/**
* Fetch available prefixes of a Channel. It has permission check,
* So if an user doesn't have permission to use a prefix, the prefix
* won't be returned.
*
* @param int $nodeid Channel node ID
* @param bool $permcheck If set to true, it will return only the prefixes that
* a user can use
*
* @return array Prefixes in format [PrefixsetID][PrefixID] => array(prefixid, usergroupids)
*/
public function fetch($nodeid, $permcheck = true)
{
if (!$nodeid) {
return array();
}
if (!isset($this->cache[$nodeid][$permcheck])) {
require_once DIR . '/includes/functions_prefix.php';
$prefixsets = array();
if ($prefixsets = fetch_prefix_array($nodeid)) {
if ($permcheck) {
foreach ($prefixsets as $prefixsetid => $prefixes) {
foreach ($prefixes as $prefixid => $prefix) {
if (!can_use_prefix($prefixid, $prefix['restrictions'])) {
unset($prefixsets[$prefixsetid][$prefixid]);
}
}
}
}
}
$this->cache[$nodeid][$permcheck] = $prefixsets;
}
return $this->cache[$nodeid][$permcheck];
}
/**
* Returns HTML of options/optgroups for direct display in a template for the
* selected forum.
*
* @param integer Forum ID to show prefixes from
* @param string Selected prefix ID
* @param boolean Whether to check whether the user can use the prefix before returning it in the list
*
* @return string HTML to output
*/
function fetch_prefix_html($forumid, $selectedid = '', $permcheck = false)
{
global $vbulletin, $vbphrase;
$prefix_options = '';
if ($prefixsets = fetch_prefix_array($forumid)) {
foreach ($prefixsets as $prefixsetid => $prefixes) {
$optgroup_options = '';
foreach ($prefixes as $prefixid => $prefix) {
if ($permcheck and !can_use_prefix($prefixid, $prefix['restrictions']) and $prefixid != $selectedid) {
continue;
}
$optionvalue = $prefixid;
$optiontitle = htmlspecialchars_uni($vbphrase["prefix_{$prefixid}_title_plain"]);
$optionselected = $prefixid == $selectedid ? ' selected="selected"' : '';
$optionclass = '';
$optgroup_options .= render_option_template($optiontitle, $optionvalue, $optionselected, $optionclass);
}
// Make sure we dont try to add the prefix set if we've restricted them all.
if ($optgroup_options != '') {
// if there's only 1 prefix set available, we don't want to show the optgroup
if (sizeof($prefixsets) > 1) {
$optgroup_label = htmlspecialchars_uni($vbphrase["prefixset_{$prefixsetid}_title"]);
$templater = vB_Template::create('optgroup');
$templater->register('optgroup_extra', $optgroup_extra);
$templater->register('optgroup_label', $optgroup_label);
$templater->register('optgroup_options', $optgroup_options);
$prefix_options .= $templater->render();
} else {
$prefix_options = $optgroup_options;
}
}
}
}
return $prefix_options;
}
standard_error(fetch_error('session_timed_out_login'), '', false, 'STANDARD_ERROR_LOGIN');
}
($hook = vBulletinHook::fetch_hook('newthread_post_start')) ? eval($hook) : false;
if ($vbulletin->GPC['wysiwyg']) {
require_once DIR . '/includes/functions_wysiwyg.php';
$newpost['message'] = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $foruminfo['allowhtml']);
} else {
$newpost['message'] =& $vbulletin->GPC['message'];
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canpostpoll'])) {
$vbulletin->GPC['postpoll'] = false;
}
$newpost['title'] =& $vbulletin->GPC['subject'];
$newpost['iconid'] =& $vbulletin->GPC['iconid'];
require_once DIR . '/includes/functions_prefix.php';
if (can_use_prefix($vbulletin->GPC['prefixid'])) {
$newpost['prefixid'] =& $vbulletin->GPC['prefixid'];
}
if ($show['tag_option']) {
$newpost['taglist'] =& $vbulletin->GPC['taglist'];
}
$newpost['parseurl'] = ($vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_URL and $foruminfo['allowbbcode'] and $vbulletin->GPC['parseurl']);
$newpost['signature'] =& $vbulletin->GPC['signature'];
$newpost['preview'] =& $vbulletin->GPC['preview'];
$newpost['disablesmilies'] =& $vbulletin->GPC['disablesmilies'];
$newpost['rating'] =& $vbulletin->GPC['rating'];
$newpost['username'] =& $vbulletin->GPC['username'];
$newpost['postpoll'] =& $vbulletin->GPC['postpoll'];
$newpost['polloptions'] =& $vbulletin->GPC['polloptions'];
$newpost['folderid'] =& $vbulletin->GPC['folderid'];
$newpost['humanverify'] =& $vbulletin->GPC['humanverify'];
function do_get_forum()
{
global $vbulletin, $db, $show, $vbphrase, $foruminfo;
$canpost = true;
$vbulletin->input->clean_array_gpc('r', array('fid' => TYPE_INT, 'previewtype' => TYPE_INT));
$previewtype = $vbulletin->GPC['previewtype'];
if (!$previewtype) {
$previewtype = 1;
}
if (empty($foruminfo['forumid'])) {
$forumid = -1;
} else {
$vbulletin->input->clean_array_gpc('r', array('password' => TYPE_STR));
// Check the forum password
if ($vbulletin->GPC['password'] && $foruminfo['password'] == $vbulletin->GPC['password']) {
// Set a temp cookie for guests
if (!$vbulletin->userinfo['userid']) {
set_bbarray_cookie('forumpwd', $foruminfo['forumid'], md5($vbulletin->userinfo['userid'] . $vbulletin->GPC['password']));
} else {
set_bbarray_cookie('forumpwd', $foruminfo['forumid'], md5($vbulletin->userinfo['userid'] . $vbulletin->GPC['password']), 1);
}
}
$perpage = $vbulletin->input->clean_gpc('r', 'perpage', TYPE_UINT);
$pagenumber = $vbulletin->input->clean_gpc('r', 'pagenumber', TYPE_UINT);
$daysprune = $vbulletin->input->clean_gpc('r', 'daysprune', TYPE_INT);
$sortfield = $vbulletin->input->clean_gpc('r', 'sortfield', TYPE_STR);
// get permission to view forum
$_permsgetter_ = 'forumdisplay';
$forumperms = fetch_permissions($foruminfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
json_error(ERR_NO_PERMISSION);
}
// Check for forum password!
if (!verify_forum_password($foruminfo['forumid'], $foruminfo['password'], false)) {
json_error(ERR_NEED_PASSWORD, RV_NEED_FORUM_PASSWORD);
}
// Can we post in this forum?
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canpostnew'])) {
$canpost = false;
}
$forumid = $foruminfo['forumid'];
}
// Can forum contain threads?
$announcements_out = array();
// These $_REQUEST values will get used in the sort template so they are assigned to normal variables
$perpage = $vbulletin->input->clean_gpc('r', 'perpage', TYPE_UINT);
$pagenumber = $vbulletin->input->clean_gpc('r', 'pagenumber', TYPE_UINT);
$daysprune = $vbulletin->input->clean_gpc('r', 'daysprune', TYPE_INT);
$sortfield = $vbulletin->input->clean_gpc('r', 'sortfield', TYPE_STR);
// get permission to view forum
$_permsgetter_ = 'forumdisplay';
$forumperms = fetch_permissions($foruminfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
json_error(ERR_NO_PERMISSION);
}
// disable thread preview if we can't view threads
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) {
$vbulletin->options['threadpreview'] = 0;
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
// verify that we are at the canonical SEO url
// and redirect to this if not
//verify_seo_url('forum', $foruminfo, array('pagenumber' => $_REQUEST['pagenumber']));
// get vbulletin->iforumcache - for use by makeforumjump and forums list
// fetch the forum even if they are invisible since its needed
// for the title but we'll unset that further down
// also fetch subscription info for $show['subscribed'] variable
cache_ordered_forums(1, 1, $vbulletin->userinfo['userid']);
$show['newthreadlink'] = iif(!$show['search_engine'] and $foruminfo['allowposting'], true, false);
$show['threadicons'] = iif($foruminfo['allowicons'], true, false);
$show['threadratings'] = iif($foruminfo['allowratings'], true, false);
$show['subscribed_to_forum'] = $vbulletin->forumcache["{$foruminfo['forumid']}"]['subscribeforumid'] != '' ? true : false;
if (!$daysprune) {
if ($vbulletin->userinfo['daysprune']) {
$daysprune = $vbulletin->userinfo['daysprune'];
} else {
$daysprune = iif($foruminfo['daysprune'], $foruminfo['daysprune'], 30);
}
}
$daysprune = -1;
// FRNR
// ### GET FORUMS, PERMISSIONS, MODERATOR iCACHES ########################
cache_moderators();
// draw nav bar
$navbits = array();
$navbits[$vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']] = $vbphrase['forum'];
$parentlist = array_reverse(explode(',', substr($foruminfo['parentlist'], 0, -3)));
foreach ($parentlist as $forumID) {
$forumTitle = $vbulletin->forumcache["{$forumID}"]['title'];
$navbits[fetch_seo_url('forum', array('forumid' => $forumID, 'title' => $forumTitle))] = $forumTitle;
}
// pop the last element off the end of the $nav array so that we can show it without a link
array_pop($navbits);
$navbits[''] = $foruminfo['title'];
$navbits = construct_navbits($navbits);
$navbar = render_navbar_template($navbits);
$moderatorslist = '';
$listexploded = explode(',', $foruminfo['parentlist']);
$showmods = array();
$show['moderators'] = false;
$totalmods = 0;
foreach ($listexploded as $parentforumid) {
if (!$imodcache["{$parentforumid}"] or $parentforumid == -1) {
continue;
}
foreach ($imodcache["{$parentforumid}"] as $moderator) {
if ($showmods["{$moderator['userid']}"] === true) {
continue;
}
$showmods["{$moderator['userid']}"] = true;
$show['comma_leader'] = $moderatorslist != '';
$show['moderators'] = true;
$totalmods++;
}
}
// ### BUILD FORUMS LIST #################################################
// get an array of child forum ids for this forum
$foruminfo['childlist'] = explode(',', $foruminfo['childlist']);
// define max depth for forums display based on $vbulletin->options[forumhomedepth]
define('MAXFORUMDEPTH', $vbulletin->options['forumdisplaydepth']);
if (($vbulletin->options['showforumusers'] == 1 or $vbulletin->options['showforumusers'] == 2 or $vbulletin->options['showforumusers'] > 2 and $vbulletin->userinfo['userid']) and !$show['search_engine']) {
$datecut = TIMENOW - $vbulletin->options['cookietimeout'];
$forumusers = $db->query_read_slave("\n \t\tSELECT user.username, (user.options & " . $vbulletin->bf_misc_useroptions['invisible'] . ") AS invisible, user.usergroupid,\n \t\t\tsession.userid, session.inforum, session.lastactivity, session.badlocation,\n \t\t\tIF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid\n \t\tFROM " . TABLE_PREFIX . "session AS session\n \t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = session.userid)\n \t\tWHERE session.lastactivity > {$datecut}\n \t\tORDER BY" . iif($vbulletin->options['showforumusers'] == 1 or $vbulletin->options['showforumusers'] == 3, " username ASC,") . " lastactivity DESC\n \t");
$numberregistered = 0;
$numberguest = 0;
$doneuser = array();
if ($vbulletin->userinfo['userid']) {
// fakes the user being in this forum
$loggedin = array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'invisible' => $vbulletin->userinfo['invisible'], 'invisiblemark' => $vbulletin->userinfo['invisiblemark'], 'inforum' => $foruminfo['forumid'], 'lastactivity' => TIMENOW, 'musername' => $vbulletin->userinfo['musername']);
$numberregistered = 1;
fetch_online_status($loggedin);
$show['comma_leader'] = false;
$doneuser["{$vbulletin->userinfo['userid']}"] = 1;
}
$inforum = array();
// this require the query to have lastactivity ordered by DESC so that the latest location will be the first encountered.
