function form_check_csrf_token() { if (!isset($_SERVER['REQUEST_METHOD']) || mb_strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') { return; } if (in_array(basename($_SERVER['PHP_SELF']), get_csrf_exempt_files()) || defined('BH_DISABLE_CSRF')) { return; } if (!($token_name = forum_get_setting('csrf_token_name'))) { html_draw_error(gettext('Sorry, you do not have access to this page.')); } if (!isset($_POST[$token_name]) || $_POST[$token_name] != session::get_csrf_token()) { unset($_POST[$token_name]); session::refresh_csrf_token(); html_draw_error(gettext('Sorry, you do not have access to this page.')); } unset($_POST[$token_name]); }
$logon = null; if (isset($_GET['uid']) && is_numeric($_GET['uid'])) { $uid = $_GET['uid']; if (!($logon = user_get_logon($uid))) { html_draw_error(gettext("Unknown user")); } } else { if (isset($_GET['logon']) && strlen(trim($_GET['logon'])) > 0) { $logon = trim($_GET['logon']); if (($user_array = user_get_by_logon($logon)) !== false) { $uid = $user_array['UID']; } } } if (!isset($uid)) { html_draw_error(gettext("No user specified.")); } // Get the Profile Sections. $profile_sections = profile_sections_get(); // Get the user's profile data. $user_profile = user_get_profile($uid); // User relationship. $peer_relationship = user_get_relationship($uid, $_SESSION['UID']); // Popup title. $page_title = format_user_name($user_profile['LOGON'], $user_profile['NICKNAME']); html_draw_top(array('title' => $page_title, 'js' => array('js/user_profile.js'), 'base_target' => '_blank', 'pm_popup_disabled' => true, 'class' => 'window_title')); echo "<div align=\"center\">\n"; echo " <table width=\"600\" cellpadding=\"0\" cellspacing=\"0\">\n"; echo " <tr>\n"; echo " <td align=\"left\">\n"; echo " <table class=\"box\" width=\"100%\">\n";
html_draw_error(gettext("You must provide a link ID!")); } } if (isset($_POST['parent_fid']) && is_numeric($_POST['parent_fid'])) { $parent_fid = $_POST['parent_fid']; } else { if (isset($_GET['parent_fid']) && is_numeric($_GET['parent_fid'])) { $parent_fid = $_GET['parent_fid']; } else { $parent_fid = 1; } } $creator_uid = links_get_creator_uid($lid); $user_perm_links_moderate = session::check_perm(USER_PERM_LINKS_MODERATE, 0); if (!($link = links_get_single($lid, !$user_perm_links_moderate))) { html_draw_error(gettext("Invalid link ID!")); } if (isset($_POST['cancel'])) { header_redirect("links.php?webtag={$webtag}"); exit; } if (session::logged_in()) { $valid = true; if (isset($_POST['addvote'])) { if (isset($_POST['vote']) && is_numeric($_POST['vote'])) { links_vote($lid, $_POST['vote'], $_SESSION['UID']); $success_msg = gettext("Your vote has been recorded"); } else { $error_msg_array[] = gettext("You must choose a rating!"); $valid = false; }
require_once BH_INCLUDE_PATH . 'logon.inc.php'; require_once BH_INCLUDE_PATH . 'mods_list.inc.php'; require_once BH_INCLUDE_PATH . 'session.inc.php'; require_once BH_INCLUDE_PATH . 'threads.inc.php'; require_once BH_INCLUDE_PATH . 'word_filter.inc.php'; // Check we're logged in correctly if (!session::logged_in()) { html_guest_error(); } if (isset($_GET['fid']) && is_numeric($_GET['fid'])) { $fid = $_GET['fid']; } else { if (isset($_POST['fid']) && is_numeric($_POST['fid'])) { $fid = $_POST['fid']; } else { html_draw_error(gettext("Cannot display folder moderators")); } } $folder_title = folder_get_title($fid); html_draw_top(sprintf('title=%s', sprintf(gettext("Moderator list - %s"), $folder_title)), 'pm_popup_disabled', 'class=window_title'); echo "<div align=\"center\">\n"; echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"550\">\n"; echo " <tr>\n"; echo " <td align=\"left\">\n"; echo " <table class=\"box\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td align=\"left\" class=\"posthead\">\n"; echo " <table class=\"posthead\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td align=\"left\" class=\"subhead\" colspan=\"1\">", gettext("Moderator list"), " - ", $folder_title, "</td>\n"; echo " </tr>\n";
echo " </tr>\n"; echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; if ($admin_edit === true) { echo " <tr>\n"; echo " <td align=\"center\">", form_submit("save", gettext("Save")), " ", form_submit("cancel", gettext("Cancel")), "</td>\n"; echo " </tr>\n"; } else { echo " <tr>\n"; echo " <td align=\"center\">", form_submit("save", gettext("Save")), "</td>\n"; echo " </tr>\n"; } echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " </table>\n"; echo "</form>\n"; if ($admin_edit === true) { echo "</div>\n"; } html_draw_bottom(); } else { html_draw_error(gettext("The forum owner has not set up Profiles.")); }
