function tags_validate(&$datahandler) { global $mybb, $db, $thread, $lang; if ($mybb->settings['tags_enabled'] == 0 || tags_in_disforum($datahandler->fid) || $mybb->settings['tags_groups'] != -1 && !is_member($mybb->settings['tags_groups'])) { return; } $lang->load('tags'); $mybb->settings['tags_max_thread'] = (int) $mybb->settings['tags_max_thread']; if ($mybb->get_input('tags') != '' && ($datahandler->action == 'thread' || is_array($thread) && $datahandler->data['pid'] == $thread['firstpost'])) { $tags_value = $mybb->get_input('tags'); $tags_value = tags_string2tag($tags_value); $tags = explode(',', $tags_value); if (count($tags) > $mybb->settings['tags_max_thread'] && $mybb->settings['tags_max_thread'] > 0) { $lang->many_tags = $lang->sprintf($lang->many_tags, $mybb->settings['tags_max_thread']); $datahandler->set_error($lang->many_tags); return; } foreach ($tags as $tag) { if (my_strlen($tag) > 0 && my_strlen($tag) < $mybb->settings['tags_minchars']) { $datahandler->set_error($lang->tags_too_short); return; } elseif (my_strlen($tag) > $mybb->settings['tags_maxchars'] && $mybb->settings['tags_maxchars'] > 0) { $datahandler->set_error($lang->tags_too_long); return; } } } }
/** * Verifies a private message subject. * * @return boolean True when valid, false when invalid. */ function verify_subject() { $subject =& $this->data['subject']; // Subject is over 85 characters, too long. if (my_strlen($subject) > 85) { $this->set_error("too_long_subject"); return false; } // No subject, apply the default [no subject] if (!trim_blank_chrs($subject)) { $this->set_error("missing_subject"); return false; } return true; }
function countWord($string) { //출처 http://php.net/manual/en/function.str-word-count.php // Return the number of words in a string. $string = str_replace("'", "'", $string); $t = array(' ', "\t", '=', '+', '-', '*', '/', '\\', ',', '.', ';', ':', '[', ']', '{', '}', '(', ')', '<', '>', '&', '%', '$', '@', '#', '^', '!', '?', '~'); // separators $string = str_replace($t, " ", $string); $string = trim(preg_replace("/\\s+/", " ", $string)); $num = 0; if (my_strlen($string) > 0) { $word_array = explode(" ", $string); $num = count($word_array); } return $num; }
} $xml = "<?xml version=\"1.0\" encoding=\"{$lang->settings['charset']}\"?" . ">\n"; $xml = "<usergroups version=\"{$mybb->version_code}\" exported=\"" . TIME_NOW . "\">\n"; $query = $db->simple_select("usergroups", "*", $gidwhere, array('order_by' => 'gid', 'order_dir' => 'ASC')); while ($usergroup = $db->fetch_array($query)) { $xml .= "\t\t<usergroup>\n"; foreach ($usergroup as $key => $value) { $value = str_replace(']]>', ']]]]><![CDATA[>', $value); $xml .= "\t\t\t<{$key}><![CDATA[{$value}]]></{$key}>\n"; } $xml .= "\t\t</usergroup>\n"; } $xml .= "</usergroups>"; $mybb->settings['bbname'] = urlencode($mybb->settings['bbname']); header("Content-disposition: filename=" . $mybb->settings['bbname'] . "-usergroups.xml"); header("Content-Length: " . my_strlen($xml)); header("Content-type: unknown/unknown"); header("Pragma: no-cache"); header("Expires: 0"); $plugins->run_hooks("admin_user_groups_export_end"); echo $xml; exit; } if ($mybb->input['action'] == "approve_join_request") { $plugins->run_hooks("admin_user_groups_approve_join_request"); $query = $db->simple_select("joinrequests", "*", "rid='" . $mybb->input['rid'] . "'"); $request = $db->fetch_array($query); if (!$request['rid']) { flash_message($lang->error_invalid_join_request, 'error'); admin_redirect("index.php?module=user-groups"); }
echo $error; exit; } // This user is trying to give a positive reputation, but positive reps have been disabled. if ($mybb->get_input('reputation', MyBB::INPUT_INT) > 0 && $mybb->settings['posrep'] != 1) { $message = $lang->add_positive_disabled; if ($mybb->input['nomodal']) { eval("\$error = \"" . $templates->get("reputation_add_error_nomodal", 1, 0) . "\";"); } else { eval("\$error = \"" . $templates->get("reputation_add_error", 1, 0) . "\";"); } echo $error; exit; } // The length of the comment is too long if (my_strlen($mybb->input['comments']) > $mybb->settings['maxreplength']) { $message = $lang->sprintf($lang->add_toolong, $mybb->settings['maxreplength']); if ($mybb->input['nomodal']) { eval("\$error = \"" . $templates->get("reputation_add_error_nomodal", 1, 0) . "\";"); } else { eval("\$error = \"" . $templates->get("reputation_add_error", 1, 0) . "\";"); } echo $error; exit; } // Build array of reputation data. $reputation = array("uid" => $uid, "adduid" => $mybb->user['uid'], "pid" => $mybb->get_input('pid', MyBB::INPUT_INT), "reputation" => $mybb->get_input('reputation', MyBB::INPUT_INT), "dateline" => TIME_NOW, "comments" => $db->escape_string($mybb->input['comments'])); $plugins->run_hooks("reputation_do_add_process"); // Updating an existing reputation if (!empty($existing_reputation['uid'])) { $db->update_query("reputation", $reputation, "rid='" . $existing_reputation['rid'] . "'");
/** * Verifies if a profile fields are filled in correctly. * * @return boolean True when valid, false when invalid. */ function verify_profile_fields() { global $db, $cache; $user =& $this->data; $profile_fields =& $this->data['profile_fields']; // Loop through profile fields checking if they exist or not and are filled in. $userfields = array(); $comma = ''; // Fetch all profile fields first. $pfcache = $cache->read('profilefields'); if (is_array($pfcache)) { // Then loop through the profile fields. foreach ($pfcache as $profilefield) { if (isset($this->data['profile_fields_editable']) || isset($this->data['registration']) && ($profilefield['required'] == 1 || $profilefield['registration'] == 1)) { $profilefield['editableby'] = -1; } if (!is_member($profilefield['editableby'], array('usergroup' => $user['usergroup'], 'additionalgroups' => $user['additionalgroups']))) { continue; } // Does this field have a minimum post count? if (!isset($this->data['profile_fields_editable']) && !empty($profilefield['postnum']) && $profilefield['postnum'] > $user['postnum']) { continue; } $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); $thing = explode("\n", $profilefield['type'], "2"); $type = trim($thing[0]); $field = "fid{$profilefield['fid']}"; if (!isset($profile_fields[$field])) { $profile_fields[$field] = ''; } // If the profile field is required, but not filled in, present error. if ($type != "multiselect" && $type != "checkbox") { if (trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") { $this->set_error('missing_required_profile_field', array($profilefield['name'])); } } elseif (($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") { $this->set_error('missing_required_profile_field', array($profilefield['name'])); } // Sort out multiselect/checkbox profile fields. $options = ''; if (($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field])) { $expoptions = explode("\n", $thing[1]); $expoptions = array_map('trim', $expoptions); foreach ($profile_fields[$field] as $value) { if (!in_array(htmlspecialchars_uni($value), $expoptions)) { $this->set_error('bad_profile_field_values', array($profilefield['name'])); } if ($options) { $options .= "\n"; } $options .= $db->escape_string($value); } } elseif ($type == "select" || $type == "radio") { $expoptions = explode("\n", $thing[1]); $expoptions = array_map('trim', $expoptions); if (!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "") { $this->set_error('bad_profile_field_values', array($profilefield['name'])); } $options = $db->escape_string($profile_fields[$field]); } else { if ($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) { $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength'])); } if (!empty($profilefield['regex']) && !preg_match("#" . $profilefield['regex'] . "#i", $profile_fields[$field])) { $this->set_error('bad_profile_field_value', array($profilefield['name'])); } $options = $db->escape_string($profile_fields[$field]); } $user['user_fields'][$field] = $options; } } return true; }
$message['subject'] = $parser->parse_badwords($message['subject']); if (my_strlen($message['subject']) > 50) { $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50) . "..."); } else { $message['subject'] = htmlspecialchars_uni($message['subject']); } if ($message['folder'] != "3") { $senddate = my_date('relative', $message['dateline']); } else { $senddate = $lang->not_sent; } $foldername = $foldernames[$message['folder']]; // What we do here is parse the post using our post parser, then strip the tags from it $parser_options = array('allow_html' => 0, 'allow_mycode' => 1, 'allow_smilies' => 0, 'allow_imgcode' => 0, 'filter_badwords' => 1); $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options)); if (my_strlen($message['message']) > 200) { $message['message'] = my_substr($message['message'], 0, 200) . "..."; } eval("\$messagelist .= \"" . $templates->get("private_search_messagebit") . "\";"); } if ($db->num_rows($query) == 0) { eval("\$messagelist = \"" . $templates->get("private_search_results_nomessages") . "\";"); } $plugins->run_hooks("private_results_end"); eval("\$results = \"" . $templates->get("private_search_results") . "\";"); output_page($results); } if ($mybb->input['action'] == "advanced_search") { $plugins->run_hooks("private_advanced_search"); eval("\$advanced_search = \"" . $templates->get("private_advanced_search") . "\";"); output_page($advanced_search);
