function comment_post($comment_body, $comment_secure, $object_title = "", $object_owner = "", $object_owner_id = 0, $object_privacy = "")
{
global $database, $user, $owner, $setting, $actions, $notify, $url;
$comment_id = 0;
$comment_date = time();
// RETRIEVE AND CHECK SECURITY CODE IF NECESSARY
if ($setting['setting_comment_code']) {
// NOW IN HEADER
$code_found = false;
if (@$_SESSION['code'] == $comment_secure) {
$code_found = true;
}
if (!empty($_SESSION['codes']) && is_array($_SESSION['codes'])) {
foreach ($_SESSION['codes'] as $index => $code_info) {
if ($code_info['code'] == $comment_secure) {
$code_found = true;
unset($_SESSION['codes'][$index]);
}
}
}
if (!$code_found) {
$this->is_error = 1;
}
//session_start();
//$code = $_SESSION['code'];
//if($code == "") { $code = randomcode(); }
//if($comment_secure != $code) { $this->is_error = 1; }
}
// MAKE SURE COMMENT BODY IS NOT EMPTY - ADD BREAKS AND CENSOR
$comment_body = cleanHTML(censor($comment_body), $setting['setting_comment_html'], array("style"));
$comment_body = preg_replace('/(\\r\\n?)/', "\n", $comment_body);
$comment_body = str_replace("\n", "<br>", $comment_body);
$comment_body = preg_replace('/(<br>){3,}/is', '<br><br>', $comment_body);
$comment_body = str_replace("'", "\\'", $comment_body);
if (!trim($comment_body)) {
$this->is_error = 1;
$comment_body = "";
}
// ADD COMMENT IF NO ERROR
if (!$this->is_error) {
$resource = $database->database_query("\r\n INSERT INTO `se_{$this->comment_type}comments` (\r\n `{$this->comment_type}comment_{$this->comment_identifier}`,\r\n `{$this->comment_type}comment_authoruser_id`,\r\n `{$this->comment_type}comment_date`,\r\n `{$this->comment_type}comment_body`\r\n ) VALUES (\r\n '{$this->comment_identifying_value}',\r\n '{$user->user_info['user_id']}',\r\n '{$comment_date}',\r\n '{$comment_body}'\r\n )\r\n ");
$comment_id = $database->database_insert_id();
// New handling - total cached in parent table
if ($resource && $this->comment_parent_type && $this->comment_parent_identifier) {
$database->database_query("\r\n UPDATE\r\n `se_{$this->comment_parent_type}`\r\n SET\r\n `{$this->comment_parent_identifier}_totalcomments`=`{$this->comment_parent_identifier}_totalcomments`+1\r\n WHERE\r\n `{$this->comment_identifier}`='{$this->comment_identifying_value}'\r\n LIMIT\r\n 1\r\n ");
}
// INSERT ACTION IF USER EXISTS
if ($user->user_exists) {
$commenter = $user->user_displayname;
$comment_body_encoded = strip_tags($comment_body);
if (strlen($comment_body_encoded) > 250) {
$comment_body_encoded = substr($comment_body_encoded, 0, 247) . "...";
}
$comment_body_encoded = str_replace(array("<br>", "<br />"), " ", $comment_body_encoded);
$actions->actions_add($user, $this->comment_type . "comment", array($user->user_info['user_username'], $user->user_displayname, $owner->user_info['user_username'], $owner->user_displayname, $comment_body_encoded, $this->comment_identifying_value, $object_title, $object_owner_id), array(), 0, false, $object_owner, $object_owner_id, $object_privacy);
} else {
SE_Language::_preload(835);
SE_Language::load();
$commenter = SE_Language::_get(835);
}
// SEND PROFILE COMMENT NOTIFICATION IF COMMENTER IS NOT OWNER
if ($owner->user_info['user_id'] != $user->user_info['user_id']) {
$notifytype = $notify->notify_add($owner->user_info['user_id'], $this->comment_type . "comment", $this->comment_identifying_value, array($owner->user_info['user_username'], $this->comment_identifying_value, $object_owner_id), array($object_title));
$object_url = $url->url_base . vsprintf($notifytype['notifytype_url'], array($owner->user_info['user_username'], $this->comment_identifying_value));
$owner->user_settings();
if ($owner->usersetting_info['usersetting_notify_' . $this->comment_type . 'comment']) {
send_systememail($this->comment_type . "comment", $owner->user_info['user_email'], array($owner->user_displayname, $commenter, "<a href=\"{$object_url}\">{$object_url}</a>"));
}
}
}
return array('comment_id' => $comment_id, 'comment_body' => $comment_body, 'comment_date' => $comment_date);
}
// CREATE FRIENDSHIP
$user->user_friend_add($owner->user_info['user_id'], $friend_status, $friend_type, $friend_explain);
// INSERT ACTION
if ($friend_status == 1) {
$actions->actions_add($user, "addfriend", array($user->user_info['user_username'], $user->user_displayname, $owner->user_info['user_username'], $owner->user_displayname), array(), 0, false, "user", $user->user_info['user_id'], $user->user_info['user_privacy']);
} else {
$notify->notify_add($owner->user_info['user_id'], 'friendrequest', $user->user_info['user_id']);
}
// IF TWO-WAY CONNECTION AND NON-CONFIRMED, INSERT OTHER DIRECTION AND ACTION
if ($direction == 2 && $friend_status == 1 && !$owner->user_friended($user->user_info['user_id'])) {
$owner->user_friend_add($user->user_info['user_id'], $friend_status, '', '');
$actions->actions_add($owner, "addfriend", array($owner->user_info['user_username'], $owner->user_displayname, $user->user_info['user_username'], $user->user_displayname), array(), 0, false, "user", $owner->user_info['user_id'], $owner->user_info['user_privacy']);
}
// SEND FRIENDSHIP EMAIL
$owner->user_settings();
if ($owner->usersetting_info['usersetting_notify_friendrequest']) {
