/** * Prefix Permission Check * * @param string The prefix ID to check * @param array The restricted usergroups (used when we have the restrictions already) * * @return boolean */ function can_use_prefix($prefixid, $restrictions = null) { global $vbulletin; if (!is_array($restrictions)) { $restrictions = array(); $restrictions_db = $vbulletin->db->query_read("\n\t\t\tSELECT prefixpermission.usergroupid\n\t\t\tFROM " . TABLE_PREFIX . "prefixpermission AS prefixpermission\n\t\t\tWHERE prefixpermission.prefixid = '" . $vbulletin->db->escape_string($prefixid) . "'\n\t\t"); while ($restriction = $vbulletin->db->fetch_array($restrictions_db)) { $restrictions[] = intval($restriction['usergroupid']); } } if (empty($restrictions)) { return true; } $membergroups = fetch_membergroupids_array($vbulletin->userinfo); $infractiongroups = explode(',', str_replace(' ', '', $vbulletin->userinfo['infractiongroupids'])); foreach ($restrictions as $usergroup) { if (in_array($usergroup, $infractiongroups)) { return false; } } if (!count(array_diff($membergroups, $restrictions))) { return false; } return true; }
/** * Fetches the Avatar Category Cache * * @param array User Information * * @return array Avatar Category Cache * */ function &fetch_avatar_categories(&$userinfo) { global $vbulletin; static $categorycache = array(); if (isset($categorycache["{$userinfo['userid']}"])) { return $categorycache["{$userinfo['userid']}"]; } else { $categorycache["{$userinfo['userid']}"] = array(); } $membergroups = fetch_membergroupids_array($userinfo); $infractiongroups = explode(',', str_replace(' ', '', $userinfo['infractiongroupids'])); // ############### DISPLAY AVATAR CATEGORIES ############### // get all the available avatar categories $avperms = $vbulletin->db->query_read_slave("\n\t\tSELECT imagecategorypermission.imagecategoryid, usergroupid\n\t\tFROM " . TABLE_PREFIX . "imagecategorypermission AS imagecategorypermission, " . TABLE_PREFIX . "imagecategory AS imagecategory\n\t\tWHERE imagetype = 1\n\t\t\tAND imagecategorypermission.imagecategoryid = imagecategory.imagecategoryid\n\t\tORDER BY imagecategory.displayorder\n\t"); $noperms = array(); while ($avperm = $vbulletin->db->fetch_array($avperms)) { $noperms["{$avperm['imagecategoryid']}"][] = $avperm['usergroupid']; } foreach ($noperms as $imagecategoryid => $usergroups) { foreach ($usergroups as $usergroupid) { if (in_array($usergroupid, $infractiongroups)) { $badcategories .= ",{$imagecategoryid}"; } } if (!count(array_diff($membergroups, $usergroups))) { $badcategories .= ",{$imagecategoryid}"; } } $categories = $vbulletin->db->query_read_slave("\n\t\tSELECT imagecategory.*, COUNT(avatarid) AS avatars\n\t\tFROM " . TABLE_PREFIX . "imagecategory AS imagecategory\n\t\tLEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON\n\t\t\t(avatar.imagecategoryid=imagecategory.imagecategoryid)\n\t\tWHERE imagetype=1\n\t\tAND avatar.minimumposts <= " . intval($userinfo['posts']) . "\n\t\tAND avatar.avatarid <> " . intval($userinfo['avatarid']) . "\n\t\tAND imagecategory.imagecategoryid NOT IN (0{$badcategories})\n\t\tGROUP BY imagecategory.imagecategoryid\n\t\tHAVING avatars > 0\n\t\tORDER BY imagecategory.displayorder\n\t"); while ($category = $vbulletin->db->fetch_array($categories)) { $categorycache["{$userinfo['userid']}"]["{$category['imagecategoryid']}"] = $category; } return $categorycache["{$userinfo['userid']}"]; }
/** * Prepares the project permissions for a user, taking into account primary and * secondary groups. * * @param array (In/Out) User information * * @return array Project permissions (also in $user['projectpermissions']) */ function prepare_project_permissions(&$user) { global $vbulletin; $membergroupids = fetch_membergroupids_array($user); // build usergroup permissions if (sizeof($membergroupids) == 1 or !($vbulletin->usergroupcache["{$user['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['allowmembergroups'])) { // if primary usergroup doesn't allow member groups then get rid of them! $membergroupids = array($user['usergroupid']); // just return the permissions for the user's primary group (user is only a member of a single group) $user['projectpermissions'] = $vbulletin->pt_permissions["{$user['usergroupid']}"]; if (!is_array($user['projectpermissions'])) { $user['projectpermissions'] = array(); } } else { $user['projectpermissions'] = array(); // return the merged array of all user's membergroup permissions (user has additional member groups) foreach ($membergroupids as $usergroupid) { if (!is_array($vbulletin->pt_permissions["{$usergroupid}"])) { continue; } if (!($vbulletin->usergroupcache["{$usergroupid}"]['ptpermissions'] & $vbulletin->bf_ugp_ptpermissions['canviewprojecttools'])) { // group's access is globally disabled, skip counting their permissions continue; } foreach ($vbulletin->pt_permissions["{$usergroupid}"] as $projectid => $types) { foreach ($types as $type => $value) { foreach ($value as $key => $val) { $user['projectpermissions']["{$projectid}"]["{$type}"]["{$key}"] |= intval($val); } } } } } if ($user['infractiongroupids']) { foreach (explode(',', str_replace(' ', '', $user['infractiongroupids'])) as $usergroupid) { foreach ($vbulletin->pt_permissions["{$usergroupid}"] as $projectid => $types) { foreach ($types as $type => $value) { foreach ($value as $key => $val) { $user['projectpermissions']["{$projectid}"]["{$type}"]["{$key}"] &= intval($val); } } } } } return $user['projectpermissions']; }
/** * Sets the calendar permissions to the passed user info array * * @param array (ref) User info array * * @return array Calendar permissions component of user info array */ function cache_calendar_permissions(&$user) { global $calendarcache; global $vbulletin; $cpermscache = array(); $calendarcache = array(); $displayorder = array(); //we should move this stuff to a user object. if (!empty($user['infractiongroupids'])) { $infractiongroupids = explode(',', str_replace(' ', '', $user['infractiongroupids'])); } else { $infractiongroupids = array(); } // initialise $membergroups - make an array of the usergroups to which this user belongs $membergroupids = fetch_membergroupids_array($user); // build usergroup permissions if (sizeof($membergroupids) == 1 OR !($vbulletin->usergroupcache["$user[usergroupid]"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['allowmembergroups']) ) { // if primary usergroup doesn't allow member groups then get rid of them! $membergroupids = array($user['usergroupid']); } $calendarpermissions = $vbulletin->db->query_read_slave(" SELECT calendarpermission.usergroupid, calendarpermission.calendarpermissions, calendar.calendarid,calendar.title, displayorder FROM " . TABLE_PREFIX . "calendar AS calendar LEFT JOIN " . TABLE_PREFIX . "calendarpermission AS calendarpermission ON (calendarpermission.calendarid = calendar.calendarid AND usergroupid IN (" . implode(', ', $membergroupids) . ")) ORDER BY displayorder ASC "); while ($cp = $vbulletin->db->fetch_array($calendarpermissions)) { $cpermscache["$cp[calendarid]"]["$cp[usergroupid]"] = intval($cp['calendarpermissions']); $calendarcache["$cp[calendarid]"] = $cp['title']; $displayorder["$cp[calendarid]"] = $cp['displayorder']; } $vbulletin->db->free_result($calendarpermissions); // Combine the calendar permissions for all member groups foreach ($cpermscache AS $calendarid => $cpermissions) { $user['calendarpermissions']["$calendarid"] = 0; if (empty($displayorder["$calendarid"])) { // leave permissions at 0 for calendars that aren't being displayed continue; } foreach ($membergroupids AS $usergroupid) { if (isset($cpermissions["$usergroupid"])) { $user['calendarpermissions']["$calendarid"] |= $cpermissions["$usergroupid"]; } else { $user['calendarpermissions']["$calendarid"] |= $vbulletin->usergroupcache["$usergroupid"]['calendarpermissions']; } } foreach ($infractiongroupids AS $usergroupid) { if (isset($cpermissions["$usergroupid"])) { $user['calendarpermissions']["$calendarid"] &= $cpermissions["$usergroupid"]; } else { $user['calendarpermissions']["$calendarid"] &= $vbulletin->usergroupcache["$usergroupid"]['calendarpermissions']; } } } return $user['calendarpermissions']; }
