/**
* Prepare the errors for display.
*
* - Return an array containing the error strings
* - If severity is null the function returns all the errors
*
* @param int|null $severity = null the severity level wanted
*/
public function prepareErrors($severity = null)
{
global $txt;
$returns = array();
if ($this->_generic_error !== null) {
$returns['attach_generic'] = array('errors' => $this->_generic_error->prepareErrors($severity), 'type' => $this->getErrorType(), 'title' => $txt['attach_error_title']);
}
if (!empty($this->_attachs)) {
foreach ($this->_attachs as $attachID => $error) {
$returns[$attachID] = array('errors' => $error['error']->prepareErrors($severity), 'type' => $this->getErrorType(), 'title' => sprintf($txt['attach_warning'], $error['name']));
}
}
return $returns;
}
function testSimpleError()
{
$error_context = Error_Context::context();
// Let's add an error and see
$error_context->addError('test');
$this->assertTrue($error_context->hasErrors());
$this->assertTrue($error_context->hasError('test'));
$this->assertFalse($error_context->hasError('test2'));
$this->assertEqual($error_context->getErrorType(), Error_Context::MINOR);
// Now the error can be removed
$error_context->removeError('test');
$this->assertFalse($error_context->hasErrors());
$this->assertFalse($error_context->hasError('test'));
$this->assertFalse($error_context->hasError('test2'));
$this->assertFalse($error_context->getErrors());
}
/**
* Create a anti-bot verification control?
*
* @param mixed[] $verificationOptions
* @param bool $do_test = false
*/
function create_control_verification(&$verificationOptions, $do_test = false)
{
global $context;
// We need to remember this because when failing the page is realoaded and the
// code must remain the same (unless it has to change)
static $all_instances = array();
// Always have an ID.
assert(isset($verificationOptions['id']));
$isNew = !isset($context['controls']['verification'][$verificationOptions['id']]);
if ($isNew) {
$context['controls']['verification'][$verificationOptions['id']] = array('id' => $verificationOptions['id'], 'max_errors' => isset($verificationOptions['max_errors']) ? $verificationOptions['max_errors'] : 3, 'render' => false);
}
$thisVerification =& $context['controls']['verification'][$verificationOptions['id']];
if (!isset($_SESSION[$verificationOptions['id'] . '_vv'])) {
$_SESSION[$verificationOptions['id'] . '_vv'] = array();
}
$force_refresh = (!empty($_SESSION[$verificationOptions['id'] . '_vv']['did_pass']) || empty($_SESSION[$verificationOptions['id'] . '_vv']['count']) || $_SESSION[$verificationOptions['id'] . '_vv']['count'] > 3) && empty($verificationOptions['dont_refresh']);
if (!isset($all_instances[$verificationOptions['id']])) {
$known_verifications = loadVerificationControls();
$all_instances[$verificationOptions['id']] = array();
foreach ($known_verifications as $verification) {
$class_name = 'Verification_Controls_' . ucfirst($verification);
$current_instance = new $class_name($verificationOptions);
// If there is anything to show, otherwise forget it
if ($current_instance->showVerification($isNew, $force_refresh)) {
$all_instances[$verificationOptions['id']][$verification] = $current_instance;
}
}
}
$instances =& $all_instances[$verificationOptions['id']];
// Is there actually going to be anything?
if (empty($instances)) {
return false;
} elseif (!$isNew && !$do_test) {
return true;
}
$verification_errors = Error_Context::context($verificationOptions['id']);
$increase_error_count = false;
// Start with any testing.
if ($do_test) {
// This cannot happen!
if (!isset($_SESSION[$verificationOptions['id'] . '_vv']['count'])) {
fatal_lang_error('no_access', false);
}
foreach ($instances as $instance) {
$outcome = $instance->doTest();
if ($outcome !== true) {
$increase_error_count = true;
$verification_errors->addError($outcome);
}
}
}
// Any errors means we refresh potentially.
if ($increase_error_count) {
if (empty($_SESSION[$verificationOptions['id'] . '_vv']['errors'])) {
$_SESSION[$verificationOptions['id'] . '_vv']['errors'] = 0;
} elseif ($_SESSION[$verificationOptions['id'] . '_vv']['errors'] > $thisVerification['max_errors']) {
$force_refresh = true;
}
// Keep a track of these.
$_SESSION[$verificationOptions['id'] . '_vv']['errors']++;
}
// Are we refreshing then?
if ($force_refresh) {
// Assume nothing went before.
$_SESSION[$verificationOptions['id'] . '_vv']['count'] = 0;
$_SESSION[$verificationOptions['id'] . '_vv']['errors'] = 0;
$_SESSION[$verificationOptions['id'] . '_vv']['did_pass'] = false;
}
foreach ($instances as $test => $instance) {
$instance->createTest($force_refresh);
$thisVerification['test'][$test] = $instance->prepareContext();
if ($instance->hasVisibleTemplate()) {
$thisVerification['render'] = true;
}
}
$_SESSION[$verificationOptions['id'] . '_vv']['count'] = empty($_SESSION[$verificationOptions['id'] . '_vv']['count']) ? 1 : $_SESSION[$verificationOptions['id'] . '_vv']['count'] + 1;
// Return errors if we have them.
if ($verification_errors->hasErrors()) {
// @todo temporary until the error class is implemented in register
$error_codes = array();
foreach ($verification_errors->getErrors() as $errors) {
foreach ($errors as $error) {
$error_codes[] = $error;
}
}
return $error_codes;
} elseif ($do_test) {
$_SESSION[$verificationOptions['id'] . '_vv']['did_pass'] = true;
}
// Say that everything went well chaps.
return true;
}
/**
* See if a username already exists.
*/
private function _registerCheckUsername()
{
global $context;
// This is XML!
loadTemplate('Xml');
$context['sub_template'] = 'check_username';
$context['checked_username'] = isset($_GET['username']) ? un_htmlspecialchars($_GET['username']) : '';
$context['valid_username'] = true;
// Clean it up like mother would.
$context['checked_username'] = preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $context['checked_username']);
$errors = Error_Context::context('valid_username', 0);
require_once SUBSDIR . '/Auth.subs.php';
validateUsername(0, $context['checked_username'], 'valid_username', true, false);
$context['valid_username'] = !$errors->hasErrors();
}
/**
* Creates a new ban group
*
* What it does:
* - If a ban group with the same name already exists or the group s successfully created the ID is returned
* - On error the error code is returned or false
*
* @package Bans
* @param mixed[] $ban_info
* @return int the ban group's ID
*/
function insertBanGroup($ban_info = array())
{
$db = database();
$ban_errors = Error_Context::context('ban', 1);
if (empty($ban_info['name'])) {
$ban_errors->addError('ban_name_empty');
}
if (empty($ban_info['cannot']['access']) && empty($ban_info['cannot']['register']) && empty($ban_info['cannot']['post']) && empty($ban_info['cannot']['login'])) {
$ban_errors->addError('ban_unknown_restriction_type');
}
if ($ban_errors->hasErrors()) {
return false;
}
// Check whether a ban with this name already exists.
$request = $db->query('', '
SELECT id_ban_group
FROM {db_prefix}ban_groups
WHERE name = {string:new_ban_name}' . '
LIMIT 1', array('new_ban_name' => $ban_info['name']));
// @todo shouldn't be an error here?
if ($db->num_rows($request) == 1) {
list($id_ban) = $db->fetch_row($request);
$db->free_result($request);
return $id_ban;
}
$db->free_result($request);
// Yes yes, we're ready to add now.
$db->insert('', '{db_prefix}ban_groups', array('name' => 'string-20', 'ban_time' => 'int', 'expire_time' => 'raw', 'cannot_access' => 'int', 'cannot_register' => 'int', 'cannot_post' => 'int', 'cannot_login' => 'int', 'reason' => 'string-255', 'notes' => 'string-65534'), array($ban_info['name'], time(), $ban_info['db_expiration'], $ban_info['cannot']['access'], $ban_info['cannot']['register'], $ban_info['cannot']['post'], $ban_info['cannot']['login'], $ban_info['reason'], $ban_info['notes']), array('id_ban_group'));
$ban_info['id'] = $db->insert_id('{db_prefix}ban_groups', 'id_ban_group');
if (empty($ban_info['id'])) {
$ban_errors->addError('impossible_insert_new_bangroup');
}
return $ban_info['id'];
}
/**
* Send the emails.
