 This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass.
 public function action()
     global $mybb, $db;
     $api = APISystem::get_instance();
     if (isset($api->paths[1]) && is_string($api->paths[1])) {
         switch (strtolower($api->paths[1])) {
             case "list":
                 if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) {
                     return (object) $forums[$api->paths[2]];
                 } else {
                     return (object) $forums;
             case "posts":
                 if (isset($api->paths[2]) && is_string($api->paths[2])) {
                     $posts = array();
                     $tid = $db->escape_string($api->paths[2]);
                     $query = $db->write_query("SELECT * FROM " . TABLE_PREFIX . "posts p WHERE p.`tid` = '{$tid}'");
                     while ($post = $db->fetch_array($query)) {
                         $posts[$post["pid"]] = $post;
                     return (object) $posts;
                 } else {
                     // what forum?
             case "permissions":
                 $forumpermissions = forum_permissions();
                 return (object) $forumpermissions;
     throw new BadRequestException("No valid option given in the URL.");
Esempio n. 2
function get_forum_func()
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $forumpermissions, $fcache, $forum_cache;
    $inactiveforums = get_inactive_forums();
    if ($mybb->user['uid'] == 0) {
        // Build a forum cache.
        $query = $db->query("\n            SELECT *, threads as unread_count\n            FROM " . TABLE_PREFIX . "forums\n            WHERE active != 0 " . ($inactiveforums ? " AND fid NOT IN ({$inactiveforums})" : '') . "\n            ORDER BY pid, disporder\n        ");
        $forumsread = unserialize($mybb->cookies['mybb']['forumread']);
    } else {
        // Build a forum cache.
        $query = $db->query("\n            SELECT f.*, fr.dateline AS lastread, fs.fsid, (\n                select count(*) from " . TABLE_PREFIX . "threads where fid=f.fid and lastpost > fr.dateline\n            ) as unread_count\n            FROM " . TABLE_PREFIX . "forums f\n            LEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')\n            LEFT JOIN " . TABLE_PREFIX . "forumsubscriptions fs ON (fs.fid=f.fid AND fs.uid='{$mybb->user['uid']}')\n            WHERE f.active != 0 " . ($inactiveforums ? " AND f.fid NOT IN ({$inactiveforums})" : '') . "\n            ORDER BY pid, disporder\n        ");
    while ($forum = $db->fetch_array($query)) {
        if ($mybb->user['uid'] == 0) {
            if ($forumsread[$forum['fid']]) {
                $forum['lastread'] = $forumsread[$forum['fid']];
        $fcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
    $forumpermissions = forum_permissions();
    $excols = "index";
    $permissioncache['-1'] = "1";
    $showdepth = 10;
    $xml_nodes = new xmlrpcval(array(), 'array');
    $done = array();
    $xml_tree = treeBuild(0, $fcache, $xml_nodes, $done);
    return new xmlrpcresp($xml_nodes);
function remove_attachment_func($xmlrpc_params)
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
    $parser = new postParser();
    $input = Tapatalk_Input::filterXmlInput(array('attachment_id' => Tapatalk_Input::INT, 'forum_id' => Tapatalk_Input::INT, 'group_id' => Tapatalk_Input::STRING, 'post_id' => Tapatalk_Input::INT), $xmlrpc_params);
    $fid = $input['forum_id'];
    $forum = get_forum($fid);
    if (!$forum) {
        return xmlrespfalse($lang->error_invalidforum);
    $forumpermissions = forum_permissions($fid);
    if ($forum['open'] == 0 || $forum['type'] != "f") {
        return xmlrespfalse($lang->error_closedinvalidforum);
    if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) {
        return tt_no_permission();
    $posthash = $input['group_id'];
    $mybb->input['posthash'] = $posthash;
    // If we're removing an attachment that belongs to an existing post, some security checks...
    $query = $db->simple_select("attachments", "pid", "aid='{$input['attachment_id']}'");
    $attachment = $db->fetch_array($query);
    $pid = $attachment['pid'];
    if ($pid > 0) {
        if ($pid != $input['post_id']) {
            return xmlrespfalse("The attachment you are trying to remove does not belong to this post");
        $query = $db->simple_select("posts", "*", "pid='{$pid}'");
        $post = $db->fetch_array($query);
        if (!$post['pid']) {
            return xmlrespfalse($lang->error_invalidpost);
        // Get thread info
        $tid = $post['tid'];
        $thread = get_thread($tid);
        if (!$thread['tid']) {
            return xmlrespfalse($lang->error_invalidthread);
        if (!is_moderator($fid, "caneditposts")) {
            if ($thread['closed'] == 1) {
                return xmlrespfalse($lang->redirect_threadclosed);
            if ($forumpermissions['caneditposts'] == 0) {
                return tt_no_permission();
            if ($mybb->user['uid'] != $post['uid']) {
                return tt_no_permission();
    } else {
        $pid = 0;
    require_once MYBB_ROOT . "inc/functions_upload.php";
    remove_attachment($pid, $mybb->input['posthash'], $input['attachment_id']);
    return xmlresptrue();
Esempio n. 4
function upload_attach_func($xmlrpc_params)
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
    $parser = new postParser();
    $input = Tapatalk_Input::filterXmlInput(array('forum_id' => Tapatalk_Input::INT, 'group_id' => Tapatalk_Input::STRING, 'content' => Tapatalk_Input::STRING), $xmlrpc_params);
    $fid = $input['forum_id'];
    //return xmlrespfalse(print_r($_FILES, true));
    // Fetch forum information.
    $forum = get_forum($fid);
    if (!$forum) {
        return xmlrespfalse($lang->error_invalidforum);
    $forumpermissions = forum_permissions($fid);
    if ($forum['open'] == 0 || $forum['type'] != "f") {
        return xmlrespfalse($lang->error_closedinvalidforum);
    if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) {
        return tt_no_permission();
    // Check if this forum is password protected and we have a valid password
    $posthash = $input['group_id'];
    if (empty($posthash)) {
        $posthash = md5($mybb->user['uid'] . random_str());
    $mybb->input['posthash'] = $posthash;
    if (!empty($mybb->input['pid'])) {
        $attachwhere = "pid='{$mybb->input['pid']}'";
    } else {
        $attachwhere = "posthash='{$posthash}'";
    $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere);
    $attachcount = $db->fetch_field($query, "numattachs");
    foreach ($_FILES['attachment'] as $k => $v) {
        if (is_array($_FILES['attachment'][$k])) {
            $_FILES['attachment'][$k] = $_FILES['attachment'][$k][0];
    if ($_FILES['attachment']['type'] == 'image/jpg') {
        $_FILES['attachment']['type'] = 'image/jpeg';
    // If there's an attachment, check it and upload it
    if ($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) {
        require_once MYBB_ROOT . "inc/functions_upload.php";
        $attachedfile = upload_attachment($_FILES['attachment'], false);
    if (empty($attachedfile)) {
        return xmlrespfalse("No file uploaded");
    //return xmlrespfalse(print_r($attachedfile, true));
    if ($attachedfile['error']) {
        return xmlrespfalse(implode(" :: ", $attachedfile['error']));
    $result = new xmlrpcval(array('attachment_id' => new xmlrpcval($attachedfile['aid'], 'string'), 'group_id' => new xmlrpcval($posthash, 'string'), 'result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'file_size' => new xmlrpcval($attachedfile['filesize'], 'int')), 'struct');
    return new xmlrpcresp($result);
 * Fetches the number of unread threads for the current user in a particular forum.
 * @param string The forums (CSV list)
 * @return int The number of unread threads
function fetch_unread_count($fid)
    global $cache, $db, $mybb;
    $onlyview = $onlyview2 = '';
    $permissions = forum_permissions($fid);
    $cutoff = TIME_NOW - $mybb->settings['threadreadcut'] * 60 * 60 * 24;
    if (!empty($permissions['canonlyviewownthreads'])) {
        $onlyview = " AND uid = '{$mybb->user['uid']}'";
        $onlyview2 = " AND t.uid = '{$mybb->user['uid']}'";
    if ($mybb->user['uid'] == 0) {
        $comma = '';
        $tids = '';
        $threadsread = my_unserialize($mybb->cookies['mybb']['threadread']);
        $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
        if (!empty($threadsread)) {
            foreach ($threadsread as $key => $value) {
                $tids .= $comma . intval($key);
                $comma = ',';
        if (!empty($tids)) {
            $count = 0;
            // We've read at least some threads, are they here?
            $query = $db->simple_select("threads", "lastpost, tid, fid", "visible=1 AND closed NOT LIKE 'moved|%' AND fid IN ({$fid}) AND lastpost > '{$cutoff}'{$onlyview}", array("limit" => 100));
            while ($thread = $db->fetch_array($query)) {
                if ($thread['lastpost'] > intval($threadsread[$thread['tid']]) && $thread['lastpost'] > intval($forumsread[$thread['fid']])) {
            return $count;
        // Not read any threads?
        return false;
    } else {
        // START - Unread posts MOD
        $fieldname = 'dateline';
        if (function_exists("unreadPosts_is_installed") && unreadPosts_is_installed()) {
            $cutoff = $mybb->user['lastmark'];
        // END - Unread posts MOD
        switch ($db->type) {
            case "pgsql":
                $query = $db->query("\n                    SELECT COUNT(t.tid) AS unread_count\n                    FROM " . TABLE_PREFIX . "threads t\n                    LEFT JOIN " . TABLE_PREFIX . "threadsread tr ON (tr.tid=t.tid AND tr.uid='{$mybb->user['uid']}')\n                    LEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=t.fid AND fr.uid='{$mybb->user['uid']}')\n                    WHERE t.visible=1 AND t.closed NOT LIKE 'moved|%' \n                        AND t.fid IN ({$fid}) \n                        AND t.lastpost > COALESCE(tr.dateline,{$cutoff}) \n                        AND t.lastpost > COALESCE(fr.dateline,{$cutoff}) \n                        AND t.lastpost > {$cutoff}\n                        {$onlyview2}\n                ");
                $query = $db->query("\n                    SELECT COUNT(t.tid) AS unread_count\n                    FROM " . TABLE_PREFIX . "threads t\n                    LEFT JOIN " . TABLE_PREFIX . "threadsread tr ON (tr.tid=t.tid AND tr.uid='{$mybb->user['uid']}')\n                    LEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=t.fid AND fr.uid='{$mybb->user['uid']}')\n                    WHERE t.visible=1 AND t.closed NOT LIKE 'moved|%' \n                        AND t.fid IN ({$fid}) \n                        AND t.lastpost > IFNULL(tr.dateline,{$cutoff}) \n                        AND t.lastpost > IFNULL(fr.dateline,{$cutoff}) \n                        AND t.lastpost > {$cutoff}\n                        {$onlyview2}\n                ");
        return (int) $db->fetch_field($query, "unread_count");
Esempio n. 6
function subscribe_topic_func($xmlrpc_params)
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
    $input = Tapatalk_Input::filterXmlInput(array('topic_id' => Tapatalk_Input::INT), $xmlrpc_params);
    $thread = get_thread($input['topic_id']);
    if (!$thread['tid']) {
        return xmlrespfalse($lang->error_invalidthread);
    $forumpermissions = forum_permissions($thread['fid']);
    if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) {
        return tt_no_permission();
    add_subscribed_thread($thread['tid'], 0);
    return xmlresptrue();
 This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass.
 public function action()
     global $mybb, $db;
     $api = APISystem::get_instance();
     if (isset($api->paths[1]) && is_string($api->paths[1])) {
         $forums = cache_forums();
         switch (strtolower($api->paths[1])) {
             case "list":
                 if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) {
                     return (object) $forums[$api->paths[2]];
                 } else {
                     return (object) $forums;
             case "threads":
                 if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) {
                     $threads = array();
                     $fid = $db->escape_string($api->paths[2]);
                     $query = $db->write_query("SELECT * FROM " . TABLE_PREFIX . "threads t WHERE t.`fid` = '{$fid}'");
                     while ($thread = $db->fetch_array($query)) {
                         $threads[$thread["tid"]] = $thread;
                     return (object) $threads;
                 } else {
                     // what forum?
             case "permissions":
                 if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]]) && $this->is_authenticated()) {
                     return (object) forum_permissions($api->paths[2], $this->get_user()->id, $this->get_user()->usergroup);
                 } else {
                     //what forum?
     throw new BadRequestException("No valid option given in the URL.");
function get_subscribed_forum_func($xmlrpc_params)
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
    if ($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0) {
        return tt_no_permission();
    $query = $db->simple_select("forumpermissions", "*", "gid='" . $db->escape_string($mybb->user['usergroup']) . "'");
    while ($permissions = $db->fetch_array($query)) {
        $permissioncache[$permissions['gid']][$permissions['fid']] = $permissions;
    // Build a forum cache.
