/**
* Process the actual deletes
*
* @param boolean $is_hard_delete
* @param vB_Legacy_User $user
* @param string $reason
* @param boolean $keepattachments
*/
protected function delete_internal($is_hard_delete, $user, $reason, $keepattachments)
{
global $vbulletin;
$thread = $this->get_field('thread');
$forum = $thread->get_field('forum');
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($this->record);
$postman->delete($forum->get_countposts(), $thread->get_field('threadid'), $is_hard_delete, array('userid' => $user->get_field('userid'), 'username' => $user->get_field('username'), 'reason' => $reason, 'keepattachments' => $keepattachments));
unset($postman);
build_thread_counters($threadinfo['threadid']);
if ($forum->get_field('lastthreadid') != $thread->get_field('threadid')) {
$forum->decrement_replycount();
} else {
// this thread is the one being displayed as the thread with the last post...
// need to get the lastpost datestamp and lastposter name from the thread.
build_forum_counters($thread->get_field('forumid'));
}
}
}
if (!empty($rsslog_insert_sql)) {
// insert logs
$vbulletin->db->query_replace(TABLE_PREFIX . 'rsslog', '(rssfeedid, itemid, itemtype, uniquehash, contenthash, dateline, threadactiontime)', $rsslog_insert_sql);
$rsslog_insert_sql = array();
$rss_logs_inserted = true;
}
}
if (defined('IN_CONTROL_PANEL')) {
echo "</ol>";
}
if ($rss_logs_inserted) {
// rebuild forum counters
require_once DIR . '/includes/functions_databuild.php';
foreach (array_keys($update_forumids) as $forumid) {
build_forum_counters($forumid);
}
// build cron log
$log_items = '<ul class="smallfont">';
foreach ($cronlog_items as $rssfeedid => $items) {
$log_items .= "<li><strong>{$feeds[$rssfeedid][title]}</strong><ul class=\"smallfont\">\r\n";
foreach ($items as $item) {
$log_items .= $item;
}
$log_items .= "</ul></li>\r\n";
}
$log_items .= '</ul>';
}
if (!empty($feeds)) {
// update lastrun time for feeds
$vbulletin->db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "rssfeed\n\t\t\t\tSET lastrun = " . TIMENOW . "\n\t\t\t\tWHERE rssfeedid IN(" . implode(', ', array_keys($feeds)) . ")\n\t\t\t");
echo '<p>' . $vbphrase['updating_forums'] . '</p>';
$forums = $db->query_read("
SELECT forumid
FROM " . TABLE_PREFIX . "forum
WHERE forumid >= " . $vbulletin->GPC['startat'] . "
ORDER BY forumid
LIMIT " . $vbulletin->GPC['perpage']
);
$finishat = $vbulletin->GPC['startat'];
while($forum = $db->fetch_array($forums))
{
build_forum_counters($forum['forumid'], true);
echo construct_phrase($vbphrase['processing_x'], $forum['forumid']) . "<br />\n";
vbflush();
$finishat = ($forum['forumid'] > $finishat ? $forum['forumid'] : $finishat);
}
$finishat++;
if ($checkmore = $db->query_first("SELECT forumid FROM " . TABLE_PREFIX . "forum WHERE forumid >= $finishat LIMIT 1"))
{
print_cp_redirect("misc.php?" . $vbulletin->session->vars['sessionurl'] . "do=updateforum&startat=$finishat&pp=" . $vbulletin->GPC['perpage']);
echo "<p><a href=\"misc.php?" . $vbulletin->session->vars['sessionurl'] . "do=updateforum&startat=$finishat&pp=" . $vbulletin->GPC['perpage'] . "\">" . $vbphrase['click_here_to_continue_processing'] . "</a></p>";
}
else
{
echo ". \n";
vbflush();
}
echo $vbphrase['done'] . '</p>';
define('CP_REDIRECT', 'index.php?do=home');
print_stop_message('pruned_threads_successfully_modcp');
} else {
if ($vbulletin->GPC['type'] == 'move') {
$threadslist = '0';
foreach ($vbulletin->GPC['thread'] as $threadid => $confirm) {
$threadslist .= ',' . intval($threadid);
}
$db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "thread SET\n\t\t\t\t\tforumid = " . $vbulletin->GPC['destforumid'] . "\n\t\t\t\tWHERE threadid IN ({$threadslist})\n\t\t\t\t\tAND forumid IN (" . implode(',', $forumids) . ")\n\t\t\t");
$vbulletin->db->query_write("TRUNCATE TABLE " . TABLE_PREFIX . "postparsed");
require_once DIR . '/includes/functions_prefix.php';
remove_invalid_prefixes($threadslist, $vbulletin->GPC['destforumid']);
require_once DIR . '/includes/functions_databuild.php';
build_forum_counters($vbulletin->GPC['destforumid']);
define('CP_REDIRECT', 'index.php?do=home');
print_stop_message('moved_threads_successfully_modcp');
}
}
}
}
print_cp_footer();
/*======================================================================*\
|| ####################################################################
|| # Downloaded: 09:39, Wed Nov 5th 2008
|| # CVS: $RCSfile$ - $Revision: 25059 $
|| ####################################################################
\*======================================================================*/
/**
* Additional data to update after a delete call (such as denormalized values in other tables).
*
* @param boolean Do the query?
*/
function post_delete($doquery = true)
{
$db =& $this->registry->db;
// need to rebuild last post info in forums that use this prefix
require_once(DIR . '/includes/functions_databuild.php');
$forums = $db->query_read("
SELECT forumid
FROM " . TABLE_PREFIX . "forumprefixset
WHERE prefixsetid = '" . $db->escape_string($this->fetch_field('prefixsetid')) . "'
");
while ($forum = $db->fetch_array($forums))
{
build_forum_counters($forum['forumid']);
}
$db->query_write("
DELETE FROM " . TABLE_PREFIX . "forumprefixset
WHERE prefixsetid = '" . $db->escape_string($this->fetch_field('prefixsetid')) . "'
");
// delete this set's phrases
$db->query_write("
DELETE FROM " . TABLE_PREFIX . "phrase
WHERE varname = '" . $db->escape_string('prefixset_' . $this->fetch_field('prefixsetid') . '_title') . "'
AND fieldname = 'prefix'
");
// now find all the phrases for child prefixes to remove
$prefix_phrases = array();
$prefixids = array();
$prefix_sql = $db->query_read("
SELECT prefixid
FROM " . TABLE_PREFIX . "prefix
WHERE prefixsetid = '" . $db->escape_string($this->fetch_field('prefixsetid')) . "'
");
while ($prefix = $db->fetch_array($prefix_sql))
{
$prefix_phrases[] = "'" . $db->escape_string("prefix_$prefix[prefixid]_title_plain") . "'";
$prefix_phrases[] = "'" . $db->escape_string("prefix_$prefix[prefixid]_title_rich") . "'";
$prefixids[] = "'" . $db->escape_string($prefix['prefixid']) . "'";
}
if ($prefix_phrases)
{
$db->query_write("
DELETE FROM " . TABLE_PREFIX . "phrase
WHERE varname IN (" . implode(',', $prefix_phrases) . ")
AND fieldname = 'global'
");
$db->query_write("
UPDATE " . TABLE_PREFIX . "thread SET
prefixid = ''
WHERE prefixid IN (" . implode(',', $prefixids) . ")
");
}
// now delete the child prefixes themselves
$db->query_write("
DELETE FROM " . TABLE_PREFIX . "prefix
WHERE prefixsetid = '" . $db->escape_string($this->fetch_field('prefixsetid')) . "'
");
require_once(DIR . '/includes/adminfunctions_language.php');
build_language();
require_once(DIR . '/includes/adminfunctions_prefix.php');
build_prefix_datastore();
($hook = vBulletinHook::fetch_hook('prefixsetdata_delete')) ? eval($hook) : false;
return true;
}
/**
* Removes prefixes from threads in certain forums. Useful when a prefix or prefix set
* is no longer available in a forum.
