function do_upload_avatar()
{
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('upload' => vB_Cleaner::TYPE_FILE));
if (empty($cleaned['upload'])) {
return json_error(ERR_NO_PERMISSION);
}
$upload_result = vB_Api::instance('profile')->upload($cleaned['upload']);
if (!empty($upload_result['errors'])) {
return json_error(ERR_NO_PERMISSION);
}
return true;
}
public function message($message, $userid)
{
$cleaner = vB::getCleaner();
$message = $cleaner->clean($message, vB_Cleaner::TYPE_STR);
$userid = $cleaner->clean($userid, vB_Cleaner::TYPE_STR);
$parentid = vB_Api::instanceInternal('node')->fetchVMChannel();
$data = array('title' => '(Untitled)', 'parentid' => $parentid, 'channelid' => '', 'nodeid' => '', 'setfor' => $userid, 'rawtext' => $message);
$result = vB_Api::instanceInternal('content_text')->add($data, array('wysiwyg' => false));
if (!empty($result['errors'])) {
return array('response' => array('postpreview' => array('invalidid')));
}
return array('response' => array('errormessage' => array('visitormessagethanks')));
}
/**
* Login with fabecook logged user
*
* @param [string] $signed_request [fb info]
* @return [array] [response -> errormessage and session params]
*/
public function facebook($signed_request)
{
$cleaner = vB::getCleaner();
$signed_request = $cleaner->clean($signed_request, vB_Cleaner::TYPE_STR);
$user_api = vB_Api::instance('user');
$loginInfo = $user_api->loginExternal('facebook', array('signedrequest' => $signed_request));
if (empty($loginInfo) || isset($loginInfo['errors'])) {
//the api doesn't allow us to be that specific about our errors here.
//and the app gets very cranky if the login returns an unexpected error code
return array('response' => array('errormessage' => array('badlogin_facebook')));
}
$result = array('session' => array('dbsessionhash' => $loginInfo['login']['sessionhash'], 'userid' => $loginInfo['login']['userid']), 'response' => array('errormessage' => array('redirect_login')));
return $result;
}
public function editpost($postid)
{
$cleaner = vB::getCleaner();
$postid = $cleaner->clean($postid, vB_Cleaner::TYPE_UINT);
$post = vB_Api::instance('node')->getFullContentforNodes(array($postid));
if (empty($post)) {
return array("response" => array("errormessage" => array("invalidid")));
}
$post = $post[0];
$prefixes = vB_Library::instance('vb4_functions')->getPrefixes($postid);
$options = vB::getDatastore()->getValue('options');
$out = array('show' => array('tag_option' => 1), 'vboptions' => array('postminchars' => $options['postminchars'], 'titlemaxchars' => $options['titlemaxchars']), 'response' => array('prefix_options' => $prefixes, 'poststarttime' => 0, 'posthash' => vB_Library::instance('vb4_posthash')->getNewPosthash()));
return $out;
}
/**
* Returns list of vbUser info about the list of facebook user ids
* @param [string] $facebookidList [Comma separated list of Facebook user ids]
* @return [array] $usersArray [Array of the userInfo for the required userids]
*/
public function getVbfromfacebook($facebookidList)
{
$cleaner = vB::getCleaner();
$facebookidList = $cleaner->clean($facebookidList, vB_Cleaner::TYPE_STR);
$usersArray = array();
$listIds = explode(',', $facebookidList);
$users = vB::getDbAssertor()->getRows('user', array('fbuserid' => $listIds));
if (!empty($users) || !isset($users['errors'])) {
foreach ($users as $user) {
$usersArray[] = array('userid' => $user['userid'], 'username' => $user['username'], 'fbuserid' => $user['fbuserid']);
}
}
return $usersArray;
}
public function docopythread($threadid, $destforumid)
{
$cleaner = vB::getCleaner();
$threadid = $cleaner->clean($threadid, vB_Cleaner::TYPE_UINT);
$destforumid = $cleaner->clean($destforumid, vB_Cleaner::TYPE_UINT);
