$photoplog_category_info = $db->query_first("SELECT parentid\r\n\t\tFROM " . PHOTOPLOG_PREFIX . "photoplog_categories\r\n\t\tWHERE catid = " . intval($photoplog_catid) . "\r\n\t"); $photoplog_original_parentid = 0; if (!$photoplog_category_info) { print_stop_message(no_results_matched_your_query); } else { $photoplog_original_parentid = intval($photoplog_category_info['parentid']); } $photoplog_category_title = trim(strval($photoplog_category['title'])); $photoplog_category_description = trim(strval($photoplog_category['description'])); $photoplog_category_displayorder = intval(trim(strval($photoplog_category['displayorder']))); $photoplog_category_options = $photoplog_category['options']; foreach ($photoplog_category_options as $photoplog_key => $photoplog_val) { $photoplog_category_options["{$photoplog_key}"] = intval(trim(strval($photoplog_val))); } require_once DIR . '/includes/functions_misc.php'; $photoplog_category_bitopts = convert_array_to_bits($photoplog_category_options, $photoplog_categoryoptions, 1); if (photoplog_replace_into_category($photoplog_catid, $photoplog_category_title, $photoplog_category_description, $photoplog_category_displayorder, $photoplog_category_parentid, $photoplog_category_bitopts, $photoplog_ds_catopts)) { if ($photoplog_category_parentid != $photoplog_original_parentid) { $photoplog_catids_array = array($photoplog_catid, $photoplog_category_parentid, $photoplog_original_parentid); // photoplog_regenerate_counts_table_v2($photoplog_catids_array); } print_cp_redirect("photoplog_category.php?" . $vbulletin->session->vars['sessionurl'] . "do=modify", 1); } else { print_stop_message('generic_error_x', $vbphrase['photoplog_bad_cat_replace']); } } if ($_REQUEST['do'] == 'modify') { print_form_header('photoplog_category', 'doorder'); construct_hidden_code('s', $vbulletin->session->vars['sessionhash']); construct_hidden_code('catid', $photoplog_catid); print_table_header($vbphrase['photoplog_category_manager'], 3);
print_stop_message('there_is_already_bb_code_named_x', htmlspecialchars_uni($vbulletin->GPC['bbcodetag'])); } else { // fetch all tags, and make sure we can't redefine an existing, built-in code $tags = fetch_tag_list('', true); if ($vbulletin->GPC['twoparams'] and isset($tags['option'][$vbulletin->GPC['bbcodetag']]) or !$vbulletin->GPC['twoparams'] and isset($tags['no_option'][$vbulletin->GPC['bbcodetag']])) { print_stop_message('there_is_already_bb_code_named_x', htmlspecialchars_uni($vbulletin->GPC['bbcodetag'])); } } $vbulletin->GPC['bbcodereplacement'] = str_replace('%', '%%', $vbulletin->GPC['bbcodereplacement']); if ($vbulletin->GPC['twoparams']) { $vbulletin->GPC['bbcodereplacement'] = str_replace('{param}', '%1$s', $vbulletin->GPC['bbcodereplacement']); $vbulletin->GPC['bbcodereplacement'] = str_replace('{option}', '%2$s', $vbulletin->GPC['bbcodereplacement']); } else { $vbulletin->GPC['bbcodereplacement'] = str_replace('{param}', '%1$s', $vbulletin->GPC['bbcodereplacement']); } $db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "bbcode SET\n\t\t\ttitle = '" . $db->escape_string($vbulletin->GPC['title']) . "',\n\t\t\tbbcodetag = '" . $db->escape_string($vbulletin->GPC['bbcodetag']) . "',\n\t\t\tbbcodereplacement = '" . $db->escape_string($vbulletin->GPC['bbcodereplacement']) . "',\n\t\t\tbbcodeexample = '" . $db->escape_string($vbulletin->GPC['bbcodeexample']) . "',\n\t\t\tbbcodeexplanation = '" . $db->escape_string($vbulletin->GPC['bbcodeexplanation']) . "',\n\t\t\ttwoparams = '" . $db->escape_string($vbulletin->GPC['twoparams']) . "',\n\t\t\tbuttonimage = '" . $db->escape_string($vbulletin->GPC['buttonimage']) . "',\n\t\t\toptions = " . convert_array_to_bits($vbulletin->GPC['options'], $vbulletin->bf_misc['bbcodeoptions']) . "\n\t\tWHERE bbcodeid = " . $vbulletin->GPC['bbcodeid']); build_bbcode_cache(); define('CP_REDIRECT', 'bbcode.php?do=modify'); print_stop_message('saved_bb_code_x_successfully', "[" . $vbulletin->GPC['bbcodetag'] . "]"); } // ####################################### REMOVE ##################################### if ($_REQUEST['do'] == 'remove') { $vbulletin->input->clean_array_gpc('r', array('bbcodeid' => TYPE_INT)); print_delete_confirmation('bbcode', $vbulletin->GPC['bbcodeid'], 'bbcode', 'kill', 'bb_code'); } // ######################################## KILL ##################################### if ($_POST['do'] == 'kill') { $vbulletin->input->clean_array_gpc('p', array('bbcodeid' => TYPE_INT)); $db->query_write("DELETE FROM " . TABLE_PREFIX . "bbcode WHERE bbcodeid = " . $vbulletin->GPC['bbcodeid']); build_bbcode_cache(); $_REQUEST['do'] = 'modify';
