/**
  * Verifies if an event description is valid or not and attempts to fix it
  *
  * @return boolean True if valid, false if invalid.
  */
 function verify_description()
 {
     $description =& $this->data['description'];
     $description = utf8_handle_4byte_string($description);
     $description = trim($description);
     if (!$description) {
         $this->set_error("missing_description");
         return false;
     }
     return true;
 }
 /**
  * Verifies if a message for a PM is valid.
  *
  * @return boolean True when valid, false when invalid.
  */
 function verify_message()
 {
     $message =& $this->data['message'];
     $message = utf8_handle_4byte_string($message);
     // No message, return an error.
     if (trim_blank_chrs($message) == '') {
         $this->set_error("missing_message");
         return false;
     }
     return true;
 }
         }
         $uid = 0;
     }
 } else {
     $username = $mybb->user['username'];
     $uid = $mybb->user['uid'];
 }
 // Attempt to see if this post is a duplicate or not
 if ($uid > 0) {
     $user_check = "p.uid='{$uid}'";
 } else {
     $user_check = "p.ipaddress='" . $db->escape_string($session->ipaddress) . "'";
 }
 if (!$mybb->input['savedraft'] && !$pid) {
     $check_subject = utf8_handle_4byte_string($mybb->input['subject']);
     $check_message = utf8_handle_4byte_string($mybb->input['message']);
     $query = $db->simple_select("posts p", "p.pid", "{$user_check} AND p.fid='{$forum['fid']}' AND p.subject='" . $db->escape_string($check_subject) . "' AND p.message='" . $db->escape_string($check_message) . "' AND p.dateline>" . (TIME_NOW - 600));
     $duplicate_check = $db->fetch_field($query, "pid");
     if ($duplicate_check) {
         error($lang->error_post_already_submitted);
     }
 }
 // Set up posthandler.
 require_once MYBB_ROOT . "inc/datahandlers/post.php";
 $posthandler = new PostDataHandler("insert");
 $posthandler->action = "thread";
 // Set the thread data that came from the input to the $thread array.
 $new_thread = array("fid" => $forum['fid'], "subject" => $mybb->input['subject'], "prefix" => $mybb->input['threadprefix'], "icon" => $mybb->input['icon'], "uid" => $uid, "username" => $username, "message" => $mybb->input['message'], "ipaddress" => get_ip(), "posthash" => $mybb->input['posthash']);
 if ($pid != '') {
     $new_thread['pid'] = $pid;
 }
                $voteslist .= "||~|~||";
            }
            $optionslist .= trim(utf8_handle_4byte_string($options[$i]));
            if (intval($votes[$i]) <= 0) {
                $votes[$i] = "0";
            }
            $voteslist .= $votes[$i];
            $numvotes = $numvotes + $votes[$i];
        }
    }
    if ($mybb->input['timeout'] > 0) {
        $timeout = intval($mybb->input['timeout']);
    } else {
        $timeout = 0;
    }
    $mybb->input['question'] = utf8_handle_4byte_string($mybb->input['question']);
    $updatedpoll = array("question" => $db->escape_string($mybb->input['question']), "options" => $db->escape_string($optionslist), "votes" => $db->escape_string($voteslist), "numoptions" => intval($optioncount), "numvotes" => $numvotes, "timeout" => $timeout, "closed" => $postoptions['closed'], "multiple" => $postoptions['multiple'], "public" => $postoptions['public']);
    $plugins->run_hooks("polls_do_editpoll_process");
    $db->update_query("polls", $updatedpoll, "pid='" . intval($mybb->input['pid']) . "'");
    $plugins->run_hooks("polls_do_editpoll_end");
    $modlogdata['fid'] = $thread['fid'];
    $modlogdata['tid'] = $thread['tid'];
    log_moderator_action($modlogdata, $lang->poll_edited);
    redirect(get_thread_link($thread['tid']), $lang->redirect_pollupdated);
}
if ($mybb->input['action'] == "showresults") {
    $query = $db->simple_select("polls", "*", "pid='" . intval($mybb->input['pid']) . "'");
    $poll = $db->fetch_array($query);
    if (!$poll['pid']) {
        error($lang->error_invalidpoll);
    }
 /**
  * Verifies if a profile fields are filled in correctly.
  *
  * @return boolean True when valid, false when invalid.
  */
 function verify_profile_fields()
 {
     global $db;
     $user =& $this->data;
     $profile_fields =& $this->data['profile_fields'];
     // Loop through profile fields checking if they exist or not and are filled in.
     $userfields = array();
     $comma = '';
     $editable = '';
     if (!$this->data['profile_fields_editable']) {
         $editable = "editable=1";
     }
     // Fetch all profile fields first.