if (empty($threadid) || empty($destforumid)) {
return array('response' => array('errormessage' => 'invalidid'));
}
$result = vB_Api::instance('node')->cloneNodes(array($threadid), $destforumid);
if ($result === null || isset($result['errors'])) {
return vB_Library::instance('vb4_functions')->getErrorResponse($result);
} else {
return array('response' => array('errormessage' => array('redirect_movethread')));
}
}
function do_get_announcement()
{
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('forumid' => vB_Cleaner::TYPE_UINT));
if (!isset($cleaned['forumid']) || $cleaned['forumid'] < 1) {
return json_error(ERR_NO_PERMISSION);
}
$result = vB_Api::instance('announcement')->fetch($cleaned['forumid']);
if ($result === null || isset($result['errors'])) {
return json_error(ERR_NO_PERMISSION);
}
$posts = array();
foreach ($result as $ann) {
$posts[] = fr_parse_post($ann);
}
return array('posts' => $posts, 'total_posts' => count($posts));
}
function do_subscribe_thread()
{
$userinfo = vB_Api::instance('user')->fetchUserInfo();
if ($userinfo['userid'] < 1) {
return json_error(ERR_NO_PERMISSION);
}
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('threadid' => vB_Cleaner::TYPE_UINT));
if (empty($cleaned['threadid'])) {
return json_error(ERR_INVALID_SUB);
}
$result = vB_Api::instance('follow')->add($cleaned['threadid'], vB_Api_Follow::FOLLOWTYPE_CONTENT);
if (empty($result) || !empty($result['errors'])) {
return json_error(ERR_INVALID_SUB);
}
return true;
}
function do_post_edit()
{
$userinfo = vB_Api::instance('user')->fetchUserInfo();
if ($userinfo['userid'] < 1) {
return json_error(ERR_NO_PERMISSION);
}
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('postid' => vB_Cleaner::TYPE_UINT, 'message' => vB_Cleaner::TYPE_STR, 'poststarttime' => vB_Cleaner::TYPE_UINT, 'hvinput' => fr_get_hvtoken()));
if (empty($cleaned['postid']) || empty($cleaned['message'])) {
return json_error(ERR_NO_PERMISSION);
}
fr_do_attachment($cleaned['postid'], $cleaned['poststarttime']);
$result = vB_Api::instance('content_text')->update($cleaned['postid'], array('rawtext' => fr_process_message($cleaned['message'])));
if (empty($result) || !empty($result['errors'])) {
return json_error(ERR_INVALID_THREAD);
}
return true;
}
public function sendemail($postid, $reason)
{
$cleaner = vB::getCleaner();
$postid = $cleaner->clean($postid, vB_Cleaner::TYPE_UINT);
$reason = $cleaner->clean($reason, vB_Cleaner::TYPE_STR);
if (empty($postid)) {
return array('response' => array('errormessage' => array('invalidid')));
}
if (empty($reason)) {
return array('response' => array('errormessage' => array('invalidid')));
}
$userinfo = vB_Api::instance('user')->fetchUserinfo();
$data = array('reportnodeid' => $postid, 'rawtext' => $reason, 'created' => vB::getRequest()->getTimeNow(), 'userid' => $userinfo['userid'], 'authorname' => $userinfo['username']);
$result = vB_Api::instance('content_report')->add($data, array('wysiwyg' => false));
if ($result === null || isset($result['errors'])) {
return vB_Library::instance('vb4_functions')->getErrorResponse($result);
}
return array('response' => array('errormessage' => array('redirect_reportthanks')));
}
public function newthread($forumid)
{
$cleaner = vB::getCleaner();
$forumid = $cleaner->clean($forumid, vB_Cleaner::TYPE_UINT);
$forum = vB_Api::instance('node')->getFullContentforNodes(array($forumid));
if (empty($forum)) {
return array("response" => array("errormessage" => array("invalidid")));
}
$forum = $forum[0];
$foruminfo = vB_Library::instance('vb4_functions')->parseForumInfo($forum);
$prefixes = vB_Library::instance('vb4_functions')->getPrefixes($forumid);
