Exemplo n.º 1
0
function do_login_redirect()
{
	global $vbulletin, $vbphrase;

	$vbulletin->input->fetch_basepath();

	if (
		$vbulletin->url == 'login.php'
		OR $vbulletin->url == $vbulletin->options['forumhome'] . '.php'
		OR strpos($vbulletin->url, 'do=logout') !== false
		OR (!$vbulletin->options['allowmultiregs'] AND strpos($vbulletin->url, $vbulletin->basepath . 'register.php') === 0)
	)
	{
		$vbulletin->url = $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q'];
	}
	else
	{
		$vbulletin->url = fetch_replaced_session_url($vbulletin->url);
		$vbulletin->url = preg_replace('#^/+#', '/', $vbulletin->url); // bug 3654 don't ask why
	}

	$temp = strpos($vbulletin->url, '?');
	if ($temp)
	{
		$formfile = substr($vbulletin->url, 0, $temp);
	}
	else
	{
		$formfile =& $vbulletin->url;
	}

	$postvars = $vbulletin->GPC['postvars'];

	($hook = vBulletinHook::fetch_hook('login_redirect')) ? eval($hook) : false;

	// recache the global group to get the stuff from the new language
	$globalgroup = $vbulletin->db->query_first_slave("
		SELECT phrasegroup_global, languagecode, charset
		FROM " . TABLE_PREFIX . "language
		WHERE languageid = " . intval($vbulletin->userinfo['languageid'] ? $vbulletin->userinfo['languageid'] : $vbulletin->options['languageid'])
	);
	if ($globalgroup)
	{
		$vbphrase = array_merge($vbphrase, unserialize($globalgroup['phrasegroup_global']));

		if (vB_Template_Runtime::fetchStyleVar('charset') != $globalgroup['charset'])
		{
			// change the character set in a bunch of places - a total hack
			global $headinclude;

			$headinclude = str_replace(
				"content=\"text/html; charset=" . vB_Template_Runtime::fetchStyleVar('charset') . "\"",
				"content=\"text/html; charset=$globalgroup[charset]\"",
				$headinclude
			);

			vB_Template_Runtime::addStyleVar('charset', $globalgroup['charset'], 'imgdir');
			$vbulletin->userinfo['lang_charset'] = $globalgroup['charset'];

			exec_headers();
		}
		if ($vbulletin->GPC['postvars'])
		{
			$postvars = @unserialize(verify_client_string($vbulletin->GPC['postvars']));
			if ($postvars['securitytoken'] = 'guest')
			{
				$vbulletin->userinfo['securitytoken_raw'] = sha1($vbulletin->userinfo['userid'] . sha1($vbulletin->userinfo['salt']) . sha1(COOKIE_SALT));
				$vbulletin->userinfo['securitytoken'] = TIMENOW . '-' . sha1(TIMENOW . $vbulletin->userinfo['securitytoken_raw']);
				$postvars['securitytoken'] = $vbulletin->userinfo['securitytoken'];
				$vbulletin->GPC['postvars'] = sign_client_string(serialize($postvars));
			}
		}

		vB_Template_Runtime::addStyleVar('languagecode', $globalgroup['languagecode']);
	}

	eval(print_standard_redirect('redirect_login', true, true, $vbulletin->userinfo['languageid']));
}
Exemplo n.º 2
0
		{
			$vbulletin->GPC['url'] = fetch_seo_url('forum', $foruminfo);
		}
		else if ($vbulletin->GPC['url'] != '' AND $vbulletin->GPC['url'] != 'forumdisplay.php')
		{
			$vbulletin->GPC['url'] = str_replace('"', '', $vbulletin->GPC['url']);
		}
		else
		{
			$vbulletin->GPC['url'] = fetch_seo_url('forum', $foruminfo);
		}

		// Allow POST based redirection...
		if ($vbulletin->GPC['postvars'] != '')
		{
			if (($check = verify_client_string($vbulletin->GPC['postvars'])) !== false)
			{
				$temp = unserialize($check);
				if ($temp['do'] == 'doenterpwd')
				{
					$vbulletin->GPC['postvars'] = '';
				}
			}
			else
			{
				$vbulletin->GPC['postvars'] = '';
			}
		}

		// workaround IIS cookie+location header bug
		$forceredirect = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false);
Exemplo n.º 3
0
            $threadslist .= ",{$thread['threadid']}";
        }
        $db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "thread SET\n\t\t\t\tforumid = " . $vbulletin->GPC['destforumid'] . "\n\t\t\tWHERE threadid IN ({$threadslist})\n\t\t");
        $vbulletin->db->query_write("TRUNCATE TABLE " . TABLE_PREFIX . "postparsed");
        require_once DIR . '/includes/functions_prefix.php';
        remove_invalid_prefixes($threadslist, $vbulletin->GPC['destforumid']);
        require_once DIR . '/includes/functions_databuild.php';
        build_forum_counters($vbulletin->GPC['destforumid']);
        define('CP_REDIRECT', 'index.php?do=home');
        print_stop_message('moved_threads_successfully_modcp');
    }
}
// ###################### Start move/prune select #######################
if ($_POST['do'] == 'dothreadssel') {
    $vbulletin->input->clean_array_gpc('p', array('criteria' => TYPE_BINARY, 'destforumid' => TYPE_INT));
    $thread = @unserialize(verify_client_string($vbulletin->GPC['criteria']));
    if (!is_array($thread) or sizeof($thread) == 0) {
        print_stop_message('please_complete_required_fields');
    }
    $whereclause = fetch_thread_move_prune_sql($thread, $forumids, $vbulletin->GPC['type']);
    $fullquery = "\n\t\tSELECT thread.*, forum.title AS forum_title\n\t\tFROM " . TABLE_PREFIX . "thread AS thread\n\t\tLEFT JOIN " . TABLE_PREFIX . "forum AS forum ON(forum.forumid = thread.forumid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "deletionlog AS deletionlog ON(deletionlog.primaryid = thread.threadid AND deletionlog.type = 'thread')\n\t\tWHERE {$whereclause}\n\t";
    $threads = $db->query_read($fullquery);
    print_form_header('thread', 'dothreadsselfinish');
    construct_hidden_code('type', $vbulletin->GPC['type']);
    construct_hidden_code('destforumid', $vbulletin->GPC['destforumid']);
    if ($vbulletin->GPC['type'] == 'prune') {
        print_table_header($vbphrase['prune_threads_selectively'], 5);
    } else {
        if ($vbulletin->GPC['type'] == 'move') {
            print_table_header($vbphrase['move_threads_selectively'], 5);
        }
Exemplo n.º 4
0
/**
* Halts execution and redirects to the address specified
*
* If the 'useheaderredirect' option is on, the system will attempt to redirect invisibly using header('Location...
* However, 'useheaderredirect' is overridden by setting $forceredirect to a true value.
*
* @param	string	Redirect message
* @param	string	URL to which to redirect the browser
*/
function standard_redirect($message = '', $forceredirect = false)
{
	global $header, $footer, $headinclude, $headinclude_bottom, $forumjump;
	global $timezone, $vbulletin, $vbphrase;

