
}
$context['censored_words'][htmlspecialchars(trim($censor_vulgar[$i]))] = isset($censor_proper[$i]) ? htmlspecialchars($censor_proper[$i], ENT_COMPAT, 'UTF-8') : '';
}
call_integration_hook('integrate_censors');
createToken('admin-censor');
// Using ajax?
if (isset($_REQUEST['xml'], $_POST['censortest'])) {
// Clear the templates
$template_layers = Template_Layers::getInstance();
$template_layers->removeAll();
// Send back a response
loadTemplate('Json');
$context['sub_template'] = 'send_json';
$context['json_data'] = array('result' => true, 'censor' => $pre_censor . ' <i class="fa fa-arrow-circle-right"></i> ' . $context['censor_test'], 'token_val' => $context['admin-censor_token_var'], 'token' => $context['admin-censor_token']);
} else {
$context['sub_template'] = 'edit_censored';
$context['page_title'] = $txt['admin_censored_words'];
}
}
require_once '../db_config/generated-conf/config.php';
$config = (include '../config.php');
use Illuminate\Filesystem\Filesystem;
use GuzzleHttp\Client;
$app = new \Slim\Slim();
$app->get('/getFiles', function () use($app) {
logMessage("Accepted Request: getFiles " . date('m/d/Y h:i:s') . ".\n");
//log something
return validateToken($app->request->headers['TOKEN'], $app) === true ? getFiles() : validateToken($app->request->headers['TOKEN'], $app);
});
$app->post('/getSyncFiles', function () use($app) {
$data = file_get_contents("php://input");
$data = (array) json_decode($data);
logMessage("Accepted Request: getSyncFiles param of DATE: " . $data['date'] . " and STORE of " . $data['store'] . ' on ' . date('m/d/Y h:i:s') . ".\n");
//log something
return validateToken($app->request->headers['TOKEN'], $app) === true ? getSyncFiles($data['date'], $data['store']) : validateToken($app->request->headers['TOKEN'], $app);
});
//Accept files to process from Netsuite
$app->post('/setToAccomplish', function () use($app) {
logMessage("Accepted Request: setToAccomplish " . date('m/d/Y h:i:s') . ".\n");
//log something
$data = file_get_contents("php://input");
//$data = json_encode($data, dio_truncate(fd, offset));
$data = (array) json_decode($data);
$client = new Client();
//print_r($data);
foreach ($data['po'] as $file) {
echo $file . "<br/>";
logMessage("Send Request: http://localhost:9000/post.php " . date('m/d/Y h:i:s') . ".\n");
//log something
$client->post('http://localhost:9000/post.php', ['body' => [json_encode(processFile($file))]]);
use BlockCypher\Validation\TokenValidator;
error_reporting(E_ALL);
ini_set('display_errors', '1');
if (ini_set('precision', 17) === false) {
die("Couldn't update precision.");
}
if (ini_set('serialize_precision', 17) === false) {
die("Couldn't update serialize_precision.");
}
// Replace these values by entering your own token by visiting https://accounts.blockcypher.com/
/** @noinspection SpellCheckingInspection */
$token = 'c0afcccdde5081d6429de37d16166ead';
if (isset($_GET['token'])) {
$token = $_GET['token'];
}
if (!validateToken($token)) {
echo 'Invalid token. Please get new one: <a href="https://accounts.blockcypher.com/">https://accounts.blockcypher.com/</a>';
exit(1);
}
/** @var \BlockCypher\Rest\ApiContext $apiContext */
$apiContextSdkConfigFile = getApiContextUsingConfigIni();
$apiContexts = createApiContextForAllChains($token);
$apiContexts['sdk_config'] = $apiContextSdkConfigFile;
// Add ApiContext created using sdk_config.ini custom settings
return $apiContexts;
/**
* Create an ApiContext for each chain
* @param $token
* @return array
*/
function createApiContextForAllChains($token)
/**
* Edit the search method and search index used.
* Calculates the size of the current search indexes in use.
