public function process() { if (!$this->content['blogtextid'] or !vB::$vbulletin->products['vbblog']) { return true; } if (vB::$vbulletin->userinfo['userid']) { $fields = ", ignored.relationid AS b_ignoreid, buddy.relationid AS b_buddyid"; $joins = "\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = user.userid AND ignored.relationid = " . vB::$vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = user.userid AND buddy.relationid = " . vB::$vbulletin->userinfo['userid'] . " AND buddy.type = 'buddy')\n\t\t\t"; } $catsql = $this->fetchCategoryPermissions(); $comments = vB::$db->query_read_slave("\n\t\t\tSELECT\n\t\t\t\tIF (bu.title <> '', bu.title, user.username) AS b_blog_title, bt.pagetext AS bt_pagetext, blog.postedby_userid, bt.username AS bt_username,\n\t\t\t\tbt.blogid AS bt_blogid, bt.blogtextid AS bt_blogtextid, bt.title AS bt_title, bt.state AS bt_state, bt.userid AS bt_userid, fp.pagetext AS b_pagetext,\n\t\t\t\tblog.blogid AS b_blogid, blog.title AS b_title, blog.userid AS b_userid, blog.state AS b_state, blog.options AS b_options, blog.views AS b_views, blog.comments_visible AS b_comments_visible,\n\t\t\t\tbu.options_member AS b_options_member, bu.options_guest AS b_options_guest, bu.options_buddy AS b_options_buddy, options_ignore AS b_options_ignore, bu.memberids AS b_memberids, bu.memberblogids AS b_memberblogids,\n\t\t\t\tuser.username AS b_username, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS b_displaygroupid, user.infractiongroupid AS b_infractiongroupid, user.usergroupid AS b_usergroupid, user.membergroupids AS b_membergroupids\n\t\t\t\t{$fields}\n\t\t\tFROM " . TABLE_PREFIX . "blog_text AS bt\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = bt.blogid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = blog.userid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = blog.userid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_text AS fp ON (fp.blogtextid = blog.firstblogtextid)\n\t\t\t{$joins}\n\t\t\t{$catsql['joinsql']}\n\t\t\tWHERE\n\t\t\t\tbt.blogtextid IN (" . implode(",", array_keys($this->content['blogtextid'])) . ")\n\t\t\t\t\tAND\n\t\t\t\tblog.pending = 0\n\t\t\t\t{$catsql['wheresql']}\n\t\t"); while ($comment = vB::$db->fetch_array($comments)) { $this->content['blogtext'][$comment['blogtextid']] = $comment; unset($this->content['blogid'][$comment['bt_blogid']]); $this->content['blogtext'][$comment['bt_blogtextid']] = $this->parse_array($comment, 'bt_'); $this->content['userid'][$comment['bt_userid']] = 1; if (!$this->content['blog'][$comment['b_blogid']]) { $this->content['blog'][$comment['b_blogid']] = $this->parse_array($comment, 'b_'); cache_permissions($this->content['blog'][$comment['b_blogid']], false); $this->content['userid'][$comment['b_userid']] = 1; $this->content['userid'][$comment['postedby_userid']] = 1; } } $this->content['blogtextid'] = array(); }
private function construct_category($userinfo, $type = 'global') { global $vbulletin; require_once DIR . '/includes/blog_functions_category.php'; if (!$userinfo['permissions']) { cache_permissions($userinfo, false); } if (!isset($vbulletin->vbblog['categorycache']["{$userinfo['userid']}"])) { fetch_ordered_categories($userinfo['userid']); } if (empty($vbulletin->vbblog['categorycache']["{$userinfo['userid']}"])) { return; } if ($userinfo['userid'] != $vbulletin->userinfo['userid']) { $cantusecats = array_unique(array_merge($userinfo['blogcategorypermissions']['cantpost'], $vbulletin->userinfo['blogcategorypermissions']['cantpost'], $userinfo['blogcategorypermissions']['cantview'], $vbulletin->userinfo['blogcategorypermissions']['cantview'])); } else { $cantusecats = array_unique(array_merge($userinfo['blogcategorypermissions']['cantpost'], $userinfo['blogcategorypermissions']['cantview'])); } $result = array(); foreach ($vbulletin->vbblog['categorycache']["{$userinfo['userid']}"] as $blogcategoryid => $category) { if (!($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_cancreatecategory']) and $category['userid']) { continue; } else { if (in_array($blogcategoryid, $cantusecats)) { continue; } else { if ($type == 'global' and $category['userid'] != 0 or $type == 'local' and $category['userid'] == 0) { continue; } } } $result[] = array('blogcategoryid' => $category['blogcategoryid'], 'category' => array('title' => $category['title'])); } return $result; }
function RegisterService($who) { global $db, $vbulletin, $server; $result = array(); if (!$vbulletin->options['vbb_serviceonoff']) { $result['Code'] = 1; $result['Text'] = 'vbb_service_turned_off'; } else { if ($vbulletin->options['vbb_servicepw'] != $_SERVER['PHP_AUTH_PW']) { $result['Code'] = 1; $result['Text'] = 'vbb_invalid_servicepw'; } else { $userid = fetch_userid_by_service($who['ServiceName'], $who['Username']); if (empty($userid) || $userid <= 0) { $result['Code'] = 1; $result['Text'] = 'invalid_user'; } else { unset($vbulletin->userinfo); $vbulletin->userinfo =& fetch_userinfo($userid); $permissions = cache_permissions($vbulletin->userinfo); $vbulletin->options['hourdiff'] = (date('Z', TIMENOW) / 3600 - $vbulletin->userinfo['timezoneoffset']) * 3600; fetch_options_overrides($vbulletin->userinfo); fetch_time_data(); // everything is ok $result['Code'] = 0; } } } return $result; }
protected function fetchCanViewAlbum($albumid) { if (!$this->fetchCanViewAlbums() or !($album = $this->content['album'][$albumid])) { return false; } if (!($userinfo = $this->content['user'][$album['userid']])) { return false; } cache_permissions($userinfo, false); if (!can_moderate(0, 'caneditalbumpicture') and !($userinfo['permissions']['albumpermissions'] & vB::$vbulletin->bf_ugp_albumpermissions['canalbum'])) { return false; } if (!can_view_profile_section($album['userid'], 'albums')) { // private album that we can not see return false; } require_once DIR . '/includes/functions_album.php'; if ($album['state'] == 'private' and !can_view_private_albums($album['userid'], $album['buddy'])) { // private album that we can not see return false; } else { if ($album['state'] == 'profile' and !can_view_profile_albums($album['userid'])) { // profile album that we can not see return false; } } return true; }
function process_showgroups_userinfo($user) { global $vbulletin, $permissions, $stylevar, $show; $user = array_merge($user, convert_bits_to_array($user['options'], $vbulletin->bf_misc_useroptions)); $user = array_merge($user, convert_bits_to_array($user['adminoptions'], $vbulletin->bf_misc_adminoptions)); cache_permissions($user, false); fetch_online_status($user, true); if (!$user['invisible'] or $permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehidden']) { $user['lastonline'] = vbdate($vbulletin->options['dateformat'], $user['lastactivity'], 1); } else { $user['lastonline'] = ' '; } fetch_musername($user); return $user; }
function do_get_new_updates() { global $vbulletin; require_once DIR . '/includes/functions_login.php'; $vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL)); if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) { json_error(ERR_NO_PERMISSION); } $vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']); $vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']); if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['cookieuser'], true)) { json_error(ERR_NO_PERMISSION); } // Don't save the session, we just want pm & marked thread info process_new_login('', false, ''); // Since we are not saving the session, fetch our userinfo $vbulletin->userinfo =& fetch_userinfo($vbulletin->userinfo['userid']); cache_permissions($vbulletin->userinfo, true); $sub_notices = get_sub_thread_updates(); fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']); return array('pm_notices' => $vbulletin->userinfo['pmunread'], 'sub_notices' => $sub_notices); }
function do_get_profile() { global $vbulletin; $userinfo = vB_Api::instance('user')->fetchUserInfo(); $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('userid' => vB_Cleaner::TYPE_UINT)); if (!$userinfo['userid'] && !$cleaned['userid']) { return json_error(ERR_INVALID_LOGGEDIN, RV_NOT_LOGGED_IN); } if (!$cleaned['userid']) { $cleaned['userid'] = $userinfo['userid']; } $profile = vB_Api::instance('user')->fetchProfileInfo($cleaned['userid']); if (empty($profile)) { return json_error(ERR_NO_PERMISSION); } $values = array(); foreach ($profile['customFields']['default'] as $name => $value) { $value = $value['val']; if ($value === null) { $value = ''; } $values[] = array('name' => (string) new vB_Phrase('cprofilefield', $name), 'value' => $value); } $groups = array(); $groups[] = array('name' => 'about', 'values' => $values); $out = array('username' => prepare_utf8_string($profile['username']), 'joindate' => prepare_utf8_string(fr_date($profile['joindate'])), 'posts' => $profile['posts'], 'online' => fr_get_user_online($profile['lastactivity']), 'avatar_upload' => $profile['canuseavatar'] ? true : false, 'groups' => $groups); $avatarurl = vB_Library::instance('vb4_functions')->avatarUrl($cleaned['userid']); if ($avatarurl) { $out['avatarurl'] = $avatarurl; } cache_moderators(); cache_permissions($vbulletin->userinfo); $canbanuser = ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or can_moderate(0, 'canbanusers')); if ($canbanuser) { $out['ban'] = true; } return $out; }
