/** * Run some validation tests, rules vs valid and invalid data */ public function testValidation() { // These should all fail $validation = new Data_Validator(); $validation->validation_rules($this->rules); $validation->sanitation_rules(array('min_len_csv' => 'trim')); $validation->input_processing(array('min_len_csv' => 'csv', 'min_len_array' => 'array')); $validation->validate($this->invalid_data); foreach ($this->invalid_data as $key => $value) { $test = $validation->validation_errors($key); $value = is_array($value) ? implode(' | ', $value) : $value; $this->assertNotNull($validation->validation_errors($key), 'Test: ' . $test[0] . ' passed data: ' . $value . ' but it should have failed'); } // These should all pass $validation = new Data_Validator(); $validation->validation_rules($this->rules); $validation->input_processing(array('min_len_csv' => 'csv', 'min_len_array' => 'array')); $validation->validate($this->valid_data); foreach ($this->valid_data as $key => $value) { $test = $validation->validation_errors($key); $value = is_array($value) ? implode(' | ', $value) : $value; $this->assertNull($validation->validation_errors($key), 'Test: ' . $test[0] . ' failed data: ' . $value . ' but it should have passed'); } }
/** * Shows the contact form for the user to fill out * Needs to be enabled to be used */ public function action_contact() { global $context, $txt, $user_info, $modSettings; // Already inside, no need to use this, just send a PM // Disabled, you cannot enter. if (!$user_info['is_guest'] || empty($modSettings['enable_contactform']) || $modSettings['enable_contactform'] == 'disabled') { redirectexit(); } loadLanguage('Login'); loadTemplate('Register'); if (isset($_REQUEST['send'])) { checkSession('post'); validateToken('contact'); spamProtection('contact'); // No errors, yet. $context['errors'] = array(); loadLanguage('Errors'); // Could they get the right send topic verification code? require_once SUBSDIR . '/VerificationControls.class.php'; require_once SUBSDIR . '/Members.subs.php'; // form validation require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); $validator->sanitation_rules(array('emailaddress' => 'trim', 'contactmessage' => 'trim|Util::htmlspecialchars')); $validator->validation_rules(array('emailaddress' => 'required|valid_email', 'contactmessage' => 'required')); $validator->text_replacements(array('emailaddress' => $txt['error_email'], 'contactmessage' => $txt['error_message'])); // Any form errors if (!$validator->validate($_POST)) { $context['errors'] = $validator->validation_errors(); } // How about any verification errors $verificationOptions = array('id' => 'contactform'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { foreach ($context['require_verification'] as $error) { $context['errors'][] = $txt['error_' . $error]; } } // No errors, then send the PM to the admins if (empty($context['errors'])) { $admins = admins(); if (!empty($admins)) { require_once SUBSDIR . '/PersonalMessage.subs.php'; sendpm(array('to' => array_keys($admins), 'bcc' => array()), $txt['contact_subject'], $_REQUEST['contactmessage'], false, array('id' => 0, 'name' => $validator->emailaddress, 'username' => $validator->emailaddress)); } // Send the PM redirectexit('action=contact;sa=done'); } else { $context['emailaddress'] = $validator->emailaddress; $context['contactmessage'] = $validator->contactmessage; } } if (isset($_GET['sa']) && $_GET['sa'] == 'done') { $context['sub_template'] = 'contact_form_done'; } else { $context['sub_template'] = 'contact_form'; $context['page_title'] = $txt['admin_contact_form']; require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'contactform'); $context['require_verification'] = create_control_verification($verificationOptions); $context['visual_verification_id'] = $verificationOptions['id']; } createToken('contact'); }
