function finish_auth($username, $auth_key, $url)
{
// not a good design
if (mb_strlen($auth_key, 'utf-8') != 32) {
return json_encode(array('errorno' => 1));
}
$result = get_user_information($username);
if ($result == null) {
return json_encode(array('errorno' => 2));
}
if (process_auth_key($result['auth_key'], $result['last_time'], $url) != $auth_key) {
return json_encode(array('errorno' => 3));
}
// not good design +1
$new_auth_key = rand_string();
$sql = "UPDATE `account` SET `auth_key`= ? WHERE username= ? LIMIT 1";
$params = array($new_auth_key, $username);
$count = (new MysqlDAO())->execute($sql, $params, 'ss');
$username = $result['username'];
$email = $result['email'];
$verified = $result['verified'];
$reg_time = $result['reg_time'];
$res = array('errorno' => 0, 'user' => array('username' => $username, 'email' => $email, 'verified' => $verified, 'reg_time' => $reg_time));
return json_encode($res);
}
function start_auth($username, $url)
{
$result = get_user_information($username);
if ($result == null) {
return '(null)';
}
$auth_key = $result['auth_key'];
$last_time = $result['last_time'];
$auth_key = process_auth_key($auth_key, $last_time, $url);
return $auth_key;
}
function draw_mini_comments()
{
$user_info = get_user_information($_SESSION['user_id']);
$username = $user_info['username'];
//Query grabs comments made in last 7 days
$sqlquery = " SELECT * FROM `performance_comments` WHERE username ='******' AND TIMESTAMPDIFF(DAY , `timestamp` , NOW( ) ) < '7'";
$result = mysql_query($sqlquery) or die("Select failed: " . mysql_error() . " on query: " . $sqlquery);
$o .= "<ul>";
while ($data = mysql_fetch_array($result)) {
$o .= "<li>" . $data['username_commenter'] . " - " . $data['comment'] . "</li>";
}
$o .= "</ul>";
return $o;
}
function chk_cookie($username, $pwd)
{
if (!ENABLE_COOKIE) {
return;
}
if (mb_strlen($username, 'utf8') < 1 || mb_strlen($username, 'utf8') > 12) {
return;
}
$result = get_user_information($username);
if ($result == null) {
setcookie('username', '', time() - 1);
setcookie('sid', '', time() - 1);
return;
} else {
if (crypt_pwd_client($result['password']) == $pwd) {
$_SESSION['username'] = $result['username'];
$_SESSION['loged'] = false;
return;
} else {
setcookie('username', '', time() - 1);
setcookie('sid', '', time() - 1);
return;
}
return;
}
}
/**
* View private message
*/
function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
{
global $user, $template, $auth, $db, $cache, $src_container;
global $src_root_path, $request, $phpEx, $config, $src_dispatcher;
$user->add_lang(array('viewtopic', 'memberlist'));
$msg_id = (int) $msg_id;
$folder_id = (int) $folder_id;
$author_id = (int) $message_row['author_id'];
$view = request_var('view', '');
// Not able to view message, it was deleted by the sender
if ($message_row['pm_deleted']) {
$meta_info = append_sid("{$src_root_path}ucp.{$phpEx}", "i=pm&folder={$folder_id}");
$message = $user->lang['NO_AUTH_READ_REMOVED_MESSAGE'];
$message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>');
trigger_error($message);
}
// Do not allow hold messages to be seen
if ($folder_id == PRIVMSGS_HOLD_BOX) {
trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
}
// Grab icons
$icons = $cache->obtain_icons();
// Load the custom profile fields
if ($config['load_cpf_pm']) {
$cp = $src_container->get('profilefields.manager');
$profile_fields = $cp->grab_profile_fields_data($author_id);
}
// Assign TO/BCC Addresses to template
write_pm_addresses(array('to' => $message_row['to_address'], 'bcc' => $message_row['bcc_address']), $author_id);
$user_info = get_user_information($author_id, $message_row);
// Parse the message and subject
$parse_flags = ($message_row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0) | OPTION_FLAG_SMILIES;
$message = generate_text_for_display($message_row['message_text'], $message_row['bbcode_uid'], $message_row['bbcode_bitfield'], $parse_flags, true);