    $query = $db->query("\n\t\tSELECT f.fid, fr.dateline AS lastread\n\t\tFROM " . TABLE_PREFIX . "forums f\n\t\tLEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')\n\t\tWHERE f.active != 0\n\t\tORDER BY pid, disporder\n\t");
    while ($forum = $db->fetch_array($query)) {
        if ($mybb->user['uid'] == 0) {
            if ($forumsread[$forum['fid']]) {
                $forum['lastread'] = $forumsread[$forum['fid']];
        $readforums[$forum['fid']] = $forum['lastread'];
    require_once MYBB_ROOT . "inc/functions_forumlist.php";
    $fpermissions = forum_permissions();
    $query = $db->query("\n\t\tSELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread\n\t\tFROM " . TABLE_PREFIX . "forumsubscriptions fs\n\t\tLEFT JOIN " . TABLE_PREFIX . "forums f ON (f.fid = fs.fid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid = f.lastposttid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')\n\t\tWHERE f.type='f' AND fs.uid='" . $mybb->user['uid'] . "'\n\t\tORDER BY f.name ASC\n\t");
    $forums = '';
    $forum_list = array();
    while ($forum = $db->fetch_array($query)) {
        $forumpermissions = $fpermissions[$forum['fid']];
        if ($forumpermissions['canview'] != 0) {
            $lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost']));
            $forum_list[] = new xmlrpcval(array('forum_id' => new xmlrpcval($forum['fid'], 'string'), 'forum_name' => new xmlrpcval(basic_clean($forum['name']), 'base64'), 'is_protected' => new xmlrpcval(!empty($forum['password']), 'boolean'), 'new_post' => new xmlrpcval($lightbulb['folder'] == 'on', 'boolean')), 'struct');
    $result = new xmlrpcval(array('total_forums_num' => new xmlrpcval(count($forum_list), 'int'), 'forums' => new xmlrpcval($forum_list, 'array')), 'struct');
    return new xmlrpcresp($result);
Esempio n. 9
     if (!$mybb->user['ismoderator']) {
         $sql[] = "p.visible='1'";
         $sql[] = "t.visible='1'";
     $sql = implode(' AND ', $sql);
     $query = $db->query("\n\t\t\tSELECT p.pid, p.uid, p.fid, p.visible, p.message, t.tid, t.subject, t.visible AS thread_visible\n\t\t\tFROM " . TABLE_PREFIX . "posts p\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\t\tWHERE {$sql}\n\t\t");
     $forumpermissions = array();
     while ($post = $db->fetch_array($query)) {
         if (($post['visible'] == 0 || $post['thread_visible'] == 0) && !is_moderator($post['fid'], 'canviewunapprove')) {
         if (($post['visible'] == -1 || $post['thread_visible'] == -1) && !is_moderator($post['fid'], 'canviewdeleted')) {
         if (!isset($forumpermissions[$post['fid']])) {
             $forumpermissions[$post['fid']] = forum_permissions($post['fid']);
         // Make sure we can view this post
         if (isset($forumpermissions[$post['fid']]['canonlyviewownthreads']) && $forumpermissions[$post['fid']]['canonlyviewownthreads'] == 1 && $post['uid'] != $mybb->user['uid']) {
         $post_reputation[$post['pid']] = $post;
 $reputation_votes = '';
 foreach ($reputation_cache as $reputation_vote) {
     // Get the reputation for the user who posted this comment
     if ($reputation_vote['adduid'] == 0) {
         $reputation_vote['user_reputation'] = 0;
     $reputation_vote['user_reputation'] = get_reputation($reputation_vote['user_reputation'], $reputation_vote['adduid']);
Esempio n. 10
  * Updates a post that is already in the database.
 function update_post()
     global $db, $mybb, $plugins;
     // Yes, validating is required.
     if ($this->get_validated() != true) {
         die("The post needs to be validated before inserting it into the DB.");
     if (count($this->get_errors()) > 0) {
         die("The post is not valid.");
     $post =& $this->data;
     $post['pid'] = (int) $post['pid'];
     $existing_post = get_post($post['pid']);
     $post['tid'] = $existing_post['tid'];
     $post['fid'] = $existing_post['fid'];
     $forum = get_forum($post['fid']);
     $forumpermissions = forum_permissions($post['fid'], $post['uid']);
     // Check if this is the first post in a thread.
     $options = array("order_by" => "dateline", "order_dir" => "asc", "limit_start" => 0, "limit" => 1);
     $query = $db->simple_select("posts", "pid", "tid='" . (int) $post['tid'] . "'", $options);
     $first_post_check = $db->fetch_array($query);
     if ($first_post_check['pid'] == $post['pid']) {
         $first_post = true;
     } else {
         $first_post = false;
     // Decide on the visibility of this post.
     $ismod = is_moderator($post['fid'], "", $post['uid']);
     // Keep visibility for unapproved and deleted posts
     if ($existing_post['visible'] == 0) {
         $visible = 0;
     } elseif ($existing_post['visible'] == -1) {
         $visible = -1;
     } elseif ($forumpermissions['mod_edit_posts'] == 1 && !$ismod) {
         $visible = 0;
         require_once MYBB_ROOT . "inc/class_moderation.php";
         $moderation = new Moderation();
     } else {
         $visible = 1;
     // Update the thread details that might have been changed first.
     if ($first_post) {
         $this->tid = $post['tid'];
         if (isset($post['prefix'])) {
             $this->thread_update_data['prefix'] = (int) $post['prefix'];
         if (isset($post['subject'])) {
             $this->thread_update_data['subject'] = $db->escape_string($post['subject']);
         if (isset($post['icon'])) {
             $this->thread_update_data['icon'] = (int) $post['icon'];
         if (count($this->thread_update_data) > 0) {
             $plugins->run_hooks("datahandler_post_update_thread", $this);
             $db->update_query("threads", $this->thread_update_data, "tid='" . (int) $post['tid'] . "'");
     // Prepare array for post updating.
     $this->pid = $post['pid'];
     if (isset($post['subject'])) {
         $this->post_update_data['subject'] = $db->escape_string($post['subject']);
     if (isset($post['message'])) {
         $this->post_update_data['message'] = $db->escape_string($post['message']);
     if (isset($post['editreason']) && trim($post['editreason']) != '') {
         $this->post_update_data['editreason'] = $db->escape_string(trim($post['editreason']));
     if (isset($post['icon'])) {
         $this->post_update_data['icon'] = (int) $post['icon'];
     if (isset($post['options'])) {
         if (isset($post['options']['disablesmilies'])) {
             $this->post_update_data['smilieoff'] = $db->escape_string($post['options']['disablesmilies']);
         if (isset($post['options']['signature'])) {
             $this->post_update_data['includesig'] = $db->escape_string($post['options']['signature']);
     // If we need to show the edited by, let's do so.
     if ($mybb->settings['showeditedby'] == 1 && !is_moderator($post['fid'], "caneditposts", $post['edit_uid']) || $mybb->settings['showeditedbyadmin'] == 1 && is_moderator($post['fid'], "caneditposts", $post['edit_uid'])) {
         $this->post_update_data['edituid'] = (int) $post['edit_uid'];
         $this->post_update_data['edittime'] = TIME_NOW;
     $plugins->run_hooks("datahandler_post_update", $this);
     $db->update_query("posts", $this->post_update_data, "pid='" . (int) $post['pid'] . "'");
     // Automatic subscription to the thread
     if ($post['options']['subscriptionmethod'] != "" && $post['uid'] > 0) {
         switch ($post['options']['subscriptionmethod']) {
             case "pm":
                 $notification = 2;
             case "email":
                 $notification = 1;
                 $notification = 0;
         require_once MYBB_ROOT . "inc/functions_user.php";
         add_subscribed_thread($post['tid'], $notification, $post['uid']);
     } else {
         $db->delete_query("threadsubscriptions", "uid='" . (int) $post['uid'] . "' AND tid='" . (int) $post['tid'] . "'");
     // Return the thread's first post id and whether or not it is visible.
     $this->return_values = array('visible' => $visible, 'first_post' => $first_post);
     $plugins->run_hooks("datahandler_post_update_end", $this);
     return $this->return_values;
Esempio n. 11
* Gets a list of forums and possibly subforums.
* @param int The parent forum to get the childforums for.
* @return array Array of information regarding the child forums of this parent forum
function build_archive_forumbits($pid = 0)
    global $db, $forumpermissions, $mybb, $lang, $archiveurl, $base_url;
    // Sort out the forum cache first.
    static $fcache;
    if (!is_array($fcache)) {
        // Fetch forums
        $query = $db->simple_select("forums", "*", "active!=0 AND password=''", array('order_by' => 'pid, disporder'));
        while ($forum = $db->fetch_array($query)) {
            $fcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
        $forumpermissions = forum_permissions();
    // Start the process.
    if (is_array($fcache[$pid])) {
        foreach ($fcache[$pid] as $key => $main) {
            foreach ($main as $key => $forum) {
                $perms = $forumpermissions[$forum['fid']];
                if (($perms['canview'] == 1 || $mybb->settings['hideprivateforums'] == 0) && $forum['active'] != 0) {
                    if ($forum['linkto']) {
                        $forums .= "<li><a href=\"{$forum['linkto']}\">{$forum['name']}</a>";
                    } elseif ($forum['type'] == "c") {
                        $forums .= "<li><strong><a href=\"{$base_url}forum-{$forum['fid']}.html\">{$forum['name']}</a></strong>";
                    } else {
                        $forums .= "<li><a href=\"{$base_url}forum-{$forum['fid']}.html\">{$forum['name']}</a>";
                    if ($fcache[$forum['fid']]) {
                        $forums .= "\n<ol>\n";
                        $forums .= build_archive_forumbits($forum['fid']);
                        $forums .= "</ol>\n";
                    $forums .= "</li>\n";
    return $forums;
Esempio n. 12
function m_get_moderate_post_func($xmlrpc_params)
    global $input, $post, $thread, $forum, $pid, $tid, $fid, $modlogdata, $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $moderation, $parser;
    $input = Tapatalk_Input::filterXmlInput(array('start_num' => Tapatalk_Input::INT, 'last_num' => Tapatalk_Input::INT), $xmlrpc_params);
    list($start, $limit) = process_page($input['start_num'], $input['last_num']);
    // Load global language phrases
    if ($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1) {
        return tt_no_permission();
    $errors = '';
    // SQL for fetching items only related to forums this user moderates
    $moderated_forums = array();
    if ($mybb->usergroup['issupermod'] != 1) {
        $query = $db->simple_select("moderators", "*", "id='{$mybb->user['uid']}' AND isgroup = '0'");
        while ($forum = $db->fetch_array($query)) {
            $flist .= ",'{$forum['fid']}'";
            $children = get_child_list($forum['fid']);
            if (!empty($children)) {
                $flist .= ",'" . implode("','", $children) . "'";
            $moderated_forums[] = $forum['fid'];
        if ($flist) {
            $tflist = " AND t.fid IN (0{$flist})";
            $flist = " AND fid IN (0{$flist})";
    } else {
        $flist = $tflist = '';
    $forum_cache = $cache->read("forums");
    $query = $db->query("\n        SELECT COUNT(pid) AS unapprovedposts\n        FROM  " . TABLE_PREFIX . "posts p\n        LEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n        WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid\n    ");
    $unapproved_posts = $db->fetch_field($query, "unapprovedposts");
    $query = $db->query("\n        SELECT p.pid, p.subject, p.message, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline, u.avatar, t.views, t.replies, IF(b.lifted > UNIX_TIMESTAMP() OR b.lifted = 0, 1, 0) as isbanned\n        FROM  " . TABLE_PREFIX . "posts p\n        LEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n        LEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=p.uid)\n        LEFT JOIN " . TABLE_PREFIX . "banned b ON (b.uid = p.uid)\n        left join " . TABLE_PREFIX . "forums f on f.fid = t.fid\n        WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid\n        ORDER BY p.dateline DESC\n        LIMIT {$start}, {$limit}\n    ");
    $forumcache = $cache->read("forums");
    $post_list = array();
    while ($post = $db->fetch_array($query)) {
        $post['threadsubject'] = $parser->parse_badwords($post['threadsubject']);
        $forumpermissions = forum_permissions($post['fid']);
        $can_delete = 0;
        if ($mybb->user['uid'] == $post['uid']) {
            if ($forumpermissions['candeletethreads'] == 1 && $post['replies'] == 0) {
                $can_delete = 1;
            } else {
                if ($forumpermissions['candeleteposts'] == 1 && $post['replies'] > 0) {
                    $can_delete = 1;
        $can_delete = (is_moderator($post['fid'], "candeleteposts") || $can_delete == 1) && $mybb->user['uid'] != 0;
        $post_list[] = new xmlrpcval(array('forum_id' => new xmlrpcval($post['fid'], 'string'), 'forum_name' => new xmlrpcval(basic_clean($forumcache[$post['fid']]['name']), 'base64'), 'topic_id' => new xmlrpcval($post['tid'], 'string'), 'topic_title' => new xmlrpcval($post['threadsubject'], 'base64'), 'post_id' => new xmlrpcval($post['pid'], 'string'), 'post_title' => new xmlrpcval($post['subject'], 'base64'), 'post_author_name' => new xmlrpcval($post['username'], 'base64'), 'icon_url' => new xmlrpcval(absolute_url($post['avatar']), 'string'), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($post['dateline']), 'dateTime.iso8601'), 'short_content' => new xmlrpcval(process_short_content($post['message'], $parser), 'base64'), 'reply_number' => new xmlrpcval($post['replies'], 'int'), 'view_number' => new xmlrpcval($post['views'], 'int'), 'can_delete' => new xmlrpcval($can_delete, 'boolean'), 'can_approve' => new xmlrpcval(is_moderator($post['fid'], "canmanagethreads"), 'boolean'), 'can_move' => new xmlrpcval(is_moderator($post['fid'], "canmovetononmodforum"), 'boolean'), 'can_ban' => new xmlrpcval($mybb->usergroup['canmodcp'] == 1, 'boolean'), 'is_ban' => new xmlrpcval($post['isbanned'], 'boolean'), 'is_approved' => new xmlrpcval(false, 'boolean'), 'is_deleted' => new xmlrpcval(false, 'boolean')), "struct");
    $result = new xmlrpcval(array('total_post_num' => new xmlrpcval($unapproved_posts, 'int'), 'posts' => new xmlrpcval($post_list, 'array')), 'struct');
    return new xmlrpcresp($result);
 * Build a comma separated list of the forums this user cannot search
 * @param int The parent ID to build from
 * @param int First rotation or not (leave at default)
 * @return return a CSV list of forums the user cannot search
function get_unsearchable_forums($pid = "0", $first = 1)
    global $db, $forum_cache, $permissioncache, $mybb, $unsearchableforums, $unsearchable, $templates, $forumpass;
    $pid = intval($pid);
    if (!is_array($forum_cache)) {
        // Get Forums
        $query = $db->simple_select("forums", "fid,parentlist,password,active", '', array('order_by' => 'pid, disporder'));
        while ($forum = $db->fetch_array($query)) {
            $forum_cache[$forum['fid']] = $forum;
    if (!is_array($permissioncache)) {
        $permissioncache = forum_permissions();
    foreach ($forum_cache as $fid => $forum) {
        if ($permissioncache[$forum['fid']]) {
            $perms = $permissioncache[$forum['fid']];
        } else {
            $perms = $mybb->usergroup;
        $pwverified = 1;
        if ($forum['password'] != '') {
            if ($mybb->cookies['forumpass'][$forum['fid']] != md5($mybb->user['uid'] . $forum['password'])) {
                $pwverified = 0;
        $parents = explode(",", $forum['parentlist']);
        if (is_array($parents)) {
            foreach ($parents as $parent) {
                if ($forum_cache[$parent]['active'] == 0) {
                    $forum['active'] = 0;
        if ($perms['canview'] != 1 || $perms['cansearch'] != 1 || $pwverified == 0 || $forum['active'] == 0) {
            if ($unsearchableforums) {
                $unsearchableforums .= ",";
            $unsearchableforums .= "'{$forum['fid']}'";
    $unsearchable = $unsearchableforums;
    // Get our unsearchable password protected forums
    $pass_protected_forums = get_password_protected_forums();
    if ($unsearchable && $pass_protected_forums) {
        $unsearchable .= ",";
    if ($pass_protected_forums) {
        $unsearchable .= implode(",", $pass_protected_forums);
    return $unsearchable;
Esempio n. 14
 * Builds a friendly named Who's Online location from an "activity" and array of user data. Assumes fetch_wol_activity has already been called.
