function get_contact_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $parser, $displaygroupfields;
$lang->load("member");
$input = Tapatalk_Input::filterXmlInput(array('user_id' => Tapatalk_Input::STRING), $xmlrpc_params);
if (isset($input['user_id']) && !empty($input['user_id'])) {
$uid = $input['user_id'];
} else {
$uid = $mybb->user['uid'];
}
if ($mybb->user['uid'] != $uid) {
$member = get_user($uid);
} else {
$member = $mybb->user;
}
if (!$member['uid']) {
error($lang->error_nomember);
}
// Guests or those without permission can't email other users
if ($mybb->usergroup['cansendemail'] == 0 || !$mybb->user['uid']) {
error_no_permission();
}
if ($member['hideemail'] != 0) {
error($lang->error_hideemail);
}
$user_info = array('result' => new xmlrpcval(true, 'boolean'), 'user_id' => new xmlrpcval($member['uid']), 'display_name' => new xmlrpcval(basic_clean($member['username']), 'base64'), 'enc_email' => new xmlrpcval(base64_encode(encrypt($member['email'], loadAPIKey()))));
$xmlrpc_user_info = new xmlrpcval($user_info, 'struct');
return new xmlrpcresp($xmlrpc_user_info);
}
function upload_avatar_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
//chdir("../");
$input = Tapatalk_Input::filterXmlInput(array('content' => Tapatalk_Input::STRING), $xmlrpc_params);
if ($mybb->usergroup['canuploadavatars'] == 0) {
error_no_permission();
}
$avatar = upload_avatar($_FILES['upload']);
if ($avatar['error']) {
return xmlrespfalse($avatar['error']);
} else {
if ($avatar['width'] > 0 && $avatar['height'] > 0) {
$avatar_dimensions = $avatar['width'] . "|" . $avatar['height'];
}
$updated_avatar = array("avatar" => $avatar['avatar'] . '?dateline=' . TIME_NOW, "avatardimensions" => $avatar_dimensions, "avatartype" => "upload");
$db->update_query("users", $updated_avatar, "uid='" . $mybb->user['uid'] . "'");
}
return xmlresptrue();
}
function m_delete_post_func($xmlrpc_params)
{
global $input, $post, $thread, $forum, $pid, $tid, $fid, $modlogdata, $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $moderation, $parser;
$input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::INT, 'mode' => Tapatalk_Input::INT, 'reason_text' => Tapatalk_Input::STRING), $xmlrpc_params);
// Load global language phrases
$lang->load("editpost");
$plugins->run_hooks("editpost_start");
// No permission for guests
if (!$mybb->user['uid']) {
error_no_permission();
}
// Get post info
$pid = intval($input['post_id']);
$query = $db->simple_select("posts", "*", "pid='{$pid}'");
$post = $db->fetch_array($query);
if (!$post['pid']) {
error($lang->error_invalidpost);
}
// Get thread info
$tid = $post['tid'];
$thread = get_thread($tid);
if (!$thread['tid']) {
error($lang->error_invalidthread);
}
// Get forum info
$fid = $post['fid'];
$forum = get_forum($fid);
if (!$forum || $forum['type'] != "f") {
error($lang->error_closedinvalidforum);
}
if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) {
error_no_permission();
}
$forumpermissions = forum_permissions($fid);
if (!is_moderator($fid, "candeleteposts")) {
if ($thread['closed'] == 1) {
error($lang->redirect_threadclosed);
}
if ($forumpermissions['candeleteposts'] == 0) {
error_no_permission();
}
if ($mybb->user['uid'] != $post['uid']) {
error_no_permission();
}
}
// Check if this forum is password protected and we have a valid password
check_forum_password($forum['fid']);
$plugins->run_hooks("editpost_deletepost");
$modlogdata['fid'] = $fid;
$modlogdata['tid'] = $tid;
$query = $db->simple_select("posts", "pid", "tid='{$tid}'", array("limit" => 1, "order_by" => "dateline", "order_dir" => "asc"));
$firstcheck = $db->fetch_array($query);
if ($firstcheck['pid'] == $pid) {
if ($forumpermissions['candeletethreads'] == 1 || is_moderator($fid, "candeletethreads")) {
delete_thread($tid);
mark_reports($tid, "thread");
log_moderator_action($modlogdata, $lang->thread_deleted);
} else {
error_no_permission();
}
} else {
if ($forumpermissions['candeleteposts'] == 1 || is_moderator($fid, "candeleteposts")) {
// Select the first post before this
delete_post($pid, $tid);
mark_reports($pid, "post");
log_moderator_action($modlogdata, $lang->post_deleted);
} else {
error_no_permission();
}
}
$response = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'is_login_mod' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval("", 'base64')), 'struct');
return new xmlrpcresp($response);
}
function get_user_info_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $parser, $displaygroupfields;
$lang->load("member");
$input = Tapatalk_Input::filterXmlInput(array('user_name' => Tapatalk_Input::STRING, 'user_id' => Tapatalk_Input::INT), $xmlrpc_params);
if ($mybb->usergroup['canviewprofiles'] == 0) {
error_no_permission();
}
if (isset($input['user_id']) && !empty($input['user_id'])) {
$uid = $input['user_id'];
} elseif (!empty($input['user_name'])) {
$query = $db->simple_select("users", "uid", "username='******'user_name_esc']}'");
$uid = $db->fetch_field($query, "uid");
} else {
$uid = $mybb->user['uid'];
}
if ($mybb->user['uid'] != $uid) {
$memprofile = get_user($uid);
} else {
$memprofile = $mybb->user;
}
if (!$memprofile['uid']) {
error($lang->error_nomember);
}
// Get member's permissions
$memperms = user_permissions($memprofile['uid']);
if (!$memprofile['displaygroup']) {
$memprofile['displaygroup'] = $memprofile['usergroup'];
}
// Grab the following fields from the user's displaygroup
$displaygroupfields = array("title", "usertitle", "stars", "starimage", "image", "usereputationsystem");
$displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
// Get the user title for this user
unset($usertitle);
unset($stars);
if (trim($memprofile['usertitle']) != '') {
// User has custom user title
$usertitle = $memprofile['usertitle'];
} elseif (trim($displaygroup['usertitle']) != '') {
// User has group title
$usertitle = $displaygroup['usertitle'];
} else {
// No usergroup title so get a default one
$query = $db->simple_select("usertitles", "*", "", array('order_by' => 'posts', 'order_dir' => 'DESC'));
while ($title = $db->fetch_array($query)) {
if ($memprofile['postnum'] >= $title['posts']) {
$usertitle = $title['title'];
$stars = $title['stars'];
$starimage = $title['starimage'];
break;
}
}
}
// User is currently online and this user has permissions to view the user on the WOL
$timesearch = TIME_NOW - $mybb->settings['wolcutoffmins'] * 60;
$query = $db->simple_select("sessions", "location,nopermission", "uid='{$uid}' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
$session = $db->fetch_array($query);
if (($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid']) && !empty($session)) {
// Fetch their current location
$lang->load("online");
require_once MYBB_ROOT . "inc/functions_online.php";
$activity = fetch_wol_activity($session['location'], $session['nopermission']);
/*unset($activity['tid']);
unset($activity['fid']);
unset($activity['pid']);
unset($activity['eid']);
unset($activity['aid']);*/
$location = strip_tags(build_friendly_wol_location($activity));
$location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
$online = true;
} else {
$online = false;
}
// Get custom fields start
$custom_fields_list = array();
if ($memprofile['birthday']) {
$membday = explode("-", $memprofile['birthday']);
if ($memprofile['birthdayprivacy'] != 'none') {
if ($membday[0] && $membday[1] && $membday[2]) {
$lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday']));
if ($membday[2] >= 1970) {
$w_day = date("l", mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]));
$membday = format_bdays($mybb->settings['dateformat'], $membday[1], $membday[0], $membday[2], $w_day);
} else {
$bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]);
$membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]);
$membday = date($bdayformat, $membday);
}
$membdayage = $lang->membdayage;
} elseif ($membday[2]) {
$membday = mktime(0, 0, 0, 1, 1, $membday[2]);
$membday = date("Y", $membday);
$membdayage = '';
} else {
$membday = mktime(0, 0, 0, $membday[1], $membday[0], 0);
$membday = date("F j", $membday);
$membdayage = '';
}
}
if ($memprofile['birthdayprivacy'] == 'age') {
$membday = $lang->birthdayhidden;
} else {
if ($memprofile['birthdayprivacy'] == 'none') {
$membday = $lang->birthdayhidden;
$membdayage = '';
}
}
$custom_fields_list[] = new xmlrpcval(array('name' => new xmlrpcval(basic_clean($lang->date_of_birth), 'base64'), 'value' => new xmlrpcval(basic_clean("{$membday} {$membdayage}"), 'base64')), 'struct');
}
// thank you/like field
global $mobiquo_config;
$prefix = $mobiquo_config['thlprefix'];
if ($mybb->settings[$prefix . 'enabled'] == "1") {
$lang->load("thankyoulike");
if ($mybb->settings[$prefix . 'thankslike'] == "like") {
$lang->tyl_total_tyls_given = $lang->tyl_total_likes_given;
$lang->tyl_total_tyls_rcvd = $lang->tyl_total_likes_rcvd;
} else {
if ($mybb->settings[$prefix . 'thankslike'] == "thanks") {
$lang->tyl_total_tyls_given = $lang->tyl_total_thanks_given;
$lang->tyl_total_tyls_rcvd = $lang->tyl_total_thanks_rcvd;
}
}
$daysreg = (TIME_NOW - $memprofile['regdate']) / (24 * 3600);
$tylpd = $memprofile['tyl_unumtyls'] / $daysreg;
$tylpd = round($tylpd, 2);
if ($tylpd > $memprofile['tyl_unumtyls']) {
$tylpd = $memprofile['tyl_unumtyls'];
}
