/**
* Returns an array of found directories
*
* This function checks every found directory if they match either $uid or $gid, if they do
* the found directory is valid. It uses recursive function calls to find subdirectories. Due
* to the recursive behauviour this function may consume much memory.
*
* @param string path The path to start searching in
* @param integer uid The uid which must match the found directories
* @param integer gid The gid which must match the found direcotries
* @param array _fileList recursive transport array !for internal use only!
* @return array Array of found valid pathes
*
* @author Martin Burchert <*****@*****.**>
* @author Manuel Bernhardt <*****@*****.**>
*/
function findDirs($path, $uid, $gid)
{
$list = array($path);
$_fileList = array();
while (sizeof($list) > 0) {
$path = array_pop($list);
$path = makeCorrectDir($path);
if (!is_readable($path) || !is_executable($path)) {
//return $_fileList;
// only 'skip' this directory, #611
continue;
}
$dh = opendir($path);
if ($dh === false) {
/*
* this should never be called because we checked
* 'is_readable' before...but we never know what might happen
*/
standard_error('cannotreaddir', $path);
return null;
} else {
while (false !== ($file = @readdir($dh))) {
if ($file == '.' && (fileowner($path . '/' . $file) == $uid || filegroup($path . '/' . $file) == $gid)) {
$_fileList[] = makeCorrectDir($path);
}
if (is_dir($path . '/' . $file) && $file != '..' && $file != '.') {
array_push($list, $path . '/' . $file);
}
}
@closedir($dh);
}
}
return $_fileList;
}
function verify_strike_status($username = '', $supress_error = false)
{
global $vbulletin;
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600));
if (!$vbulletin->options['usestrikesystem']) {
return 0;
}
$strikes = $vbulletin->db->query_first("\n\t\tSELECT COUNT(*) AS strikes, MAX(striketime) AS lasttime\n\t\tFROM " . TABLE_PREFIX . "strikes\n\t\tWHERE strikeip = '" . $vbulletin->db->escape_string(IPADDRESS) . "'\n\t");
if ($strikes['strikes'] >= 5 and $strikes['lasttime'] > TIMENOW - 900) {
//they've got it wrong 5 times or greater for any username at the moment
// the user is still not giving up so lets keep increasing this marker
exec_strike_user($username);
if (!$supress_error) {
eval(standard_error(fetch_error('strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
} else {
return false;
}
} else {
if ($strikes['strikes'] > 5) {
// a bit sneaky but at least it makes the error message look right
$strikes['strikes'] = 5;
}
}
return $strikes['strikes'];
}
/**
* Fetches information about the selected message with permission checks
*
* @param integer The post we want info about
* @param mixed Should a permission check be performed as well
*
* @return array Array of information about the message or prints an error if it doesn't exist / permission problems
*/
function verify_visitormessage($vmid, $alert = true, $perm_check = true)
{
global $vbulletin, $vbphrase;
$messageinfo = fetch_visitormessageinfo($vmid);
if (!$messageinfo) {
if ($alert) {
standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink']));
} else {
return 0;
}
}
if ($perm_check) {
if ($messageinfo['state'] == 'deleted') {
$can_view_deleted = (can_moderate(0, 'canmoderatevisitormessages') or $messageinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile']);
if (!$can_view_deleted) {
standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink']));
}
}
if ($messageinfo['state'] == 'moderation') {
$can_view_moderated = ($messageinfo['postuserid'] == $vbulletin->userinfo['userid'] or $messageinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile'] or can_moderate(0, 'canmoderatevisitormessages'));
if (!$can_view_moderated) {
standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink']));
}
}
// Need coventry support first
// if (in_coventry($userinfo['userid']) AND !can_moderate())
// {
// standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink']));
// }
}
return $messageinfo;
}
/**
* Validates the given string by matching against the pattern, prints an error on failure and exits
*
* @param string $str the string to be tested (user input)
* @param string the $fieldname to be used in error messages
* @param string $pattern the regular expression to be used for testing
* @param string language id for the error
* @return string the clean string
*
* If the default pattern is used and the string does not match, we try to replace the
* 'bad' values and log the action.
*
*/
function validate($str, $fieldname, $pattern = '', $lng = '', $emptydefault = array())
{
global $log;
if (!is_array($emptydefault)) {
$emptydefault_array = array($emptydefault);
unset($emptydefault);
$emptydefault = $emptydefault_array;
unset($emptydefault_array);
}
// Check if the $str is one of the values which represent the default for an 'empty' value
if (is_array($emptydefault) && !empty($emptydefault) && in_array($str, $emptydefault) && isset($emptydefault[0])) {
return $emptydefault[0];
}
if ($pattern == '') {
$pattern = '/^[^\\r\\n\\t\\f\\0]*$/D';
if (!preg_match($pattern, $str)) {
// Allows letters a-z, digits, space (\\040), hyphen (\\-), underscore (\\_) and backslash (\\\\),
// everything else is removed from the string.
