Send an Unsafe Signal acorss all PHP-Fusion Components
This will automatically halt on all important execution without exiting.
| static public stop ( ) |
/**
* Delete Forum.
* If Forum has Sub Forum, deletion will give you a move form.
* If Forum has no Sub Forum, it will prune itself and delete itself.
*
*/
private function validate_forum_removal()
{
global $aidlink;
if (isset($_GET['forum_id']) && isnum($_GET['forum_id']) && isset($_GET['forum_cat']) && isnum($_GET['forum_cat'])) {
$forum_count = dbcount("('forum_id')", DB_FORUMS, "forum_cat='" . $_GET['forum_id'] . "'");
if ($forum_count >= 1) {
// Delete forum
/**
* $action_data
* 'forum_id' - current forum id
* 'forum_branch' - the branch id
* 'threads_to_forum' - target destination where all threads should move to
* 'delete_threads' - if delete threads are checked
* 'subforum_to_forum' - target destination where all subforums should move to
* 'delete_forum' - if delete all subforums are checked
*/
if (isset($_POST['forum_remove'])) {
$action_data = array('forum_id' => isset($_POST['forum_id']) ? form_sanitizer($_POST['forum_id'], 0, 'forum_id') : 0, 'forum_branch' => isset($_POST['forum_branch']) ? form_sanitizer($_POST['forum_branch'], 0, 'forum_branch') : 0, 'threads_to_forum' => isset($_POST['move_threads']) ? form_sanitizer($_POST['move_threads'], 0, 'move_threads') : '', 'delete_threads' => isset($_POST['delete_threads']) ? 1 : 0, 'subforums_to_forum' => isset($_POST['move_forums']) ? form_sanitizer($_POST['move_forums'], 0, 'move_forums') : '', 'delete_forums' => isset($_POST['delete_forums']) ? 1 : 0);
if (self::verify_forum($action_data['forum_id'])) {
// Threads and Posts action
if (!$action_data['delete_threads'] && $action_data['threads_to_forum']) {
//dbquery("UPDATE ".DB_FORUM_THREADS." SET forum_id='".$action_data['threads_to_forum']."' WHERE forum_id='".$action_data['forum_id']."'");
dbquery("UPDATE " . DB_FORUM_POSTS . " SET forum_id='" . $action_data['threads_to_forum'] . "' WHERE forum_id='" . $action_data['forum_id'] . "'");
} elseif ($action_data['delete_threads']) {
// remove all threads and all posts in this forum.
self::prune_attachment($action_data['forum_id']);
// wipe
self::prune_posts($action_data['forum_id']);
// wipe
self::prune_threads($action_data['forum_id']);
// wipe
self::recalculate_post($action_data['forum_id']);
// wipe
} else {
\defender::stop();
addNotice('danger', self::$locale['forum_notice_na']);
}
// Subforum action
if (!$action_data['delete_forums'] && $action_data['subforums_to_forum']) {
dbquery("UPDATE " . DB_FORUMS . " SET forum_cat='" . $action_data['subforums_to_forum'] . "', forum_branch='" . get_hkey(DB_FORUMS, 'forum_id', 'forum_cat', $action_data['subforums_to_forum']) . "'\n\t\t\t\t" . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='" . $action_data['forum_id'] . "'");
} elseif (!$action_data['delete_forums']) {
\defender::stop();
addNotice('danger', self::$locale['forum_notice_na']);
}
} else {
\defender::stop();
addNotice('error', self::$locale['forum_notice_na']);
}
self::prune_forums($action_data['forum_id']);
addNotice('info', self::$locale['forum_notice_5']);
redirect(FUSION_SELF . $aidlink);
}
self::display_forum_move_form();
} else {
self::prune_attachment($_GET['forum_id']);
self::prune_posts($_GET['forum_id']);
self::prune_threads($_GET['forum_id']);
self::recalculate_post($_GET['forum_id']);
dbquery("DELETE FROM " . DB_FORUMS . " WHERE forum_id='" . intval($_GET['forum_id']) . "'");
addNotice('info', self::$locale['forum_notice_5']);
redirect(FUSION_SELF . $aidlink);
}
}
}
/**
* Theme Widget Page
*/
public function display_theme_widgets()
{
global $locale;
if (Admin::theme_widget_exists($this->theme_name)) {
echo "<div class='m-t-20 m-b-20'>\n";
require_once THEMES . $this->theme_name . "/theme_db.php";
/**
* Infuse Widget Action
*/
if (isset($_POST['infuse_widget']) && fusion_get_settings('theme') == $_POST['infuse_widget'] && !dbcount("(settings_name)", DB_SETTINGS_THEME, "settings_theme='" . $this->theme_name . "'")) {
if (isset($theme_newtable) && is_array($theme_newtable)) {
foreach ($theme_newtable as $item) {
$result = dbquery("CREATE TABLE " . $item);
if (!$result) {
\defender::stop();
}
}
}
// insertion ok
if (isset($theme_insertdbrow) && is_array($theme_insertdbrow)) {
foreach ($theme_insertdbrow as $item) {
$result = dbquery("INSERT INTO " . $item);
if (!$result) {
\defender::stop();
}
}
}
$widgetData = array("settings_theme" => $this->theme_name, "settings_name" => $this->theme_name, "settings_value" => 1);
dbquery_insert(DB_SETTINGS_THEME, $widgetData, "save");
addNotice('success', sprintf($locale['theme_1019'], ucwords($this->theme_name)));
redirect(FUSION_REQUEST);
}
/**
* Defuse Widget Action
*/
if (isset($_POST['defuse_widget']) && fusion_get_settings('theme') == $_POST['defuse_widget'] && dbcount("(settings_name)", DB_SETTINGS_THEME, "settings_theme='" . $this->theme_name . "'")) {
if (isset($theme_droptable) && is_array($theme_droptable)) {
foreach ($theme_droptable as $item) {
$result = dbquery("DROP TABLE " . $item);
if (!$result) {
\defender::stop();
}
}
}
// row deletion ok
if (isset($theme_deldbrow) && is_array($theme_deldbrow)) {