$tylrcvpd = $memprofile['tyl_unumrcvtyls'] / $daysreg;
$tylrcvpd = round($tylrcvpd, 2);
if ($tylrcvpd > $memprofile['tyl_unumrcvtyls']) {
$tylrcvpd = $memprofile['tyl_unumrcvtyls'];
}
// Get total tyl and percentage
$options = array("limit" => 1);
$query = $db->simple_select($prefix . "stats", "*", "title='total'", $options);
$total = $db->fetch_array($query);
if ($total['value'] == 0) {
$percent = "0";
$percent_rcv = "0";
} else {
$percent = $memprofile['tyl_unumtyls'] * 100 / $total['value'];
$percent = round($percent, 2);
$percent_rcv = $memprofile['tyl_unumrcvtyls'] * 100 / $total['value'];
$percent_rcv = round($percent_rcv, 2);
}
if ($percent > 100) {
$percent = 100;
}
if ($percent_rcv > 100) {
$percent_rcv = 100;
}
$memprofile['tyl_unumtyls'] = my_number_format($memprofile['tyl_unumtyls']);
$memprofile['tyl_unumrcvtyls'] = my_number_format($memprofile['tyl_unumrcvtyls']);
$tylpd_percent_total = $lang->sprintf($lang->tyl_tylpd_percent_total, my_number_format($tylpd), $tyl_thankslikes_given, $percent);
$tylrcvpd_percent_total = $lang->sprintf($lang->tyl_tylpd_percent_total, my_number_format($tylrcvpd), $tyl_thankslikes_rcvd, $percent_rcv);
addCustomField($lang->tyl_total_tyls_given, "{$memprofile['tyl_unumtyls']} ({$tylpd_percent_total})", $custom_fields_list);
addCustomField($lang->tyl_total_tyls_rcvd, "{$memprofile['tyl_unumrcvtyls']} ({$tylrcvpd_percent_total})", $custom_fields_list);
}
if ($memprofile['timeonline'] > 0) {
$timeonline = nice_time($memprofile['timeonline']);
addCustomField($lang->timeonline, $timeonline, $custom_fields_list);
}
if ($mybb->settings['usereferrals'] == 1 && $memprofile['referrals'] > 0) {
addCustomField($lang->members_referred, $memprofile['referrals'], $custom_fields_list);
}
if ($memperms['usereputationsystem'] == 1 && $displaygroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1 && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep'])) {
addCustomField($lang->reputation, $memprofile['reputation'], $custom_fields_list);
}
if ($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || $mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)) {
$warning_level = round($memprofile['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100);
if ($warning_level > 100) {
$warning_level = 100;
}
addCustomField($lang->warning_level, $warning_level . '%', $custom_fields_list);
}
if ($memprofile['website']) {
$memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
addCustomField($lang->homepage, $memprofile['website'], $custom_fields_list);
}
if ($memprofile['icq']) {
addCustomField($lang->icq_number, $memprofile['icq'], $custom_fields_list);
}
if ($memprofile['aim']) {
addCustomField($lang->aim_screenname, $memprofile['aim'], $custom_fields_list);
}
if ($memprofile['yahoo']) {
addCustomField($lang->yahoo_id, $memprofile['yahoo'], $custom_fields_list);
}
if ($memprofile['msn']) {
addCustomField($lang->msn, $memprofile['msn'], $custom_fields_list);
}
$query = $db->simple_select("userfields", "*", "ufid='{$uid}'");
$userfields = $db->fetch_array($query);
if ($mybb->usergroup['cancp'] == 1 || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['canmodcp'] == 1) {
$field_hidden = '1=1';
} else {
$field_hidden = "hidden=0";
}
$query = $db->simple_select("profilefields", "*", "{$field_hidden}", array('order_by' => 'disporder'));
while ($customfield = $db->fetch_array($query)) {
$thing = explode("\n", $customfield['type'], "2");
$type = trim($thing[0]);
$field = "fid{$customfield['fid']}";
$useropts = explode("\n", $userfields[$field]);
$customfieldval = $comma = '';
if (is_array($useropts) && ($type == "multiselect" || $type == "checkbox")) {
$customfieldval = $userfields[$field];
} else {
$customfieldval = $parser->parse_badwords($userfields[$field]);
}
$customfield['name'] = htmlspecialchars_uni($customfield['name']);
if ($customfieldval) {
addCustomField($customfield['name'], $customfieldval, $custom_fields_list);
}
}
if ($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW)) {
$sig_parser = array("allow_html" => $mybb->settings['sightml'], "allow_mycode" => $mybb->settings['sigmycode'], "allow_smilies" => $mybb->settings['sigsmilies'], "allow_imgcode" => $mybb->settings['sigimgcode'], "me_username" => $memprofile['username'], "filter_badwords" => 1);
$memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser);
$lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']);
addCustomField($lang->users_signature, $memprofile['signature'], $custom_fields_list);
}
// Get custom fields end
$query = $db->simple_select("banned", "uid", "uid='{$uid}'");
$isbanned = !!$db->fetch_field($query, "uid");
$xmlrpc_user_info = array('user_id' => new xmlrpcval($memprofile['uid'], 'string'), 'username' => new xmlrpcval(basic_clean($memprofile['username']), 'base64'), 'user_name' => new xmlrpcval(basic_clean($memprofile['username']), 'base64'), 'user_type' => check_return_user_type($memprofile['username']), 'post_count' => new xmlrpcval($memprofile['postnum'], 'int'), 'reg_time' => new xmlrpcval(mobiquo_iso8601_encode($memprofile['regdate']), 'dateTime.iso8601'), 'timestamp_reg' => new xmlrpcval($memprofile['regdate'], 'string'), 'last_activity_time' => new xmlrpcval(mobiquo_iso8601_encode($memprofile['lastactive']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($memprofile['lastactive'], 'string'), 'is_online' => new xmlrpcval($online, 'boolean'), 'accept_pm' => new xmlrpcval($memprofile['receivepms'], 'boolean'), 'display_text' => new xmlrpcval($usertitle, 'base64'), 'icon_url' => new xmlrpcval(absolute_url($memprofile['avatar']), 'string'), 'current_activity' => new xmlrpcval($location, 'base64'));
if ($mybb->usergroup['canmodcp'] == 1 && $uid != $mybb->user['uid']) {
$xmlrpc_user_info['can_ban'] = new xmlrpcval(ture, 'boolean');
}
if ($isbanned) {
$xmlrpc_user_info['is_ban'] = new xmlrpcval(ture, 'boolean');
}
$xmlrpc_user_info['custom_fields_list'] = new xmlrpcval($custom_fields_list, 'array');
return new xmlrpcresp(new xmlrpcval($xmlrpc_user_info, 'struct'));
}
function mysteam_usercp()
{
global $lang, $mybb;
if (!$lang->mysteam) {
$lang->load('mysteam');
}
// Check if current User CP page is Steam Integration.
if ($mybb->input['action'] == 'steamid') {
global $db, $theme, $templates, $headerinclude, $header, $footer, $plugins, $usercpnav, $steamform;
// Make sure user is in an allowed usergroup if set.
$is_allowed = mysteam_filter_groups($mybb->user);
if (!$is_allowed) {
error_no_permission();
}
add_breadcrumb($lang->nav_usercp, 'usercp.php');
add_breadcrumb($lang->mysteam_integration, 'usercp.php?action=steamid');
$submit_display = 'display: none;';
if (!$mybb->user['steamid']) {
$decouple_display = 'display: none;';
}
// Process the form submission if something has been submitted.
if ($mybb->input['uid']) {
$submit_display = '';
$uid = $db->escape_string($mybb->input['uid']);
// If user has attempted to submit a Steam profile . . .
if ($mybb->input['submit']) {
// If user directly entered a Steam ID . . .
if (is_numeric($mybb->input['steamprofile']) && strlen($mybb->input['steamprofile']) === 17) {
$steamid = $db->escape_string($mybb->input['steamprofile']);
// Ensure the Steam ID is valid.
$data = 'http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=' . $mybb->settings['mysteam_apikey'] . '&steamids=' . $steamid;
$response = multiRequest($data);
if (!strpos($response[0], 'steamid')) {
unset($steamid);
} else {
$decoded = json_decode($response[0]);
$steamname = $decoded->response->players[0]->personaname;
}
} elseif (!strpos($mybb->input['steamprofile'], '/')) {
$vanity_url = $db->escape_string($mybb->input['steamprofile']);
$data = 'http://api.steampowered.com/ISteamUser/ResolveVanityURL/v0001/?key=' . $mybb->settings['mysteam_apikey'] . '&vanityurl=' . $vanity_url;
$response = multiRequest($data);
$decoded = json_decode($response[0]);
if ($decoded->response->success == 1) {
$steamid = $db->escape_string($decoded->response->steamid);
}
} elseif (strpos($mybb->input['steamprofile'], '/profiles/')) {
$trimmed_url = rtrim($mybb->input['steamprofile'], '/');
$parsed_url = explode('/', $trimmed_url);
$steamid = end($parsed_url);
$data = 'http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=' . $mybb->settings['mysteam_apikey'] . '&steamids=' . $steamid;
$response = multiRequest($data);
if (!strpos($response[0], 'steamid')) {
unset($steamid);
} else {
$decoded = json_decode($response[0]);
$steamname = $decoded->response->players[0]->personaname;
}
} elseif (strpos($mybb->input['steamprofile'], '/id/')) {
$trimmed_url = rtrim($mybb->input['steamprofile'], '/');
$parsed_url = explode('/', $trimmed_url);
$vanity_url = end($parsed_url);
$data = 'http://api.steampowered.com/ISteamUser/ResolveVanityURL/v0001/?key=' . $mybb->settings['mysteam_apikey'] . '&vanityurl=' . $vanity_url;
$response = multiRequest($data);
$decoded = json_decode($response[0]);
if ($decoded->response->success == 1) {
$steamid = $db->escape_string($decoded->response->steamid);
}
}
// If we have a valid Steam ID . . .
if ($steamid) {
$query = $db->simple_select("users", "username", "steamid='" . $steamid . "'");
$username_same = $db->fetch_field($query, 'username');
// Don't run if Steam ID matches another user's current ID, and display error.
