/** * Check an input field isn't 'evil'. * * @param string The name of the parameter * @param string The value retrieved * @param ?boolean Whether the parameter is a POST parameter (NULL: undetermined) */ function check_input_field_string($name, &$val, $posted = false) { if (preg_match('#^\\s*((((j\\s*a\\s*v\\s*a\\s*)|(v\\s*b\\s*))?s\\s*c\\s*r\\s*i\\s*p\\s*t)|(d\\s*a\\s*t\\s*a\\s*))\\s*:#i', $val) != 0 && $name != 'value') { log_hack_attack_and_exit('SCRIPT_URL_HACK_2', $val); } // Security check for known URL fields. Check for specific things, plus we know we can be pickier in general $is_url = $name == 'from' || $name == 'preview_url' || $name == 'redirect' || $name == 'redirect_passon' || $name == 'url'; if ($is_url) { if ($is_url) { if (preg_match('#\\n|\\000|<|(".*[=<>])|^\\s*((((j\\s*a\\s*v\\s*a\\s*)|(v\\s*b\\s*))?s\\s*c\\s*r\\s*i\\s*p\\s*t)|(d\\s*a\\s*t\\s*a\\s*))\\s*:#mi', $val) != 0) { if ($name == 'page') { $_GET[$name] = ''; } // Stop loops log_hack_attack_and_exit('DODGY_GET_HACK', $name, $val); } // Don't allow external redirections if (!$posted) { $_val = str_replace('https://', 'http://', $val); if (looks_like_url($_val)) { $bus = array(get_base_url(false), get_forum_base_url(), 'http://ocportal.com/'); $ok = false; foreach ($bus as $bu) { if (substr($_val, 0, strlen($bu)) == $bu) { $ok = true; break; } } if (!$ok) { $val = get_base_url(false); } } } } } if ($GLOBALS['BOOTSTRAPPING'] == 0) { // Quickly depose of common spam attacks. Not really security, just a sensible barrier if ((!function_exists('is_guest') || is_guest()) && (strpos($val, '[url=http://') !== false || strpos($val, '[link') !== false) && strpos($val, '<a ') !== false) { log_hack_attack_and_exit('LAME_SPAM_HACK', $val); } // Additional checks for non-privileged users if (function_exists('has_specific_permission') && $name != 'page') { if (false) { hard_filter_input_data__html($val); hard_filter_input_data__filesystem($val); } } } }
/** * Standard modular run function. * * @return array An array of tuples: The task row to show, the number of seconds until it is due (or NULL if not on a timer), the number of things to sort out (or NULL if not on a queue), The name of the config option that controls the schedule (or NULL if no option). */ function run() { // Forum moderation if (!has_no_forum()) { $status = do_template('BLOCK_MAIN_STAFF_CHECKLIST_ITEM_STATUS_NA'); if (get_forum_type() == 'ocf') { $url = build_url(array('page' => 'vforums', 'type' => 'unread'), get_module_zone('vforums')); } else { $url = make_string_tempcode(get_forum_base_url()); } $tpl = do_template('BLOCK_MAIN_STAFF_CHECKLIST_ITEM', array('_GUID' => 'a2cdfc2ea5db2d8c13a4d9eafa9b644b', 'URL' => '', 'STATUS' => $status, 'TASK' => urlise_lang(do_lang('NAG_FORUMS'), $url), 'INFO' => '')); return array(array($tpl, NULL, NULL, NULL)); } return array(); }
/** * Standard modular run function. * * @return tempcode The result of execution. */ function run() { $base_url = get_forum_base_url(); $forums = get_param('url', $base_url . '/'); if (substr($forums, 0, strlen($base_url)) != $base_url) { $base_url = rtrim($forums, '/'); if (strpos($base_url, '.php') !== false || strpos($base_url, '?') !== false) { $base_url = dirname($base_url); } //log_hack_attack_and_exit('REFERRER_IFRAME_HACK'); No longer a hack attack becase people webmasters changed their forum base URL at some point, creating problems with old bookmarks! header('Location: ' . get_self_url(true, false, array('url' => get_forum_base_url()))); exit; } $old_method = false; if ($old_method) { return do_template('FORUMS_EMBED', array('_GUID' => '159575f6b83c5366d29e184a8dd5fc49', 'FORUMS' => $forums)); } $GLOBALS['SCREEN_TEMPLATE_CALLED'] = ''; require_code('integrator'); return do_template('COMCODE_SURROUND', array('CLASS' => 'float_surrounder', 'CONTENT' => protect_from_escaping(reprocess_url($forums, $base_url)))); }
/** * Find the base URL to the emoticons. * * @return URLPATH The base URL */ function get_emo_dir() { global $EMOTICON_SET_DIR; if (is_null($EMOTICON_SET_DIR)) { $EMOTICON_SET_DIR = $this->connection->query_value_null_ok('skin_sets', 'set_emoticon_folder', array('set_image_dir' => $this->get_theme())); if (is_null($EMOTICON_SET_DIR)) { $EMOTICON_SET_DIR = 'default'; } } return get_forum_base_url() . '/style_emoticons/' . $EMOTICON_SET_DIR . '/'; }
/** * Get tempcode for a post template adding/editing form. * * @param SHORT_TEXT The emoticon code * @param SHORT_TEXT The theme image code * @param integer The relevance level of the emoticon * @range 0 4 * @param BINARY Whether the emoticon is usable as a topic emoticon * @param BINARY Whether this may only be used by privileged members * @return array A pair: The input fields, Hidden fields */ function get_form_fields($code = ':-]', $theme_img_code = '', $relevance_level = 1, $use_topics = 1, $is_special = 0) { $fields = new ocp_tempcode(); $hidden = new ocp_tempcode(); $fields->attach(form_input_line(do_lang_tempcode('CODE'), do_lang_tempcode('DESCRIPTION_EMOTICON_CODE'), 'code', $code, true)); if (get_base_url() == get_forum_base_url()) { $fields->attach(form_input_upload(do_lang_tempcode('UPLOAD'), do_lang_tempcode('DESCRIPTION_UPLOAD'), 'file', false, NULL, NULL, true, str_replace(' ', '', get_option('valid_images')))); handle_max_file_size($hidden, 'image'); } require_code('themes2'); $ids = get_all_image_ids_type('ocf_emoticons', false, $GLOBALS['FORUM_DB']); $fields->attach(form_input_picture_choose_specific(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('STOCK')), do_lang_tempcode('DESCRIPTION_ALTERNATE_STOCK'), 'theme_img_code', $ids, NULL, $theme_img_code, NULL, true, $GLOBALS['FORUM_DB'])); $list = new ocp_tempcode(); for ($i = 0; $i <= 4; $i++) { $list->attach(form_input_list_entry(strval($i), $i == $relevance_level, do_lang_tempcode('EMOTICON_RELEVANCE_LEVEL_' . strval($i)))); } $fields->attach(form_input_list(do_lang_tempcode('RELEVANCE_LEVEL'), do_lang_tempcode('DESCRIPTION_RELEVANCE_LEVEL'), 'relevance_level', $list)); $fields->attach(form_input_tick(do_lang_tempcode('USE_TOPICS'), do_lang_tempcode('DESCRIPTION_USE_TOPICS'), 'use_topics', $use_topics == 1)); $fields->attach(form_input_tick(do_lang_tempcode('EMOTICON_IS_SPECIAL'), do_lang_tempcode('DESCRIPTION_EMOTICON_IS_SPECIAL'), 'is_special', $is_special == 1)); return array($fields, $hidden); }
/** * Get a URL to the specified post id. * * @param integer The post id * @param string The forum ID * @param boolean Whether it is okay to return the result using Tempcode (more efficient) * @return mixed The URL to the post */ function post_url($id, $forum, $tempcode_okay = false) { if (is_null($id)) { return ''; } // Should not happen, but if it does, this is how we should handle it. unset($forum); $_url = build_url(array('page' => 'topicview', 'type' => 'findpost', 'id' => $id), get_module_zone('topicview'), NULL, false, false, !$tempcode_okay); if ($tempcode_okay && get_base_url() == get_forum_base_url()) { return $_url; } $url = $_url->evaluate(); $url .= '#post_' . strval($id); if (get_option('forum_in_portal') == '0') { $url = str_replace(get_base_url(), get_forum_base_url(), $url); } return $url; }
/** * Try to find the theme that the logged-in/guest member is using, and map it to an ocPortal theme. * The themes/map.ini file functions to provide this mapping between forum themes, and ocPortal themes, and has a slightly different meaning for different forum drivers. For example, some drivers map the forum themes theme directory to the ocPortal theme name, whilst others made the humanly readeable name. * * @param boolean Whether to avoid member-specific lookup * @return ID_TEXT The theme */ function _get_theme($skip_member_specific = false) { $def = ''; // Load in remapper $map = file_exists(get_file_base() . '/themes/map.ini') ? better_parse_ini_file(get_file_base() . '/themes/map.ini') : array(); if (!$skip_member_specific) { // Work out $member = get_member(); if ($member != $this->get_guest_id()) { $skin = $this->connection->query_value_null_ok('users', 'user_theme', array('user_id' => $member)); } else { $skin = ''; } if (strlen($skin) > 0) { $def = array_key_exists($skin, $map) ? $map[$skin] : $skin; } } // Look for a skin according to our site name (we bother with this instead of 'default' because ocPortal itself likes to never choose a theme when forum-theme integration is on: all forum [via map] or all ocPortal seems cleaner, although it is complex) if (!(strlen($def) > 0) || !file_exists(get_custom_file_base() . '/themes/' . $def)) { if (@chdir(get_forum_base_url() . '/themes/' . get_site_name() . '/')) { $wowbb = get_site_name(); $def = array_key_exists($wowbb, $map) ? $map[$wowbb] : $wowbb; } } // Hmm, just the very-default then if (!(strlen($def) > 0) || !file_exists(get_custom_file_base() . '/themes/' . $def)) { $def = array_key_exists('default', $map) ? $map['default'] : 'default'; } return $def; }
/** * Standard modular render function for profile tabs edit hooks. * * @param MEMBER The ID of the member who is being viewed * @param MEMBER The ID of the member who is doing the viewing * @param boolean Whether to leave the tab contents NULL, if tis hook supports it, so that AJAX can load it later * @return ?array A tuple: The tab title, the tab body text (may be blank), the tab fields, extra Javascript (may be blank) the suggested tab order, hidden fields (optional) (NULL: if $leave_to_ajax_if_possible was set) */ function render_tab($member_id_of, $member_id_viewing, $leave_to_ajax_if_possible = false) { $title = do_lang_tempcode('AVATAR'); $order = 20; // Actualiser if (post_param_integer('submitting_avatar_tab', 0) == 1) { require_code('uploads'); if (has_specific_permission($member_id_viewing, 'own_avatars')) { if (!(is_swf_upload(true) && array_key_exists('avatar_file', $_FILES) || array_key_exists('avatar_file', $_FILES) && is_uploaded_file($_FILES['avatar_file']['tmp_name']))) { $urls = array(); $stock = post_param('avatar_alt_url', ''); if ($stock == '') { $stock = post_param('avatar_stock', NULL); if (!is_null($stock)) { $urls[0] = $stock == '' ? '' : find_theme_image($stock, false, true); } else { $urls[0] = ''; } // None } else { if (url_is_local($stock) && !$GLOBALS['FORUM_DRIVER']->is_super_admin($member_id_viewing)) { $old = $GLOBALS['FORUM_DB']->query_value('f_members', 'm_avatar_url', array('id' => $member_id_of)); if ($old != $stock) { access_denied('ASSOCIATE_EXISTING_FILE'); } } $urls[0] = $stock; // URL } } else { // We have chosen an upload. Note that we will not be looking at alt_url at this point, even though it is specified below for canonical reasons $urls = get_url('avatar_alt_url', 'avatar_file', file_exists(get_custom_file_base() . '/uploads/avatars') ? 'uploads/avatars' : 'uploads/ocf_avatars', 0, OCP_UPLOAD_IMAGE, false, '', '', false, true); if ((get_base_url() != get_forum_base_url() || array_key_exists('on_msn', $GLOBALS['SITE_INFO']) && $GLOBALS['SITE_INFO']['on_msn'] == '1') && $urls[0] != '' && url_is_local($urls[0])) { $urls[0] = get_custom_base_url() . '/' . $urls[0]; } } $avatar_url = $urls[0]; } else { $stock = post_param('avatar_stock'); $avatar_url = $stock == '' ? '' : find_theme_image($stock, false, true); } require_code('ocf_members_action'); require_code('ocf_members_action2'); ocf_member_choose_avatar($avatar_url, $member_id_of); attach_message(do_lang_tempcode('SUCCESS_SAVE'), 'inform'); } if ($leave_to_ajax_if_possible) { return NULL; } // UI fields $avatar_url = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id_of, 'm_avatar_url'); require_javascript('javascript_multi'); $fields = new ocp_tempcode(); require_code('form_templates'); require_code('themes2'); $ids = get_all_image_ids_type('ocf_default_avatars', true); $found_it = false; foreach ($ids as $id) { $pos = strpos($avatar_url, '/' . $id); $selected = $pos !== false; if ($selected) { $found_it = true; } } $hidden = new ocp_tempcode(); if (has_specific_permission($member_id_viewing, 'own_avatars')) { $javascript = 'standardAlternateFields(\'avatar_file\',\'avatar_alt_url\',\'avatar_stock*\',true);'; $fields->attach(form_input_upload(do_lang_tempcode('UPLOAD'), do_lang_tempcode('DESCRIPTION_UPLOAD'), 'avatar_file', false, NULL, NULL, true, str_replace(' ', '', get_option('valid_images')))); handle_max_file_size($hidden, 'image'); $fields->attach(form_input_line(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('URL')), do_lang_tempcode('DESCRIPTION_ALTERNATE_URL'), 'avatar_alt_url', $found_it ? '' : $avatar_url, false)); $fields->attach(form_input_picture_choose_specific(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('STOCK')), do_lang_tempcode('DESCRIPTION_ALTERNATE_STOCK'), 'avatar_stock', $ids, $avatar_url, NULL, NULL, true)); } else { $javascript = ''; $fields->attach(form_input_picture_choose_specific(do_lang_tempcode('STOCK'), '', 'avatar_stock', $ids, $avatar_url, NULL, NULL, true)); } if ($avatar_url != '') { if (url_is_local($avatar_url)) { $avatar_url = get_complex_base_url($avatar_url) . '/' . $avatar_url; } $avatar = do_template('OCF_TOPIC_POST_AVATAR', array('_GUID' => '50a5902f3ab7e384d9cf99577b222cc8', 'AVATAR' => $avatar_url)); } else { $avatar = do_lang_tempcode('NONE_EM'); } $width = ocf_get_member_best_group_property($member_id_of, 'max_avatar_width'); $height = ocf_get_member_best_group_property($member_id_of, 'max_avatar_height'); $text = do_template('OCF_EDIT_AVATAR_TAB', array('_GUID' => 'dbdac6ca3bc752b54d2a24a4c6e69c7c', 'MEMBER_ID' => strval($member_id_of), 'USERNAME' => $GLOBALS['FORUM_DRIVER']->get_username($member_id_of), 'AVATAR' => $avatar, 'WIDTH' => integer_format($width), 'HEIGHT' => integer_format($height))); $hidden = new ocp_tempcode(); $hidden->attach(form_input_hidden('submitting_avatar_tab', '1')); return array($title, $fields, $text, $javascript, $order, $hidden); }
