* Sends the reply notification to users subscribed to this issue.
* @param	array	Info about this issue
* @param	array	Info about this note (including text)
function send_issue_reply_notification($issue, $issuenote)
    global $vbulletin, $db, $vbphrase;
    if ($issuenote['type'] != 'user' and $issuenote['type'] != 'petition') {
        // only send if the note is a "normal" note type
    $project = fetch_project_info($issue['projectid']);
    $previousnote = $db->query_first("\r\n\t\tSELECT MAX(dateline) AS dateline\r\n\t\tFROM " . TABLE_PREFIX . "pt_issuenote AS issuenote\r\n\t\tWHERE issuenote.issueid = {$issue['issueid']}\r\n\t\t\tAND issuenote.dateline < {$issuenote['dateline']}\r\n\t\t\tAND issuenote.visible = 'visible'\r\n\t\t\tAND issuenote.type IN ('user', 'petition')\r\n\t");
    $notifications = $db->query_read_slave("\r\n\t\tSELECT user.*\r\n\t\tFROM " . TABLE_PREFIX . "pt_issuesubscribe AS issuesubscribe\r\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (issuesubscribe.userid = user.userid)\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\r\n\t\tWHERE issuesubscribe.issueid = {$issue['issueid']}\r\n\t\t\tAND issuesubscribe.subscribetype = 'instant'\r\n\t\t\tAND (usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\r\n\t\t\t" . ($issuenote['userid'] ? "AND CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE ' " . intval($issuenote['userid']) . " '" : '') . "\r\n\t\t\tAND user.userid <> {$issuenote['userid']}\r\n\t\t\tAND user.lastactivity >= " . intval($previousnote['dateline']) . "\r\n\t");
    if ($db->num_rows($notifications) == 0) {
    require_once DIR . '/includes/functions_misc.php';
    require_once DIR . '/includes/class_bbcode_alt.php';
    $plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list());
    $pagetext_cache = array();
    // used to cache the results per languageid for speed
    $evalemail = array();
    $email_texts = $vbulletin->db->query_read_slave("\r\n\t\tSELECT text, languageid, fieldname\r\n\t\tFROM " . TABLE_PREFIX . "phrase\r\n\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify_pt'\r\n\t");
    while ($email_text = $vbulletin->db->fetch_array($email_texts)) {
        $emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text'];
    foreach ($emails as $languageid => $email_text) {
        // lets cycle through our array of notify phrases
        $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
        $text_message = replace_template_variables($text_message);
        $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
        $text_subject = replace_template_variables($text_subject);
        $evalemail["{$languageid}"] = '
			$message = "' . $text_message . '";
			$subject = "' . $text_subject . '";
    while ($notification = $vbulletin->db->fetch_array($notifications)) {
        // check that this user has the correct permissions to view
        if (verify_issue_perms($issue, $notification) === false or verify_issue_note_perms($issue, $issuenote, $notification) === false) {
        $notification['username'] = unhtmlspecialchars($notification['username']);
        $notification['languageid'] = iif($notification['languageid'] == 0, $vbulletin->options['languageid'], $notification['languageid']);
        // parse the page text into plain text, taking selected language into account
        if (!isset($pagetext_cache["{$notification['languageid']}"])) {
            $pagetext_cache["{$notification['languageid']}"] = $plaintext_parser->parse($issuenote['pagetext'], 'pt');
        $pagetext = $pagetext_cache["{$notification['languageid']}"];
        eval(empty($evalemail["{$notification['languageid']}"]) ? $evalemail["-1"] : $evalemail["{$notification['languageid']}"]);
        vbmail($notification['email'], $subject, $message);
    unset($plaintext_parser, $pagetext_cache);
Exemple #2
 * Sends Thread subscription Notifications
 * @param	integer	The Thread ID
 * @param	integer	The User ID making the Post
 * @param	integer	The Post ID of the new post
function exec_send_notification($threadid, $userid, $postid)
    // $threadid = threadid to send from;
    // $userid = userid of who made the post
    // $postid = only sent if post is moderated -- used to get username correctly
    global $vbulletin, $message, $postusername;
    if (!$vbulletin->options['enableemail']) {
    // include for fetch_phrase
    require_once DIR . '/includes/functions_misc.php';
    $threadinfo = fetch_threadinfo($threadid);
    $foruminfo = fetch_foruminfo($threadinfo['forumid']);
    // get last reply time
    if ($postid) {
        $dateline = $vbulletin->db->query_first("\n\t\t\tSELECT dateline, pagetext\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE postid = {$postid}\n\t\t");
        $pagetext_orig = $dateline['pagetext'];
        $lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tWHERE threadid = {$threadid}\n\t\t\t\tAND dateline < {$dateline['dateline']}\n\t\t\t\tAND visible = 1\n\t\t");
    } else {
        $lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(postid) AS postid, MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tWHERE threadid = {$threadid}\n\t\t\t\tAND visible = 1\n\t\t");
        $pagetext = $vbulletin->db->query_first("\n\t\t\tSELECT pagetext\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE postid = {$lastposttime['postid']}\n\t\t");
        $pagetext_orig = $pagetext['pagetext'];
    $threadinfo['title'] = unhtmlspecialchars($threadinfo['title']);
    $foruminfo['title_clean'] = unhtmlspecialchars($foruminfo['title_clean']);
    $temp = $vbulletin->userinfo['username'];
    if ($postid) {
        $postinfo = fetch_postinfo($postid);
        $vbulletin->userinfo['username'] = unhtmlspecialchars($postinfo['username']);
    } else {
        $vbulletin->userinfo['username'] = unhtmlspecialchars(!$vbulletin->userinfo['userid'] ? $postusername : $vbulletin->userinfo['username']);