send_systememail('friendrequest', $owner->user_info['user_email'], array($owner->user_displayname, $user->user_displayname, "<a href=\"" . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>"));
}
}
// UPDATE STATS
update_stats("friends");
}
// ASSIGN VARIABLES AND INCLUDE FOOTER
$smarty->assign('result', $result);
$smarty->assign('status', $status);
$smarty->assign('subpage', $subpage);
$smarty->assign('connection_types', $connection_types);
$smarty->assign('friend_type', $friend_type);
$smarty->assign('friend_type_other', $friend_type_other);
$smarty->assign('friend_explain', $friend_explain);
include "footer.php";
} else {
$task = "step2";
}
}
// UPLOAD PHOTO
if ($task == "step3do") {
$new_user->user_photo_upload("photo");
$is_error = $new_user->is_error;
$task = "step3";
}
// SEND INVITE EMAILS
if ($task == "step4do") {
$invite_emails = $_POST['invite_emails'];
$invite_message = $_POST['invite_message'];
if ($invite_emails != "") {
send_systememail('invite', $invite_emails, array($new_user->user_displayname, $new_user->user_info['user_email'], $invite_message, "<a href=\"" . $url->url_base . "signupon13.php\">" . $url->url_base . "signupon13.php</a>"), TRUE);
}
// SEND USER TO THANK YOU PAGE
$task = "step5";
}
// SIGNUP TERMINAL VELOCITY POINT HOOK
($hook = SE_Hook::exists('se_signup_decide')) ? SE_Hook::call($hook, array()) : NULL;
// SHOW COMPLETION PAGE
if ($task == "step5") {
// UNSET SIGNUP COOKIES
setcookie("signup_id", "", 0, "/");
setcookie("signup_email", "", 0, "/");
setcookie("signup_password", "", 0, "/");
// UPDATE SIGNUP STATS
update_stats("signups");
// DISPLAY THANK YOU
if ($is_error == 0) {
$invite_emails = implode(",", array_slice(explode(",", $invite_emails), 0, 10));
// NO INVITE CODE REQUIRED
if ($setting['setting_signup_invite'] == 0) {
send_systememail('invite', $invite_emails, array($user->user_displayname, $user->user_info['user_email'], $invite_message, "<a href=\"" . $url->url_base . "signup.php\">" . $url->url_base . "signup.php</a>"), TRUE);
} else {
// LOOP OVER EMAILS
$invites_left = $user->user_info['user_invitesleft'];
$invite_emails_array = explode(",", $invite_emails);
for ($e = 0; $e < count($invite_emails_array); $e++) {
$email = trim($invite_emails_array[$e]);
if ($email != "" && $invites_left > 0) {
// CREATE CODE, INSERT INTO DATABASE, AND SEND EMAIL
$invite_code = randomcode();
$database->database_query("INSERT INTO se_invites (invite_user_id, invite_date, invite_email, invite_code) VALUES ('{$user->user_info['user_id']}', '" . time() . "', '{$email}', '{$invite_code}')");
send_systememail('invitecode', $email, array($user->user_displayname, $user->user_info['user_email'], $invite_message, $invite_code, "<a href=\"" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}\">" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}</a>"));
$invites_left--;
}
}
$database->database_query("UPDATE se_users SET user_invitesleft='{$invites_left}' WHERE user_id='{$user->user_info['user_id']}'");
$user->user_info['user_invitesleft'] = $invites_left;
}
$invite_emails = "";
$invite_message = "";
$result = 341;
}
}
// SET GLOBAL PAGE TITLE
$global_page_title[0] = 1074;
$global_page_description[0] = 1075;
// ASSIGN VARIABLES AND INCLUDE FOOTER
/* $Id: lostpass.php 133 2009-03-22 20:16:35Z john $ */
$page = "lostpass";
include "header.php";
$task = isset($_POST['task']) ? $_POST['task'] : (isset($_GET['task']) ? $_GET['task'] : NULL);
// SET ERROR VARS
$is_error = 0;
$submitted = 0;
if ($task == "send_email") {
$new_user = new se_user(array(0, "", $_POST['user_email']), array('user_id, user_email, user_username'));
$submitted = 1;
if (!$new_user->user_exists) {
$is_error = 748;
} else {
$lostpassword_code = randomcode(15);
$lostpassword_time = time();
if (send_systememail('lostpassword', $new_user->user_info['user_email'], array($new_user->user_displayname, $new_user->user_info['user_email'], "<a href=\"" . $url->url_base . "lostpass_reset.php?user="******"&r={$lostpassword_code}\">" . $url->url_base . "lostpass_reset.php?user="******"&r={$lostpassword_code}</a>"))) {
$database->database_query("UPDATE se_usersettings SET usersetting_lostpassword_code='{$lostpassword_code}', usersetting_lostpassword_time='{$lostpassword_time}' WHERE usersetting_user_id='{$new_user->user_info['user_id']}' LIMIT 1");
$cache_object = SECache::getInstance();
if (is_object($cache_object)) {
$cache_object->remove('site_user_settings_' . $new_user->user_info['user_id']);
}
} else {
$is_error = 748;
}
}
}
// SET GLOBAL PAGE TITLE
$global_page_title[0] = 33;
$global_page_description[0] = 34;
// ASSIGN VARIABLES AND INCLUDE FOOTER
$smarty->assign('is_error', $is_error);
if (md5($new_user->user_info['user_code']) !== $verify) {
$is_error = 1039;
}
// VERIFY EMAIL ADDRESS IF NO ERROR
if ($is_error == 0) {
// SET SUBNETWORK
$subnet = $new_user->user_subnet_select($new_user->user_info['user_newemail'], $new_user->user_info['user_profilecat_id'], $new_user->profile_info);
if ($subnet[0] != $new_user->user_info['user_subnet_id']) {
$new_subnet_id = $subnet[0];
$result = 1041;
} else {
$new_subnet_id = $new_user->user_info['user_subnet_id'];
$result = 1028;
}
$database->database_query("UPDATE se_users SET user_subnet_id='{$new_subnet_id}', user_verified='1', user_email='{$new_user->user_info['user_newemail']}' WHERE user_id='{$new_user->user_info['user_id']}'");