/** * Find the URL to the theme image of the specified ID. It searches various priorities, including language and theme overrides. * * @param ID_TEXT The theme image ID * @param boolean Whether to silently fail (i.e. not give out an error message when a theme image cannot be found) * @param boolean Whether to leave URLs as relative local URLs * @param ?ID_TEXT The theme to search in (NULL: users current theme) * @param ?LANGUAGE_NAME The language to search for (NULL: users current language) * @param ?object The database to use (NULL: site database) * @param boolean Whether to only search the default 'images' filesystem * @return URLPATH The URL found (blank: not found) */ function find_theme_image($id, $silent_fail = false, $leave_local = false, $theme = NULL, $lang = NULL, $db = NULL, $pure_only = false) { if (substr($id, 0, 4) == 'ocf_' && is_file(get_file_base() . '/themes/default/images/avatars/index.html')) { $id = substr($id, 4); } if (isset($_GET['keep_theme_seed']) && get_param('keep_theme_seed', NULL) !== NULL && function_exists('has_specific_permission') && has_specific_permission(get_member(), 'view_profiling_modes')) { require_code('themewizard'); $test = find_theme_image_themewizard_preview($id); if ($test !== NULL) { return $test; } } if ($db === NULL) { $db = $GLOBALS['SITE_DB']; } global $RECORD_IMG_CODES; if ($RECORD_IMG_CODES) { global $RECORDED_IMG_CODES; if (isset($GLOBALS['FORUM_DB']) && $db->connection_write !== $GLOBALS['FORUM_DB']->connection_write) { $RECORDED_IMG_CODES[serialize(array($id, $theme, $lang))] = 1; } } $true_theme = $GLOBALS['FORUM_DRIVER']->get_theme(); if ($theme === NULL) { $theme = $true_theme; } global $USER_LANG_CACHED; $true_lang = $USER_LANG_CACHED === NULL ? user_lang() : $USER_LANG_CACHED; if ($lang === NULL) { $lang = $true_lang; } $truism = $theme == $true_theme && $lang == $true_lang; $site = $GLOBALS['SITE_DB'] == $db ? 'site' : 'forums'; global $IMG_CODES; if (!isset($IMG_CODES[$site])) { static $cache = NULL; if ($site == 'site') { $cache = persistant_cache_get('THEME_IMAGES'); } if (!isset($cache[$true_theme][$true_lang])) { $IMG_CODES[$site] = $db->query_select('theme_images', array('id', 'path'), array('theme' => $true_theme, 'lang' => $true_lang)); $IMG_CODES[$site] = collapse_2d_complexity('id', 'path', $IMG_CODES[$site]); if ($site == 'site') { if ($cache === NULL) { $cache = array(); } $cache[$theme][$true_lang] = $IMG_CODES[$site]; persistant_cache_set('THEME_IMAGES', $cache); } } else { $IMG_CODES[$site] = $cache[$true_theme][$true_lang]; } } if (!$truism && !$pure_only) { $path = $db->query_value_null_ok('theme_images', 'path', array('theme' => $theme, 'lang' => $lang, 'id' => $id)); if ($path !== NULL) { if (url_is_local($path) && !$leave_local) { $path = ($db->connection_write != $GLOBALS['SITE_DB']->connection_write ? get_forum_base_url() : (substr($path, 0, 22) == 'themes/default/images/' ? get_base_url() : get_custom_base_url())) . '/' . $path; } return cdn_filter($path); } } if ($pure_only || !isset($IMG_CODES[$site][$id]) || !$truism) { $path = NULL; $priorities = array(); if (!$pure_only) { $priorities = array_merge($priorities, array(array($theme, $lang, 'images_custom'), array($theme, '', 'images_custom'), $lang == fallback_lang() ? NULL : array($theme, fallback_lang(), 'images_custom'))); } // This will not do a DB search, just a filesystem search. The Theme Wizard makes these though $priorities = array_merge($priorities, array(array($theme, $lang, 'images'), array($theme, '', 'images'), $lang == fallback_lang() ? NULL : array($theme, fallback_lang(), 'images'))); if ($theme != 'default') { if (!$pure_only) { $priorities = array_merge($priorities, array(array('default', $lang, 'images_custom'), array('default', '', 'images_custom'), $lang == fallback_lang() ? NULL : array('default', fallback_lang(), 'images_custom'))); } $priorities = array_merge($priorities, array(array('default', $lang, 'images'), array('default', '', 'images'), $lang == fallback_lang() ? NULL : array('default', fallback_lang(), 'images'))); } foreach ($priorities as $i => $priority) { if ($priority === NULL) { continue; } if ($priority[2] == 'images_custom' && $priority[1] != '') { $smap = array('id' => $id, 'theme' => $priority[0], 'lang' => $priority[1]); $nql_backup = $GLOBALS['NO_QUERY_LIMIT']; $GLOBALS['NO_QUERY_LIMIT'] = true; $truism_b = $priority[0] == $true_theme && (!multi_lang() || $priority[1] == '' || $priority[1] === $true_lang); $path = $truism_b ? NULL : $db->query_value_null_ok('theme_images', 'path', $smap); $GLOBALS['NO_QUERY_LIMIT'] = $nql_backup; if ($path !== NULL) { if (strpos($path, '/images/' . $id . '.') !== false) { continue; } if (array_key_exists('lang', $smap) && strpos($path, '/images/' . $smap['lang'] . '/' . $id . '.') !== false) { continue; } break; } } $test = _search_img_file($priority[0], $priority[1], $id, $priority[2]); if ($test !== NULL) { $path_bits = explode('/', $test); $path = ''; foreach ($path_bits as $bit) { if ($path != '') { $path .= '/'; } $path .= rawurlencode($bit); } break; } } if ($db->connection_write == $GLOBALS['SITE_DB']->connection_write) { if ($path !== NULL && $path != '' || $silent_fail && !$GLOBALS['SEMI_DEBUG_MODE']) { $nql_backup = $GLOBALS['NO_QUERY_LIMIT']; $GLOBALS['NO_QUERY_LIMIT'] = true; $db->query_delete('theme_images', array('id' => $id, 'theme' => $theme, 'lang' => $lang)); // Allow for race conditions $db->query_insert('theme_images', array('id' => $id, 'theme' => $theme, 'path' => $path === NULL ? '' : $path, 'lang' => $lang), false, true); // Allow for race conditions $GLOBALS['NO_QUERY_LIMIT'] = $nql_backup; persistant_cache_delete('THEME_IMAGES'); } } if ($path === NULL) { if (!$silent_fail) { require_code('site'); attach_message(do_lang_tempcode('NO_SUCH_IMAGE', escape_html($id)), 'warn'); } return ''; } if ($truism) { $IMG_CODES[$site][$id] = $path; } // only cache if we are looking up for our own theme/lang } else { $path = $IMG_CODES[$site][$id]; global $SITE_INFO; if ($path != '' && (!isset($SITE_INFO['disable_smart_decaching']) || $SITE_INFO['disable_smart_decaching'] == '0') && (!isset($SITE_INFO['no_disk_sanity_checks']) || $SITE_INFO['no_disk_sanity_checks'] == '0') && url_is_local($path) && !is_file(get_custom_file_base() . '/' . rawurldecode($path))) { unset($IMG_CODES[$site][$id]); return find_theme_image($id, $silent_fail, $leave_local, $theme, $lang, $db, $pure_only); } } if (url_is_local($path) && !$leave_local && $path != '') { if ($db->connection_write != $GLOBALS['SITE_DB']->connection_write) { $base_url = get_forum_base_url(); } else { global $SITE_INFO; $missing = !$pure_only && ((!isset($SITE_INFO['disable_smart_decaching']) || $SITE_INFO['disable_smart_decaching'] == '0') && (!isset($SITE_INFO['no_disk_sanity_checks']) || $SITE_INFO['no_disk_sanity_checks'] == '0') && (!is_file(get_file_base() . '/' . rawurldecode($path)) && !is_file(get_custom_file_base() . '/' . rawurldecode($path)))); if (substr($path, 0, 22) == 'themes/default/images/' || $missing) { if ($missing) { return find_theme_image($id, $silent_fail, $leave_local, $theme, $lang, $db, true); } $base_url = get_base_url(); } else { $base_url = get_custom_base_url(); } } $path = $base_url . '/' . $path; } return cdn_filter($path); }
$FILE_BASE = substr($FILE_BASE, 0, $a > $b ? $a : $b); } else { $RELATIVE_PATH = ''; } @chdir($FILE_BASE); global $NON_PAGE_SCRIPT; $NON_PAGE_SCRIPT = 1; global $FORCE_INVISIBLE_GUEST; $FORCE_INVISIBLE_GUEST = 0; if (!is_file($FILE_BASE . '/sources/global.php')) { exit('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">' . chr(10) . '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN"><head><title>Critical startup error</title></head><body><h1>ocPortal startup error</h1><p>The second most basic ocPortal startup file, sources/global.php, could not be located. This is almost always due to an incomplete upload of the ocPortal system, so please check all files are uploaded correctly.</p><p>Once all ocPortal files are in place, ocPortal must actually be installed by running the installer. You must be seeing this message either because your system has become corrupt since installation, or because you have uploaded some but not all files from our manual installer package: the quick installer is easier, so you might consider using that instead.</p><p>ocProducts maintains full documentation for all procedures and tools, especially those for installation. These may be found on the <a href="http://ocportal.com">ocPortal website</a>. If you are unable to easily solve this problem, we may be contacted from our website and can help resolve it for you.</p><hr /><p style="font-size: 0.8em">ocPortal is a website engine created by ocProducts.</p></body></html>'); } require $FILE_BASE . '/sources/global.php'; // Remap menus to use these images $icons = fopen(get_file_base() . '/data_custom/icon_map.csv', 'rt'); while (($line = fgetcsv($icons, 1024)) !== false) { if (count($line) == 2) { switch ($line[0]) { case 'collab_features': $map = array('i_menu' => $line[0], 'i_url' => ''); break; case 'forum_base_url': $map = array('i_url' => get_forum_base_url(true)); break; default: $map = array('i_url' => $line[0]); } $GLOBALS['SITE_DB']->query_update('menu_items', array('i_theme_img_code' => 'menu_items/' . $line[1]), $map); } } echo 'Installed';
/** * Find the base URL to the emoticons. * * @return URLPATH The base URL */ function get_emo_dir() { return get_forum_base_url() . '/Smileys/default/'; }
/** * Evaluate a conventional tempcode variable, handling escaping * * @param LANGUAGE_NAME The language to evaluate this symbol in (some symbols refer to language elements) * @param array Array of escaping operations * @param integer The type of symbol this is (TC_SYMBOL, TC_LANGUAGE_REFERENCE) * @set 0 2 * @param ID_TEXT The name of the symbol * @param array Parameters to the symbol. For all but directive it is an array of strings. For directives it is an array of Tempcode objects. Actually there may be template-style parameters in here, as an influence of singular_bind and these may be Tempcode, but we ignore them. * @return mixed The result. Either tempcode, or a string. */ function ecv($lang, $escaped, $type, $name, $param) { global $TEMPCODE_SETGET, $CYCLES, $PREPROCESSABLE_SYMBOLS, $DISPLAYED_TITLE; //echo '<!--'.$name.'-->'."\n"; if ($type == TC_SYMBOL) { $escaped_codes = $name . ($escaped == array() ? '' : serialize($escaped)); $cacheable = $param == array() && !isset($GLOBALS['NON_CACHEABLE_SYMBOLS'][$name]); if ($cacheable) { global $SYMBOL_CACHE; if (isset($SYMBOL_CACHE[$escaped_codes])) { return $SYMBOL_CACHE[$escaped_codes]; } } $value = ''; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($value); } $temp_array = array(); if (isset($PREPROCESSABLE_SYMBOLS[$name]) && $name != 'PAGE_LINK') { handle_symbol_preprocessing(array($escaped, $type, $name, $param), $temp_array); } // Late preprocessing. Should not be needed in case of full screen output (as this was properly preprocessed), but is in other cases switch ($name) { case 'PAGE_LINK': if (isset($param[0])) { list($zone, $map, $hash) = page_link_decode(is_object($param[0]) ? $param[0]->evaluate() : $param[0]); $skip = NULL; if (isset($param[4])) { $skip = array_flip(explode('|', $param[4])); } $avoid_remap = isset($param[1]) && $param[1] == '1'; $skip_keep = isset($param[2]) && $param[2] == '1'; $keep_all = isset($param[3]) && $param[3] == '1'; foreach ($map as $key => $val) { if (is_object($val)) { $map[$key] = $val->evaluate(); } } $value = _build_url($map, $zone, $skip, $keep_all, $avoid_remap, $skip_keep, $hash); } else { $value = get_zone_name() . ':' . get_page_name(); foreach ($_GET as $key => $val) { if ($key == 'page') { continue; } if (is_array($val)) { continue; } if (substr($key, 0, 5) == 'keep_' && !skippable_keep($key, $val)) { continue; } $value .= ':' . $key . '=' . $val; } } break; case 'SET': if (isset($param[1])) { if (isset($param[1]) && is_object($param[1])) { $TEMPCODE_SETGET[$param[0]] = $param[1]; } else { $param_copy = $param; unset($param_copy[0]); $TEMPCODE_SETGET[$param[0]] = implode(',', $param_copy); } } break; case 'GET': if (isset($param[0])) { if (isset($TEMPCODE_SETGET[$param[0]])) { if (is_object($TEMPCODE_SETGET[$param[0]])) { $TEMPCODE_SETGET[$param[0]] = $TEMPCODE_SETGET[$param[0]]->evaluate(); } $value = $TEMPCODE_SETGET[$param[0]]; } } break; case 'EQ': if (isset($param[1])) { $first = array_shift($param); $count = 0; foreach ($param as $test) { if ($first == $test) { $count++; break; } } $value = $count != 0 ? '1' : '0'; } break; case 'NEQ': if (isset($param[1])) { $first = array_shift($param); $count = 0; foreach ($param as $test) { if ($first == $test) { $count++; } } $value = $count == 0 ? '1' : '0'; } break; case 'NOT': if (isset($param[0])) { $value = $param[0] == '1' || $param[0] == '1' ? '0' : '1'; } break; case 'OR': $count = 0; foreach ($param as $test) { if ($test == '1' || $test == '1') { $count++; } } $value = $count > 0 ? '1' : '0'; break; case 'AND': $count = 0; foreach ($param as $test) { if ($test == '1' || $test == '1') { $count++; } } $value = $count == count($param) ? '1' : '0'; break; case 'HAS_ACTUAL_PAGE_ACCESS': if (isset($param[0])) { $value = has_actual_page_access($param !