while ($loggedin = $db->fetch_array($forumusers)) {
if ($loggedin['badlocation']) {
continue;
}
if (empty($doneuser["{$loggedin['userid']}"])) {
if (in_array($loggedin['inforum'], $foruminfo['childlist']) and $loggedin['inforum'] != -1) {
if (!$loggedin['userid']) {
// this is a guest
$numberguest++;
$inforum["{$loggedin['inforum']}"]++;
} else {
$numberregistered++;
$inforum["{$loggedin['inforum']}"]++;
if (fetch_online_status($loggedin)) {
fetch_musername($loggedin);
$show['comma_leader'] = $activeusers != '';
}
}
}
if ($loggedin['userid']) {
$doneuser["{$loggedin['userid']}"] = 1;
}
}
}
if (!$vbulletin->userinfo['userid']) {
$numberguest = $numberguest == 0 ? 1 : $numberguest;
}
$totalonline = $numberregistered + $numberguest;
unset($joingroupid, $key, $datecut, $invisibleuser, $userinfo, $userid, $loggedin, $index, $value, $forumusers, $parentarray);
$show['activeusers'] = true;
} else {
$show['activeusers'] = false;
}
// #############################################################################
// get read status for this forum and children
$unreadchildforums = 0;
foreach ($foruminfo['childlist'] as $val) {
if ($val == -1 or $val == $foruminfo['forumid']) {
continue;
}
if ($vbulletin->options['threadmarking'] and $vbulletin->userinfo['userid']) {
$lastread_child = max($vbulletin->forumcache["{$val}"]['forumread'], TIMENOW - $vbulletin->options['markinglimit'] * 86400);
} else {
$lastread_child = max(intval(fetch_bbarray_cookie('forum_view', $val)), $vbulletin->userinfo['lastvisit']);
}
if ($vbulletin->forumcache["{$val}"]['lastpost'] > $lastread_child) {
$unreadchildforums = 1;
break;
}
}
$forumbits = fr_construct_forum_bit($forumid);
// admin tools
$show['post_queue'] = can_moderate($foruminfo['forumid'], 'canmoderateposts');
$show['attachment_queue'] = can_moderate($foruminfo['forumid'], 'canmoderateattachments');
$show['mass_move'] = can_moderate($foruminfo['forumid'], 'canmassmove');
$show['mass_prune'] = can_moderate($foruminfo['forumid'], 'canmassprune');
$show['post_new_announcement'] = can_moderate($foruminfo['forumid'], 'canannounce');
$show['addmoderator'] = $permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'];
$show['adminoptions'] = ($show['post_queue'] or $show['attachment_queue'] or $show['mass_move'] or $show['mass_prune'] or $show['addmoderator'] or $show['post_new_announcement']);
$navpopup = array('id' => 'forumdisplay_navpopup', 'title' => $foruminfo['title_clean'], 'link' => fetch_seo_url('forum', $foruminfo));
construct_quick_nav($navpopup);
/////////////////////////////////
if ($foruminfo['cancontainthreads']) {
/////////////////////////////////
if ($vbulletin->options['threadmarking'] and $vbulletin->userinfo['userid']) {
$foruminfo['forumread'] = $vbulletin->forumcache["{$foruminfo['forumid']}"]['forumread'];
$lastread = max($foruminfo['forumread'], TIMENOW - $vbulletin->options['markinglimit'] * 86400);
} else {
$bbforumview = intval(fetch_bbarray_cookie('forum_view', $foruminfo['forumid']));
$lastread = max($bbforumview, $vbulletin->userinfo['lastvisit']);
}
// Inline Moderation
$show['movethread'] = can_moderate($forumid, 'canmanagethreads') ? true : false;
$show['deletethread'] = (can_moderate($forumid, 'candeleteposts') or can_moderate($forumid, 'canremoveposts')) ? true : false;
$show['approvethread'] = can_moderate($forumid, 'canmoderateposts') ? true : false;
$show['openthread'] = can_moderate($forumid, 'canopenclose') ? true : false;
$show['inlinemod'] = ($show['movethread'] or $show['deletethread'] or $show['approvethread'] or $show['openthread']) ? true : false;
$show['spamctrls'] = ($show['inlinemod'] and $show['deletethread']);
$url = $show['inlinemod'] ? SCRIPTPATH : '';
// fetch popup menu
if ($show['popups'] and $show['inlinemod']) {
} else {
$threadadmin_imod_thread_menu = '';
}
// get announcements
$announcebits = '';
if ($show['threadicons'] and $show['inlinemod']) {
$announcecolspan = 6;
} else {
if (!$show['threadicons'] and !$show['inlinemod']) {
$announcecolspan = 4;
} else {
$announcecolspan = 5;
}
}
$mindate = TIMENOW - 2592000;
// 30 days
$hook_query_fields = $hook_query_joins = $hook_query_where = '';
$announcements = $db->query_read_slave("\n \t\tSELECT\n \t\t\tannouncement.announcementid, startdate, title, announcement.views,\n \t\t\tuser.username, user.userid, user.usertitle, user.customtitle, user.usergroupid,\n \t\t\tIF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid\n \t\t\t" . ($vbulletin->userinfo['userid'] ? ", NOT ISNULL(announcementread.announcementid) AS readannounce" : "") . "\n \t\t\t{$hook_query_fields}\n \t\tFROM " . TABLE_PREFIX . "announcement AS announcement\n \t\t" . ($vbulletin->userinfo['userid'] ? "LEFT JOIN " . TABLE_PREFIX . "announcementread AS announcementread ON (announcementread.announcementid = announcement.announcementid AND announcementread.userid = " . $vbulletin->userinfo['userid'] . ")" : "") . "\n \t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = announcement.userid)\n \t\t{$hook_query_joins}\n \t\tWHERE startdate <= " . TIMENOW . "\n \t\t\tAND enddate >= " . TIMENOW . "\n \t\t\tAND " . fetch_forum_clause_sql($foruminfo['forumid'], 'forumid') . "\n \t\t\t{$hook_query_where}\n \t\tORDER BY startdate DESC, announcement.announcementid DESC\n \t\t" . iif($vbulletin->options['oneannounce'], "LIMIT 1"));
while ($announcement = $db->fetch_array($announcements)) {
fetch_musername($announcement);
$announcement['title'] = fetch_censored_text($announcement['title']);
$announcement['postdate'] = vbdate($vbulletin->options['dateformat'], $announcement['startdate']);
if ($announcement['readannounce'] or $announcement['startdate'] <= $mindate) {
$announcement['statusicon'] = 'old';
} else {
$announcement['statusicon'] = 'new';
}
$announcement['views'] = vb_number_format($announcement['views']);
$announcementidlink = iif(!$vbulletin->options['oneannounce'], "&a={$announcement['announcementid']}");
// FRNR START
if ($pagenumber == 1) {
$avatarurl = '';
$userinfoavatar = fetch_userinfo($announcement['userid'], FETCH_USERINFO_AVATAR);
fetch_avatar_from_userinfo($userinfoavatar, true, false);
if ($userinfoavatar['avatarurl'] != '') {
$avatarurl = process_avatarurl($userinfoavatar['avatarurl']);
}
unset($userinfoavatar);
$tmp = array('thread_id' => $foruminfo['forumid'], 'announcement' => 1, 'new_posts' => $announcement['readannounce'] ? 0 : 1, 'thread_title' => prepare_utf8_string(strip_tags($announcement['title'])), 'thread_preview' => prepare_utf8_string(preview_chop(html_entity_decode($announcement['pagetext']), FR_PREVIEW_LEN)), 'post_userid' => $announcement['userid'], 'post_lastposttime' => prepare_utf8_string(date_trunc($announcement['postdate'])), 'post_username' => prepare_utf8_string(strip_tags($announcement['username'])));
if ($avatarurl != '') {
$tmp['avatarurl'] = $avatarurl;
}
$announcements_out[] = $tmp;
}
// FRNR END
}
// display threads
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers'])) {
$limitothers = "AND postuserid = " . $vbulletin->userinfo['userid'] . " AND " . $vbulletin->userinfo['userid'] . " <> 0";
} else {
$limitothers = '';
}
if (can_moderate($foruminfo['forumid'])) {
$redirectjoin = "LEFT JOIN " . TABLE_PREFIX . "threadredirect AS threadredirect ON(thread.open = 10 AND thread.threadid = threadredirect.threadid)";
} else {
$redirectjoin = '';
}
// filter out deletion notices if can't be seen
if ($forumperms & $vbulletin->bf_ugp_forumpermissions['canseedelnotice'] or can_moderate($foruminfo['forumid'])) {
$canseedelnotice = true;
$deljoin = "LEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON(thread.threadid = deletionlog.primaryid AND deletionlog.type = 'thread')";
} else {
$canseedelnotice = false;
$deljoin = '';
}
// remove threads from users on the global ignore list if user is not a moderator
if ($Coventry = fetch_coventry('string') and !can_moderate($foruminfo['forumid'])) {
$globalignore = "AND postuserid NOT IN ({$Coventry}) ";
} else {
$globalignore = '';
}
// look at thread limiting options
$stickyids = '';
$stickycount = 0;
if ($daysprune != -1) {
if ($vbulletin->userinfo['userid'] and in_coventry($vbulletin->userinfo['userid'], true)) {
$tachyjoin = "LEFT JOIN " . TABLE_PREFIX . "tachythreadpost AS tachythreadpost ON " . "(tachythreadpost.threadid = thread.threadid AND tachythreadpost.userid = " . $vbulletin->userinfo['userid'] . ")";
$datecut = " AND (thread.lastpost >= " . (TIMENOW - $daysprune * 86400) . " OR tachythreadpost.lastpost >= " . (TIMENOW - $daysprune * 86400) . ")";
} else {
$datecut = "AND lastpost >= " . (TIMENOW - $daysprune * 86400);
$tachyjoin = "";
}
$show['noposts'] = false;
} else {
$tachyjoin = "";
$datecut = "";
$show['noposts'] = true;
}
// complete form fields on page
$daysprunesel = iif($daysprune == -1, 'all', $daysprune);
$daysprunesel = array($daysprunesel => 'selected="selected"');
$vbulletin->input->clean_array_gpc('r', array('sortorder' => TYPE_NOHTML, 'prefixid' => TYPE_NOHTML));
// prefix options
$prefix_options = fetch_prefix_html($foruminfo['forumid'], $vbulletin->GPC['prefixid']);
$prefix_selected = array('anythread', 'anythread' => '', 'none' => '');
if ($vbulletin->GPC['prefixid']) {
//no prefix id
if ($vbulletin->GPC['prefixid'] == '-1') {
$prefix_filter = "AND thread.prefixid = ''";
$prefix_selected['none'] = ' selected="selected"';
} else {
if ($vbulletin->GPC['prefixid'] == '-2') {
$prefix_filter = "AND thread.prefixid <> ''";
$prefix_selected['anyprefix'] = ' selected="selected"';
} else {
$prefix_filter = "AND thread.prefixid = '" . $db->escape_string($vbulletin->GPC['prefixid']) . "'";
}
}
} else {
$prefix_filter = '';
$prefix_selected['anythread'] = ' selected="selected"';
}
// default sorting methods
if (empty($sortfield)) {
$sortfield = $foruminfo['defaultsortfield'];
}
if (empty($vbulletin->GPC['sortorder'])) {
$vbulletin->GPC['sortorder'] = $foruminfo['defaultsortorder'];
}
// look at sorting options:
if ('asc' != ($sortorder = $vbulletin->GPC['sortorder'])) {
$sqlsortorder = 'DESC';
$order = array('desc' => 'checked="checked"');
$vbulletin->GPC['sortorder'] = 'desc';
} else {
$sqlsortorder = '';
$order = array('asc' => 'checked="checked"');
}
$sqlsortfield2 = '';
switch ($sortfield) {
case 'title':
$sqlsortfield = 'thread.title';
break;
case 'lastpost':
$sqlsortfield = 'lastpost';
break;
case 'replycount':
case 'views':
$sqlsortfield = 'views';
case 'postusername':
$sqlsortfield = $sortfield;
break;
case 'voteavg':
if ($foruminfo['allowratings']) {
$sqlsortfield = 'voteavg';
$sqlsortfield2 = 'votenum';
break;
}
case 'dateline':
$sqlsortfield = 'thread.dateline';
break;
// else, use last post
// else, use last post
default:
$handled = false;
if (!$handled) {
$sqlsortfield = 'lastpost';
$sortfield = 'lastpost';
}
}
$sort = array($sortfield => 'selected="selected"');
$visiblethreads = " AND visible = 1";
/*if (!can_moderate($forumid, 'canmoderateposts'))
{
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canseedelnotice']))
{
$visiblethreads = " AND visible = 1 ";
}
else
{
$visiblethreads = " AND visible IN (1,2)";
}
}
else
{
$visiblethreads = " AND visible IN (0,1,2)";
}*/
$hook_query_fields = $hook_query_joins = $hook_query_where = '';
# Include visible IN (0,1,2) in order to hit upon the 4 column index
$threadscount = $db->query_first_slave("\n \t\tSELECT COUNT(*) AS threads, SUM(IF(thread.lastpost > {$lastread} AND open <> 10, 1, 0)) AS newthread\n \t\t{$hook_query_fields}\n \t\tFROM " . TABLE_PREFIX . "thread AS thread\n \t\t{$tachyjoin}\n \t\t{$hook_query_joins}\n \t\tWHERE forumid = {$foruminfo['forumid']}\n \t\t\tAND sticky = 0\n \t\t\t{$prefix_filter}\n \t\t\t{$visiblethreads}\n \t\t\t{$globalignore}\n \t\t\t{$limitothers}\n \t\t\t{$datecut}\n \t\t\t{$hook_query_where}\n \t");
$totalthreads = $threadscount['threads'];
$newthreads = $threadscount['newthread'];
// set defaults
sanitize_pageresults($totalthreads, $pagenumber, $perpage, 200, $vbulletin->options['maxthreads']);
// get number of sticky threads for the first page
// on the first page there will be the sticky threads PLUS the $perpage other normal threads
// not quite a bug, but a deliberate feature!