/** * Sets the user we're working with. Automatically sets permissions as well. * * @param integer User to process * @param boolean Whether to fetch existing CSS data * * @return boolean True on success */ function set_userid($userid, $fetch = true) { $userid = intval($userid); if ($userid == $this->registry->userinfo['userid']) { $this->userid = $userid; $this->permissions = $this->registry->userinfo['permissions']; } else { if ($user = $this->dbobject->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = {$userid}")) { $this->userid = $userid; $this->permissions = cache_permissions($user, false); } else { global $vbphrase; $this->error[] = fetch_error('invalidid', $vbphrase['user'], $this->registry->options['contactuslink']); return false; } } if ($fetch) { $this->existing = $this->fetch_existing(); } return true; }
} break; // do move // do move case 'domove': if (!can_moderate_calendar($calendarinfo['calendarid'], 'canmoveevents')) { print_no_permission(); } else { if (!($vbulletin->userinfo['calendarpermissions']["{$vbulletin->GPC['newcalendarid']}"] & $vbulletin->bf_ugp_calendarpermissions['canviewcalendar'])) { print_no_permission(); } // unsubscribe users who can't view the calendar that the event is now in $users = $db->query_read("\n\t\t\t\t\tSELECT user.userid, usergroupid, membergroupids, infractiongroupids, IF(options & " . $vbulletin->bf_misc_useroptions['hasaccessmask'] . ", 1, 0) AS hasaccessmask\n\t\t\t\t\tFROM " . TABLE_PREFIX . "subscribeevent AS subscribeevent\n\t\t\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING (userid)\n\t\t\t\t\tWHERE eventid = {$eventinfo['eventid']}\n\t\t\t\t"); $deleteuser = '******'; while ($thisuser = $db->fetch_array($users)) { cache_permissions($thisuser); $userperms =& $thisuser['calendarpermissions']["{$vbulletin->GPC['newcalendarid']}"]; if ($userperms & $vbulletin->bf_ugp_calendarpermissions['canviewcalendar'] and ($eventinfo['userid'] == $thisuser['userid'] or $userperms & $vbulletin->bf_ugp_calendarpermissions['canviewothersevent'])) { // don't delete continue; } else { $deleteuser .= ',' . $thisuser['userid']; } } if ($deleteuser) { $query = "DELETE FROM " . TABLE_PREFIX . "subscribeevent WHERE eventid = {$eventinfo['eventid']} AND userid IN ({$deleteuser})"; $db->query_write($query); } // init event datamanager class $eventdata =& datamanager_init('Event', $vbulletin, ERRTYPE_STANDARD); $eventdata->verify_datetime = false;
$userinfo['userid'] != $vbulletin->userinfo['userid'] AND !$userinfo['bbuser_iscontact_of_user'] ) { // are you a contact? print_no_permission(); } require_once(DIR . '/includes/functions_user.php'); if (!can_view_profile_section($userinfo['userid'], 'visitor_messaging')) { print_no_permission(); } cache_permissions($userinfo, false); if ($userinfo['usergroupid'] == 4 AND !($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) { print_no_permission(); } $canpostmessage = ( $userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canviewmembers'] AND $vbulletin->userinfo['userid'] AND ( ( $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmessageownprofile'] AND $vbulletin->userinfo['userid'] == $userinfo['userid'] ) OR (
/** * Generates a Preview of a post * * @param array Information regarding the new post * @param integer The User ID posting * @param array Information regarding attachments * * @return string The Generated Preview * */ function process_post_preview(&$newpost, $postuserid = 0, $attachmentinfo = NULL) { global $vbphrase, $checked, $rate, $previewpost, $stylevar, $foruminfo, $vbulletin, $show; require_once DIR . '/includes/class_bbcode.php'; $bbcode_parser =& new vB_BbCodeParser($vbulletin, fetch_tag_list()); if ($attachmentinfo) { $bbcode_parser->attachments =& $attachmentinfo; } $previewpost = 1; $bbcode_parser->unsetattach = true; $previewmessage = $bbcode_parser->parse($newpost['message'], $foruminfo['forumid'], iif($newpost['disablesmilies'], 0, 1)); $post = array('userid' => $postuserid ? $postuserid : $vbulletin->userinfo['userid']); if (!empty($attachmentinfo)) { require_once DIR . '/includes/class_postbit.php'; $post['attachments'] =& $attachmentinfo; $postbit_factory =& new vB_Postbit_Factory(); $postbit_factory->registry =& $vbulletin; $postbit_factory->forum =& $foruminfo; $postbit_obj =& $postbit_factory->fetch_postbit('post'); $postbit_obj->post =& $post; $postbit_obj->process_attachments(); } if ($post['userid'] != $vbulletin->userinfo['userid']) { $fetchsignature = $vbulletin->db->query_first("\n\t\t\tSELECT signature\n\t\t\tFROM " . TABLE_PREFIX . "usertextfield\n\t\t\tWHERE userid = {$postuserid}\n\t\t"); $signature =& $fetchsignature['signature']; } else { $signature = $vbulletin->userinfo['signature']; } $show['signature'] = false; if ($newpost['signature'] and trim($signature)) { $userinfo = fetch_userinfo($post['userid'], FETCH_USERINFO_SIGPIC); if ($post['userid'] != $vbulletin->userinfo['userid']) { cache_permissions($userinfo, false); } else { $userinfo['permissions'] =& $vbulletin->userinfo['permissions']; } if ($userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canusesignature']) { $bbcode_parser->set_parse_userinfo($userinfo); $post['signature'] = $bbcode_parser->parse($signature, 'signature'); $bbcode_parser->set_parse_userinfo(array()); $show['signature'] = true; } } if ($foruminfo['allowicons'] and $newpost['iconid']) { if ($icon = $vbulletin->db->query_first_slave("\n\t\t\tSELECT title as title, iconpath\n\t\t\tFROM " . TABLE_PREFIX . "icon\n\t\t\tWHERE iconid = " . intval($newpost['iconid']) . "\n\t\t")) { $newpost['iconpath'] = $icon['iconpath']; $newpost['icontitle'] = $icon['title']; } } else { if ($vbulletin->options['showdeficon'] != '') { $newpost['iconpath'] = $vbulletin->options['showdeficon']; $newpost['icontitle'] = $vbphrase['default']; } } $show['messageicon'] = iif($newpost['iconpath'], true, false); $show['errors'] = false; ($hook = vBulletinHook::fetch_hook('newpost_preview')) ? eval($hook) : false; if ($previewmessage != '') { eval('$postpreview = "' . fetch_template('newpost_preview') . "\";"); } else { $postpreview = ''; } construct_checkboxes($newpost); if ($newpost['rating']) { $rate["{$newpost['rating']}"] = ' ' . 'selected="selected"'; } return $postpreview; }
$limitlower = 1; } $getevents = $db->query_read_slave("\n\t\tSELECT event.*, IF(dateline_to = 0, 1, 0) AS singleday, user.username, user.options, user.adminoptions, user.usergroupid, user.membergroupids, user.infractiongroupids, IF(options & " . $vbulletin->bf_misc_useroptions['hasaccessmask'] . ", 1, 0) AS hasaccessmask,\n\t\t\tsubscribeevent.reminder, subscribeevent.subscribeeventid\n\t\t\t" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight, customavatar.width_thumb AS avwidth_thumb, customavatar.height_thumb AS avheight_thumb, filedata_thumb, NOT ISNULL(customavatar.userid) AS hascustom" : "") . "\n\t\tFROM " . TABLE_PREFIX . "subscribeevent AS subscribeevent\n\t\tLEFT JOIN " . TABLE_PREFIX . "event AS event ON (subscribeevent.eventid = event.eventid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (event.userid = user.userid)\n\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\tWHERE\n\t\t\tsubscribeevent.userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\tAND\n\t\t\tevent.visible = 1\n\t\tORDER BY\n\t\t\t{$sqlsortfield} {$sortorder}\n\t\tLIMIT " . ($limitlower - 1) . ", {$perpage}\n\t"); $itemcount = ($pagenumber - 1) * $perpage; $first = $itemcount + 1; if ($db->num_rows($getevents)) { $show['haveevents'] = true; while ($event = $db->fetch_array($getevents)) { if (empty($reminders["{$event['reminder']}"])) { $event['reminder'] = 3600; } $event['reminder'] = $vbphrase[$reminders[$event['reminder']]]; $offset = $event['dst'] ? $vbulletin->userinfo['timezoneoffset'] : $vbulletin->userinfo['tzoffset']; $event = array_merge($event, convert_bits_to_array($event['options'], $vbulletin->bf_misc_useroptions)); $event = array_merge($event, convert_bits_to_array($event['adminoptions'], $vbulletin->bf_misc_adminoptions)); cache_permissions($event, false); fetch_avatar_from_userinfo($event, true); $event['dateline_from_user'] = $event['dateline_from'] + $offset * 3600; $event['dateline_to_user'] = $event['dateline_to'] + $offset * 3600; $event['preview'] = htmlspecialchars_uni(strip_bbcode(fetch_trimmed_title(strip_quotes($event['event']), 300), false, true)); $event = fetch_event_date_time($event); $event['calendar'] = $calendarcache["{$event['calendarid']}"]; $show['singleday'] = !empty($event['singleday']) ? true : false; ($hook = vBulletinHook::fetch_hook('calendar_viewreminder_event')) ? eval($hook) : false; $oppositesort = $sortorder == 'asc' ? 'desc' : 'asc'; $templater = vB_Template::create('calendar_reminder_eventbit'); $templater->register('date1', $date1); $templater->register('date2', $date2); $templater->register('daterange', $daterange); $templater->register('event', $event); $templater->register('eventdate', $eventdate);
