public function __construct() { parent::__construct(); $this->spam = antispam::getInstance(); $this->security = security::getInstance(); $this->filter = array('content' => array('filters' => array()), 'suscribe' => array('filters' => array(array('trueOrFalse')))); $this->validate = array('author' => array('required' => true, 'rules' => array(array('rule' => VALID_NOT_EMPTY, 'message' => 'Por favor introduce tu Nombre.'))), 'url' => array('rules' => array(array('rule' => VALID_URL, 'message' => 'No es una URL valida.'))), 'email' => array('required' => true, 'rules' => array(array('rule' => VALID_EMAIL, 'message' => 'El e-mail no es valido.'))), 'content' => array('required' => true, 'rules' => array(array('rule' => VALID_NOT_EMPTY, 'message' => 'Debes introducir un comentario.'), array('rule' => array('isSpam'), 'message' => 'No se aceptan comentarios en blanco o con spam.')))); }
/** * UCP Register * * @param array $data Data from ucp_register * @param array $error */ public static function ucp_register($data, &$error) { global $config, $user; if (!$config['asacp_enable']) { return; } // Profile fields stuff foreach (self::$profile_fields as $field => $ary) { if ($ary['field_type'] == 'disabled') { continue; } switch ($config['asacp_profile_' . $field]) { case 1: // Required if (isset($_POST[$field]) && !request_var($field, '')) { $error[] = sprintf($user->lang['FIELD_REQUIRED'], $user->lang[$ary['lang']]); } break; case 2: // Normal if (!$config['asacp_profile_during_reg'] && isset($_POST[$field]) && request_var($field, '')) { $error[] = sprintf($user->lang['FIELD_TOO_LONG'], $user->lang[$ary['lang']], 0); } break; case 3: // Never allowed // Never allowed case 4: // Post Count if (isset($_POST[$field]) && request_var($field, '')) { $error[] = sprintf($user->lang['FIELD_TOO_LONG'], $user->lang[$ary['lang']], 0); } break; } } // Stop Forum Spam stuff if (!sizeof($error) && $config['asacp_sfs_action'] > 1) { if (!function_exists('get_remote_file')) { global $phpbb_root_path, $phpEx; include $phpbb_root_path . 'includes/functions_admin.' . $phpEx; } $stop_forum_spam_urls = array('api?username='******'username']), 'api?email=' . urlencode($data['email'])); foreach ($stop_forum_spam_urls as $url) { $errstr = $errno = ''; $file = get_remote_file('stopforumspam.com', '', $url, $errstr, $errno); if ($file !== false) { $file = str_replace("\r\n", "\n", $file); $file = explode("\n", $file); $appears = $frequency = false; foreach ($file as $line) { if (strpos($line, '<appears>') !== false && strpos($line, '</appears>') !== false) { $start = strpos($line, '<appears>') + 9; $end = strpos($line, '</appears>') - $start; $appears = substr($line, $start, $end) == 'yes' ? true : false; } else { if (strpos($line, '<frequency>') !== false && strpos($line, '</frequency>') !== false) { $start = strpos($line, '<frequency>') + 11; $end = strpos($line, '</frequency>') - $start; $frequency = (int) substr($line, $start, $end); } } } if ($appears && $frequency >= $config['asacp_sfs_min_freq']) { self::$sfs_spam = true; if ($config['asacp_sfs_action']) { self::add_log('LOG_SPAM_USER_DENIED_SFS', array($url)); } break; } } } if (self::$sfs_spam) { switch ($config['asacp_sfs_action']) { case 3: $config['require_activation'] = USER_ACTIVATION_SELF; break; case 4: $config['require_activation'] = USER_ACTIVATION_ADMIN; break; case 5: $user->add_lang('mods/asacp'); $error[] = $user->lang['PROFILE_SPAM_DENIED']; break; } } } }
); if (isset($cp_row['row']) && sizeof($cp_row['row'])) { $postrow = array_merge($postrow, $cp_row['row']); } // [+] Karma MOD $karmamod->viewtopic_postrow($postrow, $user_cache[$poster_id], $poster_id, $forum_id, $topic_id, $row); // [-] Karma MOD // Dump vars into template $template->assign_block_vars('postrow', $postrow); // START Anti-Spam ACP antispam::flagged_output($poster_id, $user_cache[$poster_id], 'postrow.custom_fields', $row['post_id']); // END Anti-Spam ACP if (!empty($cp_row['blockrow'])) { foreach ($cp_row['blockrow'] as $field_data) { $template->assign_block_vars('postrow.custom_fields', $field_data); } } // Display not already displayed Attachments for this post, we already parsed them. ;) if (!empty($attachments[$row['post_id']])) { foreach ($attachments[$row['post_id']] as $attachment) {
function main($id, $mode) { global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; $user->add_lang('posting'); $preview = !empty($_POST['preview']) ? true : false; $submit = !empty($_POST['submit']) ? true : false; $delete = !empty($_POST['delete']) ? true : false; $error = $data = array(); $s_hidden_fields = ''; switch ($mode) { case 'reg_details': $data = array('username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)), 'email' => strtolower(request_var('email', $user->data['user_email'])), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'new_password' => request_var('new_password', '', true), 'cur_password' => request_var('cur_password', '', true), 'password_confirm' => request_var('password_confirm', '', true)); add_form_key('ucp_reg_details'); if ($submit) { // Do not check cur_password, it is the old one. $check_ary = array('new_password' => array(array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 'email' => array(array('string', false, 6, 60), array('email')), 'email_confirm' => array('string', true, 6, 60)); if ($auth->acl_get('u_chgname') && $config['allow_namechange']) { $check_ary['username'] = array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username')); } $error = validate_data($data, $check_ary); if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email']) { $error[] = $data['email_confirm'] ? 'NEW_EMAIL_ERROR' : 'NEW_EMAIL_CONFIRM_EMPTY'; } if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password']) { $error[] = $data['password_confirm'] ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY'; } // Only check the new password against the previous password if there have been no errors if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && phpbb_check_hash($data['new_password'], $user->data['user_password'])) { $error[] = 'SAME_PASSWORD_ERROR'; } if (!phpbb_check_hash($data['cur_password'], $user->data['user_password'])) { $error[] = $data['cur_password'] ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY'; } if (!check_form_key('ucp_reg_details')) { $error[] = 'FORM_INVALID'; } if (!sizeof($error)) { $sql_ary = array('username' => $auth->acl_get('u_chgname') && $config['allow_namechange'] ? $data['username'] : $user->data['username'], 'username_clean' => $auth->acl_get('u_chgname') && $config['allow_namechange'] ? utf8_clean_string($data['username']) : $user->data['username_clean'], 'user_email' => $auth->acl_get('u_chgemail') ? $data['email'] : $user->data['user_email'], 'user_email_hash' => $auth->acl_get('u_chgemail') ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => $auth->acl_get('u_chgpasswd') && $data['new_password'] ? phpbb_hash($data['new_password']) : $user->data['user_password'], 'user_passchg' => $auth->acl_get('u_chgpasswd') && $data['new_password'] ? time() : 0); if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username']) { add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']); } if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !phpbb_check_hash($data['new_password'], $user->data['user_password'])) { $user->reset_login_keys(); add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']); } if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) { add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']); } $message = 'PROFILE_UPDATED'; if ($auth->acl_get('u_chgemail') && $config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN)) { $message = $config['require_activation'] == USER_ACTIVATION_SELF ? 'ACCOUNT_EMAIL_CHANGED' : 'ACCOUNT_EMAIL_CHANGED_ADMIN'; include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $server_url = generate_board_url(); $user_actkey = gen_rand_string(mt_rand(6, 10)); $messenger = new messenger(false); $template_file = $config['require_activation'] == USER_ACTIVATION_ADMIN ? 'user_activate_inactive' : 'user_activate'; $messenger->template($template_file, $user->data['user_lang']); $messenger->to($data['email'], $data['username']); $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user->data['user_id']}&k={$user_actkey}")); $messenger->send(NOTIFY_EMAIL); if ($config['require_activation'] == USER_ACTIVATION_ADMIN) { // Grab an array of user_id's with a_user permissions ... these users can activate a user $admin_ary = $auth->acl_get_list(false, 'a_user', false); $admin_ary = !empty($admin_ary[0]['a_user']) ? $admin_ary[0]['a_user'] : array(); // Also include founders $where_sql = ' WHERE user_type = ' . USER_FOUNDER; if (sizeof($admin_ary)) { $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary); } $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type FROM ' . USERS_TABLE . ' ' . $where_sql; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $messenger->template('admin_activate', $row['user_lang']); $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_USER_DETAILS' => "{$server_url}/memberlist.{$phpEx}?mode=viewprofile&u={$user->data['user_id']}", 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user->data['user_id']}&k={$user_actkey}")); $messenger->send($row['user_notify_type']); } $db->sql_freeresult($result); } user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE); // Because we want the profile to be reactivated we set user_newpasswd to empty (else the reactivation will fail) $sql_ary['user_actkey'] = $user_actkey; $sql_ary['user_newpasswd'] = ''; } if (sizeof($sql_ary)) { $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user->data['user_id']; $db->sql_query($sql); } // Need to update config, forum, topic, posting, messages, etc. if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange']) { user_update_name($user->data['username'], $data['username']); } // Now, we can remove the user completely (kill the session) - NOT BEFORE!!! if (!empty($sql_ary['user_actkey'])) { meta_refresh(5, append_sid($phpbb_root_path . 'index.' . $phpEx)); $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid($phpbb_root_path . 