/**
* Standard modular run function for snippet hooks. Generates XHTML to insert into a page using AJAX.
*
* @return tempcode The snippet
*/
function run()
{
if (get_option('is_on_comments') == '0') {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
$serialized_options = get_param('serialized_options', false, true);
$hash = get_param('hash');
if (best_hash($serialized_options, get_site_salt()) != $hash) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
secure_serialized_data($serialized_options);
list($topic_id, $num_to_show_limit, $allow_comments, $invisible_if_no_comments, $forum, $reverse, $may_reply, $highlight_by_user, $allow_reviews) = unserialize($serialized_options);
$posts = array_map('intval', explode(',', get_param('ids', false, true)));
$_parent_id = get_param('id', '');
$parent_id = $_parent_id == '' ? mixed() : intval($_parent_id);
require_code('topics');
$renderer = new OCP_Topic();
return $renderer->render_posts_from_topic($topic_id, $num_to_show_limit, $allow_comments, $invisible_if_no_comments, $forum, NULL, $reverse, $may_reply, $highlight_by_user, $allow_reviews, $posts, $parent_id);
}
/**
* Do an AJAX comment post
*/
function post_comment_script()
{
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// Date in the past
// Read in context of what we're doing
$options = post_param('options');
secure_serialized_data($options);
list($page_name, $content_id, $allow_comments, $submitter, $content_url, $content_title, $forum) = unserialize($options);
// Check security
$hash = post_param('hash');
if (best_hash($options, get_site_salt()) != $hash) {
header('Content-Type: text/plain; charset=' . get_charset());
exit;
}
// Post comment
actualise_post_comment($allow_comments >= 1, $page_name, $content_id, $content_url, $content_title, $forum);
// Get new comments state
$comment_details = get_comments($page_name, $allow_comments == 1, $content_id, false, $forum, NULL, NULL, false, false, $submitter, $allow_comments == 2);
// And output as text
header('Content-Type: text/plain; charset=' . get_charset());
$comment_details->evaluate_echo();
}
/**
* Do a cookie login.
*
* @return MEMBER Logged in member (NULL: no login happened)
*/
function try_cookie_login()
{
$member = NULL;
// Preprocess if this is a serialized cookie
$member_cookie_name = get_member_cookie();
$bar_pos = strpos($member_cookie_name, '|');
$colon_pos = strpos($member_cookie_name, ':');
if ($colon_pos !== false) {
$base = substr($member_cookie_name, 0, $colon_pos);
if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
$real_member_cookie = substr($member_cookie_name, $colon_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1);
$the_cookie = $_COOKIE[$base];
if (get_magic_quotes_gpc()) {
$the_cookie = stripslashes($_COOKIE[$base]);
}
secure_serialized_data($the_cookie, array());
$unserialize = @unserialize($the_cookie);
if (is_array($unserialize)) {
if (array_key_exists($real_member_cookie, $unserialize)) {
$the_member = $unserialize[$real_member_cookie];
if (get_magic_quotes_gpc()) {
$the_member = addslashes(@strval($the_member));
}
$_COOKIE[get_member_cookie()] = $the_member;
}
if (array_key_exists($real_pass_cookie, $unserialize)) {
$the_pass = $unserialize[$real_pass_cookie];
if (get_magic_quotes_gpc()) {
$the_pass = addslashes($the_pass);
}
$_COOKIE[get_pass_cookie()] = $the_pass;
}
}
}
} elseif ($bar_pos !== false) {
$base = substr($member_cookie_name, 0, $bar_pos);
if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
$real_member_cookie = substr($member_cookie_name, $bar_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $bar_pos + 1);
$the_cookie = $_COOKIE[$base];
if (get_magic_quotes_gpc()) {
