function sp_can_view($forumid, $view, $userid = 0, $posterid = 0, $topicid = 0, $postid = 0)
{
global $spGlobals, $spThisUser, $spStatus;
# bail if awaiting upgrade since no forums are visible
if (!isset($spStatus) || isset($spStatus) && $spStatus != 'ok') {
return;
}
# return false for any disabled forums since they are not shown on front end
if (in_array($forumid, $spGlobals['disabled_forums'])) {
return false;
}
# make sure we at least use the current user
if (empty($userid)) {
$userid = $spThisUser->ID;
}
$auth = false;
switch ($view) {
case 'forum-title':
$auth = sp_get_auth('view_forum', $forumid, $userid) || sp_get_auth('view_forum_lists', $forumid, $userid) || sp_get_auth('view_forum_topic_lists', $forumid, $userid);
$auth = apply_filters('sph_auth_view_forum_title', $auth, $forumid, $view, $userid, $posterid);
break;
case 'topic-title':
$auth = sp_get_auth('view_forum', $forumid, $userid) || sp_get_auth('view_forum_topic_lists', $forumid, $userid);
$auth = apply_filters('sph_auth_view_topic_title', $auth, $forumid, $view, $userid, $posterid);
break;
case 'post-content':
$auth = sp_get_auth('view_forum', $forumid, $userid) && (!sp_is_forum_admin($posterid) || sp_get_auth('view_admin_posts', $forumid, $userid)) && (sp_is_forum_admin($posterid) || sp_is_forum_mod($posterid) || $userid == $posterid || !sp_get_auth('view_own_admin_posts', $forumid, $userid));
$auth = apply_filters('sph_auth_view_post_content', $auth, $forumid, $view, $userid, $posterid, $topicid, $postid);
break;
default:
$auth = apply_filters('sph_auth_view_' . $view, $auth, $forumid, $view, $userid, $posterid, $topicid, $postid);
break;
}
$auth = apply_filters('sph_auth_view', $auth, $forumid, $view, $userid, $posterid);
return $auth;
}
function sp_topicview_query($topicid = 0, $cPage = 1, $forumid = 0)
{
global $spGlobals, $spThisUser, $spVars;
# do we have a valid topic id
if ($topicid == 0) {
$this->topicViewStatus = 'no data';
return;
} else {
$WHERE = SFTOPICS . '.topic_id=' . $topicid;
}
# default to no access
$this->topicViewStatus = 'no access';
# some setup vars
$startlimit = 0;
$lastpage = 0;
# how many posts per page?
$ppaged = $spGlobals['display']['posts']['perpage'];
if (!$ppaged) {
$ppaged = 10;
}
# setup where we are in the post list (paging)
if ($cPage != 1) {
$startlimit = ($cPage - 1) * $ppaged;
}
$LIMIT = $startlimit . ', ' . $ppaged;
# Set up order by
$setSort = false;
$reverse = false;
$setSort = $spGlobals['display']['posts']['sortdesc'];
if (isset($spGlobals['sort_order']['topic'])) {
$reverse = array_search($topicid, (array) $spGlobals['sort_order']['topic']) !== false ? true : false;
}
if (isset($spThisUser->postDESC) && $spThisUser->postDESC) {
$reverse = !$reverse;
}
if ($setSort xor $reverse) {
$ORDER = 'post_pinned DESC, ' . SFPOSTS . ".post_id DESC";
} else {
$ORDER = 'post_pinned DESC, ' . SFPOSTS . ".post_id ASC";
}
# add newpost/sfwaiting support for admins
$waitCheck = ', NULL AS new_post';
if ($spThisUser->admin || $spThisUser->moderator) {
$waitCheck = ', ' . SFWAITING . '.post_count AS new_post';
}
# Discover if this topic is in users new post list
$maybeNewPost = false;
if ($spThisUser->member && sp_is_in_users_newposts($topicid)) {
$maybeNewPost = true;
}
# retrieve topic and post records
$spdb = new spdbComplex();
$spdb->table = SFTOPICS;
$spdb->found_rows = true;
