Esempio n. 1
0
 function vB_XML_Builder($content_type = null, $charset = null)
 {
     if ($content_type) {
         $this->content_type = $content_type;
     }
     if ($charset == null) {
         $userinfo = vB_User::fetchUserinfo();
         $charset = !empty($userinfo['lang_charset']) ? $userinfo['lang_charset'] : vB_Template_Runtime::fetchStyleVar('charset');
         if (empty($charset)) {
             $charset = 'utf-8';
         }
     }
     $this->charset = strtolower($charset) == 'iso-8859-1' ? 'windows-1252' : $charset;
 }
Esempio n. 2
0
 public function __construct($routeInfo, $matches, $queryString = '', $anchor = '')
 {
     if (empty($matches['tab'])) {
         $matches['tab'] = 'profile';
     }
     parent::__construct($routeInfo, $matches, $queryString, $anchor);
     if (empty($this->arguments['userid'])) {
         $userInfo = vB::getCurrentSession()->fetch_userinfo();
         $this->arguments['userid'] = $userInfo['userid'];
         $this->arguments['username'] = $userInfo['username'];
     } else {
         if (empty($this->arguments['username'])) {
             $userInfo = vB_User::fetchUserinfo($this->arguments['userid']);
             $this->arguments['username'] = $userInfo['username'];
         }
     }
     $this->breadcrumbs = array(0 => array('title' => $this->arguments['username'], 'url' => vB5_Route::buildUrl('profile', array('userid' => $this->arguments['userid'], 'username' => vB_String::getUrlIdent($this->arguments['username'])))), 1 => array('phrase' => 'user_settings', 'url' => ''));
 }
Esempio n. 3
0
 protected function getNewRouteInfo()
 {
     $param =& $this->queryParameters;
     $search = array();
     // pull the parameter that still compatible with vb5 and discard others
     if (isset($param['userid'])) {
         $user = vB_User::fetchUserinfo($param['userid']);
         if ($user !== false) {
             $search['author'] = $user['username'];
         }
     }
     if (isset($param['starteronly'])) {
         $search['starter_only'] = $param['starteronly'];
     }
     if (isset($param['forumchoice'])) {
         $oldcontenttypeid = vB_Types::instance()->getContentTypeID(array('package' => 'vBForum', 'class' => 'Forum'));
         foreach ($param['forumchoice'] as $oldid) {
             $node = vB::getDbAssertor()->getRow('vBForum:node', array('oldid' => $oldid, 'oldcontenttypeid' => $oldcontenttypeid));
             $search['channel'][] = $node['nodeid'];
         }
     }
     if (isset($param['do'])) {
         switch ($param['do']) {
             case 'finduser':
                 if (!empty($search)) {
                     $searchJSON = json_encode($search);
                 }
                 break;
             case 'getdaily':
             case 'getnew':
                 $searchJSON = '{"date":"lastVisit","view":"topic","unread_only":1,"sort":{"lastcontent":"desc"},"exclude_type":["vBForum_PrivateMessage"]}';
                 break;
             default:
         }
     }
     $param = array();
     if (!empty($searchJSON)) {
         $param['searchJSON'] = $searchJSON;
     }
     return 'search';
 }
Esempio n. 4
0
 protected function initRoute($routeInfo, $matches, $queryString = '', $anchor = '')
 {
     parent::initRoute($routeInfo, $matches, $queryString, $anchor);
     // if we don't have a numeric userid at this point, make it 0
     $this->arguments['userid'] = isset($this->arguments['userid']) ? intval($this->arguments['userid']) : 0;
     //there are lots of places we can get the username from if we don't have it, check them.
     if (!empty($this->arguments['userid']) and empty($this->arguments['username'])) {
         //node records provide both the username and the userid but under a different value.  We generate profile links for node
         //display frequently and we'd like to avoid an extra database trip
         if (!empty($matches['authorname'])) {
             $this->arguments['username'] = $matches['authorname'];
         } else {
             //a lot of our profile links are for the current user -- who's information we have cached.
             $currentuser = vB::getCurrentSession()->fetch_userinfo();
             if ($this->arguments['userid'] == $currentuser['userid']) {
                 $this->arguments['username'] = $currentuser['username'];
             } else {
                 $user = vB_User::fetchUserinfo($this->arguments['userid']);
                 $this->arguments['username'] = $user['username'];
             }
         }
     }
 }
Esempio n. 5
0
 protected function checkCSRF()
 {
     if (!empty($_SERVER['REQUEST_METHOD']) and strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
         $userinfo = vB_User::fetchUserinfo();
         if ($userinfo['userid'] > 0 and (!defined('CSRF_PROTECTION') or defined('CSRF_PROTECTION') and CSRF_PROTECTION === true)) {
             if (!$this->location['login']) {
                 if (!isset($_POST['securitytoken'])) {
                     $_POST['securitytoken'] = '';
                 }
                 if (!vB_User::verifySecurityToken($_POST['securitytoken'], $userinfo['securitytoken_raw'])) {
                     switch ($_POST['securitytoken']) {
                         case '':
                             return array('error' => 'security_token_missing');
                         case 'guest':
                             return array('error' => 'security_token_guest');
                         case 'timeout':
                             return array('error' => 'security_token_timeout');
                         default:
                             return array('error' => 'security_token_invalid');
                     }
                 }
             }
         }
     }
     return false;
 }
Esempio n. 6
0
 /**
  * Applies the automatic ban to the user
  *
  * @param	array	User Info for the user to ban
  * @param	array	Data for the automatic ban to apply (returned from getAutomaticBanToApply)
  * @param	array	Data for the infraction that's being given
  */
 protected function applyAutomaticBan(array $userInfo, array $banToApply, array $data)
 {
     $currentBan = $this->assertor->getRow('userban', array('userid' => $userInfo['userid']));
     $user = vB::getCurrentSession()->fetch_userinfo();
     // Drop the ban hammer
     if ($currentBan) {
         if (($banToApply['liftdate'] == 0 or $currentBan['liftdate'] < $banToApply['liftdate']) and $currentBan['liftdate'] != 0) {
             // there is already a record - just update this record
             $this->assertor->update('userban', array('bandate' => vB::getRequest()->getTimeNow(), 'liftdate' => $banToApply['liftdate'], 'adminid' => $user['userid'], 'reason' => $data['banreason']), array('userid' => $userInfo['userid']));
         }
     } else {
         // insert a record into the userban table
         /*insert query*/
         $this->assertor->insert('userban', array('userid' => $userInfo['userid'], 'usergroupid' => $userInfo['usergroupid'], 'displaygroupid' => $userInfo['displaygroupid'], 'customtitle' => $userInfo['customtitle'], 'usertitle' => $userInfo['usertitle'], 'bandate' => vB::getRequest()->getTimeNow(), 'liftdate' => $banToApply['liftdate'], 'adminid' => $user['userid'], 'reason' => $data['banreason']));
     }
     //$existingUserInfo = $this->assertor->getRow('user', array('userid' => $userInfo['userid']));
     $existingUserInfo = vB_User::fetchUserinfo($userInfo['userid']);
     // update the user record
     $userdata = new vB_Datamanager_User(vB::get_registry(), vB_DataManager_Constants::ERRTYPE_SILENT);
     $userdata->set_existing($existingUserInfo);
     $userdata->set('usergroupid', $banToApply['banusergroupid']);
     $userdata->set('displaygroupid', 0);
     // update the user's title if they've specified a special user title for the banned group
     $bannedUserGroups = vB_Api::instanceInternal('usergroup')->fetchBannedUsergroups();
     if ($bannedUserGroups[$banToApply['banusergroupid']]['usertitle'] != '') {
         $userdata->set('usertitle', $bannedUserGroups[$banToApply['banusergroupid']]['usertitle']);
         $userdata->set('customtitle', 0);
     }
     $userdata->save();
     unset($userdata);
 }
Esempio n. 7
0
 /**
  * Fetch whovoted a node
  * @param $nodeid
  * @param $private_message false => return only who voted on that node,
  * 		  true  => return node voters plus the current loged user link to the voters (subscribed/notsubscribed)
  *
  * @return array Array of users. An user is also an array contains userid, username, isadmin, ismoderator
  */
 public function fetchWhovoted($nodeid, $private_message = false)
 {
     $node = vB_Api::instanceInternal('node')->getNodeFullContent($nodeid);
     $node = $node[$nodeid];
     $this->checkCanUseRep($node);
     if (!vB::getUserContext()->hasPermission('genericpermissions', 'canseewholiked')) {
         throw new vB_Exception_Api('no_permission');
     }
     if ($private_message) {
         $currentUser = vB::getCurrentSession()->get('userid');
         $users = $this->assertor->getRows('vBForum:reputation_privatemsg_fetchwhovoted', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'nodeid' => $node['nodeid'], 'currentuser' => $currentUser));
     } else {
         $users = $this->assertor->getRows('vBForum:reputation_fetchwhovoted', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'nodeid' => $node['nodeid']));
     }
     foreach ($users as &$user) {
         $user['ismoderator'] = false;
         $user['isadmin'] = false;
         $userinfo = vB_User::fetchUserinfo($user['userid']);
         $user['usertitle'] = $userinfo['usertitle'];
         $usercontext =& vB::getUserContext($user['userid']);
         if ($usercontext->hasPermission('adminpermissions', 'ismoderator')) {
             $user['ismoderator'] = true;
         }
         if ($usercontext->hasAdminPermission('cancontrolpanel')) {
             $user['isadmin'] = true;
         }
         $user['avatarurl'] = vB_Api::instanceInternal('user')->fetchAvatar($user['userid']);
         $user['avatarurl'] = $user['avatarurl']['avatarpath'];
         $user['profileurl'] = vB5_Route::buildUrl('profile', array('userid' => $user['userid']));
         $user['musername'] = vB_Api::instanceInternal("user")->fetchMusername($user);
     }
     return $users;
 }
Esempio n. 8
0
 /**
  * Ban users
  *
  * @param array $userids Userids to ban
  * @param int $banusergroupid Which banned usergroup to move the users to
  * @param string $period Ban period
  * @param string $reason Ban reason
  */
 public function banUsers($userids, $banusergroupid, $period, $reason = '')
 {
     $loginuser =& vB::getCurrentSession()->fetch_userinfo();
     $usercontext =& vB::getUserContext($loginuser['userid']);
     if (!$usercontext->hasAdminPermission('cancontrolpanel') and !$usercontext->hasPermission('moderatorpermissions', 'canbanusers')) {
         $forumHome = vB_Library::instance('content_channel')->getForumHomeChannel();
         throw new vB_Exception_Api('nopermission_loggedin', array($loginuser['username'], vB_Template_Runtime::fetchStyleVar('right'), vB::getCurrentSession()->get('sessionurl'), $loginuser['securitytoken'], vB5_Route::buildUrl($forumHome['routeid'] . '|fullurl')));
     }
     foreach ($userids as &$userid) {
         $userid = intval($userid);
     }
     $bannedusergroups = vB_Api::instanceInternal('usergroup')->fetchBannedUsergroups();
     if (!in_array($banusergroupid, array_keys($bannedusergroups))) {
         throw new vB_Exception_Api('invalid_usergroup_specified');
     }
     // check that the number of days is valid
     if ($period != 'PERMANENT' and !preg_match('#^(D|M|Y)_[1-9][0-9]?$#', $period)) {
         throw new vB_Exception_Api('invalid_ban_period_specified');
     }
     if ($period == 'PERMANENT') {
         // make this ban permanent
         $liftdate = 0;
     } else {
         // get the unixtime for when this ban will be lifted
         require_once DIR . '/includes/functions_banning.php';
         $liftdate = convert_date_to_timestamp($period);
     }
     $user_dms = array();
     $current_bans = vB::getDbAssertor()->getRows('user_fetchcurrentbans', array('userids' => $userids));
     foreach ($current_bans as $current_ban) {
         $userinfo = vB_User::fetchUserinfo($current_ban['userid']);
         $userid = $userinfo['userid'];
         if ($current_ban['bandate']) {
             // they already have a ban, check if the current one is being made permanent, continue if its not
             if ($liftdate and $liftdate < $current_ban['liftdate']) {
                 continue;
             }
             // there is already a record - just update this record
             vB::getDbAssertor()->update('userban', array('bandate' => vB::getRequest()->getTimeNow(), 'liftdate' => $liftdate, 'adminid' => $loginuser['userid'], 'reason' => $reason), array('userid' => $userinfo['userid']));
