error_dialog('ERROR: you aren't allowed to post', 'Your account has been blocked from posting'); } } if ((!isset($_GET['msg_id']) || !($msg_id = (int) $_GET['msg_id'])) && (!isset($_POST['msg_id']) || !($msg_id = (int) $_POST['msg_id']))) { error_dialog('ERROR', 'No Such Message'); } if (!_uid) { std_error('access'); } /* permission check */ is_allowed_user($usr); $msg = db_sab('SELECT t.forum_id, m.subject, m.post_stamp, u.alias, mm.id AS md, ((CASE WHEN g2.id IS NOT NULL THEN g2.group_cache_opt ELSE g1.group_cache_opt END) & 2) > 0 AS gco, mr.id AS reported FROM phpgw_fud_msg m INNER JOIN phpgw_fud_thread t ON m.thread_id=t.id INNER JOIN phpgw_fud_group_cache g1 ON g1.user_id=' . (_uid ? '2147483647' : '0') . ' AND g1.resource_id=t.forum_id LEFT JOIN phpgw_fud_group_cache g2 ON g2.user_id=' . _uid . ' AND g2.resource_id=t.forum_id LEFT JOIN phpgw_fud_mod mm ON mm.forum_id=t.forum_id AND mm.user_id=' . _uid . ' LEFT JOIN phpgw_fud_users u ON m.poster_id=u.id LEFT JOIN phpgw_fud_msg_report mr ON mr.msg_id=' . $msg_id . ' AND mr.user_id=' . _uid . ' WHERE m.id=' . $msg_id . ' AND m.apr=1'); if (!$msg) { invl_inp_err(); } if (!($usr->users_opt & 1048576) && !$msg->md && !$msg->gco) { std_error('access'); } if ($msg->reported) { error_dialog('Already Reported', 'This message was already reported and the report is currently in moderation staff's review queue.'); } if (!empty($_POST['reason']) && ($reason = trim($_POST['reason']))) { q("INSERT INTO phpgw_fud_msg_report (user_id, msg_id, reason, stamp) VALUES(" . _uid . ", " . $msg_id . ", '" . addslashes(htmlspecialchars($reason)) . "', " . __request_timestamp__ . ")");
function approve($id, $unlock_safe = false) { /* fetch info about the message, poll (if one exists), thread & forum */ $mtf = db_sab('SELECT m.id, m.poster_id, m.apr, m.subject, m.foff, m.length, m.file_id, m.thread_id, m.poll_id, m.attach_cnt, m.post_stamp, m.reply_to, m.mlist_msg_id, t.forum_id, t.last_post_id, t.root_msg_id, t.last_post_date, m2.post_stamp AS frm_last_post_date, f.name AS frm_name, u.alias, u.email, u.sig, n.id AS nntp_id, ml.id AS mlist_id FROM phpgw_fud_msg m INNER JOIN phpgw_fud_thread t ON m.thread_id=t.id INNER JOIN phpgw_fud_forum f ON t.forum_id=f.id LEFT JOIN phpgw_fud_msg m2 ON f.last_post_id=m2.id LEFT JOIN phpgw_fud_users u ON m.poster_id=u.id LEFT JOIN phpgw_fud_mlist ml ON ml.forum_id=f.id LEFT JOIN phpgw_fud_nntp n ON n.forum_id=f.id WHERE m.id=' . $id . ' AND m.apr=0'); /* nothing to do or bad message id */ if (!$mtf) { return; } if ($mtf->alias) { reverse_fmt($mtf->alias); } else { $mtf->alias = $GLOBALS['ANON_NICK']; } if (!db_locked()) { db_lock('phpgw_fud_thread_view WRITE, phpgw_fud_level WRITE, phpgw_fud_users WRITE, phpgw_fud_forum WRITE, phpgw_fud_thread WRITE, phpgw_fud_msg WRITE'); $ll = 1; } q("UPDATE phpgw_fud_msg SET apr=1 WHERE id=" . $mtf->id); if ($mtf->poster_id) { user_set_post_count($mtf->poster_id); } $last_post_id = $mtf->post_stamp > $mtf->frm_last_post_date ? $mtf->id : 0; if ($mtf->root_msg_id == $mtf->id) { /* new thread */ rebuild_forum_view($mtf->forum_id); $threads = 1; } else { /* reply to thread */ if ($mtf->post_stamp > $mtf->last_post_date) { th_inc_post_count($mtf->thread_id, 1, $mtf->id, $mtf->post_stamp); } else { th_inc_post_count($mtf->thread_id, 1); } rebuild_forum_view($mtf->forum_id, q_singleval('SELECT page FROM phpgw_fud_thread_view WHERE forum_id=' . $mtf->forum_id . ' AND thread_id=' . $mtf->thread_id)); $threads = 0; } /* update forum thread & post count as well as last_post_id field */ frm_updt_counts($mtf->forum_id, 1, $threads, $last_post_id); if ($unlock_safe || isset($ll)) { db_unlock(); } if ($mtf->poll_id) { poll_activate($mtf->poll_id, $mtf->forum_id); } $mtf->body = read_msg_body($mtf->foff, $mtf->length, $mtf->file_id); if ($GLOBALS['FUD_OPT_1'] & 16777216) { index_text(preg_match('!Re: !i', $mtf->subject) ? '' : $mtf->subject, $mtf->body, $mtf->id); } /* handle notifications */ if ($mtf->root_msg_id == $mtf->id) { if (empty($mtf->frm_last_post_date)) { $mtf->frm_last_post_date = 0; } /* send new thread notifications to forum subscribers */ $c = uq('SELECT u.email, u.icq, u.users_opt FROM phpgw_fud_forum_notify fn INNER JOIN phpgw_fud_users u ON fn.user_id=u.id LEFT JOIN phpgw_fud_forum_read r ON r.forum_id=fn.forum_id AND r.user_id=fn.user_id INNER JOIN phpgw_fud_group_cache g1 ON g1.user_id=2147483647 AND g1.resource_id=' . $mtf->forum_id . ' LEFT JOIN phpgw_fud_group_cache g2 ON g2.user_id=fn.user_id AND g2.resource_id=' . $mtf->forum_id . ' WHERE fn.forum_id=' . $mtf->forum_id . ' AND fn.user_id!