html_display_warning_msg(sprintf('%s<p>%s</p>%s', gettext("<b>All</b> matches against the whole text so filtering mom to mum will also change moment to mument."), gettext("<b>Whole Word</b> matches against whole words only so filtering mom to mum will NOT change moment to mument."), gettext("<b>PREG</b> allows you to use Perl Regular Expressions to match text.")), '600', 'left'); echo "</form>\n"; html_draw_bottom(); } else { if (isset($_POST['filter_id']) || isset($_GET['filter_id'])) { if (isset($_POST['filter_id']) && is_numeric($_POST['filter_id'])) { $filter_id = $_POST['filter_id']; } else { if (isset($_GET['filter_id']) && is_numeric($_GET['filter_id'])) { $filter_id = $_GET['filter_id']; } else { html_draw_error(gettext("You must specify a filter ID")); } } if (!($word_filter_array = user_get_word_filter($filter_id))) { html_draw_error(gettext("Invalid Filter ID")); exit; } html_draw_top(sprintf('title=%s', gettext("My Controls - Edit Word Filter")), 'class=window_title'); echo "<h1>", gettext("Edit Word Filter"), "</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '600', 'left'); } echo "<br />\n"; echo "<form accept-charset=\"utf-8\" name=\"startpage\" method=\"post\" action=\"edit_wordfilter.php\">\n"; echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n"; echo " ", form_input_hidden('filter_id', htmlentities_array($filter_id)), "\n"; echo " ", form_input_hidden("delete_filters[{$filter_id}]", 'Y'), "\n"; echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"600\">\n"; echo " <tr>\n"; echo " <td align=\"left\">\n";
echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"center\">", form_submit("user_alias_submit", gettext("Update")), " ", form_submit("cancel", gettext("Back")), "</td>\n"; echo " </tr>\n"; echo " </table>\n"; echo "</form>\n"; echo "</div>\n"; html_draw_bottom(); exit; } else { if ($action == 'delete_user') { if (!session::check_perm(USER_PERM_ADMIN_TOOLS, 0, 0)) { html_draw_error(gettext("You do not have permission to use this section."), 'admin_user.php', 'get', array('back' => gettext("Back")), array('uid' => $uid)); } html_draw_top("title={$page_title}", 'class=window_title'); echo "<h1>{$page_title}</h1>\n"; echo "<br />\n"; echo "<div align=\"center\">\n"; echo "<form accept-charset=\"utf-8\" name=\"admin_user_form\" action=\"admin_user.php\" method=\"post\">\n"; echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n"; echo " ", form_input_hidden("uid", htmlentities_array($uid)), "\n"; echo " ", form_input_hidden("action", htmlentities_array($action)), "\n"; echo " ", form_input_hidden("ret", htmlentities_array("admin_user.php?webtag={$webtag}&uid={$uid}")), "\n"; echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"600\">\n"; echo " <tr>\n"; echo " <td align=\"left\">\n"; echo " <table class=\"box\" width=\"100%\">\n"; echo " <tr>\n";
} } if (isset($_POST['remove'])) { if (isset($_POST['remove_user']) && is_array($_POST['remove_user'])) { foreach ($_POST['remove_user'] as $uid) { if (perm_user_in_group($uid, $gid)) { perm_remove_user_from_group($uid, $gid); if (($user_logon = user_get_logon($uid)) && ($group_name = perm_get_group_name($gid))) { admin_add_log_entry(REMOVE_USER_FROM_GROUP, array($user_logon, $group_name)); } } } } } if (!($group = perm_get_group($gid))) { html_draw_error(gettext("Supplied GID is not a user group"), 'admin_user_groups.php', 'get', array('back' => gettext("Back"))); } html_draw_top(array('title' => sprintf(gettext('Admin - Manage User Groups - %s - Add/Remove Users'), $group['GROUP_NAME']), 'class' => 'window_title', 'main_css' => 'admin.css')); $group_users_array = perm_group_get_users($gid, $start_main); echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Manage User Groups"), html_style_image('separator'), "{$group['GROUP_NAME']}", html_style_image('separator'), "", gettext("Add/Remove Users"), "</h1>\n"; if (isset($_GET['added'])) { html_display_success_msg(gettext("Successfully added group. Add users to this group by searching for them below."), '800', 'center'); } else { if (sizeof($group_users_array['user_array']) < 1) { html_display_warning_msg(gettext("There are no users in this group. Add users to this group by searching for them below."), '800', 'center'); } } echo "<br />\n"; echo "<div align=\"center\">\n"; echo "<form accept-charset=\"utf-8\" name=\"f_folders\" action=\"admin_user_groups_edit_users.php\" method=\"post\">\n"; echo " ", form_csrf_token_field(), "\n";