	static
		$str_find     = array('"',      '<',    '>'),
		$str_replace  = array('&quot;', '&lt;', '&gt;');

	if ($vbulletin->db->explain)
	{
		$totaltime = microtime(true) - TIMESTART;

		$vartext .= "<!-- Page generated in " . vb_number_format($totaltime, 5) . " seconds with " . $vbulletin->db->querycount . " queries -->";

		$querytime = $vbulletin->db->time_total;
		echo "\n<b>Page generated in $totaltime seconds with " . $vbulletin->db->querycount . " queries,\nspending $querytime doing MySQL queries and " . ($totaltime - $querytime) . " doing PHP things.\n\n<hr />Shutdown Queries:</b>" . (defined('NOSHUTDOWNFUNC') ? " <b>DISABLED</b>" : '') . "<hr />\n\n";
		exit;
	}

	if ($vbulletin->options['useheaderredirect'] AND !$forceredirect AND !headers_sent() AND !$vbulletin->GPC['postvars'])
	{
		exec_header_redirect(unhtmlspecialchars($vbulletin->url, true));
	}

	$title = $vbulletin->options['bbtitle'];

	$pagetitle = $title;
	$errormessage = $message;

	$url = unhtmlspecialchars($vbulletin->url, true);
	$url = str_replace(chr(0), '', $url);
	$url = create_full_url($url);
	$url = str_replace($str_find, $str_replace, $url);
	$js_url = addslashes_js($url, '"'); // " has been replaced by &quot;

	$url = preg_replace(
		array('/&#0*59;?/', '/&#x0*3B;?/i', '#;#'),
		'%3B',
		$url
	);
	$url = preg_replace('#&amp%3B#i', '&amp;', $url);

	define('NOPMPOPUP', 1); // No footer here

	require_once(DIR . '/includes/functions_misc.php');
	$postvars = construct_hidden_var_fields(verify_client_string($vbulletin->GPC['postvars']));
	$formfile =& $url;

	($hook = vBulletinHook::fetch_hook('redirect_generic')) ? eval($hook) : false;

