/** * Process the actual deletes * * @param boolean $is_hard_delete * @param vB_Legacy_User $user * @param string $reason * @param boolean $keepattachments */ protected function delete_internal($is_hard_delete, $user, $reason, $keepattachments) { global $vbulletin; $thread = $this->get_field('thread'); $forum = $thread->get_field('forum'); $postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost'); $postman->set_existing($this->record); $postman->delete($forum->get_countposts(), $thread->get_field('threadid'), $is_hard_delete, array('userid' => $user->get_field('userid'), 'username' => $user->get_field('username'), 'reason' => $reason, 'keepattachments' => $keepattachments)); unset($postman); build_thread_counters($threadinfo['threadid']); if ($forum->get_field('lastthreadid') != $thread->get_field('threadid')) { $forum->decrement_replycount(); } else { // this thread is the one being displayed as the thread with the last post... // need to get the lastpost datestamp and lastposter name from the thread. build_forum_counters($thread->get_field('forumid')); } }
function newPost($newpost, $posterid = '') { global $vbulletin; if ($posterid == '') { $posterid = $vbulletin->userinfo['userid']; } $postman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); //$foruminfo = fetch_foruminfo($newpost['forumid']); $threadinfo = array(); $postman->set_info('thread', $threadinfo); $postman->setr('threadid', $newpost['threadid']); $postman->setr('parentid', $newpost['parentid']); $postman->setr('userid', $posterid); $postman->setr('pagetext', $newpost['pagetext']); $postman->setr('title', $newpost['title']); $postman->setr('showsignature', $signature); $postman->set('allowsmilie', $newpost['allowsmilie']); $postman->set('visible', $newpost['visible']); $postman->set_info('parseurl', $newpost['parseurl']); $postid = $postman->save(); build_thread_counters($newpost['threadid']); //$result = $vbulletin->db->query_read("SELECT `firstpostid` FROM `".TABLE_PREFIX."thread` WHERE `threadid`='{$idpack['threadid']}'"); //$row = $vbulletin->db->fetch_row($result); //$idpack['postid'] = $row[0]; return $postid; }
// skip any guest posts if (!empty($userbyuserid)) { $userbypostcount = array(); foreach ($userbyuserid as $postuserid => $postcount) { $alluserids .= ",{$postuserid}"; $userbypostcount["{$postcount}"] .= ",{$postuserid}"; } foreach ($userbypostcount as $postcount => $userids) { $casesql .= " WHEN userid IN (0{$userids}) THEN {$postcount}\n"; } $db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "user\n\t\t\tSET posts = posts +\n\t\t\tCASE\n\t\t\t\t{$casesql}\n\t\t\t\tELSE 0\n\t\t\tEND\n\t\t\tWHERE userid IN (0{$alluserids})\n\t\t"); } // update counters if (!empty($updatethread)) { foreach ($updatethread as $threadid => $null) { build_thread_counters($threadid); } } if (!empty($updateforum)) { foreach ($updateforum as $forumid => $null) { build_forum_counters($forumid); } } define('CP_REDIRECT', 'moderate.php?do=posts'); print_stop_message('moderated_posts_successfully'); } // ###################### Start attachment moderation ####################### if ($_REQUEST['do'] == 'attachments') { $sql = fetch_moderator_forum_list_sql('canmoderateattachments'); print_form_header('moderate', 'doattachments'); print_table_header($vbphrase['attachments_awaiting_moderation']);
echo '<p>' . $vbphrase['updating_threads'] . '</p>'; $threads = $db->query_read(" SELECT threadid FROM " . TABLE_PREFIX . "thread WHERE threadid >= " . $vbulletin->GPC['startat'] . " ORDER BY threadid LIMIT " . $vbulletin->GPC['perpage'] ); $finishat = $vbulletin->GPC['startat']; while ($thread = $db->fetch_array($threads)) { build_thread_counters($thread['threadid']); echo construct_phrase($vbphrase['processing_x'], $thread['threadid'])."<br />\n"; vbflush(); $finishat = ($thread['threadid'] > $finishat ? $thread['threadid'] : $finishat); } $finishat++; if ($checkmore = $db->query_first("SELECT threadid FROM " . TABLE_PREFIX . "thread WHERE threadid >= $finishat LIMIT 1")) { print_cp_redirect("misc.php?" . $vbulletin->session->vars['sessionurl'] . "do=updatethread&startat=$finishat&pp=" . $vbulletin->GPC['perpage']); echo "<p><a href=\"misc.php?" . $vbulletin->session->vars['sessionurl'] . "do=updatethread&startat=$finishat&pp=" . $vbulletin->GPC['perpage'] . "\">" . $vbphrase['click_here_to_continue_processing'] . "</a></p>"; } else {
function undelete_post($postid, $countposts, $postinfo = NULL, $threadinfo = NULL, $counterupdate = true) { global $vbulletin, $vbphrase; // Valid postinfo array will contain: postid, threadid, visible, userid, username, title // Invalid post or post is not deleted if (!$postinfo AND !$postinfo = fetch_postinfo($postid)) { return; } // Valid threadinfo array will contain: threadid, forumid, visible, firstpostid if (!$threadinfo AND !$threadinfo = fetch_threadinfo($postinfo['threadid'])) { return; } if ($threadinfo['firstpostid'] == $postid) { // undelete thread undelete_thread($threadinfo['threadid'], $countposts, $threadinfo); return; } // Post is not deleted if ($postinfo['visible'] != 2) { return; } // Only increment post for a visible thread in a counting forum if ($countposts AND $postinfo['userid'] AND $threadinfo['visible'] == 1) { $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT); $userdata->set_existing($postinfo); $userdata->set('posts', 'posts + 1', false); $userdata->set_ladder_usertitle_relative(1); $userdata->save(); unset($userdata); } $deletiondata =& datamanager_init('Deletionlog_ThreadPost', $vbulletin, ERRTYPE_SILENT, 'deletionlog'); $deletioninfo = array('type' => 'post', 'primaryid' => $postid); $deletiondata->set_existing($deletioninfo); $deletiondata->delete(); unset($deletiondata, $deletioninfo); $postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost'); $postman->set_existing($postinfo); $postman->set('visible', 1); $postman->save(); if ($counterupdate) { build_thread_counters($postinfo['threadid']); build_forum_counters($threadinfo['forumid']); } fetch_phrase_group('threadmanage'); $postinfo['forumid'] = $threadinfo['forumid']; require_once(DIR . '/includes/functions_log_error.php'); log_moderator_action($postinfo, 'post_y_by_x_undeleted', array($postinfo['title'], $postinfo['username'])); }