/** * Process note as if a registered user posted */ function process_registered_user() { global $show, $vbphrase; fetch_musername($this->message); $this->message['onlinestatus'] = 0; // now decide if we can see the user or not if ($this->message['lastactivity'] > (TIMENOW - $this->registry->options['cookietimeout']) AND $this->message['lastvisit'] != $this->message['lastactivity']) { if ($this->message['invisible']) { if (($this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canseehidden']) OR $this->message['userid'] == $this->registry->userinfo['userid']) { // user is online and invisible BUT bbuser can see them $this->message['onlinestatus'] = 2; } } else { // user is online and visible $this->message['onlinestatus'] = 1; } } if (!isset($this->factory->perm_cache["{$this->message['userid']}"])) { $this->factory->perm_cache["{$this->message['userid']}"] = cache_permissions($this->message, false); } if ( // no avatar defined for this user empty($this->message['avatarurl']) OR // visitor doesn't want to see avatars ($this->registry->userinfo['userid'] > 0 AND !$this->registry->userinfo['showavatars']) OR // user has a custom avatar but no permission to display it (!$this->message['avatarid'] AND !($this->factory->perm_cache["{$this->message['userid']}"]['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canuseavatar']) AND !$this->message['adminavatar']) // ) { $show['avatar'] = false; } else { $show['avatar'] = true; } $show['emaillink'] = ( $this->message['showemail'] AND $this->registry->options['displayemails'] AND ( !$this->registry->options['secureemail'] OR ( $this->registry->options['secureemail'] AND $this->registry->options['enableemail'] ) ) AND $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canemailmember'] AND $this->registry->userinfo['userid'] ); $show['homepage'] = ($this->message['homepage'] != '' AND $this->message['homepage'] != 'http://'); $show['pmlink'] = ($this->registry->options['enablepms'] AND $this->registry->userinfo['permissions']['pmquota'] AND ($this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'] OR ($this->message['receivepm'] AND $this->factory->perm_cache["{$this->userinfo['userid']}"]['pmquota']) )) ? true : false; }
/** * Sends email notifications for discussions. * * @param int $discussion - The discussion being updated * @param int $messageid - Id of the message that triggered the update * @param string $postusername - Optional username displayed on post */ function exec_send_sg_notification($discussionid, $gmid = false, $postusername = false) { global $vbulletin; if (!$vbulletin->options['enableemail']) { return; } $discussion = fetch_socialdiscussioninfo($discussionid); // if there are no subscribers, no need to send notifications if (!$discussion['subscribers']) { return; } // if the discussion is moderated or deleted, don't send notification if ('deleted' == $discussion['state'] or 'moderation' == $discussion['state']) { return; } $group = fetch_socialgroupinfo($discussion['groupid']); if (!$gmid) { // get last gmid from discussion $gmid = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(gmid) AS gmid\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND state = 'visible'\n\t\t"); $gmid = $gmid['gmid']; } // get message details $gmessage = fetch_groupmessageinfo($gmid); if (!$gmessage) { return; } // get post time of previous message - if a user hasn't been active since then we won't resend a notification $lastposttime = ($lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND dateline < {$gmessage['dateline']}\n\t\t\t\tAND state = 'visible'\n\t")) ? $lastposttime['dateline'] : $gmessage['dateline']; $discussion['title'] = unhtmlspecialchars($discussion['title']); $group['name'] = unhtmlspecialchars($group['name']); // temporarily use postusername in userinfo if (!$postusername) { // get current user name if user exists if ($gmessage['postuserid'] and $userinfo = fetch_userinfo($gmessage['postuserid'])) { $postusername = $userinfo['username']; } else { $postusername = $gmessage['postusername']; } } $postusername = unhtmlspecialchars($postusername); $userid = $gmessage['postuserid']; ($hook = vBulletinHook::fetch_hook('newpost_sg_notification_start')) ? eval($hook) : false; $useremails = $vbulletin->db->query_read_slave("\n\t\tSELECT user.*, subscribediscussion.emailupdate, subscribediscussion.subscribediscussionid, IF(socialgroupmember.userid IS NOT NULL,1,0) ismember\n\t\tFROM " . TABLE_PREFIX . "subscribediscussion AS subscribediscussion\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (subscribediscussion.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember ON (socialgroupmember.userid = user.userid AND socialgroupmember.groupid = {$group['groupid']})\n\t\tWHERE subscribediscussion.discussionid = {$discussion['discussionid']}\n\t\t AND subscribediscussion.emailupdate = 1\n\t\t AND " . ($gmessage['postuserid'] ? " CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE ' " . intval($userid) . " '" : '') . "\n\t\t AND user.usergroupid <> 3\n\t\t AND user.userid <> " . intval($userid) . "\n\t\t AND user.lastactivity >= " . intval($lastposttime) . "\n\t\t AND (usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\n\t"); vbmail_start(); // parser for plaintexting the message pagetext require_once DIR . '/includes/class_bbcode_alt.php'; $plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list()); $pagetext_cache = array(); // used to cache the results per languageid for speed $evalemail = array(); while ($touser = $vbulletin->db->fetch_array($useremails)) { // check user can view discussion $permissions = cache_permissions($touser, false); if (!($vbulletin->usergroupcache["{$touser['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']) or !($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview']) or !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canviewgroups']) or $group['options'] & $vbulletin->bf_misc_socialgroupoptions['join_to_view'] and !$touser['ismember'] and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayscreatediscussion']) and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayspostmessage'])) { continue; } $touser['username'] = unhtmlspecialchars($touser['username']); $touser['languageid'] = iif($touser['languageid'] == 0, $vbulletin->options['languageid'], $touser['languageid']); $touser['auth'] = md5($touser['userid'] . $touser['subscribediscussionid'] . $touser['salt'] . COOKIE_SALT); if (empty($evalemail)) { $email_texts = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT text, languageid, fieldname\n\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify_discussion'\n\t\t\t"); while ($email_text = $vbulletin->db->fetch_array($email_texts)) { $emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text']; } require_once DIR . '/includes/functions_misc.php'; foreach ($emails as $languageid => $email_text) { // lets cycle through our array of notify phrases $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody']))); $text_message = replace_template_variables($text_message); $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject']))); $text_subject = replace_template_variables($text_subject); $evalemail["{$languageid}"] = ' $message = "' . $text_message . '"; $subject = "' . $text_subject . '"; '; } } // parse the page text into plain text, taking selected language into account if (!isset($pagetext_cache["{$touser['languageid']}"])) { $plaintext_parser->set_parsing_language($touser['languageid']); $pagetext_cache["{$touser['languageid']}"] = $plaintext_parser->parse($gmessage['pagetext']); } $pagetext = $pagetext_cache["{$touser['languageid']}"]; ($hook = vBulletinHook::fetch_hook('new_sg_message_notification_message')) ? eval($hook) : false; eval(iif(empty($evalemail["{$touser['languageid']}"]), $evalemail["-1"], $evalemail["{$touser['languageid']}"])); vbmail($touser['email'], $subject, $message); } $vbulletin->db->free_result($useremails); unset($plaintext_parser, $pagetext_cache); vbmail_end(); }