/** * When the input field is an array or csv, this will build a new validator * as if the fields were individual ones, each checked against the base rule * * @param mixed[] $input * @param string $field * @param string $rules */ private function _sanitize_recursive($input, $field, $rules) { // create a new instance to run against this sub data $validator = new Data_Validator(); $fields = array(); $sanitation_rules = array(); if ($this->_datatype[$field] === 'array') { // Convert the array to individual values, they all use the same rules foreach ($input[$field] as $key => $value) { $sanitation_rules[$key] = $rules; $fields[$key] = $value; } // Sanitize each "new" field $validator->sanitation_rules($sanitation_rules); $validator->validate($fields); // Take the individual results and replace them in the original array $input[$field] = array_replace($input[$field], $validator->validation_data()); } elseif ($this->_datatype[$field] === 'csv') { // Break up the CSV data so we have an array $temp = explode(',', $input[$field]); foreach ($temp as $key => $value) { $sanitation_rules[$key] = $rules; $fields[$key] = $value; } // Sanitize each "new" field $validator->sanitation_rules($sanitation_rules); $validator->validate($fields); // Put it back together with clean data $input[$field] = implode(',', $validator->validation_data()); } return $input[$field]; }
/** * Allow a user to send an email. * * - Send an email to the user - allow the sender to write the message. * - Can either be passed a user ID as uid or a message id as msg. * - Does not check permissions for a message ID as there is no information disclosed. * - accessed by ?action=emailuser;sa=email */ public function action_email() { global $context, $user_info, $txt, $scripturl; // Can the user even see this information? if ($user_info['is_guest']) { fatal_lang_error('no_access', false); } isAllowedTo('send_email_to_members'); // Are we sending to a user? $context['form_hidden_vars'] = array(); if (isset($_REQUEST['uid'])) { require_once SUBSDIR . '/Members.subs.php'; // Get the latest activated member's display name. $row = getBasicMemberData((int) $_REQUEST['uid']); $context['form_hidden_vars']['uid'] = (int) $_REQUEST['uid']; } elseif (isset($_REQUEST['msg'])) { require_once SUBSDIR . '/Messages.subs.php'; $row = mailFromMessage((int) $_REQUEST['msg']); $context['form_hidden_vars']['msg'] = (int) $_REQUEST['msg']; } // Are you sure you got the address or any data? if (empty($row['email_address']) || empty($row)) { fatal_lang_error('cant_find_user_email'); } // Can they actually do this? $context['show_email_address'] = showEmailAddress(!empty($row['hide_email']), $row['id_member']); if ($context['show_email_address'] === 'no') { fatal_lang_error('no_access', false); } // Does the user want to be contacted at all by you? require_once SUBSDIR . '/Members.subs.php'; if (!canContact($row['id_member'])) { fatal_lang_error('no_access', false); } // Setup the context! $context['recipient'] = array('id' => $row['id_member'], 'name' => $row['real_name'], 'email' => $row['email_address'], 'email_link' => ($context['show_email_address'] == 'yes_permission_override' ? '<em>' : '') . '<a href="mailto:' . $row['email_address'] . '">' . $row['email_address'] . '</a>' . ($context['show_email_address'] == 'yes_permission_override' ? '</em>' : ''), 'link' => $row['id_member'] ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>' : $row['real_name']); // Can we see this person's email address? $context['can_view_recipient_email'] = $context['show_email_address'] == 'yes' || $context['show_email_address'] == 'yes_permission_override'; // Template $context['sub_template'] = 'custom_email'; $context['page_title'] = $txt['send_email']; // Are we actually sending it? if (isset($_POST['send']) && isset($_POST['email_body'])) { checkSession(); // Don't let them send too many! spamProtection('sendmail'); require_once SUBSDIR . '/Mail.subs.php'; require_once SUBSDIR . '/DataValidator.class.php'; // We will need to do some data checking $validator = new Data_Validator(); $validator->sanitation_rules(array('y_name' => 'trim', 'email_body' => 'trim', 'email_subject' => 'trim')); $validator->validation_rules(array('y_name' => 'required|notequal[_]', 'y_email' => 'required|valid_email', 'email_body' => 'required', 'email_subject' => 'required')); $validator->text_replacements(array('y_name' => $txt['sendtopic_sender_name'], 'y_email' => $txt['sendtopic_sender_email'], 'email_body' => $txt['message'], 'email_subject' => $txt['send_email_subject'])); $validator->validate($_POST); // If it's a guest sort out their names. if ($user_info['is_guest']) { $errors = $validator->validation_errors(array('y_name', 'y_email')); if ($errors) { $context['sendemail_error'] = array('errors' => $errors, 'type' => 'minor', 'title' => $txt['validation_failure']); return; } $from_name = $validator->y_name; $from_email = $validator->y_email; } else { $from_name = $user_info['name']; $from_email = $user_info['email']; } // Check we have a body (etc). $errors = $validator->validation_errors(array('email_body', 'email_subject')); if (!empty($errors)) { $context['sendemail_error'] = array('errors' => $errors, 'type' => 'minor', 'title' => $txt['validation_failure']); return; } // We use a template in case they want to customise! $replacements = array('EMAILSUBJECT' => $validator->email_subject, 'EMAILBODY' => $validator->email_body, 'SENDERNAME' => $from_name, 'RECPNAME' => $context['recipient']['name']); // Get the template and get out! $emaildata = loadEmailTemplate('send_email', $replacements); sendmail($context['recipient']['email'], $emaildata['subject'], $emaildata['body'], $from_email, null, false, 1, null, true); // Now work out where to go! if (isset($_REQUEST['uid'])) { redirectexit('action=profile;u=' . (int) $_REQUEST['uid']); } elseif (isset($_REQUEST['msg'])) { redirectexit('msg=' . (int) $_REQUEST['msg']); } else { redirectexit(); } } }
/** * Set any setting related to paid subscriptions, * * - i.e. modify which payment methods are to be used. * - It requires the moderate_forum permission * - Accessed from ?action=admin;area=paidsubscribe;sa=settings. */ public function action_paidSettings_display() { global $context, $txt, $scripturl; require_once SUBSDIR . '/PaidSubscriptions.subs.php'; // Initialize the form $this->_init_paidSettingsForm(); $config_vars = $this->_paidSettings->settings(); // Now load all the other gateway settings. $gateways = loadPaymentGateways(); foreach ($gateways as $gateway) { $gatewayClass = new $gateway['display_class'](); $setting_data = $gatewayClass->getGatewaySettings(); if (!empty($setting_data)) { $config_vars[] = array('title', $gatewayClass->title, 'text_label' => isset($txt['paidsubs_gateway_title_' . $gatewayClass->title]) ? $txt['paidsubs_gateway_title_' . $gatewayClass->title] : $gatewayClass->title); $config_vars = array_merge($config_vars, $setting_data); } } // Some important context stuff $context['page_title'] = $txt['settings']; $context['sub_template'] = 'show_settings'; $context['settings_message'] = replaceBasicActionUrl($txt['paid_note']); $context[$context['admin_menu_name']]['current_subsection'] = 'settings'; // Get the final touches in place. $context['post_url'] = $scripturl . '?action=admin;area=paidsubscribe;save;sa=settings'; $context['settings_title'] = $txt['settings']; // We want javascript for our currency options. addInlineJavascript(' toggleCurrencyOther();', true); // Saving the settings? if (isset($_GET['save'])) { checkSession(); call_integration_hook('integrate_save_subscription_settings'); // Check that the entered email addresses are valid if (!empty($_POST['paid_email_to'])) { require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); // Some cleaning and some rules $validator->sanitation_rules(array('paid_email_to' => 'trim')); $validator->validation_rules(array('paid_email_to' => 'valid_email')); $validator->input_processing(array('paid_email_to' => 'csv')); $validator->text_replacements(array('paid_email_to' => $txt['paid_email_to'])); if ($validator->validate($_POST)) { $_POST['paid_email_to'] = $validator->paid_email_to; } else { // Thats not an email, lets set it back in the form to be fixed and let them know its wrong $config_vars[1]['value'] = $_POST['paid_email_to']; $context['error_type'] = 'minor'; $context['settings_message'] = array(); foreach ($validator->validation_errors() as $id => $error) { $context['settings_message'][] = $error; } } } // No errors, then save away if (empty($context['error_type'])) { // Sort out the currency stuff. if ($_POST['paid_currency'] != 'other') { $_POST['paid_currency_code'] = $_POST['paid_currency']; $_POST['paid_currency_symbol'] = $txt[$_POST['paid_currency'] . '_symbol']; } $_POST['paid_currency_code'] = trim($_POST['paid_currency_code']); unset($config_vars['dummy_currency']); Settings_Form::save_db($config_vars); redirectexit('action=admin;area=paidsubscribe;sa=settings'); } } // Prepare the settings... Settings_Form::prepare_db($config_vars); }