'index.' . $phpEx) . '">', '</a>'); // Because the user gets deactivated we log him out too, killing his session $user->session_kill(); } else { meta_refresh(3, $this->u_action); $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); } trigger_error($message); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'USERNAME' => $data['username'], 'EMAIL' => $data['email'], 'PASSWORD_CONFIRM' => $data['password_confirm'], 'NEW_PASSWORD' => $data['new_password'], 'CUR_PASSWORD' => '', 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_FORCE_PASSWORD' => $auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - $config['chg_passforce'] * 86400 ? true : false, 'S_CHANGE_USERNAME' => $config['allow_namechange'] && $auth->acl_get('u_chgname') ? true : false, 'S_CHANGE_EMAIL' => $auth->acl_get('u_chgemail') ? true : false, 'S_CHANGE_PASSWORD' => $auth->acl_get('u_chgpasswd') ? true : false)); break; case 'profile_info': include $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx; $cp = new custom_profile(); $cp_data = $cp_error = array(); $data = array('icq' => request_var('icq', $user->data['user_icq']), 'aim' => request_var('aim', $user->data['user_aim']), 'msn' => request_var('msn', $user->data['user_msnm']), 'yim' => request_var('yim', $user->data['user_yim']), 'jabber' => utf8_normalize_nfc(request_var('jabber', $user->data['user_jabber'], true)), 'website' => request_var('website', $user->data['user_website']), 'location' => utf8_normalize_nfc(request_var('location', $user->data['user_from'], true)), 'occupation' => utf8_normalize_nfc(request_var('occupation', $user->data['user_occ'], true)), 'interests' => utf8_normalize_nfc(request_var('interests', $user->data['user_interests'], true))); if ($config['allow_birthdays']) { $data['bday_day'] = $data['bday_month'] = $data['bday_year'] = 0; if ($user->data['user_birthday']) { list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']); } $data['bday_day'] = request_var('bday_day', $data['bday_day']); $data['bday_month'] = request_var('bday_month', $data['bday_month']); $data['bday_year'] = request_var('bday_year', $data['bday_year']); $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']); } add_form_key('ucp_profile_info'); if ($submit) { $validate_array = array('icq' => array(array('string', true, 3, 15), array('match', true, '#^[0-9]+$#i')), 'aim' => array('string', true, 3, 255), 'msn' => array('string', true, 5, 255), 'jabber' => array(array('string', true, 5, 255), array('jabber')), 'yim' => array('string', true, 5, 255), 'website' => array(array('string', true, 12, 255), array('match', true, '#^http[s]?://(.*?\\.)*?[a-z0-9\\-]+\\.[a-z]{2,4}#i')), 'location' => array('string', true, 2, 100), 'occupation' => array('string', true, 2, 500), 'interests' => array('string', true, 2, 500)); if ($config['allow_birthdays']) { $validate_array = array_merge($validate_array, array('bday_day' => array('num', true, 1, 31), 'bday_month' => array('num', true, 1, 12), 'bday_year' => array('num', true, 1901, gmdate('Y', time()) + 50), 'user_birthday' => array('date', true))); } $error = validate_data($data, $validate_array); // validate custom profile fields $cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error); if (sizeof($cp_error)) { $error = array_merge($error, $cp_error); } if (!check_form_key('ucp_profile_info')) { $error[] = 'FORM_INVALID'; } // START Anti-Spam ACP antispam::ucp_profile($data, $error); // END Anti-Spam ACP if (!sizeof($error)) { $data['notify'] = $user->data['user_notify_type']; if ($data['notify'] == NOTIFY_IM && (!$config['jab_enable'] || !$data['jabber'] || !@extension_loaded('xml'))) { // User has not filled in a jabber address (Or one of the modules is disabled or jabber is disabled) // Disable notify by Jabber now for this user. $data['notify'] = NOTIFY_EMAIL; } $sql_ary = array('user_icq' => $data['icq'], 'user_aim' => $data['aim'], 'user_msnm' => $data['msn'], 'user_yim' => $data['yim'], 'user_jabber' => $data['jabber'], 'user_website' => $data['website'], 'user_from' => $data['location'], 'user_occ' => $data['occupation'], 'user_interests' => $data['interests'], 'user_notify_type' => $data['notify']); if ($config['allow_birthdays']) { $sql_ary['user_birthday'] = $data['user_birthday']; } $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user->data['user_id']; $db->sql_query($sql); // Update Custom Fields $cp->update_profile_field_data($user->data['user_id'], $cp_data); meta_refresh(3, $this->u_action); $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } if ($config['allow_birthdays']) { $s_birthday_day_options = '<option value="0"' . (!$data['bday_day'] ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 32; $i++) { $selected = $i == $data['bday_day'] ? ' selected="selected"' : ''; $s_birthday_day_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $s_birthday_month_options = '<option value="0"' . (!$data['bday_month'] ? ' selected="selected"' : '') . '>--</option>'; for ($i = 1; $i < 13; $i++) { $selected = $i == $data['bday_month'] ? ' selected="selected"' : ''; $s_birthday_month_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } $s_birthday_year_options = ''; $now = getdate(); $s_birthday_year_options = '<option value="0"' . (!$data['bday_year'] ? ' selected="selected"' : '') . '>--</option>'; for ($i = $now['year'] - 100; $i <= $now['year']; $i++) { $selected = $i == $data['bday_year'] ? ' selected="selected"' : ''; $s_birthday_year_options .= "<option value=\"{$i}\"{$selected}>{$i}</option>"; } unset($now); $template->assign_vars(array('S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options, 'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options, 'S_BIRTHDAY_YEAR_OPTIONS' => $s_birthday_year_options, 'S_BIRTHDAYS_ENABLED' => true)); } $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'ICQ' => $data['icq'], 'YIM' => $data['yim'], 'AIM' => $data['aim'], 'MSN' => $data['msn'], 'JABBER' => $data['jabber'], 'WEBSITE' => $data['website'], 'LOCATION' => $data['location'], 'OCCUPATION' => $data['occupation'], 'INTERESTS' => $data['interests'])); // START Anti-Spam ACP antispam::ucp_profile_display(); // END Anti-Spam ACP // Get additional profile fields and assign them to the template block var 'profile_fields' $user->get_profile_fields($user->data['user_id']); $cp->generate_profile_fields('profile', $user->get_iso_lang_id()); break; case 'signature': if (!$auth->acl_get('u_sig')) { trigger_error('NO_AUTH_SIGNATURE'); } include $phpbb_root_path . 'includes/functions_posting.' . $phpEx; include $phpbb_root_path . 'includes/functions_display.' . $phpEx; $enable_bbcode = $config['allow_sig_bbcode'] ? (bool) $user->optionget('sig_bbcode') : false; $enable_smilies = $config['allow_sig_smilies'] ? (bool) $user->optionget('sig_smilies') : false; $enable_urls = $config['allow_sig_links'] ? (bool) $user->optionget('sig_links') : false; $signature = utf8_normalize_nfc(request_var('signature', (string) $user->data['user_sig'], true)); add_form_key('ucp_sig'); // START Anti-Spam ACP antispam::ucp_signature($signature, $error); // END Anti-Spam ACP if ($submit || $preview) { include $phpbb_root_path . 'includes/message_parser.' . $phpEx; $enable_bbcode = $config['allow_sig_bbcode'] ? request_var('disable_bbcode', false) ? false : true : false; $enable_smilies = $config['allow_sig_smilies'] ? request_var('disable_smilies', false) ? false : true : false; $enable_urls = $config['allow_sig_links'] ? request_var('disable_magic_url', false) ? false : true : false; if (!sizeof($error)) { $message_parser = new parse_message($signature); // Allowing Quote BBCode $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig'); if (sizeof($message_parser->warn_msg)) { $error[] = implode('<br />', $message_parser->warn_msg); } if (!check_form_key('ucp_sig')) { $error[] = 'FORM_INVALID'; } if (!sizeof($error) && $submit) { $user->optionset('sig_bbcode', $enable_bbcode); $user->optionset('sig_smilies', $enable_smilies); $user->optionset('sig_links', $enable_urls); $sql_ary = array('user_sig' => (string) $message_parser->message, 'user_options' => $user->data['user_options'], 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, 'user_sig_bbcode_bitfield' => $message_parser->bbcode_bitfield); $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user->data['user_id']; $db->sql_query($sql); $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } $signature_preview = ''; if ($preview) { // Now parse it for displaying $signature_preview = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false); unset($message_parser); } decode_message($signature, $user->data['user_sig_bbcode_uid']); $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'SIGNATURE' => $signature, 'SIGNATURE_PREVIEW' => $signature_preview, 'S_BBCODE_CHECKED' => !$enable_bbcode ? ' checked="checked"' : '', 'S_SMILIES_CHECKED' => !$enable_smilies ? ' checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => !$enable_urls ? ' checked="checked"' : '', 'BBCODE_STATUS' => $config['allow_sig_bbcode'] ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>'), 'SMILIES_STATUS' => $config['allow_sig_smilies'] ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => $config['allow_sig_img'] ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $config['allow_sig_flash'] ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'URL_STATUS' => $config['allow_sig_links'] ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'MAX_FONT_SIZE' => (int) $config['max_sig_font_size'], 'L_SIGNATURE_EXPLAIN' => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']), 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 'S_BBCODE_IMG' => $config['allow_sig_img'] ? true : false, 'S_BBCODE_FLASH' => $config['allow_sig_flash'] ? true : false, 'S_LINKS_ALLOWED' => $config['allow_sig_links'] ? true : false)); // Build custom bbcodes array display_custom_bbcodes(); break; case 'avatar': include $phpbb_root_path . 'includes/functions_display.' . $phpEx; $display_gallery = request_var('display_gallery', '0'); $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); $can_upload = file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false; add_form_key('ucp_avatar'); if ($submit) { if (check_form_key('ucp_avatar')) { if (avatar_process_user($error, false, $can_upload)) { meta_refresh(3, $this->u_action); $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } } else { $error[] = 'FORM_INVALID'; } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } if (!