/** * Updates user settings * * ALWAYS use this function if you would like to update a user's blog settings on a different page! Otherwise there may be security problems. */ function update_user_blog_settings($user_id, $data, $resync = false) { global $cache, $db, $user_settings, $blog_plugins; if (!isset($user_settings[$user_id])) { get_user_settings($user_id); } // Filter the Blog CSS. if (isset($data['blog_css'])) { // Check for valid images if the user put in any urls. /* This just does not seem to work correctly all the time, so I am removing it. It really isn't that important anyways, since someone could link to an image, then after they submit the page replace the image with whatever they want. $urls = array(); preg_match_all('#([a-zA-Z]+):((//)|(\\\\))+[\w\d:\#%/;$~_?\\-=\\\.&]*#', $data['blog_css'], $urls); foreach ($urls[0] as $img) { if (@getimagesize($img) === false) { $data['blog_css'] = str_replace($img, ' ', $data['blog_css']); } }*/ // Replace quotes so they can be used. $data['blog_css'] = str_replace('"', '"', $data['blog_css']); // Now we shall run our main filters. $script_matches = array('#javascript#', '#vbscript#', '#manuscript#', "#[^a-zA-Z]java#", "#java[^a-zA-Z]#", "#[^a-zA-Z]script#", "#script[^a-zA-Z]#", "#[^a-zA-Z]expression#", "#expression[^a-zA-Z]#", "#[^a-zA-Z]eval#", "#eval[^a-zA-Z]#"); if (preg_replace($script_matches, ' ', strtolower($data['blog_css'])) != strtolower($data['blog_css'])) { // If they are going to try something so obvious, instead of trying to filter it I'll just delete everything. $data['blog_css'] = ''; } else { // Remove CSS/HTML comments, HTML ASCII/HEX, and any other characters I do not think are needed. $matches = array('#/\\*.+\\*/#', '#<!--.+-->#', '$&#?([a-zA-Z0-9]+);?$', '$([^a-zA-Z0-9",\\*+%!_\\.#{}()/:;-\\s])$'); $data['blog_css'] = preg_replace($matches, ' ', $data['blog_css']); } } if (!isset($user_settings[$user_id])) { $sql_array = array('user_id' => $user_id, 'perm_guest' => isset($data['perm_guest']) ? $data['perm_guest'] : 1, 'perm_registered' => isset($data['perm_registered']) ? $data['perm_registered'] : 2, 'perm_foe' => isset($data['perm_foe']) ? $data['perm_foe'] : 0, 'perm_friend' => isset($data['perm_friend']) ? $data['perm_friend'] : 2, 'title' => isset($data['title']) ? $data['title'] : '', 'description' => isset($data['description']) ? $data['description'] : '', 'description_bbcode_bitfield' => isset($data['description_bbcode_bitfield']) ? $data['description_bbcode_bitfield'] : '', 'description_bbcode_uid' => isset($data['description_bbcode_uid']) ? $data['description_bbcode_uid'] : '', 'instant_redirect' => isset($data['instant_redirect']) ? $data['instant_redirect'] : 0, 'blog_subscription_default' => isset($data['blog_subscription_default']) ? $data['blog_subscription_default'] : 0, 'blog_style' => isset($data['blog_style']) ? $data['blog_style'] : 0, 'blog_css' => isset($data['blog_css']) ? $data['blog_css'] : ''); $temp = compact('sql_array', 'user_id', 'data'); blog_plugins::plugin_do_ref('function_get_user_settings_insert', $temp); extract($temp); $sql = 'INSERT INTO ' . BLOGS_USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_array); $db->sql_query($sql); } else { blog_plugins::plugin_do_ref('function_get_user_settings_update', $data); $sql = 'UPDATE ' . BLOGS_USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $data) . ' WHERE user_id = ' . intval($user_id); $db->sql_query($sql); } // Resyncronise the Blog Permissions if ($resync && (array_key_exists('perm_guest', $data) || array_key_exists('perm_registered', $data) || array_key_exists('perm_foe', $data) || array_key_exists('perm_friend', $data))) { $sql_array = array('perm_guest' => isset($data['perm_guest']) ? $data['perm_guest'] : 1, 'perm_registered' => isset($data['perm_registered']) ? $data['perm_registered'] : 2, 'perm_foe' => isset($data['perm_foe']) ? $data['perm_foe'] : 0, 'perm_friend' => isset($data['perm_friend']) ? $data['perm_friend'] : 2); $sql = 'UPDATE ' . BLOGS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_array) . ' WHERE user_id = ' . intval($user_id); $db->sql_query($sql); } blog_plugins::plugin_do('function_get_user_settings', compact('data', 'user_id', 'resync')); //$cache->destroy('_blog_settings_' . $user_id); }
wrap_img_in_html(append_sid('./blog.' . $phpEx, 'page=download&id=' . $attachment['attach_id']), $attachment['real_filename']); } else { // Determine the 'presenting'-method if ($download_mode == PHYSICAL_LINK) { // This presenting method should no longer be used if (!@is_dir($phpbb_root_path . $config['upload_path'])) { trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']); } redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']); exit; } else { send_file_to_browser($attachment, $config['upload_path'] . '/blog_mod', $display_cat); exit; } } blog_plugins::plugin_do('download_end'); /** * Wraps an url into a simple html page. Used to display attachments in IE. * this is a workaround for now; might be moved to template system later * direct any complaints to 1 Microsoft Way, Redmond */ function wrap_img_in_html($src, $title) { echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-Strict.dtd">'; echo '<html>'; echo '<head>'; echo '<meta http-equiv="content-type" content="text/html; charset=UTF-8" />'; echo '<title>' . $title . '</title>'; echo '</head>'; echo '<body>'; echo '<div>';
/** * Get Attachment Data */ public function get_submitted_attachment_data($check_user_id = false) { global $user, $db, $config, $auth; if (!$config['user_blog_enable_attachments'] || !$auth->acl_get('u_blogattach')) { return; } blog_plugins::plugin_do('get_submitted_attachment_data'); $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true)); $attachment_data = isset($_POST['attachment_data']) ? $_POST['attachment_data'] : array(); $this->attachment_data = array(); $check_user_id = $check_user_id === false ? $user->data['user_id'] : $check_user_id; if (!sizeof($attachment_data)) { return; } $not_orphan = $orphan = array(); foreach ($attachment_data as $pos => $var_ary) { if ($var_ary['is_orphan']) { $orphan[(int) $var_ary['attach_id']] = $pos; } else { $not_orphan[(int) $var_ary['attach_id']] = $pos; } } // Regenerate already posted attachments if (sizeof($not_orphan)) { // Get the attachment data, based on the poster id... $sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment FROM ' . BLOGS_ATTACHMENT_TABLE . ' WHERE ' . $db->sql_in_set('attach_id', array_unique(array_map('intval', array_keys($not_orphan)))) . ' AND poster_id = ' . $check_user_id; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $pos = $not_orphan[$row['attach_id']]; $this->attachment_data[$pos] = $row; set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true); unset($not_orphan[$row['attach_id']]); } $db->sql_freeresult($result); } if (sizeof($not_orphan)) { trigger_error('NO_ACCESS_ATTACHMENT', E_USER_ERROR); } // Regenerate newly uploaded attachments if (sizeof($orphan)) { $sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment FROM ' . BLOGS_ATTACHMENT_TABLE . ' WHERE ' . $db->sql_in_set('attach_id', array_unique(array_map('intval', array_keys($orphan)))) . ' AND poster_id = ' . $user->data['user_id'] . ' AND is_orphan = 1'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $pos = $orphan[$row['attach_id']]; $this->attachment_data[$pos] = $row; set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true); unset($orphan[$row['attach_id']]); } $db->sql_freeresult($result); } if (sizeof($orphan)) { trigger_error('NO_ACCESS_ATTACHMENT', E_USER_ERROR); } ksort($this->attachment_data); }
/** * Set the options in the template */ function set_in_template() { global $template, $user, $phpbb_root_path, $phpEx; // Assign some variables to the template parser $template->assign_vars(array('S_BBCODE_CHECKED' => $this->enable_bbcode ? '' : ' checked="checked"', 'S_SMILIES_CHECKED' => $this->enable_smilies ? '' : ' checked="checked"', 'S_MAGIC_URL_CHECKED' => $this->enable_magic_url ? '' : ' checked="checked"', 'BBCODE_STATUS' => $this->bbcode_status ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>'), 'IMG_STATUS' => $this->img_status ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $this->flash_status ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => $this->smilies_status ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'URL_STATUS' => $this->url_status ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'S_BBCODE_ALLOWED' => $this->bbcode_status, 'S_SMILIES_ALLOWED' => $this->smilies_status, 'S_LINKS_ALLOWED' => $this->url_status, 'S_BBCODE_IMG' => $this->img_status, 'S_BBCODE_URL' => $this->url_status, 'S_BBCODE_FLASH' => $this->flash_status, 'S_BBCODE_QUOTE' => true)); blog_plugins::plugin_do('post_options_set_in_template'); }
trigger_error('REPLY_EDIT_LOCKED'); } // Setup the page header and sent the title of the page that will go into the browser header page_header($user->lang['DELETE_REPLY']); // Generate the breadcrumbs generate_blog_breadcrumbs($user->lang['DELETE_REPLY']); blog_plugins::plugin_do('reply_delete'); $display_vars = array(); if ($auth->acl_get('a_blogdelete') && blog_data::$reply[$reply_id]['reply_deleted'] == 0) { $display_vars = array('legend1' => $user->lang['HARD_DELETE'], 'hard_delete' => array('lang' => 'HARD_DELETE', 'validate' => 'bool', 'type' => 'checkbox', 'default' => false, 'explain' => true)); } blog_plugins::plugin_do_ref('blog_delete', $display_vars); include "{$phpbb_root_path}blog/includes/functions_confirm.{$phpEx}"; $settings = blog_confirm('DELETE_REPLY', 'DELETE_REPLY_CONFIRM', $display_vars, 'yes/no'); if (is_array($settings)) { blog_plugins::plugin_do('reply_delete_confirm'); // if it has already been soft deleted if ((isset($settings['hard_delete']) && $settings['hard_delete'] || blog_data::$reply[$reply_id]['reply_deleted'] != 0) && $auth->acl_get('a_blogreplydelete')) { // If it has not been soft deleted we need to do a few more things... if (blog_data::$reply[$reply_id]['reply_deleted'] == 0) { // Remove the search index $blog_search->index_remove($blog_id, $reply_id); // update the reply count for the blog $sql = 'UPDATE ' . BLOGS_TABLE . ' SET blog_reply_count = blog_reply_count - 1 WHERE blog_id = ' . intval($blog_id) . ' AND blog_reply_count > 0'; $db->sql_query($sql); set_config('num_blog_replies', --$config['num_blog_replies'], true); } // Delete the Attachments $blog_attachment->get_attachment_data(false, $reply_id); if (sizeof(blog_data::$reply[$reply_id]['attachment_data'])) { foreach (blog_data::$reply[$reply_id]['attachment_data'] as $null => $data) {