if ($pagenumber == 1) {
$stickies = $db->query_read_slave("\n \t\t\tSELECT thread.threadid, lastpost, open\n \t\t\tFROM " . TABLE_PREFIX . "thread AS thread\n \t\t\tWHERE forumid = {$foruminfo['forumid']}\n \t\t\t\tAND sticky = 1\n \t\t\t\t{$prefix_filter}\n \t\t\t\t{$visiblethreads}\n \t\t\t\t{$limitothers}\n \t\t\t\t{$globalignore}\n \t\t");
while ($thissticky = $db->fetch_array($stickies)) {
$stickycount++;
if ($thissticky['lastpost'] >= $lastread and $thissticky['open'] != 10) {
$newthreads++;
}
$stickyids .= ",{$thissticky['threadid']}";
}
$db->free_result($stickies);
unset($thissticky, $stickies);
}
$limitlower = ($pagenumber - 1) * $perpage;
$limitupper = $pagenumber * $perpage;
if ($limitupper > $totalthreads) {
$limitupper = $totalthreads;
if ($limitlower > $totalthreads) {
$limitlower = $totalthreads - $perpage - 1;
}
}
if ($limitlower < 0) {
$limitlower = 0;
}
if ($foruminfo['allowratings']) {
$vbulletin->options['showvotes'] = intval($vbulletin->options['showvotes']);
$votequery = "\n \t\t\tIF(votenum >= " . $vbulletin->options['showvotes'] . ", votenum, 0) AS votenum,\n \t\t\tIF(votenum >= " . $vbulletin->options['showvotes'] . " AND votenum > 0, votetotal / votenum, 0) AS voteavg,\n \t\t";
} else {
$votequery = '';
}
if ($previewtype == 1) {
$previewfield = "post.pagetext AS preview, post.username AS lastpost_username, post.userid AS lastpost_userid,";
$previewjoin = "LEFT JOIN " . TABLE_PREFIX . "post AS post ON(post.postid = thread.firstpostid)";
} else {
$previewfield = "post.pagetext AS preview, post.username AS lastpost_username, post.userid AS lastpost_userid,";
$previewjoin = "LEFT JOIN " . TABLE_PREFIX . "post AS post ON(post.postid = thread.lastpostid)";
}
if ($vbulletin->userinfo['userid'] and in_coventry($vbulletin->userinfo['userid'], true)) {
$tachyjoin = "\n \t\t\tLEFT JOIN " . TABLE_PREFIX . "tachythreadpost AS tachythreadpost ON\n \t\t\t\t(tachythreadpost.threadid = thread.threadid AND tachythreadpost.userid = " . $vbulletin->userinfo['userid'] . ")\n \t\t\tLEFT JOIN " . TABLE_PREFIX . "tachythreadcounter AS tachythreadcounter ON\n \t\t\t\t(tachythreadcounter.threadid = thread.threadid AND tachythreadcounter.userid = " . $vbulletin->userinfo['userid'] . ")\n \t\t";
$tachy_columns = "\n \t\t\tIF(tachythreadpost.userid IS NULL, thread.lastpost, tachythreadpost.lastpost) AS lastpost,\n \t\t\tIF(tachythreadpost.userid IS NULL, thread.lastposter, tachythreadpost.lastposter) AS lastposter,\n \t\t\tIF(tachythreadpost.userid IS NULL, thread.lastposterid, tachythreadpost.lastposterid) AS lastposterid,\n \t\t\tIF(tachythreadpost.userid IS NULL, thread.lastpostid, tachythreadpost.lastpostid) AS lastpostid,\n \t\t\tIF(tachythreadcounter.userid IS NULL, thread.replycount, thread.replycount + tachythreadcounter.replycount) AS replycount,\n \t\t\tIF(thread.views<=IF(tachythreadcounter.userid IS NULL, thread.replycount, thread.replycount + tachythreadcounter.replycount), IF(tachythreadcounter.userid IS NULL, thread.replycount, thread.replycount + tachythreadcounter.replycount)+1, thread.views) AS views\n \t\t";
} else {
$tachyjoin = '';
$tachy_columns = 'thread.lastpost, thread.lastposter, thread.lastposterid, thread.lastpostid, thread.replycount, IF(thread.views<=thread.replycount, thread.replycount+1, thread.views) AS views';
}
$hook_query_fields = $hook_query_joins = $hook_query_where = '';
$getthreadids = $db->query_read_slave("\n \t\tSELECT " . iif($sortfield == 'voteavg', $votequery) . " thread.threadid,\n \t\t\t{$tachy_columns}\n \t\t\t{$hook_query_fields}\n \t\tFROM " . TABLE_PREFIX . "thread AS thread\n \t\t{$tachyjoin}\n \t\t{$hook_query_joins}\n \t\tWHERE forumid = {$foruminfo['forumid']}\n \t\t\tAND sticky = 0\n \t\t\t{$prefix_filter}\n \t\t\t{$visiblethreads}\n \t\t\t{$globalignore}\n \t\t\t{$limitothers}\n \t\t\t{$datecut}\n \t\t\t{$hook_query_where}\n \t\tORDER BY sticky DESC, {$sqlsortfield} {$sqlsortorder}" . (!empty($sqlsortfield2) ? ", {$sqlsortfield2} {$sqlsortorder}" : '') . "\n \t\tLIMIT {$limitlower}, {$perpage}\n \t");
$ids = '';
while ($thread = $db->fetch_array($getthreadids)) {
$ids .= ',' . $thread['threadid'];
}
$ids .= $stickyids;
$db->free_result($getthreadids);
unset($thread, $getthreadids);
$hook_query_fields = $hook_query_joins = $hook_query_where = '';
$threads = $db->query_read_slave("\n \t\tSELECT {$votequery} {$previewfield}\n \t\t\tthread.threadid, thread.title AS threadtitle, thread.forumid, pollid, open, postusername, postuserid, thread.iconid AS threadiconid,\n \t\t\tthread.dateline, notes, thread.visible, sticky, votetotal, thread.attach, {$tachy_columns},\n \t\t\tthread.prefixid, thread.taglist, hiddencount, deletedcount,\n \t\t\tuser.usergroupid, user.homepage, user.options AS useroptions, IF(userlist.friend = 'yes', 1, 0) AS isfriend\n \t\t\t" . (($vbulletin->options['threadsubscribed'] and $vbulletin->userinfo['userid']) ? ", NOT ISNULL(subscribethread.subscribethreadid) AS issubscribed" : "") . "\n \t\t\t" . ($deljoin ? ", deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason" : "") . "\n \t\t\t" . (($vbulletin->options['threadmarking'] and $vbulletin->userinfo['userid']) ? ", threadread.readtime AS threadread" : "") . "\n \t\t\t" . ($redirectjoin ? ", threadredirect.expires" : "") . "\n \t\t\t{$hook_query_fields}\n \t\tFROM " . TABLE_PREFIX . "thread AS thread\n \t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = thread.lastposterid)\n \t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON (userlist.relationid = user.userid AND userlist.type = 'buddy' AND userlist.userid = " . $vbulletin->userinfo['userid'] . ")\n \t\t\t{$deljoin}\n \t\t\t" . (($vbulletin->options['threadsubscribed'] and $vbulletin->userinfo['userid']) ? " LEFT JOIN " . TABLE_PREFIX . "subscribethread AS subscribethread ON(subscribethread.threadid = thread.threadid AND subscribethread.userid = " . $vbulletin->userinfo['userid'] . " AND canview = 1)" : "") . "\n \t\t\t" . (($vbulletin->options['threadmarking'] and $vbulletin->userinfo['userid']) ? " LEFT JOIN " . TABLE_PREFIX . "threadread AS threadread ON (threadread.threadid = thread.threadid AND threadread.userid = " . $vbulletin->userinfo['userid'] . ")" : "") . "\n \t\t\t{$previewjoin}\n \t\t\t{$tachyjoin}\n \t\t\t{$redirectjoin}\n \t\t\t{$hook_query_joins}\n \t\tWHERE thread.threadid IN (0{$ids}) {$hook_query_where}\n \t\tORDER BY sticky DESC, {$sqlsortfield} {$sqlsortorder}" . (!empty($sqlsortfield2) ? ", {$sqlsortfield2} {$sqlsortorder}" : '') . "\n \t");
unset($limitothers, $delthreadlimit, $deljoin, $datecut, $votequery, $sqlsortfield, $sqlsortorder, $threadids, $sqlsortfield2);
// Get Dot Threads
$dotthreads = fetch_dot_threads_array($ids);
if ($vbulletin->options['showdots'] and $vbulletin->userinfo['userid']) {
$show['dotthreads'] = true;
} else {
$show['dotthreads'] = false;
}
unset($ids);
$pageinfo = array();
if ($vbulletin->GPC['prefixid']) {
$pageinfo['prefixid'] = $vbulletin->GPC['prefixid'];
}
if ($vbulletin->GPC['daysprune']) {
$pageinfo['daysprune'] = $daysprune;
}
$show['fetchseo'] = true;
$oppositesort = $vbulletin->GPC['sortorder'] == 'asc' ? 'desc' : 'asc';
$pageinfo_voteavg = $pageinfo + array('sort' => 'voteavg', 'order' => 'voteavg' == $sortfield ? $oppositesort : 'desc');
$pageinfo_title = $pageinfo + array('sort' => 'title', 'order' => 'title' == $sortfield ? $oppositesort : 'asc');
$pageinfo_postusername = $pageinfo + array('sort' => 'postusername', 'order' => 'postusername' == $sortfield ? $oppositesort : 'asc');
$pageinfo_flastpost = $pageinfo + array('sort' => 'lastpost', 'order' => 'lastpost' == $sortfield ? $oppositesort : 'asc');
$pageinfo_replycount = $pageinfo + array('sort' => 'replycount', 'order' => 'replycount' == $sortfield ? $oppositesort : 'desc');
$pageinfo_views = $pageinfo + array('sort' => 'views', 'order' => 'views' == $sortfield ? $oppositesort : 'desc');
$pageinfo_sort = $pageinfo + array(sort => $sortfield, 'order' => $oppositesort, 'pp' => $perpage, 'page' => $pagenumber);
if ($totalthreads > 0 or $stickyids) {
if ($totalthreads > 0) {
$limitlower++;
}
// check to see if there are any threads to display. If there are, do so, otherwise, show message