* Allows to create and delete a fulltext index on the messages table.
* Allows to delete a custom index (that CreateMessageIndex() created).
* Called by ?action=admin;area=managesearch;sa=method.
* Requires the admin_forum permission.
*
* @uses ManageSearch template, 'select_search_method' sub-template.
*/
function EditSearchMethod()
{
global $txt, $context, $modSettings, $smcFunc, $db_type, $db_prefix;
$context[$context['admin_menu_name']]['current_subsection'] = 'method';
$context['page_title'] = $txt['search_method_title'];
$context['sub_template'] = 'select_search_method';
$context['supports_fulltext'] = $smcFunc['db_search_support']('fulltext');
// Load any apis.
$context['search_apis'] = loadSearchAPIs();
// Detect whether a fulltext index is set.
if ($context['supports_fulltext']) {
detectFulltextIndex();
}
if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'createfulltext') {
checkSession('get');
validateToken('admin-msm', 'get');
// Make sure it's gone before creating it.
$smcFunc['db_query']('', '
ALTER TABLE {db_prefix}messages
DROP INDEX body', array('db_error_skip' => true));
$smcFunc['db_query']('', '
ALTER TABLE {db_prefix}messages
ADD FULLTEXT body (body)', array());
$context['fulltext_index'] = 'body';
} elseif (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'removefulltext' && !empty($context['fulltext_index'])) {
checkSession('get');
validateToken('admin-msm', 'get');
$smcFunc['db_query']('', '
ALTER TABLE {db_prefix}messages
DROP INDEX ' . implode(',
DROP INDEX ', $context['fulltext_index']), array('db_error_skip' => true));
$context['fulltext_index'] = '';
// Go back to the default search method.
if (!empty($modSettings['search_index']) && $modSettings['search_index'] == 'fulltext') {
updateSettings(array('search_index' => ''));
}
} elseif (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'removecustom') {
checkSession('get');
validateToken('admin-msm', 'get');
db_extend();
$tables = $smcFunc['db_list_tables'](false, $db_prefix . 'log_search_words');
if (!empty($tables)) {
$smcFunc['db_search_query']('drop_words_table', '
DROP TABLE {db_prefix}log_search_words', array());
}
updateSettings(array('search_custom_index_config' => '', 'search_custom_index_resume' => ''));
// Go back to the default search method.
if (!empty($modSettings['search_index']) && $modSettings['search_index'] == 'custom') {
updateSettings(array('search_index' => ''));
}
} elseif (isset($_POST['save'])) {
checkSession();
validateToken('admin-msmpost');
updateSettings(array('search_index' => empty($_POST['search_index']) || !in_array($_POST['search_index'], array('fulltext', 'custom')) && !isset($context['search_apis'][$_POST['search_index']]) ? '' : $_POST['search_index'], 'search_force_index' => isset($_POST['search_force_index']) ? '1' : '0', 'search_match_words' => isset($_POST['search_match_words']) ? '1' : '0'));
}
$context['table_info'] = array('data_length' => 0, 'index_length' => 0, 'fulltext_length' => 0, 'custom_index_length' => 0);
// Get some info about the messages table, to show its size and index size.
if ($db_type == 'mysql') {
if (preg_match('~^`(.+?)`\\.(.+?)$~', $db_prefix, $match) !== 0) {
$request = $smcFunc['db_query']('', '
SHOW TABLE STATUS
FROM {string:database_name}
LIKE {string:table_name}', array('database_name' => '`' . strtr($match[1], array('`' => '')) . '`', 'table_name' => str_replace('_', '\\_', $match[2]) . 'messages'));
} else {
$request = $smcFunc['db_query']('', '
SHOW TABLE STATUS
LIKE {string:table_name}', array('table_name' => str_replace('_', '\\_', $db_prefix) . 'messages'));
}
if ($request !== false && $smcFunc['db_num_rows']($request) == 1) {
// Only do this if the user has permission to execute this query.
