function exec_postvar_call_back() { global $vbulletin; $vbulletin->input->clean_array_gpc('r', array('forumid' => TYPE_STR)); $goto = ''; $url = ''; // jump from forumjump switch ($vbulletin->GPC['forumid']) { case 'search': $goto = 'search'; break; case 'pm': $goto = 'private'; break; case 'wol': $goto = 'online'; break; case 'cp': $goto = 'usercp'; break; case 'subs': $goto = 'subscription'; break; case 'home': case '-1': $url = fetch_seo_url('forumhome|js', array()); break; } // intval() forumid since having text in it is not expected anywhere else and it can't be "cleaned" a second time $vbulletin->GPC['forumid'] = intval($vbulletin->GPC['forumid']); if ($goto != '') { $url = "{$goto}.php?"; if (!empty($vbulletin->session->vars['sessionurl_js'])) { $url .= $vbulletin->session->vars['sessionurl_js']; } } if ($url != '') { exec_header_redirect($url); } // end forumjump redirects }
/** * Verify Friendly URL * Ensures the requested URL was in the correct format according to the * friendlyurl option. If not, throw a 301 to the correct route. */ public function assertFriendlyUrl() { // API don't need to redirect if (defined('VB_API') and VB_API === true) { return; } // Only redirect on GET if ('GET' != $_SERVER['REQUEST_METHOD']) { return; } // If this route isn't valid then we'll be 404'ing anyway if (!$this->isValid()) { return; } // If we don't have an entry path then there's nothing to do if (!($request_path = vB_Router::getEntryPath())) { return; } // Allow hooks to handle non canonical urls ($hook = vBulletinHook::fetch_hook('friendlyurl_redirect_canonical_route')) ? eval($hook) : false; // Check if we should be enforcing the canonical url if (vB_Friendly_Url::CANON_OFF == vB::$vbulletin->options['friendlyurl_canonical']) { return; } // Only redirect guests and search engines if (vB::$vbulletin->userinfo['userid'] and !vB::$vbulletin->options['friendlyurl_canonical_registered']) { return; } // Get the canonical path if (!isset($canonical_path)) { $canonical_path = $this->getRoutePath(false, vB_Friendly_Url::CANON_STRICT == vB::$vbulletin->options['friendlyurl_canonical'], true); } // Whether the request was canonical $canonical = true; // If no route path is specified then only rewrite can differ if ($request_path == VB_ROUTER_SEGMENT) { //This looks like a bug. The second "==" should be an "AND". This is based on the fact that how its written doesn't //make a lot of sense and the behavior with the change is more consistant. However its a bug with senority at this //point and fixing it will change how urls behave. For the time being leaving it alone is better than the risk of //changing it. if ((FRIENDLY_URL == FRIENDLY_URL_REWRITE) == (vB::$vbulletin->options['friendlyurl'] == FRIENDLY_URL_REWRITE)) { return; } } // Check the Friendly URL method if (FRIENDLY_URL !== intval(vB::$vbulletin->options['friendlyurl'])) { $canonical = false; } // Check URI if ($canonical and vB_Friendly_URL::CANON_STRICT == vB::$vbulletin->options['friendlyurl_canonical']) { if ($request_path != $canonical_path) { // request may have been in the current charset, try utf-8 $request_path = to_utf8($request_path, vB::$vbulletin->userinfo['lang_charset']); if ($request_path != $canonical_path) { $canonical = false; } } } // Redirect if incorrect if (!$canonical) { // Get the raw redirect url $url = $this->getCurrentURL(null, null, '', false, true); // add any query vars $vars = $_GET; unset($vars[vB::$vbulletin->options['route_requestvar']]); unset($vars['pagenumber']); // Remove duplicate created by shortvar code if (!empty($vars)) { $url .= (strpos($url, '?') ? '&' : '?') . urlimplode($vars, false, true); } //do a quick check to ensure that we aren't trying to redirect to the url //we came in on. This is needed primarily because of a special case where the //friendly url logic doesn't correctly detect the rewrite URL version of the //incoming link and will attempt to redirect because they don't match. $url = create_full_url($url); $cleaned_url = vB::$vbulletin->input->xss_clean(vB::$vbulletin->input->strip_sessionhash($url)); $cleaned_url = $this->domain_to_lower($cleaned_url); //if ($url != VB_URL_CLEAN) if (urldecode($cleaned_url) != urldecode($this->domain_to_lower(VB_URL_CLEAN))) { // redirect to the canonical url exec_header_redirect($url, 301); } } }
$userdata->verify_useremail($vbulletin->userinfo['email']); } ($hook = vBulletinHook::fetch_hook('profile_updatepassword_complete')) ? eval($hook) : false; // save the data $userdata->save(); if ($activate) { $vbulletin->url = 'usercp.php' . $vbulletin->session->vars['sessionurl_q']; eval(print_standard_redirect('redirect_updatethanks_newemail', true, true)); } else { $vbulletin->url = 'usercp.php' . $vbulletin->session->vars['sessionurl_q']; eval(print_standard_redirect('redirect_updatethanks')); } } else { if ($_GET['do'] == 'updatepassword') { // add consistency with previous behavior exec_header_redirect('profile.php?do=editpassword'); } } // ############################################################################ // ######################### EDIT BUDDY/IGNORE LISTS ########################## // ############################################################################ if ($_REQUEST['do'] == 'addlist') { $vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT, 'userlist' => TYPE_NOHTML)); if ($vbulletin->GPC['userlist'] == 'friend' and (!($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends']) or !($vbulletin->userinfo['permissions']['genericpermissions2'] & $vbulletin->bf_ugp_genericpermissions2['canusefriends']))) { $vbulletin->GPC['userlist'] = 'buddy'; } $show['friend_checkbox'] = false; $userinfo = verify_id('user', $vbulletin->GPC['userid'], true, true, FETCH_USERINFO_ISFRIEND); cache_permissions($userinfo); if ($vbulletin->GPC['userlist'] == 'buddy' or $vbulletin->GPC['userlist'] == 'friend') { // No slave here
// get special data templates from the datastore $specialtemplates = array(); // pre-cache templates used by all actions $globaltemplates = array(); // pre-cache templates used by specific actions $actiontemplates = array('buddylist' => array('BUDDYLIST', 'buddylistbit'), 'whoposted' => array('WHOPOSTED', 'whopostedbit'), 'showattachments' => array('ATTACHMENTS', 'attachmentbit'), 'showavatars' => array('help_avatars', 'help_avatars_avatar', 'help_avatars_category', 'help_avatars_row'), 'bbcode' => array('help_bbcodes', 'help_bbcodes_bbcode', 'help_bbcodes_link', 'bbcode_code', 'bbcode_html', 'bbcode_php', 'bbcode_quote'), 'getsmilies' => array('smiliepopup', 'smiliepopup_category', 'smiliepopup_row', 'smiliepopup_smilie', 'smiliepopup_straggler'), 'showsmilies' => array('help_smilies', 'help_smilies_smilie', 'help_smilies_category')); $actiontemplates['none'] =& $actiontemplates['showsmilies']; // allows proper template caching for the default action (showsmilies) if no valid action is specified if (!empty($_REQUEST['do']) and !isset($actiontemplates["{$_REQUEST['do']}"])) { $actiontemplates["{$_REQUEST['do']}"] =& $actiontemplates['showsmilies']; } // ######################### REQUIRE BACK-END ############################ require_once './global.php'; // redirect in case anyone has linked to it if ($_REQUEST['do'] == 'attachments') { exec_header_redirect('profile.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=editattachments'); } // ####################################################################### // ######################## START MAIN SCRIPT ############################ // ####################################################################### ($hook = vBulletinHook::fetch_hook('misc_start')) ? eval($hook) : false; // ############################### start buddylist ############################### if ($_REQUEST['do'] == 'buddylist') { if (!$vbulletin->userinfo['userid']) { print_no_permission(); } ($hook = vBulletinHook::fetch_hook('misc_buddylist_start')) ? eval($hook) : false; $buddies =& $vbulletin->input->clean_gpc('r', 'buddies', TYPE_STR); $datecut = TIMENOW - $vbulletin->options['cookietimeout']; $buddys = $db->query_read_slave("\n\t\tSELECT\n\t\tuser.username, (user.options & " . $vbulletin->bf_misc_useroptions['invisible'] . ") AS invisible, user.userid, session.lastactivity\n\t\tFROM " . TABLE_PREFIX . "userlist AS userlist\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = userlist.relationid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "session AS session ON(session.userid = user.userid)\n\t\tWHERE userlist.userid = {$vbulletin->userinfo['userid']} AND userlist.relationid = user.userid AND type = 'buddy'\n\t\tORDER BY username ASC, session.lastactivity DESC\n\t"); $onlineusers = '';
if ($displayed_dateline <= $threadview) { $updatethreadcookie = true; } } } $db->free_result($posts); unset($post); if ($postbits == '' and $vbulletin->GPC['pagenumber'] > 1) { $pageinfo = array('page' => $vbulletin->GPC['pagenumber'] - 1); if (!empty($vbulletin->GPC['perpage'])) { $pageinfo['pp'] = $perpage; } if (!empty($vbulletin->GPC['highlight'])) { $pageinfo['highlight'] = urlencode($vbulletin->GPC['highlight']); } exec_header_redirect(fetch_seo_url('thread|js', $threadinfo, $pageinfo)); } DEVDEBUG("First Post: {$FIRSTPOSTID}; Last Post: {$LASTPOSTID}"); $pageinfo = array(); if ($vbulletin->GPC['highlight']) { $pageinfo['highlight'] = urlencode($vbulletin->GPC['highlight']); } if (!empty($vbulletin->GPC['perpage'])) { $pageinfo['pp'] = $perpage; } $pagenav = construct_page_nav($vbulletin->GPC['pagenumber'], $perpage, $totalposts, '', '', '', 'thread', $threadinfo, $pageinfo); if ($thread['lastpost'] > $threadview) { if ($firstnew) { $firstunread = fetch_seo_url('thread', $threadinfo, array('page' => $vbulletin->GPC['pagenumber'])) . '#post' . $firstnew; $show['firstunreadlink'] = true; } else {
(attachmentid, settings) VALUES (" . $vbulletin->GPC['attachmentid'] . ", '" . $db->escape_string(serialize($settings)) . "') ON DUPLICATE KEY UPDATE settings = '" . $db->escape_string(serialize($settings)) . "' "); $xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); $xml->add_tag('ok', 1); $xml->print_xml(); } if ($_REQUEST['do'] == 'rss') { //we just replace "ajax.php" with "external.php" $redirect_url = 'external.php?' . $_SERVER['QUERY_STRING']; exec_header_redirect($redirect_url , 301); } if ($_REQUEST['do'] == 'get_comments') { $current_user = new vB_Legacy_CurrentUser(); $vbulletin->input->clean_array_gpc('r', array( 'per_page' => TYPE_UINT, 'page' => TYPE_UINT, 'comments_previous' => TYPE_STR, 'comments_next' => TYPE_STR, 'nodeid' => TYPE_UINT, 'this_url' => TYPE_STR)); if (! $vbulletin->GPC_exists['page']) {
} ++$versionkey; // to handle the case when we are running the version before a wildcard version while (strpos($_versions["{$versionkey}"], '*') !== false) { ++$versionkey; } if ($versionkey !== false and isset($_versions[$versionkey])) { // we know what script this version needs to go to $link = 'upgrade_' . $_versions[$versionkey] . '.php'; } else { if (intval($vbulletin->versionnumber) == 3) { // assume we are finished $link = 'finalupgrade.php'; } else { // no log and invalid version, so assume it's 2.x $link = 'upgrade_300b3.php'; } } } if ($vbulletin->GPC['show']) { echo "<p><a href=\"{$link}\">{$link}</a></p>"; echo "<p><a href=\"upgrade.php\">[{$vbphrase['refresh']}]</a></p>"; } else { exec_header_redirect($link); } /*======================================================================*\ || #################################################################### || # Downloaded: 09:39, Wed Nov 5th 2008 || # CVS: $RCSfile$ - $Revision: 28279 $ || #################################################################### \*======================================================================*/
