/**
* Fetches information about the selected message with permission checks
*
* @param integer The post we want info about
* @param mixed Should a permission check be performed as well
*
* @return array Array of information about the message or prints an error if it doesn't exist / permission problems
*/
function verify_visitormessage($vmid, $alert = true, $perm_check = true)
{
global $vbulletin, $vbphrase;
$messageinfo = fetch_visitormessageinfo($vmid);
if (!$messageinfo) {
if ($alert) {
standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink']));
} else {
return 0;
}
}
if ($perm_check) {
if ($messageinfo['state'] == 'deleted') {
$can_view_deleted = (can_moderate(0, 'canmoderatevisitormessages') or $messageinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile']);
if (!$can_view_deleted) {
standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink']));
}
}
if ($messageinfo['state'] == 'moderation') {
$can_view_moderated = ($messageinfo['postuserid'] == $vbulletin->userinfo['userid'] or $messageinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile'] or can_moderate(0, 'canmoderatevisitormessages'));
if (!$can_view_moderated) {
standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink']));
}
}
// Need coventry support first
// if (in_coventry($userinfo['userid']) AND !can_moderate())
// {
// standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink']));
// }
}
return $messageinfo;
}
function verify_strike_status($username = '', $supress_error = false)
{
global $vbulletin;
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600));
if (!$vbulletin->options['usestrikesystem']) {
return 0;
}
$strikes = $vbulletin->db->query_first("\n\t\tSELECT COUNT(*) AS strikes, MAX(striketime) AS lasttime\n\t\tFROM " . TABLE_PREFIX . "strikes\n\t\tWHERE strikeip = '" . $vbulletin->db->escape_string(IPADDRESS) . "'\n\t");
if ($strikes['strikes'] >= 5 and $strikes['lasttime'] > TIMENOW - 900) {
//they've got it wrong 5 times or greater for any username at the moment
// the user is still not giving up so lets keep increasing this marker
exec_strike_user($username);
if (!$supress_error) {
eval(standard_error(fetch_error('strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
} else {
return false;
}
} else {
if ($strikes['strikes'] > 5) {
// a bit sneaky but at least it makes the error message look right
$strikes['strikes'] = 5;
}
}
return $strikes['strikes'];
}
public function output()
{
global $vbulletin;
$vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT));
// verify the userid exists, don't want useless entries in our table.
if ($vbulletin->GPC['userid'] and $vbulletin->GPC['userid'] != $vbulletin->userinfo['userid']) {
if (!($userinfo = fetch_userinfo($vbulletin->GPC['userid']))) {
standard_error(fetch_error('invalidid', $vbphrase['user'], $vbulletin->options['contactuslink']));
}
// are we a member of this user's blog?
if (!is_member_of_blog($vbulletin->userinfo, $userinfo)) {
print_no_permission();
}
$userid = $userinfo['userid'];
/* Blog posting check */
if (!($userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) {
print_no_permission();
}
} else {
$userinfo =& $vbulletin->userinfo;
$userid = '';
/* Blog posting check, no guests! */
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) or !($vbulletin->userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !$vbulletin->userinfo['userid']) {
print_no_permission();
}
}
require_once DIR . '/includes/blog_functions_shared.php';
prepare_blog_category_permissions($userinfo, true);
$globalcats = $this->construct_category($userinfo, 'global');
$localcats = $this->construct_category($userinfo, 'local');
return array('globalcategorybits' => $globalcats, 'localcategorybits' => $localcats);
}
function fetch_search_forumids(&$forumchoice, $childforums = 0)
{
global $vbulletin, $display;
// make sure that $forumchoice is an array
if (!is_array($forumchoice)) {
$forumchoice = array($forumchoice);
}
// initialize the $forumids for return by this function
$forumids = array();
foreach ($forumchoice as $forumid) {
// get subscribed forumids
if ($forumid === 'subscribed' and $vbulletin->userinfo['userid'] != 0) {
DEVDEBUG("Querying subscribed forums for " . $vbulletin->userinfo['username']);
$sforums = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT forumid FROM " . TABLE_PREFIX . "subscribeforum\n\t\t\t\tWHERE userid = " . $vbulletin->userinfo['userid']);
if ($vbulletin->db->num_rows($sforums) == 0) {
// no subscribed forums
eval(standard_error(fetch_error('not_subscribed_to_any_forums')));
}
while ($sforum = $vbulletin->db->fetch_array($sforums)) {
$forumids["{$sforum['forumid']}"] .= $sforum['forumid'];
}
unset($sforum);
$vbulletin->db->free_result($sforums);
} else {
$forumid = intval($forumid);
if (isset($vbulletin->forumcache["{$forumid}"]) and $vbulletin->forumcache["{$forumid}"]['link'] == '') {
$forumids["{$forumid}"] = $forumid;
}
}
}
// now if there are any forumids we have to query, work out their child forums
if (empty($forumids)) {
$forumchoice = array();
$display['forums'] = array();
} else {
// set $forumchoice to show the returned forumids
#$forumchoice = implode(',', $forumids);
// put current forumids into the display table
$display['forums'] = $forumids;
// get child forums of selected forums
if ($childforums) {
require_once DIR . '/includes/functions_misc.php';
foreach ($forumids as $forumid) {
$children = fetch_child_forums($forumid, 'ARRAY');
if (!empty($children)) {
foreach ($children as $childid) {
$forumids["{$childid}"] = $childid;
}
}
unset($children);
}
}
}
// return the array of forumids
return $forumids;
}
/**
* Shows the form for inline mod authentication.
*/
function show_inline_mod_login($showerror = false)
{
global $vbulletin, $vbphrase, $show;
$show['inlinemod_form'] = true;
$show['passworderror'] = $showerror;
if (!$showerror) {
$vbulletin->url = SCRIPTPATH;
}
$forumHome = vB_Library::instance('content_channel')->getForumHomeChannel();
eval(standard_error(fetch_error('nopermission_loggedin', $vbulletin->userinfo['username'], vB_Template_Runtime::fetchStyleVar('right'), vB::getCurrentSession()->get('sessionurl'), $vbulletin->userinfo['securitytoken'], vB5_Route::buildUrl($forumHome['routeid'] . 'home|fullurl'))));
}
/**
* For registration without existing account, create a new vb user
* If a user is successfully created, her userid is written to $userid
*/
private function createUser($data, &$userid)
{
global $vbulletin;
$moderated = $vbulletin->options['moderatenewmembers'];
$languageid = $vbulletin->userinfo['languageid'];
$require_activation = $vbulletin->options['verifyemail'] && $data['default_email'] != $data['coded_email'];
// Create a vB user with default permissions -- code from register.php
if (!$vbulletin->options['allowregistration']) {
eval(standard_error(fetch_error('noregister')));
}
// Init user datamanager class
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdata->set_info('coppauser', false);
$userdata->set_info('coppapassword', '');
$userdata->set_bitfield('options', 'coppauser', '');
$userdata->set('username', $data['username']);
$userdata->set('password', md5($this->genPasswd()));
$userdata->set('email', $data['email']);
$userdata->set('languageid', $languageid);
$userdata->set('ipaddress', IPADDRESS);
// UserGroupId: Registered Users (2) or Users Awaiting Email Confirmation (3)
$userdata->set('usergroupid', $require_activation ? 3 : 2);
$userdata->set_usertitle('', false, $vbulletin->usergroupcache["{$newusergroupid}"], false, false);
$userdata->presave_called = true;
// If any error happened, we abort and return the error message(s)
if ($userdata->has_errors(false)) {
// $die := false
return join('</li><li>', $userdata->errors);
}
// Save the data
$userid = $userdata->save();
// Did we get a valid vb userid?
