Esempio n. 1
0
function send_pm($user_from_id, $user_to_id, $pm_subject, $pm_message)
{
    global $ft_cfg, $lang;
    $sql = "SELECT *\r\n\t\tFROM " . USERS_TABLE . " \r\n\t\tWHERE user_id = " . $user_to_id . "\r\n\t\tAND user_id <> " . GUEST_UID;
    if (!($result = DB()->sql_query($sql))) {
        message_die(GENERAL_ERROR, $lang['non_existing_user'], '', __LINE__, __FILE__, $sql);
    }
    $usertodata = DB()->sql_fetchrow($result);
    // prepare pm message
    $bbcode_uid = make_bbcode_uid();
    $pm_message = prepare_message($pm_message, 0, 1, 1, $bbcode_uid);
    $msg_time = time();
    // Do inbox limit stuff
    $sql = "SELECT COUNT(privmsgs_id) AS inbox_items, MIN(privmsgs_date) AS oldest_post_time \r\n\t\tFROM " . PRIVMSGS_TABLE . " \r\n\t\tWHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " \r\n\t\t\tOR privmsgs_type = " . PRIVMSGS_READ_MAIL . "  \r\n\t\t\tOR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) \r\n\t\t\tAND privmsgs_to_userid = " . $usertodata['user_id'];
    if (!($result = DB()->sql_query($sql))) {
        message_die(GENERAL_MESSAGE, $lang['No_such_user']);
    }
    $sql_priority = SQL_LAYER == 'mysql' ? 'LOW_PRIORITY' : '';
    if ($inbox_info = DB()->sql_fetchrow($result)) {
        if ($inbox_info['inbox_items'] >= $ft_cfg['max_inbox_privmsgs']) {
            $sql = "DELETE {$sql_priority} FROM " . PRIVMSGS_TABLE . " \r\n\t\t\t\tWHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " \r\n\t\t\t\t\tOR privmsgs_type = " . PRIVMSGS_READ_MAIL . " \r\n\t\t\t\t\tOR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . "  ) \r\n\t\t\t\t\tAND privmsgs_date = " . $inbox_info['oldest_post_time'] . " \r\n\t\t\t\t\tAND privmsgs_to_userid = " . $usertodata['user_id'];
            if (!DB()->sql_query($sql)) {
                message_die(GENERAL_ERROR, $lang['not_delete_pm'], '', __LINE__, __FILE__, $sql);
            }
        }
    }
    $sql_info = "INSERT INTO " . PRIVMSGS_TABLE . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_enable_html, privmsgs_enable_bbcode, privmsgs_enable_smilies, privmsgs_attach_sig)\r\n\t\tVALUES (" . PRIVMSGS_NEW_MAIL . ", '" . str_replace("\\'", "''", $pm_subject) . "', " . $user_from_id . ", " . $usertodata['user_id'] . ", {$msg_time}, '{$user_ip}', 0, 1, 1, 1)";
    if (!($result = DB()->sql_query($sql_info, BEGIN_TRANSACTION))) {
        message_die(GENERAL_ERROR, $lang['no_sent_pm_insert'], "", __LINE__, __FILE__, $sql_info);
    }
    $privmsg_sent_id = DB()->sql_nextid();
    $sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text)\r\n\t\tVALUES ({$privmsg_sent_id}, '" . $bbcode_uid . "', '" . str_replace("\\'", "''", $pm_message) . "')";
    if (!DB()->sql_query($sql, END_TRANSACTION)) {
        message_die(GENERAL_ERROR, $lang['no_sent_pm_insert'], "", __LINE__, __FILE__, $sql_info);
    }
    // Add to the users new pm counter
    $sql = "UPDATE " . USERS_TABLE . "\r\n\t\tSET user_new_privmsg = user_new_privmsg + 1, user_last_privmsg = " . time() . "\r\n\t\tWHERE user_id = " . $usertodata['user_id'];
    if (!($status = DB()->sql_query($sql))) {
        message_die(GENERAL_ERROR, $lang['no_sent_pm_insert'], '', __LINE__, __FILE__, $sql);
    }
    return;
}
Esempio n. 2
0
    function main($action)
    {
        global $db, $cache, $config, $template, $images, $theme, $user, $lang, $bbcode, $bbcode_tpl;
        global $html_entities_match, $html_entities_replace, $unhtml_specialchars_match, $unhtml_specialchars_replace;
        global $pafiledb_functions, $pafiledb_config, $view_pic_upload, $starttime, $post_image_lang;
        @(include_once IP_ROOT_PATH . 'includes/bbcode.' . PHP_EXT);
        @(include_once IP_ROOT_PATH . 'includes/functions_post.' . PHP_EXT);
        @(include_once IP_ROOT_PATH . PA_FILE_DB_PATH . 'functions_comment.' . PHP_EXT);
        $file_id = request_var('file_id', 0);
        if (empty($file_id)) {
            message_die(GENERAL_MESSAGE, $lang['File_not_exist']);
        }
        define('IN_PA_POSTING', true);
        define('IN_ICYPHOENIX', true);
        // BBCBMG - BEGIN
        include IP_ROOT_PATH . 'includes/bbcb_mg.' . PHP_EXT;
        // BBCBMG - END
        // BBCBMG SMILEYS - BEGIN
        generate_smilies('inline');
        include IP_ROOT_PATH . 'includes/bbcb_smileys_mg.' . PHP_EXT;
        // BBCBMG SMILEYS - END
        // MX Addon
        $cid = request_var('cid', 0);
        $delete = request_var('delete', '');
        $submit = isset($_POST['submit']) ? true : false;
        $preview = isset($_POST['preview']) ? true : false;
        $subject = request_post_var('subject', '', true);
        $message = request_post_var('message', '', true);
        $sql = "SELECT file_name, file_catid\n\t\t\tFROM " . PA_FILES_TABLE . "\n\t\t\tWHERE file_id = '" . $file_id . "'";
        $result = $db->sql_query($sql);
        if (!($file_data = $db->sql_fetchrow($result))) {
            message_die(GENERAL_MESSAGE, $lang['File_not_exist']);
        }
        $db->sql_freeresult($result);
        if (!$this->auth[$file_data['file_catid']]['auth_post_comment']) {
            if (!$user->data['session_logged_in']) {
                redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=dload.' . PHP_EXT . '&action=post_comment&file_id=' . $file_id, true));
            }
            $message = sprintf($lang['Sorry_auth_download'], $this->auth[$file_data['file_catid']]['auth_post_comment_type']);
            message_die(GENERAL_MESSAGE, $message);
        }
        $html_on = $user->data['user_allowhtml'] && $pafiledb_config['allow_html'] ? 1 : 0;
        $bbcode_on = $user->data['user_allowbbcode'] && $pafiledb_config['allow_bbcode'] ? 1 : 0;
        $smilies_on = $user->data['user_allowsmile'] && $pafiledb_config['allow_smilies'] ? 1 : 0;
        // =======================================================
        // MX Addon
        // =======================================================
        if ($delete == 'do') {
            $sql = 'SELECT *
				FROM ' . PA_FILES_TABLE . "\n\t\t\t\tWHERE file_id = {$file_id}";
            $result = $db->sql_query($sql);
            $file_info = $db->sql_fetchrow($result);
            if ($this->auth[$file_info['file_catid']]['auth_delete_comment'] && $file_info['user_id'] == $user->data['user_id'] || $this->auth[$file_info['file_catid']]['auth_mod']) {
                $sql = 'DELETE FROM ' . PA_COMMENTS_TABLE . "\n\t\t\t\t\tWHERE comments_id = {$cid}";
                $db->sql_query($sql);
                $this->_pafiledb();
                $message = $lang['Comment_deleted'] . '<br /><br />' . sprintf($lang['Click_return'], '<a href="' . append_sid('dload.' . PHP_EXT . '?action=file&amp;file_id=' . $file_id) . '">', '</a>');
                message_die(GENERAL_MESSAGE, $message);
            } else {
                $message = sprintf($lang['Sorry_auth_delete'], $this->auth[$cat_id]['auth_upload_type']);
                message_die(GENERAL_MESSAGE, $message);
            }
        }
        if (!$submit) {
            // Generate smilies listing for page output
            //$pafiledb_functions->pa_generate_smilies('inline');
            $html_status = $user->data['user_allowhtml'] && $pafiledb_config['allow_html'] ? $lang['HTML_is_ON'] : $lang['HTML_is_OFF'];
            $bbcode_status = $user->data['user_allowbbcode'] && $pafiledb_config['allow_bbcode'] ? $lang['BBCode_is_ON'] : $lang['BBCode_is_OFF'];
            $smilies_status = $user->data['user_allowsmile'] && $pafiledb_config['allow_smilies'] ? $lang['Smilies_are_ON'] : $lang['Smilies_are_OFF'];
            $links_status = $pafiledb_config['allow_comment_links'] ? $lang['Links_are_ON'] : $lang['Links_are_OFF'];
            $images_status = $pafiledb_config['allow_comment_images'] ? $lang['Images_are_ON'] : $lang['Images_are_OFF'];
            $hidden_form_fields = '<input type="hidden" name="action" value="post_comment" /><input type="hidden" name="file_id" value="' . $file_id . '" /><input type="hidden" name="comment" value="post" />';
            // Output the data to the template
            $this->generate_category_nav($file_data['file_catid']);
            $template->assign_vars(array('HTML_STATUS' => $html_status, 'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . append_sid('faq.' . PHP_EXT . '?mode=bbcode') . '" target="_blank">', '</a>'), 'SMILIES_STATUS' => $smilies_status, 'LINKS_STATUS' => $links_status, 'IMAGES_STATUS' => $images_status, 'FILE_NAME' => $file_data['file_name'], 'DOWNLOAD' => $pafiledb_config['settings_dbname'], 'MESSAGE_LENGTH' => $pafiledb_config['max_comment_chars'], 'L_HOME' => $lang['Home'], 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($config['default_dateformat'], time(), $config['board_timezone'])), 'L_COMMENT_ADD' => $lang['Comment_add'], 'L_COMMENT' => $lang['Message_body'], 'L_COMMENT_TITLE' => $lang['Subject'], 'L_OPTIONS' => $lang['Options'], 'L_COMMENT_EXPLAIN' => sprintf($lang['Comment_explain'], $pafiledb_config['max_comment_chars']), 'L_PREVIEW' => $lang['Preview'], 'L_SUBMIT' => $lang['Submit'], 'L_DOWNLOAD' => $lang['Download'], 'L_INDEX' => sprintf($lang['Forum_Index'], $config['sitename']), 'L_CHECK_MSG_LENGTH' => $lang['Check_message_length'], 'L_MSG_LENGTH_1' => $lang['Msg_length_1'], 'L_MSG_LENGTH_2' => $lang['Msg_length_2'], 'L_MSG_LENGTH_3' => $lang['Msg_length_3'], 'L_MSG_LENGTH_4' => $lang['Msg_length_4'], 'L_MSG_LENGTH_5' => $lang['Msg_length_5'], 'L_MSG_LENGTH_6' => $lang['Msg_length_6'], 'U_INDEX_HOME' => append_sid(CMS_PAGE_HOME), 'U_DOWNLOAD_HOME' => append_sid('dload.' . PHP_EXT), 'U_FILE_NAME' => append_sid('dload.' . PHP_EXT . '?action=file&amp;file_id=' . $file_id), 'S_POST_ACTION' => append_sid('dload.' . PHP_EXT), 'S_HIDDEN_FORM_FIELDS' => $hidden_form_fields));
            // Show preview stuff if user clicked preview
            if ($preview) {
                $comments_text = stripslashes(prepare_message(addslashes(unprepare_message($message)), $html_on, $bbcode_on, $smilies_on));
                $title = $subject;
                $title = censor_text($title);
                $comments_text = censor_text($comments_text);
                $bbcode->allow_html = $html_on ? true : false;
                $bbcode->allow_bbcode = $bbcode_on ? true : false;
                $bbcode->allow_smilies = $smilies_on ? true : false;
                $comments_text = $bbcode->parse($comments_text);
                //bbcode parser End
                $comments_text = str_replace("\n", '<br />', $comments_text);
                $template->assign_vars(array('PREVIEW' => true, 'COMMENT' => stripslashes($_POST['message']), 'SUBJECT' => stripslashes($_POST['subject']), 'PRE_COMMENT' => $comments_text));
            }
        }
        if ($submit) {
            $subject = request_post_var('subject', '', true);
            $message = request_post_var('message', '', true);
            $message = htmlspecialchars_decode($message, ENT_COMPAT);
            $length = strlen($message);
            //$comments_text = str_replace('<br />', "\n", $message);
            $comments_text = $message;
            $poster_id = intval($user->data['user_id']);
            $title = $subject;
            $time = time();
            if ($length > $pafiledb_config['max_comment_chars']) {
                message_die(GENERAL_ERROR, 'Your comment is too long!<br />The maximum length allowed in characters is ' . $pafiledb_config['max_comment_chars'] . '');
            }
            $sql = 'INSERT INTO ' . PA_COMMENTS_TABLE . "(file_id, comments_text, comments_title, comments_time, poster_id)\n\t\t\t\tVALUES({$file_id}, '" . $db->sql_escape($comments_text) . "','" . $db->sql_escape($title) . "', {$time}, {$poster_id})";
            $db->sql_query($sql);
            $message = $lang['Comment_posted'] . '<br /><br />' . sprintf($lang['Click_return'], '<a href="' . append_sid('dload.' . PHP_EXT . '?action=file&amp;file_id=' . $file_id) . '">', '</a>');
            message_die(GENERAL_MESSAGE, $message);
        }
        $this->display($lang['Download'], 'pa_comment_posting.tpl');
    }
Esempio n. 3
0
         if (!$password && $password_confirm) {
             $error = TRUE;
             $error_msg .= (isset($error_msg) ? '<br />' : '') . $lang['Password_mismatch'];
         }
     }
 }
 if ($signature != '') {
     $sig_length_check = preg_replace('/(\\[.*?)(=.*?)\\]/is', '\\1]', stripslashes($signature));
     if ($allowhtml) {
         $sig_length_check = preg_replace('/(\\<.*?)(=.*?)( .*?=.*?)?([ \\/]?\\>)/is', '\\1\\3\\4', $sig_length_check);
     }
     // Only create a new bbcode_uid when there was no uid yet.
     if ($signature_bbcode_uid == '') {
         $signature_bbcode_uid = $allowbbcode ? make_bbcode_uid() : '';
     }
     $signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
     if (strlen($sig_length_check) > $board_config['max_sig_chars']) {
         $error = TRUE;
         $error_msg .= (isset($error_msg) ? '<br />' : '') . $lang['Signature_too_long'];
     }
 }
 //
 // Avatar stuff
 //
 $avatar_sql = "";
 if (isset($HTTP_POST_VARS['avatardel'])) {
     if ($this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "") {
         if (@file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']))) {
             @unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
         }
     }
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length)
{
    global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path;
    // Check username
    if (!empty($username)) {
        $username = trim(strip_tags($username));
        if (!$userdata['session_logged_in'] || $userdata['session_logged_in'] && $username != $userdata['username']) {
            include "includes/functions_validate.php";
            $result = validate_username($username);
            if ($result['error']) {
                $error_msg .= !empty($error_msg) ? '<br />' . $result['error_msg'] : $result['error_msg'];
            }
        } else {
            $username = '';
        }
    }
    // Check subject
    if (!empty($subject)) {
        $subject = htmlspecialchars(trim($subject));
    } else {
        if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
            $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
        }
    }
    // Check message
    if (!empty($message)) {
        $bbcode_uid = $bbcode_on ? make_bbcode_uid() : '';
        $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
    } else {
        if ($mode != 'delete' && $mode != 'poll_delete') {
            $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
        }
    }
    //
    // Handle poll stuff
    //
    if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
        $poll_length = isset($poll_length) ? max(0, intval($poll_length)) : 0;
        if (!empty($poll_title)) {
            $poll_title = htmlspecialchars(trim($poll_title));
        }
        if (!empty($poll_options)) {
            $temp_option_text = array();
            while (list($option_id, $option_text) = @each($poll_options)) {
                $option_text = trim($option_text);
                if (!empty($option_text)) {
                    $temp_option_text[$option_id] = htmlspecialchars($option_text);
                }
            }
            $option_text = $temp_option_text;
            if (count($poll_options) < 2) {
                $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
            } else {
                if (count($poll_options) > $board_config['max_poll_options']) {
                    $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
                } else {
                    if ($poll_title == '') {
                        $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];
                    }
                }
            }
        }
    }
    return;
}
Esempio n. 5
0
	{
		include(IP_ROOT_PATH . 'includes/functions_validate.' . PHP_EXT);
		$result = validate_username($username);
		if ($result['error'])
		{
			$error_msg .= (!empty($error_msg)) ? '<br />' . $result['error_msg'] : $result['error_msg'];
		}
	}

