function away_sendpmtoleaders($m, $uid, $a) { $q = "SELECT\r\n DISTINCT `prefix_user`.`id` as `uid`\r\n FROM `prefix_user`\r\n LEFT JOIN `prefix_groupusers` ON `prefix_groupusers`.`uid` = " . $uid . "\r\n LEFT JOIN `prefix_groups` ON `prefix_groups`.`id` = `prefix_groupusers`.`gid`\r\n WHERE `recht` <= -7\r\n OR (`mod1` = `prefix_user`.`id` AND `uid` = " . $uid . ")\r\n OR (`mod2` = `prefix_user`.`id` AND `uid` = " . $uid . ")\r\n OR (`mod3` = `prefix_user`.`id` AND `uid` = " . $uid . ")\r\n OR (`mod4` = `prefix_user`.`id` AND `uid` = " . $uid . ")"; $erg = db_query($q); while ($r = db_fetch_assoc($erg)) { sendpm($_SESSION['authid'], $r['uid'], 'Away-Anfrage', $m, -1); } }
function away_sendpmtoleaders($m, $uid, $a) { $q = "SELECT\r\n DISTINCT prefix_user.id as uid\r\n FROM prefix_user\r\n LEFT JOIN prefix_groupusers ON prefix_groupusers.uid = " . $uid . "\r\n LEFT JOIN prefix_groups ON prefix_groups.id = prefix_groupusers.gid\r\n WHERE recht <= -7\r\n OR (`mod1` = prefix_user.id AND uid = " . $uid . ")\r\n OR (`mod2` = prefix_user.id AND uid = " . $uid . ")\r\n OR (`mod3` = prefix_user.id AND uid = " . $uid . ")\r\n OR (`mod4` = prefix_user.id AND uid = " . $uid . ")"; $erg = db_query($q); while ($r = db_fetch_assoc($erg)) { sendpm($_SESSION['authid'], $r['uid'], 'Away-Anfrage', $m, -1); } }
// eintragen $name = $xname; $userreg = $lang['no']; if (!loggedin() and $allgAr['forum_regist'] != 0) { $x = user_regist($name, $mail, genkey(8)); $userreg = $lang['yes']; } db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`datime`,`ak`,`groupid`) VALUES ('" . genkey(8) . "','" . $name . "',NOW(),4," . $squad . ")"); $squad = escape($squad, 'integer'); $abf = "SELECT `mod1`, `mod2`, `mod4`, `name` FROM `prefix_groups` WHERE `id` = " . $squad; $erg = db_query($abf); $row = db_fetch_assoc($erg); $rulz = isset($_POST['rules']) ? $_POST['rules'] : $lang['no']; $skill = $skill_ar[$skill]; // bitte in der richtigen reihenfolge angeben, sonst das nicht gehen tun, kann. $mailtxt = sprintf($lang['joinusprivmsg'], $name, $row['name'], $skill, $mail, $hometown, $age, $icqnumber, $favmap, $ground, $rulz, $userreg); // pm an den leader sendpm($_SESSION['authid'], $row['mod1'], 'Joinus Anfrage', $mailtxt, -1); // Wenn Co Leader != Leader if ($row['mod2'] != $row['mod1']) { sendpm($_SESSION['authid'], $row['mod2'], 'Joinus Anfrage', $mailtxt, -1); } if ($row['mod4'] != $row['mod1'] and $row['mod2'] != $row['mod4']) { sendpm($_SESSION['authid'], $row['mod4'], 'Joinus Anfrage', $mailtxt, -1); } if (!loggedin() and $allgAr['forum_regist'] != 0) { echo $lang['amailhasbeensenttoyouwithmailandpass'] . '<br /><br />'; } echo sprintf($lang['leaderofxalert'], $row['name']); } $design->footer();
$itemsubject = $tradelog['subject']; sendpm($tradelog['sellerid'], 'trade_seller_send_subject', 'trade_seller_send_message', '0', 'System Message'); } elseif ($offlinestatus == STATUS_WAIT_BUYER) { $user = $tradelog['seller']; $itemsubject = $tradelog['subject']; sendpm($tradelog['buyerid'], 'trade_buyer_confirm_subject', 'trade_buyer_confirm_message', '0', 'System Message'); } elseif ($offlinestatus == STATUS_TRADE_SUCCESS) { $db->query("UPDATE {$tablepre}trades SET lastbuyer='{$tradelog['buyer']}', lastupdate='{$timestamp}', totalitems=totalitems+'{$tradelog['number']}', tradesum=tradesum+'{$tradelog['price']}' WHERE tid='{$tradelog['tid']}' AND pid='{$tradelog['pid']}'", 'UNBUFFERED'); $itemsubject = $tradelog['subject']; sendpm($tradelog['sellerid'], 'trade_success_subject', 'trade_success_message', '0', 'System Message'); sendpm($tradelog['buyerid'], 'trade_success_subject', 'trade_success_message', '0', 'System Message'); } elseif ($offlinestatus == STATUS_REFUND_CLOSE) { $db->query("UPDATE {$tablepre}trades SET amount=amount+'{$tradelog['number']}' WHERE tid='{$tradelog['tid']}' AND pid='{$tradelog['pid']}'", 'UNBUFFERED'); $itemsubject = $tradelog['subject']; sendpm($tradelog['sellerid'], 'trade_fefund_success_subject', 'trade_fefund_success_message', '0', 'System Message'); sendpm($tradelog['buyerid'], 'trade_fefund_success_subject', 'trade_fefund_success_message', '0', 'System Message'); } $message = trim($message); if ($message) { $message = daddslashes($tradelog['message'] . "\t\t\t" . $discuz_uid . "\t" . $discuz_user . "\t" . $timestamp . "\t" . nl2br(strip_tags(substr($message, 0, 200))), 1); } else { $message = daddslashes($tradelog['message'], 1); } $db->query("UPDATE {$tablepre}tradelog SET status='{$offlinestatus}', lastupdate='{$timestamp}', message='{$message}' WHERE orderid='{$orderid}'"); showmessage('trade_orderstatus_updated', 'trade.php?orderid=' . $orderid); } if (submitcheck('tradesubmit')) { if ($tradelog['status'] == 0) { $update = array(); if ($tradelog['sellerid'] == $discuz_uid) { $tradelog['baseprice'] = floatval($newprice);
function notifymembers($operation, $variable) { extract($GLOBALS, EXTR_SKIP); if (!empty($current)) { $subject = $message = ''; if ($settings = $db->result_first("SELECT value FROM {$tablepre}settings WHERE variable='{$variable}'")) { $settings = unserialize($settings); $subject = $settings['subject']; $message = $settings['message']; } } else { $current = 0; $subject = trim($subject); $message = trim(str_replace("\t", ' ', $message)); if ($notifymembers && !($subject && $message)) { cpmsg('members_newsletter_sm_invalid', '', 'error'); } if ($operation == 'reward') { $updatesql = ''; if ($updatecredittype == 0) { if (is_array($addextcredits) && !empty($addextcredits)) { foreach ($addextcredits as $key => $value) { $value = intval($value); if (isset($extcredits[$key]) && !empty($value)) { $updatesql .= ", extcredits{$key}=extcredits{$key}+({$value})"; } } } } else { if (is_array($resetextcredits) && !empty($resetextcredits)) { foreach ($resetextcredits as $key => $value) { $value = intval($value); if (isset($extcredits[$key]) && !empty($value)) { $updatesql .= ", extcredits{$key}=0"; } } } } if (!empty($updatesql)) { $db->query("UPDATE {$tablepre}members set uid=uid {$updatesql} WHERE {$conditions}", 'UNBUFFTERED'); } else { cpmsg('members_reward_invalid', '', 'error'); } if (!$notifymembers) { cpmsg('members_reward_succeed', '', 'succeed'); } } elseif ($operation == 'confermedal') { $medals = $_POST['medals']; if (!empty($medals)) { $medalids = $comma = ''; foreach ($medals as $key => $medalid) { $medalids .= "{$comma}'{$key}'"; $comma = ','; } $medalsnew = $comma = ''; $medalsnewarray = $medalidarray = array(); $query = $db->query("SELECT medalid, expiration FROM {$tablepre}medals WHERE medalid IN ({$medalids}) ORDER BY displayorder"); while ($medal = $db->fetch_array($query)) { $medal['status'] = empty($medal['expiration']) ? 0 : 1; $medal['expiration'] = empty($medal['expiration']) ? 0 : $timestamp + $medal['expiration'] * 86400; $medal['medal'] = $medal['medalid'] . (empty($medal['expiration']) ? '' : '|' . $medal['expiration']); $medalsnew .= $comma . $medal['medal']; $medalsnewarray[] = $medal; $medalidarray[] = $medal['medalid']; $comma = "\t"; } $uids = array(); $query = $db->query("SELECT uid FROM {$tablepre}members WHERE {$conditions}"); while ($medaluid = $db->fetch_array($query)) { $uids[] = $medaluid['uid']; } $query = $db->query("SELECT uid, medals FROM {$tablepre}memberfields WHERE uid IN (" . implode(',', $uids) . ")"); while ($medalnew = $db->fetch_array($query)) { $addmedalnew = ''; if (empty($medalnew['medals'])) { $addmedalnew = $medalsnew; } else { foreach ($medalidarray as $medalid) { if (!in_array($medalid, explode("\t", $medalnew['medals']))) { $addmedalnew .= $medalid . "\t"; } } $addmedalnew .= $medalnew['medals']; } $db->query("UPDATE {$tablepre}memberfields SET medals='" . $addmedalnew . "' WHERE uid='" . $medalnew['uid'] . "'", 'UNBUFFTERED'); foreach ($medalsnewarray as $medalnewarray) { $db->query("INSERT INTO {$tablepre}medallog (uid, medalid, type, dateline, expiration, status) VALUES ('" . $medalnew['uid'] . "', '" . $medalnewarray['medalid'] . "', '0', '{$timestamp}', '" . $medalnewarray['expiration'] . "', '" . $medalnewarray['status'] . "')"); } } } if (!$notifymembers) { cpmsg('members_confermedal_succeed', '', 'succeed'); } } $db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('{$variable}', '" . addslashes(serialize(array('subject' => $subject, 'message' => $message))) . "')"); } $pertask = intval($pertask); $current = intval($current); $continue = FALSE; if (in_array($sendvia, array('pm', 'email'))) { $query = $db->query("SELECT uid, username, groupid, email FROM {$tablepre}members WHERE {$conditions} LIMIT {$current}, {$pertask}"); while ($member = $db->fetch_array($query)) { $sendvia == 'pm' ? sendpm($member['uid'], $subject, $message, 0) : sendmail("{$member['username']} <{$member['email']}>", $subject, $message); $continue = TRUE; } } if ($continue) { $next = $current + $pertask; eval("\$lang[members_newsletter_processing] = \"" . $lang['members_newsletter_processing'] . "\";"); cpmsg("{$lang['members_newsletter_send']}: {$lang['members_newsletter_processing']}", "{$BASESCRIPT}?action=members&operation={$operation}&{$operation}submit=yes¤t={$next}&pertask={$pertask}&sendvia=" . rawurlencode($sendvia) . $urladd, 'loading'); } else { cpmsg('members' . ($operation ? '_' . $operation : '') . '_notify_succeed', '', 'succeed'); } }
} $touid =& $_G['collection']['uid']; $coef = 1; if ($touid) { $subject = $message = lang('message', 'collection_recommend_message', array('fromuser' => $_G['username'], 'collectioname' => $_G['collection']['name'], 'url' => $_GET['threadurl'])); if (C::t('home_blacklist')->count_by_uid_buid($touid, $_G['uid'])) { showmessage('is_blacklist', '', array(), array('return' => true)); } if ($value = getuserbyuid($touid)) { require_once libfile('function/friend'); $value['onlyacceptfriendpm'] = $value['onlyacceptfriendpm'] ? $value['onlyacceptfriendpm'] : ($_G['setting']['onlyacceptfriendpm'] ? 1 : 2); if ($_G['group']['allowsendallpm'] || $value['onlyacceptfriendpm'] == 2 || $value['onlyacceptfriendpm'] == 1 && friend_check($touid)) { $return = sendpm($touid, $subject, $message, '', 0, 0); } else { showmessage('message_can_not_send_onlyfriend', '', array(), array('return' => true)); } } else { showmessage('message_bad_touid', '', array(), array('return' => true)); } } else { $return = sendpm(0, $subject, $message, '', $pmid, 0); } if ($return > 0) { include_once libfile('function/stat'); updatestat('sendpm', 0, $coef); C::t('common_member_status')->update($_G['uid'], array('lastpost' => TIMESTAMP), 'UNBUFFERED'); !($_G['group']['exempt'] & 1) && updatecreditbyaction('sendpm', 0, array(), '', $coef); showmessage('collection_recommend_succ', '', array(), array('alert' => 'right', 'closetime' => true, 'showdialog' => 1)); } } }
space_merge($invite, 'field_home'); if (!empty($invite['privacy']['feed']['invite'])) { require_once libfile('function/feed'); $tite_data = array('username' => '<a href="home.php?mod=space&uid=' . $_G['uid'] . '">' . $_G['username'] . '</a>'); feed_add('friend', 'feed_invite', $tite_data, '', array(), '', array(), array(), '', '', '', 0, 0, '', $invite['uid'], $invite['username']); } if ($invite['appid']) { updatestat('appinvite'); } } if ($welcomemsg && !empty($welcomemsgtxt)) { $welcomtitle = !empty($_G['setting']['welcomemsgtitle']) ? $_G['setting']['welcomemsgtitle'] : "Welcome to " . $_G['setting']['bbname'] . "!"; $welcomtitle = addslashes(replacesitevar($welcomtitle)); $welcomemsgtxt = addslashes(replacesitevar($welcomemsgtxt)); if ($welcomemsg == 1) { sendpm($uid, $welcomtitle, $welcomemsgtxt, 0); } elseif ($welcomemsg == 2) { sendmail_cron($email, $welcomtitle, $welcomemsgtxt); } } if ($fromuid) { updatecreditbyaction('promotion_register', $fromuid); dsetcookie('promotion', ''); } dsetcookie('loginuser', ''); dsetcookie('activationauth', ''); dsetcookie('invite_auth', ''); $regverify = $_G['setting']['regverify']; loadcache('setting', true); $_G['setting']['lastmember'] = $username; save_syscache('setting', $_G['setting']);
