/** This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass. */ public function action() { global $mybb, $db; $api = APISystem::get_instance(); if (isset($api->paths[1]) && is_string($api->paths[1])) { switch (strtolower($api->paths[1])) { case "list": if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) { return (object) $forums[$api->paths[2]]; } else { return (object) $forums; } break; case "posts": if (isset($api->paths[2]) && is_string($api->paths[2])) { $posts = array(); $tid = $db->escape_string($api->paths[2]); $query = $db->write_query("SELECT * FROM " . TABLE_PREFIX . "posts p WHERE p.`tid` = '{$tid}'"); while ($post = $db->fetch_array($query)) { $posts[$post["pid"]] = $post; } return (object) $posts; } else { // what forum? } break; case "permissions": $forumpermissions = forum_permissions(); return (object) $forumpermissions; default: break; } } throw new BadRequestException("No valid option given in the URL."); }
function get_forum_func() { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $forumpermissions, $fcache, $forum_cache; $lang->load("index"); $inactiveforums = get_inactive_forums(); if ($mybb->user['uid'] == 0) { // Build a forum cache. $query = $db->query("\n SELECT *, threads as unread_count\n FROM " . TABLE_PREFIX . "forums\n WHERE active != 0 " . ($inactiveforums ? " AND fid NOT IN ({$inactiveforums})" : '') . "\n ORDER BY pid, disporder\n "); $forumsread = unserialize($mybb->cookies['mybb']['forumread']); } else { // Build a forum cache. $query = $db->query("\n SELECT f.*, fr.dateline AS lastread, fs.fsid, (\n select count(*) from " . TABLE_PREFIX . "threads where fid=f.fid and lastpost > fr.dateline\n ) as unread_count\n FROM " . TABLE_PREFIX . "forums f\n LEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')\n LEFT JOIN " . TABLE_PREFIX . "forumsubscriptions fs ON (fs.fid=f.fid AND fs.uid='{$mybb->user['uid']}')\n WHERE f.active != 0 " . ($inactiveforums ? " AND f.fid NOT IN ({$inactiveforums})" : '') . "\n ORDER BY pid, disporder\n "); } while ($forum = $db->fetch_array($query)) { if ($mybb->user['uid'] == 0) { if ($forumsread[$forum['fid']]) { $forum['lastread'] = $forumsread[$forum['fid']]; } } $fcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum; } $forumpermissions = forum_permissions(); $excols = "index"; $permissioncache['-1'] = "1"; $showdepth = 10; $xml_nodes = new xmlrpcval(array(), 'array'); $done = array(); $xml_tree = treeBuild(0, $fcache, $xml_nodes, $done); $xml_nodes->addArray($xml_tree); return new xmlrpcresp($xml_nodes); }
function remove_attachment_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; chdir("../"); $lang->load("member"); $parser = new postParser(); $input = Tapatalk_Input::filterXmlInput(array('attachment_id' => Tapatalk_Input::INT, 'forum_id' => Tapatalk_Input::INT, 'group_id' => Tapatalk_Input::STRING, 'post_id' => Tapatalk_Input::INT), $xmlrpc_params); $fid = $input['forum_id']; $forum = get_forum($fid); if (!$forum) { return xmlrespfalse($lang->error_invalidforum); } $forumpermissions = forum_permissions($fid); if ($forum['open'] == 0 || $forum['type'] != "f") { return xmlrespfalse($lang->error_closedinvalidforum); } if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) { return tt_no_permission(); } tt_check_forum_password($forum['fid']); $posthash = $input['group_id']; $mybb->input['posthash'] = $posthash; // If we're removing an attachment that belongs to an existing post, some security checks... $query = $db->simple_select("attachments", "pid", "aid='{$input['attachment_id']}'"); $attachment = $db->fetch_array($query); $pid = $attachment['pid']; if ($pid > 0) { if ($pid != $input['post_id']) { return xmlrespfalse("The attachment you are trying to remove does not belong to this post"); } $query = $db->simple_select("posts", "*", "pid='{$pid}'"); $post = $db->fetch_array($query); if (!$post['pid']) { return xmlrespfalse($lang->error_invalidpost); } // Get thread info $tid = $post['tid']; $thread = get_thread($tid); if (!$thread['tid']) { return xmlrespfalse($lang->error_invalidthread); } if (!is_moderator($fid, "caneditposts")) { if ($thread['closed'] == 1) { return xmlrespfalse($lang->redirect_threadclosed); } if ($forumpermissions['caneditposts'] == 0) { return tt_no_permission(); } if ($mybb->user['uid'] != $post['uid']) { return tt_no_permission(); } } } else { $pid = 0; } require_once MYBB_ROOT . "inc/functions_upload.php"; remove_attachment($pid, $mybb->input['posthash'], $input['attachment_id']); return xmlresptrue(); }
function upload_attach_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; $lang->load("member"); $parser = new postParser(); $input = Tapatalk_Input::filterXmlInput(array('forum_id' => Tapatalk_Input::INT, 'group_id' => Tapatalk_Input::STRING, 'content' => Tapatalk_Input::STRING), $xmlrpc_params); $fid = $input['forum_id']; //return xmlrespfalse(print_r($_FILES, true)); // Fetch forum information. $forum = get_forum($fid); if (!$forum) { return xmlrespfalse($lang->error_invalidforum); } $forumpermissions = forum_permissions($fid); if ($forum['open'] == 0 || $forum['type'] != "f") { return xmlrespfalse($lang->error_closedinvalidforum); } if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) { return tt_no_permission(); } // Check if this forum is password protected and we have a valid password tt_check_forum_password($forum['fid']); $posthash = $input['group_id']; if (empty($posthash)) { $posthash = md5($mybb->user['uid'] . random_str()); } $mybb->input['posthash'] = $posthash; if (!empty($mybb->input['pid'])) { $attachwhere = "pid='{$mybb->input['pid']}'"; } else { $attachwhere = "posthash='{$posthash}'"; } $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere); $attachcount = $db->fetch_field($query, "numattachs"); //if(is_array($_FILES['attachment']['name'])){ foreach ($_FILES['attachment'] as $k => $v) { if (is_array($_FILES['attachment'][$k])) { $_FILES['attachment'][$k] = $_FILES['attachment'][$k][0]; } } //} if ($_FILES['attachment']['type'] == 'image/jpg') { $_FILES['attachment']['type'] = 'image/jpeg'; } // If there's an attachment, check it and upload it if ($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) { require_once MYBB_ROOT . "inc/functions_upload.php"; $attachedfile = upload_attachment($_FILES['attachment'], false); } if (empty($attachedfile)) { return xmlrespfalse("No file uploaded"); } //return xmlrespfalse(print_r($attachedfile, true)); if ($attachedfile['error']) { return xmlrespfalse(implode(" :: ", $attachedfile['error'])); } $result = new xmlrpcval(array('attachment_id' => new xmlrpcval($attachedfile['aid'], 'string'), 'group_id' => new xmlrpcval($posthash, 'string'), 'result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'file_size' => new xmlrpcval($attachedfile['filesize'], 'int')), 'struct'); return new xmlrpcresp($result); }
/** * Fetches the number of unread threads for the current user in a particular forum. * * @param string The forums (CSV list) * @return int The number of unread threads */ function fetch_unread_count($fid) { global $cache, $db, $mybb; $onlyview = $onlyview2 = ''; $permissions = forum_permissions($fid); $cutoff = TIME_NOW - $mybb->settings['threadreadcut'] * 60 * 60 * 24; if (!empty($permissions['canonlyviewownthreads'])) { $onlyview = " AND uid = '{$mybb->user['uid']}'"; $onlyview2 = " AND t.uid = '{$mybb->user['uid']}'"; } if ($mybb->user['uid'] == 0) { $comma = ''; $tids = ''; $threadsread = my_unserialize($mybb->cookies['mybb']['threadread']); $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']); if (!empty($threadsread)) { foreach ($threadsread as $key => $value) { $tids .= $comma . intval($key); $comma = ','; } } if (!empty($tids)) { $count = 0; // We've read at least some threads, are they here? $query = $db->simple_select("threads", "lastpost, tid, fid", "visible=1 AND closed NOT LIKE 'moved|%' AND fid IN ({$fid}) AND lastpost > '{$cutoff}'{$onlyview}", array("limit" => 100)); while ($thread = $db->fetch_array($query)) { if ($thread['lastpost'] > intval($threadsread[$thread['tid']]) && $thread['lastpost'] > intval($forumsread[$thread['fid']])) { ++$count; } } return $count; } // Not read any threads? return false; } else { // START - Unread posts MOD $fieldname = 'dateline'; if (function_exists("unreadPosts_is_installed") && unreadPosts_is_installed()) { $cutoff = $mybb->user['lastmark']; } // END - Unread posts MOD switch ($db->type) { case "pgsql": $query = $db->query("\n SELECT COUNT(t.tid) AS unread_count\n FROM " . TABLE_PREFIX . "threads t\n LEFT JOIN " . TABLE_PREFIX . "threadsread tr ON (tr.tid=t.tid AND tr.uid='{$mybb->user['uid']}')\n LEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=t.fid AND fr.uid='{$mybb->user['uid']}')\n WHERE t.visible=1 AND t.closed NOT LIKE 'moved|%' \n AND t.fid IN ({$fid}) \n AND t.lastpost > COALESCE(tr.dateline,{$cutoff}) \n AND t.lastpost > COALESCE(fr.dateline,{$cutoff}) \n AND t.lastpost > {$cutoff}\n {$onlyview2}\n "); break; default: $query = $db->query("\n SELECT COUNT(t.tid) AS unread_count\n FROM " . TABLE_PREFIX . "threads t\n LEFT JOIN " . TABLE_PREFIX . "threadsread tr ON (tr.tid=t.tid AND tr.uid='{$mybb->user['uid']}')\n LEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=t.fid AND fr.uid='{$mybb->user['uid']}')\n WHERE t.visible=1 AND t.closed NOT LIKE 'moved|%' \n AND t.fid IN ({$fid}) \n AND t.lastpost > IFNULL(tr.dateline,{$cutoff}) \n AND t.lastpost > IFNULL(fr.dateline,{$cutoff}) \n AND t.lastpost > {$cutoff}\n {$onlyview2}\n "); } return (int) $db->fetch_field($query, "unread_count"); } }
function subscribe_topic_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; $lang->load("usercp"); $input = Tapatalk_Input::filterXmlInput(array('topic_id' => Tapatalk_Input::INT), $xmlrpc_params); $thread = get_thread($input['topic_id']); if (!$thread['tid']) { return xmlrespfalse($lang->error_invalidthread); } $forumpermissions = forum_permissions($thread['fid']); if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) { return tt_no_permission(); } add_subscribed_thread($thread['tid'], 0); return xmlresptrue(); }
/** This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass. */ public function action() { global $mybb, $db; $api = APISystem::get_instance(); if (isset($api->paths[1]) && is_string($api->paths[1])) { $forums = cache_forums(); switch (strtolower($api->paths[1])) { case "list": if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) { return (object) $forums[$api->paths[2]]; } else { return (object) $forums; } break; case "threads": if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) { $threads = array(); $fid = $db->escape_string($api->paths[2]); $query = $db->write_query("SELECT * FROM " . TABLE_PREFIX . "threads t WHERE t.`fid` = '{$fid}'"); while ($thread = $db->fetch_array($query)) { $threads[$thread["tid"]] = $thread; } return (object) $threads; } else { // what forum? } break; case "permissions": if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]]) && $this->is_authenticated()) { return (object) forum_permissions($api->paths[2], $this->get_user()->id, $this->get_user()->usergroup); } else { //what forum? } default: break; } } throw new BadRequestException("No valid option given in the URL."); }
function get_subscribed_forum_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; $lang->load("usercp"); if ($mybb->user['uid'] == 0 || $mybb->usergroup['canusercp'] == 0) { return tt_no_permission(); } $query = $db->simple_select("forumpermissions", "*", "gid='" . $db->escape_string($mybb->user['usergroup']) . "'"); while ($permissions = $db->fetch_array($query)) { $permissioncache[$permissions['gid']][$permissions['fid']] = $permissions; } // Build a forum cache. $query = $db->query("\n\t\tSELECT f.fid, fr.dateline AS lastread\n\t\tFROM " . TABLE_PREFIX . "forums f\n\t\tLEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')\n\t\tWHERE f.active != 0\n\t\tORDER BY pid, disporder\n\t"); while ($forum = $db->fetch_array($query)) { if ($mybb->user['uid'] == 0) { if ($forumsread[$forum['fid']]) { $forum['lastread'] = $forumsread[$forum['fid']]; } } $readforums[$forum['fid']] = $forum['lastread']; } require_once MYBB_ROOT . "inc/functions_forumlist.php"; $fpermissions = forum_permissions(); $query = $db->query("\n\t\tSELECT fs.*, f.*, t.subject AS lastpostsubject, fr.dateline AS lastread\n\t\tFROM " . TABLE_PREFIX . "forumsubscriptions fs\n\t\tLEFT JOIN " . TABLE_PREFIX . "forums f ON (f.fid = fs.fid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid = f.lastposttid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')\n\t\tWHERE f.type='f' AND fs.uid='" . $mybb->user['uid'] . "'\n\t\tORDER BY f.name ASC\n\t"); $forums = ''; $forum_list = array(); while ($forum = $db->fetch_array($query)) { $forumpermissions = $fpermissions[$forum['fid']]; if ($forumpermissions['canview'] != 0) { $lightbulb = get_forum_lightbulb(array('open' => $forum['open'], 'lastread' => $forum['lastread']), array('lastpost' => $forum['lastpost'])); $forum_list[] = new xmlrpcval(array('forum_id' => new xmlrpcval($forum['fid'], 'string'), 'forum_name' => new xmlrpcval(basic_clean($forum['name']), 'base64'), 'is_protected' => new xmlrpcval(!empty($forum['password']), 'boolean'), 'new_post' => new xmlrpcval($lightbulb['folder'] == 'on', 'boolean')), 'struct'); } } $result = new xmlrpcval(array('total_forums_num' => new xmlrpcval(count($forum_list), 'int'), 'forums' => new xmlrpcval($forum_list, 'array')), 'struct'); return new xmlrpcresp($result); }
