function getVideosAction() { $request = $_GET; $videoClass = new BuckysVideo(); $categoryID = isset($request['cat']) ? buckys_escape_query_integer($request['cat']) : null; $videoID = isset($request['video']) ? buckys_escape_query_integer($request['video']) : null; $token = isset($request['TOKEN']) ? trim($request['TOKEN']) : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => ['STATUS' => 'ERROR', 'ERROR' => 'Api token should not be blank']]; } if ($token != THENEWBOSTON_PUBLIC_API_KEY) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => ['STATUS' => 'ERROR', 'ERROR' => 'Api token is not valid.']]; } $videos = $videoClass->getVideos($categoryID); return ['STATUS_CODE' => STATUS_CODE_OK, "DATA" => $videos]; }
<?php require dirname(dirname(__FILE__)) . '/includes/bootstrap.php'; if (!($userID = buckys_is_logged_in())) { buckys_redirect('/index.php', MSG_NOT_LOGGED_IN_USER, MSG_TYPE_ERROR); } buckys_enqueue_stylesheet('trade.css'); buckys_enqueue_javascript('trade.js'); $TNB_GLOBALS['content'] = 'trade/offer_received'; $TNB_GLOBALS['headerType'] = 'trade'; $paramCurrentPage = buckys_escape_query_integer($_REQUEST['page']); $paramTargetID = buckys_escape_query_integer($_REQUEST['targetID']); $view = []; //Get offer_received info $tradeOfferIns = new BuckysTradeOffer(); $view['offers'] = $tradeOfferIns->getOfferReceived($userID, $paramTargetID); $view['offers'] = fn_buckys_pagination($view['offers'], '/trade/offer_received.php', $paramCurrentPage, COMMON_ROWS_PER_PAGE); $TNB_GLOBALS['title'] = 'Offers Received - BuckysRoomTrade'; //Mark the activity (offer received) as read $tradeNotificationIns = new BuckysTradeNotification(); $tradeNotificationIns->markAsRead($userID, BuckysTradeNotification::ACTION_TYPE_OFFER_RECEIVED); $tradeOfferIns->markAsRead($userID, BuckysTradeOffer::STATUS_OFFER_ACTIVE); require DIR_FS_TEMPLATE . $TNB_GLOBALS['template'] . "/" . $TNB_GLOBALS['layout'] . ".php";
} } } $topicID = isset($_GET['id']) ? buckys_escape_query_integer($_GET['id']) : 0; $topic = BuckysForumTopic::getTopic($topicID); if (!$topic) { buckys_redirect('/forum'); } $category = BuckysForumCategory::getCategory($topic['categoryID']); //If the topic is not published(pending or suspended), only forum moderator and administrator can see this if ($topic['status'] != 'publish' && !buckys_is_moderator() && $TNB_GLOBALS['user']['userID'] != $topic['creatorID']) { buckys_redirect('/forum'); } $orderBy = isset($_GET['orderby']) ? buckys_escape_query_string($_GET['orderby']) : 'oldest'; //Getting Replies $page = isset($_GET['page']) ? buckys_escape_query_integer($_GET['page']) : 1; $total = BuckysForumReply::getTotalNumOfReplies($topic['topicID'], 'publish'); $pagination = new Pagination($total, BuckysForumReply::$COUNT_PER_PAGE, $page); $page = $pagination->getCurrentPage(); $replies = BuckysForumReply::getReplies($topic['topicID'], 'publish', $page, $orderBy); $hierarchical = BuckysForumCategory::getCategoryHierarchical($topic['categoryID']); //Mark Forum Notifications to read if (buckys_check_user_acl(USER_ACL_REGISTERED)) { BuckysForumNotification::makeNotificationsToRead($TNB_GLOBALS['user']['userID'], null, $topic['topicID']); } if (buckys_check_user_acl(USER_ACL_MODERATOR)) { $reportID = BuckysReport::isReported($topicID, 'topic'); $categories = BuckysForumCategory::getAllCategories(); } buckys_enqueue_javascript('sceditor/jquery.sceditor.bbcode.js'); buckys_enqueue_javascript('uploadify/jquery.uploadify.js');