function process_new_login($logintype, $cookieuser, $cssprefs) { global $vbulletin; $lang_info = array( 'lang_locale' => $vbulletin->userinfo['lang_locale'], 'lang_charset' => $vbulletin->userinfo['lang_charset'] ); $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $vbulletin->db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'"); if ($vbulletin->session->created == true AND $vbulletin->session->vars['userid'] == 0) { // if we just created a session on this page, there's no reason not to use it $newsession =& $vbulletin->session; } else { $newsession = new vB_Session($vbulletin, '', $vbulletin->userinfo['userid'], '', $vbulletin->session->vars['styleid'], $vbulletin->session->vars['languageid']); } $newsession->set('userid', $vbulletin->userinfo['userid']); $newsession->set('loggedin', 1); if ($logintype == 'cplogin') { $newsession->set('bypass', 1); } else { $newsession->set('bypass', 0); } $newsession->set_session_visibility(($vbulletin->superglobal_size['_COOKIE'] > 0)); $newsession->fetch_userinfo(); $vbulletin->session =& $newsession; $vbulletin->userinfo = $newsession->userinfo; $vbulletin->userinfo['lang_locale'] = $lang_info['lang_locale']; $vbulletin->userinfo['lang_charset'] = $lang_info['lang_charset']; // admin control panel or upgrade script login if ($logintype === 'cplogin') { $permissions = cache_permissions($vbulletin->userinfo, false); $vbulletin->userinfo['permissions'] =& $permissions; if ($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) { if ($cssprefs != '') { $admininfo = $vbulletin->db->query_first_slave("SELECT * FROM " . TABLE_PREFIX . "administrator WHERE userid = " . $vbulletin->userinfo['userid']); if ($admininfo) { $admindm =& datamanager_init('Admin', $vbulletin, ERRTYPE_SILENT); $admindm->set_existing($admininfo); $admindm->set('cssprefs', $vbulletin->GPC['cssprefs']); $admindm->save(); } } $cpsession = $vbulletin->session->fetch_sessionhash(); /*insert query*/ $vbulletin->db->query_write("INSERT INTO " . TABLE_PREFIX . "cpsession (userid, hash, dateline) VALUES (" . $vbulletin->userinfo['userid'] . ", '" . $vbulletin->db->escape_string($cpsession) . "', " . TIMENOW . ")"); vbsetcookie('cpsession', $cpsession, false, true, true); if (!$cookieuser AND empty($vbulletin->GPC[COOKIE_PREFIX . 'userid'])) { vbsetcookie('userid', $vbulletin->userinfo['userid'], false, true, true); vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), false, true, true); } } } // moderator control panel login if ($logintype === 'modcplogin') { $permissions = cache_permissions($vbulletin->userinfo, false); $vbulletin->userinfo['permissions'] =& $permissions; require_once(DIR . '/includes/functions_calendar.php'); if (can_moderate() OR can_moderate_calendar()) { $cpsession = $vbulletin->session->fetch_sessionhash(); /*insert query*/ $vbulletin->db->query_write("INSERT INTO " . TABLE_PREFIX . "cpsession (userid, hash, dateline) VALUES (" . $vbulletin->userinfo['userid'] . ", '" . $vbulletin->db->escape_string($cpsession) . "', " . TIMENOW . ")"); vbsetcookie('cpsession', $cpsession, false, true, true); if (!$cookieuser AND empty($vbulletin->GPC[COOKIE_PREFIX . 'userid'])) { vbsetcookie('userid', $vbulletin->userinfo['userid'], false, true, true); vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), false, true, true); } } } ($hook = vBulletinHook::fetch_hook('login_process')) ? eval($hook) : false; }
$formdata = $albuminfo; } else { $formdata = array('albumid' => 0, 'title' => '', 'description' => '', 'state' => 'public', 'userid' => $vbulletin->userinfo['userid']); } } $formdata['albumtype_' . $formdata['state']] = 'checked="checked"'; $show['delete_option'] = (!defined('PREVIEW_ERRORS') and !empty($albuminfo['albumid']) and ($vbulletin->userinfo['userid'] == $albuminfo['userid'] or can_moderate(0, 'candeletealbumpicture'))); $show['album_used_in_css'] = false; if (!empty($albuminfo['albumid'])) { if ($db->query_first("\n\t\t\tSELECT selector\n\t\t\tFROM " . TABLE_PREFIX . "usercss\n\t\t\tWHERE userid = {$albuminfo['userid']}\n\t\t\t\tAND property = 'background_image'\n\t\t\t\tAND value LIKE '{$albuminfo['albumid']},%'\n\t\t\tLIMIT 1\n\t\t")) { $show['album_used_in_css'] = true; } } // if permitted to customize profile, or album is already a profile-type, show the profile-type option $creator = fetch_userinfo($formdata['userid']); cache_permissions($creator); $show['albumtype_profile'] = ($albuminfo['state'] == 'profile' or $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_profile_styling'] and $creator['permissions']['usercsspermissions'] & $vbulletin->bf_ugp_usercsspermissions['caneditbgimage']); ($hook = vBulletinHook::fetch_hook('album_album_edit')) ? eval($hook) : false; // navbar and final output $navbits = construct_navbits(array('member.php?' . $vbulletin->session->vars['sessionurl'] . "u={$userinfo['userid']}" => construct_phrase($vbphrase['xs_profile'], $userinfo['username']), 'album.php?' . $vbulletin->session->vars['sessionurl'] . "u={$userinfo['userid']}" => $vbphrase['albums'], '' => !empty($albuminfo['albumid']) ? $vbphrase['edit_album'] : $vbphrase['add_album'])); eval('$navbar = "' . fetch_template('navbar') . '";'); eval('print_output("' . fetch_template('album_edit') . '");'); } // ####################################################################### if ($_POST['do'] == 'updatepictures') { $vbulletin->input->clean_array_gpc('p', array('pictures' => TYPE_ARRAY, 'coverpictureid' => TYPE_UINT, 'frompicture' => TYPE_BOOL)); if (empty($albuminfo)) { standard_error(fetch_error('invalidid', $vbphrase['album'], $vbulletin->options['contactuslink'])); } if ($userinfo['userid'] != $vbulletin->userinfo['userid'] and !can_moderate(0, 'caneditalbumpicture')) { print_no_permission();
/** * Processes this post's user info assuming the user is registered. */ function process_registered_user() { global $show, $vbphrase; $post =& $this->post; // this is a stopgap required for rank's eval code fetch_musername($this->post); // get online status -- function call also sets values in $this->post $this->post['online_status_code'] = fetch_online_status($this->post, true); if (empty($this->cache['perms'][$this->post['userid']])) { $this->cache['perms'][$this->post['userid']] = cache_permissions($this->post, false); } // get avatar if ($this->post['avatarid']) { $this->post['avatarurl'] = $this->post['avatarpath']; } else { if ($this->post['hascustomavatar'] AND $this->registry->options['avatarenabled']) { if ($this->registry->options['usefileavatar']) { $this->post['avatarurl'] = $this->registry->options['avatarurl'] . '/avatar' . $this->post['userid'] . '_' . $this->post['avatarrevision'] . '.gif'; } else { $this->post['avatarurl'] = 'image.php?' . $this->registry->session->vars['sessionurl'] . 'u=' . $this->post['userid'] . '&dateline=' . $this->post['avatardateline']; } if ($this->post['avwidth'] AND $this->post['avheight']) { $this->post['avwidth'] = 'width="' . $this->post['avwidth'] . '"'; $this->post['avheight'] = 'height="' . $this->post['avheight'] . '"'; } else { $this->post['avwidth'] = ''; $this->post['avheight'] = ''; } } else { $this->post['avatarurl'] = ''; } } if ( // no avatar defined for this user empty($this->post['avatarurl']) OR // visitor doesn't want to see avatars ($this->registry->userinfo['userid'] > 0 AND !$this->registry->userinfo['showavatars']) OR // user has a custom avatar but no permission to display it (!$this->post['avatarid'] AND !($this->cache['perms'][$this->post['userid']]['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canuseavatar']) AND !$this->post['adminavatar']) // ) { $show['avatar'] = false; } else { $show['avatar'] = true; } // Generate Reputation Power if ($this->registry->options['postelements'] & POST_SHOW_REPPOWER AND $this->registry->options['reputationenable']) { if (!empty($this->cache['reppower'][$this->post['userid']])) { $this->post['reppower'] = $this->cache['reppower'][$this->post['userid']]; } else { $this->post['reppower'] = fetch_reppower($this->post, $this->cache['perms'][$this->post['userid']]); $this->cache['reppower'][$this->post['userid']] = $this->post['reppower']; } $show['reppower'] = true; } else { $show['reppower'] = false; } // get reputation if ($this->registry->options['reputationenable']) { fetch_reputation_image($this->post, $this->cache['perms'][$this->post['userid']]); $show['reputation'] = true; } else { $show['reputation'] = false; } // get join date & posts per day $jointime = (TIMENOW - $this->post['joindate']) / 86400; // Days Joined if ($jointime < 1) { // User has been a member for less than one day. $this->post['postsperday'] = $this->post['posts']; } else { $this->post['postsperday'] = vb_number_format($this->post['posts'] / $jointime, 2); } $this->post['joindate'] = vbdate($this->registry->options['registereddateformat'], $this->post['joindate']); // format posts number $this->post['posts'] = vb_number_format($this->post['posts']); $show['profile'] = true; $show['search'] = true; $show['buddy'] = true; $show['emaillink'] = ( $this->post['showemail'] AND $this->registry->options['displayemails'] AND ( !