function verify_upload_folder($attachpath) { global $vbphrase; if ($attachpath == '') { print_stop_message('please_complete_required_fields'); } if (!is_dir($attachpath . '/test')) { @umask(0); if (!@mkdir($attachpath . '/test', 0777)) { print_stop_message('test_file_write_failed', $attachpath); } } @chmod($attachpath . '/test', 0777); if ($fp = @fopen($attachpath . '/test/test.attach', 'wb')) { fclose($fp); if (!@unlink($attachpath . '/test/test.attach')) { print_stop_message('test_file_write_failed', $attachpath); } @rmdir($attachpath . '/test'); } else { print_stop_message('test_file_write_failed', $attachpath); } }
function verify_upload_folder($imagepath) { global $vbphrase; if ($imagepath == '') { print_stop_message('please_complete_required_fields'); } if ($fp = @fopen($imagepath . '/test.image', 'wb')) { fclose($fp); if (!@unlink($imagepath . '/test.image')) { print_stop_message('test_file_write_failed', $imagepath); } return true; } else { print_stop_message('test_file_write_failed', $imagepath); } }
construct_hidden_code('group', $vbulletin->GPC['group']); construct_hidden_code('searchstring', $vbulletin->GPC['searchstring']); construct_hidden_code('dostyleid', $vbulletin->GPC['dostyleid']); construct_hidden_code('product', $vbulletin->GPC['product']); construct_hidden_code('savehistory', intval($vbulletin->GPC['savehistory'])); construct_hidden_code('histcomment', $vbulletin->GPC['histcomment']); print_table_header($vbphrase['vbulletin_message']); print_description_row(construct_phrase($vbphrase['template_eval_error'], $errors)); print_submit_row($vbphrase['continue'], 0, 2, $vbphrase['go_back']); print_cp_footer(); exit; } } $old_template = $db->query_first("\n\t\tSELECT title, styleid, dateline, username, template_un\n\t\tFROM " . TABLE_PREFIX . "template\n\t\tWHERE templateid = " . $vbulletin->GPC['templateid'] . "\n\t"); if (strtolower($vbulletin->GPC['title']) != strtolower($old_template['title']) and $db->query_first("\n\t\tSELECT templateid\n\t\tFROM " . TABLE_PREFIX . "template\n\t\tWHERE styleid = {$old_template['styleid']} AND title = '" . $db->escape_string($vbulletin->GPC['title']) . "'\n\t")) { print_stop_message('template_x_exists', $vbulletin->GPC['title']); } if ($vbulletin->GPC['lastedit'] and $vbulletin->GPC['lastedit'] != $old_template['dateline']) { $comment = construct_phrase($vbphrase['template_edited_after_load'], $old_template['username']); echo "<p align=\"center\"><strong>{$comment}</strong></p>"; /* Save what was in the template into the history */ $db->query_write("\n\t\t\tINSERT INTO " . TABLE_PREFIX . "templatehistory\n\t\t\t\t(styleid, title, template, dateline, username, version, comment)\n\t\t\tVALUES\n\t\t\t\t({$old_template['styleid']},\n\t\t\t\t'" . $db->escape_string($vbulletin->GPC['title']) . "',\n\t\t\t\t'" . $db->escape_string($old_template['template_un']) . "',\n\t\t\t\t" . TIMENOW . ",\n\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t'" . $db->escape_string($full_product_info[$vbulletin->GPC['product']]['version']) . "',\n\t\t\t\t'" . $db->escape_string($comment) . "'\n\t\t)"); } $db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "template SET\n\t\t\ttitle = '" . $db->escape_string($vbulletin->GPC['title']) . "',\n\t\t\ttemplate = '" . $db->escape_string($vbulletin->GPC['template']) . "',\n\t\t\ttemplate_un = '" . $db->escape_string($template_un) . "',\n\t\t\tdateline = " . TIMENOW . ",\n\t\t\tusername = '******'username']) . "',\n\t\t\tversion = '" . $db->escape_string($full_product_info[$vbulletin->GPC['product']]['version']) . "',\n\t\t\tproduct = '" . $db->escape_string($vbulletin->GPC['product']) . "'\n\t\tWHERE templateid = " . $vbulletin->GPC['templateid'] . "\n\t"); if (strpos($vbulletin->GPC['title'], 'bbcode_') === 0) { // begins with bbcode_ - empty the post parsed cache $vbulletin->db->query_write("TRUNCATE TABLE " . TABLE_PREFIX . "postparsed"); } // update any customized templates to reflect a change of product id if ($old_template['styleid'] == -1 and $vbulletin->GPC['product'] != $old_template['product']) { $db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "template\n\t\t\tSET product = '" . $db->escape_string($vbulletin->GPC['product']) . "'\n\t\t\tWHERE title = '" . $db->escape_string($vbulletin->GPC['title']) . "'\n\t\t\t\tAND styleid <> -1\n\t\t");
function verify_reminder_title_length($title) { global $vbphrase; $length = strlen($title); if ($length > MAXTITLELENGTH) { $diff = $length - MAXTITLELENGTH; print_stop_message('reminder_title_too_long', MAXTITLELENGTH, $diff); } else { return $title; } }
// ######################## SET PHP ENVIRONMENT ########################### error_reporting(E_ALL & ~E_NOTICE); if (!is_object($vbulletin->db)) { exit; } // ######################################################################## // ######################### START MAIN SCRIPT ############################ // ######################################################################## require_once DIR . '/includes/class_sitemap.php'; $runner = new vB_SiteMapRunner_Cron($vbulletin); $runner->set_cron_item($nextitem); $status = $runner->check_environment(); if ($status['error']) { // if an error has happened, display/log it if necessary and die if (VB_AREA == 'AdminCP') { print_stop_message($status['error']); } else { if ($status['loggable']) { $rows = $vbulletin->db->query_first("\n\t\t\tSELECT COUNT(*) AS count\n\t\t\tFROM " . TABLE_PREFIX . "adminmessage\n\t\t\tWHERE varname = '" . $vbulletin->db->escape_string($status['error']) . "'\n\t\t\t\tAND status = 'undone'\n\t\t"); if ($rows['count'] == 0) { $vbulletin->db->query_write("\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "adminmessage\n\t\t\t\t\t(varname, dismissable, script, action, execurl, method, dateline, status)\n\t\t\t\tVALUES\n\t\t\t\t\t('" . $vbulletin->db->escape_string($status['error']) . "',\n\t\t\t\t\t1,\n\t\t\t\t\t'sitemap.php',\n\t\t\t\t\t'buildsitemap',\n\t\t\t\t\t'sitemap.php?do=buildsitemap',\n\t\t\t\t\t'get',\n\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t'undone')\n\t\t\t"); } } } exit; } $runner->generate(); if ($runner->is_finished) { $log_text = $runner->written_filename . ', vbulletin_sitemap_index.xml'; } else { $log_text = $runner->written_filename;
$queryoptions = array('-1' => '', $vbphrase['all_users'] => array('10' => $vbphrase['yes'] . ' - ' . $vbphrase['invisible_mode'], '80' => $vbphrase['no'] . ' - ' . $vbphrase['invisible_mode'], '20' => $vbphrase['yes'] . ' - ' . $vbphrase['allow_vcard_download'], '90' => $vbphrase['no'] . ' - ' . $vbphrase['allow_vcard_download'], '30' => $vbphrase['yes'] . ' - ' . $vbphrase['receive_admin_emails'], '100' => $vbphrase['no'] . ' - ' . $vbphrase['receive_admin_emails'], '40' => $vbphrase['yes'] . ' - ' . $vbphrase['display_email'], '110' => $vbphrase['no'] . ' - ' . $vbphrase['display_email'], '50' => $vbphrase['yes'] . ' - ' . $vbphrase['receive_private_messages'], '120' => $vbphrase['no'] . ' - ' . $vbphrase['receive_private_messages'], '60' => $vbphrase['yes'] . ' - ' . $vbphrase['send_notification_email_when_a_private_message_is_received'], '130' => $vbphrase['no'] . ' - ' . $vbphrase['send_notification_email_when_a_private_message_is_received'], '70' => $vbphrase['yes'] . ' - ' . $vbphrase['pop_up_notification_box_when_a_private_message_is_received'], '140' => $vbphrase['no'] . ' - ' . $vbphrase['pop_up_notification_box_when_a_private_message_is_received'], '150' => $vbphrase['on'] . ' - ' . $vbphrase['display_signatures'], '180' => $vbphrase['off'] . ' - ' . $vbphrase['display_signatures'], '160' => $vbphrase['on'] . ' - ' . $vbphrase['display_avatars'], '190' => $vbphrase['off'] . ' - ' . $vbphrase['display_avatars'], '170' => $vbphrase['on'] . ' - ' . $vbphrase['display_images'], '200' => $vbphrase['off'] . ' - ' . $vbphrase['display_images'], '175' => $vbphrase['on'] . ' - ' . $vbphrase['display_reputation'], '205' => $vbphrase['off'] . ' - ' . $vbphrase['display_reputation'], '176' => $vbphrase['on'] . ' - ' . $vbphrase['enahnced_attachment_uploading'], '206' => $vbphrase['off'] . ' - ' . $vbphrase['enahnced_attachment_uploading'], 