*
* - Sends off emails to all the moderators.
* - Sends to administrators and global moderators. (1 and 2)
* - Called by action_reporttm(), and thus has the same permission and setting requirements as it does.
* - Accessed through ?action=reporttm when posting.
*/
public function action_reporttm2()
{
global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $language, $context;
// You must have the proper permissions!
isAllowedTo('report_any');
// Make sure they aren't spamming.
spamProtection('reporttm');
require_once SUBSDIR . '/Mail.subs.php';
// No errors, yet.
$report_errors = Error_Context::context('report', 1);
// Check their session.
if (checkSession('post', '', false) != '') {
$report_errors->addError('session_timeout');
}
// Make sure we have a comment and it's clean.
if (!isset($_POST['comment']) || Util::htmltrim($_POST['comment']) === '') {
$report_errors->addError('no_comment');
}
$poster_comment = strtr(Util::htmlspecialchars($_POST['comment']), array("\r" => '', "\t" => ''));
if (Util::strlen($poster_comment) > 254) {
$report_errors->addError('post_too_long');
}
// Guests need to provide their address!
if ($user_info['is_guest']) {
require_once SUBSDIR . '/DataValidator.class.php';
if (!Data_Validator::is_valid($_POST, array('email' => 'valid_email'), array('email' => 'trim'))) {
empty($_POST['email']) ? $report_errors->addError('no_email') : $report_errors->addError('bad_email');
}
isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
$user_info['email'] = htmlspecialchars($_POST['email'], ENT_COMPAT, 'UTF-8');
}
// Could they get the right verification code?
if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) {
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'report');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$report_errors->addError($error, 0);
}
}
}
// Any errors?
if ($report_errors->hasErrors()) {
return $this->action_reporttm();
}
// Get the basic topic information, and make sure they can see it.
$msg_id = (int) $_POST['msg'];
$message = posterDetails($msg_id, $topic);
if (empty($message)) {
fatal_lang_error('no_board', false);
}
$poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
$reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
$subject = un_htmlspecialchars($message['subject']);
// Get a list of members with the moderate_board permission.
require_once SUBSDIR . '/Members.subs.php';
$moderators = membersAllowedTo('moderate_board', $board);
$result = getBasicMemberData($moderators, array('preferences' => true, 'sort' => 'lngfile'));
$mod_to_notify = array();
foreach ($result as $row) {
if ($row['notify_types'] != 4) {
$mod_to_notify[] = $row;
}
}
// Check that moderators do exist!
if (empty($mod_to_notify)) {
fatal_lang_error('no_mods', false);
}
// If we get here, I believe we should make a record of this, for historical significance, yabber.
if (empty($modSettings['disable_log_report'])) {
require_once SUBSDIR . '/Messages.subs.php';
$id_report = recordReport($message, $poster_comment);
// If we're just going to ignore these, then who gives a monkeys...
if ($id_report === false) {
redirectexit('topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id);
}
}
// Find out who the real moderators are - for mod preferences.
require_once SUBSDIR . '/Boards.subs.php';
$real_mods = getBoardModerators($board, true);
// Send every moderator an email.
foreach ($mod_to_notify as $row) {
// Maybe they don't want to know?!
if (!empty($row['mod_prefs'])) {
list(, , $pref_binary) = explode('|', $row['mod_prefs']);
if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) {
continue;
}
}
$replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id, 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']);
$emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
// Send it to the moderator.
sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 2);
}
// Keep track of when the mod reports get updated, that way we know when we need to look again.
updateSettings(array('last_mod_report_action' => time()));
// Back to the post we reported!
redirectexit('reportsent;topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id);
}
/**
* Update the settings for a poll, or add a new one.
* Must be called with a topic specified in the URL.
* The user must have poll_edit_any/poll_add_any permission
* for the relevant action. Otherwise they must be poll starter
* with poll_edit_own permission for editing, or be topic starter
* with poll_add_any permission for adding.
* In the case of an error, this function will redirect back to
* action_editpoll and display the relevant error message.
* Upon successful completion of action will direct user back to topic.
* Accessed via ?action=editpoll2.
*/
public function action_editpoll2()
{
global $topic, $board, $user_info;
// Sneaking off, are we?
if (empty($_POST)) {
redirectexit('action=editpoll;topic=' . $topic . '.0');
}
$poll_errors = Error_Context::context('poll');
if (checkSession('post', '', false) != '') {
$poll_errors->addError('session_timeout');
}
if (isset($_POST['preview'])) {
return $this->action_editpoll();
}
// HACKERS (!!) can't edit :P.
if (empty($topic)) {
fatal_lang_error('no_access', false);
}
// Is this a new poll, or editing an existing?
$isEdit = isset($_REQUEST['add']) ? 0 : 1;
// Make sure we have our stuff.
require_once SUBSDIR . '/Poll.subs.php';
// Get the starter and the poll's ID - if it's an edit.
$bcinfo = getPollStarter($topic);
// Check their adding/editing is valid.
if (!$isEdit && !empty($bcinfo['id_poll'])) {
fatal_lang_error('poll_already_exists');
} elseif ($isEdit && empty($bcinfo['id_poll'])) {
fatal_lang_error('poll_not_found');
}
// Check if they have the power to add or edit the poll.
if ($isEdit && !allowedTo('poll_edit_any')) {
isAllowedTo('poll_edit_' . ($user_info['id'] == $bcinfo['id_member_started'] || $bcinfo['poll_starter'] != 0 && $user_info['id'] == $bcinfo['poll_starter'] ? 'own' : 'any'));
} elseif (!$isEdit && !allowedTo('poll_add_any')) {
isAllowedTo('poll_add_' . ($user_info['id'] == $bcinfo['id_member_started'] ? 'own' : 'any'));
}
$optionCount = 0;
$idCount = 0;
// Ensure the user is leaving a valid amount of options - there must be at least two.
foreach ($_POST['options'] as $k => $option) {
if (trim($option) != '') {
$optionCount++;
$idCount = max($idCount, $k);
}
}
if ($optionCount < 2) {
$poll_errors->addError('poll_few');
} elseif ($optionCount > 256 || $idCount > 255) {
$poll_errors->addError('poll_many');
}
// Also - ensure they are not removing the question.
if (trim($_POST['question']) == '') {
$poll_errors->addError('no_question');
}
// Got any errors to report?
if ($poll_errors->hasErrors()) {
return $this->action_editpoll();
}
// Prevent double submission of this form.
checkSubmitOnce('check');
// Now we've done all our error checking, let's get the core poll information cleaned... question first.
$_POST['question'] = Util::htmlspecialchars($_POST['question']);
$_POST['question'] = Util::substr($_POST['question'], 0, 255);
$_POST['poll_hide'] = (int) $_POST['poll_hide'];
$_POST['poll_expire'] = isset($_POST['poll_expire']) ? (int) $_POST['poll_expire'] : 0;
$_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0;
$_POST['poll_guest_vote'] = isset($_POST['poll_guest_vote']) ? 1 : 0;
// Make sure guests are actually allowed to vote generally.
if ($_POST['poll_guest_vote']) {
require_once SUBSDIR . '/Members.subs.php';
$allowedGroups = groupsAllowedTo('poll_vote', $board);
if (!in_array(-1, $allowedGroups['allowed'])) {
$_POST['poll_guest_vote'] = 0;
}
}
// Ensure that the number options allowed makes sense, and the expiration date is valid.
if (!$isEdit || allowedTo('moderate_board')) {
$_POST['poll_expire'] = $_POST['poll_expire'] > 9999 ? 9999 : ($_POST['poll_expire'] < 0 ? 0 : $_POST['poll_expire']);
if (empty($_POST['poll_expire']) && $_POST['poll_hide'] == 2) {
$_POST['poll_hide'] = 1;
} elseif (!$isEdit || $_POST['poll_expire'] != ceil($bcinfo['expire_time'] <= time() ? -1 : ($bcinfo['expire_time'] - time()) / (3600 * 24))) {
$_POST['poll_expire'] = empty($_POST['poll_expire']) ? '0' : time() + $_POST['poll_expire'] * 3600 * 24;
} else {
$_POST['poll_expire'] = $bcinfo['expire_time'];
}
if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) {
$_POST['poll_max_votes'] = 1;
} else {
$_POST['poll_max_votes'] = (int) $_POST['poll_max_votes'];
}
}
// If we're editing, let's commit the changes.
if ($isEdit) {
modifyPoll($bcinfo['id_poll'], $_POST['question'], !empty($_POST['poll_max_votes']) ? $_POST['poll_max_votes'] : 0, $_POST['poll_hide'], !empty($_POST['poll_expire']) ? $_POST['poll_expire'] : 0, $_POST['poll_change_vote'], $_POST['poll_guest_vote']);
} else {
// Create the poll.