$spdb->fields = 'group_id, ' . SFTOPICS . '.topic_id, ' . SFTOPICS . '.forum_id, topic_name, topic_slug, topic_status, topic_pinned, topic_icon, topic_opened, ' . SFTOPICS . '.post_count, forum_name, forum_slug, forum_status,
forum_disabled, forum_rss_private, ' . SFPOSTS . '.post_id, ' . spdb_zone_datetime('post_date') . ', ' . SFPOSTS . '.user_id, ' . SFTOPICS . '.user_id AS topic_starter,
guest_name, guest_email, post_status, post_pinned, post_index, post_edit, poster_ip, source, post_content' . $waitCheck;
$spdb->join = array(SFPOSTS . ' ON ' . SFTOPICS . '.topic_id=' . SFPOSTS . '.topic_id', SFFORUMS . ' ON ' . SFTOPICS . '.forum_id=' . SFFORUMS . '.forum_id');
if ($spThisUser->admin || $spThisUser->moderator) {
$spdb->left_join = array(SFWAITING . ' ON ' . SFPOSTS . '.post_id=' . SFWAITING . '.post_id');
}
$spdb->where = $WHERE;
$spdb->orderby = $ORDER;
$spdb->limits = $LIMIT;
$spdb = apply_filters('sph_topicview_query', $spdb, $this);
if (!empty($spThisUser->inspect['q_spTopicView'])) {
$spdb->inspect = 'spTopicView';
$spdb->show = true;
}
$records = $spdb->select();
$t = array();
if ($records) {
$tidx = $topicid;
$pidx = 0;
$r = current($records);
if (sp_get_auth('view_forum', $r->forum_id)) {
$this->topicViewStatus = 'data';
# construct the parent topic object
$t[$tidx] = new stdClass();
$t[$tidx]->topic_id = $r->topic_id;
$t[$tidx]->forum_id = $r->forum_id;
$t[$tidx]->group_id = $r->group_id;
$t[$tidx]->forum_name = sp_filter_title_display($r->forum_name);
$t[$tidx]->topic_name = sp_filter_title_display($r->topic_name);
$t[$tidx]->topic_slug = $r->topic_slug;
$t[$tidx]->topic_opened = $r->topic_opened;
$t[$tidx]->forum_status = $r->forum_status;
$t[$tidx]->topic_pinned = $r->topic_pinned;
$t[$tidx]->forum_disabled = $r->forum_disabled;
$t[$tidx]->forum_slug = $r->forum_slug;
$t[$tidx]->forum_rss_private = $r->forum_rss_private;
$t[$tidx]->topic_permalink = sp_build_url($r->forum_slug, $r->topic_slug, 1, 0);
$t[$tidx]->topic_status = $r->topic_status;
$t[$tidx]->topic_icon = sanitize_file_name($r->topic_icon);
$t[$tidx]->rss = '';
$t[$tidx]->editmode = 0;
$t[$tidx]->tools_flag = 1;
$t[$tidx]->display_page = $this->topicPage;
$t[$tidx]->posts_per_page = $ppaged;
$t[$tidx]->unread = 0;
# user calc_rows and nor post_count as - for example - some posts may be hiodden by choice.
$t[$tidx]->post_count = spdb_select('var', 'SELECT FOUND_ROWS()');
# Can the user create new topics or should we lock the forum?
$t[$tidx]->start_topics = sp_get_auth('start_topics', $r->forum_id);
$t[$tidx]->reply_topics = sp_get_auth('reply_topics', $r->forum_id);
$t[$tidx]->reply_own_topics = sp_get_auth('reply_own_topics', $r->forum_id);
# grab topic start info
$t[$tidx]->topic_starter = $r->topic_starter;
$totalPages = $r->post_count / $ppaged;
if (!is_int($totalPages)) {
$totalPages = intval($totalPages) + 1;
}
$t[$tidx]->total_pages = $totalPages;
if ($setSort xor $reverse) {
if ($cPage == 1) {
$lastpage = true;
}
} else {
if ($cPage == $totalPages) {
$lastpage = true;
}
}
$t[$tidx]->last_page = $lastpage;
$t[$tidx] = apply_filters('sph_topicview_topic_record', $t[$tidx], $r);
reset($records);
unset($r);
# now loop through the post records
$newPostFlag = false;
$firstPostPage = 1;
$pinned = 0;
# define post id and post user id arrays for plugins to use in combined filter
$p = array();
$u = array();
foreach ($records as $r) {
$pidx = $r->post_id;
$p[] = $pidx;
