Esempio n. 1
 * Makes sure the calendar post is valid.
 * @package Calendar
function validateEventPost()
    global $modSettings;
    if (!isset($_POST['deleteevent'])) {
        // No month?  No year?
        if (!isset($_POST['month'])) {
            fatal_lang_error('event_month_missing', false);
        if (!isset($_POST['year'])) {
            fatal_lang_error('event_year_missing', false);
        // Check the month and year...
        if ($_POST['month'] < 1 || $_POST['month'] > 12) {
            fatal_lang_error('invalid_month', false);
        if ($_POST['year'] < $modSettings['cal_minyear'] || $_POST['year'] > $modSettings['cal_maxyear']) {
            fatal_lang_error('invalid_year', false);
    // Make sure they're allowed to post...
    if (isset($_POST['span'])) {
        // Make sure it's turned on and not some fool trying to trick it.
        if (empty($modSettings['cal_allowspan'])) {
            fatal_lang_error('no_span', false);
        if ($_POST['span'] < 1 || $_POST['span'] > $modSettings['cal_maxspan']) {
            fatal_lang_error('invalid_days_numb', false);
    // There is no need to validate the following values if we are just deleting the event.
    if (!isset($_POST['deleteevent'])) {
        // No day?
        if (!isset($_POST['day'])) {
            fatal_lang_error('event_day_missing', false);
        if (!isset($_POST['evtitle']) && !isset($_POST['subject'])) {
            fatal_lang_error('event_title_missing', false);
        } elseif (!isset($_POST['evtitle'])) {
            $_POST['evtitle'] = $_POST['subject'];
        // Bad day?
        if (!checkdate($_POST['month'], $_POST['day'], $_POST['year'])) {
            fatal_lang_error('invalid_date', false);
        // No title?
        if (Util::htmltrim($_POST['evtitle']) === '') {
            fatal_lang_error('no_event_title', false);
        if (Util::strlen($_POST['evtitle']) > 100) {
            $_POST['evtitle'] = Util::substr($_POST['evtitle'], 0, 100);
        $_POST['evtitle'] = str_replace(';', '', $_POST['evtitle']);
  * Add or edit a portal wide permissions profile
 public function action_sportal_admin_permission_profiles_edit()
     global $context, $txt;
     // New or an edit?
     $context['is_new'] = empty($_REQUEST['profile_id']);
     // Saving the form
     if (!empty($_POST['submit'])) {
         // Security first
         // Always clean the name
         if (!isset($_POST['name']) || Util::htmltrim(Util::htmlspecialchars($_POST['name'], ENT_QUOTES)) === '') {
             fatal_lang_error('sp_error_profile_name_empty', false);
         $groups_allowed = $groups_denied = '';
         // If specific member groups were picked, build the allow/deny arrays
         if (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) {
             $groups_allowed = $groups_denied = array();
             foreach ($_POST['membergroups'] as $id => $value) {
                 if ($value == 1) {
                     $groups_allowed[] = (int) $id;
                 } elseif ($value == -1) {
                     $groups_denied[] = (int) $id;
             $groups_allowed = implode(',', $groups_allowed);
             $groups_denied = implode(',', $groups_denied);
         // Add the data to place in the fields
         $profile_info = array('id' => (int) $_POST['profile_id'], 'type' => 1, 'name' => Util::htmlspecialchars($_POST['name'], ENT_QUOTES), 'value' => implode('|', array($groups_allowed, $groups_denied)));
         // New we simply insert
         $profile_info['id'] = sp_add_permission_profile($profile_info, $context['is_new']);
     // Not saving, then its time to show the permission form
     if ($context['is_new']) {
         $context['profile'] = array('id' => 0, 'name' => $txt['sp_profiles_default_name'], 'label' => $txt['sp_profiles_default_name'], 'groups_allowed' => array(), 'groups_denied' => array());
     } else {
         $_REQUEST['profile_id'] = (int) $_REQUEST['profile_id'];
         $context['profile'] = sportal_get_profiles($_REQUEST['profile_id']);
     // Sub template time
     $context['profile']['groups'] = sp_load_membergroups();
     $context['page_title'] = $context['is_new'] ? $txt['sp_admin_profiles_add'] : $txt['sp_admin_profiles_edit'];
     $context['sub_template'] = 'permission_profiles_edit';
Esempio n. 3
 * General function to split off a topic.
 * creates a new topic and moves the messages with the IDs in
 * array messagesToBeSplit to the new topic.
 * the subject of the newly created topic is set to 'newSubject'.
 * marks the newly created message as read for the user splitting it.
 * updates the statistics to reflect a newly created topic.
 * logs the action in the moderation log.
 * a notification is sent to all users monitoring this topic.
 * @param int $split1_ID_TOPIC
 * @param int[] $splitMessages
 * @param string $new_subject
 * @return int the topic ID of the new split topic.
function splitTopic($split1_ID_TOPIC, $splitMessages, $new_subject)
    global $txt;
    $db = database();
    // Nothing to split?
    if (empty($splitMessages)) {
        fatal_lang_error('no_posts_selected', false);
    // Get some board info.
    $request = $db->query('', '
		SELECT id_board, approved
		FROM {db_prefix}topics
		WHERE id_topic = {int:id_topic}
		LIMIT 1', array('id_topic' => $split1_ID_TOPIC));
    list($id_board, $split1_approved) = $db->fetch_row($request);
    // Find the new first and last not in the list. (old topic)
    $request = $db->query('', '
			MIN(m.id_msg) AS myid_first_msg, MAX(m.id_msg) AS myid_last_msg, COUNT(*) AS message_count, m.approved
		FROM {db_prefix}messages AS m
			INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:id_topic})
		WHERE m.id_msg NOT IN ({array_int:no_msg_list})
			AND m.id_topic = {int:id_topic}
		GROUP BY m.approved
		ORDER BY m.approved DESC
		LIMIT 2', array('id_topic' => $split1_ID_TOPIC, 'no_msg_list' => $splitMessages));
    // You can't select ALL the messages!
    if ($db->num_rows($request) == 0) {
        fatal_lang_error('selected_all_posts', false);
    $split1_first_msg = null;
    $split1_last_msg = null;
    while ($row = $db->fetch_assoc($request)) {
        // Get the right first and last message dependant on approved state...
        if (empty($split1_first_msg) || $row['myid_first_msg'] < $split1_first_msg) {
            $split1_first_msg = $row['myid_first_msg'];
        if (empty($split1_last_msg) || $row['approved']) {
            $split1_last_msg = $row['myid_last_msg'];
        // Get the counts correct...
        if ($row['approved']) {
            $split1_replies = $row['message_count'] - 1;
            $split1_unapprovedposts = 0;
        } else {
            if (!isset($split1_replies)) {
                $split1_replies = 0;
            } elseif (!$split1_approved) {
            $split1_unapprovedposts = $row['message_count'];
    $split1_firstMem = getMsgMemberID($split1_first_msg);
    $split1_lastMem = getMsgMemberID($split1_last_msg);
    // Find the first and last in the list. (new topic)
    $request = $db->query('', '
		SELECT MIN(id_msg) AS myid_first_msg, MAX(id_msg) AS myid_last_msg, COUNT(*) AS message_count, approved
		FROM {db_prefix}messages
		WHERE id_msg IN ({array_int:msg_list})
			AND id_topic = {int:id_topic}
		GROUP BY id_topic, approved
		ORDER BY approved DESC
		LIMIT 2', array('msg_list' => $splitMessages, 'id_topic' => $split1_ID_TOPIC));
    while ($row = $db->fetch_assoc($request)) {
        // As before get the right first and last message dependant on approved state...
        if (empty($split2_first_msg) || $row['myid_first_msg'] < $split2_first_msg) {
            $split2_first_msg = $row['myid_first_msg'];
        if (empty($split2_last_msg) || $row['approved']) {
            $split2_last_msg = $row['myid_last_msg'];
        // Then do the counts again...
        if ($row['approved']) {
            $split2_approved = true;
            $split2_replies = $row['message_count'] - 1;
            $split2_unapprovedposts = 0;
        } else {
            // Should this one be approved??
            if ($split2_first_msg == $row['myid_first_msg']) {
                $split2_approved = false;
            if (!isset($split2_replies)) {
                $split2_replies = 0;
            } elseif (!$split2_approved) {
            $split2_unapprovedposts = $row['message_count'];
    $split2_firstMem = getMsgMemberID($split2_first_msg);
    $split2_lastMem = getMsgMemberID($split2_last_msg);
    // No database changes yet, so let's double check to see if everything makes at least a little sense.
    if ($split1_first_msg <= 0 || $split1_last_msg <= 0 || $split2_first_msg <= 0 || $split2_last_msg <= 0 || $split1_replies < 0 || $split2_replies < 0 || $split1_unapprovedposts < 0 || $split2_unapprovedposts < 0 || !isset($split1_approved) || !isset($split2_approved)) {
    // You cannot split off the first message of a topic.
    if ($split1_first_msg > $split2_first_msg) {
        fatal_lang_error('split_first_post', false);
    // We're off to insert the new topic!  Use 0 for now to avoid UNIQUE errors.
    $db->insert('', '{db_prefix}topics', array('id_board' => 'int', 'id_member_started' => 'int', 'id_member_updated' => 'int', 'id_first_msg' => 'int', 'id_last_msg' => 'int', 'num_replies' => 'int', 'unapproved_posts' => 'int', 'approved' => 'int', 'is_sticky' => 'int'), array((int) $id_board, $split2_firstMem, $split2_lastMem, 0, 0, $split2_replies, $split2_unapprovedposts, (int) $split2_approved, 0), array('id_topic'));
    $split2_ID_TOPIC = $db->insert_id('{db_prefix}topics', 'id_topic');
    if ($split2_ID_TOPIC <= 0) {
    // Move the messages over to the other topic.
    $new_subject = strtr(Util::htmltrim(Util::htmlspecialchars($new_subject)), array("\r" => '', "\n" => '', "\t" => ''));
    // Check the subject length.
    if (Util::strlen($new_subject) > 100) {
        $new_subject = Util::substr($new_subject, 0, 100);
    // Valid subject?
    if ($new_subject != '') {
        $db->query('', '
			UPDATE {db_prefix}messages
				id_topic = {int:id_topic},
				subject = CASE WHEN id_msg = {int:split_first_msg} THEN {string:new_subject} ELSE {string:new_subject_replies} END
			WHERE id_msg IN ({array_int:split_msgs})', array('split_msgs' => $splitMessages, 'id_topic' => $split2_ID_TOPIC, 'new_subject' => $new_subject, 'split_first_msg' => $split2_first_msg, 'new_subject_replies' => $txt['response_prefix'] . $new_subject));
        // Cache the new topics subject... we can do it now as all the subjects are the same!
        updateStats('subject', $split2_ID_TOPIC, $new_subject);
    // Any associated reported posts better follow...
    require_once SUBSDIR . '/Topic.subs.php';
    updateSplitTopics(array('splitMessages' => $splitMessages, 'split2_ID_TOPIC' => $split2_ID_TOPIC, 'split1_replies' => $split1_replies, 'split1_first_msg' => $split1_first_msg, 'split1_last_msg' => $split1_last_msg, 'split1_firstMem' => $split1_firstMem, 'split1_lastMem' => $split1_lastMem, 'split1_unapprovedposts' => $split1_unapprovedposts, 'split1_ID_TOPIC' => $split1_ID_TOPIC, 'split2_first_msg' => $split2_first_msg, 'split2_last_msg' => $split2_last_msg, 'split2_ID_TOPIC' => $split2_ID_TOPIC, 'split2_approved' => $split2_approved), $id_board);
    require_once SUBSDIR . '/FollowUps.subs.php';
    // Let's see if we can create a stronger bridge between the two topics
    // @todo not sure what message from the oldest topic I should link to the new one, so I'll go with the first
    linkMessages($split1_first_msg, $split2_ID_TOPIC);
    // Copy log topic entries.
