function can_thank_this_post($postinfo = array(), $threadisdeleted = 0, $check_security = false, $securitytoken = '') { global $vbulletin; ($hook = vBulletinHook::fetch_hook('post_thanks_function_can_thank_this_post_start')) ? eval($hook) : false; if ($postinfo['postid'] == 0 || $vbulletin->userinfo['userid'] == 0 || $postinfo['isdeleted'] || $threadisdeleted || !$vbulletin->options['post_thanks_poster_button'] && $postinfo['userid'] == $vbulletin->userinfo['userid']) { return false; } if (post_thanks_in_array($vbulletin->userinfo['usergroupid'], $vbulletin->options['post_thanks_usergroup_using']) || post_thanks_in_array($vbulletin->userinfo['userid'], $vbulletin->options['post_thanks_user_useing'])) { return false; } if ($vbulletin->userinfo['posts'] < $vbulletin->options['post_thanks_post_count_needed']) { return false; } if ($vbulletin->options['post_thanks_max_per_day']) { global $count_thanks_so_far_totay; if ($count_thanks_so_far_totay === null) { $count_thanks_so_far_totay = $vbulletin->db->query_first("SELECT COUNT(*) AS total FROM " . TABLE_PREFIX . "post_thanks WHERE userid = " . $vbulletin->userinfo['userid'] . " AND date > " . (TIMENOW - 60 * 60 * 24) . ""); } if ($vbulletin->options['post_thanks_max_per_day'] <= $count_thanks_so_far_totay['total']) { return false; } } if ($vbulletin->options['post_thanks_days_old']) { if (TIMENOW > $vbulletin->options['post_thanks_days_old'] * 60 * 60 * 24 + $postinfo['dateline']) { return false; } } if ($vbulletin->options['post_groan_integrate']) { require_once DIR . '/includes/functions_post_groan.php'; if (groaned_already($postinfo)) { return false; } } if ($check_security && function_exists(verify_security_token)) { if (!verify_security_token($securitytoken, $vbulletin->userinfo['securitytoken_raw'])) { return false; } } ($hook = vBulletinHook::fetch_hook('post_thanks_function_can_thank_this_post_end')) ? eval($hook) : false; return true; }
break; case 0: if (!($vbulletin->userinfo['options'] & $vbulletin->bf_misc_useroptions['dstonoff'])) { $userdata->set_bitfield('options', 'dstonoff', 1); } break; } ($hook = vBulletinHook::fetch_hook('profile_dst')) ? eval($hook) : false; $userdata->save(); } eval(print_standard_redirect('redirect_dst')); } // ############################### toggle user css ############################### if ($_REQUEST['do'] == 'switchusercss') { $vbulletin->input->clean_array_gpc('r', array('hash' => TYPE_STR, 'userid' => TYPE_UINT)); if (!verify_security_token($vbulletin->GPC['hash'], $vbulletin->userinfo['securitytoken_raw'])) { print_no_permission(); } if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_profile_styling']) { $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_STANDARD); $userdata->set_existing($vbulletin->userinfo); $userdata->set_bitfield('options', 'showusercss', $vbulletin->userinfo['options'] & $vbulletin->bf_misc_useroptions['showusercss'] ? 0 : 1); $userdata->save(); } if ($vbulletin->GPC['userid'] and $vbulletin->url == $vbulletin->options['forumhome'] . '.php') { $vbulletin->url = 'member.php?' . $vbulletin->session->vars['sessionurl'] . 'u=' . $vbulletin->GPC['userid']; } eval(print_standard_redirect('redirect_usercss_toggled')); } // ############################################################################ // ############################### EDIT PASSWORD ##############################
$actiontemplates = array('lostpw' => array('lostpw', 'humanverify')); // ######################### REQUIRE BACK-END ############################ require_once './global.php'; require_once DIR . '/includes/functions_login.php'; // ####################################################################### // ######################## START MAIN SCRIPT ############################ // ####################################################################### $vbulletin->input->clean_gpc('r', 'a', TYPE_STR); if (empty($_REQUEST['do']) and empty($vbulletin->GPC['a'])) { exec_header_redirect($vbulletin->options['forumhome'] . '.php'); } // ############################### start logout ############################### if ($_REQUEST['do'] == 'logout') { define('NOPMPOPUP', true); $vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR); if ($vbulletin->userinfo['userid'] != 0 and !verify_security_token($vbulletin->GPC['logouthash'], $vbulletin->userinfo['securitytoken_raw'])) { eval(standard_error(fetch_error('logout_error', $vbulletin->session->vars['sessionurl'], $vbulletin->userinfo['securitytoken']))); } process_logout(); $vbulletin->url = fetch_replaced_session_url($vbulletin->url); if (strpos($vbulletin->url, 'do=logout') !== false) { $vbulletin->url = $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']; } $show['member'] = false; eval(standard_error(fetch_error('cookieclear', create_full_url($vbulletin->url), $vbulletin->options['forumhome'], $vbulletin->session->vars['sessionurl_q']), '', false)); } // ############################### start do login ############################### // this was a _REQUEST action but where do we all login via request? if ($_POST['do'] == 'login') { $vbulletin->input->clean_array_gpc('p', array('vb_login_username' => TYPE_STR, 'vb_login_password' => TYPE_STR, 'vb_login_md5password' => TYPE_STR, 'vb_login_md5password_utf' => TYPE_STR, 'postvars' => TYPE_BINARY, 'cookieuser' => TYPE_BOOL, 'logintype' => TYPE_STR, 'cssprefs' => TYPE_STR)); // can the user login?