/** * Handles the sending of the forum mailing in batches. * * What it does: * - Called by ?action=admin;area=news;sa=mailingsend * - Requires the send_mail permission. * - Redirects to itself when more batches need to be sent. * - Redirects to ?action=admin after everything has been sent. * * @uses the ManageNews template and email_members_send sub template. * @param bool $clean_only = false; if set, it will only clean the variables, put them in context, then return. */ public function action_mailingsend($clean_only = false) { global $txt, $context, $scripturl, $modSettings, $user_info; // A nice successful screen if you did it if (isset($_REQUEST['success'])) { $context['sub_template'] = 'email_members_succeeded'; loadTemplate('ManageNews'); return; } // If just previewing we prepare a message and return it for viewing if (isset($_POST['preview'])) { $context['preview'] = true; return $this->action_mailingcompose(); } // How many to send at once? Quantity depends on whether we are queueing or not. // @todo Might need an interface? (used in Post.controller.php too with different limits) $num_at_once = empty($modSettings['mail_queue']) ? 60 : 1000; // If by PM's I suggest we half the above number. if (!empty($_POST['send_pm'])) { $num_at_once /= 2; } checkSession(); // Where are we actually to? $context['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0; $context['email_force'] = !empty($_POST['email_force']) ? 1 : 0; $context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0; $context['total_emails'] = !empty($_POST['total_emails']) ? (int) $_POST['total_emails'] : 0; $context['max_id_member'] = !empty($_POST['max_id_member']) ? (int) $_POST['max_id_member'] : 0; $context['send_html'] = !empty($_POST['send_html']) ? 1 : 0; $context['parse_html'] = !empty($_POST['parse_html']) ? 1 : 0; // Create our main context. $context['recipients'] = array('groups' => array(), 'exclude_groups' => array(), 'members' => array(), 'exclude_members' => array(), 'emails' => array()); // Have we any excluded members? if (!empty($_POST['exclude_members'])) { $members = explode(',', $_POST['exclude_members']); foreach ($members as $member) { if ($member >= $context['start']) { $context['recipients']['exclude_members'][] = (int) $member; } } } // What about members we *must* do? if (!empty($_POST['members'])) { $members = explode(',', $_POST['members']); foreach ($members as $member) { if ($member >= $context['start']) { $context['recipients']['members'][] = (int) $member; } } } // Cleaning groups is simple - although deal with both checkbox and commas. if (isset($_POST['groups'])) { if (is_array($_POST['groups'])) { foreach ($_POST['groups'] as $group => $dummy) { $context['recipients']['groups'][] = (int) $group; } } elseif (trim($_POST['groups']) != '') { $groups = explode(',', $_POST['groups']); foreach ($groups as $group) { $context['recipients']['groups'][] = (int) $group; } } } // Same for excluded groups if (isset($_POST['exclude_groups'])) { if (is_array($_POST['exclude_groups'])) { foreach ($_POST['exclude_groups'] as $group => $dummy) { $context['recipients']['exclude_groups'][] = (int) $group; } } elseif (trim($_POST['exclude_groups']) != '') { $groups = explode(',', $_POST['exclude_groups']); foreach ($groups as $group) { $context['recipients']['exclude_groups'][] = (int) $group; } } } // Finally - emails! if (!empty($_POST['emails'])) { $addressed = array_unique(explode(';', strtr($_POST['emails'], array("\n" => ';', "\r" => ';', ',' => ';')))); foreach ($addressed as $curmem) { $curmem = trim($curmem); if ($curmem != '') { $context['recipients']['emails'][$curmem] = $curmem; } } } // If we're only cleaning drop out here. if ($clean_only) { return; } // Some functions we will need require_once SUBSDIR . '/Mail.subs.php'; if ($context['send_pm']) { require_once SUBSDIR . '/PersonalMessage.subs.php'; } // We are relying too much on writing to superglobals... $base_subject = !empty($_POST['subject']) ? $_POST['subject'] : ''; $base_message = !empty($_POST['message']) ? $_POST['message'] : ''; // Save the message and its subject in $context $context['subject'] = htmlspecialchars($base_subject, ENT_COMPAT, 'UTF-8'); $context['message'] = htmlspecialchars($base_message, ENT_COMPAT, 'UTF-8'); // Prepare the message for sending it as HTML if (!$context['send_pm'] && !empty($_POST['send_html'])) { // Prepare the message for HTML. if (!empty($_POST['parse_html'])) { $base_message = str_replace(array("\n", ' '), array('<br />' . "\n", ' '), $base_message); } // This is here to prevent spam filters from tagging this as spam. if (preg_match('~\\<html~i', $base_message) == 0) { if (preg_match('~\\<body~i', $base_message) == 0) { $base_message = '<html><head><title>' . $base_subject . '</title></head>' . "\n" . '<body>' . $base_message . '</body></html>'; } else { $base_message = '<html>' . $base_message . '</html>'; } } } if (empty($base_message) || empty($base_subject)) { $context['preview'] = true; return $this->action_mailingcompose(); } // Use the default time format. $user_info['time_format'] = $modSettings['time_format']; $variables = array('{$board_url}', '{$current_time}', '{$latest_member.link}', '{$latest_member.id}', '{$latest_member.name}'); // We might need this in a bit $cleanLatestMember = empty($_POST['send_html']) || $context['send_pm'] ? un_htmlspecialchars($modSettings['latestRealName']) : $modSettings['latestRealName']; // Replace in all the standard things. $base_message = str_replace($variables, array(!empty($_POST['send_html']) ? '<a href="' . $scripturl . '">' . $scripturl . '</a>' : $scripturl, standardTime(forum_time(), false), !empty($_POST['send_html']) ? '<a href="' . $scripturl . '?action=profile;u=' . $modSettings['latestMember'] . '">' . $cleanLatestMember . '</a>' : ($context['send_pm'] ? '[url=' . $scripturl . '?action=profile;u=' . $modSettings['latestMember'] . ']' . $cleanLatestMember . '[/url]' : $cleanLatestMember), $modSettings['latestMember'], $cleanLatestMember), $base_message); $base_subject = str_replace($variables, array($scripturl, standardTime(forum_time(), false), $modSettings['latestRealName'], $modSettings['latestMember'], $modSettings['latestRealName']), $base_subject); $from_member = array('{$member.email}', '{$member.link}', '{$member.id}', '{$member.name}'); // If we still have emails, do them first! $i = 0; foreach ($context['recipients']['emails'] as $k => $email) { // Done as many as we can? if ($i >= $num_at_once) { break; } // Don't sent it twice! unset($context['recipients']['emails'][$k]); // Dammit - can't PM emails! if ($context['send_pm']) { continue; } $to_member = array($email, !empty($_POST['send_html']) ? '<a href="mailto:' . $email . '">' . $email . '</a>' : $email, '??', $email); sendmail($email, str_replace($from_member, $to_member, $base_subject), str_replace($from_member, $to_member, $base_message), null, null, !empty($_POST['send_html']), 5); // Done another... $i++; } // Got some more to send this batch? $last_id_member = 0; if ($i < $num_at_once) { // Need to build quite a query! $sendQuery = '('; $sendParams = array(); if (!empty($context['recipients']['groups'])) { // Take the long route... $queryBuild = array(); foreach ($context['recipients']['groups'] as $group) { $sendParams['group_' . $group] = $group; $queryBuild[] = 'mem.id_group = {int:group_' . $group . '}'; if (!empty($group)) { $queryBuild[] = 'FIND_IN_SET({int:group_' . $group . '}, mem.additional_groups) != 0'; $queryBuild[] = 'mem.id_post_group = {int:group_' . $group . '}'; } } if (!empty($queryBuild)) { $sendQuery .= implode(' OR ', $queryBuild); } } if (!empty($context['recipients']['members'])) { $sendQuery .= ($sendQuery == '(' ? '' : ' OR ') . 'mem.id_member IN ({array_int:members})'; $sendParams['members'] = $context['recipients']['members']; } $sendQuery .= ')'; // If we've not got a query then we must be done! if ($sendQuery == '()') { redirectexit('action=admin'); } // Anything to exclude? if (!empty($context['recipients']['exclude_groups']) && in_array(0, $context['recipients']['exclude_groups'])) { $sendQuery .= ' AND mem.id_group != {int:regular_group}'; } if (!empty($context['recipients']['exclude_members'])) { $sendQuery .= ' AND mem.id_member NOT IN ({array_int:exclude_members})'; $sendParams['exclude_members'] = $context['recipients']['exclude_members']; } // Force them to have it? if (empty($context['email_force'])) { $sendQuery .= ' AND mem.notify_announcements = {int:notify_announcements}'; } require_once SUBSDIR . '/News.subs.php'; // Get the smelly people - note we respect the id_member range as it gives us a quicker query. $recipients = getNewsletterRecipients($sendQuery, $sendParams, $context['start'], $num_at_once, $i); foreach ($recipients as $row) { $last_id_member = $row['id_member']; // What groups are we looking at here? if (empty($row['additional_groups'])) { $groups = array($row['id_group'], $row['id_post_group']); } else { $groups = array_merge(array($row['id_group'], $row['id_post_group']), explode(',', $row['additional_groups'])); } // Excluded groups? if (array_intersect($groups, $context['recipients']['exclude_groups'])) { continue; } // We might need this $cleanMemberName = empty($_POST['send_html']) || $context['send_pm'] ? un_htmlspecialchars($row['real_name']) : $row['real_name']; // Replace the member-dependant variables $message = str_replace($from_member, array($row['email_address'], !empty($_POST['send_html']) ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $cleanMemberName . '</a>' : ($context['send_pm'] ? '[url=' . $scripturl . '?action=profile;u=' . $row['id_member'] . ']' . $cleanMemberName . '[/url]' : $cleanMemberName), $row['id_member'], $cleanMemberName), $base_message); $subject = str_replace($from_member, array($row['email_address'], $row['real_name'], $row['id_member'], $row['real_name']), $base_subject); // Send the actual email - or a PM! if (!$context['send_pm']) { sendmail($row['email_address'], $subject, $message, null, null, !empty($_POST['send_html']), 5); } else { sendpm(array('to' => array($row['id_member']), 'bcc' => array()), $subject, $message); } } } // If used our batch assume we still have a member. if ($i >= $num_at_once) { $last_id_member = $context['start']; } elseif (empty($last_id_member) && $context['start'] + $num_at_once < $context['max_id_member']) { $last_id_member = $context['start'] + $num_at_once; } elseif (empty($last_id_member) && empty($context['recipients']['emails'])) { // Log this into the admin log. logAction('newsletter', array(), 'admin'); redirectexit('action=admin;area=news;sa=mailingsend;success'); } $context['start'] = $last_id_member; // Working out progress is a black art of sorts. $percentEmails = $context['total_emails'] == 0 ? 0 : count($context['recipients']['emails']) / $context['total_emails'] * ($context['total_emails'] / ($context['total_emails'] + $context['max_id_member'])); $percentMembers = $context['start'] / $context['max_id_member'] * ($context['max_id_member'] / ($context['total_emails'] + $context['max_id_member'])); $context['percentage_done'] = round(($percentEmails + $percentMembers) * 100, 2); $context['page_title'] = $txt['admin_newsletters']; $context['sub_template'] = 'email_members_send'; }
showmessage('task_up_to_limit', 'task.php'); } require_once DISCUZ_ROOT . './include/tasks/' . $task['scriptname'] . '.inc.php'; $result = task_csc($task); if ($result === TRUE) { if ($task['reward']) { require_once DISCUZ_ROOT . './include/task.func.php'; $rewards = task_reward($task); if ($task['reward'] == 'magic') { $magicname = $db->result_first("SELECT name FROM {$tablepre}magics WHERE magicid='{$task['prize']}'"); } elseif ($task['reward'] == 'medal') { $medalname = $db->result_first("SELECT name FROM {$tablepre}medals WHERE medalid='{$task['prize']}'"); } elseif ($task['reward'] == 'group') { $grouptitle = $db->result_first("SELECT grouptitle FROM {$tablepre}usergroups WHERE groupid='{$task['prize']}'"); } sendpm($discuz_uid, 'task_reward_subject', 'task_reward_' . $task['reward'] . '_message', 0); } task_sufprocess(); $db->query("UPDATE {$tablepre}mytasks SET status='1', csc='100', dateline='{$timestamp}' WHERE uid='{$discuz_uid}' AND taskid='{$id}'"); $db->query("UPDATE {$tablepre}tasks SET achievers=achievers+1 WHERE taskid='{$id}'", 'UNBUFFERED'); if (!$db->result_first("SELECT COUNT(*) FROM {$tablepre}mytasks WHERE uid='{$discuz_uid}' AND status='0'")) { $db->query("UPDATE {$tablepre}members SET prompt=prompt^2 WHERE uid='{$discuz_uid}' AND prompt=prompt|2", 'UNBUFFERED'); } if ($inajax) { taskmessage('100', $task['reward'] ? 'task_reward_' . $task['reward'] : 'task_completed'); } else { showmessage('task_completed', 'task.php?item=done'); } } elseif ($result === FALSE) { $db->query("UPDATE {$tablepre}mytasks SET status='-1' WHERE uid='{$discuz_uid}' AND taskid='{$id}'", 'UNBUFFERED'); $inajax ? taskmessage('-1', 'task_failed') : showmessage('task_failed', 'task.php?item=failed');
