/** * Returns an array of found directories * * This function checks every found directory if they match either $uid or $gid, if they do * the found directory is valid. It uses recursive function calls to find subdirectories. Due * to the recursive behauviour this function may consume much memory. * * @param string path The path to start searching in * @param integer uid The uid which must match the found directories * @param integer gid The gid which must match the found direcotries * @param array _fileList recursive transport array !for internal use only! * @return array Array of found valid pathes * * @author Martin Burchert <*****@*****.**> * @author Manuel Bernhardt <*****@*****.**> */ function findDirs($path, $uid, $gid) { $list = array($path); $_fileList = array(); while (sizeof($list) > 0) { $path = array_pop($list); $path = makeCorrectDir($path); if (!is_readable($path) || !is_executable($path)) { //return $_fileList; // only 'skip' this directory, #611 continue; } $dh = opendir($path); if ($dh === false) { /* * this should never be called because we checked * 'is_readable' before...but we never know what might happen */ standard_error('cannotreaddir', $path); return null; } else { while (false !== ($file = @readdir($dh))) { if ($file == '.' && (fileowner($path . '/' . $file) == $uid || filegroup($path . '/' . $file) == $gid)) { $_fileList[] = makeCorrectDir($path); } if (is_dir($path . '/' . $file) && $file != '..' && $file != '.') { array_push($list, $path . '/' . $file); } } @closedir($dh); } } return $_fileList; }
function verify_strike_status($username = '', $supress_error = false) { global $vbulletin; $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600)); if (!$vbulletin->options['usestrikesystem']) { return 0; } $strikes = $vbulletin->db->query_first("\n\t\tSELECT COUNT(*) AS strikes, MAX(striketime) AS lasttime\n\t\tFROM " . TABLE_PREFIX . "strikes\n\t\tWHERE strikeip = '" . $vbulletin->db->escape_string(IPADDRESS) . "'\n\t"); if ($strikes['strikes'] >= 5 and $strikes['lasttime'] > TIMENOW - 900) { //they've got it wrong 5 times or greater for any username at the moment // the user is still not giving up so lets keep increasing this marker exec_strike_user($username); if (!$supress_error) { eval(standard_error(fetch_error('strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl']))); } else { return false; } } else { if ($strikes['strikes'] > 5) { // a bit sneaky but at least it makes the error message look right $strikes['strikes'] = 5; } } return $strikes['strikes']; }
/** * Fetches information about the selected message with permission checks * * @param integer The post we want info about * @param mixed Should a permission check be performed as well * * @return array Array of information about the message or prints an error if it doesn't exist / permission problems */ function verify_visitormessage($vmid, $alert = true, $perm_check = true) { global $vbulletin, $vbphrase; $messageinfo = fetch_visitormessageinfo($vmid); if (!$messageinfo) { if ($alert) { standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); } else { return 0; } } if ($perm_check) { if ($messageinfo['state'] == 'deleted') { $can_view_deleted = (can_moderate(0, 'canmoderatevisitormessages') or $messageinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile']); if (!$can_view_deleted) { standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); } } if ($messageinfo['state'] == 'moderation') { $can_view_moderated = ($messageinfo['postuserid'] == $vbulletin->userinfo['userid'] or $messageinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['visitormessagepermissions'] & $vbulletin->bf_ugp_visitormessagepermissions['canmanageownprofile'] or can_moderate(0, 'canmoderatevisitormessages')); if (!$can_view_moderated) { standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); } } // Need coventry support first // if (in_coventry($userinfo['userid']) AND !can_moderate()) // { // standard_error(fetch_error('invalidid', $vbphrase['visitor_message'], $vbulletin->options['contactuslink'])); // } } return $messageinfo; }
/** * Validates the given string by matching against the pattern, prints an error on failure and exits * * @param string $str the string to be tested (user input) * @param string the $fieldname to be used in error messages * @param string $pattern the regular expression to be used for testing * @param string language id for the error * @return string the clean string * * If the default pattern is used and the string does not match, we try to replace the * 'bad' values and log the action. * */ function validate($str, $fieldname, $pattern = '', $lng = '', $emptydefault = array()) { global $log; if (!is_array($emptydefault)) { $emptydefault_array = array($emptydefault); unset($emptydefault); $emptydefault = $emptydefault_array; unset($emptydefault_array); } // Check if the $str is one of the values which represent the default for an 'empty' value if (is_array($emptydefault) && !empty($emptydefault) && in_array($str, $emptydefault) && isset($emptydefault[0])) { return $emptydefault[0]; } if ($pattern == '') { $pattern = '/^[^\\r\\n\\t\\f\\0]*$/D'; if (!preg_match($pattern, $str)) { // Allows letters a-z, digits, space (\\040), hyphen (\\-), underscore (\\_) and backslash (\\\\), // everything else is removed from the string. $allowed = "/[^a-z0-9\\040\\.\\-\\_\\\\]/i"; preg_replace($allowed, "", $str); $log->logAction(null, LOG_WARNING, "cleaned bad formatted string (" . $str . ")"); } } if (preg_match($pattern, $str)) { return $str; } if ($lng == '') { $lng = 'stringformaterror'; } standard_error($lng, $fieldname); exit; }