if ($db->num_rows($query)) {
$submit_message = '
<p><em>' . $lang->please_correct_errors . '</em></p>
<p>' . $lang->mysteam_submit_same . $username_same . '</p>';
} else {
$db->update_query("users", array('steamid' => $steamid), "uid='" . $uid . "'");
if ($vanity_url) {
$success_third_line = '<br />
<strong>' . $lang->mysteam_vanityurl . '</strong>' . $vanity_url . '</p>';
} else {
$success_third_line = '<br />
<strong>' . $lang->mysteam_name . '</strong>' . $steamname . '</p>';
}
$submit_message = '<p><strong>' . $lang->mysteam_submit_success . '</strong></p>
<p><strong>' . $lang->mysteam_steamid . '</strong>' . $steamid . $success_third_line;
}
} else {
$submit_message = '<p><em>' . $lang->please_correct_errors . '</em></p>
<p>' . $lang->mysteam_submit_invalid . '</p>';
}
} elseif ($mybb->input['decouple']) {
$db->update_query("users", array('steamid' => ''), "uid='" . $uid . "'");
$submit_message = $lang->mysteam_decouple_success;
}
}
eval("\$steamform = \"" . $templates->get("mysteam_usercp") . "\";");
output_page($steamform);
}
}
function replyban_run()
{
global $db, $mybb, $lang, $templates, $theme, $headerinclude, $header, $footer, $replyban, $moderation;
$lang->load("replyban");
if ($mybb->input['action'] != "replyban" && $mybb->input['action'] != "do_replyban" && $mybb->input['action'] != "liftreplyban") {
return;
}
if ($mybb->input['action'] == "replyban") {
$tid = $mybb->get_input('tid', MyBB::INPUT_INT);
$thread = get_thread($tid);
if (!is_moderator($thread['fid'], "canmanagethreads")) {
error_no_permission();
}
if (!$thread['tid']) {
error($lang->error_invalidthread);
}
$thread['subject'] = htmlspecialchars_uni($thread['subject']);
$lang->reply_bans_for = $lang->sprintf($lang->reply_bans_for, $thread['subject']);
check_forum_password($thread['fid']);
build_forum_breadcrumb($thread['fid']);
add_breadcrumb($thread['subject'], get_thread_link($thread['tid']));
add_breadcrumb($lang->reply_bans);
$query = $db->query("\r\n\t\t\tSELECT r.*, u.username\r\n\t\t\tFROM " . TABLE_PREFIX . "replybans r\r\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (r.uid=u.uid)\r\n\t\t\tWHERE r.tid='{$thread['tid']}'\r\n\t\t\tORDER BY r.dateline DESC\r\n\t\t");
while ($ban = $db->fetch_array($query)) {
$ban['reason'] = htmlspecialchars_uni($ban['reason']);
$ban['username'] = build_profile_link($ban['username'], $ban['uid']);
if ($ban['lifted'] == 0) {
$ban['lifted'] = $lang->permanent;
} else {
$ban['lifted'] = my_date('relative', $ban['lifted'], '', 2);
}
$alt_bg = alt_trow();
eval("\$ban_bit .= \"" . $templates->get("moderation_replyban_bit") . "\";");
}
if (!$ban_bit) {
eval("\$ban_bit = \"" . $templates->get("moderation_replyban_no_bans") . "\";");
}
// Generate the banned times dropdown
$liftlist = '';
$bantimes = fetch_ban_times();
foreach ($bantimes as $time => $title) {
$selected = '';
if (isset($banned['bantime']) && $banned['bantime'] == $time) {
$selected = " selected=\"selected\"";
}
$thattime = '';
if ($time != '---') {
$dateline = TIME_NOW;
if (isset($banned['dateline'])) {
$dateline = $banned['dateline'];
}
$thatime = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time, $dateline));
$thattime = " ({$thatime})";
}
eval("\$liftlist .= \"" . $templates->get("moderation_replyban_liftlist") . "\";");
}
eval("\$replyban = \"" . $templates->get("moderation_replyban") . "\";");
output_page($replyban);
}
if ($mybb->input['action'] == "do_replyban" && $mybb->request_method == "post") {
// Verify incoming POST request
verify_post_check($mybb->get_input('my_post_key'));
$tid = $mybb->get_input('tid', MyBB::INPUT_INT);
$thread = get_thread($tid);
if (!is_moderator($thread['fid'], "canmanagethreads")) {
error_no_permission();
}
if (!$thread['tid']) {
error($lang->error_invalidthread);
}
$user = get_user_by_username($mybb->input['username'], array('fields' => array('username')));
if (!$user['uid']) {
error($lang->error_invaliduser);
}
$mybb->input['reason'] = $mybb->get_input('reason');
if (!trim($mybb->input['reason'])) {
error($lang->error_missing_reason);
}
$query = $db->simple_select('replybans', 'rid', "uid='{$user['uid']}' AND tid='{$thread['tid']}'");
$existingban = $db->fetch_field($query, 'rid');
if ($existingban > 0) {
error($lang->error_alreadybanned);
}
if ($mybb->get_input('liftban') == '---') {
$lifted = 0;
} else {
$lifted = ban_date2timestamp($mybb->get_input('liftban'), 0);
}
$reason = my_substr($mybb->input['reason'], 0, 240);
$insert_array = array('uid' => $user['uid'], 'tid' => $thread['tid'], 'dateline' => TIME_NOW, 'reason' => $db->escape_string($reason), 'lifted' => $db->escape_string($lifted));
$db->insert_query('replybans', $insert_array);
log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned);
moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_user_banned_replying);
}
if ($mybb->input['action'] == "liftreplyban") {
// Verify incoming POST request
verify_post_check($mybb->get_input('my_post_key'));
$rid = $mybb->get_input('rid', MyBB::INPUT_INT);
$query = $db->simple_select("replybans", "*", "rid='{$rid}'");
$ban = $db->fetch_array($query);
if (!$ban['rid']) {
error($lang->error_invalidreplyban);
}
$thread = get_thread($ban['tid']);
$user = get_user($ban['uid']);
if (!$thread['tid']) {
error($lang->error_invalidthread);
}
if (!is_moderator($thread['fid'], "canmanagethreads")) {
error_no_permission();
}
$db->delete_query("replybans", "rid='{$ban['rid']}'");
log_moderator_action(array("tid" => $thread['tid'], "fid" => $thread['fid'], "uid" => $user['uid'], "username" => $user['username']), $lang->user_reply_banned_lifted);
moderation_redirect("moderation.php?action=replyban&tid={$thread['tid']}", $lang->redirect_reply_ban_lifted);
}
exit;
}
function trader_unapprove($fid)
{
global $mybb, $db, $header, $headerinclude, $footer, $lang;
$lang->load("tradefeedback");
$fid = intval($fid);
if (!$fid) {
error($lang->feedback_invalid_action);
}
if ($mybb->usergroup['canmodcp'] == 0) {
error_no_permission();
}
verify_post_check($mybb->input['my_post_key']);
// Check if the rep exists
$query = $db->simple_select("trade_feedback", "receiver", "fid={$fid}");
$userid = $db->fetch_field($query, "receiver");
if (!$userid) {
error($lang->feedback_invalid_action);
}
$db->write_query("UPDATE " . TABLE_PREFIX . "trade_feedback SET approved=0 WHERE fid={$fid}");
trader_rebuild_reputation($userid);
$url = $mybb->settings['bburl'] . "/tradefeedback.php?action=view&uid={$userid}";
$message = $lang->feedback_unapproved_success;
redirect($url, $message, "", true);
}
function newpoints_shop_page()
{
global $mybb, $db, $lang, $cache, $theme, $header, $templates, $plugins, $headerinclude, $footer, $options, $inline_errors;
if (!$mybb->user['uid']) {
return;
}
newpoints_lang_load("newpoints_shop");
if ($mybb->input['action'] == "do_shop") {
verify_post_check($mybb->input['postcode']);
$plugins->run_hooks("newpoints_do_shop_start");
switch ($mybb->input['shop_action']) {
case 'buy':
$plugins->run_hooks("newpoints_shop_buy_start");
// check if the item exists
if (!($item = newpoints_shop_get_item($mybb->input['iid']))) {
error($lang->newpoints_shop_invalid_item);
}
// check if the item is assigned to category
if (!($cat = newpoints_shop_get_category($item['cid']))) {
error($lang->newpoints_shop_invalid_cat);
}
// check if we have permissions to view the parent category
if (!newpoints_shop_check_permissions($cat['usergroups'])) {
error_no_permission();
}
if ($item['visible'] == 0 || $cat['visible'] == 0) {
error_no_permission();
}
// check group rules - primary group check
$grouprules = newpoints_getrules('group', $mybb->user['usergroup']);
if (!$grouprules) {
$grouprules['items_rate'] = 1.0;
}
// no rule set so default income rate is 1
// if the group items rate is 0, the price of the item is 0
if (floatval($grouprules['items_rate']) == 0) {
$item['price'] = 0;
} else {
$item['price'] = $item['price'] * floatval($grouprules['items_rate']);
}
if (floatval($item['price']) > floatval($mybb->user['newpoints'])) {
$errors[] = $lang->newpoints_shop_not_enough;
}
if ($item['infinite'] != 1 && $item['stock'] <= 0) {
$errors[] = $lang->newpoints_shop_out_of_stock;
}
if ($item['limit'] != 0) {
// Get how many items of this type we have in our inventory
$myitems = @unserialize($mybb->user['newpoints_items']);
if (!$myitems) {
$myitems = array();
}
// If more than or equal to $item['limit'] -> FAILED
if (count(array_keys($myitems, $item['iid'])) >= $item['limit']) {
$errors[] = $lang->newpoints_shop_limit_reached;
}
}
if (!empty($errors)) {
$inline_errors = inline_error($errors, $lang->newpoints_shop_inline_errors);
$mybb->input = array();
$mybb->input['action'] = 'shop';
} else {
$myitems = @unserialize($mybb->user['newpoints_items']);
if (!$myitems) {
$myitems = array();
}
$myitems[] = $item['iid'];
$db->update_query('users', array('newpoints_items' => serialize($myitems)), 'uid=\'' . $mybb->user['uid'] . '\'');
// update stock
if ($item['infinite'] != 1) {
$db->update_query('newpoints_shop_items', array('stock' => $item['stock'] - 1), 'iid=\'' . $item['iid'] . '\'');
}
// get money from user
newpoints_addpoints($mybb->user['uid'], -floatval($item['price']));
if (!empty($item['pm'])) {
// send PM if item has private message
newpoints_send_pm(array('subject' => $lang->newpoints_shop_bought_item_pm_subject, 'message' => $item['pm'], 'touid' => $mybb->user['uid'], 'receivepms' => 1), -1);
}
$plugins->run_hooks("newpoints_shop_buy_end", $item);
// log purchase
newpoints_log('shop_purchase', $lang->sprintf($lang->newpoints_shop_purchased_log, $item['iid'], $item['price']));
redirect($mybb->settings['bburl'] . "/newpoints.php?action=shop", $lang->newpoints_shop_item_bought, $lang->newpoints_shop_item_bought_title);
}
break;
case 'send':
$plugins->run_hooks("newpoints_shop_send_start");
// check if the item exists
if (!($item = newpoints_shop_get_item($mybb->input['iid']))) {
error($lang->newpoints_shop_invalid_item);
}
// check if the item is assigned to category
if (!($cat = newpoints_shop_get_category($item['cid']))) {
error($lang->newpoints_shop_invalid_cat);
}
// check if we have permissions to view the parent category
if (!newpoints_shop_check_permissions($cat['usergroups'])) {
error_no_permission();
}
if ($item['visible'] == 0 || $cat['visible'] == 0) {
error_no_permission();
}
$myitems = @unserialize($mybb->user['newpoints_items']);
if (!$myitems) {
error($lang->newpoints_shop_inventory_empty);
}
// make sure we own the item
$key = array_search($item['iid'], $myitems);
if ($key === false) {
error($lang->newpoints_shop_selected_item_not_owned);
}
$lang->newpoints_shop_action = $lang->newpoints_shop_send_item;
$item['name'] = htmlspecialchars_uni($item['name']);
global $shop_action, $data, $colspan;
$colspan = 2;
$shop_action = 'do_send';
$fields = '<input type="hidden" name="iid" value="' . $item['iid'] . '">';
$data = "<td class=\"trow1\" width=\"50%\"><strong>" . $lang->newpoints_shop_send_item_username . ":</strong><br /><small>" . $lang->newpoints_shop_send_item_message . "</small></td><td class=\"trow1\" width=\"50%\"><input type=\"text\" class=\"textbox\" name=\"username\" value=\"\"></td>";
$plugins->run_hooks("newpoints_shop_send_end");
eval("\$page = \"" . $templates->get('newpoints_shop_do_action') . "\";");
output_page($page);
break;
case 'do_send':
$plugins->run_hooks("newpoints_shop_do_send_start");
// check if the item exists
if (!($item = newpoints_shop_get_item($mybb->input['iid']))) {
error($lang->newpoints_shop_invalid_item);
}
// check if the item is assigned to category
if (!($cat = newpoints_shop_get_category($item['cid']))) {
error($lang->newpoints_shop_invalid_cat);
}
// check if we have permissions to view the parent category
if (!newpoints_shop_check_permissions($cat['usergroups'])) {
error_no_permission();
}
if ($item['visible'] == 0 || $cat['visible'] == 0) {
error_no_permission();
}
$myitems = @unserialize($mybb->user['newpoints_items']);
if (!$myitems) {
error($lang->newpoints_shop_inventory_empty);
}
// make sure we own the item
$key = array_search($item['iid'], $myitems);
if ($key === false) {
error($lang->newpoints_shop_selected_item_not_owned);
}
$username = trim($mybb->input['username']);