$bcinfo['id_poll'] = createPoll($_POST['question'], $user_info['id'], $user_info['username'], $_POST['poll_max_votes'], $_POST['poll_hide'], $_POST['poll_expire'], $_POST['poll_change_vote'], $_POST['poll_guest_vote']);
// Link the poll to the topic.
associatedPoll($topic, $bcinfo['id_poll']);
}
// Get all the choices. (no better way to remove all emptied and add previously non-existent ones.)
$choices = array_keys(pollOptions($bcinfo['id_poll']));
$add_options = array();
$update_options = array();
$delete_options = array();
foreach ($_POST['options'] as $k => $option) {
// Make sure the key is numeric for sanity's sake.
$k = (int) $k;
// They've cleared the box. Either they want it deleted, or it never existed.
if (trim($option) == '') {
// They want it deleted. Bye.
if (in_array($k, $choices)) {
$delete_options[] = $k;
}
// Skip the rest...
continue;
}
// Dress the option up for its big date with the database.
$option = Util::htmlspecialchars($option);
// If it's already there, update it. If it's not... add it.
if (in_array($k, $choices)) {
$update_options[] = array($bcinfo['id_poll'], $k, $option);
} else {
$add_options[] = array($bcinfo['id_poll'], $k, $option, 0);
}
}
if (!empty($update_options)) {
modifyPollOption($update_options);
}
if (!empty($add_options)) {
insertPollOptions($add_options);
}
// I'm sorry, but... well, no one was choosing you. Poor options, I'll put you out of your misery.
if (!empty($delete_options)) {
deletePollOptions($bcinfo['id_poll'], $delete_options);
}
// Shall I reset the vote count, sir?
if (isset($_POST['resetVoteCount'])) {
resetVotes($bcinfo['id_poll']);
}
call_integration_hook('integrate_poll_add_edit', array($bcinfo['id_poll'], $isEdit));
// Off we go.
redirectexit('topic=' . $topic . '.' . $_REQUEST['start']);
}
/**
* Does the actual saving of the article data
*
* - validates the data is safe to save
* - updates existing articles or creates new ones
*/
private function _sportal_admin_article_edit_save()
{
global $context, $txt, $modSettings;
// No errors, yet.
$article_errors = Error_Context::context('article', 0);
// Use our standard validation functions in a few spots
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
// If its not new, lets load the current data
if (!$this->_is_new) {
$_REQUEST['article_id'] = (int) $_REQUEST['article_id'];
$context['article'] = sportal_get_articles($_REQUEST['article_id']);
}
// Clean and Review the post data for compliance
$validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'article_id' => 'intval', 'category_id' => 'intval', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim'));
$validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required'));
$validator->text_replacements(array('title' => $txt['sp_admin_articles_col_title'], 'namespace' => $txt['sp_admin_articles_col_namespace'], 'content' => $txt['sp_admin_articles_col_body']));
// If you messed this up, back you go
if (!$validator->validate($_POST)) {
foreach ($validator->validation_errors() as $id => $error) {
$article_errors->addError($error);
}
$this->action_sportal_admin_article_edit();
}
// Lets make sure this namespace (article id) is unique
$has_duplicate = sp_duplicate_articles($validator->article_id, $validator->namespace);
if (!empty($has_duplicate)) {
$article_errors->addError('sp_error_article_namespace_duplicate');
}
// And we can't have just a numeric namespace (article id)
if (preg_replace('~[0-9]+~', '', $validator->namespace) === '') {
$article_errors->addError('sp_error_article_namespace_numeric');
}
// Posting some PHP code, and allowed? Then we need to validate it will run
if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) {
$validator_php = new Data_Validator();
$validator_php->validation_rules(array('content' => 'php_syntax'));
// Bad PHP code
if (!$validator_php->validate(array('content' => $_POST['content']))) {
$article_errors->addError($validator_php->validation_errors());
}
}
// None shall pass ... with errors
if ($article_errors->hasErrors()) {
$this->action_sportal_admin_article_edit();
}
// No errors then, prepare the data for saving
$article_info = array('id' => $validator->article_id, 'id_category' => $validator->category_id, 'namespace' => $validator->namespace, 'title' => $validator->title, 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($validator->type, array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => $validator->permissions, 'status' => !empty($_POST['status']) ? 1 : 0);
if ($article_info['type'] === 'bbc') {
preparsecode($article_info['body']);
}
// Save away
checkSession();
sp_save_article($article_info, $this->_is_new);
redirectexit('action=admin;area=portalarticles');
return true;
}
/**
* Find and return error_context instance if it exists,
* or create a new instance for $id if it didn't already exist.
*
* @param string $id
* @param int|null $default_severity
* @return Error_Context
*/
public static function context($id = 'default', $default_severity = null)
{
if (self::$_contexts === null) {
self::$_contexts = array();
}
if (!array_key_exists($id, self::$_contexts)) {
self::$_contexts[$id] = new Error_Context($id, $default_severity);
}
return self::$_contexts[$id];
}
/**
* Checks a username obeys a load of rules
*
* - Returns null if fine
*
* @package Authorization
* @param int $memID
* @param string $username
* @param string $error_context
* @param boolean $check_reserved_name
* @param boolean $fatal pass through to isReservedName
* @return string
*/
function validateUsername($memID, $username, $error_context = 'register', $check_reserved_name = true, $fatal = true)
{
global $txt;
$errors = Error_Context::context($error_context, 0);
// Don't use too long a name.
if (Util::strlen($username) > 25) {
$errors->addError('error_long_name');
}
// No name?! How can you register with no name?
if ($username == '') {
$errors->addError('need_username');
}
// Only these characters are permitted.
if (in_array($username, array('_', '|')) || preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $username)) != 0 || strpos($username, '[code') !== false || strpos($username, '[/code') !== false) {
$errors->addError('error_invalid_characters_username');
}
if (stristr($username, $txt['guest_title']) !== false) {
$errors->addError(array('username_reserved', array($txt['guest_title'])), 1);
}
if ($check_reserved_name) {
require_once SUBSDIR . '/Members.subs.php';
if (isReservedName($username, $memID, false, $fatal)) {
$errors->addError(array('name_in_use', array(htmlspecialchars($username, ENT_COMPAT, 'UTF-8'))));
}
}
}
/**
* Registers a member to the forum.
*
* What it does:
* - Allows two types of interface: 'guest' and 'admin'. The first
* - includes hammering protection, the latter can perform the registration silently.
* - The strings used in the options array are assumed to be escaped.
* - Allows to perform several checks on the input, e.g. reserved names.
* - The function will adjust member statistics.
* - If an error is detected will fatal error on all errors unless return_errors is true.
*
* @package Members
* @uses Auth.subs.php
* @uses Mail.subs.php
* @param mixed[] $regOptions
* @param string $error_context
* @return integer the ID of the newly created member
*/
function registerMember(&$regOptions, $error_context = 'register')
{
global $scripturl, $txt, $modSettings, $user_info;
$db = database();
loadLanguage('Login');
// We'll need some external functions.
require_once SUBSDIR . '/Auth.subs.php';
require_once SUBSDIR . '/Mail.subs.php';
// Put any errors in here.
