function login_func() { global $context, $user_info, $modSettings, $user_profile, $settings, $scripturl, $modSettings, $smcFunc; $user_info['permissions'] = array(); loadPermissions(); $pm_read = !$user_info['is_guest'] && allowedTo('pm_read'); $pm_send = !$user_info['is_guest'] && allowedTo('pm_send'); $login_status = $context['user']['is_guest'] || isset($context['disable_login_hashing']) && $context['disable_login_hashing'] ? false : true; $result_text = !$login_status && isset($context['login_errors'][0]) ? $context['login_errors'][0] . ' ' . (isset($context['login_errors'][1]) ? basic_clean($context['login_errors'][1]) : '') : ''; $usergroup_id = array(); foreach ($user_info['groups'] as $group_id) { $usergroup_id[] = new xmlrpcval($group_id); } if (!$modSettings['attachmentSizeLimit']) { $modSettings['attachmentSizeLimit'] = 5120; } if (!$modSettings['attachmentNumPerPostLimit']) { $modSettings['attachmentNumPerPostLimit'] = 10; } loadMemberData($user_info['id'], false, 'profile'); $profile = $user_profile[$user_info['id']]; if (!empty($settings['show_user_images']) && empty($profile['options']['show_no_avatars'])) { $avatar = $profile['avatar'] == '' ? $profile['id_attach'] > 0 ? empty($profile['attachment_type']) ? $scripturl . '?action=dlattach;attach=' . $profile['id_attach'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $profile['filename'] : '' : (stristr($profile['avatar'], 'http://') ? $profile['avatar'] : $modSettings['avatar_url'] . '/' . $profile['avatar']); } else { $avatar = ''; } $user_type = 'normal'; if (is_numeric($profile['id_group'])) { if ($profile['id_group'] == 0) { $user_type = 'normal'; } elseif ($profile['id_group'] == 1) { $user_type = 'admin'; } elseif ($profile['id_group'] == 2 || $profile['id_group'] == 3) { $user_type = 'mod'; } } if (checkIfUserIsBanned($user_info['id'])) { $user_type = 'banned'; } $response = new xmlrpcval(array('result' => new xmlrpcval($login_status, 'boolean'), 'result_text' => new xmlrpcval($result_text, 'base64'), 'can_pm' => new xmlrpcval($pm_read, 'boolean'), 'can_send_pm' => new xmlrpcval($pm_send, 'boolean'), 'icon_url' => new xmlrpcval($avatar, 'string'), 'post_count' => new xmlrpcval($profile['posts'], 'int'), 'user_id' => new xmlrpcval($user_info['id'], 'string'), 'username' => new xmlrpcval(basic_clean($profile['real_name']), 'base64'), 'login_name' => new xmlrpcval(basic_clean($profile['member_name']), 'base64'), 'user_type' => new xmlrpcval($user_type, 'base64'), 'email' => new xmlrpcval($profile['email_address'], 'base64'), 'usergroup_id' => new xmlrpcval($usergroup_id, 'array'), 'ignored_uids' => new xmlrpcval($profile['pm_ignore_list'], 'string'), 'register' => new xmlrpcval(isset($_POST['emailActivate']) && $_POST['emailActivate'], 'boolean'), 'max_attachment' => new xmlrpcval($modSettings['attachmentNumPerPostLimit'], 'int'), 'max_png_size' => new xmlrpcval($modSettings['attachmentSizeLimit'] * 1024, 'int'), 'max_jpg_size' => new xmlrpcval($modSettings['attachmentSizeLimit'] * 1024, 'int'), 'max_avatar_width' => new xmlrpcval($modSettings['avatar_max_width_upload'] ? $modSettings['avatar_max_width_upload'] : 10000, 'int'), 'max_avatar_height' => new xmlrpcval($modSettings['avatar_max_height_upload'] ? $modSettings['avatar_max_height_upload'] : 10000, 'int'), 'can_moderate' => new xmlrpcval($user_info['mod_cache']['bq'] != '0=1' && allowedTo('access_mod_center'), 'boolean'), 'can_upload_avatar' => new xmlrpcval(allowedTo('profile_upload_avatar'), 'boolean'), 'can_search' => new xmlrpcval(allowedTo('search_posts'), 'boolean'), 'can_whosonline' => new xmlrpcval(allowedTo('who_view'), 'boolean'), 'post_countdown' => new xmlrpcval(allowedTo('moderate_board') ? 0 : $modSettings['spamWaitTime'], 'int')), 'struct'); return new xmlrpcresp($response); }
function loadBoard() { global $txt, $db_prefix, $scripturl, $context, $modSettings; global $board_info, $board, $topic, $ID_MEMBER, $user_info; // Assume they are not a moderator. $user_info['is_mod'] = false; $context['user']['is_mod'] =& $user_info['is_mod']; // Start the linktree off empty.. $context['linktree'] = array(); // Load this board only if the it is specified. if (empty($board) && empty($topic)) { $board_info = array('moderators' => array()); return; } if (!empty($modSettings['cache_enable']) && (empty($topic) || $modSettings['cache_enable'] == 3)) { // !!! SLOW? if (!empty($topic)) { $temp = cache_get_data('topic_board-' . $topic, 120); } else { $temp = cache_get_data('board-' . $board, 120); } if (!empty($temp)) { $board_info = $temp; $board = $board_info['id']; } } if (empty($temp)) { $request = db_query("\n\t\t\tSELECT\n\t\t\t\tc.ID_CAT, b.name AS bname, b.description, b.numTopics, b.memberGroups,\n\t\t\t\tb.ID_PARENT, c.name AS cname, IFNULL(mem.ID_MEMBER, 0) AS ID_MODERATOR,\n\t\t\t\tmem.realName" . (!empty($topic) ? ", b.ID_BOARD" : '') . ", b.childLevel,\n\t\t\t\tb.ID_THEME, b.override_theme, b.permission_mode, b.countPosts\n\t\t\tFROM ({$db_prefix}boards AS b" . (!empty($topic) ? ", {$db_prefix}topics AS t" : '') . ")\n\t\t\t\tLEFT JOIN {$db_prefix}categories AS c ON (c.ID_CAT = b.ID_CAT)\n\t\t\t\tLEFT JOIN {$db_prefix}moderators AS mods ON (mods.ID_BOARD = " . (empty($topic) ? $board : 't.ID_BOARD') . ")\n\t\t\t\tLEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER = mods.ID_MEMBER)\n\t\t\tWHERE b.ID_BOARD = " . (empty($topic) ? $board : "t.ID_BOARD\n\t\t\t\tAND t.ID_TOPIC = {$topic}"), __FILE__, __LINE__); // If there aren't any, skip. if (mysql_num_rows($request) > 0) { $row = mysql_fetch_assoc($request); // Set the current board. if (!empty($row['ID_BOARD'])) { $board = $row['ID_BOARD']; } // Basic operating information. (globals... :/) $board_info = array('id' => $board, 'moderators' => array(), 'cat' => array('id' => $row['ID_CAT'], 'name' => $row['cname']), 'name' => $row['bname'], 'description' => $row['description'], 'num_topics' => $row['numTopics'], 'parent_boards' => getBoardParents($row['ID_PARENT']), 'parent' => $row['ID_PARENT'], 'child_level' => $row['childLevel'], 'theme' => $row['ID_THEME'], 'override_theme' => !empty($row['override_theme']), 'use_local_permissions' => !empty($modSettings['permission_enable_by_board']) && $row['permission_mode'] == 1, 'permission_mode' => empty($modSettings['permission_enable_by_board']) ? empty($row['permission_mode']) ? 'normal' : ($row['permission_mode'] == 2 ? 'no_polls' : ($row['permission_mode'] == 3 ? 'reply_only' : 'read_only')) : 'normal', 'posts_count' => empty($row['countPosts'])); // Load the membergroups allowed, and check permissions. $board_info['groups'] = $row['memberGroups'] == '' ? array() : explode(',', $row['memberGroups']); do { if (!empty($row['ID_MODERATOR'])) { $board_info['moderators'][$row['ID_MODERATOR']] = array('id' => $row['ID_MODERATOR'], 'name' => $row['realName'], 'href' => $scripturl . '?action=profile;u=' . $row['ID_MODERATOR'], 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $row['ID_MODERATOR'] . '" title="' . $txt[62] . '">' . $row['realName'] . '</a>'); } } while ($row = mysql_fetch_assoc($request)); if (!empty($modSettings['cache_enable']) && (empty($topic) || $modSettings['cache_enable'] == 3)) { // !!! SLOW? if (!empty($topic)) { cache_put_data('topic_board-' . $topic, $board_info, 120); } cache_put_data('board-' . $board, $board_info, 120); } } else { // Otherwise the topic is invalid, there are no moderators, etc. $board_info = array('moderators' => array(), 'error' => 'exist'); $topic = null; $board = 0; } mysql_free_result($request); } if (!empty($topic)) { $_GET['board'] = (int) $board; } if (!empty($board)) { // Now check if the user is a moderator. $user_info['is_mod'] = isset($board_info['moderators'][$ID_MEMBER]); if (count(array_intersect($user_info['groups'], $board_info['groups'])) == 0 && !$user_info['is_admin']) { $board_info['error'] = 'access'; } // Build up the linktree. $context['linktree'] = array_merge($context['linktree'], array(array('url' => $scripturl . '#' . $board_info['cat']['id'], 'name' => $board_info['cat']['name'])), array_reverse($board_info['parent_boards']), array(array('url' => $scripturl . '?board=' . $board . '.0', 'name' => $board_info['name']))); } // Set the template contextual information. $context['user']['is_mod'] =& $user_info['is_mod']; $context['current_topic'] = $topic; $context['current_board'] = $board; // Hacker... you can't see this topic, I'll tell you that. (but moderators can!) if (!empty($board_info['error']) && ($board_info['error'] != 'access' || !$user_info['is_mod'])) { // The permissions and theme need loading, just to make sure everything goes smoothly. loadPermissions(); loadTheme(); $_GET['board'] = ''; $_GET['topic'] = ''; // If it's a prefetching agent, just make clear they're not allowed. if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch') { ob_end_clean(); header('HTTP/1.1 403 Forbidden'); die; } elseif ($user_info['is_guest']) { loadLanguage('Errors'); is_not_guest($txt['topic_gone']); } else { fatal_lang_error('topic_gone', false); } } if ($user_info['is_mod']) { $user_info['groups'][] = 3; } }