// If attachments are disabled then no need to go any further. if (forum_get_setting('attachments_enabled', 'N')) { html_draw_error(gettext("Attachments have been disabled by the forum owner.")); } // If the attachments directory is undefined we can't go any further if (!($attachment_dir = attachments_check_dir())) { html_draw_error(gettext("Attachments have been disabled by the forum owner.")); } // If no AID we must stop. if (isset($_GET['aid']) && is_md5($_GET['aid'])) { $aid = $_GET['aid']; } else { if (isset($_POST['aid']) && is_md5($_POST['aid'])) { $aid = $_POST['aid']; } else { html_draw_error(gettext("AID not specified.")); } } // User's UID $uid = session::get_value('UID'); // Maximum attachment space $max_attachment_space = attachments_get_max_space(); // Get user's free attachment space. $users_free_space = attachments_get_free_space($uid, $aid); // Get the array of allowed attachment mime-types $attachment_mime_types = attachments_get_mime_types(); // Accumlative attachment file size. $total_attachment_size = 0; // Check that $attachment_dir does not have a slash on the end of it. if (mb_substr($attachment_dir, -1) == '/') { $attachment_dir = mb_substr($attachment_dir, 0, -1);
echo " </form>\n"; echo "</div>\n"; html_draw_bottom(); } else { if (isset($_POST['lid']) || isset($_GET['lid'])) { if (isset($_POST['lid']) && is_numeric($_POST['lid'])) { $lid = $_POST['lid']; } else { if (isset($_GET['lid']) && is_numeric($_GET['lid'])) { $lid = $_GET['lid']; } else { html_draw_error(gettext("Invalid link id or link not found"), 'admin_forum_links.php', 'get', array('back' => gettext("Back"))); } } if (!($forum_link = forum_links_get_link($lid))) { html_draw_error(gettext("Invalid link id or link not found"), 'admin_forum_links.php', 'get', array('back' => gettext("Back"))); } html_draw_top(array('title' => sprintf(gettext('Admin - Forum Links - Edit Link - %s'), $forum_link['TITLE']), 'class' => 'window_title', 'main_css' => 'admin.css')); echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Forum Links"), html_style_image('separator'), gettext("Edit Link"), html_style_image('separator'), word_filter_add_ob_tags($forum_link['TITLE'], true), "</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '700', 'center'); } echo "<br />\n"; echo "<div align=\"center\">\n"; echo " <form accept-charset=\"utf-8\" name=\"thread_options\" action=\"admin_forum_links.php\" method=\"post\" target=\"_self\">\n"; echo " ", form_csrf_token_field(), "\n"; echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n"; echo " ", form_input_hidden('lid', htmlentities_array($lid)), "\n"; echo " ", form_input_hidden("t_delete[{$lid}]", "Y"), "\n"; echo " ", form_input_hidden('page', htmlentities_array($page)), "\n"; echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"700\">\n";
} // Load the user prefs $user_prefs = user_get_prefs($_SESSION['UID']); // Get the fontsize parameter $fontsize = isset($_GET['fontsize']) ? $_GET['fontsize'] : null; // Calculate the new font size. switch ($fontsize) { case 'smaller': $user_prefs = array('FONT_SIZE' => $user_prefs['FONT_SIZE'] - 1); break; case 'larger': $user_prefs = array('FONT_SIZE' => $user_prefs['FONT_SIZE'] + 1); break; default: $user_prefs = array('FONT_SIZE' => $user_prefs['FONT_SIZE']); break; } // Check the font size is not lower than 5 if ($user_prefs['FONT_SIZE'] < 5) { $user_prefs['FONT_SIZE'] = 5; } // Check the font size is not greater than 15 if ($user_prefs['FONT_SIZE'] > 15) { $user_prefs['FONT_SIZE'] = 15; } // Update the user prefs. if (!user_update_prefs($_SESSION['UID'], $user_prefs)) { html_draw_error(gettext("Your user preferences could not be updated. Please try again later.")); } // Redirect back to the messages. header_redirect("messages.php?webtag={$webtag}&msg={$msg}&font_resize=1");
if (count($edit_message) > 0) { if ($edit_message['CONTENT'] = message_get_content($tid, $pid)) { if ((forum_get_setting('allow_post_editing', 'N') || $uid != $edit_message['FROM_UID'] && !(perm_get_user_permissions($edit_message['FROM_UID']) & USER_PERM_PILLORIED) || session::check_perm(USER_PERM_PILLORIED, 0) || $post_edit_time > 0 && time() - $edit_message['CREATED'] >= $post_edit_time * HOUR_IN_SECONDS) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg)); } if (forum_get_setting('require_post_approval', 'Y') && isset($edit_message['APPROVED']) && $edit_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg)); } $parsed_message = new MessageTextParse($edit_message['CONTENT']); $t_content = $parsed_message->getMessage(); $t_sig = $parsed_message->getSig(); } else { html_draw_error(sprintf(gettext("Message %s was not found"), $msg), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg)); } } else { html_draw_error(sprintf(gettext("Message %s was not found"), $msg), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $msg)); } } } } $page_title = sprintf(gettext("Edit message %s"), $msg); html_draw_top("title={$page_title}", "resize_width=785", "basetarget=_blank", "attachments.js", "dictionary.js", "emoticons.js", "post.js", 'class=window_title'); echo "<h1>{$page_title}</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '785', 'left'); } echo "<br /><form accept-charset=\"utf-8\" name=\"f_post\" action=\"edit.php\" method=\"post\" target=\"_self\">\n"; echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n"; echo " ", form_input_hidden('msg', htmlentities_array($msg)), "\n"; echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"785\" class=\"max_width\">\n"; echo " <tr>\n";