/** * Performs additional queries or tasks after saving. * * @param mixed - The save result * @param bool $deferred - Save was deferred * @param bool $replace - Save used REPLACE * @param bool $ignore - Save used IGNORE if inserting * @return bool - Whether the save can be considered a success */ protected function postSave($result, $deferred, $replace, $ignore) { //First let's handle the configuration. if (isset($this->set_fields['config'])) { if ($this->isUpdating()) { $this->assertItem(); $id = $this->item->getNodeId(); } else { if (!$this->primary_id) { throw (new vB_Exception_DM('No primary id available for setting the node config in DM \'' . get_class($this) . '\'')); } $id = $this->primary_id; } // delete the old config vB::$db->query_write( 'DELETE FROM ' . TABLE_PREFIX . 'cms_nodeconfig WHERE nodeid = ' . $id); // build the sql $sql = 'INSERT INTO ' . TABLE_PREFIX . 'cms_nodeconfig (nodeid, name, value, serialized) VALUES '; $values = array(); // write the new config foreach ($this->set_fields['config'] AS $cvar => $value) { if (is_resource($value)) { throw (new vB_Exception_DM('Trying to set a resource as a node config value')); } if (is_object($value) OR is_array($value)) { $serialized = true; $value = serialize($value); } else { $serialized = false; } $values[] = '(' . $id . ', \'' . vB::$db->escape_string($cvar) . '\',\'' . vB::$db->escape_string($value) . '\',\'' . intval($serialized) . '\')'; } // insert config vB::$db->insert_multiple($sql, $values, true); } //and set permissionsfrom the parent. Let's do this so we fix any close records. $nodeid = (isset($this->set_fields['nodeid']) ? $this->set_fields['nodeid'] : $this->primary_id); $parents = array(); if (intval($this->set_fields['permissionsfrom'])) { $permissionsfrom = $this->set_fields['permissionsfrom']; } else { //we'll pull from our parent. $rst = vB::$vbulletin->db->query_read("SELECT parent.nodeid, parent.parentnode, parent.permissionsfrom, parent.nodeleft, parent.noderight FROM " . TABLE_PREFIX . "cms_node AS node INNER JOIN " . TABLE_PREFIX . "cms_node AS parent ON (node.nodeleft >= parent.nodeleft AND node.nodeleft <=parent.noderight) WHERE node.nodeid = $nodeid ORDER BY parent.nodeleft DESC"); while($record = vB::$vbulletin->db->fetch_array($rst)) { $parents[] = $record; if (intval($record['permissionsfrom'])) { $permissionsfrom = $record['permissionsfrom']; if (intval($record['permissionsfrom']) != intval($nodeid)) { break; } } } //either we found a parent with a permissionsfrom, or we hit the top- which is // just as good. vB::$vbulletin->db->query_write("UPDATE " . TABLE_PREFIX . "cms_node SET permissionsfrom = " . $permissionsfrom . " WHERE nodeid = $nodeid" ) ; } foreach ($parents as $parent) { vB::$vbulletin->db->query_write("UPDATE " . TABLE_PREFIX . "cms_node SET permissionsfrom = " . $permissionsfrom . " WHERE parentnode = " . $parent['nodeid'] . " AND IFNULL(permissionsfrom, 0) = 0") ; } if (isset($this->set_fields['navigation'])) { $nodeid = intval((isset($this->set_fields['nodeid']) ? $this->set_fields['nodeid'] : $this->item->getNodeId())); // if there is array for navigation menu, it means we are not inheriting from parent // so we must add/modify the record in the navigation table for this node if (is_array($this->set_fields['navigation'])) { vB::$vbulletin->db->query_write(" REPLACE INTO " . TABLE_PREFIX . "cms_navigation SET nodeid = $nodeid, nodelist = '" . implode(',', $this->set_fields['navigation']) . "' "); } // if this is not an array, it means the drop-down was selected to inherit from parent // so delete any record in the navigation table for this node else { vB::$vbulletin->db->query_write(" DELETE FROM " . TABLE_PREFIX . "cms_navigation WHERE nodeid = $nodeid "); } } if (isset($this->set_fields['setpublish']) OR isset($this->set_fields['navigation'])) { // clear the navbar cache vB_Cache::instance()->event(array(vBCms_NavBar::GLOBAL_CACHE_EVENT, vBCms_NavBar::getCacheEventId($this->item->getNodeId()), $this->item->getCacheEvents(), $this->item->getContentCacheEvent())); vB_Cache::instance()->cleanNow(); $nav_node = new vBCms_Item_Content($this->item->getNodeId(), vBCms_Item_Content::INFO_NAVIGATION); // reload the navbar for the page vBCms_NavBar::prepareNavBar($nav_node, true); unset($nav_node); } else if ($this->item) { vB_Cache::instance()->event(array($this->item->getCacheEvents(), $this->item->getContentCacheEvent())); } //Let's set the thread status, if there is one. //If we get called from dm/rate.php or somewhere like that, we skip this section if ($this->isUpdating() AND in_array('comments_enabled', $this->set_fields) AND isset($this->set_fields['comments_enabled'])) { $record = vB::$vbulletin->db->query_first("SELECT info.associatedthreadid, thread.forumid FROM " . TABLE_PREFIX . "cms_nodeinfo AS info INNER JOIN " . TABLE_PREFIX . "thread AS thread ON thread.threadid = info.associatedthreadid WHERE info.nodeid = ". $this->item->getNodeId() ); if ($record['associatedthreadid']) { require_once DIR . '/includes/functions_databuild.php'; $thread = vB_Legacy_Thread::create_from_id($record['associatedthreadid']); if ($thread) { if (intval($this->set_fields['comments_enabled'])) { //We need to ensure comments are enabled. $visible = $thread->get_field('visible'); if ( intval($visible) != 1) { undelete_thread($record['associatedthreadid']); } //If the title has been updated in the article, update the thread title. if (($thread->getField('title') != '') AND isset($this->set_fields['title']) AND ($thread->getField('title') != $this->set_fields['title'])) { $sql = "UPDATE " . TABLE_PREFIX . "thread SET title = '" . vB::$db->escape_string($this->set_fields['title']) . "' WHERE threadid = " . $record['associatedthreadid']; vB::$db->query_write($sql); } } else { //We need to hide the thread. $thread->soft_delete(new vB_Legacy_CurrentUser(), '', true); } } build_thread_counters($record['associatedthreadid']); build_forum_counters($record['forumid']); } } parent::postSave($result, $deferred, $replace, $ignore); //we should never return false if we got here. $result = (intval($result) ? $result : true); return $result; }