function loadBoard() { global $txt, $scripturl, $context, $modSettings; global $board_info, $board, $topic, $user_info, $db_show_debug; // Assume they are not a moderator. $user_info['is_mod'] = false; $context['user']['is_mod'] =& $user_info['is_mod']; // Start the linktree off empty.. $context['linktree'] = array(); // Have they by chance specified a message id but nothing else? if (empty($_REQUEST['action']) && empty($topic) && empty($board) && !empty($_REQUEST['msg'])) { // Make sure the message id is really an int. $_REQUEST['msg'] = (int) $_REQUEST['msg']; // Looking through the message table can be slow, so try using the cache first. if (($topic = CacheAPI::getCache('msg_topic-' . $_REQUEST['msg'], 120)) === NULL) { $request = smf_db_query(' SELECT id_topic FROM {db_prefix}messages WHERE id_msg = {int:id_msg} LIMIT 1', array('id_msg' => $_REQUEST['msg'])); // So did it find anything? if (mysql_num_rows($request)) { list($topic) = mysql_fetch_row($request); mysql_free_result($request); // Save save save. CacheAPI::putCache('msg_topic-' . $_REQUEST['msg'], $topic, 120); } } // Remember redirection is the key to avoiding fallout from your bosses. if (!empty($topic)) { if (isset($_REQUEST['perma'])) { redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg'] . ';perma' . (isset($_REQUEST['xml']) ? ';xml' : '')); } else { redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg'] . '#msg' . $_REQUEST['msg']); } } else { loadPermissions(); loadTheme(); EoS_Smarty::init($db_show_debug); fatal_lang_error('topic_gone', false); } } // Load this board only if it is specified. if (empty($board) && empty($topic)) { $board_info = array('moderators' => array()); return; } if (!empty($modSettings['cache_enable']) && (empty($topic) || $modSettings['cache_enable'] >= 3)) { // !!! SLOW? if (!empty($topic)) { $temp = CacheAPI::getCache('topic_board-' . $topic, 120); } else { $temp = CacheAPI::getCache('board-' . $board, 120); } if (!empty($temp)) { $board_info = $temp; $board = $board_info['id']; } } if (empty($temp)) { $request = smf_db_query(' SELECT c.id_cat, b.name AS bname, b.description, b.num_topics, b.member_groups, b.id_parent, c.name AS cname, IFNULL(mem.id_member, 0) AS id_moderator, mem.real_name' . (!empty($topic) ? ', b.id_board' : '') . ', b.child_level, b.id_theme, b.override_theme, b.count_posts, b.id_profile, b.redirect, b.allow_topics, b.unapproved_topics, b.unapproved_posts' . (!empty($topic) ? ', t.approved, t.id_member_started' : '') . ' FROM {db_prefix}boards AS b' . (!empty($topic) ? ' INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})' : '') . ' LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat) LEFT JOIN {db_prefix}moderators AS mods ON (mods.id_board = {raw:board_link}) LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = mods.id_member) WHERE b.id_board = {raw:board_link}', array('current_topic' => $topic, 'board_link' => empty($topic) ? smf_db_quote('{int:current_board}', array('current_board' => $board)) : 't.id_board')); // If there aren't any, skip. if (mysql_num_rows($request) > 0) { $row = mysql_fetch_assoc($request); // Set the current board. if (!empty($row['id_board'])) { $board = $row['id_board']; } // Basic operating information. (globals... :/) $board_info = array('id' => $board, 'moderators' => array(), 'cat' => array('id' => $row['id_cat'], 'name' => $row['cname'], 'is_root' => $row['cname'][0] === '!' ? true : false), 'name' => $row['bname'], 'allow_topics' => $row['allow_topics'], 'description' => $row['description'], 'num_topics' => $row['num_topics'], 'unapproved_topics' => $row['unapproved_topics'], 'unapproved_posts' => $row['unapproved_posts'], 'unapproved_user_topics' => 0, 'parent_boards' => getBoardParents($row['id_parent']), 'parent' => $row['id_parent'], 'child_level' => $row['child_level'], 'theme' => $row['id_theme'], 'override_theme' => !empty($row['override_theme']), 'profile' => $row['id_profile'], 'redirect' => $row['redirect'], 'posts_count' => empty($row['count_posts']), 'cur_topic_approved' => empty($topic) || $row['approved'], 'cur_topic_starter' => empty($topic) ? 0 : $row['id_member_started']); // Load the membergroups allowed, and check permissions. $board_info['groups'] = $row['member_groups'] == '' ? array() : explode(',', $row['member_groups']); do { if (!empty($row['id_moderator'])) { $board_info['moderators'][$row['id_moderator']] = array('id' => $row['id_moderator'], 'name' => $row['real_name'], 'href' => $scripturl . '?action=profile;u=' . $row['id_moderator'], 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $row['id_moderator'] . '">' . $row['real_name'] . '</a>'); } } while ($row = mysql_fetch_assoc($request)); // If the board only contains unapproved posts and the user isn't an approver then they can't see any topics. // If that is the case do an additional check to see if they have any topics waiting to be approved. if ($board_info['num_topics'] == 0 && $modSettings['postmod_active'] && !allowedTo('approve_posts')) { mysql_free_result($request); // Free the previous result $request = smf_db_query(' SELECT COUNT(id_topic) FROM {db_prefix}topics WHERE id_member_started={int:id_member} AND approved = {int:unapproved} AND id_board = {int:board}', array('id_member' => $user_info['id'], 'unapproved' => 0, 'board' => $board)); list($board_info['unapproved_user_topics']) = mysql_fetch_row($request); } if (!empty($modSettings['cache_enable']) && (empty($topic) || $modSettings['cache_enable'] >= 3)) { // !!! SLOW? if (!empty($topic)) { CacheAPI::putCache('topic_board-' . $topic, $board_info, 120); } CacheAPI::putCache('board-' . $board, $board_info, 120); } } else { // Otherwise the topic is invalid, there are no moderators, etc. $board_info = array('moderators' => array(), 'error' => 'exist'); $topic = null; $board = 0; } mysql_free_result($request); } if (!empty($topic)) { $_GET['board'] = (int) $board; } /* * if we are in topic view, set up the breadcrumb so that it * gives a link back to the last active message index page instead of * always pointing back to page one, but ignore the cookie when the board has changed. * the cookie is set in MessageIndex.php */ $stored_topicstart = 0; if (isset($_COOKIE['smf_topicstart']) && !empty($topic)) { $topicstart_cookie = $_COOKIE['smf_topicstart']; $_t = explode('_', $topicstart_cookie); if (isset($_t[0]) && isset($_t[1]) && intval($_t[1]) > 0) { if ($_t[0] == $board) { $stored_topicstart = $_t[1]; } $topics_per_page = empty($modSettings['disableCustomPerPage']) && !empty($options['topics_per_page']) ? $options['topics_per_page'] : $modSettings['defaultMaxTopics']; } } if (!empty($board)) { // Now check if the user is a moderator. $user_info['is_mod'] = isset($board_info['moderators'][$user_info['id']]); if (count(array_intersect($user_info['groups'], $board_info['groups'])) == 0 && !$user_info['is_admin']) { $board_info['error'] = 'access'; } // Build up the linktree. $context['linktree'] = array_merge($context['linktree'], $board_info['cat']['is_root'] ? array() : array(array('url' => $scripturl . '#c' . $board_info['cat']['id'], 'name' => $board_info['cat']['name'])), array_reverse($board_info['parent_boards']), array(array('url' => URL::board($board, $board_info['name'], $stored_topicstart > 0 ? $stored_topicstart : 0, false), 'name' => $board_info['name'] . ($stored_topicstart > 0 ? ' [' . ($stored_topicstart / $topics_per_page + 1) . ']' : '')))); } // Set the template contextual information. $context['user']['is_mod'] =& $user_info['is_mod']; $context['current_topic'] = $topic; $context['current_board'] = $board; // Hacker... you can't see this topic, I'll tell you that. (but moderators can!) if (!empty($board_info['error']) && ($board_info['error'] != 'access' || !$user_info['is_mod'])) { // The permissions and theme need loading, just to make sure everything goes smoothly. loadPermissions(); loadTheme(); EoS_Smarty::init($db_show_debug); $_GET['board'] = ''; $_GET['topic'] = ''; // The linktree should not give the game away mate! $context['linktree'] = array(array('url' => URL::home(), 'name' => $context['forum_name_html_safe'])); // If it's a prefetching agent or we're requesting an attachment. if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch' || !empty($_REQUEST['action']) && $_REQUEST['action'] === 'dlattach') { ob_end_clean(); header('HTTP/1.1 403 Forbidden'); die; } elseif ($user_info['is_guest']) { loadLanguage('Errors'); is_not_guest($txt['topic_gone']); } else { fatal_lang_error('topic_gone', false); } } if ($user_info['is_mod']) { $user_info['groups'][] = 3; } }
/** * The main dispatcher. * This delegates to each area. */ function elk_main() { global $modSettings, $user_info, $topic, $board_info, $context; // Special case: session keep-alive, output a transparent pixel. if (isset($_GET['action']) && $_GET['action'] == 'keepalive') { header('Content-Type: image/gif'); die("GIF89a€!ù,D;"); } // We should set our security headers now. frameOptionsHeader(); securityOptionsHeader(); // Load the user's cookie (or set as guest) and load their settings. loadUserSettings(); // Load the current board's information. loadBoard(); // Load the current user's permissions. loadPermissions(); // Load BadBehavior before we go much further loadBadBehavior(); // Attachments don't require the entire theme to be loaded. if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'dlattach' && (!empty($modSettings['allow_guestAccess']) && $user_info['is_guest'])) { detectBrowser(); } else { loadTheme(); } // Check if the user should be disallowed access. is_not_banned(); // If we are in a topic and don't have permission to approve it then duck out now. if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest'])) { fatal_lang_error('not_a_topic', false); } $no_stat_actions = array('dlattach', 'findmember', 'jsoption', 'requestmembers', 'jslocale', 'xmlpreview', 'suggest', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewadminfile'); call_integration_hook('integrate_pre_log_stats', array(&$no_stat_actions)); // Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc. if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], $no_stat_actions)) { // I see you! writeLog(); // Track forum statistics and hits...? if (!empty($modSettings['hitStats'])) { trackStats(array('hits' => '+')); } } unset($no_stat_actions); // What shall we do? require_once SOURCEDIR . '/SiteDispatcher.class.php'; $dispatcher = new Site_Dispatcher(); // Show where we came from, and go $context['site_action'] = $dispatcher->site_action(); $context['site_action'] = !empty($context['site_action']) ? $context['site_action'] : (isset($_REQUEST['action']) ? $_REQUEST['action'] : ''); $dispatcher->dispatch(); }