         } else {
             // insert a record into the userban table
             /*insert query*/
             vB::getDbAssertor()->insert('userban', array('userid' => $userinfo['userid'], 'usergroupid' => $userinfo['usergroupid'], 'displaygroupid' => $userinfo['displaygroupid'], 'customtitle' => $userinfo['customtitle'], 'usertitle' => $userinfo['usertitle'], 'adminid' => $loginuser['userid'], 'bandate' => vB::getRequest()->getTimeNow(), 'liftdate' => $liftdate, 'reason' => $reason));
         }
         // update the user record
         $user_dms[$userid] = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_SILENT);
         $user_dms[$userid]->set_existing($userinfo);
         $user_dms[$userid]->set('usergroupid', $banusergroupid);
         $user_dms[$userid]->set('displaygroupid', 0);
         // update the user's title if they've specified a special user title for the banned group
         if ($bannedusergroups[$banusergroupid]['usertitle'] != '') {
             $user_dms[$userid]->set('usertitle', $bannedusergroups[$banusergroupid]['usertitle']);
             $user_dms[$userid]->set('customtitle', 0);
         }
         $user_dms[$userid]->pre_save();
     }
     foreach ($user_dms as $userdm) {
         $userdm->save();
     }
     // and clear perms
     foreach ($userids as $uid) {
         vB::getUserContext($uid)->clearChannelPermissions();
     }
     return true;
 }
Esempio n. 9
0
 /**
  * Send contact us mail
  *
  * @param array $maildata contact us mail data. Including name, email, subject, other_subject, message
  * @param array $hvinput Human Verify input data. @see vB_Api_Hv::verifyToken()
  * @throws vB_Exception_Api
  */
 public function sendMail($maildata, $hvinput = array())
 {
     $vboptions = vB::getDatastore()->getValue('options');
     if (empty($maildata['name']) || empty($maildata['email']) || empty($maildata['message'])) {
         throw new vB_Exception_Api('please_complete_required_fields');
     }
     if ($vboptions['contactusoptions'] and $maildata['subject'] == 'other' and ($maildata['other_subject'] == '' or !$vboptions['contactusother'])) {
         throw new vB_Exception_Api('nosubject');
     }
     if (!is_valid_email($maildata['email'])) {
         throw new vB_Exception_Api('bademail');
     }
     vB_Api::instanceInternal('hv')->verifyToken($hvinput, 'contactus');
     // No Errors. Send mail.
     $languageid = -1;
     if ($vboptions['contactusoptions']) {
         if ($maildata['subject'] == 'other') {
             $maildata['subject'] = $maildata['other_subject'];
         } else {
             $options = explode("\n", trim($vboptions['contactusoptions']));
             foreach ($options as $index => $title) {
                 if ($index == $maildata['subject']) {
                     if (preg_match('#^{(.*)} (.*)$#siU', $title, $matches)) {
                         $title =& $matches[2];
                         if (is_numeric($matches[1]) and intval($matches[1]) !== 0) {
                             $userinfo = vB_User::fetchUserinfo($matches[1]);
                             $alt_email =& $userinfo['email'];
                             $languageid =& $userinfo['languageid'];
                         } else {
                             $alt_email = $matches[1];
                         }
                     }
                     $maildata['subject'] = $title;
                     break;
                 }
             }
         }
     }
     if (!empty($alt_email)) {
         if ($alt_email == $vboptions['webmasteremail'] or $alt_email == $vboptions['contactusemail']) {
             $ip = vB::getRequest()->getIpAddress();
         } else {
             $ip =& $vbphrase['n_a'];
         }
         $destemail =& $alt_email;
     } else {
         $ip = vB::getRequest()->getIpAddress();
         if ($vboptions['contactusemail']) {
             $destemail =& $vboptions['contactusemail'];
         } else {
             $destemail =& $vboptions['webmasteremail'];
         }
     }
     $currentuser = vB::getCurrentSession()->fetch_userinfo();
     $mailcontent = vB_Api::instanceInternal('phrase')->fetchEmailPhrases('contactus', array($vboptions['bbtitle'], $maildata['name'], $maildata['email'], $maildata['message'], $ip, $currentuser['username'], $currentuser['userid']), array($vboptions['bbtitle'], $maildata['subject']), $languageid);
     $flood = vB_Mail::vbmail($destemail, $mailcontent['subject'], $mailcontent['message'], true, $maildata['email']);
     if (is_array($flood)) {
         throw new vB_Exception_Api($flood[0], $flood[1]);
     }
     return true;
 }
Esempio n. 10
0
 private function json2criteria(&$json)
 {
     if (is_string($json)) {
         $search_structure = json_decode($json, true);
     } else {
         $search_structure = $json;
     }
     if (empty($search_structure) or !is_array($search_structure)) {
         throw new vB_Exception_Api('invalid_search_syntax', array($json));
     }
     $criteria = new vB_Search_Criteria();
     $def_sort_field = 'created';
     $def_sort_dir = 'DESC';
     $currentUserId = vB::getCurrentSession()->get('userid');
     $criteria->setUser($currentUserId);
     $normalized_criteria = array();
     if (!empty($search_structure['keywords'])) {
         $words = $criteria->add_keyword_filter($search_structure['keywords'], !empty($search_structure['title_only']));
         $def_sort_field = 'lastcontent';
         if (!empty($words)) {
             $normalized_criteria['keywords'] = '';
             $separator = '';
             foreach ($words as $word) {
                 if (!empty($word['joiner'])) {
                     $normalized_criteria['keywords'] .= $separator . strtoupper($word['joiner']);
                     $separator = ' ';
                 }
                 $normalized_criteria['keywords'] .= $separator . $word['word'];
                 $separator = ' ';
             }
             if (!empty($search_structure['title_only'])) {
                 $normalized_criteria['title_only'] = 1;
             }
         } else {
             $normalized_criteria['error'] = 'ignored_search_keywords';
         }
         $ignored_words = $criteria->get_ignored_keywords();
         if (!empty($ignored_words)) {
             $normalized_criteria['ignored_words'] = $ignored_words;
             $normalized_criteria['original_keywords'] = $search_structure['keywords'];
         }
     }
     if (!empty($search_structure['contenttypeid'])) {
         $search_structure['type'] = vB_Types::instance()->getContentTypeClasses($search_structure['contenttypeid']);
         if (count($search_structure['type']) == 1) {
             $search_structure['type'] = array_pop($search_structure['type']);
         }
         unset($search_structure['contenttypeid']);
     }
     if (!empty($search_structure['type'])) {
         $contentypeids = $criteria->add_contenttype_filter($search_structure['type']);
         $normalized_criteria['type'] = $search_structure['type'];
         $pmcontentypeid = vB_Types::instance()->getContentTypeID('vBForum_PrivateMessage');
         if (in_array($pmcontentypeid, $contentypeids)) {
             if (count($contentypeids) == 1) {
                 $search_structure['private_messages_only'] = 1;
             } else {
                 $search_structure['include_private_messages'] = 1;
             }
         }
         $vmcontentypeid = vB_Types::instance()->getContentTypeID('vBForum_VisitorMessage');
         if (in_array($vmcontentypeid, $contentypeids)) {
             if (count($contentypeids) == 1) {
                 $search_structure['visitor_messages_only'] = 1;
             } else {
                 $search_structure['include_visitor_messages'] = 1;
             }
         }
         $photocontentypeid = vB_Api::instanceInternal('contenttype')->fetchContentTypeIdFromClass('Photo');
         if (in_array($photocontentypeid, $contentypeids)) {
             $search_structure['include_attach'] = 1;
         }
     } elseif (empty($search_structure['exclude_type']) or is_string($search_structure['exclude_type']) and $search_structure['exclude_type'] != 'vBForum_PrivateMessage' or is_array($search_structure['exclude_type']) and !in_array('vBForum_PrivateMessage', $search_structure['exclude_type'])) {
         $search_structure['include_private_messages'] = 1;
     } elseif (!empty($search_structure['exclude_type']) and (is_string($search_structure['exclude_type']) and $search_structure['exclude_type'] == 'vBForum_VisitorMessage' or is_array($search_structure['exclude_type']) and in_array('vBForum_VisitorMessage', $search_structure['exclude_type']))) {
         $search_structure['exclude_visitor_messages'] = 1;
     }
     if (empty($search_structure['type']) and empty($search_structure['exclude_visitor_messages']) and (empty($search_structure['exclude_type']) or is_string($search_structure['exclude_type']) and $search_structure['exclude_type'] != 'vBForum_VisitorMessage' or is_array($search_structure['exclude_type']) and !in_array('vBForum_VisitorMessage', $search_structure['exclude_type']))) {
         $search_structure['include_visitor_messages'] = 1;
     }
     // author by username
     if (!empty($search_structure['author'])) {
         //reducing users from array to single
         if (is_array($search_structure['author']) and count($search_structure['author']) == 1) {
             $search_structure['author'] = array_pop($search_structure['author']);
             $search_structure['exactname'] = 1;
         }
         // only one username
         if (is_string($search_structure['author'])) {
             // it's an exact username - no partial match
             if (!empty($search_structure['exactname'])) {
                 $search_structure['author'] = trim($search_structure['author']);
                 switch ($search_structure['author']) {
                     case 'myFriends':
                         $userid = array();
                         if (!empty($currentUserId)) {
                             $userid = vB::getDbAssertor()->getColumn('userlist', 'relationid', array('userid' => $currentUserId, 'friend' => 'yes'), false, 'relationid');
                         }
                         $criteria->add_filter('userid', vB_Search_Core::OP_EQ, $userid, true);
                         break;
                     case 'iFollow':
                         if (empty($search_structure[self::FILTER_FOLLOW])) {
                             $search_structure[self::FILTER_FOLLOW] = self::FILTER_FOLLOWING_USERS;
                         } elseif ($search_structure[self::FILTER_FOLLOW] == self::FILTER_FOLLOWING_CHANNEL) {
                             $search_structure[self::FILTER_FOLLOW] = self::FILTER_FOLLOWING_BOTH;
                         }
                         break;
                     default:
                         $criteria->add_user_filter($search_structure['author'], !empty($search_structure['exactname']));
                         break;
                 }
                 $normalized_criteria['author'] = strtolower($search_structure['author']);
                 $normalized_criteria['exactname'] = 1;
             } elseif (vb_String::vbStrlen($search_structure['author']) >= 3) {
                 $criteria->add_user_filter($search_structure['author'], !empty($search_structure['exactname']));
                 $normalized_criteria['author'] = strtolower($search_structure['author']);
             }
         } elseif (is_array($search_structure['author'])) {
             $user_names = array();
             foreach ($search_structure['author'] as $author) {
                 $author = vB_String::htmlSpecialCharsUni($author);
                 $user = vB_Api::instanceInternal("User")->fetchByUsername($author);
                 $userid = false;
                 if (!empty($user['userid'])) {
                     $user_ids[] = $user['userid'];
                     $user_names[] = $user['username'];
                 }
             }
             if (!empty($user_ids)) {
                 $criteria->add_filter('userid', vB_Search_Core::OP_EQ, $user_ids, true);
             } else {
                 $criteria->add_null_filter('no record matches usernames');
             }
             sort($user_names);
             $normalized_criteria['author'] = $user_names;
         }
     }
     // author by userid
     if (!empty($search_structure['authorid'])) {
         //reducing users from array to single
         if (is_array($search_structure['authorid']) and count($search_structure['authorid']) == 1) {
             $search_structure['authorid'] = array_pop($search_structure['authorid']);
         }
         if (is_numeric($search_structure['authorid'])) {
             if (!empty($search_structure['visitor_messages_only'])) {
                 $criteria->add_filter('visitor_messages_only', vB_Search_Core::OP_EQ, $search_structure['authorid']);