$row = $smcFunc['db_fetch_assoc']($request);
$context['table_info']['data_length'] = $row['Data_length'];
$context['table_info']['index_length'] = $row['Index_length'];
$context['table_info']['fulltext_length'] = $row['Index_length'];
$smcFunc['db_free_result']($request);
}
// Now check the custom index table, if it exists at all.
if (preg_match('~^`(.+?)`\\.(.+?)$~', $db_prefix, $match) !== 0) {
$request = $smcFunc['db_query']('', '
SHOW TABLE STATUS
FROM {string:database_name}
LIKE {string:table_name}', array('database_name' => '`' . strtr($match[1], array('`' => '')) . '`', 'table_name' => str_replace('_', '\\_', $match[2]) . 'log_search_words'));
} else {
$request = $smcFunc['db_query']('', '
SHOW TABLE STATUS
LIKE {string:table_name}', array('table_name' => str_replace('_', '\\_', $db_prefix) . 'log_search_words'));
}
if ($request !== false && $smcFunc['db_num_rows']($request) == 1) {
// Only do this if the user has permission to execute this query.
$row = $smcFunc['db_fetch_assoc']($request);
$context['table_info']['index_length'] += $row['Data_length'] + $row['Index_length'];
$context['table_info']['custom_index_length'] = $row['Data_length'] + $row['Index_length'];
$smcFunc['db_free_result']($request);
}
} elseif ($db_type == 'postgresql') {
// In order to report the sizes correctly we need to perform vacuum (optimize) on the tables we will be using.
db_extend();
$temp_tables = $smcFunc['db_list_tables']();
foreach ($temp_tables as $table) {
if ($table == $db_prefix . 'messages' || $table == $db_prefix . 'log_search_words') {
$smcFunc['db_optimize_table']($table);
}
}
// PostGreSql has some hidden sizes.
$request = $smcFunc['db_query']('', '
SELECT relname, relpages * 8 *1024 AS "KB" FROM pg_class
WHERE relname = {string:messages} OR relname = {string:log_search_words}
ORDER BY relpages DESC', array('messages' => $db_prefix . 'messages', 'log_search_words' => $db_prefix . 'log_search_words'));
if ($request !== false && $smcFunc['db_num_rows']($request) > 0) {
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if ($row['relname'] == $db_prefix . 'messages') {
$context['table_info']['data_length'] = (int) $row['KB'];
$context['table_info']['index_length'] = (int) $row['KB'];
// Doesn't support fulltext
$context['table_info']['fulltext_length'] = $txt['not_applicable'];
} elseif ($row['relname'] == $db_prefix . 'log_search_words') {
$context['table_info']['index_length'] = (int) $row['KB'];
$context['table_info']['custom_index_length'] = (int) $row['KB'];
}
}
$smcFunc['db_free_result']($request);
} else {
// Didn't work for some reason...
$context['table_info'] = array('data_length' => $txt['not_applicable'], 'index_length' => $txt['not_applicable'], 'fulltext_length' => $txt['not_applicable'], 'custom_index_length' => $txt['not_applicable']);
}
} else {
$context['table_info'] = array('data_length' => $txt['not_applicable'], 'index_length' => $txt['not_applicable'], 'fulltext_length' => $txt['not_applicable'], 'custom_index_length' => $txt['not_applicable']);
}
// Format the data and index length in kilobytes.
foreach ($context['table_info'] as $type => $size) {
// If it's not numeric then just break. This database engine doesn't support size.
