/**
* Process the actual deletes
*
* @param boolean $is_hard_delete
* @param vB_Legacy_User $user
* @param string $reason
* @param boolean $keepattachments
*/
protected function delete_internal($is_hard_delete, $user, $reason, $keepattachments)
{
global $vbulletin;
$thread = $this->get_field('thread');
$forum = $thread->get_field('forum');
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($this->record);
$postman->delete($forum->get_countposts(), $thread->get_field('threadid'), $is_hard_delete, array('userid' => $user->get_field('userid'), 'username' => $user->get_field('username'), 'reason' => $reason, 'keepattachments' => $keepattachments));
unset($postman);
build_thread_counters($threadinfo['threadid']);
if ($forum->get_field('lastthreadid') != $thread->get_field('threadid')) {
$forum->decrement_replycount();
} else {
// this thread is the one being displayed as the thread with the last post...
// need to get the lastpost datestamp and lastposter name from the thread.
build_forum_counters($thread->get_field('forumid'));
}
}
function newPost($newpost, $posterid = '')
{
global $vbulletin;
if ($posterid == '') {
$posterid = $vbulletin->userinfo['userid'];
}
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
//$foruminfo = fetch_foruminfo($newpost['forumid']);
$threadinfo = array();
$postman->set_info('thread', $threadinfo);
$postman->setr('threadid', $newpost['threadid']);
$postman->setr('parentid', $newpost['parentid']);
$postman->setr('userid', $posterid);
$postman->setr('pagetext', $newpost['pagetext']);
$postman->setr('title', $newpost['title']);
$postman->setr('showsignature', $signature);
$postman->set('allowsmilie', $newpost['allowsmilie']);
$postman->set('visible', $newpost['visible']);
$postman->set_info('parseurl', $newpost['parseurl']);
$postid = $postman->save();
build_thread_counters($newpost['threadid']);
//$result = $vbulletin->db->query_read("SELECT `firstpostid` FROM `".TABLE_PREFIX."thread` WHERE `threadid`='{$idpack['threadid']}'");
//$row = $vbulletin->db->fetch_row($result);
//$idpack['postid'] = $row[0];
return $postid;
}
// skip any guest posts
if (!empty($userbyuserid)) {
$userbypostcount = array();
foreach ($userbyuserid as $postuserid => $postcount) {
$alluserids .= ",{$postuserid}";
$userbypostcount["{$postcount}"] .= ",{$postuserid}";
}
foreach ($userbypostcount as $postcount => $userids) {
$casesql .= " WHEN userid IN (0{$userids}) THEN {$postcount}\n";
}
$db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "user\n\t\t\tSET posts = posts +\n\t\t\tCASE\n\t\t\t\t{$casesql}\n\t\t\t\tELSE 0\n\t\t\tEND\n\t\t\tWHERE userid IN (0{$alluserids})\n\t\t");
}
// update counters
if (!empty($updatethread)) {
foreach ($updatethread as $threadid => $null) {
build_thread_counters($threadid);
}
}
if (!empty($updateforum)) {
foreach ($updateforum as $forumid => $null) {
build_forum_counters($forumid);
}
}
define('CP_REDIRECT', 'moderate.php?do=posts');
print_stop_message('moderated_posts_successfully');
}
// ###################### Start attachment moderation #######################
if ($_REQUEST['do'] == 'attachments') {
$sql = fetch_moderator_forum_list_sql('canmoderateattachments');
print_form_header('moderate', 'doattachments');
print_table_header($vbphrase['attachments_awaiting_moderation']);
echo '<p>' . $vbphrase['updating_threads'] . '</p>';
$threads = $db->query_read("
SELECT threadid
FROM " . TABLE_PREFIX . "thread
WHERE threadid >= " . $vbulletin->GPC['startat'] . "
ORDER BY threadid
LIMIT " . $vbulletin->GPC['perpage']
);
$finishat = $vbulletin->GPC['startat'];
while ($thread = $db->fetch_array($threads))
{
build_thread_counters($thread['threadid']);
echo construct_phrase($vbphrase['processing_x'], $thread['threadid'])."<br />\n";
vbflush();
$finishat = ($thread['threadid'] > $finishat ? $thread['threadid'] : $finishat);
}
$finishat++;
if ($checkmore = $db->query_first("SELECT threadid FROM " . TABLE_PREFIX . "thread WHERE threadid >= $finishat LIMIT 1"))
{
print_cp_redirect("misc.php?" . $vbulletin->session->vars['sessionurl'] . "do=updatethread&startat=$finishat&pp=" . $vbulletin->GPC['perpage']);
echo "<p><a href=\"misc.php?" . $vbulletin->session->vars['sessionurl'] . "do=updatethread&startat=$finishat&pp=" . $vbulletin->GPC['perpage'] . "\">" . $vbphrase['click_here_to_continue_processing'] . "</a></p>";
}
else
{
function undelete_post($postid, $countposts, $postinfo = NULL, $threadinfo = NULL, $counterupdate = true)
{
global $vbulletin, $vbphrase;
// Valid postinfo array will contain: postid, threadid, visible, userid, username, title
// Invalid post or post is not deleted
if (!$postinfo AND !$postinfo = fetch_postinfo($postid))
{
return;
}
// Valid threadinfo array will contain: threadid, forumid, visible, firstpostid
if (!$threadinfo AND !$threadinfo = fetch_threadinfo($postinfo['threadid']))
{
return;
}
if ($threadinfo['firstpostid'] == $postid)
{
// undelete thread
undelete_thread($threadinfo['threadid'], $countposts, $threadinfo);
return;
}
// Post is not deleted
if ($postinfo['visible'] != 2)
{
return;
}
// Only increment post for a visible thread in a counting forum
if ($countposts AND $postinfo['userid'] AND $threadinfo['visible'] == 1)
{
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdata->set_existing($postinfo);
$userdata->set('posts', 'posts + 1', false);
$userdata->set_ladder_usertitle_relative(1);
$userdata->save();
unset($userdata);
}
$deletiondata =& datamanager_init('Deletionlog_ThreadPost', $vbulletin, ERRTYPE_SILENT, 'deletionlog');
$deletioninfo = array('type' => 'post', 'primaryid' => $postid);
$deletiondata->set_existing($deletioninfo);
$deletiondata->delete();
unset($deletiondata, $deletioninfo);
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($postinfo);
$postman->set('visible', 1);
$postman->save();
if ($counterupdate)
{
build_thread_counters($postinfo['threadid']);
build_forum_counters($threadinfo['forumid']);
}
fetch_phrase_group('threadmanage');
$postinfo['forumid'] = $threadinfo['forumid'];
require_once(DIR . '/includes/functions_log_error.php');
log_moderator_action($postinfo, 'post_y_by_x_undeleted', array($postinfo['title'], $postinfo['username']));
}
/**
* Performs additional queries or tasks after saving.
