function sp_admin_bar_do_upgrade_check()
{
if (!sp_is_plugin_active('admin-bar/sp-admin-bar-plugin.php')) {
return;
}
$options = sp_get_option('spAdminBar');
$db = $options['dbversion'];
if (empty($db)) {
$db = 0;
}
# quick bail check
if ($db == SPABDBVERSION) {
return;
}
# apply upgrades as needed
if ($db < 1) {
# empty since plugin did not used db on initial release
}
if ($db < 2) {
# set autoload flag to true for autoupdates
$meta = sp_get_sfmeta('autoupdate', 'admin');
if (!empty($meta[0])) {
sp_update_sfmeta('autoupdate', 'admin', $meta[0]['meta_value'], $meta[0]['meta_id'], 1);
}
}
if ($db < 3) {
# permission for bypassing akismet checks
sp_add_auth('bypass_akismet', __('Can bypass akismet check on posts', 'spab'), 1, 0, 0, 0, 3);
sp_activate_auth('bypass_akismet');
}
# save data
$options['dbversion'] = SPABDBVERSION;
sp_update_option('spAdminBar', $options);
}
function spa_setup_auths()
{
# create the auths
sp_add_auth('view_forum', esc_sql(spa_text_noesc('Can view a forum')), 1, 0, 0, 0, 2);
sp_add_auth('view_forum_lists', esc_sql(spa_text_noesc('Can view a list of forums only')), 1, 0, 0, 0, 2);
sp_add_auth('view_forum_topic_lists', esc_sql(spa_text_noesc('Can view a list of forums and list of topics only')), 1, 0, 0, 0, 2);
sp_add_auth('view_admin_posts', esc_sql(spa_text_noesc('Can view posts by an administrator')), 1, 0, 0, 0, 2);
sp_add_auth('view_own_admin_posts', esc_sql(spa_text_noesc('Can view only own posts and admin/mod posts')), 1, 0, 0, 1, 2);
sp_add_auth('start_topics', esc_sql(spa_text_noesc('Can start new topics in a forum')), 1, 0, 0, 0, 3);
sp_add_auth('reply_topics', esc_sql(spa_text_noesc('Can reply to existing topics in a forum')), 1, 0, 0, 0, 3);
sp_add_auth('reply_own_topics', esc_sql(spa_text_noesc('Can only reply to own topics')), 1, 0, 0, 1, 3);
sp_add_auth('bypass_flood_control', esc_sql(spa_text_noesc('Can bypass wait time between posts')), 1, 0, 0, 0, 3);
sp_add_auth('edit_own_topic_titles', esc_sql(spa_text_noesc('Can edit own topic titles')), 1, 0, 0, 0, 4);
sp_add_auth('edit_any_topic_titles', esc_sql(spa_text_noesc('Can edit any topic title')), 1, 0, 0, 0, 4);
sp_add_auth('pin_topics', esc_sql(spa_text_noesc('Can pin topics in a forum')), 1, 0, 0, 0, 7);
sp_add_auth('move_topics', esc_sql(spa_text_noesc('Can move topics from a forum')), 1, 0, 0, 0, 7);
sp_add_auth('move_posts', esc_sql(spa_text_noesc('Can move posts from a topic')), 1, 0, 0, 0, 7);
sp_add_auth('lock_topics', esc_sql(spa_text_noesc('Can lock topics in a forum')), 1, 0, 0, 0, 7);
sp_add_auth('delete_topics', esc_sql(spa_text_noesc('Can delete topics in forum')), 1, 0, 0, 0, 5);
sp_add_auth('edit_own_posts_forever', esc_sql(spa_text_noesc('Can edit own posts forever')), 1, 0, 0, 0, 4);
sp_add_auth('edit_own_posts_reply', esc_sql(spa_text_noesc('Can edit own posts until there has been a reply')), 1, 0, 0, 0, 4);
sp_add_auth('edit_any_post', esc_sql(spa_text_noesc('Can edit any post')), 1, 0, 0, 0, 4);
