Exemplo n.º 1
0
function xthreads_upload_attachments_global()
{
    //if($mybb->request_method == 'post' && ($current_page == 'newthread.php' || ($current_page == 'editpost.php' && $mybb->input['action'] != 'deletepost'))
    // the above line is always checked and true
    global $mybb, $current_page, $thread;
    if ($current_page == 'editpost.php') {
        // check if first post
        $pid = (int) $mybb->input['pid'];
        if (!$thread) {
            $post = get_post($pid);
            if (!empty($post)) {
                $thread = get_thread($post['tid']);
            }
            if (empty($thread)) {
                return;
            }
            $pid = $post['pid'];
        }
        if ($thread['firstpost'] != $pid) {
            return;
        }
    } elseif ($mybb->input['tid']) {
        /* ($mybb->input['action'] == 'editdraft' || $mybb->input['action'] == 'savedraft') && */
        $thread = get_thread((int) $mybb->input['tid']);
        if ($thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) {
            // ensure that this is, indeed, a draft
            unset($GLOBALS['thread']);
        }
    }
    // permissions check - ideally, should get MyBB to do this, but I see no easy way to implement it unfortunately
    if ($mybb->user['suspendposting'] == 1) {
        return;
    }
    if ($thread['fid']) {
        $fid = $thread['fid'];
    } else {
        $fid = (int) $mybb->input['fid'];
    }
    $forum = get_forum($fid);
    if (!$forum['fid'] || $forum['open'] == 0 || $forum['type'] != 'f') {
        return;
    }
    $forumpermissions = forum_permissions($fid);
    if ($forumpermissions['canview'] == 0) {
        return;
    }
    if ($current_page == 'newthread.php' && $forumpermissions['canpostthreads'] == 0) {
        return;
    } elseif ($current_page == 'editpost.php') {
        if (!is_moderator($fid, 'caneditposts')) {
            if ($thread['closed'] == 1 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $thread['uid']) {
                return;
            }
            if ($mybb->settings['edittimelimit'] != 0 && $thread['dateline'] < TIME_NOW - $mybb->settings['edittimelimit'] * 60) {
                return;
            }
        }
    }
    if (!verify_post_check($mybb->input['my_post_key'], true)) {
        return;
    }
    check_forum_password($forum['fid']);
    xthreads_upload_attachments();
}
Exemplo n.º 2
0
function get_announcement_func($xmlrpc_params)
{
    global $db, $lang, $mybb, $position, $plugins, $pids, $groupscache;
    $input = Tapatalk_Input::filterXmlInput(array('topic_id' => Tapatalk_Input::STRING, 'start_num' => Tapatalk_Input::INT, 'last_num' => Tapatalk_Input::INT, 'return_html' => Tapatalk_Input::INT), $xmlrpc_params);
    $parser = new Tapatalk_Parser();
    // Load global language phrases
    $lang->load("announcements");
    $aid = intval($_GET['aid']);
    // Get announcement fid
    $query = $db->simple_select("announcements", "fid", "aid='{$aid}'");
    $announcement = $db->fetch_array($query);
    $plugins->run_hooks("announcements_start");
    if (!$announcement) {
        error($lang->error_invalidannouncement);
    }
    // Get forum info
    $fid = $announcement['fid'];
    if ($fid > 0) {
        $forum = get_forum($fid);
        if (!$forum) {
            error($lang->error_invalidforum);
        }
        // Make navigation
        build_forum_breadcrumb($forum['fid']);
        // Permissions
        $forumpermissions = forum_permissions($forum['fid']);
        if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) {
            error_no_permission();
        }
        // Check if this forum is password protected and we have a valid password
        check_forum_password($forum['fid']);
    }
    add_breadcrumb($lang->nav_announcements);
    $archive_url = build_archive_link("announcement", $aid);
    // Get announcement info
    $time = TIME_NOW;
    $query = $db->query("\n\t\tSELECT u.*, u.username AS userusername, a.*, f.*\n\t\tFROM " . TABLE_PREFIX . "announcements a\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=a.uid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfields f ON (f.ufid=u.uid)\n\t\tWHERE a.startdate<='{$time}' AND (a.enddate>='{$time}' OR a.enddate='0') AND a.aid='{$aid}'\n\t");
    $announcementarray = $db->fetch_array($query);
    if (!$announcementarray) {
        error($lang->error_invalidannouncement);
    }
    // Gather usergroup data from the cache
    // Field => Array Key
    $data_key = array('title' => 'grouptitle', 'usertitle' => 'groupusertitle', 'stars' => 'groupstars', 'starimage' => 'groupstarimage', 'image' => 'groupimage', 'namestyle' => 'namestyle', 'usereputationsystem' => 'usereputationsystem');
    foreach ($data_key as $field => $key) {
        $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
    }
    $announcementarray['dateline'] = $announcementarray['startdate'];
    $announcementarray['userusername'] = $announcementarray['username'];
    $announcement = build_postbit($announcementarray, 3);
    $announcementarray['subject'] = $parser->parse_badwords($announcementarray['subject']);
    $lang->forum_announcement = $lang->sprintf($lang->forum_announcement, htmlspecialchars_uni($announcementarray['subject']));
    if ($announcementarray['startdate'] > $mybb->user['lastvisit']) {
        $setcookie = true;
        if (isset($mybb->cookies['mybb']['announcements']) && is_scalar($mybb->cookies['mybb']['announcements'])) {
            $cookie = my_unserialize(stripslashes($mybb->cookies['mybb']['announcements']));
            if (isset($cookie[$announcementarray['aid']])) {
                $setcookie = false;
            }
        }
        if ($setcookie) {
            my_set_array_cookie('announcements', $announcementarray['aid'], $announcementarray['startdate'], -1);
        }
    }
    $user_info = get_user($announcementarray['aid']);
    $icon_url = absolute_url($user_info['avatar']);
    // prepare xmlrpc return
    $xmlrpc_post = new xmlrpcval(array('topic_id' => new xmlrpcval('ann_' . $announcementarray['aid']), 'post_title' => new xmlrpcval(basic_clean($announcementarray['subject']), 'base64'), 'post_content' => new xmlrpcval(process_post($announcementarray['message'], $input['return_html']), 'base64'), 'post_author_id' => new xmlrpcval($announcementarray['uid']), 'post_author_name' => new xmlrpcval(basic_clean($announcementarray['username']), 'base64'), 'user_type' => new xmlrpcval(check_return_user_type($announcementarray['username']), 'base64'), 'icon_url' => new xmlrpcval(absolute_url($icon_url)), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($announcementarray['dateline']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($announcementarray['dateline'], 'string')), 'struct');
    $result = array('total_post_num' => new xmlrpcval(1, 'int'), 'can_reply' => new xmlrpcval(false, 'boolean'), 'can_subscribe' => new xmlrpcval(false, 'boolean'), 'posts' => new xmlrpcval(array($xmlrpc_post), 'array'));
    return new xmlrpcresp(new xmlrpcval($result, 'struct'));
}
Exemplo n.º 3
0
 // Fetch the post from the database.
 $post = get_post($mybb->get_input('pid', MyBB::INPUT_INT));
 // No result, die.
 if (!$post) {
     xmlhttp_error($lang->post_doesnt_exist);
 }
 // Fetch the thread associated with this post.
 $thread = get_thread($post['tid']);
 // Fetch the specific forum this thread/post is in.
 $forum = get_forum($thread['fid']);
 // Missing thread, invalid forum? Error.
 if (!$thread || !$forum || $forum['type'] != "f") {
     xmlhttp_error($lang->thread_doesnt_exist);
 }
 // Check if this forum is password protected and we have a valid password
 if (check_forum_password($forum['fid'], 0, true)) {
     xmlhttp_error($lang->wrong_forum_password);
 }
 // Fetch forum permissions.
 $forumpermissions = forum_permissions($forum['fid']);
 $plugins->run_hooks("xmlhttp_edit_post_start");
 // If this user is not a moderator with "caneditposts" permissions.
 if (!is_moderator($forum['fid'], "caneditposts")) {
     // Thread is closed - no editing allowed.
     if ($thread['closed'] == 1) {
         xmlhttp_error($lang->thread_closed_edit_message);
     } else {
         if ($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1) {
             xmlhttp_error($lang->no_permission_edit_post);
         } else {
             if ($mybb->usergroup['edittimelimit'] != 0 && $post['dateline'] < TIME_NOW - $mybb->usergroup['edittimelimit'] * 60) {
Exemplo n.º 4
0
function m_delete_post_func($xmlrpc_params)
{
    global $input, $post, $thread, $forum, $pid, $tid, $fid, $modlogdata, $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $moderation, $parser;
    $input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::INT, 'mode' => Tapatalk_Input::INT, 'reason_text' => Tapatalk_Input::STRING), $xmlrpc_params);
    // Load global language phrases
    $lang->load("editpost");
    $plugins->run_hooks("editpost_start");
    // No permission for guests
    if (!$mybb->user['uid']) {
        error_no_permission();
    }
    // Get post info
    $pid = intval($input['post_id']);
    $query = $db->simple_select("posts", "*", "pid='{$pid}'");
    $post = $db->fetch_array($query);
    if (!$post['pid']) {
        error($lang->error_invalidpost);
    }
    // Get thread info
    $tid = $post['tid'];
    $thread = get_thread($tid);
    if (!$thread['tid']) {
        error($lang->error_invalidthread);
    }
    // Get forum info
    $fid = $post['fid'];
    $forum = get_forum($fid);
    if (!$forum || $forum['type'] != "f") {
        error($lang->error_closedinvalidforum);
    }
    if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) {
        error_no_permission();
    }
    $forumpermissions = forum_permissions($fid);
    if (!is_moderator($fid, "candeleteposts")) {
        if ($thread['closed'] == 1) {
            error($lang->redirect_threadclosed);
        }
        if ($forumpermissions['candeleteposts'] == 0) {
            error_no_permission();
        }
        if ($mybb->user['uid'] != $post['uid']) {
            error_no_permission();
        }
    }
    // Check if this forum is password protected and we have a valid password
    check_forum_password($forum['fid']);
    $plugins->run_hooks("editpost_deletepost");
    $modlogdata['fid'] = $fid;
    $modlogdata['tid'] = $tid;
    $query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc"));
    $firstcheck = $db->fetch_array($query);
    if ($firstcheck['pid'] == $pid) {
        if ($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads")) {
            delete_thread($tid);
            mark_reports($tid, "thread");
            log_moderator_action($modlogdata, $lang->thread_deleted);
        } else {
            error_no_permission();
        }
    } else {
        if ($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts")) {
            // Select the first post before this
            delete_post($pid, $tid);
            mark_reports($pid, "post");
            log_moderator_action($modlogdata, $lang->post_deleted);
        } else {
            error_no_permission();
        }
    }
    $response = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'is_login_mod' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval("", 'base64')), 'struct');
    return new xmlrpcresp($response);
}
function subscribe_forum_func($xmlrpc_params)
{
    global $db, $user, $config, $auth;
    $user->setup('viewforum');
    $params = php_xmlrpc_decode($xmlrpc_params);
    $forum_id = intval($params[0]);
    if (!$forum_id) {
        trigger_error('NO_FORUM');
    }
    $user_id = $user->data['user_id'];
    $sql_from = FORUMS_TABLE . ' f';
    $lastread_select = '';
    // Grab appropriate forum data
    if ($config['load_db_lastread'] && $user->data['is_registered']) {
        $sql_from .= ' LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.user_id = ' . $user->data['user_id'] . '
            AND ft.forum_id = f.forum_id)';
        $lastread_select .= ', ft.mark_time';
    }
    if ($user->data['is_registered']) {
        $sql_from .= ' LEFT JOIN ' . FORUMS_WATCH_TABLE . ' fw ON (fw.forum_id = f.forum_id AND fw.user_id = ' . $user->data['user_id'] . ')';
        $lastread_select .= ', fw.notify_status';
    }
    $sql = "SELECT f.* {$lastread_select}\n        FROM {$sql_from}\n        WHERE f.forum_id = {$forum_id}";
    $result = $db->sql_query($sql);
    $forum_data = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if (!$forum_data) {
        trigger_error('NO_FORUM');
    }
    // Permissions check
    if (!$auth->acl_gets('f_list', 'f_read', $forum_id) || $forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link'] && !$auth->acl_get('f_read', $forum_id)) {
        if ($user->data['user_id'] != ANONYMOUS) {
            trigger_error('SORRY_AUTH_READ');
        }
        trigger_error('LOGIN_VIEWFORUM');
    }
    // Forum is passworded ... check whether access has been granted to this
    // user this session, if not show login box
    if ($forum_data['forum_password'] && !check_forum_password($forum_id)) {
        trigger_error('LOGIN_FORUM');
    }
    // Is this forum a link? ... User got here either because the
    // number of clicks is being tracked or they guessed the id
    if ($forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link']) {
        trigger_error('NO_FORUM');
    }
    // Not postable forum or showing active topics?
    if (!($forum_data['forum_type'] == FORUM_POST || $forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS && $forum_data['forum_type'] == FORUM_CAT)) {
        trigger_error('NO_FORUM');
    }
    // Ok, if someone has only list-access, we only display the forum list.