== NULL && isset($param[2]) ? intval($param[2]) : get_member(), $param[0], isset($param[1]) ? $param[1] : NULL) ? '1' : '0'; } break; case '?': if (isset($param[1])) { $value = $param[0] == '1' || $param[0] == '1' ? $param[1] : (isset($param[2]) ? $param[2] : $value); } break; case 'IMG': if (isset($param[0]) && isset($GLOBALS['SITE_DB']) && function_exists('find_theme_image') && $GLOBALS['IN_MINIKERNEL_VERSION'] == 0) { $value = find_theme_image($param[0], isset($param[3]) && $param[3] == '1', false, array_key_exists(2, $param) && $param[2] != '' ? $param[2] : NULL, NULL, isset($param[1]) && $param[1] == '1' ? $GLOBALS['FORUM_DB'] : $GLOBALS['SITE_DB']); } break; case '': break; case 'META_DATA': if (isset($param[0])) { global $META_DATA; if (isset($param[1])) { $matches = array(); if ($param[0] == 'image' && preg_match('#^' . preg_quote(find_script('attachment'), '#') . '\\?id=(\\d+)#', $param[1], $matches) != 0) { require_code('attachments'); if (!has_attachment_access($GLOBALS['FORUM_DRIVER']->get_guest_id(), intval($matches[1]))) { break; } } $META_DATA[$param[0]] = $param[1]; } else { $value = isset($META_DATA[$param[0]]) ? strip_comcode($META_DATA[$param[0]]) : ''; if ($value === NULL) { $value = ''; } } } break; case 'SPECIAL_CLICK_TO_EDIT': $_value = do_lang_tempcode('SPECIAL_CLICK_TO_EDIT'); $value = $_value->evaluate(); break; case 'KEEP': // What needs preserving in the URL $value = keep_symbol($param); break; case 'BROWSER': if (isset($param[1])) { $q = false; foreach (explode('|', $param[0]) as $browser) { $q = browser_matches($browser); if ($q) { break; } } $value = $q ? $param[1] : (isset($param[2]) ? $param[2] : ''); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($value); } } break; case 'JAVASCRIPT_INCLUDE': if (isset($param[0])) { require_javascript($param[0]); /*// Has to do this inline, as you're not allowed to reference scripts outside head if (!array_key_exists($param[0],$GLOBALS['JAVASCRIPTS'])) { $GLOBALS['JAVASCRIPTS'][$param[0]]=1; $file=javascript_enforce($param[0]); $_value=do_template('JAVASCRIPT_NEED_INLINE',array('_GUID'=>'d6c907e26c5a8dd8c65f1d36a1a674a9','CODE'=>file_get_contents($file,FILE_TEXT))); $value=$_value->evaluate(); }*/ } break; case 'FACILITATE_AJAX_BLOCK_CALL': if (isset($param[0])) { require_javascript('javascript_ajax'); require_code('blocks'); $_block_constraints = block_params_to_block_signature(block_params_str_to_arr($param[0])); if (array_key_exists(1, $param)) { $_block_constraints = array_merge($_block_constraints, block_params_str_to_arr($param[1])); ksort($_block_constraints); } $block_constraints = block_params_arr_to_str($_block_constraints); // Store permissions $_auth_key = $GLOBALS['SITE_DB']->query_select('temp_block_permissions', array('id', 'p_time'), array('p_session_id' => get_session_id(), 'p_block_constraints' => $block_constraints), '', 1); if (!array_key_exists(0, $_auth_key)) { $auth_key = $GLOBALS['SITE_DB']->query_insert('temp_block_permissions', array('p_session_id' => get_session_id(), 'p_block_constraints' => $block_constraints, 'p_time' => time()), true); } else { $auth_key = $_auth_key[0]['id']; if (time() - $_auth_key[0]['p_time'] > 100) { $GLOBALS['SITE_DB']->query_update('temp_block_permissions', array('p_time' => time()), array('p_session_id' => get_session_id(), 'p_block_constraints' => $block_constraints), '', 1); } } $keep = symbol_tempcode('KEEP'); $value = find_script('snippet') . '?snippet=block&auth_key=' . urlencode(strval($auth_key)) . '&block_map=' . urlencode($param[0]) . $keep->evaluate(); } break; case 'LANG': $value = user_lang(); break; case '_GET': if (isset($param[0])) { $value = get_param($param[0], isset($param[1]) ? $param[1] : '', true); } break; case 'QUERY_STRING': $value = ocp_srv('QUERY_STRING'); break; case 'USER_AGENT': $value = ocp_srv('HTTP_USER_AGENT'); break; case 'STRIP_TAGS': if (isset($param[0])) { if (isset($param[1]) && $param[1] == '1') { $value = strip_tags(str_replace('))', ')', str_replace('((', '(', str_replace('<em>', '(', str_replace('</em>', ')', $param[0]))))); } else { $value = strip_tags($param[0], array_key_exists(2, $param) ? $param[2] : ''); } if (isset($param[1]) && $param[1] == '1') { $value = @html_entity_decode($value, ENT_QUOTES, get_charset()); } } break; case 'CONFIG_OPTION': if (isset($param[0])) { if (!isset($GLOBALS['OPTIONS'])) { $value = '0'; } else { $value = get_option($param[0], true); if ($value === NULL) { $value = ''; } } } break; case 'TRUNCATE_LEFT': // Truncate the left length of a string. 0: text to truncate, 1: the truncate length, 2: whether to use a tooltip mouse-over if it is truncated, 3: whether it is encoded as HTML (0=no [default, plain-text], 1=yes) $value = symbol_truncator($param, 'left'); break; case 'TRUNCATE_RIGHT': $value = symbol_truncator($param, 'right'); break; case 'TRUNCATE_SPREAD': $value = symbol_truncator($param, 'spread'); break; case 'TRUNCATE_EXPAND': $value = symbol_truncator($param, 'expand'); break; case 'THEME': if (isset($GLOBALS['FORUM_DRIVER'])) { $value = $GLOBALS['FORUM_DRIVER']->get_theme(); } else { $value = 'default'; } break; case 'REVERSE': if (isset($param[0])) { $value = implode(',', array_reverse(explode(',', $param[0]))); } break; case 'COMMA_LIST_GET': if (isset($param[1])) { require_code('blocks'); $values = block_params_str_to_arr($param[0]); $value = isset($values[$param[1]]) ? $values[$param[1]] : ''; } break; case 'COMMA_LIST_SET': if (isset($param[2])) { require_code('blocks'); $values = block_params_str_to_arr($param[0]); $values[$param[1]] = $param[2]; $value = block_params_arr_to_str($values); } break; case 'IS_EMPTY': if (isset($param[0])) { $value = $param[0] == '' ? '1' : '0'; } break; case 'IS_NON_EMPTY': if (isset($param[0])) { $value = $param[0] != '' ? '1' : '0'; } break; case 'CUSTOM_BASE_URL': $value = get_custom_base_url(isset($param[0]) && $param[0] != '' ? $param[0] == '1' : NULL); if (isset($param[1]) && $param[1] == '1') { $value = cdn_filter($value); } break; case 'LOAD_PANEL': foreach ($param as $i => $p) { if (is_object($p)) { $param[$i] = $p->evaluate(); } } global $LOADED_PANELS; if (strpos($param[0], ':') !== false) { $param = array_reverse(explode(':', $param[0], 2)); } if (substr($param[0], 0, 6) == 'panel_') { $param[0] = substr($param[0], 6); } $sr = serialize($param); $value = array_key_exists($sr, $LOADED_PANELS) ? $LOADED_PANELS[$sr] : ''; break; case 'HAS_JS': case 'JS_ON': if (isset($param[1])) { $value = has_js() ? $param[0] : $param[1]; } else { $value = has_js() ? '1' : '0'; } break; case 'BASE_URL_NOHTTP': $value = preg_replace('#^https?://[^/]+#', '', get_base_url()); if (substr($value, 0, 2) == '//') { $value = substr($value, 1); } if (!$GLOBALS['DEBUG_MODE']) { break; } // Debug mode changes base domain so we need to actually use it in full (fine, we don't have HTTPS in debug mode). Bubble on... // Debug mode changes base domain so we need to actually use it in full (fine, we don't have HTTPS in debug mode). Bubble on... case 'CUSTOM_BASE_URL_NOHTTP': $value = preg_replace('#^https?://[^/]+/#', '/', get_custom_base_url()); if (substr($value, 0, 2) == '//') { $value = substr($value, 1); } if (!$GLOBALS['DEBUG_MODE']) { break; } // Debug mode changes base domain so we need to actually use it in full (fine, we don't have HTTPS in debug mode). Bubble on... // Debug mode changes base domain so we need to actually use it in full (fine, we don't have HTTPS in debug mode). Bubble on... case 'BASE_URL': $value = get_base_url(isset($param[0]) ? $param[0] == '1' : NULL); break; case 'ZONE': $value = get_zone_name(); break; case 'PAGE': $value = get_page_name(); break; case 'SITE_NAME': $value = get_site_name(); break; case 'HEADER_TEXT': global $ZONE; $value = $ZONE['zone_header_text_trans']; break; case 'PANEL_WIDTH': if (isset($TEMPCODE_SETGET['PANEL_WIDTH']) && $TEMPCODE_SETGET['PANEL_WIDTH'] != '') { $value = $TEMPCODE_SETGET['PANEL_WIDTH']; } else { $value = get_option('panel_width', true); if ($value === NULL) { $value = '13.3em'; } } break; case 'PANEL_WIDTH_SPACED': if (isset($TEMPCODE_SETGET['PANEL_WIDTH_SPACED']) && $TEMPCODE_SETGET['PANEL_WIDTH_SPACED'] != '') { $value = $TEMPCODE_SETGET['PANEL_WIDTH_SPACED']; } else { $value = get_option('panel_width_spaced', true); if (is_null($value)) { $value = '14.3em'; } } break; case 'TRIM': if (isset($param[0])) { $value = preg_replace(array('#^\\s+#', '#^(<br\\s*/?' . '>\\s*)+#', '#^( )+#', '#\\s+$#', '#(<br\\s*/?' . '>\\s*)+$#', '#( )+$#'), array('', '', '', '', '', ''), $param[0]); } break; case 'CPF_VALUE': if (isset($param[0])) { if (is_numeric($param[0])) { require_code('ocf_members'); $fields = ocf_get_custom_fields_member(isset($param[1]) ? intval($param[1]) : get_member()); if (array_key_exists(intval($param[0]), $fields)) { $_value = $fields[intval($param[0])]; } } elseif (substr($param[0], 0, 2) == 'm_' && strpos(strtolower($param[0]), 'hash') === false && strpos(strtolower($param[0]), 'salt') === false) { $_value = $GLOBALS['FORUM_DRIVER']->get_member_row_field(isset($param[1]) ? intval($param[1]) : get_member(), $param[0]); } else { $_value = get_ocp_cpf($param[0], isset($param[1]) ? intval($param[1]) : NULL); } if (!is_string($_value)) { $value = is_null($_value) ? '' : strval($_value); } else { $value = $_value; } } break; case 'BANNER': if (addon_installed('banners')) { global $SITE_INFO; $is_on_banners = get_option('is_on_banners') == '1' && (!has_specific_permission(get_member(), 'banner_free') || $GLOBALS['FORUM_DRIVER']->is_super_admin(get_member()) && get_option('admin_banners') == '1' || !is_null($GLOBALS['CURRENT_SHARE_USER'])); if (array_key_exists('throttle_bandwidth_registered', $SITE_INFO)) { $views_till_now = intval(get_value('page_views')); $bandwidth_allowed = $SITE_INFO['throttle_bandwidth_registered']; $total_bandwidth = intval(get_value('download_bandwidth')); if ($bandwidth_allowed * 1024 * 1024 >= $total_bandwidth) { $is_on_banners = false; } } if ($is_on_banners && !is_page_https(get_zone_name(), get_page_name())) { require_code('banners'); $b_type = isset($param[0]) ? $param[0] : ''; $internal_only = isset($param[1]) ? intval($param[1]) : ($b_type == '' ? 0 : 1); if (isset($GLOBALS['NON_CACHEABLE_SYMBOLS']['SET_RAND'])) { $_value = banners_script(true, '', '', $b_type, $internal_only, ''); $value = $_value->evaluate(); } else { $value = 'Banner goes here'; } } } break; case 'AVATAR': $value = $GLOBALS['FORUM_DRIVER']->get_member_avatar_url(isset($param[0]) ? intval($param[0]) : get_member()); if (url_is_local($value) && $value != '') { $value = get_custom_base_url() . '/' . $value; } break; case 'IS_GUEST': if (isset($param[0])) { $value = is_guest(intval($param[0])) ? '1' : '0'; } else { $value = is_guest() ? '1' : '0'; } break; case 'MEMBER': $value = strval(get_member()); break; case 'USER': if (!isset($param[0])) { $value = strval(get_member()); } else { $member_id = $GLOBALS['FORUM_DRIVER']->get_member_from_username($param[0]); $value = is_null($member_id) ? '' : strval($member_id); } break; case 'CSS_INCLUDE': if (isset($param[0])) { require_css($param[0]); /*// Has to do this inline, as you're not allowed to reference sheets outside head if (!array_key_exists($param[0],$GLOBALS['CSSS'])) { $GLOBALS['CSSS'][$param[0]]=1; $file=css_enforce($param[0]); $_value=do_template('CSS_NEED_INLINE',array('_GUID'=>'9de994d2f6d47a622d49347feb7ebe96','CSS'=>str_replace('../../../../',get_base_url().'/',file_get_contents($file,FILE_TEXT)))); $value=$_value->evaluate(); }*/ } break; case 'USER_OVERIDE': $value = get_param('id', ''); if (!is_numeric($value) || $value == '') { $value = strval(get_member()); } break; case 'IS_HTTPAUTH_LOGIN': $value = is_httpauth_login() ? '1' : '0'; break; case 'MEMBER_PROFILE_LINK': $value = $GLOBALS['FORUM_DRIVER']->member_profile_url(!is_null($param) && isset($param[0]) ? intval($param[0]) : get_member(), false, true); if (is_null($value)) { $value = ''; } break; case 'USERNAME': $value = $GLOBALS['FORUM_DRIVER']->get_username(!is_null($param) && isset($param[0]) ? intval($param[0]) : get_member()); if (is_null($value)) { $value = do_lang('UNKNOWN'); } break; case 'CYCLE': if (isset($param[0])) { if (!isset($CYCLES[$param[0]])) { $CYCLES[$param[0]] = 0; } if (!isset($param[1])) { $value = strval($CYCLES[$param[0]]); } else { if (count($param) == 2) { $param = array_merge(array($param[0]), explode(',', $param[1])); } ++$CYCLES[$param[0]]; if (!array_key_exists($CYCLES[$param[0]], $param)) { $CYCLES[$param[0]] = 1; } $value = $param[$CYCLES[$param[0]]]; } } break; case 'THUMBNAIL': require_code('images'); $value = _symbol_thumbnail($param); break; case 'IMAGE_WIDTH': require_code('images'); list($value, ) = _symbol_image_dims($param); break; case 'IMAGE_HEIGHT': require_code('images'); list(, $value) = _symbol_image_dims($param); break; case 'IS_IN_GROUP': if (isset($param[0])) { if (in_array($param[count($param) - 1], array('', 'primary', 'secondary'))) { $last_param = $param[count($param) - 1]; unset($param[count($param) - 1]); } else { $last_param = ''; } $member_id = get_member(); $new_param = ''; $param_2 = array(); foreach ($param as $group) { if (substr($group, 0, 1) == '!' && is_numeric(substr($group, 1))) { $member_id = intval(substr($group, 1)); } else { $param_2 = array_merge($param_2, explode(',', $group)); } } foreach ($param_2 as $group) { if ($new_param != '') { $new_param .