                 $normalized_criteria['visitor_messages_only'] = 1;
             } elseif (!empty($search_structure['include_visitor_messages'])) {
                 $criteria->add_filter('include_visitor_messages', vB_Search_Core::OP_EQ, $search_structure['authorid']);
                 $normalized_criteria['include_visitor_messages'] = 1;
             } else {
                 $criteria->add_filter('userid', vB_Search_Core::OP_EQ, $search_structure['authorid'], true);
             }
             if (!empty($search_structure['exclude_visitor_messages'])) {
                 $criteria->add_filter('exclude_visitor_messages', vB_Search_Core::OP_EQ, $search_structure['authorid']);
                 $normalized_criteria['exclude_visitor_messages'] = 1;
             }
             $normalized_criteria['authorid'] = $search_structure['authorid'];
         } elseif (is_array($search_structure['authorid'])) {
             $user_ids = array();
             foreach ($search_structure['authorid'] as $author) {
                 if (is_numeric($author)) {
                     $user_ids[] = intval($author);
                 }
             }
             $criteria->add_filter('userid', vB_Search_Core::OP_EQ, $user_ids, true);
             $normalized_criteria['authorid'] = sort($user_ids);
         }
     } else {
         if (!empty($search_structure['exclude_visitor_messages'])) {
             $criteria->add_filter('exclude_visitor_messages', vB_Search_Core::OP_EQ, 0);
             $normalized_criteria['exclude_visitor_messages'] = 1;
         }
     }
     // channel owner filter
     if (!empty($search_structure['my_channels'])) {
         $temp = array();
         // restrict 'type' to string 'blog' or 'group', else default to 'blog'
         if (isset($search_structure['my_channels']['type']) and ($search_structure['my_channels']['type'] == 'blog' or $search_structure['my_channels']['type'] == 'group')) {
             $temp['type'] = $search_structure['my_channels']['type'];
         } else {
             $temp['type'] = 'blog';
         }
         $normalized_criteria['my_channels'] = $temp;
         $criteria->add_filter('my_channels', vB_Search_Core::OP_EQ, $temp);
         unset($temp);
     }
     if (!empty($search_structure['private_messages_only'])) {
         $criteria->add_filter('private_messages_only', vB_Search_Core::OP_EQ, $currentUserId);
         $normalized_criteria['private_messages_only'] = 1;
     }
     // visitor message recipient
     if (!empty($search_structure['sentto'])) {
         //reducing users from array to single
         if (is_array($search_structure['sentto']) and count($search_structure['sentto']) == 1) {
             $search_structure['sentto'] = array_pop($search_structure['sentto']);
         }
         if (is_numeric($search_structure['sentto'])) {
             $criteria->add_filter('sentto', vB_Search_Core::OP_EQ, intval($search_structure['sentto']));
             $normalized_criteria['visitor_messages_only'] = 1;
             $normalized_criteria['sentto'] = intval($search_structure['sentto']);
         } elseif (is_array($search_structure['sentto'])) {
             $user_ids = array_map('intval', $search_structure['sentto']);
             sort($user_ids);
             $criteria->add_filter('sentto', vB_Search_Core::OP_EQ, $user_ids);
             $normalized_criteria['visitor_messages_only'] = 1;
             $normalized_criteria['sentto'] = $user_ids;
         }
     }
     if (!empty($search_structure['tag'])) {
         if (is_array($search_structure['tag'])) {
             foreach ($search_structure['tag'] as $index => $tag) {
                 $search_structure['tag'][$index] = vB_String::htmlSpecialCharsUni(trim($tag));
             }
         } else {
             $search_structure['tag'] = vB_String::htmlSpecialCharsUni(trim($search_structure['tag']));
         }
         $existing_tags = $criteria->add_tag_filter($search_structure['tag']);
         $normalized_criteria['tag'] = array_keys($existing_tags);
         vB_Api::instanceInternal('Tags')->logSearchTags($existing_tags);
     }
     if (!empty($search_structure['date'])) {
         if ($search_structure['date'] == self::FILTER_LASTVISIT) {
             $current_user = new vB_Legacy_CurrentUser();
             $dateline = $current_user->get_field('lastvisit');
             if (empty($dateline)) {
                 $dateline = vB::getRequest()->getTimeNow() - 86400 * 14;
             }
             $criteria->add_date_filter(vB_Search_Core::OP_GT, $dateline);
             $normalized_criteria['date'] = self::FILTER_LASTVISIT;
         }
         if ($search_structure['date'] == self::FILTER_TOPICAGE) {
             $age = vB::getDatastore()->getOption('max_age_topic');
             if (intval($age) == 0) {
                 $age = 60;
             }
             $criteria->add_date_filter(vB_Search_Core::OP_GT, vB::getRequest()->getTimeNow() - 86400 * $age);
             $normalized_criteria['date'] = self::FILTER_TOPICAGE;
         }
         if ($search_structure['date'] == self::FILTER_CHANNELAGE) {
             $age = vB::getDatastore()->getOption('max_age_channel');
             if (intval($age) == 0) {
                 $age = 60;
             }
             $criteria->add_date_filter(vB_Search_Core::OP_GT, vB::getRequest()->getTimeNow() - 86400 * $age);
             $normalized_criteria['date'] = self::FILTER_CHANNELAGE;
         }
         // forcing to get the whole date spectrum; activity stream view enforces a date range so this is the workaround
         if (!empty($search_structure['date']) and is_string($search_structure['date']) and $search_structure['date'] == self::FILTER_DATEALL) {
             $criteria->add_date_filter(vB_Search_Core::OP_EQ, self::FILTER_DATEALL);
             $normalized_criteria['date'] = self::FILTER_DATEALL;
         }
         if (is_array($search_structure['date']) and !empty($search_structure['date']['from'])) {
             $dateline = $this->computeDateLine($search_structure['date']['from']);
             if (!empty($dateline)) {
                 $criteria->add_date_filter(vB_Search_Core::OP_GT, $dateline);
                 $normalized_criteria['date']['from'] = $search_structure['date']['from'];
             }
         }
         if (is_array($search_structure['date']) and !empty($search_structure['date']['to'])) {
             $dateline = $this->computeDateLine($search_structure['date']['to'], true);
             if (!empty($dateline)) {
                 $criteria->add_date_filter(vB_Search_Core::OP_LT, $dateline);
                 $normalized_criteria['date']['to'] = $search_structure['date']['to'];
             }
         }
     }
     if (!empty($search_structure['last'])) {
         if (is_array($search_structure['last']) and !empty($search_structure['last']['from'])) {
             $dateline = $this->computeDateLine($search_structure['last']['from']);
             if (!empty($dateline)) {
                 $criteria->add_last_filter(vB_Search_Core::OP_GT, $dateline);
                 $normalized_criteria['last']['from'] = $search_structure['last']['from'];
             }
         }
         if (is_array($search_structure['last']) and !empty($search_structure['last']['to'])) {
             $dateline = $this->computeDateLine($search_structure['last']['to'], true);
             if (!empty($dateline)) {
                 $criteria->add_last_filter(vB_Search_Core::OP_LT, $dateline);
                 $normalized_criteria['last']['to'] = $search_structure['last']['to'];
             }
         }
     }
     if (!empty($search_structure['exclude'])) {
         $criteria->add_exclude_filter($search_structure['exclude']);
         $normalized_criteria['exclude'] = $search_structure['exclude'];
     }
     if (empty($search_structure['sort'])) {
         $search_structure['sort'] = array($def_sort_field => $def_sort_dir);
     }
     if (!is_array($search_structure['sort'])) {
         $sort_dir = $def_sort_dir;
         if (strtolower($search_structure['sort']) == 'title') {
             $sort_dir = 'ASC';
         }
         $search_structure['sort'] = array($search_structure['sort'] => $sort_dir);
     }
     foreach ($search_structure['sort'] as $sort_field => $sort_dir) {
         $criteria->set_sort($sort_field, strtoupper($sort_dir));
     }
     if ($sort_field != $def_sort_field or $sort_dir != $def_sort_dir) {
         $normalized_criteria['sort'] = array($sort_field => strtoupper($sort_dir));
     }
     if (!empty($search_structure['view'])) {
         if ($search_structure['view'] == vB_Api_Search::FILTER_VIEW_CONVERSATION_STREAM and !empty($search_structure['channel'])) {
             $search_structure['depth'] = 2;
             $search_structure['include_starter'] = true;
         } elseif ($search_structure['view'] == vB_Api_Search::FILTER_VIEW_CONVERSATION_THREAD and !empty($search_structure['channel'])) {
             $search_structure['depth'] = 1;
             $search_structure['include_starter'] = true;
         } else {
             $criteria->add_view_filter($search_structure['view']);
             $normalized_criteria['view'] = $search_structure['view'];
         }
     }
     if (!empty($search_structure['starter_only'])) {
         $criteria->add_filter('starter_only', vB_Search_Core::OP_EQ, true);
         $search_structure['include_starter'] = true;
         $normalized_criteria['starter_only'] = 1;
     }
     if (!empty($search_structure['reply_only'])) {
         $criteria->add_filter('reply_only', vB_Search_Core::OP_EQ, true);
         $search_structure['include_starter'] = false;
         $normalized_criteria['reply_only'] = 1;
     }
     if (!empty($search_structure['comment_only'])) {
         $criteria->add_filter('comment_only', vB_Search_Core::OP_EQ, true);
         $search_structure['include_starter'] = false;
         $normalized_criteria['comment_only'] = 1;
     }
     if (!empty($search_structure['channel'])) {
         $criteria->add_channel_filter($search_structure['channel'], empty($search_structure['depth']) ? false : $search_structure['depth'], empty($search_structure['include_starter']) ? false : true, empty($search_structure['depth_exact']) ? false : true);
         $normalized_criteria['channel'] = $search_structure['channel'];
         if (!empty($search_structure['depth'])) {
             $normalized_criteria['depth'] = $search_structure['depth'];
         }
         if (!empty($search_structure['depth_exact'])) {
             $normalized_criteria['depth_exact'] = true;
         }
         if (!empty($search_structure['include_starter'])) {
             $normalized_criteria['include_starter'] = 1;
         }
     }
     if (!empty($search_structure['featured'])) {
         $criteria->add_filter('featured', vB_Search_Core::OP_EQ, $search_structure['featured']);
         $normalized_criteria['featured'] = 1;
     }
     if (!empty($search_structure[self::FILTER_FOLLOW])) {
         if (is_string($search_structure[self::FILTER_FOLLOW]) and !empty($currentUserId)) {
             $criteria->add_follow_filter($search_structure[self::FILTER_FOLLOW], $currentUserId);
             $normalized_criteria[self::FILTER_FOLLOW] = $search_structure[self::FILTER_FOLLOW];
         } elseif (is_array($search_structure[self::FILTER_FOLLOW])) {
             list($type, $userid) = each($search_structure[self::FILTER_FOLLOW]);
             //if ($userid == $currentUserId)
             //{
             $criteria->add_follow_filter($type, $userid);
             $normalized_criteria[self::FILTER_FOLLOW] = $search_structure[self::FILTER_FOLLOW];
             //}
         }
     }
     if (!empty($search_structure['my_following']) and !empty($currentUserId)) {
         $criteria->add_follow_filter(self::FILTER_FOLLOWING_CHANNEL, $currentUserId);
         $normalized_criteria['my_following'] = $search_structure['my_following'];
     }
     if (!empty($search_structure['exclude_type'])) {
         $criteria->add_contenttype_filter($search_structure['exclude_type'], vB_Search_Core::OP_NEQ);
         $normalized_criteria['exclude_type'] = $search_structure['exclude_type'];
     }
     if (!empty($search_structure['sticky_only'])) {
         $criteria->add_filter('sticky', vB_Search_Core::OP_EQ, '1');
         $normalized_criteria['sticky_only'] = 1;
     }
     if (!empty($search_structure['exclude_sticky'])) {
         $criteria->add_filter('sticky', vB_Search_Core::OP_NEQ, '1');
         $normalized_criteria['exclude_sticky'] = 1;
     }
     if (!empty($search_structure['include_sticky'])) {
         $criteria->set_include_sticky();
         $normalized_criteria['include_sticky'] = 1;
     }
     if (empty($search_structure['include_blocked']) or empty($currentUserId) or !vB::getUserContext()->hasPermission('moderatorpermissions', 'canbanusers')) {
         //block people on the global ignore list.