function categories($id, $mode) { global $db, $user, $auth, $template, $cache; global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx; $this->tpl_name = 'acp_blog_categories'; $this->page_title = 'ACP_BLOG_CATEGORIES'; $form_key = 'acp_blog'; $action = request_var('action', ''); $update = isset($_POST['update']) ? true : false; $category_id = request_var('c', 0); $this->parent_id = request_var('parent_id', 0); $category_data = $errors = array(); // Clear the categories cache $cache->destroy('_blog_categories'); // Major routines if ($update) { switch ($action) { case 'delete': $action_subcategories = request_var('action_subcategories', ''); $subcategories_to_id = request_var('subcategories_to_id', 0); $action_blogs = request_var('action_blogs', ''); $blogs_to_id = request_var('blogs_to_id', 0); $row = $this->get_category_info($category_id); $errors = $this->delete_category($category_id, $action_blogs, $action_subcategories, $blogs_to_id, $subcategories_to_id); blog_plugins::plugin_do_ref('acp_category_delete', $errors); if (sizeof($errors)) { break; } add_log('admin', 'LOG_BLOG_CATEGORY_DELETE', $row['category_name']); trigger_error($user->lang['CATEGORY_DELETED'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id)); break; case 'edit': $category_data = array('category_id' => $category_id); // No break here // No break here case 'add': $category_data += array('parent_id' => request_var('category_parent_id', $this->parent_id), 'category_name' => utf8_normalize_nfc(request_var('category_name', '', true)), 'category_description' => utf8_normalize_nfc(request_var('category_description', '', true)), 'category_description_bitfield' => '', 'category_description_uid' => '', 'category_description_options' => 7, 'rules' => utf8_normalize_nfc(request_var('rules', '', true)), 'rules_bitfield' => '', 'rules_uid' => '', 'rules_options' => 7); // Get data for category rules if specified... if ($category_data['rules']) { generate_text_for_storage($category_data['rules'], $category_data['rules_uid'], $category_data['rules_bitfield'], $category_data['rules_options'], request_var('rules_parse_bbcode', false), request_var('rules_parse_urls', false), request_var('rules_parse_smilies', false)); } // Get data for category description if specified if ($category_data['category_description']) { generate_text_for_storage($category_data['category_description'], $category_data['category_description_uid'], $category_data['category_description_bitfield'], $category_data['category_description_options'], request_var('desc_parse_bbcode', false), request_var('desc_parse_urls', false), request_var('desc_parse_smilies', false)); } $temp = compact('action', 'category_data'); blog_plugins::plugin_do_ref('acp_category_add_edit', $temp); extract($temp); $errors = $this->update_category_data($category_data); if (!sizeof($errors)) { $message = $action == 'add' ? $user->lang['CATEGORY_CREATED'] : $user->lang['CATEGORY_UPDATED']; trigger_error($message . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id)); } break; } } switch ($action) { case 'move_up': case 'move_down': if (!$category_id) { trigger_error($user->lang['NO_CATEGORY'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } $sql = 'SELECT * FROM ' . BLOGS_CATEGORIES_TABLE . "\n\t\t\t\t\tWHERE category_id = {$category_id}"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { trigger_error($user->lang['NO_CATEGORY'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } $move_category_name = $this->move_category_by($row, $action, 1); break; case 'add': case 'edit': // Show form to create/modify a category if ($action == 'edit') { $this->page_title = 'EDIT_CATEGORY'; $row = $this->get_category_info($category_id); if (!$update) { $category_data = $row; } else { $category_data['left_id'] = $row['left_id']; $category_data['right_id'] = $row['right_id']; } // Make sure no direct child categories are able to be selected as parents. $exclude_categories = array(); foreach (get_category_branch($category_id, 'children') as $row) { $exclude_categories[] = $row['category_id']; } $parents_list = make_category_select($category_data['parent_id'], $exclude_categories); } else { $this->page_title = 'CREATE_CATEGORY'; $category_id = $this->parent_id; $parents_list = make_category_select($this->parent_id); // Fill category data with default values if (!$update) { $category_data = array('parent_id' => $this->parent_id, 'category_name' => utf8_normalize_nfc(request_var('category_name', '', true)), 'category_description' => '', 'rules' => ''); } } $rules_data = array('text' => $category_data['rules'], 'allow_bbcode' => true, 'allow_smilies' => true, 'allow_urls' => true); $category_description_data = array('text' => $category_data['category_description'], 'allow_bbcode' => true, 'allow_smilies' => true, 'allow_urls' => true); $rules_preview = ''; // Parse rules if specified if ($category_data['rules']) { if (!isset($category_data['rules_uid'])) { // Before we are able to display the preview and plane text, we need to parse our request_var()'d value... $category_data['rules_uid'] = ''; $category_data['rules_bitfield'] = ''; $category_data['rules_options'] = 0; generate_text_for_storage($category_data['rules'], $category_data['rules_uid'], $category_data['rules_bitfield'], $category_data['rules_options'], request_var('rules_allow_bbcode', false), request_var('rules_allow_urls', false), request_var('rules_allow_smilies', false)); } // Generate preview content $rules_preview = generate_text_for_display($category_data['rules'], $category_data['rules_uid'], $category_data['rules_bitfield'], $category_data['rules_options']); // decode... $rules_data = generate_text_for_edit($category_data['rules'], $category_data['rules_uid'], $category_data['rules_options']); } // Parse desciption if specified if ($category_data['category_description']) { if (!isset($category_data['category_description_uid'])) { // Before we are able to display the preview and plane text, we need to parse our request_var()'d value... $category_data['category_description_uid'] = ''; $category_data['category_description_bitfield'] = ''; $category_data['category_description_options'] = 0; generate_text_for_storage($category_data['category_description'], $category_data['category_description_uid'], $category_data['category_description_bitfield'], $category_data['category_description_options'], request_var('desc_allow_bbcode', false), request_var('desc_allow_urls', false), request_var('desc_allow_smilies', false)); } // decode... $category_description_data = generate_text_for_edit($category_data['category_description'], $category_data['category_description_uid'], $category_data['category_description_options']); } $sql = 'SELECT category_id FROM ' . BLOGS_CATEGORIES_TABLE . "\n\t\t\t\t\t\tWHERE category_id <> {$category_id}"; $result = $db->sql_query($sql); if ($db->sql_fetchrow($result)) { $template->assign_vars(array('S_MOVE_CATEGORY_OPTIONS' => make_category_select($category_data['parent_id'], $category_id))); } $db->sql_freeresult($result); $template->assign_vars(array('S_ADD_ACTION' => $mode == 'add' ? true : false, 'S_EDIT_CATEGORY' => true, 'S_ERROR' => sizeof($errors) ? true : false, 'S_PARENT_ID' => $this->parent_id, 'S_CATEGORY_PARENT_ID' => $category_data['parent_id'], 'S_PARENT_OPTIONS' => $parents_list, 'U_BACK' => $this->u_action . '&parent_id=' . $this->parent_id, 'U_EDIT_ACTION' => $this->u_action . "&parent_id={$this->parent_id}&action={$action}&c={$category_id}", 'L_TITLE' => $user->lang[$this->page_title], 'ERROR_MSG' => sizeof($errors) ? implode('<br />', $errors) : '', 'CATEGORY_NAME' => $category_data['category_name'], 'RULES' => $category_data['rules'], 'RULES_PREVIEW' => $rules_preview, 'RULES_PLAIN' => $rules_data['text'], 'S_BBCODE_CHECKED' => $rules_data['allow_bbcode'] ? true : false, 'S_SMILIES_CHECKED' => $rules_data['allow_smilies'] ? true : false, 'S_URLS_CHECKED' => $rules_data['allow_urls'] ? true : false, 'CATEGORY_DESCRIPTION' => $category_description_data['text'], 'S_DESC_BBCODE_CHECKED' => $category_description_data['allow_bbcode'] ? true : false, 'S_DESC_SMILIES_CHECKED' => $category_description_data['allow_smilies'] ? true : false, 'S_DESC_URLS_CHECKED' => $category_description_data['allow_urls'] ? true : false, 'S_CATEGORY_OPTIONS' => make_category_select($action == 'add' ? $category_data['parent_id'] : false, $action == 'edit' ? $category_data['category_id'] : false))); blog_plugins::plugin_do('acp_category_add_edit_initial'); return; break; case 'delete': if (!$category_id) { trigger_error($user->lang['NO_CATEGORY'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } $category_data = $this->get_category_info($category_id); $subcategories_id = array(); $subcategories = get_category_branch($category_id, 'children'); foreach ($subcategories as $row) { $subcategories_id[] = $row['category_id']; } $categories_list = make_category_select($category_data['parent_id'], $subcategories_id); $sql = 'SELECT category_id FROM ' . BLOGS_CATEGORIES_TABLE . "\n\t\t\t\t\t\tWHERE category_id <> {$category_id}"; $result = $db->sql_query($sql); if ($db->sql_fetchrow($result)) { $template->assign_vars(array('S_MOVE_CATEGORY_OPTIONS' => make_category_select($category_data['parent_id'], $subcategories_id))); } $db->sql_freeresult($result); $parent_id = $this->parent_id == $category_id ? 0 : $this->parent_id; $template->assign_vars(array('S_DELETE_CATEGORY' => true, 'U_ACTION' => $this->u_action . "&parent_id={$parent_id}&action=delete&c={$category_id}", 'U_BACK' => $this->u_action . '&parent_id=' . $this->parent_id, 'CATEGORY_NAME' => $category_data['category_name'], 'S_HAS_SUBCATEGORYS' => $category_data['right_id'] - $category_data['left_id'] > 1 ? true : false, 'S_CATEGORIES_LIST' => $categories_list, 'S_ERROR' => sizeof($errors) ? true : false, 'ERROR_MSG' => sizeof($errors) ? implode('<br />', $errors) : '')); return; break; } // Default management page if (!$this->parent_id) { $navigation = $user->lang['CATEGORY_INDEX']; } else { $navigation = '<a href="' . $this->u_action . '">' . $user->lang['CATEGORY_INDEX'] . '</a>'; $category_nav = get_category_branch($this->parent_id, 'parents', 'descending'); foreach ($category_nav as $row) { if ($row['category_id'] == $this->parent_id) { $navigation .= ' -> ' . $row['category_name']; } else { $navigation .= ' -> <a href="' . $this->u_action . '&parent_id=' . $row['category_id'] . '">' . $row['category_name'] . '</a>'; } } } // Jumpbox $category_box = make_category_select($this->parent_id); $sql = 'SELECT * FROM ' . BLOGS_CATEGORIES_TABLE . "\n\t\t\tWHERE parent_id = {$this->parent_id}\n\t\t\tORDER BY left_id"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { do { $url = $this->u_action . "&parent_id={$this->parent_id}&c={$row['category_id']}"; $category_title = $row['category_name']; $template->assign_block_vars('categories', array('CATEGORY_NAME' => $row['category_name'], 'CATEGORY_DESCRIPTION' => generate_text_for_display($row['category_description'], $row['category_description_uid'], $row['category_description_bitfield'], $row['category_description_options']), 'U_CATEGORY' => $this->u_action . '&parent_id=' . $row['category_id'], 'U_MOVE_UP' => $url . '&action=move_up', 'U_MOVE_DOWN' => $url . '&action=move_down', 'U_EDIT' => $url . '&action=edit', 'U_DELETE' => $url . '&action=delete')); } while ($row = $db->sql_fetchrow($result)); } else { if ($this->parent_id) { $row = $this->get_category_info($this->parent_id); $url = $this->u_action . '&parent_id=' . $this->parent_id . '&c=' . $row['category_id']; $template->assign_vars(array('S_NO_CATEGORIES' => true, 'U_EDIT' => $url . '&action=edit', 'U_DELETE' => $url . '&action=delete')); } } $db->sql_freeresult($result); $template->assign_vars(array('ERROR_MSG' => sizeof($errors) ? implode('<br />', $errors) : '', 'NAVIGATION' => $navigation, 'CATEGORY_BOX' => $category_box, 'U_SEL_ACTION' => $this->u_action, 'U_ACTION' => $this->u_action . '&parent_id=' . $this->parent_id)); }