	$message = request_post_var('message', '', true);
	$message = htmlspecialchars_decode($message, ENT_COMPAT);
	// insert shout !
	if (!empty($message) && $is_auth['auth_post'] && !$error)
	{
		include_once(IP_ROOT_PATH . 'includes/functions_post.' . PHP_EXT);
		$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on);
		if ($config['img_shoutbox'] == true)
		{
			$message = preg_replace ("#\[url=(http://)([^ \"\n\r\t<]*)\]\[img\](http://)([^ \"\n\r\t<]*)\[/img\]\[/url\]#i", '[url=\\1\\2]\\4[/url]', $message);
			$message = preg_replace ("#\[img\](http://)([^ \"\n\r\t<]*)\[/img\]#i", '[url=\\1\\2]\\2[/url]', $message);
			$message = preg_replace ("#\[img align=left\](http://)([^ \"\n\r\t<]*)\[/img\]#i", '[url=\\1\\2]\\2[/url]', $message);
			$message = preg_replace ("#\[img align=right\](http://)([^ \"\n\r\t<]*)\[/img\]#i", '[url=\\1\\2]\\2[/url]', $message);
		}
		$sql = "INSERT INTO " . SHOUTBOX_TABLE . " (shout_text, shout_session_time, shout_user_id, shout_ip, shout_username, enable_bbcode, enable_html, enable_smilies)
				VALUES ('" . $db->sql_escape($message) . "', '" . time() . "', '" . $user->data['user_id'] . "', '$user_ip', '" . $db->sql_escape($username) . "', $bbcode_on, $html_on, $smilies_on)";
		$result = $db->sql_query($sql);

		// auto prune
		if ($config['prune_shouts'])
		{
			$sql = "DELETE FROM " . SHOUTBOX_TABLE . " WHERE shout_session_time<=" . (time() - (86400 * $config['prune_shouts']));
Esempio n. 6
0
     $poll_options[] = htmlspecialchars(trim(stripslashes($HTTP_POST_VARS['add_poll_option_text'])));
 }
 if ($mode == 'newtopic' || $mode == 'reply') {
     $user_sig = $userdata['user_sig'] != '' && $board_config['allow_sig'] ? $userdata['user_sig'] : '';
 } else {
     if ($mode == 'editpost') {
         $user_sig = $post_info['user_sig'] != '' && $board_config['allow_sig'] ? $post_info['user_sig'] : '';
         $userdata['user_sig_bbcode_uid'] = $post_info['user_sig_bbcode_uid'];
     }
 }
 if ($preview) {
     $orig_word = array();
     $replacement_word = array();
     obtain_word_list($orig_word, $replacement_word);
     $bbcode_uid = $bbcode_on ? make_bbcode_uid() : '';
     $preview_message = stripslashes(prepare_message(addslashes(unprepare_message($message)), $html_on, $bbcode_on, $smilies_on, $bbcode_uid));
     $preview_subject = $subject;
     $preview_username = $username;
     //
     // Finalise processing as per viewtopic
     //
     if (!$html_on) {
         if ($user_sig != '' || !$userdata['user_allowhtml']) {
             $user_sig = preg_replace('#(<)([\\/]?.*?)(>)#is', '&lt;\\2&gt;', $user_sig);
         }
     }
     if ($attach_sig && $user_sig != '' && $userdata['user_sig_bbcode_uid']) {
         $user_sig = bbencode_second_pass($user_sig, $userdata['user_sig_bbcode_uid']);
     }
     if ($bbcode_on) {
         $preview_message = bbencode_second_pass($preview_message, $bbcode_uid);
Esempio n. 7
0
            $number_items_current = $number_items;
        }
    }
}
// user has set a different language as used in cached feed description? Regenerate.
if ($user->data['user_lang'] != $feed_data['lang']) {
    generate_feed_details($content, $global, $feed_data);
}
foreach ($feed_data['items'] as $item) {
    // apply session id to links if user is logged in
    if ($user->data['user_id'] != ANONYMOUS) {
        $item_link = append_sid($item['link']);
    } else {
        $item_link = $item['link'];
    }
    $template->assign_block_vars('item', array('AUTHOR' => $item['author'], 'TIME' => format_date($item['time'], $syndication_method), 'LINK' => $item_link, 'IDENTIFIER' => $item['identifier'], 'TITLE' => $item['title'], 'TEXT' => prepare_message($item['text'], $syndication_method)));
}
$template->set_filenames(array('body' => 'syndication_' . ($syndication_method == SYNDICATION_ATOM ? 'atom' : 'rss2') . '.html'));
// get time from last item or use current time in case of an empty feed
$last_build_date = $number_items_current ? $feed_data['items'][$number_items_current - 1]['time'] : time();
$template->assign_vars(array('HEADER' => '<?xml version="1.0" encoding="UTF-8"?>' . "\n", 'TITLE' => $feed_data['title'], 'DESCRIPTION' => $feed_data['description'], 'LINK' => $feed_data['source_link'], 'FEED_LINK' => build_feed_url(true), 'LAST_BUILD' => format_date($last_build_date, $syndication_method)));
// gzip compression
if ($config['gzip_compress']) {
    if (@extension_loaded('zlib') && !headers_sent()) {
        ob_start('ob_gzhandler');
    }
}
// text/xml for Internet Explorer
header('Content-Type: text/xml; charset=UTF-8');
header('Last-Modified: ' . date('D, d M Y H:i:s O', $last_build_date));
$template->display('body');
Esempio n. 8
0
function notifyUser($user_id, $notify_type, $offer_id, $offer_title)
{
    global $db, $lang, $auction_config_data, $board_config;
    if ($auction_config_data['auction_end_notify_email']) {
        // BEGIN EMAIL-NOTIFY
        $sql = "SELECT user_email,\r\n                         username\r\n                  FROM " . USERS_TABLE . "\r\n                  WHERE user_id=" . $user_id . "";
        if (!($result = $db->sql_query($sql))) {
        }
        // if
        $user = $db->sql_fetchrow($result);
        $server_name = trim($board_config['server_name']);
        $server_protocol = $board_config['cookie_secure'] ? 'https://' : 'http://';
        $server_port = $board_config['server_port'] != 80 ? ':' . trim($board_config['server_port']) . '/' : '/';
        $username = $user['username'];
        $email = $user['user_email'];
        $emailer = new emailer($board_config['smtp_delivery']);
        $emailer->from($board_config['board_email']);
        $emailer->replyto($board_config['board_email']);
        if ($notify_type == 'WON') {
            $emailer->use_template('auction_won', stripslashes($user_lang));
            $emailer->set_subject($lang['auction_won']);
            $emailer->assign_vars(array('AUCTION_WON' => $lang['auction_offer_won'], 'AUCTION_SITENAME' => $board_config['sitename'], 'AUCTION_OFFER' => prepare_message(addslashes(unprepare_message(htmlspecialchars(trim(stripslashes($offer_title))))), $board_config['allow_html'], $board_config['allow_bbcode'], $board_config['allow_smilies'], 0), 'U_AUCTION_OFFER' => $server_protocol . $server_name . $board_config['script_path'] . 'auction_offer_view.php?ao=' . $offer_id, 'AUCTION_EMAIL_SIG' => !empty($board_config['board_email_sig']) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : ''));
        }
        if ($notify_type == 'SOLD') {
            $emailer->use_template('auction_sold', stripslashes($user_lang));
            $emailer->set_subject($lang['auction_sold']);
            $emailer->assign_vars(array('AUCTION_SOLD' => $lang['auction_offer_sold'], 'AUCTION_SITENAME' => $board_config['sitename'], 'AUCTION_OFFER' => prepare_message(addslashes(unprepare_message(htmlspecialchars(trim(stripslashes($offer_title))))), $board_config['allow_html'], $board_config['allow_bbcode'], $board_config['allow_smilies'], 0), 'U_AUCTION_OFFER' => $server_protocol . $server_name . $board_config['script_path'] . 'auction_offer_view.php?ao=' . $offer_id, 'AUCTION_EMAIL_SIG' => !empty($board_config['board_email_sig']) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : ''));
        }
        if ($notify_type == 'NOT_SOLD') {
            $emailer->use_template('auction_not_sold', stripslashes($user_lang));
            $emailer->set_subject($lang['auction_not_sold']);
            $emailer->assign_vars(array('AUCTION_NOT_SOLD' => $lang['auction_offer_not_sold'], 'AUCTION_SITENAME' => $board_config['sitename'], 'AUCTION_OFFER' => prepare_message(addslashes(unprepare_message(htmlspecialchars(trim(stripslashes($offer_title))))), $board_config['allow_html'], $board_config['allow_bbcode'], $board_config['allow_smilies'], 0), 'U_AUCTION_OFFER' => $server_protocol . $server_name . $board_config['script_path'] . 'auction_offer_view.php?ao=' . $offer_id, 'AUCTION_EMAIL_SIG' => !empty($board_config['board_email_sig']) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : ''));
        }
        $emailer->email_address($email);
        // Try to send email...
        $emailer->send();
        //          $emailer->reset();
    }
    // END EMAIL-NOTIFY
    if ($auction_config_data['auction_end_notify_pm']) {
        // BEGIN PM-NOTIFY ON OUTBID
        if ($notify_type == 'WON') {
            $pm_subject = $lang['auction_won'];
            $pm_text = $lang['auction_won_text'];
        }
        if ($notify_type == 'SOLD') {
            $pm_subject = $lang['auction_sold'];
            $pm_text = $lang['auction_sold_text'];
        }
        if ($notify_type == 'NOT_SOLD') {
            $pm_subject = $lang['auction_not_sold'];
            $pm_text = $lang['auction_not_sold_text'];
        }
        $privmsgs_date = date("U");
        $sql = "INSERT INTO " . PRIVMSGS_TABLE . "\r\n                     (privmsgs_type,\r\n                      privmsgs_subject,\r\n                      privmsgs_from_userid,\r\n                      privmsgs_to_userid,\r\n                      privmsgs_date,\r\n                      privmsgs_enable_html,\r\n                      privmsgs_enable_bbcode,\r\n                      privmsgs_enable_smilies,\r\n                      privmsgs_attach_sig)\r\n                  VALUES ('0',\r\n                          '" . str_replace("\\'", "''", addslashes(sprintf($pm_subject, $board_config['sitename']))) . "',\r\n                          '2',\r\n                          " . $user_id . ",\r\n                          " . $privmsgs_date . ",\r\n                          '0',\r\n                          '1',\r\n                          '1',\r\n                          '0')";
        if (!$db->sql_query($sql)) {
        }
        // if
        $outbid_sent_id = $db->sql_nextid();
        $sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . "\r\n                      (privmsgs_text_id,\r\n                       privmsgs_text)\r\n                   VALUES (" . $outbid_sent_id . ",\r\n                           '" . str_replace("\\'", "''", $pm_text . "</br></br><a href=\"auction_offer_view.php?ao=" . $offer_id . "\">" . prepare_message(addslashes(unprepare_message(htmlspecialchars(trim(stripslashes($offer_title))))), $board_config['allow_html'], $board_config['allow_bbcode'], $board_config['allow_smilies'], 0) . "</a></br>" . $board_config['board_email_sig']) . "')";
        if (!$db->sql_query($sql)) {
        }
        // if
        $sql = "UPDATE " . USERS_TABLE . "\r\n                   SET user_new_privmsg=user_new_privmsg+1\r\n                   WHERE user_id=" . $user_id;
        if (!$db->sql_query($sql)) {
        }
        // if
    }
    // End pm-notification
}
Esempio n. 9
0
<?php

