public function main($id, $mode) { global $db, $user, $src_admin_path, $src_root_path, $phpEx, $template, $request, $cache, $auth, $config; $this->db = $db; $this->user = $user; $this->template = $template; $this->request = $request; $this->cache = $cache; $this->auth = $auth; $this->config = $config; $this->src_root_path = $src_root_path; $this->php_ext = $phpEx; $this->default_style = $config['default_style']; $this->styles_path = $this->src_root_path . $this->styles_path_absolute . '/'; $this->u_base_action = append_sid("{$src_admin_path}index.{$this->php_ext}", "i={$id}"); $this->s_hidden_fields = array('mode' => $mode); $this->user->add_lang('acp/styles'); $this->tpl_name = 'acp_styles'; $this->page_title = 'ACP_CAT_STYLES'; $this->mode = $mode; $action = $this->request->variable('action', ''); $post_actions = array('install', 'activate', 'deactivate', 'uninstall'); foreach ($post_actions as $key) { if ($this->request->is_set_post($key)) { $action = $key; } } // The uninstall action uses confirm_box() to verify the validity of the request, // so there is no need to check for a valid token here. if (in_array($action, $post_actions) && $action != 'uninstall') { $is_valid_request = check_link_hash($request->variable('hash', ''), $action) || check_form_key('styles_management'); if (!$is_valid_request) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } } if ($action != '') { $this->s_hidden_fields['action'] = $action; } $this->template->assign_vars(array('U_ACTION' => $this->u_base_action, 'S_HIDDEN_FIELDS' => build_hidden_fields($this->s_hidden_fields))); // Execute actions switch ($action) { case 'install': $this->action_install(); return; case 'uninstall': $this->action_uninstall(); return; case 'activate': $this->action_activate(); return; case 'deactivate': $this->action_deactivate(); return; case 'details': $this->action_details(); return; default: $this->frontend(); } }
/** * Update BBCode order fields in the db on move up/down * * @param string $action The action move_up|move_down * @return null * @access public */ public function move($action) { $bbcode_id = $this->request->variable('id', 0); if (!check_link_hash($this->request->variable('hash', ''), $action . $bbcode_id)) { trigger_error($this->user->lang('FORM_INVALID'), E_USER_WARNING); } // Get current order $sql = 'SELECT bbcode_order FROM ' . BBCODES_TABLE . "\n\t\t\tWHERE bbcode_id = {$bbcode_id}"; $result = $this->db->sql_query($sql); $current_order = (int) $this->db->sql_fetchfield('bbcode_order'); $this->db->sql_freeresult($result); // First one can't be moved up if ($current_order <= 1 && $action == 'move_up') { return; } $order_total = $current_order * 2 + $this->increment($action); // Update the db $sql = 'UPDATE ' . BBCODES_TABLE . ' SET bbcode_order = ' . $order_total . ' - bbcode_order WHERE ' . $this->db->sql_in_set('bbcode_order', array($current_order, $current_order + $this->increment($action))); $this->db->sql_query($sql); // Resync bbcode_order $this->resynchronize_bbcode_order(); // return a JSON response if this was an AJAX request if ($this->request->is_ajax()) { $json_response = new \phpbb\json_response(); $json_response->send(array('success' => (bool) $this->db->sql_affectedrows())); } }
/** * {@inheritdoc} */ public function handle($forum_id) { // Throw an exception for non-AJAX requests or invalid link requests if (!$this->request->is_ajax() || !$this->is_valid($forum_id) || !check_link_hash($this->request->variable('hash', ''), 'collapsible_' . $forum_id)) { throw new \phpbb\exception\http_exception(403, 'NO_AUTH_OPERATION'); } // Update the user's collapsed category data for the given forum $response = $this->operator->set_user_categories($forum_id); // Return a JSON response return new \Symfony\Component\HttpFoundation\JsonResponse(array('success' => $response)); }
/** * Run requested tool. * * @param string $tool Tool. * @param int $id Revision id. * * @return \Symfony\Component\HttpFoundation\Response */ public function run_tool($tool, $id) { if (!in_array($tool, array('automod', 'mpv', 'epv'))) { return $this->helper->error('INVALID_TOOL', 404); } // Check the hash first to avoid unnecessary queries. if (!check_link_hash($this->request->variable('hash', ''), 'queue_tool')) { return $this->helper->error('PAGE_REQUEST_INVALID'); } $this->load_objects($id); if (!$this->contrib->type->acl_get('view')) { return $this->helper->needs_auth(); } return $this->{$tool}(); }
/** * Delegates the requested action to the appropriate method. * * @param int $id Attention item id. * @param string $action Action. * * @return \Symfony\Component\HttpFoundation\Response */ public function item_action($id, $action) { if (!in_array($action, array('approve', 'disapprove', 'close', 'delete'))) { return $this->helper->error('INVALID_ACTION', 404); } $this->user->add_lang('mcp'); $this->load_item($id); if (!$this->check_auth(true)) { return $this->helper->needs_auth(); } if (!check_link_hash($this->request->variable('hash', ''), 'attention_action')) { redirect($this->attention->get_report_url()); } return $this->{$action}(); }
public function move($action) { if ($action == 'drag_drop') { if (!$this->request->is_ajax()) { return; } $tablename = $this->request->variable('tablename', ''); $bbcodes_list = $this->request->variable($tablename, array(0 => '')); foreach ($bbcodes_list as $order => $bbcode_id) { if ($order == 0) { continue; } $sql = 'UPDATE ' . BBCODES_TABLE . ' SET bbcode_order = ' . $order . ' WHERE bbcode_id = ' . (int) $bbcode_id; $this->db->sql_query($sql); } $this->resynchronize_bbcode_order(); $json_response = new \phpbb\json_response(); $json_response->send(array('success' => true)); } else { $bbcode_id = $this->request->variable('id', 0); if (!check_link_hash($this->request->variable('hash', ''), $action . $bbcode_id)) { trigger_error($this->user->lang('FORM_INVALID'), E_USER_WARNING); } $sql = 'SELECT bbcode_order FROM ' . BBCODES_TABLE . "\n\t\t\t\tWHERE bbcode_id = {$bbcode_id}"; $result = $this->db->sql_query($sql); $current_order = (int) $this->db->sql_fetchfield('bbcode_order'); $this->db->sql_freeresult($result); if ($current_order <= 1 && $action == 'move_up') { return; } $order_total = $current_order * 2 + ($action == 'move_up' ? -1 : 1); $sql = 'UPDATE ' . BBCODES_TABLE . ' SET bbcode_order = ' . $order_total . ' - bbcode_order WHERE bbcode_order IN (' . $current_order . ', ' . ($action == 'move_up' ? $current_order - 1 : $current_order + 1) . ')'; $this->db->sql_query($sql); $this->resynchronize_bbcode_order(); if ($this->request->is_ajax()) { $json_response = new \phpbb\json_response(); $json_response->send(array('success' => (bool) $this->db->sql_affectedrows())); } } }
/** * Shorten the amount of code required for some places * * @param mixed $object_type * @param mixed $object_id * @param mixed $url */ public static function handle_subscriptions($object_type, $object_id, $url) { if (!phpbb::$user->data['is_registered']) { // Cannot currently handle non-registered users return; } $subscribe = request_var('subscribe', ''); if ($subscribe == 'subscribe' && check_link_hash(request_var('hash', ''), 'subscribe')) { titania_subscriptions::subscribe($object_type, $object_id); } else { if ($subscribe == 'unsubscribe' && check_link_hash(request_var('hash', ''), 'unsubscribe')) { titania_subscriptions::unsubscribe($object_type, $object_id); } } if (titania_subscriptions::is_subscribed($object_type, $object_id)) { phpbb::$template->assign_vars(array('IS_SUBSCRIBED' => true, 'U_SUBSCRIBE' => titania_url::append_url($url, array('subscribe' => 'unsubscribe', 'hash' => generate_link_hash('unsubscribe'))))); } else { phpbb::$template->assign_vars(array('U_SUBSCRIBE' => titania_url::append_url($url, array('subscribe' => 'subscribe', 'hash' => generate_link_hash('subscribe'))))); } }
/** * Start travel * * @param $travel_id * @return void */ public function startTravelAction($travel_id) { //Check the request if (!$this->is_valid($travel_id) || !check_link_hash($this->request->variable('hash', ''), 'travel_' . $travel_id)) { throw new \phpbb\exception\http_exception(403, 'NO_AUTH_OPERATION'); } //Load ConsimUser $consim_user = $this->userService->getCurrentUser(); //Check, if user not active if ($consim_user->getActive()) { throw new \phpbb\exception\http_exception(403, 'NO_AUTH_OPERATION'); } //Get Infos about the Route $route = $this->routeService->findRoute($consim_user->getLocationId(), $travel_id); $now = time(); $this->container->get('consim.core.entity.action')->setUserId($consim_user->getUserId())->setLocationId($consim_user->getLocationId())->setStartTime($now)->setEndTime($now + $route->getTime() / 10)->setRouteId($route->getId())->setResult('')->insert(); //$consim_user->setLocation($travel_id); //$consim_user->save(); //Reload the Consim Index redirect($this->helper->route('consim_core_index')); }
/** * Shorten the amount of code required for some places * * @param mixed $object_type * @param mixed $object_id * @param mixed $url * @param string $lang_key Language key to use in link */ public function handle_subscriptions($object_type, $object_id, $url, $lang_key = 'SUBSCRIBE') { if (!$this->user->data['is_registered']) { // Cannot currently handle non-registered users return; } $action = $this->request->variable('subscribe', ''); $action = in_array($action, array('subscribe', 'unsubscribe')) ? $action : false; $hash = $this->request->variable('hash', ''); if ($action && check_link_hash($hash, $action)) { $this->{$action}($object_type, $object_id); } $is_subscribed = $this->is_subscribed($object_type, $object_id); $action = 'subscribe'; if ($is_subscribed) { $action = 'unsubscribe'; $lang_key = 'UN' . $lang_key; } $params = array('subscribe' => $action, 'hash' => generate_link_hash($action)); $this->template->assign_vars(array('IS_SUBSCRIBED' => $is_subscribed, 'U_SUBSCRIBE' => $this->path_helper->append_url_params($url, $params), 'L_SUBSCRIBE_TYPE' => $this->user->lang($lang_key))); }
/** * Board Announcements controller accessed from the URL /boardannouncements/close * * @throws \phpbb\exception\http_exception An http exception * @return \Symfony\Component\HttpFoundation\JsonResponse A Symfony JSON Response object * @access public */ public function close_announcement() { // Check the link hash to protect against CSRF/XSRF attacks if (!check_link_hash($this->request->variable('hash', ''), 'close_boardannouncement') || !$this->config['board_announcements_dismiss']) { throw new \phpbb\exception\http_exception(403, 'NO_AUTH_OPERATION'); } // Set a cookie $response = $this->set_board_announcement_cookie(); // Close the announcement for registered users if ($this->user->data['is_registered']) { $response = $this->update_board_announcement_status(); } // Send a JSON response if an AJAX request was used if ($this->request->is_ajax()) { return new \Symfony\Component\HttpFoundation\JsonResponse(array('success' => $response)); } // Redirect the user back to their last viewed page (non-AJAX requests) $redirect = $this->request->variable('redirect', $this->user->data['session_page']); $redirect = reapply_sid($redirect); redirect($redirect); // We shouldn't get here, but throw an http exception just in case throw new \phpbb\exception\http_exception(500, 'GENERAL_ERROR'); }
$phpEx = substr(strrchr(__FILE__, '.'), 1); include $phpbb_root_path . 'common.' . $phpEx; include $phpbb_root_path . 'includes/functions_display.' . $phpEx; // Start session management $user->session_begin(); $auth->acl($user->data); $user->setup('viewforum'); // Mark notifications read if ($mark_notification = $request->variable('mark_notification', 0)) { if ($user->data['user_id'] == ANONYMOUS) { if ($request->is_ajax()) { trigger_error('LOGIN_REQUIRED'); } login_box('', $user->lang['LOGIN_REQUIRED']); } if (check_link_hash($request->variable('hash', ''), 'mark_notification_read')) { /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); $notification = $phpbb_notifications->load_notifications(array('notification_id' => $mark_notification)); if (isset($notification['notifications'][$mark_notification])) { $notification = $notification['notifications'][$mark_notification]; $notification->mark_read(); if ($request->is_ajax()) { $json_response = new \phpbb\json_response(); $json_response->send(array('success' => true)); } if ($redirect = $request->variable('redirect', '')) { redirect(append_sid($phpbb_root_path . $redirect)); } redirect($notification->get_redirect_url()); }