*
* @param array|string Array of prefixes (or single one)
* @param array|integer Array of forumids (or a single one)
*/
function remove_prefixes_forum($prefixes, $forumids)
{
global $vbulletin;
if (!is_array($prefixes)) {
$prefixes = array($prefixes);
}
$prefixes = array_map(array(&$vbulletin->db, 'escape_string'), $prefixes);
if (!is_array($forumids)) {
$forumids = array($forumids);
}
$forumids = array_map('intval', $forumids);
if (empty($prefixes) or empty($forumids)) {
return;
}
$vbulletin->db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "thread SET\n\t\t\tprefixid = ''\n\t\tWHERE prefixid IN ('" . implode("', '", $prefixes) . "')\n\t\t\tAND forumid IN (" . implode(',', $forumids) . ")\n\t");
// rebuild last post info in these forums
require_once DIR . '/includes/functions_databuild.php';
foreach ($forumids as $forumid) {
build_forum_counters($forumid);
}
}
function undelete_post($postid, $countposts, $postinfo = NULL, $threadinfo = NULL, $counterupdate = true)
{
global $vbulletin, $vbphrase;
// Valid postinfo array will contain: postid, threadid, visible, userid, username, title
// Invalid post or post is not deleted
if (!$postinfo AND !$postinfo = fetch_postinfo($postid))
{
return;
}
// Valid threadinfo array will contain: threadid, forumid, visible, firstpostid
if (!$threadinfo AND !$threadinfo = fetch_threadinfo($postinfo['threadid']))
{
return;
}
if ($threadinfo['firstpostid'] == $postid)
{
// undelete thread
undelete_thread($threadinfo['threadid'], $countposts, $threadinfo);
return;
}
// Post is not deleted
if ($postinfo['visible'] != 2)
{
return;
}
// Only increment post for a visible thread in a counting forum
if ($countposts AND $postinfo['userid'] AND $threadinfo['visible'] == 1)
{
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdata->set_existing($postinfo);
$userdata->set('posts', 'posts + 1', false);
$userdata->set_ladder_usertitle_relative(1);
$userdata->save();
unset($userdata);
}
$deletiondata =& datamanager_init('Deletionlog_ThreadPost', $vbulletin, ERRTYPE_SILENT, 'deletionlog');
$deletioninfo = array('type' => 'post', 'primaryid' => $postid);
$deletiondata->set_existing($deletioninfo);
$deletiondata->delete();
unset($deletiondata, $deletioninfo);
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($postinfo);
$postman->set('visible', 1);
$postman->save();
if ($counterupdate)
{
build_thread_counters($postinfo['threadid']);
build_forum_counters($threadinfo['forumid']);
}
fetch_phrase_group('threadmanage');
$postinfo['forumid'] = $threadinfo['forumid'];
require_once(DIR . '/includes/functions_log_error.php');
log_moderator_action($postinfo, 'post_y_by_x_undeleted', array($postinfo['title'], $postinfo['username']));
}
function PostNewThread($who, $forumid, $title, $pagetext)
{
global $db, $vbulletin, $server, $structtypes, $lastpostarray;
$result = RegisterService($who);
if ($result['Code'] != 0) {
$retval['Result'] = $result;
return $retval;
}
$insertid = 0;
$foruminfo = fetch_foruminfo($forumid, false);
if ($foruminfo['forumid'] > 0) {
$userid = 0;
// such is the case for network posts
$postuserid = 0;
// same as above
$forumid = $foruminfo['forumid'];
$pagetext = fetch_censored_text($pagetext);
//$title = $title;
$allowsmilie = '1';
$visible = '1';
$dateline = TIMENOW;
$threaddm = new vB_DataManager_Thread_FirstPost($vbulletin, ERRTYPE_STANDARD);
// there is no (easy) way to parse out an excessive amount of smilies when dong the image check
// so we check for [IMG] tags only and then disable the check for smilies
#$threaddm->set_info('skip_maximagescheck', true);
$threaddm->do_set('userid', $vbulletin->userinfo['userid']);
$threaddm->do_set('username', $vbulletin->userinfo['username']);
$threaddm->do_set('postuserid', $postuserid);
$threaddm->do_set('forumid', $forumid);
$threaddm->do_set('pagetext', $pagetext);
$threaddm->do_set('title', $title);
$threaddm->do_set('allowsmilie', $allowsmilie);
$threaddm->do_set('visible', $visible);
$threaddm->do_set('dateline', $dateline);
$threaddm->pre_save();
if (count($threaddm->errors) > 0) {
return ErrorResult('pre_save_failed_new_thread');
} else {
// save the thread
$insertid = $threaddm->save();
require_once './includes/functions_databuild.php';
build_forum_counters($forumid);
}
}
if ($insertid > 0) {
$retval['PostID'] = $insertid;
$retval['RemoteUser'] = ConsumeArray($vbulletin->userinfo, $structtypes['RemoteUser']);
$result['Code'] = 1;
$retval['Result'] = $result;
} else {
return ErrorResult('save_failed_thread_reply');
}
return $retval;
}
$insert_subscriptions = array();
foreach ($unique_thread_user as $threadid => $users) {
foreach ($users as $userid => $subscriptioninfo) {
if ($subscriptioninfo['issubscribed'] and $subscriptioninfo['autosubscribe'] != -1) {
$insert_subscriptions[] = "({$userid}, {$destthreadinfo['threadid']}, {$subscriptioninfo['autosubscribe']}, 0, 1)";
}
}
}
if ($insert_subscriptions) {
$db->query_write("\n\t\t\t\tINSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread\n\t\t\t\t\t(userid, threadid, emailupdate, folderid, canview)\n\t\t\t\tVALUES\n\t\t\t\t\t" . implode(', ', $insert_subscriptions));
}
// need to check permissions on these threads
update_subscriptions(array('threadids' => array($destthreadinfo['threadid'])));
}
build_thread_counters($destthreadinfo['threadid']);
build_forum_counters($destforuminfo['forumid']);
log_moderator_action($destthreadinfo, 'posts_copied_to_x', $destthreadinfo['threadid']);
// empty cookie
setcookie('vbulletin_inlinepost', '', TIMENOW - 3600, '/');
($hook = vBulletinHook::fetch_hook('inlinemod_docopyposts')) ? eval($hook) : false;
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$destthreadinfo['threadid']}";
eval(print_standard_redirect('redirect_inline_copiedposts', true, $forceredirect));
}
$navbits = construct_navbits($navbits);
eval('$navbar = "' . fetch_template('navbar') . '";');
($hook = vBulletinHook::fetch_hook('inlinemod_complete')) ? eval($hook) : false;
$url =& $vbulletin->url;
// spit out the final HTML if we have got this far
eval('$HTML = "' . fetch_template($template) . '";');
eval('print_output("' . fetch_template('THREADADMIN') . '");');
/*======================================================================*\
/**
* Additional tasks to perform after a delete.
*
* Return false to indicate that the entire delete process was not a success.
*
* @param mixed - The result of execDelete()
*/
protected function postDelete($result)
{
$this->treeUpdated();
$this->assertItem();
vB::$db->query_write("
DELETE FROM " . TABLE_PREFIX . "cms_nodeconfig
WHERE nodeid = " . intval($this->item->getNodeId())
);
vB::$db->query_write("
DELETE FROM " . TABLE_PREFIX . "cms_nodeinfo
WHERE nodeid = " . intval($this->item->getNodeId())
);
vB::$db->query_write("
DELETE FROM " . TABLE_PREFIX . "cms_navigation
WHERE nodeid = " . intval($this->item->getNodeId())
);
// Delete associated thread
if ($threadid = $this->item->getAssociatedThreadId())
{
if ($threadinfo = verify_id('thread', $threadid, false, true))
{
$threadman =& datamanager_init('Thread', vB::$vbulletin, ERRTYPE_SILENT, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->delete(true, true, NULL, false);
unset($threadman);
build_forum_counters($threadinfo['forumid']);
}
}
vB_Cache::instance()->event(vBCms_NavBar::getCacheEventId(vBCms_NavBar::GLOBAL_CACHE_EVENT));
return parent::postDelete($result);
}
/**
* Enter description here...
*
* @param boolean $is_hard_delete
* @param vB_Legacy_User $user
* @param String $reason
* @param boolean $keepattachments
*/
protected function delete_internal($is_hard_delete, $user, $reason, $keepattachments)
{
global $vbulletin;
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_existing($this->record);
$forum = $this->get_forum();
$threadman->delete($forum->get_field['replycount'], $is_hard_delete, array('userid' => $user->get_field('userid'), 'username' => $user->get_field('username'), 'reason' => $reason, 'keepattachments' => $keepattachments));
unset($threadman);
if ($forum->get_field('lastthreadid') != $this->get_field('threadid')) {
$forum->decrement_threadcount();
} else {
// this thread is the one being displayed as the thread with the last post...
// so get a new thread to display.