if (!defined('IN_AJAX')) {
    die(basename(__FILE__));
}
global $lang, $userdata;
$post_id = (int) $this->request['post_id'];
$mc_type = (int) $this->request['mc_type'];
$mc_text = (string) $this->request['mc_text'];
if (!($mc_text = prepare_message($mc_text))) {
    $this->ajax_die($lang['EMPTY_MESSAGE']);
}
$post = DB()->fetch_row("\n\tSELECT\n\t\tp.post_id, p.poster_id\n\tFROM      " . BB_POSTS . " p\n\tWHERE p.post_id = {$post_id}\n");
if (!$post) {
    $this->ajax_die('not post');
}
$data = array('mc_comment' => $mc_type ? $mc_text : '', 'mc_type' => $mc_type, 'mc_user_id' => $mc_type ? $userdata['user_id'] : 0);
$sql_args = DB()->build_array('UPDATE', $data);
DB()->query("UPDATE " . BB_POSTS . " SET {$sql_args} WHERE post_id = {$post_id}");
if ($mc_type && $post['poster_id'] != $userdata['user_id']) {
    $subject = sprintf($lang['MC_COMMENT_PM_SUBJECT'], $lang['MC_COMMENT'][$mc_type]['type']);
    $message = sprintf($lang['MC_COMMENT_PM_MSG'], get_username($post['poster_id']), make_url(POST_URL . "{$post_id}#{$post_id}"), $lang['MC_COMMENT'][$mc_type]['type'], $mc_text);
    send_pm($post['poster_id'], $subject, $message);
    cache_rm_user_sessions($post['poster_id']);
}
switch ($mc_type) {
    case 1:
        // Комментарий
        $mc_class = 'success';
        break;
    case 2:
Esempio n. 10
0
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$subject, &$message, &$poll_title, &$poll_options, &$poll_data, &$reg_active, &$reg_reset, &$reg_max_option1, &$reg_max_option2, &$reg_max_option3, &$reg_length, &$topic_desc, $topic_calendar_time = 0, $topic_calendar_duration = 0)
{
    global $config, $user, $lang;
    global $topic_id;
    global $db;
    // Check username
    if (!empty($username)) {
        $username = phpbb_clean_username($username);
        if (!$user->data['session_logged_in'] || $user->data['session_logged_in'] && $username != $user->data['username']) {
            include IP_ROOT_PATH . 'includes/functions_validate.' . PHP_EXT;
            $result = validate_username($username);
            if ($result['error']) {
                $error_msg .= !empty($error_msg) ? '<br />' . $result['error_msg'] : $result['error_msg'];
            }
        } else {
            $username = '';
        }
    }
    // Check subject
    if (!empty($subject)) {
        $subject = trim($subject);
    } elseif ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
        $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
    }
    // Check Topic Desciption
    if (!empty($topic_desc)) {
        $topic_desc = trim($topic_desc);
    }
    // Check message
    if (!empty($message)) {
        $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on);
        // Mighty Gorgon - TO BE VERIFIED
        //$message = addslashes($message);
        // Mighty Gorgon - TO BE VERIFIED
    } elseif ($mode != 'delete' && $mode != 'poll_delete') {
        $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
    }
    // check calendar date
    if (!empty($topic_calendar_time) && ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post'])) {
        $year = intval(gmdate('Y', $topic_calendar_time));
        $month = intval(gmdate('m', $topic_calendar_time));
        $day = intval(gmdate('d', $topic_calendar_time));
        if (!checkdate($month, $day, $year)) {
            $error_msg .= (!empty($error_msg) ? '<br />' : '') . sprintf($lang['Date_error'], $day, $month, $year);
        }
    }
    // Check to see if there's a new post while the user is posting
    $new_post_while_posting = false;
    if (!empty($_POST['post_time']) && ($mode == 'reply' || $mode == 'quote') && $config['show_new_reply_posting']) {
        $last_post_time = intval($_POST['post_time']);
        if (!empty($topic_id) && $last_post_time) {
            $sql = "SELECT post_time FROM " . POSTS_TABLE . " WHERE topic_id = '" . $topic_id . "' ORDER BY post_time DESC LIMIT 0, 1";
            $db->sql_return_on_error(true);
            $result = $db->sql_query($sql);
            $db->sql_return_on_error(false);
            if ($result) {
                if ($row = $db->sql_fetchrow($result)) {
                    $last_post_time2 = $row['post_time'];
                    if ($last_post_time2 > $last_post_time) {
                        $new_post_while_posting = true;
                        $error_msg .= (empty($error_msg) ? '' : '<br />') . $lang['Warn_new_post'];
                    }
                }
                $db->sql_freeresult($result);
            }
        }
    }
    // Check to see if the user is last poster and is bumping
    //if(($mode == 'reply' || $mode == 'quote') && ($config['no_bump'] == true) && ($new_post_while_posting == false))
    $no_bump = $config['no_bump'] == 1 && $user->data['user_level'] != ADMIN || $config['no_bump'] == 2 && $user->data['user_level'] != ADMIN && $user->data['user_level'] != MOD ? true : false;
    if (($mode == 'reply' || $mode == 'quote') && $no_bump == true && $new_post_while_posting == false) {
        if (!empty($topic_id)) {
            $sql = "SELECT poster_id FROM " . POSTS_TABLE . "\n\t\t\t\t\t\t\tWHERE topic_id = '" . $topic_id . "'\n\t\t\t\t\t\t\tAND post_time > " . (time() - 86400) . "\n\t\t\t\t\t\t\tORDER BY post_time DESC\n\t\t\t\t\t\t\tLIMIT 0, 1";
            $db->sql_return_on_error(true);
            $result = $db->sql_query($sql);
            $db->sql_return_on_error(false);
            if ($result) {
                if ($row = $db->sql_fetchrow($result)) {
                    if ($row['poster_id'] == $user->data['user_id']) {
                        $error_msg .= (empty($error_msg) ? '' : '<br />') . $lang['WARN_NO_BUMP'];
                    }
                }
                $db->sql_freeresult($result);
            }
        }
    }
    // Handle poll stuff
    if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
        $poll_title = !empty($poll_title) ? trim($poll_title) : (isset($poll_data['title']) ? trim($poll_data['title']) : '');
        $poll_start = isset($poll_data['start']) ? $poll_data['start'] : time();
        $poll_length = isset($poll_data['length']) ? max(0, intval($poll_data['length'])) : 0;
        $poll_max_options = isset($poll_data['max_options']) ? max(1, intval($poll_data['max_options'])) : 1;
        $poll_change = isset($poll_data['change']) ? $poll_data['change'] : 0;
        $poll_data = array('title' => $poll_title, 'start' => $poll_start, 'length' => $poll_length, 'max_options' => $poll_max_options, 'change' => $poll_change);
        if (!empty($poll_options)) {
            $temp_option_text = array();
            while (list($option_id, $option_text) = @each($poll_options)) {
                $option_text = trim($option_text);
                if (!empty($option_text)) {
                    $temp_option_text[intval($option_id)] = $option_text;
                }
            }
            $option_text = $temp_option_text;
            if (sizeof($poll_options) < 2) {
                $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
            } elseif (sizeof($poll_options) > $config['max_poll_options']) {
                $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
            } elseif ($poll_title == '') {
                $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];
            }
        }
        // Event Registration - BEGIN
        $reg_active = isset($reg_active) ? max(0, intval($reg_active)) : 0;
        $reg_max_option1 = isset($reg_max_option1) ? max(0, intval($reg_max_option1)) : 0;
        $reg_max_option2 = isset($reg_max_option2) ? max(0, intval($reg_max_option2)) : 0;
        $reg_max_option3 = isset($reg_max_option3) ? max(0, intval($reg_max_option3)) : 0;
        $reg_length = isset($reg_length) ? max(0, intval($reg_length)) : 0;
        // Event Registration - END
    }
    return;
}
Esempio n. 11
0
function cash_pm(&$targetdata, $privmsg_subject, &$message)
{
    global $db, $board_config, $lang, $userdata, $phpbb_root_path, $phpEx, $html_entities_match, $html_entities_replace;
    //
    // It looks like we're sending a PM!
    // NOTE: most of the following code is shamelessly "reproduced" from privmsg.php
    //
    include $phpbb_root_path . 'includes/bbcode.' . $phpEx;
    include $phpbb_root_path . 'includes/functions_post.' . $phpEx;
    //
    // Toggles
    //
    if (!$board_config['allow_html']) {
        $html_on = 0;
    } else {
        $html_on = $userdata['user_allowhtml'];
    }
    $bbcode_on = TRUE;
    if (!$board_config['allow_smilies']) {
        $smilies_on = 0;
    } else {
        $smilies_on = $userdata['user_allowsmile'];
    }
    $attach_sig = $userdata['user_attachsig'];
    //
    // Flood control
    //
    $sql = "SELECT MAX(privmsgs_date) AS last_post_time\n\t\tFROM " . PRIVMSGS_TABLE . "\n\t\tWHERE privmsgs_from_userid = " . $userdata['user_id'];
    if ($result = $db->sql_query($sql)) {
        $db_row = $db->sql_fetchrow($result);
        $last_post_time = $db_row['last_post_time'];
        $current_time = time();
        if ($current_time - $last_post_time < $board_config['flood_interval']) {
            message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
        }
    }
    //
    // End Flood control
    //
    $msg_time = time();
    $bbcode_uid = make_bbcode_uid();
    $privmsg_message = prepare_message($message, $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
    //
    // See if recipient is at their inbox limit
    //
    $sql = "SELECT COUNT(privmsgs_id) AS inbox_items, MIN(privmsgs_date) AS oldest_post_time \n\t\tFROM " . PRIVMSGS_TABLE . " \n\t\tWHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " \n\t\t\t\tOR privmsgs_type = " . PRIVMSGS_READ_MAIL . "  \n\t\t\t\tOR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) \n\t\t\tAND privmsgs_to_userid = " . $targetdata['user_id'];
    if (!($result = $db->sql_query($sql))) {
        message_die(GENERAL_MESSAGE, $lang['No_such_user']);
    }
    $sql_priority = SQL_LAYER == 'mysql' ? 'LOW_PRIORITY' : '';
    if ($inbox_info = $db->sql_fetchrow($result)) {
        if ($inbox_info['inbox_items'] >= $board_config['max_inbox_privmsgs']) {
            $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " \n\t\t\t\tWHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " \n\t\t\t\t\t\tOR privmsgs_type = " . PRIVMSGS_READ_MAIL . " \n\t\t\t\t\t\tOR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . "  ) \n\t\t\t\t\tAND privmsgs_date = " . $inbox_info['oldest_post_time'] . " \n\t\t\t\t\tAND privmsgs_to_userid = " . $targetdata['user_id'];
            if (!($result = $db->sql_query($sql))) {
                message_die(GENERAL_ERROR, 'Could not find oldest privmsgs (inbox)', '', __LINE__, __FILE__, $sql);
            }
            $old_privmsgs_id = $db->sql_fetchrow($result);
            $old_privmsgs_id = $old_privmsgs_id['privmsgs_id'];
            $sql = "DELETE {$sql_priority} FROM " . PRIVMSGS_TABLE . " \n\t\t\t\tWHERE privmsgs_id = {$old_privmsgs_id}";
            if (!$db->sql_query($sql)) {
                message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs (inbox)' . $sql, '', __LINE__, __FILE__, $sql);
            }
            $sql = "DELETE {$sql_priority} FROM " . PRIVMSGS_TEXT_TABLE . " \n\t\t\t\tWHERE privmsgs_text_id = {$old_privmsgs_id}";
            if (!$db->sql_query($sql)) {
                message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (inbox)', '', __LINE__, __FILE__, $sql);
            }
        }
    }
    $sql_info = "INSERT INTO " . PRIVMSGS_TABLE . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_enable_html, privmsgs_enable_bbcode, privmsgs_enable_smilies, privmsgs_attach_sig)\n\t\tVALUES (" . PRIVMSGS_NEW_MAIL . ", '" . str_replace("\\'", "''", $privmsg_subject) . "', " . $userdata['user_id'] . ", " . $targetdata['user_id'] . ", {$msg_time}, '{$user_ip}', {$html_on}, {$bbcode_on}, {$smilies_on}, {$attach_sig})";
    if (!($result = $db->sql_query($sql_info, BEGIN_TRANSACTION))) {
        message_die(GENERAL_ERROR, "Could not insert/update private message sent info.", "", __LINE__, __FILE__, $sql_info);
    }
    $privmsg_sent_id = $db->sql_nextid();
