function comment_post($comment_body, $comment_secure, $object_title = "", $object_owner = "", $object_owner_id = 0, $object_privacy = "") { global $database, $user, $owner, $setting, $actions, $notify, $url; $comment_id = 0; $comment_date = time(); // RETRIEVE AND CHECK SECURITY CODE IF NECESSARY if ($setting['setting_comment_code']) { // NOW IN HEADER $code_found = false; if (@$_SESSION['code'] == $comment_secure) { $code_found = true; } if (!empty($_SESSION['codes']) && is_array($_SESSION['codes'])) { foreach ($_SESSION['codes'] as $index => $code_info) { if ($code_info['code'] == $comment_secure) { $code_found = true; unset($_SESSION['codes'][$index]); } } } if (!$code_found) { $this->is_error = 1; } //session_start(); //$code = $_SESSION['code']; //if($code == "") { $code = randomcode(); } //if($comment_secure != $code) { $this->is_error = 1; } } // MAKE SURE COMMENT BODY IS NOT EMPTY - ADD BREAKS AND CENSOR $comment_body = cleanHTML(censor($comment_body), $setting['setting_comment_html'], array("style")); $comment_body = preg_replace('/(\\r\\n?)/', "\n", $comment_body); $comment_body = str_replace("\n", "<br>", $comment_body); $comment_body = preg_replace('/(<br>){3,}/is', '<br><br>', $comment_body); $comment_body = str_replace("'", "\\'", $comment_body); if (!trim($comment_body)) { $this->is_error = 1; $comment_body = ""; } // ADD COMMENT IF NO ERROR if (!$this->is_error) { $resource = $database->database_query("\r\n INSERT INTO `se_{$this->comment_type}comments` (\r\n `{$this->comment_type}comment_{$this->comment_identifier}`,\r\n `{$this->comment_type}comment_authoruser_id`,\r\n `{$this->comment_type}comment_date`,\r\n `{$this->comment_type}comment_body`\r\n ) VALUES (\r\n '{$this->comment_identifying_value}',\r\n '{$user->user_info['user_id']}',\r\n '{$comment_date}',\r\n '{$comment_body}'\r\n )\r\n "); $comment_id = $database->database_insert_id(); // New handling - total cached in parent table if ($resource && $this->comment_parent_type && $this->comment_parent_identifier) { $database->database_query("\r\n UPDATE\r\n `se_{$this->comment_parent_type}`\r\n SET\r\n `{$this->comment_parent_identifier}_totalcomments`=`{$this->comment_parent_identifier}_totalcomments`+1\r\n WHERE\r\n `{$this->comment_identifier}`='{$this->comment_identifying_value}'\r\n LIMIT\r\n 1\r\n "); } // INSERT ACTION IF USER EXISTS if ($user->user_exists) { $commenter = $user->user_displayname; $comment_body_encoded = strip_tags($comment_body); if (strlen($comment_body_encoded) > 250) { $comment_body_encoded = substr($comment_body_encoded, 0, 247) . "..."; } $comment_body_encoded = str_replace(array("<br>", "<br />"), " ", $comment_body_encoded); $actions->actions_add($user, $this->comment_type . "comment", array($user->user_info['user_username'], $user->user_displayname, $owner->user_info['user_username'], $owner->user_displayname, $comment_body_encoded, $this->comment_identifying_value, $object_title, $object_owner_id), array(), 0, false, $object_owner, $object_owner_id, $object_privacy); } else { SE_Language::_preload(835); SE_Language::load(); $commenter = SE_Language::_get(835); } // SEND PROFILE COMMENT NOTIFICATION IF COMMENTER IS NOT OWNER if ($owner->user_info['user_id'] != $user->user_info['user_id']) { $notifytype = $notify->notify_add($owner->user_info['user_id'], $this->comment_type . "comment", $this->comment_identifying_value, array($owner->user_info['user_username'], $this->comment_identifying_value, $object_owner_id), array($object_title)); $object_url = $url->url_base . vsprintf($notifytype['notifytype_url'], array($owner->user_info['user_username'], $this->comment_identifying_value)); $owner->user_settings(); if ($owner->usersetting_info['usersetting_notify_' . $this->comment_type . 'comment']) { send_systememail($this->comment_type . "comment", $owner->user_info['user_email'], array($owner->user_displayname, $commenter, "<a href=\"{$object_url}\">{$object_url}</a>")); } } } return array('comment_id' => $comment_id, 'comment_body' => $comment_body, 'comment_date' => $comment_date); }
// CREATE FRIENDSHIP $user->user_friend_add($owner->user_info['user_id'], $friend_status, $friend_type, $friend_explain); // INSERT ACTION if ($friend_status == 1) { $actions->actions_add($user, "addfriend", array($user->user_info['user_username'], $user->user_displayname, $owner->user_info['user_username'], $owner->user_displayname), array(), 0, false, "user", $user->user_info['user_id'], $user->user_info['user_privacy']); } else { $notify->notify_add($owner->user_info['user_id'], 'friendrequest', $user->user_info['user_id']); } // IF TWO-WAY CONNECTION AND NON-CONFIRMED, INSERT OTHER DIRECTION AND ACTION if ($direction == 2 && $friend_status == 1 && !$owner->user_friended($user->user_info['user_id'])) { $owner->user_friend_add($user->user_info['user_id'], $friend_status, '', ''); $actions->actions_add($owner, "addfriend", array($owner->user_info['user_username'], $owner->user_displayname, $user->user_info['user_username'], $user->user_displayname), array(), 0, false, "user", $owner->user_info['user_id'], $owner->user_info['user_privacy']); } // SEND FRIENDSHIP EMAIL $owner->user_settings(); if ($owner->usersetting_info['usersetting_notify_friendrequest']) { send_systememail('friendrequest', $owner->user_info['user_email'], array($owner->user_displayname, $user->user_displayname, "<a href=\"" . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>")); } } // UPDATE STATS update_stats("friends"); } // ASSIGN VARIABLES AND INCLUDE FOOTER $smarty->assign('result', $result); $smarty->assign('status', $status); $smarty->assign('subpage', $subpage); $smarty->assign('connection_types', $connection_types); $smarty->assign('friend_type', $friend_type); $smarty->assign('friend_type_other', $friend_type_other); $smarty->assign('friend_explain', $friend_explain); include "footer.php";
