$PHORUM['DATA']['URL']['CC5'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_MAIL); $PHORUM['DATA']['URL']['CC6'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_BOARD); $PHORUM['DATA']['URL']['CC7'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_PASSWORD); $PHORUM['DATA']['URL']['CC8'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_UNAPPROVED); $PHORUM['DATA']['URL']['CC9'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_FILES); $PHORUM['DATA']['URL']['CC10'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_USERS); $PHORUM['DATA']['URL']['CC14'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_PRIVACY); $PHORUM['DATA']['URL']['CC15'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_GROUP_MODERATION); $PHORUM['DATA']['URL']['CC16'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_GROUP_MEMBERSHIP); // Determine if the user files functionality is available. $PHORUM["DATA"]["MYFILES"] = ($PHORUM["file_uploads"] || $PHORUM["user"]["admin"]); // Determine if the user is a moderator. $PHORUM["DATA"]["MESSAGE_MODERATOR"] = (count(phorum_user_access_list(PHORUM_USER_ALLOW_MODERATE_MESSAGES)) > 0); $PHORUM["DATA"]["USER_MODERATOR"] = phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_USERS); $PHORUM["DATA"]["GROUP_MODERATOR"] = phorum_user_allow_moderate_group(); $PHORUM["DATA"]["MODERATOR"] = ($PHORUM["DATA"]["USER_MODERATOR"] + $PHORUM["DATA"]["MESSAGE_MODERATOR"] + $PHORUM["DATA"]["GROUP_MODERATOR"]) > 0; // The form action for the common form. $PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url(PHORUM_CONTROLCENTER_ACTION_URL); $user = $PHORUM['user']; // Security messures. unset($user["password"]); unset($user["password_temp"]); unset($user["permissions"]); // Format the user signature using standard message body formatting // or HTML escape it
if ($user_id == $rcpt["user_id"]) continue;
$msg["recipients"][$rcpt["user_id"]] = array(
"username" => $rcpt["username"],
"user_id" => $rcpt["user_id"],
);
}
}
$hide_userselect = 1;
// Setup data for replying privately to a forum post.
} elseif (isset($PHORUM["args"]["message_id"])) {
$message = phorum_db_get_message($PHORUM["args"]["message_id"], "message_id", true);
if (phorum_user_access_allowed(PHORUM_USER_ALLOW_READ) && ($PHORUM["forum_id"]==$message["forum_id"] || $message["forum_id"] == 0)) {
// get url to the message board thread
$origurl = phorum_get_url(PHORUM_READ_URL, $message["thread"], $message["message_id"]);
// Find the real username, because some mods rewrite the
// username in the message table. There will be a better solution
// for selecting recipients, but for now this will fix some
// of the problems.
$user = phorum_user_get($message["user_id"], false);
$msg["subject"] = $message["subject"];
$msg["message"] = $message["body"];
$msg["recipients"][$message["user_id"]] = array(
'username' => $user["username"],
'user_id' => $user["user_id"]
$forums = phorum_db_get_forums( 0, $parent_id );
$PHORUM["DATA"]["FORUMS"] = array();
$forums_shown=false;
foreach( $forums as $forum ) {
if ( $forum["folder_flag"] ) {
$forum["url"] = phorum_get_url( PHORUM_INDEX_URL, $forum["forum_id"] );
} else {
if($PHORUM["hide_forums"] && !phorum_user_access_allowed(PHORUM_USER_ALLOW_READ, $forum["forum_id"])){
continue;
}
$forum["url"] = phorum_get_url( PHORUM_LIST_URL, $forum["forum_id"] );
// if there is only one forum in Phorum, redirect to it.
if ( $parent_id==0 && count( $forums ) < 2 ) {
phorum_redirect_by_url($forum['url']);
exit();
}
if ( $forum["message_count"] > 0 ) {
$forum["last_post"] = phorum_date( $PHORUM["long_date"], $forum["last_post_time"] );
} else {
$forum["last_post"] = " ";
include_once("./common.php");
include_once("./include/moderation_functions.php");
include_once("./include/thread_info.php");
include_once("./include/email_functions.php");
if(!phorum_check_read_common()) {
return;
}
$PHORUM["DATA"]["MODERATOR"] = phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_MESSAGES);
$msgthd_id = (isset($_POST["thread"])) ? (int)$_POST["thread"] : (int)$PHORUM['args'][2];
$mod_step = (isset($_POST["mod_step"])) ? (int)$_POST["mod_step"] : (int)$PHORUM['args'][1];
if(empty($msgthd_id) || !phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_MESSAGES)) {
phorum_return_to_list();
}
// If the user is not fully logged in, send him to the login page.
