/**
* Prefix Permission Check
*
* @param string The prefix ID to check
* @param array The restricted usergroups (used when we have the restrictions already)
*
* @return boolean
*/
function can_use_prefix($prefixid, $restrictions = null)
{
global $vbulletin;
if (!is_array($restrictions)) {
$restrictions = array();
$restrictions_db = $vbulletin->db->query_read("\n\t\t\tSELECT prefixpermission.usergroupid\n\t\t\tFROM " . TABLE_PREFIX . "prefixpermission AS prefixpermission\n\t\t\tWHERE prefixpermission.prefixid = '" . $vbulletin->db->escape_string($prefixid) . "'\n\t\t");
while ($restriction = $vbulletin->db->fetch_array($restrictions_db)) {
$restrictions[] = intval($restriction['usergroupid']);
}
}
if (empty($restrictions)) {
return true;
}
$membergroups = fetch_membergroupids_array($vbulletin->userinfo);
$infractiongroups = explode(',', str_replace(' ', '', $vbulletin->userinfo['infractiongroupids']));
foreach ($restrictions as $usergroup) {
if (in_array($usergroup, $infractiongroups)) {
return false;
}
}
if (!count(array_diff($membergroups, $restrictions))) {
return false;
}
return true;
}
/**
* Fetches the Avatar Category Cache
*
* @param array User Information
*
* @return array Avatar Category Cache
*
*/
function &fetch_avatar_categories(&$userinfo)
{
global $vbulletin;
static $categorycache = array();
if (isset($categorycache["{$userinfo['userid']}"])) {
return $categorycache["{$userinfo['userid']}"];
} else {
$categorycache["{$userinfo['userid']}"] = array();
}
$membergroups = fetch_membergroupids_array($userinfo);
$infractiongroups = explode(',', str_replace(' ', '', $userinfo['infractiongroupids']));
// ############### DISPLAY AVATAR CATEGORIES ###############
// get all the available avatar categories
$avperms = $vbulletin->db->query_read_slave("\n\t\tSELECT imagecategorypermission.imagecategoryid, usergroupid\n\t\tFROM " . TABLE_PREFIX . "imagecategorypermission AS imagecategorypermission, " . TABLE_PREFIX . "imagecategory AS imagecategory\n\t\tWHERE imagetype = 1\n\t\t\tAND imagecategorypermission.imagecategoryid = imagecategory.imagecategoryid\n\t\tORDER BY imagecategory.displayorder\n\t");
$noperms = array();
while ($avperm = $vbulletin->db->fetch_array($avperms)) {
$noperms["{$avperm['imagecategoryid']}"][] = $avperm['usergroupid'];
}
foreach ($noperms as $imagecategoryid => $usergroups) {
foreach ($usergroups as $usergroupid) {
if (in_array($usergroupid, $infractiongroups)) {
$badcategories .= ",{$imagecategoryid}";
}
}
if (!count(array_diff($membergroups, $usergroups))) {
$badcategories .= ",{$imagecategoryid}";
}
}
$categories = $vbulletin->db->query_read_slave("\n\t\tSELECT imagecategory.*, COUNT(avatarid) AS avatars\n\t\tFROM " . TABLE_PREFIX . "imagecategory AS imagecategory\n\t\tLEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON\n\t\t\t(avatar.imagecategoryid=imagecategory.imagecategoryid)\n\t\tWHERE imagetype=1\n\t\tAND avatar.minimumposts <= " . intval($userinfo['posts']) . "\n\t\tAND avatar.avatarid <> " . intval($userinfo['avatarid']) . "\n\t\tAND imagecategory.imagecategoryid NOT IN (0{$badcategories})\n\t\tGROUP BY imagecategory.imagecategoryid\n\t\tHAVING avatars > 0\n\t\tORDER BY imagecategory.displayorder\n\t");
while ($category = $vbulletin->db->fetch_array($categories)) {
$categorycache["{$userinfo['userid']}"]["{$category['imagecategoryid']}"] = $category;
}
return $categorycache["{$userinfo['userid']}"];
}
/**
* Prepares the project permissions for a user, taking into account primary and
* secondary groups.
*
* @param array (In/Out) User information
*
* @return array Project permissions (also in $user['projectpermissions'])
*/
function prepare_project_permissions(&$user)
{
global $vbulletin;
$membergroupids = fetch_membergroupids_array($user);
// build usergroup permissions
if (sizeof($membergroupids) == 1 or !($vbulletin->usergroupcache["{$user['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['allowmembergroups'])) {
// if primary usergroup doesn't allow member groups then get rid of them!
$membergroupids = array($user['usergroupid']);
// just return the permissions for the user's primary group (user is only a member of a single group)
$user['projectpermissions'] = $vbulletin->pt_permissions["{$user['usergroupid']}"];
if (!is_array($user['projectpermissions'])) {
$user['projectpermissions'] = array();
}
} else {
$user['projectpermissions'] = array();
// return the merged array of all user's membergroup permissions (user has additional member groups)
foreach ($membergroupids as $usergroupid) {
if (!is_array($vbulletin->pt_permissions["{$usergroupid}"])) {
continue;
}
if (!($vbulletin->usergroupcache["{$usergroupid}"]['ptpermissions'] & $vbulletin->bf_ugp_ptpermissions['canviewprojecttools'])) {
// group's access is globally disabled, skip counting their permissions
continue;
}
foreach ($vbulletin->pt_permissions["{$usergroupid}"] as $projectid => $types) {
foreach ($types as $type => $value) {
foreach ($value as $key => $val) {
$user['projectpermissions']["{$projectid}"]["{$type}"]["{$key}"] |= intval($val);
}
}
}
}
}
if ($user['infractiongroupids']) {
foreach (explode(',', str_replace(' ', '', $user['infractiongroupids'])) as $usergroupid) {
foreach ($vbulletin->pt_permissions["{$usergroupid}"] as $projectid => $types) {
foreach ($types as $type => $value) {
foreach ($value as $key => $val) {
$user['projectpermissions']["{$projectid}"]["{$type}"]["{$key}"] &= intval($val);
}
}
}
}
}
return $user['projectpermissions'];
}
/**
* Sets the calendar permissions to the passed user info array
*
* @param array (ref) User info array
*
* @return array Calendar permissions component of user info array
*/
function cache_calendar_permissions(&$user)
{
global $calendarcache;
global $vbulletin;
$cpermscache = array();
$calendarcache = array();
$displayorder = array();
//we should move this stuff to a user object.
if (!empty($user['infractiongroupids']))
{
$infractiongroupids = explode(',', str_replace(' ', '', $user['infractiongroupids']));
}
else
{
$infractiongroupids = array();
}
// initialise $membergroups - make an array of the usergroups to which this user belongs
$membergroupids = fetch_membergroupids_array($user);
// build usergroup permissions
if (sizeof($membergroupids) == 1 OR
!($vbulletin->usergroupcache["$user[usergroupid]"]['genericoptions'] &
$vbulletin->bf_ugp_genericoptions['allowmembergroups'])
)
{
// if primary usergroup doesn't allow member groups then get rid of them!
