function sp_UpdateProfile() { global $spGlobals, $spThisUser; # make sure nonce is there check_admin_referer('forum-profile', 'forum-profile'); $message = array(); # dont update forum if its locked down if ($spGlobals['lockdown']) { $message['type'] = 'error'; $message['text'] = sp_text('This forum is currently locked - access is read only - profile not updated'); return $message; } # do we have a form to update? if (isset($_GET['form'])) { $thisForm = sp_esc_str($_GET['form']); } else { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid form'); return $message; } # do we have an actual user to update? if (isset($_GET['userid'])) { $thisUser = sp_esc_int($_GET['userid']); } else { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid user'); return $message; } # Check the user ID for current user of admin edit if ($thisUser != $spThisUser->ID && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('Profile update aborted - no valid user'); return $message; } if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) { $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (empty($pass1) || empty($pass2) || $pass1 != $pass2) { $message['type'] = 'error'; $message['text'] = sp_text('Cannot save profile until password has been changed'); return $message; } } # form save filter $thisForm = apply_filters('sph_profile_save_thisForm', $thisForm); # valid save attempt, so lets process the save switch ($thisForm) { case 'show-memberships': # update memberships # any usergroup removals? if (isset($_POST['usergroup_leave'])) { foreach ($_POST['usergroup_leave'] as $membership) { sp_remove_membership(sp_esc_str($membership), $thisUser); } } # any usergroup joins? if (isset($_POST['usergroup_join'])) { foreach ($_POST['usergroup_join'] as $membership) { sp_add_membership(sp_esc_int($membership), $thisUser); } } # fire action for plugins $message = apply_filters('sph_UpdateProfileMemberships', $message, $thisUser); # output update message if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Memberships updated'); } break; case 'account-settings': # update account settings # check for password update $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (!empty($pass1) || !empty($pass2)) { if ($pass1 != $pass2) { $message['type'] = 'error'; $message['text'] = sp_text('Please enter the same password in the two password fields'); return $message; } else { # update the password $user = new stdClass(); $user->ID = (int) $thisUser; $user->user_pass = $pass1; wp_update_user(get_object_vars($user)); if (isset($spThisUser->sp_change_pw) && $spThisUser->sp_change_pw) { delete_user_meta($spThisUser->ID, 'sp_change_pw'); } } } # now check the email is valid and unique $update = apply_filters('sph_ProfileUserEmailUpdate', true); if ($update) { $curEmail = sp_filter_email_save($_POST['curemail']); $email = sp_filter_email_save($_POST['email']); if ($email != $curEmail) { if (empty($email)) { $message['type'] = 'error'; $message['text'] = sp_text('Please enter a valid email address'); return $message; } elseif (($owner_id = email_exists($email)) && $owner_id != $thisUser) { $message['type'] = 'error'; $message['text'] = sp_text('The email address is already registered. Please choose another one'); return $message; } # save new email address $sql = 'UPDATE ' . SFUSERS . " SET user_email='{$email}' WHERE ID=" . $thisUser; spdb_query($sql); } } # fire action for plugins $message = apply_filters('sph_UpdateProfileSettings', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Account settings updated'); } break; case 'edit-profile': # update profile settings # validate any username change $update = apply_filters('sph_ProfileUserDisplayNameUpdate', true); if ($update) { $spProfile = sp_get_option('sfprofile'); if ($spProfile['nameformat'] || $spThisUser->admin) { $display_name = !empty($_POST['display_name']) ? trim($_POST['display_name']) : spdb_table(SFUSERS, "ID={$thisUser}", 'user_login'); $display_name = sp_filter_name_save($display_name); # make sure display name isnt already used if ($_POST['oldname'] != $display_name) { $records = spdb_table(SFMEMBERS, "display_name='{$display_name}'"); if ($records) { foreach ($records as $record) { if ($record->user_id != $thisUser) { $message['type'] = 'error'; $message['text'] = $display_name . ' ' . sp_text('is already in use - please choose a different display name'); return $message; } } } # validate display name $errors = new WP_Error(); $user = new stdClass(); $user->display_name = $display_name; sp_validate_display_name($errors, true, $user); if ($errors->get_error_codes()) { $message['type'] = 'error'; $message['text'] = sp_text('The display name you have chosen is not allowed on this site'); return $message; } # now save the display name sp_update_member_item($thisUser, 'display_name', $display_name); # Update new users list with changed display name sp_update_newuser_name(sp_filter_name_save($_POST['oldname']), $display_name); # do we need to sync display name with wp? $options = sp_get_member_item($thisUser, 'user_options'); if ($options['namesync']) { spdb_query('UPDATE ' . SFUSERS . ' SET display_name="' . $display_name . '" WHERE ID=' . $thisUser); } } } } # save the url $update = apply_filters('sph_ProfileUserWebsiteUpdate', true); if ($update) { $url = sp_filter_url_save($_POST['website']); $sql = 'UPDATE ' . SFUSERS . ' SET user_url="' . $url . '" WHERE ID=' . $thisUser; spdb_query($sql); } # update first name, last name, location and biorgraphy $update = apply_filters('sph_ProfileUserFirstNameUpdate', true); if ($update) { update_user_meta($thisUser, 'first_name', sp_filter_name_save(trim($_POST['first_name']))); } $update = apply_filters('sph_ProfileUserLastNameUpdate', true); if ($update) { update_user_meta($thisUser, 'last_name', sp_filter_name_save(trim($_POST['last_name']))); } $update = apply_filters('sph_ProfileUserLocationUpdate', true); if ($update) { update_user_meta($thisUser, 'location', sp_filter_title_save(trim($_POST['location']))); } $update = apply_filters('sph_ProfileUserBiographyUpdate', true); if ($update) { update_user_meta($thisUser, 'description', sp_filter_save_kses($_POST['description'])); } # fire action for plugins $message = apply_filters('sph_UpdateProfileProfile', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Profile settings updated'); } break; case 'edit-identities': # update identity settings # update the user identities $update = apply_filters('sph_ProfileUserAIMUpdate', true); if ($update) { update_user_meta($thisUser, 'aim', sp_filter_title_save(trim($_POST['aim']))); } $update = apply_filters('sph_ProfileUserYahooUpdate', true); if ($update) { update_user_meta($thisUser, 'yim', sp_filter_title_save(trim($_POST['yim']))); } $update = apply_filters('sph_ProfileUserGoogleUpdate', true); if ($update) { update_user_meta($thisUser, 'jabber', sp_filter_title_save(trim($_POST['jabber']))); } $update = apply_filters('sph_ProfileUserMSNUpdate', true); if ($update) { update_user_meta($thisUser, 'msn', sp_filter_title_save(trim($_POST['msn']))); } $update = apply_filters('sph_ProfileUserICQUpdate', true); if ($update) { update_user_meta($thisUser, 'icq', sp_filter_title_save(trim($_POST['icq']))); } $update = apply_filters('sph_ProfileUserSkypeUpdate', true); if ($update) { update_user_meta($thisUser, 'skype', sp_filter_title_save(trim($_POST['skype']))); } $update = apply_filters('sph_ProfileUserFacebookUpdate', true); if ($update) { update_user_meta($thisUser, 'facebook', sp_filter_title_save(trim($_POST['facebook']))); } $update = apply_filters('sph_ProfileUserMySpaceUpdate', true); if ($update) { update_user_meta($thisUser, 'myspace', sp_filter_title_save(trim($_POST['myspace']))); } $update = apply_filters('sph_ProfileUserTwitterUpdate', true); if ($update) { update_user_meta($thisUser, 'twitter', sp_filter_title_save(trim($_POST['twitter']))); } $update = apply_filters('sph_ProfileUserLinkedInUpdate', true); if ($update) { update_user_meta($thisUser, 'linkedin', sp_filter_title_save(trim($_POST['linkedin']))); } $update = apply_filters('sph_ProfileUserYouTubeUpdate', true); if ($update) { update_user_meta($thisUser, 'youtube', sp_filter_title_save(trim($_POST['youtube']))); } $update = apply_filters('sph_ProfileUserGooglePlusUpdate', true); if ($update) { update_user_meta($thisUser, 'googleplus', sp_filter_title_save(trim($_POST['googleplus']))); } # fire action for plugins $message = apply_filters('sph_UpdateProfileIdentities', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Identities updated'); } break; case 'avatar-upload': # upload avatar # did we get an avatar to upload? if (empty($_FILES['avatar-upload']['name'])) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar filename was empty'); return $message; } # Verify the file extension global $spPaths; $uploaddir = SF_STORE_DIR . '/' . $spPaths['avatars'] . '/'; $filename = basename($_FILES['avatar-upload']['name']); $path = pathinfo($filename); $ext = strtolower($path['extension']); if ($ext != 'jpg' && $ext != 'jpeg' && $ext != 'gif' && $ext != 'png') { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, only JPG, JPEG, PNG, or GIF files are allowed'); return $message; } # check image file mimetype $mimetype = 0; $mimetype = exif_imagetype($_FILES['avatar-upload']['tmp_name']); if (empty($mimetype) || $mimetype == 0 || $mimetype > 3) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file is an invalid format'); return $message; } # make sure file extension and mime type actually match if ($mimetype == 1 && $ext != 'gif' || $mimetype == 2 && ($ext != 'jpg' && $ext != 'jpeg') || $mimetype == 3 && $ext != 'png') { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the file mime type does not match file extension'); return $message; } # Clean up file name just in case $filename = date('U') . sp_filter_filename_save(basename($_FILES['avatar-upload']['name'])); $uploadfile = $uploaddir . $filename; # check for existence if (file_exists($uploadfile)) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file already exists'); return $message; } # check file size against limit if provided $spAvatars = sp_get_option('sfavatars'); if ($_FILES['avatar-upload']['size'] > $spAvatars['sfavatarfilesize']) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file exceeds the maximum allowed size'); return $message; } # valid avatar, so try moving the uploaded file to the avatar storage directory if (move_uploaded_file($_FILES['avatar-upload']['tmp_name'], $uploadfile)) { @chmod("{$uploadfile}", 0644); # do we need to resize? $sfavatars = sp_get_option('sfavatars'); if ($sfavatars['sfavatarresize']) { $editor = wp_get_image_editor($uploadfile); if (is_wp_error($editor)) { @unlink($uploadfile); $message['type'] = 'error'; $message['text'] = sp_text('Sorry, there was a problem resizing the avatar'); return $message; } else { $editor->resize($sfavatars['sfavatarsize'], $sfavatars['sfavatarsize'], true); $imageinfo = $editor->save($uploadfile); $filename = $imageinfo['file']; } } # update member avatar data $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['uploaded'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); } else { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, the avatar file could not be moved to the avatar storage location'); return $message; } # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarUpload', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Uploaded avatar updated'); } break; case 'avatar-pool': # pool avatar # get pool avatar name $filename = sp_filter_filename_save($_POST['spPoolAvatar']); # error if no pool avatar provided if (empty($filename)) { $message['type'] = 'error'; $message['text'] = sp_text('Sorry, you must select a pool avatar before trying to save it'); return $message; } # save the pool avatar $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['pool'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarPool', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Pool avatar updated'); } break; case 'avatar-remote': # remote avatar # get remote avatar name $filename = sp_filter_url_save($_POST['spAvatarRemote']); $avatar = sp_get_member_item($thisUser, 'avatar'); $avatar['remote'] = $filename; sp_update_member_item($thisUser, 'avatar', $avatar); # fire action for plugins $message = apply_filters('sph_UpdateProfileAvatarRemote', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Remote avatar updated'); } break; case 'edit-signature': # save signature # Check if maxmium links has been exceeded $numLinks = substr_count($_POST['postitem'], '</a>'); $spFilters = sp_get_option('sffilters'); if (!sp_get_auth('create_links', 'global', $thisUser) && $numLinks > 0 && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('You are not allowed to put links in signatures'); return $message; } if (sp_get_auth('create_links', 'global', $thisUser) && $spFilters['sfmaxlinks'] != 0 && $numLinks > $spFilters['sfmaxlinks'] && !$spThisUser->admin) { $message['type'] = 'error'; $message['text'] = sp_text('Maximum number of allowed links exceeded in signature') . ': ' . $spFilters['sfmaxlinks'] . ' ' . sp_text('allowed'); return $message; } // $sig = esc_sql(sp_filter_save_kses(trim($_POST['postitem']))); $sig = sp_filter_content_save($_POST['postitem'], 'edit'); sp_update_member_item($thisUser, 'signature', $sig); # fire action for plugins $message = apply_filters('sph_UpdateProfileSignature', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Signature updated'); } break; case 'edit-photos': # save photos $photos = array(); $spProfileOptions = sp_get_option('sfprofile'); for ($x = 0; $x < $spProfileOptions['photosmax']; $x++) { $photos[$x] = sp_filter_url_save($_POST['photo' . $x]); } update_user_meta($thisUser, 'photos', $photos); # fire action for plugins $message = apply_filters('sph_UpdateProfilePhotos', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Photos updated'); } break; case 'edit-global-options': # save global options $options = sp_get_member_item($thisUser, 'user_options'); $options['hidestatus'] = isset($_POST['hidestatus']) ? true : false; $update = apply_filters('sph_ProfileUserSyncNameUpdate', true); if ($update) { $options['namesync'] = isset($_POST['namesync']) ? true : false; } sp_update_member_item($thisUser, 'user_options', $options); # fire action for plugins $message = apply_filters('sph_UpdateProfileGlobalOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Global options updated'); } break; case 'edit-posting-options': # save posting options $update = apply_filters('sph_ProfileUserEditorUpdate', true); if ($update) { $options = sp_get_member_item($thisUser, 'user_options'); if (isset($_POST['editor'])) { $options['editor'] = sp_esc_int($_POST['editor']); } sp_update_member_item($thisUser, 'user_options', $options); } # fire action for plugins $message = apply_filters('sph_UpdateProfilePostingOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Posting options updated'); } break; case 'edit-display-options': # save display options $options = sp_get_member_item($thisUser, 'user_options'); if (isset($_POST['timezone'])) { if (preg_match('/^UTC[+-]/', $_POST['timezone'])) { # correct for manual UTC offets $userOffset = preg_replace('/UTC\\+?/', '', $_POST['timezone']) * 3600; } else { # get timezone offset for user $date_time_zone_selected = new DateTimeZone(sp_esc_str($_POST['timezone'])); $userOffset = timezone_offset_get($date_time_zone_selected, date_create()); } # get timezone offset for server based on wp settings $wptz = get_option('timezone_string'); if (empty($wptz)) { $serverOffset = get_option('gmt_offset'); } else { $date_time_zone_selected = new DateTimeZone($wptz); $serverOffset = timezone_offset_get($date_time_zone_selected, date_create()); } # calculate time offset between user and server $options['timezone'] = (int) round(($userOffset - $serverOffset) / 3600, 2); $options['timezone_string'] = sp_esc_str($_POST['timezone']); } else { $options['timezone'] = 0; $options['timezone_string'] = 'UTC'; } if (isset($_POST['unreadposts'])) { $sfcontrols = sp_get_option('sfcontrols'); $options['unreadposts'] = is_numeric($_POST['unreadposts']) ? max(min(sp_esc_int($_POST['unreadposts']), $sfcontrols['sfmaxunreadposts']), 0) : $sfcontrols['sfdefunreadposts']; } $options['topicASC'] = isset($_POST['topicASC']); $options['postDESC'] = isset($_POST['postDESC']); sp_update_member_item($thisUser, 'user_options', $options); # fire action for plugins $message = apply_filters('sph_UpdateProfileDisplayOptions', $message, $thisUser); # output profile save status if (empty($message)) { $message['type'] = 'success'; $message['text'] = sp_text('Display options updated'); } break; default: break; } # let plugins do their thing on success $message = apply_filters('sph_ProfileFormSave_' . $thisForm, $message, $thisUser, $thisForm); do_action('sph_UpdateProfile', $thisUser, $thisForm); # reset the plugin_data just in case sp_reset_member_plugindata($thisUser); # done saving - return the messages return $message; }