$tableadded = 1; print_submit_row(iif($_REQUEST['do'] == 'add', $vbphrase['save'], $vbphrase['update']), '_default_', 10); } // ###################### Start Update ####################### if ($_POST['do'] == 'update') { $vbulletin->input->clean_array_gpc('p', array('sub' => TYPE_ARRAY, 'forums' => TYPE_ARRAY_BOOL, 'membergroup' => TYPE_ARRAY_UINT, 'options' => TYPE_ARRAY_UINT, 'adminoptions' => TYPE_ARRAY_UINT, 'shipping' => TYPE_UINT, 'title' => TYPE_STR, 'description' => TYPE_STR)); if ($vbulletin->GPC['shipping'] == 2) { $vbulletin->GPC['options']['shipping1'] = 1; } else { if ($vbulletin->GPC['shipping'] == 4) { $vbulletin->GPC['options']['shipping2'] = 1; } } require_once DIR . '/includes/functions_misc.php'; $vbulletin->GPC['sub']['options'] = convert_array_to_bits($vbulletin->GPC['options'], $subobj->_SUBSCRIPTIONOPTIONS); $vbulletin->GPC['sub']['adminoptions'] = convert_array_to_bits($vbulletin->GPC['adminoptions'], $vbulletin->bf_misc_adminoptions); $sub =& $vbulletin->GPC['sub']; $sub['active'] = intval($sub['active']); $sub['displayorder'] = intval($sub['displayorder']); $clean_times = array(); $lengths = array('D' => 'days', 'W' => 'weeks', 'M' => 'months', 'Y' => 'years'); $counter = 0; if (is_array($vbulletin->GPC['sub']['time'])) { foreach ($vbulletin->GPC['sub']['time'] as $key => $moo) { $havecurrency = false; $counter++; $moo['length'] = intval($moo['length']); foreach ($moo['cost'] as $currency => $value) { if ($value != '0.00') { $havecurrency = true; }
} // ###################### Start insert / update moderator ####################### if ($_POST['do'] == 'updatemod') { $vbulletin->input->clean_array_gpc('p', array('modusername' => TYPE_STR, 'moderator' => TYPE_ARRAY, 'modperms' => TYPE_ARRAY, 'moderatorid' => TYPE_UINT)); if (!$vbulletin->GPC['moderatorid']) { $vbulletin->GPC['modusername'] = htmlspecialchars_uni($vbulletin->GPC['modusername']); $userinfo = $db->query_first("\n\t\t\tSELECT userid\n\t\t\tFROM " . TABLE_PREFIX . "user\n\t\t\tWHERE username='******'modusername']) . "'\n\t\t"); } else { $userinfo = $db->query_first("\n\t\t\tSELECT user.username, user.userid\n\t\t\tFROM " . TABLE_PREFIX . "calendarmoderator AS calendarmoderator\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (calendarmoderator.userid = user.userid)\n\t\t\tWHERE calendarmoderatorid = " . $vbulletin->GPC['moderatorid']); $vbulletin->GPC['modusername'] = $userinfo['username']; } $calendarinfo = $db->query_first("\n\t\tSELECT calendarid,title\n\t\tFROM " . TABLE_PREFIX . "calendar\n\t\tWHERE calendarid = " . intval($vbulletin->GPC['moderator']['calendarid'])); if ($calendarinfo['calendarid'] and ($userinfo['userid'] or $vbulletin->GPC['moderatorid'])) { // no errors require_once DIR . '/includes/functions_misc.php'; $vbulletin->GPC['moderator']['permissions'] = convert_array_to_bits($vbulletin->GPC['modperms'], $vbulletin->bf_misc_calmoderatorpermissions, 1); if ($vbulletin->GPC['moderatorid']) { // update $db->query_write(fetch_query_sql($vbulletin->GPC['moderator'], 'calendarmoderator', "WHERE calendarmoderatorid=" . $vbulletin->GPC['moderatorid'])); define('CP_REDIRECT', 'admincalendar.php'); print_stop_message('saved_moderator_x_successfully', $vbulletin->GPC['modusername']); } else { // insert $vbulletin->GPC['moderator']['userid'] = $userinfo['userid']; $db->query_write(fetch_query_sql($vbulletin->GPC['moderator'], 'calendarmoderator')); define('CP_REDIRECT', 'admincalendar.php'); print_stop_message('saved_moderator_x_successfully', $vbulletin->GPC['modusername']); } } else { // error if (!$userinfo['userid']) {
if ($vbulletin->GPC['twoparams']) { $vbulletin->GPC['bbcodereplacement'] = str_replace('{option}', '%2$s', $vbulletin->GPC['bbcodereplacement']); } $vbulletin->GPC['bbcodereplacement'] = str_replace('{relpath}', '[relpath][/relpath]', $vbulletin->GPC['bbcodereplacement']); $db->query_write(" UPDATE " . TABLE_PREFIX . "bbcode SET title = '" . $db->escape_string($vbulletin->GPC['title']) . "', bbcodetag = '" . $db->escape_string($vbulletin->GPC['bbcodetag']) . "', bbcodereplacement = '" . $db->escape_string($vbulletin->GPC['bbcodereplacement']) . "', bbcodeexample = '" . $db->escape_string($vbulletin->GPC['bbcodeexample']) . "', bbcodeexplanation = '" . $db->escape_string($vbulletin->GPC['bbcodeexplanation']) . "', twoparams = '" . $db->escape_string($vbulletin->GPC['twoparams']) . "', buttonimage = '" . $db->escape_string($vbulletin->GPC['buttonimage']) . "', options = " . convert_array_to_bits($vbulletin->GPC['options'], $vbulletin->bf_misc['bbcodeoptions']) . " WHERE bbcodeid = " . $vbulletin->GPC['bbcodeid'] ); build_bbcode_cache(); define('CP_REDIRECT', 'bbcode.php?do=modify'); print_stop_message('saved_bb_code_x_successfully', "[" . $vbulletin->GPC['bbcodetag'] . "]"); } // ####################################### REMOVE ##################################### if ($_REQUEST['do'] == 'remove') { $vbulletin->input->clean_array_gpc('r', array( 'bbcodeid' => TYPE_INT