// General Viewtopic URL for return links $viewtopic_url = append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", "f={$forum_id}&t={$topic_id}" . ($start == 0 ? '' : "&start={$start}") . (strlen($u_sort_param) ? "&{$u_sort_param}" : '') . ($highlight_match ? "&hilit={$highlight}" : '')); // Are we watching this topic? $s_watching_topic = array('link' => '', 'link_toggle' => '', 'title' => '', 'title_toggle' => '', 'is_watching' => false); if ($config['allow_topic_notify']) { $notify_status = isset($topic_data['notify_status']) ? $topic_data['notify_status'] : null; watch_topic_forum('topic', $s_watching_topic, $user->data['user_id'], $forum_id, $topic_id, $notify_status, $start, $topic_data['topic_title']); // Reset forum notification if forum notify is set if ($config['allow_forum_notify'] && $auth->acl_get('f_subscribe', $forum_id)) { $s_watching_forum = $s_watching_topic; watch_topic_forum('forum', $s_watching_forum, $user->data['user_id'], $forum_id, 0); } } // Bookmarks if ($config['allow_bookmarks'] && $user->data['is_registered'] && $request->variable('bookmark', 0)) { if (check_link_hash($request->variable('hash', ''), "topic_{$topic_id}")) { if (!$topic_data['bookmarked']) { $sql = 'INSERT INTO ' . BOOKMARKS_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => $user->data['user_id'], 'topic_id' => $topic_id)); $db->sql_query($sql); } else { $sql = 'DELETE FROM ' . BOOKMARKS_TABLE . "\n\t\t\t\tWHERE user_id = {$user->data['user_id']}\n\t\t\t\t\tAND topic_id = {$topic_id}"; $db->sql_query($sql); } $message = $topic_data['bookmarked'] ? $user->lang['BOOKMARK_REMOVED'] : $user->lang['BOOKMARK_ADDED']; if (!$request->is_ajax()) { $message .= '<br /><br />' . $user->lang('RETURN_TOPIC', '<a href="' . $viewtopic_url . '">', '</a>'); } } else { $message = $user->lang['BOOKMARK_ERR']; if (!$request->is_ajax()) { $message .= '<br /><br />' . $user->lang('RETURN_TOPIC', '<a href="' . $viewtopic_url . '">', '</a>');
function main() { // Start the page global $config, $user, $template, $request, $phpbb_extension_manager, $db, $phpbb_root_path, $phpEx, $phpbb_log, $cache; $this->db = $db; $this->config = $config; $this->template = $template; $this->user = $user; $this->cache = $cache; $this->request = $request; $this->log = $phpbb_log; $user->add_lang(array('install', 'acp/extensions', 'migrator')); $this->page_title = 'ACP_EXTENSIONS'; $action = $request->variable('action', 'list'); $ext_name = $request->variable('ext_name', ''); // What is a safe limit of execution time? Half the max execution time should be safe. $safe_time_limit = ini_get('max_execution_time') / 2; $start_time = time(); // Cancel action if ($request->is_set_post('cancel')) { $action = 'list'; $ext_name = ''; } if (in_array($action, array('enable', 'disable', 'delete_data')) && !check_link_hash($request->variable('hash', ''), $action . '.' . $ext_name)) { trigger_error('FORM_INVALID', E_USER_WARNING); } // If they've specified an extension, let's load the metadata manager and validate it. if ($ext_name) { $md_manager = new \phpbb\extension\metadata_manager($ext_name, $config, $phpbb_extension_manager, $template, $user, $phpbb_root_path); try { $md_manager->get_metadata('all'); } catch (\phpbb\extension\exception $e) { trigger_error($e, E_USER_WARNING); } } // What are we doing? switch ($action) { case 'set_config_version_check_force_unstable': $force_unstable = $this->request->variable('force_unstable', false); if ($force_unstable) { $s_hidden_fields = build_hidden_fields(array('force_unstable' => $force_unstable)); confirm_box(false, $user->lang('EXTENSION_FORCE_UNSTABLE_CONFIRM'), $s_hidden_fields); } else { $config->set('extension_force_unstable', false); trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action)); } break; case 'list': default: if (confirm_box(true)) { $config->set('extension_force_unstable', true); trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action)); } $this->list_enabled_exts($phpbb_extension_manager); $this->list_disabled_exts($phpbb_extension_manager); $this->list_available_exts($phpbb_extension_manager); $this->template->assign_vars(array('U_VERSIONCHECK_FORCE' => $this->u_action . '&action=list&versioncheck_force=1', 'FORCE_UNSTABLE' => $config['extension_force_unstable'], 'U_ACTION' => $this->u_action)); add_form_key('version_check_settings'); $this->tpl_name = 'acp_ext_list'; break; case 'enable_pre': if (!$md_manager->validate_dir()) { trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!$md_manager->validate_enable()) { trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING); } $extension = $phpbb_extension_manager->get_extension($ext_name); if (!$extension->is_enableable()) { trigger_error($user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING); } if ($phpbb_extension_manager->is_enabled($ext_name)) { redirect($this->u_action); } $this->tpl_name = 'acp_ext_enable'; $template->assign_vars(array('PRE' => true, 'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')), 'U_ENABLE' => $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name))); break; case 'enable': if (!$md_manager->validate_dir()) { trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!$md_manager->validate_enable()) { trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING); } $extension = $phpbb_extension_manager->get_extension($ext_name); if (!$extension->is_enableable()) { trigger_error($user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING); } if ($phpbb_extension_manager->is_enabled($ext_name)) { redirect($this->u_action); } try { while ($phpbb_extension_manager->enable_step($ext_name)) { // Are we approaching the time limit? If so we want to pause the update and continue after refreshing if (time() - $start_time >= $safe_time_limit) { $template->assign_var('S_NEXT_STEP', true); meta_refresh(0, $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name)); } } $this->log->add('admin', $user->data['user_id'], $user->ip, 'LOG_EXT_ENABLE', time(), array($ext_name)); } catch (\phpbb\db\migration\exception $e) { $template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($user)); } $this->tpl_name = 'acp_ext_enable'; $template->assign_vars(array('U_RETURN' => $this->u_action . '&action=list')); break; case 'disable_pre': if (!$phpbb_extension_manager->is_enabled($ext_name)) { redirect($this->u_action); } $this->tpl_name = 'acp_ext_disable'; $template->assign_vars(array('PRE' => true, 'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')), 'U_DISABLE' => $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name))); break; case 'disable': if (!$phpbb_extension_manager->is_enabled($ext_name)) { redirect($this->u_action); } while ($phpbb_extension_manager->disable_step($ext_name)) { // Are we approaching the time limit? If so we want to pause the update and continue after refreshing if (time() - $start_time >= $safe_time_limit) { $template->assign_var('S_NEXT_STEP', true); meta_refresh(0, $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name)); } } $this->log->add('admin', $user->data['user_id'], $user->ip, 'LOG_EXT_DISABLE', time(), array($ext_name)); $this->tpl_name = 'acp_ext_disable'; $template->assign_vars(array('U_RETURN' => $this->u_action . '&action=list')); break; case 'delete_data_pre': if ($phpbb_extension_manager->is_enabled($ext_name)) { redirect($this->u_action); } $this->tpl_name = 'acp_ext_delete_data'; $template->assign_vars(array('PRE' => true, 'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')), 'U_PURGE' => $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name))); break; case 'delete_data': if ($phpbb_extension_manager->is_enabled($ext_name)) { redirect($this->u_action); } try { while ($phpbb_extension_manager->purge_step($ext_name)) { // Are we approaching the time limit? If so we want to pause the update and continue after refreshing if (time() - $start_time >= $safe_time_limit) { $template->assign_var('S_NEXT_STEP', true); meta_refresh(0, $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name)); } } $this->log->add('admin', $user->data['user_id'], $user->ip, 'LOG_EXT_PURGE', time(), array($ext_name)); } catch (\phpbb\db\migration\exception $e) { $template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($user)); } $this->tpl_name = 'acp_ext_delete_data'; $template->assign_vars(array('U_RETURN' => $this->u_action . '&action=list')); break; case 'details': // Output it to the template $md_manager->output_template_data(); try { $updates_available = $this->version_check($md_manager, $request->variable('versioncheck_force', false)); $template->assign_vars(array('S_UP_TO_DATE' => empty($updates_available), 'S_VERSIONCHECK' => true, 'UP_TO_DATE_MSG' => $this->user->lang(empty($updates_available) ? 'UP_TO_DATE' : 'NOT_UP_TO_DATE', $md_manager->get_metadata('display-name')))); foreach ($updates_available as $branch => $version_data) { $template->assign_block_vars('updates_available', $version_data); } } catch (\RuntimeException $e) { $template->assign_vars(array('S_VERSIONCHECK_STATUS' => $e->getCode(), 'VERSIONCHECK_FAIL_REASON' => $e->getMessage() !== $user->lang('VERSIONCHECK_FAIL') ? $e->getMessage() : '')); } $template->assign_vars(array('U_BACK' => $this->u_action . '&action=list', 'U_VERSIONCHECK_FORCE' => $this->u_action . '&action=details&versioncheck_force=1&ext_name=' . urlencode($md_manager->get_metadata('name')))); $this->tpl_name = 'acp_ext_details'; break; } }
public function main($id, $mode) { global $config, $template, $user, $request, $phpbb_container; global $phpbb_root_path, $phpEx; add_form_key('ucp_notification'); $start = $request->variable('start', 0); $form_time = $request->variable('form_time', 0); $form_time = $form_time <= 0 || $form_time > time() ? time() : $form_time; /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); switch ($mode) { case 'notification_options': $subscriptions = $phpbb_notifications->get_global_subscriptions(false); // Add/remove subscriptions if ($request->is_set_post('submit')) { if (!check_form_key('ucp_notification')) { trigger_error('FORM_INVALID'); } $notification_methods = $phpbb_notifications->get_subscription_methods(); foreach ($phpbb_notifications->get_subscription_types() as $group => $subscription_types) { foreach ($subscription_types as $type => $data) { foreach ($notification_methods as $method => $method_data) { if ($request->is_set_post(str_replace('.', '_', $type . '_' . $method_data['id'])) && (!isset($subscriptions[$type]) || !in_array($method_data['id'], $subscriptions[$type]))) { $phpbb_notifications->add_subscription($type, 0, $method_data['id']); } else { if (!$request->is_set_post(str_replace('.', '_', $type . '_' . $method_data['id'])) && isset($subscriptions[$type]) && in_array($method_data['id'], $subscriptions[$type])) { $phpbb_notifications->delete_subscription($type, 0, $method_data['id']); } } } if ($request->is_set_post(str_replace('.', '_', $type) . '_notification') && !isset($subscriptions[$type])) { $phpbb_notifications->add_subscription($type); } else { if (!$request->is_set_post(str_replace('.', '_', $type) . '_notification') && isset($subscriptions[$type])) { $phpbb_notifications->delete_subscription($type); } } } } meta_refresh(3, $this->u_action); $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } $this->output_notification_methods($phpbb_notifications, $template, $user, 'notification_methods'); $this->output_notification_types($subscriptions, $phpbb_notifications, $template, $user, 'notification_types'); $this->tpl_name = 'ucp_notifications'; $this->page_title = 'UCP_NOTIFICATION_OPTIONS'; break; case 'notification_list': default: // Mark all items read if ($request->variable('mark', '') == 'all' && check_link_hash($request->variable('token', ''), 'mark_all_notifications_read')) { $phpbb_notifications->mark_notifications_read(false, false, $user->data['user_id'], $form_time); meta_refresh(3, $this->u_action); $message = $user->lang['NOTIFICATIONS_MARK_ALL_READ_SUCCESS']; if ($request->is_ajax()) { $json_response = new \phpbb\json_response(); $json_response->send(array('MESSAGE_TITLE' => $user->lang['INFORMATION'], 'MESSAGE_TEXT' => $message, 'success' => true)); } $message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } // Mark specific notifications read if ($request->is_set_post('submit')) { if (!check_form_key('ucp_notification')) { trigger_error('FORM_INVALID'); } $mark_read = $request->variable('mark', array(0)); if (!empty($mark_read)) { $phpbb_notifications->mark_notifications_read_by_id($mark_read, $form_time); } } $notifications = $phpbb_notifications->load_notifications(array('start' => $start, 'limit' => $config['topics_per_page'], 'count_total' => true)); foreach ($notifications['notifications'] as $notification) { $template->assign_block_vars('notification_list', $notification->prepare_for_display()); } $base_url = append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i=ucp_notifications&mode=notification_list"); $start = $pagination->validate_start($start, $config['topics_per_page'], $notifications['total_count']); $pagination->generate_template_pagination($base_url, 'pagination', 'start', $notifications['total_count'], $config['topics_per_page'], $start); $template->assign_vars(array('TOTAL_COUNT' => $notifications['total_count'], 'U_MARK_ALL' => $base_url . '&mark=all&token=' . generate_link_hash('mark_all_notifications_read'))); $this->tpl_name = 'ucp_notifications'; $this->page_title = 'UCP_NOTIFICATION_LIST'; break; } $template->assign_vars(array('TITLE' => $user->lang($this->page_title), 'TITLE_EXPLAIN' => $user->lang($this->page_title . '_EXPLAIN'), 'MODE' => $mode, 'FORM_TIME' => time())); }