$membergroupids = array($user['usergroupid']);
}
$calendarpermissions = $vbulletin->db->query_read_slave("
SELECT calendarpermission.usergroupid, calendarpermission.calendarpermissions,
calendar.calendarid,calendar.title, displayorder
FROM " . TABLE_PREFIX . "calendar AS calendar
LEFT JOIN " . TABLE_PREFIX . "calendarpermission AS calendarpermission ON
(calendarpermission.calendarid = calendar.calendarid AND
usergroupid IN (" . implode(', ', $membergroupids) . "))
ORDER BY displayorder ASC
");
while ($cp = $vbulletin->db->fetch_array($calendarpermissions))
{
$cpermscache["$cp[calendarid]"]["$cp[usergroupid]"] = intval($cp['calendarpermissions']);
$calendarcache["$cp[calendarid]"] = $cp['title'];
$displayorder["$cp[calendarid]"] = $cp['displayorder'];
}
$vbulletin->db->free_result($calendarpermissions);
// Combine the calendar permissions for all member groups
foreach ($cpermscache AS $calendarid => $cpermissions)
{
$user['calendarpermissions']["$calendarid"] = 0;
if (empty($displayorder["$calendarid"]))
{
// leave permissions at 0 for calendars that aren't being displayed
continue;
}
foreach ($membergroupids AS $usergroupid)
{
if (isset($cpermissions["$usergroupid"]))
{
$user['calendarpermissions']["$calendarid"] |= $cpermissions["$usergroupid"];
}
else
{
$user['calendarpermissions']["$calendarid"] |= $vbulletin->usergroupcache["$usergroupid"]['calendarpermissions'];
}
}
foreach ($infractiongroupids AS $usergroupid)
{
if (isset($cpermissions["$usergroupid"]))
{
$user['calendarpermissions']["$calendarid"] &= $cpermissions["$usergroupid"];
}
else
{
$user['calendarpermissions']["$calendarid"] &= $vbulletin->usergroupcache["$usergroupid"]['calendarpermissions'];
}
}
}
return $user['calendarpermissions'];
}
/**
* Prepare any data needed for the output
*
* @param string The id of the block
* @param array Options specific to the block
*/
function prepare_output($id = '', $options = array())
{
global $show, $vbphrase;
$this->block_data = array();
$membergroups = fetch_membergroupids_array($this->profile->userinfo);
$this->block_data['membergroupcount'] = 0;
$membergroupbits = '';
foreach ($membergroups as $usergroupid) {
$usergroup = $this->registry->usergroupcache["{$usergroupid}"];
if ($usergroup['ispublicgroup']) {
$templater = vB_Template::create('memberinfo_publicgroupbit');
$templater->register('usergroup', $usergroup);
$membergroupbits .= $templater->render();
$this->block_data['membergroupcount']++;
}
}
$this->block_data['membergroupbits'] = $membergroupbits;
if ($this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_groups']) {
$socialgroups = $this->registry->db->query_read_slave("\n\t\t\t\tSELECT socialgroup.groupid, socialgroup.name, socialgroup.description, socialgroup.dateline, sgicon.dateline AS icondateline,\n\t\t\t\t\tsgicon.thumbnail_width AS iconthumb_width, sgicon.thumbnail_height AS iconthumb_height\n\t\t\t\tFROM " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON\n\t\t\t\t\t(socialgroup.groupid = socialgroupmember.groupid)\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroupicon AS sgicon ON sgicon.groupid = socialgroup.groupid\n\t\t\t\tWHERE\n\t\t\t\t\tsocialgroupmember.userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\t\tAND socialgroupmember.type = 'member'\n\t\t\t\tORDER BY socialgroup.name\n\t\t\t");
$showgrouplink = $this->registry->userinfo['permissions']['socialgrouppermissions'] & $this->registry->bf_ugp_socialgrouppermissions['canviewgroups'] ? true : false;
require_once DIR . '/includes/functions_socialgroup.php';
$socialgroupbits = '';
$useicons = $this->registry->db->num_rows($socialgroups) <= 12;
while ($socialgroup = $this->registry->db->fetch_array($socialgroups)) {
$socialgroup = prepare_socialgroup($socialgroup);
if (!$useicons) {
$socialgroup['name_html'] = fetch_word_wrapped_string(fetch_censored_text($socialgroup['name']));
}
if ($useicons) {
$templater = vB_Template::create('memberinfo_socialgroupbit');
} else {
$templater = vB_Template::create('memberinfo_socialgroupbit_text');
}
$templater->register('showgrouplink', $showgrouplink);
$templater->register('socialgroup', $socialgroup);
$socialgroupbits .= $templater->render();
}
$this->block_data['socialgroupbits'] = $socialgroupbits;
$this->block_data['socialgroupcount'] = $this->registry->db->num_rows($socialgroups);
} else {
$this->block_data['socialgroupbits'] = '';
$this->block_data['socialgroupcount'] = 0;
}
$this->block_data['show_join_link'] = ((!empty($this->block_data['socialgroupbits']) or $this->profile->prepared['myprofile']) and $this->registry->userinfo['permissions']['socialgrouppermissions'] & $this->registry->bf_ugp_socialgrouppermissions['canjoingroups'] and $this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_groups']);
}
}
}
unset($usergroup);
// count primary users
$groupcounts = $assertor->assertQuery('vBForum:getPrimaryUsersCount', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED));
if ($groupcounts and $groupcounts->valid()) {
foreach ($groupcounts as $groupcount) {
$vbulletin->usergroupcache["{$groupcount['usergroupid']}"]['count'] = $groupcount['total'];
}
}
unset($groupcount);
// count secondary users
$groupcounts = $assertor->assertQuery('user', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'membergroupids', 'value' => '', 'operator' => vB_dB_Query::OPERATOR_NE))));
if ($groupcounts and $groupcounts->valid()) {
foreach ($groupcounts as $groupcount) {
$ids = fetch_membergroupids_array($groupcount, false);
foreach ($ids as $index => $value) {
if ($groupcount['usergroupid'] != $value and !empty($vbulletin->usergroupcache["{$value}"])) {
$vbulletin->usergroupcache["{$value}"]['secondarycount']++;
}
}
}
}
unset($groupcount);
// count requests
$groupcounts = $assertor->assertQuery('vBForum:getUserGroupReqeustCount', array(vB_dB_Query::QUERY_STORED));
if ($groupcounts and $groupcounts->valid()) {
foreach ($groupcounts as $groupcount) {
$vbulletin->usergroupcache["{$groupcount['usergroupid']}"]['requests'] = $groupcount['total'];
}
}
function nntp_update_groupaccess_cache($userinfo)
{
global $vbulletin;
// Sort groups, to make same key for any combinations
$membergroupids = fetch_membergroupids_array($userinfo);
sort($membergroupids);
$activegroups = array();
$availablegroups = array();
/**
* Example:
*
* $nntp_group = new NNTPGate_Forum_Group(); // child of NNTPGate_Group_Base
* $groups = $nntp_group->get_avaliable_group_list($membergroupids);
* $activegroups = $activegroups + $groups;
* unset($nntp_group);
*/
($hook = vBulletinHook::fetch_hook('nntp_gate_backend_check_groups_list')) ? eval($hook) : false;
foreach ($activegroups as $nntpid => $group) {
if ($group['available'] == true) {
$availablegroups[] = $group['group_id'];
}
}
sort($availablegroups);
$nntpgroupslist = implode(',', $availablegroups);
$template = vB_Template::create('nntp_message_template')->render();
$css = vB_Template::create('nntp_message_css')->render();
$menu = vB_Template::create('nntp_message_menu')->render();
$key = implode(',', $membergroupids);
// update/insert data into db cache
$vbulletin->db->query_write("\n REPLACE INTO `" . TABLE_PREFIX . "nntp_groupaccess_cache`\n SET\n `usergroupslist` = '" . $vbulletin->db->escape_string($key) . "',\n `nntpgroupslist` = '" . $vbulletin->db->escape_string($nntpgroupslist) . "',\n `template` = '" . $vbulletin->db->escape_string($template) . "',\n `css` = '" . $vbulletin->db->escape_string($css) . "',\n `menu` = '" . $vbulletin->db->escape_string($menu) . "'\n ");
return $key;
}
// 'maxfilelimit' => 100,
//);
// ######################## SET HSJS COUNTER ##############################
$photoplog['hscnt'] = 0;
// ##################### GRAB REQUIRED FUNCTIONS ##########################
require_once DIR . '/includes/adminfunctions.php';
if (is_file($vbulletin->options['photoplog_full_path'] . '/functions.php')) {
require_once $vbulletin->options['photoplog_full_path'] . '/functions.php';
} else {
echo "<br /><br /><strong>\r\n\t\tIncorrect PhotoPlog setting! Go to \r\n\t\tACP -> PhotoPlog Pro -> General Settings and make the correction.\r\n\t\t</strong><br /><br />";
exit;
}
// ################# SET USERGROUPS FOR PERMISSIONS #######################
$photoplog_perm_usergroupid = $vbulletin->userinfo['usergroupid'];
// fetch_membergroupids_array with true includes both primary and secondaries
$photoplog_perm_membergroups_array = fetch_membergroupids_array($vbulletin->userinfo, true);
if (!($vbulletin->usergroupcache[$photoplog_perm_usergroupid]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['allowmembergroups'])) {
$photoplog_perm_membergroups_array = array($photoplog_perm_usergroupid);
}
foreach ($photoplog_perm_membergroups_array as $photoplog_perm_key => $photoplog_perm_val) {
$photoplog_perm_membergroups_array[$photoplog_perm_key] = intval($photoplog_perm_val);
}
if (!$photoplog_perm_membergroups_array) {
$photoplog_perm_membergroups_array = array(0);
}
// #################### SET CATID FOR PERMISSIONS #########################
$vbulletin->input->clean_array_gpc('g', array('n' => TYPE_UINT, 'c' => TYPE_UINT, 'm' => TYPE_UINT));
$vbulletin->input->clean_array_gpc('p', array('fileid' => TYPE_UINT, 'catid' => TYPE_UINT, 'commentid' => TYPE_UINT));
// get or post, not both, so it is max of zero and something else
$photoplog_perm_fileid = max($vbulletin->GPC['n'], $vbulletin->GPC['fileid']);
$photoplog_perm_catid = max($vbulletin->GPC['c'], $vbulletin->GPC['catid']);
$delete[] = $requestid;
break;
case 0:
// this request will be denied
$deny[] = $requestid;
$delete[] = $requestid;
break;
}
}
// if we have any accepted requests, make sure they are valid
if (!empty($delete)) {
$users = $db->query_read_slave("\n\t\t\tSELECT req.userid, user.username, user.usergroupid, user.membergroupids, req.usergrouprequestid\n\t\t\tFROM " . TABLE_PREFIX . "usergrouprequest AS req\n\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING(userid)\n\t\t\tWHERE usergrouprequestid IN(" . implode(', ', $delete) . ")\n\t\t\tORDER BY user.username\n\t\t");
$authusers = array();
$denyusers = array();
while ($user = $db->fetch_array($users)) {
if (!in_array($vbulletin->GPC['usergroupid'], fetch_membergroupids_array($user)) and in_array($user['usergrouprequestid'], $auth)) {
$authusers[$user['userid']] = $user['usergrouprequestid'];
} elseif (in_array($user['usergrouprequestid'], $deny)) {
$denyusers[$user['userid']] = $user['usergrouprequestid'];
}
}
}
// check that we STILL have some valid requests
if (!empty($authusers)) {
$updateQuery = "\n\t\t\tUPDATE " . TABLE_PREFIX . "user SET\n\t\t\tmembergroupids = IF(membergroupids = '', " . $vbulletin->GPC['usergroupid'] . ", CONCAT(membergroupids, '," . $vbulletin->GPC['usergroupid'] . "'))\n\t\t\tWHERE userid IN(" . implode(', ', array_keys($authusers)) . ")\n\t\t";
$db->query_write($updateQuery);
}
($hook = vBulletinHook::fetch_hook('joinrequest_process_complete')) ? eval($hook) : false;
// delete processed join requests
if (!empty($delete)) {
$deleteQuery = "\n\t\t\tDELETE FROM " . TABLE_PREFIX . "usergrouprequest\n\t\t\tWHERE usergrouprequestid IN(" . implode(', ', $delete) . ")\n\t\t";
}
// #############################################################################
if ($_POST['do'] == 'order') {
$vbulletin->input->clean_array_gpc('p', array('subscriptionids' => TYPE_ARRAY_NOHTML, 'currency' => TYPE_ARRAY_NOHTML));
if (empty($vbulletin->GPC['subscriptionids'])) {
eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink'])));
} else {
$subscriptionid = array_keys($vbulletin->GPC['subscriptionids']);
$subscriptionid = intval($subscriptionid[0]);
}
$sub = $subobj->subscriptioncache["{$subscriptionid}"];
// first check this is active if not die
if (!$sub['active']) {
eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink'])));
}
$membergroupids = fetch_membergroupids_array($vbulletin->userinfo);
$allow_secondary_groups = $vbulletin->bf_ugp_genericoptions['allowmembergroups'] & $vbulletin->usergroupcache[$vbulletin->userinfo['usergroupid']]['genericoptions'];
if (!empty($sub['deniedgroups']) and ($allow_secondary_groups and !count(array_diff($membergroupids, $sub['deniedgroups'])) or !$allow_secondary_groups and in_array($vbulletin->userinfo['usergroupid'], $sub['deniedgroups']))) {
eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink'])));
}
$sub['title'] = $vbphrase['sub' . $sub['subscriptionid'] . '_title'];
$sub['description'] = $vbphrase['sub' . $sub['subscriptionid'] . '_desc'];
$currency = $vbulletin->GPC['currency']["{$subscriptionid}"];
$tmp = explode('_', $currency);
$currency = $tmp[1];
$subscriptionsubid = intval($tmp[0]);
unset($tmp);
$costs = unserialize($sub['cost']);
if ($costs["{$subscriptionsubid}"]['length'] == 1) {
$subscription_units = $lengths[$costs["{$subscriptionsubid}"]['units']];
} else {
/**
* Returns the full set of permissions for the specified user (called by global or init)
*
* @param array (ref) User info array
* @param boolean If true, returns combined usergroup permissions, individual forum permissions, individual calendar permissions and attachment permissions
* @param boolean Reset the accesscache array for permissions following access mask update. Only allows one reset.
