/**
* Check if the current user has permission to perform a ModCP action on another user
*
* @param int The user ID to perform the action on.
* @param int the moderators user ID
* @return boolean True if the user has necessary permissions
*/
function modcp_can_manage_user($uid)
{
global $mybb;
$user_permissions = user_permissions($uid);
// Current user is only a local moderator or use with ModCP permissions, cannot manage super mods or admins
if ($mybb->usergroup['issupermod'] == 0 && ($user_permissions['issupermod'] == 1 || $user_permissions['cancp'] == 1)) {
return false;
} else {
if ($user_permissions['cancp'] == 1 && ($mybb->usergroup['cancp'] != 1 || is_super_admin($uid) && !is_super_admin($mybb->user['uid']))) {
return false;
}
}
return true;
}
function automedia_flv($message)
{
global $mybb, $db, $post, $postrow, $pmid, $memprofile, $width, $height;
/**
*Example:
*www.gugelproductions.de/blog/wp-content/fltest.flv
*/
if (preg_match('<a href=\\"(http://)?(www.)?(.*)\\.flv\\">isU', $message)) {
if (THIS_SCRIPT == "private.php") {
$priv = intval($pmid);
$query = $db->simple_select("privatemessages", "fromid", "pmid='{$priv}'");
$privuid = $db->fetch_array($query);
$puid = intval($privuid['fromid']);
} else {
if (THIS_SCRIPT == "usercp.php") {
$puid = intval($mybb->user['uid']);
} else {
if (THIS_SCRIPT == "member.php") {
$puid = intval($memprofile['uid']);
} else {
if (THIS_SCRIPT == "printthread.php") {
$puid = intval($postrow['uid']);
} else {
$puid = intval($post['uid']);
}
}
}
}
//Get the posters usergroup
$permissions = user_permissions($puid);
switch ($mybb->settings['av_flashadmin']) {
case "admin":
if ($permissions['cancp'] == 1) {
$message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.flv)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object id=\"flowplayer\" width=\"{$width}\" height=\"{$height}\" data=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" type=\"application/x-shockwave-flash\"><param name=\"movie\" value=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" /><param name=\"allowfullscreen\" value=\"true\" /><param name=\"flashvars\" value='config={\"clip\":{\"url\":\"\$2\$3\$4/\$5\",\"autoPlay\":false}}' /></object></div>", $message);
}
break;
case "mods":
if ($permissions['cancp'] == 1 || $permissions['canmodcp'] == 1) {
$message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.flv)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object id=\"flowplayer\" width=\"{$width}\" height=\"{$height}\" data=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" type=\"application/x-shockwave-flash\"><param name=\"movie\" value=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" /><param name=\"allowfullscreen\" value=\"true\" /><param name=\"flashvars\" value='config={\"clip\":{\"url\":\"\$2\$3\$4/\$5\",\"autoPlay\":false}}' /></object></div>", $message);
}
break;
case "all":
$message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.flv)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object id=\"flowplayer\" width=\"{$width}\" height=\"{$height}\" data=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" type=\"application/x-shockwave-flash\"><param name=\"movie\" value=\"{$mybb->settings['bburl']}/inc/plugins/automedia/mediaplayer/flowplayer-3.2.7.swf\" /><param name=\"allowfullscreen\" value=\"true\" /><param name=\"flashvars\" value='config={\"clip\":{\"url\":\"\$2\$3\$4/\$5\",\"autoPlay\":false}}' /></object></div>", $message);
break;
}
}
return $message;
}
function automedia_swf($message)
{
global $mybb, $db, $post, $postrow, $pmid, $memprofile, $width, $height;
/**
*Example:
*http://www.arcadecabin.com/games/crazy-taxi.swf
*/
if (preg_match('<a href=\\"(http://)?(www.)?(.*)\\.swf\\">isU', $message)) {
if (THIS_SCRIPT == "private.php") {
$priv = intval($pmid);
$query = $db->simple_select("privatemessages", "fromid", "pmid='{$priv}'");
$privuid = $db->fetch_array($query);
$puid = intval($privuid['fromid']);
} else {
if (THIS_SCRIPT == "usercp.php") {
$puid = intval($mybb->user['uid']);
} else {
if (THIS_SCRIPT == "member.php") {
$puid = intval($memprofile['uid']);
} else {
if (THIS_SCRIPT == "printthread.php") {
$puid = intval($postrow['uid']);
} else {
$puid = intval($post['uid']);
}
}
}
}
//Get the posters usergroup
$permissions = user_permissions($puid);
switch ($mybb->settings['av_flashadmin']) {
case "admin":
if ($permissions['cancp'] == 1) {
$message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.swf)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object classid=\"CLSID:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0\" width=\"{$width}\" height=\"{$height}\"><param name=\"movie\" value=\"\$2\$3\$4/\$5\" /><param name=\"menu\" value=\"true\" /><param name=\"autostart\" value=\"0\" /><embed src=\"\$2\$3\$4/\$5\" width=\"{$width}\" height=\"{$height}\" type=\"application/x-shockwave-flash\" menu=\"false\" autostart=\"false\"></embed></object></div>", $message);
}
break;
case "mods":
if ($permissions['cancp'] == 1 || $permissions['canmodcp'] == 1) {
$message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.swf)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object classid=\"CLSID:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0\" width=\"{$width}\" height=\"{$height}\"><param name=\"movie\" value=\"\$2\$3\$4/\$5\" /><param name=\"menu\" value=\"true\" /><param name=\"autostart\" value=\"0\" /><embed src=\"\$2\$3\$4/\$5\" width=\"{$width}\" height=\"{$height}\" type=\"application/x-shockwave-flash\" menu=\"false\" autostart=\"false\"></embed></object></div>", $message);
}
break;
case "all":
$message = preg_replace("#(\\[automedia\\]|<a href=\"(http://)?(www.)?(.*)/([\\w/ &;%\\.-]+\\.swf)(\\[/automedia\\]|\" target=\"_blank\">)(.*?)</a>)#i", "<div class=\"am_embed\"><object classid=\"CLSID:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0\" width=\"{$width}\" height=\"{$height}\"><param name=\"movie\" value=\"\$2\$3\$4/\$5\" /><param name=\"menu\" value=\"true\" /><param name=\"autostart\" value=\"0\" /><embed src=\"\$2\$3\$4/\$5\" width=\"{$width}\" height=\"{$height}\" type=\"application/x-shockwave-flash\" menu=\"false\" autostart=\"false\"></embed></object></div>", $message);
break;
}
}
return $message;
}
$plugins->run_hooks("reputation_start");
// Check if the reputation system is globally disabled or not.
if ($mybb->settings['enablereputation'] != 1) {
error($lang->reputation_disabled);
}
// Does this user have permission to view the board?
if ($mybb->usergroup['canview'] != 1) {
error_no_permission();
}
// If we have a specified incoming username, validate it and fetch permissions for it
$uid = $mybb->get_input('uid', MyBB::INPUT_INT);
$user = get_user($uid);
if (!$user) {
error($lang->add_no_uid);
}
$user_permissions = user_permissions($uid);
$mybb->input['action'] = $mybb->get_input('action');
// Here we perform our validation when adding a reputation to see if the user
// has permission or not. This is done here to save duplicating the same code.
if ($mybb->input['action'] == "add" || $mybb->input['action'] == "do_add") {
// This user doesn't have permission to give reputations.
if ($mybb->usergroup['cangivereputations'] != 1) {
$message = $lang->add_no_permission;
if ($mybb->input['nomodal']) {
eval("\$error = \"" . $templates->get("reputation_add_error_nomodal", 1, 0) . "\";");
} else {
eval("\$error = \"" . $templates->get("reputation_add_error", 1, 0) . "\";");
}
echo $error;
exit;
}
/**
* Verifies the video count.
*
* @return boolean True when valid, false when not valid.
*/
function verify_video_count()
{
global $mybb, $db;
$post =& $this->data;
// Get the permissions of the user who is making this post or thread
$permissions = user_permissions($post['uid']);
// Check if this post contains more videos than the forum allows
if ((!isset($post['savedraft']) || $post['savedraft'] != 1) && $mybb->settings['maxpostvideos'] != 0 && $permissions['cancp'] != 1) {
// And count the number of video tags in the message.