    // We also make this circumstance available to the template in case we want to display a notice. ;)
    if (!$auth->acl_get('f_read', $forum_id)) {
        trigger_error('SORRY_AUTH_READ');
    }
    if (($config['email_enable'] || $config['jab_enable']) && $config['allow_forum_notify'] && $forum_data['forum_type'] == FORUM_POST && $auth->acl_get('f_subscribe', $forum_id)) {
        $notify_status = isset($forum_data['notify_status']) ? $forum_data['notify_status'] : 'unset';
        $table_sql = FORUMS_WATCH_TABLE;
        $where_sql = 'forum_id';
        $match_id = $forum_id;
        // Is user watching this thread?
        if ($user_id != ANONYMOUS) {
            if ($notify_status == 'unset') {
                $sql = "SELECT notify_status\n                    FROM {$table_sql}\n                    WHERE {$where_sql} = {$match_id}\n                        AND user_id = {$user_id}";
                $result = $db->sql_query($sql);
                $notify_status = ($row = $db->sql_fetchrow($result)) ? $row['notify_status'] : NULL;
                $db->sql_freeresult($result);
            }
            if (!is_null($notify_status) && $notify_status !== '') {
                if ($notify_status) {
                    $sql = 'UPDATE ' . $table_sql . "\n                        SET notify_status = 0\n                        WHERE {$where_sql} = {$match_id}\n                            AND user_id = {$user_id}";
                    $db->sql_query($sql);
                }
            } else {
                $sql = 'INSERT INTO ' . $table_sql . " (user_id, {$where_sql}, notify_status)\n                    VALUES ({$user_id}, {$match_id}, 0)";
                $db->sql_query($sql);
            }
            $s_result = true;
        } else {
            trigger_error('LOGIN_VIEWFORUM');
        }
    } else {
        $s_result = false;
    }
    $response = new xmlrpcval(array('result' => new xmlrpcval($s_result, 'boolean'), 'result_text' => new xmlrpcval($s_result ? '' : 'Subscribe failed', 'base64')), 'struct');
    return new xmlrpcresp($response);
}
Exemplo n.º 6
0
function get_topic_func($xmlrpc_params)
{
    global $db, $auth, $user, $config;
    $user->setup('viewforum');
    $params = php_xmlrpc_decode($xmlrpc_params);
    list($start, $limit) = process_page($params[1], $params[2]);
    // get forum id from parameters
    $forum_id = intval($params[0]);
    if (!$forum_id) {
        trigger_error('NO_FORUM');
    }
    // check if need sticky/announce topic only
    $topic_type = '';
    if (isset($params[3])) {
        // check if need sticky topic only
        if ($params[3] == 'TOP') {
            $topic_type = POST_STICKY;
            $start = 0;
            $limit = 20;
        } else {
            if ($params[3] == 'ANN') {
                $topic_type = POST_ANNOUNCE . ', ' . POST_GLOBAL;
                $start = 0;
                $limit = 20;
            }
        }
    }
    //    $default_sort_days  = (!empty($user->data['user_topic_show_days'])) ? $user->data['user_topic_show_days'] : 0;
    //    $default_sort_key   = (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't';
    //    $default_sort_dir   = (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd';
    //
    //    $sort_days  = request_var('st', $default_sort_days); // default to get all topic
    //    $sort_key   = request_var('sk', $default_sort_key);  // default sort by last post time
    //    $sort_dir   = request_var('sd', $default_sort_dir);  // default sort as DESC
    $sort_days = 0;
    $sort_key = 't';
    $sort_dir = 'd';
    //------- Grab appropriate forum data --------
    $sql = "SELECT f.* FROM " . FORUMS_TABLE . " f WHERE f.forum_id = {$forum_id}";
    $result = $db->sql_query($sql);
    $forum_data = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    // Forum does not exist
    if (!$forum_data) {
        trigger_error('NO_FORUM');
    }
    // Can not get topics from link forum
    if ($forum_data['forum_type'] == FORUM_LINK) {
        trigger_error('NO_FORUM');
    }
    // Permissions check
    if (!$auth->acl_gets('f_list', 'f_read', $forum_id) || $forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link'] && !$auth->acl_get('f_read', $forum_id)) {
        if ($user->data['user_id'] != ANONYMOUS) {
            trigger_error('SORRY_AUTH_READ');
        }
        trigger_error('LOGIN_VIEWFORUM');
    }
    // Forum is passworded
    if ($forum_data['forum_password'] && !check_forum_password($forum_id)) {
        trigger_error('LOGIN_FORUM');
    }
    if (!$auth->acl_get('f_read', $forum_id)) {
        trigger_error('NO_READ_ACCESS');
    }
    // Topic ordering options
    $sort_by_sql = array('a' => 't.topic_first_poster_name', 't' => 't.topic_last_post_time', 'r' => 't.topic_replies', 's' => 't.topic_title', 'v' => 't.topic_views');
    // Limit topics to certain time frame, obtain correct topic count
    // global announcements must not be counted, normal announcements have to
    // be counted, as forum_topics(_real) includes them
    $sql_approved = $auth->acl_get('m_approve', $forum_id) ? '' : ' AND t.topic_approved = 1 ';
    // Get all shadow topics in this forum
    $sql = 'SELECT t.topic_moved_id, t.topic_id
            FROM ' . TOPICS_TABLE . ' t
            WHERE t.forum_id = ' . $forum_id . '
            AND t.topic_type IN (' . POST_NORMAL . ', ' . POST_STICKY . ', ' . POST_ANNOUNCE . ', ' . POST_GLOBAL . ')
            AND t.topic_status = ' . ITEM_MOVED . ' ' . $sql_approved;
    $result = $db->sql_query($sql);
    $shadow_topic_list = array();
    while ($row = $db->sql_fetchrow($result)) {
        $shadow_topic_list[$row['topic_moved_id']] = $row['topic_id'];
    }
    $db->sql_freeresult($result);
    // Pick out those shadow topics that the user has no permission to access
    if (!empty($shadow_topic_list)) {
        $sql = 'SELECT t.topic_id, t.forum_id
                FROM ' . TOPICS_TABLE . ' t
                WHERE ' . $db->sql_in_set('t.topic_id', array_keys($shadow_topic_list));
        $result = $db->sql_query($sql);
        while ($row = $db->sql_fetchrow($result)) {
            if ($auth->acl_get('f_read', $row['forum_id'])) {
                unset($shadow_topic_list[$row['topic_id']]);
            }
        }
        $db->sql_freeresult($result);
    }
    // Grab all topic data
    $topic_list = array();
    $sql_limit = $limit;
    // num of topics needs to be return, default is 20, at most 50
    $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'DESC' : 'ASC');
    $sql_shadow_out = empty($shadow_topic_list) ? '' : 'AND ' . $db->sql_in_set('t.topic_moved_id', $shadow_topic_list, true);
    // If the user is trying to reach late pages, start searching from the end
    $store_reverse = false;
    $unread_sticky_num = $unread_announce_count = 0;
    //get subscribe users
    $user_watch_row = array();
    $sql = 'SELECT * FROM ' . TOPICS_WATCH_TABLE . ' WHERE user_id = ' . $user->data['user_id'];
    $result = $db->sql_query($sql);
    while ($row = $db->sql_fetchrow($result)) {
        $user_watch_row[$row['topic_id']] = $row['notify_status'];
    }
    $db->sql_freeresult($result);
    if (!empty($topic_type)) {
        $sql = 'SELECT t.*, u.user_avatar, u.user_avatar_type,bm.topic_id as bookmarked
                FROM ' . TOPICS_TABLE . ' t
                    LEFT JOIN ' . USERS_TABLE . ' u ON (t.topic_poster = u.user_id)
                    LEFT JOIN ' . BOOKMARKS_TABLE . ' bm ON (bm.user_id = ' . $user->data['user_id'] . ' AND t.topic_id = bm.topic_id) 
                WHERE t.forum_id IN (' . $forum_id . ', 0)
                AND t.topic_type IN (' . $topic_type . ') ' . $sql_shadow_out . ' ' . $sql_approved . '
                ORDER BY ' . $sql_sort_order;
        $result = $db->sql_query_limit($sql, $sql_limit, $start);
    } else {
        if ($user->data['user_id'] != ANONYMOUS) {
            // get total number of unread sticky topics number
            $sql = 'SELECT t.topic_id, t.topic_last_post_time
                    FROM ' . TOPICS_TABLE . ' t
                    WHERE t.forum_id = ' . $forum_id . '
                    AND t.topic_type = ' . POST_STICKY . ' ' . $sql_shadow_out . ' ' . $sql_approved;
            $result = $db->sql_query($sql);
            while ($row = $db->sql_fetchrow($result)) {
                if (empty($forum_id) || empty($row['topic_id'])) {
                    continue;
                }
                $topic_tracking = get_complete_topic_tracking($forum_id, $row['topic_id']);
                if (isset($topic_tracking[$row['topic_id']]) && $topic_tracking[$row['topic_id']] < $row['topic_last_post_time']) {
                    $unread_sticky_num++;
                }
            }
            $db->sql_freeresult($result);
            // get total number of unread announce topics number
            $sql = 'SELECT t.topic_id, t.topic_last_post_time
                    FROM ' . TOPICS_TABLE . ' t
                    WHERE t.forum_id IN (' . $forum_id . ', 0)
                    AND t.topic_type IN (' . POST_ANNOUNCE . ', ' . POST_GLOBAL . ') ' . $sql_shadow_out . ' ' . $sql_approved;
            $result = $db->sql_query($sql);
            while ($row = $db->sql_fetchrow($result)) {
                if (empty($forum_id) || empty($row['topic_id'])) {
                    continue;
                }
                $topic_tracking = get_complete_topic_tracking($forum_id, $row['topic_id']);
                if (isset($topic_tracking[$row['topic_id']]) && $topic_tracking[$row['topic_id']] < $row['topic_last_post_time']) {
                    $unread_announce_count++;
                }
            }
            $db->sql_freeresult($result);
        }
        // get total number of normal topics
        $sql = 'SELECT count(t.topic_id) AS num_topics
                FROM ' . TOPICS_TABLE . ' t
                WHERE t.forum_id = ' . $forum_id . '
                AND t.topic_type = ' . POST_NORMAL . ' ' . $sql_shadow_out . ' ' . $sql_approved;
        $result = $db->sql_query($sql);
        $topics_count = (int) $db->sql_fetchfield('num_topics');
        $db->sql_freeresult($result);
        if ($start > $topics_count / 2) {
            $store_reverse = true;
            if ($start + $sql_limit > $topics_count) {
                $sql_limit = min($sql_limit, max(1, $topics_count - $start));
            }
            // Select the sort order
            $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . ($sort_dir == 'd' ? 'ASC' : 'DESC');
            $start = max(0, $topics_count - $sql_limit - $start);
        }
        $sql = 'SELECT t.*, u.user_avatar, u.user_avatar_type,bm.topic_id as bookmarked
                FROM ' . TOPICS_TABLE . ' t
                    LEFT JOIN ' . USERS_TABLE . ' u ON (t.topic_poster = u.user_id)
                    LEFT JOIN ' . BOOKMARKS_TABLE . ' bm ON (bm.user_id = ' . $user->data['user_id'] . ' AND t.topic_id = bm.topic_id) 
                WHERE t.forum_id = ' . $forum_id . '
                AND t.topic_type = ' . POST_NORMAL . ' ' . $sql_shadow_out . ' ' . $sql_approved . '
                ORDER BY ' . $sql_sort_order;
        $result = $db->sql_query_limit($sql, $sql_limit, $start);
    }
    $tids = array();
    $rowset = array();
    while ($row = $db->sql_fetchrow($result)) {
        $rowset[] = $row;
        $tids[] = $row['topic_moved_id'] ? $row['topic_moved_id'] : $row['topic_id'];
    }
    $db->sql_freeresult($result);
    // get participated users of each topic
    //    get_participated_user_avatars($tids);
    //    global $topic_users, $user_avatar;
    $topic_list = array();
    foreach ($rowset as $row) {
        $replies = $auth->acl_get('m_approve', $forum_id) ? $row['topic_replies_real'] : $row['topic_replies'];
        $short_content = get_short_content($row['topic_first_post_id']);
        $user_avatar_url = get_user_avatar_url($row['user_avatar'], $row['user_avatar_type']);
        $new_post = false;
        if ($user->data['user_id'] != ANONYMOUS) {
            if (empty($forum_id) || empty($row['topic_id'])) {
                continue;
            }
            $topic_tracking = get_complete_topic_tracking($forum_id, $row['topic_id']);
            $new_post = $topic_tracking[$row['topic_id']] < $row['topic_last_post_time'] ? true : false;
        }
        $allow_change_type = $auth->acl_get('m_', $forum_id) || $user->data['is_registered'] && $user->data['user_id'] == $row['topic_poster'] ? true : false;
        $topic_id = $row['topic_moved_id'] ? $row['topic_moved_id'] : $row['topic_id'];
        //        $icon_urls = array();
        //        foreach($topic_users[$topic_id] as $posterid){
        //            $icon_urls[] = new xmlrpcval($user_avatar[$posterid], 'string');
        //        }
        $can_rename = $user->data['is_registered'] && ($auth->acl_get('m_edit', $forum_id) || $user->data['user_id'] == $row['topic_poster'] && $auth->acl_get('f_edit', $forum_id) && ($row['topic_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time']));