require_once 'boot.php'; // Includes required by this page. require_once BH_INCLUDE_PATH . 'constants.inc.php'; require_once BH_INCLUDE_PATH . 'form.inc.php'; require_once BH_INCLUDE_PATH . 'format.inc.php'; require_once BH_INCLUDE_PATH . 'header.inc.php'; require_once BH_INCLUDE_PATH . 'html.inc.php'; require_once BH_INCLUDE_PATH . 'lang.inc.php'; require_once BH_INCLUDE_PATH . 'links.inc.php'; require_once BH_INCLUDE_PATH . 'logon.inc.php'; require_once BH_INCLUDE_PATH . 'perm.inc.php'; require_once BH_INCLUDE_PATH . 'session.inc.php'; require_once BH_INCLUDE_PATH . 'word_filter.inc.php'; // Check links section is enabled if (!forum_get_setting('show_links', 'Y')) { html_draw_error(gettext("You may not access this section.")); } $folders = links_folders_get(!session::check_perm(USER_PERM_LINKS_MODERATE, 0)); if (isset($_GET['fid']) && isset($folders[$_GET['fid']])) { $fid = $_GET['fid']; } else { if (is_array($folders)) { list($fid) = array_keys($folders); } else { links_create_top_folder(gettext("Top Level")); header_redirect("links.php?webtag={$webtag}&fid=1"); } } if (isset($_GET['action'])) { if (session::check_perm(USER_PERM_LINKS_MODERATE, 0) && $_GET['action'] == "folderhide") { links_folder_change_visibility($fid, false);
} else { html_draw_error(gettext("You must specify type of search to perform")); } } // Check the multi selection with the type if ($type == SEARCH_THREAD) { $multi = 'N'; } // Form Object ID if (isset($_POST['obj_id']) && strlen(trim($_POST['obj_id'])) > 0) { $obj_id = trim($_POST['obj_id']); } else { if (isset($_GET['obj_id']) && strlen(trim($_GET['obj_id'])) > 0) { $obj_id = trim($_GET['obj_id']); } else { html_draw_error(gettext("No form object specified for return text")); } } // Current selection if (isset($_POST['selected']) && is_array($_POST['selected'])) { $selected_array = array_unique($_POST['selected']); } else { if (isset($_GET['selected']) && strlen(trim($_GET['selected'])) > 0) { $selected_array = array_unique(preg_split('/,\\s*/u', trim($_GET['selected'], ', '))); } else { $selected_array = array(); } } // Make sure the selected_array is not greater than maxmium if ($type == SEARCH_LOGON && $multi === 'Y') { $selected_array = array_splice($selected_array, 0, 10);
list($thread_info, $folder_order, $thread_count) = threads_get_sticky($uid, $folder, $page); break; case MOST_UNREAD_POSTS: list($thread_info, $folder_order, $thread_count) = threads_get_longest_unread($uid, $folder, $page); break; case DELETED_THREADS: list($thread_info, $folder_order, $thread_count) = threads_get_deleted($uid, $folder, $page); break; default: list($thread_info, $folder_order, $thread_count) = threads_get_all($uid, $folder, $page); break; } // Now, the actual bit that displays the threads... // Get folder FIDs and titles if (!($folder_info = threads_get_folders())) { html_draw_error(gettext("There are no folders available.")); } // Get total number of messages for each folder $folder_msgs = threads_get_folder_msgs(); // Check that the folder order is a valid array. if (!is_array($folder_order)) { $folder_order = array(); } // Check the folder display order. if (session::get_value('THREADS_BY_FOLDER') == 'Y') { $folder_order = array_keys($folder_info); } // Check for a message to display and re-order the thread list. if (isset($_REQUEST['msg']) && validate_msg($_REQUEST['msg'])) { list($selected_tid) = explode('.', $_REQUEST['msg']); if ($thread = thread_get($selected_tid)) {
require_once BH_INCLUDE_PATH . 'post.inc.php'; require_once BH_INCLUDE_PATH . 'session.inc.php'; require_once BH_INCLUDE_PATH . 'styles.inc.php'; require_once BH_INCLUDE_PATH . 'text_captcha.inc.php'; require_once BH_INCLUDE_PATH . 'timezone.inc.php'; require_once BH_INCLUDE_PATH . 'user.inc.php'; // Where are we going after we've logged on? if (isset($_GET['final_uri']) && strlen(trim($_GET['final_uri'])) > 0) { $available_files_preg = implode("|^", array_map('preg_quote_callback', get_available_files())); if (preg_match("/^{$available_files_preg}/u", trim($_GET['final_uri'])) > 0) { $final_uri = href_cleanup_query_keys($_GET['final_uri']); } } // check to see if user registration is available if (forum_get_setting('allow_new_registrations', 'N')) { html_draw_error(gettext("Sorry, new user registrations are not allowed right now. Please check back later.")); } // Get an array of available emoticon sets $available_emoticons = emoticons_get_available(); // Get an array of available languages $available_langs = lang_get_available(); // Get an array of available timezones. $available_timezones = get_available_timezones(); // Initialise the text captcha $text_captcha = new captcha(6, 15, 25, 9, 30); // Array to hold error messages $error_msg_array = array(); // Top frame target $frame_top_target = html_get_top_frame_name(); if (isset($_GET['private_key']) && strlen(trim($_GET['private_key'])) > 0) { $text_captcha_private_key = trim($_GET['private_key']);