if (!is_numeric($size)) {
break;
}
$context['table_info'][$type] = comma_format($context['table_info'][$type] / 1024) . ' ' . $txt['search_method_kilobytes'];
}
$context['custom_index'] = !empty($modSettings['search_custom_index_config']);
$context['partial_custom_index'] = !empty($modSettings['search_custom_index_resume']) && empty($modSettings['search_custom_index_config']);
$context['double_index'] = !empty($context['fulltext_index']) && $context['custom_index'];
createToken('admin-msmpost');
createToken('admin-msm', 'get');
}
$activity = $_POST['activity'];
$bps = $_POST['bps'];
$bpd = $_POST['bpd'];
$weight = $_POST['weight'];
$height = $_POST['height'];
$temperature = $_POST['temperature'];
$temp_method = $_POST['temp_method'];
$pulse = $_POST['pulse'];
$respiration = $_POST['respiration'];
$note = $_POST['note'];
$BMI = $_POST['BMI'];
$BMI_status = $_POST['BMI_status'];
$waist_circ = $_POST['waist_circ'];
$head_circ = $_POST['head_circ'];
$oxygen_saturation = $_POST['oxygen_saturation'];
if ($userId = validateToken($token)) {
$user = getUsername($userId);
$acl_allow = acl_check('encounters', 'auth_a', $user);
if ($acl_allow) {
$strQuery = "UPDATE `form_vitals` SET \n `date`='" . add_escape_custom($date) . "',\n `pid`='" . add_escape_custom($patientId) . "',\n `user`='" . add_escape_custom($user) . "',\n `groupname`='" . add_escape_custom($groupname) . "',\n `authorized`='" . add_escape_custom($authorized) . "',\n `activity`='" . add_escape_custom($activity) . "',\n `bps`='" . add_escape_custom($bps) . "',\n `bpd`='" . add_escape_custom($bpd) . "',\n `weight`='" . add_escape_custom($weight) . "',\n `height`='" . add_escape_custom($height) . "',\n `temperature`='" . add_escape_custom($temperature) . "',\n `temp_method`='" . add_escape_custom($temp_method) . "',\n `pulse`='" . add_escape_custom($pulse) . "',\n `respiration`='" . add_escape_custom($respiration) . "',\n `note`='" . add_escape_custom($note) . "',\n `BMI`='" . add_escape_custom($BMI) . "',\n `BMI_status`='" . add_escape_custom($BMI_status) . "',\n `waist_circ`='" . add_escape_custom($waist_circ) . "',\n `head_circ`='" . add_escape_custom($head_circ) . "',\n `oxygen_saturation`='" . add_escape_custom($oxygen_saturation) . "' \n WHERE id = ?";
$result = sqlStatement($strQuery, array($vital_id));
if ($result !== FALSE) {
$xml_array['status'] = 0;
$xml_array['reason'] = 'Visit vital update successfully';
} else {
$xml_array['status'] = -1;
$xml_array['reason'] = 'Could not update isit vital';
}
} else {
$xml_string .= "<status>-2</status>\n";
$xml_string .= "<reason>You are not Authorized to perform this action</reason>\n";
/**
* Step 0.5: Does the login work?
*/
function checkLogin()
{
global $modSettings, $upcontext, $disable_security, $db_type, $support_js;
// Login checks require hard database work :P
$db = database();
// Are we trying to login?
if (isset($_POST['contbutt']) && (!empty($_POST['user']) || $disable_security)) {
// If we've disabled security pick a suitable name!
if (empty($_POST['user'])) {
$_POST['user'] = '******';
}
// Before SMF 2.0 these column names were different!
$oldDB = false;
if (empty($db_type) || $db_type == 'mysql') {
$request = $db->query('', '
SHOW COLUMNS
FROM {db_prefix}members
LIKE {string:member_name}', array('member_name' => 'memberName', 'db_error_skip' => true));
if ($db->num_rows($request) != 0) {
$oldDB = true;
}
$db->free_result($request);
}
// Get what we believe to be their details.