*
* @param mixed - The save result
* @param bool $deferred - Save was deferred
* @param bool $replace - Save used REPLACE
* @param bool $ignore - Save used IGNORE if inserting
* @return bool - Whether the save can be considered a success
*/
protected function postSave($result, $deferred, $replace, $ignore)
{
//First let's handle the configuration.
if (isset($this->set_fields['config']))
{
if ($this->isUpdating())
{
$this->assertItem();
$id = $this->item->getNodeId();
}
else
{
if (!$this->primary_id)
{
throw (new vB_Exception_DM('No primary id available for setting the node config in DM \'' . get_class($this) . '\''));
}
$id = $this->primary_id;
}
// delete the old config
vB::$db->query_write(
'DELETE FROM ' . TABLE_PREFIX . 'cms_nodeconfig
WHERE nodeid = ' . $id);
// build the sql
$sql = 'INSERT INTO ' . TABLE_PREFIX . 'cms_nodeconfig (nodeid, name, value, serialized) VALUES ';
$values = array();
// write the new config
foreach ($this->set_fields['config'] AS $cvar => $value)
{
if (is_resource($value))
{
throw (new vB_Exception_DM('Trying to set a resource as a node config value'));
}
if (is_object($value) OR is_array($value))
{
$serialized = true;
$value = serialize($value);
}
else
{
$serialized = false;
}
$values[] = '(' . $id . ', \'' . vB::$db->escape_string($cvar) . '\',\'' . vB::$db->escape_string($value) . '\',\'' . intval($serialized) . '\')';
}
// insert config
vB::$db->insert_multiple($sql, $values, true);
}
//and set permissionsfrom the parent. Let's do this so we fix any close records.
$nodeid = (isset($this->set_fields['nodeid']) ? $this->set_fields['nodeid'] : $this->primary_id);
$parents = array();
if (intval($this->set_fields['permissionsfrom']))
{
$permissionsfrom = $this->set_fields['permissionsfrom'];
}
else
{
//we'll pull from our parent.
$rst = vB::$vbulletin->db->query_read("SELECT parent.nodeid, parent.parentnode,
parent.permissionsfrom, parent.nodeleft, parent.noderight
FROM " . TABLE_PREFIX . "cms_node AS node INNER JOIN " . TABLE_PREFIX .
"cms_node AS parent ON (node.nodeleft >= parent.nodeleft AND node.nodeleft <=parent.noderight)
WHERE node.nodeid = $nodeid
ORDER BY parent.nodeleft DESC");
while($record = vB::$vbulletin->db->fetch_array($rst))
{
$parents[] = $record;
if (intval($record['permissionsfrom']))
{
$permissionsfrom = $record['permissionsfrom'];
if (intval($record['permissionsfrom']) != intval($nodeid))
{
break;
}
}
}
//either we found a parent with a permissionsfrom, or we hit the top- which is
// just as good.
vB::$vbulletin->db->query_write("UPDATE " . TABLE_PREFIX . "cms_node SET permissionsfrom = " .
$permissionsfrom . " WHERE nodeid = $nodeid" ) ;
}
foreach ($parents as $parent)
{
vB::$vbulletin->db->query_write("UPDATE " . TABLE_PREFIX . "cms_node SET permissionsfrom = " .
$permissionsfrom . " WHERE parentnode = " . $parent['nodeid'] .
" AND IFNULL(permissionsfrom, 0) = 0") ;
}
if (isset($this->set_fields['navigation']))
{
$nodeid = intval((isset($this->set_fields['nodeid']) ? $this->set_fields['nodeid'] : $this->item->getNodeId()));
// if there is array for navigation menu, it means we are not inheriting from parent
// so we must add/modify the record in the navigation table for this node
if (is_array($this->set_fields['navigation']))
{
vB::$vbulletin->db->query_write("
REPLACE INTO " . TABLE_PREFIX . "cms_navigation
SET nodeid = $nodeid,
nodelist = '" . implode(',', $this->set_fields['navigation']) . "'
");
}
// if this is not an array, it means the drop-down was selected to inherit from parent
// so delete any record in the navigation table for this node
else
{
vB::$vbulletin->db->query_write("
DELETE FROM " . TABLE_PREFIX . "cms_navigation
WHERE nodeid = $nodeid
");
}
}
if (isset($this->set_fields['setpublish']) OR isset($this->set_fields['navigation']))
{
// clear the navbar cache
vB_Cache::instance()->event(array(vBCms_NavBar::GLOBAL_CACHE_EVENT,
vBCms_NavBar::getCacheEventId($this->item->getNodeId()),
$this->item->getCacheEvents(), $this->item->getContentCacheEvent()));
vB_Cache::instance()->cleanNow();
$nav_node = new vBCms_Item_Content($this->item->getNodeId(), vBCms_Item_Content::INFO_NAVIGATION);
// reload the navbar for the page
vBCms_NavBar::prepareNavBar($nav_node, true);
unset($nav_node);
}
else if ($this->item)
{
vB_Cache::instance()->event(array($this->item->getCacheEvents(),
$this->item->getContentCacheEvent()));
}
//Let's set the thread status, if there is one.
//If we get called from dm/rate.php or somewhere like that, we skip this section
if ($this->isUpdating() AND in_array('comments_enabled', $this->set_fields) AND
isset($this->set_fields['comments_enabled']))
{
$record = vB::$vbulletin->db->query_first("SELECT info.associatedthreadid, thread.forumid FROM " .
TABLE_PREFIX . "cms_nodeinfo AS info INNER JOIN " .
TABLE_PREFIX . "thread AS thread ON thread.threadid = info.associatedthreadid
WHERE info.nodeid = ". $this->item->getNodeId() );
if ($record['associatedthreadid'])
{
require_once DIR . '/includes/functions_databuild.php';
$thread = vB_Legacy_Thread::create_from_id($record['associatedthreadid']);
if ($thread)
{
if (intval($this->set_fields['comments_enabled']))
{
//We need to ensure comments are enabled.
