protected function _create_home()
{
global $core, $user;
if (_button() && is_ghost()) {
$v = $this->__(array('cat' => 1, 'ticket_group' => 0, 'ticket_title', 'ticket_text', 'ticket_username', 'attachments'));
$t_contact = $user->v();
if (f($v['ticket_username']) && _auth_get('ticket_create_admin')) {
if (!preg_match('#^([a-z0-9\\_\\-]+)$#is', $v['ticket_username'])) {
$this->_error('#SIGN_LOGIN_ERROR');
}
$sql = 'SELECT *
FROM _members
WHERE user_username = ?
AND user_id <> 1
AND user_active = 1';
if (!($t_contact = _fieldrow(sql_filter($sql, $v['ticket_username'])))) {
$this->_error('#SIGN_LOGIN_ERROR');
}
}
if (!($ticket_status = $core->cache_load('ticket_status_default'))) {
$sql = 'SELECT status_id
FROM _tickets_status
WHERE status_default = 1';
$ticket_status = $core->cache_store(_field($sql, 'status_id', 0));
}
$v2 = array('code' => substr(md5(unique_id()), 0, 8), 'childs' => 0, 'parent' => 0, 'deleted' => 0, 'lastreply' => (int) $user->time, 'group' => $v['ticket_group'], 'contact' => $t_contact['user_id'], 'aby' => 0, 'cat' => $v['cat'], 'status' => $ticket_status, 'start' => (int) $user->time, 'end' => 0, 'ip' => $user->i_ip, 'title' => $v['ticket_title'], 'text' => $v['ticket_text']);
$sql = 'INSERT INTO _tickets' . _build_array('INSERT', prefix('ticket', $v2));
$v['ticket_id'] = _sql_nextid($sql);
$v = array_merge($v, $v2);
if (f($v['attachments'])) {
$attachments = explode(',', $v['attachments']);
$location = XFS . 'space/f/';
if (@is_dir($location)) {
@(include XFS . 'core/upload.php');
$upload = new upload();
$umask = umask(0);
$i = 0;
foreach ($attachments as $row) {
if (@file_exists($location . $row)) {
$extension = _extension($row);
if (preg_match('/\\.(' . $upload->ext_blacklist . ')$/', strtolower($row))) {
$extension = 'txt';
}
$filepath = _filename('_' . $v['code'] . '_' . $i, $extension);
@rename($location . $row, $location . $filepath);
$upload->chmod($location . $filepath);
$insert_attach = array('ticket' => $v['ticket_id'], 'name' => $filepath, 'mime' => mime_content_type($location . $filepath), 'extension' => $extension, 'size' => filesize($location . $filepath), 'checksum' => md5_file($location . $filepath), 'downloads' => 0, 'time' => time());
$sql = 'INSERT INTO _tickets_attach' . _build_array('INSERT', prefix('attach', $insert_attach));
_sql($sql);
$i++;
}
}
@umask($umask);
}
}
if ($v['parent']) {
$sql = 'UPDATE _tickets SET ticket_childs = ticket_childs + 1
WHERE ticket_id = ?';
_sql(sql_filter($sql, $v['ticket_parent']));
}
if (f($v['ticket_username'])) {
$insert_note = array('ticket_id' => (int) $v['ticket_id'], 'user_id' => $user->v('user_id'), 'note_text' => _lang('TICKET_CREATE_STAFF'), 'note_time' => time(), 'note_cc' => 1);
$sql = 'INSERT INTO _tickets_notes' . _build_array('INSERT', $insert_note);
_sql($sql);
}
$sql = 'SELECT group_name, group_email
FROM _groups
WHERE group_id = ?';
$d_group = _fieldrow(sql_filter($sql, $v['ticket_group']));
$ticket_subject = entity_decode($d_group['group_name'] . ' [#' . $v['code'] . ']: ' . $v['ticket_title']);
$ticket_message = entity_decode($v['text']);
$sql = 'SELECT m.user_email
FROM _groups_members gm, _members m
WHERE gm.member_group = ?
AND gm.member_mod = ?
AND gm.member_uid = m.user_id
ORDER BY m.user_email';
$group_members = _rowset(sql_filter($sql, $v['group'], 1), false, 'user_email');
//
// Common email notification
require_once XFS . 'core/emailer.php';
$emailer = new emailer();
$emailer_vars = array('USERNAME' => $t_contact['user_username'], 'FULLNAME' => entity_decode(_fullname($t_contact)), 'SUBJECT' => entity_decode($v['ticket_title']), 'MESSAGE' => $ticket_message, 'TICKET_URL' => _link($this->m(), array('x1' => 'view', 'code' => $v['code'])));
$email_from = $d_group['group_email'] . '@' . $core->v('domain');
$user_template = 'ticket_' . $d_group['group_email'];
//
// Notify ticket creator
$emailer->from($email_from);
$emailer->set_subject($ticket_subject);
$emailer->use_template($user_template);
$emailer->email_address($t_contact['user_email']);
$emailer->set_decode(true);
$emailer->assign_vars($emailer_vars);
$emailer->send();
$emailer->reset();
//
// Notify group mods
$emailer->from($email_from);
$emailer->use_template('ticket_tech');
$emailer->set_subject($ticket_subject);
foreach ($group_members as $i => $row) {
$method = !$i ? 'email_address' : 'cc';
$emailer->{$method}($row);
}
$emailer->set_decode(true);
$emailer->assign_vars($emailer_vars);
$emailer->send();
$emailer->reset();
return $this->e(_link($this->m(), array('x1' => 'view', 'code' => $v['code'])));
}
$sql = 'SELECT group_id, group_name
FROM _groups
ORDER BY group_name';
_rowset_style($sql, 'groups');
$sql = 'SELECT cat_id, cat_name
FROM _tickets_cat
WHERE cat_id > 0
AND cat_group IN (??)