    // @todo This should really be chunked.
    $request = $db->query('', '
		SELECT id_member, id_msg, unwatched
		FROM {db_prefix}log_topics
		WHERE id_topic = {int:id_topic}', array('id_topic' => (int) $split1_ID_TOPIC));
    if ($db->num_rows($request) > 0) {
        $replaceEntries = array();
        while ($row = $db->fetch_assoc($request)) {
            $replaceEntries[] = array($row['id_member'], $split2_ID_TOPIC, $row['id_msg'], $row['unwatched']);
        require_once SUBSDIR . '/Topic.subs.php';
        markTopicsRead($replaceEntries, false);
    // Housekeeping.
    logAction('split', array('topic' => $split1_ID_TOPIC, 'new_topic' => $split2_ID_TOPIC, 'board' => $id_board));
    // Notify people that this topic has been split?
    require_once SUBSDIR . '/Notification.subs.php';
    sendNotifications($split1_ID_TOPIC, 'split');
    // If there's a search index that needs updating, update it...
    require_once SUBSDIR . '/Search.subs.php';
    $searchAPI = findSearchAPI();
    if (is_callable(array($searchAPI, 'topicSplit'))) {
        $searchAPI->topicSplit($split2_ID_TOPIC, $splitMessages);
    // Return the ID of the newly created topic.
    return $split2_ID_TOPIC;
Esempio n. 4
 * Trim a string including the HTML space, character 160.  Uses two underscores to guard against overloading.
 * What it does:
 * - trims a string or an the var array using html characters as well.
 * - does not effect keys, only values.
 * - may call itself recursively if needed.
 * @param string[]|string $var
 * @param int $level = 0
 * @return mixed[]|string
function htmltrim__recursive($var, $level = 0)
    // Remove spaces (32), tabs (9), returns (13, 10, and 11), nulls (0), and hard spaces. (160)
    if (!is_array($var)) {
        return Util::htmltrim($var);
    // Go through all the elements and remove the whitespace.
    foreach ($var as $k => $v) {
        $var[$k] = $level > 25 ? null : htmltrim__recursive($v, $level + 1);
    return $var;
Esempio n. 5
  * Send the emails.
  * - Sends off emails to all the moderators.
  * - Sends to administrators and global moderators. (1 and 2)
  * - Called by action_reporttm(), and thus has the same permission and setting requirements as it does.
  * - Accessed through ?action=reporttm when posting.
 public function action_reporttm2()
     global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $language, $context;
     // You must have the proper permissions!
     // Make sure they aren't spamming.
     require_once SUBSDIR . '/Mail.subs.php';
     // No errors, yet.
     $report_errors = Error_Context::context('report', 1);
     // Check their session.
     if (checkSession('post', '', false) != '') {
     // Make sure we have a comment and it's clean.
     if (!isset($_POST['comment']) || Util::htmltrim($_POST['comment']) === '') {
     $poster_comment = strtr(Util::htmlspecialchars($_POST['comment']), array("\r" => '', "\t" => ''));
     if (Util::strlen($poster_comment) > 254) {
     // Guests need to provide their address!
     if ($user_info['is_guest']) {
         require_once SUBSDIR . '/DataValidator.class.php';
         if (!Data_Validator::is_valid($_POST, array('email' => 'valid_email'), array('email' => 'trim'))) {
             empty($_POST['email']) ? $report_errors->addError('no_email') : $report_errors->addError('bad_email');
         isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
         $user_info['email'] = htmlspecialchars($_POST['email'], ENT_COMPAT, 'UTF-8');
     // Could they get the right verification code?
     if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) {
         require_once SUBSDIR . '/VerificationControls.class.php';
         $verificationOptions = array('id' => 'report');
         $context['require_verification'] = create_control_verification($verificationOptions, true);
         if (is_array($context['require_verification'])) {
             foreach ($context['require_verification'] as $error) {
                 $report_errors->addError($error, 0);
     // Any errors?
     if ($report_errors->hasErrors()) {
         return $this->action_reporttm();
     // Get the basic topic information, and make sure they can see it.
     $msg_id = (int) $_POST['msg'];
     $message = posterDetails($msg_id, $topic);
     if (empty($message)) {
         fatal_lang_error('no_board', false);
     $poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
     $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
     $subject = un_htmlspecialchars($message['subject']);
     // Get a list of members with the moderate_board permission.
     require_once SUBSDIR . '/Members.subs.php';
     $moderators = membersAllowedTo('moderate_board', $board);
     $result = getBasicMemberData($moderators, array('preferences' => true, 'sort' => 'lngfile'));
     $mod_to_notify = array();
     foreach ($result as $row) {
         if ($row['notify_types'] != 4) {
             $mod_to_notify[] = $row;
     // Check that moderators do exist!
     if (empty($mod_to_notify)) {
         fatal_lang_error('no_mods', false);
     // If we get here, I believe we should make a record of this, for historical significance, yabber.
     if (empty($modSettings['disable_log_report'])) {
         require_once SUBSDIR . '/Messages.subs.php';
         $id_report = recordReport($message, $poster_comment);
         // If we're just going to ignore these, then who gives a monkeys...
         if ($id_report === false) {
             redirectexit('topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id);
     // Find out who the real moderators are - for mod preferences.
     require_once SUBSDIR . '/Boards.subs.php';
     $real_mods = getBoardModerators($board, true);
     // Send every moderator an email.
     foreach ($mod_to_notify as $row) {
         // Maybe they don't want to know?!
         if (!empty($row['mod_prefs'])) {
             list(, , $pref_binary) = explode('|', $row['mod_prefs']);
             if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) {
         $replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id, 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']);
         $emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
         // Send it to the moderator.
         sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 2);
     // Keep track of when the mod reports get updated, that way we know when we need to look again.
     updateSettings(array('last_mod_report_action' => time()));
     // Back to the post we reported!
     redirectexit('reportsent;topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id);
 * Implodes or Expands a set of style attributes
 * @param string $action implode or explode
 * @param string $setting string of style options joined on name~value|name~value
 * @param boolean $process
function sportal_parse_style($action, $setting = '', $process = false)
    static $process_cache;
    $style = array();
    if ($action === 'implode') {
        $style = '';
        $style_parameters = array('title_default_class', 'title_custom_class', 'title_custom_style', 'body_default_class', 'body_custom_class', 'body_custom_style', 'no_title', 'no_body');
        foreach ($style_parameters as $parameter) {
            if (isset($_POST[$parameter])) {
                $style .= $parameter . '~' . Util::htmlspecialchars(Util::htmltrim($_POST[$parameter]), ENT_QUOTES) . '|';
            } else {
                $style .= $parameter . '~|';
        if (!empty($style)) {
            $style = substr($style, 0, -1);
    } elseif ($action === 'explode') {
        // Supplying a style set or using our defaults
        if (!empty($setting)) {
            $temp = explode('|', $setting);
            foreach ($temp as $item) {
                list($key, $value) = explode('~', $item);
                $style[$key] = $value;
        } else {
            $style = array('title_default_class' => 'category_header', 'title_custom_class' => '', 'title_custom_style' => '', 'body_default_class' => 'portalbg', 'body_custom_class' => '', 'body_custom_style' => '', 'no_title' => false, 'no_body' => false);
        // Set the style values for use in the templates
        if ($process && !isset($process_cache[$setting])) {
            if (empty($style['no_title'])) {
                $style['title']['class'] = $style['title_default_class'];
                if (!empty($style['title_custom_class'])) {
                    $style['title']['class'] .= ' ' . $style['title_custom_class'];
                $style['title']['style'] = $style['title_custom_style'];
            if (empty($style['no_body'])) {
                $style['body']['class'] = $style['body_default_class'];
            } else {
                $style['body']['class'] = '';
            if (!empty($style['body_custom_class'])) {
                $style['body']['class'] .= ' ' . $style['body_custom_class'];
            $style['body']['style'] = $style['body_custom_style'];
            $process_cache[$setting] = $style;
        } elseif ($process) {
            $style = $process_cache[$setting];
    return $style;
  * Edit or add a category
 public function action_sportal_admin_category_edit()
     global $context, $txt;
     $this->_is_new = empty($_REQUEST['category_id']);
     // Saving the category form
     if (!empty($_POST['submit'])) {
         // Clean what was sent
         // @todo move all this to validator?
         $name = isset($_POST['name']) ? Util::htmltrim(Util::htmlspecialchars($_POST['name'], ENT_QUOTES)) : '';
         $namespace = isset($_POST['namespace']) ? Util::htmltrim(Util::htmlspecialchars($_POST['namespace'], ENT_QUOTES)) : '';
         $current = isset($_POST['category_id']) ? (int) $_POST['category_id'] : 0;
         $description = isset($_POST['description']) ? Util::htmlspecialchars($_POST['description'], ENT_QUOTES) : '';
         if (empty($name)) {
             fatal_lang_error('sp_error_category_name_empty', false);
         if (empty($namespace)) {
             fatal_lang_error('sp_error_category_namespace_empty', false);
         if (sp_check_duplicate_category($current, $namespace)) {
             fatal_lang_error('sp_error_category_namespace_duplicate', false);
         if (preg_match('~[^A-Za-z0-9_]+~', $namespace) != 0) {
             fatal_lang_error('sp_error_category_namespace_invalid_chars', false);
         if (preg_replace('~[0-9]+~', '', $namespace) === '') {
             fatal_lang_error('sp_error_category_namespace_numeric', false);
         $category_info = array('id' => (int) $_POST['category_id'], 'namespace' => $namespace, 'name' => $name, 'description' => $description, 'permissions' => (int) $_POST['permissions'], 'status' => !empty($_POST['status']) ? 1 : 0);
         $category_info['id'] = sp_update_category($category_info, $this->_is_new);
     // Creating a new category, lets set up some defaults for the form
     if ($this->_is_new) {
         $context['category'] = array('id' => 0, 'category_id' => 'category' . mt_rand(1, 5000), 'name' => $txt['sp_categories_default_name'], 'description' => '', 'permissions' => 3, 'groups_allowed' => array(), 'groups_denied' => array(), 'status' => 1);
     } else {
         $_REQUEST['category_id'] = (int) $_REQUEST['category_id'];
         $context['category'] = sportal_get_categories($_REQUEST['category_id']);
     $context['is_new'] = $this->_is_new;
     $context['category']['permission_profiles'] = sportal_get_profiles(null, 1, 'name');
     $context['category']['groups'] = sp_load_membergroups();
     $context['page_title'] = $this->_is_new ? $txt['sp_admin_categories_add'] : $txt['sp_admin_categories_edit'];
     $context['sub_template'] = 'categories_edit';
Esempio n. 8
  * Execute the move of a topic.
  * It is called on the submit of action_movetopic.
  * This function logs that topics have been moved in the moderation log.
  * If the member is the topic starter requires the move_own permission,
  * otherwise requires the move_any permission.
  * Upon successful completion redirects to message index.
  * Accessed via ?action=movetopic2.