$visible = $thread->get_field('visible');
if ( intval($visible) != 1)
{
undelete_thread($record['associatedthreadid']);
}
//If the title has been updated in the article, update the thread title.
if (($thread->getField('title') != '') AND isset($this->set_fields['title'])
AND ($thread->getField('title') != $this->set_fields['title']))
{
$sql = "UPDATE " . TABLE_PREFIX . "thread SET title = '" .
vB::$db->escape_string($this->set_fields['title']) .
"' WHERE threadid = " . $record['associatedthreadid'];
vB::$db->query_write($sql);
}
}
else
{
//We need to hide the thread.
$thread->soft_delete(new vB_Legacy_CurrentUser(), '', true);
}
}
build_thread_counters($record['associatedthreadid']);
build_forum_counters($record['forumid']);
}
}
parent::postSave($result, $deferred, $replace, $ignore);
//we should never return false if we got here.
$result = (intval($result) ? $result : true);
return $result;
}
// to this thread, you will be subscribed with the default option. (See 3.6 bug 1342.)
$insert_subscriptions = array();
foreach ($unique_thread_user as $threadid => $users) {
foreach ($users as $userid => $subscriptioninfo) {
if ($subscriptioninfo['issubscribed'] and $subscriptioninfo['autosubscribe'] != -1) {
$insert_subscriptions[] = "({$userid}, {$destthreadinfo['threadid']}, {$subscriptioninfo['autosubscribe']}, 0, 1)";
}
}
}
if ($insert_subscriptions) {
$db->query_write("\n\t\t\t\tINSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread\n\t\t\t\t\t(userid, threadid, emailupdate, folderid, canview)\n\t\t\t\tVALUES\n\t\t\t\t\t" . implode(', ', $insert_subscriptions));
}
// need to check permissions on these threads
update_subscriptions(array('threadids' => array($destthreadinfo['threadid'])));
}
build_thread_counters($destthreadinfo['threadid']);
build_forum_counters($destforuminfo['forumid']);
log_moderator_action($destthreadinfo, 'posts_copied_to_x', $destthreadinfo['threadid']);
// empty cookie
setcookie('vbulletin_inlinepost', '', TIMENOW - 3600, '/');
($hook = vBulletinHook::fetch_hook('inlinemod_docopyposts')) ? eval($hook) : false;
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$destthreadinfo['threadid']}";
eval(print_standard_redirect('redirect_inline_copiedposts', true, $forceredirect));
}
$navbits = construct_navbits($navbits);
eval('$navbar = "' . fetch_template('navbar') . '";');
($hook = vBulletinHook::fetch_hook('inlinemod_complete')) ? eval($hook) : false;
$url =& $vbulletin->url;
// spit out the final HTML if we have got this far
eval('$HTML = "' . fetch_template($template) . '";');
eval('print_output("' . fetch_template('THREADADMIN') . '");');
function do_moderation()
{
global $vbulletin, $db, $foruminfo, $forumperms, $threadinfo, $postinfo, $vbphrase, $threadid;
$postlimit = 400;
$threadlimit = 200;
$threadarray = array();
$postarray = array();
$postinfos = array();
$forumlist = array();
$threadlist = array();
switch ($_REQUEST['do']) {
case 'openclosethread':
case 'dodeletethread':
case 'domovethread':
case 'updatethread':
case 'domergethread':
case 'stick':
case 'removeredirect':
case 'deletethread':
case 'deleteposts':
case 'movethread':
case 'copythread':
case 'editthread':
case 'mergethread':
case 'moderatethread':
if (!$threadinfo['threadid']) {
standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink']));
}
}
if ($_REQUEST['do'] == 'getforums') {
$forums = array();
get_forums(-1, $forums);
return array('forums' => $forums);
}
if ($threadinfo['forumid']) {
$forumperms = fetch_permissions($threadinfo['forumid']);
if ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) {
json_error(ERR_NO_PERMISSION);
}
}
// Open/Close Thread
if ($_POST['do'] == 'openclosethread') {
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
// permission check
if (!can_moderate($threadinfo['forumid'], 'canopenclose')) {
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'])) {
json_error(ERR_NO_PERMISSION);
} else {
if (!is_first_poster($threadid)) {
json_error(ERR_NO_PERMISSION);
}
}
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
// handles mod log
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->set('open', $threadman->fetch_field('open') == 1 ? 0 : 1);
($hook = vBulletinHook::fetch_hook('threadmanage_openclose')) ? eval($hook) : false;
$threadman->save();
}
// Stick/Unstick Thread
if ($_POST['do'] == 'stick') {
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
if (!can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
json_error(ERR_NO_PERMISSION);
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
// handles mod log
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->set('sticky', $threadman->fetch_field('sticky') == 1 ? 0 : 1);
($hook = vBulletinHook::fetch_hook('threadmanage_stickunstick')) ? eval($hook) : false;
$threadman->save();
}
// Delete Thread
if ($_POST['do'] == 'dodeletethread') {
$vbulletin->input->clean_array_gpc('p', array('deletetype' => TYPE_UINT, 'deletereason' => TYPE_STR, 'keepattachments' => TYPE_BOOL));
$vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']);
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'canremoveposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
$physicaldel = false;
if (!can_moderate($threadinfo['forumid'], 'candeleteposts') and !can_moderate($threadinfo['forumid'], 'canremoveposts')) {
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['candeletepost']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['candeletethread'])) {
json_error(ERR_NO_PERMISSION);
} else {
if ($threadinfo['dateline'] < TIMENOW - $vbulletin->options['edittimelimit'] * 60 and $vbulletin->options['edittimelimit'] != 0) {
json_error(ERR_NO_PERMISSION);
} else {
if (!$threadinfo['open']) {
json_error(ERR_NO_PERMISSION);
}
if (!is_first_poster($threadinfo['threadid'])) {
json_error(ERR_NO_PERMISSION);
}
}
}
} else {
if (!can_moderate($threadinfo['forumid'], 'canremoveposts')) {
$physicaldel = false;
} else {
if (!can_moderate($threadinfo['forumid'], 'candeleteposts')) {
$physicaldel = true;
} else {
$physicaldel = iif($vbulletin->GPC['deletetype'] == 1, false, true);
}
}