/** * this functions validates a given value as ErrorDocument * refs #267 * * @param string error-document-string * * @return string error-document-string * */ function correctErrorDocument($errdoc = null) { global $idna_convert; if ($errdoc !== null && $errdoc != '') { // not a URL if (strtoupper(substr($errdoc, 0, 5)) != 'HTTP:' && strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:' || !validateUrl($errdoc)) { // a file if (substr($errdoc, 0, 1) != '"') { $errdoc = makeCorrectFile($errdoc); // apache needs a starting-slash (starting at the domains-docroot) if (!substr($errdoc, 0, 1) == '/') { $errdoc = '/' . $errdoc; } } else { // string won't work for lighty if (Settings::Get('system.webserver') == 'lighttpd') { standard_error('stringerrordocumentnotvalidforlighty'); } elseif (substr($errdoc, -1) != '"') { $errdoc .= '"'; } } } else { if (Settings::Get('system.webserver') == 'lighttpd') { standard_error('urlerrordocumentnotvalidforlighty'); } } } return $errdoc; }
/** * Returns an array of found directories * * This function checks every found directory if they match either $uid or $gid, if they do * the found directory is valid. It uses recursive function calls to find subdirectories. Due * to the recursive behauviour this function may consume much memory. * * @param string path The path to start searching in * @param integer uid The uid which must match the found directories * @param integer gid The gid which must match the found direcotries * @param array _fileList recursive transport array !for internal use only! * @return array Array of found valid pathes * * @author Martin Burchert <*****@*****.**> * @author Manuel Bernhardt <*****@*****.**> */ function findDirs($path, $uid, $gid) { $list = array($path); $_fileList = array(); while (sizeof($list) > 0) { $path = array_pop($list); $path = makeCorrectDir($path); $dh = opendir($path); if ($dh === false) { standard_error('cannotreaddir', $path); return null; } else { while (false !== ($file = @readdir($dh))) { if ($file == '.' && (fileowner($path . '/' . $file) == $uid || filegroup($path . '/' . $file) == $gid)) { $_fileList[] = makeCorrectDir($path); } if (is_dir($path . '/' . $file) && $file != '..' && $file != '.') { array_push($list, $path . '/' . $file); } } @closedir($dh); } } return $_fileList; }
public function output() { global $vbulletin; $vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT)); // verify the userid exists, don't want useless entries in our table. if ($vbulletin->GPC['userid'] and $vbulletin->GPC['userid'] != $vbulletin->userinfo['userid']) { if (!($userinfo = fetch_userinfo($vbulletin->GPC['userid']))) { standard_error(fetch_error('invalidid', $vbphrase['user'], $vbulletin->options['contactuslink'])); } // are we a member of this user's blog? if (!is_member_of_blog($vbulletin->userinfo, $userinfo)) { print_no_permission(); } $userid = $userinfo['userid']; /* Blog posting check */ if (!($userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) { print_no_permission(); } } else { $userinfo =& $vbulletin->userinfo; $userid = ''; /* Blog posting check, no guests! */ if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) or !($vbulletin->userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !$vbulletin->userinfo['userid']) { print_no_permission(); } } require_once DIR . '/includes/blog_functions_shared.php'; prepare_blog_category_permissions($userinfo, true); $globalcats = $this->construct_category($userinfo, 'global'); $localcats = $this->construct_category($userinfo, 'local'); return array('globalcategorybits' => $globalcats, 'localcategorybits' => $localcats); }
function fetch_search_forumids(&$forumchoice, $childforums = 0) { global $vbulletin, $display; // make sure that $forumchoice is an array if (!is_array($forumchoice)) { $forumchoice = array($forumchoice); } // initialize the $forumids for return by this function $forumids = array(); foreach ($forumchoice as $forumid) { // get subscribed forumids if ($forumid === 'subscribed' and $vbulletin->userinfo['userid'] != 0) { DEVDEBUG("Querying subscribed forums for " . $vbulletin->userinfo['username']); $sforums = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT forumid FROM " . TABLE_PREFIX . "subscribeforum\n\t\t\t\tWHERE userid = " . $vbulletin->userinfo['userid']); if ($vbulletin->db->num_rows($sforums) == 0) { // no subscribed forums eval(standard_error(fetch_error('not_subscribed_to_any_forums'))); } while ($sforum = $vbulletin->db->fetch_array($sforums)) { $forumids["{$sforum['forumid']}"] .= $sforum['forumid']; } unset($sforum); $vbulletin->db->free_result($sforums); } else { $forumid = intval($forumid); if (isset($vbulletin->forumcache["{$forumid}"]) and $vbulletin->forumcache["{$forumid}"]['link'] == '') { $forumids["{$forumid}"] = $forumid; } } } // now if there are any forumids we have to query, work out their child forums if (empty($forumids)) { $forumchoice = array(); $display['forums'] = array(); } else { // set $forumchoice to show the returned forumids #$forumchoice = implode(',', $forumids); // put current forumids into the display table $display['forums'] = $forumids; // get child forums of selected forums if ($childforums) { require_once DIR . '/includes/functions_misc.php'; foreach ($forumids as $forumid) { $children = fetch_child_forums($forumid, 'ARRAY'); if (!empty($children)) { foreach ($children as $childid) { $forumids["{$childid}"] = $childid; } } unset($children); } } } // return the array of forumids return $forumids; }