  * @uses subs/Post.subs.php.
 public function action_movetopic2()
     global $txt, $board, $topic, $scripturl, $context, $language, $user_info;
     if (empty($topic)) {
         fatal_lang_error('no_access', false);
     // You can't choose to have a redirection topic and use an empty reason.
     if (isset($_POST['postRedirect']) && (!isset($_POST['reason']) || trim($_POST['reason']) == '')) {
         fatal_lang_error('movetopic_no_reason', false);
     // You have to tell us were you are moving to
     if (!isset($_POST['toboard'])) {
         fatal_lang_error('movetopic_no_board', false);
     // We will need this
     require_once SUBSDIR . '/Topic.subs.php';
     // Make sure this form hasn't been submitted before.
     // Get the basic details on this topic
     $topic_info = getTopicInfo($topic);
     $context['is_approved'] = $topic_info['approved'];
     // Can they see it?
     if (!$context['is_approved']) {
     // Can they move topics on this board?
     if (!allowedTo('move_any')) {
         if ($topic_info['id_member_started'] == $user_info['id']) {
         } else {
     require_once SUBSDIR . '/Post.subs.php';
     require_once SUBSDIR . '/Boards.subs.php';
     // The destination board must be numeric.
     $toboard = (int) $_POST['toboard'];
     // Make sure they can see the board they are trying to move to (and get whether posts count in the target board).
     $board_info = boardInfo($toboard, $topic);
     if (empty($board_info)) {
     // Remember this for later.
     $_SESSION['move_to_topic'] = array('move_to' => $toboard);
     // Rename the topic...
     if (isset($_POST['reset_subject'], $_POST['custom_subject']) && $_POST['custom_subject'] != '') {
         $custom_subject = strtr(Util::htmltrim(Util::htmlspecialchars($_POST['custom_subject'])), array("\r" => '', "\n" => '', "\t" => ''));
         // Keep checking the length.
         if (Util::strlen($custom_subject) > 100) {
             $custom_subject = Util::substr($custom_subject, 0, 100);
         // If it's still valid move onwards and upwards.
         if ($custom_subject != '') {
             $all_messages = isset($_POST['enforce_subject']);
             if ($all_messages) {
                 // Get a response prefix, but in the forum's default language.
                 $context['response_prefix'] = response_prefix();
                 topicSubject($topic_info, $custom_subject, $context['response_prefix'], $all_messages);
             } else {
                 topicSubject($topic_info, $custom_subject);
             // Fix the subject cache.
             updateStats('subject', $topic, $custom_subject);
     // Create a link to this in the old board.
     // @todo Does this make sense if the topic was unapproved before? I'd just about say so.
     if (isset($_POST['postRedirect'])) {
         // Should be in the boardwide language.
         if ($user_info['language'] != $language) {
             loadLanguage('index', $language);
         $reason = Util::htmlspecialchars($_POST['reason'], ENT_QUOTES);
         // Add a URL onto the message.
         $reason = strtr($reason, array($txt['movetopic_auto_board'] => '[url=' . $scripturl . '?board=' . $toboard . '.0]' . $board_info['name'] . '[/url]', $txt['movetopic_auto_topic'] => '[iurl]' . $scripturl . '?topic=' . $topic . '.0[/iurl]'));
         // Auto remove this MOVED redirection topic in the future?
         $redirect_expires = !empty($_POST['redirect_expires']) ? (int) $_POST['redirect_expires'] : 0;
         // Redirect to the MOVED topic from topic list?
         $redirect_topic = isset($_POST['redirect_topic']) ? $topic : 0;
         // And remember the last expiry period too.
         $_SESSION['move_to_topic']['redirect_topic'] = $redirect_topic;
         $_SESSION['move_to_topic']['redirect_expires'] = $redirect_expires;
         $msgOptions = array('subject' => $txt['moved'] . ': ' . $board_info['subject'], 'body' => $reason, 'icon' => 'moved', 'smileys_enabled' => 1);
         $topicOptions = array('board' => $board, 'lock_mode' => 1, 'mark_as_read' => true, 'redirect_expires' => empty($redirect_expires) ? 0 : $redirect_expires * 60 + time(), 'redirect_topic' => $redirect_topic);
         $posterOptions = array('id' => $user_info['id'], 'update_post_count' => empty($board_info['count_posts']));
         createPost($msgOptions, $topicOptions, $posterOptions);
     $board_from = boardInfo($board);
     if ($board_from['count_posts'] != $board_info['count_posts']) {
         $posters = postersCount($topic);
         foreach ($posters as $id_member => $posts) {
             // The board we're moving from counted posts, but not to.
             if (empty($board_from['count_posts'])) {
                 updateMemberData($id_member, array('posts' => 'posts - ' . $posts));
             } else {
                 updateMemberData($id_member, array('posts' => 'posts + ' . $posts));
     // Do the move (includes statistics update needed for the redirect topic).
     moveTopics($topic, $toboard);
     // Log that they moved this topic.
     if (!allowedTo('move_own') || $topic_info['id_member_started'] != $user_info['id']) {
         logAction('move', array('topic' => $topic, 'board_from' => $board, 'board_to' => $toboard));
     // Notify people that this topic has been moved?
     require_once SUBSDIR . '/Notification.subs.php';
     sendNotifications($topic, 'move');
     // Why not go back to the original board in case they want to keep moving?
     if (!isset($_REQUEST['goback'])) {
         redirectexit('board=' . $board . '.0');
     } else {
         redirectexit('topic=' . $topic . '.0');
Esempio n. 9
  * Show all PM drafts of the current user
  * Uses the showpmdraft template
  * Allows for the deleting and loading/editing of PM drafts
 public function action_showPMDrafts()
     global $txt, $user_info, $scripturl, $modSettings, $context;
     require_once SUBSDIR . '/Profile.subs.php';
     require_once SUBSDIR . '/Drafts.subs.php';
     $memID = currentMemberID();
     // Quick check how we got here.
     if ($memID != $user_info['id']) {
         // empty($modSettings['drafts_enabled']) || empty($modSettings['drafts_pm_enabled']))
         fatal_lang_error('no_access', false);
     // Set up what we will need
     $context['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0;
     // If just deleting a draft, do it and then redirect back.
     if (!empty($_REQUEST['delete'])) {
         $id_delete = (int) $_REQUEST['delete'];
         deleteDrafts($id_delete, $memID);
         redirectexit('action=pm;sa=showpmdrafts;start=' . $context['start']);
     // Perhaps a draft was selected for editing? if so pass this off
     if (!empty($_REQUEST['id_draft']) && !empty($context['drafts_pm_save'])) {
         $id_draft = (int) $_REQUEST['id_draft'];
         redirectexit('action=pm;sa=send;id_draft=' . $id_draft);
     // Init
     $maxIndex = (int) $modSettings['defaultMaxMessages'];
     // Default to 10.
     if (empty($_REQUEST['viewscount']) || !is_numeric($_REQUEST['viewscount'])) {
         $_REQUEST['viewscount'] = 10;
     // Get the count of applicable drafts
     $msgCount = draftsCount($memID, 1);
     // Make sure the starting place makes sense and construct our friend the page index.
     $context['page_index'] = constructPageIndex($scripturl . '?action=pm;sa=showpmdrafts', $context['start'], $msgCount, $maxIndex);
     $context['current_page'] = $context['start'] / $maxIndex;
     // Reverse the query if we're past 50% of the total for better performance.
     $start = $context['start'];
     $reverse = $start > $msgCount / 2;
     if ($reverse) {
         $maxIndex = $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] + 1 && $msgCount > $context['start'] ? $msgCount - $context['start'] : (int) $modSettings['defaultMaxMessages'];
         $start = $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] + 1 || $msgCount < $context['start'] + $modSettings['defaultMaxMessages'] ? 0 : $msgCount - $context['start'] - $modSettings['defaultMaxMessages'];
     // Go get em'
     $order = 'ud.poster_time ' . ($reverse ? 'ASC' : 'DESC');
     $limit = $start . ', ' . $maxIndex;
     $user_drafts = load_user_drafts($memID, 1, false, $order, $limit);
     // Start counting at the number of the first message displayed.
     $counter = $reverse ? $context['start'] + $maxIndex + 1 : $context['start'];
     $context['posts'] = array();
     foreach ($user_drafts as $row) {
         // Censor....
         if (empty($row['body'])) {
             $row['body'] = '';
         $row['subject'] = Util::htmltrim($row['subject']);
         if (empty($row['subject'])) {
             $row['subject'] = $txt['no_subject'];
         // BBC-ilize the message.
         $row['body'] = parse_bbc($row['body'], true, 'draft' . $row['id_draft']);
         // Have they provided who this will go to?
         $recipients = array('to' => array(), 'bcc' => array());
         $recipient_ids = !empty($row['to_list']) ? unserialize($row['to_list']) : array();
         // Get nice names to show the user, the id's are not that great to see!
         if (!empty($recipient_ids['to']) || !empty($recipient_ids['bcc'])) {
             $recipient_ids['to'] = array_map('intval', $recipient_ids['to']);
             $recipient_ids['bcc'] = array_map('intval', $recipient_ids['bcc']);
             $allRecipients = array_merge($recipient_ids['to'], $recipient_ids['bcc']);
             $recipients = draftsRecipients($allRecipients, $recipient_ids);
         // Add the items to the array for template use
         $context['drafts'][$counter += $reverse ? -1 : 1] = array('body' => $row['body'], 'counter' => $counter, 'alternate' => $counter % 2, 'subject' => $row['subject'], 'time' => standardTime($row['poster_time']), 'html_time' => htmlTime($row['poster_time']), 'timestamp' => forum_time(true, $row['poster_time']), 'id_draft' => $row['id_draft'], 'recipients' => $recipients, 'age' => floor((time() - $row['poster_time']) / 86400), 'remaining' => !empty($modSettings['drafts_keep_days']) ? floor($modSettings['drafts_keep_days'] - (time() - $row['poster_time']) / 86400) : 0);
     // If the drafts were retrieved in reverse order, then put them in the right order again.
     if ($reverse) {
         $context['drafts'] = array_reverse($context['drafts'], true);
     // Off to the template we go
     $context['page_title'] = $txt['drafts'];
     $context['sub_template'] = 'showPMDrafts';
     $context['linktree'][] = array('url' => $scripturl . '?action=pm;sa=showpmdrafts', 'name' => $txt['drafts']);
Esempio n. 10
 * Calls the necessary functions to extract and format the message so its ready for posting
 * What it does:
 * - Converts an email response (text or html) to a BBC equivalant via pbe_Email_to_bbc
 * - Formats the email response so it looks structured and not chopped up (via pbe_fix_email_body)
 * @package Maillist
 * @param boolean $html
 * @param Email_Parse $email_message
 * @param mixed[] $pbe
function pbe_load_text(&$html, $email_message, $pbe)
    if (!$html || $html && preg_match_all('~<table.*?>~i', $email_message->body, $match) >= 2) {
        // Some mobile responses wrap everything in a table structure so use plain text
        $text = $email_message->plain_body;
        $html = false;
    } else {
        $text = un_htmlspecialchars($email_message->body);
    // Run filters now, before the data is manipulated
    $text = pbe_filter_email_message($text);
    // Convert to BBC and format it so it looks like a post
    $text = pbe_email_to_bbc($text, $html);
    $pbe['profile']['real_name'] = isset($pbe['profile']['real_name']) ? $pbe['profile']['real_name'] : '';
    $text = pbe_fix_email_body($text, $html, $pbe['profile']['real_name'], empty($email_message->_converted_utf8) ? $email_message->headers['x-parameters']['content-type']['charset'] : 'UTF-8');
    // Do we even have a message left to post?
