/** * Fetches information about the selected message with permission checks * * @param integer The post we want info about * @param mixed Should a permission check be performed as well * * @return array Array of information about the message or prints an error if it doesn't exist / permission problems */ function verify_visitormessage($vmid, $alert = true, $perm_check = true) { global $vbulletin, $vbphrase; $messageinfo = fetch_visitormessageinfo($vmid); if (!$messageinfo) { if ($alert) { standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); } else { return 0; } } if ($perm_check) { if ($messageinfo['state'] == 'deleted') { $can_view_deleted = (can_moderate(0, 'canmoderatevisitormessages') or $messageinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile']); if (!$can_view_deleted) { standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); } } if ($messageinfo['state'] == 'moderation') { $can_view_moderated = ($messageinfo['postuserid'] == $vbulletin->userinfo['userid'] or $messageinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile'] or can_moderate(0, 'canmoderatevisitormessages')); if (!$can_view_moderated) { standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); } } // Need coventry support first // if (in_coventry($userinfo['userid']) AND !can_moderate()) // { // standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); // } } return $messageinfo; }
function verify_strike_status($username = '', $supress_error = false) { global $vbulletin; $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600)); if (!$vbulletin->options['usestrikesystem']) { return 0; } $strikes = $vbulletin->db->query_first("\n\t\tSELECT COUNT(*) AS strikes, MAX(striketime) AS lasttime\n\t\tFROM " . TABLE_PREFIX . "strikes\n\t\tWHERE strikeip = '" . $vbulletin->db->escape_string(IPADDRESS) . "'\n\t"); if ($strikes['strikes'] >= 5 and $strikes['lasttime'] > TIMENOW - 900) { //they've got it wrong 5 times or greater for any username at the moment // the user is still not giving up so lets keep increasing this marker exec_strike_user($username); if (!$supress_error) { eval(standard_error(fetch_error('strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl']))); } else { return false; } } else { if ($strikes['strikes'] > 5) { // a bit sneaky but at least it makes the error message look right $strikes['strikes'] = 5; } } return $strikes['strikes']; }
public function output() { global $vbulletin; $vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT)); // verify the userid exists, don't want useless entries in our table. if ($vbulletin->GPC['userid'] and $vbulletin->GPC['userid'] != $vbulletin->userinfo['userid']) { if (!($userinfo = fetch_userinfo($vbulletin->GPC['userid']))) { standard_error(fetch_error('invalidid', $vbphrase['user'], $vbulletin->options['contactuslink'])); } // are we a member of this user's blog? if (!is_member_of_blog($vbulletin->userinfo, $userinfo)) { print_no_permission(); } $userid = $userinfo['userid']; /* Blog posting check */ if (!($userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) { print_no_permission(); } } else { $userinfo =& $vbulletin->userinfo; $userid = ''; /* Blog posting check, no guests! */ if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) or !($vbulletin->userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !$vbulletin->userinfo['userid']) { print_no_permission(); } } require_once DIR . '/includes/blog_functions_shared.php'; prepare_blog_category_permissions($userinfo, true); $globalcats = $this->construct_category($userinfo, 'global'); $localcats = $this->construct_category($userinfo, 'local'); return array('globalcategorybits' => $globalcats, 'localcategorybits' => $localcats); }
function fetch_search_forumids(&$forumchoice, $childforums = 0) { global $vbulletin, $display; // make sure that $forumchoice is an array if (!is_array($forumchoice)) { $forumchoice = array($forumchoice); } // initialize the $forumids for return by this function $forumids = array(); foreach ($forumchoice as $forumid) { // get subscribed forumids if ($forumid === 'subscribed' and $vbulletin->userinfo['userid'] != 0) { DEVDEBUG("Querying subscribed forums for " . $vbulletin->userinfo['username']); $sforums = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT forumid FROM " . TABLE_PREFIX . "subscribeforum\n\t\t\t\tWHERE userid = " . $vbulletin->userinfo['userid']); if ($vbulletin->db->num_rows($sforums) == 0) { // no subscribed forums eval(standard_error(fetch_error('not_subscribed_to_any_forums'))); } while ($sforum = $vbulletin->db->fetch_array($sforums)) { $forumids["{$sforum['forumid']}"] .= $sforum['forumid']; } unset($sforum); $vbulletin->db->free_result($sforums); } else { $forumid = intval($forumid); if (isset($vbulletin->forumcache["{$forumid}"]) and $vbulletin->forumcache["{$forumid}"]['link'] == '') { $forumids["{$forumid}"] = $forumid; } } } // now if there are any forumids we have to query, work out their child forums if (empty($forumids)) { $forumchoice = array(); $display['forums'] = array(); } else { // set $forumchoice to show the returned forumids #$forumchoice = implode(',', $forumids); // put current forumids into the display table $display['forums'] = $forumids; // get child forums of selected forums if ($childforums) { require_once DIR . '/includes/functions_misc.php'; foreach ($forumids as $forumid) { $children = fetch_child_forums($forumid, 'ARRAY'); if (!empty($children)) { foreach ($children as $childid) { $forumids["{$childid}"] = $childid; } } unset($children); } } } // return the array of forumids return $forumids; }
/** * Shows the form for inline mod authentication. */ function show_inline_mod_login($showerror = false) { global $vbulletin, $vbphrase, $show; $show['inlinemod_form'] = true; $show['passworderror'] = $showerror; if (!$showerror) { $vbulletin->url = SCRIPTPATH; } $forumHome = vB_Library::instance('content_channel')->getForumHomeChannel(); eval(standard_error(fetch_error('nopermission_loggedin', $vbulletin->userinfo['username'], vB_Template_Runtime::fetchStyleVar('right'), vB::getCurrentSession()->get('sessionurl'), $vbulletin->userinfo['securitytoken'], vB5_Route::buildUrl($forumHome['routeid'] . 'home|fullurl')))); }