foreach ($theme_deldbrow as $item) {
$result = dbquery("DELETE FROM " . $item);
if (!$result) {
\defender::stop();
}
}
}
addNotice('success', sprintf($locale['theme_1019b'], ucwords($this->theme_name)));
redirect(FUSION_REQUEST);
}
if ((isset($theme_newtable) || isset($theme_insertdbrow)) && !dbcount("(settings_name)", DB_SETTINGS_THEME, "settings_theme='" . $this->theme_name . "'")) {
// show alert form
$html = openform("widget_infuse", "post", FUSION_REQUEST);
$html .= "<div>" . $locale['theme_1032'] . "</div>";
$html .= form_button("infuse_widget", $locale['theme_1016'], $this->theme_name, array("class" => "btn-primary m-t-10"));
$html .= closeform();
echo alert("", $html);
} else {
$html = openform("widget_defuse", "post", FUSION_REQUEST, array("class" => "text-right"));
$html .= form_button("defuse_widget", $locale['theme_1017'], $this->theme_name, array("class" => "btn-danger"));
$html .= closeform();
$html .= "<hr/>\n";
add_to_jquery("\n\t\t\t\t\$('#defuse_widget').bind('click', function(e) {\n\t\t\t\t\tvar val = confirm('" . $locale['theme_1033'] . "');\n\t\t\t\t\tif (val == false) {\n\t\t\t\t\t\te.preventDefault();\n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t\t");
echo $html;
echo "<!---start widget form--->\n";
include THEMES . $this->theme_name . "/widget.php";
echo "<!---end widget form--->\n";
}
echo "</div>\n";
} else {
echo "<div class='m-t-20 well text-center'>" . $locale['theme_1031'] . "</div>\n";
}
}
/**
* Handle request for email verification
* Sends Verification code when you change email
* Sends Verification code when you register
*/
private function _setEmailVerification()
{
$settings = fusion_get_settings();
$locale = fusion_get_locale();
require_once INCLUDES . "sendmail_include.php";
$userCode = hash_hmac("sha1", PasswordAuth::getNewPassword(), $this->_userEmail);
$activationUrl = $settings['siteurl'] . "register.php?email=" . $this->_userEmail . "&code=" . $userCode;
$message = str_replace("USER_NAME", $this->_userName, $locale['u152']);
$message = str_replace("SITENAME", fusion_get_settings("sitename"), $message);
$message = str_replace("SITEUSERNAME", fusion_get_settings("siteusername"), $message);
$message = str_replace("USER_PASSWORD", $this->_newUserPassword, $message);
$message = str_replace("ACTIVATION_LINK", $activationUrl, $message);
$subject = str_replace("[SITENAME]", fusion_get_settings("sitename"), $locale['u151']);
if (sendemail($this->_userName, $this->_userEmail, $settings['siteusername'], $settings['siteemail'], $subject, $message)) {
$userInfo = base64_encode(serialize($this->data));
if (\defender::safe()) {
dbquery("INSERT INTO " . DB_NEW_USERS . "\n\t\t\t\t\t(user_code, user_name, user_email, user_datestamp, user_info)\n\t\t\t\t\tVALUES\n\t\t\t\t\t('" . $userCode . "', '" . $this->data['user_name'] . "', '" . $this->data['user_email'] . "', NOW(), '" . $userInfo . "')\n\t\t\t\t\t");
}
$this->_completeMessage = $locale['u150'];
} else {
\defender::stop();
$message = str_replace("[LINK]", "<a href='" . BASEDIR . "contact.php'><strong>", $locale['u154']);
$message = str_replace("[/LINK]", "</strong></a>", $message);
addNotice('danger', $locale['u153'] . "<br />" . $message);
}
}
/**
* MYSQL update and save forum
*/
private function set_forumDB()
{
global $aidlink, $locale;
if (isset($_POST['save_forum'])) {
$this->data = array('forum_id' => form_sanitizer($_POST['forum_id'], 0, 'forum_id'), 'forum_name' => form_sanitizer($_POST['forum_name'], '', 'forum_name'), 'forum_description' => form_sanitizer($_POST['forum_description'], '', 'forum_description'), 'forum_cat' => form_sanitizer($_POST['forum_cat'], 0, 'forum_cat'), 'forum_type' => form_sanitizer($_POST['forum_type'], '', 'forum_type'), 'forum_language' => form_sanitizer($_POST['forum_language'], '', 'forum_language'), 'forum_alias' => form_sanitizer($_POST['forum_alias'], '', 'forum_alias'), 'forum_meta' => form_sanitizer($_POST['forum_meta'], '', 'forum_meta'), 'forum_rules' => form_sanitizer($_POST['forum_rules'], '', 'forum_rules'), 'forum_image_enable' => isset($_POST['forum_image_enable']) ? 1 : 0, 'forum_merge' => isset($_POST['forum_merge']) ? 1 : 0, 'forum_allow_attach' => isset($_POST['forum_allow_attach']) ? 1 : 0, 'forum_quick_edit' => isset($_POST['forum_quick_edit']) ? 1 : 0, 'forum_allow_poll' => isset($_POST['forum_allow_poll']) ? 1 : 0, 'forum_poll' => USER_LEVEL_MEMBER, 'forum_users' => isset($_POST['forum_users']) ? 1 : 0, 'forum_lock' => isset($_POST['forum_lock']) ? 1 : 0, 'forum_permissions' => isset($_POST['forum_permissions']) ? form_sanitizer($_POST['forum_permissions'], 0, 'forum_permissions') : 0, 'forum_order' => isset($_POST['forum_order']) ? form_sanitizer($_POST['forum_order']) : '', 'forum_branch' => get_hkey(DB_FORUMS, 'forum_id', 'forum_cat', $this->data['forum_cat']), 'forum_image' => '', 'forum_mods' => "");
$this->data['forum_alias'] = $this->data['forum_alias'] ? str_replace(' ', '-', $this->data['forum_alias']) : '';
// Checks for unique forum alias
if ($this->data['forum_alias']) {
if ($this->data['forum_id']) {
$alias_check = dbcount("('alias_id')", DB_PERMALINK_ALIAS, "alias_url='" . $this->data['forum_alias'] . "' AND alias_item_id !='" . $this->data['forum_id'] . "'");