    $text = Util::htmltrim($text);
    if (empty($text)) {
    if ($email_message->message_type !== 'p') {
        // Prepare it for the database
        require_once SUBSDIR . '/Post.subs.php';
    return $text;
Esempio n. 11
     * Used to edit the body or subject of a message inline
     * called from action=jsmodify from script and topic js
    public function action_jsmodify()
        global $modSettings, $board, $topic;
        global $user_info, $context;
        $db = database();
        // We have to have a topic!
        if (empty($topic)) {
        require_once SUBSDIR . '/Post.subs.php';
        // Assume the first message if no message ID was given.
        $request = $db->query('', '
				t.locked, t.num_replies, t.id_member_started, t.id_first_msg,
				m.id_msg, m.id_member, m.poster_time, m.subject, m.smileys_enabled, m.body, m.icon,
				m.modified_time, m.modified_name, m.approved
			FROM {db_prefix}messages AS m
				INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
			WHERE m.id_msg = {raw:id_msg}
				AND m.id_topic = {int:current_topic}' . (allowedTo('modify_any') || allowedTo('approve_posts') ? '' : (!$modSettings['postmod_active'] ? '
				AND (m.id_member != {int:guest_id} AND m.id_member = {int:current_member})' : '
				AND (m.approved = {int:is_approved} OR (m.id_member != {int:guest_id} AND m.id_member = {int:current_member}))')), array('current_member' => $user_info['id'], 'current_topic' => $topic, 'id_msg' => empty($_REQUEST['msg']) ? 't.id_first_msg' : (int) $_REQUEST['msg'], 'is_approved' => 1, 'guest_id' => 0));
        if ($db->num_rows($request) == 0) {
            fatal_lang_error('no_board', false);
        $row = $db->fetch_assoc($request);
        // Change either body or subject requires permissions to modify messages.
        if (isset($_POST['message']) || isset($_POST['subject']) || isset($_REQUEST['icon'])) {
            if (!empty($row['locked'])) {
            if ($row['id_member'] == $user_info['id'] && !allowedTo('modify_any')) {
                if ((!$modSettings['postmod_active'] || $row['approved']) && !empty($modSettings['edit_disable_time']) && $row['poster_time'] + ($modSettings['edit_disable_time'] + 5) * 60 < time()) {
                    fatal_lang_error('modify_post_time_passed', false);
                } elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_own')) {
                } else {
            } elseif ($row['id_member_started'] == $user_info['id'] && !allowedTo('modify_any')) {
            } else {
            // Only log this action if it wasn't your message.
            $moderationAction = $row['id_member'] != $user_info['id'];
        $post_errors = Error_Context::context('post', 1);
        if (isset($_POST['subject']) && Util::htmltrim(Util::htmlspecialchars($_POST['subject'])) !== '') {
            $_POST['subject'] = strtr(Util::htmlspecialchars($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
            // Maximum number of characters.
            if (Util::strlen($_POST['subject']) > 100) {
                $_POST['subject'] = Util::substr($_POST['subject'], 0, 100);
        } elseif (isset($_POST['subject'])) {
        if (isset($_POST['message'])) {
            if (Util::htmltrim(Util::htmlspecialchars($_POST['message'])) === '') {
            } elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_POST['message']) > $modSettings['max_messageLength']) {
                $post_errors->addError(array('long_message', array($modSettings['max_messageLength'])));
            } else {
                $_POST['message'] = Util::htmlspecialchars($_POST['message'], ENT_QUOTES);
                if (Util::htmltrim(strip_tags(parse_bbc($_POST['message'], false), '<img>')) === '') {
        if (isset($_POST['lock'])) {
            if (!allowedTo(array('lock_any', 'lock_own')) || !allowedTo('lock_any') && $user_info['id'] != $row['id_member']) {
            } elseif (!allowedTo('lock_any')) {
                if ($row['locked'] == 1) {
                } else {
                    $_POST['lock'] = empty($_POST['lock']) ? 0 : 2;
            } elseif (!empty($row['locked']) && !empty($_POST['lock']) || $_POST['lock'] == $row['locked']) {
            } else {
                $_POST['lock'] = empty($_POST['lock']) ? 0 : 1;
        if (isset($_POST['sticky']) && !allowedTo('make_sticky')) {
        if (!$post_errors->hasErrors()) {
            $msgOptions = array('id' => $row['id_msg'], 'subject' => isset($_POST['subject']) ? $_POST['subject'] : null, 'body' => isset($_POST['message']) ? $_POST['message'] : null, 'icon' => isset($_REQUEST['icon']) ? preg_replace('~[\\./\\\\*\':"<>]~', '', $_REQUEST['icon']) : null);
            $topicOptions = array('id' => $topic, 'board' => $board, 'lock_mode' => isset($_POST['lock']) ? (int) $_POST['lock'] : null, 'sticky_mode' => isset($_POST['sticky']) && !empty($modSettings['enableStickyTopics']) ? (int) $_POST['sticky'] : null, 'mark_as_read' => false);
            $posterOptions = array();
            // Only consider marking as editing if they have edited the subject, message or icon.
            if (isset($_POST['subject']) && $_POST['subject'] != $row['subject'] || isset($_POST['message']) && $_POST['message'] != $row['body'] || isset($_REQUEST['icon']) && $_REQUEST['icon'] != $row['icon']) {
                // And even then only if the time has passed...
                if (time() - $row['poster_time'] > $modSettings['edit_wait_time'] || $user_info['id'] != $row['id_member']) {
                    $msgOptions['modify_time'] = time();
                    $msgOptions['modify_name'] = $user_info['name'];
            } else {
                $moderationAction = false;
            modifyPost($msgOptions, $topicOptions, $posterOptions);
            // If we didn't change anything this time but had before put back the old info.
            if (!isset($msgOptions['modify_time']) && !empty($row['modified_time'])) {
                $msgOptions['modify_time'] = $row['modified_time'];
                $msgOptions['modify_name'] = $row['modified_name'];
            // Changing the first subject updates other subjects to 'Re: new_subject'.
            if (isset($_POST['subject']) && isset($_REQUEST['change_all_subjects']) && $row['id_first_msg'] == $row['id_msg'] && !empty($row['num_replies']) && (allowedTo('modify_any') || $row['id_member_started'] == $user_info['id'] && allowedTo('modify_replies'))) {
                // Get the proper (default language) response prefix first.
                $context['response_prefix'] = response_prefix();
                $db->query('', '
					UPDATE {db_prefix}messages
					SET subject = {string:subject}
					WHERE id_topic = {int:current_topic}
						AND id_msg != {int:id_first_msg}', array('current_topic' => $topic, 'id_first_msg' => $row['id_first_msg'], 'subject' => $context['response_prefix'] . $_POST['subject']));
            if (!empty($moderationAction)) {
                logAction('modify', array('topic' => $topic, 'message' => $row['id_msg'], 'member' => $row['id_member'], 'board' => $board));
        if (isset($_REQUEST['xml'])) {
            $context['sub_template'] = 'modifydone';
            if (!$post_errors->hasErrors() && isset($msgOptions['subject']) && isset($msgOptions['body'])) {
                $context['message'] = array('id' => $row['id_msg'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? standardTime($msgOptions['modify_time']) : '', 'html_time' => isset($msgOptions['modify_time']) ? htmlTime($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? $msgOptions['modify_name'] : ''), 'subject' => $msgOptions['subject'], 'first_in_topic' => $row['id_msg'] == $row['id_first_msg'], 'body' => strtr($msgOptions['body'], array(']]>' => ']]]]><![CDATA[>')));
                $context['message']['body'] = parse_bbc($context['message']['body'], $row['smileys_enabled'], $row['id_msg']);
            } elseif (!$post_errors->hasErrors()) {
                $context['sub_template'] = 'modifytopicdone';
                $context['message'] = array('id' => $row['id_msg'], 'modified' => array('time' => isset($msgOptions['modify_time']) ? standardTime($msgOptions['modify_time']) : '', 'html_time' => isset($msgOptions['modify_time']) ? htmlTime($msgOptions['modify_time']) : '', 'timestamp' => isset($msgOptions['modify_time']) ? forum_time(true, $msgOptions['modify_time']) : 0, 'name' => isset($msgOptions['modify_time']) ? $msgOptions['modify_name'] : ''), 'subject' => isset($msgOptions['subject']) ? $msgOptions['subject'] : '');
            } else {
                $context['message'] = array('id' => $row['id_msg'], 'errors' => array(), 'error_in_subject' => $post_errors->hasError('no_subject'), 'error_in_body' => $post_errors->hasError('no_message') || $post_errors->hasError('long_message'));
                $context['message']['errors'] = $post_errors->prepareErrors();
        } else {
  * Send a personal message.
 public function action_send2()
     global $txt, $context, $user_info, $modSettings;
     // All the helpers we need
     require_once SUBSDIR . '/Auth.subs.php';
     require_once SUBSDIR . '/Post.subs.php';
     // PM Drafts enabled and needed?
     if ($context['drafts_pm_save'] && (isset($_POST['save_draft']) || isset($_POST['id_pm_draft']))) {
         require_once SUBSDIR . '/Drafts.subs.php';
     loadLanguage('PersonalMessage', '', false);
     // Extract out the spam settings - it saves database space!
     list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']);
     // Initialize the errors we're about to make.
     $post_errors = Error_Context::context('pm', 1);
     // Check whether we've gone over the limit of messages we can send per hour - fatal error if fails!
     if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail')) && $user_info['mod_cache']['bq'] == '0=1' && $user_info['mod_cache']['gq'] == '0=1') {
         // How many have they sent this last hour?
         $pmCount = pmCount($user_info['id'], 3600);
         if (!empty($pmCount) && $pmCount >= $modSettings['pm_posts_per_hour']) {
             if (!isset($_REQUEST['xml'])) {
                 fatal_lang_error('pm_too_many_per_hour', true, array($modSettings['pm_posts_per_hour']));
             } else {
     // If your session timed out, show an error, but do allow to re-submit.
     if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') {
     $_REQUEST['subject'] = isset($_REQUEST['subject']) ? strtr(Util::htmltrim($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')) : '';
     $_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : $_POST['to'];
     $_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : $_POST['bcc'];
     // Route the input from the 'u' parameter to the 'to'-list.
     if (!empty($_POST['u'])) {
         $_POST['recipient_to'] = explode(',', $_POST['u']);
     // Construct the list of recipients.
     $recipientList = array();
     $namedRecipientList = array();
     $namesNotFound = array();
     foreach (array('to', 'bcc') as $recipientType) {
         // First, let's see if there's user ID's given.
         $recipientList[$recipientType] = array();
         if (!empty($_POST['recipient_' . $recipientType]) && is_array($_POST['recipient_' . $recipientType])) {
             foreach ($_POST['recipient_' . $recipientType] as $recipient) {
                 $recipientList[$recipientType][] = (int) $recipient;
         // Are there also literal names set?
         if (!empty($_REQUEST[$recipientType])) {
             // We're going to take out the "s anyway ;).
