/**
* Run some validation tests, rules vs valid and invalid data
*/
public function testValidation()
{
// These should all fail
$validation = new Data_Validator();
$validation->validation_rules($this->rules);
$validation->sanitation_rules(array('min_len_csv' => 'trim'));
$validation->input_processing(array('min_len_csv' => 'csv', 'min_len_array' => 'array'));
$validation->validate($this->invalid_data);
foreach ($this->invalid_data as $key => $value) {
$test = $validation->validation_errors($key);
$value = is_array($value) ? implode(' | ', $value) : $value;
$this->assertNotNull($validation->validation_errors($key), 'Test: ' . $test[0] . ' passed data: ' . $value . ' but it should have failed');
}
// These should all pass
$validation = new Data_Validator();
$validation->validation_rules($this->rules);
$validation->input_processing(array('min_len_csv' => 'csv', 'min_len_array' => 'array'));
$validation->validate($this->valid_data);
foreach ($this->valid_data as $key => $value) {
$test = $validation->validation_errors($key);
$value = is_array($value) ? implode(' | ', $value) : $value;
$this->assertNull($validation->validation_errors($key), 'Test: ' . $test[0] . ' failed data: ' . $value . ' but it should have passed');
}
}
/**
* When the input field is an array or csv, this will build a new validator
* as if the fields were individual ones, each checked against the base rule
*
* @param mixed[] $input
* @param string $field
* @param string $rules
*/
private function _sanitize_recursive($input, $field, $rules)
{
// create a new instance to run against this sub data
$validator = new Data_Validator();
$fields = array();
$sanitation_rules = array();
if ($this->_datatype[$field] === 'array') {
// Convert the array to individual values, they all use the same rules
foreach ($input[$field] as $key => $value) {
$sanitation_rules[$key] = $rules;
$fields[$key] = $value;
}
// Sanitize each "new" field
$validator->sanitation_rules($sanitation_rules);
$validator->validate($fields);
// Take the individual results and replace them in the original array
$input[$field] = array_replace($input[$field], $validator->validation_data());
} elseif ($this->_datatype[$field] === 'csv') {
// Break up the CSV data so we have an array
$temp = explode(',', $input[$field]);
foreach ($temp as $key => $value) {
$sanitation_rules[$key] = $rules;
$fields[$key] = $value;
}
// Sanitize each "new" field
$validator->sanitation_rules($sanitation_rules);
$validator->validate($fields);
// Put it back together with clean data
$input[$field] = implode(',', $validator->validation_data());
}
return $input[$field];
}
<?php
namespace validator;
include_once "../bootstrap.php";
include_once "banco.php";
include_once "DataValidator.php";
$inscritos = numeroRegistros("workshops", "id", "workshop = '" . addslashes(utf8_decode($_POST['workshop'])) . "'");
$errors = 0;
if ($inscritos < 23) {
$validate = new Data_Validator();
$validate->set("email", $_POST['email'])->is_email()->set("nome", $_POST['nome'])->is_required()->min_length(5, true);
$existe = ver("workshops", "id", "email ='" . addslashes(utf8_decode($_POST['email'])) . "' and workshop = '" . addslashes(utf8_decode($_POST['workshop'])) . "'");
if (!$existe) {
/*$faltou = ver("workshops", "presente", "email ='".addslashes(utf8_decode($_POST['email']))."' and workshop = 'JS101' and presente=0");
if(!$faltou){*/
$errors = $validate->get_errors_html();
if ($validate->validate()) {
$dados['workshop'] = addslashes(utf8_decode($_POST['workshop']));
$dados['email'] = addslashes(utf8_decode($_POST['email']));
$dados['nome'] = addslashes(utf8_decode($_POST['nome']));
$dados['presente'] = 0;
inserir("workshops", $dados);
}
//}else $errors = "<p>Você se inscreveu para o primeiro e não compareceu, infelizmente não é possível se inscrever agora, mas você pode tentar novamente amanhã(9/10).</p>";
} else {
$errors = "<p>Email já cadastrado!</p>";
}
} else {
$errors = "<p>Todas as vagas já foram preenchidas, mas não se preocupe daqui a pouco vai ter outro :)</p>";
/**
* Validate an email address.
*
* @param string $email
* @param int $memID = 0
*/
function profileValidateEmail($email, $memID = 0)
{
$db = database();
// Check the name and email for validity.
require_once SUBSDIR . '/DataValidator.class.php';
$check['email'] = strtr($email, array(''' => '\''));
if (Data_Validator::is_valid($check, array('email' => 'valid_email|required'), array('email' => 'trim'))) {
$email = $check['email'];
} else {
return empty($check['email']) ? 'no_email' : 'bad_email';
}
// Email addresses should be and stay unique.
$request = $db->query('', '
SELECT id_member
FROM {db_prefix}members
WHERE ' . ($memID != 0 ? 'id_member != {int:selected_member} AND ' : '') . '
email_address = {string:email_address}
LIMIT 1', array('selected_member' => $memID, 'email_address' => $email));
$num = $db->num_rows($request);
$db->free_result($request);
return $num > 0 ? 'email_taken' : true;
}
/**
* Set any setting related to paid subscriptions,
*
* - i.e. modify which payment methods are to be used.
* - It requires the moderate_forum permission
* - Accessed from ?action=admin;area=paidsubscribe;sa=settings.
*/
public function action_paidSettings_display()
{
global $context, $txt, $scripturl;
require_once SUBSDIR . '/PaidSubscriptions.subs.php';
// Initialize the form
$this->_init_paidSettingsForm();
$config_vars = $this->_paidSettings->settings();
// Now load all the other gateway settings.
$gateways = loadPaymentGateways();
foreach ($gateways as $gateway) {
$gatewayClass = new $gateway['display_class']();
$setting_data = $gatewayClass->getGatewaySettings();
if (!empty($setting_data)) {
$config_vars[] = array('title', $gatewayClass->title, 'text_label' => isset($txt['paidsubs_gateway_title_' . $gatewayClass->title]) ? $txt['paidsubs_gateway_title_' . $gatewayClass->title] : $gatewayClass->title);
$config_vars = array_merge($config_vars, $setting_data);
}
}
// Some important context stuff
$context['page_title'] = $txt['settings'];
$context['sub_template'] = 'show_settings';
$context['settings_message'] = replaceBasicActionUrl($txt['paid_note']);
$context[$context['admin_menu_name']]['current_subsection'] = 'settings';
// Get the final touches in place.
$context['post_url'] = $scripturl . '?action=admin;area=paidsubscribe;save;sa=settings';
$context['settings_title'] = $txt['settings'];
// We want javascript for our currency options.
addInlineJavascript('
toggleCurrencyOther();', true);
// Saving the settings?
if (isset($_GET['save'])) {
checkSession();
call_integration_hook('integrate_save_subscription_settings');
// Check that the entered email addresses are valid
if (!empty($_POST['paid_email_to'])) {
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
// Some cleaning and some rules
$validator->sanitation_rules(array('paid_email_to' => 'trim'));
$validator->validation_rules(array('paid_email_to' => 'valid_email'));
$validator->input_processing(array('paid_email_to' => 'csv'));
$validator->text_replacements(array('paid_email_to' => $txt['paid_email_to']));
if ($validator->validate($_POST)) {
$_POST['paid_email_to'] = $validator->paid_email_to;
} else {
// Thats not an email, lets set it back in the form to be fixed and let them know its wrong
$config_vars[1]['value'] = $_POST['paid_email_to'];
$context['error_type'] = 'minor';
$context['settings_message'] = array();
foreach ($validator->validation_errors() as $id => $error) {
$context['settings_message'][] = $error;
}
}
}
// No errors, then save away
if (empty($context['error_type'])) {
// Sort out the currency stuff.
if ($_POST['paid_currency'] != 'other') {
$_POST['paid_currency_code'] = $_POST['paid_currency'];
$_POST['paid_currency_symbol'] = $txt[$_POST['paid_currency'] . '_symbol'];
}
$_POST['paid_currency_code'] = trim($_POST['paid_currency_code']);
unset($config_vars['dummy_currency']);
Settings_Form::save_db($config_vars);
redirectexit('action=admin;area=paidsubscribe;sa=settings');
}
}
// Prepare the settings...
Settings_Form::prepare_db($config_vars);
}
/**
* Adding or editing a block.
*/
public function action_sportal_admin_block_edit()
{
global $txt, $context, $modSettings, $boards;
// Just in case, the admin could be doing something silly like editing a SP block while SP is disabled. ;)
require_once SUBSDIR . '/PortalBlocks.subs.php';
$context['SPortal']['is_new'] = empty($_REQUEST['block_id']);
// BBC Fix move the parameter to the correct position.
if (!empty($_POST['bbc_name'])) {
$_POST['parameters'][$_POST['bbc_name']] = !empty($_POST[$_POST['bbc_parameter']]) ? $_POST[$_POST['bbc_parameter']] : '';
// If we came from WYSIWYG then turn it back into BBC regardless.
if (!empty($_REQUEST['bbc_' . $_POST['bbc_name'] . '_mode']) && isset($_POST['parameters'][$_POST['bbc_name']])) {
require_once SUBSDIR . 'Html2BBC.class.php';
$bbc_converter = new Convert_BBC($_POST['parameters'][$_POST['bbc_name']]);
$_POST['parameters'][$_POST['bbc_name']] = $bbc_converter->get_bbc();
// We need to unhtml it now as it gets done shortly.
$_POST['parameters'][$_POST['bbc_name']] = un_htmlspecialchars($_POST['parameters'][$_POST['bbc_name']]);
}
}
// Passing the selected type via $_GET instead of $_POST?
$start_parameters = array();
if (!empty($_GET['selected_type']) && empty($_POST['selected_type'])) {
$_POST['selected_type'] = array($_GET['selected_type']);
if (!empty($_GET['parameters'])) {
foreach ($_GET['parameters'] as $param) {
if (isset($_GET[$param])) {
$start_parameters[$param] = $_GET[$param];
}
}
}
}
// Want use a block on the portal?
