public function output() { global $vbulletin; if (!isset($vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } $publishlist = implode(', ', vB::$vbulletin->userinfo['permissions']['cms']['canpublish']); $viewlist = implode(', ', vB::$vbulletin->userinfo['permissions']['cms']['allview']); $rst = vB::$vbulletin->db->query_read_slave("SELECT node.nodeid, node.parentnode, node.url, node.permissionsfrom,\n\t\t\tnode.setpublish, node.publishdate, node.noderight, info.title FROM " . TABLE_PREFIX . "cms_node AS node INNER JOIN " . TABLE_PREFIX . "cms_nodeinfo AS info ON info.nodeid = node.nodeid\n\t\t\t WHERE node.contenttypeid = " . vB_Types::instance()->getContentTypeID("vBCms_Section") . " AND\n\t\t((node.permissionsfrom IN ({$viewlist}) AND node.hidden = 0 ) OR (node.permissionsfrom IN ({$publishlist})))\n\t\t\t ORDER BY node.nodeleft"); $nodes = array(); $noderight = 0; while ($record = vB::$vbulletin->db->fetch_array($rst)) { if (!in_array($record['permissionsfrom'], vB::$vbulletin->userinfo['permissions']['cms']['canedit']) and !(in_array($record['permissionsfrom'], vB::$vbulletin->userinfo['permissions']['cms']['canview']) and $record['setpublish'] == '1' and $record['publishdate'] < TIMENOW) or $record['noderight'] < $noderight) { //We need to skip this record and all its children $noderight = $record['permissionsfrom']; continue; } $nodes[] = $record; } if (count($nodes)) { reset($nodes); $nodes = $this->setNavArray($nodes); return $nodes; } }
/** * determine which records are viewable by this user. * * @param mixed $user : current user object * @param array $ids : array of article contentids * @param mixed $gids : not applicable here- group id's for those types which are groupable * @return array of (viewable id's, rejected groups) */ public function fetch_validated_list($user, $ids, $gids) { //We need to pull parentnode and permissionsfrom from the table. $sql = "SELECT node.contentid, node.nodeid, node.parentnode, node.permissionsfrom, node.setpublish, node.userid, node.publishdate, node.hidden, node.nosearch, node.userid FROM " . TABLE_PREFIX . "cms_node AS node INNER JOIN " . TABLE_PREFIX . "cms_article AS article ON article.contentid = node.contentid AND node.contenttypeid = " . vB_Types::instance()->getContentTypeID('vBCms_Article') . " WHERE article.contentid in (" . implode(', ', $ids) . ")"; $canview = array(); $hidden = array(); $rst = vB::$vbulletin->db->query_read($sql); if ($rst) { // make sure user cms permissions are stored in the registry if (! isset(vB::$vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } while($record = vB::$vbulletin->db->fetch_array($rst)) { if (in_array($record['permissionsfrom'], vB::$vbulletin->userinfo['permissions']['cms']['canedit']) OR ($record['userid'] == vB::$vbulletin->userinfo['userid'])) { $canview[] = $record['contentid']; } else if (in_array($record['permissionsfrom'], vB::$vbulletin->userinfo['permissions']['cms']['canview']) AND ($record['setpublish'] > 0) AND ($record['publishdate'] <= TIMENOW)) { $canview[] = $record['contentid']; } else { $hidden[] = $record['parentnode']; } } //And let's store the permissionsfrom in case we need it. vBCMS_Permissions::setPermissionsfrom($record['nodeid'], $record['permissionsfrom'], $record['hidden'], $record['setpublish'], $record['publishdate'], $record['userid']); } if (count($canview)) { $articles = vBCms_Search_Result_Article::create_array($canview); } else { $articles = array(); } return array('list' => $articles, 'groups_rejected' => $hidden); }
public function can_add_tag() { if (! isset(vB::$vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } //until we have better developed permissions, limit tagging //to item editors only. return vBCMS_Permissions::canEdit($this->fetch_content_info()->getNodeId()); }
/** * Authorise the current user for the current action. */ protected function authorizeAction() { if (! isset(vB::$vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } if (!(vB::$vbulletin->userinfo['permissions']['cms']['admin'])) { throw (new vB_Exception_AccessDenied()); } }
/** * this will create an array of result objects from an array of ids() * * @param array of integer $ids * @return array of objects */ public function create_array($ids) { $contenttypeid = vB_Types::instance()->getContentTypeID( 'vBCms_StaticHtml'); if (! isset(vB::$vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } if ($rst = vB::$vbulletin->db->query_read("SELECT n.nodeid as itemid, n.setpublish, u.username,n.nodeid, u.userid, i.html_title, n.permissionsfrom, n.hidden, n.url, nc1.value AS previewtext, nc.value AS pagetext, i.title, i.description, n.publishdate, n.parentnode, parent.title AS parenttitle, parent.html_title AS parent_html_title FROM " . TABLE_PREFIX . "cms_node AS n LEFT JOIN " . TABLE_PREFIX . "cms_nodeinfo i ON i.nodeid = n.nodeid LEFT JOIN " . TABLE_PREFIX . "cms_nodeinfo AS parent ON parent.nodeid = n.parentnode LEFT JOIN " . TABLE_PREFIX . "user u ON u.userid = n.userid LEFT JOIN " . TABLE_PREFIX . "cms_nodeconfig AS nc ON nc.nodeid = n.nodeid AND nc.name = 'pagetext' LEFT JOIN " . TABLE_PREFIX . "cms_nodeconfig AS nc1 ON nc1.nodeid = n.nodeid AND nc1.name = 'previewtext' WHERE n.nodeid IN (" . implode(', ', $ids) . ")")) { while ($search_result = vB::$vbulletin->db->fetch_array($rst)) { vBCMS_Permissions::setPermissionsfrom($search_result['nodeid'], $search_result['$permissionsfrom'], $search_result['hidden'], $search_result['setpublish'], $search_result['publishdate'] ); //check permissions if (!vBCMS_Permissions::canView($search_result['nodeid'])) { continue; } $item = new vBCms_Search_Result_StaticPage(); $item->itemid = $search_result['itemid']; $item->contenttypeid = $contenttypeid; if ($rst1 = vB::$vbulletin->db->query_read("SELECT cat.categoryid, cat.category FROM " . TABLE_PREFIX . "cms_nodecategory nc INNER JOIN " . TABLE_PREFIX . "cms_category cat ON nc.categoryid = cat.categoryid WHERE nc.nodeid = " . $search_result['nodeid'])) { while($record = vB::$vbulletin->db->fetch_array($rst1)) { $record['category_url'] = vB_Route::create('vBCms_Route_List', "category/" . $record['route_info'] . "/1")->getCurrentURL(); $categories[$record['categoryid']] = $record; } } // if ($rst1 = vB::$vbulletin->db->query_read("SELECT cat.categoryid, cat.category FROM " . // TABLE_PREFIX . "cms_nodecategory nc INNER JOIN " . TABLE_PREFIX . // "cms_category cat ON nc.categoryid = cat.categoryid WHERE nc.nodeid = " . // $search_result['nodeid'])) // { // while($record = vB::$vbulletin->db->fetch_array($rst1)) // { // $categories[$record['categoryid']] = $record; // } // } $search_result['categories'] = $categories; $item->record = $search_result; $items[$search_result['itemid']] = $item; } return $items; } return false; }
/** * Determines whether the current user can publish the content. * * @return bool */ public function canPublish() { //See canView for the logic $this->assertContent(); if (! isset($vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } return $this->content->canPublish(); }