$config['allow_avatar'] && $user->data['user_avatar_type']) { $error[] = $user->lang['AVATAR_NOT_ALLOWED']; } else { if ($user->data['user_avatar_type'] == AVATAR_UPLOAD && !$config['allow_avatar_upload'] || $user->data['user_avatar_type'] == AVATAR_REMOTE && !$config['allow_avatar_remote'] || $user->data['user_avatar_type'] == AVATAR_GALLERY && !$config['allow_avatar_local']) { $error[] = $user->lang['AVATAR_TYPE_NOT_ALLOWED']; } } $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'AVATAR' => get_user_avatar($user->data['user_avatar'], $user->data['user_avatar_type'], $user->data['user_avatar_width'], $user->data['user_avatar_height'], 'USER_AVATAR', true), 'AVATAR_SIZE' => $config['avatar_filesize'], 'U_GALLERY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=profile&mode=avatar&display_gallery=1'), 'S_FORM_ENCTYPE' => $can_upload && ($config['allow_avatar_upload'] || $config['allow_avatar_remote_upload']) ? ' enctype="multipart/form-data"' : '', 'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024))); if ($config['allow_avatar'] && $display_gallery && $auth->acl_get('u_chgavatar') && $config['allow_avatar_local']) { avatar_gallery($category, $avatar_select, 4); } else { if ($config['allow_avatar']) { $avatars_enabled = $can_upload && ($config['allow_avatar_upload'] || $config['allow_avatar_remote_upload']) || $auth->acl_get('u_chgavatar') && ($config['allow_avatar_local'] || $config['allow_avatar_remote']) ? true : false; $template->assign_vars(array('AVATAR_WIDTH' => request_var('width', $user->data['user_avatar_width']), 'AVATAR_HEIGHT' => request_var('height', $user->data['user_avatar_height']), 'S_AVATARS_ENABLED' => $avatars_enabled, 'S_UPLOAD_AVATAR_FILE' => $can_upload && $config['allow_avatar_upload'] ? true : false, 'S_UPLOAD_AVATAR_URL' => $can_upload && $config['allow_avatar_remote_upload'] ? true : false, 'S_LINK_AVATAR' => $auth->acl_get('u_chgavatar') && $config['allow_avatar_remote'] ? true : false, 'S_DISPLAY_GALLERY' => $auth->acl_get('u_chgavatar') && $config['allow_avatar_local'] ? true : false)); } } break; } $template->assign_vars(array('L_TITLE' => $user->lang['UCP_PROFILE_' . strtoupper($mode)], 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => $this->u_action)); // Set desired template $this->tpl_name = 'ucp_profile_' . $mode; $this->page_title = 'UCP_PROFILE_' . strtoupper($mode); }
function asacp_latest_version() { global $user, $config; $latest_version = antispam::version_check(); if ($latest_version === false) { $version = $user->lang['NOT_AVAILABLE']; $version .= '<br />' . sprintf($user->lang['CLICK_CHECK_NEW_VERSION'], '<a href="http://www.lithiumstudios.org/phpBB3/viewtopic.php?f=31&t=941">', '</a>'); } else { $version = $latest_version; if (version_compare(ASACP_VERSION, $latest_version, '<')) { $version .= '<br />' . sprintf($user->lang['CLICK_GET_NEW_VERSION'], '<a href="http://www.lithiumstudios.org/phpBB3/viewtopic.php?f=31&t=941">', '</a>'); } } return $version; }
if ($mode == 'edit') { $data['topic_replies_real'] = $post_data['topic_replies_real']; $data['topic_replies'] = $post_data['topic_replies']; } // The last parameter tells submit_post if search indexer has to be run // START Anti-Spam ACP if ($asacp_is_spam) { $data['force_approved_state'] = false; } // END Anti-Spam ACP $redirect_url = submit_post($mode, $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false); // START Anti-Spam ACP antispam::submit_post($mode, $data['post_id']); // END Anti-Spam ACP if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) { $captcha->reset(); } // Check the permissions for post approval. Moderators are not affected. if ((!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id']) && empty($data['force_approved_state'])) || (isset($data['force_approved_state']) && !$data['force_approved_state'])) { meta_refresh(10, $redirect_url); $message = ($mode == 'edit') ? $user->lang['POST_EDITED_MOD'] : $user->lang['POST_STORED_MOD']; $message .= (($user->data['user_id'] == ANONYMOUS) ? '' : ' '. $user->lang['POST_APPROVAL_NOTIFY']); } else
function main($id, $mode) { global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; // if ($config['require_activation'] == USER_ACTIVATION_DISABLE) { trigger_error('UCP_REGISTER_DISABLE'); } include $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx; // START Anti-Spam ACP antispam::ucp_preregister(); // END Anti-Spam ACP $coppa = isset($_REQUEST['coppa']) ? !empty($_REQUEST['coppa']) ? 1 : 0 : false; $agreed = !empty($_POST['agreed']) ? 1 : 0; $submit = isset($_POST['submit']) ? true : false; $change_lang = request_var('change_lang', ''); $user_lang = request_var('lang', $user->lang_name); if ($agreed) { add_form_key('ucp_register'); } else { add_form_key('ucp_register_terms'); } if ($change_lang || $user_lang != $config['default_lang']) { $use_lang = $change_lang ? basename($change_lang) : basename($user_lang); if (!validate_language_iso_name($use_lang)) { if ($change_lang) { $submit = false; // Setting back agreed to let the user view the agreement in his/her language $agreed = empty($_GET['change_lang']) ? 0 : $agreed; } $user->lang_name = $user_lang = $use_lang; $user->lang = array(); $user->data['user_lang'] = $user->lang_name; $user->add_lang(array('common', 'ucp')); } else { $change_lang = ''; $user_lang = $user->lang_name; } } $cp = new custom_profile(); $error = $cp_data = $cp_error = array(); if (!$agreed || $coppa === false && $config['coppa_enable'] || $coppa && !$config['coppa_enable']) { $add_lang = $change_lang ? '&change_lang=' . urlencode($change_lang) : ''; $add_coppa = $coppa !== false ? '&coppa=' . $coppa : ''; $s_hidden_fields = array('change_lang' => $change_lang); // If we change the language, we want to pass on some more possible parameter. if ($change_lang) { // We do not include the password $s_hidden_fields = array_merge($s_hidden_fields, array('username' => utf8_normalize_nfc(request_var('username', '', true)), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'lang' => $user->lang_name, 'tz' => request_var('tz', (double) $config['board_timezone']))); } // Checking amount of available languages $sql = 'SELECT lang_id FROM ' . LANG_TABLE; $result = $db->sql_query($sql); $lang_row = array(); while ($row = $db->sql_fetchrow($result)) { $lang_row[] = $row; } $db->sql_freeresult($result); if ($coppa === false && $config['coppa_enable']) { $now = getdate(); $coppa_birthday = $user->format_date(mktime($now['hours'] + $user->data['user_dst'], $now['minutes'], $now['seconds'], $now['mon'], $now['mday'] - 1, $now['year'] - 13), $user->lang['DATE_FORMAT']); unset($now); $template->assign_vars(array('S_LANG_OPTIONS' => sizeof($lang_row) > 1 ? language_select($user_lang) : '', 'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday), 'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register&coppa=0' . $add_lang), 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register&coppa=1' . $add_lang), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register' . $add_lang))); } else { $template->assign_vars(array('S_LANG_OPTIONS' => sizeof($lang_row) > 1 ? language_select($user_lang) : '', 'L_TERMS_OF_USE' => sprintf($user->lang['TERMS_OF_USE_CONTENT'], $config['sitename'], generate_board_url()), 'S_SHOW_COPPA' => false, 'S_REGISTRATION' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register' . $add_lang . $add_coppa))); } unset($lang_row); $this->tpl_name = 'ucp_agreement'; return; } // The CAPTCHA kicks in here. We can't help that the information gets lost on language change. if ($config['enable_confirm']) { include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; // START Anti-Spam ACP antispam::ucp_preregister(); // END Anti-Spam ACP $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_REG); } $is_dst = $config['board_dst']; $timezone = $config['board_timezone']; $data = array('username' => utf8_normalize_nfc(request_var('username', '', true)), 'new_password' => request_var('new_password', '', true), 'password_confirm' => request_var('password_confirm', '', true), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'lang' => basename(request_var('lang', $user->lang_name)), 'tz' => request_var('tz', (double) $timezone)); // Check and initialize some variables if needed if ($submit) { $error = validate_data($data, array('username' => array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username', '')), 'new_password' => array(array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), 'email' => array(array('string', false, 6, 60), array('email')), 'email_confirm' => array('string', false, 6, 60), 'tz' => array('num', false, -14, 14), 'lang' => array('language_iso_name'))); if (!check_form_key('ucp_register')) { $error[] = $user->lang['FORM_INVALID']; } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); if ($config['enable_confirm']) { $vc_response = $captcha->validate($data); if ($vc_response !== false) { $error[] = $vc_response; } if ($config['max_reg_attempts'] && $captcha->get_attempt_count() > $config['max_reg_attempts']) { $error[] = $user->lang['TOO_MANY_REGISTERS']; } } // DNSBL check if ($config['check_dnsbl']) { if (($dnsbl = $user->check_dnsbl('register')) !== false) { $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]); } } // validate custom profile fields $cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error); if (!sizeof($error)) { if ($data['new_password'] != $data['password_confirm']) { $error[] = $user->lang['NEW_PASSWORD_ERROR']; } if ($data['email'] != $data['email_confirm']) { $error[] = $user->lang['NEW_EMAIL_ERROR']; } } // START Anti-Spam ACP antispam::ucp_register($data, $error); // END Anti-Spam ACP if (!sizeof($error)) { $server_url = generate_board_url(); // Which group by default? $group_name = $coppa ? 