$options = vB::getDatastore()->getValue('options');
$postattachment = $forum['content']['createpermissions']['vbforum_attach'];
$postattachment = empty($postattachment) ? 0 : intval($postattachment);
$usercontext = vB::getUserContext($this->currentUserId);
$maxtags = $usercontext->getChannelLimits($forumid, 'maxstartertags');
$out = array('show' => array('tag_option' => 1), 'vboptions' => array('postminchars' => $options['postminchars'], 'titlemaxchars' => $options['titlemaxchars'], 'maxtags' => $maxtags), 'response' => array('forumrules' => array('can' => array('postattachment' => $postattachment)), 'prefix_options' => $prefixes, 'foruminfo' => $foruminfo, 'poststarttime' => vB::getRequest()->getTimeNow(), 'posthash' => vB_Library::instance('vb4_posthash')->getNewPosthash()));
return $out;
}
public function newreply($threadid, $disablesmilies = false)
{
$cleaner = vB::getCleaner();
$threadid = $cleaner->clean($threadid, vB_Cleaner::TYPE_UINT);
$thread = vB_Api::instance('node')->getFullContentforNodes(array($threadid));
if (empty($thread)) {
return array("response" => array("errormessage" => array("invalidid")));
}
$thread = $thread[0];
$prefixes = vB_Library::instance('vb4_functions')->getPrefixes($threadid);
$options = vB::getDatastore()->getValue('options');
$postattachment = $thread['content']['createpermissions']['vbforum_attach'];
$postattachment = empty($postattachment) ? 0 : intval($postattachment);
/*
additional options' checked checkboxes array...
*/
$checked = array('parseurl' => 1, 'signature' => "", "subscribe" => $thread['content']['subscribed']);
// SIGNATURE
$userContext = vB::getUserContext();
$currentUserId = $userContext->fetchUserId();
$signature = vB_Api::instanceInternal('user')->fetchSignature($currentUserId);
if (!empty($signature)) {
$checked['signature'] = 1;
}
// DISABLESMILIES
// getDataForParse converts channel.options into bbcodeoptions, and this is used by the
// frontend nodetext / bbcode parsers
$textDataArray = vB_Api::instanceInternal('content_text')->getDataForParse(array($threadid));
$channelAllowsSmilies = $textDataArray[$threadid]['bbcodeoptions']['allowsmilies'];
if ($channelAllowsSmilies) {
if (!empty($disablesmilies)) {
$checked['disablesmilies'] = 1;
} else {
$checked['disablesmilies'] = "";
}
$show['smiliebox'] = 1;
} else {
$show['smiliebox'] = 0;
}
$out = array('show' => array('tag_option' => 1, 'smiliebox' => $show['smiliebox']), 'vboptions' => array('postminchars' => $options['postminchars'], 'titlemaxchars' => $options['titlemaxchars']), 'response' => array('title' => '', 'forumrules' => array('can' => array('postattachment' => $postattachment)), 'prefix_options' => $prefixes, 'poststarttime' => 0, 'posthash' => vB_Library::instance('vb4_posthash')->getNewPosthash()), 'checked' => $checked);
return $out;
}
function do_get_forum_data()
{
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('forumids' => vB_Cleaner::TYPE_STR));
if (!isset($cleaned['forumids']) || strlen($cleaned['forumids']) == 0) {
return array('forums' => array());
}
$forumids = explode(',', $cleaned['forumids']);
$forum_data = array();
foreach ($forumids as $forumid) {
$forum = fr_get_and_parse_forum($forumid);
if ($forum != null) {
$forum_data[] = $forum;
}
}
if (!empty($forum_data)) {
return array('forums' => $forum_data);
} else {
return null;
}
}
function do_delete_attachment()
{
$userinfo = vB_Api::instance('user')->fetchUserInfo();
if ($userinfo['userid'] < 1) {
return json_error(ERR_NO_PERMISSION);
}
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('attachmentid' => vB_Cleaner::TYPE_UINT));
if (empty($cleaned['attachmentid'])) {
return json_error(ERR_NO_PERMISSION);
}
