Esempio n. 1
0
/**
 * A page is not validated, so show a warning.
 *
 * @param  ID_TEXT		The zone the page is being loaded from
 * @param  ID_TEXT		The codename of the page
 * @param  tempcode		The edit URL (blank if no edit access)
 * @return tempcode		The warning
 */
function get_page_warning_details($zone, $codename, $edit_url)
{
    $warning_details = new ocp_tempcode();
    if (!has_specific_permission(get_member(), 'jump_to_unvalidated')) {
        access_denied('SPECIFIC_PERMISSION', 'jump_to_unvalidated');
    }
    $uv_warning = do_lang_tempcode(get_param_integer('redirected', 0) == 1 ? 'UNVALIDATED_TEXT_NON_DIRECT' : 'UNVALIDATED_TEXT');
    // Wear sun cream
    if (!$edit_url->is_empty()) {
        $menu_links = $GLOBALS['SITE_DB']->query('SELECT DISTINCT i_menu FROM ' . get_table_prefix() . 'menu_items WHERE ' . db_string_equal_to('i_url', $zone . ':' . $codename) . ' OR ' . db_string_equal_to('i_url', '_SEARCH:' . $codename));
        if (count($menu_links) != 0) {
            $menu_items_linking = new ocp_tempcode();
            foreach ($menu_links as $menu_link) {
                if (!$menu_items_linking->is_empty()) {
                    $menu_items_linking->attach(do_lang_tempcode('LIST_SEP'));
                }
                $menu_edit_url = build_url(array('page' => 'admin_menus', 'type' => 'edit', 'id' => $menu_link['i_menu']), get_module_zone('admin_menus'));
                $menu_items_linking->attach(hyperlink($menu_edit_url, $menu_link['i_menu'], false, true));
            }
            $uv_warning = do_lang_tempcode('UNVALIDATED_TEXT_STAFF', $menu_items_linking);
        }
    }
    $warning_details->attach(do_template('WARNING_TABLE', array('WARNING' => $uv_warning)));
    return $warning_details;
}
Esempio n. 2
0
 /**
  * Standard modular run function.
  *
  * @return tempcode	The result of execution.
  */
 function run()
 {
     if (get_forum_type() != 'ocf') {
         warn_exit(do_lang_tempcode('NO_OCF'));
     } else {
         ocf_require_all_forum_stuff();
     }
     require_code('ocf_forumview');
     if (is_guest()) {
         access_denied('NOT_AS_GUEST');
     }
     require_css('ocf');
     $type = get_param('type', 'misc');
     if ($type == 'misc') {
         list($title, $content) = $this->new_posts();
     } elseif ($type == 'unread') {
         list($title, $content) = $this->unread_topics();
     } elseif ($type == 'recently_read') {
         list($title, $content) = $this->recently_read();
     } else {
         $title = new ocp_tempcode();
         $content = new ocp_tempcode();
     }
     $ret = ocf_wrapper($title, do_template('OCF_VFORUM', array('_GUID' => '8dca548982d65500ab1800ceec2ddc61', 'CONTENT' => $content)));
     return $ret;
 }
Esempio n. 3
0
 /**
  * Standard modular run function.
  *
  * @return tempcode	The result of execution.
  */
 function run()
 {
     require_lang('bookmarks');
     require_code('bookmarks');
     require_css('bookmarks');
     if (is_guest()) {
         access_denied('NOT_AS_GUEST');
     }
     // Decide what we're doing
     $type = get_param('type', 'misc');
     if ($type == 'misc') {
         return $this->manage_bookmarks();
     }
     if ($type == '_manage') {
         return $this->_manage_bookmarks();
     }
     if ($type == '_edit') {
         return $this->_edit_bookmark();
     }
     if ($type == 'ad') {
         return $this->ad();
     }
     if ($type == '_ad') {
         return $this->_ad();
     }
     return new ocp_tempcode();
 }
Esempio n. 4
0
/**
 * Add a forum poll.
 *
 * @param  AUTO_LINK		The ID of the topic to add the poll to.
 * @param  SHORT_TEXT	The question.
 * @param  BINARY			Whether the result tallies are kept private until the poll is made non-private.
 * @param  BINARY			Whether the poll is open for voting.
 * @param  integer		The minimum number of selections that may be made.
 * @param  integer		The maximum number of selections that may be made.
 * @param  BINARY			Whether members must have a post in the topic before they made vote.
 * @param  array			A list of pairs of the potential voteable answers and the number of votes.
 * @param  boolean		Whether to check there are permissions to make the poll.
 * @return AUTO_LINK 	The ID of the newly created forum poll.
 */
function ocf_make_poll($topic_id, $question, $is_private, $is_open, $minimum_selections, $maximum_selections, $requires_reply, $answers, $check_permissions = true)
{
    require_code('ocf_polls');
    if ($check_permissions && !ocf_may_attach_poll($topic_id)) {
        access_denied('I_ERROR');
    }
    $poll_id = $GLOBALS['FORUM_DB']->query_insert('f_polls', array('po_question' => $question, 'po_cache_total_votes' => 0, 'po_is_private' => $is_private, 'po_is_open' => $is_open, 'po_minimum_selections' => $minimum_selections, 'po_maximum_selections' => $maximum_selections, 'po_requires_reply' => $requires_reply), true);
    foreach ($answers as $answer) {
        if (is_array($answer)) {
            list($answer, $num_votes) = $answer;
        } else {
            $num_votes = 0;
        }
        $GLOBALS['FORUM_DB']->query_insert('f_poll_answers', array('pa_poll_id' => $poll_id, 'pa_answer' => $answer, 'pa_cache_num_votes' => $num_votes));
    }
    $map = array('t_poll_id' => $poll_id);
    // Now make the topic validated if this is attaching immediately
    if (get_param_integer('re_validate', 0) == 1) {
        $forum_id = $GLOBALS['FORUM_DB']->query_value('f_topics', 't_forum_id', array('id' => $topic_id));
        if (is_null($forum_id) || has_specific_permission(get_member(), 'bypass_validation_midrange_content', 'topics', array('forums', $forum_id))) {
            $map['t_validated'] = 1;
        }
    }
    $GLOBALS['FORUM_DB']->query_update('f_topics', $map, array('id' => $topic_id), '', 1);
    return $poll_id;
}
Esempio n. 5
0
 /**
  * Constructor method
  *
  * @access public
  * @return void
  */
 public function __construct()
 {
     parent::__construct();
     // Load the required classes
     $this->load->model('group_m');
     $this->lang->load('groups');
     is_sadmin() or access_denied();
 }
Esempio n. 6
0
/**
 * Is the category accessible to the connected user ?
 * If the user is not authorized to see this category, script exits
 *
 * @param int $category_id
 */
function check_restrictions($category_id)
{
    global $user;
    // $filter['visible_categories'] and $filter['visible_images']
    // are not used because it's not necessary (filter <> restriction)
    if (in_array($category_id, explode(',', $user['forbidden_categories']))) {
        access_denied();
    }
}
function post_only_user($level)
{
    if (Request::$method != 'POST') {
        return;
    }
    if (User::is("<{$level}")) {
        access_denied();
    }
}
Esempio n. 8
0
 /**
  * Standard modular run function.
  *
  * @param  array		A map of parameters.
  * @return tempcode	The result of execution.
  */
 function run($map)
 {
     if (!array_key_exists('param', $map)) {
         return new ocp_tempcode();
     }
     if (!has_zone_access(get_member(), $map['param'])) {
         access_denied('ZONE_ACCESS', $map['param']);
     }
     return new ocp_tempcode();
 }
Esempio n. 9
0
function gb_index()
{
    global $template, $page, $conf;
    if (isset($page['section']) and $page['section'] == 'guestbook') {
        if (is_a_guest() && !$conf['guestbook']['guest_can_view']) {
            access_denied();
        }
        include GUESTBOOK_PATH . '/include/guestbook.inc.php';
    }
}
Esempio n. 10
0
 /**
  * Standard modular render function for profile tab hooks.
