/** * Check if the current user has permission to perform a ModCP action on another user * * @param int The user ID to perform the action on. * @param int the moderators user ID * @return boolean True if the user has necessary permissions */ function modcp_can_manage_user($uid) { global $mybb; $user_permissions = user_permissions($uid); // Current user is only a local moderator or use with ModCP permissions, cannot manage super mods or admins if ($mybb->usergroup['issupermod'] == 0 && ($user_permissions['issupermod'] == 1 || $user_permissions['cancp'] == 1)) { return false; } else { if ($user_permissions['cancp'] == 1 && ($mybb->usergroup['cancp'] != 1 || is_super_admin($uid) && !is_super_admin($mybb->user['uid']))) { return false; } } return true; }
function automedia_flv($message) { global $mybb, $db, $post, $postrow, $pmid, $memprofile, $width, $height; /** *Example: *www.gugelproductions.de/blog/wp-content/fltest.flv */ if (preg_match('<a href=\\"(http://)?(www.)?(.*)\\.flv\\">isU', $message)) { if (THIS_SCRIPT == "private.php") { $priv = intval($pmid); $query = $db->simple_select("privatemessages", "fromid", "pmid='{$priv}'"); $privuid = $db->fetch_array($query); $puid = intval($privuid['fromid']); } else { if (THIS_SCRIPT == "usercp.php") { $puid = intval($mybb->user['uid']); } else { if (THIS_SCRIPT == "member.php") { $puid = intval($memprofile['uid']); } else { if (THIS_SCRIPT == "printthread.php") { $puid = intval($postrow['uid']); } else { $puid = intval($post['uid']); } } } } //Get the posters usergroup $permissions = user_permissions($puid); switch ($mybb->settings['av_flashadmin']) { case "admin": if ($permissions['cancp'] == 1) { $message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.flv)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object id=\"flowplayer\" width=\"{$width}\" height=\"{$height}\" data=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" type=\"application/x-shockwave-flash\"><param name=\"movie\" value=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" /><param name=\"allowfullscreen\" value=\"true\" /><param name=\"flashvars\" value='config={\"clip\":{\"url\":\"\$2\$3\$4/\$5\",\"autoPlay\":false}}' /></object></div>", $message); } break; case "mods": if ($permissions['cancp'] == 1 || $permissions['canmodcp'] == 1) { $message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.flv)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object id=\"flowplayer\" width=\"{$width}\" height=\"{$height}\" data=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" type=\"application/x-shockwave-flash\"><param name=\"movie\" value=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" /><param name=\"allowfullscreen\" value=\"true\" /><param name=\"flashvars\" value='config={\"clip\":{\"url\":\"\$2\$3\$4/\$5\",\"autoPlay\":false}}' /></object></div>", $message); } break; case "all": $message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.flv)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object id=\"flowplayer\" width=\"{$width}\" height=\"{$height}\" data=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" type=\"application/x-shockwave-flash\"><param name=\"movie\" value=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" /><param name=\"allowfullscreen\" value=\"true\" /><param name=\"flashvars\" value='config={\"clip\":{\"url\":\"\$2\$3\$4/\$5\",\"autoPlay\":false}}' /></object></div>", $message); break; } } return $message; }
function automedia_swf($message) { global $mybb, $db, $post, $postrow, $pmid, $memprofile, $width, $height; /** *Example: *http://www.arcadecabin.com/games/crazy-taxi.swf */ if (preg_match('<a href=\\"(http://)?(www.)?(.*)\\.swf\\">isU', $message)) { if (THIS_SCRIPT == "private.php") { $priv = intval($pmid); $query = $db->simple_select("privatemessages", "fromid", "pmid='{$priv}'"); $privuid = $db->fetch_array($query); $puid = intval($privuid['fromid']); } else { if (THIS_SCRIPT == "usercp.php") { $puid = intval($mybb->user['uid']); } else { if (THIS_SCRIPT == "member.php") { $puid = intval($memprofile['uid']); } else { if (THIS_SCRIPT == "printthread.php") { $puid = intval($postrow['uid']); } else { $puid = intval($post['uid']); } } } } //Get the posters usergroup $permissions = user_permissions($puid); switch ($mybb->settings['av_flashadmin']) { case "admin": if ($permissions['cancp'] == 1) { $message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.swf)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object classid=\"CLSID:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0\" width=\"{$width}\" height=\"{$height}\"><param name=\"movie\" value=\"\$2\$3\$4/\$5\" /><param name=\"menu\" value=\"true\" /><param name=\"autostart\" value=\"0\" /><embed src=\"\$2\$3\$4/\$5\" width=\"{$width}\" height=\"{$height}\" type=\"application/x-shockwave-flash\" menu=\"false\" autostart=\"false\"></embed></object></div>", $message); } break; case "mods": if ($permissions['cancp'] == 1 || $permissions['canmodcp'] == 1) { $message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.swf)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object classid=\"CLSID:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0\" width=\"{$width}\" height=\"{$height}\"><param name=\"movie\" value=\"\$2\$3\$4/\$5\" /><param name=\"menu\" value=\"true\" /><param name=\"autostart\" value=\"0\" /><embed src=\"\$2\$3\$4/\$5\" width=\"{$width}\" height=\"{$height}\" type=\"application/x-shockwave-flash\" menu=\"false\" autostart=\"false\"></embed></object></div>", $message); } break; case "all": $message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.swf)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object classid=\"CLSID:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0\" width=\"{$width}\" height=\"{$height}\"><param name=\"movie\" value=\"\$2\$3\$4/\$5\" /><param name=\"menu\" value=\"true\" /><param name=\"autostart\" value=\"0\" /><embed src=\"\$2\$3\$4/\$5\" width=\"{$width}\" height=\"{$height}\" type=\"application/x-shockwave-flash\" menu=\"false\" autostart=\"false\"></embed></object></div>", $message); break; } } return $message; }
$plugins->run_hooks("reputation_start"); // Check if the reputation system is globally disabled or not. if ($mybb->settings['enablereputation'] != 1) { error($lang->reputation_disabled); } // Does this user have permission to view the board? if ($mybb->usergroup['canview'] != 1) { error_no_permission(); } // If we have a specified incoming username, validate it and fetch permissions for it $uid = $mybb->get_input('uid', MyBB::INPUT_INT); $user = get_user($uid); if (!$user) { error($lang->add_no_uid); } $user_permissions = user_permissions($uid); $mybb->input['action'] = $mybb->get_input('action'); // Here we perform our validation when adding a reputation to see if the user // has permission or not. This is done here to save duplicating the same code. if ($mybb->input['action'] == "add" || $mybb->input['action'] == "do_add") { // This user doesn't have permission to give reputations. if ($mybb->usergroup['cangivereputations'] != 1) { $message = $lang->add_no_permission; if ($mybb->input['nomodal']) { eval("\$error = \"" . $templates->get("reputation_add_error_nomodal", 1, 0) . "\";"); } else { eval("\$error = \"" . $templates->get("reputation_add_error", 1, 0) . "\";"); } echo $error; exit; }