if ($context['SPortal']['is_new'] && empty($_POST['selected_type']) && empty($_POST['add_block'])) {
// Gather the blocks we have available
$context['SPortal']['block_types'] = getFunctionInfo();
// Create a list of the blocks in use
$in_use = getBlockInfo();
foreach ($in_use as $block) {
$context['SPortal']['block_inuse'][$block['type']] = array('state' => $block['state'], 'column' => $block['column']);
}
$context['location'] = array(1 => $txt['sp-positionLeft'], $txt['sp-positionTop'], $txt['sp-positionBottom'], $txt['sp-positionRight'], $txt['sp-positionHeader'], $txt['sp-positionFooter']);
if (!empty($_REQUEST['col'])) {
$context['SPortal']['block']['column'] = $_REQUEST['col'];
}
$context['sub_template'] = 'block_select_type';
$context['page_title'] = $txt['sp-blocksAdd'];
} elseif ($context['SPortal']['is_new'] && !empty($_POST['selected_type'])) {
$context['SPortal']['block'] = array('id' => 0, 'label' => $txt['sp-blocksDefaultLabel'], 'type' => $_POST['selected_type'][0], 'type_text' => !empty($txt['sp_function_' . $_POST['selected_type'][0] . '_label']) ? $txt['sp_function_' . $_POST['selected_type'][0] . '_label'] : $txt['sp_function_unknown_label'], 'column' => !empty($_POST['block_column']) ? $_POST['block_column'] : 0, 'row' => 0, 'permissions' => 3, 'state' => 1, 'force_view' => 0, 'mobile_view' => 0, 'display' => '', 'display_custom' => '', 'style' => '', 'parameters' => !empty($start_parameters) ? $start_parameters : array(), 'options' => $_POST['selected_type'][0](array(), false, true), 'list_blocks' => !empty($_POST['block_column']) ? getBlockInfo($_POST['block_column']) : array());
} elseif (!$context['SPortal']['is_new'] && empty($_POST['add_block'])) {
$_REQUEST['block_id'] = (int) $_REQUEST['block_id'];
$context['SPortal']['block'] = current(getBlockInfo(null, $_REQUEST['block_id']));
$context['SPortal']['block'] += array('options' => $context['SPortal']['block']['type'](array(), false, true), 'list_blocks' => getBlockInfo($context['SPortal']['block']['column']));
}
// Want to take a look at how this block will appear, well we try our best
if (!empty($_POST['preview_block']) || isset($_SESSION['sp_error'])) {
// An error was generated on save, lets set things up like a preview and return to the preview
if (isset($_SESSION['sp_error'])) {
$context['SPortal']['error'] = $_SESSION['sp_error'];
$_POST = $_SESSION['sp_error_post'];
$_POST['preview_block'] = true;
// Clean up
unset($_SESSION['sp_error'], $_SESSION['sp_error_post'], $_POST['add_block']);
}
// Just in case, the admin could be doing something silly like editing a SP block while SP is disabled. ;)
require_once BOARDDIR . '/SSI.php';
sportal_init_headers();
loadTemplate('Portal');
$type_parameters = $_POST['block_type'](array(), 0, true);
if (!empty($_POST['parameters']) && is_array($_POST['parameters']) && !empty($type_parameters)) {
foreach ($type_parameters as $name => $type) {
if (isset($_POST['parameters'][$name])) {
$this->_prepare_parameters($type, $name);
}
}
} else {
$_POST['parameters'] = array();
}
// Simple is clean
if (empty($_POST['display_advanced'])) {
if (!empty($_POST['display_simple']) && in_array($_POST['display_simple'], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages'))) {
$display = $_POST['display_simple'];
} else {
$display = '';
}
$custom = '';
} else {
$display = array();
$custom = array();
if (!empty($_POST['display_actions'])) {
foreach ($_POST['display_actions'] as $action) {
$display[] = Util::htmlspecialchars($action, ENT_QUOTES);
}
}
if (!empty($_POST['display_boards'])) {
foreach ($_POST['display_boards'] as $board) {
$display[] = 'b' . (int) substr($board, 1);
}
}
if (!empty($_POST['display_pages'])) {
foreach ($_POST['display_pages'] as $page) {
$display[] = 'p' . (int) substr($page, 1);
}
}
if (!empty($_POST['display_custom'])) {
$temp = explode(',', $_POST['display_custom']);
foreach ($temp as $action) {
$custom[] = Util::htmlspecialchars(Util::htmltrim($action), ENT_QUOTES);
}
}
$display = empty($display) ? '' : implode(',', $display);
$custom = empty($custom) ? '' : implode(',', $custom);
}
// Create all the information we know about this block
$context['SPortal']['block'] = array('id' => $_POST['block_id'], 'label' => Util::htmlspecialchars($_POST['block_name'], ENT_QUOTES), 'type' => $_POST['block_type'], 'type_text' => !empty($txt['sp_function_' . $_POST['block_type'] . '_label']) ? $txt['sp_function_' . $_POST['block_type'] . '_label'] : $txt['sp_function_unknown_label'], 'column' => $_POST['block_column'], 'row' => !empty($_POST['block_row']) ? $_POST['block_row'] : 0, 'placement' => !empty($_POST['placement']) && in_array($_POST['placement'], array('before', 'after')) ? $_POST['placement'] : '', 'permissions' => $_POST['permissions'], 'state' => !empty($_POST['block_active']), 'force_view' => !empty($_POST['block_force']), 'mobile_view' => !empty($_POST['block_mobile']), 'display' => $display, 'display_custom' => $custom, 'style' => sportal_parse_style('implode'), 'parameters' => !empty($_POST['parameters']) ? $_POST['parameters'] : array(), 'options' => $_POST['block_type'](array(), false, true), 'list_blocks' => getBlockInfo($_POST['block_column']), 'collapsed' => false);
if (strpos($modSettings['leftwidth'], '%') !== false || strpos($modSettings['leftwidth'], 'px') !== false) {
$context['widths'][1] = $modSettings['leftwidth'];
} else {
$context['widths'][1] = $modSettings['leftwidth'] . 'px';
}
if (strpos($modSettings['rightwidth'], '%') !== false || strpos($modSettings['rightwidth'], 'px') !== false) {
$context['widths'][4] = $modSettings['rightwidth'];
} else {
$context['widths'][4] = $modSettings['rightwidth'] . 'px';
}
if (strpos($context['widths'][1], '%') !== false) {
$context['widths'][2] = $context['widths'][3] = 100 - ($context['widths'][1] + $context['widths'][4]) . '%';
$context['widths'][5] = $context['widths'][6] = '100%';
} elseif (strpos($context['widths'][1], 'px') !== false) {
$context['widths'][2] = $context['widths'][3] = 960 - ($context['widths'][1] + $context['widths'][4]) . 'px';
$context['widths'][5] = $context['widths'][6] = '960px';
}
$context['SPortal']['preview'] = true;
}
if (!empty($_POST['selected_type']) || !empty($_POST['preview_block']) || !$context['SPortal']['is_new'] && empty($_POST['add_block'])) {
// Only the admin can use PHP blocks
if ($context['SPortal']['block']['type'] == 'sp_php' && !allowedTo('admin_forum')) {
fatal_lang_error('cannot_admin_forum', false);
}
loadLanguage('SPortalHelp', sp_languageSelect('SPortalHelp'));
// Load up the permissions
$context['SPortal']['block']['permission_profiles'] = sportal_get_profiles(null, 1, 'name');
if (empty($context['SPortal']['block']['permission_profiles'])) {
fatal_lang_error('error_sp_no_permission_profiles', false);
}
$context['simple_actions'] = array('sportal' => $txt['sp-portal'], 'sforum' => $txt['sp-forum'], 'allaction' => $txt['sp-blocksOptionAllActions'], 'allboard' => $txt['sp-blocksOptionAllBoards'], 'allpages' => $txt['sp-blocksOptionAllPages'], 'all' => $txt['sp-blocksOptionEverywhere']);
$context['display_actions'] = array('portal' => $txt['sp-portal'], 'forum' => $txt['sp-forum'], 'recent' => $txt['recent_posts'], 'unread' => $txt['unread_topics_visit'], 'unreadreplies' => $txt['unread_replies'], 'profile' => $txt['profile'], 'pm' => $txt['pm_short'], 'calendar' => $txt['calendar'], 'admin' => $txt['admin'], 'login' => $txt['login'], 'register' => $txt['register'], 'post' => $txt['post'], 'stats' => $txt['forum_stats'], 'search' => $txt['search'], 'mlist' => $txt['members_list'], 'moderate' => $txt['moderate'], 'help' => $txt['help'], 'who' => $txt['who_title']);
// Load up boards and pages for selection in the template
sp_block_template_helpers();
if (empty($context['SPortal']['block']['display'])) {
$context['SPortal']['block']['display'] = array('0');
} else {
$context['SPortal']['block']['display'] = explode(',', $context['SPortal']['block']['display']);
}
if (in_array($context['SPortal']['block']['display'][0], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages')) || $context['SPortal']['is_new'] || empty($context['SPortal']['block']['display'][0]) && empty($context['SPortal']['block']['display_custom'])) {
$context['SPortal']['block']['display_type'] = 0;
} else {
$context['SPortal']['block']['display_type'] = 1;
}
$context['SPortal']['block']['style'] = sportal_parse_style('explode', $context['SPortal']['block']['style'], !empty($context['SPortal']['preview']));
// Prepare the Textcontent for BBC, only the first bbc will be detected correctly!
$firstBBCFound = false;
foreach ($context['SPortal']['block']['options'] as $name => $type) {
// Selectable Boards :D
if ($type == 'board_select' || $type == 'boards') {
if (empty($boards)) {
require_once SUBSDIR . '/Boards.subs.php';
getBoardTree();
}
// Merge the array ;)
if (!isset($context['SPortal']['block']['parameters'][$name])) {
$context['SPortal']['block']['parameters'][$name] = array();
} elseif (!empty($context['SPortal']['block']['parameters'][$name]) && is_array($context['SPortal']['block']['parameters'][$name])) {
$context['SPortal']['block']['parameters'][$name] = implode('|', $context['SPortal']['block']['parameters'][$name]);
}
$context['SPortal']['block']['board_options'][$name] = array();
$config_variable = !empty($context['SPortal']['block']['parameters'][$name]) ? $context['SPortal']['block']['parameters'][$name] : array();
$config_variable = !is_array($config_variable) ? explode('|', $config_variable) : $config_variable;
$context['SPortal']['block']['board_options'][$name] = array();
// Create the list for this Item
foreach ($boards as $board) {
// Ignore the redirected boards :)
if (!empty($board['redirect'])) {
continue;
}
$context['SPortal']['block']['board_options'][$name][$board['id']] = array('value' => $board['id'], 'text' => $board['name'], 'selected' => in_array($board['id'], $config_variable));
}
} elseif ($type === 'bbc') {
// ELK support only one bbc correct, multiple bbc do not work at the moment
if (!$firstBBCFound) {
$firstBBCFound = true;
// Start Elk BBC System :)
require_once SUBSDIR . '/Editor.subs.php';
// Prepare the output :D
$form_message = !empty($context['SPortal']['block']['parameters'][$name]) ? $context['SPortal']['block']['parameters'][$name] : '';
// But if it's in HTML world, turn them into htmlspecialchar's so they can be edited!
if (strpos($form_message, '[html]') !== false) {
$parts = preg_split('~(\\[/code\\]|\\[code(?:=[^\\]]+)?\\])~i', $form_message, -1, PREG_SPLIT_DELIM_CAPTURE);
for ($i = 0, $n = count($parts); $i < $n; $i++) {
// It goes 0 = outside, 1 = begin tag, 2 = inside, 3 = close tag, repeat.
if ($i % 4 == 0) {
$parts[$i] = preg_replace_callback('~\\[html\\](.+?)\\[/html\\]~is', create_function('$m', 'return "[html]" . preg_replace(\'~<br\\s?/?>~i\', \'<br /><br />\', "$m[1]") . "[/html]";'), $parts[$i]);
}
}
$form_message = implode('', $parts);
}
$form_message = preg_replace('~<br(?: /)?' . '>~i', "\n", $form_message);
// Prepare the data before i want them inside the textarea
$form_message = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), $form_message);
$context['SPortal']['bbc'] = 'bbc_' . $name;
$message_data = array('id' => $context['SPortal']['bbc'], 'width' => '95%', 'height' => '200px', 'value' => $form_message, 'form' => 'sp_block');
// Run the ELK bbc editor routine
create_control_richedit($message_data);
// Store the updated data on the parameters
$context['SPortal']['block']['parameters'][$name] = $form_message;
} else {
$context['SPortal']['block']['options'][$name] = 'textarea';
}
}
}
loadJavascriptFile('portal.js?sp24');
$context['sub_template'] = 'block_edit';
$context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp-blocksAdd'] : $txt['sp-blocksEdit'];
}
// Want to add / edit a block oo the portal
if (!empty($_POST['add_block'])) {
checkSession();
// Only the admin can do php here
if ($_POST['block_type'] == 'sp_php' && !allowedTo('admin_forum')) {
fatal_lang_error('cannot_admin_forum', false);
}
// Make sure the block name is something safe
if (!isset($_POST['block_name']) || Util::htmltrim(Util::htmlspecialchars($_POST['block_name']), ENT_QUOTES) === '') {
fatal_lang_error('error_sp_name_empty', false);
}
if ($_POST['block_type'] == 'sp_php' && !empty($_POST['parameters']['content']) && empty($modSettings['sp_disable_php_validation'])) {
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
$validator->validation_rules(array('content' => 'php_syntax'));
$validator->validate(array('content' => $_POST['parameters']['content']));
$error = $validator->validation_errors();
if ($error) {
$_SESSION['sp_error'] = $error[0];
$_SESSION['sp_error_post'] = $_POST;
redirectexit('action=admin;area=portalblocks;sa=' . $_REQUEST['sa'] . (!empty($_REQUEST['block_id']) ? ';block_id=' . $_REQUEST['block_id'] : ''));
}
}
// If we have a block ID passed, we must be editing, so the the blocks current data
if (!empty($_REQUEST['block_id'])) {
$current_data = current(getBlockInfo(null, $_REQUEST['block_id']));
}
// Where are we going to place this new block, before, after, no change
if (!empty($_POST['placement']) && ($_POST['placement'] === 'before' || $_POST['placement'] === 'after')) {
if (!empty($current_data)) {
$current_row = $current_data['row'];
} else {
$current_row = null;
}
// Before or after the chosen block
if ($_POST['placement'] === 'before') {
$row = (int) $_POST['block_row'];
} else {
$row = (int) $_POST['block_row'] + 1;
}
if (!empty($current_row) && $row > $current_row) {
sp_update_block_row($current_row, $row - 1, $_POST['block_column'], true);
} else {
sp_update_block_row($current_row, $row, $_POST['block_column'], false);
}
} elseif (!empty($_POST['placement']) && $_POST['placement'] == 'nochange') {
$row = 0;
} else {
$block_id = !empty($_REQUEST['block_id']) ? (int) $_REQUEST['block_id'] : 0;
$row = sp_block_nextrow($_POST['block_column'], $block_id);
}
$type_parameters = $_POST['block_type'](array(), 0, true);
if (!empty($_POST['parameters']) && is_array($_POST['parameters']) && !empty($type_parameters)) {
foreach ($type_parameters as $name => $type) {
// Prepare BBC Content for ELK
if (isset($_POST['parameters'][$name])) {
$this->_prepare_parameters($type, $name);
}
}
} else {
$_POST['parameters'] = array();
}
// Standard options
if (empty($_POST['display_advanced'])) {
if (!empty($_POST['display_simple']) && in_array($_POST['display_simple'], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages'))) {
$display = $_POST['display_simple'];
} else {
$display = '';
}
$custom = '';
} else {
$display = array();
if (!empty($_POST['display_actions'])) {
foreach ($_POST['display_actions'] as $action) {
$display[] = Util::htmlspecialchars($action, ENT_QUOTES);
}
}
if (!empty($_POST['display_boards'])) {
foreach ($_POST['display_boards'] as $board) {
$display[] = 'b' . (int) substr($board, 1);
}
}
if (!empty($_POST['display_pages'])) {
foreach ($_POST['display_pages'] as $page) {
$display[] = 'p' . (int) substr($page, 1);
}
}
if (!empty($_POST['display_custom'])) {
$custom = array();
$temp = explode(',', $_POST['display_custom']);
foreach ($temp as $action) {
$custom[] = Util::htmlspecialchars(Util::htmltrim($action), ENT_QUOTES);
}
}
$display = empty($display) ? '' : implode(',', $display);
if (!allowedTo('admin_forum') && isset($current_data['display_custom']) && substr($current_data['display_custom'], 0, 4) === '$php') {
$custom = $current_data['display_custom'];
} elseif (!empty($_POST['display_custom'])) {
if (allowedTo('admin_forum') && substr($_POST['display_custom'], 0, 4) === '$php') {
$custom = Util::htmlspecialchars($_POST['display_custom'], ENT_QUOTES);
} else {
$custom = array();
$temp = explode(',', $_POST['display_custom']);
foreach ($temp as $action) {
$custom[] = Util::htmlspecialchars($action, ENT_QUOTES);
}
$custom = empty($custom) ? '' : implode(',', $custom);
}
} else {
$custom = '';
}
}
$blockInfo = array('id' => (int) $_POST['block_id'], 'label' => Util::htmlspecialchars($_POST['block_name'], ENT_QUOTES), 'type' => $_POST['block_type'], 'col' => $_POST['block_column'], 'row' => $row, 'permissions' => (int) $_POST['permissions'], 'state' => !empty($_POST['block_active']) ? 1 : 0, 'force_view' => !empty($_POST['block_force']) ? 1 : 0, 'mobile_view' => !empty($_POST['block_mobile']) ? 1 : 0, 'display' => $display, 'display_custom' => $custom, 'style' => sportal_parse_style('implode'));
// Insert a new block in to the portal
if ($context['SPortal']['is_new']) {
unset($blockInfo['id']);
$blockInfo['id'] = sp_block_insert($blockInfo);
} else {
sp_block_update($blockInfo);
}
// Save any parameters for the block
if (!empty($_POST['parameters'])) {
sp_block_insert_parameters($_POST['parameters'], $blockInfo['id']);
}
redirectexit('action=admin;area=portalblocks');
}
}
/**
* Send the emails.