 * @param array Array containing activity and essential IDs.
 * @return string Location name for the activity being performed.
function build_friendly_wol_location($user_activity)
    global $db, $lang, $uid_list, $aid_list, $pid_list, $tid_list, $fid_list, $ann_list, $eid_list, $plugins, $parser, $mybb;
    global $threads, $forums, $forums_linkto, $forum_cache, $posts, $announcements, $events, $usernames, $attachments;
    // Fetch forum permissions for this user
    $unviewableforums = get_unviewable_forums();
    $inactiveforums = get_inactive_forums();
    $fidnot = '';
    $unviewablefids = $inactivefids = array();
    if ($unviewableforums) {
        $fidnot = " AND fid NOT IN ({$unviewableforums})";
        $unviewablefids = explode(',', $unviewableforums);
    if ($inactiveforums) {
        $fidnot .= " AND fid NOT IN ({$inactiveforums})";
        $inactivefids = explode(',', $inactiveforums);
    // Fetch any users
    if (!is_array($usernames) && count($uid_list) > 0) {
        $uid_sql = implode(",", $uid_list);
        if ($uid_sql != $mybb->user['uid']) {
            $query = $db->simple_select("users", "uid,username", "uid IN ({$uid_sql})");
            while ($user = $db->fetch_array($query)) {
                $usernames[$user['uid']] = $user['username'];
        } else {
            $usernames[$mybb->user['uid']] = $mybb->user['username'];
    // Fetch any attachments
    if (!is_array($attachments) && count($aid_list) > 0) {
        $aid_sql = implode(",", $aid_list);
        $query = $db->simple_select("attachments", "aid,pid", "aid IN ({$aid_sql})");
        while ($attachment = $db->fetch_array($query)) {
            $attachments[$attachment['aid']] = $attachment['pid'];
            $pid_list[] = $attachment['pid'];
    // Fetch any announcements
    if (!is_array($announcements) && count($ann_list) > 0) {
        $aid_sql = implode(",", $ann_list);
        $query = $db->simple_select("announcements", "aid,subject", "aid IN ({$aid_sql}) {$fidnot}");
        while ($announcement = $db->fetch_array($query)) {
            $announcement_title = htmlspecialchars_uni($parser->parse_badwords($announcement['subject']));
            $announcements[$announcement['aid']] = $announcement_title;
    // Fetch any posts
    if (!is_array($posts) && count($pid_list) > 0) {
        $pid_sql = implode(",", $pid_list);
        $query = $db->simple_select("posts", "pid,tid", "pid IN ({$pid_sql}) {$fidnot}");
        while ($post = $db->fetch_array($query)) {
            $posts[$post['pid']] = $post['tid'];
            $tid_list[] = $post['tid'];
    // Fetch any threads
    if (!is_array($threads) && count($tid_list) > 0) {
        $perms = array();
        $tid_sql = implode(",", $tid_list);
        $query = $db->simple_select('threads', 'uid, fid, tid, subject, visible, prefix', "tid IN({$tid_sql}) {$fidnot}");
        $threadprefixes = build_prefixes();
        while ($thread = $db->fetch_array($query)) {
            $thread['threadprefix'] = '';
            if ($thread['prefix'] && !empty($threadprefixes[$thread['prefix']])) {
                $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle'];
            if (empty($perms[$thread['fid']])) {
                $perms[$thread['fid']] = forum_permissions($thread['fid']);
            if (isset($perms[$thread['fid']]['canonlyviewownthreads']) && $perms[$thread['fid']]['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'] && !is_moderator($thread['fid'])) {
            if (is_moderator($thread['fid']) || $thread['visible'] == 1) {
                $thread_title = '';
                if ($thread['threadprefix']) {
                    $thread_title = $thread['threadprefix'] . '&nbsp;';
                $thread_title .= htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
                $threads[$thread['tid']] = $thread_title;
                $fid_list[] = $thread['fid'];
    // Fetch any forums
    if (!is_array($forums) && count($fid_list) > 0) {
        $fidnot = array_merge($unviewablefids, $inactivefids);
        foreach ($forum_cache as $fid => $forum) {
            if (in_array($fid, $fid_list) && !in_array($fid, $fidnot)) {
                $forums[$fid] = $forum['name'];
                $forums_linkto[$fid] = $forum['linkto'];
    // And finaly any events
    if (!is_array($events) && count($eid_list) > 0) {
        $eid_sql = implode(",", $eid_list);
        $query = $db->simple_select("events", "eid,name", "eid IN ({$eid_sql})");
        while ($event = $db->fetch_array($query)) {
            $events[$event['eid']] = htmlspecialchars_uni($parser->parse_badwords($event['name']));
    // Now we've got everything we need we can put a name to the location
    switch ($user_activity['activity']) {
        // announcement.php functions
        case "announcements":
            if (!empty($announcements[$user_activity['ann']])) {
                $location_name = $lang->sprintf($lang->viewing_announcements, get_announcement_link($user_activity['ann']), $announcements[$user_activity['ann']]);
            } else {
                $location_name = $lang->viewing_announcements2;
            // attachment.php actions
        // attachment.php actions
        case "attachment":
            $pid = $attachments[$user_activity['aid']];
            $tid = $posts[$pid];
            if (!empty($threads[$tid])) {
                $location_name = $lang->sprintf($lang->viewing_attachment2, $user_activity['aid'], $threads[$tid], get_thread_link($tid));
            } else {
                $location_name = $lang->viewing_attachment;
            // calendar.php functions
        // calendar.php functions
        case "calendar":
            $location_name = $lang->viewing_calendar;
        case "calendar_event":
            if (!empty($events[$user_activity['eid']])) {
                $location_name = $lang->sprintf($lang->viewing_event2, get_event_link($user_activity['eid']), $events[$user_activity['eid']]);
            } else {
                $location_name = $lang->viewing_event;
        case "calendar_addevent":
            $location_name = $lang->adding_event;
        case "calendar_editevent":
            $location_name = $lang->editing_event;
        case "contact":
            $location_name = $lang->viewing_contact_us;
            // editpost.php functions
        // editpost.php functions
        case "editpost":
            $location_name = $lang->editing_post;
            // forumdisplay.php functions
        // forumdisplay.php functions
        case "forumdisplay":
            if (!empty($forums[$user_activity['fid']])) {
                if ($forums_linkto[$user_activity['fid']]) {
                    $location_name = $lang->sprintf($lang->forum_redirect_to, get_forum_link($user_activity['fid']), $forums[$user_activity['fid']]);
                } else {
                    $location_name = $lang->sprintf($lang->viewing_forum2, get_forum_link($user_activity['fid']), $forums[$user_activity['fid']]);
            } else {
                $location_name = $lang->viewing_forum;
            // index.php functions
        // index.php functions
        case "index":
            $location_name = $lang->sprintf($lang->viewing_index, $mybb->settings['bbname']);
            // managegroup.php functions
        // managegroup.php functions
        case "managegroup":
            $location_name = $lang->managing_group;
            // member.php functions
        // member.php functions
        case "member_activate":
            $location_name = $lang->activating_account;
        case "member_profile":
            if (!empty($usernames[$user_activity['uid']])) {
                $location_name = $lang->sprintf($lang->viewing_profile2, get_profile_link($user_activity['uid']), $usernames[$user_activity['uid']]);
            } else {
                $location_name = $lang->viewing_profile;
        case "member_register":
            $location_name = $lang->registering;
        case "member":
        case "member_login":
            // Guest or member?
            if ($mybb->user['uid'] == 0) {
                $location_name = $lang->logging_in;
            } else {
                $location_name = $lang->logging_in_plain;
        case "member_logout":
            $location_name = $lang->logging_out;
        case "member_emailuser":
            $location_name = $lang->emailing_user;
        case "member_rate":
            $location_name = $lang->rating_user;
        case "member_resendactivation":
            $location_name = $lang->member_resendactivation;
        case "member_lostpw":
            $location_name = $lang->member_lostpw;
            // memberlist.php functions
        // memberlist.php functions
        case "memberlist":
            $location_name = $lang->viewing_memberlist;
            // misc.php functions
        // misc.php functions
        case "misc_dstswitch":
            $location_name = $lang->changing_dst;
        case "misc_whoposted":
            if (!empty($threads[$user_activity['tid']])) {
                $location_name = $lang->sprintf($lang->viewing_whoposted2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']]);
            } else {
                $location_name = $lang->viewing_whoposted;
        case "misc_markread":
            $location_name = $lang->sprintf($lang->marking_read, $mybb->post_code);
        case "misc_help":
            $location_name = $lang->viewing_helpdocs;
        case "misc_buddypopup":
            $location_name = $lang->viewing_buddylist;
        case "misc_smilies":
            $location_name = $lang->viewing_smilies;
        case "misc_syndication":
            $location_name = $lang->viewing_syndication;
        case "misc_imcenter":
            $location_name = $lang->viewing_imcenter;
            // modcp.php functions
        // modcp.php functions
        case "modcp_modlogs":
            $location_name = $lang->viewing_modlogs;
        case "modcp_announcements":
            $location_name = $lang->managing_announcements;
        case "modcp_finduser":
            $location_name = $lang->search_for_user;
        case "modcp_warninglogs":
            $location_name = $lang->managing_warninglogs;
        case "modcp_ipsearch":
            $location_name = $lang->searching_ips;
        case "modcp_report":
            $location_name = $lang->viewing_reports;
        case "modcp_new_announcement":
            $location_name = $lang->adding_announcement;
        case "modcp_delete_announcement":
            $location_name = $lang->deleting_announcement;
        case "modcp_edit_announcement":
            $location_name = $lang->editing_announcement;
        case "modcp_mod_queue":
            $location_name = $lang->managing_modqueue;
        case "modcp_editprofile":
            $location_name = $lang->editing_user_profiles;
        case "modcp_banning":
            $location_name = $lang->managing_bans;
        case "modcp":
            $location_name = $lang->viewing_modcp;
            // moderation.php functions
        // moderation.php functions
        case "moderation":
            $location_name = $lang->using_modtools;
            // newreply.php functions
        // newreply.php functions
        case "newreply":
            if (!empty($threads[$user_activity['tid']])) {
                $location_name = $lang->sprintf($lang->replying_thread2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']]);
            } else {
                $location_name = $lang->replying_thread;
            // newthread.php functions
        // newthread.php functions
        case "newthread":
            if (!empty($forums[$user_activity['fid']])) {
                $location_name = $lang->sprintf($lang->posting_thread2, get_forum_link($user_activity['fid']), $forums[$user_activity['fid']]);
            } else {
                $location_name = $lang->posting_thread;
            // online.php functions
        // online.php functions
        case "wol":
            $location_name = $lang->viewing_wol;
        case "woltoday":
            $location_name = $lang->viewing_woltoday;
            // polls.php functions
        // polls.php functions
        case "newpoll":
            $location_name = $lang->creating_poll;
        case "editpoll":
            $location_name = $lang->editing_poll;
        case "showresults":
            $location_name = $lang->viewing_pollresults;
        case "vote":
            $location_name = $lang->voting_poll;
            // printthread.php functions
        // printthread.php functions
        case "printthread":
            if (!empty($threads[$user_activity['tid']])) {
                $location_name = $lang->sprintf($lang->printing_thread2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']]);
            } else {
                $location_name = $lang->printing_thread;
            // private.php functions
        // private.php functions
        case "private_send":
            $location_name = $lang->sending_pm;
        case "private_read":
            $location_name = $lang->reading_pm;
        case "private_folders":
            $location_name = $lang->editing_pmfolders;
        case "private":
            $location_name = $lang->using_pmsystem;
            /* Ratethread functions */
        /* Ratethread functions */
        case "ratethread":
            $location_name = $lang->rating_thread;
            // report.php functions
        // report.php functions
        case "report":
            $location_name = $lang->reporting_post;
            // reputation.php functions
        // reputation.php functions
        case "reputation":
            $location_name = $lang->sprintf($lang->giving_reputation, get_profile_link($user_activity['uid']), $usernames[$user_activity['uid']]);
        case "reputation_report":
            if (!empty($usernames[$user_activity['uid']])) {
                $location_name = $lang->sprintf($lang->viewing_reputation_report, "reputation.php?uid={$user_activity['uid']}", $usernames[$user_activity['uid']]);
            } else {
                $location_name = $lang->sprintf($lang->viewing_reputation_report2);
            // search.php functions
        // search.php functions
        case "search":
            $location_name = $lang->sprintf($lang->searching_forum, $mybb->settings['bbname']);
            // showthread.php functions
        // showthread.php functions
        case "showthread":
            if (!empty($threads[$user_activity['tid']])) {
                $pagenote = '';
                $location_name = $lang->sprintf($lang->reading_thread2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']], $pagenote);
            } else {
                $location_name = $lang->reading_thread;
        case "showpost":
            if (!empty($posts[$user_activity['pid']]) && !empty($threads[$posts[$user_activity['pid']]])) {
                $pagenote = '';
                $location_name = $lang->sprintf($lang->reading_thread2, get_thread_link($posts[$user_activity['pid']]), $threads[$posts[$user_activity['pid']]], $pagenote);
            } else {
                $location_name = $lang->reading_thread;
            // showteam.php functions
        // showteam.php functions
        case "showteam":
            $location_name = $lang->viewing_team;
            // stats.php functions
        // stats.php functions
        case "stats":
            $location_name = $lang->viewing_stats;
            // usercp.php functions
        // usercp.php functions
        case "usercp_profile":
            $location_name = $lang->updating_profile;
        case "usercp_editlists":
            $location_name = $lang->managing_buddyignorelist;
        case "usercp_options":
            $location_name = $lang->updating_options;
        case "usercp_editsig":
            $location_name = $lang->editing_signature;
        case "usercp_avatar":
            $location_name = $lang->changing_avatar;
        case "usercp_subscriptions":
            $location_name = $lang->viewing_subscriptions;
        case "usercp_favorites":
            $location_name = $lang->viewing_favorites;
        case "usercp_notepad":
            $location_name = $lang->editing_pad;
        case "usercp_password":
            $location_name = $lang->editing_password;
        case "usercp":
            $location_name = $lang->user_cp;
        case "usercp2_favorites":
            $location_name = $lang->managing_favorites;
        case "usercp2_subscriptions":
            $location_name = $lang->managing_subscriptions;
        case "portal":
            $location_name = $lang->viewing_portal;
            // sendthread.php functions
        // sendthread.php functions
        case "sendthread":
            $location_name = $lang->sending_thread;
            // warnings.php functions
        // warnings.php functions
        case "warnings_revoke":
            $location_name = $lang->revoking_warning;
        case "warnings_warn":
            $location_name = $lang->warning_user;
        case "warnings_view":
            $location_name = $lang->viewing_warning;
        case "warnings":
            $location_name = $lang->managing_warnings;
    $plugin_array = array('user_activity' => &$user_activity, 'location_name' => &$location_name);
    $plugins->run_hooks("build_friendly_wol_location_end", $plugin_array);
    if (isset($user_activity['nopermission']) && $user_activity['nopermission'] == 1) {
        $location_name = $lang->viewing_noperms;
    if (!$location_name) {
        $location_name = $lang->sprintf($lang->unknown_location, $user_activity['location']);
    return $location_name;
$visibleonly = "AND visible='1'";
$visibleonly2 = "AND p.visible='1' AND t.visible='1'";
// Is the currently logged in user a moderator of this forum?