if (!$mybb->user['ismoderator']) { $sql[] = "p.visible='1'"; $sql[] = "t.visible='1'"; } $sql = implode(' AND ', $sql); $query = $db->query("\n\t\t\tSELECT p.pid, p.uid, p.fid, p.visible, p.message, t.tid, t.subject, t.visible AS thread_visible\n\t\t\tFROM " . TABLE_PREFIX . "posts p\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\t\tWHERE {$sql}\n\t\t"); $forumpermissions = array(); while ($post = $db->fetch_array($query)) { if (($post['visible'] == 0 || $post['thread_visible'] == 0) && !is_moderator($post['fid'], 'canviewunapprove')) { continue; } if (($post['visible'] == -1 || $post['thread_visible'] == -1) && !is_moderator($post['fid'], 'canviewdeleted')) { continue; } if (!isset($forumpermissions[$post['fid']])) { $forumpermissions[$post['fid']] = forum_permissions($post['fid']); } // Make sure we can view this post if (isset($forumpermissions[$post['fid']]['canonlyviewownthreads']) && $forumpermissions[$post['fid']]['canonlyviewownthreads'] == 1 && $post['uid'] != $mybb->user['uid']) { continue; } $post_reputation[$post['pid']] = $post; } } $reputation_votes = ''; foreach ($reputation_cache as $reputation_vote) { // Get the reputation for the user who posted this comment if ($reputation_vote['adduid'] == 0) { $reputation_vote['user_reputation'] = 0; } $reputation_vote['user_reputation'] = get_reputation($reputation_vote['user_reputation'], $reputation_vote['adduid']);
/** * Updates a post that is already in the database. * */ function update_post() { global $db, $mybb, $plugins; // Yes, validating is required. if ($this->get_validated() != true) { die("The post needs to be validated before inserting it into the DB."); } if (count($this->get_errors()) > 0) { die("The post is not valid."); } $post =& $this->data; $post['pid'] = (int) $post['pid']; $existing_post = get_post($post['pid']); $post['tid'] = $existing_post['tid']; $post['fid'] = $existing_post['fid']; $forum = get_forum($post['fid']); $forumpermissions = forum_permissions($post['fid'], $post['uid']); // Check if this is the first post in a thread. $options = array("order_by" => "dateline", "order_dir" => "asc", "limit_start" => 0, "limit" => 1); $query = $db->simple_select("posts", "pid", "tid='" . (int) $post['tid'] . "'", $options); $first_post_check = $db->fetch_array($query); if ($first_post_check['pid'] == $post['pid']) { $first_post = true; } else { $first_post = false; } // Decide on the visibility of this post. $ismod = is_moderator($post['fid'], "", $post['uid']); // Keep visibility for unapproved and deleted posts if ($existing_post['visible'] == 0) { $visible = 0; } elseif ($existing_post['visible'] == -1) { $visible = -1; } elseif ($forumpermissions['mod_edit_posts'] == 1 && !$ismod) { $visible = 0; require_once MYBB_ROOT . "inc/class_moderation.php"; $moderation = new Moderation(); $moderation->unapprove_posts(array($post['pid'])); } else { $visible = 1; } // Update the thread details that might have been changed first. if ($first_post) { $this->tid = $post['tid']; if (isset($post['prefix'])) { $this->thread_update_data['prefix'] = (int) $post['prefix']; } if (isset($post['subject'])) { $this->thread_update_data['subject'] = $db->escape_string($post['subject']); } if (isset($post['icon'])) { $this->thread_update_data['icon'] = (int) $post['icon']; } if (count($this->thread_update_data) > 0) { $plugins->run_hooks("datahandler_post_update_thread", $this); $db->update_query("threads", $this->thread_update_data, "tid='" . (int) $post['tid'] . "'"); } } // Prepare array for post updating. $this->pid = $post['pid']; if (isset($post['subject'])) { $this->post_update_data['subject'] = $db->escape_string($post['subject']); } if (isset($post['message'])) { $this->post_update_data['message'] = $db->escape_string($post['message']); } if (isset($post['editreason']) && trim($post['editreason']) != '') { $this->post_update_data['editreason'] = $db->escape_string(trim($post['editreason'])); } if (isset($post['icon'])) { $this->post_update_data['icon'] = (int) $post['icon']; } if (isset($post['options'])) { if (isset($post['options']['disablesmilies'])) { $this->post_update_data['smilieoff'] = $db->escape_string($post['options']['disablesmilies']); } if (isset($post['options']['signature'])) { $this->post_update_data['includesig'] = $db->escape_string($post['options']['signature']); } } // If we need to show the edited by, let's do so. if ($mybb->settings['showeditedby'] == 1 && !is_moderator($post['fid'], "caneditposts", $post['edit_uid']) || $mybb->settings['showeditedbyadmin'] == 1 && is_moderator($post['fid'], "caneditposts", $post['edit_uid'])) { $this->post_update_data['edituid'] = (int) $post['edit_uid']; $this->post_update_data['edittime'] = TIME_NOW; } $plugins->run_hooks("datahandler_post_update", $this); $db->update_query("posts", $this->post_update_data, "pid='" . (int) $post['pid'] . "'"); // Automatic subscription to the thread if ($post['options']['subscriptionmethod'] != "" && $post['uid'] > 0) { switch ($post['options']['subscriptionmethod']) { case "pm": $notification = 2; break; case "email": $notification = 1; break; default: $notification = 0; } require_once MYBB_ROOT . "inc/functions_user.php"; add_subscribed_thread($post['tid'], $notification, $post['uid']); } else { $db->delete_query("threadsubscriptions", "uid='" . (int) $post['uid'] . "' AND tid='" . (int) $post['tid'] . "'"); } update_forum_lastpost($post['fid']); update_last_post($post['tid']); // Return the thread's first post id and whether or not it is visible. $this->return_values = array('visible' => $visible, 'first_post' => $first_post); $plugins->run_hooks("datahandler_post_update_end", $this); return $this->return_values; }
/** * Gets a list of forums and possibly subforums. * * @param int The parent forum to get the childforums for. * @return array Array of information regarding the child forums of this parent forum */ function build_archive_forumbits($pid = 0) { global $db, $forumpermissions, $mybb, $lang, $archiveurl, $base_url; // Sort out the forum cache first. static $fcache; if (!is_array($fcache)) { // Fetch forums $query = $db->simple_select("forums", "*", "active!=0 AND password=''", array('order_by' => 'pid, disporder')); while ($forum = $db->fetch_array($query)) { $fcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum; } $forumpermissions = forum_permissions(); } // Start the process. if (is_array($fcache[$pid])) { foreach ($fcache[$pid] as $key => $main) { foreach ($main as $key => $forum) { $perms = $forumpermissions[$forum['fid']]; if (($perms['canview'] == 1 || $mybb->settings['hideprivateforums'] == 0) && $forum['active'] != 0) { if ($forum['linkto']) { $forums .= "<li><a href=\"{$forum['linkto']}\">{$forum['name']}</a>"; } elseif ($forum['type'] == "c") { $forums .= "<li><strong><a href=\"{$base_url}forum-{$forum['fid']}.html\">{$forum['name']}</a></strong>"; } else { $forums .= "<li><a href=\"{$base_url}forum-{$forum['fid']}.html\">{$forum['name']}</a>"; } if ($fcache[$forum['fid']]) { $forums .= "\n<ol>\n"; $forums .= build_archive_forumbits($forum['fid']); $forums .= "</ol>\n"; } $forums .= "</li>\n"; } } } } return $forums; }
function m_get_moderate_post_func($xmlrpc_params) { global $input, $post, $thread, $forum, $pid, $tid, $fid, $modlogdata, $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $moderation, $parser; $input = Tapatalk_Input::filterXmlInput(array('start_num' => Tapatalk_Input::INT, 'last_num' => Tapatalk_Input::INT), $xmlrpc_params); mod_setup(); list($start, $limit) = process_page($input['start_num'], $input['last_num']); // Load global language phrases $lang->load("modcp"); if ($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1) { return tt_no_permission(); } $errors = ''; // SQL for fetching items only related to forums this user moderates $moderated_forums = array(); if ($mybb->usergroup['issupermod'] != 1) { $query = $db->simple_select("moderators", "*", "id='{$mybb->user['uid']}' AND isgroup = '0'"); while ($forum = $db->fetch_array($query)) { $flist .= ",'{$forum['fid']}'"; $children = get_child_list($forum['fid']); if (!empty($children)) { $flist .= ",'" . implode("','", $children) . "'"; } $moderated_forums[] = $forum['fid']; } if ($flist) { $tflist = " AND t.fid IN (0{$flist})"; $flist = " AND fid IN (0{$flist})"; } } else { $flist = $tflist = ''; } $forum_cache = $cache->read("forums"); $query = $db->query("\n SELECT COUNT(pid) AS unapprovedposts\n FROM " . TABLE_PREFIX . "posts p\n LEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid\n "); $unapproved_posts = $db->fetch_field($query, "unapprovedposts"); $query = $db->query("\n SELECT p.pid, p.subject, p.message, t.subject AS threadsubject, t.tid, u.username, p.uid, t.fid, p.dateline, u.avatar, t.views, t.replies, IF(b.lifted > UNIX_TIMESTAMP() OR b.lifted = 0, 1, 0) as isbanned\n FROM " . TABLE_PREFIX . "posts p\n LEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n LEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=p.uid)\n LEFT JOIN " . TABLE_PREFIX . "banned b ON (b.uid = p.uid)\n left join " . TABLE_PREFIX . "forums f on f.fid = t.fid\n WHERE p.visible='0' {$tflist} AND t.firstpost != p.pid\n ORDER BY p.dateline DESC\n LIMIT {$start}, {$limit}\n "); $forumcache = $cache->read("forums"); $post_list = array(); while ($post = $db->fetch_array($query)) { $post['threadsubject'] = $parser->parse_badwords($post['threadsubject']); $forumpermissions = forum_permissions($post['fid']); $can_delete = 0; if ($mybb->user['uid'] == $post['uid']) { if ($forumpermissions['candeletethreads'] == 1 && $post['replies'] == 0) { $can_delete = 1; } else { if ($forumpermissions['candeleteposts'] == 1 && $post['replies'] > 0) { $can_delete = 1; } } } $can_delete = (is_moderator($post['fid'], "candeleteposts") || $can_delete == 1) && $mybb->user['uid'] != 0; $post_list[] = new xmlrpcval(array('forum_id' => new xmlrpcval($post['fid'], 'string'), 'forum_name' => new xmlrpcval(basic_clean($forumcache[$post['fid']]['name']), 'base64'), 'topic_id' => new xmlrpcval($post['tid'], 'string'), 'topic_title' => new xmlrpcval($post['threadsubject'], 'base64'), 'post_id' => new xmlrpcval($post['pid'], 'string'), 'post_title' => new xmlrpcval($post['subject'], 'base64'), 'post_author_name' => new xmlrpcval($post['username'], 'base64'), 'icon_url' => new xmlrpcval(absolute_url($post['avatar']), 'string'), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($post['dateline']), 'dateTime.iso8601'), 'short_content' => new xmlrpcval(process_short_content($post['message'], $parser), 'base64'), 'reply_number' => new xmlrpcval($post['replies'], 'int'), 'view_number' => new xmlrpcval($post['views'], 'int'), 'can_delete' => new xmlrpcval($can_delete, 'boolean'), 'can_approve' => new xmlrpcval(is_moderator($post['fid'], "canmanagethreads"), 'boolean'), 'can_move' => new xmlrpcval(is_moderator($post['fid'], "canmovetononmodforum"), 'boolean'), 'can_ban' => new xmlrpcval($mybb->usergroup['canmodcp'] == 1, 'boolean'), 'is_ban' => new xmlrpcval($post['isbanned'], 'boolean'), 'is_approved' => new xmlrpcval(false, 'boolean'), 'is_deleted' => new xmlrpcval(false, 'boolean')), "struct"); } $result = new xmlrpcval(array('total_post_num' => new xmlrpcval($unapproved_posts, 'int'), 'posts' => new xmlrpcval($post_list, 'array')), 'struct'); return new xmlrpcresp($result); }
/** * Build a comma separated list of the forums this user cannot search * * @param int The parent ID to build from * @param int First rotation or not (leave at default) * @return return a CSV list of forums the user cannot search */ function get_unsearchable_forums($pid = "0", $first = 1) { global $db, $forum_cache, $permissioncache, $mybb, $unsearchableforums, $unsearchable, $templates, $forumpass; $pid = intval($pid); if (!is_array($forum_cache)) { // Get Forums $query = $db->simple_select("forums", "fid,parentlist,password,active", '', array('order_by' => 'pid, disporder')); while ($forum = $db->fetch_array($query)) { $forum_cache[$forum['fid']] = $forum; } } if (!is_array($permissioncache)) { $permissioncache = forum_permissions(); } foreach ($forum_cache as $fid => $forum) { if ($permissioncache[$forum['fid']]) { $perms = $permissioncache[$forum['fid']]; } else { $perms = $mybb->usergroup; } $pwverified = 1; if ($forum['password'] != '') { if ($mybb->cookies['forumpass'][$forum['fid']] != md5($mybb->user['uid'] . $forum['password'])) { $pwverified = 0; } } $parents = explode(",", $forum['parentlist']); if (is_array($parents)) { foreach ($parents as $parent) { if ($forum_cache[$parent]['active'] == 0) { $forum['active'] = 0; } } } if ($perms['canview'] != 1 || $perms['cansearch'] != 1 || $pwverified == 0 || $forum['active'] == 0) { if ($unsearchableforums) { $unsearchableforums .= ","; } $unsearchableforums .= "'{$forum['fid']}'"; } } $unsearchable = $unsearchableforums; // Get our unsearchable password protected forums $pass_protected_forums = get_password_protected_forums(); if ($unsearchable && $pass_protected_forums) { $unsearchable .= ","; } if ($pass_protected_forums) { $unsearchable .= implode(",", $pass_protected_forums); } return $unsearchable; }