/** * Shows the form for inline mod authentication. */ function show_inline_mod_login($showerror = false) { global $vbulletin, $vbphrase, $show; $show['inlinemod_form'] = true; $show['passworderror'] = $showerror; if (!$showerror) { $vbulletin->url = SCRIPTPATH; } $forumHome = vB_Library::instance('content_channel')->getForumHomeChannel(); eval(standard_error(fetch_error('nopermission_loggedin', $vbulletin->userinfo['username'], vB_Template_Runtime::fetchStyleVar('right'), vB::getCurrentSession()->get('sessionurl'), $vbulletin->userinfo['securitytoken'], vB5_Route::buildUrl($forumHome['routeid'] . 'home|fullurl')))); }
/** * Checks whether it is a valid ip * * @return mixed ip address on success, standard_error on failure */ function validate_ip($ip, $return_bool = false, $lng = 'invalidip') { if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === FALSE && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === FALSE && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE) === FALSE) { if ($return_bool) { return false; } else { standard_error($lng, $ip); exit; } } else { return $ip; } }
function getFormOverviewGroupOutput($groupname, $groupdetails) { global $lng, $filename, $s, $theme; $group = ''; $title = $groupdetails['title']; $part = $groupname; $activated = true; $option = ''; if (isset($groupdetails['fields'])) { foreach ($groupdetails['fields'] as $fieldname => $fielddetails) { if (isset($fielddetails['overview_option']) && $fielddetails['overview_option'] == true) { if ($fielddetails['type'] != 'option' && $fielddetails['type'] != 'bool') { standard_error('overviewsettingoptionisnotavalidfield'); } if ($fielddetails['type'] == 'option') { $options_array = $fielddetails['option_options']; $options = ''; foreach ($options_array as $value => $vtitle) { $options .= makeoption($vtitle, $value, Settings::Get($fielddetails['settinggroup'] . '.' . $fielddetails['varname'])); } $option .= $fielddetails['label'] . ': '; $option .= '<select class="dropdown_noborder" name="' . $fieldname . '">'; $option .= $options; $option .= '</select>'; $activated = true; } else { $option .= $lng['admin']['activated'] . ': '; $option .= makeyesno($fieldname, '1', '0', Settings::Get($fielddetails['settinggroup'] . '.' . $fielddetails['varname'])); $activated = (int) Settings::Get($fielddetails['settinggroup'] . '.' . $fielddetails['varname']); } } } } /** * this part checks for the 'websrv_avail' entry in the settings * if found, we check if the current webserver is in the array. If this * is not the case, we change the setting type to "hidden", #502 */ $do_show = true; if (isset($groupdetails['websrv_avail']) && is_array($groupdetails['websrv_avail'])) { $websrv = Settings::Get('system.webserver'); if (!in_array($websrv, $groupdetails['websrv_avail'])) { $do_show = false; $title .= sprintf($lng['serversettings']['option_unavailable_websrv'], implode(", ", $groupdetails['websrv_avail'])); // hack disabled flag into select-box $option = str_replace('<select class', '<select disabled="disabled" class', $option); } } eval("\$group = \"" . getTemplate("settings/settings_overviewgroup") . "\";"); return $group; }
/** * Checks whether it is a valid ip * * @return mixed ip address on success, false on failure */ function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false) { if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) { return $ip; } // special case where localhost ip is allowed (mysql-access-hosts for example) if ($allow_localhost && $ip == '127.0.0.1') { return $ip; } if ($return_bool) { return false; } else { standard_error($lng, $ip); exit; } }
/** * Main entry point for the controller. * * @return string - The final page output */ public function getResponse() { // Register the templater to be used for XHTML vB_View::registerTemplater(vB_View::OT_XHTML, new vB_Templater_vB()); $error = vB_Router::getSegment('error'); // Resolve rerouted error $error = in_array($error, array('403', '404', '409', '500')) ? $error : '404'; $current_page = $_SERVER['SCRIPT_NAME'] . ($_SERVER['SCRIPT_NAME'] == '' ? '' : '?' . $_SERVER['QUERY_STRING']); if ('403' == $error) { define('WOLPATH', '403|cpglobal|403_error|' . new vB_Phrase('wol', 'viewing_no_permission_message')); vB::$vbulletin->session->set('location', $current_page); print_no_permission(); } else { if ('409' == $error) { $message = ($message = vB_Router::getRerouteMessage()) ? $message : new vB_Phrase('error', 'error_409_description', vB_Router::getInitialURL(), vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']); define('WOLPATH', '409|wol|' . new vB_Phrase('cpglobal', 'error') . "|{$message}"); vB::$vbulletin->session->set('location', $current_page); standard_error($message); } else { if ('500' == $error) { $message = new vB_Phrase('error', 'error_500_description', vB_Router::getInitialURL(), vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']); define('WOLPATH', '500|wol|' . new vB_Phrase('cpglobal', 'error') . "|{$message}"); vB::$vbulletin->session->set('location', $current_page); standard_error($message); } else { $message = new vB_Phrase('error', 'error_404_description', vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']); define('WOLPATH', '404|wol|' . new vB_Phrase('cpglobal', 'error') . "|{$message}"); vB::$vbulletin->session->set('location', $current_page); } } } // Create the page view $page_view = new vB_View_Page('page'); $title = new vB_Phrase('error', 'error_404'); $page_view->setPageTitle($title); // Create the body view $error_view = new vB_View('error_message'); $subtitle = $title != ($subtitle = vB_Router::getRerouteMessage()) ? $subtitle : false; $error_view->title = $title; $error_view->subtitle = $subtitle; $error_view->message = new vB_Phrase('error', 'error_404_description', vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']); $page_view->setBodyView($error_view); // Add general page info $page_view->setPageTitle($title); return $page_view->render(); }
function kbank_print_stop_message() { global $vbulletin; $args = func_get_args(); if (VB_AREA == 'AdminCP') { //back-end call_user_func_array('print_stop_message', $args); } else { //font-end $message = call_user_func_array('fetch_error', $args); if (defined('CP_REDIRECT')) { $vbulletin->url = CP_REDIRECT; eval(print_standard_redirect($message, false, true)); } else { eval(standard_error($message)); } } }
function doAction($action) { global $kbank, $vbulletin, $bbuserinfo, $permissions, $KBANK_HOOK_NAME; if ($action == 'enable') { $item = $this->data; eval('$tmp = "' . fetch_template('kbank_template_announce_enable') . '";'); eval(standard_error($tmp)); } if ($action == 'do_enable') { if ($this->ready2Enable()) { $vbulletin->input->clean_array_gpc('r', array('url' => TYPE_NOHTML, 'text' => TYPE_NOHTML)); if (strlen($vbulletin->GPC['text']) > $this->itemtypedata['options']['text_max']) { $vbulletin->GPC['text'] = substr($vbulletin->GPC['text'], 0, $this->itemtypedata['options']['text_max']) . '..'; } $url_cutoff = array('javascript:', 'ftp://'); $vbulletin->GPC['url'] = str_replace($url_cutoff, '', $vbulletin->GPC['url']); if (substr($vbulletin->GPC['url'], 0, 7) != 'http://') { $vbulletin->GPC['url'] = 'http://' . $vbulletin->GPC['url']; } $item_new = array('status' => KBANK_ITEM_ENABLED, 'expire_time' => iif(!$this->data['options']['enabled'], iif($this->data['options']['duration'] > 0, TIMENOW + $this->data['options']['duration'] * 24 * 60 * 60, -1), $this->data['expire_time']), 'options' => serialize(array('url' => $vbulletin->GPC['url'], 'text' => $vbulletin->GPC['text'], 'enabled' => 1))); $vbulletin->db->query_write(fetch_query_sql($item_new, 'kbank_items', "WHERE itemid = {$this->data['itemid']}")); //Update datastore updateAnnounceCache(); } } if ($this->data['status'] == KBANK_ITEM_ENABLED and ($action == 'sell' or $action == 'gift')) { //Update datastore updateAnnounceCache(); } if ($action == 'disable') { if ($this->ready2Disable()) { $item_new = array('status' => KBANK_ITEM_AVAILABLE); $vbulletin->db->query_write(fetch_query_sql($item_new, 'kbank_items', "WHERE itemid = {$this->data[itemid]}")); //Update datastore updateAnnounceCache(); } } if ($action == 'work_real' && $KBANK_HOOK_NAME == KBANK_GLOBAL_START) { global $kbank_announces; $kbank_announces[] = array('url' => $this->data['options']['url'], 'text' => $vbulletin->kbankBBCodeParser->parse_bbcode($this->data['options']['text'], true), 'owner' => getUsername($this->data)); } return parent::doAction($action); }
/** * This file is part of the Froxlor project. * Copyright (c) 2016 the Froxlor Team (see authors). * * For the full copyright and license information, please view the COPYING * file that was distributed with this source code. You can also view the * COPYING file online at http://files.froxlor.org/misc/COPYING.txt * * @copyright (c) the authors * @author Froxlor team <*****@*****.**> (2016-) * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt * @package Functions * */ function getAllowedDomainEntry($domain_id, $area = 'customer', $userinfo, &$idna_convert) { $dom_data = array('did' => $domain_id); $where_clause = ''; if ($area == 'admin') { if ($userinfo['domains_see_all'] != '1') { $where_clause = '`adminid` = :uid AND '; $dom_data['uid'] = $userinfo['userid']; } } else { $where_clause = '`customerid` = :uid AND '; $dom_data['uid'] = $userinfo['userid']; } $dom_stmt = Database::prepare("\n\t\tSELECT domain, isbinddomain\n\t\tFROM `" . TABLE_PANEL_DOMAINS . "`\n\t\tWHERE " . $where_clause . " id = :did\n\t"); $domain = Database::pexecute_first($dom_stmt, $dom_data); if ($domain) { if ($domain['isbinddomain'] != '1') { standard_error('dns_domain_nodns'); } return $idna_convert->decode($domain['domain']); } standard_error('dns_notfoundorallowed'); }
