function activateAccount($memID)
{
global $sourcedir, $context, $user_profile, $modSettings;
isAllowedTo('moderate_forum');
if (isset($_REQUEST['save']) && isset($user_profile[$memID]['is_activated']) && $user_profile[$memID]['is_activated'] != 1) {
// If we are approving the deletion of an account, we do something special ;)
if ($user_profile[$memID]['is_activated'] == 4) {
require_once $sourcedir . '/Subs-Members.php';
deleteMembers($context['id_member']);
redirectexit();
}
// Let the integrations know of the activation.
call_integration_hook('integrate_activate', array($user_profile[$memID]['member_name']));
// We need to log that we're doing something.
logAction('approve_member', array('member' => $memID), 'admin');
// Actually update this member now, as it guarantees the unapproved count can't get corrupted.
updateMemberData($context['id_member'], array('is_activated' => $user_profile[$memID]['is_activated'] >= 10 ? 11 : 1, 'validation_code' => ''));
// If we are doing approval, update the stats for the member just in case.
if (in_array($user_profile[$memID]['is_activated'], array(3, 4, 13, 14))) {
updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > 1 ? $modSettings['unapprovedMembers'] - 1 : 0));
}
// Make sure we update the stats too.
updateStats('member', false);
}
// Leave it be...
redirectexit('action=profile;u=' . $memID . ';area=summary');
}
/**
* A small function to unify logging of triggers (updates and new)
*
* @package Bans
* @param mixed[] $logs an array of logs, each log contains the following keys:
* - bantype: a known type of ban (ip_range, hostname, email, user, main_ip)
* - value: the value of the bantype (e.g. the IP or the email address banned)
* @param boolean|string $new type of trigger
* - if the trigger is new (true), an update (false), or a removal ('remove') of an existing one
*/
function logTriggersUpdates($logs, $new = true)
{
if (empty($logs)) {
return;
}
$log_name_map = array('main_ip' => 'ip_range', 'hostname' => 'hostname', 'email' => 'email', 'user' => 'member', 'ip_range' => 'ip_range');
// Log the addition of the ban entries into the moderation log.
foreach ($logs as $log) {
logAction('ban', array($log_name_map[$log['bantype']] => $log['value'], 'new' => empty($new) ? 0 : ($new === true ? 1 : -1), 'type' => $log['bantype']));
}
}
function QuickInTopicModeration()
{
global $sourcedir, $topic, $board, $user_info, $smcFunc, $modSettings, $context;
// Check the session = get or post.
checkSession('request');
require_once $sourcedir . '/RemoveTopic.php';
if (empty($_REQUEST['msgs'])) {
redirectexit('topic=' . $topic . '.' . $_REQUEST['start']);
}
$messages = array();
foreach ($_REQUEST['msgs'] as $dummy) {
$messages[] = (int) $dummy;
}
// We are restoring messages. We handle this in another place.
if (isset($_REQUEST['restore_selected'])) {
redirectexit('action=restoretopic;msgs=' . implode(',', $messages) . ';' . $context['session_var'] . '=' . $context['session_id']);
}
// Allowed to delete any message?
if (allowedTo('delete_any')) {
$allowed_all = true;
} elseif (allowedTo('delete_replies')) {
$request = $smcFunc['db_query']('', '
SELECT id_member_started
FROM {db_prefix}topics
WHERE id_topic = {int:current_topic}
LIMIT 1', array('current_topic' => $topic));
list($starter) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
$allowed_all = $starter == $user_info['id'];
} else {
$allowed_all = false;
}
// Make sure they're allowed to delete their own messages, if not any.
if (!$allowed_all) {
isAllowedTo('delete_own');
}
// Allowed to remove which messages?
$request = $smcFunc['db_query']('', '
SELECT id_msg, subject, id_member, poster_time, GREATEST(poster_time, modified_time) AS last_modified_time
FROM {db_prefix}messages
WHERE id_msg IN ({array_int:message_list})
AND id_topic = {int:current_topic}' . (!$allowed_all ? '
AND id_member = {int:current_member}' : '') . '
LIMIT ' . count($messages), array('current_member' => $user_info['id'], 'current_topic' => $topic, 'message_list' => $messages));
$messages = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (!$allowed_all && !empty($modSettings['edit_disable_time']) && $row['last_modified_time'] + $modSettings['edit_disable_time'] * 60 < time()) {
continue;
}
$messages[$row['id_msg']] = array($row['subject'], $row['id_member']);
}
$smcFunc['db_free_result']($request);
// Get the first message in the topic - because you can't delete that!
$request = $smcFunc['db_query']('', '
SELECT id_first_msg, id_last_msg
FROM {db_prefix}topics
WHERE id_topic = {int:current_topic}
LIMIT 1', array('current_topic' => $topic));
list($first_message, $last_message) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Delete all the messages we know they can delete. ($messages)
foreach ($messages as $message => $info) {
// Just skip the first message - if it's not the last.
if ($message == $first_message && $message != $last_message) {
continue;
} elseif ($message == $first_message) {
$topicGone = true;
}
removeMessage($message);
// Log this moderation action ;).
if (allowedTo('delete_any') && (!allowedTo('delete_own') || $info[1] != $user_info['id'])) {
logAction('delete', array('topic' => $topic, 'subject' => $info[0], 'member' => $info[1], 'board' => $board));
}
}
redirectexit(!empty($topicGone) ? 'board=' . $board : 'topic=' . $topic . '.' . $_REQUEST['start']);
}
function MoveTopic2()
{
global $txt, $board, $topic, $scripturl, $sourcedir, $modSettings, $context;
global $board, $language, $user_info, $smcFunc;
if (empty($topic)) {
fatal_lang_error('no_access', false);
}
// You can't choose to have a redirection topic and use an empty reason.
if (isset($_POST['postRedirect']) && (!isset($_POST['reason']) || trim($_POST['reason']) == '')) {
fatal_lang_error('movetopic_no_reason', false);
}
// Make sure this form hasn't been submitted before.
checkSubmitOnce('check');
$request = $smcFunc['db_query']('', '
SELECT id_member_started, id_first_msg, approved
FROM {db_prefix}topics
WHERE id_topic = {int:current_topic}
LIMIT 1', array('current_topic' => $topic));
list($id_member_started, $id_first_msg, $context['is_approved']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Can they see it?
if (!$context['is_approved']) {
isAllowedTo('approve_posts');
}
// Can they move topics on this board?
if (!allowedTo('move_any')) {
if ($id_member_started == $user_info['id']) {
isAllowedTo('move_own');
$boards = array_merge(boardsAllowedTo('move_own'), boardsAllowedTo('move_any'));
} else {
isAllowedTo('move_any');
}
} else {
$boards = boardsAllowedTo('move_any');
}
// If this topic isn't approved don't let them move it if they can't approve it!
if ($modSettings['postmod_active'] && !$context['is_approved'] && !allowedTo('approve_posts')) {
// Only allow them to move it to other boards they can't approve it in.
$can_approve = boardsAllowedTo('approve_posts');
$boards = array_intersect($boards, $can_approve);
}
checkSession();
require_once $sourcedir . '/Subs-Post.php';
// The destination board must be numeric.
$_POST['toboard'] = (int) $_POST['toboard'];
// Make sure they can see the board they are trying to move to (and get whether posts count in the target board).
$request = $smcFunc['db_query']('', '
SELECT b.count_posts, b.name, m.subject
FROM {db_prefix}boards AS b
INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
INNER JOIN {db_prefix}messages AS m ON (m.id_msg = t.id_first_msg)
WHERE {query_see_board}
AND b.id_board = {int:to_board}
AND b.redirect = {string:blank_redirect}
LIMIT 1', array('current_topic' => $topic, 'to_board' => $_POST['toboard'], 'blank_redirect' => ''));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('no_board');
}
list($pcounter, $board_name, $subject) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Remember this for later.
$_SESSION['move_to_topic'] = $_POST['toboard'];
// Rename the topic...
if (isset($_POST['reset_subject'], $_POST['custom_subject']) && $_POST['custom_subject'] != '') {
$_POST['custom_subject'] = strtr($smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['custom_subject'])), array("\r" => '', "\n" => '', "\t" => ''));
// Keep checking the length.
if ($smcFunc['strlen']($_POST['custom_subject']) > 100) {
$_POST['custom_subject'] = $smcFunc['substr']($_POST['custom_subject'], 0, 100);
}
// If it's still valid move onwards and upwards.
if ($_POST['custom_subject'] != '') {
if (isset($_POST['enforce_subject'])) {
// Get a response prefix, but in the forum's default language.
if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) {
if ($language === $user_info['language']) {
$context['response_prefix'] = $txt['response_prefix'];
} else {
loadLanguage('index', $language, false);
$context['response_prefix'] = $txt['response_prefix'];
loadLanguage('index');
}
cache_put_data('response_prefix', $context['response_prefix'], 600);
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}messages
SET subject = {string:subject}
WHERE id_topic = {int:current_topic}', array('current_topic' => $topic, 'subject' => $context['response_prefix'] . $_POST['custom_subject']));
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}messages
SET subject = {string:custom_subject}
WHERE id_msg = {int:id_first_msg}', array('id_first_msg' => $id_first_msg, 'custom_subject' => $_POST['custom_subject']));
// Fix the subject cache.
updateStats('subject', $topic, $_POST['custom_subject']);
}
}
// Create a link to this in the old board.
//!!! Does this make sense if the topic was unapproved before? I'd just about say so.
if (isset($_POST['postRedirect'])) {
// Should be in the boardwide language.
if ($user_info['language'] != $language) {
loadLanguage('index', $language);
}
$_POST['reason'] = $smcFunc['htmlspecialchars']($_POST['reason'], ENT_QUOTES);
preparsecode($_POST['reason']);
// Add a URL onto the message.
$_POST['reason'] = strtr($_POST['reason'], array($txt['movetopic_auto_board'] => '[url=' . $scripturl . '?board=' . $_POST['toboard'] . '.0]' . $board_name . '[/url]', $txt['movetopic_auto_topic'] => '[iurl]' . $scripturl . '?topic=' . $topic . '.0[/iurl]'));
$msgOptions = array('subject' => $txt['moved'] . ': ' . $subject, 'body' => $_POST['reason'], 'icon' => 'moved', 'smileys_enabled' => 1);
$topicOptions = array('board' => $board, 'lock_mode' => 1, 'mark_as_read' => true);
$posterOptions = array('id' => $user_info['id'], 'update_post_count' => empty($pcounter));
createPost($msgOptions, $topicOptions, $posterOptions);
}
$request = $smcFunc['db_query']('', '
SELECT count_posts
FROM {db_prefix}boards
WHERE id_board = {int:current_board}
LIMIT 1', array('current_board' => $board));
list($pcounter_from) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
if ($pcounter_from != $pcounter) {
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}messages
WHERE id_topic = {int:current_topic}
AND approved = {int:is_approved}', array('current_topic' => $topic, 'is_approved' => 1));
$posters = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (!isset($posters[$row['id_member']])) {
$posters[$row['id_member']] = 0;
}
$posters[$row['id_member']]++;
}
$smcFunc['db_free_result']($request);
foreach ($posters as $id_member => $posts) {
// The board we're moving from counted posts, but not to.
if (empty($pcounter_from)) {
updateMemberData($id_member, array('posts' => 'posts - ' . $posts));
} else {
updateMemberData($id_member, array('posts' => 'posts + ' . $posts));
}
}
}
// Do the move (includes statistics update needed for the redirect topic).
moveTopics($topic, $_POST['toboard']);
// Log that they moved this topic.
if (!allowedTo('move_own') || $id_member_started != $user_info['id']) {
logAction('move', array('topic' => $topic, 'board_from' => $board, 'board_to' => $_POST['toboard']));
}
// Notify people that this topic has been moved?
sendNotifications($topic, 'move');
// Why not go back to the original board in case they want to keep moving?
if (!isset($_REQUEST['goback'])) {
redirectexit('board=' . $board . '.0');
} else {
redirectexit('topic=' . $topic . '.0');
}
}
<?php
$db_link = serverConnect();
$max = 'LIMIT ' . ($pageNum - 1) * $_SESSION['items'] . ',' . $_SESSION['items'];
if (isset($search)) {
logAction($_SESSION['user_name'], $lang['searched'] . ' (' . $search . ') ' . $lang['in'] . ' ' . $lang['vehicles'], 1);
$sql = "SELECT `id` FROM `houses` INNER JOIN `players` ON houses.pid=players.playerid WHERE `id` LIKE '" . $search . "' OR `pos` LIKE '" . $search . "' OR `inventory` LIKE '%" . $search . "%' OR `name` LIKE '%" . $search . "%' AND `pid` = '" . $_SESSION['playerid'] . "';";
$result_of_query = $db_link->query($sql);
$total_records = mysqli_num_rows($result_of_query);
if ($pageNum > $total_records) {
$pageNum = $total_records;
}
$sql = "SELECT `id`,`pid`,`pos`,`name`,`owned` FROM `houses` INNER JOIN `players` ON houses.pid=players.playerid WHERE `id` LIKE '" . $search . "' OR `pos` LIKE '" . $search . "' OR `inventory` LIKE '%" . $search . "%' OR `name` LIKE '%" . $search . "%' AND `pid` = '" . $_SESSION['playerid'] . "' " . $max . " ;";
} else {
$sql = "SELECT `id` FROM `houses`;";
$result_of_query = $db_link->query($sql);
$total_records = mysqli_num_rows($result_of_query);
if ($pageNum > $total_records) {
$pageNum = $total_records;
}
$sql = "SELECT `id`,`pid`,`pos`,`name`,`owned` FROM `houses` INNER JOIN `players` ON houses.pid=players.playerid AND `pid` = '" . $_SESSION['playerid'] . "' " . $max . " ;";
}
$result_of_query = $db_link->query($sql);
if ($result_of_query->num_rows > 0) {
?>
<div class="row">
<div class="col-lg-12">
<h1 class="page-header">
<?php
echo $lang['houses'];
?>
/**
* Allows for moderation from the message index.
* @todo refactor this...
*/
function QuickModeration()
{
global $sourcedir, $board, $user_info, $modSettings, $smcFunc, $context;
// Check the session = get or post.
checkSession('request');
// Lets go straight to the restore area.
if (isset($_REQUEST['qaction']) && $_REQUEST['qaction'] == 'restore' && !empty($_REQUEST['topics'])) {
redirectexit('action=restoretopic;topics=' . implode(',', $_REQUEST['topics']) . ';' . $context['session_var'] . '=' . $context['session_id']);
}
if (isset($_SESSION['topicseen_cache'])) {
$_SESSION['topicseen_cache'] = array();
}
// This is going to be needed to send off the notifications and for updateLastMessages().
require_once $sourcedir . '/Subs-Post.php';
// Remember the last board they moved things to.
if (isset($_REQUEST['move_to'])) {
$_SESSION['move_to_topic'] = $_REQUEST['move_to'];
}
// Only a few possible actions.
$possibleActions = array();
if (!empty($board)) {
$boards_can = array('make_sticky' => allowedTo('make_sticky') ? array($board) : array(), 'move_any' => allowedTo('move_any') ? array($board) : array(), 'move_own' => allowedTo('move_own') ? array($board) : array(), 'remove_any' => allowedTo('remove_any') ? array($board) : array(), 'remove_own' => allowedTo('remove_own') ? array($board) : array(), 'lock_any' => allowedTo('lock_any') ? array($board) : array(), 'lock_own' => allowedTo('lock_own') ? array($board) : array(), 'merge_any' => allowedTo('merge_any') ? array($board) : array(), 'approve_posts' => allowedTo('approve_posts') ? array($board) : array());
$redirect_url = 'board=' . $board . '.' . $_REQUEST['start'];
} else {
/**
* @todo Ugly. There's no getting around this, is there?
* @todo Maybe just do this on the actions people want to use?
*/
$boards_can = boardsAllowedTo(array('make_sticky', 'move_any', 'move_own', 'remove_any', 'remove_own', 'lock_any', 'lock_own', 'merge_any', 'approve_posts'), true, false);
$redirect_url = isset($_POST['redirect_url']) ? $_POST['redirect_url'] : (isset($_SESSION['old_url']) ? $_SESSION['old_url'] : '');
}
if (!$user_info['is_guest']) {
$possibleActions[] = 'markread';
}
if (!empty($boards_can['make_sticky']) && !empty($modSettings['enableStickyTopics'])) {
$possibleActions[] = 'sticky';
}
if (!empty($boards_can['move_any']) || !empty($boards_can['move_own'])) {
$possibleActions[] = 'move';
}
if (!empty($boards_can['remove_any']) || !empty($boards_can['remove_own'])) {
$possibleActions[] = 'remove';
}
if (!empty($boards_can['lock_any']) || !empty($boards_can['lock_own'])) {
$possibleActions[] = 'lock';
}
if (!empty($boards_can['merge_any'])) {
$possibleActions[] = 'merge';
}
if (!empty($boards_can['approve_posts'])) {
$possibleActions[] = 'approve';
}
// Two methods: $_REQUEST['actions'] (id_topic => action), and $_REQUEST['topics'] and $_REQUEST['qaction'].
// (if action is 'move', $_REQUEST['move_to'] or $_REQUEST['move_tos'][$topic] is used.)
if (!empty($_REQUEST['topics'])) {
// If the action isn't valid, just quit now.
if (empty($_REQUEST['qaction']) || !in_array($_REQUEST['qaction'], $possibleActions)) {
redirectexit($redirect_url);
}
// Merge requires all topics as one parameter and can be done at once.
if ($_REQUEST['qaction'] == 'merge') {
// Merge requires at least two topics.
if (empty($_REQUEST['topics']) || count($_REQUEST['topics']) < 2) {
redirectexit($redirect_url);
}
require_once $sourcedir . '/SplitTopics.php';
return MergeExecute($_REQUEST['topics']);
}
// Just convert to the other method, to make it easier.
foreach ($_REQUEST['topics'] as $topic) {
$_REQUEST['actions'][(int) $topic] = $_REQUEST['qaction'];
}
}
// Weird... how'd you get here?
if (empty($_REQUEST['actions'])) {
redirectexit($redirect_url);
}
// Validate each action.
$temp = array();
foreach ($_REQUEST['actions'] as $topic => $action) {
if (in_array($action, $possibleActions)) {
$temp[(int) $topic] = $action;
}
}
$_REQUEST['actions'] = $temp;
if (!empty($_REQUEST['actions'])) {
// Find all topics...