/** * Get user data * * grabs the data on the user and places it in the self::$user array * * @param int|bool $id The user_id (or multiple user_ids if given an array) of the user we want to grab the data for * @param bool $user_queue If user_queue is true then we just grab the user_ids from the user_queue, otherwise we select data from $id. */ public function get_user_data($id, $user_queue = false, $username = false) { global $user, $db, $phpbb_root_path, $phpEx, $config, $auth, $cp; // if we are using the user_queue, set $user_id as that for consistency if ($user_queue) { $id = self::$user_queue; } blog_plugins::plugin_do('user_data_start'); // this holds the user_id's we will query $users_to_query = array(); // if the $user_id isn't an array, make it one for consistency if (!is_array($id)) { $id = array(intval($id)); } if ($username) { $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE username_clean = \'' . $db->sql_escape(utf8_clean_string($username)) . '\''; $result = $db->sql_query($sql); $id[] = $db->sql_fetchfield('user_id', $result); $db->sql_freeresult($result); } if (!sizeof($id)) { return; } $id[] = 1; foreach ($id as $i) { if ($i && !isset(self::$user[$i]) && !in_array($i, $users_to_query)) { $users_to_query[] = (int) $i; } } if (!sizeof($users_to_query)) { return; } // Grab all profile fields from users in id cache for later use - similar to the poster cache if ($config['user_blog_custom_profile_enable']) { if (!class_exists('custom_profile')) { include $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx; $cp = new custom_profile(); } $profile_fields_cache = $cp->generate_profile_fields_template('grab', $users_to_query); } // Grab user status information $status_data = array(); $sql = 'SELECT session_user_id, MAX(session_time) AS online_time, MIN(session_viewonline) AS viewonline FROM ' . SESSIONS_TABLE . ' WHERE ' . $db->sql_in_set('session_user_id', $users_to_query) . ' GROUP BY session_user_id'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $status_data[$row['session_user_id']] = $row; } $db->sql_freeresult($result); $update_time = $config['load_online_time'] * 60; // Get the rest of the data on the users and parse everything we need $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $users_to_query); blog_plugins::plugin_do_ref('user_data_sql', $sql); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $user_id = $row['user_id']; blog_plugins::plugin_do_ref('user_data_while', $row); // view profile link $row['view_profile'] = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&u=" . $user_id); // Full username, with colour $row['username_full'] = get_username_string('full', $user_id, $row['username'], $row['user_colour']); // format the color correctly $row['user_colour'] = get_username_string('colour', $user_id, $row['username'], $row['user_colour']); // Avatar $row['avatar'] = get_user_avatar($row['user_avatar'], $row['user_avatar_type'], $row['user_avatar_width'], $row['user_avatar_height']); // Rank get_user_rank($row['user_rank'], $row['user_posts'], $row['rank_title'], $row['rank_img'], $row['rank_img_src']); if ($row['user_type'] != USER_IGNORE && $row['user_id'] != ANONYMOUS) { // Online/Offline Status $row['status'] = isset($status_data[$user_id]) && time() - $update_time < $status_data[$user_id]['online_time'] && ($status_data[$user_id]['viewonline'] && $row['user_allow_viewonline'] || $auth->acl_get('u_viewonline')) ? true : false; // IM Links $row['aim_url'] = $row['user_aim'] ? append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=contact&action=aim&u={$user_id}") : ''; $row['icq_url'] = $row['user_icq'] ? 'http://www.icq.com/people/webmsg.php?to=' . $row['user_icq'] : ''; $row['jabber_url'] = $row['user_jabber'] ? append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=contact&action=jabber&u={$user_id}") : ''; $row['msn_url'] = $row['user_msnm'] ? append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=contact&action=msnm&u={$user_id}") : ''; $row['yim_url'] = $row['user_yim'] ? 'http://edit.yahoo.com/config/send_webmesg?.target=' . $row['user_yim'] . '&.src=pg' : ''; // PM and email links $row['email_url'] = $config['board_email_form'] && $config['email_enable'] ? append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=email&u={$user_id}") : ($config['board_hide_emails'] && !$auth->acl_get('a_email') ? '' : 'mailto:' . $row['user_email']); $row['pm_url'] = $row['user_id'] != ANONYMOUS && $config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($row['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", "i=pm&mode=compose&u={$user_id}") : ''; // get the custom profile fields if the admin wants them if ($config['user_blog_custom_profile_enable']) { $row['cp_row'] = isset($profile_fields_cache[$user_id]) ? $cp->generate_profile_fields_template('show', false, $profile_fields_cache[$user_id]) : array(); } } else { $row = array_merge($row, array('status' => false, 'aim_url' => '', 'icq_url' => '', 'jabber_url' => '', 'msn_url' => '', 'yim_url' => '', 'email_url' => '', 'pm_url' => '')); } // now lets put everything in the user array self::$user[$user_id] = $row; } $db->sql_freeresult($result); unset($status_data, $row); // if we did use the user_queue, reset it if ($user_queue) { self::$user_queue = array(); } if ($username) { if (isset($user_id) && $user_id != ANONYMOUS) { // Grab all profile fields from users in id cache for later use - similar to the poster cache if ($config['user_blog_custom_profile_enable']) { if (!class_exists('custom_profile')) { include $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx; $cp = new custom_profile(); } $profile_fields_cache = $cp->generate_profile_fields_template('grab', $user_id); } // Grab user status information $status_data = array(); $sql = 'SELECT session_user_id, MAX(session_time) AS online_time, MIN(session_viewonline) AS viewonline FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . intval($user_id) . ' GROUP BY session_user_id'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $status_data[$row['session_user_id']] = $row; } $db->sql_freeresult($result); $update_time = $config['load_online_time'] * 60; self::$user[$user_id]['status'] = isset($status_data[$user_id]) && time() - $update_time < $status_data[$user_id]['online_time'] && ($status_data[$user_id]['viewonline'] && $row['user_allow_viewonline'] || $auth->acl_get('u_viewonline')) ? true : false; unset($status_data); return $user_id; } else { return false; } } else { // replace any non-existing users with the anonymous user. foreach ($id as $i) { if ($i && !array_key_exists($i, self::$user)) { self::$user[$i] = self::$user[1]; } } } }
$random_blog_ids = $blog_data->get_blog_data('random', 0, array('limit' => 1, 'category_id' => $category_id)); $recent_blog_ids = $blog_data->get_blog_data('recent', 0, array('limit' => $limit, 'category_id' => $category_id)); $recent_reply_ids = $blog_data->get_reply_data('recent', 0, array('limit' => $limit, 'category_id' => $category_id)); $blog_data->get_user_data(false, true); update_edit_delete(); // Output the random blog(s) if ($random_blog_ids !== false) { $template->assign_vars(array('S_RANDOM_BLOG' => true)); // I've decided to use a foreach to display the random blogs so it is easier to change the limit if the board owner would like... foreach ($random_blog_ids as $id) { $template->assign_block_vars('random', array_merge($blog_data->handle_user_data(blog_data::$blog[$id]['user_id']), $blog_data->handle_blog_data($id, $config['user_blog_user_text_limit']))); } } // Output the recent blogs $template->assign_block_vars('column', array('SECTION_WIDTH' => '50', 'U_FEED' => $config['user_blog_enable_feeds'] ? blog_url(false, false, false, array('mode' => 'recent_blogs', 'feed' => 'explain')) : '', 'U_VIEW' => blog_url(false, false, false, array('mode' => 'recent_blogs')), 'TITLE' => $user->lang['RECENT_BLOGS'], 'L_NO_MSG' => $user->lang['NO_BLOGS'])); if ($recent_blog_ids !== false) { foreach ($recent_blog_ids as $id) { $template->assign_block_vars('column.row', array_merge($blog_data->handle_user_data(blog_data::$blog[$id]['user_id']), $blog_data->handle_blog_data($id, $config['user_blog_text_limit']))); } } // Output the recent comments $template->assign_block_vars('column', array('SECTION_WIDTH' => '50', 'U_FEED' => $config['user_blog_enable_feeds'] ? blog_url(false, false, false, array('mode' => 'recent_comments', 'feed' => 'explain')) : '', 'U_VIEW' => blog_url(false, false, false, array('mode' => 'recent_comments')), 'TITLE' => $user->lang['RECENT_COMMENTS'], 'L_NO_MSG' => $user->lang['NO_REPLIES'])); if ($recent_reply_ids !== false) { foreach ($recent_reply_ids as $id) { $template->assign_block_vars('column.row', array_merge($blog_data->handle_user_data(blog_data::$reply[$id]['user_id']), $blog_data->handle_reply_data($id, $config['user_blog_text_limit']))); } } $template->set_filenames(array('body' => 'blog/view_blog_main.html')); } blog_plugins::plugin_do('view_main_end');