function smf_main() { global $modSettings, $settings, $user_info, $board, $topic, $board_info, $maintenance, $sourcedir; // Special case: session keep-alive, output a transparent pixel. if (isset($_GET['action']) && $_GET['action'] == 'keepalive') { header('Content-Type: image/gif'); die("GIF89a€!ù,D;"); } // Load the user's cookie (or set as guest) and load their settings. loadUserSettings(); // Load the current board's information. loadBoard(); // Load the current user's permissions. loadPermissions(); // Attachments don't require the entire theme to be loaded. if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'dlattach' && (!empty($modSettings['allow_guestAccess']) && $user_info['is_guest'])) { detectBrowser(); } else { loadTheme(); } // Check if the user should be disallowed access. is_not_banned(); // If we are in a topic and don't have permission to approve it then duck out now. if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest'])) { fatal_lang_error('not_a_topic', false); } // Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc. if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], array('dlattach', 'findmember', 'jseditor', 'jsoption', 'requestmembers', 'smstats', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewsmfile'))) { // Log this user as online. writeLog(); // Don't track stats of portal xml actions. if (empty($_REQUEST['action']) || $_REQUEST['action'] != 'portal' || !isset($_GET['xml'])) { // Track forum statistics and hits...? if (!empty($modSettings['hitStats'])) { trackStats(array('hits' => '+')); } } } // Load SimplePortal. sportal_init(); // Is the forum in maintenance mode? (doesn't apply to administrators.) if (!empty($maintenance) && !allowedTo('admin_forum')) { // You can only login.... otherwise, you're getting the "maintenance mode" display. if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'login2' || $_REQUEST['action'] == 'logout')) { require_once $sourcedir . '/LogInOut.php'; return $_REQUEST['action'] == 'login2' ? 'Login2' : 'Logout'; } else { require_once $sourcedir . '/Subs-Auth.php'; return 'InMaintenance'; } } elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'smstats', 'mailq', 'verificationcode', 'openidreturn')))) { require_once $sourcedir . '/Subs-Auth.php'; return 'KickGuest'; } elseif (empty($_REQUEST['action'])) { // Go catch it boy! Catch it! $sp_action = sportal_catch_action(); if ($sp_action) { return $sp_action; } // Action and board are both empty... BoardIndex! if (empty($board) && empty($topic)) { require_once $sourcedir . '/BoardIndex.php'; return 'BoardIndex'; } elseif (empty($topic)) { require_once $sourcedir . '/MessageIndex.php'; return 'MessageIndex'; } else { require_once $sourcedir . '/Display.php'; return 'Display'; } } // Here's the monstrous $_REQUEST['action'] array - $_REQUEST['action'] => array($file, $function). $actionArray = array('activate' => array('Register.php', 'Activate'), 'admin' => array('Admin.php', 'AdminMain'), 'announce' => array('Post.php', 'AnnounceTopic'), 'attachapprove' => array('ManageAttachments.php', 'ApproveAttach'), 'buddy' => array('Subs-Members.php', 'BuddyListToggle'), 'calendar' => array('Calendar.php', 'CalendarMain'), 'clock' => array('Calendar.php', 'clock'), 'collapse' => array('BoardIndex.php', 'CollapseCategory'), 'coppa' => array('Register.php', 'CoppaForm'), 'credits' => array('Who.php', 'Credits'), 'deletemsg' => array('RemoveTopic.php', 'DeleteMessage'), 'display' => array('Display.php', 'Display'), 'dlattach' => array('Display.php', 'Download'), 'editpoll' => array('Poll.php', 'EditPoll'), 'editpoll2' => array('Poll.php', 'EditPoll2'), 'emailuser' => array('SendTopic.php', 'EmailUser'), 'findmember' => array('Subs-Auth.php', 'JSMembers'), 'forum' => array('BoardIndex.php', 'BoardIndex'), 'portal' => array('PortalMain.php', 'sportal_main'), 'groups' => array('Groups.php', 'Groups'), 'help' => array('Help.php', 'ShowHelp'), 'helpadmin' => array('Help.php', 'ShowAdminHelp'), 'im' => array('PersonalMessage.php', 'MessageMain'), 'jseditor' => array('Subs-Editor.php', 'EditorMain'), 'jsmodify' => array('Post.php', 'JavaScriptModify'), 'jsoption' => array('Themes.php', 'SetJavaScript'), 'lock' => array('LockTopic.php', 'LockTopic'), 'lockvoting' => array('Poll.php', 'LockVoting'), 'login' => array('LogInOut.php', 'Login'), 'login2' => array('LogInOut.php', 'Login2'), 'logout' => array('LogInOut.php', 'Logout'), 'markasread' => array('Subs-Boards.php', 'MarkRead'), 'mergetopics' => array('SplitTopics.php', 'MergeTopics'), 'mlist' => array('Memberlist.php', 'Memberlist'), 'moderate' => array('ModerationCenter.php', 'ModerationMain'), 'modifycat' => array('ManageBoards.php', 'ModifyCat'), 'modifykarma' => array('Karma.php', 'ModifyKarma'), 'movetopic' => array('MoveTopic.php', 'MoveTopic'), 'movetopic2' => array('MoveTopic.php', 'MoveTopic2'), 'notify' => array('Notify.php', 'Notify'), 'notifyboard' => array('Notify.php', 'BoardNotify'), 'openidreturn' => array('Subs-OpenID.php', 'smf_openID_return'), 'pm' => array('PersonalMessage.php', 'MessageMain'), 'post' => array('Post.php', 'Post'), 'post2' => array('Post.php', 'Post2'), 'printpage' => array('Printpage.php', 'PrintTopic'), 'profile' => array('Profile.php', 'ModifyProfile'), 'quotefast' => array('Post.php', 'QuoteFast'), 'quickmod' => array('MessageIndex.php', 'QuickModeration'), 'quickmod2' => array('Display.php', 'QuickInTopicModeration'), 'recent' => array('Recent.php', 'RecentPosts'), 'register' => array('Register.php', 'Register'), 'register2' => array('Register.php', 'Register2'), 'reminder' => array('Reminder.php', 'RemindMe'), 'removepoll' => array('Poll.php', 'RemovePoll'), 'removetopic2' => array('RemoveTopic.php', 'RemoveTopic2'), 'reporttm' => array('SendTopic.php', 'ReportToModerator'), 'requestmembers' => array('Subs-Auth.php', 'RequestMembers'), 'restoretopic' => array('RemoveTopic.php', 'RestoreTopic'), 'search' => array('Search.php', 'PlushSearch1'), 'search2' => array('Search.php', 'PlushSearch2'), 'sendtopic' => array('SendTopic.php', 'EmailUser'), 'smstats' => array('Stats.php', 'SMStats'), 'suggest' => array('Subs-Editor.php', 'AutoSuggestHandler'), 'spellcheck' => array('Subs-Post.php', 'SpellCheck'), 'splittopics' => array('SplitTopics.php', 'SplitTopics'), 'stats' => array('Stats.php', 'DisplayStats'), 'sticky' => array('LockTopic.php', 'Sticky'), 'theme' => array('Themes.php', 'ThemesMain'), 'trackip' => array('Profile-View.php', 'trackIP'), 'about:mozilla' => array('Karma.php', 'BookOfUnknown'), 'about:unknown' => array('Karma.php', 'BookOfUnknown'), 'unread' => array('Recent.php', 'UnreadTopics'), 'unreadreplies' => array('Recent.php', 'UnreadTopics'), 'verificationcode' => array('Register.php', 'VerificationCode'), 'viewprofile' => array('Profile.php', 'ModifyProfile'), 'vote' => array('Poll.php', 'Vote'), 'viewquery' => array('ViewQuery.php', 'ViewQuery'), 'viewsmfile' => array('Admin.php', 'DisplayAdminFile'), 'who' => array('Who.php', 'Who'), '.xml' => array('News.php', 'ShowXmlFeed'), 'xmlhttp' => array('Xml.php', 'XMLhttpMain')); // Allow modifying $actionArray easily. call_integration_hook('integrate_actions', array(&$actionArray)); if (!empty($context['disable_sp'])) { unset($actionArray['portal'], $actionArray['forum']); } // Get the function and file to include - if it's not there, do the board index. if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']])) { // Catch the action with the theme? if (!empty($settings['catch_action'])) { require_once $sourcedir . '/Themes.php'; return 'WrapAction'; } // Fall through to the board index then... require_once $sourcedir . '/BoardIndex.php'; return 'BoardIndex'; } // Otherwise, it was set - so let's go to that action. require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0]; return $actionArray[$_REQUEST['action']][1]; }
/** * Initialises key values for SimpleDesk. * * This function initialises certain key constructs for SimpleDesk, such as constants, that are used throughout * SimpleDesk. It should be called first right up in Load.php anyway. * * Calling multiple times is not significantly detrimental to performance; the function is aware if it has been * called previously. * * @since 2.0 */ function shd_init() { global $modSettings, $sourcedir, $user_info, $context, $smcFunc; static $called = null; if (!empty($called)) { return; } $called = true; $context['shd_home'] = 'action=helpdesk;sa=main'; // What SD version are we on? It's now here! define('SHD_VERSION', 'SimpleDesk 2.0 Anatidae'); // This isn't the SMF way. But for something like this, it's way way more logical and readable. define('TICKET_STATUS_NEW', 0); define('TICKET_STATUS_PENDING_STAFF', 1); define('TICKET_STATUS_PENDING_USER', 2); define('TICKET_STATUS_CLOSED', 3); define('TICKET_STATUS_WITH_SUPERVISOR', 4); define('TICKET_STATUS_ESCALATED', 5); define('TICKET_STATUS_DELETED', 6); define('TICKET_URGENCY_LOW', 0); define('TICKET_URGENCY_MEDIUM', 1); define('TICKET_URGENCY_HIGH', 2); define('TICKET_URGENCY_VHIGH', 3); define('TICKET_URGENCY_SEVERE', 4); define('TICKET_URGENCY_CRITICAL', 5); define('MSG_STATUS_NORMAL', 0); define('MSG_STATUS_DELETED', 1); // Relationship types define('RELATIONSHIP_LINKED', 0); define('RELATIONSHIP_DUPLICATED', 1); define('RELATIONSHIP_ISPARENT', 2); define('RELATIONSHIP_ISCHILD', 3); // Custom fields, their types, positions, content type define('CFIELD_TICKET', 1); define('CFIELD_REPLY', 2); define('CFIELD_PLACE_DETAILS', 1); define('CFIELD_PLACE_INFO', 2); define('CFIELD_PLACE_PREFIX', 3); define('CFIELD_PLACE_PREFIXFILTER', 4); define('CFIELD_TYPE_TEXT', 1); define('CFIELD_TYPE_LARGETEXT', 2); define('CFIELD_TYPE_INT', 3); define('CFIELD_TYPE_FLOAT', 4); define('CFIELD_TYPE_SELECT', 5); define('CFIELD_TYPE_CHECKBOX', 6); define('CFIELD_TYPE_RADIO', 7); define('CFIELD_TYPE_MULTI', 8); // Ticket notification options define('NOTIFY_PREFS', 0); define('NOTIFY_ALWAYS', 1); define('NOTIFY_NEVER', 2); // Roles and permissions define('ROLE_USER', 1); define('ROLE_STAFF', 2); //define('ROLE_SUPERVISOR', 3); define('ROLE_ADMIN', 4); define('ROLEPERM_DISALLOW', 0); define('ROLEPERM_ALLOW', 1); define('ROLEPERM_DENY', 2); // How many digits should we show for ticket numbers? Normally we pad to 5 digits, e.g. 00001 - this is how we set that width. if (empty($modSettings['shd_zerofill']) || $modSettings['shd_zerofill'] < 0) { $modSettings['shd_zerofill'] = 0; } // Load some stuff shd_load_language('sd_language/SimpleDesk'); require_once $sourcedir . '/sd_source/Subs-SimpleDeskPermissions.php'; // Set up defaults $defaults = array('shd_attachments_mode' => 'ticket', 'shd_ticketnav_style' => 'sd', 'shd_staff_badge' => 'nobadge', 'shd_privacy_display' => 'smart'); foreach ($defaults as $var => $val) { if (empty($modSettings[$var])) { $modSettings[$var] = $val; } } $modSettings['helpdesk_active'] = isset($modSettings['admin_features']) ? in_array('shd', explode(',', $modSettings['admin_features'])) : false; if ($modSettings['helpdesk_active']) { shd_load_plugin_files('init'); shd_load_plugin_langfiles('init'); } shd_load_user_perms(); if (!empty($modSettings['shd_maintenance_mode'])) { if (!empty($modSettings['shd_helpdesk_only']) && !