*
* - Sends off emails to all the moderators.
* - Sends to administrators and global moderators. (1 and 2)
* - Called by action_reporttm(), and thus has the same permission and setting requirements as it does.
* - Accessed through ?action=reporttm when posting.
*/
public function action_reporttm2()
{
global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $language, $context;
// You must have the proper permissions!
isAllowedTo('report_any');
// Make sure they aren't spamming.
spamProtection('reporttm');
require_once SUBSDIR . '/Mail.subs.php';
// No errors, yet.
$report_errors = Error_Context::context('report', 1);
// Check their session.
if (checkSession('post', '', false) != '') {
$report_errors->addError('session_timeout');
}
// Make sure we have a comment and it's clean.
if (!isset($_POST['comment']) || Util::htmltrim($_POST['comment']) === '') {
$report_errors->addError('no_comment');
}
$poster_comment = strtr(Util::htmlspecialchars($_POST['comment']), array("\r" => '', "\t" => ''));
if (Util::strlen($poster_comment) > 254) {
$report_errors->addError('post_too_long');
}
// Guests need to provide their address!
if ($user_info['is_guest']) {
require_once SUBSDIR . '/DataValidator.class.php';
if (!Data_Validator::is_valid($_POST, array('email' => 'valid_email'), array('email' => 'trim'))) {
empty($_POST['email']) ? $report_errors->addError('no_email') : $report_errors->addError('bad_email');
}
isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
$user_info['email'] = htmlspecialchars($_POST['email'], ENT_COMPAT, 'UTF-8');
}
// Could they get the right verification code?
if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) {
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'report');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$report_errors->addError($error, 0);
}
}
}
// Any errors?
if ($report_errors->hasErrors()) {
return $this->action_reporttm();
}
// Get the basic topic information, and make sure they can see it.
$msg_id = (int) $_POST['msg'];
$message = posterDetails($msg_id, $topic);
if (empty($message)) {
fatal_lang_error('no_board', false);
}
$poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
$reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
$subject = un_htmlspecialchars($message['subject']);
// Get a list of members with the moderate_board permission.
require_once SUBSDIR . '/Members.subs.php';
$moderators = membersAllowedTo('moderate_board', $board);
$result = getBasicMemberData($moderators, array('preferences' => true, 'sort' => 'lngfile'));
$mod_to_notify = array();
foreach ($result as $row) {
if ($row['notify_types'] != 4) {
$mod_to_notify[] = $row;
}
}
// Check that moderators do exist!
if (empty($mod_to_notify)) {
fatal_lang_error('no_mods', false);
}
// If we get here, I believe we should make a record of this, for historical significance, yabber.
if (empty($modSettings['disable_log_report'])) {
require_once SUBSDIR . '/Messages.subs.php';
$id_report = recordReport($message, $poster_comment);
// If we're just going to ignore these, then who gives a monkeys...
if ($id_report === false) {
redirectexit('topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id);
}
}
// Find out who the real moderators are - for mod preferences.
require_once SUBSDIR . '/Boards.subs.php';
$real_mods = getBoardModerators($board, true);
// Send every moderator an email.
foreach ($mod_to_notify as $row) {
// Maybe they don't want to know?!
if (!empty($row['mod_prefs'])) {
list(, , $pref_binary) = explode('|', $row['mod_prefs']);
if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) {
continue;
}
}
$replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id, 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']);
$emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
// Send it to the moderator.
sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 2);
}
// Keep track of when the mod reports get updated, that way we know when we need to look again.
updateSettings(array('last_mod_report_action' => time()));
// Back to the post we reported!
redirectexit('reportsent;topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id);
}
/**
* Does the actual saving of the article data
*
* - validates the data is safe to save
* - updates existing articles or creates new ones
*/
private function _sportal_admin_article_edit_save()
{
global $context, $txt, $modSettings;
// No errors, yet.
$article_errors = Error_Context::context('article', 0);
// Use our standard validation functions in a few spots
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
// If its not new, lets load the current data
if (!$this->_is_new) {
$_REQUEST['article_id'] = (int) $_REQUEST['article_id'];
$context['article'] = sportal_get_articles($_REQUEST['article_id']);
}
// Clean and Review the post data for compliance
$validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'article_id' => 'intval', 'category_id' => 'intval', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim'));
$validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required'));
$validator->text_replacements(array('title' => $txt['sp_admin_articles_col_title'], 'namespace' => $txt['sp_admin_articles_col_namespace'], 'content' => $txt['sp_admin_articles_col_body']));
// If you messed this up, back you go
if (!$validator->validate($_POST)) {
foreach ($validator->validation_errors() as $id => $error) {
$article_errors->addError($error);
}
$this->action_sportal_admin_article_edit();
}
// Lets make sure this namespace (article id) is unique
$has_duplicate = sp_duplicate_articles($validator->article_id, $validator->namespace);
if (!empty($has_duplicate)) {
$article_errors->addError('sp_error_article_namespace_duplicate');
}
// And we can't have just a numeric namespace (article id)
if (preg_replace('~[0-9]+~', '', $validator->namespace) === '') {
$article_errors->addError('sp_error_article_namespace_numeric');
}
// Posting some PHP code, and allowed? Then we need to validate it will run
if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) {
$validator_php = new Data_Validator();
$validator_php->validation_rules(array('content' => 'php_syntax'));
// Bad PHP code
if (!$validator_php->validate(array('content' => $_POST['content']))) {
$article_errors->addError($validator_php->validation_errors());
}
}
// None shall pass ... with errors
if ($article_errors->hasErrors()) {
$this->action_sportal_admin_article_edit();
}
// No errors then, prepare the data for saving
$article_info = array('id' => $validator->article_id, 'id_category' => $validator->category_id, 'namespace' => $validator->namespace, 'title' => $validator->title, 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($validator->type, array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => $validator->permissions, 'status' => !empty($_POST['status']) ? 1 : 0);
if ($article_info['type'] === 'bbc') {
preparsecode($article_info['body']);
}
// Save away
checkSession();
sp_save_article($article_info, $this->_is_new);
redirectexit('action=admin;area=portalarticles');
return true;
}
/**
* This function handles submission of a template file.
* It checks the file for syntax errors, and if it passes, it saves it.
*
* This function is forwarded to, from
* ?action=admin;area=theme;sa=edit
*/
private function _action_edit_submit()
{
global $context, $settings;
$selectedTheme = isset($_GET['th']) ? (int) $_GET['th'] : (isset($_GET['id']) ? (int) $_GET['id'] : 0);
if (empty($selectedTheme)) {
// This should never be happening. Never I say. But... in case it does :P
fatal_lang_error('theme_edit_missing');
}
$theme_dir = themeDirectory($context['theme_id']);
$file = isset($_POST['entire_file']) ? $_POST['entire_file'] : '';
// You did submit *something*, didn't you?
if (empty($file)) {
// @todo a better error message
fatal_lang_error('theme_edit_missing');
}
// Checking PHP syntax on css files is not a most constructive use of processing power :P
// We need to know what kind of file we have
$is_php = substr($_REQUEST['filename'], -4) == '.php';
$is_template = substr($_REQUEST['filename'], -13) == '.template.php';
$is_css = substr($_REQUEST['filename'], -4) == '.css';
// Check you up
if (checkSession('post', '', false) == '' && validateToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename']), 'post', false) == true) {
// Consolidate the format in which we received the file contents
if (is_array($file)) {
$entire_file = implode("\n", $file);
} else {
$entire_file = $file;
}
// Convert our tabs back to tabs!
$entire_file = rtrim(strtr($entire_file, array("\r" => '', ' ' => "\t")));
// Errors? No errors!
$errors = array();
// For PHP files, we check the syntax.
if ($is_php) {
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
$validator->validation_rules(array('entire_file' => 'php_syntax'));
$validator->validate(array('entire_file' => $entire_file));
// Retrieve the errors
$errors = $validator->validation_errors();
}
// If successful so far, we'll take the plunge and save this piece of art.
if (empty($errors)) {
// Try to save the new file contents
$fp = fopen($theme_dir . '/' . $_REQUEST['filename'], 'w');
fwrite($fp, $entire_file);
fclose($fp);
// We're done here.
redirectexit('action=admin;area=theme;th=' . $selectedTheme . ';' . $context['session_var'] . '=' . $context['session_id'] . ';sa=browse;directory=' . dirname($_REQUEST['filename']));
} else {
// Pick the right sub-template for the next try
if ($is_template) {
$context['sub_template'] = 'edit_template';
} else {
$context['sub_template'] = 'edit_file';
}
// Fill contextual data for the template, the errors to show
foreach ($errors as $error) {
$context['parse_error'][] = $error;
}
// The format of the data depends on template/non-template file.
if (!is_array($file)) {
$file = array($file);
}
// Send back the file contents
$context['entire_file'] = htmlspecialchars(strtr(implode('', $file), array("\t" => ' ')), ENT_COMPAT, 'UTF-8');
foreach ($file as $i => $file_part) {
$context['file_parts'][$i]['lines'] = strlen($file_part);
$context['file_parts'][$i]['data'] = $file_part;
}
// Re-create token for another try
createToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename']));
return;
}
} else {
loadLanguage('Errors');
// Notify the template of trouble
$context['session_error'] = true;
// Recycle the submitted data.
if (is_array($file)) {
$context['entire_file'] = htmlspecialchars(implode("\n", $file), ENT_COMPAT, 'UTF-8');
} else {
$context['entire_file'] = htmlspecialchars($file, ENT_COMPAT, 'UTF-8');
}
$context['edit_filename'] = htmlspecialchars($_POST['filename'], ENT_COMPAT, 'UTF-8');
// Choose sub-template
if ($is_template) {
$context['sub_template'] = 'edit_template';
} elseif ($is_css) {
addJavascriptVar(array('previewData' => '\'\'', 'previewTimeout' => '\'\'', 'refreshPreviewCache' => '\'\'', 'editFilename' => JavaScriptEscape($context['edit_filename']), 'theme_id' => $settings['theme_id']));
$context['sub_template'] = 'edit_style';
} else {
$context['sub_template'] = 'edit_file';
}
// Re-create the token so that it can be used
createToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename']));
return;
}
}
/**
* Registers a member to the forum.
*
* What it does:
* - Allows two types of interface: 'guest' and 'admin'. The first
* - includes hammering protection, the latter can perform the registration silently.
* - The strings used in the options array are assumed to be escaped.
* - Allows to perform several checks on the input, e.g. reserved names.
* - The function will adjust member statistics.
* - If an error is detected will fatal error on all errors unless return_errors is true.