/** * Handle the categories * * @param int $parent_id If this is set to something other than 0 it will only list categories under the category_id given * @param string $block Set the name of the block to output it to. * @param bool $ignore_subcats True to ignore subcategories, false to display them. * @param array $category_list If you want to send the already gotten category list... */ function handle_categories($parent_id = 0, $block = 'category_row', $ignore_subcats = false, $category_list = false) { global $config, $template, $user; if (!is_array($category_list)) { $category_list = get_blog_categories('left_id'); } blog_plugins::plugin_do('function_handle_categories'); foreach ($category_list as $left_id => $row) { if ($parent_id == $row['category_id'] && !$ignore_subcats) { $template->assign_vars(array('U_CURRENT_CATEGORY' => blog_url(false, false, false, array('page' => $config['user_blog_seo'] ? $row['category_name'] : '*skip*', 'c' => $row['category_id'])), 'CURRENT_CATEGORY' => $row['category_name'], 'CATEGORY_RULES' => generate_text_for_display($row['rules'], $row['rules_uid'], $row['rules_bitfield'], $row['rules_options']))); } if ($parent_id == $row['parent_id']) { $template->assign_block_vars($block, array('CATEGORY_NAME' => $row['category_name'], 'CATEGORY_DESCRIPTION' => generate_text_for_display($row['category_description'], $row['category_description_uid'], $row['category_description_bitfield'], $row['category_description_options']), 'BLOGS' => $row['blog_count'], 'U_CATEGORY' => blog_url(false, false, false, array('page' => $config['user_blog_seo'] ? $row['category_name'] : '*skip*', 'c' => $row['category_id'])), 'S_SUBCATEGORY' => $row['right_id'] > $row['left_id'] + 1 && !$ignore_subcats, 'L_SUBCATEGORY' => $row['right_id'] > $row['left_id'] + 3 ? $user->lang['SUBCATEGORIES'] : $user->lang['SUBCATEGORY'])); // If not, then there are subcategories if ($row['right_id'] > $row['left_id'] + 1 && !$ignore_subcats) { handle_categories($row['category_id'], 'category_row.subcategory', true, $category_list); } } } }
} } // Output some data $template->assign_vars(array('META' => '<link rel="canonical" href="' . blog_url($user_id, false, false, $start > 0 ? array('start' => $start) : array()) . '" />', 'PAGINATION' => $pagination, 'PAGE_NUMBER' => on_page($total_blogs, $limit, $start), 'TOTAL_POSTS' => $total_blogs == 1 ? $user->lang['ONE_BLOG'] : sprintf($user->lang['CNT_BLOGS'], $total_blogs), 'U_BLOG_FEED' => $config['user_blog_enable_feeds'] ? blog_url($user_id, false, false, array('feed' => 'explain')) : '', 'U_PRINT_TOPIC' => !$user->data['is_bot'] ? $blog_urls['self_print'] : '', 'U_VIEW' => $blog_urls['self'], 'S_SORT' => true, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_VIEW_REPLY_COUNT' => true, 'L_NO_DELETED_BLOGS' => $sort_days == 0 ? $user->lang['NO_DELETED_BLOGS'] : sprintf($user->lang['NO_DELETED_BLOGS_SORT_DAYS'], $limit_days[$sort_days]), 'L_NO_BLOGS_USER' => $sort_days == 0 ? $user->lang['NO_BLOGS_USER'] : sprintf($user->lang['NO_BLOGS_USER_SORT_DAYS'], $limit_days[$sort_days]), 'BLOG_CSS' => isset($user_settings[$user_id]['blog_css']) ? $user_settings[$user_id]['blog_css'] : '')); unset($pagination); // parse and output the blogs if ($blog_ids !== false) { // Get the Attachment Data get_attachment_data($blog_ids, false); // read blogs, for updating the read count $read_blogs = array(); foreach ($blog_ids as $id) { $blogrow = array_merge($blog_data->handle_user_data(blog_data::$blog[$id]['user_id']), $blog_data->handle_blog_data($id, $config['user_blog_user_text_limit'])); $template->assign_block_vars('blogrow', $blogrow); if (!$blogrow['S_SHORTENED']) { // for updating the read count later array_push($read_blogs, $id); } } // to update the read count, we are only doing this if the user is not the owner, and the user doesn't view the shortened version, and we are not viewing the deleted blogs page if ($user->data['user_id'] != $user_id && $mode != 'deleted' && sizeof($read_blogs)) { $sql = 'UPDATE ' . BLOGS_TABLE . ' SET blog_read_count = blog_read_count + 1 WHERE ' . $db->sql_in_set('blog_id', $read_blogs); $db->sql_query($sql); } unset($read_blogs); } blog_plugins::plugin_do('view_user_end'); $template->set_filenames(array('body' => 'blog/view_blog.html')); } else { feed_output($blog_ids, $feed); }
} // Was Cancel pressed? If so then redirect to the appropriate page if ($cancel) { blog_meta_refresh(0, $blog_urls['view_reply'], true); } // Add the language Variables for the MCP $user->add_lang('mcp'); // Setup the page header and sent the title of the page that will go into the browser header page_header($user->lang['REPORT_REPLY']); // Generate the breadcrumbs generate_blog_breadcrumbs($user->lang['REPORT_REPLY']); blog_plugins::plugin_do('reply_report'); // To close the reports if (blog_data::$reply[$reply_id]['reply_reported'] && $auth->acl_get('m_blogreplyreport')) { if (confirm_box(true)) { blog_plugins::plugin_do('reply_report_confirm'); $sql = 'UPDATE ' . BLOGS_REPLY_TABLE . ' SET reply_reported = 0 WHERE reply_id = ' . intval($reply_id); $db->sql_query($sql); handle_blog_cache('report_reply', $user_id); blog_meta_refresh(3, $blog_urls['view_reply']); $message = $user->lang['REPORT_CLOSED_SUCCESS'] . '<br /><br />'; $message .= '<a href="' . $blog_urls['view_reply'] . '">' . $user->lang['VIEW_REPLY'] . '</a><br />'; $message .= '<a href="' . $blog_urls['view_blog'] . '">' . $user->lang['VIEW_BLOG'] . '</a><br />'; if ($user_id == $user->data['user_id']) { $message .= sprintf($user->lang['RETURN_BLOG_OWN'], '<a href="' . $blog_urls['view_user'] . '">', '</a>'); } else { $message .= sprintf($user->lang['RETURN_BLOG_MAIN'], '<a href="' . $blog_urls['view_user'] . '">', blog_data::$user[$user_id]['username'], '</a>') . '<br />'; $message .= sprintf($user->lang['RETURN_BLOG_OWN'], '<a href="' . $blog_urls['view_user_self'] . '">', '</a>'); }
$template->assign_var('S_HAS_ATTACHMENTS', true); $update_count = array(); $attachment_data = $blog_attachment->attachment_data; $blog_attachment->parse_attachments_for_view($preview_message, $attachment_data, $update_count, true); if (sizeof($attachment_data)) { foreach ($attachment_data as $row) { $template->assign_block_vars('attachment', array('DISPLAY_ATTACHMENT' => $row)); } } unset($attachment_data); } blog_plugins::plugin_do_ref('blog_add_preview', $preview_message); // output some data to the template parser $template->assign_vars(array('S_DISPLAY_PREVIEW' => true, 'PREVIEW_SUBJECT' => censor_text($blog_subject), 'PREVIEW_MESSAGE' => $preview_message, 'POST_DATE' => $user->format_date(time()))); } blog_plugins::plugin_do('blog_add_after_preview'); // handles the basic data we need to output for posting handle_basic_posting_data(); // Assign some variables to the template parser $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'MESSAGE' => $blog_text, 'POLL_TITLE' => isset($poll_title) ? $poll_title : '', 'POLL_OPTIONS' => !empty($poll_options) ? implode("\n", $poll_options) : '', 'POLL_MAX_OPTIONS' => isset($poll_max_options) ? $poll_max_options : 1, 'POLL_LENGTH' => isset($poll_length) ? $poll_length : 0, 'SUBJECT' => $blog_subject, 'VOTE_CHANGE_CHECKED' => isset($poll_vote_change) && $poll_vote_change ? 'checked="checked"' : '', 'L_MESSAGE_BODY_EXPLAIN' => intval($config['max_post_chars']) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 'L_POST_A' => $user->lang['POST_A_NEW_BLOG'], 'L_POLL_OPTIONS_EXPLAIN' => sprintf($user->lang['POLL_OPTIONS_EXPLAIN'], $config['max_poll_options']), 'S_POLL_VOTE_CHANGE' => true)); $template->set_filenames(array('body' => 'blog/blog_posting_layout.html')); } else { // insert array $sql_data = array('user_id' => $user->data['user_id'], 'user_ip' => $user->data['user_ip'], 'blog_time' => time(), 'blog_subject' => $blog_subject, 'blog_text' => $message_parser->message, 'blog_checksum' => md5($message_parser->message), 'blog_approved' => $auth->acl_get('u_blognoapprove') ? 1 : 0, 'enable_bbcode' => $post_options->enable_bbcode, 'enable_smilies' => $post_options->enable_smilies, 'enable_magic_url' => $post_options->enable_magic_url, 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'blog_edit_reason' => '', 'perm_guest' => request_var('perm_guest', 1), 'perm_registered' => request_var('perm_registered', 2), 'perm_foe' => request_var('perm_foe', 0), 'perm_friend' => request_var('perm_friend', 2), 'blog_attachment' => sizeof($blog_attachment->attachment_data) ? 1 : 0, 'poll_title' => !empty($poll) ? $poll_title : '', 'poll_start' => !empty($poll) ? time() : 0, 'poll_length' => !empty($poll) && $poll_length ? time() + $poll_length * 86400 : 0, 'poll_max_options' => !empty($poll) ? max($poll_max_options, 1) : 1, 'poll_vote_change' => !empty($poll) ? $poll_vote_change : 0); blog_plugins::plugin_do_ref('blog_add_sql', $sql_data); $sql = 'INSERT INTO ' . BLOGS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data); $db->sql_query($sql); $blog_id = $db->sql_nextid(); // Index the blog $blog_search->index('add', $blog_id, 0, $message_parser->message, $blog_subject, $user->data['user_id']); // Update the attachments
blog_plugins::plugin_do_ref('subscribe', $display_vars); include "{$phpbb_root_path}blog/includes/functions_confirm.{$phpEx}"; $settings = blog_confirm('SUBSCRIBE_BLOG_TITLE', 'SUBSCRIBE_BLOG_CONFIRM', $display_vars); if (is_array($settings)) { blog_plugins::plugin_do('subscribe_confirm'); //$cache->destroy("_blog_subscription_{$user->data['user_id']}"); foreach ($settings as $mode => $yn) { if ($yn && array_key_exists($mode, $display_vars)) { $sql_data = array('sub_user_id' => $user->data['user_id'], 'sub_type' => (int) $mode, 'blog_id' => (int) $blog_id, 'user_id' => (int) $user_id); blog_plugins::plugin_do_ref('subscription_add', $sql_data); $sql = 'INSERT INTO ' . BLOGS_SUBSCRIPTION_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data); $db->sql_query($sql); } } $message = $user->lang['SUBSCRIPTION_ADDED'] . '<br /><br />'; if ($blog_id) { $message .= '<a href="' . $blog_urls['view_blog'] . '">' . $user->lang['VIEW_BLOG'] . '</a><br />'; $redirect = $blog_urls['view_blog']; } else { $redirect = $blog_urls['view_user']; } if ($user_id == $user->data['user_id']) { $message .= sprintf($user->lang['RETURN_BLOG_OWN'], '<a href="' . $blog_urls['view_user'] . '">', '</a>'); } else { $message .= sprintf($user->lang['RETURN_BLOG_MAIN'], '<a href="' . $blog_urls['view_user'] . '">', blog_data::$user[$user_id]['username'], '</a>') . '<br />'; $message .= sprintf($user->lang['RETURN_BLOG_OWN'], '<a href="' . $blog_urls['view_user_self'] . '">', '</a>'); } blog_plugins::plugin_do('subscribe_user_confirm_end'); blog_meta_refresh(3, $redirect); trigger_error($message); }