             $recipientString = strtr($_REQUEST[$recipientType], array('\\"' => '"'));
             preg_match_all('~"([^"]+)"~', $recipientString, $matches);
             $namedRecipientList[$recipientType] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $recipientString))));
             // Clean any literal names entered
             foreach ($namedRecipientList[$recipientType] as $index => $recipient) {
                 if (strlen(trim($recipient)) > 0) {
                     $namedRecipientList[$recipientType][$index] = Util::htmlspecialchars(Util::strtolower(trim($recipient)));
                 } else {
             // Now see if we can resolove the entered name to an actual user
             if (!empty($namedRecipientList[$recipientType])) {
                 $foundMembers = findMembers($namedRecipientList[$recipientType]);
                 // Assume all are not found, until proven otherwise.
                 $namesNotFound[$recipientType] = $namedRecipientList[$recipientType];
                 // Make sure we only have each member listed once, incase they did not use the select list
                 foreach ($foundMembers as $member) {
                     $testNames = array(Util::strtolower($member['username']), Util::strtolower($member['name']), Util::strtolower($member['email']));
                     if (count(array_intersect($testNames, $namedRecipientList[$recipientType])) !== 0) {
                         $recipientList[$recipientType][] = $member['id'];
                         // Get rid of this username, since we found it.
                         $namesNotFound[$recipientType] = array_diff($namesNotFound[$recipientType], $testNames);
         // Selected a recipient to be deleted? Remove them now.
         if (!empty($_POST['delete_recipient'])) {
             $recipientList[$recipientType] = array_diff($recipientList[$recipientType], array((int) $_POST['delete_recipient']));
         // Make sure we don't include the same name twice
         $recipientList[$recipientType] = array_unique($recipientList[$recipientType]);
     // Are we changing the recipients some how?
     $is_recipient_change = !empty($_POST['delete_recipient']) || !empty($_POST['to_submit']) || !empty($_POST['bcc_submit']);
     // Check if there's at least one recipient.
     if (empty($recipientList['to']) && empty($recipientList['bcc'])) {
     // Make sure that we remove the members who did get it from the screen.
     if (!$is_recipient_change) {
         foreach (array_keys($recipientList) as $recipientType) {
             if (!empty($namesNotFound[$recipientType])) {
                 $post_errors->addError('bad_' . $recipientType);
                 // Since we already have a post error, remove the previous one.
                 foreach ($namesNotFound[$recipientType] as $name) {
                     $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
     // Did they make any mistakes like no subject or message?
     if ($_REQUEST['subject'] == '') {
     if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
     } elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_REQUEST['message']) > $modSettings['max_messageLength']) {
     } else {
         // Preparse the message.
         $message = $_REQUEST['message'];
         // Make sure there's still some content left without the tags.
         if (Util::htmltrim(strip_tags(parse_bbc(Util::htmlspecialchars($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) {
     // Wrong verification code?
     if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) {
         require_once SUBSDIR . '/VerificationControls.class.php';
         $verificationOptions = array('id' => 'pm');
         $context['require_verification'] = create_control_verification($verificationOptions, true);
         if (is_array($context['require_verification'])) {
             foreach ($context['require_verification'] as $error) {
     // If they made any errors, give them a chance to make amends.
     if ($post_errors->hasErrors() && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) {
         return messagePostError($namedRecipientList, $recipientList);
     // Want to take a second glance before you send?
     if (isset($_REQUEST['preview'])) {
         // Set everything up to be displayed.
         $context['preview_subject'] = Util::htmlspecialchars($_REQUEST['subject']);
         $context['preview_message'] = Util::htmlspecialchars($_REQUEST['message'], ENT_QUOTES, 'UTF-8', true);
         preparsecode($context['preview_message'], true);
         // Parse out the BBC if it is enabled.
         $context['preview_message'] = parse_bbc($context['preview_message']);
         // Censor, as always.
         // Set a descriptive title.
         $context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject'];
         // Pretend they messed up but don't ignore if they really did :P.
         return messagePostError($namedRecipientList, $recipientList);
     } elseif ($is_recipient_change) {
         // Maybe we couldn't find one?
         foreach ($namesNotFound as $recipientType => $names) {
             $post_errors->addError('bad_' . $recipientType);
             foreach ($names as $name) {
                 $context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
         return messagePostError($namedRecipientList, $recipientList);
     // Want to save this as a draft and think about it some more?
     if ($context['drafts_pm_save'] && isset($_POST['save_draft'])) {
         return messagePostError($namedRecipientList, $recipientList);
     } elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) {
         $context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])));
         return messagePostError($namedRecipientList, $recipientList);
     // Protect from message spamming.
     // Prevent double submission of this form.
     // Finally do the actual sending of the PM.
     if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) {
         $context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], true, null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0);
     } else {
         $context['send_log'] = array('sent' => array(), 'failed' => array());
     // Mark the message as "replied to".
     if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') {
         require_once SUBSDIR . '/PersonalMessage.subs.php';
         setPMRepliedStatus($user_info['id'], (int) $_REQUEST['replied_to']);
     // If one or more of the recipients were invalid, go back to the post screen with the failed usernames.
     if (!empty($context['send_log']['failed'])) {
         return messagePostError($namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed'])));
     // Message sent successfully?
     if (!empty($context['send_log']) && empty($context['send_log']['failed'])) {
         $context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent';
         // If we had a PM draft for this one, then its time to remove it since it was just sent
         if ($context['drafts_pm_save'] && !empty($_POST['id_pm_draft'])) {
             deleteDrafts($_POST['id_pm_draft'], $user_info['id']);
     // Go back to the where they sent from, if possible...
  * Adding or editing a block.
 public function action_sportal_admin_block_edit()
     global $txt, $context, $modSettings, $boards;
     // Just in case, the admin could be doing something silly like editing a SP block while SP is disabled. ;)
     require_once SUBSDIR . '/PortalBlocks.subs.php';
     $context['SPortal']['is_new'] = empty($_REQUEST['block_id']);
     // BBC Fix move the parameter to the correct position.
     if (!empty($_POST['bbc_name'])) {
         $_POST['parameters'][$_POST['bbc_name']] = !empty($_POST[$_POST['bbc_parameter']]) ? $_POST[$_POST['bbc_parameter']] : '';
         // If we came from WYSIWYG then turn it back into BBC regardless.
         if (!empty($_REQUEST['bbc_' . $_POST['bbc_name'] . '_mode']) && isset($_POST['parameters'][$_POST['bbc_name']])) {
             require_once SUBSDIR . 'Html2BBC.class.php';
             $bbc_converter = new Convert_BBC($_POST['parameters'][$_POST['bbc_name']]);
             $_POST['parameters'][$_POST['bbc_name']] = $bbc_converter->get_bbc();
             // We need to unhtml it now as it gets done shortly.
             $_POST['parameters'][$_POST['bbc_name']] = un_htmlspecialchars($_POST['parameters'][$_POST['bbc_name']]);
     // Passing the selected type via $_GET instead of $_POST?
     $start_parameters = array();
     if (!empty($_GET['selected_type']) && empty($_POST['selected_type'])) {
         $_POST['selected_type'] = array($_GET['selected_type']);
         if (!empty($_GET['parameters'])) {
             foreach ($_GET['parameters'] as $param) {
                 if (isset($_GET[$param])) {
                     $start_parameters[$param] = $_GET[$param];
     // Want use a block on the portal?
     if ($context['SPortal']['is_new'] && empty($_POST['selected_type']) && empty($_POST['add_block'])) {
         // Gather the blocks we have available
         $context['SPortal']['block_types'] = getFunctionInfo();
         // Create a list of the blocks in use
         $in_use = getBlockInfo();
         foreach ($in_use as $block) {
             $context['SPortal']['block_inuse'][$block['type']] = array('state' => $block['state'], 'column' => $block['column']);
         $context['location'] = array(1 => $txt['sp-positionLeft'], $txt['sp-positionTop'], $txt['sp-positionBottom'], $txt['sp-positionRight'], $txt['sp-positionHeader'], $txt['sp-positionFooter']);
         if (!empty($_REQUEST['col'])) {
             $context['SPortal']['block']['column'] = $_REQUEST['col'];
         $context['sub_template'] = 'block_select_type';
         $context['page_title'] = $txt['sp-blocksAdd'];
     } elseif ($context['SPortal']['is_new'] && !empty($_POST['selected_type'])) {
         $context['SPortal']['block'] = array('id' => 0, 'label' => $txt['sp-blocksDefaultLabel'], 'type' => $_POST['selected_type'][0], 'type_text' => !empty($txt['sp_function_' . $_POST['selected_type'][0] . '_label']) ? $txt['sp_function_' . $_POST['selected_type'][0] . '_label'] : $txt['sp_function_unknown_label'], 'column' => !empty($_POST['block_column']) ? $_POST['block_column'] : 0, 'row' => 0, 'permissions' => 3, 'state' => 1, 'force_view' => 0, 'mobile_view' => 0, 'display' => '', 'display_custom' => '', 'style' => '', 'parameters' => !empty($start_parameters) ? $start_parameters : array(), 'options' => $_POST['selected_type'][0](array(), false, true), 'list_blocks' => !empty($_POST['block_column']) ? getBlockInfo($_POST['block_column']) : array());
     } elseif (!$context['SPortal']['is_new'] && empty($_POST['add_block'])) {
         $_REQUEST['block_id'] = (int) $_REQUEST['block_id'];
         $context['SPortal']['block'] = current(getBlockInfo(null, $_REQUEST['block_id']));
         $context['SPortal']['block'] += array('options' => $context['SPortal']['block']['type'](array(), false, true), 'list_blocks' => getBlockInfo($context['SPortal']['block']['column']));
     // Want to take a look at how this block will appear, well we try our best
     if (!empty($_POST['preview_block']) || isset($_SESSION['sp_error'])) {
         // An error was generated on save, lets set things up like a preview and return to the preview
         if (isset($_SESSION['sp_error'])) {
             $context['SPortal']['error'] = $_SESSION['sp_error'];
             $_POST = $_SESSION['sp_error_post'];
             $_POST['preview_block'] = true;
             // Clean up
             unset($_SESSION['sp_error'], $_SESSION['sp_error_post'], $_POST['add_block']);
         // Just in case, the admin could be doing something silly like editing a SP block while SP is disabled. ;)
         require_once BOARDDIR . '/SSI.php';
         $type_parameters = $_POST['block_type'](array(), 0, true);
         if (!empty($_POST['parameters']) && is_array($_POST['parameters']) && !empty($type_parameters)) {
             foreach ($type_parameters as $name => $type) {
                 if (isset($_POST['parameters'][$name])) {
                     $this->_prepare_parameters($type, $name);
         } else {
             $_POST['parameters'] = array();
         // Simple is clean
         if (empty($_POST['display_advanced'])) {
             if (!empty($_POST['display_simple']) && in_array($_POST['display_simple'], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages'))) {
                 $display = $_POST['display_simple'];
             } else {
                 $display = '';
             $custom = '';
         } else {
             $display = array();
             $custom = array();
             if (!empty($_POST['display_actions'])) {
                 foreach ($_POST['display_actions'] as $action) {
                     $display[] = Util::htmlspecialchars($action, ENT_QUOTES);
             if (!empty($_POST['display_boards'])) {
                 foreach ($_POST['display_boards'] as $board) {
                     $display[] = 'b' . (int) substr($board, 1);
             if (!empty($_POST['display_pages'])) {
                 foreach ($_POST['display_pages'] as $page) {
                     $display[] = 'p' . (int) substr($page, 1);
             if (!empty($_POST['display_custom'])) {
                 $temp = explode(',', $_POST['display_custom']);
                 foreach ($temp as $action) {
                     $custom[] = Util::htmlspecialchars(Util::htmltrim($action), ENT_QUOTES);
             $display = empty($display) ? '' : implode(',', $display);
             $custom = empty($custom) ? '' : implode(',', $custom);
         // Create all the information we know about this block
         $context['SPortal']['block'] = array('id' => $_POST['block_id'], 'label' => Util::htmlspecialchars($_POST['block_name'], ENT_QUOTES), 'type' => $_POST['block_type'], 'type_text' => !empty($txt['sp_function_' . $_POST['block_type'] . '_label']) ? $txt['sp_function_' . $_POST['block_type'] . '_label'] : $txt['sp_function_unknown_label'], 'column' => $_POST['block_column'], 'row' => !empty($_POST['block_row']) ? $_POST['block_row'] : 0, 'placement' => !empty($_POST['placement']) && in_array($_POST['placement'], array('before', 'after')) ? $_POST['placement'] : '', 'permissions' => $_POST['permissions'], 'state' => !empty($_POST['block_active']), 'force_view' => !empty($_POST['block_force']), 'mobile_view' => !empty($_POST['block_mobile']), 'display' => $display, 'display_custom' => $custom, 'style' => sportal_parse_style('implode'), 'parameters' => !empty($_POST['parameters']) ? $_POST['parameters'] : array(), 'options' => $_POST['block_type'](array(), false, true), 'list_blocks' => getBlockInfo($_POST['block_column']), 'collapsed' => false);