function post_edit_refuse($tid, $pid) { html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => "{$tid}.{$pid}")); }
if (links_add_folder($fid, $name, $_SESSION['UID'], true)) { header_redirect("links.php?webtag={$webtag}&fid={$fid}&folder_added={$name}"); exit; } else { $error_msg_array[] = gettext("Failed to add folder"); $valid = false; } } } else { if (isset($_GET['fid']) && is_numeric($_GET['fid'])) { $fid = $_GET['fid']; if ($_GET['mode'] == 'link' && !in_array($fid, array_keys($folders))) { html_draw_error(gettext("You must specify a valid folder!")); } } else { html_draw_error(gettext("You must specify a folder!")); } } } if ($mode == LINKS_ADD_LINK) { html_draw_top(array('title' => gettext("Links - Add a link"), 'class' => 'window_title')); echo "<h1>", gettext("Links"), html_style_image('separator'), gettext("Add a link"), "</h1>\n"; echo "<p>", gettext("Adding link in"), ": <b>" . links_get_folder_path_links($fid, $folders, false) . "</b></p>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '500', 'left'); } echo "<form accept-charset=\"utf-8\" name=\"linkadd\" action=\"links_add.php\" method=\"post\" target=\"_self\">\n"; echo " ", form_csrf_token_field(), "\n"; echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n"; echo " ", form_input_hidden("fid", htmlentities_array($fid)) . "\n"; echo " ", form_input_hidden("mode", LINKS_ADD_LINK) . "\n";
$available_files_preg = implode("|^", array_map('preg_quote_callback', get_available_files())); if (preg_match("/^{$available_files_preg}/u", basename($ret)) < 1) { $ret = "admin_forums.php?webtag={$webtag}"; } } if (isset($_POST['back'])) { header_redirect($ret); } if (isset($_POST['enable'])) { if (forum_update_access($forum_fid, FORUM_RESTRICTED)) { header_redirect("admin_forum_access.php?webtag={$webtag}"); exit; } } if (!forum_get_setting('access_level', FORUM_RESTRICTED)) { html_draw_error(gettext("Forum is not set to Restricted Mode. Do you want to enable it now?"), 'admin_forum_access.php', 'post', array('enable' => gettext("Enable"), 'back' => gettext("Back")), array('ret' => $ret), false, 'center'); } if (isset($_GET['page']) && is_numeric($_GET['page'])) { $main_page = $_GET['main_page']; } else { if (isset($_POST['main_page']) && is_numeric($_POST['main_page'])) { $main_page = $_POST['main_page']; } else { $main_page = 1; } } if (isset($_GET['search_page']) && is_numeric($_GET['search_page'])) { $search_page = $_GET['search_page']; } else { if (isset($_POST['search_page']) && is_numeric($_POST['search_page'])) { $search_page = $_POST['search_page'];
} else { if (isset($_GET['print_msg']) && validate_msg($_GET['print_msg'])) { $msg = $_GET['print_msg']; list($tid, $pid) = explode('.', $msg); } else { html_draw_error(gettext("Invalid Message ID or no Message ID specified.")); } } if (!($thread_data = thread_get($tid, session::check_perm(USER_PERM_ADMIN_TOOLS, 0)))) { html_draw_error(gettext("The requested thread could not be found or access was denied.")); } if (!($folder_data = folder_get($thread_data['FID']))) { html_draw_error(gettext("The requested folder could not be found or access was denied.")); } if (!($message = messages_get($tid, $pid, 1))) { html_draw_error(gettext("That post does not exist in this thread!")); } html_draw_top("title={$thread_data['TITLE']}", "post.js", "basetarget=_blank", 'class=window_title'); if (isset($thread_data['STICKY']) && isset($thread_data['STICKY_UNTIL'])) { if ($thread_data['STICKY'] == "Y" && $thread_data['STICKY_UNTIL'] != 0 && time() > $thread_data['STICKY_UNTIL']) { thread_set_sticky($tid, false); $thread_data['STICKY'] = "N"; } } $show_sigs = session::get_value('VIEW_SIGS') == 'N' ? false : true; echo "<div align=\"center\">\n"; echo "<table width=\"96%\" border=\"0\">\n"; echo " <tr>\n"; echo " <td align=\"left\">", messages_top($tid, $pid, $thread_data['FID'], $folder_data['TITLE'], $thread_data['TITLE'], $thread_data['INTEREST'], $folder_data['INTEREST'], $thread_data['STICKY'], $thread_data['CLOSED'], $thread_data['ADMIN_LOCK'], $thread_data['DELETED'] == 'Y', true), "</td>\n"; echo " <td align=\"right\">", messages_social_links($tid), "</td>\n"; echo " </tr>\n";