$video_count = substr_count($post['message'], "[video=");
if ($video_count > $mybb->settings['maxpostvideos']) {
// Throw back a message if over the count with the number of images as well as the maximum number of images per post.
$this->set_error("too_many_videos", array(1 => $video_count, 2 => $mybb->settings['maxpostvideos']));
return false;
}
}
}
function automedia_flash()
{
global $mybb;
// Get message for quick edit
if ($mybb->input['do'] == "update_post") {
$message = (string) $mybb->input['value'];
} else {
$message = $mybb->input['message'];
}
$permissions = user_permissions((int) $mybb->user['uid']);
switch ($mybb->settings['av_flashadmin']) {
case "admin":
if ($permissions['cancp'] != 1) {
$message = preg_replace('#(http://)?(www.)?(.*)\\.flv#i', '[amoff]$1$2$3.flv[/amoff]', $message);
$message = preg_replace('#(http://)?(www.)?(.*)\\.swf#i', '[amoff]$1$2$3.swf[/amoff]', $message);
}
break;
case "mods":
if ($permissions['cancp'] != 1 && $permissions['canmodcp'] != 1) {
$message = preg_replace('#(http://)?(www.)?(.*)\\.flv#i', '[amoff]$1$2$3.flv[/amoff]', $message);
$message = preg_replace('#(http://)?(www.)?(.*)\\.swf#i', '[amoff]$1$2$3.swf[/amoff]', $message);
}
break;
}
return $message;
}
function get_user_info_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $parser, $displaygroupfields;
$lang->load("member");
$input = Tapatalk_Input::filterXmlInput(array('user_name' => Tapatalk_Input::STRING, 'user_id' => Tapatalk_Input::INT), $xmlrpc_params);
if ($mybb->usergroup['canviewprofiles'] == 0) {
error_no_permission();
}
if (isset($input['user_id']) && !empty($input['user_id'])) {
$uid = $input['user_id'];
} elseif (!empty($input['user_name'])) {
$query = $db->simple_select("users", "uid", "username='******'user_name_esc']}'");
$uid = $db->fetch_field($query, "uid");
} else {
$uid = $mybb->user['uid'];
}
if ($mybb->user['uid'] != $uid) {
$memprofile = get_user($uid);
} else {
$memprofile = $mybb->user;
}
if (!$memprofile['uid']) {
error($lang->error_nomember);
}
// Get member's permissions
$memperms = user_permissions($memprofile['uid']);
if (!$memprofile['displaygroup']) {
$memprofile['displaygroup'] = $memprofile['usergroup'];
}
// Grab the following fields from the user's displaygroup
$displaygroupfields = array("title", "usertitle", "stars", "starimage", "image", "usereputationsystem");
$displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
// Get the user title for this user
unset($usertitle);
unset($stars);
if (trim($memprofile['usertitle']) != '') {
// User has custom user title
$usertitle = $memprofile['usertitle'];
} elseif (trim($displaygroup['usertitle']) != '') {
// User has group title
$usertitle = $displaygroup['usertitle'];
} else {
// No usergroup title so get a default one
$query = $db->simple_select("usertitles", "*", "", array('order_by' => 'posts', 'order_dir' => 'DESC'));
while ($title = $db->fetch_array($query)) {
if ($memprofile['postnum'] >= $title['posts']) {
$usertitle = $title['title'];
$stars = $title['stars'];
$starimage = $title['starimage'];
break;
}
}
}
// User is currently online and this user has permissions to view the user on the WOL
$timesearch = TIME_NOW - $mybb->settings['wolcutoffmins'] * 60;
$query = $db->simple_select("sessions", "location,nopermission", "uid='{$uid}' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
$session = $db->fetch_array($query);
if (($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid']) && !empty($session)) {
// Fetch their current location
$lang->load("online");
require_once MYBB_ROOT . "inc/functions_online.php";
$activity = fetch_wol_activity($session['location'], $session['nopermission']);
/*unset($activity['tid']);
unset($activity['fid']);
unset($activity['pid']);
unset($activity['eid']);
unset($activity['aid']);*/
$location = strip_tags(build_friendly_wol_location($activity));
$location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
$online = true;
} else {
$online = false;
}
// Get custom fields start
$custom_fields_list = array();
if ($memprofile['birthday']) {
$membday = explode("-", $memprofile['birthday']);
if ($memprofile['birthdayprivacy'] != 'none') {
if ($membday[0] && $membday[1] && $membday[2]) {
$lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday']));
if ($membday[2] >= 1970) {
$w_day = date("l", mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]));
$membday = format_bdays($mybb->settings['dateformat'], $membday[1], $membday[0], $membday[2], $w_day);
} else {
$bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]);
$membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]);
$membday = date($bdayformat, $membday);
}
$membdayage = $lang->membdayage;
} elseif ($membday[2]) {
$membday = mktime(0, 0, 0, 1, 1, $membday[2]);
$membday = date("Y", $membday);
$membdayage = '';
} else {
$membday = mktime(0, 0, 0, $membday[1], $membday[0], 0);
$membday = date("F j", $membday);
$membdayage = '';
}
}
if ($memprofile['birthdayprivacy'] == 'age') {
$membday = $lang->birthdayhidden;
} else {
if ($memprofile['birthdayprivacy'] == 'none') {
$membday = $lang->birthdayhidden;
$membdayage = '';
}
}
$custom_fields_list[] = new xmlrpcval(array('name' => new xmlrpcval(basic_clean($lang->date_of_birth), 'base64'), 'value' => new xmlrpcval(basic_clean("{$membday} {$membdayage}"), 'base64')), 'struct');
}
// thank you/like field
global $mobiquo_config;
$prefix = $mobiquo_config['thlprefix'];
if ($mybb->settings[$prefix . 'enabled'] == "1") {
$lang->load("thankyoulike");
if ($mybb->settings[$prefix . 'thankslike'] == "like") {
$lang->tyl_total_tyls_given = $lang->tyl_total_likes_given;
$lang->tyl_total_tyls_rcvd = $lang->tyl_total_likes_rcvd;
} else {
if ($mybb->settings[$prefix . 'thankslike'] == "thanks") {
$lang->tyl_total_tyls_given = $lang->tyl_total_thanks_given;
$lang->tyl_total_tyls_rcvd = $lang->tyl_total_thanks_rcvd;
}
}
$daysreg = (TIME_NOW - $memprofile['regdate']) / (24 * 3600);
$tylpd = $memprofile['tyl_unumtyls'] / $daysreg;
$tylpd = round($tylpd, 2);
if ($tylpd > $memprofile['tyl_unumtyls']) {
$tylpd = $memprofile['tyl_unumtyls'];
}
$tylrcvpd = $memprofile['tyl_unumrcvtyls'] / $daysreg;
$tylrcvpd = round($tylrcvpd, 2);
if ($tylrcvpd > $memprofile['tyl_unumrcvtyls']) {
$tylrcvpd = $memprofile['tyl_unumrcvtyls'];
}
// Get total tyl and percentage
$options = array("limit" => 1);
$query = $db->simple_select($prefix . "stats", "*", "title='total'", $options);
$total = $db->fetch_array($query);
if ($total['value'] == 0) {
$percent = "0";
$percent_rcv = "0";
} else {
$percent = $memprofile['tyl_unumtyls'] * 100 / $total['value'];
$percent = round($percent, 2);
$percent_rcv = $memprofile['tyl_unumrcvtyls'] * 100 / $total['value'];
$percent_rcv = round($percent_rcv, 2);
}
if ($percent > 100) {
$percent = 100;
}
if ($percent_rcv > 100) {
$percent_rcv = 100;
}
$memprofile['tyl_unumtyls'] = my_number_format($memprofile['tyl_unumtyls']);
$memprofile['tyl_unumrcvtyls'] = my_number_format($memprofile['tyl_unumrcvtyls']);
$tylpd_percent_total = $lang->sprintf($lang->tyl_tylpd_percent_total, my_number_format($tylpd), $tyl_thankslikes_given, $percent);
$tylrcvpd_percent_total = $lang->sprintf($lang->tyl_tylpd_percent_total, my_number_format($tylrcvpd), $tyl_thankslikes_rcvd, $percent_rcv);
addCustomField($lang->tyl_total_tyls_given, "{$memprofile['tyl_unumtyls']} ({$tylpd_percent_total})", $custom_fields_list);