build_forum_counters($this->get_field('forumid'));
}
}
$db->errno = 0;
$db->query_write("ALTER TABLE " . TABLE_PREFIX . "forum ADD lastpostid INT UNSIGNED NOT NULL DEFAULT '0'");
$db->errno = 0;
$db->query_first("SELECT forumid FROM " . TABLE_PREFIX . "podcast LIMIT 1");
if ($db->errno()) {
$db->query_write("CREATE TABLE " . TABLE_PREFIX . "podcast (\n\t\t\tforumid INT UNSIGNED NOT NULL DEFAULT '0',\n\t\t\tauthor VARCHAR(255) NOT NULL DEFAULT '',\n\t\t\tcategory VARCHAR(255) NOT NULL DEFAULT '',\n\t\t\timage VARCHAR(255) NOT NULL DEFAULT '',\n\t\t\texplicit SMALLINT NOT NULL DEFAULT '0',\n\t\t\tenabled SMALLINT NOT NULL DEFAULT '1',\n\t\t\tkeywords VARCHAR(255) NOT NULL DEFAULT '',\n\t\t\towneremail VARCHAR(255) NOT NULL DEFAULT '',\n\t\t\townername VARCHAR(255) NOT NULL DEFAULT '',\n\t\t\tsubtitle VARCHAR(255) NOT NULL DEFAULT '',\n\t\t\tsummary MEDIUMTEXT,\n\t\t\tcategoryid SMALLINT NOT NULL DEFAULT '0',\n\t\t\tPRIMARY KEY (forumid)\n\t\t)");
}
$db->show_errors();
$db->query_write("UPDATE forum SET lastpost=0, lastposter=''");
$forums = $db->query_read("SELECT forumid, title FROM forum ORDER BY forumid DESC");
echo "<ul>\n";
while ($forum = $db->fetch_array($forums)) {
// update forum counters
echo_flush("<li>" . sprintf($upgrade_phrases['upgrade_300b3.php']['updating_counters_for_x'], $forum['title']) . "</li>\n");
require_once DIR . '/includes/functions_databuild.php';
build_forum_counters($forum['forumid']);
$thread = $db->query_first("\n\t\t\tSELECT * FROM thread\n\t\t\tWHERE forumid = {$forum['forumid']}\n\t\t\tORDER BY lastpost DESC\n\t\t\tLIMIT 1\n\t\t");
$query[] = "\n\t\t\tUPDATE forum SET\n\t\t\t\tlastpost = " . intval($thread['lastpost']) . ",\n\t\t\t\tlastposter = '" . $db->escape_string($thread['lastposter']) . "',\n\t\t\t\tlastthread = '" . $db->escape_string($thread['title']) . "',\n\t\t\t\tlastthreadid = " . intval($thread['threadid']) . ",\n\t\t\t\tlasticonid = " . intval($thread['iconid']) . "\n\t\t\tWHERE forumid = " . intval($thread['forumid']) . "\n\t\t";
$explain[] = sprintf($upgrade_phrases['upgrade_300b3.php']['updating_lastpost_info_for_x'], $forum['title']);
}
echo "</ul>\n";
exec_queries();
}
// #############################################################################
// Convert Private Messages
if ($vbulletin->GPC['step'] == 6) {
$vbulletin->GPC['perpage'] = 1000;
$count = $db->query_first("SELECT COUNT(*) AS total FROM privatemessage");
echo_flush("<p>" . sprintf($upgrade_phrases['upgrade_300b3.php']['converting_priv_msg_x'], construct_upgrade_page_hint($count['total'], $vbulletin->GPC['startat'], $vbulletin->GPC['perpage'])) . "</p>\n");
// query a batch of private messages
$getpms = $db->query_read("\n\t\tSELECT\n\t\t\tprivatemessage.*,\n\t\t\tIF(ISNULL(touser.username), '[{$upgrade_phrases['upgrade_300b3.php']['deleted_user']}]', touser.username) AS tousername,\n\t\t\tIF(ISNULL(fromuser.username), '[{$upgrade_phrases['upgrade_300b3.php']['deleted_user']}]', fromuser.username) AS fromusername\n\t\tFROM privatemessage\n\t\tLEFT JOIN user AS touser ON(touser.userid = privatemessage.touserid)\n\t\tLEFT JOIN user AS fromuser ON(fromuser.userid = privatemessage.fromuserid)\n\t\tLIMIT {$vbulletin->GPC['startat']}, {$vbulletin->GPC['perpage']}\n\t");
function do_moderation()
{
global $vbulletin, $db, $foruminfo, $forumperms, $threadinfo, $postinfo, $vbphrase, $threadid;
$postlimit = 400;
$threadlimit = 200;
$threadarray = array();
$postarray = array();
$postinfos = array();
$forumlist = array();
$threadlist = array();
switch ($_REQUEST['do']) {
case 'openclosethread':
case 'dodeletethread':
case 'domovethread':
case 'updatethread':
case 'domergethread':
case 'stick':
case 'removeredirect':
case 'deletethread':
case 'deleteposts':
case 'movethread':
case 'copythread':
case 'editthread':
case 'mergethread':
case 'moderatethread':
if (!$threadinfo['threadid']) {
standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink']));
}
}
if ($_REQUEST['do'] == 'getforums') {
$forums = array();
get_forums(-1, $forums);
return array('forums' => $forums);
}
if ($threadinfo['forumid']) {
$forumperms = fetch_permissions($threadinfo['forumid']);
if ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) {
json_error(ERR_NO_PERMISSION);
}
}
// Open/Close Thread
if ($_POST['do'] == 'openclosethread') {
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
// permission check
if (!can_moderate($threadinfo['forumid'], 'canopenclose')) {
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'])) {
json_error(ERR_NO_PERMISSION);
} else {
if (!is_first_poster($threadid)) {
json_error(ERR_NO_PERMISSION);
}
}
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
// handles mod log
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->set('open', $threadman->fetch_field('open') == 1 ? 0 : 1);
($hook = vBulletinHook::fetch_hook('threadmanage_openclose')) ? eval($hook) : false;
$threadman->save();
}
// Stick/Unstick Thread
if ($_POST['do'] == 'stick') {
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
if (!can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
json_error(ERR_NO_PERMISSION);
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
// handles mod log
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->set('sticky', $threadman->fetch_field('sticky') == 1 ? 0 : 1);
($hook = vBulletinHook::fetch_hook('threadmanage_stickunstick')) ? eval($hook) : false;
$threadman->save();
}
// Delete Thread
if ($_POST['do'] == 'dodeletethread') {
$vbulletin->input->clean_array_gpc('p', array('deletetype' => TYPE_UINT, 'deletereason' => TYPE_STR, 'keepattachments' => TYPE_BOOL));
$vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']);
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'canremoveposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
$physicaldel = false;
if (!can_moderate($threadinfo['forumid'], 'candeleteposts') and !can_moderate($threadinfo['forumid'], 'canremoveposts')) {
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['candeletepost']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['candeletethread'])) {
json_error(ERR_NO_PERMISSION);
} else {
if ($threadinfo['dateline'] < TIMENOW - $vbulletin->options['edittimelimit'] * 60 and $vbulletin->options['edittimelimit'] != 0) {
json_error(ERR_NO_PERMISSION);
} else {
if (!$threadinfo['open']) {
json_error(ERR_NO_PERMISSION);
}
if (!is_first_poster($threadinfo['threadid'])) {
json_error(ERR_NO_PERMISSION);
}
}
}
} else {
if (!can_moderate($threadinfo['forumid'], 'canremoveposts')) {
$physicaldel = false;
} else {
if (!can_moderate($threadinfo['forumid'], 'candeleteposts')) {
$physicaldel = true;
} else {
$physicaldel = iif($vbulletin->GPC['deletetype'] == 1, false, true);
}
}
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
$delinfo = array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments']);
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->delete($foruminfo['countposts'], $physicaldel, $delinfo);
unset($threadman);
build_forum_counters($threadinfo['forumid']);
}
// Delete Posts
if ($_POST['do'] == 'dodeleteposts') {
$vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR));
$postids = explode(',', $vbulletin->GPC['postids']);
foreach ($postids as $index => $postid) {
if (intval($postid) == 0) {
unset($postids["{$index}"]);
} else {
$postids["{$index}"] = intval($postid);
}
}
if (empty($postids)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
if (count($postids) > 400) {
standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit));
}
$vbulletin->input->clean_array_gpc('p', array('deletetype' => TYPE_UINT, 'keepattachments' => TYPE_BOOL, 'deletereason' => TYPE_STR));
$vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']);
$physicaldel = iif($vbulletin->GPC['deletetype'] == 1, false, true);
// Validate posts
$posts = $db->query_read_slave("\n\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title, post.userid AS posteruserid,\n\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\tORDER BY postid\n\t");
$deletethreads = array();
$firstpost = array();
while ($post = $db->fetch_array($posts)) {
$forumperms = fetch_permissions($post['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
} else {
if (!can_moderate($post['forumid'], 'canremoveposts') and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
}
if (!can_moderate($post['forumid'], 'canremoveposts') and $physicaldel) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
} else {
if (!physicaldel and (!can_moderate($post['forumid'], 'candeleteposts') and ($post['posteruserid'] != $vbulletin->userinfo['userid'] or !($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['candeletepost'])))) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
$postarray["{$post['postid']}"] = $post;
$threadlist["{$post['threadid']}"] = true;
$forumlist["{$post['forumid']}"] = true;
if ($post['firstpostid'] == $post['postid']) {
// deleting a thread so do not decremement the counters of any other posts in this thread
$firstpost["{$post['threadid']}"] = true;
} else {
if (!empty($firstpost["{$post['threadid']}"])) {
$postarray["{$post['postid']}"]['skippostcount'] = true;
}
}
}
if (empty($postarray)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
$firstpost = false;
$gotothread = true;
foreach ($postarray as $postid => $post) {