} // ###################### Start do update ####################### if ($_POST['do'] == 'doupdate') { $vbulletin->input->clean_array_gpc('p', array('calendarpermissionid' => TYPE_INT, 'calendarid' => TYPE_INT, 'useusergroup' => TYPE_INT, 'calendarpermission' => TYPE_ARRAY)); define('CP_REDIRECT', "calendarpermission.php?do=modify#calendar" . $vbulletin->GPC['calendarid']); if ($vbulletin->GPC['useusergroup']) { // use usergroup defaults. delete calendarpermission if it exists if ($vbulletin->GPC['calendarpermissionid']) { $db->query_write("DELETE FROM " . TABLE_PREFIX . "calendarpermission WHERE calendarpermissionid = " . $vbulletin->GPC['calendarpermissionid']); print_stop_message('deleted_calendar_permissions_successfully'); } else { print_stop_message('saved_calendar_permissions_successfully'); } } else { require_once DIR . '/includes/functions_misc.php'; $vbulletin->GPC['calendarpermission']['calendarpermissions'] = convert_array_to_bits($vbulletin->GPC['calendarpermission'], $vbulletin->bf_ugp_calendarpermissions, 1); if ($vbulletin->GPC['calendarid'] and !$vbulletin->GPC['calendarpermissionid']) { $vbulletin->GPC['calendarpermission']['calendarid'] = $vbulletin->GPC['calendarid']; $query = fetch_query_sql($vbulletin->GPC['calendarpermission'], 'calendarpermission'); $db->query_write($query); $calendarinfo = $db->query_first("SELECT title AS calendartitle FROM " . TABLE_PREFIX . "calendar WHERE calendarid=" . $vbulletin->GPC['calendarid']); print_stop_message('saved_calendar_permissions_successfully'); } else { $query = fetch_query_sql($vbulletin->GPC['calendarpermission'], 'calendarpermission', "WHERE calendarpermissionid = " . $vbulletin->GPC['calendarpermissionid']); $db->query_write($query); print_stop_message('saved_calendar_permissions_successfully'); } } } // ###################### Start fpgetstyle ####################### function fetch_forumpermission_style($color = '', $canview)
/** * Insert a new usergroup or update an existing usergroup * * @param array $usergroup Usergroup information to be inserted or updated * @param int $ugid_base Usergroup ID. New inserted usergroup's forum permission will based on this usergroup. * @param int $usergroupid when updating an existing usergroup, pass usergroup ID as this parameter * @return int New or existing usergroup ID */ public function save($usergroup, $ugid_base = 0, $usergroupid = 0) { $this->checkHasAdminPermission('canadminpermissions'); $bf_ugp = vB::getDatastore()->get_value('bf_ugp'); $bf_ugp_adminpermissions = vB::getDatastore()->get_value('bf_ugp_adminpermissions'); $bf_ugp_genericpermissions = vB::getDatastore()->get_value('bf_ugp_genericpermissions'); $bf_ugp_genericoptions = vB::getDatastore()->get_value('bf_ugp_genericoptions'); $bf_misc_useroptions = vB::getDatastore()->get_value('bf_misc_useroptions'); $usergroupcache = vB::getDatastore()->get_value('usergroupcache'); $bf_misc_prefixoptions = vB::getDatastore()->get_value('bf_misc_prefixoptions'); // create bitfield values require_once DIR . '/includes/functions_misc.php'; foreach ($bf_ugp as $permissiongroup => $fields) { if ($permissiongroup == 'createpermissions' or $permissiongroup == 'forumpermissions2') { continue; } $usergroup["{$permissiongroup}"] = convert_array_to_bits($usergroup["{$permissiongroup}"], $fields, 1); } if (!empty($usergroupid)) { // update if (!($usergroup['adminpermissions'] & $bf_ugp_adminpermissions['cancontrolpanel'])) { // check that not removing last admin group $checkadmin = vB::getDbAssertor()->getField('usergroup_checkadmin', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'cancontrolpanel' => $bf_ugp_adminpermissions['cancontrolpanel'], 'usergroupid' => $usergroupid)); if ($usergroupid == 6) { // stop them turning no control panel for usergroup 6, seems the most sensible thing throw new vB_Exception_Api('invalid_usergroup_specified'); } if (!$checkadmin) { throw new vB_Exception_Api('cant_delete_last_admin_group'); } } $data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_UPDATE, vB_dB_Query::CONDITIONS_KEY => array('usergroupid' => $usergroupid)); $data = array_merge($data, $usergroup); vB::getDbAssertor()->assertQuery('usergroup', $data); if (!($usergroup['genericpermissions'] & $bf_ugp_genericpermissions['caninvisible'])) { if (!($usergroup['genericoptions'] & $bf_ugp_genericoptions['allowmembergroups'])) { // make the users in this group visible vB::getDbAssertor()->assertQuery('usergroup_makeuservisible', array('invisible' => $bf_misc_useroptions['invisible'], 'usergroupid' => $usergroupid)); } else { // find all groups allowed to be invisible - don't change people with those as secondary groups vB::getDbAssertor()->assertQuery('updateInvisible', array('caninvisible' => $bf_ugp_genericpermissions['caninvisible'], 'invisible' => $bf_misc_useroptions['invisible'], 'usergroupid' => $usergroupid)); } } if ($usergroup['adminpermissions'] & $bf_ugp_adminpermissions['cancontrolpanel']) { $ausers = vB::getDbAssertor()->assertQuery('usergroup_fetchausers', array('usergroupid' => $usergroupid)); foreach ($ausers as $auser) { $userids[] = $auser['userid']; } if (!empty($userids)) { foreach ($userids as $userid) { $admindm =& datamanager_init('Admin', $vbulletin, ERRTYPE_SILENT); $admindm->set('userid', $userid); $admindm->save(); unset($admindm); } } } else { if ($usergroupcache["{$usergroupid}"]['adminpermissions'] & $bf_ugp_adminpermissions['cancontrolpanel']) { // lets find admin usergroupids $ausergroupids = array(); $usergroupcache["{$usergroupid}"]['adminpermissions'] = $usergroup['adminpermissions']; foreach ($usergroupcache as $ausergroupid => $ausergroup) { if ($ausergroup['adminpermissions'] & $bf_ugp_adminpermissions['cancontrolpanel']) { $ausergroupids[] = $ausergroupid; } } $ausers = vB::getDbAssertor()->assertQuery('fetchAdminusersFromUsergroup', array('ausergroupids' => $ausergroupids, 'usergroupid' => $usergroupid)); foreach ($ausers as $auser) { $userids[] = $auser['userid']; } if (!empty($userids)) { foreach ($userids as $userid) { $info = array('userid' => $userid); $admindm =& datamanager_init('Admin', $vbulletin, ERRTYPE_ARRAY); $admindm->set_existing($info); $admindm->delete(); unset($admindm); } } } } vB_Cache::instance()->event('perms_changed'); vB::getUserContext()->clearChannelPermissions($usergroupid); } else { // insert /*insert query*/ $newugid = vB::getDbAssertor()->insert('usergroup', $usergroup); if ($ugid_base <= 0) { // use usergroup registered as default foreach ($usergroupcache as $ausergroup) { if ($ausergroup['systemgroupid'] == self::REGISTERED_SYSGROUPID) { $ugid_base = $ausergroup['usergroupid']; } } } if ($ugid_base > 0) { $fperms = vB::getDbAssertor()->assertQuery('vBForum:forumpermission', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, 'usergroupid' => $ugid_base)); foreach ($fperms as $fperm) { unset($fperm['forumpermissionid']); $fperm['usergroupid'] = $newugid; /*insert query*/ $data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT); $data += $fperm; vB::getDbAssertor()->assertQuery('vBForum:forumpermission', $data); } $cperms = vB::getDbAssertor()->assertQuery('vBForum:calendarpermission', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, 'usergroupid' => $ugid_base)); foreach ($cperms as $cperm) { unset($cperm['calendarpermissionid']); $cperm['usergroupid'] = $newugid; /*insert query*/ $data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT); $data += $cperm; vB::getDbAssertor()->assertQuery('vBForum:calendarpermission', $data); } $perms = vB::getDbAssertor()->assertQuery('vBForum:permission', array('groupid' => $ugid_base)); foreach ($perms as $perm) { unset($perm['permissionid']); $perm['groupid'] = $newugid; vB::getDbAssertor()->insert('vBForum:permission', $perm); } vB::getUserContext()->clearChannelPermissions(); } vB::getDbAssertor()->assertQuery('usergroup_insertprefixpermission', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'newugid' => $newugid, 'deny_by_default' => $bf_misc_prefixoptions['deny_by_default'])); } vB::getUserContext()->rebuildGroupAccess(); $markups = vB::getDbAssertor()->getRows('usergroup_fetchmarkups', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED)); $usergroupmarkup = array(); foreach ($markups as $markup) { $usergroupmarkup["{$markup['usergroupid']}"]['opentag'] = $markup['opentag']; $usergroupmarkup["{$markup['usergroupid']}"]['closetag'] = $markup['closetag']; } require_once DIR . '/includes/adminfunctions.php'; require_once DIR . '/includes/functions_databuild.php'; build_channel_permissions(); build_birthdays(); // could be changing sig perms -- this is unscientific, but empty the sig cache vB::getDbAssertor()->assertQuery('truncateTable', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_METHOD, 'table' => 'sigparsed')); if ($newugid) { return $newugid; } else { return $usergroupid; } }
print_input_row($vbphrase['date_format_override'], 'dateoverride', ''); print_input_row($vbphrase['time_format_override'], 'timeoverride', ''); print_input_row($vbphrase['registereddate_format_override'], 'registereddateoverride', ''); print_input_row($vbphrase['calformat1_format_override'], 'calformat1override', ''); print_input_row($vbphrase['calformat2_format_override'], 'calformat2override', ''); print_input_row($vbphrase['logdate_format_override'], 'logdateoverride', ''); print_description_row($vbphrase['number_formatting'], 0, 2, 'thead'); print_input_row($vbphrase['decimal_separator'], 'decimalsep', '.', 1, 3, 1); print_input_row($vbphrase['thousands_separator'], 'thousandsep', ',', 1, 3, 1); print_submit_row($vbphrase['save']); } // ########################################################################## if ($_POST['do'] == 'update_settings') { $vbulletin->input->clean_array_gpc('p', array_merge($langglobals, array('isdefault' => TYPE_BOOL))); require_once DIR . '/includes/functions_misc.php'; $vbulletin->GPC['options'] = convert_array_to_bits($vbulletin->GPC['options'], $vbulletin->bf_misc_languageoptions); foreach ($langglobals as $key => $val) { $langupdate["{$key}"] = $vbulletin->GPC["{$key}"]; } if (empty($langupdate['title']) or empty($langupdate['charset'])) { print_stop_message('please_complete_required_fields'); } if ($isdefault and $langupdate['userselect'] == 0) { print_stop_message('cant_delete_default_language'); } // User has defined a locale. if ($langupdate['locale'] != '') { if (!setlocale(LC_TIME, $langupdate['locale']) or !setlocale(LC_CTYPE, $langupdate['locale'])) { print_stop_message('invalid_locale', $langupdate['locale']); } if ($langupdate['dateoverride'] == '' or $langupdate['timeoverride'] == '' or $langupdate['registereddateoverride'] == '' or $langupdate['calformat1override'] == '' or $langupdate['calformat2override'] == '' or $langupdate['logdateoverride'] == '') {
/** * Converts an array of 1/0 options into the permissions bitfield * * @param mixed Int OR Array of 1/0 values keyed with the bitfield names for the moderator permissions bitfield * * @return boolean Returns true on success */ function verify_permissions2(&$permissions) { if (!is_array($permissions) and intval($permissions)) { return true; } require_once DIR . '/includes/functions_misc.php'; return $permissions = convert_array_to_bits($permissions, vB::getDatastore()->get_value('bf_misc_moderatorpermissions2')); }
if (!is_array($vbulletin->GPC['permissions']["{$permtype}"]["{$permgroupid}"])) { $vbulletin->GPC['permissions']["{$permtype}"]["{$permgroupid}"] = $group_default; } } } $do_save = $vbulletin->GPC['force']["{$permtype}"]; if (!$vbulletin->GPC['projectid']) { $do_save = true; } $perms = array(); foreach ($vbulletin->GPC['permissions']["{$permtype}"] as $groupid => $bits) { if (is_int($bits)) { $perms["{$groupid}"] = $bits; } else { // convert to int from array of bits $perms["{$groupid}"] = intval(convert_array_to_bits($bits, $vbulletin->pt_bitfields["{$groupid}"])); } if (!isset($vbulletin->GPC['original']["{$permtype}"]["{$groupid}"]) or $perms["{$groupid}"] != intval($vbulletin->GPC['original']["{$permtype}"]["{$groupid}permissions"])) { $do_save = true; } } if ($do_save) { // permissions changed or we're forcing custom perms to be set $db->query_write("\n\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "pt_projectpermission\n\t\t\t\t\t(usergroupid, projectid, issuetypeid, generalpermissions, postpermissions, attachpermissions)\n\t\t\t\tVALUES\n\t\t\t\t\t(" . $vbulletin->GPC['usergroupid'] . ",\n\t\t\t\t\t" . $vbulletin->GPC['projectid'] . ",\n\t\t\t\t\t'" . $db->escape_string($permtype) . "',\n\t\t\t\t\t" . intval($perms['general']) . ",\n\t\t\t\t\t" . intval($perms['post']) . ",\n\t\t\t\t\t" . intval($perms['attach']) . ")\n\t\t\t"); } } if (!$vbulletin->GPC['projectid']) { // updating usergroup-level permissions $newpermval = 0; foreach ($vbulletin->GPC['ugpermissions'] as $bitval => $yesno) { if ($yesno) {
print_no_permission(); } if ( !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) OR !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canhavegroupblog']) OR !($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canjoingroupblog']) ) { print_no_permission(); } require_once(DIR . '/includes/functions_misc.php'); $permissions = convert_array_to_bits($vbulletin->GPC['userperm'], $vbulletin->bf_misc_vbbloggrouppermissions); $db->query_write(" UPDATE " . TABLE_PREFIX . "blog_groupmembership SET permissions = $permissions WHERE userid = $userinfo[userid] AND bloguserid = " . $vbulletin->userinfo['userid'] . " "); $vbulletin->url = 'blog_usercp.php?' . $vbulletin->session->vars['sessionurl'] . 'do=groups'; eval(print_standard_redirect('redirect_group_permissions_updated_successfully')); } if ($_REQUEST['do'] == 'customize' OR $_POST['do'] == 'docustomize') { if ( !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) OR
if ($_POST['do'] == 'updatecp') { $vbulletin->input->clean_array_gpc('p', array('categorypermissionid' => TYPE_UINT, 'blogcategoryid' => TYPE_UINT, 'useusergroup' => TYPE_BOOL, 'categorypermission' => TYPE_ARRAY)); define('CP_REDIRECT', "blog_admin.php?do=listcp#category" . $vbulletin->GPC['blogcategoryid']); if ($vbulletin->GPC['useusergroup']) { // use usergroup defaults. delete categorypermission if it exists if ($vbulletin->GPC['categorypermissionid']) { $db->query_write("\r\n\t\t\t\tDELETE FROM " . TABLE_PREFIX . "blog_categorypermission\r\n\t\t\t\tWHERE categorypermissionid = " . $vbulletin->GPC['categorypermissionid']); build_category_permissions(); print_stop_message('deleted_category_permissions_successfully'); } else { build_category_permissions(); print_stop_message('saved_category_permissions_successfully'); } } else { require_once DIR . '/includes/functions_misc.php'; $vbulletin->GPC['categorypermission']['categorypermissions'] = convert_array_to_bits($vbulletin->GPC['categorypermission'], $vbulletin->bf_ugp_vbblog_general_permissions, 1); if ($vbulletin->GPC['blogcategoryid'] and !