$user_info['is_admin'] && !shd_allowed_to('admin_helpdesk', 0)) { // You can only login.... otherwise, you're getting the "maintenance mode" display. Except we have to boot up a decent amount of SMF. if (empty($_REQUEST['action']) || $_REQUEST['action'] != 'login2' && $_REQUEST['action'] != 'logout') { $_GET['action'] = ''; $_REQUEST['action'] = ''; $context['shd_maintenance_mode'] = true; loadBoard(); loadPermissions(); loadTheme(); is_not_banned(); require_once $sourcedir . '/Subs-Auth.php'; InMaintenance(); obExit(null, null, false); } } else { $modSettings['helpdesk_active'] &= $user_info['is_admin'] || shd_allowed_to('admin_helpdesk', 0); } } // Last minute stuff if ($modSettings['helpdesk_active']) { // Are they actually going into the helpdesk? If they are, do we need to deal with their theme? if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'helpdesk') { // First figure out what department they're in. $this_dept = 0; $depts = shd_allowed_to('access_helpdesk', false); // Do they only have one dept? If so, that's the one. if (count($depts) == 1) { $this_dept = $depts[0]; } elseif (isset($_REQUEST['dept'])) { $_REQUEST['dept'] = (int) $_REQUEST['dept']; if (in_array($_REQUEST['dept'], $depts)) { $this_dept = $_REQUEST['dept']; } } elseif (isset($_REQUEST['newdept'])) { $_REQUEST['newdept'] = (int) $_REQUEST['newdept']; if (in_array($_REQUEST['newdept'], $depts)) { $this_dept = $_REQUEST['newdept']; } } elseif (isset($_REQUEST['ticket'])) { $ticket = (int) $_REQUEST['ticket']; if (!empty($ticket)) { $query = shd_db_query('', ' SELECT hdt.id_dept, dept_name, dept_theme FROM {db_prefix}helpdesk_tickets AS hdt INNER JOIN {db_prefix}helpdesk_depts AS hdd ON (hdt.id_dept = hdd.id_dept) WHERE id_ticket = {int:ticket} AND {query_see_ticket}', array('ticket' => $ticket)); if ($row = $smcFunc['db_fetch_row']($query)) { if (in_array($row[0], $depts)) { list($this_dept, $context['shd_dept_name'], $theme) = $row; } } $smcFunc['db_free_result']($query); } } if (!empty($this_dept) && !isset($theme)) { $context['queried_dept'] = $this_dept; $query = $smcFunc['db_query']('', ' SELECT dept_theme FROM {db_prefix}helpdesk_depts WHERE id_dept = {int:dept}', array('dept' => $this_dept)); if ($row = $smcFunc['db_fetch_row']($query)) { $theme = $row[0]; } $smcFunc['db_free_result']($query); } // If for whatever reason we didn't establish a theme, see if there's a forum default one. if (empty($theme) && !empty($modSettings['shd_theme'])) { $theme = $modSettings['shd_theme']; } // Action. if (!empty($theme)) { // This is ever so slightly hacky. But as this function is called sufficiently early we can get away with it. unset($_REQUEST['theme'], $modSettings['theme_allow']); $modSettings['theme_guests'] = $theme; } } } $context['shd_plugins'] = empty($modSettings['shd_enabled_plugins']) || empty($modSettings['helpdesk_active']) ? array() : explode(',', $modSettings['shd_enabled_plugins']); call_integration_hook('shd_hook_init'); }
$upcontext['started'] = time(); $upcontext['updated'] = 0; $upcontext['user'] = array('id' => 0, 'name' => 'Guest', 'pass' => 0, 'started' => $upcontext['started'], 'updated' => $upcontext['updated']); } // Load up some essential data... loadEssentialData(); // Are we going to be mimicking SSI at this point? if (isset($_GET['ssi'])) { require_once SOURCEDIR . '/Subs.php'; require_once SOURCEDIR . '/Errors.php'; require_once SOURCEDIR . '/Logging.php'; require_once SOURCEDIR . '/Load.php'; require_once SUBSDIR . '/Cache.subs.php'; require_once SOURCEDIR . '/Security.php'; loadUserSettings(); loadPermissions(); } // We may need this later require_once SUBSDIR . '/Package.subs.php'; // All the non-SSI stuff. loadEssentialFunctions(); // Don't do security check if on Yabbse or SMF if (!isset($modSettings['elkVersion'])) { $disable_security = true; } // We should have the database easily at this point $db = database(); // Does this exist? if (isset($modSettings['elkVersion'])) { $request = $db->query('', ' SELECT variable, value
/** * Check for moderators and see if they have access to the board. * * What it does: * - sets up the $board_info array for current board information. * - if cache is enabled, the $board_info array is stored in cache. * - redirects to appropriate post if only message id is requested. * - is only used when inside a topic or board. * - determines the local moderators for the board. * - adds group id 3 if the user is a local moderator for the board they are in. * - prevents access if user is not in proper group nor a local moderator of the board. */ function loadBoard() { global $txt, $scripturl, $context, $modSettings; global $board_info, $board, $topic, $user_info; $db = database(); // Assume they are not a moderator. $user_info['is_mod'] = false; $context['user']['is_mod'] =& $user_info['is_mod']; // @since 1.0.5 - is_mod takes into account only local (board) moderators, // and not global moderators, is_moderator is meant to take into account both. $user_info['is_moderator'] = false; $context['user']['is_moderator'] =& $user_info['is_moderator']; // Start the linktree off empty.. $context['linktree'] = array(); // Have they by chance specified a message id but nothing else? if (empty($_REQUEST['action']) && empty($topic) && empty($board) && !empty($_REQUEST['msg'])) { // Make sure the message id is really an int. $_REQUEST['msg'] = (int) $_REQUEST['msg']; // Looking through the message table can be slow, so try using the cache first. if (($topic = cache_get_data('msg_topic-' . $_REQUEST['msg'], 120)) === null) { require_once SUBSDIR . '/Messages.subs.php'; $topic = associatedTopic($_REQUEST['msg']); // So did it find anything? if ($topic !== false) { // Save save save. cache_put_data('msg_topic-' . $_REQUEST['msg'], $topic, 120); } } // Remember redirection is the key to avoiding fallout from your bosses. if (!empty($topic)) { redirectexit('topic=' . $topic . '.msg' . $_REQUEST['msg'] . '#msg' . $_REQUEST['msg']); } else { loadPermissions(); loadTheme(); fatal_lang_error('topic_gone', false); } } // Load this board only if it is specified. if (empty($board) && empty($topic)) { $board_info = array('moderators' => array()); return; } if (!empty($modSettings['cache_enable']) && (empty($topic) || $modSettings['cache_enable'] >= 3)) { // @todo SLOW? if (!empty($topic)) { $temp = cache_get_data('topic_board-' . $topic, 120); } else { $temp = cache_get_data('board-' . $board, 120); } if (!empty($temp)) { $board_info = $temp; $board = $board_info['id']; } } if (empty($temp)) { $select_columns = array(); $select_tables = array(); // Wanna grab something more from the boards table or another table at all? call_integration_hook('integrate_load_board_query', array(&$select_columns, &$select_tables)); $request = $db->query('', ' SELECT c.id_cat, b.name AS bname, b.description, b.num_topics, b.member_groups, b.deny_member_groups, b.id_parent, c.name AS cname, IFNULL(mem.id_member, 0) AS id_moderator, mem.real_name' . (!empty($topic) ? ', b.id_board' : '') . ', b.child_level, b.id_theme, b.override_theme, b.count_posts, b.id_profile, b.redirect, b.unapproved_topics, b.unapproved_posts' . (!empty($topic) ? ', t.approved, t.id_member_started' : '') . (!empty($select_columns) ? ', ' . implode(', ', $select_columns) : '') . ' FROM {db_prefix}boards AS b' . (!empty($topic) ? ' INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})' : '') . (!empty($select_tables) ? ' ' . implode("\n\t\t\t\t", $select_tables) : '') . ' LEFT JOIN {db_prefix}categories AS c ON (c.id_cat = b.id_cat) LEFT JOIN {db_prefix}moderators AS mods ON (mods.id_board = {raw:board_link}) LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = mods.id_member) WHERE b.id_board = {raw:board_link}', array('current_topic' => $topic, 'board_link' => empty($topic) ? $db->quote('{int:current_board}', array('current_board' => $board)) : 't.id_board')); // If there aren't any, skip. if ($db->num_rows($request) > 0) { $row = $db->fetch_assoc($request); // Set the current board. if (!empty($row['id_board'])) { $board = $row['id_board']; } // Basic operating information. (globals... :/) $board_info = array('id' => $board, 'moderators' => array(), 'cat' => array('id' => $row['id_cat'], 'name' => $row['cname']), 'name' => $row['bname'], 'description' => $row['description'], 'num_topics' => $row['num_topics'], 'unapproved_topics' => $row['unapproved_topics'], 'unapproved_posts' => $row['unapproved_posts'], 'unapproved_user_topics' => 0, 'parent_boards' => getBoardParents($row['id_parent']), 'parent' => $row['id_parent'], 'child_level' => $row['child_level'], 'theme' => $row['id_theme'], 'override_theme' => !empty($row['override_theme']), 'profile' => $row['id_profile'], 'redirect' => $row['redirect'], 'posts_count' => empty($row['count_posts']), 'cur_topic_approved' => empty($topic) || $row['approved'], 'cur_topic_starter' => empty($topic) ? 0 : $row['id_member_started']); // Load the membergroups allowed, and check permissions. $board_info['groups'] = $row['member_groups'] == '' ? array() : explode(',', $row['member_groups']); $board_info['deny_groups'] = $row['deny_member_groups'] == '' ? array() : explode(',', $row['deny_member_groups']); do { if (!empty($row['id_moderator'])) { $board_info['moderators'][$row['id_moderator']] = array('id' => $row['id_moderator'], 'name' => $row['real_name'], 'href' => $scripturl . '?action=profile;u=' . $row['id_moderator'], 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $row['id_moderator'] . '">' . $row['real_name'] . '</a>'); } } while ($row = $db->fetch_assoc($request)); // If the board only contains unapproved posts and the user isn't an approver then they can't see any topics. // If that is the case do an additional check to see if they have any topics waiting to be approved. if ($board_info['num_topics'] == 0 && $modSettings['postmod_active'] && !allowedTo('approve_posts')) { // Free the previous result $db->free_result($request); // @todo why is this using id_topic? // @todo Can this get cached? $request = $db->query('', ' SELECT COUNT(id_topic) FROM {db_prefix}topics WHERE id_member_started={int:id_member} AND approved = {int:unapproved} AND id_board = {int:board}', array('id_member' => $user_info['id'], 'unapproved' => 0, 'board' => $board)); list($board_info['unapproved_user_topics']) = $db->fetch_row($request); } call_integration_hook('integrate_loaded_board', array(&$board_info, &$row)); if (!empty($modSettings['cache_enable']) && (empty($topic) || $modSettings['cache_enable'] >= 3)) { // @todo SLOW? if (!empty($topic)) { cache_put_data('topic_board-' . $topic, $board_info, 120); } cache_put_data('board-' . $board, $board_info, 120); } } else { // Otherwise the topic is invalid, there are no moderators, etc. $board_info = array('moderators' => array(), 'error' => 'exist'); $topic = null; $board = 0; } $db->free_result($request); } if (!empty($topic)) { $_GET['board'] = (int) $board; } if (!empty($board)) { // Now check if the user is a moderator. $user_info['is_mod'] = isset($board_info['moderators'][$user_info['id']]); $user_info['is_moderator'] = $user_info['is_mod'] || allowedTo('moderate_board'); if (count(array_intersect($user_info['groups'], $board_info['groups'])) == 0 && !