$the_cookie = stripslashes($_COOKIE[$base]);
}
$cookie_contents = explode('||', $the_cookie);
$the_member = $cookie_contents[intval($real_member_cookie)];
if (get_magic_quotes_gpc()) {
$the_member = addslashes($the_member);
}
$_COOKIE[get_member_cookie()] = $the_member;
$the_pass = $cookie_contents[intval($real_pass_cookie)];
if (get_magic_quotes_gpc()) {
$the_pass = addslashes($the_pass);
}
$_COOKIE[get_pass_cookie()] = $the_pass;
}
}
if (array_key_exists(get_member_cookie(), $_COOKIE) && array_key_exists(get_pass_cookie(), $_COOKIE)) {
$store = $_COOKIE[get_member_cookie()];
$pass = $_COOKIE[get_pass_cookie()];
if (get_magic_quotes_gpc()) {
$store = stripslashes($store);
$pass = stripslashes($pass);
}
if ($GLOBALS['FORUM_DRIVER']->is_cookie_login_name()) {
$username = $store;
$store = strval($GLOBALS['FORUM_DRIVER']->get_member_from_username($store));
} else {
$username = $GLOBALS['FORUM_DRIVER']->get_username(intval($store));
}
$member = intval($store);
if (!is_guest($member)) {
if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
// Test password hash
$login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, $pass, $pass, true);
$member = $login_array['id'];
} else {
// Test password plain
$login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, apply_forum_driver_md5_variant($pass, $username), $pass, true);
$member = $login_array['id'];
}
if (!is_null($member)) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
create_session($member, 0, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
}
}
}
return $member;
}
/**
* Find a group of members the newsletter will go to.
*
* @param array A map describing what newsletters and newsletter levels the newsletter is being sent to
* @param LANGUAGE_NAME The language
* @param integer Start position in result set (results are returned in parallel for each category of result)
* @param integer Maximum records to return from each category
* @param boolean Whether to get raw rows rather than mailer-ready correspondance lists
* @param string Serialized CSV data to also consider
* @return array Returns a tuple of corresponding detail lists, emails,hashes,usernames,forenames,surnames,ids, and a record count for levels (depending on requests: csv, 1, <newsletterID>, g<groupID>) [record counts not returned if $start is not zero, for performance reasons]
*/
function newsletter_who_send_to($send_details, $lang, $start, $max, $get_raw_rows = false, $csv_data = '')
{
// Find who to send to
$level = 0;
$usernames = array();
$forenames = array();
$surnames = array();
$emails = array();
$ids = array();
$hashes = array();
$total = array();
$raw_rows = array();
// Standard newsletter subscribers
$newsletters = $GLOBALS['SITE_DB']->query_select('newsletters', array('*'));
foreach ($newsletters as $newsletter) {
$this_level = array_key_exists(strval($newsletter['id']), $send_details) ? $send_details[strval($newsletter['id'])] : 0;
if ($this_level != 0) {
$where_lang = multi_lang() ? db_string_equal_to('language', $lang) . ' AND ' : '';
$query = ' FROM ' . get_table_prefix() . 'newsletter_subscribe s LEFT JOIN ' . get_table_prefix() . 'newsletter n ON n.email=s.email WHERE ' . $where_lang . 'code_confirm=0 AND s.newsletter_id=' . strval($newsletter['id']) . ' AND the_level>=' . strval((int) $this_level);
$temp = $GLOBALS['SITE_DB']->query('SELECT n.id,n.email,the_password,n_forename,n_surname' . $query, $max, $start);
if ($start == 0) {
$test = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'newsletter_subscribe WHERE newsletter_id=' . strval($newsletter['id']) . ' AND the_level>=' . strval((int) $this_level));
if ($test > 10000) {
$total[strval($newsletter['id'])] = $test;
} else {