$allowed = "/[^a-z0-9\\040\\.\\-\\_\\\\]/i";
preg_replace($allowed, "", $str);
$log->logAction(null, LOG_WARNING, "cleaned bad formatted string (" . $str . ")");
}
}
if (preg_match($pattern, $str)) {
return $str;
}
if ($lng == '') {
$lng = 'stringformaterror';
}
standard_error($lng, $fieldname);
exit;
}
/**
* this functions validates a given value as ErrorDocument
* refs #267
*
* @param string error-document-string
*
* @return string error-document-string
*
*/
function correctErrorDocument($errdoc = null)
{
global $idna_convert;
if ($errdoc !== null && $errdoc != '') {
// not a URL
if (strtoupper(substr($errdoc, 0, 5)) != 'HTTP:' && strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:' || !validateUrl($errdoc)) {
// a file
if (substr($errdoc, 0, 1) != '"') {
$errdoc = makeCorrectFile($errdoc);
// apache needs a starting-slash (starting at the domains-docroot)
if (!substr($errdoc, 0, 1) == '/') {
$errdoc = '/' . $errdoc;
}
} else {
// string won't work for lighty
if (Settings::Get('system.webserver') == 'lighttpd') {
standard_error('stringerrordocumentnotvalidforlighty');
} elseif (substr($errdoc, -1) != '"') {
$errdoc .= '"';
}
}
} else {
if (Settings::Get('system.webserver') == 'lighttpd') {
standard_error('urlerrordocumentnotvalidforlighty');
}
}
}
return $errdoc;
}
/**
* Returns an array of found directories
*
* This function checks every found directory if they match either $uid or $gid, if they do
* the found directory is valid. It uses recursive function calls to find subdirectories. Due
* to the recursive behauviour this function may consume much memory.
*
* @param string path The path to start searching in
* @param integer uid The uid which must match the found directories
* @param integer gid The gid which must match the found direcotries
* @param array _fileList recursive transport array !for internal use only!
* @return array Array of found valid pathes
*
* @author Martin Burchert <*****@*****.**>
* @author Manuel Bernhardt <*****@*****.**>
*/
function findDirs($path, $uid, $gid)
{
$list = array($path);
$_fileList = array();
while (sizeof($list) > 0) {
$path = array_pop($list);
$path = makeCorrectDir($path);
$dh = opendir($path);
if ($dh === false) {
standard_error('cannotreaddir', $path);
return null;
} else {
while (false !== ($file = @readdir($dh))) {
if ($file == '.' && (fileowner($path . '/' . $file) == $uid || filegroup($path . '/' . $file) == $gid)) {
$_fileList[] = makeCorrectDir($path);
}
if (is_dir($path . '/' . $file) && $file != '..' && $file != '.') {
array_push($list, $path . '/' . $file);
}
}
@closedir($dh);
}
}
return $_fileList;
}
public function output()
{
global $vbulletin;
$vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT));
// verify the userid exists, don't want useless entries in our table.
if ($vbulletin->GPC['userid'] and $vbulletin->GPC['userid'] != $vbulletin->userinfo['userid']) {
if (!($userinfo = fetch_userinfo($vbulletin->GPC['userid']))) {
standard_error(fetch_error('invalidid', $vbphrase['user'], $vbulletin->options['contactuslink']));
}
// are we a member of this user's blog?
if (!is_member_of_blog($vbulletin->userinfo, $userinfo)) {
print_no_permission();
}
$userid = $userinfo['userid'];
/* Blog posting check */
if (!($userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) {
print_no_permission();
}
} else {
$userinfo =& $vbulletin->userinfo;
$userid = '';
/* Blog posting check, no guests! */
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) or !($vbulletin->userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !$vbulletin->userinfo['userid']) {
print_no_permission();
}
}
require_once DIR . '/includes/blog_functions_shared.php';
prepare_blog_category_permissions($userinfo, true);
$globalcats = $this->construct_category($userinfo, 'global');
$localcats = $this->construct_category($userinfo, 'local');
return array('globalcategorybits' => $globalcats, 'localcategorybits' => $localcats);
}
function fetch_search_forumids(&$forumchoice, $childforums = 0)
{
global $vbulletin, $display;
// make sure that $forumchoice is an array
if (!is_array($forumchoice)) {
$forumchoice = array($forumchoice);
}
// initialize the $forumids for return by this function
$forumids = array();
foreach ($forumchoice as $forumid) {
// get subscribed forumids
if ($forumid === 'subscribed' and $vbulletin->userinfo['userid'] != 0) {
DEVDEBUG("Querying subscribed forums for " . $vbulletin->userinfo['username']);
$sforums = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT forumid FROM " . TABLE_PREFIX . "subscribeforum\n\t\t\t\tWHERE userid = " . $vbulletin->userinfo['userid']);
if ($vbulletin->db->num_rows($sforums) == 0) {
// no subscribed forums
eval(standard_error(fetch_error('not_subscribed_to_any_forums')));
}
while ($sforum = $vbulletin->db->fetch_array($sforums)) {
$forumids["{$sforum['forumid']}"] .= $sforum['forumid'];
}
unset($sforum);
$vbulletin->db->free_result($sforums);
} else {
$forumid = intval($forumid);
if (isset($vbulletin->forumcache["{$forumid}"]) and $vbulletin->forumcache["{$forumid}"]['link'] == '') {
$forumids["{$forumid}"] = $forumid;
}
}
}
// now if there are any forumids we have to query, work out their child forums
if (empty($forumids)) {
$forumchoice = array();
$display['forums'] = array();
} else {
// set $forumchoice to show the returned forumids
#$forumchoice = implode(',', $forumids);
// put current forumids into the display table
$display['forums'] = $forumids;
// get child forums of selected forums
if ($childforums) {
require_once DIR . '/includes/functions_misc.php';
foreach ($forumids as $forumid) {
$children = fetch_child_forums($forumid, 'ARRAY');
if (!empty($children)) {
foreach ($children as $childid) {
$forumids["{$childid}"] = $childid;
}
}
unset($children);
}
}
}
// return the array of forumids
return $forumids;
}
/**
* Shows the form for inline mod authentication.