$foruminfo = fetch_foruminfo($post['forumid']);
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($post);
$postman->delete($foruminfo['countposts'] and !$post['skippostcount'], $post['threadid'], $physicaldel, array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments']));
unset($postman);
}
foreach (array_keys($threadlist) as $threadid) {
build_thread_counters($threadid);
}
foreach (array_keys($forumlist) as $forumid) {
build_forum_counters($forumid);
}
($hook = vBulletinHook::fetch_hook('inlinemod_dodeleteposts')) ? eval($hook) : false;
}
// Move Thread
if ($_POST['do'] == 'domovethread') {
$vbulletin->input->clean_array_gpc('p', array('destforumid' => TYPE_UINT, 'redirect' => TYPE_STR, 'title' => TYPE_NOHTML, 'redirectprefixid' => TYPE_NOHTML, 'redirecttitle' => TYPE_NOHTML, 'period' => TYPE_UINT, 'frame' => TYPE_STR));
$vbulletin->GPC['title'] = prepare_remote_utf8_string($vbulletin->GPC['title']);
$vbulletin->GPC['redirecttitle'] = prepare_remote_utf8_string($vbulletin->GPC['redirecttitle']);
$vbulletin->GPC['redirectprefixid'] = prepare_remote_utf8_string($vbulletin->GPC['redirectprefixid']);
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
// check whether dest can contain posts
$destforumid = verify_id('forum', $vbulletin->GPC['destforumid']);
$destforuminfo = fetch_foruminfo($destforumid);
if (!$destforuminfo['cancontainthreads'] or $destforuminfo['link']) {
standard_error(fetch_error('moveillegalforum'));
}
if ($threadinfo['isdeleted'] and !can_moderate($destforuminfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($destforuminfo['forumid'], 'canmoderateposts')) {
## Insert proper phrase about not being able to move a hidden thread to a forum you can't moderateposts in or a deleted thread to a forum you can't deletethreads in
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
// check source forum permissions
if (!can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canmove'])) {
json_error(ERR_NO_PERMISSION);
} else {
if (!$threadinfo['open'] and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'])) {
json_error(ERR_NO_PERMISSION);
}
if (!is_first_poster($threadid)) {
json_error(ERR_NO_PERMISSION);
}
}
}
// check destination forum permissions
$destforumperms = fetch_permissions($destforuminfo['forumid']);
if (!($destforumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
json_error(ERR_NO_PERMISSION);
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
verify_forum_password($destforuminfo['forumid'], $destforuminfo['password']);
// check to see if this thread is being returned to a forum it's already been in
// if a redirect exists already in the destination forum, remove it
if ($checkprevious = $db->query_first_slave("SELECT threadid FROM " . TABLE_PREFIX . "thread WHERE forumid = {$destforuminfo['forumid']} AND open = 10 AND pollid = {$threadid}")) {
$old_redirect =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
$old_redirect->set_existing($checkprevious);
$old_redirect->delete(false, true, NULL, false);
unset($old_redirect);
}
// check to see if this thread is being moved to the same forum it's already in but allow copying to the same forum
if ($destforuminfo['forumid'] == $threadinfo['forumid'] and $vbulletin->GPC['redirect']) {
standard_error(fetch_error('movesameforum'));
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_start')) ? eval($hook) : false;
if ($vbulletin->GPC['title'] != '' and $vbulletin->GPC['title'] != $threadinfo['title']) {
$oldtitle = $threadinfo['title'];
$threadinfo['title'] = unhtmlspecialchars($vbulletin->GPC['title']);
$updatetitle = true;
} else {
$oldtitle = $threadinfo['title'];
$updatetitle = false;
}
if ($vbulletin->GPC['redirect'] == 'none') {
$method = 'move';
} else {
$method = 'movered';
}
switch ($method) {
// ***************************************************************
// move the thread wholesale into the destination forum
case 'move':
// update forumid/notes and unstick to prevent abuse
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_info('skip_moderator_log', true);
$threadman->set_existing($threadinfo);
if ($updatetitle) {
$threadman->set('title', $threadinfo['title']);
if ($vbulletin->options['similarthreadsearch']) {
require_once DIR . '/includes/functions_search.php';
$threadman->set('similar', fetch_similar_threads(fetch_censored_text($vbulletin->GPC['title']), $threadinfo['threadid']));
}
} else {
// Bypass check since title wasn't modified
$threadman->set('title', $threadinfo['title'], true, false);
}
$threadman->set('forumid', $destforuminfo['forumid']);
// If mod can not manage threads in destination forum then unstick thread
if (!can_moderate($destforuminfo['forumid'], 'canmanagethreads')) {
$threadman->set('sticky', 0);
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_simple')) ? eval($hook) : false;
$threadman->save();
log_moderator_action($threadinfo, 'thread_moved_to_x', $destforuminfo['title']);
break;
// ***************************************************************
// ***************************************************************
// move the thread into the destination forum and leave a redirect
// ***************************************************************
// ***************************************************************
// move the thread into the destination forum and leave a redirect
case 'movered':
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_info('skip_moderator_log', true);
$threadman->set_existing($threadinfo);
if ($updatetitle) {
$threadman->set('title', $threadinfo['title']);
if ($vbulletin->options['similarthreadsearch']) {
require_once DIR . '/includes/functions_search.php';
$threadman->set('similar', fetch_similar_threads(fetch_censored_text($vbulletin->GPC['title']), $threadinfo['threadid']));
}
} else {
// Bypass check since title wasn't modified
$threadman->set('title', $threadinfo['title'], true, false);
}
$threadman->set('forumid', $destforuminfo['forumid']);
// If mod can not manage threads in destination forum then unstick thread
if (!can_moderate($destforuminfo['forumid'], 'canmanagethreads')) {
$threadman->set('sticky', 0);
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_redirect_orig')) ? eval($hook) : false;
$threadman->save();
unset($threadman);
if ($threadinfo['visible'] == 1) {
// Insert redirect for visible thread
log_moderator_action($threadinfo, 'thread_moved_with_redirect_to_a', $destforuminfo['title']);
$redirdata = array('lastpost' => intval($threadinfo['lastpost']), 'forumid' => intval($threadinfo['forumid']), 'pollid' => intval($threadinfo['threadid']), 'open' => 10, 'replycount' => intval($threadinfo['replycount']), 'postusername' => $threadinfo['postusername'], 'postuserid' => intval($threadinfo['postuserid']), 'lastposter' => $threadinfo['lastposter'], 'dateline' => intval($threadinfo['dateline']), 'views' => intval($threadinfo['views']), 'iconid' => intval($threadinfo['iconid']), 'visible' => 1);
$redir =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
foreach (array_keys($redirdata) as $field) {
// bypassing the verify_* calls; this data should be valid as is
$redir->setr($field, $redirdata["{$field}"], true, false);
}
if ($updatetitle) {
if (empty($vbulletin->GPC['redirecttitle'])) {
$redir->set('title', $threadinfo['title']);
} else {
$redir->set('title', unhtmlspecialchars($vbulletin->GPC['redirecttitle']));
}
} else {
// Bypass check since title wasn't modified
if (empty($vbulletin->GPC['redirecttitle'])) {
$redir->set('title', $threadinfo['title'], true, false);
} else {
$redir->set('title', unhtmlspecialchars($vbulletin->GPC['redirecttitle']));
}
}
require_once DIR . '/includes/functions_prefix.php';
if (can_use_prefix($vbulletin->GPC['redirectprefixid'])) {
$redir->set('prefixid', $vbulletin->GPC['redirectprefixid']);
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_redirect_notice')) ? eval($hook) : false;
if ($redirthreadid = $redir->save() and $vbulletin->GPC['redirect'] == 'expires') {
switch ($vbulletin->GPC['frame']) {
case 'h':
$expires = mktime(date('H') + $vbulletin->GPC['period'], date('i'), date('s'), date('m'), date('d'), date('y'));
break;
case 'd':
$expires = mktime(date('H'), date('i'), date('s'), date('m'), date('d') + $vbulletin->GPC['period'], date('y'));
break;
case 'w':
$expires = $vbulletin->GPC['period'] * 60 * 60 * 24 * 7 + TIMENOW;
break;
case 'y':
$expires = mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y') + $vbulletin->GPC['period']);
break;
case 'm':
default:
$expires = mktime(date('H'), date('i'), date('s'), date('m') + $vbulletin->GPC['period'], date('d'), date('y'));
}
$db->query_write("\n\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "threadredirect\n\t\t\t\t\t\t\t(threadid, expires)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$redirthreadid}, {$expires})\n\t\t\t\t\t");
}
unset($redir);
} else {
// leave no redirect for hidden or deleted threads
log_moderator_action($threadinfo, 'thread_moved_to_x', $destforuminfo['title']);
}
break;
// ***************************************************************
}
// end switch($method)
// kill the cache for the old thread
delete_post_cache_threads(array($threadinfo['threadid']));
// Update Post Count if we move from a counting forum to a non counting or vice-versa..