/** * Prepare any data needed for the output * * @param string The id of the block * @param array Options specific to the block */ function prepare_output($id = '', $options = array()) { global $show, $vbphrase; $this->block_data = array(); $membergroups = fetch_membergroupids_array($this->profile->userinfo); $this->block_data['membergroupcount'] = 0; $membergroupbits = ''; foreach ($membergroups as $usergroupid) { $usergroup = $this->registry->usergroupcache["{$usergroupid}"]; if ($usergroup['ispublicgroup']) { $templater = vB_Template::create('memberinfo_publicgroupbit'); $templater->register('usergroup', $usergroup); $membergroupbits .= $templater->render(); $this->block_data['membergroupcount']++; } } $this->block_data['membergroupbits'] = $membergroupbits; if ($this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_groups']) { $socialgroups = $this->registry->db->query_read_slave("\n\t\t\t\tSELECT socialgroup.groupid, socialgroup.name, socialgroup.description, socialgroup.dateline, sgicon.dateline AS icondateline,\n\t\t\t\t\tsgicon.thumbnail_width AS iconthumb_width, sgicon.thumbnail_height AS iconthumb_height\n\t\t\t\tFROM " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON\n\t\t\t\t\t(socialgroup.groupid = socialgroupmember.groupid)\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroupicon AS sgicon ON sgicon.groupid = socialgroup.groupid\n\t\t\t\tWHERE\n\t\t\t\t\tsocialgroupmember.userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\t\tAND socialgroupmember.type = 'member'\n\t\t\t\tORDER BY socialgroup.name\n\t\t\t"); $showgrouplink = $this->registry->userinfo['permissions']['socialgrouppermissions'] & $this->registry->bf_ugp_socialgrouppermissions['canviewgroups'] ? true : false; require_once DIR . '/includes/functions_socialgroup.php'; $socialgroupbits = ''; $useicons = $this->registry->db->num_rows($socialgroups) <= 12; while ($socialgroup = $this->registry->db->fetch_array($socialgroups)) { $socialgroup = prepare_socialgroup($socialgroup); if (!$useicons) { $socialgroup['name_html'] = fetch_word_wrapped_string(fetch_censored_text($socialgroup['name'])); } if ($useicons) { $templater = vB_Template::create('memberinfo_socialgroupbit'); } else { $templater = vB_Template::create('memberinfo_socialgroupbit_text'); } $templater->register('showgrouplink', $showgrouplink); $templater->register('socialgroup', $socialgroup); $socialgroupbits .= $templater->render(); } $this->block_data['socialgroupbits'] = $socialgroupbits; $this->block_data['socialgroupcount'] = $this->registry->db->num_rows($socialgroups); } else { $this->block_data['socialgroupbits'] = ''; $this->block_data['socialgroupcount'] = 0; } $this->block_data['show_join_link'] = ((!empty($this->block_data['socialgroupbits']) or $this->profile->prepared['myprofile']) and $this->registry->userinfo['permissions']['socialgrouppermissions'] & $this->registry->bf_ugp_socialgrouppermissions['canjoingroups'] and $this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_groups']); }
} } unset($usergroup); // count primary users $groupcounts = $assertor->assertQuery('vBForum:getPrimaryUsersCount', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED)); if ($groupcounts and $groupcounts->valid()) { foreach ($groupcounts as $groupcount) { $vbulletin->usergroupcache["{$groupcount['usergroupid']}"]['count'] = $groupcount['total']; } } unset($groupcount); // count secondary users $groupcounts = $assertor->assertQuery('user', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'membergroupids', 'value' => '', 'operator' => vB_dB_Query::OPERATOR_NE)))); if ($groupcounts and $groupcounts->valid()) { foreach ($groupcounts as $groupcount) { $ids = fetch_membergroupids_array($groupcount, false); foreach ($ids as $index => $value) { if ($groupcount['usergroupid'] != $value and !empty($vbulletin->usergroupcache["{$value}"])) { $vbulletin->usergroupcache["{$value}"]['secondarycount']++; } } } } unset($groupcount); // count requests $groupcounts = $assertor->assertQuery('vBForum:getUserGroupReqeustCount', array(vB_dB_Query::QUERY_STORED)); if ($groupcounts and $groupcounts->valid()) { foreach ($groupcounts as $groupcount) { $vbulletin->usergroupcache["{$groupcount['usergroupid']}"]['requests'] = $groupcount['total']; } }
function nntp_update_groupaccess_cache($userinfo) { global $vbulletin; // Sort groups, to make same key for any combinations $membergroupids = fetch_membergroupids_array($userinfo); sort($membergroupids); $activegroups = array(); $availablegroups = array(); /** * Example: * * $nntp_group = new NNTPGate_Forum_Group(); // child of NNTPGate_Group_Base * $groups = $nntp_group->get_avaliable_group_list($membergroupids); * $activegroups = $activegroups + $groups; * unset($nntp_group); */ ($hook = vBulletinHook::fetch_hook('nntp_gate_backend_check_groups_list')) ? eval($hook) : false; foreach ($activegroups as $nntpid => $group) { if ($group['available'] == true) { $availablegroups[] = $group['group_id']; } } sort($availablegroups); $nntpgroupslist = implode(',', $availablegroups); $template = vB_Template::create('nntp_message_template')->render(); $css = vB_Template::create('nntp_message_css')->render(); $menu = vB_Template::create('nntp_message_menu')->render(); $key = implode(',', $membergroupids); // update/insert data into db cache $vbulletin->db->query_write("\n REPLACE INTO `" . TABLE_PREFIX . "nntp_groupaccess_cache`\n SET\n `usergroupslist` = '" . $vbulletin->db->escape_string($key) . "',\n `nntpgroupslist` = '" . $vbulletin->db->escape_string($nntpgroupslist) . "',\n `template` = '" . $vbulletin->db->escape_string($template) . "',\n `css` = '" . $vbulletin->db->escape_string($css) . "',\n `menu` = '" . $vbulletin->db->escape_string($menu) . "'\n "); return $key; }
// 'maxfilelimit' => 100, //); // ######################## SET HSJS COUNTER ############################## $photoplog['hscnt'] = 0; // ##################### GRAB REQUIRED FUNCTIONS ########################## require_once DIR . '/includes/adminfunctions.php'; if (is_file($vbulletin->options['photoplog_full_path'] . '/functions.php')) { require_once $vbulletin->options['photoplog_full_path'] . '/functions.php'; } else { echo "<br /><br /><strong>\r\n\t\tIncorrect PhotoPlog setting! Go to \r\n\t\tACP -> PhotoPlog Pro -> General Settings and make the correction.\r\n\t\t</strong><br /><br />"; exit; } // ################# SET USERGROUPS FOR PERMISSIONS ####################### $photoplog_perm_usergroupid = $vbulletin->userinfo['usergroupid']; // fetch_membergroupids_array with true includes both primary and secondaries $photoplog_perm_membergroups_array = fetch_membergroupids_array($vbulletin->userinfo, true); if (!($vbulletin->usergroupcache[$photoplog_perm_usergroupid]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['allowmembergroups'])) { $photoplog_perm_membergroups_array = array($photoplog_perm_usergroupid); } foreach ($photoplog_perm_membergroups_array as $photoplog_perm_key => $photoplog_perm_val) { $photoplog_perm_membergroups_array[$photoplog_perm_key] = intval($photoplog_perm_val); } if (!$photoplog_perm_membergroups_array) { $photoplog_perm_membergroups_array = array(0); } // #################### SET CATID FOR PERMISSIONS ######################### $vbulletin->input->clean_array_gpc('g', array('n' => TYPE_UINT, 'c' => TYPE_UINT, 'm' => TYPE_UINT)); $vbulletin->input->clean_array_gpc('p', array('fileid' => TYPE_UINT, 'catid' => TYPE_UINT, 'commentid' => TYPE_UINT)); // get or post, not both, so it is max of zero and something else $photoplog_perm_fileid = max($vbulletin->GPC['n'], $vbulletin->GPC['fileid']); $photoplog_perm_catid = max($vbulletin->GPC['c'], $vbulletin->GPC['catid']);
$delete[] = $requestid; break; case 0: // this request will be denied $deny[] = $requestid; $delete[] = $requestid; break; } } // if we have any accepted requests, make sure they are valid if (!empty($delete)) { $users = $db->query_read_slave("\n\t\t\tSELECT req.userid, user.username, user.usergroupid, user.membergroupids, req.usergrouprequestid\n\t\t\tFROM " . TABLE_PREFIX . "usergrouprequest AS req\n\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING(userid)\n\t\t\tWHERE usergrouprequestid IN(" . implode(', ', $delete) . ")\n\t\t\tORDER BY user.username\n\t\t"); $authusers = array(); $denyusers = array(); while ($user = $db->fetch_array($users)) { if (!in_array($vbulletin->GPC['usergroupid'], fetch_membergroupids_array($user)) and in_array($user['usergrouprequestid'], $auth)) { $authusers[$user['userid']] = $user['usergrouprequestid']; } elseif (in_array($user['usergrouprequestid'], $deny)) { $denyusers[$user['userid']] = $user['usergrouprequestid']; } } } // check that we STILL have some valid requests if (!empty($authusers)) { $updateQuery = "\n\t\t\tUPDATE " . TABLE_PREFIX . "user SET\n\t\t\tmembergroupids = IF(membergroupids = '', " . $vbulletin->GPC['usergroupid'] . ", CONCAT(membergroupids, '," . $vbulletin->GPC['usergroupid'] . "'))\n\t\t\tWHERE userid IN(" . implode(', ', array_keys($authusers)) . ")\n\t\t"; $db->query_write($updateQuery); } ($hook = vBulletinHook::fetch_hook('joinrequest_process_complete')) ? eval($hook) : false; // delete processed join requests if (!empty($delete)) { $deleteQuery = "\n\t\t\tDELETE FROM " . TABLE_PREFIX . "usergrouprequest\n\t\t\tWHERE usergrouprequestid IN(" . implode(', ', $delete) . ")\n\t\t";