/** * For registration without existing account, create a new vb user * If a user is successfully created, her userid is written to $userid */ private function createUser($data, &$userid) { global $vbulletin; $moderated = $vbulletin->options['moderatenewmembers']; $languageid = $vbulletin->userinfo['languageid']; $require_activation = $vbulletin->options['verifyemail'] && $data['default_email'] != $data['coded_email']; // Create a vB user with default permissions -- code from register.php if (!$vbulletin->options['allowregistration']) { eval(standard_error(fetch_error('noregister'))); } // Init user datamanager class $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT); $userdata->set_info('coppauser', false); $userdata->set_info('coppapassword', ''); $userdata->set_bitfield('options', 'coppauser', ''); $userdata->set('username', $data['username']); $userdata->set('password', md5($this->genPasswd())); $userdata->set('email', $data['email']); $userdata->set('languageid', $languageid); $userdata->set('ipaddress', IPADDRESS); // UserGroupId: Registered Users (2) or Users Awaiting Email Confirmation (3) $userdata->set('usergroupid', $require_activation ? 3 : 2); $userdata->set_usertitle('', false, $vbulletin->usergroupcache["{$newusergroupid}"], false, false); $userdata->presave_called = true; // If any error happened, we abort and return the error message(s) if ($userdata->has_errors(false)) { // $die := false return join('</li><li>', $userdata->errors); } // Save the data $userid = $userdata->save(); // Did we get a valid vb userid? if (!$userid) { return 'vbnexus_registration_failed'; } // If the user changed the email given by the external service, we follow // the regular steps for email activation if ($require_activation) { // Email phrase 'activateaccount' expects vars called $userid, $username // and $activateid to be defined and meaningfull $username = $data['username']; $activateid = build_user_activation_id($userid, $moderated ? 4 : 2, 0); eval(fetch_email_phrases('activateaccount', $languageid)); // After eval'ing activateaccount we have vars $subject and $message set vbmail($data['email'], $subject, $message, true); } // Force a new session to prevent potential issues with guests from the same IP, see bug #2459 $vbulletin->session->created = false; return true; }
// get special phrase groups $phrasegroups = array('wol'); // get special data templates from the datastore $specialtemplates = array('maxloggedin', 'wol_spiders'); // pre-cache templates used by all actions $globaltemplates = array('forumdisplay_sortarrow', 'im_aim', 'im_icq', 'im_msn', 'im_yahoo', 'im_skype', 'WHOSONLINE', 'whosonlinebit'); // pre-cache templates used by specific actions $actiontemplates = array('resolveip' => array('whosonline_resolveip')); // ######################### REQUIRE BACK-END ############################ require_once './global.php'; require_once DIR . '/includes/functions_online.php'; // ####################################################################### // ######################## START MAIN SCRIPT ############################ // ####################################################################### if (!$vbulletin->options['WOLenable']) { eval(standard_error(fetch_error('whosonlinedisabled'))); } if (!($permissions['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonline'])) { print_no_permission(); } // ####################################################################### // resolve an IP in Who's Online (this uses the WOL permissions) if ($_REQUEST['do'] == 'resolveip') { $vbulletin->input->clean_array_gpc('r', array('ipaddress' => TYPE_NOHTML, 'ajax' => TYPE_BOOL)); // can we actually resolve this? if (!($permissions['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlineip'])) { print_no_permission(); } $resolved_host = htmlspecialchars_uni(@gethostbyaddr($vbulletin->GPC['ipaddress'])); $ipaddress =& $vbulletin->GPC['ipaddress']; // no html'd already
function goto_nextthread($threadid, $throwerror = true) { global $vbulletin; $thread = verify_id('thread', $threadid, $throwerror, 1); $forumperms = fetch_permissions($thread['forumid']); // remove threads from users on the global ignore list if user is not a moderator if ($coventry = fetch_coventry('string') and !can_moderate($thread['forumid'])) { $globalignore = "AND postuserid NOT IN ({$coventry})"; } else { $globalignore = ''; } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers'])) { $limitothers = "AND postuserid = " . $vbulletin->userinfo['userid'] . " AND " . $vbulletin->userinfo['userid'] . " <> 0"; } else { $limitothers = ''; } if ($vbulletin->userinfo['userid'] and in_coventry($vbulletin->userinfo['userid'], true)) { $lastpost_info = ",IF(tachythreadpost.userid IS NULL, thread.lastpost, tachythreadpost.lastpost) AS lastpost"; $tachyjoin = "LEFT JOIN " . TABLE_PREFIX . "tachythreadpost AS tachythreadpost ON " . "(tachythreadpost.threadid = thread.threadid AND tachythreadpost.userid = " . $vbulletin->userinfo['userid'] . ')'; $lastpost_having = "HAVING lastpost > {$thread['lastpost']}"; } else { $lastpost_info = ""; $tachyjoin = ""; $lastpost_having = "AND lastpost > {$thread['lastpost']}"; } if ($getnextnewest = $vbulletin->db->query_first_slave("\n\t\tSELECT thread.threadid, thread.title\n\t\t\t{$lastpost_info}\n\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\t{$tachyjoin}\n\t\tWHERE forumid = {$thread['forumid']}\n\t\t\tAND visible = 1\n\t\t\tAND open <> 10\n\t\t\t{$globalignore}\n\t\t\t{$limitothers}\n\t\t{$lastpost_having}\n\t\tORDER BY lastpost\n\t\tLIMIT 1\n\t")) { $threadid = $getnextnewest['threadid']; unset($thread); } else { if ($throwerror) { eval(standard_error(fetch_error('nonextnewest'))); } } return $getnextnewest; }