// Source Dest Visible Thread Hidden Thread
// Yes Yes ~ ~
// Yes No -visible ~
// No Yes +visible ~
// No No ~ ~
if ($threadinfo['visible'] and ($method == 'move' or $method == 'movered') and ($foruminfo['countposts'] and !$destforuminfo['countposts'] or !$foruminfo['countposts'] and $destforuminfo['countposts'])) {
$posts = $db->query_read_slave("\n\t\t\tSELECT userid\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE threadid = {$threadinfo['threadid']}\n\t\t\t\tAND\tuserid > 0\n\t\t\t\tAND visible = 1\n\t\t");
$userbyuserid = array();
while ($post = $db->fetch_array($posts)) {
if (!isset($userbyuserid["{$post['userid']}"])) {
$userbyuserid["{$post['userid']}"] = 1;
} else {
$userbyuserid["{$post['userid']}"]++;
}
}
if (!empty($userbyuserid)) {
$userbypostcount = array();
foreach ($userbyuserid as $postuserid => $postcount) {
$alluserids .= ",{$postuserid}";
$userbypostcount["{$postcount}"] .= ",{$postuserid}";
}
foreach ($userbypostcount as $postcount => $userids) {
$casesql .= " WHEN userid IN (0{$userids}) THEN {$postcount}";
}
$operator = $destforuminfo['countposts'] ? '+' : '-';
$db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "user\n\t\t\t\tSET posts = CAST(posts AS SIGNED) {$operator}\n\t\t\t\t\tCASE\n\t\t\t\t\t\t{$casesql}\n\t\t\t\t\t\tELSE 0\n\t\t\t\t\tEND\n\t\t\t\tWHERE userid IN (0{$alluserids})\n\t\t\t");
}
}
build_forum_counters($threadinfo['forumid']);
if ($threadinfo['forumid'] != $destforuminfo['forumid']) {
build_forum_counters($destforuminfo['forumid']);
}
// Update canview status of thread subscriptions
update_subscriptions(array('threadids' => array($threadid)));
}
// Undelete Posts
if ($_POST['do'] == 'undeleteposts') {
$vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR));
$postids = explode(',', $vbulletin->GPC['postids']);
foreach ($postids as $index => $postid) {
if (intval($postid) == 0) {
unset($postids["{$index}"]);
} else {
$postids["{$index}"] = intval($postid);
}
}
if (empty($postids)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
if (count($postids) > 400) {
standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit));
}
$postids = implode(',', $postids);
// Validate posts
$posts = $db->query_read_slave("\n\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title, post.userid,\n\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible,\n\t\t\tforum.options AS forum_options\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "forum AS forum USING (forumid)\n\t\tWHERE postid IN ({$postids})\n\t\t\tAND (post.visible = 2 OR (post.visible = 1 AND thread.visible = 2 AND post.postid = thread.firstpostid))\n\t\tORDER BY postid\n\t");
$deletethreads = array();
while ($post = $db->fetch_array($posts)) {
$forumperms = fetch_permissions($post['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
$postarray["{$post['postid']}"] = $post;
$threadlist["{$post['threadid']}"] = true;
$forumlist["{$post['forumid']}"] = true;
if ($post['firstpostid'] == $post['postid']) {
// undeleting a thread so need to update the $tinfo for any other posts in this thread
$firstpost["{$post['threadid']}"] = true;
} else {
if (!empty($firstpost["{$post['threadid']}"])) {
$postarray["{$post['postid']}"]['thread_visible'] = 1;
}
}
}
if (is_array($postarray)) {
foreach ($postarray as $postid => $post) {
$tinfo = array('threadid' => $post['threadid'], 'forumid' => $post['forumid'], 'visible' => $post['thread_visible'], 'firstpostid' => $post['firstpostid']);
undelete_post($post['postid'], $post['forum_options'] & $vbulletin->bf_misc_forumoptions['countposts'], $post, $tinfo, false);
}
}
if (is_array($threadlist)) {
foreach (array_keys($threadlist) as $threadid) {
build_thread_counters($threadid);
}
}
if (is_array($forumlist)) {
foreach (array_keys($forumlist) as $forumid) {
build_forum_counters($forumid);
}
}
}
// Delete As Spam
if ($_REQUEST['do'] == 'dodeletespam') {
$vbulletin->input->clean_array_gpc('p', array('type' => TYPE_STR));
if ($vbulletin->GPC['type'] == 'post') {
$vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR));
$postids = explode(',', $vbulletin->GPC['postids']);
foreach ($postids as $index => $postid) {
if (intval($postid) == 0) {
unset($postids["{$index}"]);
} else {
$postids["{$index}"] = intval($postid);
}
}
if (empty($postids)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
if (count($postids) > $postlimit) {
standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit));
}
} else {
$vbulletin->input->clean_array_gpc('p', array('threadid' => TYPE_STR));
$threadids = explode(',', $vbulletin->GPC['threadid']);
foreach ($threadids as $index => $threadid) {
if (intval($threadid) == 0) {
unset($threadids["{$index}"]);
} else {
$threadids["{$index}"] = intval($threadid);
}
}
if (empty($threadids)) {
standard_error(fetch_error('you_did_not_select_any_valid_threads'));
}
if (count($threadids) > $threadlimit) {
standard_error(fetch_error('you_are_limited_to_working_with_x_threads', $threadlimit));
}
}
$vbulletin->input->clean_array_gpc('p', array('banusers' => TYPE_BOOL, 'userids' => TYPE_STR));
$banusers = false;
if ($vbulletin->GPC['banusers']) {
$banusers = true;
}
$vbulletin->GPC['userid'] = split(',', $vbulletin->GPC['userids']);
$vbulletin->GPC_exists['userid'] = true;
$userids = array();
if ($vbulletin->GPC['type'] == 'thread') {
// threads
$threadarray = array();
$threads = $db->query_read_slave("\n\t\t\tSELECT threadid, open, visible, forumid, title, prefixid, postuserid\n\t\t\tFROM " . TABLE_PREFIX . "thread\n\t\t\tWHERE threadid IN (" . implode(',', $threadids) . ")\n\t\t");
while ($thread = $db->fetch_array($threads)) {
$forumperms = fetch_permissions($thread['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $thread['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
$thread['prefix_plain_html'] = $thread['prefixid'] ? htmlspecialchars_uni($vbphrase["prefix_{$thread['prefixid']}_title_plain"]) . ' ' : '';
if ($thread['open'] == 10) {
if (!can_moderate($thread['forumid'], 'canmanagethreads')) {
// No permission to remove redirects.
standard_error(fetch_error('you_do_not_have_permission_to_manage_thread_redirects', $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
} else {
if (!$thread['visible'] and !can_moderate($thread['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if ($thread['visible'] == 2 and !can_moderate($thread['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if (!can_moderate($thread['forumid'], 'canremoveposts')) {
if (!can_moderate($thread['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
} else {
if (!can_moderate($thread['forumid'], 'candeleteposts')) {
if (!can_moderate($thread['forumid'], 'canremoveposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
}
}
}
}
}
$threadarray["{$thread['threadid']}"] = $thread;
$userids["{$thread['postuserid']}"] = true;
}
if (empty($threadarray)) {
standard_error(fetch_error('you_did_not_select_any_valid_threads'));
}
} else {
// posts
// Validate posts
$postarray = array();
$posts = $db->query_read_slave("\n\t\t\tSELECT post.postid, post.threadid, post.visible, post.title, post.userid,\n\t\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.visible AS thread_visible, thread.firstpostid\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\t");
while ($post = $db->fetch_array($posts)) {
$forumperms = fetch_permissions($post['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
} else {
if (!can_moderate($post['forumid'], 'canremoveposts')) {
if (!can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
} else {
if (!can_moderate($post['forumid'], 'candeleteposts')) {
if (!can_moderate($post['forumid'], 'canremoveposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
}
}
}
$postarray["{$post['postid']}"] = $post;
$userids["{$post['userid']}"] = true;
}
if (empty($postarray)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
}
$user_cache = array();
foreach ($vbulletin->GPC['userid'] as $userid) {
// check that userid appears somewhere in either posts / threads, if they don't then you're doing something naughty
if (!isset($userids["{$userid}"])) {
json_error(ERR_NO_PERMISSION);
}
$user_cache["{$userid}"] = fetch_userinfo($userid);
cache_permissions($user_cache["{$userid}"]);
$user_cache["{$userid}"]['joindate_string'] = vbdate($vbulletin->options['dateformat'], $user_cache["{$userid}"]['joindate']);
}
if ($banusers) {
require_once DIR . '/includes/adminfunctions.php';
require_once DIR . '/includes/functions_banning.php';
if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or can_moderate(0, 'canbanusers'))) {
json_error(ERR_NO_PERMISSION);
}
// check that user has permission to ban the person they want to ban
if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
foreach ($user_cache as $userid => $userinfo) {
if (can_moderate(0, '', $userinfo['userid'], $userinfo['usergroupid'] . (trim($userinfo['membergroupids']) ? ",{$userinfo['membergroupids']}" : '')) or $userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or $userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator'] or is_unalterable_user($userinfo['userid'])) {
standard_error(fetch_error('no_permission_ban_non_registered_users'));
}
}
} else {
foreach ($user_cache as $userid => $userinfo) {
if ($userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or is_unalterable_user($userinfo['userid'])) {
standard_error(fetch_error('no_permission_ban_non_registered_users'));
}
}
}
}
$vbulletin->input->clean_array_gpc('p', array('deleteother' => TYPE_BOOL, 'type' => TYPE_STR, 'deletetype' => TYPE_UINT, 'deletereason' => TYPE_STR, 'keepattachments' => TYPE_BOOL));
$vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']);