'REGISTERED_COPPA' : 'REGISTERED'; $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . "\n\t\t\t\t\tWHERE group_name = '" . $db->sql_escape($group_name) . "'\n\t\t\t\t\t\tAND group_type = " . GROUP_SPECIAL; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { trigger_error('NO_GROUP'); } $group_id = $row['group_id']; if (($coppa || $config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable']) { $user_actkey = gen_rand_string(mt_rand(6, 10)); $user_type = USER_INACTIVE; $user_inactive_reason = INACTIVE_REGISTER; $user_inactive_time = time(); } else { $user_type = USER_NORMAL; $user_actkey = ''; $user_inactive_reason = 0; $user_inactive_time = 0; } $user_row = array('username' => $data['username'], 'user_password' => phpbb_hash($data['new_password']), 'user_email' => $data['email'], 'group_id' => (int) $group_id, 'user_timezone' => (double) $data['tz'], 'user_dst' => $is_dst, 'user_lang' => $data['lang'], 'user_type' => $user_type, 'user_actkey' => $user_actkey, 'user_ip' => $user->ip, 'user_regdate' => time(), 'user_inactive_reason' => $user_inactive_reason, 'user_inactive_time' => $user_inactive_time); if ($config['new_member_post_limit']) { $user_row['user_new'] = 1; } // Register user... $user_id = user_add($user_row, $cp_data); // START Anti-Spam ACP antispam::ucp_postregister($user_id, $user_row); // END Anti-Spam ACP // This should not happen, because the required variables are listed above... if ($user_id === false) { trigger_error('NO_USER', E_USER_ERROR); } // Okay, captcha, your job is done. if ($config['enable_confirm'] && isset($captcha)) { $captcha->reset(); } if ($coppa && $config['email_enable']) { $message = $user->lang['ACCOUNT_COPPA']; $email_template = 'coppa_welcome_inactive'; } else { if ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) { $message = $user->lang['ACCOUNT_INACTIVE']; $email_template = 'user_welcome_inactive'; } else { if ($config['require_activation'] == USER_ACTIVATION_ADMIN && $config['email_enable']) { $message = $user->lang['ACCOUNT_INACTIVE_ADMIN']; $email_template = 'admin_welcome_inactive'; } else { $message = $user->lang['ACCOUNT_ADDED']; $email_template = 'user_welcome'; } } } if ($config['email_enable']) { include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $messenger = new messenger(false); $messenger->template($email_template, $data['lang']); $messenger->to($data['email'], $data['username']); $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array('WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), 'USERNAME' => htmlspecialchars_decode($data['username']), 'PASSWORD' => htmlspecialchars_decode($data['new_password']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_id}&k={$user_actkey}")); if ($coppa) { $messenger->assign_vars(array('FAX_INFO' => $config['coppa_fax'], 'MAIL_INFO' => $config['coppa_mail'], 'EMAIL_ADDRESS' => $data['email'])); } $messenger->send(NOTIFY_EMAIL); if ($config['require_activation'] == USER_ACTIVATION_ADMIN) { // Grab an array of user_id's with a_user permissions ... these users can activate a user $admin_ary = $auth->acl_get_list(false, 'a_user', false); $admin_ary = !empty($admin_ary[0]['a_user']) ? $admin_ary[0]['a_user'] : array(); // Also include founders $where_sql = ' WHERE user_type = ' . USER_FOUNDER; if (sizeof($admin_ary)) { $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary); } $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type FROM ' . USERS_TABLE . ' ' . $where_sql; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $messenger->template('admin_activate', $row['user_lang']); $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_USER_DETAILS' => "{$server_url}/memberlist.{$phpEx}?mode=viewprofile&u={$user_id}", 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_id}&k={$user_actkey}")); $messenger->send($row['user_notify_type']); } $db->sql_freeresult($result); } } $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>'); trigger_error($message); } } $s_hidden_fields = array('agreed' => 'true', 'change_lang' => 0); if ($config['coppa_enable']) { $s_hidden_fields['coppa'] = $coppa; } if ($config['enable_confirm']) { $s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields()); } $s_hidden_fields = build_hidden_fields($s_hidden_fields); $confirm_image = ''; // Visual Confirmation - Show images if ($config['enable_confirm']) { $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template())); } // $l_reg_cond = ''; switch ($config['require_activation']) { case USER_ACTIVATION_SELF: $l_reg_cond = $user->lang['UCP_EMAIL_ACTIVATE']; break; case USER_ACTIVATION_ADMIN: $l_reg_cond = $user->lang['UCP_ADMIN_ACTIVATE']; break; } $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'USERNAME' => $data['username'], 'PASSWORD' => $data['new_password'], 'PASSWORD_CONFIRM' => $data['password_confirm'], 'EMAIL' => $data['email'], 'EMAIL_CONFIRM' => $data['email_confirm'], 'L_REG_COND' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_TZ_OPTIONS' => tz_select($data['tz']), 'S_CONFIRM_REFRESH' => $config['enable_confirm'] && $config['confirm_refresh'] ? true : false, 'S_REGISTRATION' => true, 'S_COPPA' => $coppa, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register'))); // $user->profile_fields = array(); // Generate profile fields -> Template Block Variable profile_fields $cp->generate_profile_fields('register', $user->get_iso_lang_id()); // $this->tpl_name = 'ucp_register'; $this->page_title = 'UCP_REGISTRATION'; }
/** * Generate page header */ function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum') { global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path; if (defined('HEADER_INC')) { return; } define('HEADER_INC', true); // gzip_compression if ($config['gzip_compress']) { // to avoid partially compressed output resulting in blank pages in // the browser or error messages, compression is disabled in a few cases: // // 1) if headers have already been sent, this indicates plaintext output // has been started so further content must not be compressed // 2) the length of the current output buffer is non-zero. This means // there is already some uncompressed content in this output buffer // so further output must not be compressed // 3) if more than one level of output buffering is used because we // cannot test all output buffer level content lengths. One level // could be caused by php.ini output_buffering. Anything // beyond that is manual, so the code wrapping phpBB in output buffering // can easily compress the output itself. // if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0) { ob_start('ob_gzhandler'); } } // Generate logged in/logged out status if ($user->data['user_id'] != ANONYMOUS) { $u_login_logout = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=logout', true, $user->session_id); $l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']); } else { $u_login_logout = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=login'); $l_login_logout = $user->lang['LOGIN']; } // Last visit date/time $s_last_visit = $user->data['user_id'] != ANONYMOUS ? $user->format_date($user->data['session_last_visit']) : ''; // Get users online list ... if required $l_online_users = $online_userlist = $l_online_record = $l_online_time = ''; if ($config['load_online'] && $config['load_online_time'] && $display_online_list) { /** * Load online data: * For obtaining another session column use $item and $item_id in the function-parameter, whereby the column is session_{$item}_id. */ $item_id = max($item_id, 0); $online_users = obtain_users_online($item_id, $item); $user_online_strings = obtain_users_online_string($online_users, $item_id, $item); $l_online_users = $user_online_strings['l_online_users']; $online_userlist = $user_online_strings['online_userlist']; $total_online_users = $online_users['total_online']; if ($total_online_users > $config['record_online_users']) { set_config('record_online_users', $total_online_users, true); set_config('record_online_date', time(), true); } $l_online_record = sprintf($user->lang['RECORD_ONLINE_USERS'], $config['record_online_users'], $user->format_date($config['record_online_date'], false, true)); $l_online_time = $config['load_online_time'] == 1 ? 'VIEW_ONLINE_TIME' : 'VIEW_ONLINE_TIMES'; $l_online_time = sprintf($user->lang[$l_online_time], $config['load_online_time']); } $l_privmsgs_text = $l_privmsgs_text_unread = ''; $s_privmsg_new = false; // Obtain number of new private messages if user is logged in if (!empty($user->data['is_registered'])) { if ($user->data['user_new_privmsg']) { $l_message_new = $user->data['user_new_privmsg'] == 1 ? $user->lang['NEW_PM'] : $user->lang['NEW_PMS']; $l_privmsgs_text = sprintf($l_message_new, $user->data['user_new_privmsg']); if (!$user->data['user_last_privmsg'] || $user->data['user_last_privmsg'] > $user->data['session_last_visit']) { $sql = 'UPDATE ' . USERS_TABLE . ' SET user_last_privmsg = ' . $user->data['session_last_visit'] . ' WHERE user_id = ' . $user->data['user_id']; $db->sql_query($sql); $s_privmsg_new = true; } else { $s_privmsg_new = false; } } else { $l_privmsgs_text = $user->lang['NO_NEW_PM']; $s_privmsg_new = false; } $l_privmsgs_text_unread = ''; if ($user->data['user_unread_privmsg'] && $user->data['user_unread_privmsg'] != $user->data['user_new_privmsg']) { $l_message_unread = $user->data['user_unread_privmsg'] == 1 ? $user->lang['UNREAD_PM'] : $user->lang['UNREAD_PMS']; $l_privmsgs_text_unread = sprintf($l_message_unread, $user->data['user_unread_privmsg']); } } $forum_id = request_var('f', 0); $topic_id = request_var('t', 0); $s_feed_news = false; // Get option for news if ($config['feed_enable']) { $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' WHERE ' . $db->sql_bit_and('forum_options', FORUM_OPTION_FEED_NEWS, '<> 0'); $result = $db->sql_query_limit($sql, 1, 0, 600); $s_feed_news = (int) $db->sql_fetchfield('forum_id'); $db->sql_freeresult($result); } // Determine board url - we may need it later $board_url = generate_board_url() . '/'; $web_path = defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH ? $board_url : $phpbb_root_path; // Which timezone? $tz = $user->data['user_id'] != ANONYMOUS ? strval(doubleval($user->data['user_timezone'])) : strval(doubleval($config['board_timezone'])); // Send a proper content-language to the output $user_lang = $user->lang['USER_LANG']; if (strpos($user_lang, '-x-') !