$reg_errors = Error_Context::context($error_context, 0);
// Registration from the admin center, let them sweat a little more.
if ($regOptions['interface'] == 'admin') {
is_not_guest();
isAllowedTo('moderate_forum');
} elseif ($regOptions['interface'] == 'guest') {
// You cannot register twice...
if (empty($user_info['is_guest'])) {
redirectexit();
}
// Make sure they didn't just register with this session.
if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck'])) {
fatal_lang_error('register_only_once', false);
}
}
// What method of authorization are we going to use?
if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid'))) {
if (!empty($regOptions['openid'])) {
$regOptions['auth_method'] = 'openid';
} else {
$regOptions['auth_method'] = 'password';
}
}
// Spaces and other odd characters are evil...
$regOptions['username'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $regOptions['username']));
// Valid emails only
require_once SUBSDIR . '/DataValidator.class.php';
if (!Data_Validator::is_valid($regOptions, array('email' => 'valid_email|required|max_length[255]'), array('email' => 'trim'))) {
$reg_errors->addError('bad_email');
}
validateUsername(0, $regOptions['username'], $error_context, !empty($regOptions['check_reserved_name']));
// Generate a validation code if it's supposed to be emailed.
$validation_code = '';
if ($regOptions['require'] == 'activation') {
$validation_code = generateValidationCode();
}
// If you haven't put in a password generate one.
if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password') {
mt_srand(time() + 1277);
$regOptions['password'] = generateValidationCode();
$regOptions['password_check'] = $regOptions['password'];
} elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password') {
$reg_errors->addError('passwords_dont_match');
}
// That's kind of easy to guess...
if ($regOptions['password'] == '') {
if ($regOptions['auth_method'] == 'password') {
$reg_errors->addError('no_password');
} else {
$regOptions['password'] = sha1(mt_rand());
}
}
// Now perform hard password validation as required.
if (!empty($regOptions['check_password_strength']) && $regOptions['password'] != '') {
$passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
// Password isn't legal?
if ($passwordError != null) {
$reg_errors->addError('profile_error_password_' . $passwordError);
}
}
// You may not be allowed to register this email.
if (!empty($regOptions['check_email_ban'])) {
isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
}
// Check if the email address is in use.
$request = $db->query('', '
SELECT id_member
FROM {db_prefix}members
WHERE email_address = {string:email_address}
OR email_address = {string:username}
LIMIT 1', array('email_address' => $regOptions['email'], 'username' => $regOptions['username']));
if ($db->num_rows($request) != 0) {
$reg_errors->addError(array('email_in_use', array(htmlspecialchars($regOptions['email'], ENT_COMPAT, 'UTF-8'))));
}
$db->free_result($request);
// Perhaps someone else wants to check this user
call_integration_hook('integrate_register_check', array(&$regOptions, &$reg_errors));
// If there's any errors left return them at once!
if ($reg_errors->hasErrors()) {
return false;
}
$reservedVars = array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url');
// Can't change reserved vars.
if (isset($regOptions['theme_vars']) && count(array_intersect(array_keys($regOptions['theme_vars']), $reservedVars)) != 0) {
fatal_lang_error('no_theme');
}
// New password hash
require_once SUBSDIR . '/Auth.subs.php';
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
$regOptions['register_vars'] = array('member_name' => $regOptions['username'], 'email_address' => $regOptions['email'], 'passwd' => validateLoginPassword($regOptions['password'], '', $regOptions['username'], true), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'posts' => 0, 'date_registered' => !empty($regOptions['time']) ? $regOptions['time'] : time(), 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip'], 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip2'], 'validation_code' => $validation_code, 'real_name' => $regOptions['username'], 'personal_text' => $modSettings['default_personal_text'], 'pm_email_notify' => 1, 'id_theme' => 0, 'id_post_group' => 4, 'lngfile' => '', 'buddy_list' => '', 'pm_ignore_list' => '', 'message_labels' => '', 'website_title' => '', 'website_url' => '', 'location' => '', 'time_format' => '', 'signature' => '', 'avatar' => '', 'usertitle' => '', 'secret_question' => '', 'secret_answer' => '', 'additional_groups' => '', 'ignore_boards' => '', 'smiley_set' => '', 'openid_uri' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
// Setup the activation status on this new account so it is correct - firstly is it an under age account?
if ($regOptions['require'] == 'coppa') {
$regOptions['register_vars']['is_activated'] = 5;
// @todo This should be changed. To what should be it be changed??
$regOptions['register_vars']['validation_code'] = '';
} elseif ($regOptions['require'] == 'nothing') {
$regOptions['register_vars']['is_activated'] = 1;
} elseif ($regOptions['require'] == 'activation') {
$regOptions['register_vars']['is_activated'] = 0;
} else {
$regOptions['register_vars']['is_activated'] = 3;
}
if (isset($regOptions['memberGroup'])) {
// Make sure the id_group will be valid, if this is an administator.
$regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
// Check if this group is assignable.
$unassignableGroups = array(-1, 3);
$request = $db->query('', '
SELECT id_group
FROM {db_prefix}membergroups
WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
OR group_type = {int:is_protected}'), array('min_posts' => -1, 'is_protected' => 1));
while ($row = $db->fetch_assoc($request)) {
$unassignableGroups[] = $row['id_group'];
}
$db->free_result($request);
if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups)) {
$regOptions['register_vars']['id_group'] = 0;
}
}
// Integrate optional member settings to be set.
if (!empty($regOptions['extra_register_vars'])) {
foreach ($regOptions['extra_register_vars'] as $var => $value) {
$regOptions['register_vars'][$var] = $value;
}
}
// Integrate optional user theme options to be set.
$theme_vars = array();
if (!empty($regOptions['theme_vars'])) {
foreach ($regOptions['theme_vars'] as $var => $value) {
$theme_vars[$var] = $value;
}
}
// Right, now let's prepare for insertion.
$knownInts = array('date_registered', 'posts', 'id_group', 'last_login', 'personal_messages', 'unread_messages', 'notifications', 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad', 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types', 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning');
$knownFloats = array('time_offset');
// Call an optional function to validate the users' input.
call_integration_hook('integrate_register', array(&$regOptions, &$theme_vars, &$knownInts, &$knownFloats));
$column_names = array();
$values = array();
foreach ($regOptions['register_vars'] as $var => $val) {
$type = 'string';
if (in_array($var, $knownInts)) {
$type = 'int';
} elseif (in_array($var, $knownFloats)) {
$type = 'float';
} elseif ($var == 'birthdate') {
$type = 'date';
}
$column_names[$var] = $type;
$values[$var] = $val;
}
// Register them into the database.
$db->insert('', '{db_prefix}members', $column_names, $values, array('id_member'));
$memberID = $db->insert_id('{db_prefix}members', 'id_member');
// Update the number of members and latest member's info - and pass the name, but remove the 's.
if ($regOptions['register_vars']['is_activated'] == 1) {
updateMemberStats($memberID, $regOptions['register_vars']['real_name']);
} else {
updateMemberStats();
}
// Theme variables too?
if (!empty($theme_vars)) {
$inserts = array();
foreach ($theme_vars as $var => $val) {
$inserts[] = array($memberID, $var, $val);
}
$db->insert('insert', '{db_prefix}themes', array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), $inserts, array('id_member', 'variable'));
}
// If it's enabled, increase the registrations for today.
trackStats(array('registers' => '+'));
// Administrative registrations are a bit different...
if ($regOptions['interface'] == 'admin') {
if ($regOptions['require'] == 'activation') {
$email_message = 'admin_register_activate';
} elseif (!empty($regOptions['send_welcome_email'])) {
$email_message = 'admin_register_immediate';
}
if (isset($email_message)) {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
$emaildata = loadEmailTemplate($email_message, $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
}
} else {
// Can post straight away - welcome them to your fantastic community...
if ($regOptions['require'] == 'nothing') {
if (!empty($regOptions['send_welcome_email'])) {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
$emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
}
// Send admin their notification.
require_once SUBSDIR . '/Notification.subs.php';
sendAdminNotifications('standard', $memberID, $regOptions['username']);
} elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa') {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
if ($regOptions['require'] == 'activation') {
$replacements += array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
} else {
$replacements += array('COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID);
}
$emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
} else {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
$emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
// Admin gets informed here...
require_once SUBSDIR . '/Notification.subs.php';
sendAdminNotifications('approval', $memberID, $regOptions['username']);
}
// Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
$_SESSION['just_registered'] = 1;
}
// If they are for sure registered, let other people to know about it
call_integration_hook('integrate_register_after', array($regOptions, $memberID));
return $memberID;
}
/**
* Used to edit the body or subject of a message inline
* called from action=jsmodify from script and topic js
*/
public function action_jsmodify()
{
global $modSettings, $board, $topic;
global $user_info, $context;
$db = database();
// We have to have a topic!
if (empty($topic)) {
obExit(false);
}
checkSession('get');
require_once SUBSDIR . '/Post.subs.php';
// Assume the first message if no message ID was given.