'blank1' => '', '210' => $vbphrase['subscribe_choice_none'], '220' => $vbphrase['subscribe_choice_0'], '230' => $vbphrase['subscribe_choice_1'], '240' => $vbphrase['subscribe_choice_2'], '250' => $vbphrase['subscribe_choice_3'], 'blank2' => '', '270' => $vbphrase['thread_display_mode'] . ' - ' . $vbphrase['linear'], '280' => $vbphrase['thread_display_mode'] . ' - ' . $vbphrase['threaded'], '290' => $vbphrase['thread_display_mode'] . ' - ' . $vbphrase['hybrid'], 'blank3' => '', '260' => $vbphrase['posts'] . ' - ' . $vbphrase['oldest_first'], '265' => $vbphrase['posts'] . ' - ' . $vbphrase['newest_first'], 'blank4' => '', '300' => $vbphrase['do_not_show_editor_toolbar'], '310' => $vbphrase['show_standard_editor_toolbar'], '320' => $vbphrase['show_enhanced_editor_toolbar']), $vbphrase['all_forums'] => array('400' => $vbphrase['show_threads_from_last_day'], '405' => $vbphrase['show_threads_from_last_week'], '410' => $vbphrase['show_threads_from_last_month'], '415' => $vbphrase['show_threads_from_last_year'], '420' => $vbphrase['show_all_threads'])); ($hook = vBulletinHook::fetch_hook('admin_queries_auto_options')) ? eval($hook) : false; // ##################### START DO QUERY ##################### if ($_POST['do'] == 'doquery') { require_once DIR . '/includes/functions_misc.php'; $vbulletin->input->clean_array_gpc('p', array('autoquery' => TYPE_UINT, 'perpage' => TYPE_UINT, 'pagenumber' => TYPE_UINT, 'confirmquery' => TYPE_BOOL)); $query =& $vbulletin->GPC['query']; if ($vbulletin->GPC['pagenumber'] < 1) { $vbulletin->GPC['pagenumber'] = 1; } if (!$vbulletin->GPC['perpage']) { $vbulletin->GPC['perpage'] = 20; } if (!$vbulletin->GPC['confirmquery']) { if (!$vbulletin->GPC['autoquery'] and !$query) { print_stop_message('please_complete_required_fields'); } if ($vbulletin->GPC['autoquery']) { switch ($vbulletin->GPC['autoquery']) { case 10: $query = "UPDATE " . TABLE_PREFIX . "user SET options = options + " . $vbulletin->bf_misc_useroptions['invisible'] . " WHERE NOT (options & " . $vbulletin->bf_misc_useroptions['invisible'] . ")"; break; case 20: $query = "UPDATE " . TABLE_PREFIX . "user SET options = options + " . $vbulletin->bf_misc_useroptions['showvcard'] . " WHERE NOT (options & " . $vbulletin->bf_misc_useroptions['showvcard'] . ")"; break; case 30: $query = "UPDATE " . TABLE_PREFIX . "user SET options = options + " . $vbulletin->bf_misc_useroptions['adminemail'] . " WHERE NOT (options & " . $vbulletin->bf_misc_useroptions['adminemail'] . ")"; break; case 40: $query = "UPDATE " . TABLE_PREFIX . "user SET options = options + " . $vbulletin->bf_misc_useroptions['showemail'] . " WHERE NOT (options & " . $vbulletin->bf_misc_useroptions['showemail'] . ")"; break;
function xml_import_help_topics($xml = false) { global $vbulletin, $vbphrase; print_dots_start('<b>' . $vbphrase['importing_admin_help'] . "</b>, {$vbphrase['please_wait']}", ':', 'dspan'); require_once DIR . '/includes/class_xml.php'; $xmlobj = new vB_XML_Parser($xml, $GLOBALS['path']); if ($xmlobj->error_no == 1) { print_dots_stop(); print_stop_message('no_xml_and_no_path'); } else { if ($xmlobj->error_no == 2) { print_dots_stop(); print_stop_message('please_ensure_x_file_is_located_at_y', 'vbulletin-adminhelp.xml', $GLOBALS['path']); } } if (!($arr = $xmlobj->parse())) { print_dots_stop(); print_stop_message('xml_error_x_at_line_y', $xmlobj->error_string(), $xmlobj->error_line()); } if (!$arr['helpscript']) { print_dots_stop(); print_stop_message('invalid_file_specified'); } $product = empty($arr['product']) ? 'vbulletin' : $arr['product']; $has_phrases = !empty($arr['hasphrases']); $arr = $arr['helpscript']; if ($product == 'vbulletin') { $product_sql = "product IN ('vbulletin', '')"; } else { $product_sql = "product = '" . $vbulletin->db->escape_string($product) . "'"; } $vbulletin->db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "adminhelp\n\t\tWHERE {$product_sql}\n\t\t\t AND volatile = 1\n\t"); if ($has_phrases) { $vbulletin->db->query_write("\n\t\t\tDELETE FROM " . TABLE_PREFIX . "phrase\n\t\t\tWHERE {$product_sql}\n\t\t\t\tAND fieldname = 'cphelptext'\n\t\t\t\tAND languageid = -1\n\t\t"); } // Deal with single entry if (!is_array($arr[0])) { $arr = array($arr); } foreach ($arr as $helpscript) { $help_sql = array(); $phrase_sql = array(); $help_sql_len = 0; $phrase_sql_len = 0; // Deal with single entry if (!is_array($helpscript['helptopic'][0])) { $helpscript['helptopic'] = array($helpscript['helptopic']); } foreach ($helpscript['helptopic'] as $topic) { $help_sql[] = "\n\t\t\t\t('" . $vbulletin->db->escape_string($helpscript['name']) . "',\n\t\t\t\t'" . $vbulletin->db->escape_string($topic['act']) . "',\n\t\t\t\t'" . $vbulletin->db->escape_string($topic['opt']) . "',\n\t\t\t\t" . intval($topic['disp']) . ",\n\t\t\t\t1,\n\t\t\t\t'" . $vbulletin->db->escape_string($product) . "')\n\t\t\t"; $help_sql_len += strlen(end($help_sql)); if ($has_phrases) { $phrase_name = fetch_help_phrase_short_name(array('script' => $helpscript['name'], 'action' => $topic['act'], 'optionname' => $topic['opt'])); if (isset($topic['text']['value'])) { $phrase_sql[] = "\n\t\t\t\t\t\t(-1,\n\t\t\t\t\t\t'cphelptext',\n\t\t\t\t\t\t'{$phrase_name}_text',\n\t\t\t\t\t\t'" . $vbulletin->db->escape_string($topic['text']['value']) . "',\n\t\t\t\t\t\t'" . $vbulletin->db->escape_string($product) . "',\n\t\t\t\t\t\t'" . $vbulletin->db->escape_string($topic['text']['username']) . "',\n\t\t\t\t\t\t" . intval($topic['text']['date']) . ",\n\t\t\t\t\t\t'" . $vbulletin->db->escape_string($topic['text']['version']) . "')\n\t\t\t\t\t"; $phrase_sql_len += strlen(end($phrase_sql)); } if (isset($topic['title']['value'])) { $phrase_sql[] = "\n\t\t\t\t\t\t(-1,\n\t\t\t\t\t\t'cphelptext',\n\t\t\t\t\t\t'{$phrase_name}_title',\n\t\t\t\t\t\t'" . $vbulletin->db->escape_string($topic['title']['value']) . "',\n\t\t\t\t\t\t'" . $vbulletin->db->escape_string($product) . "',\n\t\t\t\t\t\t'" . $vbulletin->db->escape_string($topic['title']['username']) . "',\n\t\t\t\t\t\t" . intval($topic['title']['date']) . ",\n\t\t\t\t\t\t'" . $vbulletin->db->escape_string($topic['title']['version']) . "')\n\t\t\t\t\t"; $phrase_sql_len += strlen(end($phrase_sql)); } } if ($phrase_sql_len > 102400) { // insert max of 100k of phrases at a time /*insert query*/ $vbulletin->db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "phrase\n\t\t\t\t\t\t(languageid, fieldname, varname, text, product, username, dateline, version)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t" . implode(",\n", $phrase_sql)); $phrase_sql = array(); $phrase_sql_len = 0; } if ($help_sql_len > 102400) { // insert max of 100k of phrases at a time /*insert query*/ $vbulletin->db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "adminhelp\n\t\t\t\t\t\t(script, action, optionname, displayorder, volatile, product)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t" . implode(",\n\t", $help_sql)); $help_sql = array(); $help_sql_len = 0; } } if ($help_sql) { /*insert query*/ $vbulletin->db->query_write("\n\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "adminhelp\n\t\t\t\t\t(script, action, optionname, displayorder, volatile, product)\n\t\t\t\tVALUES\n\t\t\t\t\t" . implode(",\n\t", $help_sql)); } if ($phrase_sql) { /*insert query*/ $vbulletin->db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "phrase\n\t\t\t\t\t\t(languageid, fieldname, varname, text, product, username, dateline, version)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t" . implode(",\n", $phrase_sql)); } } // stop the 'dots' counter feedback print_dots_stop(); require_once DIR . '/includes/adminfunctions_language.php'; build_language(); }