} else { $task = "step2"; } } // UPLOAD PHOTO if ($task == "step3do") { $new_user->user_photo_upload("photo"); $is_error = $new_user->is_error; $task = "step3"; } // SEND INVITE EMAILS if ($task == "step4do") { $invite_emails = $_POST['invite_emails']; $invite_message = $_POST['invite_message']; if ($invite_emails != "") { send_systememail('invite', $invite_emails, array($new_user->user_displayname, $new_user->user_info['user_email'], $invite_message, "<a href=\"" . $url->url_base . "signupon13.php\">" . $url->url_base . "signupon13.php</a>"), TRUE); } // SEND USER TO THANK YOU PAGE $task = "step5"; } // SIGNUP TERMINAL VELOCITY POINT HOOK ($hook = SE_Hook::exists('se_signup_decide')) ? SE_Hook::call($hook, array()) : NULL; // SHOW COMPLETION PAGE if ($task == "step5") { // UNSET SIGNUP COOKIES setcookie("signup_id", "", 0, "/"); setcookie("signup_email", "", 0, "/"); setcookie("signup_password", "", 0, "/"); // UPDATE SIGNUP STATS update_stats("signups"); // DISPLAY THANK YOU
if ($is_error == 0) { $invite_emails = implode(",", array_slice(explode(",", $invite_emails), 0, 10)); // NO INVITE CODE REQUIRED if ($setting['setting_signup_invite'] == 0) { send_systememail('invite', $invite_emails, array($user->user_displayname, $user->user_info['user_email'], $invite_message, "<a href=\"" . $url->url_base . "signup.php\">" . $url->url_base . "signup.php</a>"), TRUE); } else { // LOOP OVER EMAILS $invites_left = $user->user_info['user_invitesleft']; $invite_emails_array = explode(",", $invite_emails); for ($e = 0; $e < count($invite_emails_array); $e++) { $email = trim($invite_emails_array[$e]); if ($email != "" && $invites_left > 0) { // CREATE CODE, INSERT INTO DATABASE, AND SEND EMAIL $invite_code = randomcode(); $database->database_query("INSERT INTO se_invites (invite_user_id, invite_date, invite_email, invite_code) VALUES ('{$user->user_info['user_id']}', '" . time() . "', '{$email}', '{$invite_code}')"); send_systememail('invitecode', $email, array($user->user_displayname, $user->user_info['user_email'], $invite_message, $invite_code, "<a href=\"" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}\">" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}</a>")); $invites_left--; } } $database->database_query("UPDATE se_users SET user_invitesleft='{$invites_left}' WHERE user_id='{$user->user_info['user_id']}'"); $user->user_info['user_invitesleft'] = $invites_left; } $invite_emails = ""; $invite_message = ""; $result = 341; } } // SET GLOBAL PAGE TITLE $global_page_title[0] = 1074; $global_page_description[0] = 1075; // ASSIGN VARIABLES AND INCLUDE FOOTER
/* $Id: lostpass.php 133 2009-03-22 20:16:35Z john $ */ $page = "lostpass"; include "header.php"; $task = isset($_POST['task']) ? $_POST['task'] : (isset($_GET['task']) ? $_GET['task'] : NULL); // SET ERROR VARS $is_error = 0; $submitted = 0; if ($task == "send_email") { $new_user = new se_user(array(0, "", $_POST['user_email']), array('user_id, user_email, user_username')); $submitted = 1; if (!$new_user->user_exists) { $is_error = 748; } else { $lostpassword_code = randomcode(15); $lostpassword_time = time(); if (send_systememail('lostpassword', $new_user->user_info['user_email'], array($new_user->user_displayname, $new_user->user_info['user_email'], "<a href=\"" . $url->url_base . "lostpass_reset.php?user="******"&r={$lostpassword_code}\">" . $url->url_base . "lostpass_reset.php?user="******"&r={$lostpassword_code}</a>"))) { $database->database_query("UPDATE se_usersettings SET usersetting_lostpassword_code='{$lostpassword_code}', usersetting_lostpassword_time='{$lostpassword_time}' WHERE usersetting_user_id='{$new_user->user_info['user_id']}' LIMIT 1"); $cache_object = SECache::getInstance(); if (is_object($cache_object)) { $cache_object->remove('site_user_settings_' . $new_user->user_info['user_id']); } } else { $is_error = 748; } } } // SET GLOBAL PAGE TITLE $global_page_title[0] = 33; $global_page_description[0] = 34; // ASSIGN VARIABLES AND INCLUDE FOOTER $smarty->assign('is_error', $is_error);