} // ############################################################################# if ($_POST['do'] == 'order') { $vbulletin->input->clean_array_gpc('p', array('subscriptionids' => TYPE_ARRAY_NOHTML, 'currency' => TYPE_ARRAY_NOHTML)); if (empty($vbulletin->GPC['subscriptionids'])) { eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink']))); } else { $subscriptionid = array_keys($vbulletin->GPC['subscriptionids']); $subscriptionid = intval($subscriptionid[0]); } $sub = $subobj->subscriptioncache["{$subscriptionid}"]; // first check this is active if not die if (!$sub['active']) { eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink']))); } $membergroupids = fetch_membergroupids_array($vbulletin->userinfo); $allow_secondary_groups = $vbulletin->bf_ugp_genericoptions['allowmembergroups'] & $vbulletin->usergroupcache[$vbulletin->userinfo['usergroupid']]['genericoptions']; if (!empty($sub['deniedgroups']) and ($allow_secondary_groups and !count(array_diff($membergroupids, $sub['deniedgroups'])) or !$allow_secondary_groups and in_array($vbulletin->userinfo['usergroupid'], $sub['deniedgroups']))) { eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink']))); } $sub['title'] = $vbphrase['sub' . $sub['subscriptionid'] . '_title']; $sub['description'] = $vbphrase['sub' . $sub['subscriptionid'] . '_desc']; $currency = $vbulletin->GPC['currency']["{$subscriptionid}"]; $tmp = explode('_', $currency); $currency = $tmp[1]; $subscriptionsubid = intval($tmp[0]); unset($tmp); $costs = unserialize($sub['cost']); if ($costs["{$subscriptionsubid}"]['length'] == 1) { $subscription_units = $lengths[$costs["{$subscriptionsubid}"]['units']]; } else {
/** * Returns the full set of permissions for the specified user (called by global or init) * * @param array (ref) User info array * @param boolean If true, returns combined usergroup permissions, individual forum permissions, individual calendar permissions and attachment permissions * @param boolean Reset the accesscache array for permissions following access mask update. Only allows one reset. * * @return array Permissions component of user info array */ function cache_permissions(&$user, $getforumpermissions = true, $resetaccess = false) { global $vbulletin, $forumpermissioncache; // these are the arrays created by this function global $calendarcache; static $accesscache = array(), $reset; if ($resetaccess and !$reset) { // Reset the accesscache array for permissions following access mask update. Only allows one reset. $accesscache = array(); $reset = true; } $intperms = array(); // set the usergroupid of the user's primary usergroup $USERGROUPID = $user['usergroupid']; if ($USERGROUPID == 0) { // set a default usergroupid if none is set $USERGROUPID = 1; } // initialise $membergroups - make an array of the usergroups to which this user belongs $membergroupids = fetch_membergroupids_array($user); // build usergroup permissions if (sizeof($membergroupids) == 1 or !($vbulletin->usergroupcache["{$USERGROUPID}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['allowmembergroups'])) { // if primary usergroup doesn't allow member groups then get rid of them! $membergroupids = array($USERGROUPID); // just return the permissions for the user's primary group (user is only a member of a single group) $user['permissions'] = $vbulletin->usergroupcache["{$USERGROUPID}"]; } else { // return the merged array of all user's membergroup permissions (user has additional member groups) foreach ($membergroupids as $usergroupid) { foreach ($vbulletin->bf_ugp as $dbfield => $permfields) { $user['permissions']["{$dbfield}"] |= $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"]; } foreach ($vbulletin->bf_misc_intperms as $dbfield => $precedence) { // put in some logic to handle $precedence if (!isset($intperms["{$dbfield}"])) { $intperms["{$dbfield}"] = $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"]; } else { if (!$precedence) { if ($vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] > $intperms["{$dbfield}"]) { $intperms["{$dbfield}"] = $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"]; } } else { if ($vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] == 0 or isset($intperms["{$dbfield}"]) and $intperms["{$dbfield}"] == 0) { $intperms["{$dbfield}"] = 0; } else { if ($vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] > $intperms["{$dbfield}"]) { $intperms["{$dbfield}"] = $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"]; } } } } } } $user['permissions'] = array_merge($vbulletin->usergroupcache["{$USERGROUPID}"], $user['permissions'], $intperms); } if ($user['infractiongroupids']) { $infractiongroupids = explode(',', str_replace(' ', '', $user['infractiongroupids'])); } else { $infractiongroupids = array(); } foreach ($infractiongroupids as $usergroupid) { foreach ($vbulletin->bf_ugp as $dbfield => $permfields) { $user['permissions']["{$dbfield}"] &= $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"]; } foreach ($vbulletin->bf_misc_intperms as $dbfield => $precedence) { if (!$precedence) { if ($vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] < $user['permissions']["{$dbfield}"]) { $user['permissions']["{$dbfield}"] = $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"]; } } else { if ($vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] < $user['permissions']["{$dbfield}"] and $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"] != 0) { $user['permissions']["{$dbfield}"] = $vbulletin->usergroupcache["{$usergroupid}"]["{$dbfield}"]; } } } } if (defined('SKIP_SESSIONCREATE') and $user['userid'] == $vbulletin->userinfo['userid'] and !($user['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) { // grant canview for usergroup if session skipping is defined. $user['permissions']['forumpermissions'] += $vbulletin->bf_ugp_forumpermissions['canview']; } ($hook = vBulletinHook::fetch_hook('cache_permissions')) ? eval($hook) : false; // if we do not need to grab the forum/calendar permissions // then just return what we have so far if ($getforumpermissions == false) { return $user['permissions']; } if (!is_array($user['forumpermissions'])) { $user['forumpermissions'] = array(); } foreach (array_keys($vbulletin->forumcache) as $forumid) { if (!isset($user['forumpermissions']["{$forumid}"])) { $user['forumpermissions']["{$forumid}"] = 0; } foreach ($membergroupids as $usergroupid) { $user['forumpermissions']["{$forumid}"] |= $vbulletin->forumcache["{$forumid}"]['permissions']["{$usergroupid}"]; } foreach ($infractiongroupids as $usergroupid) { $user['forumpermissions']["{$forumid}"] &= $vbulletin->forumcache["{$forumid}"]['permissions']["{$usergroupid}"]; } } // do access mask stuff if required if ($vbulletin->options['enableaccess'] and $user['hasaccessmask'] == 1) { if (empty($accesscache["{$user['userid']}"])) { // query access masks // the ordercontrol is required! (3.5 bug 1878) $accessmasks = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT access.*, forum.forumid,\n\t\t\t\t\tFIND_IN_SET(access.forumid, forum.parentlist) AS ordercontrol\n\t\t\t\tFROM " . TABLE_PREFIX . "forum AS forum\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "access AS access ON (access.userid = {$user['userid']} AND FIND_IN_SET(access.forumid, forum.parentlist))\n\t\t\t\tORDER BY ordercontrol DESC\n\t\t\t"); $accesscache["{$user['userid']}"] = array(); while ($access = $vbulletin->db->fetch_array($accessmasks)) { $accesscache["{$user['userid']}"]["{$access['forumid']}"] = $access['accessmask']; } unset($access); $vbulletin->db->free_result($accessmasks); } // if an access mask is set for a forum, set the permissions accordingly // If this is empty then the user really has no access masks but the switch is turned on?!? if (!empty($accesscache["{$user['userid']}"])) { foreach ($accesscache["{$user['userid']}"] as $forumid => $accessmask) { if ($accessmask == 0) { $user['forumpermissions']["{$forumid}"] = 0; } else { $user['forumpermissions']["{$forumid}"] = $user['permissions']['forumpermissions']; } } } else { // says the user has access masks, but doesn't actually // so turn them off $userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT); $userdm->set_existing($user); $userdm->set_bitfield('options', 'hasaccessmask', false); $userdm->save(); unset($userdm); } } // end if access masks enabled and is logged in user $calfiles = array('online' => true, 'calendar' => true, 'index' => $vbulletin->options['showevents'] ? true : false); if (THIS_SCRIPT == 'index' and $vbulletin->options['showevents']) { if (!is_array($vbulletin->eventcache) or gmdate('n-j-Y', TIMENOW + 86400 + 86400 * $vbulletin->options['showevents']) != $vbulletin->eventcache['date']) { // need perms with rebuild $calfiles['index'] = true; } else { if (count($vbulletin->eventcache) == 1) { // no events, only the date - don't need to cache the perms $calfiles['index'] = false; } } } // query calendar permissions if (!empty($calfiles[THIS_SCRIPT])) { // Only query calendar permissions when accessing the calendar or subscriptions or index.php $cpermscache = array(); $calendarcache = array(); $displayorder = array(); $calendarpermissions = $vbulletin->db->query_read_slave("\n\t\t\tSELECT