sp_add_auth('delete_own_posts', esc_sql(spa_text_noesc('Can delete own posts')), 1, 0, 0, 0, 5);
sp_add_auth('delete_any_post', esc_sql(spa_text_noesc('Can delete any post')), 1, 0, 0, 0, 5);
sp_add_auth('pin_posts', esc_sql(spa_text_noesc('Can pin posts within a topic')), 1, 0, 0, 0, 7);
sp_add_auth('reassign_posts', esc_sql(spa_text_noesc('Can reassign posts to a different user')), 1, 0, 0, 0, 7);
sp_add_auth('view_email', esc_sql(spa_text_noesc('Can view email and IP addresses of members')), 1, 0, 0, 0, 2);
sp_add_auth('view_profiles', esc_sql(spa_text_noesc('Can view profiles of members')), 1, 0, 0, 0, 2);
sp_add_auth('view_members_list', esc_sql(spa_text_noesc('Can view the members lists')), 1, 0, 0, 0, 2);
sp_add_auth('bypass_math_question', esc_sql(spa_text_noesc('Can bypass the math question')), 1, 0, 0, 0, 6);
sp_add_auth('bypass_moderation', esc_sql(spa_text_noesc('Can bypass all post moderation')), 1, 0, 0, 0, 6);
sp_add_auth('bypass_moderation_once', esc_sql(spa_text_noesc('Can bypass first post moderation')), 1, 0, 0, 0, 6);
sp_add_auth('moderate_posts', esc_sql(spa_text_noesc('Can moderate pending posts')), 1, 0, 0, 0, 6);
sp_add_auth('use_spoilers', esc_sql(spa_text_noesc('Can use spoilers in posts')), 1, 0, 0, 0, 3);
sp_add_auth('view_links', esc_sql(spa_text_noesc('Can view links within posts')), 1, 0, 0, 0, 2);
sp_add_auth('use_signatures', esc_sql(spa_text_noesc('Can attach a signature to posts')), 1, 1, 0, 0, 3);
sp_add_auth('upload_avatars', esc_sql(spa_text_noesc('Can upload avatars')), 1, 1, 1, 0, 8);
sp_add_auth('create_links', esc_sql(spa_text_noesc('Can create links in posts')), 1, 0, 0, 0, 3);
sp_add_auth('can_use_smileys', esc_sql(spa_text_noesc('Can use smileys in posts')), 1, 0, 0, 0, 3);
sp_add_auth('can_use_iframes', esc_sql(spa_text_noesc('Can use iframes in posts')), 1, 0, 0, 0, 3);
}
function spa_setup_auths()
{
# create the auths
sp_add_auth('view_forum', esc_sql(spa_text_noesc('Can view a forum')), 1, 0, 0, 0, 2, '');
sp_add_auth('view_forum_lists', esc_sql(spa_text_noesc('Can view a list of forums only')), 1, 0, 0, 0, 2, '');
sp_add_auth('view_forum_topic_lists', esc_sql(spa_text_noesc('Can view a list of forums and list of topics only')), 1, 0, 0, 0, 2, '');
sp_add_auth('view_admin_posts', esc_sql(spa_text_noesc('Can view posts by an administrator')), 1, 0, 0, 0, 2, '');
sp_add_auth('view_own_admin_posts', esc_sql(spa_text_noesc('Can view only own posts and admin/mod posts')), 1, 1, 0, 1, 2, '');
sp_add_auth('view_email', esc_sql(spa_text_noesc('Can view email and IP addresses of members')), 1, 1, 0, 0, 2, '');
sp_add_auth('view_profiles', esc_sql(spa_text_noesc('Can view profiles of members')), 1, 0, 0, 0, 2, '');
sp_add_auth('view_members_list', esc_sql(spa_text_noesc('Can view the members lists')), 1, 0, 0, 0, 2, '');
sp_add_auth('view_links', esc_sql(spa_text_noesc('Can view links within posts')), 1, 0, 0, 0, 2, '');
sp_add_auth('start_topics', esc_sql(spa_text_noesc('Can start new topics in a forum')), 1, 0, 0, 0, 3, '');