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
$delinfo = array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments']);
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_existing($threadinfo);
$threadman->delete($foruminfo['countposts'], $physicaldel, $delinfo);
unset($threadman);
build_forum_counters($threadinfo['forumid']);
}
// Delete Posts
if ($_POST['do'] == 'dodeleteposts') {
$vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR));
$postids = explode(',', $vbulletin->GPC['postids']);
foreach ($postids as $index => $postid) {
if (intval($postid) == 0) {
unset($postids["{$index}"]);
} else {
$postids["{$index}"] = intval($postid);
}
}
if (empty($postids)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
if (count($postids) > 400) {
standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit));
}
$vbulletin->input->clean_array_gpc('p', array('deletetype' => TYPE_UINT, 'keepattachments' => TYPE_BOOL, 'deletereason' => TYPE_STR));
$vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']);
$physicaldel = iif($vbulletin->GPC['deletetype'] == 1, false, true);
// Validate posts
$posts = $db->query_read_slave("\n\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title, post.userid AS posteruserid,\n\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\tORDER BY postid\n\t");
$deletethreads = array();
$firstpost = array();
while ($post = $db->fetch_array($posts)) {
$forumperms = fetch_permissions($post['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
} else {
if (!can_moderate($post['forumid'], 'canremoveposts') and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
}
if (!can_moderate($post['forumid'], 'canremoveposts') and $physicaldel) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
} else {
if (!physicaldel and (!can_moderate($post['forumid'], 'candeleteposts') and ($post['posteruserid'] != $vbulletin->userinfo['userid'] or !($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['candeletepost'])))) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
$postarray["{$post['postid']}"] = $post;
$threadlist["{$post['threadid']}"] = true;
$forumlist["{$post['forumid']}"] = true;
if ($post['firstpostid'] == $post['postid']) {
// deleting a thread so do not decremement the counters of any other posts in this thread
$firstpost["{$post['threadid']}"] = true;
} else {
if (!empty($firstpost["{$post['threadid']}"])) {
$postarray["{$post['postid']}"]['skippostcount'] = true;
}
}
}
if (empty($postarray)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
$firstpost = false;
$gotothread = true;
foreach ($postarray as $postid => $post) {
$foruminfo = fetch_foruminfo($post['forumid']);
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($post);
$postman->delete($foruminfo['countposts'] and !$post['skippostcount'], $post['threadid'], $physicaldel, array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments']));
unset($postman);
}
foreach (array_keys($threadlist) as $threadid) {
build_thread_counters($threadid);
}
foreach (array_keys($forumlist) as $forumid) {
build_forum_counters($forumid);
}
($hook = vBulletinHook::fetch_hook('inlinemod_dodeleteposts')) ? eval($hook) : false;
}
// Move Thread
if ($_POST['do'] == 'domovethread') {
$vbulletin->input->clean_array_gpc('p', array('destforumid' => TYPE_UINT, 'redirect' => TYPE_STR, 'title' => TYPE_NOHTML, 'redirectprefixid' => TYPE_NOHTML, 'redirecttitle' => TYPE_NOHTML, 'period' => TYPE_UINT, 'frame' => TYPE_STR));
$vbulletin->GPC['title'] = prepare_remote_utf8_string($vbulletin->GPC['title']);
$vbulletin->GPC['redirecttitle'] = prepare_remote_utf8_string($vbulletin->GPC['redirecttitle']);
$vbulletin->GPC['redirectprefixid'] = prepare_remote_utf8_string($vbulletin->GPC['redirectprefixid']);
if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) {
if (can_moderate($threadinfo['forumid'])) {
json_error(ERR_NO_PERMISSION);
} else {
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
}
// check whether dest can contain posts
$destforumid = verify_id('forum', $vbulletin->GPC['destforumid']);
$destforuminfo = fetch_foruminfo($destforumid);
if (!$destforuminfo['cancontainthreads'] or $destforuminfo['link']) {
standard_error(fetch_error('moveillegalforum'));
}
if ($threadinfo['isdeleted'] and !can_moderate($destforuminfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($destforuminfo['forumid'], 'canmoderateposts')) {
## Insert proper phrase about not being able to move a hidden thread to a forum you can't moderateposts in or a deleted thread to a forum you can't deletethreads in
standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']));
}
// check source forum permissions
if (!can_moderate($threadinfo['forumid'], 'canmanagethreads')) {
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canmove'])) {
json_error(ERR_NO_PERMISSION);
} else {
if (!$threadinfo['open'] and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'])) {
json_error(ERR_NO_PERMISSION);
}
if (!is_first_poster($threadid)) {
json_error(ERR_NO_PERMISSION);
}
}
}
// check destination forum permissions
$destforumperms = fetch_permissions($destforuminfo['forumid']);
if (!($destforumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
json_error(ERR_NO_PERMISSION);
}
// check if there is a forum password and if so, ensure the user has it set
verify_forum_password($foruminfo['forumid'], $foruminfo['password']);
verify_forum_password($destforuminfo['forumid'], $destforuminfo['password']);
// check to see if this thread is being returned to a forum it's already been in
// if a redirect exists already in the destination forum, remove it
if ($checkprevious = $db->query_first_slave("SELECT threadid FROM " . TABLE_PREFIX . "thread WHERE forumid = {$destforuminfo['forumid']} AND open = 10 AND pollid = {$threadid}")) {
$old_redirect =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
$old_redirect->set_existing($checkprevious);
$old_redirect->delete(false, true, NULL, false);
unset($old_redirect);
}
// check to see if this thread is being moved to the same forum it's already in but allow copying to the same forum