    require_once DIR . '/includes/class_bbcode_alt.php';
    $plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list());
    $pagetext_cache = array();
    // used to cache the results per languageid for speed
    $mod_emails = fetch_moderator_newpost_emails('newpostemail', $foruminfo['parentlist'], $language_info);
    ($hook = vBulletinHook::fetch_hook('newpost_notification_start')) ? eval($hook) : false;
    $useremails = $vbulletin->db->query_read_slave("\n\t\tSELECT user.*, subscribethread.emailupdate, subscribethread.subscribethreadid\n\t\tFROM " . TABLE_PREFIX . "subscribethread AS subscribethread\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (subscribethread.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tWHERE subscribethread.threadid = {$threadid} AND\n\t\t\tsubscribethread.emailupdate IN (1, 4) AND\n\t\t\tsubscribethread.canview = 1 AND\n\t\t\t" . ($userid ? "CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE '% " . intval($userid) . " %' AND" : '') . "\n\t\t\tuser.usergroupid <> 3 AND\n\t\t\tuser.userid <> " . intval($userid) . " AND\n\t\t\tuser.lastactivity >= " . intval($lastposttime['dateline']) . " AND\n\t\t\t(usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\n\t");
    $evalemail = array();
    while ($touser = $vbulletin->db->fetch_array($useremails)) {
        if (!($vbulletin->usergroupcache["{$touser['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'])) {
        } else {
            if (in_array($touser['email'], $mod_emails)) {
                // this user already received an email about this post via
                // a new post email for mods -- don't send another
        $touser['username'] = unhtmlspecialchars($touser['username']);
        $touser['languageid'] = iif($touser['languageid'] == 0, $vbulletin->options['languageid'], $touser['languageid']);
        $touser['auth'] = md5($touser['userid'] . $touser['subscribethreadid'] . $touser['salt'] . COOKIE_SALT);
        if (empty($evalemail)) {
            $email_texts = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT text, languageid, fieldname\n\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify'\n\t\t\t");
            while ($email_text = $vbulletin->db->fetch_array($email_texts)) {
                $emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text'];
            require_once DIR . '/includes/functions_misc.php';
            foreach ($emails as $languageid => $email_text) {
                // lets cycle through our array of notify phrases
                $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
                $text_message = replace_template_variables($text_message);
                $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
                $text_subject = replace_template_variables($text_subject);
                $evalemail["{$languageid}"] = '
					$message = "' . $text_message . '";
					$subject = "' . $text_subject . '";
        // parse the page text into plain text, taking selected language into account
        if (!isset($pagetext_cache["{$touser['languageid']}"])) {
            $pagetext_cache["{$touser['languageid']}"] = $plaintext_parser->parse($pagetext_orig, $foruminfo['forumid']);
        $pagetext = $pagetext_cache["{$touser['languageid']}"];
        if ($threadinfo['prefixid']) {
            // need prefix in correct language
            $threadinfo['prefix_plain'] = fetch_phrase("prefix_{$threadinfo['prefixid']}_title_plain", 'global', '', false, true, $touser['languageid'], false) . ' ';
        } else {
            $threadinfo['prefix_plain'] = '';
        ($hook = vBulletinHook::fetch_hook('newpost_notification_message')) ? eval($hook) : false;
        eval(iif(empty($evalemail["{$touser['languageid']}"]), $evalemail["-1"], $evalemail["{$touser['languageid']}"]));
        if ($touser['emailupdate'] == 4 and !empty($touser['icq'])) {
            // instant notification by ICQ
            $touser['email'] = $touser['icq'] . '@pager.icq.com';
        vbmail($touser['email'], $subject, $message);
    unset($plaintext_parser, $pagetext_cache);
    $vbulletin->userinfo['username'] = $temp;
* Processes a raw template for conditionals, phrases etc into PHP code for eval()
* @param	string	Template
* @return	string
function compile_template($template)
    $orig_template = $template;
    $template = addslashes($template);
    $template = process_template_conditionals($template);
    $template = process_template_phrases('phrase', $template, 'parse_phrase_tag');
    if (!function_exists('replace_template_variables')) {
        require_once DIR . '/includes/functions_misc.php';
    $template = replace_template_variables($template, false);
    ($hook = vBulletinHook::fetch_hook('template_compile')) ? eval($hook) : false;
    $template = str_replace('\\\\$', '\\$', $template);
    if (function_exists('token_get_all')) {
        $tokens = @token_get_all('<?php $var = "' . $template . '"; ?>');
        foreach ($tokens as $token) {
            if (is_array($token)) {
                switch ($token[0]) {
                    case T_INCLUDE:
                    case T_INCLUDE_ONCE:
                    case T_REQUIRE:
                    case T_REQUIRE_ONCE:
                        global $vbphrase;
                        echo "<p>&nbsp;</p><p>&nbsp;</p>";
                        print_form_header('', '', 0, 1, '', '65%');
                        print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)'));
    if (function_exists('verify_demo_template')) {
    return $template;
Exemple #4
	function post_save_each($doquery = true)
		$blogid = intval($this->fetch_field('blogid'));
		$userid = intval($this->fetch_field('userid'));
		$blogtextid = $this->fetch_field('blogtextid');
		$postedby_userid = intval($this->fetch_field('postedby_userid'));