/** * Verifies the video count. * * @return boolean True when valid, false when not valid. */ function verify_video_count() { global $mybb, $db; $post =& $this->data; // Get the permissions of the user who is making this post or thread $permissions = user_permissions($post['uid']); // Check if this post contains more videos than the forum allows if ((!isset($post['savedraft']) || $post['savedraft'] != 1) && $mybb->settings['maxpostvideos'] != 0 && $permissions['cancp'] != 1) { // And count the number of video tags in the message. $video_count = substr_count($post['message'], "[video="); if ($video_count > $mybb->settings['maxpostvideos']) { // Throw back a message if over the count with the number of images as well as the maximum number of images per post. $this->set_error("too_many_videos", array(1 => $video_count, 2 => $mybb->settings['maxpostvideos'])); return false; } } }
function automedia_flash() { global $mybb; // Get message for quick edit if ($mybb->input['do'] == "update_post") { $message = (string) $mybb->input['value']; } else { $message = $mybb->input['message']; } $permissions = user_permissions((int) $mybb->user['uid']); switch ($mybb->settings['av_flashadmin']) { case "admin": if ($permissions['cancp'] != 1) { $message = preg_replace('#(http://)?(www.)?(.*)\\.flv#i', '[amoff]$1$2$3.flv[/amoff]', $message); $message = preg_replace('#(http://)?(www.)?(.*)\\.swf#i', '[amoff]$1$2$3.swf[/amoff]', $message); } break; case "mods": if ($permissions['cancp'] != 1 && $permissions['canmodcp'] != 1) { $message = preg_replace('#(http://)?(www.)?(.*)\\.flv#i', '[amoff]$1$2$3.flv[/amoff]', $message); $message = preg_replace('#(http://)?(www.)?(.*)\\.swf#i', '[amoff]$1$2$3.swf[/amoff]', $message); } break; } return $message; }
function get_user_info_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $parser, $displaygroupfields; $lang->load("member"); $input = Tapatalk_Input::filterXmlInput(array('user_name' => Tapatalk_Input::STRING, 'user_id' => Tapatalk_Input::INT), $xmlrpc_params); if ($mybb->usergroup['canviewprofiles'] == 0) { error_no_permission(); } if (isset($input['user_id']) && !empty($input['user_id'])) { $uid = $input['user_id']; } elseif (!empty($input['user_name'])) { $query = $db->simple_select("users", "uid", "username='******'user_name_esc']}'"); $uid = $db->fetch_field($query, "uid"); } else { $uid = $mybb->user['uid']; } if ($mybb->user['uid'] != $uid) { $memprofile = get_user($uid); } else { $memprofile = $mybb->user; } if (!$memprofile['uid']) { error($lang->error_nomember); } // Get member's permissions $memperms = user_permissions($memprofile['uid']); if (!$memprofile['displaygroup']) { $memprofile['displaygroup'] = $memprofile['usergroup']; } // Grab the following fields from the user's displaygroup $displaygroupfields = array("title", "usertitle", "stars", "starimage", "image", "usereputationsystem"); $displaygroup = usergroup_displaygroup($memprofile['displaygroup']); // Get the user title for this user unset($usertitle); unset($stars); if (trim($memprofile['usertitle']) != '') { // User has custom user title $usertitle = $memprofile['usertitle']; } elseif (trim($displaygroup['usertitle']) != '') { // User has group title $usertitle = $displaygroup['usertitle']; } else { // No usergroup title so get a default one $query = $db->simple_select("usertitles", "*", "", array('order_by' => 'posts', 'order_dir' => 'DESC')); while ($title = $db->fetch_array($query)) { if ($memprofile['postnum'] >= $title['posts']) { $usertitle = $title['title']; $stars = $title['stars']; $starimage = $title['starimage']; break; } } } // User is currently online and this user has permissions to view the user on the WOL $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins'] * 60; $query = $db->simple_select("sessions", "location,nopermission", "uid='{$uid}' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1)); $session = $db->fetch_array($query); if (($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid']) && !empty($session)) { // Fetch their current location $lang->load("online"); require_once MYBB_ROOT . "inc/functions_online.php"; $activity = fetch_wol_activity($session['location'], $session['nopermission']); /*unset($activity['tid']); unset($activity['fid']); unset($activity['pid']); unset($activity['eid']); unset($activity['aid']);*/ $location = strip_tags(build_friendly_wol_location($activity)); $location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']); $online = true; } else { $online = false; } // Get custom fields start $custom_fields_list = array(); if ($memprofile['birthday']) { $membday = explode("-", $memprofile['birthday']); if ($memprofile['birthdayprivacy'] != 'none') { if ($membday[0] && $membday[1] && $membday[2]) { $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday'])); if ($membday[2] >= 1970) { $w_day = date("l", mktime(0, 0, 0, $membday[1], $membday[0], $membday[2])); $membday = format_bdays($mybb->settings['dateformat'], $membday[1], $membday[0], $membday[2], $w_day); } else { $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]); $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]); $membday = date($bdayformat, $membday); } $membdayage = $lang->membdayage; } elseif ($membday[2]) { $membday = mktime(0, 0, 0, 1, 1, $membday[2]); $membday = date("Y", $membday); $membdayage = ''; } else { $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0); $membday = date("F j", $membday); $membdayage = ''; } } if ($memprofile['birthdayprivacy'] == 'age') { $membday = $lang->birthdayhidden; } else { if ($memprofile['birthdayprivacy'] == 'none') { $membday = $lang->birthdayhidden; $membdayage = ''; } } $custom_fields_list[] = new xmlrpcval(array('name' => new xmlrpcval(basic_clean($lang->date_of_birth), 'base64'), 'value' => new xmlrpcval(basic_clean("{$membday} {$membdayage}"), 'base64')), 'struct'); } // thank you/like field global $mobiquo_config; $prefix = $mobiquo_config['thlprefix']; if ($mybb->settings[$prefix . 'enabled'] == "1") { $lang->load("thankyoulike"); if ($mybb->settings[$prefix . 'thankslike'] == "like") { $lang->tyl_total_tyls_given = $lang->tyl_total_likes_given; $lang->tyl_total_tyls_rcvd = $lang->tyl_total_likes_rcvd; } else { if ($mybb->settings[$prefix . 'thankslike'] == "thanks") { $lang->tyl_total_tyls_given = $lang->tyl_total_thanks_given; $lang->tyl_total_tyls_rcvd = $lang->tyl_total_thanks_rcvd; } } $daysreg = (TIME_NOW - $memprofile['regdate']) / (24 * 3600); $tylpd = $memprofile['tyl_unumtyls'] / $daysreg; $tylpd = round($tylpd, 2); if ($tylpd > $memprofile['tyl_unumtyls']) { $tylpd = $memprofile['tyl_unumtyls']; } $tylrcvpd = $memprofile['tyl_unumrcvtyls'] / $daysreg; $tylrcvpd = round($tylrcvpd, 2); if ($tylrcvpd > $memprofile['tyl_unumrcvtyls']) { $tylrcvpd = $memprofile['tyl_unumrcvtyls']; } // Get total tyl and percentage $options = array("limit" => 1); $query = $db->simple_select($prefix . "stats", "*", "title='total'", $options); $total = $db->fetch_array($query); if ($total['value'] == 0) { $percent = "0"; $percent_rcv = "0"; } else { $percent = $memprofile['tyl_unumtyls'] * 100 / $total['value']; $percent = round($percent, 2); $percent_rcv = $memprofile['tyl_unumrcvtyls'] * 100 / $total['value']; $percent_rcv = round($percent_rcv, 2); } if ($percent > 100) { $percent = 100; } if ($percent_rcv > 100) { $percent_rcv = 100; } $memprofile['tyl_unumtyls'] = my_number_format($memprofile['tyl_unumtyls']); $memprofile['tyl_unumrcvtyls'] = my_number_format($memprofile['tyl_unumrcvtyls']); $tylpd_percent_total = $lang->sprintf($lang->tyl_tylpd_percent_total, my_number_format($tylpd), $tyl_thankslikes_given, $percent); $tylrcvpd_percent_total = $lang->sprintf($lang->tyl_tylpd_percent_total, my_number_format($tylrcvpd), $tyl_thankslikes_rcvd, $percent_rcv); addCustomField($lang->tyl_total_tyls_given, "{$memprofile['tyl_unumtyls']} ({$tylpd_percent_total})", $custom_fields_list); addCustomField($lang->tyl_total_tyls_rcvd, "{$memprofile['tyl_unumrcvtyls']} ({$tylrcvpd_percent_total})", $custom_fields_list); } if ($memprofile['timeonline'] > 0) { $timeonline = nice_time($memprofile['timeonline']); addCustomField($lang->timeonline, $timeonline, $custom_fields_list); } if ($mybb->settings['usereferrals'] == 1 && $memprofile['referrals'] > 0) { addCustomField($lang->members_referred, $memprofile['referrals'], $custom_fields_list); } if ($memperms['usereputationsystem'] == 1 && $displaygroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1 && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep'])) { addCustomField($lang->reputation, $memprofile['reputation'], $custom_fields_list); } if ($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || $mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)) { $warning_level = round($memprofile['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100); if ($warning_level > 100) { $warning_level = 100; } addCustomField($lang->warning_level, $warning_level . '%', $custom_fields_list); } if ($memprofile['website']) { $memprofile['website'] = htmlspecialchars_uni($memprofile['website']); addCustomField($lang->homepage, $memprofile['website'], $custom_fields_list); } if ($memprofile['icq']) { addCustomField($lang->icq_number, $memprofile['icq'], $custom_fields_list); } if ($memprofile['aim']) { addCustomField($lang->aim_screenname, $memprofile['aim'], $custom_fields_list); } if ($memprofile['yahoo']) { addCustomField($lang->yahoo_id, $memprofile['yahoo'], $custom_fields_list); } if ($memprofile['msn']) { addCustomField($lang->msn, $memprofile['msn'], $custom_fields_list); } $query = $db->simple_select("userfields", "*", "ufid='{$uid}'"); $userfields = $db->fetch_array($query); if ($mybb->usergroup['cancp'] == 1 || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['canmodcp'] == 1) { $field_hidden = '1=1'; } else { $field_hidden = "hidden=0"; } $query = $db->simple_select("profilefields", "*", "{$field_hidden}", array('order_by' => 'disporder')); while ($customfield = $db->fetch_array($query)) { $thing = explode("\n", $customfield['type'], "2"); $type = trim($thing[0]); $field = "fid{$customfield['fid']}"; $useropts = explode("\n", $userfields[$field]); $customfieldval = $comma = ''; if (is_array($useropts) && ($type == "multiselect" || $type == "checkbox")) { $customfieldval = $userfields[$field]; } else { $customfieldval = $parser->parse_badwords($userfields[$field]); } $customfield['name'] = htmlspecialchars_uni($customfield['name']); if ($customfieldval) { addCustomField($customfield['name'], $customfieldval, $custom_fields_list); } } if ($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW)) { $sig_parser = array("allow_html" => $mybb->settings['sightml'], "allow_mycode" => $mybb->settings['sigmycode'], "allow_smilies" => $mybb->settings['sigsmilies'], "allow_imgcode" => $mybb->settings['sigimgcode'], "me_username" => $memprofile['username'], "filter_badwords" => 1); $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser); $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']); addCustomField($lang->users_signature, $memprofile['signature'], $custom_fields_list); } // Get custom fields end $query = $db->simple_select("banned", "uid", "uid='{$uid}'"); $isbanned = !!$db->fetch_field($query, "uid"); $xmlrpc_user_info = array('user_id' => new xmlrpcval($memprofile['uid'], 'string'), 'username' => new xmlrpcval(basic_clean($memprofile['username']), 'base64'), 'user_name' => new xmlrpcval(basic_clean($memprofile['username']), 'base64'), 'user_type' => check_return_user_type($memprofile['username']), 'post_count' => new xmlrpcval($memprofile['postnum'], 'int'), 'reg_time' => new xmlrpcval(mobiquo_iso8601_encode($memprofile['regdate']), 'dateTime.iso8601'), 'timestamp_reg' => new xmlrpcval($memprofile['regdate'], 'string'), 'last_activity_time' => new xmlrpcval(mobiquo_iso8601_encode($memprofile['lastactive']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($memprofile['lastactive'], 'string'), 'is_online' => new xmlrpcval($online, 'boolean'), 'accept_pm' => new xmlrpcval($memprofile['receivepms'], 'boolean'), 'display_text' => new xmlrpcval($usertitle, 'base64'), 'icon_url' => new xmlrpcval(absolute_url($memprofile['avatar']), 'string'), 'current_activity' => new xmlrpcval($location, 'base64')); if ($mybb->usergroup['canmodcp'] == 1 && $uid != $mybb->user['uid']) { $xmlrpc_user_info['can_ban'] = new xmlrpcval(ture, 'boolean'); } if ($isbanned) { $xmlrpc_user_info['is_ban'] = new xmlrpcval(ture, 'boolean'); } $xmlrpc_user_info['custom_fields_list'] = new xmlrpcval($custom_fields_list, 'array'); return new xmlrpcresp(new xmlrpcval($xmlrpc_user_info, 'struct')); }
function ps_MakeTable() { global $mybb, $db, $theme, $lang, $templates, $parser, $unviewables, $vcheck, $under_mod_forums_arr, $lightbulb, $unread_forums, $ps_align; $lang->load("prostats"); $right_cols = $left_cols = $middle_cols = $extra_content = $extra_content_1_2 = $extra_content_3_4 = $extra_content_5_6 = $remote_msg = ""; $num_columns = 3; $ps_align = $lang->settings['rtl'] ? "right" : "left"; $ps_ralign = $lang->settings['rtl'] ? "left" : "right"; //Highlighting under moderation posts $_psGU = ps_GetUnviewable("t"); $unviewables = array('string' => $_psGU[0], 'array' => $_psGU[1]); $user_perms = user_permissions($mybb->user['uid']); if ($mybb->settings['ps_highlight']) { $_groups = $mybb->user['usergroup']; if (!empty($mybb->user['additionalgroups'])) { $_groups .= ",'{$mybb->user['additionalgroups']}'"; } $_query1 = $db->simple_select("moderators", "*", "((id IN ({$_groups}) AND isgroup='1') OR (id='{$mybb->user['uid']}' AND isgroup='0'))"); while ($results1 = $db->fetch_array($_query1)) { $parent_mod_forums[] = " parentlist LIKE '%" . $results1['fid'] . "%' "; } if (count($parent_mod_forums)) { $_query2 = $db->simple_select("forums", "fid", implode($parent_mod_forums, "OR")); while ($results2 = $db->fetch_array($_query2)) { $under_mod_forums_arr[] = $results2['fid']; } if (count($under_mod_forums_arr)) { $moderated_forums = implode($under_mod_forums_arr, ','); $vcheck = " OR t.fid IN (" . $moderated_forums . ") "; } } } if ($user_perms['issupermod'] == 1) { $vcheck = " OR '1'='1' "; } if ($mybb->settings['ps_latest_posts'] == 1) { $middle_cols = ps_GetNewestPosts($mybb->settings['ps_num_rows']); $num_columns = 4; } for ($i = 1; $i < 7; ++$i) { $extra_cell[$i] = $mybb->settings['ps_cell_' . $i]; } $extra_row[1] = $extra_row[2] = $extra_row[3] = 2; $extra_cols = 3; if ($extra_cell[5] > 0) { $trow = "trow2"; $extra_cols = 3; if ($extra_cell[6] == 0) { $extra_row[3] = 1; $single_extra_content = ps_GetExtraData($extra_cell[5], true); eval("\$extra_content_5_6 = \"" . $templates->get("prostats_onerowextra") . "\";"); } else { $extra_content_one = ps_GetExtraData($extra_cell[5]); $extra_content_two = ps_GetExtraData($extra_cell[6]); eval("\$extra_content_5_6 = \"" . $templates->get("prostats_tworowextra") . "\";"); } } if ($extra_cell[3] > 0) { $trow = "trow1"; $extra_cols = 2; if ($extra_cell[4] == 0) { $extra_row[2] = 1; $single_extra_content = ps_GetExtraData($extra_cell[3], true); eval("\$extra_content_3_4 = \"" . $templates->get("prostats_onerowextra") . "\";"); } else { $extra_content_one = ps_GetExtraData($extra_cell[3]); $extra_content_two = ps_GetExtraData($extra_cell[4]); eval("\$extra_content_3_4 = \"" . $templates->get("prostats_tworowextra") . "\";"); } } if ($extra_cell[1] > 0) { $trow = "trow2"; $extra_cols = 1; if ($extra_cell[2] == 0) { $extra_row[1] = 1; $single_extra_content = ps_GetExtraData($extra_cell[1], true); eval("\$extra_content_1_2 = \"" . $templates->get("prostats_onerowextra") . "\";"); } else { $extra_content_one = ps_GetExtraData($extra_cell[1]); $extra_content_two = ps_GetExtraData($extra_cell[2]); eval("\$extra_content_1_2 = \"" . $templates->get("prostats_tworowextra") . "\";"); } } if ($lang->settings['rtl']) { $extra_content = $extra_content_5_6 . $extra_content_3_4 . $extra_content_1_2; $mybb->settings['ps_latest_posts_pos'] ? $right_cols = $extra_content : ($left_cols = $extra_content); } else { $extra_content = $extra_content_1_2 . $extra_content_3_4 . $extra_content_5_6; $mybb->settings['ps_latest_posts_pos'] ? $left_cols = $extra_content : ($right_cols = $extra_content); } $prostats_content = $left_cols . $middle_cols . $right_cols; if ($mybb->settings['ps_trow_message'] != "") { $prostats_message = unhtmlentities(htmlspecialchars_uni($mybb->settings['ps_trow_message'])); if ($mybb->settings['ps_trow_message_pos'] == 0) { eval("\$trow_message_top = \"" . $templates->get("prostats_message") . "\";"); } else { eval("\$trow_message_down = \"" . $templates->get("prostats_message") . "\";"); } } if ($mybb->settings['ps_surprise'] && $mybb->user['uid'] && $mybb->usergroup['cancp']) { prostats_g(); $remote_msg .