sp_add_auth('reply_topics', esc_sql(spa_text_noesc('Can reply to existing topics in a forum')), 1, 0, 0, 0, 3, '');
sp_add_auth('reply_own_topics', esc_sql(spa_text_noesc('Can only reply to own topics')), 1, 1, 0, 1, 3, '');
sp_add_auth('bypass_flood_control', esc_sql(spa_text_noesc('Can bypass wait time between posts')), 1, 0, 0, 0, 3, '');
sp_add_auth('use_spoilers', esc_sql(spa_text_noesc('Can use spoilers in posts in posts')), 1, 0, 0, 0, 3, '');
sp_add_auth('use_signatures', esc_sql(spa_text_noesc('Can attach a signature to posts')), 1, 1, 0, 0, 3, '');
sp_add_auth('create_links', esc_sql(spa_text_noesc('Can create links in posts')), 1, 0, 0, 0, 3, '');
sp_add_auth('can_use_smileys', esc_sql(spa_text_noesc('Can use smileys in posts')), 1, 0, 0, 0, 3, '');
sp_add_auth('can_use_iframes', esc_sql(spa_text_noesc('Can use iframes in posts')), 1, 1, 0, 0, 3, spa_text('*** WARNING *** The use of iframes is dangerous. Allowing users to create iframes enables them to launch a potential security threat against your website. Enabling iframes requires your trust in your users. Turn on with care.'));
sp_add_auth('edit_own_topic_titles', esc_sql(spa_text_noesc('Can edit own topic titles')), 1, 1, 0, 0, 4, '');
sp_add_auth('edit_any_topic_titles', esc_sql(spa_text_noesc('Can edit any topic title')), 1, 1, 0, 0, 4, '');
sp_add_auth('edit_own_posts_for_time', esc_sql(spa_text_noesc('Can edit own posts for time period')), 1, 1, 0, 0, 4, '');
sp_add_auth('edit_own_posts_forever', esc_sql(spa_text_noesc('Can edit own posts forever')), 1, 1, 0, 0, 4, '');
sp_add_auth('edit_own_posts_reply', esc_sql(spa_text_noesc('Can edit own posts until there has been a reply')), 1, 1, 0, 0, 4, '');
sp_add_auth('edit_any_post', esc_sql(spa_text_noesc('Can edit any post')), 1, 1, 0, 0, 4, '');
sp_add_auth('delete_topics', esc_sql(spa_text_noesc('Can delete topics in forum')), 1, 1, 0, 0, 5, '');
sp_add_auth('delete_own_posts', esc_sql(spa_text_noesc('Can delete own posts')), 1, 1, 0, 0, 5, '');
sp_add_auth('delete_any_post', esc_sql(spa_text_noesc('Can delete any post')), 1, 1, 0, 0, 5, '');
sp_add_auth('bypass_math_question', esc_sql(spa_text_noesc('Can bypass the math question')), 1, 0, 0, 0, 6, '');
sp_add_auth('bypass_moderation', esc_sql(spa_text_noesc('Can bypass all post moderation')), 1, 0, 0, 0, 6, 0);
sp_add_auth('bypass_moderation_once', esc_sql(spa_text_noesc('Can bypass first post moderation')), 1, 0, 0, 0, 6, '');
sp_add_auth('moderate_posts', esc_sql(spa_text_noesc('Can moderate pending posts')), 1, 1, 0, 0, 6, '');
sp_add_auth('pin_topics', esc_sql(spa_text_noesc('Can pin topics in a forum')), 1, 0, 0, 0, 7, '');
sp_add_auth('move_topics', esc_sql(spa_text_noesc('Can move topics from a forum')), 1, 0, 0, 0, 7, '');
sp_add_auth('move_posts', esc_sql(spa_text_noesc('Can move posts from a topic')), 1, 0, 0, 0, 7, '');
sp_add_auth('lock_topics', esc_sql(spa_text_noesc('Can lock topics in a forum')), 1, 0, 0, 0, 7, '');