/** * pre_delete function - extend if the contenttype needs to do anything * * @param array list of deleted attachment ids to delete * @param boolean verify permission to delete * * @return boolean */ public function pre_delete($list, $checkperms = true) { if (!isset($this->contentid) and !vB::$vbulletin->GPC_exists['values']) { vB::$vbulletin->input->clean_array_gpc('r', array( 'f' => vB_Input::TYPE_UINT )); } if (!isset(vB::$vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } if (vB::$vbulletin->GPC_exists['values'] and isset(vB::$vbulletin->GPC['values']['f'])) { $this->contentid = vB::$vbulletin->GPC['values']['f']; return vBCMS_Permissions::canEdit($this->contentid); } if (count($list)) { $rst = vB::$vbulletin->db->query_read(" SELECT DISTINCT node.permissionsfrom FROM " . TABLE_PREFIX . "attachment AS attach INNER JOIN " . TABLE_PREFIX . "cms_node AS node ON (node.nodeid = attach.contentid AND node.contenttypeid = attach.contenttypeid) WHERE attachmentid IN (" . implode(',' , $list) . ") "); while ($record = vB::$vbulletin->db->fetch_array($rst)) { if (!in_array($record['permissionsfrom'], vB::$vbulletin->userinfo['permissions']['cms']['canedit'])) { return false; } } return true; } }
/** * Fetches the standard page view for a widget. * * @param bool $skip_errors - If using a collection, omit widgets that throw errors * @return vBCms_View_Widget - The resolved view, or array of views */ public function getPageView() { $this->assertWidget(); if (! isset($vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } // Create view $config = $this->widget->getConfig(); if (!isset($config['template_name']) OR ($config['template_name'] == '') ) { $config['template_name'] = 'vbcms_widget_sectionnav_page'; } $canviewlist = implode(', ', vB::$vbulletin->userinfo['permissions']['cms']['viewonly']); $caneditlist = implode(', ', vB::$vbulletin->userinfo['permissions']['cms']['canedit']); $for_node = intval($this->content->getContentTypeId()) == intval(vb_Types::instance()->getContentTypeID("vBCms_Section")) ? $this->content->getNodeId() : $this->content->getParentId(); // Create view $view = new vBCms_View_Widget($config['template_name']); if ( $link_nodes = vB_Cache::instance()->read($cache_key = $this->getHash($this->widget->getId(), $for_node), false, true)) { $links_before = $link_nodes['links_before']; $links_above = $link_nodes['links_above']; $links_sibling = $link_nodes['links_sibling']; $links_children = $link_nodes['links_children']; $links_after = $link_nodes['links_after']; $myself = $link_nodes['myself']; } else { //If we're on a section, we show for this nodeid. If we're on // on a leaf-type node we show for the parent $section_possibles = vBCms_ContentManager::getSections(); $my_left = $this->content->getNodeLeft(); $my_right = $this->content->getNodeRight(); $my_parent = $this->content->getParentId(); $my_nodeid = $this->content->getNodeId(); $my_title = ''; $links_above = array(); $links_before = array(); $links_above = array(); $links_sibling = array(); $links_after = array(); $links_children = array(); $top_level = array(); if (! isset(vB::$vbulletin->userinfo['permissions']['cms']) ) { vBCMS_Permissions::getUserPerms(); } $route = new vBCms_Route_Content(); $route->setParameter('action', 'view'); $homeid = $sections[0]['nodeid']; //Now let's scan the array; $indent = 0; $i = 1; $noderight = 0; //Let's remove items we're not supposed to see. $sections= array(); foreach ($section_possibles as $key => $section) { if (/** This user has permissions to view this record **/ ( in_array($section['permissionsfrom'], vB::$vbulletin->userinfo['permissions']['cms']['canedit']) OR (in_array($section['permissionsfrom'],vB::$vbulletin->userinfo['permissions']['cms']['canview'] ) AND $section['setpublish'] == '1' AND $section['publishdate'] < TIMENOW )) AND /** This user also has rights to the parents **/ ($section['noderight'] > $noderight)) { $sections[] = $section; } else { //So the children will be skipped $noderight = $section['noderight']; } } //First the sections ahead of us while($i < count($sections) AND $my_left > $sections[$i]['nodeleft']) { $route->node = $sections[$i]['nodeid'] . (strlen($sections[$i]['url']) ? '-' . $sections[$i]['url'] : '' ); //see if it's a top-level if ($sections[$i]['parentnode'] == $homeid) { $links_before[] = array('title' => $sections[$i]['title'], 'sectionurl' => $route->getCurrentUrl(array('node' =>$route->node, 'action' => 'view')), 'indent' => 0); }//is it a sibling? else if ($my_parent == $sections[$i]['parentnode']) { $links_sibling[] = array('title' => $sections[$i]['title'], 'sectionurl' => $route->getCurrentUrl(array('node' =>$route->node, 'action' => 'view')), 'indent' => 0); } $i++; } //Now our parentage and children while($i < count($sections) AND $my_right > $sections[$i]['nodeleft']) { $route->node = $sections[$i]['nodeid'] . (strlen($sections[$i]['url']) ? '-' . $sections[$i]['url'] : '' ); if ($my_nodeid == $sections[$i]['parentnode']) { $links_children[] = array('title' => $sections[$i]['title'], 'sectionurl' => $route->getCurrentUrl(array('node' =>$route->node, 'action' => 'view')), 'indent' => ($indent) * 10); } else if ($my_nodeid == $sections[$i]['nodeid']) { $myself = array('title' => $sections[$i]['title'], 'sectionurl' => $route->getCurrentUrl(array('node' =>$route->node, 'action' => 'view')), 'indent' => $indent * 10); } else { $links_above[] = array('title' => $sections[$i]['title'], 'sectionurl' => $route->getCurrentUrl(array('node' =>$route->node, 'action' => 'view')), 'indent' => $indent * 10); $my_title = $sections[$i]['title']; $indent++; } $i++; } //Now the afters while ($i < count($sections)) { $route->node = $sections[$i]['nodeid'] . (strlen($sections[$i]['url']) ? '-' . $sections[$i]['url'] : '' ); if ($sections[$i]['parentnode'] == $homeid) { $links_after[] = array('title' => $sections[$i]['title'], 'sectionurl' => $route->getCurrentUrl(array('node' =>$route->node, 'action' => 'view')), 'indent' => 0); } else if ($my_parent == $sections[$i]['parentnode']) { $links_sibling[] = array('title' => $sections[$i]['title'], 'sectionurl' => $route->getCurrentUrl(array('node' =>$route->node, 'action' => 'view')), 'indent' => 0); } $i++; } foreach($links_sibling as $key => $value) { $links_sibling[$key]['indent'] = $indent * 10; } $route->node = $sections[1]['nodeid'] . (strlen($sections[1]['url']) ? '-' . $sections[1]['url'] : '' ); //We have the pieces, now let's string them together; //Top level first $links_before = array_merge(array(array('title' => $sections[0]['title'], 'sectionurl' => $route->getCurrentUrl(array('node' =>$route->node, 'action' => 'view')), 'indent' => 0)), $links_before); //Now write to the cache vB_Cache::instance()->write($cache_key, array('links_before' => $links_before, 'links_above' => $links_above, 'links_sibling' => $links_sibling , 'links_after' => $links_after, 'links_children' => $links_children, 'myself' => $myself ), $this->cache_ttl, array('section_nav_' . $for_node, 'sections_updated')); } //The first record is the root $view->links_before = $links_before; $view->links_above = $links_above; $view->links_sibling = $links_sibling; $view->links_children = $links_children; $view->links_after = $links_after; $view->myself = $myself; $view->widget_title = $this->widget->getTitle(); return $view; }