if ($destforuminfo['forumid'] == $threadinfo['forumid'] and $vbulletin->GPC['redirect']) {
standard_error(fetch_error('movesameforum'));
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_start')) ? eval($hook) : false;
if ($vbulletin->GPC['title'] != '' and $vbulletin->GPC['title'] != $threadinfo['title']) {
$oldtitle = $threadinfo['title'];
$threadinfo['title'] = unhtmlspecialchars($vbulletin->GPC['title']);
$updatetitle = true;
} else {
$oldtitle = $threadinfo['title'];
$updatetitle = false;
}
if ($vbulletin->GPC['redirect'] == 'none') {
$method = 'move';
} else {
$method = 'movered';
}
switch ($method) {
// ***************************************************************
// move the thread wholesale into the destination forum
case 'move':
// update forumid/notes and unstick to prevent abuse
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_info('skip_moderator_log', true);
$threadman->set_existing($threadinfo);
if ($updatetitle) {
$threadman->set('title', $threadinfo['title']);
if ($vbulletin->options['similarthreadsearch']) {
require_once DIR . '/includes/functions_search.php';
$threadman->set('similar', fetch_similar_threads(fetch_censored_text($vbulletin->GPC['title']), $threadinfo['threadid']));
}
} else {
// Bypass check since title wasn't modified
$threadman->set('title', $threadinfo['title'], true, false);
}
$threadman->set('forumid', $destforuminfo['forumid']);
// If mod can not manage threads in destination forum then unstick thread
if (!can_moderate($destforuminfo['forumid'], 'canmanagethreads')) {
$threadman->set('sticky', 0);
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_simple')) ? eval($hook) : false;
$threadman->save();
log_moderator_action($threadinfo, 'thread_moved_to_x', $destforuminfo['title']);
break;
// ***************************************************************
// ***************************************************************
// move the thread into the destination forum and leave a redirect
// ***************************************************************
// ***************************************************************
// move the thread into the destination forum and leave a redirect
case 'movered':
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost');
$threadman->set_info('skip_moderator_log', true);
$threadman->set_existing($threadinfo);
if ($updatetitle) {
$threadman->set('title', $threadinfo['title']);
if ($vbulletin->options['similarthreadsearch']) {
require_once DIR . '/includes/functions_search.php';
$threadman->set('similar', fetch_similar_threads(fetch_censored_text($vbulletin->GPC['title']), $threadinfo['threadid']));
}
} else {
// Bypass check since title wasn't modified
$threadman->set('title', $threadinfo['title'], true, false);
}
$threadman->set('forumid', $destforuminfo['forumid']);
// If mod can not manage threads in destination forum then unstick thread
if (!can_moderate($destforuminfo['forumid'], 'canmanagethreads')) {
$threadman->set('sticky', 0);
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_redirect_orig')) ? eval($hook) : false;
$threadman->save();
unset($threadman);
if ($threadinfo['visible'] == 1) {
// Insert redirect for visible thread
log_moderator_action($threadinfo, 'thread_moved_with_redirect_to_a', $destforuminfo['title']);
$redirdata = array('lastpost' => intval($threadinfo['lastpost']), 'forumid' => intval($threadinfo['forumid']), 'pollid' => intval($threadinfo['threadid']), 'open' => 10, 'replycount' => intval($threadinfo['replycount']), 'postusername' => $threadinfo['postusername'], 'postuserid' => intval($threadinfo['postuserid']), 'lastposter' => $threadinfo['lastposter'], 'dateline' => intval($threadinfo['dateline']), 'views' => intval($threadinfo['views']), 'iconid' => intval($threadinfo['iconid']), 'visible' => 1);
$redir =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost');
foreach (array_keys($redirdata) as $field) {
// bypassing the verify_* calls; this data should be valid as is
$redir->setr($field, $redirdata["{$field}"], true, false);
}
if ($updatetitle) {
if (empty($vbulletin->GPC['redirecttitle'])) {
$redir->set('title', $threadinfo['title']);
} else {
$redir->set('title', unhtmlspecialchars($vbulletin->GPC['redirecttitle']));
}
} else {
// Bypass check since title wasn't modified
if (empty($vbulletin->GPC['redirecttitle'])) {
$redir->set('title', $threadinfo['title'], true, false);
} else {
$redir->set('title', unhtmlspecialchars($vbulletin->GPC['redirecttitle']));
}
}
require_once DIR . '/includes/functions_prefix.php';
if (can_use_prefix($vbulletin->GPC['redirectprefixid'])) {
$redir->set('prefixid', $vbulletin->GPC['redirectprefixid']);
}
($hook = vBulletinHook::fetch_hook('threadmanage_move_redirect_notice')) ? eval($hook) : false;
if ($redirthreadid = $redir->save() and $vbulletin->GPC['redirect'] == 'expires') {
switch ($vbulletin->GPC['frame']) {
case 'h':
$expires = mktime(date('H') + $vbulletin->GPC['period'], date('i'), date('s'), date('m'), date('d'), date('y'));
break;
case 'd':
$expires = mktime(date('H'), date('i'), date('s'), date('m'), date('d') + $vbulletin->GPC['period'], date('y'));
break;
case 'w':
$expires = $vbulletin->GPC['period'] * 60 * 60 * 24 * 7 + TIMENOW;
break;
case 'y':
$expires = mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y') + $vbulletin->GPC['period']);
break;
case 'm':
default:
$expires = mktime(date('H'), date('i'), date('s'), date('m') + $vbulletin->GPC['period'], date('d'), date('y'));
}
$db->query_write("\n\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "threadredirect\n\t\t\t\t\t\t\t(threadid, expires)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$redirthreadid}, {$expires})\n\t\t\t\t\t");
}
unset($redir);
} else {
// leave no redirect for hidden or deleted threads
log_moderator_action($threadinfo, 'thread_moved_to_x', $destforuminfo['title']);
}
break;
// ***************************************************************
}
// end switch($method)
// kill the cache for the old thread
delete_post_cache_threads(array($threadinfo['threadid']));
// Update Post Count if we move from a counting forum to a non counting or vice-versa..