echo " </form>\n"; echo "</div>\n"; html_draw_bottom(); } else { if (isset($_POST['feed_id']) || isset($_GET['feed_id'])) { if (isset($_POST['feed_id']) && is_numeric($_POST['feed_id'])) { $feed_id = $_POST['feed_id']; } else { if (isset($_GET['feed_id']) && is_numeric($_GET['feed_id'])) { $feed_id = $_GET['feed_id']; } else { html_draw_error(gettext("Invalid feed id or feed not found"), 'admin_rss_feeds.php', 'get', array('back' => gettext("Back"))); } } if (!($rss_feed = rss_feed_get($feed_id))) { html_draw_error(gettext("Invalid feed id or feed not found"), 'admin_rss_feeds.php', 'get', array('back' => gettext("Back"))); } html_draw_top(sprintf('title=%s', sprintf(gettext("Admin - RSS Feeds - Edit Feed - %s"), $rss_feed['NAME'])), 'search_popup.js', 'class=window_title'); echo "<h1>", gettext("Admin"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("RSS Feeds"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("Edit Feed"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", word_filter_add_ob_tags($rss_feed['NAME'], true), "</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '500', 'center'); } else { if (isset($rss_stream_success)) { html_display_success_msg($rss_stream_success, '500', 'center'); } } echo "<br />\n"; echo "<div align=\"center\">\n"; echo " <form accept-charset=\"utf-8\" name=\"thread_options\" action=\"admin_rss_feeds.php\" method=\"post\" target=\"_self\">\n"; echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n"; echo " ", form_input_hidden('feed_id', htmlentities_array($feed_id)), "\n";
if (!($user_peer = user_get($peer_uid))) { html_draw_error(gettext("Invalid username!")); } } else { if (isset($_POST['uid']) && is_numeric($_POST['uid'])) { $peer_uid = $_POST['uid']; if (!($user_peer = user_get($peer_uid))) { html_draw_error(gettext("Invalid username!")); } } else { html_draw_error(gettext("No user specified!")); } } // Cannot modify relationship settings for the current account if ($peer_uid == $_SESSION['UID']) { html_draw_error(gettext("You cannot change user relationship for your own user account")); } // Fetch the perms of the peer $peer_perms = perm_get_user_permissions($peer_uid); // Form submt code if (isset($_POST['save'])) { $peer_user_status = (double) isset($_POST['peer_user_status']) ? $_POST['peer_user_status'] : 0; $peer_sig_display = (double) isset($_POST['peer_sig_display']) ? $_POST['peer_sig_display'] : 0; $peer_block_pm = (double) isset($_POST['peer_block_pm']) ? $_POST['peer_block_pm'] : 0; $peer_relationship = (double) $peer_user_status | $peer_sig_display | $peer_block_pm; if (isset($_POST['nickname']) && strlen(trim($_POST['nickname'])) > 0) { $peer_nickname = strip_tags(trim($_POST['nickname'])); } else { if (!($peer_nickname = user_get_nickname($peer_uid))) { $peer_nickname = ""; }
exit; } else { $error_msg_array[] = gettext("Error creating post! Please try again in a few minutes."); } } else { $error_msg_array[] = sprintf(gettext("You can only post once every %s seconds. Please try again later."), forum_get_setting('minimum_post_frequency', null, 0)); } } if (!isset($t_fid)) { $t_fid = 1; } if ($new_thread && !($folder_dropdown = folder_draw_dropdown($t_fid, "t_fid", "", FOLDER_ALLOW_NORMAL_THREAD, USER_PERM_THREAD_CREATE, "", "post_folder_dropdown"))) { html_draw_error(gettext("You cannot create new threads.")); } if (isset($thread_data['CLOSED']) && $thread_data['CLOSED'] > 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_error(gettext("This thread is closed, you cannot post in it!")); } html_draw_top(sprintf("title=%s", gettext("Post message")), "resize_width=785", "basetarget=_blank", "post.js", "attachments.js", "emoticons.js", "dictionary.js", 'search.js', 'search_popup.js', 'class=window_title'); echo "<h1>", gettext("Post message"), "</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '785', 'left'); } if (!$new_thread && isset($thread_data['CLOSED']) && $thread_data['CLOSED'] > 0 && session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_display_warning_msg(gettext("Warning: this thread is closed for posting to normal users."), '785', 'left'); } echo "<br /><form accept-charset=\"utf-8\" name=\"f_post\" action=\"post.php\" method=\"post\" target=\"_self\">\n"; echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n"; echo " ", form_input_hidden('t_dedupe', htmlentities_array($t_dedupe)), "\n"; echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"785\" class=\"max_width\">\n"; echo " <tr>\n"; echo " <td align=\"left\">\n";