// IF USER JUST SIGNED UP
if (!$new_user->user_info['user_verified']) {
// SEND WELCOME EMAIL
send_systememail('welcome', $new_user->user_info['user_newemail'], array($new_user->user_displayname, $new_user->user_info['user_newemail'], '', "<a href=\"" . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>"));
// INSERT ACTION (IF VERIFICATION REQUIRED)
$actions->actions_add($new_user, "signup", array($new_user->user_info['user_username'], $new_user->user_displayname), array(), 0, false, "user", $new_user->user_info['user_id'], $new_user->user_info['user_privacy']);
}
}
}
// ASSIGN VARIABLES AND INCLUDE FOOTER
$smarty->assign('is_error', $is_error);
$smarty->assign('resend', $resend);
$smarty->assign('result', $result);
$smarty->assign('old_subnet_name', $subnet[2]);
$smarty->assign('new_subnet_name', $subnet[1]);
include "footer.php";
$task = $_POST['task'];
} else {
$task = "main";
}
// SET RESULT VARIABLE
$result = 0;
// SAVE CHANGES
if ($task == "doinvite") {
$invite_emails = implode(",", array_slice(explode(",", $_POST['invite_emails']), 0, 10));
// NO INVITE CODE REQUIRED
if ($setting[setting_signup_invite] == 0) {
send_systememail('invite', $invite_emails, array($setting[setting_email_fromname], $setting[setting_email_fromemail], "", "<a href=\"" . $url->url_base . "signup.php\">" . $url->url_base . "signup.php</a>"), TRUE);
// INVITE CODE NECESSARY
} else {
// LOOP OVER EMAILS
$invite_emails_array = explode(",", $invite_emails);
for ($e = 0; $e < count($invite_emails_array); $e++) {
$email = trim($invite_emails_array[$e]);
if ($email != "") {
// CREATE CODE, INSERT INTO DATABASE, AND SEND EMAIL
$invite_code = randomcode();
$database->database_query("INSERT INTO se_invites (invite_user_id, invite_date, invite_email, invite_code) VALUES ('0', '" . time() . "', '{$email}', '{$invite_code}')");
send_systememail('invitecode', $email, array($setting[setting_email_fromname], $setting[setting_email_fromemail], "", $invite_code, "<a href=\"" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}\">" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}</a>"));
}
}
}
$result = 1;
}
// ASSIGN VARIABLES AND SHOW BANNING PAGE
$smarty->assign('result', $result);
include "admin_footer.php";
$grouppost_body_encoded = substr($grouppost_body_encoded, 0, 247) . "...";
}
$actions->actions_add($user, "grouppost", array($user->user_info['user_username'], $user->user_displayname, $group->group_info['group_id'], $grouptopic_info['grouptopic_id'], $grouptopic_info['grouptopic_subject'], $post_id, $grouppost_body_encoded), array(), 0, false, 'group', $group->group_info['group_id'], $group->group_info['group_privacy']);
} else {
SE_Language::_preload(835);
SE_Language::load();
$poster = SE_Language::_get(835);
}
// SEND GROUP POST NOTIFICATION IF COMMENTER IS NOT OWNER
if ($group->group_info['group_user_id'] != $user->user_info['user_id']) {
$groupowner = new se_user(array($group->group_info['group_user_id']));
$notifytype = $notify->notify_add($group->group_info['group_user_id'], 'grouppost', $group->group_info['group_id'], array($group->group_info['group_id']), array($group->group_info['group_title']));
$object_url = $url->url_base . vsprintf($notifytype[notifytype_url], array($group->group_info[group_id]));
$groupowner->user_settings();
if ($groupowner->usersetting_info['usersetting_notify_grouppost']) {
send_systememail("grouppost", $groupowner->user_info['user_email'], array($groupowner->user_displayname, $poster, "<a href=\"{$object_url}\">{$object_url}</a>"));
}
}
$group->group_lastupdate();
echo "window.parent.location.href = '" . $url->url_create('group_discussion_post', NULL, $group->group_info['group_id'], $grouptopic_id, $post_id) . "';";
}
echo "</script></head><body></body></html>";
exit;
}
// GET CUSTOM GROUP STYLE IF ALLOWED
if ($group->groupowner_level_info['level_group_style']) {
$groupstyle_info = $database->database_fetch_assoc($database->database_query("SELECT groupstyle_css FROM se_groupstyles WHERE groupstyle_group_id='{$group->group_info['group_id']}' LIMIT 1"));
$global_css = $groupstyle_info['groupstyle_css'];
}
// SET GLOBAL PAGE TITLE
$global_page_title[0] = 2000328;
function user_message_send($to, $subject, $message, $convo_id = NULL)
{
global $database, $notify, $url;
$recipients = array();
$recipients_full = array();
// VALIDATE CONVERSATION ID
if (!$convo_id || !is_numeric($convo_id)) {
$convo_id = 0;
}
// CHECK TO SEE IF MESSAGE IS EMPTY
if (!trim($message)) {
$this->is_error = 796;
}
// NEW MESSAGE
if (!$convo_id) {
// ORGANIZE RECIPIENTS
$tos = array_filter(preg_split('/[\\s,;]+?/', $to));
array_splice($tos, $this->level_info['level_message_recipients']);
// LOOP OVER RECIPIENTS
foreach ($tos as $to_username) {
// CANT SEND TO SELF
if (strtolower($to_username) == strtolower($this->user_info['user_username'])) {
continue;
}
// GET TO USER OBJECT
$to_user = new SEUser(array(NULL, $to_username));
// CANT SEND TO NON EXISTENT USER. BLOCKED USER, OR USERS NOT ALLOWED TO USE MESSAGES
if (!$to_user->user_exists) {
continue;
}
if ($to_user->user_blocked($this->user_info['user_id'])) {
continue;
}
if (!$this->level_info['level_message_allow']) {
continue;
}
