function myalerts_acp_manage_alert_types() { global $mybb, $lang, $page, $db, $cache; $alertTypeManager = MybbStuff_MyAlerts_AlertTypeManager::getInstance(); $alertTypes = $alertTypeManager->getAlertTypes(); if (strtolower($mybb->request_method) == 'post') { if (!verify_post_check($mybb->get_input('my_post_key'))) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=config-myalerts_alert_types"); } $enabledAlertTypes = $mybb->get_input('alert_types_enabled', MyBB::INPUT_ARRAY); $canBeUserDisabled = $mybb->get_input('alert_types_can_be_user_disabled', MyBB::INPUT_ARRAY); $enabledAlertTypes = array_map('intval', array_keys($enabledAlertTypes)); $canBeUserDisabled = array_map('intval', array_keys($canBeUserDisabled)); $updateArray = array(); foreach ($alertTypes as $alertType) { $type = MybbStuff_MyAlerts_Entity_AlertType::unserialize($alertType); $type->setEnabled(in_array($type->getId(), $enabledAlertTypes)); $type->setCanBeUserDisabled(in_array($type->getId(), $canBeUserDisabled)); $updateArray[] = $type; } $alertTypeManager->updateAlertTypes($updateArray); flash_message($lang->myalerts_alert_types_updated, 'success'); admin_redirect("index.php?module=config-myalerts_alert_types"); } else { $page->output_header($lang->myalerts_alert_types); $form = new Form('index.php?module=config-myalerts_alert_types', 'post'); $table = new Table(); $table->construct_header($lang->myalerts_alert_type_code); $table->construct_header($lang->myalerts_alert_type_enabled, array('width' => '5%', 'class' => 'align_center')); $table->construct_header($lang->myalerts_alert_type_can_be_user_disabled, array('width' => '10%', 'class' => 'align_center')); $noResults = false; if (!empty($alertTypes)) { foreach ($alertTypes as $type) { $alertCode = htmlspecialchars_uni($type['code']); $table->construct_cell($alertCode); $table->construct_cell($form->generate_check_box('alert_types_enabled[' . $type['id'] . ']', '', '', array('checked' => $type['enabled']))); $table->construct_cell($form->generate_check_box('alert_types_can_be_user_disabled[' . $type['id'] . ']', '', '', array('checked' => $type['can_be_user_disabled']))); $table->construct_row(); } } else { $table->construct_cell($lang->myalerts_no_alert_types, array('colspan' => 2)); $table->construct_row(); $noResults = true; } $table->output($lang->myalerts_alert_types); if (!$noResults) { $buttons[] = $form->generate_submit_button($lang->myalerts_update_alert_types); $form->output_submit_wrapper($buttons); } $form->end(); $page->output_footer(); } }
function myprofile_uninstall() { global $mybb; if ($mybb->request_method == 'post') { if (!verify_post_check($mybb->input['my_post_key'])) { global $lang; flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=config-plugins"); } if (isset($mybb->input['no'])) { admin_redirect('index.php?module=config-plugins'); } myprofile_bundles_propagate_call("uninstall"); $mybb->cache->delete("myprofile"); return true; } global $page; $page->output_confirm_action("index.php?module=config-plugins&action=deactivate&uninstall=1&plugin=myprofile"); }
function newpoints_editpost_xmlhttp() { global $db, $mybb, $thread, $lang, $charset; if (!$mybb->user['uid']) { return; } if ($mybb->settings['newpoints_main_enabled'] != 1) { return; } if ($mybb->settings['newpoints_income_perchar'] == 0) { return; } if ($mybb->input['action'] != "edit_post") { return; } elseif ($mybb->input['action'] == "edit_post" && $mybb->input['do'] != 'update_post') { return; } if ($mybb->input['editdraft']) { return; } // Verify POST request if (!verify_post_check($mybb->input['my_post_key'], true)) { xmlhttp_error($lang->invalid_post_code); } $post = get_post($mybb->input['pid']); $fid = intval($post['fid']); // check forum rules $forumrules = newpoints_getrules('forum', $fid); if (!$forumrules) { $forumrules['rate'] = 1; } // no rule set so default income rate is 1 // if the forum rate is 0, nothing is going to be added so let's just leave the function if ($forumrules['rate'] == 0) { return; } // check group rules - primary group check $grouprules = newpoints_getrules('group', $mybb->user['usergroup']); if (!$grouprules) { $grouprules['rate'] = 1; } // no rule set so default income rate is 1 // if the group rate is 0, nothing is going to be added so let's just leave the function if ($grouprules['rate'] == 0) { return; } // get old message $oldpost_wo_quotes = preg_replace("/\\[quote.*?\\](.*?)\\[\\/quote\\]((\\s)*(\\[\\/quote])*)*/is", '', $post['message']); $oldcharcount = my_strlen($oldpost_wo_quotes); $message = strval($_POST['value']); if (my_strtolower($charset) != "utf-8") { if (function_exists("iconv")) { $message = iconv($charset, "UTF-8//IGNORE", $message); } else { if (function_exists("mb_convert_encoding")) { $message = @mb_convert_encoding($message, $charset, "UTF-8"); } else { if (my_strtolower($charset) == "iso-8859-1") { $message = utf8_decode($message); } } } } $newpost_wo_quotes = preg_replace("/\\[quote.*?\\](.*?)\\[\\/quote\\]((\\s)*(\\[\\/quote])*)*/is", '', $message); $newcharcount = my_strlen($newpost_wo_quotes); // calculate points per character bonus // let's see if the number of characters in the post is greater than the minimum characters if ($newcharcount >= $mybb->settings['newpoints_income_minchar']) { // if we have more characters now if ($newcharcount > $oldcharcount) { // calculate bonus based on difference of characters // bonus will be positive as the new message is longer than the old one $bonus = ($newcharcount - $oldcharcount) * $mybb->settings['newpoints_income_perchar']; } elseif ($newcharcount < $oldcharcount) { // calculate bonus based on difference of characters // bonus will be positive as the new message is longer than the old one $bonus = ($newcharcount - $oldcharcount) * $mybb->settings['newpoints_income_perchar']; } elseif ($newcharcount == $oldcharcount) { $bonus = 0; } } else { // calculate bonus based on difference of characters // bonus will be negative as the new message is shorter than the minimum chars $bonus = ($newcharcount - $oldcharcount) * $mybb->settings['newpoints_income_perchar']; } // give points to the poster newpoints_addpoints($mybb->user['uid'], $bonus, $forumrules['rate'], $grouprules['rate'], false, true); }
$page->add_breadcrumb_item("CloudFlare Manager", "index.php?module=cloudflare"); $page->add_breadcrumb_item("Purge Cache", "index.php?module=cloudflare-purge_cache"); $page->output_header("CloudFlare Manager - Purge Cache"); function main_page() { $form = new Form('index.php?module=cloudflare-purge_cache&action=purge', 'post'); $form_container = new FormContainer('Purge Cache'); $form_container->output_row('Purge Entire Cache', 'Remove ALL files from CloudFlare\'s cache. This will include javascript, stylesheets and images. CloudFlare can take up to 3 hours to recache resources again<br /><b>Note: </b>This may have dramatic affects on your origin server load after performing this action.', $form->generate_yes_no_radio('purge_input', 0)); $form_container->output_row('Purge by URL', 'Granularly remove one or more files from CloudFlare\'s cache either by specifying the URL<br /><b>Note: </b><u>One</u> URL per line (max: 30)', $form->generate_text_area('urls')); $form_container->end(); $buttons[] = $form->generate_submit_button('Submit'); $form->output_submit_wrapper($buttons); $form->end(); } if ($mybb->input['action'] == "purge") { if (!verify_post_check($mybb->input['my_post_key'])) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=cloudflare-purge_cache"); } if ($mybb->input['purge_input'] == "1") { $request = $cloudflare->purge_cache(); if ($request->success) { $page->output_success('The entire cache has been purged'); } else { $page->output_error($request->errors[0]->message); } } elseif (!empty($mybb->input['urls'])) { $urls = explode("\n", $mybb->input['urls']); if (sizeof($urls) > 30) { $urls = array_splice($urls, 0, 30); }
eval("\$ignore_options = \"" . $templates->get("member_profile_addremove") . "\";"); // Add/Remove Ignore } if (isset($memperms['canbereported']) && $memperms['canbereported'] == 1) { $add_remove_options = array('url' => "javascript:Report.reportUser({$memprofile['uid']});", 'class' => 'report_user_button', 'lang' => $lang->report_user); eval("\$report_options = \"" . $templates->get("member_profile_addremove") . "\";"); // Report User } } $plugins->run_hooks("member_profile_end"); eval("\$profile = \"" . $templates->get("member_profile") . "\";"); output_page($profile); } if ($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post") { // Verify incoming POST request verify_post_check($mybb->get_input('my_post_key')); $plugins->run_hooks("member_do_emailuser_start"); // Guests or those without permission can't email other users if ($mybb->usergroup['cansendemail'] == 0) { error_no_permission(); } // Check group limits if ($mybb->usergroup['maxemails'] > 0) { if ($mybb->user['uid'] > 0) { $user_check = "fromuid='{$mybb->user['uid']}'"; } else { $user_check = "ipaddress=" . $db->escape_binary($session->packedip); } $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '" . (TIME_NOW - 60 * 60 * 24) . "'"); $sent_count = $db->fetch_field($query, "sent_count"); if ($sent_count >= $mybb->usergroup['maxemails']) {
static function show_archive() { global $db, $mybb, $templates, $lang, $theme, $footer, $headerinclude, $header, $charset; $lang->load('dvz_shoutbox'); header('Content-type: text/html; charset=' . $charset); add_breadcrumb($lang->dvz_sb_shoutbox, "index.php?action=shoutbox_archive"); // moderation panel if (self::access_mod()) { if (isset($mybb->input['banlist']) && verify_post_check($mybb->input['postkey'])) { self::banlist_update($mybb->input['banlist']); } if (isset($mybb->input['days']) && verify_post_check($mybb->input['postkey'])) { if ($mybb->input['days'] == 'all') { self::clear(); } else { $allowed = [2, 7, 30, 90]; if (in_array($mybb->input['days'], $allowed)) { self::clear($mybb->input['days']); } } } $blocked_users = htmlspecialchars_uni($mybb->settings['dvz_sb_blocked_users']); eval('$modoptions = "' . $templates->get("dvz_shoutbox_archive_modoptions") . '";'); } else { $modoptions = null; } // pagination $items = self::count(); $page = abs((int) $mybb->input['page']); $perPage = abs((int) $mybb->settings['dvz_sb_num_archive']); if ($perPage == 0) { $pages = 0; } else { $pages = ceil($items / $perPage); } if (!$page || $page < 1 || $page > $pages) { $page = 1; } $start = ($page - 1) * $perPage; if ($items > $perPage) { $multipage = multipage($items, $perPage, $page, 'index.php?action=shoutbox_archive'); } $data = self::get_multiple("ORDER by s.id DESC LIMIT {$start},{$perPage}"); $archive = null; while ($row = $db->fetch_array($data)) { $archive .= self::render_shout($row, true); } $javascript = ' <script> dvz_shoutbox.lang = [\'' . $lang->dvz_sb_delete_confirm . '\', \'' . str_replace('{ANTIFLOOD}', (double) $mybb->settings['dvz_sb_antiflood'], $lang->dvz_sb_antiflood) . '\', \'' . $lang->dvz_sb_permissions . '\']; </script>'; eval('$content = "' . $templates->get("dvz_shoutbox_archive") . '";'); output_page($content); exit; }
function cloudflare_moderation_start() { global $mybb, $db, $cache, $fid, $pid; if (!$mybb->settings['cloudflare_postbit_spam'] || $mybb->input['action'] != 'cloudflare_report_spam') { return; } if (!$mybb->input['pid']) { error($lang->error_invalidpost); } $pid = intval($mybb->input['pid']); if (!$mybb->input['fid']) { error($lang->error_invalidforum); } $fid = intval($mybb->input['fid']); if (!is_moderator($fid)) { error_no_permission(); } $query = $db->query("\n\t\tSELECT p.uid, p.username, u.email, p.message, p.ipaddress, p.tid\n\t\tFROM " . TABLE_PREFIX . "posts p\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=p.uid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "forums f ON (f.fid=p.fid)\n\t\tWHERE p.pid = '{$pid}'\n\t"); $post = $db->fetch_array($query); if (!$post) { error($lang->error_invalidpost); } if (!$mybb->input['my_post_key']) { error_no_permission(); } verify_post_check($mybb->input['my_post_key']); $spammer = get_user($post['uid']); $data = array("a" => $spammer['username'], "am" => $spammer['email'], "ip" => $post['ipaddress'], "con" => substr($post['message'], 0, 100)); $data = urlencode(json_encode($data)); cloudflare_report_spam($data); redirect(get_post_link($pid), "Spam successfully reported to CloudFlare. You may now ban the spammer."); }