if ($vbulletin->options['threadpreview'] > 0) {
// Get Buddy List
$buddy = array();
if (trim($vbulletin->userinfo['buddylist'])) {
$buddylist = preg_split('/( )+/', trim($vbulletin->userinfo['buddylist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($buddylist as $buddyuserid) {
$buddy["{$buddyuserid}"] = 1;
}
}
DEVDEBUG('buddies: ' . implode(', ', array_keys($buddy)));
// Get Ignore Users
$ignore = array();
if (trim($vbulletin->userinfo['ignorelist'])) {
$ignorelist = preg_split('/( )+/', trim($vbulletin->userinfo['ignorelist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($ignorelist as $ignoreuserid) {
if (!$buddy["{$ignoreuserid}"]) {
$ignore["{$ignoreuserid}"] = 1;
}
}
}
DEVDEBUG('ignored users: ' . implode(', ', array_keys($ignore)));
}
$show['threads'] = true;
$threadbits = '';
$threadbits_sticky = '';
$counter = 0;
$toread = 0;
while ($thread = $db->fetch_array($threads)) {
// AND $counter++ < $perpage)
// build thread data
$thread = process_thread_array($thread, $lastread, $foruminfo['allowicons']);
$realthreadid = $thread['realthreadid'];
if ($thread['sticky']) {
$threadbit =& $threadbits_sticky;
} else {
$threadbit =& $threadbits;
}
// Soft Deleted Thread
if ($thread['visible'] == 2) {
$thread['deletedcount']++;
$show['threadtitle'] = (can_moderate($forumid) or $vbulletin->userinfo['userid'] != 0 and $vbulletin->userinfo['userid'] == $thread['postuserid']) ? true : false;
$show['deletereason'] = !empty($thread['del_reason']) ? true : false;
$show['viewthread'] = can_moderate($forumid) ? true : false;
$show['managethread'] = (can_moderate($forumid, 'candeleteposts') or can_moderate($forumid, 'canremoveposts')) ? true : false;
$show['moderated'] = ($thread['hiddencount'] > 0 and can_moderate($forumid, 'canmoderateposts')) ? true : false;
$show['deletedthread'] = $canseedelnotice;
} else {
if (!$thread['visible']) {
$thread['hiddencount']++;
}
$show['moderated'] = ($thread['hiddencount'] > 0 and can_moderate($forumid, 'canmoderateposts')) ? true : false;
$show['deletedthread'] = ($thread['deletedcount'] > 0 and $canseedelnotice) ? true : false;
$pageinfo_lastpage = array();
if ($show['pagenavmore']) {
$pageinfo_lastpage['page'] = $thread['totalpages'];
}
$pageinfo_newpost = array('goto' => 'newpost');
$pageinfo_lastpost = array('p' => $thread['lastpostid']);
// prepare the member action drop-down menu
$memberaction_dropdown = construct_memberaction_dropdown(fetch_lastposter_userinfo($thread));
}
// FRNR Start
$avatarurl = '';
if ($thread['lastpost_userid'] > 0) {
$userinfoavatar = fetch_userinfo($thread['lastpost_userid'], FETCH_USERINFO_AVATAR);
fetch_avatar_from_userinfo($userinfoavatar, true, false);
if ($userinfoavatar['avatarurl'] != '') {
$avatarurl = process_avatarurl($userinfoavatar['avatarurl']);
}
unset($userinfoavatar);
}
$tmp = array('thread_id' => $thread['threadid'], 'new_posts' => $show['gotonewpost'] ? 1 : 0, 'forum_id' => $thread['forumid'], 'total_posts' => $thread['totalposts'] ? $thread['totalposts'] : 0, 'thread_title' => prepare_utf8_string(strip_tags($thread['threadtitle'])), 'thread_preview' => prepare_utf8_string(preview_chop(html_entity_decode($thread['preview']), FR_PREVIEW_LEN)), 'post_userid' => $thread['lastpost_userid'], 'post_lastposttime' => prepare_utf8_string(date_trunc($thread['lastpostdate']) . ' ' . $thread['lastposttime']), 'post_username' => prepare_utf8_string(strip_tags($thread['lastpost_username'])));
if ($avatarurl != '') {
$tmp['avatarurl'] = $avatarurl;
}
if ($thread['prefixid']) {
$tmp['prefix'] = prepare_utf8_string(strip_tags($vbphrase["prefix_{$thread['prefixid']}_title_plain"]));
}
if ($thread['attach']) {
$tmp['attach'] = true;
}
if ($thread['pollid']) {
$tmp['poll'] = true;
}
if ($thread['open'] == 10) {
// Special case for redirect threads
$tmp = array_merge($tmp, array('post_userid' => $thread['postuserid'], 'post_username' => prepare_utf8_string(strip_tags($thread['postusername'])), 'poll' => false));
}
if ($thread['sticky']) {
$thread_data_sticky[] = $tmp;
} else {
$thread_data[] = $tmp;
}
// FRNR Stop
}
$db->free_result($threads);
unset($thread, $counter);
$pageinfo_pagenav = array();
if (!empty($vbulletin->GPC['perpage'])) {
$pageinfo_pagenav['pp'] = $perpage;
}
if (!empty($vbulletin->GPC['prefixid'])) {
$pageinfo_pagenav['prefixid'] = $vbulletin->GPC['prefixid'];
}
if (!empty($vbulletin->GPC['sortfield'])) {
$pageinfo_pagenav['sort'] = $sortfield;
}
if (!empty($vbulletin->GPC['sortorder'])) {
$pageinfo_pagenav['order'] = $vbulletin->GPC['sortorder'];
}
if (!empty($vbulletin->GPC['daysprune'])) {
$pageinfo_pagenav['daysprune'] = $daysprune;
}
$pagenav = construct_page_nav($pagenumber, $perpage, $totalthreads, 'forumdisplay.php?' . $vbulletin->session->vars['sessionurl'] . "f={$foruminfo['forumid']}", '', '', 'forum', $foruminfo, $pageinfo_pagenav);
}
unset($threads, $dotthreads);
// get colspan for bottom bar
$foruminfo['bottomcolspan'] = 5;
if ($foruminfo['allowicons']) {
$foruminfo['bottomcolspan']++;
}
if ($show['inlinemod']) {
$foruminfo['bottomcolspan']++;
}
$show['threadslist'] = true;
/////////////////////////////////
} else {
$show['threadslist'] = false;
$canpost = false;
// FRNR
}
/////////////////////////////////
if (!$vbulletin->GPC['prefixid'] and $newthreads < 1 and $unreadchildforums < 1) {
mark_forum_read($foruminfo, $vbulletin->userinfo['userid'], TIMENOW);
}
// FNRN Below
$out = array();
if (is_array($thread_data) && count($thread_data) > 0) {
$out['threads'] = $thread_data;
} else {
$out['threads'] = array();
}
if (is_array($thread_data_sticky) && count($thread_data_sticky) > 0) {
$out['threads_sticky'] = $thread_data_sticky;
$out['total_sticky_threads'] = count($thread_data_sticky);
} else {
$out['threads_sticky'] = array();
$out['total_sticky_threads'] = 0;
}
// Announcements become #1 on the threads
if (is_array($announcements_out) && count($announcements_out) == 1) {
array_unshift($out['threads'], $announcements_out[0]);
$totalthreads++;
}
$out['total_threads'] = $totalthreads ? $totalthreads : 0;
if ($forumbits) {
$out['forums'] = $forumbits;
} else {
$out['forums'] = array();
}
$out['canpost'] = $canpost ? 1 : 0;
$out['canattach'] = ($forumperms & $vbulletin->bf_ugp_forumpermissions['canpostattachment'] and $vbulletin->userinfo['userid']);
// Get thread prefixes for this forum (if any)
$prefix_out = array();
if ($prefixsets = fetch_prefix_array($forumid)) {
foreach ($prefixsets as $prefixsetid => $prefixes) {
$optgroup_options = '';
foreach ($prefixes as $prefixid => $prefix) {
if ($permcheck and !can_use_prefix($prefixid, $prefix['restrictions'])) {
continue;
}
$optionvalue = $prefixid;
$optiontitle = htmlspecialchars_uni($vbphrase["prefix_{$prefixid}_title_plain"]);
$prefix_out[] = array('prefixid' => $prefixid, 'prefixcaption' => prepare_utf8_string($optiontitle));
}
}
}
if ($foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) {
$out['prefixrequired'] = true;
} else {
$out['prefixrequired'] = false;
}
$out['prefixes'] = $prefix_out;
return $out;
}
$forumupdate = false;
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$threadman->set_existing($threadinfo);
if ($can_update_thread and $edit['title'] != '') {
// need to update thread title and iconid
if (!can_moderate($threadinfo['forumid'])) {
$threadman->set_info('skip_moderator_log', true);
}
$threadman->set_info('skip_first_post_update', true);
if ($edit['title'] != $postinfo['title']) {
$threadman->set('title', unhtmlspecialchars($edit['title']));
}
if ($edit['iconid'] != $postinfo['iconid']) {
$threadman->set('iconid', $edit['iconid']);
}
if ($vbulletin->GPC_exists['prefixid'] and can_use_prefix($vbulletin->GPC['prefixid'])) {
$threadman->set('prefixid', $vbulletin->GPC['prefixid']);
if ($threadman->thread['prefixid'] === '' and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) {
// the prefix wasn't valid or was set to an empty one, but that's not allowed
$threadman->do_unset('prefixid');
}
}
// do we need to update the forum counters?
$forumupdate = $foruminfo['lastthreadid'] == $threadinfo['threadid'] ? true : false;
}
// can this user open/close this thread if they want to?
