public function Execute(Template $template, Session $session, $request) { $template = CreateAncestors($template, $template['L_ADMINPANEL']); if ($session['user'] instanceof Member && $session['user']['perms'] & ADMIN) { $parser = new BBParser($this->dba->Quote($request['rank'])); $rank = $parser->Execute(); $rank_to = intval($request['rank_to']); switch ($rank_to) { case '1': if ($this->dba->Query("SELECT * FROM " . GROUPS . " WHERE id = " . intval($request['group_id']))->NumRows() == 1) { $col = "group_id"; $val = intval($request['group_id']); } else { return new Error($template['L_GROUPDOESNTEXIST'], $template); } break; case '2': if ($user = $this->dba->GetRow("SELECT * FROM " . USERS . " WHERE name = '" . $this->dba->Quote($request['name']) . "'")) { $col = "user_id"; $val = intval($user['id']); } else { return new Error($template['L_USERDOESNTEXIST'], $template); } break; case '3': $col = "banned"; $val = 1; break; } if (!$this->update) { if ($this->dba->Query("INSERT INTO " . RANKS . " ({$col}, rank) VALUES ({$val}, '{$rank}');")) { return new Error($template['L_RANKADDED'] . '<meta http-equiv="refresh" content="2; url=admin.php?act=ranks">', $template); } } else { $id = intval($request['id']); if ($this->dba->Query("UPDATE " . RANKS . " SET user_id = 0, group_id = 0, banned = 0 WHERE id = {$id}") && $this->dba->Query("UPDATE " . RANKS . " SET {$col} = {$val}, rank = '{$rank}' WHERE id = {$id}")) { return new Error($template['L_RANKUPDATED'] . '<meta http-equiv="refresh" content="2; url=admin.php?act=ranks">', $template); } } } return TRUE; }
function AddFaq($category, $question, $answer, $db_handle) { $question = $db_handle->Quote($question); $parser = new BBParser($answer, FALSE, FALSE, TRUE, array('allowbbcode' => 1, 'allowsmilies' => 1)); $answer = $db_handle->Quote($parser->Execute()); $db_handle->Query("INSERT INTO " . FAQ . " (parent_id, question, answer) VALUES ({$category}, '{$question}', '{$answer}')") or exit("Could not execute the following query: <br /><br />INSERT INTO " . FAQ . " (parent_id, question, answer) VALUES ({$category}, '{$question}', '{$answer}')"); }
public function Execute(Template $template, Session $session, $request) { /* Can we pm? */ if ($template['enablepms'] == 1) { /* Create the ancestors bar (if we run into any trouble */ $template = CreateAncestors($template, $template['L_SAVEMESSAGE']); /* Open a connection to the database */ $this->dba = DBA::Open(); /* Parse the Message */ $request['message'] = substr($request['message'], 0, $template['pmmaxchars']); $parser = new BBParser($request['message'], FALSE, TRUE, TRUE, array('allowbbcode' => $template['privallowbbcode'], 'allowsmilies' => $template['privallowsmilies'])); $request['message'] = $parser->Execute(); /* Quote all of the REQUEST variables */ foreach ($request as $key => $val) { $request[$key] = $this->dba->Quote($val); } /* Set the post icon */ if (isset($request['posticon']) && intval($request['posticon']) != 0 && $request['posticon'] != '-1' && $template['privallowicons'] == 1) { try { $posticon = $this->dba->GetValue("SELECT image FROM " . POSTICONS . " WHERE id = " . intval($request['posticon'])); } catch (DBA_Exception $e) { $posticon = 'clear.gif'; } } else { $posticon = 'clear.gif'; } /* Get the message which will be to the left of this one */ $before = $this->dba->GetRow("SELECT * FROM " . PMSGS . " ORDER BY row_right DESC LIMIT 1"); /* Get the number of pms on the same level as this one */ if ($this->getNumOnLevel() > 0) { $left = $before['row_right'] + 1; } else { $left = 1; } /* Set the right value */ $right = $left + 1; /* Timestamp */ $time = time(); try { /* Make room for the pm in the pms table by updating the right values */ @$this->dba->Query("UPDATE " . PMSGS . " SET row_right = row_right+2 WHERE row_left < {$left} AND row_right >= {$left}"); // Good /* Keep updating the pms table by changing all of the necessary left AND right values */ @$this->dba->Query("UPDATE " . PMSGS . " SET row_left = row_left+2, row_right=row_right+2 WHERE row_left >= {$left}"); // Good /* Finally