function mob_m_ban_user($rpcmsg) { global $mobdb, $context, $func, $user_info, $modSettings, $user_info, $sourcedir; checkSession('session'); // Cannot ban an user? if (!allowedTo('manage_bans')) { mob_error('cannot ban users'); } $reason = strtr($func['htmlspecialchars']($rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : ''), array("\r" => '', "\n" => '', "\t" => '')); $username = $rpcmsg->getScalarValParam(0); require_once $sourcedir . '/Subs-Auth.php'; // If we have an user ID, use it otherwise search for the user if (!is_null($id_user)) { $request = $mobdb->query(' SELECT ID_MEMBER FROM {db_prefix}members WHERE ID_MEMBER = {int:member}', array('member' => $id_user)); if ($mobdb->num_rows($request) == 0) { $id_user = null; } else { list($id_user) = $mobdb->fetch_row($request); } $mobdb->free_result($request); } // Otherwise search from the DB, if (is_null($id_user)) { $username = utf8ToAscii($username); $members = findMembers($username); if (empty($members)) { mob_error('user not found'); } $member_ids = array_keys($members); $id_user = $members[$member_ids[0]]['id']; } $member = $id_user; // Create the ban $mobdb->query(' INSERT INTO {db_prefix}ban_groups (name, ban_time, cannot_access, expire_time, reason) VALUES ({string:name}, {int:time}, 1, NULL, {string:reason})', array('time' => time(), 'name' => 'Tapatalk ban (' . $username . ')', 'reason' => $reason)); $id_ban_group = $mobdb->insert_id(); // Insert the user into the ban $mobdb->query(' INSERT INTO {db_prefix}ban_items (ID_BAN_GROUP, ID_MEMBER) VALUES ({int:group}, {int:member})', array('group' => $id_ban_group, 'member' => $member)); // Do we have to delete every post made by this user? // !!! Optimize this if ($rpcmsg->getScalarValParam(1) == 2) { require_once $sourcedir . '/RemoveTopic.php'; @ignore_user_abort(); @set_time_limit(0); $request = $mobdb->query(' SELECT m.ID_MSG AS id_msg FROM {db_prefix}messages AS m LEFT JOIN {db_prefix}topics AS t ON (t.ID_TOPIC = m.ID_TOPIC) WHERE m.ID_MEMBER = {int:member} AND (t.ID_FIRST_MSG != m.ID_MSG OR t.numReplies = 0)', array('member' => $member)); while ($row = $mobdb->fetch_assoc($request)) { removeMessage($row['id_msg']); } $mobdb->free_result($request); } // Return a true response return new xmlrpcresp(new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean')), 'struct')); }
function method_report_post() { global $context, $mobdb, $modSettings, $scripturl, $user_info, $sourcedir, $txt; // Get the message ID if (!isset($context['mob_request']['params'][0])) { outputRPCResult(false, $txt['smf272']); } $id_msg = (int) $context['mob_request']['params'][0][0]; $reason = utf8ToAscii(base64_decode($context['mob_request']['params'][1][0])); require_once $sourcedir . '/Subs-Post.php'; $mobdb->query("\n SELECT m.subject, m.ID_MEMBER, m.posterName, mem.realName, m.ID_TOPIC, m.ID_BOARD\n FROM {db_prefix}messages AS m\n LEFT JOIN {db_prefix}members AS mem ON (m.ID_MEMBER = mem.ID_MEMBER)\n WHERE m.ID_MSG = {$id_msg}\n LIMIT 1", array()); if ($mobdb->num_rows() == 0) { outputRPCResult(false, $txt['smf272']); } $message_info = $mobdb->fetch_assoc(); global $topic, $board; list($subject, $member, $posterName, $realName, $topic, $board) = array($message_info['subject'], $message_info['ID_MEMBER'], $message_info['posterName'], $message_info['realName'], $message_info['ID_TOPIC'], $message_info['ID_BOARD']); $mobdb->free_result(); loadBoard(); loadPermissions(); // You can't use this if it's off or you are not allowed to do it. if (!allowedTo('report_any')) { outputRPCResult(false, $txt['cannot_report_any']); } spamProtection('spam'); if ($member == $user_info['id']) { outputRPCResult(false, $txt['rtm_not_own']); } $posterName = un_htmlspecialchars($realName) . ($realName != $posterName ? ' (' . $posterName . ')' : ''); $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : ''); $subject = un_htmlspecialchars($subject); // Get a