/** * Helper method for saving database settings. * * @param mixed[] $config_vars */ public static function save_db(&$config_vars) { static $known_rules = null; if ($known_rules === null) { $known_rules = array('nohtml' => 'Util::htmlspecialchars[' . ENT_QUOTES . ']', 'email' => 'valid_email', 'url' => 'valid_url'); } validateToken('admin-dbsc'); $inlinePermissions = array(); foreach ($config_vars as $var) { if (!isset($var[1]) || !isset($_POST[$var[1]]) && $var[0] != 'check' && $var[0] != 'permissions' && ($var[0] != 'bbc' || !isset($_POST[$var[1] . '_enabledTags']))) { continue; } elseif ($var[0] == 'check') { $setArray[$var[1]] = !empty($_POST[$var[1]]) ? '1' : '0'; } elseif ($var[0] == 'select' && in_array($_POST[$var[1]], array_keys($var[2]))) { $setArray[$var[1]] = $_POST[$var[1]]; } elseif ($var[0] == 'select' && !empty($var['multiple']) && array_intersect($_POST[$var[1]], array_keys($var[2])) != array()) { // For security purposes we validate this line by line. $options = array(); foreach ($_POST[$var[1]] as $invar) { if (in_array($invar, array_keys($var[2]))) { $options[] = $invar; } } $setArray[$var[1]] = serialize($options); } elseif ($var[0] == 'int') { $setArray[$var[1]] = (int) $_POST[$var[1]]; } elseif ($var[0] == 'float') { $setArray[$var[1]] = (double) $_POST[$var[1]]; } elseif ($var[0] == 'text' || $var[0] == 'large_text') { if (isset($var['mask'])) { $rules = array(); if (!is_array($var['mask'])) { $var['mask'] = array($var['mask']); } foreach ($var['mask'] as $key => $mask) { if (isset($known_rules[$mask])) { $rules[$var[1]][] = $known_rules[$mask]; } elseif ($key == 'custom' && isset($mask['apply'])) { $rules[$var[1]][] = $mask['apply']; } } if (!empty($rules)) { $rules[$var[1]] = implode('|', $rules[$var[1]]); require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); $validator->sanitation_rules($rules); $validator->validate($_POST); $setArray[$var[1]] = $validator->{$var[1]}; } } else { $setArray[$var[1]] = $_POST[$var[1]]; } } elseif ($var[0] == 'password') { if (isset($_POST[$var[1]][1]) && $_POST[$var[1]][0] == $_POST[$var[1]][1]) { $setArray[$var[1]] = $_POST[$var[1]][0]; } } elseif ($var[0] == 'bbc') { $bbcTags = array(); foreach (parse_bbc(false) as $tag) { $bbcTags[] = $tag['tag']; } if (!isset($_POST[$var[1] . '_enabledTags'])) { $_POST[$var[1] . '_enabledTags'] = array(); } elseif (!is_array($_POST[$var[1] . '_enabledTags'])) { $_POST[$var[1] . '_enabledTags'] = array($_POST[$var[1] . '_enabledTags']); } $setArray[$var[1]] = implode(',', array_diff($bbcTags, $_POST[$var[1] . '_enabledTags'])); } elseif ($var[0] == 'permissions') { $inlinePermissions[] = $var[1]; } } if (!empty($setArray)) { updateSettings($setArray); } // If we have inline permissions we need to save them. if (!empty($inlinePermissions) && allowedTo('manage_permissions')) { // we'll need to save inline permissions require_once SUBSDIR . '/Permission.subs.php'; InlinePermissions_Form::save_inline_permissions($inlinePermissions); } }
/** * Does the actual saving of the article data * * - validates the data is safe to save * - updates existing articles or creates new ones */ private function _sportal_admin_article_edit_save() { global $context, $txt, $modSettings; // No errors, yet. $article_errors = Error_Context::context('article', 0); // Use our standard validation functions in a few spots require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); // If its not new, lets load the current data if (!$this->_is_new) { $_REQUEST['article_id'] = (int) $_REQUEST['article_id']; $context['article'] = sportal_get_articles($_REQUEST['article_id']); } // Clean and Review the post data for compliance $validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'article_id' => 'intval', 'category_id' => 'intval', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim')); $validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required')); $validator->text_replacements(array('title' => $txt['sp_admin_articles_col_title'], 'namespace' => $txt['sp_admin_articles_col_namespace'], 'content' => $txt['sp_admin_articles_col_body'])); // If you messed this up, back you go if (!