    $sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text)\n\t\tVALUES ({$privmsg_sent_id}, '" . $bbcode_uid . "', '" . str_replace("\\'", "''", $privmsg_message) . "')";
    if (!$db->sql_query($sql, END_TRANSACTION)) {
        message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql_info);
    }
    //
    // Add to the users new pm counter
    //
    $sql = "UPDATE " . USERS_TABLE . "\n\t\tSET user_new_privmsg = user_new_privmsg + 1, user_last_privmsg = " . time() . "  \n\t\tWHERE user_id = " . $targetdata['user_id'];
    if (!($status = $db->sql_query($sql))) {
        message_die(GENERAL_ERROR, 'Could not update private message new/read status for user', '', __LINE__, __FILE__, $sql);
    }
    if ($targetdata['user_notify_pm'] && !empty($targetdata['user_email']) && $targetdata['user_active']) {
        $script_name = preg_replace('/^\\/?(.*?)\\/?$/', "\\1", trim($board_config['script_path']));
        $script_name = $script_name != '' ? $script_name . '/privmsg.' . $phpEx : 'privmsg.' . $phpEx;
        $server_name = trim($board_config['server_name']);
        $server_protocol = $board_config['cookie_secure'] ? 'https://' : 'http://';
        $server_port = $board_config['server_port'] != 80 ? ':' . trim($board_config['server_port']) . '/' : '/';
        include $phpbb_root_path . 'includes/emailer.' . $phpEx;
        $emailer = new emailer($board_config['smtp_delivery']);
        $emailer->from($board_config['board_email']);
        $emailer->replyto($board_config['board_email']);
        $emailer->use_template('privmsg_notify', $targetdata['user_lang']);
        $emailer->email_address($targetdata['user_email']);
        $emailer->set_subject($lang['Notification_subject']);
        $emailer->assign_vars(array('USERNAME' => $to_username, 'SITENAME' => $board_config['sitename'], 'EMAIL_SIG' => !empty($board_config['board_email_sig']) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_INBOX' => $server_protocol . $server_name . $server_port . $script_name . '?folder=inbox'));
        $emailer->send();
        $emailer->reset();
    }
}
Esempio n. 12
0
function convert_comment($comment)
{
    $post_text = prepare_message($comment['text'], true, true);
    $post_data = array("posts" => array("post_id" => $comment['id'], "topic_id" => $comment['torrent'], "forum_id" => $comment['category'], "poster_id" => $comment['user'], "post_time" => $comment['added'], "poster_ip" => encode_ip($comment['ip']), "post_edit_time" => $comment['editedat'], "post_edit_count" => $comment['editedat'] ? 1 : 0), "posts_text" => array("post_id" => $comment['id'], "post_text" => $post_text));
    tp_add_post($post_data);
    return;
}
Esempio n. 13
0
             $b_group .= ',' . strval($i);
         } else {
             $b_group .= strval($i);
             $not_first = TRUE;
         }
     }
 }
 $layout = $l_id;
 if ($b_title == "") {
     message_die(GENERAL_MESSAGE, $lang['Must_enter_block']);
 }
 $bbcode_uid = '';
 if ($b_type) {
     if (!empty($b_content)) {
         $bbcode_uid = $bbcode_parse->make_bbcode_uid();
         $b_content = prepare_message(trim($b_content), TRUE, TRUE, TRUE, $bbcode_uid);
         $b_content = str_replace("\\'", "''", $b_content);
     }
 }
 if ($b_id) {
     $sql = "UPDATE " . BLOCKS_TABLE . "\n                SET\n                title = '" . str_replace("\\'", "''", $b_title) . "',\n                bposition = '" . str_replace("\\'", "''", $b_bposition) . "',\n                active = '" . $b_active . "',\n                type = '" . $b_type . "',\n                content = '" . $b_content . "',\n                block_bbcode_uid = '" . $bbcode_uid . "',\n                blockfile = '" . str_replace("\\'", "''", $b_blockfile) . "',\n                layout = '" . $layout . "',\n                view = '" . $b_view . "',\n                border = '" . $b_border . "',\n                titlebar = '" . $b_titlebar . "',\n                local = '" . $b_local . "',\n                background = '" . $b_background . "',\n                groups = '" . $b_group . "'\n                WHERE bid = {$b_id}";
     if (!($result = $db->sql_query($sql))) {
         message_die(GENERAL_ERROR, "Could not insert data into blocks table", $lang['Error'], __LINE__, __FILE__, $sql);
     }
     $message = $lang['Block_updated'];
     if (!empty($b_blockfile)) {
         if (file_exists($phpbb_root_path . '/blocks/' . $b_blockfile . '.cfg')) {
             include $phpbb_root_path . '/blocks/' . $b_blockfile . '.cfg';
             $message .= '<br /><br />' . $lang['B_BV_added'];
             for ($i = 0; $i < $block_count_variables; $i++) {
                 $sql = "SELECT count(1) existing FROM " . BLOCKS_VARIABLE_TABLE . "\n                            WHERE config_name = '" . $block_variables[$i][2] . "'";
Esempio n. 14
0
        if ($mode == 'reply' && $post_info['topic_status'] == TOPIC_LOCKED) {
            $locked_warn = '
				<div class="warnColor1">
					<b>' . $lang['LOCKED_WARN'] . '</b>
				</div>
				<br /><hr /><br />
			';
            $return_message = $locked_warn . $return_message;
        }
        bb_die($return_message);
    }
}
if ($refresh || $error_msg || $submit && $topic_has_new_posts) {
    $username = !empty($_POST['username']) ? clean_username($_POST['username']) : '';
    $subject = !empty($_POST['subject']) ? clean_title($_POST['subject']) : '';
    $message = !empty($_POST['message']) ? prepare_message($_POST['message']) : '';
    if ($preview) {
        $preview_subject = $subject;
        $preview_username = $username;
        $preview_message = htmlCHR($message, false, ENT_NOQUOTES);
        $preview_message = bbcode2html($preview_message);
        $template->assign_vars(array('TPL_PREVIEW_POST' => true, 'TOPIC_TITLE' => wbr($preview_subject), 'POST_SUBJECT' => $preview_subject, 'POSTER_NAME' => $preview_username, 'POST_DATE' => bb_date(TIMENOW), 'PREVIEW_MSG' => $preview_message));
    }
} else {
    // User default entry point
    if ($mode == 'newtopic') {
        $username = $userdata['session_logged_in'] ? $userdata['username'] : '';
        $subject = $message = '';
    } elseif ($mode == 'reply') {
        $username = $userdata['session_logged_in'] ? $userdata['username'] : '';
        $subject = $message = '';
Esempio n. 15
0
function make_post($new_topic_id, $forum_id, $user_id, $post_username, $text, $mode = 'newtopic')
{
    global $db;
    $current_time = time();
    $user_ip = "ac100202";
    $bbcode_on = 1;
    $html_on = 1;
    $smilies_on = 1;
    $attach_sig = 1;
    $bbcode_uid = make_bbcode_uid();
    $post_subject = 'random subject';
    $post_message = prepare_message($text, $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
    $sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, attach_id, icon_id, post_username, post_time, poster_ip, post_visibility, bbcode_uid, enable_bbcode, enable_html, enable_smilies, enable_sig, post_subject, post_text)\n\t\tVALUES ({$new_topic_id}, {$forum_id}, {$user_id}, 0, 0, '{$post_username}', {$current_time}, '{$user_ip}', 1, '{$bbcode_uid}', {$bbcode_on}, {$html_on}, {$smilies_on}, {$attach_sig}, '{$post_subject}', '{$post_message}')";
    $result = $db->sql_query($sql);
    if ($result) {
        $new_post_id = $db->sql_nextid();
        $sql = "UPDATE " . TOPICS_TABLE . "\n\t\t\tSET topic_last_post_id = {$new_post_id}";
        if ($mode == "reply") {
            $sql .= ", topic_replies = topic_replies + 1 ";
        }
        $sql .= " WHERE topic_id = {$new_topic_id}";
        if ($db->sql_query($sql)) {
            $sql = "UPDATE " . FORUMS_TABLE . "\n\t\t\t\tSET forum_last_post_id = {$new_post_id}, forum_posts_approved = forum_posts_approved + 1";
            if ($mode == "newtopic") {
                $sql .= ", forum_topics_approved = forum_topics_approved + 1";
            }
            $sql .= " WHERE forum_id = {$forum_id}";
            if ($db->sql_query($sql)) {
                $sql = "UPDATE " . USERS_TABLE . "\n\t\t\t\t\tSET user_posts = user_posts + 1\n\t\t\t\t\tWHERE user_id = " . $user_id;
                if ($db->sql_query($sql, END_TRANSACTION)) {
                    // SUCCESS.
                    return true;
                } else {
                    message_die(GENERAL_ERROR, "Error updating users table", "", __LINE__, __FILE__, $sql);
                }
            } else {
                message_die(GENERAL_ERROR, "Error updating forums table", "", __LINE__, __FILE__, $sql);
            }
        } else {
            // Rollback
            if ($db->get_sql_layer() == "mysql") {
                $sql = "DELETE FROM " . POSTS_TABLE . "\n\t\t\t\t\tWHERE post_id = {$new_post_id}";
                $db->sql_query($sql);
            }
            message_die(GENERAL_ERROR, "Error updating topics table", "", __LINE__, __FILE__, $sql);
        }
    } else {
        message_die(GENERAL_ERROR, "Error inserting data into posts table", "", __LINE__, __FILE__, $sql);
    }
}
function insert_post($message, $subject, $forum_id, $user_id, $user_name, $user_attach_sig, $topic_id = NULL, $topic_type = POST_NORMAL, $do_notification = false, $notify_user = false, $current_time = 0, $error_die_function = '', $html_on = 0, $bbcode_on = 1, $smilies_on = 1)
{
    global $db, $board_config, $user_ip;
    // initialise some variables
    $topic_vote = 0;
    $mode = 'reply';
    $bbcode_uid = $bbcode_on ? make_bbcode_uid() : '';
    $error_die_function = $error_die_function == '' ? "message_die" : $error_die_function;
    $current_time = $current_time == 0 ? time() : $current_time;
    // parse the message and the subject (belt & braces :)
    $message = addslashes(unprepare_message($message));
    $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
    $subject = addslashes(str_replace('"', '&quot;', trim($subject)));
    $username = addslashes(unprepare_message(trim($user_name)));
    // fix for \" in username - wineknow.com
    $username = str_replace("\\\"", "\"", $username);
    // if this is a new topic then insert the topic details
    if (is_null($topic_id)) {
        $mode = 'newtopic';
        $sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('{$subject}', " . $user_id . ", {$current_time}, {$forum_id}, " . TOPIC_UNLOCKED . ", {$topic_type}, {$topic_vote})";
        if (!$db->sql_query($sql, BEGIN_TRANSACTION)) {
            $error_die_function(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
        }
        $topic_id = $db->sql_nextid();
    }
    // insert the post details using the topic id
    $sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ({$topic_id}, {$forum_id}, " . $user_id . ", '{$username}', {$current_time}, '{$user_ip}', {$bbcode_on}, {$html_on}, {$smilies_on}, {$user_attach_sig})";
    if (!$db->sql_query($sql, BEGIN_TRANSACTION)) {
        $error_die_function(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
    }
    $post_id = $db->sql_nextid();
    // insert the actual post text for our new post
    $sql = "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ({$post_id}, '{$subject}', '{$bbcode_uid}', '{$message}')";
    if (!$db->sql_query($sql, BEGIN_TRANSACTION)) {
        $error_die_function(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
    }
    // update the post counts etc.
    $newpostsql = $mode == 'newtopic' ? ',forum_topics = forum_topics + 1' : '';
    $sql = "UPDATE " . FORUMS_TABLE . " SET \n                forum_posts = forum_posts + 1,\n                forum_last_post_id = {$post_id}\n                {$newpostsql} \t\n            WHERE forum_id = {$forum_id}";
    if (!$db->sql_query($sql, BEGIN_TRANSACTION)) {
        $error_die_function(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
    }
    // update the first / last post ids for the topic
    $first_post_sql = $mode == 'newtopic' ? ", topic_first_post_id = {$post_id}  " : ' , topic_replies=topic_replies+1';
    $sql = "UPDATE " . TOPICS_TABLE . " SET \n                topic_last_post_id = {$post_id} \n                {$first_post_sql}\n            WHERE topic_id = {$topic_id}";
    if (!$db->sql_query($sql, BEGIN_TRANSACTION)) {
        $error_die_function(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
    }
    // update the user's post count and commit the transaction