<?php require dirname(__FILE__) . '/includes/bootstrap.php'; //Getting Current User ID $userID = buckys_is_logged_in(); //Getting User ID from Parameter $profileID = get_secure_integer($_GET['user']); $postID = buckys_escape_query_integer(isset($_GET['post']) ? $_GET['post'] : null); //If the parameter is null, goto homepage if (!$profileID) { buckys_redirect('/index.php'); } //Getting UserData from Id $userData = BuckysUser::getUserData($profileID); //Goto Homepage if the userID is not correct if (!buckys_not_null($userData) || !BuckysUser::checkUserID($profileID, true)) { buckys_redirect('/index.php'); } $postType = isset($_GET['type']) ? $_GET['type'] : 'all'; if (!in_array($postType, ['all', 'user', 'friends'])) { $postType = 'all'; } //if logged user can see all resources of the current user $canViewPrivate = $userID == $profileID || BuckysFriend::isFriend($userID, $profileID) || BuckysFriend::isSentFriendRequest($profileID, $userID); $posts = BuckysPost::getPostsByUserID($profileID, $userID, BuckysPost::INDEPENDENT_POST_PAGE_ID, $canViewPrivate, $postID, null, $postType); /*if( !buckys_not_null($posts) ) { //Goto Index Page buckys_redirect('/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); }*/ //Mark the notifications to read
/** * Add shop product action by Ajax */ function addShopProduct() { $userID = buckys_is_logged_in(); if (!$userID) { return; } $inputValidFlag = true; $requiredFields = ['title', 'subtitle', 'description', 'category', 'return_policy', 'shipping_price', 'price']; if ($_REQUEST['return_policy'] == '') { $_REQUEST['return_policy'] = 'None'; } foreach ($requiredFields as $requiredField) { if ($_REQUEST[$requiredField] == '') { $inputValidFlag = false; } } $categoryClass = new BuckysShopCategory(); $category = $categoryClass->getCategoryByID($_REQUEST['category']); if (!$category['isDownloadable'] && $_REQUEST['location'] == '') { $inputValidFlag = false; } else { if ($category['isDownloadable'] == 1) { $_REQUEST['location'] = 0; } } if (isset($_REQUEST['price']) && (!is_numeric($_REQUEST['price']) || $_REQUEST['price'] <= 0)) { $inputValidFlag = false; } $shippingPriceList = []; if (isset($_REQUEST['shipping_price'])) { $shippingPriceList = json_decode($_REQUEST['shipping_price'], true); if (!is_array($shippingPriceList) || count($shippingPriceList) < 1) { $inputValidFlag = false; } } $listingFeeType = get_secure_integer($_REQUEST['listing_fee_type']); if ($listingFeeType === null) { $inputValidFlag = false; } if ($inputValidFlag && $userID !== false) { $shopProductIns = new BuckysShopProduct(); $data['userID'] = $userID; $data['title'] = get_secure_string($_REQUEST['title']); $data['subtitle'] = get_secure_string($_REQUEST['subtitle']); $data['description'] = get_secure_string($_REQUEST['description']); $data['catID'] = get_secure_string($_REQUEST['category']); $data['images'] = get_secure_string($_REQUEST['images']); $data['locationID'] = buckys_escape_query_integer($_REQUEST['location']); $data['returnPolicy'] = get_secure_string($_REQUEST['return_policy']); $data['price'] = get_secure_string($_REQUEST['price']); $data['listingDuration'] = get_secure_string($_REQUEST['listing_duration']); $data['expiryDate'] = $data['listingDuration'] == -1 ? '0000-00-00 00:00:00' : date('Y-m-d H:i:s', time() + 3600 * 24 * $data['listingDuration']); $data['createdDate'] = date('Y-m-d H:i:s'); $data['images'] = moveShopTmpImages($data['images']); if ($category['isDownloadable'] == 1) { if (!$_REQUEST['filename'] || file_exists(DIR_FS_SHOP_IMG_TMP . $_REQUEST['filename'])) { echo json_encode(['success' => 0, 'msg' => 'Please select a zip file.']); exit; } $data['isDownloadable'] = 1; $filename = moveShopTmpProduct($_REQUEST['filename']); $data['fileName'] = $filename; } if ($data['images'] === false) { echo json_encode(['success' => 0, 'msg' => 'Something goes wrong, please contact administrator.']); exit; } if ($newProductID = $shopProductIns->addProduct($data, $listingFeeType)) { $shopProductIns->addShippingPrice($newProductID, $shippingPriceList); echo json_encode(['success' => 1, 'msg' => 'Your item has been added successfully.']); } else { echo json_encode(['success' => 0, 'msg' => 'You do not have enough credits for that.']); } } else { //error echo json_encode(['success' => 0, 'msg' => 'Please input required field(s).']); } }