// Source Dest Visible Thread Hidden Thread
// Yes Yes ~ ~
// Yes No -visible ~
// No Yes +visible ~
// No No ~ ~
if ($threadinfo['visible'] and ($method == 'move' or $method == 'movered') and ($foruminfo['countposts'] and !$destforuminfo['countposts'] or !$foruminfo['countposts'] and $destforuminfo['countposts'])) {
$posts = $db->query_read_slave("\n\t\t\tSELECT userid\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE threadid = {$threadinfo['threadid']}\n\t\t\t\tAND\tuserid > 0\n\t\t\t\tAND visible = 1\n\t\t");
$userbyuserid = array();
while ($post = $db->fetch_array($posts)) {
if (!isset($userbyuserid["{$post['userid']}"])) {
$userbyuserid["{$post['userid']}"] = 1;
} else {
$userbyuserid["{$post['userid']}"]++;
}
}
if (!empty($userbyuserid)) {
$userbypostcount = array();
foreach ($userbyuserid as $postuserid => $postcount) {
$alluserids .= ",{$postuserid}";
$userbypostcount["{$postcount}"] .= ",{$postuserid}";
}
foreach ($userbypostcount as $postcount => $userids) {
$casesql .= " WHEN userid IN (0{$userids}) THEN {$postcount}";
}
$operator = $destforuminfo['countposts'] ? '+' : '-';
$db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "user\n\t\t\t\tSET posts = CAST(posts AS SIGNED) {$operator}\n\t\t\t\t\tCASE\n\t\t\t\t\t\t{$casesql}\n\t\t\t\t\t\tELSE 0\n\t\t\t\t\tEND\n\t\t\t\tWHERE userid IN (0{$alluserids})\n\t\t\t");
}
}
build_forum_counters($threadinfo['forumid']);
if ($threadinfo['forumid'] != $destforuminfo['forumid']) {
build_forum_counters($destforuminfo['forumid']);
}
// Update canview status of thread subscriptions
update_subscriptions(array('threadids' => array($threadid)));
}
// Undelete Posts
if ($_POST['do'] == 'undeleteposts') {
$vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR));
$postids = explode(',', $vbulletin->GPC['postids']);
foreach ($postids as $index => $postid) {
if (intval($postid) == 0) {
unset($postids["{$index}"]);
} else {
$postids["{$index}"] = intval($postid);
}
}
if (empty($postids)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
if (count($postids) > 400) {
standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit));
}
$postids = implode(',', $postids);
// Validate posts
$posts = $db->query_read_slave("\n\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title, post.userid,\n\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible,\n\t\t\tforum.options AS forum_options\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "forum AS forum USING (forumid)\n\t\tWHERE postid IN ({$postids})\n\t\t\tAND (post.visible = 2 OR (post.visible = 1 AND thread.visible = 2 AND post.postid = thread.firstpostid))\n\t\tORDER BY postid\n\t");
$deletethreads = array();
while ($post = $db->fetch_array($posts)) {
$forumperms = fetch_permissions($post['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
$postarray["{$post['postid']}"] = $post;
$threadlist["{$post['threadid']}"] = true;
$forumlist["{$post['forumid']}"] = true;
if ($post['firstpostid'] == $post['postid']) {
// undeleting a thread so need to update the $tinfo for any other posts in this thread
$firstpost["{$post['threadid']}"] = true;
} else {
if (!empty($firstpost["{$post['threadid']}"])) {
$postarray["{$post['postid']}"]['thread_visible'] = 1;
}
}
}
if (is_array($postarray)) {
foreach ($postarray as $postid => $post) {
$tinfo = array('threadid' => $post['threadid'], 'forumid' => $post['forumid'], 'visible' => $post['thread_visible'], 'firstpostid' => $post['firstpostid']);
undelete_post($post['postid'], $post['forum_options'] & $vbulletin->bf_misc_forumoptions['countposts'], $post, $tinfo, false);
}
}
if (is_array($threadlist)) {
foreach (array_keys($threadlist) as $threadid) {
build_thread_counters($threadid);
}
}
if (is_array($forumlist)) {
foreach (array_keys($forumlist) as $forumid) {
build_forum_counters($forumid);
}
}
}
// Delete As Spam
if ($_REQUEST['do'] == 'dodeletespam') {
$vbulletin->input->clean_array_gpc('p', array('type' => TYPE_STR));
if ($vbulletin->GPC['type'] == 'post') {
$vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR));
$postids = explode(',', $vbulletin->GPC['postids']);
foreach ($postids as $index => $postid) {
if (intval($postid) == 0) {
unset($postids["{$index}"]);
} else {
$postids["{$index}"] = intval($postid);
}
}
if (empty($postids)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
if (count($postids) > $postlimit) {
standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit));
}
} else {
$vbulletin->input->clean_array_gpc('p', array('threadid' => TYPE_STR));
$threadids = explode(',', $vbulletin->GPC['threadid']);
foreach ($threadids as $index => $threadid) {
if (intval($threadid) == 0) {
unset($threadids["{$index}"]);
} else {
$threadids["{$index}"] = intval($threadid);
}
}
if (empty($threadids)) {
standard_error(fetch_error('you_did_not_select_any_valid_threads'));
}
if (count($threadids) > $threadlimit) {
standard_error(fetch_error('you_are_limited_to_working_with_x_threads', $threadlimit));
}
}
$vbulletin->input->clean_array_gpc('p', array('banusers' => TYPE_BOOL, 'userids' => TYPE_STR));
$banusers = false;
if ($vbulletin->GPC['banusers']) {
$banusers = true;
}
$vbulletin->GPC['userid'] = split(',', $vbulletin->GPC['userids']);
$vbulletin->GPC_exists['userid'] = true;
$userids = array();
if ($vbulletin->GPC['type'] == 'thread') {
// threads
$threadarray = array();
$threads = $db->query_read_slave("\n\t\t\tSELECT threadid, open, visible, forumid, title, prefixid, postuserid\n\t\t\tFROM " . TABLE_PREFIX . "thread\n\t\t\tWHERE threadid IN (" . implode(',', $threadids) . ")\n\t\t");
while ($thread = $db->fetch_array($threads)) {
$forumperms = fetch_permissions($thread['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $thread['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
$thread['prefix_plain_html'] = $thread['prefixid'] ? htmlspecialchars_uni($vbphrase["prefix_{$thread['prefixid']}_title_plain"]) . ' ' : '';
if ($thread['open'] == 10) {
if (!can_moderate($thread['forumid'], 'canmanagethreads')) {
// No permission to remove redirects.