if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) {
$threadman->set('open', $threadman->fetch_field('open') == 1 ? 0 : 1);
}
if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
$threadman->set('sticky', $threadman->fetch_field('sticky') == 1 ? 0 : 1);
function do_moderation()
{
global $vbulletin, $db, $foruminfo, $forumperms, $threadinfo, $postinfo, $vbphrase, $threadid;
$postlimit = 400;
$threadlimit = 200;
$threadarray = array();
$postarray = array();
$postinfos = array();
$forumlist = array();
$threadlist = array();
switch ($_REQUEST['do']) {
case 'openclosethread':
case 'dodeletethread':
case 'domovethread':
case 'updatethread':
case 'domergethread':
case 'stick':
case 'removeredirect':
case 'deletethread':
case 'deleteposts':
case 'movethread':
case 'copythread':
case 'editthread':
case 'mergethread':
case 'moderatethread':
if (!$threadinfo['threadid']) {
standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink']));
}
}
if ($_REQUEST['do'] == 'getforums') {
$forums = array();
get_forums(-1, $forums);
return array('forums' => $forums);
}
if ($threadinfo['forumid']) {
$forumperms = fetch_permissions($threadinfo['forumid']);
if ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) {
json_error(ERR_NO_PERMISSION);
}
}
// Open/Close Thread
if ($_POST['do'] == 'openclosethread') {
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
// permission check
if (!can_moderate($threadinfo['forumid'], 'canopenclose')) {
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'])) {
json_error(ERR_NO_PERMISSION);
} else {
if (!is_first_poster($threadid)) {
json_error(ERR_NO_PERMISSION);
}
}
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
// handles mod log
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->set('open', $threadman->fetch_field('open') == 1 ? 0 : 1);
($hook = vBulletinHook::fetch_hook('threadmanage_openclose')) ? eval($hook) : false;
$threadman->save();
}
// Stick/Unstick Thread
if ($_POST['do'] == 'stick') {
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
if (!can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
json_error(ERR_NO_PERMISSION);
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
// handles mod log
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->set('sticky', $threadman->fetch_field('sticky') == 1 ? 0 : 1);
($hook = vBulletinHook::fetch_hook('threadmanage_stickunstick')) ? eval($hook) : false;
$threadman->save();
}
// Delete Thread
if ($_POST['do'] == 'dodeletethread') {
$vbulletin->input->clean_array_gpc('p', array('deletetype' => TYPE_UINT, 'deletereason' => TYPE_STR, 'keepattachments' => TYPE_BOOL));
$vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']);
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'canremoveposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
$physicaldel = false;
if (!can_moderate($threadinfo['forumid'], 'candeleteposts') and !can_moderate($threadinfo['forumid'], 'canremoveposts')) {
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['candeletepost']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['candeletethread'])) {
json_error(ERR_NO_PERMISSION);
} else {
if ($threadinfo['dateline'] < TIMENOW - $vbulletin->options['edittimelimit'] * 60 and $vbulletin->options['edittimelimit'] != 0) {
json_error(ERR_NO_PERMISSION);
} else {
if (!$threadinfo['open']) {
json_error(ERR_NO_PERMISSION);
}
if (!is_first_poster($threadinfo['threadid'])) {
json_error(ERR_NO_PERMISSION);
}
}
}
} else {
if (!can_moderate($threadinfo['forumid'], 'canremoveposts')) {
$physicaldel = false;
} else {
if (!can_moderate($threadinfo['forumid'], 'candeleteposts')) {
$physicaldel = true;
} else {
$physicaldel = iif($vbulletin->GPC['deletetype'] == 1, false, true);
}
}
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
$delinfo = array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments']);
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->delete($foruminfo['countposts'], $physicaldel, $delinfo);
unset($threadman);
build_forum_counters($threadinfo['forumid']);
}
// Delete Posts
if ($_POST['do'] == 'dodeleteposts') {
$vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR));
$postids = explode(',', $vbulletin->GPC['postids']);
foreach ($postids as $index => $postid) {
if (intval($postid) == 0) {
unset($postids["{$index}"]);
} else {
$postids["{$index}"] = intval($postid);
}
}
if (empty($postids)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
if (count($postids) > 400) {
standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit));
}
$vbulletin->input->clean_array_gpc('p', array('deletetype' => TYPE_UINT, 'keepattachments' => TYPE_BOOL, 'deletereason' => TYPE_STR));
$vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']);
$physicaldel = iif($vbulletin->GPC['deletetype'] == 1, false, true);
// Validate posts
$posts = $db->query_read_slave("\n\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title, post.userid AS posteruserid,\n\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\tORDER BY postid\n\t");
$deletethreads = array();
$firstpost = array();
while ($post = $db->fetch_array($posts)) {
$forumperms = fetch_permissions($post['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
} else {
if (!can_moderate($post['forumid'], 'canremoveposts') and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
}
if (!can_moderate($post['forumid'], 'canremoveposts') and $physicaldel) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
} else {
if (!physicaldel and (!can_moderate($post['forumid'], 'candeleteposts') and ($post['posteruserid'] != $vbulletin->userinfo['userid'] or !($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['candeletepost'])))) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
$postarray["{$post['postid']}"] = $post;
$threadlist["{$post['threadid']}"] = true;
$forumlist["{$post['forumid']}"] = true;
if ($post['firstpostid'] == $post['postid']) {
// deleting a thread so do not decremement the counters of any other posts in this thread
$firstpost["{$post['threadid']}"] = true;
} else {
if (!empty($firstpost["{$post['threadid']}"])) {
$postarray["{$post['postid']}"]['skippostcount'] = true;
}
}
}
if (empty($postarray)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
$firstpost = false;
$gotothread = true;
foreach ($postarray as $postid => $post) {
$foruminfo = fetch_foruminfo($post['forumid']);
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($post);
$postman->delete($foruminfo['countposts'] and !$post['skippostcount'], $post['threadid'], $physicaldel, array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments']));
unset($postman);
}
foreach (array_keys($threadlist) as $threadid) {
build_thread_counters($threadid);
}
foreach (array_keys($forumlist) as $forumid) {
build_forum_counters($forumid);
}
($hook = vBulletinHook::fetch_hook('inlinemod_dodeleteposts')) ? eval($hook) : false;
}
// Move Thread
if ($_POST['do'] == 'domovethread') {
$vbulletin->input->clean_array_gpc('p', array('destforumid' => TYPE_UINT, 'redirect' => TYPE_STR, 'title' => TYPE_NOHTML, 'redirectprefixid' => TYPE_NOHTML, 'redirecttitle' => TYPE_NOHTML, 'period' => TYPE_UINT, 'frame' => TYPE_STR));
$vbulletin->GPC['title'] = prepare_remote_utf8_string($vbulletin->GPC['title']);
$vbulletin->GPC['redirecttitle'] = prepare_remote_utf8_string($vbulletin->GPC['redirecttitle']);
$vbulletin->GPC['redirectprefixid'] = prepare_remote_utf8_string($vbulletin->GPC['redirectprefixid']);
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
// check whether dest can contain posts
$destforumid = verify_id('forum', $vbulletin->GPC['destforumid']);
$destforuminfo = fetch_foruminfo($destforumid);
if (!$destforuminfo['cancontainthreads'] or $destforuminfo['link']) {
standard_error(fetch_error('moveillegalforum'));
}
if ($threadinfo['isdeleted'] and !can_moderate($destforuminfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($destforuminfo['forumid'], 'canmoderateposts')) {
## Insert proper phrase about not being able to move a hidden thread to a forum you can't moderateposts in or a deleted thread to a forum you can't deletethreads in
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
// check source forum permissions
if (!can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canmove'])) {
json_error(ERR_NO_PERMISSION);
} else {
if (!$threadinfo['open'] and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'])) {
json_error(ERR_NO_PERMISSION);
}
if (!is_first_poster($threadid)) {
json_error(ERR_NO_PERMISSION);
}
}
}
// check destination forum permissions
$destforumperms = fetch_permissions($destforuminfo['forumid']);
if (!($destforumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
json_error(ERR_NO_PERMISSION);
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
verify_forum_password($destforuminfo['forumid'], $destforuminfo['password']);
// check to see if this thread is being returned to a forum it's already been in
// if a redirect exists already in the destination forum, remove it
if ($checkprevious = $db->query_first_slave("SELECT threadid FROM " . TABLE_PREFIX . "thread WHERE forumid = {$destforuminfo['forumid']} AND open = 10 AND pollid = {$threadid}")) {
$old_redirect =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
$old_redirect->set_existing($checkprevious);
$old_redirect->delete(false, true, NULL, false);
unset($old_redirect);
}
// check to see if this thread is being moved to the same forum it's already in but allow copying to the same forum
if ($destforuminfo['forumid'] == $threadinfo['forumid'] and $vbulletin->GPC['redirect']) {
standard_error(fetch_error('movesameforum'));
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_start')) ? eval($hook) : false;
if ($vbulletin->GPC['title'] != '' and $vbulletin->GPC['title'] != $threadinfo['title']) {
$oldtitle = $threadinfo['title'];
$threadinfo['title'] = unhtmlspecialchars($vbulletin->GPC['title']);
$updatetitle = true;
} else {
$oldtitle = $threadinfo['title'];
$updatetitle = false;
}
if ($vbulletin->GPC['redirect'] == 'none') {
$method = 'move';
} else {
$method = 'movered';
}
switch ($method) {
// ***************************************************************
// move the thread wholesale into the destination forum
case 'move':
// update forumid/notes and unstick to prevent abuse
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_info('skip_moderator_log', true);
$threadman->set_existing($threadinfo);
if ($updatetitle) {
$threadman->set('title', $threadinfo['title']);
if ($vbulletin->options['similarthreadsearch']) {
require_once DIR . '/includes/functions_search.php';
$threadman->set('similar', fetch_similar_threads(fetch_censored_text($vbulletin->GPC['title']), $threadinfo['threadid']));
}
} else {
// Bypass check since title wasn't modified
$threadman->set('title', $threadinfo['title'], true, false);
}
$threadman->set('forumid', $destforuminfo['forumid']);
// If mod can not manage threads in destination forum then unstick thread
if (!can_moderate($destforuminfo['forumid'], 'canmanagethreads')) {
$threadman->set('sticky', 0);
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_simple')) ? eval($hook) : false;
$threadman->save();
log_moderator_action($threadinfo, 'thread_moved_to_x', $destforuminfo['title']);
break;
// ***************************************************************
// ***************************************************************
// move the thread into the destination forum and leave a redirect
// ***************************************************************
// ***************************************************************
// move the thread into the destination forum and leave a redirect
case 'movered':
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_info('skip_moderator_log', true);
$threadman->set_existing($threadinfo);
if ($updatetitle) {
$threadman->set('title', $threadinfo['title']);
if ($vbulletin->options['similarthreadsearch']) {
require_once DIR . '/includes/functions_search.php';
$threadman->set('similar', fetch_similar_threads(fetch_censored_text($vbulletin->GPC['title']), $threadinfo['threadid']));
}
} else {
// Bypass check since title wasn't modified
$threadman->set('title', $threadinfo['title'], true, false);
}
$threadman->set('forumid', $destforuminfo['forumid']);
// If mod can not manage threads in destination forum then unstick thread
if (!can_moderate($destforuminfo['forumid'], 'canmanagethreads')) {
$threadman->set('sticky', 0);
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_redirect_orig')) ? eval($hook) : false;
$threadman->save();
unset($threadman);
if ($threadinfo['visible'] == 1) {
// Insert redirect for visible thread
log_moderator_action($threadinfo, 'thread_moved_with_redirect_to_a', $destforuminfo['title']);
$redirdata = array('lastpost' => intval($threadinfo['lastpost']), 'forumid' => intval($threadinfo['forumid']), 'pollid' => intval($threadinfo['threadid']), 'open' => 10, 'replycount' => intval($threadinfo['replycount']), 'postusername' => $threadinfo['postusername'], 'postuserid' => intval($threadinfo['postuserid']), 'lastposter' => $threadinfo['lastposter'], 'dateline' => intval($threadinfo['dateline']), 'views' => intval($threadinfo['views']), 'iconid' => intval($threadinfo['iconid']), 'visible' => 1);
$redir =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
foreach (array_keys($redirdata) as $field) {
// bypassing the verify_* calls; this data should be valid as is
$redir->setr($field, $redirdata["{$field}"], true, false);
}
if ($updatetitle) {
if (empty($vbulletin->GPC['redirecttitle'])) {
$redir->set('title', $threadinfo['title']);
} else {
$redir->set('title', unhtmlspecialchars($vbulletin->GPC['redirecttitle']));
}
} else {
// Bypass check since title wasn't modified
if (empty($vbulletin->GPC['redirecttitle'])) {
$redir->set('title', $threadinfo['title'], true, false);
} else {
$redir->set('title', unhtmlspecialchars($vbulletin->GPC['redirecttitle']));
}
}
require_once DIR . '/includes/functions_prefix.php';
if (can_use_prefix($vbulletin->GPC['redirectprefixid'])) {
$redir->set('prefixid', $vbulletin->GPC['redirectprefixid']);
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_redirect_notice')) ? eval($hook) : false;
if ($redirthreadid = $redir->save() and $vbulletin->GPC['redirect'] == 'expires') {
switch ($vbulletin->GPC['frame']) {
case 'h':
$expires = mktime(date('H') + $vbulletin->GPC['period'], date('i'), date('s'), date('m'), date('d'), date('y'));
break;
case 'd':
$expires = mktime(date('H'), date('i'), date('s'), date('m'), date('d') + $vbulletin->GPC['period'], date('y'));
break;
case 'w':
$expires = $vbulletin->GPC['period'] * 60 * 60 * 24 * 7 + TIMENOW;
break;
case 'y':
$expires = mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y') + $vbulletin->GPC['period']);
break;
case 'm':
default:
$expires = mktime(date('H'), date('i'), date('s'), date('m') + $vbulletin->GPC['period'], date('d'), date('y'));
}
$db->query_write("\n\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "threadredirect\n\t\t\t\t\t\t\t(threadid, expires)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$redirthreadid}, {$expires})\n\t\t\t\t\t");
}
unset($redir);
} else {
// leave no redirect for hidden or deleted threads
log_moderator_action($threadinfo, 'thread_moved_to_x', $destforuminfo['title']);
}
break;
// ***************************************************************
}
// end switch($method)
// kill the cache for the old thread
delete_post_cache_threads(array($threadinfo['threadid']));
// Update Post Count if we move from a counting forum to a non counting or vice-versa..