/** * Template method that does all the work to display an issue note, including processing the template * * @return string Templated note output */ function construct() { global $vbulletin; ($hook = vBulletinHook::fetch_hook('blog_entry_display_start')) ? eval($hook) : false; // preparation for display... $this->prepare_start(); if ($this->blog['userid']) { $this->process_registered_user(); } else { $this->process_unregistered_user(); } $this->process_date_status(); $this->process_display(); $this->process_text(); $this->process_attachments(); $this->prepare_end(); // actual display... $blog =& $this->blog; $status =& $this->status; global $show, $vbphrase; global $spacer_open, $spacer_close; global $bgclass, $altbgclass; exec_switch_bg(); $show['readmore'] = $this->readmore; $show['ignoreduser'] = ($this->ignored_users[$this->blog['userid']]); // prepare the member action drop-down menu $memberaction_dropdown = construct_memberaction_dropdown($blog); //set up the ad for the first blog entry global $ad_location; if ($this->is_first) { $ad_location['bloglist_first_entry'] = vB_Template::create('ad_bloglist_first_entry')->render(); } ($hook = vBulletinHook::fetch_hook('blog_entry_display_complete')) ? eval($hook) : false; $templater = vB_Template::create($this->template); $templater->register('blog', $blog); $templater->register('memberaction_dropdown', $memberaction_dropdown); $templater->register('status', $status); $templater->register('is_first', $this->is_first); $templater->register('ad_location', $ad_location); if ($vbulletin->products['vbcms']) { if (! isset(vB::$vbulletin->userinfo['permissions']['cms'])) { require_once DIR . '/packages/vbcms/permissions.php'; vBCMS_Permissions::getUserPerms(); } if (count(vB::$vbulletin->userinfo['permissions']['cms']['canpublish'])) { $templater->register('promote_sectionid', vB::$vbulletin->userinfo['permissions']['cms']['canpublish'][0]); $templater->register('articletypeid', vB_Types::instance()->getContentTypeID('vBCms_Article')); $promote_url = vB_Route::create('vBCms_Route_Content', '1/addcontent/')->getCurrentURL(); $promote_url .= (strrpos($promote_url, '?') ? '&' : '?') . 'contenttypeid=' . vB_Types::instance()->getContentTypeID('vBCms_Article') . "&blogid=" . $blog['blogid'] . '&parentid=1'; $templater->register('promote_url', $promote_url); } } $output = $templater->render(($this->registry->GPC['ajax'])); return $output; }
private static function renderResult($userinfo, $post_array, $permissions, $forumperms, $target_url, $nodeid) { if (!count($post_array)) { return ''; } require_once DIR . '/includes/functions_bigthree.php' ; require_once DIR . '/includes/class_postbit.php' ; fetch_phrase_group('showthread'); fetch_phrase_group('postbit'); global $vbphrase; global $template_hook; global $show; global $thread; $thread = $thread->get_record(); $threadinfo = verify_id('thread', $thread['threadid'], 1, 1); $foruminfo = verify_id('forum', $threadinfo['forumid'], 1, 1); $firstpostid = false; $displayed_dateline = 0; if (vB::$vbulletin->options['threadmarking'] AND vB::$vbulletin->userinfo['userid']) { $threadview = max($threadinfo['threadread'], $threadinfo['forumread'], TIMENOW - (vB::$vbulletin->options['markinglimit'] * 86400)); } else { $threadview = intval(fetch_bbarray_cookie('thread_lastview', $thread['threadid'])); if (!$threadview) { $threadview = vB::$vbulletin->userinfo['lastvisit']; } } require_once DIR . '/includes/functions_user.php'; $show['inlinemod'] = false; $postids = array(); if (! isset(vB::$vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } $postids = ' post.postid in (' . implode(', ', $post_array) .')'; $posts = vB::$vbulletin->db->query_read($sql = " SELECT post.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted, user.*, userfield.*, usertextfield.*, " . iif($forum['allowicons'], 'icon.title as icontitle, icon.iconpath,') . " " . iif( vB::$vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight,') . " " . ((can_moderate($thread['forumid'], 'canmoderateposts') OR can_moderate($thread['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . " " . iif($deljoin, 'deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason,') . " editlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline, editlog.reason AS edit_reason, editlog.hashistory, postparsed.pagetext_html, postparsed.hasimages, sigparsed.signatureparsed, sigparsed.hasimages AS sighasimages, sigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid, customprofilepic.userid AS profilepic, customprofilepic.dateline AS profilepicdateline, customprofilepic.width AS ppwidth, customprofilepic.height AS ppheight " . iif(!($permissions['genericpermissions'] & vB::$vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), vB::$vbulletin->profilefield['hidden']) . " $hook_query_fields FROM " . TABLE_PREFIX . "post AS post LEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid) LEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid) " . iif($forum['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . " " . iif( vB::$vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . " " . ((can_moderate($thread['forumid'], 'canmoderateposts') OR can_moderate($thread['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . " $deljoin LEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid) LEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ") LEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ") LEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid) LEFT JOIN " . TABLE_PREFIX . "customprofilepic AS customprofilepic ON (user.userid = customprofilepic.userid) $hook_query_joins WHERE $postids ORDER BY post.dateline "); if (!($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['canseethumbnails']) AND !($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['cangetattachment'])) { vB::$vbulletin->options['attachthumbs'] = 0; } if (!($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['cangetattachment'])) { vB::$vbulletin->options['viewattachedimages'] = 0; } $postcount = count($postid_array); $counter = 0; $postbits = ''; vB::$vbulletin->noheader = true; $postbit_factory = new vB_Postbit_Factory(); $postbit_factory->registry = vB::$vbulletin; $postbit_factory->forum = $foruminfo; $postbit_factory->thread = $thread; $postbit_factory->cache = array(); $postbit_factory->bbcode_parser = new vB_BbCodeParser( vB::$vbulletin, fetch_tag_list()); //We need to tell the parser to handle quotes differently. $postbit_factory->bbcode_parser->set_quote_template('vbcms_bbcode_quote'); $postbit_factory->bbcode_parser->set_quote_vars(array('page_url' => $target_url . (strpos($target_url, '?') == false ? '?' : '&'))); $show['return_node'] = $nodeid; $show['avatar'] = 1; while ($post = vB::$vbulletin->db->fetch_array($posts)) { if (! self::canViewPost($post, $permissions) ) { continue; } if (! intval($post['userid'])) { $post['avatarid'] = false; } else if (!$post['hascustomavatar']) { if ($post['profilepic']) { $post['hascustomavatar'] = 1; $post['avatarid'] = true; $post['avatarpath'] = "./image.php?u=" . $post['userid'] . "&dateline=" . $post['profilepicdateline'] . "&type=profile"; $post['avwidth'] = $post['ppwidth']; $post['avheight'] = $post['ppheight']; } else { $post['hascustomavatar'] = 1; $post['avatarid'] = true; // explicity setting avatarurl to allow guests comments to show unknown avatar $post['avatarurl'] = $post['avatarpath'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . '/unknown.gif'; $post['avwidth'] = 60; $post['avheight'] = 60; } } if ($tachyuser = in_coventry($post['userid']) AND !can_moderate($thread['forumid'])) { continue; } if ($post['visible'] == 1 AND !$tachyuser) { ++$counter; if ($postorder) { $post['postcount'] = --$postcount; } else { $post['postcount'] = ++$postcount; } } if ($tachyuser) { $fetchtype = 'post_global_ignore'; } else if ($ignore["$post[userid]"]) { $fetchtype = 'post_ignore'; } else if ($post['visible'] == 2) { $fetchtype = 'post_deleted'; } else { $fetchtype = 'post'; } if ( ( vB::$vbulletin->GPC['viewfull'] AND $post['postid'] == $postinfo['postid'] AND $fetchtype != 'post') AND (can_moderate($threadinfo['forumid']) OR !