*/
function show_inline_mod_login($showerror = false)
{
global $vbulletin, $vbphrase, $show;
$show['inlinemod_form'] = true;
$show['passworderror'] = $showerror;
if (!$showerror) {
$vbulletin->url = SCRIPTPATH;
}
$forumHome = vB_Library::instance('content_channel')->getForumHomeChannel();
eval(standard_error(fetch_error('nopermission_loggedin', $vbulletin->userinfo['username'], vB_Template_Runtime::fetchStyleVar('right'), vB::getCurrentSession()->get('sessionurl'), $vbulletin->userinfo['securitytoken'], vB5_Route::buildUrl($forumHome['routeid'] . 'home|fullurl'))));
}
/**
* Checks whether it is a valid ip
*
* @return mixed ip address on success, standard_error on failure
*/
function validate_ip($ip, $return_bool = false, $lng = 'invalidip')
{
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === FALSE && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === FALSE && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE) === FALSE) {
if ($return_bool) {
return false;
} else {
standard_error($lng, $ip);
exit;
}
} else {
return $ip;
}
}
function getFormOverviewGroupOutput($groupname, $groupdetails)
{
global $lng, $filename, $s, $theme;
$group = '';
$title = $groupdetails['title'];
$part = $groupname;
$activated = true;
$option = '';
if (isset($groupdetails['fields'])) {
foreach ($groupdetails['fields'] as $fieldname => $fielddetails) {
if (isset($fielddetails['overview_option']) && $fielddetails['overview_option'] == true) {
if ($fielddetails['type'] != 'option' && $fielddetails['type'] != 'bool') {
standard_error('overviewsettingoptionisnotavalidfield');
}
if ($fielddetails['type'] == 'option') {
$options_array = $fielddetails['option_options'];
$options = '';
foreach ($options_array as $value => $vtitle) {
$options .= makeoption($vtitle, $value, Settings::Get($fielddetails['settinggroup'] . '.' . $fielddetails['varname']));
}
$option .= $fielddetails['label'] . ': ';
$option .= '<select class="dropdown_noborder" name="' . $fieldname . '">';
$option .= $options;
$option .= '</select>';
$activated = true;
} else {
$option .= $lng['admin']['activated'] . ': ';
$option .= makeyesno($fieldname, '1', '0', Settings::Get($fielddetails['settinggroup'] . '.' . $fielddetails['varname']));
$activated = (int) Settings::Get($fielddetails['settinggroup'] . '.' . $fielddetails['varname']);
}
}
}
}
/**
* this part checks for the 'websrv_avail' entry in the settings
* if found, we check if the current webserver is in the array. If this
* is not the case, we change the setting type to "hidden", #502
*/
$do_show = true;
if (isset($groupdetails['websrv_avail']) && is_array($groupdetails['websrv_avail'])) {
$websrv = Settings::Get('system.webserver');
if (!in_array($websrv, $groupdetails['websrv_avail'])) {
$do_show = false;
$title .= sprintf($lng['serversettings']['option_unavailable_websrv'], implode(", ", $groupdetails['websrv_avail']));
// hack disabled flag into select-box
$option = str_replace('<select class', '<select disabled="disabled" class', $option);
}
}
eval("\$group = \"" . getTemplate("settings/settings_overviewgroup") . "\";");
return $group;
}
/**
* Checks whether it is a valid ip
*
* @return mixed ip address on success, false on failure
*/
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false)
{
if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
return $ip;
}
// special case where localhost ip is allowed (mysql-access-hosts for example)
if ($allow_localhost && $ip == '127.0.0.1') {
return $ip;
}
if ($return_bool) {
return false;
} else {
standard_error($lng, $ip);
exit;
}
}
/**
* Main entry point for the controller.