/** * Builds a friendly named Who's Online location from an "activity" and array of user data. Assumes fetch_wol_activity has already been called. * * @param array Array containing activity and essential IDs. * @return string Location name for the activity being performed. */ function build_friendly_wol_location($user_activity) { global $db, $lang, $uid_list, $aid_list, $pid_list, $tid_list, $fid_list, $ann_list, $eid_list, $plugins, $parser, $mybb; global $threads, $forums, $forums_linkto, $forum_cache, $posts, $announcements, $events, $usernames, $attachments; // Fetch forum permissions for this user $unviewableforums = get_unviewable_forums(); $inactiveforums = get_inactive_forums(); $fidnot = ''; $unviewablefids = $inactivefids = array(); if ($unviewableforums) { $fidnot = " AND fid NOT IN ({$unviewableforums})"; $unviewablefids = explode(',', $unviewableforums); } if ($inactiveforums) { $fidnot .= " AND fid NOT IN ({$inactiveforums})"; $inactivefids = explode(',', $inactiveforums); } // Fetch any users if (!is_array($usernames) && count($uid_list) > 0) { $uid_sql = implode(",", $uid_list); if ($uid_sql != $mybb->user['uid']) { $query = $db->simple_select("users", "uid,username", "uid IN ({$uid_sql})"); while ($user = $db->fetch_array($query)) { $usernames[$user['uid']] = $user['username']; } } else { $usernames[$mybb->user['uid']] = $mybb->user['username']; } } // Fetch any attachments if (!is_array($attachments) && count($aid_list) > 0) { $aid_sql = implode(",", $aid_list); $query = $db->simple_select("attachments", "aid,pid", "aid IN ({$aid_sql})"); while ($attachment = $db->fetch_array($query)) { $attachments[$attachment['aid']] = $attachment['pid']; $pid_list[] = $attachment['pid']; } } // Fetch any announcements if (!is_array($announcements) && count($ann_list) > 0) { $aid_sql = implode(",", $ann_list); $query = $db->simple_select("announcements", "aid,subject", "aid IN ({$aid_sql}) {$fidnot}"); while ($announcement = $db->fetch_array($query)) { $announcement_title = htmlspecialchars_uni($parser->parse_badwords($announcement['subject'])); $announcements[$announcement['aid']] = $announcement_title; } } // Fetch any posts if (!is_array($posts) && count($pid_list) > 0) { $pid_sql = implode(",", $pid_list); $query = $db->simple_select("posts", "pid,tid", "pid IN ({$pid_sql}) {$fidnot}"); while ($post = $db->fetch_array($query)) { $posts[$post['pid']] = $post['tid']; $tid_list[] = $post['tid']; } } // Fetch any threads if (!is_array($threads) && count($tid_list) > 0) { $perms = array(); $tid_sql = implode(",", $tid_list); $query = $db->simple_select('threads', 'uid, fid, tid, subject, visible, prefix', "tid IN({$tid_sql}) {$fidnot}"); $threadprefixes = build_prefixes(); while ($thread = $db->fetch_array($query)) { $thread['threadprefix'] = ''; if ($thread['prefix'] && !empty($threadprefixes[$thread['prefix']])) { $thread['threadprefix'] = $threadprefixes[$thread['prefix']]['displaystyle']; } if (empty($perms[$thread['fid']])) { $perms[$thread['fid']] = forum_permissions($thread['fid']); } if (isset($perms[$thread['fid']]['canonlyviewownthreads']) && $perms[$thread['fid']]['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid'] && !is_moderator($thread['fid'])) { continue; } if (is_moderator($thread['fid']) || $thread['visible'] == 1) { $thread_title = ''; if ($thread['threadprefix']) { $thread_title = $thread['threadprefix'] . ' '; } $thread_title .= htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); $threads[$thread['tid']] = $thread_title; $fid_list[] = $thread['fid']; } } } // Fetch any forums if (!is_array($forums) && count($fid_list) > 0) { $fidnot = array_merge($unviewablefids, $inactivefids); foreach ($forum_cache as $fid => $forum) { if (in_array($fid, $fid_list) && !in_array($fid, $fidnot)) { $forums[$fid] = $forum['name']; $forums_linkto[$fid] = $forum['linkto']; } } } // And finaly any events if (!is_array($events) && count($eid_list) > 0) { $eid_sql = implode(",", $eid_list); $query = $db->simple_select("events", "eid,name", "eid IN ({$eid_sql})"); while ($event = $db->fetch_array($query)) { $events[$event['eid']] = htmlspecialchars_uni($parser->parse_badwords($event['name'])); } } // Now we've got everything we need we can put a name to the location switch ($user_activity['activity']) { // announcement.php functions case "announcements": if (!empty($announcements[$user_activity['ann']])) { $location_name = $lang->sprintf($lang->viewing_announcements, get_announcement_link($user_activity['ann']), $announcements[$user_activity['ann']]); } else { $location_name = $lang->viewing_announcements2; } break; // attachment.php actions // attachment.php actions case "attachment": $pid = $attachments[$user_activity['aid']]; $tid = $posts[$pid]; if (!empty($threads[$tid])) { $location_name = $lang->sprintf($lang->viewing_attachment2, $user_activity['aid'], $threads[$tid], get_thread_link($tid)); } else { $location_name = $lang->viewing_attachment; } break; // calendar.php functions // calendar.php functions case "calendar": $location_name = $lang->viewing_calendar; break; case "calendar_event": if (!empty($events[$user_activity['eid']])) { $location_name = $lang->sprintf($lang->viewing_event2, get_event_link($user_activity['eid']), $events[$user_activity['eid']]); } else { $location_name = $lang->viewing_event; } break; case "calendar_addevent": $location_name = $lang->adding_event; break; case "calendar_editevent": $location_name = $lang->editing_event; break; case "contact": $location_name = $lang->viewing_contact_us; break; // editpost.php functions // editpost.php functions case "editpost": $location_name = $lang->editing_post; break; // forumdisplay.php functions // forumdisplay.php functions case "forumdisplay": if (!empty($forums[$user_activity['fid']])) { if ($forums_linkto[$user_activity['fid']]) { $location_name = $lang->sprintf($lang->forum_redirect_to, get_forum_link($user_activity['fid']), $forums[$user_activity['fid']]); } else { $location_name = $lang->sprintf($lang->viewing_forum2, get_forum_link($user_activity['fid']), $forums[$user_activity['fid']]); } } else { $location_name = $lang->viewing_forum; } break; // index.php functions // index.php functions case "index": $location_name = $lang->sprintf($lang->viewing_index, $mybb->settings['bbname']); break; // managegroup.php functions // managegroup.php functions case "managegroup": $location_name = $lang->managing_group; break; // member.php functions // member.php functions case "member_activate": $location_name = $lang->activating_account; break; case "member_profile": if (!empty($usernames[$user_activity['uid']])) { $location_name = $lang->sprintf($lang->viewing_profile2, get_profile_link($user_activity['uid']), $usernames[$user_activity['uid']]); } else { $location_name = $lang->viewing_profile; } break; case "member_register": $location_name = $lang->registering; break; case "member": case "member_login": // Guest or member? if ($mybb->user['uid'] == 0) { $location_name = $lang->logging_in; } else { $location_name = $lang->logging_in_plain; } break; case "member_logout": $location_name = $lang->logging_out; break; case "member_emailuser": $location_name = $lang->emailing_user; break; case "member_rate": $location_name = $lang->rating_user; break; case "member_resendactivation": $location_name = $lang->member_resendactivation; break; case "member_lostpw": $location_name = $lang->member_lostpw; break; // memberlist.php functions // memberlist.php functions case "memberlist": $location_name = $lang->viewing_memberlist; break; // misc.php functions // misc.php functions case "misc_dstswitch": $location_name = $lang->changing_dst; break; case "misc_whoposted": if (!empty($threads[$user_activity['tid']])) { $location_name = $lang->sprintf($lang->viewing_whoposted2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']]); } else { $location_name = $lang->viewing_whoposted; } break; case "misc_markread": $location_name = $lang->sprintf($lang->marking_read, $mybb->post_code); break; case "misc_help": $location_name = $lang->viewing_helpdocs; break; case "misc_buddypopup": $location_name = $lang->viewing_buddylist; break; case "misc_smilies": $location_name = $lang->viewing_smilies; break; case "misc_syndication": $location_name = $lang->viewing_syndication; break; case "misc_imcenter": $location_name = $lang->viewing_imcenter; break; // modcp.php functions // modcp.php functions case "modcp_modlogs": $location_name = $lang->viewing_modlogs; break; case "modcp_announcements": $location_name = $lang->managing_announcements; break; case "modcp_finduser": $location_name = $lang->search_for_user; break; case "modcp_warninglogs": $location_name = $lang->managing_warninglogs; break; case "modcp_ipsearch": $location_name = $lang->searching_ips; break; case "modcp_report": $location_name = $lang->viewing_reports; break; case "modcp_new_announcement": $location_name = $lang->adding_announcement; break; case "modcp_delete_announcement": $location_name = $lang->deleting_announcement; break; case "modcp_edit_announcement": $location_name = $lang->editing_announcement; break; case "modcp_mod_queue": $location_name = $lang->managing_modqueue; break; case "modcp_editprofile": $location_name = $lang->editing_user_profiles; break; case "modcp_banning": $location_name = $lang->managing_bans; break; case "modcp": $location_name = $lang->viewing_modcp; break; // moderation.php functions // moderation.php functions case "moderation": $location_name = $lang->using_modtools; break; // newreply.php functions // newreply.php functions case "newreply": if (!empty($threads[$user_activity['tid']])) { $location_name = $lang->sprintf($lang->replying_thread2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']]); } else { $location_name = $lang->replying_thread; } break; // newthread.php functions // newthread.php functions case "newthread": if (!empty($forums[$user_activity['fid']])) { $location_name = $lang->sprintf($lang->posting_thread2, get_forum_link($user_activity['fid']), $forums[$user_activity['fid']]); } else { $location_name = $lang->posting_thread; } break; // online.php functions // online.php functions case "wol": $location_name = $lang->viewing_wol; break; case "woltoday": $location_name = $lang->viewing_woltoday; break; // polls.php functions // polls.php functions case "newpoll": $location_name = $lang->creating_poll; break; case "editpoll": $location_name = $lang->editing_poll; break; case "showresults": $location_name = $lang->viewing_pollresults; break; case "vote": $location_name = $lang->voting_poll; break; // printthread.php functions // printthread.php functions case "printthread": if (!empty($threads[$user_activity['tid']])) { $location_name = $lang->sprintf($lang->printing_thread2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']]); } else { $location_name = $lang->printing_thread; } break; // private.php functions // private.php functions case "private_send": $location_name = $lang->sending_pm; break; case "private_read": $location_name = $lang->reading_pm; break; case "private_folders": $location_name = $lang->editing_pmfolders; break; case "private": $location_name = $lang->using_pmsystem; break; /* Ratethread functions */ /* Ratethread functions */ case "ratethread": $location_name = $lang->rating_thread; break; // report.php functions // report.php functions case "report": $location_name = $lang->reporting_post; break; // reputation.php functions // reputation.php functions case "reputation": $location_name = $lang->sprintf($lang->giving_reputation, get_profile_link($user_activity['uid']), $usernames[$user_activity['uid']]); break; case "reputation_report": if (!empty($usernames[$user_activity['uid']])) { $location_name = $lang->sprintf($lang->viewing_reputation_report, "reputation.php?uid={$user_activity['uid']}", $usernames[$user_activity['uid']]); } else { $location_name = $lang->sprintf($lang->viewing_reputation_report2); } break; // search.php functions // search.php functions case "search": $location_name = $lang->sprintf($lang->searching_forum, $mybb->settings['bbname']); break; // showthread.php functions // showthread.php functions case "showthread": if (!empty($threads[$user_activity['tid']])) { $pagenote = ''; $location_name = $lang->sprintf($lang->reading_thread2, get_thread_link($user_activity['tid']), $threads[$user_activity['tid']], $pagenote); } else { $location_name = $lang->reading_thread; } break; case "showpost": if (!empty($posts[$user_activity['pid']]) && !empty($threads[$posts[$user_activity['pid']]])) { $pagenote = ''; $location_name = $lang->sprintf($lang->reading_thread2, get_thread_link($posts[$user_activity['pid']]), $threads[$posts[$user_activity['pid']]], $pagenote); } else { $location_name = $lang->reading_thread; } break; // showteam.php functions // showteam.php functions case "showteam": $location_name = $lang->viewing_team; break; // stats.php functions // stats.php functions case "stats": $location_name = $lang->viewing_stats; break; // usercp.php functions // usercp.php functions case "usercp_profile": $location_name = $lang->updating_profile; break; case "usercp_editlists": $location_name = $lang->managing_buddyignorelist; break; case "usercp_options": $location_name = $lang->updating_options; break; case "usercp_editsig": $location_name = $lang->editing_signature; break; case "usercp_avatar": $location_name = $lang->changing_avatar; break; case "usercp_subscriptions": $location_name = $lang->viewing_subscriptions; break; case "usercp_favorites": $location_name = $lang->viewing_favorites; break; case "usercp_notepad": $location_name = $lang->editing_pad; break; case "usercp_password": $location_name = $lang->editing_password; break; case "usercp": $location_name = $lang->user_cp; break; case "usercp2_favorites": $location_name = $lang->managing_favorites; break; case "usercp2_subscriptions": $location_name = $lang->managing_subscriptions; break; case "portal": $location_name = $lang->viewing_portal; break; // sendthread.php functions // sendthread.php functions case "sendthread": $location_name = $lang->sending_thread; break; // warnings.php functions // warnings.php functions case "warnings_revoke": $location_name = $lang->revoking_warning; break; case "warnings_warn": $location_name = $lang->warning_user; break; case "warnings_view": $location_name = $lang->viewing_warning; break; case "warnings": $location_name = $lang->managing_warnings; break; } $plugin_array = array('user_activity' => &$user_activity, 'location_name' => &$location_name); $plugins->run_hooks("build_friendly_wol_location_end", $plugin_array); if (isset($user_activity['nopermission']) && $user_activity['nopermission'] == 1) { $location_name = $lang->viewing_noperms; } if (!$location_name) { $location_name = $lang->sprintf($lang->unknown_location, $user_activity['location']); } return $location_name; }