// Replace naughty words such as farty pants
$message_row['message_subject'] = censor_text($message_row['message_subject']);
// Editing information
if ($message_row['message_edit_count'] && $config['display_last_edited']) {
if (!$message_row['message_edit_user']) {
$display_username = get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour']);
} else {
$edit_user_info = get_user_information($message_row['message_edit_user'], false);
$display_username = get_username_string('full', $message_row['message_edit_user'], $edit_user_info['username'], $edit_user_info['user_colour']);
}
$l_edited_by = '<br /><br />' . $user->lang('EDITED_TIMES_TOTAL', (int) $message_row['message_edit_count'], $display_username, $user->format_date($message_row['message_edit_time'], false, true));
} else {
$l_edited_by = '';
}
// Pull attachment data
$display_notice = false;
$attachments = array();
if ($message_row['message_attachment'] && $config['allow_pm_attach']) {
if ($auth->acl_get('u_pm_download')) {
$sql = 'SELECT *
FROM ' . ATTACHMENTS_TABLE . "\n\t\t\t\tWHERE post_msg_id = {$msg_id}\n\t\t\t\t\tAND in_message = 1\n\t\t\t\tORDER BY filetime DESC, post_msg_id ASC";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$attachments[] = $row;
}
$db->sql_freeresult($result);
// No attachments exist, but message table thinks they do so go ahead and reset attach flags
if (!sizeof($attachments)) {
$sql = 'UPDATE ' . PRIVMSGS_TABLE . "\n\t\t\t\t\tSET message_attachment = 0\n\t\t\t\t\tWHERE msg_id = {$msg_id}";
$db->sql_query($sql);
}
} else {
$display_notice = true;
}
}
// Assign inline attachments
if (!empty($attachments)) {
$update_count = array();
parse_attachments(false, $message, $attachments, $update_count);
// Update the attachment download counts
if (sizeof($update_count)) {
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
SET download_count = download_count + 1
WHERE ' . $db->sql_in_set('attach_id', array_unique($update_count));
$db->sql_query($sql);
}
}
$user_info['sig'] = '';
$signature = $message_row['enable_sig'] && $config['allow_sig'] && $auth->acl_get('u_sig') && $user->optionget('viewsigs') ? $user_info['user_sig'] : '';
// End signature parsing, only if needed
if ($signature) {
$parse_flags = ($user_info['user_sig_bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0) | OPTION_FLAG_SMILIES;
$signature = generate_text_for_display($signature, $user_info['user_sig_bbcode_uid'], $user_info['user_sig_bbcode_bitfield'], $parse_flags, true);
}
$url = append_sid("{$src_root_path}ucp.{$phpEx}", 'i=pm');
// Number of "to" recipients
$num_recipients = (int) preg_match_all('/:?(u|g)_([0-9]+):?/', $message_row['to_address'], $match);
$bbcode_status = $config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode') ? true : false;
// Get the profile fields template data
$cp_row = array();
if ($config['load_cpf_pm'] && isset($profile_fields[$author_id])) {
// Filter the fields we don't want to show
foreach ($profile_fields[$author_id] as $used_ident => $profile_field) {
if (!$profile_field['data']['field_show_on_pm']) {
unset($profile_fields[$author_id][$used_ident]);
}
}
if (isset($profile_fields[$author_id])) {
$cp_row = $cp->generate_profile_fields_template_data($profile_fields[$author_id]);
}
}
$u_pm = $u_jabber = '';
if ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_info['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) {
$u_pm = append_sid("{$src_root_path}ucp.{$phpEx}", 'i=pm&mode=compose&u=' . $author_id);
}
if ($config['jab_enable'] && $user_info['user_jabber'] && $auth->acl_get('u_sendim')) {
$u_jabber = append_sid("{$src_root_path}memberlist.{$phpEx}", 'mode=contact&action=jabber&u=' . $author_id);
}