echo '</fieldset>'; } if ($action == 'delsmiley') { $file = sp_esc_str($_GET['file']); $path = SF_STORE_DIR . '/' . $spPaths['smileys'] . '/' . $file; @unlink($path); # load smiles from sfmeta $meta = sp_get_sfmeta('smileys', 'smileys'); # now cycle through to remove this entry and resave if (!empty($meta[0]['meta_value'])) { $newsmileys = array(); foreach ($meta[0]['meta_value'] as $name => $info) { if ($info[0] != $file) { $newsmileys[$name][0] = sp_filter_title_save($info[0]); $newsmileys[$name][1] = sp_filter_name_save($info[1]); $newsmileys[$name][2] = sp_filter_name_save($info[2]); $newsmileys[$name][3] = $info[3]; $newsmileys[$name][4] = $info[4]; } } sp_update_sfmeta('smileys', 'smileys', $newsmileys, $meta[0]['meta_id'], true); } echo '1'; } if ($action == 'delbadge') { $file = sp_esc_str($_GET['file']); $path = SF_STORE_DIR . '/' . $spPaths['ranks'] . '/' . $file; @unlink($path); echo '1'; } die;
function sp_save_edited_post() { global $spThisUser, $spVars, $spGlobals; # post id of edited post $newpost = array(); $newpost['postid'] = sp_esc_int($_POST['pid']); # no post editng if guest, in post edit mode or lockdwon if ($spVars['displaymode'] == 'edit' && $spVars['postedit'] == $newpost['postid']) { return; } if ($spGlobals['lockdown']) { return; } # data for the post - want to ensure absolute forum id plus used for notifications later $post = spdb_table(SFPOSTS, "post_id={$newpost['postid']}", 'row'); $topic = spdb_table(SFTOPICS, "topic_id={$post->topic_id}", 'row'); # verify we can edit this post $canEdit = false; if (sp_get_auth('edit_any_post', $post->forum_id)) { $canEdit = true; } else { if ($post->user_id == $spThisUser->ID) { $last_post = $newpost['postid'] == $topic->post_id || $post->post_status == 1 && $newpost['postid'] == $topic->post_id_held; $edit_days = sp_get_option('editpostdays'); $post_date = strtotime(sp_date('d', $post->post_date)); $date_diff = floor((time() - $post_date) / (60 * 60 * 24)); if (sp_get_auth('edit_own_posts_forever', $post->forum_id) || sp_get_auth('edit_own_posts_reply', $post->forum_id) && $last_post || sp_get_auth('edit_own_posts_for_time', $post->forum_id) && $date_diff <= $edit_days) { $canEdit = true; } } } if (!$canEdit) { sp_notify(SPFAILURE, sp_text('Edit failed - you do not have permission')); return; } # post info $newpost['postcontent'] = $_POST['postitem']; $newpost['postcontent'] = sp_filter_content_save($newpost['postcontent'], 'edit', true, SFPOSTS, 'post_content'); $newpost['forumid'] = sp_esc_int($_POST['forumid']); $newpost['forumslug'] = sp_esc_str($_POST['forumslug']); $newpost['topicid'] = sp_esc_int($_POST['topicid']); $newpostt['topicslug'] = sp_esc_str($_POST['topicslug']); # post edit array $history = spdb_select('var', 'SELECT post_edit FROM ' . SFPOSTS . " WHERE post_id='{$newpost['postid']}'", ARRAY_A); $postedits = !empty($history) ? unserialize($history) : array(); $x = count($postedits); $edittime = current_time('mysql'); $postedits[$x]['by'] = sp_filter_name_save($spThisUser->display_name); $postedits[$x]['at'] = strtotime($edittime); $newpost['postedits'] = serialize($postedits); $newpost['postcontent'] = apply_filters('sph_post_edit_data', $newpost['postcontent'], $newpost['postid'], $spThisUser->ID); $date_update = ''; if (!empty($_POST['editTimestamp'])) { $yy = sp_esc_int($_POST['tsYear']); $mm = sp_esc_int($_POST['tsMonth']); $dd = sp_esc_int($_POST['tsDay']); $hh = sp_esc_int($_POST['tsHour']); $mn = sp_esc_int($_POST['tsMinute']); $ss = sp_esc_int($_POST['tsSecond']); $dd = $dd > 31 ? 31 : $dd; $hh = $hh > 23 ? $hh - 24 : $hh; $mn = $mn > 59 ? $mn - 60 : $mn; $ss = $ss > 59 ? $ss - 60 : $ss; $newpost['postdate'] = sprintf('%04d-%02d-%02d %02d:%02d:%02d', $yy, $mm, $dd, $hh, $mn, $ss); $date_update = ', post_date = "' . $newpost['postdate'] . '"'; } $sql = 'UPDATE ' . SFPOSTS . " SET post_content='{$newpost['postcontent']}', post_edit='{$newpost['postedits']}'{$date_update} WHERE post_id={$newpost['postid']}"; if (spdb_query($sql) == false) { sp_notify(SPFAILURE, sp_text('Update failed')); } else { sp_notify(SPSUCCESS, sp_text('Updated post saved')); # set up some data for notifications $link = sp_permalink_from_postid($newpost['postid']); # notify admins/mods of edit $users = spdb_select('set', 'SELECT user_id, admin_options FROM ' . SFMEMBERS . " WHERE admin=1 OR moderator=1"); if ($users) { $time = time() + 7 * 24 * 60 * 60; $text = sp_text('A user has edited the post'); foreach ($users as $user) { $options = unserialize($user->admin_options); if ($options['notify-edited'] && $spThisUser->ID != $user->user_id) { # dont notify self $nData = array(); $nData['user_id'] = $user->user_id; $nData['guest_email'] = ''; $nData['post_id'] = $newpost['postid']; $nData['link'] = $link; $nData['link_text'] = $topic->topic_name; $nData['message'] = $text; $nData['expires'] = $time; # 7 days; 24 hours; 60 mins; 60secs sp_add_notice($nData); } } } # notify author of change $sfadminsettings = sp_get_option('sfadminsettings'); if ($sfadminsettings['editnotice'] && $spThisUser->ID != $post->user_id) { $nData = array(); $nData['user_id'] = $post->user_id; $nData['guest_email'] = $post->guest_email; $nData['post_id'] = $newpost['postid']; $nData['link'] = $link; $nData['link_text'] = $topic->topic_name; $nData['message'] = sp_text('An edit has been made to your post'); $nData['expires'] = time() + 30 * 24 * 60 * 60; # 30 days; 24 hours; 60 mins; 60secs sp_add_notice($nData); } } $newpost['userid'] = $spThisUser->ID; $newpost['action'] = 'edit'; do_action('sph_post_edit_after_save', $newpost); }