GROUP BY cat_name
ORDER BY cat_group, cat_name';
if (!($cat = _rowset_style(sql_filter($sql, $user->auth_groups()), 'cat', 'cat'))) {
_style('no_cat');
}
return v_style(array('CHANGE_USER' => sprintf(_lang('TICKET_CHANGE_USER'), _fullname($user->v()))));
}
public function home()
{
global $core, $user;
$tree = $this->valid_tree();
$v = $this->__(_array_keys(w('is_comment is_form'), 0));
// Form posting enabled and form submitted
if ($v['is_form'] && _button()) {
if (!is_ghost()) {
_fatal(405);
}
if (!$tree['tree_form']) {
_fatal();
}
$sql_fields = 'SELECT form_alias, form_required, form_legend, form_regex,
FROM _form_fields
WHERE form_tree = ?
ORDER BY form_order';
if (!($form = _rowset(sql_filter($sql_fields, $tree['tree_id']), 'form_alias'))) {
$form = _rowset(sql_filter($sql_fields, 0), 'form_alias');
}
$form['secure'] = array('form_required' => 1, 'form_regex' => '^([a-zA-Z]+)$', 'form_alias' => 'secure', 'form_type' => 'text', 'form_legend' => _lang('XCF_LEGEND'));
foreach ($form as $row) {
$v = array_merge($v, $this->__(array($row['form_alias'])));
if (!f($v[$row['form_alias']])) {
if ($row['form_required']) {
$this->_error(sprintf(_lang('E_COMMENT_FIELD_EMPTY'), $row['form_legend']), false);
}
continue;
}
if (f($row['form_regex']) && !preg_match('#' . $row['form_regex'] . '#is', $v[$row['form_alias']])) {
$this->_error(sprintf(_lang('E_COMMENT_FIELD_BAD'), $row['form_legend']), false);
if ($row['form_alias'] == 'secure') {
$v[$row['form_alias']] = '';
}
}
}
require_once XFS . 'core/xcf.php';
$xcf = new captcha();
if ($xcf->check($v['secure']) === false) {
$v['secure'] = '';
$this->_error('#E_COMMENT_INVALID_CAPTCHA');
}
unset($xcf);
require_once XFS . 'core/emailer.php';
$emailer = new emailer();
$emailer->set_decode(true);
$emailer->format('plain');
$emailer->from($v['address']);
$emailer->set_subject(_rm_acute($v['subject']));
$emailer->use_template('contact_email');
if (f($core->v('default_email'))) {
$tree['tree_form_email'] .= (f($tree['tree_form_email']) ? ';' : '') . $core->v('default_email');
}
$form_addresses = array_map('trim', array_unique(explode(';', $tree['tree_form_email'])));
foreach ($form_addresses as $i => $address) {
$row_f = !$i ? 'email_address' : 'cc';
$emailer->{$row_f}($address);
}
unset($v['secure']);
$content = w();
foreach ($form as $row) {
if (!f($v[$row['form_alias']])) {
continue;
}
$content[] = $row['form_legend'] . ":\n" . $v[$row['form_alias']];
}
$emailer->assign_vars(array('CONTENT' => implode("\n\n", $content), 'FORM_ARTICLE' => $tree['tree_subject']));
$emailer->send();
$emailer->reset();
$response = array('lang' => _lang('FORM_SUCCESS'));
$this->e(json_encode($response));
}
// Comment posting enabled and form submitted.
if ($v['is_comment'] && _button()) {
if (!$tree['tree_allow_comments']) {
_fatal();
}
$cv = $this->__(w('comment_username comment_address comment_website comment_message comment_security'));
$comment_time = time();
if (!$user->v('is_member')) {
foreach ($cv as $cv_k => $cv_v) {
if (!f($cv_v)) {
$this->error('E_COMMENT_FILL_FIELDS');
break;
}
}
if (!$this->errors()) {
$sql = 'SELECT comment_time
FROM _comments
WHERE comment_ip = ?
AND comment_status = 0';
if ($row_flood = _fieldrow(sql_filter($sql, $user->ip))) {
if ($comment_time - $row_flood['comment_time'] < 30) {
$this->error('E_COMMENT_FLOOD_TIME');
}
}
}
// CAPTCHA verification
require_once XFS . 'core/xcf.php';
$xcf = new captcha();
if ($xcf->check($cv['comment_security']) === false) {
$cv['comment_security'] = '';
$this->error('E_COMMENT_INVALID_CAPTCHA');
}
unset($xcf);
}
if (!$this->errors()) {
$approve_comments = !$user->v('is_member') ? $tree['tree_approve_comments'] : 1;
$sql_insert = array('tree' => (int) $tree['tree_id'], 'uid' => (int) $user->v('user_id'), 'username' => $cv['comment_username'], 'email' => $cv['comment_address'], 'website' => $cv['comment_website'], 'ip' => $user->ip, 'status' => (int) $approve_comments, 'time' => (int) $comment_time, 'message' => $cv['comment_message']);
$sql = 'INSERT INTO _comments' . _build_array('INSERT', prefix('comment', $sql_insert));
_sql($sql);
if ($approve_comments) {
$sql = 'UPDATE _tree SET tree_comments = tree_comments + 1
WHERE tree_id = ?';
_sql(sql_filter($sql, $tree['tree_id']));
}
// Send new comment email notification for approval.