addCustomField($lang->tyl_total_tyls_rcvd, "{$memprofile['tyl_unumrcvtyls']} ({$tylrcvpd_percent_total})", $custom_fields_list);
}
if ($memprofile['timeonline'] > 0) {
$timeonline = nice_time($memprofile['timeonline']);
addCustomField($lang->timeonline, $timeonline, $custom_fields_list);
}
if ($mybb->settings['usereferrals'] == 1 && $memprofile['referrals'] > 0) {
addCustomField($lang->members_referred, $memprofile['referrals'], $custom_fields_list);
}
if ($memperms['usereputationsystem'] == 1 && $displaygroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1 && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep'])) {
addCustomField($lang->reputation, $memprofile['reputation'], $custom_fields_list);
}
if ($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || $mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)) {
$warning_level = round($memprofile['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100);
if ($warning_level > 100) {
$warning_level = 100;
}
addCustomField($lang->warning_level, $warning_level . '%', $custom_fields_list);
}
if ($memprofile['website']) {
$memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
addCustomField($lang->homepage, $memprofile['website'], $custom_fields_list);
}
if ($memprofile['icq']) {
addCustomField($lang->icq_number, $memprofile['icq'], $custom_fields_list);
}
if ($memprofile['aim']) {
addCustomField($lang->aim_screenname, $memprofile['aim'], $custom_fields_list);
}
if ($memprofile['yahoo']) {
addCustomField($lang->yahoo_id, $memprofile['yahoo'], $custom_fields_list);
}
if ($memprofile['msn']) {
addCustomField($lang->msn, $memprofile['msn'], $custom_fields_list);
}
$query = $db->simple_select("userfields", "*", "ufid='{$uid}'");
$userfields = $db->fetch_array($query);
if ($mybb->usergroup['cancp'] == 1 || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['canmodcp'] == 1) {
$field_hidden = '1=1';
} else {
$field_hidden = "hidden=0";
}
$query = $db->simple_select("profilefields", "*", "{$field_hidden}", array('order_by' => 'disporder'));
while ($customfield = $db->fetch_array($query)) {
$thing = explode("\n", $customfield['type'], "2");
$type = trim($thing[0]);
$field = "fid{$customfield['fid']}";
$useropts = explode("\n", $userfields[$field]);
$customfieldval = $comma = '';
if (is_array($useropts) && ($type == "multiselect" || $type == "checkbox")) {
$customfieldval = $userfields[$field];
} else {
$customfieldval = $parser->parse_badwords($userfields[$field]);
}
$customfield['name'] = htmlspecialchars_uni($customfield['name']);
if ($customfieldval) {
addCustomField($customfield['name'], $customfieldval, $custom_fields_list);
}
}
if ($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW)) {
$sig_parser = array("allow_html" => $mybb->settings['sightml'], "allow_mycode" => $mybb->settings['sigmycode'], "allow_smilies" => $mybb->settings['sigsmilies'], "allow_imgcode" => $mybb->settings['sigimgcode'], "me_username" => $memprofile['username'], "filter_badwords" => 1);
$memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser);
$lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']);
addCustomField($lang->users_signature, $memprofile['signature'], $custom_fields_list);
}
// Get custom fields end
$query = $db->simple_select("banned", "uid", "uid='{$uid}'");
$isbanned = !!$db->fetch_field($query, "uid");
$xmlrpc_user_info = array('user_id' => new xmlrpcval($memprofile['uid'], 'string'), 'username' => new xmlrpcval(basic_clean($memprofile['username']), 'base64'), 'user_name' => new xmlrpcval(basic_clean($memprofile['username']), 'base64'), 'user_type' => check_return_user_type($memprofile['username']), 'post_count' => new xmlrpcval($memprofile['postnum'], 'int'), 'reg_time' => new xmlrpcval(mobiquo_iso8601_encode($memprofile['regdate']), 'dateTime.iso8601'), 'timestamp_reg' => new xmlrpcval($memprofile['regdate'], 'string'), 'last_activity_time' => new xmlrpcval(mobiquo_iso8601_encode($memprofile['lastactive']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($memprofile['lastactive'], 'string'), 'is_online' => new xmlrpcval($online, 'boolean'), 'accept_pm' => new xmlrpcval($memprofile['receivepms'], 'boolean'), 'display_text' => new xmlrpcval($usertitle, 'base64'), 'icon_url' => new xmlrpcval(absolute_url($memprofile['avatar']), 'string'), 'current_activity' => new xmlrpcval($location, 'base64'));
if ($mybb->usergroup['canmodcp'] == 1 && $uid != $mybb->user['uid']) {
$xmlrpc_user_info['can_ban'] = new xmlrpcval(ture, 'boolean');
}
if ($isbanned) {
$xmlrpc_user_info['is_ban'] = new xmlrpcval(ture, 'boolean');
}
$xmlrpc_user_info['custom_fields_list'] = new xmlrpcval($custom_fields_list, 'array');
return new xmlrpcresp(new xmlrpcval($xmlrpc_user_info, 'struct'));
}
function ps_MakeTable()
{
global $mybb, $db, $theme, $lang, $templates, $parser, $unviewables, $vcheck, $under_mod_forums_arr, $lightbulb, $unread_forums, $ps_align;
$lang->load("prostats");
$right_cols = $left_cols = $middle_cols = $extra_content = $extra_content_1_2 = $extra_content_3_4 = $extra_content_5_6 = $remote_msg = "";
$num_columns = 3;
$ps_align = $lang->settings['rtl'] ? "right" : "left";
$ps_ralign = $lang->settings['rtl'] ? "left" : "right";
//Highlighting under moderation posts
$_psGU = ps_GetUnviewable("t");
$unviewables = array('string' => $_psGU[0], 'array' => $_psGU[1]);
$user_perms = user_permissions($mybb->user['uid']);
if ($mybb->settings['ps_highlight']) {
$_groups = $mybb->user['usergroup'];
if (!empty($mybb->user['additionalgroups'])) {
$_groups .= ",'{$mybb->user['additionalgroups']}'";
}
$_query1 = $db->simple_select("moderators", "*", "((id IN ({$_groups}) AND isgroup='1') OR (id='{$mybb->user['uid']}' AND isgroup='0'))");
while ($results1 = $db->fetch_array($_query1)) {
$parent_mod_forums[] = " parentlist LIKE '%" . $results1['fid'] . "%' ";
}
if (count($parent_mod_forums)) {
$_query2 = $db->simple_select("forums", "fid", implode($parent_mod_forums, "OR"));
while ($results2 = $db->fetch_array($_query2)) {
$under_mod_forums_arr[] = $results2['fid'];
}
if (count($under_mod_forums_arr)) {
$moderated_forums = implode($under_mod_forums_arr, ',');
$vcheck = " OR t.fid IN (" . $moderated_forums . ") ";
}
}
}
if ($user_perms['issupermod'] == 1) {
$vcheck = " OR '1'='1' ";
}
if ($mybb->settings['ps_latest_posts'] == 1) {
$middle_cols = ps_GetNewestPosts($mybb->settings['ps_num_rows']);
$num_columns = 4;
}
for ($i = 1; $i < 7; ++$i) {
$extra_cell[$i] = $mybb->settings['ps_cell_' . $i];
}
$extra_row[1] = $extra_row[2] = $extra_row[3] = 2;
$extra_cols = 3;
if ($extra_cell[5] > 0) {
$trow = "trow2";
$extra_cols = 3;
if ($extra_cell[6] == 0) {
$extra_row[3] = 1;
$single_extra_content = ps_GetExtraData($extra_cell[5], true);
eval("\$extra_content_5_6 = \"" . $templates->get("prostats_onerowextra") . "\";");
} else {
$extra_content_one = ps_GetExtraData($extra_cell[5]);
$extra_content_two = ps_GetExtraData($extra_cell[6]);
eval("\$extra_content_5_6 = \"" . $templates->get("prostats_tworowextra") . "\";");
}
}
if ($extra_cell[3] > 0) {
$trow = "trow1";
$extra_cols = 2;
if ($extra_cell[4] == 0) {
$extra_row[2] = 1;
$single_extra_content = ps_GetExtraData($extra_cell[3], true);
eval("\$extra_content_3_4 = \"" . $templates->get("prostats_onerowextra") . "\";");
} else {
$extra_content_one = ps_GetExtraData($extra_cell[3]);
$extra_content_two = ps_GetExtraData($extra_cell[4]);
eval("\$extra_content_3_4 = \"" . $templates->get("prostats_tworowextra") . "\";");