= '<a href="http://prostats.wordpress.com/surprises/"><embed src="' . $mybb->psga['surprise_link'] . '" type="image/svg+xml" /></a>'; } if ($mybb->settings['ps_chkupdates'] && $mybb->user['uid'] && $mybb->usergroup['cancp']) { prostats_g(); $remote_msg .= '<a href="http://prostats.wordpress.com/"><embed src="' . $mybb->psga['update_popup_link'] . '" type="image/svg+xml" /></a>'; } eval("\$prostats = \"" . $templates->get("prostats") . "\";"); return $prostats; }
/** * Gets the usercp Enhanced Account Switcher page and handles all actions. * */ function accountswitcher_usercp() { global $db, $mybb, $lang, $templates, $theme, $eas, $headerinclude, $header, $usercpnav, $usercpmenu, $as_usercp, $as_usercp_options, $as_usercp_privacy, $as_usercp_users, $as_usercp_userbit, $as_usercp_input, $footer, $shareuser, $attachedOneName, $attachedOneUID, $as_sec_account, $sec_check, $checkbox, $privacy_check, $as_usercp_privacy_master, $buddy_check, $as_usercp_buddyshare, $colspan, $user_sec_reason; if (!isset($lang->as_isshared)) { $lang->load("accountswitcher"); } // Get the master account of the current user $master = get_user((int) $mybb->user['as_uid']); // Get the number of attached ones $count = $eas->get_attached($mybb->user['uid']); // Get limit for users group, declare variables $limit = (int) $mybb->usergroup['as_limit']; $user_sec_reason = htmlspecialchars_uni($mybb->user['as_secreason']); $as_usercp_input = $colspan = $shareuser = $as_sec_account = $sec_check = $privacy_check = $as_usercp_privacy = $as_usercp_privacy_master = $buddy_check = $as_usercp_buddyshare = ''; // Check if user can use the Enhanced Account Switcher or is attached to an account. If yes grant access to the page if ($mybb->input['action'] == "as_edit" && ($mybb->usergroup['as_canswitch'] == 1 || $mybb->user['as_uid'] != 0 || $mybb->user['as_share'] != 0)) { add_breadcrumb($lang->nav_usercp, "usercp.php"); add_breadcrumb($lang->as_name); // Mark secondary accounts, exclude master account if (isset($mybb->settings['aj_secstyle']) && $mybb->settings['aj_secstyle'] == 1 && $count == 0 && $mybb->user['as_share'] == 0) { if ($mybb->user['as_sec'] == 1) { $sec_check = 'checked="checked"'; } $as_sec_account .= eval($templates->render('accountswitcher_usercp_sec_account')); } // Hide account from list if (isset($mybb->settings['aj_privacy']) && $mybb->settings['aj_privacy'] == 1) { // Master can hide all attached accounts if ($mybb->user['as_uid'] == 0 && $count > 0) { $as_usercp_privacy_master .= eval($templates->render('accountswitcher_usercp_privacy_master')); } if ($mybb->user['as_privacy'] == 1) { $privacy_check = 'checked="checked"'; } $as_usercp_privacy .= eval($templates->render('accountswitcher_usercp_privacy')); } // If the user account is shared if ($mybb->user['as_share'] != 0) { if ($mybb->user['as_buddyshare'] == 1) { $buddy_check = 'checked="checked"'; } if ($mybb->user['buddylist'] != '') { $buddylist = explode(",", $mybb->user['buddylist']); } if (!empty($buddylist)) { $as_usercp_buddyshare .= eval($templates->render('accountswitcher_usercp_buddyshare')); } // Build the detach button if ($mybb->user['as_buddyshare'] != 0) { $lang->as_isshared = $lang->as_isshared_buddy; } $as_usercp_input .= eval($templates->render('accountswitcher_usercp_unshare')); $as_usercp_options = eval($templates->render('accountswitcher_usercp_options')); } elseif ($mybb->user['as_uid'] != 0) { $colspan = 'colspan="2"'; $lang->as_isattached = $lang->sprintf($lang->as_isattached, htmlspecialchars_uni($master['username'])); // Build the detach button $as_usercp_input .= eval($templates->render('accountswitcher_usercp_attached_detach')); $as_usercp_options = eval($templates->render('accountswitcher_usercp_options')); } else { // If limit is set to 0 = unlimited if ($limit != 0) { $lang->as_usercp_attached = $lang->sprintf($lang->as_usercp_attached, (int) $count, $limit); } else { $lang->as_usercp_attached = $lang->sprintf($lang->as_usercp_attached, (int) $count, $lang->as_unlimited); } // If there are no users attached grant full acccess if ($count == 0) { $colspan = 'colspan="2"'; if (isset($mybb->settings['aj_shareuser']) && $mybb->settings['aj_shareuser'] == 1) { $shareuser = eval($templates->render('accountswitcher_usercp_shareuser')); } $as_usercp_input .= eval($templates->render('accountswitcher_usercp_free_attach')); $as_usercp_options = eval($templates->render('accountswitcher_usercp_options')); } // If there are users attached allow only user attachment if ($count != 0) { $as_usercp_input .= eval($templates->render('accountswitcher_usercp_master_attach')); $as_usercp_options = eval($templates->render('accountswitcher_usercp_options')); // Get attached ones from the cache $accounts = $eas->accountswitcher_cache; if (is_array($accounts)) { foreach ($accounts as $key => $account) { $attachedOneUID = (int) $account['uid']; $attachedOneName = htmlspecialchars_uni($account['username']); if ($account['as_uid'] == $mybb->user['uid']) { $as_usercp_userbit .= eval($templates->render('accountswitcher_usercp_attached_userbit')); } } $as_usercp_users = eval($templates->render('accountswitcher_usercp_attached_users')); } } } $as_usercp = eval($templates->render('accountswitcher_usercp')); output_page($as_usercp); exit; } //########## ACTIONS ########## // Attach current user to another account if ($mybb->input['action'] == "as_attach" && $mybb->input['select'] == "attachme" && $mybb->request_method == "post") { verify_post_check($mybb->get_input('my_post_key')); // Check if current user is already attached if ($mybb->user['as_uid'] != 0) { error($lang->as_alreadyattached); } // Validate input $select = $db->escape_string($mybb->get_input('select')); $username = $db->escape_string($mybb->get_input('username')); $password = $db->escape_string($mybb->get_input('password')); // Get the target $targetUser = get_user_by_username($username); $target = get_user($targetUser['uid']); // User exist? Password correct? if (!