$msg_data = array('MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'MESSAGE_AUTHOR' => get_username_string('username', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'U_MESSAGE_AUTHOR' => get_username_string('profile', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'RANK_TITLE' => $user_info['rank_title'], 'RANK_IMG' => $user_info['rank_image'], 'AUTHOR_AVATAR' => isset($user_info['avatar']) ? $user_info['avatar'] : '', 'AUTHOR_JOINED' => $user->format_date($user_info['user_regdate']), 'AUTHOR_POSTS' => (int) $user_info['user_posts'], 'U_AUTHOR_POSTS' => $config['load_search'] && $auth->acl_get('u_search') ? append_sid("{$src_root_path}search.{$phpEx}", "author_id={$author_id}&sr=posts") : '', 'CONTACT_USER' => $user->lang('CONTACT_USER', get_username_string('username', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username'])), 'ONLINE_IMG' => !$config['load_onlinetrack'] ? '' : (isset($user_info['online']) && $user_info['online'] ? $user->img('icon_user_online', $user->lang['ONLINE']) : $user->img('icon_user_offline', $user->lang['OFFLINE'])), 'S_ONLINE' => !$config['load_onlinetrack'] ? false : (isset($user_info['online']) && $user_info['online'] ? true : false), 'DELETE_IMG' => $user->img('icon_post_delete', $user->lang['DELETE_MESSAGE']), 'INFO_IMG' => $user->img('icon_post_info', $user->lang['VIEW_PM_INFO']), 'PROFILE_IMG' => $user->img('icon_user_profile', $user->lang['READ_PROFILE']), 'EMAIL_IMG' => $user->img('icon_contact_email', $user->lang['SEND_EMAIL']), 'QUOTE_IMG' => $user->img('icon_post_quote', $user->lang['POST_QUOTE_PM']), 'REPLY_IMG' => $user->img('button_pm_reply', $user->lang['POST_REPLY_PM']), 'REPORT_IMG' => $user->img('icon_post_report', 'REPORT_PM'), 'EDIT_IMG' => $user->img('icon_post_edit', $user->lang['POST_EDIT_PM']), 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['PM']), 'SENT_DATE' => $view == 'print' ? $user->format_date($message_row['message_time'], false, true) : $user->format_date($message_row['message_time']), 'SUBJECT' => $message_row['message_subject'], 'MESSAGE' => $message, 'SIGNATURE' => $message_row['enable_sig'] ? $signature : '', 'EDITED_MESSAGE' => $l_edited_by, 'MESSAGE_ID' => $message_row['msg_id'], 'U_PM' => $u_pm, 'U_JABBER' => $u_jabber, 'U_DELETE' => $auth->acl_get('u_pm_delete') ? "{$url}&mode=compose&action=delete&f={$folder_id}&p=" . $message_row['msg_id'] : '', 'U_EMAIL' => $user_info['email'], 'U_REPORT' => $config['allow_pm_report'] ? append_sid("{$src_root_path}report.{$phpEx}", "pm=" . $message_row['msg_id']) : '', 'U_QUOTE' => $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS ? "{$url}&mode=compose&action=quote&f={$folder_id}&p=" . $message_row['msg_id'] : '', 'U_EDIT' => ($message_row['message_time'] > time() - $config['pm_edit_time'] * 60 || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit') ? "{$url}&mode=compose&action=edit&f={$folder_id}&p=" . $message_row['msg_id'] : '', 'U_POST_REPLY_PM' => $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS ? "{$url}&mode=compose&action=reply&f={$folder_id}&p=" . $message_row['msg_id'] : '', 'U_POST_REPLY_ALL' => $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS ? "{$url}&mode=compose&action=reply&f={$folder_id}&reply_to_all=1&p=" . $message_row['msg_id'] : '', 'U_PREVIOUS_PM' => "{$url}&f={$folder_id}&p=" . $message_row['msg_id'] . "&view=previous", 'U_NEXT_PM' => "{$url}&f={$folder_id}&p=" . $message_row['msg_id'] . "&view=next", 'U_PM_ACTION' => $url . '&mode=compose&f=' . $folder_id . '&p=' . $message_row['msg_id'], 'S_HAS_ATTACHMENTS' => sizeof($attachments) ? true : false, 'S_DISPLAY_NOTICE' => $display_notice && $message_row['message_attachment'], 'S_AUTHOR_DELETED' => $author_id == ANONYMOUS ? true : false, 'S_SPECIAL_FOLDER' => in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)), 'S_PM_RECIPIENTS' => $num_recipients, 'S_BBCODE_ALLOWED' => $bbcode_status ? 1 : 0, 'S_CUSTOM_FIELDS' => !empty($cp_row['row']) ? true : false, 'U_PRINT_PM' => $config['print_pm'] && $auth->acl_get('u_pm_printpm') ? "{$url}&f={$folder_id}&p=" . $message_row['msg_id'] . "&view=print" : '', 'U_FORWARD_PM' => $config['forward_pm'] && $auth->acl_get('u_sendpm') && $auth->acl_get('u_pm_forward') ? "{$url}&mode=compose&action=forward&f={$folder_id}&p=" . $message_row['msg_id'] : '');