if (!($user = newpoints_getuser_byname($username))) {
error($lang->newpoints_shop_invalid_user);
} else {
if ($user['uid'] == $mybb->user['uid']) {
error($lang->newpoints_shop_cant_send_item_self);
}
// send item to the selected user
$useritems = @unserialize($user['newpoints_items']);
if (!$useritems) {
$useritems = array();
}
$useritems[] = $item['iid'];
$db->update_query('users', array('newpoints_items' => serialize($useritems)), 'uid=\'' . $user['uid'] . '\'');
// remove item from our inventory
unset($myitems[$key]);
sort($myitems);
$db->update_query('users', array('newpoints_items' => serialize($myitems)), 'uid=\'' . $mybb->user['uid'] . '\'');
$plugins->run_hooks("newpoints_shop_do_send_end");
// send pm to user
newpoints_send_pm(array('subject' => $lang->newpoints_shop_item_received_title, 'message' => $lang->sprintf($lang->newpoints_shop_item_received, htmlspecialchars_uni($mybb->user['username']), htmlspecialchars_uni($item['name'])), 'touid' => $user['uid'], 'receivepms' => 1), -1);
// log
newpoints_log('shop_send', $lang->sprintf($lang->newpoints_shop_sent_log, $item['iid'], $user['uid'], $user['username']));
redirect($mybb->settings['bburl'] . "/newpoints.php?action=shop&shop_action=myitems", $lang->newpoints_shop_item_sent, $lang->newpoints_shop_item_sent_title);
}
break;
case 'sell':
$plugins->run_hooks("newpoints_shop_sell_start");
// check if the item exists
if (!($item = newpoints_shop_get_item($mybb->input['iid']))) {
error($lang->newpoints_shop_invalid_item);
}
// check if the item is assigned to category
if (!($cat = newpoints_shop_get_category($item['cid']))) {
error($lang->newpoints_shop_invalid_cat);
}
// check if we have permissions to view the parent category
if (!newpoints_shop_check_permissions($cat['usergroups'])) {
error_no_permission();
}
if ($item['visible'] == 0 || $cat['visible'] == 0) {
error_no_permission();
}
$myitems = @unserialize($mybb->user['newpoints_items']);
if (!$myitems) {
error($lang->newpoints_shop_inventory_empty);
}
// make sure we own the item
$key = array_search($item['iid'], $myitems);
if ($key === false) {
error($lang->newpoints_shop_selected_item_not_owned);
}
$lang->newpoints_shop_action = $lang->newpoints_shop_sell_item;
$item['name'] = htmlspecialchars_uni($item['name']);
global $shop_action, $data, $colspan;
$colspan = 1;
$shop_action = 'do_sell';
$fields = '<input type="hidden" name="iid" value="' . $item['iid'] . '">';
$data = "<td class=\"trow1\" width=\"100%\">" . $lang->sprintf($lang->newpoints_shop_sell_item_confirm, htmlspecialchars_uni($item['name']), newpoints_format_points(floatval($item['price']) * $mybb->settings['newpoints_shop_percent'])) . "</td>";
$plugins->run_hooks("newpoints_shop_sell_end");
eval("\$page = \"" . $templates->get('newpoints_shop_do_action') . "\";");
output_page($page);
break;
case 'do_sell':
$plugins->run_hooks("newpoints_shop_do_sell_start");
// check if the item exists
if (!($item = newpoints_shop_get_item($mybb->input['iid']))) {
error($lang->newpoints_shop_invalid_item);
}
// check if the item is assigned to category
if (!($cat = newpoints_shop_get_category($item['cid']))) {
error($lang->newpoints_shop_invalid_cat);
}
// check if we have permissions to view the parent category
if (!newpoints_shop_check_permissions($cat['usergroups'])) {
error_no_permission();
}
if ($item['visible'] == 0 || $cat['visible'] == 0) {
error_no_permission();
}
$myitems = @unserialize($mybb->user['newpoints_items']);
if (!$myitems) {
error($lang->newpoints_shop_inventory_empty);
}
// make sure we own the item
$key = array_search($item['iid'], $myitems);
if ($key === false) {
error($lang->newpoints_shop_selected_item_not_owned);
}
// remove item from our inventory
unset($myitems[$key]);
sort($myitems);
$db->update_query('users', array('newpoints_items' => serialize($myitems)), 'uid=\'' . $mybb->user['uid'] . '\'');
// update stock
if ($item['infinite'] != 1) {
$db->update_query('newpoints_shop_items', array('stock' => $item['stock'] + 1), 'iid=\'' . $item['iid'] . '\'');
}
newpoints_addpoints($mybb->user['uid'], floatval($item['price']) * $mybb->settings['newpoints_shop_percent']);
$plugins->run_hooks("newpoints_shop_do_sell_end");
// log
newpoints_log('shop_sell', $lang->sprintf($lang->newpoints_shop_sell_log, $item['iid'], floatval($item['price']) * $mybb->settings['newpoints_shop_percent']));
redirect($mybb->settings['bburl'] . "/newpoints.php?action=shop&shop_action=myitems", $lang->newpoints_shop_item_sell, $lang->newpoints_shop_item_sell_title);
break;
default:
error_no_permission();
}
$plugins->run_hooks("newpoints_do_shop_end");
}
// shop page
if ($mybb->input['action'] == "shop") {
$plugins->run_hooks("newpoints_shop_start");
if ($mybb->input['shop_action'] == 'view') {
// check if the item exists
if (!($item = newpoints_shop_get_item($mybb->input['iid']))) {
error($lang->newpoints_shop_invalid_item);
}
// check if the item is assigned to category
if (!($cat = newpoints_shop_get_category($item['cid']))) {
error($lang->newpoints_shop_invalid_cat);
}
// check if we have permissions to view the parent category
if (!newpoints_shop_check_permissions($cat['usergroups'])) {
error_no_permission();
}
if ($item['visible'] == 0 || $cat['visible'] == 0) {
error_no_permission();
}
$item['name'] = htmlspecialchars_uni($item['name']);
$item['description'] = htmlspecialchars_uni($item['description']);
// check group rules - primary group check
$grouprules = newpoints_getrules('group', $mybb->user['usergroup']);
if (!$grouprules) {
$grouprules['items_rate'] = 1.0;
}
// no rule set so default income rate is 1
// if the group items rate is 0, the price of the item is 0
if (floatval($grouprules['items_rate']) == 0) {
$item['price'] = 0;
} else {
$item['price'] = $item['price'] * floatval($grouprules['items_rate']);
}
$item['price'] = newpoints_format_points($item['price']);
if ($item['price'] > $mybb->user['newpoints']) {
$item['price'] = '<span style="color: #FF0000;">' . $item['price'] . '</span>';
}
// build icon
if ($item['icon'] != '') {
$item['icon'] = htmlspecialchars_uni($item['icon']);
$item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $item['icon'] . '">';
} else {
$item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/images/newpoints/default.png">';
}
if ($item['infinite'] == 1) {
$item['stock'] = $lang->newpoints_shop_infinite;
} else {
$item['stock'] = intval($item['stock']);
}
if ($item['sendable'] == 1) {
$item['sendable'] = $lang->newpoints_shop_yes;
} else {
$item['sendable'] = $lang->newpoints_shop_no;
}
if ($item['sellable'] == 1) {
$item['sellable'] = $lang->newpoints_shop_yes;
} else {
$item['sellable'] = $lang->newpoints_shop_no;
}
eval("\$page = \"" . $templates->get('newpoints_shop_view_item') . "\";");
} elseif ($mybb->input['shop_action'] == 'myitems') {
$uid = intval($mybb->input['uid']);
$uidpart = '';
if ($uid > 0) {
$user = get_user($uid);
// we're viewing someone else's inventory
if (!empty($user)) {
// we can't view others inventories if we don't have enough previleges
if ($mybb->settings['newpoints_shop_viewothers'] != 1 && $mybb->usergroup['cancp'] != 1 && $mybb->user['uid'] != $uid) {
error_no_permission();
}
$myitems = @unserialize($user['newpoints_items']);
$lang->newpoints_shop_myitems = $lang->sprintf($lang->newpoints_shop_items_username, htmlspecialchars_uni($user['username']));
$uidpart = "&uid=" . $uid;
// we need this for pagination
} else {
$myitems = @unserialize($mybb->user['newpoints_items']);
}
} else {
$myitems = @unserialize($mybb->user['newpoints_items']);
}
$items = '';
$newrow = true;
$invert_bgcolor = alt_trow();
if ($mybb->settings['newpoints_shop_sendable'] != 1) {
$sendable = false;
} else {
$sendable = true;
}
if ($mybb->settings['newpoints_shop_sellable'] != 1) {
$sellable = false;
} else {
$sellable = true;
}
require_once MYBB_ROOT . "inc/class_parser.php";
$parser = new postParser();
$parser_options = array('allow_mycode' => 1, 'allow_smilies' => 1, 'allow_imgcode' => 0, 'allow_html' => 0, 'filter_badwords' => 1);
if (!empty($myitems)) {
// pagination
$per_page = 10;
$mybb->input['page'] = intval($mybb->input['page']);
if ($mybb->input['page'] && $mybb->input['page'] > 1) {
$mybb->input['page'] = intval($mybb->input['page']);
$start = $mybb->input['page'] * $per_page - $per_page;
} else {
$mybb->input['page'] = 1;
$start = 0;
}
// total items
$total_rows = $db->fetch_field($db->simple_select("newpoints_shop_items", "COUNT(iid) as items", 'visible=1 AND iid IN (' . implode(',', array_unique($myitems)) . ')'), "items");
// multi-page
if ($total_rows > $per_page) {
$multipage = multipage($total_rows, $per_page, $mybb->input['page'], $mybb->settings['bburl'] . "/newpoints.php?action=shop&shop_action=myitems" . $uidpart);
}
$query = $db->simple_select('newpoints_shop_items', '*', 'visible=1 AND iid IN (' . implode(',', array_unique($myitems)) . ')', array('limit' => "{$start}, {$per_page}"));
while ($item = $db->fetch_array($query)) {
if ($newrow === true) {
$trstart = '<tr>';
$trend = '';
$newrow = false;
} elseif ($newrow === false) {
$trstart = '';
$trend = '</tr>';
$newrow = true;
}
if ($sellable === true && $item['sellable']) {
if ($sendable === true && $item['sendable']) {
$tdstart = '<td width="50%">';
} else {
$tdstart = '<td width="100%">';
}
$sell = $tdstart . '<form action="newpoints.php" method="POST"><input type="hidden" name="action" value="do_shop"><input type="hidden" name="shop_action" value="sell"><input type="hidden" name="iid" value="' . $item['iid'] . '"><input type="hidden" name="postcode" value="' . $mybb->post_code . '"><input type="submit" name="submit" value="' . $lang->newpoints_shop_sell . '"></form></td>';
} else {
$sell = '';
}
if ($sendable === true && $item['sendable']) {
if ($sell == '') {
$tdstart = '<td width="100%">';
} else {
$tdstart = '<td width="50%">';
}
$send = $tdstart . '<form action="newpoints.php" method="POST"><input type="hidden" name="action" value="do_shop"><input type="hidden" name="shop_action" value="send"><input type="hidden" name="iid" value="' . $item['iid'] . '"><input type="hidden" name="postcode" value="' . $mybb->post_code . '"><input type="submit" name="submit" value="' . $lang->newpoints_shop_send . '"></form></td>';
} else {
$send = '';
}
if (!$send && !$sell) {
$send = $lang->newpoints_shop_no_options;
}
$item['description'] = $parser->parse_message($item['description'], $parser_options);
// check group rules - primary group check
$grouprules = newpoints_getrules('group', $mybb->user['usergroup']);
if (!$grouprules) {
$grouprules['items_rate'] = 1.0;
}
// no rule set so default income rate is 1
// if the group items rate is 0, the price of the item is 0
if (floatval($grouprules['items_rate']) == 0) {
$item['price'] = 0;
} else {
$item['price'] = $item['price'] * floatval($grouprules['items_rate']);
}
$item['price'] = newpoints_format_points($item['price']);
$item['quantity'] = count(array_keys($myitems, $item['iid']));
// build icon
if ($item['icon'] != '') {
$item['icon'] = htmlspecialchars_uni($item['icon']);
$item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $item['icon'] . '">';
} else {
$item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/images/newpoints/default.png">';
}
$bgcolor = alt_trow();
$invert_bgcolor = alt_trow();
eval("\$items .= \"" . $trstart . $templates->get('newpoints_shop_myitems_item') . $trend . "\";");
}
if (!$items) {
eval("\$items = \"" . $templates->get('newpoints_shop_myitems_no_items') . "\";");
} else {
if ($newrow === false) {
eval("\$items .= \"" . $templates->get('newpoints_shop_myitems_item_empty') . "</tr>" . "\";");
$newrow = true;
}
}
} else {
eval("\$items = \"" . $templates->get('newpoints_shop_myitems_no_items') . "\";");
}
eval("\$page = \"" . $templates->get('newpoints_shop_myitems') . "\";");
} else {
// check group rules - primary group check
$grouprules = newpoints_getrules('group', $mybb->user['usergroup']);
if (!$grouprules) {
$grouprules['items_rate'] = 1.0;
}
// no rule set so default income rate is 1
// if the group items rate is 0, the price of the item is 0
$itemsrate = floatval($grouprules['items_rate']);
global $cats, $items;
// get categories