    $sql = "UPDATE " . USERS_TABLE . " SET \n                user_posts = user_posts + 1\n            WHERE user_id = {$user_id}";
    if (!$db->sql_query($sql, END_TRANSACTION)) {
        $error_die_function(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
    }
    // add the search words for our new post
    switch ($board_config['version']) {
        case '.0.0':
        case '.0.1':
        case '.0.2':
        case '.0.3':
            add_search_words($post_id, stripslashes($message), stripslashes($subject));
            break;
        default:
            add_search_words('', $post_id, stripslashes($message), stripslashes($subject));
            break;
    }
    // do we need to do user notification
    if ($mode == 'reply' && $do_notification) {
        // DP bugfix (critical): $userdata['user_id'] must be set; otherwise,
        // user_notification() will generate a bad SQL query and die.
        global $userdata;
        $userdata['user_id'] = $user_id;
        // DP bugfix (minor): We should pass the topic title, not the post subject,
        // as the third param to user_notification.
        $sql = "SELECT topic_title FROM " . TOPICS_TABLE . " WHERE topic_id = {$topic_id}";
        if (!($result = $db->sql_query($sql))) {
            $error_die_function(GENERAL_ERROR, 'Error getting topic_title', '', __LINE__, __FILE__, $sql);
        }
        list($topic_title) = $db->sql_fetchrow($result);
        $post_data = array();
        user_notification($mode, $post_data, $topic_title, $forum_id, $topic_id, $post_id, $notify_user);
    }
    // if all is well then return the id of our new post
    return array('post_id' => $post_id, 'topic_id' => $topic_id);
}
Esempio n. 17
0
function cash_pm(&$targetdata, $privmsg_subject, &$message)
{
    global $db, $cache, $config, $user, $lang, $bbcode, $html_entities_match, $html_entities_replace;
    //
    // It looks like we're sending a PM!
    // NOTE: most of the following code is shamelessly "reproduced" from privmsg.php
    //
    include_once IP_ROOT_PATH . 'includes/bbcode.' . PHP_EXT;
    include_once IP_ROOT_PATH . 'includes/functions_post.' . PHP_EXT;
    $attach_sig = $user->data['user_attachsig'];
    $bbcode->allow_html = $user->data['user_allowhtml'] && $config['allow_html'] ? true : false;
    $bbcode->allow_bbcode = true;
    $bbcode->allow_smilies = $user->data['user_allowsmile'] && $config['allow_smilies'] ? true : false;
    $html_status = $bbcode->allow_html;
    $bbcode_status = $bbcode->allow_bbcode;
    $smilies_status = $bbcode->allow_smilies;
    $acro_auto_status = false;
    include_once IP_ROOT_PATH . 'includes/class_pm.' . PHP_EXT;
    $privmsg_message = prepare_message($message, $html_status, $bbcode_status, $smilies_status);
    $privmsg_sender = $user->data['user_id'];
    $privmsg_recipient = $targetdata['user_id'];
    $privmsg = new class_pm();
    if ($user->data['user_level'] != ADMIN && $privmsg->is_flood()) {
        message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
    }
    $privmsg->delete_older_message('PM_INBOX', $privmsg_recipient);
    $privmsg->send($privmsg_sender, $privmsg_recipient, $privmsg_subject, $privmsg_message, $attach_sig, $html_status, $bbcode_status, $smilies_status, $acro_auto_status);
    if ($targetdata['user_notify_pm'] && !empty($targetdata['user_email']) && $targetdata['user_active']) {
        //HTML Message
        $clean_tags = $config['html_email'] ? false : true;
        $bbcode->allow_bbcode = $config['allow_bbcode'] ? $config['allow_bbcode'] : false;
        $bbcode->allow_html = $config['allow_html'] ? $config['allow_html'] : false;
        $bbcode->allow_smilies = $config['allow_smilies'] ? $config['allow_smilies'] : false;
        $message = $bbcode->parse($privmsg_message, '', false, $clean_tags);
        $message = stripslashes($message);
        //HTML Message
        $privmsg->notification($privmsg_sender, $privmsg_recipient, $targetdata['user_email'], $lang['Notification_subject'], $message, false, $privmsg_subject, $targetdata['username'], $targetdata['user_lang'], false);
    }
    unset($privmsg);
}
function send_pm($privmsg_id, $from_userdata, &$to_user_ids, $subject, $message, $icon, $html_on = '?', $bbcode_on = '?', $smiley_on = '?', $attach_sig = '?')
{
    global $userdata, $user_ip;
    global $lang, $board_config, $db, $phpbb_root_path, $phpEx, $bbcode_parse;
    global $folders;
    global $s_unread;
    // get some constants
    $time = time();
    $sql_priority = SQL_LAYER == 'mysql' ? 'LOW_PRIORITY' : '';
    $q = "'";
    // lists of impacted users
    $recips = array();
    // fix some parameters
    $privmsg_id = intval(trim($privmsg_id));
    $subject = trim($subject);
    $message = trim($message);
    $icon = intval($icon);
    $privmsg_ip = $user_ip;
    // recipient is not an array, so make one
    if (!is_array($to_user_ids) && !empty($to_user_ids)) {
        $to_user_ids = array(intval($to_user_ids));
    }
    // check if recipients
    if (empty($to_user_ids)) {
        return 'No_to_user';
    }
    $s_to_user_ids = implode(', ', $to_user_ids);
    // deleted recip
    $s_new_delete = '';
    $s_unread_delete = '';
    $s_new_add = '';
    $s_unread_add = '';
    $s_read_add = '';
    // check we have a message and a subject
    if (empty($subject)) {
        return 'Empty_subject';
    }
    if (empty($message)) {
        return 'Empty_message';
    }
    // from_user_id can be 0 for sys message (sent by the board)
    if (empty($from_userdata)) {
        $from_userdata['user_id'] = 0;
        $from_userdata['username'] = $board_config['sitename'];
        $from_userdata['user_allowhtml'] = $board_config['allow_html'];
        $from_userdata['user_allowbbcode'] = $board_config['allow_bbcode'];
        $from_userdata['user_allowsmile'] = $board_config['allow_smilies'];
        $from_userdata['user_attachsig'] = $board_config['allow_sig'];
    }
    $from_user_id = intval($from_userdata['user_id']);
    // init message row
    $bbcode_uid = '';
    $html_on = !$board_config['allow_html'] ? false : $html_on == '?' ? intval($from_userdata['user_allowhtml']) : intval($html_on);
    $bbcode_on = !$board_config['allow_bbcode'] ? false : $bbcode_on == '?' ? intval($from_userdata['user_allowbbcode']) : intval($bbcode_on);
    $smiley_on = !$board_config['allow_smilies'] ? false : $smiley_on == '?' ? intval($from_userdata['user_allowsmile']) : intval($smiley_on);
    $attach_sig = !$board_config['allow_sig'] ? false : $attach_sig == '?' ? intval($from_userdata['user_attachsig']) : intval($attach_sig);
    $create = true;
    if (!empty($privmsg_id)) {
        $create = false;
    }
    //------------------------------
    // edit a message : read the pm and take care of recipients that are no more recipients
    //------------------------------
    if (!$create) {
        //-------------------------------
        // read the pm and check if ok to edit by the user (it has to belong to him)
        //-------------------------------
        $sql = "SELECT p.*, pr.*\n                    FROM " . PRIVMSGA_TABLE . " p, " . PRIVMSGA_RECIPS_TABLE . " pr\n                    WHERE p.privmsg_id = {$privmsg_id}\n                        AND pr.privmsg_id = p.privmsg_id\n                        AND pr.privmsg_user_id = {$from_user_id}\n                        AND pr.privmsg_direct = 0\n                        AND pr.privmsg_status = " . STS_TRANSIT;
        if (!($result = $db->sql_query($sql))) {
            message_die(GENERAL_ERROR, 'Could not read message to duplicate', '', __LINE__, __FILE__, $sql);
        }
        if (!($privmsg = $db->sql_fetchrow($result))) {
            return 'No_such_post';
        }
        // get some values from the original message
        $privmsg_ip = $privmsg['privmsg_ip'];
        //-------------------------------
        // manage recipients that are no more
        //-------------------------------
        // get users that are no more recipients and haven't read their pms
        $sql = "SELECT privmsg_user_id\n                    FROM " . PRIVMSGA_RECIPS_TABLE . "\n                    WHERE privmsg_user_id NOT IN ({$s_to_user_ids})\n                        AND privmsg_direct = 1\n                        AND privmsg_id = {$privmsg_id}\n                        AND privmsg_status = " . STS_TRANSIT . "\n                        AND privmsg_read IN ({$s_unread})";
        if (!($result = $db->sql_query($sql))) {
            message_die(GENERAL_ERROR, 'Could not read users no more recipients having not yet readen the message', '', __LINE__, __FILE__, $sql);
        }
        while ($row = $db->sql_fetchrow($result)) {
            if ($row['privmsg_read'] == NEW_MAIL) {
                $s_new_delete .= (empty($s_new_delete) ? '' : ', ') . $row['privmsg_user_ids'];
            } else {
                $s_unread_delete .= (empty($s_unread_delete) ? '' : ', ') . $row['privmsg_user_ids'];
            }
        }
        // delete recipients for users who have deleted the message or not yet read and are no more recipients
        $sql = "DELETE {$sql_priority}\n                    FROM " . PRIVMSGA_RECIPS_TABLE . "\n                    WHERE privmsg_user_id NOT IN ({$s_to_user_ids})\n                        AND privmsg_direct = 1\n                        AND privmsg_id = {$privmsg_id}\n                        AND ( privmsg_read IN ({$s_unread}) OR privmsg_status = " . STS_DELETED . " )";
        if (!$db->sql_query($sql)) {
            message_die(GENERAL_ERROR, 'Could not delete users no more recipients having deleted or not yet readen the message', '', __LINE__, __FILE__, $sql);
        }
        // verify recipients that are no more but have read the pm
        $sql = "SELECT *\n                    FROM " . PRIVMSGA_RECIPS_TABLE . "\n                    WHERE privmsg_user_id NOT IN ({$s_to_user_ids})\n                        AND privmsg_direct = 1\n                        AND privmsg_id = {$privmsg_id}\n                        AND privmsg_read = " . READ_MAIL . "\n                        AND privmsg_status <> " . STS_DELETED . "\n                    LIMIT 0, 1";
        if (!($result = $db->sql_query($sql))) {
            message_die(GENERAL_ERROR, 'Could not check if copy required', '', __LINE__, __FILE__, $sql);
        }
        // if some, duplicate the message and attach them to it
        if ($db->sql_numrows($result) > 0) {
            // message
            $fields = array();
            $fields['privmsg_subject'] = $q . str_replace("\\'", "''", str_replace('\\"', '"', addslashes(stripslashes($privmsg['privmsg_subject'])))) . $q;
            $fields['privmsg_text'] = $q . str_replace("\\'", "''", str_replace('\\"', '"', addslashes(stripslashes($privmsg['privmsg_text'])))) . $q;
            $fields['privmsg_bbcode_uid'] = $q . $privmsg['privmsg_bbcode_uid'] . $q;
            $fields['privmsg_time'] = intval($privmsg['privmsg_time']);
            $fields['privmsg_enable_bbcode'] = intval($privmsg['privmsg_enable_bbcode']);
            $fields['privmsg_enable_html'] = intval($privmsg['privmsg_enable_html']);
            $fields['privmsg_enable_smilies'] = intval($privmsg['privmsg_enable_smilies']);
            $fields['privmsg_attach_sig'] = intval($privmsg['privmsg_attach_sig']);
            $fields['privmsg_icon'] = intval($privmsg['privmsg_icon']);
            // generate a copy of the pm for recipients that are no more but have readen the pm, and mark it as deleted for the author
            _sql_statements($fields, $sql_fields, $sql_values, $sql_update);
            $sql = "INSERT {$sql_priority}\n                        INTO " . PRIVMSGA_TABLE . "\n                        ({$sql_fields})\n                        VALUES({$sql_values})";
            if (!$db->sql_query($sql)) {
                message_die(GENERAL_ERROR, 'Could not generate a copy of original pm', '', __LINE__, __FILE__, $sql);
            }
            // get the copy id
            $privmsg_copy_id = $db->sql_nextid();
            // author
            $fields_recip = array();
            $fields_recip['privmsg_id'] = $privmsg_copy_id;
            $fields_recip['privmsg_direct'] = 0;