} $visibleonly = "AND visible='1'"; $visibleonly2 = "AND p.visible='1' AND t.visible='1'"; // Is the currently logged in user a moderator of this forum? if (is_moderator($fid)) { $visibleonly = " AND (visible='1' OR visible='0')"; $visibleonly2 = "AND (p.visible='1' OR p.visible='0') AND (t.visible='1' OR t.visible='0')"; $ismod = true; } else { $ismod = false; } // Make sure we are looking at a real thread here. if (!$thread || $thread['visible'] != 1 && $ismod == false || $thread['visible'] > 1 && $ismod == true) { error($lang->error_invalidthread); } $forumpermissions = forum_permissions($thread['fid']); // Does the user have permission to view this thread? if ($forumpermissions['canview'] != 1 || $forumpermissions['canviewthreads'] != 1) { error_no_permission(); } if (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) { error_no_permission(); } $archive_url = build_archive_link("thread", $tid); // Does the thread belong to a valid forum? $forum = get_forum($fid); if (!$forum || $forum['type'] != "f") { error($lang->error_invalidforum); } // Check if this forum is password protected and we have a valid password check_forum_password($forum['fid']);
/** * Perform a thread and post search under MySQL or MySQLi using boolean fulltext capabilities * * @param array Array of search data * @return array Array of search data with results mixed in */ function perform_search_mysql_ft($search) { global $mybb, $db, $lang; $keywords = clean_keywords_ft($search['keywords']); if (!$keywords && !$search['author']) { error($lang->error_nosearchterms); } // Attempt to determine minimum word length from MySQL for fulltext searches $query = $db->query("SHOW VARIABLES LIKE 'ft_min_word_len';"); $min_length = $db->fetch_field($query, 'Value'); if (is_numeric($min_length)) { $mybb->settings['minsearchword'] = $min_length; } else { $mybb->settings['minsearchword'] = 4; } if ($keywords) { $keywords_exp = explode("\"", $keywords); $inquote = false; foreach ($keywords_exp as $phrase) { if (!$inquote) { $split_words = preg_split("#\\s{1,}#", $phrase, -1); foreach ($split_words as $word) { $word = str_replace(array("+", "-", "*"), '', $word); if (!$word) { continue; } if (my_strlen($word) < $mybb->settings['minsearchword']) { $all_too_short = true; } else { $all_too_short = false; break; } } } else { $phrase = str_replace(array("+", "-", "*"), '', $phrase); if (my_strlen($phrase) < $mybb->settings['minsearchword']) { $all_too_short = true; } else { $all_too_short = false; break; } } $inquote = !$inquote; } // Show the minimum search term error only if all search terms are too short if ($all_too_short == true) { $lang->error_minsearchlength = $lang->sprintf($lang->error_minsearchlength, $mybb->settings['minsearchword']); error($lang->error_minsearchlength); } $message_lookin = "AND MATCH(message) AGAINST('" . $db->escape_string($keywords) . "' IN BOOLEAN MODE)"; $subject_lookin = "AND MATCH(subject) AGAINST('" . $db->escape_string($keywords) . "' IN BOOLEAN MODE)"; } $post_usersql = ''; $thread_usersql = ''; if ($search['author']) { $userids = array(); if ($search['matchusername']) { $query = $db->simple_select("users", "uid", "username='******'author']) . "'"); } else { $search['author'] = my_strtolower($search['author']); $query = $db->simple_select("users", "uid", "LOWER(username) LIKE '%" . $db->escape_string_like($search['author']) . "%'"); } while ($user = $db->fetch_array($query)) { $userids[] = $user['uid']; } if (count($userids) < 1) { error($lang->error_nosearchresults); } else { $userids = implode(',', $userids); $post_usersql = " AND p.uid IN (" . $userids . ")"; $thread_usersql = " AND t.uid IN (" . $userids . ")"; } } $datecut = ''; if ($search['postdate']) { if ($search['pddir'] == 0) { $datecut = "<="; } else { $datecut = ">="; } $now = TIME_NOW; $datelimit = $now - 86400 * $search['postdate']; $datecut .= "'{$datelimit}'"; $post_datecut = " AND p.dateline {$datecut}"; $thread_datecut = " AND t.dateline {$datecut}"; } $thread_replycut = ''; if ($search['numreplies'] != '' && $search['findthreadst']) { if (intval($search['findthreadst']) == 1) { $thread_replycut = " AND t.replies >= '" . intval($search['numreplies']) . "'"; } else { $thread_replycut = " AND t.replies <= '" . intval($search['numreplies']) . "'"; } } $thread_prefixcut = ''; $prefixlist = array(); if ($search['threadprefix'] && $search['threadprefix'][0] != 'any') { foreach ($search['threadprefix'] as $threadprefix) { $threadprefix = intval($threadprefix); $prefixlist[] = $threadprefix; } } if (count($prefixlist) == 1) { $thread_prefixcut .= " AND t.prefix='{$threadprefix}' "; } else { if (count($prefixlist) > 1) { $thread_prefixcut = " AND t.prefix IN (" . implode(',', $prefixlist) . ")"; } } $forumin = ''; $fidlist = array(); $searchin = array(); if ($search['forums'][0] != "all") { if (!is_array($search['forums'])) { $search['forums'] = array(intval($search['forums'])); } // Generate a comma separated list of all groups the user belongs to $user_groups = $mybb->user['usergroup']; if ($mybb->user['additionalgroups']) { $user_groups .= "," . $mybb->user['additionalgroups']; } foreach ($search['forums'] as $forum) { $forum = intval($forum); if (!$searchin[$forum]) { switch ($db->type) { case "pgsql": case "sqlite": $query = $db->query("\n\t\t\t\t\t\t\tSELECT f.fid\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "forums f\n\t\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermissions p ON (f.fid=p.fid AND p.gid IN (" . $user_groups . "))\n\t\t\t\t\t\t\tWHERE INSTR(','||parentlist||',',',{$forum},') > 0 AND active!=0 AND ((p.fid) IS NULL OR p.cansearch=1)\n\t\t\t\t\t\t"); break; default: $query = $db->query("\n\t\t\t\t\t\t\tSELECT f.fid\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "forums f\n\t\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "forumpermissions p ON (f.fid=p.fid AND p.gid IN (" . $user_groups . "))\n\t\t\t\t\t\t\tWHERE INSTR(CONCAT(',',parentlist,','),',{$forum},') > 0 AND active!=0 AND ((p.fid) IS NULL OR p.cansearch=1)\n\t\t\t\t\t\t"); } while ($sforum = $db->fetch_array($query)) { $fidlist[] = $sforum['fid']; } } } if (count($fidlist) == 1) { $forumin .= " AND t.fid='{$forum}' "; $searchin[$fid] = 1; } else { if (count($fidlist) > 1) { $forumin = " AND t.fid IN (" . implode(',', $fidlist) . ")"; } } } $permsql = ""; $onlyusfids = array(); // Check group permissions if we can't view threads not started by us $group_permissions = forum_permissions(); foreach ($group_permissions as $fid => $forum_permissions) { if ($forum_permissions['canonlyviewownthreads'] == 1) { $onlyusfids[] = $fid; } } if (!empty($onlyusfids)) { $permsql .= "AND ((t.fid IN(" . implode(',', $onlyusfids) . ") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN(" . implode(',', $onlyusfids) . "))"; } $unsearchforums = get_unsearchable_forums(); if ($unsearchforums) { $permsql .= " AND t.fid NOT IN ({$unsearchforums})"; } $inactiveforums = get_inactive_forums(); if ($inactiveforums) { $permsql .= " AND t.fid NOT IN ({$inactiveforums})"; } $visiblesql = $post_visiblesql = $plain_post_visiblesql = ""; if (isset($search['visible'])) { if ($search['visible'] == 1) { $visiblesql = " AND t.visible = '1'"; if ($search['postthread'] == 1) { $post_visiblesql = " AND p.visible = '1'"; $plain_post_visiblesql = " AND visible = '1'"; } } else { $visiblesql = " AND t.visible != '1'"; if ($search['postthread'] == 1) { $post_visiblesql = " AND p.visible != '1'"; $plain_post_visiblesql = " AND visible != '1'"; } } } // Searching a specific thread? if ($search['tid']) { $tidsql = " AND t.tid='" . intval($search['tid']) . "'"; } $limitsql = ''; if (intval($mybb->settings['searchhardlimit']) > 0) { $limitsql = "LIMIT " . intval($mybb->settings['searchhardlimit']); } // Searching both posts and thread titles $threads = array(); $posts = array(); $firstposts = array(); if ($search['postthread'] == 1) { // No need to search subjects when looking for results within a specific thread if (!$search['tid']) { $query = $db->query("\n\t\t\t\tSELECT t.tid, t.firstpost\n\t\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\t\tWHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} AND t.closed NOT LIKE 'moved|%' {$subject_lookin}\n\t\t\t\t{$limitsql}\n\t\t\t"); while ($thread = $db->fetch_array($query)) { $threads[$thread['tid']] = $thread['tid']; if ($thread['firstpost']) { $posts[$thread['tid']] = $thread['firstpost']; } } } $query = $db->query("\n\t\t\tSELECT p.pid, p.tid\n\t\t\tFROM " . TABLE_PREFIX . "posts p\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\t\tWHERE 1=1 {$post_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$post_usersql} {$permsql} {$tidsql} {$post_visiblesql} {$visiblesql} AND t.closed NOT LIKE 'moved|%' {$message_lookin}\n\t\t\t{$limitsql}\n\t\t"); while ($post = $db->fetch_array($query)) { $posts[$post['pid']] = $post['pid']; $threads[$post['tid']] = $post['tid']; } if (count($posts) < 1 && count($threads) < 1) { error($lang->error_nosearchresults); } $threads = implode(',', $threads); $posts = implode(',', $posts); } else { $query = $db->query("\n\t\t\tSELECT t.tid, t.firstpost\n\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\tWHERE 1=1 {$thread_datecut} {$thread_replycut} {$thread_prefixcut} {$forumin} {$thread_usersql} {$permsql} {$visiblesql} {$subject_lookin}\n\t\t\t{$limitsql}\n\t\t"); while ($thread = $db->fetch_array($query)) { $threads[$thread['tid']] = $thread['tid']; if ($thread['firstpost']) { $firstposts[$thread['tid']] = $thread['firstpost']; } } if (count($threads) < 1) { error($lang->error_nosearchresults); } $threads = implode(',', $threads); $firstposts = implode(',', $firstposts); if ($firstposts) { $query = $db->simple_select("posts", "pid", "pid IN ({$firstposts}) {$plain_post_visiblesql} {$limitsql}"); while ($post = $db->fetch_array($query)) { $posts[$post['pid']] = $post['pid']; } $posts = implode(',', $posts); } } return array("threads" => $threads, "posts" => $posts, "querycache" => ''); }
function xthreads_forumdisplay() { global $db, $threadfield_cache, $fid, $mybb, $tf_filters, $xt_filters, $filters_set, $xthreads_forum_filter_form, $xthreads_forum_filter_args; // the position of the "forumdisplay_start" hook is kinda REALLY annoying... $fid = (int) $mybb->input['fid']; if ($fid < 1 || !($forum = get_forum($fid))) { return; } // replicate some MyBB behaviour if (!isset($mybb->input['sortby']) && !empty($forum['defaultsortby'])) { $mybb->input['sortby'] = $forum['defaultsortby']; } $threadfield_cache = xthreads_gettfcache($fid); // Quick Thread integration if (!empty($threadfield_cache) && function_exists('quickthread_run')) { xthreads_forumdisplay_quickthread(); } $fpermissions = forum_permissions($fid); $show_threads = $fpermissions['canview'] == 1 && $fpermissions['canviewthreads'] != 0; $tf_filters = array(); $filters_set = array('__search' => array('hiddencss' => '', 'visiblecss' => 'display: none;', 'selected' => array('' => ' selected="selected"'), 'checked' => array('' => ' checked="checked"'), 'active' => array('' => 'filtertf_active'), 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active'), '__all' => array('hiddencss' => '', 'visiblecss' => 'display: none;', 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active')); $xthreads_forum_filter_form = $xthreads_forum_filter_args = ''; $use_default_filter = true; if (!empty($threadfield_cache)) { if ($show_threads) { function xthreads_forumdisplay_dbhook(&$s, &$db) { global $threadfield_cache, $fid, $plugins, $threadfields, $xthreads_forum_sort; //if(empty($threadfield_cache)) return; $fields = ''; foreach ($threadfield_cache as &$v) { $fields .= ', tfd.`' . $v['field'] . '` AS `xthreads_' . $v['field'] . '`'; } $sortjoin = ''; if (!empty($xthreads_forum_sort) && isset($xthreads_forum_sort['sortjoin'])) { $sortjoin = ' LEFT JOIN ' . $db->table_prefix . $xthreads_forum_sort['sortjoin']; } $s = strtr($s, array('SELECT t.*, ' => 'SELECT t.*' . $fields . ', ', 'WHERE t.fid=' => 'LEFT JOIN `' . $db->table_prefix . 