$this->registry->options['secureemail'] OR ( $this->registry->options['secureemail'] AND $this->registry->options['enableemail'] ) ) AND $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canemailmember'] AND $this->registry->userinfo['userid'] ); $show['homepage'] = ($this->post['homepage'] != '' AND $this->post['homepage'] != 'http://'); $show['pmlink'] = ($this->registry->options['enablepms'] AND $this->registry->userinfo['permissions']['pmquota'] AND ($this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'] OR ($this->post['receivepm'] AND $this->cache['perms'][$this->post['userid']]['pmquota']) )) ? true : false; // Generate Age if ($this->registry->options['postelements'] & POST_SHOW_AGE AND ($this->post['showbirthday'] == 1 OR $this->post['showbirthday'] == 2)) { if (!$this->cache['year']) { $this->cache['year'] = vbdate('Y', TIMENOW, false, false); $this->cache['month'] = vbdate('n', TIMENOW, false, false); $this->cache['day'] = vbdate('j', TIMENOW, false, false); } if (empty($this->cache['age'][$this->post['userid']])) { $date = explode('-', $this->post['birthday']); if ($this->cache['year'] > $date[2] AND $date[2] != '0000') { $this->post['age'] = $this->cache['year'] - $date[2]; if ($this->cache['month'] < $date[0] OR ($this->cache['month'] == $date[0] AND $this->cache['day'] < $date[1])) { $this->post['age']--; } if ($this->post['age'] < 101) { $this->cache['age'][$this->post['userid']] = $this->post['age']; } else { unset($this->post['age']); } } } else { $this->post['age'] = $this->cache['age'][$this->post['userid']]; } } // Display infractions $show['infraction'] = ($this->post['userid'] AND ($this->registry->options['postelements'] & POST_SHOW_INFRACTION) AND ( $this->post['ipoints'] OR $this->post['warnings'] OR $this->post['infractions']) AND ( $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canreverseinfraction'] OR $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canseeinfraction'] OR $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['cangiveinfraction'] OR ($this->post['userid'] == $this->registry->userinfo['userid'] /*AND $this->registry->options['canseeown']*/) )); // Moved to a function to allow child overriding, i.e. announcements $this->process_signature(); }
{ // This should not be blank but win32 has a bug in regards to mktime and dates < 1970 if ($bday[2] == '0000') { $userinfo['birthday'] = "$bday[0]-$bday[1]"; } else { $userinfo['birthday'] = "$bday[0]-$bday[1]-$bday[2]"; } } } } if ($show['reputationcol']) { $checkperms = cache_permissions($userinfo, false); fetch_reputation_image($userinfo, $checkperms); } $can_view_profile_pic = ( $show['profilepiccol'] AND $userinfo['profilepic'] AND ($userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canprofilepic'] OR $userinfo['adminprofilepic']) ); if ($userinfo['profilepicrequirement'] AND !can_view_profile_section($userinfo['userid'], 'profile_picture', $userinfo['profilepicrequirement'], $userinfo)) { $can_view_profile_pic = false; } if ($can_view_profile_pic) {
/** * Cache's the User's Permissions * */ function prepare_userperms() { $this->prepared['userperms'] = cache_permissions($this->userinfo, false); }
$show['deletethread'] = ($threadinfo['visible'] != 2 and can_moderate($threadinfo['forumid'], 'candeleteposts') or can_moderate($threadinfo['forumid'], 'canremoveposts') or $forumperms & $vbulletin->bf_ugp_forumpermissions['candeletepost'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['candeletethread'] and $vbulletin->userinfo['userid'] == $threadinfo['postuserid'] and ($vbulletin->options['edittimelimit'] == 0 or $threadinfo['dateline'] > TIMENOW - $vbulletin->options['edittimelimit'] * 60)) ? true : false; $show['adminoptions'] = ($show['editpoll'] or $show['movethread'] or $show['deleteposts'] or $show['editthread'] or $show['managethread'] or $show['openclose'] or $show['deletethread']) ? true : false; // ############################################################################# // Setup Add Poll Conditional if ($vbulletin->userinfo['userid'] != $threadinfo['postuserid'] and !can_moderate($foruminfo['forumid'], 'caneditpoll') or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canpostnew']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canpostpoll']) or $threadinfo['pollid'] or !can_moderate($foruminfo['forumid'], 'caneditpoll') and $vbulletin->options['addpolltimeout'] and TIMENOW - $vbulletin->options['addpolltimeout'] * 60 > $threadinfo['dateline']) { $show['addpoll'] = false; } else { $show['addpoll'] = true; } // ############################################################################# // show forum rules construct_forum_rules($forum, $forumperms); // ############################################################################# // build social bookmarking links $guestuser = array('userid' => 0, 'usergroupid' => 0); cache_permissions($guestuser); $bookmarksites = ''; if ($thread['visible'] and !$thread['isdeleted'] and $guestuser['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'] and $guestuser['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canview'] and $guestuser['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewthreads'] and ($guestuser['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewothers'] or $threadinfo['postuserid'] == 0)) { if ($vbulletin->options['socialbookmarks'] and is_array($vbulletin->bookmarksitecache) and !empty($vbulletin->bookmarksitecache)) { $raw_title = html_entity_decode($thread['title'], ENT_QUOTES); foreach ($vbulletin->bookmarksitecache as $bookmarksite) { //this was done as a friendly url and then changed back as part of a bug ported from 3.8.x a while back. //There appear to be some issues with UTF in titles and twitter (which was part of the bug fix from 3.8.x) //This needs to be looked at in order to properly use the friendly urls, however I don't want to do it as part //of this effort (making things available in subdirectories). However I'm generating the url out of the //seo url framework to centralized some of the other url logic made available. $threadlink = vB_Friendly_Url::fetchLibrary($vbulletin, 'thread|nosession|bburl', $thread)->get_url(FRIENDLY_URL_OFF); $bookmarksite['link'] = str_replace(array('{URL}', '{TITLE}'), array(urlencode($threadlink), urlencode($bookmarksite['utf8encode'] ? utf8_encode($raw_title) : $raw_title)), $bookmarksite['url']); ($hook = vBulletinHook::fetch_hook('showthread_bookmarkbit')) ? eval($hook) : false; $templater = vB_Template::create('showthread_bookmarksite'); $templater->register('bookmarksite', $bookmarksite);
} if ($countbcc and $vbulletin->userinfo['userid'] == $pm['fromuserid'] and $pm['folderid'] == -1) { if ($countcc) { $bccrecipients = $bcclist; } else { $ccrecipients = $bcclist; } } $show['recipients'] = true; } $show['quickreply'] = ($permissions['pmquota'] and $vbulletin->userinfo['receivepm'] and !fetch_privatemessage_throttle_reached($vbulletin->userinfo['userid'])); if ($pm['fromuserid']) { $recipient = $db->query_first("\n\t\t\tSELECT usertextfield.*, user.*, userlist.type\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid=user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON(user.userid = userlist.userid AND userlist.relationid = " . $vbulletin->userinfo['userid'] . " AND userlist.type = 'buddy')\n\t\t\tWHERE user.userid = " . intval($pm['fromuserid'])); if (!empty($recipient)) { $recipient = array_merge($recipient, convert_bits_to_array($recipient['options'], $vbulletin->bf_misc_useroptions)); cache_permissions($recipient, false); if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and (!$recipient['receivepm'] or !$recipient['permissions']['pmquota'] or $recipient['receivepmbuddies'] and !can_moderate() and $recipient['type'] != 'buddy')) { $show['quickreply'] = false; } } else { $show['quickreply'] = false; } } else { $show['quickreply'] = false; } if ($vbulletin->GPC['showhistory'] and $pm['parentpmid']) { $threadresult = $vbulletin->db->query_read_slave("\n\t\t\tSELECT pm.*, pmtext.*\n\t\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\t\tINNER JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t\tWHERE (pm.parentpmid=" . $pm['parentpmid'] . "\n\t\t\t\t\tOR pm.pmid = " . $pm['parentpmid'] . ")\n\t\t\tAND pm.pmid != " . $pm['pmid'] . "\n\t\t\tAND pm.userid=" . $vbulletin->userinfo['userid'] . "\n\t\t\tAND pmtext.dateline < " . $pm['dateline'] . "\n\t\t\tORDER BY pmtext.dateline DESC\n\t\t"); if ($vbulletin->db->num_rows($threadresult)) { $threadpms = ''; while ($threadpm = $vbulletin->db->fetch_array($threadresult)) { $postbit_factory = new vB_Postbit_Factory();