|| # This file may not be redistributed in whole or significant part. # || || # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # || || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # || || #################################################################### || \*======================================================================*/ // ######################## SET PHP ENVIRONMENT ########################### error_reporting(E_ALL & ~E_NOTICE); chdir('./../'); // ##################### DEFINE IMPORTANT CONSTANTS ####################### define('VB_AREA', 'Install'); define('TIMENOW', time()); header('Expires: ' . gmdate("D, d M Y H:i:s", TIMENOW) . ' GMT'); header("Last-Modified: " . gmdate("D, d M Y H:i:s", TIMENOW) . ' GMT'); // ########################## REQUIRE BACK-END ############################ require_once './install/includes/class_upgrade.php'; require_once './install/init.php'; require_once DIR . '/includes/functions.php'; require_once DIR . '/includes/functions_misc.php'; $db->hide_errors(); $db->query_first("SELECT * FROM " . TABLE_PREFIX . "datastore"); if ($db->errno()) { exec_header_redirect('install.php'); } else { exec_header_redirect('upgrade.php'); } /*======================================================================*\ || #################################################################### || # Downloaded: 03:13, Sat Sep 7th 2013 || # CVS: $RCSfile$ - $Revision: 32287 $ || #################################################################### \*======================================================================*/
} $phraseids = array_keys($vbulletin->GPC['replace']); $phrases = $db->query_read("\n\t\tSELECT *\n\t\tFROM " . TABLE_PREFIX . "phrase\n\t\tWHERE phraseid IN (" . implode(',', $phraseids) . ")\n\t"); while ($phrase = $db->fetch_array($phrases)) { $phrase['product'] = empty($phrase['product']) ? 'vbulletin' : $phrase['product']; $phrase['text'] = str_replace($vbulletin->GPC['searchstring'], $vbulletin->GPC['replacestring'], $phrase['text']); if ($phrase['languageid'] == $vbulletin->GPC['languageid']) { // update $db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "phrase SET\n\t\t\t\t\ttext = '" . $db->escape_string($phrase['text']) . "',\n\t\t\t\t\tusername = '******'username']) . "',\n\t\t\t\t\tdateline = " . TIMENOW . ",\n\t\t\t\t\tversion = '" . $db->escape_string($full_product_info["{$phrase['product']}"]['version']) . "'\n\t\t\t\tWHERE phraseid = {$phrase['phraseid']}\n\t\t\t"); } else { // insert /*insert query*/ $db->query_write("\n\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "phrase\n\t\t\t\t\t(languageid, varname, text, fieldname, product, username, dateline, version)\n\t\t\t\tVALUES\n\t\t\t\t\t(" . $vbulletin->GPC['languageid'] . ",\n\t\t\t\t\t'" . $db->escape_string($phrase['varname']) . "',\n\t\t\t\t\t'" . $db->escape_string($phrase['text']) . "',\n\t\t\t\t\t'" . $db->escape_string($phrase['fieldname']) . "',\n\t\t\t\t\t'" . $db->escape_string($phrase['product']) . "',\n\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t'" . $db->escape_string($full_product_info["{$phrase['product']}"]['version']) . "')\n\t\t\t"); } } exec_header_redirect("language.php?" . $vbulletin->session->vars['sessionurl'] . "do=rebuild&goto=" . urlencode("phrase.php?" . $vbulletin->session->vars['sessionurl'] . "do=search")); } // ############################################################################# if ($_POST['do'] == 'replace') { $vbulletin->input->clean_array_gpc('p', array('searchstring' => TYPE_STR, 'replacestring' => TYPE_STR, 'languageid' => TYPE_INT)); if (empty($vbulletin->GPC['searchstring']) or empty($vbulletin->GPC['replacestring'])) { print_stop_message('please_complete_required_fields'); } // do a rather clever query to find what phrases to display $phraseids = '0'; $phrases = $db->query_read("\n\t\tSELECT\n\t\t\tIF(pcust.phraseid IS NULL, pmast.phraseid, pcust.phraseid) AS phraseid,\n\t\t\tIF(pcust.phraseid IS NULL, pmast.text, pcust.text) AS xtext\n\t\tFROM " . TABLE_PREFIX . "phrase AS pmast\n\t\tLEFT JOIN " . TABLE_PREFIX . "phrase AS pcust ON (\n\t\t\tpcust.varname = pmast.varname AND\n\t\t\tpcust.fieldname = pmast.fieldname AND\n\t\t\tpcust.languageid = " . $vbulletin->GPC['languageid'] . "\n\t\t)\n\t\tWHERE pmast.languageid = -1\n\t\tHAVING " . fetch_field_like_sql($vbulletin->GPC['searchstring'], 'xtext', false, true) . "\n\t"); while ($phrase = $db->fetch_array($phrases)) { $phraseids .= ",{$phrase['phraseid']}"; } $db->free_result($phrases); // now do a simple query to actually fetch the data
} // ############################################################################# if ($_POST['do'] == 'updatestatus') { $vbulletin->input->clean_gpc('p', 'enabled', TYPE_ARRAY_UINT); $feeds_result = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "rssfeed ORDER BY title"); while ($feed = $db->fetch_array($feeds_result)) { $old = $feed['options'] & $vbulletin->bf_misc_feedoptions['enabled'] ? 1 : 0; $new = $vbulletin->GPC['enabled']["{$feed['rssfeedid']}"] ? 1 : 0; if ($old != $new) { $feeddata =& datamanager_init('RSSFeed', $vbulletin, ERRTYPE_ARRAY); $feeddata->set_existing($feed); $feeddata->set_bitfield('options', 'enabled', $new); $feeddata->save(); } } exec_header_redirect('rssposter.php'); } print_cp_header($vbphrase['rss_feed_manager']); // ############################################################################# if ($_POST['do'] == 'kill') { $vbulletin->input->clean_gpc('p', 'rssfeedid', TYPE_UINT); if ($vbulletin->GPC['rssfeedid'] and $feed = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "rssfeed WHERE rssfeedid = " . $vbulletin->GPC['rssfeedid'])) { $feeddata =& datamanager_init('RSSFeed', $vbulletin, ERRTYPE_ARRAY); $feeddata->set_existing($feed); $feeddata->delete(); define('CP_REDIRECT', 'rssposter.php'); print_stop_message('deleted_rssfeed_x_successfully', $feeddata->fetch_field('title')); } else { echo "Kill oops"; } }
eval(standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink']))); } $forumperms = fetch_permissions($threadinfo['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) OR !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) { print_no_permission(); } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) AND ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] OR $vbulletin->userinfo['userid'] == 0)) { print_no_permission(); } if ($threadinfo['open'] == 10) { exec_header_redirect('printthread.php?' . $vbulletin->session->vars['sessionurl_js'] . "t=$threadinfo[pollid]"); } // check if there is a forum password and if so, ensure the user has it set verify_forum_password($foruminfo['forumid'], $foruminfo['password']); // split thread over pages if necessary $countposts = $db->query_first_slave(" SELECT COUNT(*) AS total FROM " . TABLE_PREFIX . "post AS post WHERE threadid=$threadinfo[threadid] AND visible=1 "); $totalposts = $countposts['total']; $vbulletin->GPC['perpage'] = sanitize_maxposts($vbulletin->GPC['perpage']); $maxperpage = sanitize_maxposts(-1);
/** * Halts execution and redirects to the address specified * * If the 'useheaderredirect' option is on, the system will attempt to redirect invisibly using header('Location... * However, 'useheaderredirect' is overridden by setting $forceredirect to a true value. * * @param string Redirect message * @param string URL to which to redirect the browser */ function standard_redirect($message = '', $forceredirect = false) { global $header, $footer, $headinclude, $headinclude_bottom, $forumjump; global $timezone, $vbulletin, $vbphrase; static $str_find = array('"', '<', '>'), $str_replace = array('"', '<', '>'); if ($vbulletin->db->explain) { $totaltime = microtime(true) - TIMESTART; $vartext .= "<!-- Page generated in " . vb_number_format($totaltime, 5) . " seconds with " . $vbulletin->db->querycount . " queries -->"; $querytime = $vbulletin->db->time_total; echo "\n<b>Page generated in $totaltime seconds with " . $vbulletin->db->querycount . " queries,\nspending $querytime doing MySQL queries and " . ($totaltime - $querytime) . " doing PHP things.\n\n<hr />Shutdown Queries:</b>" . (defined('NOSHUTDOWNFUNC') ? " <b>DISABLED</b>" : '') . "<hr />\n\n"; exit; } if ($vbulletin->options['useheaderredirect'] AND !$forceredirect AND !headers_sent() AND !$vbulletin->GPC['postvars']) { exec_header_redirect(unhtmlspecialchars($vbulletin->url, true)); } $title = $vbulletin->options['bbtitle']; $pagetitle = $title; $errormessage = $message; $url = unhtmlspecialchars($vbulletin->url, true); $url = str_replace(chr(0), '', $url); $url = create_full_url($url); $url = str_replace($str_find, $str_replace, $url); $js_url = addslashes_js($url, '"'); // " has been replaced by " $url = preg_replace( array('/�*59;?/', '/�*3B;?/i', '#;#'), '%3B', $url ); $url = preg_replace('#&%3B#i', '&', $url); define('NOPMPOPUP', 1); // No footer here require_once(DIR . '/includes/functions_misc.php'); $postvars = construct_hidden_var_fields(verify_client_string($vbulletin->GPC['postvars'])); $formfile =& $url; ($hook = vBulletinHook::fetch_hook('redirect_generic')) ? eval($hook) : false; $templater = vB_Template::create('STANDARD_REDIRECT'); $templater->register('errormessage', $errormessage); $templater->register('formfile', $formfile); $templater->register('headinclude', $headinclude); $templater->register('headinclude_bottom', $headinclude_bottom); $templater->register('js_url', $js_url); $templater->register('pagetitle', $pagetitle); $templater->register('postvars', $postvars); $templater->register('url', $url); print_output($templater->render()); exit; }
// get first and last post ids for this page (for big reply buttons) if (!isset($FIRSTPOSTID)) { $FIRSTPOSTID = $post['postid']; } $LASTPOSTID = $post['postid']; if ($post['dateline'] > $displayed_dateline) { $displayed_dateline = $post['dateline']; if ($displayed_dateline <= $threadview) { $updatethreadcookie = true; } } } $db->free_result($posts); unset($post); if ($postbits == '' and $vbulletin->GPC['pagenumber'] > 1) { exec_header_redirect('showthread.php?' . $vbulletin->session->vars['sessionurl_js'] . "t={$threadid}&page=" . ($vbulletin->GPC['pagenumber'] - 1) . (!empty($vbulletin->GPC['perpage']) ? "&pp={$perpage}" : "") . "{$highlightwords}"); } DEVDEBUG("First Post: {$FIRSTPOSTID}; Last Post: {$LASTPOSTID}"); $pagenav = construct_page_nav($vbulletin->GPC['pagenumber'], $perpage, $totalposts, "showthread.php?" . $vbulletin->session->vars['sessionurl'] . "t={$threadid}", "" . (!empty($vbulletin->GPC['perpage']) ? "&pp={$perpage}" : "") . "{$highlightwords}"); if ($thread['lastpost'] > $threadview) { if ($firstnew) { $firstunread = '#post' . $firstnew; $show['firstunreadlink'] = true; } else { $firstunread = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . 't=' . $threadid . '&goto=newpost'; $show['firstunreadlink'] = true; } } else { $firstunread = ''; $show['firstunreadlink'] = false; }
} if ((!$threadinfo['visible'] or $threadinfo['isdeleted']) and !can_moderate($threadinfo['forumid'])) { eval(standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink']))); } $forumperms = fetch_permissions($threadinfo['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) { print_no_permission(); } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) { print_no_permission(); } // check if there is a forum password and if so, ensure the user has it set verify_forum_password($foruminfo['forumid'], $foruminfo['password']); if ($_SERVER['REQUEST_METHOD'] != 'POST' or !$vbulletin->GPC['ajax']) { // redirect to showthread with a 301 exec_header_redirect(fetch_seo_url('thread|js', $threadinfo, array('p' => $postinfo['postid'])) . "#post{$postinfo['postid']}", 301); } $hook_query_fields = $hook_query_joins = ''; ($hook = vBulletinHook::fetch_hook('showpost_start')) ? eval($hook) : false; $post = $db->query_first_slave("\n\tSELECT\n\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n\t\tuser.*, userfield.*, usertextfield.*,\n\t\t" . iif($foruminfo['allowicons'], 'icon.title as icontitle, icon.iconpath,') . "\n\t\tIF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid,\n\t\t" . iif($vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight,') . "\n\t\t" . ((can_moderate($threadinfo['forumid'], 'canmoderateposts') or can_moderate($threadinfo['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . "\n\t\teditlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline, editlog.reason AS edit_reason, editlog.hashistory,\n\t\tpostparsed.pagetext_html, postparsed.hasimages,\n\t\tsigparsed.signatureparsed, sigparsed.hasimages AS sighasimages,\n\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight\n\t\t" . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), $vbulletin->profilefield['hidden']) . "\n\t\t{$hook_query_fields}\n\tFROM " . TABLE_PREFIX . "post AS post\n\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t" . iif($foruminfo['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . "\n\t" . iif($vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . "\n\t" . ((can_moderate($threadinfo['forumid'], 'canmoderateposts') or can_moderate($threadinfo['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . "\n\tLEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid)\n\tLEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ")\n\tLEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ")\n\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid)\n\t{$hook_query_joins}\n\tWHERE post.postid = {$postid}\n"); // Tachy goes to coventry if (in_coventry($threadinfo['postuserid']) and !can_moderate($threadinfo['forumid'])) { // do not show post if part of a thread from a user in Coventry and bbuser is not mod eval(standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink']))); } if (in_coventry($post['userid']) and !can_moderate($threadinfo['forumid'])) { // do not show post if posted by a user in Coventry and bbuser is not mod eval(standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink']))); } // check for attachments if ($post['attach']) {