  *
  * @param  MEMBER			The ID of the member who is being viewed
  * @param  MEMBER			The ID of the member who is doing the viewing
  * @param  boolean		Whether to leave the tab contents NULL, if tis hook supports it, so that AJAX can load it later
  * @return array			A triple: The tab title, the tab contents, the suggested tab order
  */
 function render_tab($member_id_of, $member_id_viewing, $leave_to_ajax_if_possible = false)
 {
     $title = do_lang_tempcode('EDIT_EM');
     require_lang('ocf');
     require_css('ocf');
     $order = 200;
     if ($leave_to_ajax_if_possible && strtoupper(ocp_srv('REQUEST_METHOD')) != 'POST') {
         return array($title, NULL, $order);
     }
     $tabs = array();
     $hooks = find_all_hooks('systems', 'profiles_tabs_edit');
     if (isset($hooks['settings'])) {
         $hooks = array('settings' => $hooks['settings']) + $hooks;
     }
     foreach (array_keys($hooks) as $hook) {
         require_code('hooks/systems/profiles_tabs_edit/' . $hook);
         $ob = object_factory('Hook_Profiles_Tabs_Edit_' . $hook);
         if ($ob->is_active($member_id_of, $member_id_viewing)) {
             $tabs[] = $ob->render_tab($member_id_of, $member_id_viewing, $leave_to_ajax_if_possible);
         }
     }
     if ($leave_to_ajax_if_possible) {
         return array($title, NULL, $order);
     }
     global $M_SORT_KEY;
     $M_SORT_KEY = 4;
     usort($tabs, 'multi_sort');
     $javascript = '';
     $hidden = new ocp_tempcode();
     // Session ID check, if saving
     if (count($_POST) != 0 && count($tabs) != 0) {
         global $SESSION_CONFIRMED;
         if ($SESSION_CONFIRMED == 0) {
             access_denied('SESSION', '', true);
         }
     }
     $_tabs = array();
     $first = true;
     foreach ($tabs as $i => $tab) {
         if (is_null($tab)) {
             continue;
         }
         $javascript .= $tab[3];
         if (isset($tab[5])) {
             $hidden->attach($tab[5]);
         }
         $_tabs[] = array('TAB_TITLE' => $tab[0], 'TAB_FIELDS' => $tab[1], 'TAB_TEXT' => $tab[2], 'TAB_FIRST' => $first, 'TAB_LAST' => !array_key_exists($i + 1, $tabs));
         $first = false;
     }
     $url = build_url(array('page' => '_SELF'), '_SELF', NULL, true, false, false);
     $content = do_template('OCF_MEMBER_PROFILE_EDIT', array('JAVASCRIPT' => $javascript, 'HIDDEN' => $hidden, 'URL' => $url, 'SUBMIT_NAME' => do_lang_tempcode('SAVE'), 'AUTOCOMPLETE' => false, 'SKIP_VALIDATION' => true, 'TABS' => $_tabs));
     return array($title, $content, $order);
 }
Esempio n. 11
0
/**
 * Add a topic.
 *
 * @param  ?AUTO_LINK	The ID of the forum the topic will be in (NULL: Private Topic).
 * @param  SHORT_TEXT	Description of the topic.
 * @param  SHORT_TEXT	The theme image code of the emoticon for the topic.
 * @param  ?BINARY		Whether the topic is validated (NULL: detect whether it should be).
 * @param  BINARY			Whether the topic is open.
 * @param  BINARY			Whether the topic is pinned.
 * @param  BINARY			Whether the topic is sunk.
 * @param  BINARY			Whether the topic is cascading.
 * @param  ?MEMBER		If it is a Private Topic, who is it 'from' (NULL: not a Private Topic).
 * @param  ?MEMBER		If it is a Private Topic, who is it 'to' (NULL: not a Private Topic).
 * @param  boolean		Whether to check the poster has permissions for the given topic settings.
 * @param  integer		The number of times the topic has been viewed.
 * @param  ?AUTO_LINK	Force an ID (NULL: don't force an ID)
 * @param  SHORT_TEXT	Link related to the topic (e.g. link to view a ticket).
 * @return AUTO_LINK		The ID of the newly created topic.
 */
function ocf_make_topic($forum_id, $description = '', $emoticon = '', $validated = NULL, $open = 1, $pinned = 0, $sunk = 0, $cascading = 0, $pt_from = NULL, $pt_to = NULL, $check_perms = true, $num_views = 0, $id = NULL, $description_link = '')
{
    if (is_null($pinned)) {
        $pinned = 0;
    }
    if (is_null($sunk)) {
        $sunk = 0;
    }
    if (is_null($description)) {
        $description = '';
    }
    if (is_null($num_views)) {
        $num_views = 0;
    }
    if ($check_perms) {
        require_code('ocf_topics');
        if (!ocf_may_post_topic($forum_id, get_member())) {
            access_denied('I_ERROR');
        }
        if (!is_null($pt_to)) {
            decache('side_ocf_personal_topics', array($pt_to));
            decache('_new_pp', array($pt_to));
        }
        if (!is_null($forum_id)) {
            require_code('ocf_posts_action');
            ocf_decache_ocp_blocks($forum_id);
        }
        require_code('ocf_forums');
        if (!ocf_may_moderate_forum($forum_id)) {
            $pinned = 0;
            $sunk = 0;
            $open = 1;
            $cascading = 0;
        }
    }
    if (is_null($validated) || $check_perms && $validated == 1) {
        if (!is_null($forum_id) && !has_specific_permission(get_member(), 'bypass_validation_midrange_content', 'topics', array('forums', $forum_id))) {
            $validated = 0;
        } else {
            $validated = 1;
        }
    }
    if (!addon_installed('unvalidated')) {
        $validated = 1;
    }
    $map = array('t_pinned' => $pinned, 't_sunk' => $sunk, 't_cascading' => $cascading, 't_forum_id' => $forum_id, 't_pt_from' => $pt_from, 't_pt_to' => $pt_to, 't_description' => substr($description, 0, 255), 't_description_link' => substr($description_link, 0, 255), 't_emoticon' => $emoticon, 't_num_views' => $num_views, 't_validated' => $validated, 't_is_open' => $open, 't_poll_id' => NULL, 't_cache_first_post_id' => NULL, 't_cache_first_post' => NULL, 't_cache_first_time' => NULL, 't_cache_first_title' => '', 't_cache_first_username' => '', 't_cache_first_member_id' => NULL, 't_cache_last_post_id' => NULL, 't_cache_last_time' => NULL, 't_cache_last_title' => '', 't_cache_last_username' => '', 't_cache_last_member_id' => NULL, 't_cache_num_posts' => 0, 't_pt_from_category' => '', 't_pt_to_category' => '');
    if (!is_null($id)) {
        $map['id'] = $id;
    }
    return $GLOBALS['FORUM_DB']->query_insert('f_topics', $map, true);
}
Esempio n. 12
0
/**
 * Delete a forum poll.
 *
 * @param  AUTO_LINK The ID of the poll we're deleting.
 * @param  LONG_TEXT The reason for deleting the poll.
 * @return AUTO_LINK The ID of the topic the poll is on.
 */
function ocf_delete_poll($poll_id, $reason)
{
    require_code('ocf_polls');
    $topic_info = $GLOBALS['FORUM_DB']->query_select('f_topics', array('*'), array('t_poll_id' => $poll_id), '', 1);
    if (!ocf_may_delete_poll_by($topic_info[0]['t_forum_id'], $topic_info[0]['t_cache_first_member_id'])) {
        access_denied('I_ERROR');
    }
    $topic_id = $topic_info[0]['id'];
    $name = $GLOBALS['FORUM_DB']->query_value('f_polls', 'po_question', array('id' => $poll_id));
    $GLOBALS['FORUM_DB']->query_delete('f_polls', array('id' => $poll_id), '', 1);
    $GLOBALS['FORUM_DB']->query_delete('f_poll_answers', array('pa_poll_id' => $poll_id));
    $GLOBALS['FORUM_DB']->query_delete('f_poll_votes', array('pv_poll_id' => $poll_id));
    $GLOBALS['FORUM_DB']->query_update('f_topics', array('t_poll_id' => NULL), array('t_poll_id' => $poll_id), '', 1);
    require_code('ocf_general_action2');
    ocf_mod_log_it('DELETE_TOPIC_POLL', strval($poll_id), $name, $reason);
    return $topic_id;
}
Esempio n. 13
0
 /**
  * Standard modular run function.
  *
  * @return tempcode	The result of execution.
  */
 function run()
 {
     require_lang('ecommerce');
     require_code('ecommerce');
     require_css('ecommerce');
     // Kill switch
     if (ecommerce_test_mode() && !$GLOBALS['IS_ACTUALLY_ADMIN'] && !has_specific_permission(get_member(), 'access_ecommerce_in_test_mode')) {
         warn_exit(do_lang_tempcode('PURCHASE_DISABLED'));
     }
     if (is_guest()) {
         access_denied('NOT_AS_GUEST');
     }
     $type = get_param('type', 'misc');
     if ($type == 'misc') {
         return $this->my();
     }
     if ($type == 'pay') {
         return $this->pay();
     }
     return new ocp_tempcode();
 }
Esempio n. 14
0
 /**
  * Standard aed_module run_start.
  *
  * @param  ID_TEXT		The type of module execution
  * @return tempcode		The output of the run
  */
 function run_start($type)
 {
     $GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/news';
     $GLOBALS['HELPER_PANEL_TUTORIAL'] = 'tut_news';
     $this->posting_form_title = do_lang_tempcode('BLOG_NEWS_ARTICLE');
     if (is_guest()) {
         access_denied('NOT_AS_GUEST');
     }
     require_css('news');
     require_lang('news');
     // Decide what to do
     if ($type == 'misc') {
         return $this->misc();
     }
     if ($type == 'import_wordpress') {
         return $this->import_wordpress();
     }
     if ($type == '_import_wordpress') {
         return $this->_import_wordpress();
     }
     return new ocp_tempcode();
 }
Esempio n. 15
0
 /**
  * Standard aed_module run_start.