if (!$userid) {
return 'vbnexus_registration_failed';
}
// If the user changed the email given by the external service, we follow
// the regular steps for email activation
if ($require_activation) {
// Email phrase 'activateaccount' expects vars called $userid, $username
// and $activateid to be defined and meaningfull
$username = $data['username'];
$activateid = build_user_activation_id($userid, $moderated ? 4 : 2, 0);
eval(fetch_email_phrases('activateaccount', $languageid));
// After eval'ing activateaccount we have vars $subject and $message set
vbmail($data['email'], $subject, $message, true);
}
// Force a new session to prevent potential issues with guests from the same IP, see bug #2459
$vbulletin->session->created = false;
return true;
}
// get special phrase groups
$phrasegroups = array('wol');
// get special data templates from the datastore
$specialtemplates = array('maxloggedin', 'wol_spiders');
// pre-cache templates used by all actions
$globaltemplates = array('forumdisplay_sortarrow', 'im_aim', 'im_icq', 'im_msn', 'im_yahoo', 'im_skype', 'WHOSONLINE', 'whosonlinebit');
// pre-cache templates used by specific actions
$actiontemplates = array('resolveip' => array('whosonline_resolveip'));
// ######################### REQUIRE BACK-END ############################
require_once './global.php';
require_once DIR . '/includes/functions_online.php';
// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################
if (!$vbulletin->options['WOLenable']) {
eval(standard_error(fetch_error('whosonlinedisabled')));
}
if (!($permissions['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonline'])) {
print_no_permission();
}
// #######################################################################
// resolve an IP in Who's Online (this uses the WOL permissions)
if ($_REQUEST['do'] == 'resolveip') {
$vbulletin->input->clean_array_gpc('r', array('ipaddress' => TYPE_NOHTML, 'ajax' => TYPE_BOOL));
// can we actually resolve this?
if (!($permissions['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlineip'])) {
print_no_permission();
}
$resolved_host = htmlspecialchars_uni(@gethostbyaddr($vbulletin->GPC['ipaddress']));
$ipaddress =& $vbulletin->GPC['ipaddress'];
// no html'd already
function goto_nextthread($threadid, $throwerror = true)
{
global $vbulletin;
$thread = verify_id('thread', $threadid, $throwerror, 1);
$forumperms = fetch_permissions($thread['forumid']);
// remove threads from users on the global ignore list if user is not a moderator
if ($coventry = fetch_coventry('string') and !can_moderate($thread['forumid'])) {
$globalignore = "AND postuserid NOT IN ({$coventry})";
} else {
$globalignore = '';
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers'])) {
$limitothers = "AND postuserid = " . $vbulletin->userinfo['userid'] . " AND " . $vbulletin->userinfo['userid'] . " <> 0";
} else {
$limitothers = '';
}
if ($vbulletin->userinfo['userid'] and in_coventry($vbulletin->userinfo['userid'], true)) {
$lastpost_info = ",IF(tachythreadpost.userid IS NULL, thread.lastpost, tachythreadpost.lastpost) AS lastpost";
$tachyjoin = "LEFT JOIN " . TABLE_PREFIX . "tachythreadpost AS tachythreadpost ON " . "(tachythreadpost.threadid = thread.threadid AND tachythreadpost.userid = " . $vbulletin->userinfo['userid'] . ')';
$lastpost_having = "HAVING lastpost > {$thread['lastpost']}";
} else {
$lastpost_info = "";
$tachyjoin = "";
$lastpost_having = "AND lastpost > {$thread['lastpost']}";
}
if ($getnextnewest = $vbulletin->db->query_first_slave("\n\t\tSELECT thread.threadid, thread.title\n\t\t\t{$lastpost_info}\n\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\t{$tachyjoin}\n\t\tWHERE forumid = {$thread['forumid']}\n\t\t\tAND visible = 1\n\t\t\tAND open <> 10\n\t\t\t{$globalignore}\n\t\t\t{$limitothers}\n\t\t{$lastpost_having}\n\t\tORDER BY lastpost\n\t\tLIMIT 1\n\t")) {
$threadid = $getnextnewest['threadid'];
unset($thread);
} else {
if ($throwerror) {
eval(standard_error(fetch_error('nonextnewest')));
}
}
return $getnextnewest;
}
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('response');
if ($profilefield = $db->query_first("SELECT profilefield.* FROM
" . TABLE_PREFIX . "profilefield AS profilefield
WHERE profilefieldid = " . $vbulletin->GPC['fieldid']))
{
if ($profilefield['editable'] == 1 OR ($profilefield['editable'] == 2 AND empty($vbulletin->userinfo["field$profilefield[profilefieldid]"])))
{
$profilefield_template = fetch_profilefield($profilefield, 'memberinfo_customfield_edit');
$xml->add_tag('template', process_replacement_vars($profilefield_template));
}
else
{
$xml->add_tag('error', fetch_error('profile_field_uneditable'));
$xml->add_tag('uneditable', '1');
}
}
else
{
// we want this person to refresh the page, so just throw a no perm error
print_no_permission();
}
$xml->close_group();
$xml->print_xml();
}
// #############################################################################
// dismisses a dismissible notice
/**
* Shows an error message and halts execution - use this in the same way as print_stop_message();
*
* @param string Phrase name for error message
*/
function error($errorphrase)
{
//if we are passed a array then assume that it is the phrase plus arguments
if (is_array($errorphrase)) {
$args = $errorphrase;
} else {
$args = func_get_args();
}
//if we aren't processing the error, just save the phrase id and args raw
if ($this->error_handler == vB_DataManager_Constants::ERRTYPE_ARRAY_UNPROCESSED) {
$error = $args;
} else {
if ($this->error_handler == vB_DataManager_Constants::ERRTYPE_UPGRADE) {
$error = $args;
} else {
//otherwise fetch the error message
$error = fetch_error($args);
}
}
$this->errors[] = $error;
if ($this->failure_callback and is_callable($this->failure_callback)) {
call_user_func_array($this->failure_callback, array(&$this, $errorphrase));
}
switch ($this->error_handler) {
case vB_DataManager_Constants::ERRTYPE_ARRAY:
case vB_DataManager_Constants::ERRTYPE_SILENT:
case vB_DataManager_Constants::ERRTYPE_ARRAY_UNPROCESSED:
case vB_DataManager_Constants::ERRTYPE_UPGRADE:
// do nothing -- either we are ignoring errors or manually checking the error array at intervals.