} // Was Cancel pressed? If so then redirect to the appropriate page if ($cancel) { blog_meta_refresh(0, $blog_urls['view_blog'], true); } // add the mcp language file $user->add_lang('mcp'); // Setup the page header and sent the title of the page that will go into the browser header page_header($user->lang['REPORT_BLOG']); // Generate the breadcrumbs generate_blog_breadcrumbs($user->lang['REPORT_BLOG']); blog_plugins::plugin_do('blog_report_start'); // To close the reports if (blog_data::$blog[$blog_id]['blog_reported'] && $auth->acl_get('m_blogreport')) { if (confirm_box(true)) { blog_plugins::plugin_do('blog_report_confirm'); $sql = 'UPDATE ' . BLOGS_TABLE . ' SET blog_reported = 0 WHERE blog_id = ' . intval($blog_id); $db->sql_query($sql); handle_blog_cache('report_blog', $user_id); blog_meta_refresh(3, $blog_urls['view_blog']); $message = $user->lang['REPORT_CLOSED_SUCCESS']; $message .= '<br /><br /><a href="' . $blog_urls['view_blog'] . '">' . $user->lang['VIEW_BLOG'] . '</a>'; trigger_error($message); } else { confirm_box(false, 'CLOSE_REPORT'); } } else { if (confirm_box(true)) { if (!blog_data::$blog[$blog_id]['blog_reported']) {
trigger_error('BLOG_NOT_EXIST'); } // Was Cancel pressed? If so then redirect to the appropriate page if ($cancel) { blog_meta_refresh(0, $blog_urls['view_blog'], true); } // Add the language Variables for posting $user->add_lang('posting'); // Setup the page header and sent the title of the page that will go into the browser header page_header($user->lang['APPROVE_BLOG']); // Generate the breadcrumbs generate_blog_breadcrumbs($user->lang['APPROVE_BLOG']); blog_plugins::plugin_do('blog_approve'); if (blog_data::$blog[$blog_id]['blog_approved'] == 0) { if (confirm_box(true)) { blog_plugins::plugin_do('blog_approve_confirm'); $sql = 'UPDATE ' . BLOGS_TABLE . ' SET blog_approved = 1 WHERE blog_id = ' . intval($blog_id); $db->sql_query($sql); // Update the blog_count for the user $sql = 'UPDATE ' . USERS_TABLE . ' SET blog_count = blog_count + 1 WHERE user_id = ' . intval($user_id); $db->sql_query($sql); set_config('num_blogs', ++$config['num_blogs'], true); // Update the blog_count for all the categories it is in. $category_ids = array(); $sql = 'SELECT category_id FROM ' . BLOGS_IN_CATEGORIES_TABLE . ' WHERE blog_id = ' . intval($blog_id); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $category_ids[] = $row['category_id']; }
// If some of the pages needed extra language files included, add them now. if (isset($add_lang)) { $user->add_lang($add_lang); } if ($blog_id) { $subscribed = get_subscription_info($blog_id); $subscribed_title = $subscribed ? $user->lang['UNSUBSCRIBE_BLOG'] : $user->lang['SUBSCRIBE_BLOG']; } else { if ($user_id) { $subscribed = get_subscription_info(false, $user_id); $subscribed_title = $subscribed ? $user->lang['UNSUBSCRIBE_USER'] : $user->lang['SUBSCRIBE_USER']; } } // Generate the common URL's generate_blog_urls(); // Include the file(s) we need for the page. if (!is_array($inc_file)) { include $phpbb_root_path . 'blog/' . $inc_file . '.' . $phpEx; } else { foreach ($inc_file as $file) { include $phpbb_root_path . 'blog/' . $file . '.' . $phpEx; } } // Lets add credits for the User Blog Mod. This is not the best way to do it, but it makes it so the person installing it has 1 less edit to do per style // Sounds like the mod team will not accept this, so we are commenting it out for now and having the user just do the extra edit for each style. //$user->lang['TRANSLATION_INFO'] = (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['BLOG_CREDITS'] . '<br />' . $user->lang['TRANSLATION_INFO'] : $user->lang['BLOG_CREDITS']; // Add some data to the template $template->assign_vars(array('MODE' => $mode, 'PAGE' => $page, 'BLOG_TITLE' => isset($user_settings[$user_id]) ? censor_text($user_settings[$user_id]['title']) : false, 'BLOG_DESCRIPTION' => isset($user_settings[$user_id]) ? generate_text_for_display($user_settings[$user_id]['description'], $user_settings[$user_id]['description_bbcode_uid'], $user_settings[$user_id]['description_bbcode_bitfield'], 7) : false, 'BLOG_CREDITS' => $user->lang['BLOG_CREDITS'], 'U_ADD_BLOG' => check_blog_permissions('blog', 'add', true) ? $blog_urls['add_blog'] : '', 'U_BLOG_MCP' => $auth->acl_gets('m_blogapprove', 'm_blogreport', 'm_blogreplyapprove', 'm_blogreplyreport') ? append_sid("{$phpbb_root_path}mcp.{$phpEx}", 'i=blog') : '', 'U_BLOG_SELF' => $blog_urls['self_minus_print'], 'U_REPLY_BLOG' => $blog_id && check_blog_permissions('reply', 'add', true, $blog_id) ? $blog_urls['add_reply'] : '', 'U_VIEW_RESULTS' => $blog_urls['viewpoll'], 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_POST_ACTION' => $blog_urls['self'], 'S_POLL_ACTION' => $blog_urls['vote'], 'S_PRINT_MODE' => $print, 'S_WATCH_FORUM_TITLE' => $subscribed_title, 'S_WATCH_FORUM_LINK' => $subscribed ? $blog_urls['unsubscribe'] : ($user->data['user_id'] != $user_id || $blog_id ? $blog_urls['subscribe'] : ''), 'S_WATCHING_FORUM' => $subscribed, 'L_USERNAMES_BLOGS' => $username == $user->data['username'] ? $user->lang['MY_BLOG'] : sprintf($user->lang['USERNAMES_BLOGS'], $username), 'UA_GREY_STAR_SRC' => $blog_images_path . 'star_grey.gif', 'UA_GREEN_STAR_SRC' => $blog_images_path . 'star_green.gif', 'UA_RED_STAR_SRC' => $blog_images_path . 'star_red.gif', 'UA_ORANGE_STAR_SRC' => $blog_images_path . 'star_orange.gif', 'UA_MAX_RATING' => $config['user_blog_max_rating'], 'UA_MIN_RATING' => $config['user_blog_min_rating'], 'REPLY_IMG' => $user->img('button_topic_reply', 'POST_A_NEW_REPLY'), 'POLL_LEFT_CAP_IMG' => $user->img('poll_left'), 'POLL_RIGHT_CAP_IMG' => $user->img('poll_right'), 'REPORT_IMG' => $user->img('icon_post_report', 'REPORT_POST'), 'WARN_IMG' => $user->img('icon_user_warn', 'WARN_USER'), 'DELETE_IMG' => $user->img('icon_post_delete', 'DELETE_POST'), 'PROFILE_IMG' => $user->img('icon_user_profile', 'READ_PROFILE'), 'PM_IMG' => $user->img('icon_contact_pm', 'SEND_PRIVATE_MESSAGE'), 'EMAIL_IMG' => $user->img('icon_contact_email', 'SEND_EMAIL'), 'EDIT_IMG' => $user->img('icon_post_edit', 'EDIT_POST'), 'QUOTE_IMG' => $user->img('icon_post_quote', 'REPLY_WITH_QUOTE'))); blog_plugins::plugin_do('blog_end'); // setup the page footer page_footer();
$blog_data->get_user_data(false, true); update_edit_delete(); foreach ($ids as $id) { if (isset($id['reply_id'])) { if (!$author || $uid == blog_data::$reply[$id['reply_id']]['user_id']) { $template->assign_block_vars('searchrow', $blog_data->handle_reply_data($id['reply_id']) + $blog_data->handle_user_data(blog_data::$reply[$id['reply_id']]['user_id'])); } else { // they are selecting from a specific author and this is from a different author $matches--; } } else { if (isset(blog_data::$blog[$id['blog_id']]) && (!$author || $uid == blog_data::$blog[$id['blog_id']]['user_id'])) { $template->assign_block_vars('searchrow', $blog_data->handle_blog_data($id['blog_id']) + $blog_data->handle_user_data(blog_data::$blog[$id['blog_id']]['user_id'])); } else { // they don't have permission to view this blog, or they are selecting from a specific author and this is from a different author $matches--; } } } } else { $matches = 0; } $pagination = generate_blog_pagination(blog_url(false, false, false, array('page' => 'search', 'author' => $author, 'keywords' => $keywords, 'terms' => $terms, 'sf' => $sf, 'start' => '*start*', 'limit' => $limit), array(), true), $matches, $limit, $start, false); $template->assign_vars(array('PAGINATION' => $pagination, 'PAGE_NUMBER' => on_page($matches, $limit, $start), 'TOTAL_POSTS' => $matches == 1 ? $user->lang['ONE_REPLY'] : sprintf($user->lang['CNT_REPLIES'], $matches), 'SEARCH_MATCHES' => $matches == 1 ? sprintf($user->lang['FOUND_SEARCH_MATCH'], $matches) : sprintf($user->lang['FOUND_SEARCH_MATCHES'], $matches), 'U_SEARCH_WORDS' => $search_url, 'SEARCH_WORDS' => $author . ' • ' . $keywords)); $template->set_filenames(array('body' => 'blog/search_results.html')); } else { $template->assign_vars(array('U_BLOG_SEARCH' => blog_url(false, false, false, array('page' => 'search'), array(), true))); $template->set_filenames(array('body' => 'blog/search_body.html')); } blog_plugins::plugin_do('search_end');
/** * Check blog permissions * * @param string $page The page requested - blog, reply, mcp, install, upgrade, update, dev, resync * @param string $mode The mode requested - depends on the $page requested * @param bool $return If you would like this function to return true or false (if they have permission or not). If it is false we give them a login box if they are not logged in, or give them the NO_AUTH error message * @param int $blog_id The blog_id requested (needed for some things, like blog edit, delete, etc * @param int $reply_id The reply_id requested, used for the same reason as $blog_id * * @return Returns * - true if the user is authorized to do the requested action * - false if the user is not authorized to do the requested action */ function check_blog_permissions($page, $mode, $return = false, $blog_id = 0, $reply_id = 0) { global $user, $config, $auth, $blog_plugins; blog_plugins::plugin_do('function_check_blog_permissions'); switch ($page) { case 'blog': switch ($mode) { case 'add': $is_auth = $auth->acl_get('u_blogpost') ? true : false; break; case 'edit': $is_auth = $user->data['user_id'] != ANONYMOUS && ($auth->acl_get('u_blogedit') && $user->data['user_id'] == blog_data::$blog[$blog_id]['user_id'] || $auth->acl_get('m_blogedit')) ? true : false; break; case 'delete': if (blog_data::$blog[$blog_id]['blog_deleted'] == 0 || $auth->acl_get('a_blogdelete')) { $is_auth = $user->data['user_id'] != ANONYMOUS && ($auth->acl_get('u_blogdelete') && $user->data['user_id'] == blog_data::$blog[$blog_id]['user_id'] || $auth->acl_get('m_blogdelete') || $auth->acl_get('a_blogdelete')) ? true : false; } else { $is_auth = false; } break; case 'undelete': $is_auth = $auth->acl_gets('m_blogdelete', 'a_blogdelete') || blog_data::$blog[$blog_id]['blog_deleted'] == $user->data['user_id'] ? true : false; break; case 'report': $is_auth = $auth->acl_get('u_blogreport') ? true : false; break; case 'approve': $is_auth = $auth->acl_get('m_blogapprove') ? true : false; break; case 'vote': $is_auth = $auth->acl_get('u_blog_vote') && handle_user_blog_permissions($blog_id) ? true : false; break; } break; case 'reply': switch ($mode) { case 'add': case 'quote': $is_auth = $auth->acl_get('u_blogreply') && handle_user_blog_permissions($blog_id, false, 'reply') ? true : false; break; case 'edit': $is_auth = $user->data['user_id'] != ANONYMOUS && ($auth->acl_get('u_blogreplyedit') && $user->data['user_id'] == blog_data::$reply[$reply_id]['user_id'] || isset(blog_data::$blog[$blog_id]['user_id']) && $auth->acl_get('u_blogmoderate') && $user->data['user_id'] == blog_data::$blog[$blog_id]['user_id'] || $auth->acl_get('m_blogreplyedit')) ? true : false; break; case 'delete': if (blog_data::$reply[$reply_id]['reply_deleted'] == 0 || $auth->acl_get('a_blogreplydelete')) { $is_auth = $user->data['user_id'] != ANONYMOUS && ($auth->acl_get('u_blogreplydelete') && $user->data['user_id'] == blog_data::$reply[$reply_id]['user_id'] || isset(blog_data::$blog[$blog_id]['user_id']) && $auth->acl_get('u_blogmoderate') && $user->data['user_id'] == blog_data::$blog[$blog_id]['user_id'] || $auth->acl_gets('a_blogreplydelete', 'm_blogreplydelete')) ? true : false; } else { $is_auth = false; } break; case 'undelete': $is_auth = $auth->acl_gets('m_blogreplydelete', 'a_blogreplydelete') || blog_data::$reply[$reply_id]['reply_deleted'] == $user->data['user_id'] ? true : false; break; case 'report': $is_auth = $auth->acl_get('u_blogreport') ? true : false; break; case 'approve': $is_auth = $auth->acl_get('m_blogreplyapprove') ? true : false; break; } break; case 'mcp': $is_auth = $auth->acl_gets('m_blogapprove', 'acl_m_blogreport') ? true : false; break; case 'rate': $is_auth = $user->data['is_registered'] ? true : false; break; case 'install': case 'update': case 'upgrade': case 'dev': case 'resync': $is_auth = $user->data['user_type'] == USER_FOUNDER ? true : false; $founder = true; break; } $temp = compact('is_auth', 'page', 'mode', 'blog_id', 'reply_id'); blog_plugins::plugin_do_ref('permissions_end', $temp); extract($temp); // if $is_auth hasn't been set yet they are just viewing a blog/user/etc, if it has been set also check to make sure they can view blogs if (!isset($is_auth)) { $is_auth = $auth->acl_get('u_blogview') ? true : false; } else { // if it is the install page they will not have viewing permissions, but they already need to be a founder :P $is_auth = !