// to this thread, you will be subscribed with the default option. (See 3.6 bug 1342.) $insert_subscriptions = array(); foreach ($unique_thread_user as $threadid => $users) { foreach ($users as $userid => $subscriptioninfo) { if ($subscriptioninfo['issubscribed'] and $subscriptioninfo['autosubscribe'] != -1) { $insert_subscriptions[] = "({$userid}, {$destthreadinfo['threadid']}, {$subscriptioninfo['autosubscribe']}, 0, 1)"; } } } if ($insert_subscriptions) { $db->query_write("\n\t\t\t\tINSERT IGNORE INTO " . TABLE_PREFIX . "subscribethread\n\t\t\t\t\t(userid, threadid, emailupdate, folderid, canview)\n\t\t\t\tVALUES\n\t\t\t\t\t" . implode(', ', $insert_subscriptions)); } // need to check permissions on these threads update_subscriptions(array('threadids' => array($destthreadinfo['threadid']))); } build_thread_counters($destthreadinfo['threadid']); build_forum_counters($destforuminfo['forumid']); log_moderator_action($destthreadinfo, 'posts_copied_to_x', $destthreadinfo['threadid']); // empty cookie setcookie('vbulletin_inlinepost', '', TIMENOW - 3600, '/'); ($hook = vBulletinHook::fetch_hook('inlinemod_docopyposts')) ? eval($hook) : false; $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$destthreadinfo['threadid']}"; eval(print_standard_redirect('redirect_inline_copiedposts', true, $forceredirect)); } $navbits = construct_navbits($navbits); eval('$navbar = "' . fetch_template('navbar') . '";'); ($hook = vBulletinHook::fetch_hook('inlinemod_complete')) ? eval($hook) : false; $url =& $vbulletin->url; // spit out the final HTML if we have got this far eval('$HTML = "' . fetch_template($template) . '";'); eval('print_output("' . fetch_template('THREADADMIN') . '");');
function do_moderation() { global $vbulletin, $db, $foruminfo, $forumperms, $threadinfo, $postinfo, $vbphrase, $threadid; $postlimit = 400; $threadlimit = 200; $threadarray = array(); $postarray = array(); $postinfos = array(); $forumlist = array(); $threadlist = array(); switch ($_REQUEST['do']) { case 'openclosethread': case 'dodeletethread': case 'domovethread': case 'updatethread': case 'domergethread': case 'stick': case 'removeredirect': case 'deletethread': case 'deleteposts': case 'movethread': case 'copythread': case 'editthread': case 'mergethread': case 'moderatethread': if (!$threadinfo['threadid']) { standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink'])); } } if ($_REQUEST['do'] == 'getforums') { $forums = array(); get_forums(-1, $forums); return array('forums' => $forums); } if ($threadinfo['forumid']) { $forumperms = fetch_permissions($threadinfo['forumid']); if ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) { json_error(ERR_NO_PERMISSION); } } // Open/Close Thread if ($_POST['do'] == 'openclosethread') { if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) { if (can_moderate($threadinfo['forumid'])) { json_error(ERR_NO_PERMISSION); } else { standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])); } } // permission check if (!can_moderate($threadinfo['forumid'], 'canopenclose')) { if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'])) { json_error(ERR_NO_PERMISSION); } else { if (!is_first_poster($threadid)) { json_error(ERR_NO_PERMISSION); } } } // check if there is a forum password and if so, ensure the user has it set verify_forum_password($foruminfo['forumid'], $foruminfo['password']); // handles mod log $threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost'); $threadman->set_existing($threadinfo); $threadman->set('open', $threadman->fetch_field('open') == 1 ? 0 : 1); ($hook = vBulletinHook::fetch_hook('threadmanage_openclose')) ? eval($hook) : false; $threadman->save(); } // Stick/Unstick Thread if ($_POST['do'] == 'stick') { if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) { if (can_moderate($threadinfo['forumid'])) { json_error(ERR_NO_PERMISSION); } else { standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])); } } if (!can_moderate($threadinfo['forumid'], 'canmanagethreads')) { json_error(ERR_NO_PERMISSION); } // check if there is a forum password and if so, ensure the user has it set verify_forum_password($foruminfo['forumid'], $foruminfo['password']); // handles mod log $threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $threadman->set_existing($threadinfo); $threadman->set('sticky', $threadman->fetch_field('sticky') == 1 ? 0 : 1); ($hook = vBulletinHook::fetch_hook('threadmanage_stickunstick')) ? eval($hook) : false; $threadman->save(); } // Delete Thread if ($_POST['do'] == 'dodeletethread') { $vbulletin->input->clean_array_gpc('p', array('deletetype' => TYPE_UINT, 'deletereason' => TYPE_STR, 'keepattachments' => TYPE_BOOL)); $vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']); if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'canremoveposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) { if (can_moderate($threadinfo['forumid'])) { json_error(ERR_NO_PERMISSION); } else { standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])); } } $physicaldel = false; if (!can_moderate($threadinfo['forumid'], 'candeleteposts') and !can_moderate($threadinfo['forumid'], 'canremoveposts')) { if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['candeletepost']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['candeletethread'])) { json_error(ERR_NO_PERMISSION); } else { if ($threadinfo['dateline'] < TIMENOW - $vbulletin->options['edittimelimit'] * 60 and $vbulletin->options['edittimelimit'] != 0) { json_error(ERR_NO_PERMISSION); } else { if (!$threadinfo['open']) { json_error(ERR_NO_PERMISSION); } if (!is_first_poster($threadinfo['threadid'])) { json_error(ERR_NO_PERMISSION); } } } } else { if (!can_moderate($threadinfo['forumid'], 'canremoveposts')) { $physicaldel = false; } else { if (!can_moderate($threadinfo['forumid'], 'candeleteposts')) { $physicaldel = true; } else { $physicaldel = iif($vbulletin->GPC['deletetype'] == 1, false, true); } } } // check if there is a forum password and if so, ensure the user has it set verify_forum_password($foruminfo['forumid'], $foruminfo['password']); $delinfo = array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments']); $threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost'); $threadman->set_existing($threadinfo); $threadman->delete($foruminfo['countposts'], $physicaldel, $delinfo); unset($threadman); build_forum_counters($threadinfo['forumid']); } // Delete Posts if ($_POST['do'] == 'dodeleteposts') { $vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR)); $postids = explode(',', $vbulletin->GPC['postids']); foreach ($postids as $index => $postid) { if (intval($postid) == 0) { unset($postids["{$index}"]); } else { $postids["{$index}"] = intval($postid); } } if (empty($postids)) { standard_error(fetch_error('no_applicable_posts_selected')); } if (count($postids) > 400) { standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit)); } $vbulletin->input->clean_array_gpc('p', array('deletetype' => TYPE_UINT, 'keepattachments' => TYPE_BOOL, 'deletereason' => TYPE_STR)); $vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']); $physicaldel = iif($vbulletin->GPC['deletetype'] == 1, false, true); // Validate posts $posts = $db->query_read_slave("\n\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title, post.userid AS posteruserid,\n\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\tORDER BY postid\n\t"); $deletethreads = array(); $firstpost = array(); while ($post = $db->fetch_array($posts)) { $forumperms = fetch_permissions($post['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) { json_error(ERR_NO_PERMISSION); } if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts')); } else { if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title'])); } else { if (!can_moderate($post['forumid'], 'canremoveposts') and !can_moderate($post['forumid'], 'candeleteposts')) { standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title'])); } } } if (!can_moderate($post['forumid'], 'canremoveposts') and $physicaldel) { standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title'])); } else { if (!physicaldel and (!can_moderate($post['forumid'], 'candeleteposts') and ($post['posteruserid'] != $vbulletin->userinfo['userid'] or !