*
* @package Members
* @uses Auth.subs.php
* @uses Mail.subs.php
* @param mixed[] $regOptions
* @param string $error_context
* @return integer the ID of the newly created member
*/
function registerMember(&$regOptions, $error_context = 'register')
{
global $scripturl, $txt, $modSettings, $user_info;
$db = database();
loadLanguage('Login');
// We'll need some external functions.
require_once SUBSDIR . '/Auth.subs.php';
require_once SUBSDIR . '/Mail.subs.php';
// Put any errors in here.
$reg_errors = Error_Context::context($error_context, 0);
// Registration from the admin center, let them sweat a little more.
if ($regOptions['interface'] == 'admin') {
is_not_guest();
isAllowedTo('moderate_forum');
} elseif ($regOptions['interface'] == 'guest') {
// You cannot register twice...
if (empty($user_info['is_guest'])) {
redirectexit();
}
// Make sure they didn't just register with this session.
if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck'])) {
fatal_lang_error('register_only_once', false);
}
}
// What method of authorization are we going to use?
if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid'))) {
if (!empty($regOptions['openid'])) {
$regOptions['auth_method'] = 'openid';
} else {
$regOptions['auth_method'] = 'password';
}
}
// Spaces and other odd characters are evil...
$regOptions['username'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $regOptions['username']));
// Valid emails only
require_once SUBSDIR . '/DataValidator.class.php';
if (!Data_Validator::is_valid($regOptions, array('email' => 'valid_email|required|max_length[255]'), array('email' => 'trim'))) {
$reg_errors->addError('bad_email');
}
validateUsername(0, $regOptions['username'], $error_context, !empty($regOptions['check_reserved_name']));
// Generate a validation code if it's supposed to be emailed.
$validation_code = '';
if ($regOptions['require'] == 'activation') {
$validation_code = generateValidationCode();
}
// If you haven't put in a password generate one.
if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password') {
mt_srand(time() + 1277);
$regOptions['password'] = generateValidationCode();
$regOptions['password_check'] = $regOptions['password'];
} elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password') {
$reg_errors->addError('passwords_dont_match');
}
// That's kind of easy to guess...
if ($regOptions['password'] == '') {
if ($regOptions['auth_method'] == 'password') {
$reg_errors->addError('no_password');
} else {
$regOptions['password'] = sha1(mt_rand());
}
}
// Now perform hard password validation as required.
if (!empty($regOptions['check_password_strength']) && $regOptions['password'] != '') {
$passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
// Password isn't legal?
if ($passwordError != null) {
$reg_errors->addError('profile_error_password_' . $passwordError);
}
}
// You may not be allowed to register this email.
if (!empty($regOptions['check_email_ban'])) {
isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
}
// Check if the email address is in use.
$request = $db->query('', '
SELECT id_member
FROM {db_prefix}members
WHERE email_address = {string:email_address}
OR email_address = {string:username}
LIMIT 1', array('email_address' => $regOptions['email'], 'username' => $regOptions['username']));
if ($db->num_rows($request) != 0) {
$reg_errors->addError(array('email_in_use', array(htmlspecialchars($regOptions['email'], ENT_COMPAT, 'UTF-8'))));
}
$db->free_result($request);
// Perhaps someone else wants to check this user
call_integration_hook('integrate_register_check', array(&$regOptions, &$reg_errors));
// If there's any errors left return them at once!
if ($reg_errors->hasErrors()) {
return false;
}
$reservedVars = array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url');
// Can't change reserved vars.
if (isset($regOptions['theme_vars']) && count(array_intersect(array_keys($regOptions['theme_vars']), $reservedVars)) != 0) {
fatal_lang_error('no_theme');
}
// New password hash
require_once SUBSDIR . '/Auth.subs.php';
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
$regOptions['register_vars'] = array('member_name' => $regOptions['username'], 'email_address' => $regOptions['email'], 'passwd' => validateLoginPassword($regOptions['password'], '', $regOptions['username'], true), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'posts' => 0, 'date_registered' => !empty($regOptions['time']) ? $regOptions['time'] : time(), 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip'], 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip2'], 'validation_code' => $validation_code, 'real_name' => $regOptions['username'], 'personal_text' => $modSettings['default_personal_text'], 'pm_email_notify' => 1, 'id_theme' => 0, 'id_post_group' => 4, 'lngfile' => '', 'buddy_list' => '', 'pm_ignore_list' => '', 'message_labels' => '', 'website_title' => '', 'website_url' => '', 'location' => '', 'time_format' => '', 'signature' => '', 'avatar' => '', 'usertitle' => '', 'secret_question' => '', 'secret_answer' => '', 'additional_groups' => '', 'ignore_boards' => '', 'smiley_set' => '', 'openid_uri' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
// Setup the activation status on this new account so it is correct - firstly is it an under age account?
if ($regOptions['require'] == 'coppa') {
$regOptions['register_vars']['is_activated'] = 5;
// @todo This should be changed. To what should be it be changed??
$regOptions['register_vars']['validation_code'] = '';
} elseif ($regOptions['require'] == 'nothing') {
$regOptions['register_vars']['is_activated'] = 1;
} elseif ($regOptions['require'] == 'activation') {
$regOptions['register_vars']['is_activated'] = 0;
} else {
$regOptions['register_vars']['is_activated'] = 3;
}
if (isset($regOptions['memberGroup'])) {
// Make sure the id_group will be valid, if this is an administator.
$regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
// Check if this group is assignable.
$unassignableGroups = array(-1, 3);
$request = $db->query('', '
SELECT id_group
FROM {db_prefix}membergroups
WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
OR group_type = {int:is_protected}'), array('min_posts' => -1, 'is_protected' => 1));
while ($row = $db->fetch_assoc($request)) {
$unassignableGroups[] = $row['id_group'];
}
$db->free_result($request);
if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups)) {
$regOptions['register_vars']['id_group'] = 0;
}
}
// Integrate optional member settings to be set.
if (!empty($regOptions['extra_register_vars'])) {
foreach ($regOptions['extra_register_vars'] as $var => $value) {
$regOptions['register_vars'][$var] = $value;
}
}
// Integrate optional user theme options to be set.
$theme_vars = array();
if (!empty($regOptions['theme_vars'])) {
foreach ($regOptions['theme_vars'] as $var => $value) {
$theme_vars[$var] = $value;
}
}
// Right, now let's prepare for insertion.
$knownInts = array('date_registered', 'posts', 'id_group', 'last_login', 'personal_messages', 'unread_messages', 'notifications', 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad', 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types', 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning');
$knownFloats = array('time_offset');
// Call an optional function to validate the users' input.
call_integration_hook('integrate_register', array(&$regOptions, &$theme_vars, &$knownInts, &$knownFloats));
$column_names = array();
$values = array();
foreach ($regOptions['register_vars'] as $var => $val) {
$type = 'string';
if (in_array($var, $knownInts)) {
$type = 'int';
} elseif (in_array($var, $knownFloats)) {
$type = 'float';
} elseif ($var == 'birthdate') {
$type = 'date';
}
$column_names[$var] = $type;
$values[$var] = $val;
}
// Register them into the database.
$db->insert('', '{db_prefix}members', $column_names, $values, array('id_member'));
$memberID = $db->insert_id('{db_prefix}members', 'id_member');
// Update the number of members and latest member's info - and pass the name, but remove the 's.
if ($regOptions['register_vars']['is_activated'] == 1) {
updateMemberStats($memberID, $regOptions['register_vars']['real_name']);
} else {
updateMemberStats();
}
// Theme variables too?
if (!empty($theme_vars)) {
$inserts = array();
foreach ($theme_vars as $var => $val) {
$inserts[] = array($memberID, $var, $val);
}
$db->insert('insert', '{db_prefix}themes', array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), $inserts, array('id_member', 'variable'));
}
// If it's enabled, increase the registrations for today.
trackStats(array('registers' => '+'));
// Administrative registrations are a bit different...
if ($regOptions['interface'] == 'admin') {
if ($regOptions['require'] == 'activation') {
$email_message = 'admin_register_activate';
} elseif (!empty($regOptions['send_welcome_email'])) {
$email_message = 'admin_register_immediate';
}
if (isset($email_message)) {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
$emaildata = loadEmailTemplate($email_message, $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
}
} else {
// Can post straight away - welcome them to your fantastic community...
if ($regOptions['require'] == 'nothing') {
if (!empty($regOptions['send_welcome_email'])) {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
$emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
}
// Send admin their notification.
require_once SUBSDIR . '/Notification.subs.php';
sendAdminNotifications('standard', $memberID, $regOptions['username']);
} elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa') {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
if ($regOptions['require'] == 'activation') {
$replacements += array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
} else {
$replacements += array('COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID);
}
$emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
} else {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
$emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
// Admin gets informed here...
require_once SUBSDIR . '/Notification.subs.php';
sendAdminNotifications('approval', $memberID, $regOptions['username']);
}
// Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
$_SESSION['just_registered'] = 1;
}
// If they are for sure registered, let other people to know about it
call_integration_hook('integrate_register_after', array($regOptions, $memberID));
return $memberID;
}
/**
* Does the actual saving of the page data
*
* - validates the data is safe to save
* - updates existing pages or creates new ones
*/
private function _sportal_admin_page_edit_save()
{
global $txt, $context, $modSettings;
// No errors, yet.
$pages_errors = Error_Context::context('pages', 0);
// Use our standard validation functions in a few spots
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
// Clean and Review the post data for compliance
$validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim'));
$validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required'));
$validator->text_replacements(array('title' => $txt['sp_error_page_name_empty'], 'namespace' => $txt['sp_error_page_namespace_empty'], 'content' => $txt['sp_admin_pages_col_body']));
// If you messed this up, back you go
if (!$validator->validate($_POST)) {
foreach ($validator->validation_errors() as $id => $error) {
$pages_errors->addError($error);
}
$this->action_sportal_admin_page_edit();
}
// Can't have the same name in the same space twice
$has_duplicate = sp_check_duplicate_pages($_POST['namespace'], $_POST['page_id']);
if (!empty($has_duplicate)) {
$pages_errors->addError('sp_error_page_namespace_duplicate');
}
// Can't have a simple numeric namespace
if (preg_replace('~[0-9]+~', '', $_POST['namespace']) === '') {
$pages_errors->addError('sp_error_page_namespace_numeric');
}
if ($_POST['type'] === 'php' && !allowedTo('admin_forum')) {
fatal_lang_error('cannot_admin_forum', false);
}
// Running some php code, then we need to validate its legit code
if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) {
$validator_php = new Data_Validator();
$validator_php->validation_rules(array('content' => 'php_syntax'));
// Bad PHP code
if (!$validator_php->validate(array('content' => $_POST['content']))) {
$pages_errors->addError($validator_php->validation_errors());
}
}
// None shall pass ... with errors
if ($pages_errors->hasErrors()) {
$this->action_sportal_admin_page_edit();
}
// If you made it this far, we are going to save the work
if (!empty($_POST['blocks']) && is_array($_POST['blocks'])) {
foreach ($_POST['blocks'] as $id => $block) {
$_POST['blocks'][$id] = (int) $block;
}
} else {
$_POST['blocks'] = array();
}
// The data for the fields
$page_info = array('id' => (int) $_POST['page_id'], 'namespace' => Util::htmlspecialchars($_POST['namespace'], ENT_QUOTES), 'title' => Util::htmlspecialchars($_POST['title'], ENT_QUOTES), 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($_POST['type'], array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => (int) $_POST['permissions'], 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']) ? 1 : 0);
if ($page_info['type'] === 'bbc') {
preparsecode($page_info['body']);
}
// Save away
sp_save_page($page_info, $context['SPortal']['is_new']);
$to_show = array();
$not_to_show = array();
$changes = array();
foreach ($context['page_blocks'] as $page_blocks) {
foreach ($page_blocks as $block) {
if ($block['shown'] && !in_array($block['id'], $_POST['blocks'])) {
$not_to_show[] = $block['id'];
} elseif (!$block['shown'] && in_array($block['id'], $_POST['blocks'])) {
$to_show[] = $block['id'];
}
}
}
foreach ($to_show as $id) {
if (empty($this->blocks[$id]['display']) && empty($this->blocks[$id]['display_custom']) || $this->blocks[$id]['display'] == 'sportal') {
$changes[$id] = array('display' => 'portal,p' . $page_info['id'], 'display_custom' => '');
} elseif (in_array($this->blocks[$id]['display'], array('allaction', 'allboard'))) {
$changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . ',p' . $page_info['id']);
} elseif (in_array('-p' . $page_info['id'], explode(',', $this->blocks[$id]['display_custom']))) {
$changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('-p' . $page_info['id']))));
} elseif (empty($this->blocks[$id]['display_custom'])) {
$changes[$id] = array('display' => implode(',', array_merge(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
} else {
$changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_merge(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id']))));
}
}
foreach ($not_to_show as $id) {
if (count(array_intersect(array($this->blocks[$id]['display'], $this->blocks[$id]['display_custom']), array('sforum', 'allpages', 'all'))) > 0) {
$changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . $this->blocks[$id]['display_custom'] . ',-p' . $page_info['id']);
} elseif (empty($this->blocks[$id]['display_custom'])) {
$changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
} else {
$changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id']))));
}
}
// Update the blocks as needed
foreach ($changes as $id => $data) {
sp_update_block_visibility($id, $data);
}
redirectexit('action=admin;area=portalpages');
return true;
}
/**
* Posts or saves the message composed with Post().