} cache_ordered_forums(1); $datecutoff = $vbulletin->forumcache["{$foruminfo['forumid']}"]['lastpost'] - 30; $thread = $db->query_first_slave("\n\t\tSELECT thread.threadid\n\t\t\t" . ($tachyjoin ? ', IF(tachythreadpost.lastpost > thread.lastpost, tachythreadpost.lastpost, thread.lastpost) AS lastpost' : '') . "\n\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\t{$tachyjoin}\n\t\tWHERE thread.forumid IN ({$forumslist})\n\t\t\tAND thread.visible = 1\n\t\t\tAND thread.sticky IN (0,1)\n\t\t\tAND thread.open <> 10\n\t\t\t" . (!$tachyjoin ? "AND lastpost > {$datecutoff}" : '') . "\n\t\t\t{$globalignore_thread}\n\t\tORDER BY lastpost DESC\n\t\tLIMIT 1\n\t"); if (!$thread) { eval(standard_error(fetch_error('invalidid', $vbphrase['user'], $vbulletin->options['contactuslink']))); } $getuserid = $db->query_first_slave("\n\t\tSELECT post.userid\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tWHERE threadid = {$thread['threadid']}\n\t\t\tAND visible = 1\n\t\t\t{$globalignore_post}\n\t\tORDER BY dateline DESC\n\t\tLIMIT 1\n\t"); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($getuserid['userid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) { print_no_permission(); } exec_header_redirect('member.php?' . $vbulletin->session->vars['sessionurl_js'] . "u={$getuserid['userid']}"); } else { if ($vbulletin->GPC['find'] == 'moderator' and $vbulletin->GPC['moderatorid']) { $moderatorinfo = verify_id('moderator', $vbulletin->GPC['moderatorid'], 1, 1); exec_header_redirect('member.php?' . $vbulletin->session->vars['sessionurl_js'] . "u={$moderatorinfo['userid']}"); } else { if ($vbulletin->GPC['username'] != '' and !$vbulletin->GPC['userid']) { $user = $db->query_first_slave("SELECT userid FROM " . TABLE_PREFIX . "user WHERE username = '******'username']) . "'"); $vbulletin->GPC['userid'] = $user['userid']; } } } } } if (!$vbulletin->GPC['userid']) { eval(standard_error(fetch_error('unregistereduser'))); } $fetch_userinfo_options = FETCH_USERINFO_AVATAR | FETCH_USERINFO_LOCATION | FETCH_USERINFO_PROFILEPIC | FETCH_USERINFO_SIGPIC | FETCH_USERINFO_USERCSS | FETCH_USERINFO_ISFRIEND; ($hook = vBulletinHook::fetch_hook('member_start_fetch_user')) ? eval($hook) : false; $userinfo = verify_id('user', $vbulletin->GPC['userid'], 1, 1, $fetch_userinfo_options);
// ############################################################################# // ### CACHE PERMISSIONS AND GRAB $permissions // get the combined permissions for the current user // this also creates the $fpermscache containing the user's forum permissions $permissions = cache_permissions($vbulletin->userinfo); $vbulletin->userinfo['permissions'] =& $permissions; // ############################################################################# // check that board is active - if not admin, then display error if (!$vbulletin->options['bbactive'] and !($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) or !($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) { exec_header_redirect($vbulletin->options['bburl'] . '/' . $vbulletin->options['forumhome'] . '.php'); } // if password is expired, deny access if ($vbulletin->userinfo['userid'] and $permissions['passwordexpires']) { $passworddaysold = floor((TIMENOW - $vbulletin->userinfo['passworddate']) / 86400); if ($passworddaysold >= $permissions['passwordexpires']) { exec_header_redirect($vbulletin->options['bburl'] . '/' . $vbulletin->options['forumhome'] . '.php'); } } verify_ip_ban(); $cache_templates = array('ad_archive_above_content1', 'ad_archive_above_content2', 'ad_archive_below_content'); ($hook = vBulletinHook::fetch_hook('archive_global')) ? eval($hook) : false; cache_templates($cache_templates, $style['templatelist']); unset($cache_templates); // ######################################################################################### // ###################### ARCHIVE FUNCTIONS ################################################ // function to list forums in their correct order and nesting function print_archive_forum_list($parentid = -1, $indent = '') { global $vbulletin; $output = ''; if (empty($vbulletin->iforumcache)) {
if ($vbulletin->bf_ugp === null) { echo '<div>vBulletin datastore error caused by one or more of the following: <ol> ' . (function_exists('mmcache_get') ? '<li>Turck MMCache has been detected on your server, first try disabling Turck MMCache or replacing it with eAccelerator</li>' : '') . ' <li>You may have uploaded vBulletin files without also running the vBulletin upgrade script. If you have not run the upgrade script, do so now.</li> <li>The datastore cache may have been corrupted. Run <em>Rebuild Bitfields</em> from <em>tools.php</em>, which you can upload from the <em>do_not_upload</em> folder of the vBulletin package.</li> </ol> </div>'; trigger_error('vBulletin datastore cache incomplete or corrupt', E_USER_ERROR); } if (defined('VB_PRODUCT') AND (!isset($vbulletin->products[VB_PRODUCT]) OR !($vbulletin->products[VB_PRODUCT]))) { exec_header_redirect(trim($vbulletin->options['bburl'], '/') . '/' . $vbulletin->options['forumhome'] . '.php', 302); } if (!empty($db->explain)) { $db->timer_stop(false); } if ($vbulletin->options['cookietimeout'] < 60) { // values less than 60 will probably break things, so prevent that $vbulletin->options['cookietimeout'] = 60; } // ############################################################################# /**
$_permsgetter_ = 'forumdisplay'; $forumperms = fetch_permissions($forumid); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) { print_no_permission(); } // add session hash to local links if necessary if (preg_match('#^([a-z0-9_]+\\.php)(\\?.*$)?#i', $foruminfo['link'], $match)) { if ($match[2]) { // we have a ?xyz part, put session url at beginning if necessary $query_string = preg_replace('/([^a-z0-9])(s|sessionhash)=[a-z0-9]{32}(&|&)?/', '\\1', $match[2]); $foruminfo['link'] = $match[1] . '?' . $vbulletin->session->vars['sessionurl_js'] . substr($query_string, 1); } else { $foruminfo['link'] .= $vbulletin->session->vars['sessionurl_q']; } } exec_header_redirect($foruminfo['link'], true); } // ############################################################################# // Check for pm popup if ($shownewpm) { if ($vbulletin->userinfo['pmunread'] == 1) { $pmpopupurl = 'private.php?' . $vbulletin->session->vars['sessionurl_js'] . "do=showpm&pmid={$newpm['pmid']}"; } else { if (!empty($vbulletin->session->vars['sessionurl_js'])) { $pmpopupurl = 'private.php?' . $vbulletin->session->vars['sessionurl_js']; } else { $pmpopupurl = 'private.php'; } } eval('$footer .= "' . fetch_template('pm_popup_script') . '";'); }
($hook = vBulletinHook::fetch_hook('sendmessage_im_start')) ? eval($hook) : false; if (empty($userinfo["$type"])) { // user does not have this messaging medium defined eval(standard_error(fetch_error('immethodnotdefined', $userinfo['username']))); } if ($type == 'icq') { // ICQ's API for paging doesn't seem to work right now, but they have a URL that does $vbulletin->url = 'http://www.icq.com/people/webmsg.ph' . 'p?to=' . urlencode($userinfo['icq']) . '&from=' . urlencode(unhtmlspecialchars($vbulletin->userinfo['username'])) . '&fromemail=' . urlencode($vbulletin->userinfo['email']); exec_header_redirect($vbulletin->url); exit; } // shouldn't be a problem hard-coding this text, as they are all commercial names $typetext = array( 'msn' => 'MSN', 'icq' => 'ICQ', 'aim' => 'AIM', 'yahoo' => 'Yahoo!', 'skype' => 'Skype' ); // add language suffix to SkypeWeb graphic if possible $userinfo['skype_suffix'] = ''; if ($vbulletin->options['skypeweb_gfx'] == 2 AND $type == 'skype')
function do_get_thread() { global $vbulletin, $db, $foruminfo, $threadinfo, $postid, $vault, $vbphrase; $vbulletin->input->clean_array_gpc('r', array('pagenumber' => TYPE_UINT, 'perpage' => TYPE_UINT, 'password' => TYPE_STR, 'signature' => TYPE_BOOL)); if (empty($threadinfo['threadid'])) { json_error(ERR_INVALID_THREAD); } $threadedmode = 0; $threadid = $vbulletin->GPC['threadid']; // Goto first unread post? if ($vbulletin->GPC['pagenumber'] == FR_LAST_POST) { $threadinfo = verify_id('thread', $threadid, 1, 1); if ($vbulletin->options['threadmarking'] and $vbulletin->userinfo['userid']) { $vbulletin->userinfo['lastvisit'] = max($threadinfo['threadread'], $threadinfo['forumread'], TIMENOW - $vbulletin->options['markinglimit'] * 86400); } else { if (($tview = intval(fetch_bbarray_cookie('thread_lastview', $threadid))) > $vbulletin->userinfo['lastvisit']) { $vbulletin->userinfo['lastvisit'] = $tview; } } $coventry = fetch_coventry('string'); $posts = $db->query_first("\n\t SELECT MIN(postid) AS postid\n\t FROM " . TABLE_PREFIX . "post\n\t WHERE threadid = {$threadinfo['threadid']}\n\t AND visible = 1\n\t AND dateline > " . intval($vbulletin->userinfo['lastvisit']) . "\n\t " . ($coventry ? "AND userid NOT IN ({$coventry})" : "") . "\n\t LIMIT 1\n\t"); if ($posts['postid']) { $postid = $posts['postid']; } else { $postid = $threadinfo['lastpostid']; } } // ********************************************************************************* // workaround for header redirect issue from forms with enctype in IE // (use a scrollIntoView javascript call in the <body> onload event) $onload = ''; // ********************************************************************************* // set $perpage $perpage = max(FR_MIN_PERPAGE, min($vbulletin->GPC['perpage'], FR_MAX_PERPAGE)); // FRNR //$perpage = sanitize_maxposts($vbulletin->GPC['perpage']); // ********************************************************************************* // set post order if ($vbulletin->userinfo['postorder'] == 0) { $postorder = ''; } else { $postorder = 'DESC'; } // ********************************************************************************* // get thread info $thread = verify_id('thread', $threadid, 1, 1); $threadinfo =& $thread; ($hook = vBulletinHook::fetch_hook('showthread_getinfo')) ? eval($hook) : false; // ********************************************************************************* // check for visible / deleted thread if (!$thread['visible'] and !can_moderate($thread['forumid'], 'canmoderateposts') or $thread['isdeleted'] and !can_moderate($thread['forumid'])) { json_error(ERR_INVALID_THREAD); } // ********************************************************************************* // Tachy goes to coventry if (in_coventry($thread['postuserid']) and !can_moderate($thread['forumid'])) { json_error(ERR_INVALID_THREAD); } // FRNR Start // Check the forum password (set necessary cookies) if ($vbulletin->GPC['password'] && $foruminfo['password'] == $vbulletin->GPC['password']) { // set a temp cookie for guests if (!$vbulletin->userinfo['userid']) { set_bbarray_cookie('forumpwd', $foruminfo['forumid'], md5($vbulletin->userinfo['userid'] . $vbulletin->GPC['password'])); } else { set_bbarray_cookie('forumpwd', $foruminfo['forumid'], md5($vbulletin->userinfo['userid'] . $vbulletin->GPC['password']), 1); } } // FRNR End // ********************************************************************************* // do word wrapping for the thread title if ($vbulletin->options['wordwrap'] != 0) { $thread['title'] = fetch_word_wrapped_string($thread['title']); } $thread['title'] = fetch_censored_text($thread['title']); $thread['meta_description'] = strip_bbcode(strip_quotes($thread['description']), false, true); $thread['meta_description'] = htmlspecialchars_uni(fetch_censored_text(fetch_trimmed_title($thread['meta_description'], 500, false))); // ********************************************************************************* // words to highlight from the search engine if (!empty($vbulletin->GPC['highlight'])) { $highlight = preg_replace('#\\*+#s', '*', $vbulletin->GPC['highlight']); if ($highlight != '*') { $regexfind = array('\\*', '\\<', '\\>'); $regexreplace = array('[\\w.:@*/?