$target) { error($lang->as_invaliduser); } if (validate_password_from_uid($target['uid'], $password) == false) { error($lang->as_invaliduser); } // Check targets permission and limit $permission = user_permissions((int) $target['uid']); // Count number of attached accounts $count = $eas->get_attached($target['uid']); // If other user is shared or already attached return if ($target['as_uid'] != 0 || $target['as_share'] != 0) { error($lang->as_alreadyattached); } // If target has permission if ($permission['as_canswitch'] == 0) { error($lang->as_usercp_nopermission); } if ($permission['as_limit'] != 0 && $count == $permission['as_limit']) { error($lang->as_limitreached); } // Set uid of the new master $as_uid = array("as_uid" => (int) $target['uid']); // Update database $db->update_query("users", $as_uid, "uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); redirect("usercp.php?action=as_edit", $lang->aj_attach_success); } // Detach current user from master if ($mybb->input['action'] == "as_detach" && $mybb->request_method == "post") { verify_post_check($mybb->get_input('my_post_key')); // Reset master uid $as_uid = array("as_uid" => 0); // Update database if ($db->update_query("users", $as_uid, "uid='" . (int) $mybb->user['uid'] . "'")) { $eas->update_accountswitcher_cache(); // If user can use Enhanced Account Switcher stay here if ($mybb->usergroup['as_canswitch'] == 1) { redirect("usercp.php?action=as_edit", $lang->aj_update_success); } // Else redirect to usercp redirect("usercp.php", $lang->aj_detach_success); } } // Attach an user to the current account if ($mybb->input['action'] == "as_attach" && $mybb->input['select'] == "attachuser" && $mybb->request_method == "post" && $mybb->user['as_uid'] == 0) { verify_post_check($mybb->get_input('my_post_key')); // Validate input $select = $db->escape_string($mybb->get_input('select')); $username = $db->escape_string($mybb->get_input('username')); $password = $db->escape_string($mybb->get_input('password')); // Get the target $targetUser = get_user_by_username($username); $target = get_user($targetUser['uid']); // User exist? Password correct? if (!$target) { error($lang->as_invaliduser); } if (validate_password_from_uid($target['uid'], $password) == false) { error($lang->as_invaliduser); } // Check targets permission and limit $permission = user_permissions((int) $target['uid']); // Count number of attached accounts $count = $eas->get_attached($mybb->user['uid']); $counttarget = $eas->get_attached($target['uid']); // If other user is shared or already attached return if ($target['as_uid'] != 0 || $target['as_share'] != 0 || $counttarget > 0) { error($lang->as_alreadyattached); } // If we have permission if ($mybb->usergroup['as_canswitch'] == 0) { error($lang->as_usercp_nopermission); } if ($mybb->usergroup['as_limit'] != 0 && $count == $mybb->usergroup['as_limit']) { error($lang->as_limitreached); } // Set his new masters uid $as_uid = array("as_uid" => (int) $mybb->user['uid']); // Update database $db->update_query("users", $as_uid, "uid='" . (int) $target['uid'] . "'"); $eas->update_accountswitcher_cache(); redirect("usercp.php?action=as_edit", $lang->aj_user_attach_success); } // Detach user from current account if ($mybb->input['action'] == "as_detachuser" && $mybb->request_method == "post") { verify_post_check($mybb->get_input('my_post_key')); // Validate input if (!is_numeric($mybb->input['uid'])) { die("UID must be numeric!"); } // Reset master uid $as_uid = array("as_uid" => 0); $db->update_query("users", $as_uid, "uid='" . $mybb->get_input('uid', MyBB::INPUT_INT) . "'"); $eas->update_accountswitcher_cache(); redirect("usercp.php?action=as_edit", $lang->aj_user_detach_success); } // Share the current account if ($mybb->input['action'] == "as_attach" && $mybb->input['select'] == "shareuser" && $mybb->request_method == "post" && $mybb->user['as_uid'] == 0 && $mybb->settings['aj_shareuser'] == 1) { verify_post_check($mybb->get_input('my_post_key')); // Validate input $select = $db->escape_string($mybb->get_input('select')); // Update database $as_share = array("as_share" => 1); $db->update_query("users", $as_share, "uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); redirect("usercp.php?action=as_edit", $lang->aj_user_share_success); } // Unshare the current account if ($mybb->input['action'] == "as_unshare" && $mybb->request_method == "post") { verify_post_check($mybb->get_input('my_post_key')); $as_unshare = array("as_share" => 0); $as_unshareuid = array("as_shareuid" => 0); $as_unsharebuddy = array("as_buddyshare" => 0); $db->update_query("users", $as_unshare, "uid='" . (int) $mybb->user['uid'] . "'"); $db->update_query("users", $as_unshareuid, "uid='" . (int) $mybb->user['uid'] . "'"); $db->update_query("users", $as_unsharebuddy, "uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); redirect("usercp.php?action=as_edit", $lang->aj_user_unshare_success); } // Mark/unmark the current account as secondary if ($mybb->input['action'] == "do_secaccount" && $mybb->request_method == "post") { verify_post_check($mybb->get_input('my_post_key')); $secacc_reason = $mybb->get_input('secacc_reason'); // When account is unmarked delete the reason too if ($mybb->get_input('secacc', MyBB::INPUT_INT) != 1) { $secacc_reason = ''; } $as_secacc = array("as_sec" => $mybb->get_input('secacc', MyBB::INPUT_INT), "as_secreason" => $db->escape_string($secacc_reason)); $db->update_query("users", $as_secacc, "uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success); } // Hide/show the current account on account list if ($mybb->input['action'] == "do_as_privacy" && $mybb->request_method == "post") { verify_post_check($mybb->get_input('my_post_key')); $as_privacc = array("as_privacy" => $mybb->get_input('as_privacy', MyBB::INPUT_INT)); $db->update_query("users", $as_privacc, "uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success); } // Hide the all attached accounts on account list if ($mybb->input['action'] == "do_as_privacy_master" && $mybb->request_method == "post") { verify_post_check($mybb->get_input('my_post_key')); $as_privacc_master = array("as_privacy" => 1); $db->update_query("users", $as_privacc_master, "uid='" . (int) $mybb->user['uid'] . "'"); $db->update_query("users", $as_privacc_master, "as_uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success); } // Unhide the all attached accounts on account list if ($mybb->input['action'] == "undo_as_privacy_master" && $mybb->request_method == "post") { verify_post_check($mybb->get_input('my_post_key')); $as_privacc_master = array("as_privacy" => 0); $db->update_query("users", $as_privacc_master, "uid='" . (int) $mybb->user['uid'] . "'"); $db->update_query("users", $as_privacc_master, "as_uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success); } // Share with buddies only if ($mybb->input['action'] == "do_buddyshare" && $mybb->request_method == "post") { verify_post_check($mybb->get_input('my_post_key')); if ($mybb->user['buddylist'] != '') { $buddylist = explode(",", $mybb->user['buddylist']); } if (!empty($buddylist)) { $as_buddy_share = array("as_buddyshare" => $mybb->get_input('buddyshare', MyBB::INPUT_INT)); $db->update_query("users", $as_buddy_share, "uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success); } else { error($lang->aj_user_buddy_none); } } }
} $uid = $mybb->get_input('uid', MyBB::INPUT_INT); if ($uid) { $memprofile = get_user($uid); } elseif ($mybb->user['uid']) { $memprofile = $mybb->user; } else { $memprofile = false; } if (!$memprofile) { error($lang->error_nomember); } $uid = $memprofile['uid']; $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']); // Get member's permissions $memperms = user_permissions($memprofile['uid']); $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']); add_breadcrumb($lang->nav_profile); $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']); $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']); if ($mybb->settings['enablepms'] != 0 && ($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos("," . $memprofile['ignorelist'] . ",", "," . $mybb->user['uid'] . ",") === false || $mybb->usergroup['canoverridepm'] == 1)) { $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']); } else { $lang->send_pm = ''; } $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']); $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']); $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']); $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']); $useravatar = format_avatar($memprofile['avatar'], $memprofile['avatardimensions']); eval("\$avatar = \"" . $templates->get("member_profile_avatar") . "\";");