$request = $db->query('', '
SELECT
t.locked, t.num_replies, t.id_member_started, t.id_first_msg,
m.id_msg, m.id_member, m.poster_time, m.subject, m.smileys_enabled, m.body, m.icon,
m.modified_time, m.modified_name, m.approved
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
WHERE m.id_msg = {raw:id_msg}
AND m.id_topic = {int:current_topic}' . (allowedTo('modify_any') || allowedTo('approve_posts') ? '' : (!$modSettings['postmod_active'] ? '
AND (m.id_member != {int:guest_id} AND m.id_member = {int:current_member})' : '
AND (m.approved = {int:is_approved} OR (m.id_member != {int:guest_id} AND m.id_member = {int:current_member}))')), array('current_member' => $user_info['id'], 'current_topic' => $topic, 'id_msg' => empty($_REQUEST['msg']) ? 't.id_first_msg' : (int) $_REQUEST['msg'], 'is_approved' => 1, 'guest_id' => 0));
if ($db->num_rows($request) == 0) {
fatal_lang_error('no_board', false);
}
$row = $db->fetch_assoc($request);
$db->free_result($request);
// Change either body or subject requires permissions to modify messages.
if (isset($_POST['message']) || isset($_POST['subject']) || isset($_REQUEST['icon'])) {
if (!empty($row['locked'])) {
isAllowedTo('moderate_board');
}
if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) {
if ((!$modSettings['postmod_active'] || $row['approved']) && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) {
fatal_lang_error('modify_post_time_passed', false);
} elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_own')) {
isAllowedTo('modify_replies');
} else {
isAllowedTo('modify_own');
}
} elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_any')) {
isAllowedTo('modify_replies');
} else {
isAllowedTo('modify_any');
}
// Only log this action if it wasn't your message.
$moderationAction = $row['id_member'] != $user_info['id'];
}
$post_errors = Error_Context::context('post', 1);
if (isset($_POST['subject']) && Util::htmltrim(Util::htmlspecialchars($_POST['subject'])) !== '') {
$_POST['subject'] = strtr(Util::htmlspecialchars($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
// Maximum number of characters.
if (Util::strlen($_POST['subject']) > 100) {
$_POST['subject'] = Util::substr($_POST['subject'], 0, 100);
}
} elseif (isset($_POST['subject'])) {
$post_errors->addError('no_subject');
unset($_POST['subject']);
}
if (isset($_POST['message'])) {
if (Util::htmltrim(Util::htmlspecialchars($_POST['message'])) === '') {
$post_errors->addError('no_message');
unset($_POST['message']);
} elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_POST['message']) > $modSettings['max_messageLength']) {
$post_errors->addError(array('long_message', array($modSettings['max_messageLength'])));
unset($_POST['message']);
} else {
$_POST['message'] = Util::htmlspecialchars($_POST['message'], ENT_QUOTES);
preparsecode($_POST['message']);
if (Util::htmltrim(strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '') {
$post_errors->addError('no_message');
unset($_POST['message']);
}
}
}
if (isset($_POST['lock'])) {
if (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $row['id_member']) {
unset($_POST['lock']);
} elseif (!allowedTo('lock_any')) {
if ($row['locked'] == 1) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
}
} elseif (!empty($row['locked']) && !empty($_POST['lock']) || $_POST['lock'] == $row['locked']) {
unset($_POST['lock']);
} else {
$_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
}
}
if (isset($_POST['sticky']) && !allowedTo('make_sticky')) {
unset($_POST['sticky']);
}
if (!$post_errors->hasErrors()) {
$msgOptions = array('id' => $row['id_msg'], 'subject' => isset($_POST['subject']) ? $_POST['subject'] : null, 'body' => isset($_POST['message']) ? $_POST['message'] : null, 'icon' => isset($_REQUEST['icon']) ? preg_replace('~[\\./\\\\*\':"<>]~', '', $_REQUEST['icon']) : null);
$topicOptions = array('id' => $topic, 'board' => $board, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => false);
$posterOptions = array();
// Only consider marking as editing if they have edited the subject, message or icon.
if (isset($_POST['subject']) && $_POST['subject'] != $row['subject'] || isset($_POST['message']) && $_POST['message'] != $row['body'] || isset($_REQUEST['icon']) && $_REQUEST['icon'] != $row['icon']) {
// And even then only if the time has passed...
if (time() - $row['poster_time'] > $modSettings['edit_wait_time'] || $user_info['id'] != $row['id_member']) {
$msgOptions['modify_time'] = time();
$msgOptions['modify_name'] = $user_info['name'];
}
} else {
$moderationAction = false;
}
modifyPost($msgOptions, $topicOptions, $posterOptions);
// If we didn't change anything this time but had before put back the old info.
if (!isset($msgOptions['modify_time']) && !empty($row['modified_time'])) {
$msgOptions['modify_time'] = $row['modified_time'];
$msgOptions['modify_name'] = $row['modified_name'];
}
// Changing the first subject updates other subjects to 'Re: new_subject'.
if (isset($_POST['subject']) && isset($_REQUEST['change_all_subjects']) && $row['id_first_msg'] == $row['id_msg'] && !empty($row['num_replies']) && (allowedTo('modify_any') || $row['id_member_started'] == $user_info['id'] && allowedTo('modify_replies'))) {
// Get the proper (default language) response prefix first.
$context['response_prefix'] = response_prefix();
$db->query('', '
UPDATE {db_prefix}messages
SET subject = {string:subject}
WHERE id_topic = {int:current_topic}
AND id_msg != {int:id_first_msg}', array('current_topic' => $topic, 'id_first_msg' => $row['id_first_msg'], 'subject' => $context['response_prefix'] . $_POST['subject']));
}
if (!empty($moderationAction)) {
logAction('modify', array('topic' => $topic, 'message' => $row['id_msg'], 'member' => $row['id_member'], 'board' => $board));
}
}
if (isset($_REQUEST['xml'])) {
$context['sub_template'] = 'modifydone';
if (!$post_errors->hasErrors() && isset($msgOptions['subject']) && isset($msgOptions['body'])) {
$context['message'] = array('id' => $row['id_msg'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? standardTime($msgOptions['modify_time']) : '', 'html_time' => isset($msgOptions['modify_time']) ? htmlTime($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? $msgOptions['modify_name'] : ''), 'subject' => $msgOptions['subject'], 'first_in_topic' => $row['id_msg'] == $row['id_first_msg'], 'body' => strtr($msgOptions['body'], array(']]>' => ']]]]><![CDATA[>')));
censorText($context['message']['subject']);
censorText($context['message']['body']);
$context['message']['body'] = parse_bbc($context['message']['body'], $row['smileys_enabled'], $row['id_msg']);
} elseif (!$post_errors->hasErrors()) {
$context['sub_template'] = 'modifytopicdone';
$context['message'] = array('id' => $row['id_msg'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? standardTime($msgOptions['modify_time']) : '', 'html_time' => isset($msgOptions['modify_time']) ? htmlTime($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? $msgOptions['modify_name'] : ''), 'subject' => isset($msgOptions['subject']) ? $msgOptions['subject'] : '');
censorText($context['message']['subject']);
} else {
$context['message'] = array('id' => $row['id_msg'], 'errors' => array(), 'error_in_subject' => $post_errors->hasError('no_subject'), 'error_in_body' => $post_errors->hasError('no_message') || $post_errors->hasError('long_message'));
$context['message']['errors'] = $post_errors->prepareErrors();
}
} else {
obExit(false);
}
}
/**
* Send a personal message.