// Check if we have users to punish
if (!empty($user_cache)) {
if ($banusers) {
$vbulletin->input->clean_array_gpc('p', array('usergroupid' => TYPE_UINT, 'period' => TYPE_STR, 'reason' => TYPE_STR));
$vbulletin->GPC['reason'] = prepare_remote_utf8_string($vbulletin->GPC['reason']);
if (!isset($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]) or $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']) {
standard_error(fetch_error('invalid_usergroup_specified'));
}
// check that the number of days is valid
if ($vbulletin->GPC['period'] != 'PERMANENT' and !preg_match('#^(D|M|Y)_[1-9][0-9]?$#', $vbulletin->GPC['period'])) {
standard_error(fetch_error('invalid_ban_period_specified'));
}
if ($vbulletin->GPC['period'] == 'PERMANENT') {
// make this ban permanent
$liftdate = 0;
} else {
// get the unixtime for when this ban will be lifted
$liftdate = convert_date_to_timestamp($vbulletin->GPC['period']);
}
$user_dms = array();
$current_bans = $db->query_read("\n\t\t\t\t\tSELECT user.userid, userban.liftdate, userban.bandate\n\t\t\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userban AS userban ON(userban.userid = user.userid)\n\t\t\t\t\tWHERE user.userid IN (" . implode(',', array_keys($user_cache)) . ")\n\t\t\t\t");
while ($current_ban = $db->fetch_array($current_bans)) {
$userinfo = $user_cache["{$current_ban['userid']}"];
$userid = $userinfo['userid'];
if ($current_ban['bandate']) {
// they already have a ban, check if the current one is being made permanent, continue if its not
if ($liftdate and $liftdate < $current_ban['liftdate']) {
continue;
}
// there is already a record - just update this record
$db->query_write("\n\t\t\t\t\t\t\tUPDATE " . TABLE_PREFIX . "userban SET\n\t\t\t\t\t\t\tbandate = " . TIMENOW . ",\n\t\t\t\t\t\t\tliftdate = {$liftdate},\n\t\t\t\t\t\t\tadminid = " . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t\treason = '" . $db->escape_string($vbulletin->GPC['reason']) . "'\n\t\t\t\t\t\t\tWHERE userid = {$userinfo['userid']}\n\t\t\t\t\t\t");
} else {
// insert a record into the userban table
/*insert query*/
$db->query_write("\n\t\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "userban\n\t\t\t\t\t\t\t(userid, usergroupid, displaygroupid, customtitle, usertitle, adminid, bandate, liftdate, reason)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$userinfo['userid']}, {$userinfo['usergroupid']}, {$userinfo['displaygroupid']}, {$userinfo['customtitle']}, '" . $db->escape_string($userinfo['usertitle']) . "', " . $vbulletin->userinfo['userid'] . ", " . TIMENOW . ", {$liftdate}, '" . $db->escape_string($vbulletin->GPC['reason']) . "')\n\t\t\t\t\t\t");
}
// update the user record
$user_dms[$userid] =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$user_dms[$userid]->set_existing($userinfo);
$user_dms[$userid]->set('usergroupid', $vbulletin->GPC['usergroupid']);
$user_dms[$userid]->set('displaygroupid', 0);
// update the user's title if they've specified a special user title for the banned group
if ($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle'] != '') {
$user_dms[$userid]->set('usertitle', $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle']);
$user_dms[$userid]->set('customtitle', 0);
}
$user_dms[$userid]->pre_save();
}
foreach ($user_dms as $userdm) {
$userdm->save();
}
}
}
// delete threads that are defined explicitly as spam by being ticked
$physicaldel = $vbulletin->GPC['deletetype'] == 2 ? true : false;
$skipped_user_prune = array();
if ($vbulletin->GPC['deleteother'] and !empty($user_cache) and can_moderate(-1, 'canmassprune')) {
$remove_all_posts = array();
$user_checks = $db->query_read_slave("SELECT COUNT(*) AS total, userid AS userid FROM " . TABLE_PREFIX . "post WHERE userid IN (" . implode(', ', array_keys($user_cache)) . ") GROUP BY userid");
while ($user_check = $db->fetch_array($user_checks)) {
if (intval($user_check['total']) <= 50) {
$remove_all_posts[] = $user_check['userid'];
} else {
$skipped_user_prune[] = $user_check['userid'];
}
}
if (!empty($remove_all_posts)) {
$threads = $db->query_read_slave("SELECT threadid FROM " . TABLE_PREFIX . "thread WHERE postuserid IN (" . implode(', ', $remove_all_posts) . ")");
while ($thread = $db->fetch_array($threads)) {
$threadids[] = $thread['threadid'];
}
// Yes this can pick up firstposts of threads but we check later on when fetching info, so it won't matter if its already deleted
$posts = $db->query_read_slave("SELECT postid FROM " . TABLE_PREFIX . "post WHERE userid IN (" . implode(', ', $remove_all_posts) . ")");
while ($post = $db->fetch_array($posts)) {
$postids[] = $post['postid'];
}
}
}
if (!empty($threadids)) {
// Validate threads
$threads = $db->query_read_slave("\n\t\t\tSELECT threadid, open, visible, forumid, title, postuserid\n\t\t\tFROM " . TABLE_PREFIX . "thread\n\t\t\tWHERE threadid IN (" . implode(',', $threadids) . ")\n\t\t");
while ($thread = $db->fetch_array($threads)) {
$forumperms = fetch_permissions($thread['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $thread['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ($thread['open'] == 10 and !can_moderate($thread['forumid'], 'canmanagethreads')) {
// No permission to remove redirects.
standard_error(fetch_error('you_do_not_have_permission_to_manage_thread_redirects', $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if (!$thread['visible'] and !can_moderate($thread['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if ($thread['visible'] == 2 and !can_moderate($thread['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if ($thread['open'] != 10) {
if (!can_moderate($thread['forumid'], 'canremoveposts') and $physicaldel) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if (!can_moderate($thread['forumid'], 'candeleteposts') and !$physicaldel) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
}
}
}
}
}
$threadarray["{$thread['threadid']}"] = $thread;
$forumlist["{$thread['forumid']}"] = true;
}
}
$delinfo = array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments']);
foreach ($threadarray as $threadid => $thread) {
$countposts = $vbulletin->forumcache["{$thread['forumid']}"]['options'] & $vbulletin->bf_misc_forumoptions['countposts'];
if (!$physicaldel and $thread['visible'] == 2) {
# Thread is already soft deleted
continue;
}
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$threadman->set_existing($thread);
// Redirect
if ($thread['open'] == 10) {
$threadman->delete(false, true, $delinfo);
} else {
$threadman->delete($countposts, $physicaldel, $delinfo);
}
unset($threadman);
}
if (!empty($postids)) {
// Validate Posts
$posts = $db->query_read_slave("\n\t\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title,\n\t\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\t\tORDER BY postid\n\t\t");
while ($post = $db->fetch_array($posts)) {
$postarray["{$post['postid']}"] = $post;
$threadlist["{$post['threadid']}"] = true;
$forumlist["{$post['forumid']}"] = true;
if ($post['firstpostid'] == $post['postid']) {
// deleting a thread so do not decremement the counters of any other posts in this thread
$firstpost["{$post['threadid']}"] = true;
} else {
if (!empty($firstpost["{$post['threadid']}"])) {
$postarray["{$post['postid']}"]['skippostcount'] = true;
}
}
}
}
$gotothread = true;
foreach ($postarray as $postid => $post) {
$foruminfo = fetch_foruminfo($post['forumid']);
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($post);
$postman->delete($foruminfo['countposts'] and !$post['skippostcount'], $post['threadid'], $physicaldel, $delinfo);
unset($postman);
if ($vbulletin->GPC['threadid'] == $post['threadid'] and $post['postid'] == $post['firstpostid']) {
// we've deleted the thread that we activated this action from so we can only return to the forum
$gotothread = false;
} else {
if ($post['postid'] == $postinfo['postid'] and $physicaldel) {
// we came in via a post, which we have deleted so we have to go back to the thread
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . 't=' . $vbulletin->GPC['threadid'];
}
}
}
foreach (array_keys($threadlist) as $threadid) {
build_thread_counters($threadid);
}
foreach (array_keys($forumlist) as $forumid) {
build_forum_counters($forumid);
}
// empty cookie
if ($vbulletin->GPC['type'] == 'thread') {
setcookie('vbulletin_inlinethread', '', TIMENOW - 3600, '/');
} else {
setcookie('vbulletin_inlinepost', '', TIMENOW - 3600, '/');
}
}
return array('success' => true);
}
if ($threaddata->save())
{
// Reindex first post to set up title properly.
require_once(DIR . '/includes/functions_databuild.php');
delete_post_index($getfirstpost['postid'], $getfirstpost['title'], $getfirstpost['pagetext']);
$getfirstpost['threadtitle'] = $threaddata->fetch_field('title');
$getfirstpost['title'] =& $getfirstpost['threadtitle'];
build_post_index($getfirstpost['postid'] , $foruminfo, 1, $getfirstpost);
cache_ordered_forums(1);
if ($vbulletin->forumcache["$threadinfo[forumid]"]['lastthreadid'] == $threadinfo['threadid'])
{
require_once(DIR . '/includes/functions_databuild.php');
build_forum_counters($threadinfo['forumid']);
}
// we do not appear to log thread title updates
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('foo');
$xml->add_tag('linkhtml', $threaddata->thread['title']);
$threadinfo['title'] = $threaddata->fetch_field('title');
$xml->add_tag('linkhref', fetch_seo_url('thread', $threadinfo));
$xml->close_group('foo');
$xml->print_xml();
exit;
}
}
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
/**
* Additional data to update after a delete call (such as denormalized values in other tables).
*
* @param boolean Do the query?