         if (strpos($modSettings['leftwidth'], '%') !== false || strpos($modSettings['leftwidth'], 'px') !== false) {
             $context['widths'][1] = $modSettings['leftwidth'];
         } else {
             $context['widths'][1] = $modSettings['leftwidth'] . 'px';
         if (strpos($modSettings['rightwidth'], '%') !== false || strpos($modSettings['rightwidth'], 'px') !== false) {
             $context['widths'][4] = $modSettings['rightwidth'];
         } else {
             $context['widths'][4] = $modSettings['rightwidth'] . 'px';
         if (strpos($context['widths'][1], '%') !== false) {
             $context['widths'][2] = $context['widths'][3] = 100 - ($context['widths'][1] + $context['widths'][4]) . '%';
             $context['widths'][5] = $context['widths'][6] = '100%';
         } elseif (strpos($context['widths'][1], 'px') !== false) {
             $context['widths'][2] = $context['widths'][3] = 960 - ($context['widths'][1] + $context['widths'][4]) . 'px';
             $context['widths'][5] = $context['widths'][6] = '960px';
         $context['SPortal']['preview'] = true;
     if (!empty($_POST['selected_type']) || !empty($_POST['preview_block']) || !$context['SPortal']['is_new'] && empty($_POST['add_block'])) {
         // Only the admin can use PHP blocks
         if ($context['SPortal']['block']['type'] == 'sp_php' && !allowedTo('admin_forum')) {
             fatal_lang_error('cannot_admin_forum', false);
         loadLanguage('SPortalHelp', sp_languageSelect('SPortalHelp'));
         // Load up the permissions
         $context['SPortal']['block']['permission_profiles'] = sportal_get_profiles(null, 1, 'name');
         if (empty($context['SPortal']['block']['permission_profiles'])) {
             fatal_lang_error('error_sp_no_permission_profiles', false);
         $context['simple_actions'] = array('sportal' => $txt['sp-portal'], 'sforum' => $txt['sp-forum'], 'allaction' => $txt['sp-blocksOptionAllActions'], 'allboard' => $txt['sp-blocksOptionAllBoards'], 'allpages' => $txt['sp-blocksOptionAllPages'], 'all' => $txt['sp-blocksOptionEverywhere']);
         $context['display_actions'] = array('portal' => $txt['sp-portal'], 'forum' => $txt['sp-forum'], 'recent' => $txt['recent_posts'], 'unread' => $txt['unread_topics_visit'], 'unreadreplies' => $txt['unread_replies'], 'profile' => $txt['profile'], 'pm' => $txt['pm_short'], 'calendar' => $txt['calendar'], 'admin' => $txt['admin'], 'login' => $txt['login'], 'register' => $txt['register'], 'post' => $txt['post'], 'stats' => $txt['forum_stats'], 'search' => $txt['search'], 'mlist' => $txt['members_list'], 'moderate' => $txt['moderate'], 'help' => $txt['help'], 'who' => $txt['who_title']);
         // Load up boards and pages for selection in the template
         if (empty($context['SPortal']['block']['display'])) {
             $context['SPortal']['block']['display'] = array('0');
         } else {
             $context['SPortal']['block']['display'] = explode(',', $context['SPortal']['block']['display']);
         if (in_array($context['SPortal']['block']['display'][0], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages')) || $context['SPortal']['is_new'] || empty($context['SPortal']['block']['display'][0]) && empty($context['SPortal']['block']['display_custom'])) {
             $context['SPortal']['block']['display_type'] = 0;
         } else {
             $context['SPortal']['block']['display_type'] = 1;
         $context['SPortal']['block']['style'] = sportal_parse_style('explode', $context['SPortal']['block']['style'], !empty($context['SPortal']['preview']));
         // Prepare the Textcontent for BBC, only the first bbc will be detected correctly!
         $firstBBCFound = false;
         foreach ($context['SPortal']['block']['options'] as $name => $type) {
             // Selectable Boards :D
             if ($type == 'board_select' || $type == 'boards') {
                 if (empty($boards)) {
                     require_once SUBSDIR . '/Boards.subs.php';
                 // Merge the array ;)
                 if (!isset($context['SPortal']['block']['parameters'][$name])) {
                     $context['SPortal']['block']['parameters'][$name] = array();
                 } elseif (!empty($context['SPortal']['block']['parameters'][$name]) && is_array($context['SPortal']['block']['parameters'][$name])) {
                     $context['SPortal']['block']['parameters'][$name] = implode('|', $context['SPortal']['block']['parameters'][$name]);
                 $context['SPortal']['block']['board_options'][$name] = array();
                 $config_variable = !empty($context['SPortal']['block']['parameters'][$name]) ? $context['SPortal']['block']['parameters'][$name] : array();
                 $config_variable = !is_array($config_variable) ? explode('|', $config_variable) : $config_variable;
                 $context['SPortal']['block']['board_options'][$name] = array();
                 // Create the list for this Item
                 foreach ($boards as $board) {
                     // Ignore the redirected boards :)
                     if (!empty($board['redirect'])) {
                     $context['SPortal']['block']['board_options'][$name][$board['id']] = array('value' => $board['id'], 'text' => $board['name'], 'selected' => in_array($board['id'], $config_variable));
             } elseif ($type === 'bbc') {
                 // ELK support only one bbc correct, multiple bbc do not work at the moment
                 if (!$firstBBCFound) {
                     $firstBBCFound = true;
                     // Start Elk BBC System :)
                     require_once SUBSDIR . '/Editor.subs.php';
                     // Prepare the output :D
                     $form_message = !empty($context['SPortal']['block']['parameters'][$name]) ? $context['SPortal']['block']['parameters'][$name] : '';
                     // But if it's in HTML world, turn them into htmlspecialchar's so they can be edited!
                     if (strpos($form_message, '[html]') !== false) {
                         $parts = preg_split('~(\\[/code\\]|\\[code(?:=[^\\]]+)?\\])~i', $form_message, -1, PREG_SPLIT_DELIM_CAPTURE);
                         for ($i = 0, $n = count($parts); $i < $n; $i++) {
                             // It goes 0 = outside, 1 = begin tag, 2 = inside, 3 = close tag, repeat.
                             if ($i % 4 == 0) {
                                 $parts[$i] = preg_replace_callback('~\\[html\\](.+?)\\[/html\\]~is', create_function('$m', 'return "[html]" . preg_replace(\'~<br\\s?/?>~i\', \'&lt;br /&gt;<br />\', "$m[1]") . "[/html]";'), $parts[$i]);
                         $form_message = implode('', $parts);
                     $form_message = preg_replace('~<br(?: /)?' . '>~i', "\n", $form_message);
                     // Prepare the data before i want them inside the textarea
                     $form_message = str_replace(array('"', '<', '>', '&nbsp;'), array('&quot;', '&lt;', '&gt;', ' '), $form_message);
                     $context['SPortal']['bbc'] = 'bbc_' . $name;
                     $message_data = array('id' => $context['SPortal']['bbc'], 'width' => '95%', 'height' => '200px', 'value' => $form_message, 'form' => 'sp_block');
                     // Run the ELK bbc editor routine
                     // Store the updated data on the parameters
                     $context['SPortal']['block']['parameters'][$name] = $form_message;
                 } else {
                     $context['SPortal']['block']['options'][$name] = 'textarea';
         $context['sub_template'] = 'block_edit';
         $context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp-blocksAdd'] : $txt['sp-blocksEdit'];
     // Want to add / edit a block oo the portal
     if (!empty($_POST['add_block'])) {
         // Only the admin can do php here
         if ($_POST['block_type'] == 'sp_php' && !allowedTo('admin_forum')) {
             fatal_lang_error('cannot_admin_forum', false);
         // Make sure the block name is something safe
         if (!isset($_POST['block_name']) || Util::htmltrim(Util::htmlspecialchars($_POST['block_name']), ENT_QUOTES) === '') {
             fatal_lang_error('error_sp_name_empty', false);
         if ($_POST['block_type'] == 'sp_php' && !empty($_POST['parameters']['content']) && empty($modSettings['sp_disable_php_validation'])) {
             require_once SUBSDIR . '/DataValidator.class.php';
             $validator = new Data_Validator();
             $validator->validation_rules(array('content' => 'php_syntax'));
             $validator->validate(array('content' => $_POST['parameters']['content']));
             $error = $validator->validation_errors();
             if ($error) {
                 $_SESSION['sp_error'] = $error[0];
                 $_SESSION['sp_error_post'] = $_POST;
                 redirectexit('action=admin;area=portalblocks;sa=' . $_REQUEST['sa'] . (!empty($_REQUEST['block_id']) ? ';block_id=' . $_REQUEST['block_id'] : ''));
         // If we have a block ID passed, we must be editing, so the the blocks current data
         if (!empty($_REQUEST['block_id'])) {
             $current_data = current(getBlockInfo(null, $_REQUEST['block_id']));
         // Where are we going to place this new block, before, after, no change
         if (!empty($_POST['placement']) && ($_POST['placement'] === 'before' || $_POST['placement'] === 'after')) {
             if (!empty($current_data)) {
                 $current_row = $current_data['row'];
             } else {
                 $current_row = null;
             // Before or after the chosen block
             if ($_POST['placement'] === 'before') {
                 $row = (int) $_POST['block_row'];
             } else {
                 $row = (int) $_POST['block_row'] + 1;
             if (!empty($current_row) && $row > $current_row) {
                 sp_update_block_row($current_row, $row - 1, $_POST['block_column'], true);
             } else {
                 sp_update_block_row($current_row, $row, $_POST['block_column'], false);
         } elseif (!empty($_POST['placement']) && $_POST['placement'] == 'nochange') {
             $row = 0;
         } else {
             $block_id = !empty($_REQUEST['block_id']) ? (int) $_REQUEST['block_id'] : 0;
             $row = sp_block_nextrow($_POST['block_column'], $block_id);
         $type_parameters = $_POST['block_type'](array(), 0, true);
         if (!empty($_POST['parameters']) && is_array($_POST['parameters']) && !empty($type_parameters)) {
             foreach ($type_parameters as $name => $type) {
                 // Prepare BBC Content for ELK
                 if (isset($_POST['parameters'][$name])) {
                     $this->_prepare_parameters($type, $name);
         } else {
             $_POST['parameters'] = array();
         // Standard options
         if (empty($_POST['display_advanced'])) {
             if (!empty($_POST['display_simple']) && in_array($_POST['display_simple'], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages'))) {
                 $display = $_POST['display_simple'];
             } else {
                 $display = '';
             $custom = '';
         } else {
             $display = array();
             if (!empty($_POST['display_actions'])) {
                 foreach ($_POST['display_actions'] as $action) {
                     $display[] = Util::htmlspecialchars($action, ENT_QUOTES);
             if (!empty($_POST['display_boards'])) {
                 foreach ($_POST['display_boards'] as $board) {
                     $display[] = 'b' . (int) substr($board, 1);
             if (!empty($_POST['display_pages'])) {
                 foreach ($_POST['display_pages'] as $page) {
                     $display[] = 'p' . (int) substr($page, 1);
             if (!empty($_POST['display_custom'])) {
                 $custom = array();
                 $temp = explode(',', $_POST['display_custom']);
                 foreach ($temp as $action) {
                     $custom[] = Util::htmlspecialchars(Util::htmltrim($action), ENT_QUOTES);
             $display = empty($display) ? '' : implode(',', $display);
             if (!allowedTo('admin_forum') && isset($current_data['display_custom']) && substr($current_data['display_custom'], 0, 4) === '$php') {
                 $custom = $current_data['display_custom'];
             } elseif (!empty($_POST['display_custom'])) {
                 if (allowedTo('admin_forum') && substr($_POST['display_custom'], 0, 4) === '$php') {
                     $custom = Util::htmlspecialchars($_POST['display_custom'], ENT_QUOTES);
                 } else {
                     $custom = array();
                     $temp = explode(',', $_POST['display_custom']);
                     foreach ($temp as $action) {
                         $custom[] = Util::htmlspecialchars($action, ENT_QUOTES);
                     $custom = empty($custom) ? '' : implode(',', $custom);
             } else {
                 $custom = '';
         $blockInfo = array('id' => (int) $_POST['block_id'], 'label' => Util::htmlspecialchars($_POST['block_name'], ENT_QUOTES), 'type' => $_POST['block_type'], 'col' => $_POST['block_column'], 'row' => $row, 'permissions' => (int) $_POST['permissions'], 'state' => !empty($_POST['block_active']) ? 1 : 0, 'force_view' => !empty($_POST['block_force']) ? 1 : 0, 'mobile_view' => !empty($_POST['block_mobile']) ? 1 : 0, 'display' => $display, 'display_custom' => $custom, 'style' => sportal_parse_style('implode'));
         // Insert a new block in to the portal
         if ($context['SPortal']['is_new']) {
             $blockInfo['id'] = sp_block_insert($blockInfo);
         } else {
         // Save any parameters for the block
         if (!empty($_POST['parameters'])) {
             sp_block_insert_parameters($_POST['parameters'], $blockInfo['id']);
Esempio n. 14
     * Set merge options and do the actual merge of two or more topics.