== false) { $user_lang = substr($user_lang, 0, strpos($user_lang, '-x-')); } $s_search_hidden_fields = array(); if ($_SID) { $s_search_hidden_fields['sid'] = $_SID; } if (!empty($_EXTRA_URL)) { foreach ($_EXTRA_URL as $url_param) { $url_param = explode('=', $url_param, 2); $s_search_hidden_fields[$url_param[0]] = $url_param[1]; } } // The following assigns all _common_ variables that may be used at any point in a template. $template->assign_vars(array('SITENAME' => $config['sitename'], 'SITE_DESCRIPTION' => $config['site_desc'], 'PAGE_TITLE' => $page_title, 'SCRIPT_NAME' => str_replace('.' . $phpEx, '', $user->page['page_name']), 'LAST_VISIT_DATE' => sprintf($user->lang['YOU_LAST_VISIT'], $s_last_visit), 'LAST_VISIT_YOU' => $s_last_visit, 'CURRENT_TIME' => sprintf($user->lang['CURRENT_TIME'], $user->format_date(time(), false, true)), 'TOTAL_USERS_ONLINE' => $l_online_users, 'LOGGED_IN_USER_LIST' => $online_userlist, 'RECORD_USERS' => $l_online_record, 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, 'S_USER_NEW_PRIVMSG' => $user->data['user_new_privmsg'], 'S_USER_UNREAD_PRIVMSG' => $user->data['user_unread_privmsg'], 'S_USER_NEW' => $user->data['user_new'], 'SID' => $SID, '_SID' => $_SID, 'SESSION_ID' => $user->session_id, 'ROOT_PATH' => $phpbb_root_path, 'BOARD_URL' => $board_url, 'L_LOGIN_LOGOUT' => $l_login_logout, 'L_INDEX' => $user->lang['FORUM_INDEX'], 'L_ONLINE_EXPLAIN' => $l_online_time, 'U_PRIVATEMSGS' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&folder=inbox'), 'U_RETURN_INBOX' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&folder=inbox'), 'U_POPUP_PM' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&mode=popup'), 'UA_POPUP_PM' => addslashes(append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&mode=popup')), 'U_MEMBERLIST' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}"), 'U_VIEWONLINE' => $auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel') ? append_sid("{$phpbb_root_path}viewonline.{$phpEx}") : '', 'U_LOGIN_LOGOUT' => $u_login_logout, 'U_INDEX' => append_sid("{$phpbb_root_path}index.{$phpEx}"), 'U_SEARCH' => append_sid("{$phpbb_root_path}search.{$phpEx}"), 'U_REGISTER' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register'), 'U_PROFILE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}"), 'U_MODCP' => append_sid("{$phpbb_root_path}mcp.{$phpEx}", false, true, $user->session_id), 'U_FAQ' => append_sid("{$phpbb_root_path}faq.{$phpEx}"), 'U_SEARCH_SELF' => append_sid("{$phpbb_root_path}search.{$phpEx}", 'search_id=egosearch'), 'U_SEARCH_NEW' => append_sid("{$phpbb_root_path}search.{$phpEx}", 'search_id=newposts'), 'U_SEARCH_UNANSWERED' => append_sid("{$phpbb_root_path}search.{$phpEx}", 'search_id=unanswered'), 'U_SEARCH_UNREAD' => append_sid("{$phpbb_root_path}search.{$phpEx}", 'search_id=unreadposts'), 'U_SEARCH_ACTIVE_TOPICS' => append_sid("{$phpbb_root_path}search.{$phpEx}", 'search_id=active_topics'), 'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=delete_cookies'), 'U_TEAM' => $user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile') ? '' : append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=leaders'), 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'U_RESTORE_PERMISSIONS' => $user->data['user_perm_from'] && $auth->acl_get('a_switchperm') ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=restore_perm') : '', 'U_FEED' => generate_board_url() . "/feed.{$phpEx}", 'S_USER_LOGGED_IN' => $user->data['user_id'] != ANONYMOUS ? true : false, 'S_AUTOLOGIN_ENABLED' => $config['allow_autologin'] ? true : false, 'S_BOARD_DISABLED' => $config['board_disable'] ? true : false, 'S_REGISTERED_USER' => !empty($user->data['is_registered']) ? true : false, 'S_IS_BOT' => !empty($user->data['is_bot']) ? true : false, 'S_USER_PM_POPUP' => $user->optionget('popuppm'), 'S_USER_LANG' => $user_lang, 'S_USER_BROWSER' => isset($user->data['session_browser']) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'], 'S_USERNAME' => $user->data['username'], 'S_CONTENT_DIRECTION' => $user->lang['DIRECTION'], 'S_CONTENT_FLOW_BEGIN' => $user->lang['DIRECTION'] == 'ltr' ? 'left' : 'right', 'S_CONTENT_FLOW_END' => $user->lang['DIRECTION'] == 'ltr' ? 'right' : 'left', 'S_CONTENT_ENCODING' => 'UTF-8', 'S_TIMEZONE' => $user->data['user_dst'] || $user->data['user_id'] == ANONYMOUS && $config['board_dst'] ? sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], $user->lang['tz']['dst']) : sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], ''), 'S_DISPLAY_ONLINE_LIST' => $l_online_time ? 1 : 0, 'S_DISPLAY_SEARCH' => !$config['load_search'] ? 0 : (isset($auth) ? $auth->acl_get('u_search') && $auth->acl_getf_global('f_search') : 1), 'S_DISPLAY_PM' => $config['allow_privmsg'] && !empty($user->data['is_registered']) && ($auth->acl_get('u_readpm') || $auth->acl_get('u_sendpm')) ? true : false, 'S_DISPLAY_MEMBERLIST' => isset($auth) ? $auth->acl_get('u_viewprofile') : 0, 'S_NEW_PM' => $s_privmsg_new ? 1 : 0, 'S_REGISTER_ENABLED' => $config['require_activation'] != USER_ACTIVATION_DISABLE ? true : false, 'S_FORUM_ID' => $forum_id, 'S_TOPIC_ID' => $topic_id, 'S_LOGIN_ACTION' => !defined('ADMIN_START') ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=login') : append_sid("index.{$phpEx}", false, true, $user->session_id), 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => build_url())), 'S_ENABLE_FEEDS' => $config['feed_enable'] ? true : false, 'S_ENABLE_FEEDS_OVERALL' => $config['feed_overall'] ? true : false, 'S_ENABLE_FEEDS_FORUMS' => $config['feed_overall_forums'] ? true : false, 'S_ENABLE_FEEDS_TOPICS' => $config['feed_topics_new'] ? true : false, 'S_ENABLE_FEEDS_TOPICS_ACTIVE' => $config['feed_topics_active'] ? true : false, 'S_ENABLE_FEEDS_NEWS' => $s_feed_news ? true : false, 'S_LOAD_UNREADS' => $config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered']) ? true : false, 'S_SEARCH_HIDDEN_FIELDS' => build_hidden_fields($s_search_hidden_fields), 'T_THEME_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme', 'T_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', 'T_SUPER_TEMPLATE_PATH' => isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path'] ? "{$web_path}styles/" . rawurlencode($user->theme['template_inherit_path']) . '/template' : "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', 'T_IMAGESET_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset', 'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset/' . $user->lang_name, 'T_IMAGES_PATH' => "{$web_path}images/", 'T_SMILIES_PATH' => "{$web_path}{$config['smilies_path']}/", 'T_AVATAR_PATH' => "{$web_path}{$config['avatar_path']}/", 'T_AVATAR_GALLERY_PATH' => "{$web_path}{$config['avatar_gallery_path']}/", 'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/", 'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/", 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/", 'T_STYLESHEET_LINK' => !$user->theme['theme_storedb'] ? "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.{$phpEx}", 'id=' . $user->theme['style_id'] . '&lang=' . $user->lang_name), 'T_STYLESHEET_NAME' => $user->theme['theme_name'], 'T_THEME_NAME' => rawurlencode($user->theme['theme_path']), 'T_TEMPLATE_NAME' => rawurlencode($user->theme['template_path']), 'T_SUPER_TEMPLATE_NAME' => rawurlencode(isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path'] ? $user->theme['template_inherit_path'] : $user->theme['template_path']), 'T_IMAGESET_NAME' => rawurlencode($user->theme['imageset_path']), 'T_IMAGESET_LANG_NAME' => $user->data['user_lang'], 'T_IMAGES' => 'images', 'T_SMILIES' => $config['smilies_path'], 'T_AVATAR' => $config['avatar_path'], 'T_AVATAR_GALLERY' => $config['avatar_gallery_path'], 'T_ICONS' => $config['icons_path'], 'T_RANKS' => $config['ranks_path'], 'T_UPLOAD' => $config['upload_path'], 'SITE_LOGO_IMG' => $user->img('site_logo'), 'A_COOKIE_SETTINGS' => addslashes('; path=' . $config['cookie_path'] . (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1' ? '' : '; domain=' . $config['cookie_domain']) . (!$config['cookie_secure'] ? '' : '; secure')))); // START Anti-Spam ACP antispam::page_header(); // END Anti-Spam ACP // application/xhtml+xml not used because of IE header('Content-type: text/html; charset=UTF-8'); header('Cache-Control: private, no-cache="set-cookie"'); header('Expires: 0'); header('Pragma: no-cache'); if (!empty($user->data['is_bot'])) { // Let reverse proxies know we detected a bot. header('X-PHPBB-IS-BOT: yes'); } return; }
/** * Compose private message * Called from ucp_pm with mode == 'compose' */ function compose_pm($id, $mode, $action, $user_folders = array()) { global $template, $db, $auth, $user; global $phpbb_root_path, $phpEx, $config; // Damn php and globals - i know, this is horrible // Needed for handle_message_list_actions() global $refresh, $submit, $preview; include $phpbb_root_path . 'includes/functions_posting.' . $phpEx; include $phpbb_root_path . 'includes/functions_display.' . $phpEx; include $phpbb_root_path . 'includes/message_parser.' . $phpEx; if (!$action) { $action = 'post'; } add_form_key('ucp_pm_compose'); // Grab only parameters needed here $to_user_id = request_var('u', 0); $to_group_id = request_var('g', 0); $msg_id = request_var('p', 0); $draft_id = request_var('d', 0); $lastclick = request_var('lastclick', 0); // Reply to all triggered (quote/reply) $reply_to_all = request_var('reply_to_all', 0); // Do NOT use request_var or specialchars here $address_list = isset($_REQUEST['address_list']) ? $_REQUEST['address_list'] : array(); if (!is_array($address_list)) { $address_list = array(); } $submit = isset($_POST['post']) ? true : false; $preview = isset($_POST['preview']) ? true : false; $save = isset($_POST['save']) ? true : false; $load = isset($_POST['load']) ? true : false; $cancel = isset($_POST['cancel']) && !isset($_POST['save']) ? true : false; $delete = isset($_POST['delete']) ? true : false; $remove_u = isset($_REQUEST['remove_u']) ? true : false; $remove_g = isset($_REQUEST['remove_g']) ? true : false; $add_to = isset($_REQUEST['add_to']) ? true : false; $add_bcc = isset($_REQUEST['add_bcc']) ? true : false; $refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load || $remove_u || $remove_g || $add_to || $add_bcc; $action = $delete && !$preview && !$refresh && $submit ? 'delete' : $action; $select_single = $config['allow_mass_pm'] && $auth->acl_get('u_masspm') ? false : true; $error = array(); $current_time = time(); // Was cancel pressed? If so then redirect to the appropriate page if ($cancel || $current_time - $lastclick < 2 && $submit) { if ($msg_id) { redirect(append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&mode=view&action=view_message&p=' . $msg_id)); } redirect(append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm')); } // Since viewtopic.php language entries are used in several modes, // we include the language file here $user->add_lang('viewtopic'); // Output PM_TO box if message composing if ($action != 'edit') { // Add groups to PM box if ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) { $sql = 'SELECT g.group_id, g.group_name, g.group_type FROM ' . GROUPS_TABLE . ' g'; if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) { $sql .