=]*?', '<', '>'); $highlight = preg_quote(strtolower($highlight), '#'); $highlight = explode(' ', $highlight); $highlight = str_replace($regexfind, $regexreplace, $highlight); foreach ($highlight as $val) { if ($val = trim($val)) { $replacewords[] = htmlspecialchars_uni($val); } } } } // ********************************************************************************* // make the forum jump in order to fill the forum caches $navpopup = array('id' => 'showthread_navpopup', 'title' => $foruminfo['title_clean'], 'link' => fetch_seo_url('thread', $threadinfo)); construct_quick_nav($navpopup); // ********************************************************************************* // get forum info $forum = fetch_foruminfo($thread['forumid']); $foruminfo =& $forum; // ********************************************************************************* // check forum permissions $forumperms = fetch_permissions($thread['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) { json_error(ERR_NO_PERMISSION); } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($thread['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) { json_error(ERR_NO_PERMISSION); } // ********************************************************************************* // check if there is a forum password and if so, ensure the user has it set if (!verify_forum_password($foruminfo['forumid'], $foruminfo['password'])) { // FRNR json_error(ERR_NEED_PASSWORD, RV_NEED_FORUM_PASSWORD); } // verify that we are at the canonical SEO url // and redirect to this if not //verify_seo_url('thread|js', $threadinfo, array('pagenumber' => $_REQUEST['pagenumber'])); // ********************************************************************************* // jump page if thread is actually a redirect if ($thread['open'] == 10) { $destthreadinfo = fetch_threadinfo($threadinfo['pollid']); exec_header_redirect(fetch_seo_url('thread|js', $destthreadinfo, $pageinfo)); } // ********************************************************************************* // get ignored users $ignore = array(); if (trim($vbulletin->userinfo['ignorelist'])) { $ignorelist = preg_split('/( )+/', trim($vbulletin->userinfo['ignorelist']), -1, PREG_SPLIT_NO_EMPTY); foreach ($ignorelist as $ignoreuserid) { $ignore["{$ignoreuserid}"] = 1; } } DEVDEBUG('ignored users: ' . implode(', ', array_keys($ignore))); // ********************************************************************************* // filter out deletion notices if can't be seen if ($forumperms & $vbulletin->bf_ugp_forumpermissions['canseedelnotice'] or can_moderate($threadinfo['forumid'])) { $deljoin = "LEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON(post.postid = deletionlog.primaryid AND deletionlog.type = 'post')"; } else { $deljoin = ''; } $show['viewpost'] = can_moderate($threadinfo['forumid']) ? true : false; $show['managepost'] = iif(can_moderate($threadinfo['forumid'], 'candeleteposts') or can_moderate($threadinfo['forumid'], 'canremoveposts'), true, false); $show['approvepost'] = can_moderate($threadinfo['forumid'], 'canmoderateposts') ? true : false; $show['managethread'] = can_moderate($threadinfo['forumid'], 'canmanagethreads') ? true : false; $show['approveattachment'] = can_moderate($threadinfo['forumid'], 'canmoderateattachments') ? true : false; $show['inlinemod'] = (!$show['threadedmode'] and ($show['managethread'] or $show['managepost'] or $show['approvepost'])) ? true : false; $show['spamctrls'] = ($show['inlinemod'] and $show['managepost']); $url = $show['inlinemod'] ? SCRIPTPATH : ''; // build inline moderation popup if ($show['popups'] and $show['inlinemod']) { $threadadmin_imod_menu_post = vB_Template::create('threadadmin_imod_menu_post')->render(); } else { $threadadmin_imod_menu_post = ''; } // ********************************************************************************* // find the page that we should be on to display this post if (!empty($postid) and $threadedmode == 0) { $postinfo = verify_id('post', $postid, 1, 1); $threadid = $postinfo['threadid']; $getpagenum = $db->query_first("\n \t\tSELECT COUNT(*) AS posts\n \t\tFROM " . TABLE_PREFIX . "post AS post\n \t\tWHERE threadid = {$threadid} AND visible = 1\n \t\tAND dateline " . iif(!$postorder, '<=', '>=') . " {$postinfo['dateline']}\n \t"); $vbulletin->GPC['pagenumber'] = ceil($getpagenum['posts'] / $perpage); } // ********************************************************************************* // update views counter if ($vbulletin->options['threadviewslive']) { // doing it as they happen; for optimization purposes, this cannot use a DM! $db->shutdown_query("\n \t\tUPDATE " . TABLE_PREFIX . "thread\n \t\tSET views = views + 1\n \t\tWHERE threadid = " . intval($threadinfo['threadid'])); } else { // or doing it once an hour $db->shutdown_query("\n \t\tINSERT INTO " . TABLE_PREFIX . "threadviews (threadid)\n \t\tVALUES (" . intval($threadinfo['threadid']) . ')'); } // ********************************************************************************* // display ratings if enabled $show['rating'] = false; if ($forum['allowratings'] == 1) { if ($thread['votenum'] > 0) { $thread['voteavg'] = vb_number_format($thread['votetotal'] / $thread['votenum'], 2); $thread['rating'] = intval(round($thread['votetotal'] / $thread['votenum'])); if ($thread['votenum'] >= $vbulletin->options['showvotes']) { $show['rating'] = true; } } devdebug("threadinfo[vote] = {$threadinfo['vote']}"); if ($threadinfo['vote']) { $voteselected["{$threadinfo['vote']}"] = 'selected="selected"'; $votechecked["{$threadinfo['vote']}"] = 'checked="checked"'; } else { $voteselected[0] = 'selected="selected"'; $votechecked[0] = 'checked="checked"'; } } // ********************************************************************************* // set page number if ($vbulletin->GPC['pagenumber'] < 1) { $vbulletin->GPC['pagenumber'] = 1; } else { if ($vbulletin->GPC['pagenumber'] > ceil(($thread['replycount'] + 1) / $perpage)) { $vbulletin->GPC['pagenumber'] = ceil(($thread['replycount'] + 1) / $perpage); } } // ********************************************************************************* // initialise some stuff... $limitlower = ($vbulletin->GPC['pagenumber'] - 1) * $perpage; $limitupper = $vbulletin->GPC['pagenumber'] * $perpage; $counter = 0; if ($vbulletin->options['threadmarking'] and $vbulletin->userinfo['userid']) { $threadview = max($threadinfo['threadread'], $threadinfo['forumread'], TIMENOW - $vbulletin->options['markinglimit'] * 86400); } else { $threadview = intval(fetch_bbarray_cookie('thread_lastview', $thread['threadid'])); if (!$threadview) { $threadview = $vbulletin->userinfo['lastvisit']; } } $threadinfo['threadview'] = intval($threadview); $displayed_dateline = 0; ################################################################################ ############################### SHOW POLL ###################################### ################################################################################ $poll = ''; if ($thread['pollid']) { $pollbits = ''; $counter = 1; $pollid = $thread['pollid']; $show['editpoll'] = iif(can_moderate($threadinfo['forumid'], 'caneditpoll'), true, false); // get poll info $pollinfo = $db->query_first_slave("\n \t\tSELECT *\n \t\tFROM " . TABLE_PREFIX . "poll\n \t\tWHERE pollid = {$pollid}\n \t"); require_once DIR . '/includes/class_bbcode.php'; $bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); $pollinfo['question'] = $bbcode_parser->parse(unhtmlspecialchars($pollinfo['question']), $forum['forumid'], true); $splitoptions = explode('|||', $pollinfo['options']); $splitoptions = array_map('rtrim', $splitoptions); $splitvotes = explode('|||', $pollinfo['votes']); $showresults = 0; $uservoted = 0; if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canvote'])) { $nopermission = 1; } if (!$pollinfo['active'] or !$thread['open'] or $pollinfo['dateline'] + $pollinfo['timeout'] * 86400 < TIMENOW and $pollinfo['timeout'] != 0 or $nopermission) { //thread/poll is closed, ie show results no matter what $showresults = 1; } else { //get userid, check if user already voted $voted = intval(fetch_bbarray_cookie('poll_voted', $pollid)); if ($voted) { $uservoted = 1; } } ($hook = vBulletinHook::fetch_hook('showthread_poll_start')) ? eval($hook) : false; if ($pollinfo['timeout'] and !$showresults) { $pollendtime = vbdate($vbulletin->options['timeformat'], $pollinfo['dateline'] + $pollinfo['timeout'] * 86400); $pollenddate = vbdate($vbulletin->options['dateformat'], $pollinfo['dateline'] + $pollinfo['timeout'] * 86400); $show['pollenddate'] = true; } else { $show['pollenddate'] = false; } foreach ($splitvotes as $index => $value) { $pollinfo['numbervotes'] += $value; } if ($vbulletin->userinfo['userid'] > 0) { $pollvotes = $db->query_read_slave("\n \t\t\tSELECT voteoption\n \t\t\tFROM " . TABLE_PREFIX . "pollvote\n \t\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . " AND pollid = {$pollid}\n \t\t"); if ($db->num_rows($pollvotes) > 0) { $uservoted = 1; } } if ($showresults or $uservoted) { if ($uservoted) { $uservote = array(); while ($pollvote = $db->fetch_array($pollvotes)) { $uservote["{$pollvote['voteoption']}"] = 1; } } } $left = vB_Template_Runtime::fetchStyleVar('left'); $right = vB_Template_Runtime::fetchStyleVar('right'); $option['open'] = $left[0]; $option['close'] = $right[0]; foreach ($splitvotes as $index => $value) { $arrayindex = $index + 1; $option['uservote'] = iif($uservote["{$arrayindex}"], true, false); $option['question'] = $bbcode_parser->parse($splitoptions["{$index}"], $forum['forumid'], true); // public link if ($pollinfo['public'] and $value) { $option['votes'] = '<a href="poll.php?' . $vbulletin->session->vars['sessionurl'] . 'do=showresults&pollid=' . $pollinfo['pollid'] . '">' . vb_number_format($value) . '</a>'; } else { $option['votes'] = vb_number_format($value); //get the vote count for the option } $option['number'] = $counter; //number of the option //Now we check if the user has voted or not if ($showresults or $uservoted) { // user did vote or poll is closed if ($value <= 0) { $option['percentraw'] = 0; } else { if ($pollinfo['multiple']) { $option['percentraw'] = $value < $pollinfo['voters'] ? $value / $pollinfo['voters'] * 100 : 100; } else { $option['percentraw'] = $value < $pollinfo['numbervotes'] ? $value / $pollinfo['numbervotes'] * 100 : 100; } } $option['percent'] = vb_number_format($option['percentraw'], 2); $option['graphicnumber'] = $option['number'] % 6 + 1; $option['barnumber'] = round($option['percent']) * 2; $option['remainder'] = 201 - $option['barnumber']; // Phrase parts below if ($nopermission) { $pollstatus = $vbphrase['you_may_not_vote_on_this_poll']; } else { if ($showresults) { $pollstatus = $vbphrase['this_poll_is_closed']; } else { if ($uservoted) { $pollstatus = $vbphrase['you_have_already_voted_on_this_poll']; } } } ($hook = vBulletinHook::fetch_hook('showthread_polloption')) ? eval($hook) : false; $templater = vB_Template::create('pollresult'); $templater->register('names', $names); $templater->register('option', $option); $pollbits .= $templater->render(); } else { ($hook = vBulletinHook::fetch_hook('showthread_polloption')) ? eval($hook) : false; if ($pollinfo['multiple']) { $templater = vB_Template::create('polloption_multiple'); $templater->register('option', $option); $pollbits .= $templater->render(); } else { $templater = vB_Template::create('polloption'); $templater->register('option', $option); $pollbits .