public function profile($id, $action) { $this->view = 'user/profile/view'; \CODOF\Store::set('meta:robots', 'noindex, follow'); if ($id == null) { $id = 0; } if ($action == null) { $action = 'view'; } $profile = new \CODOF\User\Profile(); $uid = $profile->get_uid($id); $currUser = \CODOF\User\User::get(); if (!$currUser->can('view user profiles') && $uid != $currUser->id) { //if current user cannot view user profiles and if he is trying //to view a profile that is not his, we need to deny him permission $action = 'deny'; } $user = \CODOF\User\User::getByIdOrUsername($uid, $uid); if ($user) { $user->avatar = $user->getAvatar(); //pass user object to template $this->smarty->assign('user', $user); $this->smarty->assign('rname', \CODOF\User\User::getRoleName($user->rid)); \CODOF\Store::set('sub_title', $user->username); $can_edit = $this->can_edit_profile($uid); if ($action == 'edit' && $can_edit) { $this->view = 'user/profile/edit'; $this->css_files = array('profile_edit'); $this->js_files = array(array(DATA_PATH . 'assets/js/user/profile/edit.js', array('type' => 'defer')), array('bootstrap-slider.js', array('type' => 'defer'))); $subscriber = new \CODOF\Forum\Notification\Subscriber(); $categories = $subscriber->getCategorySubscriptions($uid); $topics = $subscriber->getTopicSubscriptions($uid); $this->smarty->assign('categories', $categories); $this->smarty->assign('topics', $topics); $this->smarty->assign('signature_char_lim', \CODOF\Util::get_opt('signature_char_lim')); } else { if ($action == 'view') { $this->view = 'user/profile/view'; if ($uid != $currUser->id) { $user->incProfileViews(); } $this->smarty->assign('user_not_confirmed', $uid == $currUser->id && !$user->isConfirmed()); $reg_req_admin = \CODOF\Util::get_opt('reg_req_admin') == 'yes'; $this->smarty->assign('user_not_approved', $uid == $currUser->id && (int) $user->rid == ROLE_UNVERIFIED && $reg_req_admin); $this->smarty->assign('can_edit', $can_edit); $this->css_files = array('profile_view'); $this->js_files = array(array(DATA_PATH . 'assets/js/user/profile/view.js', array('type' => 'defer'))); \CODOF\Hook::call('before_profile_view', $user); } else { $this->view = 'access_denied'; } } } else { $this->view = 'not_found'; } }
public function create() { //hacking attempt if ($_POST['end_of_line'] != "") { exit; } if (isset($_POST['title']) && isset($_POST['cat']) && isset($_POST['imesg']) && isset($_POST['omesg'])) { $catid = (int) $_POST['cat']; $category = new \CODOF\Forum\Category($this->db); if (!$category->exists($catid) || !$category->canCreateTopicIn($catid)) { exit(_t("No such category exists!")); } $post = new \CODOF\Forum\Post($this->db); $topic = new \CODOF\Forum\Topic($this->db); $notifier = new \CODOF\Forum\Notification\Notifier(); $subscriber = new \CODOF\Forum\Notification\Subscriber(); $title = \CODOF\Format::title($_POST['title']); $filter = new \CODOF\SpamFilter(); $needsModeration = false; $sticky = $_POST['sticky'] === "true" ? 'yes' : 'no'; $frontpage = $_POST['frontpage'] === "true" ? 