function trade_buy() { //Buy An Item available from another user global $locale, $golddata; table_top($locale['urg_trade_113']); if (isset($_POST['id']) && !isNum($_POST['id'])) { redirect("index.php"); } //Get information on the item in question $result = dbquery("SELECT it.*, inv.*, u.user_name as owner_name\n\t\tFROM " . DB_UG3_INVENTORY . " inv\n\t\tLEFT JOIN " . DB_UG3_USAGE . " it ON inv.itemid = it.id\n\t\tLEFT JOIN " . DB_USERS . " u ON inv.ownerid = u.user_id\n\t\tWHERE inv.id = '" . $_GET['id'] . "'\n\t\tLIMIT 1"); if (dbrows($result)) { $item = dbarray($result); if ($item['trading'] != 1) { echo $locale['urg_trade_114']; print_r($item); } elseif ($golddata['cash'] < $item['tradecost']) { echo sprintf($locale['urg_trade_115'], $cost - $golddata['cash']); } else { //change item info $result = dbquery("UPDATE " . DB_UG3_INVENTORY . " SET ownerid = '" . $golddata['owner_id'] . "', amtpaid = '" . $item['tradecost'] . "', trading = '0' WHERE id = '" . $_GET['id'] . "' LIMIT 1"); //decrease user's money takegold2($golddata['owner_id'], $item['tradecost'], 'cash'); //give money to old owner payuser($item['owner_id'], $item['tradecost'], 'cash'); //prepare message $subject = sprintf($locale['urg_trade_116'], $item['name']); $message = sprintf($locale['urg_trade_117'], $golddata['owner_id'], $golddata['owner_name'], $item['name'], formatMoney($item['tradecost'])); //send sendpm($item['ownerid'], $subject, $message, $golddata['owner_id'], $golddata['owner_name']); echo sprintf($locale['urg_trade_118'], $item['name'], $item['owner_name']); } } else { echo $locale['urg_trade_128']; } pagerefresh('meta', '2', FUSION_SELF . '?op=trade_start'); closetable(); }
$pmin = 0; foreach ($_POST['in'] as $k => $v) { $tmin++; $pmin += db_result(db_query("SELECT rep FROM prefix_topics WHERE id = " . $k), 0, 0); db_query("UPDATE `prefix_topics` SET `fid` = " . $_POST['nfid'] . " WHERE id = " . $k); db_query("UPDATE prefix_posts SET `fid` = " . $_POST['nfid'] . " WHERE tid = " . $k); # autor benachrichtigen if (isset($_POST['alertautor']) and $_POST['alertautor'] == 'yes') { $uid = db_result(db_query("SELECT erstid FROM prefix_posts WHERE tid = " . $k . " ORDER BY id ASC LIMIT 1"), 0); $top = db_result(db_query("SELECT name FROM prefix_topics WHERE id = " . $k), 0); $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"]; $txt = 'Dein Thema "' . $top . '" wurde von dem Forum "' . $fal . '" in das neue Forum "' . $fne . '" verschoben... '; $txt .= "\n\n- [url=http://" . $page . "?forum-showposts-" . $k . "]Link zum Thema[/url]"; $txt .= "\n- [url=http://" . $page . "?forum-showtopics-" . $_POST['nfid'] . "]Link zum neuen Forum[/url]"; $txt .= "\n- [url=http://" . $page . "?forum-showtopics-" . $_POST['afid'] . "]Link zum alten Forum[/url]"; sendpm($_SESSION['authid'], $uid, 'Thema verschoben', $txt); } } $pmin = $pmin + $tmin; $apid = db_result(db_query("SELECT MAX(id) FROM prefix_posts WHERE fid = " . $_POST['afid']), 0); $npid = db_result(db_query("SELECT MAX(id) FROM prefix_posts WHERE fid = " . $_POST['nfid']), 0); if (empty($apid)) { $apid = 0; } db_query("UPDATE `prefix_forums` SET last_post_id = " . $apid . ", `posts` = `posts` - " . $pmin . ", `topics` = `topics` - " . $tmin . " WHERE id = " . $_POST['afid']); db_query("UPDATE `prefix_forums` SET last_post_id = " . $npid . ", `posts` = `posts` + " . $pmin . ", `topics` = `topics` + " . $tmin . " WHERE id = " . $_POST['nfid']); wd(array('neue Themen Übersicht' => 'index.php?forum-showtopics-' . $_POST['nfid'], 'alte Themen Übersicht' => 'index.php?forum-showtopics-' . $_POST['afid']), 'Thema erfolgreich verschoben', 3); } elseif ($csrfCheck and (isset($_POST['del']) or isset($_POST['shift']))) { echo '<form action="index.php?forum-editforum-' . $fid . '" method="POST">'; foreach ($_POST['in'] as $k => $v) { echo '<input type="hidden" name="in[' . $k . ']" value="' . $v . '" />';
private function _pmSend($res, $data) { global $_G; $touid = (int) $data['toUid']; $pmid = (int) $data['pmid']; $_GET['topmuid'] = $touid; $_POST['message'] = $this->_transMessage($data['msg']); $_POST['subject'] = ''; $users = array(); $type = 0; $waittime = interval_check('post'); if ($waittime > 0) { // showmessage('message_can_not_send_2', '', array(), array('return' => true)); return $this->makeErrorInfo($res, lang('message', 'message_can_not_send_2')); } if (($checkMessage = mobcent_cknewuser()) != '') { return $this->makeErrorInfo($res, WebUtils::emptyHtml($checkMessage)); } if (!checkperm('allowsendpm')) { // showmessage('no_privilege_sendpm', '', array(), array('return' => true)); return $this->makeErrorInfo($res, 'no_privilege_sendpm'); } if ($touid) { if (isblacklist($touid)) { // showmessage('is_blacklist', '', array(), array('return' => true)); return $this->makeErrorInfo($res, lang('message', 'is_blacklist')); } } // !($_G['group']['exempt'] & 1) && checklowerlimit('sendpm', 0, $coef); $message = (!empty($_POST['messageappend']) ? $_POST['messageappend'] . "\n" : '') . trim($_POST['message']); if (empty($message)) { // showmessage('unable_to_send_air_news', '', array(), array('return' => true)); return $this->makeErrorInfo($res, lang('message', 'unable_to_send_air_news')); } // $message = censor($message); loadcache(array('smilies', 'smileytypes')); foreach ($_G['cache']['smilies']['replacearray'] as $key => $smiley) { $_G['cache']['smilies']['replacearray'][$key] = '[img]' . $_G['siteurl'] . 'static/image/smiley/' . $_G['cache']['smileytypes'][$_G['cache']['smilies']['typearray'][$key]]['directory'] . '/' . $smiley . '[/img]'; } $message = preg_replace($_G['cache']['smilies']['searcharray'], $_G['cache']['smilies']['replacearray'], $message); $subject = ''; if ($type == 1) { $subject = dhtmlspecialchars(trim($_POST['subject'])); } include_once libfile('function/friend'); $return = 0; if ($touid || $pmid) { if ($touid) { if ($value = getuserbyuid($touid)) { $value['onlyacceptfriendpm'] = $value['onlyacceptfriendpm'] ? $value['onlyacceptfriendpm'] : ($_G['setting']['onlyacceptfriendpm'] ? 1 : 2); if ($_G['group']['allowsendallpm'] || $value['onlyacceptfriendpm'] == 2 || $value['onlyacceptfriendpm'] == 1 && friend_check($touid)) { $return = sendpm($touid, $subject, $message, '', 0, 0, $type); } else { // showmessage('message_can_not_send_onlyfriend', '', array(), array('return' => true)); return $this->makeErrorInfo($res, lang('message', 'message_can_not_send_onlyfriend')); } } else { // showmessage('message_bad_touid', '', array(), array('return' => true)); return $this->makeErrorInfo($res, lang('message', 'message_bad_touid')); } } else { $topmuid = intval($_GET['topmuid']); $return = sendpm($topmuid, $subject, $message, '', $pmid, 0); } } elseif ($users) { $newusers = $uidsarr = $membersarr = array(); if ($users) { $membersarr = C::t('common_member')->fetch_all_by_username($users); foreach ($membersarr as $aUsername => $aUser) { $uidsarr[] = $aUser['uid']; } } if (empty($membersarr)) { showmessage('message_bad_touser', '', array(), array('return' => true)); } if (isset($membersarr[$_G['uid']])) { showmessage('message_can_not_send_to_self', '', array(), array('return' => true)); } friend_check($uidsarr); foreach ($membersarr as $key => $value) { $value['onlyacceptfriendpm'] = $value['onlyacceptfriendpm'] ? $value['onlyacceptfriendpm'] : ($_G['setting']['onlyacceptfriendpm'] ? 1 : 2); if ($_G['group']['allowsendallpm'] || $value['onlyacceptfriendpm'] == 2 || $value['onlyacceptfriendpm'] == 1 && $_G['home_friend_' . $value['uid'] . '_' . $_G['uid']]) { $newusers[$value['uid']] = $value['username']; unset($users[array_search($value['username'], $users)]); } } if (empty($newusers)) { showmessage('message_can_not_send_onlyfriend', '', array(), array('return' => true)); } foreach ($newusers as $key => $value) { if (isblacklist($key)) { showmessage('is_blacklist', '', array(), array('return' => true)); } } $coef = count($newusers); $return = sendpm(implode(',', $newusers), $subject, $message, '', 0, 1, $type); } else { // showmessage('message_can_not_send_9', '', array(), array('return' => true)); return $this->makeErrorInfo($res, lang('message', 'message_can_not_send_9')); } if ($return > 0) { include_once libfile('function/stat'); updatestat('sendpm', 0, $coef); C::t('common_member_status')->update($_G['uid'], array('lastpost' => TIMESTAMP)); !($_G['group']['exempt'] & 1) && updatecreditbyaction('sendpm', 0, array(), '', $coef); if (!empty($newusers)) { if ($type == 1) { $returnurl = 'home.php?mod=space&do=pm&filter=privatepm'; } else { $returnurl = 'home.php?mod=space&do=pm'; } showmessage(count($users) ? 'message_send_result' : 'do_success', $returnurl, array('users' => implode(',', $users), 'succeed' => count($newusers))); } else { if (!defined('IN_MOBILE')) { // showmessage('do_success', 'home.php?mod=space&do=pm&subop=view&touid='.$touid, array('pmid' => $return), $_G['inajax'] ? array('msgtype' => 3, 'showmsg' => false) : array()); } else { // showmessage('do_success', 'home.php?mod=space&do=pm&subop=view'.(intval($_POST['touid']) ? '&touid='.intval($_POST['touid']) : ( intval($_POST['plid']) ? '&plid='.intval($_POST['plid']).'&daterange=1&type=1' : '' ))); } $res = $this->makeErrorInfo($res, 'do_success', array('noError' => 1, 'alert' => 0)); $msgInfo = uc_pm_viewnode($_G['uid'], $type, $return); $res['body']['plid'] = (int) $msgInfo['plid']; $res['body']['pmid'] = (int) $msgInfo['pmid']; $res['body']['sendTime'] = $msgInfo['dateline'] . '000'; // ios push UserUtils::pushIOSMessage($touid, 'pm', $_G['username'] . WebUtils::t(' 对 您 说: ') . $message); } } else { if (in_array($return, range(-16, -1))) { // showmessage('message_can_not_send_'.abs($return)); return $this->makeErrorInfo($res, lang('message', 'message_can_not_send_' . abs($return))); } else { // showmessage('message_can_not_send', '', array(), array('return' => true)); return $this->makeErrorInfo($res, lang('message', 'message_can_not_send')); } } return $res; }
include template('forum/collection_recommend'); } else { if (!$_GET['threadurl']) { showmessage('collection_recommend_url', '', array(), array('alert' => 'error', 'closetime' => true, 'showdialog' => 1)); } $touid =& $_G['collection']['uid']; $coef = 1; $subject = $message = lang('message', 'collection_recommend_message', array('fromuser' => $_G['username'], 'collectioname' => $_G['collection']['name'], 'url' => $_GET['threadurl'])); if (C::t('home_blacklist')->count_by_uid_buid($touid, $_G['uid'])) { showmessage('is_blacklist', '', array(), array('return' => true)); } if ($value = getuserbyuid($touid)) { require_once libfile('function/friend'); $value['onlyacceptfriendpm'] = $value['onlyacceptfriendpm'] ? $value['onlyacceptfriendpm'] : ($_G['setting']['onlyacceptfriendpm'] ? 1 : 2); if ($_G['group']['allowsendallpm'] || $value['onlyacceptfriendpm'] == 2 || $value['onlyacceptfriendpm'] == 1 && friend_check($touid)) { $return = sendpm($touid, $subject, $message, '', 0, 0); } else { showmessage('message_can_not_send_onlyfriend', '', array(), array('return' => true)); } } else { showmessage('message_bad_touid', '', array(), array('return' => true)); } if ($return > 0) { include_once libfile('function/stat'); updatestat('sendpm', 0, $coef); C::t('common_member_status')->update($_G['uid'], array('lastpost' => TIMESTAMP), 'UNBUFFERED'); !($_G['group']['exempt'] & 1) && updatecreditbyaction('sendpm', 0, array(), '', $coef); showmessage('collection_recommend_succ', '', array(), array('alert' => 'right', 'closetime' => true, 'showdialog' => 1)); } } }