# prepare for user object
$cUser = $spThisUser->ID == $r->user_id;
$cSmall = !$cUser;
$t[$tidx]->posts[$pidx] = new stdClass();
$t[$tidx]->posts[$pidx]->post_id = $r->post_id;
$t[$tidx]->posts[$pidx]->post_date = $r->post_date;
$t[$tidx]->posts[$pidx]->user_id = $r->user_id;
$t[$tidx]->posts[$pidx]->guest_name = sp_filter_name_display($r->guest_name);
$t[$tidx]->posts[$pidx]->guest_email = sp_filter_email_display($r->guest_email);
$t[$tidx]->posts[$pidx]->post_status = $r->post_status;
$t[$tidx]->posts[$pidx]->post_pinned = $r->post_pinned;
$t[$tidx]->posts[$pidx]->post_index = $r->post_index;
$t[$tidx]->posts[$pidx]->poster_ip = $r->poster_ip;
$t[$tidx]->posts[$pidx]->source = $r->source;
$t[$tidx]->posts[$pidx]->post_permalink = sp_build_url($r->forum_slug, $r->topic_slug, $cPage, $r->post_id);
$t[$tidx]->posts[$pidx]->edits = '';
$t[$tidx]->posts[$pidx]->last_post = 0;
$t[$tidx]->posts[$pidx]->last_post_on_page = 0;
$t[$tidx]->posts[$pidx]->first_post_on_page = $firstPostPage;
$t[$tidx]->posts[$pidx]->editmode = 0;
$t[$tidx]->posts[$pidx]->post_content = sp_filter_content_display($r->post_content);
$t[$tidx]->posts[$pidx]->first_pinned = 0;
$t[$tidx]->posts[$pidx]->last_pinned = 0;
$t[$tidx]->posts[$pidx]->postUser = new stdClass();
$t[$tidx]->posts[$pidx]->postUser = clone sp_get_user($r->user_id, $cUser, $cSmall);
# populate the user guest name and email in case the poster is a guest
if ($r->user_id == 0) {
$t[$tidx]->posts[$pidx]->postUser->guest_name = $t[$tidx]->posts[$pidx]->guest_name;
$t[$tidx]->posts[$pidx]->postUser->guest_email = $t[$tidx]->posts[$pidx]->guest_email;
$t[$tidx]->posts[$pidx]->postUser->display_name = $t[$tidx]->posts[$pidx]->guest_name;
$t[$tidx]->posts[$pidx]->postUser->ip = $t[$tidx]->posts[$pidx]->poster_ip;
}
# pinned status
if ($firstPostPage == 1 && $r->post_pinned) {
$t[$tidx]->posts[$pidx]->first_pinned = true;
$pinned = $pidx;
}
if ($firstPostPage == 0 && $pinned > 0 && $r->post_pinned == false) {
$t[$tidx]->posts[$pinned]->last_pinned = true;
} elseif ($r->post_pinned) {
$pinned = $pidx;
}
$firstPostPage = 0;
# Is this a new post for the current user?
if ($spThisUser->guest) {
$newPostFlag = false;
} else {
if ($maybeNewPost && strtotime($r->post_date) > strtotime($spThisUser->lastvisit)) {
$newPostFlag = true;
}
if (isset($r->new_post)) {
$newPostFlag = true;
}
}
$t[$tidx]->posts[$pidx]->new_post = $newPostFlag;
# do we need to hide an admin post?
if (!sp_get_auth('view_admin_posts', $r->forum_id) && sp_is_forum_admin($r->user_id)) {
$adminview = sp_get_sfmeta('adminview', 'message');
if ($adminview) {
$t[$tidx]->posts[$pidx]->post_content = '<div class="spMessage">';
$t[$tidx]->posts[$pidx]->post_content .= sp_filter_text_display($adminview[0]['meta_value']);
$t[$tidx]->posts[$pidx]->post_content .= '</div>';
} else {
$t[$tidx]->posts[$pidx]->post_content = '';
}
}
# do we need to hide an others posts?
if (sp_get_auth('view_own_admin_posts', $r->forum_id) && !sp_is_forum_admin($r->user_id) && !sp_is_forum_mod($r->user_id) && $spThisUser->ID != $r->user_id) {
$userview = sp_get_sfmeta('userview', 'message');
if ($userview) {
$t[$tidx]->posts[$pidx]->post_content = '<div class="spMessage">';
$t[$tidx]->posts[$pidx]->post_content .= sp_filter_text_display($userview[0]['meta_value']);
$t[$tidx]->posts[$pidx]->post_content .= '</div>';
} else {
$t[$tidx]->posts[$pidx]->post_content = '';