$fr_attach = vB_dB_Assertor::instance()->assertQuery('ForumRunner:getAttachmentMarkerById', array('id' => $cleaned['attachmentid']));
if (empty($fr_attach)) {
return json_error(ERR_NO_PERMISSION);
}
$result = vB_Api::instance('content_attach')->deleteAttachment($fr_attach['attachmentid']);
if (empty($result) || !empty($result['errors'])) {
return json_error(ERR_NO_PERMISSION);
}
vB_dB_Assertor::instance()->assertQuery('ForumRunner:deleteAttachmentMarker', array('id' => $cleaned['attachmentid']));
return true;
}
public function __construct(&$routeInfo, &$matches, &$queryString = '')
{
$cleaner = vB::getCleaner();
if (isset($matches['params']) and !empty($matches['params'])) {
$paramString = strpos($matches['params'], '/') === 0 ? substr($matches['params'], 1) : $matches['params'];
list($this->userid) = explode('/', $paramString);
} else {
if (isset($matches['userid'])) {
$this->userid = $matches['userid'];
}
}
$this->userid = $cleaner->clean($this->userid, vB_Cleaner::TYPE_INT);
$routeInfo['arguments']['subtemplate'] = $this->subtemplate;
$userid = vB::getCurrentSession()->get('userid');
$pmquota = vB::getUserContext($userid)->getLimit('pmquota');
$vboptions = vB::getDatastore($userid)->getValue('options');
$canUsePmSystem = ($vboptions['enablepms'] and $pmquota);
if (!$canUsePmSystem) {
throw new vB_Exception_NodePermission('privatemessage');
}
}
public function importAdminCP($parsedXML, $startat = 0, $perpage = 1, $overwrite = false, $styleid = -1, $anyversion = false, $extra = array())
{
/*
* Since this function allows passing in a string rather than pulling a file from the filesystem, we should
* be more careful about who can call it
* This check is based on the admincp/template.php script @ if ($_REQUEST['do'] == 'upload'). We should keep them in line.
*/
if (!vB::getUserContext()->hasAdminPermission('canadmintemplates') or !vB::getUserContext()->hasAdminPermission('canadminstyles')) {
require_once DIR . '/includes/adminfunctions.php';
print_cp_no_permission();
}
if (empty($parsedXML['guid'])) {
// todo: some error handling here if basic xml file validation isn't okay.
}
$this->parsedXML['theme'] = $parsedXML;
// make sure we have the theme parent, as any imported themes will be its children
if (empty(self::$themeParent['guid'])) {
$this->getDefaultParentTheme();
}
/*
* drop any unexpected extra variables.
* Let's also clean them, since there might be someway a user w/ the right permissions
* hits this function directly. So here we have an issue. If coming through the adminCP page,
* things will already be cleaned, so STRINGS will already be escaped. However, I don't think
* the title should contain any special HTML characters, so I think we don't have to worry about
* double escaping here. If we do end up having to worry about double escaping, we need to remove
* the cleaning here, and just rely on the adminCP page's cleaning, then make sure NOTHING HERE
* GOES STRAIGHT TO DB without going through the assertor in adminfunctions_template.php
*/
$unclean = $extra;
$extra = array();
$cleanMap = array('title' => vB_Cleaner::TYPE_STR, 'parentid' => vB_Cleaner::TYPE_INT, 'displayorder' => vB_Cleaner::TYPE_INT, 'userselect' => vB_Cleaner::TYPE_BOOL);
foreach ($unclean as $key => $value) {
if (isset($cleanMap[$key])) {
$extra[$key] = vB::getCleaner()->clean($value, $cleanMap[$key]);
}
}
return $this->import($startat, $perpage, $overwrite, $styleid, $anyversion, $extra);
}
public function manageattach($posthash, $attachment)
{
$cleaner = vB::getCleaner();
$posthash = $cleaner->clean($posthash, vB_Cleaner::TYPE_STR);
$attach = $cleaner->clean($attachment, vB_Cleaner::TYPE_FILE);
// vB5 doesn't understand multiple file uploads.
// Manually split them.