        $xmlrpc_topic = new xmlrpcval(array('forum_id' => new xmlrpcval($forum_id), 'topic_id' => new xmlrpcval($row['topic_moved_id'] ? $row['topic_moved_id'] : $row['topic_id']), 'topic_title' => new xmlrpcval(html_entity_decode(strip_tags(censor_text($row['topic_title'])), ENT_QUOTES, 'UTF-8'), 'base64'), 'topic_author_id' => new xmlrpcval($row['topic_first_post_id'], 'string'), 'topic_author_name' => new xmlrpcval(html_entity_decode($row['topic_first_poster_name']), 'base64'), 'last_reply_time' => new xmlrpcval(mobiquo_iso8601_encode($row['topic_last_post_time']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($row['topic_last_post_time'], 'string'), 'reply_number' => new xmlrpcval($replies, 'int'), 'view_number' => new xmlrpcval($row['topic_views'], 'int'), 'short_content' => new xmlrpcval($short_content, 'base64'), 'new_post' => new xmlrpcval($new_post, 'boolean'), 'icon_url' => new xmlrpcval($user_avatar_url), 'attachment' => new xmlrpcval($auth->acl_get('u_download') && $auth->acl_get('f_download', $forum_id) && $row['topic_attachment'] ? 1 : 0, 'string'), 'can_delete' => new xmlrpcval($auth->acl_get('m_delete', $forum_id), 'boolean'), 'can_move' => new xmlrpcval($auth->acl_get('m_move', $forum_id), 'boolean'), 'can_subscribe' => new xmlrpcval(($config['email_enable'] || $config['jab_enable']) && $config['allow_topic_notify'] && $user->data['is_registered'], 'boolean'), 'is_subscribed' => new xmlrpcval(isset($user_watch_row[$topic_id]) ? true : false, 'boolean'), 'can_close' => new xmlrpcval($auth->acl_get('m_lock', $forum_id) || $auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $row['topic_poster'], 'boolean'), 'is_closed' => new xmlrpcval($row['topic_status'] == ITEM_LOCKED, 'boolean'), 'can_stick' => new xmlrpcval($allow_change_type && $auth->acl_get('f_sticky', $forum_id), 'boolean'), 'is_sticky' => new xmlrpcval($row['topic_type'] == POST_STICKY, 'boolean'), 'can_approve' => new xmlrpcval($auth->acl_get('m_approve', $forum_id) && !$row['topic_approved'], 'boolean'), 'is_approved' => new xmlrpcval($row['topic_approved'] ? true : false, 'boolean'), 'can_rename' => new xmlrpcval($can_rename, 'boolean')), 'struct');
        $topic_list[] = $xmlrpc_topic;
        unset($xmlrpc_topic);
    }
    if ($store_reverse) {
        $topic_list = array_reverse($topic_list);
    }
    if (!empty($topic_type)) {
        $topic_num = count($topic_list);
    } else {
        $topic_num = $topics_count;
    }
    $allowed = $config['max_attachments'] && $auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && $config['allow_attachments'] && @ini_get('file_uploads') != '0' && strtolower(@ini_get('file_uploads')) != 'off';
    $max_attachment = $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id) ? 99 : ($allowed ? $config['max_attachments'] : 0);
    $max_png_size = $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id) ? 10485760 : ($allowed ? $config['max_filesize'] === '0' ? 10485760 : $config['max_filesize'] : 0);
    $max_jpg_size = $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id) ? 10485760 : ($allowed ? $config['max_filesize'] === '0' ? 10485760 : $config['max_filesize'] : 0);
    $read_only_forums = explode(",", $config['tapatalk_forum_read_only']);
    $can_post = true;
    if (empty($read_only_forums) || !is_array($read_only_forums)) {
        $read_only_forums = array();
    }
    if (!$auth->acl_get('f_post', $forum_id) || in_array($forum_id, $read_only_forums)) {
        $can_post = false;
    }
    $response = new xmlrpcval(array('total_topic_num' => new xmlrpcval($topic_num, 'int'), 'unread_sticky_count' => new xmlrpcval($unread_sticky_num, 'int'), 'unread_announce_count' => new xmlrpcval($unread_announce_count, 'int'), 'forum_id' => new xmlrpcval($forum_id, 'string'), 'forum_name' => new xmlrpcval(html_entity_decode($forum_data['forum_name']), 'base64'), 'can_post' => new xmlrpcval($can_post, 'boolean'), 'can_upload' => new xmlrpcval($allowed, 'boolean'), 'max_attachment' => new xmlrpcval($max_attachment, 'int'), 'max_png_size' => new xmlrpcval($max_png_size, 'int'), 'max_jpg_size' => new xmlrpcval($max_jpg_size, 'int'), 'topics' => new xmlrpcval($topic_list, 'array')), 'struct');
    return new xmlrpcresp($response);
}
Exemplo n.º 7
0
/**
 * Check the password given on a certain forum for validity
 *
 * @param int The forum ID
 * @param boolean The Parent ID
 */
function check_forum_password($fid, $pid = 0)
{
    global $mybb, $header, $footer, $headerinclude, $theme, $templates, $lang, $forum_cache;
    $showform = true;
    if (!is_array($forum_cache)) {
        $forum_cache = cache_forums();
        if (!$forum_cache) {
            return false;
        }
    }
    // Loop through each of parent forums to ensure we have a password for them too
    $parents = explode(',', $forum_cache[$fid]['parentlist']);
    rsort($parents);
    if (!empty($parents)) {
        foreach ($parents as $parent_id) {
            if ($parent_id == $fid || $parent_id == $pid) {
                continue;
            }
            if ($forum_cache[$parent_id]['password'] != "") {
                check_forum_password($parent_id, $fid);
            }
        }
    }
    $password = $forum_cache[$fid]['password'];
    if ($password) {
        if ($mybb->input['pwverify'] && $pid == 0) {
            if ($password == $mybb->input['pwverify']) {
                my_setcookie("forumpass[{$fid}]", md5($mybb->user['uid'] . $mybb->input['pwverify']), null, true);
                $showform = false;
            } else {
                eval("\$pwnote = \"" . $templates->get("forumdisplay_password_wrongpass") . "\";");
                $showform = true;
            }
        } else {
            if (!$mybb->cookies['forumpass'][$fid] || $mybb->cookies['forumpass'][$fid] && md5($mybb->user['uid'] . $password) != $mybb->cookies['forumpass'][$fid]) {
                $showform = true;
            } else {
                $showform = false;
            }
        }
    } else {
        $showform = false;
    }
    if ($showform) {
        if ($pid) {
            header("Location: " . $mybb->settings['bburl'] . "/" . get_forum_link($fid));
        } else {
            $_SERVER['REQUEST_URI'] = htmlspecialchars_uni($_SERVER['REQUEST_URI']);
            eval("\$pwform = \"" . $templates->get("forumdisplay_password") . "\";");
            output_page($pwform);
        }
        exit;
    }
}
Exemplo n.º 8
0
}
$threadinfo = thread_info($_REQUEST['id']);
if (!$threadinfo['threadid'] || $threadinfo['del']) {
    message($apx->lang->get('MSG_THREADNOTEXIST'));
}
$foruminfo = forum_info($threadinfo['forumid']);
if (!$foruminfo['forumid']) {
    message($apx->lang->get('MSG_FORUMNOTEXIST'));
}
if (!forum_access_read($foruminfo)) {
    tmessage('noright', array(), false, false);
}
if (!forum_access_post($foruminfo, $threadinfo)) {
    tmessage('noright', array(), false, false);
}
check_forum_password($foruminfo);
////////////////////////////////////////////////////////////////////////////////////////// POST ERSTELLEN
//Vorschau generieren
if ($_POST['preview']) {
    $preview = $_POST['text'];
    if ($_POST['transform_links']) {
        $preview = transform_urls($preview);
    }
    $preview = forum_replace($preview, $_POST['allowcodes'], $_POST['allowsmilies']);
    $apx->tmpl->assign('PREVIEW', $preview);
} elseif ($_POST['send']) {
    //Captcha prüfen
    if ($set['forum']['captcha'] && !$user->info['userid']) {
        require BASEDIR . 'lib/class.captcha.php';
        $captcha = new captcha();
        $captchafailed = $captcha->check();
Exemplo n.º 9
0
// Setup look and feel
$user->setup('viewtopic', $topic_data['forum_style']);
if (!$topic_data['topic_approved'] && !$auth->acl_get('m_approve', $forum_id)) {
    trigger_error('NO_TOPIC');
}
// Start auth check (tapatalk add: avoid permission check for global announcement topic)
if (!$auth->acl_get('f_read', $forum_id) && $topic_data['topic_type'] != POST_GLOBAL) {
    if ($user->data['user_id'] != ANONYMOUS) {
        trigger_error('SORRY_AUTH_READ');
    }
    trigger_error('LOGIN_VIEWFORUM');
    //login_box('', $user->lang['LOGIN_VIEWFORUM']);
}
// Forum is passworded ... check whether access has been granted to this
// user this session, if not show login box
if ($topic_data['forum_password'] && !check_forum_password($forum_id)) {
    trigger_error('LOGIN_FORUM');
    //login_forum_box($topic_data);
}
/*
// Redirect to login or to the correct post upon emailed notification links
if (isset($_GET['e']))
{
	$jump_to = request_var('e', 0);

	$redirect_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id");

	if ($user->data['user_id'] == ANONYMOUS)
	{
	    trigger_error('LOGIN_NOTIFY_TOPIC');
		//login_box($redirect_url . "&amp;p=$post_id&amp;e=$jump_to", $user->lang['LOGIN_NOTIFY_TOPIC']);
Exemplo n.º 10
0
$bgcolor = "trow1";
if ($mybb->settings['subforumsindex'] != 0) {
    $showdepth = 3;
} else {
    $showdepth = 2;
}
$subforums = '';
$child_forums = build_forumbits($fid, 2);
$forums = $child_forums['forum_list'];
if ($forums) {
    $lang->sub_forums_in = $lang->sprintf($lang->sub_forums_in, $foruminfo['name']);
    eval("\$subforums = \"" . $templates->get("forumdisplay_subforums") . "\";");
}
$excols = "forumdisplay";
// Password protected forums
check_forum_password($foruminfo['fid']);
if ($foruminfo['linkto']) {
    header("Location: {$foruminfo['linkto']}");
    exit;
}
// Make forum jump...
if ($mybb->settings['enableforumjump'] != 0) {
    $forumjump = build_forum_jump("", $fid, 1);
}
if ($foruminfo['type'] == "f" && $foruminfo['open'] != 0 && $fpermissions['canpostthreads'] != 0 && $mybb->user['suspendposting'] == 0) {
    eval("\$newthread = \"" . $templates->get("forumdisplay_newthread") . "\";");
}
if ($fpermissions['cansearch'] != 0 && $foruminfo['type'] == "f") {
    eval("\$searchforum = \"" . $templates->get("forumdisplay_searchforum") . "\";");
}
// Gather forum stats
function remove_attachment_func($xmlrpc_params)
{
    global $db, $auth, $user, $config, $phpbb_root_path, $phpEx;
    $user->setup('posting');
    if (!$user->data['is_registered']) {
        trigger_error('LOGIN_EXPLAIN_POST');
    }
    $params = php_xmlrpc_decode($xmlrpc_params);
    include $phpbb_root_path . 'includes/functions_posting.' . $phpEx;
    include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
    // get parameters
    $attachment_id = isset($params[0]) ? intval($params[0]) : trigger_error('Attachment not exists');
    $forum_id = isset($params[1]) ? intval($params[1]) : trigger_error('NO_FORUM');
    $group_id = isset($params[2]) ? $params[2] : '';
    $post_id = isset($params[3]) ? intval($params[3]) : '';
    $_POST['attachment_data'] = $group_id ? unserialize(base64_decode($group_id)) : array();
    // Forum does not exist
    if (!$forum_id) {
        trigger_error('NO_FORUM');
    }
    $sql = "SELECT f.* FROM " . FORUMS_TABLE . " f WHERE f.forum_id = {$forum_id}";
    $result = $db->sql_query($sql);
    $forum_data = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if (!$forum_data) {
        trigger_error('NO_FORUM');
    }
    if ($forum_data['forum_password'] && !check_forum_password($forum_id)) {
        trigger_error('LOGIN_FORUM');
    }
    if (!$auth->acl_gets('f_read', $forum_id)) {
        if ($user->data['user_id'] != ANONYMOUS) {
            trigger_error('USER_CANNOT_READ');
        }
        trigger_error('LOGIN_EXPLAIN_POST');
    }
    // Is the user able to post within this forum?
    if ($forum_data['forum_type'] != FORUM_POST) {
        trigger_error('USER_CANNOT_FORUM_POST');
    }
    // Check permissions
    if ($user->data['is_bot'] || !$auth->acl_get('f_attach', $forum_id) || !$auth->acl_get('u_attach') || !$config['allow_attachments'] || @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off') {
        trigger_error('NOT_AUTHORISED');
    }
    if (!$auth->acl_get('f_post', $forum_id) && !$auth->acl_gets('f_edit', 'm_edit', $forum_id) && !$auth->acl_get('f_reply', $forum_id)) {
        trigger_error('USER_CANNOT_POST');
    }
    global $warn_msg;
    $position = '';
    foreach ($_POST['attachment_data'] as $pos => $data) {
        if ($data['attach_id'] == $attachment_id) {
            $position = $pos;
            break;
        }
    }
    if ($position === '') {
        $warn_msg = 'Attachment not exists';
    } else {
        $_POST['delete_file'][$position] = 'Delete file';
        $_REQUEST['delete_file'][$position] = 'Delete file';
        $message_parser = new parse_message();
        $message_parser->get_submitted_attachment_data();
        $message_parser->parse_attachments('fileupload', 'post', $forum_id, false, false, true);
        $group_id = base64_encode(serialize($message_parser->attachment_data));
        $warn_msg = join("\n", $message_parser->warn_msg);
    }
    $xmlrpc_result = new xmlrpcval(array('result' => new xmlrpcval($warn_msg ? false : true, 'boolean'), 'result_text' => new xmlrpcval(strip_tags($warn_msg), 'base64'), 'group_id' => new xmlrpcval($group_id)), 'struct');
    return new xmlrpcresp($xmlrpc_result);
}
Exemplo n.º 12
0
function m_rename_topic_func($xmlrpc_params)
{
    global $db, $auth, $user, $config, $template, $cache, $phpEx, $phpbb_root_path, $phpbb_home;
    $user->setup('posting');
    include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
    $params = php_xmlrpc_decode($xmlrpc_params);
    $submit = true;
    $preview = false;
    $refresh = false;
    $mode = 'edit';
    // get topic information from parameters
    $topic_id = intval($params[0]);
    $post_title = $db->sql_escape(trim($params[1]));
    //$post_content   = $params[2];
    $GLOBALS['return_html'] = isset($params[3]) ? $params[3] : false;
    $sql = 'SELECT * FROM ' . POSTS_TABLE . ' WHERE topic_id = ' . $topic_id . ' ORDER BY post_time ASC';
    $result = $db->sql_query_limit($sql, 1);
    $first_post_data = $db->sql_fetchrow($result);
    $post_id = $first_post_data['post_id'];
    if (empty($post_id)) {
        trigger_error('NO_POST');
    }
    $post_data = array();
    $sql = 'SELECT p.*, t.*, f.*, u.username
            FROM ' . POSTS_TABLE . ' p
                LEFT JOIN ' . TOPICS_TABLE . ' t ON (p.topic_id = t.topic_id) 
                LEFT JOIN ' . FORUMS_TABLE . ' f ON (t.forum_id = f.forum_id OR (t.topic_type = ' . POST_GLOBAL . ' AND f.forum_type = ' . FORUM_POST . '))
                LEFT JOIN ' . USERS_TABLE . ' u ON (p.poster_id = u.user_id)' . "\r\r\n            WHERE p.post_id = {$post_id}";
    $result = $db->sql_query_limit($sql, 1);
    $post_data = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if (!$post_data) {
        trigger_error('NO_POST');
    }
    // Use post_row values in favor of submitted ones...