// CHECK MESSAGE TYPES AND ADD RECIPIENT
if ($this->level_info['level_message_allow'] == 2 || $this->level_info['level_message_allow'] == 1 && $this->user_friended($to_user->user_info['user_id'])) {
$recipients_full[$to_user->user_info['user_id']] =& $to_user;
$recipients[] = $to_user->user_info['user_id'];
}
}
// ENSURE THERE ARE RECIPIENTS
if (empty($recipients)) {
$this->is_error = 795;
}
// IF NO ERROR, CREATE CONVERSATION
if (!$this->is_error) {
// CREATE CONVO
$sql = "INSERT INTO se_pmconvos (pmconvo_subject, pmconvo_recipients) VALUES ('" . addslashes($subject) . "', '" . (count($recipients) + 1) . "')";
$resource = $database->database_query($sql);
$convo_id = $database->database_insert_id();
// CREATE CONVOOPS
$sql = "\r\n INSERT INTO se_pmconvoops\r\n (pmconvoop_pmconvo_id, pmconvoop_user_id, pmconvoop_deleted_outbox, pmconvoop_deleted_inbox)\r\n VALUES\r\n ('{$convo_id}', '{$this->user_info['user_id']}', 0, 1)";
//$is_first = TRUE;
foreach ($recipients as $to_user_id) {
$sql .= ", ('{$convo_id}', '{$to_user_id}', 1, 0)";
}
// EXECUTE QUERY
$resource = $database->database_query($sql);
}
} else {
$sql = "SELECT pmconvoop_user_id FROM se_pmconvoops WHERE pmconvoop_pmconvo_id='{$convo_id}'";
$resource = $database->database_query($sql);
$unauthorized = TRUE;
while ($pmconvoop_info = $database->database_fetch_assoc($resource)) {
if ($pmconvoop_info['pmconvoop_user_id'] != $this->user_info['user_id']) {
$recipients[] = $pmconvoop_info['pmconvoop_user_id'];
} else {
$unauthorized = FALSE;
}
}
// USER WAS NOT IN CONVERSATION
if ($unauthorized) {
$this->is_error = 39;
}
// FIX THIS CODE RANDOM NUMBER TEMP
}
// IF NO ERROR, ADD MESSAGE TO CONVERSATION
if (!$this->is_error) {
// LINK ALL LINKS
$message = ereg_replace("http://([.]?[a-zA-Z0-9_/-])*", "<a href=\"\\0\" target=\"_blank\">\\0</a>", $message);
$message = ereg_replace("(^| |\n)(www([.]?[a-zA-Z0-9_/-])*)", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $message);
// RUN SECURITY ON THE MESSAGE TO ENSURE NO XSS ATTACKS WITH LINKS
$message = cleanHTML($message, "a");
// REPLACE NEWLINES IN BODY WITH BREAKS
$message = str_replace("\n", "<br>", $message);
$message = str_replace("'", "\\'", $message);
// INSERT MESSAGE
$pm_date = time();
$sql = "\r\n INSERT INTO se_pms\r\n (pm_authoruser_id, pm_pmconvo_id, pm_date, pm_body)\r\n VALUES\r\n ('{$this->user_info['user_id']}', '{$convo_id}', '{$pm_date}', '{$message}')\r\n ";
$resource = $database->database_query($sql);
// UPDATE PMCONVOOPS
$sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_outbox=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id='{$this->user_info['user_id']}'";
$resource = $database->database_query($sql);
$sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_inbox=0, pmconvoop_read=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id!='{$this->user_info['user_id']}'";
$resource = $database->database_query($sql);
// INSERT/SEND NOTIFICATIONS FOR RECIPIENTS
// GET RECIPIENTS IF NOT INITIAL MESSAGE
foreach ($recipients as $recipient_user_id) {
//if( empty($recipients_full[$recipient_user_id]) )
//{
$recipients_full[$recipient_user_id] = new SEUser(array($recipient_user_id));
//}
$current_recipient =& $recipients_full[$recipient_user_id];
// NOT A USER
if (!is_object($current_recipient) || !$current_recipient->user_exists) {
continue;
}
// ADD NOTIFICATION
$notify->notify_add($current_recipient->user_info['user_id'], 'message', $convo_id, array(), array(), TRUE);
// SEND EMAIL
$current_recipient->user_settings('usersetting_notify_message');
if ($current_recipient->usersetting_info['usersetting_notify_message']) {
send_systememail('message', $current_recipient->user_info[user_email], array($current_recipient->user_displayname, $this->user_displayname, "<a href=\"{$url->url_base}login.php\">{$url->url_base}login.php</a>"));
}
// CLEAN OUT THEM OLD MESSAGES
$num_inbox = $current_recipient->user_message_total(0, 0);
$num_outbox = $current_recipient->user_message_total(1, 0);
$num_inbox_delete = $num_inbox - $current_recipient->level_info['level_message_inbox'];
$num_outbox_delete = $num_outbox - $current_recipient->level_info['level_message_outbox'];
// CLEAN OUT INBOX
if ($num_inbox_delete > 0) {
$sql = "\r\n SELECT\r\n se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n FROM\r\n se_pmconvoops\r\n LEFT JOIN\r\n se_pmconvos\r\n ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n LEFT JOIN\r\n se_pms\r\n ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n WHERE\r\n se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n se_pmconvoops.pmconvoop_deleted_inbox=0 &&\r\n se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n ORDER BY\r\n se_pms.pm_date ASC\r\n LIMIT\r\n {$num_inbox_delete}\r\n ";
$resource = $database->database_query($sql);
while ($result = $database->database_fetch_assoc($resource)) {
$delete_array[] = $result['pmconvo_id'];
}
// DELETE
$current_recipient->user_message_delete_selected($delete_array, 0);
}
// CLEAN OUT OUTBOX
if ($num_outbox_delete > 0) {
$sql = "\r\n SELECT\r\n se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n FROM\r\n se_pmconvoops\r\n LEFT JOIN\r\n se_pmconvos\r\n ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n LEFT JOIN\r\n se_pms\r\n ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n WHERE\r\n se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n se_pmconvoops.pmconvoop_deleted_outbox=0 &&\r\n se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n ORDER BY\r\n se_pms.pm_date ASC\r\n LIMIT\r\n {$num_outbox_delete}\r\n ";