insert our thread into the Posts table */ @$this->dba->Query("INSERT INTO " . PMSGS . " (row_left, row_right, name, body_text, created, poster_name, poster_id, member_id, member_name, icon) VALUES ({$left}, {$right}, '" . $request['name'] . "', '" . $request['message'] . "', " . $time . ", '', 0, 0, '', '{$posticon}')"); } catch (DBA_Exception $e) { return new TplException($e, $template); } /* If we've gotten to this point, reload the page to our recently added thread :) */ return new Error($template['L_SENTPMESSAGE'] . '<meta http-equiv="refresh" content="2; url=admin.php?act=globalpm">', $template); } else { return new Error($template['L_FEATUREDENIED'], $template); } /* Set the number of queries */ $template['num_queries'] = $session->dba->num_queries; return TRUE; }
public function Execute(Template $template, Session $session, $request) { if ($session['user'] instanceof Member && $session['user']['perms'] & ADMIN) { if (!isset($request['parent_id']) || !@$request['parent_id']) { return new Error(sprintf($template['L_REQUIREDFIELDSSF'], $template['L_CATEGORY']), $template); } if (!isset($request['question']) || !@$request['question']) { return new Error(sprintf($template['L_REQUIREDFIELDSSF'], $template['L_QUESTION']), $template); } if (!isset($request['question']) || !@$request['message']) { return new Error(sprintf($template['L_REQUIREDFIELDSSF'], $template['L_ANSWER']), $template); } $dba = DBA::Open(); $parent_id = intval($request['parent_id']); $question = $dba->Quote($request['question']); $parser = new BBParser($request['message']); $answer = $dba->Quote($parser->Execute()); if (intval($request['add']) == 1) { if ($dba->Query("INSERT INTO " . FAQ . " (parent_id, question, answer) VALUES ({$parent_id}, '{$question}', '{$answer}')")) { header("Location: admin.php?act=faq"); } } else { $id = intval($request['id']); if ($dba->Query("UPDATE " . FAQ . " SET parent_id = {$parent_id}, question = '{$question}', answer = '{$answer}' WHERE id = {$id}")) { header("Location: admin.php?act=faq"); } } } }
public function Execute(Template $template, Session $session, $request) { /* Can we pm? */ if ($template['enablepms'] == 1) { /* Create the ancestors bar (if we run into any trouble */ $template = CreateAncestors($template, $template['L_SAVEMESSAGE']); /* Open a connection to the database */ $this->dba = DBA::Open(); /* Set the a variable to this user's permissions and id */ $user_perms = isset($session['user']['perms']) ? $session['user']['perms'] : ALL; $user_id = $session['user']['id']; /* Parse the Message */ $request['message'] = substr($request['message'], 0, $template['pmmaxchars']); $parser = new BBParser($request['message'], FALSE, TRUE, TRUE, array('allowbbcode' => $template['privallowbbcode'], 'allowsmilies' => $template['privallowsmilies'])); $request['message'] = $parser->Execute(); /* Quote all of the REQUEST variables */ foreach ($request as $key => $val) { $request[$key] = $this->dba->Quote($val); } /* Set the post icon */ if (isset($request['posticon']) && intval($request['posticon']) != 0 && $request['posticon'] != '-1' && $template['privallowicons'] == 1) { try { $posticon = $this->dba->GetValue("SELECT image FROM " . POSTICONS . " WHERE id = " . intval($request['posticon'])); } catch (DBA_Exception $e) { $posticon = 'clear.gif'; } } else { $posticon = 'clear.gif'; } try { /* Get the message which we are replying to */ $before = $this->dba->GetRow("SELECT * FROM " . PMSGS . " WHERE id = " . intval($request['msg_id'])); /* Get the TOP message that is being replies to */ $top = $this->dba->GetRow("SELECT * FROM " . PMSGS . " WHERE row_left >= " . $before['row_left'] . " AND row_right <= " . $before['row_right'] . " ORDER BY row_left ASC LIMIT 1"); } catch (DBA_Exception $e) { return new TplException($e, $template); } /* Get the number of replies on the same level as this */ if ($this->getNumOnLevel($before['id']) > 0) { $left = $before['row_right']; } else { $left = $before['row_left'] + 1; } /* Set the level and right value */ $right = $left + 1; $level = $before['id'] == $top['id'] ? 