$query = $db->simple_select('newpoints_shop_categories', '*', '', array('order_by' => 'disporder', 'order_dir' => 'ASC'));
while ($cat = $db->fetch_array($query)) {
$categories[$cat['cid']] = $cat;
}
// get items and store them in their categories
$query = $db->simple_select('newpoints_shop_items', '*', 'visible=1 AND cid>0', array('order_by' => 'disporder', 'order_dir' => 'ASC'));
while ($item = $db->fetch_array($query)) {
$items_array[$item['cid']][$item['iid']] = $item;
}
$cats = '';
$bgcolor = '';
$bgcolor = alt_trow();
// build items and categories
if (!empty($categories)) {
foreach ($categories as $cid => $category) {
$items = '';
if ($category['items'] > 0 && !empty($items_array[$category['cid']])) {
foreach ($items_array as $cid => $member) {
if ($cid != $category['cid']) {
continue;
}
$bgcolor = alt_trow();
foreach ($member as $iid => $item) {
// skip hidden items
if ($item['visible'] == 0) {
continue;
}
if ($item['infinite'] == 1) {
$item['stock'] = $lang->newpoints_shop_infinite;
}
if ($item['price'] > $mybb->user['newpoints']) {
$enough_money = false;
} else {
$enough_money = true;
}
$item['name'] = htmlspecialchars_uni($item['name']);
$item['description'] = htmlspecialchars_uni($item['description']);
$item['price'] = newpoints_format_points($item['price'] * $itemsrate);
// build icon
if ($item['icon'] != '') {
$item['icon'] = htmlspecialchars_uni($item['icon']);
$item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $item['icon'] . '">';
} else {
$item['icon'] = '<img src="' . $mybb->settings['bburl'] . '/images/newpoints/default.png">';
}
if (!$enough_money) {
$item['price'] = '<span style="color: #FF0000;">' . $item['price'] . '</span>';
}
eval("\$items .= \"" . $templates->get('newpoints_shop_item') . "\";");
}
}
} else {
eval("\$items = \"" . $templates->get('newpoints_shop_no_items') . "\";");
}
// if it's not visible, don't show it
if ($category['visible'] == 0) {
continue;
}
// check if we have permissions to view the category
if (!newpoints_shop_check_permissions($category['usergroups'])) {
continue;
}
// Expanded by default feature
global $extdisplay, $expcolimage, $expdisplay, $expaltext, $icon;
$expdisplay = '';
if (intval($category['expanded']) == 0) {
$expcolimage = "collapse_collapsed.gif";
$expdisplay = "display: none;";
$expaltext = "[+]";
} else {
$expcolimage = "collapse.gif";
$expaltext = "[-]";
}
// build icon
if ($category['icon'] != '') {
$category['icon'] = htmlspecialchars_uni($category['icon']);
$category['icon'] = '<img src="' . $mybb->settings['bburl'] . '/' . $category['icon'] . '" style="vertical-align:middle">';
}
// sanitize html
$category['description'] = htmlspecialchars_uni($category['description']);
$category['name'] = htmlspecialchars_uni($category['name']);
eval("\$cats .= \"" . $templates->get('newpoints_shop_category') . "\";");
}
} else {
eval("\$cats = \"" . $templates->get('newpoints_shop_no_cats') . "\";");
}
eval("\$page = \"" . $templates->get('newpoints_shop') . "\";");
}
$plugins->run_hooks("newpoints_shop_end");
// output page
output_page($page);
}
}
function cloudflare_moderation_start()
{
global $mybb, $db, $cache, $fid, $pid;
if (!$mybb->settings['cloudflare_postbit_spam'] || $mybb->input['action'] != 'cloudflare_report_spam') {
return;
}
if (!$mybb->input['pid']) {
error($lang->error_invalidpost);
}
$pid = intval($mybb->input['pid']);
if (!$mybb->input['fid']) {
error($lang->error_invalidforum);
}
$fid = intval($mybb->input['fid']);
if (!is_moderator($fid)) {
error_no_permission();
}
$query = $db->query("\n\t\tSELECT p.uid, p.username, u.email, p.message, p.ipaddress, p.tid\n\t\tFROM " . TABLE_PREFIX . "posts p\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=p.uid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "forums f ON (f.fid=p.fid)\n\t\tWHERE p.pid = '{$pid}'\n\t");
$post = $db->fetch_array($query);
if (!$post) {
error($lang->error_invalidpost);
}
if (!$mybb->input['my_post_key']) {
error_no_permission();
}
verify_post_check($mybb->input['my_post_key']);
$spammer = get_user($post['uid']);
$data = array("a" => $spammer['username'], "am" => $spammer['email'], "ip" => $post['ipaddress'], "con" => substr($post['message'], 0, 100));
$data = urlencode(json_encode($data));
cloudflare_report_spam($data);
redirect(get_post_link($pid), "Spam successfully reported to CloudFlare. You may now ban the spammer.");
}
function mysupport_modcp_support_denial()
{
global $mybb;
if ($mybb->settings['enablemysupport'] != 1) {
return;
}
global $db, $cache, $lang, $theme, $templates, $headerinclude, $header, $footer, $modcp_nav, $mod_log_action, $redirect;
$lang->load("mysupport");
if ($mybb->input['action'] == "supportdenial") {
if (!mysupport_usergroup("canmanagesupportdenial")) {
error_no_permission();
}
add_breadcrumb($lang->nav_modcp, "modcp.php");
add_breadcrumb($lang->support_denial, "modcp.php?action=supportdenial");
if ($mybb->input['do'] == "do_denysupport") {
verify_post_check($mybb->input['my_post_key']);
if ($mybb->settings['enablemysupportsupportdenial'] != 1) {
mysupport_error($lang->support_denial_not_enabled);
exit;
}
// get username from UID
// this is if we're revoking via the list of denied users, we specify a UID here
if ($mybb->input['uid']) {
$uid = intval($mybb->input['uid']);
$user = get_user($uid);
$username = $user['username'];
} elseif ($mybb->input['username']) {
$username = $db->escape_string($mybb->input['username']);
$query = $db->simple_select("users", "uid", "username = '******'");
$uid = $db->fetch_field($query, "uid");
}
if (!$uid || !$username) {
mysupport_error($lang->support_denial_reason_invalid_user);
exit;
}
if (isset($mybb->input['deniedsupportreason'])) {
$deniedsupportreason = intval($mybb->input['deniedsupportreason']);
} else {
$deniedsupportreason = 0;
}
if ($mybb->input['tid'] != 0) {
$tid = intval($mybb->input['tid']);
$thread_info = get_thread($tid);
$fid = $thread_info['fid'];
$redirect_url = get_thread_link($tid);
} else {
$redirect_url = "modcp.php?action=supportdenial";
}
$mod_log_action = "";
$redirect = "";
$mysupport_cache = $cache->read("mysupport");
// -1 is if we're revoking and 0 is no reason, so those are exempt
if (!array_key_exists($deniedsupportreason, $mysupport_cache['deniedreasons']) && $deniedsupportreason != -1 && $deniedsupportreason != 0) {
mysupport_error($lang->support_denial_reason_invalid_reason);
exit;
} elseif ($deniedsupportreason == -1) {
$update = array("deniedsupport" => 0, "deniedsupportreason" => 0, "deniedsupportuid" => 0);
$db->update_query("users", $update, "uid = '" . intval($uid) . "'");
$update = array("closed" => 0, "closedbymysupport" => 0);
$mysupport_forums = implode(",", array_map("intval", mysupport_forums()));
$db->update_query("threads", $update, "uid = '" . intval($uid) . "' AND fid IN (" . $db->escape_string($mysupport_forums) . ") AND closed = '1' AND closedbymysupport = '2'");
mysupport_mod_log_action(11, $lang->sprintf($lang->deny_support_revoke_mod_log, $username));
mysupport_redirect_message($lang->sprintf($lang->deny_support_revoke_success, htmlspecialchars_uni($username)));
} else {
$update = array("deniedsupport" => 1, "deniedsupportreason" => intval($deniedsupportreason), "deniedsupportuid" => intval($mybb->user['uid']));
$db->update_query("users", $update, "uid = '" . intval($uid) . "'");
if ($mybb->settings['mysupportclosewhendenied'] == 1) {
$update = array("closed" => 1, "closedbymysupport" => 2);
$mysupport_forums = implode(",", array_map("intval", mysupport_forums()));
$db->update_query("threads", $update, "uid = '" . intval($uid) . "' AND fid IN (" . $db->escape_string($mysupport_forums) . ") AND closed = '0'");
}
if ($deniedsupportreason != 0) {
$deniedsupportreason = $db->fetch_field($query, "name");
mysupport_mod_log_action(11, $lang->sprintf($lang->deny_support_mod_log_reason, $username, $deniedsupportreason));
} else {
mysupport_mod_log_action(11, $lang->sprintf($lang->deny_support_mod_log, $username));
}
mysupport_redirect_message($lang->sprintf($lang->deny_support_success, htmlspecialchars_uni($username)));
}
if (!empty($mod_log_action)) {
$mod_log_data = array("fid" => intval($fid), "tid" => intval($tid));
log_moderator_action($mod_log_data, $mod_log_action);
}
redirect($redirect_url, $redirect);
} elseif ($mybb->input['do'] == "denysupport") {
if ($mybb->settings['enablemysupportsupportdenial'] != 1) {
mysupport_error($lang->support_denial_not_enabled);
exit;
}
$uid = intval($mybb->input['uid']);
$tid = intval($mybb->input['tid']);
$user = get_user($uid);
$username = $user['username'];
$user_link = build_profile_link(htmlspecialchars_uni($username), intval($uid), "blank");
if ($mybb->input['uid']) {
$deny_support_to = $lang->sprintf($lang->deny_support_to, htmlspecialchars_uni($username));
} else {
$deny_support_to = $lang->deny_support_to_user;
}
add_breadcrumb($deny_support_to);
$deniedreasons = "";
$deniedreasons .= "<label for=\"deniedsupportreason\">{$lang->reason}:</label> <select name=\"deniedsupportreason\" id=\"deniedsupportreason\">\n";
// if they've not been denied support yet or no reason was given, show an empty option that will be selected
if ($user['deniedsupport'] == 0 || $user['deniedsupportreason'] == 0) {
$deniedreasons .= "<option value=\"0\"></option>\n";
}
$mysupport_cache = $cache->read("mysupport");
if (!empty($mysupport_cache['deniedreasons'])) {
// if there's one or more reasons set, show them in a dropdown
foreach ($mysupport_cache['deniedreasons'] as $deniedreasons) {
$selected = "";
// if a reason has been given, we'd be editing it, so this would select the current one
if ($user['deniedsupport'] == 1 && $user['deniedsupportreason'] == $deniedreason['mid']) {
$selected = " selected=\"selected\"";
}
$deniedreasons .= "<option value=\"" . intval($deniedreason['mid']) . "\"{$selected}>" . htmlspecialchars_uni($deniedreason['name']) . "</option>\n";
}
}
$deniedreasons .= "<option value=\"0\">{$lang->support_denial_reasons_none}</option>\n";
// if they've been denied support, give an option to revoke it
if ($user['deniedsupport'] == 1) {
$deniedreasons .= "<option value=\"0\">-----</option>\n";
$deniedreasons .= "<option value=\"-1\">{$lang->revoke}</option>\n";
}
$deniedreasons .= "</select>\n";
eval("\$deny_support = \"" . $templates->get('mysupport_deny_support_deny') . "\";");
eval("\$deny_support_page = \"" . $templates->get('mysupport_deny_support') . "\";");
output_page($deny_support_page);
} else {
$query = $db->write_query("\r\n\t\t\t\tSELECT u1.username AS support_denied_username, u1.uid AS support_denied_uid, u2.username AS support_denier_username, u2.uid AS support_denier_uid, m.name AS support_denied_reason\r\n\t\t\t\tFROM " . TABLE_PREFIX . "users u\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "mysupport m ON (u.deniedsupportreason = m.mid)\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u1 ON (u1.uid = u.uid)\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u2 ON (u2.uid = u.deniedsupportuid)\r\n\t\t\t\tWHERE u.deniedsupport = '1'\r\n\t\t\t\tORDER BY u1.username ASC\r\n\t\t\t");
if ($db->num_rows($query) > 0) {
while ($denieduser = $db->fetch_array($query)) {
$bgcolor = alt_trow();
$support_denied_user = build_profile_link(htmlspecialchars_uni($denieduser['support_denied_username']), intval($denieduser['support_denied_uid']));
$support_denier_user = build_profile_link(htmlspecialchars_uni($denieduser['support_denier_username']), intval($denieduser['support_denier_uid']));
if (empty($denieduser['support_denied_reason'])) {
$support_denial_reason = $lang->support_denial_no_reason;
} else {
$support_denial_reason = $denieduser['support_denied_reason'];
}
eval("\$denied_users .= \"" . $templates->get('mysupport_deny_support_list_user') . "\";");
}
} else {
$denied_users = "<tr><td class=\"trow1\" align=\"center\" colspan=\"5\">{$lang->support_denial_no_users}</td></tr>";
}
eval("\$deny_support = \"" . $templates->get('mysupport_deny_support_list') . "\";");
eval("\$deny_support_page = \"" . $templates->get('mysupport_deny_support') . "\";");
output_page($deny_support_page);
}
}
}
function hello_new()
{
global $mybb;
// If we're not running the 'hello' action as specified in our form, get out of there.