function spa_save_email_data() { check_admin_referer('forum-adminform_email', 'forum-adminform_email'); $mess = spa_text('Options updated'); # Save Email Options # Thanks to Andrew Hamilton for these routines (mail-from plugion) # Remove any illegal characters and convert to lowercase both the user name and domain name $domain_input_errors = array('http://', 'https://', 'ftp://', 'www.'); $domainname = strtolower(sp_filter_title_save(trim($_POST['sfmaildomain']))); $domainname = str_replace($domain_input_errors, '', $domainname); $domainname = preg_replace('/[^0-9a-z\\-\\.]/i', '', $domainname); $illegal_chars_username = array('(', ')', '<', '>', ',', ';', ':', '\\', '"', '[', ']', '@', ' '); $username = strtolower(sp_filter_name_save(trim($_POST['sfmailfrom']))); $username = str_replace($illegal_chars_username, '', $username); $sfmail = array(); $sfmail['sfmailsender'] = sp_filter_name_save(trim($_POST['sfmailsender'])); $sfmail['sfmailfrom'] = $username; $sfmail['sfmaildomain'] = $domainname; $sfmail['sfmailuse'] = isset($_POST['sfmailuse']); sp_update_option('sfmail', $sfmail); # Save new user mail options $sfmail = array(); $sfmail['sfusespfreg'] = isset($_POST['sfusespfreg']); $sfmail['sfnewusersubject'] = sp_filter_title_save(trim($_POST['sfnewusersubject'])); $sfmail['sfnewusertext'] = sp_filter_title_save(trim($_POST['sfnewusertext'])); sp_update_option('sfnewusermail', $sfmail); do_action('sph_option_email_save'); return $mess; }
function sp_rpx_create_wp_user($auth_info) { $p = $auth_info['profile']; $rid = $p['identifier']; $provider_name = $p['providerName']; $username = $p['preferredUsername']; if (!$username || sp_rpx_username_taken($username)) { $username = sp_rpx_get_user_login_name($rid); } $last_name = null; $first_name = null; if (!empty($p['name'])) { $first_name = $p['name']['givenName']; $last_name = $p['name']['familyName']; } $email = '*****@*****.**'; if (!empty($p['email'])) { $email = sp_filter_email_save($p['email']); } $userdata = array('user_pass' => wp_generate_password(), 'user_login' => $username, 'display_name' => sp_filter_name_save($p['displayName']), 'user_url' => $p['url'], 'user_email' => $email, 'first_name' => $first_name, 'last_name' => $last_name, 'nickname' => $p['displayName']); # try to create new user $wpuid = wp_insert_user($userdata); if ($wpuid && !is_wp_error($wpuid)) { update_user_meta($wpuid, 'rpx_identifier', $rid); # remove temp email? if ($email == '*****@*****.**') { spdb_query('UPDATE ' . SFUSERS . " SET user_email='' WHERE ID={$wpuid}"); } } return $wpuid; }
function validateData() { $this->abort = false; $this->newpost['action'] = $this->action; # Check flood control (done here vice validatePermission() so we can use the return to post feature) if (!sp_get_auth('bypass_flood_control', $this->newpost['forumid'], $this->userid)) { $flood = sp_get_cache('floodcontrol'); if (!empty($flood) && time() < $flood) { $this->abort = true; $this->message = sp_text('Flood control exceeded, please slow down - Post cannot be saved yet'); return; } } # Check topic name if (empty($this->newpost['topicname'])) { $this->abort = true; $this->message = sp_text('No topic name has been entered and post cannot be saved'); return; } else { $this->newpost['topicname'] = sp_filter_title_save($this->newpost['topicname'], SFTOPICS, 'topic_name'); } # Check Post Content if (empty($this->newpost['postcontent'])) { $this->abort = true; $this->message = sp_text('No topic post has been entered and post cannot be saved'); return; } else { $this->newpost['postcontent_unescaped'] = sp_filter_content_save($this->newpost['postcontent'], 'new', false, SFPOSTS, 'post_content'); $this->newpost['postcontent'] = sp_filter_content_save($this->newpost['postcontent'], 'new', true, SFPOSTS, 'post_content'); } # Check and set user names/ids etc if ($this->guest) { $sfguests = sp_get_option('sfguests'); if (empty($this->newpost['guestname']) || (empty($this->newpost['guestemail']) || !is_email($this->newpost['guestemail'])) && $sfguests['reqemail']) { $this->abort = true; $this->message = sp_text('Guest name and valid email address required'); return; } # force maximum lengths $this->newpost['guestname'] = substr(sp_filter_name_save($this->newpost['guestname']), 0, 20); $this->newpost['guestemail'] = substr(sp_filter_email_save($this->newpost['guestemail']), 0, 50); $this->newpost['postername'] = $this->newpost['guestname']; $this->newpost['posteremail'] = $this->newpost['guestemail']; # check for blacklisted guest name $blockedGuest = sp_get_option('guest-name'); if (!empty($blockedGuest)) { $names = explode(',', $blockedGuest); foreach ($names as $name) { if (strtolower(trim($name)) == strtolower($this->newpost['guestname'])) { $this->abort = true; $this->message = sp_text('The guest name you have chosen is not allowed on this site'); return; } } } # check that the guest name is not the same as a current user $checkdupe = spdb_table(SFMEMBERS, "display_name='" . $this->newpost['guestname'] . "'", 'display_name'); if (!empty($checkdupe)) { $this->abort = true; $this->message = sp_text('This user name already belongs to a forum member'); return; } } # Check if links allowed or if maxmium links have been exceeded $sffilters = sp_get_option('sffilters'); if (!