*
* @return string - The final page output
*/
public function getResponse()
{
// Register the templater to be used for XHTML
vB_View::registerTemplater(vB_View::OT_XHTML, new vB_Templater_vB());
$error = vB_Router::getSegment('error');
// Resolve rerouted error
$error = in_array($error, array('403', '404', '409', '500')) ? $error : '404';
$current_page = $_SERVER['SCRIPT_NAME'] . ($_SERVER['SCRIPT_NAME'] == '' ? '' : '?' . $_SERVER['QUERY_STRING']);
if ('403' == $error) {
define('WOLPATH', '403|cpglobal|403_error|' . new vB_Phrase('wol', 'viewing_no_permission_message'));
vB::$vbulletin->session->set('location', $current_page);
print_no_permission();
} else {
if ('409' == $error) {
$message = ($message = vB_Router::getRerouteMessage()) ? $message : new vB_Phrase('error', 'error_409_description', vB_Router::getInitialURL(), vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']);
define('WOLPATH', '409|wol|' . new vB_Phrase('cpglobal', 'error') . "|{$message}");
vB::$vbulletin->session->set('location', $current_page);
standard_error($message);
} else {
if ('500' == $error) {
$message = new vB_Phrase('error', 'error_500_description', vB_Router::getInitialURL(), vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']);
define('WOLPATH', '500|wol|' . new vB_Phrase('cpglobal', 'error') . "|{$message}");
vB::$vbulletin->session->set('location', $current_page);
standard_error($message);
} else {
$message = new vB_Phrase('error', 'error_404_description', vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']);
define('WOLPATH', '404|wol|' . new vB_Phrase('cpglobal', 'error') . "|{$message}");
vB::$vbulletin->session->set('location', $current_page);
}
}
}
// Create the page view
$page_view = new vB_View_Page('page');
$title = new vB_Phrase('error', 'error_404');
$page_view->setPageTitle($title);
// Create the body view
$error_view = new vB_View('error_message');
$subtitle = $title != ($subtitle = vB_Router::getRerouteMessage()) ? $subtitle : false;
$error_view->title = $title;
$error_view->subtitle = $subtitle;
$error_view->message = new vB_Phrase('error', 'error_404_description', vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']);
$page_view->setBodyView($error_view);
// Add general page info
$page_view->setPageTitle($title);
return $page_view->render();
}
function kbank_print_stop_message()
{
global $vbulletin;
$args = func_get_args();
if (VB_AREA == 'AdminCP') {
//back-end
call_user_func_array('print_stop_message', $args);
} else {
//font-end
$message = call_user_func_array('fetch_error', $args);
if (defined('CP_REDIRECT')) {
$vbulletin->url = CP_REDIRECT;
eval(print_standard_redirect($message, false, true));
} else {
eval(standard_error($message));
}
}
}
function doAction($action)
{
global $kbank, $vbulletin, $bbuserinfo, $permissions, $KBANK_HOOK_NAME;
if ($action == 'enable') {
$item = $this->data;
eval('$tmp = "' . fetch_template('kbank_template_announce_enable') . '";');
eval(standard_error($tmp));
}
if ($action == 'do_enable') {
if ($this->ready2Enable()) {
$vbulletin->input->clean_array_gpc('r', array('url' => TYPE_NOHTML, 'text' => TYPE_NOHTML));
if (strlen($vbulletin->GPC['text']) > $this->itemtypedata['options']['text_max']) {
$vbulletin->GPC['text'] = substr($vbulletin->GPC['text'], 0, $this->itemtypedata['options']['text_max']) . '..';
}
$url_cutoff = array('javascript:', 'ftp://');
$vbulletin->GPC['url'] = str_replace($url_cutoff, '', $vbulletin->GPC['url']);
if (substr($vbulletin->GPC['url'], 0, 7) != 'http://') {
$vbulletin->GPC['url'] = 'http://' . $vbulletin->GPC['url'];
}
$item_new = array('status' => KBANK_ITEM_ENABLED, 'expire_time' => iif(!$this->data['options']['enabled'], iif($this->data['options']['duration'] > 0, TIMENOW + $this->data['options']['duration'] * 24 * 60 * 60, -1), $this->data['expire_time']), 'options' => serialize(array('url' => $vbulletin->GPC['url'], 'text' => $vbulletin->GPC['text'], 'enabled' => 1)));
$vbulletin->db->query_write(fetch_query_sql($item_new, 'kbank_items', "WHERE itemid = {$this->data['itemid']}"));
//Update datastore
updateAnnounceCache();
}
}
if ($this->data['status'] == KBANK_ITEM_ENABLED and ($action == 'sell' or $action == 'gift')) {
//Update datastore
updateAnnounceCache();
}
if ($action == 'disable') {
if ($this->ready2Disable()) {
$item_new = array('status' => KBANK_ITEM_AVAILABLE);
$vbulletin->db->query_write(fetch_query_sql($item_new, 'kbank_items', "WHERE itemid = {$this->data[itemid]}"));
//Update datastore
updateAnnounceCache();
}
}
if ($action == 'work_real' && $KBANK_HOOK_NAME == KBANK_GLOBAL_START) {
global $kbank_announces;
$kbank_announces[] = array('url' => $this->data['options']['url'], 'text' => $vbulletin->kbankBBCodeParser->parse_bbcode($this->data['options']['text'], true), 'owner' => getUsername($this->data));
}
return parent::doAction($action);
}
/**
* This file is part of the Froxlor project.