$totalposts_query = $db->simple_select("posts", "fid,message", "uid='" . $user['uid'] . "' AND pid NOT IN(" . implode(',', $firstposts) . ")"); while ($post = $db->fetch_array($totalposts_query)) { if ($mybb->settings['newpoints_income_newpost'] == 0) { continue; } if (!$allforumrules[$post['fid']]) { $allforumrules[$post['fid']]['rate'] = 1; } // no rule set so default income rate is 1 // if the forum rate is 0, nothing is going to be added so let's just skip to the next post if ($allforumrules[$post['fid']]['rate'] == 0) { continue; } // calculate points ber character bonus // let's see if the number of characters in the post is greater than the minimum characters if (($charcount = my_strlen($post['message'])) >= $mybb->settings['newpoints_income_minchar']) { $bonus = $charcount * $mybb->settings['newpoints_income_perchar']; } else { $bonus = 0; } // give points to the poster $points += ($mybb->settings['newpoints_income_newpost'] + $bonus) * $allforumrules[$post['fid']]['rate']; $thread = get_thread($post['tid']); if ($thread['uid'] != $user['uid']) { // we are not the thread started so give points to him/her if ($mybb->settings['newpoints_income_perreply'] != 0) { newpoints_addpoints($thread['uid'], $mybb->settings['newpoints_income_perreply'], $allforumrules[$post['fid']]['rate'], $grouprules['rate']); } } } // poll votes
} else { eval("\$latest_post = \"" . $templates->get("modcp_awaitingmoderation_none") . "\";"); } eval("\$awaitingposts = \"" . $templates->get("modcp_awaitingposts") . "\";"); } if ($nummodqueuethreads > 0 || $mybb->usergroup['issupermod'] == 1) { $query = $db->simple_select("threads", "COUNT(tid) AS unapprovedthreads", "visible='0' {$flist_queue_threads}"); $unapproved_threads = $db->fetch_field($query, "unapprovedthreads"); if ($unapproved_threads > 0) { $query = $db->simple_select("threads", "tid, subject, uid, username, dateline", "visible='0' {$flist_queue_threads}", array('order_by' => 'dateline', 'order_dir' => 'DESC', 'limit' => 1)); $thread = $db->fetch_array($query); $thread['date'] = my_date('relative', $thread['dateline']); $thread['profilelink'] = build_profile_link($thread['username'], $thread['uid']); $thread['link'] = get_thread_link($thread['tid']); $thread['subject'] = $thread['fullsubject'] = $parser->parse_badwords($thread['subject']); if (my_strlen($thread['subject']) > 25) { $post['subject'] = my_substr($thread['subject'], 0, 25) . "..."; } $thread['subject'] = htmlspecialchars_uni($thread['subject']); $thread['fullsubject'] = htmlspecialchars_uni($thread['fullsubject']); $unapproved_threads = my_number_format($unapproved_threads); eval("\$latest_thread = \"" . $templates->get("modcp_lastthread") . "\";"); } else { eval("\$latest_thread = \"" . $templates->get("modcp_awaitingmoderation_none") . "\";"); } eval("\$awaitingthreads = \"" . $templates->get("modcp_awaitingthreads") . "\";"); } if (!empty($awaitingattachments) || !empty($awaitingposts) || !empty($awaitingthreads)) { eval("\$awaitingmoderation = \"" . $templates->get("modcp_awaitingmoderation") . "\";"); } }
$postoptions_subscriptionmethod_dont = "checked=\"checked\""; } } } } if ($forum['allowpicons'] != 0) { $posticons = get_post_icons(); } // No subject? if (!isset($subject)) { if (!empty($mybb->input['subject'])) { $subject = $mybb->get_input('subject'); } else { $subject = $thread['subject']; // Subject too long? Shorten it to avoid error message if (my_strlen($subject) > 85) { $subject = my_substr($subject, 0, 82) . '...'; } $subject = "RE: " . $subject; } } // Preview a post that was written. $preview = ''; if (!empty($mybb->input['previewpost'])) { // If this isn't a logged in user, then we need to do some special validation. if ($mybb->user['uid'] == 0) { // If they didn't specify a username then give them "Guest" if (!$mybb->get_input('username')) { $username = $lang->guest; } else { $username = $mybb->get_input('username');
/** * Truncate too long URLs. * * @param string The string to be truncated. * @param string The word separator. * @param int The soft limit. * @param int The hard limit. * @return string truncated string */ function google_seo_url_truncate($str) { global $settings; $separator = $settings['google_seo_url_separator']; $soft = $settings['google_seo_url_length_soft']; $hard = $settings['google_seo_url_length_hard']; // Cut off word past soft limit. if ($soft && my_strlen($str) > $soft) { // Search the separator after the soft limit. $part = my_substr($str, $soft); $pos = my_strpos($part, $separator); if ($pos === 0 || $pos > 0) { $str = my_substr($str, 0, $soft + $pos); } } // Truncate hard limit. if ($hard && my_strlen($str) > $hard) { $str = my_substr($str, 0, $hard); } return $str; }
break; } // Any events on this specific day? if (is_array($events_cache) && array_key_exists("{$day}-{$calendar_month}-{$calendar_year}", $events_cache)) { $total_events = count($events_cache["{$day}-{$calendar_month}-{$calendar_year}"]); if ($total_events > $calendar['eventlimit'] && $calendar['eventlimit'] != 0) { if ($total_events > 1) { $day_events = "<div style=\"margin-bottom: 4px;\"><a href=\"" . get_calendar_link($calendar['cid'], $calendar_year, $calendar_month, $day) . "\" class=\"smalltext\">{$total_events} {$lang->events}</a></div>\n"; } else { $day_events = "<div style=\"margin-bottom: 4px;\"><a href=\"" . get_calendar_link($calendar['cid'], $calendar_year, $calendar_month, $day) . "\" class=\"smalltext\">1 {$lang->event}</a></div>\n"; } } else { foreach ($events_cache["{$day}-{$calendar_month}-{$calendar_year}"] as $event) { $event['eventlink'] = get_event_link($event['eid']); $event['fullname'] = htmlspecialchars_uni($event['name']); if (my_strlen($event['name']) > 15) { $event['name'] = my_substr($event['name'], 0, 15) . "..."; } $event['name'] = htmlspecialchars_uni($event['name']); if ($event['private'] == 1) { $event_class = " private_event"; } else { $event_class = " public_event"; } if ($event['visible'] == 0) { $event_class .= " trow_shaded"; } eval("\$day_events .= \"" . $templates->get("calendar_eventbit") . "\";"); } } }
/** * Writes text to the image. * * @param resource $im The image. * @param string $string The string to be written * * @return bool False if string is empty, true otherwise */ function draw_string(&$im, $string) { global $use_ttf, $min_size, $max_size, $min_angle, $max_angle, $ttf_fonts, $img_height, $img_width; if (empty($string)) { return false; } $spacing = $img_width / my_strlen($string); $string_length = my_strlen($string); for ($i = 0; $i < $string_length; ++$i) { // Using TTF fonts if ($use_ttf) { // Select a random font size $font_size = my_rand($min_size, $max_size); // Select a random font $font = array_rand($ttf_fonts); $font = $ttf_fonts[$font]; // Select a random rotation $rotation = my_rand($min_angle, $max_angle); // Set the colour $r = my_rand(0, 200); $g = my_rand(0, 200); $b = my_rand(0, 200); $color = imagecolorallocate($im, $r, $g, $b); // Fetch the dimensions of the character being added $dimensions = imageftbbox($font_size, $rotation, $font, $string[$i], array()); $string_width = $dimensions[2] - $dimensions[0]; $string_height = $dimensions[3] - $dimensions[5]; // Calculate character offsets //$pos_x = $pos_x + $string_width + ($string_width/4); $pos_x = $spacing / 4 + $i * $spacing; $pos_y = ceil($img_height - $string_height / 2); // Draw a shadow $shadow_x = my_rand(-3, 3) + $pos_x; $shadow_y = my_rand(-3, 3) + $pos_y; $shadow_color = imagecolorallocate($im, $r + 20, $g + 20, $b + 20); imagefttext($im, $font_size, $rotation, $shadow_x, $shadow_y, $shadow_color, $font, $string[$i], array()); // Write the character to the image imagefttext($im, $font_size, $rotation, $pos_x, $pos_y, $color, $font, $string[$i], array()); } else { // Get width/height of the character $string_width = imagefontwidth(5); $string_height = imagefontheight(5); // Calculate character offsets $pos_x = $spacing / 4 + $i * $spacing; $pos_y = $img_height / 2 - $string_height - 10 + my_rand(-3, 3); // Create a temporary image for this character if (gd_version() >= 2) { $temp_im = imagecreatetruecolor(15, 20); } else { $temp_im = imagecreate(15, 20); } $bg_color = imagecolorallocate($temp_im, 255, 255, 255); imagefill($temp_im, 0, 0, $bg_color); imagecolortransparent($temp_im, $bg_color); // Set the colour $r = my_rand(0, 200); $g = my_rand(0, 200); $b = my_rand(0, 200); $color = imagecolorallocate($temp_im, $r, $g, $b); // Draw a shadow $shadow_x = my_rand(-1, 1); $shadow_y = my_rand(-1, 1); $shadow_color = imagecolorallocate($temp_im, $r + 50, $g + 50, $b + 50); imagestring($temp_im, 5, 1 + $shadow_x, 1 + $shadow_y, $string[$i], $shadow_color); imagestring($temp_im, 5, 1, 1, $string[$i], $color); // Copy to main image imagecopyresized($im, $temp_im, $pos_x, $pos_y, 0, 0, 40, 55, 15, 20); imagedestroy($temp_im); } } return true; }
$post['forumlink'] = "<a href=\"" . get_forum_link($post['fid']) . "\">" . $forumcache[$post['fid']]['name'] . "</a>"; } else { $post['forumlink'] = ""; } if (!$post['subject']) { $post['subject'] = $post['message']; } if (my_strlen($post['subject']) > 50) { $post['subject'] = htmlspecialchars_uni(my_substr($post['subject'], 0, 50) . "..."); } else { $post['subject'] = htmlspecialchars_uni($post['subject']); } // What we do here is parse the post using our post parser, then strip the tags from it $parser_options = array('allow_html' => 0, 'allow_mycode' => 1, 'allow_smilies' => 0, 'allow_imgcode' => 0, 'filter_badwords' => 1); $post['message'] = strip_tags($parser->parse_message($post['message'], $parser_options)); if (my_strlen($post['message']) > 200) { $prev = my_substr($post['message'], 0, 200) . "..."; } else { $prev = $post['message']; } $posted = my_date($mybb->settings['dateformat'], $post['dateline']) . ", " . my_date($mybb->settings['timeformat'], $post['dateline']); $thread_url = get_thread_link($post['tid']); $post_url = get_post_link($post['pid'], $post['tid']); // Inline post moderation $inline_mod_checkbox = ''; if ($is_supermod || is_moderator($post['fid'])) { eval("\$inline_mod_checkbox = \"" . $templates->get("search_results_posts_inlinecheck") . "\";"); } elseif ($is_mod) { eval("\$inline_mod_checkbox = \"" . $templates->get("search_results_posts_nocheck") . "\";"); } $plugins->run_hooks("search_results_post");