*
* @return array Permissions component of user info array
*/
function cache_permissions(&$user, $getforumpermissions = true, $resetaccess = false)
{
global $vbulletin, $forumpermissioncache;
// these are the arrays created by this function
global $calendarcache;
static $accesscache = array(), $reset;
if ($resetaccess and !$reset) {
// Reset the accesscache array for permissions following access mask update. Only allows one reset.
$accesscache = array();
$reset = true;
}
$intperms = array();
// set the usergroupid of the user's primary usergroup
$USERGROUPID = $user['usergroupid'];
if ($USERGROUPID == 0) {
// set a default usergroupid if none is set
$USERGROUPID = 1;
}
// initialise $membergroups - make an array of the usergroups to which this user belongs
$membergroupids = fetch_membergroupids_array($user);
// build usergroup permissions
if (sizeof($membergroupids) == 1 or !($vbulletin->usergroupcache["{$USERGROUPID}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['allowmembergroups'])) {
// if primary usergroup doesn't allow member groups then get rid of them!
$membergroupids = array($USERGROUPID);
// just return the permissions for the user's primary group (user is only a member of a single group)
$user['permissions'] = $vbulletin->usergroupcache["{$USERGROUPID}"];
} else {
// return the merged array of all user's membergroup permissions (user has additional member groups)
foreach ($membergroupids as $usergroupid) {
foreach ($vbulletin->bf_ugp as $dbfield => $permfields) {
$user['permissions']["{$dbfield}"] |= $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"];
}
foreach ($vbulletin->bf_misc_intperms as $dbfield => $precedence) {
// put in some logic to handle $precedence
if (!isset($intperms["{$dbfield}"])) {
$intperms["{$dbfield}"] = $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"];
} else {
if (!$precedence) {
if ($vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] > $intperms["{$dbfield}"]) {
$intperms["{$dbfield}"] = $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"];
}
} else {
if ($vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] == 0 or isset($intperms["{$dbfield}"]) and $intperms["{$dbfield}"] == 0) {
$intperms["{$dbfield}"] = 0;
} else {
if ($vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] > $intperms["{$dbfield}"]) {
$intperms["{$dbfield}"] = $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"];
}
}
}
}
}
}
$user['permissions'] = array_merge($vbulletin->usergroupcache["{$USERGROUPID}"], $user['permissions'], $intperms);
}
if ($user['infractiongroupids']) {
$infractiongroupids = explode(',', str_replace(' ', '', $user['infractiongroupids']));
} else {
$infractiongroupids = array();
}
foreach ($infractiongroupids as $usergroupid) {
foreach ($vbulletin->bf_ugp as $dbfield => $permfields) {
$user['permissions']["{$dbfield}"] &= $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"];
}
foreach ($vbulletin->bf_misc_intperms as $dbfield => $precedence) {
if (!$precedence) {
if ($vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] < $user['permissions']["{$dbfield}"]) {
$user['permissions']["{$dbfield}"] = $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"];
}
} else {
if ($vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] < $user['permissions']["{$dbfield}"] and $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] != 0) {
$user['permissions']["{$dbfield}"] = $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"];
}
}
}
}
if (defined('SKIP_SESSIONCREATE') and $user['userid'] == $vbulletin->userinfo['userid'] and !($user['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) {
// grant canview for usergroup if session skipping is defined.
$user['permissions']['forumpermissions'] += $vbulletin->bf_ugp_forumpermissions['canview'];
}
($hook = vBulletinHook::fetch_hook('cache_permissions')) ? eval($hook) : false;
// if we do not need to grab the forum/calendar permissions
// then just return what we have so far
if ($getforumpermissions == false) {
return $user['permissions'];
}
if (!is_array($user['forumpermissions'])) {
$user['forumpermissions'] = array();
}
foreach (array_keys($vbulletin->forumcache) as $forumid) {
if (!isset($user['forumpermissions']["{$forumid}"])) {
$user['forumpermissions']["{$forumid}"] = 0;
}
foreach ($membergroupids as $usergroupid) {
$user['forumpermissions']["{$forumid}"] |= $vbulletin->forumcache["{$forumid}"]['permissions']["{$usergroupid}"];
}
foreach ($infractiongroupids as $usergroupid) {
$user['forumpermissions']["{$forumid}"] &= $vbulletin->forumcache["{$forumid}"]['permissions']["{$usergroupid}"];
}
}
// do access mask stuff if required
if ($vbulletin->options['enableaccess'] and $user['hasaccessmask'] == 1) {
if (empty($accesscache["{$user['userid']}"])) {
// query access masks
// the ordercontrol is required! (3.5 bug 1878)
$accessmasks = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT access.*, forum.forumid,\n\t\t\t\t\tFIND_IN_SET(access.forumid, forum.parentlist) AS ordercontrol\n\t\t\t\tFROM " . TABLE_PREFIX . "forum AS forum\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "access AS access ON (access.userid = {$user['userid']} AND FIND_IN_SET(access.forumid, forum.parentlist))\n\t\t\t\tORDER BY ordercontrol DESC\n\t\t\t");
$accesscache["{$user['userid']}"] = array();
while ($access = $vbulletin->db->fetch_array($accessmasks)) {
$accesscache["{$user['userid']}"]["{$access['forumid']}"] = $access['accessmask'];
}
unset($access);
$vbulletin->db->free_result($accessmasks);
}
// if an access mask is set for a forum, set the permissions accordingly
// If this is empty then the user really has no access masks but the switch is turned on?!?