$request = $smcFunc['db_query']('', '
SELECT id_topic, id_member_started, id_board, locked, approved, unapproved_posts
FROM {db_prefix}topics
WHERE id_topic IN ({array_int:action_topic_ids})
LIMIT ' . count($_REQUEST['actions']), array('action_topic_ids' => array_keys($_REQUEST['actions'])));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (!empty($board)) {
if ($row['id_board'] != $board || $modSettings['postmod_active'] && !$row['approved'] && !allowedTo('approve_posts')) {
unset($_REQUEST['actions'][$row['id_topic']]);
}
} else {
// Don't allow them to act on unapproved posts they can't see...
if ($modSettings['postmod_active'] && !$row['approved'] && !in_array(0, $boards_can['approve_posts']) && !in_array($row['id_board'], $boards_can['approve_posts'])) {
unset($_REQUEST['actions'][$row['id_topic']]);
} elseif ($_REQUEST['actions'][$row['id_topic']] == 'sticky' && !in_array(0, $boards_can['make_sticky']) && !in_array($row['id_board'], $boards_can['make_sticky'])) {
unset($_REQUEST['actions'][$row['id_topic']]);
} elseif ($_REQUEST['actions'][$row['id_topic']] == 'move' && !in_array(0, $boards_can['move_any']) && !in_array($row['id_board'], $boards_can['move_any']) && ($row['id_member_started'] != $user_info['id'] || !in_array(0, $boards_can['move_own']) && !in_array($row['id_board'], $boards_can['move_own']))) {
unset($_REQUEST['actions'][$row['id_topic']]);
} elseif ($_REQUEST['actions'][$row['id_topic']] == 'remove' && !in_array(0, $boards_can['remove_any']) && !in_array($row['id_board'], $boards_can['remove_any']) && ($row['id_member_started'] != $user_info['id'] || !in_array(0, $boards_can['remove_own']) && !in_array($row['id_board'], $boards_can['remove_own']))) {
unset($_REQUEST['actions'][$row['id_topic']]);
} elseif ($_REQUEST['actions'][$row['id_topic']] == 'lock' && !in_array(0, $boards_can['lock_any']) && !in_array($row['id_board'], $boards_can['lock_any']) && ($row['id_member_started'] != $user_info['id'] || $row['locked'] == 1 || !in_array(0, $boards_can['lock_own']) && !in_array($row['id_board'], $boards_can['lock_own']))) {
unset($_REQUEST['actions'][$row['id_topic']]);
} elseif ($_REQUEST['actions'][$row['id_topic']] == 'approve' && (!$row['unapproved_posts'] || !in_array(0, $boards_can['approve_posts']) && !in_array($row['id_board'], $boards_can['approve_posts']))) {
unset($_REQUEST['actions'][$row['id_topic']]);
}
}
}
$smcFunc['db_free_result']($request);
}
$stickyCache = array();
$moveCache = array(0 => array(), 1 => array());
$removeCache = array();
$lockCache = array();
$markCache = array();
$approveCache = array();
// Separate the actions.
foreach ($_REQUEST['actions'] as $topic => $action) {
$topic = (int) $topic;
if ($action == 'markread') {
$markCache[] = $topic;
} elseif ($action == 'sticky') {
$stickyCache[] = $topic;
} elseif ($action == 'move') {
require_once $sourcedir . '/MoveTopic.php';
moveTopicConcurrence();
// $moveCache[0] is the topic, $moveCache[1] is the board to move to.
$moveCache[1][$topic] = (int) (isset($_REQUEST['move_tos'][$topic]) ? $_REQUEST['move_tos'][$topic] : $_REQUEST['move_to']);
if (empty($moveCache[1][$topic])) {
continue;
}
$moveCache[0][] = $topic;
} elseif ($action == 'remove') {
$removeCache[] = $topic;
} elseif ($action == 'lock') {
$lockCache[] = $topic;
} elseif ($action == 'approve') {
$approveCache[] = $topic;
}
}
if (empty($board)) {
$affectedBoards = array();
} else {
$affectedBoards = array($board => array(0, 0));
}
// Do all the stickies...
if (!empty($stickyCache)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}topics
SET is_sticky = CASE WHEN is_sticky = {int:is_sticky} THEN 0 ELSE 1 END
WHERE id_topic IN ({array_int:sticky_topic_ids})', array('sticky_topic_ids' => $stickyCache, 'is_sticky' => 1));
// Get the board IDs and Sticky status
$request = $smcFunc['db_query']('', '
SELECT id_topic, id_board, is_sticky
FROM {db_prefix}topics
WHERE id_topic IN ({array_int:sticky_topic_ids})
LIMIT ' . count($stickyCache), array('sticky_topic_ids' => $stickyCache));
$stickyCacheBoards = array();
$stickyCacheStatus = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$stickyCacheBoards[$row['id_topic']] = $row['id_board'];
$stickyCacheStatus[$row['id_topic']] = empty($row['is_sticky']);
}
$smcFunc['db_free_result']($request);
}
// Move sucka! (this is, by the by, probably the most complicated part....)
if (!empty($moveCache[0])) {
// I know - I just KNOW you're trying to beat the system. Too bad for you... we CHECK :P.
$request = $smcFunc['db_query']('', '
SELECT t.id_topic, t.id_board, b.count_posts
FROM {db_prefix}topics AS t
LEFT JOIN {db_prefix}boards AS b ON (t.id_board = b.id_board)
WHERE t.id_topic IN ({array_int:move_topic_ids})' . (!empty($board) && !allowedTo('move_any') ? '
AND t.id_member_started = {int:current_member}' : '') . '
LIMIT ' . count($moveCache[0]), array('current_member' => $user_info['id'], 'move_topic_ids' => $moveCache[0]));
$moveTos = array();
$moveCache2 = array();
$countPosts = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$to = $moveCache[1][$row['id_topic']];
if (empty($to)) {
continue;
}
// Does this topic's board count the posts or not?
$countPosts[$row['id_topic']] = empty($row['count_posts']);
if (!isset($moveTos[$to])) {
$moveTos[$to] = array();
}
$moveTos[$to][] = $row['id_topic'];
// For reporting...
$moveCache2[] = array($row['id_topic'], $row['id_board'], $to);
}
$smcFunc['db_free_result']($request);
$moveCache = $moveCache2;
require_once $sourcedir . '/MoveTopic.php';
// Do the actual moves...
foreach ($moveTos as $to => $topics) {
moveTopics($topics, $to);
}
// Does the post counts need to be updated?
if (!empty($moveTos)) {
$topicRecounts = array();
$request = $smcFunc['db_query']('', '
SELECT id_board, count_posts
FROM {db_prefix}boards
WHERE id_board IN ({array_int:move_boards})', array('move_boards' => array_keys($moveTos)));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$cp = empty($row['count_posts']);
// Go through all the topics that are being moved to this board.
foreach ($moveTos[$row['id_board']] as $topic) {
// If both boards have the same value for post counting then no adjustment needs to be made.
if ($countPosts[$topic] != $cp) {
// If the board being moved to does count the posts then the other one doesn't so add to their post count.
$topicRecounts[$topic] = $cp ? '+' : '-';
}
}
}
$smcFunc['db_free_result']($request);
if (!empty($topicRecounts)) {
$members = array();
// Get all the members who have posted in the moved topics.
$request = $smcFunc['db_query']('', '
SELECT id_member, id_topic
FROM {db_prefix}messages
WHERE id_topic IN ({array_int:moved_topic_ids})', array('moved_topic_ids' => array_keys($topicRecounts)));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (!isset($members[$row['id_member']])) {
$members[$row['id_member']] = 0;
}
if ($topicRecounts[$row['id_topic']] === '+') {
$members[$row['id_member']] += 1;
} else {
$members[$row['id_member']] -= 1;
}
}
$smcFunc['db_free_result']($request);
// And now update them member's post counts
foreach ($members as $id_member => $post_adj) {
updateMemberData($id_member, array('posts' => 'posts + ' . $post_adj));
}
}
}
}
// Now delete the topics...
if (!empty($removeCache)) {
// They can only delete their own topics. (we wouldn't be here if they couldn't do that..)
$result = $smcFunc['db_query']('', '
SELECT id_topic, id_board
FROM {db_prefix}topics
WHERE id_topic IN ({array_int:removed_topic_ids})' . (!empty($board) && !allowedTo('remove_any') ? '
AND id_member_started = {int:current_member}' : '') . '
LIMIT ' . count($removeCache), array('current_member' => $user_info['id'], 'removed_topic_ids' => $removeCache));
$removeCache = array();
$removeCacheBoards = array();
while ($row = $smcFunc['db_fetch_assoc']($result)) {
$removeCache[] = $row['id_topic'];
$removeCacheBoards[$row['id_topic']] = $row['id_board'];
}
$smcFunc['db_free_result']($result);
// Maybe *none* were their own topics.
if (!empty($removeCache)) {
// Gotta send the notifications *first*!
foreach ($removeCache as $topic) {
// Only log the topic ID if it's not in the recycle board.
logAction('remove', array(empty($modSettings['recycle_enable']) || $modSettings['recycle_board'] != $removeCacheBoards[$topic] ? 'topic' : 'old_topic_id' => $topic, 'board' => $removeCacheBoards[$topic]));
sendNotifications($topic, 'remove');
}
require_once $sourcedir . '/RemoveTopic.php';
removeTopics($removeCache);
}
}
// Approve the topics...
if (!empty($approveCache)) {
// We need unapproved topic ids and their authors!
$request = $smcFunc['db_query']('', '
SELECT id_topic, id_member_started
FROM {db_prefix}topics
WHERE id_topic IN ({array_int:approve_topic_ids})
AND approved = {int:not_approved}
LIMIT ' . count($approveCache), array('approve_topic_ids' => $approveCache, 'not_approved' => 0));
$approveCache = array();
$approveCacheMembers = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$approveCache[] = $row['id_topic'];
$approveCacheMembers[$row['id_topic']] = $row['id_member_started'];
}
$smcFunc['db_free_result']($request);
// Any topics to approve?
if (!empty($approveCache)) {
// Handle the approval part...
approveTopics($approveCache);
// Time for some logging!
foreach ($approveCache as $topic) {
logAction('approve_topic', array('topic' => $topic, 'member' => $approveCacheMembers[$topic]));
}
}
}
// And (almost) lastly, lock the topics...
if (!empty($lockCache)) {
$lockStatus = array();
// Gotta make sure they CAN lock/unlock these topics...
if (!empty($board) && !allowedTo('lock_any')) {
// Make sure they started the topic AND it isn't already locked by someone with higher priv's.
$result = $smcFunc['db_query']('', '
SELECT id_topic, locked, id_board
FROM {db_prefix}topics
WHERE id_topic IN ({array_int:locked_topic_ids})
AND id_member_started = {int:current_member}
AND locked IN (2, 0)
LIMIT ' . count($lockCache), array('current_member' => $user_info['id'], 'locked_topic_ids' => $lockCache));
$lockCache = array();
$lockCacheBoards = array();
while ($row = $smcFunc['db_fetch_assoc']($result)) {
$lockCache[] = $row['id_topic'];
$lockCacheBoards[$row['id_topic']] = $row['id_board'];
$lockStatus[$row['id_topic']] = empty($row['locked']);
}
$smcFunc['db_free_result']($result);
} else {
$result = $smcFunc['db_query']('', '
SELECT id_topic, locked, id_board
FROM {db_prefix}topics
WHERE id_topic IN ({array_int:locked_topic_ids})
LIMIT ' . count($lockCache), array('locked_topic_ids' => $lockCache));
$lockCacheBoards = array();
while ($row = $smcFunc['db_fetch_assoc']($result)) {
$lockStatus[$row['id_topic']] = empty($row['locked']);
$lockCacheBoards[$row['id_topic']] = $row['id_board'];
}
$smcFunc['db_free_result']($result);
}
// It could just be that *none* were their own topics...
if (!empty($lockCache)) {
// Alternate the locked value.
$smcFunc['db_query']('', '
UPDATE {db_prefix}topics
SET locked = CASE WHEN locked = {int:is_locked} THEN ' . (allowedTo('lock_any') ? '1' : '2') . ' ELSE 0 END
WHERE id_topic IN ({array_int:locked_topic_ids})', array('locked_topic_ids' => $lockCache, 'is_locked' => 0));
}
}
if (!empty($markCache)) {
$markArray = array();
foreach ($markCache as $topic) {
$markArray[] = array($modSettings['maxMsgID'], $user_info['id'], $topic);
}
$smcFunc['db_insert']('replace', '{db_prefix}log_topics', array('id_msg' => 'int', 'id_member' => 'int', 'id_topic' => 'int'), $markArray, array('id_member', 'id_topic'));
}
foreach ($moveCache as $topic) {
// Didn't actually move anything!
if (!isset($topic[0])) {
break;
}
logAction('move', array('topic' => $topic[0], 'board_from' => $topic[1], 'board_to' => $topic[2]));
sendNotifications($topic[0], 'move');
}
foreach ($lockCache as $topic) {
logAction($lockStatus[$topic] ? 'lock' : 'unlock', array('topic' => $topic, 'board' => $lockCacheBoards[$topic]));
sendNotifications($topic, $lockStatus[$topic] ? 'lock' : 'unlock');
}
foreach ($stickyCache as $topic) {
logAction($stickyCacheStatus[$topic] ? 'unsticky' : 'sticky', array('topic' => $topic, 'board' => $stickyCacheBoards[$topic]));
sendNotifications($topic, 'sticky');
}
updateStats('topic');
updateStats('message');
updateSettings(array('calendar_updated' => time()));
if (!empty($affectedBoards)) {
updateLastMessages(array_keys($affectedBoards));
}
redirectexit($redirect_url);
}
/**
* Handles the sending of the forum mailing in batches.
*
* What it does:
* - Called by ?action=admin;area=news;sa=mailingsend
* - Requires the send_mail permission.
* - Redirects to itself when more batches need to be sent.
* - Redirects to ?action=admin after everything has been sent.
*
* @uses the ManageNews template and email_members_send sub template.
* @param bool $clean_only = false; if set, it will only clean the variables, put them in context, then return.
*/
public function action_mailingsend($clean_only = false)
{
global $txt, $context, $scripturl, $modSettings, $user_info;
// A nice successful screen if you did it
if (isset($_REQUEST['success'])) {
$context['sub_template'] = 'email_members_succeeded';
loadTemplate('ManageNews');
return;
}
// If just previewing we prepare a message and return it for viewing
if (isset($_POST['preview'])) {
$context['preview'] = true;
return $this->action_mailingcompose();
}
// How many to send at once? Quantity depends on whether we are queueing or not.
// @todo Might need an interface? (used in Post.controller.php too with different limits)
$num_at_once = empty($modSettings['mail_queue']) ? 60 : 1000;
// If by PM's I suggest we half the above number.
if (!empty($_POST['send_pm'])) {
$num_at_once /= 2;
}
checkSession();
// Where are we actually to?
$context['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0;
$context['email_force'] = !empty($_POST['email_force']) ? 1 : 0;
$context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0;
$context['total_emails'] = !empty($_POST['total_emails']) ? (int) $_POST['total_emails'] : 0;
$context['max_id_member'] = !empty($_POST['max_id_member']) ? (int) $_POST['max_id_member'] : 0;
$context['send_html'] = !empty($_POST['send_html']) ? 1 : 0;
$context['parse_html'] = !empty($_POST['parse_html']) ? 1 : 0;
// Create our main context.
$context['recipients'] = array('groups' => array(), 'exclude_groups' => array(), 'members' => array(), 'exclude_members' => array(), 'emails' => array());
// Have we any excluded members?
if (!empty($_POST['exclude_members'])) {
$members = explode(',', $_POST['exclude_members']);
foreach ($members as $member) {
if ($member >= $context['start']) {
$context['recipients']['exclude_members'][] = (int) $member;
}
}
}
// What about members we *must* do?
if (!empty($_POST['members'])) {
$members = explode(',', $_POST['members']);
foreach ($members as $member) {
if ($member >= $context['start']) {
$context['recipients']['members'][] = (int) $member;
}
}
}
// Cleaning groups is simple - although deal with both checkbox and commas.
if (isset($_POST['groups'])) {
if (is_array($_POST['groups'])) {
foreach ($_POST['groups'] as $group => $dummy) {
$context['recipients']['groups'][] = (int) $group;
}
} elseif (trim($_POST['groups']) != '') {
$groups = explode(',', $_POST['groups']);
foreach ($groups as $group) {
$context['recipients']['groups'][] = (int) $group;
}
}
}
// Same for excluded groups
if (isset($_POST['exclude_groups'])) {
if (is_array($_POST['exclude_groups'])) {
foreach ($_POST['exclude_groups'] as $group => $dummy) {
$context['recipients']['exclude_groups'][] = (int) $group;
}
} elseif (trim($_POST['exclude_groups']) != '') {
$groups = explode(',', $_POST['exclude_groups']);
foreach ($groups as $group) {
$context['recipients']['exclude_groups'][] = (int) $group;
}
}
}
// Finally - emails!
if (!empty($_POST['emails'])) {
$addressed = array_unique(explode(';', strtr($_POST['emails'], array("\n" => ';', "\r" => ';', ',' => ';'))));
foreach ($addressed as $curmem) {
$curmem = trim($curmem);
if ($curmem != '') {
$context['recipients']['emails'][$curmem] = $curmem;
}
}
}
// If we're only cleaning drop out here.
if ($clean_only) {
return;
}
// Some functions we will need
require_once SUBSDIR . '/Mail.subs.php';
if ($context['send_pm']) {
require_once SUBSDIR . '/PersonalMessage.subs.php';
}
// We are relying too much on writing to superglobals...
$base_subject = !empty($_POST['subject']) ? $_POST['subject'] : '';
$base_message = !empty($_POST['message']) ? $_POST['message'] : '';
// Save the message and its subject in $context
$context['subject'] = htmlspecialchars($base_subject, ENT_COMPAT, 'UTF-8');
$context['message'] = htmlspecialchars($base_message, ENT_COMPAT, 'UTF-8');
// Prepare the message for sending it as HTML
if (!$context['send_pm'] && !empty($_POST['send_html'])) {
// Prepare the message for HTML.
if (!empty($_POST['parse_html'])) {
$base_message = str_replace(array("\n", ' '), array('<br />' . "\n", ' '), $base_message);
}
// This is here to prevent spam filters from tagging this as spam.
if (preg_match('~\\<html~i', $base_message) == 0) {
if (preg_match('~\\<body~i', $base_message) == 0) {
$base_message = '<html><head><title>' . $base_subject . '</title></head>' . "\n" . '<body>' . $base_message . '</body></html>';
} else {
$base_message = '<html>' . $base_message . '</html>';
}
}
}
if (empty($base_message) || empty($base_subject)) {
$context['preview'] = true;
return $this->action_mailingcompose();
}
// Use the default time format.
$user_info['time_format'] = $modSettings['time_format'];
$variables = array('{$board_url}', '{$current_time}', '{$latest_member.link}', '{$latest_member.id}', '{$latest_member.name}');
// We might need this in a bit
$cleanLatestMember = empty($_POST['send_html']) || $context['send_pm'] ? un_htmlspecialchars($modSettings['latestRealName']) : $modSettings['latestRealName'];
// Replace in all the standard things.
$base_message = str_replace($variables, array(!empty($_POST['send_html']) ? '<a href="' . $scripturl . '">' . $scripturl . '</a>' : $scripturl, standardTime(forum_time(), false), !empty($_POST['send_html']) ? '<a href="' . $scripturl . '?action=profile;u=' . $modSettings['latestMember'] . '">' . $cleanLatestMember . '</a>' : ($context['send_pm'] ? '[url=' . $scripturl . '?action=profile;u=' . $modSettings['latestMember'] . ']' . $cleanLatestMember . '[/url]' : $cleanLatestMember), $modSettings['latestMember'], $cleanLatestMember), $base_message);
$base_subject = str_replace($variables, array($scripturl, standardTime(forum_time(), false), $modSettings['latestRealName'], $modSettings['latestMember'], $modSettings['latestRealName']), $base_subject);
$from_member = array('{$member.email}', '{$member.link}', '{$member.id}', '{$member.name}');
// If we still have emails, do them first!
$i = 0;
foreach ($context['recipients']['emails'] as $k => $email) {
// Done as many as we can?
if ($i >= $num_at_once) {
break;
}
// Don't sent it twice!
unset($context['recipients']['emails'][$k]);
// Dammit - can't PM emails!
if ($context['send_pm']) {
continue;
}
$to_member = array($email, !empty($_POST['send_html']) ? '<a href="mailto:' . $email . '">' . $email . '</a>' : $email, '??', $email);
sendmail($email, str_replace($from_member, $to_member, $base_subject), str_replace($from_member, $to_member, $base_message), null, null, !empty($_POST['send_html']), 5);
// Done another...
$i++;
}
// Got some more to send this batch?
$last_id_member = 0;
if ($i < $num_at_once) {
// Need to build quite a query!
$sendQuery = '(';
$sendParams = array();
if (!empty($context['recipients']['groups'])) {
// Take the long route...