     $options = array('order_by' => 'disporder');
     $query = $db->simple_select('profilefields', 'name, type, fid, required, maxlength', $editable, $options);
     // Then loop through the profile fields.
     while ($profilefield = $db->fetch_array($query)) {
         $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
         $thing = explode("\n", $profilefield['type'], "2");
         $type = trim($thing[0]);
         $field = "fid{$profilefield['fid']}";
         // If the profile field is required, but not filled in, present error.
         if ($type != "multiselect" && $type != "checkbox") {
             if (trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") {
                 $this->set_error('missing_required_profile_field', array($profilefield['name']));
             }
         } elseif (($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") {
             $this->set_error('missing_required_profile_field', array($profilefield['name']));
         }
         // Sort out multiselect/checkbox profile fields.
         $options = '';
         if (($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field])) {
             $expoptions = explode("\n", $thing[1]);
             $expoptions = array_map('trim', $expoptions);
             foreach ($profile_fields[$field] as $value) {
                 if (!in_array(htmlspecialchars_uni($value), $expoptions)) {
                     $this->set_error('bad_profile_field_values', array($profilefield['name']));
                 }
                 if ($options) {
                     $options .= "\n";
                 }
                 $options .= $db->escape_string($value);
             }
         } elseif ($type == "select" || $type == "radio") {
             $expoptions = explode("\n", $thing[1]);
             $expoptions = array_map('trim', $expoptions);
             if (!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "") {
                 $this->set_error('bad_profile_field_values', array($profilefield['name']));
             }
             $options = $db->escape_string($profile_fields[$field]);
         } elseif ($type == "textarea") {
             if ($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) {
                 $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
             }
             $profile_fields[$field] = utf8_handle_4byte_string($profile_fields[$field]);
             $options = $db->escape_string($profile_fields[$field]);
         } else {
             $profile_fields[$field] = utf8_handle_4byte_string($profile_fields[$field]);
             if ($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) {
                 $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
             }
             $options = $db->escape_string($profile_fields[$field]);
         }
         $user['user_fields'][$field] = $options;
     }
     return true;
 }
                $pm_recipients[] = $mod['uid'];
            } else {
                my_mail($mod['email'], $emailsubject, $emailmessage);
            }
        }
        if (count($pm_recipients) > 0) {
            $emailsubject = $lang->sprintf($lang->emailsubject_reportpost, $mybb->settings['bbname']);
            $emailmessage = $lang->sprintf($lang->email_reportpost, $mybb->user['username'], $mybb->settings['bbname'], $post['subject'], $mybb->settings['bburl'], str_replace('&amp;', '&', get_post_link($post['pid'], $thread['tid']) . "#pid" . $post['pid']), $thread['subject'], $mybb->input['reason']);
            require_once MYBB_ROOT . "inc/datahandlers/pm.php";
            $pmhandler = new PMDataHandler();
            $pm = array("subject" => $emailsubject, "message" => $emailmessage, "icon" => 0, "fromid" => $mybb->user['uid'], "toid" => $pm_recipients);
            $pmhandler->admin_override = true;
            $pmhandler->set_data($pm);
            // Now let the pm handler do all the hard work.
            if (!$pmhandler->validate_pm()) {
                // Force it to valid to just get it out of here
                $pmhandler->is_validated = true;
                $pmhandler->errors = array();
            }
            $pminfo = $pmhandler->insert_pm();
        }
    } else {
        $mybb->input['reason'] = utf8_handle_4byte_string($mybb->input['reason']);
        $reportedpost = array("pid" => intval($mybb->input['pid']), "tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $mybb->user['uid'], "dateline" => TIME_NOW, "reportstatus" => 0, "reason" => $db->escape_string(htmlspecialchars_uni($mybb->input['reason'])));
        $db->insert_query("reportedposts", $reportedpost);
        $cache->update_reportedposts();
    }
    $plugins->run_hooks("report_do_report_end");
    eval("\$report = \"" . $templates->get("report_thanks") . "\";");
    output_page($report);
}
 if ($mybb->input['reputation'] > 0 && $mybb->settings['posrep'] != 1) {
     $show_back = 1;
     $message = $lang->add_positive_disabled;
     eval("\$error = \"" . $templates->get("reputation_add_error") . "\";");
     output_page($error);
     exit;
 }
 // The length of the comment is too long
 if (my_strlen($mybb->input['comments']) > $mybb->settings['maxreplength']) {
     $show_back = 1;
     $message = $lang->sprintf($lang->add_toolong, $mybb->settings['maxreplength']);
     eval("\$error = \"" . $templates->get("reputation_add_error") . "\";");
     output_page($error);
     exit;
 }
 $mybb->input['comments'] = utf8_handle_4byte_string($mybb->input['comments']);
 // Build array of reputation data.