public function retrieve_buddylist_from_db($page, $memprofile) { global $db, $settings; $page = (int) $page; $buddylist = array(); $count = count(array_filter(explode(",", $memprofile["buddylist"]))); $limit = is_numeric($settings["mpbuddylistrecord"]) ? (int) $settings["mpbuddylistrecord"] : 4; $membuddylistarray = array_slice(explode(",", $memprofile["buddylist"]), ($page - 1) * $limit, $limit); $membuddylist = implode(",", $membuddylistarray); if (my_strlen(trim($membuddylist)) != 0) { $query = $db->simple_select("users", "*", "uid IN ({$membuddylist})", array("limit" => $limit)); while ($buddy = $db->fetch_array($query)) { $buddylist[] = $buddy; } /* saving up a query */ } return $this->buddylist_process($buddylist, $count, $memprofile, $limit, $page); }
/** * Verifies if a profile fields are filled in correctly. * * @return boolean True when valid, false when invalid. */ function verify_profile_fields() { global $db; $user =& $this->data; $profile_fields =& $this->data['profile_fields']; // Loop through profile fields checking if they exist or not and are filled in. $userfields = array(); $comma = ''; $editable = ''; if (!$this->data['profile_fields_editable']) { $editable = "editable=1"; } // Fetch all profile fields first. $options = array('order_by' => 'disporder'); $query = $db->simple_select('profilefields', 'name, postnum, type, fid, required, maxlength', $editable, $options); // Then loop through the profile fields. while ($profilefield = $db->fetch_array($query)) { // Does this field have a minimum post count? if (!$this->data['profile_fields_editable'] && !empty($profilefield['postnum']) && $profilefield['postnum'] > $user['postnum']) { continue; } $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); $thing = explode("\n", $profilefield['type'], "2"); $type = trim($thing[0]); $field = "fid{$profilefield['fid']}"; // If the profile field is required, but not filled in, present error. if ($type != "multiselect" && $type != "checkbox") { if (trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") { $this->set_error('missing_required_profile_field', array($profilefield['name'])); } } elseif (($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") { $this->set_error('missing_required_profile_field', array($profilefield['name'])); } // Sort out multiselect/checkbox profile fields. $options = ''; if (($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field])) { $expoptions = explode("\n", $thing[1]); $expoptions = array_map('trim', $expoptions); foreach ($profile_fields[$field] as $value) { if (!in_array(htmlspecialchars_uni($value), $expoptions)) { $this->set_error('bad_profile_field_values', array($profilefield['name'])); } if ($options) { $options .= "\n"; } $options .= $db->escape_string($value); } } elseif ($type == "select" || $type == "radio") { $expoptions = explode("\n", $thing[1]); $expoptions = array_map('trim', $expoptions); if (!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "") { $this->set_error('bad_profile_field_values', array($profilefield['name'])); } $options = $db->escape_string($profile_fields[$field]); } elseif ($type == "textarea") { if ($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) { $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength'])); } $options = $db->escape_string($profile_fields[$field]); } else { if ($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) { $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength'])); } $options = $db->escape_string($profile_fields[$field]); } $user['user_fields'][$field] = $options; } return true; }
if (!isset($postoptions['public']) || $postoptions['public'] != '1') { $postoptions['public'] = 0; } if (!isset($postoptions['closed']) || $postoptions['closed'] != '1') { $postoptions['closed'] = 0; } $optioncount = "0"; $options = $mybb->input['options']; for ($i = 1; $i <= $numoptions; ++$i) { if (!isset($options[$i])) { $options[$i] = ''; } if (trim($options[$i]) != '') { $optioncount++; } if (my_strlen($options[$i]) > $mybb->settings['polloptionlimit'] && $mybb->settings['polloptionlimit'] != 0) { $lengtherror = 1; break; } } if (isset($lengtherror)) { error($lang->error_polloptiontoolong); } $mybb->input['question'] = $mybb->get_input('question'); if (trim($mybb->input['question']) == '' || $optioncount < 2) { error($lang->error_noquestionoptions); } $optionslist = ''; $voteslist = ''; $numvotes = ''; $votes = $mybb->input['votes'];
/** * Parses IMG MyCode. * * @param string The URL to the image * @param array Optional array of dimensions */ function mycode_parse_img($url, $dimensions = array(), $align = '') { global $lang; $url = trim($url); $url = str_replace("\n", "", $url); $url = str_replace("\r", "", $url); if (!empty($this->options['allow_html'])) { $url = $this->parse_html($url); } $css_align = ''; if ($align == "right") { $css_align = " style=\"float: right;\""; } else { if ($align == "left") { $css_align = " style=\"float: left;\""; } } $alt = basename($url); $alt = htmlspecialchars_decode($alt); if (my_strlen($alt) > 55) { $alt = my_substr($alt, 0, 40) . '...' . my_substr($alt, -10); } $alt = htmlspecialchars_uni($alt); $alt = $lang->sprintf($lang->posted_image, $alt); if (isset($dimensions[0]) && $dimensions[0] > 0 && isset($dimensions[1]) && $dimensions[1] > 0) { return "<img src=\"{$url}\" width=\"{$dimensions[0]}\" height=\"{$dimensions[1]}\" border=\"0\" alt=\"{$alt}\"{$css_align} />"; } else { return "<img src=\"{$url}\" border=\"0\" alt=\"{$alt}\"{$css_align} />"; } }
function firstpreview_pm() { global $mybb, $db, $charset, $headerinclude, $header; $header = '<div class="arrow-down"></div>' . $header; // Add jQuery and noConflict for MyBB 1.6.* $jquery = ''; $noconflict = ''; if ($mybb->version < "1.7.0") { $jquery = '<script type="text/javascript"> //<![CDATA[ if (!window.jQuery) { document.write(unescape("%3Cscript src=\\"http://code.jquery.com/jquery-latest.min.js\\" type=\\"text/javascript\\"%3E%3C/script%3E")); } //]]> </script>'; $noconflict = 'jQuery.noConflict();'; } // Background color $bg_color = '#aaaaaa'; if (isset($mybb->settings['firstpreview_bg']) && preg_match('/^#([0-9a-f]{1,6})$/i', $mybb->settings['firstpreview_bg'])) { $bg_color = htmlspecialchars_uni($mybb->settings['firstpreview_bg']); } // Close button $close_preview = '#close_preview{display:none;cursor:pointer;background:#000;color:#fff;float:right;font-size:1em;font-weight:bold;text-align:center;width:20px;height:20px;border-radius:5px}'; if (isset($mybb->settings['firstpreview_close']) && $mybb->settings['firstpreview_close'] == 1) { $close_preview = '#close_preview{cursor:pointer;background:#000;color:#fff;float:right;font-size:1em;font-weight:bold;text-align:center;width:20px;height:20px;border-radius:5px}'; } // Insert the code $headerinclude .= ' <!-- start: first_preview_plugin --> <style type="text/css"> .modal_firstpost{text-align:left;border-radius:7px;-moz-border-radius:7px;-webkit-border-radius:7px;border:1px solid ' . $bgcolor . ';display:none;position:absolute;z-index:29000;width:390px;height:180px;overflow:hidden} .fpreview{z-index:29001;width:390px;height:180px;overflow:auto;background:' . $bg_color . '} .arrow-down{display:none;position:absolute;z-index:28999;width:0;height:0;border-left:20px solid transparent;border-right:20px solid transparent;border-top:20px solid ' . $bg_color . '} .prev_content{padding:10px;height:auto;word-wrap:break-word;-webkit-hyphens:auto;-moz-hyphens:auto;-ms-hyphens:auto;-o-hyphens:auto;hyphens:auto;background:none} ' . $close_preview . ' </style> ' . $jquery . ' <script type="text/javascript"> //<![CDATA[ ' . $noconflict . ' <!-- if(use_xmlhttprequest == 1) { jQuery(document).ready(function(e){e(".pmprev").on("touchenter mouseenter",function(){id=e(this).attr("id");pmid=id.replace(/[^\\d.]/g,"");var t=e(this).offset().left;var n=e(this).offset().top-200;showPost=setTimeout(function(){e.ajax({url:"private.php?pmid="+pmid+"&firstpm=1",type:"post",complete:function(t){e(".modal_firstpost").html(t.responseText)}});e(".modal_firstpost").fadeIn("slow");e(".modal_firstpost").css("top",n);e(".modal_firstpost").css("left",t);e(".arrow-down").fadeIn("slow");e(".arrow-down").css("top",n+180);e(".arrow-down").css("left",t+20);},1500)});e(".pmprev").on("mouseleave touchleave touchend",function(){clearTimeout(showPost);});e(".modal_firstpost").on("mouseleave touchmove",function(){e(".modal_firstpost").fadeOut("slow");e(".arrow-down").fadeOut("fast")});e(".modal_firstpost").on("click", "#close_preview", function(){e(".modal_firstpost").fadeOut("slow");e(".arrow-down").fadeOut("fast")})}); } //]]> </script> <!-- end: first_preview_plugin --> '; // Get the pm preview if (isset($mybb->input['firstpm']) && $mybb->input['firstpm'] == 1 && $mybb->request_method == "post") { $pmid = (int) $mybb->input['pmid']; $query = $db->simple_select('privatemessages', '*', "pmid = '" . $pmid . "'"); $pm = $db->fetch_array($query); // Load the users own messages only if ($pm['uid'] != $mybb->user['uid']) { return; } require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject'])); $user = get_user($pm['fromid']); $idtype = 'pmid'; $parser_options['allow_html'] = $mybb->settings['pmsallowhtml']; $parser_options['allow_mycode'] = $mybb->settings['pmsallowmycode']; $parser_options['allow_smilies'] = $mybb->settings['pmsallowsmilies']; $parser_options['allow_imgcode'] = $mybb->settings['pmsallowimgcode']; $parser_options['allow_videocode'] = $mybb->settings['pmsallowvideocode']; $parser_options['me_username'] = $user['username']; $parser_options['filter_badwords'] = 1; $id = $pmid; $pm['message'] = $parser->parse_message($pm['message'], $parser_options); $pmdate = my_date($mybb->settings['dateformat'], $pm['dateline']); $pmtime = my_date($mybb->settings['timeformat'], $pm['dateline']); $pmsent = ' (' . $pmdate . ', ' . $pmtime . ')'; if (isset($mybb->settings['firstpreview_html']) && $mybb->settings['firstpreview_html'] != 1) { $pm['message'] = strip_tags($pm['message'], "<br><p><ul><ol><li>"); } if (!empty($mybb->settings['firstpreview_length']) && $mybb->settings['firstpreview_length'] != "0" && my_strlen($pm['message']) > (int) $mybb->settings['firstpreview_length']) { $pm['message'] = preg_replace("!<a([^>]+)>!isU", "", $pm['message']); $pm['message'] = str_replace("</a>", "", $pm['message']); $pm['message'] = my_substr($pm['message'], 0, (int) $mybb->settings['firstpreview_length']) . '...<p><a href="private.php?action=read&pmid=' . (int) $pm['pmid'] . '">more</a></p>'; } $preview = "<div class=\"fpreview\"><span id=\"close_preview\">❌</span>\n\t\t<div class=\"thead\" style=\"text-align:center; font-weight:bold; min-height:20px;\">" . $pm['subject'] . "</div>\n\t\t<div class=\"tcat\" style=\"padding-left:10px;\">" . build_profile_link(format_name(htmlspecialchars_uni($user['username']), (int) $user['usergroup'], (int) $user['displaygroup']), (int) $pm['fromid']) . "<span class=\"smalltext\">" . $pmsent . "</span></div>\n\t\t<div class=\"prev_content\">" . $pm['message'] . "</div>\n\t\t</div>"; header("Content-type: text/plain; charset={$charset}"); echo $preview; exit; } }