*/
function post_delete($doquery = true)
{
$db =& $this->registry->db;
$db->query_write("
UPDATE " . TABLE_PREFIX . "thread SET
prefixid = ''
WHERE prefixid = '" . $db->escape_string($this->fetch_field('prefixid')) . "'
");
// need to rebuild last post info in forums that use this prefix
require_once(DIR . '/includes/functions_databuild.php');
$forums = $db->query_read("
SELECT forumid
FROM " . TABLE_PREFIX . "forumprefixset
WHERE prefixsetid = '" . $db->escape_string($this->fetch_field('prefixsetid')) . "'
");
while ($forum = $db->fetch_array($forums))
{
build_forum_counters($forum['forumid']);
}
$db->query_write("
DELETE FROM " . TABLE_PREFIX . "phrase
WHERE varname IN (
'" . $db->escape_string('prefix_' . $this->fetch_field('prefixid') . '_title_plain') . "',
'" . $db->escape_string('prefix_' . $this->fetch_field('prefixid') . '_title_rich') . "'
)
AND fieldname = 'global'
");
require_once(DIR . '/includes/adminfunctions_language.php');
build_language();
require_once(DIR . '/includes/adminfunctions_prefix.php');
build_prefix_datastore();
($hook = vBulletinHook::fetch_hook('prefixdata_delete')) ? eval($hook) : false;
return true;
}
function RebuildForum($parentid)
{
global $vbulletin;
$db = $vbulletin->db;
$forums = $db->query_read("\n\t\tSELECT forumid\n\t\tFROM " . TABLE_PREFIX . "forum\n\t\tWHERE parentid = {$parentid} OR forumid = {$parentid}\n\t\tORDER BY forumid");
while ($forum = $db->fetch_array($forums)) {
build_forum_counters($forum['forumid'], true);
vbflush();
}
// and finally rebuild the forumcache
unset($forumarraycache, $vbulletin->forumcache);
build_forum_permissions();
}
function do_post_edit()
{
global $vbulletin, $db, $foruminfo, $forumperms, $threadinfo;
global $postinfo, $vbphrase, $stylevar, $permissions;
$checked = array();
$edit = array();
$postattach = array();
$contenttype = 'vBForum_Post';
if (!$postinfo['postid'] or $postinfo['isdeleted'] or !$postinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
json_error(ERR_INVALID_TOP, RV_POST_ERROR);
}
if (!$threadinfo['threadid'] or $threadinfo['isdeleted'] or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
json_error(ERR_INVALID_TOP, RV_POST_ERROR);
}
if ($vbulletin->options['wordwrap']) {
$threadinfo['title'] = fetch_word_wrapped_string($threadinfo['title']);
}
// get permissions info
$_permsgetter_ = 'edit post';
$forumperms = fetch_permissions($threadinfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) {
json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
}
$foruminfo = fetch_foruminfo($threadinfo['forumid'], false);
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
// need to get last post-type information
cache_ordered_forums(1);
// determine if we are allowed to be updating the thread's info
$can_update_thread = ($threadinfo['firstpostid'] == $postinfo['postid'] and (can_moderate($threadinfo['forumid'], 'caneditthreads') or $postinfo['dateline'] + $vbulletin->options['editthreadtitlelimit'] * 60 > TIMENOW));
// otherwise, post is being edited
if (!can_moderate($threadinfo['forumid'], 'caneditposts')) {
// check for moderator
if (!$threadinfo['open']) {
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}";
json_error(fetch_error('threadclosed'), RV_POST_ERROR);
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['caneditpost'])) {
json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
} else {
if ($vbulletin->userinfo['userid'] != $postinfo['userid']) {
// check user owns this post
json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
} else {
// check for time limits
if ($postinfo['dateline'] < TIMENOW - $vbulletin->options['edittimelimit'] * 60 and $vbulletin->options['edittimelimit'] != 0) {
json_error(fetch_error('edittimelimit', $vbulletin->options['edittimelimit'], $vbulletin->options['contactuslink']), RV_POST_ERROR);
}
}
}
}
// Variables reused in templates
$poststarttime =& $vbulletin->input->clean_gpc('r', poststarttime, TYPE_UINT);
$posthash = md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']);
$vbulletin->input->clean_array_gpc('p', array('stickunstick' => TYPE_BOOL, 'openclose' => TYPE_BOOL, 'wysiwyg' => TYPE_BOOL, 'message' => TYPE_STR, 'title' => TYPE_STR, 'prefixid' => TYPE_NOHTML, 'iconid' => TYPE_UINT, 'parseurl' => TYPE_BOOL, 'signature' => TYPE_BOOL, 'disablesmilies' => TYPE_BOOL, 'reason' => TYPE_NOHTML, 'preview' => TYPE_STR, 'folderid' => TYPE_UINT, 'emailupdate' => TYPE_UINT, 'ajax' => TYPE_BOOL, 'advanced' => TYPE_BOOL, 'postcount' => TYPE_UINT, 'podcasturl' => TYPE_STR, 'podcastsize' => TYPE_UINT, 'podcastexplicit' => TYPE_BOOL, 'podcastkeywords' => TYPE_STR, 'podcastsubtitle' => TYPE_STR, 'podcastauthor' => TYPE_STR, 'quickeditnoajax' => TYPE_BOOL));
if ($vbulletin->GPC['message']) {
$vbulletin->GPC['message'] = prepare_remote_utf8_string($vbulletin->GPC['message']);
}
$vbulletin->GPC['signature'] = $vbulletin->GPC_exists['signature'] = true;
// Make sure the posthash is valid
($hook = vBulletinHook::fetch_hook('editpost_update_start')) ? eval($hook) : false;
if (md5($poststarttime . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $posthash) {
$posthash = 'invalid posthash';
// don't phrase me
}
// ### PREP INPUT ###
if ($vbulletin->GPC['wysiwyg']) {
require_once DIR . '/includes/functions_wysiwyg.php';
$edit['message'] = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $foruminfo['allowhtml']);
} else {
$edit['message'] =& $vbulletin->GPC['message'];
}
$cansubscribe = true;
// Are we editing someone else's post? If so load that users subscription info for this thread.
if ($vbulletin->userinfo['userid'] != $postinfo['userid']) {
if ($postinfo['userid']) {
$userinfo = fetch_userinfo($postinfo['userid']);
cache_permissions($userinfo);
}
$cansubscribe = ($userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canview'] and $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewthreads'] and ($threadinfo['postuserid'] == $userinfo['userid'] or $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewothers']));
if ($cansubscribe and $otherthreadinfo = $db->query_first_slave("\n\t\t\tSELECT emailupdate, folderid\n\t\t\tFROM " . TABLE_PREFIX . "subscribethread\n\t\t\tWHERE threadid = {$threadinfo['threadid']} AND\n\t\t\t\tuserid = {$postinfo['userid']} AND\n\t\t\t\tcanview = 1")) {
$threadinfo['issubscribed'] = true;
$threadinfo['emailupdate'] = $otherthreadinfo['emailupdate'];
$threadinfo['folderid'] = $otherthreadinfo['folderid'];
} else {
$threadinfo['issubscribed'] = false;
// use whatever emailupdate setting came through
}
}
if ($vbulletin->GPC['ajax'] or $vbulletin->GPC['quickeditnoajax']) {
// quick edit
$tmpmessage = $vbulletin->GPC['ajax'] ? convert_urlencoded_unicode($edit['message']) : $edit['message'];
$edit = $postinfo;
$edit['message'] =& $tmpmessage;
$edit['title'] = unhtmlspecialchars($edit['title']);
$edit['signature'] =& $edit['showsignature'];
$edit['enablesmilies'] =& $edit['allowsmilie'];
$edit['disablesmilies'] = $edit['enablesmilies'] ? 0 : 1;
$edit['parseurl'] = true;
$edit['prefixid'] = $threadinfo['prefixid'];
$edit['reason'] = fetch_censored_text($vbulletin->GPC['ajax'] ? convert_urlencoded_unicode($vbulletin->GPC['reason']) : $vbulletin->GPC['reason']);
} else {
$edit['iconid'] =& $vbulletin->GPC['iconid'];
$edit['title'] =& $vbulletin->GPC['title'];
$edit['prefixid'] = ($vbulletin->GPC_exists['prefixid'] and can_use_prefix($vbulletin->GPC['prefixid'])) ? $vbulletin->GPC['prefixid'] : $threadinfo['prefixid'];
$edit['podcasturl'] =& $vbulletin->GPC['podcasturl'];
$edit['podcastsize'] =& $vbulletin->GPC['podcastsize'];
$edit['podcastexplicit'] =& $vbulletin->GPC['podcastexplicit'];
$edit['podcastkeywords'] =& $vbulletin->GPC['podcastkeywords'];
$edit['podcastsubtitle'] =& $vbulletin->GPC['podcastsubtitle'];
$edit['podcastauthor'] =& $vbulletin->GPC['podcastauthor'];
// Leave this off for quickedit->advanced so that a post with unparsed links doesn't get parsed just by going to Advanced Edit
$edit['parseurl'] = true;
$edit['signature'] =& $vbulletin->GPC['signature'];
$edit['disablesmilies'] =& $vbulletin->GPC['disablesmilies'];
$edit['enablesmilies'] = $edit['allowsmilie'] = $edit['disablesmilies'] ? 0 : 1;
$edit['stickunstick'] =& $vbulletin->GPC['stickunstick'];
$edit['openclose'] =& $vbulletin->GPC['openclose'];
$edit['reason'] = fetch_censored_text($vbulletin->GPC['reason']);
$edit['preview'] =& $vbulletin->GPC['preview'];
$edit['folderid'] =& $vbulletin->GPC['folderid'];
if (!$vbulletin->GPC['advanced']) {
if ($vbulletin->GPC_exists['emailupdate']) {
$edit['emailupdate'] =& $vbulletin->GPC['emailupdate'];
} else {