list of members with the moderate_board permission. require_once $sourcedir . '/Subs-Members.php'; $moderators = membersAllowedTo('moderate_board', $board); $mobdb->query("\n SELECT ID_MEMBER, emailAddress, lngfile\n FROM {db_prefix}members\n WHERE ID_MEMBER IN (" . implode(', ', $moderators) . ")\n AND notifyTypes != 4\n ORDER BY lngfile", array()); // Check that moderators do exist! if ($mobdb->num_rows() == 0) { outputRPCResult(false, $txt['rtm11']); } // Send every moderator an email. while ($row = $mobdb->fetch_assoc()) { loadLanguage('Post', empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'], false); // Send it to the moderator. sendmail($row['emailAddress'], $txt['rtm3'] . ': ' . $subject . ' ' . $txt['rtm4'] . ' ' . $posterName, sprintf($txt['rtm_email1'], $subject) . ' ' . $posterName . ' ' . $txt['rtm_email2'] . ' ' . (empty($user_info['id']) ? $txt['guest'] . ' (' . $user_info['ip'] . ')' : $reporterName) . ' ' . $txt['rtm_email3'] . ":\n\n" . $scripturl . '?topic=' . $topic . '.msg' . $id_msg . '#msg' . $id_msg . "\n\n" . $txt['rtm_email_comment'] . ":\n" . $reason . "\n\n" . $txt[130], $user_info['email']); } $mobdb->free_result(); outputRPCResult(true); }
function mob_update_password($rpcmsg) { global $txt, $modSettings; global $cookiename, $context; global $sourcedir, $scripturl, $db_prefix; global $ID_MEMBER, $user_info; global $newpassemail, $user_profile, $validationCode; loadLanguage('Profile'); // Start with no updates and no errors. $profile_vars = array(); $post_errors = array(); $good_password = false; // reset directly with tapatalk id credential if ($rpcmsg->getParam(2)) { $_POST['passwrd1'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : ''; $_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']); $token = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : ''; $code = $rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : ''; // verify Tapatalk Authorization if ($token && $code) { $ttid = TapatalkSsoVerification($token, $code); if ($ttid && $ttid->result) { $tapatalk_id_email = $ttid->email; if (empty($ID_MEMBER) && ($ID_MEMBER = emailExists($tapatalk_id_email))) { loadMemberData($ID_MEMBER, false, 'profile'); $user_info = $user_profile[$ID_MEMBER]; $user_info['is_guest'] = false; $user_info['is_admin'] = $user_info['id_group'] == 1 || in_array(1, explode(',', $user_info['additionalGroups'])); $user_info['id'] = $ID_MEMBER; if (empty($user_info['additionalGroups'])) { $user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']); } else { $user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups'])); } $user_info['groups'] = array_unique(array_map('intval', $user_info['groups'])); loadPermissions(); } if (strtolower($user_info['emailAddress']) == strtolower($tapatalk_id_email) && $user_info['ID_GROUP'] != 1) { $good_password = true; } } } if (!$good_password) { get_error('Failed to update password'); } } else { $_POST['oldpasswrd'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : ''; $_POST['passwrd1'] = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : ''; $_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']); } // Clean up the POST variables. $_POST = htmltrim__recursive($_POST); $_POST = stripslashes__recursive($_POST); $_POST = htmlspecialchars__recursive($_POST); $_POST = addslashes__recursive($_POST); $memberResult = loadMemberData($ID_MEMBER, false, 'profile'); if (!is_array($memberResult)) { fatal_lang_error(453, false); } $memID = $ID_MEMBER; $context['user']['is_owner'] = true; isAllowedTo(array('manage_membergroups', 'profile_identity_any', 'profile_identity_own')); // You didn't even enter a password! if (trim($_POST['oldpasswrd']) == '' && !