if (!$approve_comments) {
unset($cv['comment_security']);
require_once XFS . 'core/emailer.php';
$emailer = new emailer();
$emailer->from($cv['comment_address']);
$emailer->use_template('comment_approval');
if (f($tree['tree_form_email'])) {
$tree['tree_form_email'] = $core->v('default_comments_email');
}
foreach (explode(';', $tree['tree_form_email']) as $i => $row) {
$row_f = !$i ? 'email_address' : 'cc';
$emailer->{$row_f}($row);
}
$input = w();
foreach ($cv as $row_k => $row_v) {
if (!f($row_v)) {
continue;
}
if ($row_k == 'comment_message') {
$row_v = str_replace("\r\n", '<br />', $row_v);
}
$input[] = '< ' . $row_v;
}
$emailer->assign_vars(array('U_APPROVAL' => _link(_rewrite($tree), array('x1' => 'comments')), 'INPUT_FIELDS' => implode('<br /><br />', $input), 'FROM_USERNAME' => $cv['comment_username']));
$emailer->send();
$emailer->reset();
}
redirect(_link(_rewrite($tree)));
}
if ($this->errors()) {
if (is_ghost()) {
$this->e('!');
}
_style('comments_error', array('MESSAGE' => $this->get_errors()));
}
}
//
if (f($tree['tree_redirect'])) {
if (preg_match('#^[a-z0-9\\-\\_]+$#is', $tree['tree_redirect'])) {
$tree['tree_redirect'] = _link($tree['tree_redirect']);
}
redirect($tree['tree_redirect']);
}
//
if ($tree['tree_parent']) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ?';
$parent = _fieldrow(sql_filter($sql, $tree['tree_parent']));
if ($tree['tree_level'] > 2) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ?';
$subparent = _fieldrow(sql_filter($sql, $parent['tree_parent']));
}
}
if ($tree['tree_node']) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ?';
$node = _fieldrow(sql_filter($sql, $tree['tree_node']));
}
//
if (@method_exists($this, 'cf_' . _rewrite($tree))) {
$this->{'cf_' . _rewrite($tree)}($tree);
}
//
$sql = 'SELECT *
FROM _tree
WHERE tree_parent = ?
AND tree_child_hide = 0
ORDER BY ??';
$childs = _rowset(sql_filter($sql, $tree['tree_id'], $this->child_order($tree)));
foreach ($childs as $i => $row) {
if (!$i) {
$sql = 'SELECT image_id, image_tree, image_extension
FROM _images
WHERE image_tree IN (??)
ORDER BY RAND()';
$images_child = _rowset(sql_filter($sql, _implode(',', array_keys($childs))), 'tree_id');
_style('tree_child1', array('ORDER_URL' => _link($tree['tree_id'], array('order', 0, 0, 0, 0))));
}
_style('tree_child.row', array('ITEM' => $row['tree_id'], 'URL' => _link(_rewrite($row)), 'SUBJECT' => $row['tree_subject'], 'CONTENT' => $row['tree_content'], 'EDITED' => _format_date($row['tree_edited']), 'IMAGE' => isset($images_child[$row['tree_id']]) ? $images_child[$row['tree_id']]['image_id'] . '.' . $images_child[$row['tree_id']]['image_extension'] : 'default.gif'));
}
// Comments
if ($tree['tree_allow_comments'] && $tree['tree_comments']) {
$sql = 'SELECT c.comment_id, c.comment_username, c.comment_website, c.comment_time, c.comment_message, m.user_username
FROM _comments c, _members m
WHERE c.comment_tree = ?
AND c.comment_status = 1
AND c.comment_uid = m.user_id
ORDER BY c.comment_time DESC';
$comments = _rowset(sql_filter($sql, $tree['tree_id']));
foreach ($comments as $i => $row) {
if (!$i) {
_style('comments');
}
_style('comments.row', array('ID' => $row['comment_id'], 'SUSERNAME' => $row['user_username'], 'USERNAME' => $row['comment_username'], 'WEBSITE' => $row['comment_website'], 'TIME' => _format_date($row['comment_time']), 'MESSAGE' => str_replace("\n", '<br />', $row['comment_message'])));
}
}
//
if ($this->css_parent($tree)) {
$sql = 'SELECT *
FROM _tree
WHERE tree_parent = ?
AND tree_child_hide = 0
ORDER BY ??';
$childs_parent = _rowset(sql_filter($sql, $this->css_var($tree), $this->child_order($tree)));
foreach ($childs_parent as $i => $row) {
if (!$i) {
$sql = 'SELECT image_id, image_tree, image_extension
FROM _images
WHERE image_tree IN (??)