		require_once(DIR . '/vb/search/indexcontroller/queue.php');
		vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogEntry', 'index', $blogid);
		vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogComment', 'group_data_change', $blogid);

		if (!$condition AND $this->info['addtags'])
			// invalidate users tag cloud
			$dataman =& datamanager_init('Blog_User', $this->registry, ERRTYPE_SILENT);
			$info = array('bloguserid' => $userid);
			$dataman->set('tagcloud', '');


		// Insert entry for moderation
		if ($this->fetch_field('state') == 'moderation')
			/*insert query*/
				INSERT IGNORE INTO " . TABLE_PREFIX . "blog_moderation
					(primaryid, type, dateline)
					($blogid, 'blogid', " . TIMENOW . ")

		// Insert entry for moderation
		if (!$this->condition AND ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') OR $this->fetch_field('pending'))
			$userinfo = array('bloguserid' => $userid);
			$userdata =& datamanager_init('Blog_user', $this->registry, ERRTYPE_SILENT);
			if ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft')
				$userdata->set($this->fetch_field('state'), $this->fetch_field('state') . ' + 1', false);
			if ($this->fetch_field('pending'))
				$userdata->set('pending', 'pending + 1', false);

		// Send Email Notification
		if (((!$this->condition AND !$this->fetch_field('pending')) OR $this->info['send_notification']) AND ($this->fetch_field('state') == 'visible' OR $this->fetch_field('state') == 'moderation') AND $this->registry->options['enableemail'])
			$lastposttime = $this->dbobject->query_first("
				SELECT MAX(dateline) AS dateline
				FROM " . TABLE_PREFIX . "blog AS blog
				WHERE blogid = $blogid
					AND dateline < " . $this->fetch_field('dateline') . "
					AND state = 'visible'

			$entrytitle = unhtmlspecialchars($this->fetch_field('title'));
			if (defined('VBBLOG_PERMS') AND $this->registry->userinfo['userid'] == $this->fetch_field('userid'))
				$blogtitle = unhtmlspecialchars($this->registry->userinfo['blog_title']);
				$username = unhtmlspecialchars($this->registry->userinfo['username']);
				$userinfo =& $this->registry->userinfo;
				if (!defined('VBBLOG_PERMS'))
				{	// Tell the fetch_userinfo plugin that we need the blog fields in case this class is being called by a non blog script
					define('VBBLOG_PERMS', true);
				$userinfo = fetch_userinfo($this->fetch_field('userid'), 1);
				cache_permissions($userinfo, false);
				$blogtitle = unhtmlspecialchars($userinfo['blog_title']);
				if ($userinfo['userid'] != $this->fetch_field('userid'))
					$userinfo2 = fetch_userinfo($this->fetch_field('userid'), 1);
					$username = unhtmlspecialchars($userinfo2['username']);
					$username = unhtmlspecialchars($userinfo['username']);

			require_once(DIR . '/includes/class_bbcode_alt.php');
			$plaintext_parser = new vB_BbCodeParser_PlainText($this->registry, fetch_tag_list());
			$pagetext_cache = array(); // used to cache the results per languageid for speed