$auth->acl_get('u_blogview') && $page != 'install' ? false : $is_auth; } if (!$return) { if (!$is_auth) { if (!$user->data['is_registered']) { global $template; $template->set_template(); // reset the template. Required because of user styles. login_box(); } else { if (isset($founder) && $founder) { trigger_error('MUST_BE_FOUNDER'); } else { trigger_error('NO_AUTH_OPERATION'); } } } } else { return $is_auth; } }
$template->assign_var('S_HAS_ATTACHMENTS', true); $update_count = array(); $attachment_data = $blog_attachment->attachment_data; $blog_attachment->parse_attachments_for_view($preview_message, $attachment_data, $update_count, true); if (sizeof($attachment_data)) { foreach ($attachment_data as $row) { $template->assign_block_vars('attachment', array('DISPLAY_ATTACHMENT' => $row)); } } unset($attachment_data); } blog_plugins::plugin_do_ref('reply_add_preview', $preview_message); // output some data to the template parser $template->assign_vars(array('S_DISPLAY_PREVIEW' => true, 'PREVIEW_SUBJECT' => censor_text($reply_subject), 'PREVIEW_MESSAGE' => $preview_message, 'POST_DATE' => $user->format_date(time()))); } blog_plugins::plugin_do('reply_add_after_preview'); // handles the basic data we need to output for posting handle_basic_posting_data(false, 'reply'); // Assign some variables to the template parser $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'MESSAGE' => $reply_text, 'SUBJECT' => $reply_subject, 'L_MESSAGE_BODY_EXPLAIN' => intval($config['max_post_chars']) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 'L_POST_A' => $user->lang['POST_A_NEW_REPLY'])); $template->set_filenames(array('body' => 'blog/blog_posting_layout.html')); } else { // insert array, not all of these really need to be inserted, since some are what the fields are as default, but I want it this way. :P $sql_data = array('blog_id' => $blog_id, 'user_id' => $user->data['user_id'], 'user_ip' => $user->data['user_ip'], 'reply_time' => time(), 'reply_subject' => $reply_subject, 'reply_text' => $message_parser->message, 'reply_checksum' => md5($message_parser->message), 'reply_approved' => $auth->acl_get('u_blogreplynoapprove') ? 1 : 0, 'enable_bbcode' => $post_options->enable_bbcode, 'enable_smilies' => $post_options->enable_smilies, 'enable_magic_url' => $post_options->enable_magic_url, 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'reply_edit_reason' => '', 'reply_attachment' => sizeof($blog_attachment->attachment_data) ? 1 : 0); blog_plugins::plugin_do_ref('reply_add_sql', $sql_data); $sql = 'INSERT INTO ' . BLOGS_REPLY_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data); $db->sql_query($sql); $reply_id = $db->sql_nextid(); $blog_search->index('add', $blog_id, $reply_id, $message_parser->message, $reply_subject, $user->data['user_id']); // update the URLS to include the new reply_id generate_blog_urls();
$template->assign_var('S_HAS_ATTACHMENTS', true); $update_count = array(); $attachment_data = $blog_attachment->attachment_data; $blog_attachment->parse_attachments_for_view($preview_message, $attachment_data, $update_count, true); if (sizeof($attachment_data)) { foreach ($attachment_data as $row) { $template->assign_block_vars('attachment', array('DISPLAY_ATTACHMENT' => $row)); } } unset($attachment_data); } blog_plugins::plugin_do_ref('reply_edit_preview', $preview_message); // output some data to the template parser $template->assign_vars(array('S_DISPLAY_PREVIEW' => true, 'PREVIEW_SUBJECT' => censor_text($reply_subject), 'PREVIEW_MESSAGE' => $preview_message, 'POST_DATE' => $user->format_date(blog_data::$reply[$reply_id]['reply_time']))); } blog_plugins::plugin_do('reply_edit_after_preview'); // handles the basic data we need to output for posting handle_basic_posting_data(false, 'reply', 'edit'); // Assign some variables to the template parser $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'MESSAGE' => $reply_text, 'SUBJECT' => $reply_subject, 'L_MESSAGE_BODY_EXPLAIN' => intval($config['max_post_chars']) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 'L_POST_A' => $user->lang['EDIT_A_REPLY'], 'S_EDIT_REASON' => true, 'S_LOCK_POST_ALLOWED' => $auth->acl_get('m_blogreplylockedit') && $user->data['user_id'] != $reply_user_id ? true : false)); $template->set_filenames(array('body' => 'blog/blog_posting_layout.html')); } else { $sql_data = array('user_ip' => $user->data['user_id'] == $reply_user_id ? $user->data['user_ip'] : blog_data::$reply[$reply_id]['user_ip'], 'reply_subject' => $reply_subject, 'reply_text' => $message_parser->message, 'reply_checksum' => md5($message_parser->message), 'reply_approved' => blog_data::$reply[$reply_id]['reply_approved'] == 0 ? $auth->acl_get('u_blogreplynoapprove') ? 1 : 0 : 1, 'enable_bbcode' => $post_options->enable_bbcode, 'enable_smilies' => $post_options->enable_smilies, 'enable_magic_url' => $post_options->enable_magic_url, 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'reply_edit_time' => time(), 'reply_edit_reason' => utf8_normalize_nfc(request_var('edit_reason', '', true)), 'reply_edit_user' => $user->data['user_id'], 'reply_edit_count' => blog_data::$reply[$reply_id]['reply_edit_count'] + 1, 'reply_edit_locked' => $auth->acl_get('m_blogreplylockedit') && $user->data['user_id'] != $reply_user_id ? request_var('lock_post', false) : false, 'reply_attachment' => sizeof($blog_attachment->attachment_data) ? 1 : 0); $blog_search->index('edit', $blog_id, $reply_id, $message_parser->message, $reply_subject, blog_data::$reply[$reply_id]['user_id']); blog_plugins::plugin_do_ref('reply_edit_sql', $sql_data); // the update query $sql = 'UPDATE ' . BLOGS_REPLY_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_data) . ' WHERE reply_id = ' . intval($reply_id); $db->sql_query($sql); $blog_attachment->update_attachment_data(false, $reply_id, $reply_user_id);
function main($id, $mode) { global $auth, $cache, $template, $user, $db, $config, $phpEx, $phpbb_root_path; global $blog_plugins, $blog_plugins_path, $user_settings; $preview = isset($_POST['preview']) ? true : false; $submit = isset($_POST['submit']) ? true : false; $error = array(); $user->add_lang(array('mods/blog/common', 'mods/blog/ucp')); include $phpbb_root_path . 'blog/functions.' . $phpEx; blog_plugins::plugin_do('ucp_start'); get_user_settings($user->data['user_id']); switch ($mode) { case 'ucp_blog_settings': $subscription_types = get_blog_subscription_types(); if ($submit) { $sql_ary = array('instant_redirect' => request_var('instant_redirect', 0), 'blog_subscription_default' => 0, 'blog_style' => $auth->acl_get('u_blog_style') ? request_var('blog_style', '') : '', 'blog_css' => $auth->acl_get('u_blog_css') ? request_var('blog_css', '') : ''); if ($config['user_blog_subscription_enabled']) { foreach ($subscription_types as $type => $name) { if (request_var('subscription_' . $type, false)) { $sql_ary['blog_subscription_default'] += $type; } } } update_user_blog_settings($user->data['user_id'], $sql_ary); } else { if ($config['user_blog_subscription_enabled']) { $subscribed = array(); if (isset($user_settings[$user->data['user_id']])) { foreach ($subscription_types as $type => $name) { // Bitwise check if ($user_settings[$user->data['user_id']]['blog_subscription_default'] & $type) { $subscribed[$type] = true; } } } foreach ($subscription_types as $type => $name) { $template->assign_block_vars('subscriptions', array('TYPE' => 'subscription_' . $type, 'NAME' => isset($user->lang[$name]) ? $user->lang[$name] : $name, 'S_CHECKED' => isset($subscribed[$type]) ? true : false)); } } if ($auth->acl_get('u_blog_style')) { $available_styles = array(array('name' => $user->lang['NONE'], 'value' => 0, 'demo' => $phpbb_root_path . 'images/spacer.gif')); $sql = 'SELECT * FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' st WHERE style_active = 1 AND s.template_id = st.template_id'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $demo = $phpbb_root_path . 'images/spacer.gif'; if (@file_exists($phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.png')) { $demo = $phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.png'; } else { if (@file_exists($phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.gif')) { $demo = $phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.gif'; } else { if (@file_exists($phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.jpg')) { $demo = $phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.jpg'; } } } $available_styles[] = array('name' => $row['style_name'], 'value' => $row['style_id'], 'demo' => $demo); } $db->sql_freeresult($result); $dh = @opendir($phpbb_root_path . 'blog/styles/'); if ($dh) { while (($file = readdir($dh)) !== false) { if (file_exists($phpbb_root_path . 'blog/styles/' . $file . '/style.' . $phpEx)) { // Inside of the style.php file, add to the $available_styles array include $phpbb_root_path . 