/** * Verifies permissions to attach content to posts * * @param array Contenttype information - bypass reading environment settings * * @return boolean */ public function verify_permissions($info = array()) { global $show; if ($info) { $this->values['postid'] = $info['postid']; $this->values['threadid'] = $info['threadid']; $this->values['forumid'] = $info['forumid']; } else { $this->values['postid'] = intval($this->values['p']) ? intval($this->values['p']) : intval($this->values['postid']); $this->values['threadid'] = intval($this->values['t']) ? intval($this->values['t']) : intval($this->values['threadid']); $this->values['forumid'] = intval($this->values['f']) ? intval($this->values['f']) : intval($this->values['forumid']); } if ($this->values['postid']) { if (!($this->postinfo = fetch_postinfo($this->values['postid']))) { return false; } $this->values['threadid'] = $this->postinfo['threadid']; } if ($this->values['threadid']) { if (!($this->threadinfo = fetch_threadinfo($this->values['threadid']))) { return false; } $this->values['forumid'] = $this->threadinfo['forumid']; } if ($this->values['forumid'] and !($this->foruminfo = fetch_foruminfo($this->values['forumid']))) { return false; } if (!$this->foruminfo and !$this->threadinfo and !($this->postinfo and $this->values['editpost'])) { return false; } $forumperms = fetch_permissions($this->foruminfo['forumid']); // No permissions to post attachments in this forum or no permission to view threads in this forum. if (!($forumperms & $this->registry->bf_ugp_forumpermissions['canpostattachment']) or !($forumperms & $this->registry->bf_ugp_forumpermissions['canview']) or !($forumperms & $this->registry->bf_ugp_forumpermissions['canviewthreads'])) { return false; } if (!$this->postinfo and !$this->foruminfo['allowposting'] or $this->foruminfo['link'] or !$this->foruminfo['cancontainthreads']) { return false; } if ($this->threadinfo) { if ($this->threadinfo['isdeleted'] or !$this->threadinfo['visible'] and !can_moderate($this->threadinfo['forumid'], 'canmoderateposts')) { return false; } if (!$this->threadinfo['open']) { if (!can_moderate($this->threadinfo['forumid'], 'canopenclose')) { return false; } } if ($this->registry->userinfo['userid'] != $this->threadinfo['postuserid'] and (!($forumperms & $this->registry->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $this->registry->bf_ugp_forumpermissions['canreplyothers']))) { return false; } // don't call this part on editpost.php (which will have a $postid) if (!$this->postinfo and !($forumperms & $this->registry->bf_ugp_forumpermissions['canreplyown']) and $this->registry->userinfo['userid'] == $this->threadinfo['postuserid']) { return false; } } else { if (!($forumperms & $this->registry->bf_ugp_forumpermissions['canpostnew'])) { return false; } } if ($this->postinfo) { if (!can_moderate($this->threadinfo['forumid'], 'caneditposts')) { if (!($forumperms & $this->registry->bf_ugp_forumpermissions['caneditpost'])) { return false; } else { if ($this->registry->userinfo['userid'] != $this->postinfo['userid']) { // check user owns this post return false; } else { // check for time limits if ($this->postinfo['dateline'] < TIMENOW - $this->registry->options['edittimelimit'] * 60 and $this->registry->options['edittimelimit']) { return false; } } } } $this->contentid = $this->postinfo['postid']; $this->userinfo = fetch_userinfo($this->postinfo['userid']); cache_permissions($this->userinfo, true); } else { $this->userinfo = $this->registry->userinfo; } // check if there is a forum password and if so, ensure the user has it set verify_forum_password($this->foruminfo['forumid'], $this->foruminfo['password'], false); if (!$this->foruminfo['allowposting']) { $show['attachoption'] = false; $show['forumclosed'] = true; } return true; }
{ $vbulletin->options['cpstylefolder'] = $vbulletin->userinfo['cssprefs']; } // ###################### Get date / time info ####################### // override date/time settings if specified fetch_options_overrides($vbulletin->userinfo); fetch_time_data(); // ############################################ LANGUAGE STUFF #################################### // initialize $vbphrase and set language constants $vbphrase = init_language(); $_tmp = NULL; fetch_stylevars($_tmp, $vbulletin->userinfo); $permissions = cache_permissions($vbulletin->userinfo, true); $vbulletin->userinfo['permissions'] =& $permissions; $cpsession = array(); $vbulletin->input->clean_array_gpc('c', array( COOKIE_PREFIX . 'cpsession' => TYPE_STR, )); if (!empty($vbulletin->GPC[COOKIE_PREFIX . 'cpsession'])) { $cpsession = $db->query_first(" SELECT * FROM " . TABLE_PREFIX . "cpsession WHERE userid = " . $vbulletin->userinfo['userid'] . " AND hash = '" . $db->escape_string($vbulletin->GPC[COOKIE_PREFIX . 'cpsession']) . "' AND dateline > " . iif($vbulletin->options['timeoutcontrolpanel'], intval(TIMENOW - $vbulletin->options['cookietimeout']), intval(TIMENOW - 3600)) );
print_table_break(); print_submit_row($vbphrase['continue']); } } // ###################### Start do moderate and coppa ####################### if ($_POST['do'] == 'domoderate') { $vbulletin->input->clean_array_gpc('p', array('send_validated' => TYPE_INT, 'send_deleted' => TYPE_INT, 'validate' => TYPE_ARRAY_INT)); if (empty($vbulletin->GPC['validate'])) { print_stop_message('please_complete_required_fields'); } else { $evalemail_validated = array(); $evalemail_deleted = array(); require_once DIR . '/includes/functions_misc.php'; if ($vbulletin->options['welcomepm']) { if ($fromuser = fetch_userinfo($vbulletin->options['welcomepm'])) { cache_permissions($fromuser, false); } } foreach ($vbulletin->GPC['validate'] as $userid => $status) { $userid = intval($userid); $user = $db->query_first("\n\t\t\t\tSELECT *\n\t\t\t\tFROM " . TABLE_PREFIX . "user\n\t\t\t\tWHERE userid = {$userid}\n\t\t\t"); if (!$user) { // use was likely deleted continue; } $username = unhtmlspecialchars($user['username']); $chosenlanguage = iif($user['languageid'] < 1, intval($vbulletin->options['languageid']), intval($user['languageid'])); if ($status == 1) { // validated // init user data manager $displaygroupid = ($user['displaygroupid'] > 0 and $user['displaygroupid'] != $user['usergroupid']) ? $user['displaygroupid'] : 2;
} else { // insert username(s) of specified recipients if ($vbulletin->GPC['userid']) { $recipients = array(); if (is_array($vbulletin->GPC['userid'])) { foreach ($vbulletin->GPC['userid'] as $recipient) { $recipients[] = intval($recipient); } } else { $recipients[] = intval($vbulletin->GPC['userid']); } $users = $db->query_read_slave("\n\t\t\t\t\tSELECT usertextfield.*, user.*, userlist.type\n\t\t\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid=user.userid)\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist ON(user.userid = userlist.userid AND userlist.relationid = " . $vbulletin->userinfo['userid'] . " AND userlist.type = 'buddy')\n\t\t\t\t\tWHERE user.userid IN(" . implode(', ', $recipients) . ")\n\t\t\t\t"); $recipients = array(); while ($user = $db->fetch_array($users)) { $user = array_merge($user, convert_bits_to_array($user['options'], $vbulletin->bf_misc_useroptions)); cache_permissions($user, false); if (!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and (!$user['receivepm'] or !$user['permissions']['pmquota'] or $user['receivepmbuddies'] and !can_moderate() and $user['type'] != 'buddy')) { eval(standard_error(fetch_error('pmrecipturnedoff', $user['username']))); } $recipients[] = $user['username']; } if (empty($recipients)) { $pm['recipients'] = ''; } else { $pm['recipients'] = implode(' ; ', $recipients); } } ($hook = vBulletinHook::fetch_hook('private_newpm_blank')) ? eval($hook) : false; } construct_checkboxes(array('savecopy' => true, 'parseurl' => true, 'signature' => iif($vbulletin->userinfo['signature'] !== '', true))); $show['bcclink'] = true;