echo " </form>\n"; echo "</div>\n"; html_draw_bottom(); } else { if (isset($_POST['psid']) || isset($_GET['psid'])) { if (isset($_POST['psid']) && is_numeric($_POST['psid'])) { $psid = $_POST['psid']; } else { if (isset($_GET['psid']) && is_numeric($_GET['psid'])) { $psid = $_GET['psid']; } else { html_draw_error(gettext("Invalid profile section ID or section not found"), 'admin_prof_sect.php', 'get', array('back' => gettext("Back"))); } } if (!($profile_section = profile_get_section($psid))) { html_draw_error(gettext("Invalid profile section ID or section not found"), 'admin_prof_sect.php', 'get', array('back' => gettext("Back"))); } html_draw_top(array('title' => sprintf(gettext('Admin - Manage Profile Sections - %s'), $profile_section['NAME']), 'class' => 'window_title', 'main_css' => 'admin.css')); echo "<h1>", gettext("Admin"), html_style_image('separator'), gettext("Manage Profile Sections"), html_style_image('separator'), word_filter_add_ob_tags($profile_section['NAME'], true), "</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '700', 'center'); } echo "<br />\n"; echo "<div align=\"center\">\n"; echo " <form accept-charset=\"utf-8\" name=\"thread_options\" action=\"admin_prof_sect.php\" method=\"post\" target=\"_self\">\n"; echo " ", form_csrf_token_field(), "\n"; echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n"; echo " ", form_input_hidden('psid', htmlentities_array($psid)), "\n"; echo " ", form_input_hidden('page', htmlentities_array($page)), "\n"; echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"700\">\n"; echo " <tr>\n";
if ($high_interest == "Y") { thread_set_high_interest($tid); } } if (isset($tid) && $tid > 0) { $uri = "discussion.php?webtag={$webtag}&msg={$tid}.1"; } else { $uri = "discussion.php?webtag={$webtag}"; } header_redirect($uri); } else { $error_msg_array[] = sprintf(gettext("You can only post once every %s seconds. Please try again later."), forum_get_setting('minimum_post_frequency', null, 0)); } } if (!($folder_dropdown = folder_draw_dropdown($fid, "fid", "", FOLDER_ALLOW_POLL_THREAD, USER_PERM_THREAD_CREATE, "", "post_folder_dropdown"))) { html_draw_error(gettext("You cannot create new threads.")); } html_draw_top(sprintf("title=%s", gettext("Create Poll")), "basetarget=_blank", "resize_width=785", "post.js", "poll.js", "attachments.js", "dictionary.js", "emoticons.js", 'class=window_title'); echo "<h1>", gettext("Create Poll"), "</h1>\n"; if (isset($error_msg_array) && sizeof($error_msg_array) > 0) { html_display_error_array($error_msg_array, '785', 'left'); } echo "<br />\n"; echo "<form accept-charset=\"utf-8\" name=\"f_poll\" action=\"create_poll.php\" method=\"post\" target=\"_self\">\n"; echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n"; echo " ", form_input_hidden('dedupe', htmlentities_array($dedupe)), "\n"; echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"785\" class=\"max_width\">\n"; echo " <tr>\n"; echo " <td align=\"left\">\n"; echo " <table class=\"box\" width=\"100%\">\n"; echo " <tr>\n";
if (isset($_POST['offset_match']) && is_numeric($_POST['offset_match'])) { $offset_match = $_POST['offset_match']; } else { $offset_match = 0; } // Restart the spell check if (isset($_POST['restart'])) { $current_word = -1; $offset_match = 0; $t_ignored_words = array(); } // New instance of the dictionary $dictionary = new dictionary(); // Check it's installed if (!$dictionary->is_installed()) { html_draw_error(gettext("No dictionary has been installed. Please contact the forum owner to remedy this.")); } // Initialise it $dictionary->initialise($t_content, $t_ignored_words, $current_word, $obj_id, $offset_match); // Check for submit if (isset($_POST['ignoreall'])) { // User wants to ignore all references to the current word $dictionary->add_ignored_word($dictionary->get_current_word()); $dictionary->find_next_word(); } else { if (isset($_POST['add'])) { // User wants to add the current word to his dictionary if (isset($_POST['word']) && strlen(trim($_POST['word'])) > 0) { $t_custom_word = trim($_POST['word']); $dictionary->add_custom_word($t_custom_word); }
function forum_restricted_message() { $final_uri = basename(get_request_uri()); $popup_files_preg = get_available_js_popup_files_preg(); if (preg_match("/^{$popup_files_preg}/", $final_uri) > 0) { $forum_owner_link_target = "_blank"; } else { $forum_owner_link_target = html_get_top_frame_name(); } if ($restricted_message = forum_get_setting('restricted_message')) { html_draw_error(fix_html($restricted_message), '600', 'center'); } else { $forum_name = forum_get_setting('forum_name', null, 'A Beehive Forum'); if (!($forum_owner_uid = forum_get_setting('owner_uid'))) { html_draw_error(sprintf(gettext("You do not have access to %s"), htmlentities_array($forum_name))); } $webtag = get_webtag(); $forum_owner_pm_link = sprintf('pm_write.php?webtag=%s&uid=%s', $webtag, $forum_owner_uid); $forum_owner_link = sprintf('<a href="index.php?webtag=%s&final_uri=%s">%s</a>', $webtag, rawurlencode($forum_owner_pm_link), gettext('Forum Owner')); $apply_for_access_text = sprintf(gettext("To apply for access please contact the %s."), $forum_owner_link); html_draw_error(sprintf(gettext("You do not have access to %s. To apply for access please contact the %s"), htmlentities_array($forum_name), $apply_for_access_text)); } }