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); $xml->add_group('response'); if ($profilefield = $db->query_first("SELECT profilefield.* FROM " . TABLE_PREFIX . "profilefield AS profilefield WHERE profilefieldid = " . $vbulletin->GPC['fieldid'])) { if ($profilefield['editable'] == 1 OR ($profilefield['editable'] == 2 AND empty($vbulletin->userinfo["field$profilefield[profilefieldid]"]))) { $profilefield_template = fetch_profilefield($profilefield, 'memberinfo_customfield_edit'); $xml->add_tag('template', process_replacement_vars($profilefield_template)); } else { $xml->add_tag('error', fetch_error('profile_field_uneditable')); $xml->add_tag('uneditable', '1'); } } else { // we want this person to refresh the page, so just throw a no perm error print_no_permission(); } $xml->close_group(); $xml->print_xml(); } // ############################################################################# // dismisses a dismissible notice
/** * Shows an error message and halts execution - use this in the same way as print_stop_message(); * * @param string Phrase name for error message */ function error($errorphrase) { //if we are passed a array then assume that it is the phrase plus arguments if (is_array($errorphrase)) { $args = $errorphrase; } else { $args = func_get_args(); } //if we aren't processing the error, just save the phrase id and args raw if ($this->error_handler == vB_DataManager_Constants::ERRTYPE_ARRAY_UNPROCESSED) { $error = $args; } else { if ($this->error_handler == vB_DataManager_Constants::ERRTYPE_UPGRADE) { $error = $args; } else { //otherwise fetch the error message $error = fetch_error($args); } } $this->errors[] = $error; if ($this->failure_callback and is_callable($this->failure_callback)) { call_user_func_array($this->failure_callback, array(&$this, $errorphrase)); } switch ($this->error_handler) { case vB_DataManager_Constants::ERRTYPE_ARRAY: case vB_DataManager_Constants::ERRTYPE_SILENT: case vB_DataManager_Constants::ERRTYPE_ARRAY_UNPROCESSED: case vB_DataManager_Constants::ERRTYPE_UPGRADE: // do nothing -- either we are ignoring errors or manually checking the error array at intervals. break; case vB_DataManager_Constants::ERRTYPE_STANDARD: throw new Exception($error); break; case vB_DataManager_Constants::ERRTYPE_CP: print_cp_message($error); break; } }
($hook = vBulletinHook::fetch_hook('group_inlinemod_dodelete')) ? eval($hook) : false; eval(print_standard_redirect('redirect_inline_deletedmessages', true, $forceredirect)); } if ($_POST['do'] == 'inlineundelete') { if (!can_moderate(0, 'candeletegroupmessages')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_messages')); } // Validate Messages $messages = $db->query_read_slave("\n\t\tSELECT gm.gmid, gm.state, gm.groupid, gm.dateline, gm.postuserid, gm.postusername,\n\t\t\tsocialgroup.name AS group_name, socialgroup.creatoruserid\n\t\tFROM " . TABLE_PREFIX . "groupmessage AS gm\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON (socialgroup.groupid = gm.groupid)\n\t\tWHERE gmid IN ({$messageids})\n\t\t\tAND state = 'deleted'\n\t"); while ($message = $db->fetch_array($messages)) { $message['is_group_owner'] = $message['creatoruserid'] == $vbulletin->userinfo['userid']; $messagearray["{$message['gmid']}"] = $message; $grouplist["{$message['groupid']}"] = true; } if (empty($messagearray)) { standard_error(fetch_error('you_did_not_select_any_valid_messages')); } $db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "deletionlog\n\t\tWHERE type = 'groupmessage' AND\n\t\t\tprimaryid IN(" . implode(',', array_keys($messagearray)) . ")\n\t"); $db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "groupmessage\n\t\tSET state = 'visible'\n\t\tWHERE gmid IN(" . implode(',', array_keys($messagearray)) . ")\n\t"); foreach ($grouplist as $groupid => $foo) { build_group_counters($groupid); } foreach ($messagearray as $message) { if (!$message['is_group_owner']) { log_moderator_action($message, 'gm_by_x_for_y_undeleted', array($message['postusername'], $message['group_name'])); } } // empty cookie setcookie('vbulletin_inlinegmessage', '', TIMENOW - 3600, '/'); ($hook = vBulletinHook::fetch_hook('group_inlinemod_undelete')) ? eval($hook) : false; eval(print_standard_redirect('redirect_inline_undeletedmessages', true, $forceredirect));
/** * Shows an error message and halts execution - use this in the same way as print_stop_message(); * * @param string Phrase name for error message */ function error($errorphrase) { $args = func_get_args(); if (is_array($errorphrase)) { $error = fetch_error($errorphrase); } else { $error = call_user_func_array('fetch_error', $args); } $this->errors[] = $error; if ($this->failure_callback and is_callable($this->failure_callback)) { call_user_func_array($this->failure_callback, array(&$this, $errorphrase)); } switch ($this->error_handler) { case ERRTYPE_ARRAY: case ERRTYPE_SILENT: // do nothing break; case ERRTYPE_STANDARD: eval(standard_error($error)); break; case ERRTYPE_CP: print_cp_message($error); break; } }
} } eval('$infractionbits .= "' . fetch_template('userinfractionbit') . '";'); } } if ($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cangivearbinfraction']) { $checked_inf = (!$vbulletin->GPC['infractionlevelid'] and !empty($vbulletin->GPC['period']) or empty($infractionbits)) ? 'checked="checked"' : ''; $show['custominfraction'] = true; } if (!empty($banlist) and ($show['custominfraction'] or $infractionban or $pointsban)) { $show['banreason'] = true; } else { $show['banreason'] = false; } if (empty($infractionbits) and !($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cangivearbinfraction'])) { eval(standard_error(fetch_error('there_are_no_infraction_levels'))); } // draw nav bar $navbits = array(); if ($postinfo['postid']) { $parentlist = array_reverse(explode(',', $foruminfo['parentlist'])); foreach ($parentlist as $forumID) { $forumTitle = $vbulletin->forumcache["{$forumID}"]['title']; $navbits['forumdisplay.php?' . $vbulletin->session->vars['sessionurl'] . "f={$forumID}"] = $forumTitle; } $navbits['showthread.php?' . $vbulletin->session->vars['sessionurl'] . "p={$postid}"] = $threadinfo['prefix_plain_html'] . ' ' . $threadinfo['title']; } $navbits[''] = construct_phrase($vbphrase['user_infraction_for_x'], $userinfo['username']); $navbits = construct_navbits($navbits); require_once DIR . '/includes/functions_editor.php'; $textareacols = fetch_textarea_width();