  *
  * @param  ID_TEXT		The type of module execution
  * @return tempcode		The output of the run
  */
 function run_start($type)
 {
     require_lang('ocf_warnings');
     if (get_forum_type() != 'ocf') {
         warn_exit(do_lang_tempcode('NO_OCF'));
     } else {
         ocf_require_all_forum_stuff();
     }
     require_code('ocf_moderation_action');
     require_code('ocf_moderation_action2');
     if (!ocf_may_warn_members()) {
         access_denied('SPECIFIC_PERMISSION', 'warn_members');
     }
     if ($type == 'history') {
         return $this->history();
     }
     if ($type == 'undo_charge') {
         return $this->undo_charge();
     }
     if ($type == 'undo_probation') {
         return $this->undo_probation();
     }
     if ($type == 'undo_banned_ip') {
         return $this->undo_banned_ip();
     }
     if ($type == 'undo_banned_member') {
         return $this->undo_banned_member();
     }
     if ($type == 'undo_silence_from_topic') {
         return $this->undo_silence_from_topic();
     }
     if ($type == 'undo_silence_from_forum') {
         return $this->undo_silence_from_forum();
     }
     return new ocp_tempcode();
 }
Esempio n. 16
0
/**
 * Move some topics.
 *
 * @param  AUTO_LINK		The forum the topics are currently in.
 * @param  AUTO_LINK		The forum the topics are being moved to.
 * @param  ?array 		A list of the topic IDs to move (NULL: move all topics from source forum).
 */
function ocf_move_topics($from, $to, $topics = NULL)
{
    if ($from == $to) {
        return;
    }
    // That would be nuts, and interfere with our logic
    require_code('notifications');
    require_code('ocf_topics');
    require_code('ocf_forums_action2');
    $forum_name = ocf_ensure_forum_exists($to);
    if (!ocf_may_moderate_forum($from)) {
        access_denied('I_ERROR');
    }
    $topic_count = 0;
    if (is_null($topics)) {
        if (is_null($from)) {
            access_denied('I_ERROR');
        }
        $all_topics = $GLOBALS['FORUM_DB']->query_select('f_topics', array('id', 't_cache_num_posts', 't_validated'), array('t_forum_id' => $from));
        $or_list = '';
        $post_count = 0;
        $topics = array();
        foreach ($all_topics as $topic_info) {
            $topics[] = $topic_info['id'];
            if ($or_list != '') {
                $or_list .= ' OR ';
            }
            $or_list .= 'id=' . strval((int) $topic_info['id']);
            $post_count += $topic_info['t_cache_num_posts'];
            if ($topic_info['t_validated'] == 1) {
                $topic_count++;
            }
        }
        $GLOBALS['FORUM_DB']->query_update('f_topics', array('t_forum_id' => $to), array('t_forum_id' => $from));
        // Update forum IDs' for posts
        $GLOBALS['FORUM_DB']->query_update('f_posts', array('p_cache_forum_id' => $to), array('p_cache_forum_id' => $from));
        $or_list_2 = str_replace('id', 'p_topic_id', $or_list);
        if ($or_list_2 == '') {
            return;
        }
    } elseif (count($topics) == 1) {
        $topic_info = $GLOBALS['FORUM_DB']->query_select('f_topics', array('t_forum_id', 't_pt_from', 't_pt_to', 't_cache_first_title', 't_cache_num_posts', 't_validated'), array('id' => $topics[0]));
        if (!array_key_exists(0, $topic_info)) {
            warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
        }
        if ($topic_info[0]['t_forum_id'] != $from || $topic_info[0]['t_pt_from'] != get_member() && $topic_info[0]['t_pt_to'] != get_member() && !ocf_has_special_pt_access($topics[0]) && !has_specific_permission(get_member(), 'view_other_pt') && is_null($topic_info[0]['t_forum_id'])) {
            access_denied('I_ERROR');
        }
        if ($topic_info[0]['t_validated'] == 1) {
            $topic_count++;
        }
        $topic_title = $topic_info[0]['t_cache_first_title'];
        $post_count = $topic_info[0]['t_cache_num_posts'];
        $GLOBALS['FORUM_DB']->query_update('f_topics', array('t_pt_from' => NULL, 't_pt_to' => NULL, 't_forum_id' => $to), array('t_forum_id' => $from, 'id' => $topics[0]), '', 1);
        // Extra where constraint for added security
        log_it('MOVE_TOPICS', $topic_title, strval($topics[0]));
        $or_list = 'id=' . strval($topics[0]);
        $or_list_2 = 'p_topic_id=' . strval($topics[0]);
        // Update forum IDs' for posts
        $GLOBALS['FORUM_DB']->query_update('f_posts', array('p_cache_forum_id' => $to), array('p_topic_id' => $topics[0]));
    } else {
        if (count($topics) == 0) {
            return;
        }
        // Nuts, lol
        $or_list = '';
        foreach ($topics as $topic_id) {
            if ($or_list != '') {
                $or_list .= ' OR ';
            }
            $or_list .= 'id=' . strval((int) $topic_id);
            if (is_null($from)) {
                $topic_info = $GLOBALS['FORUM_DB']->query_select('f_topics', array('t_forum_id', 't_pt_from', 't_pt_to'), array('id' => $topic_id));
                if (array_key_exists(0, $topic_info)) {
                    if ($topic_info[0]['t_validated'] == 1) {
                        $topic_count++;
                    }
                    if ($topic_info[0]['t_forum_id'] != $from || $topic_info[0]['t_pt_from'] != get_member() && $topic_info[0]['t_pt_to'] != get_member() && !ocf_has_special_pt_access($topic_id) && !has_specific_permission(get_member(), 'view_other_pt')) {
                        access_denied('I_ERROR');
                    }
                }
            } else {
                $topic_count++;
                // Might not be validated, which means technically we shouldn't do this, but it's low chance, low impact, and the indicator is only a cache thing anyway
            }
        }
        $GLOBALS['FORUM_DB']->query('UPDATE ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_topics SET t_forum_id=' . strval((int) $to) . ',t_pt_from=NULL,t_pt_to=NULL WHERE t_forum_id' . (is_null($from) ? ' IS NULL' : '=' . strval((int) $from)) . ' AND (' . $or_list . ')');
        log_it('MOVE_TOPICS', do_lang('MULTIPLE'));
        $post_count = $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT SUM(t_cache_num_posts) FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_topics WHERE ' . $or_list);
        // Update forum IDs' for posts
        $or_list_2 = str_replace('id', 'p_topic_id', $or_list);
        $GLOBALS['FORUM_DB']->query('UPDATE ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_posts SET p_cache_forum_id=' . strval((int) $to) . ' WHERE ' . $or_list_2);
    }
    require_code('ocf_posts_action2');
    // Update source forum cache view
    if (!is_null($from)) {
        ocf_force_update_forum_cacheing($from, -$topic_count, -$post_count);
    }
    // Update dest forum cache view
    ocf_force_update_forum_cacheing($to, $topic_count, $post_count);
    if (!is_null($from)) {
        // Update member post counts if we've switched between post-count countable forums
        $post_count_info = $GLOBALS['FORUM_DB']->query('SELECT id,f_post_count_increment FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_forums WHERE id=' . strval((int) $from) . ' OR id=' . strval((int) $to), 2);
        if ($post_count_info[0]['id'] == $from) {
            $from_cnt = $post_count_info[0]['f_post_count_increment'];
            $to_cnt = $post_count_info[1]['f_post_count_increment'];
        } else {
            $from_cnt = $post_count_info[1]['f_post_count_increment'];
            $to_cnt = $post_count_info[0]['f_post_count_increment'];
        }
        require_code('ocf_posts_action');
        if ($from_cnt != $to_cnt) {
            $sql = 'SELECT p_poster FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_posts WHERE (' . $or_list_2 . ')';
            if (addon_installed('unvalidated')) {
                $sql .= ' AND p_validated=1';
            }
            $_member_post_counts = collapse_1d_complexity('p_poster', $GLOBALS['FORUM_DB']->query($sql));
            $member_post_counts = array_count_values($_member_post_counts);
            foreach ($member_post_counts as $member_id => $member_post_count) {
                if ($to == 0) {
                    $member_post_count = -$member_post_count;
                }
                ocf_force_update_member_post_count($member_id, $member_post_count);
            }
        }
    }
    require_code('ocf_posts_action');
    if (!is_null($from)) {
        ocf_decache_ocp_blocks($from);
    } else {
        decache('side_ocf_personal_topics');
        decache('_new_pp');
    }
    ocf_decache_ocp_blocks($to, $forum_name);
    if (function_exists('set_time_limit')) {
        @set_time_limit(0);
    }
    $start = 0;
    do {
        $topics2 = $GLOBALS['FORUM_DB']->query('SELECT id,t_cache_first_title,t_cache_last_time FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_topics WHERE ' . $or_list, 100, $start);
        require_code('urls2');
        foreach ($topics2 as $_topic) {
            if ($_topic['t_cache_last_time'] < time() - 60 * 60 * 24 * 14) {
                continue;
            }
            $topic_id = $_topic['id'];
            $topic_title = $_topic['t_cache_first_title'];
            suggest_new_idmoniker_for('topicview', 'misc', strval($topic_id), $topic_title);
            // Now lets inform people tracking the topic that it has moved
            $subject = do_lang('TOPIC_MOVE_MAIL_SUBJECT', get_site_name(), $topic_title);
            $mail = do_lang('TOPIC_MOVE_MAIL', comcode_escape(get_site_name()), comcode_escape($topic_title), array(comcode_escape($forum_name)));
            dispatch_notification('ocf_topic', strval($topic_id), $subject, $mail);
        }
    } while (count($topics2) == 100);
}
Esempio n. 17
0
 /**
  * Standard modular render function for profile tabs edit hooks.