public function xmlhttp_buddylist_page() { global $mybb; $object = new stdClass(); $object->error = false; $object->error_message = ""; if (!isset($mybb->input["my_post_key"], $mybb->input["memberuid"]) || !is_string($mybb->input["my_post_key"]) || !verify_post_check($mybb->input["my_post_key"], true) || !is_numeric($mybb->input["memberuid"])) { return; } $page = isset($mybb->input["page"]) && is_numeric($mybb->input["page"]) && $mybb->input["page"] >= 1 ? (int) $mybb->input["page"] : 1; $memberuid = (int) $mybb->input["memberuid"]; $memprofile = get_user($memberuid); if (empty($memprofile)) { return; } list($object->html, $object->count, $object->shown) = array_values($this->retrieve_buddylist_from_db($page, $memprofile)); MyProfileUtils::output_json($object); }
public function misc_comments_do_edit() { global $mybb, $lang; if (!isset($mybb->input["my_post_key"], $mybb->input["page"], $mybb->input["memberuid"]) || !is_string($mybb->input["my_post_key"]) || !is_numeric($mybb->input["page"]) || !is_numeric($mybb->input["memberuid"])) { return; } if (!verify_post_check($mybb->input["my_post_key"], true)) { return; } MyProfileUtils::lang_load_myprofile(); $this->redirect((int) $mybb->input["memberuid"], $lang->mp_comments_comment_edited_successfully, "&page={$mybb->input['page']}"); }
send_page_headers(); } // Do not use session system for defined pages if (@isset($mybb->input['action']) && @isset($nosession[$mybb->input['action']]) || @isset($mybb->input['thumbnail']) && $current_page == 'attachment.php') { define("NO_ONLINE", 1); } // Create session for this user require_once MYBB_ROOT . "inc/class_session.php"; $session = new session(); $session->init(); $mybb->session =& $session; $mybb->user['ismoderator'] = is_moderator("", "", $mybb->user['uid']); // Set our POST validation code here $mybb->post_code = generate_post_check(); // Set and load the language if (!empty($mybb->input['language']) && $lang->language_exists($mybb->input['language']) && verify_post_check($mybb->input['my_post_key'], true)) { $mybb->settings['bblanguage'] = $mybb->input['language']; // If user is logged in, update their language selection with the new one if ($mybb->user['uid']) { if ($mybb->cookies['mybblang']) { my_unsetcookie("mybblang"); } $db->update_query("users", array("language" => $db->escape_string($mybb->settings['bblanguage'])), "uid='{$mybb->user['uid']}'"); } else { my_setcookie("mybblang", $mybb->settings['bblanguage']); } $mybb->user['language'] = $mybb->settings['bblanguage']; } else { if (!$mybb->user['uid'] && !empty($mybb->cookies['mybblang']) && $lang->language_exists($mybb->cookies['mybblang'])) { $mybb->settings['bblanguage'] = $mybb->cookies['mybblang']; } else {
function run_importer() { global $mybb; if (!($type = $mybb->get_input('ougc_awards_import'))) { return; } switch ($type) { #case 'mybbcentral'; default: $tables = array('awards' => 'myawards', 'users' => 'myawards_users'); $keys = array('name' => 'awname', 'description' => 'awdescr', 'image' => 'awimg', 'original_id' => 'awid', 'uid' => 'awuid', 'reason' => 'awreason', 'TIME_NOW' => 'awutime'); $img_prefix = '{bburl}/uploads/awards/'; $lang_var = 'ougc_awards_import_confirm_mybbcentral'; break; } global $lang, $awards, $page; $awards->lang_load(); if ($mybb->request_method == 'post') { if (!verify_post_check($mybb->input['my_post_key'])) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=config-plugins"); } if (isset($mybb->input['no'])) { return true; } global $db; $query = $db->simple_select('ougc_awards', 'MAX(disporder) AS max_disporder'); $disporder = (int) $db->fetch_field($query, 'max_disporder'); $query = $db->simple_select($tables['awards']); while ($award = $db->fetch_array($query)) { $insert_award = array('name' => $award[$keys['name']], 'description' => $award[$keys['description']], 'image' => $img_prefix . $award[$keys['image']], 'disporder' => ++$disporder, 'pm' => ''); $awards->insert_award($insert_award); $insert_award['aid'] = $awards->aid; $insert_award[$keys['original_id']] = $award[$keys['original_id']]; $cache_awards[$award[$keys['original_id']]] = $insert_award; } $mybb->settings['ougc_awards_sendpm'] = $mybb->settings['enablepms'] = false; $query = $db->simple_select($tables['users']); while ($award = $db->fetch_array($query)) { $insert_award = array('aid' => $cache_awards[$award[$keys['original_id']]]['aid'], 'uid' => $award[$keys['uid']], 'reason' => $award[$keys['reason']], 'TIME_NOW' => $award[$keys['TIME_NOW']]); $awards->give_award($insert_award, array('uid' => $insert_award['uid']), $insert_award['reason']); } flash_message($lang->ougc_awards_import_end, 'success'); admin_redirect('index.php?module=config-plugins'); } $page->output_confirm_action("index.php?module=config-plugins&ougc_awards_import={$type}", $lang->{$lang_var}, $lang->ougc_awards_import_title); }
/** * Delete ban */ function shoutboxUnban() { global $mybb, $db, $lang; if (isset($mybb->input['id']) && isset($mybb->input['token'])) { $lang->load('dvz_reports'); verify_post_check($mybb->input['token']); $id = $db->escape_string($mybb->input['id']); $data = $db->write_query("select " . TABLE_PREFIX . "dvz_reports_banned.uid, " . TABLE_PREFIX . "dvz_reports_banned.id, " . TABLE_PREFIX . "users.username\r\n from " . TABLE_PREFIX . "dvz_reports_banned\r\n JOIN " . TABLE_PREFIX . "users ON " . TABLE_PREFIX . "dvz_reports_banned.uid = " . TABLE_PREFIX . "users.uid\r\n WHERE " . TABLE_PREFIX . "dvz_reports_banned.id = '{$id}';"); //Validate ban existance if ($data->num_rows === 0) { redirect('modcp.php?action=shoutbox_banned'); die; } $data = $data->fetch_assoc(); //Delete ban and log action $db->delete_query('dvz_reports_banned', 'id=' . $id); //Log action $logdata = array('uid' => htmlspecialchars_uni($data['uid']), 'username' => htmlspecialchars_uni($data['username'])); log_moderator_action($logdata, $lang->unban_user); redirect('modcp.php?action=shoutbox_banned'); die; } //Redirect redirect('modcp.php?action=shoutbox_banned'); die; }
function automedia_admin() { global $db, $lang, $mybb, $page, $cache, $run_module, $action_file; if (!isset($lang->automedia_modules)) { $lang->load("automedia"); } if ($page->active_action != 'automedia') { return false; } if ($run_module == 'tools' && $action_file == 'automedia') { $page->add_breadcrumb_item($lang->automedia, 'index.php?module=tools-automedia'); // Show site modules if ($mybb->input['action'] == "" || !$mybb->input['action']) { $page->add_breadcrumb_item($lang->automedia_modules); $page->output_header($lang->automedia_modules . ' - ' . $lang->automedia_modules); $sub_tabs['automedia'] = array('title' => $lang->automedia_modules, 'link' => 'index.php?module=tools-automedia', 'description' => $lang->automedia_modules_description1); if ($mybb->settings['av_adultsites'] == 1) { $sub_tabs['special'] = array('title' => $lang->automedia_adult, 'link' => 'index.php?module=tools-automedia&action=adult', 'description' => $lang->automedia_adult_description1); } $page->output_nav_tabs($sub_tabs, 'automedia'); $aotable = new Table(); $aotable->construct_header('#'); $aotable->construct_header($lang->automedia_oembed_desc); if (isset($mybb->settings['av_embera']) && $mybb->settings['av_embera'] == 1) { $aotable->construct_cell('<img src="styles/default/images/icons/success.png" width="16px" height="16px" alt="OK" />'); $aotable->construct_cell($lang->automedia_modules_embera); $aotable->construct_row(); } if (isset($mybb->settings['av_embedly']) && $mybb->settings['av_embedly'] == 1 && !empty($mybb->settings['av_embedly_key']) && $mybb->settings['av_embedly_key'] != "") { $aotable->construct_cell('<img src="styles/default/images/icons/success.png" width="16px" height="16px" alt="' . $lang->automedia_modules_success . '" />'); $aotable->construct_cell($lang->automedia_modules_embedly); $aotable->construct_row(); } $aotable->output($lang->automedia_oembed); $amtable = new Table(); $amtable->construct_header('#'); $amtable->construct_header($lang->automedia_modules_description2); $amtable->construct_header('<div style="text-align: center;">' . $lang->automedia_modules_status . '</div>'); $amtable->construct_header('<div style="text-align: center;">' . $lang->automedia_modules_options . ':</div>'); $folder = MYBB_ROOT . "inc/plugins/automedia/mediasites/"; if (is_dir($folder)) { $mediafiles = scandir($folder); $mediatitles = str_replace(".php", "", $mediafiles); $query = $db->simple_select('automedia', 'name', "class='site'"); // Find missing files for active modules while ($missing = $db->fetch_array($query)) { if (!in_array($missing['name'], $mediatitles)) { $missingfile = ucfirst(htmlspecialchars_uni($missing['name'])); $amtable->construct_cell('<strong>!</strong>'); $amtable->construct_cell('<strong>' . $missingfile . '</strong> (<a href="' . $sub_tabs['automedia']['link'] . '&action=deactivate&site=' . urlencode($missing['name']) . '&my_post_key=' . $mybb->post_code . '"><strong>' . $lang->automedia_modules_deactivate . '</strong></a>)'); $amtable->construct_cell($lang->automedia_modules_notfound . ' ' . $folder . '' . htmlspecialchars_uni($missing['name']) . '.php', array('colspan' => '2')); $amtable->construct_row(); } } $i = 1; foreach ($mediafiles as $sites) { // Fetch all files in the folder $siteinfo = pathinfo($folder . "/" . $sites); if ($sites != "." && $sites != "..") { $filetype = "php"; // We need only php files if ($siteinfo['extension'] == $filetype) { $site = str_replace(".php", "", $sites); $media = ucfirst(htmlspecialchars_uni($site)); $check = file_get_contents($folder . $siteinfo['basename']); if (preg_match('"function automedia_"isU', $check)) { $amtable->construct_cell($i); $amtable->construct_cell('<a href="' . $sub_tabs['automedia']['link'] . '&action=showsite&site=' . urlencode($site) . '&my_post_key=' . $mybb->post_code . '"><strong>' . $media . '</strong></a>'); $query2 = $db->simple_select('automedia', '*', "name='" . htmlspecialchars_uni($site) . "'"); $active = $db->fetch_array($query2); if ($active && $active['class'] == "site") { $amtable->construct_cell('<div style="text-align: center;"><img src="' . $mybb->asset_url . '/images/mod-on.png" width="32" height="32" alt="' . $lang->automedia_modules_success . '" />'); $amtable->construct_cell('<div style="text-align: center;"><a href="' . $sub_tabs['automedia']['link'] . '&action=deactivate&site=' . urlencode($site) . '&my_post_key=' . $mybb->post_code . '"><strong>' . $lang->automedia_modules_deactivate . '</strong></a></div>'); } else { $amtable->construct_cell('<div style="text-align: center;"><img src="' . $mybb->asset_url . '/images/mod-off.png" width="32" height="32" alt="' . $lang->automedia_modules_fail . '" />'); $amtable->construct_cell('<div style="text-align: center;"><a href="' . $sub_tabs['automedia']['link'] . '&action=activate&site=' . urlencode($site) . '&my_post_key=' . $mybb->post_code . '"><strong>' . $lang->automedia_modules_activate . '</strong></a></div>'); } $amtable->construct_row(); $i++; } } } } if ($amtable->num_rows() == 0) { $amtable->construct_cell($lang->automedia_modules, array('colspan' => '4')); $amtable->construct_row(); } } else { $amtable->construct_cell($lang->automedia_modules_missing_sitesfolder, array('colspan' => '4')); $amtable->construct_row(); } $amtable->output($lang->automedia_modules); echo '<div style="text-align: center;"> <a href="' . $sub_tabs['automedia']['link'] . '&action=activateallsites&my_post_key=' . $mybb->post_code . '"><span style="border: 3px double #0F5C8E; padding: 3px; background: #fff url(images/submit_bg.png) repeat-x top; color: #0F5C8E; margin-right: 3px;">' . $lang->automedia_modules_activateall . '</span></a> </div>'; $page->output_footer(); } // Show special modules if ($mybb->input['action'] == "adult" && $mybb->settings['av_adultsites'] == 1) { $page->add_breadcrumb_item($lang->automedia_adult); $page->output_header($lang->automedia_modules . ' - ' . $lang->automedia_adult); $sub_tabs['automedia'] = array('title' => $lang->automedia_modules, 'link' => 'index.php?module=tools-automedia', 'description' => $lang->automedia_modules); if ($mybb->settings['av_adultsites'] == 1) { $sub_tabs['special'] = array('title' => $lang->automedia_adult, 'link' => 'index.php?module=tools-automedia&action=adult', 'description' => $lang->automedia_adult_description1); } $page->output_nav_tabs($sub_tabs, 'special'); $amtable = new Table(); $amtable->construct_header('#'); $amtable->construct_header($lang->automedia_modules_description2); $amtable->construct_header('<div style="text-align: center;">' . $lang->automedia_modules_status . '</div>'); $amtable->construct_header('<div style="text-align: center;">' . $lang->automedia_modules_options . ':</div>'); $folder = MYBB_ROOT . "inc/plugins/automedia/special/"; if (is_dir($folder)) { $mediafiles = scandir($folder); $mediatitles = str_replace(".php", "", $mediafiles); $query = $db->simple_select('automedia', 'name', "class='special'"); // Find missing files for active modules while ($missing = $db->fetch_array($query)) { if (!in_array($missing['name'], $mediatitles)) { $missingfile = ucfirst(htmlspecialchars_uni($missing['name'])); $amtable->construct_cell('<strong>!