$effective_css = $usercss->build_css($usercss->fetch_effective()); $effective_css = str_replace('/*sessionurl*/', $vbulletin->session->vars['sessionurl_js'], $effective_css); require_once DIR . '/includes/class_xml.php'; $xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); $xml->add_group('preview'); $xml->add_tag('css', process_replacement_vars($effective_css)); $xml->close_group(); $xml->print_xml(); } if (empty($usercss->error) and empty($usercss->invalid)) { $usercss->save(); $vbulletin->url = "profile.php?" . $vbulletin->session->vars['sessionurl'] . "do=customize"; eval(print_standard_redirect('usercss_saved')); } else { if (!empty($usercss->error)) { standard_error(implode("<br />", $usercss->error)); } else { // have invalid, no errors $_REQUEST['do'] = 'customize'; define('HAVE_ERRORS', true); } } } // ####################################################################### if ($_REQUEST['do'] == 'customize') { $cssdisplayinfo = $usercss->build_display_array(); $errors = ''; // if we don't have errors, the displayed values are the existing ones // otherwise, use the form submission if (!defined('HAVE_ERRORS')) { $selectors_saved = $usercss->existing;
$templater->register('forminfo', $forminfo); $templater->register('navbar', $navbar); $templater->register('url', $url); $templater->register('usernamecode', $usernamecode); print_output($templater->render()); } if ($_POST['do'] == 'sendemail') { $vbulletin->input->clean_array_gpc('p', array( 'reason' => TYPE_STR, )); if ($vbulletin->GPC['reason'] == '') { eval(standard_error(fetch_error('noreason'))); } if ($perform_floodcheck) { $reportobj->perform_floodcheck_commit(); } $reportobj->do_report($vbulletin->GPC['reason'], $messageinfo); $url =& $vbulletin->url; eval(print_standard_redirect('redirect_reportthanks')); } }
$speciallogwarning = sprintf($lng['admin']['speciallogwarning'], $lng['admin']['delete_statistics']); eval("echo \"" . getTemplate("domains/domains_edit") . "\";"); } } } elseif ($action == 'import') { if (isset($_POST['send']) && $_POST['send'] == 'send') { $customerid = intval($_POST['customerid']); $separator = validate($_POST['separator'], 'separator'); $offset = (int) validate($_POST['offset'], 'offset', "/[0-9]/i"); $file_name = $_FILES['file']['tmp_name']; $result = array(); try { $bulk = new DomainBulkAction($file_name, $customerid); $result = $bulk->doImport($separator, $offset); } catch (Exception $e) { standard_error('domain_import_error', $e->getMessage()); } // @FIXME find a way to display $result['notice'] here somehow, // as it might be important if you've reached your maximum allocation of domains // update customer/admin counters updateCounters(false); $result_str = $result['imported'] . ' / ' . $result['all']; standard_success('domain_import_successfully', $result_str, array('filename' => $filename, 'action' => '', 'page' => 'domains')); } else { $customers = makeoption($lng['panel']['please_choose'], 0, 0, true); $result_customers_stmt = Database::prepare("\n\t\t\t\tSELECT `customerid`, `loginname`, `name`, `firstname`, `company`\n\t\t\t\tFROM `" . TABLE_PANEL_CUSTOMERS . "` " . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = '" . (int) $userinfo['adminid'] . "' ") . " ORDER BY `name` ASC"); $params = array(); if ($userinfo['customers_see_all'] == '0') { $params['adminid'] = $userinfo['adminid']; } Database::pexecute($result_customers_stmt, $params);
($hook = vBulletinHook::fetch_hook('group_inlinemod_dodelete')) ? eval($hook) : false; eval(print_standard_redirect('redirect_inline_deletedmessages', true, $forceredirect)); } if ($_POST['do'] == 'inlineundelete') { if (!can_moderate(0, 'candeletegroupmessages')) { standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_messages')); } // Validate Messages $messages = $db->query_read_slave("\n\t\tSELECT gm.gmid, gm.state, gm.groupid, gm.dateline, gm.postuserid, gm.postusername,\n\t\t\tsocialgroup.name AS group_name, socialgroup.creatoruserid\n\t\tFROM " . TABLE_PREFIX . "groupmessage AS gm\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroup AS socialgroup ON (socialgroup.groupid = gm.groupid)\n\t\tWHERE gmid IN ({$messageids})\n\t\t\tAND state = 'deleted'\n\t"); while ($message = $db->fetch_array($messages)) { $message['is_group_owner'] = $message['creatoruserid'] == $vbulletin->userinfo['userid']; $messagearray["{$message['gmid']}"] = $message; $grouplist["{$message['groupid']}"] = true; } if (empty($messagearray)) { standard_error(fetch_error('you_did_not_select_any_valid_messages')); } $db->query_write("\n\t\tDELETE FROM " . TABLE_PREFIX . "deletionlog\n\t\tWHERE type = 'groupmessage' AND\n\t\t\tprimaryid IN(" . implode(',', array_keys($messagearray)) . ")\n\t"); $db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "groupmessage\n\t\tSET state = 'visible'\n\t\tWHERE gmid IN(" . implode(',', array_keys($messagearray)) . ")\n\t"); foreach ($grouplist as $groupid => $foo) { build_group_counters($groupid); } foreach ($messagearray as $message) { if (!$message['is_group_owner']) { log_moderator_action($message, 'gm_by_x_for_y_undeleted', array($message['postusername'], $message['group_name'])); } } // empty cookie setcookie('vbulletin_inlinegmessage', '', TIMENOW - 3600, '/'); ($hook = vBulletinHook::fetch_hook('group_inlinemod_undelete')) ? eval($hook) : false; eval(print_standard_redirect('redirect_inline_undeletedmessages', true, $forceredirect));