	$templater = vB_Template::create('STANDARD_REDIRECT');
		$templater->register('errormessage', $errormessage);
		$templater->register('formfile', $formfile);
		$templater->register('headinclude', $headinclude);
		$templater->register('headinclude_bottom', $headinclude_bottom);
		$templater->register('js_url', $js_url);
		$templater->register('pagetitle', $pagetitle);
		$templater->register('postvars', $postvars);
		$templater->register('url', $url);
	print_output($templater->render());
	exit;
}
Exemplo n.º 5
0
/**
* Returns a hidden input field containing the serialized $_POST array
*
* @return	string	HTML code containing hidden fields
*/
function construct_post_vars_html()
{
    global $vbulletin;
    $vbulletin->input->clean_gpc('p', 'postvars', TYPE_BINARY);
    if ($vbulletin->GPC['postvars'] != '' and verify_client_string($vbulletin->GPC['postvars']) !== false) {
        return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni($vbulletin->GPC['postvars']) . '" />' . "\n";
    } else {
        if ($vbulletin->superglobal_size['_POST'] > 0) {
            return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni(sign_client_string(serialize($_POST))) . '" />' . "\n";
        } else {
            return '';
        }
    }
}
Exemplo n.º 6
0
             $conflicts[] = $usergroup;
         } else {
             if ($vbulletin->GPC['conflict']["{$usergroup}"] === 2) {
                 $override_no[] = $usergroup;
             }
         }
     } else {
         if (array_diff($prefixids, $prefixes)) {
             if ($vbulletin->GPC['conflict']["{$usergroup}"] === 0) {
                 $conflicts[] = $usergroup;
             }
         }
     }
 }
 $vbulletin->input->clean_array_gpc('p', array('shownusergroups' => TYPE_NOCLEAN));
 $shownusergroups_raw = unserialize(verify_client_string($vbulletin->GPC['shownusergroups']));
 $shownusergroups = array();
 foreach ($shownusergroups_raw as $shownusergroup) {
     $shownusergroups[] = $vbulletin->input->do_clean($shownusergroup, TYPE_UINT);
 }
 if (empty($shownusergroups)) {
     // This shouldn't trigger - probably a suhosin issue if it does
     print_stop_message('variables_missing_suhosin');
 }
 $vbulletin->input->clean_array_gpc('p', array('usergroup' => TYPE_ARRAY_KEYS_INT));
 $vbulletin->db->query_write("\r\n\t\tDELETE FROM " . TABLE_PREFIX . "prefixpermission\r\n\t\tWHERE prefixid IN ('" . implode("', '", array_map(array($vbulletin->db, 'escape_string'), $prefixids)) . "')\r\n\t\t" . (!empty($conflicts) ? "AND usergroupid NOT IN (" . implode(', ', $conflicts) . ")" : ''));
 $todeny = array();
 foreach ($shownusergroups as $shownusergroup) {
     if (array_key_exists($shownusergroup, $vbulletin->usergroupcache)) {
         if (!in_array($shownusergroup, $conflicts)) {
             if (!in_array($shownusergroup, $vbulletin->GPC['usergroup']) and !in_array($shownusergroup, array_keys($vbulletin->GPC['conflict']))) {
Exemplo n.º 7
0
            require_once DIR . '/includes/modfunctions.php';
            show_inline_mod_login(true);
        } else {
            define('VB_ERROR_PERMISSION', true);
            $show['useurl'] = true;
            $show['specificerror'] = true;
            $url = $vbulletin->url;
            if ($vbulletin->options['usestrikesystem']) {
                eval(standard_error(fetch_error('badlogin_strikes_passthru', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
            } else {
                eval(standard_error(fetch_error('badlogin_passthru', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
            }
        }
    }
    exec_unstrike_user($vbulletin->GPC['vb_login_username']);
    $_postvars = @unserialize(verify_client_string($vbulletin->GPC['postvars']));
    // create new session
    process_new_login($_postvars['logintype'] ? $_postvars['logintype'] : $vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
    // do redirect
    do_login_redirect();
} else {
    if ($_GET['do'] == 'login') {
        // add consistency with previous behavior
        exec_header_redirect(fetch_seo_url('forumhome|nosession', array()));
    }
}
// ############################### start lost password ###############################
if ($_REQUEST['do'] == 'lostpw') {
    $vbulletin->input->clean_gpc('r', 'email', TYPE_NOHTML);
    $email = $vbulletin->GPC['email'];
    $navbits = construct_navbits(array('' => $vbphrase['lost_password_recovery_form']));
Exemplo n.º 8
0
/**
* Returns a hidden input field containing the serialized $_POST array
*
* @return	string	HTML code containing hidden fields
*/
function construct_post_vars_html()
{
    global $vbulletin;
    $vbulletin->input->clean_gpc('p', 'postvars', vB_Cleaner::TYPE_BINARY);
    if ($vbulletin->GPC['postvars'] != '' and verify_client_string($vbulletin->GPC['postvars']) !== false) {
        return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni($vbulletin->GPC['postvars']) . '" />' . "\n";
    } else {
        if (sizeof($_POST) > 0) {
            $string = json_encode($_POST);
            return '<input type="hidden" name="postvars" value="' . htmlspecialchars_uni(sign_client_string($string)) . '" />' . "\n";
        } else {
            return '';
        }
    }
}
Exemplo n.º 9
0
if (empty($_REQUEST['do'])) {
    $_REQUEST['do'] = 'start';
}
// *************************** Send a page of emails **********************
if ($_POST['do'] == 'dosendmail' or $_POST['do'] == 'makelist') {
    $vbulletin->input->clean_array_gpc('p', array('user' => TYPE_ARRAY, 'profile' => TYPE_ARRAY, 'serializeduser' => TYPE_STR, 'serializedprofile' => TYPE_STR, 'septext' => TYPE_NOTRIM, 'perpage' => TYPE_UINT, 'startat' => TYPE_UINT, 'test' => TYPE_BOOL, 'from' => TYPE_STR, 'subject' => TYPE_STR, 'message' => TYPE_STR));
    $vbulletin->GPC['septext'] = nl2br(htmlspecialchars_uni($vbulletin->GPC['septext']));
    // ensure that we don't send blank emails by mistake
    if ($_POST['do'] == 'dosendmail') {
        if ($vbulletin->GPC['subject'] == '' or $vbulletin->GPC['message'] == '' or !is_valid_email($vbulletin->GPC['from'])) {
            print_stop_message('please_complete_required_fields');
        }
    }
    if (!empty($vbulletin->GPC['serializeduser'])) {
        $vbulletin->GPC['user'] = @unserialize(verify_client_string($vbulletin->GPC['serializeduser']));
        $vbulletin->GPC['profile'] = @unserialize(verify_client_string($vbulletin->GPC['serializedprofile']));
    }
    $condition = fetch_user_search_sql($vbulletin->GPC['user'], $vbulletin->GPC['profile']);
    if (!$condition) {
        $condition = ' 1=1 ';
    }
    $finalcondition = "\n\t\t{$condition}\n\t\tAND user.email <> ''\n\t\t" . iif(!$vbulletin->GPC['user']['adminemail'], " AND (options & " . $vbulletin->bf_misc_useroptions['adminemail'] . ")");
    if ($_POST['do'] == 'makelist') {
        $users = $db->query_read("\n\t\t\tSELECT DISTINCT user.email\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON (userfield.userid = user.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\t\tWHERE {$finalcondition}\n\t\t");
        if ($db->num_rows($users) > 0) {
            while ($user = $db->fetch_array($users)) {
                echo $user['email'] . $vbulletin->GPC['septext'];
                vbflush();
            }
        } else {
            print_stop_message('no_users_matched_your_query');
Exemplo n.º 10
0
		$templater->register('navclass', $navclass);
		$templater->register('onload', $onload);
		$templater->register('pagetitle', $pagetitle);
		$templater->register('template_hook', $template_hook);
	print_output($templater->render());
}

