public function display($req, $res, $args)
{
Container::get('hooks')->fire('controller.search.display');
if (User::get()->g_search == '0') {
throw new Error(__('No search permission'), 403);
}
// Figure out what to do :-)
if (Input::query('action') || Input::query('search_id')) {
$search = $this->model->get_search_results();
// We have results to display
if (!is_object($search) && isset($search['is_result'])) {
View::setPageInfo(array('title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Search results')), 'active_page' => 'search', 'search' => $search, 'footer' => $search));
$display = $this->model->display_search_results($search);
View::setPageInfo(array('display' => $display));
View::addTemplate('search/header.php', 1);
if ($search['show_as'] == 'posts') {
View::addTemplate('search/posts.php', 5);
} else {
View::addTemplate('search/topics.php', 5);
}
View::addTemplate('search/footer.php', 10)->display();
} else {
return Router::redirect(Router::pathFor('search'), __('No hits'));
}
} else {
View::setPageInfo(array('title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Search')), 'active_page' => 'search', 'focus_element' => array('search', 'keywords'), 'is_indexed' => true, 'forums' => $this->model->get_list_forums()))->addTemplate('search/form.php')->display();
}
}
public function send($req, $res, $args)
{
if (!isset($args['uid'])) {
$args['uid'] = null;
}
if (!isset($args['tid'])) {
$args['tid'] = null;
}
if (Request::isPost()) {
// First raw validation
$data = array_merge(array('username' => null, 'subject' => null, 'message' => null, 'smilies' => 0, 'preview' => null), Request::getParsedBody());
$data = array_map(array('FeatherBB\\Core\\Utils', 'trim'), $data);
$conv = false;
if (!is_null($args['tid'])) {
if ($args['tid'] < 1) {
throw new Error('Wrong conversation ID', 400);
}
if (!($conv = $this->model->getConversation($args['tid'], User::get()->id))) {
throw new Error('Unknown conversation ID', 400);
}
}
// Preview message
if (Input::post('preview')) {
// Make breadcrumbs
$this->crumbs[] = __('Reply', 'private_messages');
$this->crumbs[] = __('Preview');
Utils::generateBreadcrumbs($this->crumbs);
Container::get('hooks')->fire('conversationsPlugin.send.preview');
$msg = Container::get('parser')->parse_message($data['req_message'], $data['smilies']);
View::setPageInfo(array('parsed_message' => $msg, 'username' => Utils::escape($data['username']), 'subject' => Utils::escape($data['subject']), 'message' => Utils::escape($data['req_message'])))->addTemplate('send.php')->display();
} else {
// Prevent flood
if (!is_null($data['preview']) && User::get()['last_post'] != '' && Container::get('now') - User::get()['last_post'] < Container::get('prefs')->get(User::get(), 'post.min_interval')) {
throw new Error(sprintf(__('Flood start'), Container::get('prefs')->get(User::get(), 'post.min_interval'), Container::get('prefs')->get(User::get(), 'post.min_interval') - (Container::get('now') - User::get()['last_post'])), 429);
}
if (!$conv) {
// Validate username / TODO : allow multiple usernames
if (!($user = $this->model->isAllowed($data['username']))) {
throw new Error('You can\'t send an PM to ' . ($data['username'] ? $data['username'] : '******'), 400);
}
// Avoid self messages
if ($user->id == User::get()->id) {
throw new Error('No self message', 403);
}
// Validate subject
if (ForumSettings::get('o_censoring') == '1') {
$data['subject'] = Utils::trim(Utils::censor($data['subject']));
}
if (empty($data['subject'])) {
throw new Error('No subject or censored subject', 400);
} else {
if (Utils::strlen($data['subject']) > 70) {
throw new Error('Too long subject', 400);
} else {
if (ForumSettings::get('p_subject_all_caps')['p_subject_all_caps'] == '0' && Utils::is_all_uppercase($data['subject']) && !User::get()->is_admmod) {
throw new Error('All caps subject forbidden', 400);
}
}
}
}
// TODO : inbox full
// Validate message
if (ForumSettings::get('o_censoring') == '1') {
$data['req_message'] = Utils::trim(Utils::censor($data['req_message']));
}
if (empty($data['req_message'])) {
throw new Error('No message or censored message', 400);
} else {
if (Utils::strlen($data['req_message']) > ForumEnv::get('FEATHER_MAX_POSTSIZE')) {
throw new Error('Too long message', 400);
} else {
if (ForumSettings::get('p_subject_all_caps')['p_subject_all_caps'] == '0' && Utils::is_all_uppercase($data['subject']) && !User::get()->is_admmod) {
throw new Error('All caps message forbidden', 400);
}
}
}
// Send ... TODO : when perms will be ready
// Check if the receiver has the PM enabled
// Check if he has reached his max limit of PM
// Block feature ?