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' ug ON ( g.group_id = ug.group_id AND ug.user_id = ' . $user->data['user_id'] . ' AND ug.user_pending = 0 ) WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')'; } $sql .= $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? ' WHERE ' : ' AND '; $sql .= 'g.group_receive_pm = 1 ORDER BY g.group_type DESC, g.group_name ASC'; $result = $db->sql_query($sql); $group_options = ''; while ($row = $db->sql_fetchrow($result)) { $group_options .= '<option' . ($row['group_type'] == GROUP_SPECIAL ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . ($row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; } $db->sql_freeresult($result); } $template->assign_vars(array('S_SHOW_PM_BOX' => true, 'S_ALLOW_MASS_PM' => $config['allow_mass_pm'] && $auth->acl_get('u_masspm') ? true : false, 'S_GROUP_OPTIONS' => $config['allow_mass_pm'] && $auth->acl_get('u_masspm_group') ? $group_options : '', 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=searchuser&form=postform&field=username_list&select_single={$select_single}"))); } $sql = ''; $folder_id = 0; // What is all this following SQL for? Well, we need to know // some basic information in all cases before we do anything. switch ($action) { case 'post': if (!$auth->acl_get('u_sendpm')) { trigger_error('NO_AUTH_SEND_MESSAGE'); } break; case 'reply': case 'quote': case 'forward': case 'quotepost': if (!$msg_id) { trigger_error('NO_MESSAGE'); } if (!$auth->acl_get('u_sendpm')) { trigger_error('NO_AUTH_SEND_MESSAGE'); } if ($action == 'quotepost') { $sql = 'SELECT p.post_id as msg_id, p.forum_id, p.post_text as message_text, p.poster_id as author_id, p.post_time as message_time, p.bbcode_bitfield, p.bbcode_uid, p.enable_sig, p.enable_smilies, p.enable_magic_url, t.topic_title as message_subject, u.username as quote_username FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . " u\n\t\t\t\t\tWHERE p.post_id = {$msg_id}\n\t\t\t\t\t\tAND t.topic_id = p.topic_id\n\t\t\t\t\t\tAND u.user_id = p.poster_id"; } else { $sql = 'SELECT t.folder_id, p.*, u.username as quote_username FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u WHERE t.user_id = ' . $user->data['user_id'] . "\n\t\t\t\t\t\tAND p.author_id = u.user_id\n\t\t\t\t\t\tAND t.msg_id = p.msg_id\n\t\t\t\t\t\tAND p.msg_id = {$msg_id}"; } break; case 'edit': if (!$msg_id) { trigger_error('NO_MESSAGE'); } // check for outbox (not read) status, we do not allow editing if one user already having the message $sql = 'SELECT p.*, t.folder_id FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p WHERE t.user_id = ' . $user->data['user_id'] . ' AND t.folder_id = ' . PRIVMSGS_OUTBOX . "\n\t\t\t\t\tAND t.msg_id = {$msg_id}\n\t\t\t\t\tAND t.msg_id = p.msg_id"; break; case 'delete': if (!$auth->acl_get('u_pm_delete')) { trigger_error('NO_AUTH_DELETE_MESSAGE'); } if (!$msg_id) { trigger_error('NO_MESSAGE'); } $sql = 'SELECT msg_id, pm_unread, pm_new, author_id, folder_id FROM ' . PRIVMSGS_TO_TABLE . ' WHERE user_id = ' . $user->data['user_id'] . "\n\t\t\t\t\tAND msg_id = {$msg_id}"; break; case 'smilies': generate_smilies('window', 0); break; default: trigger_error('NO_ACTION_MODE', E_USER_ERROR); break; } if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward'))) { trigger_error('NO_AUTH_FORWARD_MESSAGE'); } if ($action == 'edit' && !$auth->acl_get('u_pm_edit')) { trigger_error('NO_AUTH_EDIT_MESSAGE'); } if ($sql) { $result = $db->sql_query($sql); $post = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$post) { // If editing it could be the recipient already read the message... if ($action == 'edit') { $sql = 'SELECT p.*, t.folder_id FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p WHERE t.user_id = ' . $user->data['user_id'] . "\n\t\t\t\t\t\tAND t.msg_id = {$msg_id}\n\t\t\t\t\t\tAND t.msg_id = p.msg_id"; $result = $db->sql_query($sql); $post = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($post) { trigger_error('NO_EDIT_READ_MESSAGE'); } } trigger_error('NO_MESSAGE'); } if ($action == 'quotepost') { if ($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id']) || !$post['forum_id'] && !$auth->acl_getf_global('f_read')) { trigger_error('NOT_AUTHORISED'); } // Passworded forum? if ($post['forum_id']) { $sql = 'SELECT forum_password FROM ' . FORUMS_TABLE . ' WHERE forum_id = ' . (int) $post['forum_id']; $result = $db->sql_query($sql); $forum_password = (string) $db->sql_fetchfield('forum_password'); $db->sql_freeresult($result); if ($forum_password) { login_forum_box(array('forum_id' => $post['forum_id'], 'forum_password' => $forum_password)); } } } $msg_id = (int) $post['msg_id']; $folder_id = isset($post['folder_id']) ? $post['folder_id'] : 0; $message_text = isset($post['message_text']) ? $post['message_text'] : ''; if ((!$post['author_id'] || $post['author_id'] == ANONYMOUS && $action != 'delete') && $msg_id) { trigger_error('NO_AUTHOR'); } if ($action == 'quotepost') { // Decode text for message display decode_message($message_text, $post['bbcode_uid']); } if ($action != 'delete') { $enable_urls = $post['enable_magic_url']; $enable_sig = isset($post['enable_sig']) ? $post['enable_sig'] : 0; $message_attachment = isset($post['message_attachment']) ? $post['message_attachment'] : 0; $message_subject = $post['message_subject']; $message_time = $post['message_time']; $bbcode_uid = $post['bbcode_uid']; $quote_username = isset($post['quote_username']) ? $post['quote_username'] : ''; $icon_id = isset($post['icon_id']) ? $post['icon_id'] : 0; if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !sizeof($address_list) && !$refresh && !$submit && !$preview) { // Add the original author as the recipient if quoting a post or only replying and not having checked "reply to all" if ($action == 'quotepost' || !$reply_to_all) { $address_list = array('u' => array($post['author_id'] => 'to')); } else { // We try to include every previously listed member from the TO Header - Reply to all $address_list = rebuild_header(array('to' => $post['to_address'])); // Add the author (if he is already listed then this is no shame (it will be overwritten)) $address_list['u'][$post['author_id']] = 'to'; // Now, make sure the user itself is not listed. ;) if (isset($address_list['u'][$user->data['user_id']])) { unset($address_list['u'][$user->data['user_id']]); } } } else { if ($action == 'edit' && !sizeof($address_list) && !$refresh && !$submit && !$preview) { // Rebuild TO and BCC Header $address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address'])); } } if ($action == 'quotepost') { $check_value = 0; } else { $check_value = ($post['enable_bbcode'] + 1 << 8) + ($post['enable_smilies'] + 1 << 4) + ($enable_urls + 1 << 2) + ($post['enable_sig'] + 1 << 1); } } } else { $message_attachment = 0; $message_text = $message_subject = ''; if ($to_user_id && $action == 'post') { $address_list['u'][$to_user_id] = 'to'; } else { if ($to_group_id && $action == 'post') { $address_list['g'][$to_group_id] = 'to'; } } $check_value = 0; } if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group'))) { trigger_error('NO_AUTH_GROUP_MESSAGE'); } if ($action == 'edit' && !$refresh && !$preview && !$submit) { if (!($message_time > time() - $config['pm_edit_time'] * 60 || !$config['pm_edit_time'])) { trigger_error('CANNOT_EDIT_MESSAGE_TIME'); } } if ($action == 'post') { $template->assign_var('S_NEW_MESSAGE', true); } if (!isset($icon_id)) { $icon_id = 0; } $message_parser = new parse_message(); $message_parser->message = $action == 'reply' ? '' : $message_text; unset($message_text); $s_action = append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i={$id}&mode={$mode}&action={$action}", true, $user->session_id); $s_action .= ($folder_id ? "&f={$folder_id}" : '') . ($msg_id ? "&p={$msg_id}" : ''); // Delete triggered ? if ($action == 'delete') { // Folder id has been determined by the SQL Statement // $folder_id = request_var('f', PRIVMSGS_NO_BOX); // Do we need to confirm ? if (confirm_box(true)) { delete_pm($user->data['user_id'], $msg_id, $folder_id); // jump to next message in "history"? nope, not for the moment. But able to be included later. $meta_info = append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i=pm&folder={$folder_id}"); $message = $user->lang['MESSAGE_DELETED']; meta_refresh(3, $meta_info); $message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>'); trigger_error($message); } else { $s_hidden_fields = array('p' => $msg_id, 'f' => $folder_id, 'action' => 'delete'); // "{$phpbb_root_path}ucp.$phpEx?i=pm&mode=compose" confirm_box(false, 'DELETE_MESSAGE', build_hidden_fields($s_hidden_fields)); } redirect(append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&mode=view&action=view_message&p=' . $msg_id)); } // Get maximum number of allowed recipients $sql = 'SELECT MAX(g.group_max_recipients) as max_recipients FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug WHERE ug.user_id = ' . $user->data['user_id'] . ' AND ug.user_pending = 0 AND ug.group_id = g.group_id'; $result = $db->sql_query($sql); $max_recipients = (int) $db->sql_fetchfield('max_recipients'); $db->sql_freeresult($result); $max_recipients = !