$this->admin) { $links = $this->count_links(); if (sp_get_auth('create_links', $this->newpost['forumid'], $this->userid)) { if ($sffilters['sfmaxlinks'] > 0 && $links > $sffilters['sfmaxlinks']) { $this->abort = true; $this->message = sp_text('Maximum number of allowed links exceeded') . ': ' . $sffilters['sfmaxlinks'] . ' ' . sp_text('allowed'); return; } } else { if ($links > 0) { $this->abort = true; $this->message = sp_text('You are not allowed to put links in post content'); return; } } } # Check if maxmium smileys have been exceeded if (!$this->admin) { if (isset($sffilters['sfmaxsmileys']) && $sffilters['sfmaxsmileys'] > 0 && $this->count_smileys() > $sffilters['sfmaxsmileys']) { $this->abort = true; $this->message = sp_text('Maximum number of allowed smileys exceeded') . ': ' . $sffilters['sfmaxsmileys'] . ' ' . sp_text('allowed'); return; } } # Check for duplicate post of option is set if ($this->member && $sffilters['sfdupemember'] == true || $this->guest && $sffilters['sfdupeguest'] == true) { # But not admin or moderator if (!$this->admin && !$this->moderator) { $dupecheck = spdb_table(SFPOSTS, 'forum_id = ' . $this->newpost['forumid'] . ' AND topic_id=' . $this->newpost['topicid'] . " AND post_content='" . $this->newpost['postcontent'] . "' AND poster_ip='" . $this->newpost['posterip'] . "'", 'row', '', '', ARRAY_A); if ($dupecheck) { $this->abort = true; $this->message = sp_text('Duplicate post refused'); return; } } } # Establish moderation status $bypassAll = sp_get_auth('bypass_moderation', $this->newpost['forumid'], $this->userid); $bypassOnce = sp_get_auth('bypass_moderation_once', $this->newpost['forumid'], $this->userid); if ($bypassAll == true && $bypassOnce == true) { $this->newpost['poststatus'] = 0; } else { if ($bypassAll == false && $bypassOnce == false) { $this->newpost['poststatus'] = 1; } else { if ($bypassAll == true && $bypassOnce == false) { $this->newpost['poststatus'] = 1; if ($this->member) { $prior = spdb_table(SFPOSTS, 'user_id=' . $this->newpost['userid'] . ' AND post_status=0', 'row', '', '1'); if ($prior) { $this->newpost['poststatus'] = 0; } } else { if ($this->guest) { $prior = spdb_table(SFPOSTS, "guest_name='" . $this->newpost['guestname'] . "' AND guest_email='" . $this->newpost['guestemail'] . "' AND post_status=0", 'row', '', '1'); if ($prior) { $this->newpost['poststatus'] = 0; } } } } else { $this->newpost['poststatus'] = 1; } } } # Finally one or two other data items if ($this->action == 'topic') { $this->newpost['topicslug'] = sp_create_slug($this->newpost['topicname'], true, SFTOPICS, 'topic_slug'); } else { $this->newpost['emailprefix'] = 'Re: '; } $this->newpost['groupname'] = sp_get_group_name_from_forum($this->newpost['forumid']); if (empty($this->newpost['forumname'])) { $this->newpost['forumname'] = spdb_table(SFFORUMS, "forum_slug='" . $this->newpost['forumslug'] . "'", 'forum_name'); } $this->newpost = apply_filters('sph_post_data_validation', $this->newpost); do_action('sph_pre_post_create', $this->newpost); $this->newpost = apply_filters('sph_new_forum_post', $this->newpost); }
function sp_delete_member_data($userid, $blog_id = '') { if (!$userid) { return ''; } global $wpdb; # if removing user from network site, make sure sp installed on that network site if (!empty($blog_id)) { $optionstable = $wpdb->get_var("SHOW TABLES LIKE '" . $wpdb->prefix . "sfoptions'"); if (empty($optionstable)) { return; } } # 1: get users email address $user_email = sp_filter_email_save($wpdb->get_var('SELECT user_email from ' . $wpdb->prefix . "users WHERE ID={$userid}")); # 2: get the users display name from members table $display_name = $wpdb->get_var('SELECT display_name FROM ' . $wpdb->prefix . "sfmembers WHERE user_id = {$userid}"); $display_name = sp_filter_name_save(maybe_unserialize($display_name)); # 3: Set user name and email to guest name and meail in all of their posts $wpdb->query('UPDATE ' . $wpdb->prefix . "sfposts SET user_id=NULL, guest_name='{$display_name}', guest_email='{$user_email}' WHERE user_id={$userid}"); # 7: Remove from recent members list if present sp_remove_newuser($userid); # 8: Remove from Members table $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfmembers WHERE user_id={$userid}"); # 9: Remove user group memberships $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfmemberships WHERE user_id={$userid}"); #10 check if forum moderator list needs updating sp_update_forum_moderators(); do_action('sph_member_deleted', $userid); }