<?php require dirname(__FILE__) . '/includes/bootstrap.php'; //Getting Current User ID $userID = buckys_is_logged_in(); //Getting User ID from Parameter $profileID = get_secure_integer($_GET['user']); $albumID = isset($_GET['albumID']) ? buckys_escape_query_integer($_GET['albumID']) : null; $postID = isset($_GET['post']) ? buckys_escape_query_integer($_GET['post']) : null; //When displaying page's photo $showPagePhotoFlag = false; $paramPageID = BuckysPost::INDEPENDENT_POST_PAGE_ID; $pageData = null; if (isset($_GET['pid'])) { $paramPageID = $_GET['pid']; $pageIns = new BuckysPage(); $pageData = $pageIns->getPageByID($paramPageID); if ($pageData) { $profileID = $pageData['userID']; $showPagePhotoFlag = true; } } //If the parameter is null, goto homepage if (!$profileID) { buckys_redirect('/index.php'); } //Getting UserData from Id $userData = BuckysUser::getUserData($profileID); //Goto Homepage if the userID is not correct if (!buckys_not_null($userData) || !BuckysUser::checkUserID($profileID, true)) { buckys_redirect('/index.php');
buckys_redirect('/forum/category.php?id=' . $categoryID, MSG_PERMISSION_DENIED, MSG_TYPE_ERROR); } BuckysReport::approveObjects($_REQUEST['reportID']); buckys_redirect("/forum/moderator.php?id=" . $categoryID, MSG_REPORTED_OBJECT_APPROVED); } else { if ($_REQUEST['action'] == 'block-user') { $return = isset($_REQUEST['return']) ? base64_decode($_REQUEST['return']) : '/forum/category.php?id=' . $categoryID; //Check forum token if (!buckys_check_form_token('request')) { buckys_redirect($return, MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Admin, Site Moderator, Category Admin and Category Moderator can't be blocked if (!(buckys_is_admin() || buckys_is_moderator() || buckys_is_forum_admin($category['categoryID']) || buckys_is_forum_moderator($category['categoryID']))) { buckys_redirect($return, MSG_PERMISSION_DENIED, MSG_TYPE_ERROR); } $blockedUserID = buckys_escape_query_integer($_REQUEST['userID']); if ($blockedUserID == $userID) { buckys_redirect($return, MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } BuckysForumModerator::blockUser($blockedUserID, $category['categoryID']); buckys_redirect($return, MSG_BLOCK_USER_SUCCESS); } else { if ($_REQUEST['action'] == 'unblock-users') { $return = isset($_REQUEST['return']) ? base64_decode($_REQUEST['return']) : '/forum/moderator.php?id=' . $categoryID; //Check forum token if (!buckys_check_form_token('request')) { buckys_redirect($return, MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Admin, Site Moderator, Category Admin and Category Moderator can't apply if (!(buckys_is_admin() || buckys_is_moderator() || buckys_is_forum_admin($category['categoryID']) || buckys_is_forum_moderator($category['categoryID']))) { buckys_redirect($return, MSG_PERMISSION_DENIED, MSG_TYPE_ERROR);
<?php require dirname(dirname(__FILE__)) . '/includes/bootstrap.php'; if (!($userID = buckys_is_logged_in())) { buckys_redirect('/index.php', MSG_NOT_LOGGED_IN_USER, MSG_TYPE_ERROR); } buckys_enqueue_stylesheet('trade.css'); buckys_enqueue_javascript('trade.js'); $TNB_GLOBALS['content'] = 'trade/traded'; $TNB_GLOBALS['headerType'] = 'trade'; $paramCurrentPage = buckys_escape_query_integer($_REQUEST['page']); $paramType = buckys_escape_query_string($_REQUEST['type']); $view = []; $baseURL = '/trade/traded.php'; if ($paramType == 'history') { $baseURL .= '?type=' . $paramType; } else { $paramType = 'completed'; } //Get offer_received info $tradeIns = new BuckysTrade(); $countryIns = new BuckysCountry(); $view['trades'] = $tradeIns->getTradesByUserID($userID, $paramType); $view['trades'] = fn_buckys_pagination($view['trades'], $baseURL, $paramCurrentPage, COMMON_ROWS_PER_PAGE); $view['myID'] = $userID; switch ($paramType) { case 'history': $view['pagetitle'] = 'My Trade History'; break; case 'completed': default:
$userID = buckys_is_logged_in(); //Process Some Actions if (isset($_GET['action']) && $_GET['action'] == 'ban-user') { if (!BuckysModerator::isModerator($userID)) { die(MSG_PERMISSION_DENIED); } if (!isset($_GET['userID']) || !BuckysUser::checkUserID($userID)) { buckys_redirect('/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Ban User BuckysBanUser::banUser($_GET['userID']); buckys_redirect('/index.php', MSG_BAN_USER); exit; } //Getting User ID from Parameter $profileID = buckys_escape_query_integer(isset($_GET['user']) ? $_GET['user'] : null); //If the parameter is null, goto homepage if (!$profileID) { buckys_redirect('/index.php'); } //Getting UserData from Id $userData = BuckysUser::getUserData($profileID); //Goto Homepage if the userID is not correct if (!buckys_not_null($userData) || !BuckysUser::checkUserID($profileID, true) && !buckys_check_user_acl(USER_ACL_ADMINISTRATOR)) { buckys_redirect('/index.php'); } $postType = isset($_GET['type']) ? $_GET['type'] : 'all'; if (!in_array($postType, ['all', 'user', 'friends'])) { $postType = 'all'; } //if logged user can see all resources of the current user
<?php require dirname(dirname(__FILE__)) . '/includes/bootstrap.php'; if (!($userID = buckys_is_logged_in())) { buckys_redirect('/index.php', MSG_NOT_LOGGED_IN_USER, MSG_TYPE_ERROR); } $productID = buckys_escape_query_integer($_GET['id']); $shopProductClass = new BuckysShopProduct(); if (!$shopProductClass->isPurchased($userID, $productID)) { buckys_redirect('/shop/purchase.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } $productData = $shopProductClass->getProductById($productID); if (!$productData || !$productData['isDownloadable']) { buckys_redirect('/shop/purchase.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } if (!file_exists(DIR_FS_SHOP_PRODUCTS . $productData['fileName'])) { buckys_redirect('/shop/purchase.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } $filename = preg_replace("/[^a-zA-Z0-9\\._-\\s]/", '', $productData['title']); $filename = str_replace(" ", '-', $filename); //Download Zip File header("Expires: Mon, 26 Nov 1962 00:00:00 GMT"); header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: Application/zip"); header("Content-disposition: attachment; filename=" . $filename . ".zip"); $fp = fopen(DIR_FS_SHOP_PRODUCTS . $productData['fileName'], "r"); while (!feof($fp)) { $buffer = fread($fp, 1024 * 1024 * 3); echo $buffer;
<?php /** * Show All Videos */ require dirname(__FILE__) . '/includes/bootstrap.php'; $videoClass = new BuckysVideo(); $subjectID = isset($_GET['subject']) ? buckys_escape_query_string($_GET['subject']) : 0; $categoryID = isset($_GET['cat']) ? buckys_escape_query_integer($_GET['cat']) : null; $videoID = isset($_GET['video']) ? buckys_escape_query_integer($_GET['video']) : null; if ($videoID) { $video = $videoClass->getVideo($videoID); if (!$video) { buckys_redirect("/videos.php", MSG_INVALID_REQUEST, MSG_TYPE_ERROR); exit; } $categoryID = $video['categoryID']; } if ($categoryID) { $category = $videoClass->getCategory($categoryID); $categoryVideos = $videoClass->getVideos($categoryID); if (!$videoID) { $video = $categoryVideos[0]; } //Getting Forum Recent Posts $topics = BuckysForumTopic::getTopics(1, 'publish', $category['forumCategoryID'], 'lastReplyDate DESC', 10); $forumCategory = BuckysForumCategory::getCategory($category['forumCategoryID']); //Get Prev, Next Video $prevVideoId = null; $nextVideoId = null; foreach ($categoryVideos as $idx => $v) {