} else {
$alias_check = dbcount("('alias_id')", DB_PERMALINK_ALIAS, "alias_url='" . $this->data['forum_alias'] . "'");
}
if ($alias_check) {
\defender::stop();
addNotice('warning', $locale['forum_error_6']);
}
}
// check forum name unique
$this->data['forum_name'] = self::check_validForumName($this->data['forum_name'], $this->data['forum_id']);
// Uploads or copy forum image or use back the forum image existing
if (!empty($_FILES) && is_uploaded_file($_FILES['forum_image']['tmp_name'])) {
$upload = form_sanitizer($_FILES['forum_image'], '', 'forum_image');
if ($upload['error'] == 0) {
if (!empty($upload['thumb1_name'])) {
$this->data['forum_image'] = $upload['thumb1_name'];
} else {
$this->data['forum_image'] = $upload['image_name'];
}
}
} elseif (isset($_POST['forum_image_url']) && $_POST['forum_image_url'] != "") {
require_once INCLUDES . "photo_functions_include.php";
// if forum_image_header is not empty
$type_opts = array('0' => BASEDIR, '1' => '');
// the url
$this->data['forum_image'] = $type_opts[intval($_POST['forum_image_header'])] . form_sanitizer($_POST['forum_image_url'], '', 'forum_image_url');
$upload = copy_file($this->data['forum_image'], FORUM . "images/");
if ($upload['error'] == TRUE) {
\defender::stop();
addNotice('danger', $locale['forum_error_9']);
} else {
$this->data['forum_image'] = $upload['name'];
}
} else {
$this->data['forum_image'] = isset($_POST['forum_image']) ? form_sanitizer($_POST['forum_image'], '', 'forum_image') : "";
}
if (!$this->data['forum_id']) {
$this->data += array('forum_access' => USER_LEVEL_PUBLIC, 'forum_post' => USER_LEVEL_MEMBER, 'forum_reply' => USER_LEVEL_MEMBER, 'forum_post_ratings' => USER_LEVEL_MEMBER, 'forum_poll' => USER_LEVEL_MEMBER, 'forum_vote' => USER_LEVEL_MEMBER, 'forum_mods' => "");
}
// Set last order
if (!$this->data['forum_order']) {
$this->data['forum_order'] = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='" . $this->data['forum_cat'] . "'"), 0) + 1;
}
if (\defender::safe()) {
if (self::verify_forum($this->data['forum_id'])) {
$result = dbquery_order(DB_FORUMS, $this->data['forum_order'], 'forum_order', $this->data['forum_id'], 'forum_id', $this->data['forum_cat'], 'forum_cat', 1, 'forum_language', 'update');
if ($result) {
dbquery_insert(DB_FORUMS, $this->data, 'update');
}
addNotice('success', $locale['forum_notice_9']);
redirect(FUSION_SELF . $aidlink . $this->ext);
} else {
$new_forum_id = 0;
$result = dbquery_order(DB_FORUMS, $this->data['forum_order'], 'forum_order', FALSE, FALSE, $this->data['forum_cat'], 'forum_cat', 1, 'forum_language', 'save');
if ($result) {
dbquery_insert(DB_FORUMS, $this->data, 'save');
$new_forum_id = dblastid();
}
if ($this->data['forum_cat'] == 0) {
redirect(FUSION_SELF . $aidlink . "&action=p_edit&forum_id=" . $new_forum_id . "&parent_id=0");
} else {
switch ($this->data['forum_type']) {
case '1':
addNotice('success', $locale['forum_notice_1']);
break;
case '2':
addNotice('success', $locale['forum_notice_2']);
break;
case '3':
addNotice('success', $locale['forum_notice_3']);
break;
case '4':
addNotice('success', $locale['forum_notice_4']);
break;
}
redirect(FUSION_SELF . $aidlink . $this->ext);
}
}
}
}
}
public static function send_pm($to, $from, $subject, $message, $smileys = 'y', $to_group = FALSE, $save_sent = TRUE)
{
include LOCALE . LOCALESET . "messages.php";
require_once INCLUDES . "sendmail_include.php";
require_once INCLUDES . "flood_include.php";
$strict = FALSE;
$locale = array();
$group_name = getgroupname($to);
$to = isnum($to) || !empty($group_name) ? $to : 0;
$from = isnum($from) ? $from : 0;
$smileys = preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $message) ? "n" : $smileys;
if (!$to_group) {
// send to user
$pmStatus = self::get_pm_settings($to);
$myStatus = self::get_pm_settings($from);
if (!flood_control("message_datestamp", DB_MESSAGES, "message_from='" . intval($from) . "'")) {
// find receipient
$result = dbquery("SELECT u.user_id, u.user_name, u.user_email, u.user_level,\n\t\t\t\tCOUNT(m.message_id) 'message_count'\n\t\t\t\tFROM " . DB_USERS . " u\n\t\t\t\tLEFT JOIN " . DB_MESSAGES . " m ON m.message_user=u.user_id and message_folder='0'\n\t\t\t\tWHERE u.user_id='" . intval($to) . "' GROUP BY u.user_id\n\t\t\t\t");
if (dbrows($result) > 0) {
$data = dbarray($result);
$result2 = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_id='" . intval($from) . "'");
if (dbrows($result2) > 0) {
$userdata = dbarray($result2);
if ($to != $from) {
if ($data['user_id'] == 1 || $data['user_level'] < USER_LEVEL_MEMBER || !$pmStatus['user_inbox'] || $data['message_count'] + 1 <= $pmStatus['user_inbox']) {
$inputData = array("message_id" => 0, "message_to" => $to, "message_user" => $to, "message_from" => $from, "message_subject" => $subject, "message_message" => $message, "message_smileys" => $smileys, "message_read" => 0, "message_datestamp" => time(), "message_folder" => 0);
dbquery_insert(DB_MESSAGES, $inputData, "save");
// this will flood the inbox when message is sent to group. -- fixed
if ($myStatus['user_pm_save_sent'] == '2' && $save_sent == TRUE) {
// user_outbox.