= $templater->render(); } } $counter++; } if ($pollinfo['multiple']) { $pollinfo['numbervotes'] = $pollinfo['voters']; $show['multiple'] = true; } if ($pollinfo['public']) { $show['publicwarning'] = true; } else { $show['publicwarning'] = false; } $displayed_dateline = $threadinfo['lastpost']; ($hook = vBulletinHook::fetch_hook('showthread_poll_complete')) ? eval($hook) : false; if ($showresults or $uservoted) { $templater = vB_Template::create('pollresults_table'); $templater->register('pollbits', $pollbits); $templater->register('pollenddate', $pollenddate); $templater->register('pollendtime', $pollendtime); $templater->register('pollinfo', $pollinfo); $templater->register('pollstatus', $pollstatus); $poll = $templater->render(); } else { $templater = vB_Template::create('polloptions_table'); $templater->register('pollbits', $pollbits); $templater->register('pollenddate', $pollenddate); $templater->register('pollendtime', $pollendtime); $templater->register('pollinfo', $pollinfo); $poll = $templater->render(); } } // work out if quickreply should be shown or not if ($vbulletin->options['quickreply'] and !$thread['isdeleted'] and !is_browser('netscape') and $vbulletin->userinfo['userid'] and ($vbulletin->userinfo['userid'] == $threadinfo['postuserid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyown'] or $vbulletin->userinfo['userid'] != $threadinfo['postuserid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyothers']) and ($thread['open'] or can_moderate($threadinfo['forumid'], 'canopenclose')) and !fetch_require_hvcheck('post')) { $show['quickreply'] = true; } else { $show['quickreply'] = false; $show['wysiwyg'] = 0; $quickreply = ''; } $show['largereplybutton'] = (!$thread['isdeleted'] and !$show['threadedmode'] and $forum['allowposting'] and !$show['search_engine']); if (!$forum['allowposting']) { $show['quickreply'] = false; } $show['multiquote_global'] = ($vbulletin->options['multiquote'] and $vbulletin->userinfo['userid']); if ($show['multiquote_global']) { $vbulletin->input->clean_array_gpc('c', array('vbulletin_multiquote' => TYPE_STR)); $vbulletin->GPC['vbulletin_multiquote'] = explode(',', $vbulletin->GPC['vbulletin_multiquote']); } // post is cachable if option is enabled, last post is newer than max age, and this user // isn't showing a sessionhash $post_cachable = ($vbulletin->options['cachemaxage'] > 0 and TIMENOW - $vbulletin->options['cachemaxage'] * 60 * 60 * 24 <= $thread['lastpost'] and $vbulletin->session->vars['sessionurl'] == ''); $saveparsed = ''; $save_parsed_sigs = ''; ($hook = vBulletinHook::fetch_hook('showthread_post_start')) ? eval($hook) : false; ################################################################################ ####################### SHOW THREAD IN LINEAR MODE ############################# ################################################################################ if ($threadedmode == 0) { // allow deleted posts to not be counted in number of posts displayed on the page; // prevents issue with page count on forum display being incorrect $ids = array(); $lastpostid = 0; $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook('showthread_query_postids')) ? eval($hook) : false; if (empty($deljoin) and !$show['approvepost']) { $totalposts = $threadinfo['replycount'] + 1; if (can_moderate($thread['forumid'])) { $coventry = ''; } else { $coventry = fetch_coventry('string'); } $getpostids = $db->query_read("\n \t\t\tSELECT post.postid\n \t\t\tFROM " . TABLE_PREFIX . "post AS post\n \t\t\t{$hook_query_joins}\n \t\t\tWHERE post.threadid = {$threadid}\n \t\t\t\tAND post.visible = 1\n \t\t\t\t" . ($coventry ? "AND post.userid NOT IN ({$coventry})" : '') . "\n \t\t\t\t{$hook_query_where}\n \t\t\tORDER BY post.dateline {$postorder}\n \t\t\tLIMIT {$limitlower}, {$perpage}\n \t\t"); while ($post = $db->fetch_array($getpostids)) { if (!isset($qrfirstpostid)) { $qrfirstpostid = $post['postid']; } $qrlastpostid = $post['postid']; $ids[] = $post['postid']; } $db->free_result($getpostids); $lastpostid = $qrlastpostid; } else { $getpostids = $db->query_read("\n \t\t\tSELECT post.postid, post.visible, post.userid\n \t\t\tFROM " . TABLE_PREFIX . "post AS post\n \t\t\t{$hook_query_joins}\n \t\t\tWHERE post.threadid = {$threadid}\n \t\t\t\tAND post.visible IN (1\n \t\t\t\t" . (!empty($deljoin) ? ",2" : "") . "\n \t\t\t\t" . ($show['approvepost'] ? ",0" : "") . "\n \t\t\t\t)\n \t\t\t\t{$hook_query_where}\n \t\t\tORDER BY post.dateline {$postorder}\n \t\t"); $totalposts = 0; if ($limitlower != 0) { $limitlower++; } while ($post = $db->fetch_array($getpostids)) { if (!isset($qrfirstpostid)) { $qrfirstpostid = $post['postid']; } $qrlastpostid = $post['postid']; if ($post['visible'] == 1 and !in_coventry($post['userid']) and !$ignore[$post['userid']]) { $totalposts++; } if ($totalposts < $limitlower or $totalposts > $limitupper) { continue; } // remember, these are only added if they're going to be displayed $ids[] = $post['postid']; $lastpostid = $post['postid']; } $db->free_result($getpostids); } // '0' inside parenthesis in unlikely case we have no ids for this page // (this could happen if the replycount is wrong in the db) $postids = "post.postid IN (0" . implode(',', $ids) . ")"; // load attachments if ($thread['attach']) { require_once DIR . '/packages/vbattach/attach.php'; $attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post'); $postattach = $attach->fetch_postattach(0, $ids); } $hook_query_fields = $hook_query_joins = ''; ($hook = vBulletinHook::fetch_hook('showthread_query')) ? eval($hook) : false; $posts = $db->query_read("\n \t\tSELECT\n \t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n \t\t\tuser.*, userfield.*, usertextfield.*,\n \t\t\t" . iif($forum['allowicons'], 'icon.title as icontitle, icon.iconpath,') . "\n \t\t\t" . iif($vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight,') . "\n \t\t\t" . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . "\n \t\t\t" . iif($deljoin, 'deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason,') . "\n \t\t\teditlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline,\n \t\t\teditlog.reason AS edit_reason, editlog.hashistory,\n \t\t\tpostparsed.pagetext_html, postparsed.hasimages,\n \t\t\tsigparsed.signatureparsed, sigparsed.hasimages AS sighasimages,\n \t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight,\n \t\t\tIF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid\n \t\t\t" . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), $vbulletin->profilefield['hidden']) . "\n \t\t\t{$hook_query_fields}\n \t\tFROM " . TABLE_PREFIX . "post AS post\n \t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n \t\t" . iif($forum['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . "\n \t\t" . iif($vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . "\n \t\t" . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . "\n \t\t\t{$deljoin}\n \t\tLEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ")\n \t\tLEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ")\n \t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid)\n \t\t\t{$hook_query_joins}\n \t\tWHERE {$postids}\n \t\tORDER BY post.dateline {$postorder}\n \t"); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canseethumbnails']) and !($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment'])) { $vbulletin->options['attachthumbs'] = 0; } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment'])) { $vbulletin->options['viewattachedimages'] = 0; } $postcount = ($vbulletin->GPC['pagenumber'] - 1) * $perpage; if ($postorder) { // Newest first $postcount = $totalposts - $postcount + 1; } $counter = 0; $postbits = ''; $postbit_factory = new vB_Postbit_Factory(); $postbit_factory->registry =& $vbulletin; $postbit_factory->forum =& $foruminfo; $postbit_factory->thread =& $thread; $postbit_factory->cache = array(); $postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); while ($post = $db->fetch_array($posts)) { if ($tachyuser = in_coventry($post['userid']) and !can_moderate($thread['forumid'])) { continue; } if ($post['visible'] == 1 and !$tachyuser) { ++$counter; if ($postorder) { $post['postcount'] = --$postcount; } else { $post['postcount'] = ++$postcount; } } if ($tachyuser) { $fetchtype = 'post_global_ignore'; } else { if ($ignore["{$post['userid']}"]) { $fetchtype = 'post_ignore'; } else { if ($post['visible'] == 2) { $fetchtype = 'post_deleted'; } else { $fetchtype = 'post'; } } } if ($vbulletin->GPC['viewfull'] and $post['postid'] == $postinfo['postid'] and $fetchtype != 'post' and (can_moderate($threadinfo['forumid']) or !$post['isdeleted'])) { $fetchtype = 'post'; } if ($fetchtype != 'post' && $fetchtype != 'post_deleted') { continue; } ($hook = vBulletinHook::fetch_hook('showthread_postbit_create')) ? eval($hook) : false; $postbit_obj =& $postbit_factory->fetch_postbit($fetchtype); if ($fetchtype == 'post') { $postbit_obj->highlight =& $replacewords; } $postbit_obj->cachable = $post_cachable; $post['islastshown'] = $post['postid'] == $lastpostid; $post['isfirstshown'] = ($counter == 1 and $fetchtype == 'post' and $post['visible'] == 1); $post['islastshown'] = $post['postid'] == $lastpostid; $post['attachments'] = $postattach["{$post['postid']}"]; $parsed_postcache = array('text' => '', 'images' => 1, 'skip' => false); $postbits .= $postbit_obj->construct_postbit($post); // Only show after the first post, counter isn't incremented for deleted/moderated posts if ($post['isfirstshown']) { $postbits .= vB_Template::create('ad_showthread_firstpost')->render(); } if ($post_cachable and $post['pagetext_html'] == '') { if (!empty($saveparsed)) { $saveparsed .= ','; } $saveparsed .= "({$post['postid']}, " . intval($thread['lastpost']) . ', ' . intval($postbit_obj->post_cache['has_images']) . ", '" . $db->escape_string($postbit_obj->post_cache['text']) . "', " . intval(STYLEID) . ", " . intval(LANGUAGEID) . ")"; } if (!empty($postbit_obj->sig_cache) and $post['userid']) { if (!empty($save_parsed_sigs)) { $save_parsed_sigs .= ','; } $save_parsed_sigs .= "({$post['userid']}, " . intval(STYLEID) . ", " . intval(LANGUAGEID) . ", '" . $db->escape_string($postbit_obj->sig_cache['text']) . "', " . intval($postbit_obj->sig_cache['has_images']) . ")"; } // get first and last post ids for this page (for big reply buttons) if (!isset($FIRSTPOSTID)) { $FIRSTPOSTID = $post['postid']; } $LASTPOSTID = $post['postid']; if ($post['dateline'] > $displayed_dateline) { $displayed_dateline = $post['dateline']; if ($displayed_dateline <= $threadview) { $updatethreadcookie = true; } } // FRNR Start // find out if first post $getpost = $db->query_first("\n SELECT firstpostid\n FROM " . TABLE_PREFIX . "thread\n WHERE threadid = {$threadinfo['threadid']}\n "); $isfirstpost = $getpost['firstpostid'] == $post['postid']; $candelete = false; if ($isfirstpost and can_moderate($threadinfo['forumid'], 'canmanagethreads')) { $candelete = true; } else { if (!$isfirstpost and can_moderate($threadinfo['forumid'], 'candeleteposts')) { $candelete = true; } else { if (($forumperms & $vbulletin->bf_ugp_forumpermissions['candeletepost'] and !$isfirstpost or $forumperms & $vbulletin->bf_ugp_forumpermissions['candeletethread'] and $isfirstpost) and $vbulletin->userinfo['userid'] == $post['userid']) { $candelete = true; } } } // Get post date/time $postdate = vbdate($vbulletin->options['dateformat'], $post['dateline'], 1); $posttime = vbdate($vbulletin->options['timeformat'], $post['dateline']); $fr_images = array(); $docattach = array(); // Attachments (images). if (is_array($post['attachments']) && count($post['attachments']) > 0) { foreach ($post['attachments'] as $attachment) { $lfilename = strtolower($attachment['filename']); if (strpos($lfilename, '.jpe') !== false || strpos($lfilename, '.png') !== false || strpos($lfilename, '.gif') !== false || strpos($lfilename, '.jpg') !== false || strpos($lfilename, '.jpeg') !== false) { $tmp = array('img' => $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid']); if ($vbulletin->options['attachthumbs']) { $tmp['tmb'] = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'] . '&stc=1&thumb=1'; } $fr_images[] = $tmp; } if (strpos($lfilename, '.pdf') !== false) { $docattach[] = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid']; } } } // Parse the post for quotes and inline images list($text, $nuked_quotes, $images) = parse_post($post['pagetext'], $post['allowsmilie'] && $usesmilies); if (count($fr_images) > 0) { $text .= "<br/>"; foreach ($fr_images as $attachment) { $text .