function spa_save_plugin_list_actions() { check_admin_referer('forum-adminform_plugins', 'forum-adminform_plugins'); if (!sp_current_user_can('SPF Manage Plugins')) { spa_etext('Access denied - you do not have permission'); die; } if (empty($_POST['checked'])) { return spa_text('Error - no plugins selected'); } $action = ''; if (isset($_POST['action']) && $_POST['action'] != -1) { $action = $_POST['action']; } if (isset($_POST['action2']) && $_POST['action2'] != -1) { $action = $_POST['action2']; } switch ($action) { case 'activate-selected': $activate = false; foreach ($_POST['checked'] as $plugin) { $plugin = sp_filter_name_save($plugin); if (!sp_is_plugin_active($plugin)) { $activate = true; sp_activate_sp_plugin($plugin); } } if ($activate) { $msg = spa_text('Selected plugins activated'); } else { $msg = spa_text('All selected plugins already active'); } break; case 'deactivate-selected': $deactivate = false; foreach ($_POST['checked'] as $plugin) { $plugin = sp_filter_name_save($plugin); if (sp_is_plugin_active($plugin)) { $deactivate = true; sp_deactivate_sp_plugin($plugin); } } if ($deactivate) { $msg = spa_text('Selected plugins deactivated'); } else { $msg = spa_text('All selected plugins already deactived'); } break; case 'delete-selected': $active = false; foreach ($_POST['checked'] as $plugin) { $plugin = sp_filter_name_save($plugin); if (!sp_is_plugin_active($plugin)) { sp_delete_sp_plugin($plugin); } else { $active = true; } } if ($active) { $msg = spa_text('Selected plugins deleted but any active plugins were not deleted'); } else { $msg = spa_text('Selected plugins deleted'); } break; default: $msg = spa_text('Error - no action selected'); break; } return $msg; }
$p->userid = $spThisUser->ID; $p->admin = $spThisUser->admin; $p->moderator = $spThisUser->moderator; $p->member = $spThisUser->member; $p->guest = $spThisUser->guest; $p->action = 'post'; $p->call = 'quickreply'; $p->newpost['topicid'] = sp_esc_int($_GET['tid']); $p->newpost['forumid'] = sp_esc_int($_GET['fid']); $p->newpost['forumslug'] = spdb_table(SFFORUMS, 'forum_id=' . $p->newpost['forumid'], 'forum_slug'); $t = spdb_table(SFTOPICS, 'topic_id=' . $p->newpost['topicid'], 'row'); $p->newpost['topicslug'] = $t->topic_slug; $p->newpost['topicname'] = $t->topic_name; $p->newpost['postcontent'] = urldecode($_GET['postitem']); $p->newpost['userid'] = $spThisUser->ID; $p->newpost['postername'] = sp_filter_name_save($spThisUser->display_name); $p->newpost['posteremail'] = sp_filter_email_save($spThisUser->user_email); $p->newpost['poserip'] = sp_get_ip(); $p->validateData(); if ($p->abort) { trigger_error('Quick Reply - Validation: ' . $p->message, E_USER_WARNING); die; } $p->saveData(); if ($p->abort) { trigger_error('Quick Reply - Save: ' . $p->message, E_USER_WARNING); die; } # let plugins act on quick reply do_action('sph_quick_reply', $p->newpost); echo __('Quick reply saved', 'spab');
function sp_delete_member_data($userid, $blog_id = '', $delete_option = 'spguest', $reassign = 0) { if (!$userid) { return ''; } global $wpdb; # if removing user from network site, make sure sp installed on that network site if (!empty($blog_id)) { $optionstable = $wpdb->get_var("SHOW TABLES LIKE '" . $wpdb->prefix . "sfoptions'"); if (empty($optionstable)) { return; } } # let plugins clean up from member removal first do_action('sph_member_deleted', $userid); # remove member from core $option = isset($_POST['sp_delete_option']) ? sp_esc_str($_POST['sp_delete_option']) : $delete_option; switch ($option) { case 'spreassign': $newuser = isset($_POST['sp_reassign_user']) ? sp_esc_int($_POST['sp_reassign_user']) : $reassign; # Set poster ID to the new user id $wpdb->query('UPDATE ' . $wpdb->prefix . "sfposts SET user_id={$newuser} WHERE user_id={$userid}"); $wpdb->query('UPDATE ' . $wpdb->prefix . "sftopics SET user_id={$newuser} WHERE user_id={$userid}"); break; case 'spdelete': # need to get topics for user posts to see if topic will be empty after deleting posts $topics = spdb_select('set', 'SELECT DISTINCT topic_id, forum_id FROM ' . SFPOSTS . " WHERE user_id={$userid}"); # delete all the user posts spdb_query('DELETE FROM ' . SFPOSTS . " WHERE user_id={$userid}"); # if any topics are now empty of posts, lets remove the topic and update the forum if (!empty($topics)) { foreach ($topics as $topic) { $posts = spdb_table(SFPOSTS, "topic_id={$topic->topic_id}"); if (empty($posts)) { spdb_query('DELETE FROM ' . SFTOPICS . " WHERE topic_id={$topic->topic_id}"); } else { sp_build_post_index($topic->topic_id); } sp_build_forum_index($topic->forum_id); } } break; case 'spguest': default: # get users email address $user_email = sp_filter_email_save($wpdb->get_var('SELECT user_email from ' . $wpdb->prefix . "users WHERE ID={$userid}")); # get the users display name from members table $display_name = $wpdb->get_var('SELECT display_name FROM ' . $wpdb->prefix . "sfmembers WHERE user_id = {$userid}"); $display_name = sp_filter_name_save(maybe_unserialize($display_name)); # Set user name and email to guest name and meail in all of their posts $wpdb->query('UPDATE ' . $wpdb->prefix . "sfposts SET user_id=0, guest_name='{$display_name}', guest_email='{$user_email}' WHERE user_id={$userid}"); $wpdb->query('UPDATE ' . $wpdb->prefix . "sftopics SET user_id=0 WHERE user_id={$userid}"); } # flush and rebuild topic cache sp_rebuild_topic_cache(); # remove from various core tables $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfmembers WHERE user_id={$userid}"); $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfmemberships WHERE user_id={$userid}"); $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfspecialranks WHERE user_id={$userid}"); $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sftrack WHERE trackuserid={$userid}"); $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfnotices WHERE user_id={$userid}"); $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfuseractivity WHERE user_id={$userid}"); $wpdb->query('DELETE FROM ' . $wpdb->prefix . "sfwaiting WHERE user_id={$userid}"); # eemove from recent members list if present sp_remove_newuser($userid); # check if forum moderator list needs updating sp_update_forum_moderators(); }