/** * Generates the style for the style generator * * @param array contains all color data * @param int Number for the parent id * @param string Title for the genrated style * @param boolean Override version check * @param int Display order for the style * @param boolean True / False whether it will be user selectable * @param int Version * */ function generate_style($data, $parentid, $title, $anyversion=false, $displayorder, $userselect, $version) { global $vbulletin; // Need to check variable for values - Check to make sure we have a name etc $arr = explode('{', stripslashes($data)); // checked below $hex = array(0 => ''); // start at one $match = $match2 = array(); // initialize $type = 'lps'; // checked below foreach ($arr AS $key => $value) { if (preg_match("/\"hex\":\"([0-9A-F]{6})\"/", $value, $match) == 1) { $hex[] = '#' . $match[1]; } if (preg_match("/\"type\":\"([a-z0-9]{3})\"/", $value, $match2) == 1) { $type = $match2[1]; } } switch (count($hex)) { case '11': break; default: print_stop_message('incorrect_color_mapping'); } if ($type == 'lps') // Color : Primary and Secondary (except S3 and S4) { $sample_file = "style_generator_sample_light.xml"; $from = array('#FF0000', '#BF3030', '#A60000', '#FF4040', '#FF7373', '#009999', '#1D7373', '#5CCCCC'); $to = array($hex[1], $hex[2], $hex[3], $hex[4], $hex[5], $hex[6], $hex[7], $hex[10]); } else if ($type == 'lpt') // White : Similar to the current style { $sample_file = "style_generator_sample_white.xml"; $from = array('#A60000', '#BF3030', '#FF4040', '#FF7373'); $to = array($hex[3], $hex[2], $hex[1], $hex[1]); } else if ($type == 'gry') // Grey :: Primary 3 and Primary 4 only { $sample_file = "style_generator_sample_gray.xml"; $from = array('#A60000', '#FF4040'); $to = array($hex[1], $hex[4]); } else if ($type == 'drk') // Dark : Primary 3 and Primary 4 only { $sample_file = "style_generator_sample_dark.xml"; $from = array('#A60000', '#FF4040'); $to = array($hex[1], $hex[4]); } else // Dark : Default to Dark { $sample_file = "style_generator_sample_dark.xml"; $from = array('#A60000', '#FF4040'); $to = array($hex[1], $hex[4]); } $style = file(DIR . '/includes/xml/' . $sample_file); $decode = $match = array(); foreach($style AS $name => $value) // read in and decode the sample_*.xml file { if (preg_match("/name=\"(.*)\" value=\"(.*)\"/", $value, $match) == 1) { $decode[$match[1]] = base64_decode($match[2]); } } $match = array(); $output = ''; foreach ($decode AS $name => $value) // replace the RRGGBB in the sample_*.xml file with chosen colors and re-encode { if (preg_match("/\"(#[a-zA-Z0-9]{6})\"/", $value, $match) == 1) { $upper = '"' . strtoupper($match[1]) . '"'; $value = base64_encode(str_replace($from, $to, preg_replace("/\"(#[a-zA-Z0-9]{6})\"/", $upper, $value))); $output .= ' <stylevar name="' . $name . '" value="' . $value . '" /> '; } } if($title===''){$title = 'Style ' . time();} $output = '<?xml version="1.0" encoding="ISO-8859-1"?> <style name="' . $title . '" vbversion="' . $version . '" product="vbulletin" type="custom"> <stylevardfns> </stylevardfns> <stylevars> ' . $output . ' </stylevars> </style> '; xml_import_style($output, -1, $parentid, $title, $anyversion, $displayorder, $userselect ); print_cp_redirect("template.php?" . $vbulletin->session->vars['sessionurl'] . "do=rebuild&goto=template.php?" . $vbulletin->session->vars['sessionurl']); }
} // ************************************************************************************************* if ($_POST['do'] == 'killreputation') { $vbulletin->input->clean_array_gpc('p', array('reputationid' => TYPE_INT)); $repinfo = verify_id('reputation', $vbulletin->GPC['reputationid'], 0, 1); $user = fetch_userinfo($repinfo['userid']); if ($user) { $userdm =& datamanager_init('User', $vbulletin, ERRTYPE_CP); $userdm->set_existing($user); $userdm->set('reputation', $user['reputation'] - $repinfo['reputation']); $userdm->save(); unset($userdm); } $db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "reputation\n\t\tWHERE reputationid = " . $vbulletin->GPC['reputationid']); define('CP_REDIRECT', "adminreputation.php?do=list&u={$repinfo['userid']}"); print_stop_message('deleted_reputation_successfully'); } // ************************************************************************************************* if ($_REQUEST['do'] == 'deletereputation') { $vbulletin->input->clean_array_gpc('r', array('reputationid' => TYPE_INT)); print_delete_confirmation('reputation', $vbulletin->GPC['reputationid'], 'adminreputation', 'killreputation'); } if ($_REQUEST['do'] == 'modify') { $reputationlevels = $db->query_read("\n\t\tSELECT *\n\t\tFROM " . TABLE_PREFIX . "reputationlevel\n\t\tORDER BY minimumreputation\n\t"); print_form_header('adminreputation', 'updateminimums'); print_table_header($vbphrase['user_reputation_manager'], 3); print_cells_row(array($vbphrase['reputation_level'], $vbphrase['minimum_reputation_level'], $vbphrase['controls']), 1); while ($reputationlevel = $db->fetch_array($reputationlevels)) { $reputationlevel['level'] = htmlspecialchars_uni($vbphrase['reputation' . $reputationlevel['reputationlevelid']]); $cell = array(); $cell[] = "{$vbphrase['user']} <b>{$reputationlevel['level']}</b>";
print_stop_message('invalid_locale', $langupdate['locale']); } if ($langupdate['dateoverride'] == '' or $langupdate['timeoverride'] == '' or $langupdate['registereddateoverride'] == '' or $langupdate['calformat1override'] == '' or $langupdate['calformat2override'] == '' or $langupdate['logdateoverride'] == '') { print_stop_message('locale_define_fill_in_all_overrides'); } } $query = fetch_query_sql($langupdate, 'language', "WHERE languageid = " . $vbulletin->GPC['dolanguageid']); $db->query_write($query); if ($vbulletin->GPC['isdefault'] and $vbulletin->GPC['dolanguageid'] != $vbulletin->options['languageid']) { $do = 'setdefault'; } else { $do = 'modify'; } build_language_datastore(); define('CP_REDIRECT', 'language.php?dolanguageid=' . $vbulletin->GPC['dolanguageid'] . '&do=' . $do); print_stop_message('saved_language_x_successfully', $newlang['title']); } // ########################################################################## if ($_REQUEST['do'] == 'edit_settings') { $language = fetch_languages_array($vbulletin->GPC['dolanguageid']); $getoptions = convert_bits_to_array($language['options'], $vbulletin->bf_misc_languageoptions); $language = array_merge($language, $getoptions); print_form_header('language', 'update_settings'); construct_hidden_code('dolanguageid', $vbulletin->GPC['dolanguageid']); print_table_header(construct_phrase($vbphrase['x_y_id_z'], $vbphrase['language'], $language['title'], $language['languageid'])); print_description_row($vbphrase['general_settings'], 0, 2, 'thead'); print_input_row($vbphrase['title'], 'title', $language['title'], 0); print_yes_no_row($vbphrase['allow_user_selection'], 'userselect', $language['userselect']); print_yes_no_row($vbphrase['is_default_language'], 'isdefault', iif($vbulletin->GPC['dolanguageid'] == $vbulletin->options['languageid'], 1, 0)); print_yes_no_row($vbphrase['enable_directional_markup_fix'], 'options[dirmark]', $language['dirmark']); print_label_row($vbphrase['text_direction'], '<label for="rb_l2r"><input type="radio" name="options[direction]" id="rb_l2r" value="1" tabindex="1"' . iif($language['direction'], ' checked="checked"') . " />{$vbphrase['left_to_right']}</label><br />" . '