$cdata = dbarray(dbquery("SELECT COUNT(message_id) AS outbox_count, MIN(message_id) AS last_message FROM\n\t\t\t\t\t\t\t\t\t" . DB_MESSAGES . " WHERE message_to='" . $userdata['user_id'] . "' AND message_user='******'user_id'] . "' AND message_folder='1' GROUP BY message_to"));
// check my outbox limit and if surpass, remove oldest message
if ($myStatus['user_outbox'] != "0" && $cdata['outbox_count'] + 1 > $myStatus['user_outbox']) {
dbquery("DELETE FROM " . DB_MESSAGES . " WHERE message_id='" . $cdata['last_message'] . "' AND message_to='" . $userdata['user_id'] . "'");
}
$inputData['message_user'] = $userdata['user_id'];
$inputData['message_folder'] = 1;
$inputData['message_from'] = $to;
$inputData['message_to'] = $userdata['user_id'];
dbquery_insert(DB_MESSAGES, $inputData, "save");
}
$send_email = $pmStatus['user_pm_email_notify'];
if ($send_email == "2") {
$message_content = str_replace("[SUBJECT]", $subject, $locale['626']);
$message_content = str_replace("[USER]", $userdata['user_name'], $message_content);
$template_result = dbquery("SELECT template_key, template_active FROM " . DB_EMAIL_TEMPLATES . " WHERE template_key='PM' LIMIT 1");
if (dbrows($template_result)) {
$template_data = dbarray($template_result);
if ($template_data['template_active'] == "1") {
sendemail_template("PM", $subject, trimlink($message, 150), $userdata['user_name'], $data['user_name'], "", $data['user_email']);
} else {
sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content);
}
} else {
sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content);
}
}
} else {
// Inbox is full
if ($strict) {
die("User inbox is full. Try delete it or upgrade it to 102 or 103 status");
}
\defender::stop();
addNotice("danger", $locale['628']);
}
}
} else {
// Sender does not exist in DB
if ($strict) {
die("Sender User ID does not exist in DB. Sequence Aborted.");
}
\defender::stop();
addNotice("danger", $locale['482']);
}
} else {
\defender::stop();
if ($strict) {
die("Message Recepient User ID is invalid");
}
addNotice("danger", $locale['482']);
}
} else {
if ($strict) {
die("You are flooding, send_pm halted");
}
\defender::stop();
addNotice("danger", sprintf($locale['487'], fusion_get_settings("flood_interval")));
}
} else {
$result = NULL;
if ($to <= -101 && $to >= -103) {
// -101, -102, -103 only
$result = dbquery("SELECT user_id from " . DB_USERS . " WHERE user_level <='" . intval($to) . "' AND user_status='0'");
} else {
// ## --- deprecate -- WHERE user_groups REGEXP('^\\\.{$to}$|\\\.{$to}\\\.|\\\.{$to}$') #
$result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE " . in_group("user_groups", $to) . " AND user_status='0'");
}
if (dbrows($result) > 0) {
while ($data = dbarray($result)) {
self::send_pm($data['user_id'], $from, $subject, $message, $smileys, FALSE, FALSE);
}
} else {
\defender::stop();
addNotice("danger", $locale['492']);
}
}
}
/** Field Creation */
private function create_fields($data, $type = 'dynamics')
{
global $aidlink;
// Build a field Attr
$field_attr = '';
if ($type == 'dynamics') {
$field_attr = $this->dynamics_fieldinfo($data['field_type'], $data['field_default']);
} elseif ($type == 'module') {
$field_attr = $this->user_field_dbinfo;
}
$max_order = dbresult(dbquery("SELECT MAX(field_order) FROM " . $this->field_db . " WHERE field_cat='" . $data['field_cat'] . "'"), 0) + 1;
if ($data['field_order'] == 0 or $data['field_order'] > $max_order) {
$data['field_order'] = $max_order;
}
if (self::validate_field($data['field_id'])) {
if ($this->debug) {
print_p('Update mode');
}
// update
// Alter $this->field_db table - change and modify column.
$old_record = dbquery("SELECT uf.*, cat.field_cat_id, cat.field_parent, cat.field_cat_order, root.field_cat_db, root.field_cat_index\n\t\t\t\t\t\t\t\t\tFROM " . $this->field_db . " uf\n\t\t\t\t\t\t\t\t\tLEFT JOIN " . $this->category_db . " cat ON (cat.field_cat_id = uf.field_cat)\n\t\t\t\t\t\t\t\t\tLEFT JOIN " . $this->category_db . " root ON (cat.field_parent = root.field_cat_id)\n\t\t\t\t\t\t\t\t\tWHERE uf.field_id='" . $data['field_id'] . "'");
// old database.
if (dbrows($old_record) > 0) {
// got old field cat
$oldRows = dbarray($old_record);
$old_table = $oldRows['field_cat_db'] ? DB_PREFIX . $oldRows['field_cat_db'] : DB_USERS;
// this was old database
$old_table_columns = fieldgenerator($old_table);
// Get current updated field_cat - to compare new cat_db and old cat_db
$new_result = dbquery("\n\t\t\t\tSELECT cat.field_cat_id, cat.field_cat_name, cat.field_parent, cat.field_cat_order,\n\t\t\t\troot.field_cat_db, root.field_cat_index\n FROM " . $this->category_db . " cat\n\t\t\t\tLEFT JOIN " . $this->category_db . " root on cat.field_parent = root.field_cat_id\n\t\t\t\tWHERE cat.field_cat_id='" . intval($data['field_cat']) . "'\n\t\t\t\t");
$newRows = array();
if (dbrows($new_result) > 0) {
$newRows = dbarray($new_result);
$new_table = $newRows['field_cat_db'] ? DB_PREFIX . $newRows['field_cat_db'] : DB_USERS;
} else {
$new_table = DB_USERS;
}
if ($this->debug) {
print_p("Old table information -");
print_p($oldRows);
print_p("New table information -");
print_p($newRows);
}
if ($data['field_cat'] !== $oldRows['field_cat']) {
// old and new mismatch - move to another category
if ($this->debug) {
print_p("Fork No.1 - Update Field on a different table");
}
// drop the old one if target database aren't the same.
// @todo: Improvements: need to move the whole column along with data instead of just dropping and creating new
if ($new_table !== $old_table) {
print_p($old_table);
$new_table_columns = fieldgenerator($new_table);
if (!$this->debug) {
if (!in_array($data['field_name'], $new_table_columns)) {
// this is new database check, if not exist, then add the column
//self::add_column($new_table, $data['field_name'], $field_attr);
self::move_column($old_table, $new_table, $data['field_name']);
self::drop_column($old_table, $oldRows['field_name']);
if (\defender::safe()) {
// sort the fields. if 2, greater than 2 all +1 on the new category
dbquery("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order >= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'");
// since change table. fix all which is greater than link order.
dbquery("UPDATE " . $this->field_db . " SET field_order=field_order-1 WHERE field_order >= '" . $oldRows['field_order'] . "' AND field_cat='" . $oldRows['field_cat'] . "'");
}
} else {
\defender::stop();
addNotice("danger", "Column conflict. There are columns on " . $old_table . " existed in " . $new_table);
}
} else {
// DEBUG MODE
if (!in_array($data['field_name'], $new_table_columns)) {
print_p("Move " . $data['field_name'] . " from " . $old_table . " to " . $new_table);
print_p("Dropping column " . $oldRows['field_name'] . " on " . $old_table);
print_p("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order >= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'");
// since change table. fix all which is greater than link order.
print_p("UPDATE " . $this->field_db . " SET field_order=field_order-1 WHERE field_order >= '" . $oldRows['field_order'] . "' AND field_cat='" . $oldRows['field_cat'] . "'");
} else {
print_p("Column conflict. There are columns on " . $old_table . " existed in " . $new_table);
}
}
} else {
if (\defender::safe()) {
dbquery("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order >= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'");
dbquery("UPDATE " . $this->field_db . " SET field_order=field_order-1 WHERE field_order >= '" . $oldRows['field_order'] . "' AND field_cat='" . $oldRows['field_cat'] . "'");
}
}
} else {
// same table.