$validator->validate($_POST)) { foreach ($validator->validation_errors() as $id => $error) { $article_errors->addError($error); } $this->action_sportal_admin_article_edit(); } // Lets make sure this namespace (article id) is unique $has_duplicate = sp_duplicate_articles($validator->article_id, $validator->namespace); if (!empty($has_duplicate)) { $article_errors->addError('sp_error_article_namespace_duplicate'); } // And we can't have just a numeric namespace (article id) if (preg_replace('~[0-9]+~', '', $validator->namespace) === '') { $article_errors->addError('sp_error_article_namespace_numeric'); } // Posting some PHP code, and allowed? Then we need to validate it will run if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) { $validator_php = new Data_Validator(); $validator_php->validation_rules(array('content' => 'php_syntax')); // Bad PHP code if (!$validator_php->validate(array('content' => $_POST['content']))) { $article_errors->addError($validator_php->validation_errors()); } } // None shall pass ... with errors if ($article_errors->hasErrors()) { $this->action_sportal_admin_article_edit(); } // No errors then, prepare the data for saving $article_info = array('id' => $validator->article_id, 'id_category' => $validator->category_id, 'namespace' => $validator->namespace, 'title' => $validator->title, 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($validator->type, array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => $validator->permissions, 'status' => !empty($_POST['status']) ? 1 : 0); if ($article_info['type'] === 'bbc') { preparsecode($article_info['body']); } // Save away checkSession(); sp_save_article($article_info, $this->_is_new); redirectexit('action=admin;area=portalarticles'); return true; }
/** * Does the actual saving of the page data * * - validates the data is safe to save * - updates existing pages or creates new ones */ private function _sportal_admin_page_edit_save() { global $txt, $context, $modSettings; // No errors, yet. $pages_errors = Error_Context::context('pages', 0); // Use our standard validation functions in a few spots require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); // Clean and Review the post data for compliance $validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim')); $validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required')); $validator->text_replacements(array('title' => $txt['sp_error_page_name_empty'], 'namespace' => $txt['sp_error_page_namespace_empty'], 'content' => $txt['sp_admin_pages_col_body'])); // If you messed this up, back you go if (!$validator->validate($_POST)) { foreach ($validator->validation_errors() as $id => $error) { $pages_errors->addError($error); } $this->action_sportal_admin_page_edit(); } // Can't have the same name in the same space twice $has_duplicate = sp_check_duplicate_pages($_POST['namespace'], $_POST['page_id']); if (!empty($has_duplicate)) { $pages_errors->addError('sp_error_page_namespace_duplicate'); } // Can't have a simple numeric namespace if (preg_replace('~[0-9]+~', '', $_POST['namespace']) === '') { $pages_errors->addError('sp_error_page_namespace_numeric'); } if ($_POST['type'] === 'php' && !allowedTo('admin_forum')) { fatal_lang_error('cannot_admin_forum', false); } // Running some php code, then we need to validate its legit code if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) { $validator_php = new Data_Validator(); $validator_php->validation_rules(array('content' => 'php_syntax')); // Bad PHP code if (!$validator_php->validate(array('content' => $_POST['content']))) { $pages_errors->addError($validator_php->validation_errors()); } } // None shall pass ... with errors if ($pages_errors->hasErrors()) { $this->action_sportal_admin_page_edit(); } // If you made it this far, we are going to save the work if (!empty($_POST['blocks']) && is_array($_POST['blocks'])) { foreach ($_POST['blocks'] as $id => $block) { $_POST['blocks'][$id] = (int) $block; } } else { $_POST['blocks'] = array(); } // The data for the fields $page_info = array('id' => (int) $_POST['page_id'], 'namespace' => Util::htmlspecialchars($_POST['namespace'], ENT_QUOTES), 'title' => Util::htmlspecialchars($_POST['title'], ENT_QUOTES), 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($_POST['type'], array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => (int) $_POST['permissions'], 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']) ? 