calendarpermission.usergroupid, calendarpermission.calendarpermissions,calendar.calendarid,calendar.title, displayorder\n\t\t\tFROM " . TABLE_PREFIX . "calendar AS calendar\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "calendarpermission AS calendarpermission ON\n\t\t\t\t(calendarpermission.calendarid = calendar.calendarid AND usergroupid IN (" . implode(', ', $membergroupids) . "))\n\t\t\tORDER BY displayorder ASC\n\t\t"); while ($calendarpermission = $vbulletin->db->fetch_array($calendarpermissions)) { $cpermscache["{$calendarpermission['calendarid']}"]["{$calendarpermission['usergroupid']}"] = intval($calendarpermission['calendarpermissions']); $calendarcache["{$calendarpermission['calendarid']}"] = $calendarpermission['title']; $displayorder["{$calendarpermission['calendarid']}"] = $calendarpermission['displayorder']; } $vbulletin->db->free_result($calendarpermissions); // Combine the calendar permissions for all member groups foreach ($cpermscache as $calendarid => $cpermissions) { $user['calendarpermissions']["{$calendarid}"] = 0; if (empty($displayorder["{$calendarid}"])) { // leave permissions at 0 for calendars that aren't being displayed continue; } foreach ($membergroupids as $usergroupid) { if (isset($cpermissions["{$usergroupid}"])) { $user['calendarpermissions']["{$calendarid}"] |= $cpermissions["{$usergroupid}"]; } else { $user['calendarpermissions']["{$calendarid}"] |= $vbulletin->usergroupcache["{$usergroupid}"]['calendarpermissions']; } } foreach ($infractiongroupids as $usergroupid) { if (isset($cpermissions["{$usergroupid}"])) { $user['calendarpermissions']["{$calendarid}"] &= $cpermissions["{$usergroupid}"]; } else { $user['calendarpermissions']["{$calendarid}"] &= $vbulletin->usergroupcache["{$usergroupid}"]['calendarpermissions']; } } } } if (!empty($vbulletin->attachmentcache) and empty($vbulletin->attachmentcache['extensions'])) { $fields = array('size' => true, 'width' => true, 'height' => true); $user['attachmentextensions'] = ''; // Combine the attachment permissions for all member groups foreach ($vbulletin->attachmentcache as $extension => $attachment) { $need_default = false; foreach ($membergroupids as $usergroupid) { if (!empty($attachment['custom']["{$usergroupid}"])) { $perm = $attachment['custom']["{$usergroupid}"]; $user['attachmentpermissions']["{$extension}"]['permissions'] |= $perm['permissions']; foreach ($fields as $dbfield => $precedence) { // put in some logic to handle $precedence if (!isset($user['attachmentpermissions']["{$extension}"]["{$dbfield}"])) { $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"]; } else { if (!$precedence) { if ($perm["{$dbfield}"] > $user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) { $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"]; } } else { if ($perm["{$dbfield}"] == 0 or isset($user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) and $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] == 0) { $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = 0; } else { if ($perm["{$dbfield}"] > $user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) { $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"]; } } } } } } else { $need_default = true; } } if (empty($user['attachmentpermissions']["{$extension}"])) { $user['attachmentpermissions']["{$extension}"] = array('permissions' => 1, 'size' => &$vbulletin->attachmentcache["{$extension}"]['size'], 'height' => &$vbulletin->attachmentcache["{$extension}"]['height'], 'width' => &$vbulletin->attachmentcache["{$extension}"]['width']); } else { if ($need_default) { $user['attachmentpermissions']["{$extension}"]['permissions'] = 1; $perm = $vbulletin->attachmentcache["{$extension}"]; foreach ($fields as $dbfield => $precedence) { // put in some logic to handle $precedence if (!isset($user['attachmentpermissions']["{$extension}"]["{$dbfield}"])) { $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"]; } else { if (!$precedence) { if ($perm["{$dbfield}"] > $user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) { $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"]; } } else { if ($perm["{$dbfield}"] == 0 or isset($user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) and $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] == 0) { $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = 0; } else { if ($perm["{$dbfield}"] > $user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) { $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"]; } } } } } } } foreach ($infractiongroupids as $usergroupid) { if (!empty($attachment['custom']["{$usergroupid}"])) { $perm = $attachment['custom']["{$usergroupid}"]; $user['attachmentpermissions']["{$extension}"]['permissions'] &= $perm['permissions']; foreach ($fields as $dbfield => $precedence) { if (!$precedence) { if ($perm["{$dbfield}"] < $user['attachmentpermissions']["{$extension}"]["{$dbfield}"]) { $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"]; } } else { if ($perm["{$dbfield}"] < $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] and $perm["{$dbfield}"] != 0) { $user['attachmentpermissions']["{$extension}"]["{$dbfield}"] = $perm["{$dbfield}"]; } } } } } } foreach ($user['attachmentpermissions'] as $extension => $foo) { if ($user['attachmentpermissions']["{$extension}"]['permissions']) { $user['attachmentextensions'] .= (!empty($user['attachmentextensions']) ? ' ' : '') . $extension; } } } return $user['permissions']; }
/** * Verifies that the icon selected is valid. * * @param integer The ID of the icon * * @return bool Whether the icon is valid */ function verify_iconid(&$iconid) { if ($iconid) { // try to improve permission checking on icons if (!$this->info['user']) { $userid = $this->fetch_field('userid'); if (!$userid) { $userid = $this->fetch_field('postuserid'); } $this->set_info('user', fetch_userinfo($userid)); } if ($this->info['user']) { $membergroups = fetch_membergroupids_array($this->info['user']); } else { // this is assumed to be a guest; go magic numbers! $membergroups = array(1); } $imagecheck = $this->dbobject->query_read_slave("\n\t\t\t\tSELECT usergroupid FROM " . TABLE_PREFIX . "icon AS icon\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "imagecategorypermission USING (imagecategoryid)\n\t\t\t\tWHERE icon.iconid = {$iconid}\n\t\t\t\t\tAND usergroupid IN (" . $this->dbobject->escape_string(implode(',', $membergroups)) . ")\n\t\t\t"); if ($this->dbobject->num_rows($imagecheck) == sizeof($membergroups)) { $iconid = 0; } } return true; }
public function updateMemberForDeletedUsergroup($params, $db, $check_only = false) { if ($check_only) { return !empty($params['users']) and !empty($params['usergroupid']); } else { $casesql = $casesqli = ''; $updateusers = $updateusersi = array(); foreach ($params['users'] as $user) { if (!empty($user['membergroupids'])) { $membergroups = fetch_membergroupids_array($user, false); foreach ($membergroups as $key => $val) { if ($val == $params['usergroupid']) { unset($membergroups["{$key}"]); } } $user['membergroupids'] = implode(',', $membergroups); $casesql .= "WHEN {$user['userid']} THEN '{$user['membergroupids']}' "; $updateusers[] = $user['userid']; } if (!empty($user['infractiongroupids'])) { $infractiongroups = explode(',', str_replace(' ', '', $user['infractiongroupids'])); foreach ($infractiongroups as $key => $val) { if ($val == $params['usergroupid']) { unset($infractiongroups["{$key}"]); } } $user['infractiongroupids'] = implode(',', $infractiongroups); $casesqli .= "WHEN {$user['userid']} THEN '{$user['infractiongroupids']}' "; $updateusersi[] = $user['userid']; } } // do a big update to get rid of this usergroup from matched members' membergroupids if (!empty($casesql)) { $sql = "\n\t\t\t\t\tUPDATE " . TABLE_PREFIX . "user SET\n\t\t\t\t\tmembergroupids = CASE userid\n\t\t\t\t\t{$casesql}\n\t\t\t\t\tELSE '' END\n\t\t\t\t\tWHERE userid IN(" . implode(',', $updateusers) . ")\n\t\t\t\t"; $resultclass = 'vB_dB_' . $this->db_type . '_result'; $result = new $resultclass($db, $sql); $result->valid(); unset($result); } // do a big update to get rid of this usergroup from matched members' infractiongroupids if (!empty($casesqli)) { $sql2 = "\n\t\t\t\t\tUPDATE " . TABLE_PREFIX . "user SET\n\t\t\t\t\tinfractiongroupids = CASE userid\n\t\t\t\t\t{$casesqli}\n\t\t\t\t\tELSE '' END\n\t\t\t\t\tWHERE userid IN(" . implode(',', $updateusersi) . ")\n\t\t\t\t"; $resultclass2 = 'vB_dB_' . $this->db_type . '_result'; $result2 = new $resultclass2($db, $sql2); $result2->valid(); unset($result2); } return true; } }