$attachments = array();
foreach ($attach as $key => $value) {
for ($i = 0; $i < count($value); $i++) {
$attachments[$i][$key] = $value[$i];
}
}
unset($attach);
foreach ($attachments as $attachment) {
$result = vB_Api::instance('content_attach')->upload($attachment);
if (empty($result) || !empty($result['errors'])) {
return vB_Library::instance('vb4_functions')->getErrorResponse($result);
}
vB_Library::instance('vb4_posthash')->addFiledataid($posthash, $result['filedataid']);
}
return array('response' => array());
}
/**
* Constructor - initializes the nozip system,
* and calls and instance of the vB_Input_Cleaner class
*/
function vB_Registry()
{
// variable to allow bypassing of gzip compression
$this->nozip = defined('NOZIP') ? true : (@ini_get('zlib.output_compression') ? true : false);
// variable that controls HTTP header output
$this->noheader = defined('NOHEADER') ? true : false;
@ini_set('zend.ze1_compatibility_mode', 0);
// initialize the input handler
$this->cleaner =& vB::getCleaner();
$this->input = new vB_Input_Cleaner($this);
// initialize the shutdown handler
$this->shutdown = vB_Shutdown::instance();
$this->config =& vB::getConfig();
$this->csrf_skip_list = defined('CSRF_SKIP_LIST') ? explode(',', CSRF_SKIP_LIST) : array();
}
/**
* Checks the various options as to whether the current user can physically remove a post
* @param integer $nodeid
*
* @return integer 0 or 1
*/
public function canRemovePost($nodeid)
{
if ($this->disabled) {
// if disabled we do not have permission
return 0;
}
$nodeid = vB::getCleaner()->clean($nodeid, vB_Cleaner::TYPE_INT);
$userContext = vB::getUserContext();
//if the user has global canremove, we're done
if ($userContext->hasPermission('moderatorpermissions', 'canremoveposts') or $userContext->getChannelPermission('moderatorpermissions', 'canremoveposts', $nodeid)) {
return 1;
}
//If this is is a visitor message, we check some other permissions.
$node = vB_Library::instance('node')->getNodeBare($nodeid);
if ($node['starter'] > 0 and $node['setfor'] > 0) {
if ($userContext->hasPermission('moderatorpermissions2', 'canremovevisitormessages')) {
return 1;
} else {
if ($node['setfor'] == vB::getCurrentSession()->get('userid') and $userContext->hasPermission('visitormessagepermissions', 'candeleteownmessages')) {
return 1;
}
}
}
return 0;
}
/**
* Search phrases
* @param array $criteria Criteria to search phrases. It may have the following items:
* 'searchstring' => Search for Text
* 'searchwhere' => Search in: 0 - Phrase Text Only, 1 - Phrase Variable Name Only, 2 - Phrase Text and Phrase Variable Name
* 'casesensitive' => Case-Sensitive 1 - Yes, 0 - No
* 'exactmatch' => Exact Match 1 - Yes, 0 - No
* 'languageid' => Search in Language. The ID of the language
* 'phrasetype' => Phrase Type. Phrase group IDs to search in.
* 'transonly' => Search Translated Phrases Only 1 - Yes, 0 - No
* 'product' => Product ID to search in.
*
* @return array Phrases
*/
public function search($criteria)
{
//This should only be called from admincp, and the permission there is 'canadminlanguages'.
if (!vB::getUserContext()->hasAdminPermission('canadminlanguages')) {
throw new vB_Exception_Api('no_permission');
}
//if searchstring is not set, throw exception
if ($criteria['searchstring'] == '') {
throw new vB_Exception_Api('please_complete_required_fields');
}
$criteria['searchstring'] = vB::getCleaner()->clean($criteria['searchstring'], vB_Cleaner::TYPE_STR);
//if searchwhere criteria is not set, defaults to 0 - Phrase Text Only search, mimicking admincp phrase search settings
if (!isset($criteria['searchwhere'])) {
$criteria['searchwhere'] = 0;
}
$criteria['searchwhere'] = vB::getCleaner()->clean($criteria['searchwhere'], vB_Cleaner::TYPE_INT);
//if casesensitive criteria is not set, defaults to 0, mimicking admincp phrase search settings