// Source Dest Visible Thread Hidden Thread
// Yes Yes ~ ~
// Yes No -visible ~
// No Yes +visible ~
// No No ~ ~
if ($threadinfo['visible'] and ($method == 'move' or $method == 'movered') and ($foruminfo['countposts'] and !$destforuminfo['countposts'] or !$foruminfo['countposts'] and $destforuminfo['countposts'])) {
$posts = $db->query_read_slave("\n\t\t\tSELECT userid\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE threadid = {$threadinfo['threadid']}\n\t\t\t\tAND\tuserid > 0\n\t\t\t\tAND visible = 1\n\t\t");
$userbyuserid = array();
while ($post = $db->fetch_array($posts)) {
if (!isset($userbyuserid["{$post['userid']}"])) {
$userbyuserid["{$post['userid']}"] = 1;
} else {
$userbyuserid["{$post['userid']}"]++;
}
}
if (!empty($userbyuserid)) {
$userbypostcount = array();
foreach ($userbyuserid as $postuserid => $postcount) {
$alluserids .= ",{$postuserid}";
$userbypostcount["{$postcount}"] .= ",{$postuserid}";
}
foreach ($userbypostcount as $postcount => $userids) {
$casesql .= " WHEN userid IN (0{$userids}) THEN {$postcount}";
}
$operator = $destforuminfo['countposts'] ? '+' : '-';
$db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "user\n\t\t\t\tSET posts = CAST(posts AS SIGNED) {$operator}\n\t\t\t\t\tCASE\n\t\t\t\t\t\t{$casesql}\n\t\t\t\t\t\tELSE 0\n\t\t\t\t\tEND\n\t\t\t\tWHERE userid IN (0{$alluserids})\n\t\t\t");
}
}
build_forum_counters($threadinfo['forumid']);
if ($threadinfo['forumid'] != $destforuminfo['forumid']) {
build_forum_counters($destforuminfo['forumid']);
}
// Update canview status of thread subscriptions
update_subscriptions(array('threadids' => array($threadid)));
}
// Undelete Posts
if ($_POST['do'] == 'undeleteposts') {
$vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR));
$postids = explode(',', $vbulletin->GPC['postids']);
foreach ($postids as $index => $postid) {
if (intval($postid) == 0) {
unset($postids["{$index}"]);
} else {
$postids["{$index}"] = intval($postid);
}
}
if (empty($postids)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
if (count($postids) > 400) {
standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit));
}
$postids = implode(',', $postids);
// Validate posts
$posts = $db->query_read_slave("\n\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title, post.userid,\n\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible,\n\t\t\tforum.options AS forum_options\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "forum AS forum USING (forumid)\n\t\tWHERE postid IN ({$postids})\n\t\t\tAND (post.visible = 2 OR (post.visible = 1 AND thread.visible = 2 AND post.postid = thread.firstpostid))\n\t\tORDER BY postid\n\t");
$deletethreads = array();
while ($post = $db->fetch_array($posts)) {
$forumperms = fetch_permissions($post['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
$postarray["{$post['postid']}"] = $post;
$threadlist["{$post['threadid']}"] = true;
$forumlist["{$post['forumid']}"] = true;
if ($post['firstpostid'] == $post['postid']) {
// undeleting a thread so need to update the $tinfo for any other posts in this thread
$firstpost["{$post['threadid']}"] = true;
} else {
if (!empty($firstpost["{$post['threadid']}"])) {
$postarray["{$post['postid']}"]['thread_visible'] = 1;
}
}
}
if (is_array($postarray)) {
foreach ($postarray as $postid => $post) {
$tinfo = array('threadid' => $post['threadid'], 'forumid' => $post['forumid'], 'visible' => $post['thread_visible'], 'firstpostid' => $post['firstpostid']);
undelete_post($post['postid'], $post['forum_options'] & $vbulletin->bf_misc_forumoptions['countposts'], $post, $tinfo, false);
}
}
if (is_array($threadlist)) {
foreach (array_keys($threadlist) as $threadid) {
build_thread_counters($threadid);
}
}
if (is_array($forumlist)) {
foreach (array_keys($forumlist) as $forumid) {
build_forum_counters($forumid);
}
}
}
// Delete As Spam
if ($_REQUEST['do'] == 'dodeletespam') {
$vbulletin->input->clean_array_gpc('p', array('type' => TYPE_STR));
if ($vbulletin->GPC['type'] == 'post') {
$vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR));
$postids = explode(',', $vbulletin->GPC['postids']);
foreach ($postids as $index => $postid) {
if (intval($postid) == 0) {
unset($postids["{$index}"]);
} else {
$postids["{$index}"] = intval($postid);
}
}
if (empty($postids)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
if (count($postids) > $postlimit) {
standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit));
}
} else {
$vbulletin->input->clean_array_gpc('p', array('threadid' => TYPE_STR));
$threadids = explode(',', $vbulletin->GPC['threadid']);
foreach ($threadids as $index => $threadid) {
if (intval($threadid) == 0) {
unset($threadids["{$index}"]);
} else {
$threadids["{$index}"] = intval($threadid);
}
}
if (empty($threadids)) {
standard_error(fetch_error('you_did_not_select_any_valid_threads'));
}
if (count($threadids) > $threadlimit) {
standard_error(fetch_error('you_are_limited_to_working_with_x_threads', $threadlimit));
}
}
$vbulletin->input->clean_array_gpc('p', array('banusers' => TYPE_BOOL, 'userids' => TYPE_STR));
$banusers = false;
if ($vbulletin->GPC['banusers']) {
$banusers = true;
}
$vbulletin->GPC['userid'] = split(',', $vbulletin->GPC['userids']);
$vbulletin->GPC_exists['userid'] = true;
$userids = array();
if ($vbulletin->GPC['type'] == 'thread') {
// threads
$threadarray = array();
$threads = $db->query_read_slave("\n\t\t\tSELECT threadid, open, visible, forumid, title, prefixid, postuserid\n\t\t\tFROM " . TABLE_PREFIX . "thread\n\t\t\tWHERE threadid IN (" . implode(',', $threadids) . ")\n\t\t");
while ($thread = $db->fetch_array($threads)) {
$forumperms = fetch_permissions($thread['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $thread['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
$thread['prefix_plain_html'] = $thread['prefixid'] ? htmlspecialchars_uni($vbphrase["prefix_{$thread['prefixid']}_title_plain"]) . ' ' : '';
if ($thread['open'] == 10) {
if (!can_moderate($thread['forumid'], 'canmanagethreads')) {
// No permission to remove redirects.
standard_error(fetch_error('you_do_not_have_permission_to_manage_thread_redirects', $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
} else {
if (!$thread['visible'] and !can_moderate($thread['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if ($thread['visible'] == 2 and !can_moderate($thread['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if (!can_moderate($thread['forumid'], 'canremoveposts')) {
if (!can_moderate($thread['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
} else {
if (!can_moderate($thread['forumid'], 'candeleteposts')) {
if (!can_moderate($thread['forumid'], 'canremoveposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
}
}
}
}
}
$threadarray["{$thread['threadid']}"] = $thread;
$userids["{$thread['postuserid']}"] = true;
}
if (empty($threadarray)) {
standard_error(fetch_error('you_did_not_select_any_valid_threads'));
}
} else {
// posts
// Validate posts
$postarray = array();
$posts = $db->query_read_slave("\n\t\t\tSELECT post.postid, post.threadid, post.visible, post.title, post.userid,\n\t\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.visible AS thread_visible, thread.firstpostid\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\t");
while ($post = $db->fetch_array($posts)) {
$forumperms = fetch_permissions($post['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
} else {
if (!can_moderate($post['forumid'], 'canremoveposts')) {
if (!can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
} else {
if (!can_moderate($post['forumid'], 'candeleteposts')) {
if (!can_moderate($post['forumid'], 'canremoveposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
}
}
}
$postarray["{$post['postid']}"] = $post;
$userids["{$post['userid']}"] = true;
}
if (empty($postarray)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
}
$user_cache = array();
foreach ($vbulletin->GPC['userid'] as $userid) {
// check that userid appears somewhere in either posts / threads, if they don't then you're doing something naughty
if (!isset($userids["{$userid}"])) {
json_error(ERR_NO_PERMISSION);
}
$user_cache["{$userid}"] = fetch_userinfo($userid);
cache_permissions($user_cache["{$userid}"]);
$user_cache["{$userid}"]['joindate_string'] = vbdate($vbulletin->options['dateformat'], $user_cache["{$userid}"]['joindate']);
}
if ($banusers) {
require_once DIR . '/includes/adminfunctions.php';
require_once DIR . '/includes/functions_banning.php';
if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or can_moderate(0, 'canbanusers'))) {
json_error(ERR_NO_PERMISSION);
}
// check that user has permission to ban the person they want to ban
if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
foreach ($user_cache as $userid => $userinfo) {
if (can_moderate(0, '', $userinfo['userid'], $userinfo['usergroupid'] . (trim($userinfo['membergroupids']) ? ",{$userinfo['membergroupids']}" : '')) or $userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or $userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator'] or is_unalterable_user($userinfo['userid'])) {
standard_error(fetch_error('no_permission_ban_non_registered_users'));
}
}
} else {
foreach ($user_cache as $userid => $userinfo) {
if ($userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or is_unalterable_user($userinfo['userid'])) {
standard_error(fetch_error('no_permission_ban_non_registered_users'));
}
}
}
}
$vbulletin->input->clean_array_gpc('p', array('deleteother' => TYPE_BOOL, 'type' => TYPE_STR, 'deletetype' => TYPE_UINT, 'deletereason' => TYPE_STR, 'keepattachments' => TYPE_BOOL));
$vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']);
// Check if we have users to punish
if (!empty($user_cache)) {
if ($banusers) {
$vbulletin->input->clean_array_gpc('p', array('usergroupid' => TYPE_UINT, 'period' => TYPE_STR, 'reason' => TYPE_STR));
$vbulletin->GPC['reason'] = prepare_remote_utf8_string($vbulletin->GPC['reason']);
if (!isset($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]) or $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']) {
standard_error(fetch_error('invalid_usergroup_specified'));
}
// check that the number of days is valid
if ($vbulletin->GPC['period'] != 'PERMANENT' and !preg_match('#^(D|M|Y)_[1-9][0-9]?$#', $vbulletin->GPC['period'])) {
standard_error(fetch_error('invalid_ban_period_specified'));
}
if ($vbulletin->GPC['period'] == 'PERMANENT') {
// make this ban permanent
$liftdate = 0;
} else {
// get the unixtime for when this ban will be lifted
$liftdate = convert_date_to_timestamp($vbulletin->GPC['period']);
}
$user_dms = array();
$current_bans = $db->query_read("\n\t\t\t\t\tSELECT user.userid, userban.liftdate, userban.bandate\n\t\t\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userban AS userban ON(userban.userid = user.userid)\n\t\t\t\t\tWHERE user.userid IN (" . implode(',', array_keys($user_cache)) . ")\n\t\t\t\t");
while ($current_ban = $db->fetch_array($current_bans)) {
$userinfo = $user_cache["{$current_ban['userid']}"];
$userid = $userinfo['userid'];
if ($current_ban['bandate']) {
// they already have a ban, check if the current one is being made permanent, continue if its not