if (!empty($accesscache["{$user['userid']}"])) {
foreach ($accesscache["{$user['userid']}"] as $forumid => $accessmask) {
if ($accessmask == 0) {
$user['forumpermissions']["{$forumid}"] = 0;
} else {
$user['forumpermissions']["{$forumid}"] = $user['permissions']['forumpermissions'];
}
}
} else {
// says the user has access masks, but doesn't actually
// so turn them off
$userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdm->set_existing($user);
$userdm->set_bitfield('options', 'hasaccessmask', false);
$userdm->save();
unset($userdm);
}
}
// end if access masks enabled and is logged in user
$calfiles = array('online' => true, 'calendar' => true, 'index' => $vbulletin->options['showevents'] ? true : false);
if (THIS_SCRIPT == 'index' and $vbulletin->options['showevents']) {
if (!is_array($vbulletin->eventcache) or gmdate('n-j-Y', TIMENOW + 86400 + 86400 * $vbulletin->options['showevents']) != $vbulletin->eventcache['date']) {
// need perms with rebuild
$calfiles['index'] = true;
} else {
if (count($vbulletin->eventcache) == 1) {
// no events, only the date - don't need to cache the perms
$calfiles['index'] = false;
}
}
}
// query calendar permissions
if (!empty($calfiles[THIS_SCRIPT])) {
// Only query calendar permissions when accessing the calendar or subscriptions or index.php
$cpermscache = array();
$calendarcache = array();
$displayorder = array();
$calendarpermissions = $vbulletin->db->query_read_slave("\n\t\t\tSELECT calendarpermission.usergroupid, calendarpermission.calendarpermissions,calendar.calendarid,calendar.title, displayorder\n\t\t\tFROM " . TABLE_PREFIX . "calendar AS calendar\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "calendarpermission AS calendarpermission ON\n\t\t\t\t(calendarpermission.calendarid = calendar.calendarid AND usergroupid IN (" . implode(', ', $membergroupids) . "))\n\t\t\tORDER BY displayorder ASC\n\t\t");
while ($calendarpermission = $vbulletin->db->fetch_array($calendarpermissions)) {
$cpermscache["{$calendarpermission['calendarid']}"]["{$calendarpermission['usergroupid']}"] = intval($calendarpermission['calendarpermissions']);
$calendarcache["{$calendarpermission['calendarid']}"] = $calendarpermission['title'];
$displayorder["{$calendarpermission['calendarid']}"] = $calendarpermission['displayorder'];
}
$vbulletin->db->free_result($calendarpermissions);
// Combine the calendar permissions for all member groups
foreach ($cpermscache as $calendarid => $cpermissions) {
$user['calendarpermissions']["{$calendarid}"] = 0;
if (empty($displayorder["{$calendarid}"])) {
// leave permissions at 0 for calendars that aren't being displayed
continue;
}
foreach ($membergroupids as $usergroupid) {
if (isset($cpermissions["{$usergroupid}"])) {
$user['calendarpermissions']["{$calendarid}"] |= $cpermissions["{$usergroupid}"];
} else {
$user['calendarpermissions']["{$calendarid}"] |= $vbulletin->usergroupcache["{$usergroupid}"]['calendarpermissions'];
}
}
foreach ($infractiongroupids as $usergroupid) {
if (isset($cpermissions["{$usergroupid}"])) {
$user['calendarpermissions']["{$calendarid}"] &= $cpermissions["{$usergroupid}"];
} else {
$user['calendarpermissions']["{$calendarid}"] &= $vbulletin->usergroupcache["{$usergroupid}"]['calendarpermissions'];
}
}
}
}
if (!empty($vbulletin->attachmentcache) and empty($vbulletin->attachmentcache['extensions'])) {
$fields = array('size' => true, 'width' => true, 'height' => true);
$user['attachmentextensions'] = '';
// Combine the attachment permissions for all member groups
foreach ($vbulletin->attachmentcache as $extension => $attachment) {
$need_default = false;
foreach ($membergroupids as $usergroupid) {
if (!empty($attachment['custom']["{$usergroupid}"])) {
$perm = $attachment['custom']["{$usergroupid}"];
$user['attachmentpermissions']["{$extension}"]['permissions'] |= $perm['permissions'];
foreach ($fields as $dbfield => $precedence) {
// put in some logic to handle $precedence
if (!isset($user['attachmentpermissions']["{$extension}"]["{$dbfield}"])) {
$user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"];
} else {
if (!$precedence) {
if ($perm["{$dbfield}"] > $user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) {
$user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"];
}
} else {
if ($perm["{$dbfield}"] == 0 or isset($user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) and $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] == 0) {
$user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = 0;
} else {
if ($perm["{$dbfield}"] > $user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) {
$user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"];
}
}
}
}
}
} else {
$need_default = true;
}
}
if (empty($user['attachmentpermissions']["{$extension}"])) {
$user['attachmentpermissions']["{$extension}"] = array('permissions' => 1, 'size' => &$vbulletin->attachmentcache["{$extension}"]['size'], 'height' => &$vbulletin->attachmentcache["{$extension}"]['height'], 'width' => &$vbulletin->attachmentcache["{$extension}"]['width']);
} else {
if ($need_default) {
$user['attachmentpermissions']["{$extension}"]['permissions'] = 1;
$perm = $vbulletin->attachmentcache["{$extension}"];
foreach ($fields as $dbfield => $precedence) {
// put in some logic to handle $precedence
if (!isset($user['attachmentpermissions']["{$extension}"]["{$dbfield}"])) {
$user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"];
} else {
if (!$precedence) {
if ($perm["{$dbfield}"] > $user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) {
$user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"];
}
} else {
if ($perm["{$dbfield}"] == 0 or isset($user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) and $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] == 0) {
$user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = 0;
} else {
if ($perm["{$dbfield}"] > $user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) {
$user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"];
}
}
}
}
}
}
}
foreach ($infractiongroupids as $usergroupid) {
if (!empty($attachment['custom']["{$usergroupid}"])) {
$perm = $attachment['custom']["{$usergroupid}"];
$user['attachmentpermissions']["{$extension}"]['permissions'] &= $perm['permissions'];
foreach ($fields as $dbfield => $precedence) {
if (!$precedence) {
if ($perm["{$dbfield}"] < $user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) {
$user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"];
}
} else {
if ($perm["{$dbfield}"] < $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] and $perm["{$dbfield}"] != 0) {
$user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"];
}
}
}
}
}
}
foreach ($user['attachmentpermissions'] as $extension => $foo) {
if ($user['attachmentpermissions']["{$extension}"]['permissions']) {
$user['attachmentextensions'] .= (!empty($user['attachmentextensions']) ? ' ' : '') . $extension;
}
}
}
return $user['permissions'];
}
/**
* Verifies that the icon selected is valid.
*
* @param integer The ID of the icon
*
* @return bool Whether the icon is valid
*/
function verify_iconid(&$iconid)
{
if ($iconid) {
// try to improve permission checking on icons
if (!$this->info['user']) {
$userid = $this->fetch_field('userid');
if (!$userid) {
$userid = $this->fetch_field('postuserid');
}
$this->set_info('user', fetch_userinfo($userid));
}
if ($this->info['user']) {
$membergroups = fetch_membergroupids_array($this->info['user']);
} else {
// this is assumed to be a guest; go magic numbers!
$membergroups = array(1);
}
$imagecheck = $this->dbobject->query_read_slave("\n\t\t\t\tSELECT usergroupid FROM " . TABLE_PREFIX . "icon AS icon\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "imagecategorypermission USING (imagecategoryid)\n\t\t\t\tWHERE icon.iconid = {$iconid}\n\t\t\t\t\tAND usergroupid IN (" . $this->dbobject->escape_string(implode(',', $membergroups)) . ")\n\t\t\t");
if ($this->dbobject->num_rows($imagecheck) == sizeof($membergroups)) {
$iconid = 0;
}
}
return true;
}
public function updateMemberForDeletedUsergroup($params, $db, $check_only = false)
{
if ($check_only) {
return !empty($params['users']) and !empty($params['usergroupid']);
} else {
$casesql = $casesqli = '';
$updateusers = $updateusersi = array();
foreach ($params['users'] as $user) {
if (!empty($user['membergroupids'])) {
$membergroups = fetch_membergroupids_array($user, false);
foreach ($membergroups as $key => $val) {
if ($val == $params['usergroupid']) {
unset($membergroups["{$key}"]);
}
}
$user['membergroupids'] = implode(',', $membergroups);
$casesql .= "WHEN {$user['userid']} THEN '{$user['membergroupids']}' ";
$updateusers[] = $user['userid'];
}
if (!empty($user['infractiongroupids'])) {
$infractiongroups = explode(',', str_replace(' ', '', $user['infractiongroupids']));
foreach ($infractiongroups as $key => $val) {
if ($val == $params['usergroupid']) {
unset($infractiongroups["{$key}"]);
}
}
$user['infractiongroupids'] = implode(',', $infractiongroups);
$casesqli .= "WHEN {$user['userid']} THEN '{$user['infractiongroupids']}' ";
$updateusersi[] = $user['userid'];
}
}
// do a big update to get rid of this usergroup from matched members' membergroupids
if (!empty($casesql)) {
$sql = "\n\t\t\t\t\tUPDATE " . TABLE_PREFIX . "user SET\n\t\t\t\t\tmembergroupids = CASE userid\n\t\t\t\t\t{$casesql}\n\t\t\t\t\tELSE '' END\n\t\t\t\t\tWHERE userid IN(" . implode(',', $updateusers) . ")\n\t\t\t\t";
$resultclass = 'vB_dB_' . $this->db_type . '_result';
$result = new $resultclass($db, $sql);
$result->valid();
unset($result);
}
// do a big update to get rid of this usergroup from matched members' infractiongroupids
if (!empty($casesqli)) {
$sql2 = "\n\t\t\t\t\tUPDATE " . TABLE_PREFIX . "user SET\n\t\t\t\t\tinfractiongroupids = CASE userid\n\t\t\t\t\t{$casesqli}\n\t\t\t\t\tELSE '' END\n\t\t\t\t\tWHERE userid IN(" . implode(',', $updateusersi) . ")\n\t\t\t\t";
$resultclass2 = 'vB_dB_' . $this->db_type . '_result';
$result2 = new $resultclass2($db, $sql2);
$result2->valid();
unset($result2);
}
return true;
}
}
/**
* Constructs the posticons selector interface
*
* @param integer Selected Icon ID
* @param boolean Allow icons?