            $fields_recip['privmsg_user_id'] = intval($privmsg['privmsg_user_id']);
            $fields_recip['privmsg_ip'] = $q . $privmsg['privmsg_ip'] . $q;
            $fields_recip['privmsg_folder_id'] = intval($privmsg['privmsg_folder_id']);
            $fields_recip['privmsg_status'] = STS_DELETED;
            $fields_recip['privmsg_read'] = READ_PM;
            $fields_recip['privmsg_distrib'] = 1;
            // generate the author info
            _sql_statements($fields_recip, $sql_fields, $sql_values, $sql_update);
            $sql = "INSERT {$sql_priority}\n                        INTO " . PRIVMSGA_RECIPS_TABLE . "\n                        ({$sql_fields})\n                        VALUES({$sql_values})";
            if (!$db->sql_query($sql)) {
                message_die(GENERAL_ERROR, 'Could not generate a copy of original pm author', '', __LINE__, __FILE__, $sql);
            }
            // attach to the copy recipients that are no more but have readed the pm
            $sql = "UPDATE {$sql_priority} " . PRIVMSGA_RECIPS_TABLE . "\n                        SET privmsg_id = {$privmsg_copy_id}, privmsg_distrib = 1\n                        WHERE privmsg_user_id NOT IN ({$s_to_user_ids})\n                            AND privmsg_direct = 1\n                            AND privmsg_id = {$privmsg_id}\n                            AND privmsg_read = " . READ_MAIL;
            if (!$db->sql_query($sql)) {
                message_die(GENERAL_ERROR, 'Could not attach recips to the copied pm', '', __LINE__, __FILE__, $sql);
            }
        }
        //-------------------------------
        // get the existing recips list
        //-------------------------------
        $sql = "SELECT pr.privmsg_user_id, pr.privmsg_read\n                    FROM " . PRIVMSGA_RECIPS_TABLE . " pr\n                    WHERE pr.privmsg_id = {$privmsg_id}\n                        AND pr.privmsg_direct = 1";
        if (!($result = $db->sql_query($sql))) {
            message_die(GENERAL_ERROR, 'Could not read recipients', '', __LINE__, __FILE__, $sql);
        }
        while ($row = $db->sql_fetchrow($result)) {
            $recips[$row['privmsg_user_id']] = $row['privmsg_read'];
        }
    }
    //----------------------------
    // create or update the message
    //----------------------------
    // get a bbcode uid
    $bbcode_uid = $bbcode_on ? $bbcode_parse->make_bbcode_uid() : '';
    // prepare the message and add bbcode uid to the bbcodes
    $message = prepare_message($message, $html_on, $bbcode_on, $smiley_on, $bbcode_uid);
    // message
    $fields = array();
    $fields['privmsg_subject'] = $q . str_replace("\\'", "''", str_replace('\\"', '"', addslashes(stripslashes($subject)))) . $q;
    $fields['privmsg_text'] = $q . str_replace("\\'", "''", str_replace('\\"', '"', addslashes(stripslashes($message)))) . $q;
    $fields['privmsg_bbcode_uid'] = $q . $bbcode_uid . $q;
    $fields['privmsg_time'] = $time;
    $fields['privmsg_enable_bbcode'] = $bbcode_on;
    $fields['privmsg_enable_html'] = $html_on;
    $fields['privmsg_enable_smilies'] = $smiley_on;
    $fields['privmsg_attach_sig'] = $attach_sig;
    $fields['privmsg_icon'] = $icon;
    // process
    if ($create) {
        // message
        _sql_statements($fields, $sql_fields, $sql_values, $sql_update);
        $sql = "INSERT {$sql_priority}\n                    INTO " . PRIVMSGA_TABLE . "\n                    ({$sql_fields})\n                    VALUES({$sql_values})";
        if (!$db->sql_query($sql)) {
            message_die(GENERAL_ERROR, 'Could not create pm', '', __LINE__, __FILE__, $sql);
        }
        // store the new privmsg_id
        $privmsg_id = $db->sql_nextid();
        // author
        $fields_recip = array();
        $fields_recip['privmsg_id'] = $privmsg_id;
        $fields_recip['privmsg_ip'] = $q . $privmsg_ip . $q;
        $fields_recip['privmsg_status'] = STS_TRANSIT;
        $fields_recip['privmsg_read'] = NEW_MAIL;
        $fields_recip['privmsg_distrib'] = 0;
        $fields_recip['privmsg_folder_id'] = OUTBOX;
        $fields_recip['privmsg_direct'] = 0;
        $fields_recip['privmsg_user_id'] = $from_user_id;
        _sql_statements($fields_recip, $sql_fields, $sql_values, $sql_update);
        $sql = "INSERT {$sql_priority}\n                    INTO " . PRIVMSGA_RECIPS_TABLE . "\n                    ({$sql_fields})\n                    VALUES({$sql_values})";
        if (!$db->sql_query($sql)) {
            message_die(GENERAL_ERROR, 'Could not create pm author', '', __LINE__, __FILE__, $sql);
        }
        // recipients
        $fields_recip['privmsg_direct'] = 1;
        $fields_recip['privmsg_folder_id'] = INBOX;
        _sql_statements($fields_recip, $sql_fields, $sql_values, $sql_update, 'privmsg_user_id');
        for ($i = 0; $i < count($to_user_ids); $i++) {
            $privmsg_to_user_id = intval($to_user_ids[$i]);
            if (!empty($privmsg_to_user_id)) {
                $sql = "INSERT {$sql_priority}\n                            INTO " . PRIVMSGA_RECIPS_TABLE . "\n                            ({$sql_fields}, privmsg_user_id)\n                            VALUES({$sql_values}, {$privmsg_to_user_id})";
                if (!$db->sql_query($sql)) {
                    message_die(GENERAL_ERROR, 'Could not create pm recipient', '', __LINE__, __FILE__, $sql);
                }
                $s_new_add .= (empty($s_new_add) ? '' : ', ') . $privmsg_to_user_id;
            }
        }
    } else {
        // message
        _sql_statements($fields, $sql_fields, $sql_values, $sql_update);
        $sql = "UPDATE {$sql_priority} " . PRIVMSGA_TABLE . "\n                    SET {$sql_update}\n                    WHERE privmsg_id = {$privmsg_id}";
        if (!$db->sql_query($sql)) {
            message_die(GENERAL_ERROR, 'Could not update pm', '', __LINE__, __FILE__, $sql);
        }
        // author
        $fields_recip = array();
        $fields_recip['privmsg_id'] = $privmsg_id;
        $fields_recip['privmsg_ip'] = $q . $privmsg_ip . $q;
        $fields_recip['privmsg_status'] = STS_TRANSIT;
        $fields_recip['privmsg_read'] = NEW_MAIL;
        $fields_recip['privmsg_distrib'] = 0;
        $fields_recip['privmsg_folder_id'] = OUTBOX;
        $fields_recip['privmsg_direct'] = 0;
        $fields_recip['privmsg_user_id'] = $from_user_id;
        _sql_statements($fields_recip, $sql_fields, $sql_values, $sql_update);
        $sql = "UPDATE {$sql_priority} " . PRIVMSGA_RECIPS_TABLE . "\n                    SET {$sql_update}\n                    WHERE privmsg_id = {$privmsg_id}\n                        AND privmsg_direct = 0";
        if (!$db->sql_query($sql)) {
            message_die(GENERAL_ERROR, 'Could not update pm', '', __LINE__, __FILE__, $sql);
        }
        // recipients
        $fields_recip['privmsg_direct'] = 1;
        $fields_recip['privmsg_folder_id'] = INBOX;
        _sql_statements($fields_recip, $sql_fields, $sql_values, $sql_update, 'privmsg_user_id');
        for ($i = 0; $i < count($to_user_ids); $i++) {
            $privmsg_to_user_id = intval($to_user_ids[$i]);
            if (!empty($privmsg_to_user_id)) {
                if (!isset($recips[$privmsg_to_user_id])) {
                    // create a new recip
                    $sql = "INSERT {$sql_priority}\n                                INTO " . PRIVMSGA_RECIPS_TABLE . "\n                                ({$sql_fields}, privmsg_user_id)\n                                VALUES({$sql_values}, {$privmsg_to_user_id})";
                    if (!$db->sql_query($sql)) {
                        message_die(GENERAL_ERROR, 'Could not create pm recipient', '', __LINE__, __FILE__, $sql);
                    }
                    $s_new_add .= (empty($s_new_add) ? '' : ', ') . $privmsg_to_user_id;
                } else {
                    // update an existing recip
                    $sql = "UPDATE {$sql_priority} " . PRIVMSGA_RECIPS_TABLE . "\n                                SET {$sql_update}\n                                WHERE privmsg_id = {$privmsg_id}\n                                    AND privmsg_user_id = {$privmsg_to_user_id}\n                                    AND privmsg_direct = 1";
                    if (!$db->sql_query($sql)) {
                        message_die(GENERAL_ERROR, 'Could not update pm recipient', '', __LINE__, __FILE__, $sql);
                    }
                    switch ($recips[$privmsg_to_user_id]) {
                        case READ_MAIL:
                            $s_read_add .= (empty($s_read_add) ? '' : ', ') . $privmsg_to_user_id;
                            break;
                        case UNREAD_MAIL:
                            $s_unread_add .= (empty($s_unread_add) ? '' : ', ') . $privmsg_to_user_id;
                            break;
                        case NEW_MAIL:
                            $s_new_add .= (empty($s_new_add) ? '' : ', ') . $privmsg_to_user_id;
                            break;
                    }
                }
            }
        }
    }
    //----------------------------
    // adjust the impacted users box
    //----------------------------
    if (!empty($s_new_delete)) {
        $sql = "UPDATE " . USERS_TABLE . "\n                    SET user_new_privmsg = user_new_privmsg-1\n                    WHERE user_id IN ({$s_new_delete})";
        if (!$db->sql_query($sql)) {
            message_die(GENERAL_ERROR, 'Could not update users counter - deleted new private messages', '', __LINE__, __FILE__, $sql);
        }
    }
    if (!empty($s_unread_delete) || !empty($s_unread_add)) {
        $semicol = empty($s_unread_delete) || empty($s_unread_add) ? '' : ',';
        $sql = "UPDATE " . USERS_TABLE . "\n                    SET user_unread_privmsg = user_unread_privmsg-1\n                    WHERE user_id IN ({$s_unread_delete} {$semicol} {$s_unread_add})";
        if (!$db->sql_query($sql)) {
            message_die(GENERAL_ERROR, 'Could not update users counter - deleted unread private messages', '', __LINE__, __FILE__, $sql);
        }
    }
    if (!empty($s_read_add) || !empty($s_new_add)) {
        $semicol = empty($s_read_add) || empty($s_new_add) ? '' : ',';
        $sql = "UPDATE " . USERS_TABLE . "\n                    SET user_new_privmsg = user_new_privmsg+1,\n                        user_last_privmsg = {$time}\n                    WHERE user_id IN ({$s_read_add} {$semicol} {$s_new_add})";
        if (!$db->sql_query($sql)) {
            message_die(GENERAL_ERROR, 'Could not update users counter - deleted new private messages', '', __LINE__, __FILE__, $sql);
        }
    }
    // notifications
    $date = $privmsg['privmsg_time'];
    $copy = false;
    // server values
    $server_name = trim($board_config['server_name']);
    $server_protocol = $board_config['cookie_secure'] ? 'https://' : 'http://';
    $server_port = $board_config['server_port'] != 80 ? ':' . trim($board_config['server_port']) . '/' : '/';
    // sender script
    $script_name = preg_replace('/^\\/?(.*?)\\/?$/', '\\1', trim($board_config['script_path']));
    $script_name = !empty($script_name) ? $script_name . '/privmsga.' . $phpEx : 'privmsga.' . $phpEx;
    // specific data
    $parsed_values = array('U_INBOX' => $server_protocol . $server_name . $server_port . $script_name . '?folder=' . INBOX);
    $recips = array();
    send_mail('privmsg_notify', $from_userdata, $to_user_ids, $recips, $subject, $message, $time, $copy, $parsed_values);
    if (defined('IN_CASHMOD')) {
        $pmer = new cash_user($userdata['user_id'], $userdata);
        $pmer->give_pm_amount();
    }
    return '';
}
Esempio n. 19
0
	}
	elseif ($mode == 'edit')
	{
		$link_name = $lang['Edit_message'];
	}
	$nav_server_url = create_server_url();
	$breadcrumbs['address'] = $lang['Nav_Separator'] . '<a href="' . $nav_server_url . append_sid(CMS_PAGE_PRIVMSG . '?folder=inbox') . '"' . (!empty($link_name) ? '' : ' class="nav-current"') . '>' . $lang['Private_Messaging'] . '</a>' . (!empty($link_name) ? ($lang['Nav_Separator'] . '<a class="nav-current" href="#">' . $link_name . '</a>') : '');
	$skip_nav_cat = true;
	include_once(IP_ROOT_PATH . 'includes/users_zebra_block.' . PHP_EXT);