if (!$conv) {
$conv_data = array('subject' => $data['subject'], 'poster' => User::get()->username, 'poster_id' => User::get()->id, 'num_replies' => 0, 'last_post' => Container::get('now'), 'last_poster' => User::get()->username);
$args['tid'] = $this->model->addConversation($conv_data);
}
if ($args['tid']) {
$msg_data = array('poster' => User::get()->username, 'poster_id' => User::get()->id, 'poster_ip' => Utils::getIp(), 'message' => $data['req_message'], 'hide_smilies' => $data['smilies'], 'sent' => Container::get('now'));
if ($conv) {
// Reply to an existing conversation
if ($msg_id = $this->model->addMessage($msg_data, $args['tid'])) {
return Router::redirect(Router::pathFor('Conversations.home'), sprintf(__('Reply success', 'private_messages'), $conv->subject));
}
} else {
// Add message in conversation + add receiver (create new conversation)
if ($msg_id = $this->model->addMessage($msg_data, $args['tid'], array($user->id, User::get()->id))) {
return Router::redirect(Router::pathFor('Conversations.home'), sprintf(__('Send success', 'private_messages'), $user->username));
}
}
} else {
throw new Error('Unable to create conversation');
}
}
} else {
Container::get('hooks')->fire('conversationsPlugin.send.display');
// New conversation
if (!is_null($args['uid'])) {
if ($args['uid'] < 2) {
throw new Error('Wrong user ID', 400);
}
if ($user = $this->model->getUserByID($args['uid'])) {
View::setPageInfo(array('username' => Utils::escape($user->username)));
} else {
throw new Error('Unable to find user', 400);
}
}
// Reply
if (!is_null($args['tid'])) {
if ($args['tid'] < 1) {
throw new Error('Wrong conversation ID', 400);
}
if ($conv = $this->model->getConversation($args['tid'], User::get()->id)) {
$inbox = DB::for_table('pms_folders')->find_one($conv->folder_id);
$this->crumbs[Router::pathFor('Conversations.home', ['inbox_id' => $inbox['id']])] = $inbox['name'];
$this->crumbs[] = __('Reply', 'private_messages');
$this->crumbs[] = $conv['subject'];
Utils::generateBreadcrumbs($this->crumbs);
return View::setPageInfo(array('current_inbox' => $inbox, 'conv' => $conv, 'msg_data' => $this->model->getMessagesFromConversation($args['tid'], User::get()->id, 5)))->addTemplate('reply.php')->display();
} else {
throw new Error('Unknown conversation ID', 400);
}
}
$this->crumbs[] = __('Send', 'private_messages');
if (isset($user)) {
$this->crumbs[] = $user->username;
}
Utils::generateBreadcrumbs($this->crumbs);
View::addTemplate('send.php')->display();
}
}
public function action($req, $res, $args)
{
// Include UTF-8 function
require ForumEnv::get('FEATHER_ROOT') . 'featherbb/Helpers/utf8/substr_replace.php';
require ForumEnv::get('FEATHER_ROOT') . 'featherbb/Helpers/utf8/ucwords.php';
// utf8_ucwords needs utf8_substr_replace
require ForumEnv::get('FEATHER_ROOT') . 'featherbb/Helpers/utf8/strcasecmp.php';
$args['id'] = Container::get('hooks')->fire('controller.profile.action', $args['id']);
if ($args['action'] != 'change_pass' || !Input::query('key')) {
if (User::get()->g_read_board == '0') {
throw new Error(__('No view'), 403);
} elseif (User::get()->g_view_users == '0' && (User::get()->is_guest || User::get()->id != $args['id'])) {
throw new Error(__('No permission'), 403);
}
}
if ($args['action'] == 'change_pass') {
if (Request::isPost()) {
// TODO: Check if security "if (User::get()->id != $id)" (l.58 of Model/Profile) isn't bypassed
// FOR ALL chained if below
return $this->model->change_pass($args['id']);
}
View::setPageInfo(array('title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Profile'), __('Change pass')), 'active_page' => 'profile', 'id' => $args['id'], 'required_fields' => array('req_old_password' => __('Old pass'), 'req_new_password1' => __('New pass'), 'req_new_password2' => __('Confirm new pass')), 'focus_element' => array('change_pass', !User::get()->is_admmod ? 'req_old_password' : 'req_new_password1')));
View::addTemplate('profile/change_pass.php')->display();
} elseif ($args['action'] == 'change_email') {
if (Request::isPost()) {
return $this->model->change_email($args['id']);
}
View::setPageInfo(array('title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Profile'), __('Change email')), 'active_page' => 'profile', 'required_fields' => array('req_new_email' => __('New email'), 'req_password' => __('Password')), 'focus_element' => array('change_email', 'req_new_email'), 'id' => $args['id']));
View::addTemplate('profile/change_mail.php')->display();
} elseif ($args['action'] == 'upload_avatar' || $args['action'] == 'upload_avatar2') {
if (ForumSettings::get('o_avatars') == '0') {
throw new Error(__('Avatars disabled'), 400);
}
if (User::get()->id != $args['id'] && !User::get()->is_admmod) {
throw new Error(__('No permission'), 403);
}
if (Request::isPost()) {
return $this->model->upload_avatar($args['id'], $_FILES);
}
View::setPageInfo(array('title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Profile'), __('Upload avatar')), 'active_page' => 'profile', 'required_fields' => array('req_file' => __('File')), 'focus_element' => array('upload_avatar', 'req_file'), 'id' => $args['id']));
View::addTemplate('profile/upload_avatar.php')->display();
} elseif ($args['action'] == 'delete_avatar') {
if (User::get()->id != $args['id'] && !User::get()->is_admmod) {
throw new Error(__('No permission'), 403);
}
$this->model->delete_avatar($args['id']);
return Router::redirect(Router::pathFor('profileSection', array('id' => $args['id'], 'section' => 'personality')), __('Avatar deleted redirect'));
} elseif ($args['action'] == 'promote') {
if (User::get()->g_id != ForumEnv::get('FEATHER_ADMIN') && (User::get()->g_moderator != '1' || User::get()->g_mod_promote_users == '0')) {
throw new Error(__('No permission'), 403);
}
$this->model->promote_user($args['id']);
} else {
throw new Error(__('Bad request'), 404);
}
}