break;
case vB_DataManager_Constants::ERRTYPE_STANDARD:
throw new Exception($error);
break;
case vB_DataManager_Constants::ERRTYPE_CP:
print_cp_message($error);
break;
}
}
($hook = vBulletinHook::fetch_hook('group_inlinemod_dodelete')) ? eval($hook) : false;
eval(print_standard_redirect('redirect_inline_deletedmessages', true, $forceredirect));
}
if ($_POST['do'] == 'inlineundelete') {
if (!can_moderate(0, 'candeletegroupmessages')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_messages'));
}
// Validate Messages
$messages = $db->query_read_slave("\n\t\tSELECT gm.gmid, gm.state, gm.groupid, gm.dateline, gm.postuserid, gm.postusername,\n\t\t\tsocialgroup.name AS group_name, socialgroup.creatoruserid\n\t\tFROM " . TABLE_PREFIX . "groupmessage AS gm\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON (socialgroup.groupid = gm.groupid)\n\t\tWHERE gmid IN ({$messageids})\n\t\t\tAND state = 'deleted'\n\t");
while ($message = $db->fetch_array($messages)) {
$message['is_group_owner'] = $message['creatoruserid'] == $vbulletin->userinfo['userid'];
$messagearray["{$message['gmid']}"] = $message;
$grouplist["{$message['groupid']}"] = true;
}
if (empty($messagearray)) {
standard_error(fetch_error('you_did_not_select_any_valid_messages'));
}
$db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "deletionlog\n\t\tWHERE type = 'groupmessage' AND\n\t\t\tprimaryid IN(" . implode(',', array_keys($messagearray)) . ")\n\t");
$db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "groupmessage\n\t\tSET state = 'visible'\n\t\tWHERE gmid IN(" . implode(',', array_keys($messagearray)) . ")\n\t");
foreach ($grouplist as $groupid => $foo) {
build_group_counters($groupid);
}
foreach ($messagearray as $message) {
if (!$message['is_group_owner']) {
log_moderator_action($message, 'gm_by_x_for_y_undeleted', array($message['postusername'], $message['group_name']));
}
}
// empty cookie
setcookie('vbulletin_inlinegmessage', '', TIMENOW - 3600, '/');
($hook = vBulletinHook::fetch_hook('group_inlinemod_undelete')) ? eval($hook) : false;
eval(print_standard_redirect('redirect_inline_undeletedmessages', true, $forceredirect));
/**
* Shows an error message and halts execution - use this in the same way as print_stop_message();
*
* @param string Phrase name for error message
*/
function error($errorphrase)
{
$args = func_get_args();
if (is_array($errorphrase)) {
$error = fetch_error($errorphrase);
} else {
$error = call_user_func_array('fetch_error', $args);
}
$this->errors[] = $error;
if ($this->failure_callback and is_callable($this->failure_callback)) {
call_user_func_array($this->failure_callback, array(&$this, $errorphrase));
}
switch ($this->error_handler) {
case ERRTYPE_ARRAY:
case ERRTYPE_SILENT:
// do nothing
break;
case ERRTYPE_STANDARD:
eval(standard_error($error));
break;
case ERRTYPE_CP:
print_cp_message($error);
break;
}
}
}
}
eval('$infractionbits .= "' . fetch_template('userinfractionbit') . '";');
}
}
if ($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cangivearbinfraction']) {
$checked_inf = (!$vbulletin->GPC['infractionlevelid'] and !empty($vbulletin->GPC['period']) or empty($infractionbits)) ? 'checked="checked"' : '';
$show['custominfraction'] = true;
}
if (!empty($banlist) and ($show['custominfraction'] or $infractionban or $pointsban)) {
$show['banreason'] = true;
} else {
$show['banreason'] = false;
}
if (empty($infractionbits) and !($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cangivearbinfraction'])) {
eval(standard_error(fetch_error('there_are_no_infraction_levels')));
}
// draw nav bar
$navbits = array();
if ($postinfo['postid']) {
$parentlist = array_reverse(explode(',', $foruminfo['parentlist']));
foreach ($parentlist as $forumID) {
$forumTitle = $vbulletin->forumcache["{$forumID}"]['title'];
$navbits['forumdisplay.php?' . $vbulletin->session->vars['sessionurl'] . "f={$forumID}"] = $forumTitle;
}
$navbits['showthread.php?' . $vbulletin->session->vars['sessionurl'] . "p={$postid}"] = $threadinfo['prefix_plain_html'] . ' ' . $threadinfo['title'];
}
$navbits[''] = construct_phrase($vbphrase['user_infraction_for_x'], $userinfo['username']);
$navbits = construct_navbits($navbits);
require_once DIR . '/includes/functions_editor.php';
$textareacols = fetch_textarea_width();
$page_templater->register('spacer_close', $spacer_close);
$page_templater->register('spacer_open', $spacer_open);
$page_templater->register('totalcols', $totalcols);
$page_templater->register('totalusers', $totalusers);
$page_templater->register('usergroupid', $usergroupid);
$page_templater->register('usergrouplink', $usergrouplink);
$page_templater->register('oppositesort', $oppositesort);
}
// #############################################################################
// advanced search
if ($_REQUEST['do'] == 'search')
{
if (!$vbulletin->options['usememberlistadvsearch'])
{
eval(standard_error(fetch_error('nomemberlistsearch')));
}
$bgclass = 'alt1';
// get extra profile fields
$profilefields = $db->query_read_slave("
SELECT *
FROM " . TABLE_PREFIX . "profilefield
WHERE searchable = 1
AND form = 0
" . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), " AND hidden = 0") . "
ORDER BY displayorder
");
$customfields = '';
while ($profilefield = $db->fetch_array($profilefields))
/**
* Sets the user we're working with. Automatically sets permissions as well.