if (md5($new_user->user_info['user_code']) !== $verify) { $is_error = 1039; } // VERIFY EMAIL ADDRESS IF NO ERROR if ($is_error == 0) { // SET SUBNETWORK $subnet = $new_user->user_subnet_select($new_user->user_info['user_newemail'], $new_user->user_info['user_profilecat_id'], $new_user->profile_info); if ($subnet[0] != $new_user->user_info['user_subnet_id']) { $new_subnet_id = $subnet[0]; $result = 1041; } else { $new_subnet_id = $new_user->user_info['user_subnet_id']; $result = 1028; } $database->database_query("UPDATE se_users SET user_subnet_id='{$new_subnet_id}', user_verified='1', user_email='{$new_user->user_info['user_newemail']}' WHERE user_id='{$new_user->user_info['user_id']}'"); // IF USER JUST SIGNED UP if (!$new_user->user_info['user_verified']) { // SEND WELCOME EMAIL send_systememail('welcome', $new_user->user_info['user_newemail'], array($new_user->user_displayname, $new_user->user_info['user_newemail'], '', "<a href=\"" . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>")); // INSERT ACTION (IF VERIFICATION REQUIRED) $actions->actions_add($new_user, "signup", array($new_user->user_info['user_username'], $new_user->user_displayname), array(), 0, false, "user", $new_user->user_info['user_id'], $new_user->user_info['user_privacy']); } } } // ASSIGN VARIABLES AND INCLUDE FOOTER $smarty->assign('is_error', $is_error); $smarty->assign('resend', $resend); $smarty->assign('result', $result); $smarty->assign('old_subnet_name', $subnet[2]); $smarty->assign('new_subnet_name', $subnet[1]); include "footer.php";
$task = $_POST['task']; } else { $task = "main"; } // SET RESULT VARIABLE $result = 0; // SAVE CHANGES if ($task == "doinvite") { $invite_emails = implode(",", array_slice(explode(",", $_POST['invite_emails']), 0, 10)); // NO INVITE CODE REQUIRED if ($setting[setting_signup_invite] == 0) { send_systememail('invite', $invite_emails, array($setting[setting_email_fromname], $setting[setting_email_fromemail], "", "<a href=\"" . $url->url_base . "signup.php\">" . $url->url_base . "signup.php</a>"), TRUE); // INVITE CODE NECESSARY } else { // LOOP OVER EMAILS $invite_emails_array = explode(",", $invite_emails); for ($e = 0; $e < count($invite_emails_array); $e++) { $email = trim($invite_emails_array[$e]); if ($email != "") { // CREATE CODE, INSERT INTO DATABASE, AND SEND EMAIL $invite_code = randomcode(); $database->database_query("INSERT INTO se_invites (invite_user_id, invite_date, invite_email, invite_code) VALUES ('0', '" . time() . "', '{$email}', '{$invite_code}')"); send_systememail('invitecode', $email, array($setting[setting_email_fromname], $setting[setting_email_fromemail], "", $invite_code, "<a href=\"" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}\">" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}</a>")); } } } $result = 1; } // ASSIGN VARIABLES AND SHOW BANNING PAGE $smarty->assign('result', $result); include "admin_footer.php";
$grouppost_body_encoded = substr($grouppost_body_encoded, 0, 247) . "..."; } $actions->actions_add($user, "grouppost", array($user->user_info['user_username'], $user->user_displayname, $group->group_info['group_id'], $grouptopic_info['grouptopic_id'], $grouptopic_info['grouptopic_subject'], $post_id, $grouppost_body_encoded), array(), 0, false, 'group', $group->group_info['group_id'], $group->group_info['group_privacy']); } else { SE_Language::_preload(835); SE_Language::load(); $poster = SE_Language::_get(835); } // SEND GROUP POST NOTIFICATION IF COMMENTER IS NOT OWNER if ($group->group_info['group_user_id'] != $user->user_info['user_id']) { $groupowner = new se_user(array($group->group_info['group_user_id'])); $notifytype = $notify->notify_add($group->group_info['group_user_id'], 'grouppost', $group->group_info['group_id'], array($group->group_info['group_id']), array($group->group_info['group_title'])); $object_url = $url->url_base . vsprintf($notifytype[notifytype_url], array($group->group_info[group_id])); $groupowner->user_settings(); if ($groupowner->usersetting_info['usersetting_notify_grouppost']) { send_systememail("grouppost", $groupowner->user_info['user_email'], array($groupowner->user_displayname, $poster, "<a href=\"{$object_url}\">{$object_url}</a>")); } } $group->group_lastupdate(); echo "window.parent.location.href = '" . $url->url_create('group_discussion_post', NULL, $group->group_info['group_id'], $grouptopic_id, $post_id) . "';"; } echo "</script></head><body></body></html>"; exit; } // GET CUSTOM GROUP STYLE IF ALLOWED if ($group->groupowner_level_info['level_group_style']) { $groupstyle_info = $database->database_fetch_assoc($database->database_query("SELECT groupstyle_css FROM se_groupstyles WHERE groupstyle_group_id='{$group->group_info['group_id']}' LIMIT 1")); $global_css = $groupstyle_info['groupstyle_css']; } // SET GLOBAL PAGE TITLE $global_page_title[0] = 2000328;
function user_message_send($to, $subject, $message, $convo_id = NULL) { global $database, $notify, $url; $recipients = array(); $recipients_full = array(); // VALIDATE CONVERSATION ID if (!$convo_id || !is_numeric($convo_id)) { $convo_id = 0; } // CHECK TO SEE IF MESSAGE IS EMPTY if (!trim($message)) { $this->is_error = 796; } // NEW MESSAGE if (!$convo_id) { // ORGANIZE RECIPIENTS $tos = array_filter(preg_split('/[\\s,;]+?/', $to)); array_splice($tos, $this->level_info['level_message_recipients']); // LOOP OVER RECIPIENTS foreach ($tos as $to_username) { // CANT SEND TO SELF if (strtolower($to_username) == strtolower($this->user_info['user_username'])) { continue; } // GET TO USER OBJECT $to_user = new SEUser(array(NULL, $to_username)); // CANT SEND TO NON EXISTENT USER. BLOCKED USER, OR USERS NOT ALLOWED TO USE MESSAGES if (!$to_user->user_exists) { continue; } if ($to_user->user_blocked($this->user_info['user_id'])) { continue; } if (!