// check if same title.
// if not same, change column name.
if ($this->debug) {
print_p("Fork No.2 - Update Field on the same table");
}
if ($data['field_name'] !== $oldRows['field_name']) {
// not same as old record on dbcolumn
// Check for possible duplicates in the new field name
if (!in_array($data['field_name'], $old_table_columns)) {
if (!$this->debug) {
self::rename_column($old_table, $oldRows['field_name'], $data['field_name'], $field_attr);
} else {
print_p("Renaming column " . $oldRows['field_name'] . " on " . $old_table . " to " . $data['field_name'] . " with attributes of " . $field_attr);
}
} else {
\defender::stop();
addNotice('danger', sprintf($this->locale['fields_0104'], "({$new_table})"));
}
}
if (!$this->debug) {
if (\defender::safe()) {
// make ordering of the same table.
if ($data['field_order'] > $oldRows['field_order']) {
dbquery("UPDATE " . $this->field_db . " SET field_order=field_order-1 WHERE field_order > " . $oldRows['field_order'] . " AND field_order <= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'");
} elseif ($data['field_order'] < $oldRows['field_order']) {
dbquery("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order < " . $oldRows['field_order'] . " AND field_order >= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'");
}
}
} else {
print_p("Old field order is " . $oldRows['field_order']);
print_p("New field order is " . $data['field_order']);
if ($data['field_order'] > $oldRows['field_order']) {
print_p("UPDATE " . $this->field_db . " SET field_order=field_order-1 WHERE field_order > '" . $oldRows['field_order'] . "' AND field_order <= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'");
} else {
print_p("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order < '" . $oldRows['field_order'] . "' AND field_order >= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'");
}
}
}
if (!$this->debug) {
if (\defender::safe()) {
dbquery_insert($this->field_db, $data, 'update');
addNotice('success', $this->locale['field_0203']);
redirect(FUSION_SELF . $aidlink);
}
} else {
print_p($data);
}
} else {
\defender::stop();
addNotice('danger', $this->locale['fields_0105']);
}
} else {
if ($this->debug) {
print_p('Save Mode');
}
// Alter $this->field_db table - add column.
$cresult = dbquery("SELECT cat.field_cat_id, cat.field_parent, cat.field_cat_order, root.field_cat_db, root.field_cat_index\n\t\t\t\t\t\t\t\tFROM " . $this->category_db . " cat\n\t\t\t\t\t\t\t\tLEFT JOIN " . $this->category_db . " root ON (cat.field_parent = root.field_cat_id)\n\t\t\t\t\t\t\t\tWHERE cat.field_cat_id='" . $data['field_cat'] . "'");
if (dbrows($cresult) > 0) {
$cat_data = dbarray($cresult);
$new_table = $cat_data['field_cat_db'] ? DB_PREFIX . $cat_data['field_cat_db'] : DB_USERS;
$field_arrays = fieldgenerator($new_table);
if (!in_array($data['field_name'], $field_arrays)) {
// safe to execute alter.
if (!$this->debug && !empty($data['field_name'])) {
self::add_column($new_table, $data['field_name'], $field_attr);
} else {
if ($this->debug) {
print_p("ALTER TABLE " . $new_table . " ADD " . $data['field_name'] . " " . $field_attr);
}
}
} else {
\defender::stop();
addNotice('danger', $this->locale['fields_0106']);
}
// ordering
if (!$this->debug) {
if (\defender::safe()) {
dbquery("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order > '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'");
dbquery_insert($this->field_db, $data, 'save');
addNotice('success', $this->locale['field_0204']);
redirect(FUSION_SELF . $aidlink);
}
} else {
print_p($data);
}
} else {
\defender::stop();
addNotice('danger', $this->locale['fields_0107']);
}
}
}
if (isset($_POST['save_download'])) {
$data = array('download_id' => form_sanitizer($_POST['download_id'], '0', 'download_id'), 'download_user' => form_sanitizer($_POST['download_user'], "", "download_user"), 'download_homepage' => form_sanitizer($_POST['download_homepage'], '', 'download_homepage'), 'download_title' => form_sanitizer($_POST['download_title'], '', 'download_title'), 'download_cat' => form_sanitizer($_POST['download_cat'], '0', 'download_cat'), 'download_description_short' => form_sanitizer($_POST['download_description_short'], '', 'download_description_short'), 'download_description' => form_sanitizer($_POST['download_description'], '', 'download_description'), 'download_keywords' => form_sanitizer($_POST['download_keywords'], '', 'download_keywords'), 'download_image' => isset($_POST['download_image']) ? form_sanitizer($_POST['download_image'], '', 'download_image') : '', 'download_image_thumb' => isset($_POST['download_image_thumb']) ? form_sanitizer($_POST['download_image_thumb'], '', 'download_image_thumb') : '', "download_url" => "", 'download_file' => isset($_POST['download_file']) ? form_sanitizer($_POST['download_file'], '', 'download_file') : '', 'download_license' => form_sanitizer($_POST['download_license'], '', 'download_license'), 'download_copyright' => form_sanitizer($_POST['download_copyright'], '', 'download_copyright'), 'download_os' => form_sanitizer($_POST['download_os'], '', 'download_os'), 'download_version' => form_sanitizer($_POST['download_version'], '', 'download_version'), 'download_filesize' => form_sanitizer($_POST['download_filesize'], '', 'download_filesize'), 'download_visibility' => form_sanitizer($_POST['download_visibility'], '0', 'download_visibility'), 'download_allow_comments' => isset($_POST['download_allow_comments']) ? 1 : 0, 'download_allow_ratings' => isset($_POST['download_allow_ratings']) ? 1 : 0, 'download_datestamp' => isset($_POST['update_datestamp']) ? time() : $data['download_datestamp']);
/** Bugs with having Link and File together -- File will take precedence **/
if ($defender::safe() && !empty($_FILES['download_file']['name']) && is_uploaded_file($_FILES['download_file']['tmp_name'])) {
$upload = form_sanitizer($_FILES['download_file'], '', 'download_file');
if ($upload['error'] == 0) {
$data['download_file'] = !empty($upload['target_file']) ? $upload['target_file'] : $upload['name'];
if ($data['download_filesize'] == "" || isset($_POST['calc_upload'])) {
$data['download_filesize'] = parsebytesize($upload['source_size']);
}
}
} elseif (!empty($_POST['download_url']) && empty($data['download_file'])) {
$data['download_url'] = form_sanitizer($_POST['download_url'], "", "download_url");
$data['download_file'] = '';
} elseif (empty($data['download_file']) && empty($data['download_url'])) {
defender::stop();
addNotice('danger', $locale['download_0111']);
}
/**
* Image Section
*/
if (defender::safe() && isset($_POST['del_image']) && isset($_GET['download_id']) && isnum($_GET['download_id'])) {
$result = dbquery("SELECT download_image, download_image_thumb FROM " . DB_DOWNLOADS . " WHERE download_id='" . $_GET['download_id'] . "'");
if (dbrows($result)) {
$data += dbarray($result);
if (!empty($data['download_image']) && file_exists(DOWNLOADS . "images/" . $data['download_image'])) {
@unlink(DOWNLOADS . "images/" . $data['download_image']);
}
if (!empty($data['download_image_thumb']) && file_exists(DOWNLOADS . "images/" . $data['download_image_thumb'])) {
@unlink(DOWNLOADS . "images/" . $data['download_image_thumb']);
}
/**
* ID is required only for update mode.