=' . (int) $mtf->poster_id . ' AND (CASE WHEN (r.last_view IS NULL AND (u.last_read=0 OR u.last_read >= ' . $mtf->frm_last_post_date . ')) OR r.last_view > ' . $mtf->frm_last_post_date . ' THEN 1 ELSE 0 END)=1 AND ((CASE WHEN g2.id IS NOT NULL THEN g2.group_cache_opt ELSE g1.group_cache_opt END) & 2) > 0'); $notify_type = 'frm'; } else { /* send new reply notifications to thread subscribers */ $c = uq('SELECT u.email, u.icq, u.users_opt, r.msg_id, u.id FROM phpgw_fud_thread_notify tn INNER JOIN phpgw_fud_users u ON tn.user_id=u.id LEFT JOIN phpgw_fud_read r ON r.thread_id=tn.thread_id AND r.user_id=tn.user_id INNER JOIN phpgw_fud_group_cache g1 ON g1.user_id=2147483647 AND g1.resource_id=' . $mtf->forum_id . ' LEFT JOIN phpgw_fud_group_cache g2 ON g2.user_id=tn.user_id AND g2.resource_id=' . $mtf->forum_id . ' WHERE tn.thread_id=' . $mtf->thread_id . ' AND tn.user_id!=' . (int) $mtf->poster_id . ' AND (r.msg_id=' . $mtf->last_post_id . ' OR (r.msg_id IS NULL AND ' . $mtf->post_stamp . ' > u.last_read)) AND ((CASE WHEN g2.id IS NOT NULL THEN g2.group_cache_opt ELSE g1.group_cache_opt END) & 2) > 0'); $notify_type = 'thr'; } while ($r = db_rowarr($c)) { if ($r[2] & 16) { $to['EMAIL'] = $r[0]; } else { $to['ICQ'] = $r[1] . '@pager.icq.com'; } if (isset($r[4]) && is_null($r[3])) { $tl[] = $r[4]; } } unset($c); if (isset($tl)) { /* this allows us to mark the message we are sending notification about as read, so that we do not re-notify the user * until this message is read. */ q('INSERT INTO phpgw_fud_read (thread_id, msg_id, last_view, user_id) SELECT ' . $mtf->thread_id . ', 0, 0, id FROM phpgw_fud_users WHERE id IN(' . implode(',', $tl) . ')'); } if (isset($to)) { send_notifications($to, $mtf->id, $mtf->subject, $mtf->alias, $notify_type, $notify_type == 'thr' ? $mtf->thread_id : $mtf->forum_id, $mtf->frm_name, $mtf->forum_id); } // Handle Mailing List and/or Newsgroup syncronization. if (($mtf->nntp_id || $mtf->mlist_id) && !$mtf->mlist_msg_id) { fud_use('email_msg_format.inc', true); reverse_fmt($mtf->alias); $from = $mtf->poster_id ? $mtf->alias . ' <' . $mtf->email . '>' : $GLOBALS['ANON_NICK'] . ' <' . $GLOBALS['NOTIFY_FROM'] . '>'; $body = $mtf->body . ($mtf->msg_opt & 1 && $mtf->sig ? "\n--\n" . $mtf->sig : ''); plain_text($body); plain_text($subject); if ($mtf->reply_to) { $replyto_id = q_singleval('SELECT mlist_msg_id FROM phpgw_fud_msg WHERE id=' . $mtf->reply_to); } else { $replyto_id = 0; } if ($mtf->attach_cnt) { $r = uq("SELECT a.id, a.original_name,\n\t\t\t\t\t\tCASE WHEN m.mime_hdr IS NULL THEN 'application/octet-stream' ELSE m.mime_hdr END\n\t\t\t\t\t\tFROM phpgw_fud_attach a\n\t\t\t\t\t\tLEFT JOIN phpgw_fud_mime m ON a.mime_type=m.id\n\t\t\t\t\t\tWHERE a.message_id=" . $mtf->id . " AND a.attach_opt=0"); while ($ent = db_rowarr($r)) { $attach[$ent[1]] = file_get_contents($GLOBALS['FILE_STORE'] . $ent[0] . '.atch'); if ($mtf->mlist_id) { $attach_mime[$ent[1]] = $ent[2]; } } } else { $attach_mime = $attach = null; } if ($mtf->nntp_id) { fud_use('nntp.inc', true); $nntp_adm = db_sab('SELECT * FROM phpgw_fud_nntp WHERE id=' . $mtf->nntp_id); $nntp = new fud_nntp(); $nntp->server = $nntp_adm->server; $nntp->newsgroup = $nntp_adm->newsgroup; $nntp->port = $nntp_adm->port; $nntp->timeout = $nntp_adm->timeout; $nntp->nntp_opt = $nntp_adm->nntp_opt; $nntp->login = $nntp_adm->login; $nntp->pass = $nntp_adm->pass; define('sql_p', 'phpgw_fud_'); $lock = $nntp->get_lock(); $nntp->post_message($mtf->subject, $body, $from, $mtf->id, $replyto_id, $attach); $nntp->close_connection(); $nntp->release_lock($lock); } else { fud_use('mlist_post.inc', true); $GLOBALS['CHARSET'] = 'ISO-8859-15'; $r = db_saq('SELECT name, additional_headers FROM phpgw_fud_mlist WHERE id=' . $mtf->mlist_id); mail_list_post($r[0], $from, $mtf->subject, $body, $mtf->id, $replyto_id, $attach, $attach_mime, $r[1]); } } }