			$pagetext_orig =& $this->fetch_field('pagetext', 'blog_text');

			($hook = vBulletinHook::fetch_hook('blog_user_notification_start')) ? eval($hook) : false;

			$useremails = $this->dbobject->query_read_slave("
					ignored.relationid AS ignoreid, buddy.relationid AS buddyid,
					bu.isblogmoderator, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid
				FROM " . TABLE_PREFIX . "blog_subscribeuser AS blog_subscribeuser
				INNER JOIN " . TABLE_PREFIX . "user AS user ON (blog_subscribeuser.userid = user.userid)
				LEFT JOIN " . TABLE_PREFIX . "blog_moderator AS bm ON (bm.userid = user.userid)
				LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = $userid AND buddy.relationid = user.userid AND buddy.type = 'buddy')
				LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = $userid AND ignored.relationid = user.userid AND ignored.type = 'ignore')
				LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = user.userid)
					blog_subscribeuser.bloguserid = $userid
					" . ($userid == $postedby_userid ? "blog_subscribeuser.userid <> $userid AND" : "") . "
					blog_subscribeuser.type = 'email'
					user.usergroupid <> 3
					user.lastactivity >= " . intval($lastposttime['dateline']) . "


			$setoptions = $this->fetch_field('options');

			$evalemail = array();
			while ($touser = $this->dbobject->fetch_array($useremails))
				cache_permissions($touser, false);
				// only send private entries to contacts and moderators
				if ($setoptions["{$this->bitfields['options']['private']}"] AND !$touser['buddyid'] AND !$touser['blogmoderatorid'] AND !is_member_of_blog($touser, $userinfo))

				if (!($this->registry->usergroupcache["$touser[usergroupid]"]['genericoptions'] & $this->registry->bf_ugp_genericoptions['isnotbannedgroup']))

				if ($this->fetch_field('state') == 'moderation')
					if ($touser['userid'] != $userid AND !can_moderate_blog('canmoderateentries', $touser))

				if (!empty($this->info['categories']))
					if (array_intersect($touser['blogcategorypermissions']['cantview'], $this->info['categories']) AND $userinfo['userid'] != $touser['userid'])

				if (!($touser['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
				else if (
					!($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'])
					!($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['ismoderator'])
					(!$userinfo['ignore_canviewmyblog'] OR !$touser['ignoreid'])
					(!$userinfo['buddy_canviewmyblog'] OR !$touser['buddyid'])
					(!$userinfo['member_canviewmyblog'] OR (!$userinfo['buddy_canviewmyblog'] AND $touser['budyid']) OR (!$userinfo['ignore_canviewmyblog'] AND $touser['ignoreid']))
					!is_member_of_blog($touser, $userinfo)

				$touser['username'] = unhtmlspecialchars($touser['username']);
				$touser['languageid'] = iif($touser['languageid'] == 0, $this->registry->options['languageid'], $touser['languageid']);
				$touser['auth'] = md5($touser['userid'] . $touser['blogsubscribeuserid'] . $touser['salt'] . COOKIE_SALT);

				if (empty($evalemail))
					$email_texts = $this->dbobject->query_read_slave("
						SELECT text, languageid, fieldname
						FROM " . TABLE_PREFIX . "phrase
						WHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'blog_user_notify'

					while ($email_text = $this->dbobject->fetch_array($email_texts))
						$emails["$email_text[languageid]"]["$email_text[fieldname]"] = $email_text['text'];

					require_once(DIR . '/includes/functions_misc.php');

					foreach ($emails AS $languageid => $email_text)
						// lets cycle through our array of notify phrases
						$text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
						$text_message = replace_template_variables($text_message);
						$text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
						$text_subject = replace_template_variables($text_subject);

						$evalemail["$languageid"] = '
							$message = "' . $text_message . '";
							$subject = "' . $text_subject . '";

				// parse the page text into plain text, taking selected language into account
				if (!isset($pagetext_cache["$touser[languageid]"]))
					$pagetext_cache["$touser[languageid]"] = $plaintext_parser->parse($pagetext_orig);
				$pagetext = $pagetext_cache["$touser[languageid]"];

				($hook = vBulletinHook::fetch_hook('blog_user_notification_message')) ? eval($hook) : false;

				eval(iif(empty($evalemail["$touser[languageid]"]), $evalemail["-1"], $evalemail["$touser[languageid]"]));

				vbmail($touser['email'], $subject, $message);
			unset($plaintext_parser, $pagetext_cache);



		if ($this->fetch_field('dateline') <= TIMENOW)

		if ($this->condition AND $this->info['emailupdate'] == 'none' AND ($userid != $this->registry->userinfo['userid'] OR ($userid == $this->registry->userinfo['userid'] AND $this->existing['entrysubscribed'])))
				DELETE FROM " . TABLE_PREFIX . "blog_subscribeentry
				WHERE blogid = $blogid AND userid = $userid
		else if ($this->info['emailupdate'] == 'email' OR $this->info['emailupdate'] == 'usercp')
				REPLACE INTO " . TABLE_PREFIX . "blog_subscribeentry
				(blogid, dateline, type, userid)
				($blogid, " . TIMENOW . ", '" . $this->info['emailupdate'] . "', $userid)