*
* @param integer User to process
* @param boolean Whether to fetch existing CSS data
*
* @return boolean True on success
*/
function set_userid($userid, $fetch = true)
{
$userid = intval($userid);
if ($userid == $this->registry->userinfo['userid']) {
$this->userid = $userid;
$this->permissions = $this->registry->userinfo['permissions'];
} else {
if ($user = $this->dbobject->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = {$userid}")) {
$this->userid = $userid;
$this->permissions = cache_permissions($user, false);
} else {
global $vbphrase;
$this->error[] = fetch_error('invalidid', $vbphrase['user'], $this->registry->options['contactuslink']);
return false;
}
}
if ($fetch) {
$this->existing = $this->fetch_existing();
}
return true;
}
/**
* Performs atomic floodcheck
*
*/
function perform_floodcheck_commit()
{
$flood_limit = ($this->registry->options['enableemail'] and $this->registry->options['rpemail'] ? $this->registry->options['emailfloodtime'] : $this->registry->options['floodchecktime']);
require_once DIR . '/includes/class_floodcheck.php';
$floodcheck =& new vB_FloodCheck($this->registry, 'user', 'emailstamp');
$floodcheck->commit_key($this->registry->userinfo['userid'], TIMENOW, TIMENOW - $flood_limit);
if ($floodcheck->is_flooding()) {
standard_error(fetch_error('report_post_floodcheck', $flood_limit, $floodcheck->flood_wait()));
}
}
$vbulletin->options['attachfile'] = ATTACH_AS_DB;
} else {
// Converting FROM fs TO mysql
$path = fetch_attachment_path($attachment['userid'], $attachment['filedataid']);
$thumbnail_path = fetch_attachment_path($attachment['userid'], $attachment['filedataid'], true);
$temp = $vbulletin->options['attachfile'];
$vbulletin->options['attachfile'] = ATTACH_AS_DB;
if ($filedata = @file_get_contents($path)) {
$thumbnail_filedata = @file_get_contents($thumbnail_path);
$attachdata =& datamanager_init('Filedata', $vbulletin, ERRTYPE_SILENT, 'attachment');
$attachdata->set_existing($attachment);
$attachdata->setr('filedata', $filedata);
$attachdata->setr('thumbnail', $thumbnail_filedata);
if (!($result = $attachdata->save())) {
if (empty($attachdata->errors[0])) {
$attacherror = fetch_error('upload_file_failed');
// change this error
} else {
$attacherror =& $attachdata->errors[0];
}
}
unset($attachdata);
} else {
// Add error about file missing..
$vbulletin->GPC['attacherrorcount']++;
}
$vbulletin->options['attachfile'] = $temp;
}
if ($vbulletin->debug) {
echo "\t<tr>\n\t\t\t\t\t<td>{$attachment['filedataid']}" . iif($attacherror, "<br />{$attacherror}") . "</td>\n\t\t\t\t\t<td>{$attachment['filesize']}</td>\n\t\t\t\t\t<td>{$filesize} / {$thumbnail_filesize}</td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t";
} else {
$tmp = explode('_', $currency);
$currency = $tmp[1];
$subscriptionsubid = intval($tmp[0]);
unset($tmp);
$costs = unserialize($sub['cost']);
if ($costs["{$subscriptionsubid}"]['length'] == 1) {
$subscription_units = $lengths[$costs["{$subscriptionsubid}"]['units']];
} else {
$subscription_units = $lengths[$costs["{$subscriptionsubid}"]['units'] . 's'];
}
$subscription_length = construct_phrase($vbphrase['length_x_units_y_recurring_z'], $costs["{$subscriptionsubid}"]['length'], $subscription_units, $costs["{$subscriptionsubid}"]['recurring'] ? ' *' : '');
$subscription_title = $sub['title'];
$subscription_cost = $subobj->_CURRENCYSYMBOLS["{$currency}"] . vb_number_format($costs["{$subscriptionsubid}"]['cost']["{$currency}"], 2);
$orderbits = '';
if (empty($costs["{$subscriptionsubid}"]['cost']["{$currency}"])) {
eval(standard_error(fetch_error('invalid_currency')));
}
// These phrases are constant since they are the name of a service
$tmp = array('paypal' => 'PayPal', 'nochex' => 'NOCHEX', 'worldpay' => 'WorldPay', '2checkout' => '2Checkout', 'moneybookers' => 'MoneyBookers', 'authorizenet' => 'Authorize.Net', 'ccbill' => 'CCBill');
$vbphrase += $tmp;
($hook = vBulletinHook::fetch_hook('paidsub_order_start')) ? eval($hook) : false;
$hash = md5($vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt'] . $subscriptionid . uniqid(microtime(), 1));
/* insert query */
$db->query_write("\n\t\tINSERT INTO " . TABLE_PREFIX . "paymentinfo\n\t\t\t(hash, completed, subscriptionid, subscriptionsubid, userid)\n\t\tVALUES\n\t\t\t('" . $db->escape_string($hash) . "', 0, {$subscriptionid}, {$subscriptionsubid}, " . $vbulletin->userinfo['userid'] . ")\n\t");
$methods = $db->query_read_slave("SELECT * FROM " . TABLE_PREFIX . "paymentapi WHERE active = 1 AND FIND_IN_SET('" . $db->escape_string($currency) . "', currency)");
while ($method = $db->fetch_array($methods)) {
if (empty($costs["{$subscriptionsubid}"]['ccbillsubid']) and $method['classname'] == 'ccbill') {
continue;
}
if ($costs["{$subscriptionsubid}"]['cost']["{$currency}"] > 0) {
$form = $subobj->construct_payment($hash, $method, $costs["{$subscriptionsubid}"], $currency, $sub, $vbulletin->userinfo);
$orderedids = array();
if ($starteronly) {
$threads = $db->query_read_slave("\n\t\t\tSELECT thread.threadid\n\t\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\t\tWHERE thread.postuserid = {$user['userid']}\n\t\t\t\t{$sql}\n\t\t\tORDER BY lastpost DESC\n\t\t\tLIMIT " . $vbulletin->options['maxresults'] * 2 . "\n\t\t");
while ($thread = $db->fetch_array($threads)) {
$orderedids[] = $thread['threadid'];
}
} else {
$posts = $db->query_read_slave("\n\t\t\tSELECT postid\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tINNER JOIN " . TABLE_PREFIX . "thread AS thread ON(thread.threadid = post.threadid)\n\t\t\tWHERE post.userid = {$user['userid']}\n\t\t\t\t{$sql}\n\t\t\tORDER BY post.dateline DESC\n\t\t\tLIMIT " . $vbulletin->options['maxresults'] * 2 . "\n\t\t");
while ($post = $db->fetch_array($posts)) {
$orderedids[] = $post['postid'];
}
$db->free_result($posts);
}
// did we get some results?