standard_error(fetch_error('you_do_not_have_permission_to_manage_thread_redirects', $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
} else {
if (!$thread['visible'] and !can_moderate($thread['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if ($thread['visible'] == 2 and !can_moderate($thread['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if (!can_moderate($thread['forumid'], 'canremoveposts')) {
if (!can_moderate($thread['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
} else {
if (!can_moderate($thread['forumid'], 'candeleteposts')) {
if (!can_moderate($thread['forumid'], 'canremoveposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
}
}
}
}
}
$threadarray["{$thread['threadid']}"] = $thread;
$userids["{$thread['postuserid']}"] = true;
}
if (empty($threadarray)) {
standard_error(fetch_error('you_did_not_select_any_valid_threads'));
}
} else {
// posts
// Validate posts
$postarray = array();
$posts = $db->query_read_slave("\n\t\t\tSELECT post.postid, post.threadid, post.visible, post.title, post.userid,\n\t\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.visible AS thread_visible, thread.firstpostid\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\t");
while ($post = $db->fetch_array($posts)) {
$forumperms = fetch_permissions($post['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
} else {
if (!can_moderate($post['forumid'], 'canremoveposts')) {
if (!can_moderate($post['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
} else {
if (!can_moderate($post['forumid'], 'candeleteposts')) {
if (!can_moderate($post['forumid'], 'canremoveposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title']));
}
}
}
}
}
$postarray["{$post['postid']}"] = $post;
$userids["{$post['userid']}"] = true;
}
if (empty($postarray)) {
standard_error(fetch_error('no_applicable_posts_selected'));
}
}
$user_cache = array();
foreach ($vbulletin->GPC['userid'] as $userid) {
// check that userid appears somewhere in either posts / threads, if they don't then you're doing something naughty
if (!isset($userids["{$userid}"])) {
json_error(ERR_NO_PERMISSION);
}
$user_cache["{$userid}"] = fetch_userinfo($userid);
cache_permissions($user_cache["{$userid}"]);
$user_cache["{$userid}"]['joindate_string'] = vbdate($vbulletin->options['dateformat'], $user_cache["{$userid}"]['joindate']);
}
if ($banusers) {
require_once DIR . '/includes/adminfunctions.php';
require_once DIR . '/includes/functions_banning.php';
if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or can_moderate(0, 'canbanusers'))) {
json_error(ERR_NO_PERMISSION);
}
// check that user has permission to ban the person they want to ban
if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
foreach ($user_cache as $userid => $userinfo) {
if (can_moderate(0, '', $userinfo['userid'], $userinfo['usergroupid'] . (trim($userinfo['membergroupids']) ? ",{$userinfo['membergroupids']}" : '')) or $userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or $userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator'] or is_unalterable_user($userinfo['userid'])) {
standard_error(fetch_error('no_permission_ban_non_registered_users'));
}
}
} else {
foreach ($user_cache as $userid => $userinfo) {
if ($userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or is_unalterable_user($userinfo['userid'])) {
standard_error(fetch_error('no_permission_ban_non_registered_users'));
}
}
}
}
$vbulletin->input->clean_array_gpc('p', array('deleteother' => TYPE_BOOL, 'type' => TYPE_STR, 'deletetype' => TYPE_UINT, 'deletereason' => TYPE_STR, 'keepattachments' => TYPE_BOOL));
$vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']);
// Check if we have users to punish
if (!empty($user_cache)) {
if ($banusers) {
$vbulletin->input->clean_array_gpc('p', array('usergroupid' => TYPE_UINT, 'period' => TYPE_STR, 'reason' => TYPE_STR));
$vbulletin->GPC['reason'] = prepare_remote_utf8_string($vbulletin->GPC['reason']);
if (!isset($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]) or $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']) {
standard_error(fetch_error('invalid_usergroup_specified'));
}
// check that the number of days is valid
if ($vbulletin->GPC['period'] != 'PERMANENT' and !preg_match('#^(D|M|Y)_[1-9][0-9]?$#', $vbulletin->GPC['period'])) {
standard_error(fetch_error('invalid_ban_period_specified'));
}
if ($vbulletin->GPC['period'] == 'PERMANENT') {
// make this ban permanent
$liftdate = 0;
} else {
// get the unixtime for when this ban will be lifted
$liftdate = convert_date_to_timestamp($vbulletin->GPC['period']);
}
$user_dms = array();
$current_bans = $db->query_read("\n\t\t\t\t\tSELECT user.userid, userban.liftdate, userban.bandate\n\t\t\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userban AS userban ON(userban.userid = user.userid)\n\t\t\t\t\tWHERE user.userid IN (" . implode(',', array_keys($user_cache)) . ")\n\t\t\t\t");
while ($current_ban = $db->fetch_array($current_bans)) {
$userinfo = $user_cache["{$current_ban['userid']}"];
$userid = $userinfo['userid'];
if ($current_ban['bandate']) {
// they already have a ban, check if the current one is being made permanent, continue if its not
if ($liftdate and $liftdate < $current_ban['liftdate']) {
continue;
}
// there is already a record - just update this record
$db->query_write("\n\t\t\t\t\t\t\tUPDATE " . TABLE_PREFIX . "userban SET\n\t\t\t\t\t\t\tbandate = " . TIMENOW . ",\n\t\t\t\t\t\t\tliftdate = {$liftdate},\n\t\t\t\t\t\t\tadminid = " . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t\treason = '" . $db->escape_string($vbulletin->GPC['reason']) . "'\n\t\t\t\t\t\t\tWHERE userid = {$userinfo['userid']}\n\t\t\t\t\t\t");
} else {
// insert a record into the userban table
/*insert query*/
$db->query_write("\n\t\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "userban\n\t\t\t\t\t\t\t(userid, usergroupid, displaygroupid, customtitle, usertitle, adminid, bandate, liftdate, reason)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$userinfo['userid']}, {$userinfo['usergroupid']}, {$userinfo['displaygroupid']}, {$userinfo['customtitle']}, '" . $db->escape_string($userinfo['usertitle']) . "', " . $vbulletin->userinfo['userid'] . ", " . TIMENOW . ", {$liftdate}, '" . $db->escape_string($vbulletin->GPC['reason']) . "')\n\t\t\t\t\t\t");
}
// update the user record
$user_dms[$userid] =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$user_dms[$userid]->set_existing($userinfo);
$user_dms[$userid]->set('usergroupid', $vbulletin->GPC['usergroupid']);
$user_dms[$userid]->set('displaygroupid', 0);
// update the user's title if they've specified a special user title for the banned group
if ($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle'] != '') {
$user_dms[$userid]->set('usertitle', $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle']);
$user_dms[$userid]->set('customtitle', 0);
}
$user_dms[$userid]->pre_save();
}
foreach ($user_dms as $userdm) {
$userdm->save();
}
}
}
// delete threads that are defined explicitly as spam by being ticked
$physicaldel = $vbulletin->GPC['deletetype'] == 2 ? true : false;
$skipped_user_prune = array();
if ($vbulletin->GPC['deleteother'] and !empty($user_cache) and can_moderate(-1, 'canmassprune')) {
$remove_all_posts = array();
$user_checks = $db->query_read_slave("SELECT COUNT(*) AS total, userid AS userid FROM " . TABLE_PREFIX . "post WHERE userid IN (" . implode(', ', array_keys($user_cache)) . ") GROUP BY userid");
while ($user_check = $db->fetch_array($user_checks)) {
if (intval($user_check['total']) <= 50) {
$remove_all_posts[] = $user_check['userid'];
} else {
$skipped_user_prune[] = $user_check['userid'];
}
}
if (!empty($remove_all_posts)) {
$threads = $db->query_read_slave("SELECT threadid FROM " . TABLE_PREFIX . "thread WHERE postuserid IN (" . implode(', ', $remove_all_posts) . ")");
while ($thread = $db->fetch_array($threads)) {
$threadids[] = $thread['threadid'];
}
// Yes this can pick up firstposts of threads but we check later on when fetching info, so it won't matter if its already deleted
$posts = $db->query_read_slave("SELECT postid FROM " . TABLE_PREFIX . "post WHERE userid IN (" . implode(', ', $remove_all_posts) . ")");
while ($post = $db->fetch_array($posts)) {
$postids[] = $post['postid'];
}
}
}
if (!empty($threadids)) {
// Validate threads
$threads = $db->query_read_slave("\n\t\t\tSELECT threadid, open, visible, forumid, title, postuserid\n\t\t\tFROM " . TABLE_PREFIX . "thread\n\t\t\tWHERE threadid IN (" . implode(',', $threadids) . ")\n\t\t");
while ($thread = $db->fetch_array($threads)) {
$forumperms = fetch_permissions($thread['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $thread['postuserid'] != $vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if ($thread['open'] == 10 and !can_moderate($thread['forumid'], 'canmanagethreads')) {
// No permission to remove redirects.