if ($liftdate and $liftdate < $current_ban['liftdate']) {
continue;
}
// there is already a record - just update this record
$db->query_write("\n\t\t\t\t\t\t\tUPDATE " . TABLE_PREFIX . "userban SET\n\t\t\t\t\t\t\tbandate = " . TIMENOW . ",\n\t\t\t\t\t\t\tliftdate = {$liftdate},\n\t\t\t\t\t\t\tadminid = " . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t\treason = '" . $db->escape_string($vbulletin->GPC['reason']) . "'\n\t\t\t\t\t\t\tWHERE userid = {$userinfo['userid']}\n\t\t\t\t\t\t");
} else {
// insert a record into the userban table
/*insert query*/
$db->query_write("\n\t\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "userban\n\t\t\t\t\t\t\t(userid, usergroupid, displaygroupid, customtitle, usertitle, adminid, bandate, liftdate, reason)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$userinfo['userid']}, {$userinfo['usergroupid']}, {$userinfo['displaygroupid']}, {$userinfo['customtitle']}, '" . $db->escape_string($userinfo['usertitle']) . "', " . $vbulletin->userinfo['userid'] . ", " . TIMENOW . ", {$liftdate}, '" . $db->escape_string($vbulletin->GPC['reason']) . "')\n\t\t\t\t\t\t");
}
// update the user record
$user_dms[$userid] =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$user_dms[$userid]->set_existing($userinfo);
$user_dms[$userid]->set('usergroupid', $vbulletin->GPC['usergroupid']);
$user_dms[$userid]->set('displaygroupid', 0);
// update the user's title if they've specified a special user title for the banned group
if ($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle'] != '') {
$user_dms[$userid]->set('usertitle', $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle']);
$user_dms[$userid]->set('customtitle', 0);
}
$user_dms[$userid]->pre_save();
}
foreach ($user_dms as $userdm) {
$userdm->save();
}
}
}
// delete threads that are defined explicitly as spam by being ticked
$physicaldel = $vbulletin->GPC['deletetype'] == 2 ? true : false;
$skipped_user_prune = array();
if ($vbulletin->GPC['deleteother'] and !empty($user_cache) and can_moderate(-1, 'canmassprune')) {
$remove_all_posts = array();
$user_checks = $db->query_read_slave("SELECT COUNT(*) AS total, userid AS userid FROM " . TABLE_PREFIX . "post WHERE userid IN (" . implode(', ', array_keys($user_cache)) . ") GROUP BY userid");
while ($user_check = $db->fetch_array($user_checks)) {
if (intval($user_check['total']) <= 50) {
$remove_all_posts[] = $user_check['userid'];
} else {
$skipped_user_prune[] = $user_check['userid'];
}
}
if (!empty($remove_all_posts)) {
$threads = $db->query_read_slave("SELECT threadid FROM " . TABLE_PREFIX . "thread WHERE postuserid IN (" . implode(', ', $remove_all_posts) . ")");
while ($thread = $db->fetch_array($threads)) {
$threadids[] = $thread['threadid'];
}
// Yes this can pick up firstposts of threads but we check later on when fetching info, so it won't matter if its already deleted
$posts = $db->query_read_slave("SELECT postid FROM " . TABLE_PREFIX . "post WHERE userid IN (" . implode(', ', $remove_all_posts) . ")");
while ($post = $db->fetch_array($posts)) {
$postids[] = $post['postid'];
}
}
}
if (!empty($threadids)) {
// Validate threads
$threads = $db->query_read_slave("\n\t\t\tSELECT threadid, open, visible, forumid, title, postuserid\n\t\t\tFROM " . TABLE_PREFIX . "thread\n\t\t\tWHERE threadid IN (" . implode(',', $threadids) . ")\n\t\t");
while ($thread = $db->fetch_array($threads)) {
$forumperms = fetch_permissions($thread['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $thread['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ($thread['open'] == 10 and !can_moderate($thread['forumid'], 'canmanagethreads')) {
// No permission to remove redirects.
standard_error(fetch_error('you_do_not_have_permission_to_manage_thread_redirects', $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if (!$thread['visible'] and !can_moderate($thread['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if ($thread['visible'] == 2 and !can_moderate($thread['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if ($thread['open'] != 10) {
if (!can_moderate($thread['forumid'], 'canremoveposts') and $physicaldel) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if (!can_moderate($thread['forumid'], 'candeleteposts') and !$physicaldel) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
}
}
}
}
}
$threadarray["{$thread['threadid']}"] = $thread;
$forumlist["{$thread['forumid']}"] = true;
}
}
$delinfo = array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments']);
foreach ($threadarray as $threadid => $thread) {
$countposts = $vbulletin->forumcache["{$thread['forumid']}"]['options'] & $vbulletin->bf_misc_forumoptions['countposts'];
if (!$physicaldel and $thread['visible'] == 2) {
# Thread is already soft deleted
continue;
}
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$threadman->set_existing($thread);
// Redirect
if ($thread['open'] == 10) {
$threadman->delete(false, true, $delinfo);
} else {
$threadman->delete($countposts, $physicaldel, $delinfo);
}
unset($threadman);
}
if (!empty($postids)) {
// Validate Posts
$posts = $db->query_read_slave("\n\t\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title,\n\t\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\t\tORDER BY postid\n\t\t");
while ($post = $db->fetch_array($posts)) {
$postarray["{$post['postid']}"] = $post;
$threadlist["{$post['threadid']}"] = true;
$forumlist["{$post['forumid']}"] = true;
if ($post['firstpostid'] == $post['postid']) {
// deleting a thread so do not decremement the counters of any other posts in this thread
$firstpost["{$post['threadid']}"] = true;
} else {
if (!empty($firstpost["{$post['threadid']}"])) {
$postarray["{$post['postid']}"]['skippostcount'] = true;
}
}
}
}
$gotothread = true;
foreach ($postarray as $postid => $post) {
$foruminfo = fetch_foruminfo($post['forumid']);
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($post);
$postman->delete($foruminfo['countposts'] and !$post['skippostcount'], $post['threadid'], $physicaldel, $delinfo);
unset($postman);
if ($vbulletin->GPC['threadid'] == $post['threadid'] and $post['postid'] == $post['firstpostid']) {
// we've deleted the thread that we activated this action from so we can only return to the forum
$gotothread = false;
} else {
if ($post['postid'] == $postinfo['postid'] and $physicaldel) {
// we came in via a post, which we have deleted so we have to go back to the thread
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . 't=' . $vbulletin->GPC['threadid'];
}
}
}
foreach (array_keys($threadlist) as $threadid) {
build_thread_counters($threadid);
}
foreach (array_keys($forumlist) as $forumid) {
build_forum_counters($forumid);
}
// empty cookie
if ($vbulletin->GPC['type'] == 'thread') {
setcookie('vbulletin_inlinethread', '', TIMENOW - 3600, '/');
} else {
setcookie('vbulletin_inlinepost', '', TIMENOW - 3600, '/');
}
}
return array('success' => true);
}
protected function verifyPrefixid($prefixid)
{
if ($prefixid) {
$prefix = $this->assertor->getRow('vBForum:prefix', array('prefixid' => $prefixid));
if (!$prefix) {
throw new vB_Exception_Api('invalid_prefixid');
}
require_once DIR . '/includes/functions_prefix.php';
if (!can_use_prefix($prefixid)) {
throw new vB_Exception_Api('invalid_prefixid');
}
}
}
function do_post_edit()
{
global $vbulletin, $db, $foruminfo, $forumperms, $threadinfo;
global $postinfo, $vbphrase, $stylevar, $permissions;
$checked = array();
$edit = array();
$postattach = array();
$contenttype = 'vBForum_Post';
if (!$postinfo['postid'] or $postinfo['isdeleted'] or !$postinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
json_error(ERR_INVALID_TOP, RV_POST_ERROR);
}
if (!$threadinfo['threadid'] or $threadinfo['isdeleted'] or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
json_error(ERR_INVALID_TOP, RV_POST_ERROR);
}
if ($vbulletin->options['wordwrap']) {
$threadinfo['title'] = fetch_word_wrapped_string($threadinfo['title']);
}
// get permissions info
$_permsgetter_ = 'edit post';
$forumperms = fetch_permissions($threadinfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) {
json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
}
$foruminfo = fetch_foruminfo($threadinfo['forumid'], false);
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
// need to get last post-type information
cache_ordered_forums(1);
// determine if we are allowed to be updating the thread's info
$can_update_thread = ($threadinfo['firstpostid'] == $postinfo['postid'] and (can_moderate($threadinfo['forumid'], 'caneditthreads') or $postinfo['dateline'] + $vbulletin->options['editthreadtitlelimit'] * 60 > TIMENOW));
// otherwise, post is being edited
if (!can_moderate($threadinfo['forumid'], 'caneditposts')) {
// check for moderator
if (!$threadinfo['open']) {
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}";
json_error(fetch_error('threadclosed'), RV_POST_ERROR);
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['caneditpost'])) {
json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
} else {
if ($vbulletin->userinfo['userid'] != $postinfo['userid']) {
// check user owns this post
json_error(ERR_NO_PERMISSION, RV_POST_ERROR);
} else {
// check for time limits
if ($postinfo['dateline'] < TIMENOW - $vbulletin->options['edittimelimit'] * 60 and $vbulletin->options['edittimelimit'] != 0) {
json_error(fetch_error('edittimelimit', $vbulletin->options['edittimelimit'], $vbulletin->options['contactuslink']), RV_POST_ERROR);
}
}
}
}
// Variables reused in templates
$poststarttime =& $vbulletin->input->clean_gpc('r', poststarttime, TYPE_UINT);
$posthash = md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']);
$vbulletin->input->clean_array_gpc('p', array('stickunstick' => TYPE_BOOL, 'openclose' => TYPE_BOOL, 'wysiwyg' => TYPE_BOOL, 'message' => TYPE_STR, 'title' => TYPE_STR, 'prefixid' => TYPE_NOHTML, 'iconid' => TYPE_UINT, 'parseurl' => TYPE_BOOL, 'signature' => TYPE_BOOL, 'disablesmilies' => TYPE_BOOL, 'reason' => TYPE_NOHTML, 'preview' => TYPE_STR, 'folderid' => TYPE_UINT, 'emailupdate' => TYPE_UINT, 'ajax' => TYPE_BOOL, 'advanced' => TYPE_BOOL, 'postcount' => TYPE_UINT, 'podcasturl' => TYPE_STR, 'podcastsize' => TYPE_UINT, 'podcastexplicit' => TYPE_BOOL, 'podcastkeywords' => TYPE_STR, 'podcastsubtitle' => TYPE_STR, 'podcastauthor' => TYPE_STR, 'quickeditnoajax' => TYPE_BOOL));
if ($vbulletin->GPC['message']) {
$vbulletin->GPC['message'] = prepare_remote_utf8_string($vbulletin->GPC['message']);
}
$vbulletin->GPC['signature'] = $vbulletin->GPC_exists['signature'] = true;
// Make sure the posthash is valid
($hook = vBulletinHook::fetch_hook('editpost_update_start')) ? eval($hook) : false;
if (md5($poststarttime . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $posthash) {
$posthash = 'invalid posthash';
// don't phrase me
}
// ### PREP INPUT ###
if ($vbulletin->GPC['wysiwyg']) {
require_once DIR . '/includes/functions_wysiwyg.php';
$edit['message'] = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $foruminfo['allowhtml']);
} else {
$edit['message'] =& $vbulletin->GPC['message'];
}
$cansubscribe = true;
// Are we editing someone else's post? If so load that users subscription info for this thread.