}
}
if ($extra_cell[1] > 0) {
$trow = "trow2";
$extra_cols = 1;
if ($extra_cell[2] == 0) {
$extra_row[1] = 1;
$single_extra_content = ps_GetExtraData($extra_cell[1], true);
eval("\$extra_content_1_2 = \"" . $templates->get("prostats_onerowextra") . "\";");
} else {
$extra_content_one = ps_GetExtraData($extra_cell[1]);
$extra_content_two = ps_GetExtraData($extra_cell[2]);
eval("\$extra_content_1_2 = \"" . $templates->get("prostats_tworowextra") . "\";");
}
}
if ($lang->settings['rtl']) {
$extra_content = $extra_content_5_6 . $extra_content_3_4 . $extra_content_1_2;
$mybb->settings['ps_latest_posts_pos'] ? $right_cols = $extra_content : ($left_cols = $extra_content);
} else {
$extra_content = $extra_content_1_2 . $extra_content_3_4 . $extra_content_5_6;
$mybb->settings['ps_latest_posts_pos'] ? $left_cols = $extra_content : ($right_cols = $extra_content);
}
$prostats_content = $left_cols . $middle_cols . $right_cols;
if ($mybb->settings['ps_trow_message'] != "") {
$prostats_message = unhtmlentities(htmlspecialchars_uni($mybb->settings['ps_trow_message']));
if ($mybb->settings['ps_trow_message_pos'] == 0) {
eval("\$trow_message_top = \"" . $templates->get("prostats_message") . "\";");
} else {
eval("\$trow_message_down = \"" . $templates->get("prostats_message") . "\";");
}
}
if ($mybb->settings['ps_surprise'] && $mybb->user['uid'] && $mybb->usergroup['cancp']) {
prostats_g();
$remote_msg .= '<a href="http://prostats.wordpress.com/surprises/"><embed src="' . $mybb->psga['surprise_link'] . '" type="image/svg+xml" /></a>';
}
if ($mybb->settings['ps_chkupdates'] && $mybb->user['uid'] && $mybb->usergroup['cancp']) {
prostats_g();
$remote_msg .= '<a href="http://prostats.wordpress.com/"><embed src="' . $mybb->psga['update_popup_link'] . '" type="image/svg+xml" /></a>';
}
eval("\$prostats = \"" . $templates->get("prostats") . "\";");
return $prostats;
}
/**
* Gets the usercp Enhanced Account Switcher page and handles all actions.
*
*/
function accountswitcher_usercp()
{
global $db, $mybb, $lang, $templates, $theme, $eas, $headerinclude, $header, $usercpnav, $usercpmenu, $as_usercp, $as_usercp_options, $as_usercp_privacy, $as_usercp_users, $as_usercp_userbit, $as_usercp_input, $footer, $shareuser, $attachedOneName, $attachedOneUID, $as_sec_account, $sec_check, $checkbox, $privacy_check, $as_usercp_privacy_master, $buddy_check, $as_usercp_buddyshare, $colspan, $user_sec_reason;
if (!isset($lang->as_isshared)) {
$lang->load("accountswitcher");
}
// Get the master account of the current user
$master = get_user((int) $mybb->user['as_uid']);
// Get the number of attached ones
$count = $eas->get_attached($mybb->user['uid']);
// Get limit for users group, declare variables
$limit = (int) $mybb->usergroup['as_limit'];
$user_sec_reason = htmlspecialchars_uni($mybb->user['as_secreason']);
$as_usercp_input = $colspan = $shareuser = $as_sec_account = $sec_check = $privacy_check = $as_usercp_privacy = $as_usercp_privacy_master = $buddy_check = $as_usercp_buddyshare = '';
// Check if user can use the Enhanced Account Switcher or is attached to an account. If yes grant access to the page
if ($mybb->input['action'] == "as_edit" && ($mybb->usergroup['as_canswitch'] == 1 || $mybb->user['as_uid'] != 0 || $mybb->user['as_share'] != 0)) {
add_breadcrumb($lang->nav_usercp, "usercp.php");
add_breadcrumb($lang->as_name);
// Mark secondary accounts, exclude master account
if (isset($mybb->settings['aj_secstyle']) && $mybb->settings['aj_secstyle'] == 1 && $count == 0 && $mybb->user['as_share'] == 0) {
if ($mybb->user['as_sec'] == 1) {
$sec_check = 'checked="checked"';
}
$as_sec_account .= eval($templates->render('accountswitcher_usercp_sec_account'));
}
// Hide account from list
if (isset($mybb->settings['aj_privacy']) && $mybb->settings['aj_privacy'] == 1) {
// Master can hide all attached accounts
if ($mybb->user['as_uid'] == 0 && $count > 0) {
$as_usercp_privacy_master .= eval($templates->render('accountswitcher_usercp_privacy_master'));
}
if ($mybb->user['as_privacy'] == 1) {
$privacy_check = 'checked="checked"';
}
$as_usercp_privacy .= eval($templates->render('accountswitcher_usercp_privacy'));
}
// If the user account is shared
if ($mybb->user['as_share'] != 0) {
if ($mybb->user['as_buddyshare'] == 1) {
$buddy_check = 'checked="checked"';
}
if ($mybb->user['buddylist'] != '') {
$buddylist = explode(",", $mybb->user['buddylist']);
}
if (!empty($buddylist)) {
$as_usercp_buddyshare .= eval($templates->render('accountswitcher_usercp_buddyshare'));
}
// Build the detach button
if ($mybb->user['as_buddyshare'] != 0) {
$lang->as_isshared = $lang->as_isshared_buddy;
}
$as_usercp_input .= eval($templates->render('accountswitcher_usercp_unshare'));
$as_usercp_options = eval($templates->render('accountswitcher_usercp_options'));
} elseif ($mybb->user['as_uid'] != 0) {
$colspan = 'colspan="2"';
$lang->as_isattached = $lang->sprintf($lang->as_isattached, htmlspecialchars_uni($master['username']));
// Build the detach button
$as_usercp_input .= eval($templates->render('accountswitcher_usercp_attached_detach'));
$as_usercp_options = eval($templates->render('accountswitcher_usercp_options'));
} else {
// If limit is set to 0 = unlimited
if ($limit != 0) {
$lang->as_usercp_attached = $lang->sprintf($lang->as_usercp_attached, (int) $count, $limit);
} else {
$lang->as_usercp_attached = $lang->sprintf($lang->as_usercp_attached, (int) $count, $lang->as_unlimited);
}
// If there are no users attached grant full acccess
if ($count == 0) {
$colspan = 'colspan="2"';
if (isset($mybb->settings['aj_shareuser']) && $mybb->settings['aj_shareuser'] == 1) {
$shareuser = eval($templates->render('accountswitcher_usercp_shareuser'));
}
$as_usercp_input .= eval($templates->render('accountswitcher_usercp_free_attach'));
$as_usercp_options = eval($templates->render('accountswitcher_usercp_options'));
}
// If there are users attached allow only user attachment
if ($count != 0) {
$as_usercp_input .= eval($templates->render('accountswitcher_usercp_master_attach'));
$as_usercp_options = eval($templates->render('accountswitcher_usercp_options'));
// Get attached ones from the cache
$accounts = $eas->accountswitcher_cache;
if (is_array($accounts)) {
foreach ($accounts as $key => $account) {
$attachedOneUID = (int) $account['uid'];
$attachedOneName = htmlspecialchars_uni($account['username']);
if ($account['as_uid'] == $mybb->user['uid']) {
$as_usercp_userbit .= eval($templates->render('accountswitcher_usercp_attached_userbit'));
}
}
$as_usercp_users = eval($templates->render('accountswitcher_usercp_attached_users'));
}
}
}
$as_usercp = eval($templates->render('accountswitcher_usercp'));
output_page($as_usercp);
exit;
}
//########## ACTIONS ##########
// Attach current user to another account
if ($mybb->input['action'] == "as_attach" && $mybb->input['select'] == "attachme" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
// Check if current user is already attached
if ($mybb->user['as_uid'] != 0) {
error($lang->as_alreadyattached);
}
// Validate input
$select = $db->escape_string($mybb->get_input('select'));
$username = $db->escape_string($mybb->get_input('username'));
$password = $db->escape_string($mybb->get_input('password'));
// Get the target
$targetUser = get_user_by_username($username);
$target = get_user($targetUser['uid']);
// User exist? Password correct?