*
* @return string posticons template
*/
function construct_icons($seliconid = 0, $allowicons = true)
{
// returns the icons chooser for posting new messages
global $vbulletin;
global $vbphrase, $selectedicon, $show;
$selectedicon = array('src' => $vbulletin->options['cleargifurl'], 'alt' => '');
if (!$allowicons)
{
return false;
}
$membergroups = fetch_membergroupids_array($vbulletin->userinfo);
$infractiongroups = explode(',', str_replace(' ', '', $vbulletin->userinfo['infractiongroupids']));
($hook = vBulletinHook::fetch_hook('posticons_start')) ? eval($hook) : false;
$avperms = $vbulletin->db->query_read_slave("
SELECT imagecategorypermission.imagecategoryid, usergroupid
FROM " . TABLE_PREFIX . "imagecategorypermission AS imagecategorypermission, " . TABLE_PREFIX . "imagecategory AS imagecategory
WHERE imagetype = 2
AND imagecategorypermission.imagecategoryid = imagecategory.imagecategoryid
ORDER BY imagecategory.displayorder
");
$noperms = array();
while ($avperm = $vbulletin->db->fetch_array($avperms))
{
$noperms["$avperm[imagecategoryid]"][] = $avperm['usergroupid'];
}
$badcategories = '';
foreach($noperms AS $imagecategoryid => $usergroups)
{
foreach($usergroups AS $usergroupid)
{
if (in_array($usergroupid, $infractiongroups))
{
$badcategories .= ",$imagecategoryid";
}
}
if (!count(array_diff($membergroups, $usergroups)))
{
$badcategories .= ",$imagecategoryid";
}
}
$icons = $vbulletin->db->query_read_slave("
SELECT iconid, iconpath, title
FROM " . TABLE_PREFIX . "icon AS icon
WHERE imagecategoryid NOT IN (0$badcategories)
ORDER BY imagecategoryid, displayorder
");
if (!$vbulletin->db->num_rows($icons))
{
return false;
}
$numicons = 0;
$show['posticons'] = false;
while ($icon = $vbulletin->db->fetch_array($icons))
{
$numicons++;
$show['posticons'] = true;
$show['opentr'] = false;
$show['closetr'] = false;
if ($numicons % 7 == 0 AND $numicons != 1)
{
$show['closetr'] = true;
}
if (($numicons - 1) % 7 == 0 AND $numicons != 1)
{
$show['opentr'] = true;
}
$iconid = $icon['iconid'];
$iconpath = $icon['iconpath'];
$alttext = $icon['title'];
if ($seliconid == $iconid)
{
$iconchecked = 'checked="checked"';
$selectedicon = array('src' => $iconpath, 'alt' => $alttext);
}
else
{
$iconchecked = '';
}
($hook = vBulletinHook::fetch_hook('posticons_bit')) ? eval($hook) : false;
$templater = vB_Template::create('posticonbit');
$templater->register('alttext', $alttext);
$templater->register('iconchecked', $iconchecked);
$templater->register('iconid', $iconid);
$templater->register('iconpath', $iconpath);
$posticonbits .= $templater->render();
}
$remainder = $numicons % 7;
if ($remainder)
{
$remainingspan = 2 * (7 - $remainder);
$show['addedspan'] = true;
}
else
{
$remainingspan = 0;
$show['addedspan'] = false;
}
if ($seliconid == 0)
{
$iconchecked = 'checked="checked"';
}
else
{
$iconchecked = '';
}
($hook = vBulletinHook::fetch_hook('posticons_complete')) ? eval($hook) : false;
$templater = vB_Template::create('posticons');
$templater->register('iconchecked', $iconchecked);
$templater->register('posticonbits', $posticonbits);
$templater->register('remainingspan', $remainingspan);
$posticons = $templater->render();
return $posticons;
}
/**
* Saves fb usergroup into the datamanager
*
* @param vB_DataManager_User, the datamanager to save the fb form info into
*/
function save_fbusergroup($userdata)
{
global $vbulletin;
// save additional fb usergroup if specified, making sure it is not already the primary usergroup
if ($vbulletin->options['facebookusergroupid'] > 0 and $vbulletin->options['facebookusergroupid'] != $userdata->fetch_field('usergroupid')) {
$membergroupids = fetch_membergroupids_array($vbulletin->userinfo, false);
$membergroupids[] = $vbulletin->options['facebookusergroupid'];
$userdata->set('membergroupids', array_unique($membergroupids));
}
}
/**
* Prepare any data needed for the output
*
* @param string The id of the block
* @param array Options specific to the block
*/
function prepare_output($id = '', $options = array())
{
global $show, $vbphrase, $stylevar;
$this->block_data = array();
$membergroups = fetch_membergroupids_array($this->profile->userinfo);
$this->block_data['membergroupcount'] = 0;
$membergroupbits = '';
foreach ($membergroups as $usergroupid) {
$usergroup = $this->registry->usergroupcache["{$usergroupid}"];
if ($usergroup['ispublicgroup']) {
eval('$membergroupbits .= "' . fetch_template('memberinfo_publicgroupbit') . '";');
$this->block_data['membergroupcount']++;
}
}
$this->block_data['membergroupbits'] = $membergroupbits;
if ($this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_groups']) {
$socialgroups = $this->registry->db->query_read_slave("\n\t\t\t\tSELECT socialgroup.*\n\t\t\t\tFROM " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON\n\t\t\t\t\t(socialgroup.groupid = socialgroupmember.groupid)\n\t\t\t\tWHERE\n\t\t\t\t\tsocialgroupmember.userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\t\tAND socialgroupmember.type = 'member'\n\t\t\t\tORDER BY socialgroup.name\n\t\t\t");
$showgrouplink = $this->registry->userinfo['permissions']['socialgrouppermissions'] & $this->registry->bf_ugp_socialgrouppermissions['canviewgroups'] ? true : false;
$socialgroupbits = '';
while ($socialgroup = $this->registry->db->fetch_array($socialgroups)) {
$socialgroup['name_html'] = fetch_word_wrapped_string(fetch_censored_text($socialgroup['name']));
eval('$socialgroupbits .= "' . fetch_template('memberinfo_socialgroupbit') . '";');
}
$this->block_data['socialgroupbits'] = $socialgroupbits;
$this->block_data['socialgroupcount'] = $this->registry->db->num_rows($socialgroups);
} else {
$this->block_data['socialgroupbits'] = '';
$this->block_data['socialgroupcount'] = 0;
}
$this->block_data['show_join_link'] = ((!empty($this->block_data['socialgroupbits']) or $this->profile->prepared['myprofile']) and $this->registry->userinfo['permissions']['socialgrouppermissions'] & $this->registry->bf_ugp_socialgrouppermissions['canjoingroups'] and $this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_groups']);
}
/**
* Prepares the blog category permissions for a user, taking into account primary and
* secondary groups.
*
* @param array (In/Out) User information
*
* @return array Category permissions (also in $user['blogcategorypermissions'])
*/
function prepare_blog_category_permissions(&$user, $loadcache = false)
{
global $vbulletin;
$membergroupids = fetch_membergroupids_array($user);
if (sizeof($membergroupids) == 1 OR !($vbulletin->usergroupcache["$user[usergroupid]"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['allowmembergroups']))
{
// if primary usergroup doesn't allow member groups then get rid of them!
$membergroupids = array($user['usergroupid']);
}
$user['blogcategorypermissions'] = array(
'cantview' => array(),
'cantpost' => array(),
);
if ($vbulletin->blogcategorycache === NULL AND $loadcache)
{
// Load the cache
$vbulletin->datastore->fetch(array('blogcategorycache'));
if ($vbulletin->blogcategorycache === NULL)
{
$vbulletin->blogcategorycache = array();
}
}
if (is_array($vbulletin->blogcategorycache))
{
foreach (array_keys($vbulletin->blogcategorycache) AS $blogcategoryid)
{
if (!isset($user['blogcategorypermissions']["$blogcategoryid"]))
{
$user['blogcategorypermissions']["$blogcategoryid"] = 0;
}
foreach ($membergroupids AS $usergroupid)
{
$user['blogcategorypermissions']["$blogcategoryid"] |= $vbulletin->blogcategorycache["$blogcategoryid"]['permissions']["$usergroupid"];
}
foreach (explode(',', str_replace(' ', '', $user['infractiongroupids'])) AS $usergroupid)
{
if ($usergroupid)
{
$user['blogcategorypermissions']["$blogcategoryid"] &= $vbulletin->blogcategorycache["$blogcategoryid"]['permissions']["$usergroupid"];
}
}
if (!($user['blogcategorypermissions']["$blogcategoryid"] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewcategory']))
{
$user['blogcategorypermissions']['cantview'][] = $blogcategoryid;
}
if (!($user['blogcategorypermissions']["$blogcategoryid"] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canpostcategory']))
{
$user['blogcategorypermissions']['cantpost'][] = $blogcategoryid;
}
}
}
return $user['blogcategorypermissions'];
}
// this request will be authorized
$auth[] = $requestid;
break;
case 0:
// this request will be denied
// do nothing - this request will be zapped at the end of this segment
break;
}
}
// if we have any accepted requests, make sure they are valid
if (!empty($auth)) {
$users = $db->query_read("\n\t\t\tSELECT req.userid, user.username, user.usergroupid, user.membergroupids, req.usergrouprequestid\n\t\t\tFROM " . TABLE_PREFIX . "usergrouprequest AS req\n\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING(userid)\n\t\t\tWHERE usergrouprequestid IN (" . implode(', ', $auth) . ")\n\t\t\tORDER BY user.username\n\t\t");
$auth = array();
echo "<p><b>" . $vbphrase['processing_join_requests'] . "</b></p><ul>\n";
while ($user = $db->fetch_array($users)) {
if (in_array($vbulletin->GPC['usergroupid'], fetch_membergroupids_array($user))) {