1 : $before['level'] + 1; /* Timestamp */ $time = time(); $user_to = $this->dba->GetRow("SELECT * FROM " . USERS . " WHERE name = '" . $before['poster_name'] . "'"); if (!empty($user_to) && isset($user_to['id'])) { $user_num_pms = $this->dba->GetValue("SELECT COUNT(*) FROM " . PMSGS . " WHERE (poster_id = " . $user_to['id'] . " AND saved = 1) OR (member_id = " . $user_to['id'] . ")"); $queued = $user_num_pms >= $template['pmquota'] ? 1 : 0; $errors = ''; try { /* Check if we're not on the recievers black list */ if ($this->dba->Query("SELECT * FROM " . PMSG_LIST . " WHERE member_list_id = " . $user_to['id'] . " AND user_id = " . $session['user']['id'] . " AND user_liked = 0")->NumRows() == 0) { /* Make room for the pm in the pms table by updating the right values */ @$this->dba->Query("UPDATE " . PMSGS . " SET row_right = row_right+2 WHERE row_left < {$left} AND row_right >= {$left}"); // Good /* Keep updating the pms table by changing all of the necessary left AND right values */ @$this->dba->Query("UPDATE " . PMSGS . " SET row_left = row_left+2, row_right=row_right+2 WHERE row_left >= {$left}"); // Good /* Finally insert our thread into the Posts table */ @$this->dba->Query("INSERT INTO " . PMSGS . " (row_left, row_right, name, body_text, created, poster_name, poster_id, member_id, member_name, level, msg_id, parent_id, member_has_read) VALUES ({$left}, {$right}, '" . $request['name'] . "', '" . $request['message'] . "', " . $time . ", '" . $session['user']['name'] . "', " . $session['user']['id'] . ", " . $user_to['id'] . ", '" . $user_to['name'] . "', {$level}, " . $top['id'] . ", " . $before['id'] . ", 0)"); /* Update the top node */ //$top = @$this->dba->GetRow("SELECT * FROM ". PMSGS ." WHERE row_left <= $left AND row_right >= $right ORDER BY row_left ASC LIMIT 1"); @$this->dba->Execute("UPDATE " . PMSGS . " SET new_reply = 1, member_has_read = 0 WHERE id = " . $top['id']); } else { $errors = $template['L_MESSAGENOTSETNSAVED'] . '<br /><br />'; } } catch (DBA_Exception $e) { return new TplException($e, $template); } /* If we've gotten to this point, reload the page to our recently added thread :) */ return new Error($errors . $template['L_SENTPMESSAGE'] . '<meta http-equiv="refresh" content="1; url=member.php?act=view_msg&id=' . $top['id'] . '">', $template); } else { return new Error($template['L_USERDOESNTEXIST'], $template); } } else { return new Error($template['L_FEATUREDENIED'], $template); } return TRUE; }
$str = str_replace($this->codes[$key], '<!-- EMO-' . $this->codes[$key] . ' --><img src="' . $this->images[$key] . '" alt="' . $this->alts[$key] . '" /><!-- /EMO -->', $str); } return $str; } } /* Make a font tag */ class BBFont { public function Execute($str) { return preg_replace('~\\[font=(.*?)\\](.*?)\\[\\/font\\]~is', '<span style="font-family: $1;">$2</span>', $str); } } /* EXAMPLE OF USE * The next part is a random block of text with all sorts of bb codes in it * This is just an example. * NOTE: you can also do $parser->addBBcode(*); AND/OR $parser->addCustom(new *); instead of having them all in the constructor * (The * being either all the vars which are required for that function or the class required for that function) */ $text = "hello, this [b]stuff[/b] is great.. [omit]yep, [i]this is being[/i] omitted[/omit] [i]<-- all stuff within omit tags, is removed, unexecuted, and then put right back in.[/i] [omit]blam![/omit]"; $text .= "[code][list][*]heya\n[*]damn\n[/list][list=1][*]grammy!\n[/list][list=a][*]loglo\n[*]franchulate[/list][/code]"; $text .= "[font=arial]email me:[/font] [email]info@bestwebever.com[/email] [php]helloo<b>hey, this shouldn't be bold btw</b>[/php] www.bestwebever.com :P :) :( "; echo '<strong>From:</strong> <PRE>' . $text . '</PRE>'; $parser = new BBParser($text); echo '<br /><br /><strong>To:</strong> ' . $parser->Execute(); echo '<br /><br /><strong>Revert:</strong> <PRE>' . $parser->Revert($parser->Execute()) . '</PRE>'; $parser = new BBParser($parser->Revert($parser->Execute())); echo '<br /><br /><strong>Re-Revert:</strong> ' . $parser->Execute(); /* * The final $parser->Execute(); is what displays the text */