    $forum_id = (int) $post_data['forum_id'];
    $topic_id = (int) $post_data['topic_id'];
    $post_id = (int) $post_id;
    // Need to login to passworded forum first?
    if ($post_data['forum_password'] && !check_forum_password($forum_id)) {
        trigger_error('LOGIN_FORUM');
    }
    // Is the user able to read within this forum?
    if (!$auth->acl_get('f_read', $forum_id)) {
        trigger_error('USER_CANNOT_READ');
    }
    // Permission to do the action asked?
    if (!($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))) {
        trigger_error('USER_CANNOT_EDIT');
    }
    // Forum/Topic locked?
    if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) {
        trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
    }
    // Can we edit this post ... if we're a moderator with rights then always yes
    // else it depends on editing times, lock status and if we're the correct user
    if (!$auth->acl_get('m_edit', $forum_id)) {
        if ($user->data['user_id'] != $post_data['poster_id']) {
            trigger_error('USER_CANNOT_EDIT');
        }
        if (!($post_data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time'])) {
            trigger_error('CANNOT_EDIT_TIME');
        }
        if ($post_data['post_edit_locked']) {
            trigger_error('CANNOT_EDIT_POST_LOCKED');
        }
    }
    if (empty($post_title)) {
        trigger_error('EMPTY_SUBJECT');
    }
    $sql = "UPDATE " . TOPICS_TABLE . " SET topic_title = '{$post_title}' WHERE topic_id = '{$topic_id}' ";
    $db->sql_query($sql);
    $sql = "UPDATE " . POSTS_TABLE . " SET post_subject = '{$post_title}' WHERE post_id = '{$post_id}'";
    $db->sql_query($sql);
    $xmlrpc_reply_topic = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'is_login_mod' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval("", 'base64')), 'struct');
    return new xmlrpcresp($xmlrpc_reply_topic);
}
Exemplo n.º 13
0
}
$sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
    FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u\r\r\n    WHERE p.post_id = {$post_id}\r\r\n        AND t.topic_id = p.topic_id\r\r\n        AND u.user_id = p.poster_id\r\r\n        AND (f.forum_id = t.forum_id\r\r\n            OR f.forum_id = {$forum_id})" . ($auth->acl_get('m_approve', $forum_id) ? '' : 'AND p.post_approved = 1');
$result = $db->sql_query($sql);
$post_data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$post_data) {
    $user->setup('posting');
    trigger_error('NO_POST');
}
$user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
// Use post_row values in favor of submitted ones...
$forum_id = !empty($post_data['forum_id']) ? (int) $post_data['forum_id'] : (int) $forum_id;
$topic_id = !empty($post_data['topic_id']) ? (int) $post_data['topic_id'] : (int) $topic_id;
$post_id = !empty($post_data['post_id']) ? (int) $post_data['post_id'] : (int) $post_id;
if ($post_data['forum_password'] && !check_forum_password($forum_id)) {
    trigger_error('LOGIN_FORUM');
}
// Check permissions
if ($user->data['is_bot'] || $user->data['user_id'] == ANONYMOUS) {
    trigger_error('USER_CANNOT_DELETE');
}
// Is the user able to read within this forum?
if (!$auth->acl_get('f_read', $forum_id)) {
    trigger_error('USER_CANNOT_READ');
}
if (!$user->data['is_registered'] || !$auth->acl_gets('f_delete', 'm_delete', $forum_id)) {
    trigger_error('USER_CANNOT_DELETE');
}
// Forum/Topic locked?
if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) {
Exemplo n.º 14
0
function save_raw_post_func($xmlrpc_params)
{
    global $db, $auth, $user, $config, $template, $cache, $phpEx, $phpbb_root_path, $phpbb_home;
    $user->setup('posting');
    include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
    $params = php_xmlrpc_decode($xmlrpc_params);
    $submit = true;
    $preview = false;
    $refresh = false;
    $mode = 'edit';
    // get post information from parameters
    $post_id = intval($params[0]);
    $post_title = $params[1];
    $post_content = $params[2];
    $GLOBALS['return_html'] = isset($params[3]) ? $params[3] : false;
    $post_data = array();
    $sql = 'SELECT p.*, t.*, f.*, u.username
            FROM ' . POSTS_TABLE . ' p
                LEFT JOIN ' . TOPICS_TABLE . ' t ON (p.topic_id = t.topic_id) 
                LEFT JOIN ' . FORUMS_TABLE . ' f ON (t.forum_id = f.forum_id OR (t.topic_type = ' . POST_GLOBAL . ' AND f.forum_type = ' . FORUM_POST . '))
                LEFT JOIN ' . USERS_TABLE . ' u ON (p.poster_id = u.user_id)' . "\r\r\n            WHERE p.post_id = {$post_id}";
    $result = $db->sql_query_limit($sql, 1);
    $post_data = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if (!$post_data) {
        trigger_error('NO_POST');
    }
    // Use post_row values in favor of submitted ones...
    $forum_id = (int) $post_data['forum_id'];
    $topic_id = (int) $post_data['topic_id'];
    $post_id = (int) $post_id;
    // Need to login to passworded forum first?
    if ($post_data['forum_password'] && !check_forum_password($forum_id)) {
        trigger_error('LOGIN_FORUM');
    }
    // Is the user able to read within this forum?
    if (!$auth->acl_get('f_read', $forum_id)) {
        trigger_error('USER_CANNOT_READ');
    }
    // Permission to do the action asked?
    if (!($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))) {
        trigger_error('USER_CANNOT_EDIT');
    }
    // Forum/Topic locked?
    if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) {
        trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
    }
    // Can we edit this post ... if we're a moderator with rights then always yes
    // else it depends on editing times, lock status and if we're the correct user
    if (!$auth->acl_get('m_edit', $forum_id)) {
        if ($user->data['user_id'] != $post_data['poster_id']) {
            trigger_error('USER_CANNOT_EDIT');
        }
        if (!($post_data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time'])) {
            trigger_error('CANNOT_EDIT_TIME');
        }
        if ($post_data['post_edit_locked']) {
            trigger_error('CANNOT_EDIT_POST_LOCKED');
        }
    }
    // Determine some vars
    if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS) {
        $post_data['quote_username'] = !empty($post_data['post_username']) ? $post_data['post_username'] : $user->lang['GUEST'];
    } else {
        $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : '';
    }
    $post_data['post_edit_locked'] = isset($post_data['post_edit_locked']) ? (int) $post_data['post_edit_locked'] : 0;
    $post_data['post_subject'] = in_array($mode, array('quote', 'edit')) ? $post_data['post_subject'] : (isset($post_data['topic_title']) ? $post_data['topic_title'] : '');
    $post_data['topic_time_limit'] = isset($post_data['topic_time_limit']) ? $post_data['topic_time_limit'] ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit'] : 0;
    $post_data['poll_length'] = !empty($post_data['poll_length']) ? (int) $post_data['poll_length'] / 86400 : 0;
    $post_data['poll_start'] = !empty($post_data['poll_start']) ? (int) $post_data['poll_start'] : 0;
    $post_data['icon_id'] = !isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply')) ? 0 : (int) $post_data['icon_id'];
    $post_data['poll_options'] = array();
    // Get Poll Data
    if ($post_data['poll_start']) {
        $sql = 'SELECT poll_option_text
            FROM ' . POLL_OPTIONS_TABLE . "\r\r\n            WHERE topic_id = {$topic_id}\r\r\n            ORDER BY poll_option_id";
        $result = $db->sql_query($sql);
        while ($row = $db->sql_fetchrow($result)) {
            $post_data['poll_options'][] = trim($row['poll_option_text']);
        }
        $db->sql_freeresult($result);
    }
    $orig_poll_options_size = sizeof($post_data['poll_options']);
    $message_parser = new parse_message();
    if (isset($post_data['post_text'])) {
        $message_parser->message =& $post_data['post_text'];
        unset($post_data['post_text']);
    }
    // Set some default variables
    $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
    foreach ($uninit as $var_name => $default_value) {
        if (!isset($post_data[$var_name])) {
            $post_data[$var_name] = $default_value;
        }
    }
    unset($uninit);
    // Always check if the submitted attachment data is valid and belongs to the user.
    // Further down (especially in submit_post()) we do not check this again.
    $message_parser->get_submitted_attachment_data($post_data['poster_id']);
    if ($post_data['post_attachment'] && !$refresh && !$preview && $mode == 'edit') {
        // Do not change to SELECT *
        $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename
            FROM ' . ATTACHMENTS_TABLE . "\r\r\n            WHERE post_msg_id = {$post_id}\r\r\n                AND in_message = 0\r\r\n                AND is_orphan = 0\r\r\n            ORDER BY filetime DESC";
        $result = $db->sql_query($sql);
        $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
        $db->sql_freeresult($result);
    }
    if ($post_data['poster_id'] == ANONYMOUS) {
        $post_data['username'] = $mode == 'quote' || $mode == 'edit' ? trim($post_data['post_username']) : '';
    } else {
        $post_data['username'] = $mode == 'quote' || $mode == 'edit' ? trim($post_data['username']) : '';
    }
    $post_data['enable_urls'] = $post_data['enable_magic_url'];
    $post_data['enable_magic_url'] = $post_data['drafts'] = false;
    $check_value = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1);
    // Check if user is watching this topic
    /*if ($mode != 'post' && $config['allow_topic_notify'] && $user->data['is_registered'])
      {
          $sql = 'SELECT topic_id
              FROM ' . TOPICS_WATCH_TABLE . '
              WHERE topic_id = ' . $topic_id . '
                  AND user_id = ' . $user->data['user_id'];
          $result = $db->sql_query($sql);
          $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id');
          $db->sql_freeresult($result);
      }*/
    // Do we want to edit our post ?
    if ($post_data['bbcode_uid']) {
        $message_parser->bbcode_uid = $post_data['bbcode_uid'];
    }
    // HTML, BBCode, Smilies, Images and Flash status
    $bbcode_status = $config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id) ? true : false;
    $smilies_status = $bbcode_status && $config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id) ? true : false;
    $img_status = $bbcode_status && $auth->acl_get('f_img', $forum_id) ? true : false;
    $url_status = $config['allow_post_links'] ? true : false;
    $flash_status = $bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash'] ? true : false;
    $quote_status = $auth->acl_get('f_reply', $forum_id) ? true : false;
    $solved_captcha = false;
    $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0);
    $post_data['post_subject'] = utf8_normalize_nfc($post_title);
    $message_parser->message = utf8_normalize_nfc(htmlspecialchars($post_content));
    $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true));
    $post_data['post_edit_reason'] = !empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id) ? utf8_normalize_nfc(request_var('edit_reason', '', true)) : '';
    $post_data['orig_topic_type'] = $post_data['topic_type'];
    $post_data['topic_type'] = request_var('topic_type', $mode != 'post' ? (int) $post_data['topic_type'] : POST_NORMAL);
    $post_data['topic_time_limit'] = request_var('topic_time_limit', $mode != 'post' ? (int) $post_data['topic_time_limit'] : 0);
    $post_data['icon_id'] = request_var('icon', 0);
    $post_data['enable_bbcode'] = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true;
    $post_data['enable_smilies'] = !$smilies_status || isset($_POST['disable_smilies']) ? false : true;
    $post_data['enable_urls'] = isset($_POST['disable_magic_url']) ? 0 : 1;
    $post_data['enable_sig'] = !$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig') ? false : ($user->data['is_registered'] ? true : false);
    if ($config['allow_topic_notify'] && $user->data['is_registered']) {
        $notify = isset($_POST['notify']) ? true : false;
    } else {
        $notify = false;
    }
    $topic_lock = isset($_POST['lock_topic']) ? true : $post_data['topic_status'];
    $post_lock = isset($_POST['lock_post']) ? true : $post_data['post_edit_locked'];
    $poll_delete = isset($_POST['poll_delete']) ? true : false;
    $status_switch = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1);
    $status_switch = $status_switch != $check_value;
    //$post_data['poll_title']        = utf8_normalize_nfc(request_var('poll_title', '', true));
    //$post_data['poll_length']        = request_var('poll_length', 0);
    //$post_data['poll_option_text']    = utf8_normalize_nfc(request_var('poll_option_text', '', true));
    $post_data['poll_option_text'] = implode("\n", $post_data['poll_options']);
    //$post_data['poll_max_options']    = request_var('poll_max_options', 1);
    //$post_data['poll_vote_change']    = ($auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0;
    // Parse Attachments - before checksum is calculated
    $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
    // Grab md5 'checksum' of new message
    $message_md5 = md5($message_parser->message);
    // Check checksum ... don't re-parse message if the same
    $update_message = $mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN ? true : false;
    // Parse message
    if ($update_message) {
        if (sizeof($message_parser->warn_msg)) {
            trigger_error(join("\n", $message_parser->warn_msg));
        }
        $message_parser->parse($post_data['enable_bbcode'], $config['allow_post_links'] ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
    } else {
        $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield'];
    }
    // Validate username
    if ($post_data['username'] && !$user->data['is_registered'] || $mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']) {
        include $phpbb_root_path . 'includes/functions_user.' . $phpEx;
        if (($result = validate_username($post_data['username'], !empty($post_data['post_username']) ? $post_data['post_username'] : '')) !== false) {
            $user->add_lang('ucp');
            trigger_error($result . '_USERNAME');
        }
    }
    // Parse subject
    if (utf8_clean_string($post_data['post_subject']) === '' && $post_data['topic_first_post_id'] == $post_id) {
        trigger_error('EMPTY_SUBJECT');
    }
    $post_data['poll_last_vote'] = isset($post_data['poll_last_vote']) ? $post_data['poll_last_vote'] : 0;
    if ($post_data['poll_option_text'] && $post_id == $post_data['topic_first_post_id'] && $auth->acl_get('f_poll', $forum_id)) {
        $poll = array('poll_title' => $post_data['poll_title'], 'poll_length' => $post_data['poll_length'], 'poll_max_options' => $post_data['poll_max_options'], 'poll_option_text' => $post_data['poll_option_text'], 'poll_start' => $post_data['poll_start'], 'poll_last_vote' => $post_data['poll_last_vote'], 'poll_vote_change' => $post_data['poll_vote_change'], 'enable_bbcode' => $post_data['enable_bbcode'], 'enable_urls' => $post_data['enable_urls'], 'enable_smilies' => $post_data['enable_smilies'], 'img_status' => $img_status);
        $message_parser->parse_poll($poll);
        $post_data['poll_options'] = isset($poll['poll_options']) ? $poll['poll_options'] : '';
        $post_data['poll_title'] = isset($poll['poll_title']) ? $poll['poll_title'] : '';
    } else {
        $poll = array();
    }
    // Check topic type
    if ($post_data['topic_type'] != POST_NORMAL && $post_data['topic_first_post_id'] == $post_id) {
        switch ($post_data['topic_type']) {
            case POST_GLOBAL:
            case POST_ANNOUNCE:
                $auth_option = 'f_announce';
                break;
            case POST_STICKY:
                $auth_option = 'f_sticky';
                break;
            default:
                $auth_option = '';
                break;
        }
        if (!$auth->acl_get($auth_option, $forum_id)) {
            // There is a special case where a user edits his post whereby the topic type got changed by an admin/mod.