} else { if ($gr_resource) { foreach ($gr_resource as $v) { q('INSERT INTO ' . $DBHOST_TBL_PREFIX . 'group_resources (resource_id, group_id) VALUES(' . (int) $v . ', ' . $gid . ')'); } } /* only rebuild the group cache if the all ANON/REG users were added */ if ($gr_ramasks) { grp_rebuild_cache(array(0, 2147483647)); } } } else { if (($frm = q_singleval('SELECT forum_id FROM ' . $DBHOST_TBL_PREFIX . 'groups WHERE id=' . $edit)) !== null) { /* update an existing group */ if (!$res) { $old = db_sab("SELECT groups_opt, groups_opti FROM " . $DBHOST_TBL_PREFIX . "groups WHERE id=" . $edit); } else { $old =& $res[$edit]; } group_sync($edit, isset($_POST['gr_name']) ? $_POST['gr_name'] : null, $gr_inherit_id, $perm, $permi); if (!$frm) { q('DELETE FROM ' . $DBHOST_TBL_PREFIX . 'group_resources WHERE group_id=' . $edit); $aff = db_affected(); if ($gr_resource) { foreach ($gr_resource as $v) { q('INSERT INTO ' . $DBHOST_TBL_PREFIX . 'group_resources (resource_id, group_id) VALUES(' . (int) $v . ', ' . $edit . ')'); } } } /* only rebuild caches if the permissions or number of resources had changed. */ if ($perm != $old->groups_opt || $permi != $old->groups_opti || $aff != count($gr_resource)) {
header('Location: /egroupware/fudforum/3814588639/index.php?t=' . d_thread_view . '&th=' . $th_id . '&' . _rsidl); exit; } $mids = implode(',', $a); $mc = count($a); $start = $a[0]; $end = $a[$mc - 1]; } /* fetch all relevant information */ $data = db_sab('SELECT t.id, t.forum_id, t.replies, t.root_msg_id, t.last_post_id, t.last_post_date, m1.post_stamp AS new_th_lps, m1.id AS new_th_lpi, m2.post_stamp AS old_fm_lpd, f1.last_post_id AS src_lpi, f2.last_post_id AS dst_lpi FROM phpgw_fud_thread t INNER JOIN phpgw_fud_forum f1 ON t.forum_id=f1.id INNER JOIN phpgw_fud_forum f2 ON f2.id=' . $forum . ' INNER JOIN phpgw_fud_msg m1 ON m1.id=' . $end . ' INNER JOIN phpgw_fud_msg m2 ON m2.id=f2.last_post_id WHERE t.id=' . $th); /* sanity check */ if (!$data->replies) { header('Location: /egroupware/fudforum/3814588639/index.php?t=' . d_thread_view . '&th=' . $th_id . '&' . _rsidl); exit; } apply_custom_replace($_POST['new_title']); if ($mc != $data->replies + 1) { /* check that we need to move the entire thread */ db_lock('phpgw_fud_thread_view WRITE, phpgw_fud_thread WRITE, phpgw_fud_forum WRITE, phpgw_fud_msg WRITE, phpgw_fud_poll WRITE');
function &usr_reg_get_full($id) { if ($r = db_sab('SELECT * FROM phpgw_fud_users WHERE id=' . $id)) { if (!function_exists('aggregate_methods')) { $o = new fud_user_reg(); foreach ($r as $k => $v) { $o->{$k} = $v; } $r = $o; } else { aggregate_methods($r, 'fud_user_reg'); } } return $r; }
} $tabs .= $pg == $tab ? '<td class="tabA"><div class="tabT"><a href="' . $tab_url . '">' . $tab_name . '</a></div></td>' : '<td class="tabI"><div class="tabT"><a href="' . $tab_url . '">' . $tab_name . '</a></div></td>'; } $tabs = '<table border=0 cellspacing=1 cellpadding=0 class="tab"> <tr class="tab">' . $tabs . '</tr> </table>'; } } if (!isset($_GET['id']) || !($id = (int) $_GET['id'])) { invl_inp_err(); } $m = db_sab('SELECT p.*, u.id AS user_id, u.alias, u.users_opt, u.avatar_loc, u.email, u.posted_msg_count, u.join_date, u.location, u.sig, u.icq, u.aim, u.msnm, u.yahoo, u.jabber, u.affero, u.custom_status, u.last_visit, l.name AS level_name, l.level_opt, l.img AS level_img FROM phpgw_fud_pmsg p INNER JOIN phpgw_fud_users u ON p.ouser_id=u.id LEFT JOIN phpgw_fud_level l ON u.level_id=l.id WHERE p.duser_id=' . _uid . ' AND p.id=' . $id); if (!$m) { invl_inp_err(); } ses_update_status($usr->sid, 'Legge/Scrive i messagi personali'); $cur_ppage = tmpl_cur_ppage($m->fldr, $folders, $m->subject); /* Next Msg */ if ($nid = q_singleval('SELECT p.id FROM phpgw_fud_pmsg p INNER JOIN phpgw_fud_users u ON u.id=p.ouser_id WHERE p.duser_id=' . _uid . ' AND p.fldr=' . $m->fldr . ' AND post_stamp>' . $m->post_stamp . ' ORDER BY p.post_stamp ASC LIMIT 1')) { $dpmsg_next_message = '<a href="/egroupware/fudforum/3814588639/index.php?t=pmsg_view&' . _rsid . '&id=' . $nid . '" class="GenLink">Messaggio successivo <img src="/egroupware/fudforum/3814588639/theme/italian/images/goto.gif" alt="" /></a>'; } else { $dpmsg_next_message = ''; }
function msg_get($id) { if ($r = db_sab('SELECT * FROM phpgw_fud_msg WHERE id=' . $id)) { $r->body = read_msg_body($r->foff, $r->length, $r->file_id); un_register_fps(); return $r; } error_dialog('Messaggio non valido', 'Il messaggio che stai cercando di visualizzare non esiste.'); }