($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['candeletepost'])))) { standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title'])); } } $postarray["{$post['postid']}"] = $post; $threadlist["{$post['threadid']}"] = true; $forumlist["{$post['forumid']}"] = true; if ($post['firstpostid'] == $post['postid']) { // deleting a thread so do not decremement the counters of any other posts in this thread $firstpost["{$post['threadid']}"] = true; } else { if (!empty($firstpost["{$post['threadid']}"])) { $postarray["{$post['postid']}"]['skippostcount'] = true; } } } if (empty($postarray)) { standard_error(fetch_error('no_applicable_posts_selected')); } $firstpost = false; $gotothread = true; foreach ($postarray as $postid => $post) { $foruminfo = fetch_foruminfo($post['forumid']); $postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost'); $postman->set_existing($post); $postman->delete($foruminfo['countposts'] and !$post['skippostcount'], $post['threadid'], $physicaldel, array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments'])); unset($postman); } foreach (array_keys($threadlist) as $threadid) { build_thread_counters($threadid); } foreach (array_keys($forumlist) as $forumid) { build_forum_counters($forumid); } ($hook = vBulletinHook::fetch_hook('inlinemod_dodeleteposts')) ? eval($hook) : false; } // Move Thread if ($_POST['do'] == 'domovethread') { $vbulletin->input->clean_array_gpc('p', array('destforumid' => TYPE_UINT, 'redirect' => TYPE_STR, 'title' => TYPE_NOHTML, 'redirectprefixid' => TYPE_NOHTML, 'redirecttitle' => TYPE_NOHTML, 'period' => TYPE_UINT, 'frame' => TYPE_STR)); $vbulletin->GPC['title'] = prepare_remote_utf8_string($vbulletin->GPC['title']); $vbulletin->GPC['redirecttitle'] = prepare_remote_utf8_string($vbulletin->GPC['redirecttitle']); $vbulletin->GPC['redirectprefixid'] = prepare_remote_utf8_string($vbulletin->GPC['redirectprefixid']); if ($threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) { if (can_moderate($threadinfo['forumid'])) { json_error(ERR_NO_PERMISSION); } else { standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])); } } // check whether dest can contain posts $destforumid = verify_id('forum', $vbulletin->GPC['destforumid']); $destforuminfo = fetch_foruminfo($destforumid); if (!$destforuminfo['cancontainthreads'] or $destforuminfo['link']) { standard_error(fetch_error('moveillegalforum')); } if ($threadinfo['isdeleted'] and !can_moderate($destforuminfo['forumid'], 'candeleteposts') or !$threadinfo['visible'] and !can_moderate($destforuminfo['forumid'], 'canmoderateposts')) { ## Insert proper phrase about not being able to move a hidden thread to a forum you can't moderateposts in or a deleted thread to a forum you can't deletethreads in standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])); } // check source forum permissions if (!can_moderate($threadinfo['forumid'], 'canmanagethreads')) { if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canmove'])) { json_error(ERR_NO_PERMISSION); } else { if (!$threadinfo['open'] and !($forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'])) { json_error(ERR_NO_PERMISSION); } if (!is_first_poster($threadid)) { json_error(ERR_NO_PERMISSION); } } } // check destination forum permissions $destforumperms = fetch_permissions($destforuminfo['forumid']); if (!($destforumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) { json_error(ERR_NO_PERMISSION); } // check if there is a forum password and if so, ensure the user has it set verify_forum_password($foruminfo['forumid'], $foruminfo['password']); verify_forum_password($destforuminfo['forumid'], $destforuminfo['password']); // check to see if this thread is being returned to a forum it's already been in // if a redirect exists already in the destination forum, remove it if ($checkprevious = $db->query_first_slave("SELECT threadid FROM " . TABLE_PREFIX . "thread WHERE forumid = {$destforuminfo['forumid']} AND open = 10 AND pollid = {$threadid}")) { $old_redirect =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $old_redirect->set_existing($checkprevious); $old_redirect->delete(false, true, NULL, false); unset($old_redirect); } // check to see if this thread is being moved to the same forum it's already in but allow copying to the same forum if ($destforuminfo['forumid'] == $threadinfo['forumid'] and $vbulletin->GPC['redirect']) { standard_error(fetch_error('movesameforum')); } ($hook = vBulletinHook::fetch_hook('threadmanage_move_start')) ? eval($hook) : false; if ($vbulletin->GPC['title'] != '' and $vbulletin->GPC['title'] != $threadinfo['title']) { $oldtitle = $threadinfo['title']; $threadinfo['title'] = unhtmlspecialchars($vbulletin->GPC['title']); $updatetitle = true; } else { $oldtitle = $threadinfo['title']; $updatetitle = false; } if ($vbulletin->GPC['redirect'] == 'none') { $method = 'move'; } else { $method = 'movered'; } switch ($method) { // *************************************************************** // move the thread wholesale into the destination forum case 'move': // update forumid/notes and unstick to prevent abuse $threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost'); $threadman->set_info('skip_moderator_log', true); $threadman->set_existing($threadinfo); if ($updatetitle) { $threadman->set('title', $threadinfo['title']); if ($vbulletin->options['similarthreadsearch']) { require_once DIR . '/includes/functions_search.php'; $threadman->set('similar', fetch_similar_threads(fetch_censored_text($vbulletin->GPC['title']), $threadinfo['threadid'])); } } else { // Bypass check since title wasn't modified $threadman->set('title', $threadinfo['title'], true, false); } $threadman->set('forumid', $destforuminfo['forumid']); // If mod can not manage threads in destination forum then