if (!$target) {
error($lang->as_invaliduser);
}
if (validate_password_from_uid($target['uid'], $password) == false) {
error($lang->as_invaliduser);
}
// Check targets permission and limit
$permission = user_permissions((int) $target['uid']);
// Count number of attached accounts
$count = $eas->get_attached($target['uid']);
// If other user is shared or already attached return
if ($target['as_uid'] != 0 || $target['as_share'] != 0) {
error($lang->as_alreadyattached);
}
// If target has permission
if ($permission['as_canswitch'] == 0) {
error($lang->as_usercp_nopermission);
}
if ($permission['as_limit'] != 0 && $count == $permission['as_limit']) {
error($lang->as_limitreached);
}
// Set uid of the new master
$as_uid = array("as_uid" => (int) $target['uid']);
// Update database
$db->update_query("users", $as_uid, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_attach_success);
}
// Detach current user from master
if ($mybb->input['action'] == "as_detach" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
// Reset master uid
$as_uid = array("as_uid" => 0);
// Update database
if ($db->update_query("users", $as_uid, "uid='" . (int) $mybb->user['uid'] . "'")) {
$eas->update_accountswitcher_cache();
// If user can use Enhanced Account Switcher stay here
if ($mybb->usergroup['as_canswitch'] == 1) {
redirect("usercp.php?action=as_edit", $lang->aj_update_success);
}
// Else redirect to usercp
redirect("usercp.php", $lang->aj_detach_success);
}
}
// Attach an user to the current account
if ($mybb->input['action'] == "as_attach" && $mybb->input['select'] == "attachuser" && $mybb->request_method == "post" && $mybb->user['as_uid'] == 0) {
verify_post_check($mybb->get_input('my_post_key'));
// Validate input
$select = $db->escape_string($mybb->get_input('select'));
$username = $db->escape_string($mybb->get_input('username'));
$password = $db->escape_string($mybb->get_input('password'));
// Get the target
$targetUser = get_user_by_username($username);
$target = get_user($targetUser['uid']);
// User exist? Password correct?
if (!$target) {
error($lang->as_invaliduser);
}
if (validate_password_from_uid($target['uid'], $password) == false) {
error($lang->as_invaliduser);
}
// Check targets permission and limit
$permission = user_permissions((int) $target['uid']);
// Count number of attached accounts
$count = $eas->get_attached($mybb->user['uid']);
$counttarget = $eas->get_attached($target['uid']);
// If other user is shared or already attached return
if ($target['as_uid'] != 0 || $target['as_share'] != 0 || $counttarget > 0) {
error($lang->as_alreadyattached);
}
// If we have permission
if ($mybb->usergroup['as_canswitch'] == 0) {
error($lang->as_usercp_nopermission);
}
if ($mybb->usergroup['as_limit'] != 0 && $count == $mybb->usergroup['as_limit']) {
error($lang->as_limitreached);
}
// Set his new masters uid
$as_uid = array("as_uid" => (int) $mybb->user['uid']);
// Update database
$db->update_query("users", $as_uid, "uid='" . (int) $target['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_attach_success);
}
// Detach user from current account
if ($mybb->input['action'] == "as_detachuser" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
// Validate input
if (!is_numeric($mybb->input['uid'])) {
die("UID must be numeric!");
}
// Reset master uid
$as_uid = array("as_uid" => 0);
$db->update_query("users", $as_uid, "uid='" . $mybb->get_input('uid', MyBB::INPUT_INT) . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_detach_success);
}
// Share the current account
if ($mybb->input['action'] == "as_attach" && $mybb->input['select'] == "shareuser" && $mybb->request_method == "post" && $mybb->user['as_uid'] == 0 && $mybb->settings['aj_shareuser'] == 1) {
verify_post_check($mybb->get_input('my_post_key'));
// Validate input
$select = $db->escape_string($mybb->get_input('select'));
// Update database
$as_share = array("as_share" => 1);
$db->update_query("users", $as_share, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_share_success);
}
// Unshare the current account
if ($mybb->input['action'] == "as_unshare" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
$as_unshare = array("as_share" => 0);
$as_unshareuid = array("as_shareuid" => 0);
$as_unsharebuddy = array("as_buddyshare" => 0);
$db->update_query("users", $as_unshare, "uid='" . (int) $mybb->user['uid'] . "'");
$db->update_query("users", $as_unshareuid, "uid='" . (int) $mybb->user['uid'] . "'");
$db->update_query("users", $as_unsharebuddy, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_unshare_success);
}
// Mark/unmark the current account as secondary
if ($mybb->input['action'] == "do_secaccount" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
$secacc_reason = $mybb->get_input('secacc_reason');
// When account is unmarked delete the reason too
if ($mybb->get_input('secacc', MyBB::INPUT_INT) != 1) {
$secacc_reason = '';
}
$as_secacc = array("as_sec" => $mybb->get_input('secacc', MyBB::INPUT_INT), "as_secreason" => $db->escape_string($secacc_reason));
$db->update_query("users", $as_secacc, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success);
}
// Hide/show the current account on account list
if ($mybb->input['action'] == "do_as_privacy" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
$as_privacc = array("as_privacy" => $mybb->get_input('as_privacy', MyBB::INPUT_INT));
$db->update_query("users", $as_privacc, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success);
}
// Hide the all attached accounts on account list
if ($mybb->input['action'] == "do_as_privacy_master" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
$as_privacc_master = array("as_privacy" => 1);
$db->update_query("users", $as_privacc_master, "uid='" . (int) $mybb->user['uid'] . "'");
$db->update_query("users", $as_privacc_master, "as_uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success);
}
// Unhide the all attached accounts on account list
if ($mybb->input['action'] == "undo_as_privacy_master" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
$as_privacc_master = array("as_privacy" => 0);
$db->update_query("users", $as_privacc_master, "uid='" . (int) $mybb->user['uid'] . "'");
$db->update_query("users", $as_privacc_master, "as_uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success);
}
// Share with buddies only
if ($mybb->input['action'] == "do_buddyshare" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
if ($mybb->user['buddylist'] != '') {
$buddylist = explode(",", $mybb->user['buddylist']);
}
if (!empty($buddylist)) {
$as_buddy_share = array("as_buddyshare" => $mybb->get_input('buddyshare', MyBB::INPUT_INT));
$db->update_query("users", $as_buddy_share, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success);
} else {
error($lang->aj_user_buddy_none);
}
}
}
}
$uid = $mybb->get_input('uid', MyBB::INPUT_INT);
if ($uid) {
$memprofile = get_user($uid);
} elseif ($mybb->user['uid']) {
$memprofile = $mybb->user;
} else {
$memprofile = false;
}
if (!$memprofile) {
error($lang->error_nomember);
}
$uid = $memprofile['uid'];
$lang->profile = $lang->sprintf($lang->profile, $memprofile['username']);
// Get member's permissions
$memperms = user_permissions($memprofile['uid']);
$lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']);
add_breadcrumb($lang->nav_profile);
$lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']);
$lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']);
if ($mybb->settings['enablepms'] != 0 && ($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos("," . $memprofile['ignorelist'] . ",", "," . $mybb->user['uid'] . ",") === false || $mybb->usergroup['canoverridepm'] == 1)) {
$lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']);
} else {
$lang->send_pm = '';
}
$lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
$lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']);
$lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']);
$lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']);
$useravatar = format_avatar($memprofile['avatar'], $memprofile['avatardimensions']);
eval("\$avatar = \"" . $templates->get("member_profile_avatar") . "\";");
/**
* Alert all attached accounts if one of them receives a new pm.