/** * Topic and forum watching common code */ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0) { global $template, $db, $user, $phpEx, $start, $phpbb_root_path; $table_sql = $mode == 'forum' ? FORUMS_WATCH_TABLE : TOPICS_WATCH_TABLE; $where_sql = $mode == 'forum' ? 'forum_id' : 'topic_id'; $match_id = $mode == 'forum' ? $forum_id : $topic_id; $u_url = "uid={$user->data['user_id']}"; $u_url .= $mode == 'forum' ? '&f' : '&f=' . $forum_id . '&t'; // Is user watching this thread? if ($user_id != ANONYMOUS) { $can_watch = true; if ($notify_status == 'unset') { $sql = "SELECT notify_status\n\t\t\t\tFROM {$table_sql}\n\t\t\t\tWHERE {$where_sql} = {$match_id}\n\t\t\t\t\tAND user_id = {$user_id}"; $result = $db->sql_query($sql); $notify_status = ($row = $db->sql_fetchrow($result)) ? $row['notify_status'] : NULL; $db->sql_freeresult($result); } if (!is_null($notify_status) && $notify_status !== '') { if (isset($_GET['unwatch'])) { $uid = request_var('uid', 0); if ($uid != $user_id) { $redirect_url = append_sid("{$phpbb_root_path}view{$mode}.{$phpEx}", "{$u_url}={$match_id}&start={$start}"); $message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); trigger_error($message); } if ($_GET['unwatch'] == $mode) { $is_watching = 0; $sql = 'DELETE FROM ' . $table_sql . "\n\t\t\t\t\t\tWHERE {$where_sql} = {$match_id}\n\t\t\t\t\t\t\tAND user_id = {$user_id}"; $db->sql_query($sql); } $redirect_url = append_sid("{$phpbb_root_path}view{$mode}.{$phpEx}", "{$u_url}={$match_id}&start={$start}"); meta_refresh(3, $redirect_url); $message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); trigger_error($message); } else { $is_watching = true; if ($notify_status) { $sql = 'UPDATE ' . $table_sql . "\n\t\t\t\t\t\tSET notify_status = 0\n\t\t\t\t\t\tWHERE {$where_sql} = {$match_id}\n\t\t\t\t\t\t\tAND user_id = {$user_id}"; $db->sql_query($sql); } } } else { if (isset($_GET['watch'])) { $token = request_var('hash', ''); $redirect_url = append_sid("{$phpbb_root_path}view{$mode}.{$phpEx}", "{$u_url}={$match_id}&start={$start}"); if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_{$match_id}")) { $is_watching = true; $sql = 'INSERT INTO ' . $table_sql . " (user_id, {$where_sql}, notify_status)\n\t\t\t\t\t\tVALUES ({$user_id}, {$match_id}, 0)"; $db->sql_query($sql); $message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); } else { $message = $user->lang['ERR_WATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); } meta_refresh(3, $redirect_url); trigger_error($message); } else { $is_watching = 0; } } } else { if (isset($_GET['unwatch']) && $_GET['unwatch'] == $mode) { login_box(); } else { $can_watch = 0; $is_watching = 0; } } if ($can_watch) { $s_watching['link'] = append_sid("{$phpbb_root_path}view{$mode}.{$phpEx}", "{$u_url}={$match_id}&" . ($is_watching ? 'unwatch' : 'watch') . "={$mode}&start={$start}&hash=" . generate_link_hash("{$mode}_{$match_id}")); $s_watching['title'] = $user->lang[($is_watching ? 'STOP' : 'START') . '_WATCHING_' . strtoupper($mode)]; $s_watching['is_watching'] = $is_watching; } return; }
/** * Handle action confirmation. * * @param string $title Confirmation title. * @return null */ protected function confirm_action($title) { $submit = $this->request->is_set('submit', \phpbb\request\request_interface::GET); $hash = $this->request->variable('hash', ''); if (confirm_box(true) || $submit && check_link_hash($hash, 'manage')) { return $this->tool->run_tool(); } else { confirm_box(false, $title); } }
/** * Move category. * * @param string $direction Direction: up|down * @return null */ protected function move($direction) { $hash = $this->request->variable('hash', ''); if (!check_link_hash($hash, 'category_action')) { redirect($this->category->get_manage_url()); } $this->category->move_category_by("move_{$direction}"); // Redirect back to parent category to avoid problems redirect($this->helper->route('phpbb.titania.manage.categories', array('id' => $this->category->parent_id))); }
function main($id, $mode) { global $db, $user, $template, $cache; global $config, $phpbb_root_path; global $request, $phpbb_container; $user->add_lang('acp/posting'); // Set up general vars $action = $request->variable('action', ''); $action = isset($_POST['add']) ? 'add' : $action; $action = isset($_POST['edit']) ? 'edit' : $action; $action = isset($_POST['import']) ? 'import' : $action; $icon_id = $request->variable('id', 0); $submit = $request->is_set_post('submit', false); $form_key = 'acp_icons'; add_form_key($form_key); $mode = $mode == 'smilies' ? 'smilies' : 'icons'; $this->tpl_name = 'acp_icons'; // What are we working on? switch ($mode) { case 'smilies': $table = SMILIES_TABLE; $lang = 'SMILIES'; $fields = 'smiley'; $img_path = $config['smilies_path']; break; case 'icons': $table = ICONS_TABLE; $lang = 'ICONS'; $fields = 'icons'; $img_path = $config['icons_path']; break; } $this->page_title = 'ACP_' . $lang; // Clear some arrays $_images = $_paks = array(); $notice = ''; // Grab file list of paks and images if ($action == 'edit' || $action == 'add' || $action == 'import') { $imglist = filelist($phpbb_root_path . $img_path, ''); foreach ($imglist as $path => $img_ary) { if (empty($img_ary)) { continue; } asort($img_ary, SORT_STRING); foreach ($img_ary as $img) { $img_size = getimagesize($phpbb_root_path . $img_path . '/' . $path . $img); if (!$img_size[0] || !$img_size[1] || strlen($img) > 255) { continue; } // adjust the width and height to be lower than 128px while perserving the aspect ratio (for icons) if ($mode == 'icons') { if ($img_size[0] > 127 && $img_size[0] > $img_size[1]) { $img_size[1] = (int) ($img_size[1] * (127 / $img_size[0])); $img_size[0] = 127; } else { if ($img_size[1] > 127) { $img_size[0] = (int) ($img_size[0] * (127 / $img_size[1])); $img_size[1] = 127; } } } $_images[$path . $img]['file'] = $path . $img; $_images[$path . $img]['width'] = $img_size[0]; $_images[$path . $img]['height'] = $img_size[1]; } } unset($imglist); if ($dir = @opendir($phpbb_root_path . $img_path)) { while (($file = readdir($dir)) !== false) { if (is_file($phpbb_root_path . $img_path . '/' . $file) && preg_match('#\\.pak$#i', $file)) { $_paks[] = $file; } } closedir($dir); if (!empty($_paks)) { asort($_paks, SORT_STRING); } } } // What shall we do today? Oops, I believe that's trademarked ... switch ($action) { case 'edit': unset($_images); $_images = array(); // no break; // no break; case 'add': $smilies = $default_row = array(); $smiley_options = $order_list = $add_order_list = ''; if ($action == 'add' && $mode == 'smilies') { $sql = 'SELECT * FROM ' . SMILIES_TABLE . ' ORDER BY smiley_order'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (empty($smilies[$row['smiley_url']])) { $smilies[$row['smiley_url']] = $row; } } $db->sql_freeresult($result); if (sizeof($smilies)) { foreach ($smilies as $row) { $selected = false; if (!$smiley_options) { $selected = true; $default_row = $row; } $smiley_options .= '<option value="' . $row['smiley_url'] . '"' . ($selected ? ' selected="selected"' : '') . '>' . $row['smiley_url'] . '</option>'; $template->assign_block_vars('smile', array('SMILEY_URL' => addslashes($row['smiley_url']), 'CODE' => addslashes($row['code']), 'EMOTION' => addslashes($row['emotion']), 'WIDTH' => $row['smiley_width'], 'HEIGHT' => $row['smiley_height'], 'ORDER' => $row['smiley_order'] + 1)); } } } $sql = "SELECT *\n\t\t\t\t\tFROM {$table}\n\t\t\t\t\tORDER BY {$fields}_order " . ($icon_id || $action == 'add' ? 'DESC' : 'ASC'); $result = $db->sql_query($sql); $data = array(); $after = false; $order_lists = array('', ''); $add_order_lists = array('', ''); $display_count = 0; while ($row = $db->sql_fetchrow($result)) { if ($action == 'add') { unset($_images[$row[$fields . '_url']]); } if ($row[$fields . '_id'] == $icon_id) { $after = true; $data[$row[$fields . '_url']] = $row; } else { if ($action == 'edit' && !$icon_id) { $data[$row[$fields . '_url']] = $row; } $selected = ''; if (!empty($after)) { $selected = ' selected="selected"'; $after = false; } if ($row['display_on_posting']) { $display_count++; } $after_txt = $mode == 'smilies' ? $row['code'] : $row['icons_url']; $order_lists[$row['display_on_posting']] = '<option value="' . ($row[$fields . '_order'] + 1) . '"' . $selected . '>' . sprintf($user->lang['AFTER_' . $lang], ' -> ' . $after_txt) . '</option>' . $order_lists[$row['display_on_posting']]; if (!empty($default_row)) { $add_order_lists[$row['display_on_posting']] = '<option value="' . ($row[$fields . '_order'] + 1) . '"' . ($row[$fields . '_id'] == $default_row['smiley_id'] ? ' selected="selected"' : '') . '>' . sprintf($user->lang['AFTER_' . $lang], ' -> ' . $after_txt) . '</option>' . $add_order_lists[$row['display_on_posting']]; } } } $db->sql_freeresult($result); $order_list = '<option value="1"' . (!isset($after) ? ' selected="selected"' : '') . '>' . $user->lang['FIRST'] . '</option>'; $add_order_list = '<option value="1">' . $user->lang['FIRST'] . '</option>'; if ($action == 'add') { $data = $_images; } $colspan = $mode == 'smilies' ? 7 : 6; $colspan += $icon_id ? 1 : 0; $colspan += $action == 'add' ? 2 : 0; $template->assign_vars(array('S_EDIT' => true, 'S_SMILIES' => $mode == 'smilies' ? true : false, 'S_ADD' => $action == 'add' ? true : false, 'S_ORDER_LIST_DISPLAY' => $order_list . $order_lists[1], 'S_ORDER_LIST_UNDISPLAY' => $order_list . $order_lists[0], 'S_ORDER_LIST_DISPLAY_COUNT' => $display_count + 1, 'L_TITLE' => $user->lang['ACP_' . $lang], 'L_EXPLAIN' => $user->lang['ACP_' . $lang . '_EXPLAIN'], 'L_CONFIG' => $user->lang[$lang . '_CONFIG'], 'L_URL' => $user->lang[$lang . '_URL'], 'L_LOCATION' => $user->lang[$lang . '_LOCATION'], 'L_WIDTH' => $user->lang[$lang . '_WIDTH'], 'L_HEIGHT' => $user->lang[$lang . '_HEIGHT'], 'L_ORDER' => $user->lang[$lang . '_ORDER'], 'L_NO_ICONS' => $user->lang['NO_' . $lang . '_' . strtoupper($action)], 'COLSPAN' => $colspan, 'ID' => $icon_id, 'U_BACK' => $this->u_action, 'U_ACTION' => $this->u_action . '&action=' . ($action == 'add' ? 'create' : 'modify'))); foreach ($data as $img => $img_row) { $template->assign_block_vars('items', array('IMG' => $img, 'A_IMG' => addslashes($img), 'IMG_SRC' => $phpbb_root_path . $img_path . '/' . $img, 'CODE' => $mode == 'smilies' && isset($img_row['code']) ? $img_row['code'] : '', 'EMOTION' => $mode == 'smilies' && isset($img_row['emotion']) ? $img_row['emotion'] : '', 'S_ID' => isset($img_row[$fields . '_id']) ? true : false, 'ID' => isset($img_row[$fields . '_id']) ? $img_row[$fields . '_id'] : 0, 'WIDTH' => !empty($img_row[$fields . '_width']) ? $img_row[$fields . '_width'] : $img_row['width'], 'HEIGHT' => !empty($img_row[$fields . '_height']) ? $img_row[$fields . '_height'] : $img_row['height'], 'TEXT_ALT' => $mode == 'icons' && !empty($img_row['icons_alt']) ? $img_row['icons_alt'] : $img, 'ALT' => $mode == 'icons' && !empty($img_row['icons_alt']) ? $img_row['icons_alt'] : '', 'POSTING_CHECKED' => !empty($img_row['display_on_posting']) || $action == 'add' ? ' checked="checked"' : '')); } // Ok, another row for adding an addition code for a pre-existing image... if ($action == 'add' && $mode == 'smilies' && sizeof($smilies)) { $template->assign_vars(array('S_ADD_CODE' => true, 'S_IMG_OPTIONS' => $smiley_options, 'S_ADD_ORDER_LIST_DISPLAY' => $add_order_list . $add_order_lists[1], 'S_ADD_ORDER_LIST_UNDISPLAY' => $add_order_list . $add_order_lists[0], 'IMG_SRC' => $phpbb_root_path . $img_path . '/' . $default_row['smiley_url'], 'IMG_PATH' => $img_path, 'CODE' => $default_row['code'], 'EMOTION' => $default_row['emotion'], 'WIDTH' => $default_row['smiley_width'], 'HEIGHT' => $default_row['smiley_height'])); } return; break; case 'create': case 'modify': if (!check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } // Get items to create/modify $images = isset($_POST['image']) ? array_keys($request->variable('image', array('' => 0))) : array(); // Now really get the items $image_id = isset($_POST['id']) ? $request->variable('id', array('' => 0)) : array(); $image_order = isset($_POST['order']) ? $request->variable('order', array('' => 0)) : array(); $image_width = isset($_POST['width']) ? $request->variable('width', array('' => 0)) : array(); $image_height = isset($_POST['height']) ? $request->variable('height', array('' => 0)) : array(); $image_add = isset($_POST['add_img']) ? $request->variable('add_img', array('' => 0)) : array(); $image_emotion = $request->variable('emotion', array('' => ''), true); $image_code = $request->variable('code', array('' => ''), true); $image_alt = $request->is_set_post('alt') ? $request->variable('alt', array('' => ''), true) : array(); $image_display_on_posting = isset($_POST['display_on_posting']) ? $request->variable('display_on_posting', array('' => 0)) : array(); // Ok, add the relevant bits if we are adding new codes to existing emoticons... if ($request->variable('add_additional_code', false, false, \phpbb\request\request_interface::POST)) { $add_image = $request->variable('add_image', ''); $add_code = $request->variable('add_code', '', true); $add_emotion = $request->variable('add_emotion', '', true); if ($add_image && $add_emotion && $add_code) { $images[] = $add_image; $image_add[$add_image] = true; $image_code[$add_image] = $add_code; $image_emotion[$add_image] = $add_emotion; $image_width[$add_image] = $request->variable('add_width', 0); $image_height[$add_image] = $request->variable('add_height', 0); if ($request->variable('add_display_on_posting', false, false, \phpbb\request\request_interface::POST)) { $image_display_on_posting[$add_image] = 1; } $image_order[$add_image] = $request->variable('add_order', 0); } } if ($mode == 'smilies' && $action == 'create') { $smiley_count = $this->item_count($table); $addable_smileys_count = sizeof($images); foreach ($images as $image) { if (!isset($image_add[$image])) { --$addable_smileys_count; } } if ($smiley_count + $addable_smileys_count > SMILEY_LIMIT) { trigger_error($user->lang('TOO_MANY_SMILIES', SMILEY_LIMIT) . adm_back_link($this->u_action), E_USER_WARNING); } } $icons_updated = 0; $errors = array(); foreach ($images as $image) { if ($mode == 'smilies' && ($image_emotion[$image] == '' || $image_code[$image] == '')) { $errors[$image] = 'SMILIE_NO_' . ($image_emotion[$image] == '' ? 'EMOTION' : 'CODE'); } else { if ($action == 'create' && !isset($image_add[$image])) { // skip images where add wasn't checked } else { if (!file_exists($phpbb_root_path . $img_path . '/' . $image)) { $errors[$image] = 'SMILIE_NO_FILE'; } else { if ($image_width[$image] == 0 || $image_height[$image] == 0) { $img_size = getimagesize($phpbb_root_path . $img_path . '/' . $image); $image_width[$image] = $img_size[0]; $image_height[$image] = $img_size[1]; } // Adjust image width/height for icons if ($mode == 'icons') { if ($image_width[$image] > 127 && $image_width[$image] > $image_height[$image]) { $image_height[$image] = (int) ($image_height[$image] * (127 / $image_width[$image])); $image_width[$image] = 127; } else { if ($image_height[$image] > 127) { $image_width[$image] = (int) ($image_width[$image] * (127 / $image_height[$image])); $image_height[$image] = 127; } } } $img_sql = array($fields . '_url' => $image, $fields . '_width' => $image_width[$image], $fields . '_height' => $image_height[$image], 'display_on_posting' => isset($image_display_on_posting[$image]) ? 1 : 0); if ($mode == 'smilies') { $img_sql = array_merge($img_sql, array('emotion' => $image_emotion[$image], 'code' => $image_code[$image])); } if ($mode == 'icons') { $img_sql = array_merge($img_sql, array('icons_alt' => $image_alt[$image])); } // Image_order holds the 'new' order value if (!empty($image_order[$image])) { $img_sql = array_merge($img_sql, array($fields . '_order' => $image_order[$image])); // Since we always add 'after' an item, we just need to increase all following + the current by one $sql = "UPDATE {$table}\n\t\t\t\t\t\t\t\tSET {$fields}_order = {$fields}_order + 1\n\t\t\t\t\t\t\t\tWHERE {$fields}_order >= {$image_order[$image]}"; $db->sql_query($sql); // If we adjust the order, we need to adjust all other orders too - they became inaccurate... foreach ($image_order as $_image => $_order) { if ($_image == $image) { continue; } if ($_order >= $image_order[$image]) { $image_order[$_image]++; } } } if ($action == 'modify' && !empty($image_id[$image])) { $sql = "UPDATE {$table}\n\t\t\t\t\t\t\t\tSET " . $db->sql_build_array('UPDATE', $img_sql) . "\n\t\t\t\t\t\t\t\tWHERE {$fields}_id = " . $image_id[$image]; $db->sql_query($sql); $icons_updated++; } else { if ($action !== 'modify') { $sql = "INSERT INTO {$table} " . $db->sql_build_array('INSERT', $img_sql); $db->sql_query($sql); $icons_updated++; } } } } } } $cache->destroy('_icons'); $cache->destroy('sql', $table); $phpbb_container->get('text_formatter.cache')->invalidate(); $level = $icons_updated ? E_USER_NOTICE : E_USER_WARNING; $errormsgs = ''; foreach ($errors as $img => $error) { $errormsgs .= '<br />' . sprintf($user->lang[$error], $img); } if ($action == 'modify') { trigger_error($user->lang($lang . '_EDITED', $icons_updated) . $errormsgs . adm_back_link($this->u_action), $level); } else { trigger_error($user->lang($lang . '_ADDED', $icons_updated) . $errormsgs . adm_back_link($this->u_action), $level); } break; case 'import': $pak = $request->variable('pak', ''); $current = $request->variable('current', ''); if ($pak != '') { $order = 0; if (!check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!($pak_ary = @file($phpbb_root_path . $img_path . '/' . $pak))) { trigger_error($user->lang['PAK_FILE_NOT_READABLE'] . adm_back_link($this->u_action), E_USER_WARNING); } // Make sure the pak_ary is valid foreach ($pak_ary as $pak_entry) { if (preg_match_all("#'(.*?)', ?#", $pak_entry, $data)) { if (sizeof($data[1]) != 4 && $mode == 'icons' || (sizeof($data[1]) != 6 || (empty($data[1][4]) || empty($data[1][5]))) && $mode == 'smilies') { trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING); } } else { trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING); } } // The user has already selected a smilies_pak file if ($current == 'delete') { switch ($db->get_sql_layer()) { case 'sqlite3': $db->sql_query('DELETE FROM ' . $table); break; default: $db->sql_query('TRUNCATE TABLE ' . $table); break; } switch ($mode) { case 'smilies': break; case 'icons': // Reset all icon_ids $db->sql_query('UPDATE ' . TOPICS_TABLE . ' SET icon_id = 0'); $db->sql_query('UPDATE ' . POSTS_TABLE . ' SET icon_id = 0'); break; } } else { $cur_img = array(); $field_sql = $mode == 'smilies' ? 'code' : 'icons_url'; $sql = "SELECT {$field_sql}\n\t\t\t\t\t\t\tFROM {$table}"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { ++$order; $cur_img[$row[$field_sql]] = 1; } $db->sql_freeresult($result); } if ($mode == 'smilies') { $smiley_count = $this->item_count($table); if ($smiley_count + sizeof($pak_ary) > SMILEY_LIMIT) { trigger_error($user->lang('TOO_MANY_SMILIES', SMILEY_LIMIT) . adm_back_link($this->u_action), E_USER_WARNING); } } foreach ($pak_ary as $pak_entry) { $data = array(); if (preg_match_all("#'(.*?)', ?#", $pak_entry, $data)) { if (sizeof($data[1]) != 4 && $mode == 'icons' || sizeof($data[1]) != 6 && $mode == 'smilies') { trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING); } // Stripslash here because it got addslashed before... (on export) $img = stripslashes($data[1][0]); $width = stripslashes($data[1][1]); $height = stripslashes($data[1][2]); $display_on_posting = stripslashes($data[1][3]); if (isset($data[1][4]) && isset($data[1][5])) { $emotion = stripslashes($data[1][4]); $code = stripslashes($data[1][5]); } if ($current == 'replace' && ($mode == 'smilies' && !empty($cur_img[$code]) || $mode == 'icons' && !empty($cur_img[$img]))) { $replace_sql = $mode == 'smilies' ? $code : $img; $sql = array($fields . '_url' => $img, $fields . '_height' => (int) $height, $fields . '_width' => (int) $width, 'display_on_posting' => (int) $display_on_posting); if ($mode == 'smilies') { $sql = array_merge($sql, array('emotion' => $emotion)); } $sql = "UPDATE {$table} SET " . $db->sql_build_array('UPDATE', $sql) . "\n\t\t\t\t\t\t\t\t\tWHERE {$field_sql} = '" . $db->sql_escape($replace_sql) . "'"; $db->sql_query($sql); } else { ++$order; $sql = array($fields . '_url' => $img, $fields . '_height' => (int) $height, $fields . '_width' => (int) $width, $fields . '_order' => (int) $order, 'display_on_posting' => (int) $display_on_posting); if ($mode == 'smilies') { $sql = array_merge($sql, array('code' => $code, 'emotion' => $emotion)); } $db->sql_query("INSERT INTO {$table} " . $db->sql_build_array('INSERT', $sql)); } } } $cache->destroy('_icons'); $cache->destroy('sql', $table); $phpbb_container->get('text_formatter.cache')->invalidate(); trigger_error($user->lang[$lang . '_IMPORT_SUCCESS'] . adm_back_link($this->u_action)); } else { $pak_options = ''; foreach ($_paks as $pak) { $pak_options .= '<option value="' . $pak . '">' . htmlspecialchars($pak) . '</option>'; } $template->assign_vars(array('S_CHOOSE_PAK' => true, 'S_PAK_OPTIONS' => $pak_options, 'L_TITLE' => $user->lang['ACP_' . $lang], 'L_EXPLAIN' => $user->lang['ACP_' . $lang . '_EXPLAIN'], 'L_NO_PAK_OPTIONS' => $user->lang['NO_' . $lang . '_PAK'], 'L_CURRENT' => $user->lang['CURRENT_' . $lang], 'L_CURRENT_EXPLAIN' => $user->lang['CURRENT_' . $lang . '_EXPLAIN'], 'L_IMPORT_SUBMIT' => $user->lang['IMPORT_' . $lang], 'U_BACK' => $this->u_action, 'U_ACTION' => $this->u_action . '&action=import')); } break; case 'export': $this->page_title = 'EXPORT_' . $lang; $this->tpl_name = 'message_body'; $template->assign_vars(array('MESSAGE_TITLE' => $user->lang['EXPORT_' . $lang], 'MESSAGE_TEXT' => sprintf($user->lang['EXPORT_' . $lang . '_EXPLAIN'], '<a href="' . $this->u_action . '&action=send&hash=' . generate_link_hash('acp_icons') . '">', '</a>'), 'S_USER_NOTICE' => true)); return; break; case 'send': if (!check_link_hash($request->variable('hash', ''), 'acp_icons')) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $sql = "SELECT *\n\t\t\t\t\tFROM {$table}\n\t\t\t\t\tORDER BY {$fields}_order"; $result = $db->sql_query($sql); $pak = ''; while ($row = $db->sql_fetchrow($result)) { $pak .= "'" . addslashes($row[$fields . '_url']) . "', "; $pak .= "'" . addslashes($row[$fields . '_width']) . "', "; $pak .= "'" . addslashes($row[$fields . '_height']) . "', "; $pak .= "'" . addslashes($row['display_on_posting']) . "', "; if ($mode == 'smilies') { $pak .= "'" . addslashes($row['emotion']) . "', "; $pak .= "'" . addslashes($row['code']) . "', "; } $pak .= "\n"; } $db->sql_freeresult($result); if ($pak != '') { garbage_collection(); header('Cache-Control: public'); // Send out the Headers header('Content-Type: text/x-delimtext; name="' . $mode . '.pak"'); header('Content-Disposition: inline; filename="' . $mode . '.pak"'); echo $pak; flush(); exit; } else { trigger_error($user->lang['NO_' . strtoupper($fields) . '_EXPORT'] . adm_back_link($this->u_action), E_USER_WARNING); } break; case 'delete': if (confirm_box(true)) { $sql = "DELETE FROM {$table}\n\t\t\t\t\t\tWHERE {$fields}_id = {$icon_id}"; $db->sql_query($sql); switch ($mode) { case 'smilies': break; case 'icons': // Reset appropriate icon_ids $db->sql_query('UPDATE ' . TOPICS_TABLE . "\n\t\t\t\t\t\t\t\tSET icon_id = 0\n\t\t\t\t\t\t\t\tWHERE icon_id = {$icon_id}"); $db->sql_query('UPDATE ' . POSTS_TABLE . "\n\t\t\t\t\t\t\t\tSET icon_id = 0\n\t\t\t\t\t\t\t\tWHERE icon_id = {$icon_id}"); break; } $notice = $user->lang[$lang . '_DELETED']; $cache->destroy('_icons'); $cache->destroy('sql', $table); $phpbb_container->get('text_formatter.cache')->invalidate(); if ($request->is_ajax()) { $json_response = new \phpbb\json_response(); $json_response->send(array('MESSAGE_TITLE' => $user->lang['INFORMATION'], 'MESSAGE_TEXT' => $notice, 'REFRESH_DATA' => array('time' => 3))); } } else { confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array('i' => $id, 'mode' => $mode, 'id' => $icon_id, 'action' => 'delete'))); } break; case 'move_up': case 'move_down': if (!check_link_hash($request->variable('hash', ''), 'acp_icons')) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } // Get current order id... $sql = "SELECT {$fields}_order as current_order\n\t\t\t\t\tFROM {$table}\n\t\t\t\t\tWHERE {$fields}_id = {$icon_id}"; $result = $db->sql_query($sql); $current_order = (int) $db->sql_fetchfield('current_order'); $db->sql_freeresult($result); if ($current_order == 0 && $action == 'move_up') { break; } // on move_down, switch position with next order_id... // on move_up, switch position with previous order_id... $switch_order_id = $action == 'move_down' ? $current_order + 1 : $current_order - 1; // $sql = "UPDATE {$table}\n\t\t\t\t\tSET {$fields}_order = {$current_order}\n\t\t\t\t\tWHERE {$fields}_order = {$switch_order_id}\n\t\t\t\t\t\tAND {$fields}_id <> {$icon_id}"; $db->sql_query($sql); $move_executed = (bool) $db->sql_affectedrows(); // Only update the other entry too if the previous entry got updated if ($move_executed) { $sql = "UPDATE {$table}\n\t\t\t\t\t\tSET {$fields}_order = {$switch_order_id}\n\t\t\t\t\t\tWHERE {$fields}_order = {$current_order}\n\t\t\t\t\t\t\tAND {$fields}_id = {$icon_id}"; $db->sql_query($sql); } $cache->destroy('_icons'); $cache->destroy('sql', $table); $phpbb_container->get('text_formatter.cache')->invalidate(); if ($request->is_ajax()) { $json_response = new \phpbb\json_response(); $json_response->send(array('success' => $move_executed)); } break; } // By default, check that image_order is valid and fix it if necessary $sql = "SELECT {$fields}_id AS order_id, {$fields}_order AS fields_order\n\t\t\tFROM {$table}\n\t\t\tORDER BY display_on_posting DESC, {$fields}_order"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $order = 0; do { ++$order; if ($row['fields_order'] != $order) { $db->sql_query("UPDATE {$table}\n\t\t\t\t\t\tSET {$fields}_order = {$order}\n\t\t\t\t\t\tWHERE {$fields}_id = " . $row['order_id']); } } while ($row = $db->sql_fetchrow($result)); } $db->sql_freeresult($result); $template->assign_vars(array('L_TITLE' => $user->lang['ACP_' . $lang], 'L_EXPLAIN' => $user->lang['ACP_' . $lang . '_EXPLAIN'], 'L_IMPORT' => $user->lang['IMPORT_' . $lang], 'L_EXPORT' => $user->lang['EXPORT_' . $lang], 'L_NOT_DISPLAYED' => $user->lang[$lang . '_NOT_DISPLAYED'], 'L_ICON_ADD' => $user->lang['ADD_' . $lang], 'L_ICON_EDIT' => $user->lang['EDIT_' . $lang], 'NOTICE' => $notice, 'COLSPAN' => $mode == 'smilies' ? 