'blog/styles/' . $file . '/style.' . $phpEx; } } closedir($dh); } foreach ($available_styles as $row) { if (isset($user_settings[$user->data['user_id']]) && $user_settings[$user->data['user_id']]['blog_style'] == $row['value'] && isset($row['demo']) && $row['demo']) { $default_demo = $row['demo']; } $template->assign_block_vars('blog_styles', array('VALUE' => $row['value'], 'SELECTED' => isset($user_settings[$user->data['user_id']]) && $user_settings[$user->data['user_id']]['blog_style'] == $row['value'] ? true : false, 'NAME' => $row['name'], 'BLOG_CSS' => isset($row['blog_css']) && $row['blog_css'] ? true : false, 'DEMO' => isset($row['demo']) && $row['demo'] ? $row['demo'] : '')); } } $template->assign_vars(array('S_BLOG_INSTANT_REDIRECT' => isset($user_settings[$user->data['user_id']]) ? $user_settings[$user->data['user_id']]['instant_redirect'] : 0, 'S_SUBSCRIPTIONS' => $config['user_blog_subscription_enabled'] ? true : false, 'S_BLOG_STYLE' => isset($available_styles) && sizeof($available_styles) > 1 ? true : false, 'S_BLOG_CSS' => $auth->acl_get('u_blog_css') ? true : false, 'DEFAULT_DEMO' => isset($default_demo) ? $default_demo : $phpbb_root_path . 'images/spacer.gif', 'BLOG_CSS' => isset($user_settings[$user->data['user_id']]) ? $user_settings[$user->data['user_id']]['blog_css'] : '')); } break; case 'ucp_blog_permissions': if (!$config['user_blog_user_permissions']) { $error[] = $user->lang['USER_PERMISSIONS_DISABLED']; $template->assign_vars(array('PERMISSIONS_DISABLED' => true)); } else { if ($submit) { $sql_ary = array('perm_guest' => request_var('perm_guest', 1), 'perm_registered' => request_var('perm_registered', 2), 'perm_foe' => request_var('perm_foe', 0), 'perm_friend' => request_var('perm_friend', 2)); update_user_blog_settings($user->data['user_id'], $sql_ary, isset($_POST['resync']) ? true : false); } else { permission_settings_builder(); } } break; case 'ucp_blog_title_description': include $phpbb_root_path . 'includes/functions_posting.' . $phpEx; include $phpbb_root_path . 'includes/message_parser.' . $phpEx; include $phpbb_root_path . 'blog/includes/functions_posting.' . $phpEx; if (!function_exists('display_custom_bbcodes')) { include $phpbb_root_path . 'includes/functions_display.' . $phpEx; } $user->add_lang('posting'); $post_options = new post_options(); $post_options->set_status(true, true, true); $post_options->set_in_template(); if ($submit || $preview) { // see if they tried submitting a message or suject(if they hit preview or submit) put it in an array for consistency with the edit mode $blog_title = utf8_normalize_nfc(request_var('title', '', true)); $blog_description = utf8_normalize_nfc(request_var('message', '', true)); // set up the message parser to parse BBCode, Smilies, etc $message_parser = new parse_message(); $message_parser->message = $blog_description; $message_parser->parse($post_options->enable_bbcode, $post_options->enable_magic_url, $post_options->enable_smilies, $post_options->img_status, $post_options->flash_status, $post_options->bbcode_status, $post_options->url_status); } else { if (isset($user_settings[$user->data['user_id']])) { $blog_title = $user_settings[$user->data['user_id']]['title']; $blog_description = $user_settings[$user->data['user_id']]['description']; decode_message($blog_description, $user_settings[$user->data['user_id']]['description_bbcode_uid']); } else { $blog_title = $blog_description = ''; } } if (!$submit || sizeof($error)) { if ($preview && !sizeof($error)) { $preview_message = $message_parser->format_display($post_options->enable_bbcode, $post_options->enable_magic_url, $post_options->enable_smilies, false); // output some data to the template parser $template->assign_vars(array('S_DISPLAY_PREVIEW' => true, 'PREVIEW_SUBJECT' => censor_text($blog_title), 'PREVIEW_MESSAGE' => $preview_message, 'POST_DATE' => $user->format_date(time()))); } // Generate smiley listing generate_smilies('inline', false); // Build custom bbcodes array display_custom_bbcodes(); $template->assign_vars(array('S_PREVIEW_BUTTON' => true, 'TITLE' => $blog_title, 'MESSAGE' => $blog_description)); } else { if ($submit) { $sql_ary = array('user_id' => $user->data['user_id'], 'title' => $blog_title, 'description' => $message_parser->message, 'description_bbcode_bitfield' => $message_parser->bbcode_bitfield, 'description_bbcode_uid' => $message_parser->bbcode_uid); unset($message_parser); update_user_blog_settings($user->data['user_id'], $sql_ary); } } break; default: $default = true; $temp = compact('mode', 'error', 'default'); blog_plugins::plugin_do_ref('ucp_default', $temp); // make sure you set default to false if you use your own page extract($temp); if ($default) { trigger_error('NO_MODE'); } } blog_plugins::plugin_do('ucp_end'); if ($submit && !sizeof($error)) { //$cache->destroy('_blog_settings_' . $user->data['user_id']); meta_refresh(3, $this->u_action); $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } $template->assign_vars(array('L_TITLE' => $user->lang[strtoupper($mode)], 'L_TITLE_EXPLAIN' => $user->lang[strtoupper($mode) . '_EXPLAIN'], 'ERROR' => sizeof($error) ? implode($error, '<br />') : false, 'MODE' => $mode, 'S_UCP_ACTION' => $this->u_action)); $this->tpl_name = 'blog/ucp_blog'; $this->page_title = strtoupper($mode); }
function main($id, $mode) { global $auth, $db, $user, $template; global $config, $phpbb_root_path, $phpEx, $action; global $blog_data, $blog_plugins, $blog_urls; $user->add_lang(array('mods/blog/common', 'mods/blog/mcp')); // include some files include $phpbb_root_path . 'includes/functions_display.' . $phpEx; include $phpbb_root_path . 'blog/functions.' . $phpEx; // set some initial variables that we will use $blog_data = new blog_data(); blog_plugins::plugin_do('mcp_start'); $blog = strpos($mode, 'blogs') ? true : false; $start = request_var('start', 0); $limit = request_var('limit', 10); $sort_days = request_var('st', !empty($user->data['user_post_show_days']) ? $user->data['user_post_show_days'] : 0); $sort_key = request_var('sk', 't'); $sort_dir = request_var('sd', 'd'); $limit_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; $order_dir = $sort_dir == 'a' ? 'ASC' : 'DESC'; if ($blog) { $sort_by_text = array('t' => $user->lang['POST_TIME']); $sort_by_sql = array('t' => 'blog_time'); } else { $sort_by_text = array('t' => $user->lang['POST_TIME']); $sort_by_sql = array('t' => 'reply_time'); } generate_blog_urls(); $this->tpl_name = 'blog/mcp_blog'; $this->page_title = $user->lang['MCP_BLOG_' . strtoupper($mode)]; $template->assign_vars(array('L_TITLE' => $user->lang['MCP_BLOG_' . strtoupper($mode)], 'L_EXPLAIN' => $user->lang['MCP_BLOG_' . strtoupper($mode) . '_EXPLAIN'], 'S_BLOGS' => $blog, 'S_REPLIES' => !$blog)); $extra_data = array('start' => $start, 'limit' => $limit, 'order_by' => $sort_by_sql[$sort_key], 'order_dir' => $order_dir, 'sort_days' => $sort_days); switch ($mode) { // Need to add counts here... case 'reported_blogs': $ids = $blog_data->get_blog_data('reported', false, $extra_data); break; case 'reported_replies': $ids = $blog_data->get_reply_data('reported', false, $extra_data); break; case 'disapproved_blogs': $ids = $blog_data->get_blog_data('disapproved', false, $extra_data); break; case 'disapproved_replies': $ids = $blog_data->get_reply_data('disapproved', false, $extra_data); break; default: blog_plugins::plugin_do_arg('mcp_default', $mode); } if ($blog) { $cnt_sql = 'SELECT count(blog_id) AS total FROM ' . BLOGS_TABLE . ' WHERE blog_' . (strpos($mode, 'reported') !== false ? 'reported = 1' : 'approved = 0'); } else { $cnt_sql = 'SELECT count(reply_id) AS total FROM ' . BLOGS_REPLY_TABLE . ' WHERE ' . 'reply_' . (strpos($mode, 'reported') !== false ? 'reported = 1' : 'approved = 0'); } $result = $db->sql_query($cnt_sql); $row = $db->sql_fetchrow($result); if ($row) { $count = $row['total']; } $db->sql_freeresult($result); unset($row, $cnt_sql); if ($ids === false) { $ids = array(); } $blog_data->get_user_data(false, true); if ($blog) { $total_posts = $count == 1 ? $user->lang['ONE_BLOG'] : sprintf($user->lang['CNT_BLOGS'], $count); foreach ($ids as $id) { $user_id = blog_data::$blog[$id]['user_id']; $template->assign_block_vars('postrow', array('U_VIEW' => blog_url($user_id, $id), 'SUBJECT' => blog_data::$blog[$id]['blog_subject'], 'AUTHOR' => blog_data::$user[$user_id]['username_full'], 'TIME' => $user->format_date(blog_data::$blog[$id]['blog_time']))); } } else { $total_posts = $count == 1 ? $user->lang['ONE_REPLY'] : sprintf($user->lang['CNT_REPLIES'], $count); foreach ($ids as $id) { $user_id = blog_data::$reply[$id]['user_id']; $blog_id = blog_data::$reply[$id]['blog_id']; $template->assign_block_vars('postrow', array('U_VIEW' => blog_url($user_id, $blog_id, $id), 'SUBJECT' => blog_data::$reply[$id]['reply_subject'], 'AUTHOR' => blog_data::$user[$user_id]['username_full'], 'TIME' => $user->format_date(blog_data::$reply[$id]['reply_time']))); } } gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); $pagination = generate_pagination($this->u_action . "&limit={$limit}&st={$sort_days}&sk={$sort_key}&sd={$sort_dir}", $count, $limit, $start, false); $template->assign_vars(array('PAGINATION' => $pagination, 'PAGE_NUMBER' => on_page($count, $limit, $start), 'TOTAL_POSTS' => $total_posts, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days)); blog_plugins::plugin_do('mcp_end'); }
get_attachment_data($blog_id, $reply_ids); blog_plugins::plugin_do('view_blog_start'); // Output some data $template->assign_vars(array('META' => '<link rel="canonical" href="' . blog_url($user_id, $blog_id, false, $start > 0 ? array('start' => $start) : array()) . '" />', 'BLOG_CSS' => isset($user_settings[$user_id]['blog_css']) ? $user_settings[$user_id]['blog_css'] : '', 'U_PRINT_TOPIC' => !$user->data['is_bot'] ? $blog_urls['self_print'] : '', 'U_VIEW' => $blog_urls['self'], 'S_CATEGORY_MODE' => $category_id ? true : false, 'S_SINGLE' => true, 'U_QUICK_REPLY' => blog_url($user_id, $blog_id, false, array('page' => 'reply', 'mode' => 'add')), 'S_QUICK_REPLY' => $user->data['is_registered'] && $config['user_blog_quick_reply'] ? true : false)); // Quick Reply add_form_key('postform'); // Parse the blog data and output it to the template $template->assign_block_vars('blogrow', array_merge($blog_data->handle_blog_data($blog_id), $blog_data->handle_user_data($user_id))); blog_plugins::plugin_do('view_blog_after_blogrow'); // to update the read count, we are only doing this if the user is not the owner, and the user doesn't view the shortened version, and we are not viewing the deleted blogs page if ($user->data['user_id'] != $user_id) { $sql = 'UPDATE ' . BLOGS_TABLE . ' SET blog_read_count = blog_read_count + 1 WHERE blog_id = ' . intval($blog_id); $db->sql_query($sql); } if ($total_replies > 0 || $sort_days != 0) { // for sorting and pagination gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); $pagination = generate_blog_pagination($blog_urls['start_zero'], $total_replies, $limit, $start, false); $template->assign_vars(array('PAGINATION' => $pagination, 'PAGE_NUMBER' => on_page($total_replies, $limit, $start), 'TOTAL_POSTS' => $total_replies == 1 ? $user->lang['ONE_REPLY'] : sprintf($user->lang['CNT_REPLIES'], $total_replies), 'S_REPLIES' => true, 'S_SORT_REPLY' => true, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days)); unset($pagination); // For the replies if ($reply_ids !== false) { // use a foreach to easily output the data foreach ($reply_ids as $id) { // send the data to the template $template->assign_block_vars('replyrow', array_merge($blog_data->handle_reply_data($id), $blog_data->handle_user_data(blog_data::$reply[$id]['user_id']))); } } } blog_plugins::plugin_do('view_blog_end'); $template->set_filenames(array('body' => 'blog/view_blog.html'));