if (is_moderator($fid)) {
    $visibleonly = " AND (visible='1' OR visible='0')";
    $visibleonly2 = "AND (p.visible='1' OR p.visible='0') AND (t.visible='1' OR t.visible='0')";
    $ismod = true;
} else {
    $ismod = false;
// Make sure we are looking at a real thread here.
if (!$thread || $thread['visible'] != 1 && $ismod == false || $thread['visible'] > 1 && $ismod == true) {
$forumpermissions = forum_permissions($thread['fid']);
// Does the user have permission to view this thread?
if ($forumpermissions['canview'] != 1 || $forumpermissions['canviewthreads'] != 1) {
if (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) {
$archive_url = build_archive_link("thread", $tid);
// Does the thread belong to a valid forum?
$forum = get_forum($fid);
if (!$forum || $forum['type'] != "f") {
// Check if this forum is password protected and we have a valid password
Esempio n. 16
 * Perform a thread and post search under MySQL or MySQLi using boolean fulltext capabilities
 * @param array Array of search data
 * @return array Array of search data with results mixed in
function perform_search_mysql_ft($search)
    global $mybb, $db, $lang;
    $keywords = clean_keywords_ft($search['keywords']);
    if (!$keywords && !$search['author']) {
    // Attempt to determine minimum word length from MySQL for fulltext searches
    $query = $db->query("SHOW VARIABLES LIKE 'ft_min_word_len';");
    $min_length = $db->fetch_field($query, 'Value');
    if (is_numeric($min_length)) {
        $mybb->settings['minsearchword'] = $min_length;
    } else {
        $mybb->settings['minsearchword'] = 4;
    if ($keywords) {
        $keywords_exp = explode("\"", $keywords);
        $inquote = false;
        foreach ($keywords_exp as $phrase) {
            if (!$inquote) {
                $split_words = preg_split("#\\s{1,}#", $phrase, -1);
                foreach ($split_words as $word) {
                    $word = str_replace(array("+", "-", "*"), '', $word);
                    if (!$word) {
                    if (my_strlen($word) < $mybb->settings['minsearchword']) {
                        $all_too_short = true;
                    } else {
                        $all_too_short = false;
            } else {
                $phrase = str_replace(array("+", "-", "*"), '', $phrase);
                if (my_strlen($phrase) < $mybb->settings['minsearchword']) {
                    $all_too_short = true;
                } else {
                    $all_too_short = false;
            $inquote = !$inquote;
        // Show the minimum search term error only if all search terms are too short
        if ($all_too_short == true) {
            $lang->error_minsearchlength = $lang->sprintf($lang->error_minsearchlength, $mybb->settings['minsearchword']);
        $message_lookin = "AND MATCH(message) AGAINST('" . $db->escape_string($keywords) . "' IN BOOLEAN MODE)";
        $subject_lookin = "AND MATCH(subject) AGAINST('" . $db->escape_string($keywords) . "' IN BOOLEAN MODE)";
    $post_usersql = '';
    $thread_usersql = '';
    if ($search['author']) {
        $userids = array();
        if ($search['matchusername']) {
            $query = $db->simple_select("users", "uid", "username='******'author']) . "'");
        } else {
            $search['author'] = my_strtolower($search['author']);
            $query = $db->simple_select("users", "uid", "LOWER(username) LIKE '%" . $db->escape_string_like($search['author']) . "%'");
        while ($user = $db->fetch_array($query)) {
            $userids[] = $user['uid'];
        if (count($userids) < 1) {
        } else {
            $userids = implode(',', $userids);
            $post_usersql = " AND p.uid IN (" . $userids . ")";
            $thread_usersql = " AND t.uid IN (" . $userids . ")";
    $datecut = '';
    if ($search['postdate']) {
        if ($search['pddir'] == 0) {
            $datecut = "<=";
        } else {
            $datecut = ">=";
        $now = TIME_NOW;
        $datelimit = $now - 86400 * $search['postdate'];
        $datecut .= "'{$datelimit}'";
        $post_datecut = " AND p.dateline {$datecut}";
        $thread_datecut = " AND t.dateline {$datecut}";
    $thread_replycut = '';
    if ($search['numreplies'] != '' && $search['findthreadst']) {
        if (intval($search['findthreadst']) == 1) {
            $thread_replycut = " AND t.replies >= '" . intval($search['numreplies']) . "'";
        } else {
            $thread_replycut = " AND t.replies <= '" . intval($search['numreplies']) . "'";
    $thread_prefixcut = '';
    $prefixlist = array();
    if ($search['threadprefix'] && $search['threadprefix'][0] != 'any') {
        foreach ($search['threadprefix'] as $threadprefix) {
            $threadprefix = intval($threadprefix);
            $prefixlist[] = $threadprefix;
    if (count($prefixlist) == 1) {
        $thread_prefixcut .= " AND t.prefix='{$threadprefix}' ";
    } else {
        if (count($prefixlist) > 1) {
            $thread_prefixcut = " AND t.prefix IN (" . implode(',', $prefixlist) . ")";
    $forumin = '';
    $fidlist = array();
    $searchin = array();
    if ($search['forums'][0] != "all") {
        if (!is_array($search['forums'])) {
            $search['forums'] = array(intval($search['forums']));
        // Generate a comma separated list of all groups the user belongs to
        $user_groups = $mybb->user['usergroup'];
        if ($mybb->user['additionalgroups']) {
            $user_groups .= "," . $mybb->user['additionalgroups'];
        foreach ($search['forums'] as $forum) {
            $forum = intval($forum);
            if (!$searchin[$forum]) {
                switch ($db->type) {
                    case "pgsql":
                    case "sqlite":
                        $query = $db->query("\n\t\t\t\t\t\t\tSELECT f.fid\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "forums f\n\t\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermissions p ON (f.fid=p.fid AND p.gid IN (" . $user_groups . "))\n\t\t\t\t\t\t\tWHERE INSTR(','||parentlist||',',',{$forum},') > 0 AND active!=0 AND ((p.fid) IS NULL OR p.cansearch=1)\n\t\t\t\t\t\t");
                        $query = $db->query("\n\t\t\t\t\t\t\tSELECT f.fid\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "forums f\n\t\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermissions p ON (f.fid=p.fid AND p.gid IN (" . $user_groups . "))\n\t\t\t\t\t\t\tWHERE INSTR(CONCAT(',',parentlist,','),',{$forum},') > 0 AND active!=0 AND ((p.fid) IS NULL OR p.cansearch=1)\n\t\t\t\t\t\t");
                while ($sforum = $db->fetch_array($query)) {
                    $fidlist[] = $sforum['fid'];
        if (count($fidlist) == 1) {
            $forumin .= " AND t.fid='{$forum}' ";
            $searchin[$fid] = 1;
        } else {
            if (count($fidlist) > 1) {
                $forumin = " AND t.fid IN (" . implode(',', $fidlist) . ")";
    $permsql = "";
    $onlyusfids = array();
    // Check group permissions if we can't view threads not started by us
    $group_permissions = forum_permissions();
    foreach ($group_permissions as $fid => $forum_permissions) {
        if ($forum_permissions['canonlyviewownthreads'] == 1) {
            $onlyusfids[] = $fid;
    if (!empty($onlyusfids)) {
        $permsql .= "AND ((t.fid IN(" . implode(',', $onlyusfids) . ") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(" . implode(',', $onlyusfids) . "))";
    $unsearchforums = get_unsearchable_forums();
    if ($unsearchforums) {
        $permsql .= " AND t.fid NOT IN ({$unsearchforums})";
    $inactiveforums = get_inactive_forums();
    if ($inactiveforums) {
        $permsql .= " AND t.fid NOT IN ({$inactiveforums})";
    $visiblesql = $post_visiblesql = $plain_post_visiblesql = "";
    if (isset($search['visible'])) {
        if ($search['visible'] == 1) {
            $visiblesql = " AND t.visible = '1'";
            if ($search['postthread'] == 1) {
                $post_visiblesql = " AND p.visible = '1'";
                $plain_post_visiblesql = " AND visible = '1'";
        } else {
            $visiblesql = " AND t.visible != '1'";
            if ($search['postthread'] == 1) {
                $post_visiblesql = " AND p.visible != '1'";
                $plain_post_visiblesql = " AND visible != '1'";
    // Searching a specific thread?
    if ($search['tid']) {
        $tidsql = " AND t.tid='" . intval($search['tid']) . "'";
    $limitsql = '';
    if (intval($mybb->settings['searchhardlimit']) > 0) {
        $limitsql = "LIMIT " . intval($mybb->settings['searchhardlimit']);
    // Searching both posts and thread titles
    $threads = array();
    $posts = array();
    $firstposts = array();
    if ($search['postthread'] == 1) {
        // No need to search subjects when looking for results within a specific thread
        if (!$search['tid']) {
            $query = $db->query("\n\t\t\t\tSELECT t.tid, t.firstpost\n\t\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\t\tWHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} AND t.closed NOT LIKE 'moved|%' {$subject_lookin}\n\t\t\t\t{$limitsql}\n\t\t\t");
            while ($thread = $db->fetch_array($query)) {
                $threads[$thread['tid']] = $thread['tid'];
                if ($thread['firstpost']) {
                    $posts[$thread['tid']] = $thread['firstpost'];
        $query = $db->query("\n\t\t\tSELECT p.pid, p.tid\n\t\t\tFROM " . TABLE_PREFIX . "posts p\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\t\tWHERE 1=1 {$post_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$post_usersql} {$permsql} {$tidsql} {$post_visiblesql} {$visiblesql} AND t.closed NOT LIKE 'moved|%' {$message_lookin}\n\t\t\t{$limitsql}\n\t\t");
        while ($post = $db->fetch_array($query)) {
            $posts[$post['pid']] = $post['pid'];
            $threads[$post['tid']] = $post['tid'];
        if (count($posts) < 1 && count($threads) < 1) {
        $threads = implode(',', $threads);
        $posts = implode(',', $posts);
    } else {
        $query = $db->query("\n\t\t\tSELECT t.tid, t.firstpost\n\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\tWHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} {$subject_lookin}\n\t\t\t{$limitsql}\n\t\t");
        while ($thread = $db->fetch_array($query)) {
            $threads[$thread['tid']] = $thread['tid'];
            if ($thread['firstpost']) {
                $firstposts[$thread['tid']] = $thread['firstpost'];
        if (count($threads) < 1) {
        $threads = implode(',', $threads);
        $firstposts = implode(',', $firstposts);
        if ($firstposts) {
            $query = $db->simple_select("posts", "pid", "pid IN ({$firstposts}) {$plain_post_visiblesql} {$limitsql}");
            while ($post = $db->fetch_array($query)) {
                $posts[$post['pid']] = $post['pid'];
            $posts = implode(',', $posts);
    return array("threads" => $threads, "posts" => $posts, "querycache" => '');
Esempio n. 17
function xthreads_forumdisplay()
    global $db, $threadfield_cache, $fid, $mybb, $tf_filters, $xt_filters, $filters_set, $xthreads_forum_filter_form, $xthreads_forum_filter_args;
    // the position of the "forumdisplay_start" hook is kinda REALLY annoying...
