public function dismiss($noticeid) { $userinfo = vB::getCurrentSession()->fetch_userinfo(); if (!$userinfo['userid']) { throw new vB_Exception_Api('no_permission'); } $noticecache = vB::getDatastore()->getValue('noticecache'); if (!$noticecache[$noticeid]['dismissible']) { throw new vB_Exception_Api('notice_not_dismissible'); } $this->assertor->assertQuery('vBForum:dismissnotice', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'noticeid' => intval($noticeid), 'userid' => $userinfo['userid'])); return true; }
public function hasAdminPermission($permission) { // if user is super admin if ($this->userIsSuperAdmin) { return true; } $full_admin = $this->basicAdminControl(); if ($full_admin !== 0) { return $full_admin > 0; } $bf_ugp_adminpermissions = $this->datastore->get_value('bf_ugp_adminpermissions'); if (!isset($this->admin_info)) { $result = $this->assertor->assertQuery('vBForum:administrator', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, 'userid' => $this->userid)); if ($result->valid()) { $this->admin_info = $result->current(); //two "admin" permissions are actually stored at the usergroup level. Copy them here. if ($this->permissionContext->hasPermission('adminpermissions', 'cancontrolpanel')) { $this->admin_info['adminpermissions'] |= $bf_ugp_adminpermissions['cancontrolpanel']; } if ($this->permissionContext->hasPermission('adminpermissions', 'ismoderator')) { $this->admin_info['adminpermissions'] |= $bf_ugp_adminpermissions['ismoderator']; } } else { return false; } } return (bool) ($this->admin_info['adminpermissions'] & $bf_ugp_adminpermissions[$permission]); }
public function shutdown() { if (!empty($this->locked)) { foreach ($this->locked as $cacheid) { unset($this->recordsToSave[$cacheid]); } } if (!empty($this->recordsToSave)) { $this->assertor->assertQuery('saveDbCache', array('cache' => $this->recordsToSave)); } if (!empty($this->newEvents)) { foreach ($this->newEvents as $cacheid => $events) { if (!empty($this->recordsToSave[$cacheid]['events']) and is_array($this->recordsToSave[$cacheid]['events']) and is_array($events)) { $this->newEvents[$cacheid] = array_diff($this->newEvents[$cacheid], $this->recordsToSave[$cacheid]['events']); //now it's possible they are all overlap if (empty($this->newEvents[$cacheid])) { unset($this->newEvents[$cacheid]); } } } if (!empty($this->newEvents)) { $this->assertor->assertQuery('saveDbCacheEvents', array('events' => $this->newEvents)); } } $this->recordsToSave = array(); $this->newEvents = array(); $this->no_values = array(); $this->values_read = array(); }
/** * Check a list of nodes and see whether the user has voted them * * @param array $nodeIds A list of Nodes to be checked * @param int $userid User ID to be checked. If not there, currently logged-in user will be checked. * * @return int[] Node IDs that the user has voted. Keyed by nodeid. */ public function fetchNodeVotes(array $nodeIds, $userid = 0) { if (!$userid) { $userid = vB::getCurrentSession()->get('userid'); // TODO: implement guest votes? if ($userid == 0) { return $nodeIds; } } $nodeIds = array_diff($nodeIds, $this->nodevotescache, $this->notVoted); if ($nodeIds) { $nodes = $this->assertor->assertQuery('vBForum:getNodeVotes', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'userid' => $userid, 'nodeid' => $nodeIds)); foreach ($nodes as $node) { $this->nodevotescache[$node['nodeid']] = $node['nodeid']; $key = array_search($node['nodeid'], $nodeIds); if ($key !== false) { unset($nodeIds[$key]); } } } //If we have any nodeIds left, those are nodes for which this user has not voted. // Let's store that to prevent additional queries. if (!empty($nodeIds)) { $this->notVoted = array_merge($this->notVoted, $nodeIds); } return $this->nodevotescache; }
/** * Verifies that the provided username is valid, and attempts to correct it if it is not valid * * @param string Username * * @return boolean Returns true if the username is valid, or has been corrected to be valid */ function verify_username(&$username) { // this is duplicated from the user manager // fix extra whitespace and invisible ascii stuff $username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' '))); $username_raw = $username; $username = vB_String::cleanUserName($username); $username = str_replace(chr(0), '', $username); $username = trim($username); $length = vB_String::vbStrlen($username); if ($length < $this->registry->options['minuserlength']) { // name too short $this->error('usernametooshort', $this->registry->options['minuserlength']); return false; } else { if ($length > $this->registry->options['maxuserlength']) { // name