            // Another case would be a mod not having sticky permissions for example but edit permissions.
            // To prevent non-authed users messing around with the topic type we reset it to the original one.
            $post_data['topic_type'] = $post_data['orig_topic_type'];
        }
    }
    // DNSBL check
    if ($config['check_dnsbl']) {
        if (($dnsbl = $user->check_dnsbl('post')) !== false) {
            trigger_error(sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]));
        }
    }
    // Check if we want to de-globalize the topic... and ask for new forum
    if ($post_data['topic_type'] != POST_GLOBAL) {
        $sql = 'SELECT topic_type, forum_id
            FROM ' . TOPICS_TABLE . "\r\r\n            WHERE topic_id = {$topic_id}";
        $result = $db->sql_query($sql);
        $row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
        if ($row && !$row['forum_id'] && $row['topic_type'] == POST_GLOBAL) {
            $to_forum_id = request_var('to_forum_id', 0);
            if ($to_forum_id) {
                $sql = 'SELECT forum_type
                    FROM ' . FORUMS_TABLE . '
                    WHERE forum_id = ' . $to_forum_id;
                $result = $db->sql_query($sql);
                $forum_type = (int) $db->sql_fetchfield('forum_type');
                $db->sql_freeresult($result);
                if ($forum_type != FORUM_POST || !$auth->acl_get('f_post', $to_forum_id)) {
                    $to_forum_id = 0;
                }
            }
            if (!$to_forum_id) {
                include_once $phpbb_root_path . 'includes/functions_admin.' . $phpEx;
                $template->assign_vars(array('S_FORUM_SELECT' => make_forum_select(false, false, false, true, true, true), 'S_UNGLOBALISE' => true));
                $submit = false;
                $refresh = true;
            } else {
                if (!$auth->acl_get('f_post', $to_forum_id)) {
                    // This will only be triggered if the user tried to trick the forum.
                    trigger_error('NOT_AUTHORISED');
                }
                $forum_id = $to_forum_id;
            }
        }
    }
    // Lock/Unlock Topic
    $change_topic_status = $post_data['topic_status'];
    $perm_lock_unlock = $auth->acl_get('m_lock', $forum_id) || $auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && !empty($post_data['topic_poster']) && $user->data['user_id'] == $post_data['topic_poster'] && $post_data['topic_status'] == ITEM_UNLOCKED ? true : false;
    if ($post_data['topic_status'] == ITEM_LOCKED && !$topic_lock && $perm_lock_unlock) {
        $change_topic_status = ITEM_UNLOCKED;
    } else {
        if ($post_data['topic_status'] == ITEM_UNLOCKED && $topic_lock && $perm_lock_unlock) {
            $change_topic_status = ITEM_LOCKED;
        }
    }
    if ($change_topic_status != $post_data['topic_status']) {
        $sql = 'UPDATE ' . TOPICS_TABLE . "\r\r\n            SET topic_status = {$change_topic_status}\r\r\n            WHERE topic_id = {$topic_id}\r\r\n                AND topic_moved_id = 0";
        $db->sql_query($sql);
        $user_lock = $auth->acl_get('f_user_lock', $forum_id) && $user->data['is_registered'] && $user->data['user_id'] == $post_data['topic_poster'] ? 'USER_' : '';
        add_log('mod', $forum_id, $topic_id, 'LOG_' . $user_lock . ($change_topic_status == ITEM_LOCKED ? 'LOCK' : 'UNLOCK'), $post_data['topic_title']);
    }
    // Lock/Unlock Post Edit
    if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_LOCKED && !$post_lock && $auth->acl_get('m_edit', $forum_id)) {
        $post_data['post_edit_locked'] = ITEM_UNLOCKED;
    } else {
        if ($mode == 'edit' && $post_data['post_edit_locked'] == ITEM_UNLOCKED && $post_lock && $auth->acl_get('m_edit', $forum_id)) {
            $post_data['post_edit_locked'] = ITEM_LOCKED;
        }
    }
    $data = array('topic_title' => empty($post_data['topic_title']) ? $post_data['post_subject'] : $post_data['topic_title'], 'topic_first_post_id' => isset($post_data['topic_first_post_id']) ? (int) $post_data['topic_first_post_id'] : 0, 'topic_last_post_id' => isset($post_data['topic_last_post_id']) ? (int) $post_data['topic_last_post_id'] : 0, 'topic_time_limit' => (int) $post_data['topic_time_limit'], 'topic_attachment' => isset($post_data['topic_attachment']) ? (int) $post_data['topic_attachment'] : 0, 'post_id' => (int) $post_id, 'topic_id' => (int) $topic_id, 'forum_id' => (int) $forum_id, 'icon_id' => (int) $post_data['icon_id'], 'poster_id' => (int) $post_data['poster_id'], 'enable_sig' => (bool) $post_data['enable_sig'], 'enable_bbcode' => (bool) $post_data['enable_bbcode'], 'enable_smilies' => (bool) $post_data['enable_smilies'], 'enable_urls' => (bool) $post_data['enable_urls'], 'enable_indexing' => (bool) $post_data['enable_indexing'], 'message_md5' => (string) $message_md5, 'post_time' => isset($post_data['post_time']) ? (int) $post_data['post_time'] : time(), 'post_checksum' => isset($post_data['post_checksum']) ? (string) $post_data['post_checksum'] : '', 'post_edit_reason' => $post_data['post_edit_reason'], 'post_edit_user' => $mode == 'edit' ? $user->data['user_id'] : (isset($post_data['post_edit_user']) ? (int) $post_data['post_edit_user'] : 0), 'forum_parents' => $post_data['forum_parents'], 'forum_name' => $post_data['forum_name'], 'notify' => $notify, 'poster_ip' => isset($post_data['poster_ip']) ? $post_data['poster_ip'] : $user->ip, 'post_edit_locked' => (int) $post_data['post_edit_locked'], 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'attachment_data' => $message_parser->attachment_data, 'filename_data' => $message_parser->filename_data, 'topic_approved' => isset($post_data['topic_approved']) ? $post_data['topic_approved'] : false, 'post_approved' => isset($post_data['post_approved']) ? $post_data['post_approved'] : false);
    $data['topic_replies_real'] = $post_data['topic_replies_real'];
    $data['topic_replies'] = $post_data['topic_replies'];
    include $phpbb_root_path . 'includes/functions_posting.' . $phpEx;
    $cwd = getcwd();
    chdir('../');
    $redirect_url = submit_post($mode, $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message);
    chdir($cwd);
    // Check the permissions for post approval, as well as the queue trigger where users are put on approval with a post count lower than specified. Moderators are not affected.
    $approved = true;
    if (($config['enable_queue_trigger'] && $user->data['user_posts'] < $config['queue_trigger_posts'] || !$auth->acl_get('f_noapprove', $data['forum_id'])) && !$auth->acl_get('m_approve', $data['forum_id'])) {
        $approved = false;
    }
    $reply_success = false;
    $post_id = '';
    if ($redirect_url) {
        preg_match('/&amp;p=(\\d+)/', $redirect_url, $matches);
        $post_id = $matches[1];
        $reply_success = true;
        // get new post_content
        $message = censor_text($data['message']);
        $quote_wrote_string = $user->lang['WROTE'];
        $message = str_replace('[/quote:' . $data['bbcode_uid'] . ']', '[/quote]', $message);
        $message = preg_replace('/\\[quote(?:=&quot;(.*?)&quot;)?:' . $data['bbcode_uid'] . '\\]/ise', "'[quote]' . ('\$1' ? '\$1' . ' {$quote_wrote_string}:\n' : '\n')", $message);
        $blocks = preg_split('/(\\[\\/?quote\\])/i', $message, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
        $quote_level = 0;
        $message = '';
        foreach ($blocks as $block) {
            if ($block == '[quote]') {
                if ($quote_level == 0) {
                    $message .= $block;
                }
                $quote_level++;
            } else {
                if ($block == '[/quote]') {
                    if ($quote_level <= 1) {
                        $message .= $block;
                    }
                    if ($quote_level >= 1) {
                        $quote_level--;
                    }
                } else {
                    if ($quote_level <= 1) {
                        $message .= $block;
                    }
                }
            }
        }
        $message = preg_replace('/\\[(youtube|video|googlevideo|gvideo):' . $data['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $data['bbcode_uid'] . '\\]/sie', "video_bbcode_format('\$1', '\$2')", $message);
        $message = preg_replace('/\\[(BBvideo)[\\d, ]+:' . $row['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $row['bbcode_uid'] . '\\]/si', "[url=\$2]YouTube Video[/url]", $message);
        $message = preg_replace('/\\[(spoil|spoiler):' . $row['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $row['bbcode_uid'] . '\\]/si', "[spoiler]\$2[/spoiler]", $message);
        $message = preg_replace('/\\[b:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/b:' . $data['bbcode_uid'] . '\\]/si', '[b]$1[/b]', $message);
        $message = preg_replace('/\\[i:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/i:' . $data['bbcode_uid'] . '\\]/si', '[i]$1[/i]', $message);
        $message = preg_replace('/\\[u:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/u:' . $data['bbcode_uid'] . '\\]/si', '[u]$1[/u]', $message);
        $message = preg_replace('/\\[color=#(\\w{6}):' . $data['bbcode_uid'] . '\\](.*?)\\[\\/color:' . $data['bbcode_uid'] . '\\]/si', '[color=#$1]$2[/color]', $message);
        // Second parse bbcode here
        if ($data['bbcode_bitfield']) {
            $bbcode = new bbcode(base64_encode($data['bbcode_bitfield']));
            $bbcode->bbcode_second_pass($message, $data['bbcode_uid'], $data['bbcode_bitfield']);
        }
        $message = bbcode_nl2br($message);
        $message = smiley_text($message);
        if (!empty($data['attachment_data'])) {
            parse_attachments($forum_id, $message, $data['attachment_data'], $update_count);
        }
        $updated_post_title = html_entity_decode(strip_tags(censor_text($data['topic_title'])), ENT_QUOTES, 'UTF-8');
    }
    $xmlrpc_reply_topic = new xmlrpcval(array('result' => new xmlrpcval($reply_success, 'boolean'), 'state' => new xmlrpcval($approved ? 0 : 1, 'int'), 'post_title' => new xmlrpcval($updated_post_title, 'base64'), 'post_content' => new xmlrpcval(post_html_clean($message), 'base64')), 'struct');
    return new xmlrpcresp($xmlrpc_reply_topic);
}
Exemplo n.º 15
0
function replyban_run()
{
    global $db, $mybb, $lang, $templates, $theme, $headerinclude, $header, $footer, $replyban, $moderation;
    $lang->load("replyban");
    if ($mybb->input['action'] != "replyban" && $mybb->input['action'] != "do_replyban" && $mybb->input['action'] != "liftreplyban") {
        return;
    }
    if ($mybb->input['action'] == "replyban") {
        $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
        $thread = get_thread($tid);
        if (!is_moderator($thread['fid'], "canmanagethreads")) {
            error_no_permission();
        }
        if (!$thread['tid']) {
            error($lang->error_invalidthread);
        }
        $thread['subject'] = htmlspecialchars_uni($thread['subject']);
        $lang->reply_bans_for = $lang->sprintf($lang->reply_bans_for, $thread['subject']);
        check_forum_password($thread['fid']);
        build_forum_breadcrumb($thread['fid']);
        add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
        add_breadcrumb($lang->reply_bans);
        $query = $db->query("\r\n\t\t\tSELECT r.*, u.username\r\n\t\t\tFROM " . TABLE_PREFIX . "replybans r\r\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (r.uid=u.uid)\r\n\t\t\tWHERE r.tid='{$thread['tid']}'\r\n\t\t\tORDER BY r.dateline DESC\r\n\t\t");
        while ($ban = $db->fetch_array($query)) {
            $ban['reason'] = htmlspecialchars_uni($ban['reason']);
            $ban['username'] = build_profile_link($ban['username'], $ban['uid']);
            if ($ban['lifted'] == 0) {
                $ban['lifted'] = $lang->permanent;
            } else {
                $ban['lifted'] = my_date('relative', $ban['lifted'], '', 2);
            }
            $alt_bg = alt_trow();
            eval("\$ban_bit .= \"" . $templates->get("moderation_replyban_bit") . "\";");
        }
        if (!$ban_bit) {
            eval("\$ban_bit = \"" . $templates->get("moderation_replyban_no_bans") . "\";");
        }
        // Generate the banned times dropdown
        $liftlist = '';
        $bantimes = fetch_ban_times();
        foreach ($bantimes as $time => $title) {
            $selected = '';
            if (isset($banned['bantime']) && $banned['bantime'] == $time) {
                $selected = " selected=\"selected\"";
            }
            $thattime = '';
            if ($time != '---') {
                $dateline = TIME_NOW;
                if (isset($banned['dateline'])) {
                    $dateline = $banned['dateline'];
                }
                $thatime = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time, $dateline));
                $thattime = " ({$thatime})";
            }
            eval("\$liftlist .= \"" . $templates->get("moderation_replyban_liftlist") . "\";");
        }
        eval("\$replyban = \"" . $templates->get("moderation_replyban") . "\";");
        output_page($replyban);
    }
    if ($mybb->input['action'] == "do_replyban" && $mybb->request_method == "post") {
        // Verify incoming POST request
        verify_post_check($mybb->get_input('my_post_key'));
        $tid = $mybb->get_input('tid', MyBB::INPUT_INT);
        $thread = get_thread($tid);
        if (!is_moderator($thread['fid'], "canmanagethreads")) {
            error_no_permission();
        }
        if (!$thread['tid']) {
            error($lang->error_invalidthread);
        }
        $user = get_user_by_username($mybb->input['username'], array('fields' => array('username')));
        if (!$user['uid']) {
            error($lang->error_invaliduser);
        }
        $mybb->input['reason'] = $mybb->get_input('reason');
        if (!trim($mybb->input['reason'])) {
            error($lang->error_missing_reason);
        }
        $query = $db->simple_select('replybans', 'rid', "uid='{$user['uid']}' AND tid='{$thread['tid']}'");
        $existingban = $db->fetch_field($query, 'rid');
        if ($existingban > 0) {
            error($lang->error_alreadybanned);
        }
        if ($mybb->get_input('liftban') == '---') {
            $lifted = 0;
        } else {
            $lifted = ban_date2timestamp($mybb->get_input('liftban'), 0);
        }
        $reason = my_substr($mybb->input['reason'], 0, 240);
        $insert_array = array('uid' => $user['uid'], 'tid' => $thread['tid'], 'dateline' => TIME_NOW, 'reason' => $db->escape_string($reason), 'lifted' => $db->escape_string($lifted));
        $db->insert_query('replybans', $insert_array);
        log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned);
        moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_user_banned_replying);
    }
    if ($mybb->input['action'] == "liftreplyban") {
        // Verify incoming POST request
        verify_post_check($mybb->get_input('my_post_key'));
        $rid = $mybb->get_input('rid', MyBB::INPUT_INT);
        $query = $db->simple_select("replybans", "*", "rid='{$rid}'");
        $ban = $db->fetch_array($query);
        if (!$ban['rid']) {
            error($lang->error_invalidreplyban);
        }
        $thread = get_thread($ban['tid']);
        $user = get_user($ban['uid']);
        if (!$thread['tid']) {
            error($lang->error_invalidthread);
        }
        if (!is_moderator($thread['fid'], "canmanagethreads")) {
            error_no_permission();
        }
        $db->delete_query("replybans", "rid='{$ban['rid']}'");
        log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned_lifted);
        moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_reply_ban_lifted);
    }
    exit;
}
Exemplo n.º 16
0
function new_topic_func($xmlrpc_params)
{
    global $db, $auth, $user, $config, $phpbb_root_path, $phpEx, $mobiquo_config;
    $user->setup('posting');
    if (!$user->data['is_registered']) {
        trigger_error('LOGIN_EXPLAIN_POST');
    }
    $params = php_xmlrpc_decode($xmlrpc_params);
    // get parameters
    $forum_id = isset($params[0]) ? intval($params[0]) : '';
    $subject = isset($params[1]) ? $params[1] : '';
    $text_body = isset($params[2]) ? $params[2] : '';
    require_once 'include/emoji.php';
    $text_body = emoji_unified_to_names($text_body);
    $_POST['attachment_data'] = isset($params[5]) && $params[5] ? unserialize(base64_decode($params[5])) : array();
    if (!$forum_id) {
        trigger_error('NO_FORUM');
    }
    if (utf8_clean_string($subject) === '') {
        trigger_error('EMPTY_SUBJECT');
    }
    if (utf8_clean_string($text_body) === '') {
        trigger_error('TOO_FEW_CHARS');
    }
    $post_data = array();
    $current_time = time();
    $sql = 'SELECT * FROM ' . FORUMS_TABLE . " WHERE forum_id = {$forum_id}";
    $result = $db->sql_query($sql);
    $post_data = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if (!$post_data) {
        trigger_error('NO_FORUM');
    }
    // Need to login to passworded forum first?