/** * Perform a thread and post search under MySQL or MySQLi using boolean fulltext capabilities * * @param array Array of search data * @return array Array of search data with results mixed in */ function perform_search_mysql_ft($search) { global $mybb, $db, $lang; $keywords = clean_keywords_ft($search['keywords']); if (!$keywords && !$search['author']) { error($lang->error_nosearchterms); } // Attempt to determine minimum word length from MySQL for fulltext searches $query = $db->query("SHOW VARIABLES LIKE 'ft_min_word_len';"); $min_length = $db->fetch_field($query, 'Value'); if (is_numeric($min_length)) { $mybb->settings['minsearchword'] = $min_length; } else { $mybb->settings['minsearchword'] = 4; } if ($keywords) { $keywords_exp = explode("\"", $keywords); $inquote = false; foreach ($keywords_exp as $phrase) { if (!$inquote) { $split_words = preg_split("#\\s{1,}#", $phrase, -1); foreach ($split_words as $word) { $word = str_replace(array("+", "-", "*"), '', $word); if (!$word) { continue; } if (my_strlen($word) < $mybb->settings['minsearchword']) { $all_too_short = true; } else { $all_too_short = false; break; } } } else { $phrase = str_replace(array("+", "-", "*"), '', $phrase); if (my_strlen($phrase) < $mybb->settings['minsearchword']) { $all_too_short = true; } else { $all_too_short = false; break; } } $inquote = !$inquote; } // Show the minimum search term error only if all search terms are too short if ($all_too_short == true) { $lang->error_minsearchlength = $lang->sprintf($lang->error_minsearchlength, $mybb->settings['minsearchword']); error($lang->error_minsearchlength); } $message_lookin = "AND MATCH(message) AGAINST('" . $db->escape_string($keywords) . "' IN BOOLEAN MODE)"; $subject_lookin = "AND MATCH(subject) AGAINST('" . $db->escape_string($keywords) . "' IN BOOLEAN MODE)"; } $post_usersql = ''; $thread_usersql = ''; if ($search['author']) { $userids = array(); if ($search['matchusername']) { $query = $db->simple_select("users", "uid", "username='******'author']) . "'"); } else { $search['author'] = my_strtolower($search['author']); $query = $db->simple_select("users", "uid", "LOWER(username) LIKE '%" . $db->escape_string_like($db->escape_string($search['author'])) . "%'"); } while ($user = $db->fetch_array($query)) { $userids[] = $user['uid']; } if (count($userids) < 1) { error($lang->error_nosearchresults); } else { $userids = implode(',', $userids); $post_usersql = " AND p.uid IN (" . $userids . ")"; $thread_usersql = " AND t.uid IN (" . $userids . ")"; } } $datecut = ''; if ($search['postdate']) { if ($search['pddir'] == 0) { $datecut = "<="; } else { $datecut = ">="; } $now = TIME_NOW; $datelimit = $now - 86400 * $search['postdate']; $datecut .= "'{$datelimit}'"; $post_datecut = " AND p.dateline {$datecut}"; $thread_datecut = " AND t.dateline {$datecut}"; } $thread_replycut = ''; if ($search['numreplies'] != '' && $search['findthreadst']) { if (intval($search['findthreadst']) == 1) { $thread_replycut = " AND t.replies >= '" . intval($search['numreplies']) . "'"; } else { $thread_replycut = " AND t.replies <= '" . intval($search['numreplies']) . "'"; } } $forumin = ''; $fidlist = array(); $searchin = array(); if ($search['forums'] != "all") { if (!is_array($search['forums'])) { $search['forums'] = array(intval($search['forums'])); } foreach ($search['forums'] as $forum) { $forum = intval($forum); if (!$searchin[$forum]) { switch ($db->type) { case "pgsql": case "sqlite3": case "sqlite2": $query = $db->query("\n\t\t\t\t\t\t\tSELECT f.fid \n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "forums f \n\t\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermissions p ON (f.fid=p.fid AND p.gid='" . $mybb->user['usergroup'] . "') \n\t\t\t\t\t\t\tWHERE INSTR(','||parentlist||',',',{$forum},') > 0 AND active!=0 AND (ISNULL(p.fid) OR p.cansearch=1)\n\t\t\t\t\t\t"); break; default: $query = $db->query("\n\t\t\t\t\t\t\tSELECT f.fid \n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "forums f \n\t\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermissions p ON (f.fid=p.fid AND p.gid='" . $mybb->user['usergroup'] . "') \n\t\t\t\t\t\t\tWHERE INSTR(CONCAT(',',parentlist,','),',{$forum},') > 0 AND active!=0 AND (ISNULL(p.fid) OR p.cansearch=1)\n\t\t\t\t\t\t"); } while ($sforum = $db->fetch_array($query)) { $fidlist[] = $sforum['fid']; } } } if (count($fidlist) == 1) { $forumin .= " AND t.fid='{$forum}' "; $searchin[$fid] = 1; } else { if (count($fidlist) > 1) { $forumin = " AND t.fid IN (" . implode(',', $fidlist) . ")"; } } } $unsearchforums = get_unsearchable_forums(); if ($unsearchforums) { $permsql = " AND t.fid NOT IN ({$unsearchforums})"; } $inactiveforums = get_inactive_forums(); if ($inactiveforums) { $permsql .= " AND t.fid NOT IN ({$inactiveforums})"; } // Searching a specific thread? if ($search['tid']) { $tidsql = " AND t.tid='" . intval($search['tid']) . "'"; } $limitsql = ''; if (intval($mybb->settings['searchhardlimit']) > 0) { $limitsql = "LIMIT " . intval($mybb->settings['searchhardlimit']); } // Searching both posts and thread titles $threads = array(); $posts = array(); $firstposts = array(); if ($search['postthread'] == 1) { // No need to search subjects when looking for results within a specific thread if (!$search['tid']) { $query = $db->query("\n\t\t\t\tSELECT t.tid, t.firstpost\n\t\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\t\tWHERE 1=1 {$thread_datecut} {$thread_replycut} {$forumin} {$thread_usersql} {$permsql} AND t.visible>=0 AND t.closed NOT LIKE 'moved|%' {$subject_lookin}\n\t\t\t\t{$limitsql}\n\t\t\t"); while ($thread = $db->fetch_array($query)) { $threads[$thread['tid']] = $thread['tid']; if ($thread['firstpost']) { $posts[$thread['tid']] = $thread['firstpost']; } } } $query = $db->query("\n\t\t\tSELECT p.pid, p.tid\n\t\t\tFROM " . TABLE_PREFIX . "posts p\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\t\tWHERE 1=1 {$post_datecut} {$thread_replycut} {$forumin} {$post_usersql} {$permsql} {$tidsql} AND p.visible>=0 AND t.visible>=0 AND t.closed NOT LIKE 'moved|%' {$message_lookin}\n\t\t\t{$limitsql}\n\t\t"); while ($post = $db->fetch_array($query)) { $posts[$post['pid']] = $post['pid']; $threads[$post['tid']] = $post['tid']; } if (count($posts) < 1 && count($threads) < 1) { error($lang->error_nosearchresults); } $threads = implode(',', $threads); $posts = implode(',', $posts); } else { $query = $db->query("\n\t\t\tSELECT t.tid, t.firstpost\n\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\tWHERE 1=1 {$thread_datecut} {$thread_replycut} {$forumin} {$thread_usersql} {$permsql} AND t.visible>=0 {$subject_lookin}\n\t\t\t{$limitsql}\n\t\t"); while ($thread = $db->fetch_array($query)) { $threads[$thread['tid']] = $thread['tid']; if ($thread['firstpost']) { $firstposts[$thread['tid']] = $thread['firstpost']; } } if (count($threads) < 1) { error($lang->error_nosearchresults); } $threads = implode(',', $threads); $firstposts = implode(',', $firstposts); if ($firstposts) { $query = $db->simple_select("posts", "pid", "pid IN ({$firstposts}) AND visible >= '0' {$limitsql}"); while ($post = $db->fetch_array($query)) { $posts[$post['pid']] = $post['pid']; } $posts = implode(',', $posts); } } return array("threads" => $threads, "posts" => $posts, "querycache" => ''); }
/** * Builds the "view management" interface allowing administrators to edit their custom designed "views" * * @param string The base URL to this instance of the view manager * @param string The internal type identifier for this view * @param array Array of fields this view supports * @param array Array of possible sort options this view supports if any * @param string Optional callback function which generates list of "conditions" for this view */ function view_manager($base_url, $type, $fields, $sort_options = array(), $conditions_callback = "") { global $mybb, $db, $page, $lang; $sub_tabs['views'] = array('title' => $lang->views, 'link' => "{$base_url}&action=views", 'description' => $lang->views_desc); $sub_tabs['create_view'] = array('title' => $lang->create_new_view, 'link' => "{$base_url}&action=views&do=add", 'description' => $lang->create_new_view_desc); $page->add_breadcrumb_item($lang->view_manager, 'index.php?module=user-users&action=views'); // Lang strings should be in global lang file if ($mybb->input['do'] == "set_default") { $query = $db->simple_select("adminviews", "vid, uid, visibility", "vid='" . $mybb->get_input('vid', MyBB::INPUT_INT) . "'"); $admin_view = $db->fetch_array($query); if (!$admin_view['vid'] || $admin_view['visibility'] == 1 && $mybb->user['uid'] != $admin_view['uid']) { flash_message($lang->error_invalid_admin_view, 'error'); admin_redirect($base_url . "&action=views"); } set_default_view($type, $admin_view['vid']); flash_message($lang->succuss_view_set_as_default, 'success'); admin_redirect($base_url . "&action=views"); } if ($mybb->input['do'] == "add") { if ($mybb->request_method == "post") { if (!trim($mybb->input['title'])) { $errors[] = $lang->error_missing_view_title; } if ($mybb->input['fields_js']) { $mybb->input['fields'] = explode(",", $mybb->input['fields_js']); } if (count($mybb->input['fields']) <= 0) { $errors[] = $lang->error_no_view_fields; } if ($mybb->get_input('perpage', MyBB::INPUT_INT) <= 0) { $errors[] = $lang->error_invalid_view_perpage; } if (!in_array($mybb->input['sortby'], array_keys($sort_options))) { $errors[] = $lang->error_invalid_view_sortby; } if ($mybb->input['sortorder'] != "asc" && $mybb->input['sortorder'] != "desc") { $errors[] = $lang->error_invalid_view_sortorder; } if ($mybb->input['visibility'] == 0) { $mybb->input['visibility'] = 2; } if (!