*
*/
function accountswitcher_pm_sent_alert()
{
global $mybb, $lang, $pm, $eas;
if ($mybb->settings['aj_myalerts'] != 1 || !isset($mybb->settings['myalerts_perpage']) || $pm['saveasdraft'] == 1) {
return;
}
if (!isset($lang->aj_newpm_switch_notice_one)) {
$lang->load('accountswitcher');
}
// Get recipients
if (is_array($pm['bcc'])) {
$rec_users = array_merge($pm['to'], $pm['bcc']);
} else {
$rec_users = $pm['to'];
}
$pm_users = array_map("trim", $rec_users);
// Alert Type
$alertType = MybbStuff_MyAlerts_AlertTypeManager::getInstance()->getByCode('accountswitcher_pm');
$alerts = array();
foreach ($pm_users as $recipient) {
$count = 0;
$pmuser = get_user_by_username($recipient);
$user = get_user($pmuser['uid']);
$accounts = $eas->accountswitcher_cache;
if (is_array($accounts)) {
// If recipient is master account send alerts to attached users
foreach ($accounts as $key => $account) {
if ($user['uid'] == $account['as_uid']) {
++$count;
if ($count > 0) {
$alert = new MybbStuff_MyAlerts_Entity_Alert((int) $account['uid'], $alertType, 0);
$alert->setExtraDetails(array('uid' => (int) $user['uid'], 'message' => htmlspecialchars_uni($user['username'])));
$alerts[] = $alert;
}
}
}
}
// If there are no users attached to the current account but the current account is attached to another user
if ($count == 0 && $user['as_uid'] != 0) {
$master = get_user((int) $user['as_uid']);
// Get the masters permission
$permission = user_permissions($master['uid']);
// If the master has permission to use the Enhanced Account Switcher, get the userlist
if ($permission['as_canswitch'] == 1) {
// If recipient is attached account, alert master account
if ($master['uid'] == $user['as_uid']) {
$alert = new MybbStuff_MyAlerts_Entity_Alert((int) $master['uid'], $alertType, 0);
$alert->setExtraDetails(array('uid' => (int) $user['uid'], 'message' => htmlspecialchars_uni($user['username'])));
$alerts[] = $alert;
}
if (is_array($accounts)) {
// If recipient has the same master account, send alert
foreach ($accounts as $key => $account) {
// Leave recipient out
if ($account['uid'] == $user['uid']) {
continue;
}
if ($master['uid'] == $account['as_uid']) {
$alert = new MybbStuff_MyAlerts_Entity_Alert((int) $account['uid'], $alertType, 0);
$alert->setExtraDetails(array('message' => htmlspecialchars_uni($user['username'])));
$alerts[] = $alert;
}
}
}
}
}
// If there are no users attached to the a recipient and the recipient isn't attached to another user
if ($count == 0 && $user['as_uid'] == 0) {
$alert = new MybbStuff_MyAlerts_Entity_Alert((int) $user['uid'], $alertType, 0);
$alert->setExtraDetails(array('message' => htmlspecialchars_uni($user['username'])));
$alerts[] = $alert;
}
if (!empty($alerts)) {
MybbStuff_MyAlerts_AlertManager::getInstance()->addAlerts($alerts);
}
}
}
/**
* Verifies if an array of recipients for a private message are valid
*
* @return boolean True when valid, false when invalid.
*/
function verify_recipient()
{
global $cache, $db, $mybb, $lang;
$pm =& $this->data;
$recipients = array();
$invalid_recipients = array();
// We have our recipient usernames but need to fetch user IDs
if (array_key_exists("to", $pm)) {
foreach (array("to", "bcc") as $recipient_type) {
if (!isset($pm[$recipient_type])) {
$pm[$recipient_type] = array();
}
if (!is_array($pm[$recipient_type])) {
$pm[$recipient_type] = array($pm[$recipient_type]);
}
$pm[$recipient_type] = array_map('trim', $pm[$recipient_type]);
$pm[$recipient_type] = array_filter($pm[$recipient_type]);
// No recipients? Skip query
if (empty($pm[$recipient_type])) {
if ($recipient_type == 'to' && !$pm['saveasdraft']) {
$this->set_error("no_recipients");
return false;
}
continue;
}
$recipientUsernames = array_map(array($db, 'escape_string'), $pm[$recipient_type]);
$recipientUsernames = "'" . implode("','", $recipientUsernames) . "'";
$query = $db->simple_select('users', '*', 'username IN(' . $recipientUsernames . ')');
$validUsernames = array();
while ($user = $db->fetch_array($query)) {
if ($recipient_type == "bcc") {
$user['bcc'] = 1;
}
$recipients[] = $user;
$validUsernames[] = $user['username'];
}
foreach ($pm[$recipient_type] as $username) {
if (!in_array($username, $validUsernames)) {
$invalid_recipients[] = $username;
}
}
}
} else {
foreach (array("toid", "bccid") as $recipient_type) {
if (!isset($pm[$recipient_type])) {
$pm[$recipient_type] = array();
}
if (!is_array($pm[$recipient_type])) {
$pm[$recipient_type] = array($pm[$recipient_type]);
}
$pm[$recipient_type] = array_map('intval', $pm[$recipient_type]);
$pm[$recipient_type] = array_filter($pm[$recipient_type]);
// No recipients? Skip query
if (empty($pm[$recipient_type])) {
if ($recipient_type == 'toid' && !$pm['saveasdraft']) {
$this->set_error("no_recipients");
return false;
}
continue;
}
$recipientUids = "'" . implode("','", $pm[$recipient_type]) . "'";
$query = $db->simple_select('users', '*', 'uid IN(' . $recipientUids . ')');
$validUids = array();
while ($user = $db->fetch_array($query)) {
if ($recipient_type == "bccid") {
$user['bcc'] = 1;
}
$recipients[] = $user;
$validUids[] = $user['uid'];
}
foreach ($pm[$recipient_type] as $uid) {
if (!in_array($uid, $validUids)) {
$invalid_recipients[] = $uid;
}
}
}
}
// If we have one or more invalid recipients and we're not saving a draft, error
if (count($invalid_recipients) > 0) {
$invalid_recipients = implode(", ", array_map("htmlspecialchars_uni", $invalid_recipients));
$this->set_error("invalid_recipients", array($invalid_recipients));
return false;
}
$sender_permissions = user_permissions($pm['fromid']);
// Are we trying to send this message to more users than the permissions allow?
if ($sender_permissions['maxpmrecipients'] > 0 && count($recipients) > $sender_permissions['maxpmrecipients'] && $this->admin_override != true) {
$this->set_error("too_many_recipients", array($sender_permissions['maxpmrecipients']));
}
// Now we're done with that we loop through each recipient
foreach ($recipients as $user) {
// Collect group permissions for this recipient.
$recipient_permissions = user_permissions($user['uid']);
// See if the sender is on the recipients ignore list and that either
// - admin_override is set or
// - sender is an administrator
if ($this->admin_override != true && $sender_permissions['cancp'] != 1 && $sender_permissions['canoverridepm'] != 1) {
$ignorelist = explode(",", $user['ignorelist']);
if (!empty($ignorelist) && in_array($pm['fromid'], $ignorelist)) {
$this->set_error("recipient_is_ignoring", array($user['username']));
}
// Is the recipient only allowing private messages from their buddy list?
if ($mybb->settings['allowbuddyonly'] == 1 && $user['receivefrombuddy'] == 1) {
$buddylist = explode(",", $user['buddylist']);
if (!empty($buddylist) && !in_array($pm['fromid'], $buddylist)) {
$this->set_error("recipient_has_buddy_only", array(htmlspecialchars_uni($user['username'])));
}
}
// Can the recipient actually receive private messages based on their permissions or user setting?
if (($user['receivepms'] == 0 || $recipient_permissions['canusepms'] == 0) && !$pm['saveasdraft']) {
$this->set_error("recipient_pms_disabled", array($user['username']));
return false;
}
}
// Check to see if the user has reached their private message quota - if they have, email them.