$user_info['is_admin']) { $board_info['error'] = 'access'; } if (!empty($modSettings['deny_boards_access']) && count(array_intersect($user_info['groups'], $board_info['deny_groups'])) != 0 && !$user_info['is_admin']) { $board_info['error'] = 'access'; } // Build up the linktree. $context['linktree'] = array_merge($context['linktree'], array(array('url' => $scripturl . '#c' . $board_info['cat']['id'], 'name' => $board_info['cat']['name'])), array_reverse($board_info['parent_boards']), array(array('url' => $scripturl . '?board=' . $board . '.0', 'name' => $board_info['name']))); } // Set the template contextual information. $context['user']['is_mod'] =& $user_info['is_mod']; $context['user']['is_moderator'] =& $user_info['is_moderator']; $context['current_topic'] = $topic; $context['current_board'] = $board; // Hacker... you can't see this topic, I'll tell you that. (but moderators can!) if (!empty($board_info['error']) && (!empty($modSettings['deny_boards_access']) || $board_info['error'] != 'access' || !$user_info['is_moderator'])) { // The permissions and theme need loading, just to make sure everything goes smoothly. loadPermissions(); loadTheme(); $_GET['board'] = ''; $_GET['topic'] = ''; // The linktree should not give the game away mate! $context['linktree'] = array(array('url' => $scripturl, 'name' => $context['forum_name_html_safe'])); // If it's a prefetching agent or we're requesting an attachment. if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch' || !empty($_REQUEST['action']) && $_REQUEST['action'] === 'dlattach') { @ob_end_clean(); header('HTTP/1.1 403 Forbidden'); die; } elseif ($user_info['is_guest']) { loadLanguage('Errors'); is_not_guest($txt['topic_gone']); } else { fatal_lang_error('topic_gone', false); } } if ($user_info['is_mod']) { $user_info['groups'][] = 3; } }
function mob_m_merge_topic($rpcmsg) { global $mobdb, $func, $board, $topic, $context; // Get the topics $topic_1 = $rpcmsg->getScalarValParam(1); $topic_2 = $rpcmsg->getScalarValParam(0); if ($topic_1 == $topic_2) { mob_error('same topic'); } $topicinfo_1 = get_topicinfo($topic_1); $topicinfo_2 = get_topicinfo($topic_2); if (empty($topicinfo_1) || empty($topicinfo_2)) { mob_error('topics not found'); } $topic = $topic_1; $board = $topicinfo_1['id_board']; loadBoard(); loadPermissions(); // do_merge will check for our permissions do_merge(array($topic_1, $topic_2)); // Return a true response return new xmlrpcresp(new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean')), 'struct')); }
function build_board($boards, $is_cat = false) { global $settings, $context, $user_info, $smcFunc, $boardurl, $boarddir, $modSettings, $board; $response = array(); foreach ($boards as $id => $tt_board) { if (empty($tt_board['id'])) { continue; } $new_post = false; if ($tt_board['new'] || $tt_board['children_new']) { $new_post = true; $logo_url = $settings['images_url'] . '/' . $context['theme_variant_url'] . 'on' . ($tt_board['new'] ? '' : '2') . '.png'; } elseif ($tt_board['redirect']) { $logo_url = $settings['images_url'] . '/' . $context['theme_variant_url'] . 'redirect.png'; } else { $logo_url = $settings['images_url'] . '/' . $context['theme_variant_url'] . 'off.png'; } $logo_dir = str_replace($boardurl, $boarddir, $logo_url); if (!file_exists($logo_dir) && file_exists(preg_replace('/png$/', 'gif', $logo_dir))) { $logo_url = preg_replace('/png$/', 'gif', $logo_url); } $is_link_forum = isset($tt_board['redirect']) && !empty($tt_board['redirect']); if (!$is_cat && !$user_info['is_guest']) { $can_subscribe = allowedTo('mark_notify', $tt_board['id']); $request = $smcFunc['db_query']('', ' SELECT sent FROM {db_prefix}log_notify WHERE id_board = {int:current_board} AND id_member = {int:current_member} LIMIT 1', array('current_board' => $tt_board['id'], 'current_member' => $user_info['id'])); $is_subscribed = $smcFunc['db_num_rows']($request) != 0; $smcFunc['db_free_result']($request); $board = $tt_board['id']; loadBoard(); loadPermissions(); $can_post_new = (allowedTo('post_new') || $modSettings['postmod_active'] && allowedTo('post_unapproved_topics')) && !$is_link_forum; $mobiquo_can_post = true; if (isset($modSettings['boards_disable_new_topic']) && !empty($modSettings['boards_disable_new_topic'])) { $dis_new_topic_boards = explode(',', $modSettings['boards_disable_new_topic']); $mobiquo_can_post = !in_array($tt_board['id'], $dis_new_topic_boards); } $can_post = $can_post_new && $mobiquo_can_post ? true : false; } else { $can_subscribe = false; $is_subscribed = false; $can_post = false; } $tp_board_id = $is_cat ? preg_replace('/c/', '', $tt_board['id']) : $tt_board['id']; $logo_url = ($tp_logo_url = tp_get_forum_icon($tp_board_id, $is_link_forum ? 'link' : ($is_cat ? 'category' : 'forum'), false, $new_post)) ? $tp_logo_url : $logo_url; $xmlrpc_forum = array('forum_id' => new xmlrpcval($tt_board['id'], 'string'), 'forum_name' => new xmlrpcval(basic_clean($tt_board['name']), 'base64'), 'parent_id' => new xmlrpcval($tt_board['id_parent'] ? $tt_board['id_parent'] : 'c' . $tt_board['id_cat'], 'string'), 'logo_url' => new xmlrpcval($logo_url, 'string'), 'new_post' => new xmlrpcval($new_post, 'boolean'), 'url' => new xmlrpcval($tt_board['redirect'], 'string'), 'sub_only' => new xmlrpcval($is_cat, 'boolean'), 'can_subscribe' => new xmlrpcval($can_subscribe, 'boolean'), 'is_subscribed' => new xmlrpcval($is_subscribed, 'boolean'), 'is_protected' => new xmlrpcval(false, 'boolean'), 'can_post' => new xmlrpcval($can_post, 'boolean')); if ($_GET['return_description']) { $xmlrpc_forum['description'] = new xmlrpcval(basic_clean($tt_board['description']), 'base64'); } if (isset($_GET['forum_id']) && (!empty($_GET['forum_id']) || $_GET['forum_id'] === 0)) { $xmlrpc_forum['has_child'] = new xmlrpcval($tt_board['has_child'], 'boolean'); } if (isset($tt_board['boards']) && !empty($tt_board['boards'])) { $xmlrpc_forum['child'] = new xmlrpcval(build_board($tt_board['boards']), 'array'); } $response[] = new xmlrpcval($xmlrpc_forum, 'struct'); } return $response; }
function smf_main() { global $modSettings, $settings, $user_info, $board, $topic, $maintenance, $sourcedir; // Special case: session keep-alive. if (isset($_GET['action']) && $_GET['action'] == 'keepalive') { die; } // Load the user's cookie (or set as guest) and load their settings. loadUserSettings(); // Load the current board's information. loadBoard(); // Load the current theme. (note that ?theme=1 will also work, may be used for guest theming.) loadTheme(); // Check if the user should be disallowed access. // is_not_banned(); // Load the current user's permissions. loadPermissions(); // Do some logging, unless this is an attachment, avatar, theme option or XML feed. if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], array('dlattach', 'jsoption', '.xml'))) { // Log this user as online. writeLog(); // Track forum statistics and hits...? if (!empty($modSettings['hitStats'])) { trackStats(array('hits' => '+')); } } // Is the forum in maintenance mode? (doesn't apply to administrators.) if (!empty($maintenance) && !allowedTo('admin_forum')) { // You can only login.... otherwise, you're getting the "maintenance mode" display. if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'login2' || $_REQUEST['action'] == 'logout')) { require_once $sourcedir . '/LogInOut.php'; return $_REQUEST['action'] == 'login2' ? 'Login2' : 'Logout'; } else { require_once $sourcedir . '/Subs-Auth.php'; return 'InMaintenance'; } } elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'smstats', 'help', 'verificationcode')))) { require_once $sourcedir . '/Subs-Auth.php'; return 'KickGuest'; } elseif (empty($_REQUEST['action'])) { // Action and board are both empty... BoardIndex! if (empty($board) && empty($topic)) { require_once $sourcedir . '/BoardIndex.php'; return 'BoardIndex'; } elseif (empty($topic)) { require_once $sourcedir . '/MessageIndex.php'; return 'MessageIndex'; } else { require_once $sourcedir . '/Display.php'; return 'Display'; } } // Here's the monstrous $_REQUEST['action'] array - $_REQUEST['action'] => array($file, $function). $actionArray = array('activate' => array('Register.php', 'Activate'), 'admin' => array('Admin.php', 'Admin'), 'announce' => array('Post.php', 'AnnounceTopic'), 'ban' => array('ManageBans.php', 'Ban'), 'boardrecount' => array('Admin.php', 'AdminBoardRecount'), 'buddy' => array('Subs-Members.php', 'BuddyListToggle'), 'calendar' => array('Calendar.php', 'CalendarMain'), 'cleanperms' => array('Admin.php', 'CleanupPermissions'), 'collapse' => array('Subs-Boards.php', 'CollapseCategory'), 'convertentities' => array('Admin.php', 'ConvertEntities'), 'convertutf8' => array('Admin.php', 'ConvertUtf8'), 'coppa' => array('Register.php', 'CoppaForm'), 'deletemsg' => array('RemoveTopic.php', 'DeleteMessage'), 'detailedversion' => array('Admin.php', 'VersionDetail'), 'display' => array('Display.php', 'Display'), 'dlattach' => array('Display.php', 'Download'), 'dumpdb' => array('DumpDatabase.php', 'DumpDatabase2'), 'editpoll' => array('Poll.php', 'EditPoll'), 'editpoll2' => array('Poll.php', 'EditPoll2'), 'featuresettings' => array('ModSettings.php', 'ModifyFeatureSettings'), 'featuresettings2' => array('ModSettings.php', 'ModifyFeatureSettings2'), 'findmember' => array('Subs-Auth.php', 'JSMembers'), 'help' => array('Help.php', 'ShowHelp'), 'helpadmin' => array('Help.php', 'ShowAdminHelp'), 'im' => array('PersonalMessage.php', 'MessageMain'), 'jsoption' => array('Themes.php', 'SetJavaScript'), 'jsmodify' => array('Post.php', 'JavaScriptModify'), 'lock' => array('LockTopic.php', 'LockTopic'), 'lockVoting' => array('Poll.php', 'LockVoting'), 'login' => array('LogInOut.php', 'Login'), 'login2' => array('LogInOut.php', 'Login2'), 'logout' => array('LogInOut.php', 'Logout'), 'maintain' => array('Admin.php', 'Maintenance'), 'manageattachments' => array('ManageAttachments.php', 'ManageAttachments'), 'manageboards' => array('ManageBoards.php', 'ManageBoards'), 'managecalendar' => array('ManageCalendar.php', 'ManageCalendar'), 'managesearch' => array('ManageSearch.php', 'ManageSearch'), 'markasread' => array('Subs-Boards.php', 