         $globalignore = trim(vB::getDatastore()->getOption('globalignore'));
         if (!empty($globalignore)) {
             $blocked = preg_split('#\\s+#s', $globalignore, -1, PREG_SPLIT_NO_EMPTY);
             //the user can always see their own posts, so if they are in the blocked list we remove them
             if (!empty($currentUserId)) {
                 $bbuserkey = array_search($currentUserId, $blocked);
                 if ($bbuserkey !== FALSE and $bbuserkey !== NULL) {
                     unset($blocked["{$bbuserkey}"]);
                 }
             }
             //Make sure we didn't just empty the list
             if (!empty($blocked)) {
                 $criteria->add_filter('userid', vB_Search_Core::OP_NEQ, $blocked, false, true);
             }
         }
     } elseif (!empty($currentUserId) and vB::getUserContext()->hasPermission('moderatorpermissions', 'canbanusers')) {
         $normalized_criteria['include_blocked'] = 1;
     }
     if (empty($search_structure['include_blocked']) and !empty($currentUserId)) {
         $currentUserInfo = vB_User::fetchUserinfo($currentUserId);
         if (!empty($currentUserInfo['ignorelist'])) {
             $criteria->add_filter('userid', vB_Search_Core::OP_NEQ, explode(' ', $currentUserInfo['ignorelist']), false, true);
         }
     }
     if (!empty($search_structure['ignore_protected'])) {
         $criteria->add_filter('protected', vB_Search_Core::OP_NEQ, '1');
         $normalized_criteria['ignore_protected'] = 1;
     }
     if (!empty($search_structure['deleted_only']) and !empty($currentUserId) and vB::getUserContext()->hasPermission('moderatorpermissions', 'canremoveposts')) {
         $criteria->add_filter('showpublished', vB_Search_Core::OP_EQ, '0');
         $criteria->add_filter('deleteuserid', vB_Search_Core::OP_NEQ, '0');
         $normalized_criteria['deleted_only'] = 1;
     }
     if (!empty($search_structure['exclude_deleted'])) {
         $criteria->add_filter('showpublished', vB_Search_Core::OP_EQ, '1');
         $normalized_criteria['exclude_deleted'] = 1;
     }
     if (empty($search_structure['include_attach'])) {
         $criteria->add_filter('inlist', vB_Search_Core::OP_EQ, 1);
     } else {
         $normalized_criteria['include_attach'] = 1;
     }
     if (!empty($search_structure['unapproved_only']) and !empty($currentUserId) and vB::getUserContext()->hasPermission('moderatorpermissions', 'canmanagethreads')) {
         $criteria->add_filter('approved', vB_Search_Core::OP_NEQ, '1');
         $normalized_criteria['unapproved_only'] = 1;
     }
     if (!empty($search_structure['unread_only']) and !empty($currentUserId) and vB::getDatastore()->getOption('threadmarking') > 0) {
         $criteria->add_filter('marked', vB_Search_Core::OP_EQ, self::FILTER_MARKED_UNREAD);
         $normalized_criteria['unread_only'] = 1;
     }
     if (!empty($search_structure['specific'])) {
         $criteria->add_filter('nodeid', vB_Search_Core::OP_EQ, $search_structure['specific']);
         $normalized_criteria['specific'] = $search_structure['specific'];
     }
     if (!empty($search_structure['prefix'])) {
         $normalized_criteria['prefix'] = $search_structure['prefix'];
         $criteria->add_filter('prefixid', vB_Search_Core::OP_EQ, $search_structure['prefix']);
     }
     if (!empty($search_structure['has_prefix'])) {
         $normalized_criteria['has_prefix'] = 1;
         $criteria->add_filter('prefixid', vB_Search_Core::OP_NEQ, '');
     }
     if (!empty($search_structure['no_prefix'])) {
         $normalized_criteria['no_prefix'] = 0;
         $criteria->add_filter('prefixid', vB_Search_Core::OP_EQ, '');
     }
     // private messages are included by default. Use the exclude_type filter to exlude them
     // they are not included if a specific channel is requested OR looking for visitor messages
     if (!empty($search_structure['include_private_messages']) and empty($normalized_criteria['private_messages_only']) and empty($normalized_criteria['sentto']) and (empty($normalized_criteria['channel']) or is_numeric($normalized_criteria['channel']) and !in_array($normalized_criteria['channel'], array(vB_Channel::MAIN_CHANNEL, vB_Channel::DEFAULT_CHANNEL_PARENT, vB_Channel::PRIVATEMESSAGE_CHANNEL)) or is_array($normalized_criteria['channel']) and count(array_intersect($normalized_criteria['channel'], array(vB_Channel::MAIN_CHANNEL, vB_Channel::DEFAULT_CHANNEL_PARENT, vB_Channel::PRIVATEMESSAGE_CHANNEL))) == 0) and empty($normalized_criteria['my_channels'])) {
         $criteria->add_filter('include_private_messages', vB_Search_Core::OP_EQ, $currentUserId);
     }
     if (!empty($search_structure['nolimit']) and !empty($normalized_criteria['channel']) and (empty($normalized_criteria['view']) or $normalized_criteria['view'] != self::FILTER_VIEW_ACTIVITY) and empty($search_structure['author']) and empty($search_structure['authorid']) and empty($search_structure['keywords']) and empty($search_structure['sentto']) and empty($search_structure['private_messages_only']) and empty($search_structure['tag']) and empty($search_structure['featured']) and empty($search_structure['my_following']) and empty($search_structure['unapproved_only']) and empty($search_structure['unread_only'])) {
         $normalized_criteria['nolimit'] = 1;
         $criteria->setNoLimit();
     }
     // Two pass caching can be disabled by either ignore_cache which
     // also disabled the searchlog table or by specifying 'disable_two_pass'
     // Two pass caching can be forced on when 'ignore_cache' has been called
     // by specifying 'force_two_pass' (for unit testing the two pass cache functionality itself)
     if (!empty($search_structure['ignore_cache']) or self::IGNORE_CACHE) {
         $normalized_criteria['disable_two_pass'] = 1;
         $criteria->setIgnoreCache(true);
     }
     if (!empty($search_structure['disable_two_pass'])) {
         $normalized_criteria['disable_two_pass'] = 1;
     }
     if (!empty($search_structure['force_two_pass']) and !empty($normalized_criteria['disable_two_pass'])) {
         unset($normalized_criteria['disable_two_pass']);
     }
     //checking for a restrictive filter
     if (empty($normalized_criteria['keywords']) and empty($normalized_criteria['authorid']) and empty($normalized_criteria['author']) and empty($normalized_criteria['private_messages_only']) and empty($normalized_criteria['visitor_messages_only']) and empty($normalized_criteria['sentto']) and empty($normalized_criteria['tag']) and (empty($normalized_criteria['date']) or is_string($normalized_criteria['date']) and $normalized_criteria['date'] == self::FILTER_DATEALL) and (empty($normalized_criteria['last']) or is_string($normalized_criteria['last']) and $normalized_criteria['last'] == self::FILTER_DATEALL) and empty($normalized_criteria['channel']) and empty($normalized_criteria['featured']) and empty($normalized_criteria[self::FILTER_FOLLOW]) and empty($normalized_criteria['my_following']) and empty($normalized_criteria['sticky_only']) and empty($normalized_criteria['deleted_only']) and empty($normalized_criteria['unapproved_only']) and empty($normalized_criteria['unread_only']) and empty($normalized_criteria['specific']) and empty($normalized_criteria['prefix']) and empty($normalized_criteria['has_prefix']) and empty($normalized_criteria['no_prefix']) and empty($normalized_criteria['my_channels'])) {
         //temporary solution for VBV-10061
         if ($normalized_criteria['view'] == self::FILTER_VIEW_ACTIVITY) {
             $dateline = $this->computeDateLine(self::FILTER_LASTMONTH);
             if (!empty($dateline)) {
                 $criteria->add_date_filter(vB_Search_Core::OP_GT, $dateline);
             }
         } else {
             throw new vB_Exception_Api('criteria_not_restrictive', array($normalized_criteria));
         }
     }
     $criteria->setJSON($normalized_criteria);
     $json = $normalized_criteria;
     // allow the clients to send custom fields that will be preserved
     if (!empty($search_structure['custom'])) {
         $json['custom'] = $search_structure['custom'];
     }
     return $criteria;
 }
Esempio n. 11
0
 /**
  * Validates that the current can create a node with these values
  *
  * @param  array     $data Array of field => value pairs which define the record.