if (!$disable_security) {
if ($oldDB) {
$request = $db->query('', '
SELECT id_member, memberName AS member_name, passwd, id_group,
additionalGroups AS additional_groups, lngfile
FROM {db_prefix}members
WHERE memberName = {string:member_name}', array('member_name' => $_POST['user'], 'db_error_skip' => true));
} else {
$request = $db->query('', '
SELECT id_member, member_name, passwd, id_group, additional_groups, lngfile
FROM {db_prefix}members
WHERE member_name = {string:member_name}', array('member_name' => $_POST['user'], 'db_error_skip' => true));
}
if ($db->num_rows($request) != 0) {
list($id_member, $name, $password, $id_group, $addGroups, $user_language) = $db->fetch_row($request);
// These will come in handy, if you want to login
require_once SOURCEDIR . '/Security.php';
require_once SUBSDIR . '/Auth.subs.php';
$groups = explode(',', $addGroups);
$groups[] = $id_group;
foreach ($groups as $k => $v) {
$groups[$k] = (int) $v;
}
// Figure out if the password is using our encryption - if what they typed is right.
if (isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) === 64) {
validateToken('login');
$valid_password = validateLoginPassword($_REQUEST['hash_passwrd'], $password);
// Challenge passed.
if ($valid_password) {
$sha_passwd = $_REQUEST['hash_passwrd'];
$valid_password = true;
} elseif (preg_match('/^[0-9a-f]{40}$/i', $password)) {
// Might Need to update so we will need to ask for the password again.
$upcontext['disable_login_hashing'] = true;
$upcontext['login_hash_error'] = true;
}
} else {
// validateLoginPassword will convert this to a SHA-256 pw and check it
$sha_passwd = $_POST['passwrd'];
$valid_password = validateLoginPassword($sha_passwd, $password, $_POST['user']);
}
// Password still not working?
if ($valid_password === false && !empty($_POST['passwrd'])) {
// SHA-1 from SMF?
$sha_passwd = sha1(Util::strtolower($_POST['user']) . $_POST['passwrd']);
$valid_password = $sha_passwd === $password;
// Lets upgrade this to our new password
if ($valid_password) {
$password = validateLoginPassword($_POST['passwrd'], '', $_POST['user'], true);
$password_salt = substr(md5(mt_rand()), 0, 4);
// Update the password hash and set up the salt.
updateMemberData($id_member, array('passwd' => $password, 'password_salt' => $password_salt, 'passwd_flood' => ''));
}
}
} else {
$upcontext['username_incorrect'] = true;
}
$db->free_result($request);
}
$upcontext['username'] = $_POST['user'];
// Track whether javascript works!
if (!empty($_POST['js_works'])) {
$upcontext['upgrade_status']['js'] = 1;
$support_js = 1;
} else {
$support_js = 0;
}
// Note down the version we are coming from.
if (!empty($modSettings['elkVersion']) && empty($upcontext['user']['version'])) {
$upcontext['user']['version'] = $modSettings['elkVersion'];
}
// Didn't get anywhere?
if (empty($valid_password) && empty($upcontext['username_incorrect']) && !$disable_security) {
// MD5?
$md5pass = md5_hmac($_REQUEST['passwrd'], strtolower($_POST['user']));
if ($md5pass != $password) {
$upcontext['password_failed'] = true;
// Disable the hashing this time.
$upcontext['disable_login_hashing'] = true;
}
}
if (empty($upcontext['password_failed']) && !empty($name) || $disable_security) {
// Set the password.
if (!$disable_security) {
// Do we actually have permission?
if (!in_array(1, $groups)) {
$request = $db->query('', '
SELECT permission
FROM {db_prefix}permissions
WHERE id_group IN ({array_int:groups})
AND permission = {string:admin_forum}', array('groups' => $groups, 'admin_forum' => 'admin_forum', 'db_error_skip' => true));
if ($db->num_rows($request) == 0) {
return throw_error('You need to be an admin to perform an upgrade!');
}
$db->free_result($request);
}
$upcontext['user']['id'] = $id_member;
$upcontext['user']['name'] = $name;
} else {
$upcontext['user']['id'] = 1;
$upcontext['user']['name'] = 'Administrator';
}
$upcontext['user']['pass'] = mt_rand(0, 60000);
// This basically is used to match the GET variables to Settings.php.