function SendMailing($clean_only = false) { global $txt, $sourcedir, $context, $smcFunc; global $scripturl, $modSettings, $user_info; // How many to send at once? Quantity depends on whether we are queueing or not. $num_at_once = empty($modSettings['mail_queue']) ? 60 : 1000; // If by PM's I suggest we half the above number. if (!empty($_POST['send_pm'])) { $num_at_once /= 2; } checkSession(); // Where are we actually to? $context['start'] = isset($_REQUEST['start']) ? $_REQUEST['start'] : 0; $context['email_force'] = !empty($_POST['email_force']) ? 1 : 0; $context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0; $context['total_emails'] = !empty($_POST['total_emails']) ? (int) $_POST['total_emails'] : 0; $context['max_id_member'] = !empty($_POST['max_id_member']) ? (int) $_POST['max_id_member'] : 0; $context['send_html'] = !empty($_POST['send_html']) ? '1' : '0'; $context['parse_html'] = !empty($_POST['parse_html']) ? '1' : '0'; // Create our main context. $context['recipients'] = array('groups' => array(), 'exclude_groups' => array(), 'members' => array(), 'exclude_members' => array(), 'emails' => array()); // Have we any excluded members? if (!empty($_POST['exclude_members'])) { $members = explode(',', $_POST['exclude_members']); foreach ($members as $member) { if ($member >= $context['start']) { $context['recipients']['exclude_members'][] = (int) $member; } } } // What about members we *must* do? if (!empty($_POST['members'])) { $members = explode(',', $_POST['members']); foreach ($members as $member) { if ($member >= $context['start']) { $context['recipients']['members'][] = (int) $member; } } } // Cleaning groups is simple - although deal with both checkbox and commas. if (!empty($_POST['groups'])) { if (is_array($_POST['groups'])) { foreach ($_POST['groups'] as $group => $dummy) { $context['recipients']['groups'][] = (int) $group; } } else { $groups = explode(',', $_POST['groups']); foreach ($groups as $group) { $context['recipients']['groups'][] = (int) $group; } } } // Same for excluded groups if (!empty($_POST['exclude_groups'])) { if (is_array($_POST['exclude_groups'])) { foreach ($_POST['exclude_groups'] as $group => $dummy) { $context['recipients']['exclude_groups'][] = (int) $group; } } else { $groups = explode(',', $_POST['exclude_groups']); foreach ($groups as $group) { $context['recipients']['exclude_groups'][] = (int) $group; } } } // Finally - emails! if (!empty($_POST['emails'])) { $addressed = array_unique(explode(';', strtr($_POST['emails'], array("\n" => ';', "\r" => ';', ',' => ';')))); foreach ($addressed as $curmem) { $curmem = trim($curmem); if ($curmem != '') { $context['recipients']['emails'][$curmem] = $curmem; } } } // If we're only cleaning drop out here. if ($clean_only) { return; } require_once $sourcedir . '/Subs-Post.php'; // Save the message and its subject in $context $context['subject'] = htmlspecialchars($_POST['subject']); $context['message'] = htmlspecialchars($_POST['message']); // Prepare the message for sending it as HTML if (!$context['send_pm'] && !empty($_POST['send_html'])) { // Prepare the message for HTML. if (!empty($_POST['parse_html'])) { $_POST['message'] = str_replace(array("\n", ' '), array('<br />' . "\n", ' '), $_POST['message']); } // This is here to prevent spam filters from tagging this as spam. if (preg_match('~\\<html~i', $_POST['message']) == 0) { if (preg_match('~\\<body~i', $_POST['message']) == 0) { $_POST['message'] = '<html><head><title>' . $_POST['subject'] . '</title></head>' . "\n" . '<body>' . $_POST['message'] . '</body></html>'; } else { $_POST['message'] = '<html>' . $_POST['message'] . '</html>'; } } } // Use the default time format. $user_info['time_format'] = $modSettings['time_format']; $variables = array('{$board_url}', '{$current_time}', '{$latest_member.link}', '{$latest_member.id}', '{$latest_member.name}'); // We might need this in a bit $cleanLatestMember = empty($_POST['send_html']) || $context['send_pm'] ? un_htmlspecialchars($modSettings['latestRealName']) : $modSettings['latestRealName']; // Replace in all the standard things. $_POST['message'] = str_replace($variables, array(!empty($_POST['send_html']) ? '<a href="' . $scripturl . '">' . $scripturl . '</a>' : $scripturl, timeformat(forum_time(), false), !empty($_POST['send_html']) ? '<a href="' . $scripturl . '?action=profile;u=' . $modSettings['latestMember'] . '">' . $cleanLatestMember . '</a>' : ($context['send_pm'] ? '[url=' . $scripturl . '?action=profile;u=' . $modSettings['latestMember'] . ']' . $cleanLatestMember . '[/url]' : $cleanLatestMember), $modSettings['latestMember'], $cleanLatestMember), $_POST['message']); $_POST['subject'] = str_replace($variables, array($scripturl, timeformat(forum_time(), false), $modSettings['latestRealName'], $modSettings['latestMember'], $modSettings['latestRealName']), $_POST['subject']); $from_member = array('{$member.email}', '{$member.link}', '{$member.id}', '{$member.name}'); // If we still have emails, do them first! $i = 0; foreach ($context['recipients']['emails'] as $k => $email) { // Done as many as we can? if ($i >= $num_at_once) { break; } // Don't sent it twice! unset($context['recipients']['emails'][$k]); // Dammit - can't PM emails! if ($context['send_pm']) { continue; } $to_member = array($email, !empty($_POST['send_html']) ? '<a href="mailto:' . $email . '">' . $email . '</a>' : $email, '??', $email); sendmail($email, str_replace($from_member, $to_member, $_POST['subject']), str_replace($from_member, $to_member, $_POST['message']), null, null, !empty($_POST['send_html']), 5); // Done another... $i++; } // Got some more to send this batch? $last_id_member = 0; if ($i < $num_at_once) { // Need to build quite a query! $sendQuery = '('; $sendParams = array(); if (!empty($context['recipients']['groups'])) { // Take the long route... $queryBuild = array(); foreach ($context['recipients']['groups'] as $group) { $sendParams['group_' . $group] = $group; $queryBuild[] = 'mem.id_group = {int:group_' . $group . '}'; if (!empty($group)) { $queryBuild[] = 'FIND_IN_SET({int:group_' . $group . '}, mem.additional_groups) != 0'; $queryBuild[] = 'mem.id_post_group = {int:group_' . $group . '}'; } } if (!empty($queryBuild)) { $sendQuery .= implode(' OR ', $queryBuild); } } if (!empty($context['recipients']['members'])) { $sendQuery .= ($sendQuery == '(' ? '' : ' OR ') . 'mem.id_member IN ({array_int:members})'; $sendParams['members'] = $context['recipients']['members']; } $sendQuery .= ')'; // If we've not got a query then we must be done! if ($sendQuery == '()') { redirectexit('action=admin'); } // Anything to exclude? if (!empty($context['recipients']['exclude_groups']) && in_array(0, $context['recipients']['exclude_groups'])) { $sendQuery .= ' AND mem.id_group != {int:regular_group}'; } if (!empty($context['recipients']['exclude_members'])) { $sendQuery .= ' AND mem.id_member NOT IN ({array_int:exclude_members})'; $sendParams['exclude_members'] = $context['recipients']['exclude_members']; } // Force them to have it? if (empty($context['email_force'])) { $sendQuery .= ' AND mem.notify_announcements = {int:notify_announcements}'; } // Get the smelly people - note we respect the id_member range as it gives us a quicker query. $result = $smcFunc['db_query']('', ' SELECT mem.id_member, mem.email_address, mem.real_name, mem.id_group, mem.additional_groups, mem.id_post_group FROM {db_prefix}members AS mem WHERE mem.id_member > {int:min_id_member} AND mem.id_member < {int:max_id_member} AND ' . $sendQuery . ' AND mem.is_activated = {int:is_activated} ORDER BY mem.id_member ASC LIMIT {int:atonce}', array_merge($sendParams, array('min_id_member' => $context['start'], 'max_id_member' => $context['start'] + $num_at_once - $i, 'atonce' => $num_at_once - $i, 'regular_group' => 0, 'notify_announcements' => 1, 'is_activated' => 1))); while ($row = $smcFunc['db_fetch_assoc']($result)) { $last_id_member = $row['id_member']; // What groups are we looking at here? if (empty($row['additional_groups'])) { $groups = array($row['id_group'], $row['id_post_group']); } else { $groups = array_merge(array($row['id_group'], $row['id_post_group']), explode(',', $row['additional_groups'])); } // Excluded groups? if (array_intersect($groups, $context['recipients']['exclude_groups'])) { continue; } // We might need this $cleanMemberName = empty($_POST['send_html']) || $context['send_pm'] ? un_htmlspecialchars($row['real_name']) : $row['real_name']; // Replace the member-dependant variables $message = str_replace($from_member, array($row['email_address'], !empty($_POST['send_html']) ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $cleanMemberName . '</a>' : ($context['send_pm'] ? '[url=' . $scripturl . '?action=profile;u=' . $row['id_member'] . ']' . $cleanMemberName . '[/url]' : $cleanMemberName), $row['id_member'], $cleanMemberName), $_POST['message']); $subject = str_replace($from_member, array($row['email_address'], $row['real_name'], $row['id_member'], $row['real_name']), $_POST['subject']); // Send the actual email - or a PM! if (!$context['send_pm']) { sendmail($row['email_address'], $subject, $message, null, null, !empty($_POST['send_html']), 5); } else { sendpm(array('to' => array($row['id_member']), 'bcc' => array()), $subject, $message); } } $smcFunc['db_free_result']($result); } // If used our batch assume we still have a member. if ($i >= $num_at_once) { $last_id_member = $context['start']; } elseif (empty($last_id_member) && $context['start'] + $num_at_once < $context['max_id_member']) { $last_id_member = $context['start'] + $num_at_once; } elseif (empty($last_id_member) && empty($context['recipients']['emails'])) { // Log this into the admin log. logAction('newsletter', array(), 'admin'); redirectexit('action=admin'); } $context['start'] = $last_id_member; // Working out progress is a black art of sorts. $percentEmails = $context['total_emails'] == 0 ? 0 : count($context['recipients']['emails']) / $context['total_emails'] * ($context['total_emails'] / ($context['total_emails'] + $context['max_id_member'])); $percentMembers = $context['start'] / $context['max_id_member'] * ($context['max_id_member'] / ($context['total_emails'] + $context['max_id_member'])); $context['percentage_done'] = round(($percentEmails + $percentMembers) * 100, 2); $context['page_title'] = $txt['admin_newsletters']; $context['sub_template'] = 'email_members_send'; }
function issueWarning($memID) { global $txt, $scripturl, $modSettings, $user_info, $mbname; global $context, $cur_profile, $memberContext, $smcFunc, $sourcedir; // Get all the actual settings. list($modSettings['warning_enable'], $modSettings['user_limit']) = explode(',', $modSettings['warning_settings']); // This stores any legitimate errors. $issueErrors = array(); // Doesn't hurt to be overly cautious. if (empty($modSettings['warning_enable']) || $context['user']['is_owner'] && !$cur_profile['warning'] || !allowedTo('issue_warning')) { fatal_lang_error('no_access', false); } // Make sure things which are disabled stay disabled. $modSettings['warning_watch'] = !empty($modSettings['warning_watch']) ? $modSettings['warning_watch'] : 110; $modSettings['warning_moderate'] = !empty($modSettings['warning_moderate']) && !empty($modSettings['postmod_active']) ? $modSettings['warning_moderate'] : 110; $modSettings['warning_mute'] = !empty($modSettings['warning_mute']) ? $modSettings['warning_mute'] : 110; $context['warning_limit'] = allowedTo('admin_forum') ? 0 : $modSettings['user_limit']; $context['member']['warning'] = $cur_profile['warning']; $context['member']['name'] = $cur_profile['real_name']; // What are the limits we can apply? $context['min_allowed'] = 0; $context['max_allowed'] = 100; if ($context['warning_limit'] > 0) { // Make sure we cannot go outside of our limit for the day. $request = $smcFunc['db_query']('', ' SELECT SUM(counter) FROM {db_prefix}log_comments WHERE id_recipient = {int:selected_member} AND id_member = {int:current_member} AND comment_type = {string:warning} AND log_time > {int:day_time_period}', array('current_member' => $user_info['id'], 'selected_member' => $memID, 'day_time_period' => time() - 86400, 'warning' => 'warning')); list($current_applied) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); $context['min_allowed'] = max(0, $cur_profile['warning'] - $current_applied - $context['warning_limit']); $context['max_allowed'] = min(100, $cur_profile['warning'] - $current_applied + $context['warning_limit']); } // Defaults. $context['warning_data'] = array('reason' => '', 'notify' => '', 'notify_subject' => '', 'notify_body' => ''); // Are we saving? if (isset($_POST['save'])) { // Security is good here. checkSession('post'); // This cannot be empty! $_POST['warn_reason'] = isset($_POST['warn_reason']) ? trim($_POST['warn_reason']) : ''; if ($_POST['warn_reason'] == '' && !