// ######################### REQUIRE BACK-END ############################ require_once './global.php'; require_once DIR . '/includes/functions_forumlist.php'; require_once DIR . '/includes/functions_bigthree.php'; require_once DIR . '/includes/functions_forumdisplay.php'; require_once DIR . '/includes/functions_prefix.php'; // ####################################################################### // ######################## START MAIN SCRIPT ############################ // ####################################################################### verify_forum_url(); ($hook = vBulletinHook::fetch_hook('forumdisplay_start')) ? eval($hook) : false; // ############################### start mark forums read ############################### if ($_REQUEST['do'] == 'markread') { // Prevent CSRF. See #32785 $vbulletin->input->clean_array_gpc('r', array('markreadhash' => TYPE_STR)); if (!VB_API and !verify_security_token($vbulletin->GPC['markreadhash'], $vbulletin->userinfo['securitytoken_raw'])) { eval(standard_error(fetch_error('security_token_invalid', $vbulletin->options['contactuslink']))); } require_once DIR . '/includes/functions_misc.php'; $mark_read_result = mark_forums_read($foruminfo['forumid']); $vbulletin->url = $mark_read_result['url']; print_standard_redirect($mark_read_result['phrase']); } // Don't allow access to anything below if an invalid $forumid was specified cache_moderators(); if (!$foruminfo['forumid']) { eval(standard_error(fetch_error('invalidid', $vbphrase['forum'], $vbulletin->options['contactuslink']))); } // ############################### start enter password ############################### if ($_REQUEST['do'] == 'doenterpwd') { $vbulletin->input->clean_array_gpc('r', array('newforumpwd' => TYPE_STR, 'url' => TYPE_STR, 'postvars' => TYPE_BINARY));
/** * Loads assorted show variables. Ideally, these would be used in templates, * but sometimes they're used within code. */ public function load_show_variables() { global $show, $vbulletin, $vbphrase; $show['old_explorer'] = (is_browser('ie') AND !is_browser('ie', 6)); $show['rtl'] = (!($vbulletin->userinfo['lang_options'] & $vbulletin->bf_misc_languageoptions['direction'])); $show['admincplink'] = ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] ? true : false); // This generates an extra query for non-admins/supermods on many pages so we have chosen to only display it to supermods & admins // $show['modcplink'] = iif(can_moderate(), true, false); $show['modcplink'] = ( $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] OR $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator'] ); $show['registerbutton'] = ( !$show['search_engine'] AND $vbulletin->options['allowregistration'] AND (!$vbulletin->userinfo['userid'] OR $vbulletin->options['allowmultiregs']) ); $show['searchbuttons'] = ( !$show['search_engine'] AND $vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['cansearch'] AND $vbulletin->options['enablesearches'] ); $show['quicksearch'] = (!fetch_require_hvcheck('search')); $show['memberslist'] = ( $vbulletin->options['enablememberlist'] AND $vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canviewmembers'] ); $loggedout = false; if (THIS_SCRIPT == 'login' AND $_REQUEST['do'] == 'logout' AND $vbulletin->userinfo['userid'] != 0) { $vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR); if (verify_security_token($vbulletin->GPC['logouthash'], $vbulletin->userinfo['securitytoken_raw'])) { $loggedout = true; } } if (!$vbulletin->userinfo['userid'] OR $loggedout) { $show['guest'] = true; $show['member'] = false; } else { $show['guest'] = false; $show['member'] = true; } $show['detailedtime'] = ($vbulletin->options['yestoday'] == 2); $show['popups'] = (!$show['search_engine'] AND $vbulletin->options['usepopups'] AND !