= "<img src=\"{$attachment['img']}\"/>"; } } foreach ($images as $image) { $fr_images[] = array('img' => $image); } $avatarurl = ''; // Avatar work if ($post['avatarurl']) { $avatarurl = process_avatarurl($post['avatarurl']); } $tmp = array('post_id' => $post['postid'], 'thread_id' => $post['threadid'], 'forum_id' => $foruminfo['forumid'], 'forum_title' => prepare_utf8_string($foruminfo['title_clean']), 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string($post['joindate']), 'usertitle' => prepare_utf8_string(strip_tags($post['usertitle'])), 'numposts' => $post['posts'] ? (string) $post['posts'] : '0', 'userid' => $post['userid'], 'title' => prepare_utf8_string($post['title']), 'online' => fetch_online_status(fetch_userinfo($post['userid']), false), 'post_timestamp' => prepare_utf8_string(date_trunc($postdate) . ' ' . $posttime), 'fr_images' => $fr_images); if ($candelete) { $tmp['candelete'] = true; } // Soft Deleted if ($post['visible'] == 2) { $tmp['deleted'] = true; $tmp['del_username'] = prepare_utf8_string($post['del_username']); if ($post['del_reason']) { $tmp['del_reason'] = prepare_utf8_string($post['del_reason']); } } else { $tmp['text'] = $text; $tmp['quotable'] = $nuked_quotes; if ($post['editlink']) { $tmp['canedit'] = true; $tmp['edittext'] = prepare_utf8_string($post['pagetext']); } } if ($avatarurl != '') { $tmp['avatarurl'] = $avatarurl; } if (count($docattach) > 0) { $tmp['docattach'] = $docattach; } if ($vbulletin->GPC['signature']) { $sig = trim(remove_bbcode(strip_tags($post['signatureparsed']), true, true), '<a>'); $sig = str_replace(array("\t", "\r"), array('', ''), $sig); $sig = str_replace("\n\n", "\n", $sig); $tmp['sig'] = prepare_utf8_string($sig); } // Begin Support for Post Thanks Hack - http://www.vbulletin.org/forum/showthread.php?t=122944 if ($vbulletin->userinfo['userid'] && function_exists('post_thanks_off') && function_exists('can_thank_this_post') && function_exists('thanked_already') && function_exists('fetch_thanks')) { if (!post_thanks_off($thread['forumid'], $post, $thread['firstpostid'], THIS_SCRIPT)) { global $ids; if (can_thank_this_post($post, $thread['isdeleted'])) { $tmp['canlike'] = true; } if (thanked_already($post, 0, true)) { $tmp['likes'] = true; if (!$vbulletin->options['post_thanks_delete_own']) { $tmp['canlike'] = $tmp['likes'] = false; } } $thanks = fetch_thanks($post['postid']); $thank_users = array(); if (is_array($thanks)) { foreach ($thanks as $thank) { $thank_users[] = $thank['username']; } } if (count($thank_users)) { $tmp['likestext'] = prepare_utf8_string($vbphrase['fr_thanked_by'] . ': ' . join(', ', $thank_users)); $tmp['likesusers'] = join(', ', $thank_users); } } } // End Support for Post Thanks Hack $posts_out[] = $tmp; // FRNR End } $db->free_result($posts); unset($post); if ($postbits == '' and $vbulletin->GPC['pagenumber'] > 1) { $pageinfo = array('page' => $vbulletin->GPC['pagenumber'] - 1); if (!empty($vbulletin->GPC['perpage'])) { $pageinfo['pp'] = $perpage; } if (!empty($vbulletin->GPC['highlight'])) { $pageinfo['highlight'] = urlencode($vbulletin->GPC['highlight']); } exec_header_redirect(fetch_seo_url('thread|js', $threadinfo, $pageinfo)); } DEVDEBUG("First Post: {$FIRSTPOSTID}; Last Post: {$LASTPOSTID}"); $pageinfo = array(); if ($vbulletin->GPC['highlight']) { $pageinfo['highlight'] = urlencode($vbulletin->GPC['highlight']); } if (!empty($vbulletin->GPC['perpage'])) { $pageinfo['pp'] = $perpage; } $pagenav = construct_page_nav($vbulletin->GPC['pagenumber'], $perpage, $totalposts, 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}", '', '', 'thread', $threadinfo, $pageinfo); if ($thread['lastpost'] > $threadview) { if ($firstnew) { $firstunread = fetch_seo_url('thread', $threadinfo, array('page' => $vbulletin->GPC['pagenumber'])) . '#post' . $firstnew; $show['firstunreadlink'] = true; } else { $firstunread = fetch_seo_url('thread', $threadinfo, array('goto' => 'newpost')); $show['firstunreadlink'] = true; } } else { $firstunread = ''; $show['firstunreadlink'] = false; } if ($vbulletin->userinfo['postorder']) { // disable ajax qr when displaying linear newest first $show['allow_ajax_qr'] = 0; } else { // only allow ajax on the last page of a thread when viewing oldest first $show['allow_ajax_qr'] = $vbulletin->GPC['pagenumber'] == ceil($totalposts / $perpage) ? 1 : 0; } ################################################################################ ################ SHOW THREAD IN THREADED OR HYBRID MODE ######################## ################################################################################ } else { // ajax qr doesn't work with threaded controls $show['allow_ajax_qr'] = 0; require_once DIR . '/includes/functions_threadedmode.php'; // save data $ipostarray = array(); $postarray = array(); $userarray = array(); $postparent = array(); $postorder = array(); $hybridposts = array(); $deletedparents = array(); $totalposts = 0; $links = ''; $cache_postids = ''; $hook_query_fields = $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook('showthread_query_postids_threaded')) ? eval($hook) : false; // get all posts $listposts = $db->query_read("\n \t\tSELECT\n \t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n \t\t\tuser.*, userfield.*\n \t\t\t" . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), $vbulletin->profilefield['hidden']) . "\n \t\t\t{$hook_query_fields}\n \t\tFROM " . TABLE_PREFIX . "post AS post\n \t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n \t\t{$hook_query_joins}\n \t\tWHERE threadid = {$threadid}\n \t\t\t{$hook_query_where}\n \t\tORDER BY postid\n \t"); // $toppostid is the first post in the thread // $curpostid is the postid passed from the URL, or if not specified, the first post in the thread $ids = array(); while ($post = $db->fetch_array($listposts)) { if ($post['visible'] == 2 and !$deljoin or $post['visible'] == 0 and !$show['approvepost'] or in_coventry($post['userid']) and !can_moderate($thread['forumid'])) { $deletedparents["{$post['postid']}"] = iif(isset($deletedparents["{$post['parentid']}"]), $deletedparents["{$post['parentid']}"], $post['parentid']); continue; } if (empty($toppostid)) { $toppostid = $post['postid']; } if (empty($postid)) { if (empty($curpostid)) { $curpostid = $post['postid']; if ($threadedmode == 2 and empty($vbulletin->GPC['postid'])) { $vbulletin->GPC['postid'] = $curpostid; } $curpostparent = $post['parentid']; } } else { if ($post['postid'] == $postid) { $curpostid = $post['postid']; $curpostparent = $post['parentid']; } } $postparent["{$post['postid']}"] = $post['parentid']; $ipostarray["{$post['parentid']}"][] = $post['postid']; $postarray["{$post['postid']}"] = $post; $userarray["{$post['userid']}"] = $db->escape_string($post['username']); $totalposts++; $ids[] = $post['postid']; } $db->free_result($listposts); // hooks child posts up to new parent if actual parent has been deleted or hidden if (count($deletedparents) > 0) { foreach ($deletedparents as $dpostid => $dparentid) { if (is_array($ipostarray[$dpostid])) { foreach ($ipostarray[$dpostid] as $temppostid) { $postparent[$temppostid] = $dparentid; $ipostarray[$dparentid][] = $temppostid; $postarray[$temppostid]['parentid'] = $dparentid; } unset($ipostarray[$dpostid]); } if ($curpostparent == $dpostid) { $curpostparent = $dparentid; } } } unset($post, $listposts, $deletedparents); if ($thread['attach']) { require_once DIR . '/packages/vbattach/attach.php'; $attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post'); $postattach = $attach->fetch_postattach(0, $ids); } // get list of usernames from post list $userjs = ''; foreach ($userarray as $userid => $username) { if ($userid) { $userjs .= "pu[{$userid}] = \"" . addslashes_js($username) . "\";\n"; } } unset($userarray, $userid, $username); $parent_postids = fetch_post_parentlist($curpostid); if (!$parent_postids) { $currentdepth = 0; } else { $currentdepth = sizeof(explode(',', $parent_postids)); } sort_threaded_posts(); if (empty($curpostid)) { eval(standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink']))); } if ($threadedmode == 2) { $numhybrids = sizeof($hybridposts); if ($vbulletin->GPC['pagenumber'] < 1) { $vbulletin->GPC['pagenumber'] = 1; } $startat = ($vbulletin->GPC['pagenumber'] - 1) * $perpage; if ($startat > $numhybrids) { $vbulletin->GPC['pagenumber'] = 1; $startat = 0; } $endat = $startat + $perpage; for ($i = $startat; $i < $endat; $i++) { if (isset($hybridposts["{$i}"])) { if (!isset($FIRSTPOSTID)) { $FIRSTPOSTID = $hybridposts["{$i}"]; } $cache_postids .= ",{$hybridposts[$i]}"; $LASTPOSTID = $hybridposts["{$i}"]; } } $pageinfo = array('p' => $vbulletin->GPC['postid']); if ($vbulletin->GPC['highlight']) { $pageinfo['highlight'] = urlencode($vbulletin->GPC['highlight']); } if (!empty($vbulletin->GPC['perpage'])) { $pageinfo['pp'] = $perpage; } $pagenav = construct_page_nav($vbulletin->GPC['pagenumber'], $perpage, $numhybrids, 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}", '', '', 'thread', $threadinfo, $pageinfo); } else { $FIRSTPOSTID = $curpostid; $LASTPOSTID = $curpostid; // sort out which posts to cache: if (!$vbulletin->options['threaded_maxcache']) { $vbulletin->options['threaded_maxcache'] = 999999; } // cache $vbulletin->options['threaded_maxcache'] posts // take 0.25 from above $curpostid // and take 0.75 below if (sizeof($postorder) <= $vbulletin->options['threaded_maxcache']) { $startat = 0; } else { if ($curpostidkey + $vbulletin->options['threaded_maxcache'] * 0.75 > sizeof($postorder)) { $startat = sizeof($postorder) - $vbulletin->options['threaded_maxcache']; } else { if ($curpostidkey - $vbulletin->options['threaded_maxcache'] * 0.25 < 0) { $startat = 0; } else { $startat = intval($curpostidkey - $vbulletin->options['threaded_maxcache'] * 0.25); } } } unset($curpostidkey); foreach ($postorder as $postkey => $pid) { if ($postkey > $startat + $vbulletin->options['threaded_maxcache']) { break; } if ($postkey >= $startat and empty($morereplies["{$pid}"])) { $cache_postids .= ',' . $pid; } } // get next/previous posts for each post in the list // key: NAVJS[postid][0] = prev post, [1] = next post $NAVJS = array(); $prevpostid = 0; foreach ($postorder as $pid) { $NAVJS["{$pid}"][0] = $prevpostid; $NAVJS["{$prevpostid}"][1] = $pid; $prevpostid = $pid; } $NAVJS["{$toppostid}"][0] = $pid; //prev button for first post $NAVJS["{$pid}"][1] = $toppostid; //next button for last post $navjs = ''; foreach ($NAVJS as $pid => $info) { $navjs .= "pn[{$pid}] = \"{$info['0']},{$info['1']}\";\n"; } } unset($ipostarray, $postparent, $postorder, $NAVJS, $postid, $info, $prevpostid, $postkey); $cache_postids = substr($cache_postids, 1); if (empty($cache_postids)) { // umm... something weird happened. Just prevent an error. eval(standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink']))); } $hook_query_fields = $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook('showthread_query')) ? eval($hook) : false; $cacheposts = $db->query_read("\n \t\tSELECT\n \t\t\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n \t\t\tuser.*, userfield.*, usertextfield.*,\n \t\t\t" . iif($forum['allowicons'], 'icon.title as icontitle, icon.iconpath,') . "\n \t\t\t" . iif($vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,') . "\n \t\t\t" . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . "\n \t\t\t" . iif($deljoin, "deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason,") . "\n \t\t\teditlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline,\n \t\t\teditlog.reason AS edit_reason, editlog.hashistory,\n \t\t\tpostparsed.pagetext_html, postparsed.hasimages,\n \t\t\tsigparsed.signatureparsed, sigparsed.hasimages AS sighasimages,\n \t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight,\n \t\t\tIF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid\n \t\t\t" . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), $vbulletin->profilefield['hidden']) . "\n \t\t\t{$hook_query_fields}\n \t\tFROM " . TABLE_PREFIX . "post AS post\n \t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n \t\t" . iif($forum['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . "\n \t\t" . iif($vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . "\n \t\t" . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . "\n \t\t\t{$deljoin}\n \t\tLEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid)\n \t\tLEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ")\n \t\tLEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ")\n \t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid)\n \t\t\t{$hook_query_joins}\n \t\tWHERE post.postid IN (" . $cache_postids . ") {$hook_query_where}\n \t"); // re-initialise the $postarray variable $postarray = array(); while ($post = $db->fetch_array($cacheposts)) { $postarray["{$post['postid']}"] = $post; } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment'])) { $vbulletin->options['viewattachedimages'] = 0; $vbulletin->options['attachthumbs'] = 0; } // init $postcount = 0; $postbits = ''; $saveparsed = ''; $jspostbits = ''; $postbit_factory = new vB_Postbit_Factory(); $postbit_factory->registry =& $vbulletin; $postbit_factory->forum =& $foruminfo; $postbit_factory->thread =& $thread; $postbit_factory->cache = array(); $postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); foreach (explode(',', $cache_postids) as $id) { // get the post from the post array if (!isset($postarray["{$id}"])) { continue; } $post = $postarray["{$id}"]; if ($tachyuser = in_coventry($post['userid']) and !can_moderate($thread['forumid'])) { continue; } if ($tachyuser) { $fetchtype = 'post_global_ignore'; } else { if ($ignore["{$post['userid']}"]) { $fetchtype = 'post_ignore'; } else { if ($post['visible'] == 2) { $fetchtype = 'post_deleted'; } else { $fetchtype = 'post'; } } } if ($vbulletin->GPC['viewfull'] and $post['postid'] == $postinfo['postid'] and $fetchtype != 'post' and (can_moderate($threadinfo['forumid']) or !$post['isdeleted'])) { $fetchtype = 'post'; } ($hook = vBulletinHook::fetch_hook('showthread_postbit_create')) ? eval($hook) : false; $postbit_obj =& $postbit_factory->fetch_postbit($fetchtype); if ($fetchtype == 'post') { $postbit_obj->highlight =& $replacewords; } $postbit_obj->cachable = $post_cachable; $post['postcount'] = ++$postcount; $post['attachments'] =& $postattach["{$post['postid']}"]; $parsed_postcache = array('text' => '', 'images' => 1); $bgclass = 'alt2'; if ($threadedmode == 2) { $postbits .= $postbit_obj->construct_postbit($post); } else { $postbit = $postbit_obj->construct_postbit($post); if ($curpostid == $post['postid']) { $curpostdateline = $post['dateline']; $curpostbit = $postbit; } $postbit = preg_replace('#</script>#i', "<\\/scr' + 'ipt>", addslashes_js($postbit)); $jspostbits .= "pd[{$post['postid']}] = '{$postbit}';\n"; } // end threaded mode if ($post_cachable and $post['pagetext_html'] == '') { if (!empty($saveparsed)) { $saveparsed .= ','; } $saveparsed .= "({$post['postid']}, " . intval($thread['lastpost']) . ', ' . intval($postbit_obj->post_cache['has_images']) . ", '" . $db->escape_string($postbit_obj->post_cache['text']) . "'," . intval(STYLEID) . ", " . intval(LANGUAGEID) . ")"; } if (!empty($postbit_obj->sig_cache) and $post['userid']) { if (!empty($save_parsed_sigs)) { $save_parsed_sigs .= ','; } $save_parsed_sigs .= "({$post['userid']}, " . intval(STYLEID) . ", " . intval(LANGUAGEID) . ", '" . $db->escape_string($postbit_obj->sig_cache['text']) . "', " . intval($postbit_obj->sig_cache['has_images']) . ")"; } if ($post['dateline'] > $displayed_dateline) { $displayed_dateline = $post['dateline']; if ($displayed_dateline <= $threadview) { $updatethreadcookie = true; } } } // end while ($post) $db->free_result($cacheposts); if ($threadedmode == 1) { $postbits = $curpostbit; } $templater = vB_Template::create('showthread_list'); $templater->register('curpostid', $curpostid); $templater->register('highlightwords', $highlightwords); $templater->register('jspostbits', $jspostbits); $templater->register('links', $links); $templater->register('navjs', $navjs); $templater->register('threadedmode', $threadedmode); $templater->register('userjs', $userjs); $threadlist = $templater->render(); unset($curpostbit, $post, $cacheposts, $parsed_postcache, $postbit); } ################################################################################ ########################## END LINEAR / THREADED ############################### ################################################################################ $effective_lastpost = max($displayed_dateline, $thread['lastpost']); // ********************************************************************************* //set thread last view if ($thread['pollid'] and $vbulletin->options['updatelastpost'] and ($displayed_dateline == $thread['lastpost'] or $threadview == $thread['lastpost']) and $pollinfo['lastvote'] > $thread['lastpost']) { $displayed_dateline = $pollinfo['lastvote']; } if ((!$vbulletin->GPC['posted'] or $updatethreadcookie) and $displayed_dateline and $displayed_dateline > $threadview) { mark_thread_read($threadinfo, $foruminfo, $vbulletin->userinfo['userid'], $displayed_dateline); } // FRNR Below fr_update_subsent($threadinfo['threadid'], $displayed_dateline); if (!is_array($posts_out)) { $posts_out = array(); } // Figure out if we can post $canpost = true; if ($threadinfo['isdeleted'] or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) { $canpost = false; } if (!$foruminfo['allowposting'] or $foruminfo['link'] or !$foruminfo['cancontainthreads']) { $canpost = false; } if (!$threadinfo['open']) { if (!can_moderate($threadinfo['forumid'], 'canopenclose')) { $canpost = false; } } if (($vbulletin->userinfo['userid'] != $threadinfo['postuserid'] or !$vbulletin->userinfo['userid']) and (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyothers']))) { $canpost = false; } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyown']) and $vbulletin->userinfo['userid'] == $threadinfo['postuserid']) { $canpost = false; } $mod = 0; if (can_moderate($threadinfo['forumid'], 'candeleteposts') or can_moderate($threadinfo['forumid'], 'canremoveposts')) { $mod |= MOD_DELETEPOST; } if (can_moderate($threadinfo['forumid'], 'canmanagethreads')) { if ($threadinfo['sticky']) { $mod |= MOD_UNSTICK; } else { $mod |= MOD_STICK; } } if ($threadinfo['visible'] != 2 and can_moderate($threadinfo['forumid'], 'candeleteposts') or can_moderate($threadinfo['forumid'], 'canremoveposts') or $forumperms & $vbulletin->bf_ugp_forumpermissions['candeletepost'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['candeletethread'] and $vbulletin->userinfo['userid'] == $threadinfo['postuserid'] and ($vbulletin->options['edittimelimit'] == 0 or $threadinfo['dateline'] > TIMENOW - $vbulletin->options['edittimelimit'] * 60)) { $mod |= MOD_DELETETHREAD; } if (can_moderate($threadinfo['forumid'], 'canopenclose') or $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] and $threadinfo['postuserid'] == $vbulletin->userinfo['userid']) { if ($threadinfo['open']) { $mod |= MOD_CLOSE; } else { $mod |= MOD_OPEN; } } if (can_moderate($threadinfo['forumid'], 'canmanagethreads') or $forumperms & $vbulletin->bf_ugp_forumpermissions['canmove'] and $threadinfo['postuserid'] == $vbulletin->userinfo['userid']) { $mod |= MOD_MOVETHREAD; } if ($show['spamctrls']) { $mod |= MOD_SPAM_CONTROLS; } $out = array('posts' => $posts_out, 'total_posts' => $totalposts, 'page' => $vbulletin->GPC['pagenumber'], 'canpost' => $canpost ? 1 : 0, 'mod' => $mod, 'pollid' => $thread['pollid'], 'subscribed' => $threadinfo['issubscribed'] ? 1 : 0, 'title' => prepare_utf8_string($thread['title']), 'canattach' => $forumperms & $vbulletin->bf_ugp_forumpermissions['canpostattachment'] and $vbulletin->userinfo['userid']); if ($postid) { $out['gotopostid'] = $postid; } return $out; }
if (empty($vbulletin->GPC['limitstart'])) { $vbulletin->GPC['limitstart'] = 0; } else { $vbulletin->GPC['limitstart']--; } if (empty($vbulletin->GPC['limitnumber']) or $vbulletin->GPC['limitnumber'] == 0) { $vbulletin->GPC['limitnumber'] = 25; } $searchquery = "\n\t\tSELECT\n\t\tuser.userid, reputation, username, usergroupid, birthday_search, email,\n\t\tparentemail,(options & " . $vbulletin->bf_misc_useroptions['coppauser'] . ") AS coppauser, homepage, icq, aim, yahoo, msn, skype, signature,\n\t\tusertitle, joindate, lastpost, posts, ipaddress, lastactivity, userfield.*\n\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t\tWHERE {$condition}\n\t\tORDER BY " . $db->escape_string($vbulletin->GPC['orderby']) . " " . $db->escape_string($vbulletin->GPC['direction']) . "\n\t\tLIMIT " . $vbulletin->GPC['limitstart'] . ", " . $vbulletin->GPC['limitnumber']; $countusers = $db->query_first("\n\t\tSELECT COUNT(*) AS users\n\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t\tWHERE {$condition}\n\t"); $users = $db->query_read($searchquery); if ($countusers['users'] == 1) { // show a user if there is just one found $user = $db->fetch_array($users); // instant redirect exec_header_redirect("user.php?" . $vbulletin->session->vars['sessionurl'] . "do=edit&u={$user['userid']}"); } else { if ($countusers['users'] == 0) { // no users found! print_stop_message('no_users_matched_your_query'); } } define('DONEFIND', true); $_REQUEST['do'] = 'find2'; } // ############################################################################# print_cp_header($vbphrase['user_manager']); if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'modify'; } // ###################### Start email password #######################
$vbulletin->input->clean_array_gpc('r', array('redirect' => TYPE_NOHTML)); # Not sure where this comes from if (!empty($vbulletin->GPC['redirect'])) { define('CP_REDIRECT', $vbulletin->GPC['redirect']); print_stop_message('redirecting_please_wait'); } // ############################################################################# // ############################### LOG OUT OF CP ############################### // ############################################################################# if ($_REQUEST['do'] == 'cplogout') { vbsetcookie('cpsession', '', false, true, true); $db->query_write("DELETE FROM " . TABLE_PREFIX . "cpsession WHERE userid = " . $vbulletin->userinfo['userid'] . " AND hash = '" . $db->escape_string($vbulletin->GPC[COOKIE_PREFIX . 'cpsession']) . "'"); if (!empty($vbulletin->session->vars['sessionurl_js'])) { exec_header_redirect('index.php?' . $vbulletin->session->vars['sessionurl_js']); } else { exec_header_redirect('index.php'); } } if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'frames'; } if ($_REQUEST['do'] == 'frames') { $vbulletin->input->clean_array_gpc('r', array('loc' => TYPE_NOHTML)); $navframe = '<frame src="index.php?' . $vbulletin->session->vars['sessionurl'] . "do=nav" . iif($cpnavjs, '&cpnavjs=1') . "\" name=\"nav\" scrolling=\"yes\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" border=\"no\" />\n"; $headframe = '<frame src="index.php?' . $vbulletin->session->vars['sessionurl'] . "do=head\" name=\"head\" scrolling=\"no\" noresize=\"noresize\" frameborder=\"0\" marginwidth=\"10\" marginheight=\"0\" border=\"no\" />\n"; $mainframe = '<frame src="' . iif(!empty($vbulletin->GPC['loc']), $vbulletin->GPC['loc'], 'index.php?' . $vbulletin->session->vars['sessionurl'] . 'do=home') . "\" name=\"main\" scrolling=\"yes\" frameborder=\"0\" marginwidth=\"10\" marginheight=\"10\" border=\"no\" />\n"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo $stylevar['textdirection']; ?>
// ############################################################################# // check that board is active - if not admin, then display error if ((!$vbulletin->options['bbactive'] AND !($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) OR !($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) { exec_header_redirect($vbulletin->options['bburl'] . '/' . $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']); } // if password is expired, deny access if ($vbulletin->userinfo['userid'] AND $permissions['passwordexpires']) { $passworddaysold = floor((TIMENOW - $vbulletin->userinfo['passworddate']) / 86400); if ($passworddaysold >= $permissions['passwordexpires']) { exec_header_redirect($vbulletin->options['bburl'] . '/' . $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']); } } verify_ip_ban(); $cache_templates = array('ad_archive_above_content1', 'ad_archive_above_content2', 'ad_archive_below_content'); ($hook = vBulletinHook::fetch_hook('archive_global')) ? eval($hook) : false; cache_templates($cache_templates, $style['templatelist']); unset($cache_templates); // ######################################################################################### // ###################### ARCHIVE FUNCTIONS ################################################