$this->level_info['level_message_allow']) { continue; } // CHECK MESSAGE TYPES AND ADD RECIPIENT if ($this->level_info['level_message_allow'] == 2 || $this->level_info['level_message_allow'] == 1 && $this->user_friended($to_user->user_info['user_id'])) { $recipients_full[$to_user->user_info['user_id']] =& $to_user; $recipients[] = $to_user->user_info['user_id']; } } // ENSURE THERE ARE RECIPIENTS if (empty($recipients)) { $this->is_error = 795; } // IF NO ERROR, CREATE CONVERSATION if (!$this->is_error) { // CREATE CONVO $sql = "INSERT INTO se_pmconvos (pmconvo_subject, pmconvo_recipients) VALUES ('" . addslashes($subject) . "', '" . (count($recipients) + 1) . "')"; $resource = $database->database_query($sql); $convo_id = $database->database_insert_id(); // CREATE CONVOOPS $sql = "\r\n INSERT INTO se_pmconvoops\r\n (pmconvoop_pmconvo_id, pmconvoop_user_id, pmconvoop_deleted_outbox, pmconvoop_deleted_inbox)\r\n VALUES\r\n ('{$convo_id}', '{$this->user_info['user_id']}', 0, 1)"; //$is_first = TRUE; foreach ($recipients as $to_user_id) { $sql .= ", ('{$convo_id}', '{$to_user_id}', 1, 0)"; } // EXECUTE QUERY $resource = $database->database_query($sql); } } else { $sql = "SELECT pmconvoop_user_id FROM se_pmconvoops WHERE pmconvoop_pmconvo_id='{$convo_id}'"; $resource = $database->database_query($sql); $unauthorized = TRUE; while ($pmconvoop_info = $database->database_fetch_assoc($resource)) { if ($pmconvoop_info['pmconvoop_user_id'] != $this->user_info['user_id']) { $recipients[] = $pmconvoop_info['pmconvoop_user_id']; } else { $unauthorized = FALSE; } } // USER WAS NOT IN CONVERSATION if ($unauthorized) { $this->is_error = 39; } // FIX THIS CODE RANDOM NUMBER TEMP } // IF NO ERROR, ADD MESSAGE TO CONVERSATION if (!$this->is_error) { // LINK ALL LINKS $message = ereg_replace("http://([.]?[a-zA-Z0-9_/-])*", "<a href=\"\\0\" target=\"_blank\">\\0</a>", $message); $message = ereg_replace("(^| |\n)(www([.]?[a-zA-Z0-9_/-])*)", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $message); // RUN SECURITY ON THE MESSAGE TO ENSURE NO XSS ATTACKS WITH LINKS $message = cleanHTML($message, "a"); // REPLACE NEWLINES IN BODY WITH BREAKS $message = str_replace("\n", "<br>", $message); $message = str_replace("'", "\\'", $message); // INSERT MESSAGE $pm_date = time(); $sql = "\r\n INSERT INTO se_pms\r\n (pm_authoruser_id, pm_pmconvo_id, pm_date, pm_body)\r\n VALUES\r\n ('{$this->user_info['user_id']}', '{$convo_id}', '{$pm_date}', '{$message}')\r\n "; $resource = $database->database_query($sql); // UPDATE PMCONVOOPS $sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_outbox=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id='{$this->user_info['user_id']}'"; $resource = $database->database_query($sql); $sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_inbox=0, pmconvoop_read=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id!='{$this->user_info['user_id']}'"; $resource = $database->database_query($sql); // INSERT/SEND NOTIFICATIONS FOR RECIPIENTS // GET RECIPIENTS IF NOT INITIAL MESSAGE foreach ($recipients as $recipient_user_id) { //if( empty($recipients_full[$recipient_user_id]) ) //{ $recipients_full[$recipient_user_id] = new SEUser(array($recipient_user_id)); //} $current_recipient =& $recipients_full[$recipient_user_id]; // NOT A USER if (!is_object($current_recipient) || !$current_recipient->user_exists) { continue; } // ADD NOTIFICATION $notify->notify_add($current_recipient->user_info['user_id'], 'message', $convo_id, array(), array(), TRUE); // SEND EMAIL $current_recipient->user_settings('usersetting_notify_message'); if ($current_recipient->usersetting_info['usersetting_notify_message']) { send_systememail('message', $current_recipient->user_info[user_email], array($current_recipient->user_displayname, $this->user_displayname, "<a href=\"{$url->url_base}login.php\">{$url->url_base}login.php</a>")); } // CLEAN OUT THEM OLD MESSAGES $num_inbox = $current_recipient->user_message_total(0, 0); $num_outbox = $current_recipient->user_message_total(1, 0); $num_inbox_delete = $num_inbox - $current_recipient->level_info['level_message_inbox']; $num_outbox_delete = $num_outbox - $current_recipient->level_info['level_message_outbox']; // CLEAN OUT INBOX if ($num_inbox_delete > 0) { $sql = "\r\n SELECT\r\n se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n FROM\r\n se_pmconvoops\r\n LEFT JOIN\r\n se_pmconvos\r\n ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n LEFT JOIN\r\n se_pms\r\n ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n WHERE\r\n se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n se_pmconvoops.pmconvoop_deleted_inbox=0 &&\r\n se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n ORDER BY\r\n se_pms.pm_date ASC\r\n LIMIT\r\n {$num_inbox_delete}\r\n "; $resource = $database->database_query($sql); while ($result = $database->database_fetch_assoc($resource)) { $delete_array[] = $result['pmconvo_id']; } // DELETE $current_recipient->user_message_delete_selected($delete_array, 0); } // CLEAN OUT OUTBOX if ($num_outbox_delete > 0) { $sql = "\r\n SELECT\r\n se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n FROM\r\n se_pmconvoops\r\n LEFT JOIN\r\n se_pmconvos\r\n ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n LEFT JOIN\r\n se_pms\r\n ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n WHERE\r\n se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n se_pmconvoops.pmconvoop_deleted_outbox=0 &&\r\n se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n ORDER BY\r\n se_pms.pm_date ASC\r\n LIMIT\r\n {$num_outbox_delete}\r\n "; $resource = $database->database_query($sql); while ($result = $database->database_fetch_assoc($resource)) { $delete_array[] = $result['pmconvo_id']; } // DELETE $current_recipient->user_message_delete_selected($delete_array, 1); } // CLEAR INACTIVE CONVERSATIONS $this->user_message_cleanup(); } } return $convo_id; }