/** * Constructs the posticons selector interface * * @param integer Selected Icon ID * @param boolean Allow icons? * * @return string posticons template */ function construct_icons($seliconid = 0, $allowicons = true) { // returns the icons chooser for posting new messages global $vbulletin; global $vbphrase, $selectedicon, $show; $selectedicon = array('src' => $vbulletin->options['cleargifurl'], 'alt' => ''); if (!$allowicons) { return false; } $membergroups = fetch_membergroupids_array($vbulletin->userinfo); $infractiongroups = explode(',', str_replace(' ', '', $vbulletin->userinfo['infractiongroupids'])); ($hook = vBulletinHook::fetch_hook('posticons_start')) ? eval($hook) : false; $avperms = $vbulletin->db->query_read_slave(" SELECT imagecategorypermission.imagecategoryid, usergroupid FROM " . TABLE_PREFIX . "imagecategorypermission AS imagecategorypermission, " . TABLE_PREFIX . "imagecategory AS imagecategory WHERE imagetype = 2 AND imagecategorypermission.imagecategoryid = imagecategory.imagecategoryid ORDER BY imagecategory.displayorder "); $noperms = array(); while ($avperm = $vbulletin->db->fetch_array($avperms)) { $noperms["$avperm[imagecategoryid]"][] = $avperm['usergroupid']; } $badcategories = ''; foreach($noperms AS $imagecategoryid => $usergroups) { foreach($usergroups AS $usergroupid) { if (in_array($usergroupid, $infractiongroups)) { $badcategories .= ",$imagecategoryid"; } } if (!count(array_diff($membergroups, $usergroups))) { $badcategories .= ",$imagecategoryid"; } } $icons = $vbulletin->db->query_read_slave(" SELECT iconid, iconpath, title FROM " . TABLE_PREFIX . "icon AS icon WHERE imagecategoryid NOT IN (0$badcategories) ORDER BY imagecategoryid, displayorder "); if (!$vbulletin->db->num_rows($icons)) { return false; } $numicons = 0; $show['posticons'] = false; while ($icon = $vbulletin->db->fetch_array($icons)) { $numicons++; $show['posticons'] = true; $show['opentr'] = false; $show['closetr'] = false; if ($numicons % 7 == 0 AND $numicons != 1) { $show['closetr'] = true; } if (($numicons - 1) % 7 == 0 AND $numicons != 1) { $show['opentr'] = true; } $iconid = $icon['iconid']; $iconpath = $icon['iconpath']; $alttext = $icon['title']; if ($seliconid == $iconid) { $iconchecked = 'checked="checked"'; $selectedicon = array('src' => $iconpath, 'alt' => $alttext); } else { $iconchecked = ''; } ($hook = vBulletinHook::fetch_hook('posticons_bit')) ? eval($hook) : false; $templater = vB_Template::create('posticonbit'); $templater->register('alttext', $alttext); $templater->register('iconchecked', $iconchecked); $templater->register('iconid', $iconid); $templater->register('iconpath', $iconpath); $posticonbits .= $templater->render(); } $remainder = $numicons % 7; if ($remainder) { $remainingspan = 2 * (7 - $remainder); $show['addedspan'] = true; } else { $remainingspan = 0; $show['addedspan'] = false; } if ($seliconid == 0) { $iconchecked = 'checked="checked"'; } else { $iconchecked = ''; } ($hook = vBulletinHook::fetch_hook('posticons_complete')) ? eval($hook) : false; $templater = vB_Template::create('posticons'); $templater->register('iconchecked', $iconchecked); $templater->register('posticonbits', $posticonbits); $templater->register('remainingspan', $remainingspan); $posticons = $templater->render(); return $posticons; }
/** * Saves fb usergroup into the datamanager * * @param vB_DataManager_User, the datamanager to save the fb form info into */ function save_fbusergroup($userdata) { global $vbulletin; // save additional fb usergroup if specified, making sure it is not already the primary usergroup if ($vbulletin->options['facebookusergroupid'] > 0 and $vbulletin->options['facebookusergroupid'] != $userdata->fetch_field('usergroupid')) { $membergroupids = fetch_membergroupids_array($vbulletin->userinfo, false); $membergroupids[] = $vbulletin->options['facebookusergroupid']; $userdata->set('membergroupids', array_unique($membergroupids)); } }
/** * Prepare any data needed for the output * * @param string The id of the block * @param array Options specific to the block */ function prepare_output($id = '', $options = array()) { global $show, $vbphrase, $stylevar; $this->block_data = array(); $membergroups = fetch_membergroupids_array($this->profile->userinfo); $this->block_data['membergroupcount'] = 0; $membergroupbits = ''; foreach ($membergroups as $usergroupid) { $usergroup = $this->registry->usergroupcache["{$usergroupid}"]; if ($usergroup['ispublicgroup']) { eval('$membergroupbits .= "' . fetch_template('memberinfo_publicgroupbit') . '";'); $this->block_data['membergroupcount']++; } } $this->block_data['membergroupbits'] = $membergroupbits; if ($this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_groups']) { $socialgroups = $this->registry->db->query_read_slave("\n\t\t\t\tSELECT socialgroup.*\n\t\t\t\tFROM " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON\n\t\t\t\t\t(socialgroup.groupid = socialgroupmember.groupid)\n\t\t\t\tWHERE\n\t\t\t\t\tsocialgroupmember.userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\t\tAND socialgroupmember.type = 'member'\n\t\t\t\tORDER BY socialgroup.name\n\t\t\t"); $showgrouplink = $this->registry->userinfo['permissions']['socialgrouppermissions'] & $this->registry->bf_ugp_socialgrouppermissions['canviewgroups'] ? true : false; $socialgroupbits = ''; while ($socialgroup = $this->registry->db->fetch_array($socialgroups)) { $socialgroup['name_html'] = fetch_word_wrapped_string(fetch_censored_text($socialgroup['name'])); eval('$socialgroupbits .= "' . fetch_template('memberinfo_socialgroupbit') . '";'); } $this->block_data['socialgroupbits'] = $socialgroupbits; $this->block_data['socialgroupcount'] = $this->registry->db->num_rows($socialgroups); } else { $this->block_data['socialgroupbits'] = ''; $this->block_data['socialgroupcount'] = 0; } $this->block_data['show_join_link'] = ((!empty($this->block_data['socialgroupbits']) or $this->profile->prepared['myprofile']) and $this->registry->userinfo['permissions']['socialgrouppermissions'] & $this->registry->bf_ugp_socialgrouppermissions['canjoingroups'] and $this->registry->options['socnet'] & $this->registry->bf_misc_socnet['enable_groups']); }
/** * Prepares the blog category permissions for a user, taking into account primary and * secondary groups. * * @param array (In/Out) User information * * @return array Category permissions (also in $user['blogcategorypermissions']) */ function prepare_blog_category_permissions(&$user, $loadcache = false) { global $vbulletin; $membergroupids = fetch_membergroupids_array($user); if (sizeof($membergroupids) == 1 OR !($vbulletin->usergroupcache["$user[usergroupid]"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['allowmembergroups'])) { // if primary usergroup doesn't allow member groups then get rid of them! $membergroupids = array($user['usergroupid']); } $user['blogcategorypermissions'] = array( 'cantview' => array(), 'cantpost' => array(), ); if ($vbulletin->blogcategorycache === NULL AND $loadcache) { // Load the cache $vbulletin->datastore->fetch(array('blogcategorycache')); if ($vbulletin->blogcategorycache === NULL) { $vbulletin->blogcategorycache = array(); } } if (is_array($vbulletin->blogcategorycache)) { foreach (array_keys($vbulletin->blogcategorycache) AS $blogcategoryid) { if (!isset($user['blogcategorypermissions']["$blogcategoryid"])) { $user['blogcategorypermissions']["$blogcategoryid"] = 0; } foreach ($membergroupids AS $usergroupid) { $user['blogcategorypermissions']["$blogcategoryid"] |= $vbulletin->blogcategorycache["$blogcategoryid"]['permissions']["$usergroupid"]; } foreach (explode(',', str_replace(' ', '', $user['infractiongroupids'])) AS $usergroupid) { if ($usergroupid) { $user['blogcategorypermissions']["$blogcategoryid"] &= $vbulletin->blogcategorycache["$blogcategoryid"]['permissions']["$usergroupid"]; } } if (!($user['blogcategorypermissions']["$blogcategoryid"] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewcategory'])) { $user['blogcategorypermissions']['cantview'][] = $blogcategoryid; } if (!($user['blogcategorypermissions']["$blogcategoryid"] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canpostcategory'])) { $user['blogcategorypermissions']['cantpost'][] = $blogcategoryid; } } } return $user['blogcategorypermissions']; }
// this request will be authorized $auth[] = $requestid; break; case 0: // this request will be denied // do nothing - this request will be zapped at the end of this segment break; } } // if we have any accepted requests, make sure they are valid if (!empty($auth)) { $users = $db->query_read("\n\t\t\tSELECT req.userid, user.username, user.usergroupid, user.membergroupids, req.usergrouprequestid\n\t\t\tFROM " . TABLE_PREFIX . "usergrouprequest AS req\n\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING(userid)\n\t\t\tWHERE usergrouprequestid IN (" . implode(', ', $auth) . ")\n\t\t\tORDER BY user.username\n\t\t"); $auth = array(); echo "<p><b>" . $vbphrase['processing_join_requests'] . "</b></p><ul>\n"; while ($user = $db->fetch_array($users)) { if (in_array($vbulletin->GPC['usergroupid'], fetch_membergroupids_array($user))) { echo "\t<li>" . construct_phrase($vbphrase['x_is_already_a_member_of_the_usergroup_y'], "<b>{$user['username']}</b>", "<i>{$usergroupname}</i>") . "</li>\n"; } else { echo "\t<li>" . construct_phrase($vbphrase['making_x_a_member_of_the_usergroup_y'], "<b>{$user['username']}</b>", "<i>{$usergroupname}</i>") . "</li>\n"; $auth[] = $user['userid']; } } echo "</ul><p><b>{$vbphrase['done']}</b></p>\n"; // check that we STILL have some valid requests if (!empty($auth)) { $updateQuery = "\n\t\t\t\tUPDATE " . TABLE_PREFIX . "user SET\n\t\t\t\tmembergroupids = IF(membergroupids = '', " . $vbulletin->GPC['usergroupid'] . ", CONCAT(membergroupids, '," . $vbulletin->GPC['usergroupid'] . "'))\n\t\t\t\tWHERE userid IN (" . implode(', ', $auth) . ")\n\t\t\t"; $db->query_write($updateQuery); } } // delete processed join requests if (!empty($vbulletin->GPC['request'])) {