$resource = $database->database_query($sql);
while ($result = $database->database_fetch_assoc($resource)) {
$delete_array[] = $result['pmconvo_id'];
}
// DELETE
$current_recipient->user_message_delete_selected($delete_array, 1);
}
// CLEAR INACTIVE CONVERSATIONS
$this->user_message_cleanup();
}
}
return $convo_id;
}
function blog_subscription_notification($newblogentry_id, $newblogentry_title, $newblogentry_privacy = 1)
{
global $database, $user, $url, $notify;
// Quick fix for self
if (!$newblogentry_privacy || $newblogentry_privacy == 1) {
return;
}
// Generate query
$sql = "\r\n SELECT\r\n se_blogsubscriptions.*,\r\n subscriber.user_id,\r\n subscriber.user_username,\r\n subscriber.user_fname,\r\n subscriber.user_lname,\r\n subscriber.user_email,\r\n subscriber_settings.usersetting_notify_newblogsubscriptionentry\r\n FROM\r\n se_blogsubscriptions\r\n LEFT JOIN\r\n se_users AS subscriber\r\n ON subscriber.user_id=se_blogsubscriptions.blogsubscription_user_id\r\n LEFT JOIN\r\n se_usersettings AS subscriber_settings\r\n ON subscriber_settings.usersetting_user_id=subscriber.user_id\r\n WHERE\r\n se_blogsubscriptions.blogsubscription_owner_id='{$user->user_info['user_id']}' &&\r\n CASE\r\n /* DO NOT SEND AN EMAIL TO SELF, BESIDES THEY SHOULDNT BE SUBSCRIBED TO THEIR OWN BLOG... */\r\n WHEN subscriber.user_id='{$user->user_info['user_id']}'\r\n THEN FALSE\r\n /* IGNORE MISSING USERS */\r\n WHEN (({$newblogentry_privacy} & @SE_PRIVACY_ANONYMOUS) AND subscriber.user_id IS NULL)\r\n THEN FALSE\r\n /* NORMAL */\r\n WHEN (({$newblogentry_privacy} & @SE_PRIVACY_REGISTERED) AND subscriber.user_id IS NOT NULL)\r\n THEN TRUE\r\n WHEN (({$newblogentry_privacy} & @SE_PRIVACY_FRIEND) AND (SELECT TRUE FROM se_friends WHERE friend_user_id1='{$user->user_info['user_id']}' AND friend_user_id2=subscriber.user_id AND friend_status='1' LIMIT 1))\r\n THEN TRUE\r\n WHEN (({$newblogentry_privacy} & @SE_PRIVACY_SUBNET) AND (SELECT TRUE FROM se_users WHERE user_id='{$user->user_info['user_id']}' AND user_subnet_id=subscriber.user_subnet_id LIMIT 1))\r\n THEN TRUE\r\n WHEN (({$newblogentry_privacy} & @SE_PRIVACY_FRIEND2) AND (\r\n SELECT TRUE FROM se_friends AS friends_primary\r\n LEFT JOIN se_users ON friends_primary.friend_user_id1=se_users.user_id\r\n LEFT JOIN se_friends AS friends_secondary ON friends_primary.friend_user_id2=friends_secondary.friend_user_id1\r\n WHERE friends_primary.friend_user_id1='{$user->user_info['user_id']}' AND friends_secondary.friend_user_id2=subscriber.user_id AND se_users.user_subnet_id=subscriber.user_subnet_id LIMIT 1)\r\n )\r\n THEN TRUE\r\n ELSE FALSE\r\n END\r\n ";
$resource = $database->database_query($sql);
// Get all recipients and send emails
// TODO: large numbers of subscribers
$blogentry_url = $url->url_create('blog_entry', $user->user_info['user_username'], $newblogentry_id);
while ($result = $database->database_fetch_assoc($resource)) {
// Create user object for displayname
$recipient_object = new se_user();
$recipient_object->user_info['user_id'] = $result['user_id'];
$recipient_object->user_info['user_username'] = $result['user_username'];
$recipient_object->user_info['user_fname'] = $result['user_fname'];
$recipient_object->user_info['user_lname'] = $result['user_lname'];
$recipient_object->user_displayname();
// NOTIFICATION
$notifytype = $notify->notify_add($recipient_object->user_info['user_id'], "newblogsubscriptionentry", $newblogentry_id, array($user->user_info['user_username'], $newblogentry_id), array($newblogentry_title));
// EMAIL NOTIFICATION
if (!empty($result['user_email']) && $result['usersetting_notify_newblogsubscriptionentry']) {
send_systememail('newblogsubscriptionentry', $result['user_email'], array($recipient_object->user_displayname, $user->user_displayname, "<a href=\"{$blogentry_url}\">{$blogentry_url}</a>"));
}
unset($recipient_object);
}
}
function new_like_notify($action_id)
{
global $user, $notify, $url;
if (!$action_id) {
return false;
}
$owner_id = he_wall::get_action_owner($action_id);
$owner = new se_user(array($owner_id));
if (!$owner->user_exists || $user->user_info['user_id'] == $owner_id) {
return false;
}
if ($owner->usersetting_info['usersetting_notify_wallactionlike']) {
$login_url = '<a href="' . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>";
$replace_arr = array($owner->user_displayname, $user->user_displayname, $login_url);
send_systememail('wallactionlike', $owner->user_info['user_email'], $replace_arr);
}
$url_vars = array('', $action_id);
$replace_arr = array($user->user_displayname);
$notify->notify_add($owner->user_info['user_id'], 'wallactionlike', $action_id, $url_vars, $replace_arr);
}
}
// INSERT ACTION AND SEND NOTIFICATION TO TAGGED USER
if ($taggeduser->user_exists == 1) {
// ENSURE USER ISN'T ALREADY TAGGED IN THIS PHOTO
if ($database->database_num_rows($database->database_query("SELECT `{$type}mediatag_id` FROM `se_{$type}mediatags` WHERE `{$type}mediatag_{$type}media_id`='" . $media_info[$type . 'media_id'] . "' AND `{$type}mediatag_user_id`='{$taggeduser->user_info['user_id']}'")) == 1) {