= ','; } $new_param .= $group; } if ($last_param == 'primary') { $member_row = $GLOBALS['FORUM_DRIVER']->get_member_row($member_id); $real_group_list = array($GLOBALS['FORUM_DRIVER']->pname_group($member_row)); } elseif ($last_param == 'secondary') { $real_group_list = $GLOBALS['FORUM_DRIVER']->get_members_groups($member_id); $member_row = $GLOBALS['FORUM_DRIVER']->get_member_row($member_id); $real_group_list = array_diff($real_group_list, array($GLOBALS['FORUM_DRIVER']->pname_group($member_row))); } else { $real_group_list = $GLOBALS['FORUM_DRIVER']->get_members_groups($member_id); } require_code('ocfiltering'); $value = count(array_intersect(ocfilter_to_idlist_using_memory($new_param, $GLOBALS['FORUM_DRIVER']->get_usergroup_list()), $real_group_list)) != 0 ? '1' : '0'; } break; case 'IS_STAFF': if (isset($GLOBALS['FORUM_DRIVER'])) { $value = $GLOBALS['FORUM_DRIVER']->is_staff(!is_null($param) && isset($param[0]) ? intval($param[0]) : get_member()) ? '1' : '0'; } else { $value = '0'; } break; case 'IS_SUPER_ADMIN': if (isset($GLOBALS['FORUM_DRIVER'])) { $value = $GLOBALS['FORUM_DRIVER']->is_super_admin(!is_null($param) && isset($param[0]) ? intval($param[0]) : get_member()) ? '1' : '0'; } else { $value = '0'; } break; case 'PHOTO': if (isset($param[0])) { $value = $GLOBALS['FORUM_DRIVER']->get_member_photo_url(intval($param[0])); if (url_is_local($value) && $value != '') { $value = get_custom_base_url() . '/' . $value; } } break; case 'OCF_RANK_IMAGE': if (addon_installed('ocf_forum')) { require_code('ocf_groups'); $rank_images = new ocp_tempcode(); $member_id = isset($param[0]) ? intval($param[0]) : get_member(); $posters_groups = $GLOBALS['FORUM_DRIVER']->get_members_groups($member_id, true); foreach ($posters_groups as $group) { $rank_image = ocf_get_group_property($group, 'rank_image'); $group_leader = ocf_get_group_property($group, 'group_leader'); $group_name = ocf_get_group_name($group); $rank_image_pri_only = ocf_get_group_property($group, 'rank_image_pri_only'); if ($rank_image != '' && ($rank_image_pri_only == 0 || $group == $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_primary_group'))) { $rank_images->attach(do_template('OCF_RANK_IMAGE', array('USERNAME' => $GLOBALS['FORUM_DRIVER']->get_username($member_id), 'GROUP_NAME' => $group_name, 'IMG' => $rank_image, 'IS_LEADER' => $group_leader == $member_id))); } } $value = $rank_images->evaluate(); } break; case 'TOTAL_POINTS': if (addon_installed('points')) { require_code('points'); $value = strval(total_points(isset($param[0]) ? intval($param[0]) : get_member())); } break; case 'POINTS_USED': if (addon_installed('points')) { require_code('points'); $value = strval(points_used(isset($param[0]) ? intval($param[0]) : get_member())); } break; case 'AVAILABLE_POINTS': if (addon_installed('points')) { require_code('points'); $value = strval(available_points(isset($param[0]) ? intval($param[0]) : get_member())); } break; case 'URL_FOR_GET_FORM': if (isset($param[0])) { $url_bits = parse_url($param[0]); if (array_key_exists('scheme', $url_bits)) { $value = $url_bits['scheme'] . '://' . (array_key_exists('host', $url_bits) ? $url_bits['host'] : 'localhost'); if (array_key_exists('port', $url_bits) && $url_bits['port'] != 80) { $value .= ':' . strval($url_bits['port']); } } if (array_key_exists('path', $url_bits)) { $value .= $url_bits['path']; } } break; case 'HIDDENS_FOR_GET_FORM': $_value = new ocp_tempcode(); $url_bits = parse_url($param[0]); if (array_key_exists('query', $url_bits) && $url_bits['query'] != '') { foreach (explode('&', $url_bits['query']) as $exp) { $parts = explode('=', $exp, 2); if (count($parts) == 2) { if (!in_array($parts[0], $param)) { $_value->attach(form_input_hidden($parts[0], urldecode($parts[1]))); } } } } $value = $_value->evaluate(); break; case 'NOTIFICATIONS_ENABLED': $value = ''; if (array_key_exists(0, $param)) { require_code('notifications'); $value = notifications_enabled(array_key_exists(1, $param) ? $param[1] : get_page_name(), $param[0]) ? '1' : '0'; } break; case 'DOCUMENT_HELP': global $DOCUMENT_HELP, $HELPER_PANEL_TUTORIAL; $value = $DOCUMENT_HELP; if ($value == '' && $HELPER_PANEL_TUTORIAL != '') { $value = brand_base_url() . '/docs' . strval(ocp_version()) . '/pg/' . $HELPER_PANEL_TUTORIAL; } break; case 'HTTP_STATUS_CODE': global $HTTP_STATUS_CODE; $value = $HTTP_STATUS_CODE; break; case 'TEMPCODE': if (isset($param[0])) { require_code('tempcode_compiler'); $_value = template_to_tempcode($param[0]); $value = $_value->evaluate(); } break; case 'COMCODE': if (isset($param[0])) { $_value = comcode_to_tempcode($param[0], NULL, true); $value = $_value->evaluate(); } break; case 'FLAGRANT': $_value = get_flagrant(); $value = $_value->evaluate(); break; case 'IMG_WIDTH': case 'IMG_HEIGHT': if (isset($param[0]) && isset($GLOBALS['SITE_DB']) && function_exists('find_theme_image') && $GLOBALS['IN_MINIKERNEL_VERSION'] == 0) { global $THEME_IMG_DIMS_CACHE; if (!isset($THEME_IMG_DIMS_CACHE)) { $THEME_IMG_DIMS_CACHE = function_exists('persistant_cache_get') ? persistant_cache_get('THEME_IMG_DIMS') : array(); } if (isset($THEME_IMG_DIMS_CACHE[$param[0]])) { list($width, $height) = $THEME_IMG_DIMS_CACHE[$param[0]]; $value = $name == 'IMG_WIDTH' ? $width : $height; } else { if (strpos($param[0], '://') === false) { $img_url = find_theme_image($param[0], false, false, array_key_exists(2, $param) ? $param[2] : NULL, NULL, isset($param[1]) && $param[1] == '1' ? $GLOBALS['FORUM_DB'] : $GLOBALS['SITE_DB']); } else { $img_url = $param[0]; } require_code('images'); list($width, $height) = _symbol_image_dims(array($img_url)); $value = $name == 'IMG_WIDTH' ? $width : $height; $THEME_IMG_DIMS_CACHE[$param[0]] = array($width, $height); if (function_exists('persistant_cache_set')) { persistant_cache_set('THEME_IMG_DIMS', $THEME_IMG_DIMS_CACHE); } } } break; case 'CLEAN_FILE_SIZE': if (isset($param[0])) { $bytes = is_numeric($param[0]) ? intval($param[0]) : NULL; require_code('files'); $value = clean_file_size($bytes); } break; case 'TIME_PERIOD': if (isset($param[0])) { $value = display_time_period(intval($param[0])); } break; case 'MAKE_RELATIVE_DATE': if (isset($param[0])) { if (get_option('use_contextual_dates') == '0' && (!array_key_exists(1, $param) || $param[1] != '1')) { $value = get_timezoned_date(intval($param[0])); } else { $value = display_time_period(time() - intval($param[0])); } } break; case 'TIMEZONE': $value = make_nice_timezone_name(get_site_timezone()); break; case 'LOAD_PAGE': foreach ($param as $i => $p) { if (is_object($p)) { $param[$i] = $p->evaluate(); } } global $LOADED_PAGES; if (strpos($param[0], ':') !== false) { $param = array_reverse(explode(':', $param[0], 2)); } $_value = $LOADED_PAGES[serialize($param)]; $value = $_value->evaluate(); break; case 'RUNNING_SCRIPT': if (isset($param[0])) { $value = running_script($param[0]) ? '1' : '0'; } break; case 'MATCH_KEY_MATCH': $value = '0'; foreach ($param as $match_key) { if ($match_key == '1' || $match_key == '0' || $match_key == '') { continue; } if (match_key_match($match_key, isset($param[1]) && $match_key == '1')) { $value = '1'; } } break; case 'VERSION': $value = strval(ocp_version()); break; case 'PREVIEW_VALIDATION': $value = get_option('is_on_preview_validation') == '1' ? '1' : '0'; break; case 'BLOCK': if (isset($GLOBALS['NON_CACHEABLE_SYMBOLS']['SET_RAND'])) { foreach ($param as $i => $p) { if (is_object($p)) { $param[$i] = $p->evaluate(); } } if (count($param) == 1 && strpos($param[0], ',') !== false) { $param = preg_split('#((?<!\\\\)|(?<=\\\\\\\\)|(?<=^)),#', $param[0]); foreach ($param as $key => $val) { $param[$key] = str_replace('\\,', ',', $val); } } global $LOADED_BLOCKS; if (isset($LOADED_BLOCKS[serialize($param)])) { // Will always be set $value = $LOADED_BLOCKS[serialize($param)]->evaluate(); } } break; case 'CURRENCY': if (addon_installed('ecommerce')) { if (isset($param[0])) { require_code('currency'); $value = currency_convert(floatval(str_replace(',', '', $param[0])), isset($param[1]) && $param[1] != '' ? $param[1] : get_option('currency'), isset($param[2]) && $param[2] != '' ? $param[2] : NULL, isset($param[3]) && $param[3] == '1'); if (is_null($value)) { $value = do_lang('INTERNAL_ERROR'); } } else { $value = get_option('currency'); } } break; case 'CURRENCY_SYMBOL': if (addon_installed('ecommerce')) { require_code('ecommerce'); $value = ecommerce_get_currency_symbol(); } break; case 'GEOLOCATE': $value = geolocate_ip(isset($param[0]) ? $param[0] : NULL); break; case 'NO_SAFE_MODE': $value = str_replace(array('on', 'true', 'yes'), array('1', '1', '1'), strtolower(ini_get('safe_mode'))) == '1' ? '0' : '1'; break; case 'FORCE_PREVIEWS': if (get_option('forced_preview_option') == '1') { if (get_forum_type() == 'ocf') { if (is_guest() && get_option('default_preview_guests') == '0') { $value = '0'; } else { $value = $GLOBALS['FORUM_DRIVER']->get_member_row_field(get_member(), 'm_preview_posts') == 1 ? '1' : '0'; } } else { $value = get_option('default_preview_guests') == '0' ? '0' : '1'; } } else { $value = '0'; } break; case 'PREVIEW_URL': $value = find_script('preview'); $value .= '?page=' . get_page_name(); $value .= '&type=' . get_param('type', '', true); break; case 'ADDON_INSTALLED': if (isset($param[0]) && !running_script('install')) { $value = addon_installed($param[0]) ? '1' : '0'; } break; case 'VALUE_OPTION': if (isset($param[0])) { $value = function_exists('get_value') ? get_value($param[0]) : ''; if (is_null($value)) { $value = function_exists('get_long_value') ? get_long_value($param[0]) : ''; if (is_null($value)) { $value = isset($param[1]) ? $param[1] : ''; if ($param[0] == 'textmate' && (ocp_srv('HTTP_HOST') == 'localhost' && strpos(ocp_srv('HTTP_USER_AGENT'), 'Macintosh') !== false)) { $value = '1'; } } } } break; case 'KEEP_INDEX': // What needs preserving in the URL $value = 'index.php'; if (count($_GET) > 0) { foreach ($_GET as $key => $val) { if (is_array($val)) { continue; } if (get_magic_quotes_gpc()) { $val = stripslashes($val); } if (substr($key, 0, 5) == 'keep_' && !skippable_keep($key, $val) && strpos($key, '_expand_') === false) { $value .= ($value == 'index.php' ? '?' : '&') . urlencode($key) . '=' . ocp_url_encode($val); } } } break; case 'HIDE_HELP_PANEL': $value = array_key_exists('hide_help_panel', $_COOKIE) && $_COOKIE['hide_help_panel'] == '1' ? '1' : '0'; break; case 'URLISE_LANG': if (isset($param[1])) { $_value = urlise_lang($param[0], $param[1], isset($param[2]) ? $param[2] : '', isset($param[3]) ? $param[3] == '1' : false); $value = $_value->evaluate(); } break; case 'FIND_SCRIPT_NOHTTP': if (isset($param[0]) && function_exists('find_script')) { $value = preg_replace('#^https?://[^/]+#', '', find_script($param[0], false, isset($param[1]) ? intval($param[1]) : 0)); } if (!$GLOBALS['DEBUG_MODE']) { break; } // Debug mode changes base domain so we need to actually use it in full (fine, we don't have HTTPS in debug mode). Bubble on... // Debug mode changes base domain so we need to actually use it in full (fine, we don't have HTTPS in debug mode). Bubble on... case 'FIND_SCRIPT': if (isset($param[0]) && function_exists('find_script')) { $value = find_script($param[0], false, isset($param[1]) ? intval($param[1]) : 0); } break; case 'MOBILE': $value = is_mobile(NULL, array_key_exists(0, $param) ? $param[0] == '1' : false) ? '1' : '0'; break; case 'VALID_FILE_TYPES': $value = get_option('valid_types'); $types = array_flip(explode(',', $value)); $value = ''; ksort($types); foreach (array_flip($types) as $val) { $value .