ORDER BY RAND()';
$images_child_parent = _rowset(sql_filter($sql, _implode(',', array_keys($childs_parent))), 'tree_id');
_style('tree_child', array('ORDER_URL' => _link($tree['tree_id'], array('order', 0, 0, 0, 0))));
}
_style('tree_child_parent.row', array('ITEM' => $row['tree_id'], 'URL' => _link(_rewrite($row)), 'TITLE' => $row['tree_subject'], 'IMAGE' => isset($images_child_parent[$row['tree_id']]) ? $images_child_parent[$row['tree_id']]['image_id'] . '.' . $images_child_parent[$row['tree_id']]['image_extension'] : 'default.gif'));
}
}
if ($tree['tree_downloads']) {
$sql = 'SELECT *
FROM _downloads
WHERE download_tree = ?
ORDER BY download_order';
$downloads = _rowset(sql_filter($sql, $tree['tree_id']));
foreach ($downloads as $i => $row) {
if (!$i) {
_style('downloads', array('ORDER_URL' => _link($tree['tree_id'], array('orderd', 0, 0, 0, 0))));
}
_style('downloads.row', array('ITEM' => $row['download_id'], 'DOWNLOAD' => _link('get', $row['download_alias'] . '.' . $row['download_extension']), 'TITLE' => $row['download_title']));
}
}
//
if ($tree['tree_form']) {
$sql = 'SELECT *
FROM _form_fields
WHERE form_tree = ?
ORDER BY form_order';
$form = _rowset(sql_filter($sql, $tree['tree_id']), 'form_alias');
if (!count($form)) {
$sql = 'SELECT *
FROM _form_fields
WHERE form_tree = 0
ORDER BY form_order';
$form = _rowset($sql, 'form_alias');
}
$form['secure'] = array('form_required' => 1, 'form_regex' => '^([a-zA-Z]+)$', 'form_alias' => 'secure', 'form_type' => 'text', 'form_legend' => 'Imagen de seguridad');
_style('form', array('URL' => _link(_rewrite($tree))));
foreach ($form as $row) {
_style('form.row', array('ALIAS' => $row['form_alias'], 'REQUIRED' => $row['form_required'], 'LEGEND' => _lang($row['form_legend']), 'TYPE' => $row['form_type'], 'PAGE' => $tree['tree_alias']));
foreach ($row as $row_k => $row_v) {
if (preg_match('#^form_(alias|type)$#is', $row_k)) {
if ($row_k == 'form_alias') {
$row_k = 'name';
}
_style('form.row.attrib', array('ATTRIB' => str_replace('form_', '', $row_k), 'VALUE' => $row_v));
}
}
}
}
$s_css_page = '';
if (@file_exists('./style/css/_tree_' . _rewrite($tree) . '.css')) {
$s_css_page = _rewrite($tree) . '/';
} elseif ($this->css_parent($tree)) {
if (!f($tree['tree_css_var'])) {
$tree['tree_css_var'] = 'parent';
}
$ary_css_var = false;
switch ($tree['tree_css_var']) {
case 'parent':
case 'subparent':
case 'node':
$ary_css_var = ${$tree['tree_css_var']};
break;
default:
if (is_numb($tree['tree_css_var'])) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ?';
if ($css_var_row = _fieldrow(sql_filter($sql, $tree['tree_css_var']))) {
$ary_css_var = $css_var_row;
}
}
break;
}
if ($ary_css_var !== false) {
$s_css_page = _rewrite($ary_css_var) . '/';
}
}
v_style(array('S_IMAGES' => $core->v('address') . 'container/images/a_' . ($this->css_parent($tree) ? $this->css_var($tree) : $tree['tree_id']) . '/', 'V_TREE' => $tree['tree_id'], 'V_CSS' => $s_css_page, 'V_SUBJECT' => $tree['tree_subject'], 'V_CONTENT' => _message($tree['tree_content']), 'V_COMMENTS' => $tree['tree_comments'], 'V_ALLOW_COMMENTS' => $tree['tree_allow_comments'], 'V_ALLOW_FORM' => $tree['tree_form'], 'U_COMMENTS' => _link(_rewrite($tree)), 'U_XCF' => _link(_rewrite($tree) . '-xs.jpg', false, false)));
$tree['tree_subject'] = strip_tags($tree['tree_subject']);
//
if ($tree['tree_alias'] != 'home') {
if ($node['tree_id'] != $parent['tree_id']) {
$this->navigation($node['tree_subject'], _rewrite($node));
}
if ($tree['tree_level'] > 2) {
if ($parent['tree_id'] && $node['tree_id'] && $tree['tree_level'] > 3) {
$this->navigation('...');
}
$this->navigation($subparent['tree_subject'], _rewrite($subparent));
}
if ($parent['tree_id']) {
$this->navigation($parent['tree_subject'], _rewrite($parent));
}
$this->navigation($tree['tree_subject'], _rewrite($tree));
}
if ($user->v('is_member')) {
$tree['tree_cp'] = 1;
$i = 0;
$auth_tree = array('create', 'modify', 'remove');
foreach ($auth_tree as $row) {
if (_auth_get('cp_' . $row)) {
if (!$i) {
_style('auth');
}
_style('auth.row', array('U_AUTH' => _link('cp', array($row, _rewrite($tree))), 'V_NAME' => _lang('CP_AUTH_' . $row)));
$i++;
}
}
}
//
$this->_template('tree');
if (f($tree['tree_template']) && @file_exists('./style/custom/' . $tree['tree_template'] . '.htm')) {
$this->_template('custom/' . $tree['tree_template']);
}
// TODO: 304 header response
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $tree['tree_edited']) . ' GMT');
return;
}
protected function _like_home()
{
global $bio;
if (!is_ghost()) {
_fatal();
}
$v = $this->__(array('ref' => 0));
if (!$v['ref']) {
_fatal();
}
if (!$bio->v('auth_member')) {
_login();
}
// like_time
$sql = 'SELECT *
FROM _reference
WHERE ref_id = ?';
if (!($ref = _fieldrow(sql_filter($sql, $v['ref'])))) {
_fatal();
}
$sql = 'SELECT like_id
FROM _reference_likes
WHERE like_ref = ?