$post['isdeleted']) ) { $fetchtype = 'post'; } ($hook = vBulletinHook::fetch_hook('showthread_postbit_create')) ? eval($hook) : false; $postbit_obj = $postbit_factory->fetch_postbit($fetchtype); $postbit_obj->set_template_prefix('vbcms_'); if ($fetchtype == 'post') { $postbit_obj->highlight = $replacewords; } if (!$firstpostid) { $firstpostid = $post['postid']; } $post['islastshown'] = ($post['postid'] == $lastpostid); $post['isfirstshown'] = ($counter == 1 AND $fetchtype == 'post' AND $post['visible'] == 1); $post['islastshown'] = ($post['postid'] == $lastpostid); $post['attachments'] = $postattach["$post[postid]"]; $parsed_postcache = array('text' => '', 'images' => 1, 'skip' => false); $this_postbit = $postbit_obj->construct_postbit($post); $this_template = vB_Template::create('vbcms_comments_detail'); $this_template->register('postid', $post['postid'] ); $this_template->register('postbit', $this_postbit); $this_template->register('indent', $post_array[$this_key]['level'] * $pixel_indent); $postbits .= $this_template->render(); $LASTPOST = $post; // Only show after the first post, counter isn't incremented for deleted/moderated posts if ($post_cachable AND $post['pagetext_html'] == '') { if (!empty($saveparsed)) { $saveparsed .= ','; } $saveparsed .= "($post[postid], " . intval($thread['lastpost']) . ', ' . intval($postbit_obj->post_cache['has_images']) . ", '" . vB::$vbulletin->db->escape_string($postbit_obj->post_cache['text']) . "', " . intval(STYLEID) . ", " . intval(LANGUAGEID) . ")"; } if (!empty($postbit_obj->sig_cache) AND $post['userid']) { if (!empty($save_parsed_sigs)) { $save_parsed_sigs .= ','; } $save_parsed_sigs .= "($post[userid], " . intval(STYLEID) . ", " . intval(LANGUAGEID) . ", '" . vB::$vbulletin->db->escape_string($postbit_obj->sig_cache['text']) . "', " . intval($postbit_obj->sig_cache['has_images']) . ")"; } } if ($LASTPOST['dateline'] > $displayed_dateline) { $displayed_dateline = $LASTPOST['dateline']; if ($displayed_dateline <= $threadview) { $updatethreadcookie = true; } } if ($firstpostid) { $this_template->register('FIRSTPOSTID', $firstpostid ); } if ($lastpostid) { $this_template->register('LASTPOSTID', $lastpostid); } // Set thread last view if ($displayed_dateline AND $displayed_dateline > $threadview) { mark_thread_read($threadinfo, $foruminfo, vB::$vbulletin->userinfo['userid'], $displayed_dateline); } vB::$vbulletin->db->free_result($posts); unset($post); return $postbits; }
/** * Fetches the SQL for loading. * $required_query is used to identify which query to build for classes that * have multiple queries for fetching info. * * This can safely be based on $this->required_info as long as a consitent * flag is used for identifying the query. * * @param int $required_query - The required query * @param bool $force_rebuild - Whether to rebuild the string * * @return string */ protected function getLoadQuery($required_query = self::QUERY_BASIC, $force_rebuild = false) { // Hooks should check the required query before populating the hook vars $hook_query_fields = $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook($this->query_hook)) ? eval($hook) : false; // Internal hooks for loading content with QUERY_BASIC $content_query_fields = $content_query_joins = $content_query_where = ''; // if ($this->requireLoad(vBCms_Item_Content::INFO_CONTENT)) // { $content_query_fields = $this->getContentQueryFields(); $content_query_joins = $this->getContentQueryJoins(); $content_query_where = $this->getContentQueryWhere(); // } // Content item queries if (self::QUERY_BASIC == $required_query) { $calc_rows = $this->requireLoad(vBCms_Item_Content::INFO_BASIC) ? 'SQL_CALC_FOUND_ROWS' : ''; if (! isset(vB::$vbulletin->userinfo['permissions']['cms'])) { require_once DIR . '/packages/vbcms/permissions.php'; vBCMS_Permissions::getUserPerms(); } //We need a nodeid for the displayorder below if ($this->filter_node_exact AND !$this->filter_node ) { $this->filter_node = $this->filter_node_exact; } //enforce the max_records limits if ($this->max_records) { $this->paginate = true; if (!$this->start) { $this->start = 0; } $this->quantity = $this->max_records; } $filter_notcontenttype = $this->getFilterNotContentTypeSql(); $sql = "SELECT $calc_rows node.nodeid AS itemid" . ($this->requireLoad(vBCms_Item_Content::INFO_BASIC) ? " ,(node.nodeleft = 1) AS isroot, node.nodeid, node.contenttypeid, node.contentid, node.url, node.parentnode, node.styleid, node.userid, node.layoutid, node.publishdate, node.setpublish, node.issection, parent.permissionsfrom as parentpermissions, node.showrating, node.permissionsfrom, node.publicpreview, node.shownav, node.hidden, node.nosearch " : '') . ($this->requireLoad(vBCms_Item_Content::INFO_NODE) ? ", info.description, info.title, info.viewcount, info.creationdate, info.workflowdate, info.workflowstatus, info.workflowcheckedout, info.workflowlevelid, info.associatedthreadid, user.username, sectionorder.displayorder" : '') . ($this->requireLoad(vBCms_Item_Content::INFO_DEPTH) ? ", (COUNT(pdepth.nodeid) - 1) AS depth" : '') . " $content_query_fields $hook_query_fields FROM " . TABLE_PREFIX . "cms_node AS node " . ($this->requireLoad(vBCms_Item_Content::INFO_NODE) ? " INNER JOIN " . TABLE_PREFIX . "cms_nodeinfo AS info ON info.nodeid = node.nodeid LEFT JOIN " . TABLE_PREFIX . "user AS user ON user.userid = node.userid LEFT JOIN " . TABLE_PREFIX . "cms_sectionorder AS sectionorder ON sectionorder.sectionid = node.parentnode AND sectionorder.nodeid = node.nodeid" : '') . ($this->requireLoad(self::INFO_BASIC) ? " LEFT JOIN " . TABLE_PREFIX . "cms_node AS parent ON parent.nodeid = node.parentnode " : '') . ($this->filter_node ? "INNER JOIN " . TABLE_PREFIX . "cms_node AS rootnode ON rootnode.nodeid = " . intval($this->filter_node) : '') . ($this->requireLoad(vBCms_Item_Content::INFO_DEPTH) ? " LEFT JOIN " . TABLE_PREFIX . "cms_node AS pdepth ON (node.nodeleft >= pdepth.nodeleft AND node.nodeleft <=pdepth.noderight>" : '') . " $content_query_joins $hook_query_joins WHERE node.new != 1 " . ($this->itemid ? " AND node.nodeid IN (" . implode(',', $this->itemid) . ") " : '') . ($this->filter_ignorepermissions ? '' : " AND " . vBCMS_Permissions::getPermissionString()) . ((($this->filter_contenttype AND ($this->filter_contenttype == vB_Types::instance()->getContentTypeID("vBCms_Section"))) OR $this->filter_onlysections) ? '' : "AND node.new != 1 ") . ($this->filter_contenttype ? "AND node.contenttypeid = " . intval($this->filter_contenttype) . " " : '') . ($this->filter_contentid ? "AND node.contentid = " . intval($this->contentid) . " ": '') . ($this->filter_node ? "AND (node.nodeleft >= rootnode.nodeleft AND node.nodeleft <= rootnode.noderight) AND node.nodeleft != rootnode.nodeleft " : '') . ($this->filter_nosections ? "AND node.issection != '1' " : '') . ($this->filter_onlysections ? "AND node.issection = '1' " : '') . ($this->filter_userid ? "AND node.userid = " . intval($this->filter_userid) . " " : '') . ($this->visible_only ? "AND node.hidden = 0 " : '') . (intval($this->filter_node_exact) ? "AND (node.parentnode = " . $this->filter_node_exact . " OR sectionorder.displayorder > 0 )": ''). ($this->filter_published ? "AND node.setpublish = '1' AND node.publishdate <= " . intval(TIMENOW) . " " : '') . ($this->filter_unpublished ? "AND node.setpublish = '0' OR node.publishdate > " . intval(TIMENOW) . " " : '') . " $content_query_where $hook_query_where " . ($this->requireLoad(vBCms_Item_Content::INFO_DEPTH) ? " GROUP BY node.nodeid " : '') . (isset($this->orderby) ? " ORDER BY " . $this->orderby : ($this->requireLoad(vBCms_Item_Content::INFO_NODE) ? " ORDER BY CASE WHEN sectionorder.displayorder > 0 THEN sectionorder.displayorder ELSE 9999999 END ASC, node.publishdate DESC" : 'ORDER BY node.setpublish DESC, node.publishdate DESC' )) . ($this->paginate ? " LIMIT " . intval($this->start) . ', ' . intval($this->quantity) : ''); return $sql; } else if (self::QUERY_PARENTS == $required_query) { return "SELECT node.nodeid AS itemid, parent.nodeid, parent.url, parent.styleid, parent.layoutid, parent.publishdate, parent.setpublish, parent.hidden, info.title, info.description $hook_query_fields FROM " . TABLE_PREFIX . "cms_node AS node INNER JOIN " . TABLE_PREFIX . "cms_node AS parent ON (node.nodeleft >= parent.nodeleft AND node.nodeleft <= parent.noderight) INNER JOIN " . TABLE_PREFIX . "cms_nodeinfo AS info ON info.nodeid = parent.nodeid LEFT JOIN " . TABLE_PREFIX . "cms_sectionorder AS ord ON ord.nodeid = node.nodeid AND ord.sectionid = node.parentnode " . $hook_query_joins . " WHERE node.nodeid IN (" . implode(',', $this->itemid) . ") AND parent.nodeid != node.nodeid $hook_query_where ORDER BY parent.nodeleft, ord.displayorder" ; } else if (self::QUERY_CONFIG == $required_query) { return "SELECT nodeid AS itemid, name, value, serialized $hook_query_fields FROM " . TABLE_PREFIX . "cms_nodeconfig $hook_query_joins WHERE nodeid IN (" . implode(',', $this->itemdid) . ") $hook_query_where "; } throw (new vB_Exception_Model('Invalid query id \'' . htmlspecialchars_uni($required_query) . '\' specified for collection')); }
/** * Fetches the standard page view for a widget. * * @param bool $skip_errors - If using a collection, omit widgets that throw errors * @return vBCms_View_Widget - The resolved view, or array of views */ public function getPageView() { $this->assertWidget(); if (! isset($vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } $config = $this->widget->getConfig(); if (!isset($config['template_name']) OR ($config['template_name'] == '') ) { $config['template_name'] = $this->default_template; } $view = new vBCms_View_Widget($config['template_name']); $view->widget_title = $this->widget->getTitle(); $view->menu_static = ($config['menu_type'] == 1 ? 'true' : 'false'); $view->show_all_tree_elements_threshold = $config['show_all_tree_elements_threshold']; //see if we can get from cache; if ($sectionlist = vB_Cache::instance()->read($this->getHash($this->widget->getId(), 'all'), true, true)) { $view->nodelist = $this->arrangeSection($sectionlist, $this->content->getNodeId()); $view->nodes = $this->setNavArray($sectionlist); return $view; } $publishlist = implode(', ', vB::$vbulletin->userinfo['permissions']['cms']['canpublish']); $viewlist = implode(', ', vB::$vbulletin->userinfo['permissions']['cms']['allview']); $rst = vB::$vbulletin->db->query_read("SELECT node.nodeid, node.parentnode, node.url, node.permissionsfrom, node.setpublish, node.publishdate, node.noderight, info.title FROM " . TABLE_PREFIX . "cms_node AS node INNER JOIN " . TABLE_PREFIX . "cms_nodeinfo AS info ON info.nodeid = node.nodeid WHERE node.contenttypeid = " . vB_Types::instance()->getContentTypeID("vBCms_Section") . " AND ((node.permissionsfrom IN ($viewlist) AND node.hidden = 0 ) OR (node.permissionsfrom IN ($publishlist))) ORDER BY node.nodeleft"); $nodes = array(); $noderight = 0; while($record = vB::$vbulletin->db->fetch_array($rst)) { if (/** This user doesn have permissions to view this record **/ (! in_array($record['permissionsfrom'],vB::$vbulletin->userinfo['permissions']['cms']['canedit']) AND !(in_array($record['permissionsfrom'], vB::$vbulletin->userinfo['permissions']['cms']['canview'] ) AND $record['setpublish'] == '1' AND $record['publishdate'] < TIMENOW )) OR /** This user didn't have rights to a parent **/ ($record['noderight'] < $noderight)) { //We need to skip this record and all its children $noderight = $record['permissionsfrom']; continue; } $nodes[] = $record; } if (count($nodes)) { vB_Cache::instance()->write($this->getHash($this->widget->getId(), 'all'), $nodes, $this->cache_ttl, array('sections_updated')); reset($nodes); $view->nodelist = $this->arrangeSection($nodes, $this->content->getNodeId()); $view->nodes = $this->setNavArray($nodes); return $view; } return false; }
public function getCount() { $hook_query_fields = $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook($this->query_hook)) ? eval($hook) : false; // Internal hooks for loading content with QUERY_BASIC // if ($this->requireLoad(vBCms_Item_Content::INFO_CONTENT)) // { $content_query_fields = $this->getContentQueryFields(); $content_query_joins = $this->getContentQueryJoins(); $content_query_where = $this->getContentQueryWhere(); // } $filter_notcontenttype = $this->getFilterNotContentTypeSql(); //make sure permissions are loaded. if (! isset(vB::$vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } if (!count(vB::$vbulletin->userinfo['permissions']['cms']['allview'])) { return false; } $sql = "SELECT count(node.nodeid) AS qty FROM " . TABLE_PREFIX . "cms_node AS node" . ($this->filter_node ? " INNER JOIN " . TABLE_PREFIX . "cms_node AS rootnode ON rootnode.nodeid = " . intval($this->filter_node) : '') . " $content_query_joins $hook_query_joins LEFT JOIN " . TABLE_PREFIX . "cms_sectionorder AS sectionorder ON sectionorder.sectionid = " . intval($this->filter_node) ." AND sectionorder.nodeid = node.nodeid WHERE (1=1) ". ($this->filter_contenttype ? "AND node.contenttypeid = " . intval($this->filter_contenttype) . " " : '') . ($this->filter_contentid ? "AND node.contentid = " . intval($this->contentid) . " ": '') . ($this->filter_node ? "AND (node.nodeleft >= rootnode.nodeleft AND node.nodeleft <= rootnode.noderight) AND node.nodeleft != rootnode.nodeleft " : '') . ($this->filter_nosections ? "AND node.issection != '1' " : '') . ($this->filter_onlysections ? "AND node.issection = '1' " : '') . ($this->filter_userid ? "AND node.userid = " . intval($this->filter_userid) . " " : '') . ($this->filter_published ? "AND node.setpublish = '1' AND node.publishdate <= " . intval(TIMENOW) . " " : '') . ($this->filter_unpublished ? "AND node.setpublish = '0' OR node.publishdate > " . intval(TIMENOW) . " " : '') . " " . ((($this->filter_contenttype AND ($this->filter_contenttype == vB_Types::instance()->getContentTypeID("vBCms_Section"))) OR $this->filter_onlysections) ? '' : "AND node.new != 1 ") . (intval($this->filter_node_exact) ? "AND (node.parentnode = " . $this->filter_node_exact . " OR sectionorder.displayorder > 0 )": '') . (($this->orderby == 5) ? " AND sectionorder.displayorder > 0 " : '') . ($this->filter_ignorepermissions ? '' : " AND " . vBCMS_Permissions::getPermissionString()) . " $filter_notcontenttype $content_query_where $hook_query_where "; if ($record = vB::$vbulletin->db->query_first($sql)) { return intval($record['qty']); } }