$queryBuild = array();
foreach ($context['recipients']['groups'] as $group) {
$sendParams['group_' . $group] = $group;
$queryBuild[] = 'mem.id_group = {int:group_' . $group . '}';
if (!empty($group)) {
$queryBuild[] = 'FIND_IN_SET({int:group_' . $group . '}, mem.additional_groups) != 0';
$queryBuild[] = 'mem.id_post_group = {int:group_' . $group . '}';
}
}
if (!empty($queryBuild)) {
$sendQuery .= implode(' OR ', $queryBuild);
}
}
if (!empty($context['recipients']['members'])) {
$sendQuery .= ($sendQuery == '(' ? '' : ' OR ') . 'mem.id_member IN ({array_int:members})';
$sendParams['members'] = $context['recipients']['members'];
}
$sendQuery .= ')';
// If we've not got a query then we must be done!
if ($sendQuery == '()') {
redirectexit('action=admin');
}
// Anything to exclude?
if (!empty($context['recipients']['exclude_groups']) && in_array(0, $context['recipients']['exclude_groups'])) {
$sendQuery .= ' AND mem.id_group != {int:regular_group}';
}
if (!empty($context['recipients']['exclude_members'])) {
$sendQuery .= ' AND mem.id_member NOT IN ({array_int:exclude_members})';
$sendParams['exclude_members'] = $context['recipients']['exclude_members'];
}
// Force them to have it?
if (empty($context['email_force'])) {
$sendQuery .= ' AND mem.notify_announcements = {int:notify_announcements}';
}
require_once SUBSDIR . '/News.subs.php';
// Get the smelly people - note we respect the id_member range as it gives us a quicker query.
$recipients = getNewsletterRecipients($sendQuery, $sendParams, $context['start'], $num_at_once, $i);
foreach ($recipients as $row) {
$last_id_member = $row['id_member'];
// What groups are we looking at here?
if (empty($row['additional_groups'])) {
$groups = array($row['id_group'], $row['id_post_group']);
} else {
$groups = array_merge(array($row['id_group'], $row['id_post_group']), explode(',', $row['additional_groups']));
}
// Excluded groups?
if (array_intersect($groups, $context['recipients']['exclude_groups'])) {
continue;
}
// We might need this
$cleanMemberName = empty($_POST['send_html']) || $context['send_pm'] ? un_htmlspecialchars($row['real_name']) : $row['real_name'];
// Replace the member-dependant variables
$message = str_replace($from_member, array($row['email_address'], !empty($_POST['send_html']) ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $cleanMemberName . '</a>' : ($context['send_pm'] ? '[url=' . $scripturl . '?action=profile;u=' . $row['id_member'] . ']' . $cleanMemberName . '[/url]' : $cleanMemberName), $row['id_member'], $cleanMemberName), $base_message);
$subject = str_replace($from_member, array($row['email_address'], $row['real_name'], $row['id_member'], $row['real_name']), $base_subject);
// Send the actual email - or a PM!
if (!$context['send_pm']) {
sendmail($row['email_address'], $subject, $message, null, null, !empty($_POST['send_html']), 5);
} else {
sendpm(array('to' => array($row['id_member']), 'bcc' => array()), $subject, $message);
}
}
}
// If used our batch assume we still have a member.
if ($i >= $num_at_once) {
$last_id_member = $context['start'];
} elseif (empty($last_id_member) && $context['start'] + $num_at_once < $context['max_id_member']) {
$last_id_member = $context['start'] + $num_at_once;
} elseif (empty($last_id_member) && empty($context['recipients']['emails'])) {
// Log this into the admin log.
logAction('newsletter', array(), 'admin');
redirectexit('action=admin;area=news;sa=mailingsend;success');
}
$context['start'] = $last_id_member;
// Working out progress is a black art of sorts.
$percentEmails = $context['total_emails'] == 0 ? 0 : count($context['recipients']['emails']) / $context['total_emails'] * ($context['total_emails'] / ($context['total_emails'] + $context['max_id_member']));
$percentMembers = $context['start'] / $context['max_id_member'] * ($context['max_id_member'] / ($context['total_emails'] + $context['max_id_member']));
$context['percentage_done'] = round(($percentEmails + $percentMembers) * 100, 2);
$context['page_title'] = $txt['admin_newsletters'];
$context['sub_template'] = 'email_members_send';
}
exit;
} elseif (hasPermission($_SESSION['id'], 'Admin') == false) {
echo "<p class='error_message'>Você não possui privilégios para acessar esta área.</p>";
exit;
}
/*
Verifica se a configuração de log está ligada ou desligada. Se estiver ligada, ele irá fazer uso da
função logAction.
*/
$c = new conexao();
$c->set_charset('utf8');
$q = "SELECT * FROM configuracoes WHERE opcao = 'log';";
$r = $c->query($q);
$log = $r->fetch_object();
if ($log->valor == 'ligado') {
logAction($_SESSION['id'], $_SERVER['REQUEST_URI'], var_export($_POST, true), var_export($_GET, true));
}
?>
<div id="header">
<h1>HSTOCK - Módulo Administrador</h1>
</div>
<div id="menu">
<?php
require_once 'menu.php';
?>
</div>
<div id="content">
<p>Seja bem-vindo(a), <?php
echo $_SESSION['nome'];
}
}
}
if ($err) {
Alert($err);
} else {
$newsalt = Shake();
$sha = doHash($_POST['pass'] . $salt . $newsalt);
$sex = validateSex($_POST["sex"]);
$rUsers = Query("insert into {users} (name, password, pss, regdate, lastactivity, lastip, email, sex, theme) values ({0}, {1}, {2}, {3}, {3}, {4}, {5}, {6}, {7})", $_POST['name'], $sha, $newsalt, time(), $_SERVER['REMOTE_ADDR'], $_POST['email'], $sex, Settings::get("defaultTheme"));
$uid = insertId();
if ($uid == 1) {
Query("update {users} set powerlevel = 4 where id = 1");
}
recalculateKarma($uid);
logAction('register', array('user' => $uid));
$user = Fetch(Query("select * from {users} where id={0}", $uid));
$user["rawpass"] = $_POST["pass"];
$bucket = "newuser";
include "lib/pluginloader.php";
$sessionID = Shake();
setcookie("logsession", $sessionID, 0, $boardroot, "", false, true);
Query("INSERT INTO {sessions} (id, user, autoexpire) VALUES ({0}, {1}, {2})", doHash($sessionID . $salt), $user["id"], 0);
redirectAction("board");
}
}
$sexes = array(__("Male"), __("Female"), __("N/A"));
$name = "";
if (isset($_POST["name"])) {
$name = htmlspecialchars($_POST["name"]);
}
$name = clean($_POST['name'], "string");
$usegsq = clean($_POST['usegsq'], "int");
if ($_POST['usegsq'] == 1) {
$sq_ip = encrypt(clean($_POST['sq_ip'], "string"));
$sq_port = encrypt(clean($_POST['sq_port'], "string"));
$rcon_pass = encrypt(clean($_POST['rcon_pass'], "string"));
$sql = "UPDATE `servers` SET `name`= '" . $name . "',`type`= '" . $type . "',`use_sq`= '" . $usegsq . "',`sq_port`= '" . $sq_port . "',`sq_ip`= '" . $sq_ip . "',`rcon_pass`= '" . $rcon_pass . "' WHERE `dbid`='" . $id . "';";
} else {
$sql = "UPDATE `servers` SET `name`= '" . $name . "',`type`= '" . $type . "',`use_sq`= '" . $usegsq . "' WHERE `dbid`='" . $id . "';";
}
$result_of_query = $db_connection->query($sql);
} else {
message($lang['expired']);
}
} else {
logAction($_SESSION['user_name'], $lang['failedUpdate'] . ' ' . $lang['gsq'], 3);
}
}
}
$sql = "SELECT * FROM `servers` WHERE `dbid`='" . $id . "';";
$result_of_query = $db_connection->query($sql);
if ($result_of_query->num_rows == 1) {
$server = $result_of_query->fetch_object();
$sql = "SELECT `sql_host`,`dbid`,`sql_name`,`sql_pass`,`sql_user` FROM `db` WHERE `dbid`='" . $id . "';";
$result = $db_connection->query($sql);
if ($result->num_rows == 1) {
$db = $result->fetch_object();
?>
<div class="row">
<div class="col-lg-8">
<h1 class="page-header">
function PackageInstall()
{
global $boarddir, $txt, $context, $boardurl, $scripturl, $sourcedir, $modSettings;
global $user_info, $smcFunc;
// Make sure we don't install this mod twice.
checkSubmitOnce('check');
checkSession();
// If there's no file, what are we installing?
if (!isset($_REQUEST['package']) || $_REQUEST['package'] == '') {
redirectexit('action=admin;area=packages');
}
$context['filename'] = $_REQUEST['package'];
// If this is an uninstall, we'll have an id.
$context['install_id'] = isset($_REQUEST['pid']) ? (int) $_REQUEST['pid'] : 0;
require_once $sourcedir . '/lib/Subs-Package.php';
// !!! TODO: Perhaps do it in steps, if necessary?
$context['uninstalling'] = $_REQUEST['sa'] == 'uninstall2';
// Set up the linktree for other.
$context['linktree'][count($context['linktree']) - 1] = array('url' => $scripturl . '?action=admin;area=packages;sa=browse', 'name' => $context['uninstalling'] ? $txt['uninstall'] : $txt['extracting']);
$context['page_title'] .= ' - ' . ($context['uninstalling'] ? $txt['uninstall'] : $txt['extracting']);
$context['sub_template'] = 'extract_package';
if (!file_exists($boarddir . '/Packages/' . $context['filename'])) {
fatal_lang_error('package_no_file', false);
}
// Load up the package FTP information?
create_chmod_control(array(), array('destination_url' => $scripturl . '?action=admin;area=packages;sa=' . $_REQUEST['sa'] . ';package=' . $_REQUEST['package']));
// Make sure temp directory exists and is empty!
if (file_exists($boarddir . '/Packages/temp')) {
deltree($boarddir . '/Packages/temp', false);
} else {
mktree($boarddir . '/Packages/temp', 0777);
}
// Let the unpacker do the work.
if (is_file($boarddir . '/Packages/' . $context['filename'])) {
$context['extracted_files'] = read_tgz_file($boarddir . '/Packages/' . $context['filename'], $boarddir . '/Packages/temp');
if (!file_exists($boarddir . '/Packages/temp/package-info.xml')) {
foreach ($context['extracted_files'] as $file) {
if (basename($file['filename']) == 'package-info.xml') {
$context['base_path'] = dirname($file['filename']) . '/';
break;
}
}
}
if (!isset($context['base_path'])) {
$context['base_path'] = '';
}
} elseif (is_dir($boarddir . '/Packages/' . $context['filename'])) {
copytree($boarddir . '/Packages/' . $context['filename'], $boarddir . '/Packages/temp');
$context['extracted_files'] = listtree($boarddir . '/Packages/temp');
$context['base_path'] = '';
} else {
fatal_lang_error('no_access', false);
}
// Are we installing this into any custom themes?
$custom_themes = array(1);
$known_themes = explode(',', $modSettings['knownThemes']);
if (!empty($_POST['custom_theme'])) {
foreach ($_POST['custom_theme'] as $tid) {
if (in_array($tid, $known_themes)) {
$custom_themes[] = (int) $tid;
}
}
}
// Now load up the paths of the themes that we need to know about.
$request = smf_db_query('
SELECT id_theme, variable, value
FROM {db_prefix}themes
WHERE id_theme IN ({array_int:custom_themes})
AND variable IN ({string:name}, {string:theme_dir})', array('custom_themes' => $custom_themes, 'name' => 'name', 'theme_dir' => 'theme_dir'));
$theme_paths = array();
$themes_installed = array(1);
while ($row = mysql_fetch_assoc($request)) {
$theme_paths[$row['id_theme']][$row['variable']] = $row['value'];
}
mysql_free_result($request);
// Are there any theme copying that we want to take place?
$context['theme_copies'] = array('require-file' => array(), 'require-dir' => array());
if (!empty($_POST['theme_changes'])) {
foreach ($_POST['theme_changes'] as $change) {
if (empty($change)) {
continue;
}
$theme_data = unserialize(base64_decode($change));
if (empty($theme_data['type'])) {
continue;
}
$themes_installed[] = $theme_data['id'];
$context['theme_copies'][$theme_data['type']][$theme_data['orig']][] = $theme_data['future'];
}
}
// Get the package info...
$packageInfo = getPackageInfo($context['filename']);
if (!is_array($packageInfo)) {
fatal_lang_error($packageInfo);
}
$packageInfo['filename'] = $context['filename'];
// Set the type of extraction...
$context['extract_type'] = isset($packageInfo['type']) ? $packageInfo['type'] : 'modification';
// Create a backup file to roll back to! (but if they do this more than once, don't run it a zillion times.)
if (!empty($modSettings['package_make_backups']) && (!isset($_SESSION['last_backup_for']) || $_SESSION['last_backup_for'] != $context['filename'] . ($context['uninstalling'] ? '$$' : '$'))) {
$_SESSION['last_backup_for'] = $context['filename'] . ($context['uninstalling'] ? '$$' : '$');
// !!! Internationalize this?
package_create_backup(($context['uninstalling'] ? 'backup_' : 'before_') . strtok($context['filename'], '.'));
}
// The mod isn't installed.... unless proven otherwise.
$context['is_installed'] = false;
// Is it actually installed?
$request = smf_db_query('
SELECT version, themes_installed, db_changes
FROM {db_prefix}log_packages
WHERE package_id = {string:current_package}
AND install_state != {int:not_installed}
ORDER BY time_installed DESC
LIMIT 1', array('not_installed' => 0, 'current_package' => $packageInfo['id']));
while ($row = mysql_fetch_assoc($request)) {
$old_themes = explode(',', $row['themes_installed']);
$old_version = $row['version'];
$db_changes = empty($row['db_changes']) ? array() : unserialize($row['db_changes']);
}
mysql_free_result($request);
// Wait, it's not installed yet!
// !!! TODO: Replace with a better error message!
if (!isset($old_version) && $context['uninstalling']) {
deltree($boarddir . '/Packages/temp');
fatal_error('Hacker?', false);
} elseif ($context['uninstalling']) {
$install_log = parsePackageInfo($packageInfo['xml'], false, 'uninstall');
// Gadzooks! There's no uninstaller at all!?
if (empty($install_log)) {
fatal_lang_error('package_uninstall_cannot', false);
}
// They can only uninstall from what it was originally installed into.
foreach ($theme_paths as $id => $data) {
if ($id != 1 && !in_array($id, $old_themes)) {
unset($theme_paths[$id]);
}
}
} elseif (isset($old_version) && $old_version != $packageInfo['version']) {
// Look for an upgrade...
$install_log = parsePackageInfo($packageInfo['xml'], false, 'upgrade', $old_version);
// There was no upgrade....
if (empty($install_log)) {
$context['is_installed'] = true;
} else {
// Upgrade previous themes only!
foreach ($theme_paths as $id => $data) {
if ($id != 1 && !in_array($id, $old_themes)) {
unset($theme_paths[$id]);
}
}
}
} elseif (isset($old_version) && $old_version == $packageInfo['version']) {
$context['is_installed'] = true;
}
if (!isset($old_version) || $context['is_installed']) {
$install_log = parsePackageInfo($packageInfo['xml'], false, 'install');
}
$context['install_finished'] = false;
// !!! TODO: Make a log of any errors that occurred and output them?
if (!empty($install_log)) {
$failed_steps = array();
$failed_count = 0;
foreach ($install_log as $action) {
$failed_count++;
if ($action['type'] == 'modification' && !empty($action['filename'])) {
if ($action['boardmod']) {
$mod_actions = parseBoardMod(file_get_contents($boarddir . '/Packages/temp/' . $context['base_path'] . $action['filename']), false, $action['reverse'], $theme_paths);
} else {
$mod_actions = parseModification(file_get_contents($boarddir . '/Packages/temp/' . $context['base_path'] . $action['filename']), false, $action['reverse'], $theme_paths);
}
// Any errors worth noting?
foreach ($mod_actions as $key => $action) {
if ($action['type'] == 'failure') {
$failed_steps[] = array('file' => $action['filename'], 'large_step' => $failed_count, 'sub_step' => $key, 'theme' => 1);
}
// Gather the themes we installed into.
if (!empty($action['is_custom'])) {
$themes_installed[] = $action['is_custom'];
}
}
} elseif ($action['type'] == 'code' && !empty($action['filename'])) {
// This is just here as reference for what is available.
global $txt, $boarddir, $sourcedir, $modSettings, $context, $settings, $forum_version, $smcFunc;
// Now include the file and be done with it ;).
require $boarddir . '/Packages/temp/' . $context['base_path'] . $action['filename'];
} elseif ($action['type'] == 'database' && !empty($action['filename']) && (!$context['uninstalling'] || !empty($_POST['do_db_changes']))) {
// These can also be there for database changes.
global $txt, $boarddir, $sourcedir, $modSettings, $context, $settings, $forum_version, $smcFunc;
global $db_package_log;
// We'll likely want the package specific database functionality!
db_extend('packages');
// Let the file work its magic ;)
require $boarddir . '/Packages/temp/' . $context['base_path'] . $action['filename'];
} elseif ($action['type'] == 'redirect' && !empty($action['redirect_url'])) {
$context['redirect_url'] = $action['redirect_url'];
$context['redirect_text'] = !empty($action['filename']) && file_exists($boarddir . '/Packages/temp/' . $context['base_path'] . $action['filename']) ? file_get_contents($boarddir . '/Packages/temp/' . $context['base_path'] . $action['filename']) : ($context['uninstalling'] ? $txt['package_uninstall_done'] : $txt['package_installed_done']);
$context['redirect_timeout'] = $action['redirect_timeout'];
// Parse out a couple of common urls.
$urls = array('$boardurl' => $boardurl, '$scripturl' => $scripturl, '$session_var' => $context['session_var'], '$session_id' => $context['session_id']);
$context['redirect_url'] = strtr($context['redirect_url'], $urls);
}
}
package_flush_cache();
// First, ensure this change doesn't get removed by putting a stake in the ground (So to speak).
package_put_contents($boarddir . '/Packages/installed.list', time());
// See if this is already installed, and change it's state as required.
$request = smf_db_query('
SELECT package_id, install_state, db_changes
FROM {db_prefix}log_packages
WHERE install_state != {int:not_installed}
AND package_id = {string:current_package}
' . ($context['install_id'] ? ' AND id_install = {int:install_id} ' : '') . '
ORDER BY time_installed DESC
LIMIT 1', array('not_installed' => 0, 'install_id' => $context['install_id'], 'current_package' => $packageInfo['id']));
$is_upgrade = false;
while ($row = mysql_fetch_assoc($request)) {
// Uninstalling?
if ($context['uninstalling']) {
smf_db_query('
UPDATE {db_prefix}log_packages
SET install_state = {int:not_installed}, member_removed = {string:member_name}, id_member_removed = {int:current_member},
time_removed = {int:current_time}
WHERE package_id = {string:package_id}', array('current_member' => $user_info['id'], 'not_installed' => 0, 'current_time' => time(), 'package_id' => $row['package_id'], 'member_name' => $user_info['name']));
} else {
$is_upgrade = true;
$old_db_changes = empty($row['db_changes']) ? array() : unserialize($row['db_changes']);
}
}
// Assuming we're not uninstalling, add the entry.
if (!$context['uninstalling']) {
// Any db changes from older version?
if (!empty($old_db_changes)) {
$db_package_log = empty($db_package_log) ? $old_db_changes : array_merge($old_db_changes, $db_package_log);
}
// If there are some database changes we might want to remove then filter them out.
if (!empty($db_package_log)) {
// We're really just checking for entries which are create table AND add columns (etc).
$tables = array();
function sort_table_first($a, $b)
{
if ($a[0] == $b[0]) {
return 0;
}
return $a[0] == 'remove_table' ? -1 : 1;
}
usort($db_package_log, 'sort_table_first');
foreach ($db_package_log as $k => $log) {
if ($log[0] == 'remove_table') {
$tables[] = $log[1];
} elseif (in_array($log[1], $tables)) {
unset($db_package_log[$k]);
}
}
$db_changes = serialize($db_package_log);
} else {
$db_changes = '';
}
// What themes did we actually install?