'threadfields_data` tfd ON t.tid=tfd.tid' . $sortjoin . ' WHERE t.fid=')); $plugins->add_hook('forumdisplay_thread', 'xthreads_forumdisplay_thread'); $threadfields = array(); } control_object($db, ' function query($string, $hide_errors=0, $write_query=0) { static $done=false; if(!$done && !$write_query && strpos($string, \'SELECT t.*, \') && strpos($string, \'t.username AS threadusername, u.username\') && strpos($string, \'FROM ' . TABLE_PREFIX . 'threads t\')) { $done = true; xthreads_forumdisplay_dbhook($string, $this); } return parent::query($string, $hide_errors, $write_query); } '); } // also check for forumdisplay filters/sort // and generate form HTML foreach ($threadfield_cache as $n => &$tf) { $filters_set[$n] = array('hiddencss' => '', 'visiblecss' => 'display: none;', 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active'); if ($tf['ignoreblankfilter']) { // will be overwritten if not blank $filters_set[$n]['selected'] = array('' => ' selected="selected"'); $filters_set[$n]['checked'] = array('' => ' checked="checked"'); $filters_set[$n]['active'] = array('' => 'filtertf_active'); } if ($tf['allowfilter'] && isset($mybb->input['filtertf_' . $n]) && xthreads_user_in_groups($tf['viewable_gids'])) { $tf_filters[$n] = $mybb->input['filtertf_' . $n]; $use_default_filter = false; // ignore blank inputs if ($tf['ignoreblankfilter'] && (is_array($tf_filters[$n]) && (empty($tf_filters[$n]) || array_unique($tf_filters[$n]) == array('')) || $tf_filters[$n] === '')) { unset($tf_filters[$n]); } } } // sorting by thread fields if ($mybb->input['sortby'] && substr($mybb->input['sortby'], 0, 2) == 'tf') { global $xthreads_forum_sort; if (substr($mybb->input['sortby'], 0, 3) == 'tf_') { $n = substr($mybb->input['sortby'], 3); if (isset($threadfield_cache[$n]) && xthreads_empty($threadfield_cache[$n]['multival']) && $threadfield_cache[$n]['inputtype'] != XTHREADS_INPUT_FILE && xthreads_user_in_groups($threadfield_cache[$n]['viewable_gids'])) { if ($threadfield_cache[$n]['inputtype'] != XTHREADS_INPUT_TEXTAREA) { // also disallow sorting by textarea inputs $xthreads_forum_sort = array('t' => 'tfd.', 'sortby' => $mybb->input['sortby'], 'sortfield' => '`' . $n . '`'); } } } elseif (substr($mybb->input['sortby'], 0, 4) == 'tfa_') { $p = strpos($mybb->input['sortby'], '_', 5); if ($p) { $field = strtolower(substr($mybb->input['sortby'], 4, $p - 4)); $n = substr($mybb->input['sortby'], $p + 1); if (isset($threadfield_cache[$n]) && xthreads_empty($threadfield_cache[$n]['multival']) && $threadfield_cache[$n]['inputtype'] == XTHREADS_INPUT_FILE && xthreads_user_in_groups($threadfield_cache[$n]['viewable_gids']) && in_array($field, array('filename', 'filesize', 'uploadtime', 'updatetime', 'downloads'))) { $xthreads_forum_sort = array('t' => 'xta.', 'sortby' => $mybb->input['sortby'], 'sortfield' => '`' . $field . '`', 'sortjoin' => 'xtattachments xta ON tfd.`' . $n . '`=xta.aid'); } } } } } if (!isset($xthreads_forum_sort) && $mybb->input['sortby'] && in_array($mybb->input['sortby'], array('prefix', 'icon', 'lastposter', 'numratings', 'attachmentcount'))) { global $xthreads_forum_sort; switch ($mybb->input['sortby']) { case 'prefix': if ($mybb->version_code >= 1500) { $xthreads_forum_sort = array('t' => $mybb->version_code >= 1604 ? 't.' : 'p.', 'sortby' => $mybb->input['sortby'], 'sortfield' => $mybb->input['sortby']); } break; case 'icon': $xthreads_forum_sort = array('t' => 't.', 'sortby' => $mybb->input['sortby'], 'sortfield' => $mybb->input['sortby']); break; case 'lastposter': case 'numratings': case 'attachmentcount': $xthreads_forum_sort = array('t' => 't.', 'sortby' => $mybb->input['sortby'], 'sortfield' => $mybb->input['sortby']); } } $xt_filters = array(); //$enabled_xtf = explode(',', $forum['xthreads_addfiltenable']); //if(!empty($enabled_xtf)) { //global $lang; //foreach($enabled_xtf as &$xtf) { $enabled_xtf = array('uid', 'icon', 'lastposteruid'); if ($mybb->version_code >= 1500) { $enabled_xtf[] = 'prefix'; } foreach ($enabled_xtf as &$xtf) { $filters_set['__xt_' . $xtf] = array('hiddencss' => '', 'visiblecss' => 'display: none;', 'nullselected' => ' selected="selected"', 'nullchecked' => ' checked="checked"', 'nullactive' => 'filtertf_active'); if (isset($mybb->input['filterxt_' . $xtf]) && $mybb->input['filterxt_' . $xtf] !== '') { $xt_filters[$xtf] = $mybb->input['filterxt_' . $xtf]; $use_default_filter = false; } } unset($enabled_xtf); //} if (function_exists('xthreads_evalcacheForumFilters')) { $xtforum = xthreads_evalcacheForumFilters($fid); if ($use_default_filter && (!empty($xtforum['defaultfilter_tf']) || !empty($xtforum['defaultfilter_xt'])) && !$mybb->input['filterdisable']) { $tf_filters = $xtforum['defaultfilter_tf']; foreach ($tf_filters as $n => &$filter) { if (!xthreads_user_in_groups($threadfield_cache[$n]['viewable_gids'])) { unset($tf_filters[$n]); continue; } } $xt_filters = $xtforum['defaultfilter_xt']; } //unset($enabled_xtf); } foreach ($tf_filters as $n => &$filter) { xthreads_forumdisplay_filter_input('filtertf_' . $n, $filter, $filters_set[$n]); } foreach ($xt_filters as $n => &$filter) { /* // sanitise input here as we may need to grab extra info if(is_array($filter)) $filter = array_map('intval', $filter); else $filter = (int)$filter; */ xthreads_forumdisplay_filter_input('filterxt_' . $n, $filter, $filters_set['__xt_' . $n]); /* if(is_array($filter)) $ids = implode(',', $filter); else $ids = $filter; // grab extra info for $filter_set array switch($n) { case 'uid': case 'lastposteruid': // perhaps might be nice if we could merge these two together... $info = xthreads_forumdisplay_xtfilter_extrainfo('users', array('username'), 'uid', $ids, 'guest'); $filters_set['__xt_'.$n]['name'] = $info['username']; break; case 'prefix': // displaystyles? if(!$lang->xthreads_no_prefix) $lang->load('xthreads'); $info = xthreads_forumdisplay_xtfilter_extrainfo('threadprefixes', array('prefix', 'displaystyle'), 'pid', $ids, 'xthreads_no_prefix'); $filters_set['__xt_'.$n]['name'] = $info['prefix']; $filters_set['__xt_'.$n]['displayname'] = $info['displaystyle']; break; case 'icon': // we'll retrieve icons from the cache rather than query the DB $icons = $GLOBALS['cache']->read('posticons'); if(is_array($filter)) $ids =& $filter; else $ids = array($ids); $filters_set['__xt_'.$n]['name'] = ''; $iconstr =& $filters_set['__xt_'.$n]['name']; foreach($ids as $id) { if($id && $icons[$id]) $iconstr .= ($iconstr?', ':'') . htmlspecialchars_uni($icons[$id]['name']); elseif(!$id) { if(!$lang->xthreads_no_icon) $lang->load('xthreads'); $iconstr .= ($iconstr?', ':'') . '<em>'.$lang->xthreads_no_icon.'</em>'; } } unset($icons); break; } */ } unset($filter); if ($xthreads_forum_filter_args) { $filters_set['__all']['urlarg'] = htmlspecialchars_uni(substr($xthreads_forum_filter_args, 1)); $filters_set['__all']['urlarga'] = '&' . $filters_set['__all']['urlarg']; $filters_set['__all']['urlargq'] = '?' . $filters_set['__all']['urlarg']; $filters_set['__all']['forminput'] = $xthreads_forum_filter_form; $filters_set['__all']['hiddencss'] = 'display: none;'; $filters_set['__all']['visiblecss'] = ''; unset($filters_set['__all']['nullselected'], $filters_set['__all']['nullchecked'], $filters_set['__all']['nullactive']); } if ($forum['xthreads_inlinesearch'] && isset($mybb->input['search']) && $mybb->input['search'] !== '') { $urlarg = 'search=' . rawurlencode($mybb->input['search']); $xthreads_forum_filter_args .= '&' . $urlarg; $GLOBALS['xthreads_forum_search_form'] = '<input type="hidden" name="search" value="' . htmlspecialchars_uni($mybb->input['search']) . '" />'; $filters_set['__search']['forminput'] =& $GLOBALS['xthreads_forum_search_form']; $filters_set['__search']['value'] = htmlspecialchars_uni($mybb->input['search']); $filters_set['__search']['urlarg'] = htmlspecialchars_uni($urlarg); $filters_set['__search']['urlarga'] = '&' . $filters_set['__search']['urlarg']; $filters_set['__search']['urlargq'] = '?' . $filters_set['__search']['urlarg']; $filters_set['__search']['selected'] = array($mybb->input['search'] => ' selected="selected"'); $filters_set['__search']['checked'] = array($mybb->input['search'] => ' checked="checked"'); $filters_set['__search']['active'] = array($mybb->input['search'] => 'filtertf_active'); $filters_set['__search']['hiddencss'] = 'display: none;'; $filters_set['__search']['visiblecss'] = ''; unset($filters_set['__search']['nullselected'], $filters_set['__search']['nullchecked'], $filters_set['__search']['nullactive']); } if ($show_threads) { $using_filter = $forum['xthreads_inlinesearch'] || !empty($tf_filters) || !empty($xt_filters); if ($using_filter || isset($xthreads_forum_sort)) { // only nice way to do all of this is to gain control of $templates, so let's do it control_object($GLOBALS['templates'], ' function get($title, $eslashes=1, $htmlcomments=1) { static $done=false; if(!$done && $title == \'forumdisplay_orderarrow\') { $done = true; ' . ($using_filter ? 'xthreads_forumdisplay_filter();' : '') . ' ' . (isset($xthreads_forum_sort) ? ' $orderbyhack = xthreads_forumdisplay_sorter(); return $orderbyhack.parent::get($title, $eslashes, $htmlcomments); ' : '') . ' } return parent::get($title, $eslashes, $htmlcomments); } '); /* if($forum['xthreads_inlinesearch']) { // give us a bit of a free speed up since this isn't really being used anyway... $templates->cache['forumdisplay_searchforum'] = ''; } */ // generate stuff for pagination/sort-links and fields for forms (sort listboxes, inline search) } } if ($forum['xthreads_fdcolspan_offset']) { control_object($GLOBALS['cache'], ' function read($name, $hard=false) { static $done=false; if(!$done && $name == "posticons" && isset($GLOBALS["colspan"])) { $done = true; $GLOBALS["colspan"] += $GLOBALS["foruminfo"]["xthreads_fdcolspan_offset"]; } return parent::read($name, $hard); } '); } }
/** * Build a list of forums for RSS multiselect. * * @param int Parent forum ID. * @param unknown_type deprecated * @param boolean Whether to add selected attribute or not. * @param string HTML for the depth of the forum. * @return string HTML of the list of forums for CSS. */ function makesyndicateforums($pid = "0", $selitem = "", $addselect = "1", $depth = "") { global $db, $forumcache, $permissioncache, $mybb, $forumlist, $forumlistbits, $flist, $lang, $unexp, $templates; $pid = (int) $pid; $forumlist = ''; if (!is_array($forumcache)) { // Get Forums $query = $db->simple_select("forums", "*", "linkto = '' AND active!=0", array('order_by' => 'pid, disporder')); while ($forum = $db->fetch_array($query)) { $forumcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum; } } if (!is_array($permissioncache)) { $permissioncache = forum_permissions(); } if (is_array($forumcache[$pid])) { foreach ($forumcache[$pid] as $key => $main) { foreach ($main as $key => $forum) { $perms = $permissioncache[$forum['fid']]; if ($perms['canview'] == 1 || $mybb->settings['hideprivateforums'] == 0) { $optionselected = ''; if (isset($flist[$forum['fid']])) { $optionselected = 'selected="selected"'; $selecteddone = "1"; } if ($forum['password'] == '' && !in_array($forum['fid'], $unexp) || $forum['password'] && isset($mybb->cookies['forumpass'][$forum['fid']]) && $mybb->cookies['forumpass'][$forum['fid']] === md5($mybb->user['uid'] . $forum['password'])) { $forumlistbits .= "<option value=\"{$forum['fid']}\" {$optionselected}>{$depth} {$forum['name']}</option>\n"; } if (!empty($forumcache[$forum['fid']])) { $newdepth = $depth . " "; $forumlistbits .= makesyndicateforums($forum['fid'], '', 0, $newdepth); } } } } } if ($addselect) { $addsel = ''; if (empty($selecteddone)) { $addsel = ' selected="selected"'; } eval("\$forumlist = \"" . $templates->get("misc_syndication_forumlist") . "\";"); } return $forumlist; }