function blog_subscription_notification($newblogentry_id, $newblogentry_title, $newblogentry_privacy = 1) { global $database, $user, $url, $notify; // Quick fix for self if (!$newblogentry_privacy || $newblogentry_privacy == 1) { return; } // Generate query $sql = "\r\n SELECT\r\n se_blogsubscriptions.*,\r\n subscriber.user_id,\r\n subscriber.user_username,\r\n subscriber.user_fname,\r\n subscriber.user_lname,\r\n subscriber.user_email,\r\n subscriber_settings.usersetting_notify_newblogsubscriptionentry\r\n FROM\r\n se_blogsubscriptions\r\n LEFT JOIN\r\n se_users AS subscriber\r\n ON subscriber.user_id=se_blogsubscriptions.blogsubscription_user_id\r\n LEFT JOIN\r\n se_usersettings AS subscriber_settings\r\n ON subscriber_settings.usersetting_user_id=subscriber.user_id\r\n WHERE\r\n se_blogsubscriptions.blogsubscription_owner_id='{$user->user_info['user_id']}' &&\r\n CASE\r\n /* DO NOT SEND AN EMAIL TO SELF, BESIDES THEY SHOULDNT BE SUBSCRIBED TO THEIR OWN BLOG... */\r\n WHEN subscriber.user_id='{$user->user_info['user_id']}'\r\n THEN FALSE\r\n /* IGNORE MISSING USERS */\r\n WHEN (({$newblogentry_privacy} & @SE_PRIVACY_ANONYMOUS) AND subscriber.user_id IS NULL)\r\n THEN FALSE\r\n /* NORMAL */\r\n WHEN (({$newblogentry_privacy} & @SE_PRIVACY_REGISTERED) AND subscriber.user_id IS NOT NULL)\r\n THEN TRUE\r\n WHEN (({$newblogentry_privacy} & @SE_PRIVACY_FRIEND) AND (SELECT TRUE FROM se_friends WHERE friend_user_id1='{$user->user_info['user_id']}' AND friend_user_id2=subscriber.user_id AND friend_status='1' LIMIT 1))\r\n THEN TRUE\r\n WHEN (({$newblogentry_privacy} & @SE_PRIVACY_SUBNET) AND (SELECT TRUE FROM se_users WHERE user_id='{$user->user_info['user_id']}' AND user_subnet_id=subscriber.user_subnet_id LIMIT 1))\r\n THEN TRUE\r\n WHEN (({$newblogentry_privacy} & @SE_PRIVACY_FRIEND2) AND (\r\n SELECT TRUE FROM se_friends AS friends_primary\r\n LEFT JOIN se_users ON friends_primary.friend_user_id1=se_users.user_id\r\n LEFT JOIN se_friends AS friends_secondary ON friends_primary.friend_user_id2=friends_secondary.friend_user_id1\r\n WHERE friends_primary.friend_user_id1='{$user->user_info['user_id']}' AND friends_secondary.friend_user_id2=subscriber.user_id AND se_users.user_subnet_id=subscriber.user_subnet_id LIMIT 1)\r\n )\r\n THEN TRUE\r\n ELSE FALSE\r\n END\r\n "; $resource = $database->database_query($sql); // Get all recipients and send emails // TODO: large numbers of subscribers $blogentry_url = $url->url_create('blog_entry', $user->user_info['user_username'], $newblogentry_id); while ($result = $database->database_fetch_assoc($resource)) { // Create user object for displayname $recipient_object = new se_user(); $recipient_object->user_info['user_id'] = $result['user_id']; $recipient_object->user_info['user_username'] = $result['user_username']; $recipient_object->user_info['user_fname'] = $result['user_fname']; $recipient_object->user_info['user_lname'] = $result['user_lname']; $recipient_object->user_displayname(); // NOTIFICATION $notifytype = $notify->notify_add($recipient_object->user_info['user_id'], "newblogsubscriptionentry", $newblogentry_id, array($user->user_info['user_username'], $newblogentry_id), array($newblogentry_title)); // EMAIL NOTIFICATION if (!empty($result['user_email']) && $result['usersetting_notify_newblogsubscriptionentry']) { send_systememail('newblogsubscriptionentry', $result['user_email'], array($recipient_object->user_displayname, $user->user_displayname, "<a href=\"{$blogentry_url}\">{$blogentry_url}</a>")); } unset($recipient_object); } }
function new_like_notify($action_id) { global $user, $notify, $url; if (!$action_id) { return false; } $owner_id = he_wall::get_action_owner($action_id); $owner = new se_user(array($owner_id)); if (!$owner->user_exists || $user->user_info['user_id'] == $owner_id) { return false; } if ($owner->usersetting_info['usersetting_notify_wallactionlike']) { $login_url = '<a href="' . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>"; $replace_arr = array($owner->user_displayname, $user->user_displayname, $login_url); send_systememail('wallactionlike', $owner->user_info['user_email'], $replace_arr); } $url_vars = array('', $action_id); $replace_arr = array($user->user_displayname); $notify->notify_add($owner->user_info['user_id'], 'wallactionlike', $action_id, $url_vars, $replace_arr); }