} print_forum_chooser($vbphrase['use_prefix_set_in_these_forums'], 'forumids[]', $enabled_forums, $vbphrase['none'], false, true); print_submit_row(); } // ######################################################################## if ($_POST['do'] == 'displayorder') { $vbulletin->input->clean_array_gpc('p', array('prefixset_order' => TYPE_ARRAY_UINT, 'prefix_order' => TYPE_ARRAY_UINT)); foreach ($vbulletin->GPC['prefixset_order'] as $prefixsetid => $displayorder) { $db->query_write("\r\n\t\t\tUPDATE " . TABLE_PREFIX . "prefixset SET\r\n\t\t\t\tdisplayorder = " . intval($displayorder) . "\r\n\t\t\tWHERE prefixsetid = '" . $db->escape_string($prefixsetid) . "'\r\n\t\t"); } foreach ($vbulletin->GPC['prefix_order'] as $prefixid => $displayorder) { $db->query_write("\r\n\t\t\tUPDATE " . TABLE_PREFIX . "prefix SET\r\n\t\t\t\tdisplayorder = " . intval($displayorder) . "\r\n\t\t\tWHERE prefixid = '" . $db->escape_string($prefixid) . "'\r\n\t\t"); } build_prefix_datastore(); define('CP_REDIRECT', 'prefix.php?do=list'); print_stop_message('saved_display_order_successfully'); } // ######################################################################## if ($_REQUEST['do'] == 'list') { $prefixsets_sql = $db->query_read("\r\n\t\tSELECT *\r\n\t\tFROM " . TABLE_PREFIX . "prefixset\r\n\t\tORDER BY displayorder\r\n\t"); $prefixsets = array(); while ($prefixset = $db->fetch_array($prefixsets_sql)) { $prefixsets["{$prefixset['prefixsetid']}"] = $prefixset; $prefixsets["{$prefixset['prefixsetid']}"]['prefixes'] = array(); } $prefixes_sql = $db->query_read("\r\n\t\tSELECT *\r\n\t\tFROM " . TABLE_PREFIX . "prefix\r\n\t\tORDER BY displayorder\r\n\t"); while ($prefix = $db->fetch_array($prefixes_sql)) { if (isset($prefixsets["{$prefix['prefixsetid']}"])) { $prefixsets["{$prefix['prefixsetid']}"]['prefixes']["{$prefix['prefixid']}"] = $prefix; } }
if (!empty($vbulletin->GPC['modaction'])) { $sqlconds[] = "action LIKE '%" . $db->escape_string_like($vbulletin->GPC['modaction']) . "%'"; } if (!empty($vbulletin->GPC['userid'])) { $sqlconds[] = "userid = " . $vbulletin->GPC['userid']; } if ($vbulletin->GPC['product']) { if ($vbulletin->GPC['product'] == 'vbulletin') { $sqlconds[] = "product IN ('', 'vbulletin')"; } else { $sqlconds[] = "product = '" . $db->escape_string($vbulletin->GPC['product']) . "'"; } } $db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "moderatorlog\n\t\tWHERE " . (!empty($sqlconds) ? implode("\r\n\tAND ", $sqlconds) : "") . "\n\t"); define('CP_REDIRECT', 'modlog.php?do=choose'); print_stop_message('pruned_moderator_log_successfully'); } // ###################### Start modify ####################### if ($_REQUEST['do'] == 'choose') { $users = $db->query_read("\n\t\tSELECT DISTINCT moderatorlog.userid, user.username\n\t\tFROM " . TABLE_PREFIX . "moderatorlog AS moderatorlog\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING(userid)\n\t\tORDER BY username\n\t"); $userlist = array('no_value' => $vbphrase['all_log_entries']); while ($user = $db->fetch_array($users)) { $userlist["{$user['userid']}"] = $user['username']; } print_form_header('modlog', 'view'); print_table_header($vbphrase['moderator_log_viewer']); print_input_row($vbphrase['log_entries_to_show_per_page'], 'perpage', 15); print_select_row($vbphrase['show_only_entries_generated_by'], 'userid', $userlist); print_time_row($vbphrase['start_date'], 'startdate', 0, 0); print_time_row($vbphrase['end_date'], 'enddate', 0, 0); if (count($products = fetch_product_list()) > 1) {
} } $userchange["{$fname}"] = $str ? $str : '-'; } break; } // sometimes we need translate the fieldname to show the phrases (database field and phrase have different name) $fieldnametrans = array('usergroupid' => 'primary_usergroup', 'membergroupids' => 'additional_usergroups'); if ($fieldnametrans["{$userchange['fieldname']}"]) { $userchange['fieldname'] = $fieldnametrans["{$userchange['fieldname']}"]; } // print the change $text = array(); $text[] = $vbphrase["{$userchange['fieldname']}"]; $text[] = $userchange['oldvalue']; $text[] = $userchange['newvalue']; print_cells_row($text, 0, false, -10); } print_table_footer(); } else { print_stop_message('no_userchange_history'); } } } print_cp_footer(); /*======================================================================*\ || #################################################################### || # Downloaded: 22:41, Fri Oct 10th 2008 || # CVS: $RCSfile$ - $Revision: 27484 $ || #################################################################### \*======================================================================*/
define('CP_REDIRECT', 'usertitle.php?do=modify'); print_stop_message('saved_user_title_x_successfully', $vbulletin->GPC['title']); } // ###################### Start Remove ####################### if ($_REQUEST['do'] == 'remove') { print_form_header('usertitle', 'kill'); construct_hidden_code('usertitleid', $vbulletin->GPC['usertitleid']); print_table_header($vbphrase['confirm_deletion']); print_description_row($vbphrase['are_you_sure_you_want_to_delete_this_user_title']); print_submit_row($vbphrase['yes'], '', 2, $vbphrase['no']); } // ###################### Start Kill ####################### if ($_POST['do'] == 'kill') { $db->query_write("DELETE FROM " . TABLE_PREFIX . "usertitle WHERE usertitleid = " . $vbulletin->GPC['usertitleid']); define('CP_REDIRECT', 'usertitle.php?do=modify'); print_stop_message('deleted_user_title_successfully'); } // ###################### Start modify ####################### if ($_REQUEST['do'] == 'modify') { $usertitles = $db->query_read("\r\n\t\tSELECT usertitleid, title, minposts\r\n\t\tFROM " . TABLE_PREFIX . "usertitle\r\n\t\tORDER BY minposts\r\n\t"); ?> <script type="text/javascript"> function js_usergroup_jump(usertitleid, obj) { task = obj.options[obj.selectedIndex].value; switch (task) { case 'edit': window.location = "usertitle.php?<?php echo $vbulletin->session->vars['sessionurl_js']; ?> do=edit&usertitleid=" + usertitleid; break;
print_form_header('usergroup', 'processjoinrequests'); construct_hidden_code('usergroupid', $vbulletin->GPC['usergroupid']); print_table_header("{$usergroup['title']} - ({$vbphrase['join_requests']}: {$usergroup['joinrequests']})", 6); if (!empty($leaders)) { print_description_row("<span style=\"font-weight:normal\">(" . $vbphrase['usergroup_leader'] . ': ' . implode(', ', $leaders) . ')</span>', 0, 6, 'thead'); } print_cells_row(array($vbphrase['username'], $vbphrase['reason'], '<span style="white-space:nowrap">' . $vbphrase['date'] . '</span>', '<input type="button" value="' . $vbphrase['accept'] . '" onclick="js_check_all_option(this.form, 1);" class="button" title="' . $vbphrase['check_all'] . '" />', '<input type="button" value=" ' . $vbphrase['deny'] . ' " onclick="js_check_all_option(this.form, 0);" class="button" title="' . $vbphrase['check_all'] . '" />', '<input type="button" value="' . $vbphrase['ignore'] . '" onclick="js_check_all_option(this.form, -1);" class="button" title="' . $vbphrase['check_all'] . '" />'), 1); $i = 0; while ($request = $db->fetch_array($requests)) { if ($i > 0 and $i % 10 == 0) { print_description_row('<div align="center"><input type="submit" class="button" value="' . $vbphrase['process'] . '" accesskey="s" tabindex="1" /></div>', 0, 6, 'thead'); } $i++; $cell = array("<a href=\"user.php?" . $vbulletin->session->vars['sessionurl'] . "do=edit&u={$request['userid']}\"><b>{$request['username']}</b></a>", $request['reason'], '<span class="smallfont">' . vbdate($vbulletin->options['dateformat'], $request['dateline']) . '<br />' . vbdate($vbulletin->options['timeformat'], $request['dateline']) . '</span>', '<label for="a' . $request['usergrouprequestid'] . '" class="smallfont">' . $vbphrase['accept'] . '<input type="radio" name="request[' . $request['usergrouprequestid'] . ']" value="1" id="a' . $request['usergrouprequestid'] . '" tabindex="1" /></label>', '<label for="d' . $request['usergrouprequestid'] . '" class="smallfont">' . $vbphrase['deny'] . '<input type="radio" name="request[' . $request['usergrouprequestid'] . ']" value="0" id="d' . $request['usergrouprequestid'] . '" tabindex="1" /></label>', '<label for="i' . $request['usergrouprequestid'] . '" class="smallfont">' . $vbphrase['ignore'] . '<input type="radio" name="request[' . $request['usergrouprequestid'] . ']" value="-1" id="i' . $request['usergrouprequestid'] . '" tabindex="1" checked="checked" /></label>'); print_cells_row($cell, 0, '', -5); } unset($request); $db->free_result($requests); print_submit_row($vbphrase['process'], $vbphrase['reset'], 6); } else { print_stop_message('no_join_requests_matched_your_query'); } } } print_cp_footer(); /*======================================================================*\ || #################################################################### || # Downloaded: 22:41, Fri Oct 10th 2008 || # CVS: $RCSfile$ - $Revision: 27232 $ || #################################################################### \*======================================================================*/
/** * Simple vB Redirection Function * * @param string $do * @param string $stopmessage * @param string $var */ function redirect($do, $stopmessage, $var = '') { define('CP_REDIRECT', "ame.php?do={$do}"); print_stop_message($stopmessage, $var); }
// ############################################################################# if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'modify'; } // ############################################################################# if ($_POST['do'] == 'update') { $vbulletin->input->clean_array_gpc('p', array('cssprefs' => TYPE_STR, 'dismissednews' => TYPE_STR)); foreach ($vbulletin->GPC['adminpermissions'] as $key => $value) { $admindm->set_bitfield('adminpermissions', $key, $value); } ($hook = vBulletinHook::fetch_hook('admin_permissions_process')) ? eval($hook) : false; $admindm->set('cssprefs', $vbulletin->GPC['cssprefs']); $admindm->set('dismissednews', $vbulletin->GPC['dismissednews']); $admindm->save(); define('CP_REDIRECT', "adminpermissions.php?" . $vbulletin->session->vars['sessionurl'] . "#user{$user['userid']}"); print_stop_message('saved_administrator_permissions_successfully'); } // ############################################################################# if ($_REQUEST['do'] == 'edit') { echo "<p align=\"center\">{$vbphrase['give_admin_access_arbitrary_html']}</p>"; print_form_header('adminpermissions', 'update'); construct_hidden_code('userid', $vbulletin->GPC['userid']); construct_hidden_code('oldpermissions', $user['adminpermissions']); print_table_header(construct_phrase($vbphrase['x_y_id_z'], $vbphrase['administrator_permissions'], $user['username'], $user['userid'])); print_label_row("{$vbphrase['administrator']}: <a href=\"user.php?" . $vbulletin->session->vars['sessionurl'] . "do=edit&u=" . $vbulletin->GPC['userid'] . "\">{$user['username']}</a>", '<div align="' . $stylevar['right'] . '"><input type="button" class="button" value=" ' . $vbphrase['all_yes'] . ' " onclick="js_check_all_option(this.form, 1);" /> <input type="button" class="button" value=" ' . $vbphrase['all_no'] . ' " onclick="js_check_all_option(this.form, 0);" /></div>', 'thead'); foreach (convert_bits_to_array($user['adminpermissions'], $ADMINPERMISSIONS) as $field => $value) { print_yes_no_row($permsphrase["{$field}"] == '' ? $vbphrase['n_a'] : $permsphrase["{$field}"], "adminpermissions[{$field}]", $value); } ($hook = vBulletinHook::fetch_hook('admin_permissions_form')) ? eval($hook) : false; print_select_row($vbphrase['control_panel_style_choice'], 'cssprefs', array_merge(array('' => "({$vbphrase['default']})"), fetch_cpcss_options()), $user['cssprefs']); print_input_row($vbphrase['dismissed_news_item_ids'], 'dismissednews', $user['dismissednews']);
} if (!empty($vbulletin->GPC['pageaction'])) { $action = $vbulletin->GPC['pageaction']; } else { if ($strpos and preg_match('#do=([^&]+)(&|$)#sU', substr($fullpage, $strpos), $matches)) { $action = $matches[1]; } else { $action = ''; } } if (empty($vbulletin->GPC['option'])) { $vbulletin->GPC['option'] = NULL; } $helptopics = $db->query_read("\n\t\tSELECT *, LENGTH(action) AS length\n\t\tFROM " . TABLE_PREFIX . "adminhelp\n\t\tWHERE script = '" . $db->escape_string($pagename) . "' AND\n\t\t\t(action = '' OR FIND_IN_SET('" . $db->escape_string($action) . "', action))\n\t\t\t" . iif($vbulletin->GPC['option'] !== NULL, "AND\n\t\t\toptionname = '" . $db->escape_string($vbulletin->GPC['option']) . "'") . " AND\n\t\t\tdisplayorder <> 0\n\t\tORDER BY length, displayorder\n\t"); if (($resultcount = $db->num_rows($helptopics)) == 0) { print_stop_message('no_help_topics'); } else { $general = array(); $specific = array(); $phraseSQL = array(); while ($topic = $db->fetch_array($helptopics)) { $phrasename = $db->escape_string(fetch_help_phrase_short_name($topic)); $phraseSQL[] = "'{$phrasename}" . "_title'"; $phraseSQL[] = "'{$phrasename}" . "_text'"; if (!$topic['action']) { $general[] = $topic; } else { $specific[] = $topic; } } // query phrases
$gettitle = $db->query_first("\n\t\t\t\t\t\tSELECT title\n\t\t\t\t\t\tFROM " . TABLE_PREFIX . "usertitle\n\t\t\t\t\t\tWHERE minposts <= {$getuserid['posts']}\n\t\t\t\t\t\tORDER BY minposts DESC\n\t\t\t\t\t"); $usertitle = $gettitle['title']; } else { $usertitle = $vbulletin->usergroupcache["2"]['usertitle']; } } else { $usertitle = $getuserid['usertitle']; } $userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT); $userdm->set_existing($getuserid); $userdm->set('usergroupid', 2); $getuserid['usergroupid'] = 2; if ($getuserid['displaygroupid'] == 7) { $userdm->set('displaygroupid', 2); $getuserid['displaygroupid'] = 2; } $userdm->set('usertitle', $usertitle); $userdm->save(); unset($userdm); } define('CP_REDIRECT', "moderator.php?do=showlist"); print_stop_message('deleted_moderators_successfully'); } } print_cp_footer(); /*======================================================================*\ || #################################################################### || # Downloaded: 08:19, Wed Nov 5th 2008 || # CVS: $RCSfile$ - $Revision: 27232 $ || #################################################################### \*======================================================================*/