if (!isset($criteria['casesensitive'])) {
$criteria['casesensitive'] = 0;
}
$criteria['casesensitive'] = vB::getCleaner()->clean($criteria['casesensitive'], vB_Cleaner::TYPE_INT);
//if exactmatch criteria is not set, defaults to 0, mimicking admincp phrase search settings
if (!isset($criteria['exactmatch'])) {
$criteria['exactmatch'] = 0;
}
$criteria['exactmatch'] = vB::getCleaner()->clean($criteria['exactmatch'], vB_Cleaner::TYPE_INT);
//if language criteria is not set, defaults to -10, mimicking admincp phrase search settings
if (!isset($criteria['languageid'])) {
$criteria['languageid'] = -10;
}
$criteria['languageid'] = vB::getCleaner()->clean($criteria['languageid'], vB_Cleaner::TYPE_INT);
//if transonly criteria is not set, defaults to 0, mimicking admincp phrase search settings
if (!isset($criteria['transonly'])) {
$criteria['transonly'] = 0;
}
$criteria['transonly'] = vB::getCleaner()->clean($criteria['transonly'], vB_Cleaner::TYPE_INT);
//if product criteria is not set, defaults to all products, mimicking admincp phrase search settings
if (!isset($criteria['product'])) {
$criteria['product'] = '';
}
$criteria['product'] = vB::getCleaner()->clean($criteria['product'], vB_Cleaner::TYPE_STR);
$phrases = vB::getDbAssertor()->getRows('searchPhrases', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_METHOD, 'criteria' => $criteria));
if (empty($phrases)) {
return array();
}
$phrasearray = array();
foreach ($phrases as $phrase) {
// check to see if the languageid is already set
if ($criteria['languageid'] > 0 and isset($phrasearray["{$phrase['fieldname']}"]["{$phrase['varname']}"]["{$criteria['languageid']}"])) {
continue;
}
$phrasearray["{$phrase['fieldname']}"]["{$phrase['varname']}"]["{$phrase['languageid']}"] = $phrase;
}
return $phrasearray;
}
/**
* Cleans the input in the $data array, directly updating $data.
*
* @param mixed Array of fieldname => data pairs, passed by reference.
* @param int|false Nodeid of the node being edited, false if creating new
*/
public function cleanInput(&$data, $nodeid = false)
{
$parentid = empty($data['parentid']) ? $nodeid : $data['parentid'];
$userCanUseHtml = false;
if (!empty($parentid)) {
$userCanUseHtml = vB::getUserContext()->getChannelPermission('forumpermissions2', 'canusehtml', $parentid);
}
// We're only allowing html in titles and descriptions for channels.
// htmltitle not included because if it was provided, it should still not have html in it anyway.
$htmlFields = array('title', 'description');
$htmlData = array();
$cleaner = vB::getCleaner();
if ($userCanUseHtml) {
foreach ($htmlFields as $fieldname) {
if (isset($data[$fieldname])) {
$htmlData[$fieldname] = $cleaner->clean($data[$fieldname], vB_Cleaner::TYPE_STR);
}
}
}
parent::cleanInput($data, $nodeid);
// Let vB_Api_Content cleanInput do it's thing, then just replace the html fields if they were set.
foreach ($htmlData as $fieldname => $value) {
$data[$fieldname] = $value;
}
}
/**
* Insert a new usergroup promotion or update an existing one
*
* @param array $promotion Promotion information with fields:
* * usergroupid
* * reputation
* * date
* * posts
* * strategy
* * type
* * reputationtype
* * joinusergroupid
* @param int $usergroupid
* @param int $userpromotionid Existing Usergroup promotion ID to be updated
* @return int new or existing userpromotion ID
*/
public function savePromotion($promotion, $usergroupid, $userpromotionid = 0)
{
$cleaner = vB::getCleaner();
$promotion = $cleaner->clean($promotion, vB_Cleaner::TYPE_ARRAY);
$usergroupid = $cleaner->clean($usergroupid, vB_Cleaner::TYPE_INT);
$userpromotionid = $cleaner->clean($userpromotionid, vB_Cleaner::TYPE_INT);
$this->checkHasAdminPermission('canadminpermissions');
$usergroupid = intval($usergroupid);
$userpromotionid = intval($userpromotionid);
if (!isset($promotion['joinusergroupid']) or $promotion['joinusergroupid'] == -1) {