$themes_installed = array_unique($themes_installed);
$themes_installed = implode(',', $themes_installed);
// What failed steps?
$failed_step_insert = serialize($failed_steps);
smf_db_insert('', '{db_prefix}log_packages', array('filename' => 'string', 'name' => 'string', 'package_id' => 'string', 'version' => 'string', 'id_member_installed' => 'int', 'member_installed' => 'string', 'time_installed' => 'int', 'install_state' => 'int', 'failed_steps' => 'string', 'themes_installed' => 'string', 'member_removed' => 'int', 'db_changes' => 'string'), array($packageInfo['filename'], $packageInfo['name'], $packageInfo['id'], $packageInfo['version'], $user_info['id'], $user_info['name'], time(), $is_upgrade ? 2 : 1, $failed_step_insert, $themes_installed, 0, $db_changes), array('id_install'));
}
mysql_free_result($request);
$context['install_finished'] = true;
}
// If there's database changes - and they want them removed - let's do it last!
if (!empty($db_changes) && !empty($_POST['do_db_changes'])) {
// We're gonna be needing the package db functions!
db_extend('packages');
foreach ($db_changes as $change) {
if ($change[0] == 'remove_table' && isset($change[1])) {
smf_db_drop_table($change[1]);
} elseif ($change[0] == 'remove_column' && isset($change[2])) {
smf_db_remove_column($change[1], $change[2]);
} elseif ($change[0] == 'remove_index' && isset($change[2])) {
smf_db_remove_index($change[1], $change[2]);
}
}
}
// Clean house... get rid of the evidence ;).
if (file_exists($boarddir . '/Packages/temp')) {
deltree($boarddir . '/Packages/temp');
}
// Log what we just did.
logAction($context['uninstalling'] ? 'uninstall_package' : (!empty($is_upgrade) ? 'upgrade_package' : 'install_package'), array('package' => commonAPI::htmlspecialchars($packageInfo['name']), 'version' => commonAPI::htmlspecialchars($packageInfo['version'])), 'admin');
// Just in case, let's clear the whole cache to avoid anything going up the swanny.
clean_cache();
// Restore file permissions?
create_chmod_control(array(), array(), true);
}
/**
* Edit a 'it bounced' template.
*
* @uses bounce_template sub template
*/
public function action_modify_bounce_templates()
{
global $context, $txt, $user_info;
require_once SUBSDIR . '/Moderation.subs.php';
$context['id_template'] = isset($_REQUEST['tid']) ? (int) $_REQUEST['tid'] : 0;
$context['is_edit'] = (bool) $context['id_template'];
// Standard template things, you know the drill
$context['page_title'] = $context['is_edit'] ? $txt['ml_bounce_template_modify'] : $txt['ml_bounce_template_add'];
$context['sub_template'] = 'bounce_template';
$context[$context['admin_menu_name']]['current_subsection'] = 'templates';
// Defaults to show
$context['template_data'] = array('title' => '', 'body' => $txt['ml_bounce_template_body_default'], 'subject' => $txt['ml_bounce_template_subject_default'], 'personal' => false, 'can_edit_personal' => true);
// If it's an edit load it.
if ($context['is_edit']) {
modLoadTemplate($context['id_template'], 'bnctpl');
}
// Wait, we are saving?
if (isset($_POST['save'])) {
checkSession('post');
validateToken('mod-mlt');
// To check the BBC is good...
require_once SUBSDIR . '/Post.subs.php';
// Bit of cleaning!
$template_body = trim($_POST['template_body']);
$template_title = trim($_POST['template_title']);
// Need something in both boxes.
if (!empty($template_body) && !empty($template_title)) {
// Safety first.
$template_title = Util::htmlspecialchars($template_title);
// Clean up BBC.
preparsecode($template_body);
// But put line breaks back!
$template_body = strtr($template_body, array('<br />' => "\n"));
// Is this personal?
$recipient_id = !empty($_POST['make_personal']) ? $user_info['id'] : 0;
// Updating or adding ?
if ($context['is_edit']) {
// Simple update...
modAddUpdateTemplate($recipient_id, $template_title, $template_body, $context['id_template'], true, 'bnctpl');
// If it wasn't visible and now is they've effectively added it.
if ($context['template_data']['personal'] && !$recipient_id) {
logAction('add_bounce_template', array('template' => $template_title));
} elseif (!$context['template_data']['personal'] && $recipient_id) {
logAction('delete_bounce_template', array('template' => $template_title));
} else {
logAction('modify_bounce_template', array('template' => $template_title));
}
} else {
modAddUpdateTemplate($recipient_id, $template_title, $template_body, $context['id_template'], false, 'bnctpl');
logAction('add_bounce_template', array('template' => $template_title));
}
// Get out of town...
redirectexit('action=admin;area=maillist;sa=emailtemplates');
} else {
$context['warning_errors'] = array();
$context['template_data']['title'] = !empty($template_title) ? $template_title : '';
$context['template_data']['body'] = !empty($template_body) ? $template_body : $txt['ml_bounce_template_body_default'];
$context['template_data']['personal'] = !empty($recipient_id);
if (empty($template_title)) {
$context['warning_errors'][] = $txt['ml_bounce_template_error_no_title'];
}
if (empty($template_body)) {
$context['warning_errors'][] = $txt['ml_bounce_template_error_no_body'];
}
}
}
createToken('mod-mlt');
}
// update user?
if (@$_POST['action'] == 'Submit') {
$id = (int) @$_POST['id'];
$old_id = (int) @$_POST['old_id'];
$name = @$_POST['username'];
$name = mysql_real_escape_string($name);
mysql_select_db('thengamer_userdb');
query("DELETE FROM users WHERE id = {$old_id} LIMIT 1");
$rs = query("SELECT COUNT(*) FROM users WHERE id = {$id}");
list($num) = mysql_fetch_row($rs);
if ($num) {
query("UPDATE users SET id = {$id}, name = '{$name}' WHERE id = {$old_id} LIMIT 1");
logAction("updated user {$id} with username \"{$name}\" and old id {$old_id}");
} else {
query("INSERT INTO users (id, name) VALUES ({$id},'{$name}')");
logAction("inserted user {$id} with username \"{$name}\"");
}
mysql_select_db('thengamer_forum');
$message = "<p>User added/edited.</p>";
}
writeHead('GFuserDB Moderation');
if (@$_POST['action'] == 'Next...') {
$id = (int) @$_POST['user'];
mysql_select_db('thengamer_userdb');
$rs = query("SELECT name FROM users WHERE id = {$id}");
list($username) = @mysql_fetch_row($rs);
mysql_select_db('thengamer_forum');
$username = htmlspecialchars($username);
echo <<<ADDEDIT
<h3>Add/edit a user</h3>
if ($_POST['stick']) {
$mod .= ", sticky = 1";
} else {
if ($_POST['unstick']) {
$mod .= ", sticky = 0";
}
}
}
$now = time();
$rUsers = Query("update {users} set posts=posts+1, lastposttime={0} where id={1} limit 1", time(), $loguserid);
$rPosts = Query("insert into {posts} (thread, user, date, ip, num, options, mood) values ({0},{1},{2},{3},{4}, {5}, {6})", $tid, $loguserid, $now, $_SERVER['REMOTE_ADDR'], $loguser['posts'] + 1, $options, (int) $_POST['mood']);
$pid = InsertId();
$rPostsText = Query("insert into {posts_text} (pid,text,revision,user,date) values ({0}, {1}, {2}, {3}, {4})", $pid, $post, 0, $loguserid, time());
$rFora = Query("update {forums} set numposts=numposts+1, lastpostdate={0}, lastpostuser={1}, lastpostid={2} where id={3} limit 1", $now, $loguserid, $pid, $fid);
$rThreads = Query("update {threads} set lastposter={0}, lastpostdate={1}, replies=replies+1, lastpostid={2}" . $mod . " where id={3} limit 1", $loguserid, $now, $pid, $tid);
logAction('newreply', array('forum' => $fid, 'thread' => $tid, 'post' => $pid));
$bucket = "newreply";
include "lib/pluginloader.php";
redirectAction("post", $pid);
}
}
}
$prefill = htmlspecialchars($_POST['text']);
if ($_GET['link']) {
$prefill = ">>" . (int) $_GET['link'] . "\r\n\r\n";
} else {
if ($_GET['quote']) {
$rQuote = Query("\tselect\n\t\t\t\t\tp.id, p.deleted, pt.text,\n\t\t\t\t\tf.minpower,\n\t\t\t\t\tu.name poster\n\t\t\t\tfrom {posts} p\n\t\t\t\t\tleft join {posts_text} pt on pt.pid = p.id and pt.revision = p.currentrevision\n\t\t\t\t\tleft join {threads} t on t.id=p.thread\n\t\t\t\t\tleft join {forums} f on f.id=t.forum\n\t\t\t\t\tleft join {users} u on u.id=p.user\n\t\t\t\twhere p.id={0}", (int) $_GET['quote']);
if (NumRows($rQuote)) {
$quote = Fetch($rQuote);
//SPY CHECK!
$file = R::load('attachment', $data->fileId);
if ($file->id) {
$filename = $file->name;
$before = $item->export();
unlink('uploads/' . $file->filename);
R::trash($file);
R::store($item);
logAction($actor->username . ' removed attachment ' . $filename . ' from item ' . $item->title, $before, $item, $itemId);
$jsonResponse->addAlert('success', $filename . ' was deleted.');
$jsonResponse->addBeans($item);
}
}
$app->response->setBody($jsonResponse->asJson());
})->conditions(['itemId' => '\\d+']);
// Remove an item.
$app->post('/items/remove', function () use($app, $jsonResponse) {
$data = json_decode($app->environment['slim.input']);
if (validateToken(true)) {
$item = R::load('item', $data->itemId);
if ($item->id) {
$before = $item->export();
R::trash($item);
renumberItems($item->lane_id, $item->position);
$actor = getUser();
logAction($actor->username . ' removed item ' . $item->title, $before, null, $data->itemId);
$jsonResponse->addAlert('success', $item->title . ' was deleted.');
$jsonResponse->addBeans(getBoards());
}
}
$app->response->setBody($jsonResponse->asJson());
});
<?php
$max = ' LIMIT ' . ($pageNum - 1) * $_SESSION['items'] . ',' . $_SESSION['items'];
if (isset($search)) {
logAction($_SESSION['user_name'], $lang['searched'] . ' (' . $search . ') ' . $lang['in'] . ' ' . $lang['staff'], 3);
$sql = "SELECT * FROM `users` WHERE `user_name` LIKE '" . $search . "' OR `user_email` LIKE '" . $search . "' OR `user_id` LIKE '" . $search . "' OR `playerid` LIKE '" . $search . "';";
$result_of_query = $db_connection->query($sql);
$total_records = mysqli_num_rows($result_of_query);
$sql = "SELECT * FROM `users` WHERE `user_name` LIKE '" . $search . "' OR `user_email` LIKE '" . $search . "' OR `user_id` LIKE '" . $search . "' OR `playerid` LIKE '" . $search . "'" . $max . " ;";
} else {
$sql = "SELECT count(`user_id`) FROM `users`;";
$total_records = $db_connection->query($sql);
$sql = "SELECT * FROM `users` " . $max . " ;";
}
?>
<div class="row">
<div class="col-lg-12">
<h1 class="page-header">
<?php
echo $lang['staff'];
?>
<small><?php
echo " " . $lang['overview'];
?>
</small>
</h1>
</div>
<div class="col-md-12">
<div class="content-panel">
<h4>
function ReattributePost()
{
global $topic, $smcFunc, $modSettings, $user_info, $board_info;
// 1. Session check, quick and easy to get out the way before we forget.
checkSession('get');
// 2. Check this is an 'in character' board. We don't want this working outside.
if (!$board_info['in_character']) {
fatal_lang_error('no_access', false);
}
// 3. Get the message id and verify that it exists inside the topic in question.
$msg = isset($_GET['msg']) ? (int) $_GET['msg'] : 0;
$result = $smcFunc['db_query']('', '
SELECT t.id_topic, t.locked, t.id_member_started, m.id_member AS id_member_posted,
m.id_character, c.character_name AS old_character
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (m.id_topic = t.id_topic)
INNER JOIN {db_prefix}characters AS c ON (m.id_character = c.id_character)
WHERE m.id_msg = {int:msg}', ['msg' => $msg]);
// 3a. Doesn't exist?
if ($smcFunc['db_num_rows']($result) == 0) {
fatal_lang_error('no_access', false);
}
$row = $smcFunc['db_fetch_assoc']($result);
$smcFunc['db_free_result']($result);
// 3b. Not the topic we thought it was?
if ($row['id_topic'] != $topic) {
fatal_lang_error('no_access', false);
}
// 4. Verify we have permission. We loaded $topic's board's permissions earlier.
// Now verify that we have the relevant powers.
$is_poster = $user_info['id'] == $row['id_member_posted'];
$is_topic_starter = $user_info['id'] == $row['id_member_started'];
$can_modify = (!$row['locked'] || allowedTo('moderate_board')) && (allowedTo('modify_any') || allowedTo('modify_replies') && $is_topic_starter || allowedTo('modify_own') && $is_poster);
if (!$can_modify) {
fatal_lang_error('no_access', false);
}
// 4. Verify that the requested character belongs to the person we're changing to.
$character = isset($_GET['char']) ? (int) $_GET['char'] : 0;
$result = $smcFunc['db_query']('', '
SELECT character_name
FROM {db_prefix}characters
WHERE id_character = {int:char}
AND id_member = {int:member}
AND is_main = 0', ['char' => $character, 'member' => $row['id_member_posted']]);
$owned_char = false;
if ($smcFunc['db_num_rows']($result)) {
list($owned_char) = $smcFunc['db_fetch_row']($result);
}
$smcFunc['db_free_result']($result);
if (empty($owned_char)) {
fatal_lang_error('no_access', false);
}
// 5. So we've verified the topic matches the message, the user has power
// to edit the message, and the message owner's new character exists.
// Time to reattribute the message!
$smcFunc['db_query']('', '
UPDATE {db_prefix}messages
SET id_character = {int:char}
WHERE id_msg = {int:msg}', ['char' => $character, 'msg' => $msg]);
// 6. Having reattributed the post, now let's also fix the post count.
// If we're supposed to, that is.
if ($board_info['posts_count']) {
// Subtract one from the post count of the current owner.
$smcFunc['db_query']('', '
UPDATE {db_prefix}characters
SET posts = (CASE WHEN posts <= 1 THEN 0 ELSE posts - 1 END)
WHERE id_character = {int:char}', ['char' => $row['id_character']]);
// Add one to the new owner.
$smcFunc['db_query']('', '
UPDATE {db_prefix}characters
SET posts = posts + 1
WHERE id_character = {int:char}', ['char' => $character]);
}
// 7. Add it to the moderation log.
logAction('char_reattribute', ['member' => $row['id_member_posted'], 'old_character' => $row['old_character'], 'new_character' => $owned_char, 'message' => $msg], 'moderate');
// 8. All done. Exit back to the post.
redirectexit('topic=' . $topic . '.msg' . $msg . '#msg' . $msg);
}
function Sticky()
{
global $modSettings, $topic, $board, $sourcedir;
// Make sure the user can sticky it, and they are stickying *something*.
isAllowedTo('make_sticky');
// You shouldn't be able to (un)sticky a topic if the setting is disabled.
if (empty($modSettings['enableStickyTopics'])) {
fatal_lang_error('cannot_make_sticky', false);
}
// You can't sticky a board or something!
if (empty($topic)) {
fatal_lang_error('not_a_topic', false);
}
checkSession('get');
// We need Subs-Post.php for the sendNotifications() function.
require_once $sourcedir . '/lib/Subs-Post.php';
// Is this topic already stickied, or no?
$request = smf_db_query('
SELECT is_sticky
FROM {db_prefix}topics
WHERE id_topic = {int:current_topic}
LIMIT 1', array('current_topic' => $topic));
list($is_sticky) = mysql_fetch_row($request);
mysql_free_result($request);
// Toggle the sticky value.... pretty simple ;).
smf_db_query('
UPDATE {db_prefix}topics
SET is_sticky = {int:is_sticky}
WHERE id_topic = {int:current_topic}', array('current_topic' => $topic, 'is_sticky' => empty($is_sticky) ? 1 : 0));
// Log this sticky action - always a moderator thing.
logAction(empty($is_sticky) ? 'sticky' : 'unsticky', array('topic' => $topic, 'board' => $board));
// Notify people that this topic has been stickied?
if (empty($is_sticky)) {
sendNotifications($topic, 'sticky');
}
// Take them back to the now stickied topic.
redirectexit('topic=' . $topic . '.' . $_REQUEST['start']);
}
$page = "views/core/curPlayers.php";
} else {
$err = errorMessage(8, $lang);
$page = "views/templates/error.php";
}
}
} elseif ($currentPage == 'servers') {
if ($_SESSION['permissions']['super_admin']) {
logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
$page = "views/core/servers.php";
}
} elseif ($currentPage == 'editserver') {
if ($_SESSION['permissions']['super_admin']) {
if ($query) {
$id = $url['path'][$settings['base'] + 1];
logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
$page = "views/core/editServer.php";
} else {
$err = errorMessage(8, $lang);
$page = "views/templates/error.php";
}
} else {
$err = errorMessage(5, $lang);
$page = "views/templates/error.php";
}
}
foreach ($settings['plugins'] as &$plugin) {
if (file_exists("plugins/" . $plugin . "/pageRules.php")) {
include "plugins/" . $plugin . "/pageRules.php";
}
}
function MergeExecute($topics = array())
{
global $db_prefix, $user_info, $txt, $context, $scripturl, $sourcedir;
global $func, $language, $modSettings;
// The parameters of MergeExecute were set, so this must've been an internal call.
if (!empty($topics)) {
isAllowedTo('merge_any');
loadTemplate('SplitTopics');
}
checkSession('request');
// Handle URLs from MergeIndex.
if (!empty($_GET['from']) && !empty($_GET['to'])) {
$topics = array((int) $_GET['from'], (int) $_GET['to']);
}
// If we came from a form, the topic IDs came by post.
if (!empty($_POST['topics']) && is_array($_POST['topics'])) {
$topics = $_POST['topics'];
}
// There's nothing to merge with just one topic...
if (empty($topics) || !is_array($topics) || count($topics) == 1) {
fatal_lang_error('merge_need_more_topics');
}
// Make sure every topic is numeric, or some nasty things could be done with the DB.
foreach ($topics as $id => $topic) {
$topics[$id] = (int) $topic;
}
// Get info about the topics and polls that will be merged.