* @param $dbname
* @param int $current_order
* @param $order_col
* @param int $current_id
* @param bool $id_col
* @param int $current_category
* @param bool $cat_col
* @param string $multilang_prefix
* @param string $multilang_col
* @param string $mode
* @return bool|mixed|PDOStatement|resource
*/
function dbquery_order($dbname, $current_order, $order_col, $current_id = 0, $id_col = FALSE, $current_category = 0, $cat_col = FALSE, $multilang = false, $multilang_col = '', $mode = 'update')
{
$multilang_sql_1 = $multilang && $multilang_col ? "WHERE {$multilang_col}='" . LANGUAGE . "'" : '';
$multilang_sql_2 = $multilang && $multilang_col ? "AND {$multilang_col}='" . LANGUAGE . "'" : '';
if (!$current_order) {
$current_order = dbresult(dbquery("SELECT MAX({$order_col}) FROM " . $dbname . " " . $multilang_sql_1), 0) + 1;
}
switch ($mode) {
case 'save':
if ($order_col && $current_order && $dbname) {
if (!empty($current_category) && !empty($cat_col)) {
$result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}+1 WHERE {$cat_col}='" . intval($current_category) . "' AND {$order_col}>='" . intval($current_order) . "' {$multilang_sql_2}");
return $result;
} else {
$result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}+1 WHERE {$order_col}>='" . intval($current_order) . "' {$multilang_sql_2}");
return $result;
}
} else {
defender::stop();
}
break;
case 'update':
if ($id_col && $current_id && $order_col && $current_order && $dbname) {
$old_order = dbresult(dbquery("SELECT {$order_col} FROM " . $dbname . " WHERE {$id_col}='" . intval($current_id) . "' {$multilang_sql_2}"), 0);
if (!empty($current_category) && !empty($cat_col)) {
if ($current_order > $old_order) {
$result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}-1 WHERE {$cat_col}='" . intval($current_category) . "' AND {$order_col}>'{$old_order}' AND {$order_col}<='" . intval($current_order) . "' {$multilang_sql_2}");
return $result;
} elseif ($current_order < $old_order) {
$result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}+1 WHERE {$cat_col}='" . intval($current_category) . "' AND {$order_col}<'{$old_order}' AND {$order_col}>='" . intval($current_order) . "' {$multilang_sql_2}");
return $result;
} else {
return true;
}
} else {
if ($current_order > $old_order) {
$result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}-1 WHERE {$order_col}>'{$old_order}' AND {$order_col}<='" . intval($current_order) . "' {$multilang_sql_2}");
return $result;
} elseif ($current_order < $old_order) {
$result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}+1 WHERE {$order_col}<'{$old_order}' AND {$order_col}>='" . intval($current_order) . "' {$multilang_sql_2}");
return $result;
} else {
return true;
}
}
} else {
defender::stop();
}
break;
case 'delete':
if ($order_col && $current_order && $dbname) {
if (!empty($current_category) && !empty($cat_col)) {
// in nested mode, $cat and $cat_col is REQUIRED.