throw new vB_Exception_Api('invalid_usergroup_specified');
}
if (!empty($promotion['reputationtype']) and $promotion['strategy'] <= 16) {
$promotion['strategy'] += 8;
}
unset($promotion['reputationtype']);
// update
if (!empty($userpromotionid)) {
if ($usergroupid == $promotion['joinusergroupid']) {
throw new vB_Exception_Api('promotion_join_same_group');
}
$data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_UPDATE, vB_dB_Query::CONDITIONS_KEY => array('userpromotionid' => $userpromotionid));
$data += $promotion;
vB::getDbAssertor()->assertQuery('userpromotion', $data);
return $userpromotionid;
} else {
$usergroupid = $promotion['usergroupid'];
if ($usergroupid == $promotion['joinusergroupid']) {
throw new vB_Exception_Api('promotion_join_same_group');
}
/*insert query*/
$data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT);
$data += $promotion;
$promotion_id = vB::getDbAssertor()->assertQuery('userpromotion', $data);
return $promotion_id;
}
}
function do_start_conversation()
{
$userinfo = vB_Api::instance('user')->fetchUserInfo();
if (!$userinfo['userid']) {
return json_error(ERR_INVALID_LOGGEDIN, RV_NOT_LOGGED_IN);
}
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('recipients' => vB_Cleaner::TYPE_STR, 'title' => vB_Cleaner::TYPE_STR, 'message' => vB_Cleaner::TYPE_STR));
$cleaned['recipients'] = str_replace(';', ',', $cleaned['recipients']);
if (preg_match('/^,/', $cleaned['recipients'])) {
$cleaned['recipients'] = substr($cleaned['recipients'], 1);
}
if (preg_match('/,$/', $cleaned['recipients'])) {
$cleaned['recipients'] = substr($cleaned['recipients'], 0, -1);
}
$data = array('msgRecipients' => $cleaned['recipients'], 'title' => $cleaned['title'], 'rawtext' => $cleaned['message']);
$pm = vB_Api::instance('content_privatemessage')->add($data);
if (isset($pm['errors'])) {
return json_error(ERR_INVALID_PM);
}
return true;
}
/**
* Constructor - Checks for necessity of registry object
*
* @param vB_Registry Instance of the vBulletin data registry object - expected to have the database object as one of its $this->db member.
* @param integer One of the ERRTYPE_x constants
*/
public function __construct(&$registry = NULL, $errtype = NULL)
{
parent::__construct($registry, $errtype);
$this->cleaner = vB::getCleaner();
// Legacy Hook 'stylevardata_start' Removed //
}
/**
* Process the exclude filter
*
* @param array $nodeids the ids of the nodes (and it's children) to exclude
*/
protected function process_exclude_filters($nodeids)
{
if (empty($nodeids)) {
return;
}
if (is_numeric($nodeids)) {
$nodeids = array($nodeids);
}
$nodeids = vB::getCleaner()->clean($nodeids, vB_Cleaner::TYPE_ARRAY_UINT);
if (empty($this->join['closure'])) {
$this->join['closure'] = "JOIN " . TABLE_PREFIX . "closure AS closure ON node.nodeid = closure.child";
}
$this->join['exclude_closure'] = "LEFT JOIN " . TABLE_PREFIX . "closure AS exclude_closure\n\t\t\tON (exclude_closure.child = closure.child AND\n\t\t\t\texclude_closure.parent IN (" . implode(',', $nodeids) . " ))\n";
$this->where[] = "exclude_closure.child IS NULL ";
}
public function dodeletespam($threadids, $deletetype)
{
$cleaner = vB::getCleaner();
$threadids = $cleaner->clean($threadids, vB_Cleaner::TYPE_STR);
$deletetype = $cleaner->clean($deletetype, vB_Cleaner::TYPE_UINT);
$threadids = explode(',', $threadids);
$threadids = array_map("trim", $threadids);
if (empty($threadids)) {
return array('response' => array('errormessage' => 'you_did_not_select_any_valid_threads'));
}
$deletereason = null;
$hard = false;
if ($deletetype == 2) {
$hard = true;
}
$result = vB_Api::instance('node')->deleteNodes($threadids, $hard, $deletereason);
if ($result === null || isset($result['errors'])) {
return vB_Library::instance('vb4_functions')->getErrorResponse($result);
}