  * @param  int       $action The action const, used to be checked for permission
  * @param  int       $nodeid
  * @param  array|int nodeid or array of nodeids.  If not passed $data must contain a nodeid
  * @param  array     $nodes -- $node records corresponding to the $nodeid variable.  If not passed will be fetched from the DB
  *
  * @return bool
  */
 public function validate(&$data, $action = self::ACTION_ADD, $nodeid = false, $nodes = false)
 {
     // Each descendant should override this function and add their own
     // check of individual required fields.
     if (defined('VB_AREA') and VB_AREA == 'Upgrade') {
         return true;
     }
     if (vB::getUserContext()->isSuperAdmin()) {
         //The only reason we would return false is if comments are globally disabled  AND the content type is neither attachment nor photo, this
         // would be a comment, and the reply would be a comment.
         if ($action != self::ACTION_ADD or vB::getDatastore()->getOption('postcommentthreads') or $data['contenttypeid'] == vB_Types::instance()->getContentTypeID('vBForum_Photo') or $data['contenttypeid'] == vB_Types::instance()->getContentTypeID('vBForum_Attach')) {
             return true;
         }
         if (empty($data['parentid']) or !intval($data['parentid'])) {
             throw new vB_Exception_Api('invalid_data');
         }
         $parent = vB_Library::instance('node')->getNodeBare($data['parentid']);
         //If the parent is not a starter. this would be a comment.
         if ($parent['starter'] > 0 and $parent['nodeid'] != $parent['starter']) {
             return false;
         }
         return true;
     }
     //we need a nodeid (or parentid if we are adding) or we cannot answer the question.
     if ($action == vB_Api_Content::ACTION_ADD) {
         if (empty($data['parentid']) or !intval($data['parentid'])) {
             throw new vB_Exception_Api('invalid_data');
         }
         $parentid = $data['parentid'];
     } else {
         if (!$nodeid) {
             if (empty($data['nodeid'])) {
                 throw new Exception('invalid_data');
             }
             $nodeid = $data['nodeid'];
         }
         if (!is_array($nodeid)) {
             $nodeid = array($nodeid);
         }
         if (!$nodes) {
             // We need to go through the library. If current user doesn't have permission to view the node,
             // the API wouldn't return that node, and if the caller didn't pass in the specific array of nodes,
             // this function would incorrectly return "true".
             $nodes = vB_Library::instance('node')->getNodes($nodeid);
         }
     }
     $userContext = vB::getUserContext();
     $userid = vB::getCurrentSession()->get('userid');
     switch ($action) {
         case vB_Api_Content::ACTION_ADD:
             //Check the node-specific permissions first.
             $parent = vB_Library::instance('node')->getNode($parentid);
             if (in_array($this->contenttype, array('vBForum_Text', 'vBForum_Poll', 'vBForum_PrivateMessage')) and $parent['parentid'] != $parent['starter']) {
                 // Only validate HV for specific content types.
                 // To skip HV, please call library methods instead.
                 vB_Api::instanceInternal('hv')->verifyToken($data['hvinput'], 'post');
             }
             //confirm that the user can create this content type
             if (!$userContext->getChannelPermission('createpermissions', $this->contenttype, $parent['nodeid'])) {
                 return FALSE;
             }
             //check the showPublished.
             if ($parent['showpublished'] == 0) {
                 if (!$userContext->getChannelPermission('moderatorpermissions', 'canmoderateposts', $parentid)) {
                     return false;
                 }
             }
             if ($parent['open'] == 0 and !$userContext->getChannelPermission('moderatorpermissions', 'canmoderateposts', $parentid)) {
                 return false;
             }
             //Data consistency for a VM.
             if ($parentid == vB_Api::instanceInternal('node')->fetchVMChannel()) {
                 if (!isset($data['setfor']) or isset($data['setfor']) and (!is_numeric($data['setfor']) or $data['setfor'] <= 0)) {
                     throw new vB_Exception_Api('invalid_data');
                 }
                 $vm_user = vB_User::fetchUserinfo($data['setfor']);
                 if ($vm_user == false or !$vm_user['vm_enable']) {
                     throw new vB_Exception_Api('invalid_data');
                 }
                 if ($data['setfor'] == $userid) {
                     // Do we have add permission to write on our own wall?
                     if (!vB::getUserContext()->hasPermission('visitormessagepermissions', 'canmessageownprofile')) {
                         return false;
                     }
                 } else {
                     if (!vB::getUserContext()->hasPermission('visitormessagepermissions', 'canmessageothersprofile')) {
                         // Do we have permission to write on others' walls?
                         return false;
                     }
                 }
             }
             return true;
             break;
         case vB_Api_Content::ACTION_UPDATE:
             //There are a couple of ways this user could be allowed to edit this record.
             // As a moderator
             $channelType = vB_Types::instance()->getContentTypeID('vBForum_Channel');
             foreach ($nodes as $node) {
                 // Can configure channel goes first, otherwise it is ignored due to the moderator perms
                 if ($node['contenttypeid'] == $channelType) {
                     $canEditChannels = ($userContext->getChannelPermission('forumpermissions2', 'canconfigchannel', $node['nodeid'], false, $node['parentid']) or $userContext->hasAdminPermission('canadminforums'));
                     if (!$canEditChannels) {
                         return false;
                     }
                     continue;
                 }
                 if ($userContext->getChannelPermission('moderatorpermissions', 'caneditposts', $node['nodeid'], false, $node['parentid'])) {
                     continue;
                 }
                 $vmChannel = vB_Api::instanceInternal('node')->fetchVMChannel();
                 if ($node['parentid'] == $vmChannel) {
                     $vm_user = vB_User::fetchUserinfo($node['setfor']);
                     if (!$vm_user['vm_enable'] or $node['userid'] != $userid or !vB::getUserContext()->hasPermission('visitormessagepermissions', 'caneditownmessages') or !vB::getUserContext($vm_user['userid'])->hasPermission('genericpermissions', 'canviewmembers') and $userid == $vm_user['userid']) {
                         return false;
                     }
                 }
                 // It's a VM for the user from himself
                 if (!empty($node['setfor']) and $node['setfor'] == $userid and $node['setfor'] == $node['userid'] and $userContext->hasPermission('visitormessagepermissions', 'caneditownmessages')) {
                     continue;
                 }
                 //Now  check the user permissions
                 if ($node['userid'] == vB::getCurrentSession()->get('userid')) {
                     //Check the editing time limit
                     $limits = $userContext->getChannelLimits($node['nodeid']);
                     if ($limits and !empty($limits['edit_time'])) {
                         if ($node['publishdate'] + $limits['edit_time'] * 3600 < vB::getRequest()->getTimeNow()) {
                             return false;
                         }
                     }
                     if ($userContext->getChannelPermission('forumpermissions', 'caneditpost', $node['nodeid'], false, $node['parentid'])) {
                         continue;
                     }
                 } else {
                     if ($userContext->getChannelPermission('forumpermissions2', 'caneditothers', $node['nodeid'], false, $node['parentid'])) {
                         continue;
                     }
                 }
                 //if we got here the user isn't authorized to update this record.
                 return false;
             }
             return true;
             break;
         case vB_Api_Content::ACTION_VIEW:
             $channelType = vB_Types::instance()->getContentTypeID('vBForum_Channel');
             foreach ($nodes as $key => $node) {
                 if (empty($node['nodeid']) or !is_numeric($node['nodeid'])) {
                     $check = current($node);
                     if (!empty($check['nodeid']) and is_numeric($check['nodeid'])) {
                         $node = $check;
                     }
                 }
                 $canViewChannel = $userContext->getChannelPermission('forumpermissions', 'canview', $node['nodeid'], false, $node['parentid']);
                 if (!$canViewChannel) {
                     return false;
                 }
                 if ($node['contenttypeid'] != $channelType) {
                     // grab the starter's userid for the canviewothers check
                     if (isset($node['starteruserid'])) {
                         // 'starteruserid' is not always set, for ex when the $node
                         // provided originated from node lib's getNodeBare()
                         $starterUserid = $node['starteruserid'];
                     } else {
                         if ($node['nodeid'] == $node['starter']) {
                             $starterUserid = $node['userid'];
                         } else {
                             $starter = vB_Api::instanceInternal('node')->getNode($node['starter']);
                             $starterUserid = $starter['userid'];
                         }
                     }
                     // They can't view this non-channel node if they just cannot view *any* threads, or if the thread is not theirs and they don't have canviewothers
                     if (!$userContext->getChannelPermission('forumpermissions', 'canviewthreads', $node['nodeid'], false, $node['parentid']) or $starterUserid != $userid and !$userContext->getChannelPermission('forumpermissions', 'canviewothers', $node['nodeid'], false, $node['parentid'])) {
                         return false;
                     }
                 }
                 //If the node is published, we just need to check viewperms.
                 if ($userid > 0 and $node['viewperms'] > 0 and $node['showpublished'] > 0 and $node['showapproved'] > 0) {
                     continue;
                 }
                 //if the user has canalwaysview here, then ... they can view.
                 if ($userContext->getChannelPermission('forumpermissions2', 'canalwaysview', $node['nodeid'], false, $node['parentid'])) {
                     continue;
                 }
                 if ($node['viewperms'] > 1 and $node['showpublished'] > 0 and $node['showapproved'] > 0) {
                     continue;
                 }
                 if (!$node['showapproved'] and !$userContext->getChannelPermission('moderatorpermissions', 'canmoderateposts', $node['nodeid'], false, $node['parentid'])) {
                     return false;
                 }
                 // those with candeleteposts or canremoveposts moderator permissions should be able to view soft-deleted posts
                 if (!$node['showpublished'] and !($userContext->getChannelPermission('moderatorpermissions', 'candeleteposts', $node['nodeid'], false, $node['parentid']) or $userContext->getChannelPermission('moderatorpermissions', 'canremoveposts', $node['nodeid'], false, $node['parentid']))) {
                     return false;
                 }
                 if ($userContext->getChannelPermission('moderatorpermissions', 'caneditposts', $node['nodeid'], false, $node['parentid'])) {
                     continue;
                 }
                 if ($node['viewperms'] == 0) {
                     //Only blog members can view.  We need to find the channel
                     if ($node['contenttypeid'] == vB_Types::instance()->getContentTypeId('vBForum_Channel')) {
                         $checkNodeId = $node['nodeid'];
                     } else {
                         if ($node['starter'] == $node['nodeid']) {
                             //Check for the the parent's parent
                             $checkNodeId = $node['parentid'];
                         } else {
                             // The channel is of course the starter's parent.
                             $starter = vB_Api::instanceInternal('node')->getNode($node['starter']);
                             $checkNodeId = $starter['parentid'];
                         }
                     }
                     $groupInTopic = vB_Api::instanceInternal('user')->getGroupInTopic($userid, $checkNodeId);
                     if (!$groupInTopic or empty($groupInTopic) or !empty($groupInTopic['errors'])) {
                         //someone with moderator permission can view
                         if ($userContext->getChannelPermission('moderatorpermissions', 'caneditposts', $node['nodeid'], false, $node['parentid'])) {
                             continue;
                         }
                         if ($userContext->getChannelPermission('forumpermissions2', 'canalwaysview', $node['nodeid'], false, $node['parentid'])) {
                             continue;
                         }
                         //Not O.K.