if ($recipient_permissions['pmquota'] != "0" && $user['totalpms'] >= $recipient_permissions['pmquota'] && $recipient_permissions['cancp'] != 1 && $sender_permissions['cancp'] != 1 && !$pm['saveasdraft'] && !$this->admin_override) {
if (trim($user['language']) != '' && $lang->language_exists($user['language'])) {
$uselang = trim($user['language']);
} elseif ($mybb->settings['bblanguage']) {
$uselang = $mybb->settings['bblanguage'];
} else {
$uselang = "english";
}
if ($uselang == $mybb->settings['bblanguage'] || !$uselang) {
$emailsubject = $lang->emailsubject_reachedpmquota;
$emailmessage = $lang->email_reachedpmquota;
} else {
$userlang = new MyLanguage();
$userlang->set_path(MYBB_ROOT . "inc/languages");
$userlang->set_language($uselang);
$userlang->load("messages");
$emailsubject = $userlang->emailsubject_reachedpmquota;
$emailmessage = $userlang->email_reachedpmquota;
}
$emailmessage = $lang->sprintf($emailmessage, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl']);
$emailsubject = $lang->sprintf($emailsubject, $mybb->settings['bbname']);
$new_email = array("mailto" => $db->escape_string($user['email']), "mailfrom" => '', "subject" => $db->escape_string($emailsubject), "message" => $db->escape_string($emailmessage), "headers" => '');
$db->insert_query("mailqueue", $new_email);
$cache->update_mailqueue();
if ($this->admin_override != true) {
$this->set_error("recipient_reached_quota", array($user['username']));
}
}
// Everything looks good, assign some specifics about the recipient
$pm['recipients'][$user['uid']] = array("uid" => $user['uid'], "username" => $user['username'], "email" => $user['email'], "lastactive" => $user['lastactive'], "pmnotice" => $user['pmnotice'], "pmnotify" => $user['pmnotify'], "language" => $user['language']);
// If this recipient is defined as a BCC recipient, save it
if ($user['bcc'] == 1) {
$pm['recipients'][$user['uid']]['bcc'] = 1;
}
}
return true;
}
/**
* Checks if a moderator has permissions to perform an action in a specific forum
*
* @param int The forum ID (0 assumes global)
* @param string The action tyring to be performed. (blank assumes any action at all)
* @param int The user ID (0 assumes current user)
* @return bool Returns true if the user has permission, false if they do not
*/
function is_moderator($fid = "0", $action = "", $uid = "0")
{
global $mybb, $cache;
if ($uid == 0) {
$uid = $mybb->user['uid'];
}
if ($uid == 0) {
return false;
}
$user_perms = user_permissions($uid);
if ($user_perms['issupermod'] == 1) {
return true;
} else {
if (!$fid) {
$modcache = $cache->read('moderators');
if (!empty($modcache)) {
foreach ($modcache as $modusers) {
if (isset($modusers[$uid]) && $modusers[$uid]['mid']) {
return true;
}
}
}
return false;
} else {
$modperms = get_moderator_permissions($fid, $uid);
if (!$action && $modperms) {
return true;
} else {
if ($modperms[$action] == 1) {
return true;
} else {
return false;
}
}
}
}
}
/**
* The switch function deletes the mybbuser cookie, sets a new cookie for the selected account and starts a new session.
* Function is called by ajax request and sends the new users post key.
*
*/
function accountswitcher_switch()
{
global $db, $mybb, $lang, $charset, $cache, $templates;
if ($mybb->user['uid'] != 0 && isset($mybb->input['switchuser']) && $mybb->input['switchuser'] == 1 && $mybb->request_method == "post") {
require_once MYBB_ROOT . "/inc/plugins/accountswitcher/class_accountswitcher.php";
$eas = new AccountSwitcher($mybb, $db, $cache, $templates);
// Get permissions for this user
$userPermission = user_permissions($mybb->user['uid']);
// Get permissions for the master. First get the master
$master = get_user((int) $mybb->user['as_uid']);
// Get his permissions
$masterPermission = user_permissions($master['uid']);
// If one of both has the permission allow to switch
if ($userPermission['as_canswitch'] == 1 || $masterPermission['as_canswitch'] == 1) {
if (!isset($lang->as_invaliduser)) {
$lang->load("accountswitcher");
}
verify_post_check($mybb->get_input('my_post_key'));
// Get user info
$user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
// Check if user exists
if (!$user) {
error($lang->as_invaliduser);
}
// Can the new account be shared?
if ($user['as_share'] != 0 && $mybb->settings['aj_shareuser'] == 1) {
// Account already used by another user?
if ($user['as_shareuid'] != 0) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
// Account only shared by buddies?
if ($user['as_buddyshare'] != 0) {
// No buddy - no switch
if ($user['buddylist'] != '') {
$buddylist = explode(",", $user['buddylist']);
}
if (empty($buddylist) || !empty($buddylist) && !in_array($mybb->user['uid'], $buddylist)) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
}
// Shared account is free - set share uid
if ($user['as_shareuid'] == 0) {
$updated_shareuid = array("as_shareuid" => (int) $mybb->user['uid']);
$db->update_query("users", $updated_shareuid, "uid='" . (int) $user['uid'] . "'");
$eas->update_accountswitcher_cache();
$user['as_shareuid'] = (int) $mybb->user['uid'];
}
}
// Make sure you can switch to an attached account only
if ($user['as_uid'] == $mybb->user['uid'] || $user['as_uid'] != 0 && $user['as_uid'] == $mybb->user['as_uid'] || $user['uid'] == $mybb->user['as_uid'] || $user['as_shareuid'] == $mybb->user['uid'] || $user['uid'] == $mybb->user['as_shareuid']) {
// Is the current account shared?
if ($mybb->user['as_share'] != 0) {
// Account used by another user?
if ($mybb->user['as_shareuid'] == 0) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
// Reset share uid
if ($mybb->user['as_shareuid'] != 0) {
$updated_shareuid = array("as_shareuid" => 0);
$db->update_query("users", $updated_shareuid, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
}
}
// Log the old user out
my_unsetcookie("mybbuser");
my_unsetcookie("sid");
if ($mybb->user['uid']) {
$time = TIME_NOW;
// Run this after the shutdown query from session system
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
$db->delete_query("sessions", "sid = '{$session->sid}'");
}
// Now let the login datahandler do the work
require_once MYBB_ROOT . "inc/datahandlers/login.php";
$loginhandler = new LoginDataHandler("get");
$mybb->input['remember'] = "yes";
$loginhandler->set_data($user);
$validated = $loginhandler->validate_login();
$loginhandler->complete_login();
// Create session for this user
require_once MYBB_ROOT . "inc/class_session.php";
$session = new session();
$session->init();
$mybb->session =& $session;
$mybb->post_code = generate_post_check();
// Send new users post code
header("Content-type: text/plain; charset={$charset}");
echo $mybb->post_code;
exit;
} else {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
error($lang->as_notattacheduser);
}
}
}
}
/**
* Verifies the image count.
*
* @return boolean True when valid, false when not valid.
*/
function verify_image_count()
{
global $mybb, $db;
$post =& $this->data;
// Get the permissions of the user who is making this post or thread
$permissions = user_permissions($post['uid']);
// Fetch the forum this post is being made in
if (!$post['fid']) {
$query = $db->simple_select('posts', 'fid', "pid = '{$post['pid']}'");
$post['fid'] = $db->fetch_field($query, 'fid');
}
$forum = get_forum($post['fid']);
// Check if this post contains more images than the forum allows
if ($post['savedraft'] != 1 && $mybb->settings['maxpostimages'] != 0 && $permissions['cancp'] != 1) {
require_once MYBB_ROOT . "inc/class_parser.php";
$parser = new postParser();
// Parse the message.
$parser_options = array("allow_html" => $forum['allowhtml'], "allow_mycode" => $forum['allowmycode'], "allow_imgcode" => $forum['allowimgcode'], "filter_badwords" => 1);
if ($post['options']['disablesmilies'] != 1) {
$parser_options['allow_smilies'] = $forum['allowsmilies'];
} else {
$parser_options['allow_smilies'] = 0;
}
$image_check = $parser->parse_message($post['message'], $parser_options);
// And count the number of image tags in the message.
$image_count = substr_count($image_check, "<img");
if ($image_count > $mybb->settings['maxpostimages']) {
// Throw back a message if over the count with the number of images as well as the maximum number of images per post.