</strong>'); $amtable->construct_cell('<strong>' . $missingfile . '</strong> (<a href="' . $sub_tabs['automedia']['link'] . '&action=adultdeactivate&site=' . urlencode($missing['name']) . '&my_post_key=' . $mybb->post_code . '"><strong>' . $lang->automedia_modules_deactivate . '</strong></a>)'); $amtable->construct_cell($lang->automedia_modules_notfound . ' ' . $folder . '' . htmlspecialchars_uni($missing['name']) . '.php', array('colspan' => '2')); $amtable->construct_row(); } } $i = 1; foreach ($mediafiles as $sites) { // Fetch all files in the folder $siteinfo = pathinfo($folder . "/" . $sites); if ($sites != "." && $sites != "..") { $filetype = "php"; // We need only php files if ($siteinfo['extension'] == $filetype) { $site = str_replace(".php", "", $sites); $media = ucfirst(htmlspecialchars_uni($site)); $check = file_get_contents($folder . $siteinfo['basename']); if (preg_match('"function automedia_"isU', $check)) { $amtable->construct_cell($i); $amtable->construct_cell('<a href="' . $sub_tabs['automedia']['link'] . '&action=showspecial&site=' . urlencode($site) . '&my_post_key=' . $mybb->post_code . '"><strong>' . $media . '</strong></a>'); $query = $db->simple_select('automedia', '*', "name='" . htmlspecialchars_uni($site) . "'"); $active = $db->fetch_array($query); if ($active && $active['class'] == "special") { $amtable->construct_cell('<div style="text-align: center;"><img src="' . $mybb->asset_url . '/images/mod-on.png" width="32" height="32" alt="' . $lang->automedia_modules_success . '" />'); $amtable->construct_cell('<div style="text-align: center;"><a href="' . $sub_tabs['automedia']['link'] . '&action=adultdeactivate&site=' . urlencode($site) . '&my_post_key=' . $mybb->post_code . '"><strong>' . $lang->automedia_modules_deactivate . '</strong></a></div>'); } else { $amtable->construct_cell('<div style="text-align: center;"><img src="' . $mybb->asset_url . '/images/mod-off.png" width="32" height="32" alt="' . $lang->automedia_modules_fail . '" />'); $amtable->construct_cell('<div style="text-align: center;"><a href="' . $sub_tabs['automedia']['link'] . '&action=adultactivate&site=' . urlencode($site) . '&my_post_key=' . $mybb->post_code . '"><strong>' . $lang->automedia_modules_activate . '</strong></a></div>'); } $amtable->construct_row(); $i++; } } } } if ($amtable->num_rows() == 0) { $amtable->construct_cell($lang->automedia_adult, array('colspan' => '4')); $amtable->construct_row(); } } else { $amtable->construct_cell($lang->automedia_modules_missing_specialfolder, array('colspan' => '4')); $amtable->construct_row(); } $amtable->output($lang->automedia_modules); echo '<div style="text-align: center;"> <a href="' . $sub_tabs['automedia']['link'] . '&action=activateallspecial&my_post_key=' . $mybb->post_code . '"><span style="border: 3px double #0F5C8E; padding: 3px; background: #fff url(images/submit_bg.png) repeat-x top; color: #0F5C8E; margin-right: 3px;">' . $lang->automedia_modules_activateall . '</span></a> </div>'; $page->output_footer(); } // Activate site module if ($mybb->input['action'] == 'activate') { if (!verify_post_check($mybb->input['my_post_key'])) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=tools-automedia"); } else { $site = htmlspecialchars_uni($mybb->input['site']); $query_act1 = $db->simple_select('automedia', '*', "name='" . $site . "'"); $active1 = $db->fetch_array($query_act1); if (!$active1) { $automedia_site = array("name" => $site, "class" => "site"); $db->insert_query("automedia", $automedia_site); automedia_cache(); $mybb->input['module'] = $lang->av_plugin_title; $mybb->input['action'] = $lang->automedia_modules_active . " "; log_admin_action(ucfirst($site)); flash_message($lang->automedia_modules_active, 'success'); admin_redirect("index.php?module=tools-automedia"); } else { flash_message($lang->automedia_modules_notfound, 'error'); } } exit; } // Activate special module if ($mybb->input['action'] == 'adultactivate') { if (!verify_post_check($mybb->input['my_post_key'])) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=tools-automedia&action=adult"); } else { $site = htmlspecialchars_uni($mybb->input['site']); $query_act2 = $db->simple_select('automedia', '*', "name='" . $site . "'"); $active2 = $db->fetch_array($query_act2); if (!$active2) { $automedia_special = array("name" => $site, "class" => "special"); $db->insert_query("automedia", $automedia_special); automedia_cache(); $mybb->input['module'] = $lang->av_plugin_title; $mybb->input['action'] = $lang->automedia_modules_active . " "; log_admin_action(ucfirst($site)); flash_message($lang->automedia_modules_active, 'success'); admin_redirect("index.php?module=tools-automedia&action=adult"); } else { flash_message($lang->automedia_modules_notfound, 'error'); } } exit; } // Deactivate site module if ($mybb->input['action'] == 'deactivate') { if (!verify_post_check($mybb->input['my_post_key'])) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=tools-automedia"); } else { $site = htmlspecialchars_uni($mybb->input['site']); $query_del1 = $db->simple_select('automedia', '*', "name='" . $site . "'"); $delete1 = $db->fetch_array($query_del1); if ($delete1['name'] == $site) { $db->delete_query('automedia', "name='{$site}'"); automedia_cache(); $mybb->input['module'] = $lang->av_plugin_title; $mybb->input['action'] = $lang->automedia_modules_deleted . " "; log_admin_action(ucfirst($site)); flash_message($lang->automedia_modules_deleted, 'success'); admin_redirect("index.php?module=tools-automedia"); } else { flash_message($lang->automedia_modules_notfound, 'error'); } } exit; } // Deactivate special module if ($mybb->input['action'] == 'adultdeactivate') { if (!verify_post_check($mybb->input['my_post_key'])) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=tools-automedia&action=adult"); } else { $site = htmlspecialchars_uni($mybb->input['site']); $query_del2 = $db->simple_select('automedia', '*', "name='" . $site . "'"); $delete2 = $db->fetch_array($query_del2); if ($delete2['name'] == $site) { $db->delete_query('automedia', "name='{$site}'"); automedia_cache(); $mybb->input['module'] = $lang->av_plugin_title; $mybb->input['action'] = $lang->automedia_modules_deleted . " "; log_admin_action(ucfirst($site)); flash_message($lang->automedia_modules_deleted, 'success'); admin_redirect("index.php?module=tools-automedia&action=adult"); } else { flash_message($lang->automedia_modules_notfound, 'error'); } } exit; } // Activate all site modules if ($mybb->input['action'] == 'activateallsites') { if (!verify_post_check($mybb->input['my_post_key'])) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=tools-automedia"); } else { $folder1 = MYBB_ROOT . "inc/plugins/automedia/mediasites/"; if (is_dir($folder1)) { $mediafiles1 = scandir($folder1); foreach ($mediafiles1 as $sites1) { // Fetch all files in the folder $siteinfo1 = pathinfo($folder1 . "/" . $sites1); if ($sites1 != "." && $sites1 != "..") { $filetype1 = "php"; // We need only php files if ($siteinfo1['extension'] == $filetype1) { $media1 = str_replace(".php", "", $sites1); $check1 = file_get_contents($folder1 . $siteinfo1['basename']); if (preg_match('"function automedia_"isU', $check1)) { $query_ex = $db->simple_select('automedia', 'name', "name='" . htmlspecialchars_uni($media1) . "'"); $modactive = $db->fetch_array($query_ex); if (!$modactive) { // activate site $automedia_site1 = array("name" => htmlspecialchars_uni($media1), "class" => "site"); $db->insert_query("automedia", $automedia_site1); } } } } } automedia_cache(); } } admin_redirect("index.php?module=tools-automedia"); exit; } // Activate all special modules if ($mybb->input['action'] == 'activateallspecial') { if (!verify_post_check($mybb->input['my_post_key'])) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=tools-automedia"); } else { $folder2 = MYBB_ROOT . "inc/plugins/automedia/special/"; if (is_dir($folder2)) { $mediafiles2 = scandir($folder2); foreach ($mediafiles2 as $sites2) { // Fetch all files in the folder $siteinfo2 = pathinfo($folder2 . "/" . $sites2); if ($sites2 != "." && $sites2 != "..") { $filetype2 = "php"; // We need only php files if ($siteinfo2['extension'] == $filetype2) { $media2 = str_replace(".php", "", $sites2); $check2 = file_get_contents($folder2 . $siteinfo2['basename']); if (preg_match('"function automedia_"isU', $check2)) { $query_ex2 = $db->simple_select('automedia', 'name', "name='" . htmlspecialchars_uni($media2) . "'"); $modactive2 = $db->fetch_array($query_ex2); if (!$modactive2) { // add site $automedia_site2 = array("name" => htmlspecialchars_uni($media2), "class" => "special"); $db->insert_query("automedia", $automedia_site2); } } } } } automedia_cache(); } } admin_redirect("index.php?module=tools-automedia&action=adult"); exit; } // Show site module code if ($mybb->input['action'] == 'showsite') { if (!verify_post_check($mybb->input['my_post_key'])) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=tools-automedia"); } else { $site = htmlspecialchars_uni($mybb->input['site']); $page->add_breadcrumb_item($lang->automedia_modules_embedcode); $page->output_header($lang->automedia_modules_showcode); $sub_tabs['automedia'] = array('title' => $lang->automedia_modules, 'link' => 'index.php?module=tools-automedia', 'description' => $lang->automedia_modules); if ($mybb->settings['av_adultsites'] == 1) { $sub_tabs['special'] = array('title' => $lang->automedia_adult, 'link' => 'index.php?module=tools-automedia&action=adult', 'description' => $lang->automedia_adult_description1); } $sub_tabs['embedcode'] = array('title' => $lang->automedia_modules_embedcode, 'link' => 'index.php?module=tools-automedia&action=showsite&site=' . urlencode($site) . '&my_post_key=' . $mybb->post_code . '', 'description' => $lang->automedia_modules_viewcode); $page->output_nav_tabs($sub_tabs, 'embedcode'); $amtable = new Table(); $amtable->construct_header(ucfirst($site) . ' ' . $lang->automedia_modules_embedcode . ':'); $codefile = MYBB_ROOT . "inc/plugins/automedia/mediasites/" . $site . ".php"; if (is_file($codefile)) { $embedcode = file_get_contents($codefile); $showcode = @highlight_string($embedcode, true); $amtable->construct_cell($showcode); } $amtable->construct_row(); $amtable->output($lang->automedia_modules_showcode); $page->output_footer(); } exit; } // Show special module code if ($mybb->input['action'] == 'showspecial') { if (!verify_post_check($mybb->input['my_post_key'])) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=tools-automedia"); } else { $site = htmlspecialchars_uni($mybb->input['site']); $page->add_breadcrumb_item($lang->automedia_modules_embedcode); $page->output_header($lang->automedia_modules_showcode); $sub_tabs['automedia'] = array('title' => $lang->automedia_modules, 'link' => 'index.php?module=tools-automedia', 'description' => $lang->automedia_modules); if ($mybb->settings['av_adultsites'] == 1) { $sub_tabs['special'] = array('title' => $lang->automedia_adult, 'link' => 'index.php?module=tools-automedia&action=adult', 'description' => $lang->automedia_adult_description1); } $sub_tabs['embedcode'] = array('title' => $lang->automedia_modules_embedcode, 'link' => 'index.php?module=tools-automedia&action=showspecial&site=' . urlencode($site) . '&my_post_key=' . $mybb->post_code . '', 'description' => $lang->automedia_modules_viewcode); $page->output_nav_tabs($sub_tabs, 'embedcode'); $amtable = new Table(); $amtable->construct_header(ucfirst($site) . ' ' . $lang->automedia_modules_embedcode . ':'); $codefile = MYBB_ROOT . "inc/plugins/automedia/special/" . $site . ".php"; if (is_file($codefile)) { $embedcode = file_get_contents($codefile); $showcode = @highlight_string($embedcode, true); $amtable->construct_cell($showcode); } $amtable->construct_row(); $amtable->output($lang->automedia_modules_showcode); $page->output_footer(); } exit; } // Reapply template edits if ($mybb->input['action'] == "templateedits") { if (!verify_post_check($mybb->input['my_post_key'])) { flash_message($lang->invalid_post_verify_key2, 'error'); admin_redirect("index.php?module=config-plugins"); } else { automedia_reapply_template_edits(); admin_redirect("index.php?module=config-plugins"); } exit; } } }