  *
  * @param  MEMBER			The ID of the member who is being viewed
  * @param  MEMBER			The ID of the member who is doing the viewing
  * @param  boolean		Whether to leave the tab contents NULL, if tis hook supports it, so that AJAX can load it later
  * @return ?array			A tuple: The tab title, the tab body text (may be blank), the tab fields, extra Javascript (may be blank) the suggested tab order, hidden fields (optional) (NULL: if $leave_to_ajax_if_possible was set)
  */
 function render_tab($member_id_of, $member_id_viewing, $leave_to_ajax_if_possible = false)
 {
     $title = do_lang_tempcode('AVATAR');
     $order = 20;
     // Actualiser
     if (post_param_integer('submitting_avatar_tab', 0) == 1) {
         require_code('uploads');
         if (has_specific_permission($member_id_viewing, 'own_avatars')) {
             if (!(is_swf_upload(true) && array_key_exists('avatar_file', $_FILES) || array_key_exists('avatar_file', $_FILES) && is_uploaded_file($_FILES['avatar_file']['tmp_name']))) {
                 $urls = array();
                 $stock = post_param('avatar_alt_url', '');
                 if ($stock == '') {
                     $stock = post_param('avatar_stock', NULL);
                     if (!is_null($stock)) {
                         $urls[0] = $stock == '' ? '' : find_theme_image($stock, false, true);
                     } else {
                         $urls[0] = '';
                     }
                     // None
                 } else {
                     if (url_is_local($stock) && !$GLOBALS['FORUM_DRIVER']->is_super_admin($member_id_viewing)) {
                         $old = $GLOBALS['FORUM_DB']->query_value('f_members', 'm_avatar_url', array('id' => $member_id_of));
                         if ($old != $stock) {
                             access_denied('ASSOCIATE_EXISTING_FILE');
                         }
                     }
                     $urls[0] = $stock;
                     // URL
                 }
             } else {
                 // We have chosen an upload. Note that we will not be looking at alt_url at this point, even though it is specified below for canonical reasons
                 $urls = get_url('avatar_alt_url', 'avatar_file', file_exists(get_custom_file_base() . '/uploads/avatars') ? 'uploads/avatars' : 'uploads/ocf_avatars', 0, OCP_UPLOAD_IMAGE, false, '', '', false, true);
                 if ((get_base_url() != get_forum_base_url() || array_key_exists('on_msn', $GLOBALS['SITE_INFO']) && $GLOBALS['SITE_INFO']['on_msn'] == '1') && $urls[0] != '' && url_is_local($urls[0])) {
                     $urls[0] = get_custom_base_url() . '/' . $urls[0];
                 }
             }
             $avatar_url = $urls[0];
         } else {
             $stock = post_param('avatar_stock');
             $avatar_url = $stock == '' ? '' : find_theme_image($stock, false, true);
         }
         require_code('ocf_members_action');
         require_code('ocf_members_action2');
         ocf_member_choose_avatar($avatar_url, $member_id_of);
         attach_message(do_lang_tempcode('SUCCESS_SAVE'), 'inform');
     }
     if ($leave_to_ajax_if_possible) {
         return NULL;
     }
     // UI fields
     $avatar_url = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id_of, 'm_avatar_url');
     require_javascript('javascript_multi');
     $fields = new ocp_tempcode();
     require_code('form_templates');
     require_code('themes2');
     $ids = get_all_image_ids_type('ocf_default_avatars', true);
     $found_it = false;
     foreach ($ids as $id) {
         $pos = strpos($avatar_url, '/' . $id);
         $selected = $pos !== false;
         if ($selected) {
             $found_it = true;
         }
     }
     $hidden = new ocp_tempcode();
     if (has_specific_permission($member_id_viewing, 'own_avatars')) {
         $javascript = 'standardAlternateFields(\'avatar_file\',\'avatar_alt_url\',\'avatar_stock*\',true);';
         $fields->attach(form_input_upload(do_lang_tempcode('UPLOAD'), do_lang_tempcode('DESCRIPTION_UPLOAD'), 'avatar_file', false, NULL, NULL, true, str_replace(' ', '', get_option('valid_images'))));
         handle_max_file_size($hidden, 'image');
         $fields->attach(form_input_line(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('URL')), do_lang_tempcode('DESCRIPTION_ALTERNATE_URL'), 'avatar_alt_url', $found_it ? '' : $avatar_url, false));
         $fields->attach(form_input_picture_choose_specific(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('STOCK')), do_lang_tempcode('DESCRIPTION_ALTERNATE_STOCK'), 'avatar_stock', $ids, $avatar_url, NULL, NULL, true));
     } else {
         $javascript = '';
         $fields->attach(form_input_picture_choose_specific(do_lang_tempcode('STOCK'), '', 'avatar_stock', $ids, $avatar_url, NULL, NULL, true));
     }
     if ($avatar_url != '') {
         if (url_is_local($avatar_url)) {
             $avatar_url = get_complex_base_url($avatar_url) . '/' . $avatar_url;
         }
         $avatar = do_template('OCF_TOPIC_POST_AVATAR', array('_GUID' => '50a5902f3ab7e384d9cf99577b222cc8', 'AVATAR' => $avatar_url));
     } else {
         $avatar = do_lang_tempcode('NONE_EM');
     }
     $width = ocf_get_member_best_group_property($member_id_of, 'max_avatar_width');
     $height = ocf_get_member_best_group_property($member_id_of, 'max_avatar_height');
     $text = do_template('OCF_EDIT_AVATAR_TAB', array('_GUID' => 'dbdac6ca3bc752b54d2a24a4c6e69c7c', 'MEMBER_ID' => strval($member_id_of), 'USERNAME' => $GLOBALS['FORUM_DRIVER']->get_username($member_id_of), 'AVATAR' => $avatar, 'WIDTH' => integer_format($width), 'HEIGHT' => integer_format($height)));
     $hidden = new ocp_tempcode();
     $hidden->attach(form_input_hidden('submitting_avatar_tab', '1'));
     return array($title, $fields, $text, $javascript, $order, $hidden);
 }
Esempio n. 18
0
 /**
  * The actualiser to decline a members joining of a usergroup.
  *
  * @return tempcode		The UI
  */
 function decline()
 {
     $title = get_page_title('DECLINE_FROM_GROUP');
     $id = post_param_integer('id', NULL);
     if (is_null($id)) {
         $id = get_param_integer('id');
         require_code('form_templates');
         $text = paragraph(do_lang_tempcode('OPTIONAL_REASON'));
         $submit_name = do_lang_tempcode('DECLINE_FROM_GROUP');
         $post_url = build_url(array('page' => '_SELF', 'type' => get_param('type')), '_SELF', NULL, true);
         $fields = new ocp_tempcode();
         $hidden = form_input_hidden('id', strval($id));
         $fields->attach(form_input_line(do_lang_tempcode('REASON'), '', 'reason', '', false));
         return do_template('FORM_SCREEN', array('SKIP_VALIDATION' => true, 'HIDDEN' => $hidden, 'TITLE' => $title, 'TEXT' => $text, 'URL' => $post_url, 'FIELDS' => $fields, 'SUBMIT_NAME' => $submit_name));
     }
     if (!ocf_may_control_group($id, get_member())) {
         access_denied('I_ERROR');
     }
     $member_id = get_param_integer('member_id');
     ocf_member_validate_into_group($id, $member_id, true, post_param('reason'));
     $url = build_url(array('page' => '_SELF', 'type' => 'view', 'id' => $id), '_SELF');
     return redirect_screen($title, $url, do_lang_tempcode('SUCCESS'));
 }
Esempio n. 19
0
/**
 * Script handler for downloading a gallery, as specified by GET parameters.
 */
function download_gallery_script()
{
    if (function_exists('set_time_limit')) {
        @set_time_limit(0);
    }
    require_code('galleries');
    // Closed site
    $site_closed = get_option('site_closed');
    if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
        header('Content-Type: text/plain');
        @exit(get_option('closed'));
    }
    require_lang('galleries');
    require_code('zip');
    $cat = get_param('cat');
    if (!has_category_access(get_member(), 'galleries', $cat)) {
        access_denied('CATEGORY_ACCESS');
    }
    check_specific_permission('may_download_gallery', array('galleries', $cat));
    if (strpos($cat, chr(10)) !== false || strpos($cat, chr(13)) !== false) {
        log_hack_attack_and_exit('HEADER_SPLIT_HACK');
    }
    $gallery_rows = $GLOBALS['SITE_DB']->query_select('galleries', array('*'), array('name' => $cat), '', 1);
    if (!array_key_exists(0, $gallery_rows)) {
        warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
    }
    $gallery_row = $gallery_rows[0];
    // Send header
    header('Content-Type: application/octet-stream' . '; authoritative=true;');
    if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
        header('Content-Disposition: filename="gallery-' . $cat . '.zip"');
    } else {
        header('Content-Disposition: attachment; filename="gallery-' . $cat . '.zip"');
    }
    disable_php_memory_limit();
    $rows = array_merge($GLOBALS['SITE_DB']->query_select('videos', array('url', 'add_date'), array('cat' => $cat, 'validated' => 1)), $GLOBALS['SITE_DB']->query_select('images', array('url', 'add_date'), array('cat' => $cat, 'validated' => 1)));
    $array = array();
    foreach ($rows as $row) {
        $full_path = NULL;
        $data = NULL;
        if (url_is_local($row['url']) && file_exists(get_file_base() . '/' . urldecode($row['url']))) {
            $path = urldecode($row['url']);
            $full_path = get_file_base() . '/' . $path;
            if (file_exists($full_path)) {
                $time = filemtime($full_path);
                $name = $path;
            } else {
                continue;
            }
        } else {
            continue;
            // Actually we won't include them, if they are not local it implies it is not reasonable for them to lead to server load, and they may not even be native files
            $time = $row['add_date'];
            $name = basename(urldecode($row['url']));
            $data = http_download_file($row['url']);
        }
        $array[] = array('name' => preg_replace('#^uploads/galleries/#', '', $name), 'time' => $time, 'data' => $data, 'full_path' => $full_path);
    }
    if ($gallery_row['rep_image'] != '') {
        if (url_is_local($gallery_row['rep_image']) && file_exists(get_file_base() . '/' . urldecode($gallery_row['rep_image']))) {
            $path = urldecode($gallery_row['rep_image']);
            $full_path = get_file_base() . '/' . $path;
            if (file_exists($full_path)) {
                $time = filemtime($full_path);
                $name = $path;
                $data = file_get_contents($full_path);
            }
        } else {
            $time = $gallery_row['add_date'];
            $name = basename(urldecode($gallery_row['rep_image']));
            $data = http_download_file($gallery_row['rep_image']);
        }
        $array[] = array('name' => preg_replace('#^uploads/(galleries|grepimages)/#', '', $name), 'time' => $time, 'data' => $data);
    }
    @ini_set('zlib.output_compression', 'Off');
    //$zip_file=create_zip_file($array);
    //header('Content-Length: '.strval(strlen($zip_file)));
    //echo $zip_file;
    create_zip_file($array, true);
}
Esempio n. 20
0
/**
 * Make sure that the user can reopen the specified bug.