sp_add_auth('pin_posts', esc_sql(spa_text_noesc('Can pin posts within a topic')), 1, 0, 0, 0, 7, '');
sp_add_auth('reassign_posts', esc_sql(spa_text_noesc('Can reassign posts to a different user')), 1, 0, 0, 0, 7, '');
sp_add_auth('upload_avatars', esc_sql(spa_text_noesc('Can upload avatars')), 1, 1, 1, 0, 8, '');
}
function sp_admin_bar_do_reset_permissions()
{
sp_add_auth('bypass_akismet', __('Can bypass akismet check on posts', 'spab'), 1, 0, 0, 0, 3);
}
}
$section = 12446;
if ($build < $section) {
spdb_query('ALTER TABLE ' . SFFORUMS . ' ADD (topic_icon_pinned varchar(50) default NULL)');
sp_response($section);
}
$section = 12479;
if ($build < $section) {
# add starting captcha value
sp_add_option('captcha-value', time());
sp_response($section);
}
$section = 12487;
if ($build < $section) {
# create a new permission for using smileys
sp_add_auth('edit_own_posts_for_time', spa_text('Can edit own posts for time period'), 1, 1, 0, 0, 4);
sp_add_option('editpostdays', 7);
sp_response($section);
}
$section = 12493;
if ($build < $section) {
# Clean out the spInspect array as it has some new members
sp_create_inspectors();
sp_response($section);
}
$section = 12581;
if ($build < $section) {
# Correct users auths records in case they are incorrect
spdb_query("UPDATE " . SFAUTHS . "\n\t\t\t\tSET ignored = 1\n\t\t\t\tWHERE auth_name IN\n\t\t\t\t('can_use_iframes','moderate_posts','delete_any_post','delete_own_posts','delete_topics','view_email','view_own_admin_posts','edit_own_topic_titles','edit_any_topic_titles','edit_own_posts_for_time','edit_own_posts_forever','edit_own_posts_reply','edit_any_post','upload_images','upload_media','upload_files','use_signatures','upload_signatures','upload_avatars','subscribe','watch','rate_posts','use_pm','create_linked_topics','break_linked_topics','reply_own_topics','thank_posts','manage_attachments','hide_posters','post_anonymous','post_as_user','post_multiple','set_topic_expire','create_topic_redirects','change_topic_status');");
spdb_query("UPDATE " . SFAUTHS . "\n\t\t\t\tSET enabling = 1\n\t\t\t\tWHERE auth_name IN\n\t\t\t\t('upload_avatars','use_pm','create_linked_topics','break_linked_topics','change_topic_status');");
spdb_query("UPDATE " . SFAUTHS . "\n\t\t\t\tSET admin_negate = 1\n\t\t\t\tWHERE auth_name IN\n\t\t\t\t('reply_own_topics','view_own_admin_posts');");
function spa_save_permissions_new_auth()
{
check_admin_referer('forum-adminform_authnew', 'forum-adminform_authnew');
# create the auth
if (!empty($_POST['auth_name'])) {
$active = isset($_POST['auth_active']) ? 1 : 0;
$ignored = isset($_POST['auth_guests']) ? 1 : 0;
$enabling = isset($_POST['auth_enabling']) ? 1 : 0;
$result = sp_add_auth(sp_filter_title_save($_POST['auth_name']), sp_filter_title_save($_POST['auth_desc']), $active, $ignored, $enabling);
if ($result) {
# reset the auths to account for new auth
sp_reset_auths();
$mess = spa_text('New auth added');
} else {
$mess = spa_text('New auth failed - duplicate auth?');
}
} else {
$mess = spa_text('New auth failed - missing data');