function init_user() { $o1 =& $GLOBALS['FUD_OPT_1']; $o2 =& $GLOBALS['FUD_OPT_2']; $phpgw =& $GLOBALS['phpgw_info']['user']; /* delete old sessions */ if (!(rand() % 10)) { q("DELETE FROM phpgw_fud_ses WHERE time_sec+" . $GLOBALS['phpgw_info']['server']['sessions_timeout'] . " < " . __request_timestamp__); } $u = db_sab("SELECT \n\t\t\ts.id AS sid, s.data, s.returnto, \n\t\t\tt.id AS theme_id, t.lang, t.name AS theme_name, t.locale, t.theme, t.pspell_lang, t.theme_opt, \n\t\t\tu.alias, u.posts_ppg, u.time_zone, u.sig, u.last_visit, u.last_read, u.cat_collapse_status, u.users_opt, u.ignore_list, u.ignore_list, u.buddy_list, u.id, u.group_leader_list, u.email, u.login \n\t\t\tFROM phpgw_fud_ses s\n\t\t\tINNER JOIN phpgw_fud_users u ON u.id=(CASE WHEN s.user_id>2000000000 THEN 1 ELSE s.user_id END) \n\t\t\tINNER JOIN phpgw_fud_themes t ON t.id=u.theme WHERE s.ses_id='" . s . "'"); if (!$u) { /* registered user */ if ($phpgw['account_lid'] != $GLOBALS['ANON_NICK']) { /* this means we do not have an entry for this user in the sessions table */ $uid = q_singleval("SELECT id FROM phpgw_fud_users WHERE egw_id=" . (int) $phpgw['account_id']); $id = db_qid("INSERT INTO phpgw_fud_ses (user_id, ses_id, time_sec) VALUES(" . $uid . ", '" . s . "', " . __request_timestamp__ . ")"); $u = db_sab('SELECT s.id AS sid, s.data, s.returnto, t.id AS theme_id, t.lang, t.name AS theme_name, t.locale, t.theme, t.pspell_lang, t.theme_opt, u.alias, u.posts_ppg, u.time_zone, u.sig, u.last_visit, u.last_read, u.cat_collapse_status, u.users_opt, u.ignore_list, u.ignore_list, u.buddy_list, u.id, u.group_leader_list, u.email, u.login FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=s.user_id INNER JOIN phpgw_fud_themes t ON t.id=u.theme WHERE s.id=' . $id); } else { /* anonymous user */ do { $uid = 2000000000 + mt_rand(1, 147483647); } while (!($id = db_li("INSERT INTO phpgw_fud_ses (time_sec, ses_id, user_id) VALUES (" . __request_timestamp__ . ", '" . s . "', " . $uid . ")", $ef, 1))); $u = db_sab('SELECT s.id AS sid, s.data, s.returnto, t.id AS theme_id, t.lang, t.name AS theme_name, t.locale, t.theme, t.pspell_lang, t.theme_opt, u.alias, u.posts_ppg, u.time_zone, u.sig, u.last_visit, u.last_read, u.cat_collapse_status, u.users_opt, u.ignore_list, u.ignore_list, u.buddy_list, u.id, u.group_leader_list, u.email, u.login FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=1 INNER JOIN phpgw_fud_themes t ON t.id=u.theme WHERE s.id=' . $id); } } /* grant admin access */ if (!empty($phpgw['apps']['admin'])) { $u->users_opt |= 1048576; } /* this is ugly, very ugly, but there is no way around it, we need to see if the * user's language had changed and we can only do it this way. */ $langl = array('bg' => 'bulgarian', 'zh' => 'chinese_big5', 'cs' => 'czech', 'nl' => 'dutch', 'fr' => 'french', 'de' => 'german', 'it' => 'italian', 'lv' => 'latvian', 'no' => 'norwegian', 'pl' => 'polish', 'pt' => 'portuguese', 'ro' => 'romanian', 'ru' => 'russian', 'sk' => 'slovak', 'es' => 'spanish', 'sv' => 'swedish', 'tr' => 'turkish', 'en' => 'english'); $lang =& $phpgw['preferences']['common']['lang']; if (isset($langl[$lang]) && $langl[$lang] != $u->lang) { if (!($o = db_sab("SELECT * FROM phpgw_fud_themes WHERE lang='{$langl[$lang]}'"))) { fud_use('compiler.inc', true); fud_use('theme.inc', true); $thm = new fud_theme(); $thm->name = $thm->lang = $langl[$lang]; $thm->theme = 'default'; $thm->pspell_lang = file_get_contents($GLOBALS['DATA_DIR'] . 'thm/default/i18n/' . $langl[$lang] . '/pspell_lang'); $thm->locale = file_get_contents($GLOBALS['DATA_DIR'] . 'thm/default/i18n/' . $langl[$lang] . '/locale'); $thm->theme_opt = 1; $thm->add(); compile_all('default', $langl[$lang], $langl[$lang]); $o = db_sab("SELECT * FROM phpgw_fud_themes WHERE lang='{$langl[$lang]}'"); } $u->lang = $o->lang; $u->theme_name = $o->name; $u->locale = $o->locale; $u->theme_id = $o->id; $u->theme = $o->theme; $u->pspell_lang = $o->pspell_lang; $u->theme_opt = $o->theme_opt; q("UPDATE phpgw_fud_users SET theme=" . $u->theme_id . " WHERE id=" . $u->id); } if ($u->data) { $u->data = @unserialize($u->data); } $u->users_opt = (int) $u->users_opt; /* set timezone */ @putenv('TZ=' . $u->time_zone); /* set locale */ setlocale(LC_ALL, $u->locale); /* view format for threads & messages */ define('d_thread_view', $u->users_opt & 256 ? 'msg' : 'tree'); define('t_thread_view', $u->users_opt & 128 ? 'thread' : 'threadt'); /* theme path */ @define('fud_theme', 'theme/' . ($u->theme_name ? $u->theme_name : 'default') . '/'); /* define _uid, which, will tell us if this is a 'real' user or not */ define('__fud_real_user__', $u->id != 1 ? $u->id : 0); define('_uid', __fud_real_user__); if (__fud_real_user__) { q('UPDATE phpgw_fud_users SET last_visit=' . __request_timestamp__ . ' WHERE id=' . $u->id); } return $u; }