$result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}-1 WHERE {$cat_col}='" . intval($current_category) . "' AND {$order_col}>'" . intval($current_order) . "' {$multilang_sql_2}");
return $result;
} else {
$result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}-1 WHERE {$order_col}>'" . intval($current_order) . "' {$multilang_sql_2}");
return $result;
}
} else {
defender::stop();
}
break;
default:
defender::stop();
}
}
/**
* Display Comments
* @param $comment_type
* @param $comment_db
* @param $comment_col
* @param $comment_item_id
* @param $clink
*/
public function showComments($comment_type, $comment_db, $comment_col, $comment_item_id, $clink)
{
global $aidlink;
$locale = fusion_get_locale();
$locale += fusion_get_locale('', LOCALE . LOCALESET . "user_fields.php");
$cpp = $this->settings['comments_per_page'];
$comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => '', 'comment_message' => '', 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => 0, 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0);
/** Delete */
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) {
if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $this->userdata['user_id'] . "'")) {
$result = dbquery("\n DELETE FROM " . DB_COMMENTS . "\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\n\t\t\t\tAND comment_name='" . $this->userdata['user_id'] . "'"));
}
redirect($clink . ($this->settings['comments_sorting'] == "ASC" ? "" : "&c_start=0"));
}
if ($this->settings['comments_enabled'] == "1") {
$this->c_arr['c_info']['comments_count'] = format_word(0, $this->locale['fmt_comment']);
// Handle Comment Posts
if ((iMEMBER || $this->settings['guestposts']) && isset($_POST['post_comment'])) {
if (!iMEMBER && $this->settings['guestposts']) {
// Process Captchas
$_CAPTCHA_IS_VALID = FALSE;
include INCLUDES . "captchas/" . $this->settings['captcha'] . "/captcha_check.php";
if (!isset($_POST['captcha_code']) && $_CAPTCHA_IS_VALID == FALSE) {
\defender::stop();
addNotice("danger", $locale['u194']);
}
}
$comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => iMEMBER ? $this->userdata['user_id'] : form_sanitizer($_POST['comment_name'], '', 'comment_name'), 'comment_message' => form_sanitizer($_POST['comment_message'], '', 'comment_message'), 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => form_sanitizer($_POST['comment_cat'], 0, 'comment_cat'), 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0);
if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && $comment_data['comment_id']) {
// Update comment
if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $comment_data['comment_id'] . "'\n AND comment_item_id='" . $comment_item_id . "'\n AND comment_type='" . $comment_type . "'\n AND comment_name='" . $this->userdata['user_id'] . "'\n AND comment_hidden='0'") && \defender::safe()) {
$c_name_query = "SELECT comment_name FROM " . DB_COMMENTS . " WHERE comment_id='" . $comment_data['comment_id'] . "'";
$comment_data['comment_name'] = dbresult(dbquery($c_name_query), 0);
dbquery_insert(DB_COMMENTS, $comment_data, 'update');
if ($this->settings['comments_sorting'] == "ASC") {
$c_operator = "<=";
} else {
$c_operator = ">=";
}
$c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $comment_data['comment_id'] . "'\n AND comment_item_id='" . $comment_item_id . "'\n AND comment_type='" . $comment_type . "'");
$c_start = (ceil($c_count / $cpp) - 1) * $cpp;
addNotice("success", $locale['global_027']);
redirect(self::format_clink($clink) . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : ""));
}
} else {
// Save New comment
if (!dbcount("(" . $comment_col . ")", $comment_db, $comment_col . "='" . $comment_item_id . "'")) {
redirect(BASEDIR . "index.php");
}
if (\defender::safe()) {
$c_start = 0;
$id = 0;
if ($comment_data['comment_name'] && $comment_data['comment_message']) {
require_once INCLUDES . "flood_include.php";
if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) {
dbquery_insert(DB_COMMENTS, $comment_data, 'save');
$id = dblastid();
if ($this->settings['comments_sorting'] == "ASC") {
$c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "'");
$c_start = (ceil($c_count / $cpp) - 1) * $cpp;
}
}
redirect(self::format_clink($clink) . "&c_start=" . $c_start . "#c" . $id);
}
}
}
}
$c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'");
if (!isset($_GET['c_start']) && $c_rows > $cpp) {
$_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp;
}
if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) {
$_GET['c_start'] = 0;
}
$comment_query = "\n SELECT tcm.*, tcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\n FROM " . DB_COMMENTS . " tcm\n LEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n WHERE comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'\n ORDER BY comment_datestamp " . $this->settings['comments_sorting'] . ", comment_cat DESC";
$query = dbquery($comment_query);
if (dbrows($query) > 0) {
$i = $this->settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start'];
if ($c_rows > $cpp) {
$this->c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start");
}
if (iADMIN && checkrights("C")) {
$this->c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n";
$this->c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $comment_type . "&comment_item_id=" . $comment_item_id . "'>" . $this->locale['c106'] . "</a>";
}
while ($row = dbarray($query)) {
$actions = array("edit_dell" => "", "edit_link" => "", "delete_link" => "");
if (iADMIN && checkrights("C") || iMEMBER && $row['comment_name'] == $this->userdata['user_id'] && isset($row['user_name'])) {
$edit_link = clean_request('c_action=edit&comment_id=' . $row['comment_id'], array('c_action', 'comment_id'), false) . "#edit_comment";
$delete_link = clean_request('c_action=delete&comment_id=' . $row['comment_id'], array('c_action', 'comment_id'), false);
$comment_actions = "<!---comment_actions--><div class='btn-group'>\n <a class='btn btn-xs btn-default' href='{$edit_link}'>" . $this->locale['c108'] . "</a>\n <a class='btn btn-xs btn-default' href='{$delete_link}' onclick=\"return confirm('" . $this->locale['c110'] . "');\"><i class='fa fa-trash'></i>" . $this->locale['c109'] . "</a>\n </div><!---//comment_actions-->\n ";
$actions = array("edit_link" => array('link' => $edit_link, 'name' => $this->locale['c108']), "delete_link" => array('link' => $delete_link, 'name' => $this->locale['c109']), "edit_dell" => $comment_actions);
}
$reply_form = "";
if (isset($_GET['comment_reply']) && $_GET['comment_reply'] == $row['comment_id']) {
$locale = fusion_get_locale();
$comment_data['comment_cat'] = $row['comment_id'];
$reply_form = openform("comments_reply_form", "post", FUSION_REQUEST, array("class" => "comments_reply_form"));
if (iGUEST) {
$reply_form .= form_text('comment_name', fusion_get_locale('c104'), $comment_data['comment_name'], array('max_length' => 30));
}
$reply_form .= form_hidden("comment_cat", "", $comment_data['comment_cat']);