*
* requires various permissions depending on the action.
* handles attachment, post, and calendar saving.
* sends off notifications, and allows for announcements and moderation.
* accessed from ?action=post2.
*/
public function action_post2()
{
global $board, $topic, $txt, $modSettings, $context, $user_settings;
global $user_info, $board_info, $options, $ignore_temp;
// Sneaking off, are we?
if (empty($_POST) && empty($topic)) {
if (empty($_SERVER['CONTENT_LENGTH'])) {
redirectexit('action=post;board=' . $board . '.0');
} else {
fatal_lang_error('post_upload_error', false);
}
} elseif (empty($_POST) && !empty($topic)) {
redirectexit('action=post;topic=' . $topic . '.0');
}
// No need!
$context['robot_no_index'] = true;
// We are now in post2 action
$context['current_action'] = 'post2';
require_once SOURCEDIR . '/AttachmentErrorContext.class.php';
// No errors as yet.
$post_errors = Error_Context::context('post', 1);
$attach_errors = Attachment_Error_Context::context();
// If the session has timed out, let the user re-submit their form.
if (checkSession('post', '', false) != '') {
$post_errors->addError('session_timeout');
// Disable the preview so that any potentially malicious code is not executed
$_REQUEST['preview'] = false;
return $this->action_post();
}
// Wrong verification code?
if (!$user_info['is_admin'] && !$user_info['is_mod'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha'] || $user_info['is_guest'] && $modSettings['posts_require_captcha'] == -1)) {
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'post');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $verification_error) {
$post_errors->addError($verification_error);
}
}
}
require_once SUBSDIR . '/Boards.subs.php';
require_once SUBSDIR . '/Post.subs.php';
loadLanguage('Post');
// Drafts enabled and needed?
if (!empty($modSettings['drafts_enabled']) && (isset($_POST['save_draft']) || isset($_POST['id_draft']))) {
require_once SUBSDIR . '/Drafts.subs.php';
}
// First check to see if they are trying to delete any current attachments.
if (isset($_POST['attach_del'])) {
$keep_temp = array();
$keep_ids = array();
foreach ($_POST['attach_del'] as $dummy) {
if (strpos($dummy, 'post_tmp_' . $user_info['id']) !== false) {
$keep_temp[] = $dummy;
} else {
$keep_ids[] = (int) $dummy;
}
}
if (isset($_SESSION['temp_attachments'])) {
foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) {
if (isset($_SESSION['temp_attachments']['post']['files'], $attachment['name']) && in_array($attachment['name'], $_SESSION['temp_attachments']['post']['files']) || in_array($attachID, $keep_temp) || strpos($attachID, 'post_tmp_' . $user_info['id']) === false) {
continue;
}
unset($_SESSION['temp_attachments'][$attachID]);
@unlink($attachment['tmp_name']);
}
}
if (!empty($_REQUEST['msg'])) {
require_once SUBSDIR . '/ManageAttachments.subs.php';
$attachmentQuery = array('attachment_type' => 0, 'id_msg' => (int) $_REQUEST['msg'], 'not_id_attach' => $keep_ids);
removeAttachments($attachmentQuery);
}
}
// Then try to upload any attachments.
$context['attachments']['can']['post'] = !empty($modSettings['attachmentEnable']) && $modSettings['attachmentEnable'] == 1 && (allowedTo('post_attachment') || $modSettings['postmod_active'] && allowedTo('post_unapproved_attachments'));
if ($context['attachments']['can']['post'] && empty($_POST['from_qr'])) {
require_once SUBSDIR . '/Attachments.subs.php';
if (isset($_REQUEST['msg'])) {
processAttachments((int) $_REQUEST['msg']);
} else {
processAttachments();
}
}
// Previewing? Go back to start.
if (isset($_REQUEST['preview'])) {
return $this->action_post();
}
// Prevent double submission of this form.
checkSubmitOnce('check');
// If this isn't a new topic load the topic info that we need.
if (!empty($topic)) {
require_once SUBSDIR . '/Topic.subs.php';
$topic_info = getTopicInfo($topic);
// Though the topic should be there, it might have vanished.
if (empty($topic_info)) {
fatal_lang_error('topic_doesnt_exist');
}
// Did this topic suddenly move? Just checking...
if ($topic_info['id_board'] != $board) {
fatal_lang_error('not_a_topic');
}
}
// Replying to a topic?
if (!empty($topic) && !isset($_REQUEST['msg'])) {
// Don't allow a post if it's locked.
if ($topic_info['locked'] != 0 && !allowedTo('moderate_board')) {
fatal_lang_error('topic_locked', false);
}
// Sorry, multiple polls aren't allowed... yet. You should stop giving me ideas :P.
if (isset($_REQUEST['poll']) && $topic_info['id_poll'] > 0) {
unset($_REQUEST['poll']);
}
// Do the permissions and approval stuff...
$becomesApproved = true;
if ($topic_info['id_member_started'] != $user_info['id']) {
if ($modSettings['postmod_active'] && allowedTo('post_unapproved_replies_any') && !allowedTo('post_reply_any')) {
$becomesApproved = false;
} else {
isAllowedTo('post_reply_any');
}
} elseif (!allowedTo('post_reply_any')) {
if ($modSettings['postmod_active']) {
if (allowedTo('post_unapproved_replies_own') && !allowedTo('post_reply_own')) {
$becomesApproved = false;
} elseif ($user_info['is_guest'] && allowedTo('post_unapproved_replies_any')) {
$becomesApproved = false;
} else {
isAllowedTo('post_reply_own');
}
}
}
if (isset($_POST['lock'])) {
// Nothing is changed to the lock.
if (empty($topic_info['locked']) && empty($_POST['lock']) || !empty($_POST['lock']) && !empty($topic_info['locked'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
// You cannot override a moderator lock.
if ($topic_info['locked'] == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
// So you wanna (un)sticky this...let's see.
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || $_POST['sticky'] == $topic_info['is_sticky'] || !allowedTo('make_sticky'))) {
unset($_POST['sticky']);
}
// If drafts are enabled, then pass this off
if (!empty($modSettings['drafts_enabled']) && isset($_POST['save_draft'])) {
saveDraft();
return $this->action_post();
}
// If the number of replies has changed, if the setting is enabled, go back to action_post() - which handles the error.
if (empty($options['no_new_reply_warning']) && isset($_POST['last_msg']) && $topic_info['id_last_msg'] > $_POST['last_msg']) {
addInlineJavascript('
$(document).ready(function () {
$("html,body").scrollTop($(\'.category_header:visible:first\').offset().top);
});');
return $this->action_post();
}
$posterIsGuest = $user_info['is_guest'];
} elseif (empty($topic)) {
// Now don't be silly, new topics will get their own id_msg soon enough.
unset($_REQUEST['msg'], $_POST['msg'], $_GET['msg']);
// Do like, the permissions, for safety and stuff...
$becomesApproved = true;
if ($modSettings['postmod_active'] && !allowedTo('post_new') && allowedTo('post_unapproved_topics')) {
$becomesApproved = false;
} else {
isAllowedTo('post_new');
}
if (isset($_POST['lock'])) {
// New topics are by default not locked.
if (empty($_POST['lock'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own'))) {
unset($_POST['lock']);
} else {
$_POST['lock'] = allowedTo('lock_any') ? 1 : 2;
}
}
if (isset($_POST['sticky']) && (empty($modSettings['enableStickyTopics']) || empty($_POST['sticky']) || !allowedTo('make_sticky'))) {
unset($_POST['sticky']);
}
// Saving your new topic as a draft first?
if (!empty($modSettings['drafts_enabled']) && isset($_POST['save_draft'])) {
saveDraft();
return $this->action_post();
}
$posterIsGuest = $user_info['is_guest'];
} elseif (isset($_REQUEST['msg']) && !empty($topic)) {
$_REQUEST['msg'] = (int) $_REQUEST['msg'];
require_once SUBSDIR . '/Messages.subs.php';
$msgInfo = basicMessageInfo($_REQUEST['msg'], true);
if (empty($msgInfo)) {
fatal_lang_error('cant_find_messages', false);
}
if (!empty($topic_info['locked']) && !allowedTo('moderate_board')) {
fatal_lang_error('topic_locked', false);
}
if (isset($_POST['lock'])) {
// Nothing changes to the lock status.
if (empty($_POST['lock']) && empty($topic_info['locked']) || !empty($_POST['lock']) && !empty($topic_info['locked'])) {
unset($_POST['lock']);
} elseif (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $topic_info['id_member_started']) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
// You're not allowed to break a moderator's lock.
if ($topic_info['locked'] == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
// Change the sticky status of this topic?
if (isset($_POST['sticky']) && (!allowedTo('make_sticky') || $_POST['sticky'] == $topic_info['is_sticky'])) {
unset($_POST['sticky']);
}
if ($msgInfo['id_member'] == $user_info['id'] && !allowedTo('modify_any')) {
if ((!$modSettings['postmod_active'] || $msgInfo['approved']) && !empty($modSettings['edit_disable_time']) && $msgInfo['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) {
fatal_lang_error('modify_post_time_passed', false);
} elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_own')) {
isAllowedTo('modify_replies');
} else {
isAllowedTo('modify_own');
}
} elseif ($topic_info['id_member_started'] == $user_info['id'] && !allowedTo('modify_any')) {
isAllowedTo('modify_replies');
// If you're modifying a reply, I say it better be logged...
$moderationAction = true;
} else {
isAllowedTo('modify_any');
// Log it, assuming you're not modifying your own post.
if ($msgInfo['id_member'] != $user_info['id']) {
$moderationAction = true;
}
}
// If drafts are enabled, then lets send this off to save
if (!empty($modSettings['drafts_enabled']) && isset($_POST['save_draft'])) {
saveDraft();
return $this->action_post();
}
$posterIsGuest = empty($msgInfo['id_member']);
// Can they approve it?
$can_approve = allowedTo('approve_posts');
$becomesApproved = $modSettings['postmod_active'] ? $can_approve && !$msgInfo['approved'] ? !empty($_REQUEST['approve']) ? 1 : 0 : $msgInfo['approved'] : 1;
$approve_has_changed = $msgInfo['approved'] != $becomesApproved;
if (!allowedTo('moderate_forum') || !$posterIsGuest) {
$_POST['guestname'] = $msgInfo['poster_name'];
$_POST['email'] = $msgInfo['poster_email'];
}
}
// In case we want to override
if (allowedTo('approve_posts')) {
$becomesApproved = !isset($_REQUEST['approve']) || !empty($_REQUEST['approve']) ? 1 : 0;
$approve_has_changed = isset($msgInfo['approved']) ? $msgInfo['approved'] != $becomesApproved : false;
}
// If the poster is a guest evaluate the legality of name and email.
if ($posterIsGuest) {
$_POST['guestname'] = !isset($_POST['guestname']) ? '' : Util::htmlspecialchars(trim($_POST['guestname']));
$_POST['email'] = !isset($_POST['email']) ? '' : Util::htmlspecialchars(trim($_POST['email']));
if ($_POST['guestname'] == '' || $_POST['guestname'] == '_') {
$post_errors->addError('no_name');
}
if (Util::strlen($_POST['guestname']) > 25) {
$post_errors->addError('long_name');
}
if (empty($modSettings['guest_post_no_email'])) {
// Only check if they changed it!
if (!isset($msgInfo) || $msgInfo['poster_email'] != $_POST['email']) {
require_once SUBSDIR . '/DataValidator.class.php';
if (!allowedTo('moderate_forum') && !Data_Validator::is_valid($_POST, array('email' => 'valid_email|required'), array('email' => 'trim'))) {
empty($_POST['email']) ? $post_errors->addError('no_email') : $post_errors->addError('bad_email');
}
}
// Now make sure this email address is not banned from posting.
isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
}
// In case they are making multiple posts this visit, help them along by storing their name.
if (!$post_errors->hasErrors()) {
$_SESSION['guest_name'] = $_POST['guestname'];
$_SESSION['guest_email'] = $_POST['email'];
}
}
// Check the subject and message.
if (!isset($_POST['subject']) || Util::htmltrim(Util::htmlspecialchars($_POST['subject'])) === '') {
$post_errors->addError('no_subject');
}
if (!isset($_POST['message']) || Util::htmltrim(Util::htmlspecialchars($_POST['message'], ENT_QUOTES)) === '') {
$post_errors->addError('no_message');
} elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_POST['message']) > $modSettings['max_messageLength']) {
$post_errors->addError(array('long_message', array($modSettings['max_messageLength'])));
} else {
// Prepare the message a bit for some additional testing.