1 : 0); if ($page_info['type'] === 'bbc') { preparsecode($page_info['body']); } // Save away sp_save_page($page_info, $context['SPortal']['is_new']); $to_show = array(); $not_to_show = array(); $changes = array(); foreach ($context['page_blocks'] as $page_blocks) { foreach ($page_blocks as $block) { if ($block['shown'] && !in_array($block['id'], $_POST['blocks'])) { $not_to_show[] = $block['id']; } elseif (!$block['shown'] && in_array($block['id'], $_POST['blocks'])) { $to_show[] = $block['id']; } } } foreach ($to_show as $id) { if (empty($this->blocks[$id]['display']) && empty($this->blocks[$id]['display_custom']) || $this->blocks[$id]['display'] == 'sportal') { $changes[$id] = array('display' => 'portal,p' . $page_info['id'], 'display_custom' => ''); } elseif (in_array($this->blocks[$id]['display'], array('allaction', 'allboard'))) { $changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . ',p' . $page_info['id']); } elseif (in_array('-p' . $page_info['id'], explode(',', $this->blocks[$id]['display_custom']))) { $changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('-p' . $page_info['id'])))); } elseif (empty($this->blocks[$id]['display_custom'])) { $changes[$id] = array('display' => implode(',', array_merge(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => ''); } else { $changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_merge(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id'])))); } } foreach ($not_to_show as $id) { if (count(array_intersect(array($this->blocks[$id]['display'], $this->blocks[$id]['display_custom']), array('sforum', 'allpages', 'all'))) > 0) { $changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . $this->blocks[$id]['display_custom'] . ',-p' . $page_info['id']); } elseif (empty($this->blocks[$id]['display_custom'])) { $changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => ''); } else { $changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id'])))); } } // Update the blocks as needed foreach ($changes as $id => $data) { sp_update_block_visibility($id, $data); } redirectexit('action=admin;area=portalpages'); return true; }
/** * Editing a membergroup. * * What it does: * - Screen to edit a specific membergroup. * - Called by ?action=admin;area=membergroups;sa=edit;group=x. * - It requires the manage_membergroups permission. * - Also handles the delete button of the edit form. * - Redirects to ?action=admin;area=membergroups. * * @uses the edit_group sub template of ManageMembergroups. */ public function action_edit() { global $context, $txt, $modSettings; $current_group_id = isset($_REQUEST['group']) ? (int) $_REQUEST['group'] : 0; if (!empty($modSettings['deny_boards_access'])) { loadLanguage('ManagePermissions'); } require_once SUBSDIR . '/Membergroups.subs.php'; // Make sure this group is editable. if (!empty($current_group_id)) { $current_group = membergroupById($current_group_id); } // Now, do we have a valid id? if (!allowedTo('admin_forum') && !empty($current_group_id) && $current_group['group_type'] == 1) { fatal_lang_error('membergroup_does_not_exist', false); } // The delete this membergroup button was pressed. if (isset($_POST['delete'])) { checkSession(); validateToken('admin-mmg'); if (empty($current_group_id)) { fatal_lang_error('membergroup_does_not_exist', false); } // Let's delete the group deleteMembergroups($current_group['id_group']); redirectexit('action=admin;area=membergroups;'); } elseif (isset($_POST['save'])) { // Validate the session. checkSession(); validateToken('admin-mmg'); if (empty($current_group_id)) { fatal_lang_error('membergroup_does_not_exist', false); } require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); // Cleanup the inputs! :D $validator->sanitation_rules(array('max_messages' => 'intval', 'min_posts' => 'intval|abs', 'group_type' => 'intval', 'group_desc' => 'trim|Util::htmlspecialchars', 'group_name' => 'trim|Util::htmlspecialchars', 'group_hidden' => 'intval', 'group_inherit' => 'intval', 'icon_count' => 'intval', 'icon_image' => 'trim|Util::htmlspecialchars', 'online_color' => 'trim|valid_color')); $validator->input_processing(array('boardaccess' => 'array')); $validator->validation_rules(array('boardaccess' => 'contains[allow,ignore,deny]')); $validator->validate($_POST); // Can they really inherit from this group? if ($validator->group_inherit != -2 && !allowedTo('admin_forum')) { $inherit_type = membergroupById($validator->group_inherit); } $min_posts = $validator->group_type == -1 && $validator->min_posts >= 0 && $current_group['id_group'] > 3 ? $validator->min_posts : ($current_group['id_group'] == 4 ? 