if ($mybb->get_input('action') != 'hello') {
return;
}
// Only accept POST
if ($mybb->request_method != 'post') {
error_no_permission();
}
global $lang;
// Correct post key? This is important to prevent CSRF
verify_post_check($mybb->get_input('my_post_key'));
// Load our language file
$lang->load('hello');
$message = trim($mybb->get_input('message'));
// Message cannot be empty
if (!$message || my_strlen($message) > 100) {
error($lang->hello_message_empty);
}
global $db;
// Escape input data
$message = $db->escape_string($message);
// Insert into database
$db->insert_query('hello_messages', array('message' => $message));
// Redirect to index.php with a message
redirect('index.php', $lang->hello_done);
}
function hook_newpoints_do_shop_start()
{
global $mybb, $db, $lang, $cache, $theme, $header, $templates, $plugins, $headerinclude, $footer, $options, $inline_errors;
if ($mybb->get_input('shop_action') == 'buy_sticky') {
$do = false;
} elseif ($mybb->get_input('shop_action') == 'do_buy_sticky') {
$do = true;
} else {
return false;
}
if ($do) {
$plugins->run_hooks('newpoints_shop_do_buy_sticky_start');
} else {
$plugins->run_hooks('newpoints_shop_buy_sticky_start');
}
if (!($item = newpoints_shop_get_item($mybb->get_input('iid', 1)))) {
error($lang->newpoints_shop_invalid_item);
}
if (!($cat = newpoints_shop_get_category($item['cid']))) {
error($lang->newpoints_shop_invalid_cat);
}
if (!newpoints_shop_check_permissions($cat['usergroups'])) {
error_no_permission();
}
if (!$item['visible'] || !$cat['visible']) {
error_no_permission();
}
if (!$item['buy_sticky'] || $item['buy_sticky_time'] < 1) {
error_no_permission();
}
$myitems = @unserialize($mybb->user['newpoints_items']);
if (!$myitems) {
error($lang->newpoints_shop_inventory_empty);
}
$key = array_search($item['iid'], $myitems);
if ($key === false) {
error($lang->newpoints_shop_selected_item_not_owned);
}
$this->load_language();
if ($do) {
// ~~~ @ https://github.com/PaulBender/Move-Posts/blob/master/inc/plugins/moveposts.php#L217 //
if ($db->table_exists('google_seo')) {
$regexp = "{$mybb->settings['bburl']}/{$mybb->settings['google_seo_url_threads']}";
if ($regexp) {
$regexp = preg_quote($regexp, '#');
$regexp = str_replace('\\{\\$url\\}', '([^./]+)', $regexp);
$regexp = str_replace('\\{url\\}', '([^./]+)', $regexp);
$regexp = "#^{$regexp}\$#u";
}
$url = $mybb->get_input('threadurl');
$url = preg_replace('/^([^#?]*)[#?].*$/u', '\\1', $url);
$url = preg_replace($regexp, '\\1', $url);
$url = urldecode($url);
$query = $db->simple_select('google_seo', 'id', "idtype='4' AND url='{$db->escape_string($url)}'");
$redeemtid = $db->fetch_field($query, 'id');
}
$realurl = explode('#', $mybb->get_input('threadurl'));
$mybb->input['threadurl'] = $realurl[0];
if (substr($mybb->get_input('threadurl'), -4) == 'html') {
preg_match('#thread-([0-9]+)?#i', $mybb->get_input('threadurl'), $threadmatch);
preg_match('#post-([0-9]+)?#i', $mybb->get_input('threadurl'), $postmatch);
if ($threadmatch[1]) {
$parameters['tid'] = $threadmatch[1];
}
if ($postmatch[1]) {
$parameters['pid'] = $postmatch[1];
}
} else {
$splitloc = explode('.php', $mybb->get_input('threadurl'));
$temp = explode('&', my_substr($splitloc[1], 1));
if (!empty($temp)) {
for ($i = 0; $i < count($temp); $i++) {
$temp2 = explode('=', $temp[$i], 2);
$parameters[$temp2[0]] = $temp2[1];
}
} else {
$temp2 = explode('=', $splitloc[1], 2);
$parameters[$temp2[0]] = $temp2[1];
}
}
if ($parameters['pid'] && !$parameters['tid']) {
$query = $db->simple_select('posts', '*', "pid='" . (int) $parameters['pid'] . "'");
$post = $db->fetch_array($query);
$redeemtid = $post['tid'];
} elseif ($parameters['tid']) {
$redeemtid = $parameters['tid'];
}
$thread = get_thread($redeemtid);
// ~~~ //
if (!$thread['tid'] || !$thread['visible'] || $thread['deletetime']) {
error($lang->newpoints_buy_sticky_redeem_error_invalid);
}
if ($thread['sticky']) {
error($lang->newpoints_buy_sticky_redeem_error_alreadystickied);
}
if ($thread['closed']) {
error($lang->newpoints_buy_sticky_redeem_error_closedthread);
}
if ($thread['uid'] != $mybb->user['uid']) {
error($lang->newpoints_buy_sticky_redeem_error_wronguser);
}
// We need more extensive permission checkings here late on..
require_once MYBB_ROOT . 'inc/class_moderation.php';
$moderation = new Moderation();
$lang->load('moderation');
$moderation->stick_threads($thread['tid']);
log_moderator_action(array('fid' => $thread['fid'], 'tid' => $thread['tid']), $lang->sprintf($lang->mod_process, $lang->stuck));
newpoints_log('buy_sticky', $mybb->settings['bburl'] . '/' . get_thread_link($thread['tid']), $mybb->user['username'], $mybb->user['uid']);
$rundate = TIME_NOW + $item['buy_sticky_time'] * 86400;
$did = $db->insert_query("delayedmoderation", array('type' => $db->escape_string('stick'), 'delaydateline' => (int) $rundate, 'uid' => (int) $mybb->user['uid'], 'tids' => (int) $thread['tid'], 'fid' => (int) $thread['fid'], 'dateline' => TIME_NOW, 'inputs' => $db->escape_string(my_serialize(array('new_forum' => (int) $thread['fid'], 'method' => 'move', 'redirect_expire' => '')))));
$plugins->run_hooks('moderation_do_delayedmoderation');
// remove item from our inventory
unset($myitems[$key]);
sort($myitems);
$db->update_query('users', array('newpoints_items' => serialize($myitems)), "uid='" . (int) $mybb->user['uid'] . "'");
$plugins->run_hooks('newpoints_shop_do_buy_sticky_end');
$message = $lang->sprintf($lang->newpoints_buy_sticky_redeem_done, my_date('relative', $rundate, '', 2));
redirect($mybb->settings['bburl'] . '/newpoints.php?action=shop&shop_action=myitems', $message, $lang->newpoints_buy_sticky_redeem_done_title);
} else {
$lang->newpoints_shop_action = $lang->newpoints_buy_sticky_redeem_title;
$item['name'] = htmlspecialchars_uni($item['name']);
global $shop_action, $data, $colspan;
$colspan = 2;
$shop_action = 'do_buy_sticky';
$fields = '<input type="hidden" name="iid" value="' . $item['iid'] . '">';
$data = "<td class=\"trow1\" width=\"50%\"><strong>" . $lang->newpoints_buy_sticky_redeem_thread . ":</strong><br /><small>" . $lang->newpoints_buy_sticky_redeem_message . "</small></td><td class=\"trow1\" width=\"50%\"><input type=\"text\" class=\"textbox\" name=\"threadurl\" value=\"\"></td>";
$plugins->run_hooks('newpoints_shop_buy_sticky_end');
$page = eval($templates->render('newpoints_shop_do_action'));
output_page($page);
}
exit;
}
function mylikes_popup()
{
global $db, $mybb, $lang, $groupscache, $templates;
if ($mybb->input['action'] == "likes_recount") {
// Rebuild the cache for this post - the reputation/like counter may have changed
if (!empty($mybb->input['pid'])) {
JB_MyLikes_Like::cache($mybb->input['pid']);
}
exit;
}
if ($mybb->input['action'] != "likes") {
return;
}
if (empty($mybb->input['pid']) || empty($mybb->input['uid'])) {
error_no_permission();
}
$lang->load("mylikes");
$pid = $mybb->get_input("pid");
$uid = $mybb->get_input("uid");
$query = $db->simple_select("reputation", "*", "uid={$uid} AND pid={$pid}");
$users = "";
while ($like = $db->fetch_array($query)) {
$user = get_user($like['adduid']);
$name = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
$profile_link = build_profile_link($name, $user['uid'], '_blank', 'if(window.opener) { window.opener.location = this.href; return false; }');
$send_pm = '';
if ($mybb->user['receivepms'] != 0 && $user['receivepms'] != 0 && $groupscache[$user['usergroup']]['canusepms'] != 0) {
eval("\$send_pm = \"" . $templates->get("misc_buddypopup_user_sendpm") . "\";");
}
if ($user['lastactive']) {
$last_active = $lang->sprintf($lang->last_active, my_date('relative', $user['lastactive']));
} else {
$last_active = $lang->sprintf($lang->last_active, $lang->never);
}
$user['avatar'] = format_avatar(htmlspecialchars_uni($user['avatar']), $user['avatardimensions'], '44x44');
$online_alt = alt_trow();
$users .= eval($templates->render("misc_mylikes_like"));
}
if (empty($users)) {
$users = eval($templates->render("misc_mylikes_nolikes"));
}
echo eval($templates->render("misc_mylikes", 1, 0));
exit;
}
function avatarep_popup()
{
global $lang, $mybb, $templates, $avatarep_popup, $db;
if ($mybb->settings['avatarep_active'] == 0 || $mybb->settings['avatarep_active'] == 1 && $mybb->settings['avatarep_menu'] == 0) {
return false;
}
if ($mybb->input['action'] == "avatarep_popup") {
if ($mybb->usergroup['canviewprofiles'] == 0) {
error_no_permission();
}
$lang->load("member");
$lang->load("avatarep");
$uid = intval($mybb->input['uid']);
$memprofile = get_user($uid);
$memprofile['avatar'] = htmlspecialchars_uni($memprofile['avatar']);
if (strlen(trim($memprofile['avatar'])) == 0) {
$memprofile['avatar'] = "images/default_avatar.png";
}
$formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']);
$usertitle = "";
if (!empty($memprofile['usertitle'])) {
$usertitle = $memprofile['usertitle'];
$usertitle = "({$usertitle})";
}
$memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']);
$memprofile['postnum'] = my_number_format($memprofile['postnum']);
$warning_link = "warnings.php?uid={$memprofile['uid']}";
$warning_level = round($memprofile['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100);
$memlastvisitdate = my_date($mybb->settings['dateformat'], $memprofile['lastactive']);
$memlastvisittime = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
// User is currently online and this user has permissions to view the user on the WOL
$timesearch = TIME_NOW - $mybb->settings['wolcutoffmins'] * 60;
$query = $db->simple_select("sessions", "location,nopermission", "uid='{$uid}' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
$session = $db->fetch_array($query);
if (($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid']) && !empty($session)) {
eval("\$online_status = \"" . $templates->get("member_profile_online") . "\";");
} else {
eval("\$online_status = \"" . $templates->get("member_profile_offline") . "\";");