*/
public function action_send2()
{
global $txt, $context, $user_info, $modSettings;
// All the helpers we need
require_once SUBSDIR . '/Auth.subs.php';
require_once SUBSDIR . '/Post.subs.php';
// PM Drafts enabled and needed?
if ($context['drafts_pm_save'] && (isset($_POST['save_draft']) || isset($_POST['id_pm_draft']))) {
require_once SUBSDIR . '/Drafts.subs.php';
}
loadLanguage('PersonalMessage', '', false);
// Extract out the spam settings - it saves database space!
list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']);
// Initialize the errors we're about to make.
$post_errors = Error_Context::context('pm', 1);
// Check whether we've gone over the limit of messages we can send per hour - fatal error if fails!
if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') {
// How many have they sent this last hour?
$pmCount = pmCount($user_info['id'], 3600);
if (!empty($pmCount) && $pmCount >= $modSettings['pm_posts_per_hour']) {
if (!isset($_REQUEST['xml'])) {
fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour']));
} else {
$post_errors->addError('pm_too_many_per_hour');
}
}
}
// If your session timed out, show an error, but do allow to re-submit.
if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') {
$post_errors->addError('session_timeout');
}
$_REQUEST['subject'] = isset($_REQUEST['subject']) ? strtr(Util::htmltrim($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')) : '';
$_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to'];
$_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc'];
// Route the input from the 'u' parameter to the 'to'-list.
if (!empty($_POST['u'])) {
$_POST['recipient_to'] = explode(',', $_POST['u']);
}
// Construct the list of recipients.
$recipientList = array();
$namedRecipientList = array();
$namesNotFound = array();
foreach (array('to', 'bcc') as $recipientType) {
// First, let's see if there's user ID's given.
$recipientList[$recipientType] = array();
if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) {
foreach ($_POST['recipient_' . $recipientType] as $recipient) {
$recipientList[$recipientType][] = (int) $recipient;
}
}
// Are there also literal names set?
if (!empty($_REQUEST[$recipientType])) {
// We're going to take out the "s anyway ;).
$recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $recipientString, $matches);
$namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString))));
// Clean any literal names entered
foreach ($namedRecipientList[$recipientType] as $index => $recipient) {
if (strlen(trim($recipient)) > 0) {
$namedRecipientList[$recipientType][$index] = Util::htmlspecialchars(Util::strtolower(trim($recipient)));
} else {
unset($namedRecipientList[$recipientType][$index]);
}
}
// Now see if we can resolove the entered name to an actual user
if (!empty($namedRecipientList[$recipientType])) {
$foundMembers = findMembers($namedRecipientList[$recipientType]);
// Assume all are not found, until proven otherwise.
$namesNotFound[$recipientType] = $namedRecipientList[$recipientType];
// Make sure we only have each member listed once, incase they did not use the select list
foreach ($foundMembers as $member) {
$testNames = array(Util::strtolower($member['username']), Util::strtolower($member['name']), Util::strtolower($member['email']));
if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) {
$recipientList[$recipientType][] = $member['id'];
// Get rid of this username, since we found it.
$namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames);
}
}
}
}
// Selected a recipient to be deleted? Remove them now.
if (!empty($_POST['delete_recipient'])) {
$recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient']));
}
// Make sure we don't include the same name twice
$recipientList[$recipientType] = array_unique($recipientList[$recipientType]);
}
// Are we changing the recipients some how?
$is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']);
// Check if there's at least one recipient.
if (empty($recipientList['to']) && empty($recipientList['bcc'])) {
$post_errors->addError('no_to');
}
// Make sure that we remove the members who did get it from the screen.
if (!$is_recipient_change) {
foreach (array_keys($recipientList) as $recipientType) {
if (!empty($namesNotFound[$recipientType])) {
$post_errors->addError('bad_' . $recipientType);
// Since we already have a post error, remove the previous one.
$post_errors->removeError('no_to');
foreach ($namesNotFound[$recipientType] as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
}
}
// Did they make any mistakes like no subject or message?
if ($_REQUEST['subject'] == '') {
$post_errors->addError('no_subject');
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$post_errors->addError('no_message');
} elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_REQUEST['message']) > $modSettings['max_messageLength']) {
$post_errors->addError('long_message');
} else {
// Preparse the message.
$message = $_REQUEST['message'];
preparsecode($message);
// Make sure there's still some content left without the tags.
if (Util::htmltrim(strip_tags(parse_bbc(Util::htmlspecialchars($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) {
$post_errors->addError('no_message');
}
}
// Wrong verification code?
if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) {
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'pm');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$post_errors->addError($error);
}
}
}
// If they made any errors, give them a chance to make amends.
if ($post_errors->hasErrors() && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) {
return messagePostError($namedRecipientList, $recipientList);
}
// Want to take a second glance before you send?
if (isset($_REQUEST['preview'])) {
// Set everything up to be displayed.
$context['preview_subject'] = Util::htmlspecialchars($_REQUEST['subject']);
$context['preview_message'] = Util::htmlspecialchars($_REQUEST['message'], ENT_QUOTES, 'UTF-8', true);
preparsecode($context['preview_message'], true);
// Parse out the BBC if it is enabled.
$context['preview_message'] = parse_bbc($context['preview_message']);
// Censor, as always.
censorText($context['preview_subject']);
censorText($context['preview_message']);
// Set a descriptive title.
$context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject'];
// Pretend they messed up but don't ignore if they really did :P.
return messagePostError($namedRecipientList, $recipientList);
} elseif ($is_recipient_change) {
// Maybe we couldn't find one?
foreach ($namesNotFound as $recipientType => $names) {
$post_errors->addError('bad_' . $recipientType);
foreach ($names as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
return messagePostError($namedRecipientList, $recipientList);
}
// Want to save this as a draft and think about it some more?
if ($context['drafts_pm_save'] && isset($_POST['save_draft'])) {
savePMDraft($recipientList);
return messagePostError($namedRecipientList, $recipientList);
} elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) {
$context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])));
return messagePostError($namedRecipientList, $recipientList);
}
// Protect from message spamming.
spamProtection('pm');
// Prevent double submission of this form.
checkSubmitOnce('check');
// Finally do the actual sending of the PM.
if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) {
$context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], true, null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0);
} else {
$context['send_log'] = array('sent' => array(), 'failed' => array());
}
// Mark the message as "replied to".
if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') {
require_once SUBSDIR . '/PersonalMessage.subs.php';
setPMRepliedStatus($user_info['id'], (int) $_REQUEST['replied_to']);
}
// If one or more of the recipients were invalid, go back to the post screen with the failed usernames.
if (!empty($context['send_log']['failed'])) {
return messagePostError($namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed'])));
}
// Message sent successfully?
if (!empty($context['send_log']) && empty($context['send_log']['failed'])) {
$context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent';
// If we had a PM draft for this one, then its time to remove it since it was just sent
if ($context['drafts_pm_save'] && !empty($_POST['id_pm_draft'])) {
deleteDrafts($_POST['id_pm_draft'], $user_info['id']);
}
}
// Go back to the where they sent from, if possible...