/**
* Modify pm and sender data before it is assigned to the template
*
* @event core.ucp_pm_view_messsage
* @var mixed id Active module category (can be int or string)
* @var string mode Active module
* @var int folder_id ID of the folder the message is in
* @var int msg_id ID of the private message
* @var array folder Array with data of user's message folders
* @var array message_row Array with message data
* @var array cp_row Array with senders custom profile field data
* @var array msg_data Template array with message data
* @since 3.1.0-a1
*/
$vars = array('id', 'mode', 'folder_id', 'msg_id', 'folder', 'message_row', 'cp_row', 'msg_data');
extract($src_dispatcher->trigger_event('core.ucp_pm_view_messsage', compact($vars)));
$template->assign_vars($msg_data);
$contact_fields = array(array('ID' => 'pm', 'NAME' => $user->lang['SEND_PRIVATE_MESSAGE'], 'U_CONTACT' => $u_pm), array('ID' => 'email', 'NAME' => $user->lang['SEND_EMAIL'], 'U_CONTACT' => $user_info['email']), array('ID' => 'jabber', 'NAME' => $user->lang['JABBER'], 'U_CONTACT' => $u_jabber));
foreach ($contact_fields as $field) {
if ($field['U_CONTACT']) {
$template->assign_block_vars('contact', $field);
}
}
// Display the custom profile fields
if (!empty($cp_row['row'])) {
$template->assign_vars($cp_row['row']);
foreach ($cp_row['blockrow'] as $cp_block_row) {
$template->assign_block_vars('custom_fields', $cp_block_row);
if ($cp_block_row['S_PROFILE_CONTACT']) {
$template->assign_block_vars('contact', array('ID' => $cp_block_row['PROFILE_FIELD_IDENT'], 'NAME' => $cp_block_row['PROFILE_FIELD_NAME'], 'U_CONTACT' => $cp_block_row['PROFILE_FIELD_CONTACT']));
}
}
}
// Display not already displayed Attachments for this post, we already parsed them. ;)
if (isset($attachments) && sizeof($attachments)) {
foreach ($attachments as $attachment) {
$template->assign_block_vars('attachment', array('DISPLAY_ATTACHMENT' => $attachment));
}
}
if (!isset($_REQUEST['view']) || $request->variable('view', '') != 'print') {
// Message History
if (message_history($msg_id, $user->data['user_id'], $message_row, $folder)) {
$template->assign_var('S_DISPLAY_HISTORY', true);
}
}
}
/**
* View private message
*/
function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
{
global $user, $template, $auth, $db, $cache;
global $phpbb_root_path, $phpEx, $config;
$user->add_lang(array('viewtopic', 'memberlist'));
$msg_id = (int) $msg_id;
$folder_id = (int) $folder_id;
$author_id = (int) $message_row['author_id'];
$view = request_var('view', '');
// Not able to view message, it was deleted by the sender
if ($message_row['pm_deleted']) {
$meta_info = append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i=pm&folder={$folder_id}");
$message = $user->lang['NO_AUTH_READ_REMOVED_MESSAGE'];
$message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>');
trigger_error($message);
}
// Do not allow hold messages to be seen
if ($folder_id == PRIVMSGS_HOLD_BOX) {
trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
}
// Grab icons
$icons = $cache->obtain_icons();
$bbcode = false;
// Instantiate BBCode if need be
if ($message_row['bbcode_bitfield']) {
include $phpbb_root_path . 'includes/bbcode.' . $phpEx;
$bbcode = new bbcode($message_row['bbcode_bitfield']);
}
// Assign TO/BCC Addresses to template
write_pm_addresses(array('to' => $message_row['to_address'], 'bcc' => $message_row['bcc_address']), $author_id);
$user_info = get_user_information($author_id, $message_row);
// Parse the message and subject
$message = censor_text($message_row['message_text']);
// Second parse bbcode here
if ($message_row['bbcode_bitfield']) {
$bbcode->bbcode_second_pass($message, $message_row['bbcode_uid'], $message_row['bbcode_bitfield']);
}
// Always process smilies after parsing bbcodes