function spa_save_options_data() { check_admin_referer('forum-adminform_options', 'forum-adminform_options'); $mess = spa_text('Profile options updated'); $sfprofile = sp_get_option('sfprofile'); $old_sfprofile = $sfprofile; $sfprofile['nameformat'] = isset($_POST['nameformat']); $sfprofile['fixeddisplayformat'] = sp_esc_int($_POST['fixeddisplayformat']); $sfprofile['displaymode'] = sp_esc_int($_POST['displaymode']); $sfprofile['displaypage'] = sp_filter_save_cleanurl($_POST['displaypage']); $sfprofile['displayquery'] = sp_filter_title_save(trim($_POST['displayquery'])); $sfprofile['formmode'] = sp_esc_int($_POST['formmode']); $sfprofile['formpage'] = sp_filter_save_cleanurl($_POST['formpage']); $sfprofile['formquery'] = sp_filter_title_save(trim($_POST['formquery'])); $sfprofile['photosmax'] = sp_esc_int($_POST['photosmax']); $sfprofile['photoswidth'] = sp_esc_int($_POST['photoswidth']); $sfprofile['photosheight'] = sp_esc_int($_POST['photosheight']); if ($sfprofile['photosmax'] && $sfprofile['photoswidth'] == 0) { $sfprofile['photoswidth'] = 300; } $sfsigimagesize = array(); $sfsigimagesize['sfsigwidth'] = sp_esc_int($_POST['sfsigwidth']); $sfsigimagesize['sfsigheight'] = sp_esc_int($_POST['sfsigheight']); sp_update_option('sfsigimagesize', $sfsigimagesize); $sfprofile['firstvisit'] = isset($_POST['firstvisit']); $sfprofile['forcepw'] = isset($_POST['forcepw']); $sfprofile['sfprofiletext'] = sp_filter_text_save(trim($_POST['sfprofiletext'])); sp_update_option('sfprofile', $sfprofile); # if changed force pw from true to false, remove any users waiting for pw change if ($old_sfprofile['forcepw'] && !$sfprofile['forcepw']) { delete_metadata('user', 0, 'sp_change_pw', '', true); } # If the name format changes from dynamic to fixed, we need to update # the display_name field for all users based on the selection from the dropdown # If there is a conflict between display names, a numeric value will be added to the # end of the display name to make them unique. # ---------------------------------------------------------------------------------- if ($old_sfprofile['nameformat'] != $sfprofile['nameformat'] && empty($sfprofile['nameformat']) || $old_sfprofile['fixeddisplayformat'] != $sfprofile['fixeddisplayformat'] && empty($sfprofile['nameformat'])) { # The display format determines the WHERE clause and the tables to join. # ---------------------------------------------------------------------- $fields = ''; $user_join = SFUSERS . ' ON ' . SFMEMBERS . '.user_id = ' . SFUSERS . '.ID'; $first_name_join = SFUSERMETA . ' a ON (' . SFUSERS . '.ID = a.user_id AND a.meta_key = \'first_name\')'; $last_name_join = SFUSERMETA . ' b ON (' . SFUSERS . '.ID = b.user_id AND b.meta_key = \'last_name\')'; # Determine how many passes its going to take to update all users in the system # based on 100 users per pass. # ----------------------------------------------------------------------------- $num_records = spdb_count(SFMEMBERS, ''); $passes = ceil($num_records / 100); $dupes = array(); for ($i = 0; $i <= $passes; $i++) { $limit = 100; $offset = $i * $limit; $fields = SFMEMBERS . '.user_id, ' . SFUSERS . '.user_login, ' . SFUSERS . '.display_name, a.meta_value as first_name, b.meta_value as last_name'; $join = array($user_join, $first_name_join, $last_name_join); $spdb = new spdbComplex(); $spdb->table = SFMEMBERS; $spdb->fields = $fields; $spdb->left_join = $join; $spdb->limits = $limit . ' OFFSET ' . $offset; $spdb->order = SFMEMBERS . '.user_id'; $spdb = apply_filters('sph_fixeddisplayformat_query', $spdb); $records = $spdb->select(); foreach ($records as $r) { switch ($sfprofile['fixeddisplayformat']) { default: case '0': $display_name = $r->display_name; break; case '1': $display_name = $r->user_login; break; case '2': $display_name = $r->first_name; break; case '3': $display_name = $r->last_name; break; case '4': $display_name = $r->first_name . ' ' . $r->last_name; break; case '5': $display_name = $r->last_name . ', ' . $r->first_name; break; case '6': $display_name = $r->first_name[0] . ' ' . $r->last_name; break; case '7': $display_name = $r->first_name . ' ' . $r->last_name[0]; break; case '8': $display_name = $r->first_name[0] . $r->last_name[0]; break; } # If the display name is empty for any reason, default to the user login name $display_name = trim($display_name); if (empty($display_name)) { $display_name = $r->user_login; } # Check to see if there are any matching users with this display name. If so # assign a random number to the end to eliminate the duplicate # ---------------------------------------------------------------------------- $conflict = spdb_count(SFMEMBERS, 'display_name = "' . $display_name . '" AND user_id <> ' . $r->user_id); if ($conflict > 0) { if (array_key_exists($display_name, $dupes)) { $dupes[$display_name]++; } else { $dupes[$display_name] = 1; } $display_name = $display_name . $dupes[$display_name]; } # Now Update the member record # ---------------------------- $display_name = sp_filter_name_save($display_name); $query = 'UPDATE ' . SFMEMBERS . ' SET display_name = "' . $display_name . '" WHERE user_id = ' . $r->user_id; $result = spdb_query($query); } } # update the recent members in stats too sp_update_recent_members(); } do_action('sph_profiles_options_save'); return $mess; }