= $val . ','; } $value = substr($value, 0, strlen($value) - 1); break; case 'BROWSER_UA': $browser = get_browser_string(); $value = $browser; break; case 'OS': $os = get_os_string(); if (is_null($os)) { $os = ''; } $value = $os; break; case 'ANCHOR': if (isset($param[0])) { $_value = do_template('ANCHOR', array('_GUID' => '8795c70c9dd7c6217bb765264ac24092', 'NAME' => $param[0])); $value = $_value->evaluate(); } break; case 'CSS_TEMPCODE': $_value = css_tempcode(); $value = $_value->evaluate(); break; case 'JS_TEMPCODE': $_value = javascript_tempcode(isset($param[0]) ? $param[0] : NULL); $value = $_value->evaluate(); break; case 'PAD_LEFT': if (array_key_exists(1, $param)) { $value = str_pad($param[0], intval($param[1]), array_key_exists(2, $param) ? $param[2] : '', STR_PAD_LEFT); } break; case 'PAD_RIGHT': if (array_key_exists(1, $param)) { $value = str_pad($param[0], intval($param[1]), array_key_exists(2, $param) ? $param[2] : '', STR_PAD_RIGHT); } break; case 'PAGE_TITLE': $value = is_null($DISPLAYED_TITLE) ? '' : $DISPLAYED_TITLE->evaluate(); break; case 'SET_TITLE': if (array_key_exists(0, $param)) { get_page_title($param[0], false); } break; case 'EXTRA_HEAD': $_value = $GLOBALS['EXTRA_HEAD']; if ($_value === NULL) { $_value = new ocp_tempcode(); } $value = $_value->evaluate(); break; case 'EXTRA_FOOT': if ($GLOBALS['EXTRA_FOOT'] === NULL) { $GLOBALS['EXTRA_FOOT'] = new ocp_tempcode(); } $_value = $GLOBALS['EXTRA_FOOT']; if (array_key_exists(0, $param)) { $GLOBALS['EXTRA_FOOT']->attach($param[0]); } else { $value = $_value->evaluate(); } break; case 'RAND': if (isset($GLOBALS['NON_CACHEABLE_SYMBOLS']['RAND'])) { $GLOBALS['NO_EVAL_CACHE'] = true; $value = strval(mt_rand(0, 32000)); } else { $value = '4'; } break; case 'SET_RAND': if (isset($param[0])) { if (isset($GLOBALS['NON_CACHEABLE_SYMBOLS']['SET_RAND'])) { $GLOBALS['NO_EVAL_CACHE'] = true; $value = $param[mt_rand(0, count($param) - 1)]; } else { $value = $param[0]; } } break; case 'COPYRIGHT': $value = str_replace('$CURRENT_YEAR', date('Y'), get_option('copyright')); break; case 'KEYWORDS_SPACED': $value = str_replace(',', ' ', get_option('keywords')); break; case 'STAFF_ADDRESS_PURE': $value = get_option('staff_address'); break; case 'STAFF_ADDRESS': require_code('obfuscate'); $value = obfuscate_email_address(get_option('staff_address')); break; case 'DOMAIN': $value = get_domain(); break; case 'BRAND_NAME': $value = function_exists('get_value') ? get_value('rebrand_name') : NULL; if (is_null($value)) { $value = 'ocPortal'; } break; case 'BRAND_BASE_URL': $value = brand_base_url(); break; case 'SHOW_DOCS': $value = get_option('show_docs') === '0' ? '0' : '1'; break; case 'MEMBER_EMAIL': $value = $GLOBALS['FORUM_DRIVER']->get_member_email_address(isset($param[0]) ? intval($param[0]) : get_member()); break; case 'OCF_MEMBER_HTML': if (get_forum_type() == 'ocf') { require_code('ocf_members'); require_code('ocf_members2'); $_value = ocf_show_member_box(isset($param[0]) ? intval($param[0]) : get_member()); $value = $_value->evaluate(); } break; case 'HAS_SPECIFIC_PERMISSION': if (isset($param[0])) { $value = has_specific_permission(!is_null($param) && isset($param[1]) ? intval($param[1]) : get_member(), $param[0]) ? '1' : '0'; } break; case 'HAS_ZONE_ACCESS': if (isset($param[0])) { $value = has_zone_access(!is_null($param) && isset($param[1]) ? intval($param[1]) : get_member(), $param[0]) ? '1' : '0'; } break; case 'HAS_PAGE_ACCESS': if (isset($param[0]) && isset($param[1])) { $value = has_page_access(!is_null($param) && isset($param[2]) ? intval($param[2]) : get_member(), $param[0], $param[1], !is_null($param) && isset($param[3]) ? $param[3] == '1' : false) ? '1' : '0'; } break; case 'HAS_CATEGORY_ACCESS': if (isset($param[0])) { $value = has_category_access(!is_null($param) && isset($param[2]) ? intval($param[2]) : get_member(), $param[0], $param[1]) ? '1' : '0'; } break; case 'HAS_ATTACHMENT_ACCESS': if (isset($param[0])) { require_code('attachments'); $value = has_attachment_access(!is_null($param) && isset($param[1]) ? intval($param[1]) : get_member(), $param[0]) ? '1' : '0'; } break; case 'HAS_SUBMIT_PERMISSION': if (isset($param[0]) && (strtolower($param[0]) == 'low' || strtolower($param[0]) == 'mid' || strtolower($param[0]) == 'high')) { $value = has_submit_permission(strtolower($param[0]), !is_null($param) && isset($param[1]) ? intval($param[1]) : get_member(), !is_null($param) && isset($param[2]) ? $param[2] : get_ip_address(), !is_null($param) && isset($param[3]) ? $param[3] : get_page_name()) ? '1' : '0'; } break; case 'HAS_DELETE_PERMISSION': if (isset($param[0]) && (strtolower($param[0]) == 'low' || strtolower($param[0]) == 'mid' || strtolower($param[0]) == 'high') && isset($param[1])) { $value = has_delete_permission(strtolower($param[0]), !is_null($param) && isset($param[2]) ? intval($param[2]) : get_member(), intval($param[1]), !is_null($param) && isset($param[3]) ? $param[3] : get_page_name()) ? '1' : '0'; } break; case 'HAS_EDIT_PERMISSION': if (isset($param[0]) && (strtolower($param[0]) == 'low' || strtolower($param[0]) == 'mid' || strtolower($param[0]) == 'high') && isset($param[1])) { $value = has_edit_permission(strtolower($param[0]), !is_null($param) && isset($param[2]) ? intval($param[2]) : get_member(), intval($param[1]), !is_null($param) && isset($param[3]) ? $param[3] : get_page_name()) ? '1' : '0'; } break; case 'ENTITY_DECODE': if (isset($param[0])) { $value = @html_entity_decode($param[0], ENT_QUOTES, get_charset()); } break; case 'RESET_CYCLE': if (isset($param[0])) { $CYCLES[$param[0]] = 0; } break; case 'SITE_SCOPE': $value = get_option('site_scope'); break; case 'LAST_VISIT_TIME': if (get_forum_type() == 'ocf') { $member_info = ocf_read_in_member_profile(get_member(), true); $value = strval($member_info['last_visit_time']); } break; case 'NUM_NEW_TOPICS': if (get_forum_type() == 'ocf') { $member_info = ocf_read_in_member_profile(get_member(), true); $_new_topics = $GLOBALS['FORUM_DB']->query('SELECT COUNT(*) AS mycnt FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_topics WHERE NOT t_forum_id IS NULL AND t_cache_first_time>' . strval((int) $member_info['last_visit_time'])); $new_topics = $_new_topics[0]['mycnt']; $value = strval($new_topics); } break; case 'NUM_NEW_POSTS': if (get_forum_type() == 'ocf') { $member_info = ocf_read_in_member_profile(get_member(), true); $_new_posts = $GLOBALS['FORUM_DB']->query('SELECT COUNT(*) AS mycnt FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_posts WHERE NOT p_cache_forum_id IS NULL AND p_time>' . strval((int) $member_info['last_visit_time'])); $new_posts = $_new_posts[0]['mycnt']; $value = strval($new_posts); } break; case 'HAS_FORUM': $value = has_no_forum() ? '0' : '1'; break; case 'OCF': $value = get_forum_type() == 'ocf' ? '1' : '0'; break; case 'BOARD_PREFIX': $value = get_forum_base_url(); break; case 'DATE_AND_TIME': $use_contextual_dates = isset($param[0]) && $param[0] == '1'; $verbose = isset($param[1]) && $param[1] == '1'; $server_time = isset($param[2]) && $param[2] == '1'; $time = isset($param[3]) ? intval($param[3]) : time(); $value = get_timezoned_date($time, true, $verbose, $server_time, !$use_contextual_dates); break; case 'DATE': $use_contextual_dates = isset($param[0]) && $param[0] == '1'; $verbose = isset($param[1]) && $param[1] == '1'; $server_time = isset($param[2]) && $param[2] == '1'; $time = isset($param[3]) ? intval($param[3]) : time(); $value = get_timezoned_date($time, false, $verbose, $server_time, !$use_contextual_dates); break; case 'TIME': $time = isset($param[0]) ? intval($param[0]) : time(); $value = get_timezoned_time($time); break; case 'SECONDS_PERIOD': if (array_key_exists(0, $param)) { $value = display_seconds_period(intval($param[0])); } break; case 'FROM_TIMESTAMP': if (isset($param[0])) { $timestamp = isset($param[1]) ? intval($param[1]) : time(); if (!array_key_exists(2, $param) || $param[2] == '1') { $timestamp = utctime_to_usertime($timestamp); } $value = locale_filter(my_strftime($param[0], $timestamp)); if ($value == $param[0]) { // If no conversion happened then the syntax must have been for 'date' not 'strftime' $value = date($param[0], $timestamp); } } else { $timestamp = time(); $value = strval($timestamp); } break; case 'TO_TIMESTAMP': if (isset($param[0])) { $value = strval(strtotime($param[0])); if (array_key_exists(1, $param) && $param[1] == '1') { $value = strval(usertime_to_utctime(intval($value))); } // '1' means date was in user-time so needs converting to a UTC timestamp } else { $value = strval(time()); } break; case 'SESSION_HASHED': $value = md5(strval(get_session_id())); break; case 'SESSION': $value = strval(get_session_id()); break; case 'IN_ARRAY': if (isset($param[1])) { $array = array_slice($param, 1); $value = in_array($param[0], $array) ? '1' : '0'; } break; case 'MULT': if (isset($param[1])) { $value = float_to_raw_string(floatval($param[0]) * floatval($param[1]), 2, true); } break; case 'ROUND': if (isset($param[0])) { $amount = isset($param[1]) ? intval($param[1]) : 0; if ($amount > 0) { $value = float_format(floatval($param[0]), $amount); } else { $value = strval(intval(round(floatval($param[0]), $amount))); } } break; case 'DEV_MODE': $value = $GLOBALS['DEBUG_MODE'] ? '1' : '0'; break; case 'BROWSER_MATCHES': if (isset($param[0])) { $q = false; foreach (explode('|', $param[0]) as $browser) { $q = browser_matches($browser); if ($q) { break; } } $value = $q ? '1' : '0'; } break; case 'ISSET': if (isset($param[0])) { $value = isset($TEMPCODE_SETGET[$param[0]]) ? '1' : '0'; } break; case 'INIT': if (isset($param[1])) { if (!isset($TEMPCODE_SETGET[$param[0]])) { $TEMPCODE_SETGET[$param[0]] = $param[1]; } } break; case 'INC': if (isset($param[0])) { if (!isset($TEMPCODE_SETGET[$param[0]])) { $TEMPCODE_SETGET[$param[0]] = '0'; } $TEMPCODE_SETGET[$param[0]] = strval(intval($TEMPCODE_SETGET[$param[0]]) + 1); } break; case 'DEC': if (isset($param[0])) { if (!isset($TEMPCODE_SETGET[$param[0]])) { $TEMPCODE_SETGET[$param[0]] = '0'; } $TEMPCODE_SETGET[$param[0]] = strval(intval($TEMPCODE_SETGET[$param[0]]) - 1); } break; case 'PREG_MATCH': if (isset($param[1])) { $value = preg_match('#' . str_replace('#', '\\#', $param[0]) . '#' . (isset($param[2]) ? str_replace('e', '', $param[2]) : ''), $param[1]) != 0 ? '1' : '0'; } break; case 'PREG_REPLACE': if (isset($param[2])) { $value = preg_replace('#' . str_replace('#', '\\#', $param[0]) . '#' . (isset($param[3]) ? str_replace('e', '', $param[3]) : ''), $param[1], $param[2]); } break; case 'MAX': if (isset($param[0])) { $value = strval(max(intval($param[0]), intval($param[1]))); } break; case 'MIN': if (isset($param[0])) { $value = strval(min(intval($param[0]), intval($param[1]))); } break; case 'MOD': if (isset($param[0])) { $value = strval(max(intval($param[0]), -intval($param[0]))); } break; case 'REM': if (isset($param[1])) { $value = strval(intval($param[0]) % intval($param[1])); } break; case 'DIV_FLOAT': if (isset($param[1])) { $value = float_to_raw_string(floatval($param[0]) / floatval($param[1]), 2, true); } break; case 'DIV': if (isset($param[1])) { $value = strval(intval(floor(floatval($param[0]) / floatval($param[1])))); } break; case 'SUBTRACT': if (isset($param[1])) { $value = float_to_raw_string(floatval(str_replace(',', '', $param[0])) - floatval(str_replace(',', '', $param[1])), 2, true); } break; case 'ADD': if (isset($param[1])) { $value = float_to_raw_string(floatval(str_replace(',', '', $param[0])) + floatval(str_replace(',', '', $param[1])), 2, true); } break; case 'WCASE': if (isset($param[0])) { $value = ucwords($param[0]); } break; case 'LCASE': if (isset($param[0])) { $value = ocp_mb_strtolower($param[0]); } break; case 'UCASE': if (isset($param[0])) { $value = ocp_mb_strtoupper($param[0]); } break; case '_POST': if (isset($param[0])) { $value = post_param($param[0], isset($param[1]) ? $param[1] : ''); } break; case 'REPLACE': if (isset($param[2])) { $value = str_replace($param[0], $param[1], $param[2]); if ($GLOBALS['XSS_DETECT'] && ocp_is_escaped($param[0])) { ocp_mark_as_escaped($value); } } break; case 'AT': if (isset($param[1])) { $value = ocp_mb_substr($param[0], intval($param[1]), 1); } break; case 'STRPOS': if (isset($param[1])) { $t_value = strpos($param[0], $param[1]); $value = $t_value === false ? '0' : strval($t_value); } break; case 'IN_STR': if (isset($param[1])) { if ($param[1] == '') { $value = '0'; } else { $value = '0'; foreach ($param as $i => $check) { if (is_integer($i) && $i != 0 && $check != '') { if (strpos($param[0], $check) !== false) { $value = '1'; break; } } } } } break; case 'SUBSTR_COUNT': if (isset($param[1])) { $value = strval(substr_count($param[0], $param[1])); } break; case 'SUBSTR': if (isset($param[1])) { $value = ocp_mb_substr($param[0], intval($param[1]), isset($param[2]) ? intval($param[2]) : strlen($param[0])); } break; case 'LENGTH': if (isset($param[0])) { $value = strval(ocp_mb_strlen($param[0])); } break; case 'WORDWRAP': if (isset($param[1])) { $cut = isset($param[3]) && $param[3] == '1'; $value = wordwrap($param[0], intval($param[1]), isset($param[2]) ? $param[2] : '<br />', $cut); if ($GLOBALS['XSS_DETECT'] && ocp_is_escaped($param[0])) { ocp_mark_as_escaped($value); } } break; case 'ALTERNATOR_TRUNCATED': // Alternate values according to whether some given text WOULD have been truncated. 0: text to check against, 1: the truncate length, 2:IF would not be do this, 3: if it would be do this, 4: whether given text is encoded as HTML (0=no [default, plain-text], 1=yes) if (isset($param[3])) { $amount = intval($param[1]); $is_html = isset($param[4]) && $param[4] == '1'; if (strlen($is_html ? strip_tags($param[0]) : $param[0]) > $amount) { $value = $param[3]; } else { $value = $param[2]; } } break; case 'ESCAPE': if (isset($param[0])) { $d_escaping = array(isset($param[1]) ? constant($param[1]) : ENTITY_ESCAPED); if (is_string($param[0])) { apply_tempcode_escaping($d_escaping, $param[0]); } $value = $param[0]; } break; case 'COOKIE_PATH': $value = function_exists('get_cookie_path') ? get_cookie_path() : '/'; break; case 'COOKIE_DOMAIN': $s_value = function_exists('get_cookie_domain') ? get_cookie_domain() : ''; $value = is_null($s_value) ? '' : $s_value; break; case 'IS_A_COOKIE_LOGIN': global $IS_A_COOKIE_LOGIN; $value = $IS_A_COOKIE_LOGIN && ini_get('suhosin.cookie.max_name_length') !