$tags = fetch_tag_list('', true); if ($vbulletin->GPC['twoparams'] and isset($tags['option'][$vbulletin->GPC['bbcodetag']]) or !$vbulletin->GPC['twoparams'] and isset($tags['no_option'][$vbulletin->GPC['bbcodetag']])) { print_stop_message('there_is_already_bb_code_named_x', htmlspecialchars_uni($vbulletin->GPC['bbcodetag'])); } } $vbulletin->GPC['bbcodereplacement'] = str_replace('%', '%%', $vbulletin->GPC['bbcodereplacement']); if ($vbulletin->GPC['twoparams']) { $vbulletin->GPC['bbcodereplacement'] = str_replace('{param}', '%1$s', $vbulletin->GPC['bbcodereplacement']); $vbulletin->GPC['bbcodereplacement'] = str_replace('{option}', '%2$s', $vbulletin->GPC['bbcodereplacement']); } else { $vbulletin->GPC['bbcodereplacement'] = str_replace('{param}', '%1$s', $vbulletin->GPC['bbcodereplacement']); } $db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "bbcode SET\n\t\t\ttitle = '" . $db->escape_string($vbulletin->GPC['title']) . "',\n\t\t\tbbcodetag = '" . $db->escape_string($vbulletin->GPC['bbcodetag']) . "',\n\t\t\tbbcodereplacement = '" . $db->escape_string($vbulletin->GPC['bbcodereplacement']) . "',\n\t\t\tbbcodeexample = '" . $db->escape_string($vbulletin->GPC['bbcodeexample']) . "',\n\t\t\tbbcodeexplanation = '" . $db->escape_string($vbulletin->GPC['bbcodeexplanation']) . "',\n\t\t\ttwoparams = '" . $db->escape_string($vbulletin->GPC['twoparams']) . "',\n\t\t\tbuttonimage = '" . $db->escape_string($vbulletin->GPC['buttonimage']) . "',\n\t\t\toptions = " . convert_array_to_bits($vbulletin->GPC['options'], $vbulletin->bf_misc['bbcodeoptions']) . "\n\t\tWHERE bbcodeid = " . $vbulletin->GPC['bbcodeid']); build_bbcode_cache(); define('CP_REDIRECT', 'bbcode.php?do=modify'); print_stop_message('saved_bb_code_x_successfully', "[" . $vbulletin->GPC['bbcodetag'] . "]"); } // ####################################### REMOVE ##################################### if ($_REQUEST['do'] == 'remove') { $vbulletin->input->clean_array_gpc('r', array('bbcodeid' => TYPE_INT)); print_delete_confirmation('bbcode', $vbulletin->GPC['bbcodeid'], 'bbcode', 'kill', 'bb_code'); } // ######################################## KILL ##################################### if ($_POST['do'] == 'kill') { $vbulletin->input->clean_array_gpc('p', array('bbcodeid' => TYPE_INT)); $db->query_write("DELETE FROM " . TABLE_PREFIX . "bbcode WHERE bbcodeid = " . $vbulletin->GPC['bbcodeid']); build_bbcode_cache(); $_REQUEST['do'] = 'modify'; } // ######################################### TEST ###################################### if ($_POST['do'] == 'test') {
define('CP_CONTINUE', $merge_url); print_stop_message('product_x_imported_need_merge', $info['productid'], htmlspecialchars($merge_url)); } } else { print_stop_message('product_x_imported', $info['productid']); } } // ############################################################################# if ($_REQUEST['do'] == 'productexport') { require_once DIR . '/includes/class_xml.php'; $xml = new vB_XML_Builder($vbulletin); $vbulletin->input->clean_array_gpc('r', array('productid' => TYPE_STR)); // Set up the parent tag $product_details = $db->query_first("\r\n\t\tSELECT *\r\n\t\tFROM " . TABLE_PREFIX . "product\r\n\t\tWHERE productid = '" . $db->escape_string($vbulletin->GPC['productid']) . "'\r\n\t"); if (!$product_details) { print_stop_message('invalid_product_specified'); } $export_styleid = -1; $export_languageids = array(-1, 0); // ############## main product info $xml->add_group('product', array('productid' => strtolower($product_details['productid']), 'active' => $product_details['active'])); // Parent for product $xml->add_tag('title', $product_details['title']); $xml->add_tag('description', $product_details['description']); $xml->add_tag('version', $product_details['version']); $xml->add_tag('url', $product_details['url']); $xml->add_tag('versioncheckurl', $product_details['versioncheckurl']); ($hook = vBulletinHook::fetch_hook('admin_product_export')) ? eval($hook) : false; // ############## dependencies $product_dependencies = $db->query_read("\r\n\t\tSELECT *\r\n\t\tFROM " . TABLE_PREFIX . "productdependency\r\n\t\tWHERE productid = '" . $db->escape_string($vbulletin->GPC['productid']) . "'\r\n\t\tORDER BY dependencytype, parentproductid, minversion\r\n\t"); $xml->add_group('dependencies');
/*insert query*/ $db->query_write("\n\t\t\tINSERT INTO " . TABLE_PREFIX . "attachmenttype\n\t\t\t(\n\t\t\t\textension,\n\t\t\t\tsize,\n\t\t\t\theight,\n\t\t\t\twidth,\n\t\t\t\tmimetype,\n\t\t\t\tcontenttypes\n\t\t\t)\n\t\t\tVALUES\n\t\t\t(\n\t\t\t\t'" . $db->escape_string($vbulletin->GPC['type']['extension']) . "',\n\t\t\t\t" . intval($vbulletin->GPC['type']['size']) . ",\n\t\t\t\t" . intval($vbulletin->GPC['type']['height']) . ",\n\t\t\t\t" . intval($vbulletin->GPC['type']['width']) . ",\n\t\t\t\t'" . $db->escape_string($vbulletin->GPC['type']['mimetype']) . "',\n\t\t\t\t'" . $db->escape_string($vbulletin->GPC['type']['contenttype']) . "'\n\t\t\t)\n\t\t"); build_attachment_permissions(); } print_stop_message('saved_attachment_type_x_successfully', $vbulletin->GPC['type']['extension']); } // ###################### Remove File Type #################### if ($_REQUEST['do'] == 'removetype') { $vbulletin->input->clean_array_gpc('r', array('extension' => TYPE_STR)); print_form_header('attachment', 'killtype', 0, 1, '', '75%'); construct_hidden_code('extension', $vbulletin->GPC['extension']); print_table_header(construct_phrase($vbphrase['confirm_deletion_of_attachment_type_x'], $vbulletin->GPC['extension'])); print_description_row("\n\t\t<blockquote><br />" . construct_phrase($vbphrase['are_you_sure_you_want_to_delete_the_attachment_type_x'], $vbulletin->GPC['extension']) . "\n\t\t<br /></blockquote>\n\t"); print_submit_row($vbphrase['yes'], 0, 2, $vbphrase['no']); } // ###################### Kill File Type #################### if ($_POST['do'] == 'killtype') { $vbulletin->input->clean_array_gpc('r', array('extension' => TYPE_STR)); $db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "attachmenttype\n\t\tWHERE extension = '" . $db->escape_string($vbulletin->GPC['extension']) . "'\n\t"); $db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "attachmentpermission\n\t\tWHERE extension = '" . $db->escape_string($vbulletin->GPC['extension']) . "'\n\t"); build_attachment_permissions(); define('CP_REDIRECT', 'attachment.php?do=types'); print_stop_message('deleted_attachment_type_successfully'); } print_cp_footer(); /*======================================================================*\ || #################################################################### || # Downloaded: 03:13, Sat Sep 7th 2013 || # CVS: $RCSfile$ - $Revision: 76725 $ || #################################################################### \*======================================================================*/
print_stop_message('please_complete_required_fields'); } if (empty($vbulletin->GPC['infractionbanid'])) { $db->query_write("INSERT INTO " . TABLE_PREFIX . "infractionban (amount) VALUES (0)"); $vbulletin->GPC['infractionbanid'] = $db->insert_id(); } $db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "infractionban\n\t\tSET amount = " . $vbulletin->GPC['amount'] . ",\n\t\t\tmethod = '" . $db->escape_string($vbulletin->GPC['method']) . "',\n\t\t\tusergroupid = " . $vbulletin->GPC['usergroupid'] . ",\n\t\t\tbanusergroupid = " . $vbulletin->GPC['banusergroupid'] . ",\n\t\t\tperiod = '" . $db->escape_string($vbulletin->GPC['period']) . "'\n\t\tWHERE infractionbanid = " . $vbulletin->GPC['infractionbanid'] . "\n\t"); define('CP_REDIRECT', 'admininfraction.php?do=modify'); print_stop_message('saved_automatic_ban_successfully'); } // ###################### Start Remove ####################### if ($_REQUEST['do'] == 'removebangroup') { print_form_header('admininfraction', 'killbangroup'); construct_hidden_code('infractionbanid', $vbulletin->GPC['infractionbanid']); print_table_header(construct_phrase($vbphrase['confirm_deletion_x'], $vbphrase['automatic_ban'])); print_description_row($vbphrase['are_you_sure_you_want_to_delete_this_automatic_ban']); print_submit_row($vbphrase['yes'], '', 2, $vbphrase['no']); } // ###################### Start Kill ####################### if ($_POST['do'] == 'killbangroup') { $db->query_write("DELETE FROM " . TABLE_PREFIX . "infractionban WHERE infractionbanid = " . $vbulletin->GPC['infractionbanid']); define('CP_REDIRECT', 'admininfraction.php?do=modify'); print_stop_message('deleted_automatic_ban_successfully'); } print_cp_footer(); /*======================================================================*\ || #################################################################### || # Downloaded: 12:39, Wed May 30th 2012 || # CVS: $RCSfile$ - $Revision: 39862 $ || #################################################################### \*======================================================================*/