 $reputation = array("uid" => $uid, "adduid" => $mybb->user['uid'], "pid" => intval($mybb->input['pid']), "reputation" => intval($mybb->input['reputation']), "dateline" => TIME_NOW, "comments" => $db->escape_string($mybb->input['comments']));
 $plugins->run_hooks("reputation_do_add_process");
 // Updating an existing reputation
 if ($existing_reputation['uid'] || $existing_post_reputation['uid']) {
     if ($existing_reputation['uid']) {
         $db->update_query("reputation", $reputation, "rid='" . $existing_reputation['rid'] . "'");
     } elseif ($existing_post_reputation['uid']) {
         $db->update_query("reputation", $reputation, "rid='" . $existing_post_reputation['rid'] . "'");
     }
     // Recount the reputation of this user - keep it in sync.
     $query = $db->simple_select("reputation", "SUM(reputation) AS reputation_count", "uid='{$uid}'");
     $reputation_value = $db->fetch_field($query, "reputation_count");
     $db->update_query("users", array('reputation' => intval($reputation_value)), "uid='{$uid}'");
     $lang->vote_added = $lang->vote_updated;
 /**
  * Verifies a post message.
  *
  * @param string The message content.
  */
 function verify_message()
 {
     global $mybb;
     $post =& $this->data;
     $post['message'] = trim_blank_chrs($post['message']);
     $post['message'] = utf8_handle_4byte_string($post['message']);
     // Do we even have a message at all?
     if (my_strlen($post['message']) == 0) {
         $this->set_error("missing_message");
         return false;
     } else {
         if (strlen($post['message']) > $mybb->settings['maxmessagelength'] && $mybb->settings['maxmessagelength'] > 0 && !is_moderator($post['fid'], "", $post['uid'])) {
             $this->set_error("message_too_long", array($mybb->settings['maxmessagelength'], strlen($post['message'])));
             return false;
         } else {
             if (my_strlen($post['message']) < $mybb->settings['minmessagelength'] && $mybb->settings['minmessagelength'] > 0 && !is_moderator($post['fid'], "", $post['uid'])) {
                 $this->set_error("message_too_short", array($mybb->settings['minmessagelength']));
                 return false;
             }
         }
     }
     return true;
 }
                     }
                     break;
                 case 4:
                     if ($val == $lang->folder_trash || trim($val) == '') {
                         $val = '';
                     }
                     break;
             }
         }
         if ($val != '' && trim($val) == '' && !($key >= 1 && $key <= 4)) {
             // If the name only contains whitespace and it's not a default folder, print an error
             error($lang->error_emptypmfoldername);
         }
         if ($val != '' || $key >= 1 && $key <= 4) {
             // If there is a name or if this is a default folder, save it
             $foldername = utf8_handle_4byte_string($val);
             $foldername = $db->escape_string(htmlspecialchars_uni($foldername));
             if (my_strpos($foldername, "\$%%\$") === false) {
                 if ($folders != '') {
                     $folders .= "\$%%\$";
                 }
                 $folders .= "{$fid}**{$foldername}";
             } else {
                 error($lang->error_invalidpmfoldername);
             }
         } else {
             // Delete PMs from the folder
             $db->delete_query("privatemessages", "folder='{$fid}' AND uid='" . $mybb->user['uid'] . "'");
         }
     }
 }
/**
 * Actually move a file to the uploads directory
 *
 * @param array The PHP $_FILE array for the file
 * @param string The path to save the file in
 * @param string The filename for the file (if blank, current is used)
 */
function upload_file($file, $path, $filename = "")
{
    global $plugins;
    if (empty($file['name']) || $file['name'] == "none" || $file['size'] < 1) {
        $upload['error'] = 1;
        return $upload;
    }
    if (!$filename) {
        $filename = $file['name'];
    }
    $upload['original_filename'] = preg_replace("#/\$#", "", $file['name']);
    // Make the filename safe
    $upload['original_filename'] = utf8_handle_4byte_string($upload['original_filename']);
    $filename = preg_replace("#/\$#", "", $filename);
    // Make the filename safe
    $moved = @move_uploaded_file($file['tmp_name'], $path . "/" . $filename);
    if (!$moved) {
        $upload['error'] = 2;
        return $upload;
    }
    @my_chmod($path . "/" . $filename, '0644');
    $upload['filename'] = $filename;
    $upload['path'] = $path;
    $upload['type'] = $file['type'];
    $upload['size'] = $file['size'];
    $upload = $plugins->run_hooks("upload_file_end", $upload);
    return $upload;
}