    if ($post_data['forum_password'] && !check_forum_password($forum_id)) {
        trigger_error('LOGIN_FORUM');
    }
    // Check permissions
    if ($user->data['is_bot']) {
        trigger_error('NOT_AUTHORISED');
    }
    // Is the user able to read and post within this forum?
    if (!$auth->acl_get('f_read', $forum_id)) {
        if ($user->data['user_id'] != ANONYMOUS) {
            trigger_error('USER_CANNOT_READ');
        }
        trigger_error('LOGIN_EXPLAIN_POST');
    }
    if (!$auth->acl_get('f_post', $forum_id)) {
        if ($user->data['user_id'] != ANONYMOUS) {
            trigger_error('USER_CANNOT_POST');
        }
        trigger_error('LOGIN_EXPLAIN_POST');
    }
    // Is the user able to post within this forum?
    if ($post_data['forum_type'] != FORUM_POST) {
        trigger_error('USER_CANNOT_FORUM_POST');
    }
    // Forum/Topic locked?
    if ($post_data['forum_status'] == ITEM_LOCKED && !$auth->acl_get('m_edit', $forum_id)) {
        trigger_error('FORUM_LOCKED');
    }
    $post_data['quote_username'] = '';
    $post_data['post_edit_locked'] = 0;
    $post_data['post_subject'] = '';
    $post_data['topic_time_limit'] = 0;
    $post_data['poll_length'] = 0;
    $post_data['poll_start'] = 0;
    $post_data['icon_id'] = 0;
    $post_data['poll_options'] = array();
    include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
    $message_parser = new parse_message();
    // Set some default variables
    $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
    foreach ($uninit as $var_name => $default_value) {
        if (!isset($post_data[$var_name])) {
            $post_data[$var_name] = $default_value;
        }
    }
    unset($uninit);
    if ($config['allow_topic_notify'] && $user->data['is_registered']) {
        $notify = $user->data['user_notify'] ? true : false;
    } else {
        $notify = false;
    }
    // Always check if the submitted attachment data is valid and belongs to the user.
    // Further down (especially in submit_post()) we do not check this again.
    $message_parser->get_submitted_attachment_data($post_data['poster_id']);
    $post_data['username'] = '';
    $post_data['enable_urls'] = $post_data['enable_magic_url'];
    $post_data['enable_sig'] = $config['allow_sig'] && $user->optionget('attachsig') ? true : false;
    $post_data['enable_smilies'] = $config['allow_smilies'] && $user->optionget('smilies') ? true : false;
    $post_data['enable_bbcode'] = $config['allow_bbcode'] && $user->optionget('bbcode') ? true : false;
    $post_data['enable_urls'] = true;
    $post_data['enable_magic_url'] = $post_data['drafts'] = false;
    $check_value = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1);
    // HTML, BBCode, Smilies, Images and Flash status
    $bbcode_status = $config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id) ? true : false;
    $smilies_status = $bbcode_status && $config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id) ? true : false;
    $img_status = $bbcode_status && $auth->acl_get('f_img', $forum_id) ? true : false;
    $url_status = $config['allow_post_links'] ? true : false;
    $flash_status = $bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash'] ? true : false;
    $quote_status = $auth->acl_get('f_reply', $forum_id) ? true : false;
    $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0);
    $post_data['post_subject'] = utf8_normalize_nfc($subject);
    $message_parser->message = utf8_normalize_nfc(htmlspecialchars($text_body));
    $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true));
    $post_data['post_edit_reason'] = '';
    $post_data['orig_topic_type'] = $post_data['topic_type'];
    $post_data['topic_type'] = request_var('topic_type', POST_NORMAL);
    $post_data['topic_time_limit'] = request_var('topic_time_limit', 0);
    $post_data['icon_id'] = request_var('icon', 0);
    $post_data['enable_bbcode'] = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true;
    $post_data['enable_smilies'] = !$smilies_status || isset($_POST['disable_smilies']) ? false : true;
    $post_data['enable_urls'] = isset($_POST['disable_magic_url']) ? 0 : 1;
    $post_data['enable_sig'] = !$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig') ? false : ($user->data['is_registered'] ? true : false);
    $topic_lock = isset($_POST['lock_topic']) ? true : false;
    $post_lock = isset($_POST['lock_post']) ? true : false;
    $poll_delete = isset($_POST['poll_delete']) ? true : false;
    $status_switch = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1);
    $status_switch = $status_switch != $check_value;
    $post_data['poll_title'] = utf8_normalize_nfc(request_var('poll_title', '', true));
    $post_data['poll_length'] = request_var('poll_length', 0);
    $post_data['poll_option_text'] = utf8_normalize_nfc(request_var('poll_option_text', '', true));
    $post_data['poll_max_options'] = request_var('poll_max_options', 1);
    $post_data['poll_vote_change'] = $auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change']) ? 1 : 0;
    // Parse Attachments - before checksum is calculated
    $message_parser->parse_attachments('fileupload', 'post', $forum_id, true, false, false);
    // Grab md5 'checksum' of new message
    $message_md5 = md5($message_parser->message);
    if (sizeof($message_parser->warn_msg)) {
        trigger_error(join("\n", $message_parser->warn_msg));
    }
    $message_parser->parse($post_data['enable_bbcode'], $config['allow_post_links'] ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
    if ($config['flood_interval'] && !$auth->acl_get('f_ignoreflood', $forum_id)) {
        // Flood check
        $last_post_time = 0;
        if ($user->data['is_registered']) {
            $last_post_time = $user->data['user_lastpost_time'];
        } else {
            $sql = 'SELECT post_time AS last_post_time
                FROM ' . POSTS_TABLE . "\r\r\n                WHERE poster_ip = '" . $user->ip . "'\r\r\n                    AND post_time > " . ($current_time - $config['flood_interval']);
            $result = $db->sql_query_limit($sql, 1);
            if ($row = $db->sql_fetchrow($result)) {
                $last_post_time = $row['last_post_time'];
            }
            $db->sql_freeresult($result);
        }
        if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) {
            trigger_error('FLOOD_ERROR');
        }
    }
    // Validate username
    if ($post_data['username'] && !$user->data['is_registered']) {
        include $phpbb_root_path . 'includes/functions_user.' . $phpEx;
        if (($result = validate_username($post_data['username'], !empty($post_data['post_username']) ? $post_data['post_username'] : '')) !== false) {
            $user->add_lang('ucp');
            trigger_error($result . '_USERNAME');
        }
    }
    if (sizeof($message_parser->warn_msg)) {
        trigger_error(join("\n", $message_parser->warn_msg));
    }
    // DNSBL check
    if ($config['check_dnsbl'] && $mobiquo_config['check_dnsbl']) {
        if (($dnsbl = $user->check_dnsbl('post')) !== false) {
            trigger_error(sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]));
        }
    }
    // Store message, sync counters
    $data = array('topic_title' => empty($post_data['topic_title']) ? $post_data['post_subject'] : $post_data['topic_title'], 'topic_first_post_id' => isset($post_data['topic_first_post_id']) ? (int) $post_data['topic_first_post_id'] : 0, 'topic_last_post_id' => isset($post_data['topic_last_post_id']) ? (int) $post_data['topic_last_post_id'] : 0, 'topic_time_limit' => (int) $post_data['topic_time_limit'], 'topic_attachment' => isset($post_data['topic_attachment']) ? (int) $post_data['topic_attachment'] : 0, 'post_id' => 0, 'topic_id' => 0, 'forum_id' => (int) $forum_id, 'icon_id' => (int) $post_data['icon_id'], 'poster_id' => (int) $post_data['poster_id'], 'enable_sig' => (bool) $post_data['enable_sig'], 'enable_bbcode' => (bool) $post_data['enable_bbcode'], 'enable_smilies' => (bool) $post_data['enable_smilies'], 'enable_urls' => (bool) $post_data['enable_urls'], 'enable_indexing' => (bool) $post_data['enable_indexing'], 'message_md5' => (string) $message_md5, 'post_time' => isset($post_data['post_time']) ? (int) $post_data['post_time'] : $current_time, 'post_checksum' => isset($post_data['post_checksum']) ? (string) $post_data['post_checksum'] : '', 'post_edit_reason' => $post_data['post_edit_reason'], 'post_edit_user' => isset($post_data['post_edit_user']) ? (int) $post_data['post_edit_user'] : 0, 'forum_parents' => $post_data['forum_parents'], 'forum_name' => $post_data['forum_name'], 'notify' => $notify, 'notify_set' => $post_data['notify_set'], 'poster_ip' => isset($post_data['poster_ip']) ? $post_data['poster_ip'] : $user->ip, 'post_edit_locked' => (int) $post_data['post_edit_locked'], 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'attachment_data' => $message_parser->attachment_data, 'filename_data' => $message_parser->filename_data, 'topic_approved' => isset($post_data['topic_approved']) ? $post_data['topic_approved'] : false, 'post_approved' => isset($post_data['post_approved']) ? $post_data['post_approved'] : false, 'post_expire_time' => -1, 'topic_status' => 0);
    $poll = array();
    include $phpbb_root_path . 'includes/functions_posting.' . $phpEx;
    $update_message = true;
    $cwd = getcwd();
    chdir('../');
    $phpbb_root_path_tmp = $phpbb_root_path;
    $phpbb_root_path = './';
    $redirect_url = submit_post('post', $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message);
    chdir($cwd);
    $phpbb_root_path = $phpbb_root_path_tmp;
    // Check the permissions for post approval, as well as the queue trigger where users are put on approval with a post count lower than specified. Moderators are not affected.
    $approved = true;
    if (($config['enable_queue_trigger'] && $user->data['user_posts'] < $config['queue_trigger_posts'] || !$auth->acl_get('f_noapprove', $data['forum_id'])) && !$auth->acl_get('m_approve', $data['forum_id'])) {
        $approved = false;
    }
    $posted_success = false;
    $topic_id = '';
    if ($redirect_url) {
        preg_match('/&amp;t=(\\d+)/', $redirect_url, $matches);
        $topic_id = $matches[1];
        $posted_success = true;
    }
    $xmlrpc_create_topic = new xmlrpcval(array('result' => new xmlrpcval($posted_success, 'boolean'), 'topic_id' => new xmlrpcval($topic_id), 'state' => new xmlrpcval($approved ? 0 : 1, 'int')), 'struct');
    return new xmlrpcresp($xmlrpc_create_topic);
}
Exemplo n.º 17
0
function get_raw_post_func($xmlrpc_params)
{
    global $db, $auth, $user, $config, $template, $cache, $phpEx, $phpbb_root_path, $phpbb_home;
    $user->setup('posting');
    include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
    $params = php_xmlrpc_decode($xmlrpc_params);
    // get post id from parameters
    $post_id = intval($params[0]);
    $post_data = array();
    $sql = 'SELECT p.*, t.*, f.*
            FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f\n            WHERE p.post_id = {$post_id}\n            AND t.topic_id = p.topic_id\n            AND (f.forum_id = t.forum_id OR (t.topic_type = " . POST_GLOBAL . ' AND f.forum_type = ' . FORUM_POST . '))';
    $result = $db->sql_query_limit($sql, 1);
    $post_data = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if (!$post_data) {
        trigger_error('NO_POST');
    }
    // Use post_row values in favor of submitted ones...