$page_templater->register('spacer_close', $spacer_close); $page_templater->register('spacer_open', $spacer_open); $page_templater->register('totalcols', $totalcols); $page_templater->register('totalusers', $totalusers); $page_templater->register('usergroupid', $usergroupid); $page_templater->register('usergrouplink', $usergrouplink); $page_templater->register('oppositesort', $oppositesort); } // ############################################################################# // advanced search if ($_REQUEST['do'] == 'search') { if (!$vbulletin->options['usememberlistadvsearch']) { eval(standard_error(fetch_error('nomemberlistsearch'))); } $bgclass = 'alt1'; // get extra profile fields $profilefields = $db->query_read_slave(" SELECT * FROM " . TABLE_PREFIX . "profilefield WHERE searchable = 1 AND form = 0 " . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), " AND hidden = 0") . " ORDER BY displayorder "); $customfields = ''; while ($profilefield = $db->fetch_array($profilefields))
/** * Sets the user we're working with. Automatically sets permissions as well. * * @param integer User to process * @param boolean Whether to fetch existing CSS data * * @return boolean True on success */ function set_userid($userid, $fetch = true) { $userid = intval($userid); if ($userid == $this->registry->userinfo['userid']) { $this->userid = $userid; $this->permissions = $this->registry->userinfo['permissions']; } else { if ($user = $this->dbobject->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = {$userid}")) { $this->userid = $userid; $this->permissions = cache_permissions($user, false); } else { global $vbphrase; $this->error[] = fetch_error('invalidid', $vbphrase['user'], $this->registry->options['contactuslink']); return false; } } if ($fetch) { $this->existing = $this->fetch_existing(); } return true; }
/** * Performs atomic floodcheck * */ function perform_floodcheck_commit() { $flood_limit = ($this->registry->options['enableemail'] and $this->registry->options['rpemail'] ? $this->registry->options['emailfloodtime'] : $this->registry->options['floodchecktime']); require_once DIR . '/includes/class_floodcheck.php'; $floodcheck =& new vB_FloodCheck($this->registry, 'user', 'emailstamp'); $floodcheck->commit_key($this->registry->userinfo['userid'], TIMENOW, TIMENOW - $flood_limit); if ($floodcheck->is_flooding()) { standard_error(fetch_error('report_post_floodcheck', $flood_limit, $floodcheck->flood_wait())); } }
$vbulletin->options['attachfile'] = ATTACH_AS_DB; } else { // Converting FROM fs TO mysql $path = fetch_attachment_path($attachment['userid'], $attachment['filedataid']); $thumbnail_path = fetch_attachment_path($attachment['userid'], $attachment['filedataid'], true); $temp = $vbulletin->options['attachfile']; $vbulletin->options['attachfile'] = ATTACH_AS_DB; if ($filedata = @file_get_contents($path)) { $thumbnail_filedata = @file_get_contents($thumbnail_path); $attachdata =& datamanager_init('Filedata', $vbulletin, ERRTYPE_SILENT, 'attachment'); $attachdata->set_existing($attachment); $attachdata->setr('filedata', $filedata); $attachdata->setr('thumbnail', $thumbnail_filedata); if (!($result = $attachdata->save())) { if (empty($attachdata->errors[0])) { $attacherror = fetch_error('upload_file_failed'); // change this error } else { $attacherror =& $attachdata->errors[0]; } } unset($attachdata); } else { // Add error about file missing.. $vbulletin->GPC['attacherrorcount']++; } $vbulletin->options['attachfile'] = $temp; } if ($vbulletin->debug) { echo "\t<tr>\n\t\t\t\t\t<td>{$attachment['filedataid']}" . iif($attacherror, "<br />{$attacherror}") . "</td>\n\t\t\t\t\t<td>{$attachment['filesize']}</td>\n\t\t\t\t\t<td>{$filesize} / {$thumbnail_filesize}</td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t"; } else {
$tmp = explode('_', $currency); $currency = $tmp[1]; $subscriptionsubid = intval($tmp[0]); unset($tmp); $costs = unserialize($sub['cost']); if ($costs["{$subscriptionsubid}"]['length'] == 1) { $subscription_units = $lengths[$costs["{$subscriptionsubid}"]['units']]; } else { $subscription_units = $lengths[$costs["{$subscriptionsubid}"]['units'] . 's']; } $subscription_length = construct_phrase($vbphrase['length_x_units_y_recurring_z'], $costs["{$subscriptionsubid}"]['length'], $subscription_units, $costs["{$subscriptionsubid}"]['recurring'] ? ' *' : ''); $subscription_title = $sub['title']; $subscription_cost = $subobj->_CURRENCYSYMBOLS["{$currency}"] . vb_number_format($costs["{$subscriptionsubid}"]['cost']["{$currency}"], 2); $orderbits = ''; if (empty($costs["{$subscriptionsubid}"]['cost']["{$currency}"])) { eval(standard_error(fetch_error('invalid_currency'))); } // These phrases are constant since they are the name of a service $tmp = array('paypal' => 'PayPal', 'nochex' => 'NOCHEX', 'worldpay' => 'WorldPay', '2checkout' => '2Checkout', 'moneybookers' => 'MoneyBookers', 'authorizenet' => 'Authorize.Net', 'ccbill' => 'CCBill'); $vbphrase += $tmp; ($hook = vBulletinHook::fetch_hook('paidsub_order_start')) ? eval($hook) : false; $hash = md5($vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt'] . $subscriptionid . uniqid(microtime(), 1)); /* insert query */ $db->query_write("\n\t\tINSERT INTO " . TABLE_PREFIX . "paymentinfo\n\t\t\t(hash, completed, subscriptionid, subscriptionsubid, userid)\n\t\tVALUES\n\t\t\t('" . $db->escape_string($hash) . "', 0, {$subscriptionid}, {$subscriptionsubid}, " . $vbulletin->userinfo['userid'] . ")\n\t"); $methods = $db->query_read_slave("SELECT * FROM " . TABLE_PREFIX . "paymentapi WHERE active = 1 AND FIND_IN_SET('" . $db->escape_string($currency) . "', currency)"); while ($method = $db->fetch_array($methods)) { if (empty($costs["{$subscriptionsubid}"]['ccbillsubid']) and $method['classname'] == 'ccbill') { continue; } if ($costs["{$subscriptionsubid}"]['cost']["{$currency}"] > 0) { $form = $subobj->construct_payment($hash, $method, $costs["{$subscriptionsubid}"], $currency, $sub, $vbulletin->userinfo);