$_POST['message'] = Util::htmlspecialchars($_POST['message'], ENT_QUOTES);
// Preparse code. (Zef)
if ($user_info['is_guest']) {
$user_info['name'] = $_POST['guestname'];
}
preparsecode($_POST['message']);
// Let's see if there's still some content left without the tags.
if (Util::htmltrim(strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($_POST['message'], '[html]') === false)) {
$post_errors->addError('no_message');
}
}
if (isset($_POST['calendar']) && !isset($_REQUEST['deleteevent']) && Util::htmltrim($_POST['evtitle']) === '') {
$post_errors->addError('no_event');
}
// Validate the poll...
if (isset($_REQUEST['poll']) && !empty($modSettings['pollMode'])) {
if (!empty($topic) && !isset($_REQUEST['msg'])) {
fatal_lang_error('no_access', false);
}
// This is a new topic... so it's a new poll.
if (empty($topic)) {
isAllowedTo('poll_post');
} elseif ($user_info['id'] == $topic_info['id_member_started'] && !allowedTo('poll_add_any')) {
isAllowedTo('poll_add_own');
} else {
isAllowedTo('poll_add_any');
}
if (!isset($_POST['question']) || trim($_POST['question']) == '') {
$post_errors->addError('no_question');
}
$_POST['options'] = empty($_POST['options']) ? array() : htmltrim__recursive($_POST['options']);
// Get rid of empty ones.
foreach ($_POST['options'] as $k => $option) {
if ($option == '') {
unset($_POST['options'][$k], $_POST['options'][$k]);
}
}
// What are you going to vote between with one choice?!?
if (count($_POST['options']) < 2) {
$post_errors->addError('poll_few');
} elseif (count($_POST['options']) > 256) {
$post_errors->addError('poll_many');
}
}
if ($posterIsGuest) {
// If user is a guest, make sure the chosen name isn't taken.
require_once SUBSDIR . '/Members.subs.php';
if (isReservedName($_POST['guestname'], 0, true, false) && (!isset($msgInfo['poster_name']) || $_POST['guestname'] != $msgInfo['poster_name'])) {
$post_errors->addError('bad_name');
}
} elseif (!isset($_REQUEST['msg'])) {
$_POST['guestname'] = $user_info['username'];
$_POST['email'] = $user_info['email'];
}
// Posting somewhere else? Are we sure you can?
if (!empty($_REQUEST['post_in_board'])) {
$new_board = (int) $_REQUEST['post_in_board'];
if (!allowedTo('post_new', $new_board)) {
$post_in_board = boardInfo($new_board);
if (!empty($post_in_board)) {
$post_errors->addError(array('post_new_board', array($post_in_board['name'])));
} else {
$post_errors->addError('post_new');
}
}
}
// Any mistakes?
if ($post_errors->hasErrors() || $attach_errors->hasErrors()) {
addInlineJavascript('
$(document).ready(function () {
$("html,body").scrollTop($(\'.category_header:visible:first\').offset().top);
});');
return $this->action_post();
}
// Make sure the user isn't spamming the board.
if (!isset($_REQUEST['msg'])) {
spamProtection('post');
}
// At about this point, we're posting and that's that.
ignore_user_abort(true);
@set_time_limit(300);
// Add special html entities to the subject, name, and email.
$_POST['subject'] = strtr(Util::htmlspecialchars($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
$_POST['guestname'] = htmlspecialchars($_POST['guestname'], ENT_COMPAT, 'UTF-8');
$_POST['email'] = htmlspecialchars($_POST['email'], ENT_COMPAT, 'UTF-8');
// At this point, we want to make sure the subject isn't too long.
if (Util::strlen($_POST['subject']) > 100) {
$_POST['subject'] = Util::substr($_POST['subject'], 0, 100);
}
if (!empty($modSettings['mentions_enabled']) && !empty($_REQUEST['uid'])) {
$query_params = array();
$query_params['member_ids'] = array_unique(array_map('intval', $_REQUEST['uid']));
require_once SUBSDIR . '/Members.subs.php';
$mentioned_members = membersBy('member_ids', $query_params, true);
$replacements = 0;
$actually_mentioned = array();
foreach ($mentioned_members as $member) {
$_POST['message'] = str_replace('@' . $member['real_name'], '[member=' . $member['id_member'] . ']' . $member['real_name'] . '[/member]', $_POST['message'], $replacements);
if ($replacements > 0) {
$actually_mentioned[] = $member['id_member'];
}
}
}
// Make the poll...
if (isset($_REQUEST['poll'])) {
// Make sure that the user has not entered a ridiculous number of options..
if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) {
$_POST['poll_max_votes'] = 1;
} elseif ($_POST['poll_max_votes'] > count($_POST['options'])) {
$_POST['poll_max_votes'] = count($_POST['options']);
} else {
$_POST['poll_max_votes'] = (int) $_POST['poll_max_votes'];
}
$_POST['poll_expire'] = (int) $_POST['poll_expire'];
$_POST['poll_expire'] = $_POST['poll_expire'] > 9999 ? 9999 : ($_POST['poll_expire'] < 0 ? 0 : $_POST['poll_expire']);
// Just set it to zero if it's not there..
if (!isset($_POST['poll_hide'])) {
$_POST['poll_hide'] = 0;
} else {
$_POST['poll_hide'] = (int) $_POST['poll_hide'];
}
$_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0;
$_POST['poll_guest_vote'] = isset($_POST['poll_guest_vote']) ? 1 : 0;
// Make sure guests are actually allowed to vote generally.
if ($_POST['poll_guest_vote']) {
require_once SUBSDIR . '/Members.subs.php';
$allowedVoteGroups = groupsAllowedTo('poll_vote', $board);
if (!in_array(-1, $allowedVoteGroups['allowed'])) {
$_POST['poll_guest_vote'] = 0;
}
}
// If the user tries to set the poll too far in advance, don't let them.
if (!empty($_POST['poll_expire']) && $_POST['poll_expire'] < 1) {
fatal_lang_error('poll_range_error', false);
} elseif (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) {
$_POST['poll_hide'] = 1;
}
// Clean up the question and answers.
$_POST['question'] = htmlspecialchars($_POST['question'], ENT_COMPAT, 'UTF-8');
$_POST['question'] = Util::substr($_POST['question'], 0, 255);
$_POST['question'] = preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', $_POST['question']);
$_POST['options'] = htmlspecialchars__recursive($_POST['options']);
// Finally, make the poll.
require_once SUBSDIR . '/Poll.subs.php';
$id_poll = createPoll($_POST['question'], $user_info['id'], $_POST['guestname'], $_POST['poll_max_votes'], $_POST['poll_hide'], $_POST['poll_expire'], $_POST['poll_change_vote'], $_POST['poll_guest_vote'], $_POST['options']);
} else {
$id_poll = 0;
}
// ...or attach a new file...
if (empty($ignore_temp) && $context['attachments']['can']['post'] && !empty($_SESSION['temp_attachments']) && empty($_POST['from_qr'])) {
$attachIDs = array();
foreach ($_SESSION['temp_attachments'] as $attachID => $attachment) {
if ($attachID != 'initial_error' && strpos($attachID, 'post_tmp_' . $user_info['id']) === false) {
continue;
}
// If there was an initial error just show that message.
if ($attachID == 'initial_error') {
unset($_SESSION['temp_attachments']);
break;
}
// No errors, then try to create the attachment
if (empty($attachment['errors'])) {
// Load the attachmentOptions array with the data needed to create an attachment
$attachmentOptions = array('post' => isset($_REQUEST['msg']) ? $_REQUEST['msg'] : 0, 'poster' => $user_info['id'], 'name' => $attachment['name'], 'tmp_name' => $attachment['tmp_name'], 'size' => isset($attachment['size']) ? $attachment['size'] : 0, 'mime_type' => isset($attachment['type']) ? $attachment['type'] : '', 'id_folder' => isset($attachment['id_folder']) ? $attachment['id_folder'] : 0, 'approved' => !$modSettings['postmod_active'] || allowedTo('post_attachment'), 'errors' => array());
if (createAttachment($attachmentOptions)) {
$attachIDs[] = $attachmentOptions['id'];
if (!empty($attachmentOptions['thumb'])) {
$attachIDs[] = $attachmentOptions['thumb'];
}
}
} else {
@unlink($attachment['tmp_name']);
}
}
unset($_SESSION['temp_attachments']);
}
// Creating a new topic?
$newTopic = empty($_REQUEST['msg']) && empty($topic);
$_POST['icon'] = !empty($attachIDs) && $_POST['icon'] == 'xx' ? 'clip' : $_POST['icon'];
// Collect all parameters for the creation or modification of a post.
$msgOptions = array('id' => empty($_REQUEST['msg']) ? 0 : (int) $_REQUEST['msg'], 'subject' => $_POST['subject'], 'body' => $_POST['message'], 'icon' => preg_replace('~[\\./\\\\*:"\'<>]~', '', $_POST['icon']), 'smileys_enabled' => !isset($_POST['ns']), 'attachments' => empty($attachIDs) ? array() : $attachIDs, 'approved' => $becomesApproved);
$topicOptions = array('id' => empty($topic) ? 0 : $topic, 'board' => $board, 'poll' => isset($_REQUEST['poll']) ? $id_poll : null, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => true, 'is_approved' => !$modSettings['postmod_active'] || empty($topic) || !empty($board_info['cur_topic_approved']));
$posterOptions = array('id' => $user_info['id'], 'name' => $_POST['guestname'], 'email' => $_POST['email'], 'update_post_count' => !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count']);
// This is an already existing message. Edit it.
if (!empty($_REQUEST['msg'])) {
// Have admins allowed people to hide their screwups?
if (time() - $msgInfo['poster_time'] > $modSettings['edit_wait_time'] || $user_info['id'] != $msgInfo['id_member']) {
$msgOptions['modify_time'] = time();
$msgOptions['modify_name'] = $user_info['name'];
}
// This will save some time...
if (empty($approve_has_changed)) {
unset($msgOptions['approved']);
}
modifyPost($msgOptions, $topicOptions, $posterOptions);
} else {
if (!empty($modSettings['enableFollowup']) && !empty($_REQUEST['followup'])) {
$original_post = (int) $_REQUEST['followup'];
}
// We also have to fake the board:
// if it's valid and it's not the current, let's forget about the "current" and load the new one
if (!empty($new_board) && $board !== $new_board) {
$board = $new_board;
loadBoard();
// Some details changed
$topicOptions['board'] = $board;
$topicOptions['is_approved'] = !$modSettings['postmod_active'] || empty($topic) || !empty($board_info['cur_topic_approved']);
$posterOptions['update_post_count'] = !$user_info['is_guest'] && !isset($_REQUEST['msg']) && $board_info['posts_count'];
}
createPost($msgOptions, $topicOptions, $posterOptions);
if (isset($topicOptions['id'])) {
$topic = $topicOptions['id'];
}
if (!empty($modSettings['enableFollowup'])) {
require_once SUBSDIR . '/FollowUps.subs.php';
require_once SUBSDIR . '/Messages.subs.php';
// Time to update the original message with a pointer to the new one
if (!empty($original_post) && canAccessMessage($original_post)) {
linkMessages($original_post, $topic);
}
}
}
// If we had a draft for this, its time to remove it since it was just posted
if (!empty($modSettings['drafts_enabled']) && !empty($_POST['id_draft'])) {
deleteDrafts($_POST['id_draft'], $user_info['id']);
}
// Editing or posting an event?
if (isset($_POST['calendar']) && (!isset($_REQUEST['eventid']) || $_REQUEST['eventid'] == -1)) {
require_once SUBSDIR . '/Calendar.subs.php';
// Make sure they can link an event to this post.
canLinkEvent();
// Insert the event.
$eventOptions = array('id_board' => $board, 'id_topic' => $topic, 'title' => $_POST['evtitle'], 'member' => $user_info['id'], 'start_date' => sprintf('%04d-%02d-%02d', $_POST['year'], $_POST['month'], $_POST['day']), 'span' => isset($_POST['span']) && $_POST['span'] > 0 ? min((int) $modSettings['cal_maxspan'], (int) $_POST['span'] - 1) : 0);
insertEvent($eventOptions);
} elseif (isset($_POST['calendar'])) {
$_REQUEST['eventid'] = (int) $_REQUEST['eventid'];
// Validate the post...
require_once SUBSDIR . '/Calendar.subs.php';
validateEventPost();
// If you're not allowed to edit any events, you have to be the poster.
if (!allowedTo('calendar_edit_any')) {
$event_poster = getEventPoster($_REQUEST['eventid']);
// Silly hacker, Trix are for kids. ...probably trademarked somewhere, this is FAIR USE! (parody...)
isAllowedTo('calendar_edit_' . ($event_poster == $user_info['id'] ? 'own' : 'any'));
}
// Delete it?
if (isset($_REQUEST['deleteevent'])) {
removeEvent($_REQUEST['eventid']);
} else {
$span = !empty($modSettings['cal_allowspan']) && !empty($_REQUEST['span']) ? min((int) $modSettings['cal_maxspan'], (int) $_REQUEST['span'] - 1) : 0;
$start_time = mktime(0, 0, 0, (int) $_REQUEST['month'], (int) $_REQUEST['day'], (int) $_REQUEST['year']);
$eventOptions = array('start_date' => strftime('%Y-%m-%d', $start_time), 'end_date' => strftime('%Y-%m-%d', $start_time + $span * 86400), 'title' => $_REQUEST['evtitle']);
modifyEvent($_REQUEST['eventid'], $eventOptions);
}
}
// Marking boards as read.