$errors) { $new_view = array("uid" => $mybb->user['uid'], "title" => $db->escape_string($mybb->input['title']), "type" => $type, "visibility" => $mybb->get_input('visibility', MyBB::INPUT_INT), "fields" => $db->escape_string(my_serialize($mybb->input['fields'])), "conditions" => $db->escape_string(my_serialize($mybb->input['conditions'])), "custom_profile_fields" => $db->escape_string(my_serialize($mybb->input['profile_fields'])), "sortby" => $db->escape_string($mybb->input['sortby']), "sortorder" => $db->escape_string($mybb->input['sortorder']), "perpage" => $mybb->get_input('perpage', MyBB::INPUT_INT), "view_type" => $db->escape_string($mybb->input['view_type'])); $vid = $db->insert_query("adminviews", $new_view); if ($mybb->input['isdefault']) { set_default_view($type, $vid); } flash_message($lang->success_view_created, "success"); admin_redirect($base_url . "&vid={$vid}"); } } else { $mybb->input = array_merge($mybb->input, array('perpage' => 20)); } // Write in our JS based field selector $page->extra_header .= "<script src=\"jscripts/view_manager.js\" type=\"text/javascript\"></script>\n"; $page->add_breadcrumb_item($lang->create_new_view); $page->output_header($lang->create_new_view); $form = new Form($base_url . "&action=views&do=add", "post"); $page->output_nav_tabs($sub_tabs, 'create_view'); // If we have any error messages, show them if ($errors) { $page->output_inline_error($errors); } $form_container = new FormContainer($lang->create_new_view); $form_container->output_row($lang->title . " <em>*</em>", "", $form->generate_text_box('title', $mybb->input['title'], array('id' => 'title')), 'title'); if ($mybb->input['visibility'] == 2) { $visibility_public_checked = true; } else { $visibility_private_checked = true; } $visibility_options = array($form->generate_radio_button("visibility", "1", "<strong>{$lang->private}</strong> - {$lang->private_desc}", array("checked" => $visibility_private_checked)), $form->generate_radio_button("visibility", "2", "<strong>{$lang->public}</strong> - {$lang->public_desc}", array("checked" => $visibility_public_checked))); $form_container->output_row($lang->visibility, "", implode("<br />", $visibility_options)); $form_container->output_row($lang->set_as_default_view, "", $form->generate_yes_no_radio("isdefault", $mybb->input['isdefault'], array('yes' => 1, 'no' => 0))); if (count($sort_options) > 0) { $sort_directions = array("asc" => $lang->ascending, "desc" => $lang->descending); $form_container->output_row($lang->sort_results_by, "", $form->generate_select_box('sortby', $sort_options, $mybb->input['sortby'], array('id' => 'sortby')) . " {$lang->in} " . $form->generate_select_box('sortorder', $sort_directions, $mybb->input['sortorder'], array('id' => 'sortorder')), 'sortby'); } $form_container->output_row($lang->results_per_page, "", $form->generate_numeric_field('perpage', $mybb->input['perpage'], array('id' => 'perpage', 'min' => 1)), 'perpage'); if ($type == "user") { $form_container->output_row($lang->display_results_as, "", $form->generate_radio_button('view_type', 'table', $lang->table, array('checked' => $mybb->input['view_type'] != "card" ? true : false)) . "<br />" . $form->generate_radio_button('view_type', 'card', $lang->business_card, array('checked' => $mybb->input['view_type'] == "card" ? true : false))); } $form_container->end(); $field_select .= "<div class=\"view_fields\">\n"; $field_select .= "<div class=\"enabled\"><div class=\"fields_title\">{$lang->enabled}</div><ul id=\"fields_enabled\">\n"; if (is_array($mybb->input['fields'])) { foreach ($mybb->input['fields'] as $field) { if ($fields[$field]) { $field_select .= "<li id=\"field-{$field}\">• {$fields[$field]['title']}</li>"; $active[$field] = 1; } } } $field_select .= "</ul></div>\n"; $field_select .= "<div class=\"disabled\"><div class=\"fields_title\">{$lang->disabled}</div><ul id=\"fields_disabled\">\n"; foreach ($fields as $key => $field) { if ($active[$key]) { continue; } $field_select .= "<li id=\"field-{$key}\">• {$field['title']}</li>"; } $field_select .= "</div></ul>\n"; $field_select .= $form->generate_hidden_field("fields_js", @implode(",", @array_keys($active)), array('id' => 'fields_js')); $field_select = str_replace("'", "\\'", $field_select); $field_select = str_replace("\n", "", $field_select); $field_select = "<script type=\"text/javascript\">\n//<![CDATA[\ndocument.write('" . str_replace("/", "\\/", $field_select) . "');\n//]]>\n</script>\n"; foreach ($fields as $key => $field) { $field_options[$key] = $field['title']; } $field_select .= "<noscript>" . $form->generate_select_box('fields[]', $field_options, $mybb->input['fields'], array('id' => 'fields', 'multiple' => true)) . "</noscript>\n"; $form_container = new FormContainer($lang->fields_to_show); $form_container->output_row($lang->fields_to_show_desc, $description, $field_select); $form_container->end(); // Build the search conditions if (function_exists($conditions_callback)) { $conditions_callback($mybb->input, $form); } $buttons[] = $form->generate_submit_button($lang->save_view); $form->output_submit_wrapper($buttons); $form->end(); $page->output_footer(); } else { if ($mybb->input['do'] == "edit") { $query = $db->simple_select("adminviews", "*", "vid='" . $mybb->get_input('vid', MyBB::INPUT_INT) . "'"); $admin_view = $db->fetch_array($query); // Does the view not exist? if (!$admin_view['vid'] || $admin_view['visibility'] == 1 && $mybb->user['uid'] != $admin_view['uid']) { flash_message($lang->error_invalid_admin_view, 'error'); admin_redirect($base_url . "&action=views"); } if ($mybb->request_method == "post") { if (!trim($mybb->input['title'])) { $errors[] = $lang->error_missing_view_title; } if ($mybb->input['fields_js']) { $mybb->input['fields'] = explode(",", $mybb->input['fields_js']); } if (count($mybb->input['fields']) <= 0) { $errors[] = $lang->error_no_view_fields; } if ($mybb->get_input('perpage', MyBB::INPUT_INT) <= 0) { $errors[] = $lang->error_invalid_view_perpage; } if (!in_array($mybb->input['sortby'], array_keys($sort_options))) { $errors[] = $lang->error_invalid_view_sortby; } if ($mybb->input['sortorder'] != "asc" && $mybb->input['sortorder'] != "desc") { $errors[] = $lang->error_invalid_view_sortorder; } if ($mybb->input['visibility'] == 0) { $mybb->input['visibility'] = 2; } if (!$errors) { $updated_view = array("title" => $db->escape_string($mybb->input['title']), "type" => $type, "visibility" => $mybb->get_input('visibility', MyBB::INPUT_INT), "fields" => $db->escape_string(my_serialize($mybb->input['fields'])), "conditions" => $db->escape_string(my_serialize($mybb->input['conditions'])), "custom_profile_fields" => $db->escape_string(my_serialize($mybb->input['profile_fields'])), "sortby" => $db->escape_string($mybb->input['sortby']), "sortorder" => $db->escape_string($mybb->input['sortorder']), "perpage" => $mybb->get_input('perpage', MyBB::INPUT_INT), "view_type" => $db->escape_string($mybb->input['view_type'])); $db->update_query("adminviews", $updated_view, "vid='{$admin_view['vid']}'"); if ($mybb->input['isdefault']) { set_default_view($type, $admin_view['vid']); } flash_message($lang->success_view_updated, "success"); admin_redirect($base_url . "&vid={$admin_view['vid']}"); } } // Write in our JS based field selector $page->extra_header .= "<script src=\"jscripts/view_manager.js\" type=\"text/javascript\"></script>\n"; $page->add_breadcrumb_item($lang->edit_view); $page->output_header($lang->edit_view); $form = new Form($base_url . "&action=views&do=edit&vid={$admin_view['vid']}", "post"); $sub_tabs = array(); $sub_tabs['edit_view'] = array('title' => $lang->edit_view, 'link' => $base_url . "&action=views&do=edit&vid={$admin_view['vid']}", 'description' => $lang->edit_view_desc); $page->output_nav_tabs($sub_tabs, 'edit_view'); // If we have any error messages, show them if ($errors) { $page->output_inline_error($errors); } else { $admin_view['conditions'] = my_unserialize($admin_view['conditions']); $admin_view['fields'] = my_unserialize($admin_view['fields']); $admin_view['profile_fields'] = my_unserialize($admin_view['custom_profile_fields']); $mybb->input = array_merge($mybb->input, $admin_view); $mybb->input['isdefault'] = 0; $default_view = fetch_default_view($type); if ($default_view == $admin_view['vid']) { $mybb->input['isdefault'] = 1; } } $form_container = new FormContainer($lang->edit_view); $form_container->output_row($lang->view . " <em>*</em>", "", $form->generate_text_box('title', $mybb->input['title'], array('id' => 'title')), 'title'); if ($mybb->input['visibility'] == 2) { $visibility_public_checked = true; } else { $visibility_private_checked = true; } $visibility_options = array($form->generate_radio_button("visibility", "1", "<strong>{$lang->private}</strong> - {$lang->private_desc}", array("checked" => $visibility_private_checked)), $form->generate_radio_button("visibility", "2", "<strong>{$lang->public}</strong> - {$lang->public_desc}", array("checked" => $visibility_public_checked))); $form_container->output_row($lang->visibility, "", implode("<br />", $visibility_options)); $form_container->output_row($lang->set_as_default_view, "", $form->generate_yes_no_radio("isdefault", $mybb->input['isdefault'], array('yes' => 1, 'no' => 0))); if (count($sort_options) > 0) { $sort_directions = array("asc" => $lang->ascending, "desc" => $lang->descending); $form_container->output_row($lang->sort_results_by, "", $form->generate_select_box('sortby', $sort_options, $mybb->input['sortby'], array('id' => 'sortby')) . " {$lang->in} " . $form->generate_select_box('sortorder', $sort_directions, $mybb->input['sortorder'], array('id' => 'sortorder')), 'sortby'); } $form_container->output_row($lang->results_per_page, "", $form->generate_numeric_field('perpage', $mybb->input['perpage'], array('id' => 'perpage', 'min' => 1)), 'perpage'); if ($type == "user") { $form_container->output_row($lang->display_results_as, "", $form->generate_radio_button('view_type', 'table', $lang->table, array('checked' => $mybb->input['view_type'] != "card" ? true : false)) . "<br />" . $form->generate_radio_button('view_type', 'card', $lang->business_card, array('checked' => $mybb->input['view_type'] == "card" ? true : false))); } $form_container->end(); $field_select .