function save_raw_post_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; $lang->load("editpost"); $input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::INT, 'post_title' => Tapatalk_Input::STRING, 'post_content' => Tapatalk_Input::STRING, 'return_html' => Tapatalk_Input::INT, 'attachment_id_array' => Tapatalk_Input::RAW, 'group_id' => Tapatalk_Input::STRING, 'editreason' => Tapatalk_Input::STRING), $xmlrpc_params); $parser = new postParser(); // No permission for guests if (!$mybb->user['uid']) { return tt_no_permission(); } // Get post info $pid = $input['post_id']; $query = $db->simple_select("posts", "*", "pid='{$pid}'"); $post = $db->fetch_array($query); if (empty($input['post_title'])) { $input['post_title'] = $post['subject']; } if (!$post['pid']) { return xmlrespfalse($lang->error_invalidpost); } // Get thread info $tid = $post['tid']; $thread = get_thread($tid); if (!$thread['tid']) { return xmlrespfalse($lang->error_invalidthread); } $thread['subject'] = htmlspecialchars_uni($thread['subject']); // Get forum info $fid = $post['fid']; $forum = get_forum($fid); if (!$forum || $forum['type'] != "f") { return xmlrespfalse($lang->error_closedinvalidforum); } if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) { return tt_no_permission(); } $forumpermissions = forum_permissions($fid); if (!is_moderator($fid, "caneditposts")) { if ($thread['closed'] == 1) { return xmlrespfalse($lang->redirect_threadclosed); } if ($forumpermissions['caneditposts'] == 0) { return tt_no_permission(); } if ($mybb->user['uid'] != $post['uid']) { return tt_no_permission(); } // Edit time limit $time = TIME_NOW; if ($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < $time - $mybb->settings['edittimelimit'] * 60) { $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); return xmlrespfalse($lang->edit_time_limit); } } // Check if this forum is password protected and we have a valid password tt_check_forum_password($forum['fid']); // Set up posthandler. require_once MYBB_ROOT . "inc/datahandlers/post.php"; $posthandler = new PostDataHandler("update"); $posthandler->action = "post"; // Set the post data that came from the input to the $post array. $post = array("pid" => $pid, "subject" => $input['post_title'], "uid" => $mybb->user['uid'], "username" => $mybb->user['username'], "edit_uid" => $mybb->user['uid'], "message" => $input['post_content']); if (version_compare($mybb->version, '1.8.0', '>=') && !empty($input['editreason'])) { $post["editreason"] = $input['editreason']; } // get subscription status $query = $db->simple_select("threadsubscriptions", 'notification', "uid='" . intval($mybb->user['uid']) . "' AND tid='" . intval($tid) . "'"); $substatus = $db->fetch_array($query); // Set up the post options from the input. $post['options'] = array("signature" => 1, "subscriptionmethod" => isset($substatus['notification']) ? $substatus['notification'] == 1 ? 'instant' : 'none' : '', "disablesmilies" => 0); $posthandler->set_data($post); // Now let the post handler do all the hard work. if (!$posthandler->validate_post()) { $post_errors = $posthandler->get_friendly_errors(); return xmlrespfalse(implode(" :: ", $post_errors)); } else { $postinfo = $posthandler->update_post(); $visible = $postinfo['visible']; $first_post = $postinfo['first_post']; // Help keep our attachments table clean. $db->delete_query("attachments", "filename='' OR filesize<1"); if ($visible == 0 && $first_post && !is_moderator($fid, "", $mybb->user['uid'])) { $state = 1; } else { if ($visible == 0 && !is_moderator($fid, "", $mybb->user['uid'])) { $state = 1; } else { $state = 0; } } } $pid = intval($pid); if (!empty($input['group_id_esc'])) { $db->update_query("attachments", array("pid" => $pid), "posthash='{$input['group_id_esc']}'"); } // update thread attachment account if (count($input['attachment_id_array']) > 0) { update_thread_counters($tid, array("attachmentcount" => "+" . count($input['attachment_id_array']))); } $post = get_post($pid); $parser_options = array(); $parser_options['allow_html'] = false; $parser_options['allow_mycode'] = true; $parser_options['allow_smilies'] = false; $parser_options['allow_imgcode'] = true; $parser_options['allow_videocode'] = true; $parser_options['nl2br'] = (bool) $input['return_html']; $parser_options['filter_badwords'] = 1; if (!$post['username']) { $post['username'] = $lang->guest; } if ($post['userusername']) { $parser_options['me_username'] = $post['userusername']; } else { $parser_options['me_username'] = $post['username']; } $post['message'] = $parser->parse_message($post['message'], $parser_options); $post['subject'] = $parser->parse_badwords($post['subject']); $result = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'state' => new xmlrpcval($state, 'int'), 'post_title' => new xmlrpcval($post['subject'], 'base64'), 'post_content' => new xmlrpcval(process_post($post['message'], $input['return_html']), 'base64')), 'struct'); return new xmlrpcresp($result); }
function get_announcement_func($xmlrpc_params) { global $db, $lang, $mybb, $position, $plugins, $pids, $groupscache; $input = Tapatalk_Input::filterXmlInput(array('topic_id' => Tapatalk_Input::STRING, 'start_num' => Tapatalk_Input::INT, 'last_num' => Tapatalk_Input::INT, 'return_html' => Tapatalk_Input::INT), $xmlrpc_params); $parser = new Tapatalk_Parser(); // Load global language phrases $lang->load("announcements"); $aid = intval($_GET['aid']); // Get announcement fid $query = $db->simple_select("announcements", "fid", "aid='{$aid}'"); $announcement = $db->fetch_array($query); $plugins->run_hooks("announcements_start"); if (!$announcement) { error($lang->error_invalidannouncement); } // Get forum info $fid = $announcement['fid']; if ($fid > 0) { $forum = get_forum($fid); if (!$forum) { error($lang->error_invalidforum); } // Make navigation build_forum_breadcrumb($forum['fid']); // Permissions $forumpermissions = forum_permissions($forum['fid']); if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0) { error_no_permission(); } // Check if this forum is password protected and we have a valid password check_forum_password($forum['fid']); } add_breadcrumb($lang->nav_announcements); $archive_url = build_archive_link("announcement", $aid); // Get announcement info $time = TIME_NOW; $query = $db->query("\n\t\tSELECT u.*, u.username AS userusername, a.*, f.*\n\t\tFROM " . TABLE_PREFIX . "announcements a\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=a.uid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfields f ON (f.ufid=u.uid)\n\t\tWHERE a.startdate<='{$time}' AND (a.enddate>='{$time}' OR a.enddate='0') AND a.aid='{$aid}'\n\t"); $announcementarray = $db->fetch_array($query); if (!$announcementarray) { error($lang->error_invalidannouncement); } // Gather usergroup data from the cache // Field => Array Key $data_key = array('title' => 'grouptitle', 'usertitle' => 'groupusertitle', 'stars' => 'groupstars', 'starimage' => 'groupstarimage', 'image' => 'groupimage', 'namestyle' => 'namestyle', 'usereputationsystem' => 'usereputationsystem'); foreach ($data_key as $field => $key) { $announcementarray[$key] = $groupscache[$announcementarray['usergroup']][$field]; } $announcementarray['dateline'] = $announcementarray['startdate']; $announcementarray['userusername'] = $announcementarray['username']; $announcement = build_postbit($announcementarray, 3); $announcementarray['subject'] = $parser->parse_badwords($announcementarray['subject']); $lang->forum_announcement = $lang->sprintf($lang->forum_announcement, htmlspecialchars_uni($announcementarray['subject'])); if ($announcementarray['startdate'] > $mybb->user['lastvisit']) { $setcookie = true; if (isset($mybb->cookies['mybb']['announcements']) && is_scalar($mybb->cookies['mybb']['announcements'])) { $cookie = my_unserialize(stripslashes($mybb->cookies['mybb']['announcements'])); if (isset($cookie[$announcementarray['aid']])) { $setcookie = false; } } if ($setcookie) { my_set_array_cookie('announcements', $announcementarray['aid'], $announcementarray['startdate'], -1); } } $user_info = get_user($announcementarray['aid']); $icon_url = absolute_url($user_info['avatar']); // prepare xmlrpc return $xmlrpc_post = new xmlrpcval(array('topic_id' => new xmlrpcval('ann_' . $announcementarray['aid']), 'post_title' => new xmlrpcval(basic_clean($announcementarray['subject']), 'base64'), 'post_content' => new xmlrpcval(process_post($announcementarray['message'], $input['return_html']), 'base64'), 'post_author_id' => new xmlrpcval($announcementarray['uid']), 'post_author_name' => new xmlrpcval(basic_clean($announcementarray['username']), 'base64'), 'user_type' => new xmlrpcval(check_return_user_type($announcementarray['username']), 'base64'), 'icon_url' => new xmlrpcval(absolute_url($icon_url)), 'post_time' => new xmlrpcval(mobiquo_iso8601_encode($announcementarray['dateline']), 'dateTime.iso8601'), 'timestamp' => new xmlrpcval($announcementarray['dateline'], 'string')), 'struct'); $result = array('total_post_num' => new xmlrpcval(1, 'int'), 'can_reply' => new xmlrpcval(false, 'boolean'), 'can_subscribe' => new xmlrpcval(false, 'boolean'), 'posts' => new xmlrpcval(array($xmlrpc_post), 'array')); return new xmlrpcresp(new xmlrpcval($result, 'struct')); }
$query = $db->simple_select("forums", "*", "fid='{$fid}'"); $forum = $db->fetch_array($query); $sperms = $permission_data; $sql = build_parent_list($fid); $query = $db->simple_select("forumpermissions", "*", "{$sql} AND gid='{$gid}'"); $customperms = $db->fetch_array($query); if ($permission_data['pid']) { $permission_data['usecustom'] = 1; echo $form->generate_hidden_field("pid", $pid); } else { echo $form->generate_hidden_field("fid", $fid); echo $form->generate_hidden_field("gid", $gid); if (!$customperms['pid']) { $permission_data = usergroup_permissions($gid); } else { $permission_data = forum_permissions($fid, 0, $gid); } } } $groups = array('canviewthreads' => 'viewing', 'canview' => 'viewing', 'canonlyviewownthreads' => 'viewing', 'candlattachments' => 'viewing', 'canpostthreads' => 'posting_rating', 'canpostreplys' => 'posting_rating', 'canonlyreplyownthreads' => 'posting_rating', 'canpostattachments' => 'posting_rating', 'canratethreads' => 'posting_rating', 'caneditposts' => 'editing', 'candeleteposts' => 'editing', 'candeletethreads' => 'editing', 'caneditattachments' => 'editing', 'modposts' => 'moderate', 'modthreads' => 'moderate', 'modattachments' => 'moderate', 'mod_edit_posts' => 'moderate', 'canpostpolls' => 'polls', 'canvotepolls' => 'polls', 'cansearch' => 'misc'); $groups = $plugins->run_hooks("admin_forum_management_permission_groups", $groups); $tabs = array(); foreach (array_unique(array_values($groups)) as $group) { $lang_group = "group_" . $group; $tabs[$group] = $lang->{$lang_group}; } if ($mybb->input['ajax'] == 1) { $page->output_tab_control($tabs, false, "tabs2"); } else { $page->output_tab_control($tabs); }
function xthreads_upload_attachments_global() { //if($mybb->request_method == 'post' && ($current_page == 'newthread.php' || ($current_page == 'editpost.php' && $mybb->input['action'] != 'deletepost')) // the above line is always checked and true global $mybb, $current_page, $thread; if ($current_page == 'editpost.php') { // check if first post $pid = (int) $mybb->input['pid']; if (!$thread) { $post = get_post($pid); if (!empty($post)) { $thread = get_thread($post['tid']); } if (empty($thread)) { return; } $pid = $post['pid']; } if ($thread['firstpost'] != $pid) { return; } } elseif ($mybb->input['tid']) { /* ($mybb->input['action'] == 'editdraft' || $mybb->input['action'] == 'savedraft') && */ $thread = get_thread((int) $mybb->input['tid']); if ($thread['visible'] != -2 || $thread['uid'] != $mybb->user['uid']) { // ensure that this is, indeed, a draft unset($GLOBALS['thread']); } } // permissions check - ideally, should get MyBB to do this, but I see no easy way to implement it unfortunately if ($mybb->user['suspendposting'] == 1) { return; } if ($thread['fid']) { $fid = $thread['fid']; } else { $fid = (int) $mybb->input['fid']; } $forum = get_forum($fid); if (!$forum['fid'] || $forum['open'] == 0 || $forum['type'] != 'f') { return; } $forumpermissions = forum_permissions($fid); if ($forumpermissions['canview'] == 0) { return; } if ($current_page == 'newthread.php' && $forumpermissions['canpostthreads'] == 0) { return; } elseif ($current_page == 'editpost.php') { if (!is_moderator($fid, 'caneditposts')) { if ($thread['closed'] == 1 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $thread['uid']) { return; } if ($mybb->settings['edittimelimit'] != 0 && $thread['dateline'] < TIME_NOW - $mybb->settings['edittimelimit'] * 60) { return; } } } if (!verify_post_check($mybb->input['my_post_key'], true)) { return; } check_forum_password($forum['fid']); xthreads_upload_attachments(); }
function firstpreview_ajax() { global $mybb, $db, $lang, $charset; // Get the first post if (isset($mybb->input['firstpost']) && $mybb->input['firstpost'] == 1 && $mybb->request_method == "post") { $thread = get_thread((int) $mybb->input['tid']); $permissions = forum_permissions($thread['fid']); require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); $post = get_post($thread['firstpost']); $forum = get_forum($thread['fid']); $user = get_user($post['uid']); $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); $threaddate = my_date($mybb->settings['dateformat'], $thread['dateline']); $threadtime = my_date($mybb->settings['timeformat'], $thread['dateline']); $threadposted = ' (' . $threaddate . ', ' . $threadtime . ')'; $parser_options['allow_html'] = $forum['allowhtml']; $parser_options['allow_mycode'] = $forum['allowmycode']; $parser_options['allow_smilies'] = $forum['allowsmilies']; $parser_options['allow_imgcode'] = $forum['allowimgcode']; $parser_options['allow_videocode'] = $forum['allowvideocode']; $parser_options['filter_badwords'] = 1; $id = 0; $post['message'] = $parser->parse_message($post['message'], $parser_options); if (isset($mybb->settings['firstpreview_html']) && $mybb->settings['firstpreview_html'] != 1) { $post['message'] = strip_tags($post['message'], "<br><p><ul><ol><li>"); } if (!empty($mybb->settings['firstpreview_length']) && $mybb->settings['firstpreview_length'] != "0" && my_strlen($post['message']) > (int) $mybb->settings['firstpreview_length']) { $post['message'] = my_substr($post['message'], 0, (int) $mybb->settings['firstpreview_length']) . '...'; } if (isset($permissions['canviewthreads']) && $permissions['canviewthreads'] == 1) { $preview = "<div class=\"fpreview\"><span id=\"close_preview\">❌</span>\n\t\t\t<div class=\"thead\" style=\"text-align:center; font-weight:bold; min-height:20px;\">" . $thread['subject'] . "</div>\n\t\t\t<div class=\"tcat\" style=\"padding-left:10px; height: 10%;\">" . build_profile_link(format_name(htmlspecialchars_uni($post['username']), (int) $user['usergroup'], (int) $user['displaygroup']), (int) $post['uid']) . "<span class=\"smalltext\">" . $threadposted . "</span></div>\n\t\t\t<div class=\"prev_content\">" . $post['message'] . "</div>\n\t\t\t</div>"; } else { $lang->load("messages"); $preview = "<div class=\"fpreview\"><span id=\"close_preview\">❌</span><div class=\"prev_content\" style=\"text-align:center;\">" . $lang->error_nopermission_user_ajax . "</div></div>"; } header("Content-type: text/plain; charset={$charset}"); echo $preview; exit; } // Get the last post if (isset($mybb->settings['firstpreview_last']) && $mybb->settings['firstpreview_last'] != 0 && isset($mybb->input['lastpost']) && $mybb->input['lastpost'] == 1 && $mybb->request_method == "post") { $thread = get_thread((int) $mybb->input['tid']); $tid = (int) $thread['tid']; $permissions = forum_permissions($thread['fid']); require_once MYBB_ROOT . "inc/class_parser.php"; $parser = new postParser(); $lastposter = (int) $thread['lastposteruid']; $lastposttime = (int) $thread['lastpost']; $query = $db->simple_select('posts', '*', "uid = '" . $lastposter . "' AND dateline = '" . $lastposttime . "' AND tid = '" . $tid . "'"); $post = $db->fetch_array($query); $forum = get_forum($thread['fid']); $user = get_user($post['uid']); $thread['subject'] = htmlspecialchars_uni($parser->parse_badwords($thread['subject'])); $lastdate = my_date($mybb->settings['dateformat'], $lastposttime); $lasttime = my_date($mybb->settings['timeformat'], $lastposttime); $lastposted = ' (' . $lastdate . ', ' . $lasttime . ')'; $parser_options['allow_html'] = $forum['allowhtml']; $parser_options['allow_mycode'] = $forum['allowmycode']; $parser_options['allow_smilies'] = $forum['allowsmilies']; $parser_options['allow_imgcode'] = $forum['allowimgcode']; $parser_options['allow_videocode'] = $forum['allowvideocode']; $parser_options['filter_badwords'] = 1; $id = 0; $post['message'] = $parser->parse_message($post['message'], $parser_options); if (isset($mybb->settings['firstpreview_html']) && $mybb->settings['firstpreview_html'] != 1) { $post['message'] = strip_tags($post['message'], "<br><p><ul><ol><li>"); } if (!empty($mybb->settings['firstpreview_length']) && $mybb->settings['firstpreview_length'] != "0" && my_strlen($post['message']) > (int) $mybb->settings['firstpreview_length']) { $post['message'] = my_substr($post['message'], 0, (int) $mybb->settings['firstpreview_length']) . '...'; } if (isset($permissions['canviewthreads']) && $permissions['canviewthreads'] == 1) { $lang->load("forumdisplay"); $preview = "<div class=\"fpreview\"><span id=\"close_preview\">❌</span>\n\t\t\t<div class=\"thead\" style=\"text-align:center; font-weight:bold; min-height:20px;\">" . $thread['subject'] . "</div>\n\t\t\t<div class=\"tcat\" style=\"padding-left:10px; padding-right:10px;\">" . build_profile_link(format_name(htmlspecialchars_uni($post['username']), (int) $user['usergroup'], (int) $user['displaygroup']), (int) $post['uid']) . "<span class=\"smalltext\">" . $lastposted . "<span class=\"float_right\"><strong>" . $lang->lastpost . "</strong></span></span></div>\n\t\t\t<div class=\"prev_content\">" . $post['message'] . "</div>\n\t\t\t</div>"; } else { $lang->load("messages"); $preview = "<div class=\"fpreview\"><span id=\"close_preview\">❌</span><div class=\"prev_content\" style=\"text-align:center;\">" . $lang->error_nopermission_user_ajax . "</div></div>"; } header("Content-type: text/plain; charset={$charset}"); echo $preview; exit; } }
$query = $db->query("\n\t\tSELECT p.pid, p.message, p.tid, p.smilieoff\n\t\tFROM " . TABLE_PREFIX . "posts p\n\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\tWHERE t.fid IN (" . $announcementsfids . "){$tunviewwhere} AND t.visible='1' AND t.closed NOT LIKE 'moved|%' AND t.firstpost=p.pid\n\t\tORDER BY t.dateline DESC\n\t\tLIMIT 0, {$numannouncements}"); while ($getid = $db->fetch_array($query)) { $pids .= ",'{$getid['pid']}'"; $tids .= ",'{$getid['tid']}'"; $posts[$getid['tid']] = $getid; } if (!empty($posts)) { $pids = "pid IN(0{$pids})"; // Now lets fetch all of the attachments for these posts $query = $db->simple_select("attachments", "*", $pids); while ($attachment = $db->fetch_array($query)) { $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; } if (is_array($forum)) { foreach ($forum as $fid => $forumrow) { $forumpermissions[$fid] = forum_permissions($fid); } } $icon_cache = $cache->read("posticons"); $query = $db->query("\n\t\t\tSELECT t.*, t.username AS threadusername, u.username, u.avatar, u.avatardimensions\n\t\t\tFROM " . TABLE_PREFIX . "threads t\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid = t.uid)\n\t\t\tWHERE t.fid IN (" . $announcementsfids . ") AND t.tid IN (0{$tids}) AND t.visible='1' AND t.closed NOT LIKE 'moved|%'\n\t\t\tORDER BY t.dateline DESC\n\t\t\tLIMIT 0, {$numannouncements}"); while ($announcement = $db->fetch_array($query)) { // Make sure we can view this announcement if ($forumpermissions[$announcement['fid']]['canview'] == 0 || $forumpermissions[$announcement['fid']]['canviewthreads'] == 0 || $forumpermissions[$announcement['fid']]['canonlyviewownthreads'] == 1 && $announcement['uid'] != $mybb->user['uid']) { continue; } $announcement['message'] = $posts[$announcement['tid']]['message']; $announcement['pid'] = $posts[$announcement['tid']]['pid']; $announcement['smilieoff'] = $posts[$announcement['tid']]['smilieoff']; $announcement['threadlink'] = get_thread_link($announcement['tid']); if ($announcement['uid'] == 0) { $profilelink = htmlspecialchars_uni($announcement['threadusername']);
$query = $db->simple_select("attachments", "*", "aid='{$aid}'"); } else { $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); } $attachment = $db->fetch_array($query); $pid = $attachment['pid']; $post = get_post($pid); $thread = get_thread($post['tid']); if (!$thread['tid'] && !$mybb->input['thumbnail']) { error($lang->error_invalidthread); } $fid = $thread['fid']; // Get forum info $forum = get_forum($fid); // Permissions $forumpermissions = forum_permissions($fid); if ($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid'] || $forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']) { error_no_permission(); } // Error if attachment is invalid or not visible if (!$attachment['aid'] || !$attachment['attachname'] || !is_moderator($fid) && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)) { error($lang->error_invalidattachment); } if (!$mybb->input['thumbnail']) { $attachupdate = array("downloads" => $attachment['downloads'] + 1); $db->update_query("attachments", $attachupdate, "aid='{$attachment['aid']}'"); } // basename isn't UTF-8 safe. This is a workaround. $attachment['filename'] = ltrim(basename(' ' . $attachment['filename'])); $plugins->run_hooks("attachment_end"); if ($mybb->input['thumbnail']) {
/** * Upload an attachment in to the file system * * @param array $attachment Attachment data (as fed by PHPs $_FILE) * @param boolean $update_attachment Whether or not we are updating a current attachment or inserting a new one * @return array Array of attachment data if successful, otherwise array of error data */ function upload_attachment($attachment, $update_attachment = false) { global $mybb, $db, $theme, $templates, $posthash, $pid, $tid, $forum, $mybb, $lang, $plugins, $cache; $posthash = $db->escape_string($mybb->get_input('posthash')); $pid = (int) $pid; if (isset($attachment['error']) && $attachment['error'] != 0) { $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail; switch ($attachment['error']) { case 1: // UPLOAD_ERR_INI_SIZE $ret['error'] .= $lang->error_uploadfailed_php1; break; case 2: // UPLOAD_ERR_FORM_SIZE $ret['error'] .= $lang->error_uploadfailed_php2; break; case 3: // UPLOAD_ERR_PARTIAL $ret['error'] .= $lang->error_uploadfailed_php3; break; case 4: // UPLOAD_ERR_NO_FILE $ret['error'] .= $lang->error_uploadfailed_php4; break; case 6: // UPLOAD_ERR_NO_TMP_DIR $ret['error'] .= $lang->error_uploadfailed_php6; break; case 7: // UPLOAD_ERR_CANT_WRITE $ret['error'] .= $lang->error_uploadfailed_php7; break; default: $ret['error'] .= $lang->sprintf($lang->error_uploadfailed_phpx, $attachment['error']); break; } return $ret; } if (!is_uploaded_file($attachment['tmp_name']) || empty($attachment['tmp_name'])) { $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_php4; return $ret; } $attachtypes = $cache->read('attachtypes'); $attachment = $plugins->run_hooks("upload_attachment_start", $attachment); $ext = get_extension($attachment['name']); // Check if we have a valid extension if (!isset($attachtypes[$ext])) { $ret['error'] = $lang->error_attachtype; return $ret; } else { $attachtype = $attachtypes[$ext]; } // Check the size if ($attachment['size'] > $attachtype['maxsize'] * 1024 && $attachtype['maxsize'] != "") { $ret['error'] = $lang->sprintf($lang->error_attachsize, $attachtype['maxsize']); return $ret; } // Double check attachment space usage if ($mybb->usergroup['attachquota'] > 0) { $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='" . $mybb->user['uid'] . "'"); $usage = $db->fetch_array($query); $usage = $usage['ausage'] + $attachment['size']; if ($usage > $mybb->usergroup['attachquota'] * 1024) { $friendlyquota = get_friendly_size($mybb->usergroup['attachquota'] * 1024); $ret['error'] = $lang->sprintf($lang->error_reachedattachquota, $friendlyquota); return $ret; } } // Gather forum permissions $forumpermissions = forum_permissions($forum['fid']); // Check if an attachment with this name is already in the post if ($pid != 0) { $uploaded_query = "pid='{$pid}'"; } else { $uploaded_query = "posthash='{$posthash}'"; } $query = $db->simple_select("attachments", "*", "filename='" . $db->escape_string($attachment['name']) . "' AND " . $uploaded_query); $prevattach = $db->fetch_array($query); if ($prevattach['aid'] && $update_attachment == false) { if (!$mybb->usergroup['caneditattachments'] && !$forumpermissions['caneditattachments']) { $ret['error'] = $lang->error_alreadyuploaded_perm; return $ret; } $ret['error'] = $lang->error_alreadyuploaded; return $ret; } // Check to see how many attachments exist for this post already if ($mybb->settings['maxattachments'] > 0 && $update_attachment == false) { $query = $db->simple_select("attachments", "COUNT(aid) AS numattachs", $uploaded_query); $attachcount = $db->fetch_field($query, "numattachs"); if ($attachcount >= $mybb->settings['maxattachments']) { $ret['error'] = $lang->sprintf($lang->error_maxattachpost, $mybb->settings['maxattachments']); return $ret; } } $month_dir = ''; if ($mybb->safemode == false) { // Check if the attachment directory (YYYYMM) exists, if not, create it $month_dir = gmdate("Ym"); if (!@is_dir($mybb->settings['uploadspath'] . "/" . $month_dir)) { @mkdir($mybb->settings['uploadspath'] . "/" . $month_dir); // Still doesn't exist - oh well, throw it in the main directory if (!@is_dir($mybb->settings['uploadspath'] . "/" . $month_dir)) { $month_dir = ''; } } } // All seems to be good, lets move the attachment! $filename = "post_" . $mybb->user['uid'] . "_" . TIME_NOW . "_" . md5(random_str()) . ".attach"; $file = upload_file($attachment, $mybb->settings['uploadspath'] . "/" . $month_dir, $filename); // Failed to create the attachment in the monthly directory, just throw it in the main directory if (!empty($file['error']) && $month_dir) { $file = upload_file($attachment, $mybb->settings['uploadspath'] . '/', $filename); } elseif ($month_dir) { $filename = $month_dir . "/" . $filename; } if (!empty($file['error'])) { $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail; switch ($file['error']) { case 1: $ret['error'] .= $lang->error_uploadfailed_nothingtomove; break; case 2: $ret['error'] .= $lang->error_uploadfailed_movefailed; break; } return $ret; } // Lets just double check that it exists if (!file_exists($mybb->settings['uploadspath'] . "/" . $filename)) { $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail . $lang->error_uploadfailed_lost; return $ret; } // Generate the array for the insert_query $attacharray = array("pid" => $pid, "posthash" => $posthash, "uid" => $mybb->user['uid'], "filename" => $db->escape_string($file['original_filename']), "filetype" => $db->escape_string($file['type']), "filesize" => (int) $file['size'], "attachname" => $filename, "downloads" => 0, "dateuploaded" => TIME_NOW); // If we're uploading an image, check the MIME type compared to the image type and attempt to generate a thumbnail if ($ext == "gif" || $ext == "png" || $ext == "jpg" || $ext == "jpeg" || $ext == "jpe") { // Check a list of known MIME types to establish what kind of image we're uploading switch (my_strtolower($file['type'])) { case "image/gif": $img_type = 1; break; case "image/jpeg": case "image/x-jpg": case "image/x-jpeg": case "image/pjpeg": case "image/jpg": $img_type = 2; break; case "image/png": case "image/x-png": $img_type = 3; break; default: $img_type = 0; } $supported_mimes = array(); foreach ($attachtypes as $attachtype) { if (!empty($attachtype['mimetype'])) { $supported_mimes[] = $attachtype['mimetype']; } } // Check if the uploaded file type matches the correct image type (returned by getimagesize) $img_dimensions = @getimagesize($mybb->settings['uploadspath'] . "/" . $filename); $mime = ""; $file_path = $mybb->settings['uploadspath'] . "/" . $filename; if (function_exists("finfo_open")) { $file_info = finfo_open(FILEINFO_MIME); list($mime, ) = explode(';', finfo_file($file_info, MYBB_ROOT . $file_path), 1); finfo_close($file_info); } else { if (function_exists("mime_content_type")) { $mime = mime_content_type(MYBB_ROOT . $file_path); } } if (!is_array($img_dimensions) || $img_dimensions[2] != $img_type && !in_array($mime, $supported_mimes)) { delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $filename); $ret['error'] = $lang->error_uploadfailed; return $ret; } require_once MYBB_ROOT . "inc/functions_image.php"; $thumbname = str_replace(".attach", "_thumb.