function myalerts_xmlhttp() { global $mybb, $lang, $templates, $db; if (!isset($lang->myalerts)) { $lang->load('myalerts'); } myalerts_create_instances(); if ($mybb->get_input('action') == 'getNewAlerts') { header('Content-Type: application/json'); $newAlerts = MybbStuff_MyAlerts_AlertManager::getInstance()->getAlerts(0, $mybb->settings['myalerts_dropdown_limit']); $alertsListing = ''; $alertsToReturn = array(); if (is_array($newAlerts) && !empty($newAlerts)) { $toMarkRead = array(); foreach ($newAlerts as $alertObject) { $altbg = alt_trow(); $alert = parse_alert($alertObject); $alertsToReturn[] = $alert; if (isset($mybb->input['from']) && $mybb->input['from'] == 'header') { if ($alert['message']) { $alertsListing .= eval($templates->render('myalerts_alert_row_popup', true, false)); } } else { if ($alert['message']) { $alertsListing .= eval($templates->render('myalerts_alert_row', true, false)); } } $toMarkRead[] = $alertObject->getId(); } MybbStuff_MyAlerts_AlertManager::getInstance()->markRead($toMarkRead); } else { $from = $mybb->get_input('from', MyBB::INPUT_STRING); $altbg = alt_trow(); if (!empty($from) && $from == 'header') { $alertsListing = eval($templates->render('myalerts_alert_row_popup_no_alerts', true, false)); } else { $alertsListing = eval($templates->render('myalerts_alert_row_no_alerts', true, false)); } } echo json_encode(array('alerts' => $alertsToReturn, 'template' => $alertsListing)); } if ($mybb->get_input('action') == 'myalerts_delete') { header('Content-Type: application/json'); $id = $mybb->get_input('id', MyBB::INPUT_INT); $userId = (int) $mybb->user['uid']; $toReturn = array(); if ($id > 0) { if (!verify_post_check($mybb->get_input('my_post_key'), true)) { $toReturn = array('errors' => array($lang->invalid_post_code)); } else { $db->delete_query('alerts', "id = {$id} AND uid = {$userId}"); $newAlerts = MybbStuff_MyAlerts_AlertManager::getInstance()->getUnreadAlerts(); $alertsListing = ''; $alertsToReturn = array(); if (is_array($newAlerts) && !empty($newAlerts)) { $toMarkRead = array(); foreach ($newAlerts as $alertObject) { $altbg = alt_trow(); $alert = parse_alert($alertObject); $alertsToReturn[] = $alert; if (isset($mybb->input['from']) && $mybb->input['from'] == 'header') { if ($alert['message']) { $alertsListing .= eval($templates->render('myalerts_alert_row_popup', true, false)); } } else { if ($alert['message']) { $alertsListing .= eval($templates->render('myalerts_alert_row', true, false)); } } $toMarkRead[] = $alertObject->getId(); } MybbStuff_MyAlerts_AlertManager::getInstance()->markRead($toMarkRead); } else { $from = $mybb->get_input('from', MyBB::INPUT_STRING); $altbg = alt_trow(); if (!empty($from) && $from == 'header') { $alertsListing = eval($templates->render('myalerts_alert_row_popup_no_alerts', true, false)); } else { $alertsListing = eval($templates->render('myalerts_alert_row_no_alerts', true, false)); } } $toReturn = array('success' => true, 'template' => $alertsListing); } } else { $toReturn = array('errors' => array($lang->myalerts_error_alert_not_found)); } echo json_encode($toReturn); } if ($mybb->input['action'] == 'getNumUnreadAlerts') { echo MybbStuff_MyAlerts_AlertManager::getInstance()->getNumUnreadAlerts(); } }
function announcement_global() { global $announcement, $mybb, $db; $announcement = announcement_create(true); if ($mybb->input['action'] == "ann_dismiss") { if (!$mybb->input['id'] || $mybb->user['uid'] == 0) { exit; } $query = $db->simple_select("announcement", "removable, removedfrom", "ID=" . (int) $mybb->input['id']); $ann = $db->fetch_array($query); if (!$ann['removable']) { exit; } $removedUser = @unserialize($ann['removedfrom']); if ($removedUser && in_array($mybb->user['uid'], $removedUser)) { exit; } verify_post_check($mybb->input['my_post_key']); $removedUser[] = $mybb->user['uid']; $updated_user = array("removedfrom" => $db->escape_string(serialize($removedUser))); $db->update_query("announcement", $updated_user, "ID=" . (int) $mybb->input['id']); if ($mybb->input['ajax']) { echo 1; exit; } else { header("Location: index.php"); exit; } } }
function replyban_run() { global $db, $mybb, $lang, $templates, $theme, $headerinclude, $header, $footer, $replyban, $moderation; $lang->load("replyban"); if ($mybb->input['action'] != "replyban" && $mybb->input['action'] != "do_replyban" && $mybb->input['action'] != "liftreplyban") { return; } if ($mybb->input['action'] == "replyban") { $tid = $mybb->get_input('tid', MyBB::INPUT_INT); $thread = get_thread($tid); if (!is_moderator($thread['fid'], "canmanagethreads")) { error_no_permission(); } if (!$thread['tid']) { error($lang->error_invalidthread); } $thread['subject'] = htmlspecialchars_uni($thread['subject']); $lang->reply_bans_for = $lang->sprintf($lang->reply_bans_for, $thread['subject']); check_forum_password($thread['fid']); build_forum_breadcrumb($thread['fid']); add_breadcrumb($thread['subject'], get_thread_link($thread['tid'])); add_breadcrumb($lang->reply_bans); $query = $db->query("\r\n\t\t\tSELECT r.*, u.username\r\n\t\t\tFROM " . TABLE_PREFIX . "replybans r\r\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (r.uid=u.uid)\r\n\t\t\tWHERE r.tid='{$thread['tid']}'\r\n\t\t\tORDER BY r.dateline DESC\r\n\t\t"); while ($ban = $db->fetch_array($query)) { $ban['reason'] = htmlspecialchars_uni($ban['reason']); $ban['username'] = build_profile_link($ban['username'], $ban['uid']); if ($ban['lifted'] == 0) { $ban['lifted'] = $lang->permanent; } else { $ban['lifted'] = my_date('relative', $ban['lifted'], '', 2); } $alt_bg = alt_trow(); eval("\$ban_bit .= \"" . $templates->get("moderation_replyban_bit") . "\";"); } if (!$ban_bit) { eval("\$ban_bit = \"" . $templates->get("moderation_replyban_no_bans") . "\";"); } // Generate the banned times dropdown $liftlist = ''; $bantimes = fetch_ban_times(); foreach ($bantimes as $time => $title) { $selected = ''; if (isset($banned['bantime']) && $banned['bantime'] == $time) { $selected = " selected=\"selected\""; } $thattime = ''; if ($time != '---') { $dateline = TIME_NOW; if (isset($banned['dateline'])) { $dateline = $banned['dateline']; } $thatime = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time, $dateline)); $thattime = " ({$thatime})"; } eval("\$liftlist .= \"" . $templates->get("moderation_replyban_liftlist") . "\";"); } eval("\$replyban = \"" . $templates->get("moderation_replyban") . "\";"); output_page($replyban); } if ($mybb->input['action'] == "do_replyban" && $mybb->request_method == "post") { // Verify incoming POST request verify_post_check($mybb->get_input('my_post_key')); $tid = $mybb->get_input('tid', MyBB::INPUT_INT); $thread = get_thread($tid); if (!is_moderator($thread['fid'], "canmanagethreads")) { error_no_permission(); } if (!$thread['tid']) { error($lang->error_invalidthread); } $user = get_user_by_username($mybb->input['username'], array('fields' => array('username'))); if (!$user['uid']) { error($lang->error_invaliduser); } $mybb->input['reason'] = $mybb->get_input('reason'); if (!trim($mybb->input['reason'])) { error($lang->error_missing_reason); } $query = $db->simple_select('replybans', 'rid', "uid='{$user['uid']}' AND tid='{$thread['tid']}'"); $existingban = $db->fetch_field($query, 'rid'); if ($existingban > 0) { error($lang->error_alreadybanned); } if ($mybb->get_input('liftban') == '---') { $lifted = 0; } else { $lifted = ban_date2timestamp($mybb->get_input('liftban'), 0); } $reason = my_substr($mybb->input['reason'], 0, 240); $insert_array = array('uid' => $user['uid'], 'tid' => $thread['tid'], 'dateline' => TIME_NOW, 'reason' => $db->escape_string($reason), 'lifted' => $db->escape_string($lifted)); $db->insert_query('replybans', $insert_array); log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned); moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_user_banned_replying); } if ($mybb->input['action'] == "liftreplyban") { // Verify incoming POST request verify_post_check($mybb->get_input('my_post_key')); $rid = $mybb->get_input('rid', MyBB::INPUT_INT); $query = $db->simple_select("replybans", "*", "rid='{$rid}'"); $ban = $db->fetch_array($query); if (!$ban['rid']) { error($lang->error_invalidreplyban); } $thread = get_thread($ban['tid']); $user = get_user($ban['uid']); if (!$thread['tid']) { error($lang->error_invalidthread); } if (!is_moderator($thread['fid'], "canmanagethreads")) { error_no_permission(); } $db->delete_query("replybans", "rid='{$ban['rid']}'"); log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned_lifted); moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_reply_ban_lifted); } exit; }
} // Load language $lang->set_language($mybb->settings['bblanguage']); $lang->load('global'); $lang->load('messages'); // Run global_start plugin hook now that the basics are set up $plugins->run_hooks('global_start'); if (function_exists('mb_internal_encoding') && !empty($lang->settings['charset'])) { @mb_internal_encoding($lang->settings['charset']); } // Select the board theme to use. $loadstyle = ''; $load_from_forum = $load_from_user = 0; $style = array(); // The user used our new quick theme changer if (isset($mybb->input['theme']) && verify_post_check($mybb->get_input('my_post_key'), true)) { // Set up user handler. require_once MYBB_ROOT . 'inc/datahandlers/user.php'; $userhandler = new UserDataHandler('update'); $user = array('uid' => $mybb->user['uid'], 'style' => $mybb->get_input('theme', MyBB::INPUT_INT), 'usergroup' => $mybb->user['usergroup'], 'additionalgroups' => $mybb->user['additionalgroups']); $userhandler->set_data($user); // validate_user verifies the style if it is set in the data array. if ($userhandler->validate_user()) { $mybb->user['style'] = $user['style']; // If user is logged in, update their theme selection with the new one if ($mybb->user['uid']) { if (isset($mybb->cookies['mybbtheme'])) { my_unsetcookie('mybbtheme'); } $userhandler->update_user(); } else {
$expcolimage = "collapse.gif"; } } eval("\$sections .= \"" . $templates->get("misc_help_section") . "\";"); } } $plugins->run_hooks("misc_help_section_end"); eval("\$help = \"" . $templates->get("misc_help") . "\";"); output_page($help); } } elseif ($mybb->input['action'] == "buddypopup") { $plugins->run_hooks("misc_buddypopup_start"); if ($mybb->user['uid'] == 0) { error_no_permission(); } if ($mybb->input['removebuddy'] && verify_post_check($mybb->input['my_post_key'])) { $buddies = $mybb->user['buddylist']; $namesarray = explode(",", $buddies); if (is_array($namesarray)) { foreach ($namesarray as $key => $buddyid) { if ($buddyid == $mybb->input['removebuddy']) { unset($namesarray[$key]); } } $buddylist = implode(',', $namesarray); $db->update_query("users", array('buddylist' => $buddylist), "uid='" . $mybb->user['uid'] . "'"); $mybb->user['buddylist'] = $buddylist; } } // Load Buddies if ($mybb->user['buddylist'] != "") {