too long $this->error('usernametoolong', $this->registry->options['maxuserlength']); return false; } else { if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) { // name contains semicolons $this->error('username_contains_semi_colons'); return false; } else { if ($username != fetch_censored_text($username)) { // name contains censored words $this->error('censorfield'); return false; } else { $result = $this->assertor->assertQuery('verifyUsername', array('userid' => intval($this->existing['userid']), 'username' => vB_String::htmlSpecialCharsUni($username), 'username_raw' => vB_String::htmlSpecialCharsUni($username_raw))); if ($result->valid() and $result->current()) { // name is already in use $this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl')); return false; } else { if (!empty($this->registry->options['illegalusernames'])) { // check for illegal username $usernames = preg_split('/[ \\r\\n\\t]+/', $this->registry->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY); foreach ($usernames as $val) { if (strpos(strtolower($username), strtolower($val)) !== false) { // wierd error to show, but hey... $this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl')); return false; } } } } } } } } // if we got here, everything is okay $username = vB_String::htmlSpecialCharsUni($username); return true; }
/** * Fetch Human Verification Image Data * * @param $hash * @return array 'type' => Image type 'data' => Image binary data */ public function fetchHvImage($hash = '') { $vboptions = vB::getDatastore()->getValue('options'); $moveabout = true; if (!$hash or $hash == 'test' or $vboptions['hv_type'] != 'Image') { $imageinfo = array('answer' => 'vBulletin'); $moveabout = $hash == 'test' ? true : false; } else { if (!($imageinfo = $this->assertor->getRow('humanverify', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, 'hash' => $hash, 'viewed' => 0)))) { return array('type' => 'gif', 'data' => file_get_contents(DIR . '/' . $vboptions['cleargifurl'])); } else { $this->assertor->assertQuery('humanverify', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_UPDATE, 'viewed' => 1, vB_dB_Query::CONDITIONS_KEY => array('hash' => $hash, 'viewed' => 0))); if ($this->assertor->affected_rows() == 0) { // image managed to get viewed by someone else between the $imageinfo query above and now return array('type' => 'gif', 'data' => file_get_contents(DIR . '/' . $vboptions['cleargifurl'])); } } } $image = vB_Image::instance(); $imageInfo = $image->getImageFromString($imageinfo['answer'], $moveabout); return array('type' => $imageInfo['filetype'], 'data' => $imageInfo['filedata']); }
/** * Updates this user's CSS cache. * * @return string Compiled CSS */ function update_css_cache() { $buildcss = $this->build_css(); $this->assertor->assertQuery('replaceUserCssCache', array('usercss' => $this->userid, 'cachedcss' => $buildcss, 'buildpermissions' => intval($this->permissions['usercsspermissions']))); return $buildcss; }
/** * Validates the provided value of a setting against its datatype. * Extracted from adminfunctions_options * * @param mixed (ref) Setting value * @param string Setting datatype ('number', 'boolean' or other) * @param boolean Represent boolean with 1/0 instead of true/false * @param boolean Query database for username type * * @return mixed Setting value */ protected function validate_setting_value(&$value, $datatype, $bool_as_int = true, $username_query = true) { switch ($datatype) { case 'number': $value += 0; break; case 'integer': $value = intval($value); break; case 'arrayinteger': $key = array_keys($value); $size = sizeOf($key); for ($i = 0; $i < $size; $i++) { $value[$key[$i]] = intval($value[$key[$i]]); } break; case 'arrayfree': $key = array_keys($value); $size = sizeOf($key); for ($i = 0; $i < $size; $i++) { $value[$key[$i]] = trim($value[$key[$i]]); } break; case 'posint': $value = max(1, intval($value)); break; case 'boolean': $value = $bool_as_int ? $value ? 1 : 0 : ($value ? true : false); break; case 'bitfield': if (is_array($value)) { $bitfield = 0; foreach ($value as $bitval) { $bitfield += $bitval; } $value = $bitfield; } else { $value += 0; } break; case 'username': $value = trim($value); if ($username_query) { if (empty($value)) { $value = 0; } else { $result = $this->db_assertor->assertQuery('user', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, 'username' => htmlspecialchars_uni($value))); if ($result->valid()) { $userinfo = $result->current(); $value = $userinfo['userid']; } else { $value = false; } } } break; default: $value = trim($value); } return $value; }