$media_path = $media_dir . $media_info[$type . 'media_id'] . "_thumb.jpg";
$media_width = $misc->photo_size($media_path, "100", "100", "w");
$media_height = $misc->photo_size($media_path, "100", "100", "h");
$action_media[] = array('media_link' => "profile_photos_file.php?user={$taggeduser->user_info['user_username']}&type={$type}media&media_id=" . $media_info[$type . 'media_id'], 'media_path' => $media_path, 'media_width' => $media_width, 'media_height' => $media_height);
$actions->actions_add($taggeduser, "new{$type}tag", array($taggeduser->user_info['user_username'], $taggeduser->user_displayname), $action_media, 600, false, "user", $taggeduser->user_info['user_id'], $taggeduser->user_info['user_privacy']);
}
if ($taggeduser->user_info['user_id'] != $owner_user->user_info['user_id'] && $taggeduser->user_info['user_id'] != $user->user_info['user_id']) {
$notify->notify_add($taggeduser->user_info['user_id'], 'new' . $type . 'tag', $media_info[$type . 'media_id'], array($taggeduser->user_info['user_username'], $type . 'media', $media_info[$type . 'media_id']), array($object_title));
$taggeduser->user_settings();
if ($taggeduser->usersetting_info['usersetting_notify_new' . $type . 'tag']) {
send_systememail('new' . $type . 'tag', $taggeduser->user_info['user_email'], array($taggeduser->user_displayname, "<a href=\"" . $url->url_base . "profile_photos_file.php?user={$taggeduser->user_info['user_username']}&type={$type}media&media_id={$media_info[$type . 'media_id']}\">{$url->url_base}profile_photos_file.php?user={$taggeduser->user_info['user_username']}&type={$type}media&media_id=" . $media_info[$type . 'media_id'] . "</a>"));
}
}
}
// RUN JAVASCRIPT FUNCTION (JSON)
echo json_encode(array('mediatag_id' => $mediatag_id, 'mediatag_link' => $mediatag_link, 'mediatag_text' => $mediatag_text, 'mediatag_x' => $mediatag_x, 'mediatag_y' => $mediatag_y, 'mediatag_width' => $mediatag_width, 'mediatag_height' => $mediatag_height, 'mediatag_user_username' => $mediatag_user_username));
exit;
} elseif ($task == "tag_remove") {
// MUST BE LOGGED IN TO USE THIS TASK
if (!$user->user_exists) {
exit;
}
// GET COMMENT TYPE, ETC
$type = isset($_POST['type']) ? $_POST['type'] : NULL;
$media_id = isset($_POST['media_id']) ? $_POST['media_id'] : NULL;
$mediatag_id = isset($_POST['mediatag_id']) ? $_POST['mediatag_id'] : NULL;
function event_join()
{
global $user, $database, $url, $actions, $notify;
// JOIN
if (!$this->is_member && !$this->is_member_waiting) {
$new_member_approved = $this->event_info['event_inviteonly'] ? '0' : '1';
// INSERT
$sql = "INSERT INTO se_eventmembers (eventmember_user_id, eventmember_event_id, eventmember_status, eventmember_approved, eventmember_rank) VALUES ('{$this->user_id}', '{$this->event_info['event_id']}', '1', '{$new_member_approved}', '1')";
$database->database_query($sql);
// UPDATE MEMBER INFO
$this->is_member = (bool) $new_member_approved;
$this->is_member_waiting = !$new_member_approved;
$this->eventmember_info['eventmember_approved'] = (int) $new_member_approved;
// NOTIFY EVENT OWNER IF REQUESTING APPROVAL
if (!$new_member_approved) {
$sql = "SELECT se_users.user_id, se_users.user_username, se_users.user_email, se_users.user_fname, se_users.user_lname, se_usersettings.usersetting_notify_eventmemberrequest FROM se_users LEFT JOIN se_usersettings ON se_users.user_id=se_usersettings.usersetting_user_id WHERE se_users.user_id='{$this->event_info['event_user_id']}'";
$resource = $database->database_query($sql);
if (!$database->database_num_rows($resource)) {
return FALSE;
}
$eventowner_info = $database->database_fetch_assoc($resource);
// Create user object for displayname
$recipient_object = new se_user();
$recipient_object->user_info['user_id'] = $eventowner_info['user_id'];
$recipient_object->user_info['user_username'] = $eventowner_info['user_username'];
$recipient_object->user_info['user_fname'] = $eventowner_info['user_fname'];
$recipient_object->user_info['user_lname'] = $eventowner_info['user_lname'];
$recipient_object->user_displayname();
// NOTIFICATION
$notifytype = $notify->notify_add($recipient_object->user_info['user_id'], "eventmemberrequest", $this->event_info['event_id'], array($user->user_info['user_username'], $this->event_info['event_id']), array($this->event_info['event_title']));
if ($eventowner_info['usersetting_notify_eventmemberrequest']) {
send_systememail('eventmemberrequest', $eventowner_info['user_email'], array($recipient_object->user_displayname, $user->user_displayname, $this->event_info['event_title'], "<a href=\"{$url->url_base}login.php\">{$url->url_base}login.php</a>"));
}
} else {
$sql = "UPDATE se_events SET event_totalmembers=event_totalmembers+1 WHERE event_id='{$this->event_info['event_id']}' LIMIT 1";
$database->database_query($sql);
}
} elseif ($this->is_member_waiting && $this->eventmember_info['eventmember_approved']) {
$sql = "UPDATE se_eventmembers SET eventmember_status=1 WHERE eventmember_event_id='{$this->event_info['event_id']}' && eventmember_user_id='{$this->user_id}' LIMIT 1";
$database->database_query($sql);
// INCREMENT MEMBER COUNT
$sql = "UPDATE se_events SET event_totalmembers=event_totalmembers+1 WHERE event_id='{$this->event_info['event_id']}' LIMIT 1";