{$ext}", $filename); $attacharray = $plugins->run_hooks("upload_attachment_thumb_start", $attacharray); $thumbnail = generate_thumbnail($mybb->settings['uploadspath'] . "/" . $filename, $mybb->settings['uploadspath'], $thumbname, $mybb->settings['attachthumbh'], $mybb->settings['attachthumbw']); if ($thumbnail['filename']) { $attacharray['thumbnail'] = $thumbnail['filename']; } elseif ($thumbnail['code'] == 4) { $attacharray['thumbnail'] = "SMALL"; } } if ($forumpermissions['modattachments'] == 1 && !is_moderator($forum['fid'], "canapproveunapproveattachs")) { $attacharray['visible'] = 0; } else { $attacharray['visible'] = 1; } $attacharray = $plugins->run_hooks("upload_attachment_do_insert", $attacharray); if ($prevattach['aid'] && $update_attachment == true) { unset($attacharray['downloads']); // Keep our download count if we're updating an attachment $db->update_query("attachments", $attacharray, "aid='" . $db->escape_string($prevattach['aid']) . "'"); // Remove old attachment file // Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file. $query = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='" . $db->escape_string($prevattach['attachname']) . "'"); if ($db->fetch_field($query, "numreferences") == 0) { delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $prevattach['attachname']); if ($prevattach['thumbnail']) { delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $prevattach['thumbnail']); } $date_directory = explode('/', $prevattach['attachname']); if (@is_dir($mybb->settings['uploadspath'] . "/" . $date_directory[0])) { delete_upload_directory($mybb->settings['uploadspath'] . "/" . $date_directory[0]); } } $aid = $prevattach['aid']; } else { $aid = $db->insert_query("attachments", $attacharray); if ($pid) { update_thread_counters($tid, array("attachmentcount" => "+1")); } } $ret['aid'] = $aid; return $ret; }
if (isset($mybb->cookies['mybb']['forumread'])) { $forumsread = my_unserialize($mybb->cookies['mybb']['forumread']); } } else { // Build a forum cache. $query = $db->query("\n\t\tSELECT f.*, fr.dateline AS lastread\n\t\tFROM " . TABLE_PREFIX . "forums f\n\t\tLEFT JOIN " . TABLE_PREFIX . "forumsread fr ON (fr.fid = f.fid AND fr.uid = '{$mybb->user['uid']}')\n\t\tWHERE f.active != 0\n\t\tORDER BY pid, disporder\n\t"); } while ($forum = $db->fetch_array($query)) { if ($mybb->user['uid'] == 0) { if (!empty($forumsread[$forum['fid']])) { $forum['lastread'] = $forumsread[$forum['fid']]; } } $fcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum; } $forumpermissions = forum_permissions(); // Get the forum moderators if the setting is enabled. $moderatorcache = array(); if ($mybb->settings['modlist'] != 0 && $mybb->settings['modlist'] != 'off') { $moderatorcache = $cache->read('moderators'); } $excols = 'index'; $permissioncache['-1'] = '1'; $bgcolor = 'trow1'; // Decide if we're showing first-level subforums on the index page. $showdepth = 2; if ($mybb->settings['subforumsindex'] != 0) { $showdepth = 3; } $forum_list = build_forumbits(); $forums = $forum_list['forum_list'];
break; // Actually move the threads in Inline moderation // Actually move the threads in Inline moderation case "do_multimovethreads": // Verify incoming POST request verify_post_check($mybb->input['my_post_key']); $moveto = intval($mybb->input['moveto']); $threadlist = explode("|", $mybb->input['threads']); if (!is_moderator_by_tids($threadlist, 'canmanagethreads')) { error_no_permission(); } foreach ($threadlist as $tid) { $tids[] = intval($tid); } // Make sure moderator has permission to move to the new forum $newperms = forum_permissions($moveto); if (($newperms['canview'] == 0 || !is_moderator($moveto, 'canmanagethreads')) && !is_moderator_by_tids($tids, 'canmovetononmodforum')) { error_no_permission(); } $newforum = get_forum($moveto); if (!$newforum || $newforum['type'] != "f" || $newforum['type'] == "f" && $newforum['linkto'] != '') { error($lang->error_invalidforum); } $moderation->move_threads($tids, $moveto); log_moderator_action($modlogdata, $lang->multi_moved_threads); moderation_redirect(get_forum_link($moveto), $lang->redirect_inline_threadsmoved); break; // Delete posts - Inline moderation // Delete posts - Inline moderation case "multideleteposts": add_breadcrumb($lang->nav_multi_deleteposts);
// Fetch the post from the database. $post = get_post($mybb->get_input('pid', MyBB::INPUT_INT)); // No result, die. if (!$post) { xmlhttp_error($lang->post_doesnt_exist); } // Fetch the thread associated with this post. $thread = get_thread($post['tid']); // Fetch the specific forum this thread/post is in. $forum = get_forum($thread['fid']); // Missing thread, invalid forum? Error. if (!$thread || !$forum || $forum['type'] != "f") { xmlhttp_error($lang->thread_doesnt_exist); } // Fetch forum permissions. $forumpermissions = forum_permissions($forum['fid']); $plugins->run_hooks("xmlhttp_edit_post_start"); // If this user is not a moderator with "caneditposts" permissions. if (!is_moderator($forum['fid'], "caneditposts")) { // Thread is closed - no editing allowed. if ($thread['closed'] == 1) { xmlhttp_error($lang->thread_closed_edit_message); } else { if ($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1) { xmlhttp_error($lang->no_permission_edit_post); } else { if ($mybb->usergroup['edittimelimit'] != 0 && $post['dateline'] < TIME_NOW - $mybb->usergroup['edittimelimit'] * 60) { $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->usergroup['edittimelimit']); xmlhttp_error($lang->edit_time_limit); } }
function manageboards() { if (!isset($_GET['type'])) { $BODY = ""; $cats = mysql_query("SELECT * FROM `categories` ORDER BY `order`"); if (mysql_num_rows($cats) > 0) { $BODY .= "<table width='100%' cellspacing='3' cellpadding='0'>"; while ($row = mysql_fetch_array($cats)) { $BODY .= "\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td width='80%'><strong>" . $row['title'] . "</strong></td>\n\t\t\t\t\t\t\t<td width='20%'><a href='acp.php?action=boards&type=cat&id=" . $row['id'] . "&edit'>Edit</a> <a href='acp.php?action=boards&type=cat&id=" . $row['id'] . "&delete'>Delete</a></td></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t"; $forums = mysql_query("SELECT * FROM `forums` WHERE `cid` = '" . $row['id'] . "'"); $forums_ = ""; while ($forum = mysql_fetch_array($forums)) { $forums_ .= "<a href='acp.php?action=boards&type=forum&id=" . $forum['id'] . "&edit'>" . $forum['title'] . "</a>, "; } $BODY .= "\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td colspan='2'>" . substr($forums_, 0, strlen($forums_) - 2) . "</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t"; } $BODY .= "</table>"; } else { return "There aren't any categorys in the database, go create some."; } return $BODY; } else { switch ($_GET['type']) { case "cat": if (isset($_GET['edit']) and !isset($_GET['delete'])) { $cid = intval(htmlspecialchars($_GET['id'])); $sql = mysql_query("SELECT * FROM `categories` WHERE `id` = '" . $cid . "'"); $row = mysql_fetch_array($sql); if (!isset($_POST['submit'])) { return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%' cellspacing='3' cellpadding='0'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Category Name</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><input type='text' name='name' value='" . $row['title'] . "' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2' align='center'><input type='submit' name='submit' value='Edit Category' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t"; } else { if (!empty($_POST['name'])) { $category = htmlspecialchars($_POST['name']); $id = intval(htmlspecialchars($_GET['id'])); if (mysql_query("UPDATE `categories` SET `title` = '" . $category . "' WHERE `id` = '" . $id . "'")) { return "Category was updated successfully."; } else { return "There was a problem updating category, please contact Nevux Ability Boards Tech Support."; } } else { return "You left a field blank please go back and make sure all fields are filled."; } } } elseif (isset($_GET['delete']) and !isset($_GET['edit'])) { if (!isset($_POST['delete'])) { return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='50%'>Are you Sure you want to delete this Category?</td><td width='50%'><input type='submit' name='delete' value='Delete' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t"; } else { $id = intval(htmlspecialchars($_GET['id'])); if (mysql_query("DELETE FROM `categories` WHERE `id` = '" . $id . "'")) { return "Category was deleted successfully."; } else { return "There was an error deleteing categorys from Database."; } } } else { return "Error action."; } break; case "forum": if (isset($_GET['edit']) and !isset($_GET['delete'])) { $id = intval(htmlspecialchars($_GET['id'])); $sql = mysql_query("SELECT * FROM `forums` WHERE `id` = '" . $id . "'"); $row = mysql_fetch_array($sql); $sub = ""; $sub_ = mysql_query("SELECT * FROM `forums` WHERE `sid` = '" . $row['id'] . "'"); if (mysql_num_rows($sub_) > 0) { while ($rows = mysql_fetch_array($sub_)) { $sub .= "<a href='acp.php?action=boards&type=forum&id=" . $rows['id'] . "&edit'>" . $rows['title'] . "</a>, "; } } if (!isset($_POST['submit'])) { return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%' cellspacing='3' cellpadding='0'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Forum Name</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><input type='text' name='name' value='" . $row['title'] . "' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%' valign='top'>Forum Description</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><textarea cols='20' rows='5' name='desc'>" . $row['description'] . "</textarea></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Forum Parent</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'>" . parents($row['cid'] != 0 ? $row['cid'] : $row['sid'], $row['cid'] != 0 ? "c" : "f") . "</td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='30%'>Forum Locked</td>\n\t\t\t\t\t\t\t\t\t\t\t<td width='70%'><input type='checkbox' " . ($row['locked'] == 't' ? 'checked="checked"' : '') . " name='locked' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2'>\n\t\t\t\t\t\t\t\t\t\t\t\t" . forum_permissions(1, 2, $row['permissions']) . "\n\t\t\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2' align='center'><input type='submit' name='submit' value='Edit Forum' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2' width='100%'>" . ($sub == "" ? '' : '<strong>SubForums</strong>: ' . substr($sub, 0, strlen($sub) - 2)) . "</td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td colspan='2'><a href='acp.php?action=boards&type=forum&id=" . $_GET['id'] . "&delete'>Delete Forum</a></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t"; } else { if (!empty($_POST['parent']) and !empty($_POST['name'])) { $views = array(); $read = array(); $reply_p = array(); $reply_t = array(); if ($_POST['view']) { foreach ($_POST['view'] as $v) { $views[$v] = 't'; } } if ($_POST['read']) { foreach ($_POST['read'] as $b) { $read[$b] = 't'; } } if ($_POST['reply']) { foreach ($_POST['reply'] as $w) { $reply_p[$w] = 't'; } } if ($_POST['topic']) { foreach ($_POST['topic'] as $e) { $reply_t[$e] = 't'; } } $permissions = serialize(array('view' => $views, 'read' => $read, 'reply' => $reply_p, 'topic' => $reply_t)); $permissions = mysql_real_escape_string($permissions); $id = intval(htmlspecialchars($_GET['id'])); $parent = explode("|", $_POST['parent']); $parent_ = $parent[0] == 'cat' ? "`cid`" : "`sid`"; $parent2_ = $parent[0] == 'cat' ? "`sid`" : "`cid`"; $title = htmlspecialchars($_POST['name']); $desc = htmlspecialchars($_POST['desc']); $locked = isset($_POST['locked']) ? 't' : 'f'; if (mysql_query("UPDATE `forums` SET `permissions` = '" . $permissions . "', " . $parent2_ . " = '0', " . $parent_ . " = '" . $parent[1] . "', `title` = '" . $title . "',`description` = '" . $desc . "',`locked` = '" . $locked . "' WHERE `id` = '" . $id . "'")) { return "Forum was successfully updated into database." . $parent[0]; } else { return "Sorry, there was an sql error trying to update data into database."; } } else { return "You either left a field blank, or you need to create a category before adding any forums."; } } } elseif (isset($_GET['delete']) and !isset($_GET['edit'])) { $id = intval(htmlspecialchars($_GET['id'])); if (!isset($_POST['delete'])) { return "\n\t\t\t\t\t\t\t\t<form method='post' action=''>\n\t\t\t\t\t\t\t\t\t<table width='100%'>\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td width='50%'>Are you Sure you want to delete this Forum?</td><td width='50%'><input type='submit' name='delete' value='Delete' /></td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t\t"; } else { $id = intval(htmlspecialchars($_GET['id'])); if (mysql_query("DELETE FROM `forums` WHERE `id` = '" . $id . "'")) { return "Forum was deleted successfully."; } else { return "There was an error deleteing Forum from Database."; } } } else { return "Error action."; } break; } } }