<?php require dirname(dirname(__FILE__)) . '/includes/bootstrap.php'; buckys_enqueue_stylesheet('trade.css'); buckys_enqueue_javascript('trade.js'); $TNB_GLOBALS['content'] = 'trade/search'; $TNB_GLOBALS['headerType'] = 'trade'; $paramCurrentPage = buckys_escape_query_integer(isset($_REQUEST['page']) ? $_REQUEST['page'] : 1); $paramQueryStr = buckys_escape_query_string(isset($_REQUEST['q']) ? $_REQUEST['q'] : ''); $paramCategory = buckys_escape_query_string(isset($_REQUEST['cat']) ? $_REQUEST['cat'] : null); $paramLocation = buckys_escape_query_string(isset($_REQUEST['loc']) ? $_REQUEST['loc'] : null); $paramSort = buckys_escape_query_string(isset($_REQUEST['sort']) ? $_REQUEST['sort'] : null); $paramUserID = buckys_escape_query_integer(isset($_REQUEST['user']) ? $_REQUEST['user'] : null); $view = []; //Get available items $tradeItemIns = new BuckysTradeItem(); $countryIns = new BuckysCountry(); $tradeCatIns = new BuckysTradeCategory(); $itemResultList = $tradeItemIns->search($paramQueryStr, $paramCategory, $paramLocation, $paramUserID); $itemResultList = $tradeItemIns->sortItems($itemResultList, $paramSort); $view['categoryList'] = $tradeItemIns->countItemInCategory($itemResultList); //Create Base URL for pagination of search page $paginationUrlBase = buckys_trade_search_url($paramQueryStr, $paramCategory, $paramLocation, $paramSort, $paramUserID); //Display $view['items'] = fn_buckys_pagination($itemResultList, $paginationUrlBase, $paramCurrentPage, COMMON_ROWS_PER_PAGE); $view['param']['q'] = $paramQueryStr; $view['param']['cat'] = $paramCategory; $view['param']['loc'] = $paramLocation; $view['param']['sort'] = $paramSort; $view['param']['user'] = $paramUserID; $TNB_GLOBALS['tradeSearchParam'] = $view['param'];
<?php require dirname(dirname(__FILE__)) . '/includes/bootstrap.php'; $userID = buckys_is_logged_in(); buckys_enqueue_stylesheet('trade.css'); buckys_enqueue_javascript('trade.js'); $TNB_GLOBALS['content'] = 'trade/view'; $TNB_GLOBALS['headerType'] = 'trade'; $paramItemID = buckys_escape_query_integer($_REQUEST['id']); $view = []; $tradeItemIns = new BuckysTradeItem(); $tradeCatIns = new BuckysTradeCategory(); $countryIns = new BuckysCountry(); $userIns = new BuckysUser(); $tradeOfferIns = new BuckysTradeOffer(); $view['item'] = $tradeItemIns->getItemById($paramItemID); $view['myID'] = $userID; if (!isset($view['item']) || $view['item']['status'] == BuckysTradeItem::STATUS_ITEM_INACTIVE) { buckys_redirect('/trade/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Check if the items owner is active one $userData = $userIns->getUserData($view['item']['userID']); if ($userData['status'] == BuckysUser::STATUS_USER_BANNED) { buckys_redirect('/trade/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Read more info from DB $catData = $tradeCatIns->getCategoryByID($view['item']['catID']); $view['item']['categoryName'] = isset($catData) ? $catData['name'] : ''; $countryData = $countryIns->getCountryById($view['item']['locationID']); $view['item']['locationName'] = isset($countryData) ? $countryData['country_title'] : ''; $view['item']['userInfo'] = $userIns->getUserBasicInfo($view['item']['userID']);
require dirname(__FILE__) . '/includes/bootstrap.php'; //Getting Current User ID if (!($userID = buckys_is_logged_in())) { buckys_redirect('/index.php', MSG_NOT_LOGGED_IN_USER, MSG_TYPE_ERROR); } $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : ''; if (!in_array($type, ['all', 'pending', 'requested'])) { $type = 'all'; } if (isset($_REQUEST['action'])) { $return = isset($_REQUEST['return']) ? base64_decode($_REQUEST['return']) : '/myfriends.php?type=' . $type; $isAjax = isset($_REQUEST['buckys_ajax']) ? true : false; if ($isAjax) { header('Content-type: application/xml'); } $friendID = buckys_escape_query_integer($_REQUEST['friendID']); if (!buckys_check_form_token('request')) { if ($isAjax) { $resultXML = ['status' => 'error', 'message' => MSG_INVALID_REQUEST]; render_result_xml($resultXML); } else { buckys_redirect($return, MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } exit; } if ($_REQUEST['action'] == 'unfriend') { if (BuckysFriend::unfriend($userID, $friendID)) { if ($isAjax) { $resultXML = ['status' => 'success', 'message' => MSG_FRIEND_REMOVED, 'html' => 'Send Friend Request', 'action' => 'unfriend', 'link' => '/myfriends.php?action=request&friendID=' . $friendID . buckys_get_token_param()]; render_result_xml($resultXML); } else {