// ########################## Do move of threads ##############################################
if ($_POST['do'] == 'movethread')
{
	$vbulletin->input->clean_array_gpc('p', array(
		'ids'      => TYPE_BINARY,
		'folderid' => TYPE_UINT
	));

	if ($ids = verify_client_string($vbulletin->GPC['ids']))
	{
		$ids = explode(',', $ids);
	}

	if (!is_array($ids) OR empty($ids))
	{
		eval(standard_error(fetch_error('invalidid', $vbphrase['subscribed_threads'], $vbulletin->options['contactuslink'])));
	}

	$subids = array();
	foreach ($ids AS $subid)
	{
		$id = intval($subid);
		$subids["$id"] = $id;
	}
Exemplo n.º 11
0
/**
* Halts execution and redirects to the address specified
*
* If the 'useheaderredirect' option is on, the system will attempt to redirect invisibly using header('Location...
* However, 'useheaderredirect' is overridden by setting $forceredirect to a true value.
*
* @param	string	Redirect message
* @param	string	URL to which to redirect the browser
*/
function standard_redirect($message = '', $forceredirect = false)
{
    global $header, $footer, $headinclude, $forumjump;
    global $timezone, $vbulletin, $vbphrase, $stylevar, $pagestarttime;
    static $str_find = array('"', '<', '>'), $str_replace = array('&quot;', '&lt;', '&gt;');
    if ($vbulletin->db->explain) {
        $pageendtime = microtime();
        $starttime = explode(' ', $pagestarttime);
        $endtime = explode(' ', $pageendtime);
        $totaltime = $endtime[0] - $starttime[0] + $endtime[1] - $starttime[1];
        $vartext .= "<!-- Page generated in " . vb_number_format($totaltime, 5) . " seconds with " . $vbulletin->db->querycount . " queries -->";
        $querytime = $vbulletin->db->time_total;
        echo "\n<b>Page generated in {$totaltime} seconds with " . $vbulletin->db->querycount . " queries,\nspending {$querytime} doing MySQL queries and " . ($totaltime - $querytime) . " doing PHP things.\n\n<hr />Shutdown Queries:</b>" . (defined('NOSHUTDOWNFUNC') ? " <b>DISABLED</b>" : '') . "<hr />\n\n";
        exit;
    }
    if ($vbulletin->url) {
        $foundurl = false;
        if ($urlinfo = @parse_url($vbulletin->url)) {
            if (!$urlinfo['scheme']) {
                // url is made full in exec_header_redirect which stops a url from being redirected to, say "www.php.net" (no http://)
                $foundurl = true;
            } else {
                $whitelist = array();
                if ($vbulletin->options['redirect_whitelist']) {
                    $whitelist = explode("\n", trim($vbulletin->options['redirect_whitelist']));
                }
                // Add $bburl to the whitelist
                $bburlinfo = @parse_url($vbulletin->options['bburl']);
                $bburl = "{$bburlinfo['scheme']}://{$bburlinfo['host']}";
                array_unshift($whitelist, $bburl);
                // if the "realurl" of this request does not equal $bburl, add it as well..
                $realurl = VB_URL_SCHEME . '://' . VB_URL_HOST;
                if (strtolower($bburl) != strtolower($realurl)) {
                    array_unshift($whitelist, $realurl);
                }
                $vburl = strtolower($vbulletin->url);
                foreach ($whitelist as $url) {
                    $url = trim($url);
                    if ($vburl == strtolower($url) or strpos($vburl, strtolower($url) . '/', 0) === 0) {
                        $foundurl = true;
                        break;
                    }
                }
            }
        }
        if (!$foundurl) {
            eval(standard_error(fetch_error('invalid_redirect_url_x', $vbulletin->url)));
        }
    }
    if ($vbulletin->options['useheaderredirect'] and !$forceredirect and !headers_sent() and !$vbulletin->GPC['postvars']) {
        exec_header_redirect($vbulletin->url);
    }
    $title = $vbulletin->options['bbtitle'];
    $pagetitle = $title;
    $errormessage = $message;
    $url = unhtmlspecialchars($vbulletin->url);
    $url = str_replace(chr(0), '', $url);
    $url = create_full_url($url);
    $url = str_replace($str_find, $str_replace, $url);
    $js_url = addslashes_js($url, '"');
    // " has been replaced by &quot;
    $url = preg_replace(array('/&#0*59;?/', '/&#x0*3B;?/i', '#;#'), '%3B', $url);
    $url = preg_replace('#&amp%3B#i', '&amp;', $url);
    define('NOPMPOPUP', 1);
    // No footer here
    require_once DIR . '/includes/functions_misc.php';
    $postvars = construct_hidden_var_fields(verify_client_string($vbulletin->GPC['postvars']));
    $formfile =& $url;
    ($hook = vBulletinHook::fetch_hook('redirect_generic')) ? eval($hook) : false;
    eval('print_output("' . fetch_template('STANDARD_REDIRECT') . '");');
    exit;
}
Exemplo n.º 12
0
function doConfirmUpload($sessionid)
{
    global $vbphrase, $vbulletin;
    global $_HIDDENFIELDS;
    //first let's make sure we have a valid session and valid list
    if (!$sessionid) {
        return;
    }
    $vbulletin->input->clean_array_gpc('r', array('listname' => TYPE_STR, 'listid' => TYPE_UINT, 'do_percycle' => TYPE_UINT, 'user' => TYPE_ARRAY, 'profile' => TYPE_ARRAY, 'display' => TYPE_ARRAY_BOOL, 'orderby' => TYPE_STR, 'startat' => TYPE_UINT, 'serializedprofile' => TYPE_STR, 'serializeduser' => TYPE_STR, 'serializeddisplay' => TYPE_STR, 'condition' => TYPE_STR));
    $client = new vB_VerticalResponse();