}
}
# Is this post to be edited?
if ($spVars['displaymode'] == 'edit' && $spVars['postedit'] == $r->post_id) {
$t[$tidx]->editmode = 1;
$t[$tidx]->editpost_id = $r->post_id;
$t[$tidx]->editpost_content = sp_filter_content_edit($r->post_content);
$t[$tidx]->posts[$pidx]->editmode = 1;
}
# Add edit history
if (!empty($r->post_edit) && is_serialized($r->post_edit)) {
$edits = unserialize($r->post_edit);
$eidx = 0;
foreach ($edits as $e) {
$t[$tidx]->posts[$pidx]->edits[$eidx] = new stdClass();
$t[$tidx]->posts[$pidx]->edits[$eidx]->by = $e['by'];
$t[$tidx]->posts[$pidx]->edits[$eidx]->at = $e['at'];
$eidx++;
}
}
if (!in_array($r->user_id, $u)) {
$u[] = $r->user_id;
}
$t[$tidx]->posts[$pidx] = apply_filters('sph_topicview_post_records', $t[$tidx]->posts[$pidx], $r);
}
# index of post IDs with position in listing
$t[$tidx]->post_keys = $p;
$t[$tidx]->posts[$pidx]->last_post = $lastpage;
$t[$tidx]->posts[$pidx]->last_post_on_page = 1;
# save last post on page id
$t[$tidx]->last_post_id = $r->post_id;
# allow plugins to add more data to combined topic/post data structure
$t[$tidx] = apply_filters('sph_topicview_combined_data', $t[$tidx], $p, $u);
unset($records);
} else {
# check for view forum lists but not topic lists
if (sp_can_view($r->forum_id, 'forum-title')) {
$this->topicViewStatus = 'sneak peek';
}
}
}
return $t;
}
$Rev: 10210 $
*/
if (preg_match('#' . basename(__FILE__) . '#', $_SERVER['PHP_SELF'])) {
die('Access denied - you cannot directly call this file');
}
sp_forum_api_support();
sp_load_editor(0, 1);
global $s0ThisUser;
$postid = sp_esc_int($_GET['post']);
$forumid = sp_esc_int($_GET['forumid']);
if (empty($forumid) || empty($postid)) {
die;
}
if (!sp_get_auth('reply_topics', $forumid)) {
if (!is_user_logged_in()) {
sp_etext('Access denied - are you logged in?');
} else {
sp_etext('Access denied - you do not have permission');
}
die;
}
$post = spdb_table(SFPOSTS, "post_id={$postid}", 'row');
if (!sp_get_auth('view_admin_posts', $forumid) && sp_is_forum_admin($post->user_id)) {
die;
}
if (sp_get_auth('view_own_admin_posts', $forumid) && !sp_is_forum_admin($post->user_id) && !sp_is_forum_mod($post->user_id) && $spThisUser->ID != $post->user_id) {
die;
}
$content = sp_filter_content_edit($post->post_content);
echo $content;
die;
function sp_UsersAlsoViewing($args = '', $messageLabel = '')
{
global $spThisUser, $spVars;
$defs = array('tagClass' => 'spAlsoViewingContainer', 'userHolder' => 'spBrowsingUserHolder', 'browsingClass' => 'spBrowsingTopic', 'messageClass' => 'spBrowsingMessage', 'avatarClass' => 'spAvatar', 'avatarSize' => 30, 'includeAdmins' => 1, 'includeMods' => 1, 'includeMembers' => 0, 'displayToAll' => 0, 'echo' => 1, 'get' => 0);
$a = wp_parse_args($args, $defs);
$a = apply_filters('sph_UsersAlsoViewing_args', $a);
extract($a, EXTR_SKIP);
# sanitize before use
$tagClass = esc_attr($tagClass);
$browsingClass = esc_attr($browsingClass);
$messageClass = esc_attr($messageClass);
$avatarClass = esc_attr($avatarClass);
$avatarSize = (int) $avatarSize;
$includeAdmins = (int) $includeAdmins;
$includeMods = (int) $includeMods;
$includeMembers = (int) $includeMembers;
$displayToAll = (int) $displayToAll;
$echo = (int) $echo;
$get = (int) $get;
# get online user data
$members = sp_get_members_online();
if ($get) {
return $members;
}