 * Calls access_denied if user has no access to terminate script
 * @see access_can_reopen_bug
 * @param BugData $p_bug Bug to check access against
 * @param int|null $p_user_id integer representing user id, defaults to null to use current user
 * @access public
 */
function access_ensure_can_reopen_bug($p_bug, $p_user_id = null)
{
    if (!access_can_reopen_bug($p_bug, $p_user_id)) {
        access_denied();
    }
}
Esempio n. 21
0
/**
 * Retrieve user id of current user
 * @return int user id
 * @access public
 */
function auth_get_current_user_id()
{
    global $g_cache_current_user_id;
    if (null !== $g_cache_current_user_id) {
        return $g_cache_current_user_id;
    }
    $t_cookie_string = auth_get_current_user_cookie();
    if ($t_result = user_search_cache('cookie_string', $t_cookie_string)) {
        $t_user_id = (int) $t_result['id'];
        $g_cache_current_user_id = $t_user_id;
        return $t_user_id;
    }
    $t_user_table = db_get_table('user');
    /** @todo error with an error saying they aren't logged in? Or redirect to the login page maybe? */
    $query = "SELECT id\n\t\t\t\t  FROM {$t_user_table}\n\t\t\t\t  WHERE cookie_string=" . db_param();
    $result = db_query_bound($query, array($t_cookie_string));
    # The cookie was invalid. Clear the cookie (to allow people to log in again)
    # and give them an Access Denied message.
    if (db_num_rows($result) < 1) {
        auth_clear_cookies();
        access_denied();
        exit;
    }
    $t_user_id = (int) db_result($result);
    $g_cache_current_user_id = $t_user_id;
    return $t_user_id;
}
Esempio n. 22
0
 /**
  * Actualiser to edit a test section.
  *
  * @return tempcode	The result of execution.
  */
 function __ed()
 {
     check_specific_permission('edit_own_tests');
     $id = get_param_integer('id');
     $rows = $GLOBALS['SITE_DB']->query_select('test_sections', array('*'), array('id' => $id), '', 1);
     if (!array_key_exists(0, $rows)) {
         warn_exit('MISSING_RESOURCE');
     }
     $section = $rows[0];
     if (!(has_specific_permission(get_member(), 'edit_own_tests') && ($section['s_assigned_to'] == get_member() || $GLOBALS['FORUM_DRIVER']->is_staff(get_member())))) {
         access_denied('ACCESS_DENIED');
     }
     if (post_param_integer('delete', 0) == 1) {
         $title = get_page_title('DELETE_TEST_SECTION');
         $GLOBALS['SITE_DB']->query_delete('test_sections', array('id' => $id), '', 1);
         $GLOBALS['SITE_DB']->query_delete('tests', array('t_section' => $id));
         return inform_screen($title, do_lang_tempcode('SUCCESS'));
     } else {
         $title = get_page_title('EDIT_TEST_SECTION');
         // New tests
         $this->_add_new_tests($id);
         $assigned_to = post_param_integer('assigned_to');
         if ($assigned_to == -1) {
             $assigned_to = NULL;
         }
         $GLOBALS['SITE_DB']->query_update('test_sections', array('s_section' => post_param('section'), 's_notes' => post_param('notes'), 's_inheritable' => post_param_integer('inheritable', 0), 's_assigned_to' => $assigned_to), array('id' => get_param_integer('id')), '', 1);
         // Tests that are edited/deleted (or possibly unchanged, but we count that as edited)
         foreach (array_keys($_POST) as $key) {
             $matches = array();
             if (preg_match('#edit_(\\d+)_test#', $key, $matches) != 0) {
                 $tid = $matches[1];
                 $delete = post_param_integer('edit_' . $tid . '_delete', 0);
                 if ($delete == 1) {
                     $GLOBALS['SITE_DB']->query_delete('tests', array('id' => $tid), '', 1);
                 } else {
                     $assigned_to = post_param_integer('edit_' . $tid . '_assigned_to');
                     if ($assigned_to == -1) {
                         $assigned_to = NULL;
                     }
                     $inherit_section = post_param_integer('edit_' . $tid . '_inherit_section');
                     if ($inherit_section == -1) {
                         $inherit_section = NULL;
                     }
                     $GLOBALS['SITE_DB']->query_update('tests', array('t_test' => post_param('edit_' . $tid . '_test'), 't_assigned_to' => $assigned_to, 't_enabled' => post_param_integer('edit_' . $tid . '_enabled', 0), 't_inherit_section' => $inherit_section), array('id' => $tid), '', 1);
                 }
             }
         }
         // Show it worked / Refresh
         $url = build_url(array('page' => '_SELF', 'type' => 'go'), '_SELF');
         return redirect_screen($title, $url, do_lang_tempcode('SUCCESS'));
     }
 }
Esempio n. 23
0
 /**
  * Standard modular UI to edit an entry.
  *
  * @return tempcode	The UI
  */
 function _ed()
 {
     $doing = 'EDIT_' . $this->lang_type;
     if ($this->catalogue && get_param('catalogue_name', '') != '') {
         $catalogue_title = get_translated_text($GLOBALS['SITE_DB']->query_value('catalogues', 'c_title', array('c_name' => get_param('catalogue_name'))));
         if ($this->type_code == 'd') {
             $doing = do_lang('CATALOGUE_GENERIC_EDIT', escape_html($catalogue_title));
         } elseif ($this->type_code == 'c') {
             $doing = do_lang('CATALOGUE_GENERIC_EDIT_CATEGORY', escape_html($catalogue_title));
         }
     }
     $title = get_page_title($doing);
     //$submit_name=(strpos($doing,' ')!==false)?protect_from_escaping($doing):do_lang($doing);
     //if (!is_null($this->edit_submit_name)) $submit_name=$this->edit_submit_name;
     $submit_name = do_lang_tempcode('SAVE');
     //$test=$this->choose_catalogue($title);
     //if (!is_null($test)) return $test;
     $id = mixed();
     // Define type as mixed
     $id = $this->non_integer_id ? get_param('id', false, true) : strval(get_param_integer('id'));
     $map = array('page' => '_SELF', 'type' => '__e' . $this->type_code, 'id' => $id);
     if (get_param('catalogue_name', '') != '') {
         $map['catalogue_name'] = get_param('catalogue_name');
     }
     if (!is_null(get_param('redirect', NULL))) {
         $map['redirect'] = get_param('redirect');
     }
     if (!is_null(get_param('continue', NULL))) {
         $map['continue'] = get_param('continue');
     }
     if (!is_null($this->upload) || $this->possibly_some_kind_of_upload) {
         $map['uploading'] = 1;
     }
     $post_url = build_url($map, '_SELF');
     if (multi_lang() && has_actual_page_access(get_member(), 'admin_lang') && user_lang() != get_site_default_lang()) {
         require_code('lang2');
         $switch_url = get_self_url(false, false, array('keep_lang' => get_site_default_lang()));
         attach_message(do_lang_tempcode('lang:EDITING_CONTENT_IN_LANGUAGE_STAFF', escape_html(lookup_language_full_name(user_lang())), escape_html(lookup_language_full_name(get_site_default_lang())), escape_html($switch_url->evaluate())), 'warn');
     }
     if (method_exists($this, 'get_submitter')) {
         list($submitter, $date_and_time) = $this->get_submitter($id);
     } else {
         $submitter = NULL;
         $date_and_time = NULL;
     }
     if (!is_null($this->permissions_require)) {
         check_edit_permission($this->permissions_require, $submitter, array($this->permissions_cat_require, is_null($this->permissions_cat_name) ? NULL : $this->get_cat($id), $this->permissions_cat_require_b, is_null($this->permissions_cat_name_b) ? NULL : $this->get_cat_b($id)), $this->permission_page_name);
     }
     if (!is_null($this->permissions_cat_require) && !has_category_access(get_member(), $this->permissions_cat_require, $this->get_cat($id))) {
         access_denied('CATEGORY_ACCESS');
     }
     if (!is_null($this->permissions_cat_require_b) && !has_category_access(get_member(), $this->permissions_cat_require_b, $this->get_cat_b($id))) {
         access_denied('CATEGORY_ACCESS');
     }
     $bits = $this->fill_in_edit_form($id);
     $delete_fields = new ocp_tempcode();
     $all_delete_fields_given = false;
     $fields2 = new ocp_tempcode();
     if (is_array($bits)) {
         $fields = $bits[0];
         $hidden = $bits[1];
         if (array_key_exists(2, $bits) && !is_null($bits[2])) {
             $delete_fields = $bits[2];
         }
         if (array_key_exists(3, $bits) && !is_null($bits[3])) {
             $this->edit_text = $bits[3];
         }
         if (array_key_exists(4, $bits) && $bits[4]) {
             $all_delete_fields_given = true;
         }
         if (array_key_exists(5, $bits) && !is_null($bits[5])) {
             $this->posting_form_text = $bits[5];
         }
         if (array_key_exists(6, $bits) && !is_null($bits[6])) {
             $fields2 = $bits[6];
         }
         if (array_key_exists(7, $bits)) {
             $this->posting_form_text_parsed = $bits[7];
         }
     } else {
         $fields = $bits;
         $hidden = new ocp_tempcode();
     }
     // Add in custom fields
     if ($this->has_tied_catalogue()) {
         require_code('fields');
         $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => do_lang_tempcode('MORE'))));
         append_form_custom_fields($this->award_type, $id, $fields, $hidden);
     }
     // SEO?