    if (!$vbulletin->GPC_exists['do_percycle'] or !intval($vbulletin->GPC['do_percycle'])) {
        $vbulletin->GPC['do_percycle'] = 1000;
    }
    if (!$client->checkStatus($sessionid)) {
        printLogin($vbphrase['vr_login_first_desc']);
        return;
    }
    require_once DIR . '/includes/adminfunctions_user.php';
    require_once DIR . '/includes/adminfunctions_profilefield.php';
    if ($vbulletin->GPC_exists['listname'] and !empty($vbulletin->GPC['listname'])) {
        $listid = $client->createList($sessionid, $vbulletin->GPC['listname']);
        if (!$listid) {
            return;
        }
    } else {
        if ($vbulletin->GPC_exists['listid']) {
            $listid = $vbulletin->GPC['listid'];
            if (intval($vbulletin->GPC['startat']) == 0) {
                $client->setCustomListFields($sessionid, array('userid', 'username'));
                //if we're just starting, clear the existing records
                $client->eraseListMembers($sessionid, $listid);
            }
        } else {
            return false;
        }
    }
    //we appear to have good data. Let's go ahead and compose the sql
    if (!empty($vbulletin->GPC['serializeduser'])) {
        $vbulletin->GPC['user'] = @unserialize(verify_client_string($vbulletin->GPC['serializeduser']));
        $vbulletin->GPC['profile'] = @unserialize(verify_client_string($vbulletin->GPC['serializedprofile']));
    }
    if (!empty($vbulletin->GPC['serializeddisplay'])) {
        $vbulletin->GPC['display'] = @unserialize(verify_client_string($vbulletin->GPC['serializeddisplay']));
    }
    if (@array_sum($vbulletin->GPC['display']) == 0) {
        $vbulletin->GPC['display'] = array('username' => 1, 'options' => 1, 'email' => 1, 'joindate' => 1, 'lastactivity' => 1, 'posts' => 1);
    }
    $condition = fetch_user_search_sql($vbulletin->GPC['user'], $vbulletin->GPC['profile']);
    if (empty($condition)) {
        $condition = "1 = 1";
    }
    $searchquery = "\n\t\tSELECT COUNT(*) AS count\n\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON (userfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tWHERE {$condition}";
    $count = $vbulletin->db->query_first($searchquery);
    if (!$count) {
        return false;
    }
    $count = $count['count'];
    print_cp_header($vbphrase['verticalresponse']);
    print_form_header('verticalresponse', 'do_upload', false, true, 'verticalresponse');
    print_table_header($vbphrase['upload_list'], 2);
    print_description_row(construct_phrase($vbphrase['upload_count_x_desc'], $count));
    $_HIDDENFIELDS['condition'] = htmlspecialchars_uni($condition);
    $_HIDDENFIELDS['do_percycle'] = $vbulletin->GPC['do_percycle'];
    $_HIDDENFIELDS['startat'] = 0;
    $_HIDDENFIELDS['count'] = $count;
    $_HIDDENFIELDS['listid'] = $listid;
    print_hidden_fields();
    print_submit_row($vbphrase['submit'], 0);
    print_table_footer();
}
Exemplo n.º 13
0
function do_login_redirect()
{
    global $vbulletin, $vbphrase;
    $vbulletin->input->fetch_basepath();
    //the clauses
    //url $vbulletin->url == 'login.php' and $vbulletin->url == $vbulletin->options['forumhome'] . '.php'
    //will never be true -- $vbulletin->url contains the full url path.
    //The second shouldn't be needed, the else clause seems to handle this just fine.
    //the first we'll change to match a partial url.
    if (preg_match('#login.php(?:\\?|$)#', $vbulletin->url) or strpos($vbulletin->url, 'do=logout') !== false or !$vbulletin->options['allowmultiregs'] and strpos($vbulletin->url, $vbulletin->basepath . 'register.php') === 0) {
        $vbulletin->url = fetch_seo_url('forumhome', array());
    } else {
        $vbulletin->url = fetch_replaced_session_url($vbulletin->url);
        $vbulletin->url = preg_replace('#^/+#', '/', $vbulletin->url);
        // bug 3654 don't ask why
    }
    $temp = strpos($vbulletin->url, '?');
    if ($temp) {
        $formfile = substr($vbulletin->url, 0, $temp);
    } else {
        $formfile =& $vbulletin->url;
    }
    $postvars = $vbulletin->GPC['postvars'];
    ($hook = vBulletinHook::fetch_hook('login_redirect')) ? eval($hook) : false;
    if (!VB_API) {
        // recache the global group to get the stuff from the new language
        $globalgroup = $vbulletin->db->query_first_slave("\n\t\t\tSELECT phrasegroup_global, languagecode, charset\n\t\t\tFROM " . TABLE_PREFIX . "language\n\t\t\tWHERE languageid = " . intval($vbulletin->userinfo['languageid'] ? $vbulletin->userinfo['languageid'] : $vbulletin->options['languageid']));
        if ($globalgroup) {
            $vbphrase = array_merge($vbphrase, unserialize($globalgroup['phrasegroup_global']));
            if (vB_Template_Runtime::fetchStyleVar('charset') != $globalgroup['charset']) {
                // change the character set in a bunch of places - a total hack
                global $headinclude;
                $headinclude = str_replace("content=\"text/html; charset=" . vB_Template_Runtime::fetchStyleVar('charset') . "\"", "content=\"text/html; charset={$globalgroup['charset']}\"", $headinclude);
                vB_Template_Runtime::addStyleVar('charset', $globalgroup['charset'], 'imgdir');
                $vbulletin->userinfo['lang_charset'] = $globalgroup['charset'];
                exec_headers();
            }
            if ($vbulletin->GPC['postvars']) {