	if ($preview && !$error)
	{
		$privmsg_message = !empty($draft_message) ? $draft_message : $privmsg_message;
		$privmsg_subject = !empty($draft_subject) ? $draft_subject : $privmsg_subject;

		$preview_message = prepare_message($privmsg_message, $html_on, $bbcode_on, $smilies_on);
		$privmsg_message = preg_replace($html_entities_match, $html_entities_replace, $privmsg_message);

		// Finalise processing as per viewtopic
		if (!$html_on)
		{
			if ($user_sig != '' || !$user->data['user_allowhtml'])
			{
				$user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "&lt;\\2&gt;", $user_sig);
			}
		}

		$preview_subject = censor_text($privmsg_subject);
		$preview_message = censor_text($preview_message);

		if ($attach_sig && ($user_sig != ''))
Esempio n. 20
0
         // END EMAIL-NOTIFY
     }
     // BEGIN PM-NOTIFY ON OUTBID
     // Check ACP-setting
     if ($auction_config_data['auction_pm_notify']) {
         $outbid_pm_subject = $lang['outbid'] . " - " . prepare_message(addslashes(unprepare_message(htmlspecialchars(trim(stripslashes($auction_corresponding_bids_start_stop_row['auction_offer_title']))))), $board_config['allow_html'], $board_config['allow_bbcode'], $board_config['allow_smilies'], 0);
         $outbid_pm = $lang['outbid_pm'];
         $privmsgs_date = date("U");
         $sql = "INSERT INTO " . PRIVMSGS_TABLE . "\r\n                                                           (privmsgs_type,\r\n                                                            privmsgs_subject,\r\n                                                            privmsgs_from_userid,\r\n                                                            privmsgs_to_userid,\r\n                                                            privmsgs_date,\r\n                                                            privmsgs_enable_html,\r\n                                                            privmsgs_enable_bbcode,\r\n                                                            privmsgs_enable_smilies,\r\n                                                            privmsgs_attach_sig)\r\n                                                       VALUES ('0',\r\n                                                               '" . str_replace("\\'", "''", addslashes(sprintf($outbid_pm_subject, $board_config['sitename']))) . "',\r\n                                                               '2',\r\n                                                               " . $auction_corresponding_bids_start_stop_row['FK_auction_offer_last_bid_user_id'] . ",\r\n                                                               " . $privmsgs_date . ",\r\n                                                               '0',\r\n                                                               '1',\r\n                                                               '1',\r\n                                                               '0')";
         if (!$db->sql_query($sql)) {
             message_die(GENERAL_ERROR, 'Could not insert private message sent info', '', __LINE__, __FILE__, $sql);
         }
         // if
         $outbid_sent_id = $db->sql_nextid();
         $outbid_text = $lang['outbid_pm_text'];
         $sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . "\r\n                                                           (privmsgs_text_id,\r\n                                                            privmsgs_text)\r\n                                                      VALUES ({$outbid_sent_id},\r\n                                                              '" . str_replace("\\'", "''", addslashes(sprintf($outbid_pm, $board_config['sitename']))) . "</br></br><a href=auction_offer_view.php?ao=" . $HTTP_GET_VARS[POST_AUCTION_OFFER_URL] . '>' . prepare_message(addslashes(unprepare_message(htmlspecialchars(trim(stripslashes($auction_corresponding_bids_start_stop_row['auction_offer_title']))))), $board_config['allow_html'], $board_config['allow_bbcode'], $board_config['allow_smilies'], 0) . '</a></br>' . $board_config['board_email_sig'] . "')";
         if (!$db->sql_query($sql)) {
             message_die(GENERAL_ERROR, 'Could not insert private message sent text', '', __LINE__, __FILE__, $sql);
         }
         // if
         $sql = "UPDATE " . USERS_TABLE . "\r\n                                                      SET user_new_privmsg=user_new_privmsg+1,\r\n                                                          user_new_privmsg = user_new_privmsg +1\r\n                                                      WHERE user_id=" . $auction_corresponding_bids_start_stop_row['FK_auction_offer_last_bid_user_id'];
         if (!$db->sql_query($sql)) {
             message_die(GENERAL_ERROR, 'Could not update user table for outbid notification', '', __LINE__, __FILE__, $sql);
         }
         // if
     }
     // if
     // End pm-notification
 }
 // if
 $message = $lang['auction_room_bid_successful'] . "<br /><br />" . sprintf($lang['Click_return_offer'], "<a href=\"" . append_sid("auction_offer_view.{$phpEx}?ao=" . $HTTP_GET_VARS[POST_AUCTION_OFFER_URL]) . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_auction_index'], "<a href=\"" . append_sid("auction.{$phpEx}") . "\">", "</a>");
Esempio n. 21
0
             $emailer->assign_vars(array('USERNAME' => html_entity_decode($to_username), 'NAME_FROM' => $userdata['username'], 'MSG_SUBJECT' => html_entity_decode($privmsg_subject), 'SITENAME' => $bb_cfg['sitename'], 'U_INBOX' => make_url(PM_URL . "?folder=inbox&mode=read&p={$privmsg_sent_id}")));
             $emailer->send();
             $emailer->reset();
         }
     }
     pm_die($lang['MESSAGE_SENT']);
 } else {
     if ($preview || $refresh || $error) {
         //
         // If we're previewing or refreshing then obtain the data
         // passed to the script, process it a little, do some checks
         // where neccessary, etc.
         //
         $to_username = isset($_POST['username']) ? clean_username($_POST['username']) : '';
         $privmsg_subject = isset($_POST['subject']) ? clean_title($_POST['subject']) : '';
         $privmsg_message = isset($_POST['message']) ? prepare_message($_POST['message']) : '';
         //
         // Do mode specific things
         //
         if ($mode == 'post') {
             $page_title = $lang['POST_NEW_PM'];
         } else {
             if ($mode == 'reply') {
                 $page_title = $lang['POST_REPLY_PM'];
             } else {
                 if ($mode == 'edit') {
                     $page_title = $lang['EDIT_PM'];
                     $sql = "SELECT u.user_id\n\t\t\t\tFROM " . BB_PRIVMSGS . " pm, " . BB_USERS . " u\n\t\t\t\tWHERE pm.privmsgs_id = {$privmsg_id}\n\t\t\t\t\tAND u.user_id = pm.privmsgs_from_userid";
                     if (!($result = DB()->sql_query($sql))) {
                         bb_die('Could not obtain post and post text');
                     }
Esempio n. 22
0
            $sql = "UPDATE " . USERS_TABLE . "\n\t\t\tSET user_sig = '" . $db->sql_escape($signature) . "'\n\t\t\tWHERE user_id = {$user_id}";
            $result = $db->sql_query($sql);
            $save_message = $lang['sig_save_message'];
        }
    } else {
        message_die(GENERAL_MESSAGE, 'An Error occured while submitting Signature');
    }
} elseif ($preview) {
    $template->assign_block_vars('switch_preview_sig', array());
    if (isset($signature)) {
        $preview_sig = $signature;
        if (strlen($preview_sig) > $config['max_sig_chars']) {
            $preview_sig = $lang['Signature_too_long'];
        } else {
            $preview_sig = htmlspecialchars($preview_sig);
            $preview_sig = stripslashes(prepare_message(addslashes(unprepare_message($preview_sig)), $html_on, $bbcode_on, $smilies_on));
            if ($preview_sig != '') {
                $bbcode->is_sig = true;
                $preview_sig = $bbcode->parse($preview_sig);
                $bbcode->is_sig = false;
                $preview_sig = '<br />' . $config['sig_line'] . '<br />' . $preview_sig;
                //$preview_sig = nl2br($preview_sig);
                $preview_sig = censor_text($preview_sig);
            } else {
                $preview_sig = $lang['sig_none'];
            }
        }
    } else {
        message_die(GENERAL_MESSAGE, 'An Error occured while submitting Signature');
    }
} elseif ($mode) {
Esempio n. 23
0
            }
        }
    } else {
        $error = TRUE;
        $error_msg .= (!empty($error_msg) ? '<br />' : '') . $lang['No_to_user'];
    }
    $instant_subject = trim(strip_tags($_REQUEST['subject']));
    if (empty($instant_subject)) {
        $instant_subject = $default_im_subject;
    }
    if (!empty($_REQUEST['message'])) {
        if (!$error) {
            if ($bbcode_on) {
                $bbcode_uid = $bbcode_parse->make_bbcode_uid();
            }
            $instant_message = prepare_message($_REQUEST['message'], $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
        }
    } else {
        $error = TRUE;
        $error_msg .= (!empty($error_msg) ? '<br />' : '') . $lang['Empty_message'];
    }
}
if ($submit && !$error && !$site_id) {
    $msg_time = time();
    if ($prill_config['enable_im_limit']) {
        //
        // See if recipient is at their IM box limit
        // If so, don't send the message
        //
        $sql = 'SELECT COUNT(instmsgs_id) AS im_box_items, MIN(instmsgs_date) AS oldest_post_time
            FROM ' . INSTMSGS_TABLE . '
 //
 // Custom Title MOD
 //
 $custom_title = stripslashes($custom_title);
 //
 // Custom Title MOD End
 //
 if ($signature != '') {
     if (strlen($signature) > $board_config['max_sig_chars']) {
         $error = true;
         $error_msg .= (isset($error_msg) ? '<br />' : '') . $lang['Signature_too_long'];