}
eval("\$avatarep_popup = \"" . $templates->get("avatarep_popup") . "\";");
output_page($avatarep_popup);
}
}
function ougc_pages_show()
{
global $db, $ougc_pages, $lang, $templates, $mybb, $footer, $headerinclude, $header, $theme, $page, $category;
// Load lang
$ougc_pages->lang_load();
!$ougc_pages->invalid_page or error($lang->ougc_pages_error_invalidpage);
!$ougc_pages->invalid_çategory or error($lang->ougc_pages_error_invalidçategory);
!$ougc_pages->no_permission or error_no_permission();
// Load custom page language file if exists
$lang->load('ougc_pages_' . $category['cid'], false, true);
$lang->load('ougc_pages_' . $page['pid'], false, true);
$category['name'] = htmlspecialchars_uni($category['name']);
/*if($category['breadcrumb'])
{
add_breadcrumb($category['name'], $ougc_pages->get_category_link($category['cid']));
}`*/
add_breadcrumb($category['name'], $ougc_pages->get_category_link($category['cid']));
$gids = explode(',', $mybb->user['additionalgroups']);
$gids[] = $mybb->user['usergroup'];
$gids = array_filter(array_unique($gids));
$sqlwhere = 'visible=\'1\' AND cid=\'' . (int) $category['cid'] . '\' AND groups!=\'\' AND (groups=\'-1\'';
switch ($db->type) {
case 'pgsql':
case 'sqlite':
foreach ($gids as $gid) {
$gid = (int) $gid;
$sqlwhere .= ' OR \',\'||groups||\',\' LIKE \'%,' . $gid . ',%\'';
}
break;
default:
foreach ($gids as $gid) {
$gid = (int) $gid;
$sqlwhere .= ' OR CONCAT(\',\',groups,\',\') LIKE \'%,' . $gid . ',%\'';
}
break;
}
$sqlwhere .= ')';
/*$navigation = array('previous' => '', 'right' => 'next');*/
if (!empty($page)) {
$title = $page['name'] = htmlspecialchars_uni($page['name']);
$description = $page['description'] = htmlspecialchars_uni($page['description']);
add_breadcrumb($page['name'], $ougc_pages->get_page_link($page['pid']));
/*if($category['navigation'])
{
$sqlwhere .= 'AND php!=\'1\' AND disporder';
$where = '<\''.(int)$page['disporder'].'\'';
$query = $db->simple_select('ougc_pages', 'pid', $sqlwhere.$where, array('order_by' => 'disporder, name', 'limit' => 1));
$previous_page_id = (int)$db->fetch_field($query, 'pid');
if($previous_page_id)
{
$previous_link = $ougc_pages->get_page_link($previous_page_id);
eval('$navigation[\'previous\'] = "'.$templates->get('ougcpages_navigation_previous').'";');
}
$where = '>\''.(int)$page['disporder'].'\'';
$query = $db->simple_select('ougc_pages', 'pid', $sqlwhere.$where, array('order_by' => 'disporder, name', 'limit' => 1));
$next_page_id = (int)$db->fetch_field($query, 'pid');
if($next_page_id)
{
$next_link = $ougc_pages->get_page_link($next_page_id);
eval('$navigation[\'next\'] = "'.$templates->get('ougcpages_navigation_next').'";');
}
}*/
$templates->cache['ougcpages_temporary_tmpl'] = $page['template'];
#TODO: Add "Las updated on DATELINE..." to page
eval('$content = "' . $templates->get('ougcpages_temporary_tmpl') . '";');
if ($page['wrapper']) {
eval('$content = "' . $templates->get('ougcpages_wrapper') . '";');
}
} else {
$title = $category['name'] = htmlspecialchars_uni($category['name']);
$description = $category['description'] = htmlspecialchars_uni($category['description']);
$query = $db->simple_select('ougc_pages', '*', $sqlwhere, array('order_by' => 'disporder'));
$page_list = '';
while ($page = $db->fetch_array($query)) {
$page['name'] = htmlspecialchars_uni($page['name']);
$page_link = $ougc_pages->get_page_link($page['pid']);
eval('$page_list .= "' . $templates->get('ougcpages_category_list_item') . '";');
}
if (!$page_list) {
eval('$content = "' . $templates->get('ougcpages_category_list_empty') . '";');
} else {
eval('$content = "' . $templates->get('ougcpages_category_list') . '";');
}
eval('$content = "' . $templates->get('ougcpages_wrapper') . '";');
}
/*if($category['navigation'])
{
eval('$content = "'.$templates->get('ougcpages_navigation').'";');
}*/
/*if($portal)
{
return $content;
}*/
eval('$page = "' . $templates->get('ougcpages') . '";');
output_page($page);
exit;
}
function get_announcement_func($xmlrpc_params)
{
global $db, $lang, $mybb, $position, $plugins, $pids, $groupscache;
$input = Tapatalk_Input::filterXmlInput(array('topic_id' => Tapatalk_Input::STRING, 'start_num' => Tapatalk_Input::INT, 'last_num' => Tapatalk_Input::INT, 'return_html' => Tapatalk_Input::INT), $xmlrpc_params);
$parser = new Tapatalk_Parser();
// Load global language phrases
$lang->load("announcements");
$aid = intval($_GET['aid']);
// Get announcement fid
$query = $db->simple_select("announcements", "fid", "aid='{$aid}'");
$announcement = $db->fetch_array($query);
$plugins->run_hooks("announcements_start");
if (!$announcement) {
error($lang->error_invalidannouncement);
}
// Get forum info
$fid = $announcement['fid'];
if ($fid > 0) {
$forum = get_forum($fid);
if (!$forum) {
error($lang->error_invalidforum);
}
// Make navigation
build_forum_breadcrumb($forum['fid']);
// Permissions
$forumpermissions = forum_permissions($forum['fid']);
if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) {
error_no_permission();
}
// Check if this forum is password protected and we have a valid password
check_forum_password($forum['fid']);
}
add_breadcrumb($lang->nav_announcements);
$archive_url = build_archive_link("announcement", $aid);
// Get announcement info
$time = TIME_NOW;
$query = $db->query("\n\t\tSELECT u.*, u.username AS userusername, a.*, f.*\n\t\tFROM " . TABLE_PREFIX . "announcements a\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=a.uid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfields f ON (f.ufid=u.uid)\n\t\tWHERE a.startdate<='{$time}' AND (a.enddate>='{$time}' OR a.enddate='0') AND a.aid='{$aid}'\n\t");
$announcementarray = $db->fetch_array($query);
if (!$announcementarray) {
error($lang->error_invalidannouncement);
}
// Gather usergroup data from the cache
// Field => Array Key
$data_key = array('title' => 'grouptitle', 'usertitle' => 'groupusertitle', 'stars' => 'groupstars', 'starimage' => 'groupstarimage', 'image' => 'groupimage', 'namestyle' => 'namestyle', 'usereputationsystem' => 'usereputationsystem');
foreach ($data_key as $field => $key) {
$announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field];
}
$announcementarray['dateline'] = $announcementarray['startdate'];
$announcementarray['userusername'] = $announcementarray['username'];
$announcement = build_postbit($announcementarray, 3);
$announcementarray['subject'] = $parser->parse_badwords($announcementarray['subject']);
$lang->forum_announcement = $lang->sprintf($lang->forum_announcement, htmlspecialchars_uni($announcementarray['subject']));
if ($announcementarray['startdate'] > $mybb->user['lastvisit']) {
$setcookie = true;
if (isset($mybb->cookies['mybb']['announcements']) && is_scalar($mybb->cookies['mybb']['announcements'])) {
$cookie = my_unserialize(stripslashes($mybb->cookies['mybb']['announcements']));
if (isset($cookie[$announcementarray['aid']])) {
$setcookie = false;
}
}
if ($setcookie) {
my_set_array_cookie('announcements', $announcementarray['aid'], $announcementarray['startdate'], -1);
}
}
$user_info = get_user($announcementarray['aid']);
$icon_url = absolute_url($user_info['avatar']);
// prepare xmlrpc return
$xmlrpc_post = new xmlrpcval(array('topic_id' => new xmlrpcval('ann_' . $announcementarray['aid']), 'post_title' => new xmlrpcval(basic_clean($announcementarray['subject']), 'base64'), 'post_content' => new xmlrpcval(process_post($announcementarray['message'], $input['return_html']), 'base64'), 'post_author_id' => new xmlrpcval($announcementarray['uid']), 'post_author_name' => new xmlrpcval(basic_clean($announcementarray['username']), 'base64'), 'user_type' => new xmlrpcval(check_return_user_type($announcementarray['username']), 'base64'), 'icon_url' => new xmlrpcval(absolute_url($icon_url)), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($announcementarray['dateline']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($announcementarray['dateline'], 'string')), 'struct');
$result = array('total_post_num' => new xmlrpcval(1, 'int'), 'can_reply' => new xmlrpcval(false, 'boolean'), 'can_subscribe' => new xmlrpcval(false, 'boolean'), 'posts' => new xmlrpcval(array($xmlrpc_post), 'array'));
return new xmlrpcresp(new xmlrpcval($result, 'struct'));
}
function ougc_awards_modcp()
{
global $mybb, $modcp_nav, $templates, $lang, $awards;
$permission = (bool) ($mybb->settings['ougc_awards_modcp'] && ($mybb->settings['ougc_awards_modgroups'] == -1 || $mybb->settings['ougc_awards_modgroups'] && $awards->check_groups($mybb->settings['ougc_awards_modgroups'], false)));
if ($permission) {
$awards->lang_load();
eval('$awards_nav = "' . $templates->get('ougcawards_modcp_nav') . '";');
$modcp_nav = str_replace('<!--OUGC_AWARDS-->', $awards_nav, $modcp_nav);
}
if ($mybb->input['action'] != 'awards') {
return;
}
$permission or error_no_permission();
$awards->lang_load();
global $headerinclude, $header, $theme, $footer, $db;
add_breadcrumb($lang->ougc_awards_modcp_nav, $awards->build_url());
$error = array();
$errors = '';
// We can give awards from the ModCP
if ($mybb->input['manage'] == 'give') {
if (!($award = $awards->get_award($mybb->input['aid']))) {
error($lang->ougc_awards_error_wrongaward);
}
add_breadcrumb(strip_tags($award['name']));
add_breadcrumb($lang->ougc_awards_modcp_give);
if (!$award['visible']) {
error($lang->ougc_awards_error_wrongaward);
}
if ($mybb->request_method == 'post') {
if (!($user = $awards->get_user_by_username($mybb->input['username']))) {
$errors = inline_error($lang->ougc_awards_error_invaliduser);
} elseif ($awards->get_gived_award($award['aid'], $user['uid'])) {
$errors = inline_error($lang->ougc_awards_error_give);
} elseif (!$awards->can_edit_user($user['uid'])) {
$errors = inline_error($lang->ougc_awards_error_giveperm);
} else {
$awards->give_award($award, $user, $mybb->input['reason']);