return array('response' => array('errormessage' => 'redirect_inline_deleted'));
}
function do_ban_user()
{
$userinfo = vB_Api::instance('user')->fetchUserInfo();
if ($userinfo['userid'] < 1) {
return json_error(ERR_NO_PERMISSION);
}
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('userid' => vB_Cleaner::TYPE_UINT, 'usergroupid' => vB_Cleaner::TYPE_UINT, 'period' => vB_Cleaner::TYPE_STR, 'reason' => vB_Cleaner::TYPE_STR));
if (!isset($cleaned['userid']) || !isset($cleaned['period'])) {
return json_error(ERR_NO_PERMISSION);
}
!isset($cleaned['usergroupid']) || $cleaned['usergroupid'] < 1 ? $banusergroupid = 8 : ($banusergroupid = $cleaned['usergroupid']);
$user = vB_Api::instance('user')->banUsers(array($cleaned['userid']), $banusergroupid, $cleaned['period'], $cleaned['reason']);
if ($user === null || isset($user['errors'])) {
return false;
}
return true;
}
function do_register()
{
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('username' => vB_Cleaner::TYPE_STR, 'email' => vB_Cleaner::TYPE_STR, 'password' => vB_Cleaner::TYPE_STR, 'birthday' => vB_Cleaner::TYPE_STR, 'timezone_name' => vB_Cleaner::TYPE_STR));
if (empty($cleaned['username'])) {
return fr_register_info();
}
if (empty($cleaned['email']) || empty($cleaned['password'])) {
return json_error(ERR_NO_PERMISSION);
}
$data = array('username' => $cleaned['username'], 'email' => $cleaned['email']);
if (!empty($cleaned['birthday'])) {
$data['birthday'] = $cleaned['birthday'];
}
$result = vB_Api::instance('user')->save(0, $cleaned['password'], $data, array(), array(), array());
if (empty($result) || !empty($result['errors'])) {
if (is_array($result['errors'])) {
$errorstr = '';
foreach ($result['errors'] as $error) {
$phraseAux = vB_Api::instanceInternal('phrase')->fetch(array($error[0]));
if (isset($phraseAux[$error[0]])) {
$message = $phraseAux[$error[0]];
} else {
$message = $error[0];
}
if (sizeof($error) > 1) {
$error[0] = $message;
$message = call_user_func_array('construct_phrase', $error);
}
$errorstr .= strip_tags($message) . " ";
}
return json_error($errorstr);
}
return json_error(ERR_NO_PERMISSION);
}
return true;
}
/**
* Creates a valid string of comma-separated integers
*
* @param mixed Either specify a string of integers separated by parameter 2, or an array of integers
* @param string The 'glue' for the string. Usually a comma or a space.
* @param boolean Whether or not to exclude zero from the list
*
* @return boolean
*/
function verify_list(&$list, $glue = ',', $dropzero = false)
{
if ($list !== '') {
// turn strings into arrays
if (!is_array($list)) {
if (preg_match_all('#(-?\\d+)#s', $list, $matches)) {
$list = $matches[1];
} else {
$list = '';
return true;
}
}
// clean array values and remove duplicates, then sort into order
$cleaner = vB::getCleaner();
$list = array_unique($cleaner->clean($list, vB_Cleaner::TYPE_ARRAY_INT));
sort($list);
// remove zero values
if ($dropzero) {
$key = array_search(0, $list);
if ($key !== false) {
unset($list["{$key}"]);
}
}
// implode back into a string
$list = implode($glue, $list);
}
return true;
}
function do_search_searchid()
{
$userinfo = vB_Api::instance('user')->fetchUserInfo();
if ($userinfo['userid'] < 1) {
return json_error(ERR_NO_PERMISSION);
}
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('searchid' => vB_Cleaner::TYPE_UINT, 'page' => vB_Cleaner::TYPE_UINT, 'perpage' => vB_Cleaner::TYPE_UINT, 'previewtype' => vB_Cleaner::TYPE_UINT));
$cleaned['page'] = empty($cleaned['page']) ? 1 : $cleaned['page'];
$cleaned['perpage'] = empty($cleaned['perpage']) ? 10 : $cleaned['perpage'];
$cleaned['previewtype'] = empty($cleaned['previewtype']) ? 1 : $cleaned['previewtype'];
if (empty($cleaned['searchid'])) {
return json_error(ERR_NO_PERMISSION);
}
return fr_search_results($cleaned['searchid'], $cleaned['page'], $cleaned['perpage'], $cleaned['previewtype']);
}