$max_recipients ? $config['pm_max_recipients'] : $max_recipients; // If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients if (($action == 'reply' || $action == 'quote') && $max_recipients && $reply_to_all) { // We try to include every previously listed member from the TO Header $list = rebuild_header(array('to' => $post['to_address'])); // Can be an empty array too ;) $list = !empty($list['u']) ? $list['u'] : array(); $list[$post['author_id']] = 'to'; if (isset($list[$user->data['user_id']])) { unset($list[$user->data['user_id']]); } $max_recipients = $max_recipients < sizeof($list) ? sizeof($list) : $max_recipients; unset($list); } // Handle User/Group adding/removing handle_message_list_actions($address_list, $error, $remove_u, $remove_g, $add_to, $add_bcc); // Check mass pm to group permission if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group')) && !empty($address_list['g'])) { $address_list = array(); $error[] = $user->lang['NO_AUTH_GROUP_MESSAGE']; } // Check mass pm to users permission if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm')) && num_recipients($address_list) > 1) { $address_list = get_recipients($address_list, 1); $error[] = $user->lang('TOO_MANY_RECIPIENTS', 1); } // Check for too many recipients if (!empty($address_list['u']) && $max_recipients && sizeof($address_list['u']) > $max_recipients) { $address_list = get_recipients($address_list, $max_recipients); $error[] = $user->lang('TOO_MANY_RECIPIENTS', $max_recipients); } // Always check if the submitted attachment data is valid and belongs to the user. // Further down (especially in submit_post()) we do not check this again. $message_parser->get_submitted_attachment_data(); if ($message_attachment && !$submit && !$refresh && !$preview && $action == 'edit') { // Do not change to SELECT * $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename FROM ' . ATTACHMENTS_TABLE . "\n\t\t\tWHERE post_msg_id = {$msg_id}\n\t\t\t\tAND in_message = 1\n\t\t\t\tAND is_orphan = 0\n\t\t\tORDER BY filetime DESC"; $result = $db->sql_query($sql); $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result)); $db->sql_freeresult($result); } if (!in_array($action, array('quote', 'edit', 'delete', 'forward'))) { $enable_sig = $config['allow_sig'] && $config['allow_sig_pm'] && $auth->acl_get('u_sig') && $user->optionget('attachsig'); $enable_smilies = $config['allow_smilies'] && $auth->acl_get('u_pm_smilies') && $user->optionget('smilies'); $enable_bbcode = $config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode') && $user->optionget('bbcode'); $enable_urls = true; } $enable_magic_url = $drafts = false; // User own some drafts? if ($auth->acl_get('u_savedrafts') && $action != 'delete') { $sql = 'SELECT draft_id FROM ' . DRAFTS_TABLE . ' WHERE forum_id = 0 AND topic_id = 0 AND user_id = ' . $user->data['user_id'] . ($draft_id ? " AND draft_id <> {$draft_id}" : ''); $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { $drafts = true; } } if ($action == 'edit') { $message_parser->bbcode_uid = $bbcode_uid; } $bbcode_status = $config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode') ? true : false; $smilies_status = $config['allow_smilies'] && $config['auth_smilies_pm'] && $auth->acl_get('u_pm_smilies') ? true : false; $img_status = $config['auth_img_pm'] && $auth->acl_get('u_pm_img') ? true : false; $flash_status = $config['auth_flash_pm'] && $auth->acl_get('u_pm_flash') ? true : false; $url_status = $config['allow_post_links'] ? true : false; // Save Draft if ($save && $auth->acl_get('u_savedrafts')) { $subject = utf8_normalize_nfc(request_var('subject', '', true)); $subject = !$subject && $action != 'post' ? $user->lang['NEW_MESSAGE'] : $subject; $message = utf8_normalize_nfc(request_var('message', '', true)); if ($subject && $message) { if (confirm_box(true)) { $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => $user->data['user_id'], 'topic_id' => 0, 'forum_id' => 0, 'save_time' => $current_time, 'draft_subject' => $subject, 'draft_message' => $message)); $db->sql_query($sql); $redirect_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i=pm&mode={$mode}"); meta_refresh(3, $redirect_url); $message = $user->lang['DRAFT_SAVED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); trigger_error($message); } else { $s_hidden_fields = build_hidden_fields(array('mode' => $mode, 'action' => $action, 'save' => true, 'subject' => $subject, 'message' => $message, 'u' => $to_user_id, 'g' => $to_group_id, 'p' => $msg_id)); $s_hidden_fields .= build_address_field($address_list); confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields); } } else { if (utf8_clean_string($subject) === '') { $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT']; } if (utf8_clean_string($message) === '') { $error[] = $user->lang['TOO_FEW_CHARS']; } } unset($subject, $message); } // Load Draft if ($draft_id && $auth->acl_get('u_savedrafts')) { $sql = 'SELECT draft_subject, draft_message FROM ' . DRAFTS_TABLE . "\n\t\t\tWHERE draft_id = {$draft_id}\n\t\t\t\tAND topic_id = 0\n\t\t\t\tAND forum_id = 0\n\t\t\t\tAND user_id = " . $user->data['user_id']; $result = $db->sql_query_limit($sql, 1); if ($row = $db->sql_fetchrow($result)) { $message_parser->message = $row['draft_message']; $message_subject = $row['draft_subject']; $template->assign_var('S_DRAFT_LOADED', true); } else { $draft_id = 0; } $db->sql_freeresult($result); } // Load Drafts if ($load && $drafts) { load_drafts(0, 0, $id, $action, $msg_id); } if ($submit || $preview || $refresh) { if (($submit || $preview) && !check_form_key('ucp_pm_compose')) { $error[] = $user->lang['FORM_INVALID']; } $subject = utf8_normalize_nfc(request_var('subject', '', true)); $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); $icon_id = request_var('icon', 0); $enable_bbcode = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true; $enable_smilies = !$smilies_status || isset($_POST['disable_smilies']) ? false : true; $enable_urls = isset($_POST['disable_magic_url']) ? 0 : 1; $enable_sig = !$config['allow_sig'] || !$config['allow_sig_pm'] ? false : (isset($_POST['attach_sig']) ? true : false); if ($submit) { $status_switch = ($enable_bbcode + 1 << 8) + ($enable_smilies + 1 << 4) + ($enable_urls + 1 << 2) + ($enable_sig + 1 << 1); $status_switch = $status_switch != $check_value; } else { $status_switch = 1; } // Parse Attachments - before checksum is calculated $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); if (sizeof($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) { $error[] = implode('<br />', $message_parser->warn_msg); $message_parser->warn_msg = array(); } // Parse message $message_parser->parse($enable_bbcode, $config['allow_post_links'] ? $enable_urls : false, $enable_smilies, $img_status, $flash_status, true, $config['allow_post_links']); // On a refresh we do not care about message parsing errors if (sizeof($message_parser->warn_msg) && !$refresh) { $error[] = implode('<br />', $message_parser->warn_msg); } if ($action != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('u_ignoreflood')) { // Flood check $last_post_time = $user->data['user_lastpost_time']; if ($last_post_time) { if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) { $error[] = $user->lang['FLOOD_ERROR']; } } } // Subject defined if ($submit) { if (utf8_clean_string($subject) === '') { $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT']; } if (!sizeof($address_list)) { $error[] = $user->lang['NO_RECIPIENT']; } } // START Anti-Spam ACP if (!sizeof($error) && $config['asacp_spam_words_pm_action'] && antispam::spam_words(array($subject, $message_parser->message))) { $user->add_lang('mods/asacp'); antispam::add_log('LOG_SPAM_PM_DENIED', array($subject, $message_parser->message)); $error[] = $user->lang['SPAM_DENIED']; } if (!sizeof($error) && $config['asacp_akismet_pm_action'] && antispam::akismet($message_parser->message)) { $user->add_lang('mods/asacp'); antispam::add_log('LOG_SPAM_PM_DENIED_AKISMET', array($subject, $message_parser->message)); $error[] = $user->lang['SPAM_DENIED']; } if (!sizeof($error) && $submit && $user->data['user_flagged']) { antispam::add_log('LOG_SENT_PM', array('pm' => $address_list), 'flag'); } // END Anti-Spam ACP // Store message, sync counters if (!sizeof($error) && $submit) { $pm_data = array('msg_id' => (int) $msg_id, 'from_user_id' => $user->data['user_id'], 'from_user_ip' => $user->ip, 'from_username' => $user->data['username'], 'reply_from_root_level' => isset($post['root_level']) ? (int) $post['root_level'] : 0, 'reply_from_msg_id' => (int) $msg_id, 'icon_id' => (int) $icon_id, 'enable_sig' => (bool) $enable_sig, 'enable_bbcode' => (bool) $enable_bbcode, 'enable_smilies' => (bool) $enable_smilies, 'enable_urls' => (bool) $enable_urls, 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'attachment_data' => $message_parser->attachment_data, 'filename_data' => $message_parser->filename_data, 'address_list' => $address_list); // ((!$message_subject) ? $subject : $message_subject) $msg_id = submit_pm($action, $subject, $pm_data); $return_message_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&mode=view&p=' . $msg_id); $inbox_folder_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&folder=inbox'); $outbox_folder_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&folder=outbox'); $folder_url = ''; if ($folder_id > 0 && isset($user_folders[$folder_id])) { $folder_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&folder=' . $folder_id); } $return_box_url = $action === 'post' || $action === 'edit' ? $outbox_folder_url : $inbox_folder_url; $return_box_lang = $action === 'post' || $action === 'edit' ? 'PM_OUTBOX' : 'PM_INBOX'; $message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>'); $last_click_type = 'CLICK_RETURN_FOLDER'; if ($folder_url) { $message .= '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $folder_url . '">', '</a>', $user_folders[$folder_id]['folder_name']); $last_click_type = 'CLICK_GOTO_FOLDER'; } $message .= '<br /><br />' . sprintf($user->lang[$last_click_type], '<a href="' . $return_box_url . '">', '</a>', $user->lang[$return_box_lang]); meta_refresh(3, $return_message_url); trigger_error($message); } $message_subject = $subject; } // Preview if (!sizeof($error) && $preview) { $preview_message = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false); $preview_signature = $user->data['user_sig']; $preview_signature_uid = $user->data['user_sig_bbcode_uid']; $preview_signature_bitfield = $user->data['user_sig_bbcode_bitfield']; // Signature if ($enable_sig && $config['allow_sig'] && $preview_signature) { $parse_sig = new parse_message($preview_signature); $parse_sig->bbcode_uid = $preview_signature_uid; $parse_sig->bbcode_bitfield = $preview_signature_bitfield; $parse_sig->format_display($config['allow_sig_bbcode'], $config['allow_sig_links'], $config['allow_sig_smilies']); $preview_signature = $parse_sig->message; unset($parse_sig); } else { $preview_signature = ''; } // Attachment Preview if (sizeof($message_parser->attachment_data)) { $template->assign_var('S_HAS_ATTACHMENTS', true); $update_count = array(); $attachment_data = $message_parser->attachment_data; parse_attachments(false, $preview_message, $attachment_data, $update_count, true); foreach ($attachment_data as $i => $attachment) { $template->assign_block_vars('attachment', array('DISPLAY_ATTACHMENT' => $attachment)); } unset($attachment_data); } $preview_subject = censor_text($subject); if (!sizeof($error)) { $template->assign_vars(array('PREVIEW_SUBJECT' => $preview_subject, 'PREVIEW_MESSAGE' => $preview_message, 'PREVIEW_SIGNATURE' => $preview_signature, 'S_DISPLAY_PREVIEW' => true)); } unset($message_text); } // Decode text for message display $bbcode_uid = ($action == 'quote' || $action == 'forward') && !