$awards->log_action();
$awards->redirect($lang->ougc_awards_redirect_gived);
}
}
$lang->ougc_awards_modcp_title_give = $lang->sprintf($lang->ougc_awards_modcp_title_give, $awards->get_award_info('name', $award['aid'], $award['name']));
eval('$reason = "' . $templates->get('ougcawards_modcp_manage_reason') . '";');
eval('$content = "' . $templates->get('ougcawards_modcp_manage') . '";');
eval('$page = "' . $templates->get('ougcawards_modcp') . '";');
output_page($page);
exit;
} elseif ($mybb->input['manage'] == 'revoke') {
if (!($award = $awards->get_award($mybb->input['aid']))) {
error($lang->ougc_awards_error_wrongaward);
}
add_breadcrumb(strip_tags($award['name']));
add_breadcrumb($lang->ougc_awards_modcp_revoke);
if (!$award['visible']) {
error($lang->ougc_awards_error_wrongaward);
}
if ($mybb->request_method == 'post') {
if (!($user = $awards->get_user_by_username($mybb->input['username']))) {
$errors = inline_error($lang->ougc_awards_error_invaliduser);
} elseif (!$awards->get_gived_award($award['aid'], $user['uid'])) {
$errors = inline_error($lang->ougc_awards_error_notgive);
} elseif (!$awards->can_edit_user($user['uid'])) {
$errors = inline_error($lang->ougc_awards_error_giveperm);
} else {
$awards->revoke_award($award['aid'], $user['uid']);
$awards->log_action();
$awards->redirect($lang->ougc_awards_redirect_revoked);
}
}
$lang->ougc_awards_modcp_title_give = $lang->sprintf($lang->ougc_awards_modcp_title_give, $awards->get_award_info('name', $award['aid'], $award['name']));
$lang->ougc_awards_modcp_give = $lang->ougc_awards_modcp_revoke;
eval('$content = "' . $templates->get('ougcawards_modcp_manage') . '";');
eval('$page = "' . $templates->get('ougcawards_modcp') . '";');
output_page($page);
exit;
} else {
$limit = (int) $mybb->settings['ougc_awards_perpage'];
$limit = $limit > 100 ? 100 : ($limit < 1 ? 1 : $limit);
$mybb->input['page'] = (int) $mybb->input['page'];
if ($mybb->input['page'] && $mybb->input['page'] > 0) {
$start = ($mybb->input['page'] - 1) * $limit;
} else {
$start = 0;
$mybb->input['page'] = 1;
}
$awardlist = $multipage = '';
$query = $db->simple_select('ougc_awards', '*', 'visible=\'1\'', array('limit_start' => $start, 'limit' => $limit));
if (!$db->num_rows($query)) {
eval('$awardlist = "' . $templates->get('ougcawards_modcp_list_empty') . '";');
} else {
while ($award = $db->fetch_array($query)) {
$trow = alt_trow();
$award['aid'] = (int) $award['aid'];
$award['image'] = $awards->get_award_icon($award['aid']);
if ($name = $awards->get_award_info('name', $award['aid'])) {
$award['name'] = $name;
}
if ($description = $awards->get_award_info('description', $award['aid'])) {
$award['description'] = $description;
}
eval('$awardlist .= "' . $templates->get('ougcawards_modcp_list_award') . '";');
}
$query = $db->simple_select('ougc_awards', 'COUNT(aid) AS awards', $where);
$awardscount = (int) $db->fetch_field($query, 'awards');
$multipage = multipage($awardscount, $limit, $mybb->input['page'], $awards->build_url());
isset($multipage) or $multipage = '';
}
eval('$content = "' . $templates->get('ougcawards_modcp_list') . '".$multipage;');
eval('$page = "' . $templates->get('ougcawards_modcp') . '";');
output_page($page);
exit;
}
}
public function member_profile_start()
{
global $mybb;
if (!$mybb->settings['mppermissionsenabled'] || !$mybb->usergroup['canviewprofiles']) {
return;
}
$memprofile = false;
$uid = $mybb->get_input('uid', 1);
if ($uid) {
$memprofile = get_user($uid);
} elseif ($mybb->user['uid']) {
$memprofile = $mybb->user;
}
if ($mybb->settings['mppermissionsgroups'] != -1 && !is_member($mybb->settings['mppermissionsgroups'], array('usergroup' => $memprofile['usergroup'], 'additionalgroups' => $memprofile['additionalgroups']))) {
return;
}
if (!$memprofile || !$memprofile['myprofilepermissions'] || $mybb->user['uid'] == $memprofile['uid'] || $mybb->usergroup['caneditprofiles']) {
return;
}
require_once MYBB_ROOT . 'inc/functions_modcp.php';
if (modcp_can_manage_user($memprofile['uid'])) {
return;
}
if ($memprofile['myprofilepermissions'] == 1 || !$memprofile['buddylist'] && !$memprofile['ignorelist']) {
error_no_permission();
}
if (my_strpos(',' . $memprofile['ignorelist'] . ',', ',' . $mybb->user['uid'] . ',') !== false) {
error_no_permission();
}
if (!my_strpos(',' . $memprofile['buddylist'] . ',', ',' . $mybb->user['uid'] . ',') !== false) {
error_no_permission();
}
}
public function modcp_start()
{
global $mybb, $lang, $theme, $settings, $templates, $headerinclude, $header, $modcp_nav;
if (isset($mybb->input["action"]) && is_string($mybb->input["action"])) {
$action = $mybb->input["action"];
if ($action == "myprofilecomments") {
if ($mybb->usergroup["canmanagecomments"] == "0") {
error_no_permission();
} else {
add_breadcrumb($lang->mcp_nav_users, "modcp.php?action=myprofile");
eval("\$myprofile = \"" . $templates->get("myprofile_comments_modcp_start") . "\";");
output_page($myprofile);
}
}
}
}
$lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
}
error($lang->error_emailflooding);
}
}
$query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='" . $mybb->get_input('uid', MyBB::INPUT_INT) . "'");
$to_user = $db->fetch_array($query);
$lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']);
if (!$to_user['uid']) {
error($lang->error_invaliduser);
}
if ($to_user['hideemail'] != 0) {
error($lang->error_hideemail);
}
if ($to_user['ignorelist'] && (my_strpos("," . $to_user['ignorelist'] . ",", "," . $mybb->user['uid'] . ",") !== false && $mybb->usergroup['cansendemailoverride'] != 1)) {
error_no_permission();
}
if (isset($errors) && count($errors) > 0) {
$errors = inline_error($errors);
$fromname = htmlspecialchars_uni($mybb->get_input('fromname'));
$fromemail = htmlspecialchars_uni($mybb->get_input('fromemail'));
$subject = htmlspecialchars_uni($mybb->get_input('subject'));
$message = htmlspecialchars_uni($mybb->get_input('message'));
} else {
$errors = '';
$fromname = '';
$fromemail = '';
$subject = '';
$message = '';
}
// Generate CAPTCHA?
/**
* Modal box for changing the post author.
*
*
*/
function accountswitcher_author()
{
global $mybb, $pid, $tid, $post, $db, $theme, $eas, $headerinclude, $lang, $templates, $postlink, $userUid, $attachedUser, $as_author_userbit, $cancel;
// If user author change or mod author change
if ($mybb->input['changeauthor'] == 1 && $mybb->settings['aj_changeauthor'] == 1 || $mybb->input['adminauthor'] == 1 && $mybb->settings['aj_admin_changeauthor'] == 1) {
// No post author and no mod permissions?
if ($mybb->user['uid'] != $post['uid'] && !is_moderator($post['fid'])) {
error_no_permission();
}
if (!isset($lang->aj_changeauthor_headline)) {
$lang->load("accountswitcher");
}
$pid = (int) $pid;
$postlink = htmlspecialchars_decode(get_post_link($pid, $tid) . '#pid' . $pid);
$author_admin = $author = '';
$cancel = '$.modal.close(); return false;';
// Get the attached users
if ($mybb->user['uid'] != 0) {
// Get the number of users attached to this account
$count = $eas->get_attached($post['uid']);
// Author moderation
if ($mybb->input['adminauthor'] == 1 && $mybb->settings['aj_admin_changeauthor'] == 1) {
// Search und set new author
$lang->load("global");
$author_admin .= '<div class="modal">' . eval($templates->render('accountswitcher_author_admin')) . '</div>';
} elseif ($mybb->input['changeauthor'] == 1) {
$selected = '';
// If there are users attached and the current user can use the Enhanced Account Switcher...
if ($mybb->usergroup['as_canswitch'] == 1 && $count > 0) {
$userUid = (int) $mybb->user['uid'];
$attachedUser = htmlspecialchars_uni($mybb->user['username']);
$as_author_userbit .= eval($templates->render('accountswitcher_author_selfbit'));
$accounts = $eas->accountswitcher_cache;
if (is_array($accounts)) {
// Sort accounts by first, secondary, shared accounts and by uid or username
$accounts = $eas->sort_attached();
// Get all attached accounts
foreach ($accounts as $key => $account) {
if ($account['as_uid'] == $mybb->user['uid']) {
if ($count > 0) {
$userUid = (int) $account['uid'];
$attachedUser = htmlspecialchars_uni($account['username']);
$as_author_userbit .= eval($templates->render('accountswitcher_author_userbit'));
}
}
}
}
}
// If there are no users attached to current account but the current account is attached to another user
if ($count == 0 && $mybb->user['as_uid'] != 0) {
// Get the master
$master = get_user($mybb->user['as_uid']);
// Get masters permissions
$permission = user_permissions($master['uid']);
// If the master has permission to use the Enhanced Account Switcher, get the userlist
if ($permission['as_canswitch'] == 1) {
// Create link to master
$userUid = (int) $master['uid'];
$attachedUser = htmlspecialchars_uni($master['username']);
$as_author_userbit .= eval($templates->render('accountswitcher_author_userbit'));
// Get all users attached to master from the cache
$accounts = $eas->accountswitcher_cache;
if (is_array($accounts)) {
foreach ($accounts as $key => $account) {
// Leave current user out
if ($account['uid'] == $mybb->user['uid']) {
continue;
}
if ($account['as_uid'] == $master['uid']) {
$userUid = (int) $account['uid'];
$attachedUser = htmlspecialchars_uni($account['username']);
$as_author_userbit .= eval($templates->render('accountswitcher_author_userbit'));
}
}
}
}
}
}
// Build the page
$author .= '<div class="modal">' . eval($templates->render('accountswitcher_author_change')) . '</div>';
// For author moderation check permissions and use another form
if ($mybb->input['adminauthor'] == 1) {
if ($mybb->settings['aj_admin_changegroup'] == 'admin' && $mybb->usergroup['cancp'] != 1 || $mybb->settings['aj_admin_changegroup'] == 'supermods' && $mybb->usergroup['issupermod'] != 1 || $mybb->settings['aj_admin_changegroup'] == 'mods' && !is_moderator($post['fid'])) {
error_no_permission();
}
$author = $author_admin;
}
echo $author;
exit;
}
}
}