public static function getNodeSearchResults() { global $vbulletin; global $vbphrase; global $phrasegroups; require_once DIR . '/includes/functions_databuild.php'; require_once DIR . '/includes/functions.php'; fetch_phrase_group('cpcms'); if (! isset($vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } $vbulletin->input->clean_array_gpc('r', array( 'title_filter' => TYPE_STR, 'contenttypeid' => TYPE_UINT, 'state_filter' => TYPE_UINT, 'formid' => TYPE_STR, 'author_filter' => TYPE_UINT)); $filters = array("node.permissionsfrom in (" . implode(',', array_unique( array_merge($vbulletin->userinfo['permissions']['cms']['cancreate'], $vbulletin->userinfo['permissions']['cms']['canedit'], $vbulletin->userinfo['permissions']['cms']['canpublish']))) . ") "); if ($vbulletin->GPC_exists['title_filter']) { $filters[] = " lower(info2.title) like '%" . strtolower($vbulletin->GPC['title_filter']) . "%' "; } if ($vbulletin->GPC_exists['state_filter']) { switch(intval($vbulletin->GPC['state_filter'])) { case 1: $filters[] = " node2.setpublish = 0 "; break; case 2: $filters[] = " node2.setpublish > 0 AND node.publishdate <= " . TIMENOW; break; case 3: $filters[] = " node2.setpublish > 0 AND node.publishdate > " . TIMENOW; break; } // switch } if ($vbulletin->GPC_exists['author_filter']) { $filters[] = "node2.userid =" . intval($vbulletin->GPC['author_filter']); } if ($vbulletin->GPC_exists['contenttypeid']) { $filters[] = "node2.contenttypeid =" . $vbulletin->GPC['contenttypeid']; } $filters[] = "node2.new != 1"; $sql = "SELECT DISTINCT info.title AS section, node.nodeid AS parentid, node2.nodeid, user.username, node2.setpublish, node2.publishdate, node2.nodeleft, node2.noderight FROM " . TABLE_PREFIX . "cms_node AS node INNER JOIN " . TABLE_PREFIX . "cms_nodeinfo AS info ON info.nodeid = node.nodeid INNER JOIN " . TABLE_PREFIX . "cms_node node2 ON (node2.nodeleft >= node.nodeleft AND node2.nodeleft <= node.noderight) INNER JOIN " . TABLE_PREFIX . "cms_nodeinfo AS info2 ON info2.nodeid = node2.nodeid LEFT JOIN " . TABLE_PREFIX . "user AS user ON user.userid = node2.userid WHERE " . implode (" AND ", $filters) . " ORDER BY node2.nodeleft, node.nodeleft"; if ($rst = $vbulletin->db->query_read($sql)) { //Now it's simple. We walk down the list, composing the // parentage as we go. $results = array(); $counter = 0; $row = $vbulletin->db->fetch_array($rst); $current_nodeid = intval(-1); $parentnames = array(); $lastnode = $row; while($row) { // If the current record isn't a child of the last record, // put out the current record. Since we're already sorted by nodeleft, we // only need to worry about noderight if (intval($row['nodeid']) != $current_nodeid) { $counter++; $published = (intval($lastnode['setpublish']) ? $vbphrase['published'] . ' ' . vbdate($vbulletin->options['dateformat'], $lastnode['publishdate']) : $vbphrase['unpublished']); $results [$lastnode['nodeid']] = array('leaf' => $lastnode['section'], 'contenttype' => $vbphrase[strtolower($lastnode['class'])], 'nodeid' => $lastnode['nodeid'], 'counter' => $counter, 'author' => $lastnode['username'], 'published' => $published, 'parent' => implode('>', $parentnames) ); $current_nodeid = intval($row['nodeid']); $parentnames = array(); $lastnode = $row; } else { $parentnames[] = $lastnode['section']; $lastnode = $row; } $row = $vbulletin->db->fetch_array($rst); } } //at the end we have to display one more record. $counter++; $published = (intval($lastnode['setpublish']) ? $vbphrase['published'] . ' ' . vbdate($vbulletin->options['dateformat'], $lastnode['publishdate']) : $vbphrase['unpublished']); $results [$lastnode['nodeid']] = array('leaf' => $lastnode['section'], 'contenttype' => $vbphrase[strtolower($lastnode['class'])], 'nodeid' => $lastnode['nodeid'], 'counter' => $counter, 'author' => $lastnode['username'], 'published' => $published, 'parent' => implode('>', $parentnames) ); $template = vB_Template::create('vbcms_ajax_leafresult'); $template->register('nodelist', $results) ; $template->register('count', $counter); $template->register('formid',($vbulletin->GPC_exists['formid']? $vbulletin->GPC['formid'] : 'cms_section_data')); return $template->render(); }
/** Creates the publish editor at the top right of the edit section * * @return mixed * ****/ public function getPublishEditor($submit_url, $formid, $showpreview = true, $showcomments = true, $publicpreview = false, $comments_enabled = false, $pagination_links = 1) { if ($this->canPublish()) { $pub_view = new vB_View('vbcms_edit_publisher'); $pub_view->formid = $formid; $pub_view->setpublish = $this->setpublish; // if this is an unpublished article then we display publish to facebook if (is_facebookenabled() AND vB::$vbulletin->options['fbfeednewarticle'] AND !$this->setpublish) { // only display box if user is connectected to facebook $pub_view->showfbpublishcheckbox = is_userfbconnected(); } //Get date is a most annoying function for us. It takes a Unix time stamp // and converts it to server local time. We need to compensate for the difference between // server time (date('Z')) and usertime (vBCms_ContentManager::getTimeOffset(vB::$vbulletin->userinfo)) $offset = vBCms_ContentManager::getTimeOffset(vB::$vbulletin->userinfo) - date('Z'); if (intval($this->publishdate)) { $pub_view->publishdate = $this->publishdate ; } else { // get the current date/time dependent on user locality $pub_view->publishdate = TIMENOW; } $then = getdate(intval($pub_view->publishdate) + $offset); $pub_view->hour = $then['hours']; $pub_view->minute = $then['minutes']; //we need to parse out the date and time //Are we using a 24 hour clock? if ((strpos(vB::$vbulletin->options['timeformat'], 'G') !== false) OR (strpos( vB::$vbulletin->options['timeformat'], 'H') !== false)) { $pub_view->show24 = 1; } else { $pub_view->show24 = 0; $pub_view->offset = $pub_view->hour >= 12 ? 'PM' : 'AM'; if ($pub_view->hour > 12) { $pub_view->hour -= 12; } } $pub_view->title = $this->title; $pub_view->html_title = $this->html_title; $pub_view->username = $this->username; $pub_view->dateformat = vB::$vbulletin->options['dateformat']; // get the appropriate date format string for the // publish date calendar based on user's locale $pub_view->calendardateformat = (!empty(vB::$vbulletin->userinfo['lang_dateoverride']) ? '%Y/%m/%d' : 'Y/m/d'); $pub_view->groups = $this->getReaderGroups(); $pub_view->parents = $this->getParentage(); $pub_view->submit_url = $submit_url; $pub_view->sectiontypeid = vb_Types::instance()->getContentTypeID("vBCms_Section"); $pub_view->parents = $this->getParentage(); $pub_view->showtitle = $this->getShowTitle(); $pub_view->showuser = $this->getShowUser(); $pub_view->showpreviewonly = $this->getShowPreviewonly(); $pub_view->showupdated = $this->getShowUpdated(); $pub_view->showviewcount = $this->getShowViewcount(); $pub_view->showpublishdate = $this->getShowPublishdate(); $pub_view->settingsforboth = $this->getSettingsForboth(); $pub_view->showall = $this->getShowall(); $pub_view->includechildren = $this->getIncludeChildren(); $pub_view->showrating = $this->getShowRating(); $pub_view->hidden = $this->getHidden(); $pub_view->pagination_links = $pagination_links; $pub_view->show_pagination_link = ($this->contenttypeid == vb_Types::instance()->getContentTypeID("vBCms_Section") ) ? 1 : 0; $pub_view->shownav = $this->getShowNav(); $pub_view->show_shownav = ($this->contenttypeid == vb_Types::instance()->getContentTypeID("vBCms_Section") ) ? 0 : 1; $pub_view->nosearch = $this->getNoSearch(); $sectionid = (1 == $this->nodeid) ? 