/** * Removes user subscription * * @param int The id of the subscription * @param int The userid the subscription is to be removed from * @param int The id of the sub-subscriptionid * @param bool Update user.adminoptions from subscription.adminoption (keep avatars) * */ function delete_user_subscription($subscriptionid, $userid, $subid = -1, $adminoption = false) { $subscriptionid = intval($subscriptionid); $userid = intval($userid); $this->cache_user_subscriptions(); $sub =& $this->subscriptioncache["{$subscriptionid}"]; $user = vB::getDbAssertor()->getRow('fetchUsersSubscriptions', array('userid' => $userid, 'subscriptionid' => $subscriptionid, 'adminoption' => $adminoption)); if ($user['userid'] and $sub['subscriptionid']) { $this->cache_user_subscriptions(); $sub =& $this->subscriptioncache["{$subscriptionid}"]; $tmp = unserialize($sub['cost']); if ($subid != -1 and is_array($tmp["{$subid}"])) { $sub = array_merge($sub, $tmp["{$subid}"]); $units_full = array('D' => 'day', 'W' => 'week', 'M' => 'month', 'Y' => 'year'); switch ($sub['units']) { case 'D': $new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']) - $sub['length'], date('Y', $user['expirydate'])); break; case 'W': $new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']) - $sub['length'] * 7, date('Y', $user['expirydate'])); break; case 'M': $new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']) - $sub['length'], date('j', $user['expirydate']), date('Y', $user['expirydate'])); break; case 'Y': $new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']), date('Y', $user['expirydate']) - $sub['length']); break; } if ($new_expires > TIMENOW) { // new expiration is still after today so just decremement and return vB::getDbAssertor()->update('vBForum:subscriptionlog', array('expirydate' => $new_expires), array('subscriptionid' => $subscriptionid, 'userid' => $userid)); return; } } unset($tmp); $userdm = new vB_Datamanager_User($this->registry, vB_DataManager_Constants::ERRTYPE_SILENT); $userdm->set_existing($user); if ($adminoption) { if ($user['hascustomavatar'] and $sub['adminavatar']) { $userdm->set_bitfield('adminoptions', 'adminavatar', 1); } if ($user['hasprofilepic'] and $sub['adminprofilepic']) { $userdm->set_bitfield('adminoptions', 'adminprofilepic', 1); } } //access masks if (!empty($sub['forums'])) { if ($old_sub_masks = @unserialize($sub['forums']) and is_array($old_sub_masks)) { // old format is serialized array with forumids for keys $access_forums = array_keys($old_sub_masks); } else { // new format is comma-delimited string $access_forums = explode(',', $sub['forums']); } if ($access_forums) { vB::getDbAssertor()->delete('access', array('nodeid' => $access_forums, 'userid' => $userid)); } } // TODO: Restore the line when Access Masks is implemented // $countaccess = vB::getDbAssertor()->getRow('masks', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_COUNT, 'userid' => $userid)); $membergroupids = array_diff(fetch_membergroupids_array($user, false), fetch_membergroupids_array($sub, false)); $update_userban = false; if ($sub['nusergroupid'] == $user['usergroupid'] and $user['usergroupid'] != $user['pusergroupid']) { // check if there are other active subscriptions that set the same primary usergroup $subids = array(0); foreach ($this->subscriptioncache as $subcheck) { if ($subcheck['nusergroupid'] == $user['usergroupid'] and $subcheck['subscriptionid'] != $subscriptionid) { $subids[] = $subcheck['subscriptionid']; } } if (!empty($subids)) { $activesub = vB::getDbAssertor()->getRow('vBForum:subscriptionlog', array('userid' => $userid, 'subscriptionid' => $subids), array('field' => 'expirydate', 'direction' => vB_dB_Query::SORT_DESC)); } if ($activesub) { // there is at least one active subscription with the same primary usergroup, so alter its resetgroup vB::getDbAssertor()->update('vBForum:subscriptionlog', array('pusergroupid' => $user['pusergroupid']), array('subscriptionlogid' => $activesub['subscriptionlogid'])); // don't touch usertitle/displaygroup $user['pusergroupid'] = $user['usergroupid']; $sub['nusergroupid'] = 0; } else { $userdm->set('usergroupid', $user['pusergroupid']); } } else { if ($user['isbanned'] and $user['busergroupid'] == $sub['nusergroupid']) { $update_userban = true; $userbansql['usergroupid'] = $user['pusergroupid']; } } $groups = iif(!empty($sub['membergroupids']), $sub['membergroupids'] . ',') . $sub['nusergroupid']; if (in_array($user['displaygroupid'], explode(',', $groups))) { // they're displaying as one of the usergroups in the subscription $user['displaygroupid'] = 0; } else { if ($user['isbanned'] and in_array($user['bandisplaygroupid'], explode(',', $groups))) { $update_userban = true; $userbansql['displaygroupid'] = 0; } } // do their old groups still allow custom titles? $reset_title = false; if ($user['customtitle'] == 2) { $groups = empty($membergroupids) ? array() : $membergroupids; $groups[] = $user['pusergroupid']; $bf_ugp_genericpermissions = vB::get_datastore()->get_value('bf_ugp_genericpermissions'); $usergroup = vB::getDbAssertor()->getRow('usergroup', array(vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'usergroupid', 'value' => $groups, vB_Db_Query::OPERATOR_KEY => vB_Db_Query::OPERATOR_EQ), array('field' => 'genericpermissions', 'value' => $bf_ugp_genericpermissions['canusecustomtitle'], vB_Db_Query::OPERATOR_KEY => vB_Db_Query::OPERATOR_AND)))); if (empty($usergroup['usergroupid'])) { // no custom group any more lets set it back to the default $reset_title = true; } } if ($sub['nusergroupid'] > 0 and $user['customtitle'] == 0 or $reset_title) { // they need a default title $usergroup = vB::getDbAssertor()->getRow('usergroup', array('usergroupid' => $user['pusergroupid'])); if (empty($usergroup['usertitle'])) { // should be a title based on minposts it seems then $usergroup = vB::getDbAssertor()->getRow('usertitle', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'minposts', 'value' => $user[posts], vB_dB_Query::OPERATOR_KEY => vB_dB_Query::OPERATOR_LTE))), array('field' => 'minposts', 'direction' => vB_dB_Query::SORT_DESC)); } if ($user['isbanned']) { $update_userban = true; $userbansql['customtitle'] = 0; $userbansql['usertitle'] = $usergroup['usertitle']; } else { $userdm->set('customtitle', 0); $userdm->set('usertitle', $usergroup['usertitle']); } } $userdm->set('membergroupids', implode($membergroupids, ',')); // $userdm->set_bitfield('options', 'hasaccessmask', ($countaccess['count'] ? true : false)); $userdm->set('displaygroupid', $user['displaygroupid']); $userdm->save(); unset($userdm); vB::getDbAssertor()->update('vBForum:subscriptionlog', array('status' => 0), array('subscriptionid' => $subscriptionid, 'userid' => $userid)); if ($update_userban) { vB::getDbAssertor()->update('userban', $userbansql, array('subscriptionid' => $subscriptionid, 'userid' => $user['userid'])); } $mysubs = vB::getDbAssertor()->assertQuery('vBForum:subscriptionlog', array('status' => 1, 'userid' => $userid)); foreach ($mysubs as $mysub) { $this->build_user_subscription($mysub['subscriptionid'], -1, $userid, $mysub['regdate'], $mysub['expirydate']); } // Legacy Hook 'paidsub_delete' Removed // } }
standard_error(fetch_error('nosubscriptions', $vbulletin->options['bbtitle'])); } $navbits[''] = $vbphrase['paid_subscriptions']; $templatename = 'subscription'; } // ############################################################################# if ($_POST['do'] == 'order') { $vbulletin->input->clean_array_gpc('p', array('subscriptionids' => TYPE_ARRAY_NOHTML, 'currency' => TYPE_ARRAY_NOHTML)); if (empty($vbulletin->GPC['subscriptionids'])) { eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink']))); } else { $subscriptionid = array_keys($vbulletin->GPC['subscriptionids']); $subscriptionid = intval($subscriptionid[0]); } $sub = $subobj->subscriptioncache["{$subscriptionid}"]; if (!empty($sub['deniedgroups']) and !count(array_diff(fetch_membergroupids_array($vbulletin->userinfo), $sub['deniedgroups']))) { eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink']))); } // first check this is active if not die if (!$subobj->subscriptioncache["{$subscriptionid}"]['active']) { eval(standard_error(fetch_error('invalidid', $vbphrase['subscription'], $vbulletin->options['contactuslink']))); } $sub['title'] = $vbphrase['sub' . $sub['subscriptionid'] . '_title']; $sub['description'] = $vbphrase['sub' . $sub['subscriptionid'] . '_desc']; $currency = $vbulletin->GPC['currency']["{$subscriptionid}"]; $tmp = explode('_', $currency); $currency = $tmp[1]; $subscriptionsubid = intval($tmp[0]); unset($tmp); $costs = unserialize($sub['cost']); if ($costs["{$subscriptionsubid}"]['length'] == 1) {