/** * Shows an error message and halts execution - use this in the same way as print_stop_message(); * * @param string Phrase name for error message */ function error($errorphrase) { $args = func_get_args(); if (is_array($errorphrase)) { $error = fetch_error($errorphrase); } else { $error = call_user_func_array('fetch_error', $args); } $this->errors[] = $error; if ($this->failure_callback and is_callable($this->failure_callback)) { call_user_func_array($this->failure_callback, array(&$this, $errorphrase)); } switch ($this->error_handler) { case ERRTYPE_ARRAY: case ERRTYPE_SILENT: // do nothing break; case ERRTYPE_STANDARD: eval(standard_error($error)); break; case ERRTYPE_CP: print_cp_message($error); break; } }
$zip->close(); // success - remove unused archive @unlink($localArchive); } else { // error redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 8)); } // redirect to update-page? redirectTo('admin_updates.php', array('s' => $s)); } if (!file_exists($localArchive)) { redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 7)); } $text = 'Extract downloaded archive "' . $toExtract . '"?'; $hiddenparams = ''; $yesfile = $filename . '?s=' . $s . '&page=extract&archive=' . $toExtract; eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";"); } elseif ($page == 'error') { // retreive error-number via url-parameter $errno = isset($_GET['errno']) ? (int) $_GET['errno'] : 0; // 1 = no allow_url_fopen // 2 = no Zlib // 3 = custom version detected // 4 = could not store archive to local hdd // 5 = some weird value came from version.froxlor.org // 6 = download without valid version // 7 = local archive does not exist // 8 = could not extract archive // 9 = md5 mismatch standard_error('autoupdate_' . $errno); }
} $navbits['calendar.php?' . $vbulletin->session->vars['sessionurl'] . "do=viewreminder"] = $vbphrase['event_reminders']; $navbits[''] = $vbphrase['add_reminder']; $navbits = construct_navbits($navbits); require_once DIR . '/includes/functions_user.php'; construct_usercp_nav('event_reminders'); $navbar = render_navbar_template($navbits); ($hook = vBulletinHook::fetch_hook('calendar_addreminder')) ? eval($hook) : false; $url =& $vbulletin->url; $templater = vB_Template::create('calendar_reminder_choosetype'); $templater->register('eventinfo', $eventinfo); $templater->register('url', $url); $HTML = $templater->render(); $templater = vB_Template::create('USERCP_SHELL'); $templater->register_page_templates(); $templater->register('cpnav', $cpnav); $templater->register('HTML', $HTML); $templater->register('navbar', $navbar); $templater->register('navclass', $navclass); $templater->register('onload', $onload); $templater->register('pagetitle', $pagetitle); $templater->register('template_hook', $template_hook); print_output($templater->render()); } eval(standard_error(fetch_error('invalidid', $idname, $vbulletin->options['contactuslink']))); /*======================================================================*\ || #################################################################### || # Downloaded: 03:13, Sat Sep 7th 2013 || # CVS: $RCSfile$ - $Revision: 63836 $ || #################################################################### \*======================================================================*/
while ($attachment = $db->fetch_array($attachs)) { // hide users in Coventry $ast = ''; if (in_coventry($attachment['userid']) and !can_moderate($threadinfo['forumid'])) { continue; } $attachment['filename'] = fetch_censored_text(htmlspecialchars_uni($attachment['filename'])); $attachment['attachmentextension'] = strtolower(file_extension($attachment['filename'])); $attachment['filesize'] = vb_number_format($attachment['filesize'], 1, true); exec_switch_bg(); eval('$attachments .= "' . fetch_template('attachmentbit') . '";'); } ($hook = vBulletinHook::fetch_hook('misc_showattachments_complete')) ? eval($hook) : false; eval('print_output("' . fetch_template('ATTACHMENTS') . '");'); } else { eval(standard_error(fetch_error('noattachments'))); } } // ############################### start show avatars ############################### if ($_REQUEST['do'] == 'showavatars') { $vbulletin->input->clean_array_gpc('r', array('pagenumber' => TYPE_UINT)); ($hook = vBulletinHook::fetch_hook('misc_avatars_start')) ? eval($hook) : false; $perpage = $vbulletin->options['numavatarsperpage']; $totalavatars = $db->query_first_slave("\n\t\tSELECT COUNT(*) AS count\n\t\tFROM " . TABLE_PREFIX . "avatar AS avatar\n\t\tLEFT JOIN " . TABLE_PREFIX . "imagecategorypermission AS perm ON (perm.imagecategoryid=avatar.imagecategoryid AND perm.usergroupid=" . $vbulletin->userinfo['usergroupid'] . ")\n\t\tWHERE ISNULL(perm.imagecategoryid)\n\t"); $totalavatars = intval($totalavatars['count']); sanitize_pageresults($totalavatars, $vbulletin->GPC['pagenumber'], $perpage, 100, 25); $startat = ($vbulletin->GPC['pagenumber'] - 1) * $perpage; $first = $startat + 1; $last = $startat + $perpage; if ($last > $totalavatars) { $last = $totalavatars;