1 : $this->parentnode; $pub_view->hours24 = vB::$vbulletin->options['dateformat']; if ($this->contenttypeid == $pub_view->sectiontypeid) { $pub_view->show_categories = 0; $pub_view->is_section = 1; $pub_view->show_showsettings = 0; } else { $pub_view->show_categories = 1; $pub_view->categories = $this->getThisCategories(); $pub_view->show_showsettings = 1; $pub_view->is_section = 0; $pub_view->sectionid = $this->parentnode; } if ($pub_view->show_htmloption = ( $this->contenttypeid == vb_Types::instance()->getContentTypeID("vBCms_Article") // this is limited here to article but could be moved to any contenttype AND $this->canusehtml // this is set by some of the member functions above... )) { $pub_view->htmloption = $this->htmlstate; } $pub_view->show_categories = ($this->contenttypeid == $pub_view->sectiontypeid ? 0 : 1); //get the nodes $nodelist = vBCms_ContentManager::getSections(false); if (! isset(vB::$vbulletin->userinfo['permissions']['cms']) ) { vBCMS_Permissions::getUserPerms(); } foreach ($nodelist as $key => $node) { if (in_array(strval($node['permissionsfrom']), vB::$vbulletin->userinfo['permissions']['cms']['canpublish'])) { $nodelist[$key]['selected'] = ($sectionid == $node['nodeid'] ? 'selected="selected"' : ''); } else { unset($nodelist[$key]); } } $pub_view->nodelist = $nodelist; $pub_view->showpreview = $showpreview; $pub_view->showcomments = $showcomments; $pub_view->publicpreview = $publicpreview; $pub_view->hidden = $this->hidden; $pub_view->comments_enabled = $comments_enabled; $pub_view->show_sections = (1 != $this->nodeid); return $pub_view; } }
$show['pingback'] = ($vbulletin->options['vbblog_pingback'] and $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canreceivepingback'] ? true : false); $show['trackback'] = ($vbulletin->options['vbblog_trackback'] and $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canreceivepingback'] ? true : false); $show['notify'] = ($vbulletin->options['vbblog_notifylinks'] and $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_cansendpingback'] ? true : false); $navbits = array(); /* Check they can view a blog, any blog */ if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { if (!$vbulletin->userinfo['userid'] or !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) { print_no_permission(); } } ($hook = vBulletinHook::fetch_hook('blog_start')) ? eval($hook) : false; //We'll need this in a bit. This is the info to mark as escalate to Article if ($vbulletin->products['vbcms']) { if (!isset(vB::$vbulletin->userinfo['permissions']['cms'])) { require_once DIR . '/packages/vbcms/permissions.php'; vBCMS_Permissions::getUserPerms(); } } // ####################################################################### if ($_REQUEST['do'] == 'blog') { $vbulletin->input->clean_array_gpc('r', array('pagenumber' => TYPE_UINT, 'goto' => TYPE_STR, 'uh' => TYPE_BOOL)); $bloginfo = verify_blog($blogid); verify_seo_url('entry', $bloginfo, array('pagenumber' => $_REQUEST['pagenumber'])); track_blog_visit($bloginfo['userid']); $wheresql = array(); $state = array('visible'); ($hook = vBulletinHook::fetch_hook('blog_entry_start')) ? eval($hook) : false; if (can_moderate_blog('canmoderateentries') or is_member_of_blog($vbulletin->userinfo, $bloginfo)) { $state[] = 'moderation'; } if (can_moderate_blog() or is_member_of_blog($vbulletin->userinfo, $bloginfo)) {
function do_get_cms_sections() { global $vbulletin, $db; if (!isset($vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } $publishlist = implode(', ', vB::$vbulletin->userinfo['permissions']['cms']['canpublish']); $viewlist = implode(', ', vB::$vbulletin->userinfo['permissions']['cms']['allview']); $result = $vbulletin->db->query_read("\n\tSELECT node.nodeid, node.parentnode, node.url, node.permissionsfrom, node.setpublish, node.publishdate, node.noderight, info.title\n\tFROM " . TABLE_PREFIX . "cms_node AS node\n\tINNER JOIN " . TABLE_PREFIX . "cms_nodeinfo AS info ON info.nodeid = node.nodeid\n\tWHERE node.contenttypeid = " . vB_Types::instance()->getContentTypeID("vBCms_Section") . "\n\t AND ((node.permissionsfrom IN ({$viewlist}) AND node.hidden = 0) OR (node.permissionsfrom IN ({$publishlist})))\n\t ORDER BY node.nodeleft"); $sections = array(); while ($section = $vbulletin->db->fetch_array($result)) { $sections[] = array('sectionid' => $section['nodeid'], 'title' => prepare_utf8_string(strip_tags($section['title']))); } return array('sections' => $sections); }
public function get_results($user, $criteria) { global $vbulletin; $db = $vbulletin->db; $range_filters = $criteria->get_range_filters(); $equals_filters = $criteria->get_equals_filters(); $sort = $criteria->get_sort(); $direction = strtolower($criteria->get_sort_direction()) == 'desc' ? 'desc' : 'asc'; $sort_join = ""; $orderby = ""; $section_join = ""; $where = array(); //verify permissions if (! isset(vB::$vbulletin->userinfo['permissions']['cms'])) { vBCMS_Permissions::getUserPerms(); } if (! count(vB::$vbulletin->userinfo['permissions']['cms']['canview'])) { return array(); } if ($sort = 'dateline') { $orderby = 'node.publishdate ' . $direction; } else if ($sort = 'user') { $sort_join = "JOIN " . TABLE_PREFIX . "user AS user ON node.userid = user.userid"; $orderby = "user.username " . $direction . ", node.publishdate DESC"; } else { $orderby = " node.publishdate DESC"; } $results = array(); $where[] = " node.publishdate <= " . TIMENOW; //get date cut -- but only if we're not using the threadmarking filter if (isset($range_filters['datecut'])) { //ignore any upper limit $where[] = " node.publishdate >= " . $range_filters['datecut'][0]; } else if (isset($range_filters['dateline'])) { $where[] = " node.publishdate >= " . $range_filters['dateline'][0]; } else if (isset($range_filters['days'])) { $where[] = " node.publishdate >= " . $range_filters['days'][0]; } else { $where[] = " node.publishdate >= " . TIMENOW - 86400 * ($vbulletin->GPC_exists['days'] ? $vbulletin->GPC['days'] : self::MAX_DAYS); } if (isset($equals_filters['userid'])) { $where[] = " node.userid " . (is_array($equals_filters['userid'][vB_Search_Core::OP_EQ]) ? "in (" . implode(', ', $equals_filters['userid'][vB_Search_Core::OP_EQ]) . ") " : " = " . $equals_filters['userid'][vB_Search_Core::OP_EQ] ); } else if ($vbulletin->GPC_exists['userid']) { $where[] = " node.userid = " . $vbulletin->GPC['userid']; } if ($vbulletin->GPC_exists['sectionid']) { $where[] = " parent.nodeid = " . $vbulletin->GPC['sectionid']; $section_join = "INNER JOIN " . TABLE_PREFIX . "cms_node AS parent ON (node.nodeleft >= parent.nodeleft AND node.nodeleft <= parent.noderight)"; } if ($keywords = $criteria->get_keywords()) { $searchcore_join = " INNER JOIN " . TABLE_PREFIX . "searchcore AS searchcore ON searchcore.primaryid = node.contentid AND searchcore.contenttypeid = node.contenttypeid"; $where[] = " MATCH (title, keywordtext) against " . $db->escape_string($keywords) . " IN BOOLEAN MODE "; } if ($this->contenttypeid = $criteria->get_contenttypeid()) { $where[] = " node.contenttypeid = " . $this->contenttypeid; } $q = " SELECT node.nodeid, node.contenttypeid, node.contentid FROM " . TABLE_PREFIX . "cms_node as node $searchcore_join $sort_join $section_join WHERE node.new != 1 AND node.nosearch != 1 AND ((node.permissionsfrom in ( " . implode(', ', vB::$vbulletin->userinfo['permissions']['cms']['canview']) . ") AND node.setpublish > 0 AND node.publishdate <= " . TIMENOW . " ) OR (node.permissionsfrom in ( " . implode(', ', vB::$vbulletin->userinfo['permissions']['cms']['canedit']) . ")) OR (node.userid = " . intval(vB::$vbulletin->userinfo['userid']) . ") )" . ($where ? " AND " : '') . implode(' AND ', $where) . " ORDER BY $orderby LIMIT " . intval($vbulletin->options['maxresults']); $entries = $db->query_read_slave($q); while ($entry = $db->fetch_array($entries)) { $results[] = array($entry['contenttypeid'], $entry['contentid'], $entry['nodeid']); } return $results; }