function post_save_each($doquery = true) { $blogid = intval($this->fetch_field('blogid')); $userid = intval($this->fetch_field('userid')); $blogtextid = $this->fetch_field('blogtextid'); $postedby_userid = intval($this->fetch_field('postedby_userid')); require_once(DIR . '/vb/search/indexcontroller/queue.php'); vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogEntry', 'index', $blogid); vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogComment', 'group_data_change', $blogid); if (!$condition AND $this->info['addtags']) { // invalidate users tag cloud $dataman =& datamanager_init('Blog_User', $this->registry, ERRTYPE_SILENT); $info = array('bloguserid' => $userid); $dataman->set_existing($info); $dataman->set('tagcloud', ''); $dataman->save(); } $this->build_category_counters(); build_blog_stats(); // Insert entry for moderation if ($this->fetch_field('state') == 'moderation') { /*insert query*/ $this->dbobject->query_write(" INSERT IGNORE INTO " . TABLE_PREFIX . "blog_moderation (primaryid, type, dateline) VALUES ($blogid, 'blogid', " . TIMENOW . ") "); } // Insert entry for moderation if (!$this->condition AND ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') OR $this->fetch_field('pending')) { $userinfo = array('bloguserid' => $userid); $userdata =& datamanager_init('Blog_user', $this->registry, ERRTYPE_SILENT); $userdata->set_existing($userinfo); if ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') { $userdata->set($this->fetch_field('state'), $this->fetch_field('state') . ' + 1', false); } if ($this->fetch_field('pending')) { $userdata->set('pending', 'pending + 1', false); } $userdata->save(); } // Send Email Notification if (((!$this->condition AND !$this->fetch_field('pending')) OR $this->info['send_notification']) AND ($this->fetch_field('state') == 'visible' OR $this->fetch_field('state') == 'moderation') AND $this->registry->options['enableemail']) { $lastposttime = $this->dbobject->query_first(" SELECT MAX(dateline) AS dateline FROM " . TABLE_PREFIX . "blog AS blog WHERE blogid = $blogid AND dateline < " . $this->fetch_field('dateline') . " AND state = 'visible' "); $entrytitle = unhtmlspecialchars($this->fetch_field('title')); if (defined('VBBLOG_PERMS') AND $this->registry->userinfo['userid'] == $this->fetch_field('userid')) { $blogtitle = unhtmlspecialchars($this->registry->userinfo['blog_title']); $username = unhtmlspecialchars($this->registry->userinfo['username']); $userinfo =& $this->registry->userinfo; } else { if (!defined('VBBLOG_PERMS')) { // Tell the fetch_userinfo plugin that we need the blog fields in case this class is being called by a non blog script define('VBBLOG_PERMS', true); } $userinfo = fetch_userinfo($this->fetch_field('userid'), 1); cache_permissions($userinfo, false); $blogtitle = unhtmlspecialchars($userinfo['blog_title']); if ($userinfo['userid'] != $this->fetch_field('userid')) { $userinfo2 = fetch_userinfo($this->fetch_field('userid'), 1); $username = unhtmlspecialchars($userinfo2['username']); } else { $username = unhtmlspecialchars($userinfo['username']); } } require_once(DIR . '/includes/class_bbcode_alt.php'); $plaintext_parser = new vB_BbCodeParser_PlainText($this->registry, fetch_tag_list()); $pagetext_cache = array(); // used to cache the results per languageid for speed $pagetext_orig =& $this->fetch_field('pagetext', 'blog_text'); ($hook = vBulletinHook::fetch_hook('blog_user_notification_start')) ? eval($hook) : false; $useremails = $this->dbobject->query_read_slave(" SELECT user.*, blog_subscribeuser.blogsubscribeuserid, bm.blogmoderatorid, ignored.relationid AS ignoreid, buddy.relationid AS buddyid, bu.isblogmoderator, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid FROM " . TABLE_PREFIX . "blog_subscribeuser AS blog_subscribeuser INNER JOIN " . TABLE_PREFIX . "user AS user ON (blog_subscribeuser.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "blog_moderator AS bm ON (bm.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = $userid AND buddy.relationid = user.userid AND buddy.type = 'buddy') LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = $userid AND ignored.relationid = user.userid AND ignored.type = 'ignore') LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = user.userid) WHERE blog_subscribeuser.bloguserid = $userid AND " . ($userid == $postedby_userid ? "blog_subscribeuser.userid <> $userid AND" : "") . " blog_subscribeuser.type = 'email' AND user.usergroupid <> 3 AND user.lastactivity >= " . intval($lastposttime['dateline']) . " "); vbmail_start(); $setoptions = $this->fetch_field('options'); $evalemail = array(); while ($touser = $this->dbobject->fetch_array($useremails)) { cache_permissions($touser, false); // only send private entries to contacts and moderators if ($setoptions["{$this->bitfields['options']['private']}"] AND !$touser['buddyid'] AND !$touser['blogmoderatorid'] AND !is_member_of_blog($touser, $userinfo)) { continue; } if (!($this->registry->usergroupcache["$touser[usergroupid]"]['genericoptions'] & $this->registry->bf_ugp_genericoptions['isnotbannedgroup'])) { continue; } if ($this->fetch_field('state') == 'moderation') { if ($touser['userid'] != $userid AND !can_moderate_blog('canmoderateentries', $touser)) { continue; } } if (!empty($this->info['categories'])) { prepare_blog_category_permissions($touser); if (array_intersect($touser['blogcategorypermissions']['cantview'], $this->info['categories']) AND $userinfo['userid'] != $touser['userid']) { continue; } } if (!($touser['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { continue; } else if ( !$touser['blogmoderatorid'] AND !($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']) AND !($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['ismoderator']) AND (!$userinfo['ignore_canviewmyblog'] OR !$touser['ignoreid']) AND (!$userinfo['buddy_canviewmyblog'] OR !$touser['buddyid']) AND (!$userinfo['member_canviewmyblog'] OR (!$userinfo['buddy_canviewmyblog'] AND $touser['budyid']) OR (!$userinfo['ignore_canviewmyblog'] AND $touser['ignoreid'])) AND !is_member_of_blog($touser, $userinfo) ) { continue; } $touser['username'] = unhtmlspecialchars($touser['username']); $touser['languageid'] = iif($touser['languageid'] == 0, $this->registry->options['languageid'], $touser['languageid']); $touser['auth'] = md5($touser['userid'] . $touser['blogsubscribeuserid'] . $touser['salt'] . COOKIE_SALT); if (empty($evalemail)) { $email_texts = $this->dbobject->query_read_slave(" SELECT text, languageid, fieldname FROM " . TABLE_PREFIX . "phrase WHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'blog_user_notify' "); while ($email_text = $this->dbobject->fetch_array($email_texts)) { $emails["$email_text[languageid]"]["$email_text[fieldname]"] = $email_text['text']; } require_once(DIR . '/includes/functions_misc.php'); foreach ($emails AS $languageid => $email_text) { // lets cycle through our array of notify phrases $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody']))); $text_message = replace_template_variables($text_message); $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject']))); $text_subject = replace_template_variables($text_subject); $evalemail["$languageid"] = ' $message = "' . $text_message . '"; $subject = "' . $text_subject . '"; '; } } // parse the page text into plain text, taking selected language into account if (!isset($pagetext_cache["$touser[languageid]"])) { $plaintext_parser->set_parsing_language($touser['languageid']); $pagetext_cache["$touser[languageid]"] = $plaintext_parser->parse($pagetext_orig); } $pagetext = $pagetext_cache["$touser[languageid]"]; ($hook = vBulletinHook::fetch_hook('blog_user_notification_message')) ? eval($hook) : false; eval(iif(empty($evalemail["$touser[languageid]"]), $evalemail["-1"], $evalemail["$touser[languageid]"])); vbmail($touser['email'], $subject, $message); } unset($plaintext_parser, $pagetext_cache); vbmail_end(); } $this->post_save_each_blogtext($doquery); if ($this->fetch_field('dateline') <= TIMENOW) { $this->insert_dupehash($this->fetch_field('blogid')); } if ($this->condition AND $this->info['emailupdate'] == 'none' AND ($userid != $this->registry->userinfo['userid'] OR ($userid == $this->registry->userinfo['userid'] AND $this->existing['entrysubscribed']))) { $this->dbobject->query_write(" DELETE FROM " . TABLE_PREFIX . "blog_subscribeentry WHERE blogid = $blogid AND userid = $userid "); } else if ($this->info['emailupdate'] == 'email' OR $this->info['emailupdate'] == 'usercp') { $this->dbobject->query_write(" REPLACE INTO " . TABLE_PREFIX . "blog_subscribeentry (blogid, dateline, type, userid) VALUES ($blogid, " . TIMENOW . ", '" . $this->info['emailupdate'] . "', $userid) "); } ($hook = vBulletinHook::fetch_hook('blog_fpdata_postsave')) ? eval($hook) : false; }
print_label_row($bitfieldnames["$val"], '<b>' . $vbphrase['no'] . '</b>'); } } } print_table_footer(); } // ###################### Start viewing resources for specific user ######################## if ($_REQUEST['do'] == 'viewuser') { $userinfo = fetch_userinfo($vbulletin->GPC['userid']); if (!$userinfo) { print_stop_message('invalid_user_specified'); } $perms = cache_permissions($userinfo); print_form_header('', ''); print_table_header($userinfo['username'] . " <span class=\"normal\">(userid: $userinfo[userid])</span>"); foreach ($userinfo['forumpermissions'] AS $forumid => $forumperms) { print_table_header($vbulletin->forumcache["$forumid"]['title'] . " <span class=\"normal\">(forumid: $forumid)</span>"); foreach ($vbulletin->bf_ugp_forumpermissions AS $key => $val) { if (bitwise($userinfo['forumpermissions']["$forumid"], $val)) { print_label_row($bitfieldnames["$val"], '<b>' . $vbphrase['yes'] . '</b>'); } else