= "<div class=\"view_fields\">\n"; $field_select .= "<div class=\"enabled\"><div class=\"fields_title\">{$lang->enabled}</div><ul id=\"fields_enabled\">\n"; if (is_array($mybb->input['fields'])) { foreach ($mybb->input['fields'] as $field) { if ($fields[$field]) { $field_select .= "<li id=\"field-{$field}\">• {$fields[$field]['title']}</li>"; $active[$field] = 1; } } } $field_select .= "</ul></div>\n"; $field_select .= "<div class=\"disabled\"><div class=\"fields_title\">{$lang->disabled}</div><ul id=\"fields_disabled\">\n"; if (is_array($fields)) { foreach ($fields as $key => $field) { if ($active[$key]) { continue; } $field_select .= "<li id=\"field-{$key}\">• {$field['title']}</li>"; } } $field_select .= "</div></ul>\n"; $field_select .= $form->generate_hidden_field("fields_js", @implode(",", @array_keys($active)), array('id' => 'fields_js')); $field_select = str_replace("'", "\\'", $field_select); $field_select = str_replace("\n", "", $field_select); $field_select = "<script type=\"text/javascript\">\n//<![CDATA[\ndocument.write('" . str_replace("/", "\\/", $field_select) . "');\n//]]></script>\n"; foreach ($fields as $key => $field) { $field_options[$key] = $field['title']; } $field_select .= "<noscript>" . $form->generate_select_box('fields[]', $field_options, $mybb->input['fields'], array('id' => 'fields', 'multiple' => true)) . "</noscript>\n"; $form_container = new FormContainer($lang->fields_to_show); $form_container->output_row($lang->fields_to_show_desc, $description, $field_select); $form_container->end(); // Build the search conditions if (function_exists($conditions_callback)) { $conditions_callback($mybb->input, $form); } $buttons[] = $form->generate_submit_button($lang->save_view); $form->output_submit_wrapper($buttons); $form->end(); $page->output_footer(); } else { if ($mybb->input['do'] == "delete") { if ($mybb->input['no']) { admin_redirect($base_url . "&action=views"); } $query = $db->simple_select("adminviews", "COUNT(vid) as views"); $views = $db->fetch_field($query, "views"); if ($views == 0) { flash_message($lang->error_cannot_delete_view, 'error'); admin_redirect($base_url . "&action=views"); } $vid = $mybb->get_input('vid', MyBB::INPUT_INT); $query = $db->simple_select("adminviews", "vid, uid, visibility", "vid = '{$vid}'"); $admin_view = $db->fetch_array($query); if ($vid == 1 || !$admin_view['vid'] || $admin_view['visibility'] == 1 && $mybb->user['uid'] != $admin_view['uid']) { flash_message($lang->error_invalid_view_delete, 'error'); admin_redirect($base_url . "&action=views"); } if ($mybb->request_method == "post") { $db->delete_query("adminviews", "vid='{$admin_view['vid']}'"); flash_message($lang->success_view_deleted, 'success'); admin_redirect($base_url . "&action=views"); } else { $page->output_confirm_action($base_url . "&action=views&do=delete&vid={$admin_view['vid']}", $lang->confirm_view_deletion); } } else { if ($mybb->input['do'] == "export") { $xml = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?" . ">\n"; $xml = "<adminviews version=\"" . $mybb->version_code . "\" exported=\"" . TIME_NOW . "\">\n"; if ($mybb->input['type']) { $type_where = "type='" . $db->escape_string($mybb->input['type']) . "'"; } $query = $db->simple_select("adminviews", "*", $type_where); while ($admin_view = $db->fetch_array($query)) { $fields = my_unserialize($admin_view['fields']); $conditions = my_unserialize($admin_view['conditions']); $admin_view['title'] = str_replace(']]>', ']]]]><![CDATA[>', $admin_view['title']); $admin_view['sortby'] = str_replace(']]>', ']]]]><![CDATA[>', $admin_view['sortby']); $admin_view['sortorder'] = str_replace(']]>', ']]]]><![CDATA[>', $admin_view['sortorder']); $admin_view['view_type'] = str_replace(']]>', ']]]]><![CDATA[>', $admin_view['view_type']); $xml .= "\t<view vid=\"{$admin_view['vid']}\" uid=\"{$admin_view['uid']}\" type=\"{$admin_view['type']}\" visibility=\"{$admin_view['visibility']}\">\n"; $xml .= "\t\t<title><![CDATA[{$admin_view['title']}]]></title>\n"; $xml .= "\t\t<fields>\n"; foreach ($fields as $field) { $xml .= "\t\t\t<field name=\"{$field}\" />\n"; } $xml .= "\t\t</fields>\n"; $xml .= "\t\t<conditions>\n"; foreach ($conditions as $name => $condition) { if (!$conditions) { continue; } if (is_array($condition)) { $condition = my_serialize($condition); $is_serialized = " is_serialized=\"1\""; } $condition = str_replace(']]>', ']]]]><![CDATA[>', $condition); $xml .= "\t\t\t<condition name=\"{$name}\"{$is_serialized}><![CDATA[{$condition}]]></condition>\n"; } $xml .= "\t\t</conditions>\n"; $xml .= "\t\t<sortby><![CDATA[{$admin_view['sortby']}]]></sortby>\n"; $xml .= "\t\t<sortorder><![CDATA[{$admin_view['sortorder']}]]></sortorder>\n"; $xml .= "\t\t<perpage><![CDATA[{$admin_view['perpage']}]]></perpage>\n"; $xml .= "\t\t<view_type><![CDATA[{$admin_view['view_type']}]]></view_type>\n"; $xml .= "\t</view>\n"; } $xml .= "</adminviews>\n"; $mybb->settings['bbname'] = urlencode($mybb->settings['bbname']); header("Content-disposition: filename=" . $mybb->settings['bbname'] . "-views.xml"); header("Content-Length: " . my_strlen($xml)); header("Content-type: unknown/unknown"); header("Pragma: no-cache"); header("Expires: 0"); echo $xml; exit; } else { $page->output_header($lang->view_manager); $page->output_nav_tabs($sub_tabs, 'views'); $table = new Table(); $table->construct_header($lang->view); $table->construct_header($lang->controls, array("class" => "align_center", "width" => 150)); $default_view = fetch_default_view($type); $query = $db->simple_select("adminviews", "COUNT(vid) as views"); $views = $db->fetch_field($query, "views"); $query = $db->query("\n\t\t\tSELECT v.*, u.username\n\t\t\tFROM " . TABLE_PREFIX . "adminviews v\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=v.uid)\n\t\t\tWHERE v.visibility='2' OR (v.visibility='1' AND v.uid='{$mybb->user['uid']}')\n\t\t\tORDER BY title\n\t\t"); while ($view = $db->fetch_array($query)) { $created = ""; if ($view['uid'] == 0) { $view_type = "default"; $default_class = "grey"; } else { if ($view['visibility'] == 2) { $view_type = "group"; if ($view['username']) { $created = "<br /><small>{$lang->created_by} {$view['username']}</small>"; } } else { $view_type = "user"; } } $default_add = ''; if ($default_view == $view['vid']) { $default_add = " ({$lang->default})"; } $title_string = "view_title_{$view['vid']}"; if ($lang->{$title_string}) { $view['title'] = $lang->{$title_string}; } $table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$view_type}.png\" title=\"" . $lang->sprintf($lang->this_is_a_view, $view_type) . "\" alt=\"{$view_type}\" /></div><div class=\"{$default_class}\"><strong><a href=\"{$base_url}&action=views&do=edit&vid={$view['vid']}\" >{$view['title']}</a></strong>{$default_add}{$created}</div>"); $popup = new PopupMenu("view_{$view['vid']}", $lang->options); $popup->add_item($lang->edit_view, "{$base_url}&action=views&do=edit&vid={$view['vid']}"); if ($view['vid'] != $default_view) { $popup->add_item($lang->set_as_default, "{$base_url}&action=views&do=set_default&vid={$view['vid']}"); } if ($views > 1 && $view['vid'] != 1) { $popup->add_item($lang->delete_view, "{$base_url}&action=views&do=delete&vid={$view['vid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_view_deletion}')"); } $controls = $popup->fetch(); $table->construct_cell($controls, array("class" => "align_center")); $table->construct_row(); } $table->output($lang->view); echo <<<LEGEND <br /> <fieldset> <legend>{$lang->legend}</legend> <img src="styles/{$page->style}/images/icons/default.png" alt="{$lang->default}" style="vertical-align: middle;" /> {$lang->default_view_desc}<br /> <img src="styles/{$page->style}/images/icons/group.png" alt="{$lang->public}" style="vertical-align: middle;" /> {$lang->public_view_desc}<br /> <img src="styles/{$page->style}/images/icons/user.png" alt="{$lang->private}" style="vertical-align: middle;" /> {$lang->private_view_desc}</fieldset> LEGEND; $page->output_footer(); } } } } }
/** * Verifies a post message. * * @param string The message content. */ function verify_message() { global $mybb; $post =& $this->data; $post['message'] = trim_blank_chrs($post['message']); // Do we even have a message at all? if (my_strlen($post['message']) == 0) { $this->set_error("missing_message"); return false; } else { if (strlen($post['message']) > $mybb->settings['maxmessagelength'] && $mybb->settings['maxmessagelength'] > 0 && !is_moderator($post['fid'], "", $post['uid'])) { $this->set_error("message_too_long", array($mybb->settings['maxmessagelength'], strlen($post['message']))); return false; } else { if (!isset($post['fid'])) { $post['fid'] = 0; } if (!$mybb->settings['mycodemessagelength']) { // Check to see of the text is full of MyCode require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); $message = $parser->text_parse_message($post['message']); if (my_strlen($message) < $mybb->settings['minmessagelength'] && $mybb->settings['minmessagelength'] > 0 && !is_moderator($post['fid'], "", $post['uid'])) { $this->set_error("message_too_short", array($mybb->settings['minmessagelength'])); return false; } } else { if (my_strlen($post['message']) < $mybb->settings['minmessagelength'] && $mybb->settings['minmessagelength'] > 0 && !is_moderator($post['fid'], "", $post['uid'])) { $this->set_error("message_too_short", array($mybb->settings['minmessagelength'])); return false; } } } } return true; }