$request = db_query("\n\t\tSELECT\n\t\t\tt.ID_TOPIC, t.ID_BOARD, t.ID_POLL, t.numViews, t.isSticky,\n\t\t\tm1.subject, m1.posterTime AS time_started, IFNULL(mem1.ID_MEMBER, 0) AS ID_MEMBER_STARTED, IFNULL(mem1.realName, m1.posterName) AS name_started,\n\t\t\tm2.posterTime AS time_updated, IFNULL(mem2.ID_MEMBER, 0) AS ID_MEMBER_UPDATED, IFNULL(mem2.realName, m2.posterName) AS name_updated\n\t\tFROM ({$db_prefix}topics AS t, {$db_prefix}messages AS m1, {$db_prefix}messages AS m2)\n\t\t\tLEFT JOIN {$db_prefix}members AS mem1 ON (mem1.ID_MEMBER = m1.ID_MEMBER)\n\t\t\tLEFT JOIN {$db_prefix}members AS mem2 ON (mem2.ID_MEMBER = m2.ID_MEMBER)\n\t\tWHERE t.ID_TOPIC IN (" . implode(', ', $topics) . ")\n\t\t\tAND m1.ID_MSG = t.ID_FIRST_MSG\n\t\t\tAND m2.ID_MSG = t.ID_LAST_MSG\n\t\tORDER BY t.ID_FIRST_MSG\n\t\tLIMIT " . count($topics), __FILE__, __LINE__);
if (mysql_num_rows($request) < 2) {
fatal_lang_error('smf263');
}
$num_views = 0;
$isSticky = 0;
$boards = array();
$polls = array();
while ($row = mysql_fetch_assoc($request)) {
$topic_data[$row['ID_TOPIC']] = array('id' => $row['ID_TOPIC'], 'board' => $row['ID_BOARD'], 'poll' => $row['ID_POLL'], 'numViews' => $row['numViews'], 'subject' => $row['subject'], 'started' => array('time' => timeformat($row['time_started']), 'timestamp' => forum_time(true, $row['time_started']), 'href' => empty($row['ID_MEMBER_STARTED']) ? '' : $scripturl . '?action=profile;u=' . $row['ID_MEMBER_STARTED'], 'link' => empty($row['ID_MEMBER_STARTED']) ? $row['name_started'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['ID_MEMBER_STARTED'] . '">' . $row['name_started'] . '</a>'), 'updated' => array('time' => timeformat($row['time_updated']), 'timestamp' => forum_time(true, $row['time_updated']), 'href' => empty($row['ID_MEMBER_UPDATED']) ? '' : $scripturl . '?action=profile;u=' . $row['ID_MEMBER_UPDATED'], 'link' => empty($row['ID_MEMBER_UPDATED']) ? $row['name_updated'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['ID_MEMBER_UPDATED'] . '">' . $row['name_updated'] . '</a>'));
$num_views += $row['numViews'];
$boards[] = $row['ID_BOARD'];
// If there's no poll, ID_POLL == 0...
if ($row['ID_POLL'] > 0) {
$polls[] = $row['ID_POLL'];
}
// Store the ID_TOPIC with the lowest ID_FIRST_MSG.
if (empty($firstTopic)) {
$firstTopic = $row['ID_TOPIC'];
}
$isSticky = max($isSticky, $row['isSticky']);
}
mysql_free_result($request);
$boards = array_values(array_unique($boards));
// Get the boards a user is allowed to merge in.
$merge_boards = boardsAllowedTo('merge_any');
if (empty($merge_boards)) {
fatal_lang_error('cannot_merge_any');
}
// Make sure they can see all boards....
$request = db_query("\n\t\tSELECT b.ID_BOARD\n\t\tFROM {$db_prefix}boards AS b\n\t\tWHERE b.ID_BOARD IN (" . implode(', ', $boards) . ")\n\t\t\tAND {$user_info['query_see_board']}" . (!in_array(0, $merge_boards) ? "\n\t\t\tAND b.ID_BOARD IN (" . implode(', ', $merge_boards) . ")" : '') . "\n\t\tLIMIT " . count($boards), __FILE__, __LINE__);
// If the number of boards that's in the output isn't exactly the same as we've put in there, you're in trouble.
if (mysql_num_rows($request) != count($boards)) {
fatal_lang_error('smf232');
}
mysql_free_result($request);
if (empty($_REQUEST['sa']) || $_REQUEST['sa'] == 'options') {
if (count($polls) > 1) {
$request = db_query("\n\t\t\t\tSELECT t.ID_TOPIC, t.ID_POLL, m.subject, p.question\n\t\t\t\tFROM ({$db_prefix}polls AS p, {$db_prefix}topics AS t, {$db_prefix}messages AS m)\n\t\t\t\tWHERE p.ID_POLL IN (" . implode(', ', $polls) . ")\n\t\t\t\t\tAND t.ID_POLL = p.ID_POLL\n\t\t\t\t\tAND m.ID_MSG = t.ID_FIRST_MSG\n\t\t\t\tLIMIT " . count($polls), __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($request)) {
$context['polls'][] = array('id' => $row['ID_POLL'], 'topic' => array('id' => $row['ID_TOPIC'], 'subject' => $row['subject']), 'question' => $row['question'], 'selected' => $row['ID_TOPIC'] == $firstTopic);
}
mysql_free_result($request);
}
if (count($boards) > 1) {
$request = db_query("\n\t\t\t\tSELECT ID_BOARD, name\n\t\t\t\tFROM {$db_prefix}boards\n\t\t\t\tWHERE ID_BOARD IN (" . implode(', ', $boards) . ")\n\t\t\t\tORDER BY name\n\t\t\t\tLIMIT " . count($boards), __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($request)) {
$context['boards'][] = array('id' => $row['ID_BOARD'], 'name' => $row['name'], 'selected' => $row['ID_BOARD'] == $topic_data[$firstTopic]['board']);
}
mysql_free_result($request);
}
$context['topics'] = $topic_data;
foreach ($topic_data as $id => $topic) {
$context['topics'][$id]['selected'] = $topic['id'] == $firstTopic;
}
$context['page_title'] = $txt['smf252'];
$context['sub_template'] = 'merge_extra_options';
return;
}
// Determine target board.
$target_board = count($boards) > 1 ? (int) $_REQUEST['board'] : $boards[0];
if (!in_array($target_board, $boards)) {
fatal_lang_error('smf232');
}
// Determine which poll will survive and which polls won't.
$target_poll = count($polls) > 1 ? (int) $_POST['poll'] : (count($polls) == 1 ? $polls[0] : 0);
if ($target_poll > 0 && !in_array($target_poll, $polls)) {
fatal_lang_error(1, false);
}
$deleted_polls = empty($target_poll) ? $polls : array_diff($polls, array($target_poll));
// Determine the subject of the newly merged topic - was a custom subject specified?
if (empty($_POST['subject']) && isset($_POST['custom_subject']) && $_POST['custom_subject'] != '') {
$target_subject = $func['htmlspecialchars']($_POST['custom_subject']);
} elseif (!empty($topic_data[(int) $_POST['subject']]['subject'])) {
$target_subject = addslashes($topic_data[(int) $_POST['subject']]['subject']);
} else {
$target_subject = addslashes($topic_data[$firstTopic]['subject']);
}
// Get the first and last message and the number of messages....
$request = db_query("\n\t\tSELECT MIN(ID_MSG), MAX(ID_MSG), COUNT(ID_MSG) - 1\n\t\tFROM {$db_prefix}messages\n\t\tWHERE ID_TOPIC IN (" . implode(', ', $topics) . ")", __FILE__, __LINE__);
list($first_msg, $last_msg, $num_replies) = mysql_fetch_row($request);
mysql_free_result($request);
// Get the member ID of the first and last message.
$request = db_query("\n\t\tSELECT ID_MEMBER\n\t\tFROM {$db_prefix}messages\n\t\tWHERE ID_MSG IN ({$first_msg}, {$last_msg})\n\t\tORDER BY ID_MSG\n\t\tLIMIT 2", __FILE__, __LINE__);
list($member_started) = mysql_fetch_row($request);
list($member_updated) = mysql_fetch_row($request);
mysql_free_result($request);
// Assign the first topic ID to be the merged topic.
$ID_TOPIC = min($topics);
// Delete the remaining topics.
$deleted_topics = array_diff($topics, array($ID_TOPIC));
db_query("\n\t\tDELETE FROM {$db_prefix}topics\n\t\tWHERE ID_TOPIC IN (" . implode(', ', $deleted_topics) . ")\n\t\tLIMIT " . count($deleted_topics), __FILE__, __LINE__);
db_query("\n\t\tDELETE FROM {$db_prefix}log_search_subjects\n\t\tWHERE ID_TOPIC IN (" . implode(', ', $deleted_topics) . ")", __FILE__, __LINE__);
// Asssign the properties of the newly merged topic.
db_query("\n\t\tUPDATE {$db_prefix}topics\n\t\tSET\n\t\t\tID_BOARD = {$target_board},\n\t\t\tID_MEMBER_STARTED = {$member_started},\n\t\t\tID_MEMBER_UPDATED = {$member_updated},\n\t\t\tID_FIRST_MSG = {$first_msg},\n\t\t\tID_LAST_MSG = {$last_msg},\n\t\t\tID_POLL = {$target_poll},\n\t\t\tnumReplies = {$num_replies},\n\t\t\tnumViews = {$num_views},\n\t\t\tisSticky = {$isSticky}\n\t\tWHERE ID_TOPIC = {$ID_TOPIC}\n\t\tLIMIT 1", __FILE__, __LINE__);
// Grab the response prefix (like 'Re: ') in the default forum language.
if (!isset($context['response_prefix']) && !($context['response_prefix'] = cache_get_data('response_prefix'))) {
if ($language === $user_info['language']) {
$context['response_prefix'] = $txt['response_prefix'];
} else {
loadLanguage('index', $language, false);
$context['response_prefix'] = $txt['response_prefix'];
loadLanguage('index');
}
cache_put_data('response_prefix', $context['response_prefix'], 600);
}
// Change the topic IDs of all messages that will be merged. Also adjust subjects if 'enforce subject' was checked.
db_query("\n\t\tUPDATE {$db_prefix}messages\n\t\tSET\n\t\t\tID_TOPIC = {$ID_TOPIC},\n\t\t\tID_BOARD = {$target_board}" . (!empty($_POST['enforce_subject']) ? ",\n\t\t\tsubject = '{$context['response_prefix']}{$target_subject}'" : '') . "\n\t\tWHERE ID_TOPIC IN (" . implode(', ', $topics) . ")", __FILE__, __LINE__);
// Change the subject of the first message...
db_query("\n\t\tUPDATE {$db_prefix}messages\n\t\tSET subject = '{$target_subject}'\n\t\tWHERE ID_MSG = {$first_msg}\n\t\tLIMIT 1", __FILE__, __LINE__);
// Adjust all calendar events to point to the new topic.
db_query("\n\t\tUPDATE {$db_prefix}calendar\n\t\tSET\n\t\t\tID_TOPIC = {$ID_TOPIC},\n\t\t\tID_BOARD = {$target_board}\n\t\tWHERE ID_TOPIC IN (" . implode(', ', $deleted_topics) . ")", __FILE__, __LINE__);
// Merge log topic entries.
$request = db_query("\n\t\tSELECT ID_MEMBER, MIN(ID_MSG) AS new_ID_MSG\n\t\tFROM {$db_prefix}log_topics\n\t\tWHERE ID_TOPIC IN (" . implode(', ', $topics) . ")\n\t\tGROUP BY ID_MEMBER", __FILE__, __LINE__);
if (mysql_num_rows($request) > 0) {
$replaceEntries = array();
while ($row = mysql_fetch_assoc($request)) {
$replaceEntries[] = "({$row['ID_MEMBER']}, {$ID_TOPIC}, {$row['new_ID_MSG']})";
}
db_query("\n\t\t\tREPLACE INTO {$db_prefix}log_topics\n\t\t\t\t(ID_MEMBER, ID_TOPIC, ID_MSG)\n\t\t\tVALUES " . implode(', ', $replaceEntries), __FILE__, __LINE__);
unset($replaceEntries);
// Get rid of the old log entries.
db_query("\n\t\t\tDELETE FROM {$db_prefix}log_topics\n\t\t\tWHERE ID_TOPIC IN (" . implode(', ', $deleted_topics) . ")", __FILE__, __LINE__);
}
mysql_free_result($request);
// Merge topic notifications.
if (!empty($_POST['notifications']) && is_array($_POST['notifications'])) {
// Check if the notification array contains valid topics.
if (count(array_diff($_POST['notifications'], $topics)) > 0) {
fatal_lang_error('smf232');
}
$request = db_query("\n\t\t\tSELECT ID_MEMBER, MAX(sent) AS sent\n\t\t\tFROM {$db_prefix}log_notify\n\t\t\tWHERE ID_TOPIC IN (" . implode(', ', $_POST['notifications']) . ")\n\t\t\tGROUP BY ID_MEMBER", __FILE__, __LINE__);
if (mysql_num_rows($request) > 0) {
$replaceEntries = array();
while ($row = mysql_fetch_assoc($request)) {
$replaceEntries[] = "({$row['ID_MEMBER']}, {$ID_TOPIC}, 0, {$row['sent']})";
}
db_query("\n\t\t\t\tREPLACE INTO {$db_prefix}log_notify\n\t\t\t\t\t(ID_MEMBER, ID_TOPIC, ID_BOARD, sent)\n\t\t\t\tVALUES " . implode(', ', $replaceEntries), __FILE__, __LINE__);
unset($replaceEntries);
db_query("\n\t\t\t\tDELETE FROM {$db_prefix}log_topics\n\t\t\t\tWHERE ID_TOPIC IN (" . implode(', ', $deleted_topics) . ")", __FILE__, __LINE__);
}
mysql_free_result($request);
}
// Get rid of the redundant polls.
if (!empty($deleted_polls)) {
db_query("\n\t\t\tDELETE FROM {$db_prefix}polls\n\t\t\tWHERE ID_POLL IN (" . implode(', ', $deleted_polls) . ")\n\t\t\tLIMIT 1", __FILE__, __LINE__);
db_query("\n\t\t\tDELETE FROM {$db_prefix}poll_choices\n\t\t\tWHERE ID_POLL IN (" . implode(', ', $deleted_polls) . ")", __FILE__, __LINE__);
db_query("\n\t\t\tDELETE FROM {$db_prefix}log_polls\n\t\t\tWHERE ID_POLL IN (" . implode(', ', $deleted_polls) . ")", __FILE__, __LINE__);
}
// Fix the board totals.
if (count($boards) > 1) {
$request = db_query("\n\t\t\tSELECT ID_BOARD, COUNT(*) AS numTopics, SUM(numReplies) + COUNT(*) AS numPosts\n\t\t\tFROM {$db_prefix}topics\n\t\t\tWHERE ID_BOARD IN (" . implode(', ', $boards) . ")\n\t\t\tGROUP BY ID_BOARD\n\t\t\tLIMIT " . count($boards), __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($request)) {
db_query("\n\t\t\t\tUPDATE {$db_prefix}boards\n\t\t\t\tSET\n\t\t\t\t\tnumPosts = {$row['numPosts']},\n\t\t\t\t\tnumTopics = {$row['numTopics']}\n\t\t\t\tWHERE ID_BOARD = {$row['ID_BOARD']}\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
}
mysql_free_result($request);
} else {
db_query("\n\t\t\tUPDATE {$db_prefix}boards\n\t\t\tSET numTopics = IF(" . (count($topics) - 1) . " > numTopics, 0, numTopics - " . (count($topics) - 1) . ")\n\t\t\tWHERE ID_BOARD = {$target_board}\n\t\t\tLIMIT 1", __FILE__, __LINE__);
}
require_once $sourcedir . '/Subs-Post.php';
// Update all the statistics.
updateStats('topic');
updateStats('subject', $ID_TOPIC, $target_subject);
updateLastMessages($boards);
logAction('merge', array('topic' => $ID_TOPIC));
// Notify people that these topics have been merged?
sendNotifications($ID_TOPIC, 'merge');
// Send them to the all done page.
redirectexit('action=mergetopics;sa=done;to=' . $ID_TOPIC . ';targetboard=' . $target_board);
}
/**
* Editing a membergroup.
* Screen to edit a specific membergroup.
* Called by ?action=admin;area=membergroups;sa=edit;group=x.
* It requires the manage_membergroups permission.
* Also handles the delete button of the edit form.
* Redirects to ?action=admin;area=membergroups.
*
* @uses the edit_group sub template of ManageMembergroups.
*/
function EditMembergroup()
{
global $context, $txt, $sourcedir, $modSettings, $smcFunc;
$_REQUEST['group'] = isset($_REQUEST['group']) && $_REQUEST['group'] > 0 ? (int) $_REQUEST['group'] : 0;
if (!empty($modSettings['deny_boards_access'])) {
loadLanguage('ManagePermissions');
}
// Make sure this group is editable.
if (!empty($_REQUEST['group'])) {
$request = $smcFunc['db_query']('', '
SELECT id_group
FROM {db_prefix}membergroups
WHERE id_group = {int:current_group}' . (allowedTo('admin_forum') ? '' : '
AND group_type != {int:is_protected}') . '
LIMIT {int:limit}', array('current_group' => $_REQUEST['group'], 'is_protected' => 1, 'limit' => 1));
list($_REQUEST['group']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
}
// Now, do we have a valid id?
if (empty($_REQUEST['group'])) {
fatal_lang_error('membergroup_does_not_exist', false);
}
// The delete this membergroup button was pressed.
if (isset($_POST['delete'])) {
checkSession();
validateToken('admin-mmg');
require_once $sourcedir . '/Subs-Membergroups.php';
deleteMembergroups($_REQUEST['group']);
redirectexit('action=admin;area=membergroups;');
} elseif (isset($_POST['save'])) {
// Validate the session.
checkSession();
validateToken('admin-mmg');
// Can they really inherit from this group?
if (isset($_POST['group_inherit']) && $_POST['group_inherit'] != -2 && !allowedTo('admin_forum')) {
$request = $smcFunc['db_query']('', '
SELECT group_type
FROM {db_prefix}membergroups
WHERE id_group = {int:inherit_from}
LIMIT {int:limit}', array('inherit_from' => $_POST['group_inherit'], 'limit' => 1));
list($inherit_type) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
}
// Set variables to their proper value.
$_POST['max_messages'] = isset($_POST['max_messages']) ? (int) $_POST['max_messages'] : 0;
$_POST['min_posts'] = isset($_POST['min_posts']) && isset($_POST['group_type']) && $_POST['group_type'] == -1 && $_REQUEST['group'] > 3 ? abs($_POST['min_posts']) : ($_REQUEST['group'] == 4 ? 0 : -1);
$_POST['icons'] = empty($_POST['icon_count']) || $_POST['icon_count'] < 0 ? '' : min((int) $_POST['icon_count'], 99) . '#' . $_POST['icon_image'];
$_POST['group_desc'] = isset($_POST['group_desc']) && ($_REQUEST['group'] == 1 || isset($_POST['group_type']) && $_POST['group_type'] != -1) ? trim($_POST['group_desc']) : '';
$_POST['group_type'] = !isset($_POST['group_type']) || $_POST['group_type'] < 0 || $_POST['group_type'] > 3 || $_POST['group_type'] == 1 && !allowedTo('admin_forum') ? 0 : (int) $_POST['group_type'];
$_POST['group_hidden'] = empty($_POST['group_hidden']) || $_POST['min_posts'] != -1 || $_REQUEST['group'] == 3 ? 0 : (int) $_POST['group_hidden'];
$_POST['group_inherit'] = $_REQUEST['group'] > 1 && $_REQUEST['group'] != 3 && (empty($inherit_type) || $inherit_type != 1) ? (int) $_POST['group_inherit'] : -2;
//@todo Don't set online_color for the Moderators group?
// Do the update of the membergroup settings.
$smcFunc['db_query']('', '
UPDATE {db_prefix}membergroups
SET group_name = {string:group_name}, online_color = {string:online_color},
max_messages = {int:max_messages}, min_posts = {int:min_posts}, icons = {string:icons},
description = {string:group_desc}, group_type = {int:group_type}, hidden = {int:group_hidden},
id_parent = {int:group_inherit}
WHERE id_group = {int:current_group}', array('max_messages' => $_POST['max_messages'], 'min_posts' => $_POST['min_posts'], 'group_type' => $_POST['group_type'], 'group_hidden' => $_POST['group_hidden'], 'group_inherit' => $_POST['group_inherit'], 'current_group' => (int) $_REQUEST['group'], 'group_name' => $smcFunc['htmlspecialchars']($_POST['group_name']), 'online_color' => $_POST['online_color'], 'icons' => $_POST['icons'], 'group_desc' => $_POST['group_desc']));
call_integration_hook('integrate_save_membergroup', array((int) $_REQUEST['group']));
// Time to update the boards this membergroup has access to.
if ($_REQUEST['group'] == 2 || $_REQUEST['group'] > 3) {
$accesses = empty($_POST['boardaccess']) || !is_array($_POST['boardaccess']) ? array() : $_POST['boardaccess'];
$changed_boards['allow'] = array();
$changed_boards['deny'] = array();
$changed_boards['ignore'] = array();
foreach ($accesses as $group_id => $action) {
$changed_boards[$action][] = (int) $group_id;
}
foreach (array('allow', 'deny') as $board_action) {
// Find all board this group is in, but shouldn't be in.