     if (!is_null($this->seo_type)) {
         require_code('seo2');
         $fields2->attach(seo_get_fields($this->seo_type, $id));
     }
     // Awards?
     if (addon_installed('awards')) {
         if (!is_null($this->award_type)) {
             require_code('awards');
             $fields2->attach(get_award_fields($this->award_type, $id));
         }
     }
     // Action fields / deletion options
     $delete_permission = true;
     if (!is_null($this->permissions_require)) {
         $delete_permission = has_delete_permission($this->permissions_require, get_member(), $submitter, is_null($this->permission_page_name) ? get_page_name() : $this->permission_page_name, array($this->permissions_cat_require, is_null($this->permissions_cat_name) ? NULL : $this->get_cat($id), $this->permissions_cat_require_b, is_null($this->permissions_cat_name_b) ? NULL : $this->get_cat_b($id)));
     }
     $may_delete = (!method_exists($this, 'may_delete_this') || $this->may_delete_this($id)) && (!is_numeric($id) || intval($id) >= db_get_first_id() + $this->protect_first) && $delete_permission;
     // Deletion options
     $action_fields = new ocp_tempcode();
     if ($may_delete) {
         if (!$all_delete_fields_given) {
             $action_fields->attach(form_input_tick(do_lang_tempcode('DELETE'), do_lang_tempcode('DESCRIPTION_DELETE'), 'delete', false));
         }
         if (addon_installed('points') && !is_null($submitter) && !is_null($date_and_time)) {
             $points_test = $GLOBALS['SITE_DB']->query_value_null_ok('gifts', 'id', array('date_and_time' => $date_and_time, 'gift_to' => $submitter, 'gift_from' => $GLOBALS['FORUM_DRIVER']->get_guest_id()));
             if (!is_null($points_test)) {
                 require_lang('points');
                 $action_fields->attach(form_input_tick(do_lang_tempcode('REVERSE_TITLE'), do_lang_tempcode('REVERSE_TITLE_DESCRIPTION'), 'reverse_point_transaction', false));
             }
         }
         $action_fields->attach($delete_fields);
     }
     if (!$this->appended_actions_already && !$action_fields->is_empty()) {
         $fields2->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => do_lang_tempcode('ACTIONS'))));
     }
     $fields2->attach($action_fields);
     if (!is_object($this->edit_text)) {
         $this->edit_text = make_string_tempcode(is_null($this->edit_text) ? '' : $this->edit_text);
     }
     if (!is_null($this->upload)) {
         if ($this->upload == 'image') {
             require_code('images');
             $max = floatval(get_max_image_size()) / floatval(1024 * 1024);
             if ($max < 3.0) {
                 require_code('files2');
                 $config_url = get_upload_limit_config_url();
                 $this->edit_text->attach(paragraph(do_lang_tempcode(is_null($config_url) ? 'MAXIMUM_UPLOAD' : 'MAXIMUM_UPLOAD_STAFF', escape_html($max > 10.0 ? integer_format(intval($max)) : float_format($max)), escape_html(is_null($config_url) ? '' : $config_url))));
             }
         } else {
             require_code('files2');
             $max = floatval(get_max_file_size()) / floatval(1024 * 1024);
             if ($max < 30.0) {
                 $config_url = get_upload_limit_config_url();
                 $this->edit_text->attach(paragraph(do_lang_tempcode(is_null($config_url) ? 'MAXIMUM_UPLOAD' : 'MAXIMUM_UPLOAD_STAFF', escape_html($max > 10.0 ? integer_format(intval($max)) : float_format($max)), escape_html(is_null($config_url) ? '' : $config_url))));
             }
         }
     }
     if (get_param('type', '_ed') == '_edit_catalogue') {
         require_javascript('javascript_catalogues');
         // Existing fields
         $field_count = 0;
         $c_name = get_param('id', false, true);
         $rows = $GLOBALS['SITE_DB']->query_select('catalogue_fields', array('*'), array('c_name' => $c_name), 'ORDER BY cf_order');
         $fields_existing = new ocp_tempcode();
         foreach ($rows as $i => $myrow) {
             $name = get_translated_text($myrow['cf_name']);
             $description = get_translated_text($myrow['cf_description']);
             $prefix = 'existing_field_' . strval($myrow['id']) . '_';
             list($_fields_existing, $_fields_hidden) = $this->get_field_fields($i == 0 && substr($c_name, 0, 1) != '_', count($rows) + 10, $prefix, $field_count, $name, $description, $myrow['cf_type'], $myrow['cf_defines_order'], $myrow['cf_visible'], $myrow['cf_searchable'], $myrow['cf_default'], $myrow['cf_required'], $myrow['cf_put_in_category'], $myrow['cf_put_in_search']);
             if (!is_ecommerce_catalogue($c_name) || $i > 9) {
                 $_fields_existing->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => do_lang_tempcode('ACTIONS'))));
                 $_fields_existing->attach(form_input_tick(do_lang_tempcode('DELETE'), do_lang_tempcode('DESCRIPTION_DELETE'), $prefix . 'delete', false));
             }
             $temp = do_template('FORM_FIELD_SET_GROUPER', array('_GUID' => '1492d973db45cbecff892ad4ac1af28f' . get_class($this), 'NAME' => $name, 'ID' => 'FIELD_' . strval($i + 1), 'FIELDS' => $_fields_existing->evaluate()));
             $fields_existing->attach($temp);
             $hidden->attach($_fields_hidden);
             $field_count++;
         }
         // New field
         $fields_new = new ocp_tempcode();
         for ($i = 0; $i < 5; $i++) {
             list($_fields_new, $_fields_hidden) = $this->get_field_fields(false, count($rows) + 10, 'new_field_' . strval($i) . '_', $field_count);
             $temp = do_template('FORM_FIELD_SET_GROUPER', array('_GUID' => '8b9a632eafae003ccc6b007eefb0ce3d' . get_class($this), 'NAME' => do_lang_tempcode('NEW_FIELD', strval($i + 1)), 'ID' => 'NEW_FIELD_' . strval($i + 1), 'FIELDS' => $_fields_new->evaluate()));
             $fields_new->attach($temp);
             $hidden->attach($_fields_hidden);
             $field_count++;
         }
         $fields->attach($fields2);
         return do_template('CATALOGUE_EDITING_SCREEN', array('_GUID' => '584d7dc7c2c13939626102374f13f508' . get_class($this), 'HIDDEN' => $hidden, 'TITLE' => $title, 'TEXT' => $this->add_text, 'URL' => $post_url, 'FIELDS' => $fields->evaluate(), 'FIELDS_EXISTING' => $fields_existing->evaluate(), 'FIELDS_NEW' => $fields_new->evaluate(), 'SUBMIT_NAME' => $submit_name, 'JAVASCRIPT' => $this->javascript));
     }
     list($warning_details, $ping_url) = handle_conflict_resolution();
     if (!is_null($this->posting_form_title)) {
         $posting_form = get_posting_form($submit_name, $this->posting_form_text, $post_url, $hidden, $fields, $this->posting_form_title, '', $fields2, $this->posting_form_text_parsed, $this->javascript, NULL, $this->posting_field_required);
         return do_template('POSTING_SCREEN', array('_GUID' => '841b9af3aa80bcab86b907e4b942786a' . get_class($this), 'PREVIEW' => $this->do_preview, 'TITLE' => $title, 'SEPARATE_PREVIEW' => $this->second_stage_preview, 'PING_URL' => $ping_url, 'WARNING_DETAILS' => $warning_details, 'TEXT' => $this->add_text, 'POSTING_FORM' => $posting_form->evaluate(), 'JAVASCRIPT' => $this->javascript));
     } else {
         $fields->attach($fields2);
         return do_template('FORM_SCREEN', array('_GUID' => '2d70be34595a16c6f170d966b894bfe2' . get_class($this), 'PREVIEW' => $this->do_preview, 'SEPARATE_PREVIEW' => $this->second_stage_preview, 'TITLE' => $title, 'SKIP_VALIDATION' => $this->skip_validation, 'PING_URL' => $ping_url, 'WARNING_DETAILS' => $warning_details, 'HIDDEN' => $hidden, 'TEXT' => $this->edit_text, 'URL' => $post_url, 'FIELDS' => $fields->evaluate(), 'SUBMIT_NAME' => $submit_name, 'JAVASCRIPT' => $this->javascript));
     }
 }
Esempio n. 24
0
function news_ensure_enabled()
{
    if (!news_is_enabled()) {
        access_denied();
    }
}
Esempio n. 25
0
/**
 * Abord script if user has no access to a particular ACCESS_*
 *
 * @return int $access_type one of ACCESS_* constants
 * @param string $user_status used if $user not initialized
 */
function check_status($access_type, $user_status = '')
{
    if (!is_autorize_status($access_type, $user_status)) {
        access_denied();
    }
}
Esempio n. 26
0