		($hook = vBulletinHook::fetch_hook('blog_fpdata_postsave')) ? eval($hook) : false;
Exemple #5
                    if (empty($pmdm->errors)) {
                        ($hook = vBulletinHook::fetch_hook('private_insertpm_complete')) ? eval($hook) : false;
            } else {
                if ($status == -1) {
                    // deleted
                    if ($vbulletin->GPC['send_deleted']) {
                        if (!isset($evalemail_deleted["{$user['languageid']}"])) {
                            $email_text = $db->query_first("\n\t\t\t\t\t\t\tSELECT text\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\t\t\t\tWHERE fieldname = 'emailbody'\n\t\t\t\t\t\t\t\tAND varname = 'moderation_deleted'\n\t\t\t\t\t\t\t\tAND languageid IN(-1,0,{$chosenlanguage})\n\t\t\t\t\t\t\tORDER BY languageid DESC\n\t\t\t\t\t\t");
                            $email_subject = $db->query_first("\n\t\t\t\t\t\t\tSELECT text\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\t\t\t\tWHERE fieldname = 'emailsubject'\n\t\t\t\t\t\t\t\tAND varname = 'moderation_deleted'\n\t\t\t\t\t\t\t\tAND languageid IN(-1,0,{$chosenlanguage})\n\t\t\t\t\t\t\tORDER BY languageid DESC\n\t\t\t\t\t\t");
                            $text_message = replace_template_variables(str_replace("\\'", "'", addslashes($email_text['text'])));
                            $text_subject = replace_template_variables(str_replace("\\'", "'", addslashes($email_subject['text'])));
                            $evalemail_deleted["{$user['languageid']}"] = '
							$message = "' . $text_message . '";
							$subject = "' . $text_subject . '";
                        vbmail($user['email'], $subject, $message, true);
                    $userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
            // else, do nothing
 * Sends email notifications for discussions.
 * @param int		$discussion		- The discussion being updated
 * @param int		$messageid		- Id of the message that triggered the update
 * @param string	$postusername	- Optional username displayed on post
function exec_send_sg_notification($discussionid, $gmid = false, $postusername = false)
    global $vbulletin;
    if (!$vbulletin->options['enableemail']) {
    $discussion = fetch_socialdiscussioninfo($discussionid);
    // if there are no subscribers, no need to send notifications
    if (!$discussion['subscribers']) {
    // if the discussion is moderated or deleted, don't send notification
    if ('deleted' == $discussion['state'] or 'moderation' == $discussion['state']) {
    $group = fetch_socialgroupinfo($discussion['groupid']);
    if (!$gmid) {
        // get last gmid from discussion
        $gmid = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(gmid) AS gmid\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND state = 'visible'\n\t\t");
        $gmid = $gmid['gmid'];
    // get message details
    $gmessage = fetch_groupmessageinfo($gmid);
    if (!$gmessage) {
    // get post time of previous message - if a user hasn't been active since then we won't resend a notification
    $lastposttime = ($lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND dateline < {$gmessage['dateline']}\n\t\t\t\tAND state = 'visible'\n\t")) ? $lastposttime['dateline'] : $gmessage['dateline'];
    $discussion['title'] = unhtmlspecialchars($discussion['title']);
    $group['name'] = unhtmlspecialchars($group['name']);
    // temporarily use postusername in userinfo
    if (!$postusername) {
        // get current user name if user exists
        if ($gmessage['postuserid'] and $userinfo = fetch_userinfo($gmessage['postuserid'])) {
            $postusername = $userinfo['username'];
        } else {
            $postusername = $gmessage['postusername'];
    $postusername = unhtmlspecialchars($postusername);
    $userid = $gmessage['postuserid'];
    ($hook = vBulletinHook::fetch_hook('newpost_sg_notification_start')) ? eval($hook) : false;