'yes' : 'no'; if ($filter->isSpam($_POST['imesg'])) { $needsModeration = true; } $user = \CODOF\User\User::get(); if ($sticky == 'yes' && $user->can('make sticky')) { if ($frontpage == 'yes') { $tid = $topic->ins_topic($catid, $title, $needsModeration, \CODOF\Forum\Forum::STICKY); } else { $tid = $topic->ins_topic($catid, $title, $needsModeration, \CODOF\Forum\Forum::STICKY_ONLY_CATEGORY); } } else { $tid = $topic->ins_topic($catid, $title, $needsModeration, \CODOF\Forum\Forum::APPROVED); } $pid = $post->ins_post($catid, $tid, $_POST['imesg'], $_POST['omesg']); $topic->link_topic_post($pid, $tid); //get any @mentions from the topic post $mentions = $subscriber->getMentions($_POST['imesg']); //get userids from mentions that actually exists in the database $ids = $subscriber->getIdsThatExisits($mentions); //subscribe self to topic as a Subscriber::NOTIFIED $subscriber->toTopic($catid, $tid, \CODOF\Forum\Notification\Subscriber::$NOTIFIED); //if post was inserted successfully if ($pid) { $topicData = array("label" => 'New topic', "cid" => $catid, "tid" => $tid, "tuid" => $user->id, "pid" => $pid, "mentions" => $ids, "message" => \CODOF\Util::start_cut(\CODOF\Format::imessage($_POST['imesg']), 120), "notification" => "%actor% created <b>%title%</b>", "bindings" => array("title" => \CODOF\Util::start_cut($title, 100))); $notifier->queueNotify('new_topic', $topicData); //$notifier->dequeueNotify(); \CODOF\Hook::call('after_topic_insert', $topicData); } //insert tags if any present in the topic if (isset($_POST['tags']) && $user->can('add tags')) { //the method does the filtering $topic->insertTags($tid, $_POST['tags']); } echo json_encode(array('tid' => $tid)); } }
public function topic($tid, $page) { $topic = new \CODOF\Forum\Topic($this->db); $post = new \CODOF\Forum\Post($this->db); $topic_info = $topic->get_topic_info($tid); if ($topic_info['topic_status'] == \CODOF\Forum\Forum::MERGED_REDIRECT_ONLY) { $tid = $topic_info['redirect_to']; $topic_info = $topic->get_topic_info($tid); } if ($topic_info['topic_status'] == \CODOF\Forum\Forum::MODERATION_BY_FILTER) { $topic_is_spam = true; } else { $topic_is_spam = false; } $this->smarty->assign('topic_is_spam', $topic_is_spam); $user = \CODOF\User\User::get(); if ($topic_is_spam) { if (!($user->can('moderate topics') || $user->id == $topic_info['uid'])) { $this->view = 'access_denied'; return false; } } if (!$topic->canViewTopic($topic_info['uid'], $topic_info['cat_id'], $topic_info['topic_id'])) { //\CODOF\Hook::call('page not found', array('type' => 'topic', 'id' => $tid)); \CODOF\Store::set('sub_title', _t('Access denied')); $this->view = 'access_denied'; return; } $tracker = new \CODOF\Forum\Tracker($this->db); $tracker->mark_topic_as_read($topic_info['cat_id'], $tid); if (!$topic_info) { $this->view = 'not_found'; } else { $posts_per_page = \CODOF\Util::get_opt("num_posts_per_topic"); if (strpos($page, "post-") !== FALSE) { $pid = (int) str_replace("post-", "", $page); $prev_posts = $post->get_num_prev_posts($tid, $pid); $from = floor($prev_posts / $posts_per_page); } else { $from = (int) $page - 1; } $topic_info['no_replies'] = $topic_info['no_posts'] - 1; $name = \CODOF\Filter::URL_safe($topic_info['title']); $subscriber = new \CODOF\Forum\Notification\Subscriber(); $this->smarty->assign('no_followers', $subscriber->followersOfTopic($topic_info['topic_id'])); if (\CODOF\User\CurrentUser\CurrentUser::loggedIn()) { $this->smarty->assign('my_subscription_type', $subscriber->levelForTopic($topic_info['topic_id'])); } $this->smarty->assign('tags', $topic->getTags($topic_info['topic_id'])); $api = new Ajax\forum\topic(); $posts_data = $api->get_posts($tid, $from, $topic_info); $num_pages = $posts_data['num_pages']; $posts = $posts_data['posts']; $posts_tpl = \CODOF\HB\Render::tpl('forum/topic', $posts_data); $this->smarty->assign('posts', $posts_tpl); $this->smarty->assign('topic_info', $topic_info); $this->smarty->assign('title', htmlentities($topic_info['title'], ENT_QUOTES, "UTF-8")); $search_data = array(); if (isset($_GET['str'])) { $search_data = array('str' => strip_tags($_GET['str'])); } $this->smarty->assign('search_data', json_encode($search_data)); $url = 'topic/' . $topic_info['topic_id'] . '/' . $name . '/'; $this->smarty->assign('pagination', $post->paginate($num_pages, $from + 1, $url, false, $search_data)); if (ceil(($topic_info['no_posts'] + 1) / $posts_per_page) > $num_pages) { //next reply will go to next page $this->smarty->assign('new_page', 'yes'); } else { $this->smarty->assign('new_page', 'nope'); } $cat = new \CODOF\Forum\Category($this->db); $cats = $cat->get_categories(); $cid = $topic_info['cat_id']; $parents = $cat->find_parents($cats, $cid); array_push($parents, array("name" => $topic_info['cat_name'], "alias" => $topic_info['cat_alias'])); $this->smarty->assign('can_search', $user->can('use search')); $this->smarty->assign('parents', $parents); $this->smarty->assign('num_pages', $num_pages); $this->smarty->assign('curr_page', $from + 1); //starts from 1 $this->smarty->assign('url', RURI . $url); $this->assign_editor_vars(); $tuid = $topic_info['uid']; $this->assign_admin_vars($tuid); $this->css_files = array('topic', 'editor', 'jquery.textcomplete'); $arr = array(array('topic/topic.js', array('type' => 'defer')), array('modal.js', array('type' => 'defer')), array('bootstrap-slider.js', array('type' => 'defer'))); $this->js_files = array_merge($arr, $post->get_js_editor_files()); \CODOF\Hook::call('on_topic_view', array($topic_info)); $this->view = 'forum/topic'; \CODOF\Store::set('sub_title', $topic_info['title']); \CODOF\Store::set('og:type', 'article'); \CODOF\Store::set('og:title', $topic_info['title']); \CODOF\Store::set('og:url', RURI . $url); $mesg = $posts[0]['imessage']; \CODOF\Store::set('og:desc', strlen($mesg) > 200 ? substr($mesg, 0, 197) . "..." : $mesg); if ($from > 0) { //previous page exists \CODOF\Store::set('rel:prev', RURI . $url . $from); } $curr_page = $from + 1; if ($curr_page < $num_pages) { //next page exists \CODOF\Store::set('rel:next', RURI . $url . ($curr_page + 1)); } \CODOF\Store::set('article:published', date('c', $topic_info['topic_created'])); if ($topic_info['topic_updated'] > 0) { \CODOF\Store::set('article:modified', date('c', $topic_info['topic_updated'])); } } }
//exit; }); dispatch_get('Ajax/digest', function () { if (Request::valid($_GET['token']) && \CODOF\User\CurrentUser\CurrentUser::loggedIn()) { $digest = new \CODOF\Forum\Notification\Digest\Digest(); $ion = $digest->fetch(); echo json_encode($ion); } //exit; }); Request::get('Ajax/subscribe/:cid/:level', function ($cid, $level) { $subscribe = new CODOF\Forum\Notification\Subscriber(); $subscribe->toCategory($cid, $level); }); Request::get('Ajax/subscribe/:cid/:tid/:level', function ($cid, $tid, $level) { $subscribe = new CODOF\Forum\Notification\Subscriber(); $subscribe->toTopic($cid, $tid, $level); }); Request::get('Ajax/mentions/validate', function () { $mentioner = new CODOF\Forum\Notification\Mention(); $_mentions = $_GET['mentions']; return $mentioner->getValid($_mentions); }); Request::get('Ajax/mentions/mentionable/:cid', function ($cid) { $mentioner = new CODOF\Forum\Notification\Mention(); return $mentioner->getNotMentionable($cid); }); Request::get('Ajax/mentions/:q/:cid/:tid', function ($q, $cid = 0, $tid = 0) { $mentioner = new CODOF\Forum\Notification\Mention(); return $mentioner->find($q, $cid, $tid); });