                $postvars = @unserialize(verify_client_string($vbulletin->GPC['postvars']));
                $postvars['login_redirect'] = true;
                if ($postvars['securitytoken'] == 'guest') {
                    $vbulletin->userinfo['securitytoken_raw'] = sha1($vbulletin->userinfo['userid'] . sha1($vbulletin->userinfo['salt']) . sha1(COOKIE_SALT));
                    $vbulletin->userinfo['securitytoken'] = TIMENOW . '-' . sha1(TIMENOW . $vbulletin->userinfo['securitytoken_raw']);
                    $postvars['securitytoken'] = $vbulletin->userinfo['securitytoken'];
                }
                $vbulletin->GPC['postvars'] = sign_client_string(serialize($postvars));
            }
            vB_Template_Runtime::addStyleVar('languagecode', $globalgroup['languagecode']);
        }
    }
    print_standard_redirect(array('redirect_login', $vbulletin->userinfo['username']), true, true, $vbulletin->userinfo['languageid']);
}
Exemplo n.º 14
0
$vbulletin->input->clean_array_gpc('r', array('userid' => vB_Cleaner::TYPE_INT));
log_admin_action(iif($vbulletin->GPC['userid'] != 0, 'user id = ' . $vbulletin->GPC['userid']));
// ########################################################################
// ######################### START MAIN SCRIPT ############################
// ########################################################################
$vb5_config =& vB::getConfig();
// #############################################################################
// put this before print_cp_header() so we can use an HTTP header
if ($_REQUEST['do'] == 'find') {
    $vbulletin->input->clean_array_gpc('r', array('user' => vB_Cleaner::TYPE_ARRAY, 'profile' => vB_Cleaner::TYPE_ARRAY, 'display' => vB_Cleaner::TYPE_ARRAY_BOOL, 'orderby' => vB_Cleaner::TYPE_STR, 'limitstart' => vB_Cleaner::TYPE_UINT, 'limitnumber' => vB_Cleaner::TYPE_UINT, 'direction' => vB_Cleaner::TYPE_STR, 'serializedprofile' => vB_Cleaner::TYPE_STR, 'serializeduser' => vB_Cleaner::TYPE_STR, 'serializeddisplay' => vB_Cleaner::TYPE_STR));
    if (!empty($vbulletin->GPC['serializeduser'])) {
        $vbulletin->GPC['user'] = @unserialize(verify_client_string($vbulletin->GPC['serializeduser']));
        $vbulletin->GPC['profile'] = @unserialize(verify_client_string($vbulletin->GPC['serializedprofile']));
    }
    if (!empty($vbulletin->GPC['serializeddisplay'])) {
        $vbulletin->GPC['display'] = @unserialize(verify_client_string($vbulletin->GPC['serializeddisplay']));
    }
    if (@array_sum($vbulletin->GPC['display']) == 0) {
        $vbulletin->GPC['display'] = array('username' => 1, 'options' => 1, 'email' => 1, 'joindate' => 1, 'lastactivity' => 1, 'posts' => 1);
    }
    $users = vB_Api::instanceInternal('User')->find($vbulletin->GPC['user'], $vbulletin->GPC['profile'], $vbulletin->GPC['orderby'], $vbulletin->GPC['direction'], $vbulletin->GPC['limitstart'], $vbulletin->GPC['limitnumber']);
    if (empty($users) or $users['count'] == 0) {
        // no users found!
        print_stop_message2('no_users_matched_your_query');
    }
    $countusers = $users['count'];
    if ($users['count'] == 1) {
        // show a user if there is just one found
        $user = current($users['users']);
        $args = array();
        parse_str(vB::getCurrentSession()->get('sessionurl'), $args);
Exemplo n.º 15
0
 if (is_unalterable_user($vbulletin->GPC['userid'])) {
     print_stop_message('user_is_protected_from_alteration_by_undeletableusers_var');
 }
 // init data manager
 $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_CP);
 $userdata->adminoverride = true;
 // set existing info if this is an update
 if ($vbulletin->GPC['userid']) {
     $userinfo = fetch_userinfo($vbulletin->GPC['userid']);
     if (!$userinfo) {
         print_stop_message('invalid_user_specified');
     }
     $userinfo['posts'] = intval($vbulletin->GPC['user']['posts']);
     $userdata->set_existing($userinfo);
 }
 $olduser = @unserialize(verify_client_string($vbulletin->GPC['olduser']));
 // user options
 foreach ($vbulletin->GPC['options'] as $key => $val) {
     if (!$vbulletin->GPC['userid'] or $olduser["{$key}"] != $val) {
         $userdata->set_bitfield('options', $key, $val);
     }
 }
 foreach ($vbulletin->GPC['adminoptions'] as $key => $val) {
     $userdata->set_bitfield('adminoptions', $key, $val);
 }
 $displaygroupid = $vbulletin->GPC['user']['displaygroupid'] <= 0 ? $vbulletin->GPC['user']['usergroupid'] : $vbulletin->GPC['user']['displaygroupid'];
 // custom user title
 $userdata->set_usertitle($vbulletin->GPC['user']['usertitle'], $vbulletin->GPC['user']['customtitle'] ? false : true, $vbulletin->usergroupcache["{$displaygroupid}"], true, $vbulletin->GPC['user']['customtitle'] == 1 ? true : false);
 unset($vbulletin->GPC['user']['usertitle'], $vbulletin->GPC['user']['customtitle']);
 // user fields
 foreach ($vbulletin->GPC['user'] as $key => $val) {
Exemplo n.º 16
0
        $totalallthreads = 0;
        $show['havethreads'] = false;
    }
    $navbits[''] = $vbphrase['subscriptions'];
    $navbits = construct_navbits($navbits);
    // build the cp nav
    construct_usercp_nav('substhreads_listthreads');
    ($hook = vBulletinHook::fetch_hook('usersub_view_complete')) ? eval($hook) : false;
    eval('$navbar = "' . fetch_template('navbar') . '";');
    eval('$HTML = "' . fetch_template('SUBSCRIBE') . '";');
    eval('print_output("' . fetch_template('USERCP_SHELL') . '");');