    $useremails = $vbulletin->db->query_read_slave("\n\t\tSELECT user.*, subscribediscussion.emailupdate, subscribediscussion.subscribediscussionid, IF(socialgroupmember.userid IS NOT NULL,1,0) ismember\n\t\tFROM " . TABLE_PREFIX . "subscribediscussion AS subscribediscussion\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (subscribediscussion.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember ON (socialgroupmember.userid = user.userid AND socialgroupmember.groupid = {$group['groupid']})\n\t\tWHERE subscribediscussion.discussionid = {$discussion['discussionid']}\n\t\t AND subscribediscussion.emailupdate = 1\n\t\t AND " . ($gmessage['postuserid'] ? " CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE ' " . intval($userid) . " '" : '') . "\n\t\t AND user.usergroupid <> 3\n\t\t AND user.userid <> " . intval($userid) . "\n\t\t AND user.lastactivity >= " . intval($lastposttime) . "\n\t\t AND (usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\n\t");
    // parser for plaintexting the message pagetext
    require_once DIR . '/includes/class_bbcode_alt.php';
    $plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list());
    $pagetext_cache = array();
    // used to cache the results per languageid for speed
    $evalemail = array();
    while ($touser = $vbulletin->db->fetch_array($useremails)) {
        // check user can view discussion
        $permissions = cache_permissions($touser, false);
        if (!($vbulletin->usergroupcache["{$touser['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']) or !($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview']) or !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canviewgroups']) or $group['options'] & $vbulletin->bf_misc_socialgroupoptions['join_to_view'] and !$touser['ismember'] and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayscreatediscussion']) and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayspostmessage'])) {
        $touser['username'] = unhtmlspecialchars($touser['username']);
        $touser['languageid'] = iif($touser['languageid'] == 0, $vbulletin->options['languageid'], $touser['languageid']);
        $touser['auth'] = md5($touser['userid'] . $touser['subscribediscussionid'] . $touser['salt'] . COOKIE_SALT);
        if (empty($evalemail)) {
            $email_texts = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT text, languageid, fieldname\n\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify_discussion'\n\t\t\t");
            while ($email_text = $vbulletin->db->fetch_array($email_texts)) {
                $emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text'];
            require_once DIR . '/includes/functions_misc.php';
            foreach ($emails as $languageid => $email_text) {
                // lets cycle through our array of notify phrases
                $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
                $text_message = replace_template_variables($text_message);
                $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
                $text_subject = replace_template_variables($text_subject);
                $evalemail["{$languageid}"] = '
					$message = "' . $text_message . '";
					$subject = "' . $text_subject . '";
        // parse the page text into plain text, taking selected language into account
        if (!isset($pagetext_cache["{$touser['languageid']}"])) {
            $pagetext_cache["{$touser['languageid']}"] = $plaintext_parser->parse($gmessage['pagetext']);
        $pagetext = $pagetext_cache["{$touser['languageid']}"];
        ($hook = vBulletinHook::fetch_hook('new_sg_message_notification_message')) ? eval($hook) : false;
        eval(iif(empty($evalemail["{$touser['languageid']}"]), $evalemail["-1"], $evalemail["{$touser['languageid']}"]));
        vbmail($touser['email'], $subject, $message);
    unset($plaintext_parser, $pagetext_cache);
* Processes a raw template for conditionals, phrases etc into PHP code for eval()
* @param	string	Template
* @return	string
function compile_template($template, &$errors = array())
	$orig_template = $template;