    $fid = (int) $mybb->input['fid'];
    if ($fid < 1 || !($forum = get_forum($fid))) {
    // replicate some MyBB behaviour
    if (!isset($mybb->input['sortby']) && !empty($forum['defaultsortby'])) {
        $mybb->input['sortby'] = $forum['defaultsortby'];
    $threadfield_cache = xthreads_gettfcache($fid);
    // Quick Thread integration
    if (!empty($threadfield_cache) && function_exists('quickthread_run')) {
    $fpermissions = forum_permissions($fid);
    $show_threads = $fpermissions['canview'] == 1 && $fpermissions['canviewthreads'] != 0;
    $tf_filters = array();
    $filters_set = array('__search' => array('hiddencss' => '', 'visiblecss' => 'display: none;', 'selected' => array('' => ' selected="selected"'), 'checked' => array('' => ' checked="checked"'), 'active' => array('' => 'filtertf_active'), 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active'), '__all' => array('hiddencss' => '', 'visiblecss' => 'display: none;', 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active'));
    $xthreads_forum_filter_form = $xthreads_forum_filter_args = '';
    $use_default_filter = true;
    if (!empty($threadfield_cache)) {
        if ($show_threads) {
            function xthreads_forumdisplay_dbhook(&$s, &$db)
                global $threadfield_cache, $fid, $plugins, $threadfields, $xthreads_forum_sort;
                //if(empty($threadfield_cache)) return;
                $fields = '';
                foreach ($threadfield_cache as &$v) {
                    $fields .= ', tfd.`' . $v['field'] . '` AS `xthreads_' . $v['field'] . '`';
                $sortjoin = '';
                if (!empty($xthreads_forum_sort) && isset($xthreads_forum_sort['sortjoin'])) {
                    $sortjoin = ' LEFT JOIN ' . $db->table_prefix . $xthreads_forum_sort['sortjoin'];
                $s = strtr($s, array('SELECT t.*, ' => 'SELECT t.*' . $fields . ', ', 'WHERE t.fid=' => 'LEFT JOIN `' . $db->table_prefix . 'threadfields_data` tfd ON t.tid=tfd.tid' . $sortjoin . ' WHERE t.fid='));
                $plugins->add_hook('forumdisplay_thread', 'xthreads_forumdisplay_thread');
                $threadfields = array();
            control_object($db, '
				function query($string, $hide_errors=0, $write_query=0) {
					static $done=false;
					if(!$done && !$write_query && strpos($string, \'SELECT t.*, \') && strpos($string, \'t.username AS threadusername, u.username\') && strpos($string, \'FROM ' . TABLE_PREFIX . 'threads t\')) {
						$done = true;
						xthreads_forumdisplay_dbhook($string, $this);
					return parent::query($string, $hide_errors, $write_query);
        // also check for forumdisplay filters/sort
        // and generate form HTML
        foreach ($threadfield_cache as $n => &$tf) {
            $filters_set[$n] = array('hiddencss' => '', 'visiblecss' => 'display: none;', 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active');
            if ($tf['ignoreblankfilter']) {
                // will be overwritten if not blank
                $filters_set[$n]['selected'] = array('' => ' selected="selected"');
                $filters_set[$n]['checked'] = array('' => ' checked="checked"');
                $filters_set[$n]['active'] = array('' => 'filtertf_active');
            if ($tf['allowfilter'] && isset($mybb->input['filtertf_' . $n]) && xthreads_user_in_groups($tf['viewable_gids'])) {
                $tf_filters[$n] = $mybb->input['filtertf_' . $n];
                $use_default_filter = false;
                // ignore blank inputs
                if ($tf['ignoreblankfilter'] && (is_array($tf_filters[$n]) && (empty($tf_filters[$n]) || array_unique($tf_filters[$n]) == array('')) || $tf_filters[$n] === '')) {
        // sorting by thread fields
        if ($mybb->input['sortby'] && substr($mybb->input['sortby'], 0, 2) == 'tf') {
            global $xthreads_forum_sort;
            if (substr($mybb->input['sortby'], 0, 3) == 'tf_') {
                $n = substr($mybb->input['sortby'], 3);
                if (isset($threadfield_cache[$n]) && xthreads_empty($threadfield_cache[$n]['multival']) && $threadfield_cache[$n]['inputtype'] != XTHREADS_INPUT_FILE && xthreads_user_in_groups($threadfield_cache[$n]['viewable_gids'])) {
                    if ($threadfield_cache[$n]['inputtype'] != XTHREADS_INPUT_TEXTAREA) {
                        // also disallow sorting by textarea inputs
                        $xthreads_forum_sort = array('t' => 'tfd.', 'sortby' => $mybb->input['sortby'], 'sortfield' => '`' . $n . '`');
            } elseif (substr($mybb->input['sortby'], 0, 4) == 'tfa_') {
                $p = strpos($mybb->input['sortby'], '_', 5);
                if ($p) {
                    $field = strtolower(substr($mybb->input['sortby'], 4, $p - 4));
                    $n = substr($mybb->input['sortby'], $p + 1);
                    if (isset($threadfield_cache[$n]) && xthreads_empty($threadfield_cache[$n]['multival']) && $threadfield_cache[$n]['inputtype'] == XTHREADS_INPUT_FILE && xthreads_user_in_groups($threadfield_cache[$n]['viewable_gids']) && in_array($field, array('filename', 'filesize', 'uploadtime', 'updatetime', 'downloads'))) {
                        $xthreads_forum_sort = array('t' => 'xta.', 'sortby' => $mybb->input['sortby'], 'sortfield' => '`' . $field . '`', 'sortjoin' => 'xtattachments xta ON tfd.`' . $n . '`=xta.aid');
    if (!isset($xthreads_forum_sort) && $mybb->input['sortby'] && in_array($mybb->input['sortby'], array('prefix', 'icon', 'lastposter', 'numratings', 'attachmentcount'))) {
        global $xthreads_forum_sort;
        switch ($mybb->input['sortby']) {
            case 'prefix':
                if ($mybb->version_code >= 1500) {
                    $xthreads_forum_sort = array('t' => $mybb->version_code >= 1604 ? 't.' : 'p.', 'sortby' => $mybb->input['sortby'], 'sortfield' => $mybb->input['sortby']);
            case 'icon':
                $xthreads_forum_sort = array('t' => 't.', 'sortby' => $mybb->input['sortby'], 'sortfield' => $mybb->input['sortby']);
            case 'lastposter':
            case 'numratings':
            case 'attachmentcount':
                $xthreads_forum_sort = array('t' => 't.', 'sortby' => $mybb->input['sortby'], 'sortfield' => $mybb->input['sortby']);
    $xt_filters = array();
    //$enabled_xtf = explode(',', $forum['xthreads_addfiltenable']);
    //if(!empty($enabled_xtf)) {
    //global $lang;
    //foreach($enabled_xtf as &$xtf) {
    $enabled_xtf = array('uid', 'icon', 'lastposteruid');
    if ($mybb->version_code >= 1500) {
        $enabled_xtf[] = 'prefix';
    foreach ($enabled_xtf as &$xtf) {
        $filters_set['__xt_' . $xtf] = array('hiddencss' => '', 'visiblecss' => 'display: none;', 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active');
        if (isset($mybb->input['filterxt_' . $xtf]) && $mybb->input['filterxt_' . $xtf] !== '') {
            $xt_filters[$xtf] = $mybb->input['filterxt_' . $xtf];
            $use_default_filter = false;
    if (function_exists('xthreads_evalcacheForumFilters')) {
        $xtforum = xthreads_evalcacheForumFilters($fid);
        if ($use_default_filter && (!empty($xtforum['defaultfilter_tf']) || !empty($xtforum['defaultfilter_xt'])) && !$mybb->input['filterdisable']) {
            $tf_filters = $xtforum['defaultfilter_tf'];
            foreach ($tf_filters as $n => &$filter) {
                if (!xthreads_user_in_groups($threadfield_cache[$n]['viewable_gids'])) {
            $xt_filters = $xtforum['defaultfilter_xt'];
    foreach ($tf_filters as $n => &$filter) {
        xthreads_forumdisplay_filter_input('filtertf_' . $n, $filter, $filters_set[$n]);
    foreach ($xt_filters as $n => &$filter) {
        // sanitise input here as we may need to grab extra info
        	$filter = array_map('intval', $filter);
        	$filter = (int)$filter;
        xthreads_forumdisplay_filter_input('filterxt_' . $n, $filter, $filters_set['__xt_' . $n]);
        	$ids = implode(',', $filter);
        	$ids = $filter;
        // grab extra info for $filter_set array
        switch($n) {
        	case 'uid': case 'lastposteruid':
        		// perhaps might be nice if we could merge these two together...
        		$info = xthreads_forumdisplay_xtfilter_extrainfo('users', array('username'), 'uid', $ids, 'guest');
        		$filters_set['__xt_'.$n]['name'] = $info['username'];
        	case 'prefix':
        		// displaystyles?
        		if(!$lang->xthreads_no_prefix) $lang->load('xthreads');
        		$info = xthreads_forumdisplay_xtfilter_extrainfo('threadprefixes', array('prefix', 'displaystyle'), 'pid', $ids, 'xthreads_no_prefix');
        		$filters_set['__xt_'.$n]['name'] = $info['prefix'];
        		$filters_set['__xt_'.$n]['displayname'] = $info['displaystyle'];
        	case 'icon':
        		// we'll retrieve icons from the cache rather than query the DB
        		$icons = $GLOBALS['cache']->read('posticons');
        			$ids =& $filter;
        			$ids = array($ids);
        		$filters_set['__xt_'.$n]['name'] = '';
        		$iconstr =& $filters_set['__xt_'.$n]['name'];
        		foreach($ids as $id) {
        			if($id && $icons[$id])
        				$iconstr .= ($iconstr?', ':'') . htmlspecialchars_uni($icons[$id]['name']);
        			elseif(!$id) {
        				if(!$lang->xthreads_no_icon) $lang->load('xthreads');
        				$iconstr .= ($iconstr?', ':'') . '<em>'.$lang->xthreads_no_icon.'</em>';
    if ($xthreads_forum_filter_args) {
        $filters_set['__all']['urlarg'] = htmlspecialchars_uni(substr($xthreads_forum_filter_args, 1));
        $filters_set['__all']['urlarga'] = '&amp;' . $filters_set['__all']['urlarg'];
        $filters_set['__all']['urlargq'] = '?' . $filters_set['__all']['urlarg'];
        $filters_set['__all']['forminput'] = $xthreads_forum_filter_form;
        $filters_set['__all']['hiddencss'] = 'display: none;';
        $filters_set['__all']['visiblecss'] = '';
        unset($filters_set['__all']['nullselected'], $filters_set['__all']['nullchecked'], $filters_set['__all']['nullactive']);
    if ($forum['xthreads_inlinesearch'] && isset($mybb->input['search']) && $mybb->input['search'] !== '') {
        $urlarg = 'search=' . rawurlencode($mybb->input['search']);
        $xthreads_forum_filter_args .= '&' . $urlarg;
        $GLOBALS['xthreads_forum_search_form'] = '<input type="hidden" name="search" value="' . htmlspecialchars_uni($mybb->input['search']) . '" />';
        $filters_set['__search']['forminput'] =& $GLOBALS['xthreads_forum_search_form'];
        $filters_set['__search']['value'] = htmlspecialchars_uni($mybb->input['search']);
        $filters_set['__search']['urlarg'] = htmlspecialchars_uni($urlarg);
        $filters_set['__search']['urlarga'] = '&amp;' . $filters_set['__search']['urlarg'];
        $filters_set['__search']['urlargq'] = '?' . $filters_set['__search']['urlarg'];
        $filters_set['__search']['selected'] = array($mybb->input['search'] => ' selected="selected"');
        $filters_set['__search']['checked'] = array($mybb->input['search'] => ' checked="checked"');
        $filters_set['__search']['active'] = array($mybb->input['search'] => 'filtertf_active');
        $filters_set['__search']['hiddencss'] = 'display: none;';
        $filters_set['__search']['visiblecss'] = '';
        unset($filters_set['__search']['nullselected'], $filters_set['__search']['nullchecked'], $filters_set['__search']['nullactive']);
    if ($show_threads) {
        $using_filter = $forum['xthreads_inlinesearch'] || !empty($tf_filters) || !empty($xt_filters);
        if ($using_filter || isset($xthreads_forum_sort)) {
            // only nice way to do all of this is to gain control of $templates, so let's do it
            control_object($GLOBALS['templates'], '
				function get($title, $eslashes=1, $htmlcomments=1) {
					static $done=false;
					if(!$done && $title == \'forumdisplay_orderarrow\') {
						$done = true;
						' . ($using_filter ? 'xthreads_forumdisplay_filter();' : '') . '
						' . (isset($xthreads_forum_sort) ? '
							$orderbyhack = xthreads_forumdisplay_sorter();
							return $orderbyhack.parent::get($title, $eslashes, $htmlcomments);
						' : '') . '
					return parent::get($title, $eslashes, $htmlcomments);
            if($forum['xthreads_inlinesearch']) {
            	// give us a bit of a free speed up since this isn't really being used anyway...
            	$templates->cache['forumdisplay_searchforum'] = '';
            // generate stuff for pagination/sort-links and fields for forms (sort listboxes, inline search)
    if ($forum['xthreads_fdcolspan_offset']) {
        control_object($GLOBALS['cache'], '
			function read($name, $hard=false) {
				static $done=false;
				if(!$done && $name == "posticons" && isset($GLOBALS["colspan"])) {
					$done = true;
					$GLOBALS["colspan"] += $GLOBALS["foruminfo"]["xthreads_fdcolspan_offset"];
				return parent::read($name, $hard);
Esempio n. 18
 * Build a list of forums for RSS multiselect.
 * @param int Parent forum ID.
 * @param unknown_type deprecated
 * @param boolean Whether to add selected attribute or not.
 * @param string HTML for the depth of the forum.
 * @return string HTML of the list of forums for CSS.
function makesyndicateforums($pid = "0", $selitem = "", $addselect = "1", $depth = "")
    global $db, $forumcache, $permissioncache, $mybb, $forumlist, $forumlistbits, $flist, $lang, $unexp, $templates;
    $pid = (int) $pid;
    $forumlist = '';
    if (!is_array($forumcache)) {
        // Get Forums
        $query = $db->simple_select("forums", "*", "linkto = '' AND active!=0", array('order_by' => 'pid, disporder'));
        while ($forum = $db->fetch_array($query)) {
            $forumcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
    if (!is_array($permissioncache)) {
        $permissioncache = forum_permissions();
    if (is_array($forumcache[$pid])) {
        foreach ($forumcache[$pid] as $key => $main) {
            foreach ($main as $key => $forum) {
                $perms = $permissioncache[$forum['fid']];
                if ($perms['canview'] == 1 || $mybb->settings['hideprivateforums'] == 0) {
                    $optionselected = '';
                    if (isset($flist[$forum['fid']])) {
                        $optionselected = 'selected="selected"';
                        $selecteddone = "1";
                    if ($forum['password'] == '' && !in_array($forum['fid'], $unexp) || $forum['password'] && isset($mybb->cookies['forumpass'][$forum['fid']]) && $mybb->cookies['forumpass'][$forum['fid']] === md5($mybb->user['uid'] . $forum['password'])) {
                        $forumlistbits .= "<option value=\"{$forum['fid']}\" {$optionselected}>{$depth} {$forum['name']}</option>\n";
                    if (!empty($forumcache[$forum['fid']])) {
                        $newdepth = $depth . "&nbsp;&nbsp;&nbsp;&nbsp;";
                        $forumlistbits .= makesyndicateforums($forum['fid'], '', 0, $newdepth);
    if ($addselect) {
        $addsel = '';
        if (empty($selecteddone)) {
            $addsel = ' selected="selected"';
        eval("\$forumlist = \"" . $templates->get("misc_syndication_forumlist") . "\";");
    return $forumlist;
Esempio n. 19
function save_raw_post_func($xmlrpc_params)
    global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
    $input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::INT, 'post_title' => Tapatalk_Input::STRING, 'post_content' => Tapatalk_Input::STRING, 'return_html' => Tapatalk_Input::INT, 'attachment_id_array' => Tapatalk_Input::RAW, 'group_id' => Tapatalk_Input::STRING, 'editreason' => Tapatalk_Input::STRING), $xmlrpc_params);
    $parser = new postParser();
    // No permission for guests
    if (!$mybb->user['uid']) {
        return tt_no_permission();
    // Get post info
    $pid = $input['post_id'];
    $query = $db->simple_select("posts", "*", "pid='{$pid}'");
    $post = $db->fetch_array($query);
    if (empty($input['post_title'])) {
        $input['post_title'] = $post['subject'];
    if (!$post['pid']) {
        return xmlrespfalse($lang->error_invalidpost);
    // Get thread info
    $tid = $post['tid'];
    $thread = get_thread($tid);
    if (!$thread['tid']) {
        return xmlrespfalse($lang->error_invalidthread);
    $thread['subject'] = htmlspecialchars_uni($thread['subject']);
    // Get forum info
    $fid = $post['fid'];
    $forum = get_forum($fid);
    if (!$forum || $forum['type'] != "f") {
        return xmlrespfalse($lang->error_closedinvalidforum);
    if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) {
        return tt_no_permission();
    $forumpermissions = forum_permissions($fid);
    if (!is_moderator($fid, "caneditposts")) {
        if ($thread['closed'] == 1) {
            return xmlrespfalse($lang->redirect_threadclosed);
        if ($forumpermissions['caneditposts'] == 0) {
            return tt_no_permission();
        if ($mybb->user['uid'] != $post['uid']) {
            return tt_no_permission();
        // Edit time limit
        $time = TIME_NOW;
        if ($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < $time - $mybb->settings['edittimelimit'] * 60) {
            $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']);
            return xmlrespfalse($lang->edit_time_limit);
    // Check if this forum is password protected and we have a valid password
    // Set up posthandler.
    require_once MYBB_ROOT . "inc/datahandlers/post.php";
    $posthandler = new PostDataHandler("update");
    $posthandler->action = "post";
    // Set the post data that came from the input to the $post array.