/** * Initialize a session */ function init() { global $db, $mybb, $cache; // Get our visitor's IP. $this->ipaddress = get_ip(); // Find out the user agent. $this->useragent = $_SERVER['HTTP_USER_AGENT']; if (my_strlen($this->useragent) > 100) { $this->useragent = my_substr($this->useragent, 0, 100); } // Attempt to find a session id in the cookies. if (isset($mybb->cookies['sid'])) { $this->sid = $db->escape_string($mybb->cookies['sid']); // Load the session $query = $db->simple_select("sessions", "*", "sid='{$this->sid}' AND ip='" . $db->escape_string($this->ipaddress) . "'", array('limit' => 1)); $session = $db->fetch_array($query); if ($session['sid']) { $this->sid = $session['sid']; $this->uid = $session['uid']; } else { $this->sid = 0; $this->uid = 0; $this->logins = 1; $this->failedlogin = 0; } } // Still no session, fall back if (!$this->sid) { $this->sid = 0; $this->uid = 0; $this->logins = 1; $this->failedlogin = 0; } // If we have a valid session id and user id, load that users session. if ($mybb->cookies['mybbuser']) { $logon = explode("_", $mybb->cookies['mybbuser'], 2); $this->load_user($logon[0], $logon[1]); } // If no user still, then we have a guest. if (!isset($mybb->user['uid'])) { // Detect if this guest is a search engine spider. (bots don't get a cookied session ID so we first see if that's set) if (!$this->sid) { $spiders = $cache->read("spiders"); if (is_array($spiders)) { foreach ($spiders as $spider) { if (my_strpos(my_strtolower($this->useragent), my_strtolower($spider['useragent'])) !== false) { $this->load_spider($spider['sid']); } } } } // Still nothing? JUST A GUEST! if (!$this->is_spider) { $this->load_guest(); } } // As a token of our appreciation for getting this far (and they aren't a spider), give the user a cookie if ($this->sid && $mybb->cookies['sid'] != $this->sid && $this->is_spider != true) { my_setcookie("sid", $this->sid, -1, true); } }
/** * Build a list of forum bits. * * @param int The parent forum to fetch the child forums for (0 assumes all) * @param int The depth to return forums with. * @return array Array of information regarding the child forums of this parent forum */ function build_forumbits($pid = 0, $depth = 1) { global $fcache, $moderatorcache, $forumpermissions, $theme, $mybb, $templates, $bgcolor, $collapsed, $lang, $showdepth, $plugins, $parser, $forum_viewers; $forum_listing = ''; // If no forums exist with this parent, do nothing if (!is_array($fcache[$pid])) { return; } // Foreach of the forums in this parent foreach ($fcache[$pid] as $parent) { foreach ($parent as $forum) { $forums = $subforums = $sub_forums = ''; $lastpost_data = ''; $counters = ''; $forum_viewers_text = ''; $forum_viewers_text_plain = ''; // Get the permissions for this forum $permissions = $forumpermissions[$forum['fid']]; // If this user doesnt have permission to view this forum and we're hiding private forums, skip this forum if ($permissions['canview'] != 1 && $mybb->settings['hideprivateforums'] == 1) { continue; } $plugins->run_hooks_by_ref("build_forumbits_forum", $forum); // Build the link to this forum $forum_url = get_forum_link($forum['fid']); // This forum has a password, and the user isn't authenticated with it - hide post information $hideinfo = false; $showlockicon = 0; if ($permissions['canviewthreads'] != 1) { $hideinfo = true; } if ($forum['password'] != '' && $mybb->cookies['forumpass'][$forum['fid']] != md5($mybb->user['uid'] . $forum['password'])) { $hideinfo = true; $showlockicon = 1; } $lastpost_data = array("lastpost" => $forum['lastpost'], "lastpostsubject" => $forum['lastpostsubject'], "lastposter" => $forum['lastposter'], "lastposttid" => $forum['lastposttid'], "lastposteruid" => $forum['lastposteruid']); // Fetch subforums of this forum if (isset($fcache[$forum['fid']])) { $forum_info = build_forumbits($forum['fid'], $depth + 1); // Increment forum counters with counters from child forums $forum['threads'] += $forum_info['counters']['threads']; $forum['posts'] += $forum_info['counters']['posts']; $forum['unapprovedthreads'] += $forum_info['counters']['unapprovedthreads']; $forum['unapprovedposts'] += $forum_info['counters']['unapprovedposts']; $forum['viewers'] += $forum_info['counters']['viewing']; // If the child forums' lastpost is greater than the one for this forum, set it as the child forums greatest. if ($forum_info['lastpost']['lastpost'] > $lastpost_data['lastpost']) { $lastpost_data = $forum_info['lastpost']; } $sub_forums = $forum_info['forum_list']; } // If we are hiding information (lastpost) because we aren't authenticated against the password for this forum, remove them if ($hideinfo == true) { unset($lastpost_data); } // If the current forums lastpost is greater than other child forums of the current parent, overwrite it if ($lastpost_data['lastpost'] > $parent_lastpost['lastpost']) { $parent_lastpost = $lastpost_data; } if (is_array($forum_viewers) && $forum_viewers[$forum['fid']] > 0) { $forum['viewers'] = $forum_viewers[$forum['fid']]; } // Increment the counters for the parent forum (returned later) if ($hideinfo != true) { $parent_counters['threads'] += $forum['threads']; $parent_counters['posts'] += $forum['posts']; $parent_counters['unapprovedposts'] += $forum['unapprovedposts']; $parent_counters['unapprovedthreads'] += $forum['unapprovedthreads']; $parent_counters['viewers'] += $forum['viewers']; } // Done with our math, lets talk about displaying - only display forums which are under a certain depth if ($depth > $showdepth) { continue; } // Get the lightbulb status indicator for this forum based on the lastpost $lightbulb = get_forum_lightbulb($forum, $lastpost_data, $showlockicon); // Fetch the number of unapproved threads and posts for this forum $unapproved = get_forum_unapproved($forum); if ($hideinfo == true) { unset($unapproved); } // Sanitize name and description of forum. $forum['name'] = preg_replace("#&(?!\\#[0-9]+;)#si", "&", $forum['name']); // Fix & but allow unicode $forum['description'] = preg_replace("#&(?!\\#[0-9]+;)#si", "&", $forum['description']); // Fix & but allow unicode $forum['name'] = preg_replace("#&([^\\#])(?![a-z1-4]{1,10};)#i", "&\$1", $forum['name']); $forum['description'] = preg_replace("#&([^\\#])(?![a-z1-4]{1,10};)#i", "&\$1", $forum['description']); // If this is a forum and we've got subforums of it, load the subforums list template if ($depth == 2 && $sub_forums) { eval("\$subforums = \"" . $templates->get("forumbit_subforums") . "\";"); } else { if ($depth == 3) { if ($donecount < $mybb->settings['subforumsindex']) { $statusicon = ''; // Showing mini status icons for this forum if ($mybb->settings['subforumsstatusicons'] == 1) { $lightbulb['folder'] = "mini" . $lightbulb['folder']; eval("\$statusicon = \"" . $templates->get("forumbit_depth3_statusicon", 1, 0) . "\";"); } // Fetch the template and append it to the list eval("\$forum_list .= \"" . $templates->get("forumbit_depth3", 1, 0) . "\";"); $comma = ', '; } // Have we reached our max visible subforums? put a nice message and break out of the loop ++$donecount; if ($donecount == $mybb->settings['subforumsindex']) { if (subforums_count($fcache[$pid]) > $donecount) { $forum_list .= $comma . $lang->sprintf($lang->more_subforums, subforums_count($fcache[$pid]) - $donecount); } } continue; } } // Forum is a category, set template type if ($forum['type'] == 'c') { $forumcat = '_cat'; } else { $forumcat = '_forum'; } if ($forum['linkto'] == '') { // No posts have been made in this forum - show never text if (($lastpost_data['lastpost'] == 0 || $lastpost_data['lastposter'] == '') && $hideinfo != true) { $lastpost = "<div style=\"text-align: center;\">{$lang->lastpost_never}</div>"; } elseif ($hideinfo != true) { // Format lastpost date and time $lastpost_date = my_date($mybb->settings['dateformat'], $lastpost_data['lastpost']); $lastpost_time = my_date($mybb->settings['timeformat'], $lastpost_data['lastpost']); // Set up the last poster, last post thread id, last post subject and format appropriately $lastpost_profilelink = build_profile_link($lastpost_data['lastposter'], $lastpost_data['lastposteruid']); $lastpost_link = get_thread_link($lastpost_data['lastposttid'], 0, "lastpost"); $lastpost_subject = $full_lastpost_subject = $parser->parse_badwords($lastpost_data['lastpostsubject']); if (my_strlen($lastpost_subject) > 25) { $lastpost_subject = my_substr($lastpost_subject, 0, 25) . "..."; } $lastpost_subject = htmlspecialchars_uni($lastpost_subject); $full_lastpost_subject = htmlspecialchars_uni($full_lastpost_subject); // Call lastpost template if ($depth != 1) { eval("\$lastpost = \"" . $templates->get("forumbit_depth{$depth}_forum_lastpost") . "\";"); } } if ($mybb->settings['showforumviewing'] != 0 && $forum['viewers'] > 0) { if ($forum['viewers'] == 1) { $forum_viewers_text = $lang->viewing_one; } else { $forum_viewers_text = $lang->sprintf($lang->viewing_multiple, $forum['viewers']); } $forum_viewers_text_plain = $forum_viewers_text; $forum_viewers_text = "<span class=\"smalltext\">{$forum_viewers_text}</span>"; } } // If this forum is a link or is password protected and the user isn't authenticated, set lastpost and counters to "-" if ($forum['linkto'] != '' || $hideinfo == true) { $lastpost = "<div style=\"text-align: center;\">-</div>"; $posts = "-"; $threads = "-"; } else { $posts = my_number_format($forum['posts']); $threads = my_number_format($forum['threads']); } // Moderator column is not off if ($mybb->settings['modlist'] != 0) { $done_moderators = array(); $moderators = ''; // Fetch list of moderators from this forum and its parents $parentlistexploded = explode(',', $forum['parentlist']); foreach ($parentlistexploded as $mfid) { // This forum has moderators if (is_array($moderatorcache[$mfid])) { // Fetch each moderator from the cache and format it, appending it to the list foreach ($moderatorcache[$mfid] as $moderator) { if (in_array($moderator['uid'], $done_moderators)) { continue; } $moderators .