	$template = preg_replace('#[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]#', '', $template);
	$new_syntax = (strpos($template, '<vb:') !== false OR strpos($template, '{vb:') !== false);
	$old_syntax = (strpos($template, '<if') !== false OR strpos($template, '<phrase') !== false);
	$maybe_old_syntax = preg_match('/(^|[^{])\$[a-z0-9_]+\[?/si', $template);

	if (!$new_syntax AND ($old_syntax OR $maybe_old_syntax))
		$template = addslashes($template);
		$template = process_template_conditionals($template);
		$template = process_template_phrases('phrase', $template, 'parse_phrase_tag');
		$template = process_seo_urls($template);

		if (!function_exists('replace_template_variables') OR !function_exists('validate_string_for_interpolation'))
			require_once(DIR . '/includes/functions_misc.php');

		//only check the old style syntax, the new style doesn't use string interpolation and isn't affected
		//by this exploit.  The new syntax doesn't 100% pass this check.
			global $vbphrase;
			echo "<p>&nbsp;</p><p>&nbsp;</p>";
			print_form_header('', '', 0, 1, '', '65%');
			print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)'));

		$template = replace_template_variables($template, false);

		$template = str_replace('\\\\$', '\\$', $template);

		if (function_exists('token_get_all'))
			$tokens = @token_get_all('<?php $var = "' . $template . '"; ?>');

			foreach ($tokens AS $token)
				if (is_array($token))
					switch ($token[0])
						case T_INCLUDE:
						case T_INCLUDE_ONCE:
						case T_REQUIRE:
						case T_REQUIRE_ONCE:
							global $vbphrase;
							echo "<p>&nbsp;</p><p>&nbsp;</p>";
							print_form_header('', '', 0, 1, '', '65%');
							print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)'));
		require_once(DIR . '/includes/class_template_parser.php');
		$parser = new vB_TemplateParser($orig_template);

		catch (vB_Exception_TemplateFatalError $e)
			global $vbphrase;
			echo "<p>&nbsp;</p><p>&nbsp;</p>";
			print_form_header('', '', 0, 1, '', '65%');
			print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)'));

		$template = $parser->compile();

		// TODO: Reimplement these - if done, $session[], $bbuserinfo[], $vboptions will parse in the template without using {vb:raw, which isn't what we
		// necessarily want to happen
		if (!function_exists('replace_template_variables'))
			require_once(DIR . '/includes/functions_misc.php');
		$template = replace_template_variables($template, false);

	if (function_exists('verify_demo_template'))

	($hook = vBulletinHook::fetch_hook('template_compile')) ? eval($hook) : false;

	return $template;
* Fetches a specific type of phrase from the database
* @param	string	Varname of the phrase to be fetched
* @param	integer	Phrase Type ID of the phrase to be fetched
* @param	string	String to be removed from the beginning of specified phrase varname (varname = 'moo_thing', strreplace = 'moo_' => varname = 'thing')
* @param	boolean	Whether or not to parse any quotes in the fetched text ready for eval()
* @param	boolean	Fetch phrase from all languages (?)
* @param	integer	Desired language ID from which to pull the phrase text
* @param	boolean	If true, converts '{1}' and '{2}' into '%1$s' and '%2$s' etc., in preparation for sprintf() parsing
* @return	string
function fetch_phrase($phrasename, $fieldname, $strreplace = '', $doquotes = true, $alllanguages = false, $languageid = -1, $dobracevars = true)
    // we need to do some caching in this function I believe
    global $vbulletin, $vbphrase;
    static $phrase_cache;
    if (!empty($strreplace)) {
        if (strpos("{$phrasename}", $strreplace) === 0) {
            $phrasename = substr($phrasename, strlen($strreplace));
    $languageid = intval($languageid);
    if (!isset($phrase_cache["{$fieldname}-{$phrasename}"])) {
        $getphrases = $vbulletin->db->query_read_slave("\n\t\t\tSELECT text, languageid, special\n\t\t\tFROM " . TABLE_PREFIX . "phrase AS phrase\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "phrasetype USING (fieldname)\n\t\t\tWHERE phrase.fieldname = '" . $vbulletin->db->escape_string($fieldname) . "'\n\t\t\t\tAND varname = '" . $vbulletin->db->escape_string($phrasename) . "' " . iif(!$alllanguages, "AND languageid IN (-1, 0, " . ($languageid > 0 ? $languageid : intval(LANGUAGEID)) . ")"));
        while ($getphrase = $vbulletin->db->fetch_array($getphrases)) {
            $phrase_cache["{$fieldname}-{$phrasename}"]["{$getphrase['languageid']}"] = $getphrase['text'];
            $phrase_cache["{$fieldname}-{$phrasename}"]['special'] = $getphrase['special'];
    $phrase =& $phrase_cache["{$fieldname}-{$phrasename}"];
    $special = $phrase['special'];
    if ($languageid == -1) {
        // didn't pass in a languageid as this is the default value so use the browsing user's languageid
        $languageid = LANGUAGEID;
    } else {
        if ($languageid == 0) {
            // the user is using forum default
            $languageid = $vbulletin->options['languageid'];
    if (isset($phrase["{$languageid}"])) {
        $messagetext = $phrase["{$languageid}"];
    } else {
        if (isset($phrase[0])) {
            $messagetext = $phrase[0];
        } else {
            if (isset($phrase['-1'])) {
                $messagetext = $phrase['-1'];
            } else {
                if (isset($vbphrase["{$phrasename}"]) and (VB_AREA == 'Upgrade' or VB_AREA == 'Install')) {
                    $messagetext = $vbphrase["{$phrasename}"];
                } else {
                    $messagetext = "Could not find phrase '{$phrasename}'.";
    if ($dobracevars) {
        $messagetext = str_replace('%', '%%', $messagetext);
        $messagetext = preg_replace('#\\{([0-9]+)\\}#sU', '%\\1$s', $messagetext);
    if ($doquotes) {
        $messagetext = str_replace("\\'", "'", addslashes($messagetext));
        if ($special) {
            // these phrases have variables in them. Thus, they could have variables like $vboptions that need to be replaced
            $messagetext = replace_template_variables($messagetext, false);
    return $messagetext;
	public static function compile(vB_DomNode $main_node, vB_TemplateParser $parser)
		$true_value = '';
		$else_value = '';
		$elseif_conditions = array();
		$write_location = 'true';