     }
     if ($signature_bbcode_uid == '') {
         $signature_bbcode_uid = $view_userdata['user_allowbbcode'] ? $bbcode_parse->make_bbcode_uid() : '';
     }
     $signature = prepare_message($signature, $view_userdata['user_allowhtml'], $view_userdata['user_allowbbcode'], $view_userdata['user_allowsmile'], $signature_bbcode_uid);
     $view_userdata['user_sig'] = $signature;
     $view_userdata['user_sig_bbcode_uid'] = $signature_bbcode_uid;
 }
 if ($error) {
     //
     // Custom Title MOD
     //
     $custom_title = stripslashes($custom_title);
     //
     // Custom Title MOD End
     //
     message_die(GENERAL_ERROR, $error_msg);
 }
 if (!$error && !$preview) {
     //
Esempio n. 25
0
     $this->response['post_id'] = $post_id;
     break;
 case 'add':
     if (!isset($this->request['topic_id'])) {
         $this->ajax_die('empty topic_id');
     }
     if (bf($userdata['user_opt'], 'user_opt', 'dis_post')) {
         $this->ajax_die(strip_tags($lang['RULES_REPLY_CANNOT']));
     } elseif (!$is_auth['auth_reply']) {
         $this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
     }
     if ($post['topic_status'] == TOPIC_LOCKED && !$is_auth['auth_mod']) {
         $this->ajax_die($lang['TOPIC_LOCKED']);
     }
     $message = (string) $this->request['message'];
     $message = prepare_message($message);
     // Flood control
     $where_sql = IS_GUEST ? "p.poster_ip = '" . USER_IP . "'" : "p.poster_id = {$userdata['user_id']}";
     $sql = "SELECT MAX(p.post_time) AS last_post_time FROM " . BB_POSTS . " p WHERE {$where_sql}";
     if ($row = DB()->fetch_row($sql) and $row['last_post_time']) {
         if ($userdata['user_level'] == USER) {
             if (TIMENOW - $row['last_post_time'] < $bb_cfg['flood_interval']) {
                 $this->ajax_die($lang['FLOOD_ERROR']);
             }
         }
     }
     // Double Post Control
     if (!empty($row['last_post_time']) && !IS_AM) {
         $sql = "\n\t\t\t\tSELECT pt.post_text\n\t\t\t\tFROM " . BB_POSTS . " p, " . BB_POSTS_TEXT . " pt\n\t\t\t\tWHERE {$where_sql}\n\t\t\t\t\tAND p.post_time = " . (int) $row['last_post_time'] . "\n\t\t\t\t\tAND pt.post_id = p.post_id\n\t\t\t\tLIMIT 1\n\t\t\t";
         if ($row = DB()->fetch_row($sql)) {
             $last_msg = DB()->escape($row['post_text']);
Esempio n. 26
0
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length, &$max_vote, &$hide_vote, &$tothide_vote)
{
    global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path;
    // Check username
    if (!empty($username)) {
        $username = phpbb_clean_username($username);
        if (!$userdata['session_logged_in'] || $userdata['session_logged_in'] && $username != $userdata['username']) {
            include $phpbb_root_path . 'includes/functions_validate.' . $phpEx;
            $result = validate_username($username);
            if ($result['error']) {
                $error_msg .= !empty($error_msg) ? '<br />' . $result['error_msg'] : $result['error_msg'];
            }
        } else {
            $username = '';
        }
    }
    // Check subject
    if (!empty($subject)) {
        $subject = htmlspecialchars(trim($subject));
    } else {
        if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
            $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
        }
    }
    // Start Smilies Invasion Mod
    // Check Smiley Count
    if ($userdata['user_level'] != ADMIN) {
        // -~= { Start User Configuration } =~- \\
        $smilies_limit = 3;
        // -~= { End User Configuration { =~- \\
        $smilies_count = smilies_count($subject);
        if ($smilies_count > $smilies_limit) {
            $error_msg .= !empty($error_msg) ? '<br />' . sprintf($lang['Smilies_invasion_error_count'], $smilies_count, $smilies_limit) : sprintf($lang['Smilies_invasion_error_count'], $smilies_count, $smilies_limit);
        }
    }
    // End Smilies Invasion Mod
    // Check message
    if (!empty($message)) {
        $bbcode_uid = $bbcode_on ? make_bbcode_uid() : '';
        $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
    } else {
        if ($mode != 'delete' && $mode != 'poll_delete') {
            $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
        }
    }
    //
    // Handle poll stuff
    //
    if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
        $poll_length = isset($poll_length) ? max(0, $poll_length + $poll_length_h / 24) : 0;
        ${$max_vote} = isset($max_vote) ? max(0, intval($max_vote)) : 0;
        ${$hide_vote} = isset($hide_vote) ? max(0, intval($hide_vote)) : 0;
        ${$tothide_vote} = isset($tothide_vote) ? max(0, intval($tothide_vote)) : 0;
        if (!empty($poll_title)) {
            $poll_title = htmlspecialchars(trim($poll_title));
        }
        if (!empty($poll_options)) {
            $temp_option_text = array();
            while (list($option_id, $option_text) = @each($poll_options)) {
                $option_text = trim($option_text);
                if (!empty($option_text)) {
                    $temp_option_text[intval($option_id)] = htmlspecialchars($option_text);
                }
            }
            $option_text = $temp_option_text;
            if (count($poll_options) < 2) {
                $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
            } else {
                if (count($poll_options) > $board_config['max_poll_options']) {
                    $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
                } else {
                    if ($poll_title == '') {
                        $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];
                    }
                }
            }
        }
    }
    return;
}
Esempio n. 27
0
     if ($submit && $from != $pr_data['user_from']) {
         $pr_data['user_from'] = $from;
         $db_data['user_from'] = (string) $from;
     }
     $tp_data['USER_FROM'] = $pr_data['user_from'];
     break;
     /**
      *  Подпись (edit)
      */
 /**
  *  Подпись (edit)
  */
 case 'user_sig':
     $sig = isset($_POST['user_sig']) ? (string) $_POST['user_sig'] : $pr_data['user_sig'];
     if ($submit && $sig != $pr_data['user_sig']) {
         $sig = prepare_message($sig);
         if (mb_strlen($sig, 'UTF-8') > $bb_cfg['max_sig_chars']) {
             $errors[] = $lang['SIGNATURE_TOO_LONG'];
         } else {
             if (preg_match('#<(a|b|i|u|table|tr|td|img) #i', $sig) || preg_match('#(href|src|target|title)=#i', $sig)) {
                 $errors[] = $lang['SIGNATURE_ERROR_HTML'];
             }
         }
         $pr_data['user_sig'] = $sig;
         $db_data['user_sig'] = (string) $sig;
     }
     $tp_data['USER_SIG'] = $pr_data['user_sig'];
     break;
     /**
      *  Род занятий (edit)
      */
Esempio n. 28
0
 // Start output, first preview, then errors then post form
 //
 $page_title = $lang['Send_private_message'];
 include $phpbb_root_path . 'includes/page_header.' . $phpEx;
 //-- mod : bbcode box reloaded -------------------------------------------------
 //-- add
 include $phpbb_root_path . 'includes/bbc_box_tags.' . $phpEx;
 //-- fin mod : bbcode box reloaded ---------------------------------------------
 if ($preview && !$error) {
     $orig_word = array();
     $replacement_word = array();
     obtain_word_list($orig_word, $replacement_word);
     if ($bbcode_on) {
         $bbcode_uid = make_bbcode_uid();
     }
     $preview_message = stripslashes(prepare_message($privmsg_message, $html_on, $bbcode_on, $smilies_on, $bbcode_uid));
     $privmsg_message = stripslashes(preg_replace($html_entities_match, $html_entities_replace, $privmsg_message));
     //
     // Finalise processing as per viewtopic
     //
     if (!$html_on || !$board_config['allow_html'] || !$userdata['user_allowhtml']) {
         if ($user_sig != '') {
             $user_sig = preg_replace('#(<)([\\/]?.*?)(>)#is', "&lt;\\2&gt;", $user_sig);
         }
     }
     if ($attach_sig && $user_sig != '' && $userdata['user_sig_bbcode_uid']) {
         $user_sig = bbencode_second_pass($user_sig, $userdata['user_sig_bbcode_uid']);
     }
     if ($bbcode_on) {
         $preview_message = bbencode_second_pass($preview_message, $bbcode_uid);
     }
Esempio n. 29
0
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$nowplaying, &$poll_title, &$poll_options, &$poll_length)
{
	global $config, $userdata, $lang;

	// Check subject
	if (!empty($subject))
	{
		$subject = htmlspecialchars(trim($subject));
	}
	else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
	{
		$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
	}

	// Check message
	if (!empty($message))
	{
		$message = prepare_message($message, $html_on, $bbcode_on, $smilies_on);
	}
	else if ($mode != 'delete' && $mode != 'poll_delete')
	{
		$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
	}

	//
	// Handle poll stuff
	//
	if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
	{
		$poll_length = (isset($poll_length)) ? max(0, intval($poll_length)) : 0;

		if (!empty($poll_title))
		{
			$poll_title = htmlspecialchars(trim($poll_title));
		}

		if(!empty($poll_options))
		{
			$temp_option_text = w();
			while(list($option_id, $option_text) = @each($poll_options))
			{
				$option_text = trim($option_text);
				if (!empty($option_text))
				{
					$temp_option_text[$option_id] = htmlspecialchars($option_text);
				}
			}
			$option_text = $temp_option_text;

			if (count($poll_options) < 2)
			{
				$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
			}
			else if (count($poll_options) > $config['max_poll_options'])
			{
				$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
			}
			else if ($poll_title == '')
			{
				$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];
			}
		}
	}

	return;
}