$current_module = explode("/", $mybb->input['module'], 2);
} else {
$current_module = explode("-", $mybb->input['module'], 2);
}
if (!isset($current_module[1])) {
$current_module[1] = 'home';
}
if ($mybb->input['module'] && isset($modules[$current_module[0]])) {
$run_module = $current_module[0];
} else {
$run_module = "home";
}
$action_handler = $run_module . "_action_handler";
$action_file = $action_handler($current_module[1]);
// Set our POST validation code here
$mybb->post_code = generate_post_check();
if ($run_module != "home") {
check_admin_permissions(array('module' => $page->active_module, 'action' => $page->active_action));
}
// Only POST actions with a valid post code can modify information. Here we check if the incoming request is a POST and if that key is valid.
$post_check_ignores = array("example/page" => array("action"));
// An array of modules/actions to ignore POST checks for.
if ($mybb->request_method == "post") {
if (in_array($mybb->input['module'], $post_check_ignores)) {
$k = array_search($mybb->input['module'], $post_check_ignores);
if (in_array($mybb->input['action'], $post_check_ignores[$k])) {
$post_verify = false;
}
}
if ($post_verify == true) {
// If the post key does not match we switch the action to GET and set a message to show the user
/**
* Verifies a POST check code is valid, if not shows an error (silently returns false on silent parameter)
*
* @param string The incoming POST check code
* @param boolean Silent mode or not (silent mode will not show the error to the user but returns false)
*/
function verify_post_check($code, $silent = false)
{
global $lang;
if (generate_post_check() != $code) {
if ($silent == true) {
return false;
} else {
if (defined("IN_ADMINCP")) {
return false;
} else {
error($lang->invalid_post_code);
}
}
} else {
return true;
}
}
// Redirect
header("Location: member.php?action=profile&uid=" . $user['uid']);
} else {
if (isset($_GET['feedback'])) {
// Decode parameters
$params = json_decode($_GET['feedback']);
// Create a submit form and submit
begin_page();
end_header();
?>
<form id="newthread_form" method="post" action="newthread.php?fid=<?php
echo FORUM_FEEDBACK;
?>
&processed=1">
<input type="hidden" name="my_post_key" value="<?php
echo generate_post_check();
?>
" />
<input type="hidden" name="subject" value="" />
<input type="hidden" name="icon" value="-1" />
<input type="hidden" name="action" value="do_newthread" />
<input type="hidden" name="posthash" value="<?php
md5($mybb_user['uid'] . random_str());
?>
" />
<input type="hidden" name="tid" value="0" />
<input type="hidden" name="previewpost" value="Preview Post" />
<textarea name="message" style="visibility:hidden;"><?php
echo "... Write your feedback here ...\n";
echo "\n";
echo "-----------------\n";
/**
* Show banned users
*/
function showBanned()
{
global $mybb, $db, $templates, $headerinclude, $header, $lang, $modcp_nav;
$lang->load('dvz_reports');
add_breadcrumb($lang->home, "modcp.php");
add_breadcrumb($lang->shoutbox_banned, "modcp.php?action=shoutbox_ban");
if (isset($mybb->input['search'])) {
if (isset($mybb->input['querystring'])) {
$string = trim($mybb->input['querystring']);
if (!empty($string)) {
$string = $db->escape_string($string);
$query = $db->query("SELECT " . TABLE_PREFIX . "dvz_reports_banned.*, " . TABLE_PREFIX . "users.username FROM " . TABLE_PREFIX . "dvz_reports_banned JOIN " . TABLE_PREFIX . "users ON " . TABLE_PREFIX . "dvz_reports_banned.uid=" . TABLE_PREFIX . "users.uid WHERE users.username LIKE '%" . $string . "%';");
} else {
$query = $db->query("SELECT " . TABLE_PREFIX . "dvz_reports_banned.*, " . TABLE_PREFIX . "users.username FROM " . TABLE_PREFIX . "dvz_reports_banned JOIN " . TABLE_PREFIX . "users ON " . TABLE_PREFIX . "dvz_reports_banned.uid=" . TABLE_PREFIX . "users.uid;");
}
} else {
$query = $db->query("SELECT " . TABLE_PREFIX . "dvz_reports_banned.*, " . TABLE_PREFIX . "users.username FROM " . TABLE_PREFIX . "dvz_reports_banned JOIN " . TABLE_PREFIX . "users ON " . TABLE_PREFIX . "dvz_reports_banned.uid=" . TABLE_PREFIX . "users.uid;");
}
} else {
$query = $db->query("SELECT " . TABLE_PREFIX . "dvz_reports_banned.*, " . TABLE_PREFIX . "users.username FROM " . TABLE_PREFIX . "dvz_reports_banned JOIN " . TABLE_PREFIX . "users ON " . TABLE_PREFIX . "dvz_reports_banned.uid=" . TABLE_PREFIX . "users.uid;");
}
if ($query->num_rows >= 1) {
$token = generate_post_check();
$bannedList = '';
while ($data = $query->fetch_array()) {
// vreemd..