} // INSERT ACTION AND SEND NOTIFICATION TO TAGGED USER if ($taggeduser->user_exists == 1) { // ENSURE USER ISN'T ALREADY TAGGED IN THIS PHOTO if ($database->database_num_rows($database->database_query("SELECT `{$type}mediatag_id` FROM `se_{$type}mediatags` WHERE `{$type}mediatag_{$type}media_id`='" . $media_info[$type . 'media_id'] . "' AND `{$type}mediatag_user_id`='{$taggeduser->user_info['user_id']}'")) == 1) { $media_path = $media_dir . $media_info[$type . 'media_id'] . "_thumb.jpg"; $media_width = $misc->photo_size($media_path, "100", "100", "w"); $media_height = $misc->photo_size($media_path, "100", "100", "h"); $action_media[] = array('media_link' => "profile_photos_file.php?user={$taggeduser->user_info['user_username']}&type={$type}media&media_id=" . $media_info[$type . 'media_id'], 'media_path' => $media_path, 'media_width' => $media_width, 'media_height' => $media_height); $actions->actions_add($taggeduser, "new{$type}tag", array($taggeduser->user_info['user_username'], $taggeduser->user_displayname), $action_media, 600, false, "user", $taggeduser->user_info['user_id'], $taggeduser->user_info['user_privacy']); } if ($taggeduser->user_info['user_id'] != $owner_user->user_info['user_id'] && $taggeduser->user_info['user_id'] != $user->user_info['user_id']) { $notify->notify_add($taggeduser->user_info['user_id'], 'new' . $type . 'tag', $media_info[$type . 'media_id'], array($taggeduser->user_info['user_username'], $type . 'media', $media_info[$type . 'media_id']), array($object_title)); $taggeduser->user_settings(); if ($taggeduser->usersetting_info['usersetting_notify_new' . $type . 'tag']) { send_systememail('new' . $type . 'tag', $taggeduser->user_info['user_email'], array($taggeduser->user_displayname, "<a href=\"" . $url->url_base . "profile_photos_file.php?user={$taggeduser->user_info['user_username']}&type={$type}media&media_id={$media_info[$type . 'media_id']}\">{$url->url_base}profile_photos_file.php?user={$taggeduser->user_info['user_username']}&type={$type}media&media_id=" . $media_info[$type . 'media_id'] . "</a>")); } } } // RUN JAVASCRIPT FUNCTION (JSON) echo json_encode(array('mediatag_id' => $mediatag_id, 'mediatag_link' => $mediatag_link, 'mediatag_text' => $mediatag_text, 'mediatag_x' => $mediatag_x, 'mediatag_y' => $mediatag_y, 'mediatag_width' => $mediatag_width, 'mediatag_height' => $mediatag_height, 'mediatag_user_username' => $mediatag_user_username)); exit; } elseif ($task == "tag_remove") { // MUST BE LOGGED IN TO USE THIS TASK if (!$user->user_exists) { exit; } // GET COMMENT TYPE, ETC $type = isset($_POST['type']) ? $_POST['type'] : NULL; $media_id = isset($_POST['media_id']) ? $_POST['media_id'] : NULL; $mediatag_id = isset($_POST['mediatag_id']) ? $_POST['mediatag_id'] : NULL;
function event_join() { global $user, $database, $url, $actions, $notify; // JOIN if (!$this->is_member && !$this->is_member_waiting) { $new_member_approved = $this->event_info['event_inviteonly'] ? '0' : '1'; // INSERT $sql = "INSERT INTO se_eventmembers (eventmember_user_id, eventmember_event_id, eventmember_status, eventmember_approved, eventmember_rank) VALUES ('{$this->user_id}', '{$this->event_info['event_id']}', '1', '{$new_member_approved}', '1')"; $database->database_query($sql); // UPDATE MEMBER INFO $this->is_member = (bool) $new_member_approved; $this->is_member_waiting = !$new_member_approved; $this->eventmember_info['eventmember_approved'] = (int) $new_member_approved; // NOTIFY EVENT OWNER IF REQUESTING APPROVAL if (!$new_member_approved) { $sql = "SELECT se_users.user_id, se_users.user_username, se_users.user_email, se_users.user_fname, se_users.user_lname, se_usersettings.usersetting_notify_eventmemberrequest FROM se_users LEFT JOIN se_usersettings ON se_users.user_id=se_usersettings.usersetting_user_id WHERE se_users.user_id='{$this->event_info['event_user_id']}'"; $resource = $database->database_query($sql); if (!$database->database_num_rows($resource)) { return FALSE; } $eventowner_info = $database->database_fetch_assoc($resource); // Create user object for displayname $recipient_object = new se_user(); $recipient_object->user_info['user_id'] = $eventowner_info['user_id']; $recipient_object->user_info['user_username'] = $eventowner_info['user_username']; $recipient_object->user_info['user_fname'] = $eventowner_info['user_fname']; $recipient_object->user_info['user_lname'] = $eventowner_info['user_lname']; $recipient_object->user_displayname(); // NOTIFICATION $notifytype = $notify->notify_add($recipient_object->user_info['user_id'], "eventmemberrequest", $this->event_info['event_id'], array($user->user_info['user_username'], $this->event_info['event_id']), array($this->event_info['event_title'])); if ($eventowner_info['usersetting_notify_eventmemberrequest']) { send_systememail('eventmemberrequest', $eventowner_info['user_email'], array($recipient_object->user_displayname, $user->user_displayname, $this->event_info['event_title'], "<a href=\"{$url->url_base}login.php\">{$url->url_base}login.php</a>")); } } else { $sql = "UPDATE se_events SET event_totalmembers=event_totalmembers+1 WHERE event_id='{$this->event_info['event_id']}' LIMIT 1"; $database->database_query($sql); } } elseif ($this->is_member_waiting && $this->eventmember_info['eventmember_approved']) { $sql = "UPDATE se_eventmembers SET eventmember_status=1 WHERE eventmember_event_id='{$this->event_info['event_id']}' && eventmember_user_id='{$this->user_id}' LIMIT 1"; $database->database_query($sql); // INCREMENT MEMBER COUNT $sql = "UPDATE se_events SET event_totalmembers=event_totalmembers+1 WHERE