$request = $smcFunc['db_query']('', '
SELECT id_board, {raw:column}
FROM {db_prefix}boards
WHERE FIND_IN_SET({string:current_group}, {raw:column}) != 0' . (empty($changed_boards[$board_action]) ? '' : '
AND id_board NOT IN ({array_int:board_access_list})'), array('current_group' => (int) $_REQUEST['group'], 'board_access_list' => $changed_boards[$board_action], 'column' => $board_action == 'allow' ? 'member_groups' : 'deny_member_groups'));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}boards
SET {raw:column} = {string:member_group_access}
WHERE id_board = {int:current_board}', array('current_board' => $row['id_board'], 'member_group_access' => implode(',', array_diff(explode(',', $row['member_groups']), array($_REQUEST['group']))), 'column' => $board_action == 'allow' ? 'member_groups' : 'deny_member_groups'));
}
$smcFunc['db_free_result']($request);
// Add the membergroup to all boards that hadn't been set yet.
if (!empty($changed_boards[$board_action])) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}boards
SET {raw:column} = CASE WHEN {raw:column} = {string:blank_string} THEN {string:group_id_string} ELSE CONCAT({raw:column}, {string:comma_group}) END
WHERE id_board IN ({array_int:board_list})
AND FIND_IN_SET({int:current_group}, {raw:column}) = 0', array('board_list' => $changed_boards[$board_action], 'blank_string' => '', 'current_group' => (int) $_REQUEST['group'], 'group_id_string' => (string) (int) $_REQUEST['group'], 'comma_group' => ',' . $_REQUEST['group'], 'column' => $board_action == 'allow' ? 'member_groups' : 'deny_member_groups'));
}
}
}
// Remove everyone from this group!
if ($_POST['min_posts'] != -1) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}members
SET id_group = {int:regular_member}
WHERE id_group = {int:current_group}', array('regular_member' => 0, 'current_group' => (int) $_REQUEST['group']));
$request = $smcFunc['db_query']('', '
SELECT id_member, additional_groups
FROM {db_prefix}members
WHERE FIND_IN_SET({string:current_group}, additional_groups) != 0', array('current_group' => (int) $_REQUEST['group']));
$updates = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$updates[$row['additional_groups']][] = $row['id_member'];
}
$smcFunc['db_free_result']($request);
foreach ($updates as $additional_groups => $memberArray) {
updateMemberData($memberArray, array('additional_groups' => implode(',', array_diff(explode(',', $additional_groups), array((int) $_REQUEST['group'])))));
}
} elseif ($_REQUEST['group'] != 3) {
// Making it a hidden group? If so remove everyone with it as primary group (Actually, just make them additional).
if ($_POST['group_hidden'] == 2) {
$request = $smcFunc['db_query']('', '
SELECT id_member, additional_groups
FROM {db_prefix}members
WHERE id_group = {int:current_group}
AND FIND_IN_SET({int:current_group}, additional_groups) = 0', array('current_group' => (int) $_REQUEST['group']));
$updates = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$updates[$row['additional_groups']][] = $row['id_member'];
}
$smcFunc['db_free_result']($request);
foreach ($updates as $additional_groups => $memberArray) {
updateMemberData($memberArray, array('additional_groups' => implode(',', array_merge(explode(',', $additional_groups), array((int) $_REQUEST['group'])))));
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}members
SET id_group = {int:regular_member}
WHERE id_group = {int:current_group}', array('regular_member' => 0, 'current_group' => $_REQUEST['group']));
}
// Either way, let's check our "show group membership" setting is correct.
$request = $smcFunc['db_query']('', '
SELECT COUNT(*)
FROM {db_prefix}membergroups
WHERE group_type > {int:non_joinable}', array('non_joinable' => 1));
list($have_joinable) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
// Do we need to update the setting?
if (empty($modSettings['show_group_membership']) && $have_joinable || !empty($modSettings['show_group_membership']) && !$have_joinable) {
updateSettings(array('show_group_membership' => $have_joinable ? 1 : 0));
}
}
// Do we need to set inherited permissions?
if ($_POST['group_inherit'] != -2 && $_POST['group_inherit'] != $_POST['old_inherit']) {
require_once $sourcedir . '/ManagePermissions.php';
updateChildPermissions($_POST['group_inherit']);
}
// Finally, moderators!
$moderator_string = isset($_POST['group_moderators']) ? trim($_POST['group_moderators']) : '';
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}group_moderators
WHERE id_group = {int:current_group}', array('current_group' => $_REQUEST['group']));
if ((!empty($moderator_string) || !empty($_POST['moderator_list'])) && $_POST['min_posts'] == -1 && $_REQUEST['group'] != 3) {
// Get all the usernames from the string
if (!empty($moderator_string)) {
$moderator_string = strtr(preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', htmlspecialchars($moderator_string), ENT_QUOTES), array('"' => '"'));
preg_match_all('~"([^"]+)"~', $moderator_string, $matches);
$moderators = array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $moderator_string)));
for ($k = 0, $n = count($moderators); $k < $n; $k++) {
$moderators[$k] = trim($moderators[$k]);
if (strlen($moderators[$k]) == 0) {
unset($moderators[$k]);
}
}
// Find all the id_member's for the member_name's in the list.
$group_moderators = array();
if (!empty($moderators)) {
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}members
WHERE member_name IN ({array_string:moderators}) OR real_name IN ({array_string:moderators})
LIMIT ' . count($moderators), array('moderators' => $moderators));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$group_moderators[] = $row['id_member'];
}
$smcFunc['db_free_result']($request);
}
} else {
$moderators = array();
foreach ($_POST['moderator_list'] as $moderator) {
$moderators[] = (int) $moderator;
}
$group_moderators = array();
if (!empty($moderators)) {
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}members
WHERE id_member IN ({array_int:moderators})
LIMIT {int:num_moderators}', array('moderators' => $moderators, 'num_moderators' => count($moderators)));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$group_moderators[] = $row['id_member'];
}
$smcFunc['db_free_result']($request);
}
}
// Found some?
if (!empty($group_moderators)) {
$mod_insert = array();
foreach ($group_moderators as $moderator) {
$mod_insert[] = array($_REQUEST['group'], $moderator);
}
$smcFunc['db_insert']('insert', '{db_prefix}group_moderators', array('id_group' => 'int', 'id_member' => 'int'), $mod_insert, array('id_group', 'id_member'));
}
}
// There might have been some post group changes.
updateStats('postgroups');
// We've definitely changed some group stuff.
updateSettings(array('settings_updated' => time()));
// Log the edit.
logAction('edited_group', array('group' => $_POST['group_name']), 'admin');
redirectexit('action=admin;area=membergroups');
}
// Fetch the current group information.
$request = $smcFunc['db_query']('', '
SELECT group_name, description, min_posts, online_color, max_messages, icons, group_type, hidden, id_parent
FROM {db_prefix}membergroups
WHERE id_group = {int:current_group}
LIMIT 1', array('current_group' => (int) $_REQUEST['group']));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('membergroup_does_not_exist', false);
}
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
$row['icons'] = explode('#', $row['icons']);
$context['group'] = array('id' => $_REQUEST['group'], 'name' => $row['group_name'], 'description' => htmlspecialchars($row['description']), 'editable_name' => $row['group_name'], 'color' => $row['online_color'], 'min_posts' => $row['min_posts'], 'max_messages' => $row['max_messages'], 'icon_count' => (int) $row['icons'][0], 'icon_image' => isset($row['icons'][1]) ? $row['icons'][1] : '', 'is_post_group' => $row['min_posts'] != -1, 'type' => $row['min_posts'] != -1 ? 0 : $row['group_type'], 'hidden' => $row['min_posts'] == -1 ? $row['hidden'] : 0, 'inherited_from' => $row['id_parent'], 'allow_post_group' => $_REQUEST['group'] == 2 || $_REQUEST['group'] > 4, 'allow_delete' => $_REQUEST['group'] == 2 || $_REQUEST['group'] > 4, 'allow_protected' => allowedTo('admin_forum'));
// Get any moderators for this group
$request = $smcFunc['db_query']('', '
SELECT mem.id_member, mem.real_name
FROM {db_prefix}group_moderators AS mods
INNER JOIN {db_prefix}members AS mem ON (mem.id_member = mods.id_member)
WHERE mods.id_group = {int:current_group}', array('current_group' => $_REQUEST['group']));
$context['group']['moderators'] = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['group']['moderators'][$row['id_member']] = $row['real_name'];
}
$smcFunc['db_free_result']($request);
$context['group']['moderator_list'] = empty($context['group']['moderators']) ? '' : '"' . implode('", "', $context['group']['moderators']) . '"';
if (!empty($context['group']['moderators'])) {
list($context['group']['last_moderator_id']) = array_slice(array_keys($context['group']['moderators']), -1);
}
// Get a list of boards this membergroup is allowed to see.
$context['boards'] = array();
if ($_REQUEST['group'] == 2 || $_REQUEST['group'] > 3) {
$request = $smcFunc['db_query']('', '
SELECT b.id_cat, c.name as cat_name, b.id_board, b.name, b.child_level,
FIND_IN_SET({string:current_group}, b.member_groups) != 0 AS can_access, FIND_IN_SET({string:current_group}, b.deny_member_groups) != 0 AS cannot_access
FROM {db_prefix}boards AS b
LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat)
ORDER BY board_order', array('current_group' => (int) $_REQUEST['group']));
$context['categories'] = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
// This category hasn't been set up yet..
if (!isset($context['categories'][$row['id_cat']])) {
$context['categories'][$row['id_cat']] = array('id' => $row['id_cat'], 'name' => $row['cat_name'], 'boards' => array());
}
// Set this board up, and let the template know when it's a child. (indent them..)
$context['categories'][$row['id_cat']]['boards'][$row['id_board']] = array('id' => $row['id_board'], 'name' => $row['name'], 'child_level' => $row['child_level'], 'allow' => !(empty($row['can_access']) || $row['can_access'] == 'f'), 'deny' => !(empty($row['cannot_access']) || $row['cannot_access'] == 'f'));
}
$smcFunc['db_free_result']($request);
// Now, let's sort the list of categories into the boards for templates that like that.
$temp_boards = array();
foreach ($context['categories'] as $category) {
$temp_boards[] = array('name' => $category['name'], 'child_ids' => array_keys($category['boards']));
$temp_boards = array_merge($temp_boards, array_values($category['boards']));
// Include a list of boards per category for easy toggling.
$context['categories'][$category['id']]['child_ids'] = array_keys($category['boards']);
}
$max_boards = ceil(count($temp_boards) / 2);
if ($max_boards == 1) {
$max_boards = 2;
}
}
// Finally, get all the groups this could be inherited off.
$request = $smcFunc['db_query']('', '
SELECT id_group, group_name
FROM {db_prefix}membergroups
WHERE id_group != {int:current_group}' . (empty($modSettings['permission_enable_postgroups']) ? '
AND min_posts = {int:min_posts}' : '') . (allowedTo('admin_forum') ? '' : '
AND group_type != {int:is_protected}') . '
AND id_group NOT IN (1, 3)
AND id_parent = {int:not_inherited}', array('current_group' => (int) $_REQUEST['group'], 'min_posts' => -1, 'not_inherited' => -2, 'is_protected' => 1));
$context['inheritable_groups'] = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['inheritable_groups'][$row['id_group']] = $row['group_name'];
}
$smcFunc['db_free_result']($request);
call_integration_hook('integrate_view_membergroup');
$context['sub_template'] = 'edit_group';
$context['page_title'] = $txt['membergroups_edit_group'];
createToken('admin-mmg');
}
function userLogin($username, $password)
{
session_start();
$_SESSION['userid'] = NULL;
include_once "inc/adLDAP.php";
global $database, $passwordKey;
$username = mysql_escape_string($username);
$password = mysql_escape_string($password);
#ADauth check
$query = "select * from {$GLOBALS['tablePrefix']}users where username=\"{$username}\"";
$result = mysql_query($query);
// TODO: Query
$userinfo = mysql_fetch_assoc($result);
if ($userinfo['ADauth'] == 1) {
$ADconn = new adLDAP();
if ($ADconn->authenticate($username, $password)) {
#success
$loginSuccess = true;
} else {
$loginSuccess = false;
}
} else {
$query = "select * from {$GLOBALS['tablePrefix']}users where username=\"{$username}\" and password=md5(\"{$passwordKey}{$password}\")";
$result = mysql_query($query, $database);
// TODO: Query
if ($userinfo = mysql_fetch_assoc($result)) {
$loginSuccess = true;
}
}
if ($loginSuccess == true) {
$_SESSION['userid'] = $userinfo['id'];
$_SESSION['user'] = $username;
$_SESSION['name'] = $userinfo['name'];
$_SESSION['path'] = array();
$_SESSION['admin'] = $userinfo['admin'];
userPermissions();
logAction('login', $username);
if ($GLOBALS['resource'] != true) {
checkLogin();
}
} else {
logAction('loginFail', $username);
if ($GLOBALS['resource'] != true) {
checkLogin();
}
}
}
function DeleteInstall()
{
global $txt, $HTTP_SESSION_VARS, $incontext;
global $current_smf_version, $sourcedir, $forum_version, $modSettings, $user_info, $db_type;
$incontext['page_title'] = $txt['congratulations'];
$incontext['sub_template'] = 'delete_install';
$incontext['continue'] = 0;
require dirname(__FILE__) . '/Settings.php';
load_database();
chdir(dirname(__FILE__));
require_once $sourcedir . '/Errors.php';
require_once $sourcedir . '/lib/Subs.php';
require_once $sourcedir . '/CommonAPI.php';
require_once $sourcedir . '/Load.php';
require_once $sourcedir . '/Security.php';
require_once $sourcedir . '/lib/Subs-Auth.php';
// Bring a warning over.
if (!empty($incontext['account_existed'])) {
$incontext['warning'] = $incontext['account_existed'];
}
smf_db_query('
SET NAMES utf8', array());
// As track stats is by default enabled let's add some activity.
smf_db_insert('ignore', '{db_prefix}log_activity', array('date' => 'date', 'topics' => 'int', 'posts' => 'int', 'registers' => 'int'), array(strftime('%Y-%m-%d', time()), 1, 1, !empty($incontext['member_id']) ? 1 : 0), array('date'));
// Automatically log them in ;)
if (isset($incontext['member_id']) && isset($incontext['member_salt'])) {
setLoginCookie(3153600 * 60, $incontext['member_id'], sha1(sha1(strtolower($_POST['username']) . $_POST['password1']) . $incontext['member_salt']));
}
$result = smf_db_query('
SELECT value
FROM {db_prefix}settings
WHERE variable = {string:db_sessions}', array('db_sessions' => 'databaseSession_enable', 'db_error_skip' => true));
if (mysql_num_rows($result) != 0) {
list($db_sessions) = mysql_fetch_row($result);
}
mysql_free_result($result);
if (empty($db_sessions)) {
if (@version_compare(PHP_VERSION, '4.2.0') == -1) {
$HTTP_SESSION_VARS['php_412_bugfix'] = true;
}
$_SESSION['admin_time'] = time();
} else {
$_SERVER['HTTP_USER_AGENT'] = substr($_SERVER['HTTP_USER_AGENT'], 0, 211);
smf_db_insert('replace', '{db_prefix}sessions', array('session_id' => 'string', 'last_update' => 'int', 'data' => 'string'), array(session_id(), time(), 'USER_AGENT|s:' . strlen($_SERVER['HTTP_USER_AGENT']) . ':"' . $_SERVER['HTTP_USER_AGENT'] . '";admin_time|i:' . time() . ';'), array('session_id'));
}
// We're going to want our lovely $modSettings now.
$request = smf_db_query('
SELECT variable, value
FROM {db_prefix}settings', array('db_error_skip' => true));
// Only proceed if we can load the data.
if ($request) {
while ($row = mysql_fetch_row($request)) {
$modSettings[$row[0]] = $row[1];
}
mysql_free_result($request);
}
updateStats('member');
updateStats('message');
updateStats('topic');
$request = smf_db_query('
SELECT id_msg
FROM {db_prefix}messages
WHERE id_msg = 1
AND modified_time = 0
LIMIT 1', array('db_error_skip' => true));
if (mysql_num_rows($request) > 0) {
updateStats('subject', 1, htmlspecialchars($txt['default_topic_subject']));
}
mysql_free_result($request);
// Now is the perfect time to fetch the SM files.
require_once $sourcedir . '/ScheduledTasks.php';
// Sanity check that they loaded earlier!
if (isset($modSettings['recycle_board'])) {
$forum_version = $current_smf_version;
// The variable is usually defined in index.php so lets just use our variable to do it for us.
scheduled_fetchSMfiles();
// Now go get those files!
// We've just installed!
$user_info['ip'] = $_SERVER['REMOTE_ADDR'];
$user_info['id'] = isset($incontext['member_id']) ? $incontext['member_id'] : 0;
logAction('install', array('version' => $forum_version), 'admin');
}
// Check if we need some stupid MySQL fix.
$server_version = smf_db_get_version();
if ($db_type == 'mysql' && in_array(substr($server_version, 0, 6), array('5.0.50', '5.0.51'))) {
updateSettings(array('db_mysql_group_by_fix' => '1'));
}
// Some final context for the template.
$incontext['dir_still_writable'] = is_writable(dirname(__FILE__)) && substr(__FILE__, 1, 2) != ':\\';
$incontext['probably_delete_install'] = isset($_SESSION['installer_temp_ftp']) || is_writable(dirname(__FILE__)) || is_writable(__FILE__);
return false;
}
/**
* Apply another type of (avatar, language, etc.) package.
*/
public function action_install2()
{
global $txt, $context, $boardurl, $scripturl, $modSettings;
// Make sure we don't install this mod twice.
checkSubmitOnce('check');
checkSession();
// If there's no file, what are we installing?
if (!isset($_REQUEST['package']) || $_REQUEST['package'] == '') {
redirectexit('action=admin;area=packages');
}
$context['filename'] = $_REQUEST['package'];
// If this is an uninstall, we'll have an id.
$context['install_id'] = isset($_REQUEST['pid']) ? (int) $_REQUEST['pid'] : 0;
require_once SUBSDIR . '/Package.subs.php';
require_once SUBSDIR . '/Themes.subs.php';
// @todo Perhaps do it in steps, if necessary?
$context['uninstalling'] = $_REQUEST['sa'] == 'uninstall2';
// Set up the linktree for other.
$context['linktree'][count($context['linktree']) - 1] = array('url' => $scripturl . '?action=admin;area=packages;sa=browse', 'name' => $context['uninstalling'] ? $txt['uninstall'] : $txt['extracting']);
$context['page_title'] .= ' - ' . ($context['uninstalling'] ? $txt['uninstall'] : $txt['extracting']);
$context['sub_template'] = 'extract_package';
if (!file_exists(BOARDDIR . '/packages/' . $context['filename'])) {
fatal_lang_error('package_no_file', false);
}
// Load up the package FTP information?
create_chmod_control(array(), array('destination_url' => $scripturl . '?action=admin;area=packages;sa=' . $_REQUEST['sa'] . ';package=' . $_REQUEST['package']));
// Make sure temp directory exists and is empty!
if (file_exists(BOARDDIR . '/packages/temp')) {
deltree(BOARDDIR . '/packages/temp', false);
} else {
mktree(BOARDDIR . '/packages/temp', 0777);
}
// Let the unpacker do the work.
if (is_file(BOARDDIR . '/packages/' . $context['filename'])) {
$context['extracted_files'] = read_tgz_file(BOARDDIR . '/packages/' . $context['filename'], BOARDDIR . '/packages/temp');
if (!file_exists(BOARDDIR . '/packages/temp/package-info.xml')) {
foreach ($context['extracted_files'] as $file) {
if (basename($file['filename']) == 'package-info.xml') {
$context['base_path'] = dirname($file['filename']) . '/';
break;
}
}
}
if (!isset($context['base_path'])) {
$context['base_path'] = '';
}
} elseif (is_dir(BOARDDIR . '/packages/' . $context['filename'])) {
copytree(BOARDDIR . '/packages/' . $context['filename'], BOARDDIR . '/packages/temp');
$context['extracted_files'] = listtree(BOARDDIR . '/packages/temp');
$context['base_path'] = '';
} else {
fatal_lang_error('no_access', false);
}
// Are we installing this into any custom themes?