$message = bbcode_nl2br($message);
$message = smiley_text($message);
// Replace naughty words such as farty pants
$message_row['message_subject'] = censor_text($message_row['message_subject']);
// Editing information
if ($message_row['message_edit_count'] && $config['display_last_edited']) {
$l_edit_time_total = $message_row['message_edit_count'] == 1 ? $user->lang['EDITED_TIME_TOTAL'] : $user->lang['EDITED_TIMES_TOTAL'];
$l_edited_by = '<br /><br />' . sprintf($l_edit_time_total, !$message_row['message_edit_user'] ? $message_row['username'] : $message_row['message_edit_user'], $user->format_date($message_row['message_edit_time'], false, true), $message_row['message_edit_count']);
} else {
$l_edited_by = '';
}
// Pull attachment data
$display_notice = false;
$attachments = array();
if ($message_row['message_attachment'] && $config['allow_pm_attach']) {
if ($auth->acl_get('u_pm_download')) {
$sql = 'SELECT *
FROM ' . ATTACHMENTS_TABLE . "\n\t\t\t\tWHERE post_msg_id = {$msg_id}\n\t\t\t\t\tAND in_message = 1\n\t\t\t\tORDER BY filetime DESC, post_msg_id ASC";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$attachments[] = $row;
}
$db->sql_freeresult($result);
// No attachments exist, but message table thinks they do so go ahead and reset attach flags
if (!sizeof($attachments)) {
$sql = 'UPDATE ' . PRIVMSGS_TABLE . "\n\t\t\t\t\tSET message_attachment = 0\n\t\t\t\t\tWHERE msg_id = {$msg_id}";
$db->sql_query($sql);
}
} else {
$display_notice = true;
}
}
// Assign inline attachments
if (!empty($attachments)) {
$update_count = array();
parse_attachments(false, $message, $attachments, $update_count);
// Update the attachment download counts
if (sizeof($update_count)) {
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
SET download_count = download_count + 1
WHERE ' . $db->sql_in_set('attach_id', array_unique($update_count));
$db->sql_query($sql);
}
}
$user_info['sig'] = '';
$signature = $message_row['enable_sig'] && $config['allow_sig'] && $auth->acl_get('u_sig') && $user->optionget('viewsigs') ? $user_info['user_sig'] : '';
// End signature parsing, only if needed
if ($signature) {
$signature = censor_text($signature);
if ($user_info['user_sig_bbcode_bitfield']) {
if ($bbcode === false) {
include $phpbb_root_path . 'includes/bbcode.' . $phpEx;
$bbcode = new bbcode($user_info['user_sig_bbcode_bitfield']);
}
$bbcode->bbcode_second_pass($signature, $user_info['user_sig_bbcode_uid'], $user_info['user_sig_bbcode_bitfield']);
}
$signature = bbcode_nl2br($signature);
$signature = smiley_text($signature);
}
$url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm');
// Number of "to" recipients
$num_recipients = (int) preg_match_all('/:?(u|g)_([0-9]+):?/', $message_row['to_address'], $match);
$template->assign_vars(array('MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'MESSAGE_AUTHOR' => get_username_string('username', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'U_MESSAGE_AUTHOR' => get_username_string('profile', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'RANK_TITLE' => $user_info['rank_title'], 'RANK_IMG' => $user_info['rank_image'], 'AUTHOR_AVATAR' => isset($user_info['avatar']) ? $user_info['avatar'] : '', 'AUTHOR_JOINED' => $user->format_date($user_info['user_regdate']), 'AUTHOR_POSTS' => (int) $user_info['user_posts'], 'AUTHOR_FROM' => !empty($user_info['user_from']) ? $user_info['user_from'] : '', 'ONLINE_IMG' => !$config['load_onlinetrack'] ? '' : (isset($user_info['online']) && $user_info['online'] ? $user->img('icon_user_online', $user->lang['ONLINE']) : $user->img('icon_user_offline', $user->lang['OFFLINE'])), 'S_ONLINE' => !