event_id='{$this->event_info['event_id']}' LIMIT 1"; $database->database_query($sql); // UPDATE MEMBER INFO $this->is_member = TRUE; $this->is_member_waiting = FALSE; $this->eventmember_info['eventmember_status'] = 1; } else { $this->is_error = 3000248; return FALSE; } // DELETE NOTIFICATION $sql = "DELETE FROM se_notifys USING se_notifys LEFT JOIN se_notifytypes ON se_notifys.notify_notifytype_id=se_notifytypes.notifytype_id WHERE se_notifys.notify_user_id='{$this->user_id}' AND se_notifytypes.notifytype_name='eventinvite' AND notify_object_id='{$this->event_info['event_id']}'"; $database->database_query($sql); // INSERT ACTION IF NOT REQUESTING APPROVAL if ($new_member_approved || !empty($this->eventmember_info['eventmember_approved'])) { $event_title = $this->event_info['event_title']; if (strlen($event_title) > 100) { $event_title = substr($event_title, 0, 97) . "..."; } $actions->actions_add($user, "joinevent", array($user->user_info['user_username'], $user->user_displayname, $this->event_info['event_id'], $event_title), NULL, 60, FALSE, "event", $this->event_info['event_id'], $this->event_info['event_privacy']); } return TRUE; }
} // VALIDATE USER ID OR RETURN TO VIEW USERS $user = new se_user(array($user_id)); if ($user->user_exists == 0) { header("Location: admin_viewusers.php?s={$s}&p={$p}&f_user={$f_user}&f_email={$f_email}&f_level={$f_level}&f_subnet={$f_subnet}&f_enabled={$f_enabled}"); exit; } // INITIALIZE ERROR VARS $is_error = 0; $result = 0; // RESEND EMAIL VERIFICATION if ($task == "resend") { $verify_code = md5($user->user_info['user_code']); $time = time(); $verify_link = $url->url_base . "signup_verify.php?u=" . $user->user_info['user_id'] . "&verify={$verify_code}&d={$time}"; send_systememail('verification', $user->user_info[user_email], array($user->user_displayname, $user->user_info[user_email], "<a href=\"{$verify_link}\">{$verify_link}</a>")); $result = 1140; // MANUALLY VERIFY USER } elseif ($task == "verify") { $database->database_query("UPDATE se_users SET user_verified='1' WHERE user_id='" . $user->user_info[user_id] . "'"); $result = 1141; $user->user_info[user_verified] = 1; // DELETE ACTION } elseif ($task == "action_delete") { if (isset($_GET['action_id'])) { $action_id = $_GET['action_id']; } else { $action_id = 0; } // DELETE ACTION $database->database_query("DELETE FROM se_actions, se_actionmedia USING se_actions LEFT JOIN se_actionmedia ON se_actions.action_id=se_actionmedia.actionmedia_action_id WHERE action_id='{$action_id}'");
function forum_post_new($forum_id, $topic_id, $topic_title, $post_body, $new_topic = false) { global $database, $user, $actions, $notify, $url; $is_error = 0; $nowdate = time(); // SET ERRORS if (trim(str_replace("<p>", "", str_replace("</p>", "", $post_body))) == "") { $is_error = 6000067; } // IF NO ERROR, ADD POST if ($is_error == 0) { // UPLOAD FORUM MEDIA $forummedia_id = $this->forum_media_new($topic_id); // CLEAN, CENSOR, ETC $post_body = $this->forum_bbcode_parse_clean($post_body); // CREATE EXCERPT $excerpt = $this->forum_excerpt($post_body); // INSERT INTO FORUM POST TABLE $database->database_query("INSERT INTO se_forumposts (forumpost_forumtopic_id, forumpost_authoruser_id, forumpost_date, forumpost_excerpt, forumpost_body, forumpost_forummedia_id) VALUES ('{$topic_id}', '{$user->user_info[user_id]}', '{$nowdate}', '{$excerpt}', '{$post_body}', '{$forummedia_id}')") or die(mysql_error()); $forumpost_id = $database->database_insert_id(); // IF NEW TOPIC, UPDATE FORUM TABLE if ($new_topic) { $database->database_query("UPDATE se_forums SET forum_totaltopics=forum_totaltopics+1 WHERE forum_id='{$forum_id}'"); // IF REPLY, UPDATE FORUM AND FORUMTOPIC TABLE } else { $database->database_query("UPDATE se_forums SET forum_totalreplies=forum_totalreplies+1 WHERE forum_id='{$forum_id}'"); $database->database_query("UPDATE se_forumtopics SET forumtopic_date='{$nowdate}', forumtopic_totalreplies=forumtopic_totalreplies+1 WHERE forumtopic_id='{$topic_id}' AND forumtopic_forum_id='{$forum_id}'"); // ADD ACTION if ($user->user_exists) { $actions->actions_add($user, "forumpost", array($user->user_info['user_username'], $user->user_displayname, $forum_id, $topic_id, $topic_title, $forumpost_id, $excerpt), array(), 0, false, 'forum', $forum_id, 0); } // SEND NOTIFICATION if ($user->user_exists) { $poster = $user->user_displayname; } else { $poster = SE_Language::get(835); } // SEND REPLY NOTIFICATION $topic_starter = $database->database_fetch_assoc($database->database_query("SELECT se_forumposts.forumpost_authoruser_id FROM se_forumposts WHERE forumpost_forumtopic_id='{$topic_id}' ORDER BY forumpost_id ASC LIMIT 1")); if ($topic_starter['forumpost_authoruser_id'] != $user->user_info['user_id']) { $starter = new se_user(array($topic_starter['forumpost_authoruser_id'])); if ($starter->user_exists) { $notifytype = $notify->notify_add($starter->user_info[user_id], 'forumreply', $topic_id, array($forum_id, $topic_id, $forumpost_id), array($topic_title)); $object_url = $url->url_base . vsprintf($notifytype[notifytype_url], array($forum_id, $topic_id, $forumpost_id)); $starter->user_settings(); if ($starter->usersetting_info['usersetting_notify_forumreply']) { send_systememail("forumreply", $starter->user_info['user_email'], array($starter->user_displayname, $poster, $topic_title, "<a href=\"{$object_url}\">{$object_url}</a>")); } } } } // UPDATE USER'S TOTAL POSTS $database->database_query("INSERT INTO se_forumusers (forumuser_user_id, forumuser_totalposts) VALUES ('{$user->user_info[user_id]}', 1) ON DUPLICATE KEY UPDATE forumuser_totalposts=forumuser_totalposts+1") or die(mysql_error()); } return array('is_error' => $is_error, 'post_id' => $forumpost_id); }