$context['user']['is_owner']) { $issueErrors[] = 'warning_no_reason'; } $_POST['warn_reason'] = $smcFunc['htmlspecialchars']($_POST['warn_reason']); // If the value hasn't changed it's either no JS or a real no change (Which this will pass) if ($_POST['warning_level'] == 'SAME') { $_POST['warning_level'] = $_POST['warning_level_nojs']; } $_POST['warning_level'] = (int) $_POST['warning_level']; $_POST['warning_level'] = max(0, min(100, $_POST['warning_level'])); if ($_POST['warning_level'] < $context['min_allowed']) { $_POST['warning_level'] = $context['min_allowed']; } elseif ($_POST['warning_level'] > $context['max_allowed']) { $_POST['warning_level'] = $context['max_allowed']; } // Do we actually have to issue them with a PM? $id_notice = 0; if (!empty($_POST['warn_notify']) && empty($issueErrors)) { $_POST['warn_sub'] = trim($_POST['warn_sub']); $_POST['warn_body'] = trim($_POST['warn_body']); if (empty($_POST['warn_sub']) || empty($_POST['warn_body'])) { $issueErrors[] = 'warning_notify_blank'; } else { require_once $sourcedir . '/Subs-Post.php'; $from = array('id' => 0, 'name' => $context['forum_name'], 'username' => $context['forum_name']); sendpm(array('to' => array($memID), 'bcc' => array()), $_POST['warn_sub'], $_POST['warn_body'], false, $from); // Log the notice! $smcFunc['db_insert']('', '{db_prefix}log_member_notices', array('subject' => 'string-255', 'body' => 'string-65534'), array($smcFunc['htmlspecialchars']($_POST['warn_sub']), $smcFunc['htmlspecialchars']($_POST['warn_body'])), array('id_notice')); $id_notice = $smcFunc['db_insert_id']('{db_prefix}log_member_notices', 'id_notice'); } } // Just in case - make sure notice is valid! $id_notice = (int) $id_notice; // What have we changed? $level_change = $_POST['warning_level'] - $cur_profile['warning']; // No errors? Proceed! Only log if you're not the owner. if (empty($issueErrors)) { // Log what we've done! if (!$context['user']['is_owner']) { $smcFunc['db_insert']('', '{db_prefix}log_comments', array('id_member' => 'int', 'member_name' => 'string', 'comment_type' => 'string', 'id_recipient' => 'int', 'recipient_name' => 'string-255', 'log_time' => 'int', 'id_notice' => 'int', 'counter' => 'int', 'body' => 'string-65534'), array($user_info['id'], $user_info['name'], 'warning', $memID, $cur_profile['real_name'], time(), $id_notice, $level_change, $_POST['warn_reason']), array('id_comment')); } // Make the change. updateMemberData($memID, array('warning' => $_POST['warning_level'])); // Leave a lovely message. $context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : $txt['profile_warning_success']; } else { // Get the base stuff done. loadLanguage('Errors'); $context['custom_error_title'] = $txt['profile_warning_errors_occured']; // Fill in the suite of errors. $context['post_errors'] = array(); foreach ($issueErrors as $error) { $context['post_errors'][] = $txt[$error]; } // Try to remember some bits. $context['warning_data'] = array('reason' => $_POST['warn_reason'], 'notify' => !empty($_POST['warn_notify']), 'notify_subject' => isset($_POST['warn_sub']) ? $_POST['warn_sub'] : '', 'notify_body' => isset($_POST['warn_body']) ? $_POST['warn_body'] : ''); } // Show the new improved warning level. $context['member']['warning'] = $_POST['warning_level']; } $context['page_title'] = $txt['profile_issue_warning']; // Work our the various levels. $context['level_effects'] = array(0 => $txt['profile_warning_effect_none'], $modSettings['warning_watch'] => $txt['profile_warning_effect_watch'], $modSettings['warning_moderate'] => $txt['profile_warning_effect_moderation'], $modSettings['warning_mute'] => $txt['profile_warning_effect_mute']); $context['current_level'] = 0; foreach ($context['level_effects'] as $limit => $dummy) { if ($context['member']['warning'] >= $limit) { $context['current_level'] = $limit; } } // Load up all the old warnings - count first! $context['total_warnings'] = list_getUserWarningCount($memID); // Make the page index. $context['start'] = (int) $_REQUEST['start']; $perPage = (int) $modSettings['defaultMaxMessages']; $context['page_index'] = constructPageIndex($scripturl . '?action=profile;u=' . $memID . ';area=issuewarning', $context['start'], $context['total_warnings'], $perPage); // Now do the data itself. $context['previous_warnings'] = list_getUserWarnings($context['start'], $perPage, 'log_time DESC', $memID); // Are they warning because of a message? if (isset($_REQUEST['msg']) && 0 < (int) $_REQUEST['msg']) { $request = $smcFunc['db_query']('', ' SELECT subject FROM {db_prefix}messages AS m INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board) WHERE id_msg = {int:message} AND {query_see_board} LIMIT 1', array('message' => (int) $_REQUEST['msg'])); if ($smcFunc['db_num_rows']($request) != 0) { $context['warning_for_message'] = (int) $_REQUEST['msg']; list($context['warned_message_subject']) = $smcFunc['db_fetch_row']($request); } $smcFunc['db_free_result']($request); } // Didn't find the message? if (empty($context['warning_for_message'])) { $context['warning_for_message'] = 0; $context['warned_message_subject'] = ''; } // Any custom templates? $context['notification_templates'] = array(); $request = $smcFunc['db_query']('', ' SELECT recipient_name AS template_title, body FROM {db_prefix}log_comments WHERE comment_type = {string:warntpl} AND (id_recipient = {int:generic} OR id_recipient = {int:current_member})', array('warntpl' => 'warntpl', 'generic' => 0, 'current_member' => $user_info['id'])); while ($row = $smcFunc['db_fetch_assoc']($request)) { // If we're not warning for a message skip any that are. if (!$context['warning_for_message'] && strpos($row['body'], '{MESSAGE}') !== false) { continue; } $context['notification_templates'][] = array('title' => $row['template_title'], 'body' => $row['body']); } $smcFunc['db_free_result']($request); // Setup the "default" templates. foreach (array('spamming', 'offence', 'insulting') as $type) { $context['notification_templates'][] = array('title' => $txt['profile_warning_notify_title_' . $type], 'body' => sprintf($txt['profile_warning_notify_template_outline' . (!empty($context['warning_for_message']) ? '_post' : '')], $txt['profile_warning_notify_for_' . $type])); } // Replace all the common variables in the templates. foreach ($context['notification_templates'] as $k => $name) { $context['notification_templates'][$k]['body'] = strtr($name['body'], array('{MEMBER}' => un_htmlspecialchars($context['member']['name']), '{MESSAGE}' => '[url=' . $scripturl . '?msg=' . $context['warning_for_message'] . ']' . un_htmlspecialchars($context['warned_message_subject']) . '[/url]', '{SCRIPTURL}' => $scripturl, '{FORUMNAME}' => $mbname, '{REGARDS}' => $txt['regards_team'])); } }
function ReportMessage() { global $txt, $context, $scripturl, $sourcedir, $db_prefix, $ID_MEMBER; global $user_info, $language, $modSettings, $func; // Check that this feature is even enabled! if (empty($modSettings['enableReportPM']) || empty($_REQUEST['pmsg'])) { fatal_lang_error(1, false); } $context['pm_id'] = (int) $_REQUEST['pmsg']; $context['page_title'] = $txt['pm_report_title']; // If we're here, just send the user to the template, with a few useful context bits. if (!isset($_REQUEST['report'])) { $context['sub_template'] = 'report_message'; // !!! I don't like being able to pick who to send it to. Favoritism, etc. sucks. // Now, get all the administrators. $request = db_query("\n\t\t\tSELECT ID_MEMBER, realName\n\t\t\tFROM {$db_prefix}members\n\t\t\tWHERE ID_GROUP = 1 OR FIND_IN_SET(1, additionalGroups)\n\t\t\tORDER BY realName", __FILE__, __LINE__); $context['admins'] = array(); while ($row = mysql_fetch_assoc($request)) { $context['admins'][$row['ID_MEMBER']] = $row['realName']; } mysql_free_result($request); // How many admins in total? $context['admin_count'] = count($context['admins']); } else { // First, pull out the message contents, and verify it actually went to them! $request = db_query("\n\t\t\tSELECT pm.subject, pm.body, pm.msgtime, pm.ID_MEMBER_FROM, IFNULL(m.realName, pm.fromName) AS senderName\n\t\t\tFROM ({$db_prefix}personal_messages AS pm, {$db_prefix}pm_recipients AS pmr)\n\t\t\t\tLEFT JOIN {$db_prefix}members AS m ON (m.ID_MEMBER = pm.ID_MEMBER_FROM)\n\t\t\tWHERE pm.ID_PM = {$context['pm_id']}\n\t\t\t\tAND pmr.ID_PM = pm.ID_PM\n\t\t\t\tAND pmr.ID_MEMBER = {$ID_MEMBER}\n\t\t\t\tAND pmr.deleted = 0\n\t\t\tLIMIT 1", __FILE__, __LINE__); // Can only be a hacker here! if (mysql_num_rows($request) == 0) { fatal_lang_error(1, false); } list($subject, $body, $time, $memberFromID, $memberFromName) = mysql_fetch_row($request); mysql_free_result($request); // Remove the line breaks... $body = preg_replace('~<br( /)?' . '>~i', "\n", $body); // Get any other recipients of the email. $request = db_query("\n\t\t\tSELECT mem_to.ID_MEMBER AS ID_MEMBER_TO, mem_to.realName AS toName, pmr.bcc\n\t\t\tFROM {$db_prefix}pm_recipients AS pmr\n\t\t\t\tLEFT JOIN {$db_prefix}members AS mem_to ON (mem_to.ID_MEMBER = pmr.ID_MEMBER)\n\t\t\tWHERE pmr.ID_PM = {$context['pm_id']}\n\t\t\t\tAND pmr.ID_MEMBER != {$ID_MEMBER}", __FILE__, __LINE__); $recipients = array(); $hidden_recipients = 0; while ($row = mysql_fetch_assoc($request)) { // If it's hidden still don't reveal their names - privacy after all ;) if ($row['bcc']) { $hidden_recipients++; } else { $recipients[] = '[url=' . $scripturl . '?action=profile;u=' . $row['ID_MEMBER_TO'] . ']' . $row['toName'] . '[/url]'; } } mysql_free_result($request); if ($hidden_recipients) { $recipients[] = sprintf($txt['pm_report_pm_hidden'], $hidden_recipients); } // Now let's get out and loop through the admins. $request = db_query("\n\t\t\tSELECT ID_MEMBER, realName, lngfile\n\t\t\tFROM {$db_prefix}members\n\t\t\tWHERE (ID_GROUP = 1 OR FIND_IN_SET(1, additionalGroups))\n\t\t\t\t" . (empty($_REQUEST['ID_ADMIN']) ? '' : 'AND ID_MEMBER = ' . (int) $_REQUEST['ID_ADMIN']) . "\n\t\t\tORDER BY lngfile", __FILE__, __LINE__); // Maybe we shouldn't advertise this? if (mysql_num_rows($request) == 0) { fatal_lang_error(1, false); } $memberFromName = un_htmlspecialchars($memberFromName); // Prepare the message storage array. $messagesToSend = array(); // Loop through each admin, and add them to the right language pile... while ($row = mysql_fetch_assoc($request)) { // Need to send in the correct language! $cur_language = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']; if (!isset($messagesToSend[$cur_language])) { if (loadLanguage('PersonalMessage', $cur_language, false) === false) { loadLanguage('InstantMessage', $cur_language); } // Make the body. $report_body = str_replace(array('{REPORTER}', '{SENDER}'), array(un_htmlspecialchars($user_info['name']), $memberFromName), $txt['pm_report_pm_user_sent']); // !!! I don't think this handles slashes in the reason properly. $report_body .= stripslashes("\n[b]{$_REQUEST['reason']}[/b]\n\n"); if (!empty($recipients)) { $report_body .= $txt['pm_report_pm_other_recipients'] . " " . implode(', ', $recipients) . "\n\n"; } $report_body .= $txt['pm_report_pm_unedited_below'] . "\n[quote author=" . (empty($memberFromID) ? '"' . $memberFromName . '"' : $memberFromName . ' link=action=profile;u=' . $memberFromID . ' date=' . $time) . "]\n" . un_htmlspecialchars($body) . '[/quote]'; // Plonk it in the array ;) $messagesToSend[$cur_language] = array('subject' => addslashes(($func['strpos']($subject, $txt['pm_report_pm_subject']) === false ? $txt['pm_report_pm_subject'] : '') . $subject), 'body' => addslashes($report_body), 'recipients' => array('to' => array(), 'bcc' => array())); } // Add them to the list. $messagesToSend[$cur_language]['recipients']['to'][$row['ID_MEMBER']] = $row['ID_MEMBER']; } mysql_free_result($request); // Send a different email for each language. foreach ($messagesToSend as $lang => $message) { sendpm($message['recipients'], $message['subject'], $message['body']); } // Give the user their own language back! if (!empty($modSettings['userLanguage'])) { if (loadLanguage('PersonalMessage', '', false) === false) { loadLanguage('InstantMessage'); } } // Leave them with a template. $context['sub_template'] = 'report_message_complete'; } }
if (!is_array($ucresult) || $ucresult[0] < 1) { showmessage('group_demise_password_error'); } $user = getuserbyuid($suid); loadcache('usergroup_' . $user['groupid']); $allowbuildgroup = $_G['cache']['usergroup_' . $user['groupid']]['allowbuildgroup']; if ($allowbuildgroup > 0) { $groupnum = DB::result_first("SELECT COUNT(*) FROM " . DB::table('forum_forumfield') . " WHERE founderuid='{$suid}'"); } if (empty($allowbuildgroup) || $allowbuildgroup - $groupnum < 1) { showmessage('group_demise_receiver_cannot_do'); } DB::query("UPDATE " . DB::table('forum_forumfield') . " SET founderuid='{$suid}', foundername='{$user['username']}' WHERE fid='{$_G['fid']}'"); DB::query("UPDATE " . DB::table('forum_groupuser') . " SET level='1' WHERE fid='{$_G['fid']}' AND uid='{$suid}'"); update_groupmoderators($_G['fid']); sendpm($suid, lang('group/misc', 'group_demise_message_title', array('forum' => $_G['forum']['name'])), lang('group/misc', 'group_demise_message_body', array('forum' => $_G['forum']['name'], 'siteurl' => $_G['siteurl'], 'fid' => $_G['fid'])), $_G['uid']); showmessage('group_demise_succeed', 'forum.php?mod=group&action=manage&fid=' . $_G['fid']); } } else { showmessage('group_demise_founder_only'); } } else { showmessage('undefined_action'); } include template('diy:group/group:' . $_G['fid']); } elseif ($action == 'recommend') { if (!$_G['forum']['ismoderator'] || !in_array($_G['adminid'], array(1, 2))) { showmessage('group_admin_noallowed'); } if (submitcheck('grouprecommend')) { if ($_G['gp_recommend'] != $_G['forum']['recommend']) {