} // ###################### Start Remove ################################### if ($_REQUEST['do'] == 'remove_group') { // check for there is no groups mapped to this one // admincp_check_for_mapped_groups( $vbulletin->GPC['group_id'] ); print_form_header($this_script, 'kill_group'); construct_hidden_code('group_id', $vbulletin->GPC['group_id']); print_table_header($vbphrase['confirm_deletion']); print_description_row($vbphrase['nntp_are_you_sure_you_want_to_delete_this_group']); print_submit_row($vbphrase['yes'], '', 2, $vbphrase['no']); } // ###################### Start Kill ##################################### if ($_REQUEST['do'] == 'kill_group') { $group_id = $vbulletin->GPC['group_id']; define('CP_REDIRECT', $this_script . '.php?do=list'); if ($nntp_group->delete_group($group_id)) { print_stop_message('nntp_group_deleted_successfully'); } else { print_stop_message('nntp_group_deleted_defeated'); } } // ###################### Start clean ##################################### if ($_REQUEST['do'] == 'group_clean') { $group_id = $vbulletin->GPC['group_id']; define('CP_REDIRECT', $this_script . '.php?do=list'); if ($nntp_group->clean_group($group_id)) { print_stop_message('nntp_group_cleaned_successfully'); } else { print_stop_message('nntp_group_cleaned_defeated'); } }
print_cells_row($headercell, 1); while ($user = $db->fetch_array($permusers)) { print_cells_row(construct_banned_user_row($user)); } print_submit_row($vbphrase['ban_user'], 0, 8); } if (!$havebanned) { if ($canbanuser) { print_stop_message('no_users_banned_from_x_board_click_here', '<b>' . $vbulletin->options['bbtitle'] . '</b>', 'banning.php?' . $vbulletin->session->vars['sessionurl'] . 'do=banuser'); } else { print_stop_message('no_users_banned_from_x_board', '<b>' . $vbulletin->options['bbtitle'] . '</b>'); } } } print_cp_footer(); /*======================================================================*\ || #################################################################### || # || # CVS: $RCSfile$ - $Revision: 35055 $ || #################################################################### \*======================================================================*/ ?>
/** * Verifies the CP sessionhash is sent through with the request to prevent * an XSS-style issue. * * @param boolean Whether to halt if an error occurs * @param string Name of the input variable to look at * * @return boolean True on success, false on failure */ function verify_cp_sessionhash($halt = true, $input = 'hash') { global $vbulletin; if (!isset($vbulletin->GPC["{$input}"])) { $vbulletin->input->clean_array_gpc('r', array($input => TYPE_STR)); } if ($vbulletin->GPC["{$input}"] != CP_SESSIONHASH) { if ($halt) { print_stop_message('security_alert_hash_mismatch'); } else { return false; } } return true; }
else { print_label_row($bitfieldnames["$val"], '<b>' . $vbphrase['no'] . '</b>'); } } } print_table_footer(); } // ###################### Start viewing resources for specific user ######################## if ($_REQUEST['do'] == 'viewuser') { $userinfo = fetch_userinfo($vbulletin->GPC['userid']); if (!$userinfo) { print_stop_message('invalid_user_specified'); } $perms = cache_permissions($userinfo); print_form_header('', ''); print_table_header($userinfo['username'] . " <span class=\"normal\">(userid: $userinfo[userid])</span>"); foreach ($userinfo['forumpermissions'] AS $forumid => $forumperms) { print_table_header($vbulletin->forumcache["$forumid"]['title'] . " <span class=\"normal\">(forumid: $forumid)</span>"); foreach ($vbulletin->bf_ugp_forumpermissions AS $key => $val) { if (bitwise($userinfo['forumpermissions']["$forumid"], $val)) { print_label_row($bitfieldnames["$val"], '<b>' . $vbphrase['yes'] . '</b>');
// remove record from ad_cache unset($ad_cache[$vbulletin->GPC['adid']]); $ad_cache = array_values($ad_cache); // rebuild affected template require_once DIR . '/includes/functions_ad.php'; $template = build_ad_template($adlocation); $template_un = $template; require_once DIR . '/includes/adminfunctions_template.php'; $template = compile_template($template); // note: we are skipping the error check this time around because it would not make sense to ask user to check the // template if they've already confirmed at other locations that their if conditions are wrong or whatever, and they // cannot fix it here. $db->query_write("\r\n\t\tUPDATE " . TABLE_PREFIX . "template SET\r\n\t\t\ttemplate = '" . $db->escape_string($template) . "',\r\n\t\t\ttemplate_un = '" . $db->escape_string($template_un) . "',\r\n\t\t\tdateline = " . TIMENOW . ",\r\n\t\t\tusername = '******'username']) . "'\r\n\t\tWHERE\r\n\t\t\ttitle = 'ad_" . $db->escape_string($adlocation) . "'\r\n\t\tAND\r\n\t\t\tstyleid IN (-1,0)\r\n\t"); build_all_styles(); define('CP_REDIRECT', 'ad.php?do=modify'); print_stop_message('deleted_ad_successfully'); } // ############################################################################# // quick update of active and display order fields if ($_POST['do'] == 'quickupdate') { $vbulletin->input->clean_array_gpc('p', array('active' => TYPE_ARRAY_BOOL, 'displayorder' => TYPE_ARRAY_UINT, 'displayorderswap' => TYPE_CONVERT_KEYS)); $changes = false; $update_ids = '0'; $update_active = ''; $update_displayorder = ''; $ads_dispord = array(); $changed_locations = array(); $ads_result = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "ad"); while ($ad = $db->fetch_array($ads_result)) { $ads_dispord["{$ad['adid']}"] = $ad['displayorder']; if (intval($ad['active']) != $vbulletin->GPC['active']["{$ad['adid']}"] or $ad['displayorder'] != $vbulletin->GPC['displayorder']["{$ad[$adid]}"]) {
// update handler - we sent the site details form (add new or edit old one) if ($_POST['do'] == 'update') { $vbulletin->input->clean_array_gpc('p', array('bookmarksiteid' => TYPE_UINT, 'title' => TYPE_NOHTML, 'iconpath' => TYPE_STR, 'active' => TYPE_BOOL, 'displayorder' => TYPE_UINT, 'url' => TYPE_STR, 'utf8encode' => TYPE_BOOL)); $vbulletin->GPC['url'] = preg_replace('/&(?!(#[0-9]+|[a-z]+);)/U', '&', $vbulletin->GPC['url']); if (!$vbulletin->GPC['title'] or !