AND like_uid = ?';
if (!_field(sql_filter($sql, $ref['ref_id'], $bio->v('bio_id')), 'like_id', 0)) {
$sql_insert = array('ref' => $ref['ref_id'], 'uid' => $bio->v('bio_id'));
sql_put('_reference_likes', prefix('like', $sql_insert));
}
return $this->e('~OK');
}
protected function _permission_remove()
{
if (!is_ghost()) {
_fatal();
}
$v = $this->__(array('bio' => 0));
$sql = 'SELECT bio_id
FROM _bio
WHERE bio_id = ?';
if (!sql_field(sql_filter($sql, $v->bio), 'bio_id', 0)) {
_fatal();
}
$sql = 'SELECT auth_bio
FROM _bio_auth
WHERE auth_assoc = ?
AND auth_bio = ?';
if (!sql_field(sql_filter($sql, $v->bio), 'auth_bio', 0)) {
_fatal();
}
$sql = 'DELETE FROM _bio_auth
WHERE auth_assoc = ?
AND auth_bio = ?';
sql_query(sql_filter($sql, $this->a('bio_id'), $v->bio));
redirect(_link('alias', array('alias' => $bio->v('bio_alias'), 'x1' => $this->x(1), 'x2' => $this->x(2))));
}
function xs_startup()
{
global $core, $user;
if (empty($this->xs_started)) {
$this->xs_started = 1;
// Adding current template
$tpl = $this->root . '/';
if (substr($tpl, 0, 2) === './') {
$tpl = substr($tpl, 2, strlen($tpl));
}
// Adding predefined variables
$this->vars += array('LANG' => $core->v('default_lang'), 'TEMPLATE' => $tpl, 'TEMPLATE_NAME' => $this->tpl, 'S_SERVER' => $core->v('address'), 'S_STYLE' => $core->v('address') . 'style/', 'S_LIB' => LIBD, 'S_VISUAL' => LIBD . 'visual/', '_SELF' => _page(), 'SCRIPT_TYPE' => ' type="text/javascript"', 'CDATA_BEGIN' => '//<![CDATA[' . "\n", 'CDATA_END' => '//]]>' . "\n", 'IS_GHOST' => is_ghost(), 'IS_MEMBER' => (int) $user->v('is_member'), 'S_USERNAME' => _fullname($user->v()), 'S_TIME' => time());
}
}
protected function _publish_home()
{
global $bio;
$v = $this->__(w('address key subject content playing f 0 p 0'));
// TODO: Implement bio authorization
$this->_bio_publish($v->address, $v->key);
//
if (!$v->forum && !$v->post) {
$warning->now();
}
if ($v->forum) {
if (empty($v->subject)) {
$this->_error('NO_TOPIC_SUBJECT');
}
$sql = 'SELECT *
FROM _board_forums
WHERE forum_id = ?';
if (!($forum = sql_fieldrow(sql_filter($sql, $v->forum)))) {
$warning->now();
}
$v->subject = _subject($v->subject);
} else {
$sql = 'SELECT *
FROM _board_posts
WHERE post_id = ?';
if (!($post = sql_fieldrow(sql_filter($sql, $v->post)))) {
$warning->now();
}
$sql = 'SELECT *
FROM _board_topics
WHERE topic_id = ?';
if (!($topic = sql_fieldrow(sql_filter($sql, $post->post_topic)))) {
$warning->now();
}
}
if ($v->forum) {
if ($forum->forum_locked && !$this->auth_forum($forum, 'create')) {
$warning->now();
}
}
if (empty($v->content)) {
$this->_error('NO_TOPIC_CONTENT');
}
$v->content = _prepare($v->content);
// Start insert transaction
sql_transaction();
$sql_commit = false;
if ($v->forum) {
// Insert topic
$sql_insert = array('forum' => $v->forum, 'subject' => $v->subject, 'author' => $bio->v('bio_id'), 'time' => time(), 'active' => $bio->v('bio_confirmed'));
$v->topic_next = sql_put('_board_topics', prefix('topic', $sql_insert));
// Insert post
$sql_insert = array('forum' => $v->forum, 'topic' => $v->topic_next, 'parent' => 0, 'bio' => $bio->v('bio_id'), 'time' => time(), 'active' => $bio->v('bio_confirmed'), 'message' => $v->content, 'playing' => $v->playing);
$v->post_next = sql_put('_board_posts', prefix('post', $sql_insert));
if ($v->topic_next && $v->post_next) {
$sql_commit = true;
}
} else {
$sql_insert = array('forum' => $topic->topic_forum, 'topic' => $topic->topic_id, 'parent' => $v->post, 'bio' => $bio->v('bio_id'), 'time' => time(), 'active' => $bio->v('bio_confirmed'), 'message' => $v->content, 'playing' => $v->playing);
$v->post_next = sql_put('_board_posts', prefix('post', $sql_insert));
$sql_update = w();
$sql = 'UPDATE _board_topics SET topic_replies = topic_replies + 1' . sql_build('UPDATE', $sql_update) . sql_filter('
WHERE topic_id = ?', $topic->topic_id);
$updated = sql_affected($sql);
if ($v->post_next && $updated) {
$sql_commit = true;