    $post = array("pid" => $pid, "subject" => $input['post_title'], "uid" => $mybb->user['uid'], "username" => $mybb->user['username'], "edit_uid" => $mybb->user['uid'], "message" => $input['post_content']);
    if (version_compare($mybb->version, '1.8.0', '>=') && !empty($input['editreason'])) {
        $post["editreason"] = $input['editreason'];
    // get subscription status
    $query = $db->simple_select("threadsubscriptions", 'notification', "uid='" . intval($mybb->user['uid']) . "' AND tid='" . intval($tid) . "'");
    $substatus = $db->fetch_array($query);
    // Set up the post options from the input.
    $post['options'] = array("signature" => 1, "subscriptionmethod" => isset($substatus['notification']) ? $substatus['notification'] == 1 ? 'instant' : 'none' : '', "disablesmilies" => 0);
    // Now let the post handler do all the hard work.
    if (!$posthandler->validate_post()) {
        $post_errors = $posthandler->get_friendly_errors();
        return xmlrespfalse(implode(" :: ", $post_errors));
    } else {
        $postinfo = $posthandler->update_post();
        $visible = $postinfo['visible'];
        $first_post = $postinfo['first_post'];
        // Help keep our attachments table clean.
        $db->delete_query("attachments", "filename='' OR filesize<1");
        if ($visible == 0 && $first_post && !is_moderator($fid, "", $mybb->user['uid'])) {
            $state = 1;
        } else {
            if ($visible == 0 && !is_moderator($fid, "", $mybb->user['uid'])) {
                $state = 1;
            } else {
                $state = 0;
    $pid = intval($pid);
    if (!empty($input['group_id_esc'])) {
        $db->update_query("attachments", array("pid" => $pid), "posthash='{$input['group_id_esc']}'");
    // update thread attachment account
    if (count($input['attachment_id_array']) > 0) {
        update_thread_counters($tid, array("attachmentcount" => "+" . count($input['attachment_id_array'])));
    $post = get_post($pid);
    $parser_options = array();
    $parser_options['allow_html'] = false;
    $parser_options['allow_mycode'] = true;
    $parser_options['allow_smilies'] = false;
    $parser_options['allow_imgcode'] = true;
    $parser_options['allow_videocode'] = true;
    $parser_options['nl2br'] = (bool) $input['return_html'];
    $parser_options['filter_badwords'] = 1;
    if (!$post['username']) {
        $post['username'] = $lang->guest;
    if ($post['userusername']) {
        $parser_options['me_username'] = $post['userusername'];
    } else {
        $parser_options['me_username'] = $post['username'];
    $post['message'] = $parser->parse_message($post['message'], $parser_options);
    $post['subject'] = $parser->parse_badwords($post['subject']);
    $result = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'state' => new xmlrpcval($state, 'int'), 'post_title' => new xmlrpcval($post['subject'], 'base64'), 'post_content' => new xmlrpcval(process_post($post['message'], $input['return_html']), 'base64')), 'struct');
    return new xmlrpcresp($result);
Esempio n. 20
function get_announcement_func($xmlrpc_params)
    global $db, $lang, $mybb, $position, $plugins, $pids, $groupscache;
    $input = Tapatalk_Input::filterXmlInput(array('topic_id' => Tapatalk_Input::STRING, 'start_num' => Tapatalk_Input::INT, 'last_num' => Tapatalk_Input::INT, 'return_html' => Tapatalk_Input::INT), $xmlrpc_params);
    $parser = new Tapatalk_Parser();
    // Load global language phrases
    $aid = intval($_GET['aid']);
    // Get announcement fid
    $query = $db->simple_select("announcements", "fid", "aid='{$aid}'");
    $announcement = $db->fetch_array($query);
    if (!$announcement) {
    // Get forum info
    $fid = $announcement['fid'];
    if ($fid > 0) {
        $forum = get_forum($fid);
        if (!$forum) {
        // Make navigation
        // Permissions
        $forumpermissions = forum_permissions($forum['fid']);
        if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) {
        // Check if this forum is password protected and we have a valid password
    $archive_url = build_archive_link("announcement", $aid);
    // Get announcement info
    $time = TIME_NOW;
    $query = $db->query("\n\t\tSELECT u.*, u.username AS userusername, a.*, f.*\n\t\tFROM " . TABLE_PREFIX . "announcements a\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=a.uid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfields f ON (f.ufid=u.uid)\n\t\tWHERE a.startdate<='{$time}' AND (a.enddate>='{$time}' OR a.enddate='0') AND a.aid='{$aid}'\n\t");
    $announcementarray = $db->fetch_array($query);
    if (!$announcementarray) {
    // Gather usergroup data from the cache
    // Field => Array Key
    $data_key = array('title' => 'grouptitle', 'usertitle' => 'groupusertitle', 'stars' => 'groupstars', 'starimage' => 'groupstarimage', 'image' => 'groupimage', 'namestyle' => 'namestyle', 'usereputationsystem' => 'usereputationsystem');
    foreach ($data_key as $field => $key) {
        $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
    $announcementarray['dateline'] = $announcementarray['startdate'];
    $announcementarray['userusername'] = $announcementarray['username'];
    $announcement = build_postbit($announcementarray, 3);
    $announcementarray['subject'] = $parser->parse_badwords($announcementarray['subject']);
    $lang->forum_announcement = $lang->sprintf($lang->forum_announcement, htmlspecialchars_uni($announcementarray['subject']));
    if ($announcementarray['startdate'] > $mybb->user['lastvisit']) {
        $setcookie = true;
        if (isset($mybb->cookies['mybb']['announcements']) && is_scalar($mybb->cookies['mybb']['announcements'])) {
            $cookie = my_unserialize(stripslashes($mybb->cookies['mybb']['announcements']));
            if (isset($cookie[$announcementarray['aid']])) {
                $setcookie = false;
        if ($setcookie) {
            my_set_array_cookie('announcements', $announcementarray['aid'], $announcementarray['startdate'], -1);
    $user_info = get_user($announcementarray['aid']);
    $icon_url = absolute_url($user_info['avatar']);
    // prepare xmlrpc return
    $xmlrpc_post = new xmlrpcval(array('topic_id' => new xmlrpcval('ann_' . $announcementarray['aid']), 'post_title' => new xmlrpcval(basic_clean($announcementarray['subject']), 'base64'), 'post_content' => new xmlrpcval(process_post($announcementarray['message'], $input['return_html']), 'base64'), 'post_author_id' => new xmlrpcval($announcementarray['uid']), 'post_author_name' => new xmlrpcval(basic_clean($announcementarray['username']), 'base64'), 'user_type' => new xmlrpcval(check_return_user_type($announcementarray['username']), 'base64'), 'icon_url' => new xmlrpcval(absolute_url($icon_url)), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($announcementarray['dateline']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($announcementarray['dateline'], 'string')), 'struct');
    $result = array('total_post_num' => new xmlrpcval(1, 'int'), 'can_reply' => new xmlrpcval(false, 'boolean'), 'can_subscribe' => new xmlrpcval(false, 'boolean'), 'posts' => new xmlrpcval(array($xmlrpc_post), 'array'));
    return new xmlrpcresp(new xmlrpcval($result, 'struct'));
Esempio n. 21
     $query = $db->simple_select("forums", "*", "fid='{$fid}'");
     $forum = $db->fetch_array($query);
     $sperms = $permission_data;
     $sql = build_parent_list($fid);
     $query = $db->simple_select("forumpermissions", "*", "{$sql} AND gid='{$gid}'");
     $customperms = $db->fetch_array($query);
     if ($permission_data['pid']) {
         $permission_data['usecustom'] = 1;
         echo $form->generate_hidden_field("pid", $pid);
     } else {
         echo $form->generate_hidden_field("fid", $fid);
         echo $form->generate_hidden_field("gid", $gid);
         if (!$customperms['pid']) {
             $permission_data = usergroup_permissions($gid);
         } else {
             $permission_data = forum_permissions($fid, 0, $gid);
 $groups = array('canviewthreads' => 'viewing', 'canview' => 'viewing', 'canonlyviewownthreads' => 'viewing', 'candlattachments' => 'viewing', 'canpostthreads' => 'posting_rating', 'canpostreplys' => 'posting_rating', 'canonlyreplyownthreads' => 'posting_rating', 'canpostattachments' => 'posting_rating', 'canratethreads' => 'posting_rating', 'caneditposts' => 'editing', 'candeleteposts' => 'editing', 'candeletethreads' => 'editing', 'caneditattachments' => 'editing', 'modposts' => 'moderate', 'modthreads' => 'moderate', 'modattachments' => 'moderate', 'mod_edit_posts' => 'moderate', 'canpostpolls' => 'polls', 'canvotepolls' => 'polls', 'cansearch' => 'misc');
 $groups = $plugins->run_hooks("admin_forum_management_permission_groups", $groups);
 $tabs = array();
 foreach (array_unique(array_values($groups)) as $group) {
     $lang_group = "group_" . $group;
     $tabs[$group] = $lang->{$lang_group};
 if ($mybb->input['ajax'] == 1) {
     $page->output_tab_control($tabs, false, "tabs2");
 } else {
Esempio n. 22
function xthreads_upload_attachments_global()
    //if($mybb->request_method == 'post' && ($current_page == 'newthread.php' || ($current_page == 'editpost.php' && $mybb->input['action'] != 'deletepost'))
    // the above line is always checked and true
    global $mybb, $current_page, $thread;
    if ($current_page == 'editpost.php') {
        // check if first post
        $pid = (int) $mybb->input['pid'];
        if (!$thread) {
            $post = get_post($pid);
            if (!empty($post)) {
                $thread = get_thread($post['tid']);
            if (empty($thread)) {
            $pid = $post['pid'];
        if ($thread['firstpost'] != $pid) {
    } elseif ($mybb->input['tid']) {
        /* ($mybb->input['action'] == 'editdraft' || $mybb->input['action'] == 'savedraft') && */
        $thread = get_thread((int) $mybb->input['tid']);
        if ($thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) {
            // ensure that this is, indeed, a draft
    // permissions check - ideally, should get MyBB to do this, but I see no easy way to implement it unfortunately
    if ($mybb->user['suspendposting'] == 1) {
    if ($thread['fid']) {
        $fid = $thread['fid'];
    } else {
        $fid = (int) $mybb->input['fid'];
    $forum = get_forum($fid);
    if (!$forum['fid'] || $forum['open'] == 0 || $forum['type'] != 'f') {
    $forumpermissions = forum_permissions($fid);
    if ($forumpermissions['canview'] == 0) {
    if ($current_page == 'newthread.php' && $forumpermissions['canpostthreads'] == 0) {
    } elseif ($current_page == 'editpost.php') {
        if (!is_moderator($fid, 'caneditposts')) {
            if ($thread['closed'] == 1 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $thread['uid']) {
            if ($mybb->settings['edittimelimit'] != 0 && $thread['dateline'] < TIME_NOW - $mybb->settings['edittimelimit'] * 60) {
    if (!verify_post_check($mybb->input['my_post_key'], true)) {
Esempio n. 23
function firstpreview_ajax()
    global $mybb, $db, $lang, $charset;
    // Get the first post
    if (isset($mybb->input['firstpost']) && $mybb->input['firstpost'] == 1 && $mybb->request_method == "post") {
        $thread = get_thread((int) $mybb->input['tid']);
        $permissions = forum_permissions($thread['fid']);
        require_once MYBB_ROOT . "inc/class_parser.php";
        $parser = new postParser();
        $post = get_post($thread['firstpost']);
        $forum = get_forum($thread['fid']);
        $user = get_user($post['uid']);
        $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
        $threaddate = my_date($mybb->settings['dateformat'], $thread['dateline']);
        $threadtime = my_date($mybb->settings['timeformat'], $thread['dateline']);
        $threadposted = ' (' . $threaddate . ', ' . $threadtime . ')';
        $parser_options['allow_html'] = $forum['allowhtml'];
        $parser_options['allow_mycode'] = $forum['allowmycode'];
        $parser_options['allow_smilies'] = $forum['allowsmilies'];
        $parser_options['allow_imgcode'] = $forum['allowimgcode'];
        $parser_options['allow_videocode'] = $forum['allowvideocode'];
        $parser_options['filter_badwords'] = 1;
        $id = 0;
        $post['message'] = $parser->parse_message($post['message'], $parser_options);
        if (isset($mybb->settings['firstpreview_html']) && $mybb->settings['firstpreview_html'] != 1) {
            $post['message'] = strip_tags($post['message'], "<br><p><ul><ol><li>");