$reply_form .= form_textarea("comment_message", "", $comment_data['comment_message'], array("tinymce" => "simple", "type" => fusion_get_settings("tinymce_enabled") ? "tinymce" : "bbcode", "input_id" => "comment_message-" . $i, "required" => true));
if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) {
$_CAPTCHA_HIDE_INPUT = FALSE;
$reply_form .= "<div class='m-t-10 m-b-10'>";
$reply_form .= "<label class='col-xs-12 col-sm-3'>" . $locale['global_150'] . "</label><div class='col-xs-12 col-sm-9'>\n";
ob_start();
include INCLUDES . "captchas/" . $this->settings['captcha'] . "/captcha_display.php";
$reply_form .= ob_get_contents();
ob_end_clean();
if (!$_CAPTCHA_HIDE_INPUT) {
$reply_form .= "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>";
$reply_form .= "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n";
}
$reply_form .= "</div>\n";
$reply_form .= "</div>\n";
}
$reply_form .= form_button('post_comment', $locale['c102'], $locale['c102'], array('class' => 'btn-success m-t-10'));
$reply_form .= closeform();
}
/** formats $row */
$row = array("comment_id" => $row['comment_id'], "comment_cat" => $row['comment_cat'], "i" => $i, "user_avatar" => display_avatar($row, '50px', '', false, 'img-rounded'), "user" => array("user_id" => $row['user_id'], "user_name" => $row['user_name'], "user_avatar" => $row['user_avatar'], "status" => $row['user_status']), "reply_link" => clean_request("comment_reply=" . $row['comment_id'], array("comment_reply"), false), "reply_form" => $reply_form, "comment_datestamp" => showdate('shortdate', $row['comment_datestamp']), "comment_time" => timer($row['comment_datestamp']), "comment_message" => "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($row['comment_message']))) . "<!--//comment_message-->\n", "comment_name" => $row['user_name'] ? profile_link($row['comment_name'], $row['user_name'], $row['user_status'], 'strong text-dark') : $row['comment_name']);
$row += $actions;
$id = $row['comment_id'];
$parent_id = $row['comment_cat'] === NULL ? "0" : $row['comment_cat'];
$data[$id] = $row;
$this->c_arr['c_con'][$parent_id][$id] = $row;
$this->settings['comments_sorting'] == "ASC" ? $i++ : $i--;
}
// Paginate the array
$this->c_arr['c_con'][0] = array_chunk($this->c_arr['c_con'][0], $cpp, true);
// Pass cpp settings
$this->c_arr['c_info']['comments_per_page'] = $cpp;
$this->c_arr['c_info']['comments_count'] = format_word(number_format($i - 1, 0), $this->locale['fmt_comment']);
}
echo "<a id='comments' name='comments'></a>";
render_comments($this->c_arr['c_con'], $this->c_arr['c_info']);
render_comments_form($comment_type, $clink, $comment_item_id, isset($_CAPTCHA_HIDE_INPUT) ? $_CAPTCHA_HIDE_INPUT : FALSE);
}
}
/**
* Move a single column from one table to another
* @param $old_table
* @param $new_table
* @param $column_name
*/
protected static function move_column($old_table, $new_table, $column_name)
{
$result = dbquery("SHOW COLUMNS FROM " . $old_table);
$data = array();
if (dbrows($result) > 0) {
$i = 1;
while ($data = dbarray($result)) {
if ($data['Field'] == $column_name) {
break;
}
}
}
if (!empty($data)) {
$result = dbquery("ALTER TABLE " . $new_table . " ADD COLUMN " . $data['Field'] . " " . $data['Type'] . " " . ($data['Null'] == "NO" ? "NOT NULL" : "NULL") . " DEFAULT '" . $data['Default'] . "'");
if (!$result) {
\defender::stop();
}
if ($result && \defender::safe()) {
dbquery("INSERT INTO " . $new_table . " (" . $data['Field'] . ") SELECT " . $data['Field'] . " FROM " . $old_table);
}
if (!$result && \defender::safe()) {
\defender::stop();
}
if (!\defender::safe()) {
addNotice("danger", "Cannot move " . $column_name);
}
}
}
public static function validateAuthAdmin($pass = "")
{
global $userdata, $locale;
if (iADMIN) {
// Validate existing admin cookie
if ($pass == "" && isset($_COOKIE[COOKIE_ADMIN]) && $_COOKIE[COOKIE_ADMIN] != "") {
$cookieDataArr = explode(".", $_COOKIE[COOKIE_ADMIN]);
if (count($cookieDataArr) == 3) {
list($userID, $cookieExpiration, $cookieHash) = $cookieDataArr;
if ($cookieExpiration > time() && $userID == $userdata['user_id']) {
$result = dbquery("SELECT user_admin_algo, user_admin_salt FROM " . DB_USERS . "\n\t\t\t\t\t\t\tWHERE user_id='" . (isnum($userID) ? $userID : 0) . "' AND user_level < -101 AND user_status='0' AND user_actiontime='0'\n\t\t\t\t\t\t\tLIMIT 1");
if (dbrows($result) == 1) {
$user = dbarray($result);
$key = hash_hmac($user['user_admin_algo'], $userID . $cookieExpiration, $user['user_admin_salt']);
$hash = hash_hmac($user['user_admin_algo'], $userID . $cookieExpiration, $key);
if ($cookieHash == $hash) {
$error = FALSE;
/**
* New 2nd factor session authentication
*/
if (empty($_SESSION['aid'])) {
return FALSE;
} else {
$password_algo = fusion_get_settings("password_algorithm");
$token_data = explode(".", $_SESSION['aid']);
// check if the token has the correct format
if (count($token_data) == 3) {
list($tuser_id, $token_time, $hash) = $token_data;
$user_id = iMEMBER ? $userdata['user_id'] : 0;
$algo = $password_algo;
$key = $userdata['user_id'] . $token_time . iAUTH . SECRET_KEY;
$salt = md5($userdata['user_admin_salt'] . SECRET_KEY_SALT);
// check if the logged user has the same ID as the one in token
if ($tuser_id != $user_id) {
$error = $locale['token_error_4'];
// make sure the token datestamp is a number
} elseif (!isnum($token_time)) {
$error = $locale['token_error_5'];
// check if the hash is valid
} elseif ($hash != hash_hmac($algo, $key, $salt)) {
$error = $locale['token_error_7'];
// check if a post wasn't made too fast. Set $post_time to 0 for instant. Go for System Settings later.
}
} else {
// token format is incorrect
$error = $locale['token_error_8'];
}
// Check if any error was set
if ($error !== FALSE) {
\defender::stop();
addNotice("warning", $error);
return FALSE;
}
}
return TRUE;
}
}
}
}
// Validate a provided password
} elseif ($pass != "") {
$result = dbquery("SELECT user_admin_algo, user_admin_salt, user_admin_password FROM " . DB_USERS . "\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "' AND user_level < -101 AND user_status='0' AND user_actiontime='0'\n\t\t\t\t\tLIMIT 1");
if (dbrows($result) == 1) {
$user = dbarray($result);
if ($user['user_admin_algo'] != "md5") {
$inputHash = hash_hmac($user['user_admin_algo'], $pass, $user['user_admin_salt']);
} else {
$inputHash = md5(md5($pass));
}
if ($inputHash == $user['user_admin_password']) {
return TRUE;
}
}
}
}
return FALSE;
}
/**
* Return a valid forum name without duplicate
* @param $forum_name
* @param int $forum_id
* @return mixed
*/
protected static function check_validForumName($forum_name, $forum_id = 0)
{
if ($forum_name) {
if ($forum_id) {
$name_check = dbcount("('forum_name')", DB_FORUMS, "forum_name='" . $forum_name . "' AND forum_id !='" . $forum_id . "'");
} else {
$name_check = dbcount("('forum_name')", DB_FORUMS, "forum_name='" . $forum_name . "'");
}
if ($name_check) {
\defender::stop();
addNotice('danger', self::$locale['forum_error_7']);
} else {
return $forum_name;
}
}
return FALSE;
}