/** * Alert all attached accounts if one of them receives a new pm. * */ function accountswitcher_pm_sent_alert() { global $mybb, $lang, $pm, $eas; if ($mybb->settings['aj_myalerts'] != 1 || !isset($mybb->settings['myalerts_perpage']) || $pm['saveasdraft'] == 1) { return; } if (!isset($lang->aj_newpm_switch_notice_one)) { $lang->load('accountswitcher'); } // Get recipients if (is_array($pm['bcc'])) { $rec_users = array_merge($pm['to'], $pm['bcc']); } else { $rec_users = $pm['to']; } $pm_users = array_map("trim", $rec_users); // Alert Type $alertType = MybbStuff_MyAlerts_AlertTypeManager::getInstance()->getByCode('accountswitcher_pm'); $alerts = array(); foreach ($pm_users as $recipient) { $count = 0; $pmuser = get_user_by_username($recipient); $user = get_user($pmuser['uid']); $accounts = $eas->accountswitcher_cache; if (is_array($accounts)) { // If recipient is master account send alerts to attached users foreach ($accounts as $key => $account) { if ($user['uid'] == $account['as_uid']) { ++$count; if ($count > 0) { $alert = new MybbStuff_MyAlerts_Entity_Alert((int) $account['uid'], $alertType, 0); $alert->setExtraDetails(array('uid' => (int) $user['uid'], 'message' => htmlspecialchars_uni($user['username']))); $alerts[] = $alert; } } } } // If there are no users attached to the current account but the current account is attached to another user if ($count == 0 && $user['as_uid'] != 0) { $master = get_user((int) $user['as_uid']); // Get the masters permission $permission = user_permissions($master['uid']); // If the master has permission to use the Enhanced Account Switcher, get the userlist if ($permission['as_canswitch'] == 1) { // If recipient is attached account, alert master account if ($master['uid'] == $user['as_uid']) { $alert = new MybbStuff_MyAlerts_Entity_Alert((int) $master['uid'], $alertType, 0); $alert->setExtraDetails(array('uid' => (int) $user['uid'], 'message' => htmlspecialchars_uni($user['username']))); $alerts[] = $alert; } if (is_array($accounts)) { // If recipient has the same master account, send alert foreach ($accounts as $key => $account) { // Leave recipient out if ($account['uid'] == $user['uid']) { continue; } if ($master['uid'] == $account['as_uid']) { $alert = new MybbStuff_MyAlerts_Entity_Alert((int) $account['uid'], $alertType, 0); $alert->setExtraDetails(array('message' => htmlspecialchars_uni($user['username']))); $alerts[] = $alert; } } } } } // If there are no users attached to the a recipient and the recipient isn't attached to another user if ($count == 0 && $user['as_uid'] == 0) { $alert = new MybbStuff_MyAlerts_Entity_Alert((int) $user['uid'], $alertType, 0); $alert->setExtraDetails(array('message' => htmlspecialchars_uni($user['username']))); $alerts[] = $alert; } if (!empty($alerts)) { MybbStuff_MyAlerts_AlertManager::getInstance()->addAlerts($alerts); } } }
/** * Verifies if an array of recipients for a private message are valid * * @return boolean True when valid, false when invalid. */ function verify_recipient() { global $cache, $db, $mybb, $lang; $pm =& $this->data; $recipients = array(); $invalid_recipients = array(); // We have our recipient usernames but need to fetch user IDs if (array_key_exists("to", $pm)) { foreach (array("to", "bcc") as $recipient_type) { if (!isset($pm[$recipient_type])) { $pm[$recipient_type] = array(); } if (!is_array($pm[$recipient_type])) { $pm[$recipient_type] = array($pm[$recipient_type]); } $pm[$recipient_type] = array_map('trim', $pm[$recipient_type]); $pm[$recipient_type] = array_filter($pm[$recipient_type]); // No recipients? Skip query if (empty($pm[$recipient_type])) { if ($recipient_type == 'to' && !$pm['saveasdraft']) { $this->set_error("no_recipients"); return false; } continue; } $recipientUsernames = array_map(array($db, 'escape_string'), $pm[$recipient_type]); $recipientUsernames = "'" . implode("','", $recipientUsernames) . "'"; $query = $db->simple_select('users', '*', 'username IN(' . $recipientUsernames . ')'); $validUsernames = array(); while ($user = $db->fetch_array($query)) { if ($recipient_type == "bcc") { $user['bcc'] = 1; } $recipients[] = $user; $validUsernames[] = $user['username']; } foreach ($pm[$recipient_type] as $username) { if (!in_array($username, $validUsernames)) { $invalid_recipients[] = $username; } } } } else { foreach (array("toid", "bccid") as $recipient_type) { if (!isset($pm[$recipient_type])) { $pm[$recipient_type] = array(); } if (!is_array($pm[$recipient_type])) { $pm[$recipient_type] = array($pm[$recipient_type]); } $pm[$recipient_type] = array_map('intval', $pm[$recipient_type]); $pm[$recipient_type] = array_filter($pm[$recipient_type]); // No recipients? Skip query if (empty($pm[$recipient_type])) { if ($recipient_type == 'toid' && !$pm['saveasdraft']) { $this->set_error("no_recipients"); return false; } continue; } $recipientUids = "'" . implode("','", $pm[$recipient_type]) . "'"; $query = $db->simple_select('users', '*', 'uid IN(' . $recipientUids . ')'); $validUids = array(); while ($user = $db->fetch_array($query)) { if ($recipient_type == "bccid") { $user['bcc'] = 1; } $recipients[] = $user; $validUids[] = $user['uid']; } foreach ($pm[$recipient_type] as $uid) { if (!in_array($uid, $validUids)) { $invalid_recipients[] = $uid; } } } } // If we have one or more invalid recipients and we're not saving a draft, error if (count($invalid_recipients) > 0) { $invalid_recipients = implode(", ", array_map("htmlspecialchars_uni", $invalid_recipients)); $this->set_error("invalid_recipients", array($invalid_recipients)); return false; } $sender_permissions = user_permissions($pm['fromid']); // Are we trying to send this message to more users than the permissions allow? if ($sender_permissions['maxpmrecipients'] > 0 && count($recipients) > $sender_permissions['maxpmrecipients'] && $this->admin_override != true) { $this->set_error("too_many_recipients", array($sender_permissions['maxpmrecipients'])); } // Now we're done with that we loop through each recipient foreach ($recipients as $user) { // Collect group permissions for this recipient. $recipient_permissions = user_permissions($user['uid']); // See if the sender is on the recipients ignore list and that either // - admin_override is set or // - sender is an administrator if ($this->admin_override != true && $sender_permissions['cancp'] != 1 && $sender_permissions['canoverridepm'] != 1) { $ignorelist = explode(",", $user['ignorelist']); if (!empty($ignorelist) && in_array($pm['fromid'], $ignorelist)) { $this->set_error("recipient_is_ignoring", array($user['username'])); } // Is the recipient only allowing private messages from their buddy list? if ($mybb->settings['allowbuddyonly'] == 1 && $user['receivefrombuddy'] == 1) { $buddylist = explode(",", $user['buddylist']); if (!empty($buddylist) && !in_array($pm['fromid'], $buddylist)) { $this->set_error("recipient_has_buddy_only", array(htmlspecialchars_uni($user['username']))); } } // Can the recipient actually receive private messages based on their permissions or user setting? if (($user['receivepms'] == 0 || $recipient_permissions['canusepms'] == 0) && !$pm['saveasdraft']) { $this->set_error("recipient_pms_disabled", array($user['username'])); return false; } } // Check to see if the user has reached their private message quota - if they have, email them. if ($recipient_permissions['pmquota'] != "0" && $user['totalpms'] >= $recipient_permissions['pmquota'] && $recipient_permissions['cancp'] != 1 && $sender_permissions['cancp'] != 1 && !$pm['saveasdraft'] && !$this->admin_override) { if (trim($user['language']) != '' && $lang->language_exists($user['language'])) { $uselang = trim($user['language']); } elseif ($mybb->settings['bblanguage']) { $uselang = $mybb->settings['bblanguage']; } else { $uselang = "english"; } if ($uselang == $mybb->settings['bblanguage'] || !