public function display($req, $res, $args) { Container::get('hooks')->fire('controller.search.display'); if (User::get()->g_search == '0') { throw new Error(__('No search permission'), 403); } // Figure out what to do :-) if (Input::query('action') || Input::query('search_id')) { $search = $this->model->get_search_results(); // We have results to display if (!is_object($search) && isset($search['is_result'])) { View::setPageInfo(array('title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Search results')), 'active_page' => 'search', 'search' => $search, 'footer' => $search)); $display = $this->model->display_search_results($search); View::setPageInfo(array('display' => $display)); View::addTemplate('search/header.php', 1); if ($search['show_as'] == 'posts') { View::addTemplate('search/posts.php', 5); } else { View::addTemplate('search/topics.php', 5); } View::addTemplate('search/footer.php', 10)->display(); } else { return Router::redirect(Router::pathFor('search'), __('No hits')); } } else { View::setPageInfo(array('title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Search')), 'active_page' => 'search', 'focus_element' => array('search', 'keywords'), 'is_indexed' => true, 'forums' => $this->model->get_list_forums()))->addTemplate('search/form.php')->display(); } }
public function send($req, $res, $args) { if (!isset($args['uid'])) { $args['uid'] = null; } if (!isset($args['tid'])) { $args['tid'] = null; } if (Request::isPost()) { // First raw validation $data = array_merge(array('username' => null, 'subject' => null, 'message' => null, 'smilies' => 0, 'preview' => null), Request::getParsedBody()); $data = array_map(array('FeatherBB\\Core\\Utils', 'trim'), $data); $conv = false; if (!is_null($args['tid'])) { if ($args['tid'] < 1) { throw new Error('Wrong conversation ID', 400); } if (!($conv = $this->model->getConversation($args['tid'], User::get()->id))) { throw new Error('Unknown conversation ID', 400); } } // Preview message if (Input::post('preview')) { // Make breadcrumbs $this->crumbs[] = __('Reply', 'private_messages'); $this->crumbs[] = __('Preview'); Utils::generateBreadcrumbs($this->crumbs); Container::get('hooks')->fire('conversationsPlugin.send.preview'); $msg = Container::get('parser')->parse_message($data['req_message'], $data['smilies']); View::setPageInfo(array('parsed_message' => $msg, 'username' => Utils::escape($data['username']), 'subject' => Utils::escape($data['subject']), 'message' => Utils::escape($data['req_message'])))->addTemplate('send.php')->display(); } else { // Prevent flood if (!is_null($data['preview']) && User::get()['last_post'] != '' && Container::get('now') - User::get()['last_post'] < Container::get('prefs')->get(User::get(), 'post.min_interval')) { throw new Error(sprintf(__('Flood start'), Container::get('prefs')->get(User::get(), 'post.min_interval'), Container::get('prefs')->get(User::get(), 'post.min_interval') - (Container::get('now') - User::get()['last_post'])), 429); } if (!$conv) { // Validate username / TODO : allow multiple usernames if (!($user = $this->model->isAllowed($data['username']))) { throw new Error('You can\'t send an PM to ' . ($data['username'] ? $data['username'] : '******'), 400); } // Avoid self messages if ($user->id == User::get()->id) { throw new Error('No self message', 403); } // Validate subject if (ForumSettings::get('o_censoring') == '1') { $data['subject'] = Utils::trim(Utils::censor($data['subject'])); } if (empty($data['subject'])) { throw new Error('No subject or censored subject', 400); } else { if (Utils::strlen($data['subject']) > 70) { throw new Error('Too long subject', 400); } else { if (ForumSettings::get('p_subject_all_caps')['p_subject_all_caps'] == '0' && Utils::is_all_uppercase($data['subject']) && !User::get()->is_admmod) { throw new Error('All caps subject forbidden', 400); } } } } // TODO : inbox full // Validate message if (ForumSettings::get('o_censoring') == '1') { $data['req_message'] = Utils::trim(Utils::censor($data['req_message'])); } if (empty($data['req_message'])) { throw new Error('No message or censored message', 400); } else { if (Utils::strlen($data['req_message']) > ForumEnv::get('FEATHER_MAX_POSTSIZE')) { throw new Error('Too long message', 400); } else { if (ForumSettings::get('p_subject_all_caps')['p_subject_all_caps'] == '0' && Utils::is_all_uppercase($data['subject']) && !User::get()->is_admmod) { throw new Error('All caps message forbidden', 400); } } } // Send ... TODO : when perms will be ready // Check if the receiver has the PM enabled // Check if he has reached his max limit of PM // Block feature ? if (!