if (empty($orderedids)) {
eval(standard_error(fetch_error('searchnoresults', $displayCommon), '', false));
}
// set display terms
$display = array('words' => array(), 'highlight' => array(), 'common' => array(), 'users' => array($user['userid'] => $user['username']), 'forums' => iif($showforums, $display['forums'], 0), 'options' => array('starteronly' => $starteronly, 'childforums' => 1, 'action' => 'process'));
// end search timer
$searchtime = number_format(fetch_microtime_difference($searchtime), 5, '.', '');
$sort_order = $showposts ? 'post.dateline' : 'lastpost';
($hook = vBulletinHook::fetch_hook('search_finduser_complete')) ? eval($hook) : false;
/*insert query*/
$db->query_write("\n\t\tREPLACE INTO " . TABLE_PREFIX . "search\n\t\t\t(userid, ipaddress, personal,\n\t\t\tsearchuser, forumchoice,\n\t\t\tsortby, sortorder, searchtime,\n\t\t\tshowposts, orderedids, dateline,\n\t\t\tdisplayterms, searchhash, completed)\n\t\tVALUES\n\t\t\t(" . $vbulletin->userinfo['userid'] . ", '" . $db->escape_string(IPADDRESS) . "', 1,\n\t\t\t'" . $db->escape_string($user['username']) . "', '" . $db->escape_string($forumchoice) . "',\n\t\t\t'{$sort_order}', 'DESC', {$searchtime},\n\t\t\t{$showposts}, '" . $db->escape_string(implode(',', $orderedids)) . "', " . TIMENOW . ",\n\t\t\t'" . $db->escape_string(serialize($display)) . "', '" . $db->escape_string($searchhash) . "', 1)\n\t");
$searchid = $db->insert_id();
$vbulletin->url = 'search.php?' . $vbulletin->session->vars['sessionurl'] . "searchid={$searchid}";
eval(print_standard_redirect('search'));
}
// #############################################################################
if ($_POST['do'] == 'doprefs') {
while ($attachment = $db->fetch_array($attachs)) {
// hide users in Coventry
$ast = '';
if (in_coventry($attachment['userid']) and !can_moderate($threadinfo['forumid'])) {
continue;
}
$attachment['filename'] = fetch_censored_text(htmlspecialchars_uni($attachment['filename']));
$attachment['attachmentextension'] = strtolower(file_extension($attachment['filename']));
$attachment['filesize'] = vb_number_format($attachment['filesize'], 1, true);
exec_switch_bg();
eval('$attachments .= "' . fetch_template('attachmentbit') . '";');
}
($hook = vBulletinHook::fetch_hook('misc_showattachments_complete')) ? eval($hook) : false;
eval('print_output("' . fetch_template('ATTACHMENTS') . '");');
} else {
eval(standard_error(fetch_error('noattachments')));
}
}
// ############################### start show avatars ###############################
if ($_REQUEST['do'] == 'showavatars') {
$vbulletin->input->clean_array_gpc('r', array('pagenumber' => TYPE_UINT));
($hook = vBulletinHook::fetch_hook('misc_avatars_start')) ? eval($hook) : false;
$perpage = $vbulletin->options['numavatarsperpage'];
$totalavatars = $db->query_first_slave("\n\t\tSELECT COUNT(*) AS count\n\t\tFROM " . TABLE_PREFIX . "avatar AS avatar\n\t\tLEFT JOIN " . TABLE_PREFIX . "imagecategorypermission AS perm ON (perm.imagecategoryid=avatar.imagecategoryid AND perm.usergroupid=" . $vbulletin->userinfo['usergroupid'] . ")\n\t\tWHERE ISNULL(perm.imagecategoryid)\n\t");
$totalavatars = intval($totalavatars['count']);
sanitize_pageresults($totalavatars, $vbulletin->GPC['pagenumber'], $perpage, 100, 25);
$startat = ($vbulletin->GPC['pagenumber'] - 1) * $perpage;
$first = $startat + 1;
$last = $startat + $perpage;
if ($last > $totalavatars) {
$last = $totalavatars;
$smilieson = iif($vbulletin->options['privallowsmilies'], $vbphrase['on'], $vbphrase['off']);
// only show posting code allowances in forum rules template
$show['codeonly'] = true;
eval('$forumrules = "' . fetch_template('forumrules') . '";');
$templatename = 'pm_newpm';
}
// ############################### start show pm ###############################
// show a private message
if ($_REQUEST['do'] == 'showpm') {
require_once DIR . '/includes/class_postbit.php';
require_once DIR . '/includes/functions_bigthree.php';
$vbulletin->input->clean_gpc('r', 'pmid', TYPE_UINT);
($hook = vBulletinHook::fetch_hook('private_showpm_start')) ? eval($hook) : false;
$pm = $db->query_first_slave("\n\t\tSELECT\n\t\t\tpm.*, pmtext.*,\n\t\t\t" . iif($vbulletin->options['privallowicons'], "icon.title AS icontitle, icon.iconpath,") . "\n\t\t\tIF(ISNULL(pmreceipt.pmid), 0, 1) AS receipt, pmreceipt.readtime, pmreceipt.denied,\n\t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight\n\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t" . iif($vbulletin->options['privallowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = pmtext.iconid)") . "\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmreceipt AS pmreceipt ON(pmreceipt.pmid = pm.pmid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = pmtext.fromuserid)\n\t\tWHERE pm.userid=" . $vbulletin->userinfo['userid'] . " AND pm.pmid=" . $vbulletin->GPC['pmid'] . "\n\t");
if (!$pm) {
eval(standard_error(fetch_error('invalidid', $vbphrase['private_message'], $vbulletin->options['contactuslink'])));
}
$folderjump = construct_folder_jump(0, $pm['folderid']);
// do read receipt
$show['receiptprompt'] = $show['receiptpopup'] = false;
if ($pm['receipt'] == 1 and $pm['readtime'] == 0 and $pm['denied'] == 0) {
if ($permissions['pmpermissions'] & $vbulletin->bf_ugp_pmpermissions['candenypmreceipts']) {
// set it to denied just now as some people might have ad blocking that stops the popup appearing
$show['receiptprompt'] = $show['receiptpopup'] = true;
$receipt_question_js = addslashes_js(construct_phrase($vbphrase['x_has_requested_a_read_receipt'], unhtmlspecialchars($pm['fromusername'])), '"');
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET denied = 1 WHERE pmid = {$pm['pmid']}");
} else {
// they can't deny pm receipts so do not show a popup or prompt
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET readtime = " . TIMENOW . " WHERE pmid = {$pm['pmid']}");
}
} else {
}
$navbits['calendar.php?' . $vbulletin->session->vars['sessionurl'] . "do=viewreminder"] = $vbphrase['event_reminders'];
$navbits[''] = $vbphrase['add_reminder'];
$navbits = construct_navbits($navbits);
require_once DIR . '/includes/functions_user.php';
construct_usercp_nav('event_reminders');
$navbar = render_navbar_template($navbits);
($hook = vBulletinHook::fetch_hook('calendar_addreminder')) ? eval($hook) : false;
$url =& $vbulletin->url;
$templater = vB_Template::create('calendar_reminder_choosetype');
$templater->register('eventinfo', $eventinfo);
$templater->register('url', $url);
$HTML = $templater->render();
$templater = vB_Template::create('USERCP_SHELL');
$templater->register_page_templates();
$templater->register('cpnav', $cpnav);
$templater->register('HTML', $HTML);
$templater->register('navbar', $navbar);
$templater->register('navclass', $navclass);
$templater->register('onload', $onload);
$templater->register('pagetitle', $pagetitle);
$templater->register('template_hook', $template_hook);
print_output($templater->render());
}
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
/*======================================================================*\
|| ####################################################################
|| # Downloaded: 03:13, Sat Sep 7th 2013
|| # CVS: $RCSfile$ - $Revision: 63836 $
|| ####################################################################
\*======================================================================*/
/**
* Fetch the valid tags from a list. Filters are length, censorship, perms (if desired).