$good_password) { fatal_error($txt['profile_error_no_password']); } // Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password $_POST['oldpasswrd'] = addslashes(un_htmlspecialchars(stripslashes($_POST['oldpasswrd']))); // Does the integration want to check passwords? if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) { if (call_user_func($modSettings['integrate_verify_password'], $user_profile[$memID]['memberName'], $_POST['oldpasswrd'], false) === true) { $good_password = true; } } // Bad password!!! if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd'])) { fatal_error($txt['profile_error_bad_password']); } // Let's get the validation function into play... require_once $sourcedir . '/Subs-Auth.php'; $passwordErrors = validatePassword($_POST['passwrd1'], $user_info['username'], array($user_info['name'], $user_info['email'])); // Were there errors? if ($passwordErrors != null) { fatal_error($txt['profile_error_password_' . $passwordErrors]); } // Set up the new password variable... ready for storage. $profile_vars['passwd'] = '\'' . sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . '\''; // If we've changed the password, notify any integration that may be listening in. if (isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) { call_user_func($modSettings['integrate_reset_pass'], $user_profile[$memID]['memberName'], $user_profile[$memID]['memberName'], $_POST['passwrd1']); } updateMemberData($memID, $profile_vars); require_once $sourcedir . '/Subs-Auth.php'; setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . $user_profile[$memID]['passwordSalt'])); $response = array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64')); return new xmlrpcresp(new xmlrpcval($response, 'struct')); }
function mob_get_participated_topic($rpcmsg) { global $mobdb, $scripturl, $user_info, $settings, $modSettings, $sourcedir; require_once $sourcedir . '/Subs-Auth.php'; // Load the parameters, username must always be there $username = $rpcmsg->getScalarValParam(0); $start = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : 0; $end = $rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : $start + 9; $id_user = $rpcmsg->getParam(3) ? (int) $rpcmsg->getScalarValParam(3) : null; $count = $end - $start + 1; // If we have an user ID, use it otherwise search for the user if (!is_null($id_user)) { $request = $mobdb->query(' SELECT ID_MEMBER FROM {db_prefix}members WHERE ID_MEMBER = {int:member}', array('member' => $id_user)); if ($mobdb->num_rows($request) == 0) { $id_user = null; } else { list($id_user) = $mobdb->fetch_row($request); } $mobdb->free_result($request); } // Otherwise search from the DB, if (is_null($id_user)) { $username = utf8ToAscii($username); $members = findMembers($username); if (empty($members)) { mob_error('user not found'); } $member_ids = array_keys($members); $id_user = $members[$member_ids[0]]['id']; } // Get the topic's count $request = $mobdb->query(' SELECT COUNT(*) FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC) WHERE m.ID_MEMBER = {int:member} GROUP BY m.ID_TOPIC', array('member' => $id_user)); list($topic_count) = $mobdb->fetch_row($request); $mobdb->free_result($request); // Get the topics themselves $request = $mobdb->query(' SELECT t.ID_TOPIC AS id_topic FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC) INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = m.ID_BOARD) INNER JOIN {db_prefix}messages AS lm ON (t.ID_LAST_MSG = lm.ID_MSG) WHERE m.ID_MEMBER = {int:member} AND {query_see_board} GROUP BY m.ID_TOPIC ORDER BY lm.posterTime DESC LIMIT {int:start}, {int:limit}', array('member' => $id_user, 'start' => $start, 'limit' => $count)); $topics = array(); while ($row = $mobdb->fetch_assoc($request)) { $topics[] = $row['id_topic']; } $mobdb->free_result($request); // Return the topics return new xmlrpcresp(new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'total_topic_num' => new xmlrpcval($topic_count, 'int'), 'topics' => new xmlrpcval(!empty($topics) ? get_topics('t.ID_TOPIC IN ({array_int:topics})', array('topics' => $topics), $start, $count, false) : array(), 'array')), 'struct')); }