    $forum_id = (int) $post_data['forum_id'];
    $topic_id = (int) $post_data['topic_id'];
    $post_id = (int) $post_id;
    // Need to login to passworded forum first?
    if ($post_data['forum_password'] && !check_forum_password($forum_id)) {
        trigger_error('LOGIN_FORUM');
    }
    // Is the user able to read within this forum?
    if (!$auth->acl_get('f_read', $forum_id)) {
        trigger_error('USER_CANNOT_READ');
    }
    // Permission to do the action asked?
    if (!($user->data['is_registered'] && $auth->acl_gets('f_edit', 'm_edit', $forum_id))) {
        trigger_error('USER_CANNOT_EDIT');
    }
    // Forum/Topic locked?
    if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) {
        trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
    }
    // Can we edit this post ... if we're a moderator with rights then always yes
    // else it depends on editing times, lock status and if we're the correct user
    if (!$auth->acl_get('m_edit', $forum_id)) {
        if ($user->data['user_id'] != $post_data['poster_id']) {
            trigger_error('USER_CANNOT_EDIT');
        }
        if (!($post_data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time'])) {
            trigger_error('CANNOT_EDIT_TIME');
        }
        if ($post_data['post_edit_locked']) {
            trigger_error('CANNOT_EDIT_POST_LOCKED');
        }
    }
    $message_parser = new parse_message();
    if (isset($post_data['post_text'])) {
        $message_parser->message =& $post_data['post_text'];
        unset($post_data['post_text']);
    }
    // Do we want to edit our post ?
    if ($post_data['bbcode_uid']) {
        $message_parser->bbcode_uid = $post_data['bbcode_uid'];
    }
    // Decode text for message display
    $message_parser->decode_message($post_data['bbcode_uid']);
    $post_data['post_text'] = $message_parser->message;
    return new xmlrpcresp(new xmlrpcval(array('post_id' => new xmlrpcval($post_id), 'post_title' => new xmlrpcval(html_entity_decode(strip_tags($post_data['post_subject'])), 'base64'), 'post_content' => new xmlrpcval(html_entity_decode($post_data['post_text']), 'base64')), 'struct'));
}
Exemplo n.º 18
0
function reply_post_func($xmlrpc_params)
{
    global $db, $auth, $user, $config, $phpbb_root_path, $phpEx, $mobiquo_config, $phpbb_home;
    require_once 'include/emoji.php';
    $user->setup('posting');
    if (!$user->data['is_registered']) {
        trigger_error('LOGIN_EXPLAIN_POST');
    }
    $params = php_xmlrpc_decode($xmlrpc_params);
    // get parameters
    $forum_id = isset($params[0]) ? intval($params[0]) : '';
    $topic_id = isset($params[1]) ? intval($params[1]) : '';
    $subject = isset($params[2]) ? $params[2] : '';
    $text_body = isset($params[3]) ? $params[3] : '';
    $text_body = emoji_unified_to_names($text_body);
    $attach_list = isset($params[4]) ? $params[4] : array();
    $_POST['attachment_data'] = isset($params[5]) && $params[5] ? unserialize(base64_decode($params[5])) : array();
    $GLOBALS['return_html'] = isset($params[6]) ? $params[6] : false;
    if (!$topic_id) {
        trigger_error('NO_TOPIC');
    }
    if (utf8_clean_string($text_body) === '') {
        trigger_error('TOO_FEW_CHARS');
    }
    $post_data = array();
    $current_time = time();
    // get topic data
    $sql = 'SELECT *
            FROM ' . TOPICS_TABLE . '
            WHERE topic_id = ' . $topic_id;
    $result = $db->sql_query($sql);
    $post_data = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    // get forum data
    $sql = 'SELECT *
            FROM ' . FORUMS_TABLE . "\n            WHERE forum_type = " . FORUM_POST . ($post_data['forum_id'] ? "\n            AND forum_id = '{$post_data['forum_id']}' " : '');
    $result = $db->sql_query_limit($sql, 1);
    $forum_data = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    $post_data = array_merge($post_data, $forum_data);
    if (!$post_data) {
        trigger_error('NO_TOPIC');
    }
    // Use post_row values in favor of submitted ones...
    $forum_id = !empty($post_data['forum_id']) ? (int) $post_data['forum_id'] : (int) $forum_id;
    $topic_id = !empty($post_data['topic_id']) ? (int) $post_data['topic_id'] : (int) $topic_id;
    // Need to login to passworded forum first?
    if ($post_data['forum_password'] && !check_forum_password($forum_id)) {
        trigger_error('LOGIN_FORUM');
    }
    // Check permissions
    if ($user->data['is_bot']) {
        trigger_error('NOT_AUTHORISED');
    }
    // Is the user able to read within this forum?
    if (!$auth->acl_get('f_read', $forum_id)) {
        if ($user->data['user_id'] != ANONYMOUS) {
            trigger_error('USER_CANNOT_READ');
        }
        trigger_error('LOGIN_EXPLAIN_POST');
    }
    // Permission to do the reply
    if (!$auth->acl_get('f_reply', $forum_id)) {
        if ($user->data['user_id'] != ANONYMOUS) {
            trigger_error('USER_CANNOT_REPLY');
        }
        trigger_error('LOGIN_EXPLAIN_POST');
    }
    // Is the user able to post within this forum?
    if ($post_data['forum_type'] != FORUM_POST) {
        trigger_error('USER_CANNOT_FORUM_POST');
    }
    // Forum/Topic locked?
    if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) {
        trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
    }
    $subject = (strpos($subject, 'Re: ') !== 0 ? 'Re: ' : '') . ($subject ? $subject : censor_text($post_data['topic_title']));
    $post_data['post_edit_locked'] = isset($post_data['post_edit_locked']) ? (int) $post_data['post_edit_locked'] : 0;
    $post_data['post_subject'] = isset($post_data['topic_title']) ? $post_data['topic_title'] : '';
    $post_data['topic_time_limit'] = isset($post_data['topic_time_limit']) ? $post_data['topic_time_limit'] ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit'] : 0;
    $post_data['poll_length'] = !empty($post_data['poll_length']) ? (int) $post_data['poll_length'] / 86400 : 0;
    $post_data['poll_start'] = !empty($post_data['poll_start']) ? (int) $post_data['poll_start'] : 0;
    $post_data['icon_id'] = 0;
    $post_data['poll_options'] = array();
    // Get Poll Data
    if ($post_data['poll_start']) {
        $sql = 'SELECT poll_option_text
            FROM ' . POLL_OPTIONS_TABLE . "\n            WHERE topic_id = {$topic_id}\n            ORDER BY poll_option_id";
        $result = $db->sql_query($sql);
        while ($row = $db->sql_fetchrow($result)) {
            $post_data['poll_options'][] = trim($row['poll_option_text']);
        }
        $db->sql_freeresult($result);
    }
    $orig_poll_options_size = sizeof($post_data['poll_options']);
    include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
    $message_parser = new parse_message();
    // Set some default variables
    $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
    foreach ($uninit as $var_name => $default_value) {
        if (!isset($post_data[$var_name])) {
            $post_data[$var_name] = $default_value;
        }
    }
    unset($uninit);
    // Always check if the submitted attachment data is valid and belongs to the user.
    // Further down (especially in submit_post()) we do not check this again.
    $message_parser->get_submitted_attachment_data($post_data['poster_id']);
    $post_data['username'] = '';
    $post_data['enable_urls'] = $post_data['enable_magic_url'];
    $post_data['enable_sig'] = $config['allow_sig'] && $user->optionget('attachsig') ? true : false;
    $post_data['enable_smilies'] = $config['allow_smilies'] && $user->optionget('smilies') ? true : false;
    $post_data['enable_bbcode'] = $config['allow_bbcode'] && $user->optionget('bbcode') ? true : false;
    $post_data['enable_urls'] = true;
    $post_data['enable_magic_url'] = $post_data['drafts'] = false;
    $check_value = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1);
    // Check if user is watching this topic
    if ($config['allow_topic_notify'] && $user->data['is_registered']) {
        $sql = 'SELECT topic_id
                FROM ' . TOPICS_WATCH_TABLE . '
                WHERE topic_id = ' . $topic_id . '
                AND user_id = ' . $user->data['user_id'];
        $result = $db->sql_query($sql);
        $post_data['notify_set'] = (int) $db->sql_fetchfield('topic_id');
        $db->sql_freeresult($result);
    }
    // HTML, BBCode, Smilies, Images and Flash status
    $bbcode_status = $config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_id) ? true : false;
    $smilies_status = $bbcode_status && $config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id) ? true : false;
    $img_status = $bbcode_status && $auth->acl_get('f_img', $forum_id) ? true : false;
    $url_status = $config['allow_post_links'] ? true : false;
    $flash_status = $bbcode_status && $auth->acl_get('f_flash', $forum_id) && $config['allow_post_flash'] ? true : false;
    $quote_status = $auth->acl_get('f_reply', $forum_id) ? true : false;
    $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0);
    $post_data['post_subject'] = utf8_normalize_nfc($subject);
    $message_parser->message = utf8_normalize_nfc(htmlspecialchars($text_body));
    $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true));
    $post_data['post_edit_reason'] = '';
    $post_data['orig_topic_type'] = $post_data['topic_type'];
    $post_data['topic_type'] = request_var('topic_type', (int) $post_data['topic_type']);
    $post_data['topic_time_limit'] = request_var('topic_time_limit', (int) $post_data['topic_time_limit']);
    $post_data['icon_id'] = request_var('icon', 0);
    $post_data['enable_bbcode'] = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true;
    $post_data['enable_smilies'] = !$smilies_status || isset($_POST['disable_smilies']) ? false : true;
    $post_data['enable_urls'] = isset($_POST['disable_magic_url']) ? 0 : 1;
    $post_data['enable_sig'] = !$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig') ? false : ($user->data['is_registered'] ? true : false);
    if ($config['allow_topic_notify'] && $user->data['is_registered']) {
        $notify = !$post_data['notify_set'] ? $user->data['user_notify'] : $post_data['notify_set'] ? true : false;
    } else {
        $notify = false;
    }
    $post_data['poll_title'] = utf8_normalize_nfc(request_var('poll_title', '', true));
    $post_data['poll_length'] = request_var('poll_length', 0);
    $post_data['poll_option_text'] = utf8_normalize_nfc(request_var('poll_option_text', '', true));
    $post_data['poll_max_options'] = request_var('poll_max_options', 1);
    $post_data['poll_vote_change'] = $auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change']) ? 1 : 0;
    // Parse Attachments - before checksum is calculated
    $message_parser->parse_attachments('fileupload', 'reply', $forum_id, true, false, false);
    // Grab md5 'checksum' of new message
    $message_md5 = md5($message_parser->message);
    // Check checksum ... don't re-parse message if the same
    if (sizeof($message_parser->warn_msg)) {
        trigger_error(join("\n", $message_parser->warn_msg));
    }
    $message_parser->parse($post_data['enable_bbcode'], $config['allow_post_links'] ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
    if ($config['flood_interval'] && !$auth->acl_get('f_ignoreflood', $forum_id)) {
        // Flood check
        $last_post_time = 0;
        if ($user->data['is_registered']) {
            $last_post_time = $user->data['user_lastpost_time'];
        } else {
            $sql = 'SELECT post_time AS last_post_time
                FROM ' . POSTS_TABLE . "\n                WHERE poster_ip = '" . $user->ip . "'\n                    AND post_time > " . ($current_time - $config['flood_interval']);
            $result = $db->sql_query_limit($sql, 1);
            if ($row = $db->sql_fetchrow($result)) {
                $last_post_time = $row['last_post_time'];
            }
            $db->sql_freeresult($result);
        }
        if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) {
            trigger_error('FLOOD_ERROR');
        }
    }
    // Validate username
    if ($post_data['username'] && !$user->data['is_registered']) {
        include $phpbb_root_path . 'includes/functions_user.' . $phpEx;
        if (($result = validate_username($post_data['username'], !empty($post_data['post_username']) ? $post_data['post_username'] : '')) !== false) {
            $user->add_lang('ucp');
            trigger_error($result . '_USERNAME');
        }
    }
    $post_data['poll_last_vote'] = isset($post_data['poll_last_vote']) ? $post_data['poll_last_vote'] : 0;
    $poll = array();
    //    if (sizeof($message_parser->warn_msg))
    //    {
    //        return get_error();
    //    }
    // DNSBL check
    if ($config['check_dnsbl'] && $mobiquo_config['check_dnsbl']) {
        if (($dnsbl = $user->check_dnsbl('post')) !== false) {
            trigger_error(sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]));
        }
    }
    // Store message, sync counters
    $data = array('topic_title' => empty($post_data['topic_title']) ? $post_data['post_subject'] : $post_data['topic_title'], 'topic_first_post_id' => isset($post_data['topic_first_post_id']) ? (int) $post_data['topic_first_post_id'] : 0, 'topic_last_post_id' => isset($post_data['topic_last_post_id']) ? (int) $post_data['topic_last_post_id'] : 0, 'topic_time_limit' => (int) $post_data['topic_time_limit'], 'topic_attachment' => isset($post_data['topic_attachment']) ? (int) $post_data['topic_attachment'] : 0, 'post_id' => 0, 'topic_id' => (int) $topic_id, 'forum_id' => (int) $forum_id, 'icon_id' => (int) $post_data['icon_id'], 'poster_id' => (int) $post_data['poster_id'], 'enable_sig' => (bool) $post_data['enable_sig'], 'enable_bbcode' => (bool) $post_data['enable_bbcode'], 'enable_smilies' => (bool) $post_data['enable_smilies'], 'enable_urls' => (bool) $post_data['enable_urls'], 'enable_indexing' => (bool) $post_data['enable_indexing'], 'message_md5' => (string) $message_md5, 'post_time' => isset($post_data['post_time']) ? (int) $post_data['post_time'] : $current_time, 'post_checksum' => isset($post_data['post_checksum']) ? (string) $post_data['post_checksum'] : '', 'post_edit_reason' => $post_data['post_edit_reason'], 'post_edit_user' => isset($post_data['post_edit_user']) ? (int) $post_data['post_edit_user'] : 0, 'forum_parents' => $post_data['forum_parents'], 'forum_name' => $post_data['forum_name'], 'notify' => $notify, 'notify_set' => $post_data['notify_set'], 'poster_ip' => isset($post_data['poster_ip']) ? $post_data['poster_ip'] : $user->ip, 'post_edit_locked' => (int) $post_data['post_edit_locked'], 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'attachment_data' => $message_parser->attachment_data, 'filename_data' => $message_parser->filename_data, 'topic_approved' => isset($post_data['topic_approved']) ? $post_data['topic_approved'] : false, 'post_approved' => isset($post_data['post_approved']) ? $post_data['post_approved'] : false, 'post_expire_time' => -1);
    include $phpbb_root_path . 'includes/functions_posting.' . $phpEx;
    $update_message = true;
    $cwd = getcwd();
    chdir('../');
    $phpbb_root_path_tmp = $phpbb_root_path;
    $phpbb_root_path = './';
    $redirect_url = submit_post('reply', $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message);
    chdir($cwd);
    $phpbb_root_path = $phpbb_root_path_tmp;
    // Check the permissions for post approval, as well as the queue trigger where users are put on approval with a post count lower than specified. Moderators are not affected.