$vbulletin->GPC['url']) { print_stop_message('please_complete_required_fields'); } if ($vbulletin->GPC['bookmarksiteid'] and $bookmarksite = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bookmarksite WHERE bookmarksiteid = " . $vbulletin->GPC['bookmarksiteid'])) { $db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "bookmarksite SET\n\t\t\t\ttitle = '" . $db->escape_string($vbulletin->GPC['title']) . "',\n\t\t\t\ticonpath = '" . $db->escape_string($vbulletin->GPC['iconpath']) . "',\n\t\t\t\tactive = " . $vbulletin->GPC['active'] . ",\n\t\t\t\tdisplayorder = " . $vbulletin->GPC['displayorder'] . ",\n\t\t\t\turl = '" . $db->escape_string($vbulletin->GPC['url']) . "',\n\t\t\t\tutf8encode = '" . $db->escape_string($vbulletin->GPC['utf8encode']) . "'\n\t\t\tWHERE bookmarksiteid = " . $vbulletin->GPC['bookmarksiteid']); } else { $db->query_write("\n\t\t\tINSERT INTO " . TABLE_PREFIX . "bookmarksite\n\t\t\t\t(title, iconpath, active, displayorder, url, utf8encode)\n\t\t\tVALUES (\n\t\t\t\t'" . $db->escape_string($vbulletin->GPC['title']) . "',\n\t\t\t\t'" . $db->escape_string($vbulletin->GPC['iconpath']) . "',\n\t\t\t\t" . $vbulletin->GPC['active'] . ",\n\t\t\t\t" . $vbulletin->GPC['displayorder'] . ",\n\t\t\t\t'" . $db->escape_string($vbulletin->GPC['url']) . "',\n\t\t\t\t'" . $db->escape_string($vbulletin->GPC['utf8encode']) . "'\n\t\t\t)\n\t\t"); } // rebuild the cache build_bookmarksite_datastore(); define('CP_REDIRECT', 'bookmarksite.php' . $vbulletin->session->vars['sessionurl_q']); print_stop_message('bookmark_site_saved_successfully'); $_REQUEST['do'] = 'modify'; } // ######################################################################## if ($_REQUEST['do'] == 'add' or $_REQUEST['do'] == 'edit') { $vbulletin->input->clean_array_gpc('r', array('bookmarksiteid' => TYPE_UINT)); print_form_header('bookmarksite', 'update'); print_column_style_code(array('width:35%', 'width:65%')); if ($_REQUEST['do'] == 'edit' and $bookmarksite = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bookmarksite WHERE bookmarksiteid = " . $vbulletin->GPC['bookmarksiteid'])) { // edit existing print_table_header($vbphrase['edit_social_bookmarking_site'] . " <span class=\"normal\">{$bookmarksite['title']}</span>"); construct_hidden_code('bookmarksiteid', $bookmarksite['bookmarksiteid']); } else { // add new $bookmarksite = $vbulletin->db->query_first("SELECT MAX(displayorder) AS displayorder FROM " . TABLE_PREFIX . "bookmarksite"); $bookmarksite['displayorder'] += 10;
/** * Reads XML style file and imports data from it into the database * * @param string XML data * @param integer Style ID * @param integer Parent style ID * @param string New style title * @param boolean Allow vBulletin version mismatch * @param integer Display order for new style * @param boolean Allow user selection of new style */ function xml_import_style($xml = false, $styleid = -1, $parentid = -1, $title = '', $anyversion = false, $displayorder = 1, $userselect = true) { // $GLOBALS['path'] needs to be passed into this function or reference $vbulletin->GPC['path'] global $vbulletin, $vbphrase; print_dots_start('<b>' . $vbphrase['importing_style'] . "</b>, {$vbphrase['please_wait']}", ':', 'dspan'); require_once DIR . '/includes/class_xml.php'; $xmlobj = new vB_XML_Parser($xml, $vbulletin->GPC['path']); if ($xmlobj->error_no == 1) { print_dots_stop(); print_stop_message('no_xml_and_no_path'); } else { if ($xmlobj->error_no == 2) { print_dots_stop(); print_stop_message('please_ensure_x_file_is_located_at_y', 'vbulletin-style.xml', $vbulletin->GPC['path']); } } if (!($arr = $xmlobj->parse())) { print_dots_stop(); print_stop_message('xml_error_x_at_line_y', $xmlobj->error_string(), $xmlobj->error_line()); } if (!$arr['templategroup']) { print_dots_stop(); print_stop_message('invalid_file_specified'); } $version = $arr['vbversion']; $master = $arr['type'] == 'master' ? 1 : 0; $title = empty($title) ? $arr['name'] : $title; $product = empty($arr['product']) ? 'vbulletin' : $arr['product']; $arr = $arr['templategroup']; if (empty($arr[0])) { $arr = array($arr); } $full_product_info = fetch_product_list(true); $product_info = $full_product_info["{$product}"]; // version check if ($version != $product_info['version'] and !$anyversion and !$master) { print_dots_stop(); print_stop_message('upload_file_created_with_different_version', $product_info['version'], $version); } if ($master) { // overwrite master style echo "<h3>{$vbphrase['master_style']}</h3>\n<p>{$vbphrase['please_wait']}</p>"; vbflush(); $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "template WHERE styleid = -10 AND (product = '" . $vbulletin->db->escape_string($product) . "'" . iif($product == 'vbulletin', " OR product = ''") . ")"); $vbulletin->db->query_write("UPDATE " . TABLE_PREFIX . "template SET styleid = -10 WHERE styleid = -1 AND (product = '" . $vbulletin->db->escape_string($product) . "'" . iif($product == 'vbulletin', " OR product = ''") . ")"); $styleid = -1; } else { if ($styleid == -1) { // creating a new style if ($test = $vbulletin->db->query_first("SELECT styleid FROM " . TABLE_PREFIX . "style WHERE title = '" . $vbulletin->db->escape_string($title) . "'")) { print_dots_stop(); print_stop_message('style_already_exists', $title); } else { echo "<h3><b>" . construct_phrase($vbphrase['creating_a_new_style_called_x'], $title) . "</b></h3>\n<p>{$vbphrase['please_wait']}</p>"; vbflush(); /*insert query*/ $styleresult = $vbulletin->db->query_write("\n\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "style\n\t\t\t\t\t(title, parentid, displayorder, userselect)\n\t\t\t\t\tVALUES\n\t\t\t\t\t('" . $vbulletin->db->escape_string($title) . "', {$parentid}, {$displayorder}, " . ($userselect ? 1 : 0) . ")\n\t\t\t\t"); $styleid = $vbulletin->db->insert_id($styleresult); } } else { // overwriting an existing style if ($getstyle = $vbulletin->db->query_first("SELECT title FROM " . TABLE_PREFIX . "style WHERE styleid = {$styleid}")) { echo "<h3><b>" . construct_phrase($vbphrase['overwriting_style_x'], $getstyle['title']) . "</b></h3>\n<p>{$vbphrase['please_wait']}</p>"; vbflush(); } else { print_dots_stop(); print_stop_message('cant_overwrite_non_existent_style'); } } } // types array... $types = array($vbphrase['template'], $vbphrase['stylevar'], $vbphrase['css'], $vbphrase['replacement_variable']); $querybits = array(); $querytemplates = 0; foreach ($arr as $templategroup) { if (empty($templategroup['template'][0])) { $tg = array($templategroup['template']); } else { $tg =& $templategroup['template']; } foreach ($tg as $template) { $title = $vbulletin->db->escape_string($template['name']); $template['template'] = $vbulletin->db->escape_string($template['value']); $template['username'] = $vbulletin->db->escape_string($template['username']); if ($template['templatetype'] != 'template') { // template is a special template $querybits[] = "({$styleid}, '{$template['templatetype']}', '{$title}', '{$template['template']}', '', {$template['date']}, '{$template['username']}', '" . $vbulletin->db->escape_string($template['version']) . "', '" . $vbulletin->db->escape_string($product) . "')"; } else { // template is a standard template $querybits[] = "({$styleid}, '{$template['templatetype']}', '{$title}', '" . $vbulletin->db->escape_string(compile_template($template['value'])) . "', '{$template['template']}', {$template['date']}, '{$template['username']}', '" . $vbulletin->db->escape_string($template['version']) . "', '" . $vbulletin->db->escape_string($product) . "')"; } if (++$querytemplates % 20 == 0) { /*insert query*/ $vbulletin->db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "template\n\t\t\t\t\t(styleid, templatetype, title, template, template_un, dateline, username, version, product)\n\t\t\t\t\tVALUES\n\t\t\t\t\t" . implode(',', $querybits) . "\n\t\t\t\t"); $querybits = array(); } } } // insert any remaining templates if (!empty($querybits)) { /*insert query*/ $vbulletin->db->query_write("\n\t\t\tREPLACE INTO " . TABLE_PREFIX . "template\n\t\t\t(styleid, templatetype, title, template, template_un, dateline, username, version, product)\n\t\t\tVALUES\n\t\t\t" . implode(',', $querybits) . "\n\t\t"); } unset($querybits); // now delete any templates that were moved into the temporary styleset for safe-keeping $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "template WHERE styleid = -10 AND (product = '" . $vbulletin->db->escape_string($product) . "'" . iif($product == 'vbulletin', " OR product = ''") . ")"); print_dots_stop(); }