$data['banned_by'] = get_user($data['banned_by']);
$data['banned_by'] = htmlspecialchars_uni($data['banned_by']['username']);
$data['username'] = htmlspecialchars_uni($data['username']);
$data['reason'] = htmlspecialchars_uni($data['reason']);
$data['unbantime'] = date('d-M-Y H:i:s', $data['unbantime']);
eval("\$bannedList .= \"" . $templates->get("dvz_reports_banned") . "\";");
}
} else {
// Show error: No users found
eval("\$bannedList .= \"" . $templates->get("dvz_reports_banned") . "\";");
$bannedList = "<div style=\"background: #D16464; color: #ffffff; border: 1px solid #B50909;padding: 5px;margin: 2px;\">" . $lang->nothing_found . " '<i>" . htmlspecialchars_uni($string) . "</i>'</div>";
}
eval("\$reports_banned_list = \"" . $templates->get("dvz_reports_banned_list") . "\";");
output_page($reports_banned_list);
}
/**
* The switch function deletes the mybbuser cookie, sets a new cookie for the selected account and starts a new session.
* Function is called by ajax request and sends the new users post key.
*
*/
function accountswitcher_switch()
{
global $db, $mybb, $lang, $charset, $cache, $templates;
if ($mybb->user['uid'] != 0 && isset($mybb->input['switchuser']) && $mybb->input['switchuser'] == 1 && $mybb->request_method == "post") {
require_once MYBB_ROOT . "/inc/plugins/accountswitcher/class_accountswitcher.php";
$eas = new AccountSwitcher($mybb, $db, $cache, $templates);
// Get permissions for this user
$userPermission = user_permissions($mybb->user['uid']);
// Get permissions for the master. First get the master
$master = get_user((int) $mybb->user['as_uid']);
// Get his permissions
$masterPermission = user_permissions($master['uid']);
// If one of both has the permission allow to switch
if ($userPermission['as_canswitch'] == 1 || $masterPermission['as_canswitch'] == 1) {
if (!isset($lang->as_invaliduser)) {
$lang->load("accountswitcher");
}
verify_post_check($mybb->get_input('my_post_key'));
// Get user info
$user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
// Check if user exists
if (!$user) {
error($lang->as_invaliduser);
}
// Can the new account be shared?
if ($user['as_share'] != 0 && $mybb->settings['aj_shareuser'] == 1) {
// Account already used by another user?
if ($user['as_shareuid'] != 0) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
// Account only shared by buddies?
if ($user['as_buddyshare'] != 0) {
// No buddy - no switch
if ($user['buddylist'] != '') {
$buddylist = explode(",", $user['buddylist']);
}
if (empty($buddylist) || !empty($buddylist) && !in_array($mybb->user['uid'], $buddylist)) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
}
// Shared account is free - set share uid
if ($user['as_shareuid'] == 0) {
$updated_shareuid = array("as_shareuid" => (int) $mybb->user['uid']);
$db->update_query("users", $updated_shareuid, "uid='" . (int) $user['uid'] . "'");
$eas->update_accountswitcher_cache();
$user['as_shareuid'] = (int) $mybb->user['uid'];
}
}
// Make sure you can switch to an attached account only
if ($user['as_uid'] == $mybb->user['uid'] || $user['as_uid'] != 0 && $user['as_uid'] == $mybb->user['as_uid'] || $user['uid'] == $mybb->user['as_uid'] || $user['as_shareuid'] == $mybb->user['uid'] || $user['uid'] == $mybb->user['as_shareuid']) {
// Is the current account shared?
if ($mybb->user['as_share'] != 0) {
// Account used by another user?
if ($mybb->user['as_shareuid'] == 0) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
// Reset share uid
if ($mybb->user['as_shareuid'] != 0) {
$updated_shareuid = array("as_shareuid" => 0);
$db->update_query("users", $updated_shareuid, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
}
}
// Log the old user out
my_unsetcookie("mybbuser");
my_unsetcookie("sid");
if ($mybb->user['uid']) {
$time = TIME_NOW;
// Run this after the shutdown query from session system
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
$db->delete_query("sessions", "sid = '{$session->sid}'");
}
// Now let the login datahandler do the work
require_once MYBB_ROOT . "inc/datahandlers/login.php";
$loginhandler = new LoginDataHandler("get");
$mybb->input['remember'] = "yes";
$loginhandler->set_data($user);
$validated = $loginhandler->validate_login();
$loginhandler->complete_login();
// Create session for this user
require_once MYBB_ROOT . "inc/class_session.php";
$session = new session();
$session->init();
$mybb->session =& $session;
$mybb->post_code = generate_post_check();
// Send new users post code
header("Content-type: text/plain; charset={$charset}");
echo $mybb->post_code;
exit;
} else {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
error($lang->as_notattacheduser);
}
}
}
}