}
// ########################## Do move of threads ##############################################
if ($_POST['do'] == 'movethread') {
    $vbulletin->input->clean_array_gpc('p', array('ids' => TYPE_BINARY, 'folderid' => TYPE_UINT));
    $ids = @unserialize(verify_client_string($vbulletin->GPC['ids']));
    if (!is_array($ids) or empty($ids)) {
        eval(standard_error(fetch_error('invalidid', $vbphrase['subscribed_threads'], $vbulletin->options['contactuslink'])));
    }
    $subids = array();
    foreach ($ids as $subid) {
        $id = intval($subid);
        $subids["{$id}"] = $id;
    }
    ($hook = vBulletinHook::fetch_hook('usersub_movethread')) ? eval($hook) : false;
    $db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "subscribethread\n\t\tSET folderid = " . $vbulletin->GPC['folderid'] . "\n\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . " AND subscribethreadid IN(" . implode(', ', $subids) . ")\n\t");
    $vbulletin->url = 'subscription.php?' . $vbulletin->session->vars['sessionurl'] . 'folderid=' . $vbulletin->GPC['folderid'];
    eval(print_standard_redirect('sub_threadsmoved'));
}
// ########################## Start Move / Delete / Update Email ##############################
if ($_POST['do'] == 'dostuff') {
Exemplo n.º 17
0
    define('CP_REDIRECT', 'attachment.php?do=intro');
    print_stop_message('deleted_attachment_successfully');
}
// ###################### Mass Delete attachments ####################
if ($_REQUEST['do'] == 'massdelete') {
    $vbulletin->input->clean_array_gpc('r', array('a_delete' => TYPE_ARRAY_UINT));
    print_form_header('attachment', 'domassdelete');
    construct_hidden_code('a_delete', sign_client_string(serialize($vbulletin->GPC['a_delete'])));
    print_table_header($vbphrase['confirm_deletion']);
    print_description_row($vbphrase['are_you_sure_you_want_to_delete_these_attachments']);
    print_submit_row($vbphrase['yes'], '', 2, $vbphrase['no']);
}
// ###################### Mass Delete attachments ####################
if ($_POST['do'] == 'domassdelete') {
    $vbulletin->input->clean_array_gpc('p', array('a_delete' => TYPE_STR));
    $delete = @unserialize(verify_client_string($vbulletin->GPC['a_delete']));
    if ($delete and is_array($delete)) {
        $ids = implode(',', $delete);
        $attachdata =& datamanager_init('Attachment', $vbulletin, ERRTYPE_CP, 'attachment');
        $attachdata->condition = "attachmentid IN (-1," . $db->escape_string($ids) . ")";
        $attachdata->log = false;
        $attachdata->delete(true, false);
    }
    define('CP_REDIRECT', 'attachment.php?do=intro');
    print_stop_message('deleted_attachments_successfully');
}
// ###################### Statistics ####################
if ($_REQUEST['do'] == 'stats') {
    $astats = $db->query_first("\n\t\tSELECT COUNT(*) AS count, SUM(filesize) AS totalsize, SUM(counter) AS downloads\n\t\tFROM " . TABLE_PREFIX . "attachment AS a\n\t\tINNER JOIN " . TABLE_PREFIX . "filedata AS fd ON (a.filedataid = fd.filedataid);\n\t");
    $fstats = $db->query_first("\n\t\tSELECT COUNT(*) AS count, SUM(filesize) AS totalsize\n\t\tFROM " . TABLE_PREFIX . "filedata AS fd\n\t");
    if ($astats['count']) {
Exemplo n.º 18
0
                $error = 1;
            }
            $cells = array($table, ucfirst($msg[1]), iif($error, '<b>' . ucfirst($msg[2]) . '</b>', ucfirst($msg[2])) . ': ' . $msg[3]);
            print_cells_row($cells, 0, '', -4);
        }
    }
    // end optimizing
}
// ######################### Start do repair #####################
if ($_POST['do'] == 'dorepair') {
    $vbulletin->input->clean_array_gpc('p', array('tableserial' => TYPE_STR, 'tablelist' => TYPE_ARRAY_STR, 'optimizetables' => TYPE_BOOL, 'repairtables' => TYPE_BOOL, 'converttables' => TYPE_BOOL, 'isamtablelist' => TYPE_ARRAY_STR));
    // This will work on some servers, for what it's worth.
    echo '<p align="center">' . $vbphrase['please_wait'] . '</p>';
    vbflush();
    if (!empty($vbulletin->GPC['tableserial'])) {
        $vbulletin->GPC['tablelist'] = @unserialize(verify_client_string($vbulletin->GPC['tableserial']));
    }
    print_form_header('repair', 'dorepair');
    if ($vbulletin->GPC['converttables'] and !empty($vbulletin->GPC['isamtablelist'])) {
        $vbulletin->db->hide_errors();
        print_table_header(construct_phrase($vbphrase['convert_tables_from_x_to_y'], '<b>ISAM</b>', '<b>MyISAM</b>'));
        print_cells_row(array($vbphrase['table'], $vbphrase['status']), 1);
        foreach ($vbulletin->GPC['isamtablelist'] as $index => $value) {
            $cells = array();
            $cells[] = construct_phrase($vbphrase['convert_x_from_y_to_z'], "<i>{$value}</i>", 'ISAM', 'MyISAM');
            $vbulletin->db->query_write("ALTER TABLE `{$value}` TYPE=MyISAM");
            if ($vbulletin->db->errno() == 0) {
                $cells[] = $vbphrase['okay'];
            } else {
                $cells[] = $vbulletin->db->errno() . ': ' . $vbulletin->db->error();
            }
Exemplo n.º 19
0
                eval('$receiptbits .= "' . fetch_template('pm_receiptsbit') . '";');
            }
            $pagenav = construct_page_nav($vbulletin->GPC['pagenumber'], $perpage, $unreadtotal, "private.php?" . $vbulletin->session->vars['sessionurl'] . "do=trackpm&amp;type=unconfirmed");