$database->database_query($sql);
// UPDATE MEMBER INFO
$this->is_member = TRUE;
$this->is_member_waiting = FALSE;
$this->eventmember_info['eventmember_status'] = 1;
} else {
$this->is_error = 3000248;
return FALSE;
}
// DELETE NOTIFICATION
$sql = "DELETE FROM se_notifys USING se_notifys LEFT JOIN se_notifytypes ON se_notifys.notify_notifytype_id=se_notifytypes.notifytype_id WHERE se_notifys.notify_user_id='{$this->user_id}' AND se_notifytypes.notifytype_name='eventinvite' AND notify_object_id='{$this->event_info['event_id']}'";
$database->database_query($sql);
// INSERT ACTION IF NOT REQUESTING APPROVAL
if ($new_member_approved || !empty($this->eventmember_info['eventmember_approved'])) {
$event_title = $this->event_info['event_title'];
if (strlen($event_title) > 100) {
$event_title = substr($event_title, 0, 97) . "...";
}
$actions->actions_add($user, "joinevent", array($user->user_info['user_username'], $user->user_displayname, $this->event_info['event_id'], $event_title), NULL, 60, FALSE, "event", $this->event_info['event_id'], $this->event_info['event_privacy']);
}
return TRUE;
}
}
// VALIDATE USER ID OR RETURN TO VIEW USERS
$user = new se_user(array($user_id));
if ($user->user_exists == 0) {
header("Location: admin_viewusers.php?s={$s}&p={$p}&f_user={$f_user}&f_email={$f_email}&f_level={$f_level}&f_subnet={$f_subnet}&f_enabled={$f_enabled}");
exit;
}
// INITIALIZE ERROR VARS
$is_error = 0;
$result = 0;
// RESEND EMAIL VERIFICATION
if ($task == "resend") {
$verify_code = md5($user->user_info['user_code']);
$time = time();
$verify_link = $url->url_base . "signup_verify.php?u=" . $user->user_info['user_id'] . "&verify={$verify_code}&d={$time}";
send_systememail('verification', $user->user_info[user_email], array($user->user_displayname, $user->user_info[user_email], "<a href=\"{$verify_link}\">{$verify_link}</a>"));
$result = 1140;
// MANUALLY VERIFY USER
} elseif ($task == "verify") {
$database->database_query("UPDATE se_users SET user_verified='1' WHERE user_id='" . $user->user_info[user_id] . "'");
$result = 1141;
$user->user_info[user_verified] = 1;
// DELETE ACTION
} elseif ($task == "action_delete") {
if (isset($_GET['action_id'])) {
$action_id = $_GET['action_id'];
} else {
$action_id = 0;
}
// DELETE ACTION
$database->database_query("DELETE FROM se_actions, se_actionmedia USING se_actions LEFT JOIN se_actionmedia ON se_actions.action_id=se_actionmedia.actionmedia_action_id WHERE action_id='{$action_id}'");
function forum_post_new($forum_id, $topic_id, $topic_title, $post_body, $new_topic = false)
{
global $database, $user, $actions, $notify, $url;
$is_error = 0;
$nowdate = time();
// SET ERRORS
if (trim(str_replace("<p>", "", str_replace("</p>", "", $post_body))) == "") {
$is_error = 6000067;
}
// IF NO ERROR, ADD POST
if ($is_error == 0) {
// UPLOAD FORUM MEDIA
$forummedia_id = $this->forum_media_new($topic_id);
// CLEAN, CENSOR, ETC
$post_body = $this->forum_bbcode_parse_clean($post_body);
// CREATE EXCERPT
$excerpt = $this->forum_excerpt($post_body);
// INSERT INTO FORUM POST TABLE
$database->database_query("INSERT INTO se_forumposts (forumpost_forumtopic_id, forumpost_authoruser_id, forumpost_date, forumpost_excerpt, forumpost_body, forumpost_forummedia_id) VALUES ('{$topic_id}', '{$user->user_info[user_id]}', '{$nowdate}', '{$excerpt}', '{$post_body}', '{$forummedia_id}')") or die(mysql_error());
$forumpost_id = $database->database_insert_id();
// IF NEW TOPIC, UPDATE FORUM TABLE
if ($new_topic) {
$database->database_query("UPDATE se_forums SET forum_totaltopics=forum_totaltopics+1 WHERE forum_id='{$forum_id}'");
// IF REPLY, UPDATE FORUM AND FORUMTOPIC TABLE
} else {
$database->database_query("UPDATE se_forums SET forum_totalreplies=forum_totalreplies+1 WHERE forum_id='{$forum_id}'");
$database->database_query("UPDATE se_forumtopics SET forumtopic_date='{$nowdate}', forumtopic_totalreplies=forumtopic_totalreplies+1 WHERE forumtopic_id='{$topic_id}' AND forumtopic_forum_id='{$forum_id}'");
// ADD ACTION
if ($user->user_exists) {
$actions->actions_add($user, "forumpost", array($user->user_info['user_username'], $user->user_displayname, $forum_id, $topic_id, $topic_title, $forumpost_id, $excerpt), array(), 0, false, 'forum', $forum_id, 0);
}
// SEND NOTIFICATION
if ($user->user_exists) {
$poster = $user->user_displayname;
} else {
$poster = SE_Language::get(835);
}
// SEND REPLY NOTIFICATION
$topic_starter = $database->database_fetch_assoc($database->database_query("SELECT se_forumposts.forumpost_authoruser_id FROM se_forumposts WHERE forumpost_forumtopic_id='{$topic_id}' ORDER BY forumpost_id ASC LIMIT 1"));
if ($topic_starter['forumpost_authoruser_id'] != $user->user_info['user_id']) {
$starter = new se_user(array($topic_starter['forumpost_authoruser_id']));
if ($starter->user_exists) {
$notifytype = $notify->notify_add($starter->user_info[user_id], 'forumreply', $topic_id, array($forum_id, $topic_id, $forumpost_id), array($topic_title));
$object_url = $url->url_base . vsprintf($notifytype[notifytype_url], array($forum_id, $topic_id, $forumpost_id));
$starter->user_settings();
if ($starter->usersetting_info['usersetting_notify_forumreply']) {