$conv) { $conv_data = array('subject' => $data['subject'], 'poster' => User::get()->username, 'poster_id' => User::get()->id, 'num_replies' => 0, 'last_post' => Container::get('now'), 'last_poster' => User::get()->username); $args['tid'] = $this->model->addConversation($conv_data); } if ($args['tid']) { $msg_data = array('poster' => User::get()->username, 'poster_id' => User::get()->id, 'poster_ip' => Utils::getIp(), 'message' => $data['req_message'], 'hide_smilies' => $data['smilies'], 'sent' => Container::get('now')); if ($conv) { // Reply to an existing conversation if ($msg_id = $this->model->addMessage($msg_data, $args['tid'])) { return Router::redirect(Router::pathFor('Conversations.home'), sprintf(__('Reply success', 'private_messages'), $conv->subject)); } } else { // Add message in conversation + add receiver (create new conversation) if ($msg_id = $this->model->addMessage($msg_data, $args['tid'], array($user->id, User::get()->id))) { return Router::redirect(Router::pathFor('Conversations.home'), sprintf(__('Send success', 'private_messages'), $user->username)); } } } else { throw new Error('Unable to create conversation'); } } } else { Container::get('hooks')->fire('conversationsPlugin.send.display'); // New conversation if (!is_null($args['uid'])) { if ($args['uid'] < 2) { throw new Error('Wrong user ID', 400); } if ($user = $this->model->getUserByID($args['uid'])) { View::setPageInfo(array('username' => Utils::escape($user->username))); } else { throw new Error('Unable to find user', 400); } } // Reply if (!is_null($args['tid'])) { if ($args['tid'] < 1) { throw new Error('Wrong conversation ID', 400); } if ($conv = $this->model->getConversation($args['tid'], User::get()->id)) { $inbox = DB::for_table('pms_folders')->find_one($conv->folder_id); $this->crumbs[Router::pathFor('Conversations.home', ['inbox_id' => $inbox['id']])] = $inbox['name']; $this->crumbs[] = __('Reply', 'private_messages'); $this->crumbs[] = $conv['subject']; Utils::generateBreadcrumbs($this->crumbs); return View::setPageInfo(array('current_inbox' => $inbox, 'conv' => $conv, 'msg_data' => $this->model->getMessagesFromConversation($args['tid'], User::get()->id, 5)))->addTemplate('reply.php')->display(); } else { throw new Error('Unknown conversation ID', 400); } } $this->crumbs[] = __('Send', 'private_messages'); if (isset($user)) { $this->crumbs[] = $user->username; } Utils::generateBreadcrumbs($this->crumbs); View::addTemplate('send.php')->display(); } }
public function action($req, $res, $args) { // Include UTF-8 function require ForumEnv::get('FEATHER_ROOT') . 'featherbb/Helpers/utf8/substr_replace.php'; require ForumEnv::get('FEATHER_ROOT') . 'featherbb/Helpers/utf8/ucwords.php'; // utf8_ucwords needs utf8_substr_replace require ForumEnv::get('FEATHER_ROOT') . 'featherbb/Helpers/utf8/strcasecmp.php'; $args['id'] = Container::get('hooks')->fire('controller.profile.action', $args['id']); if ($args['action'] != 'change_pass' || !Input::query('key')) { if (User::get()->g_read_board == '0') { throw new Error(__('No view'), 403); } elseif (User::get()->g_view_users == '0' && (User::get()->is_guest || User::get()->id != $args['id'])) { throw new Error(__('No permission'), 403); } } if ($args['action'] == 'change_pass') { if (Request::isPost()) { // TODO: Check if security "if (User::get()->id != $id)" (l.58 of Model/Profile) isn't bypassed // FOR ALL chained if below return $this->model->change_pass($args['id']); } View::setPageInfo(array('title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Profile'), __('Change pass')), 'active_page' => 'profile', 'id' => $args['id'], 'required_fields' => array('req_old_password' => __('Old pass'), 'req_new_password1' => __('New pass'), 'req_new_password2' => __('Confirm new pass')), 'focus_element' => array('change_pass', !User::get()->is_admmod ? 'req_old_password' : 'req_new_password1'))); View::addTemplate('profile/change_pass.php')->display(); } elseif ($args['action'] == 'change_email') { if (Request::isPost()) { return $this->model->change_email($args['id']); } View::setPageInfo(array('title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Profile'), __('Change email')), 'active_page' => 'profile', 'required_fields' => array('req_new_email' => __('New email'), 'req_password' => __('Password')), 'focus_element' => array('change_email', 'req_new_email'), 'id' => $args['id'])); View::addTemplate('profile/change_mail.php')->display(); } elseif ($args['action'] == 'upload_avatar' || $args['action'] == 'upload_avatar2') { if (ForumSettings::get('o_avatars') == '0') { throw new Error(__('Avatars disabled'), 400); } if (User::get()->id != $args['id'] && !User::get()->is_admmod) { throw new Error(__('No permission'), 403); } if (Request::isPost()) { return $this->model->upload_avatar($args['id'], $_FILES); } View::setPageInfo(array('title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Profile'), __('Upload avatar')), 'active_page' => 'profile', 'required_fields' => array('req_file' => __('File')), 'focus_element' => array('upload_avatar', 'req_file'), 'id' => $args['id'])); View::addTemplate('profile/upload_avatar.php')->display(); } elseif ($args['action'] == 'delete_avatar') { if (User::get()->id != $args['id'] && !User::get()->is_admmod) { throw new Error(__('No permission'), 403); } $this->model->delete_avatar($args['id']); return Router::redirect(Router::pathFor('profileSection', array('id' => $args['id'], 'section' => 'personality')), __('Avatar deleted redirect')); } elseif ($args['action'] == 'promote') { if (User::get()->g_id != ForumEnv::get('FEATHER_ADMIN') && (User::get()->g_moderator != '1' || User::get()->g_mod_promote_users == '0')) { throw new Error(__('No permission'), 403); } $this->model->promote_user($args['id']); } else { throw new Error(__('Bad request'), 404); } }