// because moderation action can vary so much, the only safe bet is to send them
// to the referrer if they are not fully logged in
if(!$PHORUM["DATA"]["FULLY_LOGGEDIN"]){
phorum_redirect_by_url(phorum_get_url(PHORUM_LOGIN_URL, "redir=".$_SERVER["HTTP_REFERER"]));
exit();
}
$template="message";
// set all our URL's
phorum_build_common_urls();
if (! $error_flag)
{
// Is the forum running in a moderated state?
$PHORUM["DATA"]["MODERATED"] =
$PHORUM["moderation"] == PHORUM_MODERATE_ON &&
!phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_MESSAGES);
// Does the user have administrator permissions?
$PHORUM["DATA"]["ADMINISTRATOR"] = $PHORUM["user"]["admin"];
// Does the user have moderator permissions?
$PHORUM["DATA"]["MODERATOR"] =
phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_MESSAGES);
// Ability: Do we allow attachments?
$PHORUM["DATA"]["ATTACHMENTS"] = $PHORUM["max_attachments"] > 0 && phorum_user_access_allowed(PHORUM_USER_ALLOW_ATTACH);
$PHORUM["DATA"]["EMAILNOTIFY"] =
(isset($PHORUM['allow_email_notify']) && !empty($PHORUM['allow_email_notify']))? 1 : 0;
// What special options can this user set for a message?
$PHORUM["DATA"]["OPTION_ALLOWED"] = array(
"sticky" => false, // Sticky flag for message sorting
"announcement" => false, // Announcement flag for message sorting
"allow_reply" => false, // Wheter replies are allowed in the thread
);
// For moderators and administrators.
if (($PHORUM["DATA"]["MODERATOR"] || $PHORUM["DATA"]["ADMINISTRATOR"]) && $message["parent_id"] == 0) {
$PHORUM["DATA"]["OPTION_ALLOWED"]["sticky"] = true;
$PHORUM["DATA"]["OPTION_ALLOWED"]["allow_reply"] = true;
}
if($row['is_unapproved']) {
$row["approve_url"]=phorum_get_url(PHORUM_MODERATION_URL, PHORUM_APPROVE_MESSAGE, $row["message_id"]);
} else {
$row["hide_url"]=phorum_get_url(PHORUM_MODERATION_URL, PHORUM_HIDE_POST, $row["message_id"]);
}
if($build_move_url) {
$row["move_url"] = $URLS["move_url"];
}
$row["merge_url"] = $URLS["merge_url"];
$row["close_url"] = $URLS["close_url"];
$row["reopen_url"] = $URLS["reopen_url"];
}
// allow editing only if logged in, allowed for forum, the thread is open,
// its the same user, and its within the time restriction
if($PHORUM["user"]["user_id"]==$row["user_id"] && phorum_user_access_allowed(PHORUM_USER_ALLOW_EDIT) &&
!$thread_is_closed &&($PHORUM["user_edit_timelimit"] == 0 || $row["datestamp"] + ($PHORUM["user_edit_timelimit"] * 60) >= time())) {
$row["edit"]=1;
if($PHORUM["DATA"]["MODERATOR"]) {
$row["edituser_url"]=$row["edit_url"];
} else {
$row["edituser_url"]=phorum_get_url(PHORUM_POSTING_URL, "edit", $row["message_id"]);
}
}
// this stuff is used in threaded and non threaded.
$row["short_datestamp"] = phorum_date($PHORUM["short_date"], $row["datestamp"]);
$row["datestamp"] = phorum_date($PHORUM["long_date"], $row["datestamp"]);
$row["url"] = phorum_get_url(PHORUM_READ_URL, $row["thread"], $row["message_id"]);
$row["reply_url"] = phorum_get_url(PHORUM_REPLY_URL, $row["thread"], $row["message_id"]);
$row["quote_url"] = phorum_get_url(PHORUM_REPLY_URL, $row["thread"], $row["message_id"], "quote=1");
/**
* This function returns the closest thread that is less than $thread
*/
function phorum_db_get_older_thread($key){
$PHORUM = $GLOBALS["PHORUM"];
settype($key, "int");
$conn = phorum_db_postgresql_connect();
$keyfield = ($PHORUM["float_to_top"]) ? "modifystamp" : "thread";
// are we really allowed to show this thread/message?