* Copyright (c) 2016 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <*****@*****.**> (2016-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Functions
*
*/
function getAllowedDomainEntry($domain_id, $area = 'customer', $userinfo, &$idna_convert)
{
$dom_data = array('did' => $domain_id);
$where_clause = '';
if ($area == 'admin') {
if ($userinfo['domains_see_all'] != '1') {
$where_clause = '`adminid` = :uid AND ';
$dom_data['uid'] = $userinfo['userid'];
}
} else {
$where_clause = '`customerid` = :uid AND ';
$dom_data['uid'] = $userinfo['userid'];
}
$dom_stmt = Database::prepare("\n\t\tSELECT domain, isbinddomain\n\t\tFROM `" . TABLE_PANEL_DOMAINS . "`\n\t\tWHERE " . $where_clause . " id = :did\n\t");
$domain = Database::pexecute_first($dom_stmt, $dom_data);
if ($domain) {
if ($domain['isbinddomain'] != '1') {
standard_error('dns_domain_nodns');
}
return $idna_convert->decode($domain['domain']);
}
standard_error('dns_notfoundorallowed');
}
$effective_css = $usercss->build_css($usercss->fetch_effective());
$effective_css = str_replace('/*sessionurl*/', $vbulletin->session->vars['sessionurl_js'], $effective_css);
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('preview');
$xml->add_tag('css', process_replacement_vars($effective_css));
$xml->close_group();
$xml->print_xml();
}
if (empty($usercss->error) and empty($usercss->invalid)) {
$usercss->save();
$vbulletin->url = "profile.php?" . $vbulletin->session->vars['sessionurl'] . "do=customize";
eval(print_standard_redirect('usercss_saved'));
} else {
if (!empty($usercss->error)) {
standard_error(implode("<br />", $usercss->error));
} else {
// have invalid, no errors
$_REQUEST['do'] = 'customize';
define('HAVE_ERRORS', true);
}
}
}
// #######################################################################
if ($_REQUEST['do'] == 'customize') {
$cssdisplayinfo = $usercss->build_display_array();
$errors = '';
// if we don't have errors, the displayed values are the existing ones
// otherwise, use the form submission
if (!defined('HAVE_ERRORS')) {
$selectors_saved = $usercss->existing;
$templater->register('forminfo', $forminfo);
$templater->register('navbar', $navbar);
$templater->register('url', $url);
$templater->register('usernamecode', $usernamecode);
print_output($templater->render());
}
if ($_POST['do'] == 'sendemail')
{
$vbulletin->input->clean_array_gpc('p', array(
'reason' => TYPE_STR,
));
if ($vbulletin->GPC['reason'] == '')
{
eval(standard_error(fetch_error('noreason')));
}
if ($perform_floodcheck)
{
$reportobj->perform_floodcheck_commit();
}
$reportobj->do_report($vbulletin->GPC['reason'], $messageinfo);
$url =& $vbulletin->url;
eval(print_standard_redirect('redirect_reportthanks'));
}
}
$speciallogwarning = sprintf($lng['admin']['speciallogwarning'], $lng['admin']['delete_statistics']);
eval("echo \"" . getTemplate("domains/domains_edit") . "\";");
}
}
} elseif ($action == 'import') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$customerid = intval($_POST['customerid']);
$separator = validate($_POST['separator'], 'separator');
$offset = (int) validate($_POST['offset'], 'offset', "/[0-9]/i");
$file_name = $_FILES['file']['tmp_name'];
$result = array();
try {
$bulk = new DomainBulkAction($file_name, $customerid);
$result = $bulk->doImport($separator, $offset);
} catch (Exception $e) {
standard_error('domain_import_error', $e->getMessage());
}
// @FIXME find a way to display $result['notice'] here somehow,
// as it might be important if you've reached your maximum allocation of domains
// update customer/admin counters
updateCounters(false);
$result_str = $result['imported'] . ' / ' . $result['all'];
standard_success('domain_import_successfully', $result_str, array('filename' => $filename, 'action' => '', 'page' => 'domains'));
} else {
$customers = makeoption($lng['panel']['please_choose'], 0, 0, true);
$result_customers_stmt = Database::prepare("\n\t\t\t\tSELECT `customerid`, `loginname`, `name`, `firstname`, `company`\n\t\t\t\tFROM `" . TABLE_PANEL_CUSTOMERS . "` " . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = '" . (int) $userinfo['adminid'] . "' ") . " ORDER BY `name` ASC");
$params = array();
if ($userinfo['customers_see_all'] == '0') {
$params['adminid'] = $userinfo['adminid'];
}
Database::pexecute($result_customers_stmt, $params);
($hook = vBulletinHook::fetch_hook('group_inlinemod_dodelete')) ? eval($hook) : false;
eval(print_standard_redirect('redirect_inline_deletedmessages', true, $forceredirect));
}
if ($_POST['do'] == 'inlineundelete') {
if (!can_moderate(0, 'candeletegroupmessages')) {
standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_messages'));
}
// Validate Messages
$messages = $db->query_read_slave("\n\t\tSELECT gm.gmid, gm.state, gm.groupid, gm.dateline, gm.postuserid, gm.postusername,\n\t\t\tsocialgroup.name AS group_name, socialgroup.creatoruserid\n\t\tFROM " . TABLE_PREFIX . "groupmessage AS gm\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON (socialgroup.groupid = gm.groupid)\n\t\tWHERE gmid IN ({$messageids})\n\t\t\tAND state = 'deleted'\n\t");
while ($message = $db->fetch_array($messages)) {
$message['is_group_owner'] = $message['creatoruserid'] == $vbulletin->userinfo['userid'];
$messagearray["{$message['gmid']}"] = $message;
$grouplist["{$message['groupid']}"] = true;
}
if (empty($messagearray)) {
standard_error(fetch_error('you_did_not_select_any_valid_messages'));
}
$db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "deletionlog\n\t\tWHERE type = 'groupmessage' AND\n\t\t\tprimaryid IN(" . implode(',', array_keys($messagearray)) . ")\n\t");
$db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "groupmessage\n\t\tSET state = 'visible'\n\t\tWHERE gmid IN(" . implode(',', array_keys($messagearray)) . ")\n\t");
foreach ($grouplist as $groupid => $foo) {
build_group_counters($groupid);
}
foreach ($messagearray as $message) {
if (!$message['is_group_owner']) {
log_moderator_action($message, 'gm_by_x_for_y_undeleted', array($message['postusername'], $message['group_name']));
}
}
// empty cookie
setcookie('vbulletin_inlinegmessage', '', TIMENOW - 3600, '/');
($hook = vBulletinHook::fetch_hook('group_inlinemod_undelete')) ? eval($hook) : false;
eval(print_standard_redirect('redirect_inline_undeletedmessages', true, $forceredirect));
/**
* Shows an error message and halts execution - use this in the same way as print_stop_message();
*
* @param string Phrase name for error message
*/
function error($errorphrase)
{
$args = func_get_args();
if (is_array($errorphrase)) {
$error = fetch_error($errorphrase);
} else {
$error = call_user_func_array('fetch_error', $args);
}
$this->errors[] = $error;
if ($this->failure_callback and is_callable($this->failure_callback)) {
call_user_func_array($this->failure_callback, array(&$this, $errorphrase));
}
switch ($this->error_handler) {
case ERRTYPE_ARRAY:
case ERRTYPE_SILENT:
// do nothing
break;
case ERRTYPE_STANDARD:
eval(standard_error($error));
break;
case ERRTYPE_CP:
print_cp_message($error);
break;
}
}
$zip->close();
// success - remove unused archive
@unlink($localArchive);
} else {
// error
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 8));
}
// redirect to update-page?