*
* @param array Array of existing thread info (including the existing tags)
* @param string|array List of tags to add (comma delimited, or an array as is). If array, ensure there are no commas.
* @param array (output) List of errors that happens
* @param boolean Whether to check the browsing user's create tag perms
* @param boolean Whether to expand the error phrase
*
* @return array List of valid tags
*/
function fetch_valid_tags($threadinfo, $taglist, &$errors, $check_browser_perms = true, $evalerrors = true)
{
global $vbulletin;
static $tagbadwords, $taggoodwords;
$errors = array();
if (!is_array($taglist)) {
$taglist = split_tag_list($taglist);
}
if (!trim($threadinfo['taglist'])) {
$existing_tags = array();
} else {
// this will always be delimited by a comma
$existing_tags = explode(',', trim($threadinfo['taglist']));
}
if ($vbulletin->options['tagmaxthread'] and count($existing_tags) >= $vbulletin->options['tagmaxthread']) {
$errors['threadmax'] = $evalerrors ? fetch_error('thread_has_max_allowed_tags') : 'thread_has_max_allowed_tags';
return array();
}
if ($vbulletin->options['tagmaxlen'] <= 0 or $vbulletin->options['tagmaxlen'] >= 100) {
$vbulletin->options['tagmaxlen'] = 100;
}
$valid_raw = array();
// stop words: too common
require DIR . '/includes/searchwords.php';
// get the stop word list; allow multiple requires
// filter the stop words by adding custom stop words (tagbadwords) and allowing through exceptions (taggoodwords)
if (!is_array($tagbadwords)) {
$tagbadwords = preg_split('/\\s+/s', vbstrtolower($vbulletin->options['tagbadwords']), -1, PREG_SPLIT_NO_EMPTY);
}
if (!is_array($taggoodwords)) {
$taggoodwords = preg_split('/\\s+/s', vbstrtolower($vbulletin->options['taggoodwords']), -1, PREG_SPLIT_NO_EMPTY);
}
// merge hard-coded badwords and tag-specific badwords
$badwords = array_merge($badwords, $tagbadwords);
foreach ($taglist as $tagtext) {
$tagtext = trim(preg_replace('#[ \\r\\n\\t]+#', ' ', $tagtext));
if ($tagtext === '') {
continue;
}
if (!in_array(vbstrtolower($tagtext), $taggoodwords)) {
$char_strlen = vbstrlen($tagtext, true);
if ($vbulletin->options['tagminlen'] and $char_strlen < $vbulletin->options['tagminlen']) {
$errors['min_length'] = $evalerrors ? fetch_error('tag_too_short_min_x', $vbulletin->options['tagminlen']) : array('tag_too_short_min_x', $vbulletin->options['tagminlen']);
continue;
}
if ($char_strlen > $vbulletin->options['tagmaxlen']) {
$errors['max_length'] = $evalerrors ? fetch_error('tag_too_long_max_x', $vbulletin->options['tagmaxlen']) : array('tag_too_long_max_x', $vbulletin->options['tagmaxlen']);
continue;
}
if (strlen($tagtext) > 100) {
// only have 100 bytes to store a tag
$errors['max_length'] = $evalerrors ? fetch_error('tag_too_long_max_x', $vbulletin->options['tagmaxlen']) : array('tag_too_long_max_x', $vbulletin->options['tagmaxlen']);
continue;
}
$censored = fetch_censored_text($tagtext);
if ($censored != $tagtext) {
// can't have tags with censored text
$errors['censor'] = $evalerrors ? fetch_error('tag_no_censored') : 'tag_no_censored';
continue;
}
if (count(split_tag_list($tagtext)) > 1) {
// contains a delimiter character
$errors['comma'] = $evalerrors ? fetch_error('tag_no_comma') : 'tag_no_comma';
continue;
}
if (in_array(strtolower($tagtext), $badwords)) {
$errors['common'] = $evalerrors ? fetch_error('tag_x_not_be_common_words', $tagtext) : array('tag_x_not_be_common_words', $tagtext);
continue;
}
}
$valid_raw[] = $vbulletin->options['tagforcelower'] ? vbstrtolower($tagtext) : $tagtext;
}
// we need to essentially do a case-insensitive array_unique here
$valid_unique = array_unique(array_map('vbstrtolower', $valid_raw));
$valid = array();
foreach (array_keys($valid_unique) as $key) {
$valid[] = $valid_raw["{$key}"];
}
$valid_unique = array_values($valid_unique);
// make the keys jive with $valid
if ($valid) {
$existing_sql = $vbulletin->db->query_read("\n\t\t\tSELECT tag.tagtext, IF(tagthread.tagid IS NULL, 0, 1) AS taginthread\n\t\t\tFROM " . TABLE_PREFIX . "tag AS tag\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "tagthread AS tagthread ON\n\t\t\t\t(tag.tagid = tagthread.tagid AND tagthread.threadid = " . intval($threadinfo['threadid']) . ")\n\t\t\tWHERE tag.tagtext IN ('" . implode("','", array_map(array(&$vbulletin->db, 'escape_string'), $valid)) . "')\n\t\t");
if ($check_browser_perms and !($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cancreatetag'])) {
// can't create tags, need to throw errors about bad ones
$new_tags = array_flip($valid_unique);
while ($tag = $vbulletin->db->fetch_array($existing_sql)) {
unset($new_tags[vbstrtolower($tag['tagtext'])]);
}
if ($new_tags) {
// trying to create tags without permissions. Remove and throw an error
$errors['no_create'] = $evalerrors ? fetch_error('tag_no_create') : 'tag_no_create';
foreach ($new_tags as $new_tag => $key) {
// remove those that we can't add from the list
unset($valid["{$key}"], $valid_unique["{$key}"]);
}
}
}
$vbulletin->db->data_seek($existing_sql, 0);
// determine which tags are already in the thread and just ignore them
while ($tag = $vbulletin->db->fetch_array($existing_sql)) {
if ($tag['taginthread']) {
// tag is in thread, find it and remove