unstick thread if (!can_moderate($destforuminfo['forumid'], 'canmanagethreads')) { $threadman->set('sticky', 0); } ($hook = vBulletinHook::fetch_hook('threadmanage_move_simple')) ? eval($hook) : false; $threadman->save(); log_moderator_action($threadinfo, 'thread_moved_to_x', $destforuminfo['title']); break; // *************************************************************** // *************************************************************** // move the thread into the destination forum and leave a redirect // *************************************************************** // *************************************************************** // move the thread into the destination forum and leave a redirect case 'movered': $threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_STANDARD, 'threadpost'); $threadman->set_info('skip_moderator_log', true); $threadman->set_existing($threadinfo); if ($updatetitle) { $threadman->set('title', $threadinfo['title']); if ($vbulletin->options['similarthreadsearch']) { require_once DIR . '/includes/functions_search.php'; $threadman->set('similar', fetch_similar_threads(fetch_censored_text($vbulletin->GPC['title']), $threadinfo['threadid'])); } } else { // Bypass check since title wasn't modified $threadman->set('title', $threadinfo['title'], true, false); } $threadman->set('forumid', $destforuminfo['forumid']); // If mod can not manage threads in destination forum then unstick thread if (!can_moderate($destforuminfo['forumid'], 'canmanagethreads')) { $threadman->set('sticky', 0); } ($hook = vBulletinHook::fetch_hook('threadmanage_move_redirect_orig')) ? eval($hook) : false; $threadman->save(); unset($threadman); if ($threadinfo['visible'] == 1) { // Insert redirect for visible thread log_moderator_action($threadinfo, 'thread_moved_with_redirect_to_a', $destforuminfo['title']); $redirdata = array('lastpost' => intval($threadinfo['lastpost']), 'forumid' => intval($threadinfo['forumid']), 'pollid' => intval($threadinfo['threadid']), 'open' => 10, 'replycount' => intval($threadinfo['replycount']), 'postusername' => $threadinfo['postusername'], 'postuserid' => intval($threadinfo['postuserid']), 'lastposter' => $threadinfo['lastposter'], 'dateline' => intval($threadinfo['dateline']), 'views' => intval($threadinfo['views']), 'iconid' => intval($threadinfo['iconid']), 'visible' => 1); $redir =& datamanager_init('Thread', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); foreach (array_keys($redirdata) as $field) { // bypassing the verify_* calls; this data should be valid as is $redir->setr($field, $redirdata["{$field}"], true, false); } if ($updatetitle) { if (empty($vbulletin->GPC['redirecttitle'])) { $redir->set('title', $threadinfo['title']); } else { $redir->set('title', unhtmlspecialchars($vbulletin->GPC['redirecttitle'])); } } else { // Bypass check since title wasn't modified if (empty($vbulletin->GPC['redirecttitle'])) { $redir->set('title', $threadinfo['title'], true, false); } else { $redir->set('title', unhtmlspecialchars($vbulletin->GPC['redirecttitle'])); } } require_once DIR . '/includes/functions_prefix.php'; if (can_use_prefix($vbulletin->GPC['redirectprefixid'])) { $redir->set('prefixid', $vbulletin->GPC['redirectprefixid']); } ($hook = vBulletinHook::fetch_hook('threadmanage_move_redirect_notice')) ? eval($hook) : false; if ($redirthreadid = $redir->save() and $vbulletin->GPC['redirect'] == 'expires') { switch ($vbulletin->GPC['frame']) { case 'h': $expires = mktime(date('H') + $vbulletin->GPC['period'], date('i'), date('s'), date('m'), date('d'), date('y')); break; case 'd': $expires = mktime(date('H'), date('i'), date('s'), date('m'), date('d') + $vbulletin->GPC['period'], date('y')); break; case 'w': $expires = $vbulletin->GPC['period'] * 60 * 60 * 24 * 7 + TIMENOW; break; case 'y': $expires = mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y') + $vbulletin->GPC['period']); break; case 'm': default: $expires = mktime(date('H'), date('i'), date('s'), date('m') + $vbulletin->GPC['period'], date('d'), date('y')); } $db->query_write("\n\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "threadredirect\n\t\t\t\t\t\t\t(threadid, expires)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$redirthreadid}, {$expires})\n\t\t\t\t\t"); } unset($redir); } else { // leave no redirect for hidden or deleted threads log_moderator_action($threadinfo, 'thread_moved_to_x', $destforuminfo['title']); } break; // *************************************************************** } // end switch($method) // kill the cache for the old thread delete_post_cache_threads(array($threadinfo['threadid'])); // Update Post Count if we move from a counting forum to a non counting or vice-versa.. // Source Dest Visible Thread Hidden Thread // Yes Yes ~ ~ // Yes No -visible ~ // No Yes +visible ~ // No No ~ ~ if ($threadinfo['visible'] and ($method == 'move' or $method == 'movered') and ($foruminfo['countposts'] and !$destforuminfo['countposts'] or !$foruminfo['countposts'] and $destforuminfo['countposts'])) { $posts = $db->query_read_slave("\n\t\t\tSELECT userid\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE threadid = {$threadinfo['threadid']}\n\t\t\t\tAND\tuserid > 0\n\t\t\t\tAND visible = 1\n\t\t"); $userbyuserid = array(); while ($post = $db->fetch_array($posts)) { if (!isset($userbyuserid["{$post['userid']}"])) { $userbyuserid["{$post['userid']}"] = 1; } else { $userbyuserid["{$post['userid']}"]++; } } if (!empty($userbyuserid)) { $userbypostcount = array(); foreach ($userbyuserid as $postuserid => $postcount) { $alluserids .= ",{$postuserid}"; $userbypostcount["{$postcount}"] .= ",{$postuserid}"; } foreach ($userbypostcount as $postcount => $userids) { $casesql .