require dirname(dirname(__FILE__)) . '/includes/bootstrap.php'; //Getting Current User ID if (!buckys_check_user_acl(USER_ACL_REGISTERED)) { buckys_redirect('/index.php', MSG_PERMISSION_DENIED, MSG_TYPE_ERROR); } $userID = buckys_is_logged_in(); $classAds = new BuckysAds(); //Add Funds if (isset($_POST['action']) && $_POST['action'] == 'add-funds') { if (!buckys_check_form_token()) { buckys_redirect('/ads/advertiser.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } $adID = buckys_escape_query_integer($_POST['id']); $adDetail = $classAds->getAdById($adID); if (!$adDetail || $adDetail['ownerID'] != $userID && buckys_check_user_acl(USER_ACL_MODERATOR)) { buckys_redirect('/ads/advertiser.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } $result = $classAds->addFunds($userID, $adID, $_POST['amount']); buckys_add_message($classAds->last_message, $result ? MSG_TYPE_SUCCESS : MSG_TYPE_ERROR); } buckys_enqueue_stylesheet('publisher.css'); $adID = buckys_escape_query_integer($_GET['id']); $adDetail = $classAds->getAdById($adID); if (!$adDetail || $adDetail['ownerID'] != $userID && buckys_check_user_acl(USER_ACL_MODERATOR)) { buckys_redirect('/ads/advertiser.php'); } $TNB_GLOBALS['headerType'] = "ads"; $TNB_GLOBALS['content'] = "ads/view"; buckys_enqueue_javascript('jquery.number.js'); $TNB_GLOBALS['title'] = "View Ad - thenewboston Ads"; require DIR_FS_TEMPLATE . $TNB_GLOBALS['template'] . "/" . $TNB_GLOBALS['layout'] . ".php";
/** * Save Tracking number */ function saveTrackingNumber() { $userID = buckys_is_logged_in(); if (!$userID) { //You should be logged in return; } else { $tradeIns = new BuckysTrade(); $tradeID = buckys_escape_query_integer($_REQUEST['tradeID']); $trackingNo = buckys_escape_query_string($_REQUEST['trackingNo']); $tradeData = $tradeIns->getTradeByID($tradeID); if (empty($tradeData) || $tradeData['sellerID'] != $userID && $tradeData['buyerID'] != $userID) { //error, no permission echo json_encode(['success' => 0, 'msg' => "You do not have permission."]); } else { if ($tradeData['sellerID'] == $userID) { $tradeIns->updateTrade($tradeID, ['sellerTrackingNo' => $trackingNo]); } else { $tradeIns->updateTrade($tradeID, ['buyerTrackingNo' => $trackingNo]); } echo json_encode(['success' => 1, 'msg' => "You have saved tracking number successfully."]); } } }
} else { buckys_redirect('/messages_inbox.php', MSG_MESSAGE_REMOVED, MSG_TYPE_SUCCESS); } exit; } //Delete Message Foreer if ($_POST['action'] == 'delete_forever') { if (!BuckysMessage::deleteMessagesForever($_POST['messageID'])) { buckys_redirect('/messages_inbox.php', "Error: " . $db->getLastError(), MSG_TYPE_ERROR); } else { buckys_redirect('/messages_inbox.php', MSG_MESSAGE_REMOVED, MSG_TYPE_SUCCESS); } exit; } } $messageID = buckys_escape_query_integer(isset($_GET['message']) ? $_GET['message'] : null); if (!$messageID) { buckys_redirect('/messages_inbox.php'); } $message = BuckysMessage::getMessage($messageID); //If the current user is morderator and this message has been reported if (!$message && buckys_check_user_acl(USER_ACL_MODERATOR) && BuckysReport::isReported($messageID, 'message')) { //Getting Message $message = BuckysMessage::getMessageById($messageID); $msgType = 'reported'; } if (!$message) { buckys_redirect('/messages_inbox.php'); } if (!isset($msgType)) { //Make Message as read