/** * Template method. Calls all the appropriate methods to build a post and then evaluates the template. * * @param array Post information * * @return string HTML for the post */ function construct_postbit(&$post) { global $ad_location; $this->post =& $post; $thread =& $this->thread; $forum =& $this->forum; // make sure we can display this post if ($this->is_displayable() == false) { return ''; } global $show, $vbphrase; global $spacer_open, $spacer_close; global $bgclass, $altbgclass; exec_switch_bg(); $template_hook = array(); ($hook = vBulletinHook::fetch_hook('postbit_display_start')) ? eval($hook) : false; // put together each part of the post $this->prep_post_start(); $this->process_date_status(); $this->process_edit_info(); $this->process_icon(); $this->process_ip(); if (!empty($this->post['userid'])) { $this->process_registered_user(); $this->process_im_icons(); } else { $this->process_unregistered_user(); } $this->bbcode_parser->containerid = $this->post['postid']; $this->parse_bbcode(); $this->process_attachments(); // finish prepping the post $this->prep_post_end(); $pageinfo_post = array( 'p' => $post['postid'] ); if ($this->templatename != 'postbit') { $pageinfo_post['viewfull'] = 1; } // execute hook ($hook = vBulletinHook::fetch_hook('postbit_display_complete')) ? eval($hook) : false; $show['last_ad'] = $show['first_ad'] = $show['first_adsense'] = false; if ($post['isfirstshown']) { //this does not appear to be an ad slot, rather it appears to be some shim html //that needs to be rendered if the firstpost google ad is included. $template = vB_Template::create('ad_showthread_firstpost_sig'); $template->register('adsense_pub_id', $this->registry->adsense_pub_id); $template->register('adsense_host_id', $this->registry->adsense_host_id); $ad_location['ad_showthread_firstpost_sig'] = $template->render(); $template = vB_Template::create('ad_showthread_firstpost_start'); $template->register('adsense_pub_id', $this->registry->adsense_pub_id); $template->register('adsense_host_id', $this->registry->adsense_host_id); $ad_location['ad_showthread_firstpost_start'] = trim($template->render(true)); $ad_location['ad_showthread_firstpost_sig'] = vB_Template::create('ad_showthread_firstpost_sig')->render(); if ($ad_location['ad_showthread_firstpost_start']) { $show['first_ad'] = true; } if ($ad_location['thread_first_post_content'] = trim(vB_Template::create('ad_thread_first_post_content')->render(true))) { if (preg_match('#^<div id="ad_thread_first_post_content">.+</div>$#si', $ad_location['thread_first_post_content'])) { $show['first_ad'] = true; } else { $ad_location['thread_first_post_content'] = ''; } } } else if ( $post['islastshown'] AND $ad_location['thread_last_post_content'] = trim(vB_Template::create('ad_thread_last_post_content')->render(true)) ) { if (preg_match('#^<div id="ad_thread_last_post_content">.+</div>$#si', $ad_location['thread_last_post_content'])) { $show['last_ad'] = true; } else { $ad_location['thread_last_post_content'] = ''; } } // prepare the member action drop-down menu // pass the local template hook so that each drop-down gets its own hook (per-postbit) $memberaction_dropdown = construct_memberaction_dropdown($post, $template_hook); // evaluate template $postid =& $post['postid']; $templater = vB_Template::create($this->template_prefix . $this->templatename); if ($this->add_promote_links AND $this->registry->products['vbcms']) { if (!isset($this->registry->userinfo['permissions']['cms'])) { bootstrap_framework(); vBCMS_Permissions::getUserPerms(); } if ($this->registry->userinfo['permissions']['cms']['canpublish'][0] != -1) { $templater->register('promote_sectionid', $this->registry->userinfo['permissions']['cms']['canpublish'][0]); $templater->register('articletypeid', vB_Types::instance()->getContentTypeID('vBCms_Article')); $promote_url = vB_Route::create('vBCms_Route_Content', '1/addcontent/')->getCurrentURL(); $promote_url .= (strrpos($promote_url, '?') ? '&' : '?') . 'contenttypeid=' . vB_Types::instance()->getContentTypeID('vBCms_Article') . "&postid=" . $post['postid'] . '&parentid=1'; $templater->register('promote_url', $promote_url); } } $templater->register('ad_location', $ad_location); $templater->register('memberaction_dropdown', $memberaction_dropdown); $templater->register('pageinfo_post', $pageinfo_post); $templater->register('post', $post); $templater->register('postid', $postid); $templater->register('template_hook', $template_hook); $templater->register('thread', $thread); $postbit = $templater->render(); $templater = vB_Template::create('postbit_wrapper'); $templater->register('post', $post); $templater->register('postbit', $postbit); $templater->register('spacer_close', $spacer_close); $templater->register('spacer_open', $spacer_open); $retval = $templater->render(); return $retval; }
/** * Template method that does all the work to display an issue note, including processing the template * * @return string Templated note output */ function construct() { global $vbulletin; ($hook = vBulletinHook::fetch_hook('blog_comment_display_start')) ? eval($hook) : false; // preparation for display... $this->prepare_start(); if ($this->response['userid']) { $this->process_registered_user(); } else { $this->process_unregistered_user(); } $this->process_date_status(); $this->process_display(); $this->process_text(); $this->prepare_end(); // actual display... $bloginfo =& $this->bloginfo; $response =& $this->response; global $show, $vbphrase; global $spacer_open, $spacer_close; global $bgclass, $altbgclass; exec_switch_bg(); $show['readmore'] = $this->readmore; ($hook = vBulletinHook::fetch_hook('blog_comment_display_complete')) ? eval($hook) : false; $this->response['blogtitle'] = $this->bloginfo['title']; $pageinfo_ip = array( 'do' => 'viewip', 'bt' => $this->response['blogtextid'], ); $templater = vB_Template::create($this->template); $templater->register('response', $response); $templater->register('pageinfo', $this->pageinfo); $templater->register('pageinfo_ip', $pageinfo_ip); if ($vbulletin->products['vbcms']) { require_once(DIR . '/includes/class_bootstrap_framework.php'); vB_Bootstrap_Framework::init(); if (! isset(vB::$vbulletin->userinfo['permissions']['cms'])) { require_once DIR . '/packages/vbcms/permissions.php'; vBCMS_Permissions::getUserPerms(); } if (count(vB::$vbulletin->userinfo['permissions']['cms']['cancreate'])) { $templater->register('promote_sectionid', vB::$vbulletin->userinfo['permissions']['cms']['canpublish'][0]); $templater->register('articletypeid', vB_Types::instance()->getContentTypeID('vBCms_Article')); $promote_url = vB_Route::create('vBCms_Route_Content', '1/addcontent/')->getCurrentURL(); $promote_url .= (strrpos($promote_url, '?') ? '&' : '?') . 'contenttypeid=' . vB_Types::instance()->getContentTypeID('vBCms_Article') . "&blogcommentid=" . $response['blogtextid'] . '&parentid=1'; $templater->register('promote_url', $promote_url); } } return $templater->render(($this->registry->GPC['ajax'])); }