$edit['emailupdate'] = array_pop($array = array_keys(fetch_emailchecked($threadinfo)));
}
}
}
$dataman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
$dataman->set_existing($postinfo);
($hook = vBulletinHook::fetch_hook('editpost_update_process')) ? eval($hook) : false;
// set info
$dataman->set_info('parseurl', $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_URL and $foruminfo['allowbbcode'] and $edit['parseurl']);
$dataman->set_info('posthash', $posthash);
$dataman->set_info('forum', $foruminfo);
$dataman->set_info('thread', $threadinfo);
$dataman->set_info('show_title_error', true);
$dataman->set_info('podcasturl', $edit['podcasturl']);
$dataman->set_info('podcastsize', $edit['podcastsize']);
$dataman->set_info('podcastexplicit', $edit['podcastexplicit']);
$dataman->set_info('podcastkeywords', $edit['podcastkeywords']);
$dataman->set_info('podcastsubtitle', $edit['podcastsubtitle']);
$dataman->set_info('podcastauthor', $edit['podcastauthor']);
if ($postinfo['userid'] == $vbulletin->userinfo['userid']) {
$dataman->set_info('user', $vbulletin->userinfo);
}
// set options
$dataman->setr('showsignature', $edit['signature']);
$dataman->setr('allowsmilie', $edit['enablesmilies']);
// set data
/*$dataman->setr('userid', $vbulletin->userinfo['userid']);
if ($vbulletin->userinfo['userid'] == 0)
{
$dataman->setr('username', $post['username']);
}*/
$dataman->setr('title', $edit['title']);
$dataman->setr('pagetext', $edit['message']);
if ($postinfo['userid'] != $vbulletin->userinfo['userid']) {
$dataman->setr('iconid', $edit['iconid'], true, false);
} else {
$dataman->setr('iconid', $edit['iconid']);
}
$postusername = $vbulletin->userinfo['username'];
$dataman->pre_save();
if ($dataman->errors) {
$errors = $dataman->errors;
}
if ($dataman->info['podcastsize']) {
$edit['podcastsize'] = $dataman->info['podcastsize'];
}
if (sizeof($errors) > 0) {
fr_standard_error($errors[0]);
} else {
if ($edit['preview']) {
require_once DIR . '/packages/vbattach/attach.php';
$attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post');
$postattach = $attach->fetch_postattach($posthash, $postinfo['postid']);
// ### PREVIEW POST ###
$postpreview = process_post_preview($edit, $postinfo['userid'], $postattach);
$previewpost = true;
$_REQUEST['do'] = 'editpost';
} else {
if ($vbulletin->GPC['advanced']) {
// Don't display preview on QuickEdit->Advanced as parseurl is turned off and so the preview won't be correct unless the post originally had checked to not parse links
// If you turn on parseurl then the opposite happens and you have to go unparse your links if that is what you want. Compromise
$_REQUEST['do'] = 'editpost';
} else {
// ### POST HAS NO ERRORS ###
$dataman->save();
$update_edit_log = true;
// don't show edited by AND reason unchanged - don't update edit log
if (!($permissions['genericoptions'] & $vbulletin->bf_ugp_genericoptions['showeditedby']) and $edit['reason'] == $postinfo['edit_reason']) {
$update_edit_log = false;
}
if ($update_edit_log) {
// ug perm: show edited by
if ($postinfo['dateline'] < TIMENOW - $vbulletin->options['noeditedbytime'] * 60 or !empty($edit['reason'])) {
// save the postedithistory
if ($vbulletin->options['postedithistory']) {
// insert original post on first edit
if (!$db->query_first("SELECT postedithistoryid FROM " . TABLE_PREFIX . "postedithistory WHERE original = 1 AND postid = " . $postinfo['postid'])) {
$db->query_write("\n\t\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "postedithistory\n\t\t\t\t\t\t\t\t(postid, userid, username, title, iconid, dateline, reason, original, pagetext)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t\t\t" . $postinfo['userid'] . ",\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['username']) . "',\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['title']) . "',\n\t\t\t\t\t\t\t\t{$postinfo['iconid']},\n\t\t\t\t\t\t\t\t" . $postinfo['dateline'] . ",\n\t\t\t\t\t\t\t\t'',\n\t\t\t\t\t\t\t\t1,\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['pagetext']) . "')\n\t\t\t\t\t\t");
}
// insert the new version
$db->query_write("\n\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "postedithistory\n\t\t\t\t\t\t\t(postid, userid, username, title, iconid, dateline, reason, pagetext)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t\t" . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['title']) . "',\n\t\t\t\t\t\t\t{$edit['iconid']},\n\t\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['reason']) . "',\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['message']) . "')\n\t\t\t\t\t");
}
/*insert query*/
$db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "editlog\n\t\t\t\t\t\t(postid, userid, username, dateline, reason, hashistory)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t" . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t'" . $db->escape_string($edit['reason']) . "',\n\t\t\t\t\t\t" . ($vbulletin->options['postedithistory'] ? 1 : 0) . ")\n\t\t\t\t");
}
}
$date = vbdate($vbulletin->options['dateformat'], TIMENOW);
$time = vbdate($vbulletin->options['timeformat'], TIMENOW);
// initialize thread / forum update clauses
$forumupdate = false;
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->set_info('pagetext', $edit['message']);
if ($can_update_thread and $edit['title'] != '') {
// need to update thread title and iconid
if (!can_moderate($threadinfo['forumid'])) {
$threadman->set_info('skip_moderator_log', true);
}
$threadman->set_info('skip_first_post_update', true);
if ($edit['title'] != $postinfo['title']) {
$threadman->set('title', unhtmlspecialchars($edit['title']));
}
if ($edit['iconid'] != $postinfo['iconid']) {
$threadman->set('iconid', $edit['iconid']);
}
if ($vbulletin->GPC_exists['prefixid'] and can_use_prefix($vbulletin->GPC['prefixid'])) {
$threadman->set('prefixid', $vbulletin->GPC['prefixid']);
if ($threadman->thread['prefixid'] === '' and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) {
// the prefix wasn't valid or was set to an empty one, but that's not allowed
$threadman->do_unset('prefixid');
}
}
// do we need to update the forum counters?
$forumupdate = $foruminfo['lastthreadid'] == $threadinfo['threadid'] ? true : false;
}
// can this user open/close this thread if they want to?
if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) {
$threadman->set('open', $threadman->fetch_field('open') == 1 ? 0 : 1);
}
if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
$threadman->set('sticky', $threadman->fetch_field('sticky') == 1 ? 0 : 1);
}
($hook = vBulletinHook::fetch_hook('editpost_update_thread')) ? eval($hook) : false;
$threadman->save();
// if this is a mod edit, then log it
if ($vbulletin->userinfo['userid'] != $postinfo['userid'] and can_moderate($threadinfo['forumid'], 'caneditposts')) {
$modlog = array('threadid' => $threadinfo['threadid'], 'forumid' => $threadinfo['forumid'], 'postid' => $postinfo['postid']);
log_moderator_action($modlog, 'post_x_edited', $postinfo['title']);
}
require_once DIR . '/includes/functions_databuild.php';
// do forum update if necessary
if ($forumupdate) {
build_forum_counters($threadinfo['forumid']);
}
// don't do thread subscriptions if we are doing quick edit
if (!$vbulletin->GPC['ajax'] and !$vbulletin->GPC['quickeditnoajax']) {
// ### DO THREAD SUBSCRIPTION ###
// We use $postinfo[userid] so that we update the user who posted this, not the user who is editing this
if (!$threadinfo['issubscribed'] and $edit['emailupdate'] != 9999) {
// user is not subscribed to this thread so insert it
/*insert query*/
$db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES ({$postinfo['userid']}, {$threadinfo['threadid']}, {$edit['emailupdate']}, {$edit['folderid']}, 1)\n\t\t\t\t");
} else {
// User is subscribed, see if they changed the settings for this thread
if ($edit['emailupdate'] == 9999) {
// Remove this subscription, user chose 'No Subscription'
/*insert query*/
$db->query_write("\n\t\t\t\t\t\tDELETE FROM " . TABLE_PREFIX . "subscribethread\n\t\t\t\t\t\tWHERE threadid = {$threadinfo['threadid']}\n\t\t\t\t\t\t\tAND userid = {$postinfo['userid']}\n\t\t\t\t\t");
} else {
if ($threadinfo['emailupdate'] != $edit['emailupdate'] or $threadinfo['folderid'] != $edit['folderid']) {
// User changed the settings so update the current record
/*insert query*/
$db->query_write("\n\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\t\tVALUES ({$postinfo['userid']}, {$threadinfo['threadid']}, {$edit['emailupdate']}, {$edit['folderid']}, 1)\n\t\t\t\t\t");
}
}
}
}
($hook = vBulletinHook::fetch_hook('editpost_update_complete')) ? eval($hook) : false;
}
}
}
return array('success' => true);
}