redirectTo('admin_updates.php', array('s' => $s));
}
if (!file_exists($localArchive)) {
redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 7));
}
$text = 'Extract downloaded archive "' . $toExtract . '"?';
$hiddenparams = '';
$yesfile = $filename . '?s=' . $s . '&page=extract&archive=' . $toExtract;
eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
} elseif ($page == 'error') {
// retreive error-number via url-parameter
$errno = isset($_GET['errno']) ? (int) $_GET['errno'] : 0;
// 1 = no allow_url_fopen
// 2 = no Zlib
// 3 = custom version detected
// 4 = could not store archive to local hdd
// 5 = some weird value came from version.froxlor.org
// 6 = download without valid version
// 7 = local archive does not exist
// 8 = could not extract archive
// 9 = md5 mismatch
standard_error('autoupdate_' . $errno);
}
}
$navbits['calendar.php?' . $vbulletin->session->vars['sessionurl'] . "do=viewreminder"] = $vbphrase['event_reminders'];
$navbits[''] = $vbphrase['add_reminder'];
$navbits = construct_navbits($navbits);
require_once DIR . '/includes/functions_user.php';
construct_usercp_nav('event_reminders');
$navbar = render_navbar_template($navbits);
($hook = vBulletinHook::fetch_hook('calendar_addreminder')) ? eval($hook) : false;
$url =& $vbulletin->url;
$templater = vB_Template::create('calendar_reminder_choosetype');
$templater->register('eventinfo', $eventinfo);
$templater->register('url', $url);
$HTML = $templater->render();
$templater = vB_Template::create('USERCP_SHELL');
$templater->register_page_templates();
$templater->register('cpnav', $cpnav);
$templater->register('HTML', $HTML);
$templater->register('navbar', $navbar);
$templater->register('navclass', $navclass);
$templater->register('onload', $onload);
$templater->register('pagetitle', $pagetitle);
$templater->register('template_hook', $template_hook);
print_output($templater->render());
}
eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink'])));
/*======================================================================*\
|| ####################################################################
|| # Downloaded: 03:13, Sat Sep 7th 2013
|| # CVS: $RCSfile$ - $Revision: 63836 $
|| ####################################################################
\*======================================================================*/
while ($attachment = $db->fetch_array($attachs)) {
// hide users in Coventry
$ast = '';
if (in_coventry($attachment['userid']) and !can_moderate($threadinfo['forumid'])) {
continue;
}
$attachment['filename'] = fetch_censored_text(htmlspecialchars_uni($attachment['filename']));
$attachment['attachmentextension'] = strtolower(file_extension($attachment['filename']));
$attachment['filesize'] = vb_number_format($attachment['filesize'], 1, true);
exec_switch_bg();
eval('$attachments .= "' . fetch_template('attachmentbit') . '";');
}
($hook = vBulletinHook::fetch_hook('misc_showattachments_complete')) ? eval($hook) : false;
eval('print_output("' . fetch_template('ATTACHMENTS') . '");');
} else {
eval(standard_error(fetch_error('noattachments')));
}
}
// ############################### start show avatars ###############################
if ($_REQUEST['do'] == 'showavatars') {
$vbulletin->input->clean_array_gpc('r', array('pagenumber' => TYPE_UINT));
($hook = vBulletinHook::fetch_hook('misc_avatars_start')) ? eval($hook) : false;
$perpage = $vbulletin->options['numavatarsperpage'];
$totalavatars = $db->query_first_slave("\n\t\tSELECT COUNT(*) AS count\n\t\tFROM " . TABLE_PREFIX . "avatar AS avatar\n\t\tLEFT JOIN " . TABLE_PREFIX . "imagecategorypermission AS perm ON (perm.imagecategoryid=avatar.imagecategoryid AND perm.usergroupid=" . $vbulletin->userinfo['usergroupid'] . ")\n\t\tWHERE ISNULL(perm.imagecategoryid)\n\t");
$totalavatars = intval($totalavatars['count']);
sanitize_pageresults($totalavatars, $vbulletin->GPC['pagenumber'], $perpage, 100, 25);
$startat = ($vbulletin->GPC['pagenumber'] - 1) * $perpage;
$first = $startat + 1;
$last = $startat + $perpage;
if ($last > $totalavatars) {
$last = $totalavatars;
/**
* For registration without existing account, create a new vb user
* If a user is successfully created, her userid is written to $userid
*/
private function createUser($data, &$userid)
{
global $vbulletin;
$moderated = $vbulletin->options['moderatenewmembers'];
$languageid = $vbulletin->userinfo['languageid'];
$require_activation = $vbulletin->options['verifyemail'] && $data['default_email'] != $data['coded_email'];
// Create a vB user with default permissions -- code from register.php
if (!$vbulletin->options['allowregistration']) {
eval(standard_error(fetch_error('noregister')));
}
// Init user datamanager class
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdata->set_info('coppauser', false);
$userdata->set_info('coppapassword', '');
$userdata->set_bitfield('options', 'coppauser', '');
$userdata->set('username', $data['username']);
$userdata->set('password', md5($this->genPasswd()));
$userdata->set('email', $data['email']);
$userdata->set('languageid', $languageid);
$userdata->set('ipaddress', IPADDRESS);
// UserGroupId: Registered Users (2) or Users Awaiting Email Confirmation (3)
$userdata->set('usergroupid', $require_activation ? 3 : 2);
$userdata->set_usertitle('', false, $vbulletin->usergroupcache["{$newusergroupid}"], false, false);
$userdata->presave_called = true;
// If any error happened, we abort and return the error message(s)
if ($userdata->has_errors(false)) {
// $die := false
return join('</li><li>', $userdata->errors);
}
// Save the data
$userid = $userdata->save();
// Did we get a valid vb userid?