$total[strval($newsletter['id'])] = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*)' . $query);
}
}
foreach ($temp as $_temp) {
if (!in_array($_temp['email'], $emails)) {
if (!$get_raw_rows) {
$emails[] = $_temp['email'];
$forenames[] = $_temp['n_forename'];
$surnames[] = $_temp['n_surname'];
$username = trim($_temp['n_forename'] . ' ' . $_temp['n_surname']);
if ($username == '') {
$username = do_lang('NEWSLETTER_SUBSCRIBER', get_site_name());
}
$usernames[] = $username;
$ids[] = 'n' . strval($_temp['id']);
$hashes[] = best_hash($_temp['the_password'], 'xunsub');
} else {
$raw_rows[] = $_temp;
}
}
}
}
$level = max($level, $this_level);
}
// OCF imports
if (get_forum_type() == 'ocf') {
$where_lang = multi_lang() ? '(' . db_string_equal_to('m_language', $lang) . ' OR ' . db_string_equal_to('m_language', '') . ') AND ' : '';
// Usergroups
$groups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list();
foreach ($send_details as $_id => $is_on) {
if (is_string($_id) && substr($_id, 0, 1) == 'g' && $is_on == 1) {
$id = intval(substr($_id, 1));
global $SITE_INFO;
if (isset($SITE_INFO['mysql_old']) && $SITE_INFO['mysql_old'] == '1' || !isset($SITE_INFO['mysql_old']) && is_file(get_file_base() . '/mysql_old')) {
$query = 'SELECT xxxxx FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members m LEFT JOIN ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_group_members g ON m.id=g.gm_member_id AND g.gm_validated=1 WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1 AND (gm_group_id=' . strval($id) . ' OR m_primary_group=' . strval($id) . ')';
if (get_option('allow_email_from_staff_disable') == '1') {
$query .= ' AND m_allow_emails=1';
}
$query .= ' AND m_is_perm_banned=0';
} else {
$query = 'SELECT xxxxx FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members m LEFT JOIN ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_group_members g ON m.id=g.gm_member_id AND g.gm_validated=1 WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1 AND gm_group_id=' . strval($id);
if (get_option('allow_email_from_staff_disable') == '1') {
$query .= ' AND m_allow_emails=1';
}
$query .= ' AND m_is_perm_banned=0';
$query .= ' UNION SELECT xxxxx FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members m WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1 AND m_primary_group=' . strval($id);
if (get_option('allow_email_from_staff_disable') == '1') {
$query .= ' AND m_allow_emails=1';
}
$query .= ' AND m_is_perm_banned=0';
}
$_rows = $GLOBALS['FORUM_DB']->query(str_replace('xxxxx', 'm.id,m.m_email_address,m.m_username', $query), $max, $start, false, true);
if ($start == 0) {
$total['g' . strval($id)] = $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT (' . str_replace(' UNION ', ') + (', str_replace('xxxxx', 'COUNT(*)', $query)) . ')', false, true);
}
foreach ($_rows as $row) {
if (!in_array($row['m_email_address'], $emails)) {
if (!$get_raw_rows) {
$emails[] = $row['m_email_address'];
$forenames[] = '';
$surnames[] = '';
$usernames[] = $row['m_username'];
$ids[] = 'm' . strval($row['id']);
$hashes[] = '';
} else {
$raw_rows[] = $row;
}
}
}
}
}
// *All* OCF members (we could have chosen all usergroups, but for legacy reasons we still have this option)
if (array_key_exists('-1', $send_details) ? $send_details['-1'] : 0 == 1) {
$query = ' FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members WHERE ' . db_string_not_equal_to('m_email_address', '') . ' AND ' . $where_lang . 'm_validated=1';
if (get_option('allow_email_from_staff_disable') == '1') {
$query .= ' AND m_allow_emails=1';
}
$query .= ' AND m_is_perm_banned=0';
$_rows = $GLOBALS['FORUM_DB']->query('SELECT id,m_email_address,m_username' . $query, $max, $start);