$custom_themes = array(1);
$known_themes = explode(',', $modSettings['knownThemes']);
if (!empty($_POST['custom_theme'])) {
foreach ($_POST['custom_theme'] as $tid) {
if (in_array($tid, $known_themes)) {
$custom_themes[] = (int) $tid;
}
}
}
// Now load up the paths of the themes that we need to know about.
$theme_paths = getThemesPathbyID($custom_themes);
$themes_installed = array(1);
// Are there any theme copying that we want to take place?
$context['theme_copies'] = array('require-file' => array(), 'require-dir' => array());
if (!empty($_POST['theme_changes'])) {
foreach ($_POST['theme_changes'] as $change) {
if (empty($change)) {
continue;
}
$theme_data = unserialize(base64_decode($change));
if (empty($theme_data['type'])) {
continue;
}
$themes_installed[] = $theme_data['id'];
$context['theme_copies'][$theme_data['type']][$theme_data['orig']][] = $theme_data['future'];
}
}
// Get the package info...
$packageInfo = getPackageInfo($context['filename']);
if (!is_array($packageInfo)) {
fatal_lang_error($packageInfo);
}
$packageInfo['filename'] = $context['filename'];
// Set the type of extraction...
$context['extract_type'] = isset($packageInfo['type']) ? $packageInfo['type'] : 'modification';
// Create a backup file to roll back to! (but if they do this more than once, don't run it a zillion times.)
if (!empty($modSettings['package_make_full_backups']) && (!isset($_SESSION['last_backup_for']) || $_SESSION['last_backup_for'] != $context['filename'] . ($context['uninstalling'] ? '$$' : '$'))) {
$_SESSION['last_backup_for'] = $context['filename'] . ($context['uninstalling'] ? '$$' : '$');
// @todo Internationalize this?
package_create_backup(($context['uninstalling'] ? 'backup_' : 'before_') . strtok($context['filename'], '.'));
}
// The mod isn't installed.... unless proven otherwise.
$context['is_installed'] = false;
// Is it actually installed?
$package_installed = isPackageInstalled($packageInfo['id']);
// Wait, it's not installed yet!
// @todo Replace with a better error message!
if (!isset($package_installed['old_version']) && $context['uninstalling']) {
deltree(BOARDDIR . '/packages/temp');
fatal_error('Hacker?', false);
} elseif ($context['uninstalling']) {
$install_log = parsePackageInfo($packageInfo['xml'], false, 'uninstall');
// Gadzooks! There's no uninstaller at all!?
if (empty($install_log)) {
fatal_lang_error('package_uninstall_cannot', false);
}
// They can only uninstall from what it was originally installed into.
foreach ($theme_paths as $id => $data) {
if ($id != 1 && !in_array($id, $package_installed['old_themes'])) {
unset($theme_paths[$id]);
}
}
} elseif (isset($package_installed['old_version']) && $package_installed['old_version'] != $packageInfo['version']) {
// Look for an upgrade...
$install_log = parsePackageInfo($packageInfo['xml'], false, 'upgrade', $package_installed['old_version']);
// There was no upgrade....
if (empty($install_log)) {
$context['is_installed'] = true;
} else {
// Upgrade previous themes only!
foreach ($theme_paths as $id => $data) {
if ($id != 1 && !in_array($id, $package_installed['old_themes'])) {
unset($theme_paths[$id]);
}
}
}
} elseif (isset($package_installed['old_version']) && $package_installed['old_version'] == $packageInfo['version']) {
$context['is_installed'] = true;
}
if (!isset($package_installed['old_version']) || $context['is_installed']) {
$install_log = parsePackageInfo($packageInfo['xml'], false, 'install');
}
$context['install_finished'] = false;
// We're gonna be needing the table db functions! ...Sometimes.
$table_installer = db_table();
// @todo Make a log of any errors that occurred and output them?
if (!empty($install_log)) {
$failed_steps = array();
$failed_count = 0;
foreach ($install_log as $action) {
$failed_count++;
if ($action['type'] == 'modification' && !empty($action['filename'])) {
if ($action['boardmod']) {
$mod_actions = parseBoardMod(file_get_contents(BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename']), false, $action['reverse'], $theme_paths);
} else {
$mod_actions = parseModification(file_get_contents(BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename']), false, $action['reverse'], $theme_paths);
}
// Any errors worth noting?
foreach ($mod_actions as $key => $action) {
if ($action['type'] == 'failure') {
$failed_steps[] = array('file' => $action['filename'], 'large_step' => $failed_count, 'sub_step' => $key, 'theme' => 1);
}
// Gather the themes we installed into.
if (!empty($action['is_custom'])) {
$themes_installed[] = $action['is_custom'];
}
}
} elseif ($action['type'] == 'code' && !empty($action['filename'])) {
// This is just here as reference for what is available.
global $txt, $modSettings, $context;
// Now include the file and be done with it ;).
if (file_exists(BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename'])) {
require BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename'];
}
} elseif ($action['type'] == 'credits') {
// Time to build the billboard
$credits_tag = array('url' => $action['url'], 'license' => $action['license'], 'copyright' => $action['copyright'], 'title' => $action['title']);
} elseif ($action['type'] == 'hook' && isset($action['hook'], $action['function'])) {
if ($action['reverse']) {
remove_integration_function($action['hook'], $action['function'], $action['include_file']);
} else {
add_integration_function($action['hook'], $action['function'], $action['include_file']);
}
} elseif ($action['type'] == 'database' && !empty($action['filename']) && (!$context['uninstalling'] || !empty($_POST['do_db_changes']))) {
// These can also be there for database changes.
global $txt, $modSettings, $context;
// Let the file work its magic ;)
if (file_exists(BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename'])) {
require BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename'];
}
} elseif ($action['type'] == 'redirect' && !empty($action['redirect_url'])) {
$context['redirect_url'] = $action['redirect_url'];
$context['redirect_text'] = !empty($action['filename']) && file_exists(BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename']) ? file_get_contents(BOARDDIR . '/packages/temp/' . $context['base_path'] . $action['filename']) : ($context['uninstalling'] ? $txt['package_uninstall_done'] : $txt['package_installed_done']);
$context['redirect_timeout'] = $action['redirect_timeout'];
// Parse out a couple of common urls.
$urls = array('$boardurl' => $boardurl, '$scripturl' => $scripturl, '$session_var' => $context['session_var'], '$session_id' => $context['session_id']);
$context['redirect_url'] = strtr($context['redirect_url'], $urls);
}
}
package_flush_cache();
// First, ensure this change doesn't get removed by putting a stake in the ground (So to speak).
package_put_contents(BOARDDIR . '/packages/installed.list', time());
// See if this is already installed
$is_upgrade = false;
$old_db_changes = array();
$package_check = isPackageInstalled($packageInfo['id']);
// Change the installed state as required.
if (!empty($package_check['install_state'])) {
if ($context['uninstalling']) {
setPackageState($package_check['package_id']);
} else {
// not uninstalling so must be an upgrade
$is_upgrade = true;
$old_db_changes = empty($package_check['db_changes']) ? array() : $package_check['db_changes'];
}
}
// Assuming we're not uninstalling, add the entry.
if (!$context['uninstalling']) {
// Any db changes from older version?
$table_log = $table_installer->package_log();
if (!empty($old_db_changes)) {
$db_package_log = empty($table_log) ? $old_db_changes : array_merge($old_db_changes, $table_log);
} else {
$db_package_log = $table_log;
}
// If there are some database changes we might want to remove then filter them out.
if (!empty($db_package_log)) {
// We're really just checking for entries which are create table AND add columns (etc).
$tables = array();
usort($db_package_log, array($this, '_sort_table_first'));
foreach ($db_package_log as $k => $log) {
if ($log[0] == 'remove_table') {
$tables[] = $log[1];
} elseif (in_array($log[1], $tables)) {
unset($db_package_log[$k]);
}
}
$package_installed['db_changes'] = serialize($db_package_log);
} else {
$package_installed['db_changes'] = '';
}
// What themes did we actually install?
$themes_installed = array_unique($themes_installed);
$themes_installed = implode(',', $themes_installed);
// What failed steps?
$failed_step_insert = serialize($failed_steps);
// Credits tag?
$credits_tag = empty($credits_tag) ? '' : serialize($credits_tag);
// Add to the log packages
addPackageLog($packageInfo, $failed_step_insert, $themes_installed, $package_installed['db_changes'], $is_upgrade, $credits_tag);
}
$context['install_finished'] = true;
}
// If there's database changes - and they want them removed - let's do it last!
if (!empty($package_installed['db_changes']) && !empty($_POST['do_db_changes'])) {
foreach ($package_installed['db_changes'] as $change) {
if ($change[0] == 'remove_table' && isset($change[1])) {
$table_installer->db_drop_table($change[1]);
} elseif ($change[0] == 'remove_column' && isset($change[2])) {
$table_installer->db_remove_column($change[1], $change[2]);
} elseif ($change[0] == 'remove_index' && isset($change[2])) {
$table_installer->db_remove_index($change[1], $change[2]);
}
}
}
// Clean house... get rid of the evidence ;).
if (file_exists(BOARDDIR . '/packages/temp')) {
deltree(BOARDDIR . '/packages/temp');
}
// Log what we just did.
logAction($context['uninstalling'] ? 'uninstall_package' : (!empty($is_upgrade) ? 'upgrade_package' : 'install_package'), array('package' => Util::htmlspecialchars($packageInfo['name']), 'version' => Util::htmlspecialchars($packageInfo['version'])), 'admin');
// Just in case, let's clear the whole cache to avoid anything going up the swanny.
clean_cache();
// Restore file permissions?
create_chmod_control(array(), array(), true);
}
/**
* Activate an account.
* This function is called from the profile account actions area.
*/
public function action_activateaccount()
{
global $context, $user_profile, $modSettings;
isAllowedTo('moderate_forum');
$memID = currentMemberID();
if (isset($_REQUEST['save']) && isset($user_profile[$memID]['is_activated']) && $user_profile[$memID]['is_activated'] != 1) {
require_once SUBSDIR . '/Members.subs.php';
// If we are approving the deletion of an account, we do something special ;)
if ($user_profile[$memID]['is_activated'] == 4) {
deleteMembers($context['id_member']);
redirectexit();
}
// Actually update this member now, as it guarantees the unapproved count can't get corrupted.
approveMembers(array('members' => array($context['id_member']), 'activated_status' => $user_profile[$memID]['is_activated']));
// Log what we did?
logAction('approve_member', array('member' => $memID), 'admin');
// If we are doing approval, update the stats for the member just in case.
if (in_array($user_profile[$memID]['is_activated'], array(3, 4, 13, 14))) {
updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > 1 ? $modSettings['unapprovedMembers'] - 1 : 0));
}
// Make sure we update the stats too.
updateStats('member', false);
}
// Leave it be...
redirectexit('action=profile;u=' . $memID . ';area=summary');
}
function BanEdit()
{
global $txt, $modSettings, $context, $ban_request, $scripturl, $smcFunc;
$_REQUEST['bg'] = empty($_REQUEST['bg']) ? 0 : (int) $_REQUEST['bg'];
// Adding or editing a ban trigger?
if (!empty($_POST['add_new_trigger']) || !empty($_POST['edit_trigger'])) {
checkSession();
$newBan = !empty($_POST['add_new_trigger']);
$values = array('id_ban_group' => $_REQUEST['bg'], 'hostname' => '', 'email_address' => '', 'id_member' => 0, 'ip_low1' => 0, 'ip_high1' => 0, 'ip_low2' => 0, 'ip_high2' => 0, 'ip_low3' => 0, 'ip_high3' => 0, 'ip_low4' => 0, 'ip_high4' => 0);
// Preset all values that are required.
if ($newBan) {
$insertKeys = array('id_ban_group' => 'int', 'hostname' => 'string', 'email_address' => 'string', 'id_member' => 'int', 'ip_low1' => 'int', 'ip_high1' => 'int', 'ip_low2' => 'int', 'ip_high2' => 'int', 'ip_low3' => 'int', 'ip_high3' => 'int', 'ip_low4' => 'int', 'ip_high4' => 'int');
} else {
$updateString = '
hostname = {string:hostname}, email_address = {string:email_address}, id_member = {int:id_member},
ip_low1 = {int:ip_low1}, ip_high1 = {int:ip_high1},
ip_low2 = {int:ip_low2}, ip_high2 = {int:ip_high2},
ip_low3 = {int:ip_low3}, ip_high3 = {int:ip_high3},
ip_low4 = {int:ip_low4}, ip_high4 = {int:ip_high4}';
}
if ($_POST['bantype'] == 'ip_ban') {
$ip = trim($_POST['ip']);
$ip_parts = ip2range($ip);
$ip_check = checkExistingTriggerIP($ip_parts, $ip);
if (!$ip_check) {
fatal_lang_error('invalid_ip', false);
}
$values = array_merge($values, $ip_check);
$modlogInfo['ip_range'] = $_POST['ip'];
} elseif ($_POST['bantype'] == 'hostname_ban') {
if (preg_match('/[^\\w.\\-*]/', $_POST['hostname']) == 1) {
fatal_lang_error('invalid_hostname', false);
}
// Replace the * wildcard by a MySQL compatible wildcard %.
$_POST['hostname'] = str_replace('*', '%', $_POST['hostname']);
$values['hostname'] = $_POST['hostname'];
$modlogInfo['hostname'] = $_POST['hostname'];
} elseif ($_POST['bantype'] == 'email_ban') {
if (preg_match('/[^\\w.\\-\\+*@]/', $_POST['email']) == 1) {
fatal_lang_error('invalid_email', false);
}
$_POST['email'] = strtolower(str_replace('*', '%', $_POST['email']));
// Check the user is not banning an admin.
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}members
WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
AND email_address LIKE {string:email}
LIMIT 1', array('admin_group' => 1, 'email' => $_POST['email']));
if ($smcFunc['db_num_rows']($request) != 0) {
fatal_lang_error('no_ban_admin', 'critical');
}
$smcFunc['db_free_result']($request);
$values['email_address'] = $_POST['email'];
$modlogInfo['email'] = $_POST['email'];
} elseif ($_POST['bantype'] == 'user_ban') {
$_POST['user'] = preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', $smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES));
$request = $smcFunc['db_query']('', '
SELECT id_member, (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0) AS isAdmin
FROM {db_prefix}members
WHERE member_name = {string:user_name} OR real_name = {string:user_name}
LIMIT 1', array('admin_group' => 1, 'user_name' => $_POST['user']));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('invalid_username', false);
}
list($memberid, $isAdmin) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
if ($isAdmin && $isAdmin != 'f') {
fatal_lang_error('no_ban_admin', 'critical');
}
$values['id_member'] = $memberid;
$modlogInfo['member'] = $memberid;
} else {
fatal_lang_error('no_bantype_selected', false);
}
if ($newBan) {
$smcFunc['db_insert']('', '{db_prefix}ban_items', $insertKeys, $values, array('id_ban'));
} else {
$smcFunc['db_query']('', '
UPDATE {db_prefix}ban_items
SET ' . $updateString . '
WHERE id_ban = {int:ban_item}
AND id_ban_group = {int:id_ban_group}', array_merge($values, array('ban_item' => (int) $_REQUEST['bi'])));
}
// Log the addion of the ban entry into the moderation log.
logAction('ban', $modlogInfo + array('new' => $newBan, 'type' => $_POST['bantype']));
// Register the last modified date.
updateSettings(array('banLastUpdated' => time()));
// Update the member table to represent the new ban situation.
updateBanMembers();
} elseif (!empty($_POST['remove_selection']) && !empty($_POST['ban_items']) && is_array($_POST['ban_items'])) {
checkSession();
// Making sure every deleted ban item is an integer.
foreach ($_POST['ban_items'] as $key => $value) {
$_POST['ban_items'][$key] = (int) $value;
}
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}ban_items
WHERE id_ban IN ({array_int:ban_list})
AND id_ban_group = {int:ban_group}', array('ban_list' => $_POST['ban_items'], 'ban_group' => $_REQUEST['bg']));
// It changed, let the settings and the member table know.
updateSettings(array('banLastUpdated' => time()));
updateBanMembers();
} elseif (!empty($_POST['modify_ban']) || !empty($_POST['add_ban'])) {
checkSession();
$addBan = !empty($_POST['add_ban']);
if (empty($_POST['ban_name'])) {
fatal_lang_error('ban_name_empty', false);
}
// Let's not allow HTML in ban names, it's more evil than beneficial.
$_POST['ban_name'] = $smcFunc['htmlspecialchars']($_POST['ban_name'], ENT_QUOTES);
// Check whether a ban with this name already exists.
$request = $smcFunc['db_query']('', '
SELECT id_ban_group
FROM {db_prefix}ban_groups
WHERE name = {string:new_ban_name}' . ($addBan ? '' : '
AND id_ban_group != {int:ban_group}') . '
LIMIT 1', array('ban_group' => $_REQUEST['bg'], 'new_ban_name' => $_POST['ban_name']));
if ($smcFunc['db_num_rows']($request) == 1) {
fatal_lang_error('ban_name_exists', false, array($_POST['ban_name']));
}
$smcFunc['db_free_result']($request);
$_POST['reason'] = $smcFunc['htmlspecialchars']($_POST['reason'], ENT_QUOTES);
$_POST['notes'] = $smcFunc['htmlspecialchars']($_POST['notes'], ENT_QUOTES);
$_POST['notes'] = str_replace(array("\r", "\n", ' '), array('', '<br />', ' '), $_POST['notes']);
$_POST['expiration'] = $_POST['expiration'] == 'never' ? 'NULL' : ($_POST['expiration'] == 'expired' ? '0' : ($_POST['expire_date'] != $_POST['old_expire'] ? time() + 24 * 60 * 60 * (int) $_POST['expire_date'] : 'expire_time'));
$_POST['full_ban'] = empty($_POST['full_ban']) ? '0' : '1';
$_POST['cannot_post'] = !empty($_POST['full_ban']) || empty($_POST['cannot_post']) ? '0' : '1';
$_POST['cannot_register'] = !empty($_POST['full_ban']) || empty($_POST['cannot_register']) ? '0' : '1';
$_POST['cannot_login'] = !empty($_POST['full_ban']) || empty($_POST['cannot_login']) ? '0' : '1';
if ($addBan) {
// Adding some ban triggers?
if ($addBan && !empty($_POST['ban_suggestion']) && is_array($_POST['ban_suggestion'])) {
$ban_triggers = array();
$ban_logs = array();
if (in_array('main_ip', $_POST['ban_suggestion']) && !empty($_POST['main_ip'])) {
$ip = trim($_POST['main_ip']);
$ip_parts = ip2range($ip);
if (!checkExistingTriggerIP($ip_parts, $ip)) {
fatal_lang_error('invalid_ip', false);
}
$ban_triggers[] = array($ip_parts[0]['low'], $ip_parts[0]['high'], $ip_parts[1]['low'], $ip_parts[1]['high'], $ip_parts[2]['low'], $ip_parts[2]['high'], $ip_parts[3]['low'], $ip_parts[3]['high'], '', '', 0);
$ban_logs[] = array('ip_range' => $_POST['main_ip']);
}
if (in_array('hostname', $_POST['ban_suggestion']) && !empty($_POST['hostname'])) {
if (preg_match('/[^\\w.\\-*]/', $_POST['hostname']) == 1) {
fatal_lang_error('invalid_hostname', false);
}
// Replace the * wildcard by a MySQL wildcard %.