} header_redirect($uri); } if (!($edit_message = messages_get($tid, 1, 1))) { html_draw_top(sprintf("title=%s", gettext("Error"))); html_display_error_msg(gettext("That post does not exist in this thread!")); html_draw_bottom(); exit; } $post_edit_time = forum_get_setting('post_edit_time', null, 0); $uid = session::get_value('UID'); if ((forum_get_setting('allow_post_editing', 'N') || $uid != $edit_message['FROM_UID'] && !(perm_get_user_permissions($edit_message['FROM_UID']) & USER_PERM_PILLORIED) || session::check_perm(USER_PERM_PILLORIED, 0) || $post_edit_time > 0 && time() - $edit_message['CREATED'] >= $post_edit_time * HOUR_IN_SECONDS) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $edit_message)); } if (forum_get_setting('require_post_approval', 'Y') && isset($edit_message['APPROVED']) && $edit_message['APPROVED'] == 0 && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_error(gettext("You are not permitted to edit this message."), 'discussion.php', 'get', array('back' => gettext("Back")), array('msg' => $edit_message)); } if ($preview_message = messages_get($tid, $pid, 1)) { $preview_message['CONTENT'] = message_get_content($tid, $pid); if (strlen(trim($preview_message['CONTENT'])) < 1 && !thread_is_poll($tid)) { html_draw_top(sprintf("title=%s", gettext("Error"))); post_edit_refuse($tid, $pid); html_draw_bottom(); exit; } if ((session::get_value('UID') != $preview_message['FROM_UID'] || session::check_perm(USER_PERM_PILLORIED, 0)) && !session::check_perm(USER_PERM_FOLDER_MODERATE, $t_fid)) { html_draw_top(sprintf("title=%s", gettext("Error"))); post_edit_refuse($tid, $pid); html_draw_bottom(); exit; }
require_once BH_INCLUDE_PATH . 'html.inc.php'; require_once BH_INCLUDE_PATH . 'lang.inc.php'; require_once BH_INCLUDE_PATH . 'logon.inc.php'; require_once BH_INCLUDE_PATH . 'profile.inc.php'; require_once BH_INCLUDE_PATH . 'session.inc.php'; require_once BH_INCLUDE_PATH . 'stats.inc.php'; require_once BH_INCLUDE_PATH . 'user.inc.php'; require_once BH_INCLUDE_PATH . 'user_profile.inc.php'; require_once BH_INCLUDE_PATH . 'word_filter.inc.php'; // Check we're logged in correctly if (!session::logged_in()) { html_guest_error(); } // Check we have Admin / Moderator access if (!session::check_perm(USER_PERM_ADMIN_TOOLS, 0)) { html_draw_error(gettext("You do not have permission to use this section.")); } // Perform additional admin login. admin_check_credentials(); // Array to hold error messages $error_msg_array = array(); // Empty array for the stats $user_stats_array = array('user_stats' => array()); // Submit code if (isset($_POST['update'])) { $valid = true; if (isset($_POST['from_day']) && is_numeric($_POST['from_day'])) { $from_day = $_POST['from_day']; } else { $error_msg_array[] = gettext("Must choose a start day"); $valid = false;
} if ($search_msg = search_get_first_result_msg()) { html_draw_top('frame_set_html', 'pm_popup_disabled'); $frameset = new html_frameset_cols('discussion', "{$left_frame_width},*"); $frameset->html_frame("search.php?webtag={$webtag}&page=1", html_get_frame_name('left')); $frameset->html_frame("messages.php?webtag={$webtag}&msg={$search_msg}&highlight=yes{$edit_success}{$delete_success}", html_get_frame_name('right')); $frameset->output_html(); html_draw_bottom(true); } else { html_draw_top('frame_set_html', 'pm_popup_disabled'); $frameset = new html_frameset_cols('discussion', "{$left_frame_width},*"); $frameset->html_frame("search.php?webtag={$webtag}&page=1", html_get_frame_name('left')); $frameset->html_frame("search.php?webtag={$webtag}", html_get_frame_name('right')); $frameset->output_html(); html_draw_bottom(true); } } else { if ($msg = messages_get_most_recent($uid)) { html_draw_top('frame_set_html', 'pm_popup_disabled'); $frameset = new html_frameset_cols('discussion', "{$left_frame_width},*"); $frameset->html_frame("thread_list.php?webtag={$webtag}&msg={$msg}", html_get_frame_name('left')); $frameset->html_frame("messages.php?webtag={$webtag}&msg={$msg}{$edit_success}{$delete_success}", html_get_frame_name('right')); $frameset->output_html(); html_draw_bottom(true); } else { html_draw_error(gettext("No Messages")); } } } } }