// (You just posted and they will be unread.)
if (!$user_info['is_guest']) {
$board_list = !empty($board_info['parent_boards']) ? array_keys($board_info['parent_boards']) : array();
// Returning to the topic?
if (!empty($_REQUEST['goback'])) {
$board_list[] = $board;
}
if (!empty($board_list)) {
markBoardsRead($board_list, false, false);
}
}
// Turn notification on or off.
if (!empty($_POST['notify']) && allowedTo('mark_any_notify')) {
setTopicNotification($user_info['id'], $topic, true);
} elseif (!$newTopic) {
setTopicNotification($user_info['id'], $topic, false);
}
// Log an act of moderation - modifying.
if (!empty($moderationAction)) {
logAction('modify', array('topic' => $topic, 'message' => (int) $_REQUEST['msg'], 'member' => $msgInfo['id_member'], 'board' => $board));
}
if (isset($_POST['lock']) && $_POST['lock'] != 2) {
logAction(empty($_POST['lock']) ? 'unlock' : 'lock', array('topic' => $topicOptions['id'], 'board' => $topicOptions['board']));
}
if (isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics'])) {
logAction(empty($_POST['sticky']) ? 'unsticky' : 'sticky', array('topic' => $topicOptions['id'], 'board' => $topicOptions['board']));
}
// Notify any members who have notification turned on for this topic/board - only do this if it's going to be approved(!)
if ($becomesApproved) {
require_once SUBSDIR . '/Notification.subs.php';
if ($newTopic) {
$notifyData = array('body' => $_POST['message'], 'subject' => $_POST['subject'], 'name' => $user_info['name'], 'poster' => $user_info['id'], 'msg' => $msgOptions['id'], 'board' => $board, 'topic' => $topic, 'signature' => isset($user_settings['signature']) ? $user_settings['signature'] : '');
sendBoardNotifications($notifyData);
} elseif (empty($_REQUEST['msg'])) {
// Only send it to everyone if the topic is approved, otherwise just to the topic starter if they want it.
if ($topic_info['approved']) {
sendNotifications($topic, 'reply');
} else {
sendNotifications($topic, 'reply', array(), $topic_info['id_member_started']);
}
}
}
if (!empty($modSettings['mentions_enabled']) && !empty($actually_mentioned)) {
require_once CONTROLLERDIR . '/Mentions.controller.php';
$mentions = new Mentions_Controller();
$mentions->setData(array('id_member' => $actually_mentioned, 'type' => 'men', 'id_msg' => $msgOptions['id'], 'status' => $becomesApproved ? 'new' : 'unapproved'));
$mentions->action_add();
}
if ($board_info['num_topics'] == 0) {
cache_put_data('board-' . $board, null, 120);
}
if (!empty($_POST['announce_topic'])) {
redirectexit('action=announce;sa=selectgroup;topic=' . $topic . (!empty($_POST['move']) && allowedTo('move_any') ? ';move' : '') . (empty($_REQUEST['goback']) ? '' : ';goback'));
}
if (!empty($_POST['move']) && allowedTo('move_any')) {
redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback'));
}
// Return to post if the mod is on.
if (isset($_REQUEST['msg']) && !empty($_REQUEST['goback'])) {
redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg'] . '#msg' . $_REQUEST['msg'], isBrowser('ie'));
} elseif (!empty($_REQUEST['goback'])) {
redirectexit('topic=' . $topic . '.new#new', isBrowser('ie'));
} else {
redirectexit('board=' . $board . '.0');
}
}
/**
* Editing a membergroup.
*
* What it does:
* - Screen to edit a specific membergroup.
* - Called by ?action=admin;area=membergroups;sa=edit;group=x.
* - It requires the manage_membergroups permission.
* - Also handles the delete button of the edit form.
* - Redirects to ?action=admin;area=membergroups.
*
* @uses the edit_group sub template of ManageMembergroups.
*/
public function action_edit()
{
global $context, $txt, $modSettings;
$current_group_id = isset($_REQUEST['group']) ? (int) $_REQUEST['group'] : 0;
if (!empty($modSettings['deny_boards_access'])) {
loadLanguage('ManagePermissions');
}
require_once SUBSDIR . '/Membergroups.subs.php';
// Make sure this group is editable.
if (!empty($current_group_id)) {
$current_group = membergroupById($current_group_id);
}
// Now, do we have a valid id?
if (!allowedTo('admin_forum') && !empty($current_group_id) && $current_group['group_type'] == 1) {
fatal_lang_error('membergroup_does_not_exist', false);
}
// The delete this membergroup button was pressed.
if (isset($_POST['delete'])) {
checkSession();
validateToken('admin-mmg');
if (empty($current_group_id)) {
fatal_lang_error('membergroup_does_not_exist', false);
}
// Let's delete the group
deleteMembergroups($current_group['id_group']);
redirectexit('action=admin;area=membergroups;');
} elseif (isset($_POST['save'])) {
// Validate the session.
checkSession();
validateToken('admin-mmg');
if (empty($current_group_id)) {
fatal_lang_error('membergroup_does_not_exist', false);
}
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
// Cleanup the inputs! :D
$validator->sanitation_rules(array('max_messages' => 'intval', 'min_posts' => 'intval|abs', 'group_type' => 'intval', 'group_desc' => 'trim|Util::htmlspecialchars', 'group_name' => 'trim|Util::htmlspecialchars', 'group_hidden' => 'intval', 'group_inherit' => 'intval', 'icon_count' => 'intval', 'icon_image' => 'trim|Util::htmlspecialchars', 'online_color' => 'trim|valid_color'));
$validator->input_processing(array('boardaccess' => 'array'));
$validator->validation_rules(array('boardaccess' => 'contains[allow,ignore,deny]'));
$validator->validate($_POST);
// Can they really inherit from this group?
if ($validator->group_inherit != -2 && !allowedTo('admin_forum')) {
$inherit_type = membergroupById($validator->group_inherit);
}
$min_posts = $validator->group_type == -1 && $validator->min_posts >= 0 && $current_group['id_group'] > 3 ? $validator->min_posts : ($current_group['id_group'] == 4 ? 0 : -1);
$group_inherit = $current_group['id_group'] > 1 && $current_group['id_group'] != 3 && (empty($inherit_type['group_type']) || $inherit_type['group_type'] != 1) ? $validator->group_inherit : -2;
//@todo Don't set online_color for the Moderators group?
// Do the update of the membergroup settings.
$properties = array('max_messages' => $validator->max_messages, 'min_posts' => $min_posts, 'group_type' => $validator->group_type < 0 || $validator->group_type > 3 || $validator->group_type == 1 && !allowedTo('admin_forum') ? 0 : $validator->group_type, 'hidden' => !$validator->group_hidden || $min_posts != -1 || $current_group['id_group'] == 3 ? 0 : $validator->group_hidden, 'id_parent' => $group_inherit, 'current_group' => $current_group['id_group'], 'group_name' => $validator->group_name, 'online_color' => $validator->online_color, 'icons' => $validator->icon_count <= 0 ? '' : min($validator->icon_count, 10) . '#' . $validator->icon_image, 'description' => $current_group['id_group'] == 1 || $validator->group_type != -1 ? $validator->group_desc : '');
updateMembergroupProperties($properties);
call_integration_hook('integrate_save_membergroup', array($current_group['id_group']));
// Time to update the boards this membergroup has access to.
if ($current_group['id_group'] == 2 || $current_group['id_group'] > 3) {
$changed_boards = array();
$changed_boards['allow'] = array();
$changed_boards['deny'] = array();
$changed_boards['ignore'] = array();
if ($validator->boardaccess) {
foreach ($validator->boardaccess as $group_id => $action) {
$changed_boards[$action][] = (int) $group_id;
}
}
foreach (array('allow', 'deny') as $board_action) {
// Find all board this group is in, but shouldn't be in.
detachGroupFromBoards($current_group['id_group'], $changed_boards, $board_action);
// Add the membergroup to all boards that hadn't been set yet.
if (!empty($changed_boards[$board_action])) {
assignGroupToBoards($current_group['id_group'], $changed_boards, $board_action);
}
}
}
// Remove everyone from this group!
if ($min_posts != -1) {
detachDeletedGroupFromMembers($current_group['id_group']);
} elseif ($current_group['id_group'] != 3) {
// Making it a hidden group? If so remove everyone with it as primary group (Actually, just make them additional).
if ($validator->group_hidden == 2) {
setGroupToHidden($current_group['id_group']);
}
// Either way, let's check our "show group membership" setting is correct.
validateShowGroupMembership();
}
// Do we need to set inherited permissions?
if ($group_inherit != -2 && $group_inherit != $_POST['old_inherit']) {
require_once SUBSDIR . '/Permission.subs.php';
updateChildPermissions($group_inherit);
}
// Finally, moderators!
$moderator_string = isset($_POST['group_moderators']) ? trim($_POST['group_moderators']) : '';
detachGroupModerators($current_group['id_group']);
if ((!empty($moderator_string) || !empty($_POST['moderator_list'])) && $min_posts == -1 && $current_group['id_group'] != 3) {
// Get all the usernames from the string
if (!empty($moderator_string)) {
$moderator_string = strtr(preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', htmlspecialchars($moderator_string, ENT_QUOTES, 'UTF-8')), array('"' => '"'));
preg_match_all('~"([^"]+)"~', $moderator_string, $matches);
$moderators = array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $moderator_string)));
for ($k = 0, $n = count($moderators); $k < $n; $k++) {
$moderators[$k] = trim($moderators[$k]);
if (strlen($moderators[$k]) == 0) {
unset($moderators[$k]);
}
}
// Find all the id_member's for the member_name's in the list.
if (!empty($moderators)) {
$group_moderators = getIDMemberFromGroupModerators($moderators);
}
} else {
$moderators = array();
foreach ($_POST['moderator_list'] as $moderator) {
$moderators[] = (int) $moderator;
}
$group_moderators = array();
if (!empty($moderators)) {
require_once SUBSDIR . '/Members.subs.php';
$members = getBasicMemberData($moderators);
foreach ($members as $member) {
$group_moderators[] = $member['id_member'];
}
}
}
// Found some?
if (!empty($group_moderators)) {
assignGroupModerators($current_group['id_group'], $group_moderators);
}
}
// There might have been some post group changes.
updateStats('postgroups');
// We've definitely changed some group stuff.
updateSettings(array('settings_updated' => time()));
// Log the edit.
logAction('edited_group', array('group' => $validator->group_name), 'admin');
redirectexit('action=admin;area=membergroups');
}
// Fetch the current group information.
$row = membergroupById($current_group['id_group'], true);
if (empty($row) || !allowedTo('admin_forum') && $row['group_type'] == 1) {
fatal_lang_error('membergroup_does_not_exist', false);
}
$row['icons'] = explode('#', $row['icons']);
$context['group'] = array('id' => $row['id_group'], 'name' => $row['group_name'], 'description' => htmlspecialchars($row['description'], ENT_COMPAT, 'UTF-8'), 'editable_name' => $row['group_name'], 'color' => $row['online_color'], 'min_posts' => $row['min_posts'], 'max_messages' => $row['max_messages'], 'icon_count' => (int) $row['icons'][0], 'icon_image' => isset($row['icons'][1]) ? $row['icons'][1] : '', 'is_post_group' => $row['min_posts'] != -1, 'type' => $row['min_posts'] != -1 ? 0 : $row['group_type'], 'hidden' => $row['min_posts'] == -1 ? $row['hidden'] : 0, 'inherited_from' => $row['id_parent'], 'allow_post_group' => $row['id_group'] == 2 || $row['id_group'] > 4, 'allow_delete' => $row['id_group'] == 2 || $row['id_group'] > 4, 'allow_protected' => allowedTo('admin_forum'));
// Get any moderators for this group
$context['group']['moderators'] = getGroupModerators($row['id_group']);
$context['group']['moderator_list'] = empty($context['group']['moderators']) ? '' : '"' . implode('", "', $context['group']['moderators']) . '"';
if (!empty($context['group']['moderators'])) {
list($context['group']['last_moderator_id']) = array_slice(array_keys($context['group']['moderators']), -1);
}
// Get a list of boards this membergroup is allowed to see.
$context['boards'] = array();
if ($row['id_group'] == 2 || $row['id_group'] > 3) {
require_once SUBSDIR . '/Boards.subs.php';
$context += getBoardList(array('override_permissions' => true, 'access' => $row['id_group'], 'not_redirection' => true));
// Include a list of boards per category for easy toggling.
foreach ($context['categories'] as $category) {
$context['categories'][$category['id']]['child_ids'] = array_keys($category['boards']);
}
}
// Finally, get all the groups this could be inherited off.