== '64' ? '1' : '0'; break; case 'GROUP_ID': if (isset($param[0])) { $groups = $GLOBALS['FORUM_DRIVER']->get_members_groups(isset($param[1]) ? intval($param[1]) : get_member()); $value = array_key_exists(intval($param[0]), $groups) ? strval($groups[intval($param[0])]) : ''; } break; case 'GROUP_NAME': if (isset($param[0])) { $groups = $GLOBALS['FORUM_DRIVER']->get_members_groups(isset($param[1]) ? intval($param[1]) : get_member()); if (array_key_exists(intval($param[0]), $groups)) { $all_usergroups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list(); $value = $all_usergroups[$groups[intval($param[0])]]; } if ($GLOBALS['XSS_DETECT'] && ocp_is_escaped($param[0])) { ocp_mark_as_escaped($value); } } break; case 'NEGATE': if (isset($param[0])) { $value = strval(-intval($param[0])); } break; case 'XOR': $count = 0; foreach ($param as $test) { if ($test == '1' || $test == '1') { $count++; } } $value = $count == 1 ? '1' : '0'; break; case 'NOR': $count = 0; foreach ($param as $test) { if ($test == '1' || $test == '1') { $count++; } } $value = $count > 0 ? '0' : '1'; break; case 'NAND': $count = 0; foreach ($param as $test) { if ($test == '1' || $test == '1') { $count++; } } $value = $count == count($param) ? '0' : '1'; break; case 'LT': if (isset($param[1])) { $value = intval($param[0]) < intval($param[1]) ? '1' : '0'; } break; case 'GT': if (isset($param[1])) { $value = intval($param[0]) > intval($param[1]) ? '1' : '0'; } break; case 'COPPA_ON': $value = get_option('is_on_coppa') == '1' ? '1' : '0'; break; case 'OBFUSCATE': if (isset($param[0])) { require_code('obfuscate'); $value = obfuscate_entities($param[0]); } break; case 'FIX_ID': if (isset($param[0])) { $value = fix_id($param[0]); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($value); } } break; case 'MAILTO': require_code('obfuscate'); $value = mailto_obfuscated(); break; case 'INLINE_STATS': $value = get_option('show_inline_stats') == '1' ? '1' : '0'; break; case 'ATTACHMENT_DOWNLOADS': if (isset($param[0])) { $db = $GLOBALS['SITE_DB']; if (isset($param[1]) && $param[1] == '1') { $db = $GLOBALS['FORUM_DB']; } $_value = $db->query_value_null_ok('attachments', 'a_num_downloads', array('id' => intval($param[0]))); $value = is_null($_value) ? '?' : strval($_value); } break; case 'CSS_DIMENSION_REDUCE': if (isset($param[1])) { $value = $param[0]; if (substr($value, -2) == 'px') { $b = $param[1]; $value = strval(intval(substr($value, 0, -2)) - intval($b)) . 'px'; } if ($value == '') { $value = '0px'; } } break; case 'COMMENT_COUNT': if (isset($param[1])) { if (get_option('is_on_comments') == '1') { $count = 0; $_comments = $GLOBALS['FORUM_DRIVER']->get_forum_topic_posts($GLOBALS['FORUM_DRIVER']->find_topic_id_for_topic_identifier(get_option('comments_forum_name'), $param[0] . '_' . $param[1]), $count, 0, 0, false); $_value = do_lang_tempcode('_COMMENTS', integer_format(0)); if (is_array($_comments)) { $_value = do_lang_tempcode('_COMMENTS', escape_html(integer_format($count))); } $value = $_value->evaluate(); } else { $value = do_lang('VIEW'); } } break; case 'CAN_SPELLCHECK': $value = function_exists('pspell_check') ? '1' : '0'; break; case 'AWARD_ID': if (array_key_exists(0, $param)) { $value = $GLOBALS['SITE_DB']->query_value_null_ok('award_archive', 'content_id', array('a_type_id' => intval($param[0])), 'ORDER BY date_and_time DESC'); if (is_null($value)) { $value = ''; } } break; case 'SELF_PAGE_LINK': $value = ''; if (running_script('index') || running_script('iframe')) { $value = get_zone_name() . ':' . get_page_name(); foreach ($_GET as $key => $val) { if ($key == 'page') { continue; } if (is_array($val)) { continue; } if (substr($key, 0, 5) == 'keep_') { continue; } $value .= ':' . $key . '=' . $val; } } break; case 'SET_TUTORIAL_LINK': $value = ''; if (array_key_exists(1, $param) && $param[1] != '' && $param[1][0] != '#') { set_tutorial_link($param[0], $param[1]); } break; case 'DISPLAY_CONCEPT': $value = ''; if (array_key_exists(0, $param)) { $key = $param[0]; $page_link = get_tutorial_link('concept___' . preg_replace('#[^\\w_]#', '_', $key)); if (is_null($page_link)) { $temp_tpl = make_string_tempcode($key); } else { list($zone, $attributes, $hash) = page_link_decode($page_link); $_url = build_url($attributes, $zone, NULL, false, false, false, $hash); $temp_tpl = do_template('COMCODE_CONCEPT', array('_GUID' => 'ee0cd05f87329923f05145180004d8a8', 'TEXT' => $key, 'URL' => $_url)); } $value = $temp_tpl->evaluate(); } break; case 'SELF_URL': $extra_params = NULL; if (isset($param[3])) { $extra_params = array(); $i = 3; while (isset($param[$i])) { $bits = explode('=', $param[$i], 2); if ($bits[1] == '<null>') { $bits[1] = NULL; } $extra_params[$bits[0]] = $bits[1]; $i++; } } $value = get_self_url(true, isset($param[0]) && $param[0] == '1', $extra_params, isset($param[1]) && $param[1] == '1', isset($param[2]) && $param[2] == '1'); break; case 'SHIFT_DECODE': if (isset($param[0])) { global $SHIFT_VARIABLES; $key = $param[0]; $value = isset($SHIFT_VARIABLES[$key]) ? $SHIFT_VARIABLES[$key]->evaluate() : ''; } break; case 'NUMBER_FORMAT': if (isset($param[0])) { $value = integer_format(intval($param[0])); } break; case 'FLOAT_FORMAT': if (isset($param[0])) { $value = float_format(floatval($param[0])); } break; case 'CURRENTLY_INVISIBLE': $value = is_invisible() ? '1' : '0'; break; case 'IS_FRIEND': if (isset($param[0])) { $test = $GLOBALS['SITE_DB']->query_value_null_ok('chat_buddies', 'member_likes', array('member_likes' => isset($param[1]) ? intval($param[1]) : get_member(), 'member_liked' => intval($param[0]))); $value = is_null($test) ? '0' : '1'; } break; case 'SSW': $value = get_option('ssw') == '1' ? '1' : '0'; break; case 'RATING': if (isset($param[1])) { require_code('feedback'); $rating = get_rating_simple_array(array_key_exists(3, $param) ? $param[3] : get_self_url(true), array_key_exists(4, $param) ? $param[4] : (is_null($DISPLAYED_TITLE) ? '' : $DISPLAYED_TITLE->evaluate()), $param[0], $param[1], array_key_exists(5, $param) ? $param[5] : 'RATING_FORM', array_key_exists(2, $param) ? $param[2] : NULL); if ($rating !== NULL) { if (!array_key_exists(2, $param) || $param[2] == '0') { $value = isset($rating['ALL_RATING_CRITERIA'][0]['RATING']) ? $rating['ALL_RATING_CRITERIA'][0]['RATING'] : ''; } else { $value = do_template('RATING_INLINE_STATIC', $rating); } if (is_object($value)) { $value = $value->evaluate(); } } } break; case 'VIEWS': if (isset($param[2])) { $id_field = 'id'; // Not allowed for security reasons if (preg_match('#^\\w*views\\w*$#', $param[1]) != 0) { $test = $GLOBALS['SITE_DB']->query_value_null_ok($param[0], $param[1], array($id_field => $param[2])); if (!is_null($test)) { $value = integer_format($test); } } } break; default: global $EXTRA_SYMBOLS; if (is_null($EXTRA_SYMBOLS)) { $EXTRA_SYMBOLS = array(); $hooks = find_all_hooks('systems', 'symbols'); foreach (array_keys($hooks) as $hook) { $EXTRA_SYMBOLS[$hook] = array(); } } if (array_key_exists($name, $EXTRA_SYMBOLS)) { if (!array_key_exists('ob', $EXTRA_SYMBOLS[$name])) { require_code('hooks/systems/symbols/' . filter_naughty_harsh($name)); $EXTRA_SYMBOLS[$name]['ob'] = object_factory('Hook_symbol_' . filter_naughty_harsh($name)); } $value = $EXTRA_SYMBOLS[$name]['ob']->run($param); break; } if (defined($name)) { $value = @strval(constant($name)); break; } $value = ''; require_code('site'); attach_message(do_lang_tempcode('MISSING_SYMBOL', escape_html($name)), 'warn'); } if ($escaped != array()) { if (is_object($value)) { $value = $value->evaluate(); } apply_tempcode_escaping($escaped, $value); } if ($cacheable) { $SYMBOL_CACHE[$escaped_codes] = $value; } return $value; } // Is it a directive? if ($type == TC_DIRECTIVE) { $value = ''; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($value); } // In our param we should have a map of bubbled template parameters (under 'vars') and our numbered directive parameters if ($param === NULL) { $param = array(); } // Closure-based Tempcode parser may send in strings, so we need to adapt... foreach ($param as $key => $val) { if (is_string($val)) { $param[$key] = make_string_tempcode($val); } } if (!isset($param['vars'])) { $param['vars'] = array(); } switch ($name) { case 'SHIFT_ENCODE': break; case 'PARAM_INFO': $_value = do_template('PARAM_INFO', array('MAP' => $param['vars'])); $value = $_value->evaluate(); break; case 'CSS_INHERIT': // e.g. {+START,CSS_INHERIT,global,default,#886aa9}{+END} if (isset($param[0])) { require_code('css_and_js'); $css_file = $param[0]->evaluate(); $theme = isset($param[1]) ? $param[1]->evaluate() : 'default'; $seed = isset($param[2]) ? $param[2]->evaluate() : NULL; if ($seed == '') { $seed = NULL; } $dark = isset($param[3]) ? $param[3]->evaluate() == '1' : false; $algorithm = isset($param[4]) ? $param[4]->evaluate() : 'equations'; $value = css_inherit($css_file, $theme, $GLOBALS['FORUM_DRIVER']->get_theme(), $seed, $dark, $algorithm); } break; case 'FRACTIONAL_EDITABLE': foreach (array_keys($param) as $key) { if (!is_numeric($key)) { unset($param[$key]); } } if (isset($param[3])) { $edit_text = $param[0]->evaluate(); $edit_param_name = $param[1]->evaluate(); $edit_pagelink = $param[2]->evaluate(); $supports_comcode = (isset($param[4]) ? $param[3]->evaluate() : '0') == '1'; list($zone, $attributes, ) = page_link_decode($edit_pagelink); if ($zone == '_SEARCH') { $zone = get_module_zone($attributes['page']); } if (has_actual_page_access(get_member(), $attributes['page'], $zone) && has_zone_access(get_member(), 'adminzone')) { $keep = symbol_tempcode('KEEP'); $url = find_script('fractional_edit') . '?edit_param_name=' . urlencode($edit_param_name) . '&supports_comcode=' . ($supports_comcode ? '1' : '0') . '&zone=' . urlencode($zone) . $keep->evaluate(); foreach ($attributes as $key => $val) { $url .= '&' . $key . '=' . urlencode($val); } $_value = $param[count($param) - 1]; $_value = do_template('FRACTIONAL_EDIT', array('_GUID' => '075ac126c427d28b309004bc67b32b08', 'VALUE' => $_value, 'URL' => $url, 'EDIT_TEXT' => $edit_text, 'EDIT_PARAM_NAME' => $edit_param_name)); $value = $_value->evaluate(); } else { $value = $param[count($param) - 1]->evaluate(); } } break; case 'SET': if (isset($param[1])) { $var = $param[0]->evaluate(); $set_val = ''; $i = 1; while (isset($param[$i])) { if ($i != 1) { $set_val .= ','; } $set_val .= $param[1]->evaluate(); $i++; } $TEMPCODE_SETGET[$var] = $set_val; } break; case 'IN_ARRAY': if (isset($param[1])) { $key = $param[1]->evaluate(); $array = array_key_exists($key, $param['vars']) ? $param['vars'][$key] : array(); $value = in_array($param[0]->evaluate(), $array) ? '1' : '0'; } break; case 'NOT_IN_ARRAY': if (isset($param[1])) { $key = $param[1]->evaluate(); $array = array_key_exists($key, $param['vars']) ? $param['vars'][$key] : array(); $value = in_array($param[0]->evaluate(), $array) ? '0' : '1'; } break; case 'IF_IN_ARRAY': if (isset($param[2])) { $key = $param[1]->evaluate(); $array = array_key_exists($key, $param['vars']) ? $param['vars'][$key] : array(); $value = in_array($param[0]->evaluate(), $array) ? $param[2]->evaluate() : ''; } break; case 'IF_NOT_IN_ARRAY': if (isset($param[2])) { $key = $param[1]->evaluate(); $array = array_key_exists($key, $param['vars']) ? $param['vars'][$key] : array(); $value = in_array($param[0]->evaluate(), $array) ? '' : $param[2]->evaluate(); } break; case 'IMPLODE': if (isset($param[1])) { $key = $param[1]->evaluate(); $array = array_key_exists($key, $param['vars']) ? $param['vars'][$key] : array(); if (isset($param[2]) && $param[2]->evaluate() == '1') { $delim = $param[0]->evaluate(); foreach ($array as $key => $val) { if ($value != '') { $value .= $delim; } $value .= (is_integer($key) ? integer_format($key) : $key) . ' = ' . $val; } } else { $value = implode($param[0]->evaluate(), $array); } } break; case 'COUNT': if (isset($param[0])) { $key = $param[0]->evaluate(); $array = array_key_exists($key, $param['vars']) ? $param['vars'][$key] : array(); $value = strval(count($array)); } break; case 'BOX': unset($param['vars']); $title = isset($param[1]) ? $param[0]->evaluate() : ''; $dimensions = isset($param[2]) ? $param[1]->evaluate() : '100%'; if ($dimensions == '') { $dimensions = '100%'; } $box_type = isset($param[3]) ? $param[2]->evaluate() : 'classic'; $options = isset($param[4]) ? $param[3]->evaluate() : ''; $meta = isset($param[5]) ? $param[4]->evaluate() : ''; $links = isset($param[6]) ? $param[5]->evaluate() : ''; $expand = isset($param[7]) ? $param[6]->evaluate() == '1' : false; $toplink = isset($param[8]) ? $param[7]->evaluate() : ''; $tmp = put_in_standard_box(array_pop($param), $title, $dimensions, $box_type, $options, $meta, $links, $expand, $toplink); $value = $tmp->evaluate(); break; case 'IF_NON_EMPTY': if (isset($param[1])) { if (!$param[0]->is_really_empty()) { $value = $param[1]->evaluate(); } } break; case 'IF_PASSED': if (isset($param[1])) { $t = $param[0]->evaluate(); if (isset($param['vars'][$t])) { $value = $param[1]->evaluate(); } } break; case 'IF_NON_PASSED': if (isset($param[1])) { $t = $param[0]->evaluate(); if (!isset($param['vars'][$t])) { $value = $param[1]->evaluate(); } } break; case 'IF_EMPTY': if (isset($param[1])) { if ($param[0]->is_really_empty()) { $value = $param[1]->evaluate(); } } break; case 'IF_ARRAY_EMPTY': if (isset($param[0])) { $looking_at = $param[0]->evaluate(); if (array_key_exists($looking_at, $param['vars'])) { if (count($param['vars'][$looking_at]) == 0) { $value = $param[1]->evaluate(); } } } break; case 'IF_ARRAY_NON_EMPTY': if (isset($param[0])) { $looking_at = $param[0]->evaluate(); if (array_key_exists($looking_at, $param['vars'])) { if (count($param['vars'][$looking_at]) != 0) { $value = $param[1]->evaluate(); } } } break; case 'OF': if (isset($param[1])) { $key = $param[0]->evaluate(); $x = $param[1]->evaluate(); $array = array_key_exists($key, $param['vars']) ? $param['vars'][$key] : array(); $x2 = is_numeric($x) ? intval($x) : $x; if (is_integer($x2)) { if ($x2 < 0) { $x2 = count($array) - 1; } elseif ($x2 >= count($array)) { $x2 -= count($array); } } $value = array_key_exists($x2, $array) ? $array[$x2] : ''; if (is_object($value)) { $value = $value->evaluate(); } } break; case 'INCLUDE': if (isset($param[1])) { $tpl_params = $param['vars']; $explode = explode(chr(10), $param[1]->evaluate()); foreach ($explode as $val) { $bits = explode('=', $val, 2); if (count($bits) == 2) { $tpl_params[ltrim($bits[0])] = $bits[1]; } } $td = isset($param[3]) ? $param[2]->evaluate() : ''; if ($td == '') { $td = 'templates'; } $ex = isset($param[2]) ? $param[1]->evaluate() : ''; if ($ex == '') { $ex = '.tpl'; } $_value = do_template($param[0]->evaluate(), $tpl_params, NULL, false, NULL, $ex, $td); $value = $_value->evaluate(); } break; case 'WHILE': if (isset($param[1])) { $_p = $param[0]->evaluate(); if ($_p == '1' || $_p == '1') { $value = ''; $value .