        if (!empty($mybb->settings['firstpreview_length']) && $mybb->settings['firstpreview_length'] != "0" && my_strlen($post['message']) > (int) $mybb->settings['firstpreview_length']) {
            $post['message'] = my_substr($post['message'], 0, (int) $mybb->settings['firstpreview_length']) . '...';
        if (isset($permissions['canviewthreads']) && $permissions['canviewthreads'] == 1) {
            $preview = "<div class=\"fpreview\"><span id=\"close_preview\">&#10060;</span>\n\t\t\t<div class=\"thead\" style=\"text-align:center; font-weight:bold; min-height:20px;\">" . $thread['subject'] . "</div>\n\t\t\t<div class=\"tcat\" style=\"padding-left:10px; height: 10%;\">" . build_profile_link(format_name(htmlspecialchars_uni($post['username']), (int) $user['usergroup'], (int) $user['displaygroup']), (int) $post['uid']) . "<span class=\"smalltext\">" . $threadposted . "</span></div>\n\t\t\t<div class=\"prev_content\">" . $post['message'] . "</div>\n\t\t\t</div>";
        } else {
            $preview = "<div class=\"fpreview\"><span id=\"close_preview\">&#10060;</span><div class=\"prev_content\" style=\"text-align:center;\">" . $lang->error_nopermission_user_ajax . "</div></div>";
        header("Content-type: text/plain; charset={$charset}");
        echo $preview;
    // Get the last post
    if (isset($mybb->settings['firstpreview_last']) && $mybb->settings['firstpreview_last'] != 0 && isset($mybb->input['lastpost']) && $mybb->input['lastpost'] == 1 && $mybb->request_method == "post") {
        $thread = get_thread((int) $mybb->input['tid']);
        $tid = (int) $thread['tid'];
        $permissions = forum_permissions($thread['fid']);
        require_once MYBB_ROOT . "inc/class_parser.php";
        $parser = new postParser();
        $lastposter = (int) $thread['lastposteruid'];
        $lastposttime = (int) $thread['lastpost'];
        $query = $db->simple_select('posts', '*', "uid = '" . $lastposter . "' AND dateline = '" . $lastposttime . "' AND tid = '" . $tid . "'");
        $post = $db->fetch_array($query);
        $forum = get_forum($thread['fid']);
        $user = get_user($post['uid']);
        $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject']));
        $lastdate = my_date($mybb->settings['dateformat'], $lastposttime);
        $lasttime = my_date($mybb->settings['timeformat'], $lastposttime);
        $lastposted = ' (' . $lastdate . ', ' . $lasttime . ')';
        $parser_options['allow_html'] = $forum['allowhtml'];
        $parser_options['allow_mycode'] = $forum['allowmycode'];
        $parser_options['allow_smilies'] = $forum['allowsmilies'];
        $parser_options['allow_imgcode'] = $forum['allowimgcode'];
        $parser_options['allow_videocode'] = $forum['allowvideocode'];
        $parser_options['filter_badwords'] = 1;
        $id = 0;
        $post['message'] = $parser->parse_message($post['message'], $parser_options);
        if (isset($mybb->settings['firstpreview_html']) && $mybb->settings['firstpreview_html'] != 1) {
            $post['message'] = strip_tags($post['message'], "<br><p><ul><ol><li>");
        if (!empty($mybb->settings['firstpreview_length']) && $mybb->settings['firstpreview_length'] != "0" && my_strlen($post['message']) > (int) $mybb->settings['firstpreview_length']) {
            $post['message'] = my_substr($post['message'], 0, (int) $mybb->settings['firstpreview_length']) . '...';
        if (isset($permissions['canviewthreads']) && $permissions['canviewthreads'] == 1) {
            $preview = "<div class=\"fpreview\"><span id=\"close_preview\">&#10060;</span>\n\t\t\t<div class=\"thead\" style=\"text-align:center; font-weight:bold; min-height:20px;\">" . $thread['subject'] . "</div>\n\t\t\t<div class=\"tcat\" style=\"padding-left:10px; padding-right:10px;\">" . build_profile_link(format_name(htmlspecialchars_uni($post['username']), (int) $user['usergroup'], (int) $user['displaygroup']), (int) $post['uid']) . "<span class=\"smalltext\">" . $lastposted . "<span class=\"float_right\"><strong>" . $lang->lastpost . "</strong></span></span></div>\n\t\t\t<div class=\"prev_content\">" . $post['message'] . "</div>\n\t\t\t</div>";
        } else {
            $preview = "<div class=\"fpreview\"><span id=\"close_preview\">&#10060;</span><div class=\"prev_content\" style=\"text-align:center;\">" . $lang->error_nopermission_user_ajax . "</div></div>";
        header("Content-type: text/plain; charset={$charset}");
        echo $preview;
Esempio n. 24
 $query = $db->query("\n\t\tSELECT p.pid, p.message, p.tid, p.smilieoff\n\t\tFROM " . TABLE_PREFIX . "posts p\n\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\tWHERE t.fid IN (" . $announcementsfids . "){$tunviewwhere} AND t.visible='1' AND t.closed NOT LIKE 'moved|%' AND t.firstpost=p.pid\n\t\tORDER BY t.dateline DESC\n\t\tLIMIT 0, {$numannouncements}");
 while ($getid = $db->fetch_array($query)) {
     $pids .= ",'{$getid['pid']}'";
     $tids .= ",'{$getid['tid']}'";
     $posts[$getid['tid']] = $getid;
 if (!empty($posts)) {
     $pids = "pid IN(0{$pids})";
     // Now lets fetch all of the attachments for these posts
     $query = $db->simple_select("attachments", "*", $pids);
     while ($attachment = $db->fetch_array($query)) {
         $attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
     if (is_array($forum)) {
         foreach ($forum as $fid => $forumrow) {
             $forumpermissions[$fid] = forum_permissions($fid);
     $icon_cache = $cache->read("posticons");
     $query = $db->query("\n\t\t\tSELECT t.*, t.username AS threadusername, u.username, u.avatar, u.avatardimensions\n\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid = t.uid)\n\t\t\tWHERE t.fid IN (" . $announcementsfids . ") AND t.tid IN (0{$tids}) AND t.visible='1' AND t.closed NOT LIKE 'moved|%'\n\t\t\tORDER BY t.dateline DESC\n\t\t\tLIMIT 0, {$numannouncements}");
     while ($announcement = $db->fetch_array($query)) {
         // Make sure we can view this announcement
         if ($forumpermissions[$announcement['fid']]['canview'] == 0 || $forumpermissions[$announcement['fid']]['canviewthreads'] == 0 || $forumpermissions[$announcement['fid']]['canonlyviewownthreads'] == 1 && $announcement['uid'] != $mybb->user['uid']) {
         $announcement['message'] = $posts[$announcement['tid']]['message'];
         $announcement['pid'] = $posts[$announcement['tid']]['pid'];
         $announcement['smilieoff'] = $posts[$announcement['tid']]['smilieoff'];
         $announcement['threadlink'] = get_thread_link($announcement['tid']);
         if ($announcement['uid'] == 0) {
             $profilelink = htmlspecialchars_uni($announcement['threadusername']);
    $query = $db->simple_select("attachments", "*", "aid='{$aid}'");
} else {
    $query = $db->simple_select("attachments", "*", "pid='{$pid}'");
$attachment = $db->fetch_array($query);
$pid = $attachment['pid'];
$post = get_post($pid);
$thread = get_thread($post['tid']);
if (!$thread['tid'] && !$mybb->input['thumbnail']) {
$fid = $thread['fid'];
// Get forum info
$forum = get_forum($fid);
// Permissions
$forumpermissions = forum_permissions($fid);
if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'] || $forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']) {
// Error if attachment is invalid or not visible
if (!$attachment['aid'] || !$attachment['attachname'] || !is_moderator($fid) && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)) {
if (!$mybb->input['thumbnail']) {
    $attachupdate = array("downloads" => $attachment['downloads'] + 1);
    $db->update_query("attachments", $attachupdate, "aid='{$attachment['aid']}'");
// basename isn't UTF-8 safe. This is a workaround.
$attachment['filename'] = ltrim(basename(' ' . $attachment['filename']));
if ($mybb->input['thumbnail']) {
Esempio n. 26
 * Upload an attachment in to the file system
 * @param array $attachment Attachment data (as fed by PHPs $_FILE)
 * @param boolean $update_attachment Whether or not we are updating a current attachment or inserting a new one
 * @return array Array of attachment data if successful, otherwise array of error data
function upload_attachment($attachment, $update_attachment = false)
    global $mybb, $db, $theme, $templates, $posthash, $pid, $tid, $forum, $mybb, $lang, $plugins, $cache;
    $posthash = $db->escape_string($mybb->get_input('posthash'));
    $pid = (int) $pid;
    if (isset($attachment['error']) && $attachment['error'] != 0) {
        $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail;
        switch ($attachment['error']) {
            case 1:
                // UPLOAD_ERR_INI_SIZE
                $ret['error'] .= $lang->error_uploadfailed_php1;
            case 2:
                // UPLOAD_ERR_FORM_SIZE
                $ret['error'] .= $lang->error_uploadfailed_php2;
            case 3:
                // UPLOAD_ERR_PARTIAL
                $ret['error'] .= $lang->error_uploadfailed_php3;
            case 4:
                // UPLOAD_ERR_NO_FILE
                $ret['error'] .= $lang->error_uploadfailed_php4;
            case 6:
                // UPLOAD_ERR_NO_TMP_DIR
                $ret['error'] .= $lang->error_uploadfailed_php6;
            case 7:
                // UPLOAD_ERR_CANT_WRITE
                $ret['error'] .= $lang->error_uploadfailed_php7;
                $ret['error'] .= $lang->sprintf($lang->error_uploadfailed_phpx, $attachment['error']);
        return $ret;
    if (!is_uploaded_file($attachment['tmp_name']) || empty($attachment['tmp_name'])) {
        $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_php4;
        return $ret;
    $attachtypes = $cache->read('attachtypes');
    $attachment = $plugins->run_hooks("upload_attachment_start", $attachment);
    $ext = get_extension($attachment['name']);
    // Check if we have a valid extension
    if (!isset($attachtypes[$ext])) {
        $ret['error'] = $lang->error_attachtype;
        return $ret;
    } else {
        $attachtype = $attachtypes[$ext];
    // Check the size
    if ($attachment['size'] > $attachtype['maxsize'] * 1024 && $attachtype['maxsize'] != "") {
        $ret['error'] = $lang->sprintf($lang->error_attachsize, $attachtype['maxsize']);
        return $ret;
    // Double check attachment space usage
    if ($mybb->usergroup['attachquota'] > 0) {
        $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='" . $mybb->user['uid'] . "'");
        $usage = $db->fetch_array($query);
        $usage = $usage['ausage'] + $attachment['size'];
        if ($usage > $mybb->usergroup['attachquota'] * 1024) {
            $friendlyquota = get_friendly_size($mybb->usergroup['attachquota'] * 1024);
            $ret['error'] = $lang->sprintf($lang->error_reachedattachquota, $friendlyquota);
            return $ret;
    // Gather forum permissions
    $forumpermissions = forum_permissions($forum['fid']);
    // Check if an attachment with this name is already in the post
    if ($pid != 0) {
        $uploaded_query = "pid='{$pid}'";
    } else {
        $uploaded_query = "posthash='{$posthash}'";
    $query = $db->simple_select("attachments", "*", "filename='" . $db->escape_string($attachment['name']) . "' AND " . $uploaded_query);
    $prevattach = $db->fetch_array($query);
    if ($prevattach['aid'] && $update_attachment == false) {
        if (!$mybb->usergroup['caneditattachments'] && !$forumpermissions['caneditattachments']) {
            $ret['error'] = $lang->error_alreadyuploaded_perm;
            return $ret;
        $ret['error'] = $lang->error_alreadyuploaded;
        return $ret;
    // Check to see how many attachments exist for this post already
    if ($mybb->settings['maxattachments'] > 0 && $update_attachment == false) {
        $query = $db->simple_select("attachments", "COUNT(aid) AS numattachs", $uploaded_query);
        $attachcount = $db->fetch_field($query, "numattachs");
        if ($attachcount >= $mybb->settings['maxattachments']) {
            $ret['error'] = $lang->sprintf($lang->error_maxattachpost, $mybb->settings['maxattachments']);
            return $ret;
    $month_dir = '';
    if ($mybb->safemode == false) {
        // Check if the attachment directory (YYYYMM) exists, if not, create it
        $month_dir = gmdate("Ym");
        if (!@is_dir($mybb->settings['uploadspath'] . "/" . $month_dir)) {
            @mkdir($mybb->settings['uploadspath'] . "/" . $month_dir);
            // Still doesn't exist - oh well, throw it in the main directory
            if (!@is_dir($mybb->settings['uploadspath'] . "/" . $month_dir)) {
                $month_dir = '';
    // All seems to be good, lets move the attachment!