}
}
if (!$sql_commit) {
sql_transaction('rollback');
$this->_error('ROLLBACK_MESSAGE');
}
sql_transaction('commit');
if (is_ghost() && $v->post) {
if ($bio->v('bio_confirmed')) {
$response = array('show' => 1, 'parent' => $v->post, 'post' => $v->post_next, 'content' => _message($v->content), 'time' => _format_date(), 'profile' => array('link' => _link_bio($bio->v('bio_alias')), 'name' => $bio->v('bio_name')));
} else {
$response = array('show' => 0, 'legend' => _lang('PUBLISH_TOPIC_GUEST'));
}
$this->output(json_encode($response));
}
return redirect(_link('board', array('topic', $v->topic)));
}
protected function _attend_home()
{
global $bio;
if (!is_ghost()) {
_fatal();
}
if (!$bio->v('auth_member')) {
_login();
}
$v = $this->__(_array_keys(w('event option'), 0));
if (!$v['event'] || !$v['option']) {
_fatal();
}
$sql = 'SELECT event_id
FROM _events
WHERE event_id = ?';
if (!_fieldrow($sql, $v['event'])) {
_fatal();
}
$sql = 'SELECT type_id
FROM _events_attend_type
WHERE type_id = ?';
if (!_fieldrow(sql_filter($sql, $v['option']))) {
_fatal();
}
$sql = 'SELECT attend_id
FROM _events_attend
WHERE attend_event = ?
AND attend_uid = ?';
if ($attend_id = _field(sql_filter($sql, $v['event'], $bio->v('bio_id')), 'attend_id', 0)) {
$sql = 'UPDATE _events SET attend_option = ?
WHERE attend_id = ?';
_sql(sql_filter($sql, $v['option'], $attend_id));
} else {
$sql_insert = array('attend_event' => $v['event'], 'attend_uid' => $bio->v('bio_id'), 'attend_option' => $v['option'], 'attend_time' => time());
sql_put('_events_attend', $sql_insert);
}
return $this->e('~OK');
}
function redirect($url, $i = true)
{
global $warning;
sql_close();
$url = trim($url);
// Prevent external domain injection
if ($i === true) {
if (strpos($url, '://') !== false) {
$url_path = parse_url($url, PHP_URL_HOST);
if ($url_path === false || $url_path != get_host()) {
$warning->fatal();
}
} else {
if (f($url) && substr($url, 0, 1) === '/') {
$url = substr($url, 1);
}
$url = _link() . $url;
}
}
$head = 'Location: ' . $url;
if (is_ghost()) {
echo $head;
} else {
header($head);
}
exit;
}
function home()
{
global $core, $user, $style;
$tree = $this->valid_tree();
$v = $this->__(array('is_comment' => 0));
// Comment posting enabled and form submitted.
if ($v['is_comment'] && $this->submit) {
if (!$tree['tree_allow_comments']) {
_fatal();
}
$cv = $this->__(array('comment_username', 'comment_address', 'comment_website', 'comment_message', 'comment_security'));
$comment_time = time();
if (!$user->d('is_member')) {
foreach ($cv as $cv_k => $cv_v) {
if (empty($cv_v)) {
$this->error('E_COMMENT_FILL_FIELDS');
break;
}
}
if (!$this->errors()) {
$sql = "SELECT comment_time\n\t\t\t\t\t\tFROM _comments\n\t\t\t\t\t\tWHERE comment_ip = '" . $this->_escape($user->ip) . "'\n\t\t\t\t\t\t\tAND comment_status = 0";
if ($row_flood = $this->_fieldrow($sql)) {
if ($comment_time - $row_flood['comment_time'] < 30) {
$this->error('E_COMMENT_FLOOD_TIME');
}
}
}
// CAPTCHA verification
include XFS . 'core/xcf.php';
$xcf = new captcha();
if ($xcf->check($cv['comment_security']) === false) {
$cv['comment_security'] = '';
$this->error('E_COMMENT_INVALID_CAPTCHA');
}
unset($xcf);
}
if (!$this->errors()) {
$approve_comments = !$user->d('is_member') ? $tree['tree_approve_comments'] : 1;
$sql_insert = array('tree' => (int) $tree['tree_id'], 'uid' => (int) $user->d('user_id'), 'username' => $cv['comment_username'], 'email' => $cv['comment_address'], 'website' => $cv['comment_website'], 'ip' => $user->ip, 'status' => (int) $approve_comments, 'time' => (int) $comment_time, 'message' => $cv['comment_message']);
$sql = 'INSERT INTO _comments' . $this->_build_array('INSERT', ksql('comment', $sql_insert));
$this->_sql($sql);
if ($approve_comments) {
$sql = 'UPDATE _tree SET tree_comments = tree_comments + 1
WHERE tree_id = ' . (int) $tree['tree_id'];
$this->_sql($sql);
}
// Send new comment email notification for approval.