$config['load_onlinetrack'] ? false : (isset($user_info['online']) && $user_info['online'] ? true : false), 'DELETE_IMG' => $user->img('icon_post_delete', $user->lang['DELETE_MESSAGE']), 'INFO_IMG' => $user->img('icon_post_info', $user->lang['VIEW_PM_INFO']), 'PROFILE_IMG' => $user->img('icon_user_profile', $user->lang['READ_PROFILE']), 'EMAIL_IMG' => $user->img('icon_contact_email', $user->lang['SEND_EMAIL']), 'QUOTE_IMG' => $user->img('icon_post_quote', $user->lang['POST_QUOTE_PM']), 'REPLY_IMG' => $user->img('button_pm_reply', $user->lang['POST_REPLY_PM']), 'REPORT_IMG' => $user->img('icon_post_report', 'REPORT_PM'), 'EDIT_IMG' => $user->img('icon_post_edit', $user->lang['POST_EDIT_PM']), 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['PM']), 'SENT_DATE' => $view == 'print' ? $user->format_date($message_row['message_time'], false, true) : $user->format_date($message_row['message_time']), 'SUBJECT' => $message_row['message_subject'], 'MESSAGE' => $message, 'SIGNATURE' => $message_row['enable_sig'] ? $signature : '', 'EDITED_MESSAGE' => $l_edited_by, 'MESSAGE_ID' => $message_row['msg_id'], 'U_PM' => $config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_info['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'i=pm&mode=compose&u=' . $author_id) : '', 'U_WWW' => !empty($user_info['user_website']) ? $user_info['user_website'] : '', 'U_ICQ' => $user_info['user_icq'] ? 'http://www.icq.com/people/webmsg.php?to=' . urlencode($user_info['user_icq']) : '', 'U_AIM' => $user_info['user_aim'] && $auth->acl_get('u_sendim') ? append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=contact&action=aim&u=' . $author_id) : '', 'U_YIM' => $user_info['user_yim'] ? 'http://edit.yahoo.com/config/send_webmesg?.target=' . urlencode($user_info['user_yim']) . '&.src=pg' : '', 'U_MSN' => $user_info['user_msnm'] && $auth->acl_get('u_sendim') ? append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=contact&action=msnm&u=' . $author_id) : '', 'U_JABBER' => $user_info['user_jabber'] && $auth->acl_get('u_sendim') ? append_sid("{$phpbb_root_path}memberlist.{$phpEx}", 'mode=contact&action=jabber&u=' . $author_id) : '', 'U_DELETE' => $auth->acl_get('u_pm_delete') ? "{$url}&mode=compose&action=delete&f={$folder_id}&p=" . $message_row['msg_id'] : '', 'U_EMAIL' => $user_info['email'], 'U_REPORT' => $config['allow_pm_report'] ? append_sid("{$phpbb_root_path}report.{$phpEx}", "pm=" . $message_row['msg_id']) : '', 'U_QUOTE' => $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS ? "{$url}&mode=compose&action=quote&f={$folder_id}&p=" . $message_row['msg_id'] : '', 'U_EDIT' => ($message_row['message_time'] > time() - $config['pm_edit_time'] * 60 || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit') ? "{$url}&mode=compose&action=edit&f={$folder_id}&p=" . $message_row['msg_id'] : '', 'U_POST_REPLY_PM' => $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS ? "{$url}&mode=compose&action=reply&f={$folder_id}&p=" . $message_row['msg_id'] : '', 'U_POST_REPLY_ALL' => $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS ? "{$url}&mode=compose&action=reply&f={$folder_id}&reply_to_all=1&p=" . $message_row['msg_id'] : '', 'U_PREVIOUS_PM' => "{$url}&f={$folder_id}&p=" . $message_row['msg_id'] . "&view=previous", 'U_NEXT_PM' => "{$url}&f={$folder_id}&p=" . $message_row['msg_id'] . "&view=next", 'U_PM_ACTION' => $url . '&mode=compose&f=' . $folder_id . '&p=' . $message_row['msg_id'], 'S_HAS_ATTACHMENTS' => sizeof($attachments) ? true : false, 'S_DISPLAY_NOTICE' => $display_notice && $message_row['message_attachment'], 'S_AUTHOR_DELETED' => $author_id == ANONYMOUS ? true : false, 'S_SPECIAL_FOLDER' => in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)), 'S_PM_RECIPIENTS' => $num_recipients, 'U_PRINT_PM' => $config['print_pm'] && $auth->acl_get('u_pm_printpm') ? "{$url}&f={$folder_id}&p=" . $message_row['msg_id'] . "&view=print" : '', 'U_FORWARD_PM' => $config['forward_pm'] && $auth->acl_get('u_sendpm') && $auth->acl_get('u_pm_forward') ? "{$url}&mode=compose&action=forward&f={$folder_id}&p=" . $message_row['msg_id'] : ''));
// Display not already displayed Attachments for this post, we already parsed them. ;)