= $param[1]->evaluate(); $value .= ecv($lang, $escaped, $type, $name, $param); } } break; case 'IF': if (isset($param[1])) { $_p = $param[0]->evaluate(); if ($_p == '1' || $_p == '1') { $value = $param[1]->evaluate(); } } break; case 'LOOP': if (isset($param[0])) { if (!array_key_exists($param[0]->evaluate(), $param['vars'])) { require_code('site'); attach_message(do_lang_tempcode('MISSING_TEMPLATE_PARAMETER', $param[0]->evaluate(), '???'), 'warn'); return ''; } $array_key = $param[0]->evaluate(); if (is_numeric($array_key) || strpos($array_key, ',') !== false) { $array = explode(',', $array_key); } else { $array = array_key_exists($array_key, $param['vars']) ? $param['vars'][$array_key] : array(); if (!is_array($array)) { $array = array(); } } $value = ''; if (array_key_exists(1 + 1, $param)) { $columns = $param[1]->evaluate(); $row_starter = array_key_exists(2 + 1, $param) ? $param[2]->evaluate() : '<tr>'; $row_terminator = array_key_exists(3 + 1, $param) ? $param[3]->evaluate() : '</tr>'; $value .= $row_starter; // Sorting if (array_key_exists(4 + 1, $param)) { $sort_key = $param[4]->evaluate(); $rev = array_key_exists(5 + 1, $param) && $param[5]->evaluate() == 'DESC'; if ($sort_key != '') { global $M_SORT_KEY; $M_SORT_KEY = $sort_key; uasort($array, 'multi_sort'); } if ($rev) { $array = array_reverse($array); } } } $last = count($param) - 2; $col = 0; $first = true; foreach ($array as $go_key => $go) { if (!is_array($go)) { $go = array('_loop_key' => make_string_tempcode(is_integer($go_key) ? strval($go_key) : $go_key), '_loop_var' => make_string_tempcode($go)); } // In case it's not a list of maps, but just a list if (isset($param[2]) && $col % $columns == 0 && $col != 0) { $value .= $row_starter; } $ps = $go + $param['vars'] + array('_loop_key' => make_string_tempcode(is_integer($go_key) ? strval($go_key) : $go_key), '_i' => strval($col), '_first' => $first, '_last' => $col == count($array) - 1); $bound = $param[$last]->bind($ps, ''); $value .= $bound->evaluate(); ++$col; if (isset($param[3]) && $col % $columns == 0) { $value .= $row_terminator; } $first = false; } if (isset($param[2]) && $col % $columns != 0) { $value .= $row_terminator; } } break; default: require_code('site'); attach_message(do_lang_tempcode('UNKNOWN_DIRECTIVE', escape_html($name)), 'warn'); } if ($escaped != array()) { apply_tempcode_escaping($escaped, $value); } return $value; } // By elimination, it's language $a = isset($param[0]) ? is_object($param[0]) ? $param[0]->evaluate() : $param[0] : NULL; $b = isset($param[1]) ? is_object($param[1]) ? $param[1]->evaluate() : $param[1] : NULL; $c = isset($param[2]) ? array_splice($param, 2) : NULL; if ($c !== NULL) { foreach ($c as $i => $cc) { if (is_object($cc)) { $c[$i] = $cc->evaluate(); } } } static $dle = false; if (!$dle) { $dle = function_exists('do_lang'); } $ret = $dle ? do_lang($name, $a, $b, $c, $lang, false) : escape_html($name . ':' . (!is_null($a) ? $a : '') . ',' . (!is_null($b) ? $b : '')); if ($ret === NULL) { if ($type != TC_PARAMETER) { require_code('site'); attach_message(do_lang_tempcode('MISSING_LANG_ENTRY', escape_html($name)), 'warn'); } $value = ''; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($value); } return $value; } if ($escaped != array() && $escaped != array(ENTITY_ESCAPED)) { apply_tempcode_escaping(array_diff($escaped, array(ENTITY_ESCAPED)), $ret); } // Escape but without ENTITY_ESCAPED because we don't do that on lang strings return $ret; }
/** * Edit a member's photo, and check validity. * * @param ID_TEXT The identifier for the name of the posted URL field. * @param ID_TEXT The identifier for the name of the posted upload. * @param ?MEMBER The member (NULL: the current member). */ function ocf_member_choose_photo($param_name, $upload_name, $member_id = NULL) { if (is_null($member_id)) { $member_id = get_member(); } require_code('uploads'); if (!array_key_exists($upload_name, $_FILES) || !is_swf_upload() && !is_uploaded_file($_FILES[$upload_name]['tmp_name'])) { $old = $GLOBALS['FORUM_DB']->query_value('f_members', 'm_photo_url', array('id' => $member_id)); $x = post_param($param_name); if ($x != '' && url_is_local($x) && !$GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) { if ($old != $x) { access_denied('ASSOCIATE_EXISTING_FILE'); } } if ($old == $x) { return; } // Not changed, bomb out as we don't want to generate a thumbnail, or copy to avatar, or send notification } // Find photo URL $urls = get_url($param_name, $upload_name, file_exists(get_custom_file_base() . '/uploads/photos') ? 'uploads/photos' : 'uploads/ocf_photos', 0, OCP_UPLOAD_IMAGE, true, 'thumb_' . $param_name, $upload_name . '2', false, true); if (!(strlen($urls[0]) > 1)) { $urls[1] = ''; } if ((get_base_url() != get_forum_base_url() || array_key_exists('on_msn', $GLOBALS['SITE_INFO']) && $GLOBALS['SITE_INFO']['on_msn'] == '1') && $urls[0] != '' && url_is_local($urls[0])) { $urls[0] = get_custom_base_url() . '/' . $urls[0]; } if ((get_base_url() != get_forum_base_url() || array_key_exists('on_msn', $GLOBALS['SITE_INFO']) && $GLOBALS['SITE_INFO']['on_msn'] == '1') && $urls[1] != '' && url_is_local($urls[1])) { $urls[1] = get_custom_base_url() . '/' . $urls[1]; } if (get_option('is_on_gd') == '0' || !function_exists('imagetypes')) { if (!array_key_exists($upload_name . '2', $_FILES) || !is_swf_upload() && !is_uploaded_file($_FILES[$upload_name . '2']['tmp_name'])) { $field = post_param('thumb_' . $param_name, ''); if ($field == '' && $urls[0] != '') { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN_UPLOAD')); } if ($field != '' && url_is_local($field) && !$GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) { $old = $GLOBALS['FORUM_DB']->query_value('f_members', 'm_photo_thumb_url', array('id' => $member_id)); if ($old != $field) { access_denied('ASSOCIATE_EXISTING_FILE'); } } } } // Cleanup old photo $old = $GLOBALS['FORUM_DB']->query_value('f_members', 'm_photo_url', array('id' => $member_id)); if ($old == $urls[0]) { return; } if (url_is_local($old) && (substr($old, 0, 19) == 'uploads/ocf_photos/' || substr($old, 0, 15) == 'uploads/photos/')) { @unlink(get_custom_file_base() . '/' . rawurldecode($old)); } $GLOBALS['FORUM_DB']->query_update('f_members', array('m_photo_url' => $urls[0], 'm_photo_thumb_url' => $urls[1]), array('id' => $member_id), '', 1); require_code('notifications'); dispatch_notification('ocf_choose_photo', NULL, do_lang('CHOOSE_PHOTO_SUBJECT', $GLOBALS['FORUM_DRIVER']->get_username($member_id), NULL, NULL, get_lang($member_id)), do_lang('CHOOSE_PHOTO_BODY', $urls[0], $urls[1], $GLOBALS['FORUM_DRIVER']->get_username($member_id), get_lang($member_id))); // If no avatar, or default avatar, or avatars not installed, use photo for it $avatar_url = $GLOBALS['FORUM_DRIVER']->get_member_avatar_url($member_id); $default_avatar_url = find_theme_image('ocf_default_avatars/default', true, true); if (!addon_installed('ocf_avatars')) { $avatar_url = $urls[0]; if (get_option('is_on_gd') == '1' && function_exists('imagetypes')) { $stub = url_is_local($avatar_url) ? get_complex_base_url($avatar_url) . '/' : ''; $file_path = convert_url_to_path($stub . $avatar_url); if (!is_null($file_path)) { $new_file_path = str_replace('/ocf_photos/', '/ocf_avatars/', $file_path); if (!file_exists($new_file_path)) { copy($file_path, $new_file_path); fix_permissions($new_file_path); sync_file($new_file_path); } $avatar_url = str_replace('/ocf_photos/', '/ocf_avatars/', $avatar_url); } } ocf_member_choose_avatar($avatar_url, $member_id); } // Decache from run-time cache unset($GLOBALS['FORUM_DRIVER']->MEMBER_ROWS_CACHED[$member_id]); unset($GLOBALS['MEMBER_CACHE_FIELD_MAPPINGS'][$member_id]); }
/** * Get tempcode for a adding/editing form. * * @param ?GROUP The usergroup being edited (NULL: adding, not editing) * @param SHORT_TEXT The usergroup name * @param BINARY Whether this is a default usergroup * @param BINARY Whether members of the usergroup are super-administrators * @param BINARY Whether members of the usergroup are super-moderators * @param ID_TEXT The username of the usergroup leader * @param SHORT_TEXT The default title for members with this as their primary usergroup * @param URLPATH The usergroup rank image * @param ?GROUP The target for promotion from this usergroup (NULL: no promotion prospects) * @param ?integer The point threshold upon which promotion occurs (NULL: no promotion prospects) * @param integer The number of seconds between submission flood controls * @param integer The number of seconds between access flood controls * @param integer The number of gift points members of this usergroup get when they start * @param integer The number of gift points members of this usergroup get per-day * @param integer The number of megabytes members can upload per day * @param integer The maximum number of attachments members of this usergroup may have per post * @param integer The maximum avatar width members of this usergroup may have * @param integer The maximum avatar height members of this usergroup may have * @param integer The maximum post length members of this usergroup may have * @param integer The maximum signature length members of this usergroup may have * @param BINARY Whether to lock out unverified IP addresses until e-mail confirmation * @param BINARY Whether the usergroup is presented for joining at joining (implies anyone may be in the usergroup, but only choosable at joining) * @param BINARY Whether the name and membership of the usergroup is hidden * @param ?integer The display order this usergroup will be given, relative to other usergroups. Lower numbered usergroups display before higher numbered usergroups (NULL: last). * @param BINARY Whether the rank image will not be shown for secondary membership * @param BINARY Whether members may join this usergroup without requiring any special permission * @param BINARY Whether this usergroup is a private club. Private clubs may be managed in the CMS zone, and do not have any special permissions - except over their own associated forum. * @return array A pair: The input fields, Hidden fields */ function get_form_fields($id = NULL, $name = '', $is_default = 0, $is_super_admin = 0, $is_super_moderator = 0, $group_leader = '', $title = '', $rank_image = '', $promotion_target = NULL, $promotion_threshold = NULL, $flood_control_submit_secs = 0, $flood_control_access_secs = 0, $gift_points_base = 25, $gift_points_per_day = 1, $max_daily_upload_mb = 5, $max_attachments_per_post = 20, $max_avatar_width = 80, $max_avatar_height = 80, $max_post_length_comcode = 40000, $max_sig_length_comcode = 1000, $enquire_on_new_ips = 0, $is_presented_at_install = 0, $group_is_hidden = 0, $order = NULL, $rank_image_pri_only = 1, $open_membership = 0, $is_private_club = 0) { if (is_null($group_leader)) { $group_leader = ''; } $fields = new ocp_tempcode(); $hidden = new ocp_tempcode(); require_code('form_templates'); $fields->attach(form_input_line(do_lang_tempcode('NAME'), do_lang_tempcode('DESCRIPTION_USERGROUP_TITLE'), 'name', $name, true)); if (addon_installed('ocf_clubs') && !is_null($id)) { $fields->attach(form_input_tick(do_lang_tempcode('IS_PRIVATE_CLUB'), do_lang_tempcode('IS_PRIVATE_CLUB_DESCRIPTION'), 'is_private_club', $is_private_club == 1)); } $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('SECTION_HIDDEN' => $title == '' && $group_leader == '', 'TITLE' => do_lang_tempcode('ADVANCED')))); $fields->attach(form_input_line(do_lang_tempcode('TITLE'), do_lang_tempcode('DESCRIPTION_GROUP_TITLE'), 'title', $title, false)); $fields->attach(form_input_username(do_lang_tempcode('GROUP_LEADER'), do_lang_tempcode('DESCRIPTION_GROUP_LEADER'), 'group_leader', $group_leader, false)); $rows = $GLOBALS['FORUM_DB']->query_select('f_groups', array('id', 'g_name', 'g_is_super_admin'), array('g_is_private_club' => 0)); $orderlist = new ocp_tempcode(); $group_count = $GLOBALS['FORUM_DB']->query_value('f_groups', 'COUNT(*)'); $num_groups = $GLOBALS['FORUM_DB']->query_value('f_groups', 'COUNT(*)', $group_count > 200 ? array('g_is_private_club' => 0) : NULL); if (is_null($id)) { $num_groups++; } for ($i = 0; $i < $num_groups; $i++) { $orderlist->attach(form_input_list_entry(strval($i), $i === $order || is_null($id) && $i == $num_groups - 1, integer_format($i + 1))); } $fields->attach(form_input_list(do_lang_tempcode('ORDER'), do_lang_tempcode('USERGROUP_DISPLAY_ORDER_DESCRIPTION'), 'order', $orderlist)); $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => do_lang_tempcode('JOINING')))); if (is_null($id) || $id != db_get_first_id()) { $fields->attach(form_input_tick(do_lang_tempcode('IS_PRESENTED_AT_INSTALL'), do_lang_tempcode('DESCRIPTION_IS_PRESENTED_AT_INSTALL'), 'is_presented_at_install', $is_presented_at_install == 