= " WHEN userid IN (0{$userids}) THEN {$postcount}"; } $operator = $destforuminfo['countposts'] ? '+' : '-'; $db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "user\n\t\t\t\tSET posts = CAST(posts AS SIGNED) {$operator}\n\t\t\t\t\tCASE\n\t\t\t\t\t\t{$casesql}\n\t\t\t\t\t\tELSE 0\n\t\t\t\t\tEND\n\t\t\t\tWHERE userid IN (0{$alluserids})\n\t\t\t"); } } build_forum_counters($threadinfo['forumid']); if ($threadinfo['forumid'] != $destforuminfo['forumid']) { build_forum_counters($destforuminfo['forumid']); } // Update canview status of thread subscriptions update_subscriptions(array('threadids' => array($threadid))); } // Undelete Posts if ($_POST['do'] == 'undeleteposts') { $vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR)); $postids = explode(',', $vbulletin->GPC['postids']); foreach ($postids as $index => $postid) { if (intval($postid) == 0) { unset($postids["{$index}"]); } else { $postids["{$index}"] = intval($postid); } } if (empty($postids)) { standard_error(fetch_error('no_applicable_posts_selected')); } if (count($postids) > 400) { standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit)); } $postids = implode(',', $postids); // Validate posts $posts = $db->query_read_slave("\n\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title, post.userid,\n\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible,\n\t\t\tforum.options AS forum_options\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "forum AS forum USING (forumid)\n\t\tWHERE postid IN ({$postids})\n\t\t\tAND (post.visible = 2 OR (post.visible = 1 AND thread.visible = 2 AND post.postid = thread.firstpostid))\n\t\tORDER BY postid\n\t"); $deletethreads = array(); while ($post = $db->fetch_array($posts)) { $forumperms = fetch_permissions($post['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) { json_error(ERR_NO_PERMISSION); } if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts')); } else { if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title'])); } } $postarray["{$post['postid']}"] = $post; $threadlist["{$post['threadid']}"] = true; $forumlist["{$post['forumid']}"] = true; if ($post['firstpostid'] == $post['postid']) { // undeleting a thread so need to update the $tinfo for any other posts in this thread $firstpost["{$post['threadid']}"] = true; } else { if (!empty($firstpost["{$post['threadid']}"])) { $postarray["{$post['postid']}"]['thread_visible'] = 1; } } } if (is_array($postarray)) { foreach ($postarray as $postid => $post) { $tinfo = array('threadid' => $post['threadid'], 'forumid' => $post['forumid'], 'visible' => $post['thread_visible'], 'firstpostid' => $post['firstpostid']); undelete_post($post['postid'], $post['forum_options'] & $vbulletin->bf_misc_forumoptions['countposts'], $post, $tinfo, false); } } if (is_array($threadlist)) { foreach (array_keys($threadlist) as $threadid) { build_thread_counters($threadid); } } if (is_array($forumlist)) { foreach (array_keys($forumlist) as $forumid) { build_forum_counters($forumid); } } } // Delete As Spam if ($_REQUEST['do'] == 'dodeletespam') { $vbulletin->input->clean_array_gpc('p', array('type' => TYPE_STR)); if ($vbulletin->GPC['type'] == 'post') { $vbulletin->input->clean_array_gpc('p', array('postids' => TYPE_STR)); $postids = explode(',', $vbulletin->GPC['postids']); foreach ($postids as $index => $postid) { if (intval($postid) == 0) { unset($postids["{$index}"]); } else { $postids["{$index}"] = intval($postid); } } if (empty($postids)) { standard_error(fetch_error('no_applicable_posts_selected')); } if (count($postids) > $postlimit) { standard_error(fetch_error('you_are_limited_to_working_with_x_posts', $postlimit)); } } else { $vbulletin->input->clean_array_gpc('p', array('threadid' => TYPE_STR)); $threadids = explode(',', $vbulletin->GPC['threadid']); foreach ($threadids as $index => $threadid) { if (intval($threadid) == 0) { unset($threadids["{$index}"]); } else { $threadids["{$index}"] = intval($threadid); } } if (empty($threadids)) { standard_error(fetch_error('you_did_not_select_any_valid_threads')); } if (count($threadids) > $threadlimit) { standard_error(fetch_error('you_are_limited_to_working_with_x_threads', $threadlimit)); } } $vbulletin->input->clean_array_gpc('p', array('banusers' => TYPE_BOOL, 'userids' => TYPE_STR)); $banusers = false; if ($vbulletin->GPC['banusers']) { $banusers = true; } $vbulletin->GPC['userid'] = split(',', $vbulletin->GPC['userids']); $vbulletin->GPC_exists['userid'] = true; $userids = array(); if ($vbulletin->GPC['type'] == 'thread') { // threads $threadarray = array(); $threads = $db->query_read_slave("\n\t\t\tSELECT threadid, open, visible, forumid, title, prefixid, postuserid\n\t\t\tFROM " . TABLE_PREFIX . "thread\n\t\t\tWHERE threadid IN (" . implode(',', $threadids) . ")\n\t\t"); while ($thread = $db->fetch_array($threads)) { $forumperms = fetch_permissions($thread['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $thread['postuserid'] != $vbulletin->userinfo['userid']) { json_error(ERR_NO_PERMISSION); } $thread['prefix_plain_html'] = $thread['prefixid'] ? htmlspecialchars_uni($vbphrase["prefix_{$thread['prefixid']}_title_plain"]) . ' ' : ''; if ($thread['open'] == 10) { if (!can_moderate($thread['forumid'], 'canmanagethreads')) { // No permission to remove redirects. standard_error(fetch_error('you_do_not_have_permission_to_manage_thread_redirects', $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title'])); } } else { if (!$thread['visible'] and !can_moderate($thread['forumid'], 'canmoderateposts')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts')); } else { if ($thread['visible'] == 2 and !can_moderate($thread['forumid'], 'candeleteposts')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title'])); } else { if (!can_moderate($thread['forumid'], 'canremoveposts')) { if (!can_moderate($thread['forumid'], 'candeleteposts')) { standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title'])); } } else { if (!can_moderate($thread['forumid'], 'candeleteposts')) { if (!can_moderate($thread['forumid'], 'canremoveposts')) { standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['prefix_plain_html'] . $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title'])); } } } } } } $threadarray["{$thread['threadid']}"] = $thread; $userids["{$thread['postuserid']}"] = true; } if (empty($threadarray)) { standard_error(fetch_error('you_did_not_select_any_valid_threads')); } } else { // posts // Validate posts $postarray = array(); $posts = $db->query_read_slave("\n\t\t\tSELECT post.postid, post.threadid, post.visible, post.title, post.userid,\n\t\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.visible AS thread_visible, thread.firstpostid\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\t"); while ($post = $db->fetch_array($posts)) { $forumperms = fetch_permissions($post['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $post['postuserid'] != $vbulletin->userinfo['userid']) { json_error(ERR_NO_PERMISSION); } if ((!$post['visible'] or !