     * the merge options screen:
     * * shows topics to be merged and allows to set some merge options.
     * * is accessed by ?action=mergetopics;sa=options.and can also internally be called by action_quickmod().
     * * uses 'merge_extra_options' sub template of the MergeTopics template.
     * the actual merge:
     * * is accessed with ?action=mergetopics;sa=execute.
     * * updates the statistics to reflect the merge.
     * * logs the action in the moderation log.
     * * sends a notification is sent to all users monitoring this topic.
     * * redirects to ?action=mergetopics;sa=done.
     * @param int[] $topics = array() of topic ids
    public function action_mergeExecute($topics = array())
        global $user_info, $txt, $context, $scripturl, $modSettings;
        $db = database();
        // Check the session.
        require_once SUBSDIR . '/Topic.subs.php';
        require_once SUBSDIR . '/Post.subs.php';
        // Handle URLs from action_mergeIndex.
        if (!empty($_GET['from']) && !empty($_GET['to'])) {
            $topics = array((int) $_GET['from'], (int) $_GET['to']);
        // If we came from a form, the topic IDs came by post.
        if (!empty($_POST['topics']) && is_array($_POST['topics'])) {
            $topics = $_POST['topics'];
        // There's nothing to merge with just one topic...
        if (empty($topics) || !is_array($topics) || count($topics) == 1) {
        // Make sure every topic is numeric, or some nasty things could be done with the DB.
        foreach ($topics as $id => $topic) {
            $topics[$id] = (int) $topic;
        // Joy of all joys, make sure they're not pi**ing about with unapproved topics they can't see :P
        if ($modSettings['postmod_active']) {
            $can_approve_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts');
        // Get info about the topics and polls that will be merged.
        $request = $db->query('', '
				t.id_topic, t.id_board, t.id_poll, t.num_views, t.is_sticky, t.approved, t.num_replies, t.unapproved_posts,
				m1.subject, m1.poster_time AS time_started, IFNULL(mem1.id_member, 0) AS id_member_started, IFNULL(mem1.real_name, m1.poster_name) AS name_started,
				m2.poster_time AS time_updated, IFNULL(mem2.id_member, 0) AS id_member_updated, IFNULL(mem2.real_name, m2.poster_name) AS name_updated
			FROM {db_prefix}topics AS t
				INNER JOIN {db_prefix}messages AS m1 ON (m1.id_msg = t.id_first_msg)
				INNER JOIN {db_prefix}messages AS m2 ON (m2.id_msg = t.id_last_msg)
				LEFT JOIN {db_prefix}members AS mem1 ON (mem1.id_member = m1.id_member)
				LEFT JOIN {db_prefix}members AS mem2 ON (mem2.id_member = m2.id_member)
			WHERE t.id_topic IN ({array_int:topic_list})
			ORDER BY t.id_first_msg
			LIMIT ' . count($topics), array('topic_list' => $topics));
        if ($db->num_rows($request) < 2) {
        $num_views = 0;
        $is_sticky = 0;
        $boardTotals = array();
        $topic_data = array();
        $boards = array();
        $polls = array();
        $firstTopic = 0;
        while ($row = $db->fetch_assoc($request)) {
            // Make a note for the board counts...
            if (!isset($boardTotals[$row['id_board']])) {
                $boardTotals[$row['id_board']] = array('num_posts' => 0, 'num_topics' => 0, 'unapproved_posts' => 0, 'unapproved_topics' => 0);
            // We can't see unapproved topics here?
            if ($modSettings['postmod_active'] && !$row['approved'] && $can_approve_boards != array(0) && in_array($row['id_board'], $can_approve_boards)) {
            } elseif (!$row['approved']) {
            } else {
            $boardTotals[$row['id_board']]['unapproved_posts'] += $row['unapproved_posts'];
            $boardTotals[$row['id_board']]['num_posts'] += $row['num_replies'] + ($row['approved'] ? 1 : 0);
            $topic_data[$row['id_topic']] = array('id' => $row['id_topic'], 'board' => $row['id_board'], 'poll' => $row['id_poll'], 'num_views' => $row['num_views'], 'subject' => $row['subject'], 'started' => array('time' => standardTime($row['time_started']), 'html_time' => htmlTime($row['time_started']), 'timestamp' => forum_time(true, $row['time_started']), 'href' => empty($row['id_member_started']) ? '' : $scripturl . '?action=profile;u=' . $row['id_member_started'], 'link' => empty($row['id_member_started']) ? $row['name_started'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member_started'] . '">' . $row['name_started'] . '</a>'), 'updated' => array('time' => standardTime($row['time_updated']), 'html_time' => htmlTime($row['time_updated']), 'timestamp' => forum_time(true, $row['time_updated']), 'href' => empty($row['id_member_updated']) ? '' : $scripturl . '?action=profile;u=' . $row['id_member_updated'], 'link' => empty($row['id_member_updated']) ? $row['name_updated'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member_updated'] . '">' . $row['name_updated'] . '</a>'));
            $num_views += $row['num_views'];
            $boards[] = $row['id_board'];
            // If there's no poll, id_poll == 0...
            if ($row['id_poll'] > 0) {
                $polls[] = $row['id_poll'];
            // Store the id_topic with the lowest id_first_msg.
            if (empty($firstTopic)) {
                $firstTopic = $row['id_topic'];
            $is_sticky = max($is_sticky, $row['is_sticky']);
        // If we didn't get any topics then they've been messing with unapproved stuff.
        if (empty($topic_data)) {
        $boards = array_values(array_unique($boards));
        // The parameters of action_mergeExecute were set, so this must've been an internal call.
        if (!empty($topics)) {
            isAllowedTo('merge_any', $boards);
        // Get the boards a user is allowed to merge in.
        $merge_boards = boardsAllowedTo('merge_any');
        if (empty($merge_boards)) {
            fatal_lang_error('cannot_merge_any', 'user');
        require_once SUBSDIR . '/Boards.subs.php';
        // Make sure they can see all boards....
        $query_boards = array('boards' => $boards);
        if (!in_array(0, $merge_boards)) {
            $query_boards['boards'] = array_merge($query_boards['boards'], $merge_boards);
        // Saved in a variable to (potentially) save a query later
        $boards_info = fetchBoardsInfo($query_boards);
        // This happens when a member is moderator of a board he cannot see
        foreach ($boards as $board) {
            if (!isset($boards_info[$board])) {
        if (empty($_REQUEST['sa']) || $_REQUEST['sa'] == 'options') {
            if (count($polls) > 1) {
                $request = $db->query('', '
					SELECT t.id_topic, t.id_poll, m.subject, p.question
					FROM {db_prefix}polls AS p
						INNER JOIN {db_prefix}topics AS t ON (t.id_poll = p.id_poll)
						INNER JOIN {db_prefix}messages AS m ON (m.id_msg = t.id_first_msg)
					WHERE p.id_poll IN ({array_int:polls})
					LIMIT ' . count($polls), array('polls' => $polls));
                while ($row = $db->fetch_assoc($request)) {
                    $context['polls'][] = array('id' => $row['id_poll'], 'topic' => array('id' => $row['id_topic'], 'subject' => $row['subject']), 'question' => $row['question'], 'selected' => $row['id_topic'] == $firstTopic);
            if (count($boards) > 1) {
                foreach ($boards_info as $row) {
                    $context['boards'][] = array('id' => $row['id_board'], 'name' => $row['name'], 'selected' => $row['id_board'] == $topic_data[$firstTopic]['board']);
            $context['topics'] = $topic_data;
            foreach ($topic_data as $id => $topic) {
                $context['topics'][$id]['selected'] = $topic['id'] == $firstTopic;
            $context['page_title'] = $txt['merge'];
            $context['sub_template'] = 'merge_extra_options';
        // Determine target board.
        $target_board = count($boards) > 1 ? (int) $_REQUEST['board'] : $boards[0];
        if (!in_array($target_board, $boards)) {
        // Determine which poll will survive and which polls won't.