redirectexit($context['current_label_redirect']);
}
/**
* Saves a PM draft in the user_drafts table
*
* - The core draft feature must be enabled, as well as the pm draft option
* - Determines if this is a new or and update to an existing pm draft
*
* @package Drafts
* @param mixed[] $recipientList
*/
function savePMDraft($recipientList)
{
global $context, $user_info, $modSettings;
// Ajax calling
if (!isset($context['drafts_pm_save'])) {
$context['drafts_pm_save'] = !empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_pm_enabled']) && allowedTo('pm_draft');
}
// PM survey says ... can you stay or must you go
if (empty($context['drafts_pm_save']) || !isset($_POST['save_draft']) || !isset($_POST['id_pm_draft'])) {
return false;
}
// Read in what was sent
$id_pm_draft = empty($_POST['id_pm_draft']) ? 0 : (int) $_POST['id_pm_draft'];
$draft_info = loadDraft($id_pm_draft, 1);
$post_errors = Error_Context::context('pm', 1);
// 5 seconds is the same limit we have for posting
if (isset($_REQUEST['xml']) && !empty($draft_info['poster_time']) && time() < $draft_info['poster_time'] + 5) {
// Send something back to the javascript caller
if (!empty($id_pm_draft)) {
loadTemplate('Xml');
$context['sub_template'] = 'xml_draft';
$context['id_draft'] = $id_pm_draft;
$context['draft_saved_on'] = $draft_info['poster_time'];
obExit();
}
return true;
}
// Determine who this is being sent to
if (isset($_REQUEST['xml'])) {
$recipientList['to'] = isset($_POST['recipient_to']) ? explode(',', $_POST['recipient_to']) : array();
$recipientList['bcc'] = isset($_POST['recipient_bcc']) ? explode(',', $_POST['recipient_bcc']) : array();
} elseif (!empty($draft_info['to_list']) && empty($recipientList)) {
$recipientList = unserialize($draft_info['to_list']);
}
// Prepare the data
$draft = array('id_pm_draft' => $id_pm_draft, 'reply_id' => empty($_POST['replied_to']) ? 0 : (int) $_POST['replied_to'], 'body' => Util::htmlspecialchars($_POST['message'], ENT_QUOTES), 'subject' => strtr(Util::htmlspecialchars($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')), 'id_member' => $user_info['id']);
// message and subject always need a bit more work
preparsecode($draft['body']);
if (Util::strlen($draft['subject']) > 100) {
$draft['subject'] = Util::substr($draft['subject'], 0, 100);
}
// Modifying an existing PM draft?
if (!empty($id_pm_draft) && !empty($draft_info)) {
modify_pm_draft($draft, $recipientList);
// some items to return to the form
$context['draft_saved'] = true;
$context['id_pm_draft'] = $id_pm_draft;
} else {
$id_pm_draft = create_pm_draft($draft, $recipientList);
// Everything go as expected, if not toss back an error
if (!empty($id_pm_draft)) {
$context['draft_saved'] = true;
$context['id_pm_draft'] = $id_pm_draft;
} else {
$post_errors->addError('draft_not_saved');
}
}
// if we were called from the autosave function, send something back
if (!empty($id_pm_draft) && isset($_REQUEST['xml']) && !$post_errors->hasError('session_timeout')) {
loadTemplate('Xml');
$context['sub_template'] = 'xml_draft';
$context['id_draft'] = $id_pm_draft;
$context['draft_saved_on'] = time();
obExit();
}
return;
}
public function action_register2()
{
global $txt, $modSettings, $context, $user_info;
// Start collecting together any errors.
$reg_errors = Error_Context::context('register', 0);
// Check they are who they should be
checkSession();
if (!validateToken('register', 'post', true, false)) {
$reg_errors->addError('token_verification');
}
// You can't register if it's disabled.
if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) {
fatal_lang_error('registration_disabled', false);
}
// Well, if you don't agree, you can't register.
if (!empty($modSettings['requireAgreement']) && !isset($_POST['checkbox_agreement'])) {
$reg_errors->addError('agreement_unchecked');
}
// Make sure they came from *somewhere*, have a session.
if (!isset($_SESSION['old_url'])) {
redirectexit('action=register');
}
// Check their provider deatils match up correctly in case they're pulling something funny
if ($_POST['provider'] != $_SESSION['extauth_info']['provider']) {
redirectexit('action=register');
}
// Clean up
foreach ($_POST as $key => $value) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
// Needed for isReservedName() and registerMember()
require_once SUBSDIR . '/Members.subs.php';
// Needed for generateValidationCode()
require_once SUBSDIR . '/Auth.subs.php';
// Set the options needed for registration.
$regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval'));
// Lets check for other errors before trying to register the member.
if ($reg_errors->hasErrors()) {
return $this->action_register();
}
mt_srand(time() + 1277);
$regOptions['password'] = generateValidationCode();
$regOptions['password_check'] = $regOptions['password'];
// Registration needs to know your IP
$req = request();
$regOptions['ip'] = $user_info['ip'];
$regOptions['ip2'] = $req->ban_ip();
$memberID = registerMember($regOptions, 'register');
// If there are "important" errors and you are not an admin: log the first error
// Otherwise grab all of them and don't log anything
if ($reg_errors->hasErrors(1) && !$user_info['is_admin']) {
foreach ($reg_errors->prepareErrors(1) as $error) {
fatal_error($error, 'general');
}
}
// One last error check
if ($reg_errors->hasErrors()) {
return $this->action_register();
}
// Do our spam protection now.
spamProtection('register');
// Since all is well, we'll go ahead and associate the member's external account
addAuth($memberID, $_SESSION['extauth_info']['provider'], $_SESSION['extauth_info']['uid'], $_SESSION['extauth_info']['name']);
// Basic template variable setup.
if (!empty($modSettings['registration_method'])) {
loadTemplate('Register');
$context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']);
} else {
call_integration_hook('integrate_activate', array($regOptions['username']));
setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', Util::strtolower($regOptions['username']) . $regOptions['password'] . $regOptions['register_vars']['password_salt']));
redirectexit('action=auth;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
}
}
/**
* This function handles submitted forms that add, modify or remove ban triggers.
*/
public function action_edit2()
{
global $context;
require_once SUBSDIR . '/Bans.subs.php';
// Check with security first
checkSession();
validateToken('admin-bet');
$ban_errors = Error_Context::context('ban', 1);
// Adding or editing a ban group
if (isset($_POST['add_ban']) || isset($_POST['modify_ban'])) {
$ban_info = array();
// Let's collect all the information we need
$ban_info['id'] = isset($_REQUEST['bg']) ? (int) $_REQUEST['bg'] : 0;
$ban_info['is_new'] = empty($ban_info['id']);
$ban_info['expire_date'] = !empty($_POST['expire_date']) ? (int) $_POST['expire_date'] : 0;
$ban_info['expiration'] = array('status' => isset($_POST['expiration']) && in_array($_POST['expiration'], array('never', 'one_day', 'expired')) ? $_POST['expiration'] : 'never', 'days' => $ban_info['expire_date']);
$ban_info['db_expiration'] = $ban_info['expiration']['status'] == 'never' ? 'NULL' : ($ban_info['expiration']['status'] == 'one_day' ? time() + 24 * 60 * 60 * $ban_info['expire_date'] : 0);
$ban_info['full_ban'] = empty($_POST['full_ban']) ? 0 : 1;
$ban_info['reason'] = !empty($_POST['reason']) ? Util::htmlspecialchars($_POST['reason'], ENT_QUOTES) : '';
$ban_info['name'] = !empty($_POST['ban_name']) ? Util::htmlspecialchars($_POST['ban_name'], ENT_QUOTES) : '';
$ban_info['notes'] = isset($_POST['notes']) ? Util::htmlspecialchars($_POST['notes'], ENT_QUOTES) : '';
$ban_info['notes'] = str_replace(array("\r", "\n", ' '), array('', '<br />', ' '), $ban_info['notes']);
$ban_info['cannot']['access'] = empty($ban_info['full_ban']) ? 0 : 1;
$ban_info['cannot']['post'] = !empty($ban_info['full_ban']) || empty($_POST['cannot_post']) ? 0 : 1;
$ban_info['cannot']['register'] = !empty($ban_info['full_ban']) || empty($_POST['cannot_register']) ? 0 : 1;
$ban_info['cannot']['login'] = !empty($ban_info['full_ban']) || empty($_POST['cannot_login']) ? 0 : 1;
// Adding a new ban group
if (empty($ban_info['id'])) {
$ban_group_id = insertBanGroup($ban_info);
} else {
$ban_group_id = updateBanGroup($ban_info);
}
if ($ban_group_id !== false) {
$ban_info['id'] = $ban_group_id;
$ban_info['is_new'] = false;
}
$context['ban'] = $ban_info;
}
// Update the triggers associated with this ban
if (isset($_POST['ban_suggestions'])) {
$saved_triggers = saveTriggers($_POST['ban_suggestions'], $ban_info['id'], isset($_REQUEST['u']) ? (int) $_REQUEST['u'] : 0, isset($_REQUEST['bi']) ? (int) $_REQUEST['bi'] : 0);
$context['ban_suggestions']['saved_triggers'] = $saved_triggers;
}
// Something went wrong somewhere, ban info or triggers, ... Oh well, let's go back.