$uselang) { $emailsubject = $lang->emailsubject_reachedpmquota; $emailmessage = $lang->email_reachedpmquota; } else { $userlang = new MyLanguage(); $userlang->set_path(MYBB_ROOT . "inc/languages"); $userlang->set_language($uselang); $userlang->load("messages"); $emailsubject = $userlang->emailsubject_reachedpmquota; $emailmessage = $userlang->email_reachedpmquota; } $emailmessage = $lang->sprintf($emailmessage, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl']); $emailsubject = $lang->sprintf($emailsubject, $mybb->settings['bbname']); $new_email = array("mailto" => $db->escape_string($user['email']), "mailfrom" => '', "subject" => $db->escape_string($emailsubject), "message" => $db->escape_string($emailmessage), "headers" => ''); $db->insert_query("mailqueue", $new_email); $cache->update_mailqueue(); if ($this->admin_override != true) { $this->set_error("recipient_reached_quota", array($user['username'])); } } // Everything looks good, assign some specifics about the recipient $pm['recipients'][$user['uid']] = array("uid" => $user['uid'], "username" => $user['username'], "email" => $user['email'], "lastactive" => $user['lastactive'], "pmnotice" => $user['pmnotice'], "pmnotify" => $user['pmnotify'], "language" => $user['language']); // If this recipient is defined as a BCC recipient, save it if ($user['bcc'] == 1) { $pm['recipients'][$user['uid']]['bcc'] = 1; } } return true; }
/** * Checks if a moderator has permissions to perform an action in a specific forum * * @param int The forum ID (0 assumes global) * @param string The action tyring to be performed. (blank assumes any action at all) * @param int The user ID (0 assumes current user) * @return bool Returns true if the user has permission, false if they do not */ function is_moderator($fid = "0", $action = "", $uid = "0") { global $mybb, $cache; if ($uid == 0) { $uid = $mybb->user['uid']; } if ($uid == 0) { return false; } $user_perms = user_permissions($uid); if ($user_perms['issupermod'] == 1) { return true; } else { if (!$fid) { $modcache = $cache->read('moderators'); if (!empty($modcache)) { foreach ($modcache as $modusers) { if (isset($modusers[$uid]) && $modusers[$uid]['mid']) { return true; } } } return false; } else { $modperms = get_moderator_permissions($fid, $uid); if (!$action && $modperms) { return true; } else { if ($modperms[$action] == 1) { return true; } else { return false; } } } } }
/** * The switch function deletes the mybbuser cookie, sets a new cookie for the selected account and starts a new session. * Function is called by ajax request and sends the new users post key. * */ function accountswitcher_switch() { global $db, $mybb, $lang, $charset, $cache, $templates; if ($mybb->user['uid'] != 0 && isset($mybb->input['switchuser']) && $mybb->input['switchuser'] == 1 && $mybb->request_method == "post") { require_once MYBB_ROOT . "/inc/plugins/accountswitcher/class_accountswitcher.php"; $eas = new AccountSwitcher($mybb, $db, $cache, $templates); // Get permissions for this user $userPermission = user_permissions($mybb->user['uid']); // Get permissions for the master. First get the master $master = get_user((int) $mybb->user['as_uid']); // Get his permissions $masterPermission = user_permissions($master['uid']); // If one of both has the permission allow to switch if ($userPermission['as_canswitch'] == 1 || $masterPermission['as_canswitch'] == 1) { if (!isset($lang->as_invaliduser)) { $lang->load("accountswitcher"); } verify_post_check($mybb->get_input('my_post_key')); // Get user info $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT)); // Check if user exists if (!$user) { error($lang->as_invaliduser); } // Can the new account be shared? if ($user['as_share'] != 0 && $mybb->settings['aj_shareuser'] == 1) { // Account already used by another user? if ($user['as_shareuid'] != 0) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } // Account only shared by buddies? if ($user['as_buddyshare'] != 0) { // No buddy - no switch if ($user['buddylist'] != '') { $buddylist = explode(",", $user['buddylist']); } if (empty($buddylist) || !empty($buddylist) && !in_array($mybb->user['uid'], $buddylist)) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } } // Shared account is free - set share uid if ($user['as_shareuid'] == 0) { $updated_shareuid = array("as_shareuid" => (int) $mybb->user['uid']); $db->update_query("users", $updated_shareuid, "uid='" . (int) $user['uid'] . "'"); $eas->update_accountswitcher_cache(); $user['as_shareuid'] = (int) $mybb->user['uid']; } } // Make sure you can switch to an attached account only if ($user['as_uid'] == $mybb->user['uid'] || $user['as_uid'] != 0 && $user['as_uid'] == $mybb->user['as_uid'] || $user['uid'] == $mybb->user['as_uid'] || $user['as_shareuid'] == $mybb->user['uid'] || $user['uid'] == $mybb->user['as_shareuid']) { // Is the current account shared? if ($mybb->user['as_share'] != 0) { // Account used by another user? if ($mybb->user['as_shareuid'] == 0) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } // Reset share uid if ($mybb->user['as_shareuid'] != 0) { $updated_shareuid = array("as_shareuid" => 0); $db->update_query("users", $updated_shareuid, "uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); } } // Log the old user out my_unsetcookie("mybbuser"); my_unsetcookie("sid"); if ($mybb->user['uid']) { $time = TIME_NOW; // Run this after the shutdown query from session system $db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'"); $db->delete_query("sessions", "sid = '{$session->sid}'"); } // Now let the login datahandler do the work require_once MYBB_ROOT . "inc/datahandlers/login.php"; $loginhandler = new LoginDataHandler("get"); $mybb->input['remember'] = "yes"; $loginhandler->set_data($user); $validated = $loginhandler->validate_login(); $loginhandler->complete_login(); // Create session for this user require_once MYBB_ROOT . "inc/class_session.php"; $session = new session(); $session->init(); $mybb->session =& $session; $mybb->post_code = generate_post_check(); // Send new users post code header("Content-type: text/plain; charset={$charset}"); echo $mybb->post_code; exit; } else { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); error($lang->as_notattacheduser); } } } }
/** * Verifies the image count. * * @return boolean True when valid, false when not valid. */ function verify_image_count() { global $mybb, $db; $post =& $this->data; // Get the permissions of the user who is making this post or thread $permissions = user_permissions($post['uid']); // Fetch the forum this post is being made in if (!$post['fid']) { $query = $db->simple_select('posts', 'fid', "pid = '{$post['pid']}'"); $post['fid'] = $db->fetch_field($query, 'fid'); } $forum = get_forum($post['fid']); // Check if this post contains more images than the forum allows if ($post['savedraft'] != 1 && $mybb->settings['maxpostimages'] != 0 && $permissions['cancp'] != 1) { require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); // Parse the message. $parser_options = array("allow_html" => $forum['allowhtml'], "allow_mycode" => $forum['allowmycode'], "allow_imgcode" => $forum['allowimgcode'], "filter_badwords" => 1); if ($post['options']['disablesmilies'] != 1) { $parser_options['allow_smilies'] = $forum['allowsmilies']; } else { $parser_options['allow_smilies'] = 0; } $image_check = $parser->parse_message($post['message'], $parser_options); // And count the number of image tags in the message. $image_count = substr_count($image_check, "<img"); if ($image_count > $mybb->settings['maxpostimages']) { // Throw back a message if over the count with the number of images as well as the maximum number of images per post. $this->set_error("too_many_images", array(1 => $image_count, 2 => $mybb->settings['maxpostimages'])); return false; } } }