0 : -1); $group_inherit = $current_group['id_group'] > 1 && $current_group['id_group'] != 3 && (empty($inherit_type['group_type']) || $inherit_type['group_type'] != 1) ? $validator->group_inherit : -2; //@todo Don't set online_color for the Moderators group? // Do the update of the membergroup settings. $properties = array('max_messages' => $validator->max_messages, 'min_posts' => $min_posts, 'group_type' => $validator->group_type < 0 || $validator->group_type > 3 || $validator->group_type == 1 && !allowedTo('admin_forum') ? 0 : $validator->group_type, 'hidden' => !$validator->group_hidden || $min_posts != -1 || $current_group['id_group'] == 3 ? 0 : $validator->group_hidden, 'id_parent' => $group_inherit, 'current_group' => $current_group['id_group'], 'group_name' => $validator->group_name, 'online_color' => $validator->online_color, 'icons' => $validator->icon_count <= 0 ? '' : min($validator->icon_count, 10) . '#' . $validator->icon_image, 'description' => $current_group['id_group'] == 1 || $validator->group_type != -1 ? $validator->group_desc : ''); updateMembergroupProperties($properties); call_integration_hook('integrate_save_membergroup', array($current_group['id_group'])); // Time to update the boards this membergroup has access to. if ($current_group['id_group'] == 2 || $current_group['id_group'] > 3) { $changed_boards = array(); $changed_boards['allow'] = array(); $changed_boards['deny'] = array(); $changed_boards['ignore'] = array(); if ($validator->boardaccess) { foreach ($validator->boardaccess as $group_id => $action) { $changed_boards[$action][] = (int) $group_id; } } foreach (array('allow', 'deny') as $board_action) { // Find all board this group is in, but shouldn't be in. detachGroupFromBoards($current_group['id_group'], $changed_boards, $board_action); // Add the membergroup to all boards that hadn't been set yet. if (!empty($changed_boards[$board_action])) { assignGroupToBoards($current_group['id_group'], $changed_boards, $board_action); } } } // Remove everyone from this group! if ($min_posts != -1) { detachDeletedGroupFromMembers($current_group['id_group']); } elseif ($current_group['id_group'] != 3) { // Making it a hidden group? If so remove everyone with it as primary group (Actually, just make them additional). if ($validator->group_hidden == 2) { setGroupToHidden($current_group['id_group']); } // Either way, let's check our "show group membership" setting is correct. validateShowGroupMembership(); } // Do we need to set inherited permissions? if ($group_inherit != -2 && $group_inherit != $_POST['old_inherit']) { require_once SUBSDIR . '/Permission.subs.php'; updateChildPermissions($group_inherit); } // Finally, moderators! $moderator_string = isset($_POST['group_moderators']) ? trim($_POST['group_moderators']) : ''; detachGroupModerators($current_group['id_group']); if ((!empty($moderator_string) || !empty($_POST['moderator_list'])) && $min_posts == -1 && $current_group['id_group'] != 3) { // Get all the usernames from the string if (!empty($moderator_string)) { $moderator_string = strtr(preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', htmlspecialchars($moderator_string, ENT_QUOTES, 'UTF-8')), array('"' => '"')); preg_match_all('~"([^"]+)"~', $moderator_string, $matches); $moderators = array_merge($matches[1], explode(',', preg_replace('~"[^"]+"~', '', $moderator_string))); for ($k = 0, $n = count($moderators); $k < $n; $k++) { $moderators[$k] = trim($moderators[$k]); if (strlen($moderators[$k]) == 0) { unset($moderators[$k]); } } // Find all the id_member's for the member_name's in the list. if (!empty($moderators)) { $group_moderators = getIDMemberFromGroupModerators($moderators); } } else { $moderators = array(); foreach ($_POST['moderator_list'] as $moderator) { $moderators[] = (int) $moderator; } $group_moderators = array(); if (!empty($moderators)) { require_once SUBSDIR . '/Members.subs.php'; $members = getBasicMemberData($moderators); foreach ($members as $member) { $group_moderators[] = $member['id_member']; } } } // Found some? if (!empty($group_moderators)) { assignGroupModerators($current_group['id_group'], $group_moderators); } } // There might have been some post group changes. updateStats('postgroups'); // We've definitely changed some group stuff. updateSettings(array('settings_updated' => time())); // Log the edit. logAction('edited_group', array('group' => $validator->group_name), 'admin'); redirectexit('action=admin;area=membergroups'); } // Fetch the current group information. $row = membergroupById($current_group['id_group'], true); if (empty($row) || !allowedTo('admin_forum') && $row['group_type'] == 1) { fatal_lang_error('membergroup_does_not_exist', false); } $row['icons'] = explode('#', $row['icons']); $context['group'] = array('id' => $row['id_group'], 'name' => $row['group_name'], 'description' => htmlspecialchars($row['description'], ENT_COMPAT, 'UTF-8'), 'editable_name' => $row['group_name'], 'color' => $row['online_color'], 'min_posts' => $row['min_posts'], 'max_messages' => $row['max_messages'], 'icon_count' => (int) $row['icons'][0], 'icon_image' => isset($row['icons'][1]) ? $row['icons'][1] : '', 'is_post_group' => $row['min_posts'] != -1, 'type' => $row['min_posts'] != -1 ? 0 : $row['group_type'], 'hidden' => $row['min_posts'] == -1 ? $row['hidden'] : 0, 'inherited_from' => $row['id_parent'], 'allow_post_group' => $row['id_group'] == 2 || $row['id_group'] > 4, 'allow_delete' => $row['id_group'] == 2 || $row['id_group'] > 4, 'allow_protected' => allowedTo('admin_forum')); // Get any moderators for this group $context['group']['moderators'] = getGroupModerators($row['id_group']); $context['group']['moderator_list'] = empty($context['group']['moderators']) ? '' : '"' . implode('", "', $context['group']['moderators']) . '"'; if (!empty($context['group']['moderators'])) { list($context['group']['last_moderator_id']) = array_slice(array_keys($context['group']['moderators']), -1); } // Get a list of boards this membergroup is allowed to see. $context['boards'] = array(); if ($row['id_group'] == 2 || $row['id_group'] > 3) { require_once SUBSDIR . '/Boards.subs.php'; $context += getBoardList(array('override_permissions' => true, 'access' => $row['id_group'], 'not_redirection' => true)); // Include a list of boards per category for easy toggling. foreach ($context['categories'] as $category) { $context['categories'][$category['id']]['child_ids'] = array_keys($category['boards']); } } // Finally, get all the groups this could be inherited off. $context['inheritable_groups'] = getInheritableGroups($row['id_group']); call_integration_hook('integrate_view_membergroup'); $context['sub_template'] = 'edit_group'; $context['page_title'] = $txt['membergroups_edit_group']; // Use the autosuggest script when needed if ($context['group']['id'] != 3 && $context['group']['id'] != 4) { loadJavascriptFile('suggest.js', array('defer' => true)); } createToken('admin-mmg'); }
/** * Removing old and inactive members. */ public function action_purgeinactive_display() { global $context, $txt; checkSession(); validateToken('admin-maint'); require_once SUBSDIR . '/DataValidator.class.php'; // Start with checking and cleaning what was sent $validator = new Data_Validator(); $validator->sanitation_rules(array('maxdays' => 'intval')); $validator->validation_rules(array('maxdays' => 'required', 'groups' => 'isarray', 'del_type' => 'required')); // Validator says, you can pass or not if ($validator->validate($_POST)) { require_once SUBSDIR . '/Maintenance.subs.php'; require_once SUBSDIR . '/Members.subs.php'; $groups = array(); foreach ($validator->groups as $id => $dummy) { $groups[] = (int) $id; } $time_limit = time() - $validator->maxdays * 24 * 3600; $members = purgeMembers($validator->type, $groups, $time_limit); deleteMembers($members); $context['maintenance_finished'] = array('errors' => array(sprintf($txt['maintain_done'], $txt['maintain_members']))); } else { $context['maintenance_finished'] = array('errors' => $validator->validation_errors(), 'type' => 'minor'); } }