$orderedids = array(); if ($starteronly) { $threads = $db->query_read_slave("\n\t\t\tSELECT thread.threadid\n\t\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\t\tWHERE thread.postuserid = {$user['userid']}\n\t\t\t\t{$sql}\n\t\t\tORDER BY lastpost DESC\n\t\t\tLIMIT " . $vbulletin->options['maxresults'] * 2 . "\n\t\t"); while ($thread = $db->fetch_array($threads)) { $orderedids[] = $thread['threadid']; } } else { $posts = $db->query_read_slave("\n\t\t\tSELECT postid\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tINNER JOIN " . TABLE_PREFIX . "thread AS thread ON(thread.threadid = post.threadid)\n\t\t\tWHERE post.userid = {$user['userid']}\n\t\t\t\t{$sql}\n\t\t\tORDER BY post.dateline DESC\n\t\t\tLIMIT " . $vbulletin->options['maxresults'] * 2 . "\n\t\t"); while ($post = $db->fetch_array($posts)) { $orderedids[] = $post['postid']; } $db->free_result($posts); } // did we get some results? if (empty($orderedids)) { eval(standard_error(fetch_error('searchnoresults', $displayCommon), '', false)); } // set display terms $display = array('words' => array(), 'highlight' => array(), 'common' => array(), 'users' => array($user['userid'] => $user['username']), 'forums' => iif($showforums, $display['forums'], 0), 'options' => array('starteronly' => $starteronly, 'childforums' => 1, 'action' => 'process')); // end search timer $searchtime = number_format(fetch_microtime_difference($searchtime), 5, '.', ''); $sort_order = $showposts ? 'post.dateline' : 'lastpost'; ($hook = vBulletinHook::fetch_hook('search_finduser_complete')) ? eval($hook) : false; /*insert query*/ $db->query_write("\n\t\tREPLACE INTO " . TABLE_PREFIX . "search\n\t\t\t(userid, ipaddress, personal,\n\t\t\tsearchuser, forumchoice,\n\t\t\tsortby, sortorder, searchtime,\n\t\t\tshowposts, orderedids, dateline,\n\t\t\tdisplayterms, searchhash, completed)\n\t\tVALUES\n\t\t\t(" . $vbulletin->userinfo['userid'] . ", '" . $db->escape_string(IPADDRESS) . "', 1,\n\t\t\t'" . $db->escape_string($user['username']) . "', '" . $db->escape_string($forumchoice) . "',\n\t\t\t'{$sort_order}', 'DESC', {$searchtime},\n\t\t\t{$showposts}, '" . $db->escape_string(implode(',', $orderedids)) . "', " . TIMENOW . ",\n\t\t\t'" . $db->escape_string(serialize($display)) . "', '" . $db->escape_string($searchhash) . "', 1)\n\t"); $searchid = $db->insert_id(); $vbulletin->url = 'search.php?' . $vbulletin->session->vars['sessionurl'] . "searchid={$searchid}"; eval(print_standard_redirect('search')); } // ############################################################################# if ($_POST['do'] == 'doprefs') {
while ($attachment = $db->fetch_array($attachs)) { // hide users in Coventry $ast = ''; if (in_coventry($attachment['userid']) and !can_moderate($threadinfo['forumid'])) { continue; } $attachment['filename'] = fetch_censored_text(htmlspecialchars_uni($attachment['filename'])); $attachment['attachmentextension'] = strtolower(file_extension($attachment['filename'])); $attachment['filesize'] = vb_number_format($attachment['filesize'], 1, true); exec_switch_bg(); eval('$attachments .= "' . fetch_template('attachmentbit') . '";'); } ($hook = vBulletinHook::fetch_hook('misc_showattachments_complete')) ? eval($hook) : false; eval('print_output("' . fetch_template('ATTACHMENTS') . '");'); } else { eval(standard_error(fetch_error('noattachments'))); } } // ############################### start show avatars ############################### if ($_REQUEST['do'] == 'showavatars') { $vbulletin->input->clean_array_gpc('r', array('pagenumber' => TYPE_UINT)); ($hook = vBulletinHook::fetch_hook('misc_avatars_start')) ? eval($hook) : false; $perpage = $vbulletin->options['numavatarsperpage']; $totalavatars = $db->query_first_slave("\n\t\tSELECT COUNT(*) AS count\n\t\tFROM " . TABLE_PREFIX . "avatar AS avatar\n\t\tLEFT JOIN " . TABLE_PREFIX . "imagecategorypermission AS perm ON (perm.imagecategoryid=avatar.imagecategoryid AND perm.usergroupid=" . $vbulletin->userinfo['usergroupid'] . ")\n\t\tWHERE ISNULL(perm.imagecategoryid)\n\t"); $totalavatars = intval($totalavatars['count']); sanitize_pageresults($totalavatars, $vbulletin->GPC['pagenumber'], $perpage, 100, 25); $startat = ($vbulletin->GPC['pagenumber'] - 1) * $perpage; $first = $startat + 1; $last = $startat + $perpage; if ($last > $totalavatars) { $last = $totalavatars;
$smilieson = iif($vbulletin->options['privallowsmilies'], $vbphrase['on'], $vbphrase['off']); // only show posting code allowances in forum rules template $show['codeonly'] = true; eval('$forumrules = "' . fetch_template('forumrules') . '";'); $templatename = 'pm_newpm'; } // ############################### start show pm ############################### // show a private message if ($_REQUEST['do'] == 'showpm') { require_once DIR . '/includes/class_postbit.php'; require_once DIR . '/includes/functions_bigthree.php'; $vbulletin->input->clean_gpc('r', 'pmid', TYPE_UINT); ($hook = vBulletinHook::fetch_hook('private_showpm_start')) ? eval($hook) : false; $pm = $db->query_first_slave("\n\t\tSELECT\n\t\t\tpm.*, pmtext.*,\n\t\t\t" . iif($vbulletin->options['privallowicons'], "icon.title AS icontitle, icon.iconpath,") . "\n\t\t\tIF(ISNULL(pmreceipt.pmid), 0, 1) AS receipt, pmreceipt.readtime, pmreceipt.denied,\n\t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight\n\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t" . iif($vbulletin->options['privallowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = pmtext.iconid)") . "\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmreceipt AS pmreceipt ON(pmreceipt.pmid = pm.pmid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = pmtext.fromuserid)\n\t\tWHERE pm.userid=" . $vbulletin->userinfo['userid'] . " AND pm.pmid=" . $vbulletin->GPC['pmid'] . "\n\t"); if (!$pm) { eval(standard_error(fetch_error('invalidid', $vbphrase['private_message'], $vbulletin->options['contactuslink']))); } $folderjump = construct_folder_jump(0, $pm['folderid']); // do read receipt $show['receiptprompt'] = $show['receiptpopup'] = false; if ($pm['receipt'] == 1 and $pm['readtime'] == 0 and $pm['denied'] == 0) { if ($permissions['pmpermissions'] & $vbulletin->bf_ugp_pmpermissions['candenypmreceipts']) { // set it to denied just now as some people might have ad blocking that stops the popup appearing $show['receiptprompt'] = $show['receiptpopup'] = true; $receipt_question_js = addslashes_js(construct_phrase($vbphrase['x_has_requested_a_read_receipt'], unhtmlspecialchars($pm['fromusername'])), '"'); $db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET denied = 1 WHERE pmid = {$pm['pmid']}"); } else { // they can't deny pm receipts so do not show a popup or prompt $db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET readtime = " . TIMENOW . " WHERE pmid = {$pm['pmid']}"); } } else {