$_POST['hostname'] = str_replace('*', '%', $_POST['hostname']);
$ban_triggers[] = array(0, 0, 0, 0, 0, 0, 0, 0, substr($_POST['hostname'], 0, 255), '', 0);
$ban_logs[] = array('hostname' => $_POST['hostname']);
}
if (in_array('email', $_POST['ban_suggestion']) && !empty($_POST['email'])) {
if (preg_match('/[^\\w.\\-\\+*@]/', $_POST['email']) == 1) {
fatal_lang_error('invalid_email', false);
}
$_POST['email'] = strtolower(str_replace('*', '%', $_POST['email']));
$ban_triggers[] = array(0, 0, 0, 0, 0, 0, 0, 0, '', substr($_POST['email'], 0, 255), 0);
$ban_logs[] = array('email' => $_POST['email']);
}
if (in_array('user', $_POST['ban_suggestion']) && (!empty($_POST['bannedUser']) || !empty($_POST['user']))) {
// We got a username, let's find its ID.
if (empty($_POST['bannedUser'])) {
$_POST['user'] = preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', $smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES));
$request = $smcFunc['db_query']('', '
SELECT id_member, (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0) AS isAdmin
FROM {db_prefix}members
WHERE member_name = {string:username} OR real_name = {string:username}
LIMIT 1', array('admin_group' => 1, 'username' => $_POST['user']));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('invalid_username', false);
}
list($_POST['bannedUser'], $isAdmin) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
if ($isAdmin && $isAdmin != 'f') {
fatal_lang_error('no_ban_admin', 'critical');
}
}
$ban_triggers[] = array(0, 0, 0, 0, 0, 0, 0, 0, '', '', (int) $_POST['bannedUser']);
$ban_logs[] = array('member' => $_POST['bannedUser']);
}
if (!empty($_POST['ban_suggestion']['ips']) && is_array($_POST['ban_suggestion']['ips'])) {
$_POST['ban_suggestion']['ips'] = array_unique($_POST['ban_suggestion']['ips']);
// Don't add the main IP again.
if (in_array('main_ip', $_POST['ban_suggestion'])) {
$_POST['ban_suggestion']['ips'] = array_diff($_POST['ban_suggestion']['ips'], array($_POST['main_ip']));
}
foreach ($_POST['ban_suggestion']['ips'] as $ip) {
$ip_parts = ip2range($ip);
// They should be alright, but just to be sure...
if (count($ip_parts) != 4) {
fatal_lang_error('invalid_ip', false);
}
$ban_triggers[] = array($ip_parts[0]['low'], $ip_parts[0]['high'], $ip_parts[1]['low'], $ip_parts[1]['high'], $ip_parts[2]['low'], $ip_parts[2]['high'], $ip_parts[3]['low'], $ip_parts[3]['high'], '', '', 0);
$ban_logs[] = array('ip_range' => $ip);
}
}
}
// Yes yes, we're ready to add now.
$smcFunc['db_insert']('', '{db_prefix}ban_groups', array('name' => 'string-20', 'ban_time' => 'int', 'expire_time' => 'raw', 'cannot_access' => 'int', 'cannot_register' => 'int', 'cannot_post' => 'int', 'cannot_login' => 'int', 'reason' => 'string-255', 'notes' => 'string-65534'), array($_POST['ban_name'], time(), $_POST['expiration'], $_POST['full_ban'], $_POST['cannot_register'], $_POST['cannot_post'], $_POST['cannot_login'], $_POST['reason'], $_POST['notes']), array('id_ban_group'));
$_REQUEST['bg'] = $smcFunc['db_insert_id']('{db_prefix}ban_groups', 'id_ban_group');
// Now that the ban group is added, add some triggers as well.
if (!empty($ban_triggers) && !empty($_REQUEST['bg'])) {
// Put in the ban group ID.
foreach ($ban_triggers as $k => $trigger) {
array_unshift($ban_triggers[$k], $_REQUEST['bg']);
}
// Log what we are doing!
foreach ($ban_logs as $log_details) {
logAction('ban', $log_details + array('new' => 1));
}
$smcFunc['db_insert']('', '{db_prefix}ban_items', array('id_ban_group' => 'int', 'ip_low1' => 'int', 'ip_high1' => 'int', 'ip_low2' => 'int', 'ip_high2' => 'int', 'ip_low3' => 'int', 'ip_high3' => 'int', 'ip_low4' => 'int', 'ip_high4' => 'int', 'hostname' => 'string-255', 'email_address' => 'string-255', 'id_member' => 'int'), $ban_triggers, array('id_ban'));
}
} else {
$smcFunc['db_query']('', '
UPDATE {db_prefix}ban_groups
SET
name = {string:ban_name},
reason = {string:reason},
notes = {string:notes},
expire_time = {raw:expiration},
cannot_access = {int:cannot_access},
cannot_post = {int:cannot_post},
cannot_register = {int:cannot_register},
cannot_login = {int:cannot_login}
WHERE id_ban_group = {int:id_ban_group}', array('expiration' => $_POST['expiration'], 'cannot_access' => $_POST['full_ban'], 'cannot_post' => $_POST['cannot_post'], 'cannot_register' => $_POST['cannot_register'], 'cannot_login' => $_POST['cannot_login'], 'id_ban_group' => $_REQUEST['bg'], 'ban_name' => $_POST['ban_name'], 'reason' => $_POST['reason'], 'notes' => $_POST['notes']));
}
// No more caching, we have something new here.
updateSettings(array('banLastUpdated' => time()));
updateBanMembers();
}
// If we're editing an existing ban, get it from the database.
if (!empty($_REQUEST['bg'])) {
$context['ban_items'] = array();
$request = $smcFunc['db_query']('', '
SELECT
bi.id_ban, bi.hostname, bi.email_address, bi.id_member, bi.hits,
bi.ip_low1, bi.ip_high1, bi.ip_low2, bi.ip_high2, bi.ip_low3, bi.ip_high3, bi.ip_low4, bi.ip_high4,
bg.id_ban_group, bg.name, bg.ban_time, bg.expire_time, bg.reason, bg.notes, bg.cannot_access, bg.cannot_register, bg.cannot_login, bg.cannot_post,
IFNULL(mem.id_member, 0) AS id_member, mem.member_name, mem.real_name
FROM {db_prefix}ban_groups AS bg
LEFT JOIN {db_prefix}ban_items AS bi ON (bi.id_ban_group = bg.id_ban_group)
LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = bi.id_member)
WHERE bg.id_ban_group = {int:current_ban}', array('current_ban' => $_REQUEST['bg']));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('ban_not_found', false);
}
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (!isset($context['ban'])) {
$context['ban'] = array('id' => $row['id_ban_group'], 'name' => $row['name'], 'expiration' => array('status' => $row['expire_time'] === null ? 'never' : ($row['expire_time'] < time() ? 'expired' : 'still_active_but_we_re_counting_the_days'), 'days' => $row['expire_time'] > time() ? floor(($row['expire_time'] - time()) / 86400) : 0), 'reason' => $row['reason'], 'notes' => $row['notes'], 'cannot' => array('access' => !empty($row['cannot_access']), 'post' => !empty($row['cannot_post']), 'register' => !empty($row['cannot_register']), 'login' => !empty($row['cannot_login'])), 'is_new' => false);
}
if (!empty($row['id_ban'])) {
$context['ban_items'][$row['id_ban']] = array('id' => $row['id_ban'], 'hits' => $row['hits']);
if (!empty($row['ip_high1'])) {
$context['ban_items'][$row['id_ban']]['type'] = 'ip';
$context['ban_items'][$row['id_ban']]['ip'] = range2ip(array($row['ip_low1'], $row['ip_low2'], $row['ip_low3'], $row['ip_low4']), array($row['ip_high1'], $row['ip_high2'], $row['ip_high3'], $row['ip_high4']));
} elseif (!empty($row['hostname'])) {
$context['ban_items'][$row['id_ban']]['type'] = 'hostname';
$context['ban_items'][$row['id_ban']]['hostname'] = str_replace('%', '*', $row['hostname']);
} elseif (!empty($row['email_address'])) {
$context['ban_items'][$row['id_ban']]['type'] = 'email';
$context['ban_items'][$row['id_ban']]['email'] = str_replace('%', '*', $row['email_address']);
} elseif (!empty($row['id_member'])) {
$context['ban_items'][$row['id_ban']]['type'] = 'user';
$context['ban_items'][$row['id_ban']]['user'] = array('id' => $row['id_member'], 'name' => $row['real_name'], 'href' => $scripturl . '?action=profile;u=' . $row['id_member'], 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>');
} else {
unset($context['ban_items'][$row['id_ban']]);
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}ban_items
WHERE id_ban = {int:current_ban}', array('current_ban' => $row['id_ban']));
}
}
}
$smcFunc['db_free_result']($request);
} else {
$context['ban'] = array('id' => 0, 'name' => '', 'expiration' => array('status' => 'never', 'days' => 0), 'reason' => '', 'notes' => '', 'ban_days' => 0, 'cannot' => array('access' => true, 'post' => false, 'register' => false, 'login' => false), 'is_new' => true);
$context['ban_suggestions'] = array('main_ip' => '', 'hostname' => '', 'email' => '', 'member' => array('id' => 0));
// Overwrite some of the default form values if a user ID was given.
if (!empty($_REQUEST['u'])) {
$request = $smcFunc['db_query']('', '
SELECT id_member, real_name, member_ip, email_address
FROM {db_prefix}members
WHERE id_member = {int:current_user}
LIMIT 1', array('current_user' => (int) $_REQUEST['u']));
if ($smcFunc['db_num_rows']($request) > 0) {
list($context['ban_suggestions']['member']['id'], $context['ban_suggestions']['member']['name'], $context['ban_suggestions']['main_ip'], $context['ban_suggestions']['email']) = $smcFunc['db_fetch_row']($request);
}
$smcFunc['db_free_result']($request);
if (!empty($context['ban_suggestions']['member']['id'])) {
$context['ban_suggestions']['href'] = $scripturl . '?action=profile;u=' . $context['ban_suggestions']['member']['id'];
$context['ban_suggestions']['member']['link'] = '<a href="' . $context['ban_suggestions']['href'] . '">' . $context['ban_suggestions']['member']['name'] . '</a>';
// Default the ban name to the name of the banned member.
$context['ban']['name'] = $context['ban_suggestions']['member']['name'];
// Would be nice if we could also ban the hostname.
if (preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $context['ban_suggestions']['main_ip']) == 1 && empty($modSettings['disableHostnameLookup'])) {
$context['ban_suggestions']['hostname'] = host_from_ip($context['ban_suggestions']['main_ip']);
}
// Find some additional IP's used by this member.
$context['ban_suggestions']['message_ips'] = array();
$request = $smcFunc['db_query']('ban_suggest_message_ips', '
SELECT DISTINCT poster_ip
FROM {db_prefix}messages
WHERE id_member = {int:current_user}
AND poster_ip RLIKE {string:poster_ip_regex}
ORDER BY poster_ip', array('current_user' => (int) $_REQUEST['u'], 'poster_ip_regex' => '^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$'));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['ban_suggestions']['message_ips'][] = $row['poster_ip'];
}
$smcFunc['db_free_result']($request);
$context['ban_suggestions']['error_ips'] = array();
$request = $smcFunc['db_query']('ban_suggest_error_ips', '
SELECT DISTINCT ip
FROM {db_prefix}log_errors
WHERE id_member = {int:current_user}
AND ip RLIKE {string:poster_ip_regex}
ORDER BY ip', array('current_user' => (int) $_REQUEST['u'], 'poster_ip_regex' => '^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$'));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['ban_suggestions']['error_ips'][] = $row['ip'];
}
$smcFunc['db_free_result']($request);
// Borrowing a few language strings from profile.
loadLanguage('Profile');
}
}
}
// Template needs this to show errors using javascript
loadLanguage('Errors');
// If we're in wireless mode remove the admin template layer and use a special template.
if (WIRELESS && WIRELESS_PROTOCOL != 'wap') {
$context['sub_template'] = WIRELESS_PROTOCOL . '_ban_edit';
foreach ($context['template_layers'] as $k => $v) {
if (strpos($v, 'generic_menu') === 0) {
unset($context['template_layers'][$k]);
}
}
} else {
$context['sub_template'] = 'ban_edit';
}
}
function deleteCategories($categories, $moveBoardsTo = null)
{
global $sourcedir, $smcFunc, $cat_tree;
require_once $sourcedir . '/Subs-Boards.php';
getBoardTree();
// With no category set to move the boards to, delete them all.
if ($moveBoardsTo === null) {
$request = $smcFunc['db_query']('', '
SELECT id_board
FROM {db_prefix}boards
WHERE id_cat IN ({array_int:category_list})', array('category_list' => $categories));
$boards_inside = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$boards_inside[] = $row['id_board'];
}
$smcFunc['db_free_result']($request);
if (!empty($boards_inside)) {
deleteBoards($boards_inside, null);
}
} elseif (in_array($moveBoardsTo, $categories)) {
trigger_error('deleteCategories(): You cannot move the boards to a category that\'s being deleted', E_USER_ERROR);
} else {
$smcFunc['db_query']('', '
UPDATE {db_prefix}boards
SET id_cat = {int:new_parent_cat}
WHERE id_cat IN ({array_int:category_list})', array('category_list' => $categories, 'new_parent_cat' => $moveBoardsTo));
}
// Noone will ever be able to collapse these categories anymore.
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}collapsed_categories
WHERE id_cat IN ({array_int:category_list})', array('category_list' => $categories));
// Do the deletion of the category itself
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}categories
WHERE id_cat IN ({array_int:category_list})', array('category_list' => $categories));
// Log what we've done.
foreach ($categories as $category) {
logAction('delete_cat', array('catname' => $cat_tree[$category]['node']['name']), 'admin');
}
// Get all boards back into the right order.
reorderBoards();
}
R::trash($collapsed);
$jsonResponse->message = 'Expanded lane ' . $lane->name;
} else {
$collapsed = R::dispense('collapsed');
$collapsed->userId = $user->id;
$collapsed->laneId = $laneId;
R::store($collapsed);
$jsonResponse->message = 'Collapsed lane ' . $lane->name;
}
$jsonResponse->addBeans(getBoards());
}
$app->response->setBody($jsonResponse->asJson());
})->conditions(['laneId' => '\\d+']);
// Numbers only.
$app->post('/boards/:boardId/toggleActive', function ($boardId) use($app, $jsonResponse) {
if (validateToken()) {
$user = getUser();
if ($user->isAdmin) {
$board = R::load('board', $boardId);
$before = $board->export();
$board->active = !$board->active;
R::store($board);
$state = $board->active ? 'active' : 'inactive';
$jsonResponse->message = 'Set board ' . $board->name . ' ' . $state;
$jsonResponse->addBeans(getBoards());
logAction($user->username . ' changed active status of board ' . $board->name, $before, $board->export());
}
}
$app->response->setBody($jsonResponse->asJson());
})->conditions(['boardId' => '\\d+']);
// Numbers only.
<?php
if (isset($_GET["page"])) {
$page = $_GET["page"];
} else {
$page = 1;
}
$max = ' LIMIT ' . ($page - 1) * $_SESSION['items'] . ',' . $_SESSION['items'];
if (isset($search)) {
logAction($_SESSION['user_name'], $lang['searched'] . ' (' . $search . ') ' . $lang['in'] . ' ' . $lang['database'], 1);
$sql = "SELECT * FROM `db` WHERE `dbid` LIKE '" . $search . "' OR `type` LIKE '%" . $search . "%';";
//todo: name searching
$result_of_query = $db_connection->query($sql);
$total_records = mysqli_num_rows($result_of_query);
$sql = "SELECT * FROM `db` WHERE `dbid` LIKE '" . $search . "' OR `type` LIKE '%" . $search . "%'" . $max . " ;";
} else {
$sql = "SELECT * FROM `db` " . $max . " ;";
}
$result_of_query = $db_connection->query($sql);
if ($result_of_query->num_rows > 0) {
?>
<div class="row">
<div class="col-lg-12">
<h1 class="page-header">
<?php
echo $lang['wantList'];
?>
</h1>
</div>
function ModifyWarningTemplate()
{
global $smcFunc, $context, $txt, $user_info, $sourcedir;
$context['id_template'] = isset($_REQUEST['tid']) ? (int) $_REQUEST['tid'] : 0;
$context['is_edit'] = $context['id_template'];
// Standard template things.
$context['page_title'] = $context['is_edit'] ? $txt['mc_warning_template_modify'] : $txt['mc_warning_template_add'];
$context['sub_template'] = 'warn_template';
$context[$context['moderation_menu_name']]['current_subsection'] = 'templates';
// Defaults.
$context['template_data'] = array('title' => '', 'body' => $txt['mc_warning_template_body_default'], 'personal' => false, 'can_edit_personal' => true);
// If it's an edit load it.
if ($context['is_edit']) {
$request = $smcFunc['db_query']('', '
SELECT id_member, id_recipient, recipient_name AS template_title, body
FROM {db_prefix}log_comments
WHERE id_comment = {int:id}
AND comment_type = {string:warntpl}
AND (id_recipient = {int:generic} OR id_recipient = {int:current_member})', array('id' => $context['id_template'], 'warntpl' => 'warntpl', 'generic' => 0, 'current_member' => $user_info['id']));
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['template_data'] = array('title' => $row['template_title'], 'body' => $smcFunc['htmlspecialchars']($row['body']), 'personal' => $row['id_recipient'], 'can_edit_personal' => $row['id_member'] == $user_info['id']);
}
$smcFunc['db_free_result']($request);
}
// Wait, we are saving?
if (isset($_POST['save'])) {
checkSession('post');
// To check the BBC is pretty good...
require_once $sourcedir . '/Subs-Post.php';
// Bit of cleaning!
$_POST['template_body'] = trim($_POST['template_body']);
$_POST['template_title'] = trim($_POST['template_title']);
// Need something in both boxes.
if (empty($_POST['template_body']) || empty($_POST['template_title'])) {
fatal_error($txt['mc_warning_template_error_empty']);
}
// Safety first.
$_POST['template_title'] = $smcFunc['htmlspecialchars']($_POST['template_title']);
// Clean up BBC.
preparsecode($_POST['template_body']);
// But put line breaks back!
$_POST['template_body'] = strtr($_POST['template_body'], array('<br />' => "\n"));
// Is this personal?
$recipient_id = !empty($_POST['make_personal']) ? $user_info['id'] : 0;
// If we are this far it's save time.
if ($context['is_edit']) {
// Simple update...
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_comments
SET id_recipient = {int:personal}, recipient_name = {string:title}, body = {string:body}
WHERE id_comment = {int:id}
AND comment_type = {string:warntpl}
AND (id_recipient = {int:generic} OR id_recipient = {int:current_member})' . ($recipient_id ? ' AND id_member = {int:current_member}' : ''), array('personal' => $recipient_id, 'title' => $_POST['template_title'], 'body' => $_POST['template_body'], 'id' => $context['id_template'], 'warntpl' => 'warntpl', 'generic' => 0, 'current_member' => $user_info['id']));
// If it wasn't visible and now is they've effectively added it.
if ($context['template_data']['personal'] && !$recipient_id) {
logAction('add_warn_template', array('template' => $_POST['template_title']));
} elseif (!$context['template_data']['personal'] && $recipient_id) {
logAction('delete_warn_template', array('template' => $_POST['template_title']));
} else {
logAction('modify_warn_template', array('template' => $_POST['template_title']));
}
} else {
$smcFunc['db_insert']('', '{db_prefix}log_comments', array('id_member' => 'int', 'member_name' => 'string', 'comment_type' => 'string', 'id_recipient' => 'int', 'recipient_name' => 'string-255', 'body' => 'string-65535', 'log_time' => 'int'), array($user_info['id'], $user_info['name'], 'warntpl', $recipient_id, $_POST['template_title'], $_POST['template_body'], time()), array('id_comment'));
logAction('add_warn_template', array('template' => $_POST['template_title']));
}
// Get out of town...
redirectexit('action=moderate;area=warnings;sa=templates');
}
}