/** * For registration without existing account, create a new vb user * If a user is successfully created, her userid is written to $userid */ private function createUser($data, &$userid) { global $vbulletin; $moderated = $vbulletin->options['moderatenewmembers']; $languageid = $vbulletin->userinfo['languageid']; $require_activation = $vbulletin->options['verifyemail'] && $data['default_email'] != $data['coded_email']; // Create a vB user with default permissions -- code from register.php if (!$vbulletin->options['allowregistration']) { eval(standard_error(fetch_error('noregister'))); } // Init user datamanager class $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT); $userdata->set_info('coppauser', false); $userdata->set_info('coppapassword', ''); $userdata->set_bitfield('options', 'coppauser', ''); $userdata->set('username', $data['username']); $userdata->set('password', md5($this->genPasswd())); $userdata->set('email', $data['email']); $userdata->set('languageid', $languageid); $userdata->set('ipaddress', IPADDRESS); // UserGroupId: Registered Users (2) or Users Awaiting Email Confirmation (3) $userdata->set('usergroupid', $require_activation ? 3 : 2); $userdata->set_usertitle('', false, $vbulletin->usergroupcache["{$newusergroupid}"], false, false); $userdata->presave_called = true; // If any error happened, we abort and return the error message(s) if ($userdata->has_errors(false)) { // $die := false return join('</li><li>', $userdata->errors); } // Save the data $userid = $userdata->save(); // Did we get a valid vb userid? if (!$userid) { return 'vbnexus_registration_failed'; } // If the user changed the email given by the external service, we follow // the regular steps for email activation if ($require_activation) { // Email phrase 'activateaccount' expects vars called $userid, $username // and $activateid to be defined and meaningfull $username = $data['username']; $activateid = build_user_activation_id($userid, $moderated ? 4 : 2, 0); eval(fetch_email_phrases('activateaccount', $languageid)); // After eval'ing activateaccount we have vars $subject and $message set vbmail($data['email'], $subject, $message, true); } // Force a new session to prevent potential issues with guests from the same IP, see bug #2459 $vbulletin->session->created = false; return true; }
// get special phrase groups $phrasegroups = array('wol'); // get special data templates from the datastore $specialtemplates = array('maxloggedin', 'wol_spiders'); // pre-cache templates used by all actions $globaltemplates = array('forumdisplay_sortarrow', 'im_aim', 'im_icq', 'im_msn', 'im_yahoo', 'im_skype', 'WHOSONLINE', 'whosonlinebit'); // pre-cache templates used by specific actions $actiontemplates = array('resolveip' => array('whosonline_resolveip')); // ######################### REQUIRE BACK-END ############################ require_once './global.php'; require_once DIR . '/includes/functions_online.php'; // ####################################################################### // ######################## START MAIN SCRIPT ############################ // ####################################################################### if (!$vbulletin->options['WOLenable']) { eval(standard_error(fetch_error('whosonlinedisabled'))); } if (!($permissions['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonline'])) { print_no_permission(); } // ####################################################################### // resolve an IP in Who's Online (this uses the WOL permissions) if ($_REQUEST['do'] == 'resolveip') { $vbulletin->input->clean_array_gpc('r', array('ipaddress' => TYPE_NOHTML, 'ajax' => TYPE_BOOL)); // can we actually resolve this? if (!($permissions['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlineip'])) { print_no_permission(); } $resolved_host = htmlspecialchars_uni(@gethostbyaddr($vbulletin->GPC['ipaddress'])); $ipaddress =& $vbulletin->GPC['ipaddress']; // no html'd already
function goto_nextthread($threadid, $throwerror = true) { global $vbulletin; $thread = verify_id('thread', $threadid, $throwerror, 1); $forumperms = fetch_permissions($thread['forumid']); // remove threads from users on the global ignore list if user is not a moderator if ($coventry = fetch_coventry('string') and !can_moderate($thread['forumid'])) { $globalignore = "AND postuserid NOT IN ({$coventry})"; } else { $globalignore = ''; } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers'])) { $limitothers = "AND postuserid = " . $vbulletin->userinfo['userid'] . " AND " . $vbulletin->userinfo['userid'] . " <> 0"; } else { $limitothers = ''; } if ($vbulletin->userinfo['userid'] and in_coventry($vbulletin->userinfo['userid'], true)) { $lastpost_info = ",IF(tachythreadpost.userid IS NULL, thread.lastpost, tachythreadpost.lastpost) AS lastpost"; $tachyjoin = "LEFT JOIN " . TABLE_PREFIX . "tachythreadpost AS tachythreadpost ON " . "(tachythreadpost.threadid = thread.threadid AND tachythreadpost.userid = " . $vbulletin->userinfo['userid'] . ')'; $lastpost_having = "HAVING lastpost > {$thread['lastpost']}"; } else { $lastpost_info = ""; $tachyjoin = ""; $lastpost_having = "AND lastpost > {$thread['lastpost']}"; } if ($getnextnewest = $vbulletin->db->query_first_slave("\n\t\tSELECT thread.threadid, thread.title\n\t\t\t{$lastpost_info}\n\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\t{$tachyjoin}\n\t\tWHERE forumid = {$thread['forumid']}\n\t\t\tAND visible = 1\n\t\t\tAND open <> 10\n\t\t\t{$globalignore}\n\t\t\t{$limitothers}\n\t\t{$lastpost_having}\n\t\tORDER BY lastpost\n\t\tLIMIT 1\n\t")) { $threadid = $getnextnewest['threadid']; unset($thread); } else { if ($throwerror) { eval(standard_error(fetch_error('nonextnewest'))); } } return $getnextnewest; }