public function Execute(Template $template, Session $session, $request) { /* Create the ancestors Bar */ $template = CreateAncestors($template, $template['L_PROFILE']); /* If the user is allowed to see his/her/any user CP */ if ($session['user'] instanceof Member) { /* Connect to the db */ $dba = DBA::Open(); /* Quote out the REQUEST fields */ foreach ($request as $key => $val) { $request[$key] = $request[$key] != '' ? $dba->Quote($val) : ''; } if (check_mail($request['email']) != $request['email']) { return new Error($template['L_INVALIDEMAIL'], $template); } if ($request['signature'] != '') { if ($template['allowbbcode'] == 1) { $parser = new BBParser($request['signature']); if ($template['allowbbimagecode'] != 1) { $parser->addOmit('img', 'img'); } $request['signature'] = $parser->Execute(); } } if ($request['month'] != -1 && $request['day'] != -1 && $request['year'] != '') { $birthday = mktime(0, 0, 0, intval($request['month']), intval($request['day']), intval($request['year'])); } else { $birthday = 0; } if ($dba->Query("UPDATE " . USERS . " SET email = '" . $request['email'] . "', signature = '" . $request['signature'] . "', birthday = '" . $birthday . "', homepage = '" . $request['homepage'] . "', icq = '" . $request['icq'] . "', aim = '" . $request['aim'] . "', msn = '" . $request['msn'] . "', yahoo = '" . $request['yahoo'] . "', location = '" . $request['location'] . "', occupation = '" . $request['occupation'] . "', interests = '" . $request['interests'] . "', biography = '" . $request['biography'] . "' WHERE id = " . intval($request['id']))) { return new Error($template['L_PROFILESUCCESS'] . '<meta http-equiv="refresh" content="2; url=member.php?act=profile">', $template); } } else { return new Error($template['L_NEEDLOGGEDIN'], $template); } /* Set the number of queries */ $template['num_queries'] = $session->dba->num_queries; return TRUE; }
public function Execute(Template $template, Session $session, $request) { /* Create the ancestors bar (if we run into any trouble */ $template = CreateAncestors($template, $template['L_POSTREPLY']); /* Open a connection to the database */ $this->dba = DBA::Open(); /* Set the a variable to this user's permissions and id */ $user_perms = isset($session['user']['perms']) ? $session['user']['perms'] : ALL; $user_id = $session['user']['id']; /* Quote all of the REQUEST variables */ foreach ($request as $key => $val) { $request[$key] = $this->dba->Quote($val); } /* Parse the body text to replace bbcodes, emoticons, etc */ $parser = new BBParser(substr($request['message'], 0, $template['postmaxchars'])); //$parser->addOmit('omit', 'omit'); $request['message'] = $parser->Execute(); /* Get forums, etc */ try { $forum = new Forum(); $stack = $forum->getForums(); } catch (DBA_Exception $e) { return new TplException($e, $template); } /* Get the id of whatever you are replying to */ $parent_id = intval($request['replyto_id']); try { /* This gets a result from whatever the parent_id is */ @($parent = $this->dba->GetRow("SELECT * FROM " . POSTS . " WHERE id = {$parent_id}")); // todo error checking /* Even though the $parent could be the thread, we still need to get the thread, because we don't want to check if it is or not the thread */ @($thread = $this->dba->GetRow("SELECT * FROM " . POSTS . " WHERE row_left <= " . $parent['row_left'] . " AND row_right >= " . $parent['row_right'] . " AND row_type = 2")); /* Get the forum from the thread's parent_id */ @($f = $forum->getForum($thread['parent_id'])); } catch (DBA_Exception $e) { return new TplException($e, $template); } /* I came into the weirdest problem.. It seems to be that sqlite_escape_string make that Ø when nothing is passed to it. */ if ($request['title'] == 'Ø' || !