$vbulletin->GPC['nojs']); if ($show['popups']) { // this isn't what $show is for, but it's a variable that's available in many places $show['nojs_link'] = $vbulletin->scriptpath . (strpos($vbulletin->scriptpath, '?') ? '&' : '?') . 'nojs=1'; } else { $show['nojs_link'] = ''; } if ($vbulletin->options['enablepms'] AND $vbulletin->userinfo['userid'] AND ($vbulletin->userinfo['pmunread'] OR ($vbulletin->userinfo['receivepm'] AND $vbulletin->userinfo['permissions']['pmquota']))) { if ($vbulletin->userinfo['pmtotal'] < $vbulletin->userinfo['permissions']['pmquota']) { if (($vbphrase['pmpercent_nav_compiled'] = number_format(floor($vbulletin->userinfo['pmtotal'] / $vbulletin->userinfo['permissions']['pmquota'] * 100), 0)) >= 90) { $show['pmwarning'] = true; } else { $show['pmwarning'] = false; } } else if ($vbulletin->userinfo['permissions']['pmquota']) { $show['pmwarning'] = true; $vbphrase['pmpercent_nav_compiled'] = '100'; } else { $show['pmwarning'] = false; } $show['pmstats'] = true; } else { $show['pmstats'] = false; $show['pmwarning'] = false; } $show['pmmainlink'] = ( $vbulletin->options['enablepms'] AND $vbulletin->userinfo['userid'] AND ($vbulletin->userinfo['permissions']['pmquota'] OR $vbulletin->userinfo['pmtotal']) ); $show['pmtracklink'] = ($vbulletin->userinfo['permissions']['pmpermissions'] & $vbulletin->bf_ugp_pmpermissions['cantrackpm']); $show['pmsendlink'] = ($vbulletin->userinfo['permissions']['pmquota']); $show['siglink'] = ($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canusesignature']); $show['avatarlink'] = ($vbulletin->options['avatarenabled']); $show['profilepiclink'] = ( $vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canprofilepic'] AND $vbulletin->options['profilepicenabled'] ); $show['wollink'] = ($vbulletin->userinfo['permissions']['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonline']); $show['spacer'] = true; // used in postbit template $show['dst_correction'] = ( THIS_SCRIPT != 'register' AND ($vbulletin->session->vars['loggedin'] == 1 OR $vbulletin->session->created OR THIS_SCRIPT == 'usercp') AND $vbulletin->userinfo['dstauto'] == 1 AND $vbulletin->userinfo['userid'] ); $show['contactus'] = ( $vbulletin->options['contactuslink'] AND ((!$vbulletin->userinfo['userid'] AND $vbulletin->options['contactustype']) OR $vbulletin->userinfo['userid']) ); // you may define this if you don't want the password in the login box to be zapped onsubmit; good for integration $show['nopasswordempty'] = defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; // this nees to be an int for the templates // Determine display of certain navbar Quick Links $show['quick_links_groups'] = ( $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_groups'] AND $vbulletin->userinfo['permissions']['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canviewgroups'] ); $show['quick_links_albums'] = ( $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums'] AND $vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canviewmembers'] AND $vbulletin->userinfo['permissions']['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['canviewalbum'] ); $show['friends_and_contacts'] = ( $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends'] AND $vbulletin->userinfo['permissions']['genericpermissions2'] & $vbulletin->bf_ugp_genericpermissions2['canusefriends'] ); $show['communitylink'] = ($show['quick_links_groups'] OR $show['quick_links_albums'] OR $vbulletin->userinfo['userid'] OR $show['memberslist']); // We don't want the number of columns to be more than the total number of smilies to display #36621 $vbulletin->options['smcolumns'] = $vbulletin->options['smcolumns'] > $vbulletin->options['smtotal'] ? $vbulletin->options['smtotal'] : $vbulletin->options['smcolumns']; }