}
return $mess;
}
function sp_convert_perms_to_auths()
{
if (!spdb_column_exists(SFMEMBERS, 'auths')) {
spdb_query('ALTER TABLE ' . SFMEMBERS . ' ADD (auths longtext)');
}
spdb_query('ALTER TABLE ' . SFROLES . ' CHANGE role_actions role_auths longtext');
# populate with existing permissions
sp_add_auth('view_forum', esc_sql(spa_text_noesc('Can view a forum')), 1, 0, 0);
sp_add_auth('view_forum_lists', esc_sql(spa_text_noesc('Can view a list of forums only')), 1, 0, 0);
sp_add_auth('view_forum_topic_lists', esc_sql(spa_text_noesc('Can view a list of forums and list of topics only')), 1, 0, 0);
sp_add_auth('view_admin_posts', esc_sql(spa_text_noesc('Can view posts by an administrator')), 1, 0, 0);
sp_add_auth('start_topics', esc_sql(spa_text_noesc('Can start new topics in a forum')), 1, 0, 0);
sp_add_auth('reply_topics', esc_sql(spa_text_noesc('Can reply to existing topics in a forum')), 1, 0, 0);
sp_add_auth('edit_own_topic_titles', esc_sql(spa_text_noesc('Can edit own topic titles')), 1, 0, 0);
sp_add_auth('edit_any_topic_titles', esc_sql(spa_text_noesc('Can edit any topic title')), 1, 0, 0);
sp_add_auth('pin_topics', esc_sql(spa_text_noesc('Can pin topics in a forum')), 1, 0, 0);
sp_add_auth('move_topics', esc_sql(spa_text_noesc('Can move topics from a forum')), 1, 0, 0);
sp_add_auth('move_posts', esc_sql(spa_text_noesc('Can move posts from a topic')), 1, 0, 0);
sp_add_auth('lock_topics', esc_sql(spa_text_noesc('Can lock topics in a forum')), 1, 0, 0);
sp_add_auth('delete_topics', esc_sql(spa_text_noesc('Can delete topics in forum')), 1, 0, 0);
sp_add_auth('edit_own_posts_forever', esc_sql(spa_text_noesc('Can edit own posts forever')), 1, 0, 0);
sp_add_auth('edit_own_posts_reply', esc_sql(spa_text_noesc('Can edit own posts until there has been a reply')), 1, 0, 0);
sp_add_auth('edit_any_post', esc_sql(spa_text_noesc('Can edit any post')), 1, 0, 0);
sp_add_auth('delete_own_posts', esc_sql(spa_text_noesc('Can delete own posts')), 1, 0, 0);
sp_add_auth('delete_any_post', esc_sql(spa_text_noesc('Can delete any post')), 1, 0, 0);
sp_add_auth('pin_posts', esc_sql(spa_text_noesc('Can pin posts within a topic')), 1, 0, 0);
sp_add_auth('reassign_posts', esc_sql(spa_text_noesc('Can reassign posts to a different user')), 1, 0, 0);
sp_add_auth('view_email', esc_sql(spa_text_noesc('Can view email and IP addresses of members')), 1, 0, 0);
sp_add_auth('view_profiles', esc_sql(spa_text_noesc('Can view profiles of members')), 1, 0, 0);
sp_add_auth('view_members_list', esc_sql(spa_text_noesc('Can view the members lists')), 1, 0, 0);
sp_add_auth('report_posts', esc_sql(spa_text_noesc('Can report a post to administrators')), 1, 0, 0);
sp_add_auth('bypass_math_question', esc_sql(spa_text_noesc('Can bypass the math question')), 1, 0, 0);
sp_add_auth('bypass_moderation', esc_sql(spa_text_noesc('Can bypass all post moderation')), 1, 0, 0);
sp_add_auth('bypass_moderation_once', esc_sql(spa_text_noesc('Can bypass first post moderation')), 1, 0, 0);