= "{$comma}<a href=\"" . get_profile_link($moderator['uid']) . "\">" . htmlspecialchars_uni($moderator['username']) . "</a>"; $comma = ', '; $done_moderators[] = $moderator['uid']; } } } $comma = ''; // If we have a moderators list, load the template if ($moderators) { eval("\$modlist = \"" . $templates->get("forumbit_moderators") . "\";"); } else { $modlist = ''; } } // Descriptions aren't being shown - blank them if ($mybb->settings['showdescriptions'] == 0) { $forum['description'] = ''; } // Check if this category is either expanded or collapsed and hide it as necessary. $expdisplay = ''; $collapsed_name = "cat_{$forum['fid']}_c"; if (isset($collapsed[$collapsed_name]) && $collapsed[$collapsed_name] == "display: show;") { $expcolimage = "collapse_collapsed.gif"; $expdisplay = "display: none;"; $expaltext = "[+]"; } else { $expcolimage = "collapse.gif"; $expaltext = "[-]"; } // Swap over the alternate backgrounds $bgcolor = alt_trow(); // Add the forum to the list eval("\$forum_list .= \"" . $templates->get("forumbit_depth{$depth}{$forumcat}") . "\";"); } } // Return an array of information to the parent forum including child forums list, counters and lastpost information return array("forum_list" => $forum_list, "counters" => $parent_counters, "lastpost" => $parent_lastpost); }
$thread['threadprefix'] = ''; $thread['displayprefix'] = ''; if ($thread['prefix'] != 0) { $threadprefix = build_prefixes($thread['prefix']); if ($threadprefix['prefix']) { $thread['threadprefix'] = $threadprefix['prefix'] . ' '; $thread['displayprefix'] = $threadprefix['displaystyle'] . ' '; } } if (substr($thread['closed'], 0, 6) == "moved|") { $thread['tid'] = 0; } $reply_subject = $parser->parse_badwords($thread['subject']); $thread['subject'] = htmlspecialchars_uni($reply_subject); // Subject too long? Shorten it to avoid error message if (my_strlen($reply_subject) > 85) { $reply_subject = my_substr($reply_subject, 0, 82) . '...'; } $reply_subject = htmlspecialchars_uni($reply_subject); $tid = $thread['tid']; $fid = $thread['fid']; if (!$thread['username']) { $thread['username'] = $lang->guest; } $visibleonly = "AND visible='1'"; $visibleonly2 = "AND p.visible='1' AND t.visible='1'"; // Is the currently logged in user a moderator of this forum? if (is_moderator($fid)) { $visibleonly = " AND (visible='1' OR visible='0')"; $visibleonly2 = "AND (p.visible='1' OR p.visible='0') AND (t.visible='1' OR t.visible='0')"; $ismod = true;
function process_short_content($post_text, $parser = null, $length = 200) { global $parser, $mybb; require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php'; $post_text = tapatalkEmoji::covertNameToEmpty($post_text); if ($parser === null) { require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); } $array_reg = array(array('reg' => '/\\[color=(.*?)\\](.*?)\\[\\/color\\]/sei', 'replace' => "mobi_color_convert('\$1','\$2' ,false)"), array('reg' => '/\\[php\\](.*?)\\[\\/php\\]/si', 'replace' => '[php]'), array('reg' => '/\\[align=(.*?)\\](.*?)\\[\\/align\\]/si', replace => " \$2 "), array('reg' => '/\\[email\\](.*?)\\[\\/email\\]/si', replace => "[url]"), array('reg' => '/\\[quote(.*?)\\](.*?)\\[\\/quote\\]/si', 'replace' => '[quote]'), array('reg' => '/\\[code\\](.*?)\\[\\/code\\]/si', 'replace' => ''), array('reg' => '/\\[url=(.*?)\\](.*?)\\[\\/url\\]/sei', 'replace' => "mobi_url_convert('\$1','\$2')"), array('reg' => '/\\[img(.*?)\\](.*?)\\[\\/img\\]/si', 'replace' => '[img]'), array('reg' => '/\\[video=(.*?)\\](.*?)\\[\\/video\\]/si', 'replace' => '[V]'), array('reg' => '/\\[attachment=(.*?)\\]/si', 'replace' => '[attach]')); foreach ($array_reg as $arr) { $post_text = preg_replace($arr['reg'], $arr['replace'], $post_text); } //$post_text = tt_covert_list($post_text, '/\[list=1\](.*?)\[\/list\]/si', '2'); //$post_text = tt_covert_list($post_text, '/\[list\](.*?)\[\/list\]/si', '1'); $parser_options = array('allow_html' => 0, 'allow_mycode' => 1, 'allow_smilies' => 0, 'allow_imgcode' => 0, 'filter_badwords' => 1); $post_text = strip_tags($parser->parse_message($post_text, $parser_options)); $post_text = preg_replace('/\\s+/', ' ', $post_text); $post_text = html_entity_decode($post_text); if (my_strlen($post_text) > $length) { $post_text = my_substr(trim($post_text), 0, $length); } return $post_text; }
$default_page->show_login($lang->error_invalid_secret_pin, "error"); } } $loginhandler->set_data(array('username' => $mybb->input['username'], 'password' => $mybb->input['password'])); if ($loginhandler->validate_login() == true) { $mybb->user = get_user($loginhandler->login_data['uid']); } if ($mybb->user['uid']) { if (login_attempt_check_acp($mybb->user['uid']) == true) { log_admin_action(array('type' => 'admin_locked_out', 'uid' => (int) $mybb->user['uid'], 'username' => $mybb->user['username'])); $default_page->show_lockedout(); } $db->delete_query("adminsessions", "uid='{$mybb->user['uid']}'"); $sid = md5(uniqid(microtime(true), true)); $useragent = $_SERVER['HTTP_USER_AGENT']; if (my_strlen($useragent) > 200) { $useragent = my_substr($useragent, 0, 200); } // Create a new admin session for this user $admin_session = array("sid" => $sid, "uid" => $mybb->user['uid'], "loginkey" => $mybb->user['loginkey'], "ip" => $db->escape_binary(my_inet_pton(get_ip())), "dateline" => TIME_NOW, "lastactive" => TIME_NOW, "data" => my_serialize(array()), "useragent" => $db->escape_string($useragent)); $db->insert_query("adminsessions", $admin_session); $admin_session['data'] = array(); // Only reset the loginattempts when we're really logged in and the user doesn't need to enter a 2fa code $query = $db->simple_select("adminoptions", "authsecret", "uid='{$mybb->user['uid']}'"); $admin_options = $db->fetch_array($query); if (empty($admin_options['authsecret'])) { $db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'"); } my_setcookie("adminsid", $sid, '', true); my_setcookie('acploginattempts', 0); $post_verify = false;
function ougc_showinportal_cutoff(&$message, $fid, $tid) { global $settings; if (!$message || !$settings['ougc_showinportal_tag']) { return; } if (!preg_match('#' . ($tag = preg_quote($settings['ougc_showinportal_tag'])) . '#', $message)) { return; } $msg = preg_split('#' . $tag . '#', $message); if (!(isset($msg[0]) && my_strlen($msg[0]) >= (int) $settings['minmessagelength'])) { return; } global $lang, $forum_cache, $showinportal; $showinportal->lang_load(); $forum_cache or cache_forums(); // Find out what langguage variable to use $lang_var = 'ougc_showinportal_readmore'; if ((bool) $forum_cache[$fid]['allowmycode']) { $lang_var .= '_mycode'; } elseif ((bool) $forum_cache[$fid]['allowhtml']) { $lang_var .= '_html'; } $message = $msg[0] . $lang->sprintf($lang->{$lang_var}, $settings['bburl'], get_thread_link($tid)); }
$mybb->input['action'] = $mybb->get_input('action'); $plugins->run_hooks("xmlhttp"); // If the board is closed, the user is not an administrator and they're not trying to login, show the board closed message if ($mybb->settings['boardclosed'] == 1 && $mybb->usergroup['canviewboardclosed'] != 1 && !in_array($mybb->input['action'], $closed_bypass)) { // Show error if (!$mybb->settings['boardclosed_reason']) { $mybb->settings['boardclosed_reason'] = $lang->boardclosed_reason; } $lang->error_boardclosed .= "<br /><em>{$mybb->settings['boardclosed_reason']}</em>"; xmlhttp_error($lang->error_boardclosed); } // Fetch a list of usernames beginning with a certain string (used for auto completion) if ($mybb->input['action'] == "get_users") { $mybb->input['query'] = ltrim($mybb->get_input('query')); // If the string is less than 3 characters, quit. if (my_strlen($mybb->input['query']) < 3) { exit; } if ($mybb->get_input('getone', MyBB::INPUT_INT) == 1) { $limit = 1; } else { $limit = 15; } // Send our headers. header("Content-type: application/json; charset={$charset}"); // Query for any matching users. $query_options = array("order_by" => "username", "order_dir" => "asc", "limit_start" => 0, "limit" => $limit); $plugins->run_hooks("xmlhttp_get_users_start"); $query = $db->simple_select("users", "uid, username", "username LIKE '" . $db->escape_string_like($mybb->input['query']) . "%'", $query_options); if ($limit == 1) { $user = $db->fetch_array($query);
if (!isset($mybb->input['attachments']) || !is_array($mybb->input['attachments'])) { error($lang->no_attachments_selected); } $aids = implode(',', array_map('intval', $mybb->input['attachments'])); $query = $db->simple_select("attachments", "*", "aid IN ({$aids}) AND uid='" . $mybb->user['uid'] . "'"); while ($attachment = $db->fetch_array($query)) { remove_attachment($attachment['pid'], '', $attachment['aid']); } $plugins->run_hooks("usercp_do_attachments_end"); redirect("usercp.php?action=attachments", $lang->attachments_deleted); } if ($mybb->input['action'] == "do_notepad" && $mybb->request_method == "post") { // Verify incoming POST request verify_post_check($mybb->get_input('my_post_key')); // Cap at 60,000 chars; text will allow up to 65535? if (my_strlen($mybb->get_input('notepad')) > 60000) { $mybb->input['notepad'] = my_substr($mybb->get_input('notepad'), 0, 60000); } $plugins->run_hooks("usercp_do_notepad_start"); $db->update_query("users", array('notepad' => $db->escape_string($mybb->get_input('notepad'))), "uid='" . $mybb->user['uid'] . "'"); $plugins->run_hooks("usercp_do_notepad_end"); redirect("usercp.php", $lang->redirect_notepadupdated); } if (!$mybb->input['action']) { // Get posts per day $daysreg = (TIME_NOW - $mybb->user['regdate']) / (24 * 3600); if ($daysreg < 1) { $daysreg = 1; } $perday = $mybb->user['postnum'] / $daysreg; $perday = round($perday, 2);