if ($start == 0) {
$total['-1'] = $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT COUNT(*)' . $query);
}
foreach ($_rows as $_temp) {
if (!in_array($_temp['m_email_address'], $emails)) {
if (!$get_raw_rows) {
$emails[] = $_temp['m_email_address'];
$forenames[] = '';
$surnames[] = '';
$usernames[] = $_temp['m_username'];
$ids[] = 'm' . strval($_temp['id']);
$hashes[] = '';
} else {
$raw_rows[] = $_temp;
}
}
}
}
}
// From CSV
if ($csv_data != '') {
secure_serialized_data($csv_data, array());
$_csv_data = unserialize($csv_data);
$email_index = 0;
$forename_index = 1;
$surname_index = 2;
$username_index = 3;
$id_index = 4;
$hash_index = 5;
if ($start == 0) {
$total['csv'] = 0;
}
$pos = 0;
foreach ($_csv_data as $i => $csv_line) {
if ($i <= 1 && count($csv_line) >= 1 && isset($csv_line[0]) && strpos($csv_line[0], '@') === false && isset($csv_line[1]) && strpos($csv_line[1], '@') === false) {
foreach ($csv_line as $j => $val) {
if (in_array(strtolower($val), array('e-mail', 'email', 'email address', 'e-mail address'))) {
$email_index = $j;
}
if (in_array(strtolower($val), array('forename', 'forenames', 'first name'))) {
$forename_index = $j;
}
if (in_array(strtolower($val), array('surname', 'surnames', 'last name'))) {
$surname_index = $j;
}
if (in_array(strtolower($val), array('username'))) {
$username_index = $j;
}
if (in_array(strtolower($val), array('id', 'identifier'))) {
$id_index = $j;
}
if (in_array(strtolower($val), array('hash', 'password', 'pass', 'code', 'secret'))) {
$hash_index = $j;
}
}
continue;
}
if (count($csv_line) >= 1 && !is_null($csv_line[$email_index]) && strpos($csv_line[$email_index], '@') !== false) {
if ($pos >= $start && $pos - $start < $max) {
if (!$get_raw_rows) {
$emails[] = $csv_line[$email_index];
$forenames[] = array_key_exists($forename_index, $csv_line) ? $csv_line[$forename_index] : '';
$surnames[] = array_key_exists($surname_index, $csv_line) ? $csv_line[$surname_index] : '';
$usernames[] = array_key_exists($username_index, $csv_line) ? $csv_line[$username_index] : '';
$ids[] = array_key_exists($id_index, $csv_line) ? $csv_line[$id_index] : '';
$hashes[] = array_key_exists($hash_index, $csv_line) ? $csv_line[$hash_index] : '';
} else {
$raw_rows[] = $csv_line;
}
}
if ($start == 0) {
$total['csv']++;
}
$pos++;
}
}
}
return array($emails, $hashes, $usernames, $forenames, $surnames, $ids, $total, $raw_rows);
}
/**
* AJAX script for dynamically extended selection tree.
*/
function ajax_tree_script()
{
// Closed site
$site_closed = get_option('site_closed');
if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
header('Content-Type: text/plain');
@exit(get_option('closed'));
}
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// Date in the past
header('Content-Type: text/xml');
$hook = filter_naughty_harsh(get_param('hook'));
require_code('hooks/systems/ajax_tree/' . $hook);
$object = object_factory('Hook_' . $hook);
convert_data_encodings(true);
$id = get_param('id', '', true);
if ($id == '') {
$id = NULL;
}
@ini_set('ocproducts.xss_detect', '0');
$html_mask = get_param_integer('html_mask', 0) == 1;
if (!$html_mask) {
echo '<?xml version="1.0" encoding="' . get_charset() . '"?' . '>';
}
echo $html_mask ? '<html>' : '<request>';
$_options = get_param('options', '', true);
if ($_options == '') {
$_options = serialize(array());
}
secure_serialized_data($_options);
$options = @unserialize($_options);
if ($options === false) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
$val = $object->run($id, $options, get_param('default', NULL, true));
echo str_replace('</body>', '<br id="ended" /></body>', $val);
echo $html_mask ? '</html>' : '</request>';
}