} $navbits['calendar.php?' . $vbulletin->session->vars['sessionurl'] . "do=viewreminder"] = $vbphrase['event_reminders']; $navbits[''] = $vbphrase['add_reminder']; $navbits = construct_navbits($navbits); require_once DIR . '/includes/functions_user.php'; construct_usercp_nav('event_reminders'); $navbar = render_navbar_template($navbits); ($hook = vBulletinHook::fetch_hook('calendar_addreminder')) ? eval($hook) : false; $url =& $vbulletin->url; $templater = vB_Template::create('calendar_reminder_choosetype'); $templater->register('eventinfo', $eventinfo); $templater->register('url', $url); $HTML = $templater->render(); $templater = vB_Template::create('USERCP_SHELL'); $templater->register_page_templates(); $templater->register('cpnav', $cpnav); $templater->register('HTML', $HTML); $templater->register('navbar', $navbar); $templater->register('navclass', $navclass); $templater->register('onload', $onload); $templater->register('pagetitle', $pagetitle); $templater->register('template_hook', $template_hook); print_output($templater->render()); } eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']))); /*======================================================================*\ || #################################################################### || # Downloaded: 03:13, Sat Sep 7th 2013 || # CVS: $RCSfile$ - $Revision: 63836 $ || #################################################################### \*======================================================================*/
/** * Fetch the valid tags from a list. Filters are length, censorship, perms (if desired). * * @param array Array of existing thread info (including the existing tags) * @param string|array List of tags to add (comma delimited, or an array as is). If array, ensure there are no commas. * @param array (output) List of errors that happens * @param boolean Whether to check the browsing user's create tag perms * @param boolean Whether to expand the error phrase * * @return array List of valid tags */ function fetch_valid_tags($threadinfo, $taglist, &$errors, $check_browser_perms = true, $evalerrors = true) { global $vbulletin; static $tagbadwords, $taggoodwords; $errors = array(); if (!is_array($taglist)) { $taglist = split_tag_list($taglist); } if (!trim($threadinfo['taglist'])) { $existing_tags = array(); } else { // this will always be delimited by a comma $existing_tags = explode(',', trim($threadinfo['taglist'])); } if ($vbulletin->options['tagmaxthread'] and count($existing_tags) >= $vbulletin->options['tagmaxthread']) { $errors['threadmax'] = $evalerrors ? fetch_error('thread_has_max_allowed_tags') : 'thread_has_max_allowed_tags'; return array(); } if ($vbulletin->options['tagmaxlen'] <= 0 or $vbulletin->options['tagmaxlen'] >= 100) { $vbulletin->options['tagmaxlen'] = 100; } $valid_raw = array(); // stop words: too common require DIR . '/includes/searchwords.php'; // get the stop word list; allow multiple requires // filter the stop words by adding custom stop words (tagbadwords) and allowing through exceptions (taggoodwords) if (!is_array($tagbadwords)) { $tagbadwords = preg_split('/\\s+/s', vbstrtolower($vbulletin->options['tagbadwords']), -1, PREG_SPLIT_NO_EMPTY); } if (!is_array($taggoodwords)) { $taggoodwords = preg_split('/\\s+/s', vbstrtolower($vbulletin->options['taggoodwords']), -1, PREG_SPLIT_NO_EMPTY); } // merge hard-coded badwords and tag-specific badwords $badwords = array_merge($badwords, $tagbadwords); foreach ($taglist as $tagtext) { $tagtext = trim(preg_replace('#[ \\r\\n\\t]+#', ' ', $tagtext)); if ($tagtext === '') { continue; } if (!in_array(vbstrtolower($tagtext), $taggoodwords)) { $char_strlen = vbstrlen($tagtext, true); if ($vbulletin->options['tagminlen'] and $char_strlen < $vbulletin->options['tagminlen']) { $errors['min_length'] = $evalerrors ? fetch_error('tag_too_short_min_x', $vbulletin->options['tagminlen']) : array('tag_too_short_min_x', $vbulletin->options['tagminlen']); continue; } if ($char_strlen > $vbulletin->options['tagmaxlen']) { $errors['max_length'] = $evalerrors ? fetch_error('tag_too_long_max_x', $vbulletin->options['tagmaxlen']) : array('tag_too_long_max_x', $vbulletin->options['tagmaxlen']); continue; } if (strlen($tagtext) > 100) { // only have 100 bytes to store a tag $errors['max_length'] = $evalerrors ? fetch_error('tag_too_long_max_x', $vbulletin->options['tagmaxlen']) : array('tag_too_long_max_x', $vbulletin->options['tagmaxlen']); continue; } $censored = fetch_censored_text($tagtext); if ($censored != $tagtext) { // can't have tags with censored text $errors['censor'] = $evalerrors ? fetch_error('tag_no_censored') : 'tag_no_censored'; continue; } if (count(split_tag_list($tagtext)) > 1) { // contains a delimiter character $errors['comma'] = $evalerrors ? fetch_error('tag_no_comma') : 'tag_no_comma'; continue; } if (in_array(strtolower($tagtext), $badwords)) { $errors['common'] = $evalerrors ? fetch_error('tag_x_not_be_common_words', $tagtext) : array('tag_x_not_be_common_words', $tagtext); continue; } } $valid_raw[] = $vbulletin->options['tagforcelower'] ? vbstrtolower($tagtext) : $tagtext; } // we need to essentially do a case-insensitive array_unique here $valid_unique = array_unique(array_map('vbstrtolower', $valid_raw)); $valid = array(); foreach (array_keys($valid_unique) as $key) { $valid[] = $valid_raw["{$key}"]; } $valid_unique = array_values($valid_unique); // make the keys jive with $valid if ($valid) { $existing_sql = $vbulletin->db->query_read("\n\t\t\tSELECT tag.tagtext, IF(tagthread.tagid IS NULL, 0, 1) AS taginthread\n\t\t\tFROM " . TABLE_PREFIX . "tag AS tag\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "tagthread AS tagthread ON\n\t\t\t\t(tag.tagid = tagthread.tagid AND tagthread.threadid = " . intval($threadinfo['threadid']) . ")\n\t\t\tWHERE tag.tagtext IN ('" . implode("','", array_map(array(&$vbulletin->db, 'escape_string'), $valid)) . "')\n\t\t"); if ($check_browser_perms and !