1)); $fields->attach(form_input_tick(do_lang_tempcode('DEFAULT_GROUP'), do_lang_tempcode('DESCRIPTION_IS_DEFAULT_GROUP'), 'is_default', $is_default == 1)); } $fields->attach(form_input_tick(do_lang_tempcode('OPEN_MEMBERSHIP'), do_lang_tempcode('OPEN_MEMBERSHIP_DESCRIPTION'), 'open_membership', $open_membership == 1)); $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('SECTION_HIDDEN' => true, 'TITLE' => do_lang_tempcode('RANK')))); if (addon_installed('points')) { $promotion_target_groups = form_input_list_entry('-1', false, do_lang_tempcode('NA_EM')); foreach ($rows as $group) { if ($group['id'] != $id && $group['id'] != db_get_first_id()) { $promotion_target_groups->attach(form_input_list_entry(strval($group['id']), $group['id'] == $promotion_target, get_translated_text($group['g_name'], $GLOBALS['FORUM_DB']))); } } $fields->attach(form_input_list(do_lang_tempcode('PROMOTION_TARGET'), do_lang_tempcode('DESCRIPTION_PROMOTION_TARGET'), 'promotion_target', $promotion_target_groups)); $fields->attach(form_input_integer(do_lang_tempcode('PROMOTION_THRESHOLD'), do_lang_tempcode('DESCRIPTION_PROMOTION_THRESHOLD'), 'promotion_threshold', $promotion_threshold, false)); } if (get_base_url() == get_forum_base_url()) { handle_max_file_size($hidden, 'image'); $fields->attach(form_input_upload(do_lang_tempcode('RANK_IMAGE'), do_lang_tempcode('DESCRIPTION_RANK_IMAGE'), 'file', false, NULL, NULL, true, str_replace(' ', '', get_option('valid_images')))); } require_code('themes2'); $ids = get_all_image_ids_type('ocf_rank_images', false, $GLOBALS['FORUM_DB']); $fields->attach(form_input_picture_choose_specific(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('STOCK')), do_lang_tempcode('DESCRIPTION_ALTERNATE_STOCK'), 'theme_img_code', $ids, NULL, $rank_image, NULL, true, $GLOBALS['FORUM_DB'])); $fields->attach(form_input_tick(do_lang_tempcode('RANK_IMAGE_PRI_ONLY'), do_lang_tempcode('RANK_IMAGE_PRI_ONLY_DESCRIPTION'), 'rank_image_pri_only', $rank_image_pri_only == 1)); $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('SECTION_HIDDEN' => true, 'TITLE' => do_lang_tempcode('BENEFITS')))); $sa_descrip = do_lang_tempcode('DESCRIPTION_IS_SUPER_ADMIN'); if ($is_super_admin == 1) { $sa_descrip->attach(do_lang_tempcode('DESCRIPTION_IS_SUPER_ADMIN_B')); } $fields->attach(form_input_tick(do_lang_tempcode('SUPER_ADMIN'), $sa_descrip, 'is_super_admin', $is_super_admin == 1)); $fields->attach(form_input_tick(do_lang_tempcode('SUPER_MODERATOR'), do_lang_tempcode('DESCRIPTION_IS_SUPER_MODERATOR'), 'is_super_moderator', $is_super_moderator == 1)); if (addon_installed('points')) { $fields->attach(form_input_integer(do_lang_tempcode('GIFT_POINTS_BASE'), do_lang_tempcode('DESCRIPTION_GIFT_POINTS_BASE'), 'gift_points_base', $gift_points_base, true)); $fields->attach(form_input_integer(do_lang_tempcode('GIFT_POINTS_PER_DAY'), do_lang_tempcode('DESCRIPTION_GIFT_POINTS_PER_DAY'), 'gift_points_per_day', $gift_points_per_day, true)); } require_lang('security'); $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('SECTION_HIDDEN' => true, 'TITLE' => do_lang_tempcode('SECURITY')))); $fields->attach(form_input_tick(do_lang_tempcode('HIDDEN_USERGROUP'), do_lang_tempcode('DESCRIPTION_GROUP_HIDDEN'), 'hidden', $group_is_hidden == 1)); $fields->attach(form_input_tick(do_lang_tempcode('ENQUIRE_ON_NEW_IPS'), do_lang_tempcode('DESCRIPTION_ENQUIRE_ON_NEW_IPS'), 'enquire_on_new_ips', $enquire_on_new_ips == 1)); $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('SECTION_HIDDEN' => true, 'TITLE' => do_lang_tempcode('RESTRICTIONS')))); $fields->attach(form_input_integer(do_lang_tempcode('MAX_ATTACHMENTS_PER_POST'), do_lang_tempcode('DESCRIPTION_MAX_ATTACHMENTS_PER_POST'), 'max_attachments_per_post', $max_attachments_per_post, true)); $fields->attach(form_input_integer(do_lang_tempcode('MAX_DAILY_UPLOAD_MB'), do_lang_tempcode('DESCRIPTION_MAX_DAILY_UPLOAD_MB'), 'max_daily_upload_mb', $max_daily_upload_mb, true)); if (addon_installed('ocf_member_avatars')) { $fields->attach(form_input_integer(do_lang_tempcode('MAX_AVATAR_WIDTH'), do_lang_tempcode('DESCRIPTION_MAX_AVATAR_WIDTH'), 'max_avatar_width', $max_avatar_width, true)); $fields->attach(form_input_integer(do_lang_tempcode('MAX_AVATAR_HEIGHT'), do_lang_tempcode('DESCRIPTION_MAX_AVATAR_HEIGHT'), 'max_avatar_height', $max_avatar_height, true)); } $fields->attach(form_input_integer(do_lang_tempcode('MAX_POST_LENGTH_COMCODE'), do_lang_tempcode('DESCRIPTION_MAX_POST_LENGTH_COMCODE'), 'max_post_length_comcode', $max_post_length_comcode, true)); if (addon_installed('ocf_signatures')) { $fields->attach(form_input_integer(do_lang_tempcode('MAX_SIG_LENGTH_COMCODE'), do_lang_tempcode('DESCRIPTION_MAX_SIG_LENGTH_COMCODE'), 'max_sig_length_comcode', $max_sig_length_comcode, true)); } $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('SECTION_HIDDEN' => true, 'TITLE' => do_lang_tempcode('FLOOD_CONTROL')))); $fields->attach(form_input_integer(do_lang_tempcode('FLOOD_CONTROL_ACCESS_SECS'), do_lang_tempcode('DESCRIPTION_FLOOD_CONTROL_ACCESS_SECS'), 'flood_control_access_secs', $flood_control_access_secs, true)); $fields->attach(form_input_integer(do_lang_tempcode('FLOOD_CONTROL_SUBMIT_SECS'), do_lang_tempcode('DESCRIPTION_FLOOD_CONTROL_SUBMIT_SECS'), 'flood_control_submit_secs', $flood_control_submit_secs, true)); $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => do_lang_tempcode('ACTIONS')))); $copy_members_from_groups = new ocp_tempcode(); foreach ($rows as $row) { if ($row['id'] != db_get_first_id() && $row['id'] != $id) { $copy_members_from_groups->attach(form_input_list_entry(strval($row['id']), false, get_translated_text($row['g_name'], $GLOBALS['FORUM_DB']))); } } $fields->attach(form_input_multi_list(do_lang_tempcode('COPY_MEMBERS_INTO'), do_lang_tempcode('DESCRIPTION_COPY_MEMBERS_INTO'), 'copy_members_into', $copy_members_from_groups)); // Take permissions from $permissions_from_groups = new ocp_tempcode(); $permissions_from_groups = form_input_list_entry('-1', false, do_lang_tempcode('NA_EM')); foreach ($rows as $group) { if ($group['id'] != $id) { $permissions_from_groups->attach(form_input_list_entry(strval($group['id']), false, get_translated_text($group['g_name'], $GLOBALS['FORUM_DB']))); } } $fields->attach(form_input_list(do_lang_tempcode('DEFAULT_PERMISSIONS_FROM'), do_lang_tempcode(is_null($id) ? 'DESCRIPTION_DEFAULT_PERMISSIONS_FROM_NEW' : 'DESCRIPTION_DEFAULT_PERMISSIONS_FROM'), 'absorb', $permissions_from_groups)); $this->appended_actions_already = true; return array($fields, $hidden); }
/** * Get a URL to send a private/personal message to the given member. * * @param MEMBER The member id * @return URLPATH The URL to the private/personal message page */ function _member_pm_url($id) { return get_forum_base_url() . '/index.php?app=members&module=messaging§ion=send&do=form&fromMemberID=' . strval($id); }
/** * Get tempcode for a news category adding/editing form. * * @param SHORT_TEXT The title of the news category * @param SHORT_TEXT The news category image * @param LONG_TEXT Notes relating to the news category * @param ?MEMBER The owner of the news category (NULL: public) * @param ?AUTO_LINK The ID of this news category (NULL: we haven't added it yet) * @return array A pair: The input fields, Hidden fields */ function get_form_fields($title = '', $img = '', $notes = '', $owner = NULL, $category_id = NULL) { $fields = new ocp_tempcode(); $hidden = new ocp_tempcode(); require_code('form_templates'); $fields->attach(form_input_line_comcode(do_lang_tempcode('TITLE'), do_lang_tempcode('DESCRIPTION_TITLE'), 'title', $title, true)); if (get_base_url() == get_forum_base_url()) { $fields->attach(form_input_upload(do_lang_tempcode('IMAGE'), do_lang_tempcode('DESCRIPTION_UPLOAD'), 'file', false, NULL, NULL, true, str_replace(' ', '', get_option('valid_images')))); handle_max_file_size($hidden, 'image'); } require_code('themes2'); $ids = get_all_image_ids_type('newscats'); $fields->attach(form_input_picture_choose_specific(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('STOCK')), do_lang_tempcode('DESCRIPTION_ALTERNATE_STOCK'), 'theme_img_code', $ids, NULL, $img, NULL, true)); if (!is_null($owner)) { $owner_username = $GLOBALS['FORUM_DRIVER']->get_username($owner); if (is_null($owner_username)) { $owner_username = do_lang('UNKNOWN'); } $fields->attach(form_input_line(do_lang_tempcode('OWNER'), do_lang_tempcode('DESCRIPTION_OWNER'), 'owner', $owner_username, true)); } if (get_value('disable_staff_notes') !== '1') { $fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('SECTION_HIDDEN' => $notes == '', 'TITLE' => do_lang_tempcode('ADVANCED')))); $fields->attach(form_input_text(do_lang_tempcode('NOTES'), do_lang_tempcode('DESCRIPTION_NOTES'), 'notes', $notes, false)); } $fields->attach($this->get_permission_fields(is_null($category_id) ? '' : strval($category_id), NULL, $title == '')); return array($fields, $hidden); }
/** * Find the base URL to the emoticons. * * @return URLPATH The base URL */ function get_emo_dir() { return get_forum_base_url() . '/images/smilies/'; }
/** * Standard modular install function. * * @param ?integer What version we're upgrading from (NULL: new install) * @param ?integer What hack version we're upgrading from (NULL: new-install/not-upgrading-from-a-hacked-version) */ function install($upgrade_from = NULL, $upgrade_from_hack = NULL) { require_code('menus'); require_all_lang(); /* Our idealised choice of installed links is built for minimalism by assuming we also have: zone menu tailored menus in non-site/welcome zones NO panel_top (if there is that's fine, it's just a supplementary source of navigation) footer menu donate/hosting/advertise linked to by banners side_personal_stats/side_search/main_newsletter_signup/main_leaderboard/main_poll/main_iotd/main_news/side_news_categories/side_calendar blocks implicit links to authors/awards/member-actions/onlinemembers (not all links defined here, various modules also install them) */ // root_website add_menu_item_simple('root_website', NULL, 'FRONT_PAGE', ':'); add_menu_item_simple('root_website', NULL, 'RULES', '_SEARCH:rules'); //add_menu_item_simple('root_website',NULL,'FEEDBACK','_SEARCH:feedback'); if (!in_array(get_forum_type(), array('ocf', 'none'))) { add_menu_item_simple('root_website', NULL, 'SECTION_FORUMS', get_forum_base_url(true)); } // main_features add_menu_item_simple('main_features', NULL, 'FRONT_PAGE', 'site:'); add_menu_item_simple('main_features', NULL, 'GUIDE', '_SEARCH:help'); add_menu_item_simple('main_features', NULL, 'RULES', '_SEARCH:rules'); // main_content // main_community if (!in_array(get_forum_type(), array('ocf', 'none'))) { add_menu_item_simple('main_community', NULL, 'SECTION_FORUMS', get_forum_base_url(true)); } if (get_forum_type() == 'ocf') { add_menu_item_simple('main_community', NULL, 'MEMBERS', '_SEARCH:members:type=misc'); } if (get_forum_type() == 'ocf') { add_menu_item_simple('main_community', NULL, 'USERGROUPS', '_SEARCH:groups:type=misc'); } // member_features add_menu_item_simple('member_features', NULL, '_JOIN', '_SEARCH:join:type=misc', 0, 1); add_menu_item_simple('member_features', NULL, 'RESET_PASSWORD', '_SEARCH:lostpassword:type=misc'); // collab_website add_menu_item_simple('collab_website', NULL, 'FRONT_PAGE', 'collaboration:'); add_menu_item_simple('collab_website', NULL, 'ABOUT', 'collaboration:about'); // forum_features add_menu_item_simple('forum_features', NULL, 'RULES', '_SEARCH:rules'); add_menu_item_simple('forum_features', NULL, 'MEMBERS', '_SEARCH:members:type=misc'); // Zones add_menu_item_simple('zone_menu', NULL, 'SITE', 'site' . ':', 0, 1); if (get_forum_type() == 'ocf') { add_menu_item_simple('zone_menu', NULL, 'SECTION_FORUMS', 'forum' . ':', 0, 1); } else { add_menu_item_simple('zone_menu', NULL, 'SECTION_FORUMS', get_forum_base_url(), 0, 1); } if (file_exists(get_file_base() . '/collaboration')) { add_menu_item_simple('zone_menu', NULL, 'COLLABORATION', 'collaboration' . ':', 0, 1); } add_menu_item_simple('zone_menu', NULL, 'CMS', 'cms' . ':', 0, 1); add_menu_item_simple('zone_menu', NULL, 'ADMIN_ZONE', 'adminzone' . ':', 0, 1); //add_menu_item_simple('zone_menu',NULL,'GUIDES','docs'.':userguide',0,1); }
/** * Find the base URL to the emoticons. * * @return URLPATH The base URL */ function get_emo_dir() { return get_forum_base_url() . '/html/emoticons/'; }
/** * Function to get a base URL for an OCF relative-URL. The situation is complex as it needs to take into account OCF multi-site-network's, locally defined theme images, and shared-installs (myocp style). * * @param URLPATH Short base URL we need to probe * @return URLPATH The appropriate base-url */ function get_complex_base_url($at) { return get_forum_base_url() != get_base_url() ? get_forum_base_url() : (substr($at, 0, 22) == 'themes/default/images/' ? get_base_url() : get_custom_base_url()); }
/** * Find the base URL to the emoticons. * * @return URLPATH The base URL */ function get_emo_dir() { return get_forum_base_url() . '/'; }
/** * Get the photo thumbnail URL for the specified member id. * * @param MEMBER The member id * @return URLPATH The URL (blank: none) */ function get_member_photo_url($member) { $pic = $this->connection->query_value_null_ok('member_extra', 'photo_location', array('id' => $member)); if (is_null($pic)) { $pic = ''; } elseif (url_is_local($pic) && $pic != '') { $pic = get_forum_base_url() . '/uploads/' . $pic; } return $pic; }