if (!$approve_comments) {
unset($cv['comment_security']);
include XFS . 'core/emailer.php';
$emailer = new emailer();
$emailer->from($cv['comment_address']);
$emailer->use_template('comment_approval');
if (empty($tree['tree_form_email'])) {
$tree['tree_form_email'] = $core->v('default_comments_email');
}
foreach (explode(';', $tree['tree_form_email']) as $i => $row) {
$row_f = !$i ? 'email_address' : 'cc';
$emailer->{$row_f}($row);
}
$input = array();
foreach ($cv as $row_k => $row_v) {
if (empty($row_v)) {
continue;
}
if ($row_k == 'comment_message') {
$row_v = str_replace("\r\n", '<br />', $row_v);
}
$input[] = '< ' . $row_v;
}
$emailer->assign_vars(array('U_APPROVAL' => _link($this->alias_id($tree), array('x1' => 'comments')), 'INPUT_FIELDS' => implode('<br /><br />', $input), 'FROM_USERNAME' => $cv['comment_username']));
$emailer->send();
$emailer->reset();
}
redirect(_link($this->alias_id($tree)));
}
if ($this->errors()) {
if (is_ghost()) {
$this->e('!');
}
$style->assign_block_vars('comments_error', array('MESSAGE' => $this->get_errors()));
}
}
//
if (!empty($tree['tree_redirect'])) {
if (preg_match('#^[a-z0-9\\-\\_]+$#is', $tree['tree_redirect'])) {
$tree['tree_redirect'] = _link($tree['tree_redirect']);
}
redirect($tree['tree_redirect']);
}
//
if ($tree['tree_parent']) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ' . (int) $tree['tree_parent'];
$parent = $this->_fieldrow($sql);
if ($tree['tree_level'] > 2) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ' . (int) $parent['tree_parent'];
$subparent = $this->_fieldrow($sql);
}
}
if ($tree['tree_node']) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ' . (int) $tree['tree_node'];
$node = $this->_fieldrow($sql);
}
//
if (@method_exists($this, 'cf_' . $this->alias_id($tree))) {
$this->{'cf_' . $this->alias_id($tree)}($tree);
}
//
$sql = 'SELECT *
FROM _tree
WHERE tree_parent = ' . (int) $tree['tree_id'] . '
AND tree_child_hide = 0
ORDER BY ' . $this->child_order($tree);
$childs = $this->_rowset($sql);
foreach ($childs as $i => $row) {
if (!$i) {
$sql = 'SELECT image_id, image_tree, image_extension
FROM _images
WHERE image_tree IN (' . implode(',', array_keys($childs)) . ')
ORDER BY RAND()';
$images_child = $this->_rowset($sql, 'tree_id');
$style->assign_block_vars('tree_child', array('ORDER_URL' => _link($tree['tree_id'], array('order', 0, 0, 0, 0))));
}
$style->assign_block_vars('tree_child.row', array('ITEM' => $row['tree_id'], 'URL' => _link($this->alias_id($row)), 'SUBJECT' => $row['tree_subject'], 'CONTENT' => $row['tree_content'], 'EDITED' => $user->format_date($row['tree_edited']), 'IMAGE' => isset($images_child[$row['tree_id']]) ? $images_child[$row['tree_id']]['image_id'] . '.' . $images_child[$row['tree_id']]['image_extension'] : 'default.gif'));
}
// Comments
if ($tree['tree_allow_comments'] && $tree['tree_comments']) {
$sql = 'SELECT c.comment_id, c.comment_username, c.comment_website, c.comment_time, c.comment_message, m.user_username
FROM _comments c, _members m
WHERE c.comment_tree = ' . (int) $tree['tree_id'] . '
AND c.comment_status = 1
AND c.comment_uid = m.user_id
ORDER BY c.comment_time DESC';
$comments = $this->_rowset($sql);
foreach ($comments as $i => $row) {
if (!$i) {
$style->assign_block_vars('comments', array());
}
$style->assign_block_vars('comments.row', array('ID' => $row['comment_id'], 'SUSERNAME' => $row['user_username'], 'USERNAME' => $row['comment_username'], 'WEBSITE' => $row['comment_website'], 'TIME' => $user->format_date($row['comment_time']), 'MESSAGE' => str_replace("\n", '<br />', $row['comment_message'])));
}
}
//
if ($this->css_parent($tree)) {
$sql = 'SELECT *
FROM _tree
WHERE tree_parent = ' . (int) $this->css_var($tree) . '
AND tree_child_hide = 0
ORDER BY ' . $this->child_order($tree);
$childs_parent = $this->_rowset($sql);
foreach ($childs_parent as $i => $row) {
if (!$i) {
$sql = 'SELECT image_id, image_tree, image_extension
FROM _images
WHERE image_tree IN (' . implode(',', array_keys($childs_parent)) . ')
ORDER BY RAND()';
$images_child_parent = $this->_rowset($sql, 'tree_id');
$style->assign_block_vars('tree_child', array('ORDER_URL' => _link($tree['tree_id'], array('order', 0, 0, 0, 0))));
}