echo "\t<li>" . construct_phrase($vbphrase['x_is_already_a_member_of_the_usergroup_y'], "<b>{$user['username']}</b>", "<i>{$usergroupname}</i>") . "</li>\n";
} else {
echo "\t<li>" . construct_phrase($vbphrase['making_x_a_member_of_the_usergroup_y'], "<b>{$user['username']}</b>", "<i>{$usergroupname}</i>") . "</li>\n";
$auth[] = $user['userid'];
}
}
echo "</ul><p><b>{$vbphrase['done']}</b></p>\n";
// check that we STILL have some valid requests
if (!empty($auth)) {
$updateQuery = "\n\t\t\t\tUPDATE " . TABLE_PREFIX . "user SET\n\t\t\t\tmembergroupids = IF(membergroupids = '', " . $vbulletin->GPC['usergroupid'] . ", CONCAT(membergroupids, '," . $vbulletin->GPC['usergroupid'] . "'))\n\t\t\t\tWHERE userid IN (" . implode(', ', $auth) . ")\n\t\t\t";
$db->query_write($updateQuery);
}
}
// delete processed join requests
if (!empty($vbulletin->GPC['request'])) {
/**
* Removes user subscription
*
* @param int The id of the subscription
* @param int The userid the subscription is to be removed from
* @param int The id of the sub-subscriptionid
* @param bool Update user.adminoptions from subscription.adminoption (keep avatars)
*
*/
function delete_user_subscription($subscriptionid, $userid, $subid = -1, $adminoption = false)
{
$subscriptionid = intval($subscriptionid);
$userid = intval($userid);
$this->cache_user_subscriptions();
$sub =& $this->subscriptioncache["{$subscriptionid}"];
$user = vB::getDbAssertor()->getRow('fetchUsersSubscriptions', array('userid' => $userid, 'subscriptionid' => $subscriptionid, 'adminoption' => $adminoption));
if ($user['userid'] and $sub['subscriptionid']) {
$this->cache_user_subscriptions();
$sub =& $this->subscriptioncache["{$subscriptionid}"];
$tmp = unserialize($sub['cost']);
if ($subid != -1 and is_array($tmp["{$subid}"])) {
$sub = array_merge($sub, $tmp["{$subid}"]);
$units_full = array('D' => 'day', 'W' => 'week', 'M' => 'month', 'Y' => 'year');
switch ($sub['units']) {
case 'D':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']) - $sub['length'], date('Y', $user['expirydate']));
break;
case 'W':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']) - $sub['length'] * 7, date('Y', $user['expirydate']));
break;
case 'M':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']) - $sub['length'], date('j', $user['expirydate']), date('Y', $user['expirydate']));
break;
case 'Y':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']), date('Y', $user['expirydate']) - $sub['length']);
break;
}
if ($new_expires > TIMENOW) {
// new expiration is still after today so just decremement and return
vB::getDbAssertor()->update('vBForum:subscriptionlog', array('expirydate' => $new_expires), array('subscriptionid' => $subscriptionid, 'userid' => $userid));
return;
}
}
unset($tmp);
$userdm = new vB_Datamanager_User($this->registry, vB_DataManager_Constants::ERRTYPE_SILENT);
$userdm->set_existing($user);
if ($adminoption) {
if ($user['hascustomavatar'] and $sub['adminavatar']) {
$userdm->set_bitfield('adminoptions', 'adminavatar', 1);
}
if ($user['hasprofilepic'] and $sub['adminprofilepic']) {
$userdm->set_bitfield('adminoptions', 'adminprofilepic', 1);
}
}
//access masks
if (!empty($sub['forums'])) {
if ($old_sub_masks = @unserialize($sub['forums']) and is_array($old_sub_masks)) {
// old format is serialized array with forumids for keys
$access_forums = array_keys($old_sub_masks);
} else {
// new format is comma-delimited string
$access_forums = explode(',', $sub['forums']);
}
if ($access_forums) {
vB::getDbAssertor()->delete('access', array('nodeid' => $access_forums, 'userid' => $userid));
}
}
// TODO: Restore the line when Access Masks is implemented
// $countaccess = vB::getDbAssertor()->getRow('masks', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_COUNT, 'userid' => $userid));
$membergroupids = array_diff(fetch_membergroupids_array($user, false), fetch_membergroupids_array($sub, false));
$update_userban = false;
if ($sub['nusergroupid'] == $user['usergroupid'] and $user['usergroupid'] != $user['pusergroupid']) {
// check if there are other active subscriptions that set the same primary usergroup
$subids = array(0);
foreach ($this->subscriptioncache as $subcheck) {
if ($subcheck['nusergroupid'] == $user['usergroupid'] and $subcheck['subscriptionid'] != $subscriptionid) {
$subids[] = $subcheck['subscriptionid'];
}
}
if (!empty($subids)) {
$activesub = vB::getDbAssertor()->getRow('vBForum:subscriptionlog', array('userid' => $userid, 'subscriptionid' => $subids), array('field' => 'expirydate', 'direction' => vB_dB_Query::SORT_DESC));
}
if ($activesub) {
// there is at least one active subscription with the same primary usergroup, so alter its resetgroup
vB::getDbAssertor()->update('vBForum:subscriptionlog', array('pusergroupid' => $user['pusergroupid']), array('subscriptionlogid' => $activesub['subscriptionlogid']));
// don't touch usertitle/displaygroup
$user['pusergroupid'] = $user['usergroupid'];
$sub['nusergroupid'] = 0;
} else {
$userdm->set('usergroupid', $user['pusergroupid']);
}
} else {
if ($user['isbanned'] and $user['busergroupid'] == $sub['nusergroupid']) {
$update_userban = true;
$userbansql['usergroupid'] = $user['pusergroupid'];
}
}
$groups = iif(!empty($sub['membergroupids']), $sub['membergroupids'] . ',') . $sub['nusergroupid'];
if (in_array($user['displaygroupid'], explode(',', $groups))) {
// they're displaying as one of the usergroups in the subscription
$user['displaygroupid'] = 0;
} else {
if ($user['isbanned'] and in_array($user['bandisplaygroupid'], explode(',', $groups))) {
$update_userban = true;
$userbansql['displaygroupid'] = 0;
}
}
// do their old groups still allow custom titles?
$reset_title = false;
if ($user['customtitle'] == 2) {
$groups = empty($membergroupids) ? array() : $membergroupids;
$groups[] = $user['pusergroupid'];
$bf_ugp_genericpermissions = vB::get_datastore()->get_value('bf_ugp_genericpermissions');
$usergroup = vB::getDbAssertor()->getRow('usergroup', array(vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'usergroupid', 'value' => $groups, vB_Db_Query::OPERATOR_KEY => vB_Db_Query::OPERATOR_EQ), array('field' => 'genericpermissions', 'value' => $bf_ugp_genericpermissions['canusecustomtitle'], vB_Db_Query::OPERATOR_KEY => vB_Db_Query::OPERATOR_AND))));
if (empty($usergroup['usergroupid'])) {
// no custom group any more lets set it back to the default
$reset_title = true;
}
}
if ($sub['nusergroupid'] > 0 and $user['customtitle'] == 0 or $reset_title) {
// they need a default title
$usergroup = vB::getDbAssertor()->getRow('usergroup', array('usergroupid' => $user['pusergroupid']));
if (empty($usergroup['usertitle'])) {
// should be a title based on minposts it seems then
$usergroup = vB::getDbAssertor()->getRow('usertitle', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'minposts', 'value' => $user[posts], vB_dB_Query::OPERATOR_KEY => vB_dB_Query::OPERATOR_LTE))), array('field' => 'minposts', 'direction' => vB_dB_Query::SORT_DESC));
}
if ($user['isbanned']) {
$update_userban = true;
$userbansql['customtitle'] = 0;
$userbansql['usertitle'] = $usergroup['usertitle'];
} else {
$userdm->set('customtitle', 0);
$userdm->set('usertitle', $usergroup['usertitle']);
}
}
$userdm->set('membergroupids', implode($membergroupids, ','));
// $userdm->set_bitfield('options', 'hasaccessmask', ($countaccess['count'] ? true : false));
$userdm->set('displaygroupid', $user['displaygroupid']);
$userdm->save();
unset($userdm);
vB::getDbAssertor()->update('vBForum:subscriptionlog', array('status' => 0), array('subscriptionid' => $subscriptionid, 'userid' => $userid));
if ($update_userban) {
vB::getDbAssertor()->update('userban', $userbansql, array('subscriptionid' => $subscriptionid, 'userid' => $user['userid']));
}
$mysubs = vB::getDbAssertor()->assertQuery('vBForum:subscriptionlog', array('status' => 1, 'userid' => $userid));
foreach ($mysubs as $mysub) {
$this->build_user_subscription($mysub['subscriptionid'], -1, $userid, $mysub['regdate'], $mysub['expirydate']);
}
// Legacy Hook 'paidsub_delete' Removed //
}
}
standard_error(fetch_error('nosubscriptions', $vbulletin->options['bbtitle']));
}
$navbits[''] = $vbphrase['paid_subscriptions'];
$templatename = 'subscription';
}
// #############################################################################
if ($_POST['do'] == 'order') {
$vbulletin->input->clean_array_gpc('p', array('subscriptionids' => TYPE_ARRAY_NOHTML, 'currency' => TYPE_ARRAY_NOHTML));
if (empty($vbulletin->GPC['subscriptionids'])) {
eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink'])));
} else {
$subscriptionid = array_keys($vbulletin->GPC['subscriptionids']);
$subscriptionid = intval($subscriptionid[0]);
}
$sub = $subobj->subscriptioncache["{$subscriptionid}"];
if (!empty($sub['deniedgroups']) and !count(array_diff(fetch_membergroupids_array($vbulletin->userinfo), $sub['deniedgroups']))) {
eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink'])));
}
// first check this is active if not die
if (!$subobj->subscriptioncache["{$subscriptionid}"]['active']) {
eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink'])));
}
$sub['title'] = $vbphrase['sub' . $sub['subscriptionid'] . '_title'];
$sub['description'] = $vbphrase['sub' . $sub['subscriptionid'] . '_desc'];
$currency = $vbulletin->GPC['currency']["{$subscriptionid}"];
$tmp = explode('_', $currency);
$currency = $tmp[1];
$subscriptionsubid = intval($tmp[0]);
unset($tmp);
$costs = unserialize($sub['cost']);
if ($costs["{$subscriptionsubid}"]['length'] == 1) {
/**
* Removes user subscription
*
* @param int The id of the subscription
* @param int The userid the subscription is to be removed from
* @param int The id of the sub-subscriptionid
* @param bool Update user.adminoptions from subscription.adminoption (keep avatars)
*
*/
function delete_user_subscription($subscriptionid, $userid, $subid = -1, $adminoption = false)
{
$subscriptionid = intval($subscriptionid);
$userid = intval($userid);
$this->cache_user_subscriptions();
$sub =& $this->subscriptioncache["{$subscriptionid}"];
$user = $this->registry->db->query_first("\n\t\t\tSELECT user.*, subscriptionlog.pusergroupid, subscriptionlog.expirydate,\n\t\t\tIF (user.displaygroupid=0, user.usergroupid, user.displaygroupid) AS displaygroupid,\n\t\t\tIF (usergroup.genericoptions & " . $this->registry->bf_ugp_genericoptions['isnotbannedgroup'] . ", 0, 1) AS isbanned,\n\t\t\tuserban.usergroupid AS busergroupid, userban.displaygroupid AS bandisplaygroupid\n\t\t\t" . (($this->registry->options['avatarenabled'] and $adminoption) ? ",IF(avatar.avatarid = 0 AND NOT ISNULL(customavatar.userid), 1, 0) AS hascustomavatar" : "") . "\n\t\t\t" . ($adminoption ? ",NOT ISNULL(customprofilepic.userid) AS hasprofilepic" : "") . "\n\t\t\tFROM " . TABLE_PREFIX . "subscriptionlog AS subscriptionlog\n\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING (userid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "usergroup AS usergroup USING (usergroupid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "userban AS userban ON (userban.userid = user.userid)\n\t\t\t" . (($this->registry->options['avatarenabled'] and $adminoption) ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\t" . ($adminoption ? "LEFT JOIN " . TABLE_PREFIX . "customprofilepic AS customprofilepic ON (user.userid = customprofilepic.userid)" : "") . "\n\t\t\tWHERE subscriptionlog.userid = {$userid} AND\n\t\t\t\tsubscriptionlog.subscriptionid = {$subscriptionid}\n\t\t");
if ($user['userid'] and $sub['subscriptionid']) {
$this->cache_user_subscriptions();
$sub =& $this->subscriptioncache["{$subscriptionid}"];
$tmp = unserialize($sub['cost']);
if ($subid != -1 and is_array($tmp["{$subid}"])) {
$sub = array_merge($sub, $tmp["{$subid}"]);
$units_full = array('D' => 'day', 'W' => 'week', 'M' => 'month', 'Y' => 'year');
switch ($sub['units']) {
case 'D':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']) - $sub['length'], date('Y', $user['expirydate']));
break;
case 'W':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']) - $sub['length'] * 7, date('Y', $user['expirydate']));
break;
case 'M':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']) - $sub['length'], date('j', $user['expirydate']), date('Y', $user['expirydate']));
break;
case 'Y':
$new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']), date('Y', $user['expirydate']) - $sub['length']);
break;
}
if ($new_expires > TIMENOW) {
// new expiration is still after today so just decremement and return
$this->registry->db->query_write("\n\t\t\t\t\t\tUPDATE " . TABLE_PREFIX . "subscriptionlog\n\t\t\t\t\t\tSET expirydate = {$new_expires}\n\t\t\t\t\t\tWHERE subscriptionid = {$subscriptionid}\n\t\t\t\t\t\t\tAND userid = {$userid}\n\t\t\t\t\t");
return;
}
}
unset($tmp);
$userdm =& datamanager_init('User', $this->registry, ERRTYPE_SILENT);
$userdm->set_existing($user);
if ($adminoption) {
if ($user['hascustomavatar'] and $sub['adminavatar']) {
$userdm->set_bitfield('adminoptions', 'adminavatar', 1);
}
if ($user['hasprofilepic'] and $sub['adminprofilepic']) {
$userdm->set_bitfield('adminoptions', 'adminprofilepic', 1);
}
}
//access masks
if (!empty($sub['forums']) and @unserialize($sub['forums']) !== NULL) {
$this->registry->db->query_write("\n\t\t\t\t\tDELETE FROM " . TABLE_PREFIX . "access\n\t\t\t\t\tWHERE forumid IN ({$sub['forums']}) AND\n\t\t\t\t\t\tuserid = {$userid}\n\t\t\t\t");
}
$countaccess = $this->registry->db->query_first("\n\t\t\t\tSELECT COUNT(*) AS masks\n\t\t\t\tFROM " . TABLE_PREFIX . "access\n\t\t\t\tWHERE userid = {$userid}\n\t\t\t");
$membergroupids = array_diff(fetch_membergroupids_array($user, false), fetch_membergroupids_array($sub, false));
$update_userban = false;
if ($sub['nusergroupid'] == $user['usergroupid'] and $user['usergroupid'] != $user['pusergroupid']) {
// check if there are other active subscriptions that set the same primary usergroup
foreach ($this->subscriptioncache as $subcheck) {
if ($subcheck['nusergroupid'] == $user['usergroupid'] and $subcheck['subscriptionid'] != $subscriptionid) {
$subids .= ",{$subcheck['subscriptionid']}";
}
}
if (!empty($subids)) {
$activesub = $this->registry->db->query_first("\n\t\t\t\t\t\tSELECT * FROM " . TABLE_PREFIX . "subscriptionlog\n\t\t\t\t\t\tWHERE userid = {$userid}\n\t\t\t\t\t\t\tAND subscriptionid IN (0{$subids})\n\t\t\t\t\t\t\tAND status = 1\n\t\t\t\t\t\tORDER BY expirydate DESC\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t");
}
if ($activesub) {
// there is at least one active subscription with the same primary usergroup, so alter its resetgroup
$this->registry->db->query_write("UPDATE " . TABLE_PREFIX . "subscriptionlog SET pusergroupid = {$user['pusergroupid']} WHERE subscriptionlogid = {$activesub['subscriptionlogid']}");
// don't touch usertitle/displaygroup
$user['pusergroupid'] = $user['usergroupid'];
$sub['nusergroupid'] = 0;
} else {
$userdm->set('usergroupid', $user['pusergroupid']);
}
} else {
if ($user['isbanned'] and $user['busergroupid'] == $sub['nusergroupid']) {
$update_userban = true;
$userbansql['usergroupid'] = $user['pusergroupid'];
}
}
$groups = iif(!empty($sub['membergroupids']), $sub['membergroupids'] . ',') . $sub['nusergroupid'];
if (in_array($user['displaygroupid'], explode(',', $groups))) {
// they're displaying as one of the usergroups in the subscription
$user['displaygroupid'] = 0;
} else {
if ($user['isbanned'] and in_array($user['bandisplaygroupid'], explode(',', $groups))) {
$update_userban = true;
$userbansql['displaygroupid'] = 0;
}
}
// do their old groups still allow custom titles?
$reset_title = false;
if ($user['customtitle'] == 2) {
$groups = (empty($membergroupids) ? '' : implode($membergroupids, ',') . ',') . $user['pusergroupid'];
$usergroup = $this->registry->db->query_first_slave("\n\t\t\t\t\tSELECT usergroupid\n\t\t\t\t\tFROM " . TABLE_PREFIX . "usergroup\n\t\t\t\t\tWHERE (genericpermissions & " . $this->registry->bf_ugp_genericpermissions['canusecustomtitle'] . ")\n\t\t\t\t\t\tAND usergroupid IN ({$groups})\n\t\t\t\t");
if (empty($usergroup['usergroupid'])) {
// no custom group any more lets set it back to the default
$reset_title = true;
}
}
if ($sub['nusergroupid'] > 0 and $user['customtitle'] == 0 or $reset_title) {
// they need a default title
$usergroup = $this->registry->db->query_first_slave("\n\t\t\t\t\tSELECT usertitle\n\t\t\t\t\tFROM " . TABLE_PREFIX . "usergroup\n\t\t\t\t\tWHERE usergroupid = {$user['pusergroupid']}\n\t\t\t\t");
if (empty($usergroup['usertitle'])) {
// should be a title based on minposts it seems then
$usergroup = $this->registry->db->query_first_slave("\n\t\t\t\t\t\tSELECT title AS usertitle\n\t\t\t\t\t\tFROM " . TABLE_PREFIX . "usertitle\n\t\t\t\t\t\tWHERE minposts <= {$user['posts']}\n\t\t\t\t\t\tORDER BY minposts DESC\n\t\t\t\t\t");
}
if ($user['isbanned']) {
$update_userban = true;
$userbansql['customtitle'] = 0;
$userbansql['usertitle'] = $usergroup['usertitle'];
} else {
$userdm->set('customtitle', 0);
$userdm->set('usertitle', $usergroup['usertitle']);
}
}
$userdm->set('membergroupids', implode($membergroupids, ','));
$userdm->set_bitfield('options', 'hasaccessmask', $countaccess['masks'] ? true : false);
$userdm->set('displaygroupid', $user['displaygroupid']);
$userdm->save();
unset($userdm);
$this->registry->db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "subscriptionlog\n\t\t\t\tSET status = 0\n\t\t\t\tWHERE subscriptionid = {$subscriptionid} AND\n\t\t\t\tuserid = {$userid}\n\t\t\t");
if ($update_userban) {
$this->registry->db->query_write(fetch_query_sql($userbansql, 'userban', "WHERE userid = {$user['userid']}"));
}
$mysubs = $this->registry->db->query_read("SELECT * FROM " . TABLE_PREFIX . "subscriptionlog WHERE status = 1 AND userid = {$userid}");
while ($mysub = $this->registry->db->fetch_array($mysubs)) {
$this->build_user_subscription($mysub['subscriptionid'], -1, $userid, $mysub['regdate'], $mysub['expirydate']);
}
($hook = vBulletinHook::fetch_hook('paidsub_delete')) ? eval($hook) : false;
}
}
/**
* Constructs the posticons selector interface
*
* @param integer Selected Icon ID
* @param boolean Allow icons?