function check_attachment_overage() { if ($this->registry->options['attachtotalspace']) { $attachdata = $this->registry->db->query_first_slave("SELECT SUM(filesize) AS sum FROM " . TABLE_PREFIX . "attachment"); if ($attachdata['sum'] + $this->upload['filesize'] > $this->registry->options['attachtotalspace']) { $overage = vb_number_format($attachdata['sum'] + $this->upload['filesize'] - $this->registry->options['attachtotalspace'], 1, true); $admincpdir = $this->registry->config['Misc']['admincpdir']; eval(fetch_email_phrases('attachfull', 0)); vbmail($this->registry->options['webmasteremail'], $subject, $message); $this->set_error('upload_attachfull_total', $overage); return false; } } if ($this->userinfo['permissions']['attachlimit']) { // Get forums that allow canview access if (!isset($this->userinfo['forumpermissions'])) { cache_permissions($this->userinfo, true); } $forumids = ''; foreach ($this->userinfo['forumpermissions'] as $forumid => $fperm) { if ($fperm & $this->registry->bf_ugp_forumpermissions['canview'] and $fperm & $this->registry->bf_ugp_forumpermissions['canviewthreads'] and $fperm & $this->registry->bf_ugp_forumpermissions['cangetattachment']) { $forumids .= ",{$forumid}"; } } $attachdata = $this->registry->db->query_first_slave("\n\t\t\t\tSELECT SUM(attachment.filesize) AS sum\n\t\t\t\tFROM " . TABLE_PREFIX . "attachment AS attachment\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = attachment.postid)\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "thread AS thread ON (post.threadid = thread.threadid)\n\t\t\t\tWHERE attachment.userid = " . $this->userinfo['userid'] . "\n\t\t\t\t\tAND\t((thread.forumid IN (0{$forumids}) AND post.visible <> 2 AND thread.visible <> 2) OR attachment.postid = 0)\n\t\t\t"); if ($attachdata['sum'] + $this->upload['filesize'] > $this->userinfo['permissions']['attachlimit']) { $overage = vb_number_format($attachdata['sum'] + $this->upload['filesize'] - $this->userinfo['permissions']['attachlimit'], 1, true); $this->set_error('upload_attachfull_user', $overage, $this->registry->session->vars['sessionurl']); return false; } } if ($this->userinfo['userid'] and !$this->registry->options['allowduplicates']) { // read file $filehash = empty($this->upload['filestuff']) ? md5_file($this->upload['location']) : md5($this->upload['filestuff']); if (!isset($this->userinfo['forumpermissions'])) { cache_permissions($this->userinfo, true); } $forumids = ''; foreach ($this->userinfo['forumpermissions'] as $forumid => $perm) { if ($perm & $this->registry->bf_ugp_forumpermissions['canview'] and $perm & $this->registry->bf_ugp_forumpermissions['canviewthreads'] and $perm & $this->registry->bf_ugp_forumpermissions['cangetattachment']) { $forumids .= ",{$forumid}"; } } if ($threadresult = $this->registry->db->query_first_slave("\n\t\t\t\tSELECT post.postid, post.threadid, thread.title, posthash, attachment.filename\n\t\t\t\tFROM " . TABLE_PREFIX . "attachment AS attachment\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = attachment.postid)\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "thread AS thread ON (thread.threadid = post.threadid)\n\t\t\t\tWHERE attachment.userid = " . $this->userinfo['userid'] . "\n\t\t\t\t\tAND attachment.filehash = '" . $this->registry->db->escape_string($filehash) . "'\n\t\t\t\t\tAND ((thread.forumid IN (0{$forumids}) AND post.visible = 1 AND thread.visible = 1) OR attachment.postid = 0)\n\t\t\t\tLIMIT 1\n\t\t\t")) { // Attachment of an existing post if ($threadresult['postid']) { if ($this->postinfo['postid'] != $threadresult['postid'] or $this->upload['filename'] != $threadresult['filename']) { // doesn't belong to our post or the filename differs so it won't be overwritten $this->set_error('upload_attachexists', $this->registry->session->vars['sessionurl'], $threadresult['threadid'], $threadresult['title']); return false; } } else { // Attachment currently being added or abandoned if ($threadresult['posthash'] != $this->postinfo['posthash']) { // Doesn't belong to our post if ($this->userinfo['userid'] == $this->registry->userinfo['userid']) { $this->set_error('upload_attach_in_progress_delete_here', $this->registry->session->vars['sessionurl']); } else { $this->set_error('upload_attach_in_progress', $this->registry->session->vars['sessionurl']); } return false; } else { if ($this->upload['filename'] != $threadresult['filename']) { // Belongs to our post but has a different filename //-> won't be overwritten so don't allow $this->set_error('upload_attach_exists_this_post'); return false; } } } } } return true; }
$user['extended_type'] = $user['type']; if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends']) { switch ($user['friend']) { case 'yes': $user['extended_type'] = 'friend'; break; case 'pending': case 'denied': $user['extended_type'] = 'outgoing'; break; default: ($hook = vBulletinHook::fetch_hook('profile_contactlist_listtype')) ? eval($hook) : false; } } fetch_avatar_from_userinfo($user, true); cache_permissions($user); $container = 'buddylist'; $show['incomingrequest'] = false; $show['outgoingrequest'] = $user['extended_type'] == 'outgoing'; $friendcheck_checked = $user['extended_type'] == 'friend' ? ' checked="checked"' : ''; $user['checked'] = ' checked="checked"'; $friend_list["{$user['userid']}"] = $user['friend']; $show['friend_checkbox'] = ($show['friend_controls'] and $user['permissions']['genericpermissions2'] & $vbulletin->bf_ugp_genericpermissions2['canusefriends'] and $vbulletin->userinfo['userid'] != $user['userid'] or !empty($friendcheck_checked) and $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends']); eval('$buddylist .= "' . fetch_template('modifybuddylist_user') . '";'); } $buddycount = $db->num_rows($users_result); $incomingcount = 0; $users_result = $db->query_read_slave("\n\t\tSELECT user.*, userlist.type, userlist.friend\n\t\t" . ($vbulletin->options['avatarenabled'] ? ', avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline, customavatar.width_thumb AS avwidth_thumb, customavatar.height_thumb AS avheight_thumb, customavatar.width as avwidth, customavatar.height as avheight, customavatar.filedata_thumb' : '') . "\n\t\tFROM " . TABLE_PREFIX . "userlist AS userlist\n\t\tLEFT JOIN " . TABLE_PREFIX . "userlist AS userlist_ignore ON (userlist_ignore.userid = " . $vbulletin->userinfo['userid'] . " AND userlist_ignore.relationid = userlist.userid AND userlist_ignore.type = 'ignore')\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = userlist.userid)\n\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON (avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON (customavatar.userid = user.userid) " : '') . "\n\t\tWHERE userlist.relationid = " . $vbulletin->userinfo['userid'] . " AND userlist.type = 'buddy' AND userlist.friend = 'pending' AND userlist_ignore.type IS NULL\n\t\tORDER BY user.username\n\t"); while ($user = $db->fetch_array($users_result)) { // User is a friend already, the other side must have a broken relationship. update theirs if ($friend_list["{$user['userid']}"] == 'yes') {
<?php # Zoints Thread Tags System # # Copyright 2006 Zoints Inc. # This code may not be redistributed without prior written consent. # error_reporting(E_ALL & ~E_NOTICE); if (!is_object($vbulletin->db)) { exit; } if ($vbulletin->options['zointstags_on'] and $vbulletin->options['zointstags_zoints'] and !empty($vbulletin->options['zointstags_token']) and !empty($vbulletin->options['zointstags_authkey'])) { # only get publicly viewable threads $guest = array(); cache_permissions($guest); $visible = array(); foreach ($vbulletin->forumcache as $forumid => $forum) { $forumperms = $guest['forumpermissions']["{$forumid}"]; if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) and !$vbulletin->options['showprivateforums'] or !$forum['displayorder'] or !($forum['options'] & $vbulletin->bf_misc_forumoptions['active'])) { continue; } $visible[] = $forumid; } if (!count($visible)) { $visible = array(0); } # get recently changed tags from db $threads = array(); $threadids = array(); $firstpostids = array(); $_threads = $vbulletin->db->query_read("\n\t\tSELECT thread.* FROM " . TABLE_PREFIX . "zoints_tag_update ztu\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread thread ON(ztu.threadid = thread.threadid)\n\t\tWHERE thread.forumid IN(" . implode(',', $visible) . ")\n\t\tLIMIT 250\n\t");