$approvedval = "";
if(!phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_MESSAGES) && $PHORUM["moderation"] == PHORUM_MODERATE_ON) {
$approvedval="AND {$PHORUM['message_table']}.status=".PHORUM_STATUS_APPROVED;
} else {
$approvedval="AND {$PHORUM['message_table']}.parent_id = 0";
}
$sql = "select thread from {$PHORUM['message_table']} where forum_id={$PHORUM['forum_id']} $approvedval and $keyfield<$key order by $keyfield desc limit 1";
$res = pg_query($conn, $sql);
if ($err = pg_last_error()) phorum_db_pg_last_error("$err: $sql");
return (pg_num_rows($res)) ? pg_fetch_result($res, 0, "thread") : 0;
}
/**
* A common function for checking the read-permissions for a forum-page
* returns false if access is not allowed and an error page-was output
*/
function phorum_check_read_common()
{
$PHORUM = $GLOBALS['PHORUM'];
$retval = true;
if ( $PHORUM["forum_id"] > 0 && !$PHORUM["folder_flag"] && !phorum_user_access_allowed( PHORUM_USER_ALLOW_READ ) ) {
if ( $PHORUM["DATA"]["LOGGEDIN"] ) {
// if they are logged in and not allowed, they don't have rights
$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["NoRead"];
} else {
// check if they could read if logged in.
// if so, let them know to log in.
if ( ( empty( $PHORUM["DATA"]["POST"]["parentid"] ) && $PHORUM["reg_perms"] &PHORUM_USER_ALLOW_READ ) ) {
$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["PleaseLoginRead"];
} else {
$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["NoRead"];
}
}
phorum_build_common_urls();
include phorum_get_template( "header" );
phorum_hook( "after_header" );
include phorum_get_template( "message" );
phorum_hook( "before_footer" );
include phorum_get_template( "footer" );
$retval = false;
}
return $retval;
}
// In other cases, redirect users that are replying to
// unapproved messages to the message list.
phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));
exit;
}
}
// Do permission checks for editing messages.
if ($mode == "edit")
{
// Check if the user is allowed to edit this post.
$timelim = $PHORUM["user_edit_timelimit"];
$useredit =
$message["user_id"] == $PHORUM["user"]["user_id"] &&
phorum_user_access_allowed(PHORUM_USER_ALLOW_EDIT) &&
! empty($top_parent) &&
! $top_parent["closed"] &&
(! $timelim || $message["datestamp"] + ($timelim * 60) >= time());
// Moderators are allowed to edit message, but not messages from
// announcement threads. Announcements may only be edited by users
// for which the option "announcement" is set as allowed.
$moderatoredit =
$PHORUM["DATA"]["MODERATOR"] &&
$message["forum_id"] == $PHORUM["forum_id"] &&
($message["special"] != "announcement" ||
$PHORUM["DATA"]["OPTION_ALLOWED"]["announcement"]);
if (!$useredit && !$moderatoredit) {
$PHORUM["DATA"]["MESSAGE"] =
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
// //
// You should have received a copy of the Phorum License //
// along with this program. //
////////////////////////////////////////////////////////////////////////////////
if(!defined("PHORUM_CONTROL_CENTER")) return;
$template = "cc_start";
$PHORUM['DATA']['UserPerms'] = phorum_readable_permissions();
$PHORUM['DATA']['PROFILE']['date_added'] = phorum_date( $PHORUM['short_date'], $PHORUM['DATA']['PROFILE']['date_added']);
if( $PHORUM["track_user_activity"] &&
(!empty($PHORUM["user"]["admin"]) ||
(phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_MESSAGES)) ||
(phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_USERS)) ||
!$user["hide_activity"])){
$PHORUM["DATA"]["PROFILE"]["date_last_active"]=phorum_date( $PHORUM['short_date'], $PHORUM["DATA"]["PROFILE"]["date_last_active"]);
} else {
unset($PHORUM["DATA"]["PROFILE"]["date_last_active"]);
}
$PHORUM["DATA"]["PROFILE"]["username"] = htmlspecialchars($PHORUM["DATA"]["PROFILE"]["username"]);
$PHORUM["DATA"]["PROFILE"] = phorum_hook("profile", $PHORUM["DATA"]["PROFILE"]);
/* --------------------------------------------------------------- */
function phorum_readable_permissions()
{
$PHORUM = $GLOBALS['PHORUM'];