if (isset($attachments) && sizeof($attachments)) {
foreach ($attachments as $attachment) {
$template->assign_block_vars('attachment', array('DISPLAY_ATTACHMENT' => $attachment));
}
}
if (!isset($_REQUEST['view']) || $_REQUEST['view'] != 'print') {
// Message History
if (message_history($msg_id, $user->data['user_id'], $message_row, $folder)) {
$template->assign_var('S_DISPLAY_HISTORY', true);
}
}
}
function get_signin_log($username)
{
$profile = get_user_information($username);
if ($profile == null) {
return array();
}
$sql = 'SELECT * FROM `ewu_signin_log` WHERE `account` = ? OR `account` = ? ORDER BY `log_id` DESC LIMIT 20';
$a_params = array($profile['username'], $profile['email']);
/* the following line aims to make php happy
* when the table has few rows, db may choose to scan the whole table,which is fater
*while php force us to use index
*/
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$result = (new MysqlPDO())->executeQuery($sql, $a_params);
return $result;
}
signout();
header('location:login.php?a=signout');
exit;
}
switch ($page_type) {
case 'profile':
$profile = get_user_information($username);
if ($profile == null) {
header('location:index.php?a=notloged');
exit;
}
break;
case 'changepwd':
break;
case 'verify':
$profile = get_user_information($username);
break;
case 'logs':
$logs = get_log_by_username($username);
break;
default:
break;
}
?>
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="utf-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<!-- 上述3个meta标签*必须*放在最前面,任何其他内容都*必须*跟随其后! -->
}
}
} else {
$pid = 0;
}
if ($pid == 0) {
header('HTTP/1.1 404 Not Found');
echo '<html>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>';
echo '<h1>啊哦,该商品不存在或已经下架,记得下次早点哦</h1>';
echo '<h2><a href="index.php">返回首页</a></h2>';
echo '</html>';
exit;
}
$goods = get_all_products(1, 2, false, true);
$profile = get_user_information($detail['owner']);
if ($profile != null) {
$owner = htmlspecialchars($profile['username']);
$u_campus = $area_array[$profile['campus']];
$gender = $profile['gender'];
switch ($gender) {
case 'm':
$gender = '帅哥';
break;
case 'f':
$gender = '美女';
break;
default:
$gender = '保密';
break;
}
<?php
include_once "./includes/application_top.php";
if (!@wrap_session_is_registered('valid_user')) {
header('Location: ' . href_link(FILENAME_LOGIN, 'origin=' . FILENAME_UPDATE, 'NONSSL'));
wrap_exit();
}
$page_title = "Update User Information";
$page_error_message = '';
$update_result = false;
// default
if ($_POST['update'] == "") {
$user_info_fields = get_user_information($_SESSION['valid_user']);
if (!(count($user_info_fields) > 0)) {
$page_error_message = "Your user information could not be found! Please try again. " . $_SESSION['valid_user'] . "";
$update_result = false;
} else {
// Set the $_POST variable for the Form fields below.
foreach (array_keys($user_info_fields) as $key) {
$_POST[$key] = addslashes($user_info_fields[$key]);
}
}
} else {
if ($_POST['update'] != "") {
// Update Form Submit
if ($_POST['username'] == "" || $_POST['email'] == "") {
// check forms filled in - required fields
$page_title = "Problem Updating User Information!";
$page_error_message = "You have not filled the form out correctly. " . "Please make sure to fill out all required fields.";
} elseif (!validate_email($_POST['email'])) {
// email address not valid
是否支持还价:
如何交易:(例如:当面交易)
详细介绍一下你的宝贝
</textarea>
</div>
</div>
</div>
</div>
<?php
$phone = '';
$campus = 0;
if (isset($_SESSION['ewu_username'])) {
$profile = get_user_information($_SESSION['ewu_username']);
if ($profile != null) {
$phone = $profile['phone'];
$campus = $profile['campus'];
}
}
?>
<div id="contact-info" class="panel panel-default">
<div class="panel-heading">联系信息</div>
<div class="panel-body">
<div class="form-group">
<label class="sr-only" for="inputArea">goods Campus</label>
<div class="input-group">
<div class="input-group-addon">
<span>交易区域</span>
</div>