$this->set_error("too_many_images", array(1 => $image_count, 2 => $mybb->settings['maxpostimages']));
return false;
}
}
}
function can_edit_user($uid)
{
global $mybb;
$uid = (int) $uid;
if (is_super_admin($mybb->user['uid'])) {
return true;
}
if (!is_super_admin($uid)) {
return true;
}
if ($mybb->usergroup['cancp']) {
return true;
}
$userperms = user_permissions($uid);
if (!$userperms['cancp']) {
return true;
}
if (!defined('IN_ADMINCP')) {
if ($mybb->usergroup['issupermod']) {
return true;
}
if (!$userperms['issupermod']) {
return true;
}
if ($mybb->user['ismoderator']) {
return true;
}
if (!is_moderator(0, '', $uid)) {
return true;
}
if ($mybb->user['uid'] != $uid) {
return true;
}
}
return false;
}
/**
* Checks if a moderator has permissions to perform an action in a specific forum
*
* @param int The forum ID (0 assumes global)
* @param string The action tyring to be performed. (blank assumes any action at all)
* @param int The user ID (0 assumes current user)
* @return bool Returns true if the user has permission, false if they do not
*/
function is_moderator($fid = "0", $action = "", $uid = "0")
{
global $mybb, $cache;
if ($uid == 0) {
$uid = $mybb->user['uid'];
}
if ($uid == 0) {
return false;
}
$user_perms = user_permissions($uid);
if ($user_perms['issupermod'] == 1) {
if ($fid) {
$forumpermissions = forum_permissions($fid);
if ($forumpermissions['canview'] && $forumpermissions['canviewthreads'] && !$forumpermissions['canonlyviewownthreads']) {
return true;
}
return false;
}
return true;
} else {
if (!$fid) {
$modcache = $cache->read('moderators');
if (!empty($modcache)) {
foreach ($modcache as $modusers) {
if (isset($modusers['users'][$uid]) && $modusers['users'][$uid]['mid']) {
return true;
} elseif (isset($modusers['usergroups'][$user_perms['gid']])) {
// Moderating usergroup
return true;
}
}
}
return false;
} else {
$modperms = get_moderator_permissions($fid, $uid);
if (!$action && $modperms) {
return true;
} else {
if ($modperms[$action] == 1) {
return true;
} else {
return false;
}
}
}
}
}
$days_registered = (TIME_NOW - $user['regdate']) / (24 * 3600);
$posts_per_day = 0;
if ($days_registered > 0) {
$posts_per_day = round($user['postnum'] / $days_registered, 2);
if ($posts_per_day > $user['postnum']) {
$posts_per_day = $user['postnum'];
}
}
$stats = $cache->read("stats");
$posts = $stats['numposts'];
if ($posts == 0) {
$percent_posts = "0";
} else {
$percent_posts = round($user['postnum'] * 100 / $posts, 2);
}
$user_permissions = user_permissions($user['uid']);
// Fetch the reputation for this user
if ($user_permissions['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1) {
$reputation = get_reputation($user['reputation']);
} else {
$reputation = "-";
}
if ($mybb->settings['enablewarningsystem'] != 0 && $user_permissions['canreceivewarnings'] != 0) {
$warning_level = round($user['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100);
if ($warning_level > 100) {
$warning_level = 100;
}
$warning_level = get_colored_warning_level($warning_level);
}
$age = $lang->na;
if ($user['birthday']) {
/**
* Verifies if an array of recipients for a private message are valid
*
* @return boolean True when valid, false when invalid.
*/
function verify_recipient()
{
global $db, $mybb, $lang;
$pm =& $this->data;
$recipients = array();
$invalid_recipients = array();
// We have our recipient usernames but need to fetch user IDs
if (array_key_exists("to", $pm)) {
if ((count($pm['to']) <= 0 || trim(implode("", $pm['to'])) == "") && !$pm['saveasdraft']) {
$this->set_error("no_recipients");
return false;
}
foreach (array("to", "bcc") as $recipient_type) {
if (!is_array($pm[$recipient_type])) {
$pm[$recipient_type] = array($pm[$recipient_type]);
}
foreach ($pm[$recipient_type] as $username) {
$username = trim($username);
if (empty($username)) {
continue;
}
// Check that this recipient actually exists
$query = $db->simple_select("users", "*", "username='******'");
$user = $db->fetch_array($query);
if ($recipient_type == "bcc") {
$user['bcc'] = 1;
}
if ($user['uid']) {
$recipients[] = $user;
} else {
$invalid_recipients[] = $username;
}
}
}
} else {
foreach (array("toid", "bccid") as $recipient_type) {
if (count($pm['toid']) <= 0) {
$this->set_error("no_recipients");
return false;
}
if (is_array($pm[$recipient_type])) {
foreach ($pm[$recipient_type] as $uid) {
// Check that this recipient actually exists
$query = $db->simple_select("users", "*", "uid='" . intval($uid) . "'");
$user = $db->fetch_array($query);
if ($recipient_type == "bccid") {
$user['bcc'] = 1;
}
if ($user['uid']) {
$recipients[] = $user;
} else {
$invalid_recipients[] = $uid;
}
}
}
}
}
// If we have one or more invalid recipients and we're not saving a draft, error
if (count($invalid_recipients) > 0) {
$invalid_recipients = implode(", ", array_map("htmlspecialchars_uni", $invalid_recipients));
$this->set_error("invalid_recipients", array($invalid_recipients));
return false;
}
$sender_permissions = user_permissions($pm['fromid']);
// Are we trying to send this message to more users than the permissions allow?
if ($sender_permissions['maxpmrecipients'] > 0 && count($recipients) > $sender_permissions['maxpmrecipients'] && $this->admin_override != true) {
$this->set_error("too_many_recipients", array($sender_permissions['maxpmrecipients']));
}
// Now we're done with that we loop through each recipient
foreach ($recipients as $user) {
// Collect group permissions for this recipient.
$recipient_permissions = user_permissions($user['uid']);
// See if the sender is on the recipients ignore list and that either
// - admin_override is set or
// - sender is an administrator
if ($this->admin_override != true && $sender_permissions['cancp'] != 1) {
$ignorelist = explode(",", $user['ignorelist']);
foreach ($ignorelist as $uid) {
if ($uid == $pm['fromid']) {
$this->set_error("recipient_is_ignoring", array($user['username']));
}
}
// Can the recipient actually receive private messages based on their permissions or user setting?
if (($user['receivepms'] == 0 || $recipient_permissions['canusepms'] == 0) && !$pm['saveasdraft']) {
$this->set_error("recipient_pms_disabled", array($user['username']));
return false;
}
}
// Check to see if the user has reached their private message quota - if they have, email them.
if ($recipient_permissions['pmquota'] != "0" && $user['totalpms'] >= $recipient_permissions['pmquota'] && $recipient_permissions['cancp'] != 1 && $sender_permissions['cancp'] != 1 && !$pm['saveasdraft'] && !$this->admin_override) {
if (trim($user['language']) != '' && $lang->language_exists($user['language'])) {
$uselang = trim($user['language']);
} elseif ($mybb->settings['bblanguage']) {
$uselang = $mybb->settings['bblanguage'];
} else {
$uselang = "english";
}
if ($uselang == $mybb->settings['bblanguage'] || !$uselang) {
$emailsubject = $lang->emailsubject_reachedpmquota;
$emailmessage = $lang->email_reachedpmquota;
} else {
$userlang = new MyLanguage();
$userlang->set_path(MYBB_ROOT . "inc/languages");
$userlang->set_language($uselang);
$userlang->load("messages");
$emailsubject = $userlang->emailsubject_reachedpmquota;
$emailmessage = $userlang->email_reachedpmquota;
}
$emailmessage = $lang->sprintf($emailmessage, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl']);
$emailsubject = $lang->sprintf($emailsubject, $mybb->settings['bbname']);
my_mail($user['email'], $emailsubject, $emailmessage);
if ($this->admin_override != true) {
$this->set_error("recipient_reached_quota", array($user['username']));
}
}
// Everything looks good, assign some specifics about the recipient
$pm['recipients'][$user['uid']] = array("uid" => $user['uid'], "username" => $user['username'], "email" => $user['email'], "lastactive" => $user['lastactive'], "pmnotice" => $user['pmnotice'], "pmnotify" => $user['pmnotify'], "language" => $user['language']);
// If this recipient is defined as a BCC recipient, save it
if ($user['bcc'] == 1) {
$pm['recipients'][$user['uid']]['bcc'] = 1;
}
}
return true;
}