'MarkRead'), 'membergroups' => array('ManageMembergroups.php', 'ModifyMembergroups'), 'mergetopics' => array('SplitTopics.php', 'MergeTopics'), 'mlist' => array('Memberlist.php', 'Memberlist'), 'modifycat' => array('ManageBoards.php', 'ModifyCat'), 'modifykarma' => array('Karma.php', 'ModifyKarma'), 'modlog' => array('Modlog.php', 'ViewModlog'), 'movetopic' => array('MoveTopic.php', 'MoveTopic'), 'movetopic2' => array('MoveTopic.php', 'MoveTopic2'), 'news' => array('ManageNews.php', 'ManageNews'), 'notify' => array('Notify.php', 'Notify'), 'notifyboard' => array('Notify.php', 'BoardNotify'), 'optimizetables' => array('Admin.php', 'OptimizeTables'), 'packageget' => array('PackageGet.php', 'PackageGet'), 'packages' => array('Packages.php', 'Packages'), 'permissions' => array('ManagePermissions.php', 'ModifyPermissions'), 'pgdownload' => array('PackageGet.php', 'PackageGet'), 'pm' => array('PersonalMessage.php', 'MessageMain'), 'post' => array('Post.php', 'Post'), 'post2' => array('Post.php', 'Post2'), 'postsettings' => array('ManagePosts.php', 'ManagePostSettings'), 'printpage' => array('Printpage.php', 'PrintTopic'), 'profile' => array('Profile.php', 'ModifyProfile'), 'profile2' => array('Profile.php', 'ModifyProfile2'), 'quotefast' => array('Post.php', 'QuoteFast'), 'quickmod' => array('Subs-Boards.php', 'QuickModeration'), 'quickmod2' => array('Subs-Boards.php', 'QuickModeration2'), 'recent' => array('Recent.php', 'RecentPosts'), 'regcenter' => array('ManageRegistration.php', 'RegCenter'), 'register' => array('Register.php', 'Register'), 'register2' => array('Register.php', 'Register2'), 'reminder' => array('Reminder.php', 'RemindMe'), 'removetopic2' => array('RemoveTopic.php', 'RemoveTopic2'), 'removeoldtopics2' => array('RemoveTopic.php', 'RemoveOldTopics2'), 'removepoll' => array('Poll.php', 'RemovePoll'), 'repairboards' => array('RepairBoards.php', 'RepairBoards'), 'reporttm' => array('SendTopic.php', 'ReportToModerator'), 'reports' => array('Reports.php', 'ReportsMain'), 'requestmembers' => array('Subs-Auth.php', 'RequestMembers'), 'search' => array('Search.php', 'PlushSearch1'), 'search2' => array('Search.php', 'PlushSearch2'), 'sendtopic' => array('SendTopic.php', 'SendTopic'), 'serversettings' => array('ManageServer.php', 'ModifySettings'), 'serversettings2' => array('ManageServer.php', 'ModifySettings2'), 'smileys' => array('ManageSmileys.php', 'ManageSmileys'), 'smstats' => array('Stats.php', 'SMStats'), 'spellcheck' => array('Subs-Post.php', 'SpellCheck'), 'splittopics' => array('SplitTopics.php', 'SplitTopics'), 'stats' => array('Stats.php', 'DisplayStats'), 'sticky' => array('LockTopic.php', 'Sticky'), 'theme' => array('Themes.php', 'ThemesMain'), 'trackip' => array('Profile.php', 'trackIP'), 'about:mozilla' => array('Karma.php', 'BookOfUnknown'), 'about:unknown' => array('Karma.php', 'BookOfUnknown'), 'unread' => array('Recent.php', 'UnreadTopics'), 'unreadreplies' => array('Recent.php', 'UnreadTopics'), 'viewErrorLog' => array('ManageErrors.php', 'ViewErrorLog'), 'viewmembers' => array('ManageMembers.php', 'ViewMembers'), 'viewprofile' => array('Profile.php', 'ModifyProfile'), 'verificationcode' => array('Register.php', 'VerificationCode'), 'vote' => array('Poll.php', 'Vote'), 'viewquery' => array('ViewQuery.php', 'ViewQuery'), 'who' => array('Who.php', 'Who'), '.xml' => array('News.php', 'ShowXmlFeed')); // Get the function and file to include - if it's not there, do the board index. if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']])) { // Catch the action with the theme? if (!empty($settings['catch_action'])) { require_once $sourcedir . '/Themes.php'; return 'WrapAction'; } // Fall through to the board index then... require_once $sourcedir . '/BoardIndex.php'; return 'BoardIndex'; } // Otherwise, it was set - so let's go to that action. require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0]; return $actionArray[$_REQUEST['action']][1]; }
function mob_update_password($rpcmsg) { global $txt, $modSettings; global $cookiename, $context; global $sourcedir, $scripturl, $db_prefix; global $ID_MEMBER, $user_info; global $newpassemail, $user_profile, $validationCode; loadLanguage('Profile'); // Start with no updates and no errors. $profile_vars = array(); $post_errors = array(); $good_password = false; // reset directly with tapatalk id credential if ($rpcmsg->getParam(2)) { $_POST['passwrd1'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : ''; $_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']); $token = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : ''; $code = $rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : ''; // verify Tapatalk Authorization if ($token && $code) { $ttid = TapatalkSsoVerification($token, $code); if ($ttid && $ttid->result) { $tapatalk_id_email = $ttid->email; if (empty($ID_MEMBER) && ($ID_MEMBER = emailExists($tapatalk_id_email))) { loadMemberData($ID_MEMBER, false, 'profile'); $user_info = $user_profile[$ID_MEMBER]; $user_info['is_guest'] = false; $user_info['is_admin'] = $user_info['id_group'] == 1 || in_array(1, explode(',', $user_info['additionalGroups'])); $user_info['id'] = $ID_MEMBER; if (empty($user_info['additionalGroups'])) { $user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']); } else { $user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups'])); } $user_info['groups'] = array_unique(array_map('intval', $user_info['groups'])); loadPermissions(); } if (strtolower($user_info['emailAddress']) == strtolower($tapatalk_id_email) && $user_info['ID_GROUP'] != 1) { $good_password = true; } } } if (!$good_password) { get_error('Failed to update password'); } } else { $_POST['oldpasswrd'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : ''; $_POST['passwrd1'] = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : ''; $_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']); } // Clean up the POST variables. $_POST = htmltrim__recursive($_POST); $_POST = stripslashes__recursive($_POST); $_POST = htmlspecialchars__recursive($_POST); $_POST = addslashes__recursive($_POST); $memberResult = loadMemberData($ID_MEMBER, false, 'profile'); if (!is_array($memberResult)) { fatal_lang_error(453, false); } $memID = $ID_MEMBER; $context['user']['is_owner'] = true; isAllowedTo(array('manage_membergroups', 'profile_identity_any', 'profile_identity_own')); // You didn't even enter a password! if (trim($_POST['oldpasswrd']) == '' && !$good_password) { fatal_error($txt['profile_error_no_password']); } // Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password $_POST['oldpasswrd'] = addslashes(un_htmlspecialchars(stripslashes($_POST['oldpasswrd']))); // Does the integration want to check passwords? if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) { if (call_user_func($modSettings['integrate_verify_password'], $user_profile[$memID]['memberName'], $_POST['oldpasswrd'], false) === true) { $good_password = true; } } // Bad password!!! if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd'])) { fatal_error($txt['profile_error_bad_password']); } // Let's get the validation function into play... require_once $sourcedir . '/Subs-Auth.php'; $passwordErrors = validatePassword($_POST['passwrd1'], $user_info['username'], array($user_info['name'], $user_info['email'])); // Were there errors? if ($passwordErrors != null) { fatal_error($txt['profile_error_password_' . $passwordErrors]); } // Set up the new password variable... ready for storage. $profile_vars['passwd'] = '\'' . sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . '\''; // If we've changed the password, notify any integration that may be listening in. if (isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) { call_user_func($modSettings['integrate_reset_pass'], $user_profile[$memID]['memberName'], $user_profile[$memID]['memberName'], $_POST['passwrd1']); } updateMemberData($memID, $profile_vars); require_once $sourcedir . '/Subs-Auth.php'; setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . $user_profile[$memID]['passwordSalt'])); $response = array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64')); return new xmlrpcresp(new xmlrpcval($response, 'struct')); }
function mob__get_thread($_topic = null, $post = null, $start = 0, $limit = 20, $per_page = null, $from_new = false) { global $mobdb, $context, $modSettings, $scripturl, $user_info, $memberContext, $user_profile, $board, $topic; // If we are not given the topic ID, we load the start, limit and the topic $topic = $_topic; $position = 0; if (is_null($topic)) { if (is_null($post) || is_null($per_page)) { mob_error('invalid parameters'); } $limit = $per_page; // Get the topic $request = $mobdb->query(' SELECT ID_TOPIC AS id_topic FROM {db_prefix}messages WHERE id_msg = {int:post}', array('post' => $post)); list($topic) = $mobdb->fetch_row($request); $mobdb->free_result($request); // Get the start value $request = $mobdb->query(' SELECT COUNT(*) FROM {db_prefix}messages WHERE id_msg < {int:msg} AND id_topic = {int:topic}', array('topic' => $topic, 'msg' => $post)); list($start) = $mobdb->fetch_row($request); $position = $start; $mobdb->free_result($request); } // Load the topic info $request = $mobdb->query(' SELECT t.ID_TOPIC AS id_topic, t.ID_FIRST_MSG AS id_first_msg, t.ID_LAST_MSG AS id_last_msg, t.ID_MEMBER_STARTED AS id_member_started, ' . ($user_info['is_guest'] ? '0' : 'ln.ID_TOPIC') . ' AS is_notify, t.locked, t.isSticky AS is_sticky, t.numReplies AS replies, t.numViews As views, ' . ($user_info['is_guest'] ? 't.ID_LAST_MSG + 1' : 'IFNULL(lt.ID_MSG, IFNULL(lmr.ID_MSG, -1)) + 1') . ' AS new_from, b.id_board, b.name, m.subject FROM {db_prefix}topics AS t INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = t.ID_BOARD) INNER JOIN {db_prefix}messages AS m ON (m.ID_MSG = t.ID_FIRST_MSG)' . ($user_info['is_guest'] ? '' : ' LEFT JOIN {db_prefix}log_notify AS ln ON (ln.ID_TOPIC = t.ID_TOPIC AND ln.ID_MEMBER = {int:member}) LEFT JOIN {db_prefix}log_topics AS lt ON (lt.id_topic = {int:topic} AND lt.id_member = {int:member}) LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.id_board = t.ID_BOARD AND lmr.id_member = {int:member})') . ' WHERE t.ID_TOPIC = {int:topic} LIMIT 1', array('topic' => $topic, 'member' => $user_info['id'])); if ($mobdb->num_rows($request) == 0) { mob_error('topic not found or out of reach'); } $topicinfo = $mobdb->fetch_assoc(); $mobdb->free_result($request); if ($from_new) { // Get the start value $request = $mobdb->query(' SELECT COUNT(*) FROM {db_prefix}messages WHERE id_msg < {int:msg} AND id_topic = {int:topic}', array('topic' => $topic, 'msg' => $topicinfo['new_from'])); list($start) = $mobdb->fetch_row($request); $mobdb->free_result($request); $position = $start; $limit = $per_page; } // Emulate the permissions $topic = $topicinfo['id_topic']; $board = $topicinfo['id_board']; loadBoard(); loadPermissions(); // Up the views! if (empty($_SESSION['last_read_topic']) || $_SESSION['last_read_topic'] != $id_topic) { $mobdb->query(' UPDATE {db_prefix}topics SET numViews = numViews + 1 WHERE ID_TOPIC = {int:topic}', array('topic' => $topic)); } // If this user is not a guest, mark this topic as read if (!