            eval('$unconfirmedreceipts = "' . fetch_template('pm_receipts') . '";');
        }
    }
    $folderjump = construct_folder_jump();
    // generate navbar
    $navbits[''] = $vbphrase['message_tracking'];
    $show['receipts'] = ($confirmedreceipts != '' or $unconfirmedreceipts != '');
    $templatename = 'pm_trackpm';
}
// ############################### start move pms ###############################
if ($_POST['do'] == 'movepm') {
    $vbulletin->input->clean_array_gpc('p', array('folderid' => TYPE_INT, 'messageids' => TYPE_STR));
    $vbulletin->GPC['messageids'] = @unserialize(verify_client_string($vbulletin->GPC['messageids']));
    if (!is_array($vbulletin->GPC['messageids']) or empty($vbulletin->GPC['messageids'])) {
        eval(standard_error(fetch_error('invalidid', $vbphrase['private_message'], $vbulletin->options['contactuslink'])));
    }
    $pmids = array();
    foreach ($vbulletin->GPC['messageids'] as $pmid) {
        $id = intval($pmid);
        $pmids["{$id}"] = $id;
    }
    ($hook = vBulletinHook::fetch_hook('private_movepm')) ? eval($hook) : false;
    $db->query_write("UPDATE " . TABLE_PREFIX . "pm SET folderid=" . $vbulletin->GPC['folderid'] . " WHERE userid=" . $vbulletin->userinfo['userid'] . " AND folderid<>-1 AND pmid IN(" . implode(', ', $pmids) . ")");
    $vbulletin->url = 'private.php?' . $vbulletin->session->vars['sessionurl'] . 'folderid=' . $vbulletin->GPC['folderid'];
    eval(print_standard_redirect('pm_messagesmoved'));
}
// ############################### start pm manager ###############################
// actions for moving pms between folders, and deleting pms
Exemplo n.º 20
0
function do_login_redirect()
{
    global $vbulletin, $vbphrase;
    $vbulletin->input->fetch_basepath();
    //the clauses
    //url $vbulletin->url == 'login.php' and $vbulletin->url == $vbulletin->options['forumhome'] . '.php'
    //will never be true -- $vbulletin->url contains the full url path.
    //The second shouldn't be needed, the else clause seems to handle this just fine.
    //the first we'll change to match a partial url.
    if (preg_match('#login.php(?:\\?|$)#', $vbulletin->url) or strpos($vbulletin->url, 'do=logout') !== false or !$vbulletin->options['allowmultiregs'] and strpos($vbulletin->url, $vbulletin->basepath . 'register.php') === 0) {
        $forumHome = vB_Library::instance('content_channel')->getForumHomeChannel();
        $vbulletin->url = vB5_Route::buildUrl($forumHome['routeid'] . '|fullurl');
    } else {
        $vbulletin->url = fetch_replaced_session_url($vbulletin->url);
        $vbulletin->url = preg_replace('#^/+#', '/', $vbulletin->url);
        // bug 3654 don't ask why
    }
    $temp = strpos($vbulletin->url, '?');
    if ($temp) {
        $formfile = substr($vbulletin->url, 0, $temp);
    } else {
        $formfile =& $vbulletin->url;
    }
    $postvars = $vbulletin->GPC['postvars'];
    // Legacy Hook 'login_redirect' Removed //
    if (!VB_API) {
        // recache the global group to get the stuff from the new language
        $globalgroup = $vbulletin->db->query_first_slave("\n\t\t\tSELECT phrasegroup_global, languagecode, charset\n\t\t\tFROM " . TABLE_PREFIX . "language\n\t\t\tWHERE languageid = " . intval($vbulletin->userinfo['languageid'] ? $vbulletin->userinfo['languageid'] : $vbulletin->options['languageid']));
        if ($globalgroup) {
            $vbphrase = array_merge($vbphrase, unserialize($globalgroup['phrasegroup_global']));
            if (vB_Template_Runtime::fetchStyleVar('charset') != $globalgroup['charset']) {
                // change the character set in a bunch of places - a total hack
                global $headinclude;
                $headinclude = str_replace("content=\"text/html; charset=" . vB_Template_Runtime::fetchStyleVar('charset') . "\"", "content=\"text/html; charset={$globalgroup['charset']}\"", $headinclude);
                vB_Template_Runtime::addStyleVar('charset', $globalgroup['charset'], 'imgdir');
                $vbulletin->userinfo['lang_charset'] = $globalgroup['charset'];
                exec_headers();
            }
            if ($vbulletin->GPC['postvars']) {
                $postvars = array();
                $client_string = verify_client_string($vbulletin->GPC['postvars']);
                if ($client_string) {
                    $postvars = @json_decode($client_string, true);
                }
                if ($postvars['securitytoken'] == 'guest') {
                    $vbulletin->userinfo['securitytoken_raw'] = sha1($vbulletin->userinfo['userid'] . sha1($vbulletin->userinfo['secret']) . sha1(vB_Request_Web::$COOKIE_SALT));
                    $vbulletin->userinfo['securitytoken'] = TIMENOW . '-' . sha1(TIMENOW . $vbulletin->userinfo['securitytoken_raw']);
                    $postvars['securitytoken'] = $vbulletin->userinfo['securitytoken'];
                    $vbulletin->GPC['postvars'] = sign_client_string(json_encode($postvars));
                }
            }
            vB_Template_Runtime::addStyleVar('languagecode', $globalgroup['languagecode']);
        }
    }
    if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') {
        require_once DIR . '/includes/adminfunctions.php';
        print_cp_redirect($vbulletin->url);
    } else {
        eval(print_standard_redirect('redirect_login_gfrontredirect', true, true, $vbulletin->userinfo['languageid']));
    }
}