$request['title']) { $title = 'Re: ' . stripslashes($this->dba->Quote($parent['name'])); } else { $title = stripslashes($request['title']); } /* Is this forum password-protected? */ if ($f['private'] == 1 && @$_SESSION['forum_logged'] != $f['id']) { $template['forum_id'] = $f['id']; $template->content = array('file' => 'forum_login.html'); } else { /* Check if the forum is locked or suspended, and if it is one of the above, check if the user is an admin or a moderator */ if (($f['suspend'] == 1 && $session['user']['perms'] & ADMIN || $f['suspend'] != 1) && ($thread['row_locked'] != 1 || $thread['row_locked'] == 1 && $f['is_link'] != 1 && $session['user']['perms'] >= MOD) && ($f['row_lock'] != 1 || $f['row_lock'] == 1 && $session['user']['perms'] >= MOD)) { /* If the parent_id is invalid */ if ($parent_id != 0 || !$parent_id) { /* Get the number of replies on the same level as this */ if ($this->getNumOnLevel($parent_id) > 0) { $left = $parent['row_right']; } else { $left = $parent['row_left'] + 1; } /* Get the depth and set the right value */ $depth = $parent['row_level'] + 1; $right = $left + 1; /* If this user has permission to post */ if ($user_perms >= $f['can_reply']) { /* Should we ammend to the thread? */ if (($thread['row_right'] - $thread['row_left'] - 1) / 2 == 0 && $thread['poster_id'] == $session['user']['id']) { try { /* Create new body text */ $body_text = stripslashes($this->dba->Quote($thread['body_text'])) . "\n<br />\n<br /><!-- OMIT --><strong>" . $title . "</strong>\n<br />" . stripslashes($request['message']) . "<!-- /OMIT -->"; /* Ammend to the thread */ @$this->dba->Query("UPDATE " . POSTS . " SET body_text = '{$body_text}' WHERE id = " . $thread['id']); } catch (DBA_Exception $e) { return new TplException($e, $template); } } else { $time = time(); try { /* Make space in the Forums table for the reply */ @$this->dba->Query("UPDATE " . FORUMS . " SET row_right = row_right+2 WHERE row_left < {$left} AND row_right >= {$left}"); /* Keep making space in the Forums table for the reply */ @$this->dba->Query("UPDATE " . FORUMS . " SET row_left = row_left+2, row_right=row_right+2 WHERE row_left >= {$left}"); /* Make space in the Posts table for the reply */ @$this->dba->Query("UPDATE " . POSTS . " SET row_right = row_right+2 WHERE row_left < {$left} AND row_right >= {$left}"); /* Keep making space in the Posts table for the reply */ @$this->dba->Query("UPDATE " . POSTS . " SET row_left = row_left+2, row_right=row_right+2 WHERE row_left >= {$left}"); /* Finally Insert the reply into the database */ @$this->dba->Query("INSERT INTO " . POSTS . " (row_left, row_right, name, parent_id, row_level, body_text, created, poster_name, poster_id, row_type, forum_id) VALUES ({$left}, {$right}, '{$title}', {$parent_id}, {$depth}, '" . stripslashes($request['message']) . "', " . time() . ", '" . $session['user']['name'] . "', " . $session['user']['id'] . ", 4, " . $f['id'] . ")"); /* Set the last reply info for the thread info */ @$this->dba->Query("UPDATE " . POSTS . " SET last_reply = " . $time . ", reply_uid = " . $session['user']['id'] . ", reply_uname = '" . $session['user']['name'] . "' WHERE id = " . $thread['id']); /* get the last post by this user */ $last_post_id = @$this->lastPostByUser($session['user']['id']); /* Update the post count for the forum */ $this->dba->Query("UPDATE " . FORUMS . " SET posts = posts+1, thread_created = {$time}, thread_name = '" . $title . "', thread_id = " . $thread['id'] . ", thread_uname = '" . $session['user']['name'] . "', thread_uid = " . $session['user']['id'] . " WHERE id = " . $f['id']); /* Update the user count if the user exists :) */ if ($user_id != 0) { $this->dba->Query("UPDATE " . USERS . " SET posts = posts+1 WHERE id = " . $session['user']['id']); } } catch (DBA_Exception $e) { return new TplException($e, $template); } } } else { return new Error($template['L_PERMCANTREPLY'], $template); } /* If we've gotten this far, reload the page :) */ return new Error($template['L_SUCCESSADDINGREPLY'] . '<meta http-equiv="refresh" content="1; url=viewthread.php?id=' . $thread['id'] . '">', $template); } else { return new Error($template['L_ERRORREPLYING'], $template); } } else { return new Error($template['L_PERMCANTREPLY'], $template); } } // end check forum login required }