function kplaylist_filelist($pwd, $d, $n3)
{
    global $runinit, $mark, $marksid, $setctl, $bd, $cfg, $valuser;
    $kpdir = new kpdir();
    $kpdir->setpwd(base64_decode($pwd));
    $kpdir->setdrive($d);
    if (strlen($n3) > 0) {
        $ln = explode('_', $n3);
        if (count($ln) == 2) {
            $kpdir->finddest($ln[0], $ln[1]);
        }
    }
    if (frm_isset('mark') && !frm_empty('mark')) {
        $mark = explode(' ', strtoupper(trim(frm_get('mark'))));
    } else {
        $mark = array();
    }
    if (frm_ok('marksid', 1)) {
        $marksid = frm_get('marksid', 1);
    }
    $kpd = new kpdesign();
    $kpd->top();
    $list = true;
    if ($valuser->isadmin()) {
        if ($bd->getcnt() == 1 && $bd->getpath(0) == '/path/to/my/music/archive/') {
            $list = false;
            eval(gethtml('welcome'));
        }
        if ($setctl->get('basedir_changed') && $bd->getpath(0) != '/path/to/my/music/archive/') {
            $setctl->set('basedir_changed', 0);
            if ($setctl->get('base_dir') != $setctl->get('oldbase_dir')) {
                $setctl->set('oldbase_dir', $setctl->get('base_dir'));
                $list = false;
                eval(gethtml('basedirchange'));
            }
        } else {
            if ($setctl->get('reupdate')) {
                $setctl->set('reupdate', 0);
                $list = false;
                eval(gethtml('needupdate'));
            }
        }
    }
    $dcnt = $fcnt = 0;
    if ($list) {
        $kpdir = new kpdir();
        $kpdir->setdrive($d);
        $kpdir->setpwd($runinit['pdir']);
        if (!$kpdir->determine()) {
            access_denied();
        }
        showdir($kpdir->pwd, '', $d);
        echo '<table width="100%" border="0" cellspacing="0" cellpadding="0">';
        if ($cfg['mergerootdir']) {
            $kpdir->merge();
        }
        $kpdir->dsort();
        $dcnt = $kpdir->show();
        $fcnt = $kpdir->showfiles($dcnt);
        if ($fcnt == 0 && $dcnt == 0) {
            echo '<tr><td class="file">' . get_lang(156) . '</td></tr>';
        }
        echo '</table>';
    }
    endmp3table(1, $dcnt, $fcnt);
    $kpd->bottom();
}
Esempio n. 27
0
/**
 * Shows an HTML page of all attachments we can access with selection buttons.
 */
function attachment_popup_script()
{
    require_lang('comcode');
    require_javascript('javascript_editing');
    $connection = get_page_name() == 'topics' ? $GLOBALS['FORUM_DB'] : $GLOBALS['SITE_DB'];
    $members = array();
    if (!is_guest()) {
        $members[get_member()] = $GLOBALS['FORUM_DRIVER']->get_username(get_member());
    }
    if (has_specific_permission(get_member(), 'reuse_others_attachments')) {
        $_members = $connection->query_select('attachments', array('DISTINCT a_member_id'));
        foreach ($_members as $_member) {
            $members[$_member['a_member_id']] = $GLOBALS['FORUM_DRIVER']->get_username($_member['a_member_id']);
        }
    }
    asort($members);
    $member_now = post_param_integer('member_id', get_member());
    if (!array_key_exists($member_now, $members)) {
        access_denied('REUSE_ATTACHMENT');
    }
    $list = new ocp_tempcode();
    foreach ($members as $member_id => $username) {
        $list->attach(form_input_list_entry(strval($member_id), $member_id == $member_now, $username));
    }
    $field_name = get_param('field_name', 'post');
    $keep = symbol_tempcode('KEEP', array(0, 1));
    $post_url = find_script('attachment_popup') . '?field_name=' . $field_name . $keep->evaluate();
    if (get_param('utheme', '') != '') {
        $post_url .= '&utheme=' . get_param('utheme');
    }
    $rows = $connection->query_select('attachments', array('*'), array('a_member_id' => $member_now));
    $content = new ocp_tempcode();
    foreach ($rows as $myrow) {
        $myrow['description'] = $myrow['a_description'];
        $tpl = render_attachment('attachment', array(), $myrow, uniqid('', true), get_member(), false, $connection, NULL, get_member());
        $content->attach(do_template('ATTACHMENTS_BROWSER_ATTACHMENT', array('_GUID' => '64356d30905c99325231d3bbee92128c', 'FIELD_NAME' => $field_name, 'TPL' => $tpl, 'DESCRIPTION' => $myrow['a_description'], 'DELETE_URL' => $post_url, 'ID' => strval($myrow['id']))));
    }
    $content = do_template('ATTACHMENTS_BROWSER', array('_GUID' => '7773aad46fb0bfe563a142030beb1a36', 'LIST' => $list, 'CONTENT' => $content, 'URL' => $post_url));
    global $EXTRA_HEAD;
    if (!isset($EXTRA_HEAD)) {
        $EXTRA_HEAD = new ocp_tempcode();
    }
    $EXTRA_HEAD->attach('<meta name="robots" content="noindex" />');
    // XHTMLXHTML
    $echo = do_template('POPUP_HTML_WRAP', array('TITLE' => do_lang_tempcode('ATTACHMENT_POPUP'), 'CONTENT' => $content));
    $echo->evaluate_echo();
}
Esempio n. 28
0
function graph_edit()
{
    global $colors, $struct_graph, $image_types, $consolidation_functions, $graph_item_types, $struct_graph_item;
    /* ================= input validation ================= */
    input_validate_input_number(get_request_var("id"));
    /* ==================================================== */
    /* modify for multi user start */
    if ($_SESSION["permission"] < ACCESS_ADMINISTRATOR) {
        // graph add
        if ($_GET["id"] == "") {
            if ($_GET["host_id"] != -1) {
                input_validate_input_number(get_request_var("host_id"));
                if (!check_host($_GET["host_id"])) {
                    access_denied();
                }
            }
            // graph edit
        } else {
            $permission = check_graph($_GET["id"]);
            if ($permission != GRAPH_PRIVATE && $permission != GRAPH_PRIVATE + GRAPH_PUBLIC) {
                access_denied();
            }
        }
    }
    /* modify for multi user end */
    $use_graph_template = true;
    if (!empty($_GET["id"])) {
        $local_graph_template_graph_id = db_fetch_cell("select local_graph_template_graph_id from graph_templates_graph where local_graph_id=" . $_GET["id"]);
        $graphs = db_fetch_row("select * from graph_templates_graph where local_graph_id=" . $_GET["id"]);
        $graphs_template = db_fetch_row("select * from graph_templates_graph where id={$local_graph_template_graph_id}");
        $host_id = db_fetch_cell("select host_id from graph_local where id=" . $_GET["id"]);
        $header_label = "[edit: " . htmlspecialchars(get_graph_title($_GET["id"])) . "]";
        if ($graphs["graph_template_id"] == "0") {
            $use_graph_template = false;
        }
    } else {
        $header_label = "[new]";
        $use_graph_template = false;
    }
    /* modify for multi user start */
    if ($_SESSION["permission"] < ACCESS_ADMINISTRATOR) {
        unset($_GET["debug"]);
    }
    /* modify for multi user end */
    /* handle debug mode */
    if (isset($_GET["debug"])) {
        if ($_GET["debug"] == "0") {
            kill_session_var("graph_debug_mode");
        } elseif ($_GET["debug"] == "1") {
            $_SESSION["graph_debug_mode"] = true;
        }
    }
    if (!empty($_GET["id"])) {
        ?>
		<table width="100%" align="center">
			<tr>
				<td class="textInfo" colspan="2" valign="top">
					<?php 
        print htmlspecialchars(get_graph_title($_GET["id"]));
        ?>
				</td>
				<td class="textInfo" align="right" valign="top">
                    <?php 
        /* modify for multi user start */
        if ($_SESSION["permission"] == ACCESS_ADMINISTRATOR) {
            ?>
					<span style="color: #c16921;">*<a href='<?php 
            print htmlspecialchars("graphs.php?action=graph_edit&id=" . (isset($_GET["id"]) ? $_GET["id"] : "0") . "&debug=" . (isset($_SESSION["graph_debug_mode"]) ? "0" : "1"));
            ?>
'>Turn <strong><?php 
            print isset($_SESSION["graph_debug_mode"]) ? "Off" : "On";
            ?>
</strong> Graph Debug Mode.</a></span><br>
					<?php 
        }
        if (!empty($graphs["graph_template_id"]) && $_SESSION["permission"] == ACCESS_ADMINISTRATOR) {
            ?>
<span style="color: #c16921;">*<a href='<?php 
            print htmlspecialchars("graph_templates.php?action=template_edit&id=" . (isset($graphs["graph_template_id"]) ? $graphs["graph_template_id"] : "0"));