$vbulletin->GPC['categorypermissionid']) { $vbulletin->GPC['categorypermission']['blogcategoryid'] = $vbulletin->GPC['blogcategoryid']; $query = fetch_query_sql($vbulletin->GPC['categorypermission'], 'blog_categorypermission'); $db->query_write($query); } else { $query = fetch_query_sql($vbulletin->GPC['categorypermission'], 'blog_categorypermission', "WHERE categorypermissionid = " . $vbulletin->GPC['categorypermissionid']); $db->query_write($query); } build_category_permissions(); print_stop_message('saved_category_permissions_successfully'); } } if ($_REQUEST['do'] == 'stats') { $vbulletin->input->clean_array_gpc('r', array('start' => TYPE_ARRAY_INT, 'end' => TYPE_ARRAY_INT, 'scope' => TYPE_NOHTML, 'sort' => TYPE_NOHTML, 'nullvalue' => TYPE_BOOL, 'username' => TYPE_NOHTML, 'type' => TYPE_NOHTML)); if (!empty($vbulletin->GPC['username'])) {
} // ############################################################################# // Moderator Permissions if ($vbulletin->GPC['step'] == 23) { $db->query_write("ALTER TABLE moderator ADD permissions INT UNSIGNED NOT NULL DEFAULT '0'"); echo_flush(sprintf($vbphrase['alter_table'], TABLE_PREFIX . "moderator") . "\n"); $moderators = $db->query_read("\n\t\tSELECT moderator.*,forum.title,user.username\n\t\tFROM moderator\n\t\tLEFT JOIN forum ON(forum.forumid=moderator.forumid)\n\t\tLEFT JOIN user ON(user.userid=moderator.userid)\n\t"); echo "<p>{$upgrade_phrases['upgrade_300b3.php']['updating_moderator_perms']}</p><ul>"; require_once DIR . '/includes/functions_misc.php'; while ($moderator = $db->fetch_array($moderators)) { echo "<li>" . sprintf($upgrade_phrases['upgrade_300b3.php']['moderator_x_forum_y'], $moderator['username'], $moderator['title']) . " ..."; vbflush(); if ($moderator['title'] == '' or $moderator['username'] == '') { echo "<i>{$upgrade_phrases['upgrade_300b3.php']['deleted_not_needed']}</i></li>\n"; } else { $perms = convert_array_to_bits($moderator, $vbulletin->bf_misc_moderatorpermissions); $db->query_write("UPDATE moderator SET permissions={$perms} WHERE moderatorid={$moderator['moderatorid']}"); echo "</li>\n"; } } echo "</ul>\n"; // drop fields converted to bitfield 'permissions' $query[] = "ALTER TABLE moderator\n\t\tDROP newthreademail,\n\t\tDROP newpostemail,\n\t\tDROP caneditposts,\n\t\tDROP candeleteposts\n\t"; $explain[] = sprintf($vbphrase['alter_table_step_x'], 'moderator', 1, 4); // drop fields converted to bitfield 'permissions' $query[] = "ALTER TABLE moderator\n\t\tDROP canviewips,\n\t\tDROP canmanagethreads,\n\t\tDROP canopenclose,\n\t\tDROP caneditthreads\n\t"; $explain[] = sprintf($vbphrase['alter_table_step_x'], 'moderator', 2, 4); // drop fields converted to bitfield 'permissions' $query[] = "ALTER TABLE moderator\n\t\tDROP caneditstyles,\n\t\tDROP canbanusers,\n\t\tDROP canviewprofile,\n\t\tDROP canannounce\n\t"; $explain[] = sprintf($vbphrase['alter_table_step_x'], 'moderator', 3, 4); // drop fields converted to bitfield 'permissions'
} print_yes_no_row($vbphrase["{$permvalue['phrase']}"], "usergroup[{$permvalue['parentgroup']}][{$permtitle}]", $getval); } } print_table_break(); print_column_style_code(array('width: 70%', 'width: 30%')); } print_submit_row(iif($_REQUEST['do'] == 'add', $vbphrase['save'], $vbphrase['update'])); } // ###################### Start insert / update ####################### if ($_POST['do'] == 'update') { $vbulletin->input->clean_array_gpc('p', array('usergroup' => TYPE_ARRAY, 'ugid_base' => TYPE_INT)); // create bitfield values require_once DIR . '/includes/functions_misc.php'; foreach ($vbulletin->bf_ugp as $permissiongroup => $fields) { $vbulletin->GPC['usergroup']["{$permissiongroup}"] = convert_array_to_bits($vbulletin->GPC['usergroup']["{$permissiongroup}"], $fields, 1); } ($hook = vBulletinHook::fetch_hook('admin_usergroup_save')) ? eval($hook) : false; if (!empty($vbulletin->GPC['usergroupid'])) { // update if (!($vbulletin->GPC['usergroup']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) { // check that not removing last admin group $checkadmin = $db->query_first("\n\t\t\t\tSELECT COUNT(*) AS usergroups\n\t\t\t\tFROM " . TABLE_PREFIX . "usergroup\n\t\t\t\tWHERE (adminpermissions & " . $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] . ") AND\n\t\t\t\t\tusergroupid <> " . $vbulletin->GPC['usergroupid'] . "\n\t\t\t"); if ($vbulletin->GPC['usergroupid'] == 6) { // stop them turning no control panel for usergroup 6, seems the most sensible thing print_stop_message('invalid_usergroup_specified'); } if (!$checkadmin['usergroups']) { print_stop_message('cant_delete_last_admin_group'); } }