if (!$userid) {
return 'vbnexus_registration_failed';
}
// If the user changed the email given by the external service, we follow
// the regular steps for email activation
if ($require_activation) {
// Email phrase 'activateaccount' expects vars called $userid, $username
// and $activateid to be defined and meaningfull
$username = $data['username'];
$activateid = build_user_activation_id($userid, $moderated ? 4 : 2, 0);
eval(fetch_email_phrases('activateaccount', $languageid));
// After eval'ing activateaccount we have vars $subject and $message set
vbmail($data['email'], $subject, $message, true);
}
// Force a new session to prevent potential issues with guests from the same IP, see bug #2459
$vbulletin->session->created = false;
return true;
}
// get special phrase groups
$phrasegroups = array('wol');
// get special data templates from the datastore
$specialtemplates = array('maxloggedin', 'wol_spiders');
// pre-cache templates used by all actions
$globaltemplates = array('forumdisplay_sortarrow', 'im_aim', 'im_icq', 'im_msn', 'im_yahoo', 'im_skype', 'WHOSONLINE', 'whosonlinebit');
// pre-cache templates used by specific actions
$actiontemplates = array('resolveip' => array('whosonline_resolveip'));
// ######################### REQUIRE BACK-END ############################
require_once './global.php';
require_once DIR . '/includes/functions_online.php';
// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################
if (!$vbulletin->options['WOLenable']) {
eval(standard_error(fetch_error('whosonlinedisabled')));
}
if (!($permissions['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonline'])) {
print_no_permission();
}
// #######################################################################
// resolve an IP in Who's Online (this uses the WOL permissions)
if ($_REQUEST['do'] == 'resolveip') {
$vbulletin->input->clean_array_gpc('r', array('ipaddress' => TYPE_NOHTML, 'ajax' => TYPE_BOOL));
// can we actually resolve this?
if (!($permissions['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlineip'])) {
print_no_permission();
}
$resolved_host = htmlspecialchars_uni(@gethostbyaddr($vbulletin->GPC['ipaddress']));
$ipaddress =& $vbulletin->GPC['ipaddress'];
// no html'd already
function goto_nextthread($threadid, $throwerror = true)
{
global $vbulletin;
$thread = verify_id('thread', $threadid, $throwerror, 1);
$forumperms = fetch_permissions($thread['forumid']);
// remove threads from users on the global ignore list if user is not a moderator
if ($coventry = fetch_coventry('string') and !can_moderate($thread['forumid'])) {
$globalignore = "AND postuserid NOT IN ({$coventry})";
} else {
$globalignore = '';
}
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers'])) {
$limitothers = "AND postuserid = " . $vbulletin->userinfo['userid'] . " AND " . $vbulletin->userinfo['userid'] . " <> 0";
} else {
$limitothers = '';
}
if ($vbulletin->userinfo['userid'] and in_coventry($vbulletin->userinfo['userid'], true)) {
$lastpost_info = ",IF(tachythreadpost.userid IS NULL, thread.lastpost, tachythreadpost.lastpost) AS lastpost";
$tachyjoin = "LEFT JOIN " . TABLE_PREFIX . "tachythreadpost AS tachythreadpost ON " . "(tachythreadpost.threadid = thread.threadid AND tachythreadpost.userid = " . $vbulletin->userinfo['userid'] . ')';
$lastpost_having = "HAVING lastpost > {$thread['lastpost']}";
} else {
$lastpost_info = "";
$tachyjoin = "";
$lastpost_having = "AND lastpost > {$thread['lastpost']}";
}
if ($getnextnewest = $vbulletin->db->query_first_slave("\n\t\tSELECT thread.threadid, thread.title\n\t\t\t{$lastpost_info}\n\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\t{$tachyjoin}\n\t\tWHERE forumid = {$thread['forumid']}\n\t\t\tAND visible = 1\n\t\t\tAND open <> 10\n\t\t\t{$globalignore}\n\t\t\t{$limitothers}\n\t\t{$lastpost_having}\n\t\tORDER BY lastpost\n\t\tLIMIT 1\n\t")) {
$threadid = $getnextnewest['threadid'];
unset($thread);
} else {
if ($throwerror) {
eval(standard_error(fetch_error('nonextnewest')));
}
}
return $getnextnewest;
}
$smilieson = iif($vbulletin->options['privallowsmilies'], $vbphrase['on'], $vbphrase['off']);
// only show posting code allowances in forum rules template
$show['codeonly'] = true;
eval('$forumrules = "' . fetch_template('forumrules') . '";');
$templatename = 'pm_newpm';
}
// ############################### start show pm ###############################
// show a private message
if ($_REQUEST['do'] == 'showpm') {
require_once DIR . '/includes/class_postbit.php';
require_once DIR . '/includes/functions_bigthree.php';
$vbulletin->input->clean_gpc('r', 'pmid', TYPE_UINT);