                         return false;
                     }
                     $validGroups = vB_Api::instanceInternal('usergroup')->fetchPrivateGroups();
                     $found = false;
                     foreach ($groupInTopic as $pair) {
                         if (in_array($pair['groupid'], $validGroups)) {
                             $found = true;
                             break;
                         }
                     }
                     if (!$found) {
                         return false;
                     }
                 } else {
                     if ($node['viewperms'] == 1 and $userid < 1) {
                         return false;
                     }
                 }
                 if (!$userContext->getChannelPermission('forumpermissions', 'canview', $node['nodeid'], false, $node['parentid'])) {
                     return false;
                 }
             }
             return true;
             break;
         case vB_Api_Content::ACTION_DELETE:
             foreach ($nodes as $node) {
                 if ($node['contenttypeid'] !== vB_Types::instance()->getContentTypeID($this->contenttype)) {
                     throw new vB_Exception_Api('invalid_request');
                 }
                 // Check for Blog Channel - only allow owner to delete the blog
                 // This part should just check for any channel, not a blog but see VBV-7931
                 if ($node['contenttypeid'] === vB_Types::instance()->getContentTypeId('vBForum_Channel')) {
                     if ($userContext->getChannelPermission('forumpermissions2', 'candeletechannel', $node['nodeid']) or $userContext->hasAdminPermission('canadminforums')) {
                         continue;
                     } else {
                         if (vB_Api::instanceInternal('socialgroup')->isSGNode($node['nodeid']) and $node['userid'] === vB::getCurrentSession()->get('userid')) {
                             if (!$userContext->hasPermission('socialgrouppermissions', 'candeleteowngroups')) {
                                 return false;
                             }
                             continue;
                         } else {
                             return false;
                         }
                     }
                 }
                 if (!$userContext->getChannelPermission('moderatorpermissions', 'canremoveposts', $node['nodeid'])) {
                     return false;
                 }
             }
             return true;
             break;
         case vB_Api_Content::ACTION_APPROVE:
             foreach ($nodes as $node) {
                 return $userContext->getChannelPermission('moderatorpermissions', 'canmoderateposts', $node['nodeid']);
             }
             break;
         case vB_Api_Content::ACTION_PUBLISH:
             foreach ($nodes as $node) {
                 return $userContext->getChannelPermission('forumpermissions2', 'canpublish', $node['nodeid']);
             }
             break;
         default:
     }
     // switch
 }
Esempio n. 12
0
 /**
  * Permanently/Temporarily deletes a set of nodes
  *	@param	array	The nodeids of the records to be deleted
  *	@param	bool	hard/soft delete
  *	@param	string	the reason for soft delete (not used for hard delete)
  *	@param	bool	Log the deletes in moderator log
  *  @param	bool	Report node content to spam service
  *
  *	@return	array nodeids that were deleted
  */
 public function deleteNodes($nodeids, $hard = true, $reason = '', $modlog = true, $reportspam = false)
 {
     if (empty($nodeids)) {
         return false;
     }
     //If it's a protected channel, don't allow removal.
     $existing = vB_Library::instance('node')->getNodes($nodeids);
     // need to see if we require authentication
     $currentUserId = vB::getCurrentSession()->get('userid');
     $need_auth = false;
     $moderateInfo = vB::getUserContext()->getCanModerate();
     $allowToDelete = array();
     foreach ($existing as $node) {
         // this is a Visitor Message
         if (!empty($node['setfor']) and $node['setfor'] == $currentUserId) {
             $canModerateOwn = vB::getUserContext()->hasPermission('visitormessagepermissions', 'canmanageownprofile');
             if ($canModerateOwn) {
                 $allowToDelete[$node['nodeid']] = $node['nodeid'];
                 continue;
             }
         } else {
             $canModerateOwn = vB::getUserContext()->getChannelPermission('forumpermissions2', 'canmanageownchannels', $node['nodeid']);
         }
         // check if this is the owner of a blog that needs to moderate the comments
         if (!empty($moderateInfo['can']) or $canModerateOwn) {
             // let's get the channel node
             $channelid = vB_Library::instance('node')->getChannelId($node);
             if ($channelid == $node['nodeid']) {
                 $channel = $node;
             } else {
                 $channel = vB_Library::instance('node')->getNodeBare($channelid);
             }
             // this channel was created by the current user so we don't need the auth check
             if ((in_array($channelid, $moderateInfo['can']) or $canModerateOwn) and $channel['userid'] == $currentUserId) {
                 $allowToDelete[$node['nodeid']] = $node['nodeid'];
                 continue;
             }
         }
         if ($node['userid'] != $currentUserId) {
             $need_auth = true;
             break;
         }
     }
     $userContext = vB::getUserContext();
     // VBV-12184 Only moderators should get the inline mod auth prompt
     if (($need_auth or $reportspam) and $userContext->isModerator()) {
         $this->inlinemodAuthCheck();
     }
     $deleteNodeIds = array();
     $ancestorsId = $starters = array();
     $vmChannel = $this->fetchVMChannel();
     $contenttype_Channel = vB_Types::instance()->getContentTypeId('vBForum_Channel');
     foreach ($existing as $node) {
         //Check for protected- O.K. if it's not a channel.
         if ($node['protected'] and $node['contenttypeid'] == $contenttype_Channel) {
             throw new vB_Exception_Api('invalid_request');
         }
         // note that canremoveposts gives them ONLY physical-delete permissions, not soft delete.
         $canDeleteAsMod = ($userContext->getChannelPermission('moderatorpermissions', 'canremoveposts', $node['nodeid']) and $hard or $userContext->getChannelPermission('moderatorpermissions', 'candeleteposts', $node['nodeid']) and !$hard);
         $canSoftDeleteOwn = ($node['userid'] == $currentUserId and !$hard and ($node['starter'] == $node['nodeid'] and $userContext->getChannelPermission('forumpermissions', 'candeletethread', $node['nodeid']) or $node['starter'] != $node['nodeid'] and $userContext->getChannelPermission('forumpermissions', 'candeletepost', $node['nodeid'])));
         $canSoftDeleteOthers = ($node['userid'] != $currentUserId and !$hard and $userContext->getChannelPermission('forumpermissions2', 'candeleteothers', $node['nodeid']));
         // if they're not allowed to delete this node let's throw an exception in their face
         if (!(array_key_exists($node['nodeid'], $allowToDelete) or $canDeleteAsMod or $canSoftDeleteOwn or $canSoftDeleteOthers)) {
             throw new vB_Exception_Api('no_permission');
         }
         if ($node['parentid'] == $vmChannel and $node['setfor'] == $currentUserId) {
             $vm_user = vB_User::fetchUserinfo($node['setfor']);
             if (!vB::getUserContext($vm_user['userid'])->hasPermission('genericpermissions', 'canviewmembers')) {
                 throw new vB_Exception_Api('no_permission');
             }
         }
         array_push($deleteNodeIds, $node['nodeid']);
         if (!empty($node['starter'])) {
             $starters[] = $node['starter'];
         }
         $parents = $this->library->fetchClosureParent($node['nodeid']);
         foreach ($parents as $parent) {
             if ($parent['depth'] > 0) {
                 $ancestorsId[] = $parent['parent'];
             }
         }
     }
     $ancestorsId = array_unique($ancestorsId);
     if (empty($deleteNodeIds)) {
         return array();
     }
     return $this->library->deleteNodes($deleteNodeIds, $hard, $reason, $ancestorsId, $starters, $modlog, $reportspam);
 }
Esempio n. 13
0
 /**
  * Add a new phrase or update an existing phrase
  * @param string $fieldname New Phrase Type for adding, old Phrase Type for editing
  * @param string $varname New Varname for adding, old Varname for editing
  * @param array $data Phrase data to be added or updated
  *              'text' => Phrase text array.
  *              'oldvarname' => Old varname for editing only
  *              'oldfieldname' => Old fieldname for editing only
  *              't' =>
  *              'ismaster' =>
  *              'product' => Product ID of the phrase
  * @return void
  */
 public function save($fieldname, $varname, $data)
 {
     $fieldname = trim($fieldname);
     $varname = trim($varname);
     $vb5_config =& vB::getConfig();
     $install = false;
     if (defined('VBINSTALL') and VBINSTALL) {
         $install = true;
     }
     $session = vB::getCurrentSession();
     if (!empty($session)) {
         $userinfo = $session->fetch_userinfo();
     } else {
         $userinfo = vB_User::fetchUserinfo(1);
     }
     require_once DIR . '/includes/adminfunctions.php';
     $full_product_info = fetch_product_list(true);
     if (empty($varname)) {
         throw new vB_Exception_Api('please_complete_required_fields');
     }
     if (!preg_match('#^[' . self::VALID_CLASS . ']+$#', $varname)) {
         throw new vB_Exception_Api('invalid_phrase_varname');
     }
     require_once DIR . '/includes/functions_misc.php';
     foreach ($data['text'] as $text) {
         if (!validate_string_for_interpolation($text)) {
             throw new vB_Exception_Api('phrase_text_not_safe', array($varname));
         }
     }
     // it's an update
     if (!empty($data['oldvarname']) and !empty($data['oldfieldname'])) {
         if (vB::getDbAssertor()->getField('phrase_fetchid', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'varname' => $varname))) {
             // Don't check if we are moving a phrase to another group but keeping the same name. See VBV-4192.
             if ($varname != $data['oldvarname'] and $fieldname != $data['oldfieldname']) {
                 throw new vB_Exception_Api('there_is_already_phrase_named_x', array($varname));
             }
             if ($varname != $data['oldvarname']) {
                 throw new vB_Exception_Api('variable_name_exists', array($data['oldvarname'], $varname));
             }
         }
         if (!is_array($data['oldfieldname'])) {
             $data['oldfieldname'] = array($data['oldfieldname']);
         }
         if (!in_array($fieldname, $data['oldfieldname'])) {
             $data['oldfieldname'][] = $fieldname;
         }
         // delete old phrases
         vB::getDbAssertor()->assertQuery('deleteOldPhrases', array('varname' => $data['oldvarname'], 'fieldname' => $data['oldfieldname'], 't' => $data['t'], 'debug' => empty($data['skipdebug']) && ($vb5_config['Misc']['debug'] or $install)));
         $update = 1;
         $this->setPhraseDate();
     }
     if (empty($update)) {
         if (empty($data['text'][0]) and $data['text'][0] != '0' and !$data['t'] or empty($varname)) {
             throw new vB_Exception_Api('please_complete_required_fields');
         }
         if (vB::getDbAssertor()->getField('phrase_fetchid', array('varname' => $varname, 'fieldname' => $fieldname))) {
             throw new vB_Exception_Api('there_is_already_phrase_named_x', array($varname));
         }
     }
     if ($data['ismaster']) {
         if (($vb5_config['Misc']['debug'] or $install) and !$data['t']) {
             /*insert query*/
             vB::getDbAssertor()->assertQuery('phrase', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_REPLACE, 'languageid' => -1, 'varname' => $varname, 'text' => $data['text'][0], 'fieldname' => $fieldname, 'product' => $data['product'], 'username' => $userinfo['username'], 'dateline' => vB::getRequest()->getTimeNow(), 'version' => $full_product_info[$data['product']]['version']));
         }
         unset($data['text'][0]);
     }
     foreach ($data['text'] as $_languageid => $txt) {
         $_languageid = intval($_languageid);
         if (!empty($txt) or $txt == '0') {
             /*insert query*/
             vB::getDbAssertor()->assertQuery('phrase', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_REPLACE, 'languageid' => $_languageid, 'varname' => $varname, 'text' => $txt, 'fieldname' => $fieldname, 'product' => $data['product'], 'username' => $userinfo['username'], 'dateline' => vB::getRequest()->getTimeNow(), 'version' => $full_product_info[$data['product']]['version']));
         }
     }
     require_once DIR . '/includes/adminfunctions.php';
     require_once DIR . '/includes/adminfunctions_language.php';
     build_language(-1);
 }
Esempio n. 14
0
/**
 * (Re)Generates an Activation ID for a user
 *
 * @param	integer	User's ID
 * @param	integer	The group to move the user to when they are activated
 * @param	integer	0 for Normal Activation, 1 for Forgotten Password
 * @param	boolean	Whether this is an email change or not
 *
 * @return	string	The Activation ID
 *
 */
function build_user_activation_id($userid, $usergroupid, $type, $emailchange = 0)
{
    global $vbulletin;
    if ($usergroupid == 3 or $usergroupid == 0) {
        // stop them getting stuck in email confirmation group forever :)
        $usergroupid = 2;
    }
    vB::getDbAssertor()->assertQuery('useractivation', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_DELETE, 'userid' => $userid, 'type' => $type));
    $activateid = fetch_random_string(40);
    /*insert query*/
    vB::getDbAssertor()->assertQuery('user_replaceuseractivation', array('userid' => $userid, 'timenow' => vB::getRequest()->getTimeNow(), 'activateid' => $activateid, 'type' => $type, 'usergroupid' => $usergroupid, 'emailchange' => intval($emailchange)));
    if ($userinfo = vB_User::fetchUserinfo($userid)) {
        $userdata = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_SILENT);
        $userdata->set_existing($userinfo);
        $userdata->set_bitfield('options', 'noactivationmails', 0);
        $userdata->save();
    }
    return $activateid;
}
Esempio n. 15
0
 /** Adds optional content information for a single node.