function can_edit_user($uid) { global $mybb; $uid = (int) $uid; if (is_super_admin($mybb->user['uid'])) { return true; } if (!is_super_admin($uid)) { return true; } if ($mybb->usergroup['cancp']) { return true; } $userperms = user_permissions($uid); if (!$userperms['cancp']) { return true; } if (!defined('IN_ADMINCP')) { if ($mybb->usergroup['issupermod']) { return true; } if (!$userperms['issupermod']) { return true; } if ($mybb->user['ismoderator']) { return true; } if (!is_moderator(0, '', $uid)) { return true; } if ($mybb->user['uid'] != $uid) { return true; } } return false; }
/** * Checks if a moderator has permissions to perform an action in a specific forum * * @param int The forum ID (0 assumes global) * @param string The action tyring to be performed. (blank assumes any action at all) * @param int The user ID (0 assumes current user) * @return bool Returns true if the user has permission, false if they do not */ function is_moderator($fid = "0", $action = "", $uid = "0") { global $mybb, $cache; if ($uid == 0) { $uid = $mybb->user['uid']; } if ($uid == 0) { return false; } $user_perms = user_permissions($uid); if ($user_perms['issupermod'] == 1) { if ($fid) { $forumpermissions = forum_permissions($fid); if ($forumpermissions['canview'] && $forumpermissions['canviewthreads'] && !$forumpermissions['canonlyviewownthreads']) { return true; } return false; } return true; } else { if (!$fid) { $modcache = $cache->read('moderators'); if (!empty($modcache)) { foreach ($modcache as $modusers) { if (isset($modusers['users'][$uid]) && $modusers['users'][$uid]['mid']) { return true; } elseif (isset($modusers['usergroups'][$user_perms['gid']])) { // Moderating usergroup return true; } } } return false; } else { $modperms = get_moderator_permissions($fid, $uid); if (!$action && $modperms) { return true; } else { if ($modperms[$action] == 1) { return true; } else { return false; } } } } }
$days_registered = (TIME_NOW - $user['regdate']) / (24 * 3600); $posts_per_day = 0; if ($days_registered > 0) { $posts_per_day = round($user['postnum'] / $days_registered, 2); if ($posts_per_day > $user['postnum']) { $posts_per_day = $user['postnum']; } } $stats = $cache->read("stats"); $posts = $stats['numposts']; if ($posts == 0) { $percent_posts = "0"; } else { $percent_posts = round($user['postnum'] * 100 / $posts, 2); } $user_permissions = user_permissions($user['uid']); // Fetch the reputation for this user if ($user_permissions['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1) { $reputation = get_reputation($user['reputation']); } else { $reputation = "-"; } if ($mybb->settings['enablewarningsystem'] != 0 && $user_permissions['canreceivewarnings'] != 0) { $warning_level = round($user['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100); if ($warning_level > 100) { $warning_level = 100; } $warning_level = get_colored_warning_level($warning_level); } $age = $lang->na; if ($user['birthday']) {
/** * Verifies if an array of recipients for a private message are valid * * @return boolean True when valid, false when invalid. */ function verify_recipient() { global $db, $mybb, $lang; $pm =& $this->data; $recipients = array(); $invalid_recipients = array(); // We have our recipient usernames but need to fetch user IDs if (array_key_exists("to", $pm)) { if ((count($pm['to']) <= 0 || trim(implode("", $pm['to'])) == "") && !$pm['saveasdraft']) { $this->set_error("no_recipients"); return false; } foreach (array("to", "bcc") as $recipient_type) { if (!is_array($pm[$recipient_type])) { $pm[$recipient_type] = array($pm[$recipient_type]); } foreach ($pm[$recipient_type] as $username) { $username = trim($username); if (empty($username)) { continue; } // Check that this recipient actually exists $query = $db->simple_select("users", "*", "username='******'"); $user = $db->fetch_array($query); if ($recipient_type == "bcc") { $user['bcc'] = 1; } if ($user['uid']) { $recipients[] = $user; } else { $invalid_recipients[] = $username; } } } } else { foreach (array("toid", "bccid") as $recipient_type) { if (count($pm['toid']) <= 0) { $this->set_error("no_recipients"); return false; } if (is_array($pm[$recipient_type])) { foreach ($pm[$recipient_type] as $uid) { // Check that this recipient actually exists $query = $db->simple_select("users", "*", "uid='" . intval($uid) . "'"); $user = $db->fetch_array($query); if ($recipient_type == "bccid") { $user['bcc'] = 1; } if ($user['uid']) { $recipients[] = $user; } else { $invalid_recipients[] = $uid; } } } } } // If we have one or more invalid recipients and we're not saving a draft, error if (count($invalid_recipients) > 0) { $invalid_recipients = implode(", ", array_map("htmlspecialchars_uni", $invalid_recipients)); $this->set_error("invalid_recipients", array($invalid_recipients)); return false; } $sender_permissions = user_permissions($pm['fromid']); // Are we trying to send this message to more users than the permissions allow? if ($sender_permissions['maxpmrecipients'] > 0 && count($recipients) > $sender_permissions['maxpmrecipients'] && $this->admin_override != true) { $this->set_error("too_many_recipients", array($sender_permissions['maxpmrecipients'])); } // Now we're done with that we loop through each recipient foreach ($recipients as $user) { // Collect group permissions for this recipient. $recipient_permissions = user_permissions($user['uid']); // See if the sender is on the recipients ignore list and that either // - admin_override is set or // - sender is an administrator if ($this->admin_override != true && $sender_permissions['cancp'] != 1) { $ignorelist = explode(",", $user['ignorelist']); foreach ($ignorelist as $uid) { if ($uid == $pm['fromid']) { $this->set_error("recipient_is_ignoring", array($user['username'])); } } // Can the recipient actually receive private messages based on their permissions or user setting? if (($user['receivepms'] == 0 || $recipient_permissions['canusepms'] == 0) && !$pm['saveasdraft']) { $this->set_error("recipient_pms_disabled", array($user['username'])); return false; } } // Check to see if the user has reached their private message quota - if they have, email them. if ($recipient_permissions['pmquota'] != "0" && $user['totalpms'] >= $recipient_permissions['pmquota'] && $recipient_permissions['cancp'] != 1 && $sender_permissions['cancp'] != 1 && !$pm['saveasdraft'] && !$this->admin_override) { if (trim($user['language']) != '' && $lang->language_exists($user['language'])) { $uselang = trim($user['language']); } elseif ($mybb->settings['bblanguage']) { $uselang = $mybb->settings['bblanguage']; } else { $uselang = "english"; } if ($uselang == $mybb->settings['bblanguage'] || !$uselang) { $emailsubject = $lang->emailsubject_reachedpmquota; $emailmessage = $lang->email_reachedpmquota; } else { $userlang = new MyLanguage(); $userlang->set_path(MYBB_ROOT . "inc/languages"); $userlang->set_language($uselang); $userlang->load("messages"); $emailsubject = $userlang->emailsubject_reachedpmquota; $emailmessage = $userlang->email_reachedpmquota; } $emailmessage = $lang->sprintf($emailmessage, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl']); $emailsubject = $lang->sprintf($emailsubject, $mybb->settings['bbname']); my_mail($user['email'], $emailsubject, $emailmessage); if ($this->admin_override != true) { $this->set_error("recipient_reached_quota", array($user['username'])); } } // Everything looks good, assign some specifics about the recipient $pm['recipients'][$user['uid']] = array("uid" => $user['uid'], "username" => $user['username'], "email" => $user['email'], "lastactive" => $user['lastactive'], "pmnotice" => $user['pmnotice'], "pmnotify" => $user['pmnotify'], "language" => $user['language']); // If this recipient is defined as a BCC recipient, save it if ($user['bcc'] == 1) { $pm['recipients'][$user['uid']]['bcc'] = 1; } } return true; }