$post['thread_visible']) and !can_moderate($post['forumid'], 'canmoderateposts')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts')); } else { if (($post['visible'] == 2 or $post['thread_visible'] == 2) and !can_moderate($post['forumid'], 'candeleteposts')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title'])); } else { if (!can_moderate($post['forumid'], 'canremoveposts')) { if (!can_moderate($post['forumid'], 'candeleteposts')) { standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title'])); } } else { if (!can_moderate($post['forumid'], 'candeleteposts')) { if (!can_moderate($post['forumid'], 'canremoveposts')) { standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $post['title'], $post['thread_title'], $vbulletin->forumcache["{$post['forumid']}"]['title'])); } } } } } $postarray["{$post['postid']}"] = $post; $userids["{$post['userid']}"] = true; } if (empty($postarray)) { standard_error(fetch_error('no_applicable_posts_selected')); } } $user_cache = array(); foreach ($vbulletin->GPC['userid'] as $userid) { // check that userid appears somewhere in either posts / threads, if they don't then you're doing something naughty if (!isset($userids["{$userid}"])) { json_error(ERR_NO_PERMISSION); } $user_cache["{$userid}"] = fetch_userinfo($userid); cache_permissions($user_cache["{$userid}"]); $user_cache["{$userid}"]['joindate_string'] = vbdate($vbulletin->options['dateformat'], $user_cache["{$userid}"]['joindate']); } if ($banusers) { require_once DIR . '/includes/adminfunctions.php'; require_once DIR . '/includes/functions_banning.php'; if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or can_moderate(0, 'canbanusers'))) { json_error(ERR_NO_PERMISSION); } // check that user has permission to ban the person they want to ban if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) { foreach ($user_cache as $userid => $userinfo) { if (can_moderate(0, '', $userinfo['userid'], $userinfo['usergroupid'] . (trim($userinfo['membergroupids']) ? ",{$userinfo['membergroupids']}" : '')) or $userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or $userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator'] or is_unalterable_user($userinfo['userid'])) { standard_error(fetch_error('no_permission_ban_non_registered_users')); } } } else { foreach ($user_cache as $userid => $userinfo) { if ($userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or is_unalterable_user($userinfo['userid'])) { standard_error(fetch_error('no_permission_ban_non_registered_users')); } } } } $vbulletin->input->clean_array_gpc('p', array('deleteother' => TYPE_BOOL, 'type' => TYPE_STR, 'deletetype' => TYPE_UINT, 'deletereason' => TYPE_STR, 'keepattachments' => TYPE_BOOL)); $vbulletin->GPC['deletereason'] = prepare_remote_utf8_string($vbulletin->GPC['deletereason']); // Check if we have users to punish if (!empty($user_cache)) { if ($banusers) { $vbulletin->input->clean_array_gpc('p', array('usergroupid' => TYPE_UINT, 'period' => TYPE_STR, 'reason' => TYPE_STR)); $vbulletin->GPC['reason'] = prepare_remote_utf8_string($vbulletin->GPC['reason']); if (!isset($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]) or $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']) { standard_error(fetch_error('invalid_usergroup_specified')); } // check that the number of days is valid if ($vbulletin->GPC['period'] != 'PERMANENT' and !preg_match('#^(D|M|Y)_[1-9][0-9]?$#', $vbulletin->GPC['period'])) { standard_error(fetch_error('invalid_ban_period_specified')); } if ($vbulletin->GPC['period'] == 'PERMANENT') { // make this ban permanent $liftdate = 0; } else { // get the unixtime for when this ban will be lifted $liftdate = convert_date_to_timestamp($vbulletin->GPC['period']); } $user_dms = array(); $current_bans = $db->query_read("\n\t\t\t\t\tSELECT user.userid, userban.liftdate, userban.bandate\n\t\t\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userban AS userban ON(userban.userid = user.userid)\n\t\t\t\t\tWHERE user.userid IN (" . implode(',', array_keys($user_cache)) . ")\n\t\t\t\t"); while ($current_ban = $db->fetch_array($current_bans)) { $userinfo = $user_cache["{$current_ban['userid']}"]; $userid = $userinfo['userid']; if ($current_ban['bandate']) { // they already have a ban, check if the current one is being made permanent, continue if its not if ($liftdate and $liftdate < $current_ban['liftdate']) { continue; } // there is already a record - just update this record $db->query_write("\n\t\t\t\t\t\t\tUPDATE " . TABLE_PREFIX . "userban SET\n\t\t\t\t\t\t\tbandate = " . TIMENOW . ",\n\t\t\t\t\t\t\tliftdate = {$liftdate},\n\t\t\t\t\t\t\tadminid = " . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t\treason = '" . $db->escape_string($vbulletin->GPC['reason']) . "'\n\t\t\t\t\t\t\tWHERE userid = {$userinfo['userid']}\n\t\t\t\t\t\t"); } else { // insert a record into the userban table /*insert query*/ $db->query_write("\n\t\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "userban\n\t\t\t\t\t\t\t(userid, usergroupid, displaygroupid, customtitle, usertitle, adminid, bandate, liftdate, reason)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$userinfo['userid']}, {$userinfo['usergroupid']}, {$userinfo['displaygroupid']}, {$userinfo['customtitle']}, '" . $db->escape_string($userinfo['usertitle']) . "', " . $vbulletin->userinfo['userid'] . ", " . TIMENOW . ", {$liftdate}, '" . $db->escape_string($vbulletin->GPC['reason']) . "')\n\t\t\t\t\t\t"); } // update the user record $user_dms[$userid] =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT); $user_dms[$userid]->set_existing($userinfo); $user_dms[$userid]->set('usergroupid', $vbulletin->GPC['usergroupid']); $user_dms[$userid]->set('displaygroupid', 0); // update the user's title if they've specified a special user title for the banned group if ($vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle'] != '') { $user_dms[$userid]->set('usertitle', $vbulletin->usergroupcache["{$vbulletin->GPC['usergroupid']}"]['usertitle']); $user_dms[$userid]->set('customtitle', 0); } $user_dms[$userid]->pre_save(); } foreach ($user_dms as $userdm) { $userdm->save(); } } } // delete threads that are defined explicitly as spam by being ticked $physicaldel = $vbulletin->GPC['deletetype'] == 2 ? true : false; $skipped_user_prune = array(); if ($vbulletin->GPC['deleteother'] and !empty($user_cache) and can_moderate(-1, 'canmassprune')) { $remove_all_posts = array(); $user_checks = $db->query_read_slave("SELECT COUNT(*) AS total, userid AS userid FROM " . TABLE_PREFIX . "post WHERE userid IN (" . implode(', ', array_keys($user_cache)) . ") GROUP BY userid"); while ($user_check = $db->fetch_array($user_checks)) { if (intval($user_check['total']) <= 50) { $remove_all_posts[] = $user_check['userid']; } else { $skipped_user_prune[] = $user_check['userid']; } } if (!empty($remove_all_posts)) { $threads = $db->query_read_slave("SELECT threadid FROM " . TABLE_PREFIX . "thread WHERE postuserid IN (" . implode(', ', $remove_all_posts) . ")"); while ($thread = $db->fetch_array($threads)) { $threadids[] = $thread['threadid']; } // Yes