    $filename = "post_" . $mybb->user['uid'] . "_" . TIME_NOW . "_" . md5(random_str()) . ".attach";
    $file = upload_file($attachment, $mybb->settings['uploadspath'] . "/" . $month_dir, $filename);
    // Failed to create the attachment in the monthly directory, just throw it in the main directory
    if (!empty($file['error']) && $month_dir) {
        $file = upload_file($attachment, $mybb->settings['uploadspath'] . '/', $filename);
    } elseif ($month_dir) {
        $filename = $month_dir . "/" . $filename;
    if (!empty($file['error'])) {
        $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail;
        switch ($file['error']) {
            case 1:
                $ret['error'] .= $lang->error_uploadfailed_nothingtomove;
            case 2:
                $ret['error'] .= $lang->error_uploadfailed_movefailed;
        return $ret;
    // Lets just double check that it exists
    if (!file_exists($mybb->settings['uploadspath'] . "/" . $filename)) {
        $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail . $lang->error_uploadfailed_lost;
        return $ret;
    // Generate the array for the insert_query
    $attacharray = array("pid" => $pid, "posthash" => $posthash, "uid" => $mybb->user['uid'], "filename" => $db->escape_string($file['original_filename']), "filetype" => $db->escape_string($file['type']), "filesize" => (int) $file['size'], "attachname" => $filename, "downloads" => 0, "dateuploaded" => TIME_NOW);
    // If we're uploading an image, check the MIME type compared to the image type and attempt to generate a thumbnail
    if ($ext == "gif" || $ext == "png" || $ext == "jpg" || $ext == "jpeg" || $ext == "jpe") {
        // Check a list of known MIME types to establish what kind of image we're uploading
        switch (my_strtolower($file['type'])) {
            case "image/gif":
                $img_type = 1;
            case "image/jpeg":
            case "image/x-jpg":
            case "image/x-jpeg":
            case "image/pjpeg":
            case "image/jpg":
                $img_type = 2;
            case "image/png":
            case "image/x-png":
                $img_type = 3;
                $img_type = 0;
        $supported_mimes = array();
        foreach ($attachtypes as $attachtype) {
            if (!empty($attachtype['mimetype'])) {
                $supported_mimes[] = $attachtype['mimetype'];
        // Check if the uploaded file type matches the correct image type (returned by getimagesize)
        $img_dimensions = @getimagesize($mybb->settings['uploadspath'] . "/" . $filename);
        $mime = "";
        $file_path = $mybb->settings['uploadspath'] . "/" . $filename;
        if (function_exists("finfo_open")) {
            $file_info = finfo_open(FILEINFO_MIME);
            list($mime, ) = explode(';', finfo_file($file_info, MYBB_ROOT . $file_path), 1);
        } else {
            if (function_exists("mime_content_type")) {
                $mime = mime_content_type(MYBB_ROOT . $file_path);
        if (!is_array($img_dimensions) || $img_dimensions[2] != $img_type && !in_array($mime, $supported_mimes)) {
            delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $filename);
            $ret['error'] = $lang->error_uploadfailed;
            return $ret;
        require_once MYBB_ROOT . "inc/functions_image.php";
        $thumbname = str_replace(".attach", "_thumb.{$ext}", $filename);
        $attacharray = $plugins->run_hooks("upload_attachment_thumb_start", $attacharray);
        $thumbnail = generate_thumbnail($mybb->settings['uploadspath'] . "/" . $filename, $mybb->settings['uploadspath'], $thumbname, $mybb->settings['attachthumbh'], $mybb->settings['attachthumbw']);
        if ($thumbnail['filename']) {
            $attacharray['thumbnail'] = $thumbnail['filename'];
        } elseif ($thumbnail['code'] == 4) {
            $attacharray['thumbnail'] = "SMALL";
    if ($forumpermissions['modattachments'] == 1 && !is_moderator($forum['fid'], "canapproveunapproveattachs")) {
        $attacharray['visible'] = 0;
    } else {
        $attacharray['visible'] = 1;
    $attacharray = $plugins->run_hooks("upload_attachment_do_insert", $attacharray);
    if ($prevattach['aid'] && $update_attachment == true) {
        // Keep our download count if we're updating an attachment
        $db->update_query("attachments", $attacharray, "aid='" . $db->escape_string($prevattach['aid']) . "'");
        // Remove old attachment file
        // Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file.
        $query = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='" . $db->escape_string($prevattach['attachname']) . "'");
        if ($db->fetch_field($query, "numreferences") == 0) {
            delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $prevattach['attachname']);
            if ($prevattach['thumbnail']) {
                delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $prevattach['thumbnail']);
            $date_directory = explode('/', $prevattach['attachname']);
            if (@is_dir($mybb->settings['uploadspath'] . "/" . $date_directory[0])) {
                delete_upload_directory($mybb->settings['uploadspath'] . "/" . $date_directory[0]);
        $aid = $prevattach['aid'];
    } else {
        $aid = $db->insert_query("attachments", $attacharray);
        if ($pid) {
            update_thread_counters($tid, array("attachmentcount" => "+1"));
    $ret['aid'] = $aid;
    return $ret;
Esempio n. 27
    if (isset($mybb->cookies['mybb']['forumread'])) {
        $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
} else {
    // Build a forum cache.
    $query = $db->query("\n\t\tSELECT f.*, fr.dateline AS lastread\n\t\tFROM " . TABLE_PREFIX . "forums f\n\t\tLEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid = f.fid AND fr.uid = '{$mybb->user['uid']}')\n\t\tWHERE f.active != 0\n\t\tORDER BY pid, disporder\n\t");
while ($forum = $db->fetch_array($query)) {
    if ($mybb->user['uid'] == 0) {
        if (!empty($forumsread[$forum['fid']])) {
            $forum['lastread'] = $forumsread[$forum['fid']];
    $fcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
$forumpermissions = forum_permissions();
// Get the forum moderators if the setting is enabled.
$moderatorcache = array();
if ($mybb->settings['modlist'] != 0 && $mybb->settings['modlist'] != 'off') {
    $moderatorcache = $cache->read('moderators');
$excols = 'index';
$permissioncache['-1'] = '1';
$bgcolor = 'trow1';
// Decide if we're showing first-level subforums on the index page.
$showdepth = 2;
if ($mybb->settings['subforumsindex'] != 0) {
    $showdepth = 3;
$forum_list = build_forumbits();
$forums = $forum_list['forum_list'];
     // Actually move the threads in Inline moderation
 // Actually move the threads in Inline moderation
 case "do_multimovethreads":
     // Verify incoming POST request
     $moveto = intval($mybb->input['moveto']);
     $threadlist = explode("|", $mybb->input['threads']);
     if (!is_moderator_by_tids($threadlist, 'canmanagethreads')) {
     foreach ($threadlist as $tid) {
         $tids[] = intval($tid);
     // Make sure moderator has permission to move to the new forum
     $newperms = forum_permissions($moveto);
     if (($newperms['canview'] == 0 || !is_moderator($moveto, 'canmanagethreads')) && !is_moderator_by_tids($tids, 'canmovetononmodforum')) {
     $newforum = get_forum($moveto);
     if (!$newforum || $newforum['type'] != "f" || $newforum['type'] == "f" && $newforum['linkto'] != '') {
     $moderation->move_threads($tids, $moveto);
     log_moderator_action($modlogdata, $lang->multi_moved_threads);
     moderation_redirect(get_forum_link($moveto), $lang->redirect_inline_threadsmoved);
     // Delete posts - Inline moderation
 // Delete posts - Inline moderation
 case "multideleteposts":
Esempio n. 29
 // Fetch the post from the database.
 $post = get_post($mybb->get_input('pid', MyBB::INPUT_INT));
 // No result, die.
 if (!$post) {
 // Fetch the thread associated with this post.
 $thread = get_thread($post['tid']);
 // Fetch the specific forum this thread/post is in.
 $forum = get_forum($thread['fid']);
 // Missing thread, invalid forum? Error.
 if (!$thread || !$forum || $forum['type'] != "f") {
 // Fetch forum permissions.
 $forumpermissions = forum_permissions($forum['fid']);
 // If this user is not a moderator with "caneditposts" permissions.
 if (!is_moderator($forum['fid'], "caneditposts")) {
     // Thread is closed - no editing allowed.
     if ($thread['closed'] == 1) {
     } else {
         if ($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1) {
         } else {
             if ($mybb->usergroup['edittimelimit'] != 0 && $post['dateline'] < TIME_NOW - $mybb->usergroup['edittimelimit'] * 60) {
                 $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->usergroup['edittimelimit']);
Esempio n. 30
File: ACP.php Progetto: exts/nab145
function manageboards()
    if (!isset($_GET['type'])) {
        $BODY = "";
        $cats = mysql_query("SELECT * FROM `categories` ORDER BY `order`");
        if (mysql_num_rows($cats) > 0) {
            $BODY .= "<table width='100%' cellspacing='3' cellpadding='0'>";
            while ($row = mysql_fetch_array($cats)) {
                $BODY .= "\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td width='80%'><strong>" . $row['title'] . "</strong></td>\n\t\t\t\t\t\t\t<td width='20%'><a href='acp.php?action=boards&type=cat&id=" . $row['id'] . "&edit'>Edit</a> <a href='acp.php?action=boards&type=cat&id=" . $row['id'] . "&delete'>Delete</a></td></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t";
                $forums = mysql_query("SELECT * FROM `forums` WHERE `cid` = '" . $row['id'] . "'");
                $forums_ = "";
                while ($forum = mysql_fetch_array($forums)) {
                    $forums_ .= "<a href='acp.php?action=boards&type=forum&id=" . $forum['id'] . "&edit'>" . $forum['title'] . "</a>, ";
                $BODY .= "\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td colspan='2'>" . substr($forums_, 0, strlen($forums_) - 2) . "</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t";
            $BODY .= "</table>";
        } else {
            return "There aren't any categorys in the database, go create some.";
        return $BODY;
    } else {
        switch ($_GET['type']) {
            case "cat":
                if (isset($_GET['edit']) and !isset($_GET['delete'])) {
                    $cid = intval(htmlspecialchars($_GET['id']));
                    $sql = mysql_query("SELECT * FROM `categories` WHERE `id` = '" . $cid . "'");
                    $row = mysql_fetch_array($sql);
                    if (!isset($_POST['submit'])) {
                        return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%' cellspacing='3' cellpadding='0'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Category Name</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><input type='text' name='name' value='" . $row['title'] . "' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2' align='center'><input type='submit' name='submit' value='Edit Category' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t";
                    } else {
                        if (!empty($_POST['name'])) {
                            $category = htmlspecialchars($_POST['name']);
                            $id = intval(htmlspecialchars($_GET['id']));
                            if (mysql_query("UPDATE `categories` SET `title` = '" . $category . "' WHERE `id` = '" . $id . "'")) {
                                return "Category was updated successfully.";
                            } else {
                                return "There was a problem updating category, please contact Nevux Ability Boards Tech Support.";
                        } else {
                            return "You left a field blank please go back and make sure all fields are filled.";
                } elseif (isset($_GET['delete']) and !isset($_GET['edit'])) {
                    if (!isset($_POST['delete'])) {
                        return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='50%'>Are you Sure you want to delete this Category?</td><td width='50%'><input type='submit' name='delete' value='Delete' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t";
                    } else {
                        $id = intval(htmlspecialchars($_GET['id']));
                        if (mysql_query("DELETE FROM `categories` WHERE `id` = '" . $id . "'")) {
                            return "Category was deleted successfully.";
                        } else {
                            return "There was an error deleteing categorys from Database.";
                } else {
                    return "Error action.";
            case "forum":
                if (isset($_GET['edit']) and !isset($_GET['delete'])) {
                    $id = intval(htmlspecialchars($_GET['id']));
                    $sql = mysql_query("SELECT * FROM `forums` WHERE `id` = '" . $id . "'");
                    $row = mysql_fetch_array($sql);
                    $sub = "";
                    $sub_ = mysql_query("SELECT * FROM `forums` WHERE `sid` = '" . $row['id'] . "'");
                    if (mysql_num_rows($sub_) > 0) {
                        while ($rows = mysql_fetch_array($sub_)) {
                            $sub .= "<a href='acp.php?action=boards&type=forum&id=" . $rows['id'] . "&edit'>" . $rows['title'] . "</a>, ";
                    if (!isset($_POST['submit'])) {
                        return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%' cellspacing='3' cellpadding='0'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Forum Name</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><input type='text' name='name' value='" . $row['title'] . "' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%' valign='top'>Forum Description</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><textarea cols='20' rows='5' name='desc'>" . $row['description'] . "</textarea></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Forum Parent</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'>" . parents($row['cid'] != 0 ? $row['cid'] : $row['sid'], $row['cid'] != 0 ? "c" : "f") . "</td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Forum Locked</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><input type='checkbox' " . ($row['locked'] == 't' ? 'checked="checked"' : '') . " name='locked' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2'>\n\t\t\t\t\t\t\t\t\t\t\t\t" . forum_permissions(1, 2, $row['permissions']) . "\n\t\t\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2' align='center'><input type='submit' name='submit' value='Edit Forum' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2' width='100%'>" . ($sub == "" ? '' : '<strong>SubForums</strong>: ' . substr($sub, 0, strlen($sub) - 2)) . "</td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2'><a href='acp.php?action=boards&type=forum&id=" . $_GET['id'] . "&delete'>Delete Forum</a></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t";
                    } else {
                        if (!empty($_POST['parent']) and !empty($_POST['name'])) {
                            $views = array();
                            $read = array();
                            $reply_p = array();
                            $reply_t = array();
                            if ($_POST['view']) {
                                foreach ($_POST['view'] as $v) {
                                    $views[$v] = 't';
                            if ($_POST['read']) {
                                foreach ($_POST['read'] as $b) {
                                    $read[$b] = 't';
                            if ($_POST['reply']) {
                                foreach ($_POST['reply'] as $w) {
                                    $reply_p[$w] = 't';
                            if ($_POST['topic']) {
                                foreach ($_POST['topic'] as $e) {
                                    $reply_t[$e] = 't';
                            $permissions = serialize(array('view' => $views, 'read' => $read, 'reply' => $reply_p, 'topic' => $reply_t));
                            $permissions = mysql_real_escape_string($permissions);
                            $id = intval(htmlspecialchars($_GET['id']));
                            $parent = explode("|", $_POST['parent']);
                            $parent_ = $parent[0] == 'cat' ? "`cid`" : "`sid`";
                            $parent2_ = $parent[0] == 'cat' ? "`sid`" : "`cid`";
                            $title = htmlspecialchars($_POST['name']);
                            $desc = htmlspecialchars($_POST['desc']);
                            $locked = isset($_POST['locked']) ? 't' : 'f';
                            if (mysql_query("UPDATE `forums` SET `permissions` = '" . $permissions . "', " . $parent2_ . " = '0', " . $parent_ . " = '" . $parent[1] . "', `title` = '" . $title . "',`description` = '" . $desc . "',`locked` = '" . $locked . "' WHERE `id` = '" . $id . "'")) {
                                return "Forum was successfully updated into database." . $parent[0];
                            } else {
                                return "Sorry, there was an sql error trying to update data into database.";
                        } else {
                            return "You either left a field blank, or you need to create a category before adding any forums.";
                } elseif (isset($_GET['delete']) and !isset($_GET['edit'])) {
                    $id = intval(htmlspecialchars($_GET['id']));
                    if (!isset($_POST['delete'])) {
                        return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='50%'>Are you Sure you want to delete this Forum?</td><td width='50%'><input type='submit' name='delete' value='Delete' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t";
                    } else {
                        $id = intval(htmlspecialchars($_GET['id']));
                        if (mysql_query("DELETE FROM `forums` WHERE `id` = '" . $id . "'")) {
                            return "Forum was deleted successfully.";
                        } else {
                            return "There was an error deleteing Forum from Database.";
                } else {
                    return "Error action.";