/** * Removes user subscription * * @param int The id of the subscription * @param int The userid the subscription is to be removed from * @param int The id of the sub-subscriptionid * @param bool Update user.adminoptions from subscription.adminoption (keep avatars) * */ function delete_user_subscription($subscriptionid, $userid, $subid = -1, $adminoption = false) { $subscriptionid = intval($subscriptionid); $userid = intval($userid); $this->cache_user_subscriptions(); $sub =& $this->subscriptioncache["{$subscriptionid}"]; $user = $this->registry->db->query_first("\n\t\t\tSELECT user.*, subscriptionlog.pusergroupid, subscriptionlog.expirydate,\n\t\t\tIF (user.displaygroupid=0, user.usergroupid, user.displaygroupid) AS displaygroupid,\n\t\t\tIF (usergroup.genericoptions & " . $this->registry->bf_ugp_genericoptions['isnotbannedgroup'] . ", 0, 1) AS isbanned,\n\t\t\tuserban.usergroupid AS busergroupid, userban.displaygroupid AS bandisplaygroupid\n\t\t\t" . (($this->registry->options['avatarenabled'] and $adminoption) ? ",IF(avatar.avatarid = 0 AND NOT ISNULL(customavatar.userid), 1, 0) AS hascustomavatar" : "") . "\n\t\t\t" . ($adminoption ? ",NOT ISNULL(customprofilepic.userid) AS hasprofilepic" : "") . "\n\t\t\tFROM " . TABLE_PREFIX . "subscriptionlog AS subscriptionlog\n\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING (userid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "usergroup AS usergroup USING (usergroupid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "userban AS userban ON (userban.userid = user.userid)\n\t\t\t" . (($this->registry->options['avatarenabled'] and $adminoption) ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\t" . ($adminoption ? "LEFT JOIN " . TABLE_PREFIX . "customprofilepic AS customprofilepic ON (user.userid = customprofilepic.userid)" : "") . "\n\t\t\tWHERE subscriptionlog.userid = {$userid} AND\n\t\t\t\tsubscriptionlog.subscriptionid = {$subscriptionid}\n\t\t"); if ($user['userid'] and $sub['subscriptionid']) { $this->cache_user_subscriptions(); $sub =& $this->subscriptioncache["{$subscriptionid}"]; $tmp = unserialize($sub['cost']); if ($subid != -1 and is_array($tmp["{$subid}"])) { $sub = array_merge($sub, $tmp["{$subid}"]); $units_full = array('D' => 'day', 'W' => 'week', 'M' => 'month', 'Y' => 'year'); switch ($sub['units']) { case 'D': $new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']) - $sub['length'], date('Y', $user['expirydate'])); break; case 'W': $new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']) - $sub['length'] * 7, date('Y', $user['expirydate'])); break; case 'M': $new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']) - $sub['length'], date('j', $user['expirydate']), date('Y', $user['expirydate'])); break; case 'Y': $new_expires = mktime(date('H', $user['expirydate']), date('i', $user['expirydate']), date('s', $user['expirydate']), date('n', $user['expirydate']), date('j', $user['expirydate']), date('Y', $user['expirydate']) - $sub['length']); break; } if ($new_expires > TIMENOW) { // new expiration is still after today so just decremement and return $this->registry->db->query_write("\n\t\t\t\t\t\tUPDATE " . TABLE_PREFIX . "subscriptionlog\n\t\t\t\t\t\tSET expirydate = {$new_expires}\n\t\t\t\t\t\tWHERE subscriptionid = {$subscriptionid}\n\t\t\t\t\t\t\tAND userid = {$userid}\n\t\t\t\t\t"); return; } } unset($tmp); $userdm =& datamanager_init('User', $this->registry, ERRTYPE_SILENT); $userdm->set_existing($user); if ($adminoption) { if ($user['hascustomavatar'] and $sub['adminavatar']) { $userdm->set_bitfield('adminoptions', 'adminavatar', 1); } if ($user['hasprofilepic'] and $sub['adminprofilepic']) { $userdm->set_bitfield('adminoptions', 'adminprofilepic', 1); } } //access masks if (!empty($sub['forums']) and @unserialize($sub['forums']) !== NULL) { $this->registry->db->query_write("\n\t\t\t\t\tDELETE FROM " . TABLE_PREFIX . "access\n\t\t\t\t\tWHERE forumid IN ({$sub['forums']}) AND\n\t\t\t\t\t\tuserid = {$userid}\n\t\t\t\t"); } $countaccess = $this->registry->db->query_first("\n\t\t\t\tSELECT COUNT(*) AS masks\n\t\t\t\tFROM " . TABLE_PREFIX . "access\n\t\t\t\tWHERE userid = {$userid}\n\t\t\t"); $membergroupids = array_diff(fetch_membergroupids_array($user, false), fetch_membergroupids_array($sub, false)); $update_userban = false; if ($sub['nusergroupid'] == $user['usergroupid'] and $user['usergroupid'] != $user['pusergroupid']) { // check if there are other active subscriptions that set the same primary usergroup foreach ($this->subscriptioncache as $subcheck) { if ($subcheck['nusergroupid'] == $user['usergroupid'] and $subcheck['subscriptionid'] != $subscriptionid) { $subids .= ",{$subcheck['subscriptionid']}"; } } if (!empty($subids)) { $activesub = $this->registry->db->query_first("\n\t\t\t\t\t\tSELECT * FROM " . TABLE_PREFIX . "subscriptionlog\n\t\t\t\t\t\tWHERE userid = {$userid}\n\t\t\t\t\t\t\tAND subscriptionid IN (0{$subids})\n\t\t\t\t\t\t\tAND status = 1\n\t\t\t\t\t\tORDER BY expirydate DESC\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t"); } if ($activesub) { // there is at least one active subscription with the same primary usergroup, so alter its resetgroup $this->registry->db->query_write("UPDATE " . TABLE_PREFIX . "subscriptionlog SET pusergroupid = {$user['pusergroupid']} WHERE subscriptionlogid = {$activesub['subscriptionlogid']}"); // don't touch usertitle/displaygroup $user['pusergroupid'] = $user['usergroupid']; $sub['nusergroupid'] = 0; } else { $userdm->set('usergroupid', $user['pusergroupid']); } } else { if ($user['isbanned'] and $user['busergroupid'] == $sub['nusergroupid']) { $update_userban = true; $userbansql['usergroupid'] = $user['pusergroupid']; } } $groups = iif(!empty($sub['membergroupids']), $sub['membergroupids'] . ',') . $sub['nusergroupid']; if (in_array($user['displaygroupid'], explode(',', $groups))) { // they're displaying as one of the usergroups in the subscription $user['displaygroupid'] = 0; } else { if ($user['isbanned'] and in_array($user['bandisplaygroupid'], explode(',', $groups))) { $update_userban = true; $userbansql['displaygroupid'] = 0; } } // do their old groups still allow custom titles? $reset_title = false; if ($user['customtitle'] == 2) { $groups = (empty($membergroupids) ? '' : implode($membergroupids, ',') . ',') . $user['pusergroupid']; $usergroup = $this->registry->db->query_first_slave("\n\t\t\t\t\tSELECT usergroupid\n\t\t\t\t\tFROM " . TABLE_PREFIX . "usergroup\n\t\t\t\t\tWHERE (genericpermissions & " . $this->registry->bf_ugp_genericpermissions['canusecustomtitle'] . ")\n\t\t\t\t\t\tAND usergroupid IN ({$groups})\n\t\t\t\t"); if (empty($usergroup['usergroupid'])) { // no custom group any more lets set it back to the default $reset_title = true; } } if ($sub['nusergroupid'] > 0 and $user['customtitle'] == 0 or $reset_title) { // they need a default title $usergroup = $this->registry->db->query_first_slave("\n\t\t\t\t\tSELECT usertitle\n\t\t\t\t\tFROM " . TABLE_PREFIX . "usergroup\n\t\t\t\t\tWHERE usergroupid = {$user['pusergroupid']}\n\t\t\t\t"); if (empty($usergroup['usertitle'])) { // should be a title based on minposts it seems then $usergroup = $this->registry->db->query_first_slave("\n\t\t\t\t\t\tSELECT title AS usertitle\n\t\t\t\t\t\tFROM " . TABLE_PREFIX . "usertitle\n\t\t\t\t\t\tWHERE minposts <= {$user['posts']}\n\t\t\t\t\t\tORDER BY minposts DESC\n\t\t\t\t\t"); } if ($user['isbanned']) { $update_userban = true; $userbansql['customtitle'] = 0; $userbansql['usertitle'] = $usergroup['usertitle']; } else { $userdm->set('customtitle', 0); $userdm->set('usertitle', $usergroup['usertitle']); } } $userdm->set('membergroupids', implode($membergroupids, ',')); $userdm->set_bitfield('options', 'hasaccessmask', $countaccess['masks'] ? true : false); $userdm->set('displaygroupid', $user['displaygroupid']); $userdm->save(); unset($userdm); $this->registry->db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "subscriptionlog\n\t\t\t\tSET status = 0\n\t\t\t\tWHERE subscriptionid = {$subscriptionid} AND\n\t\t\t\tuserid = {$userid}\n\t\t\t"); if ($update_userban) { $this->registry->db->query_write(fetch_query_sql($userbansql, 'userban', "WHERE userid = {$user['userid']}")); } $mysubs = $this->registry->db->query_read("SELECT * FROM " . TABLE_PREFIX . "subscriptionlog WHERE status = 1 AND userid = {$userid}"); while ($mysub = $this->registry->db->fetch_array($mysubs)) { $this->build_user_subscription($mysub['subscriptionid'], -1, $userid, $mysub['regdate'], $mysub['expirydate']); } ($hook = vBulletinHook::fetch_hook('paidsub_delete')) ? eval($hook) : false; } }