function donate_item_send() { global $userdata, $locale, $settings, $golddata; if (!isset($_POST['giftid'])) { header("location:" . BASEDIR); exit; } if (!isset($_POST['membername'])) { header("location:" . BASEDIR); exit; } $giftid = stripinput($_POST['giftid']); $membername = stripinput($_POST['membername']); $result = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_name='" . $membername . "' LIMIT 1"); $exist = dbrows($result); table_top(sprintf($locale['urg_donate_104'], UGLD_GOLDTEXT)); echo "<div>\n"; if ($exist != 0) { $result = dbquery("SELECT inv.ownerid, inv.itemid, it.name FROM " . DB_UG3_INVENTORY . " AS inv, " . DB_UG3_USAGE . " AS it WHERE inv.id = '" . $giftid . "' AND it.id = inv.itemid"); $rowItem = dbarray($result); if ($rowItem['ownerid'] !== $userdata['user_id']) { die($locale['urg_donate_123']); } $result = dbquery("SELECT g.owner_id\n\t\t\tFROM " . DB_UG3 . " g\n\t\t\tLEFT JOIN " . DB_USERS . " u ON g.owner_id = u.user_id\n\t\t\tWHERE u.user_name='" . $membername . "'\n\t\t\tLIMIT 1"); //$result = dbquery("SELECT owner_id FROM ".DB_UG3." WHERE owner_name='".$membername."' LIMIT 1"); $rowNewOwner = dbarray($result); $result = dbquery("SELECT g.owner_id, u.user_name as owner_name\n\t\t\tFROM " . DB_UG3 . " g\n\t\t\tLEFT JOIN " . DB_USERS . " u ON g.owner_id = u.user_id\n\t\t\tWHERE g.owner_id = '" . $userdata['user_id'] . "'\n\t\t\tLIMIT 1"); //$result = dbquery("SELECT owner_name, owner_id FROM ".DB_UG3." WHERE owner_id='".$userdata['user_id']."' LIMIT 1"); $rowCurrOwner = dbarray($result); if ($rowNewOwner['owner_id'] == $rowCurrOwner['owner_id']) { echo $locale['urg_donate_124']; } else { $result = dbquery("UPDATE " . DB_UG3_INVENTORY . " SET ownerid = '" . $rowNewOwner['owner_id'] . "' WHERE id = '" . $giftid . "' LIMIT 1"); $subject = sprintf($locale['urg_donate_125'], $rowCurrOwner['owner_name']); $message = sprintf($locale['urg_donate_126'], $rowCurrOwner['owner_name'], $rowItem['name'], stripinput($_POST['message']), $settings['siteusername']); payuser($golddata['owner_id'], '5', 'karma'); sendpm($rowNewOwner['owner_id'], $subject, $message, $rowCurrOwner['owner_id'], $rowCurrOwner['owner_name']); echo $locale['urg_donate_127']; } } else { echo $locale['urg_donate_132']; } echo "</div>\n"; pagerefresh('meta', 3, FUSION_SELF . '?op=donate_item_start'); closetable(); }
$pid = intval($order['pid']); $order = daddslashes($order, 1); $db->query("INSERT INTO {$tablepre}tradecomments (pid, orderid, type, raterid, rater, ratee, rateeid, score, message, dateline) VALUES ('{$pid}', '{$orderid}', '{$type}', '{$discuz_uid}', '{$discuz_user}', '{$order[$ratee]}', '{$order[$rateeid]}', '{$score}', '{$message}', '{$timestamp}')"); if (!$order['offline']) { if ($db->result_first("SELECT COUNT(score) FROM {$tablepre}tradecomments WHERE raterid='{$discuz_uid}' AND type='{$type}'") < $ec_credit['maxcreditspermonth']) { updateusercredit($uid, $type ? 'sellercredit' : 'buyercredit', $level); } } if ($type == 0) { $ratestatus = $order['ratestatus'] == 2 ? 3 : 1; } else { $ratestatus = $order['ratestatus'] == 1 ? 3 : 2; } $db->query("UPDATE {$tablepre}tradelog SET ratestatus='{$ratestatus}' WHERE orderid='{$order['orderid']}'"); if ($ratestatus != 3) { sendpm($order[$rateeid], 'eccredit_subject', 'eccredit_message', '0', 'System Message'); } showmessage('eccredit_succees'); } } elseif ($action == 'explain' && $id) { $id = intval($id); if (!submitcheck('explainsubmit', 1)) { include template('ec_explain'); } else { $comment = $db->fetch_first("SELECT explanation, dateline FROM {$tablepre}tradecomments WHERE id='{$id}' AND rateeid='{$discuz_uid}'"); if (!$comment) { showmessage('eccredit_nofound'); } elseif ($comment['explanation']) { showmessage('eccredit_reexplanation_repeat'); } elseif ($comment['dateline'] < $timestamp - 30 * 86400) { showmessage('eccredit_reexplanation_closed');
function admineditmoney() { // Saves the changes done to the users account by admin global $userdata, $locale, $aidlink; $userid = stripinput($_POST['userid']); $username = stripinput($_POST['username']); $money_pocket = stripinput($_POST['money_pocket']); $money_bank = stripinput($_POST['money_bank']); $chips = stripinput($_POST['chips']); $karma = stripinput($_POST['karma']); $ribbon = stripinput($_POST['ribbon']); opentable($locale['urg_a_inventry_100'], ''); echo "<div align='center'>\n"; $context['shop_inventory_search'] = 2; $result = dbquery("UPDATE " . DB_UG3 . " SET cash = '" . $money_pocket . "', bank = '" . $money_bank . "', chips = '" . $chips . "', karma = '" . $karma . "', ribbon = '" . $ribbon . "' WHERE owner_id = '" . $userid . "' LIMIT 1"); echo sprintf($locale['urg_a_inventry_124'], $username, $money_pocket, $money_bank, $chips, $karma, $ribbon); echo "<form action='index.php" . $aidlink . "&op=viewmember' method='post'>\n"; echo "<input name='searchfor' class='textbox' type='hidden' value='" . $username . "' />\n"; echo "<input type='submit' class='button' value='" . $locale['urg_a_inventry_125'] . "' />\n"; echo "</form>\n"; $subject = $locale['urg_a_inventry_126']; $message = sprintf($locale['urg_a_inventry_127'], $userdata['user_name'], $money_pocket, $money_bank, $chips, $karma, $ribbon); sendpm($userid, $subject, $message, ${$userdata}['user_id'], $userdata['user_name']); echo "</div>\n"; closetable(); }
showmessage('activity_choice_applicant', "viewthread.php?tid={$tid}&do=viewapplylist"); } else { $uidarray = array(); $ids = implode('\',\'', $applyidarray); $query = $db->query("SELECT a.uid FROM {$tablepre}activityapplies a RIGHT JOIN {$tablepre}members m USING(uid) WHERE a.applyid IN ('{$ids}')"); while ($uid = $db->fetch_array($query)) { $uidarray[] = $uid['uid']; } $activity_subject = $thread['subject']; if ($operation == 'delete') { $db->query("DELETE FROM {$tablepre}activityapplies WHERE applyid IN ('{$ids}')", 'UNBUFFERED'); sendpm(implode(',', $uidarray), 'activity_delete_subject', 'activity_delete_message', $fromid = '0', $from = 'System Message'); showmessage('activity_delete_completion', "viewthread.php?tid={$tid}&do=viewapplylist"); } else { $db->query("UPDATE {$tablepre}activityapplies SET verified=1 WHERE applyid IN ('{$ids}')", 'UNBUFFERED'); sendpm(implode(',', $uidarray), 'activity_apply_subject', 'activity_apply_message', $fromid = '0', $from = 'System Message'); showmessage('activity_auditing_completion', "viewthread.php?tid={$tid}&do=viewapplylist"); } } } } elseif ($action == 'tradeorder') { $trades = array(); $query = $db->query("SELECT * FROM {$tablepre}trades WHERE tid='{$tid}' ORDER BY displayorder"); if ($thread['authorid'] != $discuz_uid) { showmessage('undefined_action', NULL, 'HALTED'); } if (!submitcheck('tradesubmit')) { $stickcount = 0; $trades = $tradesstick = array(); while ($trade = $db->fetch_array($query)) { $stickcount = $trade['displayorder'] > 0 ? $stickcount + 1 : $stickcount;
$value['onlyacceptfriendpm'] = $value['onlyacceptfriendpm'] ? $value['onlyacceptfriendpm'] : ($_G['setting']['onlyacceptfriendpm'] ? 1 : 2); if ($_G['group']['allowsendallpm'] || $value['onlyacceptfriendpm'] == 2 || $value['onlyacceptfriendpm'] == 1 && $_G['home_friend_' . $value['uid'] . '_' . $_G['uid']]) { $newusers[$value['uid']] = $value['username']; unset($users[array_search($value['username'], $users)]); } } if (empty($newusers)) { showmessage('message_can_not_send_onlyfriend', '', array(), array('return' => true)); } foreach ($newusers as $key => $value) { if (isblacklist($key)) { showmessage('is_blacklist', '', array(), array('return' => true)); } } $coef = count($newusers); $return = sendpm(implode(',', $newusers), $subject, $message, '', 0, 1, $type); } else { showmessage('message_can_not_send_9', '', array(), array('return' => true)); } if ($return > 0) { include_once libfile('function/stat'); updatestat('sendpm', 0, $coef); C::t('common_member_status')->update($_G['uid'], array('lastpost' => TIMESTAMP)); !($_G['group']['exempt'] & 1) && updatecreditbyaction('sendpm', 0, array(), '', $coef); if (!empty($newusers)) { if ($type == 1) { $returnurl = 'home.php?mod=space&do=pm&filter=privatepm'; } else { $returnurl = 'home.php?mod=space&do=pm'; } showmessage(count($users) ? 'message_send_result' : 'do_success', $returnurl, array('users' => implode(',', $users), 'succeed' => count($newusers)));
if (!defined('IN_DISCUZ')) { exit('Access Denied'); } if ($adminid != 1) { showmessage("您无此权限,请用管理员帐号登陆。"); } if ($operation) { ##给用户发短信息,通知其爱墙号被删 $query = $db->query("SELECT `uid`, `id` FROM `" . $tablepre . "lovewall` WHERE `id` IN ('" . implode('\',\'', $moderate) . "')"); while ($delrow = $db->fetch_array($query)) { $duid = $delrow['uid']; $subject = "被删除祝福的号码"; $message = "您好,您在爱墙发布的祝福因为违规已经被删除。\r\n被删除的祝福号码:" . $delrow['id']; $fromid = $lovepmid ? $lovepmid : 0; $from = $lovepmname ? $lovepmname : $bbname; sendpm($duid, $subject, $message, $fromid, $from); } $db->query("DELETE FROM `" . $tablepre . "lovewall` WHERE `id` IN ('" . implode('\',\'', $moderate) . "')"); loveidcache(); for ($i = 1; $i < $lovek; $i++) { @unlink(DISCUZ_ROOT . "./extend/lovewall/cache_lovewall_{$i}.php"); } } $tpp = 25; $page = empty($page) || !intval($page) ? 1 : $page; $start_limit = ($page - 1) * $tpp; $query = $db->query("select COUNT(*) from `" . $tablepre . "lovewall`"); $qcount = $db->result($query, 0); $multipage = multi($qcount, $tpp, $page, "lovewall.php?index=listmsg", $threadmaxpages); $query = $db->query("select * FROM `" . $tablepre . "lovewall` ORDER BY `id` desc limit {$start_limit},{$tpp}"); while ($rowlove = $db->fetch_array($query)) {
$itemsubject = $tradelog['subject']; sendpm($tradelog['sellerid'], 'trade_seller_send_subject', 'trade_seller_send_message', 0); } elseif ($offlinestatus == STATUS_WAIT_BUYER) { $user = $tradelog['seller']; $itemsubject = $tradelog['subject']; sendpm($tradelog['buyerid'], 'trade_buyer_confirm_subject', 'trade_buyer_confirm_message', 0); } elseif ($offlinestatus == STATUS_TRADE_SUCCESS) { $db->query("UPDATE {$tablepre}trades SET lastbuyer='{$tradelog['buyer']}', lastupdate='{$timestamp}', totalitems=totalitems+'{$tradelog['number']}', tradesum=tradesum+'{$tradelog['price']}' WHERE tid='{$tradelog['tid']}' AND pid='{$tradelog['pid']}'", 'UNBUFFERED'); $itemsubject = $tradelog['subject']; sendpm($tradelog['sellerid'], 'trade_success_subject', 'trade_success_message', 0); sendpm($tradelog['buyerid'], 'trade_success_subject', 'trade_success_message', 0); } elseif ($offlinestatus == STATUS_REFUND_CLOSE) { $db->query("UPDATE {$tablepre}trades SET amount=amount+'{$tradelog['number']}' WHERE tid='{$tradelog['tid']}' AND pid='{$tradelog['pid']}'", 'UNBUFFERED'); $itemsubject = $tradelog['subject']; sendpm($tradelog['sellerid'], 'trade_fefund_success_subject', 'trade_fefund_success_message', 0); sendpm($tradelog['buyerid'], 'trade_fefund_success_subject', 'trade_fefund_success_message', 0); } $message = trim($message); if ($message) { $message = daddslashes($tradelog['message'] . "\t\t\t" . $discuz_uid . "\t" . $discuz_user . "\t" . $timestamp . "\t" . nl2br(strip_tags(substr($message, 0, 200))), 1); } else { $message = daddslashes($tradelog['message'], 1); } $db->query("UPDATE {$tablepre}tradelog SET status='{$offlinestatus}', lastupdate='{$timestamp}', message='{$message}' WHERE orderid='{$orderid}'"); showmessage('trade_orderstatus_updated', 'trade.php?orderid=' . $orderid); } if (submitcheck('tradesubmit')) { if ($tradelog['status'] == 0) { $update = array(); if ($tradelog['sellerid'] == $discuz_uid) { $tradelog['baseprice'] = floatval($newprice);