$preview && !$refresh && (!sizeof($error) || sizeof($error) && !$submit) ? $bbcode_uid : $message_parser->bbcode_uid; $message_parser->decode_message($bbcode_uid); if (($action == 'quote' || $action == 'quotepost') && !$preview && !$refresh && !$submit) { if ($action == 'quotepost') { $post_id = request_var('p', 0); if ($config['allow_post_links']) { $message_link = "[url=" . generate_board_url() . "/viewtopic.{$phpEx}?p={$post_id}#p{$post_id}]{$user->lang['SUBJECT']}: {$message_subject}[/url]\n\n"; } else { $message_link = $user->lang['SUBJECT'] . ': ' . $message_subject . " (" . generate_board_url() . "/viewtopic.{$phpEx}?p={$post_id}#p{$post_id})\n\n"; } } else { $message_link = ''; } $message_parser->message = $message_link . '[quote="' . $quote_username . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n"; } if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh) { $message_subject = (!preg_match('/^Re:/', $message_subject) ? 'Re: ' : '') . censor_text($message_subject); } if ($action == 'forward' && !$preview && !$refresh && !$submit) { $fwd_to_field = write_pm_addresses(array('to' => $post['to_address']), 0, true); if ($config['allow_post_links']) { $quote_username_text = '[url=' . generate_board_url() . "/memberlist.{$phpEx}?mode=viewprofile&u={$post['author_id']}]{$quote_username}[/url]"; } else { $quote_username_text = $quote_username . ' (' . generate_board_url() . "/memberlist.{$phpEx}?mode=viewprofile&u={$post['author_id']})"; } $forward_text = array(); $forward_text[] = $user->lang['FWD_ORIGINAL_MESSAGE']; $forward_text[] = sprintf($user->lang['FWD_SUBJECT'], censor_text($message_subject)); $forward_text[] = sprintf($user->lang['FWD_DATE'], $user->format_date($message_time, false, true)); $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text); $forward_text[] = sprintf($user->lang['FWD_TO'], implode(', ', $fwd_to_field['to'])); $message_parser->message = implode("\n", $forward_text) . "\n\n[quote="{$quote_username}"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]"; $message_subject = (!preg_match('/^Fwd:/', $message_subject) ? 'Fwd: ' : '') . censor_text($message_subject); } $attachment_data = $message_parser->attachment_data; $filename_data = $message_parser->filename_data; $message_text = $message_parser->message; // MAIN PM PAGE BEGINS HERE // Generate smiley listing generate_smilies('inline', 0); // Generate PM Icons $s_pm_icons = false; if ($config['enable_pm_icons']) { $s_pm_icons = posting_gen_topic_icons($action, $icon_id); } // Generate inline attachment select box posting_gen_inline_attachments($attachment_data); // Build address list for display // array('u' => array($author_id => 'to')); if (sizeof($address_list)) { // Get Usernames and Group Names $result = array(); if (!empty($address_list['u'])) { $sql = 'SELECT user_id as id, username as name, user_colour as colour FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($address_list['u']))) . ' ORDER BY username_clean ASC'; $result['u'] = $db->sql_query($sql); } if (!empty($address_list['g'])) { $sql = 'SELECT g.group_id AS id, g.group_name AS name, g.group_colour AS colour, g.group_type FROM ' . GROUPS_TABLE . ' g'; if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) { $sql .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' ug ON ( g.group_id = ug.group_id AND ug.user_id = ' . $user->data['user_id'] . ' AND ug.user_pending = 0 ) WHERE (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')'; } $sql .= $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel') ? ' WHERE ' : ' AND '; $sql .= 'g.group_receive_pm = 1 AND ' . $db->sql_in_set('g.group_id', array_map('intval', array_keys($address_list['g']))) . ' ORDER BY g.group_name ASC'; $result['g'] = $db->sql_query($sql); } $u = $g = array(); $_types = array('u', 'g'); foreach ($_types as $type) { if (isset($result[$type]) && $result[$type]) { while ($row = $db->sql_fetchrow($result[$type])) { if ($type == 'g') { $row['name'] = $row['group_type'] == GROUP_SPECIAL ? $user->lang['G_' . $row['name']] : $row['name']; } ${$type}[$row['id']] = array('name' => $row['name'], 'colour' => $row['colour']); } $db->sql_freeresult($result[$type]); } } // Now Build the address list $plain_address_field = ''; foreach ($address_list as $type => $adr_ary) { foreach ($adr_ary as $id => $field) { if (!isset(${$type}[$id])) { unset($address_list[$type][$id]); continue; } $field = $field == 'to' ? 'to' : 'bcc'; $type = $type == 'u' ? 'u' : 'g'; $id = (int) $id; $tpl_ary = array('IS_GROUP' => $type == 'g' ? true : false, 'IS_USER' => $type == 'u' ? true : false, 'UG_ID' => $id, 'NAME' => ${$type}[$id]['name'], 'COLOUR' => ${$type}[$id]['colour'] ? '#' . ${$type}[$id]['colour'] : '', 'TYPE' => $type); if ($type == 'u') { $tpl_ary = array_merge($tpl_ary, array('U_VIEW' => get_username_string('profile', $id, ${$type}[$id]['name'], ${$type}[$id]['colour']), 'NAME_FULL' => get_username_string('full', $id, ${$type}[$id]['name'], ${$type}[$id]['colour']))); } else { $tpl_ary = array_merge($tpl_ary, array('U_VIEW' => append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=group&g=' . $id))); } $template->assign_block_vars($field . '_recipient', $tpl_ary); } } } // Build hidden address list $s_hidden_address_field = build_address_field($address_list); $bbcode_checked = isset($enable_bbcode) ? !$enable_bbcode : ($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode') ? !$user->optionget('bbcode') : 1); $smilies_checked = isset($enable_smilies) ? !$enable_smilies : ($config['allow_smilies'] && $auth->acl_get('u_pm_smilies') ? !$user->optionget('smilies') : 1); $urls_checked = isset($enable_urls) ? !$enable_urls : 0; $sig_checked = $enable_sig; switch ($action) { case 'post': $page_title = $user->lang['POST_NEW_PM']; break; case 'quote': $page_title = $user->lang['POST_QUOTE_PM']; break; case 'quotepost': $page_title = $user->lang['POST_PM_POST']; break; case 'reply': $page_title = $user->lang['POST_REPLY_PM']; break; case 'edit': $page_title = $user->lang['POST_EDIT_PM']; break; case 'forward': $page_title = $user->lang['POST_FORWARD_PM']; break; default: trigger_error('NO_ACTION_MODE', E_USER_ERROR); break; } $s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />'; $s_hidden_fields .= isset($check_value) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : ''; $s_hidden_fields .= $draft_id || isset($_REQUEST['draft_loaded']) ? '<input type="hidden" name="draft_loaded" value="' . (isset($_REQUEST['draft_loaded']) ? intval($_REQUEST['draft_loaded']) : $draft_id) . '" />' : ''; $form_enctype = @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach') ? '' : ' enctype="multipart/form-data"'; // Start assigning vars for main posting page ... $template->assign_vars(array('L_POST_A' => $page_title, 'L_ICON' => $user->lang['PM_ICON'], 'L_MESSAGE_BODY_EXPLAIN' => intval($config['max_post_chars']) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 'SUBJECT' => isset($message_subject) ? $message_subject : '', 'MESSAGE' => $message_text, 'BBCODE_STATUS' => $bbcode_status ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>'), 'IMG_STATUS' => $img_status ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $flash_status ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => $smilies_status ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'URL_STATUS' => $url_status ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'MAX_FONT_SIZE' => (int) $config['max_post_font_size'], 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['PM']), 'ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'MAX_RECIPIENTS' => $config['allow_mass_pm'] && ($auth->acl_get('u_masspm') || $auth->acl_get('u_masspm_group')) ? $max_recipients : 0, 'S_COMPOSE_PM' => true, 'S_EDIT_POST' => $action == 'edit', 'S_SHOW_PM_ICONS' => $s_pm_icons, 'S_BBCODE_ALLOWED' => $bbcode_status ? 1 : 0, 'S_BBCODE_CHECKED' => $bbcode_checked ? ' checked="checked"' : '', 'S_SMILIES_ALLOWED' => $smilies_status, 'S_SMILIES_CHECKED' => $smilies_checked ? ' checked="checked"' : '', 'S_SIG_ALLOWED' => $config['allow_sig'] && $config['allow_sig_pm'] && $auth->acl_get('u_sig'), 'S_SIGNATURE_CHECKED' => $sig_checked ? ' checked="checked"' : '', 'S_LINKS_ALLOWED' => $url_status, 'S_MAGIC_URL_CHECKED' => $urls_checked ? ' checked="checked"' : '', 'S_SAVE_ALLOWED' => $auth->acl_get('u_savedrafts') && $action != 'edit' ? true : false, 'S_HAS_DRAFTS' => $auth->acl_get('u_savedrafts') && $drafts, 'S_FORM_ENCTYPE' => $form_enctype, 'S_BBCODE_IMG' => $img_status, 'S_BBCODE_FLASH' => $flash_status, 'S_BBCODE_QUOTE' => true, 'S_BBCODE_URL' => $url_status, 'S_POST_ACTION' => $s_action, 'S_HIDDEN_ADDRESS_FIELD' => $s_hidden_address_field, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']), 'U_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.{$phpEx}", 'f=0&mode=popup'), 'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_root_path}posting.{$phpEx}", 'f=0&mode=popup')))); // Build custom bbcodes array display_custom_bbcodes(); // Show attachment box for adding attachments if true $allowed = $auth->acl_get('u_pm_attach') && $config['allow_pm_attach'] && $form_enctype; // Attachment entry posting_gen_attachment_entry($attachment_data, $filename_data, $allowed); // Message History if ($action == 'reply' || $action == 'quote' || $action == 'forward') { if (message_history($msg_id, $user->data['user_id'], $post, array(), true)) { $template->assign_var('S_DISPLAY_HISTORY', true); } } }
function antispam_reply_edit_after_sql($reply_id) { global $config, $user; if (!class_exists('antispam')) { return; } if ($user->data['user_flagged']) { global $blog_id; antispam::add_log('LOG_EDITED_BLOG_REPLY', blog_url($user->data['user_id'], $blog_id, $reply_id), 'flag'); } }