*
* @return string posticons template
*/
function construct_icons($seliconid = 0, $allowicons = true)
{
// returns the icons chooser for posting new messages
global $vbulletin, $stylevar;
global $vbphrase, $selectedicon, $show;
$selectedicon = array('src' => $vbulletin->options['cleargifurl'], 'alt' => '');
if (!$allowicons) {
return false;
}
$membergroups = fetch_membergroupids_array($vbulletin->userinfo);
$infractiongroups = explode(',', str_replace(' ', '', $vbulletin->userinfo['infractiongroupids']));
($hook = vBulletinHook::fetch_hook('posticons_start')) ? eval($hook) : false;
$avperms = $vbulletin->db->query_read_slave("\n\t\tSELECT imagecategorypermission.imagecategoryid, usergroupid\n\t\tFROM " . TABLE_PREFIX . "imagecategorypermission AS imagecategorypermission, " . TABLE_PREFIX . "imagecategory AS imagecategory\n\t\tWHERE imagetype = 2\n\t\t\tAND imagecategorypermission.imagecategoryid = imagecategory.imagecategoryid\n\t\tORDER BY imagecategory.displayorder\n\t");
$noperms = array();
while ($avperm = $vbulletin->db->fetch_array($avperms)) {
$noperms["{$avperm['imagecategoryid']}"][] = $avperm['usergroupid'];
}
foreach ($noperms as $imagecategoryid => $usergroups) {
foreach ($usergroups as $usergroupid) {
if (in_array($usergroupid, $infractiongroups)) {
$badcategories .= ",{$imagecategoryid}";
}
}
if (!count(array_diff($membergroups, $usergroups))) {
$badcategories .= ",{$imagecategoryid}";
}
}
$icons = $vbulletin->db->query_read_slave("\n\t\tSELECT iconid, iconpath, title\n\t\tFROM " . TABLE_PREFIX . "icon AS icon\n\t\tWHERE imagecategoryid NOT IN (0{$badcategories})\n\t\tORDER BY imagecategoryid, displayorder\n\t");
if (!$vbulletin->db->num_rows($icons)) {
return false;
}
$numicons = 0;
$show['posticons'] = false;
while ($icon = $vbulletin->db->fetch_array($icons)) {
$show['posticons'] = true;
if ($numicons % 7 == 0 and $numicons != 0) {
$posticonbits .= "</tr><tr><td> </td>";
}
$numicons++;
$iconid = $icon['iconid'];
$iconpath = $icon['iconpath'];
$alttext = $icon['title'];
if ($seliconid == $iconid) {
$iconchecked = 'checked="checked"';
$selectedicon = array('src' => $iconpath, 'alt' => $alttext);
} else {
$iconchecked = '';
}
($hook = vBulletinHook::fetch_hook('posticons_bit')) ? eval($hook) : false;
eval('$posticonbits .= "' . fetch_template('posticonbit') . '";');
}
$remainder = $numicons % 7;
if ($remainder) {
$remainingspan = 2 * (7 - $remainder);
$show['addedspan'] = true;
} else {
$remainingspan = 0;
$show['addedspan'] = false;
}
if ($seliconid == 0) {
$iconchecked = 'checked="checked"';
} else {
$iconchecked = '';
}
($hook = vBulletinHook::fetch_hook('posticons_complete')) ? eval($hook) : false;
eval('$posticons = "' . fetch_template('posticons') . '";');
return $posticons;
}
/**
* Place a subscription order
*/
public function placeOrder($subscriptionid, $subscriptionsubid, $paymentapiclass, $currency)
{
$this->checkStatus();
$this->checkPermission();
$sub = $this->subobj->subscriptioncache["{$subscriptionid}"];
$sub['newoptions'] = @unserialize($sub['newoptions']);
// Verify that the payment api is allowed for this subscription
if (empty($sub['newoptions']['api'][$paymentapiclass]['show'])) {
throw new vB_Exception_Api('invalid_paymentapiclass');
}
$userinfo = vB::getCurrentSession()->fetch_userinfo();
$usercontext = vB::getUserContext();
$membergroupids = fetch_membergroupids_array($userinfo);
$allow_secondary_groups = $usercontext->hasPermission('genericoptions', 'allowmembergroups');
if (empty($sub) or !$sub['active']) {
throw new vB_Exception_Api('invalidid');
}
if (!empty($sub['deniedgroups']) and ($allow_secondary_groups and !count(array_diff($membergroupids, $sub['deniedgroups'])) or !$allow_secondary_groups and in_array($userinfo['usergroupid'], $sub['deniedgroups']))) {
throw new vB_Exception_Api('invalidid');
}
$costs = unserialize($sub['cost']);
if (empty($costs["{$subscriptionsubid}"]['cost']["{$currency}"])) {
throw new vB_Exception_Api('invalid_currency');
}
$hash = md5($userinfo['userid'] . $userinfo['secret'] . $subscriptionid . uniqid(microtime(), 1));
/* insert query */
vB::getDbAssertor()->insert('vBForum:paymentinfo', array('hash' => $hash, 'completed' => 0, 'subscriptionid' => $subscriptionid, 'subscriptionsubid' => $subscriptionsubid, 'userid' => $userinfo['userid']));
$method = vB::getDbAssertor()->getRow('vBForum:paymentapi', array('active' => 1, 'classname' => $paymentapiclass));
$supportedcurrencies = explode(',', $method['currency']);
if (!in_array($currency, $supportedcurrencies)) {
throw new vB_Exception_Api('currency_not_supported');
}
// TODO: vB_Template::create() has many PHP notices. We need to fix them.
error_reporting(E_ALL & ~E_NOTICE);
$form = $this->subobj->construct_payment($hash, $method, $costs["{$subscriptionsubid}"], $currency, $sub, $userinfo);
$typetext = $method['classname'] . '_order_instructions';
$templater = new vB5_Template('subscription_paymentbit');
$templater->register('form', $form);
$templater->register('method', $method);
$templater->register('typetext', $typetext);
$orderbit = $templater->render();
return $orderbit;
}
}
if ($_POST['do'] == 'deleteusergroups') {
$vbulletin->input->clean_array_gpc('p', array('usergroupid' => TYPE_UINT, 'deletebox' => TYPE_ARRAY_BOOL));
($hook = vBulletinHook::fetch_hook('profile_deleteusergroups_start')) ? eval($hook) : false;
if ($vbulletin->GPC['usergroupid']) {
// check permission to do authorizations in this group
if (!($leadergroup = $db->query_first("\n\t\t\tSELECT usergroupleaderid\n\t\t\tFROM " . TABLE_PREFIX . "usergroupleader AS usergroupleader\n\t\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\tAND usergroupid = " . $vbulletin->GPC['usergroupid'] . "\n\t\t"))) {
print_no_permission();
}
if (!empty($vbulletin->GPC['deletebox'])) {
foreach (array_keys($vbulletin->GPC['deletebox']) as $userid) {
$userids .= ',' . intval($userid);
}
$users = $db->query_read_slave("\n\t\t\t\tSELECT u.*\n\t\t\t\tFROM " . TABLE_PREFIX . "user AS u\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "usergroupleader AS ugl ON (u.userid = ugl.userid AND ugl.usergroupid = " . $vbulletin->GPC['usergroupid'] . ")\n\t\t\t\tWHERE u.userid IN (0{$userids}) AND ugl.usergroupleaderid IS NULL\n\t\t\t");
while ($user = $db->fetch_array($users)) {
$membergroups = fetch_membergroupids_array($user, false);
$newmembergroups = array();
foreach ($membergroups as $groupid) {
if ($groupid != $user['usergroupid'] and $groupid != $vbulletin->GPC['usergroupid']) {
$newmembergroups[] = $groupid;
}
}
// init user data manager
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_STANDARD);
$userdata->set_existing($user);
$userdata->set('membergroupids', $newmembergroups);
if ($user['displaygroupid'] == $vbulletin->GPC['usergroupid']) {
$userdata->set('displaygroupid', 0);
}
($hook = vBulletinHook::fetch_hook('profile_deleteusergroups_process')) ? eval($hook) : false;
$userdata->save();
/**
* Update user's display group
*
* @param $userid User ID
* @param $usergroupid Usergroup ID to be used as display group
* @return void
*/
public function updateDisplayGroup($userid, $usergroupid)
{
$userinfo = vB_Api::instanceInternal('user')->fetchUserinfo($userid);
$membergroups = fetch_membergroupids_array($userinfo);
$permissions = $userinfo['permissions'];
$vbulletin = vB::get_registry();
$bf_ugp_genericpermissions = vB::getDatastore()->get_value('bf_ugp_genericpermissions');
if ($usergroupid == 0) {
throw new vB_Exception_Api('invalidid', array('usergroupid'));
}
if (!in_array($usergroupid, $membergroups)) {
throw new vB_Exception_Api('notmemberofdisplaygroup');
} else {
$display_usergroup = $vbulletin->usergroupcache["{$usergroupid}"];
//I'm not sure why we require canoverride to set the display group... this is *not* required
//by the the admincp user interface which uses a different method of saving.
if ($usergroupid == $userinfo['usergroupid'] or $display_usergroup['canoverride']) {
$userinfo['displaygroupid'] = $usergroupid;
// init user data manager
$userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_ARRAY_UNPROCESSED);
$userdata->set_existing($userinfo);
$userdata->set('displaygroupid', $usergroupid);
if (!$userinfo['customtitle']) {
$userdata->set_usertitle($userinfo['customtitle'] ? $userinfo['usertitle'] : '', false, $display_usergroup, $permissions['genericpermissions'] & $bf_ugp_genericpermissions['canusecustomtitle'] ? true : false, $permissions['genericpermissions'] & $bf_ugp_genericpermissions['cancontrolpanel'] ? true : false);
}
$userdata->save();
} else {
throw new vB_Exception_Api('usergroup_invaliddisplaygroup');
}
}
}