  * 	At the time of this writing it understands showVM and withParent
  *
  *	@param	mixed	the assembled array of node info
  * 	@param	mixed	optional array of optional information
  *
  ***/
 protected function addOptionalNodeContentInfo(&$node, $options = false)
 {
     //We always need to add avatar information
     $userApi = vB_Api::instanceInternal('user');
     $useridAvatarsToFetch = array();
     if (!empty($node['userid'])) {
         $useridAvatarsToFetch[] = $node['userid'];
     }
     if (!empty($node['lastauthorid']) and $node['lastauthorid'] > 0) {
         $useridAvatarsToFetch[] = $node['lastauthorid'];
     }
     if (!empty($node['deleteuserid']) and !isset($node['deleteusername'])) {
         $node['deleteusername'] = $userApi->fetchUserName($node['deleteuserid']);
     }
     if (!empty($useridAvatarsToFetch)) {
         $avatarsurl = $userApi->fetchAvatars($useridAvatarsToFetch, true);
         if (!empty($node['userid'])) {
             $node['avatar'] = $avatarsurl[$node['userid']];
         }
         if (!empty($node['lastauthorid']) and $node['lastauthorid'] > 0 and !empty($avatarsurl[$node['lastauthorid']])) {
             $node['avatar_last_poster'] = $avatarsurl[$node['lastauthorid']];
         }
     }
     if (!empty($options['showVM']) and !empty($node)) {
         //We have the node. Now query for which are VM's
         $vMs = $this->fetchClosureParent($node['nodeid'], vB_Api::instanceInternal('node')->fetchVMChannel());
         if (!empty($vMs)) {
             foreach ($vMs as $closureRecord) {
                 $key = $closureRecord['child'];
                 if ($key == $node['nodeid']) {
                     $node['isVisitorMessage'] = 1;
                     $vm_userInfo = vB_User::fetchUserinfo($node['setfor']);
                     $node['vm_userInfo'] = array('userid' => $vm_userInfo['userid'], 'username' => $vm_userInfo['username'], 'rank' => $vm_userInfo['rank'], 'usertitle' => $vm_userInfo['usertitle'], 'joindate' => $vm_userInfo['joindate'], 'posts' => $vm_userInfo['posts'], 'customtitle' => $vm_userInfo['customtitle'], 'userfield' => array());
                     $vmAvatar = $userApi->fetchAvatar($node['setfor'], true, $vm_userInfo);
                     if (is_array($vmAvatar)) {
                         $node['vm_userInfo'] = array_merge($node['vm_userInfo'], $vmAvatar);
                     }
                 }
             }
         } else {
             $node['isVisitorMessage'] = 0;
             $node['vm_userInfo'] = array();
         }
     }
     if (!empty($options['withParent']) and !empty($node)) {
         $parentid = 0;
         if ($node['nodeid'] != $node['starter'] and $node['parentid'] != $node['starter'] and $node['contenttypeid'] != $this->channelTypeId) {
             $parentid = $node['parentid'];
         }
         //If we had no comments in the list, we're done.
         if (!empty($parentid)) {
             $parent = $this->getNodeFullContent($parentid);
             $node['parentConversation'] = $parent;
         }
     }
 }
Esempio n. 16
0
 public function getUrl()
 {
     if (empty($this->arguments['title'])) {
         $node = vB_Library::instance('node')->getNodeBare($this->arguments['nodeid']);
         if (empty($node) or !empty($node['errors'])) {
             return FALSE;
         }
         if ($node['urlident']) {
             $this->arguments['title'] = $node['urlident'];
         } else {
             $this->arguments['title'] = vB_String::getUrlIdent($node['title']);
         }
     }
     if (empty($this->arguments['userid'])) {
         if (!isset($node['nodeid'])) {
             $node = vB_Library::instance('node')->getNodeBare($this->arguments['nodeid']);
         }
         if ($node['setfor']) {
             $user = vB_User::fetchUserinfo($node['setfor']);
             $this->arguments['userid'] = $user['userid'];
             $this->arguments['username'] = $user['username'];
         }
     }
     $url = '/member/' . $this->arguments['userid'] . '-' . vB_String::getUrlIdent($this->arguments['username']) . '/visitormessage/' . $this->arguments['nodeid'] . '-' . vB_String::vBStrToLower(vB_String::htmlSpecialCharsUni(str_replace(' ', '-', $this->arguments['title'])));
     if (strtolower(vB_String::getCharset()) != 'utf-8') {
         $url = vB_String::encodeUtf8Url($url);
     }
     return $url;
 }
Esempio n. 17
0
        vB_Api::instanceInternal('user')->updateAccess($vbulletin->GPC['userid'], $vbulletin->GPC['accessupdate']);
    } catch (vB_Exception_Api $e) {
        $errors = $e->get_errors();
        if (!empty($errors)) {
            $error = array_shift($errors);
            print_stop_message2($error[0]);
        }
        print_stop_message2('error');
    }
    print_stop_message2('saved_access_masks_successfully', 'user', array('do' => 'edit', 'u' => $vbulletin->GPC['userid']));
}
// ###################### Start modify #######################
if ($_REQUEST['do'] == 'modify') {
    $vbulletin->input->clean_array_gpc('r', array('userid' => vB_Cleaner::TYPE_INT, 'insertedadmin' => vB_Cleaner::TYPE_INT));
    if ($vbulletin->GPC['userid']) {
        $userinfo = vB_User::fetchUserinfo($vbulletin->GPC['userid']);
        //$userinfo = fetch_userinfo($vbulletin->GPC['userid']);
        if (!$userinfo) {
            print_stop_message2('invalid_user_specified');
        }
        print_form_header('user', 'edit', 0, 1, 'reviewform');
        print_table_header($userinfo['username'], 2, 0, '', 'center', 0);
        construct_hidden_code('userid', $vbulletin->GPC['userid']);
        print_description_row(construct_link_code($vbphrase['view_profile'], "user.php?" . vB::getCurrentSession()->get('sessionurl') . "do=edit&amp;u=" . $vbulletin->GPC['userid']) . iif($vbulletin->GPC['insertedadmin'], '<br />' . construct_link_code('<span style="color:red;"><strong>' . $vbphrase['update_or_add_administration_permissions'] . '</strong></span>', "adminpermissions.php?" . vB::getCurrentSession()->get('sessionurl') . "do=edit&amp;u=" . $vbulletin->GPC['userid'])));
        print_table_footer();
    }
    print_form_header('', '');
    print_table_header($vbphrase['quick_search']);
    print_description_row("\n\t\t<ul>\n\t\t\t<li><a href=\"user.php?" . vB::getCurrentSession()->get('sessionurl') . "do=find\">" . $vbphrase['show_all_users'] . "</a></li>\n\t\t\t<li><a href=\"user.php?" . vB::getCurrentSession()->get('sessionurl') . "do=find&amp;orderby=posts&amp;direction=DESC&amp;limitnumber=30\">" . $vbphrase['list_top_posters'] . "</a></li>\n\t\t\t<li><a href=\"user.php?" . vB::getCurrentSession()->get('sessionurl') . "do=find&amp;user[lastactivityafter]=" . (TIMENOW - 86400) . "&amp;orderby=lastactivity&amp;direction=DESC\">" . $vbphrase['list_visitors_in_the_last_24_hours'] . "</a></li>\n\t\t\t<li><a href=\"user.php?" . vB::getCurrentSession()->get('sessionurl') . "do=find&amp;orderby=joindate&direction=DESC&amp;limitnumber=30\">" . $vbphrase['list_new_registrations'] . "</a></li>\n\t\t\t<li><a href=\"user.php?" . vB::getCurrentSession()->get('sessionurl') . "do=moderate\">" . $vbphrase['list_users_awaiting_moderation'] . "</a></li>\n\t\t\t<li><a href=\"user.php?" . vB::getCurrentSession()->get('sessionurl') . "do=find&amp;user[coppauser]=1\">" . $vbphrase['show_all_coppa_users'] . "</a></li>\n\t\t</ul>\n\t");
    print_table_footer();
    print_form_header('user', 'find');
Esempio n. 18
0
 protected function addFollow($userId)
 {
     $valid = $this->validate($userId);
     if ($valid['canproceed'] == true) {
         $userInfo = vB_User::fetchUserinfo($userId);
         $bitfields = vB::getDatastore()->get_value('bf_misc');
         if ($valid['hasRelation']) {
             $params = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_UPDATE, vB_dB_Query::CONDITIONS_KEY => array('userid' => vB::getUserContext()->fetchUserId(), 'relationid' => $userId), 'type' => 'follow');
         } else {
             $params = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT, 'type' => 'follow', 'userid' => vB::getUserContext()->fetchUserId(), 'relationid' => $userId);
         }
         if ($userInfo['options'] & $bitfields['useroptions']['moderatefollowers']) {
             $userInfo = vB::getCurrentSession()->fetch_userinfo();
             $request = vB_Library::instance('content_privatemessage')->addMessageNoFlood(array('msgtype' => 'request', 'sentto' => $userId, 'aboutid' => vB::getCurrentSession()->get('userid'), 'about' => 'follow', 'sender' => $userInfo['userid']));
             $params['friend'] = 'pending';
         } else {
             $params['friend'] = 'yes';
             // send following notification
             $recipients = array($userId);
             $contextData = array('sender' => vB::getUserContext()->fetchUserId());
             vB_Library::instance('notification')->triggerNotificationEvent('user-added-follow-user', $contextData, $recipients);
             vB_Library::instance('notification')->insertNotificationsToDB();
         }
         $this->assertor->assertQuery('userlist', $params);
         /** Needed for followers subscriptions */
         $currentUser = vB::getUserContext()->fetchUserId();
         $followingRec = $this->assertor->getRow('userlist', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, vB_dB_Query::CONDITIONS_KEY => array('userid' => $userId, 'relationid' => $currentUser, 'type' => 'follow')));
         if ($followingRec and !empty($followingRec) and $followingRec['friend'] == 'no') {
             $this->assertor->update('userlist', array('friend' => 'yes'), array('userid' => $userId, 'relationid' => $currentUser, 'type' => 'follow'));
         }
     } else {
         foreach ($valid['errors'] as $error) {
             throw new vB_Exception_Api($error);
         }
     }
 }
Esempio n. 19
0
 /**
  * Replace securitytoken
  *
  */
 public function actionReplaceSecurityToken()
 {
     $userinfo = vB_User::fetchUserinfo();