$user_info['is_guest']) { $mobdb->query(' REPLACE INTO {db_prefix}log_topics (id_member, id_topic, id_msg) VALUES ({int:member}, {int:topic}, {int:msg})', array('member' => $user_info['id'], 'topic' => $topic, 'msg' => $modSettings['maxMsgID'])); } // Set the last read topic $_SESSION['last_read_topic'] = $id_topic; // Fix the start $start = max(0, (int) $start - (int) $start % (int) $limit); // Load posts $posts = array(); $id_posts = array(); $id_members = array(); $request = $mobdb->query(' SELECT m.ID_MSG AS id_msg, m.subject, m.body, m.ID_MEMBER AS id_member, m.smileysEnabled AS smileys_enabled, m.posterName AS poster_name, m.posterTime AS poster_time, ID_MSG_MODIFIED < {int:new_from} AS is_read FROM {db_prefix}messages AS m WHERE m.ID_TOPIC = {int:topic} ORDER BY m.ID_MSG ASC LIMIT {int:start}, {int:limit}', array('topic' => $topic, 'start' => $start, 'limit' => $limit, 'new_from' => $topicinfo['new_from'])); while ($row = $mobdb->fetch_assoc($request)) { $posts[] = $row; $id_posts[] = $row['id_msg']; $id_members[] = $row['id_member']; } $mobdb->free_result($request); // Load all the member data and context loadMemberData($id_members); // Load the attachments if we need to $attachments = array(); if (!empty($modSettings['attachmentEnable']) && allowedTo('view_attachments')) { $request = $mobdb->query(' SELECT a.ID_ATTACH as id_attach, a.filename, thumb.id_attach AS id_thumb, a.ID_MSG AS id_msg, a.width, a.height FROM {db_prefix}attachments AS a LEFT JOIN {db_prefix}attachments AS thumb ON (thumb.id_attach = a.id_thumb) WHERE a.ID_MSG IN ({array_int:msg}) AND a.attachmentType = 0', array('msg' => $id_posts)); while ($row = $mobdb->fetch_assoc($request)) { if (empty($attachments[$row['id_msg']])) { $attachments[$row['id_msg']] = array(); } $attachments[$row['id_msg']][] = new xmlrpcval(array('content_type' => new xmlrpcval(!empty($row['width']) && !empty($row['height']) ? 'image' : 'other', 'string'), 'thumbnail_url' => new xmlrpcval(!empty($row['id_thumb']) ? $scripturl . '?action=dlattach;topic=' . $topic . '.0;attach=' . $row['id_thumb'] . ';image' : '', 'string'), 'url' => new xmlrpcval($scripturl . '?action=dlattach;topic=' . $topic . '.0;attach=' . $row['id_attach'], 'string')), 'struct'); } $mobdb->free_result($request); } $topic_started = $topicinfo['id_member_started'] == $user_info['id'] && !$user_info['is_guest']; // Load the posts into a proper array foreach ($posts as $k => $post) { loadMemberContext($post['id_member']); $post_attachments = isset($attachments[$post['id_msg']]) ? $attachments[$post['id_msg']] : array(); $member = !empty($memberContext[$post['id_member']]) ? $memberContext[$post['id_member']] : array(); $posts[$k] = new xmlrpcval(array('post_id' => new xmlrpcval($post['id_msg'], 'string'), 'post_title' => new xmlrpcval(processSubject($post['subject']), 'base64'), 'post_content' => new xmlrpcval(processBody($post['body']), 'base64'), 'post_author_id' => new xmlrpcval(!empty($member) ? $member['id'] : 0, 'string'), 'post_author_name' => new xmlrpcval(processUsername(!empty($member) ? $member['name'] : $row['poster_name']), 'base64'), 'is_online' => new xmlrpcval(!empty($member) ? $user_profile[$post['id_member']]['isOnline'] : false, 'boolean'), 'can_edit' => new xmlrpcval((!$topicinfo['locked'] || allowedTo('moderate_board')) && (allowedTo('modify_any') || allowedTo('modify_replies') && $topic_started || allowedTo('modify_own') && $post['id_member'] == $user_info['id']), 'boolean'), 'icon_url' => new xmlrpcval($member['avatar']['href'], 'string'), 'post_time' => new xmlrpcval(mobiquo_time($post['poster_time']), 'dateTime.iso8601'), 'allow_smileys' => new xmlrpcval($post['smileys_enabled'], 'boolean'), 'attachments' => new xmlrpcval($post_attachments, 'array'), 'can_delete' => new xmlrpcval($post['id_msg'] != $topicinfo['id_first_msg'] && (allowedTo('delete_any') || allowedTo('delete_replies') && $topic_started || allowedTo('delete_own') && $user_info['id'] == $post['id_member']), 'boolean'), 'can_approve' => new xmlrpcval(false, 'boolean'), 'can_stick' => new xmlrpcval(allowedTo('make_sticky'), 'boolean'), 'can_move' => new xmlrpcval($topicinfo['id_first_msg'] != $post['id_msg'] && (allowedTo('move_any') || $topic_started && allowedTo('move_own')), 'boolean'), 'can_ban' => new xmlrpcval(allowedTo('manage_bans'), 'boolean')), 'struct'); } // Return the topic return new xmlrpcresp(new xmlrpcval(array('total_post_num' => new xmlrpcval($topicinfo['replies'] + 1, 'int'), 'forum_id' => new xmlrpcval($topicinfo['id_board'], 'string'), 'forum_name' => new xmlrpcval(processSubject($topicinfo['name']), 'base64'), 'topic_id' => new xmlrpcval($topicinfo['id_topic'], 'string'), 'topic_title' => new xmlrpcval(processSubject($topicinfo['subject']), 'base64'), 'view_number' => new xmlrpcval($topicinfo['views'], 'int'), 'is_subscribed' => new xmlrpcval($topicinfo['is_notify'], 'boolean'), 'can_subscribe' => new xmlrpcval(allowedTo('mark_notify') && !$user_info['is_guest'], 'boolean'), 'is_closed' => new xmlrpcval($topicinfo['locked'], 'boolean'), 'can_reply' => new xmlrpcval(allowedTo('post_reply_any') || allowedTo('post_reply_own') && $topic_started, 'boolean'), 'can_delete' => new xmlrpcval(allowedTo('remove_any') || $topic_started && allowedTo('remove_own'), 'boolean'), 'can_close' => new xmlrpcval(allowedTo('lock_any') || $topic_started && allowedTo('lock_own'), 'boolean'), 'can_approve' => new xmlrpcval(false, 'boolean'), 'can_stick' => new xmlrpcval(allowedTo('make_sticky'), 'boolean'), 'can_move' => new xmlrpcval(allowedTo('move_any') || $topic_started && allowedTo('move_own'), 'boolean'), 'can_rename' => new xmlrpcval(allowedTo('modify_any') || $topic_started && allowedTo('modify_own'), 'boolean'), 'can_ban' => new xmlrpcval(allowedTo('manage_bans'), 'boolean'), 'position' => new xmlrpcval($position, 'int'), 'posts' => new xmlrpcval($posts, 'array')), 'struct')); }
function smf_main() { global $modSettings, $settings, $user_info, $board, $topic, $board_info, $maintenance, $sourcedir, $request_name, $txt, $user_settings, $mobiquo_config, $topic_per_page, $limit_num; // Load the user's cookie (or set as guest) and load their settings. loadUserSettings(); // Load the current board's information. loadBoard(); // Load the current user's permissions. loadPermissions(); // Attachments don't require the entire theme to be loaded. loadTheme(); header('Mobiquo_is_login:'******'context']['user']['is_logged'] ? 'true' : 'false')); // Check if the user should be disallowed access. if (!in_array($request_name, array('get_config', 'login'))) { is_not_banned(); } // If we are in a topic and don't have permission to approve it then duck out now. if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest'])) { //fatal_lang_error('not_a_topic', false); get_error('The topic is not approved'); } // Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc. if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], array('dlattach', 'findmember', 'jseditor', 'jsoption', 'requestmembers', 'smstats', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewsmfile'))) { // Log this user as online. writeLog(); // Track forum statistics and hits...? if (!empty($modSettings['hitStats'])) { trackStats(array('hits' => '+')); } } // Is the forum in maintenance mode? (doesn't apply to administrators.) if (!empty($maintenance) && !allowedTo('admin_forum')) { if ($request_name != 'get_config' && $request_name != 'login') { get_error($txt['maintain_mode_on']); } } elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('push_content_check', 'user_subscription', 'set_api_key', 'reset_push_slug', 'prefetch_account', 'update_password', 'forget_password', 'sign_in', 'coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'smstats', 'mailq', 'verificationcode', 'openidreturn')))) { if ($request_name != 'get_config' && $request_name != 'prefetch_account') { loadLanguage('Login'); get_error($txt['only_members_can_access']); //require_once($sourcedir . '/Subs-Auth.php'); //return 'KickGuest'; } } //-------------transform input data to local character set if needed utf8_to_local(); //-------------change some setting for tapatalk display $settings['message_index_preview'] = 1; $modSettings['todayMod_bak'] = $modSettings['todayMod']; $modSettings['todayMod'] = 0; $user_settings['pm_prefs'] = 0; $user_info['user_time_format'] = $user_info['time_format']; $user_info['time_format'] = '%Y%m%dT%H:%M:%S+00:00'; $modSettings['disableCustomPerPage'] = 1; $modSettings['disableCheckUA'] = 1; $modSettings['defaultMaxMessages'] = isset($limit_num) ? $limit_num : 20; $modSettings['defaultMaxMembers'] = 100; $modSettings['search_results_per_page'] = isset($topic_per_page) && $topic_per_page > 0 ? $topic_per_page : 20; $modSettings['defaultMaxTopics'] = isset($topic_per_page) && $topic_per_page > 0 ? $topic_per_page : 20; $modSettings['disable_pm_verification'] = $mobiquo_config['disable_pm_verification']; //-------------do something before action-------------- if (function_exists('before_action_' . $request_name)) { call_user_func('before_action_' . $request_name); } if (empty($_REQUEST['action']) && !empty($board)) { if (empty($topic)) { require_once 'include/MessageIndex.php'; return 'MessageIndex'; } else { require_once 'include/Display.php'; return 'Display'; } } // Here's the monstrous $_REQUEST['action'] array - $_REQUEST['action'] => array($file, $function). $actionArray = array('activate' => array('Register.php', 'Activate'), 'admin' => array('Admin.php', 'AdminMain'), 'announce' => array('Post.php', 'AnnounceTopic'), 'attachapprove' => array('ManageAttachments.php', 'ApproveAttach'), 'buddy' => array('Subs-Members.php', 'BuddyListToggle'), 'calendar' => array('Calendar.php', 'CalendarMain'), 