function mytwconnect_usercp() { global $mybb, $lang, $inlinesuccess; // Load API in certain areas if (in_array($mybb->input['action'], array('twlink', 'do_twlink')) or $_SESSION['twlogin'] or $mybb->input['action'] == 'mytwconnect' and $mybb->request_method == 'post') { require_once MYBB_ROOT . "inc/plugins/MyTwitterConnect/class_twitter.php"; $TwitterConnect = new MyTwitter(); } $settingsToCheck = array('twavatar', 'twbio', 'twlocation'); if (!$lang->mytwconnect) { $lang->load('mytwconnect'); } // Authenticate if ($mybb->input['action'] == 'twlink') { $TwitterConnect->set_fallback('usercp.php?action=do_twlink'); $TwitterConnect->authenticate(); } // Link account to his Twitter's one if ($mybb->input['action'] == 'do_twlink') { $TwitterConnect->obtain_tokens(); $user = $TwitterConnect->get_user(); if ($user) { $TwitterConnect->link_user('', $user['id']); } else { error($lang->mytwconnect_error_noauth); } $TwitterConnect->redirect('usercp.php?action=mytwconnect', '', $lang->mytwconnect_success_linked); } // Settings page if ($mybb->input['action'] == 'mytwconnect') { global $db, $lang, $theme, $templates, $headerinclude, $header, $footer, $plugins, $usercpnav; add_breadcrumb($lang->nav_usercp, 'usercp.php'); add_breadcrumb($lang->mytwconnect_page_title, 'usercp.php?action=mytwconnect'); // The user is changing his settings if ($mybb->request_method == 'post' or $_SESSION['twlogin']) { if ($mybb->request_method == 'post') { verify_post_check($mybb->input['my_post_key']); } // He's unlinking his account if ($mybb->input['unlink']) { $TwitterConnect->unlink_user(); redirect('usercp.php?action=mytwconnect', $lang->mytwconnect_success_accunlinked, $lang->mytwconnect_success_accunlinked_title); } else { $settings = array(); foreach ($settingsToCheck as $setting) { $settings[$setting] = 0; if ($mybb->input[$setting] == 1) { $settings[$setting] = 1; } // Build a list of parameters to include in the fallback URL $loginUrlExtra .= "&{$setting}=" . $settings[$setting]; } // Process the tokens if ($_SESSION['twlogin']) { $TwitterConnect->obtain_tokens(); } $user = $TwitterConnect->get_user(); // This user is not logged in with Twitter if (!$user) { // Store a token in the session, we will check for it in the next call $_SESSION['twlogin'] = 1; $TwitterConnect->set_fallback("usercp.php?action=mytwconnect" . $loginUrlExtra); $TwitterConnect->authenticate(); return; } if ($db->update_query('users', $settings, 'uid = ' . (int) $mybb->user['uid'])) { unset($_SESSION['twlogin']); $newUser = array_merge($mybb->user, $settings); $TwitterConnect->sync($newUser, $user); redirect('usercp.php?action=mytwconnect', $lang->mytwconnect_success_settingsupdated, $lang->mytwconnect_success_settingsupdated_title); } } } $options = ''; if ($mybb->user['mytw_uid']) { // Checking if admins and users want to sync that stuff foreach ($settingsToCheck as $setting) { $tempKey = 'mytwconnect_' . $setting; if (!$mybb->settings[$tempKey]) { continue; } $userSettings[$setting] = 0; if ($mybb->user[$setting]) { $userSettings[$setting] = 1; } } $text = $lang->setting_mytwconnect_whattosync; $unlink = "<input type=\"submit\" class=\"button\" name=\"unlink\" value=\"{$lang->mytwconnect_settings_unlink}\" />"; if ($userSettings) { foreach ($userSettings as $setting => $value) { $tempKey = 'mytwconnect_settings_' . $setting; $checked = ''; if ($value) { $checked = " checked=\"checked\""; } $label = $lang->{$tempKey}; $altbg = alt_trow(); eval("\$options .= \"" . $templates->get('mytwconnect_usercp_settings_setting') . "\";"); } } else { $text = $lang->setting_mytwconnect_connected; } } else { $text = $lang->setting_mytwconnect_linkaccount; eval("\$options = \"" . $templates->get('mytwconnect_usercp_settings_linkprofile') . "\";"); } eval("\$content = \"" . $templates->get('mytwconnect_usercp_settings') . "\";"); output_page($content); } }
function msb_gettoken() { global $mybb, $lang, $parser, $settings; if (!is_object($parser)) { require_once MYBB_ROOT . 'inc/class_parser.php'; $parser = new postParser(); } if ($mybb->input['action'] != "msb_gettoken" || $mybb->request_method != "post") { return false; exit; } if (!verify_post_check($mybb->input['my_post_key'], true)) { xmlhttp_error($lang->invalid_post_code); } if ($mybb->input['action'] == "msb_gettoken") { $arraytoken = array('token' => msb_token_gen()); echo json_encode($arraytoken); } }
function restfulapi_admin_load() { global $mybb, $db, $page, $lang, $cache; if ($page->active_action == RESTFULAPI_URL) { $page->add_breadcrumb_item($lang->restfulapi_title); $page->output_header($lang->restfulapi_title); $result = $db->simple_select("apisettings"); $action = "config"; if (isset($mybb->input["action"]) && in_array($mybb->input["action"], array("manage-keys", "add-key"))) { $action = $mybb->input["action"]; } $navs = array("config" => array("link" => "index.php?module=config-" . RESTFULAPI_URL, "title" => $lang->restfulapi_config, "description" => $lang->restfulapi_config_description), "manage-keys" => array("link" => "index.php?module=config-" . RESTFULAPI_URL . "&action=manage-keys", "title" => $lang->restfulapi_manage_api_keys, "description" => $lang->restfulapi_manage_api_keys_description), "add-key" => array("link" => "index.php?module=config-" . RESTFULAPI_URL . "&action=add-key", "title" => $lang->restfulapi_add_api_key, "description" => $lang->restfulapi_add_api_key_description)); $page->output_nav_tabs($navs, $action); switch ($action) { case "manage-keys": if (isset($mybb->input["do"]) && in_array($mybb->input["do"], array("regenerate", "edit", "delete"))) { $do = $mybb->input["do"]; if ($do == "edit" && isset($mybb->input["key_id"]) && is_string($mybb->input["key_id"])) { $key_id = (int) $db->escape_string($mybb->input["key_id"]); $result = $db->simple_select("apikeys", "*", "id='{$key_id}'"); if ($result->num_rows != 1) { flash_message($lang->restfulapi_key_not_found, "error"); admin_redirect("index.php?module=config-restfulapi&action=manage-keys"); exit; } if ($mybb->request_method == "post" && isset($mybb->input["apicustomer"]) && is_string($mybb->input["apicustomer"]) && isset($mybb->input["apicomment"]) && is_string($mybb->input["apicomment"]) && isset($mybb->input["maxreq"]) && is_numeric($mybb->input["maxreq"]) && isset($mybb->input["maxreqrate"]) && in_array($mybb->input["maxreqrate"], array("m", "w", "d", "h"))) { $update = array("apicustomer" => $db->escape_string(htmlspecialchars_uni($mybb->input["apicustomer"])), "apicomment" => $db->escape_string(htmlspecialchars_uni($mybb->input["apicomment"])), "maxreq" => (int) $mybb->input["maxreq"], "maxreqrate" => $db->escape_string(htmlspecialchars_uni($mybb->input["maxreqrate"]))); $db->update_query("apikeys", $update, "id='{$key_id}'"); $db->delete_query("apipermissions", "apikey='{$key_id}'"); if (isset($mybb->input["apinames"]) && is_array($mybb->input["apinames"])) { $insert_allowed = array(); foreach ($mybb->input["apinames"] as $apiname) { $insert_allowed[] = array("apikey" => $key_id, "apiname" => $db->escape_string($apiname)); } $db->insert_query_multiple("apipermissions", $insert_allowed); } restfulapi_cache_rebuild(); flash_message($lang->restfulapi_key_edited_successfully, "success"); admin_redirect("index.php?module=config-restfulapi&action=manage-keys"); } else { $keyset = $result->fetch_array(); $form = new Form("index.php?module=config-" . RESTFULAPI_URL . "&action=manage-keys&do=edit&key_id={$key_id}", "post", "edit"); $form_container = new FormContainer($lang->restfulapi_edit_api_key); $form_container->output_row($lang->restfulapi_customer_name . " <em>*</em>", $lang->restfulapi_customer_name_description, $form->generate_text_box('apicustomer', htmlspecialchars_uni($keyset["apicustomer"]), array('id' => 'apicustomer')), 'apicustomer'); $rate_types = array("h" => $lang->restfulapi_per_hour, "d" => $lang->restfulapi_per_day, "w" => $lang->restfulapi_per_week, "m" => $lang->restfulapi_per_month); $form_container->output_row($lang->restfulapi_max_requests . " <em>*</em>", $lang->restfulapi_max_requests_description, $form->generate_text_box('maxreq', htmlspecialchars_uni($keyset["maxreq"]), array('id' => 'maxreq')) . " " . $form->generate_select_box('maxreqrate', $rate_types, htmlspecialchars_uni($keyset["maxreqrate"]), array('id' => 'maxreqrate')), 'maxreq'); $form_container->output_row($lang->restfulapi_comment, $lang->restfulapi_comment_description, $form->generate_text_area('apicomment', htmlspecialchars_uni($keyset["apicomment"]), array('id' => 'apicomment')), 'apicomment'); $apis = glob(RESTFULAPI_PATH . "api/*api.class.php"); $presentable_apis = array(); foreach ($apis as $key => $value) { $value = htmlspecialchars_uni(str_replace(array(RESTFULAPI_PATH . "api/", "api.class.php"), "", $value)); $presentable_apis[$value] = $value; } $selected = array(); // reminder, $key_id has already been escaped! $result = $db->simple_select("apipermissions", "*", "apikey='{$key_id}'"); while ($apipermission = $db->fetch_array($result)) { $selected[] = $apipermission["apiname"]; } $form_container->output_row($lang->restfulapi_select_allowed_apis, $lang->restfulapi_select_allowed_apis_description, $form->generate_select_box('apinames[]', $presentable_apis, $selected, array('id' => 'apinames', 'multiple' => true, 'size' => 10)), 'apinames'); $form_container->end(); $buttons[] = $form->generate_submit_button($lang->restfulapi_edit_api_key); $form->output_submit_wrapper($buttons); $form->end(); } } elseif ($do == "delete" && isset($mybb->input["key_id"]) && isset($mybb->input["my_post_key"]) && verify_post_check($mybb->input["my_post_key"])) { $key_id = $db->escape_string($mybb->input["key_id"]); if ($db->simple_select("apikeys", "*", "id='{$key_id}'")->num_rows == 1) { $db->delete_query("apipermissions", "apikey='{$key_id}'"); $db->delete_query("apikeys", "id='{$key_id}'"); restfulapi_cache_rebuild(); flash_message($lang->restfulapi_key_deleted_successfully, "success"); } else { flash_message($lang->restfulapi_key_not_found, "error"); } admin_redirect("index.php?module=config-restfulapi&action=manage-keys"); } elseif ($do == "regenerate" && isset($mybb->input["key_id"]) && isset($mybb->input["my_post_key"]) && verify_post_check($mybb->input["my_post_key"])) { $key_id = $db->escape_string($mybb->input["key_id"]); if ($db->simple_select("apikeys", "*", "id='{$key_id}'")->num_rows == 1) { $apikey = restfulapi_generate_key(); /* can't figure out a better way to generate a random yet never-generated-before API key than this one */ while ($db->simple_select("apikeys", "*", "apikey='{$apikey}'")->num_rows != 0) { $apikey = restfulapi_generate_key(); } $update = array("apikey" => $db->escape_string(htmlspecialchars_uni($apikey))); $db->update_query("apikeys", $update, "id='{$key_id}'"); restfulapi_cache_rebuild(); flash_message($lang->restfulapi_key_regenerated_successfully, "success"); } else { flash_message($lang->restfulapi_key_not_found, "error"); } admin_redirect("index.php?module=config-restfulapi&action=manage-keys"); } } else { $restfulapi_cache = $cache->read("restfulapi"); $apikeysets = $restfulapi_cache["keys"]; $table = new Table(); $table->construct_header($lang->restfulapi_customer, array("width" => "15%")); $table->construct_header($lang->restfulapi_api_key, array("class" => "align_center", "width" => "29%")); $table->construct_header($lang->restfulapi_comment, array("class" => "align_center", "width" => "30%")); $table->construct_header($lang->restfulapi_usage, array("class" => "align_center", "width" => "5%")); $table->construct_header($lang->restfulapi_controls, array("class" => "align_center", "width" => "21%", "colspan" => 3)); if (count($apikeysets) == 0) { $table->construct_cell($lang->sprintf($lang->restfulapi_no_api_key, '<a href="index.php?module=config-restfulapi&action=add-key">', '</a>'), array("class" => "first", "colspan" => 5)); $table->construct_row(); } else { // TODO : pagination maybe ? foreach ($apikeysets as $key => $keyset) { $table->construct_cell("<b>" . htmlspecialchars_uni($keyset['apicustomer']) . "</b>"); $table->construct_cell(htmlspecialchars_uni($keyset['apikey'])); $table->construct_cell(htmlspecialchars_uni($keyset['apicomment'])); $table->construct_cell(htmlspecialchars_uni($keyset['access']), array("class" => "align_center")); $table->construct_cell("<a href=\"index.php?module=config-restfulapi&action=manage-keys&do=regenerate&key_id={$keyset['id']}&my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->restfulapi_regenerate_api_key_confirmation}')\">{$lang->restfulapi_regenerate_api_key}</a>", array("class" => "align_center", "width" => "9%")); $table->construct_cell("<a href=\"index.php?module=config-restfulapi&action=manage-keys&do=edit&key_id={$keyset['id']}\">{$lang->restfulapi_edit}</a>", array("class" => "align_center", "width" => "6%")); $table->construct_cell("<a href=\"index.php?module=config-restfulapi&action=manage-keys&do=delete&key_id={$keyset['id']}&my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->restfulapi_delete_confirm}')\">{$lang->restfulapi_delete}</a>", array("class" => "align_center", "width" => "6%")); $table->construct_row(); } } $table->output($lang->restfulapi_manage_api_keys); } break; case "add-key": if ($mybb->request_method == "post" && isset($mybb->input["apicustomer"]) && is_string($mybb->input["apicustomer"]) && isset($mybb->input["apicomment"]) && is_string($mybb->input["apicomment"]) && isset($mybb->input["maxreq"]) && is_numeric($mybb->input["maxreq"]) && isset($mybb->input["maxreqrate"]) && in_array($mybb->input["maxreqrate"], array("m", "w", "d", "h"))) { $apikey = restfulapi_generate_key(); /* can't figure out a better way to generate a random yet never-generated-before API key than this one */ while ($db->simple_select("apikeys", "*", "apikey='{$db->escape_string($apikey)}'")->num_rows != 0) { $apikey = restfulapi_generate_key(); } $insert = array("apicustomer" => $db->escape_string(htmlspecialchars_uni($mybb->input["apicustomer"])), "apicomment" => $db->escape_string(htmlspecialchars_uni($mybb->input["apicomment"])), "access" => 0, "maxreq" => (int) $mybb->input["maxreq"], "maxreqrate" => $db->escape_string(htmlspecialchars_uni($mybb->input["maxreqrate"])), "apikey" => $db->escape_string(htmlspecialchars_uni($apikey))); $apikeyid = $db->insert_query("apikeys", $insert); if (isset($mybb->input["apinames"]) && is_array($mybb->input["apinames"])) { $insert_allowed = array(); foreach ($mybb->input["apinames"] as $apiname) { $insert_allowed[] = array("apikey" => $db->escape_string($apikeyid), "apiname" => $db->escape_string($apiname)); } $db->insert_query_multiple("apipermissions", $insert_allowed); } restfulapi_cache_rebuild(); flash_message($lang->sprintf($lang->restfulapi_generated_successfully, $apikey, $mybb->input["apicustomer"]), 'success'); admin_redirect("index.php?module=config-restfulapi&action=manage-keys"); } else { $form = new Form("index.php?module=config-" . RESTFULAPI_URL . "&action=add-key", "post", "add"); $form_container = new FormContainer($lang->restfulapi_add_api_key); $form_container->output_row($lang->restfulapi_customer_name . " <em>*</em>", $lang->restfulapi_customer_name_description, $form->generate_text_box('apicustomer', '', array('id' => 'apicustomer')), 'apicustomer'); $rate_types = array("h" => $lang->restfulapi_per_hour, "d" => $lang->restfulapi_per_day, "w" => $lang->restfulapi_per_week, "m" => $lang->restfulapi_per_month); $form_container->output_row($lang->restfulapi_max_requests . " <em>*</em>", $lang->restfulapi_max_requests_description, $form->generate_text_box('maxreq', '0', array('id' => 'maxreq')) . " " . $form->generate_select_box('maxreqrate', $rate_types, "m", array('id' => 'maxreqrate')), 'maxreq'); $form_container->output_row($lang->restfulapi_comment, $lang->restfulapi_comment_description, $form->generate_text_area('apicomment', '', array('id' => 'apicomment')), 'apicomment'); $apis = glob(RESTFULAPI_PATH . "api/*api.class.php"); $presentable_apis = array(); foreach ($apis as $key => $value) { $value = htmlspecialchars_uni(str_replace(array(RESTFULAPI_PATH . "api/", "api.class.php"), "", $value)); $presentable_apis[$value] = $value; } $form_container->output_row($lang->restfulapi_select_allowed_apis . " <em>*</em>", $lang->restfulapi_select_allowed_apis_description, $form->generate_select_box('apinames[]', $presentable_apis, array_keys($presentable_apis), array('id' => 'apinames', 'multiple' => true, 'size' => 10)), 'apinames'); $form_container->end(); $buttons[] = $form->generate_submit_button($lang->restfulapi_generate_api_key); $form->output_submit_wrapper($buttons); $form->end(); } break; default: $apilist = $cache->read("restfulapilist"); // routine to install newly detected APIs, and activate them if needed restfulapi_apilist_activate(); if ($mybb->request_method == "post") { // we delete all the previously-deactivated options $db->delete_query("apisettings", "apiaction='deactivate'"); $inserts = array(); foreach ($mybb->input as $key => $input) { if (substr($key, 0, 7) == "option_" && $input == "1") { // replace first occurrence of 'option_' with '' in case the option name is 'option_', so that 'option_option_' won't be all replaced into an empty string // yeah I know, probably would never happen but we never know $option = preg_replace('/option\\_/', '', $key, 1); restfulapi_api_activate($option); } elseif (substr($key, 0, 7) == "option_" && $input == "0") { $option = preg_replace('/option\\_/', '', $key, 1); restfulapi_api_deactivate($option); } } flash_message($lang->restfulapi_saved_config, "success"); admin_redirect("index.php?module=config-restfulapi"); } else { $result = $db->simple_select("apisettings", "*", "apiaction='deactivate'"); $deactivatedapis = array(); while ($apiarray = $db->fetch_array($result)) { $deactivatedapis[] = $apiarray["apivalue"]; } if (count($apilist) == 0) { echo '<div class="notice">' . $lang->sprintf($lang->restfulapi_no_api, '<a href="index.php?module=config-restfulapi&action=add-key">', '</a>') . '</div>'; } else { $form = new Form("index.php?module=config-" . RESTFULAPI_URL, "post", "config"); $form_container = new FormContainer($lang->restfulapi_config); $table = new Table(); foreach ($apilist as $api => $info_array) { require_once RESTFULAPI_PATH . "api/" . $api . "api.class.php"; $api = htmlspecialchars_uni($api); $apiclass = $api . "api"; $api_instance = new $apiclass(); $info_array = $api_instance->info(); $name = isset($info_array["name"]) && is_string($info_array["name"]) ? htmlspecialchars_uni($info_array["name"]) . " : " . $api : $api; $description = isset($info_array["description"]) && is_string($info_array["description"]) ? htmlspecialchars_uni($info_array["description"]) : $lang->restfulapi_config_on_off_description; $setting_code = $form->generate_on_off_radio("option_" . $api, in_array($api, $deactivatedapis) ? 0 : 1, true, array('id' => $api . '_yes'), array('id' => $api . '_no')); $form_container->output_row($name, $description, $setting_code, '', array(), array('id' => 'row_' . $api)); } $form_container->end(); $buttons[] = $form->generate_submit_button($lang->restfulapi_save_config); $form->output_submit_wrapper($buttons); $form->end(); } } break; } $page->output_footer(); } }
function prostats_run_ajax() { global $mybb, $plugins, $lang, $parser, $session, $prostats_tbl; $lang->load('prostats'); if (!$mybb->settings['ps_enable'] || $mybb->settings['ps_hidefrombots'] && !empty($session->is_spider)) { error($lang->prostats_disabled); } if (!is_object($parser)) { require_once MYBB_ROOT . 'inc/class_parser.php'; $parser = new postParser(); } if ($mybb->input['action'] != "prostats_reload" || $mybb->request_method != "post") { return false; exit; } if (!verify_post_check($mybb->input['my_post_key'], true)) { xmlhttp_error($lang->invalid_post_code); } prostats_run_index(true); $plugins->run_hooks('prostats_xml_pre_output_page'); header('Content-Type: text/json'); echo json_encode(array("html" => $prostats_tbl)); }
function newpoints_shop_page() { global $mybb, $db, $lang, $cache, $theme, $header, $templates, $plugins, $headerinclude, $footer, $options, $inline_errors; if (!$mybb->user['uid']) { return; } newpoints_lang_load("newpoints_shop"); if ($mybb->input['action'] == "do_shop") { verify_post_check($mybb->input['postcode']); $plugins->run_hooks("newpoints_do_shop_start"); switch ($mybb->input['shop_action']) { case 'buy': $plugins->run_hooks("newpoints_shop_buy_start"); // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } // check group rules - primary group check $grouprules = newpoints_getrules('group', $mybb->user['usergroup']); if (!$grouprules) { $grouprules['items_rate'] = 1.0; } // no rule set so default income rate is 1 // if the group items rate is 0, the price of the item is 0 if (floatval($grouprules['items_rate']) == 0) { $item['price'] = 0; } else { $item['price'] = $item['price'] * floatval($grouprules['items_rate']); } if (floatval($item['price']) > floatval($mybb->user['newpoints'])) { $errors[] = $lang->newpoints_shop_not_enough; } if ($item['infinite'] != 1 && $item['stock'] <= 0) { $errors[] = $lang->newpoints_shop_out_of_stock; } if ($item['limit'] != 0) { // Get how many items of this type we have in our inventory $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { $myitems = array(); } // If more than or equal to $item['limit'] -> FAILED if (count(array_keys($myitems, $item['iid'])) >= $item['limit']) { $errors[] = $lang->newpoints_shop_limit_reached; } } if (!empty($errors)) { $inline_errors = inline_error($errors, $lang->newpoints_shop_inline_errors); $mybb->input = array(); $mybb->input['action'] = 'shop'; } else { $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { $myitems = array(); } $myitems[] = $item['iid']; $db->update_query('users', array('newpoints_items' => serialize($myitems)), 'uid=\'' . $mybb->user['uid'] . '\''); // update stock if ($item['infinite'] != 1) { $db->update_query('newpoints_shop_items', array('stock' => $item['stock'] - 1), 'iid=\'' . $item['iid'] . '\''); } // get money from user newpoints_addpoints($mybb->user['uid'], -floatval($item['price'])); if (!empty($item['pm'])) { // send PM if item has private message newpoints_send_pm(array('subject' => $lang->newpoints_shop_bought_item_pm_subject, 'message' => $item['pm'], 'touid' => $mybb->user['uid'], 'receivepms' => 1), -1); } $plugins->run_hooks("newpoints_shop_buy_end", $item); // log purchase newpoints_log('shop_purchase', $lang->sprintf($lang->newpoints_shop_purchased_log, $item['iid'], $item['price'])); redirect($mybb->settings['bburl'] . "/newpoints.php?action=shop", $lang->newpoints_shop_item_bought, $lang->newpoints_shop_item_bought_title); } break; case 'send': $plugins->run_hooks("newpoints_shop_send_start"); // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { error($lang->newpoints_shop_inventory_empty); } // make sure we own the item $key = array_search($item['iid'], $myitems); if ($key === false) { error($lang->newpoints_shop_selected_item_not_owned); } $lang->newpoints_shop_action = $lang->newpoints_shop_send_item; $item['name'] = htmlspecialchars_uni($item['name']); global $shop_action, $data, $colspan; $colspan = 2; $shop_action = 'do_send'; $fields = '<input type="hidden" name="iid" value="' . $item['iid'] . '">'; $data = "<td class=\"trow1\" width=\"50%\"><strong>" . $lang->newpoints_shop_send_item_username . ":</strong><br /><small>" . $lang->newpoints_shop_send_item_message . "</small></td><td class=\"trow1\" width=\"50%\"><input type=\"text\" class=\"textbox\" name=\"username\" value=\"\"></td>"; $plugins->run_hooks("newpoints_shop_send_end"); eval("\$page = \"" . $templates->get('newpoints_shop_do_action') . "\";"); output_page($page); break; case 'do_send': $plugins->run_hooks("newpoints_shop_do_send_start"); // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { error($lang->newpoints_shop_inventory_empty); } // make sure we own the item $key = array_search($item['iid'], $myitems); if ($key === false) { error($lang->newpoints_shop_selected_item_not_owned); } $username = trim($mybb->input['username']); if (!($user = newpoints_getuser_byname($username))) { error($lang->newpoints_shop_invalid_user); } else { if ($user['uid'] == $mybb->user['uid']) { error($lang->newpoints_shop_cant_send_item_self); } // send item to the selected user $useritems = @unserialize($user['newpoints_items']); if (!$useritems) { $useritems = array(); } $useritems[] = $item['iid']; $db->update_query('users', array('newpoints_items' => serialize($useritems)), 'uid=\'' . $user['uid'] . '\''); // remove item from our inventory unset($myitems[$key]); sort($myitems); $db->update_query('users', array('newpoints_items' => serialize($myitems)), 'uid=\'' . $mybb->user['uid'] . '\''); $plugins->run_hooks("newpoints_shop_do_send_end"); // send pm to user newpoints_send_pm(array('subject' => $lang->newpoints_shop_item_received_title, 'message' => $lang->sprintf($lang->newpoints_shop_item_received, htmlspecialchars_uni($mybb->user['username']), htmlspecialchars_uni($item['name'])), 'touid' => $user['uid'], 'receivepms' => 1), -1); // log newpoints_log('shop_send', $lang->sprintf($lang->newpoints_shop_sent_log, $item['iid'], $user['uid'], $user['username'])); redirect($mybb->settings['bburl'] . "/newpoints.php?action=shop&shop_action=myitems", $lang->newpoints_shop_item_sent, $lang->newpoints_shop_item_sent_title); } break; case 'sell': $plugins->run_hooks("newpoints_shop_sell_start"); // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { error($lang->newpoints_shop_inventory_empty); } // make sure we own the item $key = array_search($item['iid'], $myitems); if ($key === false) { error($lang->newpoints_shop_selected_item_not_owned); } $lang->newpoints_shop_action = $lang->newpoints_shop_sell_item; $item['name'] = htmlspecialchars_uni($item['name']); global $shop_action, $data, $colspan; $colspan = 1; $shop_action = 'do_sell'; $fields = '<input type="hidden" name="iid" value="' . $item['iid'] . '">'; $data = "<td class=\"trow1\" width=\"100%\">" . $lang->sprintf($lang->newpoints_shop_sell_item_confirm, htmlspecialchars_uni($item['name']), newpoints_format_points(floatval($item['price']) * $mybb->settings['newpoints_shop_percent'])) . "</td>"; $plugins->run_hooks("newpoints_shop_sell_end"); eval("\$page = \"" . $templates->get('newpoints_shop_do_action') . "\";"); output_page($page); break; case 'do_sell': $plugins->run_hooks("newpoints_shop_do_sell_start"); // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } $myitems = @unserialize($mybb->user['newpoints_items']); if (!