$style->assign_block_vars('tree_child_parent.row', array('ITEM' => $row['tree_id'], 'URL' => _link($this->alias_id($row)), 'TITLE' => $row['tree_subject'], 'IMAGE' => isset($images_child_parent[$row['tree_id']]) ? $images_child_parent[$row['tree_id']]['image_id'] . '.' . $images_child_parent[$row['tree_id']]['image_extension'] : 'default.gif'));
}
}
if ($tree['tree_downloads']) {
$sql = 'SELECT *
FROM _downloads
WHERE download_tree = ' . (int) $tree['tree_id'] . '
ORDER BY download_order';
$downloads = $this->_rowset($sql);
foreach ($downloads as $i => $row) {
if (!$i) {
$style->assign_block_vars('downloads', array('ORDER_URL' => _link($tree['tree_id'], array('orderd', 0, 0, 0, 0))));
}
$style->assign_block_vars('downloads.row', array('ITEM' => $row['download_id'], 'DOWNLOAD' => _link('get', $row['download_alias'] . '.' . $row['download_extension']), 'TITLE' => $row['download_title']));
}
}
//
if ($tree['tree_form']) {
$style->assign_block_vars('form', array('URL' => _link($this->alias_id($tree), 'form')));
}
$s_css_page = '';
if (@file_exists('./style/css/_tree_' . $this->alias_id($tree) . '.css')) {
$s_css_page = $this->alias_id($tree) . '/';
} elseif ($this->css_parent($tree)) {
if (empty($tree['tree_css_var'])) {
$tree['tree_css_var'] = 'parent';
}
$ary_css_var = false;
switch ($tree['tree_css_var']) {
case 'parent':
case 'subparent':
case 'node':
$ary_css_var = ${$tree['tree_css_var']};
break;
default:
if (is_numeric($tree['tree_css_var'])) {
$sql = 'SELECT *
FROM _tree
WHERE tree_id = ' . (int) $tree['tree_css_var'];
if ($css_var_row = $this->_fieldrow($sql)) {
$ary_css_var = $css_var_row;
}
}
break;
}
if ($ary_css_var !== false) {
$s_css_page = $this->alias_id($ary_css_var) . '/';
}
}
//$tree['tree_content'] = $this->parse($tree['tree_content']);
$tv = array('ADI' => $core->v('address') . 'container/images/a_' . ($this->css_parent($tree) ? $this->css_var($tree) : $tree['tree_id']) . '/', 'V_TREE' => $tree['tree_id'], 'V_CSS' => $s_css_page, 'V_SUBJECT' => $tree['tree_subject'], 'V_CONTENT' => $tree['tree_content'], 'V_COMMENTS' => $tree['tree_comments'], 'V_ALLOW_COMMENTS' => $tree['tree_allow_comments'], 'U_COMMENTS' => _link($this->alias_id($tree)), 'U_XCF' => _link($this->alias_id($tree) . '-xs.jpg', false, false));
$this->as_vars($tv);
$tree['tree_subject'] = strip_tags($tree['tree_subject']);
//
if ($tree['tree_alias'] != 'home') {
if ($node['tree_id'] != $parent['tree_id']) {
$this->navigation($node['tree_subject'], $this->alias_id($node));
}
if ($tree['tree_level'] > 2) {
if ($parent['tree_id'] && $node['tree_id'] && $tree['tree_level'] > 3) {
$this->navigation('...');
}
$this->navigation($subparent['tree_subject'], $this->alias_id($subparent));
}
if ($parent['tree_id']) {
$this->navigation($parent['tree_subject'], $this->alias_id($parent));
}
$this->navigation($tree['tree_subject'], $this->alias_id($tree));
}
if ($user->d('is_member')) {
$i = 0;
$auth_tree = array('create', 'modify', 'remove');
foreach ($auth_tree as $row) {
if ($user->auth_get('cp_' . $row)) {
if (!$i) {
$style->assign_block_vars('auth', array());
}
$lang = 'CP_AUTH_' . strtoupper($row);
$style->assign_block_vars('auth.row', array('U_LINK' => _link('cp', array($row, $this->alias_id($tree, false, false, false))), 'V_NAME' => _lang($lang)));
$i++;
}
}
}
//
$this->template = 'tree';
if (!empty($tree['tree_template']) && @file_exists('./style/pages/' . $tree['tree_template'] . '.htm')) {
$this->template = 'pages/' . $tree['tree_template'];
}
// TODO: 304 header response
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $tree['tree_edited']) . ' GMT');
return;
}
protected function _tab_home()
{
if (!is_ghost()) {
redirect(_link($this->m()));
}
global $user;
$v = $this->__(array('uid' => 0, 'tag'));
if (!$v['uid'] || !f($v['tag'])) {
$this->_error('#FATAL_ERROR');
}
$tabs = $this->init_tabs();
if (!isset($tabs[$v['tag']])) {
$this->_error('#FATAL_ERROR');
}
$tab_auth = $tabs[$v['tag']]['tab_function'] == 'general' ? 'search' : 'tab_' . $tabs[$v['tag']]['tab_function'];
if (!_auth_get('contacts_' . $tab_auth)) {
_fatal();
}
$sql = 'SELECT *
FROM _members
WHERE user_id = ?';
if (!($uid = _fieldrow(sql_filter($sql, $v['uid'])))) {
$this->_error('#TICKET_NOT_MEMBER');
}
$f = '_tab_function_' . $tabs[$v['tag']]['tab_function'];
if (!method_exists($this, $f)) {
$this->_error('#FATAL_ERROR');
}
$this->{$f}($v, $uid);
$this->e('!');
v_style(array('TAG' => $v['tag'], 'V_UID' => $v['uid']));
return $this->_template('contacts.search.ajax');
}