5 : 3, 'S_SMILIES' => $mode == 'smilies' ? true : false, 'U_ACTION' => $this->u_action, 'U_IMPORT' => $this->u_action . '&action=import', 'U_EXPORT' => $this->u_action . '&action=export')); /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $pagination_start = $request->variable('start', 0); $spacer = false; $item_count = $this->item_count($table); $sql = "SELECT *\n\t\t\tFROM {$table}\n\t\t\tORDER BY {$fields}_order ASC"; $result = $db->sql_query_limit($sql, $config['smilies_per_page'], $pagination_start); while ($row = $db->sql_fetchrow($result)) { $alt_text = $mode == 'smilies' ? $row['code'] : ($mode == 'icons' && !empty($row['icons_alt']) ? $row['icons_alt'] : $row['icons_url']); $template->assign_block_vars('items', array('S_SPACER' => !$spacer && !$row['display_on_posting'] ? true : false, 'ALT_TEXT' => $alt_text, 'IMG_SRC' => $phpbb_root_path . $img_path . '/' . $row[$fields . '_url'], 'WIDTH' => $row[$fields . '_width'], 'HEIGHT' => $row[$fields . '_height'], 'CODE' => isset($row['code']) ? $row['code'] : '', 'EMOTION' => isset($row['emotion']) ? $row['emotion'] : '', 'U_EDIT' => $this->u_action . '&action=edit&id=' . $row[$fields . '_id'], 'U_DELETE' => $this->u_action . '&action=delete&id=' . $row[$fields . '_id'], 'U_MOVE_UP' => $this->u_action . '&action=move_up&id=' . $row[$fields . '_id'] . '&start=' . $pagination_start . '&hash=' . generate_link_hash('acp_icons'), 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&id=' . $row[$fields . '_id'] . '&start=' . $pagination_start . '&hash=' . generate_link_hash('acp_icons'))); if (!$spacer && !$row['display_on_posting']) { $spacer = true; } } $db->sql_freeresult($result); $pagination->generate_template_pagination($this->u_action, 'pagination', 'start', $item_count, $config['smilies_per_page'], $pagination_start); }
} // General Viewtopic URL for return links $viewtopic_url = append_sid("{$phpbb_root_path}viewtopic.{$phpEx}", "f={$forum_id}&t={$topic_id}&start={$start}" . (strlen($u_sort_param) ? "&{$u_sort_param}" : '') . ($highlight_match ? "&hilit={$highlight}" : '')); // Are we watching this topic? $s_watching_topic = array('link' => '', 'title' => '', 'is_watching' => false); if (($config['email_enable'] || $config['jab_enable']) && $config['allow_topic_notify'] && $user->data['is_registered']) { watch_topic_forum('topic', $s_watching_topic, $user->data['user_id'], $forum_id, $topic_id, $topic_data['notify_status'], $start); // Reset forum notification if forum notify is set if ($config['allow_forum_notify'] && $auth->acl_get('f_subscribe', $forum_id)) { $s_watching_forum = $s_watching_topic; watch_topic_forum('forum', $s_watching_forum, $user->data['user_id'], $forum_id, 0); } } // Bookmarks if ($config['allow_bookmarks'] && $user->data['is_registered'] && request_var('bookmark', 0)) { if (check_link_hash(request_var('hash', ''), "topic_{$topic_id}")) { if (!$topic_data['bookmarked']) { $sql = 'INSERT INTO ' . BOOKMARKS_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => $user->data['user_id'], 'topic_id' => $topic_id)); $db->sql_query($sql); } else { $sql = 'DELETE FROM ' . BOOKMARKS_TABLE . "\n\t\t\t\tWHERE user_id = {$user->data['user_id']}\n\t\t\t\t\tAND topic_id = {$topic_id}"; $db->sql_query($sql); } $message = ($topic_data['bookmarked'] ? $user->lang['BOOKMARK_REMOVED'] : $user->lang['BOOKMARK_ADDED']) . '<br /><br />' . sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $viewtopic_url . '">', '</a>'); } else { $message = $user->lang['BOOKMARK_ERR'] . '<br /><br />' . sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $viewtopic_url . '">', '</a>'); } meta_refresh(3, $viewtopic_url); trigger_error($message); } // Grab ranks
} if (!($post_data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time'])) { trigger_error('CANNOT_EDIT_TIME'); } if ($post_data['post_edit_locked']) { trigger_error('CANNOT_EDIT_POST_LOCKED'); } } // Handle delete mode... if ($mode == 'delete') { handle_post_delete($forum_id, $topic_id, $post_id, $post_data); return; } // Handle bump mode... if ($mode == 'bump') { if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id']) && check_link_hash(request_var('hash', ''), "topic_{$post_data['topic_id']}")) { $meta_url = phpbb_bump_topic($forum_id, $topic_id, $post_data, $current_time); meta_refresh(3, $meta_url); $message = $user->lang['TOPIC_BUMPED'] . '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $meta_url . '">', '</a>'); $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $forum_id) . '">', '</a>'); trigger_error($message); } trigger_error('BUMP_ERROR'); } // Subject length limiting to 60 characters if first post... if ($mode == 'post' || $mode == 'edit' && $post_data['topic_first_post_id'] == $post_data['post_id']) { $template->assign_var('S_NEW_MESSAGE', true); } // Determine some vars if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS) { $post_data['quote_username'] = !empty($post_data['post_username']) ? $post_data['post_username'] : $user->lang['GUEST'];
$post->submit(); $queue->submit(); $queue->topic_reply('QUEUE_REPLY_ALLOW_REPACK'); $queue->submit(); redirect(titania_url::append_url($base_url, array('q' => $queue->queue_id))); } $message_object->display(); // Common stuff phpbb::$template->assign_vars(array('S_POST_ACTION' => titania_url::$current_page_url, 'L_POST_A' => phpbb::$user->lang['DISCUSSION_REPLY_MESSAGE'])); titania::page_header('DISCUSSION_REPLY_MESSAGE'); titania::page_footer(true, 'manage/queue_post.html'); break; case 'move': $queue = queue_overlord::get_queue_object($queue_id, true); $tags = titania::$cache->get_tags(TITANIA_QUEUE); if (check_link_hash(request_var('hash', ''), 'quick_actions') || titania::confirm_box(true)) { $new_tag = request_var('id', 0); if (!isset($tags[$new_tag])) { trigger_error('NO_TAG'); } $queue->move($new_tag); } else { // Generate the list of tags we can move it to $extra = '<select name="id">'; foreach ($tags as $tag_id => $row) { $extra .= '<option value="' . $tag_id . '">' . (isset(phpbb::$user->lang[$row['tag_field_name']]) ? phpbb::$user->lang[$row['tag_field_name']] : $row['tag_field_name']) . '</option>'; } $extra .= '</select>'; phpbb::$template->assign_var('CONFIRM_EXTRA', $extra); titania::confirm_box(false, 'MOVE_QUEUE'); }
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"), $forum_id); $template->assign_vars(array('U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.{$phpEx}", "f={$forum_id}" . ($start == 0 ? '' : "&start={$start}")))); // Not postable forum or showing active topics? if (!($forum_data['forum_type'] == FORUM_POST || $forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS && $forum_data['forum_type'] == FORUM_CAT)) { page_footer(); } // Ok, if someone has only list-access, we only display the forum list. // We also make this circumstance available to the template in case we want to display a notice. ;) if (!$auth->acl_get('f_read', $forum_id)) { $template->assign_vars(array('S_NO_READ_ACCESS' => true)); page_footer(); } // Handle marking posts if ($mark_read == 'topics') { $token = $request->variable('hash', ''); if (check_link_hash($token, 'global')) { markread('topics', array($forum_id), false, $request->variable('mark_time', 0)); } $redirect_url = append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'f=' . $forum_id); meta_refresh(3, $redirect_url); if ($request->is_ajax()) { // Tell the ajax script what language vars and URL need to be replaced $data = array('NO_UNREAD_POSTS' => $user->lang['NO_UNREAD_POSTS'], 'UNREAD_POSTS' => $user->lang['UNREAD_POSTS'], 'U_MARK_TOPICS' => $user->data['is_registered'] || $config['load_anon_lastread'] ? append_sid("{$phpbb_root_path}viewforum.{$phpEx}", 'hash=' . generate_link_hash('global') . "&f={$forum_id}&mark=topics&mark_time=" . time()) : '', 'MESSAGE_TITLE' => $user->lang['INFORMATION'], 'MESSAGE_TEXT' => $user->lang['TOPICS_MARKED']); $json_response = new \phpbb\json_response(); $json_response->send($data); } trigger_error($user->lang['TOPICS_MARKED'] . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>')); } // Is a forum specific topic count required? if ($forum_data['forum_topics_per_page']) { $config['topics_per_page'] = $forum_data['forum_topics_per_page'];
/** * Move a rule up/down * * @param int $rule_id The rule identifier to move * @param string $direction The direction (up|down) * @param int $amount The number of places to move the rule * @return null * @access public */ public function move_rule($rule_id, $direction, $amount = 1) { // If the link hash is invalid, stop and show an error message to the user if (!check_link_hash($this->request->variable('hash', ''), $direction . $rule_id)) { trigger_error($this->user->lang('FORM_INVALID') . adm_back_link($this->u_action), E_USER_WARNING); } // Move the rule $this->rule_operator->move($rule_id, $direction, $amount); // Send a JSON response if an AJAX request was used if ($this->request->is_ajax()) { $json_response = new \phpbb\json_response(); $json_response->send(array('success' => true)); } // Initiate and load the rule entity for no AJAX request /* @var $entity \phpbb\boardrules\entity\rule */ $entity = $this->container->get('phpbb.boardrules.entity')->load($rule_id); // Use a redirect to reload the current page redirect("{$this->u_action}&language={$entity->get_language()}&parent_id={$entity->get_parent_id()}"); }
/** * Handle demo management. * * @param string $contrib_type Contrib type URL identifier. * @param string $contrib Contrib name clean. * @param string $action * @return \phpbb\titania\controller\Response|JsonResponse|RedirectResponse */ public function manage_demo($contrib_type, $contrib, $action) { $hash = $this->request->variable('hash', ''); if (!check_link_hash($hash, 'manage_demo')) { throw new http_exception(403, 'PAGE_REQUEST_INVALID'); } $this->setup($contrib_type, $contrib); if (!$this->is_moderator || $this->contrib->contrib_status != TITANIA_CONTRIB_APPROVED) { return $this->helper->needs_auth(); } $branch = $this->request->variable('branch', 0); $data = array(); if ($action == 'install') { $data = $this->install_demo($branch); } if ($this->request->is_ajax()) { return new JsonResponse($data); } return new RedirectResponse($this->contrib->get_url('manage')); }