} else { if ($user_id != 0) { if (!$subscribed) { trigger_error('NOT_SUBSCRIBED'); } if (confirm_box(true)) { blog_plugins::plugin_do('unsubscribe_user_confirm'); $sql = 'DELETE FROM ' . BLOGS_SUBSCRIPTION_TABLE . ' WHERE sub_user_id = ' . $user->data['user_id'] . ' AND user_id = ' . intval($user_id); $db->sql_query($sql); //$cache->destroy("_blog_subscription_{$user_id}"); $template->assign_vars(array('S_WATCH_FORUM_TITLE' => $user->lang['SUBSCRIBE_USER'], 'S_WATCH_FORUM_LINK' => $blog_urls['subscribe'], 'S_WATCHING_FORUM' => false)); $message = $user->lang['SUBSCRIPTION_REMOVED'] . '<br /><br />'; if ($user_id == $user->data['user_id']) { $message .= sprintf($user->lang['RETURN_BLOG_OWN'], '<a href="' . $blog_urls['view_user'] . '">', '</a>'); } else { $message .= sprintf($user->lang['RETURN_BLOG_MAIN'], '<a href="' . $blog_urls['view_user'] . '">', blog_data::$user[$user_id]['username'], '</a>') . '<br />'; $message .= sprintf($user->lang['RETURN_BLOG_OWN'], '<a href="' . $blog_urls['view_user_self'] . '">', '</a>'); } blog_meta_refresh(3, $blog_urls['view_user']); trigger_error($message); } else { blog_plugins::plugin_do('unsubscribe_user'); confirm_box(false, 'UNSUBSCRIBE_USER'); } } else { trigger_error($user->lang['BLOG_USER_NOT_PROVIDED']); } } blog_meta_refresh(0, $blog_urls['main']);
/** * Gets Zebra (friend/foe) info * * @param int|bool $uid The user_id we will grab the zebra data for. If this is false we will use $user->data['user_id'] */ function get_zebra_info($user_ids, $reverse_lookup = false) { global $config, $db, $zebra_list, $reverse_zebra_list; if (!isset($config['user_blog_enable_zebra']) || !$config['user_blog_enable_zebra']) { return; } blog_plugins::plugin_do('function_get_zebra_info', compact('user_ids', 'reverse_lookup')); $to_query = array(); if (!is_array($user_ids)) { $user_ids = array($user_ids); } if (!$reverse_lookup) { foreach ($user_ids as $user_id) { if ((!is_array($zebra_list) || $user_id && !array_key_exists($user_id, $zebra_list)) && !in_array($user_id, $to_query)) { $to_query[] = (int) $user_id; } } if (!sizeof($to_query)) { return; } } else { foreach ($user_ids as $user_id) { if ((!is_array($reverse_zebra_list) || !array_key_exists($user_id, $reverse_zebra_list)) && !in_array($user_id, $to_query)) { $to_query[] = (int) $user_id; } } if (!sizeof($to_query)) { return; } } $sql = 'SELECT * FROM ' . ZEBRA_TABLE . ' WHERE ' . $db->sql_in_set($reverse_lookup ? 'zebra_id' : 'user_id', $to_query); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if ($reverse_lookup) { if ($row['foe']) { $reverse_zebra_list[$row['zebra_id']]['foe'][] = $row['user_id']; $zebra_list[$row['user_id']]['foe'][] = $row['zebra_id']; } else { if ($row['friend']) { $reverse_zebra_list[$row['zebra_id']]['friend'][] = $row['user_id']; $zebra_list[$row['user_id']]['friend'][] = $row['zebra_id']; } } } else { if ($row['foe']) { $zebra_list[$row['user_id']]['foe'][] = $row['zebra_id']; } else { if ($row['friend']) { $zebra_list[$row['user_id']]['friend'][] = $row['zebra_id']; } } } } $db->sql_freeresult($result); }
// Setup the page header and sent the title of the page that will go into the browser header page_header($user->lang['DELETE_BLOG']); // Generate the breadcrumbs generate_blog_breadcrumbs($user->lang['DELETE_BLOG']); if (blog_data::$blog[$blog_id]['blog_deleted'] != 0 && !$auth->acl_get('a_blogdelete')) { trigger_error('BLOG_ALREADY_DELETED'); } $display_vars = array(); if ($auth->acl_get('a_blogdelete') && blog_data::$blog[$blog_id]['blog_deleted'] == 0) { $display_vars = array('legend1' => $user->lang['HARD_DELETE'], 'hard_delete' => array('lang' => 'HARD_DELETE', 'validate' => 'bool', 'type' => 'checkbox', 'default' => false, 'explain' => true)); } blog_plugins::plugin_do_ref('blog_delete', $display_vars); include "{$phpbb_root_path}blog/includes/functions_confirm.{$phpEx}"; $settings = blog_confirm('DELETE_BLOG', 'DELETE_BLOG_CONFIRM', $display_vars, 'yes/no'); if (is_array($settings)) { blog_plugins::plugin_do('blog_delete_confirm'); // if it has already been soft deleted, and we want to hard delete it if ((isset($settings['hard_delete']) && $settings['hard_delete'] || blog_data::$blog[$blog_id]['blog_deleted'] != 0) && $auth->acl_get('a_blogdelete')) { // They selected the hard delete checkbox...so we must do a few things. if (blog_data::$blog[$blog_id]['blog_deleted'] == 0) { // Remove the search index $blog_search->index_remove($blog_id); // Update the blog_count for the user $sql = 'UPDATE ' . USERS_TABLE . ' SET blog_count = blog_count - 1 WHERE user_id = ' . intval($user_id) . ' AND blog_count > 0'; $db->sql_query($sql); set_config('num_blogs', --$config['num_blogs'], true); set_config('num_blog_replies', $config['num_blog_replies'] - blog_data::$blog[$blog_id]['blog_reply_count'], true); // Update the blog_count for all the categories it is in. put_blogs_in_cats($blog_id, array(), true, 'soft_delete'); } // Delete the Attachments
$template->assign_var('S_HAS_ATTACHMENTS', true); $update_count = array(); $attachment_data = $blog_attachment->attachment_data; $blog_attachment->parse_attachments_for_view($preview_message, $attachment_data, $update_count, true); if (sizeof($attachment_data)) { foreach ($attachment_data as $row) { $template->assign_block_vars('attachment', array('DISPLAY_ATTACHMENT' => $row)); } } unset($attachment_data); } blog_plugins::plugin_do_ref('blog_edit_preview', $preview_message); // output some data to the template parser $template->assign_vars(array('S_DISPLAY_PREVIEW' => true, 'PREVIEW_SUBJECT' => censor_text($blog_subject), 'PREVIEW_MESSAGE' => $preview_message, 'POST_DATE' => $user->format_date(blog_data::$blog[$blog_id]['blog_time']))); } blog_plugins::plugin_do('blog_edit_after_preview'); // handles the basic data we need to output for posting handle_basic_posting_data(false, 'blog', 'edit'); // Assign some variables to the template parser $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'MESSAGE' => $blog_text, 'POLL_TITLE' => $poll_title, 'POLL_OPTIONS' => $poll_option_text ? $poll_option_text : '', 'POLL_MAX_OPTIONS' => $poll_max_options, 'POLL_LENGTH' => $poll_length, 'SUBJECT' => $blog_subject, 'VOTE_CHANGE_CHECKED' => $poll_vote_change ? 'checked="checked"' : '', 'L_MESSAGE_BODY_EXPLAIN' => intval($config['max_post_chars']) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 'L_POST_A' => $user->lang['EDIT_A_BLOG'], 'L_POLL_OPTIONS_EXPLAIN' => sprintf($user->lang['POLL_OPTIONS_EXPLAIN'], $config['max_poll_options']), 'S_EDIT_REASON' => true, 'S_LOCK_POST_ALLOWED' => $auth->acl_get('m_bloglockedit') && $user->data['user_id'] != blog_data::$blog[$blog_id]['user_id'] ? true : false, 'S_POLL_DELETE' => $poll_title ? true : false, 'S_POLL_VOTE_CHANGE' => true)); $template->set_filenames(array('body' => 'blog/blog_posting_layout.html')); } else { // insert array $sql_data = array('user_ip' => $user->data['user_id'] == $user_id ? $user->data['user_ip'] : blog_data::$blog[$blog_id]['user_ip'], 'blog_subject' => $blog_subject, 'blog_text' => $message_parser->message, 'blog_checksum' => md5($message_parser->message), 'blog_approved' => blog_data::$blog[$blog_id]['blog_approved'] == 1 || $auth->acl_get('u_blognoapprove') ? 1 : 0, 'enable_bbcode' => $post_options->enable_bbcode, 'enable_smilies' => $post_options->enable_smilies, 'enable_magic_url' => $post_options->enable_magic_url, 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'blog_edit_time' => time(), 'blog_edit_reason' => utf8_normalize_nfc(request_var('edit_reason', '', true)), 'blog_edit_user' => $user->data['user_id'], 'blog_edit_count' => blog_data::$blog[$blog_id]['blog_edit_count'] + 1, 'blog_edit_locked' => $auth->acl_get('m_bloglockedit') && $user->data['user_id'] != blog_data::$blog[$blog_id]['user_id'] ? request_var('lock_post', false) : false, 'perm_guest' => request_var('perm_guest', 1), 'perm_registered' => request_var('perm_registered', 2), 'perm_foe' => request_var('perm_foe', 0), 'perm_friend' => request_var('perm_friend', 2), 'blog_attachment' => sizeof($blog_attachment->attachment_data) ? 1 : 0, 'poll_title' => !empty($poll) ? $poll_title : '', 'poll_length' => !empty($poll) && $poll_length ? time() + $poll_length * 86400 : 0, 'poll_max_options' => !empty($poll) ? max($poll_max_options, 1) : 1, 'poll_vote_change' => !empty($poll) ? $poll_vote_change : 0); if ($original_poll_text != $poll_option_text) { $sql_data['poll_start'] = empty($poll) ? 0 : time(); } blog_plugins::plugin_do_ref('blog_edit_sql', $sql_data); $sql = 'UPDATE ' . BLOGS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_data) . ' WHERE blog_id = ' . intval($blog_id);
trigger_error('REPLY_NOT_EXIST'); } // Was Cancel pressed? If so then redirect to the appropriate page if ($cancel) { blog_meta_refresh(0, $blog_urls['view_reply'], true); } // Add the language Variables for posting $user->add_lang('posting'); // Setup the page header and sent the title of the page that will go into the browser header page_header($user->lang['APPROVE_REPLY']); blog_plugins::plugin_do('reply_approve'); // Generate the breadcrumbs generate_blog_breadcrumbs($user->lang['APPROVE_REPLY']); if (blog_data::$reply[$reply_id]['reply_approved'] == 0) { if (confirm_box(true)) { blog_plugins::plugin_do('reply_approve_confirm'); $sql = 'UPDATE ' . BLOGS_REPLY_TABLE . ' SET reply_approved = 1 WHERE reply_id = ' . intval($reply_id); $db->sql_query($sql); // update the reply count for the blog $sql = 'UPDATE ' . BLOGS_TABLE . ' SET blog_reply_count = blog_reply_count + 1 WHERE blog_id = ' . intval($blog_id); $db->sql_query($sql); set_config('num_blog_replies', ++$config['num_blog_replies'], true); handle_subscription('new_reply', censor_text(blog_data::$reply[$reply_id]['reply_subject']), 0, 0, $reply_id); handle_blog_cache('approve_reply', $user_id); blog_meta_refresh(3, $blog_urls['view_reply']); $message = $user->lang['APPROVE_REPLY_SUCCESS'] . '<br /><br />'; $message .= '<a href="' . $blog_urls['view_reply'] . '">' . $user->lang['VIEW_REPLY'] . '</a><br />'; $message .= '<a href="' . $blog_urls['view_blog'] . '">' . $user->lang['VIEW_BLOG'] . '</a><br />'; if ($user_id == $user->data['user_id']) {