($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cancreatetag'])) { // can't create tags, need to throw errors about bad ones $new_tags = array_flip($valid_unique); while ($tag = $vbulletin->db->fetch_array($existing_sql)) { unset($new_tags[vbstrtolower($tag['tagtext'])]); } if ($new_tags) { // trying to create tags without permissions. Remove and throw an error $errors['no_create'] = $evalerrors ? fetch_error('tag_no_create') : 'tag_no_create'; foreach ($new_tags as $new_tag => $key) { // remove those that we can't add from the list unset($valid["{$key}"], $valid_unique["{$key}"]); } } } $vbulletin->db->data_seek($existing_sql, 0); // determine which tags are already in the thread and just ignore them while ($tag = $vbulletin->db->fetch_array($existing_sql)) { if ($tag['taginthread']) { // tag is in thread, find it and remove if (($key = array_search(vbstrtolower($tag['tagtext']), $valid_unique)) !== false) { unset($valid["{$key}"], $valid_unique["{$key}"]); } } } $user_tags_remain = null; if ($vbulletin->options['tagmaxthread']) { // check global limit $user_tags_remain = $vbulletin->options['tagmaxthread'] - count($existing_tags) - count($valid); } if (!can_moderate($threadinfo['forumid'], 'caneditthreads')) { $my_tag_count_array = $vbulletin->db->query_first("\n\t\t\t\tSELECT COUNT(*) AS count\n\t\t\t\tFROM " . TABLE_PREFIX . "tagthread\n\t\t\t\tWHERE threadid = " . intval($threadinfo['threadid']) . "\n\t\t\t\t\tAND userid = " . $vbulletin->userinfo['userid']); $my_tag_count = $my_tag_count_array['count'] + count($valid); $tags_remain = null; if ($vbulletin->options['tagmaxstarter'] and $threadinfo['postuserid'] == $vbulletin->userinfo['userid']) { $tags_remain = $vbulletin->options['tagmaxstarter'] - $my_tag_count; } else { if ($vbulletin->options['tagmaxuser']) { $tags_remain = $vbulletin->options['tagmaxuser'] - $my_tag_count; } } if ($tags_remain !== null) { $user_tags_remain = $user_tags_remain == null ? $tags_remain : min($tags_remain, $user_tags_remain); } } if ($user_tags_remain < 0) { $errors['threadmax'] = $evalerrors ? fetch_error('number_tags_add_exceeded_x', vb_number_format($user_tags_remain * -1)) : array('number_tags_add_exceeded_x', vb_number_format($user_tags_remain * -1)); $allowed_tag_count = count($valid) + $user_tags_remain; if ($allowed_tag_count > 0) { $valid = array_slice($valid, 0, count($valid) + $user_tags_remain); } else { $valid = array(); } } } return $valid; }
$changes = true; } } } //update the datastore bookmarksite cache if ($changes) { build_bookmarksite_datastore(); } $_REQUEST['do'] = 'modify'; } // ######################################################################## // we want to display the bookmark list - this is the default action if ($_REQUEST['do'] == 'modify') { if (!$vbulletin->options['socialbookmarks']) { print_table_start(); print_description_row(fetch_error('social_bookmarks_disabled')); print_table_footer(2, '', '', false); } // display the form and table header print_form_header('bookmarksite', 'quickupdate'); print_table_header($vbphrase['social_bookmarking_manager'], 3); $bookmarksites_result = $db->query_read("\n\t\tSELECT * FROM " . TABLE_PREFIX . "bookmarksite AS bookmarksite\n\t\tORDER BY displayorder, title\n\t"); $bookmarksite_count = $db->num_rows($bookmarksites_result); if ($bookmarksite_count) { print_description_row('<label><input type="checkbox" id="allbox" checked="checked" />' . $vbphrase['toggle_active_status_for_all'] . '</label><input type="image" src="../' . $vbulletin->options['cleargifurl'] . '" name="normalsubmit" />', false, 3, 'thead" style="font-weight:normal; padding:0px 4px 0px 4px'); print_column_style_code(array('width:20%; white-space:nowrap', 'width:60%', "width:20%; white-space:nowrap; text-align:{$stylevar['right']}")); while ($bookmarksite = $db->fetch_array($bookmarksites_result)) { print_cells_row(array('<label class="smallfont"><input type="checkbox" name="active[' . $bookmarksite['bookmarksiteid'] . ']" value="1"' . ($bookmarksite['active'] ? ' checked="checked"' : '') . ' />' . $vbphrase['active'] . '</label> ' . '<input type="image" src="../cpstyles/' . $vbulletin->options['cpstylefolder'] . '/move_down.gif" name="displayorderswap[' . $bookmarksite['bookmarksiteid'] . ',higher]" />' . '<input type="text" name="displayorder[' . $bookmarksite['bookmarksiteid'] . ']" value="' . $bookmarksite['displayorder'] . '" class="bginput" size="4" title="' . $vbphrase['display_order'] . '" style="text-align:' . $stylevar['right'] . '" />' . '<input type="image" src="../cpstyles/' . $vbulletin->options['cpstylefolder'] . '/move_up.gif" name="displayorderswap[' . $bookmarksite['bookmarksiteid'] . ',lower]" />', '<a href="bookmarksite.php?' . $vbulletin->session->vars['sessionurl'] . 'do=edit&bookmarksiteid=' . $bookmarksite['bookmarksiteid'] . '" title="' . $vbphrase['edit'] . '">' . $bookmarksite['title'] . '</a>', construct_link_code($vbphrase['edit'], 'bookmarksite.php?' . $vbulletin->session->vars['sessionurl'] . 'do=edit&bookmarksiteid=' . $bookmarksite['bookmarksiteid']) . construct_link_code($vbphrase['delete'], 'bookmarksite.php?' . $vbulletin->session->vars['sessionurl'] . 'do=delete&bookmarksiteid=' . $bookmarksite['bookmarksiteid'])), false, '', -1); } $db->free_result($bookmarksites_result); }
$templater->register('forminfo', $forminfo); $templater->register('navbar', $navbar); $templater->register('url', $url); $templater->register('usernamecode', $usernamecode); print_output($templater->render()); } if ($_POST['do'] == 'sendemail') { $vbulletin->input->clean_array_gpc('p', array( 'reason' => TYPE_STR, )); if ($vbulletin->GPC['reason'] == '') { eval(standard_error(fetch_error('noreason'))); } if ($perform_floodcheck) { $reportobj->perform_floodcheck_commit(); } $reportobj->do_report($vbulletin->GPC['reason'], $messageinfo); $url =& $vbulletin->url; eval(print_standard_redirect('redirect_reportthanks')); } }