send_systememail("forumreply", $starter->user_info['user_email'], array($starter->user_displayname, $poster, $topic_title, "<a href=\"{$object_url}\">{$object_url}</a>"));
}
}
}
}
// UPDATE USER'S TOTAL POSTS
$database->database_query("INSERT INTO se_forumusers (forumuser_user_id, forumuser_totalposts) VALUES ('{$user->user_info[user_id]}', 1) ON DUPLICATE KEY UPDATE forumuser_totalposts=forumuser_totalposts+1") or die(mysql_error());
}
return array('is_error' => $is_error, 'post_id' => $forumpost_id);
}
$group_title_short = $group->group_info['group_title'];
if (strlen($group_title_short) > 100) {
$group_title_short = substr($group_title_short, 0, 97);
$group_title_short .= "...";
}
$sql = "SELECT se_users.user_id, se_users.user_username, se_users.user_email, se_users.user_fname, se_users.user_lname, se_usersettings.usersetting_notify_groupmemberrequest FROM se_users LEFT JOIN se_usersettings ON se_users.user_id=se_usersettings.usersetting_user_id WHERE se_users.user_id='{$group->group_info['group_user_id']}'";
$groupowner_info = $database->database_fetch_assoc($database->database_query($sql));
if ($groupowner_info['usersetting_notify_groupmemberrequest'] == 1) {
$group_owner = new se_user();
$group_owner->user_info['user_id'] = $groupowner_info['user_id'];
$group_owner->user_info['user_username'] = $groupowner_info['user_username'];
$group_owner->user_info['user_email'] = $groupowner_info['user_email'];
$group_owner->user_info['user_fname'] = $groupowner_info['user_fname'];
$group_owner->user_info['user_lname'] = $groupowner_info['user_lname'];
$group_owner->user_displayname();
send_systememail('groupmemberrequest', $groupowner_info['user_email'], array($group_owner->user_displayname, $user->user_displayname, $group->group_info['group_title'], "<a href=\"" . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>"));
}
$notify->notify_add($groupowner_info['user_id'], 'groupmemberrequest', $user->user_info['user_id'], array('', $group->group_info['group_id']), array($group_title_short));
// SET RESULT
$result = 2000164;
} else {
$database->database_query("\r\n INSERT INTO se_groupmembers (\r\n groupmember_user_id,\r\n groupmember_group_id,\r\n groupmember_status,\r\n groupmember_approved,\r\n groupmember_rank\r\n ) VALUES (\r\n '{$user->user_info['user_id']}',\r\n '{$group->group_info['group_id']}',\r\n '1',\r\n '1',\r\n '0'\r\n )\r\n ");
$database->database_query("UPDATE se_groups SET group_totalmembers=group_totalmembers+1 WHERE group_id='{$group->group_info['group_id']}' LIMIT 1");
// INSERT ACTION
$group_title_short = $group->group_info['group_title'];
if (strlen($group_title_short) > 100) {
$group_title_short = substr($group_title_short, 0, 97);
$group_title_short .= "...";
}
$actions->actions_add($user, "joingroup", array($user->user_info['user_username'], $user->user_displayname, $group->group_info['group_id'], $group_title_short), array(), 0, false, "group", $group->group_info['group_id'], $group->group_info['group_privacy']);
// SET RESULT
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
header("Pragma: no-cache");
// HTTP/1.0
header("Content-Type: application/json");
echo $json;
exit;
} elseif ($task == "invite_do") {
$invites = $_POST['invites'];
$invite_query = $database->database_query("SELECT user_id, user_username, user_email, user_fname, user_lname, usersetting_notify_groupinvite FROM se_friends LEFT JOIN se_users ON se_friends.friend_user_id2=se_users.user_id LEFT JOIN se_usersettings ON se_users.user_id=se_usersettings.usersetting_user_id LEFT JOIN se_levels ON se_users.user_level_id=se_levels.level_id LEFT JOIN se_groupmembers ON se_users.user_id=se_groupmembers.groupmember_user_id AND se_groupmembers.groupmember_group_id='{$group->group_info['group_id']}' WHERE se_users.user_id IN ('" . implode("', '", $invites) . "') AND (se_levels.level_group_allow & 1) AND se_friends.friend_status=1 AND se_friends.friend_user_id1='{$user->user_info['user_id']}' AND se_groupmembers.groupmember_id IS NULL");
if ($database->database_num_rows($invite_query)) {
while ($invite_info = $database->database_fetch_assoc($invite_query)) {
$friend = new se_user();
$friend->user_info['user_id'] = $invite_info['user_id'];
$friend->user_info['user_username'] = $invite_info['user_username'];
$friend->user_info['user_fname'] = $invite_info['user_fname'];
$friend->user_info['user_lname'] = $invite_info['user_lname'];
$friend->user_displayname();
$database->database_query("\r\n INSERT INTO se_groupmembers (\r\n groupmember_user_id, \r\n groupmember_group_id, \r\n groupmember_status,\r\n groupmember_approved\r\n ) VALUES (\r\n '{$invite_info['user_id']}',\r\n '{$group->group_info['group_id']}',\r\n '0',\r\n '1'\r\n )\r\n ");
if ($invite_info['usersetting_notify_groupinvite']) {
send_systememail('groupinvite', $invite_info['user_email'], array($friend->user_displayname, $group->group_info['group_title'], "<a href=\"{$url->url_base}login.php\">{$url->url_base}login.php</a>"));
}
$notify->notify_add($invite_info['user_id'], 'groupinvite', $group->group_info['group_id'], array(NULL, $group->group_info['group_id']), array($group->group_info['group_title']));
}
}
$result = 2000197;
}
// ASSIGN SMARTY VARIABLES AND DISPLAY EDIT INVITE PAGE
$smarty->assign('result', $result);
$smarty->assign('group', $group);
include "footer.php";