/** * Issue/manage an user's warning status. * @uses ProfileAccount template issueWarning sub template * @uses Profile template */ public function action_issuewarning() { global $txt, $scripturl, $modSettings, $mbname, $context, $cur_profile; $memID = currentMemberID(); // make sure the sub-template is set... loadTemplate('ProfileAccount'); $context['sub_template'] = 'issueWarning'; // We need this because of template_load_warning_variables loadTemplate('Profile'); loadJavascriptFile('profile.js'); // jQuery-UI FTW! $modSettings['jquery_include_ui'] = true; loadCSSFile('jquery.ui.slider.css'); loadCSSFile('jquery.ui.theme.css'); // Get all the actual settings. list($modSettings['warning_enable'], $modSettings['user_limit']) = explode(',', $modSettings['warning_settings']); // This stores any legitimate errors. $issueErrors = array(); // Doesn't hurt to be overly cautious. if (empty($modSettings['warning_enable']) || $context['user']['is_owner'] && !$cur_profile['warning'] || !allowedTo('issue_warning')) { fatal_lang_error('no_access', false); } // Get the base (errors related) stuff done. loadLanguage('Errors'); $context['custom_error_title'] = $txt['profile_warning_errors_occurred']; // Make sure things which are disabled stay disabled. $modSettings['warning_watch'] = !empty($modSettings['warning_watch']) ? $modSettings['warning_watch'] : 110; $modSettings['warning_moderate'] = !empty($modSettings['warning_moderate']) && !empty($modSettings['postmod_active']) ? $modSettings['warning_moderate'] : 110; $modSettings['warning_mute'] = !empty($modSettings['warning_mute']) ? $modSettings['warning_mute'] : 110; $context['warning_limit'] = allowedTo('admin_forum') ? 0 : $modSettings['user_limit']; $context['member']['warning'] = $cur_profile['warning']; $context['member']['name'] = $cur_profile['real_name']; // What are the limits we can apply? $context['min_allowed'] = 0; $context['max_allowed'] = 100; if ($context['warning_limit'] > 0) { require_once SUBSDIR . '/Moderation.subs.php'; $current_applied = warningDailyLimit($memID); $context['min_allowed'] = max(0, $cur_profile['warning'] - $current_applied - $context['warning_limit']); $context['max_allowed'] = min(100, $cur_profile['warning'] - $current_applied + $context['warning_limit']); } // Defaults. $context['warning_data'] = array('reason' => '', 'notify' => '', 'notify_subject' => '', 'notify_body' => ''); // Are we saving? if (isset($_POST['save'])) { // Security is good here. checkSession('post'); // This cannot be empty! $_POST['warn_reason'] = isset($_POST['warn_reason']) ? trim($_POST['warn_reason']) : ''; if ($_POST['warn_reason'] == '' && !$context['user']['is_owner']) { $issueErrors[] = 'warning_no_reason'; } $_POST['warn_reason'] = Util::htmlspecialchars($_POST['warn_reason']); // If the value hasn't changed it's either no JS or a real no change (Which this will pass) if ($_POST['warning_level'] == 'SAME') { $_POST['warning_level'] = $_POST['warning_level_nojs']; } $_POST['warning_level'] = (int) $_POST['warning_level']; $_POST['warning_level'] = max(0, min(100, $_POST['warning_level'])); if ($_POST['warning_level'] < $context['min_allowed']) { $_POST['warning_level'] = $context['min_allowed']; } elseif ($_POST['warning_level'] > $context['max_allowed']) { $_POST['warning_level'] = $context['max_allowed']; } require_once SUBSDIR . '/Moderation.subs.php'; // Do we actually have to issue them with a PM? $id_notice = 0; if (!empty($_POST['warn_notify']) && empty($issueErrors)) { $_POST['warn_sub'] = trim($_POST['warn_sub']); $_POST['warn_body'] = trim($_POST['warn_body']); if (empty($_POST['warn_sub']) || empty($_POST['warn_body'])) { $issueErrors[] = 'warning_notify_blank'; } else { require_once SUBSDIR . '/PersonalMessage.subs.php'; $from = array('id' => 0, 'name' => $context['forum_name'], 'username' => $context['forum_name']); sendpm(array('to' => array($memID), 'bcc' => array()), $_POST['warn_sub'], $_POST['warn_body'], false, $from); // Log the notice. $id_notice = logWarningNotice($_POST['warn_sub'], $_POST['warn_body']); } } // Just in case - make sure notice is valid! $id_notice = (int) $id_notice; // What have we changed? $level_change = $_POST['warning_level'] - $cur_profile['warning']; // No errors? Proceed! Only log if you're not the owner. if (empty($issueErrors)) { // Log what we've done! if (!$context['user']['is_owner']) { logWarning($memID, $cur_profile['real_name'], $id_notice, $level_change, $_POST['warn_reason']); } // Make the change. updateMemberData($memID, array('warning' => $_POST['warning_level'])); // Leave a lovely message. $context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : $txt['profile_warning_success']; } else { // Try to remember some bits. $context['warning_data'] = array('reason' => $_POST['warn_reason'], 'notify' => !empty($_POST['warn_notify']), 'notify_subject' => isset($_POST['warn_sub']) ? $_POST['warn_sub'] : '', 'notify_body' => isset($_POST['warn_body']) ? $_POST['warn_body'] : ''); } // Show the new improved warning level. $context['member']['warning'] = $_POST['warning_level']; } // Taking a look first, good idea that one. if (isset($_POST['preview'])) { $warning_body = !empty($_POST['warn_body']) ? trim(censorText($_POST['warn_body'])) : ''; $context['preview_subject'] = !empty($_POST['warn_sub']) ? trim(Util::htmlspecialchars($_POST['warn_sub'])) : ''; if (empty($_POST['warn_sub']) || empty($_POST['warn_body'])) { $issueErrors[] = 'warning_notify_blank'; } if (!empty($_POST['warn_body'])) { require_once SUBSDIR . '/Post.subs.php'; preparsecode($warning_body); $warning_body = parse_bbc($warning_body, true); } // Try to remember some bits. $context['warning_data'] = array('reason' => $_POST['warn_reason'], 'notify' => !empty($_POST['warn_notify']), 'notify_subject' => isset($_POST['warn_sub']) ? $_POST['warn_sub'] : '', 'notify_body' => isset($_POST['warn_body']) ? $_POST['warn_body'] : '', 'body_preview' => $warning_body); } if (!empty($issueErrors)) { // Fill in the suite of errors. $context['post_errors'] = array(); foreach ($issueErrors as $error) { $context['post_errors'][] = $txt[$error]; } } $context['page_title'] = $txt['profile_issue_warning']; // Let's use a generic list to get all the current warnings require_once SUBSDIR . '/GenericList.class.php'; require_once SUBSDIR . '/Profile.subs.php'; // Work our the various levels. $context['level_effects'] = array(0 => $txt['profile_warning_effect_none'], $modSettings['warning_watch'] => $txt['profile_warning_effect_watch'], $modSettings['warning_moderate'] => $txt['profile_warning_effect_moderation'], $modSettings['warning_mute'] => $txt['profile_warning_effect_mute']); $context['current_level'] = 0; foreach ($context['level_effects'] as $limit => $dummy) { if ($context['member']['warning'] >= $limit) { $context['current_level'] = $limit; } } // Build a list to view the warnings $listOptions = array('id' => 'issued_warnings', 'title' => $txt['profile_viewwarning_previous_warnings'], 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['profile_viewwarning_no_warnings'], 'base_href' => $scripturl . '?action=profile;area=issuewarning;sa=user;u=' . $memID, 'default_sort_col' => 'log_time', 'get_items' => array('function' => 'list_getUserWarnings', 'params' => array($memID)), 'get_count' => array('function' => 'list_getUserWarningCount', 'params' => array($memID)), 'columns' => array('issued_by' => array('header' => array('value' => $txt['profile_warning_previous_issued'], 'style' => 'width: 20%;'), 'data' => array('function' => create_function('$warning', ' return $warning[\'issuer\'][\'link\']; ')), 'sort' => array('default' => 'lc.member_name DESC', 'reverse' => 'lc.member_name')), 'log_time' => array('header' => array('value' => $txt['profile_warning_previous_time'], 'style' => 'width: 30%;'), 'data' => array('db' => 'time'), 'sort' => array('default' => 'lc.log_time DESC', 'reverse' => 'lc.log_time')), 'reason' => array('header' => array('value' => $txt['profile_warning_previous_reason']), 'data' => array('function' => create_function('$warning', ' global $scripturl, $txt, $settings; $ret = \' <div class="floatleft"> \' . $warning[\'reason\'] . \' </div>\'; // If a notice was sent, provide a way to view it if (!empty($warning[\'id_notice\'])) $ret .= \' <div class="floatright"> <a href="\' . $scripturl . \'?action=moderate;area=notice;nid=\' . $warning[\'id_notice\'] . \'" onclick="window.open(this.href, \\\'\\\', \\\'scrollbars=yes,resizable=yes,width=400,height=250\\\');return false;" target="_blank" class="new_win" title="\' . $txt[\'profile_warning_previous_notice\'] . \'"><img src="\' . $settings[\'images_url\'] . \'/filter.png" alt="" /></a> </div>\'; return $ret;'))), 'level' => array('header' => array('value' => $txt['profile_warning_previous_level'], 'style' => 'width: 6%;'), 'data' => array('db' => 'counter'), 'sort' => array('default' => 'lc.counter DESC', 'reverse' => 'lc.counter')))); // Create the list for viewing. createList($listOptions); $warning_for_message = isset($_REQUEST['msg']) ? (int) $_REQUEST['msg'] : false; $warned_message_subject = ''; // Are they warning because of a message? if (isset($_REQUEST['msg']) && 0 < (int) $_REQUEST['msg']) { require_once SUBSDIR . '/Messages.subs.php'; $message = basicMessageInfo((int) $_REQUEST['msg']); if (!empty($message)) { $warned_message_subject = $message['subject']; } } require_once SUBSDIR . '/Maillist.subs.php'; // Any custom templates? $context['notification_templates'] = array(); $notification_templates = maillist_templates('warntpl'); foreach ($notification_templates as $row) { // If we're not warning for a message skip any that are. if (!$warning_for_message && strpos($row['body'], '{MESSAGE}') !== false) { continue; } $context['notification_templates'][] = array('title' => $row['title'], 'body' => $row['body']); } // Setup the "default" templates. foreach (array('spamming', 'offence', 'insulting') as $type) { $context['notification_templates'][] = array('title' => $txt['profile_warning_notify_title_' . $type], 'body' => sprintf($txt['profile_warning_notify_template_outline' . (!empty($warning_for_message) ? '_post' : '')], $txt['profile_warning_notify_for_' . $type])); } // Replace all the common variables in the templates. foreach ($context['notification_templates'] as $k => $name) { $context['notification_templates'][$k]['body'] = strtr($name['body'], array('{MEMBER}' => un_htmlspecialchars($context['member']['name']), '{MESSAGE}' => '[url=' . $scripturl . '?msg=' . $warning_for_message . ']' . un_htmlspecialchars($warned_message_subject) . '[/url]', '{SCRIPTURL}' => $scripturl, '{FORUMNAME}' => $mbname, '{REGARDS}' => replaceBasicActionUrl($txt['regards_team']))); } }
/** * Shows the contact form for the user to fill out * Needs to be enabled to be used */ public function action_contact() { global $context, $txt, $user_info, $modSettings; // Already inside, no need to use this, just send a PM // Disabled, you cannot enter. if (!$user_info['is_guest'] || empty($modSettings['enable_contactform']) || $modSettings['enable_contactform'] == 'disabled') { redirectexit(); } loadLanguage('Login'); loadTemplate('Register'); if (isset($_REQUEST['send'])) { checkSession('post'); validateToken('contact'); spamProtection('contact'); // No errors, yet. $context['errors'] = array(); loadLanguage('Errors'); // Could they get the right send topic verification code? require_once SUBSDIR . '/VerificationControls.class.php'; require_once SUBSDIR . '/Members.subs.php'; // form validation require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); $validator->sanitation_rules(array('emailaddress' => 'trim', 'contactmessage' => 'trim|Util::htmlspecialchars')); $validator->validation_rules(array('emailaddress' => 'required|valid_email', 'contactmessage' => 'required')); $validator->text_replacements(array('emailaddress' => $txt['error_email'], 'contactmessage' => $txt['error_message'])); // Any form errors if (!$validator->validate($_POST)) { $context['errors'] = $validator->validation_errors(); } // How about any verification errors $verificationOptions = array('id' => 'contactform'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { foreach ($context['require_verification'] as $error) { $context['errors'][] = $txt['error_' . $error]; } } // No errors, then send the PM to the admins if (empty($context['errors'])) { $admins = admins(); if (!empty($admins)) { require_once SUBSDIR . '/PersonalMessage.subs.php'; sendpm(array('to' => array_keys($admins), 'bcc' => array()), $txt['contact_subject'], $_REQUEST['contactmessage'], false, array('id' => 0, 'name' => $validator->emailaddress, 'username' => $validator->emailaddress)); } // Send the PM redirectexit('action=contact;sa=done'); } else { $context['emailaddress'] = $validator->emailaddress; $context['contactmessage'] = $validator->contactmessage; } } if (isset($_GET['sa']) && $_GET['sa'] == 'done') { $context['sub_template'] = 'contact_form_done'; } else { $context['sub_template'] = 'contact_form'; $context['page_title'] = $txt['admin_contact_form']; require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'contactform'); $context['require_verification'] = create_control_verification($verificationOptions); $context['visual_verification_id'] = $verificationOptions['id']; } createToken('contact'); }