'clock' => array('Calendar.php', 'clock'), 'collapse' => array('BoardIndex.php', 'CollapseCategory'), 'coppa' => array('Register.php', 'CoppaForm'), 'credits' => array('Who.php', 'Credits'), 'deletemsg' => array('RemoveTopic.php', 'DeleteMessage'), 'display' => array('Display.php', 'Display'), 'dlattach' => array('Display.php', 'Download'), 'editpoll' => array('Poll.php', 'EditPoll'), 'editpoll2' => array('Poll.php', 'EditPoll2'), 'emailuser' => array('SendTopic.php', 'EmailUser'), 'findmember' => array('Subs-Auth.php', 'JSMembers'), 'groups' => array('Groups.php', 'Groups'), 'help' => array('Help.php', 'ShowHelp'), 'helpadmin' => array('Help.php', 'ShowAdminHelp'), 'im' => array('PersonalMessage.php', 'MessageMain'), 'jseditor' => array('Subs-Editor.php', 'EditorMain'), 'jsmodify' => array('Post.php', 'JavaScriptModify'), 'jsoption' => array('Themes.php', 'SetJavaScript'), 'lock' => array('LockTopic.php', 'LockTopic'), 'lockvoting' => array('Poll.php', 'LockVoting'), 'login' => array('LogInOut.php', 'Login'), 'login2' => array('LogInOut.php', 'Login2'), 'logout' => array('LogInOut.php', 'Logout'), 'markasread' => array('Subs-Boards.php', 'MarkRead'), 'mergetopics' => array('SplitTopics.php', 'MergeTopics'), 'mlist' => array('Memberlist.php', 'Memberlist'), 'moderate' => array('ModerationCenter.php', 'ModerationMain'), 'modifycat' => array('ManageBoards.php', 'ModifyCat'), 'modifykarma' => array('Karma.php', 'ModifyKarma'), 'movetopic' => array('MoveTopic.php', 'MoveTopic'), 'movetopic2' => array('MoveTopic.php', 'MoveTopic2'), 'notify' => array('Notify.php', 'Notify'), 'notifyboard' => array('Notify.php', 'BoardNotify'), 'openidreturn' => array('Subs-OpenID.php', 'smf_openID_return'), 'pm' => array('PersonalMessage.php', 'MessageMain'), 'post' => array('Post.php', 'Post'), 'post2' => array('Post.php', 'Post2'), 'printpage' => array('Printpage.php', 'PrintTopic'), 'profile' => array('Profile.php', 'ModifyProfile'), 'quotefast' => array('Post.php', 'QuoteFast'), 'quickmod' => array('MessageIndex.php', 'QuickModeration'), 'quickmod2' => array('Display.php', 'QuickInTopicModeration'), 'recent' => array('Recent.php', 'RecentPosts'), 'register' => array('Register.php', 'Register'), 'register2' => array('Register.php', 'Register2'), 'reminder' => array('Reminder.php', 'RemindMe'), 'removepoll' => array('Poll.php', 'RemovePoll'), 'removetopic2' => array('RemoveTopic.php', 'RemoveTopic2'), 'reporttm' => array('SendTopic.php', 'ReportToModerator'), 'requestmembers' => array('Subs-Auth.php', 'RequestMembers'), 'restoretopic' => array('RemoveTopic.php', 'RestoreTopic'), 'search' => array('Search.php', 'PlushSearch1'), 'search2' => array('Search.php', 'PlushSearch2'), 'sendtopic' => array('SendTopic.php', 'EmailUser'), 'smstats' => array('Stats.php', 'SMStats'), 'suggest' => array('Subs-Editor.php', 'AutoSuggestHandler'), 'spellcheck' => array('Subs-Post.php', 'SpellCheck'), 'splittopics' => array('SplitTopics.php', 'SplitTopics'), 'stats' => array('Stats.php', 'DisplayStats'), 'sticky' => array('LockTopic.php', 'Sticky'), 'theme' => array('Themes.php', 'ThemesMain'), 'trackip' => array('Profile-View.php', 'trackIP'), 'about:mozilla' => array('Karma.php', 'BookOfUnknown'), 'about:unknown' => array('Karma.php', 'BookOfUnknown'), 'unread' => array('Recent.php', 'UnreadTopics'), 'unreadreplies' => array('Recent.php', 'UnreadTopics'), 'verificationcode' => array('Register.php', 'VerificationCode'), 'viewprofile' => array('Profile.php', 'ModifyProfile'), 'vote' => array('Poll.php', 'Vote'), 'viewquery' => array('ViewQuery.php', 'ViewQuery'), 'viewsmfile' => array('Admin.php', 'DisplayAdminFile'), 'who' => array('Who.php', 'Who'), '.xml' => array('News.php', 'ShowXmlFeed'), 'xmlhttp' => array('Xml.php', 'XMLhttpMain')); // Allow modifying $actionArray easily. call_integration_hook('integrate_actions', array(&$actionArray)); //error_log($request_name.'-'.$_REQUEST['action']); //for debugging // Get the function and file to include - if it's not there, do the board index. if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']])) { if (function_exists('action_' . $request_name)) { return 'action_' . $request_name; } else { get_error('Invalid action'); } } $local_action = array('login2', 'post', 'post2', 'who', 'profile', 'notify', 'notifyboard', 'markasread', 'unread', 'search2', 'pm', 'logout'); // Otherwise, it was set - so let's go to that action. if (in_array($_REQUEST['action'], $local_action)) { if (file_exists(TT_ROOT . 'include/' . $actionArray[$_REQUEST['action']][0])) { require_once TT_ROOT . 'include/' . $actionArray[$_REQUEST['action']][0]; } else { if (file_exists($sourcedir . '/' . $actionArray[$_REQUEST['action']][0])) { require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0]; } } } else { if (file_exists($sourcedir . '/' . $actionArray[$_REQUEST['action']][0])) { require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0]; } } return $actionArray[$_REQUEST['action']][1]; }
function method_report_post() { global $context, $mobdb, $modSettings, $scripturl, $user_info, $sourcedir, $txt; // Get the message ID if (!isset($context['mob_request']['params'][0])) { outputRPCResult(false, $txt['smf272']); } $id_msg = (int) $context['mob_request']['params'][0][0]; $reason = utf8ToAscii(base64_decode($context['mob_request']['params'][1][0])); require_once $sourcedir . '/Subs-Post.php'; $mobdb->query("\n SELECT m.subject, m.ID_MEMBER, m.posterName, mem.realName, m.ID_TOPIC, m.ID_BOARD\n FROM {db_prefix}messages AS m\n LEFT JOIN {db_prefix}members AS mem ON (m.ID_MEMBER = mem.ID_MEMBER)\n WHERE m.ID_MSG = {$id_msg}\n LIMIT 1", array()); if ($mobdb->num_rows() == 0) { outputRPCResult(false, $txt['smf272']); } $message_info = $mobdb->fetch_assoc(); global $topic, $board; list($subject, $member, $posterName, $realName, $topic, $board) = array($message_info['subject'], $message_info['ID_MEMBER'], $message_info['posterName'], $message_info['realName'], $message_info['ID_TOPIC'], $message_info['ID_BOARD']); $mobdb->free_result(); loadBoard(); loadPermissions(); // You can't use this if it's off or you are not allowed to do it. if (!allowedTo('report_any')) { outputRPCResult(false, $txt['cannot_report_any']); } spamProtection('spam'); if ($member == $user_info['id']) { outputRPCResult(false, $txt['rtm_not_own']); } $posterName = un_htmlspecialchars($realName) . ($realName != $posterName ? ' (' . $posterName . ')' : ''); $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : ''); $subject = un_htmlspecialchars($subject); // Get a list of members with the moderate_board permission. require_once $sourcedir . '/Subs-Members.php'; $moderators = membersAllowedTo('moderate_board', $board); $mobdb->query("\n SELECT ID_MEMBER, emailAddress, lngfile\n FROM {db_prefix}members\n WHERE ID_MEMBER IN (" . implode(', ', $moderators) . ")\n AND notifyTypes != 4\n ORDER BY lngfile", array()); // Check that moderators do exist! if ($mobdb->num_rows() == 0) { outputRPCResult(false, $txt['rtm11']); } // Send every moderator an email. while ($row = $mobdb->fetch_assoc()) { loadLanguage('Post', empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'], false); // Send it to the moderator. sendmail($row['emailAddress'], $txt['rtm3'] . ': ' . $subject . ' ' . $txt['rtm4'] . ' ' . $posterName, sprintf($txt['rtm_email1'], $subject) . ' ' . $posterName . ' ' . $txt['rtm_email2'] . ' ' . (empty($user_info['id']) ? $txt['guest'] . ' (' . $user_info['ip'] . ')' : $reporterName) . ' ' . $txt['rtm_email3'] . ":\n\n" . $scripturl . '?topic=' . $topic . '.msg' . $id_msg . '#msg' . $id_msg . "\n\n" . $txt['rtm_email_comment'] . ":\n" . $reason . "\n\n" . $txt[130], $user_info['email']); } $mobdb->free_result(); outputRPCResult(true); }
function mob_get_topic($rpcmsg) { global $mobdb, $mobsettings, $modSettings, $context, $scripturl, $user_info, $board; $id_board = $board = (int) $rpcmsg->getScalarValParam(0); loadBoard(); loadPermissions(); // Load the start and end $start = $rpcmsg->getScalarValParam(1); $end = $rpcmsg->getScalarValParam(2); $count = $end - $start > 50 ? 50 : $end - $start + 1; if ($rpcmsg->getParam(3) && $rpcmsg->getScalarValParam(3) == 'ANN') { mob_error('No announcement'); } $sticky = false; // Are we requesting sticky topics only? if ($rpcmsg->getParam(3) && $rpcmsg->getScalarValParam(3) == 'TOP') { $sticky = true; } // Can you access this board? $mobdb->query(' SELECT b.ID_BOARD AS id_board, b.name AS board_name FROM {db_prefix}boards AS b WHERE {query_see_board} AND b.ID_BOARD = {int:board}', array('board' => $id_board)); if ($mobdb->num_rows() == 0) { mob_error('invalid board'); } $board_info = $mobdb->fetch_assoc(); $mobdb->free_result(); $board_info['can_post_new'] = allowedTo('post_new'); // Get unread sticky topics num $board_info['unread_sticky_count'] = 0; // if (!$user_info['is_guest']) // { // $mobdb->query(' // SELECT COUNT(*), IFNULL(lt.ID_MSG, IFNULL(lmr.ID_MSG, -1)) + 1 AS new_from, lm.Id_MSG_MODIFIED as id_msg_modified // FROM {db_prefix}topics AS t // LEFT JOIN {db_prefix}messages AS lm ON (t.ID_LAST_MSG = lm.ID_MSG) // LEFT JOIN {db_prefix}log_topics AS lt ON (lt.ID_TOPIC = t.ID_TOPIC AND lt.ID_MEMBER = {int:current_member}) // LEFT JOIN {db_prefix}log_mark_read AS lmr ON (lmr.ID_BOARD = {int:board} AND lmr.ID_MEMBER = {int:current_member}) // WHERE t.ID_BOARD = {int:board} // AND t.isSticky = 1 // HAVING new_from <= id_msg_modified', // array( // 'current_member' => $user_info['id'], // 'board' => $id_board, // ) // ); // list ($board_info['unread_sticky_count']) = $mobdb->fetch_row(); // $mobdb->free_result(); // } // Get the total $mobdb->query(' SELECT COUNT(*) FROM {db_prefix}topics AS t WHERE t.ID_BOARD = {int:board} AND t.isSticky = ' . ($sticky ? 1 : 0), array('board' => $id_board)); list($board_info['total_topic_num']) = $mobdb->fetch_row(); $mobdb->free_result(); // Return the output return new xmlrpcresp(new xmlrpcval(array('total_topic_num' => new xmlrpcval($board_info['total_topic_num'], 'int'), 'forum_id' => new xmlrpcval($board_info['id_board'], 'string'), 'forum_name' => new xmlrpcval(processSubject($board_info['board_name']), 'base64'), 'can_post' => new xmlrpcval($board_info['can_post_new'], 'boolean'), 'unread_sticky_count' => new xmlrpcval($board_info['unread_sticky_count'], 'int'), 'topics' => new xmlrpcval(get_topics('t.ID_BOARD = {int:board} AND t.isSticky = ' . ($sticky ? 1 : 0), array('board' => $id_board), $start, $count, true), 'array')), 'struct')); }