function main($id, $mode) { global $db, $user, $template, $phpbb_container; global $phpbb_root_path, $phpEx; global $request, $phpbb_log; if (!function_exists('user_get_id_name')) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; } if (!class_exists('auth_admin')) { include $phpbb_root_path . 'includes/acp/auth.' . $phpEx; } $this->auth_admin = new auth_admin(); $user->add_lang('acp/permissions'); add_permission_language(); $this->tpl_name = 'acp_permission_roles'; $submit = isset($_POST['submit']) ? true : false; $role_id = $request->variable('role_id', 0); $action = $request->variable('action', ''); $action = isset($_POST['add']) ? 'add' : $action; $form_name = 'acp_permissions'; add_form_key($form_name); if (!$role_id && in_array($action, array('remove', 'edit', 'move_up', 'move_down'))) { trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING); } switch ($mode) { case 'admin_roles': $permission_type = 'a_'; $this->page_title = 'ACP_ADMIN_ROLES'; break; case 'user_roles': $permission_type = 'u_'; $this->page_title = 'ACP_USER_ROLES'; break; case 'mod_roles': $permission_type = 'm_'; $this->page_title = 'ACP_MOD_ROLES'; break; case 'forum_roles': $permission_type = 'f_'; $this->page_title = 'ACP_FORUM_ROLES'; break; default: trigger_error('NO_MODE', E_USER_ERROR); break; } $template->assign_vars(array('L_TITLE' => $user->lang[$this->page_title], 'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN'])); // Take action... admin submitted something if ($submit || $action == 'remove') { switch ($action) { case 'remove': $sql = 'SELECT * FROM ' . ACL_ROLES_TABLE . ' WHERE role_id = ' . $role_id; $result = $db->sql_query($sql); $role_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$role_row) { trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING); } if (confirm_box(true)) { $this->remove_role($role_id, $permission_type); $role_name = !empty($user->lang[$role_row['role_name']]) ? $user->lang[$role_row['role_name']] : $role_row['role_name']; $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_' . strtoupper($permission_type) . 'ROLE_REMOVED', false, array($role_name)); trigger_error($user->lang['ROLE_DELETED'] . adm_back_link($this->u_action)); } else { confirm_box(false, 'DELETE_ROLE', build_hidden_fields(array('i' => $id, 'mode' => $mode, 'role_id' => $role_id, 'action' => $action))); } break; case 'edit': // Get role we edit $sql = 'SELECT * FROM ' . ACL_ROLES_TABLE . ' WHERE role_id = ' . $role_id; $result = $db->sql_query($sql); $role_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$role_row) { trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING); } // no break; // no break; case 'add': if (!check_form_key($form_name)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $role_name = $request->variable('role_name', '', true); $role_description = $request->variable('role_description', '', true); $auth_settings = $request->variable('setting', array('' => 0)); if (!$role_name) { trigger_error($user->lang['NO_ROLE_NAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING); } if (utf8_strlen($role_description) > 4000) { trigger_error($user->lang['ROLE_DESCRIPTION_LONG'] . adm_back_link($this->u_action), E_USER_WARNING); } // if we add/edit a role we check the name to be unique among the settings... $sql = 'SELECT role_id FROM ' . ACL_ROLES_TABLE . "\n\t\t\t\t\t\tWHERE role_type = '" . $db->sql_escape($permission_type) . "'\n\t\t\t\t\t\t\tAND role_name = '" . $db->sql_escape($role_name) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); // Make sure we only print out the error if we add the role or change it's name if ($row && ($mode == 'add' || $mode == 'edit' && $role_row['role_name'] != $role_name)) { trigger_error(sprintf($user->lang['ROLE_NAME_ALREADY_EXIST'], $role_name) . adm_back_link($this->u_action), E_USER_WARNING); } $sql_ary = array('role_name' => (string) $role_name, 'role_description' => (string) $role_description, 'role_type' => (string) $permission_type); if ($action == 'edit') { $sql = 'UPDATE ' . ACL_ROLES_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE role_id = ' . $role_id; $db->sql_query($sql); } else { // Get maximum role order for inserting a new role... $sql = 'SELECT MAX(role_order) as max_order FROM ' . ACL_ROLES_TABLE . "\n\t\t\t\t\t\t\tWHERE role_type = '" . $db->sql_escape($permission_type) . "'"; $result = $db->sql_query($sql); $max_order = (int) $db->sql_fetchfield('max_order'); $db->sql_freeresult($result); $sql_ary['role_order'] = $max_order + 1; $sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); $role_id = $db->sql_nextid(); } // Now add the auth settings $this->auth_admin->acl_set_role($role_id, $auth_settings); $role_name = !empty($user->lang[$role_name]) ? $user->lang[$role_name] : $role_name; $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_' . strtoupper($permission_type) . 'ROLE_' . strtoupper($action), false, array($role_name)); trigger_error($user->lang['ROLE_' . strtoupper($action) . '_SUCCESS'] . adm_back_link($this->u_action)); break; } } // Display screens switch ($action) { case 'add': $options_from = $request->variable('options_from', 0); $role_row = array('role_name' => $request->variable('role_name', '', true), 'role_description' => $request->variable('role_description', '', true), 'role_type' => $permission_type); if ($options_from) { $sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o WHERE o.auth_option_id = p.auth_option_id AND p.role_id = ' . $options_from . ' ORDER BY p.auth_option_id'; $result = $db->sql_query($sql); $auth_options = array(); while ($row = $db->sql_fetchrow($result)) { $auth_options[$row['auth_option']] = $row['auth_setting']; } $db->sql_freeresult($result); } else { $sql = 'SELECT auth_option_id, auth_option FROM ' . ACL_OPTIONS_TABLE . "\n\t\t\t\t\t\tWHERE auth_option " . $db->sql_like_expression($permission_type . $db->get_any_char()) . "\n\t\t\t\t\t\t\tAND auth_option <> '{$permission_type}'\n\t\t\t\t\t\tORDER BY auth_option_id"; $result = $db->sql_query($sql); $auth_options = array(); while ($row = $db->sql_fetchrow($result)) { $auth_options[$row['auth_option']] = ACL_NO; } $db->sql_freeresult($result); } // no break; // no break; case 'edit': if ($action == 'edit') { $sql = 'SELECT * FROM ' . ACL_ROLES_TABLE . ' WHERE role_id = ' . $role_id; $result = $db->sql_query($sql); $role_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o WHERE o.auth_option_id = p.auth_option_id AND p.role_id = ' . $role_id . ' ORDER BY p.auth_option_id'; $result = $db->sql_query($sql); $auth_options = array(); while ($row = $db->sql_fetchrow($result)) { $auth_options[$row['auth_option']] = $row['auth_setting']; } $db->sql_freeresult($result); } if (!$role_row) { trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING); } /* @var $phpbb_permissions \phpbb\permissions */ $phpbb_permissions = $phpbb_container->get('acl.permissions'); $template->assign_vars(array('S_EDIT' => true, 'U_ACTION' => $this->u_action . "&action={$action}&role_id={$role_id}", 'U_BACK' => $this->u_action, 'ROLE_NAME' => $role_row['role_name'], 'ROLE_DESCRIPTION' => $role_row['role_description'], 'L_ACL_TYPE' => $phpbb_permissions->get_type_lang($permission_type))); // We need to fill the auth options array with ACL_NO options ;) $sql = 'SELECT auth_option_id, auth_option FROM ' . ACL_OPTIONS_TABLE . "\n\t\t\t\t\tWHERE auth_option " . $db->sql_like_expression($permission_type . $db->get_any_char()) . "\n\t\t\t\t\t\tAND auth_option <> '{$permission_type}'\n\t\t\t\t\tORDER BY auth_option_id"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (!isset($auth_options[$row['auth_option']])) { $auth_options[$row['auth_option']] = ACL_NO; } } $db->sql_freeresult($result); // Unset global permission option unset($auth_options[$permission_type]); // Display auth options $this->display_auth_options($auth_options); // Get users/groups/forums using this preset... if ($action == 'edit') { $hold_ary = $this->auth_admin->get_role_mask($role_id); if (sizeof($hold_ary)) { $role_name = !empty($user->lang[$role_row['role_name']]) ? $user->lang[$role_row['role_name']] : $role_row['role_name']; $template->assign_vars(array('S_DISPLAY_ROLE_MASK' => true, 'L_ROLE_ASSIGNED_TO' => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name))); $this->auth_admin->display_role_mask($hold_ary); } } return; break; case 'move_up': case 'move_down': if (!check_link_hash($request->variable('hash', ''), 'acp_permission_roles')) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $sql = 'SELECT role_order FROM ' . ACL_ROLES_TABLE . "\n\t\t\t\t\tWHERE role_id = {$role_id}"; $result = $db->sql_query($sql); $order = $db->sql_fetchfield('role_order'); $db->sql_freeresult($result); if ($order === false || $order == 0 && $action == 'move_up') { break; } $order = (int) $order; $order_total = $order * 2 + ($action == 'move_up' ? -1 : 1); $sql = 'UPDATE ' . ACL_ROLES_TABLE . ' SET role_order = ' . $order_total . " - role_order\n\t\t\t\t\tWHERE role_type = '" . $db->sql_escape($permission_type) . "'\n\t\t\t\t\t\tAND role_order IN ({$order}, " . ($action == 'move_up' ? $order - 1 : $order + 1) . ')'; $db->sql_query($sql); if ($request->is_ajax()) { $json_response = new \phpbb\json_response(); $json_response->send(array('success' => (bool) $db->sql_affectedrows())); } break; } // By default, check that role_order is valid and fix it if necessary $sql = 'SELECT role_id, role_order FROM ' . ACL_ROLES_TABLE . "\n\t\t\tWHERE role_type = '" . $db->sql_escape($permission_type) . "'\n\t\t\tORDER BY role_order ASC"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $order = 0; do { $order++; if ($row['role_order'] != $order) { $db->sql_query('UPDATE ' . ACL_ROLES_TABLE . " SET role_order = {$order} WHERE role_id = {$row['role_id']}"); } } while ($row = $db->sql_fetchrow($result)); } $db->sql_freeresult($result); // Display assigned items? $display_item = $request->variable('display_item', 0); // Select existing roles $sql = 'SELECT * FROM ' . ACL_ROLES_TABLE . "\n\t\t\tWHERE role_type = '" . $db->sql_escape($permission_type) . "'\n\t\t\tORDER BY role_order ASC"; $result = $db->sql_query($sql); $s_role_options = ''; while ($row = $db->sql_fetchrow($result)) { $role_name = !empty($user->lang[$row['role_name']]) ? $user->lang[$row['role_name']] : $row['role_name']; $template->assign_block_vars('roles', array('ROLE_NAME' => $role_name, 'ROLE_DESCRIPTION' => !empty($user->lang[$row['role_description']]) ? $user->lang[$row['role_description']] : nl2br($row['role_description']), 'U_EDIT' => $this->u_action . '&action=edit&role_id=' . $row['role_id'], 'U_REMOVE' => $this->u_action . '&action=remove&role_id=' . $row['role_id'], 'U_MOVE_UP' => $this->u_action . '&action=move_up&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'), 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'), 'U_DISPLAY_ITEMS' => $row['role_id'] == $display_item ? '' : $this->u_action . '&display_item=' . $row['role_id'] . '#assigned_to')); $s_role_options .= '<option value="' . $row['role_id'] . '">' . $role_name . '</option>'; if ($display_item == $row['role_id']) { $template->assign_vars(array('L_ROLE_ASSIGNED_TO' => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name))); } } $db->sql_freeresult($result); $template->assign_vars(array('S_ROLE_OPTIONS' => $s_role_options)); if ($display_item) { $template->assign_vars(array('S_DISPLAY_ROLE_MASK' => true)); $hold_ary = $this->auth_admin->get_role_mask($display_item); $this->auth_admin->display_role_mask($hold_ary); } }
/** * Move action. * * @return null */ protected function move() { $tags = $this->cache->get_tags(TITANIA_QUEUE); if (check_link_hash($this->request->variable('hash', ''), 'quick_actions') || confirm_box(true)) { $new_tag = $this->request->variable('id', 0); if (!isset($tags[$new_tag])) { return $this->helper->error('NO_TAG'); } $this->queue->move($new_tag, $this->tags); } else { // Generate the list of tags we can move it to $extra = '<select name="id">'; foreach ($tags as $tag_id => $row) { $extra .= '<option value="' . $tag_id . '">' . $this->user->lang($row['tag_field_name']) . '</option>'; } $extra .= '</select>'; $this->template->assign_var('CONFIRM_EXTRA', $extra); confirm_box(false, 'MOVE_QUEUE'); } }
trigger_error('CANNOT_EDIT_POST_LOCKED'); } } // Handle delete mode... if ($mode == 'delete') { handle_post_delete($forum_id, $topic_id, $post_id, $post_data); return; } // Handle bump mode... if ($mode == 'bump') { if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id']) && check_link_hash(request_var('hash', ''), "topic_{$post_data['topic_id']}")) { $meta_url = phpbb_bump_topic($forum_id, $topic_id, $post_data, $current_time); meta_refresh(3, $meta_url); $message = $user->lang['TOPIC_BUMPED'] . '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $meta_url . '">', '</a>'); $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>'); trigger_error($message); } trigger_error('BUMP_ERROR'); } // Subject length limiting to 60 characters if first post... if ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_data['post_id']))