if (($key = array_search(vbstrtolower($tag['tagtext']), $valid_unique)) !== false) {
unset($valid["{$key}"], $valid_unique["{$key}"]);
}
}
}
$user_tags_remain = null;
if ($vbulletin->options['tagmaxthread']) {
// check global limit
$user_tags_remain = $vbulletin->options['tagmaxthread'] - count($existing_tags) - count($valid);
}
if (!can_moderate($threadinfo['forumid'], 'caneditthreads')) {
$my_tag_count_array = $vbulletin->db->query_first("\n\t\t\t\tSELECT COUNT(*) AS count\n\t\t\t\tFROM " . TABLE_PREFIX . "tagthread\n\t\t\t\tWHERE threadid = " . intval($threadinfo['threadid']) . "\n\t\t\t\t\tAND userid = " . $vbulletin->userinfo['userid']);
$my_tag_count = $my_tag_count_array['count'] + count($valid);
$tags_remain = null;
if ($vbulletin->options['tagmaxstarter'] and $threadinfo['postuserid'] == $vbulletin->userinfo['userid']) {
$tags_remain = $vbulletin->options['tagmaxstarter'] - $my_tag_count;
} else {
if ($vbulletin->options['tagmaxuser']) {
$tags_remain = $vbulletin->options['tagmaxuser'] - $my_tag_count;
}
}
if ($tags_remain !== null) {
$user_tags_remain = $user_tags_remain == null ? $tags_remain : min($tags_remain, $user_tags_remain);
}
}
if ($user_tags_remain < 0) {
$errors['threadmax'] = $evalerrors ? fetch_error('number_tags_add_exceeded_x', vb_number_format($user_tags_remain * -1)) : array('number_tags_add_exceeded_x', vb_number_format($user_tags_remain * -1));
$allowed_tag_count = count($valid) + $user_tags_remain;
if ($allowed_tag_count > 0) {
$valid = array_slice($valid, 0, count($valid) + $user_tags_remain);
} else {
$valid = array();
}
}
}
return $valid;
}
$changes = true;
}
}
}
//update the datastore bookmarksite cache
if ($changes) {
build_bookmarksite_datastore();
}
$_REQUEST['do'] = 'modify';
}
// ########################################################################
// we want to display the bookmark list - this is the default action
if ($_REQUEST['do'] == 'modify') {
if (!$vbulletin->options['socialbookmarks']) {
print_table_start();
print_description_row(fetch_error('social_bookmarks_disabled'));
print_table_footer(2, '', '', false);
}
// display the form and table header
print_form_header('bookmarksite', 'quickupdate');
print_table_header($vbphrase['social_bookmarking_manager'], 3);
$bookmarksites_result = $db->query_read("\n\t\tSELECT * FROM " . TABLE_PREFIX . "bookmarksite AS bookmarksite\n\t\tORDER BY displayorder, title\n\t");
$bookmarksite_count = $db->num_rows($bookmarksites_result);
if ($bookmarksite_count) {
print_description_row('<label><input type="checkbox" id="allbox" checked="checked" />' . $vbphrase['toggle_active_status_for_all'] . '</label><input type="image" src="../' . $vbulletin->options['cleargifurl'] . '" name="normalsubmit" />', false, 3, 'thead" style="font-weight:normal; padding:0px 4px 0px 4px');
print_column_style_code(array('width:20%; white-space:nowrap', 'width:60%', "width:20%; white-space:nowrap; text-align:{$stylevar['right']}"));
while ($bookmarksite = $db->fetch_array($bookmarksites_result)) {
print_cells_row(array('<label class="smallfont"><input type="checkbox" name="active[' . $bookmarksite['bookmarksiteid'] . ']" value="1"' . ($bookmarksite['active'] ? ' checked="checked"' : '') . ' />' . $vbphrase['active'] . '</label> ' . '<input type="image" src="../cpstyles/' . $vbulletin->options['cpstylefolder'] . '/move_down.gif" name="displayorderswap[' . $bookmarksite['bookmarksiteid'] . ',higher]" />' . '<input type="text" name="displayorder[' . $bookmarksite['bookmarksiteid'] . ']" value="' . $bookmarksite['displayorder'] . '" class="bginput" size="4" title="' . $vbphrase['display_order'] . '" style="text-align:' . $stylevar['right'] . '" />' . '<input type="image" src="../cpstyles/' . $vbulletin->options['cpstylefolder'] . '/move_up.gif" name="displayorderswap[' . $bookmarksite['bookmarksiteid'] . ',lower]" />', '<a href="bookmarksite.php?' . $vbulletin->session->vars['sessionurl'] . 'do=edit&bookmarksiteid=' . $bookmarksite['bookmarksiteid'] . '" title="' . $vbphrase['edit'] . '">' . $bookmarksite['title'] . '</a>', construct_link_code($vbphrase['edit'], 'bookmarksite.php?' . $vbulletin->session->vars['sessionurl'] . 'do=edit&bookmarksiteid=' . $bookmarksite['bookmarksiteid']) . construct_link_code($vbphrase['delete'], 'bookmarksite.php?' . $vbulletin->session->vars['sessionurl'] . 'do=delete&bookmarksiteid=' . $bookmarksite['bookmarksiteid'])), false, '', -1);
}
$db->free_result($bookmarksites_result);
}
$templater->register('forminfo', $forminfo);
$templater->register('navbar', $navbar);
$templater->register('url', $url);
$templater->register('usernamecode', $usernamecode);
print_output($templater->render());
}
if ($_POST['do'] == 'sendemail')
{
$vbulletin->input->clean_array_gpc('p', array(
'reason' => TYPE_STR,
));
if ($vbulletin->GPC['reason'] == '')
{
eval(standard_error(fetch_error('noreason')));
}
if ($perform_floodcheck)
{
$reportobj->perform_floodcheck_commit();
}
$reportobj->do_report($vbulletin->GPC['reason'], $messageinfo);
$url =& $vbulletin->url;
eval(print_standard_redirect('redirect_reportthanks'));
}
}
/**
* Checks that a given discussion id is valid and optionally checks if the user has permission
* to view the discussion.