            ?>
'>Edit Graph Template.</a></span><br><?php 
        }
        /* modify for multi user end */
        if (!empty($_GET["host_id"]) || !empty($host_id)) {
            ?>
<span style="color: #c16921;">*<a href='<?php 
            print htmlspecialchars("host.php?action=edit&id=" . (isset($_GET["host_id"]) ? $_GET["host_id"] : $host_id));
            ?>
'>Edit Host.</a></span><br><?php 
        }
        ?>
				</td>
			</tr>
		</table>
		<br>
		<?php 
    }
    html_start_box("<strong>Graph Template Selection</strong> {$header_label}", "100%", $colors["header"], "3", "center", "");
    $form_array = array("graph_template_id" => array("method" => "drop_sql", "friendly_name" => "Selected Graph Template", "description" => "Choose a graph template to apply to this graph. Please note that graph data may be lost if you change the graph template after one is already applied.", "value" => isset($graphs) ? $graphs["graph_template_id"] : "0", "none_value" => "None", "sql" => "select graph_templates.id,graph_templates.name from graph_templates order by name"), "host_id" => array("method" => "drop_sql", "friendly_name" => "Host", "description" => "Choose the host that this graph belongs to.", "value" => isset($_GET["host_id"]) ? $_GET["host_id"] : $host_id, "none_value" => "None", "sql" => "select id,CONCAT_WS('',description,' (',hostname,')') as name from host order by description,hostname"), "graph_template_graph_id" => array("method" => "hidden", "value" => isset($graphs) ? $graphs["id"] : "0"), "local_graph_id" => array("method" => "hidden", "value" => isset($graphs) ? $graphs["local_graph_id"] : "0"), "local_graph_template_graph_id" => array("method" => "hidden", "value" => isset($graphs) ? $graphs["local_graph_template_graph_id"] : "0"), "_graph_template_id" => array("method" => "hidden", "value" => isset($graphs) ? $graphs["graph_template_id"] : "0"), "_host_id" => array("method" => "hidden", "value" => isset($host_id) ? $host_id : "0"));
    /* modify for multi user start */
    if ($_SESSION["permission"] < ACCESS_ADMINISTRATOR) {
        unset($form_array["graph_template_id"]["none_value"]);
        $form_array["graph_template_id"]["sql"] = "SELECT graph_templates.id,graph_templates.name FROM graph_templates WHERE name NOT LIKE '%@system' ORDER BY name";
        unset($form_array["host_id"]["none_value"]);
        $form_array["host_id"]["sql"] = "\r\n            SELECT host.id,CONCAT_WS('',host.description,' (',host.hostname,')') AS name FROM host \r\n                INNER JOIN user_auth_perms ON host.id = user_auth_perms.item_id AND user_auth_perms.user_id = '" . $_SESSION["sess_user_id"] . "' AND user_auth_perms.type = '3' \r\n            ORDER BY host.description,host.hostname";
    }
    /* modify for multi user end */
    draw_edit_form(array("config" => array(), "fields" => $form_array));
    html_end_box();
    /* only display the "inputs" area if we are using a graph template for this graph */
    if (!empty($graphs["graph_template_id"])) {
        html_start_box("<strong>Supplemental Graph Template Data</strong>", "100%", $colors["header"], "3", "center", "");
        draw_nontemplated_fields_graph($graphs["graph_template_id"], $graphs, "|field|", "<strong>Graph Fields</strong>", true, true, 0);
        draw_nontemplated_fields_graph_item($graphs["graph_template_id"], $_GET["id"], "|field|_|id|", "<strong>Graph Item Fields</strong>", true);
        html_end_box();
    }
    /* graph item list goes here */
    if (!empty($_GET["id"]) && empty($graphs["graph_template_id"])) {
        item();
    }
    if (!empty($_GET["id"])) {
        ?>
		<table width="100%" align="center">
			<tr>
				<td align="center" class="textInfo" colspan="2">
					<img src="<?php 
        print htmlspecialchars("graph_image.php?action=edit&local_graph_id=" . $_GET["id"] . "&rra_id=" . read_graph_config_option("default_rra_id"));
        ?>
" alt="">
				</td>
				<?php 
        if (isset($_SESSION["graph_debug_mode"]) && isset($_GET["id"])) {
            $graph_data_array["output_flag"] = RRDTOOL_OUTPUT_STDERR;
            $graph_data_array["print_source"] = 1;
            ?>
					<td>
						<span class="textInfo">RRDTool Command:</span><br>
						<pre><?php 
            print @rrdtool_function_graph($_GET["id"], 1, $graph_data_array);
            ?>
</pre>
						<span class="textInfo">RRDTool Says:</span><br>
						<?php 
            unset($graph_data_array["print_source"]);
            ?>
						<pre><?php 
            print @rrdtool_function_graph($_GET["id"], 1, $graph_data_array);
            ?>
</pre>
					</td>
					<?php 
        }
        ?>
			</tr>
		</table>
		<br>
		<?php 
    }
    if ((isset($_GET["id"]) || isset($_GET["new"])) && empty($graphs["graph_template_id"])) {
        html_start_box("<strong>Graph Configuration</strong>", "100%", $colors["header"], "3", "center", "");
        $form_array = array();
        while (list($field_name, $field_array) = each($struct_graph)) {
            $form_array += array($field_name => $struct_graph[$field_name]);
            $form_array[$field_name]["value"] = isset($graphs) ? $graphs[$field_name] : "";
            $form_array[$field_name]["form_id"] = isset($graphs) ? $graphs["id"] : "0";
            if (!($use_graph_template == false || $graphs_template["t_" . $field_name] == "on")) {
                $form_array[$field_name]["method"] = "template_" . $form_array[$field_name]["method"];
                $form_array[$field_name]["description"] = "";
            }
        }
        draw_edit_form(array("config" => array("no_form_tag" => true), "fields" => $form_array));
        html_end_box();
    }
    if (isset($_GET["id"]) || isset($_GET["new"])) {
        form_hidden_box("save_component_graph", "1", "");
        form_hidden_box("save_component_input", "1", "");
    } else {
        form_hidden_box("save_component_graph_new", "1", "");
    }
    form_hidden_box("rrdtool_version", read_config_option("rrdtool_version"), "");
    form_save_button("graphs.php");
    //Now we need some javascript to make it dynamic
    ?>
<script language="JavaScript">

dynamic();

function dynamic() {
	//alert("RRDTool Version is '" + document.getElementById('rrdtool_version').value + "'");
	//alert("Log is '" + document.getElementById('auto_scale_log').checked + "'");
	if (document.getElementById('scale_log_units')) {
		document.getElementById('scale_log_units').disabled=true;
		if ((document.getElementById('rrdtool_version').value != 'rrd-1.0.x') &&
			(document.getElementById('auto_scale_log').checked)) {
			document.getElementById('scale_log_units').disabled=false;
		}
	}
}

function changeScaleLog() {
	//alert("Log changed to '" + document.getElementById('auto_scale_log').checked + "'");
	if (document.getElementById('scale_log_units')) {
		document.getElementById('scale_log_units').disabled=true;
		if ((document.getElementById('rrdtool_version').value != 'rrd-1.0.x') &&
			(document.getElementById('auto_scale_log').checked)) {
			document.getElementById('scale_log_units').disabled=false;
		}
	}
}
</script>
<?php 
}
Esempio n. 29
0
<?php

required_params('id');
$pool = Pool::find(Request::$params->id);
if (!$pool->can_be_updated_by(User::$current)) {
    access_denied();
}
if (Request::$post) {
    foreach (Request::$params->pool_post_sequence as $i => $seq) {
        PoolPost::update($i, array('sequence' => $seq));
    }
    $pool->reload();
    $pool->update_pool_links();
    notice("Ordering updated");
    // flash[:notice] = "Ordering updated"
    redirect_to('#show', array('id' => Request::$params->id));
} else {
    $pool_posts = $pool->pool_posts;
}
Esempio n. 30
0
/**
 * check token comming from form posted or get params to prevent csrf attacks.
 * if pwg_token is empty action doesn't require token
 * else pwg_token is compare to server token
 *
 * @return void access denied if token given is not equal to server token
 */
function check_pwg_token()
{
    if (!empty($_REQUEST['pwg_token'])) {
        if (get_pwg_token() != $_REQUEST['pwg_token']) {
            access_denied();
        }
    } else {
        bad_request('missing token');
    }
}