$out = '';
$tout = '';
# get member info to check against members browsing topic
if ($members) {
foreach ($members as $user) {
if ($spThisUser->ID != $user->trackuserid) {
if (!empty($spVars['pageview'])) {
if ($spVars['pageview'] == 'topic' && $user->topic_id == $spVars['topicid']) {
# check to see if admin, mod, or user
if ($displayToAll || $spThisUser->admin && $includeAdmins && sp_is_forum_admin($user->trackuserid) || $displayToAll || $spThisUser->admin && $includeMods && sp_is_forum_mod($user->trackuserid) || $displayToAll || $spThisUser->admin && $includeMembers && !sp_is_forum_mod($user->trackuserid != 0)) {
$tout .= "<div class='{$userHolder}'>";
$tout .= sp_UserAvatar("tagClass={$avatarClass}&size={$avatarSize}&link=none&context=user&echo=0", $user->trackuserid);
$tout .= "<span class='{$browsingClass}'>";
$tout .= sp_build_name_display($user->trackuserid, $user->display_name);
$tout .= "</span>";
$tout .= "<br><span> {$messageLabel}</span>";
$tout .= "</div>";
}
}
}
}
}
}
if (!empty($tout)) {
$out = "<div class='{$tagClass}'>";
$out .= $tout;
$out .= "</div>";
}
# finish it up
if ($echo) {
echo $out;
} else {
return $out;
}
}
function sp_PostIndexQuote($args = '', $label = '', $toolTip = '')
{
global $spThisUser, $spThisPost, $spThisPostUser, $spThisTopic, $spGlobals;
# checks for displaying button
if ($spThisTopic->editmode) {
return;
}
if ($spThisPost->post_status != 0 && !$spThisUser->admin) {
return;
}
if (!sp_get_auth('reply_topics', $spThisTopic->forum_id)) {
return;
}
if (($spGlobals['lockdown'] || $spThisTopic->forum_status || $spThisTopic->topic_status) && !$spThisUser->admin) {
return;
}
if (!sp_get_auth('view_admin_posts', $spThisTopic->forum_id) && sp_is_forum_admin($spThisPost->user_id)) {
return;
}
if (sp_get_auth('view_own_admin_posts', $spThisTopic->forum_id) && !sp_is_forum_admin($spThisPost->user_id) && !sp_is_forum_mod($spThisPost->user_id) && $spThisUser->ID != $spThisPost->user_id) {
return;
}
$defs = array('tagId' => 'spPostIndexQuote%ID%', 'tagClass' => 'spButton', 'icon' => 'sp_QuotePost.png', 'iconClass' => 'spIcon', 'echo' => 1);
$a = wp_parse_args($args, $defs);
$a = apply_filters('sph_PostIndexQuote_args', $a);
extract($a, EXTR_SKIP);
# sanitize before use
$tagId = esc_attr($tagId);
$tagClass = esc_attr($tagClass);
$icon = sanitize_file_name($icon);
$iconClass = esc_attr($iconClass);
$toolTip = esc_attr($toolTip);
$echo = (int) $echo;
$tagId = str_ireplace('%ID%', $spThisPost->post_id, $tagId);
$quoteUrl = SFHOMEURL . "index.php?sp_ahah=quote&sfnonce=" . wp_create_nonce('forum-ahah');
if ($spThisPostUser->member) {
$name = $spThisPostUser->display_name;
} else {
$name = $spThisPost->guest_name;
}
$intro = esc_js($name . ' ' . sp_text('said') . ' ');
$out = "<a class='{$tagClass} vtip' id='{$tagId}' title='{$toolTip}' rel='nofollow' href='javascript:void(null)' ";
$out .= 'onclick="spjQuotePost(' . $spThisPost->post_id . ', \'' . $intro . '\', ' . $spThisTopic->forum_id . ', \'' . $quoteUrl . '\');">';
if (!empty($icon)) {
$out .= "<img class='{$iconClass}' src='" . sp_find_icon(SPTHEMEICONSURL, $icon) . "' alt=''/>\n";
}
if (!empty($label)) {
$out .= sp_filter_title_display($label);
}
$out .= "</a>\n";
$out = apply_filters('sph_PostIndexQuote', $out, $a);
if ($echo) {
echo $out;
} else {
return $out;
}
}