    $approved = true;
    if (($config['enable_queue_trigger'] && $user->data['user_posts'] < $config['queue_trigger_posts'] || !$auth->acl_get('f_noapprove', $data['forum_id'])) && !$auth->acl_get('m_approve', $data['forum_id'])) {
        $approved = false;
    }
    $reply_success = false;
    $post_id = '';
    if ($redirect_url) {
        preg_match('/&amp;p=(\\d+)/', $redirect_url, $matches);
        $post_id = $matches[1];
        $reply_success = true;
        // get new post_content
        $message = censor_text($data['message']);
        $quote_wrote_string = $user->lang['WROTE'];
        $message = str_replace('[/quote:' . $data['bbcode_uid'] . ']', '[/quote]', $message);
        $message = preg_replace('/\\[quote(?:=&quot;(.*?)&quot;)?:' . $data['bbcode_uid'] . '\\]/ise', "'[quote]' . ('\$1' ? '\$1' . ' {$quote_wrote_string}:\n' : '\n')", $message);
        $blocks = preg_split('/(\\[\\/?quote\\])/i', $message, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
        $quote_level = 0;
        $message = '';
        foreach ($blocks as $block) {
            if ($block == '[quote]') {
                if ($quote_level == 0) {
                    $message .= $block;
                }
                $quote_level++;
            } else {
                if ($block == '[/quote]') {
                    if ($quote_level <= 1) {
                        $message .= $block;
                    }
                    if ($quote_level >= 1) {
                        $quote_level--;
                    }
                } else {
                    if ($quote_level <= 1) {
                        $message .= $block;
                    }
                }
            }
        }
        $message = preg_replace('/\\[(youtube|video|googlevideo|gvideo):' . $data['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $data['bbcode_uid'] . '\\]/sie', "video_bbcode_format('\$1', '\$2')", $message);
        $message = preg_replace('/\\[(BBvideo)[\\d, ]+:' . $row['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $row['bbcode_uid'] . '\\]/si', "[url=\$2]YouTube Video[/url]", $message);
        $message = preg_replace('/\\[(spoil|spoiler):' . $row['bbcode_uid'] . '\\](.*?)\\[\\/\\1:' . $row['bbcode_uid'] . '\\]/si', "[spoiler]\$2[/spoiler]", $message);
        $message = preg_replace('/\\[b:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/b:' . $data['bbcode_uid'] . '\\]/si', '[b]$1[/b]', $message);
        $message = preg_replace('/\\[i:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/i:' . $data['bbcode_uid'] . '\\]/si', '[i]$1[/i]', $message);
        $message = preg_replace('/\\[u:' . $data['bbcode_uid'] . '\\](.*?)\\[\\/u:' . $data['bbcode_uid'] . '\\]/si', '[u]$1[/u]', $message);
        $message = preg_replace('/\\[color=#(\\w{6}):' . $data['bbcode_uid'] . '\\](.*?)\\[\\/color:' . $data['bbcode_uid'] . '\\]/si', '[color=#$1]$2[/color]', $message);
        // Second parse bbcode here
        if ($data['bbcode_bitfield']) {
            $bbcode = new bbcode(base64_encode($data['bbcode_bitfield']));
            $bbcode->bbcode_second_pass($message, $data['bbcode_uid'], $data['bbcode_bitfield']);
        }
        $message = bbcode_nl2br($message);
        $message = smiley_text($message);
        if (!empty($data['attachment_data'])) {
            parse_attachments($forum_id, $message, $data['attachment_data'], $update_count);
        }
        $updated_post_title = html_entity_decode(strip_tags(censor_text($data['topic_title'])), ENT_QUOTES, 'UTF-8');
        $edit_allowed = $auth->acl_get('m_edit', $forum_id) || $auth->acl_get('f_edit', $forum_id) && !$data['post_edit_locked'] && ($data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time']);
        $delete_allowed = $auth->acl_get('m_delete', $forum_id) || $auth->acl_get('f_delete', $forum_id) && ($data['post_time'] > time() - $config['delete_time'] * 60 || !$config['delete_time']) && !$data['post_edit_locked'];
        $attachments = array();
        if (sizeof($attach_list) && sizeof($data['attachment_data'])) {
            $sql = 'SELECT *
                FROM ' . ATTACHMENTS_TABLE . '
                WHERE ' . $db->sql_in_set('attach_id', $attach_list) . '
                    AND in_message = 0
                ORDER BY filetime DESC';
            $result = $db->sql_query($sql);
            while ($row = $db->sql_fetchrow($result)) {
                $attachment_by_id[$row['attach_id']] = $row;
            }
            $db->sql_freeresult($result);
            foreach ($data['attachment_data'] as $attachment) {
                if (preg_match('/<img src=\\".*?(\\/download\\/file.php\\?id=(\\d+).*?)\\"/is', $attachment, $matches)) {
                    $file_url = html_entity_decode($phpbb_home . $matches[1]);
                    $attach_id = $matches[2];
                    unset($matches);
                    $xmlrpc_attachment = new xmlrpcval(array('filename' => new xmlrpcval($attachment_by_id[$attach_id]['real_filename'], 'base64'), 'filesize' => new xmlrpcval($attachment_by_id[$attach_id]['filesize'], 'int'), 'content_type' => new xmlrpcval('image'), 'thumbnail_url' => new xmlrpcval(''), 'url' => new xmlrpcval($file_url)), 'struct');
                    $attachments[] = $xmlrpc_attachment;
                }
            }
        }
    }
    $xmlrpc_reply_topic = new xmlrpcval(array('result' => new xmlrpcval($reply_success, 'boolean'), 'post_id' => new xmlrpcval($post_id, 'string'), 'state' => new xmlrpcval($approved ? 0 : 1, 'int'), 'post_title' => new xmlrpcval($updated_post_title, 'base64'), 'post_content' => new xmlrpcval(post_html_clean($message), 'base64'), 'post_author_name' => new xmlrpcval(html_entity_decode($user->data['username']), 'base64'), 'is_online' => new xmlrpcval(true, 'boolean'), 'can_edit' => new xmlrpcval($edit_allowed, 'boolean'), 'icon_url' => new xmlrpcval($user->optionget('viewavatars') ? get_user_avatar_url($user->data['user_avatar'], $user->data['user_avatar_type']) : ''), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($current_time), 'dateTime.iso8601'), 'can_delete' => new xmlrpcval($delete_allowed, 'boolean'), 'allow_smilies' => new xmlrpcval($data['enable_smilies'] ? true : false, 'boolean'), 'attachments' => new xmlrpcval($attachments, 'array')), 'struct');
    return new xmlrpcresp($xmlrpc_reply_topic);
}
Exemplo n.º 19
0
$post = get_post($mybb->input['pid']);
if (!$post['pid']) {
    $error = $lang->error_invalidpost;
    eval("\$report_error = \"" . $templates->get("report_error") . "\";");
    output_page($report_error);
    exit;
}
$forum = get_forum($post['fid']);
if (!$forum) {
    $error = $lang->error_invalidforum;
    eval("\$report_error = \"" . $templates->get("report_error") . "\";");
    output_page($report_error);
    exit;
}
// Password protected forums ......... yhummmmy!
check_forum_password($forum['parentlist']);
$thread = get_thread($post['tid']);
if ($mybb->input['action'] == "report") {
    $plugins->run_hooks("report_start");
    $pid = $mybb->input['pid'];
    eval("\$report = \"" . $templates->get("report") . "\";");
    $plugins->run_hooks("report_end");
    output_page($report);
} elseif ($mybb->input['action'] == "do_report" && $mybb->request_method == "post") {
    // Verify incoming POST request
    verify_post_check($mybb->input['my_post_key']);
    $plugins->run_hooks("report_do_report_start");
    if (!trim($mybb->input['reason'])) {
        eval("\$report = \"" . $templates->get("report_noreason") . "\";");
        output_page($report);
        exit;
$forumpermissions = forum_permissions($thread['fid']);
// Does the user have permission to view this thread?
if ($forumpermissions['canview'] != 1 || $forumpermissions['canviewthreads'] != 1) {
    error_no_permission();
}
if (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) {
    error_no_permission();
}
$archive_url = build_archive_link("thread", $tid);
// Does the thread belong to a valid forum?
$forum = get_forum($fid);
if (!$forum || $forum['type'] != "f") {
    error($lang->error_invalidforum);
}
// Check if this forum is password protected and we have a valid password
check_forum_password($forum['fid']);
// If there is no specific action, we must be looking at the thread.
if (empty($mybb->input['action'])) {
    $mybb->input['action'] = "thread";
}
// Jump to the unread posts.
if ($mybb->input['action'] == "newpost") {
    // First, figure out what time the thread or forum were last read
    $query = $db->simple_select("threadsread", "dateline", "uid='{$mybb->user['uid']}' AND tid='{$thread['tid']}'");
    $thread_read = $db->fetch_field($query, "dateline");
    if ($mybb->settings['threadreadcut'] > 0 && $mybb->user['uid']) {
        $query = $db->simple_select("forumsread", "dateline", "fid='{$fid}' AND uid='{$mybb->user['uid']}'");
        $forum_read = $db->fetch_field($query, "dateline");
        $read_cutoff = TIME_NOW - $mybb->settings['threadreadcut'] * 60 * 60 * 24;
        if ($forum_read == 0 || $forum_read < $read_cutoff) {
            $forum_read = $read_cutoff;
Exemplo n.º 21
0
function get_quote_post_func($xmlrpc_params)
{
    global $db, $auth, $user, $phpEx, $phpbb_root_path;
    $user->setup('posting');
    include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
    $params = php_xmlrpc_decode($xmlrpc_params);
    $post_ids = explode('-', $params[0]);
    $quote_messages = array();
    foreach ($post_ids as $post_id) {
        // get post id from parameters
        $post_id = intval($post_id);
        $post_data = array();
        // We need to know some basic information in all cases before we do anything.
        if (!$post_id) {
            trigger_error('NO_POST');
        }
        $sql = 'SELECT t.*, p.*, f.*, u.username
                FROM ' . POSTS_TABLE . ' p
                    LEFT JOIN ' . TOPICS_TABLE . ' t ON (p.topic_id = t.topic_id) 
                    LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id OR (t.topic_type = ' . POST_GLOBAL . ' AND f.forum_type = ' . FORUM_POST . '))
                    LEFT JOIN ' . USERS_TABLE . ' u ON (p.poster_id = u.user_id)' . "\r\r\n                WHERE p.post_id = {$post_id}";
        $result = $db->sql_query_limit($sql, 1);
        $post_data = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
        if (!$post_data) {
            trigger_error('NO_POST');
        }
        // Use post_row values in favor of submitted ones...
        $forum_id = (int) $post_data['forum_id'];
        $topic_id = (int) $post_data['topic_id'];
        $post_id = (int) $post_data['post_id'];
        // Need to login to passworded forum first?
        if ($post_data['forum_password'] && !check_forum_password($forum_id)) {
            trigger_error('LOGIN_FORUM');
        }
        // Is the user able to read within this forum?
        if (!$auth->acl_get('f_read', $forum_id)) {
            trigger_error('USER_CANNOT_READ');
        }
        if (!$auth->acl_get('f_reply', $forum_id)) {
            trigger_error('USER_CANNOT_REPLY');
        }
        // Is the user able to post within this forum?
        if ($post_data['forum_type'] != FORUM_POST) {
            trigger_error('USER_CANNOT_FORUM_POST');
        }
        // Forum/Topic locked?
        if (($post_data['forum_status'] == ITEM_LOCKED || isset($post_data['topic_status']) && $post_data['topic_status'] == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) {
            trigger_error($post_data['forum_status'] == ITEM_LOCKED ? 'FORUM_LOCKED' : 'TOPIC_LOCKED');
        }
        // Determine some vars
        if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS) {
            $post_data['quote_username'] = !empty($post_data['post_username']) ? $post_data['post_username'] : $user->lang['GUEST'];
        } else {
            $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : '';
        }
        $message_parser = new parse_message();
        if (isset($post_data['post_text'])) {
            $message_parser->message = $post_data['post_text'];
            $message_parser->decode_message($post_data['bbcode_uid']);
            $message_parser->message = '[quote=&quot;' . $post_data['quote_username'] . '&quot;]' . censor_text(trim($message_parser->message)) . "[/quote]";
            //$post_data['post_subject'] = ((strpos($post_data['post_subject'], 'Re: ') !== 0) ? 'Re: ' : '') . censor_text($post_data['post_subject']);
            $quote_messages[] = $message_parser->message;
        }
    }
    return new xmlrpcresp(new xmlrpcval(array('post_id' => new xmlrpcval($params[0]), 'post_title' => new xmlrpcval('', 'base64'), 'post_content' => new xmlrpcval(html_entity_decode(implode("\n", $quote_messages)), 'base64')), 'struct'));
}