function check_ppost_form($msg_subject) { if (!strlen(trim($msg_subject))) { set_err('msg_subject', 'Subject required'); } if (post_check_images()) { set_err('msg_body', 'Maximum ' . $GLOBALS['MAX_IMAGE_COUNT'] . ' images are allowed per post, please decrease the number of images'); } $list = explode(';', $_POST['msg_to_list']); foreach ($list as $v) { $v = trim($v); if (strlen($v)) { if (!($obj = db_sab('SELECT u.users_opt, u.id, ui.ignore_id FROM phpgw_fud_users u LEFT JOIN phpgw_fud_user_ignore ui ON ui.user_id=u.id AND ui.ignore_id=' . _uid . ' WHERE u.alias=' . strnull(addslashes(htmlspecialchars($v)))))) { set_err('msg_to_list', 'There is no user named "' . htmlspecialchars($v) . '" this forum'); break; } if (!empty($obj->ignore_id)) { set_err('msg_to_list', 'You cannot send a private message to "' . htmlspecialchars($v) . '", because this person is ignoring you.'); break; } else { if (!($obj->users_opt & 32) && !($GLOBALS['usr']->users_opt & 1048576)) { set_err('msg_to_list', 'You cannot send a private message to "' . htmlspecialchars($v) . '", because this person is not accepting private messages.'); break; } else { $GLOBALS['recv_user_id'][] = $obj->id; } } } } if (empty($_POST['msg_to_list'])) { set_err('msg_to_list', 'Cannot send a message, missing recipient'); } return $GLOBALS['__error__']; }
} if (!isset($_GET['start']) || !($start = (int) $_GET['start'])) { $start = 0; } /* This query creates frm object that contains info about the current * forum, category & user's subscription status & permissions to the * forum. */ make_perms_query($fields, $join, $frm_id); $frm = db_sab('SELECT f.id, f.name, f.thread_count, c.name AS cat_name, fn.forum_id AS subscribed, m.forum_id AS md, a.ann_id AS is_ann, ' . $fields . ' FROM phpgw_fud_forum f INNER JOIN phpgw_fud_cat c ON c.id=f.cat_id LEFT JOIN phpgw_fud_forum_notify fn ON fn.user_id=' . _uid . ' AND fn.forum_id=' . $frm_id . ' LEFT JOIN phpgw_fud_mod m ON m.user_id=' . _uid . ' AND m.forum_id=' . $frm_id . ' ' . $join . ' LEFT JOIN phpgw_fud_ann_forums a ON a.forum_id=' . $frm_id . ' WHERE f.id=' . $frm_id . ' LIMIT 1'); if (!$frm) { invl_inp_err(); } $MOD = $usr->users_opt & 1048576 || $frm->md; /* check that the user has permissions to access this forum */ if (!($frm->group_cache_opt & 2) && !$MOD) { if (!isset($_GET['logoff'])) { std_error('perms'); } else {
fud_use('fileio.inc'); fud_use('mlist.inc', true); fud_use('scripts_common.inc', true); define('sql_p', $DBHOST_TBL_PREFIX); if (is_numeric($_SERVER['argv'][1])) { $mlist = db_sab('SELECT * FROM ' . sql_p . 'mlist WHERE id=' . $_SERVER['argv'][1]); } else { $mlist = db_sab("SELECT * FROM " . sql_p . "mlist WHERE name='" . addslashes($_SERVER['argv'][1]) . "'"); } if (!$mlist) { exit('Invalid list identifier'); } $CREATE_NEW_USERS = $mlist->mlist_opt & 64; $FUD_OPT_2 |= $FUD_OPT_2 & ~(1024 | 8388608); $FUD_OPT_2 |= 128; $frm = db_sab('SELECT id, forum_opt, message_threshold, (max_attach_size * 1024) AS max_attach_size, max_file_attachments FROM ' . sql_p . 'forum WHERE id=' . $mlist->forum_id); $emsg = new fud_emsg(); $emsg->subject_cleanup_rgx = $mlist->subject_regex_haystack; $emsg->subject_cleanup_rep = $mlist->subject_regex_needle; $emsg->body_cleanup_rgx = $mlist->body_regex_haystack; $emsg->body_cleanup_rep = $mlist->body_regex_needle; $emsg->parse_input($mlist->mlist_opt & 16); $emsg->fetch_useful_headers(); $emsg->clean_up_data(); $msg_post = new fud_msg_edit(); // Handler for our own messages, which do not need to be imported. if (isset($emsg->headers['x-fudforum']) && preg_match('!([A-Za-z0-9]{32}) <([0-9]+)>!', $emsg->headers['x-fudforum'], $m)) { if ($m[1] == md5($GLOBALS['WWW_ROOT'])) { q("UPDATE " . sql_p . "msg SET mlist_msg_id='" . addslashes($emsg->msg_id) . "' WHERE id=" . intval($m[2]) . " AND mlist_msg_id IS NULL"); if (db_affected()) { exit;
$src_frm_lpi = (int) $thr->f1_lpi; /* fetch data about dest forum */ $dst_frm_lpi = (int) $thr->f2_lpi; th_move($thr->id, $to, $thr->root_msg_id, $thr->forum_id, $thr->last_post_date, $thr->last_post_id); if ($src_frm_lpi == $thr->last_post_id) { $mid = (int) q_singleval('SELECT MAX(last_post_id) FROM phpgw_fud_thread t INNER JOIN phpgw_fud_msg m ON t.root_msg_id=m.id WHERE t.forum_id=' . $thr->forum_id . ' AND t.moved_to=0 AND m.apr=1'); q('UPDATE phpgw_fud_forum SET last_post_id=' . $mid . ' WHERE id=' . $thr->forum_id); } if ($dst_frm_lpi < $thr->last_post_id) { q('UPDATE phpgw_fud_forum SET last_post_id=' . $thr->last_post_id . ' WHERE id=' . $to); } logaction(_uid, 'THRMOVE', $th); exit("<html><script>window.opener.location='/egroupware/fudforum/3814588639/index.php?t=" . t_thread_view . "&" . _rsid . "&frm_id=" . $thr->forum_id . "'; window.close();</script></html>"); } if (!