*
* @param integer The id of the discussion
* @return array mixed | false Info array for the valid discussion
*/
function verify_socialdiscussion($discussionid, $alert = true, $perm_check = true)
{
global $vbphrase, $vbulletin;
// Try to load discussion info and ensure it has a groupid
if (!($discussion = fetch_socialdiscussioninfo($discussionid)) or !isset($discussion['groupid'])) {
if ($alert) {
standard_error(fetch_error('invalidid', $vbphrase['social_group_discussion'], $vbulletin->options['contactuslink']));
}
return false;
}
// Check the user has permission to view the discussion
if ($perm_check) {
if (!($group = fetch_socialgroupinfo($discussion['groupid'])) or $discussion['state'] == 'deleted' and !fetch_socialgroup_modperm('canviewdeleted', $group) or $discussion['state'] == 'moderation' and !fetch_socialgroup_modperm('canmoderategroupmessages', $group) and $discussion['postuserid'] != $vbulletin->userinfo['userid']) {
if ($alert) {
standard_error(fetch_error('invalidid', $vbphrase['social_group_discussion'], $vbulletin->options['contactuslink']));
}
return false;
}
}
return $discussion;
}
// #######################################################################
if ($_POST['do'] == 'docustomize') {
$vbulletin->input->clean_array_gpc('p', array('usercss' => TYPE_ARRAY, 'ajax' => TYPE_BOOL));
($hook = vBulletinHook::fetch_hook('profile_docustomize_start')) ? eval($hook) : false;
foreach ($vbulletin->GPC['usercss'] as $selectorname => $selector) {
if (!isset($usercss->cssedit["{$selectorname}"]) or !empty($usercss->cssedit["{$selectorname}"]['noinputset'])) {
$usercss->error[] = fetch_error('invalid_selector_name_x', htmlspecialchars_uni($selectorname));
continue;
}
if (!is_array($selector)) {
continue;
}
foreach ($selector as $property => $value) {
$prop_perms = $usercss->properties["{$property}"]['permission'];
if (empty($usercsspermissions["{$prop_perms}"]) or !in_array($property, $usercss->cssedit["{$selectorname}"]['properties'])) {
$usercss->error[] = fetch_error('no_permission_edit_selector_x_property_y', htmlspecialchars_uni($selectorname), htmlspecialchars_uni($property));
continue;
}
unset($allowedlist);
switch ($property) {
case 'font_size':
$allowedlist = $allowedfontsizes;
break;
case 'font_family':
$allowedlist = $allowedfonts;
break;
case 'border_width':
$allowedlist = $allowedborderwidths;
break;
case 'padding':
$allowedlist = $allowedpaddings;
}
else
{
if ($vbulletin->GPC['message'] == '')
{
eval(standard_error(fetch_error('nomessage')));
}
if ($perform_floodcheck)
{
require_once(DIR . '/includes/class_floodcheck.php');
$floodcheck = new vB_FloodCheck($vbulletin, 'user', 'emailstamp');
$floodcheck->commit_key($vbulletin->userinfo['userid'], TIMENOW, TIMENOW - $vbulletin->options['emailfloodtime']);
if ($floodcheck->is_flooding())
{
eval(standard_error(fetch_error('emailfloodcheck', $vbulletin->options['emailfloodtime'], $floodcheck->flood_wait())));
}
}
($hook = vBulletinHook::fetch_hook('sendmessage_domailmember')) ? eval($hook) : false;
$message = fetch_censored_text($vbulletin->GPC['message']);
eval(fetch_email_phrases('usermessage', $userinfo['languageid']));
vbmail($userinfo['email'], fetch_censored_text($vbulletin->GPC['emailsubject']), $message , false, $vbulletin->userinfo['email'], '', $vbulletin->userinfo['username']);
// parse this next line with eval:
$sendtoname = $userinfo['username'];
eval(print_standard_redirect('redirect_sentemail'));
eval(standard_error(fetch_error('invalidid', $vbphrase['forum'], $vbulletin->options['contactuslink'])));
}
if (can_administer('canadminthreads')) {
exec_header_redirect($vbulletin->config['Misc']['admincpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=move'));
} else {
if (can_moderate($foruminfo['forumid'], 'canmassmove')) {
exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=move'));
} else {
print_no_permission();
}
}
}
// #############################################################################
if ($_REQUEST['do'] == 'prune') {
if (!$foruminfo['forumid']) {
eval(standard_error(fetch_error('invalidid', $vbphrase['forum'], $vbulletin->options['contactuslink'])));
}
if (can_administer('canadminthreads')) {
exec_header_redirect($vbulletin->config['Misc']['admincpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=prune'));
} else {
if (can_moderate($forumid, 'canmassprune')) {
exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=prune'));
} else {
print_no_permission();
}
}
}
// #############################################################################
if ($_REQUEST['do'] == 'modposts') {
if (can_moderate(0, 'canmoderateposts')) {
exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('moderate.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=posts'));
/**
* Collects errors encountered while parsing a template and returns them
*
* @param string Template PHP code
*
* @return string
*/
function check_template_errors($template)
{
// Attempt to enable display_errors so that this eval actually returns something in the event of an error
@ini_set('display_errors', true);
require_once DIR . '/includes/functions_calendar.php';
// to make sure can_moderate_calendar exists
if (preg_match('#^(.*)<if condition=(\\\\"|\')(.*)\\2>#siU', $template, $match)) {
// remnants of a conditional -- that means something is malformed, probably missing a </if>
return fetch_error('template_conditional_end_missing_x', substr_count($match[1], "\n") + 1);
}
if (preg_match('#^(.*)</if>#siU', $template, $match)) {
// remnants of a conditional -- missing beginning
return fetch_error('template_conditional_beginning_missing_x', substr_count($match[1], "\n") + 1);
}
if (strpos(@ini_get('disable_functions'), 'ob_start') !== false) {
// alternate method in case OB is disabled; probably not as fool proof
@ini_set('track_errors', true);
$oldlevel = error_reporting(0);
eval('$devnull = "' . $template . '";');
error_reporting($oldlevel);
if (strpos(strtolower($php_errormsg), 'parse') !== false) {
// only return error if we think there's a parse error
// best workaround to ignore "undefined variable" type errors
return $php_errormsg;
} else {
return '';
}
} else {
$olderrors = @ini_set('display_errors', true);
$oldlevel = error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR);
ob_start();
eval('$devnull = "' . $template . '";');
$errors = ob_get_contents();
ob_end_clean();
error_reporting($oldlevel);
if ($olderrors !== false) {
@ini_set('display_errors', $olderrors);
}
return $errors;
}
}