$smilieson = iif($vbulletin->options['privallowsmilies'], $vbphrase['on'], $vbphrase['off']); // only show posting code allowances in forum rules template $show['codeonly'] = true; eval('$forumrules = "' . fetch_template('forumrules') . '";'); $templatename = 'pm_newpm'; } // ############################### start show pm ############################### // show a private message if ($_REQUEST['do'] == 'showpm') { require_once DIR . '/includes/class_postbit.php'; require_once DIR . '/includes/functions_bigthree.php'; $vbulletin->input->clean_gpc('r', 'pmid', TYPE_UINT); ($hook = vBulletinHook::fetch_hook('private_showpm_start')) ? eval($hook) : false; $pm = $db->query_first_slave("\n\t\tSELECT\n\t\t\tpm.*, pmtext.*,\n\t\t\t" . iif($vbulletin->options['privallowicons'], "icon.title AS icontitle, icon.iconpath,") . "\n\t\t\tIF(ISNULL(pmreceipt.pmid), 0, 1) AS receipt, pmreceipt.readtime, pmreceipt.denied,\n\t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight\n\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t" . iif($vbulletin->options['privallowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = pmtext.iconid)") . "\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmreceipt AS pmreceipt ON(pmreceipt.pmid = pm.pmid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = pmtext.fromuserid)\n\t\tWHERE pm.userid=" . $vbulletin->userinfo['userid'] . " AND pm.pmid=" . $vbulletin->GPC['pmid'] . "\n\t"); if (!$pm) { eval(standard_error(fetch_error('invalidid', $vbphrase['private_message'], $vbulletin->options['contactuslink']))); } $folderjump = construct_folder_jump(0, $pm['folderid']); // do read receipt $show['receiptprompt'] = $show['receiptpopup'] = false; if ($pm['receipt'] == 1 and $pm['readtime'] == 0 and $pm['denied'] == 0) { if ($permissions['pmpermissions'] & $vbulletin->bf_ugp_pmpermissions['candenypmreceipts']) { // set it to denied just now as some people might have ad blocking that stops the popup appearing $show['receiptprompt'] = $show['receiptpopup'] = true; $receipt_question_js = addslashes_js(construct_phrase($vbphrase['x_has_requested_a_read_receipt'], unhtmlspecialchars($pm['fromusername'])), '"'); $db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET denied = 1 WHERE pmid = {$pm['pmid']}"); } else { // they can't deny pm receipts so do not show a popup or prompt $db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET readtime = " . TIMENOW . " WHERE pmid = {$pm['pmid']}"); } } else {
eval(standard_error(fetch_error('invalidid', $vbphrase['forum'], $vbulletin->options['contactuslink']))); } if (can_administer('canadminthreads')) { exec_header_redirect($vbulletin->config['Misc']['admincpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=move')); } else { if (can_moderate($foruminfo['forumid'], 'canmassmove')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=move')); } else { print_no_permission(); } } } // ############################################################################# if ($_REQUEST['do'] == 'prune') { if (!$foruminfo['forumid']) { eval(standard_error(fetch_error('invalidid', $vbphrase['forum'], $vbulletin->options['contactuslink']))); } if (can_administer('canadminthreads')) { exec_header_redirect($vbulletin->config['Misc']['admincpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=prune')); } else { if (can_moderate($forumid, 'canmassprune')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=prune')); } else { print_no_permission(); } } } // ############################################################################# if ($_REQUEST['do'] == 'modposts') { if (can_moderate(0, 'canmoderateposts')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('moderate.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=posts'));
} } eval('$infractionbits .= "' . fetch_template('userinfractionbit') . '";'); } } if ($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cangivearbinfraction']) { $checked_inf = (!$vbulletin->GPC['infractionlevelid'] and !empty($vbulletin->GPC['period']) or empty($infractionbits)) ? 'checked="checked"' : ''; $show['custominfraction'] = true; } if (!empty($banlist) and ($show['custominfraction'] or $infractionban or $pointsban)) { $show['banreason'] = true; } else { $show['banreason'] = false; } if (empty($infractionbits) and !($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cangivearbinfraction'])) { eval(standard_error(fetch_error('there_are_no_infraction_levels'))); } // draw nav bar $navbits = array(); if ($postinfo['postid']) { $parentlist = array_reverse(explode(',', $foruminfo['parentlist'])); foreach ($parentlist as $forumID) { $forumTitle = $vbulletin->forumcache["{$forumID}"]['title']; $navbits['forumdisplay.php?' . $vbulletin->session->vars['sessionurl'] . "f={$forumID}"] = $forumTitle; } $navbits['showthread.php?' . $vbulletin->session->vars['sessionurl'] . "p={$postid}"] = $threadinfo['prefix_plain_html'] . ' ' . $threadinfo['title']; } $navbits[''] = construct_phrase($vbphrase['user_infraction_for_x'], $userinfo['username']); $navbits = construct_navbits($navbits); require_once DIR . '/includes/functions_editor.php'; $textareacols = fetch_textarea_width();