sp_add_auth('moderate_posts', esc_sql(spa_text_noesc('Can moderate pending posts')), 1, 0, 0);
sp_add_auth('use_spoilers', esc_sql(spa_text_noesc('Can use spoilers in posts')), 1, 0, 0);
sp_add_auth('view_links', esc_sql(spa_text_noesc('Can view links within posts')), 1, 0, 0);
sp_add_auth('upload_images', esc_sql(spa_text_noesc('Can upload images in posts')), 1, 1, 0);
sp_add_auth('upload_media', esc_sql(spa_text_noesc('Can upload media in posts')), 1, 1, 0);
sp_add_auth('upload_files', esc_sql(spa_text_noesc('Can upload other files in posts')), 1, 1, 0);
sp_add_auth('use_signatures', esc_sql(spa_text_noesc('Can attach a signature to posts')), 1, 1, 0);
sp_add_auth('upload_signatures', esc_sql(spa_text_noesc('Can upload signature images')), 1, 1, 0);
sp_add_auth('upload_avatars', esc_sql(spa_text_noesc('Can upload avatars')), 1, 1, 1);
sp_add_auth('subscribe', esc_sql(spa_text_noesc('Can subscribe to topics within a forum')), 0, 1, 0);
sp_add_auth('watch', esc_sql(spa_text_noesc('Can watch topics within a forum')), 0, 1, 0);
sp_add_auth('change_topic_status', esc_sql(spa_text_noesc('Can change the status of a topic')), 1, 1, 0);
sp_add_auth('rate_posts', esc_sql(spa_text_noesc('Can rate a post')), 0, 1, 0);
sp_add_auth('use_pm', esc_sql(spa_text_noesc('Can use the private messaging system')), 0, 1, 1);
# now we need to convert existing roles
$roles = spdb_table(SFROLES);
if ($roles) {
foreach ($roles as $role) {
$actions = unserialize($role->role_auths);
if ($actions) {
$new_actions = spa_convert_action_to_auth($actions);
spdb_query('UPDATE ' . SFROLES . " SET role_auths='" . serialize($new_actions) . "' WHERE role_id={$role->role_id}");
}
}
}
}
$mobileTheme = sp_get_option('sp_mobile_theme');
if ($mobileTheme && !file_exists(SPTHEMEBASEDIR . $mobileTheme['theme'] . '/styles/overlays/' . $mobileTheme['color'] . '.php')) {
$mobileTheme['color'] = '';
sp_update_option('sp_mobile_theme', $mobileTheme);
}
$tabletTheme = sp_get_option('sp_tablet_theme');
if ($tabletTheme && !file_exists(SPTHEMEBASEDIR . $tabletTheme['theme'] . '/styles/overlays/' . $tabletTheme['color'] . '.php')) {
$tabletTheme['color'] = '';
sp_update_option('sp_tablet_theme', $tabletTheme);
}
sp_response($section);
}
$section = 11375;
if ($build < $section) {
# create a new permission for using iframes
sp_add_auth('bypass_flood_control', spa_text('Can bypass wait time between posts'), 1, 0, 0, 0, 3);
sp_add_option('floodcontrol', 10);
sp_response($section);
}
$section = 11388;
if ($build < $section) {
$sffilters = sp_get_option('sffilters');
if (!isset($sffilters['sfmaxsmileys'])) {
$sffilters['sfmaxsmileys'] = 0;
sp_update_option('sffilters', $sffilters);
}
# add new column for meta data to user activity table
spdb_query('ALTER TABLE ' . SFUSERACTIVITY . ' ADD (meta_id BIGINT(20))');
sp_response($section);
}
$section = 11423;
function sp_captcha_do_permissions_reset()
{
sp_add_auth('bypass_captcha', __('Can bypass the post captcha check', 'sp-cap'), 1, 0, 0, 0, 6);
}