), ); $actiontemplates['dosearch'] =& $actiontemplates['search']; if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'search'; } // ######################### REQUIRE BACK-END ############################ require_once('./global.php'); // Temporarily disabling this entry point. This will be revisited. Bug #33021 exec_header_redirect('search.php?' . $vbulletin->session->vars['sessionurl'] . 'search_type=1#ads=15', 301); require_once(DIR . '/includes/functions_bigthree.php'); require_once(DIR . '/includes/blog_init.php'); require_once(DIR . '/includes/blog_functions_search.php'); // ### STANDARD INITIALIZATIONS ### $navbits = array(); /* Check they can view a blog, any blog */ if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { if (!$vbulletin->userinfo['userid'] OR !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) { print_no_permission();
} */ // ####################################################################### if ($_REQUEST['do'] == 'cloud') { $vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT)); if ($vbulletin->GPC['userid']) { $userinfo = fetch_userinfo($vbulletin->GPC['userid']); if (!$userinfo['canviewmyblog']) { print_no_permission(); } if ($vbulletin->userinfo['userid'] == $userinfo['userid'] and !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) { print_no_permission(); } if ($vbulletin->userinfo['userid'] != $userinfo['userid'] and !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { // Can't view other's entries so off you go to your own blog. exec_header_redirect("blog.php?{$session['sessionurl']}u=" . $vbulletin->userinfo['userid']); } $show['usercloud'] = true; $tag_cloud = fetch_blog_tagcloud('usage', false, $userinfo['userid']); } else { $tag_cloud = fetch_blog_tagcloud('usage'); } $navbits = construct_navbits(array('blog.php' . $vbulletin->session->vars['sessionurl_q'] => $vbphrase['blogs'], '' => $vbphrase['tags'])); $navbar = render_navbar_template($navbits); ($hook = vBulletinHook::fetch_hook('blog_tags_cloud_complete')) ? eval($hook) : false; if ($userinfo) { $sidebar =& build_user_sidebar($userinfo); } else { $sidebar =& build_overview_sidebar(); } $templater = vB_Template::create('blog_tag_cloud');
$anncdata->set_existing($announcementinfo); $anncdata->delete(); if ($announcementinfo['forumid'] == -1) { $vbulletin->url = $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']; } else { $vbulletin->url = fetch_seo_url('forum', array('forumid' => $announcementinfo['forumid'], 'title' => $vbulletin->forumcache["$announcementinfo[forumid]"])); } eval(print_standard_redirect('deleted_announcement')); } else { exec_header_redirect('announcement.php?' . $vbulletin->session->vars['sessionurl'] . "do=edit&a=$announcementinfo[announcementid]"); } } // ############################################################################# // insert or update an announcement if ($_POST['do'] == 'update') { $vbulletin->input->clean_array_gpc('p', array( 'wysiwyg' => TYPE_BOOL, 'preview' => TYPE_STR, 'title' => TYPE_STR, 'message' => TYPE_STR, 'forumid' => TYPE_INT, 'startdate' => TYPE_ARRAY_UINT, 'enddate' => TYPE_ARRAY_UINT,
($hook = vBulletinHook::fetch_hook('photoplog_edit_sqlreplace')) ? eval($hook) : false; if ($db->query_write("REPLACE INTO " . PHOTOPLOG_PREFIX . "photoplog_fileuploads\r\n\t\t\t(fileid, userid, username, title, description, filename, filesize, dateline, views, catid, moderate, dimensions, setid, \r\n\t\t\tfielddata, num_comments0, num_comments1, num_ratings0, num_ratings1, sum_ratings0, sum_ratings1,\r\n\t\t\tlast_comment_dateline0, last_comment_dateline1, last_comment_id0, last_comment_id1, albumids, exifinfo)\r\n\t\t\tVALUES (\r\n\t\t\t\t" . intval($photoplog_file_id) . ",\r\n\t\t\t\t" . intval($photoplog_file_userid) . ",\r\n\t\t\t\t'" . $db->escape_string($photoplog_file_username) . "',\r\n\t\t\t\t'" . $db->escape_string($photoplog_file_title) . "',\r\n\t\t\t\t'" . $db->escape_string($photoplog_file_description) . "',\r\n\t\t\t\t'" . $db->escape_string($photoplog_replace_name) . "',\r\n\t\t\t\t" . intval($photoplog_file_size) . ",\r\n\t\t\t\t" . intval($photoplog_file_dateline) . ",\r\n\t\t\t\t" . intval($photoplog_file_views) . ",\r\n\t\t\t\t" . intval($photoplog_file_catid) . ",\r\n\t\t\t\t" . intval($photoplog_file_moderate) . ",\r\n\t\t\t\t'" . $db->escape_string($photoplog['dimensions']) . "',\r\n\t\t\t\t" . intval($photoplog_file_setid) . ",\r\n\t\t\t\t'" . $db->escape_string($photoplog_fielddata) . "',\r\n\t\t\t\t" . intval($photoplog_file_nc0) . ",\r\n\t\t\t\t" . intval($photoplog_file_nc1) . ",\r\n\t\t\t\t" . intval($photoplog_file_nr0) . ",\r\n\t\t\t\t" . intval($photoplog_file_nr1) . ",\r\n\t\t\t\t" . intval($photoplog_file_sr0) . ",\r\n\t\t\t\t" . intval($photoplog_file_sr1) . ",\r\n\t\t\t\t" . intval($photoplog_file_lcd0) . ",\r\n\t\t\t\t" . intval($photoplog_file_lcd1) . ",\r\n\t\t\t\t" . intval($photoplog_file_lci0) . ",\r\n\t\t\t\t" . intval($photoplog_file_lci1) . ",\r\n\t\t\t\t'" . $db->escape_string($photoplog_albumids) . "',\r\n\t\t\t\t'" . $db->escape_string($photoplog_exifinfo) . "'\r\n\t\t\t)\r\n\t\t")) { if ($photoplog_file_catid_default >= 0 && $photoplog_file_catid != $photoplog_file_catid_default) { $db->query_write("UPDATE " . PHOTOPLOG_PREFIX . "photoplog_ratecomment\r\n\t\t\t\t\t\tSET catid = " . intval($photoplog_file_catid) . "\r\n\t\t\t\t\t\tWHERE fileid = " . intval($photoplog_file_id) . "\r\n\t\t\t"); photoplog_update_counts_table($photoplog_file_catid_default); } photoplog_update_counts_table($photoplog_file_catid); if ($photoplog_file_moderate == 1 && $vbulletin->options['photoplog_admin_email']) { $photoplog_subject = $photoplog_message = ''; eval(fetch_email_phrases('photoplog_mod_file', -1, '', 'photoplog_')); vbmail($vbulletin->options['webmasteremail'], $photoplog_subject, $photoplog_message, true); } if ($photoplog_file_old && $photoplog_file_edit) { @unlink($photoplog_directory_name . "/" . $photoplog_file_old); @unlink($photoplog_directory_name . "/large/" . $photoplog_file_old); @unlink($photoplog_directory_name . "/medium/" . $photoplog_file_old); @unlink($photoplog_directory_name . "/small/" . $photoplog_file_old); } ($hook = vBulletinHook::fetch_hook('photoplog_edit_doedit_complete')) ? eval($hook) : false; $photoplog_id = intval($photoplog_file_id); $photoplog_url = $photoplog['location'] . '/index.php?' . $vbulletin->session->vars['sessionurl'] . 'n=' . $photoplog_id; exec_header_redirect($photoplog_url); exit; } else { photoplog_output_page('photoplog_error_page', $vbphrase['photoplog_error'], $vbphrase['photoplog_bad_luck']); } } ($hook = vBulletinHook::fetch_hook('photoplog_edit_complete')) ? eval($hook) : false; if ($_REQUEST['do'] != 'edit' && $_POST['do'] != 'doedit') { photoplog_index_bounce(); }
} } } $output .= "</ol>\n</div>\n"; } else { $output .= "<div id=\"content\">\n"; $output .= print_archive_forum_list($f); $output .= "</div>\n"; } } // ******************************************************************************************** // display thread if ($do == 'thread') { if (!$vbulletin->options['archive_threadtype']) { // if we are not using the archive threadtype, invisibly redirect to the full thread view exec_header_redirect($vbulletin->options['bburl'] . "/showthread.php?" . $vbulletin->session->vars['sessionurl_js'] . "t={$threadinfo['threadid']}"); } if ($vbulletin->options['wordwrap'] != 0) { $threadinfo['title'] = fetch_word_wrapped_string($threadinfo['title']); } $threadinfo['title'] = fetch_censored_text($threadinfo['title']); $output .= print_archive_navigation($foruminfo, $threadinfo); $output .= "<p class=\"largefont\">{$vbphrase['view_full_version']} : " . ($threadinfo['prefix_plain_html'] ? "{$threadinfo['prefix_plain_html']} " : '') . "<a href=\"" . $vbulletin->options['bburl'] . "/showthread.php?t={$threadinfo['threadid']}\">{$threadinfo['title']}</a></p>\n<hr />\n"; if ($p == 0) { $p = 1; } $output .= print_archive_page_navigation($threadinfo['replycount'] + 1, $vbulletin->options['archive_postsperpage'], "t-{$threadinfo['threadid']}"); $posts = $db->query_read_slave("\n\t\tSELECT post.postid, post.pagetext, IFNULL( user.username , post.username ) AS username, dateline\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = post.userid)\n\t\tWHERE threadid = {$threadinfo['threadid']}\n\t\t\tAND visible = 1\n\t\t\t{$globalignore}\n\t\tORDER BY dateline ASC\n\t\tLIMIT " . ($p - 1) * $vbulletin->options['archive_postsperpage'] . ',' . $vbulletin->options[archive_postsperpage]); if ($pda and false) { $output .= "<span id=\"posting\"><a href=\"?message=1\" rel=\"nofollow\">New Reply</a></span>"; }
if (can_moderate($forumid, 'canmassprune')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=prune')); } else { print_no_permission(); } } } // ############################################################################# if ($_REQUEST['do'] == 'modposts') { if (can_moderate(0, 'canmoderateposts')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('moderate.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=posts')); } else { print_no_permission(); } } // ############################################################################# if ($_REQUEST['do'] == 'modattach') { if (can_moderate(0, 'canmoderateattachments')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('moderate.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=attachments')); } else { print_no_permission(); } } print_no_permission(); //setup redirects for other options in moderators cp /*======================================================================*\ || #################################################################### || # Downloaded: 22:41, Fri Oct 10th 2008 || # CVS: $RCSfile$ - $Revision: 26399 $ || #################################################################### \*======================================================================*/
if ($show['max_pic_limit'] or $show['max_totalsize_limit'] or $show['max_picsize_limit'] or $show['max_dim_limit']) { $show['limit_info'] = true; $limit_info = array('pic_remain' => vb_number_format($pics_remain), 'totalsize_remain' => vb_number_format($size_overage * -1, 0, true), 'width_limit' => $userinfo['permissions']['albumpicmaxwidth'] ? vb_number_format($userinfo['permissions']['albumpicmaxwidth']) : $vbphrase['unlimited'], 'height_limit' => $userinfo['permissions']['albumpicmaxheight'] ? vb_number_format($userinfo['permissions']['albumpicmaxheight']) : $vbphrase['unlimited'], 'picsize_limit' => vb_number_format($userinfo['permissions']['albumpicmaxsize'], 0, true)); } $show['moderation'] = $moderatedpictures; ($hook = vBulletinHook::fetch_hook('album_picture_add')) ? eval($hook) : false; // navbar and final output $navbits = construct_navbits(array('member.php?' . $vbulletin->session->vars['sessionurl'] . "u={$userinfo['userid']}" => construct_phrase($vbphrase['xs_profile'], $userinfo['username']), 'album.php?' . $vbulletin->session->vars['sessionurl'] . "u={$userinfo['userid']}" => $vbphrase['albums'], 'album.php?' . $vbulletin->session->vars['sessionurl'] . "albumid={$albuminfo['albumid']}" => $albuminfo['title_html'], '' => $vbphrase['upload_pictures'])); eval('$navbar = "' . fetch_template('navbar') . '";'); eval('print_output("' . fetch_template('album_picture_upload') . '");'); } // ####################################################################### if ($_POST['do'] == 'doaddgroupmult') { $vbulletin->input->clean_array_gpc('p', array('groupid' => TYPE_UINT, 'pictureids' => TYPE_ARRAY_UINT, 'cancel' => TYPE_STR, 'pagenumber' => TYPE_UINT)); if ($vbulletin->GPC['cancel']) { exec_header_redirect('album.php?' . $vbulletin->session->vars['sessionurl'] . 'albumid=' . $albuminfo['albumid'] . ($vbulletin->GPC['pagenumber'] > 1 ? '&page=' . $vbulletin->GPC['pagenumber'] : '')); } if (empty($albuminfo)) { standard_error(fetch_error('invalidid', $vbphrase['album'], $vbulletin->options['contactuslink'])); } if ($userinfo['userid'] != $vbulletin->userinfo['userid'] or !($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_groups']) or !$vbulletin->options['socnet_groups_albums_enabled'] or !($vbulletin->userinfo['permissions']['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canviewgroups'])) { print_no_permission(); } if (!$vbulletin->GPC['groupid']) { standard_error(fetch_error('must_select_valid_group_add_pictures')); } if (empty($vbulletin->GPC['pictureids'])) { standard_error(fetch_error('must_select_valid_pictures_add_group')); } require_once DIR . '/includes/functions_socialgroup.php'; $group = fetch_socialgroupinfo($vbulletin->GPC['groupid']);