$upcontext['upgrade_status']['pass'] = $upcontext['user']['pass'];
// Set the language to that of the user?
if (isset($user_language) && $user_language != $upcontext['language'] && file_exists($modSettings['theme_dir'] . '/languages/' . basename($user_language, '.lng') . '/index.' . basename($user_language, '.lng') . '.php')) {
$user_language = basename($user_language, '.lng');
$temp = substr(@implode('', @file($modSettings['theme_dir'] . '/languages/' . $user_language . '/index.' . $user_language . '.php')), 0, 4096);
preg_match('~(?://|/\\*)\\s*Version:\\s+(.+?);\\s*index(?:[\\s]{2}|\\*/)~i', $temp, $match);
if (empty($match[1]) || $match[1] != CURRENT_LANG_VERSION) {
$upcontext['upgrade_options_warning'] = 'The language files for your selected language, ' . $user_language . ', have not been updated to the latest version. Upgrade will continue with the forum default, ' . $upcontext['language'] . '.';
} elseif (!file_exists($modSettings['theme_dir'] . '/languages/' . $user_language . '/Install.' . $user_language . '.php')) {
$upcontext['upgrade_options_warning'] = 'The language files for your selected language, ' . $user_language . ', have not been uploaded/updated as the "Install" language file is missing. Upgrade will continue with the forum default, ' . $upcontext['language'] . '.';
} else {
// Set this as the new language.
$upcontext['language'] = $user_language;
$upcontext['upgrade_status']['lang'] = $upcontext['language'];
// Include the file.
require_once $modSettings['theme_dir'] . '/languages/' . $user_language . '/Install.' . $user_language . '.php';
}
}
// If we're resuming set the step and substep to be correct.
if (isset($_POST['cont'])) {
$upcontext['current_step'] = $upcontext['user']['step'];
$_GET['substep'] = $upcontext['user']['substep'];
}
return true;
}
}
return false;
}
if ($role == 3) {
$res['status'] = '0';
$res['admin'] = '1';
echo json_encode($res);
exit;
} else {
$res['status'] = '0';
$res['admin'] = '0';
echo json_encode($res);
exit;
}
}
}
if (isset($_GET['news'])) {
if ($_GET['news'] == 'private') {
if (validateToken()) {
$token = $_SERVER['HTTP_AUTHORIZATION'];
$result = $conn->query("SELECT id FROM users WHERE token = '{$token}'");
$id = $result->fetch_assoc()['id'];
$result = $conn->query("SELECT subs_id FROM subs WHERE user_id={$id}");
$news = [];
while ($row = $result->fetch_assoc()) {
$id = $row['subs_id'];
$result2 = $conn->query("SELECT header,text,common FROM news WHERE user_id={$id}");
while ($array = $result2->fetch_assoc()) {
$news[] = $array;
}
}
$res['status'] = 0;
$res['news'] = $news;
echo json_encode($res);
$file = R::load('attachment', $data->fileId);
if ($file->id) {
$filename = $file->name;
$before = $item->export();
unlink('uploads/' . $file->filename);
R::trash($file);
R::store($item);
logAction($actor->username . ' removed attachment ' . $filename . ' from item ' . $item->title, $before, $item, $itemId);
$jsonResponse->addAlert('success', $filename . ' was deleted.');
$jsonResponse->addBeans($item);
}
}
$app->response->setBody($jsonResponse->asJson());
})->conditions(['itemId' => '\\d+']);
// Remove an item.
$app->post('/items/remove', function () use($app, $jsonResponse) {
$data = json_decode($app->environment['slim.input']);
if (validateToken(true)) {
$item = R::load('item', $data->itemId);
if ($item->id) {
$before = $item->export();
R::trash($item);
renumberItems($item->lane_id, $item->position);
$actor = getUser();
logAction($actor->username . ' removed item ' . $item->title, $before, null, $data->itemId);
$jsonResponse->addAlert('success', $item->title . ' was deleted.');
$jsonResponse->addBeans(getBoards());
}
}
$app->response->setBody($jsonResponse->asJson());
});