$thx) { $thr = db_sab('SELECT f.name AS frm_name, m.subject, t.forum_id, t.id FROM phpgw_fud_thread t INNER JOIN phpgw_fud_forum f ON f.id=t.forum_id INNER JOIN phpgw_fud_msg m ON t.root_msg_id=m.id WHERE t.id=' . $th); $r = uq('SELECT f.name, f.id, c.name, m.user_id, (CASE WHEN g2.id IS NOT NULL THEN g2.group_cache_opt ELSE g1.group_cache_opt END) AS gco FROM phpgw_fud_forum f INNER JOIN phpgw_fud_fc_view v ON v.f=f.id INNER JOIN phpgw_fud_cat c ON c.id=v.c LEFT JOIN phpgw_fud_mod m ON m.user_id=' . _uid . ' AND m.forum_id=f.id INNER JOIN phpgw_fud_group_cache g1 ON g1.user_id=2147483647 AND g1.resource_id=f.id LEFT JOIN phpgw_fud_group_cache g2 ON g2.user_id=' . _uid . ' AND g2.resource_id=f.id WHERE c.id!=0 AND f.id!=' . $thr->forum_id . ($usr->users_opt & 1048576 ? '' : ' AND (CASE WHEN m.user_id IS NOT NULL OR ((CASE WHEN g2.id IS NOT NULL THEN g2.group_cache_opt ELSE g1.group_cache_opt END) & 1) > 0 THEN 1 ELSE 0 END)=1') . ' ORDER BY v.id'); $table_data = $prev_cat = ''; while ($ent = db_rowarr($r)) { if ($ent[2] !== $prev_cat) { $table_data .= '<tr><td class="mvTc">' . $ent[2] . '</td></tr>'; $prev_cat = $ent[2]; }
} make_perms_query($fields, $join, $frm_id); /* fetch forum, poll & moderator data */ if (!$pl_id) { /* new poll */ $frm = db_sab('SELECT f.id, f.forum_opt, m.id AS md, ' . $fields . ' FROM phpgw_fud_forum f LEFT JOIN phpgw_fud_mod m ON m.user_id=' . _uid . ' AND m.forum_id=f.id ' . $join . ' WHERE f.id=' . $frm_id); } else { /* editing a poll */ $frm = db_sab('SELECT f.id, f.forum_opt, m.id AS md, ms.id AS old_poll, p.id AS poll_id, p.*, ' . $fields . ' FROM phpgw_fud_forum f INNER JOIN phpgw_fud_poll p ON p.id=' . $pl_id . ' LEFT JOIN phpgw_fud_mod m ON m.user_id=' . _uid . ' AND m.forum_id=f.id LEFT JOIN phpgw_fud_msg ms ON ms.poll_id=p.id ' . $join . ' WHERE f.id=' . $frm_id); } $frm->group_cache_opt = (int) $frm->group_cache_opt; $frm->forum_opt = (int) $frm->forum_opt; if (!$frm || !$frm->md && !($usr->users_opt & 1048576) && (!empty($frm->old_poll) && (!($frm->group_cache_opt & 4096) || !($frm->group_cache_opt & 16) && $frm->owner != _uid)) && !($frm->group_cache_opt & 4)) { std_error('access'); } if (isset($_POST['pl_submit'])) { if ($pl_id) { /* update a poll */ poll_sync($pl_id, $_POST['pl_name'], $_POST['pl_max_votes'], $_POST['pl_expiry_date']); } else { /* adding a new poll */
function check_ppost_form($msg_subject) { if (!strlen(trim($msg_subject))) { set_err('msg_subject', 'Oggetto necessario'); } if (post_check_images()) { set_err('msg_body', 'Sono consentite un massimo di ' . $GLOBALS['MAX_IMAGE_COUNT'] . ' immagini per messaggio; per cortesia, riduci il numero di immagini'); } $list = explode(';', $_POST['msg_to_list']); foreach ($list as $v) { $v = trim($v); if (strlen($v)) { if (!($obj = db_sab('SELECT u.users_opt, u.id, ui.ignore_id FROM phpgw_fud_users u LEFT JOIN phpgw_fud_user_ignore ui ON ui.user_id=u.id AND ui.ignore_id=' . _uid . ' WHERE u.alias=' . strnull(addslashes(htmlspecialchars($v)))))) { set_err('msg_to_list', 'Non c'è alcun utente "' . htmlspecialchars($v) . '" in questo forum'); break; } if (!empty($obj->ignore_id)) { set_err('msg_to_list', 'Non puoi spedire un messaggio personale a "' . htmlspecialchars($v) . '", perchè questo utente ha deciso di ignorarti.'); break; } else { if (!($obj->users_opt & 32) && !($GLOBALS['usr']->users_opt & 1048576)) { set_err('msg_to_list', 'Non puoi inviare un messaggio privato a "' . htmlspecialchars($v) . '", perchè non accetta messaggi privati.'); break; } else { $GLOBALS['recv_user_id'][] = $obj->id; } } } } if (empty($_POST['msg_to_list'])) { set_err('msg_to_list', 'Non è possibile inviare il messaggio, manca il destinatario'); } return $GLOBALS['__error__']; }
$item_s = htmlspecialchars($item_s); } } else { $like = 0; $item_s = $item; } $item_s = "'" . addslashes($item_s) . "'"; $c = q('SELECT id, alias, email FROM ' . $DBHOST_TBL_PREFIX . 'users WHERE ' . $field . ($like ? ' LIKE ' : '=') . $item_s . ' LIMIT 50'); switch ($cnt = db_count($c)) { case 0: $search_error = errorify('There are no users matching the specified ' . $field . ' mask.'); unset($c); break; case 1: list($usr_id) = db_rowarr($c); $u = db_sab('SELECT * FROM ' . $DBHOST_TBL_PREFIX . 'users WHERE id=' . $usr_id); unset($c); break; default: echo 'There are ' . $cnt . ' users that match this ' . $field . ' mask:<br>'; while ($r = db_rowarr($c)) { echo '<a href="admuser.php?usr_id=' . $r[0] . '&act=m&' . _rsidl . '">Pick user</a> <b>' . $r[1] . ' / ' . htmlspecialchars($r[2]) . '</b><br>'; } unset($c); exit; break; } } } require $WWW_ROOT_DISK . 'adm/admpanel.php'; ?>