showmessage('credits_net_amount_iszero'); } $member = $db->fetch_first("SELECT uid, username FROM {$tablepre}members WHERE username='******'"); if (!$member) { showmessage('credits_transfer_send_nonexistence'); } elseif ($member['uid'] == $discuz_uid) { showmessage('credits_transfer_self'); } $creditsarray[$creditstrans] = -$amount; updatecredits($discuz_uid, $creditsarray); $db->query("UPDATE {$tablepre}members SET extcredits{$creditstrans}=extcredits{$creditstrans}+'{$netamount}' WHERE uid='{$member['uid']}'"); $db->query("INSERT INTO {$tablepre}creditslog (uid, fromto, sendcredits, receivecredits, send, receive, dateline, operation)\r\n\t\t\t\t\tVALUES ('{$discuz_uid}', '" . addslashes($member['username']) . "', '{$creditstrans}', '{$creditstrans}', '{$amount}', '0', '{$timestamp}', 'TFR'),\r\n\t\t\t\t\t('{$member['uid']}', '{$discuz_user}', '{$creditstrans}', '{$creditstrans}', '0', '{$netamount}', '{$timestamp}', 'RCV')"); if (!empty($transfermessage)) { $transfermessage = stripslashes($transfermessage); $transfertime = gmdate($GLOBALS['_DCACHE']['settings']['dateformat'] . ' ' . $GLOBALS['_DCACHE']['settings']['timeformat'], $timestamp + $timeoffset * 3600); sendpm($member['uid'], 'transfer_subject', 'transfer_message', 0); } showmessage('credits_transaction_succeed', '', 1); } } else { showmessage('action_closed', NULL, 'HALTED'); } } elseif (submitcheck('exchangesubmit')) { if (($exchangestatus || $outextcredits) && $outextcredits[$tocredits] || $extcredits[$fromcredits]['ratio'] && $extcredits[$tocredits]['ratio']) { if (!submitcheck('confirm')) { $outexange = strexists($tocredits, '|'); if ($outexange) { $netamount = floor($exchangeamount * $outextcredits[$tocredits]['ratiosrc'][${'fromcredits_' . $outi}] / $outextcredits[$tocredits]['ratiodesc'][${'fromcredits_' . $outi}]); $fromcredits = ${'fromcredits_' . $outi}; } else { if ($extcredits[$tocredits]['ratio'] < $extcredits[$fromcredits]['ratio']) {
updatepostcredits('+', $authoridarray, $creditspolicy['post']); } $db->query("UPDATE {$tablepre}posts SET invisible='0' WHERE tid IN ({$tids})"); $db->query("UPDATE {$tablepre}threads SET displayorder='0', moderated='1' WHERE tid IN ({$tids})"); $threadsmod = $db->affected_rows(); updateforumcount($fid); updatemodworks('MOD', $threadsmod); updatemodlog($tids, 'MOD'); } } if ($pmlist) { foreach ($pmlist as $pm) { $reason = $pm['reason']; $threadsubject = $pm['thread']; $tid = intval($pm['tid']); sendpm($pm['authorid'], $pm['act'] . 'subject', $pm['act'] . 'message', 0); } } showmessage('modcp_mod_succeed', "{$cpscript}?action={$action}&op={$op}&filter={$filter}&fid={$fid}"); } $modcount = $db->result_first("SELECT COUNT(*) FROM {$tablepre}threads WHERE " . ($modfidsadd ? " {$modfidsadd} AND " : '') . " displayorder='{$pstat}'"); $multipage = multi($modcount, $tpp, $page, "{$cpscript}?action={$action}&op={$op}&filter={$filter}&fid={$fid}"); if ($modcount) { $query = $db->query("SELECT t.tid, t.fid, t.author, t.sortid, t.authorid, t.subject as tsubject, t.dateline, t.attachment,\r\n\t\t\tp.pid, p.message, p.useip, p.attachment\r\n\t\t\tFROM {$tablepre}threads t\r\n\t\t\tLEFT JOIN {$tablepre}posts p ON p.tid=t.tid AND p.first = 1\r\n\t\t\tWHERE " . ($modfidsadd ? " t.{$modfidsadd} AND " : '') . " t.displayorder='{$pstat}'\r\n\t\t\tORDER BY t.dateline DESC LIMIT {$start_limit}, {$tpp}"); while ($thread = $db->fetch_array($query)) { $thread['id'] = $thread['tid']; if ($thread['authorid'] && $thread['author'] != '') { $thread['author'] = "<a href=\"space.php?uid={$thread['authorid']}\" target=\"_blank\">{$thread['author']}</a>"; } elseif ($thread['authorid']) { $thread['author'] = "<a href=\"space.php?uid={$thread['authorid']}\" target=\"_blank\">UID {$thread['uid']}</a>"; } else {
/** * Allows the user to report a personal message to an administrator. * * - In the first instance requires that the ID of the message to report is passed through $_GET. * - It allows the user to report to either a particular administrator - or the whole admin team. * - It will forward on a copy of the original message without allowing the reporter to make changes. * * @uses report_message sub-template. */ function ReportMessage() { global $txt, $context, $scripturl, $sourcedir; global $user_info, $language, $modSettings, $smcFunc; // Check that this feature is even enabled! if (empty($modSettings['enableReportPM']) || empty($_REQUEST['pmsg'])) { fatal_lang_error('no_access', false); } $pmsg = (int) $_REQUEST['pmsg']; if (!isAccessiblePM($pmsg, 'inbox')) { fatal_lang_error('no_access', false); } $context['pm_id'] = $pmsg; $context['page_title'] = $txt['pm_report_title']; // If we're here, just send the user to the template, with a few useful context bits. if (!isset($_POST['report'])) { $context['sub_template'] = 'report_message'; // @todo I don't like being able to pick who to send it to. Favoritism, etc. sucks. // Now, get all the administrators. $request = $smcFunc['db_query']('', ' SELECT id_member, real_name FROM {db_prefix}members WHERE id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0 ORDER BY real_name', array('admin_group' => 1)); $context['admins'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['admins'][$row['id_member']] = $row['real_name']; } $smcFunc['db_free_result']($request); // How many admins in total? $context['admin_count'] = count($context['admins']); } else { // Check the session before proceeding any further! checkSession('post'); // First, pull out the message contents, and verify it actually went to them! $request = $smcFunc['db_query']('', ' SELECT pm.subject, pm.body, pm.msgtime, pm.id_member_from, IFNULL(m.real_name, pm.from_name) AS sender_name FROM {db_prefix}personal_messages AS pm INNER JOIN {db_prefix}pm_recipients AS pmr ON (pmr.id_pm = pm.id_pm) LEFT JOIN {db_prefix}members AS m ON (m.id_member = pm.id_member_from) WHERE pm.id_pm = {int:id_pm} AND pmr.id_member = {int:current_member} AND pmr.deleted = {int:not_deleted} LIMIT 1', array('current_member' => $user_info['id'], 'id_pm' => $context['pm_id'], 'not_deleted' => 0)); // Can only be a hacker here! if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_access', false); } list($subject, $body, $time, $memberFromID, $memberFromName) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); // Remove the line breaks... $body = preg_replace('~<br ?/?' . '>~i', "\n", $body); // Get any other recipients of the email. $request = $smcFunc['db_query']('', ' SELECT mem_to.id_member AS id_member_to, mem_to.real_name AS to_name, pmr.bcc FROM {db_prefix}pm_recipients AS pmr LEFT JOIN {db_prefix}members AS mem_to ON (mem_to.id_member = pmr.id_member) WHERE pmr.id_pm = {int:id_pm} AND pmr.id_member != {int:current_member}', array('current_member' => $user_info['id'], 'id_pm' => $context['pm_id'])); $recipients = array(); $hidden_recipients = 0; while ($row = $smcFunc['db_fetch_assoc']($request)) { // If it's hidden still don't reveal their names - privacy after all ;) if ($row['bcc']) { $hidden_recipients++; } else { $recipients[] = '[url=' . $scripturl . '?action=profile;u=' . $row['id_member_to'] . ']' . $row['to_name'] . '[/url]'; } } $smcFunc['db_free_result']($request); if ($hidden_recipients) { $recipients[] = sprintf($txt['pm_report_pm_hidden'], $hidden_recipients); } // Now let's get out and loop through the admins. $request = $smcFunc['db_query']('', ' SELECT id_member, real_name, lngfile FROM {db_prefix}members WHERE (id_group = {int:admin_id} OR FIND_IN_SET({int:admin_id}, additional_groups) != 0) ' . (empty($_POST['id_admin']) ? '' : 'AND id_member = {int:specific_admin}') . ' ORDER BY lngfile', array('admin_id' => 1, 'specific_admin' => isset($_POST['id_admin']) ? (int) $_POST['id_admin'] : 0)); // Maybe we shouldn't advertise this? if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_access', false); } $memberFromName = un_htmlspecialchars($memberFromName); // Prepare the message storage array. $messagesToSend = array(); // Loop through each admin, and add them to the right language pile... while ($row = $smcFunc['db_fetch_assoc']($request)) { // Need to send in the correct language! $cur_language = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']; if (!isset($messagesToSend[$cur_language])) { loadLanguage('PersonalMessage', $cur_language, false); // Make the body. $report_body = str_replace(array('{REPORTER}', '{SENDER}'), array(un_htmlspecialchars($user_info['name']), $memberFromName), $txt['pm_report_pm_user_sent']); $report_body .= "\n" . '[b]' . $_POST['reason'] . '[/b]' . "\n\n"; if (!empty($recipients)) { $report_body .= $txt['pm_report_pm_other_recipients'] . ' ' . implode(', ', $recipients) . "\n\n"; } $report_body .= $txt['pm_report_pm_unedited_below'] . "\n" . '[quote author=' . (empty($memberFromID) ? '"' . $memberFromName . '"' : $memberFromName . ' link=action=profile;u=' . $memberFromID . ' date=' . $time) . ']' . "\n" . un_htmlspecialchars($body) . '[/quote]'; // Plonk it in the array ;) $messagesToSend[$cur_language] = array('subject' => ($smcFunc['strpos']($subject, $txt['pm_report_pm_subject']) === false ? $txt['pm_report_pm_subject'] : '') . un_htmlspecialchars($subject), 'body' => $report_body, 'recipients' => array('to' => array(), 'bcc' => array())); } // Add them to the list. $messagesToSend[$cur_language]['recipients']['to'][$row['id_member']] = $row['id_member']; } $smcFunc['db_free_result']($request); // Send a different email for each language. foreach ($messagesToSend as $lang => $message) { sendpm($message['recipients'], $message['subject'], $message['body']); } // Give the user their own language back! if (!empty($modSettings['userLanguage'])) { loadLanguage('PersonalMessage', '', false); } // Leave them with a template. $context['sub_template'] = 'report_message_complete'; } }
function BuddyAdd() { global $smcFunc, $sourcedir, $txt, $context, $scripturl, $language, $modSettings; checkSession('get'); $_GET['u'] = (int) $_GET['u']; $request = $smcFunc['db_query']('', ' SELECT approved FROM {db_prefix}buddies WHERE id_member = {int:id_member} AND buddy_id = {int:buddy_id}', array('id_member' => $context['user']['id'], 'buddy_id' => $_GET['u'])); if ($smcFunc['db_num_rows']($request) > 0) { fatal_error($txt['buddy_already_added'], false); } $request = $smcFunc['db_query']('', ' SELECT real_name FROM {db_prefix}members WHERE id_member = {int:id_member}', array('id_member' => $_GET['u'])); if ($smcFunc['db_num_rows']($request) < 1) { redirectexit(); } // Find the new position. $request = $smcFunc['db_query']('', 'SELECT position FROM {db_prefix}buddies WHERE id_member = {int:id_member} ORDER BY position DESC LIMIT 1', array('id_member' => $context['user']['id'])); list($position) = $smcFunc['db_fetch_row']($request); $position = $position + 1; $smcFunc['db_insert']('normal', '{db_prefix}buddies', array('id_member' => 'int', 'buddy_id' => 'int', 'approved' => 'int', 'position' => 'int', 'time_updated' => 'int', 'requested' => 'int'), array('id_member' => $context['user']['id'], 'buddy_id' => $_GET['u'], 'approved' => '0', 'position' => $position, 'time_updated' => time(), 'requested' => $context['user']['id']), array()); $request = $smcFunc['db_query']('', ' SELECT position FROM {db_prefix}buddies WHERE id_member = {int:id_member} ORDER BY position DESC LIMIT 1', array('id_member' => $_GET['u'])); list($position) = $smcFunc['db_fetch_row']($request); $position = $position + 1; $smcFunc['db_insert']('normal', '{db_prefix}buddies', array('buddy_id' => 'int', 'id_member' => 'int', 'approved' => 'int', 'position' => 'int', 'time_updated' => 'int', 'requested' => 'int'), array('buddy_id' => $context['user']['id'], 'id_member' => $_GET['u'], 'approved' => '0', 'position' => $position, 'time_updated' => time(), 'requested' => $context['user']['id']), array()); // Let's notify the user. $request = $smcFunc['db_query']('', ' SELECT lngfile FROM {db_prefix}members WHERE id_member = {int:id_member}', array('id_member' => $_GET['u'])); list($user_language) = $smcFunc['db_fetch_row']($request); loadLanguage('Maximumprofile', empty($user_language) || empty($modSettings['userLanguage']) ? $language : $user_language, false); require_once $sourcedir . '/Subs-Post.php'; sendpm(array('to' => array($_GET['u']), 'bcc' => array()), sprintf($txt['buddy_notif_new_subject'], $context['user']['name']), sprintf($txt['buddy_notif_new_body'], $context['user']['name'], $scripturl . '?action=profile;area=lists;sa=buddies;u=' . $_GET['u']), false, array('id' => 0, 'name' => $txt['Maximum_notif_com_user'], 'username' => $txt['Maximum_notif_com_user'])); redirectexit('action=profile;u=' . $_GET['u']); }