		$child_nodes = $main_node->childNodes();
		foreach (array_keys($child_nodes) AS $key)
			// find the 3 types of conditional values: if (true), elseif, else (false)
			// use a switch with references so we can write to a single variable for each case
			$node =& $child_nodes["$key"];
			switch ($write_location)
				case 'true':
					$location_ref =& $true_value;

				case 'else':
					$location_ref =& $else_value;

				case 'elseif':
					$keys = array_keys($elseif_conditions);
					$key = end($keys);
					$location_ref =& $elseif_conditions[$key]['value'];

			if ($node->type == 'text')
				$location_ref .= $parser->_escape_string($node->value);
			else if ($node->type == 'tag')
				switch ($node->value)
					case 'elseif':
						// found an elseif tag, make a new entry
						$elseif_conditions[] = array(
							'condition' => $node->attributes['condition'],
							'value' => ''
						$write_location = 'elseif';

					case 'else':
						// move to else
						$write_location = 'else';

						// any other tag -- this isn't related to this if
						$location_ref .= $parser->_default_node_handler($node);
			else if ($node->type == 'curly')
				$location_ref .= $parser->_default_node_handler($node);

		// merge the 2 types with conditions (true, elseif) together
		$conditions = array_merge(array(
			0 => array(
				'condition' => $main_node->attributes['condition'],
				'value' => $true_value
		)), $elseif_conditions);

		// now loop through these conditions. Elseif can not be handled by a ternary
		// operator, so emulate it via if{}else{if{}else{}.
		$output = "'';";

		if (!function_exists('replace_template_variables'))
			require_once(DIR . '/includes/functions_misc.php');

		$condition_value = replace_template_variables($condition_value, true);

		foreach ($conditions AS $condition)
			$output .= ' if (' . replace_template_variables($condition['condition'], true) . ') {
					' .$parser->outputVar . " .= '" . $condition['value'] . "';" . '
				} else';
		$output .= ' {
			' . $parser->outputVar . " .= '" . $else_value . "';" . '

		$output .= $parser->outputVar . " .= ''";

		return $output;
Exemple #10
 // get bits for faq text cache
 $faqtext = array();
 if (is_array($ifaqcache["{$faqparent}"])) {
 } else {
     eval(standard_error(fetch_error('invalidid', $vbphrase['faq_item'], $vbulletin->options['contactuslink'])));
 // $censorchars is used in the vb_censor_explain phrase
 $censorchars = $vbulletin->options['censorchar'] . $vbulletin->options['censorchar'] . $vbulletin->options['censorchar'] . $vbulletin->options['censorchar'] . $vbulletin->options['censorchar'];
 require_once DIR . '/includes/functions_misc.php';
 // display FAQs
 $faq = array();
 foreach ($ifaqcache["{$faqparent}"] as $faq) {
     if ($faq['displayorder'] > 0) {
         $text = str_replace(array("\\'", '\\\\$'), array("'", '\\$'), addslashes($faq['text']));
         eval('$faq[\'text\'] = "' . replace_template_variables($text) . '";');
         construct_faq_item($faq, $find, $replace, $replace);
 $faqtitle = $faqcache["{$faqparent}"]['title'];
 $show['faqtitle'] = iif($faqtitle, true, false);
 // get navbar stuff
 $parents = array();
 foreach (array_reverse($parents) as $key => $val) {
     // fix for bug #1660
     if (isset($navbits["{$key}"])) {
     $navbits["{$key}"] = $val;
function vbseo_get_email_templates($emailtpl)
    global $vbulletin;
    $evalemail = array();
    $email_texts = $vbulletin->db->query_read("\nSELECT text, languageid, varname\nFROM " . vbseo_tbl_prefix('phrase') . "\nWHERE varname LIKE '{$emailtpl}%'\n");
    while ($email_text = $vbulletin->db->fetch_array($email_texts)) {
        $emails["{$email_text['languageid']}"]["{$email_text['varname']}"] = $email_text['text'];
    require_once DIR . '/includes/functions_misc.' . VBSEO_VB_EXT;
    foreach ($emails as $languageid => $email_text) {
        $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text[$emailtpl . '_msg']), $emails['-1'][$emailtpl . '_msg'], $email_text[$emailtpl . '_msg'])));
        $text_message = replace_template_variables($text_message);
        $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text[$emailtpl . '_subj']), $emails['-1'][$emailtpl . '_subj'], $email_text[$emailtpl . '_subj'])));
        $text_subject = replace_template_variables($text_subject);
        $evalemail["{$languageid}"] = '
$msg = "' . $text_message . '";
$subj = "' . $text_subject . '";
    return $evalemail;