($hook = vBulletinHook::fetch_hook('private_showpm_start')) ? eval($hook) : false;
$pm = $db->query_first_slave("\n\t\tSELECT\n\t\t\tpm.*, pmtext.*,\n\t\t\t" . iif($vbulletin->options['privallowicons'], "icon.title AS icontitle, icon.iconpath,") . "\n\t\t\tIF(ISNULL(pmreceipt.pmid), 0, 1) AS receipt, pmreceipt.readtime, pmreceipt.denied,\n\t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight\n\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t" . iif($vbulletin->options['privallowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = pmtext.iconid)") . "\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmreceipt AS pmreceipt ON(pmreceipt.pmid = pm.pmid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = pmtext.fromuserid)\n\t\tWHERE pm.userid=" . $vbulletin->userinfo['userid'] . " AND pm.pmid=" . $vbulletin->GPC['pmid'] . "\n\t");
if (!$pm) {
eval(standard_error(fetch_error('invalidid', $vbphrase['private_message'], $vbulletin->options['contactuslink'])));
}
$folderjump = construct_folder_jump(0, $pm['folderid']);
// do read receipt
$show['receiptprompt'] = $show['receiptpopup'] = false;
if ($pm['receipt'] == 1 and $pm['readtime'] == 0 and $pm['denied'] == 0) {
if ($permissions['pmpermissions'] & $vbulletin->bf_ugp_pmpermissions['candenypmreceipts']) {
// set it to denied just now as some people might have ad blocking that stops the popup appearing
$show['receiptprompt'] = $show['receiptpopup'] = true;
$receipt_question_js = addslashes_js(construct_phrase($vbphrase['x_has_requested_a_read_receipt'], unhtmlspecialchars($pm['fromusername'])), '"');
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET denied = 1 WHERE pmid = {$pm['pmid']}");
} else {
// they can't deny pm receipts so do not show a popup or prompt
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET readtime = " . TIMENOW . " WHERE pmid = {$pm['pmid']}");
}
} else {
eval(standard_error(fetch_error('invalidid', $vbphrase['forum'], $vbulletin->options['contactuslink'])));
}
if (can_administer('canadminthreads')) {
exec_header_redirect($vbulletin->config['Misc']['admincpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=move'));
} else {
if (can_moderate($foruminfo['forumid'], 'canmassmove')) {
exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=move'));
} else {
print_no_permission();
}
}
}
// #############################################################################
if ($_REQUEST['do'] == 'prune') {
if (!$foruminfo['forumid']) {
eval(standard_error(fetch_error('invalidid', $vbphrase['forum'], $vbulletin->options['contactuslink'])));
}
if (can_administer('canadminthreads')) {
exec_header_redirect($vbulletin->config['Misc']['admincpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=prune'));
} else {
if (can_moderate($forumid, 'canmassprune')) {
exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=prune'));
} else {
print_no_permission();
}
}
}
// #############################################################################
if ($_REQUEST['do'] == 'modposts') {
if (can_moderate(0, 'canmoderateposts')) {
exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('moderate.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=posts'));
}
}
eval('$infractionbits .= "' . fetch_template('userinfractionbit') . '";');
}
}
if ($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cangivearbinfraction']) {
$checked_inf = (!$vbulletin->GPC['infractionlevelid'] and !empty($vbulletin->GPC['period']) or empty($infractionbits)) ? 'checked="checked"' : '';
$show['custominfraction'] = true;
}
if (!empty($banlist) and ($show['custominfraction'] or $infractionban or $pointsban)) {
$show['banreason'] = true;
} else {
$show['banreason'] = false;
}
if (empty($infractionbits) and !($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cangivearbinfraction'])) {
eval(standard_error(fetch_error('there_are_no_infraction_levels')));
}
// draw nav bar
$navbits = array();
if ($postinfo['postid']) {
$parentlist = array_reverse(explode(',', $foruminfo['parentlist']));
foreach ($parentlist as $forumID) {
$forumTitle = $vbulletin->forumcache["{$forumID}"]['title'];
$navbits['forumdisplay.php?' . $vbulletin->session->vars['sessionurl'] . "f={$forumID}"] = $forumTitle;
}
$navbits['showthread.php?' . $vbulletin->session->vars['sessionurl'] . "p={$postid}"] = $threadinfo['prefix_plain_html'] . ' ' . $threadinfo['title'];
}
$navbits[''] = construct_phrase($vbphrase['user_infraction_for_x'], $userinfo['username']);
$navbits = construct_navbits($navbits);
require_once DIR . '/includes/functions_editor.php';
$textareacols = fetch_textarea_width();