$group_title_short = $group->group_info['group_title']; if (strlen($group_title_short) > 100) { $group_title_short = substr($group_title_short, 0, 97); $group_title_short .= "..."; } $sql = "SELECT se_users.user_id, se_users.user_username, se_users.user_email, se_users.user_fname, se_users.user_lname, se_usersettings.usersetting_notify_groupmemberrequest FROM se_users LEFT JOIN se_usersettings ON se_users.user_id=se_usersettings.usersetting_user_id WHERE se_users.user_id='{$group->group_info['group_user_id']}'"; $groupowner_info = $database->database_fetch_assoc($database->database_query($sql)); if ($groupowner_info['usersetting_notify_groupmemberrequest'] == 1) { $group_owner = new se_user(); $group_owner->user_info['user_id'] = $groupowner_info['user_id']; $group_owner->user_info['user_username'] = $groupowner_info['user_username']; $group_owner->user_info['user_email'] = $groupowner_info['user_email']; $group_owner->user_info['user_fname'] = $groupowner_info['user_fname']; $group_owner->user_info['user_lname'] = $groupowner_info['user_lname']; $group_owner->user_displayname(); send_systememail('groupmemberrequest', $groupowner_info['user_email'], array($group_owner->user_displayname, $user->user_displayname, $group->group_info['group_title'], "<a href=\"" . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>")); } $notify->notify_add($groupowner_info['user_id'], 'groupmemberrequest', $user->user_info['user_id'], array('', $group->group_info['group_id']), array($group_title_short)); // SET RESULT $result = 2000164; } else { $database->database_query("\r\n INSERT INTO se_groupmembers (\r\n groupmember_user_id,\r\n groupmember_group_id,\r\n groupmember_status,\r\n groupmember_approved,\r\n groupmember_rank\r\n ) VALUES (\r\n '{$user->user_info['user_id']}',\r\n '{$group->group_info['group_id']}',\r\n '1',\r\n '1',\r\n '0'\r\n )\r\n "); $database->database_query("UPDATE se_groups SET group_totalmembers=group_totalmembers+1 WHERE group_id='{$group->group_info['group_id']}' LIMIT 1"); // INSERT ACTION $group_title_short = $group->group_info['group_title']; if (strlen($group_title_short) > 100) { $group_title_short = substr($group_title_short, 0, 97); $group_title_short .= "..."; } $actions->actions_add($user, "joingroup", array($user->user_info['user_username'], $user->user_displayname, $group->group_info['group_id'], $group_title_short), array(), 0, false, "group", $group->group_info['group_id'], $group->group_info['group_privacy']); // SET RESULT
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Pragma: no-cache"); // HTTP/1.0 header("Content-Type: application/json"); echo $json; exit; } elseif ($task == "invite_do") { $invites = $_POST['invites']; $invite_query = $database->database_query("SELECT user_id, user_username, user_email, user_fname, user_lname, usersetting_notify_groupinvite FROM se_friends LEFT JOIN se_users ON se_friends.friend_user_id2=se_users.user_id LEFT JOIN se_usersettings ON se_users.user_id=se_usersettings.usersetting_user_id LEFT JOIN se_levels ON se_users.user_level_id=se_levels.level_id LEFT JOIN se_groupmembers ON se_users.user_id=se_groupmembers.groupmember_user_id AND se_groupmembers.groupmember_group_id='{$group->group_info['group_id']}' WHERE se_users.user_id IN ('" . implode("', '", $invites) . "') AND (se_levels.level_group_allow & 1) AND se_friends.friend_status=1 AND se_friends.friend_user_id1='{$user->user_info['user_id']}' AND se_groupmembers.groupmember_id IS NULL"); if ($database->database_num_rows($invite_query)) { while ($invite_info = $database->database_fetch_assoc($invite_query)) { $friend = new se_user(); $friend->user_info['user_id'] = $invite_info['user_id']; $friend->user_info['user_username'] = $invite_info['user_username']; $friend->user_info['user_fname'] = $invite_info['user_fname']; $friend->user_info['user_lname'] = $invite_info['user_lname']; $friend->user_displayname(); $database->database_query("\r\n INSERT INTO se_groupmembers (\r\n groupmember_user_id, \r\n groupmember_group_id, \r\n groupmember_status,\r\n groupmember_approved\r\n ) VALUES (\r\n '{$invite_info['user_id']}',\r\n '{$group->group_info['group_id']}',\r\n '0',\r\n '1'\r\n )\r\n "); if ($invite_info['usersetting_notify_groupinvite']) { send_systememail('groupinvite', $invite_info['user_email'], array($friend->user_displayname, $group->group_info['group_title'], "<a href=\"{$url->url_base}login.php\">{$url->url_base}login.php</a>")); } $notify->notify_add($invite_info['user_id'], 'groupinvite', $group->group_info['group_id'], array(NULL, $group->group_info['group_id']), array($group->group_info['group_title'])); } } $result = 2000197; } // ASSIGN SMARTY VARIABLES AND DISPLAY EDIT INVITE PAGE $smarty->assign('result', $result); $smarty->assign('group', $group); include "footer.php";