     return array('newtoken' => $userinfo['securitytoken']);
 }
Esempio n. 20
0
                #$upload->allowanimation = ($userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cananimateprofilepic']) ? true : false;
            }
        }
        if (!$upload->process_upload($vbulletin->GPC['profilepicurl'])) {
            print_stop_message2(array('there_were_errors_encountered_with_your_upload_x', $upload->fetch_error()));
        }
    } else {
        $userpic = new vB_Datamanager_Userpic_Profilepic($vbulletin, vB_DataManager_Constants::ERRTYPE_CP, 'userpic');
        $userpic->condition = array(array('field' => 'userid', 'value' => $userinfo['userid'], 'operator' => vB_dB_Query::OPERATOR_EQ));
        $userpic->delete();
    }
    print_stop_message2('saved_profile_picture_successfully', 'user', array('do' => 'edit', 'u' => $userinfo['userid']));
}
// ###################### Start modify Signature Pic ###########
if ($_REQUEST['do'] == 'sigpic') {
    $userinfo = vB_User::fetchUserinfo($vbulletin->GPC['userid'], array(vB_Api_User::USERINFO_SIGNPIC));
    if (!$userinfo) {
        print_stop_message2('invalid_user_specified');
    }
    if ($userinfo['sigpicwidth'] and $userinfo['sigpicheight']) {
        $size = " width=\"{$userinfo['sigpicwidth']}\" height=\"{$userinfo['sigpicheight']}\" ";
    }
    print_form_header('usertools', 'updatesigpic', 1);
    construct_hidden_code('userid', $userinfo['userid']);
    print_table_header($vbphrase['change_signature_picture'] . ": <span class=\"normal\">{$userinfo['username']}</span>");
    if ($userinfo['sigpic']) {
        $userinfo['sigpicurl'] = vB::getDatastore()->getOption('frontendurl') . '/filedata/fetch?filedataid=' . $userinfo['sigpicfiledataid'] . '&amp;sigpic=1';
        print_description_row("<div align=\"center\"><img src=\"{$userinfo['sigpicurl']}\" {$size} alt=\"\" title=\"" . construct_phrase($vbphrase['xs_picture'], $userinfo['username']) . "\" /></div>");
        print_yes_no_row($vbphrase['use_signature_picture'], 'usesigpic', 1);
    } else {
        construct_hidden_code('usesigpic', 1);
Esempio n. 21
0
 /**
  * Checks if userid's notification options for notification type
  *
  * @return boolean	true if user should receive the notificationType
  */
 public function userReceivesNotification($userid, $notificationType)
 {
     // grab bitfield masks for notification options
     $bf_masks = vB::getDatastore()->getValue('bf_misc_usernotificationoptions');
     // each notification type should have an option linked to it.
     // note that NOTIFICATION_TYPE_MODERATE should not exist anymore. Mod messages go to
     // the pending posts folder
     $notificationOptionBitfields = array(self::NOTIFICATION_TYPE_VOTE => $bf_masks['general_voteconvs'], self::NOTIFICATION_TYPE_VOTEREPLY => $bf_masks['general_votereplies'], self::NOTIFICATION_TYPE_RATE => $bf_masks['general_likespost'], self::NOTIFICATION_TYPE_REPLY => $bf_masks['discussions_on'], self::NOTIFICATION_TYPE_COMMENT => $bf_masks['discussion_comment'], self::NOTIFICATION_TYPE_THREADCOMMENT => $bf_masks['discussions_on'], self::NOTIFICATION_TYPE_FOLLOW => $bf_masks['general_followrequest'], self::NOTIFICATION_TYPE_FOLLOWING => $bf_masks['general_followsyou'], self::NOTIFICATION_TYPE_VM => $bf_masks['general_vm'], self::NOTIFICATION_TYPE_USERMENTION => $bf_masks['general_usermention']);
     // grab user info
     $userInfo = vB_User::fetchUserinfo($userid);
     // if it has an option, check it. Notifications without an option are sent by default
     if (array_key_exists($notificationType, $notificationOptionBitfields)) {
         // check options
         return ($userInfo['notification_options'] & $notificationOptionBitfields[$notificationType]) == true;
     } else {
         // no option for this notification type, send notification
         return true;
     }
 }
Esempio n. 22
0
 public function sendActivateEmail($userid)
 {
     $userinfo = vB_User::fetchUserinfo($userid);
     if (empty($userinfo)) {
         throw new vB_Exception_Api('invaliduserid');
     }
     if ($userinfo['usergroupid'] != 3) {
         // Already activated
         throw new vB_Exception_Api('activate_wrongusergroup');
     }
     $vboptions = vB::getDatastore()->getValue('options');
     $coppauser = false;
     if (!empty($userinfo['birthdaysearch'])) {
         $birthday = $userinfo['birthdaysearch'];
     } else {
         //we want YYYY-MM-DD for the coppa check but normally we store MM-DD-YYYY
         $birthday = $userinfo['birthday'];
         if (strlen($birthday) >= 6 and $birthday[2] == '-' and $birthday[5] == '-') {
             $birthday = substr($birthday, 6) . '-' . substr($birthday, 0, 2) . '-' . substr($birthday, 3, 2);
         }
     }
     if ($vboptions['usecoppa'] == 1 and $this->needsCoppa($birthday)) {
         $coppauser = true;
     }
     $username = trim(unhtmlspecialchars($userinfo['username']));
     require_once DIR . '/includes/functions_user.php';
     // Try to get existing activateid from useractivation table
     $useractivation = vB::getDbAssertor()->getRow('useractivation', array('userid' => $userinfo['userid']));
     if ($useractivation) {
         $activateid = fetch_random_string(40);
         vB::getDbAssertor()->update('useractivation', array('dateline' => vB::getRequest()->getTimeNow(), 'activationid' => $activateid), array('userid' => $userinfo['userid'], 'type' => 0));
     } else {
         $activateid = build_user_activation_id($userinfo['userid'], ($vboptions['moderatenewmembers'] or $coppauser) ? 4 : 2, 0);
     }
     $maildata = vB_Api::instanceInternal('phrase')->fetchEmailPhrases('activateaccount', array($username, $vboptions['bbtitle'], $vboptions['frontendurl'], $userinfo['userid'], $activateid, $vboptions['webmasteremail']), array($username), $userinfo['languageid']);
     vB_Mail::vbmail($userinfo['email'], $maildata['subject'], $maildata['message'], true);
 }
Esempio n. 23
0
 /**
  * Generate a cache key for the first pass of getSearchResults. Build key based on:
  * usergroupids, infractiongroupids, search json, search sort order, search sort by,
  * moderated channels
  *
  * @param vB_Search_Criteria
  *
  * @staticvar array	$hashResult	Array to build hash from
  * @return string
  */
 public static function getTwoPassCacheKey(vB_Search_Criteria $criteria)
 {
     $cacheTTL = vB_Api_Search::getCacheTTL();
     if ($cacheTTL < 1) {
         return false;
     }
     $channelAccess = vB::getUserContext()->getAllChannelAccess();
     $currentUserId = vB::getCurrentSession()->get('userid');
     // Don't use cache if we have a GIT record
     if (!empty($channelAccess['member'])) {
         return false;
     }
     // Not 100% set on this but it seems adding further nodes to the result set
     // could introduce nodes that were grabbed based on nodes that might
     // end up removed on the second pass
     if ($criteria->get_post_processors()) {
         return false;
     }
     $json = $criteria->getJSON();
     //$json['disable_two_pass'] = true;
     if (!empty($json['disable_two_pass']) or !empty($json['my_following']) and !empty($currentUserId) or !empty($json[vB_Api_Search::FILTER_FOLLOW]) or !empty($json['private_messages_only']) or !empty($json['include_private_messages']) or !empty($json['date']) and $json['date'] == vB_Api_Search::FILTER_LASTVISIT or !empty($json['unread_only']) or !empty($json['author']) and !empty($json['exactname']) and ($json['author'] == 'myFriends' or $json['author'] == 'iFollow')) {
         return false;
     }
     // Don't cache for globally ignored users
     if (!empty($currentUserId)) {
         $globalignore = trim(vB::getDatastore()->getOption('globalignore'));
         if (!empty($globalignore)) {
             $blocked = preg_split('#\\s+#s', $globalignore, -1, PREG_SPLIT_NO_EMPTY);
             $bbuserkey = array_search($currentUserId, $blocked);
             if ($bbuserkey !== FALSE and $bbuserkey !== NULL) {
                 return false;
             }
         }
     }
     if (isset($json['ignored_words'])) {
         unset($json['ignored_words']);
     }
     if (isset($json['original_keywords'])) {
         unset($json['original_keywords']);
     }
     // Make sure ugids and ifids are in a consistent order
     $ugids = $ifids = $mod = '';
     $userinfo = vB_User::fetchUserinfo();
     if (!empty($userinfo['membergroupids']) and trim($userinfo['membergroupids']) != '' and $ugids = explode(',', str_replace(' ', '', $userinfo['membergroupids']))) {
         $ugids[] = $userinfo['usergroupid'];
         sort($ugids, SORT_NUMERIC);
         $ugids = array_unique($ugids, SORT_NUMERIC);
         $ugids = implode(',', $ugids);
     } else {
         $ugids = $userinfo['usergroupid'];
     }
     $ifid = !empty($userinfo['infractiongroupid']) ? intval($userinfo['infractiongroupid']) : 0;
     if (!empty($userinfo['infractiongroupids']) and trim($userinfo['infractiongroupids']) != '' and $ifids = explode(',', str_replace(' ', '', $userinfo['infractiongroupids']))) {
         if ($ifid) {
             $ifids[] = $ifid;
         }
         sort($ifids, SORT_NUMERIC);
         $ifids = array_unique($ifids, SORT_NUMERIC);
         $ifids = implode(',', $ifids);
     } else {
         if ($ifid) {
             $ifids = $ifid;
         }
     }
     if (!empty($channelAccess['canmoderate'])) {
         $mod = $channelAccess['canmoderate'];
         sort($mod, SORT_NUMERIC);
         $mod = array_unique($mod, SORT_NUMERIC);
         $mod = implode(',', $mod);
     }
     $hashResult = array('json' => $json, 'so' => $criteria->get_sort_field(), 'sb' => $criteria->get_sort_direction(), 'ul' => vB::getUserContext()->getUserLevel(), 'ug' => $ugids);
     if (!empty($ifids)) {
         $hashResult['if'] = $ifids;
     }
     if (!empty($mod)) {
         $hashResult['mod'] = $mod;
     }
     return 'getSearchResults_' . md5(serialize($hashResult));
 }