if ($ban_errors->hasErrors()) {
$context['ban_suggestions'] = $saved_triggers;
$context['ban']['from_user'] = true;
// They may have entered a name not using the member select box
if (isset($_REQUEST['u'])) {
$context['ban_suggestions'] = array_merge($context['ban_suggestions'], getMemberData((int) $_REQUEST['u']));
} elseif (isset($_REQUEST['user'])) {
$context['ban']['from_user'] = false;
$context['use_autosuggest'] = true;
$context['ban_suggestions']['member']['name'] = $_REQUEST['user'];
}
// Not strictly necessary, but it's nice
if (!empty($context['ban_suggestions']['member']['id'])) {
$context['ban_suggestions']['other_ips'] = banLoadAdditionalIPs($context['ban_suggestions']['member']['id']);
}
return $this->action_edit();
}
if (isset($_POST['ban_items'])) {
$ban_group_id = isset($_REQUEST['bg']) ? (int) $_REQUEST['bg'] : 0;
$ban_items = array_map('intval', $_POST['ban_items']);
removeBanTriggers($ban_items, $ban_group_id);
}
// Register the last modified date.
updateSettings(array('banLastUpdated' => time()));
// Update the member table to represent the new ban situation.
updateBanMembers();
// Go back to an appropriate spot
redirectexit('action=admin;area=ban;sa=' . (isset($_POST['add_ban']) ? 'list' : 'edit;bg=' . $ban_group_id));
}
/**
* Does the actual saving of the page data
*
* - validates the data is safe to save
* - updates existing pages or creates new ones
*/
private function _sportal_admin_page_edit_save()
{
global $txt, $context, $modSettings;
// No errors, yet.
$pages_errors = Error_Context::context('pages', 0);
// Use our standard validation functions in a few spots
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
// Clean and Review the post data for compliance
$validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim'));
$validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required'));
$validator->text_replacements(array('title' => $txt['sp_error_page_name_empty'], 'namespace' => $txt['sp_error_page_namespace_empty'], 'content' => $txt['sp_admin_pages_col_body']));
// If you messed this up, back you go
if (!$validator->validate($_POST)) {
foreach ($validator->validation_errors() as $id => $error) {
$pages_errors->addError($error);
}
$this->action_sportal_admin_page_edit();
}
// Can't have the same name in the same space twice
$has_duplicate = sp_check_duplicate_pages($_POST['namespace'], $_POST['page_id']);
if (!empty($has_duplicate)) {
$pages_errors->addError('sp_error_page_namespace_duplicate');
}
// Can't have a simple numeric namespace
if (preg_replace('~[0-9]+~', '', $_POST['namespace']) === '') {
$pages_errors->addError('sp_error_page_namespace_numeric');
}
if ($_POST['type'] === 'php' && !allowedTo('admin_forum')) {
fatal_lang_error('cannot_admin_forum', false);
}
// Running some php code, then we need to validate its legit code
if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) {
$validator_php = new Data_Validator();
$validator_php->validation_rules(array('content' => 'php_syntax'));
// Bad PHP code
if (!$validator_php->validate(array('content' => $_POST['content']))) {
$pages_errors->addError($validator_php->validation_errors());
}
}
// None shall pass ... with errors
if ($pages_errors->hasErrors()) {
$this->action_sportal_admin_page_edit();
}
// If you made it this far, we are going to save the work
if (!empty($_POST['blocks']) && is_array($_POST['blocks'])) {
foreach ($_POST['blocks'] as $id => $block) {
$_POST['blocks'][$id] = (int) $block;
}
} else {
$_POST['blocks'] = array();
}
// The data for the fields
$page_info = array('id' => (int) $_POST['page_id'], 'namespace' => Util::htmlspecialchars($_POST['namespace'], ENT_QUOTES), 'title' => Util::htmlspecialchars($_POST['title'], ENT_QUOTES), 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($_POST['type'], array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => (int) $_POST['permissions'], 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']) ? 1 : 0);
if ($page_info['type'] === 'bbc') {
preparsecode($page_info['body']);
}
// Save away
sp_save_page($page_info, $context['SPortal']['is_new']);
$to_show = array();
$not_to_show = array();
$changes = array();
foreach ($context['page_blocks'] as $page_blocks) {
foreach ($page_blocks as $block) {
if ($block['shown'] && !in_array($block['id'], $_POST['blocks'])) {
$not_to_show[] = $block['id'];
} elseif (!$block['shown'] && in_array($block['id'], $_POST['blocks'])) {
$to_show[] = $block['id'];
}
}
}
foreach ($to_show as $id) {
if (empty($this->blocks[$id]['display']) && empty($this->blocks[$id]['display_custom']) || $this->blocks[$id]['display'] == 'sportal') {
$changes[$id] = array('display' => 'portal,p' . $page_info['id'], 'display_custom' => '');
} elseif (in_array($this->blocks[$id]['display'], array('allaction', 'allboard'))) {
$changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . ',p' . $page_info['id']);
} elseif (in_array('-p' . $page_info['id'], explode(',', $this->blocks[$id]['display_custom']))) {
$changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('-p' . $page_info['id']))));
} elseif (empty($this->blocks[$id]['display_custom'])) {
$changes[$id] = array('display' => implode(',', array_merge(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
} else {
$changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_merge(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id']))));
}
}
foreach ($not_to_show as $id) {
if (count(array_intersect(array($this->blocks[$id]['display'], $this->blocks[$id]['display_custom']), array('sforum', 'allpages', 'all'))) > 0) {
$changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . $this->blocks[$id]['display_custom'] . ',-p' . $page_info['id']);
} elseif (empty($this->blocks[$id]['display_custom'])) {
$changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
} else {
$changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id']))));
}
}
// Update the blocks as needed
foreach ($changes as $id => $data) {
sp_update_block_visibility($id, $data);
}
redirectexit('action=admin;area=portalpages');
return true;
}
/**
* This function allows the admin to register a new member by hand.
*
* - It also allows assigning a primary group to the member being registered.
* - Accessed by ?action=admin;area=regcenter;sa=register
* - Requires the moderate_forum permission.
*
* @uses Register template, admin_register sub-template.
*/
public function action_register()
{
global $txt, $context, $scripturl, $user_info;
if (!empty($_POST['regSubmit'])) {
checkSession();
validateToken('admin-regc');
foreach ($_POST as $key => $dummy) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
$regOptions = array('interface' => 'admin', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'password_check' => $_POST['password'], 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($_POST['password']), 'require' => isset($_POST['emailActivate']) ? 'activation' : 'nothing', 'memberGroup' => empty($_POST['group']) || !allowedTo('manage_membergroups') ? 0 : (int) $_POST['group']);
require_once SUBSDIR . '/Members.subs.php';
$reg_errors = Error_Context::context('register', 0);
$memberID = registerMember($regOptions, 'register');
// If there are "important" errors and you are not an admin: log the first error
// Otherwise grab all of them and don't log anything
$error_severity = $reg_errors->hasErrors(1) && !$user_info['is_admin'] ? 1 : null;
foreach ($reg_errors->prepareErrors($error_severity) as $error) {
fatal_error($error, $error_severity === null ? false : 'general');
}
if (!empty($memberID)) {
$context['new_member'] = array('id' => $memberID, 'name' => $_POST['user'], 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $_POST['user'] . '</a>');
$context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']);
}
}
// Load the assignable member groups.
if (allowedTo('manage_membergroups')) {
require_once SUBSDIR . '/Membergroups.subs.php';
if (allowedTo('admin_forum')) {
$includes = array('admin', 'globalmod', 'member');
} else {
$includes = array('globalmod', 'member', 'custom');
}
$groups = array();
$membergroups = getBasicMembergroupData($includes, array('hidden', 'protected'));
foreach ($membergroups as $membergroup) {
$groups[$membergroup['id']] = $membergroup['name'];
}
$context['member_groups'] = $groups;
} else {
$context['member_groups'] = array();
}
// Basic stuff.
addInlineJavascript('disableAutoComplete();', true);
$context['sub_template'] = 'admin_register';
$context['page_title'] = $txt['registration_center'];
createToken('admin-regc');
}