$myitems) { error($lang->newpoints_shop_inventory_empty); } // make sure we own the item $key = array_search($item['iid'], $myitems); if ($key === false) { error($lang->newpoints_shop_selected_item_not_owned); } // remove item from our inventory unset($myitems[$key]); sort($myitems); $db->update_query('users', array('newpoints_items' => serialize($myitems)), 'uid=\'' . $mybb->user['uid'] . '\''); // update stock if ($item['infinite'] != 1) { $db->update_query('newpoints_shop_items', array('stock' => $item['stock'] + 1), 'iid=\'' . $item['iid'] . '\''); } newpoints_addpoints($mybb->user['uid'], floatval($item['price']) * $mybb->settings['newpoints_shop_percent']); $plugins->run_hooks("newpoints_shop_do_sell_end"); // log newpoints_log('shop_sell', $lang->sprintf($lang->newpoints_shop_sell_log, $item['iid'], floatval($item['price']) * $mybb->settings['newpoints_shop_percent'])); redirect($mybb->settings['bburl'] . "/newpoints.php?action=shop&shop_action=myitems", $lang->newpoints_shop_item_sell, $lang->newpoints_shop_item_sell_title); break; default: error_no_permission(); } $plugins->run_hooks("newpoints_do_shop_end"); } // shop page if ($mybb->input['action'] == "shop") { $plugins->run_hooks("newpoints_shop_start"); if ($mybb->input['shop_action'] == 'view') { // check if the item exists if (!($item = newpoints_shop_get_item($mybb->input['iid']))) { error($lang->newpoints_shop_invalid_item); } // check if the item is assigned to category if (!($cat = newpoints_shop_get_category($item['cid']))) { error($lang->newpoints_shop_invalid_cat); } // check if we have permissions to view the parent category if (!newpoints_shop_check_permissions($cat['usergroups'])) { error_no_permission(); } if ($item['visible'] == 0 || $cat['visible'] == 0) { error_no_permission(); } $item['name'] = htmlspecialchars_uni($item['name']); $item['description'] = htmlspecialchars_uni($item['description']); // check group rules - primary group check $grouprules = newpoints_getrules('group', $mybb->user['usergroup']); if (!$grouprules) { $grouprules['items_rate'] = 1.0; } // no rule set so default income rate is 1 // if the group items rate is 0, the price of the item is 0 if (floatval($grouprules['items_rate']) == 0) { $item['price'] = 0; } else { $item['price'] = $item['price'] * floatval($grouprules['items_rate']); } $item['price'] = newpoints_format_points($item['price']); if ($item['price'] > $mybb->user['newpoints']) { $item['price'] = '<span style="color: #FF0000;">' . $item['price'] . '</span>'; } // build icon if ($item['icon'] != '') { $item['icon'] = htmlspecialchars_uni($item['icon']); $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $item['icon'] . '">'; } else { $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/images/newpoints/default.png">'; } if ($item['infinite'] == 1) { $item['stock'] = $lang->newpoints_shop_infinite; } else { $item['stock'] = intval($item['stock']); } if ($item['sendable'] == 1) { $item['sendable'] = $lang->newpoints_shop_yes; } else { $item['sendable'] = $lang->newpoints_shop_no; } if ($item['sellable'] == 1) { $item['sellable'] = $lang->newpoints_shop_yes; } else { $item['sellable'] = $lang->newpoints_shop_no; } eval("\$page = \"" . $templates->get('newpoints_shop_view_item') . "\";"); } elseif ($mybb->input['shop_action'] == 'myitems') { $uid = intval($mybb->input['uid']); $uidpart = ''; if ($uid > 0) { $user = get_user($uid); // we're viewing someone else's inventory if (!empty($user)) { // we can't view others inventories if we don't have enough previleges if ($mybb->settings['newpoints_shop_viewothers'] != 1 && $mybb->usergroup['cancp'] != 1 && $mybb->user['uid'] != $uid) { error_no_permission(); } $myitems = @unserialize($user['newpoints_items']); $lang->newpoints_shop_myitems = $lang->sprintf($lang->newpoints_shop_items_username, htmlspecialchars_uni($user['username'])); $uidpart = "&uid=" . $uid; // we need this for pagination } else { $myitems = @unserialize($mybb->user['newpoints_items']); } } else { $myitems = @unserialize($mybb->user['newpoints_items']); } $items = ''; $newrow = true; $invert_bgcolor = alt_trow(); if ($mybb->settings['newpoints_shop_sendable'] != 1) { $sendable = false; } else { $sendable = true; } if ($mybb->settings['newpoints_shop_sellable'] != 1) { $sellable = false; } else { $sellable = true; } require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); $parser_options = array('allow_mycode' => 1, 'allow_smilies' => 1, 'allow_imgcode' => 0, 'allow_html' => 0, 'filter_badwords' => 1); if (!empty($myitems)) { // pagination $per_page = 10; $mybb->input['page'] = intval($mybb->input['page']); if ($mybb->input['page'] && $mybb->input['page'] > 1) { $mybb->input['page'] = intval($mybb->input['page']); $start = $mybb->input['page'] * $per_page - $per_page; } else { $mybb->input['page'] = 1; $start = 0; } // total items $total_rows = $db->fetch_field($db->simple_select("newpoints_shop_items", "COUNT(iid) as items", 'visible=1 AND iid IN (' . implode(',', array_unique($myitems)) . ')'), "items"); // multi-page if ($total_rows > $per_page) { $multipage = multipage($total_rows, $per_page, $mybb->input['page'], $mybb->settings['bburl'] . "/newpoints.php?action=shop&shop_action=myitems" . $uidpart); } $query = $db->simple_select('newpoints_shop_items', '*', 'visible=1 AND iid IN (' . implode(',', array_unique($myitems)) . ')', array('limit' => "{$start}, {$per_page}")); while ($item = $db->fetch_array($query)) { if ($newrow === true) { $trstart = '<tr>'; $trend = ''; $newrow = false; } elseif ($newrow === false) { $trstart = ''; $trend = '</tr>'; $newrow = true; } if ($sellable === true && $item['sellable']) { if ($sendable === true && $item['sendable']) { $tdstart = '<td width="50%">'; } else { $tdstart = '<td width="100%">'; } $sell = $tdstart . '<form action="newpoints.php" method="POST"><input type="hidden" name="action" value="do_shop"><input type="hidden" name="shop_action" value="sell"><input type="hidden" name="iid" value="' . $item['iid'] . '"><input type="hidden" name="postcode" value="' . $mybb->post_code . '"><input type="submit" name="submit" value="' . $lang->newpoints_shop_sell . '"></form></td>'; } else { $sell = ''; } if ($sendable === true && $item['sendable']) { if ($sell == '') { $tdstart = '<td width="100%">'; } else { $tdstart = '<td width="50%">'; } $send = $tdstart . '<form action="newpoints.php" method="POST"><input type="hidden" name="action" value="do_shop"><input type="hidden" name="shop_action" value="send"><input type="hidden" name="iid" value="' . $item['iid'] . '"><input type="hidden" name="postcode" value="' . $mybb->post_code . '"><input type="submit" name="submit" value="' . $lang->newpoints_shop_send . '"></form></td>'; } else { $send = ''; } if (!$send && !$sell) { $send = $lang->newpoints_shop_no_options; } $item['description'] = $parser->parse_message($item['description'], $parser_options); // check group rules - primary group check $grouprules = newpoints_getrules('group', $mybb->user['usergroup']); if (!$grouprules) { $grouprules['items_rate'] = 1.0; } // no rule set so default income rate is 1 // if the group items rate is 0, the price of the item is 0 if (floatval($grouprules['items_rate']) == 0) { $item['price'] = 0; } else { $item['price'] = $item['price'] * floatval($grouprules['items_rate']); } $item['price'] = newpoints_format_points($item['price']); $item['quantity'] = count(array_keys($myitems, $item['iid'])); // build icon if ($item['icon'] != '') { $item['icon'] = htmlspecialchars_uni($item['icon']); $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $item['icon'] . '">'; } else { $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/images/newpoints/default.png">'; } $bgcolor = alt_trow(); $invert_bgcolor = alt_trow(); eval("\$items .= \"" . $trstart . $templates->get('newpoints_shop_myitems_item') . $trend . "\";"); } if (!$items) { eval("\$items = \"" . $templates->get('newpoints_shop_myitems_no_items') . "\";"); } else { if ($newrow === false) { eval("\$items .= \"" . $templates->get('newpoints_shop_myitems_item_empty') . "</tr>" . "\";"); $newrow = true; } } } else { eval("\$items = \"" . $templates->get('newpoints_shop_myitems_no_items') . "\";"); } eval("\$page = \"" . $templates->get('newpoints_shop_myitems') . "\";"); } else { // check group rules - primary group check $grouprules = newpoints_getrules('group', $mybb->user['usergroup']); if (!$grouprules) { $grouprules['items_rate'] = 1.0; } // no rule set so default income rate is 1 // if the group items rate is 0, the price of the item is 0 $itemsrate = floatval($grouprules['items_rate']); global $cats, $items; // get categories $query = $db->simple_select('newpoints_shop_categories', '*', '', array('order_by' => 'disporder', 'order_dir' => 'ASC')); while ($cat = $db->fetch_array($query)) { $categories[$cat['cid']] = $cat; } // get items and store them in their categories $query = $db->simple_select('newpoints_shop_items', '*', 'visible=1 AND cid>0', array('order_by' => 'disporder', 'order_dir' => 'ASC')); while ($item = $db->fetch_array($query)) { $items_array[$item['cid']][$item['iid']] = $item; } $cats = ''; $bgcolor = ''; $bgcolor = alt_trow(); // build items and categories if (!empty($categories)) { foreach ($categories as $cid => $category) { $items = ''; if ($category['items'] > 0 && !empty($items_array[$category['cid']])) { foreach ($items_array as $cid => $member) { if ($cid != $category['cid']) { continue; } $bgcolor = alt_trow(); foreach ($member as $iid => $item) { // skip hidden items if ($item['visible'] == 0) { continue; } if ($item['infinite'] == 1) { $item['stock'] = $lang->newpoints_shop_infinite; } if ($item['price'] > $mybb->user['newpoints']) { $enough_money = false; } else { $enough_money = true; } $item['name'] = htmlspecialchars_uni($item['name']); $item['description'] = htmlspecialchars_uni($item['description']); $item['price'] = newpoints_format_points($item['price'] * $itemsrate); // build icon if ($item['icon'] != '') { $item['icon'] = htmlspecialchars_uni($item['icon']); $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $item['icon'] . '">'; } else { $item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/images/newpoints/default.png">'; } if (!$enough_money) { $item['price'] = '<span style="color: #FF0000;">' . $item['price'] . '</span>'; } eval("\$items .= \"" . $templates->get('newpoints_shop_item') . "\";"); } } } else { eval("\$items = \"" . $templates->get('newpoints_shop_no_items') . "\";"); } // if it's not visible, don't show it if ($category['visible'] == 0) { continue; } // check if we have permissions to view the category if (!newpoints_shop_check_permissions($category['usergroups'])) { continue; } // Expanded by default feature global $extdisplay, $expcolimage, $expdisplay, $expaltext, $icon; $expdisplay = ''; if (intval($category['expanded']) == 0) { $expcolimage = "collapse_collapsed.gif"; $expdisplay = "display: none;"; $expaltext = "[+]"; } else { $expcolimage = "collapse.gif"; $expaltext = "[-]"; } // build icon if ($category['icon'] != '') { $category['icon'] = htmlspecialchars_uni($category['icon']); $category['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $category['icon'] . '" style="vertical-align:middle">'; } // sanitize html $category['description'] = htmlspecialchars_uni($category['description']); $category['name'] = htmlspecialchars_uni($category['name']); eval("\$cats .= \"" . $templates->get('newpoints_shop_category') . "\";"); } } else { eval("\$cats = \"" . $templates->get('newpoints_shop_no_cats') . "\";"); } eval("\$page = \"" . $templates->get('newpoints_shop') . "\";"); } $plugins->run_hooks("newpoints_shop_end"); // output page output_page($page); } }