fud_use('adm.inc', true); fud_use('widgets.inc', true); $tbl = $GLOBALS['DBHOST_TBL_PREFIX']; function raw_date($dt) { return array(substr($dt, 0, 4), substr($dt, 4, 2), substr($dt, -2)); } function mk_date($y, $m, $d) { return str_pad((int) $y, 4, '0', STR_PAD_LEFT) . str_pad((int) $m, 2, '0', STR_PAD_LEFT) . str_pad((int) $d, 2, '0', STR_PAD_LEFT); } if (isset($_GET['del'])) { q('DELETE FROM ' . $tbl . 'announce WHERE id=' . (int) $_GET['del']); q('DELETE FROM ' . $tbl . 'ann_forums WHERE ann_id=' . (int) $_GET['del']); } if (isset($_GET['edit']) && ($an_d = db_sab('SELECT * FROM ' . $tbl . 'announce WHERE id=' . (int) $_GET['edit']))) { list($d_year, $d_month, $d_day) = raw_date($an_d->date_started); list($d2_year, $d2_month, $d2_day) = raw_date($an_d->date_ended); $a_subject = $an_d->subject; $a_text = $an_d->text; $edit = (int) $_GET['edit']; $c = uq('SELECT forum_id FROM ' . $tbl . 'ann_forums WHERE ann_id=' . (int) $_GET['edit']); while ($r = db_rowarr($c)) { $frm_list[$r[0]] = $r[0]; } } else { if (isset($_POST['btn_none']) || isset($_POST['btn_all'])) { $vals = array('edit', 'a_subject', 'a_text', 'd_year', 'd_month', 'd_day', 'd2_year', 'd2_month', 'd2_day'); foreach ($vals as $v) { ${$v} = $_POST[$v]; }
$tbl = $GLOBALS['DBHOST_TBL_PREFIX']; $edit = isset($_GET['edit']) ? (int) $_GET['edit'] : (isset($_POST['edit']) ? (int) $_POST['edit'] : ''); if (isset($_POST['ml_forum_id'])) { $mlist = new fud_mlist(); if ($edit) { $mlist->sync($edit); $edit = ''; } else { $mlist->add(); } } else { if (isset($_GET['del'])) { fud_mlist::del((int) $_GET['del']); } } if (isset($_GET['edit']) && $edit && ($o = db_sab('SELECT * FROM ' . $tbl . 'mlist WHERE id=' . $edit))) { foreach ($o as $k => $v) { ${'ml_' . $k} = $v; } $ml_subject_regex_haystack_opt = format_regex($ml_subject_regex_haystack); $ml_body_regex_haystack_opt = format_regex($ml_body_regex_haystack); } else { $tmp = new fud_mlist(); $c = get_object_vars($tmp); foreach ($c as $k => $v) { ${'ml_' . $k} = $v; } $ml_subject_regex_haystack_opt = $ml_body_regex_haystack_opt = ''; } require $WWW_ROOT_DISK . 'adm/admpanel.php'; if ($FUD_OPT_2 & 8388608) {
invl_inp_err(); } if ($mbr->user_id == 0) { $gr_member = '<font class="anon">Anonimo</font>'; } else { if ($mbr->user_id == '2147483647') { $gr_member = '<font class="reg">Tutti gli utenti registrati</font>'; } else { $gr_member = $mbr->alias; } } $perm = $mbr->group_members_opt; } else { if ($group_id > 2 && !isset($_POST['btn_submit']) && ($luser_id = q_singleval('SELECT MAX(id) FROM phpgw_fud_group_members WHERE group_id=' . $group_id))) { /* help trick, we fetch the last user added to the group */ if (!($mbr = db_sab('SELECT 1 AS user_id, group_members_opt FROM phpgw_fud_group_members WHERE id=' . $luser_id))) { invl_inp_err(); } $perm = $mbr->group_members_opt; } } /* anon users cannot vote or rate */ if (isset($mbr) && !$mbr->user_id) { $maxperms = $maxperms & ~(512 | 1024); } /* no members inside the group */ if (!$perm && !isset($mbr)) { $perm = $maxperms; } /* translated permission names */ $ts_list = array('p_VISIBLE' => 'Visibile', 'p_READ' => 'Leggi', 'p_POST' => 'Scrivi', 'p_REPLY' => 'Rispondi', 'p_EDIT' => 'Modifica', 'p_DEL' => 'Cancella', 'p_STICKY' => 'Messaggi toppati', 'p_POLL' => 'Crea sondaggi', 'p_FILE' => 'Allega file', 'p_VOTE' => 'Vota', 'p_RATE' => 'Vota i topic', 'p_SPLIT' => 'Spezza i topic', 'p_LOCK' => 'Chiudi topic', 'p_MOVE' => 'Sposta topic', 'p_SML' => 'Usa smiley', 'p_IMG' => 'Usa tag delle immagini', 'p_SEARCH' => 'Can Search');
if ($k['p'] == $k['t']) { $k['p'] = 0; } return $k['v'][$k['p']++]; } function convert_bdate($val, $month_fmt) { $ret['year'] = substr($val, 0, 4); $ret['day'] = substr($val, 6, 2); $ret['month'] = strftime($month_fmt, mktime(1, 1, 1, substr($val, 4, 2), 11, 2000)); return $ret; } if (!isset($_GET['id']) || !(int) $_GET['id']) { invl_inp_err(); } if (!($u = db_sab('SELECT u.*, l.name AS level_name, l.level_opt, l.img AS level_img FROM phpgw_fud_users u LEFT JOIN phpgw_fud_level l ON l.id=u.level_id WHERE u.id=' . (int) $_GET['id']))) { std_error('user'); } $avatar = $FUD_OPT_1 & 28 && $u->users_opt & 8388608 && !($u->level_opt & 2) ? '<tr class="' . alt_var('search_alt', 'RowStyleA', 'RowStyleB') . '"><td nowrap valign="top" class="GenText">Avatar:</td><td class="GenText">' . $u->avatar_loc . '</td></tr>' : ''; if ($avatar && $u->level_opt & 1) { $level_name = $level_image = ''; } else { $level_name = $u->level_name ? '' . $u->level_name . '<br />' : ''; $level_image = $u->level_img ? '<img src="images/' . $u->level_img . '" /><br />' : ''; } $custom_tags = $u->custom_status ? '' . $u->custom_status . '<br />' : ''; if (!($usr->users_opt & 1048576)) { $frm_perms = get_all_read_perms(_uid, $usr->users_opt & 524288); } $moderation = ''; if ($u->users_opt & 524288) {