function main($id, $mode) { global $user, $template, $phpbb_root_path, $auth, $phpEx, $db, $config, $request; if (!$user->data['is_registered']) { trigger_error('NO_MESSAGE'); } // Is PM disabled? if (!$config['allow_privmsg']) { trigger_error('PM_DISABLED'); } $user->add_lang('posting'); $template->assign_var('S_PRIVMSGS', true); // Folder directly specified? $folder_specified = $request->variable('folder', ''); if (!in_array($folder_specified, array('inbox', 'outbox', 'sentbox'))) { $folder_specified = (int) $folder_specified; } else { $folder_specified = $folder_specified == 'inbox' ? PRIVMSGS_INBOX : ($folder_specified == 'outbox' ? PRIVMSGS_OUTBOX : PRIVMSGS_SENTBOX); } if (!$folder_specified) { $mode = !$mode ? $request->variable('mode', 'view') : $mode; } else { $mode = 'view'; } include $phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx; switch ($mode) { // Compose message case 'compose': $action = $request->variable('action', 'post'); $user_folders = get_folder($user->data['user_id']); if ($action != 'delete' && !$auth->acl_get('u_sendpm')) { // trigger_error('NO_AUTH_SEND_MESSAGE'); $template->assign_vars(array('S_NO_AUTH_SEND_MESSAGE' => true, 'S_COMPOSE_PM_VIEW' => true)); $tpl_file = 'ucp_pm_viewfolder'; break; } include $phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx; compose_pm($id, $mode, $action, $user_folders); $tpl_file = 'posting_body'; break; case 'options': set_user_message_limit(); get_folder($user->data['user_id']); include $phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx; message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions); $tpl_file = 'ucp_pm_options'; break; case 'drafts': get_folder($user->data['user_id']); $this->p_name = 'pm'; // Call another module... please do not try this at home... Hoochie Coochie Man include $phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx; $module = new ucp_main($this); $module->u_action = $this->u_action; $module->main($id, $mode); $this->tpl_name = $module->tpl_name; $this->page_title = 'UCP_PM_DRAFTS'; unset($module); return; break; case 'view': set_user_message_limit(); if ($folder_specified) { $folder_id = $folder_specified; $action = 'view_folder'; } else { $folder_id = $request->variable('f', PRIVMSGS_NO_BOX); $action = $request->variable('action', 'view_folder'); } $msg_id = $request->variable('p', 0); $view = $request->variable('view', ''); // View message if specified if ($msg_id) { $action = 'view_message'; } if (!$auth->acl_get('u_readpm')) { trigger_error('NO_AUTH_READ_MESSAGE'); } // Do not allow hold messages to be seen if ($folder_id == PRIVMSGS_HOLD_BOX) { trigger_error('NO_AUTH_READ_HOLD_MESSAGE'); } // First Handle Mark actions and moving messages $submit_mark = isset($_POST['submit_mark']) ? true : false; $move_pm = isset($_POST['move_pm']) ? true : false; $mark_option = $request->variable('mark_option', ''); $dest_folder = $request->variable('dest_folder', PRIVMSGS_NO_BOX); // Is moving PM triggered through mark options? if (!in_array($mark_option, array('mark_important', 'delete_marked')) && $submit_mark) { $move_pm = true; $dest_folder = (int) $mark_option; $submit_mark = false; } // Move PM if ($move_pm) { $move_msg_ids = isset($_POST['marked_msg_id']) ? $request->variable('marked_msg_id', array(0)) : array(); $cur_folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX); if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id)) { // Return to folder view if single message moved if ($action == 'view_message') { $msg_id = 0; $folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX); $action = 'view_folder'; } } } // Message Mark Options if ($submit_mark) { handle_mark_actions($user->data['user_id'], $mark_option); } // If new messages arrived, place them into the appropriate folder $num_not_moved = $num_removed = 0; $release = $request->variable('release', 0); if ($user->data['user_new_privmsg'] && ($action == 'view_folder' || $action == 'view_message')) { $return = place_pm_into_folder($global_privmsgs_rules, $release); $num_not_moved = $return['not_moved']; $num_removed = $return['removed']; } if (!$msg_id && $folder_id == PRIVMSGS_NO_BOX) { $folder_id = PRIVMSGS_INBOX; } else { if ($msg_id && $folder_id == PRIVMSGS_NO_BOX) { $sql = 'SELECT folder_id FROM ' . PRIVMSGS_TO_TABLE . "\n\t\t\t\t\t\tWHERE msg_id = {$msg_id}\n\t\t\t\t\t\t\tAND folder_id <> " . PRIVMSGS_NO_BOX . ' AND user_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { trigger_error('NO_MESSAGE'); } $folder_id = (int) $row['folder_id']; } } if ($request->variable('mark', '') == 'all' && check_link_hash($request->variable('token', ''), 'mark_all_pms_read')) { mark_folder_read($user->data['user_id'], $folder_id); meta_refresh(3, $this->u_action); $message = $user->lang['PM_MARK_ALL_READ_SUCCESS']; if ($request->is_ajax()) { $json_response = new \phpbb\json_response(); $json_response->send(array('MESSAGE_TITLE' => $user->lang['INFORMATION'], 'MESSAGE_TEXT' => $message, 'success' => true)); } $message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } $message_row = array(); if ($action == 'view_message' && $msg_id) { // Get Message user want to see if ($view == 'next' || $view == 'previous') { $sql_condition = $view == 'next' ? '>' : '<'; $sql_ordering = $view == 'next' ? 'ASC' : 'DESC'; $sql = 'SELECT t.msg_id FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . PRIVMSGS_TABLE . " p2\n\t\t\t\t\t\t\tWHERE p2.msg_id = {$msg_id}\n\t\t\t\t\t\t\t\tAND t.folder_id = {$folder_id}\n\t\t\t\t\t\t\t\tAND t.user_id = " . $user->data['user_id'] . "\n\t\t\t\t\t\t\t\tAND t.msg_id = p.msg_id\n\t\t\t\t\t\t\t\tAND p.message_time {$sql_condition} p2.message_time\n\t\t\t\t\t\t\tORDER BY p.message_time {$sql_ordering}"; $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { $message = $view == 'next' ? 'NO_NEWER_PM' : 'NO_OLDER_PM'; trigger_error($message); } else { $msg_id = $row['msg_id']; } } $sql = 'SELECT t.*, p.*, u.* FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . ' u WHERE t.user_id = ' . $user->data['user_id'] . "\n\t\t\t\t\t\t\tAND p.author_id = u.user_id\n\t\t\t\t\t\t\tAND t.folder_id = {$folder_id}\n\t\t\t\t\t\t\tAND t.msg_id = p.msg_id\n\t\t\t\t\t\t\tAND p.msg_id = {$msg_id}"; $result = $db->sql_query($sql); $message_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$message_row) { trigger_error('NO_MESSAGE'); } // Update unread status update_unread_status($message_row['pm_unread'], $message_row['msg_id'], $user->data['user_id'], $folder_id); } $folder = get_folder($user->data['user_id'], $folder_id); $s_folder_options = $s_to_folder_options = ''; foreach ($folder as $f_id => $folder_ary) { $option = '<option' . (!in_array($f_id, array(PRIVMSGS_INBOX, PRIVMSGS_OUTBOX, PRIVMSGS_SENTBOX)) ? ' class="sep"' : '') . ' value="' . $f_id . '"' . ($f_id == $folder_id ? ' selected="selected"' : '') . '>' . $folder_ary['folder_name'] . ($folder_ary['unread_messages'] ? ' [' . $folder_ary['unread_messages'] . '] ' : '') . '</option>'; $s_to_folder_options .= $f_id != PRIVMSGS_OUTBOX && $f_id != PRIVMSGS_SENTBOX ? $option : ''; $s_folder_options .= $option; } clean_sentbox($folder[PRIVMSGS_SENTBOX]['num_messages']); // Header for message view - folder and so on $folder_status = get_folder_status($folder_id, $folder); $template->assign_vars(array('CUR_FOLDER_ID' => $folder_id, 'CUR_FOLDER_NAME' => $folder_status['folder_name'], 'NUM_NOT_MOVED' => $num_not_moved, 'NUM_REMOVED' => $num_removed, 'RELEASE_MESSAGE_INFO' => sprintf($user->lang['RELEASE_MESSAGES'], '<a href="' . $this->u_action . '&folder=' . $folder_id . '&release=1">', '</a>'), 'NOT_MOVED_MESSAGES' => $user->lang('NOT_MOVED_MESSAGES', (int) $num_not_moved), 'RULE_REMOVED_MESSAGES' => $user->lang('RULE_REMOVED_MESSAGES', (int) $num_removed), 'S_FOLDER_OPTIONS' => $s_folder_options, 'S_TO_FOLDER_OPTIONS' => $s_to_folder_options, 'S_FOLDER_ACTION' => $this->u_action . '&action=view_folder', 'S_PM_ACTION' => $this->u_action . '&action=' . $action, 'U_INBOX' => $this->u_action . '&folder=inbox', 'U_OUTBOX' => $this->u_action . '&folder=outbox', 'U_SENTBOX' => $this->u_action . '&folder=sentbox', 'U_CREATE_FOLDER' => $this->u_action . '&mode=options', 'U_CURRENT_FOLDER' => $this->u_action . '&folder=' . $folder_id, 'U_MARK_ALL' => $this->u_action . '&folder=' . $folder_id . '&mark=all&token=' . generate_link_hash('mark_all_pms_read'), 'S_IN_INBOX' => $folder_id == PRIVMSGS_INBOX ? true : false, 'S_IN_OUTBOX' => $folder_id == PRIVMSGS_OUTBOX ? true : false, 'S_IN_SENTBOX' => $folder_id == PRIVMSGS_SENTBOX ? true : false, 'FOLDER_STATUS' => $folder_status['message'], 'FOLDER_MAX_MESSAGES' => $folder_status['max'], 'FOLDER_CUR_MESSAGES' => $folder_status['cur'], 'FOLDER_REMAINING_MESSAGES' => $folder_status['remaining'], 'FOLDER_PERCENT' => $folder_status['percent'])); if ($action == 'view_folder') { include $phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx; view_folder($id, $mode, $folder_id, $folder); $tpl_file = 'ucp_pm_viewfolder'; } else { if ($action == 'view_message') { $template->assign_vars(array('S_VIEW_MESSAGE' => true, 'L_RETURN_TO_FOLDER' => $user->lang('RETURN_TO', $folder_status['folder_name']), 'MSG_ID' => $msg_id)); if (!$msg_id) { trigger_error('NO_MESSAGE'); } include $phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx; view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row); $tpl_file = $view == 'print' ? 'ucp_pm_viewmessage_print' : 'ucp_pm_viewmessage'; } } break; default: trigger_error('NO_ACTION_MODE', E_USER_ERROR); break; } $template->assign_vars(array('L_TITLE' => $user->lang['UCP_PM_' . strtoupper($mode)], 'S_UCP_ACTION' => $this->u_action . (isset($action) ? "&action={$action}" : ''))); // Set desired template $this->tpl_name = $tpl_file; $this->page_title = 'UCP_PM_' . strtoupper($mode); }
$message = $user->lang['COOKIES_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>'); trigger_error($message); } else { confirm_box(false, 'DELETE_COOKIES', ''); } redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); break; case 'switch_perm': $user_id = request_var('u', 0); $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $user_id; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'] || !check_link_hash(request_var('hash', ''), 'switchperm')) { redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); } include $phpbb_root_path . 'includes/acp/auth.' . $phpEx; $auth_admin = new auth_admin(); if (!$auth_admin->ghost_permissions($user_id, $user->data['user_id'])) { redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); } add_log('admin', 'LOG_ACL_TRANSFER_PERMISSIONS', $user_row['username']); $message = sprintf($user->lang['PERMISSIONS_TRANSFERRED'], $user_row['username']) . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>'); trigger_error($message); break; case 'restore_perm': if (!$user->data['user_perm_from'] || !$auth->acl_get('a_switchperm')) { redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); }
/** * Display albums * * borrowed from phpBB3 * @author: phpBB Group * @function: display_forums */ public static function display_albums($root_data = '', $display_moderators = true, $return_moderators = false) { global $auth, $db, $template, $user; $album_rows = $subalbums = $album_ids = $album_ids_moderator = $album_moderators = $active_album_ary = array(); $parent_id = $visible_albums = 0; $sql_from = ''; $mode = request_var('mode', ''); // Mark albums read? $mark_read = request_var('mark', ''); if ($mark_read == 'all') { $mark_read = ''; } if (!$root_data) { if ($mark_read == 'albums') { $mark_read = 'all'; } $root_data = array('album_id' => self::PUBLIC_ALBUM); $sql_where = 'a.album_user_id = ' . self::PUBLIC_ALBUM; } else { if ($root_data == 'personal') { if ($mark_read == 'albums') { $mark_read = 'all'; } $root_data = array('album_id' => 0); //@todo: I think this is incorrect!? $sql_where = 'a.album_user_id > ' . self::PUBLIC_ALBUM; $num_pegas = phpbb_gallery_config::get('num_pegas'); $first_char = request_var('first_char', ''); if ($first_char == 'other') { // Loop the ASCII: a-z for ($i = 97; $i < 123; $i++) { $sql_where .= ' AND u.username_clean NOT ' . $db->sql_like_expression(chr($i) . $db->any_char); } } else { if ($first_char) { $sql_where .= ' AND u.username_clean ' . $db->sql_like_expression(substr($first_char, 0, 1) . $db->any_char); } } if ($first_char) { // We do not view all personal albums, so we need to recount, for the pagination. $sql_array = array('SELECT' => 'count(a.album_id) as pgalleries', 'FROM' => array(GALLERY_ALBUMS_TABLE => 'a'), 'LEFT_JOIN' => array(array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'u.user_id = a.album_user_id')), 'WHERE' => 'a.parent_id = 0 AND ' . $sql_where); $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); $num_pegas = $db->sql_fetchfield('pgalleries'); $db->sql_freeresult($result); } $mode_personal = true; $start = request_var('start', 0); $limit = phpbb_gallery_config::get('pegas_per_page'); $template->assign_vars(array('PAGINATION' => generate_pagination(phpbb_gallery_url::append_sid('index', 'mode=' . $mode . ($first_char ? '&first_char=' . $first_char : '')), $num_pegas, $limit, $start), 'TOTAL_PGALLERIES_SHORT' => sprintf($user->lang['TOTAL_PGALLERIES_SHORT'], $num_pegas), 'PAGE_NUMBER' => on_page($num_pegas, $limit, $start))); } else { $sql_where = 'a.left_id > ' . $root_data['left_id'] . ' AND a.left_id < ' . $root_data['right_id'] . ' AND a.album_user_id = ' . $root_data['album_user_id']; } } $sql_array = array('SELECT' => 'a.