/** * Checks that a given discussion id is valid and optionally checks if the user has permission * to view the discussion. * * @param integer The id of the discussion * @return array mixed | false Info array for the valid discussion */ function verify_socialdiscussion($discussionid, $alert = true, $perm_check = true) { global $vbphrase, $vbulletin; // Try to load discussion info and ensure it has a groupid if (!($discussion = fetch_socialdiscussioninfo($discussionid)) or !isset($discussion['groupid'])) { if ($alert) { standard_error(fetch_error('invalidid', $vbphrase['social_group_discussion'], $vbulletin->options['contactuslink'])); } return false; } // Check the user has permission to view the discussion if ($perm_check) { if (!($group = fetch_socialgroupinfo($discussion['groupid'])) or $discussion['state'] == 'deleted' and !fetch_socialgroup_modperm('canviewdeleted', $group) or $discussion['state'] == 'moderation' and !fetch_socialgroup_modperm('canmoderategroupmessages', $group) and $discussion['postuserid'] != $vbulletin->userinfo['userid']) { if ($alert) { standard_error(fetch_error('invalidid', $vbphrase['social_group_discussion'], $vbulletin->options['contactuslink'])); } return false; } } return $discussion; }
// ####################################################################### if ($_POST['do'] == 'docustomize') { $vbulletin->input->clean_array_gpc('p', array('usercss' => TYPE_ARRAY, 'ajax' => TYPE_BOOL)); ($hook = vBulletinHook::fetch_hook('profile_docustomize_start')) ? eval($hook) : false; foreach ($vbulletin->GPC['usercss'] as $selectorname => $selector) { if (!isset($usercss->cssedit["{$selectorname}"]) or !empty($usercss->cssedit["{$selectorname}"]['noinputset'])) { $usercss->error[] = fetch_error('invalid_selector_name_x', htmlspecialchars_uni($selectorname)); continue; } if (!is_array($selector)) { continue; } foreach ($selector as $property => $value) { $prop_perms = $usercss->properties["{$property}"]['permission']; if (empty($usercsspermissions["{$prop_perms}"]) or !in_array($property, $usercss->cssedit["{$selectorname}"]['properties'])) { $usercss->error[] = fetch_error('no_permission_edit_selector_x_property_y', htmlspecialchars_uni($selectorname), htmlspecialchars_uni($property)); continue; } unset($allowedlist); switch ($property) { case 'font_size': $allowedlist = $allowedfontsizes; break; case 'font_family': $allowedlist = $allowedfonts; break; case 'border_width': $allowedlist = $allowedborderwidths; break; case 'padding': $allowedlist = $allowedpaddings;
} else { if ($vbulletin->GPC['message'] == '') { eval(standard_error(fetch_error('nomessage'))); } if ($perform_floodcheck) { require_once(DIR . '/includes/class_floodcheck.php'); $floodcheck = new vB_FloodCheck($vbulletin, 'user', 'emailstamp'); $floodcheck->commit_key($vbulletin->userinfo['userid'], TIMENOW, TIMENOW - $vbulletin->options['emailfloodtime']); if ($floodcheck->is_flooding()) { eval(standard_error(fetch_error('emailfloodcheck', $vbulletin->options['emailfloodtime'], $floodcheck->flood_wait()))); } } ($hook = vBulletinHook::fetch_hook('sendmessage_domailmember')) ? eval($hook) : false; $message = fetch_censored_text($vbulletin->GPC['message']); eval(fetch_email_phrases('usermessage', $userinfo['languageid'])); vbmail($userinfo['email'], fetch_censored_text($vbulletin->GPC['emailsubject']), $message , false, $vbulletin->userinfo['email'], '', $vbulletin->userinfo['username']); // parse this next line with eval: $sendtoname = $userinfo['username']; eval(print_standard_redirect('redirect_sentemail'));
eval(standard_error(fetch_error('invalidid', $vbphrase['forum'], $vbulletin->options['contactuslink']))); } if (can_administer('canadminthreads')) { exec_header_redirect($vbulletin->config['Misc']['admincpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=move')); } else { if (can_moderate($foruminfo['forumid'], 'canmassmove')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=move')); } else { print_no_permission(); } } } // ############################################################################# if ($_REQUEST['do'] == 'prune') { if (!$foruminfo['forumid']) { eval(standard_error(fetch_error('invalidid', $vbphrase['forum'], $vbulletin->options['contactuslink']))); } if (can_administer('canadminthreads')) { exec_header_redirect($vbulletin->config['Misc']['admincpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=prune')); } else { if (can_moderate($forumid, 'canmassprune')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=prune')); } else { print_no_permission(); } } } // ############################################################################# if ($_REQUEST['do'] == 'modposts') { if (can_moderate(0, 'canmoderateposts')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('moderate.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=posts'));
/** * Collects errors encountered while parsing a template and returns them * * @param string Template PHP code * * @return string */ function check_template_errors($template) { // Attempt to enable display_errors so that this eval actually returns something in the event of an error @ini_set('display_errors', true); require_once DIR . '/includes/functions_calendar.php'; // to make sure can_moderate_calendar exists if (preg_match('#^(.*)<if condition=(\\\\"|\')(.*)\\2>#siU', $template, $match)) { // remnants of a conditional -- that means something is malformed, probably missing a </if> return fetch_error('template_conditional_end_missing_x', substr_count($match[1], "\n") + 1); } if (preg_match('#^(.*)</if>#siU', $template, $match)) { // remnants of a conditional -- missing beginning return fetch_error('template_conditional_beginning_missing_x', substr_count($match[1], "\n") + 1); } if (strpos(@ini_get('disable_functions'), 'ob_start') !== false) { // alternate method in case OB is disabled; probably not as fool proof @ini_set('track_errors', true); $oldlevel = error_reporting(0); eval('$devnull = "' . $template . '";'); error_reporting($oldlevel); if (strpos(strtolower($php_errormsg), 'parse') !== false) { // only return error if we think there's a parse error // best workaround to ignore "undefined variable" type errors return $php_errormsg; } else { return ''; } } else { $olderrors = @ini_set('display_errors', true); $oldlevel = error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR); ob_start(); eval('$devnull = "' . $template . '";'); $errors = ob_get_contents(); ob_end_clean(); error_reporting($oldlevel); if ($olderrors !== false) { @ini_set('display_errors', $olderrors); } return $errors; } }