$context['inheritable_groups'] = getInheritableGroups($row['id_group']);
call_integration_hook('integrate_view_membergroup');
$context['sub_template'] = 'edit_group';
$context['page_title'] = $txt['membergroups_edit_group'];
// Use the autosuggest script when needed
if ($context['group']['id'] != 3 && $context['group']['id'] != 4) {
loadJavascriptFile('suggest.js', array('defer' => true));
}
createToken('admin-mmg');
}
/**
* Removing old and inactive members.
*/
public function action_purgeinactive_display()
{
global $context, $txt;
checkSession();
validateToken('admin-maint');
require_once SUBSDIR . '/DataValidator.class.php';
// Start with checking and cleaning what was sent
$validator = new Data_Validator();
$validator->sanitation_rules(array('maxdays' => 'intval'));
$validator->validation_rules(array('maxdays' => 'required', 'groups' => 'isarray', 'del_type' => 'required'));
// Validator says, you can pass or not
if ($validator->validate($_POST)) {
require_once SUBSDIR . '/Maintenance.subs.php';
require_once SUBSDIR . '/Members.subs.php';
$groups = array();
foreach ($validator->groups as $id => $dummy) {
$groups[] = (int) $id;
}
$time_limit = time() - $validator->maxdays * 24 * 3600;
$members = purgeMembers($validator->type, $groups, $time_limit);
deleteMembers($members);
$context['maintenance_finished'] = array('errors' => array(sprintf($txt['maintain_done'], $txt['maintain_members'])));
} else {
$context['maintenance_finished'] = array('errors' => $validator->validation_errors(), 'type' => 'minor');
}
}
/**
* Shows the contact form for the user to fill out
* Needs to be enabled to be used
*/
public function action_contact()
{
global $context, $txt, $user_info, $modSettings;
// Already inside, no need to use this, just send a PM
// Disabled, you cannot enter.
if (!$user_info['is_guest'] || empty($modSettings['enable_contactform']) || $modSettings['enable_contactform'] == 'disabled') {
redirectexit();
}
loadLanguage('Login');
loadTemplate('Register');
if (isset($_REQUEST['send'])) {
checkSession('post');
validateToken('contact');
spamProtection('contact');
// No errors, yet.
$context['errors'] = array();
loadLanguage('Errors');
// Could they get the right send topic verification code?
require_once SUBSDIR . '/VerificationControls.class.php';
require_once SUBSDIR . '/Members.subs.php';
// form validation
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
$validator->sanitation_rules(array('emailaddress' => 'trim', 'contactmessage' => 'trim|Util::htmlspecialchars'));
$validator->validation_rules(array('emailaddress' => 'required|valid_email', 'contactmessage' => 'required'));
$validator->text_replacements(array('emailaddress' => $txt['error_email'], 'contactmessage' => $txt['error_message']));
// Any form errors
if (!$validator->validate($_POST)) {
$context['errors'] = $validator->validation_errors();
}
// How about any verification errors
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$context['errors'][] = $txt['error_' . $error];
}
}
// No errors, then send the PM to the admins
if (empty($context['errors'])) {
$admins = admins();
if (!empty($admins)) {
require_once SUBSDIR . '/PersonalMessage.subs.php';
sendpm(array('to' => array_keys($admins), 'bcc' => array()), $txt['contact_subject'], $_REQUEST['contactmessage'], false, array('id' => 0, 'name' => $validator->emailaddress, 'username' => $validator->emailaddress));
}
// Send the PM
redirectexit('action=contact;sa=done');
} else {
$context['emailaddress'] = $validator->emailaddress;
$context['contactmessage'] = $validator->contactmessage;
}
}
if (isset($_GET['sa']) && $_GET['sa'] == 'done') {
$context['sub_template'] = 'contact_form_done';
} else {
$context['sub_template'] = 'contact_form';
$context['page_title'] = $txt['admin_contact_form'];
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions);
$context['visual_verification_id'] = $verificationOptions['id'];
}
createToken('contact');
}
/**
* Helper method for saving database settings.
*
* @param mixed[] $config_vars
*/
public static function save_db(&$config_vars)
{
static $known_rules = null;
if ($known_rules === null) {
$known_rules = array('nohtml' => 'Util::htmlspecialchars[' . ENT_QUOTES . ']', 'email' => 'valid_email', 'url' => 'valid_url');
}
validateToken('admin-dbsc');
$inlinePermissions = array();
foreach ($config_vars as $var) {
if (!isset($var[1]) || !isset($_POST[$var[1]]) && $var[0] != 'check' && $var[0] != 'permissions' && ($var[0] != 'bbc' || !isset($_POST[$var[1] . '_enabledTags']))) {
continue;
} elseif ($var[0] == 'check') {
$setArray[$var[1]] = !empty($_POST[$var[1]]) ? '1' : '0';
} elseif ($var[0] == 'select' && in_array($_POST[$var[1]], array_keys($var[2]))) {
$setArray[$var[1]] = $_POST[$var[1]];
} elseif ($var[0] == 'select' && !empty($var['multiple']) && array_intersect($_POST[$var[1]], array_keys($var[2])) != array()) {
// For security purposes we validate this line by line.
$options = array();
foreach ($_POST[$var[1]] as $invar) {
if (in_array($invar, array_keys($var[2]))) {
$options[] = $invar;
}
}
$setArray[$var[1]] = serialize($options);
} elseif ($var[0] == 'int') {
$setArray[$var[1]] = (int) $_POST[$var[1]];
} elseif ($var[0] == 'float') {
$setArray[$var[1]] = (double) $_POST[$var[1]];
} elseif ($var[0] == 'text' || $var[0] == 'large_text') {
if (isset($var['mask'])) {
$rules = array();
if (!is_array($var['mask'])) {
$var['mask'] = array($var['mask']);
}
foreach ($var['mask'] as $key => $mask) {
if (isset($known_rules[$mask])) {
$rules[$var[1]][] = $known_rules[$mask];
} elseif ($key == 'custom' && isset($mask['apply'])) {
$rules[$var[1]][] = $mask['apply'];
}
}
if (!empty($rules)) {
$rules[$var[1]] = implode('|', $rules[$var[1]]);
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
$validator->sanitation_rules($rules);
$validator->validate($_POST);
$setArray[$var[1]] = $validator->{$var[1]};
}
} else {
$setArray[$var[1]] = $_POST[$var[1]];
}
} elseif ($var[0] == 'password') {
if (isset($_POST[$var[1]][1]) && $_POST[$var[1]][0] == $_POST[$var[1]][1]) {
$setArray[$var[1]] = $_POST[$var[1]][0];
}
} elseif ($var[0] == 'bbc') {
$bbcTags = array();
foreach (parse_bbc(false) as $tag) {
$bbcTags[] = $tag['tag'];
}
if (!isset($_POST[$var[1] . '_enabledTags'])) {
$_POST[$var[1] . '_enabledTags'] = array();
} elseif (!is_array($_POST[$var[1] . '_enabledTags'])) {
$_POST[$var[1] . '_enabledTags'] = array($_POST[$var[1] . '_enabledTags']);
}
$setArray[$var[1]] = implode(',', array_diff($bbcTags, $_POST[$var[1] . '_enabledTags']));
} elseif ($var[0] == 'permissions') {
$inlinePermissions[] = $var[1];
}
}
if (!empty($setArray)) {
updateSettings($setArray);
}
// If we have inline permissions we need to save them.
if (!empty($inlinePermissions) && allowedTo('manage_permissions')) {
// we'll need to save inline permissions
require_once SUBSDIR . '/Permission.subs.php';
InlinePermissions_Form::save_inline_permissions($inlinePermissions);
}
}
/**
* All the post by email settings, used to control how the feature works
*
* @uses Admin language
*/
public function action_settings()
{
global $scripturl, $context, $txt, $modSettings;
// Be nice, show them we did something
if (isset($_GET['saved'])) {
$context['settings_message'] = $txt['saved'];
}
// Templates and language
loadLanguage('Admin');
loadTemplate('Admin', 'admin');
// Load any existing email => board values used for new topic creation
$context['maillist_from_to_board'] = array();
$data = !empty($modSettings['maillist_receiving_address']) ? unserialize($modSettings['maillist_receiving_address']) : array();
foreach ($data as $key => $addr) {
$context['maillist_from_to_board'][$key] = array('id' => $key, 'emailfrom' => $addr[0], 'boardto' => $addr[1]);
}
// Initialize the maillist settings form
$this->_initMaillistSettingsForm();
// Retrieve the config settings
$config_vars = $this->_maillistSettings->settings();
// Saving settings?
if (isset($_GET['save'])) {
checkSession();
call_integration_hook('integrate_save_maillist_settings');
$email_error = false;
$board_error = false;
$maillist_receiving_address = array();
// Basic checking of the email addresses
require_once SUBSDIR . '/DataValidator.class.php';
if (!Data_Validator::is_valid($_POST, array('maillist_sitename_address' => 'valid_email'), array('maillist_sitename_address' => 'trim'))) {
$email_error = $_POST['maillist_sitename_address'];
}
if (!Data_Validator::is_valid($_POST, array('maillist_sitename_help' => 'valid_email'), array('maillist_sitename_help' => 'trim'))) {
$email_error = $_POST['maillist_sitename_help'];
}
if (!Data_Validator::is_valid($_POST, array('maillist_mail_from' => 'valid_email'), array('maillist_mail_from' => 'trim'))) {
$email_error = $_POST['maillist_mail_from'];
}
// Inbound email set up then we need to check for both valid email and valid board
if (!$email_error && !empty($_POST['emailfrom'])) {
// Get the board ids for a quick check
$boards = maillist_board_list();
// Check the receiving emails and the board id as well
$boardtocheck = !empty($_POST['boardto']) ? $_POST['boardto'] : array();
$addresstocheck = !empty($_POST['emailfrom']) ? $_POST['emailfrom'] : array();
foreach ($addresstocheck as $key => $checkme) {
// Valid email syntax
if (!Data_Validator::is_valid($addresstocheck, array($key => 'valid_email'), array($key => 'trim'))) {
$email_error = $checkme;
$context['error_type'] = 'notice';
continue;
}
// Valid board id?
if (!isset($boardtocheck[$key]) || !isset($boards[$key])) {
$board_error = $checkme;
$context['error_type'] = 'notice';
continue;
}
// Decipher as [0]emailaddress and [1]board id
$maillist_receiving_address[] = array($checkme, $boardtocheck[$key]);
}
}
// Enable or disable the fake cron
enable_maillist_imap_cron(!empty($_POST['maillist_imap_cron']));
// Check and set any errors or give the go ahead to save
if ($email_error) {
$context['settings_message'] = sprintf($txt['email_not_valid'], $email_error);
} elseif ($board_error) {
$context['settings_message'] = sprintf($txt['board_not_valid'], $board_error);
} else {
// Clear the moderation count cache
cache_put_data('num_menu_errors', null, 900);
// Should be off if mail posting is on, we ignore it anyway but this at least updates the ACP
if (!empty($_POST['maillist_enabled'])) {
updateSettings(array('disallow_sendBody' => ''));
}
updateSettings(array('maillist_receiving_address' => serialize($maillist_receiving_address)));
Settings_Form::save_db($config_vars);
writeLog();
redirectexit('action=admin;area=maillist;sa=emailsettings;saved');
}
}
// Javascript vars for the "add more" buttons in the receive_email callback
$board_list = maillist_board_list();
$script = '';
$i = 0;
// Create the board selection list
foreach ($board_list as $board_id => $board_name) {
$script .= $i++ . ': {id:' . $board_id . ', name:' . JavaScriptEscape($board_name) . '},';
}
addInlineJavascript('
var sEmailParent = \'add_more_email_placeholder\',
oEmailOptionsdt = {size: \'50\', name: \'emailfrom[]\', class: \'input_text\'},
oEmailOptionsdd = {size: \'1\', type: \'select\', name: \'boardto[]\', class: \'input_select\'},
oEmailSelectData = {' . $script . '};
document.getElementById(\'add_more_board_div\').style.display = \'\';', true);
$context['boards'] = $board_list;
$context['settings_title'] = $txt['ml_emailsettings'];
$context['page_title'] = $txt['ml_emailsettings'];
$context['post_url'] = $scripturl . '?action=admin;area=maillist;sa=emailsettings;save';
$context['sub_template'] = 'show_settings';
Settings_Form::prepare_db($config_vars);
}
<?php
namespace validator;
include "bootstrap.php";
include "DataValidator.php";
$validator = new Data_Validator();
$validator->set("Login", $_GET['email'])->is_required()->is_email();
if ($validator->validate()) {
$busca = ver("usuarios", "id", "email = '" . $_GET['email'] . "' and senha = '" . $_GET['senha'] . "'");
if ($busca) {
$_SESSION['id'] = $ver['id'];
$_SESSION['token'] = hash("sha512", date("d-m-Y H:i:s") . $ver['id'] . $_GET['email']);
$data['token'] = $_SESSION['token'];
alterar("usuarios", "id = " . $ver['id'], $data);
http_response_code(200);
} else {
http_response_code(204);
}
} else {
$retorno = array("errors" => $validate->get_errors_html());
http_response_code(400);
json_encode($retorno);
}