this can pick up firstposts of threads but we check later on when fetching info, so it won't matter if its already deleted $posts = $db->query_read_slave("SELECT postid FROM " . TABLE_PREFIX . "post WHERE userid IN (" . implode(', ', $remove_all_posts) . ")"); while ($post = $db->fetch_array($posts)) { $postids[] = $post['postid']; } } } if (!empty($threadids)) { // Validate threads $threads = $db->query_read_slave("\n\t\t\tSELECT threadid, open, visible, forumid, title, postuserid\n\t\t\tFROM " . TABLE_PREFIX . "thread\n\t\t\tWHERE threadid IN (" . implode(',', $threadids) . ")\n\t\t"); while ($thread = $db->fetch_array($threads)) { $forumperms = fetch_permissions($thread['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and $thread['postuserid'] != $vbulletin->userinfo['userid']) { json_error(ERR_NO_PERMISSION); } if ($thread['open'] == 10 and !can_moderate($thread['forumid'], 'canmanagethreads')) { // No permission to remove redirects. standard_error(fetch_error('you_do_not_have_permission_to_manage_thread_redirects', $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title'])); } else { if (!$thread['visible'] and !can_moderate($thread['forumid'], 'canmoderateposts')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_moderated_threads_and_posts')); } else { if ($thread['visible'] == 2 and !can_moderate($thread['forumid'], 'candeleteposts')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title'])); } else { if ($thread['open'] != 10) { if (!can_moderate($thread['forumid'], 'canremoveposts') and $physicaldel) { standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title'])); } else { if (!can_moderate($thread['forumid'], 'candeleteposts') and !$physicaldel) { standard_error(fetch_error('you_do_not_have_permission_to_delete_threads_and_posts', $vbphrase['n_a'], $thread['title'], $vbulletin->forumcache["{$thread['forumid']}"]['title'])); } } } } } } $threadarray["{$thread['threadid']}"] = $thread; $forumlist["{$thread['forumid']}"] = true; } } $delinfo = array('userid' => $vbulletin->userinfo['userid'], 'username' => $vbulletin->userinfo['username'], 'reason' => $vbulletin->GPC['deletereason'], 'keepattachments' => $vbulletin->GPC['keepattachments']); foreach ($threadarray as $threadid => $thread) { $countposts = $vbulletin->forumcache["{$thread['forumid']}"]['options'] & $vbulletin->bf_misc_forumoptions['countposts']; if (!$physicaldel and $thread['visible'] == 2) { # Thread is already soft deleted continue; } $threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost'); $threadman->set_existing($thread); // Redirect if ($thread['open'] == 10) { $threadman->delete(false, true, $delinfo); } else { $threadman->delete($countposts, $physicaldel, $delinfo); } unset($threadman); } if (!empty($postids)) { // Validate Posts $posts = $db->query_read_slave("\n\t\t\tSELECT post.postid, post.threadid, post.parentid, post.visible, post.title,\n\t\t\t\tthread.forumid, thread.title AS thread_title, thread.postuserid, thread.firstpostid, thread.visible AS thread_visible\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread USING (threadid)\n\t\t\tWHERE postid IN (" . implode(',', $postids) . ")\n\t\t\tORDER BY postid\n\t\t"); while ($post = $db->fetch_array($posts)) { $postarray["{$post['postid']}"] = $post; $threadlist["{$post['threadid']}"] = true; $forumlist["{$post['forumid']}"] = true; if ($post['firstpostid'] == $post['postid']) { // deleting a thread so do not decremement the counters of any other posts in this thread $firstpost["{$post['threadid']}"] = true; } else { if (!empty($firstpost["{$post['threadid']}"])) { $postarray["{$post['postid']}"]['skippostcount'] = true; } } } } $gotothread = true; foreach ($postarray as $postid => $post) { $foruminfo = fetch_foruminfo($post['forumid']); $postman =& datamanager_init('Post', $vbulletin, ERRTYPE_SILENT, 'threadpost'); $postman->set_existing($post); $postman->delete($foruminfo['countposts'] and !$post['skippostcount'], $post['threadid'], $physicaldel, $delinfo); unset($postman); if ($vbulletin->GPC['threadid'] == $post['threadid'] and $post['postid'] == $post['firstpostid']) { // we've deleted the thread that we activated this action from so we can only return to the forum $gotothread = false; } else { if ($post['postid'] == $postinfo['postid'] and $physicaldel) { // we came in via a post, which we have deleted so we have to go back to the thread $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . 't=' . $vbulletin->GPC['threadid']; } } } foreach (array_keys($threadlist) as $threadid) { build_thread_counters($threadid); } foreach (array_keys($forumlist) as $forumid) { build_forum_counters($forumid); } // empty cookie if ($vbulletin->GPC['type'] == 'thread') { setcookie('vbulletin_inlinethread', '', TIMENOW - 3600, '/'); } else { setcookie('vbulletin_inlinepost', '', TIMENOW - 3600, '/'); } } return array('success' => true); }
function PostReply($who, $threadid, $pagetext, $quotepostid = 0) { global $db, $vbulletin, $server, $structtypes, $lastpostarray; $result = RegisterService($who); if ($result['Code'] != 0) { $retval['Result'] = $result; return $retval; } $threadinfo = fetch_threadinfo($threadid); $foruminfo = fetch_foruminfo($threadinfo['forumid'], false); $postdm = new vB_DataManager_Post($vbulletin, ERRTYPE_STANDARD); $postdm->set_info('skip_maximagescheck', true); $postdm->set_info('forum', $foruminfo); $postdm->set_info('thread', $threadinfo); $postdm->set('threadid', $threadid); $postdm->set('userid', $vbulletin->userinfo['userid']); $postdm->set('allowsmilie', 1); $postdm->set('visible', 1); $postdm->set('dateline', TIMENOW); if ($quotepostid > 0) { $quote_postids[] = $quotepostid; $quotetxt = fetch_quotable_posts($quote_postids, $threadinfo['threadid'], $unquoted_post_count, $quoted_post_ids, 'only'); $pagetext = "{$quotetxt}{$pagetext}"; } $postdm->set('pagetext', "{$pagetext}"); $postdm->pre_save(); $postid = 0; if (count($postdm->errors) > 0) { // pre_save failed return ErrorResult('pre_save_failed_thread_reply'); } else { $postid = $postdm->save(); require_once './includes/functions_databuild.php'; build_thread_counters($threadinfo['threadid']); build_forum_counters($foruminfo['forumid']); correct_forum_counters($threadinfo['threadid'], $foruminfo['forumid']); mark_thread_read($threadinfo, $foruminfo, $vbulletin->userinfo['userid'], TIMENOW); } $retval['PostID'] = $postid; $result['Code'] = 1; $result['Text'] = "QuotePostID: {$quotepostid}"; $result['RemoteUser'] = ConsumeArray($vbulletin->userinfo, $structtypes['RemoteUser']); $retval['Result'] = $result; return $retval; }