print_table_header($vbphrase['quick_forum_permission_setup']); print_forum_chooser($vbphrase['apply_permissions_to_forum'], 'forumid', -1); print_label_row($vbphrase['apply_permissions_to_usergroup'], "<span class=\"smallfont\">{$usergrouplist}</span>", '', 'top', 'usergrouplist'); print_description_row($vbphrase['permission_overwrite_notice']); print_table_break(); print_forum_permission_rows($vbphrase['permissions']); print_submit_row(); } // ###################### Start do quick forum ####################### if ($_POST['do'] == 'doquickforum') { $vbulletin->input->clean_array_gpc('p', array('usergrouplist' => TYPE_ARRAY, 'forumid' => TYPE_INT, 'forumpermission' => TYPE_ARRAY_INT)); if (sizeof($vbulletin->GPC['usergrouplist']) == 0) { print_stop_message('invalid_usergroup_specified'); } require_once DIR . '/includes/functions_misc.php'; $permbits = convert_array_to_bits($vbulletin->GPC['forumpermission'], $vbulletin->bf_ugp_forumpermissions, 1); foreach ($vbulletin->GPC['usergrouplist'] as $usergroupid => $confirm) { if ($confirm == 1) { $usergroupid = intval($usergroupid); /*insert query*/ $db->query_write("\n\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "forumpermission\n\t\t\t\t\t(forumid, usergroupid, forumpermissions)\n\t\t\t\tVALUES\n\t\t\t\t\t(" . $vbulletin->GPC['forumid'] . ", {$usergroupid}, {$permbits})\n\t\t\t"); ($hook = vBulletinHook::fetch_hook('admin_fperms_doquickforum')) ? eval($hook) : false; } } build_forum_permissions(); define('CP_REDIRECT', 'forumpermission.php?do=modify&f=' . $vbulletin->GPC['forumid']); print_stop_message('saved_forum_permissions_successfully'); } // ###################### Start quick set ####################### if ($_REQUEST['do'] == 'quickset') { $vbulletin->input->clean_array_gpc('r', array('type' => TYPE_STR, 'forumid' => TYPE_INT));
print_submit_row(); } // ###################### Start do quick forum ####################### if ($_POST['do'] == 'doquickforum') { $vbulletin->input->clean_array_gpc('p', array('usergrouplist' => vB_Cleaner::TYPE_ARRAY, 'nodeid' => vB_Cleaner::TYPE_INT, 'forumpermissions' => vB_Cleaner::TYPE_ARRAY_INT, 'moderatorpermissions' => vB_Cleaner::TYPE_ARRAY_INT, 'createpermissions' => vB_Cleaner::TYPE_ARRAY_INT, 'edit_time' => vB_Cleaner::TYPE_INT, 'require_moderate' => vB_Cleaner::TYPE_INT, 'maxtags' => vB_Cleaner::TYPE_INT, 'maxstartertags' => vB_Cleaner::TYPE_INT, 'maxothertags' => vB_Cleaner::TYPE_INT, 'maxattachments' => vB_Cleaner::TYPE_INT)); if (sizeof($vbulletin->GPC['usergrouplist']) == 0) { print_stop_message2('invalid_usergroup_specified'); } require_once DIR . '/includes/functions_misc.php'; $bf_ugp_forumpermissions = vB::getDatastore()->getValue('bf_ugp_forumpermissions'); $bf_misc_moderatorpermissions = vB::getDatastore()->getValue('bf_misc_moderatorpermissions'); $bf_ugp_createpermissions = vB::getDatastore()->getValue('bf_ugp_createpermissions'); $forumpermbits = convert_array_to_bits($vbulletin->GPC['forumpermissions'], $bf_ugp_forumpermissions, 1); $forum2permbits = convert_array_to_bits($vbulletin->GPC['forumpermissions2'], $bf_ugp_forumpermissions, 1); $moderatorpermbits = convert_array_to_bits($vbulletin->GPC['moderatorpermissions'], $bf_misc_moderatorpermissions, 1); $createpermbits = convert_array_to_bits($vbulletin->GPC['createpermissions'], $bf_ugp_createpermissions, 1); foreach ($vbulletin->GPC['usergrouplist'] as $usergroupid => $confirm) { if ($confirm == 1) { $usergroupid = intval($usergroupid); /*insert query*/ vB::getDbAssertor()->assertQuery('replacePermissions', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'nodeid' => $vbulletin->GPC['nodeid'], 'usergroupid' => $usergroupid, 'forumpermissions' => $forumpermbits, 'moderatorpermissions' => $moderatorpermbits, 'createpermissions' => $createpermbits, 'forumpermissions2' => $forum2permbits, 'edit_time' => $vbulletin->GPC['edit_time'], 'require_moderate' => $vbulletin->GPC['require_moderate'], 'maxtags' => $vbulletin->GPC['maxtags'], 'maxstartertags' => $vbulletin->GPC['maxstartertags'], 'maxothertags' => $vbulletin->GPC['maxothertags'], 'maxattachments' => $vbulletin->GPC['maxattachments'], 'maxchannels' => $vbulletin->GPC['maxchannels'], 'channeliconmaxsize' => $vbulletin->GPC['channeliconmaxsize'])); // Legacy Hook 'admin_nperms_doquickforum' Removed // } } build_channel_permissions(); print_stop_message2('saved_channel_permissions_successfully', 'forumpermission', array('do' => 'modify', 'n' => $vbulletin->GPC['nodeid'])); } // ###################### Start quick set ####################### if ($_REQUEST['do'] == 'quickset') { $vbulletin->input->clean_array_gpc('r', array('type' => vB_Cleaner::TYPE_STR, 'nodeid' => vB_Cleaner::TYPE_INT)); verify_cp_sessionhash();
/** * Converts an array of 1/0 options into the permissions bitfield * * @param array Array of 1/0 values keyed with the bitfield names for the moderator permissions bitfield * * @return boolean Returns true on success */ function verify_permissions2(&$permissions) { require_once DIR . '/includes/functions_misc.php'; return $permissions = convert_array_to_bits($permissions, $this->registry->bf_misc_moderatorpermissions2); }