        $target_poll = count($polls) > 1 ? (int) $_POST['poll'] : (count($polls) == 1 ? $polls[0] : 0);
        if ($target_poll > 0 && !in_array($target_poll, $polls)) {
            fatal_lang_error('no_access', false);
        $deleted_polls = empty($target_poll) ? $polls : array_diff($polls, array($target_poll));
        // Determine the subject of the newly merged topic - was a custom subject specified?
        if (empty($_POST['subject']) && isset($_POST['custom_subject']) && $_POST['custom_subject'] != '') {
            $target_subject = strtr(Util::htmltrim(Util::htmlspecialchars($_POST['custom_subject'])), array("\r" => '', "\n" => '', "\t" => ''));
            // Keep checking the length.
            if (Util::strlen($target_subject) > 100) {
                $target_subject = Util::substr($target_subject, 0, 100);
            // Nothing left - odd but pick the first topics subject.
            if ($target_subject == '') {
                $target_subject = $topic_data[$firstTopic]['subject'];
        } elseif (!empty($topic_data[(int) $_POST['subject']]['subject'])) {
            $target_subject = $topic_data[(int) $_POST['subject']]['subject'];
        } else {
            $target_subject = $topic_data[$firstTopic]['subject'];
        // Get the first and last message and the number of messages....
        $request = $db->query('', '
			SELECT approved, MIN(id_msg) AS first_msg, MAX(id_msg) AS last_msg, COUNT(*) AS message_count
			FROM {db_prefix}messages
			WHERE id_topic IN ({array_int:topics})
			GROUP BY approved
			ORDER BY approved DESC', array('topics' => $topics));
        $topic_approved = 1;
        $first_msg = 0;
        while ($row = $db->fetch_assoc($request)) {
            // If this is approved, or is fully unapproved.
            if ($row['approved'] || !isset($first_msg)) {
                $first_msg = $row['first_msg'];
                $last_msg = $row['last_msg'];
                if ($row['approved']) {
                    $num_replies = $row['message_count'] - 1;
                    $num_unapproved = 0;
                } else {
                    $topic_approved = 0;
                    $num_replies = 0;
                    $num_unapproved = $row['message_count'];
            } else {
                // If this has a lower first_msg then the first post is not approved and hence the number of replies was wrong!
                if ($first_msg > $row['first_msg']) {
                    $first_msg = $row['first_msg'];
                    $topic_approved = 0;
                $num_unapproved = $row['message_count'];
        // Ensure we have a board stat for the target board.
        if (!isset($boardTotals[$target_board])) {
            $boardTotals[$target_board] = array('num_posts' => 0, 'num_topics' => 0, 'unapproved_posts' => 0, 'unapproved_topics' => 0);
        // Fix the topic count stuff depending on what the new one counts as.
        if ($topic_approved) {
        } else {
        $boardTotals[$target_board]['unapproved_posts'] -= $num_unapproved;
        $boardTotals[$target_board]['num_posts'] -= $topic_approved ? $num_replies + 1 : $num_replies;
        // Get the member ID of the first and last message.
        $request = $db->query('', '
			SELECT id_member
			FROM {db_prefix}messages
			WHERE id_msg IN ({int:first_msg}, {int:last_msg})
			ORDER BY id_msg
			LIMIT 2', array('first_msg' => $first_msg, 'last_msg' => $last_msg));
        list($member_started) = $db->fetch_row($request);
        list($member_updated) = $db->fetch_row($request);
        // First and last message are the same, so only row was returned.
        if ($member_updated === null) {
            $member_updated = $member_started;
        // Obtain all the message ids we are going to affect.
        $affected_msgs = messagesInTopics($topics);
        // Assign the first topic ID to be the merged topic.
        $id_topic = min($topics);
        // Grab the response prefix (like 'Re: ') in the default forum language.
        $context['response_prefix'] = response_prefix();
        $enforce_subject = isset($_POST['enforce_subject']) ? Util::htmlspecialchars(trim($_POST['enforce_subject'])) : '';
        // Merge topic notifications.
        $notifications = isset($_POST['notifications']) && is_array($_POST['notifications']) ? array_intersect($topics, $_POST['notifications']) : array();
        fixMergedTopics($first_msg, $topics, $id_topic, $target_board, $target_subject, $enforce_subject, $notifications);
        // Asssign the properties of the newly merged topic.
        $db->query('', '
			UPDATE {db_prefix}topics
				id_board = {int:id_board},
				id_member_started = {int:id_member_started},
				id_member_updated = {int:id_member_updated},
				id_first_msg = {int:id_first_msg},
				id_last_msg = {int:id_last_msg},
				id_poll = {int:id_poll},
				num_replies = {int:num_replies},
				unapproved_posts = {int:unapproved_posts},
				num_views = {int:num_views},
				is_sticky = {int:is_sticky},
				approved = {int:approved}
			WHERE id_topic = {int:id_topic}', array('id_board' => $target_board, 'is_sticky' => $is_sticky, 'approved' => $topic_approved, 'id_topic' => $id_topic, 'id_member_started' => $member_started, 'id_member_updated' => $member_updated, 'id_first_msg' => $first_msg, 'id_last_msg' => $last_msg, 'id_poll' => $target_poll, 'num_replies' => $num_replies, 'unapproved_posts' => $num_unapproved, 'num_views' => $num_views));
        // Get rid of the redundant polls.
        if (!empty($deleted_polls)) {
            require_once SUBSDIR . '/Poll.subs.php';
        // Cycle through each board...
        foreach ($boardTotals as $id_board => $stats) {
            decrementBoard($id_board, $stats);
        // Determine the board the final topic resides in
        $topic_info = getTopicInfo($id_topic);
        $id_board = $topic_info['id_board'];
        // Update all the statistics.
        updateStats('subject', $id_topic, $target_subject);
        logAction('merge', array('topic' => $id_topic, 'board' => $id_board));
        // Notify people that these topics have been merged?
        require_once SUBSDIR . '/Notification.subs.php';
        sendNotifications($id_topic, 'merge');
        // If there's a search index that needs updating, update it...
        require_once SUBSDIR . '/Search.subs.php';
        $searchAPI = findSearchAPI();
        if (is_callable(array($searchAPI, 'topicMerge'))) {
            $searchAPI->topicMerge($id_topic, $topics, $affected_msgs, empty($enforce_subject) ? null : array($context['response_prefix'], $target_subject));
        // Send them to the all done page.
        redirectexit('action=mergetopics;sa=done;to=' . $id_topic . ';targetboard=' . $target_board);
  * Edit an existing shoutbox or add a new one
 public function action_sportal_admin_shoutbox_edit()
     global $txt, $context, $modSettings, $editortxt;
     $context['SPortal']['is_new'] = empty($_REQUEST['shoutbox_id']);
     if (!empty($_POST['submit'])) {
         if (!isset($_POST['name']) || Util::htmltrim(Util::htmlspecialchars($_POST['name'], ENT_QUOTES)) === '') {
             fatal_lang_error('sp_error_shoutbox_name_empty', false);
         // No two the same
         $has_duplicate = sp_check_duplicate_shoutbox($_POST['name'], $_POST['shoutbox_id']);
         if (!empty($has_duplicate)) {
             fatal_lang_error('sp_error_shoutbox_name_duplicate', false);
         if (isset($_POST['moderator_groups']) && is_array($_POST['moderator_groups']) && count($_POST['moderator_groups']) > 0) {
             foreach ($_POST['moderator_groups'] as $id => $group) {
                 $_POST['moderator_groups'][$id] = (int) $group;
             $_POST['moderator_groups'] = implode(',', $_POST['moderator_groups']);
         } else {
             $_POST['moderator_groups'] = '';
         if (!empty($_POST['allowed_bbc']) && is_array($_POST['allowed_bbc'])) {
             foreach ($_POST['allowed_bbc'] as $id => $tag) {
                 $_POST['allowed_bbc'][$id] = Util::htmlspecialchars($tag, ENT_QUOTES);
             $_POST['allowed_bbc'] = implode(',', $_POST['allowed_bbc']);
         } else {
             $_POST['allowed_bbc'] = '';
         $shoutbox_info = array('id' => (int) $_POST['shoutbox_id'], 'name' => Util::htmlspecialchars($_POST['name'], ENT_QUOTES), 'permissions' => (int) $_POST['permissions'], 'moderator_groups' => $_POST['moderator_groups'], 'warning' => Util::htmlspecialchars($_POST['warning'], ENT_QUOTES), 'allowed_bbc' => $_POST['allowed_bbc'], 'height' => (int) $_POST['height'], 'num_show' => (int) $_POST['num_show'], 'num_max' => (int) $_POST['num_max'], 'reverse' => !empty($_POST['reverse']) ? 1 : 0, 'caching' => !empty($_POST['caching']) ? 1 : 0, 'refresh' => (int) $_POST['refresh'], 'status' => !empty($_POST['status']) ? 1 : 0);
         // Update existing or add a new shoutbox
         $shoutbox_info['id'] = sp_edit_shoutbox($shoutbox_info, $context['SPortal']['is_new']);
         if ($context['SPortal']['is_new'] && allowedTo(array('sp_admin', 'sp_manage_blocks'))) {
             redirectexit('action=admin;area=portalshoutbox;sa=blockredirect;shoutbox=' . $shoutbox_info['id']);
         } else {
     if ($context['SPortal']['is_new']) {
         $context['SPortal']['shoutbox'] = array('id' => 0, 'name' => $txt['sp_shoutbox_default_name'], 'permissions' => 3, 'moderator_groups' => array(), 'warning' => '', 'allowed_bbc' => array('b', 'i', 'u', 's', 'url', 'code', 'quote', 'me'), 'height' => 200, 'num_show' => 20, 'num_max' => 1000, 'reverse' => 0, 'caching' => 1, 'refresh' => 0, 'status' => 1);
     } else {
         $_REQUEST['shoutbox_id'] = (int) $_REQUEST['shoutbox_id'];
         $context['SPortal']['shoutbox'] = sportal_get_shoutbox($_REQUEST['shoutbox_id']);
     $context['SPortal']['shoutbox']['permission_profiles'] = sportal_get_profiles(null, 1, 'name');
     sp_loadMemberGroups($context['SPortal']['shoutbox']['moderator_groups'], 'moderator', 'moderator_groups');
     if (empty($context['SPortal']['shoutbox']['permission_profiles'])) {
         fatal_lang_error('error_sp_no_permission_profiles', false);
     $context['allowed_bbc'] = array('b' => $editortxt['Bold'], 'i' => $editortxt['Italic'], 'u' => $editortxt['Underline'], 's' => $editortxt['Strikethrough'], 'pre' => $editortxt['Preformatted Text'], 'img' => $editortxt['Insert an image'], 'url' => $editortxt['Insert a link'], 'email' => $editortxt['Insert an email'], 'sup' => $editortxt['Superscript'], 'sub' => $editortxt['Subscript'], 'tt' => $editortxt['Teletype'], 'code' => $editortxt['Code'], 'quote' => $editortxt['Insert a Quote'], 'size' => $editortxt['Font Size'], 'font' => $editortxt['Font Name'], 'color' => $editortxt['Font Color'], 'me' => 'me');
     $disabled_tags = array();
     if (!empty($modSettings['disabledBBC'])) {
         $disabled_tags = explode(',', $modSettings['disabledBBC']);
     if (empty($modSettings['enableEmbeddedFlash'])) {
         $disabled_tags[] = 'flash';
     foreach ($disabled_tags as $tag) {
         if ($tag == 'list') {
             $context['disabled_tags']['orderlist'] = true;
         $context['disabled_tags'][trim($tag)] = true;
     $context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp_admin_shoutbox_add'] : $txt['sp_admin_shoutbox_edit'];
     $context['sub_template'] = 'shoutbox_edit';