} q('UPDATE phpgw_fud_stats_cache SET cache_age=' . __request_timestamp__ . ', last_user_id=' . (int) $obj->last_user_id . ', user_count=' . (int) $obj->user_count . ', online_users_anon=' . (int) $obj->online_users_anon . ', online_users_hidden=' . (int) $obj->online_users_hidden . ', online_users_reg=' . (int) $obj->online_users_reg . ', online_users_text=' . strnull(addslashes(@serialize($obj->online_users_text)))); $obj->last_user_alias = q_singleval('SELECT alias FROM phpgw_fud_users WHERE id=' . $obj->last_user_id); $obj->last_msg_subject = q_singleval('SELECT subject FROM phpgw_fud_msg WHERE id=' . $last_msg_id); return $obj; } $logedin = $forum_info = ''; if ($FUD_OPT_1 & 1073741824 || $FUD_OPT_2 & 16) { if (!($st_obj = db_sab('SELECT sc.*,m.subject AS last_msg_subject, u.alias AS last_user_alias FROM phpgw_fud_stats_cache sc INNER JOIN phpgw_fud_users u ON u.id=sc.last_user_id INNER JOIN phpgw_fud_msg m ON m.id=' . $last_msg_id . ' WHERE sc.cache_age>' . (__request_timestamp__ - $STATS_CACHE_AGE)))) { $st_obj =& rebuild_stats_cache($last_msg_id); } else { if ($st_obj->online_users_text) { $st_obj->online_users_text = @unserialize($st_obj->online_users_text); } } $i_spy = $FUD_OPT_1 & 536870912 ? '[<a href="/egroupware/fudforum/3814588639/index.php?t=actions&' . _rsid . '" class="thLnk">mostra quello che fa la gente</a>] [<a href="/egroupware/fudforum/3814588639/index.php?t=online_today&' . _rsid . '" class="thLnk">Visitatori di oggi</a>]' : ''; if ($FUD_OPT_1 & 1073741824) { if (@count($st_obj->online_users_text)) { foreach ($st_obj->online_users_text as $k => $v) { $logedin .= '<a href="/egroupware/fudforum/3814588639/index.php?t=usrinfo&id=' . $k . '&' . _rsid . '" class="GenLink">' . $v . '</a>' . ' '; } } else { $logedin = ''; }
function msg_get($id) { if ($r = db_sab('SELECT * FROM phpgw_fud_msg WHERE id=' . $id)) { $r->body = read_msg_body($r->foff, $r->length, $r->file_id); un_register_fps(); return $r; } error_dialog('Invalid Message', 'The message you are trying to view does not exist.'); }
th_move($thrx->th, $thrx->frm, $data->root_msg_id, $data->forum_id, $data->last_post_date, $data->last_post_id); if ($data->f1_lpi == $data->last_post_id) { $mid = (int) q_singleval('SELECT MAX(last_post_id) FROM phpgw_fud_thread t INNER JOIN phpgw_fud_msg m ON t.root_msg_id=m.id WHERE t.forum_id=' . $data->forum_id . ' AND t.moved_to=0 AND m.apr=1'); q('UPDATE phpgw_fud_forum SET last_post_id=' . $mid . ' WHERE id=' . $data->forum_id); } if ($data->f2_lpi < $data->last_post_id) { q('UPDATE phpgw_fud_forum SET last_post_id=' . $data->last_post_id . ' WHERE id=' . $thrx->frm); } thx_delete($thrx->id); logaction($usr->id, 'THRXAPPROVE', $thrx->th); } else { if ((isset($_GET['decl']) || isset($_POST['decl'])) && ($thrx = thx_get($decl = (int) (isset($_GET['decl']) ? $_GET['decl'] : $_POST['decl'])))) { $data = db_sab('SELECT u.email, u.login, u.id, m.subject, f1.name AS f1_name, f2.name AS f2_name, ' . ($usr->users_opt & 1048576 ? ' 1 ' : ' mm.id ') . ' AS md FROM phpgw_fud_thread t INNER JOIN phpgw_fud_forum f1 ON t.forum_id=f1.id INNER JOIN phpgw_fud_forum f2 ON f2.id=' . $thrx->frm . ' INNER JOIN phpgw_fud_msg m ON m.id=t.root_msg_id INNER JOIN phpgw_fud_users u ON u.id=' . $thrx->req_by . ' LEFT JOIN phpgw_fud_mod mm ON mm.forum_id=' . $thrx->frm . ' AND mm.user_id=' . _uid . ' WHERE t.id=' . $thrx->th); if (!$data) { invl_inp_err(); } if (!$data->md) { std_error('access'); } if (!empty($_POST['reason'])) { send_status_update($data->id, $data->login, $data->email, 'Moving of topic ' . $data->subject . ' into forum ' . htmlspecialchars($data->f2_name) . ' was declined.', htmlspecialchars($_POST['reason'])); thx_delete($thrx->id); $decl = null; } else { $thr_exch_data = '<form method="post" action="/egroupware/fudforum/3814588639/index.php?t=thr_exch" name="thr_exch">