if ($vbulletin->userinfo['userid'] != $postinfo['userid']) {
if ($postinfo['userid']) {
$userinfo = fetch_userinfo($postinfo['userid']);
cache_permissions($userinfo);
}
$cansubscribe = ($userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canview'] and $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewthreads'] and ($threadinfo['postuserid'] == $userinfo['userid'] or $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewothers']));
if ($cansubscribe and $otherthreadinfo = $db->query_first_slave("\n\t\t\tSELECT emailupdate, folderid\n\t\t\tFROM " . TABLE_PREFIX . "subscribethread\n\t\t\tWHERE threadid = {$threadinfo['threadid']} AND\n\t\t\t\tuserid = {$postinfo['userid']} AND\n\t\t\t\tcanview = 1")) {
$threadinfo['issubscribed'] = true;
$threadinfo['emailupdate'] = $otherthreadinfo['emailupdate'];
$threadinfo['folderid'] = $otherthreadinfo['folderid'];
} else {
$threadinfo['issubscribed'] = false;
// use whatever emailupdate setting came through
}
}
if ($vbulletin->GPC['ajax'] or $vbulletin->GPC['quickeditnoajax']) {
// quick edit
$tmpmessage = $vbulletin->GPC['ajax'] ? convert_urlencoded_unicode($edit['message']) : $edit['message'];
$edit = $postinfo;
$edit['message'] =& $tmpmessage;
$edit['title'] = unhtmlspecialchars($edit['title']);
$edit['signature'] =& $edit['showsignature'];
$edit['enablesmilies'] =& $edit['allowsmilie'];
$edit['disablesmilies'] = $edit['enablesmilies'] ? 0 : 1;
$edit['parseurl'] = true;
$edit['prefixid'] = $threadinfo['prefixid'];
$edit['reason'] = fetch_censored_text($vbulletin->GPC['ajax'] ? convert_urlencoded_unicode($vbulletin->GPC['reason']) : $vbulletin->GPC['reason']);
} else {
$edit['iconid'] =& $vbulletin->GPC['iconid'];
$edit['title'] =& $vbulletin->GPC['title'];
$edit['prefixid'] = ($vbulletin->GPC_exists['prefixid'] and can_use_prefix($vbulletin->GPC['prefixid'])) ? $vbulletin->GPC['prefixid'] : $threadinfo['prefixid'];
$edit['podcasturl'] =& $vbulletin->GPC['podcasturl'];
$edit['podcastsize'] =& $vbulletin->GPC['podcastsize'];
$edit['podcastexplicit'] =& $vbulletin->GPC['podcastexplicit'];
$edit['podcastkeywords'] =& $vbulletin->GPC['podcastkeywords'];
$edit['podcastsubtitle'] =& $vbulletin->GPC['podcastsubtitle'];
$edit['podcastauthor'] =& $vbulletin->GPC['podcastauthor'];
// Leave this off for quickedit->advanced so that a post with unparsed links doesn't get parsed just by going to Advanced Edit
$edit['parseurl'] = true;
$edit['signature'] =& $vbulletin->GPC['signature'];
$edit['disablesmilies'] =& $vbulletin->GPC['disablesmilies'];
$edit['enablesmilies'] = $edit['allowsmilie'] = $edit['disablesmilies'] ? 0 : 1;
$edit['stickunstick'] =& $vbulletin->GPC['stickunstick'];
$edit['openclose'] =& $vbulletin->GPC['openclose'];
$edit['reason'] = fetch_censored_text($vbulletin->GPC['reason']);
$edit['preview'] =& $vbulletin->GPC['preview'];
$edit['folderid'] =& $vbulletin->GPC['folderid'];
if (!$vbulletin->GPC['advanced']) {
if ($vbulletin->GPC_exists['emailupdate']) {
$edit['emailupdate'] =& $vbulletin->GPC['emailupdate'];
} else {
$edit['emailupdate'] = array_pop($array = array_keys(fetch_emailchecked($threadinfo)));
}
}
}
$dataman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
$dataman->set_existing($postinfo);
($hook = vBulletinHook::fetch_hook('editpost_update_process')) ? eval($hook) : false;
// set info
$dataman->set_info('parseurl', $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_URL and $foruminfo['allowbbcode'] and $edit['parseurl']);
$dataman->set_info('posthash', $posthash);
$dataman->set_info('forum', $foruminfo);
$dataman->set_info('thread', $threadinfo);
$dataman->set_info('show_title_error', true);
$dataman->set_info('podcasturl', $edit['podcasturl']);
$dataman->set_info('podcastsize', $edit['podcastsize']);
$dataman->set_info('podcastexplicit', $edit['podcastexplicit']);
$dataman->set_info('podcastkeywords', $edit['podcastkeywords']);
$dataman->set_info('podcastsubtitle', $edit['podcastsubtitle']);
$dataman->set_info('podcastauthor', $edit['podcastauthor']);
if ($postinfo['userid'] == $vbulletin->userinfo['userid']) {
$dataman->set_info('user', $vbulletin->userinfo);
}
// set options
$dataman->setr('showsignature', $edit['signature']);
$dataman->setr('allowsmilie', $edit['enablesmilies']);
// set data
/*$dataman->setr('userid', $vbulletin->userinfo['userid']);
if ($vbulletin->userinfo['userid'] == 0)
{
$dataman->setr('username', $post['username']);
}*/
$dataman->setr('title', $edit['title']);
$dataman->setr('pagetext', $edit['message']);
if ($postinfo['userid'] != $vbulletin->userinfo['userid']) {
$dataman->setr('iconid', $edit['iconid'], true, false);
} else {
$dataman->setr('iconid', $edit['iconid']);
}
$postusername = $vbulletin->userinfo['username'];
$dataman->pre_save();
if ($dataman->errors) {
$errors = $dataman->errors;
}
if ($dataman->info['podcastsize']) {
$edit['podcastsize'] = $dataman->info['podcastsize'];
}
if (sizeof($errors) > 0) {
fr_standard_error($errors[0]);
} else {
if ($edit['preview']) {
require_once DIR . '/packages/vbattach/attach.php';
$attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post');
$postattach = $attach->fetch_postattach($posthash, $postinfo['postid']);
// ### PREVIEW POST ###
$postpreview = process_post_preview($edit, $postinfo['userid'], $postattach);
$previewpost = true;
$_REQUEST['do'] = 'editpost';
} else {
if ($vbulletin->GPC['advanced']) {
// Don't display preview on QuickEdit->Advanced as parseurl is turned off and so the preview won't be correct unless the post originally had checked to not parse links
// If you turn on parseurl then the opposite happens and you have to go unparse your links if that is what you want. Compromise
$_REQUEST['do'] = 'editpost';
} else {
// ### POST HAS NO ERRORS ###
$dataman->save();
$update_edit_log = true;
// don't show edited by AND reason unchanged - don't update edit log
if (!($permissions['genericoptions'] & $vbulletin->bf_ugp_genericoptions['showeditedby']) and $edit['reason'] == $postinfo['edit_reason']) {
$update_edit_log = false;
}
if ($update_edit_log) {
// ug perm: show edited by
if ($postinfo['dateline'] < TIMENOW - $vbulletin->options['noeditedbytime'] * 60 or !empty($edit['reason'])) {
// save the postedithistory
if ($vbulletin->options['postedithistory']) {
// insert original post on first edit
if (!$db->query_first("SELECT postedithistoryid FROM " . TABLE_PREFIX . "postedithistory WHERE original = 1 AND postid = " . $postinfo['postid'])) {
$db->query_write("\n\t\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "postedithistory\n\t\t\t\t\t\t\t\t(postid, userid, username, title, iconid, dateline, reason, original, pagetext)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t\t\t" . $postinfo['userid'] . ",\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['username']) . "',\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['title']) . "',\n\t\t\t\t\t\t\t\t{$postinfo['iconid']},\n\t\t\t\t\t\t\t\t" . $postinfo['dateline'] . ",\n\t\t\t\t\t\t\t\t'',\n\t\t\t\t\t\t\t\t1,\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['pagetext']) . "')\n\t\t\t\t\t\t");
}
// insert the new version
$db->query_write("\n\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "postedithistory\n\t\t\t\t\t\t\t(postid, userid, username, title, iconid, dateline, reason, pagetext)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t\t" . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['title']) . "',\n\t\t\t\t\t\t\t{$edit['iconid']},\n\t\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['reason']) . "',\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['message']) . "')\n\t\t\t\t\t");
}
/*insert query*/
$db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "editlog\n\t\t\t\t\t\t(postid, userid, username, dateline, reason, hashistory)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t" . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t'" . $db->escape_string($edit['reason']) . "',\n\t\t\t\t\t\t" . ($vbulletin->options['postedithistory'] ? 1 : 0) . ")\n\t\t\t\t");
}
}
$date = vbdate($vbulletin->options['dateformat'], TIMENOW);
$time = vbdate($vbulletin->options['timeformat'], TIMENOW);
// initialize thread / forum update clauses
$forumupdate = false;
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->set_info('pagetext', $edit['message']);
if ($can_update_thread and $edit['title'] != '') {
// need to update thread title and iconid
if (!can_moderate($threadinfo['forumid'])) {
$threadman->set_info('skip_moderator_log', true);
}
$threadman->set_info('skip_first_post_update', true);
if ($edit['title'] != $postinfo['title']) {
$threadman->set('title', unhtmlspecialchars($edit['title']));
}
if ($edit['iconid'] != $postinfo['iconid']) {
$threadman->set('iconid', $edit['iconid']);
}
if ($vbulletin->GPC_exists['prefixid'] and can_use_prefix($vbulletin->GPC['prefixid'])) {
$threadman->set('prefixid', $vbulletin->GPC['prefixid']);
if ($threadman->thread['prefixid'] === '' and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) {
// the prefix wasn't valid or was set to an empty one, but that's not allowed
$threadman->do_unset('prefixid');
}
}
// do we need to update the forum counters?
$forumupdate = $foruminfo['lastthreadid'] == $threadinfo['threadid'] ? true : false;
}
// can this user open/close this thread if they want to?
if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) {
$threadman->set('open', $threadman->fetch_field('open') == 1 ? 0 : 1);
}
if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
$threadman->set('sticky', $threadman->fetch_field('sticky') == 1 ? 0 : 1);
}
($hook = vBulletinHook::fetch_hook('editpost_update_thread')) ? eval($hook) : false;
$threadman->save();
// if this is a mod edit, then log it
if ($vbulletin->userinfo['userid'] != $postinfo['userid'] and can_moderate($threadinfo['forumid'], 'caneditposts')) {
$modlog = array('threadid' => $threadinfo['threadid'], 'forumid' => $threadinfo['forumid'], 'postid' => $postinfo['postid']);
log_moderator_action($modlog, 'post_x_edited', $postinfo['title']);
}
require_once DIR . '/includes/functions_databuild.php';
// do forum update if necessary
if ($forumupdate) {
build_forum_counters($threadinfo['forumid']);
}
// don't do thread subscriptions if we are doing quick edit
if (!$vbulletin->GPC['ajax'] and !$vbulletin->GPC['quickeditnoajax']) {
// ### DO THREAD SUBSCRIPTION ###
// We use $postinfo[userid] so that we update the user who posted this, not the user who is editing this
if (!$threadinfo['issubscribed'] and $edit['emailupdate'] != 9999) {
// user is not subscribed to this thread so insert it
/*insert query*/
$db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES ({$postinfo['userid']}, {$threadinfo['threadid']}, {$edit['emailupdate']}, {$edit['folderid']}, 1)\n\t\t\t\t");
} else {
// User is subscribed, see if they changed the settings for this thread
if ($edit['emailupdate'] == 9999) {
// Remove this subscription, user chose 'No Subscription'
/*insert query*/
$db->query_write("\n\t\t\t\t\t\tDELETE FROM " . TABLE_PREFIX . "subscribethread\n\t\t\t\t\t\tWHERE threadid = {$threadinfo['threadid']}\n\t\t\t\t\t\t\tAND userid = {$postinfo['userid']}\n\t\t\t\t\t");
} else {
if ($threadinfo['emailupdate'] != $edit['emailupdate'] or $threadinfo['folderid'] != $edit['folderid']) {
// User changed the settings so update the current record
/*insert query*/
$db->query_write("\n\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\t\tVALUES ({$postinfo['userid']}, {$threadinfo['threadid']}, {$edit['emailupdate']}, {$edit['folderid']}, 1)\n\t\t\t\t\t");
}
}
}
}
($hook = vBulletinHook::fetch_hook('editpost_update_complete')) ? eval($hook) : false;
}
}
}
return array('success' => true);
}