/** * Constructs the posticons selector interface * * @param integer Selected Icon ID * @param boolean Allow icons? * * @return string posticons template */ function construct_icons($seliconid = 0, $allowicons = true) { // returns the icons chooser for posting new messages global $vbulletin, $stylevar; global $vbphrase, $selectedicon, $show; $selectedicon = array('src' => $vbulletin->options['cleargifurl'], 'alt' => ''); if (!$allowicons) { return false; } $membergroups = fetch_membergroupids_array($vbulletin->userinfo); $infractiongroups = explode(',', str_replace(' ', '', $vbulletin->userinfo['infractiongroupids'])); ($hook = vBulletinHook::fetch_hook('posticons_start')) ? eval($hook) : false; $avperms = $vbulletin->db->query_read_slave("\n\t\tSELECT imagecategorypermission.imagecategoryid, usergroupid\n\t\tFROM " . TABLE_PREFIX . "imagecategorypermission AS imagecategorypermission, " . TABLE_PREFIX . "imagecategory AS imagecategory\n\t\tWHERE imagetype = 2\n\t\t\tAND imagecategorypermission.imagecategoryid = imagecategory.imagecategoryid\n\t\tORDER BY imagecategory.displayorder\n\t"); $noperms = array(); while ($avperm = $vbulletin->db->fetch_array($avperms)) { $noperms["{$avperm['imagecategoryid']}"][] = $avperm['usergroupid']; } foreach ($noperms as $imagecategoryid => $usergroups) { foreach ($usergroups as $usergroupid) { if (in_array($usergroupid, $infractiongroups)) { $badcategories .= ",{$imagecategoryid}"; } } if (!count(array_diff($membergroups, $usergroups))) { $badcategories .= ",{$imagecategoryid}"; } } $icons = $vbulletin->db->query_read_slave("\n\t\tSELECT iconid, iconpath, title\n\t\tFROM " . TABLE_PREFIX . "icon AS icon\n\t\tWHERE imagecategoryid NOT IN (0{$badcategories})\n\t\tORDER BY imagecategoryid, displayorder\n\t"); if (!$vbulletin->db->num_rows($icons)) { return false; } $numicons = 0; $show['posticons'] = false; while ($icon = $vbulletin->db->fetch_array($icons)) { $show['posticons'] = true; if ($numicons % 7 == 0 and $numicons != 0) { $posticonbits .= "</tr><tr><td> </td>"; } $numicons++; $iconid = $icon['iconid']; $iconpath = $icon['iconpath']; $alttext = $icon['title']; if ($seliconid == $iconid) { $iconchecked = 'checked="checked"'; $selectedicon = array('src' => $iconpath, 'alt' => $alttext); } else { $iconchecked = ''; } ($hook = vBulletinHook::fetch_hook('posticons_bit')) ? eval($hook) : false; eval('$posticonbits .= "' . fetch_template('posticonbit') . '";'); } $remainder = $numicons % 7; if ($remainder) { $remainingspan = 2 * (7 - $remainder); $show['addedspan'] = true; } else { $remainingspan = 0; $show['addedspan'] = false; } if ($seliconid == 0) { $iconchecked = 'checked="checked"'; } else { $iconchecked = ''; } ($hook = vBulletinHook::fetch_hook('posticons_complete')) ? eval($hook) : false; eval('$posticons = "' . fetch_template('posticons') . '";'); return $posticons; }
/** * Place a subscription order */ public function placeOrder($subscriptionid, $subscriptionsubid, $paymentapiclass, $currency) { $this->checkStatus(); $this->checkPermission(); $sub = $this->subobj->subscriptioncache["{$subscriptionid}"]; $sub['newoptions'] = @unserialize($sub['newoptions']); // Verify that the payment api is allowed for this subscription if (empty($sub['newoptions']['api'][$paymentapiclass]['show'])) { throw new vB_Exception_Api('invalid_paymentapiclass'); } $userinfo = vB::getCurrentSession()->fetch_userinfo(); $usercontext = vB::getUserContext(); $membergroupids = fetch_membergroupids_array($userinfo); $allow_secondary_groups = $usercontext->hasPermission('genericoptions', 'allowmembergroups'); if (empty($sub) or !$sub['active']) { throw new vB_Exception_Api('invalidid'); } if (!empty($sub['deniedgroups']) and ($allow_secondary_groups and !count(array_diff($membergroupids, $sub['deniedgroups'])) or !$allow_secondary_groups and in_array($userinfo['usergroupid'], $sub['deniedgroups']))) { throw new vB_Exception_Api('invalidid'); } $costs = unserialize($sub['cost']); if (empty($costs["{$subscriptionsubid}"]['cost']["{$currency}"])) { throw new vB_Exception_Api('invalid_currency'); } $hash = md5($userinfo['userid'] . $userinfo['secret'] . $subscriptionid . uniqid(microtime(), 1)); /* insert query */ vB::getDbAssertor()->insert('vBForum:paymentinfo', array('hash' => $hash, 'completed' => 0, 'subscriptionid' => $subscriptionid, 'subscriptionsubid' => $subscriptionsubid, 'userid' => $userinfo['userid'])); $method = vB::getDbAssertor()->getRow('vBForum:paymentapi', array('active' => 1, 'classname' => $paymentapiclass)); $supportedcurrencies = explode(',', $method['currency']); if (!in_array($currency, $supportedcurrencies)) { throw new vB_Exception_Api('currency_not_supported'); } // TODO: vB_Template::create() has many PHP notices. We need to fix them. error_reporting(E_ALL & ~E_NOTICE); $form = $this->subobj->construct_payment($hash, $method, $costs["{$subscriptionsubid}"], $currency, $sub, $userinfo); $typetext = $method['classname'] . '_order_instructions'; $templater = new vB5_Template('subscription_paymentbit'); $templater->register('form', $form); $templater->register('method', $method); $templater->register('typetext', $typetext); $orderbit = $templater->render(); return $orderbit; }
} if ($_POST['do'] == 'deleteusergroups') { $vbulletin->input->clean_array_gpc('p', array('usergroupid' => TYPE_UINT, 'deletebox' => TYPE_ARRAY_BOOL)); ($hook = vBulletinHook::fetch_hook('profile_deleteusergroups_start')) ? eval($hook) : false; if ($vbulletin->GPC['usergroupid']) { // check permission to do authorizations in this group if (!($leadergroup = $db->query_first("\n\t\t\tSELECT usergroupleaderid\n\t\t\tFROM " . TABLE_PREFIX . "usergroupleader AS usergroupleader\n\t\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\tAND usergroupid = " . $vbulletin->GPC['usergroupid'] . "\n\t\t"))) { print_no_permission(); } if (!empty($vbulletin->GPC['deletebox'])) { foreach (array_keys($vbulletin->GPC['deletebox']) as $userid) { $userids .= ',' . intval($userid); } $users = $db->query_read_slave("\n\t\t\t\tSELECT u.*\n\t\t\t\tFROM " . TABLE_PREFIX . "user AS u\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "usergroupleader AS ugl ON (u.userid = ugl.userid AND ugl.usergroupid = " . $vbulletin->GPC['usergroupid'] . ")\n\t\t\t\tWHERE u.userid IN (0{$userids}) AND ugl.usergroupleaderid IS NULL\n\t\t\t"); while ($user = $db->fetch_array($users)) { $membergroups = fetch_membergroupids_array($user, false); $newmembergroups = array(); foreach ($membergroups as $groupid) { if ($groupid != $user['usergroupid'] and $groupid != $vbulletin->GPC['usergroupid']) { $newmembergroups[] = $groupid; } } // init user data manager $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_STANDARD); $userdata->set_existing($user); $userdata->set('membergroupids', $newmembergroups); if ($user['displaygroupid'] == $vbulletin->GPC['usergroupid']) { $userdata->set('displaygroupid', 0); } ($hook = vBulletinHook::fetch_hook('profile_deleteusergroups_process')) ? eval($hook) : false; $userdata->save();
/** * Update user's display group * * @param $userid User ID * @param $usergroupid Usergroup ID to be used as display group * @return void */ public function updateDisplayGroup($userid, $usergroupid) { $userinfo = vB_Api::instanceInternal('user')->fetchUserinfo($userid); $membergroups = fetch_membergroupids_array($userinfo); $permissions = $userinfo['permissions']; $vbulletin = vB::get_registry(); $bf_ugp_genericpermissions = vB::getDatastore()->get_value('bf_ugp_genericpermissions'); if ($usergroupid == 0) { throw new vB_Exception_Api('invalidid', array('usergroupid')); } if (!in_array($usergroupid, $membergroups)) { throw new vB_Exception_Api('notmemberofdisplaygroup'); } else { $display_usergroup = $vbulletin->usergroupcache["{$usergroupid}"]; //I'm not sure why we require canoverride to set the display group... this is *not* required //by the the admincp user interface which uses a different method of saving. if ($usergroupid == $userinfo['usergroupid'] or $display_usergroup['canoverride']) { $userinfo['displaygroupid'] = $usergroupid; // init user data manager $userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_ARRAY_UNPROCESSED); $userdata->set_existing($userinfo); $userdata->set('displaygroupid', $usergroupid); if (!$userinfo['customtitle']) { $userdata->set_usertitle($userinfo['customtitle'] ? $userinfo['usertitle'] : '', false, $display_usergroup, $permissions['genericpermissions'] & $bf_ugp_genericpermissions['canusecustomtitle'] ? true : false, $permissions['genericpermissions'] & $bf_ugp_genericpermissions['cancontrolpanel'] ? true : false); } $userdata->save(); } else { throw new vB_Exception_Api('usergroup_invaliddisplaygroup'); } } }