standard_error(fetch_error('you_do_not_have_permission_to_manage_thread_redirects', $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if (!$thread['visible'] and !can_moderate($thread['forumid'], 'canmoderateposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts'));
} else {
if ($thread['visible'] == 2 and !can_moderate($thread['forumid'], 'candeleteposts')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if ($thread['open'] != 10) {
if (!can_moderate($thread['forumid'], 'canremoveposts') and $physicaldel) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
} else {
if (!can_moderate($thread['forumid'], 'candeleteposts') and !$physicaldel) {
standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title']));
}
}
}
}
}
}
$threadarray["{$thread['threadid']}"] = $thread;
$forumlist["{$thread['forumid']}"] = true;
}
}
$delinfo = array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments']);
foreach ($threadarray as $threadid => $thread) {
$countposts = $vbulletin->forumcache["{$thread['forumid']}"]['options'] & $vbulletin->bf_misc_forumoptions['countposts'];
if (!$physicaldel and $thread['visible'] == 2) {
# Thread is already soft deleted
continue;
}
$threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$threadman->set_existing($thread);
// Redirect
if ($thread['open'] == 10) {
$threadman->delete(false, true, $delinfo);
} else {
$threadman->delete($countposts, $physicaldel, $delinfo);
}
unset($threadman);
}
if (!empty($postids)) {
// Validate Posts
$posts = $db->query_read_slave("\n\t\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title,\n\t\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\t\tORDER BY postid\n\t\t");
while ($post = $db->fetch_array($posts)) {
$postarray["{$post['postid']}"] = $post;
$threadlist["{$post['threadid']}"] = true;
$forumlist["{$post['forumid']}"] = true;
if ($post['firstpostid'] == $post['postid']) {
// deleting a thread so do not decremement the counters of any other posts in this thread
$firstpost["{$post['threadid']}"] = true;
} else {
if (!empty($firstpost["{$post['threadid']}"])) {
$postarray["{$post['postid']}"]['skippostcount'] = true;
}
}
}
}
$gotothread = true;
foreach ($postarray as $postid => $post) {
$foruminfo = fetch_foruminfo($post['forumid']);
$postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost');
$postman->set_existing($post);
$postman->delete($foruminfo['countposts'] and !$post['skippostcount'], $post['threadid'], $physicaldel, $delinfo);
unset($postman);
if ($vbulletin->GPC['threadid'] == $post['threadid'] and $post['postid'] == $post['firstpostid']) {
// we've deleted the thread that we activated this action from so we can only return to the forum
$gotothread = false;
} else {
if ($post['postid'] == $postinfo['postid'] and $physicaldel) {
// we came in via a post, which we have deleted so we have to go back to the thread
$vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . 't=' . $vbulletin->GPC['threadid'];
}
}
}
foreach (array_keys($threadlist) as $threadid) {
build_thread_counters($threadid);
}
foreach (array_keys($forumlist) as $forumid) {
build_forum_counters($forumid);
}
// empty cookie
if ($vbulletin->GPC['type'] == 'thread') {
setcookie('vbulletin_inlinethread', '', TIMENOW - 3600, '/');
} else {
setcookie('vbulletin_inlinepost', '', TIMENOW - 3600, '/');
}
}
return array('success' => true);
}
function PostReply($who, $threadid, $pagetext, $quotepostid = 0)
{
global $db, $vbulletin, $server, $structtypes, $lastpostarray;
$result = RegisterService($who);
if ($result['Code'] != 0) {
$retval['Result'] = $result;
return $retval;
}
$threadinfo = fetch_threadinfo($threadid);
$foruminfo = fetch_foruminfo($threadinfo['forumid'], false);
$postdm = new vB_DataManager_Post($vbulletin, ERRTYPE_STANDARD);
$postdm->set_info('skip_maximagescheck', true);
$postdm->set_info('forum', $foruminfo);
$postdm->set_info('thread', $threadinfo);
$postdm->set('threadid', $threadid);
$postdm->set('userid', $vbulletin->userinfo['userid']);
$postdm->set('allowsmilie', 1);
$postdm->set('visible', 1);
$postdm->set('dateline', TIMENOW);
if ($quotepostid > 0) {
$quote_postids[] = $quotepostid;
$quotetxt = fetch_quotable_posts($quote_postids, $threadinfo['threadid'], $unquoted_post_count, $quoted_post_ids, 'only');
$pagetext = "{$quotetxt}{$pagetext}";
}
$postdm->set('pagetext', "{$pagetext}");
$postdm->pre_save();
$postid = 0;
if (count($postdm->errors) > 0) {
// pre_save failed
return ErrorResult('pre_save_failed_thread_reply');
} else {
$postid = $postdm->save();
require_once './includes/functions_databuild.php';
build_thread_counters($threadinfo['threadid']);
build_forum_counters($foruminfo['forumid']);
correct_forum_counters($threadinfo['threadid'], $foruminfo['forumid']);
mark_thread_read($threadinfo, $foruminfo, $vbulletin->userinfo['userid'], TIMENOW);
}
$retval['PostID'] = $postid;
$result['Code'] = 1;
$result['Text'] = "QuotePostID: {$quotepostid}";
$result['RemoteUser'] = ConsumeArray($vbulletin->userinfo, $structtypes['RemoteUser']);
$retval['Result'] = $result;
return $retval;
}