if (vB_Bitfield_Builder::build(false) !== false) { $myobj =& vB_Bitfield_Builder::init(); } else { echo "<strong>error</strong>\n"; print_r(vB_Bitfield_Builder::fetch_errors()); } foreach ($myobj->data['ugp']['adminpermissions'] as $title => $values) { // don't show settings that have a group for the usergroup page if (empty($values['group'])) { $ADMINPERMISSIONS["{$title}"] = $values['value']; $permsphrase["{$title}"] = $vbphrase["{$values['phrase']}"]; } } $vbulletin->input->clean_array_gpc('p', array('oldpermissions' => TYPE_INT, 'adminpermissions' => TYPE_ARRAY_INT)); require_once DIR . '/includes/functions_misc.php'; log_admin_action(iif($user, "user id = {$user['userid']} ({$user['username']})" . iif($_POST['do'] == 'update', " (" . $vbulletin->GPC['oldpermissions'] . " » " . convert_array_to_bits($vbulletin->GPC['adminpermissions'], $ADMINPERMISSIONS) . ")"))); // ############################################################################# if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'modify'; } // ############################################################################# if ($_POST['do'] == 'update') { $vbulletin->input->clean_array_gpc('p', array('cssprefs' => TYPE_STR, 'dismissednews' => TYPE_STR)); foreach ($vbulletin->GPC['adminpermissions'] as $key => $value) { $admindm->set_bitfield('adminpermissions', $key, $value); } ($hook = vBulletinHook::fetch_hook('admin_permissions_process')) ? eval($hook) : false; $admindm->set('cssprefs', $vbulletin->GPC['cssprefs']); $admindm->set('dismissednews', $vbulletin->GPC['dismissednews']); $admindm->save(); define('CP_REDIRECT', "adminpermissions.php?" . $vbulletin->session->vars['sessionurl'] . "#user{$user['userid']}");
/** * Insert or update language * * @param array $data Language options to be inserted or updated * @param int $languageid If not 0, the language with the ID will be updated * @return int New language ID or the updated language ID */ public function save($data, $languageid = 0) { $this->checkHasAdminPermission('canadminlanguages'); require_once DIR . '/includes/adminfunctions.php'; require_once DIR . '/includes/adminfunctions_language.php'; $langglobals = array('title', 'vblangcode', 'revision', 'userselect', 'options', 'languagecode', 'charset', 'locale', 'imagesoverride', 'dateoverride', 'timeoverride', 'registereddateoverride', 'calformat1override', 'calformat2override', 'logdateoverride', 'decimalsep', 'thousandsep'); $bf_misc_languageoptions = vB::getDatastore()->get_value('bf_misc_languageoptions'); require_once DIR . '/includes/functions_misc.php'; $data['options'] = convert_array_to_bits($data['options'], $bf_misc_languageoptions); $newlang = array(); foreach ($langglobals as $val) { $newlang["{$val}"] =& $data["{$val}"]; } if (empty($newlang['title']) or empty($newlang['charset'])) { throw new vB_Exception_Api('please_complete_required_fields'); } // User has defined a locale. if ($newlang['locale'] != '') { if (!setlocale(LC_TIME, $newlang['locale']) or !setlocale(LC_CTYPE, $newlang['locale'])) { throw new vB_Exception_Api('invalid_locale', array($newlang['locale'])); } if ($newlang['dateoverride'] == '' or $newlang['timeoverride'] == '' or $newlang['registereddateoverride'] == '' or $newlang['calformat1override'] == '' or $newlang['calformat2override'] == '' or $newlang['logdateoverride'] == '') { throw new vB_Exception_Api('locale_define_fill_in_all_overrides'); } } if (!$languageid) { /*insert query*/ $insertdata = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT); $insertdata += $newlang; $_languageid = vB::getDbAssertor()->assertQuery('language', $insertdata); $languageid = $_languageid; build_language($languageid); build_language_datastore(); } else { if (empty($data['product'])) { $data['product'] = 'vbulletin'; } $updatelanguage = false; if (!empty($data['rvt'])) { $updatelanguage = true; vB::getDbAssertor()->assertQuery('phrase', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_DELETE, 'phraseid' => $data['rvt'])); // unset reverted phrases foreach (array_keys($data['rvt']) as $varname) { unset($data['def']["{$varname}"]); } } if (!empty($data['def'])) { $updaterows = vB::getDbAssertor()->assertQuery('updateLanguagePhrases', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_METHOD, 'def' => $data['def'], 'languageid' => $languageid, 'fieldname' => $data['fieldname'])); } if ($updaterows) { $updatelanguage = true; } /* update query */ $updatedata = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_UPDATE); $updatewhere = array(vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'languageid', 'value' => $languageid, 'operator' => vB_dB_Query::OPERATOR_EQ))); $updatedata += $newlang; $updatedata += $updatewhere; $updateprincipal = vB::getDbAssertor()->assertQuery('language', $updatedata); if ($updatelanguage) { build_language($languageid); } } return $languageid; }