*, at.mark_time', 'FROM' => array(GALLERY_ALBUMS_TABLE => 'a'), 'LEFT_JOIN' => array(array('FROM' => array(GALLERY_ATRACK_TABLE => 'at'), 'ON' => 'at.user_id = ' . $user->data['user_id'] . ' AND a.album_id = at.album_id')), 'ORDER_BY' => 'a.album_user_id, a.left_id'); if (isset($mode_personal)) { $sql_array['LEFT_JOIN'][] = array('FROM' => array(USERS_TABLE => 'u'), 'ON' => 'u.user_id = a.album_user_id'); $sql_array['ORDER_BY'] = 'u.username_clean, a.left_id'; } $sql_array['LEFT_JOIN'][] = array('FROM' => array(GALLERY_CONTESTS_TABLE => 'c'), 'ON' => 'c.contest_album_id = a.album_id'); $sql_array['SELECT'] = $sql_array['SELECT'] . ', c.contest_marked'; $sql = $db->sql_build_query('SELECT', array('SELECT' => $sql_array['SELECT'], 'FROM' => $sql_array['FROM'], 'LEFT_JOIN' => $sql_array['LEFT_JOIN'], 'WHERE' => $sql_where, 'ORDER_BY' => $sql_array['ORDER_BY'])); $result = $db->sql_query($sql); $album_tracking_info = array(); $branch_root_id = $root_data['album_id']; while ($row = $db->sql_fetchrow($result)) { $album_id = $row['album_id']; // Mark albums read? if ($mark_read == 'albums' || $mark_read == 'all') { if (phpbb_gallery::$auth->acl_check('a_list', $album_id, $row['album_user_id'])) { $album_ids[] = $album_id; continue; } } // Category with no members if (!$row['album_type'] && $row['left_id'] + 1 == $row['right_id']) { continue; } // Skip branch if (isset($right_id)) { if ($row['left_id'] < $right_id) { continue; } unset($right_id); } if (!phpbb_gallery::$auth->acl_check('a_list', $album_id, $row['album_user_id'])) { // if the user does not have permissions to list this album, skip everything until next branch $right_id = $row['right_id']; continue; } $album_tracking_info[$album_id] = !empty($row['mark_time']) ? $row['mark_time'] : phpbb_gallery::$user->data('user_lastmark'); $row['album_images'] = $row['album_images']; $row['album_images_real'] = $row['album_images_real']; if ($row['parent_id'] == $root_data['album_id'] || $row['parent_id'] == $branch_root_id) { if ($row['album_type']) { $album_ids_moderator[] = (int) $album_id; } // Direct child of current branch $parent_id = $album_id; $album_rows[$album_id] = $row; if (!$row['album_type'] && $row['parent_id'] == $root_data['album_id']) { $branch_root_id = $album_id; } $album_rows[$parent_id]['album_id_last_image'] = $row['album_id']; $album_rows[$parent_id]['album_type_last_image'] = $row['album_type']; $album_rows[$parent_id]['album_contest_marked'] = $row['contest_marked']; $album_rows[$parent_id]['orig_album_last_image_time'] = $row['album_last_image_time']; } else { if ($row['album_type']) { $subalbums[$parent_id][$album_id]['display'] = $row['display_on_index'] ? true : false; $subalbums[$parent_id][$album_id]['name'] = $row['album_name']; $subalbums[$parent_id][$album_id]['orig_album_last_image_time'] = $row['album_last_image_time']; $subalbums[$parent_id][$album_id]['children'] = array(); if (isset($subalbums[$parent_id][$row['parent_id']]) && !$row['display_on_index']) { $subalbums[$parent_id][$row['parent_id']]['children'][] = $album_id; } $album_rows[$parent_id]['album_images'] += $row['album_images']; $album_rows[$parent_id]['album_images_real'] += $row['album_images_real']; if ($row['album_last_image_time'] > $album_rows[$parent_id]['album_last_image_time']) { $album_rows[$parent_id]['album_last_image_id'] = $row['album_last_image_id']; $album_rows[$parent_id]['album_last_image_name'] = $row['album_last_image_name']; $album_rows[$parent_id]['album_last_image_time'] = $row['album_last_image_time']; $album_rows[$parent_id]['album_last_user_id'] = $row['album_last_user_id']; $album_rows[$parent_id]['album_last_username'] = $row['album_last_username']; $album_rows[$parent_id]['album_last_user_colour'] = $row['album_last_user_colour']; $album_rows[$parent_id]['album_type_last_image'] = $row['album_type']; $album_rows[$parent_id]['album_contest_marked'] = $row['contest_marked']; $album_rows[$parent_id]['album_id_last_image'] = $album_id; } } } } $db->sql_freeresult($result); // Handle marking albums if ($mark_read == 'albums' || $mark_read == 'all') { $redirect = build_url('mark', 'hash'); $token = request_var('hash', ''); if (check_link_hash($token, 'global')) { if ($mark_read == 'all') { phpbb_gallery_misc::markread('all'); $message = sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect . '">', '</a>'); } else { phpbb_gallery_misc::markread('albums', $album_ids); $message = sprintf($user->lang['RETURN_ALBUM'], '<a href="' . $redirect . '">', '</a>'); } meta_refresh(3, $redirect); trigger_error($user->lang['ALBUMS_MARKED'] . '<br /><br />' . $message); } else { $message = sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'); meta_refresh(3, $redirect); trigger_error($message); } } // Grab moderators ... if necessary if ($display_moderators) { if ($return_moderators) { $album_ids_moderator[] = $root_data['album_id']; } self::get_moderators($album_moderators, $album_ids_moderator); } // Used to tell whatever we have to create a dummy category or not. $last_catless = true; foreach ($album_rows as $row) { // Empty category if ($row['parent_id'] == $root_data['album_id'] && $row['album_type'] == self::TYPE_CAT) { $template->assign_block_vars('albumrow', array('S_IS_CAT' => true, 'ALBUM_ID' => $row['album_id'], 'ALBUM_NAME' => $row['album_name'], 'ALBUM_DESC' => generate_text_for_display($row['album_desc'], $row['album_desc_uid'], $row['album_desc_bitfield'], $row['album_desc_options']), 'ALBUM_FOLDER_IMG' => '', 'ALBUM_FOLDER_IMG_SRC' => '', 'ALBUM_IMAGE' => $row['album_image'] ? phpbb_gallery_url::path('phpbb') . $row['album_image'] : '', 'U_VIEWALBUM' => phpbb_gallery_url::append_sid('album', 'album_id=' . $row['album_id']))); continue; } $visible_albums++; if ($mode == 'personal' && ($visible_albums <= $start || $visible_albums > $start + $limit)) { continue; } $album_id = $row['album_id']; $album_unread = isset($album_tracking_info[$album_id]) && $row['orig_album_last_image_time'] > $album_tracking_info[$album_id] && $user->data['user_id'] != ANONYMOUS ? true : false; $folder_image = $folder_alt = $l_subalbums = ''; $subalbums_list = array(); // Generate list of subalbums if we need to if (isset($subalbums[$album_id])) { foreach ($subalbums[$album_id] as $subalbum_id => $subalbum_row) { $subalbum_unread = isset($album_tracking_info[$subalbum_id]) && $subalbum_row['orig_album_last_image_time'] > $album_tracking_info[$subalbum_id] && $user->data['user_id'] != ANONYMOUS ? true : false; if (!$subalbum_unread && !empty($subalbum_row['children']) && $user->data['user_id'] != ANONYMOUS) { foreach ($subalbum_row['children'] as $child_id) { if (isset($album_tracking_info[$child_id]) && $subalbums[$album_id][$child_id]['orig_album_last_image_time'] > $album_tracking_info[$child_id]) { // Once we found an unread child album, we can drop out of this loop $subalbum_unread = true; break; } } } if ($subalbum_row['display'] && $subalbum_row['name']) { $subalbums_list[] = array('link' => phpbb_gallery_url::append_sid('album', 'album_id=' . $subalbum_id), 'name' => $subalbum_row['name'], 'unread' => $subalbum_unread); } else { unset($subalbums[$album_id][$subalbum_id]); } if ($subalbum_unread) { $album_unread = true; } } $l_subalbums = sizeof($subalbums[$album_id]) == 1 ? $user->lang['SUBALBUM'] . ': ' : $user->lang['SUBALBUMS'] . ': '; $folder_image = $album_unread ? 'forum_unread_subforum' : 'forum_read_subforum'; } else { $folder_alt = $album_unread ? 'NEW_IMAGES' : 'NO_NEW_IMAGES'; $folder_image = $album_unread ? 'forum_unread' : 'forum_read'; } if ($row['album_status'] == self::STATUS_LOCKED) { $folder_image = $album_unread ? 'forum_unread_locked' : 'forum_read_locked'; $folder_alt = 'ALBUM_LOCKED'; } // Create last post link information, if appropriate if ($row['album_last_image_id']) { $lastimage_name = $row['album_last_image_name']; $lastimage_time = $user->format_date($row['album_last_image_time']); $lastimage_image_id = $row['album_last_image_id']; $lastimage_album_id = $row['album_id_last_image']; $lastimage_album_type = $row['album_type_last_image']; $lastimage_contest_marked = $row['album_contest_marked']; $lastimage_uc_fake_thumbnail = phpbb_gallery_image::generate_link('fake_thumbnail', phpbb_gallery_config::get('link_thumbnail'), $lastimage_image_id, $lastimage_name, $lastimage_album_id); $lastimage_uc_thumbnail = phpbb_gallery_image::generate_link('thumbnail', phpbb_gallery_config::get('link_thumbnail'), $lastimage_image_id, $lastimage_name, $lastimage_album_id); $lastimage_uc_name = phpbb_gallery_image::generate_link('image_name', phpbb_gallery_config::get('link_image_name'), $lastimage_image_id, $lastimage_name, $lastimage_album_id); $lastimage_uc_icon = phpbb_gallery_image::generate_link('lastimage_icon', phpbb_gallery_config::get('link_image_icon'), $lastimage_image_id, $lastimage_name, $lastimage_album_id); } else { $lastimage_time = $lastimage_image_id = $lastimage_album_id = $lastimage_album_type = 0; $lastimage_name = $lastimage_uc_fake_thumbnail = $lastimage_uc_thumbnail = $lastimage_uc_name = $lastimage_uc_icon = ''; } // Output moderator listing ... if applicable $l_moderator = $moderators_list = ''; if ($display_moderators && !empty($album_moderators[$album_id])) { $l_moderator = sizeof($album_moderators[$album_id]) == 1 ? $user->lang['MODERATOR'] : $user->lang['MODERATORS']; $moderators_list = implode(', ', $album_moderators[$album_id]); } $s_subalbums_list = array(); foreach ($subalbums_list as $subalbum) { $s_subalbums_list[] = '<a href="' . $subalbum['link'] . '" class="subforum ' . ($subalbum['unread'] ? 'unread' : 'read') . '" title="' . ($subalbum['unread'] ? $user->lang['NEW_IMAGES'] : $user->lang['NO_NEW_IMAGES']) . '">' . $subalbum['name'] . '</a>'; } $s_subalbums_list = (string) implode(', ', $s_subalbums_list); $catless = $row['parent_id'] == $root_data['album_id'] ? true : false; $template->assign_block_vars('albumrow', array('S_IS_CAT' => false, 'S_NO_CAT' => $catless && !$last_catless, 'S_LOCKED_ALBUM' => $row['album_status'] == self::STATUS_LOCKED ? true : false, 'S_LIST_SUBALBUMS' => $row['display_subalbum_list'] ? true : false, 'S_SUBALBUMS' => sizeof($subalbums_list) ? true : false, 'ALBUM_ID' => $row['album_id'], 'ALBUM_NAME' => $row['album_name'], 'ALBUM_DESC' => generate_text_for_display($row['album_desc'], $row['album_desc_uid'], $row['album_desc_bitfield'], $row['album_desc_options']), 'IMAGES' => $row['album_images'], 'UNAPPROVED_IMAGES' => phpbb_gallery::$auth->acl_check('m_status', $album_id, $row['album_user_id']) ? $row['album_images_real'] - $row['album_images'] : 0, 'ALBUM_FOLDER_IMG' => $user->img($folder_image, $folder_alt), 'ALBUM_FOLDER_IMG_SRC' => $user->img($folder_image, $folder_alt, false, '', 'src'), 'ALBUM_FOLDER_IMG_ALT' => isset($user->lang[$folder_alt]) ? $user->lang[$folder_alt] : '', 'ALBUM_IMAGE' => $row['album_image'] ? phpbb_gallery_url::path('phpbb') . $row['album_image'] : '', 'LAST_IMAGE_TIME' => $lastimage_time, 'LAST_USER_FULL' => $lastimage_album_type == self::TYPE_CONTEST && ($lastimage_contest_marked && !phpbb_gallery::$auth->acl_check('m_status', $album_id, $row['album_user_id'])) ? $user->lang['CONTEST_USERNAME'] : get_username_string('full', $row['album_last_user_id'], $row['album_last_username'], $row['album_last_user_colour']), 'UC_THUMBNAIL' => phpbb_gallery_config::get('mini_thumbnail_disp') ? $lastimage_uc_thumbnail : '', 'UC_FAKE_THUMBNAIL' => phpbb_gallery_config::get('mini_thumbnail_disp') ? $lastimage_uc_fake_thumbnail : '', 'UC_IMAGE_NAME' => $lastimage_uc_name, 'UC_LASTIMAGE_ICON' => $lastimage_uc_icon, 'ALBUM_COLOUR' => get_username_string('colour', $row['album_last_user_id'], $row['album_last_username'], $row['album_last_user_colour']), 'MODERATORS' => $moderators_list, 'SUBALBUMS' => $s_subalbums_list, 'L_SUBALBUM_STR' => $l_subalbums, 'L_ALBUM_FOLDER_ALT' => $folder_alt, 'L_MODERATOR_STR' => $l_moderator, 'U_VIEWALBUM' => phpbb_gallery_url::append_sid('album', 'album_id=' . $row['album_id']))); // Assign subforums loop for style authors foreach ($subalbums_list as $subalbum) { $template->assign_block_vars('albumrow.subalbum', array('U_SUBALBUM' => $subalbum['link'], 'SUBALBUM_NAME' => $subalbum['name'], 'S_UNREAD' => $subalbum['unread'])); } $last_catless = $catless; } $template->assign_vars(array('U_MARK_ALBUMS' => $user->data['is_registered'] ? phpbb_gallery_url::append_sid('album', 'hash=' . generate_link_hash('global') . '&album_id=' . $root_data['album_id'] . '&mark=albums') : '', 'S_HAS_SUBALBUM' => $visible_albums ? true : false, 'L_SUBFORUM' => $visible_albums == 1 ? $user->lang['SUBALBUM'] : $user->lang['SUBALBUMS'], 'LAST_POST_IMG' => $user->img('icon_topic_latest', 'VIEW_LATEST_POST'), 'FAKE_THUMB_SIZE' => phpbb_gallery_config::get('mini_thumbnail_size'))); if ($return_moderators) { return array($active_album_ary, $album_moderators); } return array($active_album_ary, array()); }