function xthreads_upload_attachments_global() { //if($mybb->request_method == 'post' && ($current_page == 'newthread.php' || ($current_page == 'editpost.php' && $mybb->input['action'] != 'deletepost')) // the above line is always checked and true global $mybb, $current_page, $thread; if ($current_page == 'editpost.php') { // check if first post $pid = (int) $mybb->input['pid']; if (!$thread) { $post = get_post($pid); if (!empty($post)) { $thread = get_thread($post['tid']); } if (empty($thread)) { return; } $pid = $post['pid']; } if ($thread['firstpost'] != $pid) { return; } } elseif ($mybb->input['tid']) { /* ($mybb->input['action'] == 'editdraft' || $mybb->input['action'] == 'savedraft') && */ $thread = get_thread((int) $mybb->input['tid']); if ($thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) { // ensure that this is, indeed, a draft unset($GLOBALS['thread']); } } // permissions check - ideally, should get MyBB to do this, but I see no easy way to implement it unfortunately if ($mybb->user['suspendposting'] == 1) { return; } if ($thread['fid']) { $fid = $thread['fid']; } else { $fid = (int) $mybb->input['fid']; } $forum = get_forum($fid); if (!$forum['fid'] || $forum['open'] == 0 || $forum['type'] != 'f') { return; } $forumpermissions = forum_permissions($fid); if ($forumpermissions['canview'] == 0) { return; } if ($current_page == 'newthread.php' && $forumpermissions['canpostthreads'] == 0) { return; } elseif ($current_page == 'editpost.php') { if (!is_moderator($fid, 'caneditposts')) { if ($thread['closed'] == 1 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $thread['uid']) { return; } if ($mybb->settings['edittimelimit'] != 0 && $thread['dateline'] < TIME_NOW - $mybb->settings['edittimelimit'] * 60) { return; } } } if (!verify_post_check($mybb->input['my_post_key'], true)) { return; } check_forum_password($forum['fid']); xthreads_upload_attachments(); }
static function reportShout($postdata) { global $mybb, $db; if (verify_post_check($postdata['key'])) { if (self::access_shout()) { $id = $db->escape_string($postdata['id']); $getPost = $db->write_query("SELECT id FROM " . TABLE_PREFIX . "dvz_shoutbox WHERE id = '{$id}'"); if ($getPost->num_rows === 1) { //Store report $data = array('shid' => $db->escape_string($postdata['id']), 'uid' => $db->escape_string($mybb->user['uid']), 'reason' => $db->escape_string($postdata['reason']), 'date' => time(), 'ip' => $db->escape_string(get_ip())); $insert = $db->insert_query('dvz_reports', $data); if ($insert) { return true; } return false; } return false; } return false; } }
// make sure wen're trying to send a donation to ourselves $uid = intval($mybb->input['uid']); $user = get_user($uid); if ($user['username'] != "") { $user['username'] = htmlspecialchars_uni($user['username']); } else { $user['username'] = ''; } if ($uid == $mybb->user['uid'] || $user['username'] == $mybb->user['username']) { error($lang->newpoints_cant_donate_self); } eval("\$page = \"" . $templates->get('newpoints_donate') . "\";"); $plugins->run_hooks("newpoints_donate_end"); output_page($page); } elseif ($mybb->input['action'] == 'do_donate') { verify_post_check($mybb->input['postcode']); if ($mybb->settings['newpoints_main_donationsenabled'] != 1) { error($lang->newpoints_donations_disabled); } $plugins->run_hooks("newpoints_do_donate_start"); // make sure we're not trying to send a donation to ourselves $username = trim($mybb->input['username']); if ($username == $mybb->user['username']) { error($lang->newpoints_cant_donate_self); } $amount = round(floatval($mybb->input['amount']), (int) $mybb->settings['newpoints_main_decimal']); // do we have enough points? if ($amount <= 0 || $amount > $mybb->user['newpoints']) { error($lang->newpoints_invalid_amount); } // make sure we're sending points to a valid user
function akismet_moderation_start() { global $mybb, $db, $akismet, $lang, $cache, $fid, $pid; if (!$mybb->settings['akismetswitch'] || $mybb->input['action'] != 'mark_as_spam') { return; } $lang->load("akismet", false, true); if (!$mybb->input['pid']) { error("No Post ID specified."); } $pid = intval($mybb->input['pid']); if (!$mybb->input['fid']) { error("No Forum ID specified."); } $fid = intval($mybb->input['fid']); if (!is_moderator($fid)) { error("No Permissions to do this action."); } $query = $db->query("\r\n\t\tSELECT p.uid, p.username, u.email, u.website, u.akismetstopped, p.message, p.ipaddress, p.tid, p.replyto, p.fid, f.usepostcounts\r\n\t\tFROM " . TABLE_PREFIX . "posts p\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=p.uid)\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "forums f ON (f.fid=p.fid)\r\n\t\tWHERE p.pid = '{$pid}'\r\n\t"); $post = $db->fetch_array($query); if (!$post) { error("Invalid Post ID."); } if (!$mybb->input['my_post_key'] || $mybb->request_method != "post") { akismet_show_confirm_page(); } verify_post_check($mybb->input['my_post_key']); $akismet_array = array('type' => 'post', 'username' => $post['username'], 'email' => $post['email'], 'website' => $post['website'], 'message' => $post['message'], 'user_ip' => $post['ipaddress']); if ($post['replyto'] == 0) { $db->update_query("threads", array('visible' => '-4'), "tid = '{$post['tid']}'"); $db->update_query("posts", array('visible' => '-4'), "tid = '{$post['tid']}'"); $snippit = "thread"; } else { $db->update_query("posts", array('visible' => '-4'), "pid = '{$pid}'"); $snippit = "post"; } if (!$akismet) { $akismet = new Akismet($mybb->settings['bburl'], $mybb->settings['akismetapikey'], $akismet_array); } $akismet->submit_spam(); $numakismetthread = $numakismetpost = 0; if ($snippit == "thread") { $query = $db->query("\r\n\t\t\tSELECT p.uid, u.usergroup\r\n\t\t\tFROM " . TABLE_PREFIX . "posts p\r\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=p.uid)\r\n\t\t\tWHERE p.tid = '{$post['tid']}'\r\n\t\t"); while ($post2 = $db->fetch_array($query)) { ++$numakismetpost; if ($post['usepostcounts'] != 0) { $db->write_query("UPDATE " . TABLE_PREFIX . "users SET postnum=postnum-1 WHERE uid = '{$post2['uid']}'"); } if ($mybb->settings['akismetuidsignore']) { $akismet_uids_ignore = explode(',', $mybb->settings['akismetuidsignore']); if (in_array($post2['usergroup'], $akismet_uids_ignore) || is_super_admin($post2['uid'])) { continue; } } if (is_super_admin($post2['uid'])) { continue; } $db->write_query("UPDATE " . TABLE_PREFIX . "users SET akismetstopped=akismetstopped+1 WHERE uid = '{$post2['uid']}'"); $query1 = $db->simple_select("users", "akismetstopped", "uid = '{$post2['uid']}'"); $akismetstopped = $db->fetch_field($query1, 'akismetstopped'); // Check if the person should be banned if ($mybb->settings['akismetnumtillban'] > 0 && $akismetstopped >= $mybb->settings['akismetnumtillban']) { $banned_user = array("uid" => $post2['uid'], "admin" => 0, "gid" => 7, "oldgroup" => $post2['usergroup'], "dateline" => TIME_NOW, "bantime" => 'perm', "lifted" => 'perm', "reason" => "Automatically banned by the Akismet system for spamming.", "oldadditionalgroups" => ''); $db->insert_query("banned", $banned_user); $db->update_query("users", array('usergroup' => 7), "uid = '{$post2['uid']}'"); $cache->update_moderators(); } } ++$numakismetthread; } else { $db->write_query("UPDATE " . TABLE_PREFIX . "users SET akismetstopped=akismetstopped+1 WHERE uid = '{$post['uid']}'"); $query = $db->simple_select("users", "akismetstopped, usergroup", "uid = '{$post['uid']}'"); $akismetstopped = $db->fetch_field($query, 'akismetstopped'); $usergroup = $db->fetch_field($query, 'usergroup'); if ($mybb->settings['akismetuidsignore']) { $akismet_uids_ignore = explode(',', $mybb->settings['akismetuidsignore']); if (in_array($usergroup, $akismet_uids_ignore)) { continue; } } if (is_super_admin($post['uid'])) { continue; } // Check if the person should be banned if ($mybb->settings['akismetnumtillban'] > 0 && $akismetstopped >= $mybb->settings['akismetnumtillban']) { $banned_user = array("uid" => $post['uid'], "admin" => 0, "gid" => 7, "oldgroup" => $usergroup, "dateline" => TIME_NOW, "bantime" => 'perm', "lifted" => 'perm', "reason" => "Automatically banned by the Akismet system for spamming.", "oldadditionalgroups" => ''); $db->insert_query("banned", $banned_user); $db->update_query("users", array('usergroup' => 7), "uid = '{$post['uid']}'"); $cache->update_moderators(); } ++$numakismetpost; if ($post['usepostcounts'] != 0) { $db->write_query("UPDATE " . TABLE_PREFIX . "users SET postnum=postnum-1 WHERE uid = '{$post['uid']}'"); } } update_thread_counters($post['tid'], array('replies' => '-' . $numakismetpost)); update_forum_counters($post['fid'], array('threads' => '-' . $numakismetthread, 'posts' => '-' . $numakismetpost)); if ($snippit == "thread") { redirect(get_forum_link($post['fid']), $lang->thread_spam_success); } else { redirect(get_thread_link($post['tid']), $lang->post_spam_success); } }
if ($mybb->input['pinned'] != 0) { $pinned = 1; } if (!isset($mybb->input['usergroup']) || empty($mybb->input['usergroup']) || in_array('*', $mybb->input['usergroup'])) { $mybb->input['usergroup'] = '*'; } else { $mybb->input['usergroup'] = implode(',', array_map('intval', $mybb->input['usergroup'])); } $inserts = array('announcement' => $db->escape_string(htmlentities($mybb->input['announcement'])), 'class' => $class, 'link' => $url, 'pinned' => $pinned, 'date' => time(), 'disporder' => (int) $mybb->input['disporder'], 'groups' => $db->escape_string($mybb->input['usergroup'])); $db->insert_query('bam', $inserts); flash_message($lang->bam_add_success, 'success'); admin_redirect('index.php?module=config-bam'); } if ($mybb->input['action'] == 'delete' && $mybb->request_method == "get") { // process delete announcement $key = verify_post_check($mybb->input['my_post_key'], true); if ($key == false) { flash_message($lang->bam_invalid_post_code, 'error'); admin_redirect("index.php?module=config-bam"); } $PID = (int) $mybb->input['id']; if ($PID == null) { // no announcement was defined. flash_message($lang->bam_delete_error, 'error'); admin_redirect('index.php?module=config-bam'); } $query = $db->simple_select('bam', '*', "PID='{$PID}'"); $querydata = $db->fetch_array($query); if (!$querydata['PID']) { // The announcement was defined, but did not exist. flash_message($lang->bam_delete_error, 'error');
} // Check if the username is actually already in use $user = get_user_by_username($username); $plugins->run_hooks("xmlhttp_username_availability"); if ($user['uid']) { $lang->username_taken = $lang->sprintf($lang->username_taken, htmlspecialchars_uni($username)); echo json_encode($lang->username_taken); exit; } else { //$lang->username_available = $lang->sprintf($lang->username_available, htmlspecialchars_uni($username)); echo json_encode("true"); exit; } } else { if ($mybb->input['action'] == "username_exists") { if (!verify_post_check($mybb->get_input('my_post_key'), true)) { xmlhttp_error($lang->invalid_post_code); } require_once MYBB_ROOT . "inc/functions_user.php"; $username = $mybb->get_input('value'); header("Content-type: application/json; charset={$charset}"); if (!trim($username)) { echo json_encode(array("success" => 1)); exit; } // Check if the username actually exists $user = get_user_by_username($username); $plugins->run_hooks("xmlhttp_username_exists"); if ($user['uid']) { $lang->valid_username = $lang->sprintf($lang->valid_username, htmlspecialchars_uni($username)); echo json_encode(array("success" => $lang->valid_username));
/** * Delete all alerts. * * @param MyBB $mybb MyBB core object. * @param DB_MySQL|DB_MySQLi $db database object. * @param MyLanguage $lang MyBB language system. */ function myalerts_delete_all_alerts($mybb, $db, $lang) { verify_post_check($mybb->get_input('my_post_key')); $userId = (int) $mybb->user['uid']; $db->delete_query('alerts', "uid = {$userId}"); if (($retLink = $mybb->get_input('ret_link', MyBB::INPUT_STRING)) !== '') { redirect($retLink, $lang->myalerts_delete_all, $lang->myalerts_delete_mass_deleted); } else { redirect('alerts.php?action=alerts', $lang->myalerts_delete_all, $lang->myalerts_delete_mass_deleted); } }